Significant changes

New features

  • Support for kubernetes 1.11
  • Support using existing/shared AWS Security Groups
  • Support for more AWS instance types (r5, r5d, z1d, t3, f1.4xlarge, p3dn.24xlarge)
  • Addon updates (weave, dashboard, heapster, cluster-autoscaler, canal, coredns, cilium, aws-vpc-cni, lyft-vpc-cni, calico, kopeio-networking)
  • Allow users to opt-in to etcd-manager
  • More secure default settings when running kubernetes >= 1.11 (e.g. kubelet anonymous auth disabled)
  • Improved GCE & OpenStack support, experimental support for SpotInst

Required Actions

Full change list since 1.10.0 release

  • Move alpha channels to stable and update alpha @mikesplain
  • Update stable channel to recommend latest kubernetes @justinsb
  • Put new kops versions into channels @justinsb
  • Add authentication-token-webhook-cache-ttl flag to kubelet config @ihoegen
  • Add ssh user to kops toolbox dump @justinsb
  • makefile: tweaks to push & run targets @justinsb
  • kops set: fix example @justinsb
  • Docker installation from tar.gz @justinsb
  • Add new instance types r5, r5d, z1d @rekcah78
  • add wider tolerations to the kube-router daemonset @zivagolee
  • Some tweaks around IAM additional policies @justinsb
  • Add HACK_UPDATE_EXPECTED_IN_PLACE for cloudformation output @justinsb
  • Fix typo in comment @justinsb
  • Check errors when parsing JSON on IAM policies @justinsb
  • amazon-vpc-routed-eni cloudprovider check @mikesplain
  • Add error handling for failed deletion of tempfiles @justinsb
  • Validate IAM additionalPolicies @justinsb
  • Add missing error handling when reading stdin @justinsb
  • Add error handling (logging) when we fail to close a file @justinsb
  • Fix api-gen-docs dependencies @mikesplain
  • Parallel bazel crossbuild kops @mikesplain
  • Load client-auth plugins @ripta
  • one word change to docs grammar tense issue ran -> run @ms4720
  • Spell Fix: Fixing spelling of “Kubernetes” in doc @Rajat-0
  • Remove GetAsgForInstance IAM permission @justinsb
  • Don’t set kube-proxy cluster-cidr with aws-vpc-cni @spikecurtis
  • Move CloudProviderID consts into a block #5590
  • Fix cpu unit measurement #5589
  • Node Authorizer Prometheus Metrics #5599
  • Add AWS IAM permission to check for volume resize #5597
  • Add amazon.com image owner alias and Amazon Linux 2 documentation #5577
  • make dep-ensure checks that mercurial is installed #5600
  • Ability to configure --node-cidr-mask-size into #5596
  • fix typo #5604
  • Update install.md #5603
  • Don’t assume that we only have one subnet per AZ #5601
  • Fix additional security groups changes on api lb #5602
  • fix name of demo-app-v2 #5605
  • Enable weave network encryption for k8s 1.6 #5595
  • Bump Weave Net to v2.4.0
  • Create ExperimentalClusterDNS feature flag @justinsb
  • weave: bump version for 2.3.0 @justinsb
  • Validate that require-kubeconfig is not passed after 1.10 @justinsb
  • Docs for policy to do cross account state store in s3 @geojaz
  • DigitalOcean: don’t try to set SSE @justinsb
  • Remove _kubernetes_master tag @justinsb
  • Update CoreDNS deployment @rajansandeep
  • Add DEBUGGABLE option to Makefile to compile debuggable bins #5636
  • Add changelog to release notes for 1.10 #5639
  • Update README.md #5638
  • Fix build: prevent verify-misspelling failing on releases #5643
  • Update readme compatibility matrix for 1.10 #5484
  • Bump channels for 1.10.0 #5645
  • Upgrade DigitalOcean CCM to v0.1.7 #5651
  • add kube-proxy hostname override #5649
  • Create getting started with OpenStack doc
  • Update route53api.go @wangxy518
  • AWS VPC Daemonset Correctly Tolerate Node Taints @benjigoldberg
  • Added // restore // guide to single-to-multi-master.md @vlaza
  • Update alpha channel with images for foreshadow @justinsb
  • Basic validation for imagetype for NVME enabled instances @geojaz
  • Apply cloud labels into ELB @wingyplus
  • Cherry-pick release 1.10.0 commit @justinsb
  • Promote kubernetes versions from alpha -> stable @justinsb
  • Fix codegen make target #5662
  • Push latest k8s versions to alpha channel #5666
  • Added myself to SECURITY_CONTACTS #5674
  • Fixes go vet complain in package upup/pkg/fi/cloudup/awstasks #5669
  • Update machine_types.go to support T3 family #5681
  • Change vendored weave mesh to use hash keys by default #5693
  • Add etcd volumeSize docs #5692
  • Fix a typo: ectd->etcd #5698
  • add flag +ExperimentalClusterDNS in docs #5708
  • Adding kubernetes/dashboard v1.10.0 for K8S >=1.10.0 #5702
  • updated image versions and deployment instructions for the nginx-ingress addon #5711
  • Update CoreDNS version and manifest #5727
  • Vendor servergroup module from gophercloud
  • Make chrisz100 a reviewer for kops @chrisz100
  • OpenStack: enable cluster state deletion #5731
  • OpenStack: vendor schedulerhints
  • lifecycle tests: check no legacy tags on shared resources @justinsb
  • Refactor tables package to be more reusable @justinsb
  • Fix suspendprocess @mikesplain
  • Fixes go vet complains @wingyplus
  • correct 8 spell errors @sunlintong
  • correct spell errors in ‘docs/cluster_spec.md’ @sunlintong
  • --output json added to aws @kulik0v
  • Use appropriate log level for KOPS_STATE_S3_ACL debug message @davidarcher
  • Update k8s-ec2-srcdst to v0.2.2 @willthames
  • Add elasticloadbalancing:DeregisterTargets permission to master policy @kellycampbell
  • Typo fix: bellow -> below @mirake
  • Update README.md @geojaz
  • Machine type generator @mikesplain
  • Explicitly install conntrack @johanneswuerbach
  • Don’t unset AWS_PROFILE in Makefile @justinsb
  • machine-type generator: go vet fixes @justinsb
  • typo fixes in stable for ci verify jobs @chrisz100
  • Fix interactive rolling update silently ignored @Mikulas
  • Add Docker 18.06.1 for Debian Stretch @granular-ryanbonham
  • Update iaminstanceprofile.go @wangxy518
  • Recognize ubuntu images in sshUser dumping @justinsb
  • Added documentation for Api server LB Certificate @fernandocarletti
  • Move verify-spelling to script, install from vendor @justinsb
  • Protect against panic when networking is not set @justinsb
  • Cni toleration for tainted nodes @jhohertz
  • Fix bazel cross platform @mikesplain
  • Addon update heapster @recollir
  • Amazon VPC CNI: Kubernetes 1.8+ Manifests @ripta
  • Add hook option to install manifest as a hook unmodified @geekofalltrades
  • Add rdrgmnzs as a reviewer to owners file. @rdrgmnzs
  • Support for deletion of aws resources albs nlbs during delete @nareshku
  • dns-controller: allow configuring DNS update interval #5759
  • Avoid using which, CoreOS doesn’t always have it #5795
  • Start release notes for 1.11 #5815
  • Generate live project documentation using mkdocs and gh-pages ,@justinsb
  • Fix a typo in usage of server.go @AdamDang
  • Bazel Rules go 0.14 @mikesplain
  • Update gazelle for concurrent PR changes @justinsb
  • Add test for etcd-manager output @justinsb
  • Delete nodes from k8s api during rolling-update @justinsb
  • Update golang version to 1.10.3, for k8s 1.11 @justinsb
  • Prune some broken files out of vendor @justinsb
  • Field names are case-sensitive again @justinsb
  • Run dep to add missing new aws dependencies for elbv2 @justinsb
  • Tweak machine_types generator to match our existing values @justinsb
  • Fixes spurious LoadBalancer change when using ACM Certificate @rifelpet
  • Revert “Apply cloud labels into ELB” @gambol99
  • Fix markdown typo @coryflucas
  • Node Authorizer Fixes @gambol99
  • Update HPA docs @jsenon
  • Add clarity to AWS IAM Authenticator documentation @rifelpet
  • ECU fixes and add f1.4xlarge @mikesplain
  • Update to k8s 1.11 libraries, fix code @justinsb
  • Fix minor typo. @bheesham
  • copy path on kops-server-build @mahuihuang
  • cluster-autoscaler.yaml for 1.10 @koooge
  • Controller Manager Flag @gambol99
  • Allow using existing/shared Security Groups @rdrgmnzs
  • etcd: introduce field to specify whether we are using etcd-manager or legacy mode @justinsb
  • Follow on for #5744 @justinsb
  • Remove last vestiges of _vendor directory @justinsb
  • Stop cloudformation output switching to literal quotes @justinsb
  • doc: Trivial spelling change @karlmutch
  • Node mode controllers @gambol99
  • Node Authorizer Fixes @gambol99
  • Fix broken url in CONTRIBUTING.md @posquit0
  • doc: fix minor typo in the terraform doc @a8m
  • Mirror secrets using API @justinsb
  • Fix mis-typing in documentation @posquit0
  • Generate much smaller keys in integration tests @justinsb
  • Don’t override name of ELB API SecurityGroup @justinsb
  • Fix a few typos. @rdrgmnzs
  • Fix mis-typings in docs @posquit0
  • Fix mis-typings in documentation. @posquit0
  • Add no_masq_local to weave network options. @arturo-c
  • propagate error when initializing digitalocean provider @andrewsykim
  • Fixed duplicate info #5425
  • Small typo fix #5721
  • Grammar mistakes ,@justinsb
  • add support for max-mutating-requests-inflight parameter @captainkerk
  • Fix mis-typings in docs @posquit0
  • Fix some typos @mirake
  • Fix typos issues @mooncak
  • Fix typos issues in upup files @mooncak
  • Fix mis-typings in docs @posquit0
  • Fix broken link to etcd 2 documentation @mbode
  • Update create-cluster arg help @justinsb
  • fix network.md @fqsghostcloud
  • fix install.md @fqsghostcloud
  • Removed misleading comment about metav1 @justinsb
  • add targetRamMb to kubeAPIServer spec @captainkerk
  • Fix mis-typing in CLI command documentations @posquit0
  • alpha-channel: Use stretch by default for k8s 1.11 on AWS @justinsb
  • Fix cloudmock to pass govet @justinsb
  • Update Weave Net to version 2.4.1 @bboreham
  • fix typo: remove duplicate words @SataQiu
  • Add default S3 encryption example @RulerOf
  • fix service name @fqsghostcloud
  • Canal Manifest Fix (Kubernetes >= v1.12.0) @gambol99
  • Update weave bootstrapchannelbuilder version @justinsb
  • fix some typos @SataQiu
  • Google Cloud Storage md5 decoding fix @justinsb
  • If don’t use formatted output,fix logging calls @mikeweiwei
  • Promote kubernetes versions from alpha to stable @justinsb
  • alpha channel: update with latest kubernetes versions @justinsb
  • Recognize shasum format for hashes @justinsb
  • fix typo in comment @rdrgmnzs
  • Optimize kops get cluster with a cluster name @justinsb
  • Service Address Check @gambol99
  • s3: lazy-evaluate encryption policy @justinsb
  • Fixed node-authorizer systemd Unit paths @liviudm
  • fix some typos @SataQiu
  • Disable RBAC Addon’s in Node Mode @gambol99
  • added possible state store vendors to documentation @chrisz100
  • Fix documents issue @mooncak
  • Canal v3 @gambol99
  • fix small typos in security.md @AdamDang
  • Fix typos in files @mooncak
  • New integration: Spotinst @liranp
  • Ensure we parse k8s versions through 1.16 @justinsb
  • IPVS Options @gambol99
  • Promote AMIs from alpha -> stable @justinsb
  • add EnableNodeAuthorization in the list of experimental features @rekcah78
  • Fix broken url in documentation @posquit0
  • Delete duplicate ‘be’. @xichengliudui
  • Fix grammatical error in the warning message @AdamDang
  • Add suggested alias for bazelrc import location @justinsb
  • Fix the typos @SataQiu
  • Switch CI to bazel @justinsb
  • Fix nsenter mounter in protokube @justinsb
  • Use hostPID: true with etcd-manager @justinsb
  • terraform: Fix resource formatting for IPv6 CIDRs @a8m
  • Correct Spelling of “kubernetesVersion” @johannes-gehrs
  • Add support for cn-northwest-1c. @leeeboo
  • Remove excess Spaces @xichengliudui
  • More CNI toleration for tainted nodes. @jhohertz
  • Fixed issue when specifying ACM cert and no load balancer is defined @Raffo
  • fix typo in comments @TinySong
  • Clarify license statement for nvidia-bootstrap hook @swinslow
  • fixed MIN_NODES missing closing bracket @victortrac
  • fix typo in log @TinySong
  • Mount etc-hosts in calico-kube-controller @shrinandj
  • Bump CoreDNS version to 1.2.4 and update manifest @rajansandeep
  • cilium: Fix Prometheus serve addr flag @rochacon
  • Add stdin input for secrets @ihoegen
  • Separate subnet utils into a standalone package @errordeveloper
  • Fixed missing closing bracket around MIN_NODES @vivekgarg20
  • Update v0.19.0.yaml @wangxy518
  • Change the wrong function name and wrong word @xichengliudui
  • Prune some license files that dep added @justinsb
  • Fix s3 encryption role @rhyas
  • Fix indentation for monitoring-standalone addon @KashifSaadat
  • Canal v3.3.0 for Kubernetes v1.12+ @KashifSaadat
  • Correct the table format in upgrade_from_kubeup.md @AdamDang
  • Update Weave Net to version 2.5.0 @bboreham
  • Change “if” -> “if and only if” to make more clear @mooncak
  • Spotinst: Attempt to find a Security Group even without a VPC ID @liranp
  • fix some typos @SataQiu
  • Fix blog link @hintss
  • Bump kopeio-networking to latest version @justinsb
  • Spotinst: Do not log unmatched groups as warning messages @liranp

  • 5700: Add command line flag for disabling Subnet ELB tags #5875

  • Fix some typos #6048
  • Fix some typos in files #6064
  • Detail Calico BGP route reflector requirements #6047
  • coredns should not be running on master by default #5917
  • Document etcd volume options + fail fast if ratio is too high #6035
  • Spotinst: Skip the creation of LoadBalancerAttachment tasks if Spotinst is enabled #6015
  • Calico v3 upgrade #5102
  • Update Calico to v3.3.1 #6077
  • delete some code #6078
  • Adding describe launch config to autoscaler permissions #5929
  • Remove trailing comma from k8s-1.7-v3.yaml.template #6086
  • Updating image and docs for metrics-server add-on #5873
  • Updates to roadmap for 1.11 and 1.12 and new upcoming features section (WIP) #5824
  • Update amazon-vpc-routed-eni to v1.2.1 #5905
  • Request AWS ASGs in batches #6056
  • Typo fix: Deploy -> Deploying #6087
  • Use a single command in Linux install instructions #6084
  • autoscaler setup: Use set -e to stop execution if errors are encountered #6089
  • Typo fix “api server” -> “API server” #6092
  • increase docker-healthcheck respose timeout #5644
  • Bump version of amazon-vpc-cni in bootstrapchannelbuilder #6094
  • Fix typo in CRD: singuar #6095
  • add SSL certificate ARN to Terraform output #6082
  • Add flag to disable Basic Auth. #5586
  • Update machine types #6096
  • Implemented Nvidia DevicePlugin GPU Support on AWS #5502
  • Setting the manifest directory when it is required by kubelet #5939
  • Update CoreDNS version to 1.2.6 #6101
  • Fix typos: dnsmaq -> dnsmasq, mutiple -> multiple #6108
  • Document how to create a custom addon #6100
  • [monitoring-standalone] Add kubernetes 1.7 version #5902
  • Cni ipvlan vpc k8s support #4762
  • Node Authorizer Recovery Middleware #6105
  • Fix log warning info #6111
  • Set a on logrotate configs on CoreOS #6059
  • Mention about possible state store vendors in error message #6114
  • kops set: support for enableEtcdTLS and enableTLSAuth #6113
  • feat(cmd/kops/create_cluster): default to kubelet.anonymousAuth false on k8s versions >=1.10 #6091
  • Create separate certificate for etcd peer authentication #6112
  • Set MaxPods when using Amazon VPC CNI Plugin ,@ripta
  • Automated cherry pick of #6128: Update amazon cni to 1.3.0 @mikesplain
  • Automated cherry pick of #6156: Fix Calico upgrade job to use the correct version @tmjd
  • Automated cherry pick of #6129: feat: bump controller version to 1.0.18 @liranp
  • Automated cherry pick of #6175: Fix for when node and master use the same SG. @rdrgmnzs
  • Add a1 and c5n instance types @justinsb
  • Automated cherry pick of #6144: Workspace updates for bazel @mikesplain
  • ExperimentalAllowedUnsafeSysctls has moved to AllowedUnsafeSysctls in k8s 1.11 @rdrgmnzs
  • Add GCE europe-north1-{a,b,c} @eetujalonen
  • Automated cherry pick of #6253: Add p3dn.24xlarge @mikesplain

Changes from 1.11.0 to 1.11.1

  • Don’t panic when an etcd cluster is added #6180
  • Add Docker 18.06.1 for CentOS and RHEL 7 #6202
  • Update go version to 1.10.8 #6401
  • Normalize etcd cluster provider names #6410
  • Automated cherry pick of #6288: Recognize 2019 as a year #6364
  • Fix machine types and cleanup makefile #6427
  • Upgrade base image to alpine 3.8 and GO to 1.10.8 #6458
  • Support etcd-manager v3, suitable for backporting #6411
  • Choose docker version 18.06.2 for k8s >= 1.12 #6488
  • Workaround for overlay2 vs rhel-family docker bug #6491
  • Try using chattr to mark docker-runc as immutable #6506
  • include docker 18.06.1 missed dependency #6338
  • set net.ipv4.ip_local_reserved_ports to the KubeAPIServer ServiceNodePortRange parameter on nodeup #6343
  • Add jessie patch #6461
  • Bump etcd-manager version to 3.0.20190224 #6526
  • Make docker 18.06.3 the default for k8s >= 1.12 #6524
  • update-machine-types: more metal instance types #6551
  • Map docker 18.06.3 #6523
  • Sync up docker with master #6559
  • Mark 1.11.1 #6561