Significant changes

Added experimental Azure support. To get started check the docs
Default settings for AWS instances are updated to take advantage of recent performance and security features:
- Default etcd volumes encryption changes to enabled for newly created clusters
- Default root volume encryption changes to enabled
- Default etcd volumes type changes from gp2 to gp3
- Default root volume type changes from gp2 to gp3
Added for kubernetes version based on channel data.
kOps now use helm3 functions for merging template --set and --values arguments. This has slightly different behaviour than previous helm2-like logic.
Following kubeadm, control plane nodes are now labelled with node-role.kubernetes.io/control-plane=""
Default node image for GCE changed from COS to Ubuntu for K8s versions >= 1.18.0. This is to more closely align with the AWS implementation (the most mature support) and because COS limits the ability to modify files on its disk.

Breaking changes

Support for Terraform version 0.11 has been removed.
Support for the feature flag Terraform-0.12 has been removed. All generated Terraform HCL2/JSON files will support versions and 0.13.0+.

Required Actions

If you are using the Calico network plugin in a cross-subnet setup, you may have to manually remove the AWS Source/Dest Check controller (k8s-ec2-srcdst) deployment that was previously deprecated and replaced with the new awsSrcDstCheck feature.
If you are using self-hosted channels files, you have to add the new architectureID field, with one of the amd64 or arm64 values.
If you are running kops toolbox template in an airgapped environment, you have to set --channel to point to a local channel file.
If your workload targets control plane nodes, you need to change them to select the node-role.kubernetes.io/control-plane="" label. You should also add the toleration to these workloads. This taint will not be added to control plane nodes before kOps 1.22.

Deprecations

The manifest based metrics server addon has been deprecated in favour of a configurable addon.
The has been deprecated in favour of a configurable addon.
The node-role.kubernetes.io/master and kubernetes.io/role labels are deprecated and will be removed from control plane nodes in kOps 1.22
The experimental node-authorizer that could be enabled using nodeAuthorization has been removed. Setting this value is now forbidden.
Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.
Support for AWS LaunchConfiguration has been deprecated and will be removed in kOps 1.21.

Full change list since 1.19.0 release

1.19.0-beta.3 to 1.20.0-alpha.1

Update docs for cutting new release branches @rifelpet
Update security_groups.md @yurrriq
Take node labels from cloud tags on AWS @johngmyers
Update Office Hours Zoom link @johngmyers
Update zoom links on the spanish README @rdrgmnzs
Ignore changes to ForAPIServer field @justinsb
Update Flannel CNI to v0.13.0 @hakman
kubetest2 - Implement create/validate/delete cluster functionality @rifelpet
Cert circular deps @olemarkus
Fix cilium template by specifying boolean as a string for enable-metrics @h3poteto
Release notes for 1.18.2 @justinsb
Update Kops Go build supported versions 1.15 @bmelbourne
Spotinst: Bump the Spot Cluster Controller to 1.0.68 @liranp
Remove hack/workaround from etcd-manager certificate expiration advisory @hakman
Install container runtime packages as assets @hakman
Default to exporting a kubecfg, even without credentials @justinsb
Remove dependency of TerraformJSON feature flag @johngmyers
Makefile and hack script cleanup @rifelpet
Update channels @hakman
Update Calico config for eBPF mode @hakman
Add random AWS zone logic + specify build stage location @rifelpet
Update AWS VPC CNI to 1.7.5 @MoShitrit
Add nodeLocalDNSCache.kubeDnsOnly option @javipolo
Align AWS VPC CNI manifest with upstream @hakman
Fix release notes links to point to https://kops.sigs.k8s #10118
Add verify-cloudformation script #10130
Fix cloudformation lint errors #10131
Update shell style for CLI docs for better compatibility #10128
Prevent unintended resource updates to LB attatchments #9794
Make verify-cloudformation job fail when issues are found #10133
Set minimum Terraform version to 0.12.26/0.13.0 #10109
ELB/TargetGroup/ASG attachment fixes #10138
Prepare for version 1.20 #10101
Rebrand kops to kOps #10077
Remove code for no-longer-supported k8s releases #10141
allow reauth for openstack client #10144
Simplify etcd options builder #10145
Update AWS Cloudmock for complex and externallb integration test clusters #10140
Deprecate field calico.majorVersion #10143
[Digital Ocean] Use Debian10 as default image #10098
Fix NLB naming for terraform and cloudformation targets #10158
Move NLB’s VPC CIDR security group rule logic into model #10161
Fix additionalSecurityGroups support for NLB #10162
Some typos #10160
Fix output for CF and TF #10164
Avoid waiting on validation during rolling update for inapplicable instance groups #10065
OpenStack Reset deviceID status if needed #10178
Remove unused bearer token field from kubeconfig builder #10181
Compare KubernetesAPIAccess to OpenStack allowedCIDRs deterministically #10186
Consistent naming of security group rules #10179
Upgrade Hashicorp HCLv2 Go module v2.7.0 #10189
Fix auto scaling group changes when using spot instances #10187
Upgrade sprig to v3 #10191
Upgrade helm to 2.17 and use the helm.sh reference #10192
Fix AWS NLB reconciliation #10199
Fix disabling spot instances when using launch templates #10198
Add ACM cert permalink #10156
Setup a second NLB listener when an AWS ACM certificate is used ,@hakman
Update Go to v1.15.4 @hakman
Upgrade docker client @olemarkus
Spotinst: Configure Resource Limits in Ocean Auto Scaler @liranp
Release notes 1.19.0-beta.1 @hakman
Use LaunchTemplate versions instead of timestamped LaunchTemplates @hakman
Update kOps version after 1.19.0-beta.1 release @hakman
Remove components from cluster validation @johngmyers
Allow to use custom csi plugin image and enable topology support @zetaab
Update validate cluster cli docs @johngmyers
Fix cluster autoscaler docs @djablonski-moia
Make etcd-manager log verbosity configurable @elblivion
Update k8s versions nov 2020 @MoShitrit
Update Ubuntu ami to latest version @MoShitrit
Fix various nits @hakman
Switch ARM64 CI to Graviton2 CPU @hakman
Update docs related to audit logging @hakman
Don’t install the misc packages for k8s 1.20+ @johngmyers
Fix readme @karancode
Update kops as kOps and remove extra spaces from .md files @axpraka, #10235
Add default runtime and runtimes fields in the docker config #10238
Fix cluster validation dependency on local kubeconfig #10221
Associate instance group to pod validation failures in cluster validation. #10237
Add HPA Flags for horizontal-pod-autoscaler-initial-readiness-delay & horizontal-pod-autoscaler-cpu-initialization-period #10241
Remove more code specific to unsupported etcd v2 #10245
GCE: ignore (output-only) networkInterface.name #10242
Make it possible to use OnDelete update strategy on addon daemonset #10167
Fix version of storage-aws addon manifest #10247
Fix cloudformation lint job #10256
Update etcd-manager to 3.0.20201117 #10257
Use separate domain for kops-controller bootstrap #10239
Revert “Switch ARM64 CI to Graviton2 CPU” #10262
Update Bazel rules for Go to v0.24.7 #10240
Update k8s dependencies to 1.20.0-beta.2 #10266
Push multi-arch images #10265
alpha channel: update legacy images #10269
Fix multi-arch image pushing #10270
Add sslPolicy for NLB to change listener’s security policy #9666
Optimize Bazel builds by os and arch #10267
Fix incorrect URLs in kops cluster documentation #10274
Use etcd v3.4.13 for k8s v1.19+ #10277
Parse TargetGroup names from ARNs #10276
Add Go code-generator v0.20.0-beta.2 crypto hash #10285
Add ACM/NLB instructions to 1.19 release notes #10292
Release notes for 1.19.0-beta.2 #10293
Add more NLB release notes and documentation #10294
Can check cert expiry using openssl ,@hakman
[weave] Add support for default version override @dntosas, #10273
Add support of Azure Blob storage to VFS #10258
Update kOps version after 1.19.0-beta.2 release #10295
Remove support for using legacy ELB name #10296
Remove dead code #10297
Remove support for disabling manifest normalization #10298
Upgrade cloud-provider-openstack to 1.19.2 #10303
Fix a typo in an error message returned from buildAzureBlobPath #10305
Allow setting CPU limit and Mem request / limit for kube API server #10275
Optimize Bazel dev builds by arch #10309
Update Calico to v3.17.0 #10310
[Digital Ocean] Upgrade godo sdk to v1.54 #10320
Tolerate missing detached EC2 instances #10319
Don’t try to detach masters #10328
Remove copyright notice from nodeup scripts to reduce the user-data size. #10333
Add docs for metrics server #10332
Push alpha to stable #10336
Add paramaeters related to Taint based Evictions in kube-apiserver #10339
Allow using gp3 for root volumes #10345
Update containerd and Docker versions #10341
Update aws-sdk-go to v1.36.0 #10347
Bump aws-vpc-cni version to 1.7.6 #10337
Update etcd-manager to 3.0.20201202 #10351
Update DigitalOcean cloud-controller-manager to v0.1.30 #10352
Add aws-cloud-controller-manager config to addons #9704
Allow attaching same external target group to multiple instance groups #10335
Add fuzzer and OSS-fuzz build script #10326
Set —service-account-issuer for k8s 1.20+ #10284
Promote addon docs to first level menu item #10355
[Digital Ocean] Promote to Beta #10312
Give users the option to gzip and base64 encode the heredocs in the nodeup.sh user-data #10357
Add integration test for creating an HA cluster in shared zone #10365
Add minimal cert-manager addon #10318
Remove resource limits from cluster autoscaler #10375
Remove dependency on TravisCI #10366
fix cluster-autoscaler README url from cluster_spec -> addons #10373
Rename duplicate ci target to quick-ci #10378
Use custom-configured ServiceAccountIssuer when present #10364
Add option for setting the volume encryption key in AWS #10359
Add support for AWS IMDS v2 #10324
Update k8s dependencies to v1.20.0 #10390
Update docs for CentOS 8 #10368
Move tools into separate hack go module #10308
Update etcd-manager to 20201209 #10394
Mount /lib64 for Protokube only on AMD64 #10396
Explicitly specify http_endpoint in terraform launch template #10398
Update alpha channel with December 2020 k8s releases and bump Ubuntu AMI version #10401
Hack script improvements #10407
hack/goimports - Replace mapfile with read #10410
Allow override of registry and tag for Calico images #10316
Update Calico to v3.17.1 #10408
Bump aws-cni to 1.7.7 #10416
Add support for containerd v1.4.3 ARM64 #10418
Add release note for terraform launch template migration #10423
Expose metrics port when PrometheusMetricsEnabled set to true in Calico #10414
Bump etcd client to 3.4.13. Use go modules #10425
Use the kubernetes-sigs version of yaml #10427
Bump heredoc to v2 #10429
Update container runtime service files #10428
Template functions for recommended kubernetes versions #10369
Make CoreDNS the default DNS server #7919
Delay defaulting to CoreDNS to k8s v1.20 #10435
Bump go-bindata and use go module #10421
Bump sftp to 1.12 #10436
IAM ServiceAccount Roles: truncate name at 64 characters #10437
Bump helm to v3 #10426
cloudmock - guard the VPC CIDR association calls with a mutex #10440
Upgrade mkdocs dependencies to latest #10433
Spotinst: Schedule Ocean Controller to Linux nodes only #10444
Bump AWS-CNI to version 1.7.8 #10447
protokube - query host by label when setting tags #10413
Allow Calico to run on systems with loose reverse path forwarding #10442
Bump k8s versions on alpha and bump Ubuntu AMI version on stable #10464
Remove gjtempleton as reviewer #10466
Calico: Allow operators to choose which encapsulation mode to use #10404
Spotinst: Ignore volume type case sensitivity to prevent unnecessary updates #10450
Spotinst: Expose Ocean Headroom percentage and autoconfig labels #10449
Spotinst: Support for multiple subnets per zone #10452
Add new-pod-scale-up-delay in Cluster Autoscaler spec #10471
Replace (some) deprecated ResourceHolder with Resource #10472
Remove ResourceHolder: remove last usages and remove code #10478
Refactor MirroredAsset into mirrors package #10475
Refactor nodeUpConfigBuilder to be standalone #10476
Avoid recursive type definitions in schema #10482
Drop support for containerd 1.2 #10483
Update CNI plugins to v0.8.7 #10481
Add Azure support #10114
Refactor GCE InstanceTemplate #10477
Use Region method of fi.Cloud ,@rifelpet
Spotinst: Bump the Ocean Controller to 1.0.69 @liranp
Added event-qps and event-burst flags to kubelet @DOboznyi
Add config options for container runtime package URL and Hash @hakman
Fix cluster setup when KOPS_ARCH is set @hakman
Docs: Rename “Development” section to “Contributing” and add instructions to update the base AMI version of Ubuntu @MoShitrit
Release notes for 1.19.0-beta.3 @hakman
Use containerd.sock for AmazonVPC CNI with containerd @hakman
Remove support for Kubenet with containerd @hakman
Add containerd option for registry mirrors @hakman
Treat InvalidDhcpOptionsId.NotFound as already-deleted @wongma7
Add required toleration to gpu documentation @silashansen
AWS IAM Role Tagging @rifelpet
Update stable channel with recent k8s releases @MoShitrit
Run k/k’s e2e suite via new kubetest2 make target @rifelpet
Remove copyright YEAR from generated Go files @bmelbourne
e2e - dump cluster manifests into artifacts and add —kubernetes-version @rifelpet
kubetest2: Pass through some AWS env vars @justinsb
kubetest2: add initial support for GCE @justinsb
Add gp3 Volume Type to etcd @msidwell
Only include API server additional security groups in InstanceGroups for masters @seh
Update kube-router to v1.1.1 @hakman
IRSA - continue adding route53 permisions to masters @rifelpet
Add possibility to set volume throughput for gp3 volumes @hakman
Prefix etcd cluster names with letters @hakman
Recognize ubuntu 20.10 @justinsb
Don’t allow ebs volume TF resource names to begin with digit @rifelpet
Add K8s Docker runtime support deprecation release note @bmelbourne, #10371
Make it possible to change the etcd volume type and iops #10461
Promote Ole Markus to approvers list #10542
Add containerd config file to Flatcar based instances #10540
Add control-plane node role label to cp nodes #10397
Move bootstrapchannelbuilder to a dedicated package #10409
kubetest2: support specifying admin-access value #10526
GCE: Don’t warn about NVME #10548
Simple upgrade test using kubetest2 framework #10523
Refactor and centralize distribution logic #10538
Fix to handle exit code of gazelle command in hack/verify-bazel.sh #10182
COS/GCE: exec on kubelet/flexvolume dirs #10547
Fix typo in comment #10541
Openstack: Prevent data race in servergroup member list #10553
Updates GCE channels to use ubuntu over COS #10554
Kubetest2 - use our own tester that wraps kubetest2’s ginkgo tester #10549
Spotinst: Specify Spot percentage per Instance Group #10551
update gophercloud dependency #10556
Upgrade Go v1.15.6 / Bazel v3.4.1 #10550
Remove node-authorization #10439
[addons/CA] Add support for specifying resources and metrics #10281
Spotinst: Iterate over metadata labels only once #10560
Default cgroup driver to systemd from k8s 1.20 #10419
AWS CSI driver #10467
Upgrade cfn-lint to 0.44.3 #10565
Fix file not found error detection in fs:// #10566
Fix NLB listener -> target group association for TF & CF #10567
Spotinst: Bump the Ocean Controller to 1.0.70 #10573
Spotinst: Specify whether scale-down activities should be restricted #10561
[OpenStack] Use new hash format in instance names #10557
kubetest2 - Add manifest template support #10559
Updates to Alpha versions - k8s & kOps #10576
Use Bazel 3.4.1 for postsubmit jobs #10578
Give kubetest2 its own makefile #10577
Use consistent naming for the remaining SGRs part two #10188
[DigitalOcean] add e2e tests #10575
Allow nodeup (and others) to replace in-use files #10581
Dial-down logging on flagbuilder #10582
Fix default make target #10584
containerd: Add /etc/crictl config to enable crictl #10585
Add CF integration test for gp3 volumes #10569
Release 1.20.0-alpha.1 #10591

1.20.0-alpha.1 to 1.20.0-alpha.2

Release notes for 1.20.0-alpha.1 @hakman
Make cluster proportional autoscaler image configurable. @bjhaid
Set default container runtime to containerd @bmelbourne
Fix minor docs typos @JamesJJ
Validate cluster cloud labels @olemarkus
Exclude terraform.lock.hcl files from Git repo @bmelbourne
Provide required —kubernetes-version flags to kubetest2-kops —up @rifelpet
Kubetest - add networking support + misc fixes @rifelpet
Require KOPS_TERRAFORM_0_12_RENAMED, to guard against tf breakage @justinsb, #10602
Add troubleshooting documentation #10594
Fix menu link to troubleshooting #10607
Use kops binary built by kubetest2-kops in upgrade script #10613
Warn if cilium encryption is enabled, but no secret has been set #10608
kubetest2 upgrade script - PATH needs to be a directory #10617
Add support for container-log-max-size/files with kubelet #10612
Add network and router availability zone hints to OpenStack #10616
Increase CoreDNS default ttl #10610
Update Go to v1.15.7 #10614
kubetest2 - Add support for specifying a kubernetes version marker file #10620
kubetest 2 - fix parsing of k8s version semver values #10621
Update Weave to v2.8.0 #10604
Update AWS instances defaults #10624
kubetest2 - update the skip regex for the upgrade scenario #10626
Install dbus if needed for protokube with containerd #10583
Ensure SpecOverrideFlag is set in upgrade test #10628
Fix unbound variable in upgrade scenario script #10631
kubetest2 - increase validation timeout for the upgrade scenario #10632
Add startup probe for calico-kube-controllers #10633
Remove coredns dnsprovider #10629
Spotinst: Avoid unnecessary duplication of tasks #10630
enableRemoteNodeIdentity actually defaults to true #10635
Replace gopkg yaml with k8s-sigs yaml #10634
protokube: Remove unused ExecuteTemplate function #10637
Fix phony make target for setting up kubetest2 #10636
[Digital Ocean] Add SFO3 region. Also update e2e tests to use full list of supported zones #10622
etcd-manager: Update to 3.0.20210122 #10638
Update k8s versions in stable channel and bump ubuntu ami version in alpha channel #10639
Update kubetest2 library #10646
feat: implement azure get api ingress status fn #10609
Use the same package marker for kubectl as for e2e binary #10649
Reword ‘what is kOps’ #10570
Add back support for kubenet style networking with containerd #10651
Add set instancegroup command #10593
Set the tcp_rmem sysctl in bootstrap script #10654
Add —create-args kubetest2 flag #10658
Fix cluster_spec.md indentation #10660
Allow attaching same external load balancer to multiple instance groups #10666
Fix typo #10667
Update kops e2e testing docs #10652
Create default loadbalancer when SSL certificate is specified #10665
Bump Ubuntu images for AWS and GCE #10670
Remove taints from spotinst ocean terraform resource #10674
Allow SSH user to be overridden for toolbox dump #10675
kubetest2 - Use —ssh-user to dump logs #10676
Update AWS etcd-manager volumes defaults #10661
Update aws-sdk-go to 1.37.0 #10682
Release notes for 1.19.0 #10683
Update release compatibility matrix #10684
Default IMDSv2 to “optional” for AWS #10655
Add link to 1.19 #10686
Fix header indentation in addons.md #10685
Documentation update: Corrected externalPolicy AWS ARN formatting #10680
Remove ‘not released’ notice from 1.19 notes #10688
Fix bug preventing tasks using gp2 #10694
Have channels create PKI for addons #10545
Add template function returning the latest image #10689
Update Weave to v2.8.1 #10698
Increase IMDSv2 hop limit on control plane nodes #10702
Kubetest2 - refactor how arguments are set #10701
Update upgrade test to use 1.18->1.19 #10710
Fix create args for upgrade test #10711
Docs: Fix ServiceAccountVolume proposed configuration for Istio #10712
Update the skipped tests in the upgrade job to help the test stage pass #10713
Remove unused instanceGroup parameter from setClusterFields #10690
Update code reference links in docs #10696
Fix rendering issue created by #10414 #10700
Fix panic when exporting kubecfg for AWS cluster without load balancer #10720
Cleanup kops-controller Route53 record during cluster deletion #10721
Revert making imdsv2 default #10729
Throw error if path being set by kops set is not present in struct #10692
Use expected LaunchTemplateId in updating ASG when MixedInstancePolicy is changed #10742
Fix ineffassign issues #10739
Deprecate aliyun #10746
alpha channel: Update older images #10748
Fix docs build failure #10750
add user agent to openstack api requests #10732
Add support for cilium 1.9 #10695
Use EnsureTask instead of prepending IG names to external ELB tasks #10754
nodeup file: Set owner & group when we write the file. ,@hakman
Always generate kops-controller certs @hakman
Release 1.20.0-alpha.2 @hakman

fix: asset task copy docker image #10767
Add AWS LoadBalancerController #10489
Update Calico to v3.17.2 #10787
Enable CSIMigrationAWS if CSI EBS driver is installed #10791
Fill Role names in kops-controller-config instead of instance profile names when it is specified #10728
Update Docker to v19.03.15 #10802
Fix LaunchSpec TF output #10806
add azure support for internal loadbalancer to k8s api #10744
Allow managed images for Azure instance groups #10797
kubenet containerd: match upstream #10759
Storage: Allow disabling of kOps’s management of StorageClasses #10733
Spotinst: Replace corev1.Taint to fix HCL2 serialization #10819
Spotinst: Bump the Ocean Controller to 1.0.72 #10820
Allow to control which subnets and IPs get used for the API loadbalancer #10741
Use correct tag when creating node labels from azure cloud tags #10619
containerd installation: always configure, even if we don’t install #10813
Precreate the kops-controller DNS name #10833
Actually enable systemd cgroup for containerd #10846
Update Go to v1.15.8 #10853
Add support for CAS 1.20 + support for disabling CAS for a given IG #10857
Add liveness probe for calico-kube-controllers #10856
Bump aws node termination handler to 1.12.0 #10863
Update AWS CNI to latest patch version #10876
Bump metrics-server to 0.4.2 #10858
Fixes for 1.21 e2e tests #10879
Add validation for instanceType and ami architecture ,@hakman
fix loadBalancerID null pointer @collin-woodruff-t1cg
Update Calico to v3.18.0 @hakman
Adding Elastic IP Allocations to NLB API @timothyclarke
add usage of subnet and routetable shared resources in azure @ngalantowicz
Release 1.20.0-beta.1 @hakman

1.20.0-beta.1 to 1.20.0-beta.2

add support for azure public loadbalancer #10915
Spotinst: Prevent instance groups with the same suffix from being deleted #10918
Fix nil pointer deference for image ID with spotinst #10924
Sort external policies when checking for changes #10940
Further improve cloudLabel validation #10910
Update etcd-manager to 3.0.20210228 #10949
Allow multi-CNI setups to set usesSecondaryIP #10828
Spotinst: Don’t skip LB attachments when SpotinstHybrid is enabled #10961
Add AWS Transit Gateway support #10948
gce doesn’t suffix the IG names with ClusterName #10944
Fix node label conversion in Azure #10935
Spotinst: Bump the Ocean Controller to 1.0.73 #10960
Add support for enable-cadvisor-json-endpoints with Kubelet #10957
Add explicit RBAC permissions for finalizers subresources #10966
Add support for CPU Credits on AWS t2 and t3 instance families #10934
Update controller-runtime to v0.8.2 for kOps 1.20 #10967
Removing duplicate local and output values in terraform(#10786) #10978
Add CloudLabels as —extra-tags to aws-ebs-csi driver #10976
Use internal api url for jwks #10888
Disable Calico Prometheus metrics by default #10982
Add etcd-manager discoveryPollInterval option #10975
Storage: Amend default choice for StorageClass management to honor a specified OpenStack-related value #11002
Use exponential backoff for DNS updates #10996
Update Calico to v3.18.1 #11018
Various cleanups around apply_cluster and awsmodel #10579
Spotinst: Add support for block device mappings in Ocean Launch Spec #11009
Fix rendering of multiple Docker insecure registries #11027
Release 1.20.0-beta.2 #11031

1.20.0-beta.2 to 1.20.0

azure: fix null pointer when updating in place cluster @collin-woodruff-t1cg
Honor OS update policy at InstanceGroup level too @seh
Cleanup some nodeup & protokube logging @rifelpet
Improve instance type validation error message @bharath-123
Add channels entries for image architecture @hakman
Upgrade AWS CNI to version 1.7.10 @MoShitrit
Ensure protokube can connect to kube-apiserver before starting the sync loop @olemarkus
Put awslbcontroller on the control-plane @olemarkus
Have nodeup retry kops-controller bootstrapping sooner if DNS isn’t setup @rifelpet
Update containerd to v1.3.10/v1.4.4 @bmelbourne
Update kube-router to v1.2.1 @hakman
Remove instance-selector label @bharath-123
Validate that kube-apiserver has the necessary authz modes set @olemarkus
[DigitalOcean] Fix DO Tag issue @srikiz
Revert “Update kube-router to v1.2.0” @hakman
replace hard coded aws region checks with aws sdk calls @guydog28
Add scaleDownDelayAfterAdd to clusterAutoscaler spec @jurriaanpro
Add an option to skip NTP installation @kenji-cloudnatix
Spotinst: Use BDM to configure the root volume size at VNG level @liranp
Spotinst: Configure headroom resources only at the VNG level @liranp
Release 1.20.0 @justinsb

Correct typos #11190
Use “string” for architecture type in ChannelRecommendedImage #11220
Always secure api -> kubelet communication #11185
Fix etcd volume validation logic #11225
Remove validations for EBS from cluster validation #11228
Add support for Docker v20.10.6 #11236
Add Azure image to alpha/stable channel #11271
Exclude nodes from load balancers upon cordoning #11273
Fix cilium template scoping typo #11270
If one tries to use eip with a public ip that doesn’t exist, fail #11276
Spotinst: Prevent nil pointer dereference #11289
Spotinst: Update spotinst/ocean-controller to v1.0.74 #11286
Make it possible to detect field changes when mixedInstancePolicy is removed #11255
Add ability to set a default Issuer in certManager addon #11281
Filter servers using cluster name in tags #11305
Use the full operator instead of the generic one #11312
Update Calico to v3.18.2 #11339
Set SAN for addon CAs #11328
Add support for configuring Cilium enable-host-reachable-services. ,@hakman
Mount /run inside etcd-manager pods for systemd mounts @hakman
Expose hubble agent when hubble is enabled @olemarkus
Mark control-plane node for update when etcd volume size changes @hakman
Update Calico to v3.18.3 for kOps 1.20 @hakman
Don’t try to mount hubble TLS on the agent if we don’t use hubble @olemarkus
Add elasticloadbalancing:ModifyTargetGroupAttributes to aws lb controller @olemarkus
Use etcd-manager built from etcdadm repo @justinsb, #11098
csi/aws: Bump templates + add support for warm pools ,@codablock
Verify all versions are set correctly @johngmyers
Backport rename of service-account key to 1.20 @johngmyers
Update verify-terraform to use 0.14.11 @rifelpet
Create new clusters without forcing a container runtime @hakman
Allow AWS instance types with multiple architectures @hakman

1.20.1 to 1.20.2

Release 1.20.1 #11467
Update containerd to v1.4.6 #11535
Allow cert-manager to be provisioned externally #11354
upup: gcetasks: force send AutoCreateSubnetworks field when set to false #11457
[metrics-server] Bump manifest to latest stable ,@hakman
Allow Spotinst to use comma separated instance types @hakman
Only update kubeconfig user when we have user info @justinsb
Add init image field for Amazon VPC CNI @ryan-dyer
Fix duplicate CopyFile tasks @johngmyers
Use the OnDelete updateStrategy for AWS VPC CNI DaemonSet @johngmyers
Consolidate CSI livenessprobe images for multi-arch support @rifelpet
Fix set-version leaving backup files with “-e” suffix @johngmyers
Add support for Docker v20.10.7 @hakman
Bump the cas addon version. @olemarkus

1.20.2 to 1.20.3

Release 1.20.2 #11800
Also set haveUserInfo=true in case —user was provided in “kops export kubecfg” #11778
Handle containerExec hooks when using containerd #11852
Update aws-sdk-go to v1.37.33 for kOps 1.20 #11858
Include GCP Project in terraform HCL2 output #11901
cluster validation - allow flapping of validation errors #11049
Add log rotation for etcd-cilium.log #11943
Don’t ignore channel value in toolbox template #12464
Update containerd and Docker for kOps 1.20 #12509