Significant changes

Required Actions

Highlighted changes

Full change list

From kops 1.8.1 to 1.9.0

Add list of PRs for 1.8.0 release @justinsb
Promote alpha channel to stable @justinsb
Release notes for 1.8.0 @justinsb
Put stable channel back to jessie for 1.9 / 1.10 @justinsb
Add missing permissions for NLB creation @aledbf
Fix filepath concatenation @justinsb
toolbox dump now dumps instances in alphabetical order @justinsb
SSH keys - be lazier about keystore creation @justinsb
Update aws-sdk-go to v1.10.34 @rdrgmnzs
Update bazel / gazelle @justinsb
When using private DNS add ELB name to the api certificate @vainu-arto
Fixed minor typo in 1.8-NOTES.md file @sellers
Minor update to docs/getting_started/aws.md @ysim
Fix libcgroup dependency typo @wannabesrevenge
Spelling fix in instancegroups.go error msg @sneako
Include roles in toolbox dump structured output @justinsb
Fix URL for Docker 17.03.2 on Debian Stretch @blakebarnett
Fix spurious shared InternetGateway renaming @rifelpet
Documentation fix for watchIngress flag in externalDns ClusterSpec @krogon-dp
Bastion output line @gambol99
Downgrade Flannel in Canal deployment to v0.9.0 @KashifSaadat
Let a user set a hostnameOverride when the cloud provider is aws. @rdrgmnzs
Add additionalNetworkCIDRs to support VPCs with multiple CIDRs in AWS @rdrgmnzs
updating goimports @chrislovecnm
implement security group task @zengchen1024
Implement security group rule task @zengchen1024
Update Weave Net to version 2.1.3 @bboreham
Fix Flannel nonMasqueradeCIDR @mikesplain
Remove world read permissions on sensitive key files. @KashifSaadat
Update gazelle @justinsb
Allow additional SGs to be added to API loadbalancer @almariah
[Add-on][kube-state-metrics] Bump version @tuannvm
add kube-ingress-aws-controller + skipper addons @szuecs
Bump flannel packaging version @justinsb
Bump weave version in bootstrapchannelbuilder @bboreham, #4062
Adding DescribeTags to masters #4051
Fix node counts #4026
Fix minor typo #4070
Gazelle updates #4067
apt-get: specify unattended installation #4082
files task: fix potential nil pointer error #4081
protokube: fix logging / logic around cluster-id #4080
protokube: better discovery of local address #4078
Refactor protokube hosts file into its own package #4076
assetstore: extract tar files to a temp directory #4075
Support for hostPort when using canal #4063
validation: don’t require subnet CIDRs on baremetal #4079
Use default subnet when creating IG #3987
Return apierrors NotFound when object not found #3981
Copy dnsprovider into our code, implement route53 batching #3860
Remove nodeup templating #3924
nodeup: create kubeconfig under admin or root #4077
add imagePullProgressDeadline to kubelet config #4046
Refactor: separate out SSHCredentials from Keyset stores #3832
Adds permissions for ELB and NLB req’d by 1.9 #4095
work on using files assets #3254
fixing bazel #4098
Add support for Amazon VPC CNI plugin #3997
Support for OIDC ‘username-prefix’ and ‘groups-prefix’ flags #4085
make it go to f #4102
Add Dashboard v1.8.1 #4101
fixing goimports formatting #4096
Refactor CAStore to use API types #3833
Fix code comment on PhaseSecurity #4106
Add —subnets and —utility-subnets to kops create cluster #4061
Update ottoyiu/k8s-ec2-srcdst docker image #4109
Refactor: clean up SecretStore to not use KeystoreItem #3834
Avoid ListSecrets call in nodeup #3835
Remove use of deprecated create-if-missing functions #3836
updating bazel files #4117
added instance types for f1 family #4116
Update code-of-conduct.md #4122
Refactor VFS CA store to reuse keyset from clientset #3837
Add audit log format flag for api server #4060
Use bundles when loading keysets #3838
Fix null pointer issues when custom PROTOKUBE_IMAGE is specified. #4120
Fix documentation of shared resource tags in kops > 1.8 #4126
Force nodeup to use the bundle #3839
Remove labels.yaml #4136
Added a clarification/warning note about exporting full specs #4151
Moved paragraph relating to runtimeConfig #4125
Add support for cn-northwest-1. #4148
fixing lifecycle type for network in security phase #4155
Implement mirroring for API CAStore #3840
Documentation Cleanup #4165
Openapi updates #4167
Add roundtrip tests for certs & private keys #4172
Adding CNI v0.6.0 which is required for Kubernetes 1.9 #4175
Remove Romana preview notice from networking docs #4187
Improving bazel make targets, adding a target for kops cli, bumping go_rules version #4170
removing inactive approvers #4176
Adding override for setting etcd version #4179
Initial implementation of bundle command #4193
Add experimental kube-discovery #4194
Updating Manifest documentation #4177
Updating docs README.md file #4178
Golang 1.9 #4168
adding missed lifecycles in elb code #4154
Bump alpha channel for meltdown/spectre #4204
kube-discovery: deduplicate multicast responses #4214
Add makefile target for kube-discovery image #4213
nodeup: don’t warn during distro detection #4215
gce: mounter asset has moved #4216
Adding cve updates for spectre and meltdown #4211
Suggest tweaks to meltdown advisory #4220
kops validate cluster can output YAML or JSON #4107
GCE: Don’t set bucket-level permissions #4221
cloudConfig.elbSecurityGroup under wrong L3 heading #4226
Update state and cloudLabels docs, fix —target description #4227
Makefile command “apimachinery” run #4241
VFS: Support io.WriterTo interface #4217
Expose the —fail-swap-on flag for kubelet #4239
Cloudformation #4244
Update binary installation commands for macOS to use curl alone #4260
Slight changes to commands. #4259
Add SubnetType Tag to Subnets #4198
kOps Replace Force #4275
docs: upgrade.md: drop DrainAndValidateRollingUpdate note #4282
Bump alpha channel #4285
Validate IG MaxSize is not less than MinSize. #4278
Removing duplicate AMI entry from Documentation #4223
Move net mode log after it is known in create #4294
Implement ability to update Load Balancer subnets #4281
Update list of AdmissionControllers for k8s 1.9 #4299
bazel 0.9.0 running updates #4298
Upgrade to calico v2.6.6 #4297
Update bazelbuild/rules_go to 0.9.0 #4304
Copy alpha channel to stable #4284
Stick with jessie for 1.9 clusters #4309
Use jessie for 1.10 as well, to unblock queue #4310
Bump kopeio-networking to 1.0.20180120 #4306
Promote alpha channel image to stable #4325
Update aws-sdk-go to 1.12.57 #4234
Don’t specify require-kubeconfig from 1.10 #4308
Fix ASG scaling by adding in ec2:DescribeRegions permission to the nodes IAM role #4320
fix config file name in aws-china.md #4321
Fix the buildImage command typo #4319
ReadTree: clarify that returns only files #4315
Add missing BUILD.bazel for util/pkg/slice #4318
bazel: expose version as in Makefile #4333
Add license to get_workspace_status & move to .sh #4337
Ensure GCE disk name does not start with a number #4317
GCE: Dial down logging #4335
Don’t autobuild protobuf files #4329
Handle NotFound error when creating instance group #4305
GCE: Don’t require SSH public key #4334
AWS LaunchConfiguration error handling fix #4341
GCE: Get default project from gcloud CLI #4332
When kops searches for AMI by name, if > 1 are returned, uses the latest. #4338
Enable metrics for AutoScalingGroups #4342
Update bastion.md #4344
Allow image override for etcd #4245
Switching the default for kops to create a cluster with RBAC enabled. #4184
Fix rootVolumeType accepts all volume types #4270
Interactive cli opt #4166
Bump kubernetes dashboard version to 1.8.1 #4130
Use 0.9.0 release of nginx-ingress-controller #4027
VFS: Recognize file:// paths #4346
exec target command, but still pipe it to tee #4286
Improve S3 url parsing for vfsPath to support more naming conventions #4246
Update single-to-multi-master.md #4359
Fix broken links for Usage instructions in addons.md #4361
update go version and ldflags #4349
Feature/extra terraform config #4336
Update terraform.md #4201
Extend examples of subnet parameter #4199
Update route-related IAM permissions for Romana #4365
update image go version #4366
Fix ccm startup wrt dns controller (set dnsPolicy to Default and host… #4367
modify check require-kubeconfig kube version #4357
Update kopeio-networking to 1.0.20180203 #4374
Remove federation support #4379
Documentation spelling/grammar fixes. #4372
Update gazelle #4378
Explicitly set go version in bazel build #4376
Update submodule dependencies for k8s 1.9 #4377
bazel: declare golang 1.9.3 #4380
Fix drain command for rolling-updates #4387
Add mac build for travis #4388
add support for changing the weave peer connection limit #4398
Update versions for romana container images #4405
Bump alpha channel to new image #4411
Update Weave Net to version 2.2.0 #4413
Bump weave version to 2.2.0 #4421
upup: Make RenderTerraform handle an error from AddOutputVariableArray #4406
Add notes for 1.8.1 release #4423
master node requires DescribeRegions when using a bucket from another… #4409
Pick up etcd version changes for a rolling update on master nodes #4371
API audit doc changes #4427
fix a typo in tool_template.go #4426
Updating Makefile to the correct versions for the 1.8.1 release #4432
Update BUILD files to account for some recent changes #4431
Use dep to maintain vendor directory #4382
Update upgrade.md #4433
Update Cluster Autoscaler image and Reduce the Delta between autoscaler docs #4182
Fix wrong backticks markdown. #4436
Add live-restore flag to docker config #4169
Fixing problems in dev build script example #4438
Add max-requests-inflight parameter #4395
Updates for x1 instance family #4437
Fix instange groups docs #4440
Kubernetes Calico TLS #4240
Add to aws-china.md to prevent Etag not match the HASH of file. #4384
add storageclasses permissions for cluster-autoscaler:v1.1.0 #4456
Fixing ExistsAndWarnIfChanges so that it will allow a user to pass #4459
updating bazel BUILD file #4457
Lifecycle overrides #4445
Remove submodules #4435
Updating variables to use Camel Case #4467
Updating missed BUILD files for gazelle #4468
Fixing deleting of shared IGW and DHCPOptions #4460
Support updating autoscaling metrics #4469
Convert registry to k8s.gcr.io #4137
Updating kops version when using bazel #4475
Update apimachinery & ensure we always run goimports #4473
Update kube-dns to 1.14.8 #4478
kube-dns: turn off negcache #4479
Initial support for standalone etcd-manager backups #4465
Require kops 1.7.1 (with the CVE fix), recommend kops 1.8.1 #3592
Build docker images through bazel #3561
Update ingress versions and fix to quay registry #4485
Update AWS Logo In Docs #4481
Change FeatureGates to omitempty under KubeProxyConfig #4500
Use k8s.gcr.io alias only for 1.10 ,@justinsb
Fix -ldflags incompatibility in go1.10 @tvi
Adding additional tags and shared to various AWS components @chrislovecnm
Bazel docker, cross builds and uploading to s3 @mikesplain
Verify bazel files @chrislovecnm
Build protokube tar in bazel @justinsb
Add cidr-allocator-type flag to kcm and ccm @justinsb
Bazel follow up @mikesplain
dns-controller: support digitalocean @andrewsykim
Add Instance Group Suspend Processes @mikesplain
DockerConfig Order @gambol99
Fix bazel deprecation notice @mikesplain
Experimental kops set cluster command @justinsb
docker: Adds hosts configuration option @jaipradeesh
Fixing verify bazel @chrislovecnm
Fix snake case @chrislovecnm
VFS: WriteFile takes an io.ReadSeeker @justinsb
Update rules go @mikesplain
Add node monitor flags @so0k
Clarify few things in Running an existing VPC @syndbg
Set the default docker for kubernetes 1.9 to 17.03.2 @zacblazic
Add option for using existing EIP’s @sethpollack
Etcd TLS Peer & CLient Auth @gambol99
Fix suspicious space in struct tag value @tvi
Add support for bastion aws user-data @duboisf
Moving from one IG w multiple AZs to one IG per AZ @Globegitter
Make addon specification into an object @polarbizzle, #4538
Fixing integration tests #4539
Increase key size in GeneratePrivateKey() to 3072 #4354
Kube-proxy API to accept cpu: limit, memory: request and limit #4476
Expose Felix metrics #4529
Add (proposed) roadmap for etcd #4474
Update Calico and Canal to use calico node v2.6.7 ,@justinsb
Update aws-sdk-go to v1.12.79 @justinsb
Add route53 max changeset batch size flag @pwillie
Add kubernetes 1.9.3 into alpha & stable channels @justinsb
custom ca new implementation of #2924 @mad01
Cherry pick to update apimachinery for 1.9 release @chrislovecnm
Verify apimachinery @chrislovecnm
Updates for Bazel tests and cleaning up go sdk @chrislovecnm
Kube Proxy IPVS Kernel Module @gambol99
Bumping gazelle version on bazel scripts @chrislovecnm
Bind the kubelet to the local ipv4 address @dezmodue
Recognize AWS Availability Zone EU-WEST-2C @KashifSaadat
removing old target in Makefile for copying the deps @chrislovecnm
Update find logic for newly shared objects @justinsb
Updating bazel kops versions so that it matches the Makefile @chrislovecnm
Add comprehensive horizontal pod autoscaling documentation @itskingori
Adding support for new Paris region @naveensrinivasan
Update Compatibility Matrix @mikesplain
Typo fix “NAT Gateways” -> “NAT gateways” @AdamDang
Force bazel builds to be pure. @mikesplain
Update getting_started/aws.md @sanketjpatel
Typo delete duplicated word @AdamDang
Typo fix “kubernetes”->”Kubernetes” @AdamDang
Fix distroless error @mikesplain
fix docs regarding security group tagging @mariusv
Create readme.ES.md @UlisesTJ
Bazel: Add more pure builds @mikesplain
Tag nat gateways @mikesplain
Typo fix “failes”->”fails” @AdamDang
Typo delete duplicated “a a” @AdamDang
Fix-typo-in-toolbox_template.go @yank1
Add cluster name environment variable @rocktavious
Typo fix “etcd manager”->”etcd-manager” @AdamDang
Typo fix “provides”->”provide” @AdamDang
Typo instance group ->”InstanceGroup” @AdamDang
Typo “official”->”official” @AdamDang
Typo delete duplicated “our”, fix “reacheable”->”reachable” @AdamDang
Fixed typo, us-central should be eu-central @peterkuiper
Typo fix “need”->”needs”, delete duplicated “.” @AdamDang
Typo delete duplicated “is “, “utilty”->”utility” @AdamDang
Typo fix “previouslly”->”previously” @AdamDang
Updating comment so we do not have gofmt issues with go 1.9 and go 1.10 @chrislovecnm
Creating the keyset.yaml file if it does not exist @chrislovecnm
Reduce log levels: parsing pem block @justinsb
Updating K8s API calls to use CoreV1 kops node adapter @chrislovecnm
Typo fix “Kubernetes 1.9”->”Kubernetes v1.9” @AdamDang
Protokube Channel and RBAC @gambol99
Add AWS x1e instances to the instance type supported by kops @ChienHuey, #4593
Updating verify scripts so that output is highlighted #4633
keypair integration test: print diffs #4648
Updating to use CoreV1 in unit tests #4645
Move ssh key functions to pkg/pki #4653
typo: anmed -> named #4652
Keypair: tweak Render logic #4649
Create lifecycle test against AWS mocks #4569
New images for alpha channel: 4.4.121 kernel #4657
alpha channel: k8s 1.7.13 & 1.8.8 #4658
alpha: bump to latest (64) COS image for GCE #4659
Promote alpha channel to stable #4656
Misc task code cleanups #4660
Add README to say what cloudmock is #4655
Bump alpha channels for CVE #4666
More mocks - sufficient for privatecalico to roundtrip #4654
Typo fix “DNS wil be”->”DNS will be” #4667
Unset certain environment variables before testing #4595
Fix a mistake in componentconfig.go #4670
Fix names of CloudFormation-created AutoScalingGroups #4669
Fix error accompanying note in node_api_adapter.go #4671
Update instancegroups.go #4681
Fix routetable detection #4661
Define KeysetFormat type, embed into keyset #4650
Typo fix “command”->”command” #4682
fix ‘confimap’->’configmap’ #4686
Correct spelling mistake #4685
[Calico] Fix delay setting up ip routes in new nodes #4589
Typo fix in route53-mapper/README.md #4706
Typo fix in kube-ingress-aws-controller/README.md #4707
Centos: add selinux package dependencies #4715
Fix boilerplate scripts #4713
Add more logging around ELB attribute modification #4705
Move AWS resources into its own subpackage #4708
Fix shared network objects #4711
Don’t tag shared VPCs #4710
Update boilerplate year #4714
cloudmock: fix locking around vpcs and subnets #4704
Typo fix in README.md #4716
Fix kubeScheduler.usePolicyConfigMap - missing namespace flag #4726
Improve logic around VPC detection #4709
cloudmock: fix prefix for RouteTableAssociation #4712
Validation: start to differentiate between validation failure and errors during validation #4732
Update kopeio-networking to 1.0.20180319 #4731
Validation: clean up unused node status functions #4733
Validation: Take a cluster object, not just the name #4734
Move DNS validation into validation #4735
Mount the iptables lock file #4742
add system:masters group to admin user in static token file #4575
Validation: simplify output rendering #4736
mockec2: more missing locking #4743
Validation: treat as error if insufficient nodes #4703
Fixed typos #4739
Don’t use ELB DNS name for internal ELBs #4748
use the primary cert from the ca cert bundle #4744
Release 1.9.0-alpha.2 #4750
Update instance_groups.md #4751
Update cluster_upgrades_and_migrations.md #4756
Update getting_started/aws.md #4755
Update networking.md #4754
Update README.md #4752
Bump stable/alpha channels to 1.9.0-alpha.2 #4757
fix function comment error #4769
Update addon_manager.md #4774
fix some grammar mistakes #4773
fix a grammar mistake #4771
Validation: don’t expect bastion nodes to join #4775
fix some grammar mistakes #4772
intersectTags: return nil if comparing against nil #4780
Deletion: check if VPC is shared #4776
Add deletion to lifecycle test #4777
ElasticIP: Collect tags #4782
ElasticIP: Always tag #4779
Move routetable detection to new logic #4778
SecurityGroups: ensure owned security groups are tagged #4785
Tag InternetGateways with consistent tags #4788
Tag ElasticIP when owned #4781
Make sure volumes are tagged #4784
SecurityGroup deletion: recognize shared tags #4786
ElasticIP tags for cloudformation & terraform #4789
Add support for instance monitoring #4695
Check tags in lifecycle tests #4787
Support for auth plugins in channels #4765
Dashboard : Fix CrashLoopBackOff (from K8S >= 1.8.10) #4783
etcd-quorum-read flag: explicitly default to off for v2 #4792
ElasticIP deletion: Honor shared tags #4790
NAT gateway deletion: honor shared tag #4791
Add simple sanity check for 4758 #4794
Add Cilium as CNI plugin #4224
Warn on VPC AdditionalCIDR changes #4796
kops release 1.9.0 alpha.3 #4802
fix some grammar mistakes #4803
fix some grammar mistakes #4804
kops toolbox dump: Add Subnets to dump #4806
apimachinery run to update generated files for EtcdQuorumRead flag #4810
Bump channels to 1.9.0-alpha.3 #4812
Typo fix defailt->default #4811
correct some small mistake #4820
fix a grammar mistake #4829
resolve conflict #4841
Bump ingress-nginx version to 0.12.0 #4840
Add AfterFiles dependencies to File tasks #4760
Update addon.go #4846
typo fix #4845
protokube: match device /root/dev/X as /dev/X #4849
Fix toolbox dump bug: store subnet in resource #4848
Add VPC to kops toolbox dump #4805
Typo fix in err messages #4850
Export kubernetes client metrics from dns-controller. #4612
AWS: etcd volume provisioned IOPS support #4852
digitalocean: external cloud controller addon #4698
Docs/update kube ingress aws controller security group walkthrough #4843
digitalocean: nodeup & protokube support #4697
Add DigitalOcean VFS #4858
implement network task for OpenStack platform #4830
Add metrics-server addon #4581
Validation around IOPS fields #4859
add output support to terraform & cloudformation for iops volume #4860
add network builder #4842
update basic-requirements.md #4864
Typo fix in err message #4870
two spell mistake #4865
Typo fix in error message #4869
implement router task for OpenStack platform #4868
add proxy mode flag to kube-proxy #4863
Release 1.9.0-beta.1 #4871
spell dependencies —> dependencies #4861
Implement vfs with AlibabaCloud OSS ,@xh4n3
Adding Mike and myself as reviewers @robinpercy
Fix some info errors @AdamDang
Typo fix in info message @AdamDang
Fixes port collision between dns-controller metrics and gossip. @tvi
removed sed from command to get AMI images @roffe
spell correct @sunlintong
correct spell in the code and the relative doc @sunlintong
Don’t enable dns-controller prometheus metrics by default @justinsb
Document the ports we use, to avoid conflicts @justinsb
update download_config.md @sunlintong
fix spell mistakes in cluster_spec.md @sunlintong
update two file @sunlintong
digitalocean: support multiple droplets @andrewsykim
digitalocean: add kubelet hostname override @andrewsykim
typo fix @jonyhy96
fix go vet error from util/pkg/vfs/ossfs.go @andrewsykim
Fix LDFLAGS for all future go1.10.* versions @mikesplain
digitalocean: dns operations should be idempotent @andrewsykim
coreos/containeros: restart kops-configuration service after docker drop-in is loaded @andrewsykim
update vsphere-development-status.md @sunlintong
three spell mistakes @sunlintong
add String method for OSSFS to fix go vet issue @xh4n3
three spell mistakes @sunlintong
Release 1.9.0-beta.2 @justinsb
Updating API Machinery @chrislovecnm
protokube: also check for device symlinks @andrewsykim
digitalocean: list/delete resources @andrewsykim
Update channels to 1.9.0-beta.2 @mikesplain
Fix typo in api_updates @mikesplain
Typo fix an->and @AdamDang
Add go 1.10 testing to travis CI @tvi
digitalocean: use pagination for all list requests @andrewsykim
Fix spelling @inthecloud247
Fix grammar mistake @mahuihuang
Update the recommended Ubuntu Image @ofersadgat
Typo fix dont’->don’t @AdamDang
Update rules go and use more recent debian snapshot @mikesplain
fix typo @mahuihuang
digitalocean: external cloud controller manager avoid circular dependencies @andrewsykim
implement subnet task for OpenStack platform @zengchen1024
Add warning about google cloud repository versions @tombull
fix version of kube-router at v0.1.0 @andrewsykim
Configurable log level for calico @edmeister
addons/cluster-autoscaler: Added healthchecks. @jpds
addons/cluster-autoscaler: Annotate for Prometheus by default. @jpds
Feature/4920 add authorization mode flag @chrisz100
Add configurable dnsmasq params to KubeDNS @jamesmcminn96
Update kube-dns to 1.14.9 @sergeylanzman
Avoid collisions in IAM ids @justinsb
Disable locksmithd on CoreOS if UpdatePolicy set @KashifSaadat
Pod Security Policies @gambol99
Fix etcd Keypair change showing on every kops update when TLS enabled @KashifSaadat
Only do etcd backups on main @justinsb
Bump Weave Net to 2.3.0 @brb
Ignore shared-ownership tags on volumes @justinsb