Releases: kubernetes-retired/kube-aws
v0.14.5
Changelog since v0.14.3
Importantly, this release changes the OS that your cluster runs upon from CoreOS to FlatCar. There should be no notable impact when rolling out this change, but please do open an issue if you spot a problem.
Component versions
Kubernetes: v1.14.9
Etcd: v3.2.26
Features
- #1852: Flatcar has replaced the deprecated CoreOS as the main OS of kube-aws.
- #1844: Pod autoscaler rest client can now be used independently of the metrics-server addon in kube-aws (Thanks to @dominicgunn)
- #1843: KIAM Server can now be given a specified port-name, useful for Istio users where the default port-name causes broken routing (Thanks to @dominicgunn)
Other changes
- #1842: The value for
kubernetes.io/cluster/Xtags are nowownedas opposed to empty ortrueto help prevent cluster drift. (Thanks to @dominicgunn). - #1845: Admission controllers are now explicitly defined, allowing for easier look-up on what's enabled in the cluster (Thanks to @dominicgunn)
- #1846: Canal configuration has been updated to more closely match that of kops, primarily moving the
initContainerlogic to prevent race conditions on start-up. (Thanks to @dominicgunn)
v0.15.2
Changelog since v0.15.1
This release contains another important regression fix.
Component versions
Kubernetes: v1.15.9
Etcd: v3.3.18
Features
- #1834: Added back in --configure-cloud-routes=false(Thanks to @andersosthus)
v0.15.1
Changelog since v0.15.0
This release contains important fixes to regressions with the v0.15.0 release and includes formatting fixes that were preventing kube-aws init from being templated correctly. Also, the implementation of the cloud-controller-manager was found to have broken the use of persistent ebs volumes - this has been rolled back in this release (it has been made an experimental feature along with the Container Storage Interface and out-of-tree ebs volume driver strictly for testing and both disabled by default).
Component versions
Kubernetes: v1.15.9
Etcd: v3.3.18
Features
- #1827: template: use of InitialConfig to build cluster.yaml(Thanks to @sei-nicolas)
- #1832: v0.15.x branch: Make cloud-controller-manager an experimental feature(Thanks to @davidmccormick)
- #1811: v0.15.x Remove possible blank lines(Thanks to @davidmccormick)
- #1815: Add proper indentation to extra CoreDNS config(Thanks to @javipolo)
v0.15.0
Component versions
Kubernetes: v1.15.6
Etcd: v3.3.17
Calico: v3.9.1
Upgrade notes
Cloud Controller Manager
This release introduces a new external cloud-controller-manager that has been separated out of the controller-manager and performs the integration actions between the Kubernetes cluster and AWS cloud features.
WARNING:
This change is breaking if you make use of PersistentVolumes inside of your cluster, you can read more about the limitations here.
Etcd Upgrade
If upgrading from existing kube-aws clusters you must deploy v0.14.2 or higher before upgrading to this release (otherwise you will see a cloud formation error when you try to apply). This release contains a major etcd upgrade to the v3.3.x branch. The upgrade is performed by spinning up a new etcd cluster and copying across the contents from the existing servers. Should the cluster upgrade fail (at any point) then we will roll-back and revert to using the original servers again.
WARNING: it is possible to lose cluster state changes if they are made after the copy has been performed but before all of the kube-apiservers have been replaced or if the cluster roll fails and rolls back to the original servers; therefore we strongly suggest that you perform the upgrade in a maintenance window with customer deployments disabled if possible.
Plugins
The following features have been updated and migrated into plugins and have been removed from the core kube-aws configuration and code: -
- Kubernetes Dashboard
- Kiam
- Kube2IAM
If you use these features - please note that you now need configure them via the plugins section of your cluster.yaml.
Roll NodePools by AvailabilityZone
In this release we make the nodePoolRollingStrategy AvailabilityZone the default choice. You will need to update your cluster.yaml files if you want to continue to use Parallel or Sequential strategies. Rolling by AvailabilityZone is safer than parallel because all nodePools within the same AZ will role in parallel but nodepools across AZs will be rolled one AZ-at-a-time.
Note: The default MaxBatchSize remains at "1" but we invite you to try setting your MaxBatchSize to the same as your maxSize from time-to-time to test what happens in the event of losing an AZ!
Features
- #1726: move Kiam to a plugin(Thanks to @davidmccormick)
- #1727: Allow CoreDNS resources to be configured(Thanks to @dominicgunn)
- #1730: Move kube2iam to a plugin(Thanks to @davidmccormick)
- #1746: Allow resource configuration for APIServer(Thanks to @dominicgunn)
- #1756: master: Remove the control-plane stacks dependence on cross stack references(Thanks to @davidmccormick)
- #1773: Allow major Etcd upgrades with safe roll-back(Thanks to @davidmccormick)
- #1754: Move kubernetes dashboard to a plugin(Thanks to @davidmccormick)
- #1782: Use nodePoolRollingStrategy of 'AvailabilityZone' by default.(Thanks to @davidmccormick)
Improvements
- #1720: CoreDNS prometheus metric annotations exposed at deployment level (Thanks to @HarryStericker)
- #1735: kube2iam resources improvement(Thanks to @jorge07)
- #1742: Update prompt and banner earlier in boot process(Thanks to @davidmccormick)
- #1748: Networking Version Updates(Thanks to @dominicgunn)
- #1739: Take region from the cluster config.(Thanks to @davidmccormick)
- #1774: Add missing calico networkset crd and rbac permission(Thanks to @davidmccormick)
- #1731: Referencing the drainTimeout value in the NodeDrainer daemonset (Thanks to @HarryStericker)
- #1769: CoreDNS prometheus metric annotations exposed at pod level(Thanks to @kfr2)
- #1757: allow server certs to be also used for client authentication(Thanks to @davidmccormick)
- #1791: Add flag to cmds to use AWS profile(Thanks to @javipolo)
- #1799: Add autoscaling:DescribeAutoScalingGroups policy for node drainer.(Thanks to @d-kuro)
v0.12.6
Changelog since v0.12.5
This is a special release of the v0.12.x for legacy users that have yet to migrate (this version of Kubernetes is unsupported so please plan your migration to the newer releases).
Component versions
Kubernetes: v1.11.3
Etcd: v3.2.13
Features
v0.14.3
Changelog since v0.14.2
Component versions
Kubernetes: v1.14.9
Etcd: v3.2.26
Features
- #1771: v0.14.x: CoreDNS prometheus metric annotations exposed at pod level(Thanks to @kfr2)
- #1776: v0.14.x Increase kube2iam resource limits(Thanks to @davidmccormick)
- #1785: Adding in the metricsBindAddress to kube-proxy configmap to allow for…(Thanks to @erleene)
- #1790: Add flag to cmds to use AWS profile(Thanks to @javipolo)
Other changes
- #1792: update to kubernetes to v1.14.9(Thanks to @davidmccormick)
v0.13.3
Changelog since v0.13.2
Component versions
Kubernetes: v1.13.12
Etcd: v3.2.26
Features
- #1770: v0.13.x: CoreDNS prometheus metric annotations exposed at pod level(Thanks to @kfr2)
- #1775: V0.13.x kube2iam resource increase(Thanks to @davidmccormick)
- #1784: Adding in the metricsBindAddress to kube-proxy configmap to allow for…(Thanks to @erleene)
- #1788: Add flag to cmds to use AWS profile(Thanks to @javipolo)
v0.15.0-rc1
Component versions
Kubernetes: v1.15.5
Etcd: v3.3.17
Calico: v3.9.1
Upgrade notes
Cloud Controller Manager
This release introduces a new external cloud-controller-manager that has been separated out of the controller-manager and performs the integration actions between the kubernetes cluster and AWS cloud features. This change shouldn't require any action on your part but it is useful to be aware of this new DaemonSet and Pods in kube-system.
Etcd Upgrade
If upgrading from existing kube-aws clusters you must deploy v0.14.2 or higher before upgrading to this release (otherwise you will see a cloud formation error when you try to apply). This release contains a major etcd upgrade to the v3.3.x branch. The upgrade is performed by spinning up a new etcd cluster and copying across the contents from the existing servers. Should the cluster upgrade fail (at any point) then we will roll-back and revert to using the original servers again.
WARNING: it is possible to lose cluster state changes if they are made after the copy has been performed but before all of the kube-apiservers have been replaced or if the cluster roll fails and rolls back to the original servers; therefore we strongly suggest that you perform the upgrade in a maintenance window with customer deployments disabled if possible.
Plugins
The following features have been updated and migrated into plugins and have been removed from the core kube-aws configuration and code: -
- Kubernetes Dashboard
- Kiam
- Kube2IAM
If you use these features - please configure them via the plugins section of your cluster.yaml.
Features
- #1726: move Kiam to a plugin(Thanks to @davidmccormick)
- #1727: Allow CoreDNS resources to be configured(Thanks to @dominicgunn)
- #1730: Move kube2iam to a plugin(Thanks to @davidmccormick)
- #1746: Allow resource configuration for APIServer(Thanks to @dominicgunn)
- #1756: master: Remove the control-plane stacks dependence on cross stack references(Thanks to @davidmccormick)
- #1773: Allow major Etcd upgrades with safe roll-back(Thanks to @davidmccormick)
- #1754: Move kubernetes dashboard to a plugin(Thanks to @davidmccormick)
Improvements
- #1720: CoreDNS prometheus metric annotations exposed at deployment level (Thanks to @HarryStericker)
- #1735: kube2iam resources improvement(Thanks to @jorge07)
- #1742: Update prompt and banner earlier in boot process(Thanks to @davidmccormick)
- #1748: Networking Version Updates(Thanks to @dominicgunn)
- #1739: Take region from the cluster config.(Thanks to @davidmccormick)
- #1774: Add missing calico networkset crd and rbac permission(Thanks to @davidmccormick)
- #1731: Referencing the drainTimeout value in the NodeDrainer daemonset (Thanks to @HarryStericker)
- #1769: CoreDNS prometheus metric annotations exposed at pod level(Thanks to @kfr2)
- #1757: allow server certs to be also used for client authentication(Thanks to @davidmccormick)
v0.14.2
Changelog since v0.14.1
Updates to the latest kubernetes 1.14.8 release which fixes a flaw in Kubernetes (CVE-2019-11253) in json/yaml decoding where large or malformed documents could consume excessive server resources. Request bodies for normal API requests (create/delete/update/patch operations of regular resources) are now limited to 3MB. (#83261, @liggitt)
Component versions
Kubernetes: v1.14.8
Etcd: v3.2.26
Features
- #1718: [v0.14.x] CoreDNS prometheus metric annotations exposed at deployment level(Thanks to @HarryStericker)
- #1729: [v0.14.x] Allow CoreDNS resources to be configured(Thanks to @dominicgunn)
- #1733: [v0.14.x] Referencing the drainTimeout value in the NodeDrainer daemonset (Thanks to @HarryStericker)
- #1741: Take region from the cluster config.(Thanks to @davidmccormick)
- #1747: [v0.14.x] Allow resource configuration for APIServer(Thanks to @dominicgunn)
- #1752: [v0.14.x] Allow extra Coredns configuration(Thanks to @jorge07)
- #1755: v0.14.x: Remove the control-plane stacks dependence on cross stack references(Thanks to @davidmccormick)
- #1759: v0.14.x: Allow server certs to also be used for client authentication(Thanks to @davidmccormick)
- #1744: Update prompt and banner earlier in boot process(Thanks to @davidmccormick)
- #1750: [0.14.x] Networking Version Updates(Thanks to @dominicgunn)
- #1737: bump kubernetes to v0.14.7(Thanks to @davidmccormick)
- #1761: kubernetes v1.14.8(Thanks to @davidmccormick)
v0.13.2
Changelog since v0.13.1
Updates to the latest kubernetes 1.13.12 release which fixes a flaw in Kubernetes (CVE-2019-11253) in json/yaml decoding where large or malformed documents could consume excessive server resources. Request bodies for normal API requests (create/delete/update/patch operations of regular resources) are now limited to 3MB. (#83261, @liggitt)
Component versions
Kubernetes: v1.13.12
Etcd: v3.2.26
Features
- #1728: [v0.13.x] Allow CoreDNS resources to be configured(Thanks to @dominicgunn)
- #1732: [v0.13.x] Referencing the drainTimeout value in the NodeDrainer daemonset (Thanks to @HarryStericker)
- #1740: Take region from the cluster config.(Thanks to @davidmccormick)
- #1745: [v0.13.x] Allow resource configuration for APIServer(Thanks to @dominicgunn)
- #1751: [v0.13.x]Allow extra Coredns configuration(Thanks to @jorge07)
- #1758: v0.13.x: Allow server certs to also be used for client authentication(Thanks to @davidmccormick)
- #1743: Update prompt and banner earlier in boot process(Thanks to @davidmccormick)
- #1749: [0.13.x] Networking Version Updates(Thanks to @dominicgunn)
- #1736: Bump kubernetes to v0.13.11(Thanks to @davidmccormick)
- #1762: V0.13.x kubernetes v1.13.12(Thanks to @davidmccormick)