v1.17.1
This version contains a critical update to etcd-manager: 1 year after creation (or first adopting etcd-manager), clusters will stop responding due to expiration of a TLS certificate. Upgrading kops to 1.17.0 (or the latest versions of the 1.16, 1.17 or 1.18 series) and running kops update
followed by a kops rolling-update
will fix the issue. Please see the advisory for the full details.
kops 1.17.1 is the next patch release in the kops 1.17 series, supporting kubernetes version 1.17.x and earlier.
Please see the release notes for the full list of changes.
Significant changes
-
The default Docker version has been changed to 19.03.4. Optional support for Docker 19.03.8 has been added and will be the default in future versions. Enable by setting
spec.docker.version: 19.03.8
. -
The default instance type for AWS has been changed to t3.medium. This should provide better performance and reduced costs in clusters where the average CPU usage is low.
-
Support for Ubuntu 20.04 (Focal) has been added.
Breaking changes
-
Support for Docker versions 1.11, 1.12 and 1.13 has been removed because of the dockerproject.org shut down. Those affected must upgrade to a newer Docker version.
-
Terraform users on AWS may need to rename some resources in their state file in order to prepare for future Terraform 0.12 support. See Required Actions below.
-
Please see the notes in the 1.15 release about the apiGroup changing from kops
to kops.k8s.io -
Since 1.16, a controller is now used to apply labels to nodes. If
you are not using AWS, GCE or OpenStack your (non-master) nodes may
not have labels applied correctly.
Required Actions
-
Terraform users on AWS may need to rename resources in their terraform state file in order to prepare for future Terraform 0.12 support.
Terraform 0.12 no longer supports resource names starting with digits. In Kops, both the default route and additional VPC CIDR associations are affected. See #7957 for more information.- The default route was named
aws_route.0-0-0-0--0
and will now be namedaws_route.route-0-0-0-0--0
. - Additional CIDR blocks associated with a VPC were similarly named the hyphenated CIDR block with two hyphens for the
/
, for exampleaws_vpc_ipv4_cidr_block_association.10-1-0-0--16
. These will now be prefixed withcidr-
, for exampleaws_vpc_ipv4_cidr_block_association.cidr-10-1-0-0--16
.
To prevent downtime, follow these steps with the new version of Kops:
kops update cluster --target terraform ... terraform plan # Observe any aws_route or aws_vpc_ipv4_cidr_block_association resources being destroyed and recreated # Run these commands as necessary. The exact names may differ; use what is outputted by terraform plan terraform state mv aws_route.0-0-0-0--0 aws_route.route-0-0-0-0--0 terraform state mv aws_vpc_ipv4_cidr_block_association.10-1-0-0--16 aws_vpc_ipv4_cidr_block_association.cidr-10-1-0-0--16 terraform plan # Ensure these resources are no longer being destroyed and recreated terraform apply
- The default route was named
-
Kubernetes 1.9 users will need to enable the PodPriority feature gate. This is required for newer versions of Kops.
To enable the Pod priority feature, follow these steps:
kops edit cluster # Add the following section spec: kubelet: featureGates: PodPriority: "true"
-
If either a Kops 1.17 alpha release or a custom Kops build was used on a cluster,
a kops-controller Deployment may have been created that should get deleted because it has been replaced with a DaemonSet.
Runkubectl -n kube-system delete deployment kops-controller
after upgrading to Kops 1.17.0-alpha.2 or later.
Deprecations
-
Support for Kubernetes releases prior to 1.9 is deprecated and will be removed in kops 1.18.
-
The
kops/v1alpha1
API is deprecated and will be removed in kops 1.18. Users ofkops replace
will need to supply v1alpha2 resources. -
Support for Ubuntu 16.04 (Xenial) has been deprecated and will be removed in future versions of Kops.
-
Support for Debian 8 (Jessie) has been deprecated and will be removed in future versions of Kops.
-
Support for CoreOS has been deprecated and will be removed in future versions of Kops. Those affected should consider using Flatcar as a replacement.
-
Support for the "Legacy" etcd provider has been deprecated. It will not be supported for Kubernetes 1.18 or later. To migrate to the default "Manager" etcd provider see the etcd migration documentation.
Known Issues
- None at the present time
Changes from 1.17.0 to 1.17.1
- Update etcd-manager to 3.0.20200531 @hakman #9237
- [Digital Ocean] Update RBAC for DO CCM @srikiz #9249
- Update Calico and Canal for CVE-2020-13597 @hakman #9268
- Update Weave for CVE-2020-13597 @hakman #9285
- Use CNI 0.8.6 for Kubernetes 1.15+ @hakman #9256
- Use Docker 19.03.11 for Kubernetes 1.17+ @hakman #9314
- Update Weave Net to 2.6.5 @hakman #9330
- Update default users for kubeconfig with supported distros @hakman,@KashifSaadat #8798
- Bump cilium to 1.7.5 @olemarkus #9367
- Bug: Explicitly set default StorageClass to support upgrades @joshbranham #9337
- Add support for c5a aws ec2 instance types @coolstang #9386
- Fix: dns-controller: 3999 port address already in use @vgunapati #9404
Please see the release notes for the full list of changes.