1.6.2

Significant changes

  • Upgrade to weave 1.9.8 fixes issues with NodePorts

Full changelist

  • Weave upgraded to 1.9.8, to fix NodePort issue (thanks @jordanjennings, @justinsb)
  • Fixes for (experimental) k8s.local DNS-free configurations (thanks @justinsb)
  • Weave now configured with the correct pod CIDR (thanks @jordanjennings)
  • Initial support for kube-router networking (thanks @murali-reddy)
  • Apply cloud-labels to EBS volumes (thanks @pastjean)
  • Support empty --resolv-conf (thanks @austinmoore-)
  • Add —subnet and —role flags to create ig command (thanks @dtan4)
  • Improvements to kops delete output (thanks @chrislovecnm)
  • Match type (public/private) of DNS zones when matching (thanks @justinsb)
  • CoreOS command now finds the latest image (thanks @gianrubio)
  • Protokube now checks if kubelet is already running before calling systemctl start (thanks @aledbf)
  • Added index to make documentation much easier to navigate (thanks @WillemMali)
  • Makefile improvements (thanks @WillemMali)
  • Refactor instance group / rolling-update code (thanks @andrewsykim)
  • Lots of documentation and polish (thanks @chrislovecnm, @cordoval, @justinsb, @WillemMali)

1.6.1

Significant changes

  • Calico users have noticed problems using Calico with Kubernetes 1.6
  • “hairpin” connections back to the same pod were causing issues for CNI providers

Full changelist

  • kops get can now output a complete cluster spec (thanks @geojaz)
  • kops create can set master/node volume size (thanks @matthew-marchetti)
  • Add ability to set cross-subnet mode in Calico (thanks @ottoyiu)
  • Make Weave MTU configurable and configure jumbo frame support for new clusters on AWS (thanks @jordanjennings)
  • Initial support for external-dns project (thanks @sethpollack)
  • Fix calico bootstrapping problems (thanks @ottoyiu, @ozdanborne)
  • Update to latest release of calico (thanks @mad01)
  • Update canal manifests for 1.6 & RBAC (thanks @heschlie)
  • Mark calico-node pods as critical (thanks @andreychernih)
  • Fix log rotation of apiserver audit logs (thanks @ottoyiu)
  • Update cluster autoscaler addon (thanks @sethpollack)
  • Set hairpin mode for flannel (thanks @justinsb)
  • Fix GCE disk cleanup on cluster deletion (thanks @andrewsykim)
  • Prevent “unbound variable” errors in kops-mfa (thanks @hugocf)
  • Fix e2e tests for kubernetes 1.8 and 1.9 (thanks @justinsb)
  • Fix directory permissions for .kube directory on master (thanks @chrislovecnm)
  • Lots of documentation and polish (thanks @andrewsykim, @caarlos0, @chrislovecnm, @gianrubio, @Grillz, @justinsb, @mikesplain, @Shimi, @tanner-bruce, @WillemMali, @zanhsieh)

1.6.0

Known Issues

  • Kubernetes upgrade from 1.5 -> 1.6 requires a configmap to be created in the kube-system namespace to minimize downtime. If kubectl -n kube-system get configmap kube-dns does not already have a configmap, BEFORE upgrade you can execute kubectl create configmap -n kube-system kube-dns.
  • Kubernetes changed taints from an annotation in 1.5, to a field in 1.6. Editing the taints by hand is a workaround for any issues. See: #2594
  • Some Kubernetes upgrades from 1.6.x -> 1.6.x have experience issues with secrets and service accounts. Deleting the secrets have been a workaround (not validated). See: #2576

1.6.0-alpha.1

1.6.0-alpha.1 is a prerelease early-access of kops 1.6, which is the release with full support for kubernetes 1.6. This version of kops & kubernetes has not yet undergone extensive validation, and there will be improvements made before release of kops 1.6.0.

This is not a full set of release notes, but rather a summary of the highest impact changes in the 1.6 release:

  • RBAC can be enabled by passing the --authorization=rbac parameter to kops create cluster, or via kops edit cluster and change authorization from alwaysAllow: {} to rbac: {}

  • The standard RBAC policy for 1.6 means that all access to the Kubernetes API using the default service account method will be denied.

  • The taints & tolerations have changed as part of their graduation from alpha. The taint is now a field on the node:

  1. spec:
  2. taints:
  3. - effect: NoSchedule
  4. key: node-role.kubernetes.io/master

An example toleration (as used in dns-controller) is:

  1. spec:
  2. tolerations:
  3. - effect: NoSchedule
  4. key: node-role.kubernetes.io/master

Note that the annotation form is ignored. To schedule a pod on the master, the toleration must be updated and moved from an annotation to the field.

  • A new label for nodes, mirroring the toleration, is added and is now preferred: node-role.kubernetes.io/master= (node-role.kubernetes.io/master with an empty value). kubernetes.io/role=master is still present, but the node-role.kubernetes.io/<role>= form is preferred. kubernetes.io/role=node and node-role.kubernetes.io/node= are also present.

Workaround: create the configmap with kubectl create configmap -n kube-system kube-dns before updating.

Known Issues

Rolling updates

Rolling update to 1.6 does not succeed because new kube-dns pods mount a configmap with an optional volume map, but that is enforced by the kubelets, which are upgraded after the master.

etcd3

kops is not yet recommending etcd3. We do however support a run at your own risk option. Right now we are working on resolving issues such as HA upgrade support.