v0.12.0: `kube-aws diff` command, Kubernetes 1.11.x, Initial support for aws-vpc-cni-k8s

Changelog since v0.11.0

Please see our roadmap for details on upcoming releases.

Component versions

Kubernetes: v1.11.3

Features

• #1451: 0.12 release: remove legacy networking (less is more)(Thanks to @davidmccormick)
• #1455: feat: kube-aws diff
• #1463: feat: initial support for amazon-vpc-cni-k8s
• #1467: Add a Pod Disruption Budget on kube-dns(Thanks to @davidmccormick)
• #1470: Allow plugins to add kube-controller-manager command line flags.(Thanks to @davidmccormick)
• #1475: 0.12.x: Allow user control over controller.iam.role.name

Improvements

• #1456: Bump go to 1.11
• #1459: Bump Kubernetes version to v1.11.3
• #1471: renamed the --admission-control flag to --enable-admission-plugins in cloud-config-controller template(Thanks to @avinashpenmetsa)

Bug fixes

• #1452: fix: encryptionAtRest: true should not break controller nodes
• #1462: fix: KubernetesDashboard.Enabled: false should not break controllers(Thanks to @RichardAvendano)
• #1466: Bump calico/typha/flannel, fix cause of calico/typha restarts(Thanks to @davidmccormick)

Other changes

• #1476: hack: a bit more automated release note generation

v0.11.1

Features

• #1474: 0.11.x Branch : Allow user control over controller.iam.role.name(Thanks to @davidmccormick)

Bug fixes

• #1453: fix: encryptionAtRest: true should not break controller nodes

v0.11.0: K8S v1.10.x, Fine-Grained Stack Updates, and Operatability, Scalability and Security Improvements

Migrating from previous releases

// Special thanks to @davidmccormick who has contributed this migration note!

It is possible to safely migrate an existing kube-aws kubernetes cluster to the v0.11.0 release with the following limitations and warnings: -

1. You can only migrate an existing cluster successfully from a v0.10.1 release cluster with Kubernetes.Networking.SelfHosting enabled.
2. Upgrade all the stacks at once - do not attempt to do a partial upgrade.
3. There will be a kubernetes apiserver outage during the upgrade after the new Networking stack has been created and before the first new Controller has become available (approximately 15-20 minutes). In-cluster applications that do not depend on the kubernetes api will be unaffected but apps and services that make calls to the kubernetes apis must be able to tollerate an outage and recover again.
4. This release moves 'etcd' servers into their own separate cloudformation stack, which results in new 'etcd' servers being created in parrallel to the existing/legacy 'etcd' servers.
5. During the upgrade, the existing kubernetes state is exported from the existing/legacy 'etcd' servers by the leader of the new etcd cluster, and imported into the new cluster.
6. The existing 'etcd' servers are deleted as part of the clean up after the controlplane update succeeds.
7. Once you have successfully upgraded to the v0.11.0 release with separate Etcd stack the next update will roll the 'etcd' servers removing the migration tools/units.

Features

• #900: feat: Encrypting Secret Data at Rest(Thanks to @jpb)
• #1233: feat: Fine-grained stack update
• #1260: Add some limited certificate credential validation(Thanks to @davidmccormick)
• #1266: Allow configure Controller Manager compute resources(Thanks to @jorge07)
• #1271: Added show certificates command(Thanks to @pete911)
• #1286: Use API server lease reconciler for k8s 1.9+(Thanks to @c-knowles)
• #1289: Normalize audit log attribute names in cluster.yaml + add support for missing attributes(Thanks to @danielfm)
• #1292: Enable TLS for communication between control plane components and the local apiserver(Thanks to @danielfm)
• #1293: Add in ExpandPersistentVolumes as part of feature-gates on controller(Thanks to @kiich)
• #1296: Add support for AWS profile containing source_profile, role_arn, mfa_serial
• #1299: tlsutil cleanup plus added tests(Thanks to @pete911)
• #1305: append comma when necessary to the EtcdNodes range(Thanks to @kiich)
• #1306: Use EtcdStackName for eni provider(Thanks to @kiich)
• #1308: Handle cluster CIDR changes(Thanks to @davidmccormick)
• #1309: Enable Network-Self-Hosting by default(Thanks to @davidmccormick)
• #1310: Move templates into their related packages(Thanks to @davidmccormick)
• #1314: Feature/volume mounts for controllers and etcds(Thanks to @kiich)
• #1318: Default controller manager limits(Thanks to @jorge07)
• #1319: Added the ability to disable the dashboard(Thanks to @jasonrichardsmith)
• #1320: 1316/kiam kube2iam with kube net selfhosting(Thanks to @davidmccormick)
• #1322: Raid0 support(Thanks to @siddharthab)
• #1323: Make sure that canal and flannel land on all tainted nodes(Thanks to @davidmccormick)
• #1326: added label to kube-system namespace(Thanks to @jasonrichardsmith)
• #1329: Allow tweaking of Kubernetes dashboard resources(Thanks to @kiich)
• #1330: Consistent logging with options to silence, verbosify and color messages(Thanks to @pete911)
• #1333: Tweak CloudFormation stack descriptions(Thanks to @c-knowles)
• #1341: Disable configure of cloud route when allocate-node-cidrs is enabled(Thanks to @c-knowles)
• #1343: Tag etcd volumes with names(Thanks to @c-knowles)
• #1345: Add support for CoreDNS as DNS provider(Thanks to @etiennetremel)
• #1346: Automatically enable EBS optimization(Thanks to @kiich)
• #1354: Consolidate kiam configuration(Thanks to @kevtaylor)
• #1356: Promote compute reservation options [Small] (Thanks to @tyrannasaurusbanks)
• #1357: Bring etcd's up in parallel on new cluster / Fail-fast to update 0.10.x clusters with newer kube-aws(Thanks to @davidmccormick)
• #1358: Display cluster details when logging into CoreOS(Thanks to @davidmccormick)
• #1361: Implement 'apply' command and deprecate 'up' and 'update'(Thanks to @davidmccormick)
• #1380: 0.11.x migration from existing clusters without losing state(Thanks to @davidmccormick)
• #1384: Add apiserver aggregator with certs when metrics server is enabled(Thanks to @davidmccormick)
• #1385: Better identification of nodes(Thanks to @davidmccormick)
• #1387: Remove dependency on alpine:latest docker image(Thanks to @davidmccormick)
• #1389: Added in KIAM session timeout modifier(Thanks to @Matei207)
• #1390: 0.11.x Extend CustomFiles to be able to render go templates(Thanks to @davidmccormick)
• #1397: Self hosted calico v3.1.3(Thanks to @c-knowles)
• #1399: 0.11.x Add kubernetes manifests from customfiles(Thanks to @davidmccormick)
• #1408: Tweaks to network config(Thanks to @c-knowles)
• #1409: Add kube-aws:version to stacktags(Thanks to @davidmccormick)
• #1422: Add ability to configure flags for cluster-autoscaler-de.yaml [Small](Thanks to @tyrannasaurusbanks)
• #1427: feat(etcd): Configurable quota-backend-bytes and --auto-compaction-retention(Thanks to @wwyiwzhang)
• #1441: Add resources for kiam-server & kiam-agent daemonsets(Thanks to @tyrannasaurusbanks)
• #1447: Explicitly set default dnsmasq min-port [Tiny](Thanks to @tyrannasaurusbanks)

Improvements

• #1274: Allow cfn-signal.service to cleanly start under certain circumstances(Thanks to @davidmccormick)
• #1276: Disable alpha batch APIs by default(Thanks to @c-knowles)
• #1277: kiam support improvements(Thanks to @c-knowles)
• #1283: Add validation for region inside KMS ARN(Thanks to @c-knowles)
• #1285: Improvement/named iam roles cleanup(Thanks to @c-knowles)
• #1338: Update dashboard RBAC to match 1.8.3 requirements(Thanks to @c-knowles)
• #1352: cobra cmd errors use logger error instead of default std err(Thanks to @pete911)
• #1363: Bump go to 1.10.x for travis builds
• #1367: Remove node dependency on ETCD Stack when Networking.SelfHosting is Enabled.(Thanks to @davidmccormick)
• #1374: Correct semantic version checks(Thanks to @kevtaylor)
• #1376: Bump kubernetes version to 1.10.4(Thanks to @kevtaylor)
• #1377: Remove kube-system namespace out of kiam if statement(Thanks to @jasonrichardsmith)
• #1394: Bump Kubernetes to v1.10.5
• #1404: Differentiate the node drainer containers(Thanks to @c-knowles)
• #1410: Update reserved storage flag name(Thanks to @c-knowles)
• #1413: Improve customFile templating(Thanks to @davidmccormick)
• #1421: cluster.yaml: removed whitespace in waitSignal configuration(Thanks to @Phylu)
• #1437: Add updateStrategy RollingUpdate for kiam agent(Thanks to @cw-sakamoto)

Bug fixes

• #1290: Fix failing etcd volume attach when upgrading etcd instances(Thanks to @Confushion)
• #1334: Fix flannel traffic among controllers(Thanks to @cheungpat)
• #1335: Fix install-kube-system(Thanks to @c-knowles)
• #1360: Fix duplicate controller role permissions for CloudWatch logging(Thanks to @a-hilaly)
• #1365: Fix for rpc-statd.service needed to mount NFS file shares(Thanks to @paalkr)
• #1388: Fix colour causing extra newlines(Thanks to @davidmccormick)
• #1418: Fix dep ensure empty package issue(Thanks to @davidmccormick)
• #1426: Fix kube-proxy startup race condition when metric server is enabled.(Thanks to @omar-nahhas)
• #1446: Fix mfdir setting to prevent controller install failure w/ KIAM disabled(Thanks to @kylegato)
• #1448: fix: Attach kube-aws controller policy to pre-existing IAM role(Thanks to @Matei207)

Documentation

• #1339: Instructions for updating the AMI(Thanks to @c-knowles)
• #1383: getting started: fix typo in bucket creation(Thanks to @kylegalbraith)
• #1284: Cluster autoscaler docs/tests(Thanks to @c-knowles)

Refactorings

Other changes

• #1368: Add branch to build version when not a tagged release(Thanks to @davidmccormick)
• #1420: Remove invalid aws tag symbols from branch names(Thanks to @davidmccormick)

v0.10.2: Fix failing update while enabling self-hosted k8s networking

We generally recommend you to use v0.10.2 instead of v0.10.1 due to the issue.
Sorry for the inconvenience!

v0.10.1: Support for live migration to v0.11.x

Please refer to the release note of the upcoming v0.11.0 release for migration steps.

Special thanks to @davidmccormick who contributed many enhancements that made it possible 🎉

Cluster bootstrap stability fix on top of v0.9.10

Fixed seemingly a critial bug found in v0.9.10. Use this release instead of the latest feature release v0.9.10.

Also, according to our direction to better utilize semantic versioning, this release has a minor version bump.
The next feature release would be v0.11.0. In case we get to cut the hotfix release, it will be versioned v0.10.1.

Bug fixes

• #1281: Fix etcd breakage due to strange systemd behavior
• #1282: Fix temporary kubelet.service failures

v0.9.10: Kubernetes 1.9.x, Self Hosted Calico + Flannel, GPU support via device plugin, IPVS proxy mode, More fine-grained IAM roles management w/ kube2iam and kiam

SEEMS TO BE BROKEN. See #1280 for more information. Probably v0.10.0 will be cut soon with the fix proposed there.

Changelog since v0.9.9

Please see our roadmap for details on upcoming releases.

Component versions

Kubernetes: v1.9.3
Etcd: v3.2.13
Calico: v
Helm/Tiller: v2.6.0

Actions required

Features

• #1066: Added Priority to the admissioncontrol list(Thanks to @zonzamas)
• #1074: Add [experimental] option for using IPVS proxy mode(Thanks to @ivanilves)
• #1086: controlplane config: Rotate Certificates on workers kubelet(Thanks to @zonzamas)
• #1090: Set V4 signatures to enable kube-resources-autosave to work in all regions(Thanks to @whereisaaron)
• #1092: Allow exposing several ports so that external Prometheus can scrape K8S system components' metrics(Thanks to @zach-dunton-sf)
• #1098: Add missing admission controllers(Thanks to @danielfm)
• #1108: Add RotateKubeletClientCertificate feature gate automatically when rotating certificates(Thanks to @zonzamas)
• #1113: Add support for CloudFormation service role
• #1116: conditionally deploy kube-dns to controllers(Thanks to @zonzamas)
• #1117: Add priorityClassName to cloud-config-controller(Thanks to @sergi)
• #1123: Add [optional] explicit IAM role specification to NodeDrainer(Thanks to @ivanilves)
• #1127: Swap out wget for curl in node drainer scripts(Thanks to @c-knowles)
• #1129: Template kube-dns-autoscaler parameters(Thanks to @SomeoneWeird)
• #1134: feat(integration): kiam support
• #1141: Add Mutating/ValidatingAdmissionWebhook to Admission Control List(Thanks to @shraykay)
• #1164: Apply Kiam TLS Secrets to kube-system(Thanks to @kevtaylor)
• #1167: Change bash to sh in autosave(Thanks to @kevtaylor)
• #1172: added autoscaling:DescribeAutoScalingGroups to stack-template(Thanks to @luck02)
• #1177: Integrate s3-uri flag into cluster.yml(Thanks to @jorge07)
• #1178: Ask for confirmation in destroy command(Thanks to @jorge07)
• #1179: Correct insignificant error message typo(Thanks to @whereisaaron)
• #1181: Enable DescribeLaunchConfigurations(Thanks to @luck02)
• #1184: Add IAM roles for resources auto saver(Thanks to @kevtaylor)
• #1195: Add networking-daemonsets feature(Thanks to @davidmccormick)
• #1197: do not use metric server when metricsServers addon is disabled(Thanks to @Fsero)
• #1201: Make CoreOS AMI ID mandatory in cluster YAML(Thanks to @jorge07)
• #1202: Dedicated Service account / Cluster Role for Tiller Deploy(Thanks to @kylehodgetts)
• #1205: core: add OwnerReferencesADM(Thanks to @luck02)
• #1222: Add GPU support for kubernetes 1.9+ using device plugins(Thanks to @Lemmons)
• #1227: Enable user provided service-account-signing-keys(Thanks to @davidmccormick)
• #1228: Another implementation of user-data fingerprinting(Thanks to @davidmccormick)
• #1234: handle kubectl apply failures by trying delete+create(Thanks to @davidmccormick)
• #1235: Bug/flannel cni binary install(Thanks to @davidmccormick)
• #1239: KIAMImage should affect server as well as client.(Thanks to @davidmccormick)
• #1243: Admission Controller for PersistentVolumeClaimResize(Thanks to @kevtaylor)
• #1244: Inherit controlplane Kubenetes-Newtworking config in node pools.(Thanks to @davidmccormick)
• #1249: [Canal] Support tainted worker(Thanks to @ArchiFleKs)

Improvements

• #1241: Disable coreOS auto-updates(Thanks to @jorge07)
• #1259: update kubernetes-dashboard to 1.8.3(Thanks to @Vrtak-CZ)
• #1268: autoscaler: update cloud-config-controller(Thanks to @cmcconnell1)
• #1103: Update various components(Thanks to @camilb)
• #1104: Bump Kubernetes version to 1.9.1. Use Google's hyperkube image.(Thanks to @camilb)
• #1107: Warn that 'kube-aws update' can replace all if 'amiId' is blank(Thanks to @whereisaaron)
• #1236: Bump Kubernetes to v1.9.3
• #1251: Bump Calico/Typha Versions now Typha Issue resolved.(Thanks to @davidmccormick)

Bug fixes

• #1270: Fix etcd startup(Thanks to @Confushion)
• #1095: fix restore.sh(Thanks to @skloss)
• #1101: Fix kubelet.service startup.(Thanks to @camilb)
• #1131: Fix Key name for kubernetesDashboardImage(Thanks to @bgeesaman)
• #1171: Fix validation failure on gp2 volume type for node pools(Thanks to @luck02)
• #1225: Fix synchronization on starting etcdadm-reconfigure(Thanks to @ktateish)
• #1229: Fix issue with tiller having to restrictive permissions(Thanks to @kylehodgetts)

Documentation

• #1097: Update documentation that hostPort issue fixed since Kubernetes 1.7.0(Thanks to @whereisaaron)
• #1118: Tidy up markdown(Thanks to @whereisaaron)
• #1155: Prompt for passphrase when dealing with encrypted ca key(Thanks to @tomas-edwardsson)
• #1198: Doc: notice about service token invalidation after credentials update.(Thanks to @hartym)
• #1216: Fix documentation of s3-uri(Thanks to @c-knowles)
• #1250: Fix typo of Getting Started.(Thanks to @manabusakai)

Refactorings

• #1263: removed unused s3 flags from commands(Thanks to @pete911)

Other changes

• #1114: Migrate to golang/dep
• #1189: closes #1186 - commit generated templates so project can be imported(Thanks to @pete911)
• #1224: closes #1223 added generated templates back to .gitignore(Thanks to @pete911)

v0.9.10-rc.5

Changelog since v0.9.10-rc.4

Please see our roadmap for details on upcoming releases.

Features

• #1249: [Canal] Support tainted worker(Thanks to @ArchiFleKs)

Improvements

• #1251: Bump Calico/Typha Versions now Typha Issue resolved.(Thanks to @davidmccormick)

Documentation

• #1250: Fix typo of Getting Started.(Thanks to @manabusakai)

v0.9.10-rc.4

Changelog since v0.9.10-rc.3

Please see our roadmap for details on upcoming releases.

Component versions

Kubernetes: v1.9.3

Features

• #1243: Admission Controller for PersistentVolumeClaimResize(Thanks to @kevtaylor)

Improvements

• #1239: KIAMImage should affect server as well as client.(Thanks to @davidmccormick)
• #1244: Inherit controlplane Kubenetes-Newtworking config in node pools.(Thanks to @davidmccormick)

v0.9.10-rc.3

Changelog since v0.9.10-rc.2

Please see our roadmap for details on upcoming releases.

Component versions

Kubernetes: v1.9.3

Features

• #1236: Bump Kubernetes to v1.9.3