v1.19.0

• Kubernetes v1.19.0
• Update etcd from v3.4.10 to v3.4.12
• Update Calico from v3.15.1 to v3.15.2

Fedora CoreOS

• Fix race condition during bootstrap of multi-controller clusters (#808)
  • Fix SELinux label of bootstrap-secrets on non-bootstrap controllers

Addons

• Introduce fleetlock for Fedora CoreOS reboot coordination (#814)
• Update nginx-ingress from v0.34.1 to v0.35.0
  • Repository changed to k8s.gcr.io/ingress-nginx/controller
• Update Grafana from v7.1.3 to v7.1.5

v1.18.8

• Kubernetes v1.18.8
• Migrate from Terraform v0.12.x to v0.13.x (#804) (action required)
  • Recommend Terraform v0.13.x (migration guide)
  • Support automatic install of poseidon's provider plugins (poseidon/ct, poseidon/matchbox)
  • Require Terraform v0.12.26+ (migration compatibility)
  • Require terraform-provider-ct v0.6.1
  • Require terraform-provider-matchbox v0.4.1 (bare-metal)
• Update etcd from v3.4.9 to v3.4.10
• Update CoreDNS from v1.6.7 to v1.7.0
• Update Cilium from v1.8.1 to v1.8.2
• Update coreos/flannel-cni to poseidon/flannel-cni (#798)
  • Update CNI plugins and fix CVEs with Flannel CNI (non-default)
  • Transition to a poseidon maintained container image

AWS

• Allow terraform-provider-aws v3.0+ (#803)
  • Recommend updating terraform-provider-aws to v3.0+
  • Continue to allow v2.23+, no v3.x specific features are used

DigitalOcean

• Require terraform-provider-digitalocean v1.21+ for Terraform v0.13.x (unenforced)
• Require terraform-provider-digitalocean v1.20+ for Terraform v0.12.x

Fedora CoreOS

• Fix support for Flannel with Fedora CoreOS (#795)
  • Configure flannel.1 link to select its own MAC address to solve flannel
    pod-to-pod traffic drops starting with default link changes in Fedora CoreOS
    32.20200629.3.0 (details)

Addons

• Update Prometheus from v2.19.2 to v2.20.0
• Update Grafana from v7.0.6 to v7.1.3

v1.18.6

• Kubernetes v1.18.6
• Update Calico from v3.15.0 to v3.15.1
• Update Cilium from v1.8.0 to v1.8.1

Addons

• Update nginx-ingress from v0.33.0 to v0.34.1
  • ingress-nginx will publish images only to gcr.io
• Update Prometheus from v2.19.1 to v2.19.2
• Update Grafana from v7.0.4 to v7.0.6

v1.18.5

• Kubernetes v1.18.5
• Add Cilium v1.8.0 as a (experimental) CNI provider option (#760)
  • Set networking to "cilium" to enable
• Update Calico from v3.14.1 to v3.15.0

DigitalOcean

• Isolate each cluster in an independent DigitalOcean VPC (#776)
  • Create droplets in a VPC per cluster (matches Typhoon AWS, Azure, and GCP)
  • Require terraform-provider-digitalocean v1.16.0+ (action required)
  • Output vpc_id for use with an attached DigitalOcean loadbalancer

Fedora CoreOS

Google Cloud

• Promote Fedora CoreOS to stable
• Remove os_image variable deprecated in v1.18.3 (#777)
  • Use os_stream to select a Fedora CoreOS image stream

Flatcar Linux

Azure

• Allow using Flatcar Linux Edge by setting os_image to "flatcar-edge" (#778)

Addons

• Update Prometheus from v2.19.0 to v2.19.1
• Update Grafana from v7.0.3 to v7.0.4

v1.18.4

• Kubernetes v1.18.4
• Update Kubelet image publishing (#749)
  • Build Kubelet images internally and publish to Quay and Dockerhub
    • quay.io/poseidon/kubelet (official)
    • docker.io/psdn/kubelet (fallback)
  • Continue offering automated image builds with an alternate tag strategy (see docs)
  • Document use of alternate Kubelet images during registry incidents
• Update Calico from v3.14.0 to v3.14.1
  • Fix CVE-2020-13597
• Rename controller NoSchedule taint from node-role.kubernetes.io/master to node-role.kubernetes.io/controller (#764)
  • Tolerate the new taint name for workloads that may run on controller nodes
• Remove node label node.kubernetes.io/master from controller nodes (#764)
  • Use node.kubernetes.io/controller (present since v1.9.5, #160) to node select controllers
• Remove unused Kubelet -lock-file and -exit-on-lock-contention (#758)

Fedora CoreOS

Azure

• Use strict Fedora CoreOS Config (FCC) snippet parsing (#755)
• Reduce Calico vxlan interface MTU to maintain performance (#767)

AWS

• Fix Kubelet service race with hostname update (#766)
  • Wait for a hostname to avoid Kubelet trying to register as localhost

Flatcar Linux

• Use strict Container Linux Config (CLC) snippet parsing (#755)
  • Require terraform-provider-ct v0.4+, recommend v0.5+ (action required)

Addons

• Update nginx-ingress from v0.32.0 to v0.33.0
• Update Prometheus from v2.18.1 to v2.19.0
• Update node-exporter from v1.0.0-rc.1 to v1.0.1
• Update kube-state-metrics from v1.9.6 to v1.9.7
• Update Grafana from v7.0.0 to v7.0.3

v1.18.3

• Kubernetes v1.18.3
• Use Kubelet TLS bootstrap with bootstrap token authentication (#713)
  • Enable Node Authorization and NodeRestriction to reduce authorization scope
  • Renew Kubelet certificates every 72 hours
• Update etcd from v3.4.7 to v3.4.9
• Update Calico from v3.13.1 to v3.14.0
• Add CoreDNS node affinity preference for controller nodes (#188)
• Deprecate CoreOS Container Linux support (no OS updates after May 2020)
  • Use a fedora-coreos module for Fedora CoreOS
  • Use a container-linux module for Flatcar Linux

AWS

• Fix Terraform plan error when controller_count exceeds AWS zones (e.g. 5 controllers) (#714)
  • Regressed in v1.17.1 (#605)

Azure

• Update Azure subnets to set address_prefixes list (#730)
  • Fix warning that address_prefix is deprecated
  • Require terraform-provider-azurerm v2.8.0+ (action required)

DigitalOcean

• Promote DigitalOcean to beta on both Fedora CoreOS and Flatcar Linux

Fedora CoreOS

• Fix Calico install-cni crashloop on Pod restarts (#724)
  • SELinux enforcement requires consistent file context MCS level
  • Restarting a node resolved the issue as a previous workaround

AWS

• Support Fedora CoreOS image streams (#727)
  • Add os_stream variable to set the stream to stable (default), testing, or next
  • Remove unused os_image variable

Google

• Support Fedora CoreOS image streams (#723)
  • Add os_stream variable to set the stream to stable (default), testing, or next
  • Deprecate os_image variable. Manual image uploads are no longer needed

Flatcar Linux

Azure

• Use the Flatcar Linux Azure Marketplace image
  • Restore #664 (reverted in #707) but use Flatcar Linux new free offer (not byol)
• Change os_image to use a flatcar-stable default

Google

• Promote Flatcar Linux to beta

Addons

• Update nginx-ingress from v0.30.0 to v0.32.0
  • Add support for IngressClass
• Update Prometheus from v2.17.1 to v2.18.1
  • Update kube-state-metrics from v1.9.5 to v1.9.6
  • Update node-exporter from v1.0.0-rc.0 to v1.0.0-rc.1
• Update Grafana from v6.7.2 to v7.0.0

v1.18.2

• Kubernetes v1.18.2
• Choose Fedora CoreOS or Flatcar Linux (action required)
  • Use a fedora-coreos module for Fedora CoreOS
  • Use a container-linux module for Flatcar Linux
• Change Container Linux modules' defaults from CoreOS Container Linux to Flatcar Container Linux (#702)
  • CoreOS Container Linux won't receive updates after May 2020

Fedora CoreOS

• Fix bootstrap race condition from SELinux unshared content label (#708)

Azure

• Add support for Fedora CoreOS (#704)

DigitalOcean

• Fix race condition creating firewall allow rules (#709)

Flatcar Linux

AWS

• Change os_image default from coreos-stable to flatcar-stable (#702)

Azure

• Change os_image to be required. Recommend uploading a Flatcar Linux image (action required) (#702)
• Disable Flatcar Linux Azure Marketplace image support (breaking, #707)
  • Revert to manual uploading until marketplace issue is closed (#703)

Bare-Metal

• Recommend changing os_channel from coreos-stable to flatcar-stable

Google

• Change os_image to be required. Recommend uploading a Flatcar Linux image (action required) (#702)

DigitalOcean

• Change os_image to be required. Recommend uploading a Flatcar Linux image (action required) (#702)
• Fix race condition creating firewall allow rules (#709)

v1.18.1

• Kubernetes v1.18.1
• Choose Fedora CoreOS or Flatcar Linux (action recommended)
  • Use a fedora-coreos module for Fedora CoreOS
  • Use a container-linux module with OS set to Flatcar Linux
• Update etcd from v3.4.5 to v3.4.7
• Change kube-proxy and calico or flannel to tolerate specific taints (#682)
  • Tolerate master and not-ready taints, rather than tolerating all taints
• Update flannel from v0.11.0 to v0.12.0 (#690)
• Fix bootstrap when networking mode flannel (non-default) is chosen (#689)
  • Regressed in v1.18.0 changes for Calico (#675)
• Rename Container Linux controller_clc_snippets to controller_snippets for consistency (#688)
• Rename Container Linux worker_clc_snippets to worker_snippets for consistency
• Rename Container Linux clc_snippets (bare-metal) to snippets for consistency
• Drop support for gitRepo volumes

Azure

• Fix Azure worker UDP outbound connections (#691)
  • Fix Azure worker clock sync timeouts

DigitalOcean

• Add support for Fedora CoreOS (#699)

Addons

• Refresh Prometheus rules/alerts and Grafana dashboards (#692)
• Update Grafana from v6.7.1 to v6.7.2

v1.18.0

• Kubernetes v1.18.0
• Update etcd from v3.4.4 to v3.4.5
• Switch from upstream hyperkube image to individual images (#669)
  • Use upstream k8s.gcr.io kube-apiserver, kube-controller-manager, kube-scheduler, and kube-proxy container images
  • Use poseidon/kubelet to package the upstream Kubelet binary and dependencies as a container image (checksummed, automated build)
  • Add quay.io/poseidon/kubelet as a Typhoon distributed artifact in the security policy
  • Update base images from debian 9 to debian 10
  • Background: Kubernetes will stop releasing the hyperkube container image and provide the Kubelet as a binary for packaging
• Choose Fedora CoreOS or Flatcar Linux (action recommended)
  • Use a fedora-coreos module for Fedora CoreOS
  • Use a container-linux module with OS set for Flatcar Linux (varies, see docs)
  • CoreOS Container Linux won't receive updates after May 2020
• Add support for Fedora CoreOS snippets (terraform-provider-ct v0.5+) (#686)
• Recommend updating terraform-provider-ct plugin from v0.4.0 to v0.5.0
• Set Fedora CoreOS log driver back to the default journald (#681)
• Deprecate asset_dir variable and remove docs (#678)
• Deprecate support for gitRepo volumes. A future release will drop support.

AWS

• Fix Fedora CoreOS AMI to filter for stable images (#685)
  • Latest Fedora CoreOS testing or bodhi-update images could be chosen depending on the region

Bare-Metal

• Update default os_stream from testing to stable

Google Cloud

• Known: Use of stale Fedora CoreOS image may require terraform re-apply during bootstrap (#687)

DigitalOcean

• Rename image variable to os_image for consistency (#677) (action required)

Addons

• Update Prometheus from v2.16.0 to v2.17.1
• Update Grafana from v6.6.2 to v6.7.1

v1.17.4

• Kubernetes v1.17.4
• Update etcd from v3.4.3 to v3.4.4
  • On Container Linux, fetch using the docker transport format (#659)
• Update CoreDNS from v1.6.6 to v1.6.7 (#648)
• Update Calico from v3.12.0 to v3.13.1

AWS

• Promote Fedora CoreOS to stable (#668)
• Allow VPC route table extension via reference (#654)
• Fix worker_node_labels on Fedora CoreOS (#651)
• Fix automatic worker node delete on shutdown on Fedora CoreOS (#657)

Azure

• Upgrade to terraform-provider-azurerm v2.0+ (action required)
  • Change worker_priority from Low to Spot if used (action required)
  • Switch to Azure's new Linux VM and Linux VM Scale Set resources
  • Set controller's Azure disk caching to None
  • Associate subnets (in addition to NICs) with security groups (aesthetic)
• Add support for Flatcar Container Linux (#664)
  • Requires accepting Flatcar Linux Azure Marketplace terms

Bare-Metal

• Add worker_node_labels map variable for per-worker node labels (#663)
• Add worker_node_taints map variable for per-worker node taints (#663)

DigitalOcean

• Add support for Flatcar Container Linux (#644)

Google Cloud

• Promote Fedora CoreOS to beta (#668)
• Fix worker_node_labels on Fedora CoreOS (#651)
• Fix automatic worker node delete on shutdown on Fedora CoreOS (#657)

Addons

• Update nginx-ingress from v0.28.0 to v0.30.0
• Update Prometheus from v2.15.2 to v2.16.0
  • Refresh Prometheus rules and alerts
  • Add a BlackboxProbeFailure alert
  • Update kube-state-metrics from v1.9.4 to v1.9.5
  • Update node-exporter from v0.18.1 to v1.0.0-rc.0
• Update Grafana from v6.6.1 to v6.6.2
  • Refresh Grafana dashboards
• Remove Container Linux Update Operator (CLUO) addon example (#667)
  • CLUO hasn't been in active use in our clusters and won't be relevant
    beyond Container Linux. Requires patches for use on Kubernetes v1.16+