This repository has been archived by the owner on Sep 30, 2020. It is now read-only.
v0.9.9: Kubernetes 1.8, RBAC enabled by default, API endpoint backed by NLB, Encrypted S3 buckets, ClusterAutoscaler fix, Metrics Server
Changelog since v0.9.8
Please see our roadmap for details on upcoming releases.
The next RC release will address: https://github.com/kubernetes-incubator/kube-aws/milestone/53
Component versions
Kubernetes: v1.8.4
Etcd: v3.2.9
Calico: v2.6.1
Helm/Tiller: v2.7.2
Actions required
The default IamFleetRole
has been changed on AWS side
- If you have one or more Spot-fleet backed node pools, ensure that you have the
aws-ec2-spot-fleet-tagging-role
role in your AWS account. Please locate it in the IAM role page in the AWS console.- In case your AWS account doesn't have one yet, please go ahead to the EC2 console and try to launch a spot fleet from there. You don't need to actually launch one but just trying to launch one will result in AWS to create the new default role for you. See #1022 (comment) for more detailed context.
Features
- #885: Dedicated worker CA and Etcd trusted CA bundle(Thanks to @redbaron)
- #889: Enable RBAC by default
- #945: Add initial support for NLB API endpoints(Thanks to @danielfm)
- #951: Fixes #946 Support drop-ins in customSystemdUnits(Thanks to @jeremyd)
- #963: Support deployment to AWS GovCloud(Thanks to @amdonov)
- #966: Convert kube-proxy to a DaemonSet(Thanks to @danielfm)
- #971: Kubernetes Dashboard 1.7 with RBAC and authentication.(Thanks to @camilb)
- #1009: Adding AlwaysPullImages admission controller option(Thanks to @kylegato)
- #973: Metrics Server addon.(Thanks to @camilb)
- #1023: Add support for S3 buckets with the default encryption enabled
- #1027: Support EC2 instance tags per node role
- #1035: Use templated image for metrics-server.(Thanks to @camilb)
Improvements
- #882: Do not encrypt certificate files, dont' load fingerprints if no raw file available(Thanks to @redbaron)
- #904: Fix too permissive IAM policy for CA associated to controller nodes
- #905: Fix the scheduling and permissions issue of CA
- #916: Bump default k8s to 1.7.5(Thanks to @c-knowles)
- #924: Remove
experimental.plugins.rbac
from cluster.yaml - #927: Drop the deprecated key
workerCount
in cluster.yaml - #934: Remove
mapPublicIPs
androuteTableId
in the top-level of cluster.yaml - #936: Remove
createRecordSet
to help newcomers bring up their first clusters - #944: Bump default k8s to 1.7.6(Thanks to @Vrtak-CZ)
- #959: Update kubedns(Thanks to @danielfm)
- #962: Update various components version.(Thanks to @camilb)
- #981: Bump the default Kubernetes version to v1.7.8-coreos.1
- #995: Only take snapshot if current member is a leader(Thanks to @martinssipenko)
- #1002: Experimental addons can all be uncommented(Thanks to @c-knowles)
- #1004: Add kube-proxy health check(Thanks to @dvdthms)
- #1005: Bump cluster-autoscaler version to v1.0.2
- #1008: Add some additional cleanup to rkt containers(Thanks to @dvdthms)
- #1017: fixes #990 disable sshd password authentication(Thanks to @jeremyd)
- #1020: Update RBAC API version to v1 from v1beta1(Thanks to @dragon3)
- #1021: Make kube-node-label more reliable
- #1030: Bump various components version.(Thanks to @camilb)
- #1040: Improve the configuration for Kubernetes Dashboard.(Thanks to @camilb)
Bug fixes
- #938: Handle worker-ca correctly when TLSBootstarpping is enabled(Thanks to @redbaron)
- #877: Fix the existing TLS CA support
- #888: Fix a potential YAML parsing error in cluster.yaml
- #894: Fix test timeouts in CI
- #895: Fix the hard-coded duration until an etcd cert generated by kube-aws expires
- #902: Add spot fleet support for the
awsNodeLabels
feature - #904: Fix too permissive IAM policy for CA associated to controller nodes
- #905: Fix the scheduling and permissions issue of CA
- #926: Emit errors when unknown keys are specified under
worker.nodePools[]
- #943: Fixes #942 etcdadm cannot find ca.pem(Thanks to @jeremyd)
- #951: Fixes #946 Support drop-ins in customSystemdUnits(Thanks to @jeremyd)
- #964: Add in missing ASG IAM permission for experimental.nodeDrainer.(Thanks to @tyrannasaurusbanks)
- #969: Remove bashisms from kube autosaver, makes it work with posix SH(Thanks to @redbaron)
- #975: Rollback to 1.7.7 hyperkube image, as 1.7.8 is actually 1.9.0 alpha(Thanks to @redbaron)
- #997: Load member .env file that is generated by etcdadm.(Thanks to @martinssipenko)
- #1014: Fix the render command to not wipe ca.pem
- #1015: Fix kubelet-to-apiserver connection checks on controller nodes not to fail in certain cases
- #1017: fixes #990 disable sshd password authentication(Thanks to @jeremyd)
- #1016: Save custom resource definitions in kube autosaver. Fix health check for kube-resources-autosave-dumper. Fix kubernetes dashboard port.(Thanks to @camilb)
- #1024: Fix the default FleetIamRole
- #1033: Add rkt container cleanup to journald-cloudwatch-logs service(Thanks to @dvdthms)
- #1036: Fix the creation of all metrics-server resources.(Thanks to @camilb)
- #1043: Various fixes to 0.9.9 rc.3
- #1067: Correct values for the
kubernetes.io/cluster/<Cluster ID>
tags - #1068: Allow toggling Metrics Server installation
Documentation
- #1065: Fix dashboard doc links(Thanks to @c-knowles)
- #1034: Quick start and high availability guides(Thanks to @c-knowles)