1.6.0-alpha.1 is a prerelease early-access of kops 1.6, which is the release with full support for kubernetes 1.6. This version of kops & kubernetes has not yet undergone extensive validation, and there will be improvements made before release of kops 1.6.0.
This is not a full set of release notes, but rather a summary of the highest impact changes in the 1.6 release:
RBAC can be enabled by passing the
kops create cluster, or via
kops edit clusterand change
The standard RBAC policy for 1.6 means that all access to the Kubernetes API using the default service account method will be denied.
The taints & tolerations have changed as part of their graduation from alpha. The taint is now a field on the node:
spec: taints: - effect: NoSchedule key: node-role.kubernetes.io/master
An example toleration (as used in dns-controller) is:
spec: tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master
Note that the annotation form is ignored. To schedule a pod on the master, the toleration must be updated and moved from an annotation to the field.
- A new label for nodes, mirroring the toleration, is added and is now preferred:
node-role.kubernetes.io/masterwith an empty value).
kubernetes.io/role=masteris still present, but the
node-role.kubernetes.io/<role>=form is preferred.
node-role.kubernetes.io/node=are also present.
Workaround: create the configmap with
kubectl create configmap -n kube-system kube-dns before updating.
Rolling update to 1.6 does not succeed because new kube-dns pods mount a configmap with an optional volume map, but that is enforced by the kubelets, which are upgraded after the master.
kops is not yet recommending etcd3. We do however support a run at your own risk option. Right now we are working on resolving issues such as HA upgrade support.