v1.33.0-alpha.1

This is the first alpha release of the kOps 1.33 series, which adds support for kubernetes 1.33.

What's Changed

• chore: avoid replacing client-go version in tests/e2e by @justinsb in #17245
• chore: create script to update dependencies by @justinsb in #17244
• docs: update 1.32 release note with beta release by @justinsb in #17254
• Update flannel to v0.26.4 by @hakman in #17179
• Remove removal notice for flannel and update docs by @hakman in #17259
• Skip failing test in pull-kops-kubernetes-e2e-ubuntu-gce-build by @hakman in #17260
• bare-metal: add some go tests to start to verify functionality by @justinsb in #16896
• docs: updated etcdctl example by @vitaliyf in #17263
• chore(channels): bump k8s and ubuntu ami versions in alpha channel by @moshevayner in #17264
• Fix conditional for reconcile command in upgrade tests by @rifelpet in #17265
• Split dpkg-query fields with a tab by @rifelpet in #17271
• Better dumping via private IP when bastion is not set by @justinsb in #17261
• metal: copy control plane config to nodes by @justinsb in #17273
• chore(channels): promote alpha to stable - k8s and Ubuntu ami versions by @moshevayner in #17276
• Remove cloud-config and cloud-provider from 1.33 apiserver by @rifelpet in #17270
• chore(networking): upgrade amazon vpc cni to 1.19.3 by @moshevayner in #17277
• Cleanup logging for reconcile cluster by @rifelpet in #17282
• cloudup/gce: use slices and maps by @ameukam in #17283
• make --admin configurable to rolling-update by @zetaab in #17274
• Update k8s.io dependencies by @ameukam in #17288
• gha: Introduce arm64 for tests by @ameukam in #17286
• Bump CI tools by @ameukam in #17292
• Skip hostnetwork + hostname tests through 1.33 by @rifelpet in #17293
• Remove default CPU limits for aws-iam-authentication and node-problem-detector by @jim-barber-he in #17237
• Change to cx22 as default instance for Hetzner by @bjornharrtell in #17296
• Bump golang.org/x/crypto by @rifelpet in #17303
• Use ephemeral S3 buckets for E2E tests by @ameukam in #17157
• kube-router: bump version v2.1.1 -> v2.5.0 by @aauren in #17297
• Update Calico to v3.29.2 by @hakman in #17311
• Update metrics-server to v0.7.2 by @hakman in #17313
• Update Cilium to v1.16.7 by @hakman in #17312
• Bump Go to v1.24 by @ameukam in #17295
• chore(channels): update alpha k8s and ubuntu ami versions by @moshevayner in #17317
• ServiceTrafficDistribution cannot be switched off for kubernetes master (for scalability tests) by @dims in #17318
• chore(channels): promote alpha to stable by @moshevayner in #17320
• WarmPool should implement CompareWithID by @justinsb in #17323
• build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by @dependabot in #17322
• Fix JSON circular dependency in ASG / WarmPool by @justinsb in #17321
• Update dependencies by @rifelpet in #17333
• Remove cilium-config-path mount in cilium-agent container by @admun in #17319
• Support 1.33 pre-releases with --cloud-provider flag removal validation by @rifelpet in #17340
• fix(cilium): operator prometheus port by @raffis in #17336
• build(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 by @dependabot in #17343
• Pin GCP CCM image to v32.2.4 by @rifelpet in #17348
• toolbox: ensure SSH keys are loaded by @ameukam in #17346
• Remove legacy addons by @rifelpet in #17332
• feat: Added cni-exclusive setting for cilium by @runitmisra in #17361
• add goaway-chance parameter for kube-apiserver by @succa in #17357
• Update etcd to v3.5.21 by @hakman in #17367
• Bump skip.regex for failing tests to 1.34 by @hakman in #17371
• Make GCE backend service regional for the Terraform target by @flopib in #17229
• Enable more admission controllers by @ameukam in #17354
• Fix diff formatting of bools by @justinsb in #17375
• gce: use typed ServiceAccount in IAM tasks by @justinsb in #17379
• gce: set values for role labels by @justinsb in #17378
• Add support for Gateway API within Cilium by @jValdron in #17358
• fix get assets by @justinsb in #17385
• tests: add tests for kubectl get assets by @justinsb in #17384
• Release 1.33.0-alpha.1 by @justinsb in #17389

New Contributors

• @bjornharrtell made their first contribution in #17296
• @admun made their first contribution in #17319
• @runitmisra made their first contribution in #17361
• @succa made their first contribution in #17357

Full Changelog: v1.32.0-beta.1...v1.33.0-alpha.1

v1.32.0

Release notes for kOps 1.32 series

kOps 1.32 is a smaller release without significant additional features beyond updated support for kubernetes 1.32 and associated ecosystem updates. Significant kOps features will instead target kOps 1.33.

Significant changes

Kubernetes minor version upgrades to 1.31 or later should be performed using the `kops reconcile cluster command.

• Kubernetes 1.31 introduced stricter checks around the version-skew policy. While kOps has always followed the version-skew policy, there was an edge case:
  nodes that were added by an autoscaler during a rolling-update would not always follow the version-skew policy.
  We recommend trying the new kops reconcile command, see docs/tutorial/upgrading-kubernetes.md for more details.
  The kops reconcile functionality was introduced in kOps 1.32.

• flannel is no longer planned to be removed and has been updated to v0.26.4.

Deprecations

• Support for Kubernetes version 1.26 is deprecated and is removed in kOps 1.32.

• Support for Kubernetes version 1.27 is deprecated and will be removed in kOps 1.33.

What's Changed

• Don't require PriorityClassName to pass missing-static-pod checks by @johngmyers in #10049
• Upgrade aws-iam-authenticator to 0.5.2 by @rifelpet in #10047
• Recommend kops 1.18.1 for kops >= 1.15 in alpha channel by @johngmyers in #10051
• upgrade-cluster: test that new image in stable or alpha channel will … by @nvanheuverzwijn in #10052
• Release 1.19.0-alpha.5 by @hakman in #10054
• Release notes for 1.19.0-alpha.5 by @hakman in #10055
• Rewrite ssh user to ubuntu in bastions docs by @h3poteto in #10044
• Updating alpha with October releases and latest Ubuntu AMI version by @moshevayner in #10062
• Simplify node local dns by @olemarkus in #10059
• Fix bug in MergeAddons and test by @nckturner in #10045
• do not create egress rules when using vipacl octavia by @zetaab in #10061
• Add some quick notes on how to get GPU opertor working by @olemarkus in #10067
• Add some missing notes to the release notes by @olemarkus in #10056
• Cleanup channels error output by @rifelpet in #10068
• Add eBPF dataplane support for Calico CNI by @hakman in #10069
• Upgrade aws sdk to 1.35.10 by @rifelpet in #10074
• Use AWS SDK lists of enum values for API validation by @rifelpet in #10075
• Allow more volume types by @olemarkus in #10073
• Initial kubetest2 structure for e2e testing by @rifelpet in #10031
• Hotfix/10015 cloud formation lint error by @binkkatal in #10066
• Update docs for cutting new release branches by @rifelpet in #10084
• Update security_groups.md by @yurrriq in #10078
• Take node labels from cloud tags on AWS by @johngmyers in #9575
• Update Office Hours Zoom link by @johngmyers in #10087
• Update zoom links on the spanish README by @rdrgmnzs in #10088
• Ignore changes to ForAPIServer field by @justinsb in #10086
• Update Flannel CNI to v0.13.0 by @hakman in #10064
• kubetest2 - Implement create/validate/delete cluster functionality by @rifelpet in #10083
• Cert circular deps by @olemarkus in #10092
• Fix cilium template by specifying boolean as a string for enable-metrics by @h3poteto in #10094
• Release notes for 1.18.2 by @justinsb in #10097
• Update Kops Go build supported versions 1.15 by @bmelbourne in #10099
• Spotinst: Bump the Spot Cluster Controller to 1.0.68 by @liranp in #10103
• Remove hack/workaround from etcd-manager certificate expiration advisory by @hakman in #10102
• Install container runtime packages as assets by @hakman in #10048
• Default to exporting a kubecfg, even without credentials by @justinsb in #10105
• Remove dependency of TerraformJSON feature flag by @johngmyers in #10106
• Makefile and hack script cleanup by @rifelpet in #10112
• Update channels by @hakman in #10117
• Update Calico config for eBPF mode by @hakman in #10115
• Add random AWS zone logic + specify build stage location by @rifelpet in #10121
• Update AWS VPC CNI to 1.7.5 by @moshevayner in #10124
• Add nodeLocalDNSCache.kubeDnsOnly option by @javipolo in #10111
• Align AWS VPC CNI manifest with upstream by @hakman in #10126
• Fix release notes links to point to https://kops.sigs.k8s by @hakman in #10118
• Add verify-cloudformation script by @rifelpet in #10130
• Fix cloudformation lint errors by @rifelpet in #10131
• Update shell style for CLI docs for better compatibility by @hakman in #10128
• Prevent unintended resource updates to LB attatchments by @rdrgmnzs in #9794
• Make verify-cloudformation job fail when issues are found by @rifelpet in #10133
• Set minimum Terraform version to 0.12.26/0.13.0 by @bmelbourne in #10109
• ELB/TargetGroup/ASG attachment fixes by @rifelpet in #10138
• Prepare for version 1.20 by @johngmyers in #10101
• Rebrand kops to kOps by @hakman in #10077
• Remove code for no-longer-supported k8s releases by @johngmyers in #10141
• allow reauth for openstack client by @zetaab in #10144
• Simplify etcd options builder by @hakman in #10145
• Update AWS Cloudmock for complex and externallb integration test clusters by @rifelpet in #10140
• Deprecate field calico.majorVersion by @hakman in #10143
• [Digital Ocean] Use Debian10 as default image by @srikiz in #10098
• Implement API load balancer class with NLB and ELB support on AWS by @christianjoun in #9011
• Fix NLB naming for terraform and cloudformation targets by @rifelpet in #10158
• Move NLB's VPC CIDR security group rule logic into model by @rifelpet in #10161
• Fix additionalSecurityGroups support for NLB by @rifelpet in #10162
• Some typos by @zouy414 in #10160
• Fix output for CF and TF by @hakman in #10164
• Mount the whole /etc/ssl/certs directory for k8s-ec2-srcdst by @kitos9112 in #10169
• Avoid waiting on validation during rolling update for inapplicable instance groups by @bharath-123 in #10065
• OpenStack Reset deviceID status if needed by @zetaab in #10178
• Remove unused bearer token field from kubeconfig builder by @rifelpet in #10181
• Compare KubernetesAPIAccess to OpenStack allowedCIDRs deterministically by @havulv in #10186
• Consistent naming of security group rules by @olemarkus in #10179
• Upgrade Hashicorp HCLv2 Go module v2.7.0 by @bmelbourne in #10189
• Fix auto scaling group changes when using spot instances by @hakman in #10187
• Upgrade sprig to v3 by @olemarkus in #10191
• Upgrade helm to 2.17 and use the helm.sh reference by @olemarkus in #10192
• Fix AWS NLB reconciliation by @hakman in #10199
• Fix disabling spot instances when using launch templates by @hakman in #10198
• Add ACM cert permalink by @rifelpet in #10156
• Setup a second NLB listener when an AWS ACM certificate is used by @rifelpet in #10157
• Update Go to v1.15.4 by @hakman in https://github.com...

v1.32.0-beta.1

This is the first beta release of the kOps 1.32 series, which adds support for kubernetes 1.32.

kOps 1.32 is planned as a small release without significant additional features beyond updated support for kubernetes 1.32 and associated ecosystem updates. Significant kOps features will instead target kOps 1.33.

Changes of note

• Kubernetes minor version upgrades to 1.31 or later should be performed using the kops reconcile cluster command.

Kubernetes 1.31 introduced stricter checks around the version-skew policy. While kOps has always followed the version-skew policy, there was an edge case: nodes that were added by an autoscaler during a rolling-update would not always follow the version-skew policy. We recommend trying the new kops reconcile command, see docs/tutorial/upgrading-kubernetes.md for more details.
The kops reconcile functionality was introduced in kOps 1.32.

What's Changed

• build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @dependabot in #17139
• chore(channels): update alpha k8s and ubuntu ami versions by @moshevayner in #17136
• Temporarily skip failing cilium test to unblock PRs by @rifelpet in #17140
• Only set NTH ManagedASGTag label if it doesn't already exist by @rifelpet in #17141
• Dump ip routes as job artifacts by @rifelpet in #17149
• Update calico to 3.29.1 by @rifelpet in #17148
• chore(channels): promote alpha to stable (k8s and ubuntu ami versions) by @moshevayner in #17150
• s3 vfs: fix delete all versions to handle errors by @justinsb in #17151
• chore: add context to rolling update functions by @justinsb in #17153
• chore: refactor factory to accept a cluster by @justinsb in #17154
• Add assets Runc 1.2 by @ameukam in #17156
• Update etcd to v3.5.17 by @hakman in #17160
• chore(networking): bump aws-vpc-cni version to 1.19.2 by @moshevayner in #17163
• Only configure STS region for Route 53 when we obtain it using IDMS by @jValdron in #17161
• Install CNI network plugins only for specific CNIs by @hakman in #17162
• Remove support for K8s 1.26 in kOps 1.32 by @hakman in #17167
• chore: generate kubeconfig on the fly by @justinsb in #17155
• Update Cilium to v1.16.5 by @hakman in #17170
• Skip test `Services should implement NodePort and HealthCheckNodePort… by @hakman in #17172
• Adding VolumeType for Azure for etcdMembers by @ajgupta42 in #17171
• Propagate IG NodeLabels to k8s nodes in Hetzner by @rifelpet in #16739
• Update containerd to v1.7.24 by @hakman in #17178
• Bump alpha channel with Dec 24 K8s releases by @hakman in #17181
• Update Go to v1.23.4 by @hakman in #17184
• fix the random order of block_device_mappings render by @AldoFusterTurpin in #17180
• Add kindnet network plugin by @aojea in #17158
• aws: Update EBS CSI driver to v1.38.1 by @hakman in #17193
• Use SDK's built-in resolver for S3Path.GetHTTPsUrl by @rifelpet in #17183
• Add IPv6 support for kindnet by @hakman in #17190
• Fix aws cli command for discovering 24.04 AMIs by @rifelpet in #17196
• chore: Promote alpha channel to stable by @hakman in #17197
• Use the same port for hubble-metrics that is used by cilium by @kforsthoevel in #17177
• Refactor validation logic around checking for multiple options by @justinsb in #17187
• Update containerd to v1.7.25 by @hakman in #17200
• Use Ubuntu 24.04 (Noble) as the default distro for K8s 1.32+ by @hakman in #17203
• kindnet: use commands instead of args for the container image by @aojea in #17204
• delete cluster: avoid logspam on GCE "resource in use" error by @justinsb in #17211
• toolbox dump: include full instance details on GCE by @justinsb in #17212
• reconcile: wait for apiserver to response before trying rolling-update by @justinsb in #17208
• bump kindnet default version to 1.8.2 by @aojea in #17210
• reconcile: if --yes is not provided, print the same output as update cluster does by @justinsb in #17214
• fix kindnet permissions by @aojea in #17213
• kindnet: Support IP aliases with kindnet on gce by @justinsb in #17206
• gce: Update scale test scenario by @hakman in #17209
• Kindnet requires cluster to provide ipam via the node.spec.podcidr by @aojea in #17215
• chore(channels): update alpha k8s and ubuntu ami versions by @moshevayner in #17216
• Support strong-typing for --target values by @justinsb in #16978
• tests: use reconcile command for kOps 1.31+ by @justinsb in #17152
• Update Go to v1.23.5 by @hakman in #17217
• e2e: add kops validate step to metal test by @justinsb in #16943
• Remove reconcile flag from kops update by @justinsb in #17220
• chore(channels): promote alpha to stable by @moshevayner in #17232
• Add docs for the new kops reconcile cluster command by @rifelpet in #17191
• Promote Ubuntu 24.04 to stable in Kops 1.31 by @rifelpet in #17192
• Add more IOPS to help raft latencies by @hakuna-matatah in #17233
• Bump actions/setup-go from 5.2.0 to 5.3.0 by @dependabot in #17236
• docs: update release note for 1.31 now that it is released by @justinsb in #17238
• docs: create placeholder docs for 1.32 and 1.33 releases by @justinsb in #17239
• Release 1.32.0-beta.1 by @justinsb in #17241

New Contributors

• @jValdron made their first contribution in #17161
• @ajgupta42 made their first contribution in #17171
• @AldoFusterTurpin made their first contribution in #17180
• @kforsthoevel made their first contribution in #17177

Full Changelog: v1.31.0-beta.1...v1.32.0-beta.1

v1.30.4

What's Changed

• Automated cherry pick of #17141: Only set NTH ManagedASGTag label if it doesn't already exist by @rifelpet in #17143
• Automated cherry pick of #17161: Only configure STS region for Route 53 when we obtain it using IDMS by @johngmyers in #17165
• Automated cherry pick of #17184: Update Go to v1.23.4 by @hakman in #17186
• Automated cherry pick of #17180: fix the random order of block_device_mappings render Include by @hakman in #17189
• Automated cherry pick of #17177: Use the same port for hubble-metrics that is used by cilium by @rifelpet in #17199
• Automated cherry pick of #17183: Use SDK's built-in resolver for S3Path.GetHTTPsUrl by @rifelpet in #17201
• Automated cherry pick of #17217: Update Go to v1.23.5 by @hakman in #17219
• Release 1.30.4 by @johngmyers in #17242

Full Changelog: v1.30.3...v1.30.4

v1.31.0

Significant changes

• Kubernetes minor version upgrades to 1.31 should be performed using a new kops reconcile cluster command.

Kubernetes 1.31 introduces stricter checks around the version-skew policy. While kOps has always followed the version-skew policy, there was an edge case: nodes that were added by an autoscaler during a rolling-update would not always follow the version-skew policy. We recommend trying the new kops reconcile command, see docs/tutorial/upgrading-kubernetes.md for more details.

Other changes of note

• Cilium has been upgraded to v1.16.
• Spotinst cluster controller V1 is replaced with Ocean kubernetes controller V2, all old k8s resource are removed except spotinst-kubernetes-cluster-controller Secret.

Deprecations

• Support for Kubernetes version 1.25 is deprecated and will be removed in kOps 1.31.

• Support for Kubernetes version 1.26 is deprecated and will be removed in kOps 1.32.

Full Changelog: v1.31.0-beta.1...v1.31.0

Changes since 1.31.0-beta.1

• Only set NTH ManagedASGTag label if it doesn't already exist by @rifelpet in #17142
• chore(networking): bump aws-vpc-cni version to 1.19.2 by @moshevayner in #17164
• Only configure STS region for Route 53 when we obtain it using IDMS by @johngmyers in #17166
• Update OldestRecommendedKubernetesVersion to 1.28 for kOps 1.31 by @hakman in #17168
• Update Cilium to v1.16.5 by @hakman in #17173
• Adding VolumeType for Azure for etcdMembers by @hakman in #17175
• Propagate IG NodeLabels to k8s nodes in Hetzner by @rifelpet in #17176
• Update Go to v1.23.4 by @hakman in #17185
• fix the random order of block_device_mappings render Include by @hakman in #17188
• aws: Update EBS CSI driver to v1.38.1 by @hakman in #17194
• Use SDK's built-in resolver for S3Path.GetHTTPsUrl by @rifelpet in #17195
• Use the same port for hubble-metrics that is used by by @hakman in #17198
• Update containerd to v1.7.25 by @hakman in #17202
• Update Go to v1.23.5 by @hakman in #17218
• chore: add context to rolling update functions by @justinsb in #17222
• s3 vfs: fix delete all versions to handle errors by @justinsb in #17221
• reconcile: if --yes is not provided, print the same output as update cluster does by @justinsb in #17223
• chore: refactor factory to accept a cluster by @justinsb in #17225
• Remove reconcile flag from kops update by @justinsb in #17226
• tests: use reconcile command for kOps 1.31+ by @justinsb in #17228
• chore: generate kubeconfig on the fly by @justinsb in #17227
• Release 1.31.0 by @justinsb in #17231

v1.31.0-beta.1

What's Changed

• Update Service Account Issuer Migration doc by @elliotdobson in #16711
• Bump nvidia-driver-535 for CUDA 12 support by @ddelange in #16560
• Use a different healthcheck port for AWS CSI controller by @rifelpet in #16909
• tests: Fix argument order in assertions by @pierreprinetti in #16912
• Upgrade Cilium to v1.16.3 by @rifelpet in #16914
• dns: Update coredns to v1.11.3 by @ataut-pai in #16915
• API Server: memory management related flags by @rsafonseca in #16918
• metal: Run apt-get update before install by @hakman in #16919
• build(deps): bump actions/dependency-review-action from 4.3.4 to 4.3.5 by @dependabot in #16923
• build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @dependabot in #16925
• build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #16924
• Add support for configuring environment variables on kube-apiserver by @rsafonseca in #16920
• openstack: Upgrade to Gophercloud v2 by @pierreprinetti in #16911
• build(deps): bump actions/dependency-review-action from 4.3.5 to 4.4.0 by @dependabot in #16930
• feat(cilium): adding EnableLocalRedirectPolicy parameter by @ana-aguilar7 in #16929
• Reduce number of nodes in manyaddons tests by @rifelpet in #16934
• Fix: Normalize the SQS policies before comparing them by @justinsb in #16937
• Allow updating the cluster one instance group at a time by @justinsb in #16936
• Spotinst: add aggressive scale down feature by @yehielnetapp in #16931
• e2e tests: dump ip information for each VM by @justinsb in #16942
• e2e: name artifacts after the tests by @justinsb in #16941
• tests: run kops toolbox dump in bare-metal e2e by @justinsb in #16940
• chore(channels): update alpha k8s and ubuntu ami versions by @moshevayner in #16947
• openstack: add external dns support by @zetaab in #16948
• chore(upup): bump aws-cni to 1.18.6 by @moshevayner in #16949
• feat(docs): add toggle for light/dark mode support by @moshevayner in #16951
• chore(channels): promote alpha to stable by @moshevayner in #16952
• build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0 by @dependabot in #16953
• Fix channels for K8s 1.26 by @hakman in #16958
• refactor: build assets for kubernetes and nodeup explicitly by @justinsb in #16954
• refactor: create abstraction over cluster/instancegroup for building assets by @justinsb in #16955
• Add hashes for containerd 1.17.22 by @justinsb in #16962
• chore(channels): bump k8s and ubuntu jammy ami versions in alpha channel by @moshevayner in #16964
• Recognize fedora 41 and debian 13 by @justinsb in #16963
• Remove more unnecessary IMDS request logging by @rifelpet in #16966
• Use port 9811 for EBS CSI controller healthcheck by @rifelpet in #16967
• chore(channels): promoe alpha to stable (k8s and ubuntu ami) by @moshevayner in #16973
• Fix version upgrade kubelet support by @rsafonseca in #16932
• Remove unusued kubernetesVersion from AssetBuilder by @justinsb in #16976
• tests: fix linter-detected problem with error handling by @justinsb in #16974
• Fixup kubelet and controlPlaneKubelet config building by @justinsb in #16975
• Add kops reconcile cluster command by @justinsb in #16980
• reconcile command to combine update and rolling-update by @justinsb in #16939
• chore: fix some function names in comment by @cuiyourong in #16981
• Generate hashes for latest kube versions by @justinsb in #16984
• Dial down warning level when asset is not found by @justinsb in #16985
• OpenStack: update csi images by @jauru in #17134
• chore(networking): bump aws-cni to 1.19.0 by @moshevayner in #17137
• Release 1.31.0-beta.1 by @justinsb in #17138

New Contributors

• @pierreprinetti made their first contribution in #16912
• @ataut-pai made their first contribution in #16915

Full Changelog: v1.31.0-alpha.1...v1.31.0-beta.1

v1.30.3

What's Changed

• Automated cherry pick of #16966: Remove more unnecessary IMDS request logging by @rifelpet in #16968
• Automated cherry pick of #16967: Use port 9811 for EBS CSI controller healthcheck by @rifelpet in #16969
• Revert 1.30 Cherrypick "correct hubble tls file names as ..." by @rifelpet in #16970
• Release 1.30.3 by @rifelpet in #16972

Full Changelog: v1.30.2...v1.30.3

v1.30.2

Release v1.30.2

What's Changed

• Automated cherry pick of #16779: versionbump: update golang to 1.22.6
  #16826: Update Go to v1.22.7 by @hakman in #16827
• Automated cherry pick of #16818: Conditionally set TF aws_s3_object SSE and ACLs by @rifelpet in #16830
• Automated cherry pick of #16831: Disable node-problem-detector containerd and kubelet checks by @hakman in #16832
• Automated cherry pick of #16853: fix(cluster-autoscaler): add missing permission
  #16855: correct hubble tls file names as mapped from secret by @hakman in #16856
• Automated cherry pick of #16857: Suppress request logging for IMDS within Route53 client by @rifelpet in #16858
• Automated cherry pick of #16879: Ignore blackhole NAT routes
  #16868: aws: Update VPC CNI to v1.18.5 by @hakman in #16881
• Automated cherry pick of #16883: Update containerd to v1.7.22 by @hakman in #16884
• Automated cherry pick of #16887: Fix awsup default and DescribeTag max retries by @hakman in #16891
• Automated cherry pick of #16909: Use a different healthcheck port for AWS CSI controller by @rifelpet in #16910
• Automated cherry pick of #16560: Bump nvidia-driver-535-server by @hakman in #16926
• Automated cherry pick of #16915: dns: Update coredns to v1.11.3 by @hakman in #16927
• Automated cherry pick of #16918: API Server: memory management related flags by @hakman in #16928
• Automated cherry pick of #16949: chore(upup): bump aws-cni to 1.18.6 by @moshevayner in #16950
• Automated cherry pick of #16948: openstack: add external dns support by @rifelpet in #16957
• Automated cherry pick of #16765: Allocate more resources to cloudbuild by @rifelpet in #16959
• Release 1.30.2 by @rifelpet in #16960

Full Changelog: v1.30.1...v1.30.2

v1.31.0-alpha.1

What's Changed

• build(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 by @dependabot in #16630
• Update dependencies by @github-actions in #16639
• added release 1.29 in doc menu by @kundan2707 in #16641
• docs: create release notes for 1.30 by @justinsb in #16640
• Bump Github Actions jobs to latest distros by @rifelpet in #16644
• Fix 2 broken links in the docs by @qlijin in #16632
• Skip failing tests on older upgrade jobs migrated to EKS by @rifelpet in #16646
• Set the STS client's region via IMDS for AssumeRoleWithWebIdentity by @rifelpet in #16647
• chore: update golang to 1.22.5 by @justinsb in #16649
• refactor: simplify signature of AddS3Permissions function by @justinsb in #16650
• refactor: ApplyClusterCmd clearly returns results by @justinsb in #16655
• refactor: use types.NamespacedName for map of serviceAccounts by @justinsb in #16651
• refactor: create awsup.GetCloud helper method by @justinsb in #16656
• refactor: allow access to S3 bucket region by @justinsb in #16657
• Bump boskos dependency by @ameukam in #16648
• Bump cloudbuild to go 1.22.5 by @rifelpet in #16661
• Set Ubuntu 24.04 as default in k8s 1.31 by @rifelpet in #16662
• Update dependencies by @hakman in #16667
• Fix cluster-autoscaler priority expander config by @rifelpet in #16670
• build(deps): bump actions/dependency-review-action from 4.3.3 to 4.3.4 by @dependabot in #16674
• build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in #16675
• Stop skipping hostNetwork hostname e2e test by @rifelpet in #16676
• Use UTC for AWS token tests by @rifelpet in #16680
• Add new API field for VPC CNI's network policy agent image by @rifelpet in #16681
• Add the hubble-metrics service for cilium by @rifelpet in #16682
• Update dependencies by @github-actions in #16690
• Drop InTreePluginAWSUnregister feature gate for k8s 1.31 and above by @dims in #16698
• Update dependencies by @github-actions in #16699
• Replace deprecated flag with the suggested one. by @chrismgrayftsinc in #16700
• test: Fix rendering of cloudConfig.gceServiceAccount by @hakman in #16706
• Fix InTreePluginAWSUnregister feature gate removal in 1.31 by @rifelpet in #16708
• Update AWS EBS CSI Driver to 1.33.0 by @rifelpet in #16712
• test: Use latest K8s build for scale tests by @hakuna-matatah in #16701
• refactor: support multiple podCIDRs in the node patch by @justinsb in #16710
• Update README.md by @m8nt0 in #16631
• Update dependencies by @github-actions in #16719
• test: Utilize max-nodes-to-dump to leverage on large scale tests to reduce storage by @hakuna-matatah in #16718
• Use new staging etcd-manager image for testing by @rifelpet in #16722
• Add OWNERS file in tests/e2e/scenarios/scalability by @dims in #16725
• Avoid additional logging in kube-proxy for scale tests by @hakuna-matatah in #16726
• Use latest ubuntu jammy 22.04 to match GCE by @dims in #16729
• Add KOPS_VERSION_MARKER and cleanup some other settings by @dims in #16727
• Use latest master build from k8s by @dims in #16728
• Fixes already existing nodes behaviour in kops controller by @jauru in #16737
• feat(cluster-autoscaler) Implement emitPerNodegroupMetrics parameter by @alexandresavicki in #16693
• Fix table not format of docs by @lou-lan in #16745
• chore: fix function name in comment by @pengbanban in #16731
• gce: Add option to use startup script instead of user-data by @hakman in #16705
• Fix verify-golangci-lint by @hakman in #16746
• Update dependencies by @github-actions in #16747
• spotinst: Bump k8s cluster controller to v2 by @yehielnetapp in #16717
• Drop kops-ci references by @ameukam in #16764
• Allocate more resources to cloudbuild by @rifelpet in #16765
• nodeup: if apt-get tells us to run dpkg configure, run it by @justinsb in #16755
• tests: skip "service endpoints using hostNetwork" test across all clouds by @justinsb in #16771
• tests: skip NodePort tests with cilium by @justinsb in #16772
• tests: skip kube-proxy metric tests with cilium by @justinsb in #16770
• Fix tests skips for kube-router by @hakman in #16773
• Update deps to K8s v0.31.0 by @hakman in #16774
• aws: Fix conversion for instance-selector flags by @hakman in #16776
• Enable DinD for Github codespaces by @ameukam in #16780
• refactor: OptionsBuilder works on kops.Cluster by @justinsb in #16768
• dns: use resolved region rather than re-resolving every time by @justinsb in #16778
• versionbump: update golang to 1.22.6 by @justinsb in #16779
• refactor: Move GetCloudProvider to cluster by @justinsb in #16782
• cleanup: better error messages for kube-apiserver healthcheck manifest by @justinsb in #16783
• tests: create basic test for creating VMs on github actions by @justinsb in #16784
• refactor: give clear error message if challenge endpoint cannot be found by @justinsb in #16785
• Enforce GCP limit of 64 chars for cluster name in kubetest2 deployer by @dims in #16787
• tests: add simple s3 emulator for bare-metal testing by @justinsb in #16786
• metal: stub out functions to enable cluster creation by @justinsb in #16788
• Use keys specified in env vars for GCP and AWS by @dims in #16792
• refactor: move more nodeup script logic to NodeUpScript by @justinsb in #16793
• autogen: more kube asset hashes by @justinsb in #16790
• vfs: fix file replacement for SFTP by @justinsb in #16794
• chore: add hashes for containerd 1.7.16 by @justinsb in #16791
• Don't truncate the top level domains for GCP jobs by @rifelpet in #16796
• Stop skipping protocol tests for future Cilium versions by @rifelpet in #16797
• metal: more functions to enable kops update cluster by @justinsb in #16789
• metal: support kops toolbox enroll on a control-plane machine by @justinsb in #16798
• tests: capture logs etc as github artifacts by @justinsb in #16799
• Implement SELinuxMount feature gate for GCE by @jsafrane in #16801
• etcd manager static config by @justinsb in #16805
• tests: use latest dev etcd-manager image in bare-metal test by @justinsb in #16804
• Limit GCP subnet secondary alias names to 63 chars by @rifelpet in #16808
• chore: update aws pod identity webhook by @eliasscosta in #16803
• Fix ipv6 prefix detection with aws-sdk-go-v2 by @rifelpet in #16809
• Give each kops-controller controller unique names by @rifelpet in #16812
• Include all APIserver addresses for nodeup config by @rifelpet in #16813
• Discover a bastion load balancer and use it for dumping artifacts by @rifelpet in ...

v1.30.1

What's Changed

• Automated cherry pick of #16647: Set the STS client's region via IMDS for by @rifelpet in #16757
• Automated cherry pick of #16776: aws: Fix conversion for instance-selector flags by @rifelpet in #16777
• Automated cherry pick of #16778: dns: don't use IMDS region resolver when it previously failed by @rifelpet in #16781
• Automated cherry pick of #16803: chore: update aws pod identity webhook by @eliasscosta in #16811
• Automated cherry pick of #16809: Fix ipv6 prefix detection with aws-sdk-go-v2 by @rifelpet in #16815
• Release 1.30.1 by @hakman in #16825

Full Changelog: v1.30.0...v1.30.1