v1.17.2

• Kubernetes v1.17.2

AWS

• Promote Fedora CoreOS from preview to alpha

Bare-Metal

• Promote Fedora CoreOS from preview to alpha
• Update Fedora CoreOS images location
  • Use Fedora CoreOS production download streams
  • Use live PXE kernel and initramfs images

Addons

• Update nginx-ingress from v0.26.1 to v0.27.1 (#625)
  • Change runAsUser from 33 to 101 for alpine-based image
• Update kube-state-metrics from v1.9.2 to v1.9.3

v1.17.1

• Kubernetes v1.17.1
• Update CoreDNS from v1.6.5 to v1.6.6 (#602)
• Update Calico from v3.10.2 to v3.11.2 (#604)
• Inline Kubelet service on Container Linux nodes (#606)
• Disable unused Kubelet 127.0.0.1:10248 healthz listener (#607)
• Enable kube-proxy metrics and allow Prometheus scrapes
  • Allow TCP/10249 traffic with worker node sources

AWS

• Update Fedora CoreOS AMI filter for fedora-coreos-31 (#620)

Google

• Allow terraform-provider-google v3.0+ (#617)
  • Only enforce v2.19+ to ease migration, as no v3.x features are used

Addons

• Update Prometheus from v2.14.0 to v2.15.2
  • Add discovery for kube-proxy service endpoints
• Update kube-state-metrics from v1.8.0 to v1.9.2
• Reduce node-exporter DaemonSet tolerations (#614)
• Update Grafana from v6.5.1 to v6.5.3

v1.17.0

• Kubernetes v1.17.0
• Manage clusters without using a local asset_dir (#595)
  • Change asset_dir to be optional. Remove the variable to skip writing assets locally (action recommended)
  • Allow keeping cluster assets only in Terraform state (pluggable, encryption) and allow terraform apply from stateless automation systems
  • Improve asset unpacking on controllers
  • Obtain kubeconfig from Terraform module outputs
• Replace usage of template_dir with templatefile function (#587)
  • Require Terraform version v0.12.6+ (action required)
• Update CoreDNS from v1.6.2 to v1.6.5 (#588)
  • Add health lameduck option to wait before shutdown
• Update Calico from v3.10.1 to v3.10.2 (#599)
• Reduce pod eviction timeout for deleting pods on unready nodes from 5m to 1m (#597)
  • Present since v1.13.3, but mistakenly removed in v1.16.0
• Add CPU requests for control plane static pods (#589)
  • May provide slight edge case benefits and aligns with upstream

Google

• Use new google_compute_region_instance_group_manager version block format
  • Fixes warning that instance_template is deprecated
  • Require terraform-provider-google v2.19.0+ (action required)

Addons

• Update Grafana from v6.4.4 to v6.5.1
• Add pod networking details in dashboards (#593)
• Add node alerts and Grafana dashboard from node-exporter (#591)
• Reduce Prometheus high cardinality time series (#596)

v1.16.3

• Kubernetes v1.16.3
• Update etcd from v3.4.2 to v3.4.3 (#582)
• Upgrade Calico from v3.9.2 to v3.10.1
  • Allow advertising service ClusterIPs to peer routers via a BGPConfiguration
• Switch kube-proxy from iptables to ipvs mode (#574)

Addons

• Update Prometheus from v2.13.0 to v2.14.0
  • Refresh rules, alerts, and dashboards from upstreams
• Remove addon-resizer from kube-state-metrics (#575)
• Update Grafana from v6.4.2 to v6.4.4

v1.16.2

• Kubernetes v1.16.2
• Update etcd from v3.4.1 to v3.4.2 (#570)
• Update Calico from v3.9.1 to v3.9.2
  • Default to using Calico and supporting NetworkPolicy on all platforms

Azure

• Change default networking provider from "flannel" to "calico" (#573)

Bare-Metal

• Add controllers and workers as typed lists of machine detail objects (#566)
  • Define clusters' machines cleanly and with Terraform v0.12 type constraints (action required, see PR example)
  • Remove controller_names, controller_macs, and controller_domains variables
  • Remove worker_names, worker_macs, and worker_domains variables

DigitalOcean

• Change default networking provider from "flannel" to "calico" (#573)

Addons

• Update Grafana from v6.4.1 to v6.4.2
• Change CLUO label from "app" to "name"

v1.16.1

• Kubernetes v1.16.1
• Update etcd from v3.4.0 to v3.4.1
• Update Calico from v3.8.2 to v3.9.1
• Add Terraform v0.12 variables types (#553, #557, #560, #556, #562)
  • Deprecate cluster_domain_suffix variable

AWS

• Add worker_node_labels variable to set initial worker node labels (#550)
• Add node_labels variable to internal workers pool module (#550)
• For Fedora CoreOS, detect most recent AMI in the region

Azure

• Promote networking provider Calico VXLAN out of experimental (set networking = "calico")
• Add worker_node_labels variable to set initial worker node labels (#550)
• Add node_labels variable to internal workers pool module (#550)
• Change workers module default vm_type to Standard_DS1_v2 (followup to #539)

Bare-Metal

• For Fedora CoreOS, use new kernel, initrd, and raw paths (#563)
• Fix Terraform missing comma error (#549)
• Remove deprecated container_linux_oem variable (#562)

DigitalOcean

• Promote networking provider Calico VXLAN out of experimental (set networking = "calico")
• Fix Terraform missing comma error (#549)

Google Cloud

• Add worker_node_labels variable to set initial worker node labels (#550)
• Add node_labels variable to internal workers module (#550)

Addons

• Update Prometheus from v2.12.0 to v2.13.0
  • Fix Prometheus etcd target discovery and scraping (#561, regressed with Kubernetes v1.16.0)
• Update kube-state-metrics from v1.7.2 to v1.8.0
• Update nginx-ingress from v0.25.1 to v0.26.1 (#555)
  • Add lifecycle hook to allow draining for up to 5 minutes
• Update Grafana from v6.3.5 to v6.4.1

v1.16.0

• Kubernetes v1.16.0 (#543)
  • Read about several Kubernetes API deprecations!
  • Remove legacy node role labels (no longer shown in kubectl get nodes)
  • Rename node labels to node.kubernetes.io/master and node.kubernetes.io/node (migratory)
• Migrate control plane from self-hosted to static pods (#536)
  • Run kube-apiserver, kube-scheduler, and kube-controller-manager as static pods on each controller
  • kubectl edits to kube-apiserver, kube-scheduler, and kube-controller-manager are no longer possible (change)
  • Remove bootkube, self-hosted pivot, and pod-checkpointer
• Update CoreDNS from v1.5.0 to v1.6.2 (#535)
• Update etcd from v3.3.15 to v3.4.0
• Recommend updating terraform-provider-ct plugin from v0.3.2 to v0.4.0

Azure

• Change default controller_type to Standard_B2s (#539)
  • B2s is cheaper by $17/month and provides 2 vCPU, 4GB RAM
• Change default worker_type to Standard_DS1_v2 (#539)
  • F1 is previous generation. DS1_v2 is newer, similar cost, and supports Low Priority mode

Addons

• Update Grafana from v6.3.3 to v6.3.5

v1.15.3

• Kubernetes v1.15.3
• Update etcd from v3.3.13 to v3.3.15
• Update Calico from v3.8.1 to v3.8.2

AWS

• Enable root block device encryption by default (#527)
  • Require terraform-provider-aws v2.23+ (action required)

Addons

• Update Prometheus from v2.11.0 to v2.12.0
  • Update kube-state-metrics from v1.7.1 to v1.7.2
• Update Grafana from v6.2.5 to v6.3.3
  • Use stable IDs for etcd, CoreDNS, and Nginx Ingress dashboards (#530)
• Update nginx-ingress from v0.25.0 to v0.25.1
  • Fix Nginx security advisories

v1.15.2

• Kubernetes v1.15.2
• Update Calico from v3.8.0 to v3.8.1
• Add new load balancing, TCP/UDP, and firewall docs (#523)

Addons

• Add new Grafana dashboards for CoreDNS and Nginx Ingress Controller (#525)

v1.15.1

• Kubernetes v1.15.1
• Upgrade Calico from v3.7.3 to v3.8.0
  • Enable CNI bandwidth plugin for traffic shaping
• Run kube-apiserver with lower privilege user (nobody) (#506)
• Relax terraform-provider-ct version constraint (v0.3.2+)
  • Allow provider versions below v1.0.0 (e.g. upgrading to v0.4)

Azure

• Fix to add all controller nodes to the apiserver load balancer backend address pool (#518)
  • kube-apiserver availability relied on the 0th controller

Google Cloud

• Allow controller nodes to span more than 3 zones if available in a region (#504)
• Eliminate extraneous controller instance groups in single-controller clusters (#504)
• Raise network deletion timeout from 4m to 6m (#505)

Addons

• Update Prometheus from v2.10.0 to v2.11.0
  • Refresh rules, alerts, and dashboards from upstreams
  • Update kube-state-metrics from v1.6.0 to v1.7.1
• Update Grafana from v6.2.4 to v6.2.5
• Update nginx-ingress from v0.24.1 to v0.25.0
  • Support networking.k8s.io/v1beta1 apiVersion

Bonus

On AWS and bare-metal, a Fedora CoreOS preview is available to try (announcement).