v2.14.0

Announcements

We are looking for maintainers, reach out in #5432.

Deprecation / Removal

• Removed support for Fedora 29 and 30 (EOL)
• Remove support for CoreOS Container Linux (EOL)

Major changes:

• Add Oracle Linux 8 support and fixes (#6198)
• Add Ubuntu 20.04 support (#6157)
• Add support for Fedora 32 (#6426)
• Add support for Kata Containers (#6256)
• Switch to Python3 on Debian & Ubuntu (#6157)
• Add Ambassador OSS ingress controller (#6135)
• Add ovn4nfv-k8s-plugin as network plugin (#6381)
• Improve air-gap installation instructions (#6234)
• Add TLS cipher suites support for kubeadm and kubelet (#6024 #6490)
• Update most ETCDCTL_API call to v3 (#5998)
• Upgrade molecule to v3 (#6468)
• Remove-node play will now fail if node can not be drained (#6442)

Applications

• [Azure] Update documentation with az command (#6042)
• [Azure] Add azure_cloud parameter to cloud_config file (#6321)
• [CSI] Update CSI containers to latest versions (#6221)
• [MetalLB] Option to talk BGP (#6383)
• [MetalLB] The deployment becomes one of addons. You can deploy it with a new option metallb_enabled (#6238)
• [Openstack] Support volume type (#6524) (See Notes)
• [Openstack] Make it possible to open additional ports on masters (#6547)
• [Openstack] Add support for application credentials (#6534)
• [Openstack] Add snapshot-controller for CSI drivers (#6537)
• [Openstack] Added a default volumesnapshotclass for Cinder CSI (#6537)

Container managers

• Match docker-cli version with docker-engine version (#6163)
• [Docker] Set cgroup driver by default to systemd (#6563)
• [Containerd] Install package is now managed alongside docker (#6218)
• [Containerd] Add support for Fedora (#6094)
• [CRI-O] Use OS packaging default value for apparmor_profile in crio.conf (#6125)
• [CRI-O] Fix kubelet cgroup driver detection (#6331)
• [CRI-O] Align template crio.conf with upstream and set cgroup driver by default to systemd (#6432)
• [CRI-O] Harden downloads with retry (#6374)
• [CRI-O] Add variable to configure unsecure pull (#6568)

Network

• [Weave] Allow Weave DS to support any taint effect (#6159)
• [Calico] Disable bird-check flag for probes of calico-node pods when calico_network_backend is not bird (#6217)
• [Calico] Add FELIX_DEVICEROUTESOURCEADDRESS option (#6508)
• [Kube-Router] Enable portmap CNI plugin with kube-router to allow use of hostPort in container specs (#6204)
• [Kube-Router] Add selectable dns policy (#6586)
• [Cilium] Add a way to deploy cilium alongside another CNI (#6373)
• [Cilium] Add option to configure IPVS timeouts in kube-proxy configration manifest (#6396)
• [Cilium] Support the overwrite of MTU in Cilium agents (#6329)
• [Cilium] Add metrics in Cilium operator and add hubble metrics port in agents (#6513)
• [Cilium] Add hubble server support in cilium (#6575)

Other note worthy changes

• Create custom dashboard namespace if specified (#6107)
• Add support to expose etcd metrics on a custom port (#6092)
• Add additional network configuration options to external Openstack (#6085)
• Fix resolv.conf configuration for Fedora CoreOS (#6138)
• Replace seccomp profile docker/default with runtime/default (#6170)
• Multiples fixes for proxy and no_proxy variables (#6112 #6431 #6558)
• Use connection: local when delegate_to: localhost (#6322)
• Add DNS configuration in NetworkManager for Fedora CoreOS (#6291)
• Allow kubeadm to upgrade etcd (#6345) (See notes)
• Add docs for setting up your first cluster (#6544)
• Webhook authorization can now be enabled using inventory variable (#6502)
• Uncordon node that fail to drain (thus failing its upgrade) during upgrade procedure (#6546)
• Added variable kubelet_rotate_server_certificates which enables kubelet server certificate rotation (#6453)
• Add protectKernelDefaults option (default true) to kubelet config file (#6611)

Component versions:

• Kubernetes v1.18.8
• Etcd 3.4.3
• Docker 19.03
• containerd 1.2.13
• Cri-O 1.18
• CNI-plugins v0.8.7
• Calico v3.15.2
• Cilium 1.8.3 (See Notes)
• Contiv 1.2.1
• Flannel 0.12.0
• Kube-Router 1.0.1 (see Notes)
• Multus 3.6
• kube-ovn 1.3.0 (see Notes)
• Weave 2.7.0
• CoreDNS 1.6.7
• nodelocaldns 1.15.13
• Helm 3.2.4
• nginx-ingress 0.35.0
• cert-manager 0.16.1 (see Notes)
• Kubernetes Dashboard v2.0.4
• Oracle OCI: v0.7.0

Known issues

None

Notes

• etcd will now be upgraded and its certs renewed when using a kubeadm managed etcd (etcd_kubeadm_enabled: true)
• Cilium: Check upgrade guide regarding update to 1.8.0
• Kube-Router: Upgrade to 1.0.0 require an iptable flush
• Kube-ovn is now installed in kube-system namespace, version priori to 1.0.0 should be removed manually
• Cert-Manager: Refer to README.md prior to upgrading in your exisitng Kubernetes cluster
• Openstack: If the nova API is before Stein, Terraform will work but the new volume type feature will not be available. If the entire cloud is upgraded to Stein or later, the new feature can be used. However if the nova versions in the cloud are mixed, with nova server API >= Stein and any nova-compute node < Stein, you will get a HTTP 409 error and VolumeTypeSupportNotYetAvailable exception.

v2.13.3

This release includes the following changes:

• Kubernetes v1.17.9 (#6435)
• bugfix if openstack_cacert is a base64 string (#6475)
• bugfix no_proxy support (#6346)

v2.12.9

This release includes the following changes:

• bugfix if openstack_cacert is a base64 string (#6371)

v2.12.8

This release includes the following changes:

• Kubernetes 1.16.13 (#6477)

v2.13.2

This release includes the following changes:

• Kubernetes 1.17.7 (#6286)
• CNI to v0.8.6 (#6228)
• CRI-O bugfixes (#6230)
• Fix resolv.conf configuration for Fedora CoreOS (#6155)

v2.12.7

This release includes the following changes:

• Kubernetes 1.16.11 (#6287)
• CNI to v0.8.6 (#6227)
• Wait for kube-apiserver availability before starting upgrade (#6243)

v2.13.1

This release includes the following changes:

• Kubernetes v1.17.6 (#6183)
• Pin docker client version (#6163 and #6179)
• Bugfix kubernetes-dashboard template (#6066 and #6179)
• Create namespace when dashboard deployment uses customized namespace (#6107 and #6179)
• Bugfix apiserver port when upgrading a cluster with a custom apiserver port (#6136 and #6179)

v2.13.0

Announcements

We are looking for maintainers, reach out in #5432.

Deprecation / Removal

• Removed support for Fedora 28 (EOL since May 2019)
• Removed support for Fedora Atomic (see EOL announcement)
• CoreOS is deprecated (See upstream announcement)
• docker_container_storage_setup variable is deprecated (was supported only on RHEL and Centos 7)

Major changes:

• Ansible v2.9 required
• Adds support for Fedora 30 and 31
• Adds Flatcar Linux support (fork of CoreOS, see update instructions) (#5607)
• Adds support for Centos 8 (#5842 #5820)
• Add experimental support for Fedora CoreOS (#5657)
• Helm 3 is the new default if helm_enabled: true (#5503)
• Kubernetes dashboard v2.0 (#5828). The kubernetes-dashboard team recommends to install the dashboard in a separate namespace, to keep compatibility kubespray defaults to kube-system but this can be change using the new dashboard_namespace variable
• contrib/terraform/openstack: Add az_list_node variable to specify different AZs for nodes (#5413) (action is required if you don't use the default "nova" AZ)

Applications

• Add external cloud provider for Openstack (#5491)
• Add external cloud provider and CSI for vSphere (#5959)
• Add CSI controller for Openstack Cinder (#5184)
• Add CSI controller for Azure disk (#5833)
• Add CSI controller for Google Cloud (#5857)
• Add CSI controller for AWS EBS (#5549)
• Add support for AWLS ALB Ingress controller (#5489)

Container managers

• Add configuration for containerd runtimes (#5497)
• Added proxy support for containerd (#5583)
• CRI-O packages from Kubic repositories(#6008)

Network

N/A

Other note worthy changes

• Add support to download all on one host and distribute on cluster nodes (#5697)
• PodSecurityPolicies configurable (#5920)
• contrib/terraform/openstack: Allow free form work node defintion (#5952)
• contrib/terraform/openstack: Allow use of existing router (#5890)
• Support configuring the Calico iptables insert mode (#5473)
• Allows to configure additionnal zones on nodelocaldns for domains not resolved by upstream_dns_servers. (#5591)
• Improved deploy time in large clusters (#5955 and #5957)
• Improved support for mitogen (#5985)
• Calico usage report disabled now by default (#6030)

Component versions:

• Kubernetes v1.17.5
• Etcd 3.3.12
• Docker 18.06
• containerd 1.2.13
• Cri-O 1.17
• CNI-plugins v0.8.5
• Calico v3.13.2
• Cilium 1.7.2
• Contiv 1.2.1
• Flannel 0.12.0
• Kube-Router 0.4.0
• Multus 3.4.1
• kube-ovn 1.10
• Weave 2.6.2
• CoreDNS 1.6.5
• nodelocaldns 1.15.12
• Helm 3.1.2
• nginx-ingress 0.30.0
• cert-manager 0.11.1
• Kubernetes Dashboard v2.0.0
• Oracle OCI: v0.7.0

Known issues

N/A

Notes

N/A

v2.12.6

This release includes the following changes:

• Kubernetes v1.16.9 (#6032)
• Fix scaling etcd and master (#5911)

v2.12.5

This release includes the following changes:

• containerd v1.2.13 (#5727)
• Fix certificates checking when adding etcd node to existing k8s node (#5826)
• Fix failures in network connection cleanup in kube-proxy (#5828)
• Add support for FlatCar Linux (#5818)
• Add proxy support to containerd, add kube_service_addresses / kube_pods_subnet to no_proxy (#5830)