v1.27.0-beta.1

What's Changed

• Remove obsolete etcd versions by @hakman in #15112
• Update runc to v1.1.7 by @hakman in #15375
• Update release-process.md by @hakman in #15432
• Bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in #15437
• Update dependencies by @hakman in #15433
• Update CNI plugins to v1.2.0 for K8s 1.27+ by @hakman in #15434
• OpenStack: Use task engine to retry failed servers by @ederst in #15301
• OpenStack: Set FloatingIP support if router spec exists by @ederst in #15423
• fix(cilium): install CNI plugin binary in an InitContainer by @anthonyhaussman in #15336
• Refactor: rename IsGossip -> UsesLegacyGossip by @justinsb in #15438
• OpenStack: Build InstanceGroup despite missing IP by @ederst in #15300
• Minor update to docs by @srikiz in #15439
• OpenStack: Use interface attach when reconciling server ports by @ederst in #15299
• Update calico and canal to 3.25.1 by @zetaab in #15445
• update cluster-proportional-autoscaler to v1.8.8 by @zetaab in #15446
• feat(hetzner): bump cloud-controller-manager and csi-driver by @AlexLast in #15440
• scaleway: none DNS option available by @Mia-Cross in #15422
• Spotinst: add feature spread nodes by count/vcpu to markets by @yehielnetapp in #15424
• Update Cilium to v1.12.10 by @hakman in #15449
• Bump cert-manager addon to v1.12.1 (latest release) by @moshevayner in #15450
• Update dependencies by @github-actions in #15452
• update coredns to 1.10.1 by @zetaab in #15447
• kops-controller: Return http.StatusConflict only when node is ready by @hakman in #15456
• docs(release): add improved security of metrics-server note to 1.19 by @agilgur5 in #15327
• Upgrade external-dns to v0.13.5 by @johngmyers in #15457
• Update etcd to v3.5.9 by @hakman in #15436
• Default to dns=none for hetzner and digitalocean by @justinsb in #15460
• Update dependencies by @github-actions in #15461
• Bump actions/dependency-review-action from 3.0.4 to 3.0.6 by @dependabot in #15469
• etcd-manager: Add back etcd v3.5.7 binaries by @hakman in #15471
• chore: remove refs to deprecated io/ioutil by @testwill in #15476
• GCP Terraform: enable create_before_destroy in instance templates by @tesspib in #15478
• fix: CVE-2023-2253 CVE-2022-41723 by @testwill in #15477
• Add RHEL9 support by @jsafrane in #15481
• Increase verbosity level of log message about object ACLs by @tesspib in #15483
• Update dependencies by @github-actions in #15484
• scaleway: use latest version of the ccm by @Mia-Cross in #15486
• Make create args for scale testing configurable in the run-test.sh by @prateekgogia in #15482
• Add additional config for node local dns by @zetaab in #15466
• Fix Amazon ECR endpoint in China by @alasdairtran in #15490
• Hetzner LoadBalancer: support adding services by @justinsb in #15491
• Bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #15492
• Use Ubuntu 22.04 (Jammy) as the default distro for K8s 1.27+ by @hakman in #15475
• Use API internal name as TLS server name in kubeconfig by @hakman in #15462
• Use kops-controller on hetzner, even with gossip by @justinsb in #15493
• New OpenStack security group rules for metrics by @fchiacchiaretta in #15479
• Update Spot Ocean controller to the latest version -> 1.0.94 by @oded7hoffman in #15497
• [doc] Update s3api command to create OIDC bucket by @h3poteto in #15498
• scaleway: use kops controller for bootstrap by @Mia-Cross in #15474
• Debian 12 Bookworm: Fix DNS resolution by @ReillyBrogan in #15502
• Update dependencies by @github-actions in #15505
• Update containerd to v1.7.2 by @hakman in #15507
• Update Go to v1.20.5 by @hakman in #15501
• Update pause image to v3.9 by @hakman in #15506
• Don't set up masquerade if NonMasqueradeCIDR is /0 by @johngmyers in #15037
• Rename kops-copy to kops-utils-cp by @hakman in #15509
• Release 1.27.0-beta.1 by @hakman in #15510

New Contributors

• @testwill made their first contribution in #15476
• @prateekgogia made their first contribution in #15482
• @alasdairtran made their first contribution in #15490
• @fchiacchiaretta made their first contribution in #15479

Full Changelog: v1.27.0-alpha.2...v1.27.0-beta.1

v1.26.4

What's Changed

• Update Go to v1.19.9 by @hakman in #15381
• Automated cherry pick of #15387: bump aws cni to 1.12.6 by @moshevayner in #15388
• Automated cherry pick of #15360: If the Cluster Name is not default the hubble relay shows TLS by @hakman in #15397
• Automated cherry pick of #15389: Support Cilium operator pod annotations by @hakman in #15390
• Automated cherry pick of #15319: Update containerd to v1.6.20
  #15358: update runc to 1.1.7
  #15378: Update containerd to v1.6.21 by @hakman in #15391
• Automated cherry pick of #15348: makefile: use go run to execute ko
  #15380: Update ko to v0.13.0 by @hakman in #15392
• Automated cherry pick of #15336: fix(cilium): install CNI plugin binary in an InitContainer by @hakman in #15443
• Automated cherry pick of #15462: Use API internal name as TLS server name in kubeconfig by @hakman in #15494
• Automated cherry pick of #15501: Update Go to v1.20.5 by @hakman in #15503
• Automated cherry pick of #15502: Debian 12 Bookworm: Fix DNS resolution by @hakman in #15504
• Release 1.26.4 by @hakman in #15511

Full Changelog: v1.26.3...v1.26.4

v1.27.0-alpha.2

What's Changed

• v1alpha3: Move GCE-specific CloudConfig settings to GCESpec by @johngmyers in #14837
• Update min versions for 1.27 by @johngmyers in #14869
• OWNERS needs to be synced to k8s.io by @johngmyers in #14872
• Fix file extension of 1.27 release notes by @johngmyers in #14873
• v1alpha3: Move AWS-specific CloudConfig settings to AWSSpec by @johngmyers in #14874
• Include kops-controller logs in toolbox dump by @johngmyers in #14876
• Simplify pointers to maps in API by @johngmyers in #14878
• Use short service name with discovery labels by @hakman in #14880
• Fix ingress status for loadbalancers that does not have publicname by @zetaab in #14888
• Include SSHCredentials in create cluster dryrun output by @johngmyers in #14897
• Documentation updates by @johngmyers in #14901
• APIServer nodes need cloudconfig by @johngmyers in #14882
• Etcd domains are now under .internal. by @johngmyers in #14902
• Improve validation of API loadbalancer specs by @johngmyers in #14883
• set loadbalancer configs before initializing the OS clients by @zetaab in #14887
• Update dependencies by @github-actions in #14906
• APIServer nodes also need apiserverAdditionalIPs by @johngmyers in #14907
• Move networking validations inside validateNetworking() by @johngmyers in #14881
• Make IsValidValue more useful for enum types by @johngmyers in #14909
• Don't require subnets on DO and Hetzner by @johngmyers in #14914
• Reduce use of cluster topology field by @johngmyers in #14915
• Add Context arg to vfs ReadFile by @justinsb in #14925
• Refactor away from using Cluster object in nodeup by @johngmyers in #14870
• OpenStack: include cloud config in normal nodes by @zetaab in #14932
• Improve error message when trying to use IPv6 with amazonvpc networking by @johngmyers in #14937
• Pull pki.Keystore out of fi.KeystoreReader by @johngmyers in #14935
• Use NodeupConfig for container-runtime configuration by @johngmyers in #14936
• Prune admission webhooks by @johngmyers in #14929
• Temporarily disable cluster-autoscaler in many-addons test by @johngmyers in #14934
• Do not include tags when searching existing volumes in OpenStack by @zetaab in #14923
• Don't tag public subnets for internal LBs in IPv6 clusters by @johngmyers in #14941
• gce: try to avoid concurrent IAM project operations by @justinsb in #14912
• Use NodeupConfig for kube-proxy config by @johngmyers in #14943
• Miscellaneous NodeupConfig refactoring by @johngmyers in #14947
• vfs: don't cache bucketDetails in S3Path by @justinsb in #14945
• Support multiple terraform file providers by @justinsb in #14926
• Refactor to reduce vfs -> terraformWriter dependency by @justinsb in #14944
• EnsureTask should panic by @justinsb in #14927
• Refactor terraform provider version logic by @justinsb in #14948
• v1alpha3: Move IG root volume settings to sub-struct by @johngmyers in #14885
• Bump cluster autoscaler to 1.26.1 by @olemarkus in #14952
• Allow built-in manifests to be replaced by external addons by @justinsb in #14955
• Revert "Temporarily disable cluster-autoscaler in many-addons test" by @olemarkus in #14953
• Update dependencies by @github-actions in #14957
• kubetest2-kops: include stderr when calling kops toolbox dump by @justinsb in #14958
• move openstack cloud config to k8s secrets by @zetaab in #14959
• kubetest: pass through KOPS_ARCH if set by @justinsb in #14961
• gce: KCM should not allocate IPs when CCM is in use. by @justinsb in #14962
• Bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #14964
• Fix kops version command when dev-building nodeup by @zcahana in #14965
• Bump EBS CSI driver to 1.14.1 by @olemarkus in #14966
• Upgrade k8s-dns-node-cache to 1.22.16 by @johngmyers in #14951
• Exit rolling updates when encountering specific errors by @jandersen-plaid in #14194
• scaleway: remove location environment variables by @Mia-Cross in #14972
• aws: Set IMDS defaults for existing clusters by @hakman in #14879
• Run pods needing control-plane instance credentials on hostNetwork by @johngmyers in #14913
• Update containerd to v1.6.15 by @hakman in #14974
• Feat(ca): priority expander config by @chubchubsancho in #14519
• Bump cert-manager to 1.10.2 by @olemarkus in #14981
• Update Go to v1.19.5 by @hakman in #14978
• Update release notes for kOps v1.26 by @hakman in #14860
• Use state store for nodeup.Config in Gossip clusters by @johngmyers in #14983
• AWS: set IMDS hop limit 1 on all new clusters by @johngmyers in #14884
• Populate cluster with default values in kops replace by @dimamo5 in #14920
• Infer the dns suffix from the cluster name for etcd-manager by @hakman in #14986
• OpenStack: Add support for clusters without DNS by @zetaab in #14930
• Update dependencies by @github-actions in #14990
• openstack: use subnet type instead of topology by @johngmyers in #14916
• Remove the SpecOverrideFlag feature flag by @hakman in #14839
• Rename version.go to kops-version.go by @johngmyers in #14993
• Add release note about CAS expander config by @olemarkus in #14998
• Use kops-controller to boostrap nodes in OpenStack by @zetaab in #14999
• Bump actions/dependency-review-action from 3.0.2 to 3.0.3 by @dependabot in #15005
• v1alpha3: Move most OIDC settings to authentication.oidc by @johngmyers in #14894
• Run kops-controller server on non-leaders as well by @johngmyers in #15002
• Move some networking settings to nodeup.Config by @johngmyers in #15004
• Upgrade AWS CCM to 1.25.2 by @johngmyers in #15011
• update OpenStack node identifier to use Identifier by @zetaab in #15006
• support multiple ConfigServers by @zetaab in #15000
• Move more networking settings into nodeup.Config by @johngmyers in #15016
• fix(sec): upgrade gopkg.in/yaml.v3 to 3.0.0 by @chncaption in #15021
• Upgrade Node Termination Handler to 1.18.3 by @johngmyers in #15020
• scaleway: refactoring: instance and tags by @Mia-Cross in #15022
• Update dependencies by @github-actions in #15026
• Fix LBC e2e after dropping override feature flag by @olemarkus in #15029
• Upgrade AWS LBC to v2.4.6 by @johngmyers in #15030
• gce cloud-controller-manager: Add nodes/patch permission by @justinsb in #15031
• Validate nonMasqueradeCIDR doesn't overlap additionalNetworkCIDRs by @johngmyers in #14997
• nodeup: don't set up masquerade if nonMasqueradeCIDR not set by @justinsb in #15033
• tests: Capture iptables chains by @justinsb in #15039
• Load e...

v1.26.3

Release v1.26.3

What's Changed

• Automated cherry pick of #14952: Bump cluster autoscaler to 1.26.1 by @hakman in #15222
• Automated cherry pick of #15235: Add terraform rendering to GCP HTTP Health Check
  #15237: gcp: Add placeholder integration test for public load by @hakman in #15239
• Automated cherry pick of #15231: Initial support for Debian 12 Bookworm by @hakman in #15236
• Automated cherry pick of #15238: aws: Use control-plane for additional policies instead of by @hakman in #15242
• Automated cherry pick of #15244: Fix behaviour for kops export kubeconfig --internal by @hakman in #15246
• Automated cherry pick of #15249: switch to use registry.k8s.io images for openstack by @zetaab in #15250
• Automated cherry pick of #15248: bump aws cni to 1.12.5 and align with vendor chart by @hakman in #15255
• Automated cherry pick of #15102: Retry creating failed OpenStack servers by @ederst in #15260
• Automated cherry pick of #15270: Update kube-router to v1.5.3 by @hakman in #15272
• Automated cherry pick of #15275: AWS: Check if vpc_ipv6_cidr_block is an empty string by @hakman in #15309
• Automated cherry pick of #15311: Increase max_map_count in sysctls.go by @hakman in #15313
• Automated cherry pick of #15314: Upgrade k8s-dns-node-cache to 1.22.20 by @hakman in #15315
• Release 1.26.3 by @johngmyers in #15371

Full Changelog: v1.26.2...v1.26.3

v1.26.2

Significant changes

• The default networking provider for new clusters is now Cilium.

• Control-plane instance groups in new clusters are now created with names starting
  with "control-plane-". The names of groups for existing clusters are unchanged.

• The channels CLI that kOps use to manage addons is now bundled with the kOps binary. These commands are useful for addon diagnostics and troubleshooting. For example, to list installed addons, run kops toolbox addons get addons.

• Since kOps 1.24, by default during rolling updates, kOps will time out after
  spending 15 minutes on an InstanceGroup (instead of hanging indefinitely on
  eviction errors), proceeding to the next InstanceGroup after timing out.
  As of kOps 1.26, rolling updates will not proceed if a cluster validation
  error is encountered while updating an InstanceGroup.

AWS

• Clusters can be created without DNS or Gossip, by using the --dns=none flag.

• Bastions are now fronted by a Network Load Balancer.

• Instance group images can now be dynamically fetched through an AWS SSM Parameter.

• The AWS Load Balancer, when enabled, will run on worker nodes if IRSA is enabled as of Kubernetes version 1.24.

• As of Kubernetes version 1.26 and with IRSA enabled, control plane nodes will now run with a max hop limit of 1 for the metadata service. This will prevent Pods without host networking from accessing the instance metadata service.

• IPv6 is now beta. New IPv6 clusters now default to using private topology.

• CapacityRebalance can be enabled/disabled on ASGs through a new capacityRebalance field in InstanceGroup specs.

• New clusters can more easily be configured to use Cilium in ENI mode by setting --networking=cilium-eni.

• Node Termination Handler now defaults to Queue-Processor mode. It also now enables Scheduled Event Draining by default.

• Node Termination Handler, when in Queue-Processor mode, no longer drains on rebalance recommendations unless configured to do so.

• When an S3 bucket for Service Account Issuer Discovery (IRSA) is public, kOps no longer sets object-level ACLs on the files placed therein.

GCP

• Clusters can be created without DNS or Gossip, by using the --dns=none flag (experimental).

• The default instance type is now e2-medium for control-plane and worker nodes, and e2-micro for bastions.

Hetzner

• Clusters can be created without DNS or Gossip, by using the --dns=none flag.

OpenStack

• Clusters can be created without DNS or Gossip, by using the --dns=none flag.

• When creating new clusters kOps now sets the cluster name flag for the external OpenStack cloud controller (OCCM) and the Cinder CSI plugin.

Other changes of note

• containerd config is now written to /etc/containerd/config.toml.

• Cilium can be configured to add unreachable route for pod IP on deletion.

Breaking changes

Other breaking changes

• Support for Kubernetes version 1.20 has been removed.

• Support for CloudFormation has been removed.

• The experimental support for using Vault as a state store has been removed.

• Support for automated reboots with Flatcar has been removed. Use FLUO instead, to gracefully reboot nodes.

• The "external" networking option is not supported for Kubernetes 1.26 or later. For "bring your own"
  CNIs, use the "cni" networking option instead.

• If the cluster autoscaler is configured to use the priority expander, kOps will automatically create its ConfigMap. If you still want to manage the ConfigMap manually, set spec.clusterAutoscaler.createPriorityExpanderConfig: false. See the documentation for more details.

Deprecations

• The "kops get [CLUSTER]" command is deprecated. It is replaced by "kops get all [CLUSTER]".

• Support for Kubernetes version 1.21 is deprecated and will be removed in kOps 1.27.

• Support for Kubernetes version 1.22 is deprecated and will be removed in kOps 1.28.

• Support for Ubuntu 18.04 is deprecated and will be removed in kOps 1.28.

• Support for AWS Classic Load Balancer for API is deprecated and should not be used for newly created clusters.

• All legacy addons are deprecated in favor of managed addons, including the metrics server addon and the autoscaler addon.

Help Wanted

• kOps needs maintainers for Canal, Flannel, Kube-Router, and Spotinst to keep versions up to date and move the integration from experimental to stable.
  If no volunteers step up by the time kOps 1.27 is released, support will be phased out.

What's Changed

• support for scaleway in s3 buckets by @Mia-Cross in #14214
• AWS IAM Role listing: don't ignore "other" errors by @justinsb in #14215
• Some minor docs fixes by @olemarkus in #14221
• Update dependencies by @github-actions in #14222
• Remove warning for FindClusterStatus not implemented for Hetzner by @hakman in #14223
• Add support for installing dcgm exporter by @olemarkus in #14203
• Release notes for 1.23.4 by @justinsb in #14230
• Makefile: Don't assume GOBIN is set by @justinsb in #14232
• Release notes for 1.24.2 by @justinsb in #14231
• Update Calico and Canal to v3.24.1 by @hakman in #14225
• Update Flannel to v0.19.2 by @hakman in #14226
• applylib: Better health checking by @justinsb in #14234
• Bump cluster-autoscaler images by @olemarkus in #14235
• Allow cert-manager the privileges needed to resolve dns-01 challenges by @olemarkus in #14229
• GCE: change default control-plane instance type to e2-medium by @justinsb in #14233
• Small release notes cleanup for 1.25 by @olemarkus in #14237
• Add suport to --cordon-node-before-terminating autoscaler flag by @dcfranca in #14236
• Fix openstack tag limitation by @akkina2107 in #13853
• Bump versions in netlify and mkdocs by @rifelpet in #14248
• aws-node-termination-handler to match node using providerID instead of AWS DNS name by @anthonyhaussman in #14244
• Update dependencies by @github-actions in #14250
• kOps managed OIDC provider is no longer needed for IRSA by @olemarkus in #14243
• Update recommended kOps versions in alpha and stable by @moshevayner in #14252
• AWS LBC needs ec2:DescribeVpcPeeringConnections for IPv6 by @johngmyers in #14255
• Add back missing permissions for legacy CCM. Again. by @olemarkus in #14253
• Fix CAS cordon flag by @olemarkus in #14254
• Bump verbosity level for some log statements by @olemarkus in #14260
• Warm pool-enabled ASGs scaled to zero will no longer panic by @olemarkus in #14251
• Bump aws-cni to v1.11.4 by @moshevayner in #14265
• aws-cni clusterRole fix by @moshevayner in #14272
• bump k8s versions in alpha with September releases by @moshevayner in #14278
• rolling-update: don't deregister our only apiserver by @justinsb in #13163
• Update dependencies by @github-actions in #14280
• Delete the oldest servers when over the desired count for Hetzner by @hakman in #14282
• Release notes for 1.24.3 by @olemarkus in #14281
• [Docs] Fix karpenter link by @jorge07 in #14284
• Bump stable and alpha channels with latest k8s/kops releases by @olemarkus in #14288
• Prevent kops edit cluster from writing the populated IG spec to state store by @olemarkus in #14287
• User IG without image should be allowed by @olemarkus in #14290
• Remove k8s GTE 1.20 checks as it is always true by @olemarkus in #14291
• Add support for using an existing network for Hetzner by @hakman in #14294
• Update Hetzner CCM to v1.13.0 by @hakman in #14297
• hetzner: Move out of alpha and drop feature flag by @hakman in #14299
• Add release 1.25.0 to channels by @hakman in #14306
• Release notes for 1.25.0 by @hakman in #14305
• Remove support for K8s 1.20 by @olemarkus in #14307
• Hetzner: Generate CCM args from external CCM config by @hakman in ht...

v1.25.4

What's Changed

• Automated cherry pick of #14667: We no longer release an images.tar.gz by @hakman in #14673
• Automated cherry pick of #14704: Update OWNERS files by @hakman in #14757
• Automated cherry pick of #14734: Update etcd to v3.5.6
  #14752: Update etcd-manager to v3.0.20221209 by @hakman in #14755
• Automated cherry pick of #14779: Update Go to v1.19.4 by @hakman in #14780
• Update dependencies by @hakman in #14781
• Automated cherry pick of #14782: Update containerd to v1.6.12 by @hakman in #14783
• Automated cherry pick of #14789: Update containerd to v1.6.13 by @hakman in #14790
• Automated cherry pick of #14815: Update containerd to v1.6.14 by @hakman in #14816
• Automated cherry pick of #14848: Validate control-plane IG size by @hakman in #14849
• Automated cherry pick of #14880: Use short service name with discovery labels by @johngmyers in #14895
• Automated cherry pick of #14902: etcd domains are now under .internal. by @johngmyers in #14904
• Automated cherry pick of #14974: Update containerd to v1.6.15 by @hakman in #14976
• Automated cherry pick of #14978: Update Go to v1.19.5 by @hakman in #14980
• Automated cherry pick of #14993: Rename version.go to kops-version.go by @johngmyers in #14994
• Automated cherry pick of #15002: Run kops-controller server on non-leaders as well by @johngmyers in #15010
• Automated cherry pick of #15011: Upgrade AWS CCM to 1.25.2 by @johngmyers in #15013
• Automated cherry pick of #15072: Update containerd to v1.6.16 by @hakman in #15074
• Automated cherry pick of #15088: Update etcd to v3.5.7 by @hakman in #15089
• Automated cherry pick of #15096: Use ubuntu18.04 repos for nvidia-container-toolkit by @zetaab in #15101
• Automated cherry pick of #15105: aws: Remove S3 region validation by @hakman in #15107
• Automated cherry pick of #15134: Use registry.k8s.io for legacy addons by @hakman in #15137
• Automated cherry pick of #15131: Update containerd to v1.6.17 by @hakman in #15133
• Automated cherry pick of #15153: Add terraform target support for configuring Warm Pool by @hakman in #15155
• Automated cherry pick of #15160: Update Go to v1.19.6 by @hakman in #15162
• Automated cherry pick of #15169: update openstack csi & ccm versions by @zetaab in #15171
• Automated cherry pick of #15159: Update containerd to v1.6.18 by @hakman in #15164
• Automated cherry pick of #15040: gce: When using network native pod IPs, open firewall to by @hakman in #15189
• Automated cherry pick of #15198: Update Go to v1.19.7 by @hakman in #15200
• Release 1.25.4 by @hakman in #15202

Full Changelog: v1.25.3...v1.25.4

v1.26.0-beta.2

Release v1.26.0-beta.2 (draft)

What's Changed

• Automated cherry pick of #14888: Fix ingress status for loadbalancers that does not have by @zetaab in #14890
• Automated cherry pick of #14880: Use short service name with discovery labels by @johngmyers in #14892
• Automated cherry pick of #14897: Include SSHCredentials in create cluster dryrun output by @johngmyers in #14900
• Automated cherry pick of #14902: etcd domains are now under .internal. by @johngmyers in #14903
• Automated cherry pick of #14887: set loadbalancer configs before initializing the OS by @zetaab in #14889
• Automated cherry pick of #14907: APIServer nodes also need apiserverAdditionalIPs by @johngmyers in #14908
• Don't expose v1alpha3 API by @johngmyers in #14893
• Automated cherry pick of #14937: Improve error message when trying to use IPv6 with amazonvpc by @johngmyers in #14938
• Automated cherry pick of #14923: Do not include tags when searching existing volumes in by @zetaab in #14924
• Automated cherry pick of #14929: Prune admission webhooks by @johngmyers in #14940
• Automated cherry pick of #14941: Don't tag public subnets for internal LBs in IPv6 clusters by @johngmyers in #14942
• Automated cherry pick of #14966: Bump EBS CSI driver to 1.14.1 by @johngmyers in #14967
• Automated cherry pick of #14951: Upgrade k8s-dns-node-cache to 1.22.16 by @johngmyers in #14968
• Automated cherry pick of #14194: Add a flag to rolling update to fail immediately on IG by @olemarkus in #14970
• Automated cherry pick of #14974: Update containerd to v1.6.15 by @hakman in #14975
• Automated cherry pick of #14913: Run pods needing control-plane instance credentials on by @johngmyers in #14977
• Automated cherry pick of #14978: Update Go to v1.19.5 by @hakman in #14979
• Update dependencies for kOps 1.26 by @hakman in #14982
• Automated cherry pick of #14983: Use state store for nodeup.Config in Gossip clusters by @hakman in #14984
• Automated cherry pick of #14920: Populate cluster with default values in kops replace by @hakman in #14985
• Automated cherry pick of #14519: feat(cluster-autoscaler): autogenerate priority-expander by @olemarkus in #14971
• Automated cherry pick of #14986: Infer the dns suffix from the cluster name for by @hakman in #14987
• Automated cherry pick of #14930: no dns for OpenStack by @hakman in #14989
• Release 1.26.0-beta.2 by @johngmyers in #14992

Full Changelog: v1.26.0-beta.1...v1.26.0-beta.2

v1.27.0-alpha.1

What's Changed

• Disallow use of admissionControl as of k8s 1.26 by @johngmyers in #14670
• We no longer release an images.tar.gz by @johngmyers in #14667
• Update release process by @hakman in #14675
• Update Calico documentation and validation by @johngmyers in #14671
• Don't disable AWS src/dst checks in Calico IPv6 by @johngmyers in #14672
• Remove obsolete document by @johngmyers in #14678
• Bump peter-evans/create-pull-request from 4.2.0 to 4.2.2 by @dependabot in #14681
• Apply: Migration from CSA to SSA; set operation and merge by @justinsb in #14626
• aws: remove obsolete workaround code by @johngmyers in #14684
• Refactor terraformWriter.Literal by @johngmyers in #14680
• Refactor IPv6 use of terraformWriter.Literal by @johngmyers in #14686
• Add id_ed25519 to auto-loaded ssh keys by @Mia-Cross in #14638
• Revert "Calico: Work around host port/conntrack problem" by @johngmyers in #14685
• v1alpha3: document field name changes by @johngmyers in #14688
• v1alpha3: use new terminology for kubelet config by @johngmyers in #14669
• v1alpha3: fix miscellaneous capitalization by @johngmyers in #14689
• Remove support for using Vault as state store by @hakman in #14692
• Use newer terminology in validation by @johngmyers in #14697
• Fix edit.HasExtraFields() by @johngmyers in #14696
• Stop trying to populate arbitrary cluster fields from the channel by @johngmyers in #14691
• Fix Cilium ENI ipam by @olemarkus in #14694
• Refactor writing of terraform block by @johngmyers in #14698
• Update dependencies by @github-actions in #14705
• aws: Skip Route53 cleanup for clusters without DNS by @hakman in #14707
• Update OWNERS files by @hakman in #14704
• gce: Add integration tests for clusters with many addons by @hakman in #14712
• metrics-server: Set preferred address type to InternalIP when non AWS by @hakman in #14709
• Bump actions/setup-go from 3.3.1 to 3.4.0 by @dependabot in #14716
• Bump peter-evans/create-pull-request from 4.2.2 to 4.2.3 by @dependabot in #14717
• Use AWS CCM 1.26.0-alpha.1 for k8s 1.26 clusters by @olemarkus in #14718
• Refactor writing of Terraform data sources by @johngmyers in #14713
• Expose channels through CLI by @olemarkus in #14072
• A couple of static checks cleanups by @olemarkus in #14719
• gce: Set AUTOSCALER_ENV_VARS in instance template metadata by @hakman in #14703
• upgrade authentication.aws to v0.5.12 by @nnmin-aws in #14720
• Upgrade Node Termination Handler to 1.18.1 and fix some issues by @johngmyers in #14715
• gce: Update default instance types by @hakman in #14701
• gce: Allow metrics-server to access kubelet API by @hakman in #14722
• Scaleway create cluster by @Mia-Cross in #14641
• gce: Update cluster-autoscaler config by @hakman in #14700
• Refactor ListResources to not require passing the Cluster object by @hakman in #14724
• Update documentation and validation for Cilium by @johngmyers in #14676
• Refactor writing Terraform resources by @johngmyers in #14723
• v1alpha3: move networking fields under networking by @johngmyers in #14706
• Change default for NTH Queue Processor mode to enabled by @johngmyers in #14721
• Allow cluster-autoscaler to run on spot if nothing else is available by @johngmyers in #14593
• scaleway: migrate account API to IAM API by @Mia-Cross in #14733
• Update etcd to v3.5.6 by @hakman in #14734
• aws: Use EnsureTask to reference shared target groups by @hakman in #14737
• Make curl fail on 404 in scenario tests by @olemarkus in #14740
• aws: Add support for managing target group attributes by @hakman in #14738
• OpenStack: Refactor Load Balancer builder by @olemarkus in #14742
• kops-controller: increase verbosity level on logs in gossip controller by @olemarkus in #14745
• bump k8s versions and ubuntu ami version in alpha channel by @moshevayner in #14747
• Overflow wrap the content column so content doesn't go under right sidebar and not be readable by @NorseGaud in #14746
• Enable NTH Scheduled Event Draining by default by @johngmyers in #14750
• trying to fix the broken list items for ECR permissions by @NorseGaud in #14748
• Bump kOps versions in alpha and stable channels by @hakman in #14751
• Update etcd-manager to v3.0.20221209 by @hakman in #14752
• Promote alpha channel to stable by @hakman in #14754
• Refactor writing Terraform providers by @johngmyers in #14730
• Update dependencies by @hakman in #14762
• Refactor writing Terraform outputs, etc. by @johngmyers in #14763
• Bump cilium version to 1.12.4 by @olemarkus in #14732
• Bump EBS CSI driver to 1.13.0 by @olemarkus in #14770
• Rename field from ManagedFile.Public to ManagedFile.PublicACL by @hakman in #14775
• Update Go to v1.19.4 by @hakman in #14779
• Update containerd to v1.6.12 by @hakman in #14782
• Introduce context.Context into some of our "Context" objects by @justinsb in #14778
• scaleway : nodeidentity by @Mia-Cross in #14736
• Guess cloud provider from state store path by @hakman in #14768
• Get AWS zones list from AWS SDK by @johngmyers in #14683
• Calico: Don't try to upgrade IPAM in IPv6 clusters by @johngmyers in #14773
• OpenStack: allow no lbclient when checking for vipacl by @olemarkus in #14743
• Update GCE integration tests by @hakman in #14786
• gce: Add support for clusters without DNS by @hakman in #14769
• Update containerd to v1.6.13 by @hakman in #14789
• scaleway: list and delete resources by @Mia-Cross in #14731
• Update dependencies by @github-actions in #14793
• Always use load balancer address in kubeconfig by @hakman in #14729
• Upgrade AWS CCM to v1.26.0 by @johngmyers in #14794
• Don't drain on rebalance recommendations in SQS mode unless configured by @johngmyers in #14771
• Upgrade older AWS CCM minor versions by @johngmyers in #14795
• NTH: add API validation against unsupported option configurations by @johngmyers in #14796
• Support public buckets for serviceAccountIssuers on S3 by @johngmyers in #14799
• Always include load balancer domain in APIServer certificate by @johngmyers in #14800
• NTH: Remove unnecessary configuration in Queue Processor mode by @johngmyers in #14792
• Bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #14803
• Bump actions/setup-go from 3.4.0 to 3.5.0 by @dependabot in #14802
• Bump actions/dependency-review-action from 3.0.1 to 3.0.2 by @dependabot in #14801
• Bump metrics-server to 0.6.2 by @johngmyers in https://github.com/kubernetes/kops/pull/...

v1.26.0-beta.1

What's Changed

• Disallow use of admissionControl as of k8s 1.26 by @johngmyers in #14670
• We no longer release an images.tar.gz by @johngmyers in #14667
• Update release process by @hakman in #14675
• Update Calico documentation and validation by @johngmyers in #14671
• Don't disable AWS src/dst checks in Calico IPv6 by @johngmyers in #14672
• Remove obsolete document by @johngmyers in #14678
• Bump peter-evans/create-pull-request from 4.2.0 to 4.2.2 by @dependabot in #14681
• Apply: Migration from CSA to SSA; set operation and merge by @justinsb in #14626
• aws: remove obsolete workaround code by @johngmyers in #14684
• Refactor terraformWriter.Literal by @johngmyers in #14680
• Refactor IPv6 use of terraformWriter.Literal by @johngmyers in #14686
• Add id_ed25519 to auto-loaded ssh keys by @Mia-Cross in #14638
• Revert "Calico: Work around host port/conntrack problem" by @johngmyers in #14685
• v1alpha3: document field name changes by @johngmyers in #14688
• v1alpha3: use new terminology for kubelet config by @johngmyers in #14669
• v1alpha3: fix miscellaneous capitalization by @johngmyers in #14689
• Remove support for using Vault as state store by @hakman in #14692
• Use newer terminology in validation by @johngmyers in #14697
• Fix edit.HasExtraFields() by @johngmyers in #14696
• Stop trying to populate arbitrary cluster fields from the channel by @johngmyers in #14691
• Fix Cilium ENI ipam by @olemarkus in #14694
• Refactor writing of terraform block by @johngmyers in #14698
• Update dependencies by @github-actions in #14705
• aws: Skip Route53 cleanup for clusters without DNS by @hakman in #14707
• Update OWNERS files by @hakman in #14704
• gce: Add integration tests for clusters with many addons by @hakman in #14712
• metrics-server: Set preferred address type to InternalIP when non AWS by @hakman in #14709
• Bump actions/setup-go from 3.3.1 to 3.4.0 by @dependabot in #14716
• Bump peter-evans/create-pull-request from 4.2.2 to 4.2.3 by @dependabot in #14717
• Use AWS CCM 1.26.0-alpha.1 for k8s 1.26 clusters by @olemarkus in #14718
• Refactor writing of Terraform data sources by @johngmyers in #14713
• Expose channels through CLI by @olemarkus in #14072
• A couple of static checks cleanups by @olemarkus in #14719
• gce: Set AUTOSCALER_ENV_VARS in instance template metadata by @hakman in #14703
• upgrade authentication.aws to v0.5.12 by @nnmin-aws in #14720
• Upgrade Node Termination Handler to 1.18.1 and fix some issues by @johngmyers in #14715
• gce: Update default instance types by @hakman in #14701
• gce: Allow metrics-server to access kubelet API by @hakman in #14722
• Scaleway create cluster by @Mia-Cross in #14641
• gce: Update cluster-autoscaler config by @hakman in #14700
• Refactor ListResources to not require passing the Cluster object by @hakman in #14724
• Update documentation and validation for Cilium by @johngmyers in #14676
• Refactor writing Terraform resources by @johngmyers in #14723
• v1alpha3: move networking fields under networking by @johngmyers in #14706
• Change default for NTH Queue Processor mode to enabled by @johngmyers in #14721
• Allow cluster-autoscaler to run on spot if nothing else is available by @johngmyers in #14593
• scaleway: migrate account API to IAM API by @Mia-Cross in #14733
• Update etcd to v3.5.6 by @hakman in #14734
• aws: Use EnsureTask to reference shared target groups by @hakman in #14737
• Make curl fail on 404 in scenario tests by @olemarkus in #14740
• aws: Add support for managing target group attributes by @hakman in #14738
• OpenStack: Refactor Load Balancer builder by @olemarkus in #14742
• kops-controller: increase verbosity level on logs in gossip controller by @olemarkus in #14745
• bump k8s versions and ubuntu ami version in alpha channel by @moshevayner in #14747
• Overflow wrap the content column so content doesn't go under right sidebar and not be readable by @NorseGaud in #14746
• Enable NTH Scheduled Event Draining by default by @johngmyers in #14750
• trying to fix the broken list items for ECR permissions by @NorseGaud in #14748
• Bump kOps versions in alpha and stable channels by @hakman in #14751
• Update etcd-manager to v3.0.20221209 by @hakman in #14752
• Promote alpha channel to stable by @hakman in #14754
• Refactor writing Terraform providers by @johngmyers in #14730
• Update dependencies by @hakman in #14762
• Refactor writing Terraform outputs, etc. by @johngmyers in #14763
• Bump cilium version to 1.12.4 by @olemarkus in #14732
• Bump EBS CSI driver to 1.13.0 by @olemarkus in #14770
• Rename field from ManagedFile.Public to ManagedFile.PublicACL by @hakman in #14775
• Update Go to v1.19.4 by @hakman in #14779
• Update containerd to v1.6.12 by @hakman in #14782
• Introduce context.Context into some of our "Context" objects by @justinsb in #14778
• scaleway : nodeidentity by @Mia-Cross in #14736
• Guess cloud provider from state store path by @hakman in #14768
• Get AWS zones list from AWS SDK by @johngmyers in #14683
• Calico: Don't try to upgrade IPAM in IPv6 clusters by @johngmyers in #14773
• OpenStack: allow no lbclient when checking for vipacl by @olemarkus in #14743
• Update GCE integration tests by @hakman in #14786
• gce: Add support for clusters without DNS by @hakman in #14769
• Update containerd to v1.6.13 by @hakman in #14789
• scaleway: list and delete resources by @Mia-Cross in #14731
• Update dependencies by @github-actions in #14793
• Always use load balancer address in kubeconfig by @hakman in #14729
• Upgrade AWS CCM to v1.26.0 by @johngmyers in #14794
• Don't drain on rebalance recommendations in SQS mode unless configured by @johngmyers in #14771
• Upgrade older AWS CCM minor versions by @johngmyers in #14795
• NTH: add API validation against unsupported option configurations by @johngmyers in #14796
• Support public buckets for serviceAccountIssuers on S3 by @johngmyers in #14799
• Always include load balancer domain in APIServer certificate by @johngmyers in #14800
• NTH: Remove unnecessary configuration in Queue Processor mode by @johngmyers in #14792
• Bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #14803
• Bump actions/setup-go from 3.4.0 to 3.5.0 by @dependabot in #14802
• Bump actions/dependency-review-action from 3.0.1 to 3.0.2 by @dependabot in #14801
• Bump metrics-server to 0.6.2 by @johngmyers in #14...

v1.26.0-alpha.2

What's Changed

• Promote out-of-bound Kubernetes releases by @yurrriq in #14312
• Update dependencies by @github-actions in #14316
• Avoid spurious changes with bastion hosts due to user data by @hakman in #14318
• Replace --vpc flag with --network-id by @hakman in #14295
• Avoid spurious changes with NLB due to access log config by @hakman in #14319
• Add more details to the NTH documentation by @yurrriq in #14323
• cluster-autoscaler : Add iam permission autoscaling:DescribeScalingActivities needed since 1.24 version by @noony in #14317
• Bump peter-evans/create-pull-request from 4.1.1 to 4.1.2 by @dependabot in #14330
• Bump actions/dependency-review-action from 2.1.0 to 2.4.0 by @dependabot in #14331
• Fix typo in doc for enabling cert-manager dns-01 challenges by @ilyasotkov in #14332
• Scaleway init and nodeup by @Mia-Cross in #14322
• Set metrics-server --kubelet-preferred-address-types by k8s version by @hakman in #14336
• Validate --zones flag earlier by @hakman in #14343
• Make kOps release and deprecation policy more clear by @olemarkus in #14342
• Bump Terraform tag to v1.3.0 by @hakman in #14335
• Revert "Set metrics-server --kubelet-preferred-address-types by k8s version" by @hakman in #14349
• hetzner: Fix metrics-server config to use internal IP by @hakman in #14350
• Set higher verbosity when logging Gossip DNS info by @hakman in #14339
• Update channels with the latest Ubuntu images by @hakman in #14351
• Update channels with the latest Ubuntu images by @hakman in #14354
• Scaleway support in protokube by @Mia-Cross in #14345
• Add node/master size from create cluster into IG spec by @olemarkus in #14347
• Ensure kubelet configuration from IG takes precedence over cluster's by @olemarkus in #14333
• Update dependencies by @github-actions in #14358
• gce: memberlist needs TCP also by @justinsb in #14364
• Bump peter-evans/create-pull-request from 4.1.2 to 4.1.3 by @dependabot in #14367
• Always infer gossip DNS from cluster name by @hakman in #14366
• Refactor NodeUp GossipBuilder to EtcHostsBuilder by @hakman in #14368
• Disable rp_filter on cilium hosts by @olemarkus in #14369
• Fix logic for pre-creating DNS records by @hakman in #14377
• Karpenter : fallback on ondemand instance by default by @noony in #14378
• cluster-autoscaler : Add scaleDownUnneededTime and scaleDownUnreadyTime by @noony in #14379
• update node-problem-detector to version 0.8.12 by @jjinno in #14382
• hetzner: Update CCM to v1.13.2 by @hakman in #14386
• Bump EBS CSI driver to 1.12.0 by @olemarkus in #14388
• Remove fsGroupPolicy as it is immutable by @olemarkus in #14390
• Fix default launch spec detection for spotinst by @2solt in #14389
• Update dependencies by @github-actions in #14395
• Let kOps take ownership of any field currently owned by kubectl by @olemarkus in #14362
• nodeup script: accept strongly typed nodeup.Config by @justinsb in #14397
• Fix typo in format string by @justinsb in #14399
• Bump actions/checkout from 3.0.2 to 3.1.0 by @dependabot in #14400
• update k8s cloudprovider openstack images by @zetaab in #14401
• update k8s openstack by @zetaab in #14406
• karpenter: upgrade to version 0.16.3 and support kubeReserved configuration by @noony in #14408
• Deprecate AWS Classic Load Balancer support for API by @hakman in #14410
• Update dependencies by @github-actions in #14412
• Bump k8s and ubuntu ami version in alpha by @MoShitrit in #14415
• Bump actions/dependency-review-action from 2.4.0 to 2.5.0 by @dependabot in #14416
• bump Openstack ccm version by @zetaab in #14417
• Remove usage of cluster kubelet config in nodeup by @olemarkus in #14419
• Allow snapshot controller to create volumesnapshotcontent by @TwoStone in #14413
• Ensure kOps doesn't surge on karpenter IGs by @olemarkus in #14423
• Bump AWS CCM to 1.25.1 by @olemarkus in #14424
• get-keypairs: Tolerate key set items without certificates by @seh in #14370
• Move setting role taints to cloudup by @olemarkus in #14420
• Bump alpha and stable channel with the latest kops releases by @olemarkus in #14433
• Log and aggregate errors from rolling update by @olemarkus in #14436
• add option to query AMI IDs from SSM by @heybronson in #14434
• Update dependencies by @github-actions in #14438
• Move Gossip check to cluster struct by @hakman in #14439
• Fix pdb for identity webhook by @olemarkus in #14442
• Update Kubernetes support removal documentation by @johngmyers in #14445
• Remove dead code by @johngmyers in #14446
• Bump peter-evans/create-pull-request from 4.1.3 to 4.2.0 by @dependabot in #14447
• Bump actions/setup-go from 3.3.0 to 3.3.1 by @dependabot in #14448
• Fix 1.22 deprecation notice by @johngmyers in #14449
• Need to setup topology before control plane for IPv6 private topology by @johngmyers in #14455
• hack: add support for dev-build script for scaleway by @remyleone in #14456
• Update containerd to v1.6.9 by @hakman in #14458
• ipv6: Tolerate multiple routes to the same NAT Gateway by @johngmyers in #14461
• Update dependencies by @github-actions in #14467
• Update Calico and Canal to v3.24.3 by @hakman in #14466
• Stop applying the beta.kubernetes.io/os by @pacoxu in #14459
• Fix Prometheus scraping for pod-identity-webhook by @jim-barber-he in #14463
• ipv6: NPE fixes for IPv6-only instances by @johngmyers in #14470
• aws: Set the target group health check interval to 10s by @hakman in #14473
• Bump actions/dependency-review-action from 2.5.0 to 2.5.1 by @dependabot in #14476
• Refactor to avoid looking up SSH keypairs twice by @johngmyers in #14475
• Refactor all normalization code into new Normalize() method by @johngmyers in #14477
• Move GCE project under CloudProvider in v1alpha3 API by @johngmyers in #14443
• Upgrade Amazon VPC CNI to v1.12.0 by @MoShitrit in #14485
• Remove well known account aliases for unsupported distros by @johngmyers in #14484
• Update aws.md by @slb235 in #14486
• doc_fix: fixing update cluster command by @swagftw in #14487
• hetzner: Create cluster without DNS or Gossip by @hakman in #14440
• hetzner: Use kops-controller for node bootstrap by @hakman in #14460
• Add e2e template for dedicated APIserver nodes without DNS by @hakman in #14489
• hetzner: Add listener for kops-controller when using it for node bootstrap by @hakman in #14492
• Update dependencies by @github-actions in #14494
• Revert deprecation of positional clustername args by @john...