v2.10.0

This release includes the following changes.

Deprecation / Removal

• rkt is no longer a supported container platform (#4671)
• kube-router deployment is no longer maintained and is considered unstable. Without a maintainer, it will be removed permanently.
• nginx_memory_requests has been renamed to loadbalancer_apiserver_memory_requests, nginx_cpu_requests to loadbalancer_apiserver_cpu_requests and nginx_kube_apiserver_port to loadbalancer_apiserver_port (#4480)

Major changes:

• Add support for Kubeadm experimental control plane (#4514)
• Non-master nodes no longer have label node-role.kubernetes.io/node (#4514)
• All tasks are validated by ansible-lint (#4411)
• Reworked liveness/readiness checks to speed up deploy (#4612)
• Nodelocaldns mode is enabled by default now (#4461)
• Add HAProxy as internal loadbalancer (#4480)
• Nodelocaldns was expecting to use TCP connections towards upstreams (#4492)
• Added generic CNI network plugin (#4322)

Applications

• Nginx ingress proxy now defaults to the label beta.kubernetes.io/os=linux
• Add support calico kubernetes datastore and typha (CURRENTLY NOT WORKING DUE TO #4727)
• Add an ability to provide oidc cert in base64
• Support Azure load balancer standard sku
• Install cri-tools on fedora
• Fix ipip: false in calico v3

Fixes

• Unmask Docker service in ClearLinux
• Avoid creating k8s cert dir on non-k8s nodes
• Fix runc absolute path
• Disable cloud-routes for non-cloud plugin

Component versions:

• Kubernetes v1.14.1
• Etcd 3.2.26
• Docker 18.06
• Cri-O 1.11.5
• Calico v3.4.0
• Cilium 1.3.0
• Contiv 1.2.1
• Flannel 0.11.0
• Kube-Router 0.2.5
• Multus 3.1-autoconf
• Weave 2.5.1
• CoreDNS 1.5.0
• Helm 2.13.1
• Kubernetes Dashboard v1.10.1
• Oracle OCI: v0.7.0

Known issues

• Non-master nodes can no longer set reserved labels (see kubernetes/kubernetes/#68267)
• Kube-router inter-node communication does not work
• Calico KDD does currently not work (see #4727)

v2.8.5

This release includes the following bugfixes:

• Add oidc prefixes to kubeadm templates (#4462)
• Release 2.8 robust san handling (#4478)

v2.9.0

This release includes the following changes.

Deprecation / Removal

• Non-kubeadm deployment mode (kubeadm_enabled: false) is removed
• Remove support for Ansible 2.5 and 2.6. Ansible 2.7.6 or newer required
• Remove KubeDNS and DNSmasq support

Major changes:

• Add ARM support
• Add support for ClearLinux OS (#3855)
• Add support for webhook token auth (#3939)
• Add support for EPEL repository (Centos and RedHat) (#4088)
• Add support for local-path-provisioner #4232
• Add support for Packet

Applications

• Add support for running a nodelocal dns cache (#3861)
• Dashboard replicas are now configurable (#4344)
• master tolerations for dashboard ar enow configurable (#4290)
• Dashboard --skip-login now configurable (#4265)
• Allow customizing container image path used in NVIDIA GPU addon (#4229)

Network

• Upgrade to calico v3.4.0

Component versions:

• Kubernetes v1.13.5
• Etcd 3.2.26
• Docker 18.06
• Rkt 1.21.0
• Cri-O 1.11.5
• Calico v3.4.0
• Cilium 1.3.0
• Contiv 1.2.1
• Flannel 0.11.0
• Kube-Router 0.2.5
• Multus 3.1-autoconf
• Weave 2.5.1
• CoreDNS 1.4.0
• Helm 2.13.1
• Kubernetes Dashboard v1.10.1
• Oracle OCI: v0.7.0

Known issues

Notes

• kube_api_anonymous_auth now defaults to true

Security Patch CVE-2019-1002101

[SECURITY] Kubernetes fix for CVE-2019-1002101

This updates kubernetes version to 1.12.7

v2.8.3 - Security Patch (CVE-2019-5736)

[SECURITY] Docker patches for CVE-2019-5736 (#4223)

This updates docker 18.06 and 18.09 with the two patches released
yesterday to address the new runc exploit. Details here:
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/

v2.8.2

This release includes the following changes.

• Added Kubernetes version 1.12.5

v2.8.1

This release includes the following changes.

Changes

• Added Kubernetes version 1.12.4

Fixes

• Stop if RBAC and anonymous-auth are not enabled when insecure port is disabled failed when running on non-masters.
• Remove kube-ipvs0 now works on cluster reset.
• Clear IPVS virtual server table now only runs on kubernetes nodes and masters.
• Move node-cidr-mask-size to ControllerManagerextraArgs
• Fixup line breaks for kubeadm SANs
• Fix apiServerCertSANs in kubeadm config file

v2.8.0

This release includes the following changes.

Deprecation / Removal

• None kubeadm deployment mode (kubeadm_enabled: false) is now deprecated and will be removed in 2.9
• Vault has been removed

Major changes:

• Kubeadm as default deployment mode
• Download CNI binaries instead of copying from containers
• Add support for setting custom node taints
• Kubernetes apiserver insecure port disabled by default
• Updated Docker and etcd versions
• Added priority class to all deployments (also for non-kubeadm deployments)
• Support multiple local volume provisioner StorageClasses
• Static tokens and basic auth now works with Kubeadm deployment mode (was broken in 2.7)
• Cloud Provider deployments with kubeadm now works

Applications

• Metrics Server is now added as an addon
• Add support to set tolerations for ingress-nginx

Network

• Added support for Kube-Router (Thanks to @jjo)
• Added support for Multus (Thanks to @Kusanagi9999)
• Fix DNS loop when resolvconf_mode is set to host_resolvconf
• Kube Proxy mode now defaults to ipvs
• DNS Autoscaler now works for both KubeDNS and CoreDNS (see notes)
• DNS Mode now defaults to coredns

Component versions:

• Kubernetes 1.12.3
• Etcd 3.2.24
• Docker 18.06
• Rkt 1.21.0
• Cri-O 1.11.5
• Calico 3.1.3
• Cilium 1.3.0
• Contiv 1.2.1
• Flannel 0.10.0
• Kube-Router 0.2.1
• Multus 3.1-autoconf
• Weave 2.5.0
• KubeDNS 1.14.13
• CoreDNS 1.2.6
• Helm 2.11.0

Notes

• Renamed variable kubedns_min_replicas to dns_min_replicas

v2.7.0

This release includes the following changes.

!!! Update (16-10-2018 @woopstar)

• etcd setup fails with Ansible 2.7. Either use Ansible 2.6 or apply the PR from #3486

Major changes:

• Added kubernetes audit support
• Added kubernetes Dynamic Kubelet Configuration support
• Added ARM support
• Added Cri-o support, Only on centos based OS
• Added Cloud provider support for OCI (Oracle Cloud Infrastructure)(experimental)
• Added Nvidia GPU support(experimental)
• Added a deployment document for offline environment
• Support for AWS cloud-config
• Ubuntu18.04 support
• Fedora 28 support
• Working on initial support for workloads on Windows
• Remove EFK from kubernetes-apps roles #3352
• Heketi/GlusterFS support
• MetalLB as load balancer for on-premise deployments support
• Adding pod priority for all the components (Priority Classes)
• kube_basic_auth and kube_token_auth now works with kubeadm deployments
• kubeadm deployment has been updated to be in sync with non-kubeadm deployments
• kubelet_node_custom_flags variable has been added to set kubelet flags only on nodes

Component versions:

• Kubernetes 1.11.3
• Etcd 3.2.18
• Flannel 0.10.0
• Cilium 1.2.0
• Contiv 1.2.1
• Weave 2.4.1
• Calico 3.1.3
• Docker 17.03
• Rkt 1.21.0
• Cri-O 1.11.5
• KubeDNS 1.14.13
• CoreDNS 1.2.2
• Helm 2.9.1

Known issues

• Deploy calico failed when using cri-o runtime #3275
• CoreDNS DNS loop when resolvconf_mode is set to host_resolvconf #3390
• Remove file download when docker engine is used #3302
• Cloud Provider deployments with kubeadm do not work yet #3766

Notes

We will we be deprecating the non-kubeadm deployment soon and switch towards using only kubeadm deployments as the new default.

v2.6.0

This release includes the following changes.

Major changes:

• Refactored vault to use hashivault module
• OpenSUSE support

Component versions:

• Kubernetes 1.10.4
• Etcd 3.2.18
• Flannel 0.10.0
• Cilium 1.1.2
• contiv 1.1.7
• Weave 2.4.0
• Calico 2.6.8
• Docker 17.03
• Kube-dns 1.14.10
• Coredns 1.1.2
• Helm 2.9.1