Releases: kubernetes-sigs/kubespray
Releases · kubernetes-sigs/kubespray
v2.5.0
This release includes the following changes.
Major changes:
- Switched to Google's hyperkube docker container (was CoreOS) due to glusterfs support
- New addon: ingress-nginx
- New addon: registry
- Added support for ipvs kube-proxy mode
- Added remove-node.yml playbook (taint and remove node from cluster)
- Credentials are now stored in inventory directory
- Added experimental support for OpenSuse
- Added experimental CoreDNS support
- Added experimental support for Cilium as network provider
- Deprecated kubespray-cli
Component versions:
- Kubernetes 1.9.5
- Etcd 3.2.4
- Flannel 0.10.0
- Cilium 1.0.0-rc8
- contiv 1.1.7
- Weave 2.2.1
- Calico 2.6.8
- Docker 17.03
- Istio 0.2.6
- Kube-dns 1.14.8
- Coredns 1.1.0
- Helm 2.8.1
v2.4.0
v2.3.0
This release includes the following changes.
Major changes:
- Full RBAC support
- New addon: istio
- etcd scaling
- All network plugins are deployed with CNI as daemonsets
- Experimental kubeadm support
- Container and file downloads are consolidated
Component versions:
- Kubernetes v1.8.1
- Docker 1.13.1
- etcd v3.2.4
- Rkt v1.21.0 (optional)
- Calico v2.5.0
- Weave 2.0.4
- Flannel v0.8.0
Security
- RBAC is enabled and may affect upgrades.
Known issues
- CoreOS with Canal on GCE does not work. It works fine on any other platform.
- Vault deployment mode does not work with kubeadm (but can still be used for etcd certificates).
Action items for users upgrading to v2.3.0
- If you switch to kubeadm deployment mode, all pods in kube-system namespace will get restarted. All other pods will have their service account tokens reset because of the necessary certificate regeneration. Delete the relevant secret for the ServiceAccount and restart the pods to restore functionality.
Additional notes
- Kubeadm can be enabled by setting
kubeadm_enabled: true. Both new and existing clusters can be switched to kubeadm mode.
v2.2.0
This release includes the following changes.
Major changes:
- RBAC support for core components (optional add-ons are not included)
- Reintroduced Vault support
- Masters are now marked unschedulable via taints
- Flannel is now setup with CNI
Component versions:
- Kubernetes v1.7.3
- Docker 1.13.1
- etcd v3.2.4
- Rkt v1.21.0 (optional)
- Calico v2.4.1
- Weave 2.0.1
- Flannel v0.8.0
Security
- It is now possible to enable RBAC upon upgrade.
v2.1.2
This release includes the following changes.
Major changes:
- Project rename to Kubespray
- Experimental RBAC support (unsupported)
- Support for Ansible 2.3.x series
Component versions:
- Kubernetes v1.6.7
- Docker 1.13.1
- etcd v3.2.4
- Rkt v1.21.0 (optional)
- Calico v1.1.3
- Weave 2.0.1
- Flannel v0.8.0
Security
- Kubespray now generates ClusterRoles and ClusterRoleBindings for most services. Full RBAC support is not available yet. Upgrades to RBAC are not working.
Breaking changes/Known issues
- Vault is nonfunctional for this release
- Versions of Docker above 1.13.x do not work. As a result, newer CoreOS releases will not work.
v2.1.1
This release includes the following changes.
Major changes:
- EFK logging stack add-on support
- Helm add-on support
- Autoscaling for dnsmasq and kubedns
- Graceful upgrades support (cordon/drain/upgrade/uncordon)
- Daemonset upgrades
- Hashicorp Vault as optional certificate backend
Component versions:
- Kubernetes 1.5.3
- Docker 1.13.1
- Rkt v1.21.0 (optional)
- Calico v1.1.0-rc8
- Weave 1.8.2
- Flannel v0.6.2
Security
- Kargo now generates separate certificates in ETCD and Kubernetes for each host.
Breaking changes
- Support for etcd3 backend for kube-apiserver. (Note that existing installs will not auto-upgrade.)
- docker_dns mode is now the default. Hosts cannot resolve pod network domains with this configuration, but it is less vulnerable to outside changes to host /etc/resolv.conf.
- kube-apiserver now listens on port 6443 by default.
- This release works only with Ansible version 2.2.1.0. All other versions are unsupported.
- This release only works with Jinja2 version >=2.8. Earlier versions will have issues rendering templates.
Others
- Tuning added for ETCD and Kubelet node reporting which performs better at scale.
- New role kargo-defaults for setting global default variables.
- Improved performance of certificate generation tasks.
v2.1.0
This release includes the following changes:
Major changes
- New container-runtime for control plane ( etcd + kubelet ): Rkt.
Experimental. If enabled, it only works right now with Flannel/Canal - New cloud provider: Azure
- New network plugin: Canal
- Etcd with TLS support
- Nginx proxy to provide k8s apiserver HA for non master nodes
Versions upgrade
- Kubernetes version 1.5.1
- Docker 1.12.5
- Rkt v1.21.0
- Calico 2.0.0
Network
- Calico with custom network backends and routereflector supported for large deployments
- Support for Canal network plugin
- Pseudo network plugin called "cloud" to use built-in cloud providers' networking
- Improved DNS stack with host/docker configuration options
- Network checker application to verify DNS resolve for pods and inter-pods connectivity
Clouds support
- Azure cloud provider support, improved deployments on terraform/openstack
- Azure Resource Manager templates, GlusterFS support and ansible inventory generator script as contrib addons
Security
- TLS support for etcd cluster with individual nodes' certificates
- Support for bastion hosts, security improvements via explicit cgroups limits for workloads and support of unschedulable standalone master nodes
Breaking
- Only systemd based Linux OS distributions supported from now on
- Requires users to sync
groups_vars/all.yaml - Removed the etcd-proxy
Others
- Speed up for large deployments when distributing tokens and certs and downloading containers
- Improved docker container download and sync
- Dev/QA playbooks for in-place cluster reset
- Enabled fact caching by default
- Container Linux by CoreOS added to CI matrix
- Improved documentation
v2.0.0
This release includes the following major changes:
- Kubernetes version 1.4.0
- Run everything as containers
- Improves dns management. refer to the dns-stack documentation
- nginx-proxy for kube-apiserver high availability on non-master nodes
- Improved etcd high availability with a local etcd_proxy per node
- Option for network policy with Calico network plugin
- a common
bootstraprole depending on the OS
Kubernetes v1.2.0
upgrade to kubernetes 1.2.0
dnsmasq as daemonset
master election option.
Host services
- Ansible 2.x, drop compat with 1.9
- Run as a host service api-master and etcd