v1.28.1

What's Changed

• Automated cherry pick of #15901: Implement node encryption by @hakman in #15947
• Automated cherry pick of #15935: Fix minor typos for karpenter setup.
  #15957: Configure Karpenter resources. by @danports in #15958
• Automated cherry pick of #15987: aws: Don't add dependency on additional CIDR for shared VPC by @hakman in #15988
• Automated cherry pick of #16022: fix instance group validation if using serverGroupName by @zetaab in #16023
• Upgrade golang.org/x/net to 0.17.0 by @johngmyers in #16033
• Upgrade Go to 1.20.10 by @johngmyers in #16035
• Automated cherry pick of #16038: Add support for --cluster-signing-duration KCM flag by @hakman in #16039
• Automated cherry pick of #16051: aws: Skip ASG cleanup on Karpenter managed IG deletion by @hakman in #16052
• Automated cherry pick of #16043: Update containerd to v1.7.7 by @hakman in #16047
• Automated cherry pick of #16085: Update Go to v1.21.4 by @hakman in #16086
• Release 1.28.1 by @hakman in #16093

Full Changelog: v1.28.0...v1.28.1

v1.27.2

What's Changed

• Automated cherry pick of #15848: Fix warmpool to expose dependencies for dependency analysis by @johngmyers in #15864
• Automated cherry pick of #15846: Dependency analysis: include the direct task by @johngmyers in #15865
• Automated cherry pick of #15910: Add Cognito permissions for AWS LBC. by @danports in #15913
• Automated cherry pick of #15919: Update kubelet API with SeccompDefault option. by @hakman in #15925
• Upgrade golang.org/x/net to 0.17.0 by @johngmyers in #16034
• Upgrade Go to 1.20.10 by @johngmyers in #16036
• Automated cherry pick of #16038: Add support for --cluster-signing-duration KCM flag by @hakman in #16040
• Automated cherry pick of #16051: aws: Skip ASG cleanup on Karpenter managed IG deletion by @hakman in #16053
• Automated cherry pick of #16085: Update Go to v1.21.4 by @hakman in #16087
• Release 1.27.2 by @hakman in #16094

Full Changelog: v1.27.1...v1.27.2

v1.28.0

Release notes for kOps 1.28 series

Significant changes

AWS

• Node Termination Handler is now enabled by default.

GCP

• metadata-proxy is no longer deployed on GCP clusters for Kubernetes 1.29+.

Breaking changes

AWS

• The kops get assets --copy command no longer sets object-level public-read ACLs in the destination fileRepository.
  h

Other breaking changes

• Support for Kubernetes version 1.22 has been removed.

• Support for Ubuntu 18.04 is has been removed.

• Support for Canal, Flannel, and Kube-Router has been removed for Kubernetes 1.28 and later.

• RHEL-based distros will no longer have wget, curl, python2, and git packages installed. Install them with hooks if needed.

Deprecations

• Support for Kubernetes version 1.23 is deprecated and will be removed in kOps 1.29.

• Support for Kubernetes version 1.24 is deprecated and will be removed in kOps 1.30.

• Support for AWS Classic Load Balancer for API is deprecated and should not be used for newly created clusters.

• All legacy addons are deprecated in favor of managed addons, including the metrics server addon and the autoscaler addon.

What's Changed

• Add create cluster flag for specifying the list of etcd clusters by @hakman in #15552
• Add option for specifying the list of etcd metrics urls by @hakman in #15553
• Add CL2 test command to scalability scenario by @prateekgogia in #15538
• make cni plugin configurable in scaling test scenario by @prateekgogia in #15557
• Upgrade Karpenter to v0.27.5 by @anthonyhaussman in #15144
• Allow overriding uint values by @hakman in #15551
• Update dependencies by @hakman in #15562
• azure: Enable support for public load balancer by @hakman in #15563
• Revert "Remove obsolete etcd versions" by @hakman in #15564
• azure: Fix finding load balancers without subnets by @hakman in #15567
• Update etcd-manager to v3.0.20230630 by @hakman in #15568
• azure: Add support for network security groups by @hakman in #15570
• Don't download container runtime assets when skipping the installation by @hakman in #15579
• Promote alpha channel to stable by @hakman in #15581
• hetzner: Update CCM to v1.16.0 by @hakman in #15577
• aws: Avoid spurious changes in EBSVolume for KmsKeyId by @hakman in #15573
• docs(cilium): fix several broken links by @agilgur5 in #15325
• docs: remove kube-dns-autoscaler when upgrading to CoreDNS by @agilgur5 in #15584
• docs(cilium): update links to latest v1.13 by @agilgur5 in #15583
• doc: Added documentation about loadbalancer and security group configuration by @valentin-ricard in #15588
• Update Karpenter to v0.28.1 by @hakman in #15585
• kops-controller: create IPAM controller for GCE by @justinsb in #15591
• Increase client-side throttling limits by @hakman in #15593
• ipv6: containerd routes support for IPv6 by @justinsb in #15594
• Validate additionalNetworkCIDRs only set on AWS by @johngmyers in #14921
• Use private topology for apiserver e2e test by @johngmyers in #14905
• scaleway: add scaleway zones to autocompletion by @Mia-Cross in #15603
• gce: Add support for bastions by @hakman in #15602
• Fix Karpenter failure to start on IPv6 clusters by @johngmyers in #15605
• gce: Update logic for internal LB by @hakman in #15332
• Move GCE networkCIDR prohibition to validateNetworking() by @johngmyers in #15610
• v1alpha3: Rename GCE networking to GCP by @johngmyers in #15612
• Remove references to ClusterSpec from nodeup sysctls.go by @johngmyers in #15613
• gce: Set firewall rules for Internal LBs also by @justinsb in #15611
• gce: Rename firewall SSH rules for bastion by @hakman in #15614
• scaleway: switched credentials reading order by @Mia-Cross in #15618
• Remove more references to ClusterSpec from nodeup by @johngmyers in #15620
• Update Go to v1.20.6 by @hakman in #15621
• Update aws-sdk-go to support new AWS SSO profile by @avdhoot in #15616
• scaleway: refactoring: utils functions to get info from tags by @Mia-Cross in #15626
• aws: Allow using the same instance ID as egress for multiple subnets by @hakman in #15628
• scaleway: documentation improvement by @Mia-Cross in #15604
• Deprecate Canal, Flannel, and Kube-router by @johngmyers in #15634
• openstack: Open hubble port 4244 by @zetaab in #15635
• Add support for using swap memory by @hakman in #15632
• gce: Use user-data instead of startup-script metadata key by @hakman in #15607
• Add VFSContext to various clientsets by @johngmyers in #14960
• add removeAll to vfs by @Codelax in #15395
• kops-controller: load objects with version conversion by @justinsb in #15608
• Remove references to ClusterSpec.API from nodeup by @johngmyers in #15615
• azure: Add support for dns=none by @hakman in #15627
• spot: update docs about setting the VNG Size Limits in Launch Spec by @IdanShohamNetApp in #15631
• Remove references to more ClusterSpec fields from nodeup by @johngmyers in #15645
• Remove dead code for non-kops-controller bootstrap by @johngmyers in #15646
• Remove support for bootstrap tokens by @johngmyers in #15648
• Fix comment on patchNodePodCIDRs by @justinsb in #15651
• Support removal of managed node labels by @justinsb in #15650
• feat(karpenter): Variabilize image, logFormat and logLevel by @anthonyhaussman in #15601
• azure: Add mode dependency logic to deletion by @hakman in #15617
• Refactor out references to global vfs.Context by @johngmyers in #15640
• Fix modifying backupRetentionDays by @hakman in #15655
• Update release nodes for kOps 1.27 by @hakman in #15653
• Update scaleway-sdk-go to v1.0.0-beta.19 by @hakman in #15658
• Update dependencies by @github-actions in #15661
• More VFSContext refactoring by @johngmyers in #15662
• Update channels by @hakman in #15660
• azure: Verify node identity using VMSS name instead of tags by @hakman in #15659
• docs: revise the bastion ssh guideline to mitigate permission denied errors by @techieforfun in #15657
• Fix long auth helper cache file name by @norseto in #15547
• More VFSContext refactoring by @johngmyers in #15663
• verify-boilerplate: stricter error checking by @justinsb in #15665
• Add golden-output test for cacheFilePath by @justinsb in #15664
• Determine default API access method by IG subnet type by @johngmyers in #14996
• Improve validation of PodCIDR and ServiceClusterIPRange by @johngmyers in #15623
• azure: Avoid spurious changes in NetworkSecurityGroup by @hakman in #15668
• Continue skipping SCTP tests for cilium until we upgrade to 1.13 by @rifelpet in #15671
• Bump k8s and kops versions used in scenario scripts by @rifelpet in #15672
• Add 1.27 release notes to docs menu...

v1.26.6

What's Changed

• Automated cherry pick of #15674: kubetest2-kops: rename control-plane-size flag to by @justinsb in #15718
• Automated cherry pick of #15725: kubetest2: Mark --control-plane-size as deprecated by @hakman in #15729
• Automated cherry pick of #15762: fix: fixed an edge case with setting NodePort access in by @hakman in #15769
• Automated cherry pick of #14861: Mount the audit config dir for kube-apiserver by @hakman in #15940
• Automated cherry pick of #15919: Update kubelet API with SeccompDefault option. by @hakman in #15949
• Release 1.26.5 by @johngmyers in #15951
• Release 1.26.6 by @johngmyers in #15952

Full Changelog: v1.26.5...v1.26.6

v1.29.0-alpha.1

What's Changed

• Fix warmpool to expose dependencies for dependency analysis by @justinsb in #15848
• Remove support for Kubernetes 1.23 by @johngmyers in #15860
• Only run one replica of controller pods on non-HA clusters by @justinsb in #15868
• Default to 100.64.0.0/13 as IPv4 service cluster IP range by @hakman in #15866
• Improve status printing when tasks are in progress by @justinsb in #15847
• Clarify comment on nonMasqueradeCIDR field. by @justinsb in #15869
• Use mixed instances for scale tests by @hakman in #15859
• Remove dead code for in-tree CCM by @johngmyers in #15872
• Legacy control-plane node labels are no longer used by @johngmyers in #15874
• Allow setting additional flags for apiserver, kcm and scheduler by @hakman in #15877
• Allow setting resource.Quantity from the command line by @hakman in #15876
• Tune apiserver, kcm and scheduler flags for scale performance tests by @hakuna-matatah in #15875
• Remove Docker config option by @hakman in #15871
• Update ko to v0.14.1 by @hakman in #15879
• Update Calico to v3.25.2 by @hakman in #15878
• ENI Cleanup Improvements by @rifelpet in #15884
• Release 1.29.0-alpha.1 by @johngmyers in #15889

New Contributors

• @hakuna-matatah made their first contribution in #15875

Full Changelog: v1.29.0-alpha.0...v1.29.0-alpha.1

v1.28.0-beta.2

Release v1.28.0-beta.2 (draft)

What's Changed

• Automated cherry pick of #15848: Fix warmpool to expose dependencies for dependency analysis by @johngmyers in #15863
• Automated cherry pick of #15866: Default to 100.64.0.0/13 as IPv4 service cluster IP range by @hakman in #15870
• Automated cherry pick of #14893: Don't expose v1alpha3 API by @johngmyers in #15873
• Automated cherry pick of #15868: Only run one replica of controller pods on non-HA by @hakman in #15880
• Automated cherry pick of #15879: Update ko to v0.14.1 by @hakman in #15882
• Automated cherry pick of #15878: Update Calico to v3.25.2 by @hakman in #15881
• Release 1.28.0-beta.2 by @johngmyers in #15888

Full Changelog: v1.28.0-beta.1...v1.28.0-beta.2

v1.28.0-beta.1

What's Changed

• Fixing a typo in Hetzner Firewall Model management by @marcopalmisano in #15762
• Fix hubble certificate dnsname by @zadjadr in #15756
• Allow setting env vars from the command line by @hakman in #15767
• Fix amazonvpc string casing by @prateekgogia in #15773
• Trim e2e skip regexes for Cilium by @johngmyers in #15753
• Use dns=none for scale tests by @hakman in #15774
• Pass error when failing to get SSM parameter by @hakman in #15775
• openstack: Add missing security groups for cilium etcd by @zadjadr in #15766
• Use the same LBC version for e2e tests as what is deployed by @rifelpet in #15777
• Don't set object-level public ACL in S3 FileRepository by @johngmyers in #15726
• Bump actions/dependency-review-action from 3.0.6 to 3.0.7 by @dependabot in #15780
• Bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in #15779
• aws: Ignore volumes set to delete on instance termination by @hakman in #15782
• Update dependencies by @hakman in #15781
• Use us-east-2 region for scale tests by @hakman in #15783
• aws: implement paginator for DescribeLaunchTemplate on buildKarpenterGroup by @ltellesfl in #15785
• Mark flags as deprecated instead of normalizing by @hakman in #15743
• Fix AWS CCM defaults for IPAM to match KCM by @johngmyers in #15670
• Skip failing ProxyTerminatingEndpoints test by @hakman in #15792
• Add a new field for using a custom registry for Cilium by @jandersen-plaid in #15787
• Stop installing misc utils on RHEL distros by @rifelpet in #15797
• kcm: Add support for --endpoint/slice-updates-batch-period by @hakman in #15798
• Allow setting metav1.Duration from the command line by @hakman in #15799
• gce: don't logspam when next-route-hop is starting by @justinsb in #15802
• Bump actions/dependency-review-action from 3.0.7 to 3.0.8 by @dependabot in #15803
• fix: error message typo by @0o001 in #15804
• Continue skipping SCTP HostPort tests in older k8s versions by @rifelpet in #15807
• Create clusters with bigger default subnets by @hakman in #15791
• Bump AWS CNI to 1.13.4 by @moshevayner in #15809
• Bump Cert Manager to 1.12.3 by @moshevayner in #15810
• Use AWS CCM 1.28.1 on k8s 1.28+ by @johngmyers in #15813
• Fix gossip on DigitalOcean by @justinsb in #15815
• add mirror by @justinsb in #15816
• update alpha channel with k8s emergency release and ubuntu ami versions by @moshevayner in #15817
• Promote alpha to stable by @moshevayner in #15819
• Skip UDP LoadBalancer test on k8s 1.26 by @rifelpet in #15822
• Split network CIDR into even bigger subnets by @hakman in #15814
• aws: Create subnets for additional network CIDRs by @hakman in #15805
• Add support for --experimental-allocatable-ignore-eviction kubelet flag by @hakman in #15824
• cleanup: Fix comment on GetExternalNetwork by @justinsb in #15827
• Fix small typo in documentation by @mihow in #15796
• Scale config changes for scale prow job on AWS by @prateekgogia in #15599
• Bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #15833
• Find containerd package hash from release sha256sum by @hakman in #15834
• Don't rely on kubectl being installed by @justinsb in #15828
• scaleway: rolling-update feature by @Mia-Cross in #15835
• aws: Add dependency on additional network cidrs for subnets by @hakman in #15841
• Let us spread across all AZ(s) in us-east-2 by @dims in #15843
• Allow custom service account issuer without public bucket by @hakman in #14991
• Update dependencies by @hakman in #15842
• Dependency analysis: include the direct task by @justinsb in #15846
• Use cluster-autoscaler 1.28.0 on k8s 1.28+ by @johngmyers in #15850
• Update dependencies by @github-actions in #15851
• Release 1.28.0-beta.1 by @hakman in #15855

New Contributors

• @marcopalmisano made their first contribution in #15762
• @0o001 made their first contribution in #15804
• @mihow made their first contribution in #15796

Full Changelog: v1.28.0-alpha.2...v1.28.0-beta.1

v1.27.1

What's Changed

• Automated cherry pick of #15655: Fix modifying backupRetentionDays by @hakman in #15656
• Automated cherry pick of #15601: feat(karpenter): Variabilize Image, logFormat and logLevel by @hakman in #15654
• Automated cherry pick of #15671: Continue skipping SCTP tests for cilium until we upgrade to by @rifelpet in #15675
• Automated cherry pick of #15689: Print error message when digest image fails by @hakman in #15690
• Automated cherry pick of #15699: Use release version of k8s 1.27 in integration test by @johngmyers in #15702
• Automated cherry pick of #15703: Upgrade cluster-autoscaler by @johngmyers in #15704
• Automated cherry pick of #15706: Upgrade AWS CCM by @hakman in #15713
• Automated cherry pick of #15674: kubetest2-kops: rename control-plane-size flag to by @justinsb in #15719
• Automated cherry pick of #15722: Fix WarmPool with --target direct by @johngmyers in #15723
• Automated cherry pick of #15725: kubetest2: Mark --control-plane-size as deprecated by @hakman in #15728
• Automated cherry pick of #15740: aws: Add instance group tag to subnets only with by @hakman in #15744
• Automated cherry pick of #15762: fix: fixed an edge case with setting NodePort access in by @hakman in #15768
• Automated cherry pick of #15767: Allow setting env vars from the command line by @rifelpet in #15770
• Automated cherry pick of #15670: Fix AWS CCM defaults for IPAM to match KCM by @johngmyers in #15789
• Automated cherry pick of #15787: Add a new field for using a custom registry for Cilium by @hakman in #15794
• Automated cherry pick of #15785: fix: implement LaunchTemplate with paginator on by @hakman in #15788
• Automated cherry pick of #15810: bump cert manager to 1.12.3 by @moshevayner in #15811
• Automated cherry pick of #15824: Add support for --experimental-allocatable-ignore-eviction by @hakman in #15826
• Automated cherry pick of #15815: Fix gossip on DigitalOcean by @hakman in #15825
• Automated cherry pick of #15709: gce: Set labels on ForwardingRules by @justinsb in #15831
• Automated cherry pick of #15565: etcd-manager: support symlinking versions by @justinsb in #15832
• Automated cherry pick of #14991: Allow custom service account issuer without public bucket by @hakman in #15845
• Release 1.27.1 by @hakman in #15857

Full Changelog: v1.27.0...v1.27.1

v1.28.0-alpha.2

Release v1.28.0-alpha.2 (draft)

What's Changed

• Add create cluster flag for specifying the list of etcd clusters by @hakman in #15552
• Add option for specifying the list of etcd metrics urls by @hakman in #15553
• Add CL2 test command to scalability scenario by @prateekgogia in #15538
• make cni plugin configurable in scaling test scenario by @prateekgogia in #15557
• Upgrade Karpenter to v0.27.5 by @anthonyhaussman in #15144
• Allow overriding uint values by @hakman in #15551
• Update dependencies by @hakman in #15562
• azure: Enable support for public load balancer by @hakman in #15563
• Revert "Remove obsolete etcd versions" by @hakman in #15564
• azure: Fix finding load balancers without subnets by @hakman in #15567
• Update etcd-manager to v3.0.20230630 by @hakman in #15568
• azure: Add support for network security groups by @hakman in #15570
• Don't download container runtime assets when skipping the installation by @hakman in #15579
• Promote alpha channel to stable by @hakman in #15581
• hetzner: Update CCM to v1.16.0 by @hakman in #15577
• aws: Avoid spurious changes in EBSVolume for KmsKeyId by @hakman in #15573
• docs(cilium): fix several broken links by @agilgur5 in #15325
• docs: remove kube-dns-autoscaler when upgrading to CoreDNS by @agilgur5 in #15584
• docs(cilium): update links to latest v1.13 by @agilgur5 in #15583
• doc: Added documentation about loadbalancer and security group configuration by @valentin-ricard in #15588
• Update Karpenter to v0.28.1 by @hakman in #15585
• kops-controller: create IPAM controller for GCE by @justinsb in #15591
• Increase client-side throttling limits by @hakman in #15593
• ipv6: containerd routes support for IPv6 by @justinsb in #15594
• Validate additionalNetworkCIDRs only set on AWS by @johngmyers in #14921
• Use private topology for apiserver e2e test by @johngmyers in #14905
• scaleway: add scaleway zones to autocompletion by @Mia-Cross in #15603
• gce: Add support for bastions by @hakman in #15602
• Fix Karpenter failure to start on IPv6 clusters by @johngmyers in #15605
• gce: Update logic for internal LB by @hakman in #15332
• Move GCE networkCIDR prohibition to validateNetworking() by @johngmyers in #15610
• v1alpha3: Rename GCE networking to GCP by @johngmyers in #15612
• Remove references to ClusterSpec from nodeup sysctls.go by @johngmyers in #15613
• gce: Set firewall rules for Internal LBs also by @justinsb in #15611
• gce: Rename firewall SSH rules for bastion by @hakman in #15614
• scaleway: switched credentials reading order by @Mia-Cross in #15618
• Remove more references to ClusterSpec from nodeup by @johngmyers in #15620
• Update Go to v1.20.6 by @hakman in #15621
• Update aws-sdk-go to support new AWS SSO profile by @avdhoot in #15616
• scaleway: refactoring: utils functions to get info from tags by @Mia-Cross in #15626
• aws: Allow using the same instance ID as egress for multiple subnets by @hakman in #15628
• scaleway: documentation improvement by @Mia-Cross in #15604
• Deprecate Canal, Flannel, and Kube-router by @johngmyers in #15634
• openstack: Open hubble port 4244 by @zetaab in #15635
• Add support for using swap memory by @hakman in #15632
• gce: Use user-data instead of startup-script metadata key by @hakman in #15607
• Add VFSContext to various clientsets by @johngmyers in #14960
• add removeAll to vfs by @Codelax in #15395
• kops-controller: load objects with version conversion by @justinsb in #15608
• Remove references to ClusterSpec.API from nodeup by @johngmyers in #15615
• azure: Add support for dns=none by @hakman in #15627
• spot: update docs about setting the VNG Size Limits in Launch Spec by @IdanShohamNetApp in #15631
• Remove references to more ClusterSpec fields from nodeup by @johngmyers in #15645
• Remove dead code for non-kops-controller bootstrap by @johngmyers in #15646
• Remove support for bootstrap tokens by @johngmyers in #15648
• Fix comment on patchNodePodCIDRs by @justinsb in #15651
• Support removal of managed node labels by @justinsb in #15650
• feat(karpenter): Variabilize image, logFormat and logLevel by @anthonyhaussman in #15601
• azure: Add mode dependency logic to deletion by @hakman in #15617
• Refactor out references to global vfs.Context by @johngmyers in #15640
• Fix modifying backupRetentionDays by @hakman in #15655
• Update release nodes for kOps 1.27 by @hakman in #15653
• Update scaleway-sdk-go to v1.0.0-beta.19 by @hakman in #15658
• Update dependencies by @github-actions in #15661
• More VFSContext refactoring by @johngmyers in #15662
• Update channels by @hakman in #15660
• azure: Verify node identity using VMSS name instead of tags by @hakman in #15659
• docs: revise the bastion ssh guideline to mitigate permission denied errors by @techieforfun in #15657
• Fix long auth helper cache file name by @norseto in #15547
• More VFSContext refactoring by @johngmyers in #15663
• verify-boilerplate: stricter error checking by @justinsb in #15665
• Add golden-output test for cacheFilePath by @justinsb in #15664
• Determine default API access method by IG subnet type by @johngmyers in #14996
• Improve validation of PodCIDR and ServiceClusterIPRange by @johngmyers in #15623
• azure: Avoid spurious changes in NetworkSecurityGroup by @hakman in #15668
• Continue skipping SCTP tests for cilium until we upgrade to 1.13 by @rifelpet in #15671
• Bump k8s and kops versions used in scenario scripts by @rifelpet in #15672
• Add 1.27 release notes to docs menu by @rifelpet in #15673
• azure: Populate node labels from tags by @hakman in #15667
• v1alpha3: Remove no-longer-used topology fields by @johngmyers in #15676
• Skip ssh-to-all-nodes test in private topology by @johngmyers in #15683
• kubetest2-kops: rename control-plane-size flag to control-plane-count by @justinsb in #15674
• etcd-manager: support symlinking versions by @justinsb in #15565
• Update dependencies by @github-actions in #15685
• Fix addon-resource-tracking scenario for new starting kops version by @johngmyers in #15688
• Print error message when digest image fails by @hakman in #15689
• v1alpha3: remove redundant ConfigStore by @johngmyers in #15678
• Promote alpha channel to stable by @hakman in #15695
• v1alpha3: move state store location config under its own sub-struct by @johngmyers in #15693
• update logs with "cannot render instance groups" instead of "cannot render nodes" in validate_cluster.go by @haojue in https://git...

v1.27.0

Significant changes

• The default image has been updated to Ubuntu 22.04 (Jammy).

• The default retention duration for the etcd backups is now set to 90 days.
  This behaviour can be overridden by setting spec.etcdClusters[*].manager.backupRetentionDays in the cluster spec.

• external-dns is now supported in IPv6 clusters.

• Using swap memory is now possible by setting spec.kubelet.memorySwapBehavior.

AWS

• As of Kubernetes version 1.27, all nodes will default to running with instance-metadata-service tokens required, with a max hop limit of 1.
  Newly created clusters will be configured as necessary to have these settings.

• As of Kubernetes version 1.27, credentials for private ECR repositories will be handled by the out-of-tree credential provider. This is an additional binary that each instance downloads from the assets repository.

• Karpenter has been upgraded to version 0.28.1 and the feature flag is no longer necessary.

GCP

• Improved support for private topology.

• Support for bastions has been added.

Openstack

• Nodes will now assign floating IPs when they are in a subnet that is of type Public. Previously
  they would do so when the respective topology was set to public.

Breaking changes

Other breaking changes

• Support for Kubernetes version 1.21 has been removed.

Deprecations

• Support for Kubernetes version 1.22 is deprecated and will be removed in kOps 1.28.

• Support for Kubernetes version 1.23 is deprecated and will be removed in kOps 1.29.

• Support for Ubuntu 18.04 is deprecated and will be removed in kOps 1.28.

• Support for AWS Classic Load Balancer for API is deprecated and should not be used for newly created clusters.

• All legacy addons are deprecated in favor of managed addons, including the metrics server addon and the autoscaler addon.

Help Wanted

• kOps needs maintainers for Canal, Flannel, and Kube-Router to keep versions up to date and move the integration from experimental to stable. If no volunteers step up by the time kOps 1.27 is released, support will be phased out.

What's Changed

• Automated cherry pick of #14893: Don't expose v1alpha3 API by @johngmyers in #15580
• Automated cherry pick of #15577: hetzner: Update CCM to v1.16.0 by @hakman in #15578
• Automated cherry pick of #15573: aws: Avoid spurious changes in EBSVolume for KmsKeyId by @hakman in #15574
• Automated cherry pick of #15579: Don't download containerd assets when skipping the by @hakman in #15586
• Automated cherry pick of #15585: Update Karpenter to v0.28.1 by @hakman in #15592
• Automated cherry pick of #15593: Increase client-side throttling limits by @hakman in #15596
• Automated cherry pick of #14921: Validate additionalNetworkCIDRs only set on AWS by @hakman in #15597
• Automated cherry pick of #15618: switched credentials reading order by @hakman in #15619
• Automated cherry pick of #15621: Update Go to v1.20.6 by @hakman in #15622
• Automated cherry pick of #15605: Fix Karpenter failure to start on IPv6 clusters by @johngmyers in #15609
• Automated cherry pick of #15616: Update aws-sdk-go to support new aws sso profile by @hakman in #15629
• Automated cherry pick of #15628: aws: Allow using the same instance ID as egress for multiple by @hakman in #15630
• Automated cherry pick of #15635: openstack: Open hubble port 4244 by @hakman in #15636
• Automated cherry pick of #15602: gce: Add support for bastions#15332: gce: Update logic for internal LB#15611: gce: Set firewall rules for Internal LBs also#15614: gce: Rename firewall SSH rules for bastion#15607: gce: Use user-data instead of startup-script metadata by @hakman in #15639
• Automated cherry pick of #15632: Add support for using swap memory by @hakman in #15637
• Automated cherry pick of #15608: kops-controller: load objects with version conversion by @johngmyers in #15641
• Automated cherry pick of #15650: Support removal of managed node labels by @johngmyers in #15652
• Release 1.27.0 by @hakman in #15598

New Contributors

• @zcahana made their first contribution in #14965
• @jandersen-plaid made their first contribution in #14194
• @chubchubsancho made their first contribution in #14519
• @dimamo5 made their first contribution in #14920
• @chncaption made their first contribution in #15021
• @elezar made their first contribution in #15096
• @Nick-Triller made their first contribution in #15119
• @jongwooo made their first contribution in #15116
• @rsafonseca made their first contribution in #15153
• @philnielsen made their first contribution in #15177
• @R3DRUN3 made their first contribution in #15228
• @yehielnetapp made their first contribution in #15263
• @chenliu1993 made their first contribution in #15270
• @kundan2707 made their first contribution in #15290
• @felixfriedrich made their first contribution in #15275
• @SimonMisencik made their first contribution in #15311
• @oded7hoffman made their first contribution in #15338
• @ltellesfl made their first contribution in #15316
• @KlwntSingh made their first contribution in #15408
• @sn4psh0t made their first contribution in #15414
• @fcgravalos made their first contribution in #15415
• @testwill made their first contribution in #15476
• @fchiacchiaretta made their first contribution in #15479

Full Changelog: v1.27.0-alpha.1...v1.27.0