v1.26.5

Release v1.26.5 (draft)

What's Changed

• Automated cherry pick of #15573: aws: Avoid spurious changes in EBSVolume for KmsKeyId by @hakman in #15575
• Automated cherry pick of #15608: kops-controller: load objects with version conversion by @johngmyers in #15642
• Release 1.26.5 by @johngmyers in #15644

Full Changelog: v1.26.4...v1.26.5

v1.27.0-beta.3

What's Changed

• Automated cherry pick of #15515: node labeling: don't ignore unknown roles by @hakman in #15519
• Automated cherry pick of #15536: bump cert-manager to v1.12.2 by @moshevayner in #15537
• Automated cherry pick of #15458: Support intstr.IntOrString type by @hakman in #15541
• Automated cherry pick of #15526: Remove duplicate Cluster field in BootstrapScriptBuilder by @hakman in #15535
• Automated cherry pick of #15516: etcd-manager: set environment variables once by @hakman in #15544
• Automated cherry pick of #15393: scaleway: dns support by @hakman in #15546
• Automated cherry pick of #15564: Revert "Remove obsolete etcd versions" by @hakman in #15566
• Automated cherry pick of #15568: Update etcd-manager to v3.0.20230630 by @hakman in #15569
• Automated cherry pick of #15144: Upgrade Karpenter to v0.27.5 by @hakman in #15571
• Release 1.27.0-beta.3 by @hakman in #15572

Full Changelog: v1.27.0-beta.2...v1.27.0-beta.3

v1.28.0-alpha.1

Release v1.28.0-alpha.1 (draft)

What's Changed

• Bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 by @dependabot in #15513
• Remap all init container images of etcd-manager by @alasdairtran in #15514
• scaleway: dns support by @Mia-Cross in #15393
• node labeling: don't ignore unknown roles by @justinsb in #15515
• Add optional SELinux support to RHEL clusters by @jsafrane in #15487
• Fix promotion of kops-utils-cp by @hakman in #15520
• Fix promotion of kops-utils-cp - cloudbuild by @hakman in #15523
• Fix promotion of kops-utils-cp - push by @hakman in #15527
• Update min versions for kOps v1.28 by @hakman in #15531
• Remove duplicate Cluster field in BootstrapScriptBuilder by @justinsb in #15526
• bump k8s versions with June releases and Ubuntu AMI versions in alpha channel by @moshevayner in #15532
• Bump AWS CNI to version 1.13.2 by @moshevayner in #15534
• Bump cert-manager to version 1.12.2 by @moshevayner in #15536
• Support intstr.IntOrString type in cmd by @peaaceChoi in #15458
• Fix node count for scalability scenario by @hakman in #15540
• etcd-manager: set environment variables once by @justinsb in #15516
• Create release notes for kOps 1.28; delete code for removed features by @johngmyers in #15543
• Release 1.28.0-alpha.1 by @johngmyers in #15548

New Contributors

• @peaaceChoi made their first contribution in #15458

Full Changelog: v1.27.0-beta.1...v1.28.0-alpha.1

v1.27.0-beta.2

What's Changed

• Automated cherry pick of #15514: Remap all init container images of etcd-manager by @hakman in #15517
• Automated cherry pick of #15520: Fix promotion of kops-utils-cp by @hakman in #15521
• Automated cherry pick of #15523: Fix promotion of kops-utils-cp - cloudbuild by @hakman in #15524
• Automated cherry pick of #15527: Fix promotion of kops-utils-cp - push by @hakman in #15528
• Release 1.27.0-beta.2 by @hakman in #15530

Full Changelog: v1.27.0-beta.1...v1.27.0-beta.2

v1.27.0-beta.1

What's Changed

• Remove obsolete etcd versions by @hakman in #15112
• Update runc to v1.1.7 by @hakman in #15375
• Update release-process.md by @hakman in #15432
• Bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in #15437
• Update dependencies by @hakman in #15433
• Update CNI plugins to v1.2.0 for K8s 1.27+ by @hakman in #15434
• OpenStack: Use task engine to retry failed servers by @ederst in #15301
• OpenStack: Set FloatingIP support if router spec exists by @ederst in #15423
• fix(cilium): install CNI plugin binary in an InitContainer by @anthonyhaussman in #15336
• Refactor: rename IsGossip -> UsesLegacyGossip by @justinsb in #15438
• OpenStack: Build InstanceGroup despite missing IP by @ederst in #15300
• Minor update to docs by @srikiz in #15439
• OpenStack: Use interface attach when reconciling server ports by @ederst in #15299
• Update calico and canal to 3.25.1 by @zetaab in #15445
• update cluster-proportional-autoscaler to v1.8.8 by @zetaab in #15446
• feat(hetzner): bump cloud-controller-manager and csi-driver by @AlexLast in #15440
• scaleway: none DNS option available by @Mia-Cross in #15422
• Spotinst: add feature spread nodes by count/vcpu to markets by @yehielnetapp in #15424
• Update Cilium to v1.12.10 by @hakman in #15449
• Bump cert-manager addon to v1.12.1 (latest release) by @moshevayner in #15450
• Update dependencies by @github-actions in #15452
• update coredns to 1.10.1 by @zetaab in #15447
• kops-controller: Return http.StatusConflict only when node is ready by @hakman in #15456
• docs(release): add improved security of metrics-server note to 1.19 by @agilgur5 in #15327
• Upgrade external-dns to v0.13.5 by @johngmyers in #15457
• Update etcd to v3.5.9 by @hakman in #15436
• Default to dns=none for hetzner and digitalocean by @justinsb in #15460
• Update dependencies by @github-actions in #15461
• Bump actions/dependency-review-action from 3.0.4 to 3.0.6 by @dependabot in #15469
• etcd-manager: Add back etcd v3.5.7 binaries by @hakman in #15471
• chore: remove refs to deprecated io/ioutil by @testwill in #15476
• GCP Terraform: enable create_before_destroy in instance templates by @tesspib in #15478
• fix: CVE-2023-2253 CVE-2022-41723 by @testwill in #15477
• Add RHEL9 support by @jsafrane in #15481
• Increase verbosity level of log message about object ACLs by @tesspib in #15483
• Update dependencies by @github-actions in #15484
• scaleway: use latest version of the ccm by @Mia-Cross in #15486
• Make create args for scale testing configurable in the run-test.sh by @prateekgogia in #15482
• Add additional config for node local dns by @zetaab in #15466
• Fix Amazon ECR endpoint in China by @alasdairtran in #15490
• Hetzner LoadBalancer: support adding services by @justinsb in #15491
• Bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #15492
• Use Ubuntu 22.04 (Jammy) as the default distro for K8s 1.27+ by @hakman in #15475
• Use API internal name as TLS server name in kubeconfig by @hakman in #15462
• Use kops-controller on hetzner, even with gossip by @justinsb in #15493
• New OpenStack security group rules for metrics by @fchiacchiaretta in #15479
• Update Spot Ocean controller to the latest version -> 1.0.94 by @oded7hoffman in #15497
• [doc] Update s3api command to create OIDC bucket by @h3poteto in #15498
• scaleway: use kops controller for bootstrap by @Mia-Cross in #15474
• Debian 12 Bookworm: Fix DNS resolution by @ReillyBrogan in #15502
• Update dependencies by @github-actions in #15505
• Update containerd to v1.7.2 by @hakman in #15507
• Update Go to v1.20.5 by @hakman in #15501
• Update pause image to v3.9 by @hakman in #15506
• Don't set up masquerade if NonMasqueradeCIDR is /0 by @johngmyers in #15037
• Rename kops-copy to kops-utils-cp by @hakman in #15509
• Release 1.27.0-beta.1 by @hakman in #15510

New Contributors

• @testwill made their first contribution in #15476
• @prateekgogia made their first contribution in #15482
• @alasdairtran made their first contribution in #15490
• @fchiacchiaretta made their first contribution in #15479

Full Changelog: v1.27.0-alpha.2...v1.27.0-beta.1

v1.26.4

What's Changed

• Update Go to v1.19.9 by @hakman in #15381
• Automated cherry pick of #15387: bump aws cni to 1.12.6 by @moshevayner in #15388
• Automated cherry pick of #15360: If the Cluster Name is not default the hubble relay shows TLS by @hakman in #15397
• Automated cherry pick of #15389: Support Cilium operator pod annotations by @hakman in #15390
• Automated cherry pick of #15319: Update containerd to v1.6.20
  #15358: update runc to 1.1.7
  #15378: Update containerd to v1.6.21 by @hakman in #15391
• Automated cherry pick of #15348: makefile: use go run to execute ko
  #15380: Update ko to v0.13.0 by @hakman in #15392
• Automated cherry pick of #15336: fix(cilium): install CNI plugin binary in an InitContainer by @hakman in #15443
• Automated cherry pick of #15462: Use API internal name as TLS server name in kubeconfig by @hakman in #15494
• Automated cherry pick of #15501: Update Go to v1.20.5 by @hakman in #15503
• Automated cherry pick of #15502: Debian 12 Bookworm: Fix DNS resolution by @hakman in #15504
• Release 1.26.4 by @hakman in #15511

Full Changelog: v1.26.3...v1.26.4

v1.27.0-alpha.2

What's Changed

• v1alpha3: Move GCE-specific CloudConfig settings to GCESpec by @johngmyers in #14837
• Update min versions for 1.27 by @johngmyers in #14869
• OWNERS needs to be synced to k8s.io by @johngmyers in #14872
• Fix file extension of 1.27 release notes by @johngmyers in #14873
• v1alpha3: Move AWS-specific CloudConfig settings to AWSSpec by @johngmyers in #14874
• Include kops-controller logs in toolbox dump by @johngmyers in #14876
• Simplify pointers to maps in API by @johngmyers in #14878
• Use short service name with discovery labels by @hakman in #14880
• Fix ingress status for loadbalancers that does not have publicname by @zetaab in #14888
• Include SSHCredentials in create cluster dryrun output by @johngmyers in #14897
• Documentation updates by @johngmyers in #14901
• APIServer nodes need cloudconfig by @johngmyers in #14882
• Etcd domains are now under .internal. by @johngmyers in #14902
• Improve validation of API loadbalancer specs by @johngmyers in #14883
• set loadbalancer configs before initializing the OS clients by @zetaab in #14887
• Update dependencies by @github-actions in #14906
• APIServer nodes also need apiserverAdditionalIPs by @johngmyers in #14907
• Move networking validations inside validateNetworking() by @johngmyers in #14881
• Make IsValidValue more useful for enum types by @johngmyers in #14909
• Don't require subnets on DO and Hetzner by @johngmyers in #14914
• Reduce use of cluster topology field by @johngmyers in #14915
• Add Context arg to vfs ReadFile by @justinsb in #14925
• Refactor away from using Cluster object in nodeup by @johngmyers in #14870
• OpenStack: include cloud config in normal nodes by @zetaab in #14932
• Improve error message when trying to use IPv6 with amazonvpc networking by @johngmyers in #14937
• Pull pki.Keystore out of fi.KeystoreReader by @johngmyers in #14935
• Use NodeupConfig for container-runtime configuration by @johngmyers in #14936
• Prune admission webhooks by @johngmyers in #14929
• Temporarily disable cluster-autoscaler in many-addons test by @johngmyers in #14934
• Do not include tags when searching existing volumes in OpenStack by @zetaab in #14923
• Don't tag public subnets for internal LBs in IPv6 clusters by @johngmyers in #14941
• gce: try to avoid concurrent IAM project operations by @justinsb in #14912
• Use NodeupConfig for kube-proxy config by @johngmyers in #14943
• Miscellaneous NodeupConfig refactoring by @johngmyers in #14947
• vfs: don't cache bucketDetails in S3Path by @justinsb in #14945
• Support multiple terraform file providers by @justinsb in #14926
• Refactor to reduce vfs -> terraformWriter dependency by @justinsb in #14944
• EnsureTask should panic by @justinsb in #14927
• Refactor terraform provider version logic by @justinsb in #14948
• v1alpha3: Move IG root volume settings to sub-struct by @johngmyers in #14885
• Bump cluster autoscaler to 1.26.1 by @olemarkus in #14952
• Allow built-in manifests to be replaced by external addons by @justinsb in #14955
• Revert "Temporarily disable cluster-autoscaler in many-addons test" by @olemarkus in #14953
• Update dependencies by @github-actions in #14957
• kubetest2-kops: include stderr when calling kops toolbox dump by @justinsb in #14958
• move openstack cloud config to k8s secrets by @zetaab in #14959
• kubetest: pass through KOPS_ARCH if set by @justinsb in #14961
• gce: KCM should not allocate IPs when CCM is in use. by @justinsb in #14962
• Bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #14964
• Fix kops version command when dev-building nodeup by @zcahana in #14965
• Bump EBS CSI driver to 1.14.1 by @olemarkus in #14966
• Upgrade k8s-dns-node-cache to 1.22.16 by @johngmyers in #14951
• Exit rolling updates when encountering specific errors by @jandersen-plaid in #14194
• scaleway: remove location environment variables by @Mia-Cross in #14972
• aws: Set IMDS defaults for existing clusters by @hakman in #14879
• Run pods needing control-plane instance credentials on hostNetwork by @johngmyers in #14913
• Update containerd to v1.6.15 by @hakman in #14974
• Feat(ca): priority expander config by @chubchubsancho in #14519
• Bump cert-manager to 1.10.2 by @olemarkus in #14981
• Update Go to v1.19.5 by @hakman in #14978
• Update release notes for kOps v1.26 by @hakman in #14860
• Use state store for nodeup.Config in Gossip clusters by @johngmyers in #14983
• AWS: set IMDS hop limit 1 on all new clusters by @johngmyers in #14884
• Populate cluster with default values in kops replace by @dimamo5 in #14920
• Infer the dns suffix from the cluster name for etcd-manager by @hakman in #14986
• OpenStack: Add support for clusters without DNS by @zetaab in #14930
• Update dependencies by @github-actions in #14990
• openstack: use subnet type instead of topology by @johngmyers in #14916
• Remove the SpecOverrideFlag feature flag by @hakman in #14839
• Rename version.go to kops-version.go by @johngmyers in #14993
• Add release note about CAS expander config by @olemarkus in #14998
• Use kops-controller to boostrap nodes in OpenStack by @zetaab in #14999
• Bump actions/dependency-review-action from 3.0.2 to 3.0.3 by @dependabot in #15005
• v1alpha3: Move most OIDC settings to authentication.oidc by @johngmyers in #14894
• Run kops-controller server on non-leaders as well by @johngmyers in #15002
• Move some networking settings to nodeup.Config by @johngmyers in #15004
• Upgrade AWS CCM to 1.25.2 by @johngmyers in #15011
• update OpenStack node identifier to use Identifier by @zetaab in #15006
• support multiple ConfigServers by @zetaab in #15000
• Move more networking settings into nodeup.Config by @johngmyers in #15016
• fix(sec): upgrade gopkg.in/yaml.v3 to 3.0.0 by @chncaption in #15021
• Upgrade Node Termination Handler to 1.18.3 by @johngmyers in #15020
• scaleway: refactoring: instance and tags by @Mia-Cross in #15022
• Update dependencies by @github-actions in #15026
• Fix LBC e2e after dropping override feature flag by @olemarkus in #15029
• Upgrade AWS LBC to v2.4.6 by @johngmyers in #15030
• gce cloud-controller-manager: Add nodes/patch permission by @justinsb in #15031
• Validate nonMasqueradeCIDR doesn't overlap additionalNetworkCIDRs by @johngmyers in #14997
• nodeup: don't set up masquerade if nonMasqueradeCIDR not set by @justinsb in #15033
• tests: Capture iptables chains by @justinsb in #15039
• Load e...

v1.26.3

Release v1.26.3

What's Changed

• Automated cherry pick of #14952: Bump cluster autoscaler to 1.26.1 by @hakman in #15222
• Automated cherry pick of #15235: Add terraform rendering to GCP HTTP Health Check
  #15237: gcp: Add placeholder integration test for public load by @hakman in #15239
• Automated cherry pick of #15231: Initial support for Debian 12 Bookworm by @hakman in #15236
• Automated cherry pick of #15238: aws: Use control-plane for additional policies instead of by @hakman in #15242
• Automated cherry pick of #15244: Fix behaviour for kops export kubeconfig --internal by @hakman in #15246
• Automated cherry pick of #15249: switch to use registry.k8s.io images for openstack by @zetaab in #15250
• Automated cherry pick of #15248: bump aws cni to 1.12.5 and align with vendor chart by @hakman in #15255
• Automated cherry pick of #15102: Retry creating failed OpenStack servers by @ederst in #15260
• Automated cherry pick of #15270: Update kube-router to v1.5.3 by @hakman in #15272
• Automated cherry pick of #15275: AWS: Check if vpc_ipv6_cidr_block is an empty string by @hakman in #15309
• Automated cherry pick of #15311: Increase max_map_count in sysctls.go by @hakman in #15313
• Automated cherry pick of #15314: Upgrade k8s-dns-node-cache to 1.22.20 by @hakman in #15315
• Release 1.26.3 by @johngmyers in #15371

Full Changelog: v1.26.2...v1.26.3

v1.26.2

Significant changes

• The default networking provider for new clusters is now Cilium.

• Control-plane instance groups in new clusters are now created with names starting
  with "control-plane-". The names of groups for existing clusters are unchanged.

• The channels CLI that kOps use to manage addons is now bundled with the kOps binary. These commands are useful for addon diagnostics and troubleshooting. For example, to list installed addons, run kops toolbox addons get addons.

• Since kOps 1.24, by default during rolling updates, kOps will time out after
  spending 15 minutes on an InstanceGroup (instead of hanging indefinitely on
  eviction errors), proceeding to the next InstanceGroup after timing out.
  As of kOps 1.26, rolling updates will not proceed if a cluster validation
  error is encountered while updating an InstanceGroup.

AWS

• Clusters can be created without DNS or Gossip, by using the --dns=none flag.

• Bastions are now fronted by a Network Load Balancer.

• Instance group images can now be dynamically fetched through an AWS SSM Parameter.

• The AWS Load Balancer, when enabled, will run on worker nodes if IRSA is enabled as of Kubernetes version 1.24.

• As of Kubernetes version 1.26 and with IRSA enabled, control plane nodes will now run with a max hop limit of 1 for the metadata service. This will prevent Pods without host networking from accessing the instance metadata service.

• IPv6 is now beta. New IPv6 clusters now default to using private topology.

• CapacityRebalance can be enabled/disabled on ASGs through a new capacityRebalance field in InstanceGroup specs.

• New clusters can more easily be configured to use Cilium in ENI mode by setting --networking=cilium-eni.

• Node Termination Handler now defaults to Queue-Processor mode. It also now enables Scheduled Event Draining by default.

• Node Termination Handler, when in Queue-Processor mode, no longer drains on rebalance recommendations unless configured to do so.

• When an S3 bucket for Service Account Issuer Discovery (IRSA) is public, kOps no longer sets object-level ACLs on the files placed therein.

GCP

• Clusters can be created without DNS or Gossip, by using the --dns=none flag (experimental).

• The default instance type is now e2-medium for control-plane and worker nodes, and e2-micro for bastions.

Hetzner

• Clusters can be created without DNS or Gossip, by using the --dns=none flag.

OpenStack

• Clusters can be created without DNS or Gossip, by using the --dns=none flag.

• When creating new clusters kOps now sets the cluster name flag for the external OpenStack cloud controller (OCCM) and the Cinder CSI plugin.

Other changes of note

• containerd config is now written to /etc/containerd/config.toml.

• Cilium can be configured to add unreachable route for pod IP on deletion.

Breaking changes

Other breaking changes

• Support for Kubernetes version 1.20 has been removed.

• Support for CloudFormation has been removed.

• The experimental support for using Vault as a state store has been removed.

• Support for automated reboots with Flatcar has been removed. Use FLUO instead, to gracefully reboot nodes.

• The "external" networking option is not supported for Kubernetes 1.26 or later. For "bring your own"
  CNIs, use the "cni" networking option instead.

• If the cluster autoscaler is configured to use the priority expander, kOps will automatically create its ConfigMap. If you still want to manage the ConfigMap manually, set spec.clusterAutoscaler.createPriorityExpanderConfig: false. See the documentation for more details.

Deprecations

• The "kops get [CLUSTER]" command is deprecated. It is replaced by "kops get all [CLUSTER]".

• Support for Kubernetes version 1.21 is deprecated and will be removed in kOps 1.27.

• Support for Kubernetes version 1.22 is deprecated and will be removed in kOps 1.28.

• Support for Ubuntu 18.04 is deprecated and will be removed in kOps 1.28.

• Support for AWS Classic Load Balancer for API is deprecated and should not be used for newly created clusters.

• All legacy addons are deprecated in favor of managed addons, including the metrics server addon and the autoscaler addon.

Help Wanted

• kOps needs maintainers for Canal, Flannel, Kube-Router, and Spotinst to keep versions up to date and move the integration from experimental to stable.
  If no volunteers step up by the time kOps 1.27 is released, support will be phased out.

What's Changed

• support for scaleway in s3 buckets by @Mia-Cross in #14214
• AWS IAM Role listing: don't ignore "other" errors by @justinsb in #14215
• Some minor docs fixes by @olemarkus in #14221
• Update dependencies by @github-actions in #14222
• Remove warning for FindClusterStatus not implemented for Hetzner by @hakman in #14223
• Add support for installing dcgm exporter by @olemarkus in #14203
• Release notes for 1.23.4 by @justinsb in #14230
• Makefile: Don't assume GOBIN is set by @justinsb in #14232
• Release notes for 1.24.2 by @justinsb in #14231
• Update Calico and Canal to v3.24.1 by @hakman in #14225
• Update Flannel to v0.19.2 by @hakman in #14226
• applylib: Better health checking by @justinsb in #14234
• Bump cluster-autoscaler images by @olemarkus in #14235
• Allow cert-manager the privileges needed to resolve dns-01 challenges by @olemarkus in #14229
• GCE: change default control-plane instance type to e2-medium by @justinsb in #14233
• Small release notes cleanup for 1.25 by @olemarkus in #14237
• Add suport to --cordon-node-before-terminating autoscaler flag by @dcfranca in #14236
• Fix openstack tag limitation by @akkina2107 in #13853
• Bump versions in netlify and mkdocs by @rifelpet in #14248
• aws-node-termination-handler to match node using providerID instead of AWS DNS name by @anthonyhaussman in #14244
• Update dependencies by @github-actions in #14250
• kOps managed OIDC provider is no longer needed for IRSA by @olemarkus in #14243
• Update recommended kOps versions in alpha and stable by @moshevayner in #14252
• AWS LBC needs ec2:DescribeVpcPeeringConnections for IPv6 by @johngmyers in #14255
• Add back missing permissions for legacy CCM. Again. by @olemarkus in #14253
• Fix CAS cordon flag by @olemarkus in #14254
• Bump verbosity level for some log statements by @olemarkus in #14260
• Warm pool-enabled ASGs scaled to zero will no longer panic by @olemarkus in #14251
• Bump aws-cni to v1.11.4 by @moshevayner in #14265
• aws-cni clusterRole fix by @moshevayner in #14272
• bump k8s versions in alpha with September releases by @moshevayner in #14278
• rolling-update: don't deregister our only apiserver by @justinsb in #13163
• Update dependencies by @github-actions in #14280
• Delete the oldest servers when over the desired count for Hetzner by @hakman in #14282
• Release notes for 1.24.3 by @olemarkus in #14281
• [Docs] Fix karpenter link by @jorge07 in #14284
• Bump stable and alpha channels with latest k8s/kops releases by @olemarkus in #14288
• Prevent kops edit cluster from writing the populated IG spec to state store by @olemarkus in #14287
• User IG without image should be allowed by @olemarkus in #14290
• Remove k8s GTE 1.20 checks as it is always true by @olemarkus in #14291
• Add support for using an existing network for Hetzner by @hakman in #14294
• Update Hetzner CCM to v1.13.0 by @hakman in #14297
• hetzner: Move out of alpha and drop feature flag by @hakman in #14299
• Add release 1.25.0 to channels by @hakman in #14306
• Release notes for 1.25.0 by @hakman in #14305
• Remove support for K8s 1.20 by @olemarkus in #14307
• Hetzner: Generate CCM args from external CCM config by @hakman in ht...

v1.25.4

What's Changed

• Automated cherry pick of #14667: We no longer release an images.tar.gz by @hakman in #14673
• Automated cherry pick of #14704: Update OWNERS files by @hakman in #14757
• Automated cherry pick of #14734: Update etcd to v3.5.6
  #14752: Update etcd-manager to v3.0.20221209 by @hakman in #14755
• Automated cherry pick of #14779: Update Go to v1.19.4 by @hakman in #14780
• Update dependencies by @hakman in #14781
• Automated cherry pick of #14782: Update containerd to v1.6.12 by @hakman in #14783
• Automated cherry pick of #14789: Update containerd to v1.6.13 by @hakman in #14790
• Automated cherry pick of #14815: Update containerd to v1.6.14 by @hakman in #14816
• Automated cherry pick of #14848: Validate control-plane IG size by @hakman in #14849
• Automated cherry pick of #14880: Use short service name with discovery labels by @johngmyers in #14895
• Automated cherry pick of #14902: etcd domains are now under .internal. by @johngmyers in #14904
• Automated cherry pick of #14974: Update containerd to v1.6.15 by @hakman in #14976
• Automated cherry pick of #14978: Update Go to v1.19.5 by @hakman in #14980
• Automated cherry pick of #14993: Rename version.go to kops-version.go by @johngmyers in #14994
• Automated cherry pick of #15002: Run kops-controller server on non-leaders as well by @johngmyers in #15010
• Automated cherry pick of #15011: Upgrade AWS CCM to 1.25.2 by @johngmyers in #15013
• Automated cherry pick of #15072: Update containerd to v1.6.16 by @hakman in #15074
• Automated cherry pick of #15088: Update etcd to v3.5.7 by @hakman in #15089
• Automated cherry pick of #15096: Use ubuntu18.04 repos for nvidia-container-toolkit by @zetaab in #15101
• Automated cherry pick of #15105: aws: Remove S3 region validation by @hakman in #15107
• Automated cherry pick of #15134: Use registry.k8s.io for legacy addons by @hakman in #15137
• Automated cherry pick of #15131: Update containerd to v1.6.17 by @hakman in #15133
• Automated cherry pick of #15153: Add terraform target support for configuring Warm Pool by @hakman in #15155
• Automated cherry pick of #15160: Update Go to v1.19.6 by @hakman in #15162
• Automated cherry pick of #15169: update openstack csi & ccm versions by @zetaab in #15171
• Automated cherry pick of #15159: Update containerd to v1.6.18 by @hakman in #15164
• Automated cherry pick of #15040: gce: When using network native pod IPs, open firewall to by @hakman in #15189
• Automated cherry pick of #15198: Update Go to v1.19.7 by @hakman in #15200
• Release 1.25.4 by @hakman in #15202

Full Changelog: v1.25.3...v1.25.4