Releases: kubernetes-sigs/kubespray
Releases · kubernetes-sigs/kubespray
v2.8.3 - Security Patch (CVE-2019-5736)
[SECURITY] Docker patches for CVE-2019-5736 (#4223)
This updates docker 18.06 and 18.09 with the two patches released
yesterday to address the new runc exploit. Details here:
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
v2.8.2
v2.8.1
This release includes the following changes.
Changes
- Added Kubernetes version 1.12.4
Fixes
Stop if RBAC and anonymous-auth are not enabled when insecure port is disabled
failed when running on non-masters.Remove kube-ipvs0
now works on cluster reset.Clear IPVS virtual server table
now only runs on kubernetes nodes and masters.- Move node-cidr-mask-size to ControllerManagerextraArgs
- Fixup line breaks for kubeadm SANs
- Fix apiServerCertSANs in kubeadm config file
v2.8.0
This release includes the following changes.
Deprecation / Removal
- None kubeadm deployment mode (
kubeadm_enabled: false
) is now deprecated and will be removed in 2.9 - Vault has been removed
Major changes:
- Kubeadm as default deployment mode
- Download CNI binaries instead of copying from containers
- Add support for setting custom node taints
- Kubernetes apiserver insecure port disabled by default
- Updated Docker and etcd versions
- Added priority class to all deployments (also for non-kubeadm deployments)
- Support multiple local volume provisioner StorageClasses
- Static tokens and basic auth now works with Kubeadm deployment mode (was broken in 2.7)
- Cloud Provider deployments with kubeadm now works
Applications
- Metrics Server is now added as an addon
- Add support to set tolerations for ingress-nginx
Network
- Added support for Kube-Router (Thanks to @jjo)
- Added support for Multus (Thanks to @Kusanagi9999)
- Fix DNS loop when
resolvconf_mode
is set tohost_resolvconf
- Kube Proxy mode now defaults to
ipvs
- DNS Autoscaler now works for both KubeDNS and CoreDNS (see notes)
- DNS Mode now defaults to
coredns
Component versions:
- Kubernetes 1.12.3
- Etcd 3.2.24
- Docker 18.06
- Rkt 1.21.0
- Cri-O 1.11.5
- Calico 3.1.3
- Cilium 1.3.0
- Contiv 1.2.1
- Flannel 0.10.0
- Kube-Router 0.2.1
- Multus 3.1-autoconf
- Weave 2.5.0
- KubeDNS 1.14.13
- CoreDNS 1.2.6
- Helm 2.11.0
Notes
- Renamed variable
kubedns_min_replicas
todns_min_replicas
v2.7.0
This release includes the following changes.
!!! Update (16-10-2018 @woopstar)
- etcd setup fails with Ansible 2.7. Either use Ansible 2.6 or apply the PR from #3486
Major changes:
- Added kubernetes audit support
- Added kubernetes Dynamic Kubelet Configuration support
- Added ARM support
- Added Cri-o support, Only on centos based OS
- Added Cloud provider support for OCI (Oracle Cloud Infrastructure)(experimental)
- Added Nvidia GPU support(experimental)
- Added a deployment document for offline environment
- Support for AWS cloud-config
- Ubuntu18.04 support
- Fedora 28 support
- Working on initial support for workloads on Windows
- Remove EFK from kubernetes-apps roles #3352
- Heketi/GlusterFS support
- MetalLB as load balancer for on-premise deployments support
- Adding pod priority for all the components (Priority Classes)
- kube_basic_auth and kube_token_auth now works with kubeadm deployments
- kubeadm deployment has been updated to be in sync with non-kubeadm deployments
kubelet_node_custom_flags
variable has been added to set kubelet flags only on nodes
Component versions:
- Kubernetes 1.11.3
- Etcd 3.2.18
- Flannel 0.10.0
- Cilium 1.2.0
- Contiv 1.2.1
- Weave 2.4.1
- Calico 3.1.3
- Docker 17.03
- Rkt 1.21.0
- Cri-O 1.11.5
- KubeDNS 1.14.13
- CoreDNS 1.2.2
- Helm 2.9.1
Known issues
- Deploy calico failed when using cri-o runtime #3275
- CoreDNS DNS loop when resolvconf_mode is set to host_resolvconf #3390
- Remove file download when docker engine is used #3302
- Cloud Provider deployments with kubeadm do not work yet #3766
Notes
We will we be deprecating the non-kubeadm deployment soon and switch towards using only kubeadm deployments as the new default.
v2.6.0
This release includes the following changes.
Major changes:
- Refactored vault to use hashivault module
- OpenSUSE support
Component versions:
- Kubernetes 1.10.4
- Etcd 3.2.18
- Flannel 0.10.0
- Cilium 1.1.2
- contiv 1.1.7
- Weave 2.4.0
- Calico 2.6.8
- Docker 17.03
- Kube-dns 1.14.10
- Coredns 1.1.2
- Helm 2.9.1
v2.5.0
This release includes the following changes.
Major changes:
- Switched to Google's hyperkube docker container (was CoreOS) due to glusterfs support
- New addon: ingress-nginx
- New addon: registry
- Added support for ipvs kube-proxy mode
- Added remove-node.yml playbook (taint and remove node from cluster)
- Credentials are now stored in inventory directory
- Added experimental support for OpenSuse
- Added experimental CoreDNS support
- Added experimental support for Cilium as network provider
- Deprecated kubespray-cli
Component versions:
- Kubernetes 1.9.5
- Etcd 3.2.4
- Flannel 0.10.0
- Cilium 1.0.0-rc8
- contiv 1.1.7
- Weave 2.2.1
- Calico 2.6.8
- Docker 17.03
- Istio 0.2.6
- Kube-dns 1.14.8
- Coredns 1.1.0
- Helm 2.8.1
v2.4.0
v2.3.0
This release includes the following changes.
Major changes:
- Full RBAC support
- New addon: istio
- etcd scaling
- All network plugins are deployed with CNI as daemonsets
- Experimental kubeadm support
- Container and file downloads are consolidated
Component versions:
- Kubernetes v1.8.1
- Docker 1.13.1
- etcd v3.2.4
- Rkt v1.21.0 (optional)
- Calico v2.5.0
- Weave 2.0.4
- Flannel v0.8.0
Security
- RBAC is enabled and may affect upgrades.
Known issues
- CoreOS with Canal on GCE does not work. It works fine on any other platform.
- Vault deployment mode does not work with kubeadm (but can still be used for etcd certificates).
Action items for users upgrading to v2.3.0
- If you switch to kubeadm deployment mode, all pods in kube-system namespace will get restarted. All other pods will have their service account tokens reset because of the necessary certificate regeneration. Delete the relevant secret for the ServiceAccount and restart the pods to restore functionality.
Additional notes
- Kubeadm can be enabled by setting
kubeadm_enabled: true
. Both new and existing clusters can be switched to kubeadm mode.
v2.2.0
This release includes the following changes.
Major changes:
- RBAC support for core components (optional add-ons are not included)
- Reintroduced Vault support
- Masters are now marked unschedulable via taints
- Flannel is now setup with CNI
Component versions:
- Kubernetes v1.7.3
- Docker 1.13.1
- etcd v3.2.4
- Rkt v1.21.0 (optional)
- Calico v2.4.1
- Weave 2.0.1
- Flannel v0.8.0
Security
- It is now possible to enable RBAC upon upgrade.