typhoon

• Kubernetes v1.26.0
• Update etcd from v3.5.5 to v3.5.6
• Update Cilium from v1.12.3 to v1.12.4
• Update flannel from v0.15.1 to v0.20.2
• Reminder: Modules are no longer published to the Terraform Module Registry (#1282)
  • See #1282 and v1.25.4 for details

AWS

• Migrate AWS launch configurations to launch templates (#1275)
  • Starting Dec 31, 2022 AWS won't add new instance types/families to launch configurations

Addons

• Update ingress-nginx from v1.3.1 to v1.5.1
• Update Prometheus from v2.40.1 to v2.40.5
• Update node-exporter from v1.3.1 to v1.5.0
• Update kube-state-metrics from v2.6.0 to v2.7.0
• Update Grafana from v9.2.4 to v9.3.1

• Kubernetes v1.25.4
• Update Calico from v3.24.1 to v3.24.5
• Allow Kubelet kubeconfig to drain nodes, if desired (#330)
• Re-enable Kubelet Graceful Node Shutdown (#1261)
  • Introduce companion project poseidon/scuttle
• Link to new Mastodon account for release announcements
  • @[email protected]
  • @[email protected]
• Deprecate publishing to the Terraform Module Registry
  • Typhoon docs have always shown using Git-based module sources, not the Terraform Module Registry
  • Module usage should be source = "git::https://github.com/poseidon/typhoon/... not source = poseidon/kubernetes/...
  • Terraform's Module Registry requires subtree mirroring typhoon to special terraform-platform-kubernetes repos, only supports release versions (no commit SHAs or forks), only ever contained Flatcar Linux modules (not Fedora CoreOS) for historical reasons
  • Note, this does not affect Terraform Providers like poseidon/matchbox or poseidon/ct, the registry works well for providers

Fedora CoreOS

• Remove unused Wants=network.target from etcd-member.service (#1254)

Cloud

• Remove defunct delete-node.service from worker node configurations (#1256)

Addons

• Update Prometheus from v2.39.1 to v2.40.1
• Update Grafana from v9.1.7 to v9.2.4

• Kubernetes v1.25.3
• Switch Kubernetes registry from k8s.gcr.io to registry.k8s.io for addons (#1246)
• Update Cilium from v1.12.2 to v1.12.3 (#1253)

Azure

• Change default Azure worker_type from Standard_DS1_v2 to Standard_D2as_v5 (#1248)
  • Get 2 VCPU, 7 GiB, 12500Mbps (vs 1 VCPU, 3.5GiB, 750 Mbps)
  • Small increase in pay-as-you-go price ($53.29 -> $62.78)
  • Small increase in spot price ($5.64/mo -> $7.37/mo)
  • Change from Intel to AMD EPYC (D2as_v5 cheaper than D2s_v5)

Flatcar Linux

• Add Flatcar Linux ARM64 support on Azure (docs, #1251)
• Switch from Azure Hypervisor gen1 to gen2 (action required) (#1248)
  • Run az vm image terms accept --publish kinvolk --offer flatcar-container-linux-free --plan stable-gen2

Docs

• Remove old docs note about not supporting ARM64 with Calico
  • Typhoon supports ARM64 with cilium, calico, and flannel

Addons

• Update Prometheus from v2.38.0 to v2.39.1
• Update Grafana from v9.1.6 to v9.1.7

• Kubernetes v1.25.1
• Update etcd from v3.5.4 to v3.5.5
• Update Cilium from v1.12.1 to v1.12.2
• Update Calico from v3.23.3 to v3.24.1
• Revert Kubelet Graceful Node Shutdown on worker nodes (#1227)
  • Fix issue where non-critical pods are left in Error/Completed state on node shutdown
• Remove feature flag disable workaround for kubernetes/kubernetes#112081
  • Kubernetes reverted LocalStorageCapacityIsolationFSQuotaMonitoring back to alpha
• Remove workaround for preventing search . propagation in kubernetes/kubernetes#112135
  • Upstream Kubernetes fix

Addons

• Update kube-state-metrics from v2.5.0 to v2.6.0
• Update ingress-nginx from v1.3.0 to v1.3.1
• Update Grafana from v9.1.0 to v9.1.6

• Kubernetes v1.25.0
  • Disable LocalStorageCapacityIsolationFSQuotaMonitoring feature gate (#1220, fixes kubernetes#112081)
  • Add workaround to revert adding "search ." to containers' /etc/resolv.conf (#1224, fixes kubernetes#112135)
• Migrate most Kubelet flags to KubeletConfiguration file (#1219)
• Configure Kubelet Graceful Node Shutdown (#1222)
  • Allow up to 30s for critical pods to gracefully shutdown on node shutdown
  • Allow up to 15s for regular pods to gracefully shutdown on node shutdown
  • Mark node NotReady promptly on node shutdown
  • Lengthen systemd inhibitor lock max delay from 5s to 45s

Fedora CoreOS

• Change Podman log-driver from journald to k8s-file (#1221)
  • Fix etcd-member and Kubelet systemd service log lines appearing twice in journal logs

• Kubernetes v1.24.4
• Update CoreDNS from v1.8.6 to v1.9.3
• Update Cilium from v1.11.7 to v1.12.1
• Update Calico from v3.23.1 to v3.23.3
• Switch Kubernetes registry from k8s.gcr.io to registry.k8s.io (#1206)
• Remove use of deprecated Terraform template provider (#1194)

Flatcar Linux

• Migrate Flatcar Linux from Ignition spec v2.3.0 to v3.3.0 (#1196) (action required)
  • Flatcar Linux 3185.0.0+ supports Ignition v3.x specs (which are rendered from Butane Configs, like Fedora CoreOS)
  • poseidon/ct v0.11.0 supports the flatcar Butane Config variant
  • Require poseidon/ct v0.11+ and Flatcar Linux 3185.0.0+
• Please modify any Flatcar Linux snippets to use the Butane Config format (action required)

variant: flatcar
version: 1.0.0
...

Fedora CoreOS

• Remove ineffective /etc/fedora-coreos/iptables-legacy.stamp (#1201)
  • Typhoon already uses iptables v1.8.7 (nf_tables) since FCOS 36
  • Staying on legacy iptables required a file in /etc/coreos instead

AWS

• Refresh instances in autoscaling group when launch configuration changes (#1208) (docs, important)
  • Worker launch configuration changes start an autoscaling group instance refresh to replace instances
  • Instance refresh creates surge instances, waits for a warm-up period, then deletes old instances
  • Changing worker_type, disk_*, worker_price, worker_target_groups, or Butane worker_snippets on existing worker nodes will replace instances
  • New AMIs or changing os_stream will be ignored, to allow Fedora CoreOS or Flatcar Linux to keep themselves updated
  • Previously, new launch configurations were made in the same way, but not applied to instances unless manually replaced
• Rename worker autoscaling group ${cluster_name}-worker (#1202)
  • Rename launch configuration ${cluster_name}-worker instead of a random id

Google

• Roll instance template changes to worker managed instance groups (#1207) (docs, important)
  • Worker instance template changes roll out by gradually replacing instances
  • Automatic rollouts create surge instances, wait for health checks, then delete old instances (0 unavailable instances)
  • Changing worker_type, disk_size, worker_preemptible, or Butane worker_snippets on existing worker nodes will replace instances
  • New compute images or changing os_stream will be ignored, to allow Fedora CoreOS or Flatcar Linux to keep themselves updated
  • Previously, new instance templates were made in the same way, but not applied to instances unless manually replaced
• Add health checks to worker managed instance groups (i.e. "autohealing") (#1207)
  • Use health checks to probe kube-proxy every 30s
  • Replace worker nodes that fail the health check 6 times (3min)
• Name kube-apiserver and worker health checks consistently (#1207)
  • Use name ${cluster_name}-apiserver-health and ${cluster_name}-worker-health
• Rename managed instance group from ${cluster_name}-worker-group to ${cluster_name}-worker (#1207)
• Fix bug provisioning clusters with multiple controller nodes (#1195)

Addons

• Update Prometheus from v2.37.0 to v2.38.0
• Update Grafana from v9.0.3 to v9.1.0

• Kubernetes v1.24.3
• Update Cilium from v1.11.6 to v1.11.7

Addons

• Update ingress-nginx from v1.2.1 to v1.3.0
• Update Prometheus from v2.36.1 to v2.37.0
• Update Grafana from v8.5.6 to v9.0.3

Notes

• Poseidon repos will soon change their default branch from master to main

• Kubernetes v1.24.2
• Update Cilium from v1.11.5 to v1.11.6
• Update Calico from v3.22.2 to v3.23.1

Addons

• Update Prometheus from v2.36.0 to v2.36.1
• Update Grafana from v8.5.3 to v8.5.6
• Update kube-state-metrics from v2.4.2 to v2.5.0

Known Issues

• Skip AWS Terraform provider v4.17.0 to v4.19.0, which had a regression affecting workers joining (#1173)

• Kubernetes v1.24.1
• Update Cilium from v1.11.4 to v1.11.5

Addons

• Update Prometheus from v2.35.0 to v2.36.0
• Update Grafana from v8.5.1 to v8.5.3
• Update nginx-ingress from v1.2.1 to v1.2.1

• Kubernetes v1.24.0
• Update etcd from v3.5.2 to v3.5.4
• Add Kubelet mounts to enable relabeling workload volumes (#1152)
  • StorageClass no longer require explicit SELinux mount contexts

Addons

• Update nginx-ingress from v1.1.3 to v1.2.0
• Update Prometheus from v2.34.0 to v2.35.0
• Update Grafana from v8.4.5 to v8.5.1

• Kubernetes v1.23.6
• Update Cilium from v1.11.2 to v1.11.4
• Rename Cilium DaemonSet from cilium-agent to cilium to match Cilium CLI tools (#303)
• Update Calico from v3.22.1 to v3.22.2
• Mount /etc/machine-id from host into Kubelet (#1143)
• Remove deprecated use of key_algorithm in hashicorp/tls resources

Azure

• Allow upgrading Azure Terraform provider to v3.x (#1144)
• Rename worker_address_prefix output to worker_address_prefixes

Google Cloud

• Fix issue on Flatcar Linux with controller nodes not ignoring os image changes (#1149)
  • Nodes will auto-update, Terraform should not attempt to delete/recreate them

Addons

• Update nginx-ingress from v1.1.2 to v1.1.3
• Update Prometheus from v2.33.5 to v2.34.0
• Update Grafana from v8.4.4 to v8.4.5

• Kubernetes v1.23.5
• Update Cilium from v1.11.1 to v1.11.2
• Update Calico from v3.21.2 to v3.22.1
  • Fix calico#5011, broken since v1.23.0

Addons

• Refresh Prometheus rules and Grafana dashboards (#1136)
• Update nginx-ingress from v1.1.1 to v1.1.2
• Update Prometheus from v2.33.3 to v2.33.5
• Update Grafana from v8.4.1 to v8.4.3
• Update kube-state-metrics from v2.3.0 to v2.4.2

• Kubernetes v1.23.4
• Update etcd from v3.5.1 to v3.5.2
• Change default CNI networking provider from calico to cilium (#1114)

AWS

• Allow upgrading AWS Terraform Provider to v4.x

Addons

• Align nginx-ingress --controller-class with IngressClass
  • Watch only public IngressClass objects, better example
• Update Prometheus from v2.32.1 to v2.33.3
• Update Grafana from v8.3.6 to v8.4.1

• Kubernetes v1.23.3

Flatcar Linux

Google Cloud

• Switch to using official Kinvolk Flatcar Linux images
• Promote Typhoon on Flatcar Linux / Google Cloud to stable
• Change os_image to flatcar-stable, flatcar-beta, or flatcar-alpha (action required)

Many thanks to Poseidon's Sponsors. Please consider supporting this project.

• Kubernetes v1.23.2
• Update Cilium from v1.11.0 to v1.11.1
• Remove Kubelet flag --network-plugin. Unused since docker-shim isn't used (#1106)

DigitalOcean

• Upgrade DigitalOcean Terraform provider to v2.x (#1109)

Fedora CoreOS

• Switch Kubernetes Container Runtime from docker to containerd (#1101)
• Mask docker.service to prevent it from being socket activated (#1105)

Flatcar Linux

AWS

• Add experimental Flatcar Linux ARM64 support (docs, #1102)
  • Add arch variable to AWS kubernetes and workers modules
  • Allow arm64 full-cluster or mixed/hybrid cluster with arm64 workers
  • Requires flannel or cilium CNI provider

Addons

• Update nginx-ingress from v1.1.0 to v1.1.1
• Update Grafana from v8.3.3 to v8.3.4

Known Issues

• Calico does not yet support Kubernetes v1.23, use flannel or cilium (calico#5011)

• Kubernetes v1.23.1
• Workaround Terraform v1.1 regression in file provisioner (#1093)

Flatcar Linux

• Switch Kubernetes Container Runtime from docker to containerd (#1087)

Addons

• Configure Prometheus to allow a custom scrape query parameter (#1095)
• Configure Prometheus to probe Kubernetes Ingress via blackbox-exporter (#1096)
• Fix Prometheus Service probes to use blackbox-exporter, not blackbox (#1096)

• Kubernetes v1.23.0
• Normalize CA cert mounts in static Pods and kube-proxy (#1078)
• Set Kubelet resolver config to /run/systemd/resolve/resolv.conf (#1082)
• Update Cilium from v1.10.5 to v1.11.0 (#1083)
• With Calico, add missing caliconodestatuses CRD (#289)
• Change enable_aggregation default to true (#279)
• Remove deprecated --port from kube-scheduler (#1078)

AWS

• Change controller node default disk_iops to 3000 (#1073)

Azure

• Fix warning about deprecated backend_address_pool_id (#1086)

Fedora CoreOS

• Fix Fedora ARM64 workers to official Fedora CoreOS AMIs (#1072)
  • Should have been changed alongside controller AMIs in (#1038)
  • Old Poseidon built ARM64 AMIs have been deleted

Addons

• Update nginx-ingress from v1.0.5 to v1.1.0
• Update Prometheus from v2.31.1 to v2.32.0
• Update kube-state-metrics from v2.2.4 to v2.3.0
• Update node-exporter from v1.3.0 to v1.3.1
• Update Grafana from v8.2.4 to v8.3.3

Known Issues

• Calico does not yet support Kubernetes v1.23.0, use flannel or cilium (calico#5011)

• Kubernetes v1.22.4
• Update CoreDNS from v1.8.4 to v1.8.6
• Update Calico from v3.20.2 to v3.21.0
• Update flannel from v0.14.0 to v0.15.1

Google

• Allow use of Terraform provider google v4.0+

Flatcar Linux

• Change Kubelet mounts for cgroups v2 (#1064)
• Update cgroup driver from cgroupfs to systemd (Flatcar Linux changed default) (#1064)

Addons

• Update Prometheus from v2.30.3 to v2.31.1
• Update node-exporter from v1.2.2 to v1.3.0
• Update kube-state-metrics from v2.2.3 to v2.2.4
• Update Grafana from v8.2.1 to v8.2.4
• Update nginx-ingress from v1.0.4 to v1.0.5

• Kubernetes v1.22.3
• Update etcd from v3.5.0 to v3.5.1
• Update Cilium from v1.10.4 to v1.10.5
• Update Calico from v3.20.1 to v3.20.2
  • Use Calico's iptables legacy vs nft auto-detection
• Update flannel from v0.13.0 to v0.14.0
• Change enable_aggregation default to true (#279)

Bare-Metal

• Require Terraform provider poseidon/matchbox v0.5+ (#1048)

Addons

• Update nginx-ingress from v1.0.0 to v1.0.4
• Update Prometheus from v2.29.2 to v2.30.3
• Update kube-state-metrics from v2.2.0 to v2.2.3
• Update Grafana from v8.1.2 to v8.2.1

v1.22.2

• Kubernetes v1.22.2
• Update Cilium from v1.10.3 to v1.10.4
• Update Calico from v3.20.0 to v3.20.1
• Fix access to ClusterIP services with Cilium (#276)

Fedora CoreOS

• Use Fedora CoreOS ARM64 AMIs (#1038)
  • Poseidon-built AMIs will be deleted after October 1, 2021 (action required)

Addons

• Update Prometheus from v2.29.1 to v2.29.2
• Update kube-state-metrics from v2.1.1 to v2.2.0