typhoon

• Kubernetes v1.22.1
• Update Calico from v3.19.1 to v3.20.0

Addons

• Update nginx-ingress from v1.0.0-beta.1 to v1.0.0
• Update Prometheus from v2.28.1 to v2.29.1
• Update Grafana from v8.1.1 to v8.1.2

• Kubernetes v1.22.0
• Update etcd from v3.4.16 to v3.5.0
• Switch kube-controller-manager and kube-scheduler to use secure port only
  • Update Prometheus config to discover endpoints and use a bearer token to scrape

Fedora CoreOS

• Add Cilium cgroups v2 support on Fedora CoreOS
• Update Butane Config version from v1.2.0 to v1.4.0
  • Rename Fedora CoreOS Config to Butane Config
  • Require any snippets customizations to update to v1.4.0

Addons

• Update nginx-ingress from v0.47.0 to v1.0.0-beta.1
• Update node-exporter from v1.2.0 to v1.2.2
• Update kube-state-metrics from v2.1.0 to v2.1.1
• Update Grafana from v8.0.6 to v8.1.1

• Kubernetes v1.21.3
• Update Cilium from v1.10.1 to v1.10.3
• Require poseidon/ct Terraform provider v0.9+ (notes)

AWS

• Change default disk type from gp2 to gp3 (#1012)

Addons

• Update Prometheus from v2.28.0 to v2.28.1
• Update node-exporter from v1.1.2 to v1.2.0
• Update Grafana from v8.0.3 to v8.0.6

• Kubernetes v1.21.2
• Add Terraform v1.0.x support (#974)
  • Continue to support Terraform v0.13.x, v0.14.4+, and v0.15.x
• Update CoreDNS from v1.8.0 to v1.8.4
• Update Cilium from v1.9.6 to v1.10.1
• Update Calico from v3.19.0 to v3.19.1

Fedora CoreOS

AWS

• Extend experimental Fedora CoreOS arm64 support with Cilium
  • CNI provider may now be flannel or cilium (new)

Bare-Metal

• Workaround systemd path unit issue fedora-coreos-tracker/#861

DigitalOcean

• Workaround systemd path unit issue fedora-coreos-tracker/#861

Known Issues

• Cilium with recent Fedora CoreOS will have networking issues (fedora-coreos#881)

Addons

• Update kube-state-metrics from v2.0.0 to v2.1.0
• Update Prometheus from v2.27.0 to v2.28.0
• Update Grafana from v7.5.6 to v8.0.3
• Update nginx-ingress from v0.46.0 to v0.47.0

• Kubernetes v1.21.1
• Add Terraform v0.15.x support (#974)
  • Continue to support Terraform v0.13.x and v0.14.4+
• Update etcd from v3.4.15 to v3.4.16
• Update Cilium from v1.9.5 to v1.9.6
• Update Calico from v3.18.1 to v3.19.0

AWS

• Reduce the default disk_size from 40GB to 30GB (#983)

Azure

• Reduce the default disk_size from 40GB to 30GB (#983)

Google Cloud

• Reduce the default disk_size from 40GB to 30GB (#983)

Fedora CoreOS

• Update Kubelet mounts for cgroups v2 (#978)

Addons

• Update kube-state-metrics from v2.0.0-rc.1 to v2.0.0
• Update Prometheus from v2.25.2 to v2.27.0
• Update Grafana from v7.5.3 to v7.5.6
• Update nginx-ingress from v0.45.0 to v0.46.0

v1.21.0

• Kubernetes v1.21.0
  • Enable tokencleaner controller (#969)
  • Enable kube-scheduler and kube-controller-manager separate authn/z kubeconfig
  • Change CNI config location from /etc/kubernetes/cni/net.d to /etc/cni/net.d (#965)
  • Change kube-controller-manager to mount /var/lib/kubelet/volumeplugins directly
  • Remove unused cloud-provider flags
• Update Fedora CoreOS Config version from v1.1.0 to v1.2.0 (#970)
  • Require poseidon/ct Terraform provider v0.8+ (notes)
  • Require any snippets customizations to update to v1.2.0

AWS

• Allow setting custom initial node taints on worker pools (#968)
  • Add node_taints variable to internal workers pool module to set initial node taints
  • Add daemonset_tolerations so kube-system DaemonSets can tolerate custom taints

Azure

• Allow setting custom initial node taints on worker pools (#968)
  • Add node_taints variable to internal workers pool module to set initial node taints
  • Add daemonset_tolerations so kube-system DaemonSets can tolerate custom taints
• Remove deprecated azurerm_lb_backend_address_pool field resource_group_name (#972)

Google Cloud

• Allow setting custom initial node taints on worker pools (#968)
  • Add node_taints variable to internal workers pool module to set initial node taints
  • Add daemonset_tolerations so kube-system DaemonSets can tolerate custom taints

Addons

• Update nginx-ingress from v0.44.0 to v0.45.0
• Update kube-state-metrics from v2.0.0-rc.0 to v2.0.0-rc.1
• Update Grafana from v7.4.5 to v7.5.3

• Kubernetes v1.20.5
• Update etcd from v3.4.14 to v3.4.15
• Update Cilium from v1.9.4 to v1.9.5
• Update Calico from v3.17.3 to v3.18.1
• Update CoreDNS from v1.7.0 to v1.8.0
• Mark bootstrap token as sensitive in Terraform plans (#949)

Fedora CoreOS

AWS

• Set Kubelet provider-id (#951)

Flatcar Linux

AWS

• Set Kubelet provider-id (#951)
• Remove os_image option flatcar-edge (#943)

Azure

• Remove os_image option flatcar-edge (#943)

Bare-Metal

• Remove os_channel option flatcar-edge (#943)

Addons

• Update Prometheus from v2.25.0 to v2.25.2
• Update kube-state-metrics from v2.0.0-alpha.3 to v2.0.0-rc.0
  • Switch image from quay.io to k8s.gcr.io (#946)
• Update node-exporter from v1.1.1 to v1.1.2
• Update Grafana from v7.4.2 to v7.4.5

• Kubernetes v1.20.4
• Update Cilium from v1.9.1 to v1.9.4
• Update Calico from v3.17.1 to v3.17.3
• Update flannel-cni from v0.4.1 to v0.4.2

Addons

• Update nginx-ingress from v0.43.0 to v0.44.0
• Update Prometheus from v2.24.0 to v2.25.0
  • Update node-exporter from v1.0.1 to v1.1.1
• Update Grafana from v7.3.7 to v7.4.2

Thank you to our Github Sponsors!

Poseidon is now setup with Github Sponsors. If you use Typhoon, please consider helping to support this project's infrastructure costs if you are able. Many thanks!

• Kubernetes v1.20.2
• Support Terraform v0.13.x and v0.14.4+ (#924)

Addons

• Update nginx-ingress from v0.41.2 to v0.43.0
• Update Prometheus from v2.23.0 to v2.24.0
• Update Grafana from v7.3.6 to v7.3.7

• Kubernetes v1.20.1

Fedora CoreOS

• Fedora CoreOS 33 has stronger crypto defaults (notice, #915)
  • Use a non-RSA SSH key or add the workaround provided in upstream Fedora docs as a snippet (action required)

Addons

• Update Grafana from v7.3.5 to v7.3.6

• Kubernetes v1.20.0
• Add service account token volume projection (#897)
• Scope kube-scheduler and kube-controller-manager permissions (#898)
• Update etcd from v3.4.12 to v3.4.14
• Update Calico from v3.16.5 to v3.17.1 (#890)
  • Enable Calico MTU auto-detection
  • Remove workaround to Calico cni-plugin issue
• Update Cilium from v1.9.0 to v1.9.1
• Add Terraform input variable validations (#880)
  • Require Terraform v0.13+ (migration guide)
• Set Terraform output sensitive to suppress console display for some cases (#885)
• Relax poseidon/ct version constraint to v0.6+ (#893)
  • Allow upgrading poseidon/ct to v0.7.x (warn)

AWS

• Enable Network Load Balancer (NLB) dualstack (#883)
  • NLB subnets assigned both IPv4 and IPv6 addresses
  • NLB DNS name has both A and AAAA records
  • NLB to target node traffic is IPv4 (no change)

Bare-Metal

• Remove iSCSI /etc/iscsi and iscsadm mounts from Kubelet (#912)

Fedora CoreOS

AWS

• Fix AMI query for which could fail in some regions (#887)

Bare-Metal

• Promote Fedora CoreOS to stable
• Use initramfs and rootfs images as initrd's (#889)
  • Requires Fedora CoreOS version with rootfs images (e.g. 32.20200923.3.0+)

Addons

• Update Prometheus from v2.22.2 to v2.23.0
• Update kube-state-metrics from v2.0.0-alpha.2 to v2.0.0-alpha.3
• Update Grafana from v7.3.2 to v7.3.5

• Kubernetes v1.19.4
• Update Cilium from v1.8.4 to v1.9.0
• Update Calico from v3.16.3 to v3.16.5
• Remove asset_dir variable (defaulted off in v1.17.0, deprecated in v1.18.0)

Fedora CoreOS

• Improve etcd-member.service systemd unit (#868)
  • Allow a snippet with a systemd dropin to set an alternate image (e.g. mirror)
• Fix local node delete oneshot on node shutdown (#856)

AWS

• Add experimental Fedora CoreOS arm64 support (docs, #875)
  • Allow arm64 full-cluster or mixed/hybrid cluster with worker pools
  • Add arch variable to cluster module
  • Add daemonset_tolerations variable to cluster module
  • Add node_taints variable to workers module
  • Requires flannel CNI provider and use of experimental AMI (see docs)

Flatcar Linux

• Rename container-linux modules to flatcar-linux (#858) (action required)
• Change on-host system containers from rkt to docker
  • Change etcd-member.service container runnner from rkt to docker (#867)
  • Change kubelet.service container runner from rkt-fly to docker (#855)
  • Change bootstrap.service container runner from rkt to docker (#873)
  • Change delete-node.service to use docker and an inline ExecStart (#855)
• Fix local node delete oneshot on node shutdown (#855)
• Remove CoreOS Container Linux Matchbox profiles (#859)

Addons

• Update nginx-ingress from v0.40.2 to v0.41.2
• Update Prometheus from v2.22.0 to v2.22.1
• Update kube-state-metrics from v2.0.0-alpha.1 to v2.0.0-alpha.2
• Update Grafana from v7.2.1 to v7.3.2

• Kubernetes v1.19.3
• Update Cilium from v1.8.3 to v1.8.4
• Update Calico from v1.15.3 to v1.16.3 (#851)
• Update flannel from v0.13.0-rc2 to v0.13.0 (#219)

Flatcar Linux

• Remove references to CoreOS Container Linux (#839)
  • Fix error querying for coreos AMI on AWS (#838)

Addons

• Update nginx-ingress from v0.35.0 to v0.40.2
• Update Grafana from v7.1.5 to v7.2.1
• Update Prometheus from v2.21.0 to v2.22.0
  • Update kube-state-metrics from v1.9.7 to v2.0.0-alpha.1

• Kubernetes v1.19.2
• Update flannel from v0.12.0 to v0.13.0-rc2 (#216)
  • Update flannel-cni from v0.4.0 to v0.4.1
  • Update CNI plugins from v0.8.6 to v0.8.7

Addons

• Refresh Prometheus rules/alerts and Grafana dashboards (#831)
• Reduce apiserver metrics cardinality for non-core APIs (#830)

• Kubernetes v1.19.1
  • Change control plane seccomp annotations to GA seccompProfile (#822)
• Update Cilium from v1.8.2 to v1.8.3
  • Promote Cilium from experimental to general availability (#827)
• Update Calico from v1.15.2 to v1.15.3

Fedora CoreOS

• Update Fedora CoreOS Config version from v1.0.0 to v1.1.0
  • Require any snippets customizations to update to v1.1.0

Addons

• Update IngressClass resources to networking.k8s.io/v1 (#824)
• Update Prometheus from v2.20.0 to v2.21.0
  • Remove Kubernetes node name labelmap relabel_config from etcd, Kubelet, and CAdvisor scrape config (#828)

• Kubernetes v1.19.0
• Update etcd from v3.4.10 to v3.4.12
• Update Calico from v3.15.1 to v3.15.2

Fedora CoreOS

• Fix race condition during bootstrap of multi-controller clusters (#808)
  • Fix SELinux label of bootstrap-secrets on non-bootstrap controllers

Addons

• Introduce fleetlock for Fedora CoreOS reboot coordination (#814)
• Update nginx-ingress from v0.34.1 to v0.35.0
  • Repository changed to k8s.gcr.io/ingress-nginx/controller
• Update Grafana from v7.1.3 to v7.1.5

• Kubernetes v1.18.8
• Migrate from Terraform v0.12.x to v0.13.x (#804) (action required)
  • Recommend Terraform v0.13.x (migration guide)
  • Support automatic install of poseidon's provider plugins (poseidon/ct, poseidon/matchbox)
  • Require Terraform v0.12.26+ (migration compatibility)
  • Require terraform-provider-ct v0.6.1
  • Require terraform-provider-matchbox v0.4.1 (bare-metal)
• Update etcd from v3.4.9 to v3.4.10
• Update CoreDNS from v1.6.7 to v1.7.0
• Update Cilium from v1.8.1 to v1.8.2
• Update coreos/flannel-cni to poseidon/flannel-cni (#798)
  • Update CNI plugins and fix CVEs with Flannel CNI (non-default)
  • Transition to a poseidon maintained container image

AWS

• Allow terraform-provider-aws v3.0+ (#803)
  • Recommend updating terraform-provider-aws to v3.0+
  • Continue to allow v2.23+, no v3.x specific features are used

DigitalOcean

• Require terraform-provider-digitalocean v1.21+ for Terraform v0.13.x (unenforced)
• Require terraform-provider-digitalocean v1.20+ for Terraform v0.12.x

Fedora CoreOS

• Fix support for Flannel with Fedora CoreOS (#795)
  • Configure flannel.1 link to select its own MAC address to solve flannel
    pod-to-pod traffic drops starting with default link changes in Fedora CoreOS
    32.20200629.3.0 (details)

Addons

• Update Prometheus from v2.19.2 to v2.20.0
• Update Grafana from v7.0.6 to v7.1.3

• Kubernetes v1.18.6
• Update Calico from v3.15.0 to v3.15.1
• Update Cilium from v1.8.0 to v1.8.1

Addons

• Update nginx-ingress from v0.33.0 to v0.34.1
  • ingress-nginx will publish images only to gcr.io
• Update Prometheus from v2.19.1 to v2.19.2
• Update Grafana from v7.0.4 to v7.0.6

• Kubernetes v1.18.5
• Add Cilium v1.8.0 as a (experimental) CNI provider option (#760)
  • Set networking to "cilium" to enable
• Update Calico from v3.14.1 to v3.15.0

DigitalOcean

• Isolate each cluster in an independent DigitalOcean VPC (#776)
  • Create droplets in a VPC per cluster (matches Typhoon AWS, Azure, and GCP)
  • Require terraform-provider-digitalocean v1.16.0+ (action required)
  • Output vpc_id for use with an attached DigitalOcean loadbalancer

Fedora CoreOS

Google Cloud

• Promote Fedora CoreOS to stable
• Remove os_image variable deprecated in v1.18.3 (#777)
  • Use os_stream to select a Fedora CoreOS image stream

Flatcar Linux

Azure

• Allow using Flatcar Linux Edge by setting os_image to "flatcar-edge" (#778)

Addons

• Update Prometheus from v2.19.0 to v2.19.1
• Update Grafana from v7.0.3 to v7.0.4

• Kubernetes v1.18.4
• Update Kubelet image publishing (#749)
  • Build Kubelet images internally and publish to Quay and Dockerhub
    • quay.io/poseidon/kubelet (official)
    • docker.io/psdn/kubelet (fallback)
  • Continue offering automated image builds with an alternate tag strategy (see docs)
  • Document use of alternate Kubelet images during registry incidents
• Update Calico from v3.14.0 to v3.14.1
  • Fix CVE-2020-13597
• Rename controller NoSchedule taint from node-role.kubernetes.io/master to node-role.kubernetes.io/controller (#764)
  • Tolerate the new taint name for workloads that may run on controller nodes
• Remove node label node.kubernetes.io/master from controller nodes (#764)
  • Use node.kubernetes.io/controller (present since v1.9.5, #160) to node select controllers
• Remove unused Kubelet -lock-file and -exit-on-lock-contention (#758)

Fedora CoreOS

Azure

• Use strict Fedora CoreOS Config (FCC) snippet parsing (#755)
• Reduce Calico vxlan interface MTU to maintain performance (#767)

AWS

• Fix Kubelet service race with hostname update (#766)
  • Wait for a hostname to avoid Kubelet trying to register as localhost

Flatcar Linux

• Use strict Container Linux Config (CLC) snippet parsing (#755)
  • Require terraform-provider-ct v0.4+, recommend v0.5+ (action required)

Addons

• Update nginx-ingress from v0.32.0 to v0.33.0
• Update Prometheus from v2.18.1 to v2.19.0
• Update node-exporter from v1.0.0-rc.1 to v1.0.1
• Update kube-state-metrics from v1.9.6 to v1.9.7
• Update Grafana from v7.0.0 to v7.0.3