v0.9.6-rc.4

Features

• #551: Allow customizing network ranges from which SSH accesses to nodes are allowed
• #552: Allow customizing network ranges from which Kubernetes API accesses are allowed

Fixes

• #561: Fix unwanted AWS resource creation/Add extra validation on internetGatewayID + vpcID

Improvements

• #554: Deprecate externalDNSName/createRecordSet/hostedZoneId

Full change log
v0.9.6-rc.3...v0.9.6-rc.4

v0.9.6-rc.3

Features

• #471: Shared Persistent Volume (Thanks to @kevtaylor)
• #535: 'Restore' feature to restore Kubernetes Resources from S3 backup (Thanks to @jollinshead)
• #564: bump kube-1.6.2 (Thanks to @redbaron)

Fixes

• #526: Fix up API endpoints config (Thanks to @c-knowles)
• #538: Bugfix: Add missing '/' when constructing the Autosave S3 put path (Thanks to @jollinshead)
• #555: Don't mount /var/lib/rkt into kubelet (Thanks to @redbaron)
• #558: Fix to calico configuration file etcd endpoints (Thanks to @kevtaylor)
• #563: Make cfn-signal more robust against image fetch failures (Thanks to @redbaron)

Improvements

• #528: Minor fixup for etcd unit files (Thanks to @redbaron)
• #570: Kubernetes-Autosave save as Kubernetes/List. (Thanks to @jollinshead and @c-knowles)

Documentation updates

• #557: Fix hyperlink to restore script in Readme.md (Thanks to @jollinshead and @c-knowles)

Full change log
v0.9.6-rc.2...v0.9.6-rc.3

v0.9.6-rc.2

Features

• Bump rescheduler to 0.3.0 which uses k8s 1.6 (#508, thanks to @c-knowles)
• 'Cluster-dump' feature to export Kubernetes Resources to S3 (#507, thanks to @jollinshead)
• New options: customFiles and customSystemdUnits (#510, thanks to @jeremyd)

Fixes

• etcd unit should unconditionally depend on cfn-etcd-environment (#511, thanks to @redbaron)
• Fix a race between systemd services: cfn-etc-environment and etcdadm-reconfigure (#517)
• Fix API endpoint from HA controllers (#514, thanks to @c-knowles)
• Fix incorrect validations on apiEndpoints (#521)
• Follow-up for the multi API endpoints support (#529)
• Fix elasticFileSystemId to be propagated to node pools (#530, thanks to @drywheat for reporting)
• Fix the dead-lock while bootstrapping etcd cluster (#531, thanks to @redbaron for reporting)

Improvements

• Make AMI fetching even more reliable (#515)
• Wait until kube-system becomes ready (#519)
• Retry userdata download (#516, thanks to @redbaron)
• Make the validation error message when KMS failed more friendly (#518)

Documentation updates

• Add documentation for administrating etcd cluster (#533)

Full change log
v0.9.6-rc.1...v0.9.6-rc.2

v0.9.6-rc.1

Features

• Kubernetes 1.6.1
  • Bump to Kubernetes v1.6.1 (#492)
  • Fix RBAC in Kubernetes 1.6. Fix etcdadm when terminated instances still exist (#504, thanks to @camilb)
• Etcd3
• Kubelet TLS bootstrapping (#449 and #489, thanks to @danielfm)
• Introduce the rescheduler (#441 and #486, thanks to @c-knowles)
• Support for multiple k8s API endpoints (#468)
• New settings: nodeMonitorGracePeriod, disableSecurityGroupIngress for controller-manager, nodeStatusUpdateFrequency for worker kubelet (#473, thanks to @jeremyd)
• Automatic recovery from permanent failures of etcd3 nodes (#417)
• Bump to calico 2.1.1 (#496, thanks to @redbaron)

Fixes

• Setup net.netfilter.nf_conntrack_max and fix error "nf_conntrack: table full, dropping packet" (#476, thanks to @gianrubio)
• Perform docker post-start check (#503, thanks to @redbaron)

Improvements

• Update kube-system using kubectl (#472, thanks to @jollinshead)
• Deprecate verbose legacy keys in favor of corresponding nested keys (#481)

Documentation updates

Full change log
v0.9.5...v0.9.6-rc.1

v0.9.5

Notable changes since v0.9.4

Full changelog can be seen at v0.9.4...v0.9.5

Actions required

• Due to the changes in how etcd nodes are provisioned, you need to recreate your kube-aws clusters from scratch as always. Please see #455 for more information

Features

• Kubernetes v1.5.5 (#434, thanks to @AlmogBaku)
• policy-controller v0.5.4 (#437, thanks to @gianrubio)
• heapster v1.3.0 (#420, thanks to @AlmogBaku)
• Managed HA etcd cluster (#332, thanks to @redbaron, @gianrubio and @pieterlange for reviews)
• Add additional EBS volumes to worker nodes (#342, thanks to @jollinshead)
• Allow a custom KMS key with encrypted etcd volume (#429, thanks to @swestcott)
• Auth token file support (#418, thanks to @danielfm)
• AWS China region support (#390, thanks to @camilb and @mpucholblasco)
  • China region improvements and update some deprecated vars. (#448, thanks to @camilb)

Fixes

• Retry on 504 errors when fetching Container Linux AMIs (#442)
• Repair CF rollbacks to work after the S3 userdata improvement (#430)
• Make node labels ordering stable (#432)
  • This was causing an unnecessary ASG replacement on kube-aws update
• Allow disabling wait signals (#386)

Breaking changes

• Drop deprecated hostedZone(not hostedZoneId) in cluster.yaml (#368)

Improvements

• Documentation and validation for too long IAM role names (#443, thanks to @ankon for reporting the original issue)
• Add a validation to clusterName (#444, thanks to for reporting the original issue #365)
• Rename imports from github.com/coreos to github.com/kubernetes-incubator (#451, thanks to @jeremyd)
• Stop uploading redundant stack.json to S3 (#465, thanks to @c-knowles for reporting)
• Stop locksmithd errors on etcd nodes (#422)
• Make Container Linux AMI fetching a bit more reliable (#423)
• Tag controller nodes appropriately (#424)
• Emit errors when kube-aws sees unexpected keys in cluster.yaml (#425)
• Automatic invalidations of *.enc files (#426)
• Upgrade aws-sdk-go to latest version (#408, thanks to @gianrubio)
• Add apiserver-count parameter in kube-apiserver config (#360, thanks to @jollinshead)
• Emit a warning message when t2.nano or t2.micro is set for *instanceType (#369)

Documentation updates

• Update the roadmap before releasing v0.9.5 (#433)
• Add documentation about kube2iam support (#445, thanks to for reporting the original issue #253)
• Add missing keys under worker.nodePools[] (cc7e1da, relates to #399)
• Update docs for bucket creation (bd58743, relates to #428)
• Various language/typo/link fixes

Known issues

• etcdDataVolumeEphemeral is broken. Please don't turn it until it is fixed

Changelog since v0.9.5-rc.6

Full changelog can be seen at v0.9.5-rc.6...v0.9.5

Features

Fixes

• Fix a panic on a kms encryption failure (#453)
• Initialize Config.AuthTokensConfig (#470, thanks to @jollinshead)
• e2e: Fix references to coreos/kube-aws (#454, thanks to @c-knowles)
• e2e: AWS CLI region default (#457, thanks to @c-knowles)
• release: Fix mount directory for containerized-build-release-binaries script (#480, thanks to @jollinshead)

Improvements

• Check for errors when trying to create the auth token file (#447, thanks to @danielfm)
• China region improvements and update some deprecated vars. (#448, thanks to @camilb)
• Rename imports from github.com/coreos to github.com/kubernetes-incubator (#451, thanks to @jeremyd)
• Stop uploading redundant stack.json to S3 (#465, thanks to @c-knowles for reporting)

Documentation updates

• Fix broken links (#475, thanks to @jorge07)

Known issues

• etcdDataVolumeEphemeral is broken. Please don't turn it until it is fixed

v0.9.5-rc.6

Features

• Kubernetes v1.5.5 (#434, thanks to @AlmogBaku)
• Bump policy-controller to v0.5.4 (#437, thanks to @gianrubio)
• Automatically creates the token auth file if it isn't present (#439, thanks to @danielfm)

Fixes

• Retry on 504 errors when fetching Container Linux AMIs (#442)

Improvements

• Documentation and validation for too long IAM role names (#443, thanks to @ankon for reporting the original issue)
• Add a validation to clusterName (#444, thanks to for reporting the original issue #365)

Documentation updates

• Update the roadmap before releasing v0.9.5 (#433)
• Add documentation about kube2iam support (#445, thanks to for reporting the original issue #253)
• Add missing keys under worker.nodePools[] (cc7e1da, relates to #399)
• Update docs for bucket creation (bd58743, relates to #428)

Full change log
v0.9.5-rc.5...v0.9.5-rc.6

v0.9.5-rc.5

Features

• Allow a custom KMS key with encrypted etcd volume (#429, thanks to @swestcott)

Fixes

• Repair CF rollbacks to work after the S3 userdata improvement (#430)
• Make node labels ordering stable (#432)

Improvements

• Stop locksmithd errors on etcd nodes (#422)
• Make Container Linux AMI fetching a bit more reliable (#423)
• Tag controller nodes appropriately (#424)
• Emit errors when kube-aws sees unexpected keys in cluster.yaml (#425)
• Automatic invalidations of *.enc files (#426)

Documentation updates

• Add the missing DCO (#431)

Full change log
v0.9.5-rc.4...v0.9.5-rc.5

v0.9.5-rc.4

Features

• Auth token file support (#418, thanks to @danielfm)
• AWS China region support (#390, thanks to @camilb and @mpucholblasco)
• Upgrade Kubernetes version to v1.5.4 (#401, thanks to AlmogBaku)
• Upgrade heapster to version 1.3.0 (#420, thanks to @AlmogBaku)

Improvements

• Upgrade aws-sdk-go to latest version (#408, thanks to @gianrubio)

Full change log
v0.9.5-rc.3...v0.9.5-rc.4

v0.9.5-rc.3

Bug fixes

• Allow disabling wait signals (#386)
• Fix assumed public hostnames for EC2 instances in us-east-1 (#398, thanks to @BertHartm for reporting)

Documentation updates

• Fix typo in cluster.yaml: worker.nodePools[].subnet to worker.nodePools[].subnets (#392, thanks to @Vrtak-CZ)

Full change log
v0.9.5-rc.2...v0.9.5-rc.3

v0.9.5-rc.2

Features

Improvements

• Add apiserver-count parameter in kube-apiserver config (#360, thanks to @jollinshead)
  • Issues concerning conflicts between apiservers during leader allocation causes the (kubectl) kubernetes.service endpoint value to change arbitraritly. The solution implemented sets the apiserver-count parameter to the number of controllers used in the cluster.
    The apiserver-count value is set to the minimum number of controller nodes set in cluster.yaml (if controller auto-scaling is used).

Bug fixes

• Allow disabling wait signals (fixes #371)
• fix: etcdDataVolumeEncrypted not creating encrypted volumes (fixes #383)

Documentation updates

• Fix typos in cluster.yaml comments regarding volumeMounts(#374, thanks to @jollinshead)
• cleanup some language in kubernetes-on-aws-prerequisites.md(#376, thanks to @bfallik)
• Fix an issue with glue security group documentation(#382, thanks to @c-knowles)
• Update file paths in readme(#384, thanks to @swestcott)

Breaking changes

Full change log
v0.9.5-rc.1...v0.9.5-rc.2