v0.7.3

Release notes for Cluster API Provider AWS (CAPA) v0.7.3

Documentation

Changelog since v0.7.2

Changes by Kind

API Change

• Bump CAPI to v0.4.7 for CAPA v0.7 (#3142, @shivi28)

Bug or Regression

• Bugfix in AWSManagedControlPlane object conversion from v1alpha3 to v1beta1. Some fields in Status and Spec were not being considered during conversion (#3043, @jonathanbeber)
• Fixes an issue with using multiple EKS addons. (#2961, @richardcase)
• Refactor TestMain functions across the project to stop using os.Exit swallowing errors (#3041, @jonathanbeber)

The images for this release are:

k8s.gcr.io/cluster-api-aws/cluster-api-aws-controller:v0.7.3

Thanks to all our contributors.

v1.2.0

Release notes for Cluster API Provider AWS (CAPA) v1.2.0

This version is compatible with Cluster API versions 1.0.x.

Documentation

Changelog since v1.1.0

Changes by Kind

Feature

• [EKS] Allow configuring services cidr when creating an EKS cluster. (#2964, @richardcase)
• [EKS] Expose additional EKS node bootstrap configuration options via EKSConfig. (#2965, @richardcase)

Bug or Regression

• Revert setting ELB name field to a generated name (this was a bug that made v1.1.0 incompatible with v1.0.0) (#3004, @dlipovetsky)
• Block creating a new instance if AWSMachine already has ProviderID field set (#2957, @sedefsavas)
• Fix for setting conditions to error severity only when errors are non-transients (#3018, @sedefsavas)
• Fix recurring AWS.SimpleQueueService.NonExistentQueue error messages from CAPA logs (#2976, @Ankitasw)
• Fix for trying to update AWSMachine immutable field: rootVolume.deviceName (#3011, @pydctw)
• [EKS] Fix AWSFargateProfile template (#2984, @matthewhembree)
• Use non root numeric user for CAPA containers (#2960, @Ankitasw)
• [EKS] Fix for EKS e2e tests caused by new environment variable (#2987, @richardcase)
• [EKS] Add missing permissions for EKS OIDC provider configuration (#2870, @codablock)

Documentation

• Update documentation to specify JSON output for AWS CLI commands (#2982, @matthewhembree)
• Update tilt development docs for v0.7.0+ and debugging (#2994, @richardcase)

Other

• Add ClusterUpgradeConformanceSpec CAPI test (#2973, @pydctw)

New Contributors

• @matthewhembree made their first contribution in #2984

Full Changelog: v1.1.0...v1.2.0

The image for this release is:
k8s.gcr.io/cluster-api-aws/cluster-api-aws-controller:v1.2.0

Thanks to all our contributors.

v1.1.0

IMPORTANT:

!!Do not use this release!! This release is not backward compatible with v1.0.0 due to a bug caused by an API change. API change is reverted in v1.2.0 release.

Changelog since 1.0.0

Changes by Kind

Feature

• Add support for bring your own control plane ELB. This is an advanced feature (#2787, @dlipovetsky)
• EKS: Add option to create EKS console IAM policy (#2790, @Madhur97)

Bug or Regression

• EKS: Fix for installing multiple EKS addons. (#2914, @richardcase)
• EKS: Add error handling while getting a remote client (#2878, @sedefsavas)
• EKS: Fix panic when adding labels to AWSManagedMachinePool (#2896, @zhengtianbao)
• EKS: Add missing permissions for EKS OIDC provider configuration (#2870, @codablock)
• EKS: Fix for node-eks-additional SG overrides for EKSManagedControlPlane (#2850, @codablock)
• EKS: Add a check for maximum allowed resync period (#2846, @richardcase)
• Prevent the creation of a new instance if AWSMachine already has ProviderID field set (#2957, @sedefsavas)
• Fix for supporting SecureString parameter type in SSM on GovCloud (#2952, @sedefsavas)
• Use non root numeric user for CAPA containers (#2960, @Ankitasw)
• Allow control plane ELB to use different subnets from node subnets (#2877, @pydctw)
• Fix AWSClusterControllerIdentity ValidateUpdate panic when AllowedNamespaces is nil (#2885, @zhengtianbao)

Documentation

• Add documentation for building custom AMIs (#2934, @sedefsavas)
• Fix documentation on external AWS CCM and EBS CSI driver (#2837, @scottslowe)
• Add externally managed infrastructure docs (#2895, @enxebre)

Other

• Upgrade cluster-api to main branch, golang to v1.17, controller-runtime to v0.11+, go-logr to v1.2.0 (#2943, @sbueringer)
• Replace ioutil deprecated package with os/io for golang 1.16 (#2900, @shivi28)
• Add GPU e2e test (#2843, @Ankitasw)
• Enable v1alpha3/v1alpha4 to v1beta1 upgrade e2e test (#2950, @sedefsavas)

New Contributors

• @Jacobious52 made their first contribution in #2841
• @codablock made their first contribution in #2850
• @ameukam made their first contribution in #2867
• @zhengtianbao made their first contribution in #2885
• @PushkarJ made their first contribution in #2892
• @vibhorrawat made their first contribution in #2889
• @invidian made their first contribution in #2917

Full Changelog: v1.0.0...v1.1.0

The image for this release is:
k8s.gcr.io/cluster-api-aws/cluster-api-aws-controller:v1.1.0

Thanks to all our contributors.

v0.7.2

Release notes for Cluster API Provider AWS (CAPA) v0.7.2

Documentation

Changelog since v0.7.1

Changes by Kind

Bug or Regression

• Correct version number in metadata.yaml (#2894, @randomvariable)
• Fix panic caused by nil map in createLabelUpdate (#2906, @zhengtianbao)
• Fix panic in AWSClusterControllerIdentity.ValidateUpdate (#2887, @zhengtianbao)
• Fix timeout due to delay in bringing up control plane in e2e tests (#2928, @Ankitasw)
• Fix for supporting SecureString as a parameter type in SSM on GovCloud (#2959, @sedefsavas)
• Fix to allow using multiple EKS addons (#2961, @richardcase)

Other

• Bump cluster-api version to v0.4.3 (#2904, @sedefsavas)
• Remove GINKGO_SKIP conditions from Makefile to enable the e2e tests for CAPI (#2946, @Ankitasw)

Full Changelog: v0.7.1...v0.7.2

The images for this release are:

k8s.gcr.io/cluster-api-aws/cluster-api-aws-controller:v0.7.2

Thanks to all our contributors.

v0.7.1

Release notes for Cluster API Provider AWS (CAPA) v0.7.1

Documentation

Changelog since v0.7.0

Changes by Kind

API Change

• Correct the casing of the ELB load balancer scheme from Internet-facing to internet-facing, allowing the ELB to be correctly reconciled (#2861, @sedefsavas) (#2768, @dlipovetsky)

Note: This is a seemingly breaking API change, but no users will be impacted, because cluster reconcililation after initial create was failing with the Internet-facing value. Cluster API Provider AWS v0.7.1 will update the value to the corrected version.

• Validation added for empty InstanceType in AWSMachine and AWSMachineTemplate (#2740, @shivi28)

Feature

• EKS: Add support to create/update tags for a Fargate Profile (#2676, @abhinavnagaraj)
• EKS: Support adding additional policies to node group role for AWSManagedMachinePool (#2751, @abhinavnagaraj)
• EKS: Support spot capacity type for ManagedMachinePool (#2702, @abhinavnagaraj)
• Support adding AWS cloud provider tags to pre-existing infrastructure (#2715, @pydctw)
• Expose leader-election-resource-lock as a flag (#2822, @enxebre)
• Add readiness and health checks to webhook server (#2685, @geetikabatra)

Documentation

• Add documentation for using external cloud provider and CSI driver (#2718, @Ankitasw)(#2837, @scottslowe)

Bug or Regression

• Fix panic on RouteTables reconcile (#2705, @dilyevsky)
• Fix findSubnet function's logic when subnet ID is specified (#2728, @pydctw)
• Fix reconciliation of AWS ingress rules of same port (#2813, @pydctw)
• Move EKS-related resources from AWSIAMManagedPolicyControllers to a separate policy to work around AWS size limit for managed policies (#2662, @johananl)
• Reinstating the check for the maximum allowed resync period when EKS is enabled. (#2846, @richardcase)
• Resolves issue with KIAM annotation not appearing on Cluster API AWS Manager pod (#2800, @voor)
• Fix to honor AWSMachine.Spec.PublicIP and set a public IP to the instance (#2772, @pydctw)

Other

• Add v1alpha3 to v1alpha4 upgrade test (#2770, @Ankitasw)
• Add external cloud provider end-to-end test (#2647, @Ankitasw)
• Set controller log level with CAPA_LOGLEVEL variable. Defaults to 0. (#2673, @Ankitasw)
• Clean up unused Kubernetes RBAC permissions (#2720, @sayantani11)
• Bump AWS SDK to v1.4.0.33, with support added for IMDS IPv6 endpoint (#2721, @dependabot[bot])
• Bump AWS SDK to v1.40.28: Fix SDK's suppressing of sensitive API parameters being logged. The SDK did not correctly suppress sensitive API parameters via the String and GoString methods. Updates the SDK's behavior to suppress sensitive API parameters (#2703, @dependabot[bot])

The image for this release is:
k8s.gcr.io/cluster-api-aws/cluster-api-aws-controller:v0.7.1

Thanks to all our contributors.

v0.6.9

Release notes for Cluster API Provider AWS (CAPA) v0.6.9

Documentation

Changelog since v0.6.8

Changes by Kind

API Change

• Correct the casing of the ELB load balancer scheme from Internet-facing to internet-facing, allowing the ELB to be correctly reconciled (#2862, @sedefsavas)

Note: This is a seemingly breaking API change, but no users will be impacted, because cluster reconcililation after initial create was failing with the Internet-facing value. Cluster API Provider AWS v0.6.9 will update the value to the corrected version.

Bug or Regression

• Add missing RBAC permission for AWSClusterControllerIdentities for managed control plane controller (#2709, @richardcase)
• Fix for managed SecurityGroups filtering (#2620, @sedefsavas)
• EKS: Add missing identity permission for the managed control plane (#2709, @richardcase)

The images for this release are:
k8s.gcr.io/cluster-api-aws/cluster-api-aws-controller:v0.6.9
k8s.gcr.io/cluster-api-aws/eks-controlplane-controller:v0.6.9
k8s.gcr.io/cluster-api-aws/eks-bootstrap-controller:v0.6.9

Thanks to all our contributors.

v1.0.0

Release notes for Cluster API Provider AWS (CAPA) v1.0.0

This version is compatible with Cluster API versions 1.0.x.

Documentation

Changelog since v0.7.0

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• v1.0.0 is based on Cluster API v1beta1 and must be used in conjunction with Cluster API v1.0.x. (#2831, @randomvariable)
• All Cluster API Provider AWS API types have been graduated to v1beta1, this includes:
  • AWSCluster*, AWSMachine*, AWSManaged* and all experimental APIs, covering both EC2 and EKS.
  • clusterawsadm configuration has also graduated to v1beta1. Clusterawsadm is backwards compatible with v1alpha1 configuration files and they are semantically the same. Running clusterawsadm bootstrap iam print-config --config <old-file> will do an automated conversion to v1beta1.
• Cluster API Provider AWS will support upgrades directly from v1alpha3 to v1beta1 as well as v1alpha4 to v1beta1.

Changes by Kind

API Change

• IAM types have been moved (back) out of the main /api package into a new /iam/api package where they are consumed by both EKS and clusterawsadm. (#2820, @randomvariable)

Feature

• EKS: Add support to create and update tags for a Fargate Profile (#2676, @abhinavnagaraj)
• EKS: Support role additional policies for AWSManagedMachinePool (#2751, @abhinavnagaraj)
• EKS: Support spot capacity type for ManagedMachinePool (#2702, @abhinavnagaraj)
• Support adding AWS cloud provider tags to pre-existing infrastructure (#2715, @pydctw)
• Add readiness and health checks to webhook server (#2685, @geetikabatra)
• Controller log level can be set using the CAPA_LOGLEVEL variable. Defaults to 0. (#2673, @Ankitasw)

Documentation

• Add documentation for using external cloud provider and CSI driver add-on (#2718, @Ankitasw)
• Updated readme with godoc shield and centered images. (#2700, @pshail)
• Add doc for using external CCM with CSI driver. (#2724, @Ankitasw)
• Fix the broken link in the tilt development guide. (#2724, @mkumatag)
• Update contributing guide. (#2756, @richardcase)
• Update docs to v1beta1. (#2830, @randomvariable)

Bug or Regression

• Add v1alpha3 to v1alpha4 upgrade test (#2770, @Ankitasw)
• Fixed a panic when there are extra routes with non-CIDR destinations (IPv6 CIDR, Prefix List) present in the managed routing table. (#2705, @dilyevsky)
• Correct the casing of the ELB load balancer scheme from Internet-facing to internet-facing, allowing the ELB to be correctly continuously reconciled (#2768, @dlipovetsky, #2832, @sedefsavas)
• Fix findSubnet function's logic when subnet ID is specified. It will find a matching subnet regardless of a failureDomain setting. (#2728, @pydctw)
• Fix reconciliation of AWS ingress rules of same port (#2813, @pydctw)
• Move EKS-related resources from AWSIAMManagedPolicyControllers to a separate policy to work around AWS size limit for managed policies. (#2662, @johananl)
• Resolves issue with KIAM annotation not appearing on Cluster API AWS Manager pod. (#2800, @voor)
• Validation added for empty InstanceType in AWSMachine and AWSMachineTemplate. (#2740, @shivi28)
• When AWSMachine.Spec.PublicIP is set true, an instance is launched in a public subnet with public IP. (#2772, @pydctw)
• Retry fetching managed vpc attributes when vpc is 'NotFound'. (#2678, @abhinavnagaraj)
• Remove elasticloadbalancing:AddTags duplicate entries. (#2692, @rayandas)
• Improve the netlify speed issues. (#2682, #2811, @randomvariable)
• Fix inorrect api version in metadata.yml (#2677, @randomvariable)
• Add check for invalid memory address or nil pointer dereference in getImageSnapshotSize (#2821, @enxebre)
• Error when capacity type or scaling config is missing. (#2713, @richardcase)
• Fix node affinity rules in external CCM CRDs. (#2722, #2723, @Ankitasw)
• Fix the gomega errors in tests with the controller runtime version bump. (#2745, @Ankitasw)
• Fix the timeout for conformance test due to prolonged log collection. (#2766, @Ankitasw)
• Fix timeout due to delay in bringing up control plane in e2e tests. (#2777, @Ankitasw)
• Correct typo in AWSCluster validation hook error. (#2776,@dlipovetsky)
• Make PublicIP field in AWSMachine spec work. (#2772, @pydctw)
• Ensure destination pointer is non-nil before calling restore functions. (#2809, @dlipovetsky)
• Add bastion-sg to managedMachinePool remoteAccess source-sgs when bastion is enabled. (#2659, @abhinavnagaraj)
• If one type of webhook is not defined, testenv.Build hits a nil dereference. (#2810, @dlipovetsky)

Other (Cleanup or Flake)

• Clean up unused Kubernetes RBAC permissions (#2720, @sayantani11)
• Expose leader-election-resource-lock as a flag (#2822, @enxebre)
• Add external cloud provider end-to-end test (#2647, @Ankitasw)
• Update to CAPA reviwers and maintainers. (#2716, @vincepri, #2667, @richardcase)
• Use same Golang version everywhere. (#2735, @mkumatag)
• Change references ...

v0.7.0

Release notes for Cluster API Provider AWS (CAPA) v0.7.0

Documentation

Changelog since v0.6.5

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• v0.7.0 is based on Cluster API v1alpha4 and MUST be used in conjunction with Cluster API v0.4.x
• EKS support has graduated out of experimental and is now enabled by default. 🎉
  Please see the additional section below for details. (#2648, @richardcase)

All users of Cluster API Provider AWS (whether you use EKS or not) should read the notes below regarding the EKS graduation as it impacts the provider as a whole (e.g. IAM permissions)

• Cluster API Provider AWS will now be preferentially pinned to control plane nodes. This is especially helpful when running self-managed management clusters in AWS as for EC2-based control planes, the control plane EC2 instances have the controlplane.cluster-api.sigs.k8s.io IAM role which has sufficient permissions for Cluster API Provider AWS to run.
  Please ensure your control plane nodes have sufficient resources to run Cluster API Provider AWS. (#2377, @vespian)
• Controllers policy updated with missing KMS permissions required to use EKS encryption, if you are planning to use EKS encryption then you will need to update your controllers policy by running clusterawsadm bootstrap iam create-cloudformation-stack again. And then when you create a cluster with encryption enabled you will need to use a KMS key that has an alias name starting with cluster-api-provider-aws-. For further information see the docs. (#2447, @richardcase, #2505, @Ankitasw)
• Controllers policy updated with missing key pairs permission, if you are using or plan to use AWSManagedMachinePool with an SSH key then you will need to update your controllers policy by running clusterawsadm bootstrap iam create-cloudformation-stack again. (#2404, @richardcase)
• During v0.6.x to v0.7.x upgrade: All secrets that are used for AWSClusterStaticIdentity should be moved to controller namespace manually if they are not already in the capa-system namespace. (#2425, @sedefsavas)
• Renamed field networkSpec as network. Check AWSCluster and AWSManagedControlPlane manifests when switching versions. (#2571, @Ankitasw)

Changes by Kind

Feature

• Adds the ability to configure EBS volume throughput in supported EBS types (#2468, @cnmcavoy)
• Add controller related commands to clusterawsadm: zero/update/print bootstrap credentials and rollout controllers (#2457, @sedefsavas)
• Add externally managed predicate. Clusters marked with "cluster.x-k8s.io/managed-by" annotation should be skipped from reconciliation. (#2383, @alexander-demichev)
• Apply clusterctl.cluster.x-k8s.io/move-hierarchy label on the infrastructure cluster global identity CRDs. (#2524, @shivi28)
• CLI command to list AWS resources created by CAPA (#2509, @shivi28)
• Clusterawsadm ARM64 builds for both Linux and macOS are now available (#2557, @scottslowe)
• No longer mandatory to set encryption value to True for root volumes when using encrypted AMIs (#2556, @shivi28)
• OIDC provider association for EKS clusters. (#2422, @sadysnaat)
• Tagging elastic IPs on creation (#2551, @Madhur97)
• Taints supported on EKS node groups created via AWSmanagedMachinePool (#2405, @richardcase)
• NAT gateways are now deleted in parallel, which should reduce cluster deletion time by >50% for multi-AZ clusters (#2600, @shivi28)
• Add support for G4ad xlarge and 2xlarge instances powered by AMD Radeon Pro V520 GPUs and AMD 2nd Generation EPYC processors (#2626, @dependabot[bot])
• Enable usage of GPU optimized AMIs for EKS
  Removed unused fields like ARN and Filters from AMIReference (#2549, @shivi28)
• Validate label selector for AWS Identity CRDs
• Add AWSClusterStaticIdentity webhook with validation checks (#2436, @Ankitasw)

Bug or Regression

• AWSMachine objects successfully deleted in case of invalid credentials (#2601, @shivi28)
• AWSMachinePool controller removes one old LaunchTemplate version before creating a new version, preventing the number of versions from growing without bound, and reaching the maximum limit. (#2525, @dlipovetsky)
• Add root storage device tags through additionalTags in ec2 instance (#2463, @Ankitasw)
• Align region resolution in create/delete cloudformation stack commands (#2423, @Szymongib)
• Fixes bug in elb.DescribeTags when the user has more than 20 load balancers in an account (#2500, @faiq)
• Correct field being used for endpoint column on kubectl get AWSCluster (#2529, @njuettner)
• Do not delete security groups when provided as overrides (#2555, @sedefsavas)
• EKS Nodepool min/max will be updated to match the AWSManagedMachinePool spec, overriding changes to min/max made via the AWS Console, CLI, or SDK. (#2375, @richardcase)
• RBAC permission and update documentation for multi-tenancy (#2373, @paulcarlton-ww)
• Specifying no SSH key for machine pool launch templates. (#2362, @jimmidyson)
• When the AWSMachinePool controller scales an AWS Auto Scaling Group, it updates the Launch Template with a valid bootstrap token. (#2354, @dlipovetsky)
• Patch VPC ID immediately after VPC creation, to deal with edge case where multiple VPCs may get created with the same tags. (#2587, @sedefsavas)
• Process extra statements for Cluster API Controllers (#2437, @Szymongib)
• Update RBAC with missing awsclustercontrolleridentities permission (#2359, @martin-ducar-gd)
• Update EKSConfig secret on kubeletExtraArgs changes (#2579, @trutx)
• Fix for reconciling LaunchTemplates. (#2411, @dkoshkin)
• Fix typo in AWSFargateProfile validation webhook which cause the webhook not called. (#2445, @jzhoucliqr)

Documentation

• Fix typo in documentation ([#2365](#2...

v0.7.0-alpha.0

🚨 This is an ALPHA RELEASE. Use it only for testing purposes, if you find any bugs file an issue. v1alpha4 API is not yet complete.

The images for this release are:
k8s.gcr.io/cluster-api-aws/cluster-api-aws-controller:v0.7.0-alpha.0
k8s.gcr.io/cluster-api-aws/eks-controlplane-controller:v0.7.0-alpha.0
k8s.gcr.io/cluster-api-aws/eks-bootstrap-controller:v0.7.0-alpha.0

Thanks to all our contributors.

v0.6.8

Changelog since v0.6.7

Bug or Regression

• Fix for filtering managed SecurityGroups correctly.(#2620, @sedefsavas)

The images for this release are:
k8s.gcr.io/cluster-api-aws/cluster-api-aws-controller:v0.6.8
k8s.gcr.io/cluster-api-aws/eks-controlplane-controller:v0.6.8
k8s.gcr.io/cluster-api-aws/eks-bootstrap-controller:v0.6.8

Thanks to all our contributors.