Changelog for Kubernetes 1.19
Versions
- Kubernetes 1.19.7
- Nginx-ingress: 0.43.0
- Certmanager: 1.2.0
Major changes
-
New security groups are implemented where you can store all youre firewall rules. The new security groups will be persistent between upgrades and called
CLUSTERNAME-k8s-worker-customer
andCLUSTERNAME-k8s-master-customer
(CLUSTERNAME will be replaced with actual cluster name). With this change we will remove our previous default firewall rules that allowed public traffic to the Kubernetes cluster, this includes the following services:- Master API (port 6443)
- Ingress (port 80 & 443)
- Nodeports (ports 30000 to 32676)
Deprecations
- Ingress api
extensions/v1beta1
will be removed in kubernetes 1.22 - RBAC api
rbac.authorization.k8s.io/v1alpha1
andrbac.authorization.k8s.io/v1beta1
will be removed in kubernetes 1.20. The apis are replaced withrbac.authorization.k8s.io/v1
. - The node label
beta.kubernetes.io/instance-type
will be rmeoved in an uppcomig release. Usenode.kubernetes.io/instance-type
instead. - Certmanager api
v1alpha2
,v1alpha3
andv1beta1
will be removed in a future release. We strongly recommend that you upgrade to the newv1
api
Is downtime expected
The upgrade drains (moving all workload from) one node at the time, patches that node and brings in back in the cluster. First after all deployments and statefulsets are running again we will continue on with the next node.
Known issues
Custom node taints and labels lost during upgrade
All custom taints and labels on nodes are lost during upgrade.
Custom security groups will be lost during upgrade
All custom security groups bound inside openstack will be detached during upgrade.
Snapshots is not working
There is currently a limitation in the snapshot controller not making it topology aware.