0.10.0

New features:

• A new Terraform output has been added: ssh_bastion_security_group_id. This can be useful when creating additional security groups in Terraform resources that need to target the SSH bastion server's security group.

OpenPGP public key for verifying the SHA-256 checksum: https://keybase.io/jimmycuadra/key.asc

0.9.0

Breaking changes:

• Terraform 0.10 or greater is now required.
• Three different subnets are now used for load balancers, etcd servers, and Kubernetes masters/nodes, respectively.

New features:

• A new --cidr option to kaws cluster init lets you select the IP address range that will be used for the subnet where Kubernetes masters and nodes are launched. kaws will ensure the CIDR you provide specifies a range within the cluster's VPC and that it does not overlap with the other two subnets used for load balancers and etcd servers.

OpenPGP public key for verifying the SHA-256 checksum: https://keybase.io/jimmycuadra/key.asc

0.8.0

Breaking changes:

• Kubernetes 1.7+ is now required because of an undocumented breaking change in kube-proxy: Its /healthz endpoint moved from port 10249 to 10256.

Improvements:

• Elastic Load Balancers' idle timeout has been increased from 60 seconds to 1 hour. This will help prevent long-running operations like kubectl logs from timing out.
• The kaws cluster init command will ensure a sufficiently recent version of Kubernetes is selected with the --kubernetes-version option.

OpenPGP public key for verifying the SHA-256 checksum: https://keybase.io/jimmycuadra/key.asc

0.7.0

Breaking changes/new features:

• Kubernetes 1.6+ is now required.
• The formerly internal-only kaws cluster genpki has been renamed to kaws cluster generate-pki and expanded to allow generation of individual certificates among the ones needed by the cluster. This allows certificates to be updated as needed before they expire.
• The Terraform variable "rbac_super_user" has been removed, as kaws now creates clusters that use the beta version of RBAC.

Bug fixes:

• Correctly configured locksmithd for authenticating with etcd on the EC2 instances running etcd.

OpenPGP public key for verifying the SHA-256 checksum: https://keybase.io/jimmycuadra/key.asc

0.6.2

Bug fixes:

• kaws will no longer return an error from cfssl when generating a CSR with groups via (kaws admin create).

OpenPGP public key for verifying the SHA-256 checksum: https://keybase.io/jimmycuadra/key.asc

0.6.1

Bug fixes:

• Removed hardcoded SSH key name for EC2 instances mistakenly committed during development.
• Use the correct form for kaws Git tags (they do not begin with "v") for the Terraform module source generated during kaws init.

OpenPGP public key for verifying the SHA-256 checksum: https://keybase.io/jimmycuadra/key.asc

0.6.0

Breaking changes:

• Due to significant internal changes, clusters created with previous versions of kaws are not compatible.
• kaws now creates three separate certificate authorities: one for Kubernetes, one for etcd's client API, and one for etcd's peer API.
• etcd's client and peer APIs now require a valid client certificate to use.
• Kubernetes cluster PKI assets are no longer stored in etcd, and there is no longer a "kaws-agent" component of kaws that runs on the server.

OpenPGP public key for verifying the SHA-256 checksum: https://keybase.io/jimmycuadra/key.asc

0.5.0

Breaking changes:

• TLS authentication from the Kubernetes apiserver to the kubelets has been reverted (turned off). It will be turned back on when the kubelet TLS bootstrapping feature is further along.

Bug fixes:

• Specify the availability zone provided by the cluster administrator when creating subnets.

OpenPGP public key for verifying the SHA-256 checksum: https://keybase.io/jimmycuadra/key.asc

0.4.1

Bug fixes:

• Updated dependencies to fix a compilation error when running cargo install kaws.

OpenPGP public key for verifying the SHA-256 checksum: https://keybase.io/jimmycuadra/key.asc

0.4.0

Breaking changes:

• The --ssh-key option when creating a new cluster now takes an actual SSH public key instead of the name of an AWS SSH key resource.
• Terraform 0.8 is now required.
• Clusters must use Kubernetes 1.5.0 or higher. Options are now passed to the Kubernetes cluster components which will not work with earlier versions.

New features:

• Provide as many public SSH keys as you want via the --ssh-key option when creating a cluster, and they will be added to the authorized keys file on each server in the cluster.
• New Terraform output: internet_gateway_id, the ID of the cluster's Internet Gateway resource.
• The Kubernetes API server now verifies the X.509 certificate when making HTTPS requests to the kubelet.
• The Kubernetes API server now authenticates with the kublet using its X.509 client certificate.

OpenPGP public key for verifying the SHA-256 checksum: https://keybase.io/jimmycuadra/key.asc