Move to kops 1.11

This release makes it possible to use kops 1.11 and adds some fixes, to make Google SSO possible among other things.

Volume Expanding feature Gates

This adds the Volume expanding feature gates to the APIServer and Kubelet by default.

Advanced hook customization

Also, the test-cluster has been oriented towards performance testing of the NGinX ingress controller.

Kubernetes/Kops 1.8.x support

Check out the kops 1.8 release notes for possible required actions (depending on your settings).

Follow Kubernetes/Kops version number

1.7.1

Note: from this release, karch minor releases (ex.: 1.8.x) will be made
against the corresponding kops release. On CoreOS, compatibility is guaranteed
between these versions. You should therefore use karch v1.8.x with kops
v1.8.y.

Fixed

• Relative path handling issue wrt Terraform 10.0.6
• OIDC Server templating fix

Added

• It is now possible to configure (runtime,kubelet) and system resource
  reservation on nodes
• The APIServer --runtime-config flag is now exposed, allowing users to
  easily enable/disable Kubernetes API groups
• batch/v2alpha1

Changed

• [refactoring] Remove efs/ebs-pv and revisit folder structure

  Coupling the creation of a complete Kubernetes cluster and of resources
  (PersistentVolumes, in the case of the efs-pv and ebs-fv volumes) was a
  really bad idea:

  • If the Kubernetes API Server is down, it blocks any plan/apply on
    your Terraform code using these modules, being unable to run
    Terraform when an outage occured in a cluster isn't... cool :(
  • It even prevents you to create a custom cluster from scratch

  It is therefore advised to create your Kubernetes infrastructure
  (including EBS/EFS volumes, karch module calls...) in one piece of
  Terraform code and to use the "terraform_remote_state" datasources from
  another to retrieve some data you'd need to provision resources (such
  as Secrets or PersistentVolumes) from the original codebase or - more
  precisely - from the state bound to it.

• Some alpha API Groups have been enabled. This will soon be configurable with
  a list variable

• Use dashes in all output names

Removed

• ebs-pv and efs-pv volumes: these were a really bad idea: they imply that,
  for each plan or apply call you'll be willing to make, the Kubernetes API
  server must be up. This is totally impossible during cluster bootstrap
  (without commenting code) and when the API server is unreachable. You don't
  want your terraform apply to be down during outages :)

OIDC provider support + EBS volume -> PersistentVolume helper

Added

• Node security group ID as output of the kops-cluster module
• Helper module to provision EBS volumes as kubernetes persistent volumes
  (includes the ability to restore them from a snapshot)
• Possibility to configure an OIDC provider to the Kubernetes API (tested with
  Google and Github)

Changed

• We're not creating an S3 VPC endpoint automatically, however you can create
  it outside of the kops-cluster module using the exported vpc-id.

Add VPC id to outputs

Not really a bugfix, but I can't increment the minor release twice a day :)

Karch now supports RBAC

It is now possible to spawn clusters with RBAC enabled :)

Note that clusters have RBAC enabled by default - which is a breaking change.

Add relevant variables and outputs to our kops modules

Refer to the changelog for more details

Initial release

For now, we only guarantee compatibility with Kops v1.7.0. Once the module has been tested and extended to support more Kops topologies, we're planning to stick to kops versioning: karch vX.Y.Z will be compatible with kops vX.Y.Z.

Status of the release:

• We've been experimenting with the module for the past few days, it's still rather experimental, but it does the job for us at the moment
• However, it's a just simple wrapper around kops, we have been spawning/updating/destroying kops clusters with it several times without encountering issues :)
• Only private topologies have been tested. Adding public ones is on the RoadMap though