Skip to content

Latest commit

 

History

History
811 lines (706 loc) · 108 KB

CHANGELOG-1.10.md

File metadata and controls

811 lines (706 loc) · 108 KB
Raw

v1.10.0-beta.3

Documentation & Examples

Downloads for v1.10.0-beta.3

filename sha256 hash
kubernetes.tar.gz 65880d0bb77eeb83554bb0a6c78b6d3a25cd38ef7d714bbe2c73b203386618d6
kubernetes-src.tar.gz e9fbf8198fd80c92dd7e2ecf0cf6cefda06f9b89e7986ae141412f8732dae47c

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 50b1a41e70804f74b3e76d7603752d45dfd47011fd986d055462e1330330aa45
kubernetes-client-darwin-amd64.tar.gz 3658e70ae9761464df50c6cae8d57349648c80d16658892e42ea898ddab362bc
kubernetes-client-linux-386.tar.gz 00b8c048b201931ab1fb059df030e0bfc866f3c3ff464213aa6071ff261a3d33
kubernetes-client-linux-amd64.tar.gz 364d6439185399e72f96bea1bf2863deb2080f4bf6df721932ef14ec45b2d5fc
kubernetes-client-linux-arm.tar.gz 98670b2e965e118fb02901aa949cd1eb12d34ffd0bba7ff22014e9ad587556bc
kubernetes-client-linux-arm64.tar.gz 5f4febc543aa2f10c0c8aee9c9a8cb169b19b04486bda4cf1f72c80fa7a3a483
kubernetes-client-linux-ppc64le.tar.gz ff3d020e97e2ff4c1824db910f13945d70320fc3988cc24385708cab58d4065f
kubernetes-client-linux-s390x.tar.gz 508695afe6d3466488bc20cad31c184723cb238d1c311d2d1c4f9f1c9e981bd6
kubernetes-client-windows-386.tar.gz 9f6372cfb973d04a150e1388d96cb60e7fe6ccb9ba63a146ff2dee491c2e3f4e
kubernetes-client-windows-amd64.tar.gz 2c85f2f13dc535d3c777f186b7e6d9403d64ac18ae01d1e460a8979e62845e04

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 4797ada6fd43e223d67840e815c1edb244a3b40a3a1b6ecfde7789119f2add3d
kubernetes-server-linux-arm.tar.gz fb2fdb4b2feb41adbbd33fe4b7abbe9780d91a288a64ff7acf85d5ef942d3960
kubernetes-server-linux-arm64.tar.gz bc1f35e1999beaac91b65050f70c8e539918b927937e88bfcfa34a0c26b96701
kubernetes-server-linux-ppc64le.tar.gz cce312f5af7dd182c8cc4ef35a768fef788a849a93a6f2f36e9d2991e721b362
kubernetes-server-linux-s390x.tar.gz 42edec36fa34a4cc4959af20a587fb05924ccc87c94b0f845953ba1ceec56bb7

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz e517986261e3789cada07d9063ae96ed9b17ffd80c1b220b6ae9c41238c07c08
kubernetes-node-linux-arm.tar.gz 9eb213248982816a855a7ff18c9421d5e987d5f1c472880a16bc6c477ce8da2a
kubernetes-node-linux-arm64.tar.gz e938dce3ec05cedcd6ab8e2b63224170db00e2c47e67685eb3cb4bad247ac8c0
kubernetes-node-linux-ppc64le.tar.gz bc9bf3d55f85d3b30f0a28fd79b7610ecdf019b8bc8d7f978da62ee0006c72eb
kubernetes-node-linux-s390x.tar.gz c5a1b18b8030ec86748e23d45f1de63783c2e95d67b0d6c2fcbcd545d205db8d
kubernetes-node-windows-amd64.tar.gz df4f4e8df8665ed08a9a3d9816e61c6c9f0ce50e4185b6c7a7f34135ad1f91d0

Changelog since v1.10.0-beta.2

Other notable changes

v1.10.0-beta.2

Documentation & Examples

Downloads for v1.10.0-beta.2

filename sha256 hash
kubernetes.tar.gz d07d77f16664cdb5ce86c87de36727577f48113efdb00f83283714ac1373d521
kubernetes-src.tar.gz c27b06e748e4c10f42472f51ddfef7e9546e4ec9d2ce9f7a9a3c5768de8d97bf

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz d63168f9155f04e4b47fe96381f9aa06c3d498b6e6b71d1fb8c3ffeb0f3c6e4c
kubernetes-client-darwin-amd64.tar.gz f473cbe830c1bfb738b0a66f07b3cd858ba185232eba26fe776f90d8a27bd7c1
kubernetes-client-linux-386.tar.gz 2a0f74d30cdaf19ed7c3fde3528e98a8cd98fdb9dc6e6a501525e69895674d56
kubernetes-client-linux-amd64.tar.gz 69c18569717a97cb5e6bc22bebcf2f64969ba68b11685faaf2949c4ffbcd0b73
kubernetes-client-linux-arm.tar.gz 10e1d76a1ee6c0df9f9cce40d18c350a1e3e3665e6fe64d22e4433b6283d3fe2
kubernetes-client-linux-arm64.tar.gz 12f081b99770548c8ddd688ae6b417c196f8308bd5901abbed6f203e133411ae
kubernetes-client-linux-ppc64le.tar.gz 6e1a035b4857539c90324e00b150ae65aaf4f4524250c9ca7d77ad5936f0628e
kubernetes-client-linux-s390x.tar.gz 5a8e2b0d14e18a39f821b09a7d73fa5c085cf6c197aeb540a3fe289e04fcc0d9
kubernetes-client-windows-386.tar.gz 03fac6befb94b85fb90e0bb47596868b4da507d803806fad2a5fb4b85c98d87d
kubernetes-client-windows-amd64.tar.gz 3bf8dd42eb70735ebdbda4ec4ec54e9507410e2f97ab2f364b88c2f24fdf471c

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 1278703060865281aa48b1366e3c4b0720d4eca623ba08cf852a4719a6680ec3
kubernetes-server-linux-arm.tar.gz b1e2b399bec8c25b7b6037203485d2d09b091afc51ffebf861d5bddb8bb076ac
kubernetes-server-linux-arm64.tar.gz 4c3d0ed44d6a19ae178034117891678ec373894b02f8d33627b37a36c2ea815b
kubernetes-server-linux-ppc64le.tar.gz 88a7b52030104a4c6fb1f8c5f79444ed853f381e1463fec7e4939a9998d92dff
kubernetes-server-linux-s390x.tar.gz 35981580c00bff0e3d92238f961e37dd505c08bcd4cafb11e274daa1eb8ced5f

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz ceedb0a322167bae33042407da5369e0b7889fbaa3568281500c921afcdbe310
kubernetes-node-linux-arm.tar.gz b84ab4c486bc8f00841fccce2aafe4dcef25606c8f3184bce2551ab6486c8f71
kubernetes-node-linux-arm64.tar.gz b79a41145c28358a64d7a689cd282cf8361fe87c410fbae1cdc8db76cfcf6e5b
kubernetes-node-linux-ppc64le.tar.gz afc00f67b9f6d4fc149d4426fc8bbf6083077e11a1d2330d70be7e765b6cb923
kubernetes-node-linux-s390x.tar.gz f6128bbccddfe8ce39762bacb5c13c6c68d76a4bf8d35e773560332eb05a2c86
kubernetes-node-windows-amd64.tar.gz b1dde1ed2582cd511236fec69ebd6ca30281b30cc37e0841c493f06924a466cf

Changelog since v1.10.0-beta.1

Action Required

  • ACTION REQUIRED: LocalStorageCapacityIsolation feature is beta and enabled by default. (#60159, @jingxu97)

Other notable changes

  • Upgrade the default etcd server version to 3.2.16 (#59836, @jpbetz)
  • Cluster Autoscaler 1.1.2 (#60842, @mwielgus)
  • ValidatingWebhooks and MutatingWebhooks will not be called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects in the admissionregistration.k8s.io group (#59840, @jennybuckley)
  • Kubeadm: CoreDNS supports migration of the kube-dns configuration to CoreDNS configuration when upgrading the service discovery from kube-dns to CoreDNS as part of Beta. (#58828, @rajansandeep)
  • Fix broken useManagedIdentityExtension for azure cloud provider (#60775, @feiskyer)
  • kubelet now notifies systemd that it has finished starting, if systemd is available and running. (#60654, @dcbw)
  • Do not count failed pods as unready in HPA controller (#60648, @bskiba)
  • fixed foreground deletion of podtemplates (#60683, @nilebox)
  • Conformance tests are added for the DaemonSet kinds in the apps/v1 group version. Deprecated versions of DaemonSet will not be tested for conformance, and conformance is only applicable to release 1.10 and later. (#60456, @kow3ns)
  • Log audit backend can now be configured to perform batching before writing events to disk. (#60237, @crassirostris)
  • Fixes potential deadlock when deleting CustomResourceDefinition for custom resources with finalizers (#60542, @liggitt)
  • fix azure file plugin failure issue on Windows after node restart (#60625, @andyzhangx)
  • Set Azure vmType to standard if it is not set in azure cloud config. (#60623, @feiskyer)
  • On cluster provision or upgrade, kubeadm generates an etcd specific CA for all etcd related certificates. (#60385, @stealthybox)
  • kube-scheduler: restores default leader election behavior. leader-elect command line parameter should "true" (#60524, @dims)
  • client-go: alpha support for exec-based credential providers (#59495, @ericchiang)

v1.10.0-beta.1

Documentation & Examples

Downloads for v1.10.0-beta.1

filename sha256 hash
kubernetes.tar.gz 428139d9877f5f94acc806cc4053b0a5f8eac2acc219f06efd0817807473dbc5
kubernetes-src.tar.gz 5bfdecdbb43d946ea965f22ec6b8a0fc7195197a523aefebc2b7b926d4252edf

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 8cc086e901fe699df5e0711438195e675e099848a72ba272b290d22abc107a93
kubernetes-client-darwin-amd64.tar.gz b2782b8f6dbfe3fa962b08606cbf3366b071b78c47794d2ef67f9d484b4af4e4
kubernetes-client-linux-386.tar.gz a4001ad2387ccb4557b15c560b0ea8ea4d7c7ed494375346e3f83c10eb9426ac
kubernetes-client-linux-amd64.tar.gz b95d354e80d9f00a883e5eeb8c2e0ceaacc0f3cc8c904cb2eca1e1b6d91462b2
kubernetes-client-linux-arm64.tar.gz 647d234c59bc1d6f8eea88624d85b09bbe1272d9e27e1f7963e03cc025530ed0
kubernetes-client-linux-arm.tar.gz 187da9ad060ac7d426811772f6c3d891a354945af6a7d8832ac7097e19d4b46d
kubernetes-client-linux-ppc64le.tar.gz 6112396b8f0e7b1401b374aa2ae6195849da7718572036b6f060a722a89dc319
kubernetes-client-linux-s390x.tar.gz 09789cf33d8eed610ad2eef7d3ae25a4b4a63ee5525e452f9094097a172a1ce9
kubernetes-client-windows-386.tar.gz 1e71bc9979c8915587cdea980dad36b0cafd502f972c051c2aa63c3bbfeceb14
kubernetes-client-windows-amd64.tar.gz 3c2978479c6f65f1cb5043ba182a0571480090298b7d62090d9bf11b043dd27d

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz d887411450bbc06e2f4a24ce3c478fe6844856a8707b3236c045d44ab93b27d2
kubernetes-server-linux-arm64.tar.gz 907f037eea90bf893520d3adeccdf29eda69eea32c564b08cecbedfd06471acd
kubernetes-server-linux-arm.tar.gz f2ac4ad4f831a970cb35c1d7194788850dff722e859a08a879c918db1233aaa7
kubernetes-server-linux-ppc64le.tar.gz 0bebb59217b491c5aa4b4b9dc740c0c8c5518872f6f86853cbe30493ea8539a5
kubernetes-server-linux-s390x.tar.gz 5f343764e04e3a8639dffe225cc6f8bc6f17e1584b2c68923708546f48d38f89

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz c4475c315d4ae27c30f80bc01d6ea8b0b8549ec6a60a5dc745cf11a0c4398c23
kubernetes-node-linux-arm64.tar.gz 4512a4c3e62cd26fb0d3f78bfc8de9a860e7d88e7c913c5df4c239536f89da42
kubernetes-node-linux-arm.tar.gz 1da407ad152b185f520f04215775a8fe176550a31a2bb79e3e82968734bdfb5c
kubernetes-node-linux-ppc64le.tar.gz f23f6f819e6d894f8ca7457f80ee4ede729fd35ac59e9c65ab031b56aa06d4a1
kubernetes-node-linux-s390x.tar.gz 205c789f52a4c666a63ac7944ffa8ee325cb97e788b748c262eae59b838a94ba
kubernetes-node-windows-amd64.tar.gz aa7675fd22d9ca671585f429f6981aa79798f1894025c3abe3a7154f3c94aae6

Changelog since v1.10.0-alpha.3

Action Required

  • [action required] Default Flexvolume plugin directory for COS images on GCE is changed to /home/kubernetes/flexvolume. (#58171, @verult)
  • action required: [GCP kube-up.sh] Some variables that were part of kube-env are no longer being set (ones only used for kubelet flags) and are being replaced by a more portable mechanism (kubelet configuration file). The individual variables in the kube-env metadata entry were never meant to be a stable interface and this release note only applies if you are depending on them. (#60020, @roberthbailey)
  • action required: Deprecate format-separated endpoints for OpenAPI spec. Please use single /openapi/v2 endpoint instead. (#59293, @roycaihw)
  • action required: kube-proxy: feature gates are now specified as a map when provided via a JSON or YAML KubeProxyConfiguration, rather than as a string of key-value pairs. (#57962, @xiangpengzhao)
  • Action Required: The boostrapped RBAC role and rolebinding for the cloud-provider service account is now deprecated. If you're currently using this service account, you must create and apply your own RBAC policy for new clusters. (#59949, @nicksardo)
  • ACTION REQUIRED: VolumeScheduling and LocalPersistentVolume features are beta and enabled by default. The PersistentVolume NodeAffinity alpha annotation is deprecated and will be removed in a future release. (#59391, @msau42)
  • action required: Deprecate the kubelet's cadvisor port. The default will change to 0 (disabled) in 1.12, and the cadvisor port will be removed entirely in 1.13. (#59827, @dashpole)
  • action required: The kubeletconfig API group has graduated from alpha to beta, and the name has changed to kubelet.config.k8s.io. Please use kubelet.config.k8s.io/v1beta1, as kubeletconfig/v1alpha1 is no longer available. (#53833, @mtaufen)
  • Action required: Default values differ between the Kubelet's componentconfig (config file) API and the Kubelet's command line. Be sure to review the default values when migrating to using a config file. (#59666, @mtaufen)
  • kube-apiserver: the experimental in-tree Keystone password authenticator has been removed in favor of extensions that enable use of Keystone tokens. (#59492, @dims)
  • The udpTimeoutMilliseconds field in the kube-proxy configuration file has been renamed to udpIdleTimeout. Action required: administrators need to update their files accordingly. (#57754, @ncdc)

Other notable changes

  • Enable IPVS feature gateway by default (#60540, @m1093782566)
  • dockershim now makes an Image's Labels available in the Info field of ImageStatusResponse (#58036, @shlevy)
  • kube-scheduler: Support extender managed extended resources in kube-scheduler (#60332, @yguo0905)
  • Fix the issue in kube-proxy iptables/ipvs mode to properly handle incorrect IP version. (#56880, @MrHohn)
  • WindowsContainerResources is set now for windows containers (#59333, @feiskyer)
  • GCE: support Cloud TPU API in cloud provider (#58029, @yguo0905)
  • The node authorizer now allows nodes to request service account tokens for the service accounts of pods running on them. (#55019, @mikedanese)
  • Fix StatefulSet to work with set-based selectors. (#59365, @ayushpateria)
  • New conformance tests added for the Garbage Collector (#60116, @jennybuckley)
  • Make NodePort IP addresses configurable (#58052, @m1093782566)
  • Implements MountDevice and UnmountDevice for the CSI Plugin, the functions will call through to NodeStageVolume/NodeUnstageVolume for CSI plugins. (#60115, @davidz627)
  • Fixes a bug where character devices are not recongized by the kubelet (#60440, @andrewsykim)
  • [fluentd-gcp addon] Switch to the image, provided by Stackdriver. (#59128, @bmoyles0117)
  • StatefulSet in apps/v1 is now included in Conformance Tests. (#60336, @enisoc)
  • K8s supports rbd-nbd for Ceph rbd volume mounts. (#58916, @ianchakeres)
  • AWS EBS volume plugin got block volume support (#58625, @screeley44)
  • Summary API will include pod CPU and Memory stats for CRI container runtime. (#60328, @Random-Liu)
  • dockertools: disable memory swap on Linux. (#59404, @ohmystack)
  • On AWS kubelet returns an error when started under conditions that do not allow it to work (AWS has not yet tagged the instance). (#60125, @vainu-arto)
  • Increase timeout of integration tests (#60458, @jennybuckley)
  • Fixes a case when Deployment with recreate strategy could get stuck on old failed Pod. (#60301, @tnozicka)
  • Buffered audit backend is introduced, to be used with other audit backends. (#60076, @crassirostris)
  • Update dashboard version to v1.8.3 (#57326, @floreks)
  • GCE PD volume plugin got block volume support (#58710, @screeley44)
  • force node name lowercase on static pod name generating (#59849, @yue9944882)
  • AWS Security Groups created for ELBs will now be tagged with the same additional tags as the ELB (i.e. the tags specified by the "service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags" annotation.) (#58767, @2rs2ts)
  • Fixes an error when deleting an NLB in AWS - Fixes #57568 (#57569, @micahhausler)
  • fix device name change issue for azure disk (#60346, @andyzhangx)
  • On cluster provision or upgrade, kubeadm now generates certs and secures all connections to the etcd static-pod with mTLS. (#57415, @stealthybox)
  • Some field names in the Kubelet's now v1beta1 config API differ from the v1alpha1 API: PodManifestPath is renamed to StaticPodPath, ManifestURL is renamed to StaticPodURL, ManifestURLHeader is renamed to StaticPodURLHeader. (#60314, @mtaufen)
  • Adds BETA support for DNSConfig field in PodSpec and DNSPolicy=None. (#59771, @MrHohn)
  • kubeadm: Demote controlplane passthrough flags to alpha flags (#59882, @kris-nova)
  • DevicePlugins feature graduates to beta. (#60170, @jiayingz)
  • Additional changes to iptables kube-proxy backend to improve performance on clusters with very large numbers of services. (#60306, @danwinship)
  • CSI now allows credentials to be specified on CreateVolume/DeleteVolume, ControllerPublishVolume/ControllerUnpublishVolume, and NodePublishVolume/NodeUnpublishVolume operations (#60118, @sbezverk)
  • Disable mount propagation for windows containers. (#60275, @feiskyer)
  • Introduced --http2-max-streams-per-connection command line flag on api-servers and set default to 1000 for aggregated API servers. (#60054, @MikeSpreitzer)
  • APIserver backed by etcdv3 exports metric showing number of resources per kind (#59757, @gmarek)
  • The DaemonSet controller, its integration tests, and its e2e tests, have been updated to use the apps/v1 API. (#59883, @kow3ns)
  • Fix image file system stats for windows nodes (#59743, @feiskyer)
  • Custom resources can be listed with a set of grouped resources (category) by specifying the categories in the CustomResourceDefinition spec. Example: They can be used with kubectl get all, where all is a category. (#59561, @nikhita)
  • [fluentd-gcp addon] Fixed bug with reporting metrics in event-exporter (#60126, @serathius)
  • Critical pods to use priorityClasses. (#58835, @ravisantoshgudimetla)
  • --show-all (which only affected pods and only for human readable/non-API printers) is now defaulted to true and deprecated. It will be inert in 1.11 and removed in a future release. (#60210, @deads2k)
  • Removed some redundant rules created by the iptables proxier, to improve performance on systems with very many services. (#57461, @danwinship)
  • Disable per-cpu metrics by default for scalability. (#60106, @dashpole)
    • Fix inaccurate disk usage monitoring of overlayFs.
    • Retry docker connection on startup timeout to avoid permanent loss of metrics.
  • When the PodShareProcessNamespace alpha feature is enabled, setting pod.Spec.ShareProcessNamespace to true will cause a single process namespace to be shared between all containers in a pod. (#60181, @verb)
  • add spelling checking script (#59463, @dixudx)
  • Allows HorizontalPodAutoscaler to use global metrics not associated with any Kubernetes object (for example metrics from a hoster service running outside of Kubernetes cluster). (#60096, @MaciekPytel)
  • fix race condition issue when detaching azure disk (#60183, @andyzhangx)
  • Add kubectl create job command (#60084, @soltysh)
  • [Alpha] Kubelet now supports container log rotation for container runtime which implements CRI(container runtime interface). (#59898, @Random-Liu)
    • The feature can be enabled with feature gate CRIContainerLogRotation.
    • The flags --container-log-max-size and --container-log-max-files can be used to configure the rotation behavior.
  • Reorganized iptables rules to fix a performance regression on clusters with thousands of services. (#56164, @danwinship)
  • StorageOS volume plugin updated to support mount options and environments where the kubelet runs in a container and the device location should be specified. (#58816, @croomes)
  • Use consts as predicate name in handlers (#59952, @resouer)
  • /status and /scale subresources are added for custom resources. (#55168, @nikhita)
  • Allow kubectl env to specify which keys to import from a config map (#60040, @PhilipGough)
  • Set default enabled admission plugins NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota (#58684, @hzxuzhonghu)
  • Fix instanceID for vmss nodes. (#59857, @feiskyer)
  • Deprecate kubectl scale jobs (only jobs). (#60139, @soltysh)
  • Adds new flag --apiserver-advertise-dns-address which is used in node kubelet.confg to point to API server (#59288, @stevesloka)
  • Fix kube-proxy flags validation for --healthz-bind-address and --metrics-bind-address to allow specifying ip:port. (#54191, @MrHohn)
  • Increase allowed lag for ssh key sync loop in tunneler to allow for one failure (#60068, @wojtek-t)
  • Flags that can be set via the Kubelet's --config file are now deprecated in favor of the file. (#60148, @mtaufen)
  • PVC Protection alpha feature was renamed to Storage Protection. Storage Protection feature is beta. (#59052, @pospispa)
  • kube-apiserver: the root /proxy paths have been removed (deprecated since v1.2). Use the /proxy subresources on objects that support HTTP proxying. (#59884, @mikedanese)
  • Set an upper bound (5 minutes) on how long the Kubelet will wait before exiting when the client cert from disk is missing or invalid. This prevents the Kubelet from waiting forever without attempting to bootstrap a new client credentials. (#59316, @smarterclayton)
  • v1.Pod now has a field to configure whether a single process namespace should be shared between all containers in a pod. This feature is in alpha preview. (#58716, @verb)
  • Priority admission controller picks a global default with the lowest priority value if more than one such default PriorityClass exists. (#59991, @bsalamat)
  • Add ipset binary for IPVS to hyperkube docker image (#57648, @Fsero)
  • kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the --oidc-signing-algs flag. (#58544, @ericchiang)
  • Rename StorageProtection to StorageObjectInUseProtection (#59901, @NickrenREN)
  • kubeadm: add criSocket field to MasterConfiguration manifiest (#59057, @JordanFaust)
  • kubeadm: add criSocket field to NodeConfiguration manifiest (#59292, @JordanFaust)
  • The PodSecurityPolicy API has been moved to the policy/v1beta1 API group. The PodSecurityPolicy API in the extensions/v1beta1 API group is deprecated and will be removed in a future release. Authorizations for using pod security policy resources should change to reference the policy API group after upgrading to 1.11. (#54933, @php-coder)
  • Restores the ability of older clients to delete and scale jobs with initContainers (#59880, @liggitt)
  • Support for resource quota on extended resources (#57302, @lichuqiang)
  • Fix race causing apiserver crashes during etcd healthchecking (#60069, @wojtek-t)
  • If TaintNodesByCondition enabled, taint node when it under PID pressure (#60008, @k82cn)
  • Expose total usage of pods through the "pods" SystemContainer in the Kubelet Summary API (#57802, @dashpole)
  • Unauthorized requests will not match audit policy rules where users or groups are set. (#59398, @CaoShuFeng)
  • Making sure CSI E2E test runs on a local cluster (#60017, @sbezverk)
  • Addressing breaking changes introduced by new 0.2.0 release of CSI spec (#59209, @sbezverk)
  • GCE: A role and clusterrole will now be provided with GCE/GKE for allowing the cloud-provider to post warning events on all services and watching configmaps in the kube-system namespace. (#59686, @nicksardo)
  • Updated PID pressure node condition (#57136, @k82cn)
  • Add AWS cloud provider option to use an assumed IAM role (#59668, @brycecarman)
  • kubectl port-forward now supports specifying a service to port forward to: kubectl port-forward svc/myservice 8443:443 (#59809, @phsiao)
  • Fix kubelet PVC stale metrics (#59170, @cofyc)
    • Separate current ARM rate limiter into read/write (#59830, @khenidak)
        • Improve control over how ARM rate limiter is used within Azure cloud provider
  • The ConfigOK node condition has been renamed to KubeletConfigOk. (#59905, @mtaufen)
  • fluentd-gcp resources can be modified via a ScalingPolicy (#59657, @x13n)
  • Adding pkg/kubelet/apis/deviceplugin/v1beta1 API. (#59588, @jiayingz)
  • Fixes volume predicate handler for equiv class (#59335, @resouer)
  • Bugfix: vSphere Cloud Provider (VCP) does not need any special service account anymore. (#59440, @rohitjogvmw)
  • Fixing a bug in OpenStack cloud provider, where dual stack deployments (IPv4 and IPv6) did not work well when using kubenet as the network plugin. (#59749, @zioproto)
  • Get parent dir via canonical absolute path when trying to judge mount-point (#58433, @yue9944882)
  • Container runtime daemon (e.g. dockerd) logs in GCE cluster will be uploaded to stackdriver and elasticsearch with tag container-runtime (#59103, @Random-Liu)
  • Add AzureDisk support for vmss nodes (#59716, @feiskyer)
  • Fixed a race condition in k8s.io/client-go/tools/cache.SharedInformer that could violate the sequential delivery guarantee and cause panics on shutdown. (#59828, @krousey)
  • Avoid hook errors when effecting label changes on kubernetes-worker charm. (#59803, @wwwtyro)
  • kubectl port-forward now allows using resource name (e.g., deployment/www) to select a matching pod, as well as allows the use of --pod-running-timeout to wait till at least one pod is running. (#59705, @phsiao)
    • kubectl port-forward no longer support deprecated -p flag
  • Deprecate insecure HTTP port of kube-controller-manager and cloud-controller-manager. Use --secure-port and --bind-address instead. (#59582, @sttts)
  • Eviction thresholds set to 0% or 100% are now ignored. (#59681, @mtaufen)
  • [advanced audit] support subresources wildcard matching. (#55306, @hzxuzhonghu)
  • CronJobs can be accessed through cj alias (#59499, @soltysh)
  • N/A (#58275, @carmark)
  • fix the error prone account creation method of blob disk (#59739, @andyzhangx)
  • Add automatic etcd 3.2->3.1 and 3.1->3.0 minor version rollback support to gcr.io/google_container/etcd images. For HA clusters, all members must be stopped before performing a rollback. (#59298, @jpbetz)
  • kubeadm init can now omit the tainting of the master node if configured to do so in kubeadm.yaml. (#55479, @ijc)
  • Updated kubernetes-worker to request new security tokens when the aws cloud provider changes the registered node name. (#59730, @hyperbolic2346)
    1. Controller-manager --service-sync-period flag is removed (was never used in the code). (#59359, @khenidak)
  • Pod priority can be specified ins PodSpec even when the feature is disabled, but it will be effective only when the feature is enabled. (#59291, @bsalamat)
  • kubeadm: Enable auditing behind a feature gate. (#59067, @chuckha)
  • Map correct vmset name for Azure internal load balancers (#59747, @feiskyer)
  • Add generic cache for Azure VMSS (#59652, @feiskyer)
  • kubeadm: New "imagePullPolicy" option in the init configuration file, that gets forwarded to kubelet static pods to control pull policy for etcd and control plane images. (#58960, @rosti)
  • fix the create azure file pvc failure if there is no storage account in current resource group (#56557, @andyzhangx)
  • Add generic cache for Azure VM/LB/NSG/RouteTable (#59520, @feiskyer)
  • The alpha KubeletConfiguration.ConfigTrialDuration field is no longer available. (#59628, @mtaufen)
  • Updates Calico version to v2.6.7 (Fixed a bug where Felix would crash when parsing a NetworkPolicy with a named port. See https://github.com/projectcalico/calico/releases/tag/v2.6.7) (#59130, @caseydavenport)
  • return error if New-SmbGlobalMapping failed when mounting azure file on Windows (#59540, @andyzhangx)
  • Disallow PriorityClass names with 'system-' prefix for user defined priority classes. (#59382, @bsalamat)
  • Fixed an issue where Portworx volume driver wasn't passing namespace and annotations to the Portworx Create API. (#59607, @harsh-px)
  • Enable apiserver metrics for custom resources. (#57682, @nikhita)
  • fix typo (#59619, @jianliao82)
    • incase -> in case
    • selction -> selection
  • Implement envelope service with gRPC, so that KMS providers can be pulled out from API server. (#55684, @wu-qiang)
  • Enable golint for pkg/scheduler and fix the golint errors in it. (#58437, @tossmilestone)
  • AWS: Make attach/detach operations faster. from 10-12s to 2-6s (#56974, @gnufied)
  • CRI starts using moutpoint as image filesystem identifier instead of UUID. (#59475, @Random-Liu)
  • DaemonSet, Deployment, ReplicaSet, and StatefulSet objects are now persisted in etcd in apps/v1 format (#58854, @liggitt)
  • 'none' can now be specified in KubeletConfiguration.EnforceNodeAllocatable (--enforce-node-allocatable) to explicitly disable enforcement. (#59515, @mtaufen)
  • vSphere Cloud Provider supports VMs provisioned on vSphere v1.6.5 (#59519, @abrarshivani)
  • Annotations is added to advanced audit api (#58806, @CaoShuFeng)
  • 2nd try at using a vanity GCR name (#57824, @thockin)
  • Node's providerID is following Azure resource ID format now when useInstanceMetadata is enabled (#59539, @feiskyer)
  • Block Volume Support: Local Volume Plugin update (#59303, @dhirajh)
  • [action-required] The Container Runtime Interface (CRI) version has increased from v1alpha1 to v1alpha2. Runtimes implementing the CRI will need to update to the new version, which configures container namespaces using an enumeration rather than booleans. (#58973, @verb)
  • Fix the bug where kubelet in the standalone mode would wait for the update from the apiserver source. (#59276, @roboll)
  • Add "keyring" parameter for Ceph RBD provisioner (#58287, @madddi)
  • Ensure euqiv hash calculation is per schedule (#59245, @resouer)
  • kube-scheduler: Use default predicates/prioritizers if they are unspecified in the policy config (#59363, @yguo0905)
  • Fixed charm issue where docker login would run prior to daemon options being set. (#59396, @kwmonroe)
  • Implementers of the cloud provider interface will note the addition of a context to this interface. Trivial code modification will be necessary for a cloud provider to continue to compile. (#59287, @cheftako)
  • /release-note-none (#58264, @WanLinghao)
  • Use a more reliable way to get total physical memory on windows nodes (#57124, @JiangtianLi)
  • Add xfsprogs to hyperkube container image. (#56937, @redbaron)
  • Ensure Azure public IP removed after service deleted (#59340, @feiskyer)
  • Improve messages user gets during and after volume resizing is done. (#58415, @gnufied)
  • Fix RBAC permissions for Stackdriver Metadata Agent. (#57455, @kawych)
  • Scheduler should be able to read from config file if configmap is not present. (#59386, @ravisantoshgudimetla)
  • MountPropagation feature is now beta. As consequence, all volume mounts in containers are now "rslave" on Linux by default. (#59252, @jsafrane)
  • Fix RBAC role for certificate controller to allow cleaning. (#59375, @mikedanese)
  • Volume metrics support for vSphere Cloud Provider (#59328, @divyenpatel)
  • Announcing the deprecation of the recycling reclaim policy. (#59063, @ayushpateria)
  • Intended for post-1.9 (#57872, @mlmhl)
  • The meta.k8s.io/v1alpha1 objects for retrieving tabular responses from the server (Table) or fetching just the ObjectMeta for an object (as PartialObjectMetadata) are now beta as part of meta.k8s.io/v1beta1. Clients may request alternate representations of normal Kubernetes objects by passing an Accept header like application/json;as=Table;g=meta.k8s.io;v=v1beta1 or application/json;as=PartialObjectMetadata;g=meta.k8s.io;v1=v1beta1. Older servers will ignore this representation or return an error if it is not available. Clients may request fallback to the normal object by adding a non-qualified mime-type to their Accept header like application/json - the server will then respond with either the alternate representation if it is supported or the fallback mime-type which is the normal object response. (#59059, @smarterclayton)
  • add PV size grow feature for azure file (#57017, @andyzhangx)
  • Upgrade default etcd server version to 3.2.14 (#58645, @jpbetz)
  • Add windows config to Kubelet CRI (#57076, @feiskyer)
  • Configurable etcd quota backend bytes in GCE (#59259, @wojtek-t)
  • Remove unmaintained kube-registry-proxy support from gce kube-up. (#58564, @mikedanese)
  • Allow expanding mounted volumes (#58794, @gnufied)
  • Upped the timeout for apiserver communication in the juju kubernetes-worker charm. (#59219, @hyperbolic2346)
  • kubeadm init: skip checking cri socket in preflight checks (#58802, @dixudx)
  • Add "nominatedNodeName" field to PodStatus. This field is set when a pod preempts other pods on the node. (#58990, @bsalamat)
  • Changes secret, configMap, downwardAPI and projected volumes to mount read-only, instead of allowing applications to write data and then reverting it automatically. Until version 1.11, setting the feature gate ReadOnlyAPIDataVolumes=false will preserve the old behavior. (#58720, @joelsmith)
  • Fixed issue with charm upgrades resulting in an error state. (#59064, @hyperbolic2346)
  • Ensure IP is set for Azure internal load balancer. (#59083, @feiskyer)
  • Postpone PV deletion when it is being bound to a PVC (#58743, @NickrenREN)
  • Add V1beta1 VolumeAttachment API, co-existing with Alpha API object (#58462, @NickrenREN)
  • When using client or server certificate rotation, the Kubelet will no longer wait until the initial rotation succeeds or fails before starting static pods. This makes running self-hosted masters with rotation more predictable. (#58930, @smarterclayton)

v1.10.0-alpha.3

Documentation & Examples

Downloads for v1.10.0-alpha.3

filename sha256 hash
kubernetes.tar.gz 246f0373ccb25a243a387527b32354b69fc2211c422e71479d22bfb3a829c8fb
kubernetes-src.tar.gz f9c60bb37fb7b363c9f66d8efd8aa5a36ea2093c61317c950719b3ddc86c5e10

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz ca8dfd7fbd34478e7ba9bba3779fcca08f7efd4f218b0c8a7f52bbeea0f42cd7
kubernetes-client-darwin-amd64.tar.gz 713c35d99f44bd19d225d2c9f2d7c4f3976b5dd76e9a817b2aaf68ee0cb5a939
kubernetes-client-linux-386.tar.gz 7601e55e3bb0f0fc11611c68c4bc000c3cbbb7a09652c386e482a1671be7e2d6
kubernetes-client-linux-amd64.tar.gz 8a6c498531c1832176e22d622008a98bac6043f05dec96747649651531ed3fd7
kubernetes-client-linux-arm64.tar.gz 81561820fb5a000152e9d8d94882e0ed6228025ea7973ee98173b5fc89d62a42
kubernetes-client-linux-arm.tar.gz 6ce8c3ed253a10d78e62e000419653a29c411cd64910325b21ff3370cb0a89eb
kubernetes-client-linux-ppc64le.tar.gz a46b42c94040767f6bbf2ce10aef36d8dbe94c0069f866a848d69b2274f8f0bc
kubernetes-client-linux-s390x.tar.gz fa3e656b612277fc4c303aef95c60b58ed887e36431db23d26b536f226a23cf6
kubernetes-client-windows-386.tar.gz 832e12266495ac55cb54a999bc5ae41d42d160387b487d8b4ead577d96686b62
kubernetes-client-windows-amd64.tar.gz 7056a3eb5a8f9e8fa0326aa6e0bf97fc5b260447315f8ec7340be5747a16f5fd

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz dc8e2be2fcb6477249621fb5c813c853371a3bf8732c5cb3a6d6cab667cfa324
kubernetes-server-linux-arm64.tar.gz 399071ad9042a72bccd6e1aa322405c02b4a807c0b4f987d608c4c9c369979d6
kubernetes-server-linux-arm.tar.gz 7457ad16665e331fa9224a3d61690206723721197ad9760c3b488de9602293f5
kubernetes-server-linux-ppc64le.tar.gz ffcb728d879c0347bd751c9bccac3520bb057d203ba1acd55f8c727295282049
kubernetes-server-linux-s390x.tar.gz f942f6e15886a1fb0d91d04adf47677068c56070dff060f38c371c3ee3e99648

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 81b22beb30be9d270016c7b35b86ea585f29c0c5f09128da9341f9f67c8865f9
kubernetes-node-linux-arm64.tar.gz d9020b99c145f44c519b1a95b55ed24e69d9c679a02352c7e05e86042daca9d1
kubernetes-node-linux-arm.tar.gz 1d10bee4ed62d70b318f5703b2cd8295a08e199f810d6b361f367907e3f01fb6
kubernetes-node-linux-ppc64le.tar.gz 67cd4dde212abda37e6f9e6dee1bb59db96e0727100ef0aa561c15562df0f3e1
kubernetes-node-linux-s390x.tar.gz 362b030e011ea6222b1f2dec62311d3971bcce4dba94997963e2a091efbf967b
kubernetes-node-windows-amd64.tar.gz e609a2b0410acbb64d3ee6d7f134d98723d82d05bdbead1eaafd3584d3e45c39

Changelog since v1.10.0-alpha.2

Other notable changes

  • Fixed issue with kubernetes-worker option allow-privileged not properly handling the value True with a capital T. (#59116, @hyperbolic2346)
  • Added anti-affinity to kube-dns pods (#57683, @vainu-arto)
  • cloudprovider/openstack: fix bug the tries to use octavia client to query flip (#59075, @jrperritt)
  • Windows containers now support experimental Hyper-V isolation by setting annotation experimental.windows.kubernetes.io/isolation-type=hyperv and feature gates HyperVContainer. Only one container per pod is supported yet. (#58751, @feiskyer)
  • crds is added as a shortname for CustomResourceDefinition i.e. kubectl get crds can now be used. (#59061, @nikhita)
  • Fix an issue where port forwarding doesn't forward local TCP6 ports to the pod (#57457, @vfreex)
  • YAMLDecoder Read now tracks rest of buffer on io.ErrShortBuffer (#58817, @karlhungus)
  • Prevent kubelet from getting wedged if initialization of modules returns an error. (#59020, @brendandburns)
  • Fixed a race condition inside kubernetes-worker that would result in a temporary error situation. (#59005, @hyperbolic2346)
  • [GCE] Apiserver uses InternalIP as the most preferred kubelet address type by default. (#59019, @MrHohn)
  • Deprecate insecure flags --insecure-bind-address, --insecure-port and remove --public-address-override. (#59018, @hzxuzhonghu)
  • Support GetLabelsForVolume in OpenStack Provider (#58871, @edisonxiang)
  • Build using go1.9.3. (#59012, @ixdy)
  • CRI: Add a call to reopen log file for a container. (#58899, @yujuhong)
  • The alpha KubeletConfigFile feature gate has been removed, because it was redundant with the Kubelet's --config flag. It is no longer necessary to set this gate to use the flag. The --config flag is still considered alpha. (#58978, @mtaufen)
  • kubectl scale can now scale any resource (kube, CRD, aggregate) conforming to the standard scale endpoint (#58298, @p0lyn0mial)
  • kube-apiserver flag --tls-ca-file has had no effect for some time. It is now deprecated and slated for removal in 1.11. If you are specifying this flag, you must remove it from your launch config before upgrading to 1.11. (#58968, @deads2k)
  • Fix regression in the CRI: do not add a default hostname on short image names (#58955, @runcom)
  • Get windows kernel version directly from registry (#58498, @feiskyer)
  • Remove deprecated --require-kubeconfig flag, remove default --kubeconfig value (#58367, @zhangxiaoyu-zidif)
  • Google Cloud Service Account email addresses can now be used in RBAC (#58141, @ahmetb)
    • Role bindings since the default scopes now include the "userinfo.email"
    • scope. This is a breaking change if the numeric uniqueIDs of the Google
    • service accounts were being used in RBAC role bindings. The behavior
    • can be overridden by explicitly specifying the scope values as
    • comma-separated string in the "users[*].config.scopes" field in the
    • KUBECONFIG file.
  • kube-apiserver is changed to use SSH tunnels for webhook iff the webhook is not directly routable from apiserver's network environment. (#58644, @yguo0905)
  • Updated priority of mirror pod according to PriorityClassName. (#58485, @k82cn)
  • Fixes a bug where kubelet crashes trying to free memory under memory pressure (#58574, @yastij)

v1.10.0-alpha.2

Documentation & Examples

Downloads for v1.10.0-alpha.2

filename sha256 hash
kubernetes.tar.gz 89efeb8b16c40e5074f092f51399995f0fe4a0312367a8f54bd227c3c6fcb629
kubernetes-src.tar.gz eefbbf435f1b7a0e416f4e6b2c936c49ce5d692994da8d235c5e25bc408eec57

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 878366200ddfb9128a133d7d377057c6f878b24357062cf5243c0f0aac26b292
kubernetes-client-darwin-amd64.tar.gz dc065b9ecfa513607eac6e7dd125b2c25c9a9e7c13d0b2b6e56586e17bbd6ae5
kubernetes-client-linux-386.tar.gz 93c2462051935d8f6bca6c72d09948963d47cd64426660f63e0cea7d37e24812
kubernetes-client-linux-amd64.tar.gz 0eef61285fad1f9ff8392c59986d3a41887abc642bcb5cb451c5a5300927e2c4
kubernetes-client-linux-arm64.tar.gz 6cf7913730a57b503beaf37f5c4d0f97789358983ed03654036f8b986b60cc62
kubernetes-client-linux-arm.tar.gz f03c3ecbf4c08d263f2daa8cbe838e20452d6650b80e9a74762c155c26a579b7
kubernetes-client-linux-ppc64le.tar.gz 25a2f93ebb721901d262adae4c0bdaa4cf1293793e9dff4507e031b85f46aff8
kubernetes-client-linux-s390x.tar.gz 3e0b9ef771f36edb61bd61ccb67996ed41793c01f8686509bf93e585ee882c94
kubernetes-client-windows-386.tar.gz 387e5e6b0535f4f5996c0732f1b591d80691acaec86e35482c7b90e00a1856f7
kubernetes-client-windows-amd64.tar.gz c10a72d40252707b732d33d03beec3c6380802d0a6e3214cbbf4af258fddf28c

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 42c1e016e8b0c5cc36c7bf574abca18c63e16d719d35e19ddbcbcd5aaeabc46c
kubernetes-server-linux-arm64.tar.gz b7774c54344c75bf5c703d4ca271f0af6c230e86cbe40eafd9cbf98a4f4be6e9
kubernetes-server-linux-arm.tar.gz c11c8554506b64d6fd1a6e79bfc4e1e19f4f826b9ba98de81bc757901e8cdc43
kubernetes-server-linux-ppc64le.tar.gz 196bd957804b2a9049189d225e49bf78e52e9adef12c072128e4e85d35da438e
kubernetes-server-linux-s390x.tar.gz be12fbea28a6cb089734782fe11e6f90a30785b9ad1ec02bc08a59afeb95c173

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz a1feb239dfc473b49adf95d7d94e4a9c6c7d07416d4e935e3fc10175ffaa7163
kubernetes-node-linux-arm64.tar.gz 26583c0bd08313bdc0bdfba6745f3ccd0f117431d3a5e2623bb5015675d506b8
kubernetes-node-linux-arm.tar.gz 79c6299a5482467e3e85ee881f21edf5d491bc28c94e547d9297d1e1ad1b7458
kubernetes-node-linux-ppc64le.tar.gz 2732fd288f1eac44c599423ce28cbdb85b54a646970a3714be5ff86d1b14b5e2
kubernetes-node-linux-s390x.tar.gz 8d49432f0ff3baf55e71c29fb6ffc1673b2a45b9eae2e1906138b1409da53940
kubernetes-node-windows-amd64.tar.gz 15ff74edfa98cd1afadcc4e53dd592b1e2935fbab76ad731309d355ae23bdd09

Changelog since v1.10.0-alpha.1

Action Required

  • Bug fix: webhooks now do not skip cluster-scoped resources (#58185, @caesarxuchao)
    • Action required: Before upgrading your Kubernetes clusters, double check if you had configured webhooks for cluster-scoped objects (e.g., nodes, persistentVolume), these webhooks will start to take effect. Delete/modify the configs if that's not desirable.

Other notable changes

  • Fixing extra_sans option on master and load balancer. (#58843, @hyperbolic2346)
  • ConfigMap objects now support binary data via a new binaryData field. When using kubectl create configmap --from-file, files containing non-UTF8 data will be placed in this new field in order to preserve the non-UTF8 data. Use of this feature requires 1.10+ apiserver and kubelets. (#57938, @dims)
  • New alpha feature to limit the number of processes running in a pod. Cluster administrators will be able to place limits by using the new kubelet command line parameter --pod-max-pids. Note that since this is a alpha feature they will need to enable the "SupportPodPidsLimit" feature. (#57973, @dims)
  • Add storage-backend configuration option to kubernetes-master charm. (#58830, @wwwtyro)
  • use containing API group when resolving shortname from discovery (#58741, @dixudx)
  • Fix kubectl explain for resources not existing in default version of API group (#58753, @soltysh)
  • Ensure config has been created before attempting to launch ingress. (#58756, @wwwtyro)
  • Access to externally managed IP addresses via the kube-apiserver service proxy subresource is no longer allowed by default. This can be re-enabled via the ServiceProxyAllowExternalIPs feature gate, but will be disallowed completely in 1.11 (#57265, @brendandburns)
  • Added support for external cloud providers in kubeadm (#58259, @dims)
  • rktnetes has been deprecated in favor of rktlet. Please see https://github.com/kubernetes-incubator/rktlet for more information. (#58418, @yujuhong)
  • Fixes bug finding master replicas in GCE when running multiple Kubernetes clusters (#58561, @jesseshieh)
  • Update Calico version to v2.6.6 (#58482, @tmjd)
  • Promoting the apiregistration.k8s.io (aggregation) to GA (#58393, @deads2k)
  • Stability: Make Pod delete event handling of scheduler more robust. (#58712, @bsalamat)
  • Added support for network spaces in the kubeapi-load-balancer charm (#58708, @hyperbolic2346)
  • Added support for network spaces in the kubernetes-master charm (#58704, @hyperbolic2346)
  • update etcd unified version to 3.1.10 (#54242, @zouyee)
  • updates fluentd in fluentd-es-image to fluentd 1.1.0 (#58525, @monotek)
  • Support metrics API in kubectl top commands. (#56206, @brancz)
  • Added support for network spaces in the kubernetes-worker charm (#58523, @hyperbolic2346)
  • CustomResourceDefinitions: OpenAPI v3 validation schemas containing $refreferences are no longer permitted (valid references could not be constructed previously because property ids were not permitted either). Before upgrading, ensure CRD definitions do not include those $ref fields. (#58438, @carlory)
  • Openstack: register metadata.hostname as node name (#58502, @dixudx)
  • Added nginx and default backend images to kubernetes-worker config. (#58542, @hyperbolic2346)
  • --tls-min-version on kubelet and kube-apiserver allow for configuring minimum TLS versions (#58528, @deads2k)
  • Fixes an issue where the resourceVersion of an object in a DELETE watch event was not the resourceVersion of the delete itself, but of the last update to the object. This could disrupt the ability of clients clients to re-establish watches properly. (#58547, @liggitt)
  • Fixed crash in kubectl cp when path has multiple leading slashes (#58144, @tomerf)
  • kube-apiserver: requests to endpoints handled by unavailable extension API servers (as indicated by an Available condition of false in the registered APIService) now return 503 errors instead of 404 errors. (#58070, @weekface)
  • Correctly handle transient connection reset errors on GET requests from client library. (#58520, @porridge)
  • Authentication information for OpenStack cloud provider can now be specified as environment variables (#58300, @dims)
  • Bump GCE metadata proxy to v0.1.9 to pick up security fixes. (#58221, @ihmccreery)
    • kubeadm now supports CIDR notations in NO_PROXY environment variable (#53895, @kad)
  • kubeadm now accept --apiserver-extra-args, --controller-manager-extra-args and --scheduler-extra-args to override / specify additional flags for control plane components (#58080, @simonferquel)
  • Add --enable-admission-plugin --disable-admission-plugin flags and deprecate --admission-control. (#58123, @hzxuzhonghu)
    • Afterwards, don't care about the orders specified in the flags.
  • "ExternalTrafficLocalOnly" has been removed from feature gate. It has been a GA feature since v1.7. (#56948, @MrHohn)
  • GCP: allow a master to not include a metadata concealment firewall rule (if it's not running the metadata proxy). (#58104, @ihmccreery)
  • kube-apiserver: fixes loading of --admission-control-config-file containing AdmissionConfiguration apiserver.k8s.io/v1alpha1 config object (#58439, @liggitt)
  • Fix issue when using OpenStack config drive for node metadata (#57561, @dims)
  • Add FSType for CSI volume source to specify filesystems (#58209, @NickrenREN)
  • OpenStack cloudprovider: Ensure orphaned routes are removed. (#56258, @databus23)
  • Reduce Metrics Server memory requirement (#58391, @kawych)
  • Fix a bug affecting nested data volumes such as secret, configmap, etc. (#57422, @joelsmith)
  • kubectl now enforces required flags at a more fundamental level (#53631, @dixudx)
  • Remove alpha Initializers from kubadm admission control (#58428, @dixudx)
  • Enable ValidatingAdmissionWebhook and MutatingAdmissionWebhook in kubeadm from v1.9 (#58255, @dixudx)
  • Fixed encryption key and encryption provider rotation (#58375, @liggitt)
  • set fsGroup by securityContext.fsGroup in azure file (#58316, @andyzhangx)
  • Remove deprecated and unmaintained salt support. kubernetes-salt.tar.gz will no longer be published in the release tarball. (#58248, @mikedanese)
  • Detach and clear bad disk URI (#58345, @rootfs)
  • Allow version arg in kubeadm upgrade apply to be optional if config file already have version info (#53220, @medinatiger)
  • feat(fakeclient): push event on watched channel on add/update/delete (#57504, @yue9944882)
  • Custom resources can now be submitted to and received from the API server in application/yaml format, consistent with other API resources. (#58260, @liggitt)
  • remove spaces from kubectl describe hpa (#56331, @shiywang)
  • fluentd-gcp updated to version 2.0.14. (#58224, @zombiezen)
  • Instrument the Azure cloud provider for Prometheus monitoring. (#58204, @cosmincojocar)
  • -Add scheduler optimization options, short circuit all predicates if … (#56926, @wgliang)
  • Remove deprecated ContainerVM support from GCE kube-up. (#58247, @mikedanese)
  • Remove deprecated kube-push.sh functionality. (#58246, @mikedanese)
  • The getSubnetIDForLB() should return subnet id rather than net id. (#58208, @FengyunPan)
  • Avoid panic when failing to allocate a Cloud CIDR (aka GCE Alias IP Range). (#58186, @negz)
  • Handle Unhealthy devices (#57266, @vikaschoudhary16)
  • Expose Metrics Server metrics via /metric endpoint. (#57456, @kawych)
  • Remove deprecated container-linux support in gce kube-up.sh. (#58098, @mikedanese)
  • openstack cinder detach problem is fixed if nova is shutdowned (#56846, @zetaab)
  • Fixes a possible deadlock preventing quota from being recalculated (#58107, @ironcladlou)
  • fluentd-es addon: multiline stacktraces are now grouped into one entry automatically (#58063, @monotek)
  • GCE: Allows existing internal load balancers to continue using an outdated subnetwork (#57861, @nicksardo)
  • ignore images in used by running containers when GC (#57020, @dixudx)
  • Remove deprecated and unmaintained photon-controller kube-up.sh. (#58096, @mikedanese)
  • The kubelet flag to run docker containers with a process namespace that is shared between all containers in a pod is now deprecated and will be replaced by a new field in v1.Pod that configures this behavior. (#58093, @verb)
  • fix device name change issue for azure disk: add remount logic (#57953, @andyzhangx)
  • The Kubelet now explicitly registers all of its command-line flags with an internal flagset, which prevents flags from third party libraries from unintentionally leaking into the Kubelet's command-line API. Many unintentionally leaked flags are now marked deprecated, so that users have a chance to migrate away from them before they are removed. One previously leaked flag, --cloud-provider-gce-lb-src-cidrs, was entirely removed from the Kubelet's command-line API, because it is irrelevant to Kubelet operation. (#57613, @mtaufen)
  • Remove deprecated and unmaintained libvirt-coreos kube-up.sh. (#58023, @mikedanese)
  • Remove deprecated and unmaintained windows installer. (#58020, @mikedanese)
  • Remove deprecated and unmaintained openstack-heat kube-up.sh. (#58021, @mikedanese)
  • Fixes authentication problem faced during various vSphere operations. (#57978, @prashima)
  • fluentd-gcp updated to version 2.0.13. (#57789, @x13n)
  • Add support for cloud-controller-manager in local-up-cluster.sh (#57757, @dims)
  • Update CSI spec dependency to point to v0.1.0 tag (#57989, @NickrenREN)
  • Update kube-dns to Version 1.14.8 that includes only small changes to how Prometheus metrics are collected. (#57918, @rramkumar1)
  • Add proxy_read_timeout flag to kubeapi_load_balancer charm. (#57926, @wwwtyro)
  • Adding support for Block Volume type to rbd plugin. (#56651, @sbezverk)
  • Fixes a bug in Heapster deployment for google sink. (#57902, @kawych)
  • Forbid unnamed contexts in kubeconfigs. (#56769, @dixudx)
  • Upgrade to etcd client 3.2.13 and grpc 1.7.5 to improve HA etcd cluster stability. (#57480, @jpbetz)
  • Default scheduler code is moved out of the plugin directory. (#57852, @misterikkit)
    • plugin/pkg/scheduler -> pkg/scheduler
    • plugin/cmd/kube-scheduler -> cmd/kube-scheduler
  • Bump metadata proxy version to v0.1.7 to pick up security fix. (#57762, @ihmccreery)
  • HugePages feature is beta (#56939, @derekwaynecarr)
  • GCE: support passing kube-scheduler policy config via SCHEDULER_POLICY_CONFIG (#57425, @yguo0905)
  • Returns an error for non overcommitable resources if they don't have limit field set in container spec. (#57170, @jiayingz)
  • Update defaultbackend image to 1.4 and deployment apiVersion to apps/v1 (#57866, @zouyee)
  • kubeadm: set kube-apiserver advertise address using downward API (#56084, @andrewsykim)
  • CDK nginx ingress is now handled via a daemon set. (#57530, @hyperbolic2346)
  • The kubelet uses a new release 3.1 of the pause container with the Docker runtime. This version will clean up orphaned zombie processes that it inherits. (#57517, @verb)
  • Allow kubectl set image|env on a cronjob (#57742, @soltysh)
  • Move local PV negative scheduling tests to integration (#57570, @sbezverk)
  • fix azure disk not available issue when device name changed (#57549, @andyzhangx)
  • Only create Privileged PSP binding during e2e tests if RBAC is enabled. (#56382, @mikkeloscar)
  • RBAC: The system:kubelet-api-admin cluster role can be used to grant full access to the kubelet API (#57128, @liggitt)
  • Allow kubernetes components to react to SIGTERM signal and shutdown gracefully. (#57756, @mborsz)
  • ignore nonexistent ns net file error when deleting container network in case a retry (#57697, @dixudx)
  • check psp HostNetwork in DenyEscalatingExec admission controller. (#56839, @hzxuzhonghu)
  • The alpha --init-config-dir flag has been removed. Instead, use the --config flag to reference a kubelet configuration file directly. (#57624, @mtaufen)
  • Add cache for VM get operation in azure cloud provider (#57432, @karataliu)
  • Fix garbage collection when the controller-manager uses --leader-elect=false (#57340, @jmcmeek)
  • iSCSI sessions managed by kubernetes will now explicitly set startup.mode to 'manual' to (#57475, @stmcginnis)
    • prevent automatic login after node failure recovery. This is the default open-iscsi mode, so
    • this change will only impact users who have changed their startup.mode to be 'automatic'
    • in /etc/iscsi/iscsid.conf.
  • Configurable liveness probe initial delays for etcd and kube-apiserver in GCE (#57749, @wojtek-t)
  • Fixed garbage collection hang (#57503, @liggitt)
  • Fixes controller manager crash in certain vSphere cloud provider environment. (#57286, @rohitjogvmw)
  • Remove useInstanceMetadata parameter from Azure cloud provider. (#57647, @feiskyer)
  • Support multiple scale sets in Azure cloud provider. (#57543, @feiskyer)
  • GCE: Fixes ILB creation on automatic networks with manually created subnetworks. (#57351, @nicksardo)
  • Improve scheduler performance of MatchInterPodAffinity predicate. (#57476, @misterikkit)
  • Improve scheduler performance of MatchInterPodAffinity predicate. (#57477, @misterikkit)
  • Improve scheduler performance of MatchInterPodAffinity predicate. (#57478, @misterikkit)
  • Allow use resource ID to specify public IP address in azure_loadbalancer (#53557, @yolo3301)
  • Fixes a bug where if an error was returned that was not an autorest.DetailedError we would return "not found", nil which caused nodes to go to NotReady state. (#57484, @brendandburns)
  • Add the path '/version/' to the system:discovery cluster role. (#57368, @brendandburns)
  • Fixes issue creating docker secrets with kubectl 1.9 for accessing docker private registries. (#57463, @dims)
  • adding predicates ordering for the kubernetes scheduler. (#57168, @yastij)
  • Free up CPU and memory requested but unused by Metrics Server Pod Nanny. (#57252, @kawych)
  • The alpha Accelerators feature gate is deprecated and will be removed in v1.11. Please use device plugins instead. They can be enabled using the DevicePlugins feature gate. (#57384, @mindprince)
  • Fixed dynamic provisioning of GCE PDs to round to the next GB instead of GiB (#56600, @edisonxiang)
  • Separate loop and plugin control (#52371, @cheftako)
  • Use old dns-ip mechanism with older cdk-addons. (#57403, @wwwtyro)
  • Retry 'connection refused' errors when setting up clusters on GCE. (#57394, @mborsz)
  • Upgrade to etcd client 3.2.11 and grpc 1.7.5 to improve HA etcd cluster stability. (#57160, @jpbetz)
  • Added the ability to select pods in a chosen node to be drained, based on given pod label-selector (#56864, @juanvallejo)
  • Wait for kubedns to be ready when collecting the cluster IP. (#57337, @wwwtyro)
  • Use "k8s.gcr.io" for container images rather than "gcr.io/google_containers". This is just a redirect, for now, so should not impact anyone materially. (#54174, @thockin)
    • Documentation and tools should all convert to the new name. Users should take note of this in case they see this new name in the system.
  • Fix ipvs proxier nodeport eth* assumption (#56685, @m1093782566)

v1.10.0-alpha.1

Documentation & Examples

Downloads for v1.10.0-alpha.1

filename sha256 hash
kubernetes.tar.gz 403b90bfa32f7669b326045a629bd15941c533addcaf0c49d3c3c561da0542f2
kubernetes-src.tar.gz 266da065e9eddf19d36df5ad325f2f854101a0e712766148e87d998e789b80cf

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 5aaa8e294ae4060d34828239e37f37b45fa5a69508374be668965102848626be
kubernetes-client-darwin-amd64.tar.gz 40a8e3bab11b88a2bb8e748f0b29da806d89b55775508039abe9c38c5f4ab97d
kubernetes-client-linux-386.tar.gz e08dde0b561529f0b2bb39c141f4d7b1c943749ef7c1f9779facf5fb5b385d6a
kubernetes-client-linux-amd64.tar.gz 76a05d31acaab932ef45c67e1d6c9273933b8bc06dd5ce9bad3c7345d5267702
kubernetes-client-linux-arm64.tar.gz 4b833c9e80f3e4ac4958ea0ffb5ae564b31d2a524f6a14e58802937b2b936d73
kubernetes-client-linux-arm.tar.gz f1484ab75010a2258ed7717b1284d0c139d17e194ac9e391b8f1c0999eec3c2d
kubernetes-client-linux-ppc64le.tar.gz da884f09ec753925b2c1f27ea0a1f6c3da2056855fc88f47929bb3d6c2a09312
kubernetes-client-linux-s390x.tar.gz c486f760c6707fc92d1659d3cbe33d68c03190760b73ac215957ee52f9c19195
kubernetes-client-windows-386.tar.gz 514c550b7ff85ac33e6ed333bcc06461651fe4004d8b7c12ca67f5dc1d2198bf
kubernetes-client-windows-amd64.tar.gz ddad59222f6a8cb4e88c4330c2a967c4126cb22ac5e0d7126f9f65cca0fb9f45

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 514efd798ce1d7fe4233127f3334a3238faad6c26372a2d457eff02cbe72d756
kubernetes-server-linux-arm64.tar.gz f71f75fb96221f65891fc3e04fd52ae4e5628da8b7b4fbedece3fab4cb650afa
kubernetes-server-linux-arm.tar.gz a9d8c2386813fd690e60623a6ee1968fe8f0a1a8e13bc5cc12b2caf8e8a862e1
kubernetes-server-linux-ppc64le.tar.gz 21336a5e40aead4e2ec7e744a99d72bf8cb552341f3141abf8f235beb250cd93
kubernetes-server-linux-s390x.tar.gz 257e44d38fef83f08990b6b9b5e985118e867c0c33f0e869f0900397b9d30498

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 97bf1210f0595ebf496ca7b000c4367f8a459d97ef72459efc6d0e07a072398f
kubernetes-node-linux-arm64.tar.gz eebcd3c14fb4faeb82ab047a2152db528adc2d9f7b20eef6f5dc58202ebe3124
kubernetes-node-linux-arm.tar.gz 3d4428416c775a0a6463f623286bd2ecdf9240ce901e1fbae180dfb564c53ea1
kubernetes-node-linux-ppc64le.tar.gz 5cc96b24fad0ac1779a66f9b136d90e975b07bf619fea905e6c26ac5a4c41168
kubernetes-node-linux-s390x.tar.gz 134c13338edf4efcd511f4161742fbaa6dc232965d3d926c3de435e8a080fcbb
kubernetes-node-windows-amd64.tar.gz ae54bf2bbcb99cdcde959140460d0f83c0ecb187d060b594ae9c5349960ab055

Changelog since v1.9.0

Action Required

  • [action required] Remove the kubelet's --cloud-provider=auto-detect feature (#56287, @stewart-yu)

Other notable changes

  • Fix Heapster configuration and Metrics Server configuration to enable overriding default resource requirements. (#56965, @kawych)
  • YAMLDecoder Read now returns the number of bytes read (#57000, @sel)
  • Retry 'connection refused' errors when setting up clusters on GCE. (#57324, @mborsz)
  • Update kubeadm's minimum supported Kubernetes version in v1.10.x to v1.9.0 (#57233, @xiangpengzhao)
  • Graduate CPU Manager feature from alpha to beta. (#55977, @ConnorDoyle)
  • Drop hacks used for Mesos integration that was already removed from main kubernetes repository (#56754, @dims)
  • Compare correct file names for volume detach operation (#57053, @prashima)
  • Improved event generation in volume mount, attach, and extend operations (#56872, @davidz627)
  • GCE: bump COS image version to cos-stable-63-10032-71-0 (#57204, @yujuhong)
  • fluentd-gcp updated to version 2.0.11. (#56927, @x13n)
  • calico-node addon tolerates all NoExecute and NoSchedule taints by default. (#57122, @caseydavenport)
  • Support LoadBalancer for Azure Virtual Machine Scale Sets (#57131, @feiskyer)
  • Makes the kube-dns addon optional so that users can deploy their own DNS solution. (#57113, @wwwtyro)
  • Enabled log rotation for load balancer's api logs to prevent running out of disk space. (#56979, @hyperbolic2346)
  • Remove ScrubDNS interface from cloudprovider. (#56955, @feiskyer)
  • Fix etcd-version-monitor to backward compatibly support etcd 3.1 go-grpc-prometheus metrics format. (#56871, @jpbetz)
  • enable flexvolume on Windows node (#56921, @andyzhangx)
  • When using Role-Based Access Control, the "admin", "edit", and "view" roles now have the expected permissions on NetworkPolicy resources. (#56650, @danwinship)
  • Fix the PersistentVolumeLabel controller from initializing the PV labels when it's not the next pending initializer. (#56831, @jhorwit2)
  • kube-apiserver: The external hostname no longer use the cloud provider API to select a default. It can be set explicitly using --external-hostname, if needed. (#56812, @dims)
  • Use GiB unit for creating and resizing volumes for Glusterfs (#56581, @gnufied)
  • PersistentVolume flexVolume sources can now reference secrets in a namespace other than the PersistentVolumeClaim's namespace. (#56460, @liggitt)
  • Scheduler skips pods that use a PVC that either does not exist or is being deleted. (#55957, @jsafrane)
  • Fixed a garbage collection race condition where objects with ownerRefs pointing to cluster-scoped objects could be deleted incorrectly. (#57211, @liggitt)
  • Kubectl explain now prints out the Kind and API version of the resource being explained (#55689, @luksa)
  • api-server provides specific events when unable to repair a service cluster ip or node port (#54304, @frodenas)
  • Added docker-logins config to kubernetes-worker charm (#56217, @Cynerva)
  • delete useless params containerized (#56146, @jiulongzaitian)
  • add mount options support for azure disk (#56147, @andyzhangx)
  • Use structured generator for kubectl autoscale (#55913, @wackxu)
  • K8s supports cephfs fuse mount. (#55866, @zhangxiaoyu-zidif)
  • COS: Keep the docker network checkpoint (#54805, @yujuhong)
  • Fixed documentation typo in IPVS README. (#56578, @shift)