filename | sha256 hash |
---|---|
kubernetes.tar.gz | 184ea437bc72d0e6a4c96b964de53181273e919a1d4785515da3406c7e982bf5 |
kubernetes-src.tar.gz | aee82938827ef05ab0ee81bac42f4f79fff126294469868d02efb3426717d71e |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 40ed3ef9bbc4fad7787dd14eae952edf06d40e1094604bc6d10209b8778c3121 |
kubernetes-client-darwin-amd64.tar.gz | a317fe3801ea5387ce474b9759a7e28ede8324587f79935a7a945da44c99a4b2 |
kubernetes-client-linux-386.tar.gz | cd61b4b71d6b739582c02b5be1d87d928507bc59f64ee72629a920cc529a0941 |
kubernetes-client-linux-amd64.tar.gz | 306af04fc18ca2588e16fd831358df50a2cb02219687b543073836f835de8583 |
kubernetes-client-linux-arm.tar.gz | 497584f2686339cce857cff1ebf4ed10dcd63f4684a03c242b0828fcd307be4c |
kubernetes-client-linux-arm64.tar.gz | 1dfbb8c299f5af15239ef39135a6c8a52ee4c234764ee0437d8f707e636c9124 |
kubernetes-client-linux-ppc64le.tar.gz | 668d6f35c5f6adcd25584d9ef74c549db13ffca9d93b4bc8d25609a8e5837640 |
kubernetes-client-linux-s390x.tar.gz | 8a8e205c38858bd9d161115e5e2870c6cfc9c82e189d156e7062e6fa979c3fda |
kubernetes-client-windows-386.tar.gz | cdef48279c22cc8c764e43a4b9c2a86f02f21c80abbbcd48041fb1e89fb1eb67 |
kubernetes-client-windows-amd64.tar.gz | 50621a3d2b1550c69325422c6dce78f5690574b35d3778dd3afcf698b57f0f54 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 87a8438887a2daa199508aae591b158025860b8381c64cbe9b1d0c06c4eebde9 |
kubernetes-server-linux-arm.tar.gz | f65be73870a0e564ef8ce1b6bb2b75ff7021a6807de84b5750e4fa78635051b6 |
kubernetes-server-linux-arm64.tar.gz | 171f15aa8b7c365f4fee70ce025c882a921d0075bd726a99b5534cadd09273ef |
kubernetes-server-linux-ppc64le.tar.gz | abc2003d58bd1aca517415c582ed1e8bb1ed596bf04197f4fc7c0c51865a9f86 |
kubernetes-server-linux-s390x.tar.gz | e2ce834abb4d45d91fd7a8d774e47f0f8092eb4edcf556605c2ef6e2b190b8b1 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 6016c3a1e14c42dcc88caed6497de1b2c56a02bb52d836b19e2ff52098302dda |
kubernetes-node-linux-arm.tar.gz | e712e38c8037159ea074ad93c2f2905cf279f3f119e5fdbf9b97391037a8813f |
kubernetes-node-linux-arm64.tar.gz | 7f4095f12d8ad9438919fa447360113799f88bb9435369b9307a41dd9c7692a6 |
kubernetes-node-linux-ppc64le.tar.gz | 4aeb5dbb0c68e54570542eb5a1d7506d73c81b57eba3c2080ee73bb53dbc3be0 |
kubernetes-node-linux-s390x.tar.gz | a160599598167208286db6dc73b415952836218d967fa964fc432b213f1b9908 |
kubernetes-node-windows-amd64.tar.gz | 174bedf62b7959d4cb1b1595666f607cd6377c7a2e2208fef5bd554603db5db3 |
- Update to use manifest list for etcd image (#68896, @ixdy)
- Fix Azure nodes power state for InstanceShutdownByProviderID() (#68921, @feiskyer)
- Bump kube-dns to 1.14.13 (#68900, @MrHohn)
-
- Update Alpine base image to 3.8.1.
-
- Build multi-arch images correctly.
-
- kubelet: fix grpc timeout in the CRI client (#67793, @fisherxu)
- Update to golang 1.10.4 (#68802, @ixdy)
- kubeadm now uses fat manifests for the kube-dns images (#68830, @rosti)
- Update Cluster Autoscaler version to 1.12.0. (#68739, @losipiuk)
- See https://github.com/kubernetes/autoscaler/releases/tag/1.12.0 for CA release notes.
- kube-proxy restores the *filter table when running in ipvs mode. (#68786, @alexjx)
- New kubeDNS image fixes an issue where SRV records were incorrectly being compressed. Added manifest file for multiple arch images. (#68430, @prameshj)
- Drain should delete terminal pods. (#68767, @ravisantoshgudimetla)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | ac65cf9571c3a03105f373db23c8d7f4d01fe1c9ee09b06615bb02d0b81d572c |
kubernetes-src.tar.gz | 28518e1d9c7fe5c54aa3b57235ac8d1a7dae02aec04177c38ca157fc2d16edb6 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 7b6f6f264464d40b7975baecdd796d4f75c5a305999b4ae1f4513646184cac7c |
kubernetes-client-darwin-amd64.tar.gz | 5feabe3e616125a36ce4c8021d6bdccdec0f3d82f151b80af7cac1453255b4d5 |
kubernetes-client-linux-386.tar.gz | 40524a1a09dd24081b3494593a02a461227727f8706077542f2b8603e1cf7e06 |
kubernetes-client-linux-amd64.tar.gz | ac2c9757d7df761bdf8ffc259fff07448c300dd110c7dbe2ae3830197eb023e9 |
kubernetes-client-linux-arm.tar.gz | 02f27ae16e8ebb12b3cb66391fe85f64de08a99450d726e9defd2c5bcd590955 |
kubernetes-client-linux-arm64.tar.gz | 1286af2cad3f8e2ee8e2dc18a738935779631b58e7ef3da8794bbeadca2f332e |
kubernetes-client-linux-ppc64le.tar.gz | 9c04419b159fb0fe501d6e0c8122d6a80b5d6961070ebc5e759f4327a1156cf4 |
kubernetes-client-linux-s390x.tar.gz | 104d5c695826971c64cb0cec26cf791d609d3e831edb33574e9af2c4b191f049 |
kubernetes-client-windows-386.tar.gz | 0096f8126eb04eafa9decd258f6d09977d24eee91b83781347a34ebb7d2064aa |
kubernetes-client-windows-amd64.tar.gz | a641a1a421795279a6213163d7becab9dc6014362e6566f13d660ef1638dc286 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 202958d3cfb774fd065ad1ec2477dc9c92ce7f0ff355807c9a2a3a61e8dad927 |
kubernetes-server-linux-arm.tar.gz | 474de8f6a58d51eb01f6cc73b41897351528a839f818d5c4f828a484f8bc988b |
kubernetes-server-linux-arm64.tar.gz | dbd5affd244815bf45ac0c7a56265800864db623a6a37e7ce9ebe5e5896453f8 |
kubernetes-server-linux-ppc64le.tar.gz | a62fefa8ad7b3fbfeb7702dac7d4d6f37823b6c3e4edae3356bf0781b48e42e1 |
kubernetes-server-linux-s390x.tar.gz | 0f77690f87503c8ee7ccb473c9d2b9d26420292defd82249509cf50d8bb1a16c |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 2191845147d5aab08f14312867f86078b513b6aff8685bb8ce84a06b78ae9914 |
kubernetes-node-linux-arm.tar.gz | 54de98d7d2a71b78bc7a45e70a2005144d210401663f5a9daadedd05f89291f0 |
kubernetes-node-linux-arm64.tar.gz | a765514e0c4865bb20ceb476af83b9d9356c9b565cfe12615ecf7ad3d5a6b4f7 |
kubernetes-node-linux-ppc64le.tar.gz | b7ae7d159602d0b933614071f11216ede4df3fc2b28a30d0018e06b3bb22cf6e |
kubernetes-node-linux-s390x.tar.gz | 7d4f502eda6aa70b7a18420344abfaec740d74a1edffcb9869e4305c22bba260 |
kubernetes-node-windows-amd64.tar.gz | ed5516b1f66a39592a101bec135022b3905a66ae526b8ed3e2e9dff5ed68eda0 |
- Service events are now added in azure-cloud-provider for easily identify the underground errors of Azure API. (#68212, @feiskyer)
- Action required: The following clusterrole and clusterrolebinding should be applied:
-
kind: List
-
apiVersion: v1
-
items:
-
- apiVersion: rbac.authorization.k8s.io/v1
-
kind: ClusterRole
-
metadata:
-
labels:
-
kubernetes.io/cluster-service: "true"
-
name: system:azure-cloud-provider
-
rules:
-
- apiGroups: [""]
-
resources: ["events"]
-
verbs:
-
- create
-
- patch
-
- update
-
- apiVersion: rbac.authorization.k8s.io/v1
-
kind: ClusterRoleBinding
-
metadata:
-
labels:
-
kubernetes.io/cluster-service: "true"
-
name: system:azure-cloud-provider
-
roleRef:
-
apiGroup: rbac.authorization.k8s.io
-
kind: ClusterRole
-
name: system:azure-cloud-provider
-
subjects:
-
- kind: ServiceAccount
-
name: azure-cloud-provider
-
namespace: kube-system
- If the clusterrole with same has already been provisioned (e.g. for accessing azurefile secrets), then the above yaml should be merged togather, e.g.
-
kind: List
-
apiVersion: v1
-
items:
-
- apiVersion: rbac.authorization.k8s.io/v1
-
kind: ClusterRole
-
metadata:
-
labels:
-
kubernetes.io/cluster-service: "true"
-
name: system:azure-cloud-provider
-
rules:
-
- apiGroups: [""]
-
resources: ["events"]
-
verbs:
-
- create
-
- patch
-
- update
-
- apiGroups: [""]
-
resources: ["secrets"]
-
verbs:
-
- get
-
- create
-
- apiVersion: rbac.authorization.k8s.io/v1
-
kind: ClusterRoleBinding
-
metadata:
-
labels:
-
kubernetes.io/cluster-service: "true"
-
name: system:azure-cloud-provider
-
roleRef:
-
apiGroup: rbac.authorization.k8s.io
-
kind: ClusterRole
-
name: system:azure-cloud-provider
-
subjects:
-
- kind: ServiceAccount
-
name: azure-cloud-provider
-
namespace: kube-system
-
- kind: ServiceAccount
-
name: persistent-volume-binder
-
namespace: kube-system
- Update metrics-server to v0.3.1 (#68746, @DirectXMan12)
- Upgrade kubeadm's version of docker support (#68495, @yuansisi)
- fix a bug that overwhelming number of prometheus metrics are generated because $NAMESPACE is not replaced by string "{namespace}" (#68530, @wenjiaswe)
- The feature gates
ReadOnlyAPIDataVolumes
andServiceProxyAllowExternalIPs
, deprecated since 1.10, have been removed and any references must be removed from command-line invocations. (#67951, @liggitt) - Verify invalid secret/configmap/projected volumes before calling setup (#68691, @gnufied)
- Fix bug that caused
kubectl
commands to sometimes fail to refresh access token when running against GKE clusters. (#66314, @jlowdermilk) - Use KubeDNS by default in GCE setups, as CoreDNS has significantly higher memory usage in large clusters. (#68629, @shyamjvs)
- Fix PodAntiAffinity issues in case of multiple affinityTerms. (#68173, @Huang-Wei)
- Make APIGroup field in TypedLocalObjectReference optional. (#68419, @xing-yang)
- Fix potential panic when getting azure load balancer status (#68609, @feiskyer)
- Fix kubelet panics when RuntimeClass is enabled. (#68521, @yujuhong)
- Promote ScheduleDaemonSetPods by default scheduler to beta (#67899, @ravisantoshgudimetla)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | 7163d18b9c1bd98ce804b17469ed67b399deb7b574dd12a86609fc647c5c773b |
kubernetes-src.tar.gz | 6225b71b2dec0f29afb713e64d2b6b82bd0e122274c31310c0de19ef023cb1d0 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | f2ec9799e47c28fce336bc90a6e9b4e47def7081fd73b8e2164940f0a6c824c7 |
kubernetes-client-darwin-amd64.tar.gz | 0e8cfcbe5ec862423ced97da1d9740d4cc4904a0d5cd11a60616aee596bc7622 |
kubernetes-client-linux-386.tar.gz | 1cbd6e8dd892cfc2555d37e733b66aaf85df9950466c7295875d312ac254ddfc |
kubernetes-client-linux-amd64.tar.gz | 47337b58a26a4953e5c061d28e3ec89b3d4354bce40f9b51fbe269598caeff03 |
kubernetes-client-linux-arm.tar.gz | eaaed82f428fb7ddbb10b4e39a2f287817c33ae24ff16008159f437acc653d4a |
kubernetes-client-linux-arm64.tar.gz | 3249d1c7d5d5500793546eb144fe537d1984a01c7a79c1382eb2e26a78e532cd |
kubernetes-client-linux-ppc64le.tar.gz | 67afd34f2199deff901b0872a177dc448ba700dc4ced9ede6f3187a0eed2c6fb |
kubernetes-client-linux-s390x.tar.gz | e8faa6e45c6e2aeb67ac65737e09be87c190e3c89782ec87a9a205d4f1af9246 |
kubernetes-client-windows-386.tar.gz | 2395051c8cbd0a995b5f3689c0f8c0447bcc1c46440d8cdeffd7c7fccf8e8ae1 |
kubernetes-client-windows-amd64.tar.gz | c6a38ee6eda20656b391ecfcc1f24505eb8a3a5a3200d4bddede318291773619 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 795c713a91118218f5952e1bd4cf0933f36476aa3d9d60a9ee43c9bae8400fd3 |
kubernetes-server-linux-arm.tar.gz | 1798d48a37b8f06878e0ecb8d9b67d0fb5c8ee721608412add57725eb5ce5f1e |
kubernetes-server-linux-arm64.tar.gz | da2459b5e811daaa2fc04a072773e81dc220400f3aeb6e29bb9594c306c7b266 |
kubernetes-server-linux-ppc64le.tar.gz | 7fd1c2ba0c2c9da5db54f8d0aed28261f03e9953ce01fa367e4ce3d84bf01b4f |
kubernetes-server-linux-s390x.tar.gz | c9fafb009d7e5da74f588aaa935244c452de52b9488863b90e8b477b1bb16e52 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | ab901137b499829b20b868492d04c1f69d738620b96eb349c642d6d773c44448 |
kubernetes-node-linux-arm.tar.gz | 116dd82721f200f3f37df0e47aebb611fdd7856f94d4c2ebb1d51db21b793a9c |
kubernetes-node-linux-arm64.tar.gz | 56d8316eb95f7f54c154625063617b86ffb8e2cc80b8225cce4f5c91d2d3a64f |
kubernetes-node-linux-ppc64le.tar.gz | 66535b16ad588ba3bfcb40728a0497c6821360ab7be9c3ced2072bfa107e5c46 |
kubernetes-node-linux-s390x.tar.gz | 688e09becc9327e50c68b33161eac63a8ba018c02fb298cbd0de82d6ed5dba90 |
kubernetes-node-windows-amd64.tar.gz | b72582f67d19c06f605ca9b02c08b7227796c15c639e3c09b06a8b667c4569fe |
- Action required: The --storage-versions flag of kube-apiserver is deprecated. Please omit this flag to ensure the default storage versions are used. Otherwise the cluster is not safe to upgrade to a version newer than 1.12. This flag will be removed in 1.13. (#68080, @caesarxuchao)
- kubeadm: add mandatory "--config" flag to "kubeadm alpha phase preflight" (#68446, @neolit123)
- Apply user configurations for local etcd (#68334, @SataQiu)
- kubeadm: added phase command "alpha phase kubelet config annotate-cri" (#68449, @fabriziopandini)
- If
TaintNodesByCondition
is enabled, addnode.kubernetes.io/unschedulable
and (#64954, @k82cn)node.kubernetes.io/network-unavailable
automatically to DaemonSet pods.
- Deprecate cloudstack and ovirt controllers (#68199, @dims)
- add missing LastTransitionTime of ContainerReady condition (#64867, @dixudx)
- kube-controller-manager: use informer cache instead of active pod gets in HPA controller (#68241, @krzysztof-jastrzebski)
- Support NodeShutdown taint for azure (#68033, @yastij)
- Registers volume topology information reported by a node-level Container Storage Interface (CSI) driver. This enables Kubernetes support of CSI topology mechanisms. (#67684, @verult)
- Update default etcd server to 3.2.24 for kubernetes 1.12 (#68318, @timothysc)
- External CAs can now be used for kubeadm with only a certificate, as long as all required certificates already exist. (#68296, @liztio)
- Bump addon-manager to v8.7 (#68299, @MrHohn)
-
- Support extra
--prune-whitelist
resources in kube-addon-manager.
- Support extra
-
- Update kubectl to v1.10.7.
-
- Let service controller retry creating load balancer when persistUpdate failed due to conflict. (#68087, @grayluck)
- Kubelet now only sync iptables on Linux. (#67690, @feiskyer)
- CSI NodePublish call can optionally contain information about the pod that requested the CSI volume. (#67945, @jsafrane)
- [e2e] verifying LimitRange update is effective before creating new pod (#68171, @dixudx)
- cluster/gce: generate consistent key sizes in config-default.sh using /dev/urandom instead of /dev/random (#67139, @yogi-sagar)
- Add support for volume attach limits for CSI volumes (#67731, @gnufied)
- CSI volume plugin does not need external attacher for non-attachable CSI volumes. (#67955, @jsafrane)
- KubeletPluginsWatcher feature graduates to beta. (#68200, @RenaudWasTaken)
- Update etcd client to 3.2.24 for latest release (#68147, @timothysc)
- [fluentd-gcp-scaler addon] Bump fluentd-gcp-scaler to 0.4 to pick up security fixes. (#67691, @loburm)
- [prometheus-to-sd addon] Bump prometheus-to-sd to 0.3.1 to pick up security fixes, bug fixes and new features.
- [event-exporter addon] Bump event-exporter to 0.2.3 to pick up security fixes.
- Fixes issue where pod scheduling may fail when using local PVs and pod affinity and anti-affinity without the default StatefulSet OrderedReady pod management policy (#67556, @msau42)
- Kubelet only applies default hard evictions of nodefs.inodesFree on Linux (#67709, @feiskyer)
- Add kubelet stats for windows system container "pods" (#66427, @feiskyer)
- Add a TTL machenism to clean up Jobs after they finish. (#66840, @janetkuo)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | caa332b14a6ea9d24710e3b015a91b62c04cab14bed14c49077e08bd82b8f4c1 |
kubernetes-src.tar.gz | 821bdea3a52a348306fa8226bcfffa67b375cf1dd80e4be343ce0b38dd20a9a0 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 58323c0a81afe53dd0dda1c6eb513caa4c82514fb6c7f0a327242e573ce80490 |
kubernetes-client-darwin-amd64.tar.gz | 28e9344ede16890ea7848c261e461ded89c3bb2dd5b08446da04b071b48f0b02 |
kubernetes-client-linux-386.tar.gz | a9eece5e0994d2ad5e07152d88787a8b5e9efcdf78983a5bafe3699e5274a9da |
kubernetes-client-linux-amd64.tar.gz | 9a67750cc4243335f0c2eb89db1c4b54b0a8af08c59e2041636d0a3e946546bf |
kubernetes-client-linux-arm.tar.gz | bbd2644f843917a3de517a53c90b327502b577fe533a9ad3da4fe6bc437c4a02 |
kubernetes-client-linux-arm64.tar.gz | 630946f49ef18dd43c004d99dccd9ae76390281f54740d7335c042f6f006324b |
kubernetes-client-linux-ppc64le.tar.gz | 1d4e5cd83faf4cae8e16667576492fcd48a72f69e8fd89d599a8b555a41e90d6 |
kubernetes-client-linux-s390x.tar.gz | 9cefdcf21a62075b5238fda8ef2db08f81b0541ebce0e67353af1dded9e53483 |
kubernetes-client-windows-386.tar.gz | 8b0085606ff38bded362bbe4826b5c8ee5199a33d5cbbc1b9b58f1336648ad5b |
kubernetes-client-windows-amd64.tar.gz | f44a3ec55dc7d926e681c33b5f7830c6d1cb165e24e349e426c1089b2d05a1df |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 1bf7364aa168fc251768bc850d66fef1d93f324f0ec85f6dce74080627599b70 |
kubernetes-server-linux-arm.tar.gz | dadc94fc0564cfa98add5287763bbe9c33bf8ba3eebad95fb2258c33fe8c5df3 |
kubernetes-server-linux-arm64.tar.gz | 2e6c8a7810705594f191b33476bf4c8fca8cebb364f0855dfea577b01fca7b7e |
kubernetes-server-linux-ppc64le.tar.gz | ced4a0a4e03639378eff0d3b8bfb832f5fb96be8df3e0befbdbd71373a323130 |
kubernetes-server-linux-s390x.tar.gz | 7e1a3fac2115c15b5baa0db04c7f319fbaaca92aa4c4588ecf62fb19812465a8 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 81d2e2f4cd3254dd345c1e921b12bff62eb96e7551336c44fb0da5407bf5fe5f |
kubernetes-node-linux-arm.tar.gz | b14734a20190aca2b2af9cee59549d285be4f0c38faf89c5308c94534110edc1 |
kubernetes-node-linux-arm64.tar.gz | ad0a81ecf6ef8346b7aa98a8d02a4f3853d0a5439d149a14b1ac2307b763b2ad |
kubernetes-node-linux-ppc64le.tar.gz | 8e6d72837fe19afd055786c8731bd555fe082e107195c956c6985e56a03d504f |
kubernetes-node-linux-s390x.tar.gz | 0fc7d55fb2750b29c0bbc36da050c8bf14508b1aa40e38e3b7f6cf311b464827 |
kubernetes-node-windows-amd64.tar.gz | 09bf133156b9bc474d272bf16e765b143439959a1f007283c477e7999f2b4d6a |
- Move volume dynamic provisioning scheduling to beta (ACTION REQUIRED: The DynamicProvisioningScheduling alpha feature gate has been removed. The VolumeScheduling beta feature gate is still required for this feature) (#67432, @lichuqiang)
- Not split nodes when searching for nodes but doing it all at once. (#67555, @wgliang)
- Deprecate kubectl run generators, except for run-pod/v1 (#68132, @soltysh)
- Using the Horizontal Pod Autoscaler with metrics from Heapster is now deprecated. (#68089, @DirectXMan12)
- Support both directory and block device for local volume plugin FileSystem VolumeMode (#63011, @NickrenREN)
- Add CSI volume attributes for kubectl describe pv. (#65074, @wgliang)
kubectl rollout status
now works for unlimited timeouts. (#67817, @tnozicka)- Fix panic when processing Azure HTTP response. (#68210, @feiskyer)
- add mixed protocol support for azure load balancer (#67986, @andyzhangx)
- Replace scale down forbidden window with scale down stabilization window. Rather than waiting a fixed period of time between scale downs HPA now scales down to the highest recommendation it during the scale down stabilization window. (#68122, @krzysztof-jastrzebski)
- Adding validation to kube-scheduler at the API level (#66799, @noqcks)
- Improve performance of Pod affinity/anti-affinity in the scheduler (#67788, @ahmad-diaa)
- kubeadm: fix air-gapped support and also allow some kubeadm commands to work without an available networking interface (#67397, @neolit123)
- Increase Horizontal Pod Autoscaler default update interval (30s -> 15s). It will improve HPA reaction time for metric changes. (#68021, @krzysztof-jastrzebski)
- Increase scrape frequency of metrics-server to 30s (#68127, @serathius)
- Add new
--server-dry-run
flag tokubectl apply
so that the request will be sent to the server with the dry-run flag (alpha), which means that changes won't be persisted. (#68069, @apelisse) - kubelet v1beta1 external ComponentConfig types are now available in the
k8s.io/kubelet
repo (#67263, @luxas) - Adds a kubelet parameter and config option to change CFS quota period from the default 100ms to some other value between 1µs and 1s. This was done to improve response latencies for workloads running in clusters with guaranteed and burstable QoS classes. (#63437, @szuecs)
- Enable secure serving on port 10258 to cloud-controller-manager (configurable via
--secure-port
). Delegated authentication and authorization have to be configured like for aggregated API servers. (#67069, @sttts) - Support extra
--prune-whitelist
resources in kube-addon-manager. (#67743, @Random-Liu) - Upon receiving a LIST request with expired continue token, the apiserver now returns a continue token together with the 410 "the from parameter is too old " error. If the client does not care about getting a list from a consistent snapshot, the client can use this token to continue listing from the next key, but the returned chunk will be from the latest snapshot. (#67284, @caesarxuchao)
- Role, ClusterRole and their bindings for cloud-provider is put under system namespace. Their addonmanager mode switches to EnsureExists. (#67224, @grayluck)
- Mount propagation has promoted to GA. The
MountPropagation
feature gate is deprecated and will be removed in 1.13. (#67255, @bertinatto) - Introduce CSI Cluster Registration mechanism to ease CSI plugin discovery and allow CSI drivers to customize Kubernetes' interaction with them. (#67803, @saad-ali)
- Adds the commands
kubeadm alpha phases renew <cert-name>
(#67910, @liztio) - ProcMount added to SecurityContext and AllowedProcMounts added to PodSecurityPolicy to allow paths in the container's /proc to not be masked. (#64283, @jessfraz)
- support cross resource group for azure file (#68117, @andyzhangx)
- Port 31337 will be used by fluentd (#68051, @Szetty)
- Improve CPU sample sanitization in HPA by taking metric's freshness into account. (#68068, @krzysztof-jastrzebski)
- CoreDNS is now v1.2.2 for Kubernetes 1.12 (#68076, @rajansandeep)
- Enable secure serving on port 10257 to kube-controller-manager (configurable via
--secure-port
). Delegated authentication and authorization have to be configured like for aggregated API servers. (#64149, @sttts) - Update metrics-server to v0.3.0. (#68077, @DirectXMan12)
- TokenRequest and TokenRequestProjection are now beta features. To enable these feature, the API server needs to be started with the following flags: (#67349, @mikedanese) * --service-account-issuer * --service-account-signing-key-file * --service-account-api-audiences
- Don't let aggregated apiservers fail to launch if the external-apiserver-authentication configmap is not found in the cluster. (#67836, @sttts)
- Promote AdvancedAuditing to GA, replacing the previous (legacy) audit logging mechanisms. (#65862, @loburm)
- Azure cloud provider now supports unmanaged nodes (such as on-prem) that are labeled with
kubernetes.azure.com/managed=false
andalpha.service-controller.kubernetes.io/exclude-balancer=true
(#67984, @feiskyer) kubectl get apiservice
now shows the target service and whether the service is available (#67747, @smarterclayton)- Openstack supports now node shutdown taint. Taint is added when instance is shutdown in openstack. (#67982, @zetaab)
- Return apiserver panics as 500 errors instead terminating the apiserver process. (#68001, @sttts)
- Fix VMWare VM freezing bug by reverting #51066 (#67825, @nikopen)
- Make CoreDNS be the default DNS server in kube-up (instead of kube-dns formerly). (#67569, @fturib)
- It is still possible to deploy kube-dns by setting CLUSTER_DNS_CORE_DNS=false.
- Added support to restore a volume from a volume snapshot data source. (#67087, @xing-yang)
- fixes the errors/warnings in fluentd configuration (#67947, @saravanan30erd)
- Stop counting soft-deleted pods for scaling purposes in HPA controller to avoid soft-deleted pods incorrectly affecting scale up replica count calculation. (#67067, @moonek)
- delegated authn/z: optionally opt-out of mandatory authn/authz kubeconfig (#67545, @sttts)
- kubeadm: Control plane images (etcd, kube-apiserver, kube-proxy, etc.) don't use arch suffixes. Arch suffixes are kept for kube-dns only. (#66960, @rosti)
- Adds sample-cli-plugin staging repository (#67938, @soltysh)
- adjusted http/2 buffer sizes for apiservers to prevent starvation issues between concurrent streams (#67902, @liggitt)
- SCTP is now supported as additional protocol (alpha) alongside TCP and UDP in Pod, Service, Endpoint, and NetworkPolicy. (#64973, @janosi)
- Always create configmaps/extensions-apiserver-authentication from kube-apiserver. (#67694, @sttts)
- kube-proxy v1beta1 external ComponentConfig types are now available in the
k8s.io/kube-proxy
repo (#67688, @Lion-Wei) - Apply unreachable taint to a node when it lost network connection. (#67734, @Huang-Wei)
- Allow ImageReview backend to return annotations to be added to the created pod. (#64597, @wteiken)
- Bump ip-masq-agent to v2.1.1 (#67916, @MrHohn)
-
- Update debian-iptables image for CVEs.
-
- Change chain name to IP-MASQ to be compatible with the
- pre-injected masquerade rules.
-
- AllowedTopologies field inside StorageClass is now validated against set and map semantics. Specifically, there cannot be duplicate TopologySelectorTerms, MatchLabelExpressions keys, and TopologySelectorLabelRequirement Values. (#66843, @verult)
- Introduces autoscaling/v2beta2 and custom_metrics/v1beta2, which implement metric selectors for Object and Pods metrics, as well as allowing AverageValue targets on Objects, similar to External metrics. (#64097, @damemi)
- The cloudstack cloud provider now reports a
Hostname
address type for nodes based on thelocal-hostname
metadata key. (#67719, @liggitt) - kubeadm: --cri-socket now defaults to tcp://localhost:2375 when running on Windows (#67447, @benmoss)
- kubeadm: The kubeadm configuration now support definition of more than one control plane instances with their own APIEndpoint. The APIEndpoint for the "bootstrap" control plane instance should be defined using
InitConfiguration.APIEndpoint
, while the APIEndpoints for additional control plane instances should be added usingJoinConfiguration.APIEndpoint
. (#67832, @fabriziopandini) - Enable dynamic azure disk volume limits (#67772, @andyzhangx)
- kubelet: Users can now enable the alpha NodeLease feature gate to have the Kubelet create and periodically renew a Lease in the kube-node-lease namespace. The lease duration defaults to 40s, and can be configured via the kubelet.config.k8s.io/v1beta1.KubeletConfiguration's NodeLeaseDurationSeconds field. (#66257, @mtaufen)
- latent controller caches no longer cause repeating deletion messages for deleted pods (#67826, @deads2k)
- API paging is now enabled for custom resource definitions, custom resources and APIService objects (#67861, @liggitt)
- kubeadm: ControlPlaneEndpoint was moved from the API config struct to ClusterConfiguration (#67830, @fabriziopandini)
- kubeadm - feature-gates HighAvailability, SelfHosting, CertsInSecrets are now deprecated and can't be used anymore for new clusters. Update of cluster using above feature-gates flag is not supported (#67786, @fabriziopandini)
- Replace scale up forbidden window with disregarding CPU samples collected when pod was initializing. (#67252, @jbartosik)
- Moving KubeSchedulerConfiguration from ComponentConfig API types to staging repos (#66916, @dixudx)
- Improved error message when checking the rollout status of StatefulSet with OnDelete strategy type (#66983, @mortent)
- RuntimeClass is a new API resource for defining different classes of runtimes that may be used to run containers in the cluster. Pods can select a RunitmeClass to use via the RuntimeClassName field. This feature is in alpha, and the RuntimeClass feature gate must be enabled in order to use it. (#67737, @tallclair)
- Remove rescheduler since scheduling DS pods by default scheduler is moving to beta. (#67687, @Lion-Wei)
- Turn on PodReadinessGate by default (#67406, @freehan)
- Speed up kubelet start time by executing an immediate runtime and node status update when the Kubelet sees that it has a CIDR. (#67031, @krzysztof-jastrzebski)
- The OpenStack cloud provider now reports a
Hostname
address type for nodes (#67748, @FengyunPan2) - The aws cloud provider now reports a
Hostname
address type for nodes based on thelocal-hostname
metadata key. (#67715, @liggitt) - Azure cloud provider now supports cross resource group nodes that are labeled with
kubernetes.azure.com/resource-group=<rg-name>
andalpha.service-controller.kubernetes.io/exclude-balancer=true
(#67604, @feiskyer) - Reduce API calls for Azure instance metadata. (#67478, @feiskyer)
kubectl create secret tls
can now read certificate and key files from process substitution arguments (#67713, @liggitt)- change default value of kind for azure disk (#67483, @andyzhangx)
- To address the possibility dry-run requests overwhelming admission webhooks that rely on side effects and a reconciliation mechanism, a new field is being added to admissionregistration.k8s.io/v1beta1.ValidatingWebhookConfiguration and admissionregistration.k8s.io/v1beta1.MutatingWebhookConfiguration so that webhooks can explicitly register as having dry-run support. If a dry-run request is made on a resource that triggers a non dry-run supporting webhook, the request will be completely rejected, with "400: Bad Request". Additionally, a new field is being added to the admission.k8s.io/v1beta1.AdmissionReview API object, exposing to webhooks whether or not the request being reviewed is a dry-run. (#66936, @jennybuckley)
- Kubeadm ha upgrade (#66973, @fabriziopandini)
- kubeadm: InitConfiguration now consists of two structs: InitConfiguration and ClusterConfiguration (#67441, @rosti)
- Updated Cluster Autoscaler version to 1.3.2-beta.2. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.2-beta.2 (#67697, @aleksandra-malinowska)
- cpumanager: rollback state if updateContainerCPUSet failed (#67430, @choury)
- [CRI] Adds a "runtime_handler" field to RunPodSandboxRequest, for selecting the runtime configuration to run the sandbox with (alpha feature). (#67518, @tallclair)
- Create cli-runtime staging repository (#67658, @soltysh)
- Headless Services with no ports defined will now create Endpoints correctly, and appear in DNS. (#67622, @thockin)
- Kubernetes juju charms will now use CSI for ceph. (#66523, @hyperbolic2346)
- kubeadm: Fix panic when node annotation is nil (#67648, @xlgao-zju)
- Prevent
resourceVersion
updates for custom resources on no-op writes. (#67562, @nikhita) - Fail container start if its requested device plugin resource hasn't registered after Kubelet restart. (#67145, @jiayingz)
- Use sync.map to scale ecache better (#66862, @resouer)
- DaemonSet: Fix bug- daemonset didn't create pod after node have enough resource (#67337, @linyouchong)
- updates kibana to 6.3.2 (#67582, @monotek)
- fixes json logging in fluentd-elasticsearch image by downgrading fluent-plugin-kubernetes_metadata_filter plugin to version 2.0.0 (#67544, @monotek)
- add --dns-loop-detect option to dnsmasq run by kube-dns (#67302, @dixudx)
- Switched certificate data replacement from "REDACTED" to "DATA+OMITTED" (#66023, @ibrasho)
- improve performance of anti-affinity predicate of default scheduler. (#66948, @mohamed-mehany)
- Fixed a bug that was blocking extensible error handling when serializing API responses error out. Previously, serialization failures always resulted in the status code of the original response being returned. Now, the following behavior occurs: (#67041, @tristanburgess)
-
- If the serialization type is application/vnd.kubernetes.protobuf, and protobuf marshaling is not implemented for the requested API resource type, a '406 Not Acceptable is returned'.
-
- If the serialization type is 'application/json':
-
- If serialization fails, and the original status code was an failure (e.g. 4xx or 5xx), the original status code will be returned.
-
- If serialization fails, and the original status code was not a failure (e.g. 2xx), the status code of the serialization failure will be returned. By default, this is '500 Internal Server Error', because JSON serialization is our default, and not supposed to be implemented on a type-by-type basis.
-
- Add a feature to the scheduler to score fewer than all nodes in every scheduling cycle. This can improve performance of the scheduler in large clusters. (#66733, @bsalamat)
- kube-controller-manager can now start the quota controller when discovery results can only be partially determined. (#67433, @deads2k)
- The plugin mechanism functionality now closely follows the git plugin design (#66876, @juanvallejo)
- GCE: decrease cpu requests on master node, to allow more components to fit on one core machine. (#67504, @loburm)
- PVC may not be synced to controller local cache in time if PV is bound by external PV binder (e.g. kube-scheduler), double check if PVC is not found to prevent reclaiming PV wrongly. (#67062, @cofyc)
- add more storage account sku support for azure disk (#67528, @andyzhangx)
- updates es-image to elasticsearch 6.3.2 (#67484, @monotek)
- Bump GLBC version to 1.2.3 (#66793, @freehan)
- kube-apiserver: fixes error creating system priority classes when starting multiple apiservers simultaneously (#67372, @tanshanshan)
- kubectl patch now respects --local (#67399, @deads2k)
- Defaults for file audit logging backend in batch mode changed: (#67223, @tallclair)
-
- Logs are written 1 at a time (no batching)
-
- Only a single writer process (lock contention)
-
- Forget rate limit when CRD establish controller successfully updated CRD condition (#67370, @yue9944882)
- updates fluentd in fluentd-elasticsearch to version 1.2.4 (#67434, @monotek) * also updates activesupport, fluent-plugin-elasticsearch & oj gems
- The dockershim now sets the "bandwidth" and "ipRanges" CNI capabilities (dynamic parameters). Plugin authors and administrators can now take advantage of this by updating their CNI configuration file. For more information, see the CNI docs (#64445, @squeed)
- Expose
/debug/flags/v
to allow kubelet dynamically set glog logging level. If want to change glog level to 3, you only have to send a PUT request likecurl -X PUT http://127.0.0.1:8080/debug/flags/v -d "3"
. (#64601, @hzxuzhonghu) - Fix an issue that pods using hostNetwork keep increasing. (#67456, @Huang-Wei)
- DaemonSet controller is now using backoff algorithm to avoid hot loops fighting with kubelet on pod recreation when a particular DaemonSet is misconfigured. (#65309, @tnozicka)
- Add node affinity for Azure unzoned managed disks (#67229, @feiskyer)
- Attacher/Detacher refactor for local storage (#66884, @NickrenREN)
- Update debian-iptables and hyperkube-base images to include CVE fixes. (#67365, @ixdy)
- Fix an issue where filesystems are not unmounted when a backend is not reachable and returns EIO. (#67097, @chakri-nelluri)
- Update Cluster Autoscaler version to 1.3.2-beta.1. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.2-beta.1 (#67396, @aleksandra-malinowska)
- Remove unused binary and container image for kube-aggregator. The functionality is already integrated into the kube-apiserver. (#67157, @dims)
- Avoid creating new controller revisions for statefulsets when cache is stale (#67039, @mortent)
- Revert #63905: Setup dns servers and search domains for Windows Pods. DNS for Windows containers will be set by CNI plugins. (#66587, @feiskyer)
- attachdetach controller attaches volumes immediately when Pod's PVCs are bound (#66863, @cofyc)
- The check for unsupported plugins during volume resize has been moved from the admission controller to the two controllers that handle volume resize. (#66780, @kangarlou)
- Fix kubelet to not leak goroutines/intofiy watchers on an inactive connection if it's closed (#67285, @yujuhong)
- fix azure disk create failure due to sdk upgrade (#67236, @andyzhangx)
- Kubeadm join --control-plane main workflow (#66873, @fabriziopandini)
- Dynamic provisions that create iSCSI PVs can ensure that multipath is used by specifying 2 or more target portals in the PV, which will cause kubelet to wait up to 10 seconds for the multipath device. PVs with just one portal continue to work as before, with kubelet not waiting for the multipath device and just using the first disk it finds. (#67140, @bswartz)
- kubectl: recreating resources for immutable fields when force is applied (#66602, @dixudx)
- Remove deprecated --interactive flag from kubectl logs. (#65420, @jsoref)
- kubeadm uses audit policy v1 instead of v1beta1 (#67176, @charrywanganthony)
- kubeadm: make sure pre-pulled kube-proxy image and the one specified in its daemon set manifest are the same (#67131, @rosti)
- Graduate Resource Quota ScopeSelectors to beta, and enable it by default. (#67077, @vikaschoudhary16)
- Decrease the amount of time it takes to modify kubeconfig files with large amounts of contexts (#67093, @juanvallejo)
- Fixes issue when updating a DaemonSet causes a hash collision. (#66476, @mortent)
- fix cluster-info dump error (#66652, @charrywanganthony)
- The PodShareProcessNamespace feature to configure PID namespace sharing within a pod has been promoted to beta. (#66507, @verb)
kubectl create {clusterrole,role}
's--resources
flag supports asterisk to specify all resources. (#62945, @nak3)- Bump up version number of debian-base, debian-hyperkube-base and debian-iptables. (#67026, @satyasm)
- Also updates dependencies of users of debian-base.
- debian-base version 0.3.1 is already available.
- DynamicProvisioningScheduling and VolumeScheduling is now supported for Azure managed disks. Feature gates DynamicProvisioningScheduling and VolumeScheduling should be enabled before using this feature. (#67121, @feiskyer)
- kube-apiserver now includes all registered API groups in discovery, including registered extension API group/versions for unavailable extension API servers. (#66932, @nilebox)
- Allows extension API server to dynamically discover the requestheader CA certificate when the core API server doesn't use certificate based authentication for it's clients (#66394, @rtripat)
- audit.k8s.io api group is upgraded from v1beta1 to v1. (#65891, @CaoShuFeng)
- Deprecated element metav1.ObjectMeta and Timestamp are removed from audit Events in v1 version.
- Default value of option --audit-webhook-version and --audit-log-version will be changed from
audit.k8s.io/v1beta1
toaudit.k8s.io/v1
in release 1.13
- scope AWS LoadBalancer security group ICMP rules to spec.loadBalancerSourceRanges (#63572, @haz-mat)
- Add NoSchedule/NoExecute tolerations to ip-masq-agent, ensuring it to be scheduled in all nodes except master. (#66260, @tanshanshan)
- The flag
--skip-preflight-checks
of kubeadm has been removed. Please use--ignore-preflight-errors
instead. (#62727, @xiangpengzhao) - The watch API endpoints prefixed with
/watch
are deprecated and will be removed in a future release. These standard method for watching resources (supported since v1.0) is to use the list API endpoints with a?watch=true
parameter. All client-go clients have used the parameter method since v1.6.0. (#65147, @liggitt) - Bump Heapster to v1.6.0-beta.1 (#67074, @kawych)
- kube-apiserver: setting a
dryRun
query parameter on a CONNECT request will now cause the request to be rejected, consistent with behavior of other mutating API requests. Examples of CONNECT APIs are thenodes/proxy
,services/proxy
,pods/proxy
,pods/exec
, andpods/attach
subresources. Note that this prevents sending adryRun
parameter to backends via{nodes,services,pods}/proxy
subresources. (#66083, @jennybuckley) - In clusters where the DryRun feature is enabled, dry-run requests will go through the normal admission chain. Because of this, ImagePolicyWebhook authors should especially make sure that their webhooks do not rely on side effects. (#66391, @jennybuckley)
- Metadata Agent Improvements (#66485, @bmoyles0117)
- Bump metadata agent version to 0.2-0.0.21-1.
- Expand the metadata agent's access to all API groups.
- Remove metadata agent config maps in favor of command line flags.
- Update the metadata agent's liveness probe to a new /healthz handler.
- Logging Agent Improvements
- Bump logging agent version to 0.2-1.5.33-1-k8s-1.
- Appropriately set log severity for k8s_container.
- Fix detect exceptions plugin to analyze message field instead of log field.
- Fix detect exceptions plugin to analyze streams based on local resource id.
- Disable the metadata agent for monitored resource construction in logging.
- Disable timestamp adjustment in logs to optimize performance.
- Reduce logging agent buffer chunk limit to 512k to optimize performance.
- kubectl: the wait command now prints an error message and exits with the code 1, if there is no resources matching selectors (#66692, @m1kola)
- Quota admission configuration api graduated to v1beta1 (#66156, @vikaschoudhary16)
- Unit tests for scopes and scope selectors in the quota spec (#66351, @vikaschoudhary16)
- Print kube-apiserver --help flag help in sections. (#64517, @sttts)
- Azure managed disks now support availability zones and new parameters
zoned
,zone
andzones
are added for AzureDisk storage class. (#66553, @feiskyer) - nodes: improve handling of erroneous host names (#64815, @dixudx)
- remove deprecated shorthand flag
-c
fromkubectl version (--client)
(#66817, @charrywanganthony) - Added etcd_object_count metrics for CustomResources. (#65983, @sttts)
- Handle newlines for
command
,args
,env
, andannotations
inkubectl describe
wrapping (#66841, @smarterclayton) - Fix pod launch by kubelet when --cgroups-per-qos=false and --cgroup-driver="systemd" (#66617, @pravisankar)
- kubelet: fix nil pointer dereference while enforce-node-allocatable flag is not config properly (#66190, @linyouchong)
- Fix a bug on GCE that /etc/crictl.yaml is not generated when crictl is preloaded. (#66877, @Random-Liu)
- This fix prevents a GCE PD volume from being mounted if the udev device link is stale and tries to correct the link. (#66832, @msau42)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | 603345769f5e2306e5c22db928aa1cbedc6af63f387ab7a8818cb0111292133f |
kubernetes-src.tar.gz | f8fb4610cee20195381e54bfd163fbaeae228d68986817b685948b8957f324d0 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | e081c275601bcaa45d906a976d35902256f836bb60caa738a2fd8719ff3e1048 |
kubernetes-client-darwin-amd64.tar.gz | 2dd222a267ac247dce4dfc52aff313f20c427b4351f7410aadebe8569ede3139 |
kubernetes-client-linux-386.tar.gz | 46b16d6b0429163da67b06242772c3c6c5ab9da6deda5306e63d21be04b4811d |
kubernetes-client-linux-amd64.tar.gz | 8b8bf0a8a4568559d3762a72c1095ab37785fc8bbbb290aaff3a34341a24d7eb |
kubernetes-client-linux-arm.tar.gz | d71dc60e087746b2832e66170053816dc8ed42e95efe0769ed926a6e044175ef |
kubernetes-client-linux-arm64.tar.gz | e9091bbfb997d1603dfd17ba9f145ca7dacf304f04d10230e056f8a12ce44445 |
kubernetes-client-linux-ppc64le.tar.gz | fc6c0985ccbd806add497f2557000f7e90f3176427250e019a40e8acf7c42282 |
kubernetes-client-linux-s390x.tar.gz | b8c64b318d702f6e8be76330fd5da9b87e2e4e31e904ea7e00c0cd6412ab2bcf |
kubernetes-client-windows-386.tar.gz | cb96e353eb5d400756a93c8d16321d0fac87d6a4f8ad89fda42858f8e4d85e9d |
kubernetes-client-windows-amd64.tar.gz | 003284f983cafc6fd0ce1205c03d47e638a999def1ef4e1e77bfb9149e5f598b |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | d9c282cd02c8c3fdbeb2f46abd0ddd257a8449e94be3beed2514c6e30a335a87 |
kubernetes-server-linux-arm.tar.gz | 613390ba73f4236feb10bb4f70cbf96e504cf8d598da0180efc887d316b8bc5e |
kubernetes-server-linux-arm64.tar.gz | 1dd417f59d17c3583c6b4a3989d24c57e4989eb7b6ab9f2aa10c4cbf9bf5c11b |
kubernetes-server-linux-ppc64le.tar.gz | 44e9e6424ed3a5a91f5adefa456b2b71c0c5d3b01be9f60f5c8c0f958815ffc1 |
kubernetes-server-linux-s390x.tar.gz | 3118d9c955f9a50f86ebba324894f06dbf7c1cb8f9bc5bdf6a95caf2a6678805 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 6b4d363d190e0ce6f4e41d19a0ac350b39cad7859bc442166a1da9124d1a82bb |
kubernetes-node-linux-arm.tar.gz | c80ac005c228217b871bf3e9de032044659db3aa048cc95b101820e31d62264c |
kubernetes-node-linux-arm64.tar.gz | d8b84e7cc6ff5d0e26b045de37bdd40ca8809c303b601d8604902e5957d98621 |
kubernetes-node-linux-ppc64le.tar.gz | b0a667c5c905e6e724fba95d44797fb52afb564aedd1c25cbd4e632e152843e9 |
kubernetes-node-linux-s390x.tar.gz | 78e7dbb82543ea6ac70767ed63c92823726adb6257f6b70b5911843d18288df7 |
kubernetes-node-windows-amd64.tar.gz | 1a3e11cc3f1a0297de2b894a43eb56ede5fbd5cdc43e4da7e61171f5c1f3ef60 |
- action required: the API server and client-go libraries have been fixed to support additional non-alpha-numeric characters in UserInfo "extra" data keys. Both should be updated in order to properly support extra data containing "/" characters or other characters disallowed in HTTP headers. (#65799, @dekkagaijin)
- [action required] The
NodeConfiguration
kind in the kubeadm v1alpha2 API has been renamedJoinConfiguration
in v1alpha3 (#65951, @luxas) - ACTION REQUIRED: Removes defaulting of CSI file system type to ext4. All the production drivers listed under https://kubernetes-csi.github.io/docs/Drivers.html were inspected and should not be impacted after this change. If you are using a driver not in that list, please test the drivers on an updated test cluster first. ``` (#65499, @krunaljain)
- [action required] The
MasterConfiguration
kind in the kubeadm v1alpha2 API has been renamedInitConfiguration
in v1alpha3 (#65945, @luxas) - [action required] The formerly publicly-available cAdvisor web UI that the kubelet started using
--cadvisor-port
is now entirely removed in 1.12. The recommended way to run cAdvisor if you still need it, is via a DaemonSet. (#65707, @dims) - Cluster Autoscaler version updated to 1.3.1-beta.1. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.1-beta.1 (#65857, @aleksandra-malinowska)
- Default value for expendable pod priority cutoff in GCP deployment of Cluster Autoscaler changed from 0 to -10.
- action required: users deploying workloads with priority lower than 0 may want to use priority lower than -10 to avoid triggering scale-up.
- [action required] kubeadm: The
v1alpha1
config API has been removed. (#65628, @luxas)- Please convert your
v1alpha1
configuration files tov1alpha2
using the kubeadm config migrate
command of kubeadm v1.11.x
- Please convert your
- kube-apiserver: the
Priority
admission plugin is now enabled by default when using--enable-admission-plugins
. If using--admission-control
to fully specify the set of admission plugins, thePriority
admission plugin should be added if using thePodPriority
feature, which is enabled by default in 1.11. (#65739, @liggitt) - The
system-node-critical
andsystem-cluster-critical
priority classes are now limited to thekube-system
namespace by thePodPriority
admission plugin. (#65593, @bsalamat) - kubernetes-worker juju charm: Added support for setting the --enable-ssl-chain-completion option on the ingress proxy. "action required": if your installation relies on supplying incomplete certificate chains and using OCSP to fill them in, you must set "ingress-ssl-chain-completion" to "true" in your juju configuration. (#63845, @paulgear)
- admin RBAC role now aggregates edit and view. edit RBAC role now aggregates view. (#66684, @deads2k)
- Speed up HPA reaction to metric changes by removing scale up forbidden window. (#66615, @jbartosik)
- Scale up forbidden window was protecting HPA against making decision to scale up based on metrics gathered during pod initialisation (which may be invalid, for example pod may be using a lot of CPU despite not doing any "actual" work).
- To avoid that negative effect only use per pod metrics from pods that are:
-
- ready (so metrics about them should be valid), or
-
- unready but creation and last readiness change timestamps are apart more than 10s (pods that have formerly been ready and so metrics are in at least some cases (pod becoming unready because of overload) very useful).
- The
kubectl patch
command no longer exits with exit code 1 when a redundant patch results in a no-op (#66725, @juanvallejo) - Improved the output of
kubectl get events
to prioritize showing the message, and move some fields to-o wide
. (#66643, @smarterclayton) - Added CPU Manager state validation in case of changed CPU topology. (#66718, @ipuustin)
- Make EBS volume expansion faster (#66728, @gnufied)
- Kubelet serving certificate bootstrapping and rotation has been promoted to beta status. (#66726, @liggitt)
- Flag --pod (-p shorthand) of kubectl exec command marked as deprecated (#66558, @quasoft)
- Fixed an issue which prevented
gcloud
from working on GCE when metadata concealment was enabled. (#66630, @dekkagaijin) - Azure Go SDK has been upgraded to v19.0.0 and VirtualMachineScaleSetVM now supports availability zones. (#66648, @feiskyer)
- kubeadm now can join the cluster with pre-existing client certificate if provided (#66482, @dixudx)
- If
TaintNodesByCondition
enabled, taint node withTaintNodeUnschedulable
when (#63955, @k82cn)- initializing node to avoid race condition.
- kubeadm: remove misleading error message regarding image pulling (#66658, @dixudx)
- Fix Stackdriver integration based on node annotation container.googleapis.com/instance_id. (#66676, @kawych)
- Fix kubelet startup failure when using ExecPlugin in kubeconfig (#66395, @awly)
- When attaching iSCSI volumes, kubelet now scans only the specific (#63176, @bswartz)
- LUNs being attached, and also deletes them after detaching. This avoids
- dangling references to LUNs that no longer exist, which used to be the
- cause of random I/O errors/timeouts in kernel logs, slowdowns during
- block-device related operations, and very rare cases of data corruption.
- kubeadm: Pull sidecar and dnsmasq-nanny images when using kube-dns (#66499, @rosti)
- Extender preemption should respect IsInterested() (#66291, @resouer)
- Properly autopopulate OpenAPI version field without needing other OpenAPI fields present in generic API server code. (#66411, @DirectXMan12)
- renamed command line option --cri-socket-path of the kubeadm subcommand "kubeadm config images pull" to --cri-socket to be consistent with the rest of kubeadm subcommands. (#66382, @bart0sh)
- The --docker-disable-shared-pid kubelet flag has been removed. PID namespace sharing can instead be enable per-pod using the ShareProcessNamespace option. (#66506, @verb)
- Add support for using User Assigned MSI (https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview) with Kubernetes cluster on Azure. (#66180, @kkmsft)
- fix acr could not be listed in sp issue (#66429, @andyzhangx)
- This PR will leverage subtests on the existing table tests for the scheduler units. (#63665, @xchapter7x)
- Some refactoring of error/status messages and functions to align with new approach.
- Fix volume limit for EBS on m5 and c5 instance types (#66397, @gnufied)
- Extend TLS timeouts to work around slow arm64 math/big (#66264, @joejulian)
- kubeadm: stop setting UID in the kubelet ConfigMap (#66341, @runiq)
- kubectl: fixes a panic displaying pods with nominatedNodeName set (#66406, @liggitt)
- Update crictl to v1.11.1. (#66152, @Random-Liu)
- fixes a panic when using a mutating webhook admission plugin with a DELETE operation (#66425, @liggitt)
- GCE: Fixes loadbalancer creation and deletion issues appearing in 1.10.5. (#66400, @nicksardo)
- Azure nodes with availability zone now will have label
failure-domain.beta.kubernetes.io/zone=<region>-<zoneID>
. (#66242, @feiskyer) - Re-design equivalence class cache to two level cache (#65714, @resouer)
- Checks CREATE admission for create-on-update requests instead of UPDATE admission (#65572, @yue9944882)
- This PR will leverage subtests on the existing table tests for the scheduler units. (#63666, @xchapter7x)
- Some refactoring of error/status messages and functions to align with new approach.
- Fixed a panic in the node status update logic when existing node has nil labels. (#66307, @guoshimin)
- Bump Ingress-gce version to 1.2.0 (#65641, @freehan)
- Bump event-exporter to 0.2.2 to pick up security fixes. (#66157, @loburm)
- Allow ScaleIO volumes to be provisioned without having to first manually create /dev/disk/by-id path on each kubernetes node (if not already present) (#66174, @ddebroy)
- fix rollout status for statefulsets (#62943, @faraazkhan)
- Fix for resourcepool-path configuration in the vsphere.conf file. (#66261, @divyenpatel)
- OpenAPI spec and documentation reflect 202 Accepted response path for delete request (#63418, @roycaihw)
- fixes a validation error that could prevent updates to StatefulSet objects containing non-normalized resource requests (#66165, @liggitt)
- Fix validation for HealthzBindAddress in kube-proxy when --healthz-port is set to 0 (#66138, @wsong)
- kubeadm: use an HTTP request timeout when fetching the latest version of Kubernetes from dl.k8s.io (#65676, @dkoshkin)
- Support configuring the Azure load balancer idle connection timeout for services (#66045, @cpuguy83)
kubectl config set-context
can now set attributes of the current context, like the current namespace, by passing--current
instead of a specific context name (#66140, @liggitt)- The alpha
Initializers
admission plugin is no longer enabled by default. This matches the off-by-default behavior of the alpha API which drives initializer behavior. (#66039, @liggitt) - kubeadm: Default component configs are printable via kubeadm config print-default (#66074, @rosti)
- prevents infinite CLI wait on delete when item is recreated (#66136, @deads2k)
- Preserve vmUUID when renewing nodeinfo in vSphere cloud provider (#66007, @w-leads)
- Cluster Autoscaler version updated to 1.3.1. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.1 (#66122, @aleksandra-malinowska)
- Expose docker registry config for addons used in Juju deployments (#66092, @kwmonroe)
- kubelets that specify
--cloud-provider
now only report addresses in Node status as determined by the cloud provider (#65594, @liggitt) * kubelet serving certificate rotation now reacts to changes in reported node addresses, and will request certificates for addresses set by an external cloud provider - Fix the bug where image garbage collection is disabled by mistake. (#66051, @jiaxuanzhou)
- fixes an issue with multi-line annotations injected via downward API files getting scrambled (#65992, @liggitt)
- kubeadm: run kube-proxy on non-master tainted nodes (#65931, @neolit123)
- "kubectl delete" no longer waits for dependent objects to be deleted when removing parent resources (#65908, @juanvallejo)
- Introduce a new flag
--keepalive
for kubectl proxy to allow setting keep-alive period for long-running request. (#63793, @hzxuzhonghu) - If Openstack LoadBalancer is not defined in cloud config, the loadbalancer is not initialized any more in openstack. All setups must have some setting under that section (#65781, @zetaab)
- Re-adds
pkg/generated/bindata.go
to the repository to allow some parts of k8s.io/kubernetes to be go-vendorable. (#65985, @ixdy) - Fix a bug that preempting a pod may block forever. (#65987, @Random-Liu)
- Fix flexvolume in containarized kubelets (#65549, @gnufied)
- Add volume mode filed to constructed volume spec for CSI plugin (#65456, @wenlxie)
- Fix an issue with dropped audit logs, when truncating and batch backends enabled at the same time. (#65823, @loburm)
- Support traffic shaping for CNI network driver (#63194, @m1093782566)
- kubeadm: Use separate YAML documents for the kubelet and kube-proxy ComponentConfigs (#65787, @luxas)
- kubeadm: Fix pause image to not use architecture, as it is a manifest list (#65920, @dims)
- kubeadm: print required flags when running kubeadm upgrade plan (#65802, @xlgao-zju)
- Fix
RunAsGroup
which doesn't work since 1.10. (#65926, @Random-Liu) - Running
kubectl describe pvc
now shows which pods are mounted to the pvc being described with theMounted By
field (#65837, @clandry94) - fix azure storage account creation failure (#65846, @andyzhangx)
- Allow kube- and cloud-controller-manager to listen on ports up to 65535. (#65860, @sttts)
- Allow kube-scheduler to listen on ports up to 65535. (#65833, @sttts)
- kubeadm: Remove usage of
PersistentVolumeLabel
(#65827, @xlgao-zju) - kubeadm: Add a
v1alpha3
API. (#65629, @luxas) - Update to use go1.10.3 (#65726, @ixdy)
- LimitRange and Endpoints resources can be created via an update API call if the object does not already exist. When this occurs, an authorization check is now made to ensure the user making the API call is authorized to create the object. In previous releases, only an update authorization check was performed. (#65150, @jennybuckley)
- Fix 'kubectl cp' with no arguments causes a panic (#65482, @wgliang)
- bazel deb package bugfix: The kubeadm deb package now reloads the kubelet after installation (#65554, @rdodev)
- fix smb mount issue (#65751, @andyzhangx)
- More fields are allowed at the root of the CRD validation schema when the status subresource is enabled. (#65357, @nikhita)
- Reload systemd config files before starting kubelet. (#65702, @mborsz)
- Unix: support ZFS as a valid graph driver for Docker (#65635, @neolit123)
- Fix controller-manager crashes when flex plugin is removed from flex plugin directory (#65536, @gnufied)
- Enable etcdv3 client prometheus metics (#64741, @wgliang)
- skip nodes that have a primary NIC in a 'Failed' provisioningState (#65412, @yastij)
- kubeadm: remove redundant flags settings for kubelet (#64682, @dixudx)
- Fixes the wrong elasticsearch node counter (#65627, @IvanovOleg)
-
- Can configure the vsphere cloud provider with a trusted Root-CA (#64758, @mariantalla)
- Add Ubuntu 18.04 (Bionic) series to Juju charms (#65644, @tvansteenburgh)
- Fix local volume directory can't be deleted because of volumeMode error (#65310, @wenlxie)
- kubectl: --use-openapi-print-columns is deprecated in favor of --server-print (#65601, @liggitt)
- Add prometheus scrape port to CoreDNS service (#65589, @rajansandeep)
- fixes an out of range panic in the NoExecuteTaintManager controller when running a non-64-bit build (#65596, @liggitt)
- kubectl: fixes a regression with --use-openapi-print-columns that would not print object contents (#65600, @liggitt)
- Hostnames are now converted to lowercase before being used for node lookups in the kubernetes-worker charm. (#65487, @dshcherb)
- N/A (#64660, @figo)
- bugfix: Do not print feature gates in the generic apiserver code for glog level 0 (#65584, @neolit123)
- Add metrics for PVC in-use (#64527, @gnufied)
- Fixed exception detection in fluentd-gcp plugin. (#65361, @xperimental)
- api-machinery utility functions
SetTransportDefaults
andDialerFor
once again respect custom Dial functions set on transports (#65547, @liggitt) - Improve the display of jobs in
kubectl get
andkubectl describe
to emphasize progress and duration. (#65463, @smarterclayton) - kubectl convert previous created a list inside of a list. Now it is only wrapped once. (#65489, @deads2k)
- fix azure disk creation issue when specifying external resource group (#65516, @andyzhangx)
- fixes a regression in kube-scheduler to properly load client connection information from a
--config
file that references a kubeconfig file (#65507, @liggitt) - Fixed cleanup of CSI metadata files. (#65323, @jsafrane)
- Update Rescheduler's manifest to use version 0.4.0. (#65454, @bsalamat)
- On COS, NPD creates a node condition for frequent occurrences of unregister_netdevice (#65342, @dashpole)
- Properly manage security groups for loadbalancer services on OpenStack. (#65373, @multi-io)
- Add user-agent to audit-logging. (#64812, @hzxuzhonghu)
- kubeadm: notify the user of manifest upgrade timeouts (#65164, @xlgao-zju)
- Fixes incompatibility with custom scheduler extender configurations specifying
bindVerb
(#65424, @liggitt) - Using
kubectl describe
on CRDs that use underscores will be prettier. (#65391, @smarterclayton) - Improve scheduler's performance by eliminating sorting of nodes by their score. (#65396, @bsalamat)
- Add more conditions to the list of predicate failures that won't be resolved by preemption. (#64995, @bsalamat)
- Allow access to ClusterIP from the host network namespace when kube-proxy is started in IPVS mode without either masqueradeAll or clusterCIDR flags (#65388, @lbernail)
- User can now use
sudo crictl
on GCE cluster. (#65389, @Random-Liu) - Tolerate missing watch permission when deleting a resource (#65370, @deads2k)
- Prevents a
kubectl delete
hang when deleting controller managed lists (#65367, @deads2k) - fixes a memory leak in the kube-controller-manager observed when large numbers of pods with tolerations are created/deleted (#65339, @liggitt)
- checkLimitsForResolvConf for the pod create and update events instead of checking period (#64860, @wgliang)
- Fix concurrent map access panic (#65334, @dashpole)
- Don't watch .mount cgroups to reduce number of inotify watches
- Fix NVML initialization race condition
- Fix brtfs disk metrics when using a subdirectory of a subvolume
- Change Azure ARM Rate limiting error message. (#65292, @wgliang)
- AWS now checks for validity of ecryption key when creating encrypted volumes. Dynamic provisioning of encrypted volume may get slower due to these checks. (#65223, @jsafrane)
- Report accurate status for kubernetes-master and -worker charms. (#65187, @kwmonroe)
- Fixed issue 63608, which is that under rare circumstances the ResourceQuota admission controller could lose track of an request in progress and time out after waiting 10 seconds for a decision to be made. (#64598, @MikeSpreitzer)
- In the vSphere cloud provider the
Global.vm-uuid
configuration option is not deprecated anymore, it can be used to overwrite the VMUUID on the controller-manager (#65152, @alvaroaleman) - fluentd-gcp grace termination period increased to 60s. (#65084, @x13n)
- Pass cluster_location argument to Heapster (#65176, @kawych)
- Fix a scalability issue where high rates of event writes degraded etcd performance. (#64539, @ccding)
- Corrected a mistake in the documentation for wait.PollImmediate(...) (#65026, @spew)
- Split 'scheduling_latency_seconds' metric into finer steps (predicate, priority, premption) (#65306, @shyamjvs)
- Etcd health checks by the apiserver now ensure the apiserver can connect to and exercise the etcd API (#65027, @liggitt)
- Add e2e regression tests for the kubelet being secure (#64140, @dixudx)
- set EnableHTTPSTrafficOnly in azure storage account creation (#64957, @andyzhangx)
- Fixes an issue where Portworx PVCs remain in pending state when created using a StorageClass with empty parameters (#64895, @harsh-px)
- This PR will leverage subtests on the existing table tests for the scheduler units. (#63662, @xchapter7x)
- Some refactoring of error/status messages and functions to align with new approach.
- This PR will leverage subtests on the existing table tests for the scheduler units. (#63661, @xchapter7x)
- Some refactoring of error/status messages and functions to align with new approach.
- This PR will leverage subtests on the existing table tests for the scheduler units. (#63660, @xchapter7x)
- Some refactoring of error/status messages and functions to align with new approach.
- Updated default image for nginx ingress in CDK to match current Kubernetes docs. (#64285, @hyperbolic2346)
- Added block volume support to Cinder volume plugin. (#64879, @bertinatto)
- fixed incorrect OpenAPI schema for CustomResourceDefinition objects (#65256, @liggitt)
- ignore not found file error when watching manifests (#64880, @dixudx)
- add port-forward examples for sevice (#64773, @MasayaAoyama)
- Fix issues for block device not mapped to container. (#64555, @wenlxie)
- Update crictl on GCE to v1.11.0. (#65254, @Random-Liu)
- Fixes missing nodes lines when kubectl top nodes (#64389, @yue9944882)
- keep pod state consistent when scheduler cache UpdatePod (#64692, @adohe)
- add external resource group support for azure disk (#64427, @andyzhangx)
- Increase the gRPC max message size to 16MB in the remote container runtime. (#64672, @mcluseau)
- The new default value for the --allow-privileged parameter of the Kubernetes-worker charm has been set to true based on changes which went into the Kubernetes 1.10 release. Before this change the default value was set to false. If you're installing Canonical Kubernetes you should expect this value to now be true by default and you should now look to use PSP (pod security policies). (#64104, @CalvinHartwell)
- The --remove-extra-subjects and --remove-extra-permissions flags have been enabled for kubectl auth reconcile (#64541, @mrogers950)
- Fix kubectl drain --timeout option when eviction is used. (#64378, @wrdls)
- This PR will leverage subtests on the existing table tests for the scheduler units. (#63659, @xchapter7x)
- Some refactoring of error/status messages and functions to align with new approach.