Skip to content

Latest commit

 

History

History
846 lines (757 loc) · 109 KB

CHANGELOG-1.12.md

File metadata and controls

846 lines (757 loc) · 109 KB

v1.12.0-rc.2

Documentation & Examples

Downloads for v1.12.0-rc.2

filename sha256 hash
kubernetes.tar.gz 184ea437bc72d0e6a4c96b964de53181273e919a1d4785515da3406c7e982bf5
kubernetes-src.tar.gz aee82938827ef05ab0ee81bac42f4f79fff126294469868d02efb3426717d71e

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 40ed3ef9bbc4fad7787dd14eae952edf06d40e1094604bc6d10209b8778c3121
kubernetes-client-darwin-amd64.tar.gz a317fe3801ea5387ce474b9759a7e28ede8324587f79935a7a945da44c99a4b2
kubernetes-client-linux-386.tar.gz cd61b4b71d6b739582c02b5be1d87d928507bc59f64ee72629a920cc529a0941
kubernetes-client-linux-amd64.tar.gz 306af04fc18ca2588e16fd831358df50a2cb02219687b543073836f835de8583
kubernetes-client-linux-arm.tar.gz 497584f2686339cce857cff1ebf4ed10dcd63f4684a03c242b0828fcd307be4c
kubernetes-client-linux-arm64.tar.gz 1dfbb8c299f5af15239ef39135a6c8a52ee4c234764ee0437d8f707e636c9124
kubernetes-client-linux-ppc64le.tar.gz 668d6f35c5f6adcd25584d9ef74c549db13ffca9d93b4bc8d25609a8e5837640
kubernetes-client-linux-s390x.tar.gz 8a8e205c38858bd9d161115e5e2870c6cfc9c82e189d156e7062e6fa979c3fda
kubernetes-client-windows-386.tar.gz cdef48279c22cc8c764e43a4b9c2a86f02f21c80abbbcd48041fb1e89fb1eb67
kubernetes-client-windows-amd64.tar.gz 50621a3d2b1550c69325422c6dce78f5690574b35d3778dd3afcf698b57f0f54

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 87a8438887a2daa199508aae591b158025860b8381c64cbe9b1d0c06c4eebde9
kubernetes-server-linux-arm.tar.gz f65be73870a0e564ef8ce1b6bb2b75ff7021a6807de84b5750e4fa78635051b6
kubernetes-server-linux-arm64.tar.gz 171f15aa8b7c365f4fee70ce025c882a921d0075bd726a99b5534cadd09273ef
kubernetes-server-linux-ppc64le.tar.gz abc2003d58bd1aca517415c582ed1e8bb1ed596bf04197f4fc7c0c51865a9f86
kubernetes-server-linux-s390x.tar.gz e2ce834abb4d45d91fd7a8d774e47f0f8092eb4edcf556605c2ef6e2b190b8b1

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 6016c3a1e14c42dcc88caed6497de1b2c56a02bb52d836b19e2ff52098302dda
kubernetes-node-linux-arm.tar.gz e712e38c8037159ea074ad93c2f2905cf279f3f119e5fdbf9b97391037a8813f
kubernetes-node-linux-arm64.tar.gz 7f4095f12d8ad9438919fa447360113799f88bb9435369b9307a41dd9c7692a6
kubernetes-node-linux-ppc64le.tar.gz 4aeb5dbb0c68e54570542eb5a1d7506d73c81b57eba3c2080ee73bb53dbc3be0
kubernetes-node-linux-s390x.tar.gz a160599598167208286db6dc73b415952836218d967fa964fc432b213f1b9908
kubernetes-node-windows-amd64.tar.gz 174bedf62b7959d4cb1b1595666f607cd6377c7a2e2208fef5bd554603db5db3

Changelog since v1.12.0-rc.1

Other notable changes

v1.12.0-rc.1

Documentation & Examples

Downloads for v1.12.0-rc.1

filename sha256 hash
kubernetes.tar.gz ac65cf9571c3a03105f373db23c8d7f4d01fe1c9ee09b06615bb02d0b81d572c
kubernetes-src.tar.gz 28518e1d9c7fe5c54aa3b57235ac8d1a7dae02aec04177c38ca157fc2d16edb6

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 7b6f6f264464d40b7975baecdd796d4f75c5a305999b4ae1f4513646184cac7c
kubernetes-client-darwin-amd64.tar.gz 5feabe3e616125a36ce4c8021d6bdccdec0f3d82f151b80af7cac1453255b4d5
kubernetes-client-linux-386.tar.gz 40524a1a09dd24081b3494593a02a461227727f8706077542f2b8603e1cf7e06
kubernetes-client-linux-amd64.tar.gz ac2c9757d7df761bdf8ffc259fff07448c300dd110c7dbe2ae3830197eb023e9
kubernetes-client-linux-arm.tar.gz 02f27ae16e8ebb12b3cb66391fe85f64de08a99450d726e9defd2c5bcd590955
kubernetes-client-linux-arm64.tar.gz 1286af2cad3f8e2ee8e2dc18a738935779631b58e7ef3da8794bbeadca2f332e
kubernetes-client-linux-ppc64le.tar.gz 9c04419b159fb0fe501d6e0c8122d6a80b5d6961070ebc5e759f4327a1156cf4
kubernetes-client-linux-s390x.tar.gz 104d5c695826971c64cb0cec26cf791d609d3e831edb33574e9af2c4b191f049
kubernetes-client-windows-386.tar.gz 0096f8126eb04eafa9decd258f6d09977d24eee91b83781347a34ebb7d2064aa
kubernetes-client-windows-amd64.tar.gz a641a1a421795279a6213163d7becab9dc6014362e6566f13d660ef1638dc286

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 202958d3cfb774fd065ad1ec2477dc9c92ce7f0ff355807c9a2a3a61e8dad927
kubernetes-server-linux-arm.tar.gz 474de8f6a58d51eb01f6cc73b41897351528a839f818d5c4f828a484f8bc988b
kubernetes-server-linux-arm64.tar.gz dbd5affd244815bf45ac0c7a56265800864db623a6a37e7ce9ebe5e5896453f8
kubernetes-server-linux-ppc64le.tar.gz a62fefa8ad7b3fbfeb7702dac7d4d6f37823b6c3e4edae3356bf0781b48e42e1
kubernetes-server-linux-s390x.tar.gz 0f77690f87503c8ee7ccb473c9d2b9d26420292defd82249509cf50d8bb1a16c

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 2191845147d5aab08f14312867f86078b513b6aff8685bb8ce84a06b78ae9914
kubernetes-node-linux-arm.tar.gz 54de98d7d2a71b78bc7a45e70a2005144d210401663f5a9daadedd05f89291f0
kubernetes-node-linux-arm64.tar.gz a765514e0c4865bb20ceb476af83b9d9356c9b565cfe12615ecf7ad3d5a6b4f7
kubernetes-node-linux-ppc64le.tar.gz b7ae7d159602d0b933614071f11216ede4df3fc2b28a30d0018e06b3bb22cf6e
kubernetes-node-linux-s390x.tar.gz 7d4f502eda6aa70b7a18420344abfaec740d74a1edffcb9869e4305c22bba260
kubernetes-node-windows-amd64.tar.gz ed5516b1f66a39592a101bec135022b3905a66ae526b8ed3e2e9dff5ed68eda0

Changelog since v1.12.0-beta.2

Action Required

  • Service events are now added in azure-cloud-provider for easily identify the underground errors of Azure API. (#68212, @feiskyer)
    • Action required: The following clusterrole and clusterrolebinding should be applied:
    • kind: List
      
    • apiVersion: v1
      
    • items:
      
    • - apiVersion: rbac.authorization.k8s.io/v1
      
    •   kind: ClusterRole
      
    •   metadata:
      
    •     labels:
      
    •       kubernetes.io/cluster-service: "true"
      
    •     name: system:azure-cloud-provider
      
    •   rules:
      
    •   - apiGroups: [""]
      
    •     resources: ["events"]
      
    •     verbs:
      
    •     - create
      
    •     - patch
      
    •     - update
      
    • - apiVersion: rbac.authorization.k8s.io/v1
      
    •   kind: ClusterRoleBinding
      
    •   metadata:
      
    •     labels:
      
    •       kubernetes.io/cluster-service: "true"
      
    •     name: system:azure-cloud-provider
      
    •   roleRef:
      
    •     apiGroup: rbac.authorization.k8s.io
      
    •     kind: ClusterRole
      
    •     name: system:azure-cloud-provider
      
    •   subjects:
      
    •   - kind: ServiceAccount
      
    •     name: azure-cloud-provider
      
    •     namespace: kube-system
      
    • If the clusterrole with same has already been provisioned (e.g. for accessing azurefile secrets), then the above yaml should be merged togather, e.g.
    • kind: List
      
    • apiVersion: v1
      
    • items:
      
    • - apiVersion: rbac.authorization.k8s.io/v1
      
    •   kind: ClusterRole
      
    •   metadata:
      
    •     labels:
      
    •       kubernetes.io/cluster-service: "true"
      
    •     name: system:azure-cloud-provider
      
    •   rules:
      
    •   - apiGroups: [""]
      
    •     resources: ["events"]
      
    •     verbs:
      
    •     - create
      
    •     - patch
      
    •     - update
      
    •   - apiGroups: [""]
      
    •     resources: ["secrets"]
      
    •     verbs:
      
    •     - get
      
    •     - create
      
    • - apiVersion: rbac.authorization.k8s.io/v1
      
    •   kind: ClusterRoleBinding
      
    •   metadata:
      
    •     labels:
      
    •       kubernetes.io/cluster-service: "true"
      
    •     name: system:azure-cloud-provider
      
    •   roleRef:
      
    •     apiGroup: rbac.authorization.k8s.io
      
    •     kind: ClusterRole
      
    •     name: system:azure-cloud-provider
      
    •   subjects:
      
    •   - kind: ServiceAccount
      
    •     name: azure-cloud-provider
      
    •     namespace: kube-system
      
    •   - kind: ServiceAccount
      
    •     name: persistent-volume-binder
      
    •     namespace: kube-system
      

Other notable changes

  • Update metrics-server to v0.3.1 (#68746, @DirectXMan12)
  • Upgrade kubeadm's version of docker support (#68495, @yuansisi)
  • fix a bug that overwhelming number of prometheus metrics are generated because $NAMESPACE is not replaced by string "{namespace}" (#68530, @wenjiaswe)
  • The feature gates ReadOnlyAPIDataVolumes and ServiceProxyAllowExternalIPs, deprecated since 1.10, have been removed and any references must be removed from command-line invocations. (#67951, @liggitt)
  • Verify invalid secret/configmap/projected volumes before calling setup (#68691, @gnufied)
  • Fix bug that caused kubectl commands to sometimes fail to refresh access token when running against GKE clusters. (#66314, @jlowdermilk)
  • Use KubeDNS by default in GCE setups, as CoreDNS has significantly higher memory usage in large clusters. (#68629, @shyamjvs)
  • Fix PodAntiAffinity issues in case of multiple affinityTerms. (#68173, @Huang-Wei)
  • Make APIGroup field in TypedLocalObjectReference optional. (#68419, @xing-yang)
  • Fix potential panic when getting azure load balancer status (#68609, @feiskyer)
  • Fix kubelet panics when RuntimeClass is enabled. (#68521, @yujuhong)
    • cAdvisor: Fix NVML initialization race condition (#68431, @dashpole)
        • cAdvisor: Fix brtfs filesystem discovery
        • cAdvisor: Fix race condition with AllDockerContainers
        • cAdvisor: Don't watch .mount cgroups
        • cAdvisor: Reduce lock contention during list containers
  • Promote ScheduleDaemonSetPods by default scheduler to beta (#67899, @ravisantoshgudimetla)

v1.12.0-beta.2

Documentation & Examples

Downloads for v1.12.0-beta.2

filename sha256 hash
kubernetes.tar.gz 7163d18b9c1bd98ce804b17469ed67b399deb7b574dd12a86609fc647c5c773b
kubernetes-src.tar.gz 6225b71b2dec0f29afb713e64d2b6b82bd0e122274c31310c0de19ef023cb1d0

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz f2ec9799e47c28fce336bc90a6e9b4e47def7081fd73b8e2164940f0a6c824c7
kubernetes-client-darwin-amd64.tar.gz 0e8cfcbe5ec862423ced97da1d9740d4cc4904a0d5cd11a60616aee596bc7622
kubernetes-client-linux-386.tar.gz 1cbd6e8dd892cfc2555d37e733b66aaf85df9950466c7295875d312ac254ddfc
kubernetes-client-linux-amd64.tar.gz 47337b58a26a4953e5c061d28e3ec89b3d4354bce40f9b51fbe269598caeff03
kubernetes-client-linux-arm.tar.gz eaaed82f428fb7ddbb10b4e39a2f287817c33ae24ff16008159f437acc653d4a
kubernetes-client-linux-arm64.tar.gz 3249d1c7d5d5500793546eb144fe537d1984a01c7a79c1382eb2e26a78e532cd
kubernetes-client-linux-ppc64le.tar.gz 67afd34f2199deff901b0872a177dc448ba700dc4ced9ede6f3187a0eed2c6fb
kubernetes-client-linux-s390x.tar.gz e8faa6e45c6e2aeb67ac65737e09be87c190e3c89782ec87a9a205d4f1af9246
kubernetes-client-windows-386.tar.gz 2395051c8cbd0a995b5f3689c0f8c0447bcc1c46440d8cdeffd7c7fccf8e8ae1
kubernetes-client-windows-amd64.tar.gz c6a38ee6eda20656b391ecfcc1f24505eb8a3a5a3200d4bddede318291773619

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 795c713a91118218f5952e1bd4cf0933f36476aa3d9d60a9ee43c9bae8400fd3
kubernetes-server-linux-arm.tar.gz 1798d48a37b8f06878e0ecb8d9b67d0fb5c8ee721608412add57725eb5ce5f1e
kubernetes-server-linux-arm64.tar.gz da2459b5e811daaa2fc04a072773e81dc220400f3aeb6e29bb9594c306c7b266
kubernetes-server-linux-ppc64le.tar.gz 7fd1c2ba0c2c9da5db54f8d0aed28261f03e9953ce01fa367e4ce3d84bf01b4f
kubernetes-server-linux-s390x.tar.gz c9fafb009d7e5da74f588aaa935244c452de52b9488863b90e8b477b1bb16e52

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz ab901137b499829b20b868492d04c1f69d738620b96eb349c642d6d773c44448
kubernetes-node-linux-arm.tar.gz 116dd82721f200f3f37df0e47aebb611fdd7856f94d4c2ebb1d51db21b793a9c
kubernetes-node-linux-arm64.tar.gz 56d8316eb95f7f54c154625063617b86ffb8e2cc80b8225cce4f5c91d2d3a64f
kubernetes-node-linux-ppc64le.tar.gz 66535b16ad588ba3bfcb40728a0497c6821360ab7be9c3ced2072bfa107e5c46
kubernetes-node-linux-s390x.tar.gz 688e09becc9327e50c68b33161eac63a8ba018c02fb298cbd0de82d6ed5dba90
kubernetes-node-windows-amd64.tar.gz b72582f67d19c06f605ca9b02c08b7227796c15c639e3c09b06a8b667c4569fe

Changelog since v1.12.0-beta.1

Action Required

  • Action required: The --storage-versions flag of kube-apiserver is deprecated. Please omit this flag to ensure the default storage versions are used. Otherwise the cluster is not safe to upgrade to a version newer than 1.12. This flag will be removed in 1.13. (#68080, @caesarxuchao)

Other notable changes

  • kubeadm: add mandatory "--config" flag to "kubeadm alpha phase preflight" (#68446, @neolit123)
  • Apply user configurations for local etcd (#68334, @SataQiu)
  • kubeadm: added phase command "alpha phase kubelet config annotate-cri" (#68449, @fabriziopandini)
  • If TaintNodesByCondition is enabled, add node.kubernetes.io/unschedulable and (#64954, @k82cn)
    • node.kubernetes.io/network-unavailable automatically to DaemonSet pods.
  • Deprecate cloudstack and ovirt controllers (#68199, @dims)
  • add missing LastTransitionTime of ContainerReady condition (#64867, @dixudx)
  • kube-controller-manager: use informer cache instead of active pod gets in HPA controller (#68241, @krzysztof-jastrzebski)
  • Support NodeShutdown taint for azure (#68033, @yastij)
  • Registers volume topology information reported by a node-level Container Storage Interface (CSI) driver. This enables Kubernetes support of CSI topology mechanisms. (#67684, @verult)
  • Update default etcd server to 3.2.24 for kubernetes 1.12 (#68318, @timothysc)
  • External CAs can now be used for kubeadm with only a certificate, as long as all required certificates already exist. (#68296, @liztio)
  • Bump addon-manager to v8.7 (#68299, @MrHohn)
      • Support extra --prune-whitelist resources in kube-addon-manager.
      • Update kubectl to v1.10.7.
  • Let service controller retry creating load balancer when persistUpdate failed due to conflict. (#68087, @grayluck)
  • Kubelet now only sync iptables on Linux. (#67690, @feiskyer)
  • CSI NodePublish call can optionally contain information about the pod that requested the CSI volume. (#67945, @jsafrane)
  • [e2e] verifying LimitRange update is effective before creating new pod (#68171, @dixudx)
  • cluster/gce: generate consistent key sizes in config-default.sh using /dev/urandom instead of /dev/random (#67139, @yogi-sagar)
  • Add support for volume attach limits for CSI volumes (#67731, @gnufied)
  • CSI volume plugin does not need external attacher for non-attachable CSI volumes. (#67955, @jsafrane)
  • KubeletPluginsWatcher feature graduates to beta. (#68200, @RenaudWasTaken)
  • Update etcd client to 3.2.24 for latest release (#68147, @timothysc)
  • [fluentd-gcp-scaler addon] Bump fluentd-gcp-scaler to 0.4 to pick up security fixes. (#67691, @loburm)
    • [prometheus-to-sd addon] Bump prometheus-to-sd to 0.3.1 to pick up security fixes, bug fixes and new features.
    • [event-exporter addon] Bump event-exporter to 0.2.3 to pick up security fixes.
  • Fixes issue where pod scheduling may fail when using local PVs and pod affinity and anti-affinity without the default StatefulSet OrderedReady pod management policy (#67556, @msau42)
  • Kubelet only applies default hard evictions of nodefs.inodesFree on Linux (#67709, @feiskyer)
  • Add kubelet stats for windows system container "pods" (#66427, @feiskyer)
  • Add a TTL machenism to clean up Jobs after they finish. (#66840, @janetkuo)

v1.12.0-beta.1

Documentation & Examples

Downloads for v1.12.0-beta.1

filename sha256 hash
kubernetes.tar.gz caa332b14a6ea9d24710e3b015a91b62c04cab14bed14c49077e08bd82b8f4c1
kubernetes-src.tar.gz 821bdea3a52a348306fa8226bcfffa67b375cf1dd80e4be343ce0b38dd20a9a0

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 58323c0a81afe53dd0dda1c6eb513caa4c82514fb6c7f0a327242e573ce80490
kubernetes-client-darwin-amd64.tar.gz 28e9344ede16890ea7848c261e461ded89c3bb2dd5b08446da04b071b48f0b02
kubernetes-client-linux-386.tar.gz a9eece5e0994d2ad5e07152d88787a8b5e9efcdf78983a5bafe3699e5274a9da
kubernetes-client-linux-amd64.tar.gz 9a67750cc4243335f0c2eb89db1c4b54b0a8af08c59e2041636d0a3e946546bf
kubernetes-client-linux-arm.tar.gz bbd2644f843917a3de517a53c90b327502b577fe533a9ad3da4fe6bc437c4a02
kubernetes-client-linux-arm64.tar.gz 630946f49ef18dd43c004d99dccd9ae76390281f54740d7335c042f6f006324b
kubernetes-client-linux-ppc64le.tar.gz 1d4e5cd83faf4cae8e16667576492fcd48a72f69e8fd89d599a8b555a41e90d6
kubernetes-client-linux-s390x.tar.gz 9cefdcf21a62075b5238fda8ef2db08f81b0541ebce0e67353af1dded9e53483
kubernetes-client-windows-386.tar.gz 8b0085606ff38bded362bbe4826b5c8ee5199a33d5cbbc1b9b58f1336648ad5b
kubernetes-client-windows-amd64.tar.gz f44a3ec55dc7d926e681c33b5f7830c6d1cb165e24e349e426c1089b2d05a1df

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 1bf7364aa168fc251768bc850d66fef1d93f324f0ec85f6dce74080627599b70
kubernetes-server-linux-arm.tar.gz dadc94fc0564cfa98add5287763bbe9c33bf8ba3eebad95fb2258c33fe8c5df3
kubernetes-server-linux-arm64.tar.gz 2e6c8a7810705594f191b33476bf4c8fca8cebb364f0855dfea577b01fca7b7e
kubernetes-server-linux-ppc64le.tar.gz ced4a0a4e03639378eff0d3b8bfb832f5fb96be8df3e0befbdbd71373a323130
kubernetes-server-linux-s390x.tar.gz 7e1a3fac2115c15b5baa0db04c7f319fbaaca92aa4c4588ecf62fb19812465a8

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 81d2e2f4cd3254dd345c1e921b12bff62eb96e7551336c44fb0da5407bf5fe5f
kubernetes-node-linux-arm.tar.gz b14734a20190aca2b2af9cee59549d285be4f0c38faf89c5308c94534110edc1
kubernetes-node-linux-arm64.tar.gz ad0a81ecf6ef8346b7aa98a8d02a4f3853d0a5439d149a14b1ac2307b763b2ad
kubernetes-node-linux-ppc64le.tar.gz 8e6d72837fe19afd055786c8731bd555fe082e107195c956c6985e56a03d504f
kubernetes-node-linux-s390x.tar.gz 0fc7d55fb2750b29c0bbc36da050c8bf14508b1aa40e38e3b7f6cf311b464827
kubernetes-node-windows-amd64.tar.gz 09bf133156b9bc474d272bf16e765b143439959a1f007283c477e7999f2b4d6a

Changelog since v1.12.0-alpha.1

Action Required

  • Move volume dynamic provisioning scheduling to beta (ACTION REQUIRED: The DynamicProvisioningScheduling alpha feature gate has been removed. The VolumeScheduling beta feature gate is still required for this feature) (#67432, @lichuqiang)

Other notable changes

  • Not split nodes when searching for nodes but doing it all at once. (#67555, @wgliang)
  • Deprecate kubectl run generators, except for run-pod/v1 (#68132, @soltysh)
  • Using the Horizontal Pod Autoscaler with metrics from Heapster is now deprecated. (#68089, @DirectXMan12)
  • Support both directory and block device for local volume plugin FileSystem VolumeMode (#63011, @NickrenREN)
  • Add CSI volume attributes for kubectl describe pv. (#65074, @wgliang)
  • kubectl rollout status now works for unlimited timeouts. (#67817, @tnozicka)
  • Fix panic when processing Azure HTTP response. (#68210, @feiskyer)
  • add mixed protocol support for azure load balancer (#67986, @andyzhangx)
  • Replace scale down forbidden window with scale down stabilization window. Rather than waiting a fixed period of time between scale downs HPA now scales down to the highest recommendation it during the scale down stabilization window. (#68122, @krzysztof-jastrzebski)
  • Adding validation to kube-scheduler at the API level (#66799, @noqcks)
  • Improve performance of Pod affinity/anti-affinity in the scheduler (#67788, @ahmad-diaa)
  • kubeadm: fix air-gapped support and also allow some kubeadm commands to work without an available networking interface (#67397, @neolit123)
  • Increase Horizontal Pod Autoscaler default update interval (30s -> 15s). It will improve HPA reaction time for metric changes. (#68021, @krzysztof-jastrzebski)
  • Increase scrape frequency of metrics-server to 30s (#68127, @serathius)
  • Add new --server-dry-run flag to kubectl apply so that the request will be sent to the server with the dry-run flag (alpha), which means that changes won't be persisted. (#68069, @apelisse)
  • kubelet v1beta1 external ComponentConfig types are now available in the k8s.io/kubelet repo (#67263, @luxas)
  • Adds a kubelet parameter and config option to change CFS quota period from the default 100ms to some other value between 1µs and 1s. This was done to improve response latencies for workloads running in clusters with guaranteed and burstable QoS classes. (#63437, @szuecs)
  • Enable secure serving on port 10258 to cloud-controller-manager (configurable via --secure-port). Delegated authentication and authorization have to be configured like for aggregated API servers. (#67069, @sttts)
  • Support extra --prune-whitelist resources in kube-addon-manager. (#67743, @Random-Liu)
  • Upon receiving a LIST request with expired continue token, the apiserver now returns a continue token together with the 410 "the from parameter is too old " error. If the client does not care about getting a list from a consistent snapshot, the client can use this token to continue listing from the next key, but the returned chunk will be from the latest snapshot. (#67284, @caesarxuchao)
  • Role, ClusterRole and their bindings for cloud-provider is put under system namespace. Their addonmanager mode switches to EnsureExists. (#67224, @grayluck)
  • Mount propagation has promoted to GA. The MountPropagation feature gate is deprecated and will be removed in 1.13. (#67255, @bertinatto)
  • Introduce CSI Cluster Registration mechanism to ease CSI plugin discovery and allow CSI drivers to customize Kubernetes' interaction with them. (#67803, @saad-ali)
  • Adds the commands kubeadm alpha phases renew <cert-name> (#67910, @liztio)
  • ProcMount added to SecurityContext and AllowedProcMounts added to PodSecurityPolicy to allow paths in the container's /proc to not be masked. (#64283, @jessfraz)
  • support cross resource group for azure file (#68117, @andyzhangx)
  • Port 31337 will be used by fluentd (#68051, @Szetty)
  • Improve CPU sample sanitization in HPA by taking metric's freshness into account. (#68068, @krzysztof-jastrzebski)
  • CoreDNS is now v1.2.2 for Kubernetes 1.12 (#68076, @rajansandeep)
  • Enable secure serving on port 10257 to kube-controller-manager (configurable via --secure-port). Delegated authentication and authorization have to be configured like for aggregated API servers. (#64149, @sttts)
  • Update metrics-server to v0.3.0. (#68077, @DirectXMan12)
  • TokenRequest and TokenRequestProjection are now beta features. To enable these feature, the API server needs to be started with the following flags: (#67349, @mikedanese) * --service-account-issuer * --service-account-signing-key-file * --service-account-api-audiences
  • Don't let aggregated apiservers fail to launch if the external-apiserver-authentication configmap is not found in the cluster. (#67836, @sttts)
  • Promote AdvancedAuditing to GA, replacing the previous (legacy) audit logging mechanisms. (#65862, @loburm)
  • Azure cloud provider now supports unmanaged nodes (such as on-prem) that are labeled with kubernetes.azure.com/managed=false and alpha.service-controller.kubernetes.io/exclude-balancer=true (#67984, @feiskyer)
  • kubectl get apiservice now shows the target service and whether the service is available (#67747, @smarterclayton)
  • Openstack supports now node shutdown taint. Taint is added when instance is shutdown in openstack. (#67982, @zetaab)
  • Return apiserver panics as 500 errors instead terminating the apiserver process. (#68001, @sttts)
  • Fix VMWare VM freezing bug by reverting #51066 (#67825, @nikopen)
  • Make CoreDNS be the default DNS server in kube-up (instead of kube-dns formerly). (#67569, @fturib)
    • It is still possible to deploy kube-dns by setting CLUSTER_DNS_CORE_DNS=false.
  • Added support to restore a volume from a volume snapshot data source. (#67087, @xing-yang)
  • fixes the errors/warnings in fluentd configuration (#67947, @saravanan30erd)
  • Stop counting soft-deleted pods for scaling purposes in HPA controller to avoid soft-deleted pods incorrectly affecting scale up replica count calculation. (#67067, @moonek)
  • delegated authn/z: optionally opt-out of mandatory authn/authz kubeconfig (#67545, @sttts)
  • kubeadm: Control plane images (etcd, kube-apiserver, kube-proxy, etc.) don't use arch suffixes. Arch suffixes are kept for kube-dns only. (#66960, @rosti)
  • Adds sample-cli-plugin staging repository (#67938, @soltysh)
  • adjusted http/2 buffer sizes for apiservers to prevent starvation issues between concurrent streams (#67902, @liggitt)
  • SCTP is now supported as additional protocol (alpha) alongside TCP and UDP in Pod, Service, Endpoint, and NetworkPolicy. (#64973, @janosi)
  • Always create configmaps/extensions-apiserver-authentication from kube-apiserver. (#67694, @sttts)
  • kube-proxy v1beta1 external ComponentConfig types are now available in the k8s.io/kube-proxy repo (#67688, @Lion-Wei)
  • Apply unreachable taint to a node when it lost network connection. (#67734, @Huang-Wei)
  • Allow ImageReview backend to return annotations to be added to the created pod. (#64597, @wteiken)
  • Bump ip-masq-agent to v2.1.1 (#67916, @MrHohn)
      • Update debian-iptables image for CVEs.
      • Change chain name to IP-MASQ to be compatible with the
    • pre-injected masquerade rules.
  • AllowedTopologies field inside StorageClass is now validated against set and map semantics. Specifically, there cannot be duplicate TopologySelectorTerms, MatchLabelExpressions keys, and TopologySelectorLabelRequirement Values. (#66843, @verult)
  • Introduces autoscaling/v2beta2 and custom_metrics/v1beta2, which implement metric selectors for Object and Pods metrics, as well as allowing AverageValue targets on Objects, similar to External metrics. (#64097, @damemi)
  • The cloudstack cloud provider now reports a Hostname address type for nodes based on the local-hostname metadata key. (#67719, @liggitt)
  • kubeadm: --cri-socket now defaults to tcp://localhost:2375 when running on Windows (#67447, @benmoss)
  • kubeadm: The kubeadm configuration now support definition of more than one control plane instances with their own APIEndpoint. The APIEndpoint for the "bootstrap" control plane instance should be defined using InitConfiguration.APIEndpoint, while the APIEndpoints for additional control plane instances should be added using JoinConfiguration.APIEndpoint. (#67832, @fabriziopandini)
  • Enable dynamic azure disk volume limits (#67772, @andyzhangx)
  • kubelet: Users can now enable the alpha NodeLease feature gate to have the Kubelet create and periodically renew a Lease in the kube-node-lease namespace. The lease duration defaults to 40s, and can be configured via the kubelet.config.k8s.io/v1beta1.KubeletConfiguration's NodeLeaseDurationSeconds field. (#66257, @mtaufen)
  • latent controller caches no longer cause repeating deletion messages for deleted pods (#67826, @deads2k)
  • API paging is now enabled for custom resource definitions, custom resources and APIService objects (#67861, @liggitt)
  • kubeadm: ControlPlaneEndpoint was moved from the API config struct to ClusterConfiguration (#67830, @fabriziopandini)
  • kubeadm - feature-gates HighAvailability, SelfHosting, CertsInSecrets are now deprecated and can't be used anymore for new clusters. Update of cluster using above feature-gates flag is not supported (#67786, @fabriziopandini)
  • Replace scale up forbidden window with disregarding CPU samples collected when pod was initializing. (#67252, @jbartosik)
  • Moving KubeSchedulerConfiguration from ComponentConfig API types to staging repos (#66916, @dixudx)
  • Improved error message when checking the rollout status of StatefulSet with OnDelete strategy type (#66983, @mortent)
  • RuntimeClass is a new API resource for defining different classes of runtimes that may be used to run containers in the cluster. Pods can select a RunitmeClass to use via the RuntimeClassName field. This feature is in alpha, and the RuntimeClass feature gate must be enabled in order to use it. (#67737, @tallclair)
  • Remove rescheduler since scheduling DS pods by default scheduler is moving to beta. (#67687, @Lion-Wei)
  • Turn on PodReadinessGate by default (#67406, @freehan)
  • Speed up kubelet start time by executing an immediate runtime and node status update when the Kubelet sees that it has a CIDR. (#67031, @krzysztof-jastrzebski)
  • The OpenStack cloud provider now reports a Hostname address type for nodes (#67748, @FengyunPan2)
  • The aws cloud provider now reports a Hostname address type for nodes based on the local-hostname metadata key. (#67715, @liggitt)
  • Azure cloud provider now supports cross resource group nodes that are labeled with kubernetes.azure.com/resource-group=<rg-name> and alpha.service-controller.kubernetes.io/exclude-balancer=true (#67604, @feiskyer)
  • Reduce API calls for Azure instance metadata. (#67478, @feiskyer)
  • kubectl create secret tls can now read certificate and key files from process substitution arguments (#67713, @liggitt)
  • change default value of kind for azure disk (#67483, @andyzhangx)
  • To address the possibility dry-run requests overwhelming admission webhooks that rely on side effects and a reconciliation mechanism, a new field is being added to admissionregistration.k8s.io/v1beta1.ValidatingWebhookConfiguration and admissionregistration.k8s.io/v1beta1.MutatingWebhookConfiguration so that webhooks can explicitly register as having dry-run support. If a dry-run request is made on a resource that triggers a non dry-run supporting webhook, the request will be completely rejected, with "400: Bad Request". Additionally, a new field is being added to the admission.k8s.io/v1beta1.AdmissionReview API object, exposing to webhooks whether or not the request being reviewed is a dry-run. (#66936, @jennybuckley)
  • Kubeadm ha upgrade (#66973, @fabriziopandini)
  • kubeadm: InitConfiguration now consists of two structs: InitConfiguration and ClusterConfiguration (#67441, @rosti)
  • Updated Cluster Autoscaler version to 1.3.2-beta.2. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.2-beta.2 (#67697, @aleksandra-malinowska)
  • cpumanager: rollback state if updateContainerCPUSet failed (#67430, @choury)
  • [CRI] Adds a "runtime_handler" field to RunPodSandboxRequest, for selecting the runtime configuration to run the sandbox with (alpha feature). (#67518, @tallclair)
  • Create cli-runtime staging repository (#67658, @soltysh)
  • Headless Services with no ports defined will now create Endpoints correctly, and appear in DNS. (#67622, @thockin)
  • Kubernetes juju charms will now use CSI for ceph. (#66523, @hyperbolic2346)
  • kubeadm: Fix panic when node annotation is nil (#67648, @xlgao-zju)
  • Prevent resourceVersion updates for custom resources on no-op writes. (#67562, @nikhita)
  • Fail container start if its requested device plugin resource hasn't registered after Kubelet restart. (#67145, @jiayingz)
  • Use sync.map to scale ecache better (#66862, @resouer)
  • DaemonSet: Fix bug- daemonset didn't create pod after node have enough resource (#67337, @linyouchong)
  • updates kibana to 6.3.2 (#67582, @monotek)
  • fixes json logging in fluentd-elasticsearch image by downgrading fluent-plugin-kubernetes_metadata_filter plugin to version 2.0.0 (#67544, @monotek)
  • add --dns-loop-detect option to dnsmasq run by kube-dns (#67302, @dixudx)
  • Switched certificate data replacement from "REDACTED" to "DATA+OMITTED" (#66023, @ibrasho)
  • improve performance of anti-affinity predicate of default scheduler. (#66948, @mohamed-mehany)
  • Fixed a bug that was blocking extensible error handling when serializing API responses error out. Previously, serialization failures always resulted in the status code of the original response being returned. Now, the following behavior occurs: (#67041, @tristanburgess)
      • If the serialization type is application/vnd.kubernetes.protobuf, and protobuf marshaling is not implemented for the requested API resource type, a '406 Not Acceptable is returned'.
      • If the serialization type is 'application/json':
    •     - If serialization fails, and the original status code was an failure (e.g. 4xx or 5xx), the original status code will be returned.
      
    •     - If serialization fails, and the original status code was not a failure (e.g. 2xx), the status code of the serialization failure will be returned. By default, this is '500 Internal Server Error', because JSON serialization is our default, and not supposed to be implemented on a type-by-type basis.
      
  • Add a feature to the scheduler to score fewer than all nodes in every scheduling cycle. This can improve performance of the scheduler in large clusters. (#66733, @bsalamat)
  • kube-controller-manager can now start the quota controller when discovery results can only be partially determined. (#67433, @deads2k)
  • The plugin mechanism functionality now closely follows the git plugin design (#66876, @juanvallejo)
  • GCE: decrease cpu requests on master node, to allow more components to fit on one core machine. (#67504, @loburm)
  • PVC may not be synced to controller local cache in time if PV is bound by external PV binder (e.g. kube-scheduler), double check if PVC is not found to prevent reclaiming PV wrongly. (#67062, @cofyc)
  • add more storage account sku support for azure disk (#67528, @andyzhangx)
  • updates es-image to elasticsearch 6.3.2 (#67484, @monotek)
  • Bump GLBC version to 1.2.3 (#66793, @freehan)
  • kube-apiserver: fixes error creating system priority classes when starting multiple apiservers simultaneously (#67372, @tanshanshan)
  • kubectl patch now respects --local (#67399, @deads2k)
  • Defaults for file audit logging backend in batch mode changed: (#67223, @tallclair)
      • Logs are written 1 at a time (no batching)
      • Only a single writer process (lock contention)
  • Forget rate limit when CRD establish controller successfully updated CRD condition (#67370, @yue9944882)
  • updates fluentd in fluentd-elasticsearch to version 1.2.4 (#67434, @monotek) * also updates activesupport, fluent-plugin-elasticsearch & oj gems
  • The dockershim now sets the "bandwidth" and "ipRanges" CNI capabilities (dynamic parameters). Plugin authors and administrators can now take advantage of this by updating their CNI configuration file. For more information, see the CNI docs (#64445, @squeed)
  • Expose /debug/flags/v to allow kubelet dynamically set glog logging level. If want to change glog level to 3, you only have to send a PUT request like curl -X PUT http://127.0.0.1:8080/debug/flags/v -d "3". (#64601, @hzxuzhonghu)
  • Fix an issue that pods using hostNetwork keep increasing. (#67456, @Huang-Wei)
  • DaemonSet controller is now using backoff algorithm to avoid hot loops fighting with kubelet on pod recreation when a particular DaemonSet is misconfigured. (#65309, @tnozicka)
  • Add node affinity for Azure unzoned managed disks (#67229, @feiskyer)
  • Attacher/Detacher refactor for local storage (#66884, @NickrenREN)
  • Update debian-iptables and hyperkube-base images to include CVE fixes. (#67365, @ixdy)
  • Fix an issue where filesystems are not unmounted when a backend is not reachable and returns EIO. (#67097, @chakri-nelluri)
  • Update Cluster Autoscaler version to 1.3.2-beta.1. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.2-beta.1 (#67396, @aleksandra-malinowska)
  • Remove unused binary and container image for kube-aggregator. The functionality is already integrated into the kube-apiserver. (#67157, @dims)
  • Avoid creating new controller revisions for statefulsets when cache is stale (#67039, @mortent)
  • Revert #63905: Setup dns servers and search domains for Windows Pods. DNS for Windows containers will be set by CNI plugins. (#66587, @feiskyer)
  • attachdetach controller attaches volumes immediately when Pod's PVCs are bound (#66863, @cofyc)
  • The check for unsupported plugins during volume resize has been moved from the admission controller to the two controllers that handle volume resize. (#66780, @kangarlou)
  • Fix kubelet to not leak goroutines/intofiy watchers on an inactive connection if it's closed (#67285, @yujuhong)
  • fix azure disk create failure due to sdk upgrade (#67236, @andyzhangx)
  • Kubeadm join --control-plane main workflow (#66873, @fabriziopandini)
  • Dynamic provisions that create iSCSI PVs can ensure that multipath is used by specifying 2 or more target portals in the PV, which will cause kubelet to wait up to 10 seconds for the multipath device. PVs with just one portal continue to work as before, with kubelet not waiting for the multipath device and just using the first disk it finds. (#67140, @bswartz)
  • kubectl: recreating resources for immutable fields when force is applied (#66602, @dixudx)
  • Remove deprecated --interactive flag from kubectl logs. (#65420, @jsoref)
  • kubeadm uses audit policy v1 instead of v1beta1 (#67176, @charrywanganthony)
  • kubeadm: make sure pre-pulled kube-proxy image and the one specified in its daemon set manifest are the same (#67131, @rosti)
  • Graduate Resource Quota ScopeSelectors to beta, and enable it by default. (#67077, @vikaschoudhary16)
  • Decrease the amount of time it takes to modify kubeconfig files with large amounts of contexts (#67093, @juanvallejo)
  • Fixes issue when updating a DaemonSet causes a hash collision. (#66476, @mortent)
  • fix cluster-info dump error (#66652, @charrywanganthony)
  • The PodShareProcessNamespace feature to configure PID namespace sharing within a pod has been promoted to beta. (#66507, @verb)
  • kubectl create {clusterrole,role}'s --resources flag supports asterisk to specify all resources. (#62945, @nak3)
  • Bump up version number of debian-base, debian-hyperkube-base and debian-iptables. (#67026, @satyasm)
    • Also updates dependencies of users of debian-base.
    • debian-base version 0.3.1 is already available.
  • DynamicProvisioningScheduling and VolumeScheduling is now supported for Azure managed disks. Feature gates DynamicProvisioningScheduling and VolumeScheduling should be enabled before using this feature. (#67121, @feiskyer)
  • kube-apiserver now includes all registered API groups in discovery, including registered extension API group/versions for unavailable extension API servers. (#66932, @nilebox)
  • Allows extension API server to dynamically discover the requestheader CA certificate when the core API server doesn't use certificate based authentication for it's clients (#66394, @rtripat)
  • audit.k8s.io api group is upgraded from v1beta1 to v1. (#65891, @CaoShuFeng)
    • Deprecated element metav1.ObjectMeta and Timestamp are removed from audit Events in v1 version.
    • Default value of option --audit-webhook-version and --audit-log-version will be changed from audit.k8s.io/v1beta1 to audit.k8s.io/v1 in release 1.13
  • scope AWS LoadBalancer security group ICMP rules to spec.loadBalancerSourceRanges (#63572, @haz-mat)
  • Add NoSchedule/NoExecute tolerations to ip-masq-agent, ensuring it to be scheduled in all nodes except master. (#66260, @tanshanshan)
  • The flag --skip-preflight-checks of kubeadm has been removed. Please use --ignore-preflight-errors instead. (#62727, @xiangpengzhao)
  • The watch API endpoints prefixed with /watch are deprecated and will be removed in a future release. These standard method for watching resources (supported since v1.0) is to use the list API endpoints with a ?watch=true parameter. All client-go clients have used the parameter method since v1.6.0. (#65147, @liggitt)
  • Bump Heapster to v1.6.0-beta.1 (#67074, @kawych)
  • kube-apiserver: setting a dryRun query parameter on a CONNECT request will now cause the request to be rejected, consistent with behavior of other mutating API requests. Examples of CONNECT APIs are the nodes/proxy, services/proxy, pods/proxy, pods/exec, and pods/attach subresources. Note that this prevents sending a dryRun parameter to backends via {nodes,services,pods}/proxy subresources. (#66083, @jennybuckley)
  • In clusters where the DryRun feature is enabled, dry-run requests will go through the normal admission chain. Because of this, ImagePolicyWebhook authors should especially make sure that their webhooks do not rely on side effects. (#66391, @jennybuckley)
  • Metadata Agent Improvements (#66485, @bmoyles0117)
    • Bump metadata agent version to 0.2-0.0.21-1.
    • Expand the metadata agent's access to all API groups.
    • Remove metadata agent config maps in favor of command line flags.
    • Update the metadata agent's liveness probe to a new /healthz handler.
    • Logging Agent Improvements
    • Bump logging agent version to 0.2-1.5.33-1-k8s-1.
    • Appropriately set log severity for k8s_container.
    • Fix detect exceptions plugin to analyze message field instead of log field.
    • Fix detect exceptions plugin to analyze streams based on local resource id.
    • Disable the metadata agent for monitored resource construction in logging.
    • Disable timestamp adjustment in logs to optimize performance.
    • Reduce logging agent buffer chunk limit to 512k to optimize performance.
  • kubectl: the wait command now prints an error message and exits with the code 1, if there is no resources matching selectors (#66692, @m1kola)
  • Quota admission configuration api graduated to v1beta1 (#66156, @vikaschoudhary16)
  • Unit tests for scopes and scope selectors in the quota spec (#66351, @vikaschoudhary16)
  • Print kube-apiserver --help flag help in sections. (#64517, @sttts)
  • Azure managed disks now support availability zones and new parameters zoned, zone and zones are added for AzureDisk storage class. (#66553, @feiskyer)
  • nodes: improve handling of erroneous host names (#64815, @dixudx)
  • remove deprecated shorthand flag -c from kubectl version (--client) (#66817, @charrywanganthony)
  • Added etcd_object_count metrics for CustomResources. (#65983, @sttts)
  • Handle newlines for command, args, env, and annotations in kubectl describe wrapping (#66841, @smarterclayton)
  • Fix pod launch by kubelet when --cgroups-per-qos=false and --cgroup-driver="systemd" (#66617, @pravisankar)
  • kubelet: fix nil pointer dereference while enforce-node-allocatable flag is not config properly (#66190, @linyouchong)
  • Fix a bug on GCE that /etc/crictl.yaml is not generated when crictl is preloaded. (#66877, @Random-Liu)
  • This fix prevents a GCE PD volume from being mounted if the udev device link is stale and tries to correct the link. (#66832, @msau42)

v1.12.0-alpha.1

Documentation & Examples

Downloads for v1.12.0-alpha.1

filename sha256 hash
kubernetes.tar.gz 603345769f5e2306e5c22db928aa1cbedc6af63f387ab7a8818cb0111292133f
kubernetes-src.tar.gz f8fb4610cee20195381e54bfd163fbaeae228d68986817b685948b8957f324d0

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz e081c275601bcaa45d906a976d35902256f836bb60caa738a2fd8719ff3e1048
kubernetes-client-darwin-amd64.tar.gz 2dd222a267ac247dce4dfc52aff313f20c427b4351f7410aadebe8569ede3139
kubernetes-client-linux-386.tar.gz 46b16d6b0429163da67b06242772c3c6c5ab9da6deda5306e63d21be04b4811d
kubernetes-client-linux-amd64.tar.gz 8b8bf0a8a4568559d3762a72c1095ab37785fc8bbbb290aaff3a34341a24d7eb
kubernetes-client-linux-arm.tar.gz d71dc60e087746b2832e66170053816dc8ed42e95efe0769ed926a6e044175ef
kubernetes-client-linux-arm64.tar.gz e9091bbfb997d1603dfd17ba9f145ca7dacf304f04d10230e056f8a12ce44445
kubernetes-client-linux-ppc64le.tar.gz fc6c0985ccbd806add497f2557000f7e90f3176427250e019a40e8acf7c42282
kubernetes-client-linux-s390x.tar.gz b8c64b318d702f6e8be76330fd5da9b87e2e4e31e904ea7e00c0cd6412ab2bcf
kubernetes-client-windows-386.tar.gz cb96e353eb5d400756a93c8d16321d0fac87d6a4f8ad89fda42858f8e4d85e9d
kubernetes-client-windows-amd64.tar.gz 003284f983cafc6fd0ce1205c03d47e638a999def1ef4e1e77bfb9149e5f598b

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz d9c282cd02c8c3fdbeb2f46abd0ddd257a8449e94be3beed2514c6e30a335a87
kubernetes-server-linux-arm.tar.gz 613390ba73f4236feb10bb4f70cbf96e504cf8d598da0180efc887d316b8bc5e
kubernetes-server-linux-arm64.tar.gz 1dd417f59d17c3583c6b4a3989d24c57e4989eb7b6ab9f2aa10c4cbf9bf5c11b
kubernetes-server-linux-ppc64le.tar.gz 44e9e6424ed3a5a91f5adefa456b2b71c0c5d3b01be9f60f5c8c0f958815ffc1
kubernetes-server-linux-s390x.tar.gz 3118d9c955f9a50f86ebba324894f06dbf7c1cb8f9bc5bdf6a95caf2a6678805

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 6b4d363d190e0ce6f4e41d19a0ac350b39cad7859bc442166a1da9124d1a82bb
kubernetes-node-linux-arm.tar.gz c80ac005c228217b871bf3e9de032044659db3aa048cc95b101820e31d62264c
kubernetes-node-linux-arm64.tar.gz d8b84e7cc6ff5d0e26b045de37bdd40ca8809c303b601d8604902e5957d98621
kubernetes-node-linux-ppc64le.tar.gz b0a667c5c905e6e724fba95d44797fb52afb564aedd1c25cbd4e632e152843e9
kubernetes-node-linux-s390x.tar.gz 78e7dbb82543ea6ac70767ed63c92823726adb6257f6b70b5911843d18288df7
kubernetes-node-windows-amd64.tar.gz 1a3e11cc3f1a0297de2b894a43eb56ede5fbd5cdc43e4da7e61171f5c1f3ef60

Changelog since v1.11.0

Action Required

  • action required: the API server and client-go libraries have been fixed to support additional non-alpha-numeric characters in UserInfo "extra" data keys. Both should be updated in order to properly support extra data containing "/" characters or other characters disallowed in HTTP headers. (#65799, @dekkagaijin)
  • [action required] The NodeConfiguration kind in the kubeadm v1alpha2 API has been renamed JoinConfiguration in v1alpha3 (#65951, @luxas)
  • ACTION REQUIRED: Removes defaulting of CSI file system type to ext4. All the production drivers listed under https://kubernetes-csi.github.io/docs/Drivers.html were inspected and should not be impacted after this change. If you are using a driver not in that list, please test the drivers on an updated test cluster first. ``` (#65499, @krunaljain)
  • [action required] The MasterConfiguration kind in the kubeadm v1alpha2 API has been renamed InitConfiguration in v1alpha3 (#65945, @luxas)
  • [action required] The formerly publicly-available cAdvisor web UI that the kubelet started using --cadvisor-port is now entirely removed in 1.12. The recommended way to run cAdvisor if you still need it, is via a DaemonSet. (#65707, @dims)
  • Cluster Autoscaler version updated to 1.3.1-beta.1. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.1-beta.1 (#65857, @aleksandra-malinowska)
    • Default value for expendable pod priority cutoff in GCP deployment of Cluster Autoscaler changed from 0 to -10.
    • action required: users deploying workloads with priority lower than 0 may want to use priority lower than -10 to avoid triggering scale-up.
  • [action required] kubeadm: The v1alpha1 config API has been removed. (#65628, @luxas)
    • Please convert your v1alpha1 configuration files to v1alpha2 using the
    • kubeadm config migrate command of kubeadm v1.11.x
  • kube-apiserver: the Priority admission plugin is now enabled by default when using --enable-admission-plugins. If using --admission-control to fully specify the set of admission plugins, the Priority admission plugin should be added if using the PodPriority feature, which is enabled by default in 1.11. (#65739, @liggitt)
  • The system-node-critical and system-cluster-critical priority classes are now limited to the kube-system namespace by the PodPriority admission plugin. (#65593, @bsalamat)
  • kubernetes-worker juju charm: Added support for setting the --enable-ssl-chain-completion option on the ingress proxy. "action required": if your installation relies on supplying incomplete certificate chains and using OCSP to fill them in, you must set "ingress-ssl-chain-completion" to "true" in your juju configuration. (#63845, @paulgear)

Other notable changes

  • admin RBAC role now aggregates edit and view. edit RBAC role now aggregates view. (#66684, @deads2k)
  • Speed up HPA reaction to metric changes by removing scale up forbidden window. (#66615, @jbartosik)
    • Scale up forbidden window was protecting HPA against making decision to scale up based on metrics gathered during pod initialisation (which may be invalid, for example pod may be using a lot of CPU despite not doing any "actual" work).
    • To avoid that negative effect only use per pod metrics from pods that are:
      • ready (so metrics about them should be valid), or
      • unready but creation and last readiness change timestamps are apart more than 10s (pods that have formerly been ready and so metrics are in at least some cases (pod becoming unready because of overload) very useful).
  • The kubectl patch command no longer exits with exit code 1 when a redundant patch results in a no-op (#66725, @juanvallejo)
  • Improved the output of kubectl get events to prioritize showing the message, and move some fields to -o wide. (#66643, @smarterclayton)
  • Added CPU Manager state validation in case of changed CPU topology. (#66718, @ipuustin)
  • Make EBS volume expansion faster (#66728, @gnufied)
  • Kubelet serving certificate bootstrapping and rotation has been promoted to beta status. (#66726, @liggitt)
  • Flag --pod (-p shorthand) of kubectl exec command marked as deprecated (#66558, @quasoft)
  • Fixed an issue which prevented gcloud from working on GCE when metadata concealment was enabled. (#66630, @dekkagaijin)
  • Azure Go SDK has been upgraded to v19.0.0 and VirtualMachineScaleSetVM now supports availability zones. (#66648, @feiskyer)
  • kubeadm now can join the cluster with pre-existing client certificate if provided (#66482, @dixudx)
  • If TaintNodesByCondition enabled, taint node with TaintNodeUnschedulable when (#63955, @k82cn)
    • initializing node to avoid race condition.
  • kubeadm: remove misleading error message regarding image pulling (#66658, @dixudx)
  • Fix Stackdriver integration based on node annotation container.googleapis.com/instance_id. (#66676, @kawych)
  • Fix kubelet startup failure when using ExecPlugin in kubeconfig (#66395, @awly)
  • When attaching iSCSI volumes, kubelet now scans only the specific (#63176, @bswartz)
    • LUNs being attached, and also deletes them after detaching. This avoids
    • dangling references to LUNs that no longer exist, which used to be the
    • cause of random I/O errors/timeouts in kernel logs, slowdowns during
    • block-device related operations, and very rare cases of data corruption.
  • kubeadm: Pull sidecar and dnsmasq-nanny images when using kube-dns (#66499, @rosti)
  • Extender preemption should respect IsInterested() (#66291, @resouer)
  • Properly autopopulate OpenAPI version field without needing other OpenAPI fields present in generic API server code. (#66411, @DirectXMan12)
  • renamed command line option --cri-socket-path of the kubeadm subcommand "kubeadm config images pull" to --cri-socket to be consistent with the rest of kubeadm subcommands. (#66382, @bart0sh)
  • The --docker-disable-shared-pid kubelet flag has been removed. PID namespace sharing can instead be enable per-pod using the ShareProcessNamespace option. (#66506, @verb)
  • Add support for using User Assigned MSI (https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview) with Kubernetes cluster on Azure. (#66180, @kkmsft)
  • fix acr could not be listed in sp issue (#66429, @andyzhangx)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63665, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • Fix volume limit for EBS on m5 and c5 instance types (#66397, @gnufied)
  • Extend TLS timeouts to work around slow arm64 math/big (#66264, @joejulian)
  • kubeadm: stop setting UID in the kubelet ConfigMap (#66341, @runiq)
  • kubectl: fixes a panic displaying pods with nominatedNodeName set (#66406, @liggitt)
  • Update crictl to v1.11.1. (#66152, @Random-Liu)
  • fixes a panic when using a mutating webhook admission plugin with a DELETE operation (#66425, @liggitt)
  • GCE: Fixes loadbalancer creation and deletion issues appearing in 1.10.5. (#66400, @nicksardo)
  • Azure nodes with availability zone now will have label failure-domain.beta.kubernetes.io/zone=<region>-<zoneID>. (#66242, @feiskyer)
  • Re-design equivalence class cache to two level cache (#65714, @resouer)
  • Checks CREATE admission for create-on-update requests instead of UPDATE admission (#65572, @yue9944882)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63666, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • Fixed a panic in the node status update logic when existing node has nil labels. (#66307, @guoshimin)
  • Bump Ingress-gce version to 1.2.0 (#65641, @freehan)
  • Bump event-exporter to 0.2.2 to pick up security fixes. (#66157, @loburm)
  • Allow ScaleIO volumes to be provisioned without having to first manually create /dev/disk/by-id path on each kubernetes node (if not already present) (#66174, @ddebroy)
  • fix rollout status for statefulsets (#62943, @faraazkhan)
  • Fix for resourcepool-path configuration in the vsphere.conf file. (#66261, @divyenpatel)
  • OpenAPI spec and documentation reflect 202 Accepted response path for delete request (#63418, @roycaihw)
  • fixes a validation error that could prevent updates to StatefulSet objects containing non-normalized resource requests (#66165, @liggitt)
  • Fix validation for HealthzBindAddress in kube-proxy when --healthz-port is set to 0 (#66138, @wsong)
  • kubeadm: use an HTTP request timeout when fetching the latest version of Kubernetes from dl.k8s.io (#65676, @dkoshkin)
  • Support configuring the Azure load balancer idle connection timeout for services (#66045, @cpuguy83)
  • kubectl config set-context can now set attributes of the current context, like the current namespace, by passing --current instead of a specific context name (#66140, @liggitt)
  • The alpha Initializers admission plugin is no longer enabled by default. This matches the off-by-default behavior of the alpha API which drives initializer behavior. (#66039, @liggitt)
  • kubeadm: Default component configs are printable via kubeadm config print-default (#66074, @rosti)
  • prevents infinite CLI wait on delete when item is recreated (#66136, @deads2k)
  • Preserve vmUUID when renewing nodeinfo in vSphere cloud provider (#66007, @w-leads)
  • Cluster Autoscaler version updated to 1.3.1. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.1 (#66122, @aleksandra-malinowska)
  • Expose docker registry config for addons used in Juju deployments (#66092, @kwmonroe)
  • kubelets that specify --cloud-provider now only report addresses in Node status as determined by the cloud provider (#65594, @liggitt) * kubelet serving certificate rotation now reacts to changes in reported node addresses, and will request certificates for addresses set by an external cloud provider
  • Fix the bug where image garbage collection is disabled by mistake. (#66051, @jiaxuanzhou)
  • fixes an issue with multi-line annotations injected via downward API files getting scrambled (#65992, @liggitt)
  • kubeadm: run kube-proxy on non-master tainted nodes (#65931, @neolit123)
  • "kubectl delete" no longer waits for dependent objects to be deleted when removing parent resources (#65908, @juanvallejo)
  • Introduce a new flag --keepalive for kubectl proxy to allow setting keep-alive period for long-running request. (#63793, @hzxuzhonghu)
  • If Openstack LoadBalancer is not defined in cloud config, the loadbalancer is not initialized any more in openstack. All setups must have some setting under that section (#65781, @zetaab)
  • Re-adds pkg/generated/bindata.go to the repository to allow some parts of k8s.io/kubernetes to be go-vendorable. (#65985, @ixdy)
  • Fix a bug that preempting a pod may block forever. (#65987, @Random-Liu)
  • Fix flexvolume in containarized kubelets (#65549, @gnufied)
  • Add volume mode filed to constructed volume spec for CSI plugin (#65456, @wenlxie)
  • Fix an issue with dropped audit logs, when truncating and batch backends enabled at the same time. (#65823, @loburm)
  • Support traffic shaping for CNI network driver (#63194, @m1093782566)
  • kubeadm: Use separate YAML documents for the kubelet and kube-proxy ComponentConfigs (#65787, @luxas)
  • kubeadm: Fix pause image to not use architecture, as it is a manifest list (#65920, @dims)
  • kubeadm: print required flags when running kubeadm upgrade plan (#65802, @xlgao-zju)
  • Fix RunAsGroup which doesn't work since 1.10. (#65926, @Random-Liu)
  • Running kubectl describe pvc now shows which pods are mounted to the pvc being described with the Mounted By field (#65837, @clandry94)
  • fix azure storage account creation failure (#65846, @andyzhangx)
  • Allow kube- and cloud-controller-manager to listen on ports up to 65535. (#65860, @sttts)
  • Allow kube-scheduler to listen on ports up to 65535. (#65833, @sttts)
  • kubeadm: Remove usage of PersistentVolumeLabel (#65827, @xlgao-zju)
  • kubeadm: Add a v1alpha3 API. (#65629, @luxas)
  • Update to use go1.10.3 (#65726, @ixdy)
  • LimitRange and Endpoints resources can be created via an update API call if the object does not already exist. When this occurs, an authorization check is now made to ensure the user making the API call is authorized to create the object. In previous releases, only an update authorization check was performed. (#65150, @jennybuckley)
  • Fix 'kubectl cp' with no arguments causes a panic (#65482, @wgliang)
  • bazel deb package bugfix: The kubeadm deb package now reloads the kubelet after installation (#65554, @rdodev)
  • fix smb mount issue (#65751, @andyzhangx)
  • More fields are allowed at the root of the CRD validation schema when the status subresource is enabled. (#65357, @nikhita)
  • Reload systemd config files before starting kubelet. (#65702, @mborsz)
  • Unix: support ZFS as a valid graph driver for Docker (#65635, @neolit123)
  • Fix controller-manager crashes when flex plugin is removed from flex plugin directory (#65536, @gnufied)
  • Enable etcdv3 client prometheus metics (#64741, @wgliang)
  • skip nodes that have a primary NIC in a 'Failed' provisioningState (#65412, @yastij)
  • kubeadm: remove redundant flags settings for kubelet (#64682, @dixudx)
  • Fixes the wrong elasticsearch node counter (#65627, @IvanovOleg)
  • Add Ubuntu 18.04 (Bionic) series to Juju charms (#65644, @tvansteenburgh)
  • Fix local volume directory can't be deleted because of volumeMode error (#65310, @wenlxie)
  • kubectl: --use-openapi-print-columns is deprecated in favor of --server-print (#65601, @liggitt)
  • Add prometheus scrape port to CoreDNS service (#65589, @rajansandeep)
  • fixes an out of range panic in the NoExecuteTaintManager controller when running a non-64-bit build (#65596, @liggitt)
  • kubectl: fixes a regression with --use-openapi-print-columns that would not print object contents (#65600, @liggitt)
  • Hostnames are now converted to lowercase before being used for node lookups in the kubernetes-worker charm. (#65487, @dshcherb)
  • N/A (#64660, @figo)
  • bugfix: Do not print feature gates in the generic apiserver code for glog level 0 (#65584, @neolit123)
  • Add metrics for PVC in-use (#64527, @gnufied)
  • Fixed exception detection in fluentd-gcp plugin. (#65361, @xperimental)
  • api-machinery utility functions SetTransportDefaults and DialerFor once again respect custom Dial functions set on transports (#65547, @liggitt)
  • Improve the display of jobs in kubectl get and kubectl describe to emphasize progress and duration. (#65463, @smarterclayton)
  • kubectl convert previous created a list inside of a list. Now it is only wrapped once. (#65489, @deads2k)
  • fix azure disk creation issue when specifying external resource group (#65516, @andyzhangx)
  • fixes a regression in kube-scheduler to properly load client connection information from a --config file that references a kubeconfig file (#65507, @liggitt)
  • Fixed cleanup of CSI metadata files. (#65323, @jsafrane)
  • Update Rescheduler's manifest to use version 0.4.0. (#65454, @bsalamat)
  • On COS, NPD creates a node condition for frequent occurrences of unregister_netdevice (#65342, @dashpole)
  • Properly manage security groups for loadbalancer services on OpenStack. (#65373, @multi-io)
  • Add user-agent to audit-logging. (#64812, @hzxuzhonghu)
  • kubeadm: notify the user of manifest upgrade timeouts (#65164, @xlgao-zju)
  • Fixes incompatibility with custom scheduler extender configurations specifying bindVerb (#65424, @liggitt)
  • Using kubectl describe on CRDs that use underscores will be prettier. (#65391, @smarterclayton)
  • Improve scheduler's performance by eliminating sorting of nodes by their score. (#65396, @bsalamat)
  • Add more conditions to the list of predicate failures that won't be resolved by preemption. (#64995, @bsalamat)
  • Allow access to ClusterIP from the host network namespace when kube-proxy is started in IPVS mode without either masqueradeAll or clusterCIDR flags (#65388, @lbernail)
  • User can now use sudo crictl on GCE cluster. (#65389, @Random-Liu)
  • Tolerate missing watch permission when deleting a resource (#65370, @deads2k)
  • Prevents a kubectl delete hang when deleting controller managed lists (#65367, @deads2k)
  • fixes a memory leak in the kube-controller-manager observed when large numbers of pods with tolerations are created/deleted (#65339, @liggitt)
  • checkLimitsForResolvConf for the pod create and update events instead of checking period (#64860, @wgliang)
  • Fix concurrent map access panic (#65334, @dashpole)
    • Don't watch .mount cgroups to reduce number of inotify watches
    • Fix NVML initialization race condition
    • Fix brtfs disk metrics when using a subdirectory of a subvolume
  • Change Azure ARM Rate limiting error message. (#65292, @wgliang)
  • AWS now checks for validity of ecryption key when creating encrypted volumes. Dynamic provisioning of encrypted volume may get slower due to these checks. (#65223, @jsafrane)
  • Report accurate status for kubernetes-master and -worker charms. (#65187, @kwmonroe)
  • Fixed issue 63608, which is that under rare circumstances the ResourceQuota admission controller could lose track of an request in progress and time out after waiting 10 seconds for a decision to be made. (#64598, @MikeSpreitzer)
  • In the vSphere cloud provider the Global.vm-uuid configuration option is not deprecated anymore, it can be used to overwrite the VMUUID on the controller-manager (#65152, @alvaroaleman)
  • fluentd-gcp grace termination period increased to 60s. (#65084, @x13n)
  • Pass cluster_location argument to Heapster (#65176, @kawych)
  • Fix a scalability issue where high rates of event writes degraded etcd performance. (#64539, @ccding)
  • Corrected a mistake in the documentation for wait.PollImmediate(...) (#65026, @spew)
  • Split 'scheduling_latency_seconds' metric into finer steps (predicate, priority, premption) (#65306, @shyamjvs)
  • Etcd health checks by the apiserver now ensure the apiserver can connect to and exercise the etcd API (#65027, @liggitt)
  • Add e2e regression tests for the kubelet being secure (#64140, @dixudx)
  • set EnableHTTPSTrafficOnly in azure storage account creation (#64957, @andyzhangx)
  • Fixes an issue where Portworx PVCs remain in pending state when created using a StorageClass with empty parameters (#64895, @harsh-px)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63662, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63661, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63660, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • Updated default image for nginx ingress in CDK to match current Kubernetes docs. (#64285, @hyperbolic2346)
  • Added block volume support to Cinder volume plugin. (#64879, @bertinatto)
  • fixed incorrect OpenAPI schema for CustomResourceDefinition objects (#65256, @liggitt)
  • ignore not found file error when watching manifests (#64880, @dixudx)
  • add port-forward examples for sevice (#64773, @MasayaAoyama)
  • Fix issues for block device not mapped to container. (#64555, @wenlxie)
  • Update crictl on GCE to v1.11.0. (#65254, @Random-Liu)
  • Fixes missing nodes lines when kubectl top nodes (#64389, @yue9944882)
  • keep pod state consistent when scheduler cache UpdatePod (#64692, @adohe)
  • add external resource group support for azure disk (#64427, @andyzhangx)
  • Increase the gRPC max message size to 16MB in the remote container runtime. (#64672, @mcluseau)
  • The new default value for the --allow-privileged parameter of the Kubernetes-worker charm has been set to true based on changes which went into the Kubernetes 1.10 release. Before this change the default value was set to false. If you're installing Canonical Kubernetes you should expect this value to now be true by default and you should now look to use PSP (pod security policies). (#64104, @CalvinHartwell)
  • The --remove-extra-subjects and --remove-extra-permissions flags have been enabled for kubectl auth reconcile (#64541, @mrogers950)
  • Fix kubectl drain --timeout option when eviction is used. (#64378, @wrdls)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63659, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.