- v1.10.0
- v1.10.0-rc.1
- v1.10.0-beta.4
- v1.10.0-beta.3
- v1.10.0-beta.2
- v1.10.0-beta.1
- v1.10.0-alpha.3
- v1.10.0-alpha.2
- v1.10.0-alpha.1
filename | sha256 hash |
---|---|
kubernetes.tar.gz | a48d4f6eb4bf329a87915d2264250f2045aab1e8c6cc3e574a887ec42b5c6edc |
kubernetes-src.tar.gz | 3b51bf50370fc022f5e4578b071db6b63963cd64b35c41954d4a2a8f6738c0a7 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 8f35d820d21bfdb3186074eb2ed5212b983e119215356a7a76a9f773f2a1e6a3 |
kubernetes-client-darwin-amd64.tar.gz | ae06d0cd8f6fa8d145a9dbdb77e6cba99ad9cfce98b01c766df1394c17443e42 |
kubernetes-client-linux-386.tar.gz | 8147723a68763b9791def5b41d75745e835ddd82f23465a2ba7797b84ad73554 |
kubernetes-client-linux-amd64.tar.gz | 845668fe2f854b05aa6f0b133314df83bb41a486a6ba613dbb1374bf3fbe8720 |
kubernetes-client-linux-arm.tar.gz | 5d2552a6781ef0ecaf308fe6a02637faef217c98841196d4bd7c52a0f1a4bfa0 |
kubernetes-client-linux-arm64.tar.gz | 9d5e4ba43ad7250429015f33f728c366daa81e894e8bfe8063d73ce990e82944 |
kubernetes-client-linux-ppc64le.tar.gz | acabf3a26870303641ce60a59b5bb9702c8a7445b16f4293abc7868e91d252c8 |
kubernetes-client-linux-s390x.tar.gz | 8d836df10b50d11434b5ee797aecc21714723f02fc47fe3dd600426eb83b9e38 |
kubernetes-client-windows-386.tar.gz | ca183b66f910ff11fa468e47251c68d256ef145fcfc2d23d4347d066e7787971 |
kubernetes-client-windows-amd64.tar.gz | 817aea754a059c635f4d690aa0232a8e77eb74e76357cafd8f10556972022e9e |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | f2e0505bee7d9217332b96be11d1b88c06f51049f7a44666b0ede80bfb92fdf6 |
kubernetes-server-linux-arm.tar.gz | a7be68c32a299c98353633f3161f910c4b970c8364ccee5f98e1991364b3ce69 |
kubernetes-server-linux-arm64.tar.gz | 4df4add2891d02101818653ac68b57e6ce4760fd298f47467ce767ac029f4508 |
kubernetes-server-linux-ppc64le.tar.gz | 199b52461930c0218f984884069770fb7e6ceaf66342d5855b209ff1889025b8 |
kubernetes-server-linux-s390x.tar.gz | 578f93fc22d2a5bec7dc36633946eb5b7359d96233a2ce74f8b3c5a231494584 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 8c03412881eaab5f3ea828bbb81e8ebcfc092d311b2685585817531fa7c2a289 |
kubernetes-node-linux-arm.tar.gz | d6a413fcadb1b933a761ac9b0c864f596498a8ac3cc4922c1569306cd0047b1d |
kubernetes-node-linux-arm64.tar.gz | 46d6b74759fbc3b2aad42357f019dae0e882cd4639e499e31b5b029340dabd42 |
kubernetes-node-linux-ppc64le.tar.gz | bdecc12feab2464ad917623ade0cbf58675e0566db38284b79445841d246fc08 |
kubernetes-node-linux-s390x.tar.gz | afe35c2854f35939be75ccfb0ec81399acf4043ae7cf19dd6fbe6386288972c2 |
kubernetes-node-windows-amd64.tar.gz | eac14e3420ca9769e067cbf929b5383cd77d56e460880a30c0df1bbfbb5a43db |
Many of the changes within SIG-Node revolve around control, with the beta release of Dynamic Kubelet Configuration, the ability to make changes to Kubelet without having to bring down the node, and alpha support for the ability to configure whether containers in a pod should share a single process namespace, The CRI has also seen some improvements and has been upgraded to v1alpha2, with support for support for Windows Container Configuration and the beta release of the CRI validation test suite.
The Resource Management Working Group graduated three features to beta in the 1.10 release. First, CPU Manager, which allows users to request exclusive CPU cores. This helps performance in a variety of use-cases, including network latency sensitive applications, as well as applications that benefit from CPU cache residency. Next, Huge Pages, which allows pods to consume either 2Mi or 1Gi Huge Pages. This benefits applications that consume large amounts of memory. Use of Huge Pages is a common tuning recommendation for databases and JVMs. Finally, the Device Plugin feature, which provides a framework for vendors to advertise their resources to the Kubelet without changing Kubernetes core code. Targeted devices include GPUs, High-performance NICs, FPGAs, InfiniBand, and other similar computing resources that may require vendor specific initialization and setup.
This release brings additional power to both local storage and Persistent Volumes. Mount namespace propagation allows a container to mount a volume as rslave so that host mounts can be seen inside the container, or as rshared so that mounts made inside a container can be seen by the host. (Note that this is not supported on Windows.) Local Ephemeral Storage Capacity Isolation makes it possible to set requests and limits on ephemeral local storage resources. In addition, you can now create Local Persistent Storage, which enables PersistentVolumes to be created with locally attached disks, and not just network volumes.
On the Persistent Volumes side, this release Prevents deletion of Persistent Volume Claims that are used by a pod and Persistent Volumes that are bound to a Persistent Volume Claim, making it impossible to delete storage that is in use by a pod.
This release also includes Topology Aware Volume Scheduling for local persistent volumes, the stable release of Detailed storage metrics of internal state, and beta support for Out-of-tree CSI Volume Plugins.
This release continues to enable more existing features on Windows, including container CPU resources, image filesystem stats, and flexvolumes. It also adds Windows service control manager support and experimental support for Hyper-V isolation of single-container pods.
SIG-OpenStack updated the OpenStack provider to use newer APIs, consolidated community code into one repository, engaged with the Cloud Provider Working Group to have a consistent plan for moving provider code into individual repositories, improved testing of provider code, and strengthened ties with the OpenStack developer community.
API Aggregation has been upgraded to "stable" in Kubernetes 1.10, so you can use it in production. Webhooks have seen numerous improvements, including alpha Support for self-hosting authorizer webhooks.
This release lays the groundwork for new authentication methods, including the alpha release of External client-go credential providers and the TokenRequest API. In addition, Pod Security Policy now lets administrators decide what contexts pods can run in, and gives administrators the ability to limit node access to the API.
Kubernetes 1.10 includes alpha Azure support for cluster-autoscaler, as well as support for Azure Virtual Machine Scale Sets.
This release includes a change to kubectl get and describe to work better with extensions, as the server, rather than the client, returns this information for a smoother user experience.
This release includes beta support for out-of-process and out-of-tree cloud providers.
In terms of networking, Kubernetes 1.10 is about control. Users now have beta support for the ability to configure a pod's resolv.conf, rather than relying on the cluster DNS, as well as configuring the NodePort IP address. You can also switch the default DNS plugin to CoreDNS (beta).
-
In-place node upgrades to this release from versions 1.7.14, 1.8.9, and 1.9.4 are not supported if using subpath volumes with PVCs. Such pods should be drained from the node first.
-
The minimum supported version of Docker is now 1.11; if you are using Docker 1.10 or below, be sure to upgrade Docker before upgrading Kubernetes. (#57845, @yujuhong)
-
The Container Runtime Interface (CRI) version has increased from v1alpha1 to v1alpha2. Runtimes implementing the CRI will need to update to the new version, which configures container namespaces using an enumeration rather than booleans. This change to the alpha API is not backwards compatible; implementations of the CRI such as containerd, will need to update to the new API version. (#58973, @verb)
-
The default Flexvolume plugin directory for COS images on GCE has changed to
/home/kubernetes/flexvolume
, rather than/etc/srv/kubernetes/kubelet-plugins/volume/exec
. Existing Flexvolume installations in clusters using COS images must be moved to the new directory, and installation processes must be updated with the new path. (#58171, @verult) -
Default values differ between the Kubelet's componentconfig (config file) API and the Kubelet's command line. Be sure to review the default values when migrating to using a config file. For example, the authz mode is set to "AlwaysAllow" if you rely on the command line, but defaults to the more secure "Webhook" mode if you load config from a file. (#59666, @mtaufen)
-
[GCP kube-up.sh] Variables that were part of kube-env that were only used for kubelet flags are no longer being set, and are being replaced by the more portable mechanism of the kubelet configuration file. The individual variables in the kube-env metadata entry were never meant to be a stable interface and this release note only applies if you are depending on them. (#60020, @roberthbailey)
-
kube-proxy: feature gates are now specified as a map when provided via a JSON or YAML KubeProxyConfiguration, rather than as a string of key-value pairs. For example:
KubeProxyConfiguration Before:
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
**featureGates: "SupportIPVSProxyMode=true"**
KubeProxyConfiguration After:
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
**featureGates:**
** SupportIPVSProxyMode: true**
-
The
kubeletconfig
API group has graduated from alpha to beta, and the name has changed tokubelet.config.k8s.io
. Please usekubelet.config.k8s.io/v1beta1
, askubeletconfig/v1alpha1
is no longer available. (#53833, @mtaufen) -
kube-apiserver: the experimental in-tree Keystone password authenticator has been removed in favor of extensions that enable use of Keystone tokens. (#59492, @dims)
-
The udpTimeoutMilliseconds field in the kube-proxy configuration file has been renamed to udpIdleTimeout. Administrators must update their files accordingly. (#57754, @ncdc)
-
The kubelet's
--cloud-provider=auto-detect
feature has been removed; make certain to specify the cloud provider. (#56287, @stewart-yu) -
kube-apiserver: the OpenID Connect authenticator no longer accepts tokens from the Google v3 token APIs; users must switch to the "https://www.googleapis.com/oauth2/v4/token" endpoint.
-
kube-apiserver: the root /proxy paths have been removed (deprecated since v1.2). Use the /proxy subresources on objects that support HTTP proxying. (#59884, @mikedanese)
-
Eviction thresholds set to 0% or 100% will turn off eviction. (#59681, @mtaufen)
-
CustomResourceDefinitions: OpenAPI v3 validation schemas containing
$ref
references are no longer permitted. Before upgrading, ensure CRD definitions do not include those$ref
fields. (#58438, @carlory) -
Webhooks now do not skip cluster-scoped resources. Before upgrading your Kubernetes clusters, double check whether you have configured webhooks for cluster-scoped objects (e.g., nodes, persistentVolume), as these webhooks will start to take effect. Delete/modify the configs if that's not desirable. (#58185, @caesarxuchao)
-
Using kubectl gcp auth plugin with a Google Service Account to authenticate to a cluster now additionally requests a token with the "userinfo.email" scope. This way, users can write ClusterRoleBindings/RoleBindings with the email address of the service account directly. (This is a breaking change if the numeric uniqueIDs of the Google service accounts were being used in RBAC role bindings. The behavior can be overridden by explicitly specifying the scope values as comma-separated string in the "users[*].config.scopes" field in the KUBECONFIG file.) This way, users can now set a Google Service Account JSON key in the GOOGLE_APPLICATION_CREDENTIALS environment variable, craft a kubeconfig file with GKE master IP+CA cert, and authenticate to GKE in headless mode without requiring gcloud CLI. (#58141, @ahmetb)
-
kubectl port-forward no longer supports the deprecated -p flag; the flag itself is unnecessary and should be replaced by just the
<pod-name>
. (#59705, @phsiao) -
Removed deprecated --require-kubeconfig flag, removed default --kubeconfig value ((#58367, @zhangxiaoyu-zidif)
-
The public-address-override, address, and port flags have been removed and replaced by bind-address, insecure-bind-address, and insecure-port, respectively. They are marked as deprecated in #36604, which is more than a year ago. (#59018, @hzxuzhonghu)
-
The alpha
--init-config-dir
flag has been removed. Instead, use the--config
flag to reference a kubelet configuration file directly. (#57624, @mtaufen) -
Removed deprecated and unmaintained salt support. kubernetes-salt.tar.gz will no longer be published in the release tarball. (#58248, @mikedanese)
-
The deprecated –mode switch for GCE has been removed.(#61203)
-
The word “manifest” has been expunged from the Kubelet API. (#60314)
-
kubernetes#49213 sig-cluster-lifecycle has decided to phase out the cluster/ directory over the next couple of releases in favor of deployment automations maintained outside of the core repo and outside of kubernetes orgs. @kubernetes/sig-cluster-lifecycle-misc)
-
Remove deprecated ContainerVM support from GCE kube-up. (#58247, @mikedanese)
-
Remove deprecated kube-push.sh functionality. (#58246, @mikedanese)
-
Remove deprecated container-linux support in gce kube-up.sh. (#58098, @mikedanese)
-
Remove deprecated and unmaintained photon-controller kube-up.sh. (#58096, @mikedanese)
-
Remove deprecated and unmaintained libvirt-coreos kube-up.sh. (#58023, @mikedanese)
-
Remove deprecated and unmaintained windows installer. (#58020, @mikedanese)
-
Remove deprecated and unmaintained openstack-heat kube-up.sh. (#58021, @mikedanese)
-
Remove deprecated vagrant kube-up.sh. (#58118,@roberthbailey)
-
-
The DaemonSet controller, its integration tests, and its e2e tests, have been updated to use the apps/v1 API. Users should, but are not yet required to, update their scripts accordingly. (#59883, @kow3ns)
-
MountPropagation feature is now beta. As a consequence, all volume mounts in containers are now
rslave
on Linux by default. To make this default work in all Linux environments the entire mount tree should be marked as shareable, e.g. viamount --make-rshared /
. All Linux distributions that use systemd already have the root directory mounted as rshared and hence they need not do anything. In Linux environments without systemd we recommend runningmount --make-rshared /
during boot before docker is started, (@jsafrane)
-
Use of subPath module with hostPath volumes can cause issues during reconstruction (#61446) and with containerized kubelets (#61456). The workaround for this issue is to specify the complete path in the hostPath volume. Use of subPathmounts nested within atomic writer volumes (configmap, secret, downwardAPI, projected) does not work (#61545), and socket files cannot be loaded from a subPath (#62377). Work on these issues is ongoing.
-
Kubeadm is currently omitting etcd certificates in a self-hosted deployment; this will be fixed in a point relelase. (#61322)
-
Some users, especially those with very large clusters, may see higher memory usage by the kube-controller-manager in 1.10. (#61041)
-
etcd2 as a backend is deprecated and support will be removed in Kubernetes 1.13.
-
VolumeScheduling and LocalPersistentVolume features are beta and enabled by default. The PersistentVolume NodeAffinity alpha annotation is deprecated and will be removed in a future release. (#59391, @msau42)
-
The alpha Accelerators feature gate is deprecated and will be removed in v1.11. Please use device plugins (kubernetes/enhancements#368) instead. They can be enabled using the DevicePlugins feature gate. (#57384, @mindprince)
-
The ability to use kubectl scale jobs is deprecated. All other scale operations remain in place, but the ability to scale jobs will be removed in a future release. (#60139, @soltysh)
-
Flags that can be set via the Kubelet's --config file are now deprecated in favor of the file. (#60148, @mtaufen)
-
--show-all
(which only affected pods and only for human readable/non-API printers) is now defaulted to true and deprecated. The flag determines whether pods in a terminal state are displayed. It will be inert in 1.11 and removed in a future release. (#60210, @deads2k) -
The ability to use the insecure HTTP port of kube-controller-manager and cloud-controller-manager has been deprecated, and will be removed in a future release. Use
--secure-port
and--bind-address
instead. (#59582, @sttts) -
The ability to use the insecure flags
--insecure-bind-address
,--insecure-port
in the apiserver has been deprecated and will be removed in a future release. Use--secure-port
and--bind-address
instead. (#59018, @hzxuzhonghu) -
The recycling reclaim policy has been deprecated. Users should use dynamic provisioning instead. (#59063, @ayushpateria)
-
kube-apiserver flag --tls-ca-file has had no effect for some time. It is now deprecated and slated for removal in 1.11. If you are specifying this flag, you must remove it from your launch config before upgrading to 1.11. (#58968, @deads2k)
-
The
PodSecurityPolicy
API has been moved to thepolicy/v1beta1
API group. ThePodSecurityPolicy
API in theextensions/v1beta1
API group is deprecated and will be removed in a future release. Authorizations for using pod security policy resources should change to reference thepolicy
API group after upgrading to 1.11. (#54933, @php-coder) -
Add
--enable-admission-plugin
--disable-admission-plugin
flags and deprecate--admission-control
. When using the separate flag, the order in which they're specified doesn't matter. (#58123, @hzxuzhonghu) -
The kubelet --docker-disable-shared-pid flag, which runs docker containers with a process namespace that is shared between all containers in a pod, is now deprecated and will be removed in a future release. It is replaced by
v1.Pod.Spec.ShareProcessNamespace
, which configures this behavior. This field is alpha and can be enabled with --feature-gates=PodShareProcessNamespace=true. (#58093, @verb) -
The kubelet's cadvisor port has been deprecated. The default will change to 0 (disabled) in 1.12, and the cadvisor port will be removed entirely in 1.13. (#59827, @dashpole)
-
rktnetes has been deprecated in favor of rktlet. Please see https://github.com/kubernetes-incubator/rktlet for more information. (#58418, @yujuhong)
-
The Kubelet now explicitly registers all of its command-line flags with an internal flagset, which prevents flags from third party libraries from unintentionally leaking into the Kubelet's command-line API. Many unintentionally leaked flags are now marked deprecated, so that users have a chance to migrate away from them before they are removed. In addition, one previously leaked flag, --cloud-provider-gce-lb-src-cidrs, has been entirely removed from the Kubelet's command-line API, because it is irrelevant to Kubelet operation. The deprecated flags are:
- --application_metrics_count_limit
- --boot_id_file
- --container_hints
- --containerd
- --docker
- --docker_env_metadata_whitelist
- --docker_only
- --docker-tls
- --docker-tls-ca
- --docker-tls-cert
- --docker-tls-key
- --enable_load_reader
- --event_storage_age_limit
- --event_storage_event_limit
- --global_housekeeping_interval
- --google-json-key
- --log_cadvisor_usage
- --machine_id_file
- --storage_driver_user
- --storage_driver_password
- --storage_driver_host
- --storage_driver_db
- --storage_driver_table
- --storage_driver_secure
- --storage_driver_buffer_duration
-
The boostrapped RBAC role and rolebinding for the
cloud-provider
service account is now deprecated. If you're currently using this service account, you must create and apply your own RBAC policy for new clusters. (#59949, @nicksardo) -
Format-separated endpoints for the OpenAPI spec, such as /swagger.json, /swagger-2.0.0.0.json, and so on, have been deprecated. The old endpoints will remain in 1.10, 1.11, 1.12 and 1.13, and get removed in 1.14. Please use single
/openapi/v2
endpoint with the appropriate Accept: header instead. For example:
previous | now |
GET /swagger.json | GET /openapi/v2 Accept: application/json |
GET /swagger-2.0.0.pb-v1 | GET /openapi/v2 Accept: application/[email protected]+protobuf |
GET /swagger-2.0.0.pb-v1.gz | GET /openapi/v2 Accept: application/[email protected]+protobuf Accept-Encoding: gzip |
-
Updated defaultbackend image to 1.4 and deployment apiVersion to apps/v1. Users should concentrate on updating scripts to the new version. (#57866, @zouyee)
-
Fix StatefulSet to work correctly with set-based selectors. (#59365, @ayushpateria)
-
Fixes a case when Deployment with recreate strategy could get stuck on old failed Pod. (#60301, @tnozicka)
-
ConfigMap objects now support binary data via a new
binaryData
field. When usingkubectl create configmap --from-file
, files containing non-UTF8 data will be placed in this new field in order to preserve the non-UTF8 data. Note that kubectl's--append-hash
feature doesn't takebinaryData
into account. Use of this feature requires 1.10+ apiserver and kubelets. (#57938, @dims)
-
Add AWS cloud provider option to use an assumed IAM role. For example, this allows running Controller Manager in a account separate from the worker nodes, but still allows all resources created to interact with the workers. ELBs created would be in the same account as the worker nodes for instance.(#59668, @brycecarman)
-
AWS EBS volume plugin now includes block and volumeMode support. (#58625, @screeley44)
-
On AWS kubelet returns an error when started under conditions that do not allow it to work (AWS has not yet tagged the instance), rather than failing silently. (#60125, @vainu-arto)
-
AWS Security Groups created for ELBs will now be tagged with the same additional tags as the ELB; that is, the tags specified by the "service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags" annotation. This is useful for identifying orphaned resources. (#58767, @2rs2ts)
-
AWS Network Load Balancers will now be deleted properly, including security group rules. Fixes #57568 (#57569, @micahhausler)
-
Time for attach/detach retry operations has been decreased from 10-12s to 2-6s (#56974, @gnufied)
-
vSphere operations will no longer fail due to authentication errors. (#57978, @prashima)
-
This removes the cloud-provider role and role binding from the rbac boostrapper and replaces it with a policy applied via addon mgr. This also creates a new clusterrole allowing the service account to create events for any namespace.
-
client-go: alpha support for out-of-tree exec-based credential providers. For example, a cloud provider could create their own authentication system rather than using the standard authentication provided with Kubernetes. (#59495, @ericchiang)
-
The node authorizer now allows nodes to request service account tokens for the service accounts of pods running on them. This allows agents using the node identity to take actions on behalf of local pods. (#55019, @mikedanese)
-
kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the --oidc-signing-algs flag. (#58544, @ericchiang)
-
Requests with invalid credentials no longer match audit policy rules where users or groups are set, correcting a problem where authorized requests were getting through. (#59398, @CaoShuFeng)
-
The Stackdriver Metadata Agent addon now includes RBAC manifests, enabling it to watch nodes and pods. (#57455, @kawych)
-
Fix RBAC role for certificate controller to allow cleaning up of Certificate Signing Requests that are Approved and issued or Denied. (#59375, @mikedanese)
-
kube-apiserver: Use of the
--admission-control-config-file
with a file containing an AdmissionConfiguration apiserver.k8s.io/v1alpha1 config object no longer leads to an error when launching kube-apiserver. (#58439 @liggitt) -
Default enabled admission plugins are now
NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota
. Please note that if you previously had not set the--admission-control
flag, your cluster behavior may change (to be more standard). (#58684, @hzxuzhonghu) -
Encryption key and encryption provider rotation now works properly. (#58375, @liggitt
-
RBAC: The system:kubelet-api-admin cluster role can be used to grant full access to the kubelet API so integrators can grant this role to the --kubelet-client-certificate credential given to the apiserver. (#57128, @liggitt)
-
DenyEscalatingExec admission controller now checks psp HostNetwork as well as hostIPC and hostPID. hostNetwork is also checked to deny exec /attach. (#56839, [@hzxuzhonghu]=(https://github.com/hzxuzhonghu))
-
When using Role-Based Access Control, the "admin", "edit", and "view" roles now have the expected permissions on NetworkPolicy resources, rather than reserving those permissions to only cluster-admin. (#56650, @danwinship)
-
Added docker-logins config to kubernetes-worker charm. (#56217, @Cynerva)
-
Add ability to control primary GID of containers through Pod Spec at Pod level and Per Container SecurityContext level. (#52077)
-
Use structured generator for kubectl autoscale. (#55913, @wackxu)
-
Allow kubectl to set image|env on a cronjob (#57742, @soltysh)
-
Fixed crash in kubectl cp when path has multiple leading slashes. (#58144, @tomerf)
-
kubectl port-forward now allows using resource name (e.g., deployment/www) to select a matching pod, as well as the use of --pod-running-timeout to wait until at least one pod is running. (#59705, @phsiao)
-
'cj' has been added as a shortname for CronJobs, as in
kubectl get cj
(#59499, @soltysh) -
crds
has been added as a shortname for CustomResourceDefinition, as inkubectl get crds
(#59061, @nikhita) -
Fix kubectl explain for resources not existing in default version of API group, such as
batch/v1, Kind=CronJob
. (#58753, @soltysh) -
Added the ability to select pods in a chosen node to be drained based on given pod label-selector. (#56864, @juanvallejo)
-
Kubectl explain now prints out the Kind and API version of the resource being explained. (#55689, @luksa)
-
The default Kubernetes version for kubeadm is now 1.10. (#61127, @timothysc)
-
The minimum Kubernetes version in kubeadm is now v1.9.0. (#57233, @xiangpengzhao)
-
Fixes a bug in Heapster deployment for google sink. (#57902, @kawych)
-
On cluster provision or upgrade, kubeadm now generates certs and secures all connections to the etcd static-pod with mTLS. This includes the etcd serving cert, the etcd peer cert, and the apiserver etcd client cert. Flags and hostMounts are added to the etcd and apiserver static-pods to load these certs. For connections to etcd, https is now used in favor of http. (#57415, @stealthybox These certs are also generated on upgrade. (#60385, @stealthybox)
-
Demoted controlplane passthrough flags apiserver-extra-args, controller-manager-extra-args, scheduler-extra-args to alpha flags (#59882, @kris-nova)
-
The new flag
--apiserver-advertise-dns-address
is used in the node's kubelet.confg to point to the API server, allowing users to define a DNS entry instead of an IP address. (#59288, @stevesloka) -
MasterConfiguration manifiest The criSocket flag is now usable within the
MasterConfiguration
andNodeConfiguration
manifest files that exist for configuring kubeadm. Before it only existed as a command line flag and was not able to be configured when using the--config
flag and the manifest files. (#59057(#59292, @JordanFaust) -
kubeadm init
can now omit the tainting of the master node if configured to do so inkubeadm.yaml
usingnoTaintMaster: true
. For example, uses can create a file with the content:
apiVersion: [kubeadm.k8s.io/v1alpha1](http://kubeadm.k8s.io/v1alpha1)
kind: MasterConfiguration
kubernetesVersion: v1.9.1
noTaintMaster: true
And point to the file using the --config flag, as in
kubeadm init --config /etc/kubeadm/kubeadm.yaml
-
kubeadm: New "imagePullPolicy" option in the init configuration file, that gets forwarded to kubelet static pods to control pull policy for etcd and control plane images. This option allows for precise image pull policy specification for master nodes and thus for more tight control over images. It is useful in CI environments and in environments, where the user has total control over master VM templates (thus, the master VM templates can be preloaded with the required Docker images for the control plane services). (#58960, @rosti)
-
Fixed issue with charm upgrades resulting in an error state. (#59064, @hyperbolic2346)
-
kube-apiserver --advertise-address is now set using downward API for self-hosted Kubernetes with kubeadm. (#56084, @andrewsykim)
-
When using client or server certificate rotation, the Kubelet will no longer wait until the initial rotation succeeds or fails before starting static pods. This makes running self-hosted masters with rotation more predictable. (#58930, @smarterclayton)
-
Kubeadm no longer throws an error for the --cloud-provider=external flag. (#58259, @dims)
-
Added support for network spaces in the kubeapi-load-balancer charm. (#58708, @hyperbolic2346)
-
Added support for network spaces in the kubernetes-master charm. (#58704, @hyperbolic2346)
-
Added support for network spaces in the kubernetes-worker charm. (#58523, @hyperbolic2346)
-
Added support for changing nginx and default backend images to kubernetes-worker config. (#58542, @hyperbolic2346)
-
kubeadm now accepts
--apiserver-extra-args
,--controller-manager-extra-args
and--scheduler-extra-args
, making it possible to override / specify additional flags for control plane components. One good example is to deploy Kubernetes with a different admission-control flag on API server. (#58080, @simonferquel) -
Alpha Initializers have been removed from kubadm admission control. Kubeadm users who still want to use Initializers can use apiServerExtraArgs through the kubeadm config file to enable it when booting up the cluster. (#58428, @dixudx)
-
ValidatingAdmissionWebhook and MutatingAdmissionWebhook are beta, and are enabled in kubeadm by default. (#58255, @dixudx)
-
Add proxy_read_timeout flag to kubeapi_load_balancer charm. (#57926, @wwwtyro)
-
Check for known manifests during preflight instead of only checking for non-empty manifests directory. This makes the preflight checks less heavy-handed by specifically checking for well-known files (kube-apiserver.yaml, kube-controller-manager.yaml, kube-scheduler.yaml, etcd.yaml) in /etc/kubernetes/manifests instead of simply checking for a non-empty directory. (#57287, @mattkelly)
-
PVC Protection alpha feature was renamed to Storage Protection. The Storage Protection feature is beta. (#59052, @pospispa)
-
iSCSI sessions managed by kubernetes will now explicitly set startup.mode to 'manual' to prevent automatic login after node failure recovery. This is the default open-iscsi mode, so this change will only impact users who have changed their startup.mode to be 'automatic' in /etc/iscsi/iscsid.conf. (#57475, @stmcginnis)
-
The IPVS feature gateway is now enabled by default in kubeadm, which makes the --feature-gates=SupportIPVSProxyMode=true obsolete, and it is no longer supported. (#60540, @m1093782566)
- ingress-gce image in glbc.manifest updated to 1.0.0 (#61302, @rramkumar1)
-
For advanced auditing, audit policy supports subresources wildcard matching, such as "resource/", "/subresource","*". (#55306, @hzxuzhonghu)
-
Auditing is now enabled behind a featureGate in kubeadm. A user can supply their own audit policy with configuration option as well as a place for the audit logs to live. If no policy is supplied a default policy will be provided. The default policy will log all Metadata level policy logs. It is the example provided in the documentation. (#59067, @chuckha)
-
Reduce Metrics Server memory requirement from 140Mi + 4Mi per node to 40Mi + 4Mi per node. (#58391, @kawych)
-
Annotations is added to advanced audit api. (#58806, @CaoShuFeng)
-
Reorganized iptables rules to fix a performance regression on clusters with thousands of services. (#56164, @danwinship)
-
Container runtime daemon (e.g. dockerd) logs in GCE cluster will be uploaded to stackdriver and elasticsearch with tag
container-runtime
. (#59103, @Random-Liu) -
Enable prometheus apiserver metrics for custom resources. (#57682, @nikhita)
-
Add apiserver metric for number of requests dropped because of inflight limit, making it easier to figure out on which dimension the master is overloaded. (#58340, @gmarek)
-
The Metrics Server now exposes metrics via the /metric endpoint. These metrics are in the prometheus format. (#57456, @kawych)
-
Reduced the CPU and memory requests for the Metrics Server Nanny sidecar container to free up unused resources. (#57252, @kawych)
-
Enabled log rotation for load balancer's api logs to prevent running out of disk space. (#56979, @hyperbolic2346)
-
Fixed
etcd-version-monitor
to backward compatibly support etcd 3.1 go-grpc-prometheus metrics format. (#56871, @jpbetz)
-
Summary of Container Runtime changes:
- [beta] cri-tools: CLI and validation tools for CRI is now v1.0.0-beta.0. This release mainly focused on UX improvements. [@feiskyer]
- [stable] containerd: containerd v1.1 natively supports CRI v1alpha2 now, so users can use Kubernetes v1.10 with containerd v1.1 directly, without having to use the intermediate cri-containerd daemon. All Kubernetes 1.10 tests passed. [@Random-Liu]
- [stable] cri-o: cri-o v1.10 updated CRI version to v1alpha2 and made several bug and stability fixes. [@mrunalp]
- [stable] frakti: frakti v1.10 implemented GCE Persistent Disk as a high performance volume, fixed several bugs, added ARM64 support, and passed all CRI validation conformance tests and node e2e conformance tests. [@resouer]
-
Fixed race conditions around devicemanager Allocate() and endpoint deletion. (#60856, @jiayingz)
-
kubelet initial flag parse now normalizes flags instead of exiting. (#61053, @andrewsykim)
-
Fixed regression where kubelet --cpu-cfs-quota flag did not work when --cgroups-per-qos was enabled (#61294, @derekwaynecarr)
-
Kubelet now supports container log rotation for container runtimes implementing CRI (container runtime interface). The feature can be enabled with feature gate
CRIContainerLogRotation
. The flags--container-log-max-size
and--container-log-max-files
can be used to configure the rotation behavior. (#59898, @Random-Liu) -
Fixed a bug where if an error was returned that was not an
autorest.DetailedError
we would return"not found", nil
which caused nodes to go toNotReady
state. (#57484, @brendandburns) -
HugePages feature is beta, and thus enabled by default. (#56939, @derekwaynecarr)
-
Avoid panic when failing to allocate a Cloud CIDR (aka GCE Alias IP Range). (#58186, @negz)
-
'none' can now be specified in KubeletConfiguration.EnforceNodeAllocatable (--enforce-node-allocatable) to explicitly disable enforcement. (#59515, @mtaufen)
-
The alpha KubeletConfiguration.ConfigTrialDuration field is no longer available. It can still be set using the dynamic configuration alpha feature. (#59628, @mtaufen)
-
Summary API will include pod CPU and Memory stats for CRI container runtime. (#60328, @Random-Liu)
-
Some field names in the Kubelet's now v1beta1 config API differ from the v1alpha1 API: for example, PodManifestPath is renamed to StaticPodPath, ManifestURL is renamed to StaticPodURL, and ManifestURLHeader is renamed to StaticPodURLHeader. Users should focus on switching to the v1beta1 API. (#60314, @mtaufen)
-
The DevicePlugins feature has graduated to beta, and is now enabled by default; users should focus on moving to the v1beta API if possible. (#60170, @jiayingz)
-
Per-cpu metrics have been disabled by default for to improve scalability. (#60106, @dashpole)
-
When the
PodShareProcessNamespace
alpha feature is enabled, settingpod.Spec.ShareProcessNamespace
totrue
will cause a single process namespace to be shared between all containers in a pod. (#58716, @verb) -
Resource quotas on extended resources such as GPUs are now supported. (#57302, @lichuqiang)
-
If the TaintNodesByCondition is enabled, a node will be tainted when it is under PID pressure. (#60008, @k82cn)
-
The Kubelet Summary API will now include total usage of pods through the "pods" SystemContainer. (#57802, @dashpole)
-
vSphere Cloud Provider supports VMs provisioned on vSphere v6.5. (#59519, @abrarshivani)
-
Created k8s.gcr.io image repo alias to pull images from the closest regional repo. Replaces gcr.io/google_containers. (#57824, @thockin)
-
Fix the bug where kubelet in the standalone mode would wait for the update from the apiserver source, even if there wasn't one. (#59276, @roboll)
-
Changes secret, configMap, downwardAPI and projected volumes to mount read-only, instead of allowing applications to write data and then reverting it automatically. Until version 1.11, setting the feature gate ReadOnlyAPIDataVolumes=false will preserve the old behavior. (#58720, @joelsmith)
-
Fixes a bug where kubelet crashes trying to free memory under memory pressure. (#58574, @yastij)
-
New alpha feature limits the number of processes running in a pod. Cluster administrators will be able to place limits by using the new kubelet command line parameter --pod-max-pids. Note that since this is a alpha feature they will need to enable the "SupportPodPidsLimit" feature. By default, we do not set any maximum limit, If an administrator wants to enable this, they should enable SupportPodPidsLimit=true in the --feature-gates= parameter to kubelet and specify the limit using the --pod-max-pids parameter. The limit set is the total count of all processes running in all containers in the pod. (#57973,@dims)
-
Fixes bug finding master replicas in GCE when running multiple Kubernetes clusters. (#58561, @jesseshieh)
-
--tls-min-version on kubelet and kube-apiserver allow for configuring minimum TLS versions (#58528, @deads2k)
-
Fix a bug affecting nested data volumes such as secret, configmap, etc. (#57422, @joelsmith)
-
kubelet will no longer attempt to remove images being used by running containers when garbage collecting. (#57020, @dixudx)
-
Allow kubernetes components to react to SIGTERM signal and shutdown gracefully. (#57756, @mborsz)
-
Fixed garbage collection and resource quota issue when the controller-manager uses --leader-elect=false (#57340, @jmcmeek)
-
Fixed issue creating docker secrets with kubectl 1.9 for accessing docker private registries. (#57463, @dims)
-
The CPU Manager feature is now beta, and is enabled by default, but the default policy is no-op so no action is required. (#55977, @ConnorDoyle)
-
Fixed a bug in the OpenStack cloud provider where dual stack deployments (IPv4 and IPv6) did not work well when using kubenet as the network plugin. (#59749, @zioproto)
-
Fixed a bug that tries to use the octavia client to query flip. (#59075, @jrperritt)
-
Kubernetes now registers metadata.hostname as node name for OpenStack nodes, eliminating a problem with invalid node names. (#58502, @dixudx)
-
Authentication information for OpenStack cloud provider can now be specified as environment variables. When we convert the OpenStack cloud provider to run in an external process, we can now use the kubernetes Secrets capability to inject the OS_* variables. This way we can specify the cloud configuration as a configmap, and specify secrets for the userid/password information. The configmap is mounted as a file, and the secrets are made available as environment variables. The external controller itself runs as a pod/daemonset. For backward compatibility, we preload all the OS_* variables, and if anything is in the config file, then that overrides the environment variables. (#58300, @dims)
-
Fixed issue when using OpenStack config drive for node metadata. Since we need to run commands such as blkid, we need to ensure that api server and kube controller are running in the privileged mode. (#57561, @dims)
-
Orphaned routes are properly removed from terminated instances. (#56258, @databus23)
-
OpenStack Cinder will now detach properly when Nova is shut down. (#56846, @zetaab)
-
Added the ability to limit the increase in apiserver memory usage when audit logging with buffering is enabled. (#61118, @shyamjvs)
-
Upgrade to etcd client 3.2.13 and grpc 1.7.5 to improve HA etcd cluster stability. (#57480, @jpbetz)
-
Fixes CVE-2017-1002101 - See https://issue.k8s.io/60813 for details on this major security fix. (#61044, @liggitt)
-
Fixed missing error checking that could cause kubelet to crash in a race condition. (#60962, @technicianted)
-
Fixed a regression that prevented using
subPath
volume mounts with secret, configMap, projected, and downwardAPI volumes. (#61080, @liggitt) -
K8s supports cephfs fuse mount. (#55866, @zhangxiaoyu-zidif)
-
Use GiB unit for creating and resizing volumes for Glusterfs. (#56581, @gnufied)
-
Adding support for Block Volume type to rbd plugin. (#56651, @sbezverk)
-
Add FSType for CSI volume source to specify filesystems (alpha defaults to ext4) (#58209, @NickrenREN)
-
Enabled File system resize of mounted volumes. (#58794, @gnufied)
-
The Local Volume Plugin has been updated to support Block volumeMode PVs. With this change, it is now possible to create local volume PVs for raw block devices. (#59303, @dhirajh)
-
Fixed an issue where Portworx volume driver wasn't passing namespace and annotations to the Portworx Create API. (#59607, @harsh-px)
-
Addressed breaking changes introduced by new 0.2.0 release of CSI spec. Specifically, csi.Version was removed from all API calls and CcontrollerProbe and NodeProbe were consolidated into a single Probe API call. (#59209, @sbezverk)
-
GCE PD volume plugin now supports block volumes. (#58710, @screeley44)
-
Implements MountDevice and UnmountDevice for the CSI Plugin, the functions will call through to NodeStageVolume/NodeUnstageVolume for CSI plugins. (#60115, @davidz627)
-
The LocalStorageCapacityIsolation feature is beta and enabled by default. The LocalStorageCapacityIsolation feature added a new resource type ResourceEphemeralStorage "ephemeral-storage" so that this resource can be allocated, limited, and consumed as the same way as CPU/memory. All the features related to resource management (resource request/limit, quota, limitrange) are available for local ephemeral storage. This local ephemeral storage represents the storage for root file system, which will be consumed by containers' writable layer and logs. Some volumes such as emptyDir might also consume this storage. (#60159, @jingxu97)
-
VolumeScheduling and LocalPersistentVolume features are beta and enabled by default. The PersistentVolume NodeAffinity alpha annotation is deprecated and will be removed in a future release. (#59391, @msau42)
-
K8s now supports rbd-nbd for Ceph rbd volume mounts. (#58916, @ianchakeres)
-
CSI now allows credentials to be specified on CreateVolume/DeleteVolume, ControllerPublishVolume/ControllerUnpublishVolume, and NodePublishVolume/NodeUnpublishVolume operations. Before this change all API calls had to fetch key/value stored in secret and use it to authenticate/authorize these operations. With this change API calls receive key/value as a input parameter so they not need to know where and how credentials were stored and fetched. Main goal was to make these API calls CO (Container Orchestrator) agnostic. (#60118, @sbezverk)
-
StorageOS volume plugin has been updated to support mount options and environments where the kubelet runs in a container and the device location should be specified. (#58816, @croomes)
-
Get parent dir via canonical absolute path when trying to judge mount-point, fixing a problem that caused an NFS volume with improper permissions to get stuck in
TERMINATING
status. (#58433, [@yue9944882]](https://github.com/yue9944882)) -
Clusters with GCE feature 'DiskAlphaAPI' enabled can now dynamically provision GCE PD volumes. (#59447, @verult)
-
Added
keyring
parameter for Ceph RBD provisioner. (#58287, @madddi) -
Added xfsprogs to hyperkube container image. (#56937, @redbaron)
-
Improved messages user gets during and after volume resizing is done, providing a clear message to the user explaining what to do when resizing is finished. (#58415, @gnufied)
-
MountPropagation feature is now beta. As consequence, all volume mounts in containers are now "rslave" on Linux by default. To make this default work in all Linux environments you should have entire mount tree marked as shareable via "mount --make-rshared /". All Linux distributions that use systemd already have root directory mounted as rshared and hence they need not do anything. In Linux environments without systemd we recommend running "mount --make-rshared /" during boot, before docker is started. (#59252, @jsafrane)
-
Volume metrics support for vSphere Cloud Provider has been added. You can now monitor available space, capacity, and used space on volumes created using vSphere. (#59328, @divyenpatel)
-
Emit number of bound and unbound persistent volumes as Metrics. This PR adds four kinds of Volume Metrics for kube-controller-manager: bound PVC numbers, unbound PVC numbers, bound PV numbers and unbound PV numbers. The PVC metrics use namespace as dimension and the PV metrics use StorageClassName as its dimension. With these metrics we can better monitor the use of volumes in the cluster. (#57872, @mlmhl)
-
Add windows config to Kubelet CRI so that WindowsContainerResources can be managed. (#57076, @feiskyer)
-
PersistentVolumes that are bound to a PersistentVolumeClaim will not be deleted. (#58743, @NickrenREN)
-
The VolumeAttachment API is now available as V1beta1, and is enabled by default. The Alpha API is deprecated and will be removed in a future release. (#58462, @NickrenREN)
-
Add storage-backend configuration option to kubernetes-master charm. (#58830, @wwwtyro)
-
Fixed dynamic provisioning of GCE PDs to round to the next GB (base 1000) instead of GiB (base 1024). (#56600, @edisonxiang)
-
PersistentVolume flexVolume sources can now reference secrets in a namespace other than the PersistentVolumeClaim's namespace. (#56460, @liggitt)
-
kubelet and kube-proxy can now be run as native Windows services. (#60144, @alinbalutoiu)
-
WindowsContainerResources is set now for windows containers. (#59333, @feiskyer)
-
Disable mount propagation for windows containers (because it is not supported by the OS). (#60275, @feiskyer)
-
Fix image file system stats for windows nodes. (#59743, @feiskyer)
-
Kubernetes will now return an error if New-SmbGlobalMapping failed when mounting an azure file on Windows. (#59540, @andyzhangx)
-
Kubernetes now uses the more reliable GlobalMemoryStatusEx to get total physical memory on windows nodes. (#57124, @JiangtianLi)
-
Windows containers now support experimental Hyper-V isolation by setting annotation
experimental.windows.kubernetes.io/isolation-type=hyperv
and feature gates HyperVContainer. At the moment this function only supports one container per pod. (#58751, @feiskyer) -
Get windows kernel version directly from registry rather than windows.getVersion(). (#58498, @feiskyer)
-
Fixed controller manager crash when using mixed case names in a vSphere cloud provider environment. (#57286, @rohitjogvmw)
-
Flexvolume is now enabled on Windows nodes. (#56921, @andyzhangx)
-
The getSubnetIDForLB() returns subnet id rather than net id. (#58208, @FengyunPan)
-
kubectl scale
can now scale any resource (kube, CRD, aggregate) conforming to the standard scale endpoint (#58298, @p0lyn0mial) -
Cluster Autoscaler has been updated to Version 1.2.0, which includes fixes around GPUs and base image change. See https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.2.0for details. (#60842, @mwielgus)
-
Allows HorizontalPodAutoscaler to use global metrics not associated with any Kubernetes object (for example metrics from a hosting service running outside of the Kubernetes cluster). (#60096, @MaciekPytel)
-
fluentd-gcp resources can be modified via a ScalingPolicy. (#59657, @x13n)
-
Added anti-affinity to kube-dns pods. Otherwise the "no single point of failure" setting doesn't actually work (a single node failure can still take down the entire cluster). (#57683, @vainu-arto)
-
Fixed webhooks to use the scheme provided in clientConfig, instead of defaulting to http. (#60943, @jennybuckley)
-
The webhook admission controller in a custom apiserver now works off-the-shelf. (#60995, @caesarxuchao)
-
Upgrade the default etcd server version to 3.1.12 to pick up critical etcd "mvcc "unsynced" watcher restore operation" fix. (#60998, @jpbetz)
-
Fixed bug allowing garbage collector to enter a broken state that could only be fixed by restarting the controller-manager. (#61201, @jennybuckley)
-
kube-apiserver: The external hostname no longer longer use the cloud provider API to select a default. It can be set explicitly using --external-hostname, if needed. If there is no default, AdvertiseAddress or os.Hostname() will be used, in that order. (#56812, @dims)
-
Custom resources can be listed with a set of grouped resources (category) by specifying the categories in the CustomResourceDefinition spec. Example: They can be used with
kubectl get important
, whereimportant
is a category. (#59561, @nikhita) -
Fixed an issue making it possible to create a situation in which two webhooks make it impossible to delete each other. ValidatingWebhooks and MutatingWebhooks will not be called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects in the admissionregistration.k8s.io group (#59840, @jennybuckley)
-
Fixed potential deadlock when deleting CustomResourceDefinition for custom resources with finalizers. (#60542, @liggitt)
-
A buffered audit backend can be used with other audit backends. (#60076, @crassirostris)
-
Introduced
--http2-max-streams-per-connection
command line flag on api-servers and set default to 1000 for aggregated API servers. (#60054, @MikeSpreitzer) -
APIserver backed by etcdv3 exports metric shows number of resources per kind. (#59757, @gmarek)
-
Add
kubectl create job --from-cronjob
command. (#60084, @soltysh) -
/status
and/scale
subresources have been added for custom resources. See kubernetes#55168 for more details. (#55168, @nikhita) -
Restores the ability of older clients to delete and scale jobs with initContainers. (#59880, @liggitt)
-
Fixed a race condition causing apiserver crashes during etcd healthchecking. (#60069, @wojtek-t)
-
Fixed a race condition in k8s.io/client-go/tools/cache.SharedInformer that could violate the sequential delivery guarantee and cause panics on shutdown in Kubernetes 1.8.* and 1.9.*. (#59828, @krousey)
-
Add automatic etcd 3.2->3.1 and 3.1->3.0 minor version rollback support to gcr.io/google_container/etcd images. For HA clusters, all members must be stopped before performing a rollback. (#59298, @jpbetz)
-
The
meta.k8s.io/v1alpha1
objects for retrieving tabular responses from the server (Table
) or fetching just theObjectMeta
for an object (asPartialObjectMetadata
) are now beta as part ofmeta.k8s.io/v1beta1
and configurations must be changed to use the new API. Clients may request alternate representations of normal Kubernetes objects by passing anAccept
header likeapplication/json;as=Table;g=meta.k8s.io;v=v1beta1
orapplication/json;as=PartialObjectMetadata;g=meta.k8s.io;v1=v1beta1
. Older servers will ignore this representation or return an error if it is not available. Clients may request fallback to the normal object by adding a non-qualified mime-type to theirAccept
header likeapplication/json
- the server will then respond with either the alternate representation if it is supported or the fallback mime-type which is the normal object response. (#59059, @smarterclayton) -
kube-apiserver now uses SSH tunnels for webhooks if the webhook is not directly routable from apiserver's network environment. (#58644, @yguo0905)
-
Access to externally managed IP addresses via the kube-apiserver service proxy subresource is no longer allowed by default. This can be re-enabled via the
ServiceProxyAllowExternalIPs
feature gate, but will be disallowed completely in 1.11 (#57265, @brendandburns) -
The apiregistration.k8s.io (aggregation) is now generally available. Users should transition from the v1beta1 API to the v1 API. (#58393, @deads2k)
-
Fixes an issue where the resourceVersion of an object in a DELETE watch event was not the resourceVersion of the delete itself, but of the last update to the object. This could disrupt the ability of clients clients to re-establish watches properly. (#58547, @liggitt)
-
kube-apiserver: requests to endpoints handled by unavailable extension API servers (as indicated by an
Available
condition offalse
in the registered APIService) now return503
errors instead of404
errors. (#58070, @weekface) -
Custom resources can now be submitted to and received from the API server in application/yaml format, consistent with other API resources. (#58260, @liggitt)
-
Fixed kube-proxy to work correctly with iptables 1.6.2 and later. (#60978, @danwinship)
-
Makes the kube-dns addon optional so that users can deploy their own DNS solution. (#57113, @wwwtyro)
-
kubectl port-forward
now supports specifying a service to port forward to, as inkubectl port-forward svc/myservice 8443:443
. Additional support has also been added for looking up targetPort for a service, as well as enabling using svc/name to select a pod. (#59809, @phsiao) -
Make NodePort IP addresses configurable. (#58052, @m1093782566)
-
Fixed the issue in kube-proxy iptables/ipvs mode to properly handle incorrect IP version. (#56880, @MrHohn)
-
Kubeadm: CoreDNS supports migration of the kube-dns configuration to CoreDNS configuration when upgrading the service discovery from kube-dns to CoreDNS as part of Beta. (#58828, @rajansandeep)
-
Adds BETA support for
DNSConfig
field in PodSpec andDNSPolicy=None
, so configurable pod resolve.conf is now enabled by default. (#59771, @MrHohn) -
Removed some redundant rules created by the iptables proxier to improve performance on systems with very many services. (#57461, @danwinship)
-
Fix an issue where port forwarding doesn't forward local TCP6 ports to the pod (#57457, @vfreex)
-
Correctly handle transient connection reset errors on GET requests from client library. (#58520, @porridge)
-
GCE: Allows existing internal load balancers to continue using a subnetwork that may have been wrongfully chosen due to a bug choosing subnetworks on automatic networks. (#57861, @nicksardo)
-
Set node external IP for azure node when disabling UseInstanceMetadata. (#60959, @feiskyer)
-
Changed default azure file/dir mode to 0755. (#56551, @andyzhangx)
-
Fixed azure file plugin failure issue on Windows after node restart. (#60625, @andyzhangx)(#60623, @feiskyer)
-
Fixed race condition issue when detaching azure disk, preventing
Multi-Attach error
s when scheduling one pod from one node to another. (#60183, @andyzhangx) -
Add AzureDisk support for vmss nodes. (#59716, @feiskyer)
-
Map correct vmset name for Azure internal load balancers. (#59747, @feiskyer)
-
Node's providerID will now follow the Azure resource ID format (
azure:///subscriptions/<id>/resourceGroups/<rg>/providers/Microsoft.Compute/virtualMachines/<node-name>
rather thanazure://d84a1c30-0c9f-11e8-8a34-000d3a919531
) when useInstanceMetadata is enabled (#59539, @feiskyer) -
Azure public IP is now correctly removed after a service is deleted. (#59340, @feiskyer)
-
Added PV size grow feature for azure filesystems. (#57017, @andyzhangx)
-
Ensured IP is set for Azure internal load balancer. (#59083, @feiskyer)
-
Set fsGroup by securityContext.fsGroup in azure file. However,f user both sets gid=xxx in mountOptions in azure storage class and securityContext.fsGroup, gid=xxx setting in mountOptions takes precedence. (#58316, @andyzhangx)
-
If an Azure disk is not found, K8s will immediately detach it. (#58345, @rootfs)
-
Instrumented the Azure cloud provider for Prometheus monitoring. (#58204, @cosmincojocar)
-
Fixed device name change issues for azure disk. (#57953, @andyzhangx) (#57549, @andyzhangx)
-
Support multiple scale sets in Azure cloud provider. (#57543, @feiskyer)
-
Support LoadBalancer for Azure Virtual Machine Scale Sets (#57131, @feiskyer)
-
Fixed incorrect error info when creating an azure file PVC failed. (#56550, @andyzhangx)
-
Added mount options support for azure disk. For example:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: hdd
provisioner: kubernetes.io/azure-disk
mountOptions:
- barrier=1
- acl
parameters:
skuname: Standard_LRS
kind: Managed
fstype: ext3
-
Fixed a bug the in scheduler cache by using Pod UID as the cache key instead of namespace/name (#61069, @anfernee)
-
When
TaintNodesByCondition
is enabled, addednode.kubernetes.io/unschedulable:NoSchedule
(#61161, @k82cn) -
kube-scheduler: Support extender managed extended resources in kube-scheduler (#60332, @yguo0905)
-
Updated priority of mirror pod according to PriorityClassName. (#58485, @k82cn)
-
kube-scheduler: restores default leader election behavior. Setting the
--leader-elect
command line parameter totrue
(#60524, @dims) -
All pods with priorityClassName system-node-critical and system-cluster-critical will be critical pods while preserving backwards compatibility. (#58835, @ravisantoshgudimetla)
-
Priority admission controller picks a global default with the lowest priority value if more than one such default PriorityClass exists. (#59991, @bsalamat)
-
Disallow PriorityClass names with 'system-' prefix for user defined priority classes. (#59382, @bsalamat)
-
kube-scheduler: Use default predicates/prioritizers if they are unspecified in the policy config. (#59363, @yguo0905)
-
Scheduler should be able to read from config file if configmap is not present. (#59386, @ravisantoshgudimetla)
-
Add apiserver metric for current inflight-request usage. (#58342, @gmarek)
-
Stability: Make Pod delete event handling of scheduler more robust. (#58712, @bsalamat)* Allow scheduler set AlwaysCheckAllPredicates, short circuit all predicates if one predicate fails can greatly improve the scheduling performance. (#56926, @wgliang)
-
GCE: support passing kube-scheduler policy config via SCHEDULER_POLICY_CONFIG. This allows us to specify a customized scheduler policy configuration. (#57425, @yguo0905)
-
Returns an error for non overcommitable resources if they don't have limit field set in container spec to prevent users from creating invalid configurations. (#57170, @jiayingz)
-
GCE: Fixed ILB creation on automatic networks with manually created subnetworks. (#57351, @nicksardo)
-
Multiple Performance Improvements to the MatchInterPodAffinity predicate (#57476, @misterikkit)(#57477, @misterikkit)
-
The calico-node addon tolerates all NoExecute and NoSchedule taints by default. So Calico components can even be scheduled on tainted nodes. (#57122, @caseydavenport)
-
The scheduler skips pods that use a PVC that either does not exist or is being deleted. (#55957, @jsafrane)
-
Updated dashboard version to v1.8.3, which keeps auto-generated certs in memory. (#57326, @floreks)
-
fluentd-gcp addon: Fixed bug with reporting metrics in event-exporter. (#60126, @serathius)
-
Avoid hook errors when effecting label changes on kubernetes-worker charm. (#59803, @wwwtyro)
-
Fixed charm issue where docker login would run prior to daemon options being set. (#59396, @kwmonroe)
-
Implementers of the cloud provider interface will note the addition of a context to this interface. Trivial code modification will be necessary for a cloud provider to continue to compile. (#59287, @cheftako)
-
Added configurable etcd quota backend bytes in GCE. (#59259, @wojtek-t)
-
GCP: allow a master to not include a metadata concealment firewall rule (if it's not running the metadata proxy). (#58104, @ihmccreery)
-
Fixed issue with kubernetes-worker option allow-privileged not properly handling the value True with a capital T. (#59116, @hyperbolic2346)
-
Controller-manager --service-sync-period flag has been removed. (It was never used in the code and should have no user impact.) (#59359, @khenidak)
-
[fluentd-gcp addon] Switch to the image provided by Stackdriver. The Stackdriver Logging Agent container image uses fluentd v0.14.25. (#59128, @bmoyles0117)
-
CRI now uses moutpoint as image filesystem identifier instead of UUID. (#59475, @Random-Liu)
-
GCE: support Cloud TPU API in cloud provider (#58029, @yguo0905)
-
kubelet now notifies systemd that it has finished starting, if systemd is available and running. (#60654, @dcbw)
-
Do not count failed pods as unready in HPA controller (#60648, @bskiba)
-
fixed foreground deletion of podtemplates (#60683, @nilebox)
-
Conformance tests are added for the DaemonSet kinds in the apps/v1 group version. Deprecated versions of DaemonSet will not be tested for conformance, and conformance is only applicable to release 1.10 and later. (#60456, @kow3ns)
-
Log audit backend can now be configured to perform batching before writing events to disk. (#60237, @crassirostris)
-
New conformance tests added for the Garbage Collector (#60116, @jennybuckley)
-
Fixes a bug where character devices are not recongized by the kubelet (#60440, @andrewsykim)
-
StatefulSet in apps/v1 is now included in Conformance Tests. (#60336, @enisoc)
-
dockertools: disable memory swap on Linux. (#59404, @ohmystack)
-
Increase timeout of integration tests (#60458, @jennybuckley)
-
force node name lowercase on static pod name generating (#59849, @yue9944882
-
fix device name change issue for azure disk (#60346, @andyzhangx)
-
Additional changes to iptables kube-proxy backend to improve performance on clusters with very large numbers of services. (#60306, @danwinship)
-
Increase allowed lag for ssh key sync loop in tunneler to allow for one failure (#60068, @wojtek-t)
-
Set an upper bound (5 minutes) on how long the Kubelet will wait before exiting when the client cert from disk is missing or invalid. This prevents the Kubelet from waiting forever without attempting to bootstrap a new client credentials. (#59316, @smarterclayton)
-
Add ipset binary for IPVS to hyperkube docker image (#57648, @Fsero)
-
Making sure CSI E2E test runs on a local cluster (#60017, @sbezverk)
-
Separate current ARM rate limiter into read/write (#59830, @khenidak)
-
Improve control over how ARM rate limiter is used within Azure cloud provider, add generic cache for Azure VM/LB/NSG/RouteTable (#59520, @feiskyer)
-
fix typo (#59619, @jianliao82)
-
DaemonSet, Deployment, ReplicaSet, and StatefulSet objects are now persisted in etcd in apps/v1 format (#58854, @liggitt)
-
YAMLDecoder Read now tracks rest of buffer on io.ErrShortBuffer (#58817, @karlhungus)
-
Prevent kubelet from getting wedged if initialization of modules returns an error. (#59020, @brendandburns)
-
Fixed a race condition inside kubernetes-worker that would result in a temporary error situation. (#59005, @hyperbolic2346)
-
Fix regression in the CRI: do not add a default hostname on short image names (#58955, @runcom)
-
use containing API group when resolving shortname from discovery (#58741, @dixudx)
-
fluentd-es addon: multiline stacktraces are now grouped into one entry automatically (#58063, @monotek)
-
Default scheduler code is moved out of the plugin directory. (#57852, @misterikkit)
-
CDK nginx ingress is now handled via a daemon set. (#57530, @hyperbolic2346)
-
Move local PV negative scheduling tests to integration (#57570, @sbezverk)
-
Only create Privileged PSP binding during e2e tests if RBAC is enabled. (#56382, @mikkeloscar)
-
ignore nonexistent ns net file error when deleting container network in case a retry (#57697, @dixudx)
-
Use old dns-ip mechanism with older cdk-addons. (#57403, @wwwtyro)
-
Retry 'connection refused' errors when setting up clusters on GCE. (#57394, @mborsz)
-
YAMLDecoder Read now returns the number of bytes read (#57000, @sel)
-
Drop hacks used for Mesos integration that was already removed from main kubernetes repository (#56754, @dims)
-
Compare correct file names for volume detach operation (#57053, @prashima)
-
The ConfigOK node condition has been renamed to KubeletConfigOk. (#59905, @mtaufen)
-
Adding pkg/kubelet/apis/deviceplugin/v1beta1 API. (#59588, @jiayingz)
-
Fixes volume predicate handler for equiv class (#59335, @resouer)
-
Bugfix: vSphere Cloud Provider (VCP) does not need any special service account anymore. (#59440, @rohitjogvmw)
-
fix the error prone account creation method of blob disk (#59739, @andyzhangx)
-
Updated kubernetes-worker to request new security tokens when the aws cloud provider changes the registered node name. (#59730, @hyperbolic2346)
-
Pod priority can be specified ins PodSpec even when the feature is disabled, but it will be effective only when the feature is enabled. (#59291, @bsalamat)* Add generic cache for Azure VMSS (#59652, @feiskyer)
-
fix the create azure file pvc failure if there is no storage account in current resource group (#56557, @andyzhangx)
-
Implement envelope service with gRPC, so that KMS providers can be pulled out from API server. (#55684, @wu-qiang)
-
Enable golint for
pkg/scheduler
and fix the golint errors in it. (#58437, @tossmilestone) -
Ensure euqiv hash calculation is per schedule (#59245, @resouer)
-
Upped the timeout for apiserver communication in the juju kubernetes-worker charm. (#59219, @hyperbolic2346)
-
kubeadm init: skip checking cri socket in preflight checks (#58802, @dixudx)
-
Configurable etcd compaction frequency in GCE (#59106, @wojtek-t)
-
Fixed a bug which caused the apiserver reboot failure in the presence of malfunctioning webhooks. (#59073, @caesarxuchao)
-
GCE: Apiserver uses
InternalIP
as the most preferred kubelet address type by default. (#59019, @MrHohn) -
CRI: Add a call to reopen log file for a container. (#58899, @yujuhong)
-
The alpha KubeletConfigFile feature gate has been removed, because it was redundant with the Kubelet's --config flag. It is no longer necessary to set this gate to use the flag. The --config flag is still considered alpha. (#58978, @mtaufen)
-
Fixing extra_sans option on master and load balancer. (#58843, @hyperbolic2346)
-
Ensure config has been created before attempting to launch ingress. (#58756, @wwwtyro)
-
Support metrics API in
kubectl top
commands. (#56206, @brancz) -
Bump GCE metadata proxy to v0.1.9 to pick up security fixes. (#58221, @ihmccreery)
-
"ExternalTrafficLocalOnly" has been removed from feature gate. It has been a GA feature since v1.7. (#56948, @MrHohn)
-
feat(fakeclient): push event on watched channel on add/update/delete (#57504, @yue9944882)
-
Fixes a possible deadlock preventing quota from being recalculated (#58107, @ironcladlou)
-
Bump metadata proxy version to v0.1.7 to pick up security fix. (#57762, @ihmccreery)
-
The kubelet uses a new release 3.1 of the pause container with the Docker runtime. This version will clean up orphaned zombie processes that it inherits. (#57517, @verb)
-
Add cache for VM get operation in azure cloud provider (#57432, @karataliu)
-
Configurable liveness probe initial delays for etcd and kube-apiserver in GCE (#57749, @wojtek-t)
-
Improve scheduler performance of MatchInterPodAffinity predicate. (#57478, @misterikkit)
-
Add the path '/version/' to the
system:discovery
cluster role. (#57368, @brendandburns) -
adding predicates ordering for the kubernetes scheduler. (#57168, @yastij)
-
Fix ipvs proxier nodeport ethassumption (#56685, @m1093782566)
-
Fix Heapster configuration and Metrics Server configuration to enable overriding default resource requirements. (#56965, @kawych)
-
Improved event generation in volume mount, attach, and extend operations (#56872, @davidz627)
-
Remove ScrubDNS interface from cloudprovider. (#56955, @feiskyer)
-
Fixed a garbage collection race condition where objects with ownerRefs pointing to cluster-scoped objects could be deleted incorrectly. (#57211, @liggitt)
-
api-server provides specific events when unable to repair a service cluster ip or node port (#54304, @frodenas)
-
delete useless params containerized (#56146, @jiulongzaitian)
-
dockershim now makes an Image's Labels available in the Info field of ImageStatusResponse (#58036, @shlevy)
-
Support GetLabelsForVolume in OpenStack Provider (#58871, @edisonxiang)
-
Add "nominatedNodeName" field to PodStatus. This field is set when a pod preempts other pods on the node. (#58990, @bsalamat)* Fix the PersistentVolumeLabel controller from initializing the PV labels when it's not the next pending initializer. (#56831, @jhorwit2)
-
Rename StorageProtection to StorageObjectInUseProtection (#59901, @NickrenREN)
-
Add support for cloud-controller-manager in local-up-cluster.sh (#57757, @dims)
-
GCE: A role and clusterrole will now be provided with GCE/GKE for allowing the cloud-provider to post warning events on all services and watching configmaps in the kube-system namespace. No user action is required. (#59686, @nicksardo)
-
Wait for kubedns to be ready when collecting the cluster IP. (#57337, @wwwtyro)
- The supported etcd server version is 3.1.12, as compared to 3.0.17 in v1.9 (#60988)
- The validated docker versions are the same as for v1.9: 1.11.2 to 1.13.1 and 17.03.x (ref)
- The Go version is go1.9.3, as compared to go1.9.2 in v1.9. (#59012)
- The minimum supported go is the same as for v1.9: go1.9.1. (#55301)
- CNI is the same as v1.9: v0.6.0 (#51250)
- CSI is updated to 0.2.0 as compared to 0.1.0 in v1.9. (#60736)
- The dashboard add-on has been updated to v1.8.3, as compared to 1.8.0 in v1.9. (#517326)
- Heapster has is the same as v1.9: v1.5.0. It will be upgraded in v1.11. (ref)
- Cluster Autoscaler has been updated to v1.2.0. (#60842, @mwielgus)
- Updates kube-dns to v1.14.8 (#57918, @rramkumar1)
- Influxdb is unchanged from v1.9: v1.3.3 (#53319)
- Grafana is unchanged from v1.9: v4.4.3 (#53319)
- CAdvisor is v0.29.1 (#60867)
- fluentd-gcp-scaler is v0.3.0 (#61269)
- Updated fluentd in fluentd-es-image to fluentd v1.1.0 (#58525, @monotek)
- fluentd-elasticsearch is v2.0.4 (#58525)
- Updated fluentd-gcp to v3.0.0. (#60722)
- Ingress glbc is v1.0.0 (#61302)
- OIDC authentication is coreos/go-oidc v2 (#58544)
- Updated fluentd-gcp updated to v2.0.11. (#56927, @x13n)
- Calico has been updated to v2.6.7 (#59130, @caseydavenport)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | d7409a0bf36558b8328eefc01959920641f1fb2630fe3ac19b266fcea05a1646 |
kubernetes-src.tar.gz | 4384bfe4151850e5d169b125c0cba51b7c2f00aa9972a6b4c22c44af74e8e3f8 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 1eb98b5d527ee9ed375f06df96c1158b9879880eb12d68a81e823d7a92e3866d |
kubernetes-client-darwin-amd64.tar.gz | be7e35e9698b84ace37e0ed54640c3958c0d9eea8bd413eb8b604ec02922321a |
kubernetes-client-linux-386.tar.gz | 825a80abdb1171e72c1660fb7854ed6e8290cb7cb54ebb88c3570b3f95e77a02 |
kubernetes-client-linux-amd64.tar.gz | 97e22907c3f0780818b7124c50451ae78e930cd99ec8f96f188cdd080547e21b |
kubernetes-client-linux-arm64.tar.gz | d27674c7daec425f0fa72ca14695e7f13c81cfd08517ceb1f5ce1bb052b5b9b2 |
kubernetes-client-linux-arm.tar.gz | e54f1fc7cf95981f54d68108ad0113396357ff0c7baaf6a76a635f0de21fb944 |
kubernetes-client-linux-ppc64le.tar.gz | 7535a6668e6ca6888b22615439fae8c68d37d62f572b284755db87600050a6c6 |
kubernetes-client-linux-s390x.tar.gz | 6a9f90e2ea5cb50b2691c45d327cca444ae9bfc41cba43ca22016679da940a71 |
kubernetes-client-windows-386.tar.gz | cc5fef5e054588ad41870a379662d8429bd0f09500bcf4a67648bf6593d18aaf |
kubernetes-client-windows-amd64.tar.gz | a06033004c5cecc43494d95dd5d5e75f698cf8e4d358c229c5fef222c131b077 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | e844897e9a39ca14a449e077cb4e4f2dc6c7d5326b95a1e47bef3b6f9c6057f7 |
kubernetes-server-linux-arm64.tar.gz | c15476626cd750a8f59c30c3389ada482995aea66b510c43732035d33e87e774 |
kubernetes-server-linux-arm.tar.gz | 74a1ff7478d7ca5c4ccb2fb772ef13745a20cfb512e3e66f238abb98122cc4eb |
kubernetes-server-linux-ppc64le.tar.gz | 3b004717fe811352c15fe71f3122d2eaac7e0d1c4ff07d8810894c877b409c0f |
kubernetes-server-linux-s390x.tar.gz | b6ff40f13355b47e2c02c6c016ac334a3f5008769ed7b4377c617c2fc9e30b7a |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | a3a3e27c2b77fa46b7c9ff3b8bfdc672c2657e47fc4b1ca3d76cdc102ca27630 |
kubernetes-node-linux-arm64.tar.gz | af172c9d71ba2d15e14354159ac34ca7fe112b7d2d2ba38325c467950aa04755 |
kubernetes-node-linux-arm.tar.gz | fb904aa009c3309e92505ceff15863f83d9317af15cbf729bcbd198f5be3379f |
kubernetes-node-linux-ppc64le.tar.gz | 659f0091578e42b111417d45f708be2ac60447512e485dab7d2f4abaeee36f49 |
kubernetes-node-linux-s390x.tar.gz | ce40dcc55ca299401ddf146b2622dd7f19532e95620bae63aea58a45a8020875 |
kubernetes-node-windows-amd64.tar.gz | 0f8b5c551f58cdf298d41258483311cef66fe1b41093152a43120514a493b23d |
- Updates kubeadm default to use 1.10 (#61127, @timothysc)
- Bump ingress-gce image in glbc.manifest to 1.0.0 (#61302, @rramkumar1)
- Fix regression where kubelet --cpu-cfs-quota flag did not work when --cgroups-per-qos was enabled (#61294, @derekwaynecarr)
- Fix bug allowing garbage collector to enter a broken state that could only be fixed by restarting the controller-manager. (#61201, @jennybuckley)
- When
TaintNodesByCondition
enabled, addednode.kubernetes.io/unschedulable:NoSchedule
(#61161, @k82cn)- taint to the node if
spec.Unschedulable
is true. - When
ScheduleDaemonSetPods
enabled,node.kubernetes.io/unschedulable:NoSchedule
- toleration is added automatically to DaemonSet Pods; so the
unschedulable
field of - a node is not respected by the DaemonSet controller.
- taint to the node if
- Fixed kube-proxy to work correctly with iptables 1.6.2 and later. (#60978, @danwinship)
- Audit logging with buffering enabled can increase apiserver memory usage (e.g. up to 200MB in 100-node cluster). The increase is bounded by the buffer size (configurable). Ref: issue #60500 (#61118, @shyamjvs)
- Fix a bug in scheduler cache by using Pod UID as the cache key instead of namespace/name (#61069, @anfernee)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | 69132f3edcf549c686055903e8ef007f0c92ec05a8ec1e3fea4d5b4dc4685580 |
kubernetes-src.tar.gz | 60ba32e493c0a1449cdbd615d709e9d46780c91c88255e8e9f468c5e4e124576 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 80ef567c51aa705511ca20fbfcad2e85f1dc4fb750c0f58e0d82f4166359273f |
kubernetes-client-darwin-amd64.tar.gz | 925830f3c6c135adec206012ae94807b58b9438008ae87881e7a9d648ab993ec |
kubernetes-client-linux-386.tar.gz | 9e4f40325a27b79f16eb3254c6283d67e2fecd313535b300f9931800e4c495a4 |
kubernetes-client-linux-amd64.tar.gz | 85ee9bfa519e49283ab711c73f52809f8fc43616cc2076dc060987e6f262ff95 |
kubernetes-client-linux-arm.tar.gz | f0123581243a278052413e862208a797e78e7689c6dba0da08ab3200feedd66c |
kubernetes-client-linux-arm64.tar.gz | dd19b034e1798f5bb0b1c6230ef294ca8f3ef7944837c5d49dce4659bb284b8e |
kubernetes-client-linux-ppc64le.tar.gz | 84a46003fe0140f8ecec03befceed7a4d955f9f88abdced99ecee24bc675b113 |
kubernetes-client-linux-s390x.tar.gz | c4ee2bf9f7ea66ab41b350220920644bee3eeceb13cfd19873843a9ab43b372d |
kubernetes-client-windows-386.tar.gz | 917e768179e82a33232281b9b6e555cee75cf6315bd3c60a1fce4717fbd0e538 |
kubernetes-client-windows-amd64.tar.gz | 915f3cc888332b360701a4b20d1af384ec5388636f2c3e3868e36124ce8a96a8 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 01b50da6bae8abe4e2c813381c3848ff615fc1d8164d11b163ac0819554ad7b4 |
kubernetes-server-linux-arm.tar.gz | 0a1ebd399759a68972e6248b09ce46a76deef931e51c807e032fefc4210e3dde |
kubernetes-server-linux-arm64.tar.gz | b8298a06aed6cd1c624855fb4e2d7258e8f9201fbc5bfebc8190c24273e95d9b |
kubernetes-server-linux-ppc64le.tar.gz | b3b03dc71476f70c8a62cf5ac72fe0bfa433005778d39bfbc43fe225675f9986 |
kubernetes-server-linux-s390x.tar.gz | 940bc9b4f73f32896f3c55d1b5824f931517689ec62b70600c8699e84bc725ee |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | bcc29195864e4e486a7e8194be06f3cf575203e012790ea6d70003349b108701 |
kubernetes-node-linux-arm.tar.gz | 35ab99a6cd30c2ea6a1f2347d244fb8583bfd7ef1d54f89fbf9a3a3be14fb9e7 |
kubernetes-node-linux-arm64.tar.gz | fcb611d964c7e1c546fbbb38c8b30b3e3bb54226540caa0b80930f53e321dd2e |
kubernetes-node-linux-ppc64le.tar.gz | 4de7b25cf712df27b6eec5232dc2891e07dbeb8c3699a145f777cc0629f1fe9c |
kubernetes-node-linux-s390x.tar.gz | 2f0b6a01c7c86209f031f47e1901bf3da82efef4db5b73b4e7d83be04b03c814 |
kubernetes-node-windows-amd64.tar.gz | 619013157435d8da7f58bb339aa21d5a080c341aebe226934d1139d29cff72be |
- Fix a regression that prevented using
subPath
volume mounts with secret, configMap, projected, and downwardAPI volumes (#61080, @liggitt) - Upgrade the default etcd server version to 3.1.12 to pick up critical etcd "mvcc "unsynced" watcher restore operation" fix. (#60998, @jpbetz)
- Fixed missing error checking that could cause kubelet to crash in a race condition. (#60962, @technicianted)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | 65880d0bb77eeb83554bb0a6c78b6d3a25cd38ef7d714bbe2c73b203386618d6 |
kubernetes-src.tar.gz | e9fbf8198fd80c92dd7e2ecf0cf6cefda06f9b89e7986ae141412f8732dae47c |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 50b1a41e70804f74b3e76d7603752d45dfd47011fd986d055462e1330330aa45 |
kubernetes-client-darwin-amd64.tar.gz | 3658e70ae9761464df50c6cae8d57349648c80d16658892e42ea898ddab362bc |
kubernetes-client-linux-386.tar.gz | 00b8c048b201931ab1fb059df030e0bfc866f3c3ff464213aa6071ff261a3d33 |
kubernetes-client-linux-amd64.tar.gz | 364d6439185399e72f96bea1bf2863deb2080f4bf6df721932ef14ec45b2d5fc |
kubernetes-client-linux-arm.tar.gz | 98670b2e965e118fb02901aa949cd1eb12d34ffd0bba7ff22014e9ad587556bc |
kubernetes-client-linux-arm64.tar.gz | 5f4febc543aa2f10c0c8aee9c9a8cb169b19b04486bda4cf1f72c80fa7a3a483 |
kubernetes-client-linux-ppc64le.tar.gz | ff3d020e97e2ff4c1824db910f13945d70320fc3988cc24385708cab58d4065f |
kubernetes-client-linux-s390x.tar.gz | 508695afe6d3466488bc20cad31c184723cb238d1c311d2d1c4f9f1c9e981bd6 |
kubernetes-client-windows-386.tar.gz | 9f6372cfb973d04a150e1388d96cb60e7fe6ccb9ba63a146ff2dee491c2e3f4e |
kubernetes-client-windows-amd64.tar.gz | 2c85f2f13dc535d3c777f186b7e6d9403d64ac18ae01d1e460a8979e62845e04 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 4797ada6fd43e223d67840e815c1edb244a3b40a3a1b6ecfde7789119f2add3d |
kubernetes-server-linux-arm.tar.gz | fb2fdb4b2feb41adbbd33fe4b7abbe9780d91a288a64ff7acf85d5ef942d3960 |
kubernetes-server-linux-arm64.tar.gz | bc1f35e1999beaac91b65050f70c8e539918b927937e88bfcfa34a0c26b96701 |
kubernetes-server-linux-ppc64le.tar.gz | cce312f5af7dd182c8cc4ef35a768fef788a849a93a6f2f36e9d2991e721b362 |
kubernetes-server-linux-s390x.tar.gz | 42edec36fa34a4cc4959af20a587fb05924ccc87c94b0f845953ba1ceec56bb7 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | e517986261e3789cada07d9063ae96ed9b17ffd80c1b220b6ae9c41238c07c08 |
kubernetes-node-linux-arm.tar.gz | 9eb213248982816a855a7ff18c9421d5e987d5f1c472880a16bc6c477ce8da2a |
kubernetes-node-linux-arm64.tar.gz | e938dce3ec05cedcd6ab8e2b63224170db00e2c47e67685eb3cb4bad247ac8c0 |
kubernetes-node-linux-ppc64le.tar.gz | bc9bf3d55f85d3b30f0a28fd79b7610ecdf019b8bc8d7f978da62ee0006c72eb |
kubernetes-node-linux-s390x.tar.gz | c5a1b18b8030ec86748e23d45f1de63783c2e95d67b0d6c2fcbcd545d205db8d |
kubernetes-node-windows-amd64.tar.gz | df4f4e8df8665ed08a9a3d9816e61c6c9f0ce50e4185b6c7a7f34135ad1f91d0 |
- kubelet initial flag parse should normalize flags instead of exiting. (#61053, @andrewsykim)
- Fixes CVE-2017-1002101 - See https://issue.k8s.io/60813 for details (#61044, @liggitt)
- Fixes the races around devicemanager Allocate() and endpoint deletion. (#60856, @jiayingz)
- When ScheduleDaemonSetPods is enabled, the DaemonSet controller will delegate Pods scheduling to default scheduler. (#59862, @k82cn)
- Set node external IP for azure node when disabling UseInstanceMetadata (#60959, @feiskyer)
- Bug fix, allow webhooks to use the scheme provided in clientConfig, instead of defaulting to http. (#60943, @jennybuckley)
- Downgrade default etcd server version to 3.1.11 due to #60589 (#60891, @shyamjvs)
- kubelet and kube-proxy can now be ran as Windows services (#60144, @alinbalutoiu)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | d07d77f16664cdb5ce86c87de36727577f48113efdb00f83283714ac1373d521 |
kubernetes-src.tar.gz | c27b06e748e4c10f42472f51ddfef7e9546e4ec9d2ce9f7a9a3c5768de8d97bf |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | d63168f9155f04e4b47fe96381f9aa06c3d498b6e6b71d1fb8c3ffeb0f3c6e4c |
kubernetes-client-darwin-amd64.tar.gz | f473cbe830c1bfb738b0a66f07b3cd858ba185232eba26fe776f90d8a27bd7c1 |
kubernetes-client-linux-386.tar.gz | 2a0f74d30cdaf19ed7c3fde3528e98a8cd98fdb9dc6e6a501525e69895674d56 |
kubernetes-client-linux-amd64.tar.gz | 69c18569717a97cb5e6bc22bebcf2f64969ba68b11685faaf2949c4ffbcd0b73 |
kubernetes-client-linux-arm.tar.gz | 10e1d76a1ee6c0df9f9cce40d18c350a1e3e3665e6fe64d22e4433b6283d3fe2 |
kubernetes-client-linux-arm64.tar.gz | 12f081b99770548c8ddd688ae6b417c196f8308bd5901abbed6f203e133411ae |
kubernetes-client-linux-ppc64le.tar.gz | 6e1a035b4857539c90324e00b150ae65aaf4f4524250c9ca7d77ad5936f0628e |
kubernetes-client-linux-s390x.tar.gz | 5a8e2b0d14e18a39f821b09a7d73fa5c085cf6c197aeb540a3fe289e04fcc0d9 |
kubernetes-client-windows-386.tar.gz | 03fac6befb94b85fb90e0bb47596868b4da507d803806fad2a5fb4b85c98d87d |
kubernetes-client-windows-amd64.tar.gz | 3bf8dd42eb70735ebdbda4ec4ec54e9507410e2f97ab2f364b88c2f24fdf471c |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 1278703060865281aa48b1366e3c4b0720d4eca623ba08cf852a4719a6680ec3 |
kubernetes-server-linux-arm.tar.gz | b1e2b399bec8c25b7b6037203485d2d09b091afc51ffebf861d5bddb8bb076ac |
kubernetes-server-linux-arm64.tar.gz | 4c3d0ed44d6a19ae178034117891678ec373894b02f8d33627b37a36c2ea815b |
kubernetes-server-linux-ppc64le.tar.gz | 88a7b52030104a4c6fb1f8c5f79444ed853f381e1463fec7e4939a9998d92dff |
kubernetes-server-linux-s390x.tar.gz | 35981580c00bff0e3d92238f961e37dd505c08bcd4cafb11e274daa1eb8ced5f |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | ceedb0a322167bae33042407da5369e0b7889fbaa3568281500c921afcdbe310 |
kubernetes-node-linux-arm.tar.gz | b84ab4c486bc8f00841fccce2aafe4dcef25606c8f3184bce2551ab6486c8f71 |
kubernetes-node-linux-arm64.tar.gz | b79a41145c28358a64d7a689cd282cf8361fe87c410fbae1cdc8db76cfcf6e5b |
kubernetes-node-linux-ppc64le.tar.gz | afc00f67b9f6d4fc149d4426fc8bbf6083077e11a1d2330d70be7e765b6cb923 |
kubernetes-node-linux-s390x.tar.gz | f6128bbccddfe8ce39762bacb5c13c6c68d76a4bf8d35e773560332eb05a2c86 |
kubernetes-node-windows-amd64.tar.gz | b1dde1ed2582cd511236fec69ebd6ca30281b30cc37e0841c493f06924a466cf |
- ACTION REQUIRED: LocalStorageCapacityIsolation feature is beta and enabled by default. (#60159, @jingxu97)
- Upgrade the default etcd server version to 3.2.16 (#59836, @jpbetz)
- Cluster Autoscaler 1.1.2 (#60842, @mwielgus)
- ValidatingWebhooks and MutatingWebhooks will not be called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects in the admissionregistration.k8s.io group (#59840, @jennybuckley)
- Kubeadm: CoreDNS supports migration of the kube-dns configuration to CoreDNS configuration when upgrading the service discovery from kube-dns to CoreDNS as part of Beta. (#58828, @rajansandeep)
- Fix broken useManagedIdentityExtension for azure cloud provider (#60775, @feiskyer)
- kubelet now notifies systemd that it has finished starting, if systemd is available and running. (#60654, @dcbw)
- Do not count failed pods as unready in HPA controller (#60648, @bskiba)
- fixed foreground deletion of podtemplates (#60683, @nilebox)
- Conformance tests are added for the DaemonSet kinds in the apps/v1 group version. Deprecated versions of DaemonSet will not be tested for conformance, and conformance is only applicable to release 1.10 and later. (#60456, @kow3ns)
- Log audit backend can now be configured to perform batching before writing events to disk. (#60237, @crassirostris)
- Fixes potential deadlock when deleting CustomResourceDefinition for custom resources with finalizers (#60542, @liggitt)
- fix azure file plugin failure issue on Windows after node restart (#60625, @andyzhangx)
- Set Azure vmType to standard if it is not set in azure cloud config. (#60623, @feiskyer)
- On cluster provision or upgrade, kubeadm generates an etcd specific CA for all etcd related certificates. (#60385, @stealthybox)
- kube-scheduler: restores default leader election behavior. leader-elect command line parameter should "true" (#60524, @dims)
- client-go: alpha support for exec-based credential providers (#59495, @ericchiang)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | 428139d9877f5f94acc806cc4053b0a5f8eac2acc219f06efd0817807473dbc5 |
kubernetes-src.tar.gz | 5bfdecdbb43d946ea965f22ec6b8a0fc7195197a523aefebc2b7b926d4252edf |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 8cc086e901fe699df5e0711438195e675e099848a72ba272b290d22abc107a93 |
kubernetes-client-darwin-amd64.tar.gz | b2782b8f6dbfe3fa962b08606cbf3366b071b78c47794d2ef67f9d484b4af4e4 |
kubernetes-client-linux-386.tar.gz | a4001ad2387ccb4557b15c560b0ea8ea4d7c7ed494375346e3f83c10eb9426ac |
kubernetes-client-linux-amd64.tar.gz | b95d354e80d9f00a883e5eeb8c2e0ceaacc0f3cc8c904cb2eca1e1b6d91462b2 |
kubernetes-client-linux-arm64.tar.gz | 647d234c59bc1d6f8eea88624d85b09bbe1272d9e27e1f7963e03cc025530ed0 |
kubernetes-client-linux-arm.tar.gz | 187da9ad060ac7d426811772f6c3d891a354945af6a7d8832ac7097e19d4b46d |
kubernetes-client-linux-ppc64le.tar.gz | 6112396b8f0e7b1401b374aa2ae6195849da7718572036b6f060a722a89dc319 |
kubernetes-client-linux-s390x.tar.gz | 09789cf33d8eed610ad2eef7d3ae25a4b4a63ee5525e452f9094097a172a1ce9 |
kubernetes-client-windows-386.tar.gz | 1e71bc9979c8915587cdea980dad36b0cafd502f972c051c2aa63c3bbfeceb14 |
kubernetes-client-windows-amd64.tar.gz | 3c2978479c6f65f1cb5043ba182a0571480090298b7d62090d9bf11b043dd27d |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | d887411450bbc06e2f4a24ce3c478fe6844856a8707b3236c045d44ab93b27d2 |
kubernetes-server-linux-arm64.tar.gz | 907f037eea90bf893520d3adeccdf29eda69eea32c564b08cecbedfd06471acd |
kubernetes-server-linux-arm.tar.gz | f2ac4ad4f831a970cb35c1d7194788850dff722e859a08a879c918db1233aaa7 |
kubernetes-server-linux-ppc64le.tar.gz | 0bebb59217b491c5aa4b4b9dc740c0c8c5518872f6f86853cbe30493ea8539a5 |
kubernetes-server-linux-s390x.tar.gz | 5f343764e04e3a8639dffe225cc6f8bc6f17e1584b2c68923708546f48d38f89 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | c4475c315d4ae27c30f80bc01d6ea8b0b8549ec6a60a5dc745cf11a0c4398c23 |
kubernetes-node-linux-arm64.tar.gz | 4512a4c3e62cd26fb0d3f78bfc8de9a860e7d88e7c913c5df4c239536f89da42 |
kubernetes-node-linux-arm.tar.gz | 1da407ad152b185f520f04215775a8fe176550a31a2bb79e3e82968734bdfb5c |
kubernetes-node-linux-ppc64le.tar.gz | f23f6f819e6d894f8ca7457f80ee4ede729fd35ac59e9c65ab031b56aa06d4a1 |
kubernetes-node-linux-s390x.tar.gz | 205c789f52a4c666a63ac7944ffa8ee325cb97e788b748c262eae59b838a94ba |
kubernetes-node-windows-amd64.tar.gz | aa7675fd22d9ca671585f429f6981aa79798f1894025c3abe3a7154f3c94aae6 |
- [action required] Default Flexvolume plugin directory for COS images on GCE is changed to
/home/kubernetes/flexvolume
. (#58171, @verult) - action required: [GCP kube-up.sh] Some variables that were part of kube-env are no longer being set (ones only used for kubelet flags) and are being replaced by a more portable mechanism (kubelet configuration file). The individual variables in the kube-env metadata entry were never meant to be a stable interface and this release note only applies if you are depending on them. (#60020, @roberthbailey)
- action required: Deprecate format-separated endpoints for OpenAPI spec. Please use single
/openapi/v2
endpoint instead. (#59293, @roycaihw) - action required: kube-proxy: feature gates are now specified as a map when provided via a JSON or YAML KubeProxyConfiguration, rather than as a string of key-value pairs. (#57962, @xiangpengzhao)
- Action Required: The boostrapped RBAC role and rolebinding for the
cloud-provider
service account is now deprecated. If you're currently using this service account, you must create and apply your own RBAC policy for new clusters. (#59949, @nicksardo) - ACTION REQUIRED: VolumeScheduling and LocalPersistentVolume features are beta and enabled by default. The PersistentVolume NodeAffinity alpha annotation is deprecated and will be removed in a future release. (#59391, @msau42)
- action required: Deprecate the kubelet's cadvisor port. The default will change to 0 (disabled) in 1.12, and the cadvisor port will be removed entirely in 1.13. (#59827, @dashpole)
- action required: The
kubeletconfig
API group has graduated from alpha to beta, and the name has changed tokubelet.config.k8s.io
. Please usekubelet.config.k8s.io/v1beta1
, askubeletconfig/v1alpha1
is no longer available. (#53833, @mtaufen) - Action required: Default values differ between the Kubelet's componentconfig (config file) API and the Kubelet's command line. Be sure to review the default values when migrating to using a config file. (#59666, @mtaufen)
- kube-apiserver: the experimental in-tree Keystone password authenticator has been removed in favor of extensions that enable use of Keystone tokens. (#59492, @dims)
- The udpTimeoutMilliseconds field in the kube-proxy configuration file has been renamed to udpIdleTimeout. Action required: administrators need to update their files accordingly. (#57754, @ncdc)
- Enable IPVS feature gateway by default (#60540, @m1093782566)
- dockershim now makes an Image's Labels available in the Info field of ImageStatusResponse (#58036, @shlevy)
- kube-scheduler: Support extender managed extended resources in kube-scheduler (#60332, @yguo0905)
- Fix the issue in kube-proxy iptables/ipvs mode to properly handle incorrect IP version. (#56880, @MrHohn)
- WindowsContainerResources is set now for windows containers (#59333, @feiskyer)
- GCE: support Cloud TPU API in cloud provider (#58029, @yguo0905)
- The node authorizer now allows nodes to request service account tokens for the service accounts of pods running on them. (#55019, @mikedanese)
- Fix StatefulSet to work with set-based selectors. (#59365, @ayushpateria)
- New conformance tests added for the Garbage Collector (#60116, @jennybuckley)
- Make NodePort IP addresses configurable (#58052, @m1093782566)
- Implements MountDevice and UnmountDevice for the CSI Plugin, the functions will call through to NodeStageVolume/NodeUnstageVolume for CSI plugins. (#60115, @davidz627)
- Fixes a bug where character devices are not recongized by the kubelet (#60440, @andrewsykim)
- [fluentd-gcp addon] Switch to the image, provided by Stackdriver. (#59128, @bmoyles0117)
- StatefulSet in apps/v1 is now included in Conformance Tests. (#60336, @enisoc)
- K8s supports rbd-nbd for Ceph rbd volume mounts. (#58916, @ianchakeres)
- AWS EBS volume plugin got block volume support (#58625, @screeley44)
- Summary API will include pod CPU and Memory stats for CRI container runtime. (#60328, @Random-Liu)
- dockertools: disable memory swap on Linux. (#59404, @ohmystack)
- On AWS kubelet returns an error when started under conditions that do not allow it to work (AWS has not yet tagged the instance). (#60125, @vainu-arto)
- Increase timeout of integration tests (#60458, @jennybuckley)
- Fixes a case when Deployment with recreate strategy could get stuck on old failed Pod. (#60301, @tnozicka)
- Buffered audit backend is introduced, to be used with other audit backends. (#60076, @crassirostris)
- Update dashboard version to v1.8.3 (#57326, @floreks)
- GCE PD volume plugin got block volume support (#58710, @screeley44)
- force node name lowercase on static pod name generating (#59849, @yue9944882)
- AWS Security Groups created for ELBs will now be tagged with the same additional tags as the ELB (i.e. the tags specified by the "service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags" annotation.) (#58767, @2rs2ts)
- Fixes an error when deleting an NLB in AWS - Fixes #57568 (#57569, @micahhausler)
- fix device name change issue for azure disk (#60346, @andyzhangx)
- On cluster provision or upgrade, kubeadm now generates certs and secures all connections to the etcd static-pod with mTLS. (#57415, @stealthybox)
- Some field names in the Kubelet's now v1beta1 config API differ from the v1alpha1 API: PodManifestPath is renamed to StaticPodPath, ManifestURL is renamed to StaticPodURL, ManifestURLHeader is renamed to StaticPodURLHeader. (#60314, @mtaufen)
- Adds BETA support for
DNSConfig
field in PodSpec andDNSPolicy=None
. (#59771, @MrHohn) - kubeadm: Demote controlplane passthrough flags to alpha flags (#59882, @kris-nova)
- DevicePlugins feature graduates to beta. (#60170, @jiayingz)
- Additional changes to iptables kube-proxy backend to improve performance on clusters with very large numbers of services. (#60306, @danwinship)
- CSI now allows credentials to be specified on CreateVolume/DeleteVolume, ControllerPublishVolume/ControllerUnpublishVolume, and NodePublishVolume/NodeUnpublishVolume operations (#60118, @sbezverk)
- Disable mount propagation for windows containers. (#60275, @feiskyer)
- Introduced
--http2-max-streams-per-connection
command line flag on api-servers and set default to 1000 for aggregated API servers. (#60054, @MikeSpreitzer) - APIserver backed by etcdv3 exports metric showing number of resources per kind (#59757, @gmarek)
- The DaemonSet controller, its integration tests, and its e2e tests, have been updated to use the apps/v1 API. (#59883, @kow3ns)
- Fix image file system stats for windows nodes (#59743, @feiskyer)
- Custom resources can be listed with a set of grouped resources (category) by specifying the categories in the CustomResourceDefinition spec. Example: They can be used with
kubectl get all
, whereall
is a category. (#59561, @nikhita) - [fluentd-gcp addon] Fixed bug with reporting metrics in event-exporter (#60126, @serathius)
- Critical pods to use priorityClasses. (#58835, @ravisantoshgudimetla)
--show-all
(which only affected pods and only for human readable/non-API printers) is now defaulted to true and deprecated. It will be inert in 1.11 and removed in a future release. (#60210, @deads2k)- Removed some redundant rules created by the iptables proxier, to improve performance on systems with very many services. (#57461, @danwinship)
- Disable per-cpu metrics by default for scalability. (#60106, @dashpole)
- Fix inaccurate disk usage monitoring of overlayFs.
- Retry docker connection on startup timeout to avoid permanent loss of metrics.
- When the
PodShareProcessNamespace
alpha feature is enabled, settingpod.Spec.ShareProcessNamespace
totrue
will cause a single process namespace to be shared between all containers in a pod. (#60181, @verb) - add spelling checking script (#59463, @dixudx)
- Allows HorizontalPodAutoscaler to use global metrics not associated with any Kubernetes object (for example metrics from a hoster service running outside of Kubernetes cluster). (#60096, @MaciekPytel)
- fix race condition issue when detaching azure disk (#60183, @andyzhangx)
- Add kubectl create job command (#60084, @soltysh)
- [Alpha] Kubelet now supports container log rotation for container runtime which implements CRI(container runtime interface). (#59898, @Random-Liu)
- The feature can be enabled with feature gate
CRIContainerLogRotation
. - The flags
--container-log-max-size
and--container-log-max-files
can be used to configure the rotation behavior.
- The feature can be enabled with feature gate
- Reorganized iptables rules to fix a performance regression on clusters with thousands of services. (#56164, @danwinship)
- StorageOS volume plugin updated to support mount options and environments where the kubelet runs in a container and the device location should be specified. (#58816, @croomes)
- Use consts as predicate name in handlers (#59952, @resouer)
/status
and/scale
subresources are added for custom resources. (#55168, @nikhita)- Allow kubectl env to specify which keys to import from a config map (#60040, @PhilipGough)
- Set default enabled admission plugins
NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota
(#58684, @hzxuzhonghu) - Fix instanceID for vmss nodes. (#59857, @feiskyer)
- Deprecate kubectl scale jobs (only jobs). (#60139, @soltysh)
- Adds new flag
--apiserver-advertise-dns-address
which is used in node kubelet.confg to point to API server (#59288, @stevesloka) - Fix kube-proxy flags validation for --healthz-bind-address and --metrics-bind-address to allow specifying ip:port. (#54191, @MrHohn)
- Increase allowed lag for ssh key sync loop in tunneler to allow for one failure (#60068, @wojtek-t)
- Flags that can be set via the Kubelet's --config file are now deprecated in favor of the file. (#60148, @mtaufen)
- PVC Protection alpha feature was renamed to Storage Protection. Storage Protection feature is beta. (#59052, @pospispa)
- kube-apiserver: the root /proxy paths have been removed (deprecated since v1.2). Use the /proxy subresources on objects that support HTTP proxying. (#59884, @mikedanese)
- Set an upper bound (5 minutes) on how long the Kubelet will wait before exiting when the client cert from disk is missing or invalid. This prevents the Kubelet from waiting forever without attempting to bootstrap a new client credentials. (#59316, @smarterclayton)
- v1.Pod now has a field to configure whether a single process namespace should be shared between all containers in a pod. This feature is in alpha preview. (#58716, @verb)
- Priority admission controller picks a global default with the lowest priority value if more than one such default PriorityClass exists. (#59991, @bsalamat)
- Add ipset binary for IPVS to hyperkube docker image (#57648, @Fsero)
- kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the --oidc-signing-algs flag. (#58544, @ericchiang)
- kube-apiserver: the OpenID Connect authenticator no longer accepts tokens from the Google v3 token APIs, users must switch to the "https://www.googleapis.com/oauth2/v4/token" endpoint.
- Rename StorageProtection to StorageObjectInUseProtection (#59901, @NickrenREN)
- kubeadm: add criSocket field to MasterConfiguration manifiest (#59057, @JordanFaust)
- kubeadm: add criSocket field to NodeConfiguration manifiest (#59292, @JordanFaust)
- The
PodSecurityPolicy
API has been moved to thepolicy/v1beta1
API group. ThePodSecurityPolicy
API in theextensions/v1beta1
API group is deprecated and will be removed in a future release. Authorizations for using pod security policy resources should change to reference thepolicy
API group after upgrading to 1.11. (#54933, @php-coder) - Restores the ability of older clients to delete and scale jobs with initContainers (#59880, @liggitt)
- Support for resource quota on extended resources (#57302, @lichuqiang)
- Fix race causing apiserver crashes during etcd healthchecking (#60069, @wojtek-t)
- If TaintNodesByCondition enabled, taint node when it under PID pressure (#60008, @k82cn)
- Expose total usage of pods through the "pods" SystemContainer in the Kubelet Summary API (#57802, @dashpole)
- Unauthorized requests will not match audit policy rules where users or groups are set. (#59398, @CaoShuFeng)
- Making sure CSI E2E test runs on a local cluster (#60017, @sbezverk)
- Addressing breaking changes introduced by new 0.2.0 release of CSI spec (#59209, @sbezverk)
- GCE: A role and clusterrole will now be provided with GCE/GKE for allowing the cloud-provider to post warning events on all services and watching configmaps in the kube-system namespace. (#59686, @nicksardo)
- Updated PID pressure node condition (#57136, @k82cn)
- Add AWS cloud provider option to use an assumed IAM role (#59668, @brycecarman)
kubectl port-forward
now supports specifying a service to port forward to:kubectl port-forward svc/myservice 8443:443
(#59809, @phsiao)- Fix kubelet PVC stale metrics (#59170, @cofyc)
- The ConfigOK node condition has been renamed to KubeletConfigOk. (#59905, @mtaufen)
- fluentd-gcp resources can be modified via a ScalingPolicy (#59657, @x13n)
- Adding pkg/kubelet/apis/deviceplugin/v1beta1 API. (#59588, @jiayingz)
- Fixes volume predicate handler for equiv class (#59335, @resouer)
- Bugfix: vSphere Cloud Provider (VCP) does not need any special service account anymore. (#59440, @rohitjogvmw)
- Fixing a bug in OpenStack cloud provider, where dual stack deployments (IPv4 and IPv6) did not work well when using kubenet as the network plugin. (#59749, @zioproto)
- Get parent dir via canonical absolute path when trying to judge mount-point (#58433, @yue9944882)
- Container runtime daemon (e.g. dockerd) logs in GCE cluster will be uploaded to stackdriver and elasticsearch with tag
container-runtime
(#59103, @Random-Liu) - Add AzureDisk support for vmss nodes (#59716, @feiskyer)
- Fixed a race condition in k8s.io/client-go/tools/cache.SharedInformer that could violate the sequential delivery guarantee and cause panics on shutdown. (#59828, @krousey)
- Avoid hook errors when effecting label changes on kubernetes-worker charm. (#59803, @wwwtyro)
- kubectl port-forward now allows using resource name (e.g., deployment/www) to select a matching pod, as well as allows the use of --pod-running-timeout to wait till at least one pod is running. (#59705, @phsiao)
- kubectl port-forward no longer support deprecated -p flag
- Deprecate insecure HTTP port of kube-controller-manager and cloud-controller-manager. Use
--secure-port
and--bind-address
instead. (#59582, @sttts) - Eviction thresholds set to 0% or 100% are now ignored. (#59681, @mtaufen)
- [advanced audit] support subresources wildcard matching. (#55306, @hzxuzhonghu)
- CronJobs can be accessed through cj alias (#59499, @soltysh)
- N/A (#58275, @carmark)
- fix the error prone account creation method of blob disk (#59739, @andyzhangx)
- Add automatic etcd 3.2->3.1 and 3.1->3.0 minor version rollback support to gcr.io/google_container/etcd images. For HA clusters, all members must be stopped before performing a rollback. (#59298, @jpbetz)
kubeadm init
can now omit the tainting of the master node if configured to do so inkubeadm.yaml
. (#55479, @ijc)- Updated kubernetes-worker to request new security tokens when the aws cloud provider changes the registered node name. (#59730, @hyperbolic2346)
- Pod priority can be specified ins PodSpec even when the feature is disabled, but it will be effective only when the feature is enabled. (#59291, @bsalamat)
- kubeadm: Enable auditing behind a feature gate. (#59067, @chuckha)
- Map correct vmset name for Azure internal load balancers (#59747, @feiskyer)
- Add generic cache for Azure VMSS (#59652, @feiskyer)
- kubeadm: New "imagePullPolicy" option in the init configuration file, that gets forwarded to kubelet static pods to control pull policy for etcd and control plane images. (#58960, @rosti)
- fix the create azure file pvc failure if there is no storage account in current resource group (#56557, @andyzhangx)
- Add generic cache for Azure VM/LB/NSG/RouteTable (#59520, @feiskyer)
- The alpha KubeletConfiguration.ConfigTrialDuration field is no longer available. (#59628, @mtaufen)
- Updates Calico version to v2.6.7 (Fixed a bug where Felix would crash when parsing a NetworkPolicy with a named port. See https://github.com/projectcalico/calico/releases/tag/v2.6.7) (#59130, @caseydavenport)
- return error if New-SmbGlobalMapping failed when mounting azure file on Windows (#59540, @andyzhangx)
- Disallow PriorityClass names with 'system-' prefix for user defined priority classes. (#59382, @bsalamat)
- Fixed an issue where Portworx volume driver wasn't passing namespace and annotations to the Portworx Create API. (#59607, @harsh-px)
- Enable apiserver metrics for custom resources. (#57682, @nikhita)
- fix typo (#59619, @jianliao82)
- incase -> in case
- selction -> selection
- Implement envelope service with gRPC, so that KMS providers can be pulled out from API server. (#55684, @wu-qiang)
- Enable golint for
pkg/scheduler
and fix the golint errors in it. (#58437, @tossmilestone) - AWS: Make attach/detach operations faster. from 10-12s to 2-6s (#56974, @gnufied)
- CRI starts using moutpoint as image filesystem identifier instead of UUID. (#59475, @Random-Liu)
- DaemonSet, Deployment, ReplicaSet, and StatefulSet objects are now persisted in etcd in apps/v1 format (#58854, @liggitt)
- 'none' can now be specified in KubeletConfiguration.EnforceNodeAllocatable (--enforce-node-allocatable) to explicitly disable enforcement. (#59515, @mtaufen)
- vSphere Cloud Provider supports VMs provisioned on vSphere v1.6.5 (#59519, @abrarshivani)
- Annotations is added to advanced audit api (#58806, @CaoShuFeng)
- 2nd try at using a vanity GCR name (#57824, @thockin)
- Node's providerID is following Azure resource ID format now when useInstanceMetadata is enabled (#59539, @feiskyer)
- Block Volume Support: Local Volume Plugin update (#59303, @dhirajh)
- [action-required] The Container Runtime Interface (CRI) version has increased from v1alpha1 to v1alpha2. Runtimes implementing the CRI will need to update to the new version, which configures container namespaces using an enumeration rather than booleans. (#58973, @verb)
- Fix the bug where kubelet in the standalone mode would wait for the update from the apiserver source. (#59276, @roboll)
- Add "keyring" parameter for Ceph RBD provisioner (#58287, @madddi)
- Ensure euqiv hash calculation is per schedule (#59245, @resouer)
- kube-scheduler: Use default predicates/prioritizers if they are unspecified in the policy config (#59363, @yguo0905)
- Fixed charm issue where docker login would run prior to daemon options being set. (#59396, @kwmonroe)
- Implementers of the cloud provider interface will note the addition of a context to this interface. Trivial code modification will be necessary for a cloud provider to continue to compile. (#59287, @cheftako)
- /release-note-none (#58264, @WanLinghao)
- Use a more reliable way to get total physical memory on windows nodes (#57124, @JiangtianLi)
- Add xfsprogs to hyperkube container image. (#56937, @redbaron)
- Ensure Azure public IP removed after service deleted (#59340, @feiskyer)
- Improve messages user gets during and after volume resizing is done. (#58415, @gnufied)
- Fix RBAC permissions for Stackdriver Metadata Agent. (#57455, @kawych)
- Scheduler should be able to read from config file if configmap is not present. (#59386, @ravisantoshgudimetla)
- MountPropagation feature is now beta. As consequence, all volume mounts in containers are now "rslave" on Linux by default. (#59252, @jsafrane)
- Fix RBAC role for certificate controller to allow cleaning. (#59375, @mikedanese)
- Volume metrics support for vSphere Cloud Provider (#59328, @divyenpatel)
- Announcing the deprecation of the recycling reclaim policy. (#59063, @ayushpateria)
- Intended for post-1.9 (#57872, @mlmhl)
- The
meta.k8s.io/v1alpha1
objects for retrieving tabular responses from the server (Table
) or fetching just theObjectMeta
for an object (asPartialObjectMetadata
) are now beta as part ofmeta.k8s.io/v1beta1
. Clients may request alternate representations of normal Kubernetes objects by passing anAccept
header likeapplication/json;as=Table;g=meta.k8s.io;v=v1beta1
orapplication/json;as=PartialObjectMetadata;g=meta.k8s.io;v1=v1beta1
. Older servers will ignore this representation or return an error if it is not available. Clients may request fallback to the normal object by adding a non-qualified mime-type to theirAccept
header likeapplication/json
- the server will then respond with either the alternate representation if it is supported or the fallback mime-type which is the normal object response. (#59059, @smarterclayton) - add PV size grow feature for azure file (#57017, @andyzhangx)
- Upgrade default etcd server version to 3.2.14 (#58645, @jpbetz)
- Add windows config to Kubelet CRI (#57076, @feiskyer)
- Configurable etcd quota backend bytes in GCE (#59259, @wojtek-t)
- Remove unmaintained kube-registry-proxy support from gce kube-up. (#58564, @mikedanese)
- Allow expanding mounted volumes (#58794, @gnufied)
- Upped the timeout for apiserver communication in the juju kubernetes-worker charm. (#59219, @hyperbolic2346)
- kubeadm init: skip checking cri socket in preflight checks (#58802, @dixudx)
- Add "nominatedNodeName" field to PodStatus. This field is set when a pod preempts other pods on the node. (#58990, @bsalamat)
- Changes secret, configMap, downwardAPI and projected volumes to mount read-only, instead of allowing applications to write data and then reverting it automatically. Until version 1.11, setting the feature gate ReadOnlyAPIDataVolumes=false will preserve the old behavior. (#58720, @joelsmith)
- Fixed issue with charm upgrades resulting in an error state. (#59064, @hyperbolic2346)
- Ensure IP is set for Azure internal load balancer. (#59083, @feiskyer)
- Postpone PV deletion when it is being bound to a PVC (#58743, @NickrenREN)
- Add V1beta1 VolumeAttachment API, co-existing with Alpha API object (#58462, @NickrenREN)
- When using client or server certificate rotation, the Kubelet will no longer wait until the initial rotation succeeds or fails before starting static pods. This makes running self-hosted masters with rotation more predictable. (#58930, @smarterclayton)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | 246f0373ccb25a243a387527b32354b69fc2211c422e71479d22bfb3a829c8fb |
kubernetes-src.tar.gz | f9c60bb37fb7b363c9f66d8efd8aa5a36ea2093c61317c950719b3ddc86c5e10 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | ca8dfd7fbd34478e7ba9bba3779fcca08f7efd4f218b0c8a7f52bbeea0f42cd7 |
kubernetes-client-darwin-amd64.tar.gz | 713c35d99f44bd19d225d2c9f2d7c4f3976b5dd76e9a817b2aaf68ee0cb5a939 |
kubernetes-client-linux-386.tar.gz | 7601e55e3bb0f0fc11611c68c4bc000c3cbbb7a09652c386e482a1671be7e2d6 |
kubernetes-client-linux-amd64.tar.gz | 8a6c498531c1832176e22d622008a98bac6043f05dec96747649651531ed3fd7 |
kubernetes-client-linux-arm64.tar.gz | 81561820fb5a000152e9d8d94882e0ed6228025ea7973ee98173b5fc89d62a42 |
kubernetes-client-linux-arm.tar.gz | 6ce8c3ed253a10d78e62e000419653a29c411cd64910325b21ff3370cb0a89eb |
kubernetes-client-linux-ppc64le.tar.gz | a46b42c94040767f6bbf2ce10aef36d8dbe94c0069f866a848d69b2274f8f0bc |
kubernetes-client-linux-s390x.tar.gz | fa3e656b612277fc4c303aef95c60b58ed887e36431db23d26b536f226a23cf6 |
kubernetes-client-windows-386.tar.gz | 832e12266495ac55cb54a999bc5ae41d42d160387b487d8b4ead577d96686b62 |
kubernetes-client-windows-amd64.tar.gz | 7056a3eb5a8f9e8fa0326aa6e0bf97fc5b260447315f8ec7340be5747a16f5fd |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | dc8e2be2fcb6477249621fb5c813c853371a3bf8732c5cb3a6d6cab667cfa324 |
kubernetes-server-linux-arm64.tar.gz | 399071ad9042a72bccd6e1aa322405c02b4a807c0b4f987d608c4c9c369979d6 |
kubernetes-server-linux-arm.tar.gz | 7457ad16665e331fa9224a3d61690206723721197ad9760c3b488de9602293f5 |
kubernetes-server-linux-ppc64le.tar.gz | ffcb728d879c0347bd751c9bccac3520bb057d203ba1acd55f8c727295282049 |
kubernetes-server-linux-s390x.tar.gz | f942f6e15886a1fb0d91d04adf47677068c56070dff060f38c371c3ee3e99648 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 81b22beb30be9d270016c7b35b86ea585f29c0c5f09128da9341f9f67c8865f9 |
kubernetes-node-linux-arm64.tar.gz | d9020b99c145f44c519b1a95b55ed24e69d9c679a02352c7e05e86042daca9d1 |
kubernetes-node-linux-arm.tar.gz | 1d10bee4ed62d70b318f5703b2cd8295a08e199f810d6b361f367907e3f01fb6 |
kubernetes-node-linux-ppc64le.tar.gz | 67cd4dde212abda37e6f9e6dee1bb59db96e0727100ef0aa561c15562df0f3e1 |
kubernetes-node-linux-s390x.tar.gz | 362b030e011ea6222b1f2dec62311d3971bcce4dba94997963e2a091efbf967b |
kubernetes-node-windows-amd64.tar.gz | e609a2b0410acbb64d3ee6d7f134d98723d82d05bdbead1eaafd3584d3e45c39 |
- Fixed issue with kubernetes-worker option allow-privileged not properly handling the value True with a capital T. (#59116, @hyperbolic2346)
- Added anti-affinity to kube-dns pods (#57683, @vainu-arto)
- cloudprovider/openstack: fix bug the tries to use octavia client to query flip (#59075, @jrperritt)
- Windows containers now support experimental Hyper-V isolation by setting annotation
experimental.windows.kubernetes.io/isolation-type=hyperv
and feature gates HyperVContainer. Only one container per pod is supported yet. (#58751, @feiskyer) crds
is added as a shortname for CustomResourceDefinition i.e.kubectl get crds
can now be used. (#59061, @nikhita)- Fix an issue where port forwarding doesn't forward local TCP6 ports to the pod (#57457, @vfreex)
- YAMLDecoder Read now tracks rest of buffer on io.ErrShortBuffer (#58817, @karlhungus)
- Prevent kubelet from getting wedged if initialization of modules returns an error. (#59020, @brendandburns)
- Fixed a race condition inside kubernetes-worker that would result in a temporary error situation. (#59005, @hyperbolic2346)
- [GCE] Apiserver uses
InternalIP
as the most preferred kubelet address type by default. (#59019, @MrHohn) - Deprecate insecure flags
--insecure-bind-address
,--insecure-port
and remove--public-address-override
. (#59018, @hzxuzhonghu) - Support GetLabelsForVolume in OpenStack Provider (#58871, @edisonxiang)
- Build using go1.9.3. (#59012, @ixdy)
- CRI: Add a call to reopen log file for a container. (#58899, @yujuhong)
- The alpha KubeletConfigFile feature gate has been removed, because it was redundant with the Kubelet's --config flag. It is no longer necessary to set this gate to use the flag. The --config flag is still considered alpha. (#58978, @mtaufen)
kubectl scale
can now scale any resource (kube, CRD, aggregate) conforming to the standard scale endpoint (#58298, @p0lyn0mial)- kube-apiserver flag --tls-ca-file has had no effect for some time. It is now deprecated and slated for removal in 1.11. If you are specifying this flag, you must remove it from your launch config before upgrading to 1.11. (#58968, @deads2k)
- Fix regression in the CRI: do not add a default hostname on short image names (#58955, @runcom)
- Get windows kernel version directly from registry (#58498, @feiskyer)
- Remove deprecated --require-kubeconfig flag, remove default --kubeconfig value (#58367, @zhangxiaoyu-zidif)
- Google Cloud Service Account email addresses can now be used in RBAC (#58141, @ahmetb)
- Role bindings since the default scopes now include the "userinfo.email"
- scope. This is a breaking change if the numeric uniqueIDs of the Google
- service accounts were being used in RBAC role bindings. The behavior
- can be overridden by explicitly specifying the scope values as
- comma-separated string in the "users[*].config.scopes" field in the
- KUBECONFIG file.
- kube-apiserver is changed to use SSH tunnels for webhook iff the webhook is not directly routable from apiserver's network environment. (#58644, @yguo0905)
- Updated priority of mirror pod according to PriorityClassName. (#58485, @k82cn)
- Fixes a bug where kubelet crashes trying to free memory under memory pressure (#58574, @yastij)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | 89efeb8b16c40e5074f092f51399995f0fe4a0312367a8f54bd227c3c6fcb629 |
kubernetes-src.tar.gz | eefbbf435f1b7a0e416f4e6b2c936c49ce5d692994da8d235c5e25bc408eec57 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 878366200ddfb9128a133d7d377057c6f878b24357062cf5243c0f0aac26b292 |
kubernetes-client-darwin-amd64.tar.gz | dc065b9ecfa513607eac6e7dd125b2c25c9a9e7c13d0b2b6e56586e17bbd6ae5 |
kubernetes-client-linux-386.tar.gz | 93c2462051935d8f6bca6c72d09948963d47cd64426660f63e0cea7d37e24812 |
kubernetes-client-linux-amd64.tar.gz | 0eef61285fad1f9ff8392c59986d3a41887abc642bcb5cb451c5a5300927e2c4 |
kubernetes-client-linux-arm64.tar.gz | 6cf7913730a57b503beaf37f5c4d0f97789358983ed03654036f8b986b60cc62 |
kubernetes-client-linux-arm.tar.gz | f03c3ecbf4c08d263f2daa8cbe838e20452d6650b80e9a74762c155c26a579b7 |
kubernetes-client-linux-ppc64le.tar.gz | 25a2f93ebb721901d262adae4c0bdaa4cf1293793e9dff4507e031b85f46aff8 |
kubernetes-client-linux-s390x.tar.gz | 3e0b9ef771f36edb61bd61ccb67996ed41793c01f8686509bf93e585ee882c94 |
kubernetes-client-windows-386.tar.gz | 387e5e6b0535f4f5996c0732f1b591d80691acaec86e35482c7b90e00a1856f7 |
kubernetes-client-windows-amd64.tar.gz | c10a72d40252707b732d33d03beec3c6380802d0a6e3214cbbf4af258fddf28c |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 42c1e016e8b0c5cc36c7bf574abca18c63e16d719d35e19ddbcbcd5aaeabc46c |
kubernetes-server-linux-arm64.tar.gz | b7774c54344c75bf5c703d4ca271f0af6c230e86cbe40eafd9cbf98a4f4be6e9 |
kubernetes-server-linux-arm.tar.gz | c11c8554506b64d6fd1a6e79bfc4e1e19f4f826b9ba98de81bc757901e8cdc43 |
kubernetes-server-linux-ppc64le.tar.gz | 196bd957804b2a9049189d225e49bf78e52e9adef12c072128e4e85d35da438e |
kubernetes-server-linux-s390x.tar.gz | be12fbea28a6cb089734782fe11e6f90a30785b9ad1ec02bc08a59afeb95c173 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | a1feb239dfc473b49adf95d7d94e4a9c6c7d07416d4e935e3fc10175ffaa7163 |
kubernetes-node-linux-arm64.tar.gz | 26583c0bd08313bdc0bdfba6745f3ccd0f117431d3a5e2623bb5015675d506b8 |
kubernetes-node-linux-arm.tar.gz | 79c6299a5482467e3e85ee881f21edf5d491bc28c94e547d9297d1e1ad1b7458 |
kubernetes-node-linux-ppc64le.tar.gz | 2732fd288f1eac44c599423ce28cbdb85b54a646970a3714be5ff86d1b14b5e2 |
kubernetes-node-linux-s390x.tar.gz | 8d49432f0ff3baf55e71c29fb6ffc1673b2a45b9eae2e1906138b1409da53940 |
kubernetes-node-windows-amd64.tar.gz | 15ff74edfa98cd1afadcc4e53dd592b1e2935fbab76ad731309d355ae23bdd09 |
- Bug fix: webhooks now do not skip cluster-scoped resources (#58185, @caesarxuchao)
- Action required: Before upgrading your Kubernetes clusters, double check if you had configured webhooks for cluster-scoped objects (e.g., nodes, persistentVolume), these webhooks will start to take effect. Delete/modify the configs if that's not desirable.
- Fixing extra_sans option on master and load balancer. (#58843, @hyperbolic2346)
- ConfigMap objects now support binary data via a new
binaryData
field. When usingkubectl create configmap --from-file
, files containing non-UTF8 data will be placed in this new field in order to preserve the non-UTF8 data. Use of this feature requires 1.10+ apiserver and kubelets. (#57938, @dims) - New alpha feature to limit the number of processes running in a pod. Cluster administrators will be able to place limits by using the new kubelet command line parameter --pod-max-pids. Note that since this is a alpha feature they will need to enable the "SupportPodPidsLimit" feature. (#57973, @dims)
- Add storage-backend configuration option to kubernetes-master charm. (#58830, @wwwtyro)
- use containing API group when resolving shortname from discovery (#58741, @dixudx)
- Fix kubectl explain for resources not existing in default version of API group (#58753, @soltysh)
- Ensure config has been created before attempting to launch ingress. (#58756, @wwwtyro)
- Access to externally managed IP addresses via the kube-apiserver service proxy subresource is no longer allowed by default. This can be re-enabled via the
ServiceProxyAllowExternalIPs
feature gate, but will be disallowed completely in 1.11 (#57265, @brendandburns) - Added support for external cloud providers in kubeadm (#58259, @dims)
- rktnetes has been deprecated in favor of rktlet. Please see https://github.com/kubernetes-incubator/rktlet for more information. (#58418, @yujuhong)
- Fixes bug finding master replicas in GCE when running multiple Kubernetes clusters (#58561, @jesseshieh)
- Update Calico version to v2.6.6 (#58482, @tmjd)
- Promoting the apiregistration.k8s.io (aggregation) to GA (#58393, @deads2k)
- Stability: Make Pod delete event handling of scheduler more robust. (#58712, @bsalamat)
- Added support for network spaces in the kubeapi-load-balancer charm (#58708, @hyperbolic2346)
- Added support for network spaces in the kubernetes-master charm (#58704, @hyperbolic2346)
- update etcd unified version to 3.1.10 (#54242, @zouyee)
- updates fluentd in fluentd-es-image to fluentd 1.1.0 (#58525, @monotek)
- Support metrics API in
kubectl top
commands. (#56206, @brancz) - Added support for network spaces in the kubernetes-worker charm (#58523, @hyperbolic2346)
- CustomResourceDefinitions: OpenAPI v3 validation schemas containing
$ref
references are no longer permitted (valid references could not be constructed previously because property ids were not permitted either). Before upgrading, ensure CRD definitions do not include those$ref
fields. (#58438, @carlory) - Openstack: register metadata.hostname as node name (#58502, @dixudx)
- Added nginx and default backend images to kubernetes-worker config. (#58542, @hyperbolic2346)
- --tls-min-version on kubelet and kube-apiserver allow for configuring minimum TLS versions (#58528, @deads2k)
- Fixes an issue where the resourceVersion of an object in a DELETE watch event was not the resourceVersion of the delete itself, but of the last update to the object. This could disrupt the ability of clients clients to re-establish watches properly. (#58547, @liggitt)
- Fixed crash in kubectl cp when path has multiple leading slashes (#58144, @tomerf)
- kube-apiserver: requests to endpoints handled by unavailable extension API servers (as indicated by an
Available
condition offalse
in the registered APIService) now return503
errors instead of404
errors. (#58070, @weekface) - Correctly handle transient connection reset errors on GET requests from client library. (#58520, @porridge)
- Authentication information for OpenStack cloud provider can now be specified as environment variables (#58300, @dims)
- Bump GCE metadata proxy to v0.1.9 to pick up security fixes. (#58221, @ihmccreery)
- kubeadm now accept
--apiserver-extra-args
,--controller-manager-extra-args
and--scheduler-extra-args
to override / specify additional flags for control plane components (#58080, @simonferquel) - Add
--enable-admission-plugin
--disable-admission-plugin
flags and deprecate--admission-control
. (#58123, @hzxuzhonghu)- Afterwards, don't care about the orders specified in the flags.
- "ExternalTrafficLocalOnly" has been removed from feature gate. It has been a GA feature since v1.7. (#56948, @MrHohn)
- GCP: allow a master to not include a metadata concealment firewall rule (if it's not running the metadata proxy). (#58104, @ihmccreery)
- kube-apiserver: fixes loading of
--admission-control-config-file
containing AdmissionConfiguration apiserver.k8s.io/v1alpha1 config object (#58439, @liggitt) - Fix issue when using OpenStack config drive for node metadata (#57561, @dims)
- Add FSType for CSI volume source to specify filesystems (#58209, @NickrenREN)
- OpenStack cloudprovider: Ensure orphaned routes are removed. (#56258, @databus23)
- Reduce Metrics Server memory requirement (#58391, @kawych)
- Fix a bug affecting nested data volumes such as secret, configmap, etc. (#57422, @joelsmith)
- kubectl now enforces required flags at a more fundamental level (#53631, @dixudx)
- Remove alpha Initializers from kubadm admission control (#58428, @dixudx)
- Enable ValidatingAdmissionWebhook and MutatingAdmissionWebhook in kubeadm from v1.9 (#58255, @dixudx)
- Fixed encryption key and encryption provider rotation (#58375, @liggitt)
- set fsGroup by securityContext.fsGroup in azure file (#58316, @andyzhangx)
- Remove deprecated and unmaintained salt support. kubernetes-salt.tar.gz will no longer be published in the release tarball. (#58248, @mikedanese)
- Detach and clear bad disk URI (#58345, @rootfs)
- Allow version arg in kubeadm upgrade apply to be optional if config file already have version info (#53220, @medinatiger)
- feat(fakeclient): push event on watched channel on add/update/delete (#57504, @yue9944882)
- Custom resources can now be submitted to and received from the API server in application/yaml format, consistent with other API resources. (#58260, @liggitt)
- remove spaces from kubectl describe hpa (#56331, @shiywang)
- fluentd-gcp updated to version 2.0.14. (#58224, @zombiezen)
- Instrument the Azure cloud provider for Prometheus monitoring. (#58204, @cosmincojocar)
- -Add scheduler optimization options, short circuit all predicates if … (#56926, @wgliang)
- Remove deprecated ContainerVM support from GCE kube-up. (#58247, @mikedanese)
- Remove deprecated kube-push.sh functionality. (#58246, @mikedanese)
- The getSubnetIDForLB() should return subnet id rather than net id. (#58208, @FengyunPan)
- Avoid panic when failing to allocate a Cloud CIDR (aka GCE Alias IP Range). (#58186, @negz)
- Handle Unhealthy devices (#57266, @vikaschoudhary16)
- Expose Metrics Server metrics via /metric endpoint. (#57456, @kawych)
- Remove deprecated container-linux support in gce kube-up.sh. (#58098, @mikedanese)
- openstack cinder detach problem is fixed if nova is shutdowned (#56846, @zetaab)
- Fixes a possible deadlock preventing quota from being recalculated (#58107, @ironcladlou)
- fluentd-es addon: multiline stacktraces are now grouped into one entry automatically (#58063, @monotek)
- GCE: Allows existing internal load balancers to continue using an outdated subnetwork (#57861, @nicksardo)
- ignore images in used by running containers when GC (#57020, @dixudx)
- Remove deprecated and unmaintained photon-controller kube-up.sh. (#58096, @mikedanese)
- The kubelet flag to run docker containers with a process namespace that is shared between all containers in a pod is now deprecated and will be replaced by a new field in
v1.Pod
that configures this behavior. (#58093, @verb) - fix device name change issue for azure disk: add remount logic (#57953, @andyzhangx)
- The Kubelet now explicitly registers all of its command-line flags with an internal flagset, which prevents flags from third party libraries from unintentionally leaking into the Kubelet's command-line API. Many unintentionally leaked flags are now marked deprecated, so that users have a chance to migrate away from them before they are removed. One previously leaked flag, --cloud-provider-gce-lb-src-cidrs, was entirely removed from the Kubelet's command-line API, because it is irrelevant to Kubelet operation. (#57613, @mtaufen)
- Remove deprecated and unmaintained libvirt-coreos kube-up.sh. (#58023, @mikedanese)
- Remove deprecated and unmaintained windows installer. (#58020, @mikedanese)
- Remove deprecated and unmaintained openstack-heat kube-up.sh. (#58021, @mikedanese)
- Fixes authentication problem faced during various vSphere operations. (#57978, @prashima)
- fluentd-gcp updated to version 2.0.13. (#57789, @x13n)
- Add support for cloud-controller-manager in local-up-cluster.sh (#57757, @dims)
- Update CSI spec dependency to point to v0.1.0 tag (#57989, @NickrenREN)
- Update kube-dns to Version 1.14.8 that includes only small changes to how Prometheus metrics are collected. (#57918, @rramkumar1)
- Add proxy_read_timeout flag to kubeapi_load_balancer charm. (#57926, @wwwtyro)
- Adding support for Block Volume type to rbd plugin. (#56651, @sbezverk)
- Fixes a bug in Heapster deployment for google sink. (#57902, @kawych)
- Forbid unnamed contexts in kubeconfigs. (#56769, @dixudx)
- Upgrade to etcd client 3.2.13 and grpc 1.7.5 to improve HA etcd cluster stability. (#57480, @jpbetz)
- Default scheduler code is moved out of the plugin directory. (#57852, @misterikkit)
- plugin/pkg/scheduler -> pkg/scheduler
- plugin/cmd/kube-scheduler -> cmd/kube-scheduler
- Bump metadata proxy version to v0.1.7 to pick up security fix. (#57762, @ihmccreery)
- HugePages feature is beta (#56939, @derekwaynecarr)
- GCE: support passing kube-scheduler policy config via SCHEDULER_POLICY_CONFIG (#57425, @yguo0905)
- Returns an error for non overcommitable resources if they don't have limit field set in container spec. (#57170, @jiayingz)
- Update defaultbackend image to 1.4 and deployment apiVersion to apps/v1 (#57866, @zouyee)
- kubeadm: set kube-apiserver advertise address using downward API (#56084, @andrewsykim)
- CDK nginx ingress is now handled via a daemon set. (#57530, @hyperbolic2346)
- The kubelet uses a new release 3.1 of the pause container with the Docker runtime. This version will clean up orphaned zombie processes that it inherits. (#57517, @verb)
- Allow kubectl set image|env on a cronjob (#57742, @soltysh)
- Move local PV negative scheduling tests to integration (#57570, @sbezverk)
- fix azure disk not available issue when device name changed (#57549, @andyzhangx)
- Only create Privileged PSP binding during e2e tests if RBAC is enabled. (#56382, @mikkeloscar)
- RBAC: The system:kubelet-api-admin cluster role can be used to grant full access to the kubelet API (#57128, @liggitt)
- Allow kubernetes components to react to SIGTERM signal and shutdown gracefully. (#57756, @mborsz)
- ignore nonexistent ns net file error when deleting container network in case a retry (#57697, @dixudx)
- check psp HostNetwork in DenyEscalatingExec admission controller. (#56839, @hzxuzhonghu)
- The alpha
--init-config-dir
flag has been removed. Instead, use the--config
flag to reference a kubelet configuration file directly. (#57624, @mtaufen) - Add cache for VM get operation in azure cloud provider (#57432, @karataliu)
- Fix garbage collection when the controller-manager uses --leader-elect=false (#57340, @jmcmeek)
- iSCSI sessions managed by kubernetes will now explicitly set startup.mode to 'manual' to (#57475, @stmcginnis)
- prevent automatic login after node failure recovery. This is the default open-iscsi mode, so
- this change will only impact users who have changed their startup.mode to be 'automatic'
- in /etc/iscsi/iscsid.conf.
- Configurable liveness probe initial delays for etcd and kube-apiserver in GCE (#57749, @wojtek-t)
- Fixed garbage collection hang (#57503, @liggitt)
- Fixes controller manager crash in certain vSphere cloud provider environment. (#57286, @rohitjogvmw)
- Remove useInstanceMetadata parameter from Azure cloud provider. (#57647, @feiskyer)
- Support multiple scale sets in Azure cloud provider. (#57543, @feiskyer)
- GCE: Fixes ILB creation on automatic networks with manually created subnetworks. (#57351, @nicksardo)
- Improve scheduler performance of MatchInterPodAffinity predicate. (#57476, @misterikkit)
- Improve scheduler performance of MatchInterPodAffinity predicate. (#57477, @misterikkit)
- Improve scheduler performance of MatchInterPodAffinity predicate. (#57478, @misterikkit)
- Allow use resource ID to specify public IP address in azure_loadbalancer (#53557, @yolo3301)
- Fixes a bug where if an error was returned that was not an
autorest.DetailedError
we would return"not found", nil
which caused nodes to go toNotReady
state. (#57484, @brendandburns) - Add the path '/version/' to the
system:discovery
cluster role. (#57368, @brendandburns) - Fixes issue creating docker secrets with kubectl 1.9 for accessing docker private registries. (#57463, @dims)
- adding predicates ordering for the kubernetes scheduler. (#57168, @yastij)
- Free up CPU and memory requested but unused by Metrics Server Pod Nanny. (#57252, @kawych)
- The alpha Accelerators feature gate is deprecated and will be removed in v1.11. Please use device plugins instead. They can be enabled using the DevicePlugins feature gate. (#57384, @mindprince)
- Fixed dynamic provisioning of GCE PDs to round to the next GB instead of GiB (#56600, @edisonxiang)
- Separate loop and plugin control (#52371, @cheftako)
- Use old dns-ip mechanism with older cdk-addons. (#57403, @wwwtyro)
- Retry 'connection refused' errors when setting up clusters on GCE. (#57394, @mborsz)
- Upgrade to etcd client 3.2.11 and grpc 1.7.5 to improve HA etcd cluster stability. (#57160, @jpbetz)
- Added the ability to select pods in a chosen node to be drained, based on given pod label-selector (#56864, @juanvallejo)
- Wait for kubedns to be ready when collecting the cluster IP. (#57337, @wwwtyro)
- Use "k8s.gcr.io" for container images rather than "gcr.io/google_containers". This is just a redirect, for now, so should not impact anyone materially. (#54174, @thockin)
- Documentation and tools should all convert to the new name. Users should take note of this in case they see this new name in the system.
- Fix ipvs proxier nodeport eth* assumption (#56685, @m1093782566)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | 403b90bfa32f7669b326045a629bd15941c533addcaf0c49d3c3c561da0542f2 |
kubernetes-src.tar.gz | 266da065e9eddf19d36df5ad325f2f854101a0e712766148e87d998e789b80cf |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 5aaa8e294ae4060d34828239e37f37b45fa5a69508374be668965102848626be |
kubernetes-client-darwin-amd64.tar.gz | 40a8e3bab11b88a2bb8e748f0b29da806d89b55775508039abe9c38c5f4ab97d |
kubernetes-client-linux-386.tar.gz | e08dde0b561529f0b2bb39c141f4d7b1c943749ef7c1f9779facf5fb5b385d6a |
kubernetes-client-linux-amd64.tar.gz | 76a05d31acaab932ef45c67e1d6c9273933b8bc06dd5ce9bad3c7345d5267702 |
kubernetes-client-linux-arm64.tar.gz | 4b833c9e80f3e4ac4958ea0ffb5ae564b31d2a524f6a14e58802937b2b936d73 |
kubernetes-client-linux-arm.tar.gz | f1484ab75010a2258ed7717b1284d0c139d17e194ac9e391b8f1c0999eec3c2d |
kubernetes-client-linux-ppc64le.tar.gz | da884f09ec753925b2c1f27ea0a1f6c3da2056855fc88f47929bb3d6c2a09312 |
kubernetes-client-linux-s390x.tar.gz | c486f760c6707fc92d1659d3cbe33d68c03190760b73ac215957ee52f9c19195 |
kubernetes-client-windows-386.tar.gz | 514c550b7ff85ac33e6ed333bcc06461651fe4004d8b7c12ca67f5dc1d2198bf |
kubernetes-client-windows-amd64.tar.gz | ddad59222f6a8cb4e88c4330c2a967c4126cb22ac5e0d7126f9f65cca0fb9f45 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 514efd798ce1d7fe4233127f3334a3238faad6c26372a2d457eff02cbe72d756 |
kubernetes-server-linux-arm64.tar.gz | f71f75fb96221f65891fc3e04fd52ae4e5628da8b7b4fbedece3fab4cb650afa |
kubernetes-server-linux-arm.tar.gz | a9d8c2386813fd690e60623a6ee1968fe8f0a1a8e13bc5cc12b2caf8e8a862e1 |
kubernetes-server-linux-ppc64le.tar.gz | 21336a5e40aead4e2ec7e744a99d72bf8cb552341f3141abf8f235beb250cd93 |
kubernetes-server-linux-s390x.tar.gz | 257e44d38fef83f08990b6b9b5e985118e867c0c33f0e869f0900397b9d30498 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 97bf1210f0595ebf496ca7b000c4367f8a459d97ef72459efc6d0e07a072398f |
kubernetes-node-linux-arm64.tar.gz | eebcd3c14fb4faeb82ab047a2152db528adc2d9f7b20eef6f5dc58202ebe3124 |
kubernetes-node-linux-arm.tar.gz | 3d4428416c775a0a6463f623286bd2ecdf9240ce901e1fbae180dfb564c53ea1 |
kubernetes-node-linux-ppc64le.tar.gz | 5cc96b24fad0ac1779a66f9b136d90e975b07bf619fea905e6c26ac5a4c41168 |
kubernetes-node-linux-s390x.tar.gz | 134c13338edf4efcd511f4161742fbaa6dc232965d3d926c3de435e8a080fcbb |
kubernetes-node-windows-amd64.tar.gz | ae54bf2bbcb99cdcde959140460d0f83c0ecb187d060b594ae9c5349960ab055 |
- [action required] Remove the kubelet's
--cloud-provider=auto-detect
feature (#56287, @stewart-yu)
- Fix Heapster configuration and Metrics Server configuration to enable overriding default resource requirements. (#56965, @kawych)
- YAMLDecoder Read now returns the number of bytes read (#57000, @sel)
- Retry 'connection refused' errors when setting up clusters on GCE. (#57324, @mborsz)
- Update kubeadm's minimum supported Kubernetes version in v1.10.x to v1.9.0 (#57233, @xiangpengzhao)
- Graduate CPU Manager feature from alpha to beta. (#55977, @ConnorDoyle)
- Drop hacks used for Mesos integration that was already removed from main kubernetes repository (#56754, @dims)
- Compare correct file names for volume detach operation (#57053, @prashima)
- Improved event generation in volume mount, attach, and extend operations (#56872, @davidz627)
- GCE: bump COS image version to cos-stable-63-10032-71-0 (#57204, @yujuhong)
- fluentd-gcp updated to version 2.0.11. (#56927, @x13n)
- calico-node addon tolerates all NoExecute and NoSchedule taints by default. (#57122, @caseydavenport)
- Support LoadBalancer for Azure Virtual Machine Scale Sets (#57131, @feiskyer)
- Makes the kube-dns addon optional so that users can deploy their own DNS solution. (#57113, @wwwtyro)
- Enabled log rotation for load balancer's api logs to prevent running out of disk space. (#56979, @hyperbolic2346)
- Remove ScrubDNS interface from cloudprovider. (#56955, @feiskyer)
- Fix
etcd-version-monitor
to backward compatibly support etcd 3.1 go-grpc-prometheus metrics format. (#56871, @jpbetz) - enable flexvolume on Windows node (#56921, @andyzhangx)
- When using Role-Based Access Control, the "admin", "edit", and "view" roles now have the expected permissions on NetworkPolicy resources. (#56650, @danwinship)
- Fix the PersistentVolumeLabel controller from initializing the PV labels when it's not the next pending initializer. (#56831, @jhorwit2)
- kube-apiserver: The external hostname no longer use the cloud provider API to select a default. It can be set explicitly using --external-hostname, if needed. (#56812, @dims)
- Use GiB unit for creating and resizing volumes for Glusterfs (#56581, @gnufied)
- PersistentVolume flexVolume sources can now reference secrets in a namespace other than the PersistentVolumeClaim's namespace. (#56460, @liggitt)
- Scheduler skips pods that use a PVC that either does not exist or is being deleted. (#55957, @jsafrane)
- Fixed a garbage collection race condition where objects with ownerRefs pointing to cluster-scoped objects could be deleted incorrectly. (#57211, @liggitt)
- Kubectl explain now prints out the Kind and API version of the resource being explained (#55689, @luksa)
- api-server provides specific events when unable to repair a service cluster ip or node port (#54304, @frodenas)
- Added docker-logins config to kubernetes-worker charm (#56217, @Cynerva)
- delete useless params containerized (#56146, @jiulongzaitian)
- add mount options support for azure disk (#56147, @andyzhangx)
- Use structured generator for kubectl autoscale (#55913, @wackxu)
- K8s supports cephfs fuse mount. (#55866, @zhangxiaoyu-zidif)
- COS: Keep the docker network checkpoint (#54805, @yujuhong)
- Fixed documentation typo in IPVS README. (#56578, @shift)