diff --git a/.abs/main.yaml b/.abs/main.yaml new file mode 100644 index 0000000000..3a7a8b3135 --- /dev/null +++ b/.abs/main.yaml @@ -0,0 +1,5 @@ +generate-metadata: true +chart-dir: ./helm/docs-app +destination: ./build +catalog-base-url: https://giantswarm.github.io/giantswarm-operations-platform-catalog/ +replace-chart-version-with-git: true \ No newline at end of file diff --git a/.circleci/config.yml b/.circleci/config.yml index be30168401..81f9b90533 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -20,9 +20,9 @@ jobs: command: | container_tag=$(architect project version) echo "$container_tag" - docker run -d --rm --name docs -p 8080:8080 gsoci.azurecr.io/giantswarm/docs:$container_tag + docker run -d --rm --name docs-app -p 8080:8080 gsoci.azurecr.io/giantswarm/docs:$container_tag - CURL_OUTPUT=$(docker run --link docs gsoci.azurecr.io/giantswarm/curl:7.81.0 curl --no-buffer http://docs:8080) + CURL_OUTPUT=$(docker run --link docs-app gsoci.azurecr.io/giantswarm/curl:7.81.0 curl --no-buffer http://docs-app:8080) echo $CURL_OUTPUT | grep -q "Giant Swarm" workflows: @@ -43,6 +43,7 @@ workflows: - master - architect/push-to-app-catalog: context: architect + executor: app-build-suite name: push-to-app-catalog app_catalog: giantswarm-operations-platform-catalog app_catalog_test: giantswarm-operations-platform-test-catalog diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 97f9cde514..8c3e8bd1d4 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -1,4 +1,7 @@ name: Validate + +# This is supposed to run on all pull requests to ensure +# formal sanity of content, formatting, front matter, and structure. on: pull_request: branches: @@ -9,22 +12,28 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install dependencies - run: pip3 install click colored==1.4.4 + run: pip3 install click colored - name: Validate front matter for changed files run: | git fetch --no-tags origin "${GITHUB_BASE_REF}":"${GITHUB_BASE_REF}" git diff --name-only "refs/heads/${GITHUB_BASE_REF}" -- . | tee files.txt - cat files.txt | python3 scripts/validate-front-matter/script.py - - - name: Print front matter annotations - run: cat ./annotations.json + if [ -s files.txt ]; then + cat files.txt | python3 scripts/validate-front-matter/script.py + # Print for debugging + printf "\nAnnotations JSON:\n" + cat ./annotations.json + # Save as environment variable for next step + echo "found_front_matter_issues=true" >> $GITHUB_ENV + fi + rm files.txt - name: Send front matter annotations - uses: giantswarm/annotations-action@8028d6604d2db401d4dcd30c21a99fa26e662544 + if: ${{ env.found_front_matter_issues == 'true' }} + uses: yuzutech/annotations-action@0e061a6e3ac848299310b6429b60d67cafd4e7f8 # v0.5.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} title: Front matter problems @@ -32,7 +41,7 @@ jobs: - name: markdownlint run: | - make RUNNING_IN_CI=true lint || true + make RUNNING_IN_CI=true lint-markdown || true # Only fail if the run didn't work for technical reasons if [ ! -e markdownlint.out ]; then @@ -44,12 +53,17 @@ jobs: cat markdownlint.out \ | jq -nR '[inputs | (. | capture("(?[^:]+):(?[0-9]+)(:(?[0-9]+))?\\s+(?.+)") | {"file": .filename, "line": (.line | tonumber), "end_line": (.line | tonumber), "title": "markdownlint problem", "message": .description, "annotation_level": "error"})]' \ > markdownlint-annotations.json - - - name: Print markdownlint annotations - run: cat ./markdownlint-annotations.json + + # Print for debugging + printf "\nAnnotations JSON:\n" + cat ./markdownlint-annotations.json + + # Save as environment variable for next step + echo "found_markdown_issues=true" >> $GITHUB_ENV - name: Send markdownlint annotations - uses: giantswarm/annotations-action@8028d6604d2db401d4dcd30c21a99fa26e662544 + if: ${{ env.found_markdown_issues == 'true' }} + uses: yuzutech/annotations-action@0e061a6e3ac848299310b6429b60d67cafd4e7f8 # v0.5.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} title: markdownlint problems @@ -62,3 +76,107 @@ jobs: echo "ERROR: See markdownlint findings (annotated as errors in the PR when you click on 'Files changed')" exit 1 fi + + - name: Check for moved or deleted files + run: | + git --no-pager diff --name-status --diff-filter=RD "refs/heads/${GITHUB_BASE_REF}" -- . | tee files.txt + + if [ -s files.txt ]; then + + # Creat annotations JSON, as one object per line first + while read line; do + parts=($line) + mode=${parts[0]} + filename=${parts[1]} + + if [ "$mode" == "D" ]; then + echo "{\"file\": \"$filename\", \"line\": 1, \"end_line\": 1, \"title\": \"File deleted\", \"message\": \"File deleted\", \"annotation_level\": \"warning\"}" >> mvdel-annotations-lines.json + else + newFilename=${parts[2]} + echo "{\"file\": \"$newFilename\", \"line\": 1, \"end_line\": 1, \"title\": \"File moved\", \"message\": \"File moved/renamed\", \"annotation_level\": \"warning\"}" >> mvdel-annotations-lines.json + fi + done mvdel-annotations.json + rm mvdel-annotations-lines.json + + # Print for debugging + printf "\nAnnotations JSON:\n" + cat ./mvdel-annotations.json + + # Save as environment variable for next step + echo "deletes_or_moves_files=true" >> $GITHUB_ENV + else + echo "deletes_or_moves_files=false" >> $GITHUB_ENV + fi + + rm files.txt + + - name: Send annotations for moved or deleted files + if: ${{ env.deletes_or_moves_files == 'true' }} + uses: yuzutech/annotations-action@0e061a6e3ac848299310b6429b60d67cafd4e7f8 # v0.5.0 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + input: ./mvdel-annotations.json + title: "Files moved or deleted" + + + - name: Add/update comment about moved/deleted files + if: ${{ env.deletes_or_moves_files == 'true' }} + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + comment-tag: files-deleted-or-moved + message: | + This PR moves/renames or deletes some files. Please make sure to + + - maintain references (also important for images) + - Maintain `aliases` in the front matter of moved markdown files + + - name: Delete comment about moved/deleted files + if: ${{ env.deletes_or_moves_files == 'false' }} + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + comment-tag: files-deleted-or-moved + mode: delete + + - name: Setup Hugo + uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 + with: + hugo-version: "0.125.5" + extended: true + + - id: hugobuild + name: Build Hugo site + run: | + hugo --source ./src --printPathWarnings --printUnusedTemplates --renderToMemory | tee hugo.out + grep "WARN" hugo.out > hugo-warnings.out || true + if [ -s hugo-warnings.out ]; then + echo "hugo_warnings=true" >> $GITHUB_ENV + { + echo 'hugo-warnings<> $GITHUB_OUTPUT + else + echo "hugo_warnings=false" >> $GITHUB_ENV + fi + + - name: Add/update comment about Hugo warnings + if: ${{ env.hugo_warnings == 'true' }} + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + comment-tag: hugo-warnings + message: | + Hugo yielded some warnings. Please [check](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) whether they require action. + + ```nohighlight + ${{ steps.hugobuild.outputs.hugo-warnings }} + ``` + + - name: Delete comment about Hugo warnings + if: ${{ env.hugo_warnings == 'false' }} + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 + with: + comment-tag: hugo-warnings + mode: delete diff --git a/.markdownlint.yaml b/.markdownlint.yaml index a3cfa38d3e..4134957cc7 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -55,3 +55,6 @@ MD051: false # We use the Hugo functionality such as `[1]: {{< relref "..." >}}` which markdownlint recognizes as undefined reference, # so the lint is not helpful. MD052: false + +MD046: + style: fenced diff --git a/.vale/styles/Microsoft/Contractions.yml b/.vale/styles/Microsoft/Contractions.yml index 8c81dcbce7..88c01bf98a 100644 --- a/.vale/styles/Microsoft/Contractions.yml +++ b/.vale/styles/Microsoft/Contractions.yml @@ -4,47 +4,47 @@ link: https://docs.microsoft.com/en-us/style-guide/word-choice/use-contractions level: error ignorecase: true action: - name: replace + name: suggest swap: - are not: aren't - cannot: can't - could not: couldn't - did not: didn't - do not: don't - does not: doesn't - has not: hasn't - have not: haven't - how is: how's - is not: isn't + # are not: aren't + # cannot: can't + # could not: couldn't + # did not: didn't + # do not: don't + # does not: doesn't + # has not: hasn't + # have not: haven't + # how is: how's + # is not: isn't - 'it is(?!\.)': it's - 'it''s(?=\.)': it is + # 'it is(?!\.)': it's + # 'it''s(?=\.)': it is - should not: shouldn't + # should not: shouldn't - "that is(?![.,])": that's - 'that''s(?=\.)': that is + # "that is(?![.,])": that's + # 'that''s(?=\.)': that is - 'they are(?!\.)': they're - 'they''re(?=\.)': they are + # 'they are(?!\.)': they're + # 'they''re(?=\.)': they are - was not: wasn't + # was not: wasn't - 'we are(?!\.)': we're - 'we''re(?=\.)': we are + # 'we are(?!\.)': we're + # 'we''re(?=\.)': we are - 'we have(?!\.)': we've - 'we''ve(?=\.)': we have + # 'we have(?!\.)': we've + # 'we''ve(?=\.)': we have - were not: weren't + # were not: weren't - 'what is(?!\.)': what's - 'what''s(?=\.)': what is + # 'what is(?!\.)': what's + # 'what''s(?=\.)': what is - 'when is(?!\.)': when's - 'when''s(?=\.)': when is + # 'when is(?!\.)': when's + # 'when''s(?=\.)': when is - 'where is(?!\.)': where's - 'where''s(?=\.)': where is + # 'where is(?!\.)': where's + # 'where''s(?=\.)': where is - will not: won't + # will not: won't diff --git a/.vale/styles/config/vocabularies/docs/accept.txt b/.vale/styles/config/vocabularies/docs/accept.txt index aed8565567..d1f5b86af5 100644 --- a/.vale/styles/config/vocabularies/docs/accept.txt +++ b/.vale/styles/config/vocabularies/docs/accept.txt @@ -32,11 +32,14 @@ firewalling freely Grafana gsctl +Honeybadger HTTP IP[s]? IPAM JSON +k8s Keybase +keyless Kinvolk krew Kustomize @@ -52,17 +55,21 @@ NLB[s]? onboarding passthrough perfectly +Planeteers Promtail quickly randomly rapidly really relref +rulesets runbook[s]? SemVer separately Sigstore +SLA[s]? Spotify +SRE[s]? SSL subnet Trivy diff --git a/Dockerfile b/Dockerfile index ce3d88242c..03b9692816 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,15 +32,19 @@ RUN find /public \ -delete FROM gsoci.azurecr.io/giantswarm/nginx:1.25-alpine +EXPOSE 8080 +USER 0 # Delete default config (which we have no control over) RUN rm -r /etc/nginx/conf.d && rm /etc/nginx/nginx.conf - COPY nginx.conf /etc/nginx/nginx.conf -RUN nginx -t -c /etc/nginx/nginx.conf && \ - rm -rf /tmp/nginx.pid +# Ensure tmp dir exists and has right ownership +RUN mkdir -p /tmp/nginx && chown -R 101 /tmp/nginx -EXPOSE 8080 +RUN nginx -t -c /etc/nginx/nginx.conf && \ + rm -rf /tmp/nginx/nginx.pid COPY --from=build --chown=101 /public /usr/share/nginx/html + +USER 101 diff --git a/helm/docs-app/Chart.yaml b/helm/docs-app/Chart.yaml index 059aa24b00..39c7c0e56a 100644 --- a/helm/docs-app/Chart.yaml +++ b/helm/docs-app/Chart.yaml @@ -2,8 +2,11 @@ apiVersion: v1 annotations: application.giantswarm.io/team: "sig-docs" appVersion: 0.0.1 +engine: gotpl description: Giant Swarm documentation published at https://docs.giantswarm.io/ home: https://github.com/giantswarm/docs/ icon: https://s.giantswarm.io/app-icons/giantswarm/1/light.svg name: docs-app -version: "[[.Version]]" +sources: + - https://github.com/giantswarm/docs +version: 2.2.1327-dev \ No newline at end of file diff --git a/helm/docs-app/templates/_helpers.tpl b/helm/docs-app/templates/_helpers.tpl new file mode 100644 index 0000000000..7568e37b04 --- /dev/null +++ b/helm/docs-app/templates/_helpers.tpl @@ -0,0 +1,36 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "labels.common" -}} +app: {{ include "name" . | quote }} +{{ include "labels.selector" . }} +app.kubernetes.io/name: {{ include "name" . | quote }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +application.giantswarm.io/team: {{ index .Chart.Annotations "application.giantswarm.io/team" | quote }} +helm.sh/chart: {{ include "chart" . | quote }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "labels.selector" -}} +app.kubernetes.io/name: {{ include "name" . | quote }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end -}} diff --git a/helm/docs-app/templates/_resource.tpl b/helm/docs-app/templates/_resource.tpl new file mode 100644 index 0000000000..c7b8459f58 --- /dev/null +++ b/helm/docs-app/templates/_resource.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create a name stem for resource names +When pods for deployments are created they have an additional 16 character +suffix appended, e.g. "-957c9d6ff-pkzgw". Given that Kubernetes allows 63 +characters for resource names, the stem is truncated to 47 characters to leave +room for such suffix. +*/}} +{{- define "resource.default.name" -}} +{{- .Release.Name | replace "." "-" | trunc 47 | trimSuffix "-" -}} +{{- end -}} + +{{- define "resource.networkPolicy.name" -}} +{{- include "resource.default.name" . -}}-network-policy +{{- end -}} + +{{- define "resource.psp.name" -}} +{{- include "resource.default.name" . -}}-psp +{{- end -}} + +{{- define "resource.default.namespace" -}} +{{ .Release.Namespace }} +{{- end -}} diff --git a/helm/docs-app/templates/deployment.yaml b/helm/docs-app/templates/deployment.yaml index ee78fd76ae..b46747c280 100644 --- a/helm/docs-app/templates/deployment.yaml +++ b/helm/docs-app/templates/deployment.yaml @@ -32,12 +32,13 @@ spec: type: RuntimeDefault containers: - - name: {{ .Values.image.name }} + - name: docs-app # Public image required - image: {{ .Values.image.registry }}/giantswarm/{{ .Values.image.name }}:{{ .Values.image.tag }} + image: gsoci.azurecr.io/giantswarm/docs:{{ .Chart.Version }} securityContext: allowPrivilegeEscalation: false runAsNonRoot: true + readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault capabilities: @@ -62,5 +63,11 @@ spec: initialDelaySeconds: 10 periodSeconds: 30 timeoutSeconds: 2 + volumeMounts: + - mountPath: /tmp/nginx + name: nginx-tmp + volumes: + - name: nginx-tmp + emptyDir: { } serviceAccount: {{ .Values.name }} serviceAccountName: {{ .Values.name }} diff --git a/helm/docs-app/templates/psp.yaml b/helm/docs-app/templates/psp.yaml deleted file mode 100644 index da5f538b2f..0000000000 --- a/helm/docs-app/templates/psp.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- if not (((.Values.global).podSecurityStandards).enforced) }} ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ .Values.name }} -spec: - allowPrivilegeEscalation: false - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - runAsUser: - rule: MustRunAsNonRoot - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - secret - - configMap ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ .Values.name }} - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: - - extensions - resourceNames: - - {{ .Values.name }} - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Values.name }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ .Values.name }} -subjects: -- kind: ServiceAccount - name: {{ .Values.name }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/helm/docs-app/values.schema.json b/helm/docs-app/values.schema.json new file mode 100644 index 0000000000..d4194bc2ad --- /dev/null +++ b/helm/docs-app/values.schema.json @@ -0,0 +1,39 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + } + } +} diff --git a/helm/docs-app/values.yaml b/helm/docs-app/values.yaml index 3d0a6699ae..47486f47a2 100644 --- a/helm/docs-app/values.yaml +++ b/helm/docs-app/values.yaml @@ -1,10 +1,5 @@ name: docs-app namespace: docs -image: - registry: gsoci.azurecr.io - name: docs - tag: "[[.Version]]" - sha: "[[.SHA]]" resources: requests: @@ -13,7 +8,3 @@ resources: limits: cpu: 500m memory: 20M - -global: - podSecurityStandards: - enforced: false diff --git a/nginx.conf b/nginx.conf index 359a901e7f..3e8d0f043d 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,7 +1,7 @@ worker_processes auto; -error_log /var/log/nginx/error.log warn; -pid /tmp/nginx.pid; +error_log /dev/stderr warn; +pid /tmp/nginx/nginx.pid; events { @@ -10,11 +10,18 @@ events { http { - proxy_temp_path /tmp/proxy_temp; - client_body_temp_path /tmp/client_temp; - fastcgi_temp_path /tmp/fastcgi_temp; - uwsgi_temp_path /tmp/uwsgi_temp; - scgi_temp_path /tmp/scgi_temp; + + open_file_cache max=1000 inactive=60s; + open_file_cache_valid 30s; + open_file_cache_min_uses 2; + open_file_cache_errors on; + + # running as non-root requires a writeable path + client_body_temp_path /tmp/nginx/client_temp; + proxy_temp_path /tmp/nginx/proxy_temp; + fastcgi_temp_path /tmp/nginx/fastcgi_temp; + uwsgi_temp_path /tmp/nginx/uwsgi_temp; + scgi_temp_path /tmp/nginx/scgi_temp; charset utf-8; @@ -25,7 +32,7 @@ http { '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main; + access_log /dev/stdout main; sendfile on; tcp_nopush on; diff --git a/scripts/update-crd-reference/crd.template b/scripts/update-crd-reference/crd.template index 32c1a0d41c..9cd3e3281b 100644 --- a/scripts/update-crd-reference/crd.template +++ b/scripts/update-crd-reference/crd.template @@ -51,7 +51,6 @@ owner: {{- end }} aliases: - /use-the-api/management-api/crd/{{ .NamePlural }}.{{ .Group }}/ - - /reference/cp-k8s-api/{{ .NamePlural }}.{{ .Group }}/ technical_name: {{ .NamePlural }}.{{ .Group }} source_repository: {{ .SourceRepository }} source_repository_ref: {{ .SourceRepositoryRef }} diff --git a/scripts/validate-front-matter/script.py b/scripts/validate-front-matter/script.py index 16e6711a92..7545e7e95e 100644 --- a/scripts/validate-front-matter/script.py +++ b/scripts/validate-front-matter/script.py @@ -8,6 +8,7 @@ try: from yaml import CLoader as Loader except ImportError: + print("Warning: Using slower Python YAML loader. Install LibYAML for faster performance.") from yaml import Loader # Some path config diff --git a/src/assets/styles/base.sass b/src/assets/styles/base.sass index 7e21207493..2e5cec4c12 100644 --- a/src/assets/styles/base.sass +++ b/src/assets/styles/base.sass @@ -76,22 +76,25 @@ abbr[title] #sidebarSearchForm font-size: 14px margin: 28px 0 28px auto - - input - width: 160px - font-size: 14px - padding: 2px - padding-bottom: 2px - padding-top: 2px - padding-left: 4px - padding-right: 2px - line-height: 17px - height: 32px - - button - height: 32px - border: none - padding: 0px 4px + // match Inkeep's dimensions to avoid visible reflow + width: 262.5px + height: 40px + + //input + // width: 160px + // font-size: 14px + // padding: 2px + // padding-bottom: 2px + // padding-top: 2px + // padding-left: 4px + // padding-right: 2px + // line-height: 17px + // height: 32px + + //button + // height: 32px + // border: none + // padding: 0px 4px .form-group display: inline-block diff --git a/src/config.yaml b/src/config.yaml index 46c961c701..c545ccb921 100644 --- a/src/config.yaml +++ b/src/config.yaml @@ -39,9 +39,9 @@ menu: name: Use the API url: /vintage/use-the-api/ weight: 40 - - identifier: support-training + - identifier: support name: Support & Training - url: /vintage/support/ + url: /support/ weight: 50 - identifier: changes name: Changes and releases diff --git a/src/content/changes/dashboards/dex-app/v0.1.0.md b/src/content/changes/dashboards/dex-app/v0.1.0.md deleted file mode 100644 index 6887781bf2..0000000000 --- a/src/content/changes/dashboards/dex-app/v0.1.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#010---2020-02-13 - version: 0.1.0 - version_tag: v0.1.0 -date: '2020-02-21T15:30:53' -description: Changelog entry for giantswarm/dex-app version 0.1.0, published on 21 - February 2020, 15:30. -title: dex-app release v0.1.0 ---- - -### Added -- Add helm chart for dex. diff --git a/src/content/changes/dashboards/dex-app/v1.0.0.md b/src/content/changes/dashboards/dex-app/v1.0.0.md deleted file mode 100644 index 4e9cb67784..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.0.0.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#100---2020-05-05 - version: 1.0.0 - version_tag: v1.0.0 -date: '2020-05-05T14:05:32' -description: Changelog entry for giantswarm/dex-app version 1.0.0, published on 05 - May 2020, 14:05. -title: dex-app release v1.0.0 ---- - -### Added -- Add condition for ingress resource installation. -- Add support for internal Control Plane API access. diff --git a/src/content/changes/dashboards/dex-app/v1.1.0.md b/src/content/changes/dashboards/dex-app/v1.1.0.md deleted file mode 100644 index f171181f63..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.1.0.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#110---2020-07-08 - version: 1.1.0 - version_tag: v1.1.0 -date: '2020-07-08T11:39:02' -description: Changelog entry for giantswarm/dex-app version 1.1.0, published on 08 - July 2020, 11:39. -title: dex-app release v1.1.0 ---- - -### Added -- Add github release workflows. -### Changed -- Use `dex` `v2.24.0-giantswarm` tag, which includes Microsoft OIDC connector `offline_scope` fix (https://github.com/dexidp/dex/pull/1441). diff --git a/src/content/changes/dashboards/dex-app/v1.10.0.md b/src/content/changes/dashboards/dex-app/v1.10.0.md deleted file mode 100644 index dd139af661..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.10.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1100---2021-05-05 - version: 1.10.0 - version_tag: v1.10.0 -date: '2021-05-05T15:51:57' -description: Changelog entry for giantswarm/dex-app version 1.10.0, published on 05 - May 2021, 15:51. -title: dex-app release v1.10.0 ---- - -### Added -- Add Grafana as static client. diff --git a/src/content/changes/dashboards/dex-app/v1.11.0.md b/src/content/changes/dashboards/dex-app/v1.11.0.md deleted file mode 100644 index e9e5717084..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.11.0.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1110---2021-06-14 - version: 1.11.0 - version_tag: v1.11.0 -date: '2021-06-14T12:57:08' -description: Changelog entry for giantswarm/dex-app version 1.11.0, published on 14 - June 2021, 12:57. -title: dex-app release v1.11.0 ---- - -### Changed -- Set more explicit name for the Giant Swarm staff connector, to make it easy to distinguish it from a customer's connector -- Update architect-orb to v2.11.0 diff --git a/src/content/changes/dashboards/dex-app/v1.11.1.md b/src/content/changes/dashboards/dex-app/v1.11.1.md deleted file mode 100644 index 7e713466be..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.11.1.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1111---2021-06-14 - version: 1.11.1 - version_tag: v1.11.1 -date: '2021-06-15T07:21:57' -description: Changelog entry for giantswarm/dex-app version 1.11.1, published on 15 - June 2021, 07:21. -title: dex-app release v1.11.1 ---- - -- New release after updating architect-orb diff --git a/src/content/changes/dashboards/dex-app/v1.11.2.md b/src/content/changes/dashboards/dex-app/v1.11.2.md deleted file mode 100644 index 37721acea0..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.11.2.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1112---2021-06-17 - version: 1.11.2 - version_tag: v1.11.2 -date: '2021-06-17T10:45:26' -description: Changelog entry for giantswarm/dex-app version 1.11.2, published on 17 - June 2021, 10:45. -title: dex-app release v1.11.2 ---- - -### Changed -- Change ingress API version to `networking.k8s.io/v1` (falling back to `networking.k8s.io/v1beta1` where the first is not available). diff --git a/src/content/changes/dashboards/dex-app/v1.12.0.md b/src/content/changes/dashboards/dex-app/v1.12.0.md deleted file mode 100644 index fe711a7851..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.12.0.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1120---2021-08-09 - version: 1.12.0 - version_tag: v1.12.0 -date: '2021-08-09T20:57:33' -description: Changelog entry for giantswarm/dex-app version 1.12.0, published on 09 - August 2021, 20:57. -title: dex-app release v1.12.0 ---- - -### Changed -- Wording update: change "control plane" to "management cluster" -- Make customer connector descriptions more user friendly -- Prepare helm values to configuration management. -- Update architect-orb to v4.0.0. diff --git a/src/content/changes/dashboards/dex-app/v1.12.1.md b/src/content/changes/dashboards/dex-app/v1.12.1.md deleted file mode 100644 index 3282374696..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.12.1.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1121---2021-08-09 - version: 1.12.1 - version_tag: v1.12.1 -date: '2021-08-09T22:02:12' -description: Changelog entry for giantswarm/dex-app version 1.12.1, published on 09 - August 2021, 22:02. -title: dex-app release v1.12.1 ---- - -### Fixed -- Fix certificate secret for dex-k8s-authenticator. diff --git a/src/content/changes/dashboards/dex-app/v1.13.0.md b/src/content/changes/dashboards/dex-app/v1.13.0.md deleted file mode 100644 index 4927a153d1..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.13.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1130---2021-08-13 - version: 1.13.0 - version_tag: v1.13.0 -date: '2021-08-13T13:13:15' -description: Changelog entry for giantswarm/dex-app version 1.13.0, published on 13 - August 2021, 13:13. -title: dex-app release v1.13.0 ---- - -### Fixed -- Fix Kubernetes API address in `dex-k8s-authenticator`. diff --git a/src/content/changes/dashboards/dex-app/v1.14.0.md b/src/content/changes/dashboards/dex-app/v1.14.0.md deleted file mode 100644 index a85f4548b9..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.14.0.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1140---2021-10-05 - version: 1.14.0 - version_tag: v1.14.0 -date: '2021-10-05T07:32:01' -description: Changelog entry for giantswarm/dex-app version 1.14.0, published on 05 - October 2021, 07:32. -title: dex-app release v1.14.0 ---- - -### Changed -- Adapt it to be run in a Giant Swarm Workload Cluster too. -- Bring new dex 2.30.0 version to be compatible with Kuberentes 1.21.x. diff --git a/src/content/changes/dashboards/dex-app/v1.14.1.md b/src/content/changes/dashboards/dex-app/v1.14.1.md deleted file mode 100644 index 9a490a4388..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.14.1.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1141---2021-10-18 - version: 1.14.1 - version_tag: v1.14.1 -date: '2021-10-18T11:35:53' -description: Changelog entry for giantswarm/dex-app version 1.14.1, published on 18 - October 2021, 11:35. -title: dex-app release v1.14.1 ---- - -### Changed -- Use SVG icon from our own server diff --git a/src/content/changes/dashboards/dex-app/v1.15.0.md b/src/content/changes/dashboards/dex-app/v1.15.0.md deleted file mode 100644 index 00392c5473..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.15.0.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1150---2021-10-22 - version: 1.15.0 - version_tag: v1.15.0 -date: '2021-10-22T12:56:00' -description: Changelog entry for giantswarm/dex-app version 1.15.0, published on 22 - October 2021, 12:56. -title: dex-app release v1.15.0 ---- - -### Changed -- Make easier the configuration for Workload Clusters. -- Bring the changes needed to run in Kubernetes 1.21. diff --git a/src/content/changes/dashboards/dex-app/v1.16.0.md b/src/content/changes/dashboards/dex-app/v1.16.0.md deleted file mode 100644 index f695586e09..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.16.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1160---2021-10-25 - version: 1.16.0 - version_tag: v1.16.0 -date: '2021-10-25T09:12:12' -description: Changelog entry for giantswarm/dex-app version 1.16.0, published on 25 - October 2021, 09:12. -title: dex-app release v1.16.0 ---- - -### Changed -- Change dex image to fix refreshing token diff --git a/src/content/changes/dashboards/dex-app/v1.17.0.md b/src/content/changes/dashboards/dex-app/v1.17.0.md deleted file mode 100644 index 3d48f357ea..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.17.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1170---2021-11-24 - version: 1.17.0 - version_tag: v1.17.0 -date: '2021-11-24T12:05:25' -description: Changelog entry for giantswarm/dex-app version 1.17.0, published on 24 - November 2021, 12:05. -title: dex-app release v1.17.0 ---- - -### Added -- Add support for more than one customer connector. diff --git a/src/content/changes/dashboards/dex-app/v1.18.0.md b/src/content/changes/dashboards/dex-app/v1.18.0.md deleted file mode 100644 index 3fe0b949f7..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.18.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1180---2021-11-25 - version: 1.18.0 - version_tag: v1.18.0 -date: '2021-11-25T13:25:57' -description: Changelog entry for giantswarm/dex-app version 1.18.0, published on 25 - November 2021, 13:25. -title: dex-app release v1.18.0 ---- - -### Added -- Enable telemetry under `/metrics` on port 5558. diff --git a/src/content/changes/dashboards/dex-app/v1.19.0.md b/src/content/changes/dashboards/dex-app/v1.19.0.md deleted file mode 100644 index 1af63762b5..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.19.0.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1190---2021-12-07 - version: 1.19.0 - version_tag: v1.19.0 -date: '2021-12-07T11:25:08' -description: Changelog entry for giantswarm/dex-app version 1.19.0, published on 07 - December 2021, 11:25. -title: dex-app release v1.19.0 ---- - -### Changed -- Add `cluster_id` label to telemetry metrics to allow filtering by workload clusters. -- Update `dex` to v2.30.2. -- Add Job allowing recreation of certificate secrets when upgrading and disabled lets encrypt. diff --git a/src/content/changes/dashboards/dex-app/v1.19.1.md b/src/content/changes/dashboards/dex-app/v1.19.1.md deleted file mode 100644 index ebe9774f61..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.19.1.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1191---2021-12-07 - version: 1.19.1 - version_tag: v1.19.1 -date: '2021-12-07T12:24:01' -description: Changelog entry for giantswarm/dex-app version 1.19.1, published on 07 - December 2021, 12:24. -title: dex-app release v1.19.1 ---- - -### Fixed -- Remove kubernetes version requirement from helm chart. diff --git a/src/content/changes/dashboards/dex-app/v1.2.2.md b/src/content/changes/dashboards/dex-app/v1.2.2.md deleted file mode 100644 index c3753d3f4f..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.2.2.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#122---2020-07-28 - version: 1.2.2 - version_tag: v1.2.2 -date: '2020-07-28T13:29:19' -description: Changelog entry for giantswarm/dex-app version 1.2.2, published on 28 - July 2020, 13:29. -title: dex-app release v1.2.2 ---- - -### Fixed -- Fix github release workflow. diff --git a/src/content/changes/dashboards/dex-app/v1.20.0.md b/src/content/changes/dashboards/dex-app/v1.20.0.md deleted file mode 100644 index 90ceaf957e..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.20.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1200---2021-12-07 - version: 1.20.0 - version_tag: v1.20.0 -date: '2021-12-07T13:15:59' -description: Changelog entry for giantswarm/dex-app version 1.20.0, published on 07 - December 2021, 13:15. -title: dex-app release v1.20.0 ---- - -### Changed -- Roll back to version 2.30.0 diff --git a/src/content/changes/dashboards/dex-app/v1.21.0.md b/src/content/changes/dashboards/dex-app/v1.21.0.md deleted file mode 100644 index e85b28ad7d..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.21.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1210---2021-12-09 - version: 1.21.0 - version_tag: v1.21.0 -date: '2021-12-09T12:12:47' -description: Changelog entry for giantswarm/dex-app version 1.21.0, published on 09 - December 2021, 12:12. -title: dex-app release v1.21.0 ---- - -### Fixed -- Update `dex` to `v2.30.2-gs3` patch. This fixes a bug in `v2.30.2-gs2` which caused redundant group name prefixing to occur on token refresh. diff --git a/src/content/changes/dashboards/dex-app/v1.21.1.md b/src/content/changes/dashboards/dex-app/v1.21.1.md deleted file mode 100644 index c2df3daab5..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.21.1.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1211---2022-01-27 - version: 1.21.1 - version_tag: v1.21.1 -date: '2022-01-27T13:50:45' -description: Changelog entry for giantswarm/dex-app version 1.21.1, published on 27 - January 2022, 13:50. -title: dex-app release v1.21.1 ---- - -### Added -- Add `clusterCA` in dex authenticator configmap from cluster values. -- Add `smoke` test scenario to check if the chart can be deployed. -- Add schema validation for the `dex-app` helm chart. diff --git a/src/content/changes/dashboards/dex-app/v1.22.0.md b/src/content/changes/dashboards/dex-app/v1.22.0.md deleted file mode 100644 index 3d1d85c1e1..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.22.0.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1220---2022-02-23 - version: 1.22.0 - version_tag: v1.22.0 -date: '2022-02-23T10:15:37' -description: Changelog entry for giantswarm/dex-app version 1.22.0, published on 23 - February 2022, 10:15. -title: dex-app release v1.22.0 ---- - -### Added -- Added `securityContext` attribute to all deployments. -- Add `application.giantswarm.io/values-schema` and `application.giantswarm.io/readme` annotations to Chart.yaml; use `app-build-suite` to generate `application.giantswarm.io/metadata`. -### Changed -- Run two replicas of `dex`. -- Update README for clarity. diff --git a/src/content/changes/dashboards/dex-app/v1.22.1.md b/src/content/changes/dashboards/dex-app/v1.22.1.md deleted file mode 100644 index 60b003f930..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.22.1.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1221---2022-02-23 - version: 1.22.1 - version_tag: v1.22.1 -date: '2022-02-23T13:15:18' -description: Changelog entry for giantswarm/dex-app version 1.22.1, published on 23 - February 2022, 13:15. -title: dex-app release v1.22.1 ---- - -### Changed -- Use user id 1000. diff --git a/src/content/changes/dashboards/dex-app/v1.22.2.md b/src/content/changes/dashboards/dex-app/v1.22.2.md deleted file mode 100644 index 4b4778ae31..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.22.2.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1222---2022-02-24 - version: 1.22.2 - version_tag: v1.22.2 -date: '2022-02-24T12:59:10' -description: Changelog entry for giantswarm/dex-app version 1.22.2, published on 24 - February 2022, 12:59. -title: dex-app release v1.22.2 ---- - -### Changed -- Push to `giantswarm` app catalog. diff --git a/src/content/changes/dashboards/dex-app/v1.23.0.md b/src/content/changes/dashboards/dex-app/v1.23.0.md deleted file mode 100644 index 211174fabd..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.23.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1230---2022-03-08 - version: 1.23.0 - version_tag: v1.23.0 -date: '2022-03-08T12:23:02' -description: Changelog entry for giantswarm/dex-app version 1.23.0, published on 08 - March 2022, 12:23. -title: dex-app release v1.23.0 ---- - -### Added -- Add PodDisruptionBudget with `minAvailable: 1` diff --git a/src/content/changes/dashboards/dex-app/v1.23.1.md b/src/content/changes/dashboards/dex-app/v1.23.1.md deleted file mode 100644 index fe04fa6ab5..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.23.1.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1231---2022-03-10 - version: 1.23.1 - version_tag: v1.23.1 -date: '2022-03-10T10:20:44' -description: Changelog entry for giantswarm/dex-app version 1.23.1, published on 10 - March 2022, 10:20. -title: dex-app release v1.23.1 ---- - -### Added -- Add annotation `app.giantswarm.io/secret-checksum` to dex deployment for automatic restarts of the dex pods on config changes. -### Changed -- Enable upgrade tests again, now that there are two releases in the catalog. diff --git a/src/content/changes/dashboards/dex-app/v1.24.0.md b/src/content/changes/dashboards/dex-app/v1.24.0.md deleted file mode 100644 index 9ce688f947..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.24.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1240---2022-03-17 - version: 1.24.0 - version_tag: v1.24.0 -date: '2022-03-17T10:20:00' -description: Changelog entry for giantswarm/dex-app version 1.24.0, published on 17 - March 2022, 10:20. -title: dex-app release v1.24.0 ---- - -### Changed -- Update Dex to `v2.31.0` diff --git a/src/content/changes/dashboards/dex-app/v1.24.1.md b/src/content/changes/dashboards/dex-app/v1.24.1.md deleted file mode 100644 index c9d6f86deb..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.24.1.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1241---2022-03-30 - version: 1.24.1 - version_tag: v1.24.1 -date: '2022-03-30T13:27:10' -description: Changelog entry for giantswarm/dex-app version 1.24.1, published on 30 - March 2022, 13:27. -title: dex-app release v1.24.1 ---- - -### Added -- Add default port to Kubernetes API values to make it configurable. diff --git a/src/content/changes/dashboards/dex-app/v1.24.2.md b/src/content/changes/dashboards/dex-app/v1.24.2.md deleted file mode 100644 index bb86378427..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.24.2.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1242---2022-04-27 - version: 1.24.2 - version_tag: v1.24.2 -date: '2022-04-27T10:26:52' -description: Changelog entry for giantswarm/dex-app version 1.24.2, published on 27 - April 2022, 10:26. -title: dex-app release v1.24.2 ---- - -### Added -- Push to OCI registry on build. -### Changed -- Remove public kubernetes api port in k8s-authenticator configmap template for MCs since the port is already included in the address. -- Add team annotation diff --git a/src/content/changes/dashboards/dex-app/v1.25.0.md b/src/content/changes/dashboards/dex-app/v1.25.0.md deleted file mode 100644 index 809bb1e919..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.25.0.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1250---2022-05-02 - version: 1.25.0 - version_tag: v1.25.0 -date: '2022-05-02T06:37:46' -description: Changelog entry for giantswarm/dex-app version 1.25.0, published on 02 - May 2022, 06:37. -title: dex-app release v1.25.0 ---- - -### Removed -- Remove Job that allowed recreation of certificate secrets when upgrading and disabled lets encrypt. -### Changed -- Update Dex to `v2.31.1`. -- Increase detail in token refresh logs for debugging purposes. -- Support GS specific OIDC group prefixing for password connector types (e.g. LDAP) diff --git a/src/content/changes/dashboards/dex-app/v1.25.1.md b/src/content/changes/dashboards/dex-app/v1.25.1.md deleted file mode 100644 index ae7af0791a..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.25.1.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1251---2022-05-24 - version: 1.25.1 - version_tag: v1.25.1 -date: '2022-05-24T12:20:38' -description: Changelog entry for giantswarm/dex-app version 1.25.1, published on 24 - May 2022, 12:20. -title: dex-app release v1.25.1 ---- - -### Changed -- Changed YAML multiline from `>-` to `|-` -### Added -- Support gs admin callback URI and gs cli trusted peer in WC templating. diff --git a/src/content/changes/dashboards/dex-app/v1.25.2.md b/src/content/changes/dashboards/dex-app/v1.25.2.md deleted file mode 100644 index 386f055391..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.25.2.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1252---2022-08-02 - version: 1.25.2 - version_tag: v1.25.2 -date: '2022-08-02T12:57:33' -description: Changelog entry for giantswarm/dex-app version 1.25.2, published on 02 - August 2022, 12:57. -title: dex-app release v1.25.2 ---- - -### Added -- Add default value for giantswarm CLIAuth client ID. diff --git a/src/content/changes/dashboards/dex-app/v1.26.0.md b/src/content/changes/dashboards/dex-app/v1.26.0.md deleted file mode 100644 index b656a61e18..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.26.0.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/releases/tag/v1.26.0 - version: 1.26.0 - version_tag: v1.26.0 -date: '2022-08-19T15:21:46' -description: Changelog entry for giantswarm/dex-app version 1.26.0, published on 19 - August 2022, 15:21. -title: dex-app release v1.26.0 ---- - -### Changed - -* Update Dex to v2.33.0 https://github.com/giantswarm/dex-app/pull/205 - - diff --git a/src/content/changes/dashboards/dex-app/v1.27.0.md b/src/content/changes/dashboards/dex-app/v1.27.0.md deleted file mode 100644 index 206a92b34a..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.27.0.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1270---2022-09-06 - version: 1.27.0 - version_tag: v1.27.0 -date: '2022-09-06T12:18:44' -description: Changelog entry for giantswarm/dex-app version 1.27.0, published on 06 - September 2022, 12:18. -title: dex-app release v1.27.0 ---- - -### Added -- Add giant swarm monitoring annotations for alerting in workload clusters. -### Changed -- Update Dex to v2.33.0 diff --git a/src/content/changes/dashboards/dex-app/v1.28.0.md b/src/content/changes/dashboards/dex-app/v1.28.0.md deleted file mode 100644 index f3c6093f36..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.28.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1280---2022-09-22 - version: 1.28.0 - version_tag: v1.28.0 -date: '2022-09-22T13:27:28' -description: Changelog entry for giantswarm/dex-app version 1.28.0, published on 22 - September 2022, 13:27. -title: dex-app release v1.28.0 ---- - -### Changed -- Update Dex to v2.34.0 diff --git a/src/content/changes/dashboards/dex-app/v1.29.0.md b/src/content/changes/dashboards/dex-app/v1.29.0.md deleted file mode 100644 index 74b5145ce9..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.29.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1290---2022-09-26 - version: 1.29.0 - version_tag: v1.29.0 -date: '2022-09-26T12:10:59' -description: Changelog entry for giantswarm/dex-app version 1.29.0, published on 26 - September 2022, 12:10. -title: dex-app release v1.29.0 ---- - -### Changed -- Pull kubernetes CA cert for k8s-authenticator from environment variable. diff --git a/src/content/changes/dashboards/dex-app/v1.3.0.md b/src/content/changes/dashboards/dex-app/v1.3.0.md deleted file mode 100644 index d81156a255..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.3.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#130---2020-11-20 - version: 1.3.0 - version_tag: v1.3.0 -date: '2020-11-20T00:05:00' -description: Changelog entry for giantswarm/dex-app version 1.3.0, published on 20 - November 2020, 00:05. -title: dex-app release v1.3.0 ---- - -### Added -- Add separate instance of `dex-k8s-authenticator` to handle GiantSwarm staff access. diff --git a/src/content/changes/dashboards/dex-app/v1.3.1.md b/src/content/changes/dashboards/dex-app/v1.3.1.md deleted file mode 100644 index 9c853f65f4..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.3.1.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#131---2020-11-20 - version: 1.3.1 - version_tag: v1.3.1 -date: '2020-11-20T01:16:23' -description: Changelog entry for giantswarm/dex-app version 1.3.1, published on 20 - November 2020, 01:16. -title: dex-app release v1.3.1 ---- - -### Fixed -- Fix helm template to always install required `dex`/`dex-k8s-authenticator` workloads. -- Route `dex-k8s-authenticator` to proper `/callback` endpoint. diff --git a/src/content/changes/dashboards/dex-app/v1.30.0.md b/src/content/changes/dashboards/dex-app/v1.30.0.md deleted file mode 100644 index 1e08959e94..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.30.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1300---2022-10-13 - version: 1.30.0 - version_tag: v1.30.0 -date: '2022-10-13T13:00:59' -description: Changelog entry for giantswarm/dex-app version 1.30.0, published on 13 - October 2022, 13:00. -title: dex-app release v1.30.0 ---- - -### Changed -- Update Dex to v2.35.3 diff --git a/src/content/changes/dashboards/dex-app/v1.30.1.md b/src/content/changes/dashboards/dex-app/v1.30.1.md deleted file mode 100644 index 1402c8ed63..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.30.1.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1301---2022-11-07 - version: 1.30.1 - version_tag: v1.30.1 -date: '2022-11-07T10:30:35' -description: Changelog entry for giantswarm/dex-app version 1.30.1, published on 07 - November 2022, 10:30. -title: dex-app release v1.30.1 ---- - - diff --git a/src/content/changes/dashboards/dex-app/v1.30.2.md b/src/content/changes/dashboards/dex-app/v1.30.2.md deleted file mode 100644 index a0fc8c94e5..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.30.2.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1302---2022-11-24 - version: 1.30.2 - version_tag: v1.30.2 -date: '2022-11-24T08:46:03' -description: Changelog entry for giantswarm/dex-app version 1.30.2, published on 24 - November 2022, 08:46. -title: dex-app release v1.30.2 ---- - - diff --git a/src/content/changes/dashboards/dex-app/v1.31.0.md b/src/content/changes/dashboards/dex-app/v1.31.0.md deleted file mode 100644 index 9ed160529a..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.31.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1310---2022-11-29 - version: 1.31.0 - version_tag: v1.31.0 -date: '2022-11-29T10:28:30' -description: Changelog entry for giantswarm/dex-app version 1.31.0, published on 29 - November 2022, 10:28. -title: dex-app release v1.31.0 ---- - -### Added -- Add option to configure custom clusterIssuer for certificate generation. diff --git a/src/content/changes/dashboards/dex-app/v1.31.1.md b/src/content/changes/dashboards/dex-app/v1.31.1.md deleted file mode 100644 index 36d467ca6b..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.31.1.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1311---2022-12-01 - version: 1.31.1 - version_tag: v1.31.1 -date: '2022-12-01T09:18:05' -description: Changelog entry for giantswarm/dex-app version 1.31.1, published on 01 - December 2022, 09:18. -title: dex-app release v1.31.1 ---- - -### Changed -- If more connectors are specified in `Values.oidc.customer.connectors` in addition to an existing one in `Values.oidc.customer.connectorConfig`, include both in the dex secret. -### Fixed -- Fix deployment template securityContext. diff --git a/src/content/changes/dashboards/dex-app/v1.31.2.md b/src/content/changes/dashboards/dex-app/v1.31.2.md deleted file mode 100644 index 3458ac9763..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.31.2.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1312---2022-12-01 - version: 1.31.2 - version_tag: v1.31.2 -date: '2022-12-01T12:39:48' -description: Changelog entry for giantswarm/dex-app version 1.31.2, published on 01 - December 2022, 12:39. -title: dex-app release v1.31.2 ---- - -### Added -- Add annotation to dex deployment template to roll pods whenever secret changes. diff --git a/src/content/changes/dashboards/dex-app/v1.32.0.md b/src/content/changes/dashboards/dex-app/v1.32.0.md deleted file mode 100644 index 3c25acbe68..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.32.0.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1320---2022-12-20 - version: 1.32.0 - version_tag: v1.32.0 -date: '2022-12-20T11:26:22' -description: Changelog entry for giantswarm/dex-app version 1.32.0, published on 20 - December 2022, 11:26. -title: dex-app release v1.32.0 ---- - -### Added -- Add support for filtering connectors with `connector_filter` query parameter on connector selection (login) page. -### Changed -- Use external [image](https://schema.giantswarm.io/image/v0.0.1) schema. -- Allowed null values of OIDC connectors in the values schema diff --git a/src/content/changes/dashboards/dex-app/v1.32.1.md b/src/content/changes/dashboards/dex-app/v1.32.1.md deleted file mode 100644 index 340ea806cc..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.32.1.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1321---2022-12-22 - version: 1.32.1 - version_tag: v1.32.1 -date: '2022-12-22T09:13:35' -description: Changelog entry for giantswarm/dex-app version 1.32.1, published on 22 - December 2022, 09:13. -title: dex-app release v1.32.1 ---- - -### Changed -- Use inline schema for 'image', avoid external schema. diff --git a/src/content/changes/dashboards/dex-app/v1.32.2.md b/src/content/changes/dashboards/dex-app/v1.32.2.md deleted file mode 100644 index b0b84d462b..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.32.2.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1322---2023-01-13 - version: 1.32.2 - version_tag: v1.32.2 -date: '2023-01-13T14:28:07' -description: Changelog entry for giantswarm/dex-app version 1.32.2, published on 13 - January 2023, 14:28. -title: dex-app release v1.32.2 ---- - -### Changed -- Improve connector selection (login) and error page UI. diff --git a/src/content/changes/dashboards/dex-app/v1.32.3.md b/src/content/changes/dashboards/dex-app/v1.32.3.md deleted file mode 100644 index 6789754cb6..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.32.3.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1323---2023-02-22 - version: 1.32.3 - version_tag: v1.32.3 -date: '2023-02-22T06:29:53' -description: Changelog entry for giantswarm/dex-app version 1.32.3, published on 22 - February 2023, 06:29. -title: dex-app release v1.32.3 ---- - -### Added -- Add a possibility to configure a custom trusted root CA -- Add support for manual configuration of private workload cluster proxy diff --git a/src/content/changes/dashboards/dex-app/v1.33.0.md b/src/content/changes/dashboards/dex-app/v1.33.0.md deleted file mode 100644 index 316ee1e0ea..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.33.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1330---2023-03-02 - version: 1.33.0 - version_tag: v1.33.0 -date: '2023-03-02T12:49:52' -description: Changelog entry for giantswarm/dex-app version 1.33.0, published on 02 - March 2023, 12:49. -title: dex-app release v1.33.0 ---- - -### Added -- Add additional annotations on all `ingress` objects to support DNS record creation via `external-dns` diff --git a/src/content/changes/dashboards/dex-app/v1.34.0.md b/src/content/changes/dashboards/dex-app/v1.34.0.md deleted file mode 100644 index 19ec9fe3c8..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.34.0.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1340---2023-03-22 - version: 1.34.0 - version_tag: v1.34.0 -date: '2023-03-22T11:40:56' -description: Changelog entry for giantswarm/dex-app version 1.34.0, published on 22 - March 2023, 11:40. -title: dex-app release v1.34.0 ---- - -### Added -- Add circle ci job to push to `capz-app-collection` on new release. -- Static client for GitOps Server. diff --git a/src/content/changes/dashboards/dex-app/v1.34.1.md b/src/content/changes/dashboards/dex-app/v1.34.1.md deleted file mode 100644 index 86001eb7c4..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.34.1.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1341---2023-05-03 - version: 1.34.1 - version_tag: v1.34.1 -date: '2023-05-03T08:13:11' -description: Changelog entry for giantswarm/dex-app version 1.34.1, published on 03 - May 2023, 08:13. -title: dex-app release v1.34.1 ---- - -### Changed -- Remove shared app collection from circle CI -- Define pod disruption budget as percentage diff --git a/src/content/changes/dashboards/dex-app/v1.34.2.md b/src/content/changes/dashboards/dex-app/v1.34.2.md deleted file mode 100644 index 6a8a7ed189..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.34.2.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1342---2023-05-05 - version: 1.34.2 - version_tag: v1.34.2 -date: '2023-05-05T10:39:59' -description: Changelog entry for giantswarm/dex-app version 1.34.2, published on 05 - May 2023, 10:39. -title: dex-app release v1.34.2 ---- - -### Changed -- Changed log level to `info` diff --git a/src/content/changes/dashboards/dex-app/v1.34.3.md b/src/content/changes/dashboards/dex-app/v1.34.3.md deleted file mode 100644 index 11b188cc1e..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.34.3.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1343---2023-06-13 - version: 1.34.3 - version_tag: v1.34.3 -date: '2023-06-13T07:32:02' -description: Changelog entry for giantswarm/dex-app version 1.34.3, published on 13 - June 2023, 07:32. -title: dex-app release v1.34.3 ---- - -### Added -- Add utility function to determine whether the app is installed on a workload cluster -### Removed -- Remove unused dex-k8s-authenticator-giantswarm resources -- Stop pushing to `openstack-app-collection`. diff --git a/src/content/changes/dashboards/dex-app/v1.35.0.md b/src/content/changes/dashboards/dex-app/v1.35.0.md deleted file mode 100644 index 4491ee0741..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.35.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1350---2023-06-19 - version: 1.35.0 - version_tag: v1.35.0 -date: '2023-06-19T10:59:11' -description: Changelog entry for giantswarm/dex-app version 1.35.0, published on 19 - June 2023, 10:59. -title: dex-app release v1.35.0 ---- - -### Changed -- Change format for proxy configuration to automatically use proxy settings from cluster-values secret. diff --git a/src/content/changes/dashboards/dex-app/v1.36.0.md b/src/content/changes/dashboards/dex-app/v1.36.0.md deleted file mode 100644 index 95f864ad23..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.36.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1360---2023-07-11 - version: 1.36.0 - version_tag: v1.36.0 -date: '2023-07-11T07:53:47' -description: Changelog entry for giantswarm/dex-app version 1.36.0, published on 11 - July 2023, 07:53. -title: dex-app release v1.36.0 ---- - -### Changed -- Update Dex to v2.37.0 diff --git a/src/content/changes/dashboards/dex-app/v1.37.0.md b/src/content/changes/dashboards/dex-app/v1.37.0.md deleted file mode 100644 index 1d032cd49c..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.37.0.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1370---2023-07-13 - version: 1.37.0 - version_tag: v1.37.0 -date: '2023-07-13T13:35:44' -description: Changelog entry for giantswarm/dex-app version 1.37.0, published on 13 - July 2023, 13:35. -title: dex-app release v1.37.0 ---- - -### Changed -- Make `ingressClassName` configurable -### Added -- Add support for custom static clients diff --git a/src/content/changes/dashboards/dex-app/v1.38.0.md b/src/content/changes/dashboards/dex-app/v1.38.0.md deleted file mode 100644 index 0e5264dddb..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.38.0.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1380---2023-08-08 - version: 1.38.0 - version_tag: v1.38.0 -date: '2023-08-08T10:46:17' -description: Changelog entry for giantswarm/dex-app version 1.38.0, published on 08 - August 2023, 10:46. -title: dex-app release v1.38.0 ---- - -- Update layout of selector screen. diff --git a/src/content/changes/dashboards/dex-app/v1.39.0.md b/src/content/changes/dashboards/dex-app/v1.39.0.md deleted file mode 100644 index d59463e876..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.39.0.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1390---2023-08-09 - version: 1.39.0 - version_tag: v1.39.0 -date: '2023-08-15T07:10:50' -description: Changelog entry for giantswarm/dex-app version 1.39.0, published on 15 - August 2023, 07:10. -title: dex-app release v1.39.0 ---- - -### Changed -- Reorder connectors in login screen. -- Update app-test-suite dependencies. diff --git a/src/content/changes/dashboards/dex-app/v1.4.0.md b/src/content/changes/dashboards/dex-app/v1.4.0.md deleted file mode 100644 index 8e3aee2de8..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.4.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#140---2020-11-20 - version: 1.4.0 - version_tag: v1.4.0 -date: '2020-11-20T16:04:18' -description: Changelog entry for giantswarm/dex-app version 1.4.0, published on 20 - November 2020, 16:04. -title: dex-app release v1.4.0 ---- - -### Changed -- Replace Google connector with Github connector for GiantSwarm staff. diff --git a/src/content/changes/dashboards/dex-app/v1.40.0.md b/src/content/changes/dashboards/dex-app/v1.40.0.md deleted file mode 100644 index 42058b6188..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.40.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1400---2023-10-02 - version: 1.40.0 - version_tag: v1.40.0 -date: '2023-10-02T09:05:46' -description: Changelog entry for giantswarm/dex-app version 1.40.0, published on 02 - October 2023, 09:05. -title: dex-app release v1.40.0 ---- - -### Changed -- Update deployment to be PSS compliant and PSP toggle. diff --git a/src/content/changes/dashboards/dex-app/v1.41.0.md b/src/content/changes/dashboards/dex-app/v1.41.0.md deleted file mode 100644 index e2d2b0cffe..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.41.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1410---2023-10-03 - version: 1.41.0 - version_tag: v1.41.0 -date: '2023-10-03T07:39:28' -description: Changelog entry for giantswarm/dex-app version 1.41.0, published on 03 - October 2023, 07:39. -title: dex-app release v1.41.0 ---- - -### Added -- Added `seccompProfile` for PSS compliance. diff --git a/src/content/changes/dashboards/dex-app/v1.42.0.md b/src/content/changes/dashboards/dex-app/v1.42.0.md deleted file mode 100644 index b4f23c3c88..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.0.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1420---2023-11-15 - version: 1.42.0 - version_tag: v1.42.0 -date: '2023-11-15T08:34:42' -description: Changelog entry for giantswarm/dex-app version 1.42.0, published on 15 - November 2023, 08:34. -title: dex-app release v1.42.0 ---- - -### Added -- Added `deployDexK8SAuthenticator` option to disable the deployment of dex-k8s-authenticator. -- Added `ingress.tls.externalSecret.enabled` option to disable tls secret creation and allow usage of an external secret. diff --git a/src/content/changes/dashboards/dex-app/v1.42.1.md b/src/content/changes/dashboards/dex-app/v1.42.1.md deleted file mode 100644 index 51f9392e56..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.1.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1421---2023-11-24 - version: 1.42.1 - version_tag: v1.42.1 -date: '2023-11-24T09:22:03' -description: Changelog entry for giantswarm/dex-app version 1.42.1, published on 24 - November 2023, 09:22. -title: dex-app release v1.42.1 ---- - -### Added -- Adding new properties to configure trusted peers in pre-defined static clients diff --git a/src/content/changes/dashboards/dex-app/v1.42.10.md b/src/content/changes/dashboards/dex-app/v1.42.10.md deleted file mode 100644 index 747af75f48..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.10.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#14210---2024-05-28 - version: 1.42.10 - version_tag: v1.42.10 -date: '2024-05-28T10:06:12' -description: Changelog entry for giantswarm/dex-app version 1.42.10, published on - 28 May 2024, 10:06. -title: dex-app release v1.42.10 ---- - -### Removed -- Remove `write_all_group` from values and schema. diff --git a/src/content/changes/dashboards/dex-app/v1.42.11.md b/src/content/changes/dashboards/dex-app/v1.42.11.md deleted file mode 100644 index fdc22d876c..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.11.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#14211---2024-07-18 - version: 1.42.11 - version_tag: v1.42.11 -date: '2024-07-18T14:13:24' -description: Changelog entry for giantswarm/dex-app version 1.42.11, published on - 18 July 2024, 14:13. -title: dex-app release v1.42.11 ---- - -### Changed -- Default `ingress.tls.clusterIssuer` values to `letsencrypt-giantswarm` -- Update `cert-manager.io/cluster-issuer` annotation to use default. diff --git a/src/content/changes/dashboards/dex-app/v1.42.12.md b/src/content/changes/dashboards/dex-app/v1.42.12.md deleted file mode 100644 index 0ff736f486..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.12.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#14212---2024-07-25 - version: 1.42.12 - version_tag: v1.42.12 -date: '2024-07-25T11:42:16' -description: Changelog entry for giantswarm/dex-app version 1.42.12, published on - 25 July 2024, 11:42. -title: dex-app release v1.42.12 ---- - -### Fixed -- Bump dex to [v2.37.1-gs1](https://github.com/giantswarm/dex/releases/tag/v2.37.1-gs1) to fix critical CVEs. diff --git a/src/content/changes/dashboards/dex-app/v1.42.2.md b/src/content/changes/dashboards/dex-app/v1.42.2.md deleted file mode 100644 index c11b4dfb15..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.2.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1422---2023-11-30 - version: 1.42.2 - version_tag: v1.42.2 -date: '2023-11-30T12:28:32' -description: Changelog entry for giantswarm/dex-app version 1.42.2, published on 30 - November 2023, 12:28. -title: dex-app release v1.42.2 ---- - -### Changed -- Don't use `oidc.customer.enabled` value since it is redundant. diff --git a/src/content/changes/dashboards/dex-app/v1.42.3.md b/src/content/changes/dashboards/dex-app/v1.42.3.md deleted file mode 100644 index 4be389771c..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.3.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1423---2023-12-06 - version: 1.42.3 - version_tag: v1.42.3 -date: '2023-12-06T15:32:46' -description: Changelog entry for giantswarm/dex-app version 1.42.3, published on 06 - December 2023, 15:32. -title: dex-app release v1.42.3 ---- - -### Changed -- Configure `gsoci.azurecr.io` as the default container image registry. diff --git a/src/content/changes/dashboards/dex-app/v1.42.4.md b/src/content/changes/dashboards/dex-app/v1.42.4.md deleted file mode 100644 index a9b594e6f4..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.4.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1424---2023-12-20 - version: 1.42.4 - version_tag: v1.42.4 -date: '2023-12-20T16:28:37' -description: Changelog entry for giantswarm/dex-app version 1.42.4, published on 20 - December 2023, 16:28. -title: dex-app release v1.42.4 ---- - - diff --git a/src/content/changes/dashboards/dex-app/v1.42.5.md b/src/content/changes/dashboards/dex-app/v1.42.5.md deleted file mode 100644 index 3b51015780..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.5.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1425---2024-01-12 - version: 1.42.5 - version_tag: v1.42.5 -date: '2024-01-15T09:30:21' -description: Changelog entry for giantswarm/dex-app version 1.42.5, published on 15 - January 2024, 09:30. -title: dex-app release v1.42.5 ---- - -### Changed -- Removes `app.kubernetes.io/instance` from `podSelector` as it exists in common labels. diff --git a/src/content/changes/dashboards/dex-app/v1.42.6.md b/src/content/changes/dashboards/dex-app/v1.42.6.md deleted file mode 100644 index a0e377067d..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.6.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1426---2024-01-15 - version: 1.42.6 - version_tag: v1.42.6 -date: '2024-01-15T11:17:19' -description: Changelog entry for giantswarm/dex-app version 1.42.6, published on 15 - January 2024, 11:17. -title: dex-app release v1.42.6 ---- - - diff --git a/src/content/changes/dashboards/dex-app/v1.42.7.md b/src/content/changes/dashboards/dex-app/v1.42.7.md deleted file mode 100644 index e1583bffac..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.7.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1427---2024-01-15 - version: 1.42.7 - version_tag: v1.42.7 -date: '2024-01-15T14:21:35' -description: Changelog entry for giantswarm/dex-app version 1.42.7, published on 15 - January 2024, 14:21. -title: dex-app release v1.42.7 ---- - - diff --git a/src/content/changes/dashboards/dex-app/v1.42.8.md b/src/content/changes/dashboards/dex-app/v1.42.8.md deleted file mode 100644 index d79dad563b..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.8.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1428---2024-02-05 - version: 1.42.8 - version_tag: v1.42.8 -date: '2024-02-05T12:10:37' -description: Changelog entry for giantswarm/dex-app version 1.42.8, published on 05 - February 2024, 12:10. -title: dex-app release v1.42.8 ---- - -### Changed -- Disables `dex-k8s-authenticator` to be installed by default by setting `deployDexK8SAuthenticator` to `false`. diff --git a/src/content/changes/dashboards/dex-app/v1.42.9.md b/src/content/changes/dashboards/dex-app/v1.42.9.md deleted file mode 100644 index 2d5d39858a..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.42.9.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#1429---2024-03-06 - version: 1.42.9 - version_tag: v1.42.9 -date: '2024-03-06T14:22:09' -description: Changelog entry for giantswarm/dex-app version 1.42.9, published on 06 - March 2024, 14:22. -title: dex-app release v1.42.9 ---- - -### Removed -- Remove deprecated giant swarm monitoring annotations and labels. diff --git a/src/content/changes/dashboards/dex-app/v1.5.0.md b/src/content/changes/dashboards/dex-app/v1.5.0.md deleted file mode 100644 index 2f6f8eaa0a..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.5.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#150---2020-12-03 - version: 1.5.0 - version_tag: v1.5.0 -date: '2020-12-03T11:52:35' -description: Changelog entry for giantswarm/dex-app version 1.5.0, published on 03 - December 2020, 11:52. -title: dex-app release v1.5.0 ---- - -### Added -- Add root CA for `dex-k8s-authenticator`, installed into environments with disabled Letsencrypt. diff --git a/src/content/changes/dashboards/dex-app/v1.6.0.md b/src/content/changes/dashboards/dex-app/v1.6.0.md deleted file mode 100644 index 2e055aebfd..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.6.0.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#160---2021-02-17 - version: 1.6.0 - version_tag: v1.6.0 -date: '2021-02-17T16:48:28' -description: Changelog entry for giantswarm/dex-app version 1.6.0, published on 17 - February 2021, 16:48. -title: dex-app release v1.6.0 ---- - -### Changed -- Update `dex` to `v2.27.0`. -- Update `dex-k8s-authenticator` to `v1.4.0`. diff --git a/src/content/changes/dashboards/dex-app/v1.7.0.md b/src/content/changes/dashboards/dex-app/v1.7.0.md deleted file mode 100644 index 33bdeaf3c3..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.7.0.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#170---2021-03-04 - version: 1.7.0 - version_tag: v1.7.0 -date: '2021-03-04T16:17:08' -description: Changelog entry for giantswarm/dex-app version 1.7.0, published on 04 - March 2021, 16:17. -title: dex-app release v1.7.0 ---- - - diff --git a/src/content/changes/dashboards/dex-app/v1.8.0.md b/src/content/changes/dashboards/dex-app/v1.8.0.md deleted file mode 100644 index acab64aec8..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.8.0.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#180---2021-03-10 - version: 1.8.0 - version_tag: v1.8.0 -date: '2021-03-10T11:46:50' -description: Changelog entry for giantswarm/dex-app version 1.8.0, published on 10 - March 2021, 11:46. -title: dex-app release v1.8.0 ---- - - diff --git a/src/content/changes/dashboards/dex-app/v1.8.1.md b/src/content/changes/dashboards/dex-app/v1.8.1.md deleted file mode 100644 index 074ca494e8..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.8.1.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#181---2021-03-25 - version: 1.8.1 - version_tag: v1.8.1 -date: '2021-03-30T15:04:57' -description: Changelog entry for giantswarm/dex-app version 1.8.1, published on 30 - March 2021, 15:04. -title: dex-app release v1.8.1 ---- - -### Changed -- Update `dex` to v2.28.1. -- Add annotation for owning team -- Update devctl and architect version -- Add pushing to VMware app collection -- Fix Giant Swarm logo URL diff --git a/src/content/changes/dashboards/dex-app/v1.9.0.md b/src/content/changes/dashboards/dex-app/v1.9.0.md deleted file mode 100644 index 5c2451a274..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.9.0.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#190---2021-04-26 - version: 1.9.0 - version_tag: v1.9.0 -date: '2021-04-26T10:11:51' -description: Changelog entry for giantswarm/dex-app version 1.9.0, published on 26 - April 2021, 10:11. -title: dex-app release v1.9.0 ---- - -### Changed -- Start using forked `dex` version with connector IDs as OIDC groups prefixes. diff --git a/src/content/changes/dashboards/dex-app/v1.9.1.md b/src/content/changes/dashboards/dex-app/v1.9.1.md deleted file mode 100644 index 9dc3a915ee..0000000000 --- a/src/content/changes/dashboards/dex-app/v1.9.1.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -changes_categories: -- Dashboards -changes_entry: - repository: giantswarm/dex-app - url: https://github.com/giantswarm/dex-app/blob/master/CHANGELOG.md#191---2021-04-29 - version: 1.9.1 - version_tag: v1.9.1 -date: '2021-04-29T11:44:48' -description: Changelog entry for giantswarm/dex-app version 1.9.1, published on 29 - April 2021, 11:44. -title: dex-app release v1.9.1 ---- - -### Changed -- Add group name prefix also when refreshing a token. diff --git a/src/content/changes/highlights/2024-12-05.md b/src/content/changes/highlights/2024-12-05.md new file mode 100644 index 0000000000..84c7238cfd --- /dev/null +++ b/src/content/changes/highlights/2024-12-05.md @@ -0,0 +1,36 @@ + +--- +date: 2024-12-05T14:00:00 +title: Highlights for the week ending 2024-12-05 +changes_categories: + - Highlights +owner: + - https://github.com/orgs/giantswarm/teams/sig-product +--- + +## General + + + +## Apps + +- [grafana-app](https://github.com/giantswarm/grafana-app) + - [2.18.0](https://github.com/giantswarm/grafana-app/compare/v2.17.0...v2.18.0) + * Add Ingress dummy paths to block access to the `/swagger`, `/metrics`, and `/api/health` endpoints by default. + * upgrade grafana chart: 8.5.12 => 8.6.0 +- [prometheus-rules](https://github.com/giantswarm/prometheus-rules) + - [4.28.0](https://github.com/giantswarm/prometheus- +rules/compare/v4.27.0...v4.28.0) + * Add alert to monitor the `KubeadmConfig` CRs having trouble generating bootstrap data. + * Ignore HelmReleases in e2e test organization namespaces for cabbage `FluxHelmReleaseFailed` (cilium, network-policies, coredns) +- [cert-manager-app](https://github.com/giantswarm/cert-manager-app) + - [3.8.2](https://github.com/giantswarm/cert-manager- +app/compare/v3.8.1...v3.8.2) +### Fix + * added the option to configure additional approveSignerNames + * Changed ownership to team Shield + * Get rid of label `giantswarm.io/monitoring_basic_sli` as this slo generation label is not used anymore. + +## Docs + + diff --git a/src/content/changes/highlights/2024-12-12.md b/src/content/changes/highlights/2024-12-12.md new file mode 100644 index 0000000000..1f27056fdb --- /dev/null +++ b/src/content/changes/highlights/2024-12-12.md @@ -0,0 +1,84 @@ + +--- +date: 2024-12-12T14:00:00 +title: Highlights for the week ending 2024-12-12 +changes_categories: + - Highlights +owner: + - https://github.com/orgs/giantswarm/teams/sig-product +--- + +## General + + + +## Apps + +- [observability-operator](https://github.com/giantswarm/observability-operator) + - [0.10.0](https://github.com/giantswarm/observability- +operator/compare/v0.9.1...v0.10.0) + * Add Mimir Alertmanager datasource. + * Add tenant ids field to the grafana organization CR to be able to support multiple tenants into one organization. + * Removed organization OwnerReference on grafana-user-values configmap, this fixes an issue where the configmap is removed when the last organization is deleted which prevent Grafana from starting. + * Fix grafana organization deletion +- [prometheus-rules](https://github.com/giantswarm/prometheus-rules) + - [4.30.0](https://github.com/giantswarm/prometheus- +rules/compare/v4.29.0...v4.30.0) + * Add alerts for `karpenter` issues. + - [4.29.0](https://github.com/giantswarm/prometheus- +rules/compare/v4.28.0...v4.29.0) + * Increase time to trigger `PromtailRequestsErrors` alert from 15 to 25m. + + +- [aws-nth-bundle](https://github.com/giantswarm/aws-nth-bundle) + - [1.2.0](https://github.com/giantswarm/aws-nth-bundle/compare/v1.1.1...v1.2.0) + * Send spot instance interruption and instance state change events to SQS queue so that aws-node-termination-handler can react to them +- [aws-nth-crossplane-resources](https://github.com/giantswarm/aws-nth-crossplane-resources) + - [1.1.0](https://github.com/giantswarm/aws-nth-crossplane- +resources/compare/v1.0.0...v1.1.0) + * Send spot instance interruption and instance state change events to SQS queue so that aws-node-termination-handler can react to them +- [cluster-azure](https://github.com/giantswarm/cluster-azure) + - [1.5.0](https://github.com/giantswarm/cluster-azure/compare/v1.4.0...v1.5.0) + * Chart: Update `cluster` to [v1.7.0](https://github.com/giantswarm/cluster/releases/tag/v1.7.0). + * Add `teleport-init` systemd unit to handle initial token setup before `teleport` service starts + * Improve `teleport` service reliability by adding proper file and service dependencies and pre-start checks +- [fulfillment](https://github.com/giantswarm/fulfillment) + - [0.0.3](https://github.com/giantswarm/fulfillment/compare/v0.0.2...v0.0.3) + - [0.0.2](https://github.com/giantswarm/fulfillment/compare/v0.0.1...v0.0.2) + + + - [0.0.1](https://github.com/giantswarm/fulfillment/releases/tag/v0.0.1) + + +- [kube-downscaler-app](https://github.com/giantswarm/kube-downscaler-app) + - [0.4.0](https://github.com/giantswarm/kube-downscaler- +app/compare/v0.3.0...v0.4.0) + * Add cilium network policy template. +- [cluster-cloud-director](https://github.com/giantswarm/cluster-cloud-director) + - [0.64.0](https://github.com/giantswarm/cluster-cloud- +director/compare/v0.63.1...v0.64.0) + * Chart: Update `cluster` to [v1.7.0](https://github.com/giantswarm/cluster/releases/tag/v1.7.0). + * Add `teleport-init` systemd unit to handle initial token setup before `teleport` service starts + * Improve `teleport` service reliability by adding proper file and service dependencies and pre-start checks +- [cluster-vsphere](https://github.com/giantswarm/cluster-vsphere) + - [0.68.0](https://github.com/giantswarm/cluster- +vsphere/compare/v0.67.0...v0.68.0) + * Chart: Update `cluster` to [v1.7.0](https://github.com/giantswarm/cluster/releases/tag/v1.7.0). + * Add `teleport-init` systemd unit to handle initial token setup before `teleport` service starts + * Improve `teleport` service reliability by adding proper file and service dependencies and pre-start checks +- [kyverno-policies](https://github.com/giantswarm/kyverno-policies) + - [0.21.1](https://github.com/giantswarm/kyverno- +policies/compare/v0.21.0...v0.21.1) + * Add `application.giantswarm.io/team` label to policies. +- [cluster](https://github.com/giantswarm/cluster) + - [1.7.0](https://github.com/giantswarm/cluster/compare/v1.6.0...v1.7.0) + * Add `teleport-init` systemd unit to handle initial token setup before `teleport` service starts + * Improve `teleport` service reliability by adding proper file and service dependencies and pre-start checks +- [event-exporter-app](https://github.com/giantswarm/event-exporter-app) + - [2.0.0](https://github.com/giantswarm/event-exporter- +app/compare/v1.0.0...v2.0.0) + * Switching upstream image to new supported fork: github.com/resmoio/kubernetes-event-exporter + +## Docs + + diff --git a/src/content/changes/kubectl-gs/kubectl-gs/v4.6.0.md b/src/content/changes/kubectl-gs/kubectl-gs/v4.6.0.md new file mode 100644 index 0000000000..0c10e6327e --- /dev/null +++ b/src/content/changes/kubectl-gs/kubectl-gs/v4.6.0.md @@ -0,0 +1,22 @@ +--- +# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. +changes_categories: +- kubectl gs +changes_entry: + repository: giantswarm/kubectl-gs + url: https://github.com/giantswarm/kubectl-gs/blob/master/CHANGELOG.md#460---2024-11-28 + version: 4.6.0 + version_tag: v4.6.0 +date: '2024-11-28T09:25:23' +description: Changelog entry for giantswarm/kubectl-gs version 4.6.0, published on + 28 November 2024, 09:25. +title: kubectl-gs release v4.6.0 +--- + +### Changed +- Use Phase instead of Status field for Clusters and Nodepools. Affected commands: + - `kubectl gs get clusters` + - `kubectl gs get nodepools` +### Fixed +- Fix getting nodepools via `kubectl gs get nodepools`. +- Remove node classes from vsphere template used in `kubectl gs template cluster` command. diff --git a/src/content/changes/managed-apps/karpenter-bundle/v1.4.0.md b/src/content/changes/managed-apps/karpenter-bundle/v1.4.0.md new file mode 100644 index 0000000000..1da8fc60c6 --- /dev/null +++ b/src/content/changes/managed-apps/karpenter-bundle/v1.4.0.md @@ -0,0 +1,17 @@ +--- +# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. +changes_categories: +- Managed Apps +changes_entry: + repository: giantswarm/karpenter-bundle + url: https://github.com/giantswarm/karpenter-bundle/blob/master/CHANGELOG.md#140---2024-11-28 + version: 1.4.0 + version_tag: v1.4.0 +date: '2024-11-28T15:29:44' +description: Changelog entry for giantswarm/karpenter-bundle version 1.4.0, published + on 28 November 2024, 15:29. +title: karpenter-bundle release v1.4.0 +--- + +### Changed +- Bump karpenter-app to `v0.14.0`. diff --git a/src/content/changes/managed-apps/kong-app/v.0.7.0.md b/src/content/changes/managed-apps/kong-app/v.0.7.0.md index 0fdc2a0ec9..445c29ba88 100644 --- a/src/content/changes/managed-apps/kong-app/v.0.7.0.md +++ b/src/content/changes/managed-apps/kong-app/v.0.7.0.md @@ -5,12 +5,12 @@ changes_categories: changes_entry: repository: giantswarm/kong-app url: https://github.com/giantswarm/kong-app/releases/tag/v.0.7.0 - version: .0.7.0 + version: v.0.7.0 version_tag: v.0.7.0 date: '2020-02-28T17:18:34' -description: Changelog entry for giantswarm/kong-app version .0.7.0, published on +description: Changelog entry for giantswarm/kong-app version v.0.7.0, published on 28 February 2020, 17:18. -title: kong-app release v.0.7.0 +title: kong-app release vv.0.7.0 --- - https://github.com/giantswarm/kong-app/blob/master/CHANGELOG.md#v070 diff --git a/src/content/changes/management-api/apiextensions/v0.2.0.md b/src/content/changes/platform-api/apiextensions/v0.2.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.2.0.md rename to src/content/changes/platform-api/apiextensions/v0.2.0.md index c5459e95cc..e9d2e751cc 100644 --- a/src/content/changes/management-api/apiextensions/v0.2.0.md +++ b/src/content/changes/platform-api/apiextensions/v0.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#020---2020-03-20 diff --git a/src/content/changes/management-api/apiextensions/v0.2.1.md b/src/content/changes/platform-api/apiextensions/v0.2.1.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.2.1.md rename to src/content/changes/platform-api/apiextensions/v0.2.1.md index 4d2566eab7..dcfd4e33a5 100644 --- a/src/content/changes/management-api/apiextensions/v0.2.1.md +++ b/src/content/changes/platform-api/apiextensions/v0.2.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#021---2020-04-06 diff --git a/src/content/changes/management-api/apiextensions/v0.2.2.md b/src/content/changes/platform-api/apiextensions/v0.2.2.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v0.2.2.md rename to src/content/changes/platform-api/apiextensions/v0.2.2.md index 3fa52d5171..8ba12f9594 100644 --- a/src/content/changes/management-api/apiextensions/v0.2.2.md +++ b/src/content/changes/platform-api/apiextensions/v0.2.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#022---2020-04-07 diff --git a/src/content/changes/management-api/apiextensions/v0.2.3.md b/src/content/changes/platform-api/apiextensions/v0.2.3.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.2.3.md rename to src/content/changes/platform-api/apiextensions/v0.2.3.md index 5c6822e7c7..eca59f2e7b 100644 --- a/src/content/changes/management-api/apiextensions/v0.2.3.md +++ b/src/content/changes/platform-api/apiextensions/v0.2.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#023---2020-04-08 diff --git a/src/content/changes/management-api/apiextensions/v0.2.4.md b/src/content/changes/platform-api/apiextensions/v0.2.4.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.2.4.md rename to src/content/changes/platform-api/apiextensions/v0.2.4.md index 7af170b159..25fd12c53b 100644 --- a/src/content/changes/management-api/apiextensions/v0.2.4.md +++ b/src/content/changes/platform-api/apiextensions/v0.2.4.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#024---2020-04-08 diff --git a/src/content/changes/management-api/apiextensions/v0.2.5.md b/src/content/changes/platform-api/apiextensions/v0.2.5.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.2.5.md rename to src/content/changes/platform-api/apiextensions/v0.2.5.md index dd4343fe7a..5e7b51fd93 100644 --- a/src/content/changes/management-api/apiextensions/v0.2.5.md +++ b/src/content/changes/platform-api/apiextensions/v0.2.5.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#025---2020-04-09 diff --git a/src/content/changes/management-api/apiextensions/v0.2.6.md b/src/content/changes/platform-api/apiextensions/v0.2.6.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.2.6.md rename to src/content/changes/platform-api/apiextensions/v0.2.6.md index 26da3dac56..d3a6001891 100644 --- a/src/content/changes/management-api/apiextensions/v0.2.6.md +++ b/src/content/changes/platform-api/apiextensions/v0.2.6.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#026---2020-04-15 diff --git a/src/content/changes/management-api/apiextensions/v0.3.0.md b/src/content/changes/platform-api/apiextensions/v0.3.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.3.0.md rename to src/content/changes/platform-api/apiextensions/v0.3.0.md index 4ef015239e..acdb7a0cc0 100644 --- a/src/content/changes/management-api/apiextensions/v0.3.0.md +++ b/src/content/changes/platform-api/apiextensions/v0.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#030---2020-04-16 diff --git a/src/content/changes/management-api/apiextensions/v0.3.1.md b/src/content/changes/platform-api/apiextensions/v0.3.1.md similarity index 98% rename from src/content/changes/management-api/apiextensions/v0.3.1.md rename to src/content/changes/platform-api/apiextensions/v0.3.1.md index 114ee039aa..1c208c7226 100644 --- a/src/content/changes/management-api/apiextensions/v0.3.1.md +++ b/src/content/changes/platform-api/apiextensions/v0.3.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#031---2020-04-22 diff --git a/src/content/changes/management-api/apiextensions/v0.3.10.md b/src/content/changes/platform-api/apiextensions/v0.3.10.md similarity index 98% rename from src/content/changes/management-api/apiextensions/v0.3.10.md rename to src/content/changes/platform-api/apiextensions/v0.3.10.md index 6635ce39be..d4d34cb20a 100644 --- a/src/content/changes/management-api/apiextensions/v0.3.10.md +++ b/src/content/changes/platform-api/apiextensions/v0.3.10.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0310-2020-05-18 diff --git a/src/content/changes/management-api/apiextensions/v0.3.11.md b/src/content/changes/platform-api/apiextensions/v0.3.11.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.3.11.md rename to src/content/changes/platform-api/apiextensions/v0.3.11.md index 5fe06956aa..937d3c88af 100644 --- a/src/content/changes/management-api/apiextensions/v0.3.11.md +++ b/src/content/changes/platform-api/apiextensions/v0.3.11.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0311-2020-05-20 diff --git a/src/content/changes/management-api/apiextensions/v0.3.2.md b/src/content/changes/platform-api/apiextensions/v0.3.2.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v0.3.2.md rename to src/content/changes/platform-api/apiextensions/v0.3.2.md index e3561ec01b..8a588c7768 100644 --- a/src/content/changes/management-api/apiextensions/v0.3.2.md +++ b/src/content/changes/platform-api/apiextensions/v0.3.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#032---2020-04-27 diff --git a/src/content/changes/management-api/apiextensions/v0.3.3.md b/src/content/changes/platform-api/apiextensions/v0.3.3.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.3.3.md rename to src/content/changes/platform-api/apiextensions/v0.3.3.md index 9a3ce35b53..eeb9ec95ae 100644 --- a/src/content/changes/management-api/apiextensions/v0.3.3.md +++ b/src/content/changes/platform-api/apiextensions/v0.3.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#033---2020-04-28 diff --git a/src/content/changes/management-api/apiextensions/v0.3.4.md b/src/content/changes/platform-api/apiextensions/v0.3.4.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.3.4.md rename to src/content/changes/platform-api/apiextensions/v0.3.4.md index 8bb462448d..37d373e875 100644 --- a/src/content/changes/management-api/apiextensions/v0.3.4.md +++ b/src/content/changes/platform-api/apiextensions/v0.3.4.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#034---2020-04-30 diff --git a/src/content/changes/management-api/apiextensions/v0.3.5.md b/src/content/changes/platform-api/apiextensions/v0.3.5.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v0.3.5.md rename to src/content/changes/platform-api/apiextensions/v0.3.5.md index 04bcfceee2..5adbf21541 100644 --- a/src/content/changes/management-api/apiextensions/v0.3.5.md +++ b/src/content/changes/platform-api/apiextensions/v0.3.5.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#035---2020-05-06 diff --git a/src/content/changes/management-api/apiextensions/v0.3.6.md b/src/content/changes/platform-api/apiextensions/v0.3.6.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.3.6.md rename to src/content/changes/platform-api/apiextensions/v0.3.6.md index 529d281717..1403d5141f 100644 --- a/src/content/changes/management-api/apiextensions/v0.3.6.md +++ b/src/content/changes/platform-api/apiextensions/v0.3.6.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#036-2020-05-07 diff --git a/src/content/changes/management-api/apiextensions/v0.3.7.md b/src/content/changes/platform-api/apiextensions/v0.3.7.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v0.3.7.md rename to src/content/changes/platform-api/apiextensions/v0.3.7.md index d444a1b6fc..e483299e58 100644 --- a/src/content/changes/management-api/apiextensions/v0.3.7.md +++ b/src/content/changes/platform-api/apiextensions/v0.3.7.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#037-2020-05-08 diff --git a/src/content/changes/management-api/apiextensions/v0.3.8.md b/src/content/changes/platform-api/apiextensions/v0.3.8.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v0.3.8.md rename to src/content/changes/platform-api/apiextensions/v0.3.8.md index 33f783ffec..4e995e7776 100644 --- a/src/content/changes/management-api/apiextensions/v0.3.8.md +++ b/src/content/changes/platform-api/apiextensions/v0.3.8.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#038-2020-05-08 diff --git a/src/content/changes/management-api/apiextensions/v0.3.9.md b/src/content/changes/platform-api/apiextensions/v0.3.9.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.3.9.md rename to src/content/changes/platform-api/apiextensions/v0.3.9.md index 0f7b46b525..688d198708 100644 --- a/src/content/changes/management-api/apiextensions/v0.3.9.md +++ b/src/content/changes/platform-api/apiextensions/v0.3.9.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#039-2020-05-12 diff --git a/src/content/changes/management-api/apiextensions/v0.4.0.md b/src/content/changes/platform-api/apiextensions/v0.4.0.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v0.4.0.md rename to src/content/changes/platform-api/apiextensions/v0.4.0.md index 4b152fde22..2d8474099f 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.0.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#040-2020-05-20 diff --git a/src/content/changes/management-api/apiextensions/v0.4.1.md b/src/content/changes/platform-api/apiextensions/v0.4.1.md similarity index 98% rename from src/content/changes/management-api/apiextensions/v0.4.1.md rename to src/content/changes/platform-api/apiextensions/v0.4.1.md index 5f3db4fdc2..87a98182a3 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.1.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#041-2020-05-22 diff --git a/src/content/changes/management-api/apiextensions/v0.4.10.md b/src/content/changes/platform-api/apiextensions/v0.4.10.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.4.10.md rename to src/content/changes/platform-api/apiextensions/v0.4.10.md index 97af4664ca..c1888e4c98 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.10.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.10.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0410---2020-07-08 diff --git a/src/content/changes/management-api/apiextensions/v0.4.11.md b/src/content/changes/platform-api/apiextensions/v0.4.11.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.4.11.md rename to src/content/changes/platform-api/apiextensions/v0.4.11.md index cce50ad20d..b4c537e5d6 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.11.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.11.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0411---2020-07-09 diff --git a/src/content/changes/management-api/apiextensions/v0.4.12.md b/src/content/changes/platform-api/apiextensions/v0.4.12.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.4.12.md rename to src/content/changes/platform-api/apiextensions/v0.4.12.md index f634e19b6d..1a98c37be8 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.12.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.12.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0412---2020-07-10 diff --git a/src/content/changes/management-api/apiextensions/v0.4.13.md b/src/content/changes/platform-api/apiextensions/v0.4.13.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.4.13.md rename to src/content/changes/platform-api/apiextensions/v0.4.13.md index fb7480485b..79ac4d9f0b 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.13.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.13.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0413---2020-07-13 diff --git a/src/content/changes/management-api/apiextensions/v0.4.14.md b/src/content/changes/platform-api/apiextensions/v0.4.14.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.4.14.md rename to src/content/changes/platform-api/apiextensions/v0.4.14.md index 3b0c7c6487..29f3d95867 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.14.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.14.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0414---2020-07-14 diff --git a/src/content/changes/management-api/apiextensions/v0.4.15.md b/src/content/changes/platform-api/apiextensions/v0.4.15.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.4.15.md rename to src/content/changes/platform-api/apiextensions/v0.4.15.md index 48c9755886..e53fb3f0c7 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.15.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.15.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0415---2020-07-15 diff --git a/src/content/changes/management-api/apiextensions/v0.4.16.md b/src/content/changes/platform-api/apiextensions/v0.4.16.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v0.4.16.md rename to src/content/changes/platform-api/apiextensions/v0.4.16.md index 10ba576833..2de6600f3d 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.16.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.16.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0416---2020-07-20 diff --git a/src/content/changes/management-api/apiextensions/v0.4.17.md b/src/content/changes/platform-api/apiextensions/v0.4.17.md similarity index 98% rename from src/content/changes/management-api/apiextensions/v0.4.17.md rename to src/content/changes/platform-api/apiextensions/v0.4.17.md index 31764dc50c..ff578e6de2 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.17.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.17.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0417---2020-07-23 diff --git a/src/content/changes/management-api/apiextensions/v0.4.18.md b/src/content/changes/platform-api/apiextensions/v0.4.18.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v0.4.18.md rename to src/content/changes/platform-api/apiextensions/v0.4.18.md index c0c3920fa5..c3160e5c17 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.18.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.18.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0418---2020-07-27 diff --git a/src/content/changes/management-api/apiextensions/v0.4.19.md b/src/content/changes/platform-api/apiextensions/v0.4.19.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.4.19.md rename to src/content/changes/platform-api/apiextensions/v0.4.19.md index edb3f866fc..4183878a32 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.19.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.19.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0419---2020-07-29 diff --git a/src/content/changes/management-api/apiextensions/v0.4.2.md b/src/content/changes/platform-api/apiextensions/v0.4.2.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.4.2.md rename to src/content/changes/platform-api/apiextensions/v0.4.2.md index 16b1c8d1d6..5cc6033192 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.2.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#042-2020-05-25 diff --git a/src/content/changes/management-api/apiextensions/v0.4.20.md b/src/content/changes/platform-api/apiextensions/v0.4.20.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v0.4.20.md rename to src/content/changes/platform-api/apiextensions/v0.4.20.md index 5abaef394c..e56cdbd954 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.20.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.20.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#0420---2020-07-31 diff --git a/src/content/changes/management-api/apiextensions/v0.4.3.md b/src/content/changes/platform-api/apiextensions/v0.4.3.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.4.3.md rename to src/content/changes/platform-api/apiextensions/v0.4.3.md index b59bcc9b9e..d7e2b50977 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.3.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#043-2020-05-25 diff --git a/src/content/changes/management-api/apiextensions/v0.4.4.md b/src/content/changes/platform-api/apiextensions/v0.4.4.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v0.4.4.md rename to src/content/changes/platform-api/apiextensions/v0.4.4.md index 6b40cfba86..f791cce5f7 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.4.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.4.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#044-2020-05-29 diff --git a/src/content/changes/management-api/apiextensions/v0.4.5.md b/src/content/changes/platform-api/apiextensions/v0.4.5.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.4.5.md rename to src/content/changes/platform-api/apiextensions/v0.4.5.md index 5056c7a1ee..e1cdc1d7d6 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.5.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.5.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#045-2020-06-01 diff --git a/src/content/changes/management-api/apiextensions/v0.4.6.md b/src/content/changes/platform-api/apiextensions/v0.4.6.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v0.4.6.md rename to src/content/changes/platform-api/apiextensions/v0.4.6.md index 8063572fea..5a6e68643f 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.6.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.6.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#046-2020-06-01 diff --git a/src/content/changes/management-api/apiextensions/v0.4.7.md b/src/content/changes/platform-api/apiextensions/v0.4.7.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.4.7.md rename to src/content/changes/platform-api/apiextensions/v0.4.7.md index c06e008e82..75e901bd97 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.7.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.7.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#047-2020-06-11 diff --git a/src/content/changes/management-api/apiextensions/v0.4.8.md b/src/content/changes/platform-api/apiextensions/v0.4.8.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v0.4.8.md rename to src/content/changes/platform-api/apiextensions/v0.4.8.md index 26bbe93f47..03a4b478c9 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.8.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.8.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#048-2020-06-22 diff --git a/src/content/changes/management-api/apiextensions/v0.4.9.md b/src/content/changes/platform-api/apiextensions/v0.4.9.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v0.4.9.md rename to src/content/changes/platform-api/apiextensions/v0.4.9.md index 410779c6be..111b10949e 100644 --- a/src/content/changes/management-api/apiextensions/v0.4.9.md +++ b/src/content/changes/platform-api/apiextensions/v0.4.9.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#049-2020-07-07 diff --git a/src/content/changes/management-api/apiextensions/v2.0.0.md b/src/content/changes/platform-api/apiextensions/v2.0.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v2.0.0.md rename to src/content/changes/platform-api/apiextensions/v2.0.0.md index f723ba3fb1..8b25b3b0b9 100644 --- a/src/content/changes/management-api/apiextensions/v2.0.0.md +++ b/src/content/changes/platform-api/apiextensions/v2.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#200---2020-08-10 diff --git a/src/content/changes/management-api/apiextensions/v2.0.1.md b/src/content/changes/platform-api/apiextensions/v2.0.1.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v2.0.1.md rename to src/content/changes/platform-api/apiextensions/v2.0.1.md index 3018750ef1..bf06ec2a92 100644 --- a/src/content/changes/management-api/apiextensions/v2.0.1.md +++ b/src/content/changes/platform-api/apiextensions/v2.0.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#201---2020-08-13 diff --git a/src/content/changes/management-api/apiextensions/v2.1.0.md b/src/content/changes/platform-api/apiextensions/v2.1.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v2.1.0.md rename to src/content/changes/platform-api/apiextensions/v2.1.0.md index 19b1d5215d..795a0c0454 100644 --- a/src/content/changes/management-api/apiextensions/v2.1.0.md +++ b/src/content/changes/platform-api/apiextensions/v2.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#210---2020-08-17 diff --git a/src/content/changes/management-api/apiextensions/v2.2.0.md b/src/content/changes/platform-api/apiextensions/v2.2.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v2.2.0.md rename to src/content/changes/platform-api/apiextensions/v2.2.0.md index 2065d0e594..60ecc80b26 100644 --- a/src/content/changes/management-api/apiextensions/v2.2.0.md +++ b/src/content/changes/platform-api/apiextensions/v2.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#220---2020-09-15 diff --git a/src/content/changes/management-api/apiextensions/v2.3.0.md b/src/content/changes/platform-api/apiextensions/v2.3.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v2.3.0.md rename to src/content/changes/platform-api/apiextensions/v2.3.0.md index 445523ee70..041e598c17 100644 --- a/src/content/changes/management-api/apiextensions/v2.3.0.md +++ b/src/content/changes/platform-api/apiextensions/v2.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#230---2020-09-16 diff --git a/src/content/changes/management-api/apiextensions/v2.4.0.md b/src/content/changes/platform-api/apiextensions/v2.4.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v2.4.0.md rename to src/content/changes/platform-api/apiextensions/v2.4.0.md index 782c00e528..09bde4a0fa 100644 --- a/src/content/changes/management-api/apiextensions/v2.4.0.md +++ b/src/content/changes/platform-api/apiextensions/v2.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#240---2020-09-17 diff --git a/src/content/changes/management-api/apiextensions/v2.5.0.md b/src/content/changes/platform-api/apiextensions/v2.5.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v2.5.0.md rename to src/content/changes/platform-api/apiextensions/v2.5.0.md index 09aae9e34d..66644dec8e 100644 --- a/src/content/changes/management-api/apiextensions/v2.5.0.md +++ b/src/content/changes/platform-api/apiextensions/v2.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#250---2020-09-22 diff --git a/src/content/changes/management-api/apiextensions/v2.5.1.md b/src/content/changes/platform-api/apiextensions/v2.5.1.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v2.5.1.md rename to src/content/changes/platform-api/apiextensions/v2.5.1.md index 102158983c..f349cd1ced 100644 --- a/src/content/changes/management-api/apiextensions/v2.5.1.md +++ b/src/content/changes/platform-api/apiextensions/v2.5.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#251---2020-09-23 diff --git a/src/content/changes/management-api/apiextensions/v2.5.2.md b/src/content/changes/platform-api/apiextensions/v2.5.2.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v2.5.2.md rename to src/content/changes/platform-api/apiextensions/v2.5.2.md index 7fead9fcae..a50900ebb6 100644 --- a/src/content/changes/management-api/apiextensions/v2.5.2.md +++ b/src/content/changes/platform-api/apiextensions/v2.5.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#252---2020-10-01 diff --git a/src/content/changes/management-api/apiextensions/v2.5.3.md b/src/content/changes/platform-api/apiextensions/v2.5.3.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v2.5.3.md rename to src/content/changes/platform-api/apiextensions/v2.5.3.md index 2cfd6b009a..1259368b2b 100644 --- a/src/content/changes/management-api/apiextensions/v2.5.3.md +++ b/src/content/changes/platform-api/apiextensions/v2.5.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#253---2020-10-02 diff --git a/src/content/changes/management-api/apiextensions/v2.6.0.md b/src/content/changes/platform-api/apiextensions/v2.6.0.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v2.6.0.md rename to src/content/changes/platform-api/apiextensions/v2.6.0.md index ffa9f88bc0..59786767cf 100644 --- a/src/content/changes/management-api/apiextensions/v2.6.0.md +++ b/src/content/changes/platform-api/apiextensions/v2.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#260---2020-10-05 diff --git a/src/content/changes/management-api/apiextensions/v2.6.1.md b/src/content/changes/platform-api/apiextensions/v2.6.1.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v2.6.1.md rename to src/content/changes/platform-api/apiextensions/v2.6.1.md index 7dcdfa0ea7..4a1f576595 100644 --- a/src/content/changes/management-api/apiextensions/v2.6.1.md +++ b/src/content/changes/platform-api/apiextensions/v2.6.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#261---2020-10-07 diff --git a/src/content/changes/management-api/apiextensions/v2.6.2.md b/src/content/changes/platform-api/apiextensions/v2.6.2.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v2.6.2.md rename to src/content/changes/platform-api/apiextensions/v2.6.2.md index 0c975833a8..5becc8c9e0 100644 --- a/src/content/changes/management-api/apiextensions/v2.6.2.md +++ b/src/content/changes/platform-api/apiextensions/v2.6.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#262---2020-10-09 diff --git a/src/content/changes/management-api/apiextensions/v3.0.0.md b/src/content/changes/platform-api/apiextensions/v3.0.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.0.0.md rename to src/content/changes/platform-api/apiextensions/v3.0.0.md index 2b812e273b..883967c04e 100644 --- a/src/content/changes/management-api/apiextensions/v3.0.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#300---2020-10-08 diff --git a/src/content/changes/management-api/apiextensions/v3.1.0.md b/src/content/changes/platform-api/apiextensions/v3.1.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.1.0.md rename to src/content/changes/platform-api/apiextensions/v3.1.0.md index 9b8dfde3e2..26c7764f4a 100644 --- a/src/content/changes/management-api/apiextensions/v3.1.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#310---2020-10-09 diff --git a/src/content/changes/management-api/apiextensions/v3.10.0.md b/src/content/changes/platform-api/apiextensions/v3.10.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.10.0.md rename to src/content/changes/platform-api/apiextensions/v3.10.0.md index ce3121e13a..22882911a5 100644 --- a/src/content/changes/management-api/apiextensions/v3.10.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.10.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3100---2020-11-30 diff --git a/src/content/changes/management-api/apiextensions/v3.11.0.md b/src/content/changes/platform-api/apiextensions/v3.11.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.11.0.md rename to src/content/changes/platform-api/apiextensions/v3.11.0.md index 22774795aa..c1e87bc111 100644 --- a/src/content/changes/management-api/apiextensions/v3.11.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.11.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3110---2020-12-02 diff --git a/src/content/changes/management-api/apiextensions/v3.12.0.md b/src/content/changes/platform-api/apiextensions/v3.12.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.12.0.md rename to src/content/changes/platform-api/apiextensions/v3.12.0.md index 0e920f7538..a18209c884 100644 --- a/src/content/changes/management-api/apiextensions/v3.12.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.12.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3120---2020-12-03 diff --git a/src/content/changes/management-api/apiextensions/v3.13.0.md b/src/content/changes/platform-api/apiextensions/v3.13.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.13.0.md rename to src/content/changes/platform-api/apiextensions/v3.13.0.md index cc018de652..5435d3d738 100644 --- a/src/content/changes/management-api/apiextensions/v3.13.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.13.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3130---2020-12-07 diff --git a/src/content/changes/management-api/apiextensions/v3.14.0.md b/src/content/changes/platform-api/apiextensions/v3.14.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.14.0.md rename to src/content/changes/platform-api/apiextensions/v3.14.0.md index bc80a11f58..a0694cc1cf 100644 --- a/src/content/changes/management-api/apiextensions/v3.14.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.14.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3140---2021-01-05 diff --git a/src/content/changes/management-api/apiextensions/v3.14.1.md b/src/content/changes/platform-api/apiextensions/v3.14.1.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.14.1.md rename to src/content/changes/platform-api/apiextensions/v3.14.1.md index afc6bc4a99..f4dc0c9575 100644 --- a/src/content/changes/management-api/apiextensions/v3.14.1.md +++ b/src/content/changes/platform-api/apiextensions/v3.14.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3141---2021-01-07 diff --git a/src/content/changes/management-api/apiextensions/v3.15.0.md b/src/content/changes/platform-api/apiextensions/v3.15.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.15.0.md rename to src/content/changes/platform-api/apiextensions/v3.15.0.md index ea1e0911dd..310c2bbc89 100644 --- a/src/content/changes/management-api/apiextensions/v3.15.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.15.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3150---2021-01-21 diff --git a/src/content/changes/management-api/apiextensions/v3.15.1.md b/src/content/changes/platform-api/apiextensions/v3.15.1.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.15.1.md rename to src/content/changes/platform-api/apiextensions/v3.15.1.md index 7f5e291c0e..a81443bbc0 100644 --- a/src/content/changes/management-api/apiextensions/v3.15.1.md +++ b/src/content/changes/platform-api/apiextensions/v3.15.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3151---2021-01-26 diff --git a/src/content/changes/management-api/apiextensions/v3.16.0.md b/src/content/changes/platform-api/apiextensions/v3.16.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.16.0.md rename to src/content/changes/platform-api/apiextensions/v3.16.0.md index 8cbb5235c4..fb12d69345 100644 --- a/src/content/changes/management-api/apiextensions/v3.16.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.16.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3160---2021-01-28 diff --git a/src/content/changes/management-api/apiextensions/v3.16.1.md b/src/content/changes/platform-api/apiextensions/v3.16.1.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v3.16.1.md rename to src/content/changes/platform-api/apiextensions/v3.16.1.md index 556f188bf2..0ab72472fd 100644 --- a/src/content/changes/management-api/apiextensions/v3.16.1.md +++ b/src/content/changes/platform-api/apiextensions/v3.16.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3161---2021-01-28 diff --git a/src/content/changes/management-api/apiextensions/v3.17.0.md b/src/content/changes/platform-api/apiextensions/v3.17.0.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v3.17.0.md rename to src/content/changes/platform-api/apiextensions/v3.17.0.md index 29d0fb2735..4c0ae183f1 100644 --- a/src/content/changes/management-api/apiextensions/v3.17.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.17.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3170---2021-02-03 diff --git a/src/content/changes/management-api/apiextensions/v3.18.0.md b/src/content/changes/platform-api/apiextensions/v3.18.0.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v3.18.0.md rename to src/content/changes/platform-api/apiextensions/v3.18.0.md index 553ee95cda..a9e05433c8 100644 --- a/src/content/changes/management-api/apiextensions/v3.18.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.18.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3180---2021-02-08 diff --git a/src/content/changes/management-api/apiextensions/v3.18.1.md b/src/content/changes/platform-api/apiextensions/v3.18.1.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.18.1.md rename to src/content/changes/platform-api/apiextensions/v3.18.1.md index ee6170218e..8a230a3648 100644 --- a/src/content/changes/management-api/apiextensions/v3.18.1.md +++ b/src/content/changes/platform-api/apiextensions/v3.18.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3181---2021-02-15 diff --git a/src/content/changes/management-api/apiextensions/v3.18.2.md b/src/content/changes/platform-api/apiextensions/v3.18.2.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.18.2.md rename to src/content/changes/platform-api/apiextensions/v3.18.2.md index 81bc9ecf3e..1809e573b5 100644 --- a/src/content/changes/management-api/apiextensions/v3.18.2.md +++ b/src/content/changes/platform-api/apiextensions/v3.18.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3182---2021-02-18 diff --git a/src/content/changes/management-api/apiextensions/v3.19.0.md b/src/content/changes/platform-api/apiextensions/v3.19.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.19.0.md rename to src/content/changes/platform-api/apiextensions/v3.19.0.md index 028e389fb6..e16fa5fefd 100644 --- a/src/content/changes/management-api/apiextensions/v3.19.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.19.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3190---2021-02-23 diff --git a/src/content/changes/management-api/apiextensions/v3.2.0.md b/src/content/changes/platform-api/apiextensions/v3.2.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.2.0.md rename to src/content/changes/platform-api/apiextensions/v3.2.0.md index ed4a4959a8..0fa6f4f9fc 100644 --- a/src/content/changes/management-api/apiextensions/v3.2.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#320---2020-10-15 diff --git a/src/content/changes/management-api/apiextensions/v3.20.0.md b/src/content/changes/platform-api/apiextensions/v3.20.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.20.0.md rename to src/content/changes/platform-api/apiextensions/v3.20.0.md index 89174845f0..4523e641fc 100644 --- a/src/content/changes/management-api/apiextensions/v3.20.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.20.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3200---2021-03-15 diff --git a/src/content/changes/management-api/apiextensions/v3.21.0.md b/src/content/changes/platform-api/apiextensions/v3.21.0.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v3.21.0.md rename to src/content/changes/platform-api/apiextensions/v3.21.0.md index 70d9aa9028..8975d1980f 100644 --- a/src/content/changes/management-api/apiextensions/v3.21.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.21.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3210---2021-03-16 diff --git a/src/content/changes/management-api/apiextensions/v3.22.0.md b/src/content/changes/platform-api/apiextensions/v3.22.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.22.0.md rename to src/content/changes/platform-api/apiextensions/v3.22.0.md index f1316f50c0..5edc3eb2b2 100644 --- a/src/content/changes/management-api/apiextensions/v3.22.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.22.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3220---2021-03-17 diff --git a/src/content/changes/management-api/apiextensions/v3.23.0.md b/src/content/changes/platform-api/apiextensions/v3.23.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.23.0.md rename to src/content/changes/platform-api/apiextensions/v3.23.0.md index 60c3e99d04..eb83514705 100644 --- a/src/content/changes/management-api/apiextensions/v3.23.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.23.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3230---2021-05-13 diff --git a/src/content/changes/management-api/apiextensions/v3.24.0.md b/src/content/changes/platform-api/apiextensions/v3.24.0.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v3.24.0.md rename to src/content/changes/platform-api/apiextensions/v3.24.0.md index 1fe0e9c45f..32f17d91d5 100644 --- a/src/content/changes/management-api/apiextensions/v3.24.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.24.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3240---2021-05-18 diff --git a/src/content/changes/management-api/apiextensions/v3.25.0.md b/src/content/changes/platform-api/apiextensions/v3.25.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.25.0.md rename to src/content/changes/platform-api/apiextensions/v3.25.0.md index 0a274ebfa0..cb356bfbfe 100644 --- a/src/content/changes/management-api/apiextensions/v3.25.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.25.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3250---2021-05-18 diff --git a/src/content/changes/management-api/apiextensions/v3.26.0.md b/src/content/changes/platform-api/apiextensions/v3.26.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.26.0.md rename to src/content/changes/platform-api/apiextensions/v3.26.0.md index ece2968a0d..e5ec1c6344 100644 --- a/src/content/changes/management-api/apiextensions/v3.26.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.26.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3260---2021-05-19 diff --git a/src/content/changes/management-api/apiextensions/v3.27.0.md b/src/content/changes/platform-api/apiextensions/v3.27.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.27.0.md rename to src/content/changes/platform-api/apiextensions/v3.27.0.md index d5a6622253..f4248ba68a 100644 --- a/src/content/changes/management-api/apiextensions/v3.27.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.27.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3270---2021-06-16 diff --git a/src/content/changes/management-api/apiextensions/v3.27.1.md b/src/content/changes/platform-api/apiextensions/v3.27.1.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.27.1.md rename to src/content/changes/platform-api/apiextensions/v3.27.1.md index 60ad8182a2..8634a30e97 100644 --- a/src/content/changes/management-api/apiextensions/v3.27.1.md +++ b/src/content/changes/platform-api/apiextensions/v3.27.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3271---2021-07-05 diff --git a/src/content/changes/management-api/apiextensions/v3.27.2.md b/src/content/changes/platform-api/apiextensions/v3.27.2.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.27.2.md rename to src/content/changes/platform-api/apiextensions/v3.27.2.md index bf18cdb125..4e6d2b21d1 100644 --- a/src/content/changes/management-api/apiextensions/v3.27.2.md +++ b/src/content/changes/platform-api/apiextensions/v3.27.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3272---2021-07-19 diff --git a/src/content/changes/management-api/apiextensions/v3.27.3.md b/src/content/changes/platform-api/apiextensions/v3.27.3.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.27.3.md rename to src/content/changes/platform-api/apiextensions/v3.27.3.md index 260a24b18a..54a3b94b15 100644 --- a/src/content/changes/management-api/apiextensions/v3.27.3.md +++ b/src/content/changes/platform-api/apiextensions/v3.27.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3273---2021-07-20 diff --git a/src/content/changes/management-api/apiextensions/v3.28.0.md b/src/content/changes/platform-api/apiextensions/v3.28.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.28.0.md rename to src/content/changes/platform-api/apiextensions/v3.28.0.md index 3c392938a9..546fb9d956 100644 --- a/src/content/changes/management-api/apiextensions/v3.28.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.28.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3280---2021-07-27 diff --git a/src/content/changes/management-api/apiextensions/v3.29.0.md b/src/content/changes/platform-api/apiextensions/v3.29.0.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v3.29.0.md rename to src/content/changes/platform-api/apiextensions/v3.29.0.md index bca5885a22..fd94293d62 100644 --- a/src/content/changes/management-api/apiextensions/v3.29.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.29.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3290---2021-07-27 diff --git a/src/content/changes/management-api/apiextensions/v3.3.0.md b/src/content/changes/platform-api/apiextensions/v3.3.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.3.0.md rename to src/content/changes/platform-api/apiextensions/v3.3.0.md index 6d8fb06a9f..f1756e179f 100644 --- a/src/content/changes/management-api/apiextensions/v3.3.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#330---2020-10-23 diff --git a/src/content/changes/management-api/apiextensions/v3.30.0.md b/src/content/changes/platform-api/apiextensions/v3.30.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.30.0.md rename to src/content/changes/platform-api/apiextensions/v3.30.0.md index b499adf051..c6aac8cd2c 100644 --- a/src/content/changes/management-api/apiextensions/v3.30.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.30.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3300---2021-07-29 diff --git a/src/content/changes/management-api/apiextensions/v3.31.0.md b/src/content/changes/platform-api/apiextensions/v3.31.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.31.0.md rename to src/content/changes/platform-api/apiextensions/v3.31.0.md index f879d874ea..f3c2f07ca2 100644 --- a/src/content/changes/management-api/apiextensions/v3.31.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.31.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3310---2021-08-06 diff --git a/src/content/changes/management-api/apiextensions/v3.32.0.md b/src/content/changes/platform-api/apiextensions/v3.32.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.32.0.md rename to src/content/changes/platform-api/apiextensions/v3.32.0.md index 92c0a62225..9f5fb039b3 100644 --- a/src/content/changes/management-api/apiextensions/v3.32.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.32.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3320---2021-08-10 diff --git a/src/content/changes/management-api/apiextensions/v3.33.0.md b/src/content/changes/platform-api/apiextensions/v3.33.0.md similarity index 98% rename from src/content/changes/management-api/apiextensions/v3.33.0.md rename to src/content/changes/platform-api/apiextensions/v3.33.0.md index f898d682df..893f607d36 100644 --- a/src/content/changes/management-api/apiextensions/v3.33.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.33.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3330---2021-09-10 diff --git a/src/content/changes/management-api/apiextensions/v3.34.0.md b/src/content/changes/platform-api/apiextensions/v3.34.0.md similarity index 98% rename from src/content/changes/management-api/apiextensions/v3.34.0.md rename to src/content/changes/platform-api/apiextensions/v3.34.0.md index 384c9fae91..9b2bebefa8 100644 --- a/src/content/changes/management-api/apiextensions/v3.34.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.34.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3340---2021-10-13 diff --git a/src/content/changes/management-api/apiextensions/v3.35.0.md b/src/content/changes/platform-api/apiextensions/v3.35.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.35.0.md rename to src/content/changes/platform-api/apiextensions/v3.35.0.md index 008d61cf6e..2dcda8db67 100644 --- a/src/content/changes/management-api/apiextensions/v3.35.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.35.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3350---2021-10-20 diff --git a/src/content/changes/management-api/apiextensions/v3.36.0.md b/src/content/changes/platform-api/apiextensions/v3.36.0.md similarity index 98% rename from src/content/changes/management-api/apiextensions/v3.36.0.md rename to src/content/changes/platform-api/apiextensions/v3.36.0.md index 66f65e3ba0..4097d08199 100644 --- a/src/content/changes/management-api/apiextensions/v3.36.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.36.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3360---2021-11-08 diff --git a/src/content/changes/management-api/apiextensions/v3.37.0.md b/src/content/changes/platform-api/apiextensions/v3.37.0.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v3.37.0.md rename to src/content/changes/platform-api/apiextensions/v3.37.0.md index da6b2f1e42..8d776808af 100644 --- a/src/content/changes/management-api/apiextensions/v3.37.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.37.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3370---2021-11-12 diff --git a/src/content/changes/management-api/apiextensions/v3.38.0.md b/src/content/changes/platform-api/apiextensions/v3.38.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.38.0.md rename to src/content/changes/platform-api/apiextensions/v3.38.0.md index 7d5699eabb..a66740d039 100644 --- a/src/content/changes/management-api/apiextensions/v3.38.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.38.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3380---2021-11-12 diff --git a/src/content/changes/management-api/apiextensions/v3.39.0.md b/src/content/changes/platform-api/apiextensions/v3.39.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.39.0.md rename to src/content/changes/platform-api/apiextensions/v3.39.0.md index 59f56c30cd..32a438626c 100644 --- a/src/content/changes/management-api/apiextensions/v3.39.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.39.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3390---2021-11-26 diff --git a/src/content/changes/management-api/apiextensions/v3.4.0.md b/src/content/changes/platform-api/apiextensions/v3.4.0.md similarity index 98% rename from src/content/changes/management-api/apiextensions/v3.4.0.md rename to src/content/changes/platform-api/apiextensions/v3.4.0.md index b5bc70310d..8226b0f9ef 100644 --- a/src/content/changes/management-api/apiextensions/v3.4.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#340---2020-10-26 diff --git a/src/content/changes/management-api/apiextensions/v3.4.1.md b/src/content/changes/platform-api/apiextensions/v3.4.1.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.4.1.md rename to src/content/changes/platform-api/apiextensions/v3.4.1.md index 637af9b877..c2bbf03dbe 100644 --- a/src/content/changes/management-api/apiextensions/v3.4.1.md +++ b/src/content/changes/platform-api/apiextensions/v3.4.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#341---2020-10-29 diff --git a/src/content/changes/management-api/apiextensions/v3.40.0.md b/src/content/changes/platform-api/apiextensions/v3.40.0.md similarity index 98% rename from src/content/changes/management-api/apiextensions/v3.40.0.md rename to src/content/changes/platform-api/apiextensions/v3.40.0.md index b17946e61a..6292b3d18c 100644 --- a/src/content/changes/management-api/apiextensions/v3.40.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.40.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#3400---2022-01-21 diff --git a/src/content/changes/management-api/apiextensions/v3.5.0.md b/src/content/changes/platform-api/apiextensions/v3.5.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.5.0.md rename to src/content/changes/platform-api/apiextensions/v3.5.0.md index eaa15b52e4..572999d5fb 100644 --- a/src/content/changes/management-api/apiextensions/v3.5.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#350---2020-11-03 diff --git a/src/content/changes/management-api/apiextensions/v3.6.0.md b/src/content/changes/platform-api/apiextensions/v3.6.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.6.0.md rename to src/content/changes/platform-api/apiextensions/v3.6.0.md index 22fd4ce7c0..adcdf32e0e 100644 --- a/src/content/changes/management-api/apiextensions/v3.6.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#360---2020-11-03 diff --git a/src/content/changes/management-api/apiextensions/v3.7.0.md b/src/content/changes/platform-api/apiextensions/v3.7.0.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v3.7.0.md rename to src/content/changes/platform-api/apiextensions/v3.7.0.md index 6d596735f1..e8fc103f58 100644 --- a/src/content/changes/management-api/apiextensions/v3.7.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.7.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#370---2020-11-04 diff --git a/src/content/changes/management-api/apiextensions/v3.8.0.md b/src/content/changes/platform-api/apiextensions/v3.8.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.8.0.md rename to src/content/changes/platform-api/apiextensions/v3.8.0.md index 0cbddc7660..f590dfdc24 100644 --- a/src/content/changes/management-api/apiextensions/v3.8.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.8.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#380---2020-11-13 diff --git a/src/content/changes/management-api/apiextensions/v3.9.0.md b/src/content/changes/platform-api/apiextensions/v3.9.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v3.9.0.md rename to src/content/changes/platform-api/apiextensions/v3.9.0.md index ff692ce8b5..29dd7a9668 100644 --- a/src/content/changes/management-api/apiextensions/v3.9.0.md +++ b/src/content/changes/platform-api/apiextensions/v3.9.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#390---2020-11-24 diff --git a/src/content/changes/management-api/apiextensions/v4.0.0.md b/src/content/changes/platform-api/apiextensions/v4.0.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v4.0.0.md rename to src/content/changes/platform-api/apiextensions/v4.0.0.md index 16681ed3a3..7319a7f54c 100644 --- a/src/content/changes/management-api/apiextensions/v4.0.0.md +++ b/src/content/changes/platform-api/apiextensions/v4.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#400---2022-01-25 diff --git a/src/content/changes/management-api/apiextensions/v4.0.1.md b/src/content/changes/platform-api/apiextensions/v4.0.1.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v4.0.1.md rename to src/content/changes/platform-api/apiextensions/v4.0.1.md index 41f218cb0d..3cc4d11a40 100644 --- a/src/content/changes/management-api/apiextensions/v4.0.1.md +++ b/src/content/changes/platform-api/apiextensions/v4.0.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#401---2022-01-31 diff --git a/src/content/changes/management-api/apiextensions/v5.0.0.md b/src/content/changes/platform-api/apiextensions/v5.0.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v5.0.0.md rename to src/content/changes/platform-api/apiextensions/v5.0.0.md index 292723f88f..d80f7a9f47 100644 --- a/src/content/changes/management-api/apiextensions/v5.0.0.md +++ b/src/content/changes/platform-api/apiextensions/v5.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#500---2022-02-07 diff --git a/src/content/changes/management-api/apiextensions/v5.0.1.md b/src/content/changes/platform-api/apiextensions/v5.0.1.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v5.0.1.md rename to src/content/changes/platform-api/apiextensions/v5.0.1.md index 44a7fbb104..fd16be1cc0 100644 --- a/src/content/changes/management-api/apiextensions/v5.0.1.md +++ b/src/content/changes/platform-api/apiextensions/v5.0.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#501---2022-02-10 diff --git a/src/content/changes/management-api/apiextensions/v5.1.0.md b/src/content/changes/platform-api/apiextensions/v5.1.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v5.1.0.md rename to src/content/changes/platform-api/apiextensions/v5.1.0.md index 3dd0e7f194..1c3f64f487 100644 --- a/src/content/changes/management-api/apiextensions/v5.1.0.md +++ b/src/content/changes/platform-api/apiextensions/v5.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#510---2022-02-11 diff --git a/src/content/changes/management-api/apiextensions/v5.2.0.md b/src/content/changes/platform-api/apiextensions/v5.2.0.md similarity index 98% rename from src/content/changes/management-api/apiextensions/v5.2.0.md rename to src/content/changes/platform-api/apiextensions/v5.2.0.md index faebab7967..6202258f9b 100644 --- a/src/content/changes/management-api/apiextensions/v5.2.0.md +++ b/src/content/changes/platform-api/apiextensions/v5.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#520---2022-03-21 diff --git a/src/content/changes/management-api/apiextensions/v6.0.0.md b/src/content/changes/platform-api/apiextensions/v6.0.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v6.0.0.md rename to src/content/changes/platform-api/apiextensions/v6.0.0.md index b42343c5b1..df3d22b0e2 100644 --- a/src/content/changes/management-api/apiextensions/v6.0.0.md +++ b/src/content/changes/platform-api/apiextensions/v6.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#600---2022-03-23 diff --git a/src/content/changes/management-api/apiextensions/v6.1.0.md b/src/content/changes/platform-api/apiextensions/v6.1.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v6.1.0.md rename to src/content/changes/platform-api/apiextensions/v6.1.0.md index a8b64e9f16..c4ce5ab336 100644 --- a/src/content/changes/management-api/apiextensions/v6.1.0.md +++ b/src/content/changes/platform-api/apiextensions/v6.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#610---2022-06-14 diff --git a/src/content/changes/management-api/apiextensions/v6.2.0.md b/src/content/changes/platform-api/apiextensions/v6.2.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v6.2.0.md rename to src/content/changes/platform-api/apiextensions/v6.2.0.md index 96bffb0e04..5afa42d2d9 100644 --- a/src/content/changes/management-api/apiextensions/v6.2.0.md +++ b/src/content/changes/platform-api/apiextensions/v6.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#620---2022-06-15 diff --git a/src/content/changes/management-api/apiextensions/v6.3.0.md b/src/content/changes/platform-api/apiextensions/v6.3.0.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v6.3.0.md rename to src/content/changes/platform-api/apiextensions/v6.3.0.md index e2a10cfba4..24e43fd1a1 100644 --- a/src/content/changes/management-api/apiextensions/v6.3.0.md +++ b/src/content/changes/platform-api/apiextensions/v6.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#630---2022-07-01 diff --git a/src/content/changes/management-api/apiextensions/v6.3.1.md b/src/content/changes/platform-api/apiextensions/v6.3.1.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v6.3.1.md rename to src/content/changes/platform-api/apiextensions/v6.3.1.md index 4065461ab8..b09d40b929 100644 --- a/src/content/changes/management-api/apiextensions/v6.3.1.md +++ b/src/content/changes/platform-api/apiextensions/v6.3.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#631---2022-07-07 diff --git a/src/content/changes/management-api/apiextensions/v6.4.0.md b/src/content/changes/platform-api/apiextensions/v6.4.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v6.4.0.md rename to src/content/changes/platform-api/apiextensions/v6.4.0.md index d773706416..3078ead1a2 100644 --- a/src/content/changes/management-api/apiextensions/v6.4.0.md +++ b/src/content/changes/platform-api/apiextensions/v6.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#640---2022-08-02 diff --git a/src/content/changes/management-api/apiextensions/v6.4.1.md b/src/content/changes/platform-api/apiextensions/v6.4.1.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v6.4.1.md rename to src/content/changes/platform-api/apiextensions/v6.4.1.md index f06a79b751..05745f4484 100644 --- a/src/content/changes/management-api/apiextensions/v6.4.1.md +++ b/src/content/changes/platform-api/apiextensions/v6.4.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#641---2022-09-23 diff --git a/src/content/changes/management-api/apiextensions/v6.5.0.md b/src/content/changes/platform-api/apiextensions/v6.5.0.md similarity index 96% rename from src/content/changes/management-api/apiextensions/v6.5.0.md rename to src/content/changes/platform-api/apiextensions/v6.5.0.md index 4f638a6429..9bef3d6265 100644 --- a/src/content/changes/management-api/apiextensions/v6.5.0.md +++ b/src/content/changes/platform-api/apiextensions/v6.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#650---2023-02-01 diff --git a/src/content/changes/management-api/apiextensions/v6.6.0.md b/src/content/changes/platform-api/apiextensions/v6.6.0.md similarity index 97% rename from src/content/changes/management-api/apiextensions/v6.6.0.md rename to src/content/changes/platform-api/apiextensions/v6.6.0.md index 56130e77b1..0a186bcb78 100644 --- a/src/content/changes/management-api/apiextensions/v6.6.0.md +++ b/src/content/changes/platform-api/apiextensions/v6.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/apiextensions url: https://github.com/giantswarm/apiextensions/blob/master/CHANGELOG.md#660---2023-06-01 diff --git a/src/content/changes/management-api/aws-admission-controller/v0.0.1.md b/src/content/changes/platform-api/aws-admission-controller/v0.0.1.md similarity index 96% rename from src/content/changes/management-api/aws-admission-controller/v0.0.1.md rename to src/content/changes/platform-api/aws-admission-controller/v0.0.1.md index ad478fc546..29f2cf1f13 100644 --- a/src/content/changes/management-api/aws-admission-controller/v0.0.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v0.0.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/releases/tag/v0.0.1 diff --git a/src/content/changes/management-api/aws-admission-controller/v1.0.0.md b/src/content/changes/platform-api/aws-admission-controller/v1.0.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v1.0.0.md rename to src/content/changes/platform-api/aws-admission-controller/v1.0.0.md index 0606e2522d..a9ebfb3706 100644 --- a/src/content/changes/management-api/aws-admission-controller/v1.0.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v1.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#100---2020-06-15 diff --git a/src/content/changes/management-api/aws-admission-controller/v1.1.0.md b/src/content/changes/platform-api/aws-admission-controller/v1.1.0.md similarity index 98% rename from src/content/changes/management-api/aws-admission-controller/v1.1.0.md rename to src/content/changes/platform-api/aws-admission-controller/v1.1.0.md index 5ded8af480..3dbe5b4d4a 100644 --- a/src/content/changes/management-api/aws-admission-controller/v1.1.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v1.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#110---2020-07-16 diff --git a/src/content/changes/management-api/aws-admission-controller/v1.2.0.md b/src/content/changes/platform-api/aws-admission-controller/v1.2.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v1.2.0.md rename to src/content/changes/platform-api/aws-admission-controller/v1.2.0.md index 9c66fef64c..a27010c8fa 100644 --- a/src/content/changes/management-api/aws-admission-controller/v1.2.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v1.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#120---2020-07-20 diff --git a/src/content/changes/management-api/aws-admission-controller/v1.3.0.md b/src/content/changes/platform-api/aws-admission-controller/v1.3.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v1.3.0.md rename to src/content/changes/platform-api/aws-admission-controller/v1.3.0.md index 1f0542a323..8c98d2e57f 100644 --- a/src/content/changes/management-api/aws-admission-controller/v1.3.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v1.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#130---2020-07-23 diff --git a/src/content/changes/management-api/aws-admission-controller/v1.4.0.md b/src/content/changes/platform-api/aws-admission-controller/v1.4.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v1.4.0.md rename to src/content/changes/platform-api/aws-admission-controller/v1.4.0.md index ea9dd710ca..b28fbebb56 100644 --- a/src/content/changes/management-api/aws-admission-controller/v1.4.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v1.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#140---2020-08-10 diff --git a/src/content/changes/management-api/aws-admission-controller/v1.5.0.md b/src/content/changes/platform-api/aws-admission-controller/v1.5.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v1.5.0.md rename to src/content/changes/platform-api/aws-admission-controller/v1.5.0.md index b1c450b5e7..4938027075 100644 --- a/src/content/changes/management-api/aws-admission-controller/v1.5.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v1.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#150---2020-08-14 diff --git a/src/content/changes/management-api/aws-admission-controller/v1.5.1.md b/src/content/changes/platform-api/aws-admission-controller/v1.5.1.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v1.5.1.md rename to src/content/changes/platform-api/aws-admission-controller/v1.5.1.md index c083d3de37..e74565a244 100644 --- a/src/content/changes/management-api/aws-admission-controller/v1.5.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v1.5.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#151---2020-08-18 diff --git a/src/content/changes/management-api/aws-admission-controller/v1.5.2.md b/src/content/changes/platform-api/aws-admission-controller/v1.5.2.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v1.5.2.md rename to src/content/changes/platform-api/aws-admission-controller/v1.5.2.md index e74064b762..c4b58f6a00 100644 --- a/src/content/changes/management-api/aws-admission-controller/v1.5.2.md +++ b/src/content/changes/platform-api/aws-admission-controller/v1.5.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#152---2020-08-18 diff --git a/src/content/changes/management-api/aws-admission-controller/v1.6.0.md b/src/content/changes/platform-api/aws-admission-controller/v1.6.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v1.6.0.md rename to src/content/changes/platform-api/aws-admission-controller/v1.6.0.md index 1922ff7cc6..8566cc384f 100644 --- a/src/content/changes/management-api/aws-admission-controller/v1.6.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v1.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#160---2020-08-21 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.0.0.md b/src/content/changes/platform-api/aws-admission-controller/v2.0.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.0.0.md rename to src/content/changes/platform-api/aws-admission-controller/v2.0.0.md index c1aa3ae7ca..17e5c1ed72 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.0.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#200---2020-08-27 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.0.1.md b/src/content/changes/platform-api/aws-admission-controller/v2.0.1.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.0.1.md rename to src/content/changes/platform-api/aws-admission-controller/v2.0.1.md index 0617eca13e..8fd3080b5d 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.0.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.0.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#201---2020-09-02 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.1.0.md b/src/content/changes/platform-api/aws-admission-controller/v2.1.0.md similarity index 98% rename from src/content/changes/management-api/aws-admission-controller/v2.1.0.md rename to src/content/changes/platform-api/aws-admission-controller/v2.1.0.md index 38b2d458a8..f410c745c7 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.1.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#210---2020-10-29 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.10.0.md b/src/content/changes/platform-api/aws-admission-controller/v2.10.0.md similarity index 98% rename from src/content/changes/management-api/aws-admission-controller/v2.10.0.md rename to src/content/changes/platform-api/aws-admission-controller/v2.10.0.md index 427b2e92eb..751dbf36ca 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.10.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.10.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#2100---2021-04-06 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.11.0.md b/src/content/changes/platform-api/aws-admission-controller/v2.11.0.md similarity index 98% rename from src/content/changes/management-api/aws-admission-controller/v2.11.0.md rename to src/content/changes/platform-api/aws-admission-controller/v2.11.0.md index 2e32df177e..80b0371228 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.11.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.11.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#2110---2021-05-31 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.12.0.md b/src/content/changes/platform-api/aws-admission-controller/v2.12.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.12.0.md rename to src/content/changes/platform-api/aws-admission-controller/v2.12.0.md index 6daeb922f3..f6c40b1d67 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.12.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.12.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#2120---2021-07-23 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.2.0.md b/src/content/changes/platform-api/aws-admission-controller/v2.2.0.md similarity index 98% rename from src/content/changes/management-api/aws-admission-controller/v2.2.0.md rename to src/content/changes/platform-api/aws-admission-controller/v2.2.0.md index 65c00cb6d3..3b649e3fbb 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.2.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#220---2020-11-04 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.2.1.md b/src/content/changes/platform-api/aws-admission-controller/v2.2.1.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.2.1.md rename to src/content/changes/platform-api/aws-admission-controller/v2.2.1.md index 1aef31647a..16cefe7865 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.2.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.2.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#221---2020-11-05 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.2.2.md b/src/content/changes/platform-api/aws-admission-controller/v2.2.2.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.2.2.md rename to src/content/changes/platform-api/aws-admission-controller/v2.2.2.md index 4df2ac033b..19277a4cf5 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.2.2.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.2.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#222---2020-11-10 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.2.3.md b/src/content/changes/platform-api/aws-admission-controller/v2.2.3.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.2.3.md rename to src/content/changes/platform-api/aws-admission-controller/v2.2.3.md index 5f394ef7b3..4189b14085 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.2.3.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.2.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#223---2020-11-18 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.3.3.md b/src/content/changes/platform-api/aws-admission-controller/v2.3.3.md similarity index 98% rename from src/content/changes/management-api/aws-admission-controller/v2.3.3.md rename to src/content/changes/platform-api/aws-admission-controller/v2.3.3.md index a6ad65aa94..cf2cd0ce1c 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.3.3.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.3.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#233---2020-11-19 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.4.0.md b/src/content/changes/platform-api/aws-admission-controller/v2.4.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.4.0.md rename to src/content/changes/platform-api/aws-admission-controller/v2.4.0.md index 27f44124cc..95e539c074 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.4.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#240---2020-11-24 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.4.1.md b/src/content/changes/platform-api/aws-admission-controller/v2.4.1.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.4.1.md rename to src/content/changes/platform-api/aws-admission-controller/v2.4.1.md index 26dd6af5dc..c80e53e829 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.4.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.4.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#241---2020-11-24 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.5.0.md b/src/content/changes/platform-api/aws-admission-controller/v2.5.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.5.0.md rename to src/content/changes/platform-api/aws-admission-controller/v2.5.0.md index 539cacb1e3..54907d1588 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.5.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#250---2020-12-01 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.6.0.md b/src/content/changes/platform-api/aws-admission-controller/v2.6.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.6.0.md rename to src/content/changes/platform-api/aws-admission-controller/v2.6.0.md index 0e1cbed6ad..a09e6ff283 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.6.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#260---2020-12-07 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.7.0.md b/src/content/changes/platform-api/aws-admission-controller/v2.7.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.7.0.md rename to src/content/changes/platform-api/aws-admission-controller/v2.7.0.md index 5c9386037b..1a2fd2a50f 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.7.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.7.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#270---2021-01-19 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.8.0.md b/src/content/changes/platform-api/aws-admission-controller/v2.8.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.8.0.md rename to src/content/changes/platform-api/aws-admission-controller/v2.8.0.md index 474032c4bf..99cfe7a113 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.8.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.8.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#280---2021-01-21 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.9.0.md b/src/content/changes/platform-api/aws-admission-controller/v2.9.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.9.0.md rename to src/content/changes/platform-api/aws-admission-controller/v2.9.0.md index 1f170de43a..8728816e87 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.9.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.9.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#290---2021-02-01 diff --git a/src/content/changes/management-api/aws-admission-controller/v2.9.1.md b/src/content/changes/platform-api/aws-admission-controller/v2.9.1.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v2.9.1.md rename to src/content/changes/platform-api/aws-admission-controller/v2.9.1.md index 2f209debf9..abe81dc9f5 100644 --- a/src/content/changes/management-api/aws-admission-controller/v2.9.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v2.9.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#291---2021-02-03 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.0.0.md b/src/content/changes/platform-api/aws-admission-controller/v3.0.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v3.0.0.md rename to src/content/changes/platform-api/aws-admission-controller/v3.0.0.md index f7cb9281c6..a3855b22e2 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.0.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#300---2021-08-03 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.1.0.md b/src/content/changes/platform-api/aws-admission-controller/v3.1.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v3.1.0.md rename to src/content/changes/platform-api/aws-admission-controller/v3.1.0.md index da3d8f3b07..ae814a1846 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.1.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#310---2021-08-06 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.2.0.md b/src/content/changes/platform-api/aws-admission-controller/v3.2.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v3.2.0.md rename to src/content/changes/platform-api/aws-admission-controller/v3.2.0.md index 50d4d936a2..55ae4408f7 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.2.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#320---2021-08-10 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.2.1.md b/src/content/changes/platform-api/aws-admission-controller/v3.2.1.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v3.2.1.md rename to src/content/changes/platform-api/aws-admission-controller/v3.2.1.md index 892f4eda4f..3d77b19430 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.2.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.2.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#321---2021-08-12 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.3.0.md b/src/content/changes/platform-api/aws-admission-controller/v3.3.0.md similarity index 98% rename from src/content/changes/management-api/aws-admission-controller/v3.3.0.md rename to src/content/changes/platform-api/aws-admission-controller/v3.3.0.md index fd9134e9b4..8e5e6cc3c0 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.3.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#330---2021-09-10 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.4.0.md b/src/content/changes/platform-api/aws-admission-controller/v3.4.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v3.4.0.md rename to src/content/changes/platform-api/aws-admission-controller/v3.4.0.md index bcdf28a136..0e2c9102ca 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.4.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#340---2021-09-28 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.5.0.md b/src/content/changes/platform-api/aws-admission-controller/v3.5.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v3.5.0.md rename to src/content/changes/platform-api/aws-admission-controller/v3.5.0.md index 7c8b427f6f..3f44cb9cc5 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.5.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#350---2021-11-09 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.5.1.md b/src/content/changes/platform-api/aws-admission-controller/v3.5.1.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v3.5.1.md rename to src/content/changes/platform-api/aws-admission-controller/v3.5.1.md index 996499b812..d2248ae74d 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.5.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.5.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#351---2021-11-12 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.6.0.md b/src/content/changes/platform-api/aws-admission-controller/v3.6.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v3.6.0.md rename to src/content/changes/platform-api/aws-admission-controller/v3.6.0.md index 1c74f39636..7dce72bcd8 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.6.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#360---2021-11-26 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.6.1.md b/src/content/changes/platform-api/aws-admission-controller/v3.6.1.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v3.6.1.md rename to src/content/changes/platform-api/aws-admission-controller/v3.6.1.md index bacbb1af32..439d5e50ae 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.6.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.6.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#361---2021-11-29 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.6.2.md b/src/content/changes/platform-api/aws-admission-controller/v3.6.2.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v3.6.2.md rename to src/content/changes/platform-api/aws-admission-controller/v3.6.2.md index c797742721..6e2fc9d384 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.6.2.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.6.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#362---2021-12-01 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.6.3.md b/src/content/changes/platform-api/aws-admission-controller/v3.6.3.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v3.6.3.md rename to src/content/changes/platform-api/aws-admission-controller/v3.6.3.md index f2c809af9d..7ea647c1bd 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.6.3.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.6.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#363---2021-12-17 diff --git a/src/content/changes/management-api/aws-admission-controller/v3.7.0.md b/src/content/changes/platform-api/aws-admission-controller/v3.7.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v3.7.0.md rename to src/content/changes/platform-api/aws-admission-controller/v3.7.0.md index d705bd299c..386e70d70d 100644 --- a/src/content/changes/management-api/aws-admission-controller/v3.7.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v3.7.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#370---2022-03-21 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.0.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.0.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.0.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.0.0.md index 9b5a011206..5973be8a3b 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.0.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#400---2022-03-30 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.0.1.md b/src/content/changes/platform-api/aws-admission-controller/v4.0.1.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.0.1.md rename to src/content/changes/platform-api/aws-admission-controller/v4.0.1.md index eeeaf087d8..8cfd5dc717 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.0.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.0.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#401---2022-04-01 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.0.2.md b/src/content/changes/platform-api/aws-admission-controller/v4.0.2.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.0.2.md rename to src/content/changes/platform-api/aws-admission-controller/v4.0.2.md index 3d8851c79d..e9538fd9c8 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.0.2.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.0.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#402---2022-04-04 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.0.3.md b/src/content/changes/platform-api/aws-admission-controller/v4.0.3.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.0.3.md rename to src/content/changes/platform-api/aws-admission-controller/v4.0.3.md index d8f9ef7c74..4a692edd33 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.0.3.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.0.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#403---2022-06-15 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.1.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.1.0.md similarity index 96% rename from src/content/changes/management-api/aws-admission-controller/v4.1.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.1.0.md index a9b67d3282..8c78ed6a3a 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.1.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#410---2022-07-22 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.10.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.10.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.10.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.10.0.md index 8fabb00dfd..f3c339c2fe 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.10.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.10.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#4100---2023-07-13 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.11.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.11.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.11.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.11.0.md index 60e61e38ec..58457ca353 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.11.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.11.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#4110---2023-07-14 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.12.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.12.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.12.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.12.0.md index 6175a33cac..107ee087ac 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.12.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.12.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#4120---2023-08-23 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.13.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.13.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.13.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.13.0.md index 0ac788fe39..4ca692cfa4 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.13.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.13.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#4130---2024-03-26 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.13.1.md b/src/content/changes/platform-api/aws-admission-controller/v4.13.1.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.13.1.md rename to src/content/changes/platform-api/aws-admission-controller/v4.13.1.md index a9cc83d1d5..199195e3ea 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.13.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.13.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#4131---2024-05-07 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.14.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.14.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.14.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.14.0.md index 62d06561ef..ef791b2a8f 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.14.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.14.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#4140---2024-05-16 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.2.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.2.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.2.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.2.0.md index 2186a5733f..e75b956a3d 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.2.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#420---2022-08-04 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.3.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.3.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.3.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.3.0.md index 2220661d9b..6683092b3a 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.3.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#430---2022-08-09 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.4.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.4.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.4.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.4.0.md index f427a3621b..8814528816 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.4.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#440---2022-08-24 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.5.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.5.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.5.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.5.0.md index 9d9447a1e3..403e15b6bc 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.5.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#450---2022-09-21 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.6.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.6.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.6.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.6.0.md index dd6da6e0b1..6d552ad4f6 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.6.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#460---2022-10-10 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.7.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.7.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.7.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.7.0.md index 83b6c97356..38ecc79134 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.7.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.7.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#470---2023-01-04 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.8.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.8.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.8.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.8.0.md index 2a30e81fde..a57daec1b9 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.8.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.8.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#480---2023-04-18 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.8.1.md b/src/content/changes/platform-api/aws-admission-controller/v4.8.1.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.8.1.md rename to src/content/changes/platform-api/aws-admission-controller/v4.8.1.md index a707d4b057..eff695aa96 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.8.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.8.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#481---2023-06-07 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.9.0.md b/src/content/changes/platform-api/aws-admission-controller/v4.9.0.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.9.0.md rename to src/content/changes/platform-api/aws-admission-controller/v4.9.0.md index fcb407a234..182cb46d5e 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.9.0.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.9.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#490---2023-06-28 diff --git a/src/content/changes/management-api/aws-admission-controller/v4.9.1.md b/src/content/changes/platform-api/aws-admission-controller/v4.9.1.md similarity index 97% rename from src/content/changes/management-api/aws-admission-controller/v4.9.1.md rename to src/content/changes/platform-api/aws-admission-controller/v4.9.1.md index c80ad45f73..1aca9045b0 100644 --- a/src/content/changes/management-api/aws-admission-controller/v4.9.1.md +++ b/src/content/changes/platform-api/aws-admission-controller/v4.9.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/aws-admission-controller url: https://github.com/giantswarm/aws-admission-controller/blob/master/CHANGELOG.md#491---2023-06-28 diff --git a/src/content/changes/management-api/azure-admission-controller/v0.15.0.md b/src/content/changes/platform-api/azure-admission-controller/v0.15.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v0.15.0.md rename to src/content/changes/platform-api/azure-admission-controller/v0.15.0.md index 8cbe3e5bcf..685a41a7f8 100644 --- a/src/content/changes/management-api/azure-admission-controller/v0.15.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v0.15.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#0150---2020-12-10 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.10.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.10.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.10.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.10.0.md index 09f7f6767c..3bbdc586c9 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.10.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.10.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#1100---2020-10-23 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.11.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.11.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.11.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.11.0.md index 080f869aba..3ac3bc6663 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.11.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.11.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#1110---2020-10-23 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.12.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.12.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.12.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.12.0.md index 3d20a49c11..bc8a1cbcb3 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.12.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.12.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#1120---2020-10-27 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.13.2.md b/src/content/changes/platform-api/azure-admission-controller/v1.13.2.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.13.2.md rename to src/content/changes/platform-api/azure-admission-controller/v1.13.2.md index 0e7dcea43d..e29bd3bdda 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.13.2.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.13.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#1132---2020-11-13 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.13.3.md b/src/content/changes/platform-api/azure-admission-controller/v1.13.3.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.13.3.md rename to src/content/changes/platform-api/azure-admission-controller/v1.13.3.md index 20af66ef1d..e4654741c4 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.13.3.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.13.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#1133---2020-11-17 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.14.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.14.0.md similarity index 98% rename from src/content/changes/management-api/azure-admission-controller/v1.14.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.14.0.md index 716973a690..865187e3ad 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.14.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.14.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#1140---2020-12-04 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.16.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.16.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.16.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.16.0.md index f318e9b32c..619a564de6 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.16.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.16.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#1160---2020-12-15 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.17.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.17.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.17.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.17.0.md index d86120c93f..2e6e3a51ee 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.17.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.17.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#1170---2021-01-14 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.18.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.18.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.18.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.18.0.md index fd40dcb38d..d81dbdffdf 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.18.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.18.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#1180---2021-01-15 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.4.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.4.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.4.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.4.0.md index 4545ecfb6e..e948678832 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.4.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#140---2020-08-05 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.5.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.5.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.5.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.5.0.md index 5178c1fa54..e6ccbfe3bf 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.5.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#150---2020-08-19 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.6.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.6.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.6.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.6.0.md index 56d93be657..f29ee381e8 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.6.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#160---2020-10-07 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.6.1.md b/src/content/changes/platform-api/azure-admission-controller/v1.6.1.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.6.1.md rename to src/content/changes/platform-api/azure-admission-controller/v1.6.1.md index fb4083a888..8584298952 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.6.1.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.6.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#161---2020-10-07 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.6.2.md b/src/content/changes/platform-api/azure-admission-controller/v1.6.2.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.6.2.md rename to src/content/changes/platform-api/azure-admission-controller/v1.6.2.md index 8ec6bf908d..4b70955dd0 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.6.2.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.6.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#162---2020-10-07 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.7.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.7.0.md similarity index 98% rename from src/content/changes/management-api/azure-admission-controller/v1.7.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.7.0.md index 8f65e158d8..c0f70fdf62 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.7.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.7.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#170---2020-10-16 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.8.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.8.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.8.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.8.0.md index 947e427158..d9ca045ead 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.8.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.8.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#180---2020-10-20 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.9.0.md b/src/content/changes/platform-api/azure-admission-controller/v1.9.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.9.0.md rename to src/content/changes/platform-api/azure-admission-controller/v1.9.0.md index 7dd87e34fb..e6c48f7594 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.9.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.9.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#190---2020-10-21 diff --git a/src/content/changes/management-api/azure-admission-controller/v1.9.1.md b/src/content/changes/platform-api/azure-admission-controller/v1.9.1.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v1.9.1.md rename to src/content/changes/platform-api/azure-admission-controller/v1.9.1.md index 30fc5368c5..26ada12064 100644 --- a/src/content/changes/management-api/azure-admission-controller/v1.9.1.md +++ b/src/content/changes/platform-api/azure-admission-controller/v1.9.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#191---2020-10-21 diff --git a/src/content/changes/management-api/azure-admission-controller/v2.0.0.md b/src/content/changes/platform-api/azure-admission-controller/v2.0.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v2.0.0.md rename to src/content/changes/platform-api/azure-admission-controller/v2.0.0.md index 8a9078f48e..6fb902c541 100644 --- a/src/content/changes/management-api/azure-admission-controller/v2.0.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v2.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#200---2021-01-20 diff --git a/src/content/changes/management-api/azure-admission-controller/v2.0.1.md b/src/content/changes/platform-api/azure-admission-controller/v2.0.1.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v2.0.1.md rename to src/content/changes/platform-api/azure-admission-controller/v2.0.1.md index de13c0095e..4a426dd057 100644 --- a/src/content/changes/management-api/azure-admission-controller/v2.0.1.md +++ b/src/content/changes/platform-api/azure-admission-controller/v2.0.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#201---2021-01-27 diff --git a/src/content/changes/management-api/azure-admission-controller/v2.1.0.md b/src/content/changes/platform-api/azure-admission-controller/v2.1.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v2.1.0.md rename to src/content/changes/platform-api/azure-admission-controller/v2.1.0.md index cd0c433f8d..5e83f5c5e1 100644 --- a/src/content/changes/management-api/azure-admission-controller/v2.1.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v2.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#210---2021-02-03 diff --git a/src/content/changes/management-api/azure-admission-controller/v2.2.0.md b/src/content/changes/platform-api/azure-admission-controller/v2.2.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v2.2.0.md rename to src/content/changes/platform-api/azure-admission-controller/v2.2.0.md index 6ad2606382..80eddc5f09 100644 --- a/src/content/changes/management-api/azure-admission-controller/v2.2.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v2.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#220---2021-02-05 diff --git a/src/content/changes/management-api/azure-admission-controller/v2.3.0.md b/src/content/changes/platform-api/azure-admission-controller/v2.3.0.md similarity index 98% rename from src/content/changes/management-api/azure-admission-controller/v2.3.0.md rename to src/content/changes/platform-api/azure-admission-controller/v2.3.0.md index 47bd00cf9b..c24359a02d 100644 --- a/src/content/changes/management-api/azure-admission-controller/v2.3.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v2.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#230---2021-02-23 diff --git a/src/content/changes/management-api/azure-admission-controller/v2.3.1.md b/src/content/changes/platform-api/azure-admission-controller/v2.3.1.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v2.3.1.md rename to src/content/changes/platform-api/azure-admission-controller/v2.3.1.md index d57275b45b..219b42fe2c 100644 --- a/src/content/changes/management-api/azure-admission-controller/v2.3.1.md +++ b/src/content/changes/platform-api/azure-admission-controller/v2.3.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#231---2021-02-23 diff --git a/src/content/changes/management-api/azure-admission-controller/v2.3.2.md b/src/content/changes/platform-api/azure-admission-controller/v2.3.2.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v2.3.2.md rename to src/content/changes/platform-api/azure-admission-controller/v2.3.2.md index d4da8ebaf7..68a5a56cac 100644 --- a/src/content/changes/management-api/azure-admission-controller/v2.3.2.md +++ b/src/content/changes/platform-api/azure-admission-controller/v2.3.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#232---2021-02-23 diff --git a/src/content/changes/management-api/azure-admission-controller/v2.4.0.md b/src/content/changes/platform-api/azure-admission-controller/v2.4.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v2.4.0.md rename to src/content/changes/platform-api/azure-admission-controller/v2.4.0.md index 76fd175c1a..aa19bd3e0b 100644 --- a/src/content/changes/management-api/azure-admission-controller/v2.4.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v2.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#240---2021-05-10 diff --git a/src/content/changes/management-api/azure-admission-controller/v2.4.1.md b/src/content/changes/platform-api/azure-admission-controller/v2.4.1.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v2.4.1.md rename to src/content/changes/platform-api/azure-admission-controller/v2.4.1.md index e566c21c9b..f33e0e9880 100644 --- a/src/content/changes/management-api/azure-admission-controller/v2.4.1.md +++ b/src/content/changes/platform-api/azure-admission-controller/v2.4.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#241---2021-05-14 diff --git a/src/content/changes/management-api/azure-admission-controller/v2.5.0.md b/src/content/changes/platform-api/azure-admission-controller/v2.5.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v2.5.0.md rename to src/content/changes/platform-api/azure-admission-controller/v2.5.0.md index 3448cb0ce2..8d64212a46 100644 --- a/src/content/changes/management-api/azure-admission-controller/v2.5.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v2.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#250---2021-05-19 diff --git a/src/content/changes/management-api/azure-admission-controller/v2.6.0.md b/src/content/changes/platform-api/azure-admission-controller/v2.6.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v2.6.0.md rename to src/content/changes/platform-api/azure-admission-controller/v2.6.0.md index 13b359f8cb..740c30d5da 100644 --- a/src/content/changes/management-api/azure-admission-controller/v2.6.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v2.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#260---2021-05-19 diff --git a/src/content/changes/management-api/azure-admission-controller/v2.7.0.md b/src/content/changes/platform-api/azure-admission-controller/v2.7.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v2.7.0.md rename to src/content/changes/platform-api/azure-admission-controller/v2.7.0.md index 67507bfaef..4fb9100d96 100644 --- a/src/content/changes/management-api/azure-admission-controller/v2.7.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v2.7.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#270---2021-05-19 diff --git a/src/content/changes/management-api/azure-admission-controller/v3.0.0.md b/src/content/changes/platform-api/azure-admission-controller/v3.0.0.md similarity index 99% rename from src/content/changes/management-api/azure-admission-controller/v3.0.0.md rename to src/content/changes/platform-api/azure-admission-controller/v3.0.0.md index ab15112a86..61f0cf633f 100644 --- a/src/content/changes/management-api/azure-admission-controller/v3.0.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v3.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#300---2021-08-03 diff --git a/src/content/changes/management-api/azure-admission-controller/v3.0.1.md b/src/content/changes/platform-api/azure-admission-controller/v3.0.1.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v3.0.1.md rename to src/content/changes/platform-api/azure-admission-controller/v3.0.1.md index e1a8a8828c..993676391e 100644 --- a/src/content/changes/management-api/azure-admission-controller/v3.0.1.md +++ b/src/content/changes/platform-api/azure-admission-controller/v3.0.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#301---2021-08-06 diff --git a/src/content/changes/management-api/azure-admission-controller/v3.1.0.md b/src/content/changes/platform-api/azure-admission-controller/v3.1.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v3.1.0.md rename to src/content/changes/platform-api/azure-admission-controller/v3.1.0.md index a919fa783f..963be57f33 100644 --- a/src/content/changes/management-api/azure-admission-controller/v3.1.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v3.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#310---2021-08-24 diff --git a/src/content/changes/management-api/azure-admission-controller/v3.2.0.md b/src/content/changes/platform-api/azure-admission-controller/v3.2.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v3.2.0.md rename to src/content/changes/platform-api/azure-admission-controller/v3.2.0.md index b971905255..7506a0103d 100644 --- a/src/content/changes/management-api/azure-admission-controller/v3.2.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v3.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#320---2021-10-04 diff --git a/src/content/changes/management-api/azure-admission-controller/v3.3.0.md b/src/content/changes/platform-api/azure-admission-controller/v3.3.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v3.3.0.md rename to src/content/changes/platform-api/azure-admission-controller/v3.3.0.md index f3c081717f..41d66eebfd 100644 --- a/src/content/changes/management-api/azure-admission-controller/v3.3.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v3.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#330---2021-11-16 diff --git a/src/content/changes/management-api/azure-admission-controller/v3.4.0.md b/src/content/changes/platform-api/azure-admission-controller/v3.4.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v3.4.0.md rename to src/content/changes/platform-api/azure-admission-controller/v3.4.0.md index fe26051193..19e96cda2d 100644 --- a/src/content/changes/management-api/azure-admission-controller/v3.4.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v3.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#340---2021-11-25 diff --git a/src/content/changes/management-api/azure-admission-controller/v3.5.0.md b/src/content/changes/platform-api/azure-admission-controller/v3.5.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v3.5.0.md rename to src/content/changes/platform-api/azure-admission-controller/v3.5.0.md index adc1dfaf6a..7fdd93dbea 100644 --- a/src/content/changes/management-api/azure-admission-controller/v3.5.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v3.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#350---2021-11-26 diff --git a/src/content/changes/management-api/azure-admission-controller/v3.6.0.md b/src/content/changes/platform-api/azure-admission-controller/v3.6.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v3.6.0.md rename to src/content/changes/platform-api/azure-admission-controller/v3.6.0.md index 3bf56b4463..4c4b8818b6 100644 --- a/src/content/changes/management-api/azure-admission-controller/v3.6.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v3.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#360---2022-03-17 diff --git a/src/content/changes/management-api/azure-admission-controller/v3.7.0.md b/src/content/changes/platform-api/azure-admission-controller/v3.7.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v3.7.0.md rename to src/content/changes/platform-api/azure-admission-controller/v3.7.0.md index 327984489f..f77a1d8fed 100644 --- a/src/content/changes/management-api/azure-admission-controller/v3.7.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v3.7.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#370---2022-03-21 diff --git a/src/content/changes/management-api/azure-admission-controller/v4.0.0.md b/src/content/changes/platform-api/azure-admission-controller/v4.0.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v4.0.0.md rename to src/content/changes/platform-api/azure-admission-controller/v4.0.0.md index 64e70aac7a..3e0e01f72e 100644 --- a/src/content/changes/management-api/azure-admission-controller/v4.0.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v4.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#400---2022-03-31 diff --git a/src/content/changes/management-api/azure-admission-controller/v4.0.1.md b/src/content/changes/platform-api/azure-admission-controller/v4.0.1.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v4.0.1.md rename to src/content/changes/platform-api/azure-admission-controller/v4.0.1.md index 1d57116200..81d9d79a0a 100644 --- a/src/content/changes/management-api/azure-admission-controller/v4.0.1.md +++ b/src/content/changes/platform-api/azure-admission-controller/v4.0.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#401---2022-05-06 diff --git a/src/content/changes/management-api/azure-admission-controller/v4.1.0.md b/src/content/changes/platform-api/azure-admission-controller/v4.1.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v4.1.0.md rename to src/content/changes/platform-api/azure-admission-controller/v4.1.0.md index 6d2e471f69..66d050228a 100644 --- a/src/content/changes/management-api/azure-admission-controller/v4.1.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v4.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#410---2022-06-10 diff --git a/src/content/changes/management-api/azure-admission-controller/v4.2.0.md b/src/content/changes/platform-api/azure-admission-controller/v4.2.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v4.2.0.md rename to src/content/changes/platform-api/azure-admission-controller/v4.2.0.md index 355be78001..1077e245e1 100644 --- a/src/content/changes/management-api/azure-admission-controller/v4.2.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v4.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#420---2022-06-16 diff --git a/src/content/changes/management-api/azure-admission-controller/v4.2.1.md b/src/content/changes/platform-api/azure-admission-controller/v4.2.1.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v4.2.1.md rename to src/content/changes/platform-api/azure-admission-controller/v4.2.1.md index 10f99cbe37..479d9d8890 100644 --- a/src/content/changes/management-api/azure-admission-controller/v4.2.1.md +++ b/src/content/changes/platform-api/azure-admission-controller/v4.2.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#421---2022-06-23 diff --git a/src/content/changes/management-api/azure-admission-controller/v4.3.0.md b/src/content/changes/platform-api/azure-admission-controller/v4.3.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v4.3.0.md rename to src/content/changes/platform-api/azure-admission-controller/v4.3.0.md index 27c275b5b5..6fa30a54cd 100644 --- a/src/content/changes/management-api/azure-admission-controller/v4.3.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v4.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#430---2023-01-04 diff --git a/src/content/changes/management-api/azure-admission-controller/v4.3.1.md b/src/content/changes/platform-api/azure-admission-controller/v4.3.1.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v4.3.1.md rename to src/content/changes/platform-api/azure-admission-controller/v4.3.1.md index 499d5e5497..83cd0f4b86 100644 --- a/src/content/changes/management-api/azure-admission-controller/v4.3.1.md +++ b/src/content/changes/platform-api/azure-admission-controller/v4.3.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#431---2023-02-02 diff --git a/src/content/changes/management-api/azure-admission-controller/v4.4.0.md b/src/content/changes/platform-api/azure-admission-controller/v4.4.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v4.4.0.md rename to src/content/changes/platform-api/azure-admission-controller/v4.4.0.md index 7831bd2f4d..d63aed8e4f 100644 --- a/src/content/changes/management-api/azure-admission-controller/v4.4.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v4.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#440---2023-07-14 diff --git a/src/content/changes/management-api/azure-admission-controller/v4.5.0.md b/src/content/changes/platform-api/azure-admission-controller/v4.5.0.md similarity index 97% rename from src/content/changes/management-api/azure-admission-controller/v4.5.0.md rename to src/content/changes/platform-api/azure-admission-controller/v4.5.0.md index 5e086687c4..8c96d4e74d 100644 --- a/src/content/changes/management-api/azure-admission-controller/v4.5.0.md +++ b/src/content/changes/platform-api/azure-admission-controller/v4.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/azure-admission-controller url: https://github.com/giantswarm/azure-admission-controller/blob/master/CHANGELOG.md#450---2023-07-17 diff --git a/src/content/changes/management-api/kyverno-policies/v0.0.1.md b/src/content/changes/platform-api/kyverno-policies/v0.0.1.md similarity index 96% rename from src/content/changes/management-api/kyverno-policies/v0.0.1.md rename to src/content/changes/platform-api/kyverno-policies/v0.0.1.md index 2ce9e01abd..472d0eb9b0 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.0.1.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.0.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#001---2021-06-02 diff --git a/src/content/changes/management-api/kyverno-policies/v0.0.10.md b/src/content/changes/platform-api/kyverno-policies/v0.0.10.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.0.10.md rename to src/content/changes/platform-api/kyverno-policies/v0.0.10.md index 72df2f2409..0ccdb98ae5 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.0.10.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.0.10.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0010---2021-08-18 diff --git a/src/content/changes/management-api/kyverno-policies/v0.0.11.md b/src/content/changes/platform-api/kyverno-policies/v0.0.11.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.0.11.md rename to src/content/changes/platform-api/kyverno-policies/v0.0.11.md index deb2d82f52..d3ba471026 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.0.11.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.0.11.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0011---2021-08-23 diff --git a/src/content/changes/management-api/kyverno-policies/v0.0.2.md b/src/content/changes/platform-api/kyverno-policies/v0.0.2.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.0.2.md rename to src/content/changes/platform-api/kyverno-policies/v0.0.2.md index 3c99e29ae5..7ef0b93b2d 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.0.2.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.0.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#002---2021-07-12 diff --git a/src/content/changes/management-api/kyverno-policies/v0.0.3.md b/src/content/changes/platform-api/kyverno-policies/v0.0.3.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.0.3.md rename to src/content/changes/platform-api/kyverno-policies/v0.0.3.md index 1e1869e06b..e2d7ce4cb4 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.0.3.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.0.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#003---2021-07-13 diff --git a/src/content/changes/management-api/kyverno-policies/v0.0.4.md b/src/content/changes/platform-api/kyverno-policies/v0.0.4.md similarity index 96% rename from src/content/changes/management-api/kyverno-policies/v0.0.4.md rename to src/content/changes/platform-api/kyverno-policies/v0.0.4.md index 27104017ca..1835b68959 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.0.4.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.0.4.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#004---2021-07-14 diff --git a/src/content/changes/management-api/kyverno-policies/v0.0.5.md b/src/content/changes/platform-api/kyverno-policies/v0.0.5.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.0.5.md rename to src/content/changes/platform-api/kyverno-policies/v0.0.5.md index c7c3fd90cc..8b85528c3a 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.0.5.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.0.5.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#005---2021-07-16 diff --git a/src/content/changes/management-api/kyverno-policies/v0.0.6.md b/src/content/changes/platform-api/kyverno-policies/v0.0.6.md similarity index 96% rename from src/content/changes/management-api/kyverno-policies/v0.0.6.md rename to src/content/changes/platform-api/kyverno-policies/v0.0.6.md index 005eef1b06..ed688004fe 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.0.6.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.0.6.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#006---2021-07-16 diff --git a/src/content/changes/management-api/kyverno-policies/v0.0.7.md b/src/content/changes/platform-api/kyverno-policies/v0.0.7.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.0.7.md rename to src/content/changes/platform-api/kyverno-policies/v0.0.7.md index 1c4b154c0a..dad2c9b4d8 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.0.7.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.0.7.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#007---2021-08-11 diff --git a/src/content/changes/management-api/kyverno-policies/v0.0.8.md b/src/content/changes/platform-api/kyverno-policies/v0.0.8.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.0.8.md rename to src/content/changes/platform-api/kyverno-policies/v0.0.8.md index 54b3e12657..935bff7667 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.0.8.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.0.8.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#008---2021-08-17 diff --git a/src/content/changes/management-api/kyverno-policies/v0.0.9.md b/src/content/changes/platform-api/kyverno-policies/v0.0.9.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.0.9.md rename to src/content/changes/platform-api/kyverno-policies/v0.0.9.md index 679a1eff2d..0346ea5fc7 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.0.9.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.0.9.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#009---2021-08-17 diff --git a/src/content/changes/management-api/kyverno-policies/v0.1.0.md b/src/content/changes/platform-api/kyverno-policies/v0.1.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.1.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.1.0.md index b3f2d80600..c6c176e0af 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.1.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#010---2021-08-25 diff --git a/src/content/changes/management-api/kyverno-policies/v0.1.1.md b/src/content/changes/platform-api/kyverno-policies/v0.1.1.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.1.1.md rename to src/content/changes/platform-api/kyverno-policies/v0.1.1.md index d7d95a359b..7925e87ecc 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.1.1.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.1.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#011---2021-08-25 diff --git a/src/content/changes/management-api/kyverno-policies/v0.1.2.md b/src/content/changes/platform-api/kyverno-policies/v0.1.2.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.1.2.md rename to src/content/changes/platform-api/kyverno-policies/v0.1.2.md index 4b7e18c8a0..a44ee37cec 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.1.2.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.1.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#012---2021-08-25 diff --git a/src/content/changes/management-api/kyverno-policies/v0.1.3.md b/src/content/changes/platform-api/kyverno-policies/v0.1.3.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.1.3.md rename to src/content/changes/platform-api/kyverno-policies/v0.1.3.md index e0e09a231a..747be362dc 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.1.3.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.1.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#013---2021-08-27 diff --git a/src/content/changes/management-api/kyverno-policies/v0.10.0.md b/src/content/changes/platform-api/kyverno-policies/v0.10.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.10.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.10.0.md index a971df0239..0b192a52a5 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.10.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.10.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0100---2021-11-19 diff --git a/src/content/changes/management-api/kyverno-policies/v0.11.0.md b/src/content/changes/platform-api/kyverno-policies/v0.11.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.11.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.11.0.md index 523c085efa..a9f807e508 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.11.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.11.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0110---2021-11-30 diff --git a/src/content/changes/management-api/kyverno-policies/v0.12.0.md b/src/content/changes/platform-api/kyverno-policies/v0.12.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.12.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.12.0.md index 70bb345a1f..cb2055cb90 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.12.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.12.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0120---2021-12-09 diff --git a/src/content/changes/management-api/kyverno-policies/v0.13.0.md b/src/content/changes/platform-api/kyverno-policies/v0.13.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.13.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.13.0.md index 8cc32cec12..7b01ae476d 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.13.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.13.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0130---2022-01-05 diff --git a/src/content/changes/management-api/kyverno-policies/v0.13.1.md b/src/content/changes/platform-api/kyverno-policies/v0.13.1.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.13.1.md rename to src/content/changes/platform-api/kyverno-policies/v0.13.1.md index ba5dcfc3d6..fc7fe582bc 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.13.1.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.13.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0131---2022-01-13 diff --git a/src/content/changes/management-api/kyverno-policies/v0.13.2.md b/src/content/changes/platform-api/kyverno-policies/v0.13.2.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.13.2.md rename to src/content/changes/platform-api/kyverno-policies/v0.13.2.md index 8b608400c9..7a6596522e 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.13.2.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.13.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0132---2022-01-13 diff --git a/src/content/changes/management-api/kyverno-policies/v0.14.0.md b/src/content/changes/platform-api/kyverno-policies/v0.14.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.14.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.14.0.md index 82b40a4a5f..ac986dd066 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.14.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.14.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0140---2022-01-19 diff --git a/src/content/changes/management-api/kyverno-policies/v0.15.0.md b/src/content/changes/platform-api/kyverno-policies/v0.15.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.15.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.15.0.md index 94d038b357..6501ea68b7 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.15.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.15.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0150---2022-02-28 diff --git a/src/content/changes/management-api/kyverno-policies/v0.16.0.md b/src/content/changes/platform-api/kyverno-policies/v0.16.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.16.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.16.0.md index f39a0c5072..d285b75ac3 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.16.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.16.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0160---2022-03-02 diff --git a/src/content/changes/management-api/kyverno-policies/v0.17.0.md b/src/content/changes/platform-api/kyverno-policies/v0.17.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.17.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.17.0.md index 3917e487cd..12abdb5510 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.17.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.17.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0170---2022-04-05 diff --git a/src/content/changes/management-api/kyverno-policies/v0.17.1.md b/src/content/changes/platform-api/kyverno-policies/v0.17.1.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.17.1.md rename to src/content/changes/platform-api/kyverno-policies/v0.17.1.md index abaecf65a9..879fc45f0a 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.17.1.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.17.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0171---2022-04-06 diff --git a/src/content/changes/management-api/kyverno-policies/v0.17.2.md b/src/content/changes/platform-api/kyverno-policies/v0.17.2.md similarity index 96% rename from src/content/changes/management-api/kyverno-policies/v0.17.2.md rename to src/content/changes/platform-api/kyverno-policies/v0.17.2.md index ec76d444c4..bca37aa535 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.17.2.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.17.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0172---2022-08-05 diff --git a/src/content/changes/management-api/kyverno-policies/v0.18.0.md b/src/content/changes/platform-api/kyverno-policies/v0.18.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.18.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.18.0.md index 810ba489ef..e000c6565e 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.18.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.18.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0180---2022-11-16 diff --git a/src/content/changes/management-api/kyverno-policies/v0.18.1.md b/src/content/changes/platform-api/kyverno-policies/v0.18.1.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.18.1.md rename to src/content/changes/platform-api/kyverno-policies/v0.18.1.md index 7de11fea64..e3a62a043a 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.18.1.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.18.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0181---2023-02-15 diff --git a/src/content/changes/management-api/kyverno-policies/v0.19.0.md b/src/content/changes/platform-api/kyverno-policies/v0.19.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.19.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.19.0.md index 296570c7d3..c6e08f9db0 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.19.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.19.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0190---2023-05-31 diff --git a/src/content/changes/management-api/kyverno-policies/v0.2.0.md b/src/content/changes/platform-api/kyverno-policies/v0.2.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.2.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.2.0.md index e81bbd13ba..bd31cb3358 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.2.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#020---2021-08-31 diff --git a/src/content/changes/management-api/kyverno-policies/v0.20.0.md b/src/content/changes/platform-api/kyverno-policies/v0.20.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.20.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.20.0.md index e17e95958e..686df8da3c 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.20.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.20.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0200---2023-06-23 diff --git a/src/content/changes/management-api/kyverno-policies/v0.20.1.md b/src/content/changes/platform-api/kyverno-policies/v0.20.1.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.20.1.md rename to src/content/changes/platform-api/kyverno-policies/v0.20.1.md index 3b34c4364f..6cbea8c129 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.20.1.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.20.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0201---2023-09-21 diff --git a/src/content/changes/management-api/kyverno-policies/v0.20.2.md b/src/content/changes/platform-api/kyverno-policies/v0.20.2.md similarity index 96% rename from src/content/changes/management-api/kyverno-policies/v0.20.2.md rename to src/content/changes/platform-api/kyverno-policies/v0.20.2.md index b1ba59444c..55374e786e 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.20.2.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.20.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0202---2023-12-06 diff --git a/src/content/changes/management-api/kyverno-policies/v0.21.0.md b/src/content/changes/platform-api/kyverno-policies/v0.21.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.21.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.21.0.md index 05d5ffde5d..52b864a617 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.21.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.21.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#0210---2024-09-25 diff --git a/src/content/changes/management-api/kyverno-policies/v0.3.0.md b/src/content/changes/platform-api/kyverno-policies/v0.3.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.3.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.3.0.md index 51d2979a65..49dd24bf32 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.3.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#030---2021-09-02 diff --git a/src/content/changes/management-api/kyverno-policies/v0.4.0.md b/src/content/changes/platform-api/kyverno-policies/v0.4.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.4.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.4.0.md index bcbe400c90..0bf99ffb6a 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.4.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#040---2021-09-03 diff --git a/src/content/changes/management-api/kyverno-policies/v0.5.0.md b/src/content/changes/platform-api/kyverno-policies/v0.5.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.5.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.5.0.md index efff7205d6..6878228f3a 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.5.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#050---2021-09-13 diff --git a/src/content/changes/management-api/kyverno-policies/v0.6.0.md b/src/content/changes/platform-api/kyverno-policies/v0.6.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.6.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.6.0.md index b2d266adf6..59395101e5 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.6.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#060---2021-10-05 diff --git a/src/content/changes/management-api/kyverno-policies/v0.6.1.md b/src/content/changes/platform-api/kyverno-policies/v0.6.1.md similarity index 96% rename from src/content/changes/management-api/kyverno-policies/v0.6.1.md rename to src/content/changes/platform-api/kyverno-policies/v0.6.1.md index 1ef78ef07a..318bfea953 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.6.1.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.6.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#061---2021-10-06 diff --git a/src/content/changes/management-api/kyverno-policies/v0.6.2.md b/src/content/changes/platform-api/kyverno-policies/v0.6.2.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.6.2.md rename to src/content/changes/platform-api/kyverno-policies/v0.6.2.md index e26be866e4..876f7e1c92 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.6.2.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.6.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#062---2021-10-11 diff --git a/src/content/changes/management-api/kyverno-policies/v0.7.0.md b/src/content/changes/platform-api/kyverno-policies/v0.7.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.7.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.7.0.md index 3cbafe2f39..59389779fb 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.7.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.7.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#070---2021-10-12 diff --git a/src/content/changes/management-api/kyverno-policies/v0.7.1.md b/src/content/changes/platform-api/kyverno-policies/v0.7.1.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.7.1.md rename to src/content/changes/platform-api/kyverno-policies/v0.7.1.md index ed078709a1..09bfb3df0c 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.7.1.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.7.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#071---2021-10-12 diff --git a/src/content/changes/management-api/kyverno-policies/v0.8.0.md b/src/content/changes/platform-api/kyverno-policies/v0.8.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.8.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.8.0.md index 0ae6456110..91c7bf5ccf 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.8.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.8.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#080---2021-10-13 diff --git a/src/content/changes/management-api/kyverno-policies/v0.9.0.md b/src/content/changes/platform-api/kyverno-policies/v0.9.0.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.9.0.md rename to src/content/changes/platform-api/kyverno-policies/v0.9.0.md index 4c5b776892..7a4c31d0af 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.9.0.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.9.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#090---2021-10-19 diff --git a/src/content/changes/management-api/kyverno-policies/v0.9.1.md b/src/content/changes/platform-api/kyverno-policies/v0.9.1.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.9.1.md rename to src/content/changes/platform-api/kyverno-policies/v0.9.1.md index 85bd7c182d..75d60dcc61 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.9.1.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.9.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#091---2021-10-20 diff --git a/src/content/changes/management-api/kyverno-policies/v0.9.2.md b/src/content/changes/platform-api/kyverno-policies/v0.9.2.md similarity index 97% rename from src/content/changes/management-api/kyverno-policies/v0.9.2.md rename to src/content/changes/platform-api/kyverno-policies/v0.9.2.md index 974887064a..936136305c 100644 --- a/src/content/changes/management-api/kyverno-policies/v0.9.2.md +++ b/src/content/changes/platform-api/kyverno-policies/v0.9.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/kyverno-policies url: https://github.com/giantswarm/kyverno-policies/blob/master/CHANGELOG.md#092---2021-10-26 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.1.0.md b/src/content/changes/platform-api/management-cluster-admission/v0.1.0.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.1.0.md rename to src/content/changes/platform-api/management-cluster-admission/v0.1.0.md index bc009cc16c..0767f271e1 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.1.0.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#010---2021-04-09 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.1.1.md b/src/content/changes/platform-api/management-cluster-admission/v0.1.1.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.1.1.md rename to src/content/changes/platform-api/management-cluster-admission/v0.1.1.md index cd881704c5..58a86636e0 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.1.1.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.1.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#011---2021-04-12 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.1.2.md b/src/content/changes/platform-api/management-cluster-admission/v0.1.2.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.1.2.md rename to src/content/changes/platform-api/management-cluster-admission/v0.1.2.md index 2e752a21f3..7895a4fa74 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.1.2.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.1.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#012---2021-04-12 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.2.0.md b/src/content/changes/platform-api/management-cluster-admission/v0.2.0.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.2.0.md rename to src/content/changes/platform-api/management-cluster-admission/v0.2.0.md index 9b359e4ec6..4a442fd7dd 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.2.0.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#020---2021-04-20 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.2.1.md b/src/content/changes/platform-api/management-cluster-admission/v0.2.1.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.2.1.md rename to src/content/changes/platform-api/management-cluster-admission/v0.2.1.md index 3f5f39a688..a9a5bd3189 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.2.1.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.2.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#021---2021-05-04 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.3.0.md b/src/content/changes/platform-api/management-cluster-admission/v0.3.0.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.3.0.md rename to src/content/changes/platform-api/management-cluster-admission/v0.3.0.md index 8b7513373d..58ff12303c 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.3.0.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#030---2021-05-10 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.4.0.md b/src/content/changes/platform-api/management-cluster-admission/v0.4.0.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.4.0.md rename to src/content/changes/platform-api/management-cluster-admission/v0.4.0.md index 5d8caaf1ee..9087766cf3 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.4.0.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#040---2021-05-13 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.5.0.md b/src/content/changes/platform-api/management-cluster-admission/v0.5.0.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.5.0.md rename to src/content/changes/platform-api/management-cluster-admission/v0.5.0.md index 552929f79e..775c39de05 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.5.0.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#050---2021-08-05 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.6.0.md b/src/content/changes/platform-api/management-cluster-admission/v0.6.0.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.6.0.md rename to src/content/changes/platform-api/management-cluster-admission/v0.6.0.md index ccff522c05..c8a7bfff8a 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.6.0.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#060---2021-08-11 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.6.1.md b/src/content/changes/platform-api/management-cluster-admission/v0.6.1.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.6.1.md rename to src/content/changes/platform-api/management-cluster-admission/v0.6.1.md index f54d281583..d9ebb9e5af 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.6.1.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.6.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#061---2021-09-09 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.6.2.md b/src/content/changes/platform-api/management-cluster-admission/v0.6.2.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.6.2.md rename to src/content/changes/platform-api/management-cluster-admission/v0.6.2.md index 0aa9318b03..0ce8a68893 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.6.2.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.6.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#062---2021-09-10 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.6.3.md b/src/content/changes/platform-api/management-cluster-admission/v0.6.3.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.6.3.md rename to src/content/changes/platform-api/management-cluster-admission/v0.6.3.md index cc9284eb11..8119d367c7 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.6.3.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.6.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#063---2022-02-01 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.7.0.md b/src/content/changes/platform-api/management-cluster-admission/v0.7.0.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.7.0.md rename to src/content/changes/platform-api/management-cluster-admission/v0.7.0.md index be281d5e10..e3b2e99784 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.7.0.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.7.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#070---2022-03-31 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.8.0.md b/src/content/changes/platform-api/management-cluster-admission/v0.8.0.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.8.0.md rename to src/content/changes/platform-api/management-cluster-admission/v0.8.0.md index a1b4167f7e..837d19d903 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.8.0.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.8.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#080---2022-12-08 diff --git a/src/content/changes/management-api/management-cluster-admission/v0.8.1.md b/src/content/changes/platform-api/management-cluster-admission/v0.8.1.md similarity index 97% rename from src/content/changes/management-api/management-cluster-admission/v0.8.1.md rename to src/content/changes/platform-api/management-cluster-admission/v0.8.1.md index 1dd75198e2..1ba1c0e903 100644 --- a/src/content/changes/management-api/management-cluster-admission/v0.8.1.md +++ b/src/content/changes/platform-api/management-cluster-admission/v0.8.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/management-cluster-admission url: https://github.com/giantswarm/management-cluster-admission/blob/master/CHANGELOG.md#081---2023-01-27 diff --git a/src/content/changes/management-api/organization-operator/v0.1.0.md b/src/content/changes/platform-api/organization-operator/v0.1.0.md similarity index 96% rename from src/content/changes/management-api/organization-operator/v0.1.0.md rename to src/content/changes/platform-api/organization-operator/v0.1.0.md index ba95f05111..83bc294bf0 100644 --- a/src/content/changes/management-api/organization-operator/v0.1.0.md +++ b/src/content/changes/platform-api/organization-operator/v0.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#010---2020-06-03 diff --git a/src/content/changes/management-api/organization-operator/v0.10.0.md b/src/content/changes/platform-api/organization-operator/v0.10.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v0.10.0.md rename to src/content/changes/platform-api/organization-operator/v0.10.0.md index de9a5e0a5a..2fc27e6e0a 100644 --- a/src/content/changes/management-api/organization-operator/v0.10.0.md +++ b/src/content/changes/platform-api/organization-operator/v0.10.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#0100---2021-10-12 diff --git a/src/content/changes/management-api/organization-operator/v0.10.1.md b/src/content/changes/platform-api/organization-operator/v0.10.1.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v0.10.1.md rename to src/content/changes/platform-api/organization-operator/v0.10.1.md index aeef28d6b2..16359d573a 100644 --- a/src/content/changes/management-api/organization-operator/v0.10.1.md +++ b/src/content/changes/platform-api/organization-operator/v0.10.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#0101---2021-10-26 diff --git a/src/content/changes/management-api/organization-operator/v0.10.2.md b/src/content/changes/platform-api/organization-operator/v0.10.2.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v0.10.2.md rename to src/content/changes/platform-api/organization-operator/v0.10.2.md index c9f5e4e5b2..7712e49168 100644 --- a/src/content/changes/management-api/organization-operator/v0.10.2.md +++ b/src/content/changes/platform-api/organization-operator/v0.10.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#0102---2021-10-28 diff --git a/src/content/changes/management-api/organization-operator/v0.10.3.md b/src/content/changes/platform-api/organization-operator/v0.10.3.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v0.10.3.md rename to src/content/changes/platform-api/organization-operator/v0.10.3.md index 1bc589c445..6b7e8ff7fb 100644 --- a/src/content/changes/management-api/organization-operator/v0.10.3.md +++ b/src/content/changes/platform-api/organization-operator/v0.10.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#0103---2022-01-12 diff --git a/src/content/changes/management-api/organization-operator/v0.2.0.md b/src/content/changes/platform-api/organization-operator/v0.2.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v0.2.0.md rename to src/content/changes/platform-api/organization-operator/v0.2.0.md index 705c1b3666..5666b9b4a4 100644 --- a/src/content/changes/management-api/organization-operator/v0.2.0.md +++ b/src/content/changes/platform-api/organization-operator/v0.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#020---2020-08-13 diff --git a/src/content/changes/management-api/organization-operator/v0.3.0.md b/src/content/changes/platform-api/organization-operator/v0.3.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v0.3.0.md rename to src/content/changes/platform-api/organization-operator/v0.3.0.md index e7f0e06fed..e33afdf7df 100644 --- a/src/content/changes/management-api/organization-operator/v0.3.0.md +++ b/src/content/changes/platform-api/organization-operator/v0.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#030---2020-08-14 diff --git a/src/content/changes/management-api/organization-operator/v0.4.0.md b/src/content/changes/platform-api/organization-operator/v0.4.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v0.4.0.md rename to src/content/changes/platform-api/organization-operator/v0.4.0.md index 7876026d8c..a17fdc4186 100644 --- a/src/content/changes/management-api/organization-operator/v0.4.0.md +++ b/src/content/changes/platform-api/organization-operator/v0.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#040---2020-08-21 diff --git a/src/content/changes/management-api/organization-operator/v0.5.0.md b/src/content/changes/platform-api/organization-operator/v0.5.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v0.5.0.md rename to src/content/changes/platform-api/organization-operator/v0.5.0.md index 96b34e90e9..d816fb5301 100644 --- a/src/content/changes/management-api/organization-operator/v0.5.0.md +++ b/src/content/changes/platform-api/organization-operator/v0.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#050---2020-09-24 diff --git a/src/content/changes/management-api/organization-operator/v0.6.0.md b/src/content/changes/platform-api/organization-operator/v0.6.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v0.6.0.md rename to src/content/changes/platform-api/organization-operator/v0.6.0.md index 025d2962c6..b5d9970947 100644 --- a/src/content/changes/management-api/organization-operator/v0.6.0.md +++ b/src/content/changes/platform-api/organization-operator/v0.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#060---2021-05-17 diff --git a/src/content/changes/management-api/organization-operator/v0.7.0.md b/src/content/changes/platform-api/organization-operator/v0.7.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v0.7.0.md rename to src/content/changes/platform-api/organization-operator/v0.7.0.md index a47cc8d55f..45edb7db10 100644 --- a/src/content/changes/management-api/organization-operator/v0.7.0.md +++ b/src/content/changes/platform-api/organization-operator/v0.7.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#070---2021-05-21 diff --git a/src/content/changes/management-api/organization-operator/v0.8.0.md b/src/content/changes/platform-api/organization-operator/v0.8.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v0.8.0.md rename to src/content/changes/platform-api/organization-operator/v0.8.0.md index 0c2c367a39..577103b281 100644 --- a/src/content/changes/management-api/organization-operator/v0.8.0.md +++ b/src/content/changes/platform-api/organization-operator/v0.8.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#080---2021-05-24 diff --git a/src/content/changes/management-api/organization-operator/v0.9.0.md b/src/content/changes/platform-api/organization-operator/v0.9.0.md similarity index 98% rename from src/content/changes/management-api/organization-operator/v0.9.0.md rename to src/content/changes/platform-api/organization-operator/v0.9.0.md index 3f57fcafa7..2e52d07c84 100644 --- a/src/content/changes/management-api/organization-operator/v0.9.0.md +++ b/src/content/changes/platform-api/organization-operator/v0.9.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#090---2021-07-05 diff --git a/src/content/changes/management-api/organization-operator/v1.0.0.md b/src/content/changes/platform-api/organization-operator/v1.0.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.0.0.md rename to src/content/changes/platform-api/organization-operator/v1.0.0.md index 024d33d80f..e2469d5f84 100644 --- a/src/content/changes/management-api/organization-operator/v1.0.0.md +++ b/src/content/changes/platform-api/organization-operator/v1.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#100---2022-03-25 diff --git a/src/content/changes/management-api/organization-operator/v1.0.1.md b/src/content/changes/platform-api/organization-operator/v1.0.1.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.0.1.md rename to src/content/changes/platform-api/organization-operator/v1.0.1.md index e17408d7b2..700d2edbfb 100644 --- a/src/content/changes/management-api/organization-operator/v1.0.1.md +++ b/src/content/changes/platform-api/organization-operator/v1.0.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#101---2022-03-31 diff --git a/src/content/changes/management-api/organization-operator/v1.0.2.md b/src/content/changes/platform-api/organization-operator/v1.0.2.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.0.2.md rename to src/content/changes/platform-api/organization-operator/v1.0.2.md index 9ee678cedb..b5ce536377 100644 --- a/src/content/changes/management-api/organization-operator/v1.0.2.md +++ b/src/content/changes/platform-api/organization-operator/v1.0.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#102---2022-03-31 diff --git a/src/content/changes/management-api/organization-operator/v1.0.3.md b/src/content/changes/platform-api/organization-operator/v1.0.3.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.0.3.md rename to src/content/changes/platform-api/organization-operator/v1.0.3.md index 1b8d8cd5ad..2df7aab05f 100644 --- a/src/content/changes/management-api/organization-operator/v1.0.3.md +++ b/src/content/changes/platform-api/organization-operator/v1.0.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#103---2022-08-05 diff --git a/src/content/changes/management-api/organization-operator/v1.0.4.md b/src/content/changes/platform-api/organization-operator/v1.0.4.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.0.4.md rename to src/content/changes/platform-api/organization-operator/v1.0.4.md index c3be884377..fb9cd2fe80 100644 --- a/src/content/changes/management-api/organization-operator/v1.0.4.md +++ b/src/content/changes/platform-api/organization-operator/v1.0.4.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#104---2022-11-15 diff --git a/src/content/changes/management-api/organization-operator/v1.0.5.md b/src/content/changes/platform-api/organization-operator/v1.0.5.md similarity index 96% rename from src/content/changes/management-api/organization-operator/v1.0.5.md rename to src/content/changes/platform-api/organization-operator/v1.0.5.md index 6d82164e4d..c1106cdbf5 100644 --- a/src/content/changes/management-api/organization-operator/v1.0.5.md +++ b/src/content/changes/platform-api/organization-operator/v1.0.5.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#105---2023-01-16 diff --git a/src/content/changes/management-api/organization-operator/v1.0.6.md b/src/content/changes/platform-api/organization-operator/v1.0.6.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.0.6.md rename to src/content/changes/platform-api/organization-operator/v1.0.6.md index 0f525bf76d..a778337276 100644 --- a/src/content/changes/management-api/organization-operator/v1.0.6.md +++ b/src/content/changes/platform-api/organization-operator/v1.0.6.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#106---2023-03-22 diff --git a/src/content/changes/management-api/organization-operator/v1.0.7.md b/src/content/changes/platform-api/organization-operator/v1.0.7.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.0.7.md rename to src/content/changes/platform-api/organization-operator/v1.0.7.md index 3aa7804873..f8c6d4735f 100644 --- a/src/content/changes/management-api/organization-operator/v1.0.7.md +++ b/src/content/changes/platform-api/organization-operator/v1.0.7.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#107---2023-04-25 diff --git a/src/content/changes/management-api/organization-operator/v1.1.0.md b/src/content/changes/platform-api/organization-operator/v1.1.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.1.0.md rename to src/content/changes/platform-api/organization-operator/v1.1.0.md index 1144a36714..05e62cdc7c 100644 --- a/src/content/changes/management-api/organization-operator/v1.1.0.md +++ b/src/content/changes/platform-api/organization-operator/v1.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#110---2023-06-19 diff --git a/src/content/changes/management-api/organization-operator/v1.2.0.md b/src/content/changes/platform-api/organization-operator/v1.2.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.2.0.md rename to src/content/changes/platform-api/organization-operator/v1.2.0.md index 2e4b5c092c..70302ff213 100644 --- a/src/content/changes/management-api/organization-operator/v1.2.0.md +++ b/src/content/changes/platform-api/organization-operator/v1.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#120---2023-06-19 diff --git a/src/content/changes/management-api/organization-operator/v1.3.0.md b/src/content/changes/platform-api/organization-operator/v1.3.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.3.0.md rename to src/content/changes/platform-api/organization-operator/v1.3.0.md index 1334297ac0..7414870296 100644 --- a/src/content/changes/management-api/organization-operator/v1.3.0.md +++ b/src/content/changes/platform-api/organization-operator/v1.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#130---2023-06-28 diff --git a/src/content/changes/management-api/organization-operator/v1.4.0.md b/src/content/changes/platform-api/organization-operator/v1.4.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.4.0.md rename to src/content/changes/platform-api/organization-operator/v1.4.0.md index 648566166c..8e73c5eb55 100644 --- a/src/content/changes/management-api/organization-operator/v1.4.0.md +++ b/src/content/changes/platform-api/organization-operator/v1.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#140---2023-07-04 diff --git a/src/content/changes/management-api/organization-operator/v1.5.0.md b/src/content/changes/platform-api/organization-operator/v1.5.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.5.0.md rename to src/content/changes/platform-api/organization-operator/v1.5.0.md index e33ff07da3..3b4da8afc6 100644 --- a/src/content/changes/management-api/organization-operator/v1.5.0.md +++ b/src/content/changes/platform-api/organization-operator/v1.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#150---2023-10-02 diff --git a/src/content/changes/management-api/organization-operator/v1.6.0.md b/src/content/changes/platform-api/organization-operator/v1.6.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.6.0.md rename to src/content/changes/platform-api/organization-operator/v1.6.0.md index e286f4fd34..3bf6a4b2ec 100644 --- a/src/content/changes/management-api/organization-operator/v1.6.0.md +++ b/src/content/changes/platform-api/organization-operator/v1.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#160---2023-10-03 diff --git a/src/content/changes/management-api/organization-operator/v1.6.1.md b/src/content/changes/platform-api/organization-operator/v1.6.1.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.6.1.md rename to src/content/changes/platform-api/organization-operator/v1.6.1.md index 68c3920758..4096990f09 100644 --- a/src/content/changes/management-api/organization-operator/v1.6.1.md +++ b/src/content/changes/platform-api/organization-operator/v1.6.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#161---2024-02-27 diff --git a/src/content/changes/management-api/organization-operator/v1.6.2.md b/src/content/changes/platform-api/organization-operator/v1.6.2.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.6.2.md rename to src/content/changes/platform-api/organization-operator/v1.6.2.md index d689eca6e2..896bc5b2b1 100644 --- a/src/content/changes/management-api/organization-operator/v1.6.2.md +++ b/src/content/changes/platform-api/organization-operator/v1.6.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#162---2024-03-12 diff --git a/src/content/changes/management-api/organization-operator/v1.6.3.md b/src/content/changes/platform-api/organization-operator/v1.6.3.md similarity index 96% rename from src/content/changes/management-api/organization-operator/v1.6.3.md rename to src/content/changes/platform-api/organization-operator/v1.6.3.md index c037092248..47daecab54 100644 --- a/src/content/changes/management-api/organization-operator/v1.6.3.md +++ b/src/content/changes/platform-api/organization-operator/v1.6.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#163---2024-03-12 diff --git a/src/content/changes/management-api/organization-operator/v1.6.4.md b/src/content/changes/platform-api/organization-operator/v1.6.4.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v1.6.4.md rename to src/content/changes/platform-api/organization-operator/v1.6.4.md index d527fc280e..ae70ff3936 100644 --- a/src/content/changes/management-api/organization-operator/v1.6.4.md +++ b/src/content/changes/platform-api/organization-operator/v1.6.4.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#164---2024-07-30 diff --git a/src/content/changes/management-api/organization-operator/v2.0.0.md b/src/content/changes/platform-api/organization-operator/v2.0.0.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v2.0.0.md rename to src/content/changes/platform-api/organization-operator/v2.0.0.md index 9b47dc84ed..f0146c7df0 100644 --- a/src/content/changes/management-api/organization-operator/v2.0.0.md +++ b/src/content/changes/platform-api/organization-operator/v2.0.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#200---2024-08-07 diff --git a/src/content/changes/management-api/organization-operator/v2.0.1.md b/src/content/changes/platform-api/organization-operator/v2.0.1.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v2.0.1.md rename to src/content/changes/platform-api/organization-operator/v2.0.1.md index 0779f2c2ce..69a852a723 100644 --- a/src/content/changes/management-api/organization-operator/v2.0.1.md +++ b/src/content/changes/platform-api/organization-operator/v2.0.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#201---2024-08-13 diff --git a/src/content/changes/management-api/organization-operator/v2.0.2.md b/src/content/changes/platform-api/organization-operator/v2.0.2.md similarity index 97% rename from src/content/changes/management-api/organization-operator/v2.0.2.md rename to src/content/changes/platform-api/organization-operator/v2.0.2.md index eec54ab8ea..3c0dee0126 100644 --- a/src/content/changes/management-api/organization-operator/v2.0.2.md +++ b/src/content/changes/platform-api/organization-operator/v2.0.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/organization-operator url: https://github.com/giantswarm/organization-operator/blob/master/CHANGELOG.md#202---2024-10-17 diff --git a/src/content/changes/management-api/rbac-operator/v0.1.0.md b/src/content/changes/platform-api/rbac-operator/v0.1.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.1.0.md rename to src/content/changes/platform-api/rbac-operator/v0.1.0.md index 68b1d382e8..145f3793ea 100644 --- a/src/content/changes/management-api/rbac-operator/v0.1.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.1.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#010--2020-03-13 diff --git a/src/content/changes/management-api/rbac-operator/v0.10.0.md b/src/content/changes/platform-api/rbac-operator/v0.10.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.10.0.md rename to src/content/changes/platform-api/rbac-operator/v0.10.0.md index 16dbfe07a3..3289eb6361 100644 --- a/src/content/changes/management-api/rbac-operator/v0.10.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.10.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0100---2021-03-23 diff --git a/src/content/changes/management-api/rbac-operator/v0.11.0.md b/src/content/changes/platform-api/rbac-operator/v0.11.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.11.0.md rename to src/content/changes/platform-api/rbac-operator/v0.11.0.md index ea582dd487..454151840c 100644 --- a/src/content/changes/management-api/rbac-operator/v0.11.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.11.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0110---2021-03-25 diff --git a/src/content/changes/management-api/rbac-operator/v0.12.0.md b/src/content/changes/platform-api/rbac-operator/v0.12.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.12.0.md rename to src/content/changes/platform-api/rbac-operator/v0.12.0.md index 18d17874e7..accd85b86a 100644 --- a/src/content/changes/management-api/rbac-operator/v0.12.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.12.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0120---2021-03-30 diff --git a/src/content/changes/management-api/rbac-operator/v0.13.0.md b/src/content/changes/platform-api/rbac-operator/v0.13.0.md similarity index 96% rename from src/content/changes/management-api/rbac-operator/v0.13.0.md rename to src/content/changes/platform-api/rbac-operator/v0.13.0.md index 798572c4b2..b61b0d91f9 100644 --- a/src/content/changes/management-api/rbac-operator/v0.13.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.13.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0130---2021-04-26 diff --git a/src/content/changes/management-api/rbac-operator/v0.14.0.md b/src/content/changes/platform-api/rbac-operator/v0.14.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.14.0.md rename to src/content/changes/platform-api/rbac-operator/v0.14.0.md index 5cef7791cf..f4673c1049 100644 --- a/src/content/changes/management-api/rbac-operator/v0.14.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.14.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0140---2021-04-26 diff --git a/src/content/changes/management-api/rbac-operator/v0.15.0.md b/src/content/changes/platform-api/rbac-operator/v0.15.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.15.0.md rename to src/content/changes/platform-api/rbac-operator/v0.15.0.md index f1c758bac1..10d4ad5d2a 100644 --- a/src/content/changes/management-api/rbac-operator/v0.15.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.15.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0150---2021-05-25 diff --git a/src/content/changes/management-api/rbac-operator/v0.16.0.md b/src/content/changes/platform-api/rbac-operator/v0.16.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.16.0.md rename to src/content/changes/platform-api/rbac-operator/v0.16.0.md index 34fac68653..ba792491b5 100644 --- a/src/content/changes/management-api/rbac-operator/v0.16.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.16.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0160---2021-10-07 diff --git a/src/content/changes/management-api/rbac-operator/v0.17.0.md b/src/content/changes/platform-api/rbac-operator/v0.17.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.17.0.md rename to src/content/changes/platform-api/rbac-operator/v0.17.0.md index 0dc7c5ad28..33b3c79fd9 100644 --- a/src/content/changes/management-api/rbac-operator/v0.17.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.17.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0170---2021-11-04 diff --git a/src/content/changes/management-api/rbac-operator/v0.18.0.md b/src/content/changes/platform-api/rbac-operator/v0.18.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.18.0.md rename to src/content/changes/platform-api/rbac-operator/v0.18.0.md index ed28e5aad0..2fd291cd99 100644 --- a/src/content/changes/management-api/rbac-operator/v0.18.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.18.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0180---2021-11-11 diff --git a/src/content/changes/management-api/rbac-operator/v0.18.1.md b/src/content/changes/platform-api/rbac-operator/v0.18.1.md similarity index 96% rename from src/content/changes/management-api/rbac-operator/v0.18.1.md rename to src/content/changes/platform-api/rbac-operator/v0.18.1.md index a28b105964..66612f611d 100644 --- a/src/content/changes/management-api/rbac-operator/v0.18.1.md +++ b/src/content/changes/platform-api/rbac-operator/v0.18.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0181---2021-11-17 diff --git a/src/content/changes/management-api/rbac-operator/v0.18.2.md b/src/content/changes/platform-api/rbac-operator/v0.18.2.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.18.2.md rename to src/content/changes/platform-api/rbac-operator/v0.18.2.md index 2ea5d9fe0d..932c7d14cc 100644 --- a/src/content/changes/management-api/rbac-operator/v0.18.2.md +++ b/src/content/changes/platform-api/rbac-operator/v0.18.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0182---2021-11-22 diff --git a/src/content/changes/management-api/rbac-operator/v0.18.3.md b/src/content/changes/platform-api/rbac-operator/v0.18.3.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.18.3.md rename to src/content/changes/platform-api/rbac-operator/v0.18.3.md index f7c2895e4a..1d581f7059 100644 --- a/src/content/changes/management-api/rbac-operator/v0.18.3.md +++ b/src/content/changes/platform-api/rbac-operator/v0.18.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0183---2021-11-22 diff --git a/src/content/changes/management-api/rbac-operator/v0.18.4.md b/src/content/changes/platform-api/rbac-operator/v0.18.4.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.18.4.md rename to src/content/changes/platform-api/rbac-operator/v0.18.4.md index e829579c57..f1487898fa 100644 --- a/src/content/changes/management-api/rbac-operator/v0.18.4.md +++ b/src/content/changes/platform-api/rbac-operator/v0.18.4.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0184---2021-12-10 diff --git a/src/content/changes/management-api/rbac-operator/v0.19.0.md b/src/content/changes/platform-api/rbac-operator/v0.19.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.19.0.md rename to src/content/changes/platform-api/rbac-operator/v0.19.0.md index 37bbb0faec..bf0468ec30 100644 --- a/src/content/changes/management-api/rbac-operator/v0.19.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.19.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0190---2021-12-17 diff --git a/src/content/changes/management-api/rbac-operator/v0.19.1.md b/src/content/changes/platform-api/rbac-operator/v0.19.1.md similarity index 96% rename from src/content/changes/management-api/rbac-operator/v0.19.1.md rename to src/content/changes/platform-api/rbac-operator/v0.19.1.md index f125c3c690..ac2f4919ac 100644 --- a/src/content/changes/management-api/rbac-operator/v0.19.1.md +++ b/src/content/changes/platform-api/rbac-operator/v0.19.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0191---2022-02-02 diff --git a/src/content/changes/management-api/rbac-operator/v0.2.0.md b/src/content/changes/platform-api/rbac-operator/v0.2.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.2.0.md rename to src/content/changes/platform-api/rbac-operator/v0.2.0.md index b0df18b25f..267a664e1e 100644 --- a/src/content/changes/management-api/rbac-operator/v0.2.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.2.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#020--2020-03-13 diff --git a/src/content/changes/management-api/rbac-operator/v0.20.0.md b/src/content/changes/platform-api/rbac-operator/v0.20.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.20.0.md rename to src/content/changes/platform-api/rbac-operator/v0.20.0.md index 49902cd154..89eb2e9543 100644 --- a/src/content/changes/management-api/rbac-operator/v0.20.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.20.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0200---2022-02-07 diff --git a/src/content/changes/management-api/rbac-operator/v0.21.0.md b/src/content/changes/platform-api/rbac-operator/v0.21.0.md similarity index 98% rename from src/content/changes/management-api/rbac-operator/v0.21.0.md rename to src/content/changes/platform-api/rbac-operator/v0.21.0.md index db7308559b..ebb162b72b 100644 --- a/src/content/changes/management-api/rbac-operator/v0.21.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.21.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0210---2022-02-16 diff --git a/src/content/changes/management-api/rbac-operator/v0.22.0.md b/src/content/changes/platform-api/rbac-operator/v0.22.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.22.0.md rename to src/content/changes/platform-api/rbac-operator/v0.22.0.md index 87869e4396..ee50733284 100644 --- a/src/content/changes/management-api/rbac-operator/v0.22.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.22.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0220---2022-02-18 diff --git a/src/content/changes/management-api/rbac-operator/v0.22.1.md b/src/content/changes/platform-api/rbac-operator/v0.22.1.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.22.1.md rename to src/content/changes/platform-api/rbac-operator/v0.22.1.md index 27930be59e..35504d9962 100644 --- a/src/content/changes/management-api/rbac-operator/v0.22.1.md +++ b/src/content/changes/platform-api/rbac-operator/v0.22.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0221---2022-02-21 diff --git a/src/content/changes/management-api/rbac-operator/v0.23.0.md b/src/content/changes/platform-api/rbac-operator/v0.23.0.md similarity index 98% rename from src/content/changes/management-api/rbac-operator/v0.23.0.md rename to src/content/changes/platform-api/rbac-operator/v0.23.0.md index 12871d02df..dbc848efc1 100644 --- a/src/content/changes/management-api/rbac-operator/v0.23.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.23.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0230---2022-03-02 diff --git a/src/content/changes/management-api/rbac-operator/v0.24.0.md b/src/content/changes/platform-api/rbac-operator/v0.24.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.24.0.md rename to src/content/changes/platform-api/rbac-operator/v0.24.0.md index 74148f2692..e8b208e3ed 100644 --- a/src/content/changes/management-api/rbac-operator/v0.24.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.24.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0240---2022-03-30 diff --git a/src/content/changes/management-api/rbac-operator/v0.25.0.md b/src/content/changes/platform-api/rbac-operator/v0.25.0.md similarity index 98% rename from src/content/changes/management-api/rbac-operator/v0.25.0.md rename to src/content/changes/platform-api/rbac-operator/v0.25.0.md index 74d4f6d218..a658ca2eba 100644 --- a/src/content/changes/management-api/rbac-operator/v0.25.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.25.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0250---2022-03-31 diff --git a/src/content/changes/management-api/rbac-operator/v0.26.0.md b/src/content/changes/platform-api/rbac-operator/v0.26.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.26.0.md rename to src/content/changes/platform-api/rbac-operator/v0.26.0.md index 7b952e3b4b..e5b35d419b 100644 --- a/src/content/changes/management-api/rbac-operator/v0.26.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.26.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0260---2022-04-01 diff --git a/src/content/changes/management-api/rbac-operator/v0.27.0.md b/src/content/changes/platform-api/rbac-operator/v0.27.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.27.0.md rename to src/content/changes/platform-api/rbac-operator/v0.27.0.md index 7ddf47fe0b..13f5772cd1 100644 --- a/src/content/changes/management-api/rbac-operator/v0.27.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.27.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0270---2022-04-28 diff --git a/src/content/changes/management-api/rbac-operator/v0.28.0.md b/src/content/changes/platform-api/rbac-operator/v0.28.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.28.0.md rename to src/content/changes/platform-api/rbac-operator/v0.28.0.md index daa9e90f77..f716d79eb5 100644 --- a/src/content/changes/management-api/rbac-operator/v0.28.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.28.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0280---2022-05-16 diff --git a/src/content/changes/management-api/rbac-operator/v0.28.1.md b/src/content/changes/platform-api/rbac-operator/v0.28.1.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.28.1.md rename to src/content/changes/platform-api/rbac-operator/v0.28.1.md index dd9949160a..c289dd03da 100644 --- a/src/content/changes/management-api/rbac-operator/v0.28.1.md +++ b/src/content/changes/platform-api/rbac-operator/v0.28.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0281---2022-05-18 diff --git a/src/content/changes/management-api/rbac-operator/v0.29.0.md b/src/content/changes/platform-api/rbac-operator/v0.29.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.29.0.md rename to src/content/changes/platform-api/rbac-operator/v0.29.0.md index 09b39615fb..4878d622e9 100644 --- a/src/content/changes/management-api/rbac-operator/v0.29.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.29.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0290---2022-05-30 diff --git a/src/content/changes/management-api/rbac-operator/v0.3.0.md b/src/content/changes/platform-api/rbac-operator/v0.3.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.3.0.md rename to src/content/changes/platform-api/rbac-operator/v0.3.0.md index 59bb182eb8..11cd092ec6 100644 --- a/src/content/changes/management-api/rbac-operator/v0.3.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.3.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#030--2020-04-06 diff --git a/src/content/changes/management-api/rbac-operator/v0.3.2.md b/src/content/changes/platform-api/rbac-operator/v0.3.2.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.3.2.md rename to src/content/changes/platform-api/rbac-operator/v0.3.2.md index 73c6d484ee..895e45a99e 100644 --- a/src/content/changes/management-api/rbac-operator/v0.3.2.md +++ b/src/content/changes/platform-api/rbac-operator/v0.3.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#032--2020-04-23 diff --git a/src/content/changes/management-api/rbac-operator/v0.3.3.md b/src/content/changes/platform-api/rbac-operator/v0.3.3.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.3.3.md rename to src/content/changes/platform-api/rbac-operator/v0.3.3.md index c3264ddb79..ea6beb960e 100644 --- a/src/content/changes/management-api/rbac-operator/v0.3.3.md +++ b/src/content/changes/platform-api/rbac-operator/v0.3.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#033---2020-05-13 diff --git a/src/content/changes/management-api/rbac-operator/v0.30.0.md b/src/content/changes/platform-api/rbac-operator/v0.30.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.30.0.md rename to src/content/changes/platform-api/rbac-operator/v0.30.0.md index f79ae302ad..6af94d1dae 100644 --- a/src/content/changes/management-api/rbac-operator/v0.30.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.30.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0300---2022-08-02 diff --git a/src/content/changes/management-api/rbac-operator/v0.30.1.md b/src/content/changes/platform-api/rbac-operator/v0.30.1.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.30.1.md rename to src/content/changes/platform-api/rbac-operator/v0.30.1.md index 0d758aae8a..5bbba9ce21 100644 --- a/src/content/changes/management-api/rbac-operator/v0.30.1.md +++ b/src/content/changes/platform-api/rbac-operator/v0.30.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0301---2022-08-03 diff --git a/src/content/changes/management-api/rbac-operator/v0.30.2.md b/src/content/changes/platform-api/rbac-operator/v0.30.2.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.30.2.md rename to src/content/changes/platform-api/rbac-operator/v0.30.2.md index a8be962ee5..3e0b756eb8 100644 --- a/src/content/changes/management-api/rbac-operator/v0.30.2.md +++ b/src/content/changes/platform-api/rbac-operator/v0.30.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0302---2022-08-11 diff --git a/src/content/changes/management-api/rbac-operator/v0.30.3.md b/src/content/changes/platform-api/rbac-operator/v0.30.3.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.30.3.md rename to src/content/changes/platform-api/rbac-operator/v0.30.3.md index 67ce90110d..5de20b5ea2 100644 --- a/src/content/changes/management-api/rbac-operator/v0.30.3.md +++ b/src/content/changes/platform-api/rbac-operator/v0.30.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0303---2022-10-26 diff --git a/src/content/changes/management-api/rbac-operator/v0.31.0.md b/src/content/changes/platform-api/rbac-operator/v0.31.0.md similarity index 96% rename from src/content/changes/management-api/rbac-operator/v0.31.0.md rename to src/content/changes/platform-api/rbac-operator/v0.31.0.md index 4bc4a94e93..264965bab4 100644 --- a/src/content/changes/management-api/rbac-operator/v0.31.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.31.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0310---2022-12-01 diff --git a/src/content/changes/management-api/rbac-operator/v0.31.1.md b/src/content/changes/platform-api/rbac-operator/v0.31.1.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.31.1.md rename to src/content/changes/platform-api/rbac-operator/v0.31.1.md index 71efb8ede6..34bb717e2f 100644 --- a/src/content/changes/management-api/rbac-operator/v0.31.1.md +++ b/src/content/changes/platform-api/rbac-operator/v0.31.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0311---2022-12-12 diff --git a/src/content/changes/management-api/rbac-operator/v0.31.2.md b/src/content/changes/platform-api/rbac-operator/v0.31.2.md similarity index 96% rename from src/content/changes/management-api/rbac-operator/v0.31.2.md rename to src/content/changes/platform-api/rbac-operator/v0.31.2.md index 4a98f3053c..0be151e161 100644 --- a/src/content/changes/management-api/rbac-operator/v0.31.2.md +++ b/src/content/changes/platform-api/rbac-operator/v0.31.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0312---2023-01-16 diff --git a/src/content/changes/management-api/rbac-operator/v0.32.0.md b/src/content/changes/platform-api/rbac-operator/v0.32.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.32.0.md rename to src/content/changes/platform-api/rbac-operator/v0.32.0.md index 7665668cab..4200443aea 100644 --- a/src/content/changes/management-api/rbac-operator/v0.32.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.32.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0320---2023-01-17 diff --git a/src/content/changes/management-api/rbac-operator/v0.33.0.md b/src/content/changes/platform-api/rbac-operator/v0.33.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.33.0.md rename to src/content/changes/platform-api/rbac-operator/v0.33.0.md index 6253fdddd9..03fa8db115 100644 --- a/src/content/changes/management-api/rbac-operator/v0.33.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.33.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0330---2023-03-17 diff --git a/src/content/changes/management-api/rbac-operator/v0.33.1.md b/src/content/changes/platform-api/rbac-operator/v0.33.1.md similarity index 96% rename from src/content/changes/management-api/rbac-operator/v0.33.1.md rename to src/content/changes/platform-api/rbac-operator/v0.33.1.md index 9edc9e951d..c155a978c4 100644 --- a/src/content/changes/management-api/rbac-operator/v0.33.1.md +++ b/src/content/changes/platform-api/rbac-operator/v0.33.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0331---2023-03-29 diff --git a/src/content/changes/management-api/rbac-operator/v0.33.2.md b/src/content/changes/platform-api/rbac-operator/v0.33.2.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.33.2.md rename to src/content/changes/platform-api/rbac-operator/v0.33.2.md index 610fa03b8a..eda2157563 100644 --- a/src/content/changes/management-api/rbac-operator/v0.33.2.md +++ b/src/content/changes/platform-api/rbac-operator/v0.33.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0332---2023-05-04 diff --git a/src/content/changes/management-api/rbac-operator/v0.33.3.md b/src/content/changes/platform-api/rbac-operator/v0.33.3.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.33.3.md rename to src/content/changes/platform-api/rbac-operator/v0.33.3.md index cc452f8f45..fb6852f2bb 100644 --- a/src/content/changes/management-api/rbac-operator/v0.33.3.md +++ b/src/content/changes/platform-api/rbac-operator/v0.33.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0333---2023-05-05 diff --git a/src/content/changes/management-api/rbac-operator/v0.33.4.md b/src/content/changes/platform-api/rbac-operator/v0.33.4.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.33.4.md rename to src/content/changes/platform-api/rbac-operator/v0.33.4.md index 096c7b57b7..3f34cf4340 100644 --- a/src/content/changes/management-api/rbac-operator/v0.33.4.md +++ b/src/content/changes/platform-api/rbac-operator/v0.33.4.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0334---2023-05-09 diff --git a/src/content/changes/management-api/rbac-operator/v0.33.5.md b/src/content/changes/platform-api/rbac-operator/v0.33.5.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.33.5.md rename to src/content/changes/platform-api/rbac-operator/v0.33.5.md index d2b5adb7be..687e98c512 100644 --- a/src/content/changes/management-api/rbac-operator/v0.33.5.md +++ b/src/content/changes/platform-api/rbac-operator/v0.33.5.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0335---2023-06-07 diff --git a/src/content/changes/management-api/rbac-operator/v0.34.0.md b/src/content/changes/platform-api/rbac-operator/v0.34.0.md similarity index 96% rename from src/content/changes/management-api/rbac-operator/v0.34.0.md rename to src/content/changes/platform-api/rbac-operator/v0.34.0.md index f3055658ca..1b7bd29839 100644 --- a/src/content/changes/management-api/rbac-operator/v0.34.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.34.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0340---2023-06-15 diff --git a/src/content/changes/management-api/rbac-operator/v0.34.1.md b/src/content/changes/platform-api/rbac-operator/v0.34.1.md similarity index 96% rename from src/content/changes/management-api/rbac-operator/v0.34.1.md rename to src/content/changes/platform-api/rbac-operator/v0.34.1.md index 76a38bebf4..ab4eca89a3 100644 --- a/src/content/changes/management-api/rbac-operator/v0.34.1.md +++ b/src/content/changes/platform-api/rbac-operator/v0.34.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0341---2023-06-23 diff --git a/src/content/changes/management-api/rbac-operator/v0.34.2.md b/src/content/changes/platform-api/rbac-operator/v0.34.2.md similarity index 96% rename from src/content/changes/management-api/rbac-operator/v0.34.2.md rename to src/content/changes/platform-api/rbac-operator/v0.34.2.md index 89f05577e0..bbff3c5a0b 100644 --- a/src/content/changes/management-api/rbac-operator/v0.34.2.md +++ b/src/content/changes/platform-api/rbac-operator/v0.34.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0342---2023-07-04 diff --git a/src/content/changes/management-api/rbac-operator/v0.34.3.md b/src/content/changes/platform-api/rbac-operator/v0.34.3.md similarity index 96% rename from src/content/changes/management-api/rbac-operator/v0.34.3.md rename to src/content/changes/platform-api/rbac-operator/v0.34.3.md index 0753f92f56..0cf5f8c4a6 100644 --- a/src/content/changes/management-api/rbac-operator/v0.34.3.md +++ b/src/content/changes/platform-api/rbac-operator/v0.34.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0343---2023-07-04 diff --git a/src/content/changes/management-api/rbac-operator/v0.35.0.md b/src/content/changes/platform-api/rbac-operator/v0.35.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.35.0.md rename to src/content/changes/platform-api/rbac-operator/v0.35.0.md index 1441cabc65..7449aa8697 100644 --- a/src/content/changes/management-api/rbac-operator/v0.35.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.35.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0350---2023-08-22 diff --git a/src/content/changes/management-api/rbac-operator/v0.36.0.md b/src/content/changes/platform-api/rbac-operator/v0.36.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.36.0.md rename to src/content/changes/platform-api/rbac-operator/v0.36.0.md index 75ecb62f67..c7d5fa9547 100644 --- a/src/content/changes/management-api/rbac-operator/v0.36.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.36.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0360---2023-08-23 diff --git a/src/content/changes/management-api/rbac-operator/v0.37.0.md b/src/content/changes/platform-api/rbac-operator/v0.37.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.37.0.md rename to src/content/changes/platform-api/rbac-operator/v0.37.0.md index 3c607dbfa1..96a7cd7de6 100644 --- a/src/content/changes/management-api/rbac-operator/v0.37.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.37.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0370---2023-08-30 diff --git a/src/content/changes/management-api/rbac-operator/v0.37.1.md b/src/content/changes/platform-api/rbac-operator/v0.37.1.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.37.1.md rename to src/content/changes/platform-api/rbac-operator/v0.37.1.md index 5eae2996ca..483527c025 100644 --- a/src/content/changes/management-api/rbac-operator/v0.37.1.md +++ b/src/content/changes/platform-api/rbac-operator/v0.37.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0371---2023-08-30 diff --git a/src/content/changes/management-api/rbac-operator/v0.37.2.md b/src/content/changes/platform-api/rbac-operator/v0.37.2.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.37.2.md rename to src/content/changes/platform-api/rbac-operator/v0.37.2.md index 3e575a1304..d2b726e557 100644 --- a/src/content/changes/management-api/rbac-operator/v0.37.2.md +++ b/src/content/changes/platform-api/rbac-operator/v0.37.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0372---2023-09-01 diff --git a/src/content/changes/management-api/rbac-operator/v0.38.0.md b/src/content/changes/platform-api/rbac-operator/v0.38.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.38.0.md rename to src/content/changes/platform-api/rbac-operator/v0.38.0.md index 3b8a6dfbce..1eab40e112 100644 --- a/src/content/changes/management-api/rbac-operator/v0.38.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.38.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0380---2023-10-02 diff --git a/src/content/changes/management-api/rbac-operator/v0.39.0.md b/src/content/changes/platform-api/rbac-operator/v0.39.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.39.0.md rename to src/content/changes/platform-api/rbac-operator/v0.39.0.md index 8af20f30ad..d8a44d612f 100644 --- a/src/content/changes/management-api/rbac-operator/v0.39.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.39.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0390---2023-10-26 diff --git a/src/content/changes/management-api/rbac-operator/v0.4.0.md b/src/content/changes/platform-api/rbac-operator/v0.4.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.4.0.md rename to src/content/changes/platform-api/rbac-operator/v0.4.0.md index 2a4d2fbf71..173d02be32 100644 --- a/src/content/changes/management-api/rbac-operator/v0.4.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.4.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#040 diff --git a/src/content/changes/management-api/rbac-operator/v0.4.1.md b/src/content/changes/platform-api/rbac-operator/v0.4.1.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.4.1.md rename to src/content/changes/platform-api/rbac-operator/v0.4.1.md index 6494486729..b76d2a3a4b 100644 --- a/src/content/changes/management-api/rbac-operator/v0.4.1.md +++ b/src/content/changes/platform-api/rbac-operator/v0.4.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#041 diff --git a/src/content/changes/management-api/rbac-operator/v0.4.2.md b/src/content/changes/platform-api/rbac-operator/v0.4.2.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.4.2.md rename to src/content/changes/platform-api/rbac-operator/v0.4.2.md index e22913bc7b..4061c69856 100644 --- a/src/content/changes/management-api/rbac-operator/v0.4.2.md +++ b/src/content/changes/platform-api/rbac-operator/v0.4.2.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#042---2020-05-03 diff --git a/src/content/changes/management-api/rbac-operator/v0.4.3.md b/src/content/changes/platform-api/rbac-operator/v0.4.3.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.4.3.md rename to src/content/changes/platform-api/rbac-operator/v0.4.3.md index 0f237dc2d2..15a59cdd28 100644 --- a/src/content/changes/management-api/rbac-operator/v0.4.3.md +++ b/src/content/changes/platform-api/rbac-operator/v0.4.3.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#043---2020-07-29 diff --git a/src/content/changes/management-api/rbac-operator/v0.4.4.md b/src/content/changes/platform-api/rbac-operator/v0.4.4.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.4.4.md rename to src/content/changes/platform-api/rbac-operator/v0.4.4.md index 5f2cd9e207..4fa9882553 100644 --- a/src/content/changes/management-api/rbac-operator/v0.4.4.md +++ b/src/content/changes/platform-api/rbac-operator/v0.4.4.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#044---2020-07-30 diff --git a/src/content/changes/management-api/rbac-operator/v0.4.5.md b/src/content/changes/platform-api/rbac-operator/v0.4.5.md similarity index 96% rename from src/content/changes/management-api/rbac-operator/v0.4.5.md rename to src/content/changes/platform-api/rbac-operator/v0.4.5.md index 3a170887e7..49279cbb3c 100644 --- a/src/content/changes/management-api/rbac-operator/v0.4.5.md +++ b/src/content/changes/platform-api/rbac-operator/v0.4.5.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#045---2020-07-30 diff --git a/src/content/changes/management-api/rbac-operator/v0.4.6.md b/src/content/changes/platform-api/rbac-operator/v0.4.6.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.4.6.md rename to src/content/changes/platform-api/rbac-operator/v0.4.6.md index 8d0ad92f5e..7347df4762 100644 --- a/src/content/changes/management-api/rbac-operator/v0.4.6.md +++ b/src/content/changes/platform-api/rbac-operator/v0.4.6.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#046---2020-08-13 diff --git a/src/content/changes/management-api/rbac-operator/v0.40.0.md b/src/content/changes/platform-api/rbac-operator/v0.40.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.40.0.md rename to src/content/changes/platform-api/rbac-operator/v0.40.0.md index 468f6b11cc..ff2bb5344b 100644 --- a/src/content/changes/management-api/rbac-operator/v0.40.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.40.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0400---2023-10-31 diff --git a/src/content/changes/management-api/rbac-operator/v0.41.0.md b/src/content/changes/platform-api/rbac-operator/v0.41.0.md similarity index 98% rename from src/content/changes/management-api/rbac-operator/v0.41.0.md rename to src/content/changes/platform-api/rbac-operator/v0.41.0.md index 8a1f3f9d08..11073b57c8 100644 --- a/src/content/changes/management-api/rbac-operator/v0.41.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.41.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0410---2024-01-25 diff --git a/src/content/changes/management-api/rbac-operator/v0.41.1.md b/src/content/changes/platform-api/rbac-operator/v0.41.1.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.41.1.md rename to src/content/changes/platform-api/rbac-operator/v0.41.1.md index 5b2c8a3f36..7149f3f259 100644 --- a/src/content/changes/management-api/rbac-operator/v0.41.1.md +++ b/src/content/changes/platform-api/rbac-operator/v0.41.1.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#0411---2024-08-07 diff --git a/src/content/changes/management-api/rbac-operator/v0.5.0.md b/src/content/changes/platform-api/rbac-operator/v0.5.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.5.0.md rename to src/content/changes/platform-api/rbac-operator/v0.5.0.md index 3112bfaa24..ac610e0c20 100644 --- a/src/content/changes/management-api/rbac-operator/v0.5.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.5.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#050---2020-08-14 diff --git a/src/content/changes/management-api/rbac-operator/v0.6.0.md b/src/content/changes/platform-api/rbac-operator/v0.6.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.6.0.md rename to src/content/changes/platform-api/rbac-operator/v0.6.0.md index 9d9e85355b..4ed5cfdedb 100644 --- a/src/content/changes/management-api/rbac-operator/v0.6.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.6.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#060---2020-09-24 diff --git a/src/content/changes/management-api/rbac-operator/v0.7.0.md b/src/content/changes/platform-api/rbac-operator/v0.7.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.7.0.md rename to src/content/changes/platform-api/rbac-operator/v0.7.0.md index 83e2b14869..eccdf6f0fd 100644 --- a/src/content/changes/management-api/rbac-operator/v0.7.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.7.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#070---2020-10-21 diff --git a/src/content/changes/management-api/rbac-operator/v0.8.0.md b/src/content/changes/platform-api/rbac-operator/v0.8.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.8.0.md rename to src/content/changes/platform-api/rbac-operator/v0.8.0.md index b37dfaedab..e48fa35298 100644 --- a/src/content/changes/management-api/rbac-operator/v0.8.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.8.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#080---2020-11-19 diff --git a/src/content/changes/management-api/rbac-operator/v0.9.0.md b/src/content/changes/platform-api/rbac-operator/v0.9.0.md similarity index 97% rename from src/content/changes/management-api/rbac-operator/v0.9.0.md rename to src/content/changes/platform-api/rbac-operator/v0.9.0.md index 96c04d1e6c..b0006db19a 100644 --- a/src/content/changes/management-api/rbac-operator/v0.9.0.md +++ b/src/content/changes/platform-api/rbac-operator/v0.9.0.md @@ -1,7 +1,7 @@ --- # Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. changes_categories: -- Management API +- Platform API changes_entry: repository: giantswarm/rbac-operator url: https://github.com/giantswarm/rbac-operator/blob/master/CHANGELOG.md#090---2021-03-22 diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v10.1.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v10.1.0.md deleted file mode 100644 index 5a4637a6be..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v10.1.0.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v10.1.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v10.1.0 - version: 10.1.0 - version_tag: v10.1.0 -date: '2019-12-18T14:00:00' -description: Release notes for AWS workload cluster release v10.1.0, published on - 18 December 2019, 14:00. -title: Workload cluster release v10.1.0 for AWS ---- - -We are pleased to announce that the new release v10.1.0 contains the much anticipated Node Pools feature. - -We want to remind you that the Node Pools enabled releases imply a breaking change. This means **existing clusters** below the 10.x.x major releases **are not upgradable**. -We will continue to support the 9.x.x releases with bug fixes and security patches for the next 6 months. During that timeframe please **ensure that you move all your workloads to new clusters**. We are at your service to assist with this. - -*Please note*: - -- With this release, we are _no longer_ rolling out NGINX Ingress Controller by default. It is now an optional App in the App Catalog and can be installed and configured on-demand. Or you can choose your own. - -- The optional Ingress Controller currently does _not_ work in China due to the lack of Route53. We recommend customers in China to wait for our fixes for China to land in a soon to be released patch version before they start clusters with 10.x there. - -The new NGINX Ingress Controller app includes all [previous updates](https://github.com/giantswarm/kubernetes-nginx-ingress-controller/blob/master/CHANGELOG.md) -as well as more configuration options. You can follow further development -through its [Changelog](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md). - -We hope you enjoy using Node Pools of which the documentation can be found here: https://docs.giantswarm.io/basics/nodepools/ including the other release changes which are listed below: - -## Component changes: - -## aws-operator 8.0.2 (from 5.5.0) - -- Remove NGINX Ingress Controller [#1958](https://github.com/giantswarm/aws-operator/pull/1958) -- Clean Route53 records [#2030](https://github.com/giantswarm/aws-operator/pull/2030) -- Label nodes with operator version instead of release version [#2064](https://github.com/giantswarm/aws-operator/pull/2064) -- Use ClusterAPI types version 0.2.0 [#2080](https://github.com/giantswarm/aws-operator/pull/2080) - -## cluster-operator 2.0.0 (from 0.21.0) - -- Remove NGINX Ingress Controller -- Use ClusterAPI types - -## cert-manager v0.9.0 ([GS v1.0.1](https://github.com/giantswarm/cert-manager-app/blob/master/CHANGELOG.md#v101)) -- Added as a default app [Upstream Changelog](https://github.com/jetstack/cert-manager/releases/tag/v0.9.0) - -## external-dns v0.5.11 ([GS v1.0.0](https://github.com/giantswarm/external-dns-app/blob/master/CHANGELOG.md#v100)) -- Added as a default app [Upstream Changelog](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.5.11) - -## kiam v3.4 ([GS v1.0.0](https://github.com/giantswarm/kiam-app/blob/master/CHANGELOG.md#v100)) -- Added as a default app [Upstream Changelog](https://github.com/uswitch/kiam/releases/tag/v3.4) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v10.1.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v10.1.1.md deleted file mode 100644 index 62d7cff8b6..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v10.1.1.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v10.1.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v10.1.1 - version: 10.1.1 - version_tag: v10.1.1 -date: '2020-01-10T08:00:00' -description: Release notes for AWS workload cluster release v10.1.1, published on - 10 January 2020, 08:00. -title: Workload cluster release v10.1.1 for AWS ---- - -This Node Pools release fixes a problem with CoreDNS in clusters using custom -cluster IP ranges. Additionally, CPU limits have been removed from multiple -default apps to increase their reliability. - -## Component changes: - -## cluster-operator 2.0.1 - -- Added additional settings for CoreDNS to cluster configmap. -- Fix cluster status conditions to be reconciled upon cluster creation. - -## cert-exporter (GS [v1.2.1](https://github.com/giantswarm/cert-exporter/blob/master/CHANGELOG.md#121-2019-12-24)) - -- Removed CPU limits. - -## cert-manager (GS [v1.0.3](https://github.com/giantswarm/cert-manager-app/blob/master/CHANGELOG.md#v103-2020-01-03)) - -- Removed CPU limits. - -## chart-operator 0.11.2 - -- Removed CPU limits. - -## cluster-autoscaler (GS [v1.1.2](https://github.com/giantswarm/cluster-autoscaler-app/blob/master/CHANGELOG.md#v112-2020-01-03)) - -- Removed CPU limits. - -## external-dns (GS [v1.1.0](https://github.com/giantswarm/external-dns-app/blob/master/CHANGELOG.md#v110)) - -- Added support AWS SDK configuration with explicit credentials. -- Removed CPU limits. - -## kiam (GS [v1.0.2](https://github.com/giantswarm/kiam-app/blob/master/CHANGELOG.md#v102-2020-01-04)) - -- Removed CPU limits. - -## node-exporter (GS [v1.2.0](https://github.com/giantswarm/node-exporter-app/blob/master/CHANGELOG.md#120-2020-01-08)) - -- Removed CPU limits. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v10.1.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v10.1.2.md deleted file mode 100644 index 37c6dfe3f9..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v10.1.2.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v10.1.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v10.1.2 - version: 10.1.2 - version_tag: v10.1.2 -date: '2020-02-06T08:00:00' -description: Release notes for AWS workload cluster release v10.1.2, published on - 06 February 2020, 08:00. -title: Workload cluster release v10.1.2 for AWS ---- - -This release fixes a problem with the cluster role for chart-operator, which is responsible for installing and updating Managed Apps. The changes affect only Managed Apps and upgrading to this release will not cause cluster nodes to be rolled. **To prevent encountering problems when installing or updating an app, please upgrade to this release.** - -**Please Note:** We are still resolving the issue with network traffic between node pools in 10.x and 11.x clusters reported yesterday (5th Feb 2020). - -### chart-operator [v0.11.3](https://github.com/giantswarm/chart-operator/releases/tag/v0.11.3) -- Adjusted RBAC permissions. - -### cluster-autoscaler v1.16.2 ([Giant Swarm app v1.1.3](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.1.3)) -- Updated manifests for Kubernetes 1.16 compatibility. - -### kiam v3.4 ([Giant Swarm app v1.0.4](https://github.com/giantswarm/kiam-app/releases/tag/v1.0.3)) -- Updated manifests for Kubernetes 1.16 compatibility. - -### cert-manager v0.9.0 ([Giant Swarm app v1.0.4](https://github.com/giantswarm/cert-manager-app/releases/tag/v1.0.4)) -- Improvements for clusters with restrictive network policies. - -### kube-state-metrics v1.9.2 ([Giant Swarm app v1.0.2](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#v102)) -- Updated to upstream version 1.9.2 - [changelog](https://github.com/kubernetes/kube-state-metrics/blob/master/CHANGELOG.md#v192--2020-01-13). -- Adjusted RBAC configuration. - -### net-exporter [v1.5.1](https://github.com/giantswarm/net-exporter/blob/master/CHANGELOG.md#151-2020-01-08) -- Changed priority class to `system-node-critical`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.0.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.0.0.md deleted file mode 100644 index 11c2a5be43..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.0.0.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.0.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.0.0 - version: 11.0.0 - version_tag: v11.0.0 -date: '2020-01-29T12:00:00' -description: Release notes for AWS workload cluster release v11.0.0, published on - 29 January 2020, 12:00. -title: Workload cluster release v11.0.0 for AWS ---- - -This is the first Giant Swarm release which includes Kubernetes v1.16. In addition to this update, CPU limits have been removed from several supporting components and priority classes have been adjusted to ensure system reliability under heavy load. Further details about changes to individual components can be found below. - -### Important upgrade notes -- This release includes a new [network policy](https://docs.giantswarm.io/guides/limiting-pod-communication-with-network-policies/#default-policies) which blocks network traffic to and from pods in the `giantswarm` and `kube-system` namespaces by default to improve security. Giant Swarm components have been modified to work under this environment, but any other pods in the cluster communicating with these system pods may cease to function without a network policy allowing traffic. Thus, if you are running pods that need to talk to system pods, you will need to allow those explicitly by adding a [network policy](https://docs.giantswarm.io/guides/limiting-pod-communication-with-network-policies/) for them. -- [As previously communicated](https://github.com/giantswarm/giantswarm/blob/master/news/2019/10/product/k8s_1.16_breaking_changes.md), Kubernetes v1.16 has removed several API groups which were already deprecated. Please ensure that you have migrated your deployments and pipelines from the deprecated to the new API groups. You can check the above-linked breaking change communication and consult with your Solution Engineer for help with that. -- Previous Giant Swarm releases included Tiller v2.14 in the `giantswarm` namespace which is not compatible with Kubernetes v1.16. This Tiller - used by Giant Swarm to manage the cluster - has therefore been updated to the Kubernetes v1.16-compatible v2.16. Any Tiller instances deployed in other namespaces will likewise need to be updated to v2.16 or greater to continue to function after an upgrade. - ---- - -### aws-operator v8.1.0 -- Fix `pause` container image repository for China. -- Fix Vault encrypter role with new IAM role names for node pools. -- Propagate `Name` tag from ASG to EC2 instances. -- Drain nodes when deleting node pools. -- Encrypt blockdevice mappings in worker nodes. - -### Kubernetes v1.16.3 -- Updated from v1.15.5 - [changelog](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.16.md#kubernetes-v1160-release-notes). -- **Custom resources**: Custom Resource Definitions (CRDs) are in widespread use as a way to extend Kubernetes to persist and serve new resource types, and have been available in beta since the 1.7 release. The 1.16 release marks the graduation of CRDs to general availability (GA). -- **Admission webhooks**: Admission webhooks are in widespread use as a Kubernetes extensibility mechanism and have been available in beta since the 1.9 release. The 1.16 release marks the graduation of admission webhooks to general availability (GA). -- **Overhauled metrics**: Kubernetes has previously made extensive use of a global metrics registry to register metrics to be exposed. By implementing a metrics registry, metrics are registered in more transparent means. Previously, Kubernetes metrics have been excluded from any kind of stability requirements. -- **Volume Extension**: There are quite a few enhancements in this release that pertain to volumes and volume modifications. Volume resizing support in CSI specs is moving to beta which allows for any CSI spec volume plugin to be resizable. -- **Node labels** beta.kubernetes.io/metadata-proxy-ready, beta.kubernetes.io/metadata-proxy-ready and beta.kubernetes.io/kube-proxy-ds-ready are no longer added on new nodes. -- **Network Policies**: Giantswarm added a `deny-all` network policy by default. This policy is applied to all pods in sensitive namespaces such as `giantswarm` or `kube-system`. To communicate with any pods in these namespaces you need to explicitly create a Network Policy that allows it. -- As previously communicated, resources under `apps/v1beta1` and `apps/v1beta2` groups have been moved to `apps/v1` instead. Similarly, `daemonsets`, `deployments`, `replicasets` resources under `extensions/v1beta1` have been moved to `apps/v1`, `networkpolicies` under `extensions/v1beta1` to `networking.k8s.io/v1`, and `podsecuritypolicies` under `extensions/v1beta1` to `policy/v1beta1`. - -### Calico v3.10.1 -- Updated from v3.9.1 - [changelog](https://docs.projectcalico.org/v3.10/release-notes/). -- Calico now supports two new top-level selectors to make writing Calico network policy easier. The `namespaceSelector` allows you to select the namespace(s) to apply a global network policy to. This enables you to write a single network policy applicable to one or more namespaces. -- Calico now supports BGP advertisement of Kubernetes service ExternalIPs in addition to advertising ClusterIPs. Advertising service external IPs allows for more flexible routing architectures. -- Configurable default IPv4, IPv6 block sizes and pool node selectors. -- Typha is now run as a non-root user for improved security. - -### kiam v3.4 ([Giant Swarm app v1.0.3](https://github.com/giantswarm/kiam-app/releases/tag/v1.0.3)) -- Updated manifests for Kubernetes 1.16 compatibility. - -### cluster-autoscaler v1.16.2 ([Giant Swarm app v1.1.3](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.1.3)) -- Updated manifests for Kubernetes 1.16 compatibility. - -### chart-operator [v0.11.3](https://github.com/giantswarm/chart-operator/releases/tag/v0.11.3) -- Adjusted RBAC permissions. - -### cluster-operator [v0.21.4](https://github.com/giantswarm/cluster-operator/releases/tag/v0.21.4) -- Added additional settings for coredns to cluster configmap. - -### coreDNS v1.6.5 ([Giant Swarm app v1.1.0](https://github.com/giantswarm/coredns-app/blob/master/CHANGELOG.md#v110)) -- Updated from upstream `coredns` v1.6.4 - [changelog](https://coredns.io/2019/11/05/coredns-1.6.5-release/). - -### CoreOS Container Linux v2247.6.0 -- Updated from v2191.5.0 - [changelog](https://coreos.com/releases/#2247.6.0). -- Updated Linux kernel to 4.19.78. - -### etcd v3.3.17 -- Updated from v3.3.15 - [changelog](https://github.com/etcd-io/etcd/blob/master/CHANGELOG-3.3.md#v3317-2019-10-11). - -### Helm v2.16.1 (primarily for Giant Swarm internal use) -- Updated from v2.14.3 - [changelog](https://github.com/helm/helm/releases/tag/v2.16.1). -- Helm v2.15 was the last feature release for Helm v2 as new feature development now happens in Helm v3. The v2.16 release includes fixes to issues that are too large of a change for a patch release. - -### kube-state-metrics v1.9.2 ([Giant Swarm app v1.0.2](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#v102)) -- Updated to upstream version 1.9.2 - [changelog](https://github.com/kubernetes/kube-state-metrics/blob/master/CHANGELOG.md#v192--2020-01-13). -- Adjusted RBAC configuration. - -### net-exporter [v1.5.1](https://github.com/giantswarm/net-exporter/blob/master/CHANGELOG.md#151-2020-01-08) -- Changed priority class to `system-node-critical`. - -### node_exporter v0.18.1 ([Giant Swarm app v1.2.0](https://github.com/giantswarm/node-exporter-app/blob/master/CHANGELOG.md#120-2020-01-08)) -- Updated to upstream version 0.18.1 - [changelog](https://github.com/prometheus/node_exporter/blob/master/CHANGELOG.md#0181--2019-06-04). -- Changed priority class to `system-node-critical`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.0.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.0.1.md deleted file mode 100644 index 0882a44cfc..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.0.1.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.0.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.0.1 - version: 11.0.1 - version_tag: v11.0.1 -date: '2020-02-05T12:00:00' -description: Release notes for AWS workload cluster release v11.0.1, published on - 05 February 2020, 12:00. -title: Workload cluster release v11.0.1 for AWS ---- - -This release fixes an issue with network traffic between node pools in 10.x and -11.x clusters reported on the 5th of February 2020. **To prevent encountering -network traffic problems between node pools, please upgrade to this release.** - - - -### aws-operator [v8.1.1](https://github.com/giantswarm/aws-operator/releases/tag/v8.1.1) -- Fix AWS resource tags. -- Allow network traffic between Node Pools. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.1.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.1.2.md deleted file mode 100644 index 50fb759a0c..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.1.2.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.1.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.1.2 - version: 11.1.2 - version_tag: v11.1.2 -date: '2020-04-06T08:00:00' -description: Release notes for AWS workload cluster release v11.1.2, published on - 06 April 2020, 08:00. -title: Workload cluster release v11.1.2 for AWS ---- - -__Note:__ Upgrading to this release from any release prior 11.1.1 will cause a network downtime due to the network-related changes coming with the switch from Calico CNI to AWS CNI. - -## aws-operator [v8.2.2](https://github.com/giantswarm/aws-operator/releases/tag/v8.2.2) - -- Replaces Calico CNI (Container Network Interface) with [AWS CNI](https://github.com/aws/amazon-vpc-cni-k8s) and enables Pod to Pod networking throughout AWS regions. As a result of this change, CIDR (IPv4 address blocks) for tenant cluster Pods are changing. They now must adhere to the rules described in the [AWS documentation](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#add-cidr-block-restrictions). ([aws-operator#2167](https://github.com/giantswarm/aws-operator/pull/2167)) - -- The VPC peering from tenant cluster to control plane is now labeled and queried in a way that aws-operator will only act on this one. ([aws-operator#2187](https://github.com/giantswarm/aws-operator/pull/2187)) - -- The number of Persistent Volumes is now limited statically, currently to 20 per node. This mitigates a problem customers had, where Kubernetes would attempt to calculate the limit of volumes per node, but the resulting number was too high (upstream issue: [kubernetes/kubernetes#80967](https://github.com/kubernetes/kubernetes/issues/80967)). As a result, attempts to attach more volumes to a node would result in failure and the node would get a taint of type `NodeWithImpairedVolumes`. ([k8scloudconfig#685](https://github.com/giantswarm/k8scloudconfig/pull/685)) - -- A wildcard DNS name for internal resolution of ingress names is added. ([aws-operator#2132](https://github.com/giantswarm/aws-operator/pull/2132)) - -- The IAM policy expected by aws-operator has been restricted so that many permissions apply only to specific resources. Also the permission to access service quotas of the AWS account has been added in order to monitor AWS service quotas. ([aws-operator#1965](https://github.com/giantswarm/aws-operator/pull/1965)) - -## cert-manager v0.9.0 ([Giant Swarm app v1.0.6](https://github.com/giantswarm/cert-manager-app/blob/master/CHANGELOG.md#v106-2020-02-28)) - -- Configured app icon. - -## chart-operator [v0.12.1](https://github.com/giantswarm/chart-operator/releases/tag/v0.12.1) - -- Added chartmigration resource for migrating from chartconfig to chart CRs. -- Updated release resource. - - Do not wait when installing or updating long running Helm releases. - - Use version field from chart CR to reduce number of HTTP requests to pull chart tarballs. - - Wait for deleted Helm release before removing finalizer. -- Updated status resource. - - Improve reason field in CR status when installing a chart fails. -- Removed legacy chartconfig controller. - -## cluster-operator [v2.1.6](https://github.com/giantswarm/cluster-operator/releases/tag/v2.1.6) - -- Fix CR deletion for Tenant Cluster certificate management. - -## kiam ([Giant Swarm app v1.2.1](https://github.com/giantswarm/kiam-app/blob/master/CHANGELOG.md#v121-2020-03-14)) - -- Change name of the interfaces to manage for AWS CNI. See the [app changelog](https://github.com/giantswarm/kiam-app/blob/master/CHANGELOG.md#v121-2020-03-14) for details. - -## kube-state-metrics v1.9.2 ([Giant Swarm app v1.0.4](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#v104)) - -- Removed CPU and memory limits to improve reliability. - -## coreDNS ([Giant Swarm app v1.1.8](https://github.com/giantswarm/coredns-app/blob/master/CHANGELOG.md#v118-2020-03-20)) - -- Add Pod Disruption Budget. -- Allow custom forward configuration destination and options. -- Add `autopath` variable in the values file to make possible to configure or disable the plugin. -- Set `autopath` variable to disabled by default in values file. -- Use `cluster.kubernetes.clusterDomain` instead of `cluster.kubernetes.domain` for custom DNS suffix. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.1.3.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.1.3.md deleted file mode 100644 index fbf333574e..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.1.3.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.1.3/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.1.3 - version: 11.1.3 - version_tag: v11.1.3 -date: '2020-04-06T13:00:00' -description: Release notes for AWS workload cluster release v11.1.3, published on - 06 April 2020, 13:00. -title: Workload cluster release v11.1.3 for AWS ---- - -__Note:__ Upgrading to this release from any release prior v11.1.1 will cause a network downtime due to the network-related changes coming with the switch from Calico CNI to AWS CNI. - -## aws-operator [v8.2.3](https://github.com/giantswarm/aws-operator/releases/tag/v8.2.3) - -- Improve error handling ([aws-operator#2263](https://github.com/giantswarm/aws-operator/pull/2263), [errors#39](https://github.com/giantswarm/errors/pull/39)). - -## cluster-operator [v2.1.7](https://github.com/giantswarm/cluster-operator/releases/tag/v2.1.7) - -- Improve error handling ([cluster-operator#989](https://github.com/giantswarm/cluster-operator/pull/989), [errors#39](https://github.com/giantswarm/errors/pull/39)). diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.1.4.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.1.4.md deleted file mode 100644 index 353bec7173..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.1.4.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.1.4/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.1.4 - version: 11.1.4 - version_tag: v11.1.4 -date: '2020-04-19T11:00:00' -description: Release notes for AWS workload cluster release v11.1.4, published on - 19 April 2020, 11:00. -title: Workload cluster release v11.1.4 for AWS ---- - -This release makes the pod CIDR of a tenant cluster configurable via the control plane Kubernetes API. When using this option to avoid IP address overlap, this enables VPC peering between tenant clusters of the same installation. - -__Note:__ Upgrading to this release from any release prior v11.1.1 will cause a network downtime due to the network-related changes coming with the switch from Calico CNI to AWS CNI. - -## aws-operator [v8.3.0](https://github.com/giantswarm/aws-operator/releases/tag/v8.3.0) - -- Allow to configure the pod CIDR of a tenant cluster via the `AWSCluster` custom resource. This can be used to avoid overlapping of subnets between different tenant clusters, to allow for VPC peering. [aws-operator#2315](https://github.com/giantswarm/aws-operator/pull/2315) -- The ID of the Virtual Private Cloud (VPC) created for the tenant cluster is now exposed in the `AWSCluster` CR as `.status.provider.network.vpcID` as soon as it is known. [aws-operator#2266](https://github.com/giantswarm/aws-operator/pull/2266) - -## cluster-operator [v2.1.8](https://github.com/giantswarm/cluster-operator/releases/tag/v2.1.8) - -- Make resource reconilation more efficient. [cluster-operator#993](https://github.com/giantswarm/cluster-operator/pull/993) -- Emit metrics for reconciled runtime objects only. [cluster-operator#996](https://github.com/giantswarm/cluster-operator/pull/996) -- Avoid ensuring the CRDs responsible for in the control plane. [cluster-operator#997](https://github.com/giantswarm/cluster-operator/pull/997) -- Fix problem in cleaning up `G8sControlPlane` resources no longer used. [cluster-operator#998](https://github.com/giantswarm/cluster-operator/pull/998) - -## cert-manager-app [v1.0.7](https://github.com/giantswarm/cert-manager-app/releases/tag/v1.0.7) - -- Fixed sub-chart resources namespace. ([cert-manager-app#19](https://github.com/giantswarm/cert-manager-app/pull/19), [cert-manager#21](https://github.com/giantswarm/cert-manager-app/pull/21)). - -## chart-operator [v0.12.4](https://github.com/giantswarm/chart-operator/releases/tag/v0.12.4) - -- Always set Chart CR annotations so update state calculation is accurate. -- Only update failed Helm releases if the chart values or version has changed. -- Fix problem pushing chart to default app catalog. -- Fix update state calculation and status resource for long running deployments. -- Handle 503 responses when GitHub Pages is unavailable. -- Make HTTP client timeout configurable for pulling chart tarballs in AWS China. - -## kiam-app [v1.2.2](https://github.com/giantswarm/kiam-app/releases/tag/v1.2.2) - -- Add configurable agent whitelist of proxy routes. [kiam-app#18](https://github.com/giantswarm/kiam-app/pull/18) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.2.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.2.0.md deleted file mode 100644 index 3560d00617..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.2.0.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.2.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.2.0 - version: 11.2.0 - version_tag: v11.2.0 -date: '2020-04-23T15:00:00' -description: Release notes for AWS workload cluster release v11.2.0, published on - 23 April 2020, 15:00. -title: Workload cluster release v11.2.0 for AWS ---- - -This release adds support for [EC2 Spot Instances](https://aws.amazon.com/ec2/spot/) in your node pools to allow reduction of your compute resource cost. Find details on how to use spot instances [in our node pools documentation](https://docs.giantswarm.io/basics/nodepools/#instance-distribution). - -Our web UI has been updated to support the new features of this release. Users of [`gsctl`](https://github.com/giantswarm/gsctl), please update to the latest v0.20.0. - -If you intend to use spot instances, be aware that an AWS service limit called `EC2 Spot Instances` is effective. In order to prepare for growth, you should request an increase for this limit for all instance types you would like to use. - -## aws-operator [v8.4.0](https://github.com/giantswarm/aws-operator/releases/tag/v8.4.0) - -- Add support for instance distribution between spot and on-demand in worker node Auto Scaling Groups (ASG). -- Add mixed instance support for worker node Auto Scaling Groups (ASG). -- Place master node in Auto Scaling Group (ASG) as preparation to run multiple master nodes in the future. - -## cluster-operator [v2.1.9](https://github.com/giantswarm/cluster-operator/blob/master/CHANGELOG.md#219-2020-04-23) - -- Once a cluster creation has been completed, we set `.status.infrastructureReady` in the `Cluster` resource to `true`. -- Fixed RBAC rules for the reconciliation of the Control Plane resources. - -## kube-state-metrics v1.9.5 (Giant Swarm app [v1.0.5](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.0.5)) - -- Change upstream version to 1.9.5 diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.2.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.2.1.md deleted file mode 100644 index 5dc996293a..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.2.1.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.2.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.2.1 - version: 11.2.1 - version_tag: v11.2.1 -date: '2020-04-28T15:00:00' -description: Release notes for AWS workload cluster release v11.2.1, published on - 28 April 2020, 15:00. -title: Workload cluster release v11.2.1 for AWS ---- - -This release fixes a problem that could occur when upgrading from an older release to a v11.2.x release. - -## cluster-operator [v2.1.10](https://github.com/giantswarm/cluster-operator/releases/tag/v2.1.10) - -- Fix cluster upgrade by fetching release versions in Control Plane controller. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.3.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.3.0.md deleted file mode 100644 index 0657275a36..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.3.0.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.3.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.3.0 - version: 11.3.0 - version_tag: v11.3.0 -date: '2020-05-11T15:00:00' -description: Release notes for AWS workload cluster release v11.3.0, published on - 11 May 2020, 15:00. -title: Workload cluster release v11.3.0 for AWS ---- - -This release includes Kubernetes v1.16.9 as well as reliability and user experience improvements. - -In addition, this release [replaces CoreOS with Flatcar Container Linux](https://www.giantswarm.io/blog/time-to-catch-a-new-train-flatcar-linux). -CoreOS has gone [end-of-life](https://coreos.com/os/eol/) and is being rapidly phased out. -Flatcar is a compatible fork of CoreOS which receives ongoing support. -To continue receiving security updates and to minimize the effort needed to migrate in the future, we recommend upgrading to this release. - -Below, you can find more details on components that were changed with this release. - -### Kubernetes [v1.16.9](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.16.md#changelog-since-v1168) -- Updated from v1.16.3. - -### aws-operator [v8.5.0](https://github.com/giantswarm/aws-operator/releases/tag/v8.5.0) -- Use Flatcar linux instead of CoreOS. -- Support setting OIDC username and groups prefix. -- Enabled per-cluster configuration of kube-proxy's `conntrackMaxPerCore` parameter. - -### Flatcar Container Linux [2345.3.1](https://www.flatcar-linux.org/releases/#release-2345.3.1) -- Updated from CoreOS Container Linux 2191.5.0. -- Updated Linux Kernel to 4.19.107. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.3.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.3.1.md deleted file mode 100644 index 9eda933577..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.3.1.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.3.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.3.1 - version: 11.3.1 - version_tag: v11.3.1 -date: '2020-05-21T15:00:00' -description: Release notes for AWS workload cluster release v11.3.1, published on - 21 May 2020, 15:00. -title: Workload cluster release v11.3.1 for AWS ---- - -This release provides fixes for a race condition seen in some upgrades to v11.2.x when allocating the IP address for the master node. - -In addition, we add support for disabling [external source network address translation (SNAT)](https://docs.aws.amazon.com/eks/latest/userguide/external-snat.html) for pod IP addresses via the Control Plane Kubernetes API, plus we pick up some minor component updates. - -## aws-operator [v8.6.1](https://github.com/giantswarm/aws-operator/releases/tag/v8.6.1) - -- Prevent an IP address collision when upgrading to a release managed by this aws-operator version -- Add support for an external SNAT setting on the `AWSCluster` custom resource [#2426](https://github.com/giantswarm/aws-operator/pull/2426) -- Use operatorkit v1.0.0 [#2449](https://github.com/giantswarm/aws-operator/pull/2449) - -## cluster-operator [v2.2.0](https://github.com/giantswarm/cluster-operator/releases/tag/v2.2.0) - -- Generate etcd certificates in preparation of master nodes high-availability [#1032](https://github.com/giantswarm/cluster-operator/pull/1032) -- Add pod CIDR service implementation using local caching, to ensure consistent state and reduce the number of Kubernetes API requests [#1054](https://github.com/giantswarm/cluster-operator/pull/1054) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.3.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.3.2.md deleted file mode 100644 index ac60237d94..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.3.2.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.3.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.3.2 - version: 11.3.2 - version_tag: v11.3.2 -date: '2020-06-04T15:00:00' -description: Release notes for AWS workload cluster release v11.3.2, published on - 04 June 2020, 15:00. -title: Workload cluster release v11.3.2 for AWS ---- - -**If you are upgrading from 11.3.1, upgrading to this release will not roll your nodes. It will only update the apps.** - -This release fixes an external-dns issue affecting clusters in AWS China. We added an option for the app to use CNAME records instead of ALIAS, in order for DNS resolution to work in China. - -Note that the fix works for new cluster creation only. Upgrades require a manual workaround. We're working with the upstream external-dns community to fix it. In the meantime, we recommend delegating cluster upgrades to your SE.``` - -**Note for SEs:** When upgrading a cluster, existing ingress A+TXT record sets do not get replaced with CNAME+TXT record sets even when external-dns is configured with CNAMEs as preferred. After upgrading, delete the ingress A+TXT record sets. external-dns will then automatically create CNAME+TXT record sets. - -## external-dns v0.5.18 ([Giant Swarm app v1.2.1](https://github.com/giantswarm/external-dns-app/blob/master/CHANGELOG.md#v121-2020-05-29)) - -- Prefer CNAMEs record sets for AWS SDK configuration with explicit credentials. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.3.3.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.3.3.md deleted file mode 100644 index 0f6b31acef..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.3.3.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.3.3/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.3.3 - version: 11.3.3 - version_tag: v11.3.3 -date: '2020-06-05T15:00:00' -description: Release notes for AWS workload cluster release v11.3.3, published on - 05 June 2020, 15:00. -title: Workload cluster release v11.3.3 for AWS ---- - -**If you are upgrading from 11.3.2, upgrading to this release will not roll your nodes. It will only update the apps.** - -This release fixes an issue where `cert-manager` could be killed for exceeding its memory limit. This stops SSL certificates from being -automatically renewed, which would cause expired certificates to show your site as not secure. - -**Note for SEs:** This release contains an external-dns fix introduced in [11.3.2](https://github.com/giantswarm/releases/tree/master/aws/v11.3.2). It requires manual intervention for cluster upgrades in China to work. When upgrading a cluster, existing ingress A+TXT record sets do not get replaced with CNAME+TXT record sets even when external-dns is configured with CNAMEs as preferred. After upgrading, delete the ingress A+TXT record sets. external-dns will then automatically create CNAME+TXT record sets. - -**Note for future 11.3.x releases:** Until [upstream external-dns issue](https://github.com/kubernetes-sigs/external-dns/issues/1617) is fixed, please include this note and the one above in all future 11.3.x releases. - -## cert-manager-app v0.9.0 ([Giant Swarm app v1.0.8](https://github.com/giantswarm/cert-manager-app/blob/master/CHANGELOG.md#v108-2020-04-30)) - -- Remove deployment memory limit. -- Allow resource requests and limits to be configured with `values.yaml`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.4.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.4.0.md deleted file mode 100644 index 1cd13cf420..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.4.0.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.4.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.4.0 - version: 11.4.0 - version_tag: v11.4.0 -date: '2020-06-17T13:00:00' -description: Release notes for AWS workload cluster release v11.4.0, published on - 17 June 2020, 13:00. -title: Workload cluster release v11.4.0 for AWS ---- - -This release introduces [high availability Kubernetes masters](https://docs.giantswarm.io/basics/ha-masters/), -which means that clusters can have three master nodes in different availability zones -instead of one master node. - -Please upgrade [`gsctl`](https://docs.giantswarm.io/reference/gsctl/#install) to the latest -version in order to work with the master node high availability functions. - -## Important - -- High availability master nodes is the default setting as of this release. If needed, - clusters can be created with only a single master node instead. -- Single master clusters as of this release can be converted to multi master. However - a conversion from multi master to single master is not possible. -- Selecting the master node availability zone is no longer supported as of this release. -- Some v5 functions in the [Giant Swarm Rest API](https://docs.giantswarm.io/api/) regarding - [cluster creation](https://docs.giantswarm.io/api/#operation/addClusterV5) and [fetching - cluster details](https://docs.giantswarm.io/api/#operation/getClusterV5) are changing. - The old `master` attribute in the request/response will be deprecated by August 31. - Please change implementations to use the `master_nodes` attribute instead. -- Specifying the availability zones of master nodes is only supported via the Giant Swarm - Control Plane API, not the Rest API - -Read our [dedicated documentation article](https://docs.giantswarm.io/basics/ha-masters/) -for more details and instructions. - -**Note for Solution Engineers:** This release contains an external-dns fix introduced in -[11.3.2](https://docs.giantswarm.io/changes/tenant-cluster-releases-aws/releases/aws-v11.3.2/). -It requires manual intervention for cluster upgrades in China to work. When upgrading a -cluster, existing ingress `A+TXT` record sets do not get replaced with `CNAME+TXT` record sets -even when external-dns is configured with CNAMEs as preferred. After upgrading, delete the -ingress `A+TXT` record sets. external-dns will then automatically create `CNAME+TXT` record -sets. - -## Change details - -### aws-operator [v8.7.0](https://github.com/giantswarm/aws-operator/releases/tag/v8.7.0) - -- Several changes to support running clusters with multiple master nodes as well as migrating - from a single to multiple masters. -- Several improvements regarding the deletion of tenant clusters and related AWS resources. -- Kubernetes master nodes in tenant clusters will now receive the label - `giantswarm.io/control-plane` in metadata. -- Private subnets for all used availability zones are created by default. This fixes a problem - with private services of type `LoadBalancer`. -- Fixed Prometheus metrics gathering from calico endpoint. -- The number of calls to the AWS API for collection of Elastic Load Balancer (ELB) details - has been reduced by adding a local cache, to avoid throttling errors. -- The Docker image now uses alpine v3.12 as a base. - -### cluster-operator [v2.3.0](https://github.com/giantswarm/cluster-operator/releases/tag/v2.3.0) - -- Several improvements regarding the deletion of tenant clusters and related AWS resources. -- The Docker image now uses alpine v3.12 as a base. - -### cluster-autoscaler 1.16.5 (Giant Swarm app [v1.16.0](https://github.com/giantswarm/cluster-autoscaler-app/blob/master/CHANGELOG.md)) - -- Version v1.16.5 introduces a new method to read AWS EC2 instance type details from an AWS API. - Since this API is not reachable from the AWS China regions, the autoscaler is started with the - `--aws-use-static-instance-list=true` flag. -- Set `scan-interval` to 30 seconds (from 10 seconds) to save resources and reduce AWS API calls. -- Set `scale-down-unneeded-time` to 5 minutes (from the default of 10 minutes) to release unneeded - nodes earlier. -- Lower `scaleDownUtilizationThreshold` to 0.5. - -### chart-operator [v0.13.0](https://github.com/giantswarm/chart-operator/releases/tag/v0.13.0) - -Please check the [changelog](https://github.com/giantswarm/chart-operator/blob/master/CHANGELOG.md) -for changes since v0.12.4. - -### cert-exporter [v1.2.3](https://github.com/giantswarm/cert-exporter/releases/tag/v1.2.3) - -Please check the [changelog](https://github.com/giantswarm/cert-exporter/blob/master/CHANGELOG.md) -for changes since v1.2.1. - -### net-exporter [v1.8.0](https://github.com/giantswarm/net-exporter/releases/tag/v1.8.0) - -Please check the [changelog](https://github.com/giantswarm/net-exporter/blob/master/CHANGELOG.md) -for changes since v1.7.0. - -### calico v3.10.4 - -- Fixes IPv6 rogue router advertisement vulnerability - [CVE-2020-13597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13597). - -Complete details for changes since v3.10.1 please check the upstream release notes at -https://docs.projectcalico.org/archive/v3.10/release-notes/ - -### etcd v3.4.9 - -Please check the upstream changelogs for details on changes since version 3.3.17. - -- https://github.com/etcd-io/etcd/blob/master/CHANGELOG-3.4.md -- https://github.com/etcd-io/etcd/blob/master/CHANGELOG-3.3.md diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.4.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.4.1.md deleted file mode 100644 index e59d287418..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.4.1.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.4.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.4.1 - version: 11.4.1 - version_tag: v11.4.1 -date: '2020-07-08T13:00:00' -description: Release notes for AWS workload cluster release v11.4.1, published on - 08 July 2020, 13:00. -title: Workload cluster release v11.4.1 for AWS ---- - -This release re-activates the recent AWS [release of high-availability (HA) masters](https://docs.giantswarm.io/changes/tenant-cluster-releases-aws/releases/aws-v11.4.0/), fixing OIDC configurations issues. - - -**Note for Solution Engineers:** This release contains an external-dns fix introduced in -[11.3.2](https://github.com/giantswarm/releases/blob/master/aws/v11.3.2/release-notes.md). -It requires manual intervention for cluster upgrades in China to work. When upgrading a -cluster, existing ingress `A+TXT` record sets do not get replaced with `CNAME+TXT` record sets -even when external-dns is configured with CNAMEs as preferred. After upgrading, delete the -ingress `A+TXT` record sets. external-dns will then automatically create `CNAME+TXT` record -sets. - - -## Change details - - -### aws-operator [8.7.1](https://github.com/giantswarm/aws-operator/releases/tag/v8.7.1) - -#### Added -- Add mapping between similar instance types `m4.16xlarge` and `m5.16xlarge`. -- Add `lifecycle` label to the `aws_operator_ec2_instance_status` metric to distinguish on-demand and spot. -#### Changed -- Use `k8s-apiserver` image which includes CAs to enable OIDC. -- Fix failing go template rendering of KMS encryption content. -- Use `0.1.1` tag for `k8s-api-heahtz` image. -- Use `0.1.0` tag for `k8s-setup-network-env` image. -- Use `0.1.0` tag for `aws-attach-etcd-dep` image. - - - -### containerlinux [2512.2.1](https://www.flatcar-linux.org/releases/#release-2512.2.1) - -Security fixes: -- Fix the Intel Microcode vulnerabilities ([CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543)) - -Changes: -- A source code and licensing overview is available under `/usr/share/licenses/INFO` - -Updates: -- Linux [4.19.128](https://lwn.net/Articles/822841/) -- intel-microcode [20200609](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200609) - - -### coredns [1.1.10](https://github.com/giantswarm/coredns-app/releases/tag/v1.1.10) - -#### Changed -- Make resource requests/limits configurable. -- Applying Go modules. - - - -### external-dns [1.2.2](https://github.com/giantswarm/external-dns-app/releases/tag/v1.2.2) - -#### Changed -- Upgrade upstream external-dns from v0.5.18 to v0.7.2. - - - -### kiam [1.3.0](https://github.com/giantswarm/kiam-app/releases/tag/v1.3.0) - -#### Added -- Set kiam region flag for STS endpoint -#### Changed -- Upgrade architect-orb to 0.10.0 - - - -### kube-state-metrics [1.1.0](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.1.0) - -#### Changed -- Added 100.64.0.0/10 to the allowed egress subnets in NetworkPolicy. -#### Fixed -- Fix invalid cluster role binding for Helm 3 compatibility. - - - -### metrics-server [1.1.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v1.1.0) - -#### Changed -- Added 100.64.0.0/10 to the allowed egress subnets in NetworkPolicy. - - - -### net-exporter [1.9.0](https://github.com/giantswarm/net-exporter/releases/tag/v1.9.0) - -#### Added -- Add `ntp` collector. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.0.md deleted file mode 100644 index 061ce05b56..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.0.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.5.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.5.0 - version: 11.5.0 - version_tag: v11.5.0 -date: '2020-07-17T10:00:00' -description: Release notes for AWS workload cluster release v11.5.0, published on - 17 July 2020, 10:00. -title: Workload cluster release v11.5.0 for AWS ---- - -This release includes a number of fixes, improvements, and picks up various component and app upgrades. - -**Security:** [CVE-2020-8557](https://github.com/kubernetes/kubernetes/issues/93032), [CVE-2020-8558](https://github.com/kubernetes/kubernetes/issues/92315), and [CVE-2020-8559](https://github.com/kubernetes/kubernetes/issues/92914) are mitigated through an upgrade to Kubernetes v1.16.13. - -**Registry mirrors:** Dockerd is now configured to use several registries (_registry mirrors_), to avoid a single point of failure. Workloads managed by Giant Swarm are configured to make use of this. Any containers that specify a registry explicitly (like `image: reg.acme.com/namespace/repo:tag`) will not be affected. However, when no registry is named, the image will first be looked up in the DockerHub registry (docker.io) and then in the configured mirror(s). -Note: Giant Swarm installations on AWS China (cn-north-1) do not yet provide any registry mirrors as of this release. - -## Change details - -### cluster-operator [v2.3.1](https://github.com/giantswarm/cluster-operator/blob/master/CHANGELOG.md#231---2020-07-14) - -- Fixed a problem where the conditions in the [Cluster](https://docs.giantswarm.io/reference/cp-k8s-api/clusters.cluster.x-k8s.io/) resource would have the wrong timestamp. - -### aws-operator [v8.7.3](https://github.com/giantswarm/aws-operator/blob/master/CHANGELOG.md#873---2020-07-15) - -- Added support for registry mirrors. - -### coreDNS v1.6.5 (Giant Swarm app [v1.2.0](https://github.com/giantswarm/coredns-app/blob/master/CHANGELOG.md#v120-2020-07-13)) - -- Added readiness probe, increased liveness probe tolerance to increase stability. - -### Kubernetes v1.16.13 - -- Mitigation of [CVE-2020-8557](https://github.com/kubernetes/kubernetes/issues/93032): Node-local denial of service via container `/etc/hosts` file. -- Mitigation of [CVE-2020-8558](https://github.com/kubernetes/kubernetes/issues/92315): Node setting allows for neighboring hosts to bypass localhost boundary. -- Mitigation of [CVE-2020-8559](https://github.com/kubernetes/kubernetes/issues/92914): Privilege escalation from compromised node to cluster. The API Server will no longer proxy non-101 responses for upgrade requests. This could break proxied backends (such as an extension API server) that respond to upgrade requests with a non-101 response code. -- Init containers are now considered for the calculation of resource requests when scheduling. - -Check the [upstream changelog](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.16.md#v11613) for details on all changes. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.1.md deleted file mode 100644 index 300a1fd8dc..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.1.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.5.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.5.1 - version: 11.5.1 - version_tag: v11.5.1 -date: '2020-08-04T12:34:57' -description: Release notes for AWS workload cluster release v11.5.1, published on - 04 August 2020, 12:34. -title: Workload cluster release v11.5.1 for AWS ---- - -This patch release fixes two known issues found in our v11.5.0 release: - -- The calculation of the maximum number of Pods to run per worker node was faulty, in some cases resulting in a too high limit. This would lead to Pods being scheduled to nodes where they could not get an IP address. The calculation is now improved to take into account all cases where network devices and IP addresses would be used in addition to Pod IPs. -- When deleting a cluster, the related custom resources would not always be cleaned up properly. - -## Change details - -### cluster-operator [v2.3.2](https://github.com/giantswarm/cluster-operator/releases/tag/v2.3.2) - -- Handle error `basedomain not found` gracefully, so that `G8sControlPlane` and `MachineDeployment` CRs are deleted reliably. - -### aws-operator [v8.7.5](https://github.com/giantswarm/aws-operator/releases/tag/v8.7.5) - -- Adjust `MAX_PODS` for master and worker nodes to max IPs per Elastic Network Interface (ENI) - -### calico [v3.15.1](https://github.com/projectcalico/calico/releases/tag/v3.15.1) - -Complete release notes can be found at [docs.projectcalico.org/v3.15/release-notes](https://docs.projectcalico.org/v3.15/release-notes/) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.2.md deleted file mode 100644 index deb7934620..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.2.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.5.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.5.2 - version: 11.5.2 - version_tag: v11.5.2 -date: '2020-08-17T12:00:00' -description: Release notes for AWS workload cluster release v11.5.2, published on - 17 August 2020, 12:00. -title: Workload cluster release v11.5.2 for AWS ---- - -This release provides a new aws-operator which is fixing an issue with NetworkPolicies and custom Pod CIDRs. - -## Change details - -### aws-operator [8.7.6](https://github.com/giantswarm/aws-operator/releases/tag/v8.7.6) - -- Add release version tag for ec2 instances. -- Update Cloudformation Stack when components version differ. -- Fix IAM policy on Tenant Clusters to manages IAM Role tags. -- Fixed passing custom Pod CIDR to k8scloudconfig. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.3.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.3.md deleted file mode 100644 index dbc4f55036..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.3.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.5.3/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.5.3 - version: 11.5.3 - version_tag: v11.5.3 -date: '2020-08-27T13:00:00' -description: Release notes for AWS workload cluster release v11.5.3, published on - 27 August 2020, 13:00. -title: Workload cluster release v11.5.3 for AWS ---- - -This release provides a new cluster-operator which fixes preventing release upgrade when reference id does not align with the G8sControlPlane id or MachineDeployment id and cluster status condition not being changed during cluster upgrade. - -## Change details - -### cluster-operator [2.3.4](https://github.com/giantswarm/cluster-operator/releases/tag/v2.3.4) - -- Fix cluster status is not updated during cluster upgrade. -- Fix condition where reference id does not match with G8sControlplane or MachineDeployment. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.4.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.4.md deleted file mode 100644 index e3ae9e5973..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.4.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.5.4/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.5.4 - version: 11.5.4 - version_tag: v11.5.4 -date: '2020-08-28T13:00:00' -description: Release notes for AWS workload cluster release v11.5.4, published on - 28 August 2020, 13:00. -title: Workload cluster release v11.5.4 for AWS ---- - -This release upgrades external-dns app to v1.4.0 to improve observability. - -**If you are upgrading from 11.5.3, upgrading to this release will not roll your nodes. It will only update the apps.** - -## Change details - -### external-dns v0.7.3 [Giant Swarm app 1.4.0](https://github.com/giantswarm/external-dns-app/blob/master/CHANGELOG.md#140---2020-08-21) - -- Updated from v0.7.2. Check the [upstream changelog](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.7.3) for details on all changes. -- Added monitoring headless Service. -- Added more Giant Swarm custom monitoring annotations. -- Explicitly exposed metrics container port. -- Use default external-dns metrics port 7979. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.5.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.5.md deleted file mode 100644 index b1dde7f85b..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.5.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.5.5/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.5.5 - version: 11.5.5 - version_tag: v11.5.5 -date: '2020-09-22T10:00:00' -description: Release notes for AWS workload cluster release v11.5.5, published on - 22 September 2020, 10:00. -title: Workload cluster release v11.5.5 for AWS ---- - -This release upgrades: -* aws-cni to v1.7.3 to fix stability issues. -* containerlinux to v2512.5.0 to fix security issues. - -## Change details - -### aws-operator [8.7.8](https://github.com/giantswarm/aws-operator/blob/v8.7.8/CHANGELOG.md#v878) - -* Updated Flatcar Releases -* Updated AWS CNI installation manifests -* Updated k8scloudconfig to disable Calico installing the CNI binaries - -### aws-cni [v1.7.3](https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.7.3/CHANGELOG.md#v173) - -* Bug - Avoid deleting ENIs being created by older CNI versions ([#1109](https://github.com/aws/amazon-vpc-cni-k8s/pull/1109)) -* Bug - Wait for ENI and secondary IPs ([#1174](https://github.com/aws/amazon-vpc-cni-k8s/pull/1174)) -* Improvement - Refresh subnet/CIDR information periodically ([#903](https://github.com/aws/amazon-vpc-cni-k8s/pull/903)) - - -### containerlinux [2512.5.0](https://www.flatcar-linux.org/releases/#release-2512.5.0) - -Security fixes: - -* Linux kernel: Fix AF_PACKET overflow in tpacket_rcv [CVE-2020-14386](https://seclists.org/oss-sec/2020/q3/146) -* Bind: fixes for [CVE-2020-8616](https://nvd.nist.gov/vuln/detail/CVE-2020-8616), [CVE-2020-8617](https://nvd.nist.gov/vuln/detail/CVE-2020-8617), [CVE-2020-8620](https://nvd.nist.gov/vuln/detail/CVE-2020-8620), [CVE-2020-8621](https://nvd.nist.gov/vuln/detail/CVE-2020-8621), [CVE-2020-8622](https://nvd.nist.gov/vuln/detail/CVE-2020-8622), [CVE-2020-8623](https://nvd.nist.gov/vuln/detail/CVE-2020-8623), [CVE-2020-8624](https://nvd.nist.gov/vuln/detail/CVE-2020-8624) - -Bug fixes: - -* The static IP address configuration in the initramfs works again in the format `ip=::::::none[:[:]]` ([flatcar-linux/bootengine#15](https://github.com/flatcar-linux/bootengine/pull/15)) -* app-admin/{kubelet, etcd, flannel}-wrapper: don't overwrite the user supplied –insecure-options argument ([flatcar-linux/coreos-overlay#426](https://github.com/flatcar-linux/coreos-overlay/pull/426)) -* etcd-wrapper: Adjust data dir permissions ([flatcar-linux/coreos-overlay#536](https://github.com/flatcar-linux/coreos-overlay/pull/536)) - -Changes: - -* Update public key to include a [new subkey](https://www.flatcar-linux.org/security/image-signing-key/) -* Vultr support in Ignition ([flatcar-linux/ignition#13](https://github.com/flatcar-linux/ignition/pull/13)) -* VMware OVF settings default to ESXi 6.5 and Linux 3.x - -Updates: - -* Linux [4.19.145](https://lwn.net/Articles/831367/) -* bind-tools [9.11.22](https://ftp.isc.org/isc/bind9/cur/9.11/RELEASE-NOTES-bind-9.11.22.txt) -* etcd-wrapper [3.3.24](https://github.com/etcd-io/etcd/releases/tag/v3.3.24) -* Git [2.26.2](https://raw.githubusercontent.com/git/git/v2.26.2/Documentation/RelNotes/2.26.2.txt) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.6.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.6.md deleted file mode 100644 index 62dc632b30..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.5.6.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.5.6/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.5.6 - version: 11.5.6 - version_tag: v11.5.6 -date: '2020-09-23T07:24:29' -description: Release notes for AWS workload cluster release v11.5.6, published on - 23 September 2020, 07:24. -title: Workload cluster release v11.5.6 for AWS ---- - -This release updates Flatcar containerlinux images for AWS CN. - -## Change details - -### aws-operator [8.7.9](https://github.com/giantswarm/aws-operator/blob/v8.7.9/CHANGELOG.md#v879) - -* Update flatcar AMI for China diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.6.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.6.0.md deleted file mode 100644 index cd0175b3dc..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.6.0.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.6.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.6.0 - version: 11.6.0 - version_tag: v11.6.0 -date: '2020-10-01T09:22:19' -description: Release notes for AWS workload cluster release v11.6.0, published on - 01 October 2020, 09:22. -title: Workload cluster release v11.6.0 for AWS ---- - -This release updates Cert-Manager to `1.1.0` to add support for Route53 using Kiam annotation. - -## Change details - -### cert-manager [1.1.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v1.1.0) - -* Update cert-manager to `1.1.0` to add support for Route53 using Kiam annotation. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.6.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.6.1.md deleted file mode 100644 index 4f49bfbfd3..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v11.6.1.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v11.6.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v11.6.1 - version: 11.6.1 - version_tag: v11.6.1 -date: '2020-11-03T07:19:06' -description: Release notes for AWS workload cluster release v11.6.1, published on - 03 November 2020, 07:19. -title: Workload cluster release v11.6.1 for AWS ---- - -**Nodes will be rolled during upgrade to this version.** - -This patch release prevents an issue with QPS (Queries per Second) limits introduced by Docker Hub. - -## Change details - - -### aws-operator [8.7.10](https://github.com/giantswarm/aws-operator/releases/tag/v8.7.10) - -#### Fixed -- Fix DockerHub QPS limits by using paid user token for pulls. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.0.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.0.0.md deleted file mode 100644 index 6aa0a253ee..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.0.0.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.0.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.0.0 - version: 12.0.0 - version_tag: v12.0.0 -date: '2020-07-31T12:00:00' -description: Release notes for AWS workload cluster release v12.0.0, published on - 31 July 2020, 12:00. -title: Workload cluster release v12.0.0 for AWS ---- - -This is the first release to support Kubernetes 1.17 on AWS. - -This release provides new aws-operator and cluster-operator versions with reliability improvements and picks up upgrades to many components. - -## Change details - -### Kubernetes [v1.17.9](https://github.com/kubernetes/kubernetes/releases/tag/v1.17.9) - -#### Known issues - -- Former feature gate `AttachVolumeLimit`, which was disabled in Giant Swarm tenant clusters, is now always active. As a result, limits for Persistent Volumes will be set to a wrong value in tenant clusters. In cases where many Persistent Volumes are used in a cluster, this may lead to a situation where the scheduler falsely assigns a Pod to a node, assuming that a volume can be attached to this node, while in fact it cannot. [kubernetes#92799](https://github.com/kubernetes/kubernetes/issues/92799) - -#### Significant changes - -- CVE-2020-8557 (Medium): Node-local denial of service via container /etc/hosts file. See [kubernetes#93032](https://github.com/kubernetes/kubernetes/issues/93032) for more details. - -For a complete list of changes, known issues, removals and deprecations, please check the [Kubernetes 1.17 release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.17.md). - -### aws-operator [v8.7.5](https://github.com/giantswarm/aws-operator/blob/master/CHANGELOG.md#875---2020-07-30) - -- Adjusted `MAX_PODS` setting for master and worker nodes to max IPs per Elastic Network Interface (ENI). - -### calico [v3.15.1](https://github.com/projectcalico/calico/releases/tag/v3.15.1) - -- Fix issue with service IP advertisement breaking host service connectivity - -Complete release notes can be found at [docs.projectcalico.org/v3.15/release-notes](https://docs.projectcalico.org/v3.15/release-notes/) - -### chart-operator [v0.13.2](https://github.com/giantswarm/chart-operator/blob/v0.13.2/CHANGELOG.md#v0132-2020-06-23) - -- Add metrics for Helm releases with a mismatched namespace. -- Calculate md5sum from go struct. - -### cluster-autoscaler [v1.17.3](https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.17.3) (Giant Swarm app [v1.17.3](https://github.com/giantswarm/cluster-autoscaler-app/blob/master/CHANGELOG.md#1173---2020-07-30)) - -- Switch leader election mechanism to use lease objects, includes RBAC rule update -- Nodes with small difference in available memory will now be considered similar for the purposes of balancing node pool sizes. This should increase the reliability of node pool balancing. -- Fixed a bug where Cluster Autoscaler incorrectly didn't take into account resource requests of initContainers. -- Allow marking pods with the `cluster-autoscaler.kubernetes.io/daemonset-pod` annotation. Marked pods will be treated as daemon set pods. -- Add TTL and batching to launch config cache mechanism. -- improved logging when a taint blocks scale-up -- Invalidate node instances cache after deleting failed and unregistered nodes -- Allow for greater node memory mismatch on comparison for similarity (bumped to 256K from 128K) -- Fix case when ASG size could be descresed twice -- Allow arbitrary placeholder AWS instance names - -### cluster-operator [v2.3.2](https://github.com/giantswarm/cluster-operator/blob/master/CHANGELOG.md#232---2020-07-31) - -- Fixes a problem where the handling of a "basedomain not found" error would prevent the proper removal of `G8sControlPlane` and `MachineDeployment` CRs when deleting a cluster. - -### kiam [v3.6](https://github.com/uswitch/kiam/blob/master/CHANGELOG.md#v36) (Giant Swarm app [v1.3.1](https://github.com/giantswarm/kiam-app/blob/master/CHANGELOG.md#131---2020-07-23)) - -Check the [kiam changelog](https://github.com/uswitch/kiam/blob/master/CHANGELOG.md#v36) for details. - -### kube-state-metrics [v1.9.7](https://github.com/kubernetes/kube-state-metrics/blob/master/CHANGELOG.md#v197--2020-05-24) (Giant Swarm app [v1.1.1](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#111---2020-07-22)) - -- Switch mutatingWebhookConfiguration to use v1 api - -Check the [kube-state-metrics changelog](https://github.com/kubernetes/kube-state-metrics/releases/tag/v1.9.7) for more details. - -### metrics-server [v0.3.6](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.3.6) (Giant Swarm app [v1.1.1](https://github.com/giantswarm/metrics-server-app/blob/master/CHANGELOG.md#111---2020-07-23)) - -- Fix: Don't break metric storage when duplicate pod metrics encountered - -Check the [metrics-server changelog](https://github.com/kubernetes-sigs/metrics-server/releases) for more details. - -### node-exporter [v1.0.1](https://github.com/prometheus/node_exporter/blob/master/CHANGELOG.md#101--2020-06-15) (Giant Swarm app [v1.3.0](https://github.com/giantswarm/node-exporter-app/blob/master/CHANGELOG.md#130---2020-07-23)) - -- Several changes regarding metrics and labels. - -Check the [node-exporter changelog](https://github.com/prometheus/node_exporter/blob/master/CHANGELOG.md#101--2020-06-15) for detais. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.0.md deleted file mode 100644 index ea8368f636..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.0.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.1.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.1.0 - version: 12.1.0 - version_tag: v12.1.0 -date: '2020-08-05T12:00:00' -description: Release notes for AWS workload cluster release v12.1.0, published on - 05 August 2020, 12:00. -title: Workload cluster release v12.1.0 for AWS ---- - -**If you are upgrading from 12.0.0, upgrading to this release will not roll your nodes. It will only update the apps.** - -This release upgrades Cert Manager from upstream v0.9.0 to v0.15.2. - -It is part of a larger effort to maximize reliability of upgrades, by keeping 3rd party components within 30 days of upstream releases. - -**This upgrade will stop Cert Manager from reconciling your existing resources** due to changes in its API - manual intervention is required to update affected resources. While the **negative impact to your workloads is low-to-none**, to minimize disruption, **we recommend discussing this upgrade with your Solution Engineer first**. - -**Note for Solution Engineers:** - -Please use this [upgrade script](https://github.com/giantswarm/cert-manager-app/blob/master/files/migrate-v090-to-v200.sh) to assist with the process. Due to changes in Cert Manager's API, associated Ingresses and Secrets must also be updated to ensure they are reconciled by Cert Manager. - -**Note for future 12.x.x releases:** - -Please persist this note and the above, until all customers are on AWS v12.1.x and above. - -### cert-manager [2.0.2](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.0.2) - -#### Changed - -- Upgrade cert-manager from 0.9.0 to 0.15.2. ([#31](https://github.com/giantswarm/cert-manager-app/pull/31)) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.1.md deleted file mode 100644 index 87def331fb..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.1.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.1.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.1.1 - version: 12.1.1 - version_tag: v12.1.1 -date: '2020-08-19T12:00:00' -description: Release notes for AWS workload cluster release v12.1.1, published on - 19 August 2020, 12:00. -title: Workload cluster release v12.1.1 for AWS ---- - -This release provides new aws-operator version with reliability improvements and upgrades kiam-app from v1.3.1 to v1.4.0, to align with Cert Manager v0.16.1 API changes. - -**This version of Cert Manager no longer reconciles your existing resources** due to changes in its API. Manual intervention is required to update affected resources. While the negative impact to your workloads is low-to-none, to minimize disruption, **we recommend discussing this upgrade with your Solution Engineer**. - -**Note for Solution Engineers:** - -Please use this [upgrade script](https://github.com/giantswarm/cert-manager-app/blob/master/files/migrate-v090-to-v200.sh) to assist with the process. Due to changes in Cert Manager's API, associated Ingresses and Secrets must also be updated to ensure they are reconciled by Cert Manager. - -**Note for future 12.x.x releases:** - -Please persist this note and the above, until all customers are on AWS v12.1.x and above. - -## Change details - -### aws-operator [v8.8.0](https://github.com/giantswarm/aws-operator/blob/master/CHANGELOG.md#876---2020-08-11) - -- Fixes a certain case where a release upgrade would have left cluster in an in-between state. -- aws-operator now emits events on the `AWSCluster`, `AWSControlPlane`, and `AWSMachineDeployment` resources to facilitate following the process of cluster creation, upgrades etc., and debugging issues. -- Fixed passing custom pod CIDR to k8scloudconfig. - -### kiam [v3.6](https://github.com/uswitch/kiam/blob/master/CHANGELOG.md#v36) (Giant Swarm app [v1.4.0](https://github.com/giantswarm/kiam-app/releases/tag/v1.4.0)) - -- Updated cert-manager API groups. ([#36](https://github.com/giantswarm/kiam-app/pull/36)) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.2.md deleted file mode 100644 index cd34dd511a..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.2.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.1.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.1.2 - version: 12.1.2 - version_tag: v12.1.2 -date: '2020-08-20T12:00:00' -description: Release notes for AWS workload cluster release v12.1.2, published on - 20 August 2020, 12:00. -title: Workload cluster release v12.1.2 for AWS ---- - -This release upgrades external-dns app to v1.3.0. - -**If you are upgrading from 12.1.1, upgrading to this release will not roll your nodes. It will only update the apps.** - -**If you are upgrading from 12.1.0 or older platform release, this release uses Cert Manager 0.16.1 and will no longer reconcile existing resources** due to changes in its API. Manual intervention is required to update affected resources. While the negative impact to your workloads is low-to-none, to minimize disruption, **we recommend discussing this upgrade with your Solution Engineer**. - -**Note for Solution Engineers:** - -Please use this [upgrade script](https://github.com/giantswarm/cert-manager-app/blob/master/files/migrate-v090-to-v200.sh) to assist with the process. Due to changes in Cert Manager's API, associated Ingresses and Secrets must also be updated to ensure they are reconciled by Cert Manager. - -**Note for future 12.x.x releases:** - -Please persist this note and the above, until all customers are on AWS v12.1.x and above. - -## Change details - -### external-dns v0.7.3 [Giant Swarm app 1.3.0](https://github.com/giantswarm/external-dns-app/blob/master/CHANGELOG.md#130---2020-08-18) - -- Updated from v0.7.2. Check the [upstream changelog](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.7.3) for details on all changes. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.3.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.3.md deleted file mode 100644 index 9a0a2b647c..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.3.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.1.3/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.1.3 - version: 12.1.3 - version_tag: v12.1.3 -date: '2020-08-27T13:00:00' -description: Release notes for AWS workload cluster release v12.1.3, published on - 27 August 2020, 13:00. -title: Workload cluster release v12.1.3 for AWS ---- - -This release provides a new cluster-operator which fixes the issue that prevented release upgrade when reference id does not align with the G8sControlPlane id or MachineDeployment id and cluster status condition not being changed during cluster upgrade. - -**If you are upgrading from 12.1.0 or older platform release, this release uses Cert Manager 0.16.1 and will no longer reconcile existing resources** due to changes in its API. Manual intervention is required to update affected resources. While the negative impact to your workloads is low-to-none, to minimize disruption, **we recommend discussing this upgrade with your Solution Engineer**. - -**Note for Solution Engineers:** - -Please use this [upgrade script](https://github.com/giantswarm/cert-manager-app/blob/master/files/migrate-v090-to-v200.sh) to assist with the process. Due to changes in Cert Manager's API, associated Ingresses and Secrets must also be updated to ensure they are reconciled by Cert Manager. - -**Note for future 12.x.x releases:** - -Please persist this note and the above, until all customers are on AWS v12.1.x and above. - -## Change details - -### cluster-operator [3.1.1](https://github.com/giantswarm/cluster-operator/releases/tag/v3.1.1) - -- Fix cluster status is not updated during cluster upgrade. -- Add NetworkPolicy to restrict communication for cluster-operator. -- Fix condition where reference id does not match with G8sControlplane or MachineDeployment. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.4.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.4.md deleted file mode 100644 index 76aa76c157..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.1.4.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.1.4/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.1.4 - version: 12.1.4 - version_tag: v12.1.4 -date: '2020-08-28T15:00:00' -description: Release notes for AWS workload cluster release v12.1.4, published on - 28 August 2020, 15:00. -title: Workload cluster release v12.1.4 for AWS ---- - -This release upgrades external-dns app to v1.4.0 to improve observability. - -**If you are upgrading from 12.1.3, upgrading to this release will not roll your nodes. It will only update the apps.** - -**If you are upgrading from 12.1.0 or older platform release, this release uses Cert Manager 0.16.1 and will no longer reconcile existing resources** due to changes in its API. Manual intervention is required to update affected resources. While the negative impact to your workloads is low-to-none, to minimize disruption, **we recommend discussing this upgrade with your Solution Engineer**. - -**Note for Solution Engineers:** - -Please use this [upgrade script](https://github.com/giantswarm/cert-manager-app/blob/master/files/migrate-v090-to-v200.sh) to assist with the process. Due to changes in Cert Manager's API, associated Ingresses and Secrets must also be updated to ensure they are reconciled by Cert Manager. - -**Note for future 12.x.x releases:** - -Please persist this note and the above, until all customers are on AWS v12.1.x and above. - -## Change details - -### external-dns v0.7.3 [Giant Swarm app 1.4.0](https://github.com/giantswarm/external-dns-app/blob/master/CHANGELOG.md#140---2020-08-21) - -- Added monitoring headless Service. -- Added more Giant Swarm custom monitoring annotations. -- Explicitly exposed metrics container port. -- Use default external-dns metrics port 7979. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.2.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.2.0.md deleted file mode 100644 index 321195dfb4..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.2.0.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.2.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.2.0 - version: 12.2.0 - version_tag: v12.2.0 -date: '2020-09-15T15:00:00' -description: Release notes for AWS workload cluster release v12.2.0, published on - 15 September 2020, 15:00. -title: Workload cluster release v12.2.0 for AWS ---- - -This release includes a number of stability and security fixes, improvements, and picks up various component and app upgrades. - -**If you are upgrading from 12.1.0 or older platform release, this release uses Cert Manager 0.16.1 and will no longer reconcile existing resources** due to changes in its API. Manual intervention is required to update affected resources. While the negative impact to your workloads is low-to-none, to minimize disruption, **we recommend discussing this upgrade with your Solution Engineer**. - -**Note for Solution Engineers:** - -Please use this [upgrade script](https://github.com/giantswarm/cert-manager-app/blob/master/files/migrate-v090-to-v200.sh) to assist with the process. Due to changes in Cert Manager's API, associated Ingresses and Secrets must also be updated to ensure they are reconciled by Cert Manager. - -**Note for future 12.x.x releases:** - -Please persist this note and the above, until all customers are on AWS v12.1.x and above. - -## Change details - -### aws-operator [v9.1.1](https://github.com/giantswarm/aws-operator/blob/v9.1.1/CHANGELOG.md#v911) - -* Updated Flatcar Releases -* Updated AWS CNI installation manifests -* Updated k8scloudconfig to disable Calico installing the CNI binaries - -### aws-cni [v1.7.3](https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.7.3/CHANGELOG.md#v173) - -* Bug - Avoid deleting ENIs being created by older CNI versions ([#1109](https://github.com/aws/amazon-vpc-cni-k8s/pull/1109)) -* Bug - Wait for ENI and secondary IPs ([#1174](https://github.com/aws/amazon-vpc-cni-k8s/pull/1174)) -* Improvement - Refresh subnet/CIDR information periodically ([#903](https://github.com/aws/amazon-vpc-cni-k8s/pull/903)) - -### cluster-operator [v3.2.0](https://github.com/giantswarm/cluster-operator/releases/tag/v3.2.0) - -* Introducing Kubernetes events -* Add monitoring labels. - -### calico [v3.15.3](https://github.com/projectcalico/calico/compare/v3.15.1...v3.15.3) - -* Fix import from libcalico-go -* Update pins - pick up FelixConfiguration - -### kiam v3.6.0 (Giant Swarm app [v1.5.0](https://github.com/giantswarm/kiam-app/blob/v1.5.0/CHANGELOG.md)) - -* Setting gRPC environment variables -* Use deep liveness probe for kiam agent. -* Align charts with upstream. - -### Etcd [3.4.13](https://github.com/etcd-io/etcd/blob/master/CHANGELOG-3.4.md) - -* A log warning is added when etcd use any existing directory that has a permission different than 700 on Linux and 777 on Windows. - -### Kubernetes [1.17.12](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.17.md#v11712) - -* Fix a concurrent map writes error in kubelet ([#93773](https://github.com/kubernetes/kubernetes/pull/93773)) -* Fixes a bug evicting pods after a taint with a limited tolerationSeconds toleration is removed from a node ([#93722](https://github.com/kubernetes/kubernetes/pull/93722)) -* Fixes an issue that can result in namespaced custom resources being orphaned when their namespace is deleted, if the CRD defining the custom resource is removed concurrently with namespaces being deleted, then recreated. ([#93790](https://github.com/kubernetes/kubernetes/pull/93790)) -* Kube-apiserver: fixed a bug returning inconsistent results from list requests which set a field or label selector and set a paging limit ([#94002](https://github.com/kubernetes/kubernetes/pull/94002)) -* Update CNI plugins to v0.8.7 ([#94367](https://github.com/kubernetes/kubernetes/pull/94367)) - -Check the [upstream changelog](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.17.md#v11712) for details on all changes. - -### containerlinux [2512.5.0](https://www.flatcar-linux.org/releases/#release-2512.5.0) - -Security fixes: - -* Linux kernel: Fix AF_PACKET overflow in tpacket_rcv [CVE-2020-14386](https://seclists.org/oss-sec/2020/q3/146) -* Bind: fixes for [CVE-2020-8616](https://nvd.nist.gov/vuln/detail/CVE-2020-8616), [CVE-2020-8617](https://nvd.nist.gov/vuln/detail/CVE-2020-8617), [CVE-2020-8620](https://nvd.nist.gov/vuln/detail/CVE-2020-8620), [CVE-2020-8621](https://nvd.nist.gov/vuln/detail/CVE-2020-8621), [CVE-2020-8622](https://nvd.nist.gov/vuln/detail/CVE-2020-8622), [CVE-2020-8623](https://nvd.nist.gov/vuln/detail/CVE-2020-8623), [CVE-2020-8624](https://nvd.nist.gov/vuln/detail/CVE-2020-8624) - -Bug fixes: - -* The static IP address configuration in the initramfs works again in the format `ip=::::::none[:[:]]` ([flatcar-linux/bootengine#15](https://github.com/flatcar-linux/bootengine/pull/15)) -* app-admin/{kubelet, etcd, flannel}-wrapper: don't overwrite the user supplied –insecure-options argument ([flatcar-linux/coreos-overlay#426](https://github.com/flatcar-linux/coreos-overlay/pull/426)) -* etcd-wrapper: Adjust data dir permissions ([flatcar-linux/coreos-overlay#536](https://github.com/flatcar-linux/coreos-overlay/pull/536)) - -Changes: - -* Update public key to include a [new subkey](https://www.flatcar-linux.org/security/image-signing-key/) -* Vultr support in Ignition ([flatcar-linux/ignition#13](https://github.com/flatcar-linux/ignition/pull/13)) -* VMware OVF settings default to ESXi 6.5 and Linux 3.x - -Updates: - -* Linux [4.19.145](https://lwn.net/Articles/831367/) -* bind-tools [9.11.22](https://ftp.isc.org/isc/bind9/cur/9.11/RELEASE-NOTES-bind-9.11.22.txt) -* etcd-wrapper [3.3.24](https://github.com/etcd-io/etcd/releases/tag/v3.3.24) -* Git [2.26.2](https://raw.githubusercontent.com/git/git/v2.26.2/Documentation/RelNotes/2.26.2.txt) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.3.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.3.0.md deleted file mode 100644 index 1248a13bac..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.3.0.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.3.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.3.0 - version: 12.3.0 - version_tag: v12.3.0 -date: '2020-09-30T18:00:00' -description: Release notes for AWS workload cluster release v12.3.0, published on - 30 September 2020, 18:00. -title: Workload cluster release v12.3.0 for AWS ---- - -**If you are upgrading from 12.2.0, upgrading to this release will not roll your nodes. It will only update the apps.** - -This release upgrades all Helm releases managed by Giant Swarm to use [Helm v3.3.4](https://github.com/helm/helm/releases/tag/v3.3.4). - -This lets us benefit from the improved security model and keep up to date with the community. We also remove the Tiller deployment from the giantswarm namespace, removing its gRPC endpoint, which reduces operational complexity. - -If you are still using Helm 2 then these Helm releases will not be affected. However we encourage you to upgrade to Helm 3. As Helm 2 support ends on November 13th 2020. https://helm.sh/blog/helm-v2-deprecation-timeline/ - -Below, you can find more details on components that were changed with this release. - -**Note before upgrade:** - -Please contact your Solution Engineer before upgrading. The upgrade is automated. However, it includes a data migration from Helm 2 release configmaps to Helm 3 release secrets, there are some pre-upgrade checks and we recommend monitoring the upgrade to ensure safety. - -**Note for Solution Engineers:** - -- Helm3: - - Please use [Upgrading tenant clusters to Helm 3](https://intranet.giantswarm.io/docs/dev-and-releng/helm/helm3-tenant-cluster-upgrade/) as a guide on the upgrade process for the checks and monitoring steps. - - **Note for future 12.x.x releases:** - - Please persist this note and the above, until all customers are on AWS **v12.3.x** and above. -- cert-manager-app: - - Please use this [upgrade script](https://github.com/giantswarm/cert-manager-app/blob/master/files/migrate-v090-to-v200.sh) to assist with the process. Due to changes in Cert Manager's API, associated Ingresses and Secrets must also be updated to ensure they are reconciled by Cert Manager. - - **Note for future 12.x.x releases:** - - Please persist this note and the above, until all customers are on AWS **v12.1.x** and above. - -## Change details - -### app-operator [v2.3.2](https://github.com/giantswarm/app-operator/blob/master/CHANGELOG.md#232---2020-09-29) -### chart-operator [v2.3.3](https://github.com/giantswarm/chart-operator/blob/master/CHANGELOG.md#233---2020-09-29) -- Updated Helm to [v3.3.4](https://github.com/helm/helm/releases/tag/v3.3.4). diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.4.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.4.0.md deleted file mode 100644 index 91be68cca6..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.4.0.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.4.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.4.0 - version: 12.4.0 - version_tag: v12.4.0 -date: '2020-10-13T18:00:00' -description: Release notes for AWS workload cluster release v12.4.0, published on - 13 October 2020, 18:00. -title: Workload cluster release v12.4.0 for AWS ---- - -This release upgrades cert-manager-app to `v2.3.0` which brings new patch version `v1.0.2` of the upstream project. - -## Change details - -### cert-manager [2.3.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.3.0) - -* New Cert-Manager `v1.0.2` fixes the errors from `kubectl` invocation. -* Fix `hook-delete-policy` to delete hook resources to make upgrades reliable -* This version add support for Route53 using Kiam annotation. - -### external-dns [1.5.0](https://github.com/giantswarm/external-dns-app/releases/tag/v1.5.0) - -* New External-DNS upstream version `v0.7.4` with several bugfixes. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.5.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.5.0.md deleted file mode 100644 index 5e5af561e6..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.5.0.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.5.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.5.0 - version: 12.5.0 - version_tag: v12.5.0 -date: '2020-10-16T14:00:00' -description: Release notes for AWS workload cluster release v12.5.0, published on - 16 October 2020, 14:00. -title: Workload cluster release v12.5.0 for AWS ---- - -This release offers the possibility to add additional Network Pools to the Control Plane and flexibly choose the IP range for new Tenant Clusters from these pools. It also upgrades Kubernetes to v1.17.13. - -**Note for Solution Engineers:** - -- Helm3: - - Please use [Upgrading tenant clusters to Helm 3](https://intranet.giantswarm.io/docs/dev-and-releng/helm/helm3-tenant-cluster-upgrade/) as a guide on the upgrade process for the checks and monitoring steps. - - **Note for future 12.x.x releases:** - - Please persist this note and the above, until all customers are on AWS **v12.3.x** and above. -- cert-manager-app: - - Please use this [upgrade script](https://github.com/giantswarm/cert-manager-app/blob/master/files/migrate-v090-to-v200.sh) to assist with the process. Due to changes in Cert Manager's API, associated Ingresses and Secrets must also be updated to ensure they are reconciled by Cert Manager. - - **Note for future 12.x.x releases:** - - Please persist this note and the above, until all customers are on AWS **v12.1.x** and above. - -## Change details - - -### aws-operator [9.1.2](https://github.com/giantswarm/aws-operator/releases/tag/v9.1.2) - -#### Added -- Add etcd client certificates for Prometheus. -- Add `--service.aws.hostaccesskey.role` flag. -- Add `api..k8s.` and `*..k8s.` records into CP internal hosted zone. -#### Fixes -- Fix `vpc`/`route-table` lookups. -#### Changed -- Access Control Plane AWS account using role assumption. This is to prepare - running aws-operator inside a Tenant Cluster. -- Changed AWS CNI parameters to be more conservative with preallocated IPs while not hitting the AWS API too hard. -#### Changed -- Update `k8scloudconfig` to `v8.0.3`. - - - -### cluster-operator [3.3.1](https://github.com/giantswarm/cluster-operator/releases/tag/v3.3.1) - -#### Fixed -- Manage Tenant Cluster API errors gracefully. - -### Kubernetes [1.17.13](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.17.md#changelog-since-v11712) - -* Prevent logging of docker config contents if file is malformed ([#95348](https://github.com/kubernetes/kubernetes/pull/95348)) -* Do not fail sorting empty elements. ([#94666](https://github.com/kubernetes/kubernetes/pull/94666)) -* Fix detach azure disk issue when vm not exist ([#95177](https://github.com/kubernetes/kubernetes/pull/95177)) -* Fix etcd_object_counts metric reported by kube-apiserver ([#94817](https://github.com/kubernetes/kubernetes/pull/94817)) -* Fix kubectl printer to correctly handle timestamps of events emitted using events.k8s.io API ([#90227](https://github.com/kubernetes/kubernetes/pull/90227)) -* Fix the cloudprovider_azure_api_request_duration_seconds metric buckets to correctly capture the latency metrics. Previously, the majority of the calls would fall in the "+Inf" bucket. ([#95376](https://github.com/kubernetes/kubernetes/pull/95376)) -* Fix: detach azure disk broken on Azure Stack ([#94885](https://github.com/kubernetes/kubernetes/pull/94885)) -* Fixed a bug where improper storage and comparison of endpoints led to excessive API traffic from the endpoints controller ([#94935](https://github.com/kubernetes/kubernetes/pull/94935)) -* Kubeadm: warn but do not error out on missing "ca.key" files for root CA, front-proxy CA and etcd CA, during "kubeadm join --control-plane" if the user has provided all certificates, keys and kubeconfig files which require signing with the given CA keys. ([#94988](https://github.com/kubernetes/kubernetes/pull/94988)) - -Check the [upstream changelog](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.17.md#changelog-since-v11712) for details on all changes. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.5.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.5.1.md deleted file mode 100644 index b22353ceb2..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.5.1.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.5.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.5.1 - version: 12.5.1 - version_tag: v12.5.1 -date: '2020-10-22T06:40:57' -description: Release notes for AWS workload cluster release v12.5.1, published on - 22 October 2020, 06:40. -title: Workload cluster release v12.5.1 for AWS ---- - -This release fixes an issue that prevented upgrades of the Control Planes. - -## Change details - - -### aws-operator [9.1.3](https://github.com/giantswarm/aws-operator/releases/tag/v9.1.3) - -#### Fixed -- Ignore error when missing APIServerPublicLoadBalancer CF Stack output to allow upgrade. - - - -### app-operator [2.3.3](https://github.com/giantswarm/app-operator/releases/tag/v2.3.3) - -#### Added -- Delete chart-operator helm release and chart CR so it can be re-installed. - - - -### chart-operator [2.3.5](https://github.com/giantswarm/chart-operator/releases/tag/v2.3.5) - -#### Fixed -- Stop repeating helm upgrade for the failed helm release. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.5.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.5.2.md deleted file mode 100644 index 69d5a51b9e..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.5.2.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.5.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.5.2 - version: 12.5.2 - version_tag: v12.5.2 -date: '2020-10-27T16:40:57' -description: Release notes for AWS workload cluster release v12.5.2, published on - 27 October 2020, 16:40. -title: Workload cluster release v12.5.2 for AWS ---- - -**If you are upgrading from 12.5.1, upgrading to this release will not roll your nodes. It will only update the apps.** - -This release fixes an issue that causes app-operator to crash when handling cluster deletion. - -Because we rarely delete clusters, the likelihood of this issue is low. But if we do delete a cluster (for example, a test cluster) with the broken app-operator, the operator will crash and stop reconciling app CRs in other clusters. Everything in that version breaks. - -As this is a patch update that doesn't roll nodes, we highly recommended upgrading to it. - -## Change details - -### app-operator [2.3.5](https://github.com/giantswarm/app-operator/releases/tag/v2.3.5) - -#### Fixed -- Skip removing finalizer for chart-operator chart CR if its not present. -- Skip deleting chart-operator in case of cluster deletion. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.6.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.6.0.md deleted file mode 100644 index f2cad13424..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.6.0.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.6.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.6.0 - version: 12.6.0 - version_tag: v12.6.0 -date: '2020-11-04T11:06:43' -description: Release notes for AWS workload cluster release v12.6.0, published on - 04 November 2020, 11:06. -title: Workload cluster release v12.6.0 for AWS ---- - -This patch release prevents an issue with QPS (Queries per Second) limits introduced by Docker Hub. Also, it solves a corner case scenario during ETCD mouting time. - -This minor release also contains two alpha features to terminate unhealthy nodes and to use the new AWS metadata API v2. Both only works when the cluster CR is annotated properly. - -## Change details - -### aws-operator [9.2.0](https://github.com/giantswarm/aws-operator/releases/tag/v9.2.0) - -#### Fixed - -- Fix dockerhub QPS by using paid user token for pulls. -- Remove dependency on `var-lib-etcd.automount` to avoid dependency cycle on - new systemd. - -#### Added - -- Add `terminate-unhealthy-node` alpha feature to automatically terminate bad and - unhealthy nodes in a Cluster. -- Add `alpha.giantswarm.io/aws-metadata-v2` annotation to enable AWS Metadata API v2. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.7.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.7.0.md deleted file mode 100644 index 71bf7e3f10..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.7.0.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.7.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.7.0 - version: 12.7.0 - version_tag: v12.7.0 -date: '2020-11-19T08:00:00' -description: Release notes for AWS workload cluster release v12.7.0, published on - 19 November 2020, 08:00. -title: Workload cluster release v12.7.0 for AWS ---- - -This release offers the possibility to configure the subnet size of Network Pools, the size and wait time of batches during tenant cluster upgrades. More details about the upgrade improvements can be found in our [Fine-tuning upgrade disruption on AWS](https://docs.giantswarm.io/guides/fine-tuning-upgrade-disruption-on-aws/) guide. - -## Change details - -### aws-cni [1.7.5](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/CHANGELOG.md#v175) - -Bug - Match primary ENI IP correctly ([#1247](https://github.com/aws/amazon-vpc-cni-k8s/pull/1247) , @mogren) - -### aws-operator [9.3.1](https://github.com/giantswarm/aws-operator/releases/tag/v9.3.1) - -#### Changed -- Update dependencies to next major versions. - -#### Fixed -- During a deletion of a cluster, ignore volumes that are mounted to an instance in a different cluster. - -#### Added -- Annotation `alpha.aws.giantswarm.io/metadata-v2` to enable AWS Metadata API v2 -- Annotation `alpha.aws.giantswarm.io/aws-subnet-size` to customize subnet size of Control Plane and Node Pools -- Annotation `alpha.aws.giantswarm.io/update-max-batch-size` to configure max batch size in ASG update policy on cluster or machine deployment CR. -- Annotation `alpha.aws.giantswarm.io/update-pause-time` to configure pause between batches in ASG update on cluster or machine deployment CR. - -### cert-manager [2.3.2](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.3.2) - -#### Added - -- Added values.schema.json for validation of default values. ([#90](https://github.com/giantswarm/cert-manager-app/pull/90)) -- Made cert-manager version configurable. ([#91](https://github.com/giantswarm/cert-manager-app/pull/91)) - -#### Changed - -- Updated `cert-manager` to v1.0.4. ([#95](https://github.com/giantswarm/cert-manager-app/pull/95)) -- Update RBAC API versions. ([#84](https://github.com/giantswarm/cert-manager-app/pull/84)) - -#### Fixed - -- Updated app version in Chart.yaml metadata to `v1.0.3`. ([#91](https://github.com/giantswarm/cert-manager-app/pull/91)) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.7.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.7.1.md deleted file mode 100644 index cae57e4481..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.7.1.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.7.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.7.1 - version: 12.7.1 - version_tag: v12.7.1 -date: '2020-12-24T10:20:34' -description: Release notes for AWS workload cluster release v12.7.1, published on - 24 December 2020, 10:20. -title: Workload cluster release v12.7.1 for AWS ---- - -This release fixes an issue that causes `ImagePullBackOff` errors when new nodes are becoming ready. - -## Change details - -### app-operator [2.7.0](https://github.com/giantswarm/app-operator/releases/tag/v2.7.0) - -#### Added -- Secure the webhook with token value from control plane catalog. -- Adding webhook URL as annotation into chart CRs. -- Added Status update endpoint. -- Watch secrets referenced in app CRs to reduce latency when applying config -changes. -- Create appcatalogentry CRs for public app catalogs. -- Watch configmaps referenced in app CRs to reduce latency when applying config -changes. - -#### Changed -- Update apiextensions to v3 and replace CAPI with Giant Swarm fork. - -#### Fixed -- Use resourceVersion of configmap for comparison instead of listing option. - -### aws-operator [9.3.1-fix](https://github.com/giantswarm/aws-operator/releases/tag/v9.3.1-fix) - -#### Changed -- Remove explicit registry pull limits defaulting to less restrictive upstream settings. - -### chart-operator [2.5.1](https://github.com/giantswarm/chart-operator/releases/tag/v2.5.1) - -#### Added -- Validate the cache in helmclient to avoid state requests when pulling tarballs. -- Call status webhook with token values. -- Call status webhook when webhook annotation is present. - -#### Fixed -- Fix comparison of last deployed and revision optional fields in status resource. -- Set memory limit and reduce requests. -- Update apiextensions to v3 and replace CAPI with Giant Swarm fork. - -#### Removed -- Remove chartmigration resource as migration from chartconfig to chart CRs is -complete. - -### cluster-operator [3.4.1](https://github.com/giantswarm/cluster-operator/releases/tag/v3.4.1) - -#### Added -- Add functionality to template `catalog` into `apps` depending on `release` CR. - -#### Changed -- Update `apiextensions`, `k8sclient`, and `operatorkit` dependencies. -- Update github workflows. - -#### Fixed -- Allow annotations from current app CR to remain. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.7.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.7.2.md deleted file mode 100644 index af01c12ab0..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v12.7.2.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v12.7.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v12.7.2 - version: 12.7.2 - version_tag: v12.7.2 -date: '2021-04-26T13:51:04' -description: Release notes for AWS workload cluster release v12.7.2, published on - 26 April 2021, 13:51. -title: Workload cluster release v12.7.2 for AWS ---- - -This release fixes an issue that can cause an IP conflict to occur in certain situations when a node pool is created. - -## Change details - - -### aws-operator [9.3.1-ipam](https://github.com/giantswarm/aws-operator/releases/tag/v9.3.1-ipam) - -- Fix IPAM conflicts when creating a node pool diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v13.0.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v13.0.0.md deleted file mode 100644 index b07fa5de72..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v13.0.0.md +++ /dev/null @@ -1,157 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v13.0.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v13.0.0 - version: 13.0.0 - version_tag: v13.0.0 -date: '2020-12-09T08:23:09' -description: Release notes for AWS workload cluster release v13.0.0, published on - 09 December 2020, 08:23. -title: Workload cluster release v13.0.0 for AWS ---- - -This release provides support for Kubernetes 1.18 on AWS. - -## Change details - - -### aws-operator [9.3.4](https://github.com/giantswarm/aws-operator/releases/tag/v9.3.4) - -#### Changed - -- Make it mandatory to configure alike instances via e.g. the installations repo. -- Fix naming and logs for `terminate-unhealthy-node` feature. -- Update `k8scloudconfig` version to `v9.3.0` to include change for kubelet pull QPS and kubelet cgroup. -- Add vertical pod autoscaler support. -- Do not return NAT gateways in state `deleting` and `deleted` to avoid problems with recreating clusters with same ID. - - -### aws-cni [1.7.6](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.7.6) - -- Improvement - Avoid detaching EFA ENIs -- Improvement - Add t4g instance type -- Improvement - Add p4d.24xlarge instance type -- Improvement - Update calico to v3.16.2 -- Improvement - Update readme on stdout support for plugin log file -- Bug - Make p3dn.24xlarge examples more realistic -- Bug - Make sure we have space for a trunk ENI -- Bug - Update README for DISABLE_TCP_EARLY_DEMUX -- Bug - Update p4 instance limits - - -### kubernetes [1.18.12](https://github.com/kubernetes/kubernetes/releases/tag/v1.18.12) - -#### Design -- Prevent logging of docker config contents if file is malformed ([#95347](https://github.com/kubernetes/kubernetes/pull/95347), [@sfowl](https://github.com/sfowl)) [SIG Auth and Node] -#### Bug or Regression -- Do not fail sorting empty elements. ([#94666](https://github.com/kubernetes/kubernetes/pull/94666), [@soltysh](https://github.com/soltysh)) [SIG CLI] -- Ensure getPrimaryInterfaceID not panic when network interfaces for Azure VMSS are null ([#94801](https://github.com/kubernetes/kubernetes/pull/94801), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix bug where loadbalancer deletion gets stuck because of missing resource group #75198 ([#93962](https://github.com/kubernetes/kubernetes/pull/93962), [@phiphi282](https://github.com/phiphi282)) [SIG Cloud Provider] -- Fix detach azure disk issue when vm not exist ([#95177](https://github.com/kubernetes/kubernetes/pull/95177), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix etcd_object_counts metric reported by kube-apiserver ([#94818](https://github.com/kubernetes/kubernetes/pull/94818), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] -- Fix network_programming_latency metric reporting for Endpoints/EndpointSlice deletions, where we don't have correct timestamp ([#95363](https://github.com/kubernetes/kubernetes/pull/95363), [@wojtek-t](https://github.com/wojtek-t)) [SIG Network and Scalability] -- Fix scheduler cache snapshot when a Node is deleted before its Pods ([#95154](https://github.com/kubernetes/kubernetes/pull/95154), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling] -- Fix the `cloudprovider_azure_api_request_duration_seconds` metric buckets to correctly capture the latency metrics. Previously, the majority of the calls would fall in the "+Inf" bucket. ([#95375](https://github.com/kubernetes/kubernetes/pull/95375), [@marwanad](https://github.com/marwanad)) [SIG Cloud Provider and Instrumentation] -- Fix: azure disk resize error if source does not exist ([#93011](https://github.com/kubernetes/kubernetes/pull/93011), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix: detach azure disk broken on Azure Stack ([#94885](https://github.com/kubernetes/kubernetes/pull/94885), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fixed a bug where improper storage and comparison of endpoints led to excessive API traffic from the endpoints controller ([#94934](https://github.com/kubernetes/kubernetes/pull/94934), [@damemi](https://github.com/damemi)) [SIG Apps, Network and Testing] -- Gracefully delete nodes when their parent scale set went missing ([#95289](https://github.com/kubernetes/kubernetes/pull/95289), [@bpineau](https://github.com/bpineau)) [SIG Cloud Provider] -- Kubeadm: warn but do not error out on missing "ca.key" files for root CA, front-proxy CA and etcd CA, during "kubeadm join --control-plane" if the user has provided all certificates, keys and kubeconfig files which require signing with the given CA keys. ([#94988](https://github.com/kubernetes/kubernetes/pull/94988), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -#### Other (Cleanup or Flake) -- Masks ceph RBD adminSecrets in logs when logLevel >= 4 ([#95245](https://github.com/kubernetes/kubernetes/pull/95245), [@sfowl](https://github.com/sfowl)) [SIG Storage] -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -_Nothing has changed._ -#### Removed -_Nothing has changed._ - - -### calico [3.15.3](https://github.com/projectcalico/calico/releases/tag/v3.15.3) - -#### Other changes - - Add FelixConfiguration parameters to explicitly allow encapsulated packets from workloads. [libcalico-go #1302](https://github.com/projectcalico/libcalico-go/pull/1302) (@doublek) - - Respect explicit configuration for drop rules for encapsulated packets originating from workloads. [felix #2487](https://github.com/projectcalico/felix/pull/2487) (@doublek) - -### cluster-operator [3.4.1](https://github.com/giantswarm/cluster-operator/releases/tag/v3.4.1) - -#### Added - -- Add functionality to template `catalog` into `apps` depending on `release` CR. - -#### Changed - -- Update `apiextensions`, `k8sclient`, and `operatorkit` dependencies. -- Update github workflows. - -### Fixed - -- Allow annotations from current app CR to remain. - -### app-operator [2.7.0](https://github.com/giantswarm/app-operator/releases/tag/v2.7.0) - -#### Added -- Secure the webhook with token value from control plane catalog. - - -### chart-operator [2.5.1](https://github.com/giantswarm/chart-operator/releases/tag/v2.5.0) - -#### Added -- Validate the cache in helmclient to avoid state requests when pulling tarballs. -- Call status webhook with token values. -#### Fixed -- Update apiextensions to v3 and replace CAPI with Giant Swarm fork. -- Fix comparison of last deployed and revision optional fields in status resource. -- Set memory limit and reduce requests. - - -### kube-state-metrics [1.3.0](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.3.0) - -#### Changed -- Change the Kubernetes Deployment name to include the app version. - - -### cert-exporter [1.3.0](https://github.com/giantswarm/cert-exporter/releases/tag/v1.3.0) - -#### Added -- Add Network Policy. -#### Changed -- Remove `hostNetwork` and `hostPID` capabilities. - - -### net-exporter [1.9.2](https://github.com/giantswarm/net-exporter/releases/tag/v1.9.2) - -#### Changed -- Updated backward incompatible Kubernetes dependencies to v1.18.5. -#### Fixed -- Fixed indentation problem with the daemonset template. - - -### node-exporter [1.7.0](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.7.0) - -#### Changed -- Change the Kubernetes Daemonset name to include the app version. - - -### external-dns [1.5.0](https://github.com/giantswarm/external-dns-app/releases/tag/v1.5.0) - -#### Changed -- Upgrade upstream external-dns from v0.7.3 to [v0.7.4](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.7.4). - - -### cluster-autoscaler [1.18.3](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.18.3) - -#### Changed -- Updated cluster-autoscaler to version `1.18.3`. - - -### cert-manager [2.3.3](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.3.3) - -#### Changed -- Schedule hook Jobs on master nodes. ([#106](https://github.com/giantswarm/cert-manager-app/pull/106)) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v13.1.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v13.1.0.md deleted file mode 100644 index 0c3241e34f..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v13.1.0.md +++ /dev/null @@ -1,489 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v13.1.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v13.1.0 - version: 13.1.0 - version_tag: v13.1.0 -date: '2021-03-29T06:34:36' -description: Release notes for AWS workload cluster release v13.1.0, published on - 29 March 2021, 06:34. -title: Workload cluster release v13.1.0 for AWS ---- - -This release provides security and bug fixes for various components. - -## Change details - - -### aws-operator [9.3.9](https://github.com/giantswarm/aws-operator/releases/tag/v9.3.9) - -#### Fixed -- Added CNI CIDR to internal ELB Security Group -- Added new Flatcar AMI identifiers -- Added China Flatcar AMI identifiers - -### cluster-operator [3.6.0](https://github.com/giantswarm/cluster-operator/releases/tag/v3.6.0) - -#### Fixed -- Fix cluster status computation to correctly display rollbacks, version changes and multiple updates. -#### Added -- Add vertical pod autoscaler support -- Add `appversionlabel` resource to update version labels for optional app CRs -- Check existence of chart tarball for `release` CR `apps` in catalog -- Add unit tests for cluster status computation - - - -### app-operator [3.2.0](https://github.com/giantswarm/app-operator/releases/tag/v3.2.0) - -#### Added -- Add printer columns for Version, Last Deployed and Status to chart CRD in -tenant clusters. -- Use validation logic from the app library. -- Include restrictions data from app metadata files in appcatalogentry CRs. -- Include `apiVersion`, `restrictions.compatibleProviders` in appcatalogentry CRs. -#### Changed -- Using values service from the app library. -- Updated Helm to v3.4.2. -- Enable mutating and validating webhooks in app-admission-controller for tenant app CRs. -- Limit the number of AppCatalogEntry per app. -- Delete legacy finalizers on app CRs. -- Reconciling appCatalog CRs only if pod is unique. -#### Fixed -- Reuse clients in clients resource when app CR uses inCluster. -- Updating status as cordoned if app CR has cordoned annotation. - - - -### aws-cni [1.7.8](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.7.8) - -* Bug - [Rearrange Pod deletion workflow](https://github.com/aws/amazon-vpc-cni-k8s/pull/1315) (#1315, @SaranBalaji90) -* Improvement - [Replace DescribeNetworkInterfaces with paginated version](https://github.com/aws/amazon-vpc-cni-k8s/pull/1333) (#1333, [@haouc](https://github.com/haouc)) - - - -### containerlinux [2605.12.0](https://www.flatcar-linux.org/releases/#release-2605.12.0) - -**Security fixes** - -* linux - - [CVE-2020-14390](https://nvd.nist.gov/vuln/detail/CVE-2020-14390) - - [CVE-2020-25284](https://nvd.nist.gov/vuln/detail/CVE-2020-25284) - - [CVE-2020-25645](https://nvd.nist.gov/vuln/detail/CVE-2020-25645) - - [CVE-2020-25643](https://nvd.nist.gov/vuln/detail/CVE-2020-25643) - - [CVE-2020-25211](https://nvd.nist.gov/vuln/detail/CVE-2020-25211) - - [CVE-2020-27673](https://nvd.nist.gov/vuln/detail/CVE-2020-27673) - - [CVE-2020-27675](https://nvd.nist.gov/vuln/detail/CVE-2020-27675) - - [CVE-2020-28941](https://nvd.nist.gov/vuln/detail/CVE-2020-28941) - - [CVE-2020-4788](https://nvd.nist.gov/vuln/detail/CVE-2020-4788) - - [CVE-2020-25669](https://nvd.nist.gov/vuln/detail/CVE-2020-25669) - - [CVE-2020-14351](https://nvd.nist.gov/vuln/detail/CVE-2020-14351) - - [CVE-2020-29661](https://nvd.nist.gov/vuln/detail/CVE-2020-29661) - - [CVE-2020-29660](https://nvd.nist.gov/vuln/detail/CVE-2020-29660) - - [CVE-2020-27830](https://nvd.nist.gov/vuln/detail/CVE-2020-27830) - - [CVE-2020-28588](https://nvd.nist.gov/vuln/detail/CVE-2020-28588) - - [CVE-2020-27815](https://www.openwall.com/lists/oss-security/2020/11/30/5) - - [CVE-2020-29568](https://nvd.nist.gov/vuln/detail/CVE-2020-29568) - - [CVE-2020-29569](https://nvd.nist.gov/vuln/detail/CVE-2020-29569) - - [CVE-2020-28374](https://nvd.nist.gov/vuln/detail/CVE-2020-28374) - - [CVE-2020-36158](https://nvd.nist.gov/vuln/detail/CVE-2020-36158) -* go - - [CVE-2021-3114](https://github.com/golang/go/issues/43786) -* sudo - - [CVE-2021-3156](https://nvd.nist.gov/vuln/detail/CVE-2021-3156) - - [CVE-2021-23239](https://nvd.nist.gov/vuln/detail/CVE-2021-23239) -* containerd - - [CVE-2020-15257](https://nvd.nist.gov/vuln/detail/CVE-2020-15257) -* glibc - - [CVE-2019-9169](https://nvd.nist.gov/vuln/detail/CVE-2019-9169) - - [CVE-2019-6488](https://nvd.nist.gov/vuln/detail/CVE-2019-6488) - - [CVE-2019-7309](https://nvd.nist.gov/vuln/detail/CVE-2019-7309) - - [CVE-2020-10029](https://nvd.nist.gov/vuln/detail/CVE-2020-10029) - - [CVE-2020-1751](https://nvd.nist.gov/vuln/detail/CVE-2020-1751) - - [CVE-2020-6096](https://nvd.nist.gov/vuln/detail/CVE-2020-6096) - - [CVE-2018-20796](https://nvd.nist.gov/vuln/detail/CVE-2018-20796) -* glib - - [CVE-2019-12450](https://nvd.nist.gov/vuln/detail/CVE-2019-12450) -* open-iscsi - - [CVE-2017-17840](https://nvd.nist.gov/vuln/detail/CVE-2017-17840) -* samba - - [CVE-2019-10197](https://nvd.nist.gov/vuln/detail/CVE-2019-10197) - - [CVE-2020-10704](https://nvd.nist.gov/vuln/detail/CVE-2020-10704) - - [CVE-2020-10745](https://nvd.nist.gov/vuln/detail/CVE-2020-10745) - - [CVE-2019-3880](https://nvd.nist.gov/vuln/detail/CVE-2019-3880) - - [CVE-2019-10218](https://nvd.nist.gov/vuln/detail/CVE-2019-10218) -* shadow - - [CVE-2019-19882](https://nvd.nist.gov/vuln/detail/CVE-2019-19882) -* sssd - - [CVE-2018-16883](https://nvd.nist.gov/vuln/detail/CVE-2018-16883) - - [CVE-2019-3811](https://nvd.nist.gov/vuln/detail/CVE-2019-3811) - - [CVE-2018-16838](https://nvd.nist.gov/vuln/detail/CVE-2018-16838) -* trousers - - [CVE-2020-24330](https://nvd.nist.gov/vuln/detail/CVE-2020-24330) - - [CVE-2020-24331](https://nvd.nist.gov/vuln/detail/CVE-2020-24331) -* cifs-utils - - [CVE-2020-14342](https://nvd.nist.gov/vuln/detail/CVE-2020-14342) -* ntp - - [CVE-2020-11868](https://nvd.nist.gov/vuln/detail/CVE-2020-11868) - - [CVE-2020-13817](https://nvd.nist.gov/vuln/detail/CVE-2020-13817) - - [CVE-2018-8956](https://nvd.nist.gov/vuln/detail/CVE-2018-8956) - - [CVE-2020-15025](https://nvd.nist.gov/vuln/detail/CVE-2020-15025) -* bzip2 - - [CVE-2019-12900](https://nvd.nist.gov/vuln/detail/CVE-2019-12900) -* c-ares - - [CVE-2017-1000381](https://nvd.nist.gov/vuln/detail/CVE-2017-1000381) -* file - - [CVE-2019-18218](https://nvd.nist.gov/vuln/detail/CVE-2019-18218) -* json-c - - [CVE-2020-12762](https://nvd.nist.gov/vuln/detail/CVE-2020-12762) -* jq - - [CVE-2015-8863](https://nvd.nist.gov/vuln/detail/CVE-2015-8863) - - [CVE-2016-4074](https://nvd.nist.gov/vuln/detail/CVE-2016-4074) -* libuv - - [CVE-2020-8252](https://nvd.nist.gov/vuln/detail/CVE-2020-8252) -* libxml2 - - [CVE-2019-20388](https://nvd.nist.gov/vuln/detail/CVE-2019-20388) - - [CVE-2020-7595](https://nvd.nist.gov/vuln/detail/CVE-2020-7595) -* re2c - - [CVE-2020-11958](https://nvd.nist.gov/vuln/detail/CVE-2020-11958) -* tar - - [CVE-2019-9923](https://nvd.nist.gov/vuln/detail/CVE-2019-9923) -* sqlite - - [CVE-2020-11656](https://nvd.nist.gov/vuln/detail/CVE-2020-11656) - - [CVE-2020-9327](https://nvd.nist.gov/vuln/detail/CVE-2020-9327) - - [CVE-2020-11655](https://nvd.nist.gov/vuln/detail/CVE-2020-11655) - - [CVE-2020-13630](https://nvd.nist.gov/vuln/detail/CVE-2020-13630) - - [CVE-2020-13435](https://nvd.nist.gov/vuln/detail/CVE-2020-13435) - - [CVE-2020-13434](https://nvd.nist.gov/vuln/detail/CVE-2020-13434) - - [CVE-2020-13631](https://nvd.nist.gov/vuln/detail/CVE-2020-13631) - - [CVE-2020-13632](https://nvd.nist.gov/vuln/detail/CVE-2020-13632) - - [CVE-2020-15358](https://nvd.nist.gov/vuln/detail/CVE-2020-15358) -* tcpdump and pcap - - [CVE-2018-10103](https://nvd.nist.gov/vuln/detail/CVE-2018-10103) - - [CVE-2018-10105](https://nvd.nist.gov/vuln/detail/CVE-2018-10105) - - [CVE-2019-15163](https://nvd.nist.gov/vuln/detail/CVE-2019-15163) - - [CVE-2018-14461](https://nvd.nist.gov/vuln/detail/CVE-2018-14461) - - [CVE-2018-14462](https://nvd.nist.gov/vuln/detail/CVE-2018-14462) - - [CVE-2018-14463](https://nvd.nist.gov/vuln/detail/CVE-2018-14463) - - [CVE-2018-14464](https://nvd.nist.gov/vuln/detail/CVE-2018-14464) - - [CVE-2018-14465](https://nvd.nist.gov/vuln/detail/CVE-2018-14465) - - [CVE-2018-14466](https://nvd.nist.gov/vuln/detail/CVE-2018-14466) - - [CVE-2018-14467](https://nvd.nist.gov/vuln/detail/CVE-2018-14467) - - [CVE-2018-14468](https://nvd.nist.gov/vuln/detail/CVE-2018-14468) - - [CVE-2018-14469](https://nvd.nist.gov/vuln/detail/CVE-2018-14469) - - [CVE-2018-14470](https://nvd.nist.gov/vuln/detail/CVE-2018-14470) - - [CVE-2018-14880](https://nvd.nist.gov/vuln/detail/CVE-2018-14880) - - [CVE-2018-14881](https://nvd.nist.gov/vuln/detail/CVE-2018-14881) - - [CVE-2018-14882](https://nvd.nist.gov/vuln/detail/CVE-2018-14882) - - [CVE-2018-16227](https://nvd.nist.gov/vuln/detail/CVE-2018-16227) - - [CVE-2018-16228](https://nvd.nist.gov/vuln/detail/CVE-2018-16228) - - [CVE-2018-16229](https://nvd.nist.gov/vuln/detail/CVE-2018-16229) - - [CVE-2018-16230](https://nvd.nist.gov/vuln/detail/CVE-2018-16230) - - [CVE-2018-16300](https://nvd.nist.gov/vuln/detail/CVE-2018-16300) - - [CVE-2018-16451](https://nvd.nist.gov/vuln/detail/CVE-2018-16451) - - [CVE-2018-16452](https://nvd.nist.gov/vuln/detail/CVE-2018-16452) - - [CVE-2019-15166](https://nvd.nist.gov/vuln/detail/CVE-2019-15166) - - [CVE-2018-14879](https://nvd.nist.gov/vuln/detail/CVE-2018-14879) - - [CVE-2017-16808](https://nvd.nist.gov/vuln/detail/CVE-2017-16808) - - [CVE-2018-19519](https://nvd.nist.gov/vuln/detail/CVE-2018-19519) - - [CVE-2019-15161](https://nvd.nist.gov/vuln/detail/CVE-2019-15161) - - [CVE-2019-15165](https://nvd.nist.gov/vuln/detail/CVE-2019-15165) - - [CVE-2019-15164](https://nvd.nist.gov/vuln/detail/CVE-2019-15164) - - [CVE-2019-1010220](https://nvd.nist.gov/vuln/detail/CVE-2019-1010220) -* libbsd - - [CVE-2019-20367](https://nvd.nist.gov/vuln/detail/CVE-2019-20367) -* rsync and zlib - - [CVE-2016-9840](https://nvd.nist.gov/vuln/detail/CVE-2016-9840) - - [CVE-2016-9841](https://nvd.nist.gov/vuln/detail/CVE-2016-9841) - - [CVE-2016-9842](https://nvd.nist.gov/vuln/detail/CVE-2016-9842) - - [CVE-2016-9843](https://nvd.nist.gov/vuln/detail/CVE-2016-9843) - - - -**Bug fixes** - - -* Enabled missing systemd services ([#191](https://github.com/flatcar-linux/Flatcar/issues/191), [PR #612](https://github.com/flatcar-linux/coreos-overlay/pull/612)) -* Fixed Docker torcx image unpacking error on machines with less than ~600 MB total RAM ([#32](https://github.com/flatcar-linux/Flatcar/issues/32)) -* Solved adcli Kerberos Active Directory incompatibility ([#194](https://github.com/flatcar-linux/Flatcar/issues/194)) -* Fixed the makefile path when building kernel modules with the developer container ([#195](https://github.com/flatcar-linux/Flatcar/issues/195)) -* Removed the /etc/portage/savedconfig/ folder that contained a dump of the firmware config [flatcar-linux/coreos-overlay#613](https://github.com/flatcar-linux/coreos-overlay/pull/613) -* Ensured that the /etc/coreos to /etc/flatcar symlink always exists, relevant for the Container Linux Config transpiler (ct) when specifying directives for update: or locksmith: while also reformatting the rootfs ([baselayout PR#7](https://github.com/flatcar-linux/baselayout/pull/7)) -* network: Restore KeepConfiguration=dhcp-on-stop ([kinvolk/init#30](https://github.com/kinvolk/init/pull/30)) -* Added systemd-tmpfiles directives for /opt and /opt/bin to ensure that the folders have correct permissions even when /opt/ was once created by containerd ([Flatcar#279](https://github.com/kinvolk/Flatcar/issues/279)) -* Make the automatic filesystem resizing more robust against a race and add more logging ([kinvolk/init#31](https://github.com/kinvolk/init/pull/31)) -* Allow inactive network interfaces to be bound to a bonding interface, by encoding additional configuration for systemd-networkd-wait-online ([afterburn PR #10](https://github.com/flatcar-linux/afterburn/pull/10)) -* Do not configure ccache in Jenkins ([scripts PR #100](https://github.com/flatcar-linux/scripts/pull/100)) -* Azure: Exclude bonded SR-IOV network interfaces with newer drivers from networkd (in addition to the old drivers) to prevent them being configured instead of just the bond interface ([init PR#29](https://github.com/flatcar-linux/init/pull/29), [bootengine PR#19](https://github.com/flatcar-linux/bootengine/pull/19)) -* The sysctl net.ipv4.conf.*.rp_filter is set to 0 for the Cilium CNI plugin to work ([Flatcar#181](https://github.com/kinvolk/Flatcar/issues/181)) -* Package downloads in the developer container now use the correct URL again ([Flatcar#298](https://github.com/kinvolk/Flatcar/issues/298)) -* networkd: avoid managing MAC addresses for veth devices ([kinvolk/init#33](https://github.com/kinvolk/init/pull/33)) -* `/etc/iscsi/initiatorname.iscsi` is generated by the iscsi-init service ([#321](https://github.com/kinvolk/Flatcar/issues/321)) -* Prevent iscsiadm buffer overflow ([#318](https://github.com/kinvolk/Flatcar/issues/318)) - -**Changes** - -* GCE: Improved oslogin support and added shell aliases to run a Python Docker image ([PR #592](https://github.com/flatcar-linux/coreos-overlay/pull/592)) -* Update-engine now detects rollbacks and reports them as errors to the update server ([PR#6](https://github.com/flatcar-linux/update_engine/pull/6)) -* The zstd tools were added (version 1.4.4) -* The kernel config CONFIG_PSI was set to support [Pressure Stall Information](https://www.kernel.org/doc/html/latest/accounting/psi.html), more information also under https://facebookmicrosites.github.io/psi/docs/overview ([Flatcar#162](https://github.com/flatcar-linux/Flatcar/issues/162)) -* The kernel config CONFIG_BPF_JIT_ALWAYS_ON was set to use the BPF just-in-time compiler by default for faster execution -* The kernel config CONFIG_POWER_SUPPLY was set -* The kernel configs CONFIG_OVERLAY_FS_METACOPY and CONFIG_OVERLAY_FS_REDIRECT_DIR were set. With the first overlayfs will only copy up metadata when a metadata-specific operation like chown/chmod is performed. The full file will be copied up later when the file is opened for write operations. With the second, which is equivalent to setting “redirect_dir=on” in the kernel command-line, overlayfs will copy up the directory first before the actual content ([Flatcar#170](https://github.com/kinvolk/Flatcar/issues/170)). -* Remove unnecessary kernel module nf-conntrack-ipv4 ([overlay PR#649](https://github.com/flatcar-linux/coreos-overlay/pull/649)) -* Compress kernel modules with xz ([overlay PR#628](https://github.com/flatcar-linux/coreos-overlay/pull/628)) -* Add containerd-runc-shim-v* binaries required by kubelet custom CRI endpoints ([overlay PR#623](https://github.com/flatcar-linux/coreos-overlay/pull/623)) -* Equinix Metal (Packet): Exclude unused network interfaces from networkd, disregard the state of the bonded interfaces for the network-online.target and only require the bond interface itself to have at least one active link instead of routable which requires both links to be active ([afterburn PR#10](https://github.com/flatcar-linux/afterburn/pull/10)) -* QEMU: Use flatcar.autologin kernel command line parameter for auto login on the console ([Flatcar #71](https://github.com/flatcar-linux/Flatcar/issues/71)) -* The sysctl default config file is now applied under the prefix 60 which allows for custom sysctl config files to take effect when they start with a prefix of 70, 80, or 90 ([baselayout#13](https://github.com/kinvolk/baselayout/pull/13)) -* Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker ([Flatcar#283](https://github.com/kinvolk/Flatcar/issues/283)) -* For users with a custom update server a machine alias setting in update-engine allows to give human-friendly names to client instances ([update-engine#8](https://github.com/kinvolk/update_engine/pull/8)) -* Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam ([Issue #315](https://github.com/kinvolk/Flatcar/issues/315) [PR #774](https://github.com/kinvolk/coreos-overlay/pull/774)) -* The containerd socket is now available in the default location (`/run/containerd/containerd.sock`) and also as a symlink in the previous location (`/run/docker/libcontainerd/docker-containerd.sock`) ([#771](https://github.com/kinvolk/coreos-overlay/pull/771)) -* With the iscsi update, the service unit has changed from iscsid to iscsi ([#791](https://github.com/kinvolk/coreos-overlay/pull/791)) -* AWS Pro: include scripts to facilitate setup of EKS workers ([#794](https://github.com/kinvolk/coreos-overlay/pull/794)). -* Missed from earlier notes: with the previous open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi ([#682](https://github.com/kinvolk/coreos-overlay/pull/682)) - -**Updates** - -* linux ([5.4.92](https://lwn.net/Articles/843687/)) -* linux firmware ([20200918](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20200918v)) -* systemd ([246.6](https://github.com/systemd/systemd-stable/releases/tag/v246.6)) -* open-iscsi ([2.1.3](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.3)) -* go ([1.15.7](https://go.googlesource.com/go/+/refs/tags/go1.15.7)) -* sudo ([1.9.5p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2)) -* adcli ([0.9.0](https://cgit.freedesktop.org/realmd/adcli/tree/NEWS?h=0.9.0)) -* GCE: oslogin ([20200910.00](https://github.com/GoogleCloudPlatform/guest-oslogin/releases/tag/20200910.00)) -* glibc ([2.32](https://lwn.net/Articles/828210/)) -* Docker ([19.03.14](https://github.com/docker/docker-ce/releases/tag/v19.03.14)) -* containerd ([1.4.3](https://github.com/containerd/containerd/releases/tag/v1.4.3)) -* tini ([0.18](https://github.com/krallin/tini/releases/tag/v0.18.0)) -* libseccomp ([2.5.0](https://github.com/seccomp/libseccomp/releases/tag/v2.5.0)) -* audit ([2.8.5](https://github.com/linux-audit/audit-userspace/releases/tag/v2.8.5)) -* bzip2 ([1.0.8](https://sourceware.org/git/?p=bzip2.git;a=blob;f=CHANGES;h=30afead2586b6d64f50988a41d394a0131b38949;hb=HEAD#l342)) -* c-ares ([1.61.1](https://github.com/c-ares/c-ares/releases/tag/cares-1_16_1)) -* cryptsetup ([2.3.2](https://gitlab.com/cryptsetup/cryptsetup/-/tags/v2.3.2)) -* cifs-utils (6.11) -* dbus-glib (0.110) -* dracut ([050](https://github.com/dracutdevs/dracut/releases/tag/050)) -* elfutils (0.178) -* glib (2.64.5) -* json-c ([0.15](https://github.com/json-c/json-c/releases/tag/json-c-0.15-20200726)) -* jq ([1.6](https://github.com/stedolan/jq/releases/tag/jq-1.6)) -* libuv ([1.39.0](https://github.com/libuv/libuv/releases/tag/v1.39.0)) -* libxml2 ([2.9.10](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.10)) -* ntp (4.2.8_p15) -* samba (4.11.13) -* shadow (4.8) -* sssd (2.3.1) -* strace (5.9) -* talloc (2.3.1) -* tar ([1.32](https://git.savannah.gnu.org/cgit/tar.git/tag/?h=release_1_32)) -* tdb (1.4.3) -* tevent (0.10.2) -* SDK/developer container: GCC (9.3.0), binutils (2.35), gdb (9.2) -* Rust ([1.46.0](https://blog.rust-lang.org/2020/08/27/Rust-1.46.0.html)) (only in SDK) -* file ([5.39](https://github.com/file/file/tree/FILE5_39)) (only in SDK) -* gdbus-codegen ([2.64.5](https://gitlab.gnome.org/GNOME/glib/-/tags/2.64.5)) (only in SDK) -* meson ([0.55.3](https://github.com/mesonbuild/meson/releases/tag/0.55.3)) (only in SDK) -* re2c ([2.0.3](https://re2c.org/releases/release_notes.html#release-2-0-3)) (only in SDK) -* VMware: open-vm-tools (11.2.0) - - -### etcd [3.4.14](https://github.com/etcd-io/etcd/releases/tag/v3.4.14) - -See [code changes](https://github.com/etcd-io/etcd/compare/v3.4.13...v3.4.14) and [v3.4 upgrade guide](https://etcd.io/docs/latest/upgrades/upgrade_3_4/) for any breaking changes. -#### Package `clientv3` -- Fix [auth token invalid after watch reconnects](https://github.com/etcd-io/etcd/pull/12264). Get AuthToken automatically when clientConn is ready. -#### etcd server -- [Fix server panic](https://github.com/etcd-io/etcd/pull/12288) when force-new-cluster flag is enabled in a cluster which had learner node. -#### Package `netutil` -- Remove [`netutil.DropPort/RecoverPort/SetLatency/RemoveLatency`](https://github.com/etcd-io/etcd/pull/12491). - - These are not used anymore. They were only used for older versions of functional testing. - - Removed to adhere to best security practices, minimize arbitrary shell invocation. -#### `tools/etcd-dump-metrics` -- Implement [input validation to prevent arbitrary shell invocation](https://github.com/etcd-io/etcd/pull/12491). -#### Go -- Compile with [*Go 1.12.17*](https://golang.org/doc/devel/release.html#go1.12). - - - -### kubernetes [1.18.17](https://github.com/kubernetes/kubernetes/releases/tag/v1.18.17) - -### Feature - -- Add a new flag to set priority for the kubelet on Windows nodes so that workloads cannot overwhelm the node there by disrupting kubelet process. ([#96158](https://github.com/kubernetes/kubernetes/pull/96158), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Node] - - -#### Failing Test -- Fix handing special characters in the volume path on Windows ([#99138](https://github.com/kubernetes/kubernetes/pull/99138), [@yujuhong](https://github.com/yujuhong)) [SIG Storage] - -#### Bug or Regression -- Count pod overhead against an entity's ResourceQuota ([#99600](https://github.com/kubernetes/kubernetes/pull/99600), [@gjkim42](https://github.com/gjkim42)) [SIG API Machinery and Node] -- EndpointSlice controller is now less likely to emit FailedToUpdateEndpointSlices events. ([#100146](https://github.com/kubernetes/kubernetes/pull/100146), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- Fixing a bug where a failed node may not have the NoExecute taint set correctly ([#98943](https://github.com/kubernetes/kubernetes/pull/98943), [@CKchen0726](https://github.com/CKchen0726)) [SIG Apps and Node] -- Kubelet now cleans up orphaned volume directories automatically ([#95301](https://github.com/kubernetes/kubernetes/pull/95301), [@lorenz](https://github.com/lorenz)) [SIG Node and Storage] -- Resolves spurious `Failed to list *v1.Secret` or `Failed to list *v1.ConfigMap` messages in kubelet logs. ([#99538](https://github.com/kubernetes/kubernetes/pull/99538), [@liggitt](https://github.com/liggitt)) [SIG Auth and Node] -- We will no longer automatically delete all data when a failure is detected during creation of the volume data file on a CSI volume. Now we will only remove the data file and volume path. ([#96021](https://github.com/kubernetes/kubernetes/pull/96021), [@huffmanca](https://github.com/huffmanca)) [SIG Storage] -- Avoid marking node as Ready until node has synced with API servers at least once ([#99034](https://github.com/kubernetes/kubernetes/pull/99034), [@ehashman](https://github.com/ehashman)) [SIG Node] -- Cleanup subnet in frontend IP configs to prevent huge subnet request bodies in some scenarios. ([#98290](https://github.com/kubernetes/kubernetes/pull/98290), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix CSI-migrated inline EBS volumes failing to mount if their volumeID is prefixed by aws:// ([#96821](https://github.com/kubernetes/kubernetes/pull/96821), [@wongma7](https://github.com/wongma7)) [SIG Storage] -- Fix azure file migration issue ([#97877](https://github.com/kubernetes/kubernetes/pull/97877), [@andyzhangx](https://github.com/andyzhangx)) [SIG Auth, Cloud Provider and Storage] -- Fix to recover CSI volumes from certain dangling attachments ([#96617](https://github.com/kubernetes/kubernetes/pull/96617), [@yuga711](https://github.com/yuga711)) [SIG Apps and Storage] -- Fixed a bug where aggregator_unavailable_apiservice metrics were reported for deleted apiservices. ([#96421](https://github.com/kubernetes/kubernetes/pull/96421), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG API Machinery and Instrumentation] -- Fixed provisioning of Cinder volumes migrated to CSI when StorageClass with AllowedTopologies was used. ([#98311](https://github.com/kubernetes/kubernetes/pull/98311), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Fixes a panic in the disruption budget controller for PDB objects with invalid selectors ([#98777](https://github.com/kubernetes/kubernetes/pull/98777), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Apps] -- Kubeadm: get k8s CI version markers from k8s infra bucket ([#98836](https://github.com/kubernetes/kubernetes/pull/98836), [@hasheddan](https://github.com/hasheddan)) [SIG Cluster Lifecycle and Release] -- Kubelet should ignore cgroup driver check on Windows node. ([#98384](https://github.com/kubernetes/kubernetes/pull/98384), [@pacoxu](https://github.com/pacoxu)) [SIG Node] -- TerminationGracePeriodSeconds from pod spec is respected for the mirror pod - Static pods will be deleted gracefully ([#99035](https://github.com/kubernetes/kubernetes/pull/99035), [@ehashman](https://github.com/ehashman)) [SIG Node and Testing] -- Truncates a message if it hits the NoteLengthLimit when the scheduler records an event for the pod that indicates the pod has failed to schedule. ([#98715](https://github.com/kubernetes/kubernetes/pull/98715), [@carlory](https://github.com/carlory)) [SIG Scheduling] -- Warning about using a deprecated volume plugin is logged only once. ([#96751](https://github.com/kubernetes/kubernetes/pull/96751), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Fix Azure file share not deleted issue when the namespace is deleted ([#97417](https://github.com/kubernetes/kubernetes/pull/97417), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fix counting error in service/nodeport/loadbalancer quota check ([#97829](https://github.com/kubernetes/kubernetes/pull/97829), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery and Network] -- Fix: azure file latency issue for metadata-heavy workloads ([#97082](https://github.com/kubernetes/kubernetes/pull/97082), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fixed bug in CPUManager with race on container map access ([#97427](https://github.com/kubernetes/kubernetes/pull/97427), [@klueska](https://github.com/klueska)) [SIG Node] -- GCE Internal LoadBalancer sync loop will now release the ILB IP address upon sync failure. An error in ILB forwarding rule creation will no longer leak IP addresses. ([#97740](https://github.com/kubernetes/kubernetes/pull/97740), [@prameshj](https://github.com/prameshj)) [SIG Cloud Provider and Network] -- Kubeadm: avoid detection of the container runtime for commands that do not need it ([#97849](https://github.com/kubernetes/kubernetes/pull/97849), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] -- Cordoned nodes are now deregistered from AWS target groups. ([#85920](https://github.com/kubernetes/kubernetes/pull/85920), [@hoelzro](https://github.com/hoelzro)) [SIG Cloud Provider] -- Fixed FibreChannel volume plugin corrupting filesystems on detach of multipath volumes. ([#97013](https://github.com/kubernetes/kubernetes/pull/97013), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Remove ready file and its directory (which is created during volume SetUp) during emptyDir volume TearDown. ([#95770](https://github.com/kubernetes/kubernetes/pull/95770), [@jingxu97](https://github.com/jingxu97)) [SIG Storage] -- Avoid GCE API calls when initializing GCE CloudProvider for Kubelets. - Avoid unnecessary GCE API calls when adding IP alises or reflecting them in Node object in GCE cloud provider. ([#96863](https://github.com/kubernetes/kubernetes/pull/96863), [@tosi3k](https://github.com/tosi3k)) [SIG Apps, Cloud Provider and Network] -- Bump node-problem-detector version to v0.8.5 to fix OOM detection in with Linux kernels 5.1+ ([#96716](https://github.com/kubernetes/kubernetes/pull/96716), [@tosi3k](https://github.com/tosi3k)) [SIG Cloud Provider, Scalability and Testing] -- Exposes and sets a default timeout for the SubjectAccessReview client for DelegatingAuthorizationOptions ([#96152](https://github.com/kubernetes/kubernetes/pull/96152), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery and Cloud Provider] -- Fix memory leak in kube-apiserver when underlying time goes forth and back. ([#96266](https://github.com/kubernetes/kubernetes/pull/96266), [@chenyw1990](https://github.com/chenyw1990)) [SIG API Machinery] -- Fix pull image error from multiple ACRs using azure managed identity ([#96355](https://github.com/kubernetes/kubernetes/pull/96355), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix: resize Azure disk issue when it's in attached state ([#96705](https://github.com/kubernetes/kubernetes/pull/96705), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fixed a bug that prevents kubectl to validate CRDs with schema using x-kubernetes-preserve-unknown-fields on object fields. - Fix kubectl SchemaError on CRDs with schema using x-kubernetes-preserve-unknown-fields on array types. ([#96563](https://github.com/kubernetes/kubernetes/pull/96563), [@gautierdelorme](https://github.com/gautierdelorme)) [SIG API Machinery and Testing] -- Fixed kubelet creating extra sandbox for pods with RestartPolicyOnFailure after all containers succeeded ([#92614](https://github.com/kubernetes/kubernetes/pull/92614), [@tnqn](https://github.com/tnqn)) [SIG Node and Testing] -- Metric names for CSI and flexvolume drivers will include the driver name as well as the CSI plugin name. ([#96474](https://github.com/kubernetes/kubernetes/pull/96474), [@mattcary](https://github.com/mattcary)) [SIG Instrumentation and Storage] -- New Azure instance types do now have correct max data disk count information. ([#94340](https://github.com/kubernetes/kubernetes/pull/94340), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Cloud Provider and Storage] - - -### Other (Cleanup or Flake) - -- Kubeadm: change the default image repository for CI images from 'gcr.io/kubernetes-ci-images' to 'gcr.io/k8s-staging-ci-images' ([#97087](https://github.com/kubernetes/kubernetes/pull/97087), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Client-go header logging (at verbosity levels >= 9) now masks `Authorization` header contents ([#95316](https://github.com/kubernetes/kubernetes/pull/95316), [@sfowl](https://github.com/sfowl)) [SIG API Machinery] - -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -_Nothing has changed._ -#### Removed -_Nothing has changed._ - - - -### cert-manager [2.4.3](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.4.3) - -#### Changed -- Set docker.io as the default registry -- Made CRD install Job backoffLimit configurable (and increased the default value). ([#129](https://github.com/giantswarm/cert-manager-app/pull/129)) -- Made backoffLimit for clusterissuer job configurable. ([#125](https://github.com/giantswarm/cert-manager-app/pull/125)) -- Updated clusterissuer subchart API groups to `cert-manager.io/v1`. ([#124](https://github.com/giantswarm/cert-manager-app/pull/124)) -- Update to upstream `v1.1.0`. ([#119](https://github.com/giantswarm/cert-manager-app/pull/119)) -### Added -- Enabled configuration of certificate Secret deletion when the parent Certificate is deleted. ([#127](https://github.com/giantswarm/cert-manager-app/pull/127)) - - - -### external-dns [2.2.2](https://github.com/giantswarm/external-dns-app/releases/tag/v2.2.2) - -#### Changed -- Set docker.io as the default registry -- Rework the way the txt prefix is generated (whilst still defaulting for default apps). ([#60](https://github.com/giantswarm/external-dns-app/pull/60)) -- Rework how the annotation filter value is generated (whilst still defaulting for default app). ([#60](https://github.com/giantswarm/external-dns-app/pull/60)) -- Only template Secret if both required values are present in `values.yaml`. ([#53](https://github.com/giantswarm/external-dns-app/pull/53)) -- Reworked the App to prepare it for customer use. ([#49](https://github.com/giantswarm/external-dns-app/pull/49)) - - General: - - Pushes the app to the giantswarm app catalog. - - Uses Helm release namespace. - - Uses the release name for resource naming to avoid conflicts. - - Added a values schema to catch incorrect values. - - Generally makes the chart easier to use (fully documented values file). - - external-dns options: - - Allows customisation of the txt registry prefix. - - Allows configuration of synchronisation interval. - - Filter resources to reconcile via annotations. - - AWS-specifc: - - Allows the user to provide an IAM role to use. - - Allows the user to provide the list of domains for external-dns to manage. - - Allows configuration of batch size. - - Allows configuration of CNAME instead of ALIAS records. - - Allows configuration of the AWS zone type to update. -- Upgrade upstream external-dns from v0.7.4 to [v0.7.6](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.7.6). -### Fixed -- Adds additional options required for vmware installations. ([#74](https://github.com/giantswarm/external-dns-app/pull/74)) -- Ensure CNAMEs are always used when AWS access is external. ([#62](https://github.com/giantswarm/external-dns-app/pull/62)) -- Revert location of AWS API credentials in `values.yaml`. ([#57](https://github.com/giantswarm/external-dns-app/pull/57)) -### Added -- Add crd source if the provider is vmware. ([#72](https://github.com/giantswarm/external-dns-app/pull/72)) -- Allow the sync policy to be configured. ([#60](https://github.com/giantswarm/external-dns-app/pull/60)) -- Supports customisation of the txt-owner-id (whilst still defaulting for default apps). ([#60](https://github.com/giantswarm/external-dns-app/pull/60)) -- Supports dry-run mode and warns the user if enabled. ([#60](https://github.com/giantswarm/external-dns-app/pull/60)) - - - -### cert-exporter [1.6.1](https://github.com/giantswarm/cert-exporter/releases/tag/v1.6.1) - -#### Changed -- Set docker.io as the default registry -- Check ca.crt expiries in TLS secrets. ([#109](https://github.com/giantswarm/cert-exporter/pull/109)) -### Added -- Add exceptions in NetworkPolicies to allow DNS to work correctly through port 53. -- Add new metric (`cert_exporter_secret_not_after`) which tracks expiry of TLS certificates stored in Kubernetes secrets. ([#92](https://github.com/giantswarm/cert-exporter/pull/92)) - - - -### chart-operator [2.12.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.12.0) - -#### Changed -- Set docker.io as the default registry -- Pass RESTMapper to helmclient to reduce the number of REST API calls. -- Updated Helm to v3.5.3. -- Deploy `giantswarm-critical` PriorityClass when it's not found. -### Added -- Updating namespace metadata using namespaceConfig in `Chart` CRs. -- Pause Chart CR reconciliation when it has chart-operator.giantswarm.io/paused=true annotation. -- Use diff key when logging differences between the current and desired release. -- Add support for skip CRD flag when installing Helm releases. -- Added last reconciled timestamp as metrics. -- Print difference between current release and desired release. -- Add Vertical Pod Autoscaler support. -### Fixed -- Stop updating Helm release if it has failed the previous 5 attempts. -- Only create VPA if autoscaling API group is present. - - - -### kiam [1.7.1](https://github.com/giantswarm/kiam-app/releases/tag/v1.7.1) - -#### Changed -- Set docker.io as the default registry -#### Added -- Add taint tolerations for kiam agent and kiam server. - - - -### metrics-server [1.2.2](https://github.com/giantswarm/metrics-server-app/releases/tag/v1.2.2) - -#### Changed -- Set docker.io as the default registry -- Push app to control plane catalogs -- Updated metrics-server version to 0.4.1 - - - -### node-exporter [1.7.2](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.7.2) - -#### Changed -- Set docker.io as the default registry -- Use the domain registry from installation values if it is present. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v13.1.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v13.1.1.md deleted file mode 100644 index 0c6648548a..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v13.1.1.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v13.1.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v13.1.1 - version: 13.1.1 - version_tag: v13.1.1 -date: '2021-04-06T09:45:50' -description: Release notes for AWS workload cluster release v13.1.1, published on - 06 April 2021, 09:45. -title: Workload cluster release v13.1.1 for AWS ---- - -This release provides a bug fix for the external-dns-app. - -> **_Warning:_** The nginx app needs to be updated to `v1.14.0+` because a new version of `external-dns` is included in this release. - -## Change details - - -### external-dns [2.3.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.3.0) - -#### Changed -- Change default annotation filter to match the one we use for the nginx ingress controller. -#### Added -- Add sidecar container for `provider: aws` to periodically validate IAM credential acessibility ([#76](https://github.com/giantswarm/external-dns-app/pull/76)) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v13.2.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v13.2.0.md deleted file mode 100644 index b16590bf28..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v13.2.0.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v13.2.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v13.2.0 - version: 13.2.0 - version_tag: v13.2.0 -date: '2021-05-14T06:00:00' -description: Release notes for AWS workload cluster release v13.2.0, published on - 14 May 2021, 06:00. -title: Workload cluster release v13.2.0 for AWS ---- - -This release fixes an issue that can cause an IP conflict to occur in certain situations when a node pool is created. It also contains a newer version of Cert Manager to mitigate failed cert-manager-app installations due to Custom Resource Definition conversion issues. - -## Change details - - -### aws-operator [9.3.10](https://github.com/giantswarm/aws-operator/releases/tag/v9.3.10) - -- Fix IPAM conflicts when creating a node pool - - -### cert-manager [2.7.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.7.0) - -- Update to upstream `v1.3.1` ([#155](https://github.com/giantswarm/cert-manager-app/pull/155)). This mitigates failed cert-manager-app installations due to CRD conversion issues. -- cert-manager-app now requires kubernetes version >=1.16.0. ([#151](https://github.com/giantswarm/cert-manager-app/pull/151)) -- Switch rbac rules from `extensions` to `networking.k8s.io` for ingresses. ([#151](https://github.com/giantswarm/cert-manager-app/pull/151)) -- Allow strings and integers in values schema for resources requests and limits. ([#150](https://github.com/giantswarm/cert-manager-app/pull/150)) -- Rename clusterissuer subchart to match it's name in its Chart.yaml. ([#140](https://github.com/giantswarm/cert-manager-app/pull/140)) -- Make pods of deployments use read-only file systems. ([#140](https://github.com/giantswarm/cert-manager-app/pull/140)) -- Make pre-install/pre-upgrade hooks use server side apply. Possibly fixes upgrade timeouts. ([#140](https://github.com/giantswarm/cert-manager-app/pull/140)) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.0.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.0.0.md deleted file mode 100644 index 775b302da4..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.0.0.md +++ /dev/null @@ -1,196 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v14.0.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v14.0.0 - version: 14.0.0 - version_tag: v14.0.0 -date: '2021-02-09T13:00:00' -description: Release notes for AWS workload cluster release v14.0.0, published on - 09 February 2021, 13:00. -title: Workload cluster release v14.0.0 for AWS ---- - -This release provides support for Kubernetes 1.19 on AWS. - -Please note that with version `1.19` there a few breaking changes in the `Kubernetes` APIs. -Please refer to the [upstream documentation](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.19.md#urgent-upgrade-notes) -and feel free to get in touch with your solutions engineer for any concern you might have. - -> **_Warning:_** The nginx app needs to be updated to `v1.14.0+` because a new version of `external-dns` is included in this release. - -## Change details - - -### kubernetes [1.19.4](https://github.com/kubernetes/kubernetes/releases/tag/v1.19.4) - -#### Bug or Regression -- An issues preventing volume expand controller to annotate the PVC with `volume.kubernetes.io/storage-resizer` when the PVC StorageClass is already updated to the out-of-tree provisioner is now fixed. ([#94489](https://github.com/kubernetes/kubernetes/pull/94489), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG API Machinery, Apps and Storage] -- Cloud node controller: handle empty providerID from getProviderID ([#95452](https://github.com/kubernetes/kubernetes/pull/95452), [@nicolehanjing](https://github.com/nicolehanjing)) [SIG Cloud Provider] -- Disable watchcache for events ([#96052](https://github.com/kubernetes/kubernetes/pull/96052), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery] -- Disabled `LocalStorageCapacityIsolation` feature gate is honored during scheduling. ([#96140](https://github.com/kubernetes/kubernetes/pull/96140), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling] -- Fix a bug that Pods with topologySpreadConstraints get scheduled to nodes without required labels. ([#95880](https://github.com/kubernetes/kubernetes/pull/95880), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Scheduling] -- Fix azure disk attach failure for disk size bigger than 4TB ([#95463](https://github.com/kubernetes/kubernetes/pull/95463), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix azure disk data loss issue on Windows when unmount disk ([#95456](https://github.com/kubernetes/kubernetes/pull/95456), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fixed a bug causing incorrect formatting of `kubectl describe ingress`. ([#94985](https://github.com/kubernetes/kubernetes/pull/94985), [@howardjohn](https://github.com/howardjohn)) [SIG CLI and Network] -- Fixed a bug in client-go where new clients with customized `Dial`, `Proxy`, `GetCert` config may get stale HTTP transports. ([#95427](https://github.com/kubernetes/kubernetes/pull/95427), [@roycaihw](https://github.com/roycaihw)) [SIG API Machinery] -- Fixed a regression which prevented pods with `docker/default` seccomp annotations from being created in 1.19 if a PodSecurityPolicy was in place which did not allow `runtime/default` seccomp profiles. ([#95990](https://github.com/kubernetes/kubernetes/pull/95990), [@saschagrunert](https://github.com/saschagrunert)) [SIG Auth] -- Fixed kubelet creating extra sandbox for pods with RestartPolicyOnFailure after all containers succeeded ([#92614](https://github.com/kubernetes/kubernetes/pull/92614), [@tnqn](https://github.com/tnqn)) [SIG Node and Testing] -- Fixes high CPU usage in kubectl drain ([#95260](https://github.com/kubernetes/kubernetes/pull/95260), [@amandahla](https://github.com/amandahla)) [SIG CLI] -- If we set SelectPolicy MinPolicySelect on scaleUp behavior or scaleDown behavior,Horizontal Pod Autoscaler doesn't automatically scale the number of pods correctly ([#95647](https://github.com/kubernetes/kubernetes/pull/95647), [@JoshuaAndrew](https://github.com/JoshuaAndrew)) [SIG Apps and Autoscaling] -- Kube-proxy now trims extra spaces found in loadBalancerSourceRanges to match Service validation. ([#94107](https://github.com/kubernetes/kubernetes/pull/94107), [@robscott](https://github.com/robscott)) [SIG Network] -- Kubeadm: add missing "--experimental-patches" flag to "kubeadm init phase control-plane" ([#95786](https://github.com/kubernetes/kubernetes/pull/95786), [@Sh4d1](https://github.com/Sh4d1)) [SIG Cluster Lifecycle] - -### app-operator [3.1.0](https://github.com/giantswarm/app-operator/releases/tag/v3.1.0) - -#### Changed -- Enable mutating and validating webhooks in app-admission-controller for -tenant app CRs. - -#### Added -- Make resync period configurable for use in integration tests. -- Pause App CR reconciliation when it has -- `app-operator.giantswarm.io/paused=true` annotation. -- Print difference between the current chart and desired chart. - - -### aws-operator [10.2.0](https://github.com/giantswarm/aws-operator/releases/tag/v10.2.0) - -#### Added -- Allow incoming NFS traffic on node pools for Elastic File System. -- Add support for tagging AWS resources, managed by the operator, based on the custom resource labels. -- Add `cleanupiamroles` resource for detaching third party policies from our IAM roles. -- Update `k8scloudconfig` version to `v10.0.0` to include change for Kubernetes 1.19. -- Allow configuration of `MINIMUM_IP_TARGET` and `WARM_IP_TARGET` for AWS CNI via annotations on `AWSCluster` - -#### Changed -- Include Account ID in the s3bucket for access logs. It is a breaking change, that will put access logs to a new s3 bucket. -- Change AWS CNI and AWS CNI k8s plugin log verbosity to `INFO`. -- Change AWS CNI log file to `stdout`. -- Add retry logic for decrypt units to avoid flapping. -- Use values generated by `config-controller` to deploy `aws-operator` instead of catalog values. -- Use `giantswarm/config` versions matching `v1.x.x` major. -- Start updating `tcnp` CF stack only when `tccpn` CF stack is already updated. This ensure that master nodes are updated before worker nodes. - - -### etcd [3.4.14](https://github.com/etcd-io/etcd/releases/tag/v3.4.14) - -- Fix server panic when force-new-cluster flag is enabled in a cluster which had learner node. - -### aws-cni [1.7.8](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.7.8) - -* Improvement - [Replace DescribeNetworkInterfaces with paginated version](https://github.com/aws/amazon-vpc-cni-k8s/pull/1333) (#1333, @haouc) - - -### containerlinux [2605.12.0](https://www.flatcar-linux.org/releases/#release-2605.12.0) - -**Security fixes** -* Linux - - [CVE-2020-27815](https://www.openwall.com/lists/oss-security/2020/11/30/5) - - [CVE-2020-29568](https://nvd.nist.gov/vuln/detail/CVE-2020-29568) - - [CVE-2020-29569](https://nvd.nist.gov/vuln/detail/CVE-2020-29569) - - [CVE-2020-28374](https://nvd.nist.gov/vuln/detail/CVE-2020-28374) - - [CVE-2020-36158](https://nvd.nist.gov/vuln/detail/CVE-2020-36158) -* go - [CVE-2021-3114](https://github.com/golang/go/issues/43786) -* sudo - [CVE-2021-3156](https://nvd.nist.gov/vuln/detail/CVE-2021-3156), [CVE-2021-23239](https://nvd.nist.gov/vuln/detail/CVE-2021-23239) - -**Bug fixes** - -* `/etc/iscsi/initiatorname.iscsi` is generated by the iscsi-init service ([#321](https://github.com/kinvolk/Flatcar/issues/321)) -* Prevent iscsiadm buffer overflow ([#318](https://github.com/kinvolk/Flatcar/issues/318)) - -**Changes** - -* Revert to building docker and containerd with go1.13 instead of go1.15. This reduces the SIGURG log spam ([Issue #315](https://github.com/kinvolk/Flatcar/issues/315) [PR #774](https://github.com/kinvolk/coreos-overlay/pull/774)) -* The containerd socket is now available in the default location (`/run/containerd/containerd.sock`) and also as a symlink in the previous location (`/run/docker/libcontainerd/docker-containerd.sock`) ([#771](https://github.com/kinvolk/coreos-overlay/pull/771)) -* With the iscsi update, the service unit has changed from iscsid to iscsi ([#791](https://github.com/kinvolk/coreos-overlay/pull/791)) -* AWS Pro: include scripts to facilitate setup of EKS workers ([#794](https://github.com/kinvolk/coreos-overlay/pull/794)). -* Missed from earlier notes: with the previous open-iscsi update to 2.1.2, the service unit name changed from iscsid to iscsi ([#682](https://github.com/kinvolk/coreos-overlay/pull/682)) - -**Updates** - -* linux ([5.4.92](https://lwn.net/Articles/843687/)) -* open-iscsi ([2.1.3](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.3)) -* go ([1.15.7](https://go.googlesource.com/go/+/refs/tags/go1.15.7)) -* sudo ([1.9.5p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2)) - - -### chart-operator [2.6.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.6.0) - -#### Added -- Print difference between current release and desired release. - -#### Changed -- Updated Helm to v3.4.2. - - -### cluster-autoscaler [1.19.1](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.19.1) - -#### Changed -- Updated cluster-autoscaler to version `1.19.1`. - - -### cert-manager [2.4.1](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.4.1) - -#### Changed -- Made backoffLimit for clusterissuer job configurable. ([#125](https://github.com/giantswarm/cert-manager-app/pull/125)) -- Updated clusterissuer subchart API groups to `cert-manager.io/v1`. ([#124](https://github.com/giantswarm/cert-manager-app/pull/124)) - - -### cert-exporter [1.5.0](https://github.com/giantswarm/cert-exporter/releases/tag/v1.5.0) - -#### Changed -- Check ca.crt expiries in TLS secrets. ([#109](https://github.com/giantswarm/cert-exporter/pull/109)) - - -### chart-operator [2.7.1](https://github.com/giantswarm/chart-operator/releases/tag/v2.7.1) - -#### Fixed -- Only create VPA if autoscaling API group is present. - - -### kiam [1.7.0](https://github.com/giantswarm/kiam-app/releases/tag/v1.7.0) - -- Add taint tolerations for kiam agent and kiam server. - - -### metrics-server [1.2.1](https://github.com/giantswarm/metrics-server-app/releases/tag/v1.2.1) - -- Push app to control plane catalogs - - -### node-exporter [1.7.1](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.7.1) - -#### Changed -- Use the domain registry from installation values if it is present. - - -### external-dns [2.1.1](https://github.com/giantswarm/external-dns-app/releases/tag/v2.1.1) - -#### Added -- Allow the sync policy to be configured. -- Supports customisation of the txt-owner-id (whilst still defaulting for default apps). -- Supports dry-run mode and warns the user if enabled. - -#### Changed -- Reworked the App to prepare it for customer use. ([#49](https://github.com/giantswarm/external-dns-app/pull/49)) - - General: - - Pushes the app to the giantswarm app catalog. - - Uses Helm release namespace. - - Uses the release name for resource naming to avoid conflicts. - - Added a values schema to catch incorrect values. - - Generally makes the chart easier to use (fully documented values file). - - external-dns options: - - Allows customisation of the txt registry prefix. - - Allows configuration of synchronisation interval. - - Filter resources to reconcile via annotations. - - AWS-specifc: - - Allows the user to provide an IAM role to use. - - Allows the user to provide the list of domains for external-dns to manage. - - Allows configuration of batch size. - - Allows configuration of CNAME instead of ALIAS records. - - Allows configuration of the AWS zone type to update. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.1.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.1.0.md deleted file mode 100644 index 66f6109946..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.1.0.md +++ /dev/null @@ -1,233 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v14.1.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v14.1.0 - version: 14.1.0 - version_tag: v14.1.0 -date: '2021-03-30T07:22:09' -description: Release notes for AWS workload cluster release v14.1.0, published on - 30 March 2021, 07:22. -title: Workload cluster release v14.1.0 for AWS ---- - -This release provides security and bug fixes for various components. - -> **_Warning:_** The nginx app needs to be updated to `v1.14.0+` because a new version of `external-dns` is included in this release. - -## Change details - - -### cluster-operator [3.6.0](https://github.com/giantswarm/cluster-operator/releases/tag/v3.6.0) - -#### Fixed -- Fix cluster status computation to correctly display rollbacks, version changes and multiple updates. -#### Added -- Add unit tests for cluster status computation -- Check existence of chart tarball for `release` CR `apps` in catalog. -- Add vertical pod autoscaler support. -- Add `appversionlabel` resource to update version labels for optional app CRs. - - - -### app-operator [3.2.1](https://github.com/giantswarm/app-operator/releases/tag/v3.2.1) - -#### Added -- Include `apiVersion`, `restrictions.compatibleProviders` in appcatalogentry CRs. -#### Changed -- Limit the number of AppCatalogEntry per app. -- Delete legacy finalizers on app CRs. -- Reconciling appCatalog CRs only if pod is unique. -#### Fixed -- Updating status as cordoned if app CR has cordoned annotation. - - -### kubernetes [1.19.9](https://github.com/kubernetes/kubernetes/releases/tag/v1.19.9) - -### API Change -- Kubernetes is now built using go1.15.8 ([#99093](https://github.com/kubernetes/kubernetes/pull/99093), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -### Feature -- Add a new flag to set priority for the kubelet on Windows nodes so that workloads cannot overwhelm the node there by disrupting kubelet process. ([#96157](https://github.com/kubernetes/kubernetes/pull/96157), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Node and Windows] -#### Failing Test -- Fix handing special characters in the volume path on Windows ([#99137](https://github.com/kubernetes/kubernetes/pull/99137), [@yujuhong](https://github.com/yujuhong)) [SIG Storage] -- Resolves an issue running Ingress conformance tests on clusters which use finalizers on Ingress objects to manage releasing load balancer resources ([#96742](https://github.com/kubernetes/kubernetes/pull/96742), [@spencerhance](https://github.com/spencerhance)) [SIG Network and Testing] -#### Bug or Regression -- Count pod overhead against an entity's ResourceQuota ([#99600](https://github.com/kubernetes/kubernetes/pull/99600), [@gjkim42](https://github.com/gjkim42)) [SIG API Machinery and Node] -- EndpointSlice controller is now less likely to emit FailedToUpdateEndpointSlices events. ([#100114](https://github.com/kubernetes/kubernetes/pull/100114), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- EndpointSliceMirroring controller is now less likely to emit FailedToUpdateEndpointSlices events. ([#100144](https://github.com/kubernetes/kubernetes/pull/100144), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- Fixed bug that caused cAdvisor to incorrectly detect single-socket multi-NUMA topology. ([#99209](https://github.com/kubernetes/kubernetes/pull/99209), [@iwankgb](https://github.com/iwankgb)) [SIG Node] -- Fixes kubelet to retrieve number of sockets from cAdvisor MachineInfo, instead of assuming it to be equal to number of NUMA nodes. ([#99771](https://github.com/kubernetes/kubernetes/pull/99771), [@iwankgb](https://github.com/iwankgb)) [SIG Node] -- Fixing a bug where a failed node may not have the NoExecute taint set correctly ([#98140](https://github.com/kubernetes/kubernetes/pull/98140), [@CKchen0726](https://github.com/CKchen0726)) [SIG Apps and Node] -- Kubelet now cleans up orphaned volume directories automatically ([#95301](https://github.com/kubernetes/kubernetes/pull/95301), [@lorenz](https://github.com/lorenz)) [SIG Node and Storage] -- Resolves spurious `Failed to list *v1.Secret` or `Failed to list *v1.ConfigMap` messages in kubelet logs. ([#99538](https://github.com/kubernetes/kubernetes/pull/99538), [@liggitt](https://github.com/liggitt)) [SIG Auth and Node] -- Using NUMA nodes instead of sockets for CPU manager hints. ([#99276](https://github.com/kubernetes/kubernetes/pull/99276), [@iwankgb](https://github.com/iwankgb)) [SIG Node] -- We will no longer automatically delete all data when a failure is detected during creation of the volume data file on a CSI volume. Now we will only remove the data file and volume path. ([#96021](https://github.com/kubernetes/kubernetes/pull/96021), [@huffmanca](https://github.com/huffmanca)) [SIG Storage] -- Aggregate errors when putting vmss ([#98350](https://github.com/kubernetes/kubernetes/pull/98350), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Avoid marking node as Ready until node has synced with API servers at least once ([#97996](https://github.com/kubernetes/kubernetes/pull/97996), [@ehashman](https://github.com/ehashman)) [SIG Node] -- Cleanup subnet in frontend IP configs to prevent huge subnet request bodies in some scenarios. ([#98288](https://github.com/kubernetes/kubernetes/pull/98288), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix CSI-migrated inline EBS volumes failing to mount if their volumeID is prefixed by aws:// ([#96821](https://github.com/kubernetes/kubernetes/pull/96821), [@wongma7](https://github.com/wongma7)) [SIG Storage] -- Fix azure file migration issue ([#97877](https://github.com/kubernetes/kubernetes/pull/97877), [@andyzhangx](https://github.com/andyzhangx)) [SIG Auth, Cloud Provider and Storage] -- Fix the description of command line flags that can override --config ([#98873](https://github.com/kubernetes/kubernetes/pull/98873), [@changshuchao](https://github.com/changshuchao)) [SIG Scheduling] -- Fix to recover CSI volumes from certain dangling attachments ([#96617](https://github.com/kubernetes/kubernetes/pull/96617), [@yuga711](https://github.com/yuga711)) [SIG Apps and Storage] -- Fixed a bug that the kubelet cannot start on BtrfS. ([#98015](https://github.com/kubernetes/kubernetes/pull/98015), [@gjkim42](https://github.com/gjkim42)) [SIG Node] -- Fixed a bug where aggregator_unavailable_apiservice metrics were reported for deleted apiservices. ([#96421](https://github.com/kubernetes/kubernetes/pull/96421), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG API Machinery and Instrumentation] -- Fixed provisioning of Cinder volumes migrated to CSI when StorageClass with AllowedTopologies was used. ([#98311](https://github.com/kubernetes/kubernetes/pull/98311), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Fixes a panic in the disruption budget controller for PDB objects with invalid selectors ([#98776](https://github.com/kubernetes/kubernetes/pull/98776), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Apps] -- Kubeadm: get k8s CI version markers from k8s infra bucket ([#98836](https://github.com/kubernetes/kubernetes/pull/98836), [@hasheddan](https://github.com/hasheddan)) [SIG Cluster Lifecycle and Release] -- Kubelet should ignore cgroup driver check on Windows node. ([#98385](https://github.com/kubernetes/kubernetes/pull/98385), [@pacoxu](https://github.com/pacoxu)) [SIG Node] -- Performance regression [#97685](https://github.com/kubernetes/kubernetes/pull/97685) has been fixed ([#98432](https://github.com/kubernetes/kubernetes/pull/98432), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] -- Static pods will be deleted gracefully. ([#98103](https://github.com/kubernetes/kubernetes/pull/98103), [@gjkim42](https://github.com/gjkim42)) [SIG Node] -- Truncates a message if it hits the NoteLengthLimit when the scheduler records an event for the pod that indicates the pod has failed to schedule. ([#98715](https://github.com/kubernetes/kubernetes/pull/98715), [@carlory](https://github.com/carlory)) [SIG Scheduling] -- Warning about using a deprecated volume plugin is logged only once. ([#96751](https://github.com/kubernetes/kubernetes/pull/96751), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- AcceleratorStats will be available in the Summary API of kubelet when cri_stats_provider is used. ([#97017](https://github.com/kubernetes/kubernetes/pull/97017), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG Node] -- Exposes and sets a default timeout for the SubjectAccessReview client for DelegatingAuthorizationOptions ([#95910](https://github.com/kubernetes/kubernetes/pull/95910), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery and Cloud Provider] -- Fix the panic when kubelet registers if a node object already exists with no Status.Capacity or Status.Allocatable ([#96297](https://github.com/kubernetes/kubernetes/pull/96297), [@SataQiu](https://github.com/SataQiu)) [SIG Node] -- Fixed FibreChannel volume plugin corrupting filesystems on detach of multipath volumes. ([#97013](https://github.com/kubernetes/kubernetes/pull/97013), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Fixed a bug in kubelet that will saturate CPU utilization after containerd got restarted. ([#97176](https://github.com/kubernetes/kubernetes/pull/97176), [@hanlins](https://github.com/hanlins)) [SIG Node] -- Remove ready file and its directory (which is created during volume SetUp) during emptyDir volume TearDown. ([#95770](https://github.com/kubernetes/kubernetes/pull/95770), [@jingxu97](https://github.com/jingxu97)) [SIG Storage] -- Volumebinding: report UnschedulableAndUnresolvable status instead of an error when PVC not found ([#96850](https://github.com/kubernetes/kubernetes/pull/96850), [@cofyc](https://github.com/cofyc)) [SIG Scheduling and Storage] -- Bump node-problem-detector version to v0.8.5 to fix OOM detection in with Linux kernels 5.1+ ([#96716](https://github.com/kubernetes/kubernetes/pull/96716), [@tosi3k](https://github.com/tosi3k)) [SIG Cloud Provider, Scalability and Testing] -- Exposes and sets a default timeout for the SubjectAccessReview client for DelegatingAuthorizationOptions ([#95910](https://github.com/kubernetes/kubernetes/pull/95910), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery and Cloud Provider] -- Fix a bug that DefaultPreemption plugin is disabled when using (legacy) scheduler policy. ([#96472](https://github.com/kubernetes/kubernetes/pull/96472), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling and Testing] -- Fix bug in JSON path parser where an error occurs when a range is empty ([#95933](https://github.com/kubernetes/kubernetes/pull/95933), [@brianpursley](https://github.com/brianpursley)) [SIG API Machinery] -- Fix memory leak in kube-apiserver when underlying time goes forth and back. ([#96266](https://github.com/kubernetes/kubernetes/pull/96266), [@chenyw1990](https://github.com/chenyw1990)) [SIG API Machinery] -- Fix pull image error from multiple ACRs using azure managed identity ([#96355](https://github.com/kubernetes/kubernetes/pull/96355), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix: resize Azure disk issue when it's in attached state ([#96705](https://github.com/kubernetes/kubernetes/pull/96705), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fixed a bug that prevents kubectl to validate CRDs with schema using x-kubernetes-preserve-unknown-fields on object fields. - Fix kubectl SchemaError on CRDs with schema using x-kubernetes-preserve-unknown-fields on array types. ([#96562](https://github.com/kubernetes/kubernetes/pull/96562), [@gautierdelorme](https://github.com/gautierdelorme)) [SIG API Machinery and Testing] -- Fixes an issue with the max-in-flight API server filter where the filter could take a long time to process an incoming request if it had been a long time since the last request. ([#96282](https://github.com/kubernetes/kubernetes/pull/96282), [@staebler](https://github.com/staebler)) [SIG API Machinery] -- HTTP/2 connection health check is enabled by default in all Kubernetes clients. The feature should work out-of-the-box. If needed, users can tune the feature via the HTTP2_READ_IDLE_TIMEOUT_SECONDS and HTTP2_PING_TIMEOUT_SECONDS environment variables. The feature is disabled if HTTP2_READ_IDLE_TIMEOUT_SECONDS is set to 0. ([#96778](https://github.com/kubernetes/kubernetes/pull/96778), [@caesarxuchao](https://github.com/caesarxuchao)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Node] -- Kubeadm: Fixes a kubeadm upgrade bug that could cause a custom CoreDNS configuration to be replaced with the default. ([#97016](https://github.com/kubernetes/kubernetes/pull/97016), [@rajansandeep](https://github.com/rajansandeep)) [SIG Cluster Lifecycle] -- Kubeadm: fix coredns migration should be triggered when there are newdefault configs during kubeadm upgrade ([#96970](https://github.com/kubernetes/kubernetes/pull/96970), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] -- Metric names for CSI and flexvolume drivers will include the driver name as well as the CSI plugin name. ([#96477](https://github.com/kubernetes/kubernetes/pull/96477), [@mattcary](https://github.com/mattcary)) [SIG Instrumentation and Storage] -- New Azure instance types do now have correct max data disk count information. ([#94340](https://github.com/kubernetes/kubernetes/pull/94340), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Cloud Provider and Storage] -- Resolves a regression in 1.19+ with workloads targeting deprecated beta os/arch labels getting stuck in NodeAffinity status on node startup. ([#96810](https://github.com/kubernetes/kubernetes/pull/96810), [@liggitt](https://github.com/liggitt)) [SIG Node] -- Volume binding: report UnschedulableAndUnresolvable status instead of an error when bound PVs not found ([#96291](https://github.com/kubernetes/kubernetes/pull/96291), [@cofyc](https://github.com/cofyc)) [SIG Apps, Scheduling and Storage] - -### Other (Cleanup or Flake) -- Kubeadm: change the default image repository for CI images from 'gcr.io/kubernetes-ci-images' to 'gcr.io/k8s-staging-ci-images' ([#97087](https://github.com/kubernetes/kubernetes/pull/97087), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Resolves flakes in the Ingress conformance tests due to conflicts with controllers updating the Ingress object ([#98430](https://github.com/kubernetes/kubernetes/pull/98430), [@liggitt](https://github.com/liggitt)) [SIG Network and Testing] -- Fix Azure file share not deleted issue when the namespace is deleted ([#97417](https://github.com/kubernetes/kubernetes/pull/97417), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fix counting error in service/nodeport/loadbalancer quota check ([#97828](https://github.com/kubernetes/kubernetes/pull/97828), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery and Network] -- Fix missing cadvisor machine metrics. ([#97006](https://github.com/kubernetes/kubernetes/pull/97006), [@lingsamuel](https://github.com/lingsamuel)) [SIG Node] -- Fix: azure file latency issue for metadata-heavy workloads ([#97082](https://github.com/kubernetes/kubernetes/pull/97082), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fixed bug in CPUManager with race on container map access ([#97427](https://github.com/kubernetes/kubernetes/pull/97427), [@klueska](https://github.com/klueska)) [SIG Node] -- GCE Internal LoadBalancer sync loop will now release the ILB IP address upon sync failure. An error in ILB forwarding rule creation will no longer leak IP addresses. ([#97740](https://github.com/kubernetes/kubernetes/pull/97740), [@prameshj](https://github.com/prameshj)) [SIG Cloud Provider and Network] -- Kubeadm: avoid detection of the container runtime for commands that do not need it ([#97848](https://github.com/kubernetes/kubernetes/pull/97848), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] -- Client-go header logging (at verbosity levels >= 9) now masks `Authorization` header contents ([#95316](https://github.com/kubernetes/kubernetes/pull/95316), [@sfowl](https://github.com/sfowl)) [SIG API Machinery] -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -- github.com/google/cadvisor: [v0.37.0 → v0.37.5](https://github.com/google/cadvisor/compare/v0.37.0...v0.37.5) -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.9 → v0.0.15 -- golang.org/x/net: ab34263 → 69a7880 -- golang.org/x/sys: ed371f2 → 5cba982 -#### Removed -_Nothing has changed._ - - - -### cert-manager [2.4.3](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.4.3) - -#### Changed -- Set docker.io as the default registry -- Made CRD install Job backoffLimit configurable (and increased the default value). ([#129](https://github.com/giantswarm/cert-manager-app/pull/129)) -### Added -- Enabled configuration of certificate Secret deletion when the parent Certificate is deleted. ([#127](https://github.com/giantswarm/cert-manager-app/pull/127)) - - - -### external-dns [2.2.2](https://github.com/giantswarm/external-dns-app/releases/tag/v2.2.2) - -#### Changed -- Set docker.io as the default registry -### Fixed -- Adds additional options required for vmware installations. ([#74](https://github.com/giantswarm/external-dns-app/pull/74)) -### Added -- Add crd source if the provider is vmware. ([#72](https://github.com/giantswarm/external-dns-app/pull/72)) - - - -### cert-exporter [1.6.1](https://github.com/giantswarm/cert-exporter/releases/tag/v1.6.1) - -#### Changed -- Set docker.io as the default registry -### Added -- Add exceptions in NetworkPolicies to allow DNS to work correctly through port 53. - - - -### chart-operator [2.13.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.13.0) - -### Changed -- `giantswarm-critical` PriorityClass only managed when E2E. -- Set docker.io as the default registry -- Pass RESTMapper to helmclient to reduce the number of REST API calls. -- Updated Helm to v3.5.3. -- Deploy `giantswarm-critical` PriorityClass when it's not found. -### Added -- Updating namespace metadata using namespaceConfig in `Chart` CRs. -- Pause Chart CR reconciliation when it has chart-operator.giantswarm.io/paused=true annotation. -- Use diff key when logging differences between the current and desired release. -- Add support for skip CRD flag when installing Helm releases. -- Added last reconciled timestamp as metrics. -### Fixed -- Stop updating Helm release if it has failed the previous 5 attempts. -- Only create VPA if autoscaling API group is present. - - - -### kiam [1.7.1](https://github.com/giantswarm/kiam-app/releases/tag/v1.7.1) - -#### Changed -- Set docker.io as the default registry - - - -### metrics-server [1.2.2](https://github.com/giantswarm/metrics-server-app/releases/tag/v1.2.2) - -#### Changed -- Set docker.io as the default registry - - - -### node-exporter [1.7.2](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.7.2) - -#### Changed -- Set docker.io as the default registry - - - -### coredns [1.4.1](https://github.com/giantswarm/coredns-app/releases/tag/v1.4.1) - -#### Changed -- Set docker.io as the default registry -- Update `coredns` to upstream version [1.8.0](https://coredns.io/2020/10/22/coredns-1.8.0-release/). -- Update `coredns` to upstream version [1.7.1](https://coredns.io/2020/09/21/coredns-1.7.1-release/) (including changes introduced in version [1.7.0](https://coredns.io/2020/06/15/coredns-1.7.0-release/)). -- Update `coredns` to upstream version [1.6.9](https://coredns.io/2020/03/24/coredns-1.6.9-release/). -### Added -- Added monitoring annotations and common labels. - - -### kube-state-metrics [1.3.1](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.3.1) - -#### Changed -- Set docker.io as the default registry - - - -### cluster-autoscaler [1.19.2](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.19.2) - -Not found - - -### net-exporter [1.9.3](https://github.com/giantswarm/net-exporter/releases/tag/v1.9.3) - -#### Changed -- Set docker.io as the default registry -- Update kubectl image to v1.18.8. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.1.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.1.1.md deleted file mode 100644 index 487ddc6424..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.1.1.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v14.1.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v14.1.1 - version: 14.1.1 - version_tag: v14.1.1 -date: '2021-04-06T09:27:22' -description: Release notes for AWS workload cluster release v14.1.1, published on - 06 April 2021, 09:27. -title: Workload cluster release v14.1.1 for AWS ---- - -This release provides a bug fix for the external-dns-app. - -> **_Warning:_** The nginx app needs to be updated to `v1.14.0+` because a new version of `external-dns` is included in this release. - -## Change details - - -### external-dns [2.3.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.3.0) - -#### Changed -- Change default annotation filter to match the one we use for the nginx ingress controller. -#### Added -- Add sidecar container for `provider: aws` to periodically validate IAM credential acessibility ([#76](https://github.com/giantswarm/external-dns-app/pull/76)) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.2.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.2.0.md deleted file mode 100644 index b1d7688c02..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.2.0.md +++ /dev/null @@ -1,220 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v14.2.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v14.2.0 - version: 14.2.0 - version_tag: v14.2.0 -date: '2021-05-28T08:00:00' -description: Release notes for AWS workload cluster release v14.2.0, published on - 28 May 2021, 08:00. -title: Workload cluster release v14.2.0 for AWS ---- - -This release provides security and bug fixes for various components. It also fixes an issue that can cause an IP conflict to occur in certain situations when a node pool is created. - -> **_Warning:_** The nginx app needs to be updated to `v1.14.0+` because a new version of `external-dns` is included in this release. - -## Change details - - -### aws-operator [10.3.0](https://github.com/giantswarm/aws-operator/releases/tag/v10.3.0) - -#### Fixed -- Updated OperatorKit to v4.3.1 for Kubernetes 1.20 support. -- Cancel update loop if source or target release is not found. -- Updated IPAM library to avoid IP conflicts. -#### Added -- Clean up VPC peerings from a cluster VPC when is cluster deleted. -- Clean up Application and Network loadbalancers created by Kubernetes when cluster is deleted. -- Add new flatcar AMIs. -#### Changed -- Fix issues with etcd initial cluster resolving into ELB and causing errors. -- Update `k8scloudconfig` to version `v10.5.0` to support kubernetes `v1.20`. -- Use `networkctl reload` for managing networking to avoid bug in `systemd`. - - - -### cert-operator [1.0.1](https://github.com/giantswarm/cert-operator/releases/tag/v1.0.1) - -#### Fixed -- Add `list` permission for `cluster.x-k8s.io`. - -#### Changed -- Update Kubernetes dependencies to 1.18 versions. -- Reconcile `CertConfig`s based on their `cert-operator.giantswarm.io/version` label. - -#### Removed -- Stop using the `VersionBundle` version. - -#### Added -- Add network policy resource. -- Added lookup for nodepool clusters in other namespaces than `default`. - - - -### cluster-operator [3.7.1](https://github.com/giantswarm/cluster-operator/releases/tag/v3.7.1) - -#### Fixed -- Add `AllowedLabels` to clusterconfigmap resource to prevent unnecessary updates. - -#### Added -- Create app CR for per cluster app-operator instance. - -#### Removed -- Do not add `VersionBundle` to new `CertConfig` specs (`CertConfig`s are now versioned using a label). **This change requires using `cert-operator` - - - -### app-operator [4.4.0](https://github.com/giantswarm/app-operator/releases/tag/v4.4.0) - -#### Added -- Add support for skip CRD flag when installing Helm releases. -- Emit events when config maps and secrets referenced in App CRs are updated. -- Cache k8sclient, helmclient for later use. -- Apply the namespaceConfig to the desired chart. -- Install apps in CAPI Workload Clusters. -- Apply `compatibleProvider`,`namespace` metadata validation based on the relevant `AppCatalogEntry` CR. -- Add annotations from Helm charts to AppCatalogEntry CRs. -- Enable Vertical Pod Autoscaler. - -#### Fixed -- Updated OperatorKit to v4.3.1 for Kubernetes 1.20 support. -- Restore chart-operator when it had been deleted. -- Use backoff in chart CR watcher to wait until kubeconfig secret exists. - -#### Changed -- Updated Helm to v3.5.3. -- Replace status webhook with chart CR status watcher. -- Sort AppCatalogEntry CRs by version and created timestamp. -- Watch cluster namespace for per workload cluster instances of app-operator. - - - -### containerlinux [2765.2.3](https://www.flatcar-linux.org/releases/#release-2765.2.3) - - -#### Security fixes -* Linux - - [CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964) - - [CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972) - - [CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971) - - [CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951) - - [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952) - - [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266) - - [CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688) - - [CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264) - - [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649) - - [CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650) - - [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646) - - [CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647) - - [CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154) - - [CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155) - - [CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133) - - [CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365) - - [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364) - - [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363) - - [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038) - - [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039) - - [CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375) - - [CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660) - - [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218) - - [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219) - - [CVE-2020-25639](https://nvd.nist.gov/vuln/detail/CVE-2020-25639) - - [CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365) - - [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364) - - [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363) - - [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038) - - [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039) - - [CVE-2021-26931](https://nvd.nist.gov/vuln/detail/CVE-2021-26931) - - [CVE-2021-26930](https://nvd.nist.gov/vuln/detail/CVE-2021-26930) - - [CVE-2021-26932](https://nvd.nist.gov/vuln/detail/CVE-2021-26932) -* Openssl - - [CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840) - - [CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841) - - [CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971) - - [CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840) - - [CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841) - - [CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449) - - [CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450) -* containerd - - [GHSA-6g2q-w5j3-fwh4](https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4) - - - -#### Bug fixes -- Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971)) -- GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. ([init#38](https://github.com/kinvolk/init/pull/38)) -- Include firmware files for all modules shipped in our image ([Issue #359](https://github.com/kinvolk/Flatcar/issues/359), [PR #887](https://github.com/kinvolk/coreos-overlay/pull/887)) -- Add explicit path to the binary call in the coreos-metadata unit file ([Issue #360](https://github.com/kinvolk/Flatcar/issues/360)) - - -#### Changes -- The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. ([init#38](https://github.com/kinvolk/init/pull/38)) - -#### Updates -- Linux ([5.10.32](https://lwn.net/Articles/853762/)) -- openssl ([1.1.1k](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000197.html)) -- open-iscsi ([2.1.4](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.4)) -- Containerd ([1.4.4](https://github.com/containerd/containerd/releases/tag/v1.4.4)) - - -### cert-manager [2.7.1](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.7.1) - -#### Changed -- Set authoritative nameserver to `coredns` when using `dns01` ACME solver. ([#162](https://github.com/giantswarm/cert-manager-app/pull/162)) -- Update to upstream `v1.3.1` ([#155](https://github.com/giantswarm/cert-manager-app/pull/155)). This mitigates failed cert-manager-app installations due to CRD conversion issues. -- Update to upstream `v1.2.0`. ([#151](https://github.com/giantswarm/cert-manager-app/pull/151)) -- cert-manager-app now requires kubernetes version >=1.16.0. ([#151](https://github.com/giantswarm/cert-manager-app/pull/151)) -- Switch rbac rules from `extensions` to `networking.k8s.io` for ingresses. ([#151](https://github.com/giantswarm/cert-manager-app/pull/151)) -- Rename clusterissuer subchart to match it's name in its Chart.yaml. ([#140](https://github.com/giantswarm/cert-manager-app/pull/140)) -- Make pods of deployments use read-only file systems. ([#140](https://github.com/giantswarm/cert-manager-app/pull/140)) -- Make pre-install/pre-upgrade hooks use server side apply. Possibly fixes upgrade timeouts. ([#140](https://github.com/giantswarm/cert-manager-app/pull/140)) - -#### Added -- Add support for *dns01* ACME solver. - -#### Fixed -- Allow strings and integers in values schema for resources requests and limits. ([#150](https://github.com/giantswarm/cert-manager-app/pull/150)) - - -### cluster-autoscaler [1.19.3](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.19.3) - -#### Added -- Allow users to set container resources - - - -### chart-operator [2.14.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.14.0) - -#### Changed -- Cancel the release resource when the manifest object already exists. -- Cancel the release resource when helm returns an unknown error. - -#### Fixed -- Updated OperatorKit to v4.3.1 for Kubernetes 1.20 support. - - - -### external-dns [2.3.1](https://github.com/giantswarm/external-dns-app/releases/tag/v2.3.1) - -#### Changed -- Increase memory limit to 100Mi since we ran into out of memory problems. This will make the app more stable. - - - -### metrics-server [1.3.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v1.3.0) - -#### Added -- Added new configuration value `extraArgs`. - - - -### net-exporter [1.10.1](https://github.com/giantswarm/net-exporter/releases/tag/v1.10.1) - -#### Changed -- Add label selector for pods to help lower memory usage diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.2.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.2.1.md deleted file mode 100644 index 412bef1fd5..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.2.1.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v14.2.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v14.2.1 - version: 14.2.1 - version_tag: v14.2.1 -date: '2021-06-07T07:00:00' -description: Release notes for AWS workload cluster release v14.2.1, published on - 07 June 2021, 07:00. -title: Workload cluster release v14.2.1 for AWS ---- - -This release fixes the issue which prevented clusters being created on some management clusters with the AWS v14.2.0 release. - -> **_Warning:_** The nginx app needs to be updated to `v1.14.0+` because a new version of `external-dns` is included in this release. - -## Change details - -### aws-operator [10.3.1](https://github.com/giantswarm/aws-operator/releases/tag/v10.3.1) - -#### Added -- Backport China Flatcar AMIs. - -### cert-operator [1.0.1](https://github.com/giantswarm/cert-operator/releases/tag/v1.0.1) - -#### Fixed -- Add `list` permission for `cluster.x-k8s.io`. - -#### Changed -- Update Kubernetes dependencies to 1.18 versions. -- Reconcile `CertConfig`s based on their `cert-operator.giantswarm.io/version` label. - -#### Removed -- Stop using the `VersionBundle` version. - -#### Added -- Add network policy resource. -- Added lookup for nodepool clusters in other namespaces than `default`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.2.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.2.2.md deleted file mode 100644 index 0789d155e3..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v14.2.2.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v14.2.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v14.2.2 - version: 14.2.2 - version_tag: v14.2.2 -date: '2021-06-15T07:27:27' -description: Release notes for AWS workload cluster release v14.2.2, published on - 15 June 2021, 07:27. -title: Workload cluster release v14.2.2 for AWS ---- - -This release fixes the issue which caused Kubernetes nodes to lose network connectivity in certain situations by reverting Flatcar Container Linux to an older version. - -> **_Warning:_** The nginx app needs to be updated to `v1.14.0+` because a new version of `external-dns` is included in this release. - -## Change details - -- revert Flatcar Container Linux to `v2605.12.0`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.0.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.0.0.md deleted file mode 100644 index 546a48b155..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.0.0.md +++ /dev/null @@ -1,1082 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v15.0.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v15.0.0 - version: 15.0.0 - version_tag: v15.0.0 -date: '2021-07-09T09:00:00' -description: Release notes for AWS workload cluster release v15.0.0, published on - 09 July 2021, 09:00. -title: Workload cluster release v15.0.0 for AWS ---- - -This release provides support for Kubernetes 1.20. It also enables the Container Storage Interface (CSI) and the automatic termination of unhealthy nodes by default. - -**Highlights** -- Kubernetes 1.20 support; -- Container Storage Interface (CSI) enabled by default; -- `gp3` is now the default storage class instead of `gp2`; -- Automatic termination of unhealthy nodes enabled by default; -- Security fixes: - * 49 Linux CVEs; - * 5 openssl CVEs; - * 5 nvidia-drivers CVEs; - * 1 runc CVE; - * 1 containerd CVE; - * 1 Kubernetes CVE. - -> **_Warning:_** From AWS workload cluster release v15.0.0, the automatic termination of unhealthy nodes is enabled by default. For more information about the feature and information how to disable it, please follow the [official documentation](https://docs.giantswarm.io/advanced/automatic-node-termination/). - -## Change details - - -### app-operator [4.4.0](https://github.com/giantswarm/app-operator/releases/tag/v4.4.0) - -#### Added -- Add support for skip CRD flag when installing Helm releases; -- Emit events when config maps and secrets referenced in App CRs are updated; -- Cache k8sclient, helmclient for later use; -- Apply the namespaceConfig to the desired chart; -- Install apps in CAPI Workload Clusters; -- Apply `compatibleProvider`, `namespace` metadata validation based on the relevant `AppCatalogEntry` CR; -- Add annotations from Helm charts to AppCatalogEntry CRs; -- Enable Vertical Pod Autoscaler. - -#### Fixed -- Updated OperatorKit to v4.3.1 for Kubernetes 1.20 support; -- Restore chart-operator when it had been deleted; -- Use backoff in chart CR watcher to wait until kubeconfig secret exists; - -#### Changed -- Updated Helm to v3.5.3; -- Replace status webhook with chart CR status watcher; -- Sort AppCatalogEntry CRs by version and created timestamp; -- Watch cluster namespace for per workload cluster instances of app-operator. - - - -### cluster-operator [3.8.0](https://github.com/giantswarm/cluster-operator/releases/tag/v3.8.0) - -#### Changed -- Adjust helm chart to be used with `config-controller`. - -#### Fixed -- Updated OperatorKit to v4.3.1 for Kubernetes 1.20 support; -- Fix `clusterIPRange` value in configmap; -- Fix `kubeconfig` resource to search secrets in all namespaces. - - - -### aws-operator [10.6.1](https://github.com/giantswarm/aws-operator/releases/tag/v10.6.1) - -#### Added -- S3 vpc endpoint to AWS CNI subnet; -- Enabled EBS CSI migration. - -#### Changed -- Upgrade `k8scloudconfig` to v10.8.1 which includes a change to better determine if memory eviction thresholds are crossed; -- Update Flatcar AMI's to the latest stable releases; -- Enabled EBS CSI migration; -- Avoid TCCPN stack failure by checking if a control-plane tag exists before adding it; -- Look up cloud tags in all namespaces; -- Find certs in all namespaces; -- Enable `terminate unhealthy node` feature by default; -- Add node termination counter per cluster metric. - -#### Removed -- Removed default storage-class annotation, EBS CSI driver is taking over. - - - -### containerlinux [2765.2.6](https://www.flatcar-linux.org/releases/#release-2765.2.6) - - -**Security fixes** - -* Linux - - [CVE-2020-26558](https://nvd.nist.gov/vuln/detail/CVE-2020-26558) - - [CVE-2021-0129](https://nvd.nist.gov/vuln/detail/CVE-2021-0129) - - [CVE-2020-24587](https://nvd.nist.gov/vuln/detail/CVE-2020-24587) - - [CVE-2020-24586](https://nvd.nist.gov/vuln/detail/CVE-2020-24586) - - [CVE-2020-24588](https://nvd.nist.gov/vuln/detail/CVE-2020-24588) - - [CVE-2020-26139](https://nvd.nist.gov/vuln/detail/CVE-2020-26139) - - [CVE-2020-26145](https://nvd.nist.gov/vuln/detail/CVE-2020-26145) - - [CVE-2020-26147](https://nvd.nist.gov/vuln/detail/CVE-2020-26147) - - [CVE-2020-26141](https://nvd.nist.gov/vuln/detail/CVE-2020-26141) - - [CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564) - - [CVE-2021-28691](https://nvd.nist.gov/vuln/detail/CVE-2021-28691) - - [CVE-2021-3587](https://nvd.nist.gov/vuln/detail/CVE-2021-3587) - - [CVE-2021-3573](https://nvd.nist.gov/vuln/detail/CVE-2021-3573) - - [CVE-2021-3491](https://nvd.nist.gov/vuln/detail/CVE-2021-3491) - - [CVE-2021-31440](https://nvd.nist.gov/vuln/detail/CVE-2021-31440) - - [CVE-2021-31829](https://nvd.nist.gov/vuln/detail/CVE-2021-31829) - - [CVE-2021-28964](https://nvd.nist.gov/vuln/detail/CVE-2021-28964) - - [CVE-2021-28972](https://nvd.nist.gov/vuln/detail/CVE-2021-28972) - - [CVE-2021-28971](https://nvd.nist.gov/vuln/detail/CVE-2021-28971) - - [CVE-2021-28951](https://nvd.nist.gov/vuln/detail/CVE-2021-28951) - - [CVE-2021-28952](https://nvd.nist.gov/vuln/detail/CVE-2021-28952) - - [CVE-2021-29266](https://nvd.nist.gov/vuln/detail/CVE-2021-29266) - - [CVE-2021-28688](https://nvd.nist.gov/vuln/detail/CVE-2021-28688) - - [CVE-2021-29264](https://nvd.nist.gov/vuln/detail/CVE-2021-29264) - - [CVE-2021-29649](https://nvd.nist.gov/vuln/detail/CVE-2021-29649) - - [CVE-2021-29650](https://nvd.nist.gov/vuln/detail/CVE-2021-29650) - - [CVE-2021-29646](https://nvd.nist.gov/vuln/detail/CVE-2021-29646) - - [CVE-2021-29647](https://nvd.nist.gov/vuln/detail/CVE-2021-29647) - - [CVE-2021-29154](https://nvd.nist.gov/vuln/detail/CVE-2021-29154) - - [CVE-2021-29155](https://nvd.nist.gov/vuln/detail/CVE-2021-29155) - - [CVE-2021-23133](https://nvd.nist.gov/vuln/detail/CVE-2021-23133) - - [CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365) - - [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364) - - [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363) - - [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038) - - [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039) - - [CVE-2021-28375](https://nvd.nist.gov/vuln/detail/CVE-2021-28375) - - [CVE-2021-28660](https://nvd.nist.gov/vuln/detail/CVE-2021-28660) - - [CVE-2021-27218](https://nvd.nist.gov/vuln/detail/CVE-2021-27218) - - [CVE-2021-27219](https://nvd.nist.gov/vuln/detail/CVE-2021-27219) - - [CVE-2020-25639](https://nvd.nist.gov/vuln/detail/CVE-2020-25639) - - [CVE-2021-27365](https://nvd.nist.gov/vuln/detail/CVE-2021-27365) - - [CVE-2021-27364](https://nvd.nist.gov/vuln/detail/CVE-2021-27364) - - [CVE-2021-27363](https://nvd.nist.gov/vuln/detail/CVE-2021-27363) - - [CVE-2021-28038](https://nvd.nist.gov/vuln/detail/CVE-2021-28038) - - [CVE-2021-28039](https://nvd.nist.gov/vuln/detail/CVE-2021-28039) - - [CVE-2021-26931](https://nvd.nist.gov/vuln/detail/CVE-2021-26931) - - [CVE-2021-26930](https://nvd.nist.gov/vuln/detail/CVE-2021-26930) - - [CVE-2021-26932](https://nvd.nist.gov/vuln/detail/CVE-2021-26932) -* openssl - - [CVE-2021-23840](https://nvd.nist.gov/vuln/detail/CVE-2021-23840) - - [CVE-2021-23841](https://nvd.nist.gov/vuln/detail/CVE-2021-23841) - - [CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971) - - [CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449) - - [CVE-2021-3450](https://nvd.nist.gov/vuln/detail/CVE-2021-3450) -* nvidia-drivers - - [CVE-2021-1052](https://nvd.nist.gov/vuln/detail/CVE-2021-1052) - - [CVE-2021-1053](https://nvd.nist.gov/vuln/detail/CVE-2021-1053) - - [CVE-2021-1056](https://nvd.nist.gov/vuln/detail/CVE-2021-1056) - - [CVE-2021-1076](https://nvd.nist.gov/vuln/detail/CVE-2021-1076) - - [CVE-2021-1077](https://nvd.nist.gov/vuln/detail/CVE-2021-1077) -* runc - - [CVE-2021-30465](https://nvd.nist.gov/vuln/detail/CVE-2021-30465) -* containerd - - [GHSA-6g2q-w5j3-fwh4](https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4) - - -**Bug fixes** - -* Update-engine sent empty requests when restarted before a pending reboot ([Flatcar#388](https://github.com/kinvolk/Flatcar/issues/388)) -motd login prompt list of failed services: The output of “systemctl list-units –state=failed –no-legend” contains a bullet point which is not expected and ended up being taken as the unit name of failed units which was previously on the start of the line. Filtered the bullet point out to stay compatible with the old behavior in case upstream would remove the bullet point again. ([coreos-overlay#1042](https://github.com/kinvolk/coreos-overlay/pull/1042)) -* The Linux kernel IOMMU-related crash introduced in the 5.10.37 update got fixed through the 5.10.38 update ([Flatcar#400](https://github.com/kinvolk/Flatcar/issues/400)) -* Fix the patch to update DefaultTasksMax in systemd ([coreos-overlay#971](https://github.com/kinvolk/coreos-overlay/pull/971)) -* GCE: The old interface name ens4v1 which was replaced by eth0 due to a broken udev rule was restored, but now as alternative interface name, and eth0 will stay the primary name for consistency across cloud environments. ([init#38](https://github.com/kinvolk/init/pull/38)) - -**Changes** - -* The virtio network interfaces got predictable interface names as alternative interface names, and thus these names can also be used to match for a specific interface in case there is more than one and the eth0 and eth1 name assignment is not stable. ([init#38](https://github.com/kinvolk/init/pull/38)) - - - -**Updates** - -* Linux ([5.10.43](https://lwn.net/Articles/859022/)) -* nvidia-drivers ([460.73.01](https://www.nvidia.com/Download/driverResults.aspx/172376/en-us)) -* openssl ([1.1.1k](https://mta.openssl.org/pipermail/openssl-announce/2021-March/000197.html)) -* open-iscsi ([2.1.4](https://github.com/open-iscsi/open-iscsi/releases/tag/2.1.4)) - - -### kubernetes [1.20.8](https://github.com/kubernetes/kubernetes/releases/tag/v1.20.8) - -#### What's New (Major Themes) - -##### Dockershim deprecation - -Docker as an underlying runtime is being deprecated. Docker-produced images will continue to work in your cluster with all runtimes, as they always have. -The Kubernetes community [has written a blog post about this in detail](https://blog.k8s.io/2020/12/02/dont-panic-kubernetes-and-docker/) with [a dedicated FAQ page for it](https://blog.k8s.io/2020/12/02/dockershim-faq/). - -##### External credential provider for client-go - -The client-go credential plugins can now be passed in the current cluster information via the `KUBERNETES_EXEC_INFO` environment variable. Learn more about this on [client-go credential plugins documentation](https://docs.k8s.io/reference/access-authn-authz/authentication/#client-go-credential-plugins/). - -##### CronJob controller v2 is available through feature gate - -An alternative implementation of the `CronJob` controller is now available as an alpha feature in this release, which has experimental performance improvement by using informers instead of polling. While this will be the default behavior in the future, you can [try them in this release through a feature gate](https://docs.k8s.io/concepts/workloads/controllers/cron-jobs/). - -##### PID Limits graduates to General Availability - -PID Limits features are now generally available on both `SupportNodePidsLimit` (node-to-pod PID isolation) and `SupportPodPidsLimit` (ability to limit PIDs per pod), after being enabled-by-default in beta stage for a year. - -##### API Priority and Fairness graduates to Beta - -Initially introduced in 1.18, Kubernetes 1.20 now enables API Priority and Fairness (APF) by default. This allows `kube-apiserver` to [categorize incoming requests by priority levels](https://docs.k8s.io/concepts/cluster-administration/flow-control/). - -##### IPv4/IPv6 run - -IPv4/IPv6 dual-stack has been reimplemented for 1.20 to support dual-stack Services, based on user and community feedback. If your cluster has dual-stack enabled, you can create Services which can use IPv4, IPv6, or both, and you can change this setting for existing Services. Details are available in updated [IPv4/IPv6 dual-stack docs](https://docs.k8s.io/concepts/services-networking/dual-stack/), which cover the nuanced array of options. - -We expect this implementation to progress from alpha to beta and GA in coming releases, so we’re eager to have you comment about your dual-stack experiences in [#k8s-dual-stack](https://kubernetes.slack.com/messages/k8s-dual-stack) or in [enhancements #563](https://features.k8s.io/563). - -##### go1.15.5 - -go1.15.5 has been integrated into the Kubernetes project as of this release, [including other infrastructure related updates on this effort](https://github.com/kubernetes/kubernetes/pull/95776). - -##### CSI Volume Snapshot graduates to General Availability - -CSI Volume Snapshot moves to GA in the 1.20 release. This feature provides a standard way to trigger volume snapshot operations in Kubernetes and allows Kubernetes users to incorporate snapshot operations in a portable manner on any Kubernetes environment regardless of supporting underlying storage providers. -Additionally, these Kubernetes snapshot primitives act as basic building blocks that unlock the ability to develop advanced, enterprise-grade, storage administration features for Kubernetes: including application or cluster level backup solutions. -Note that snapshot support will require Kubernetes distributors to bundle the Snapshot controller, Snapshot CRDs, and validation webhook. In addition, a CSI driver supporting the snapshot functionality must also be deployed on the cluster. - -##### Non-recursive Volume Ownership (FSGroup) graduates to Beta - -By default, the `fsgroup` setting, if specified, recursively updates permissions for every file in a volume on every mount. This can make mount, and pod startup, very slow if the volume has many files. -This setting enables a pod to specify a `PodFSGroupChangePolicy` that indicates that volume ownership and permissions will be changed only when permission and ownership of the root directory do not match with expected permissions on the volume. - -##### CSIDriver policy for FSGroup graduates to Beta - -The FSGroup's CSIDriver Policy is now beta in 1.20. This allows CSIDrivers to explicitly indicate if they want Kubernetes to manage permissions and ownership for their volumes via `fsgroup`. - -##### Security Improvements for CSI Drivers (Alpha) - -In 1.20, we introduce a new alpha feature `CSIServiceAccountToken`. This feature allows CSI drivers to impersonate the pods that they mount the volumes for. This improves the security posture in the mounting process where the volumes are ACL’ed on the pods’ service account without handing out unnecessary permissions to the CSI drivers’ service account. This feature is especially important for secret-handling CSI drivers, such as the secrets-store-csi-driver. Since these tokens can be rotated and short-lived, this feature also provides a knob for CSI drivers to receive `NodePublishVolume` RPC calls periodically with the new token. This knob is also useful when volumes are short-lived, e.g. certificates. - -##### Introducing Graceful Node Shutdown (Alpha) - -The `GracefulNodeShutdown` feature is now in Alpha. This allows kubelet to be aware of node system shutdowns, enabling graceful termination of pods during a system shutdown. This feature can be [enabled through feature gate](https://docs.k8s.io/concepts/architecture/nodes/#graceful-node-shutdown). - -##### Runtime log sanitation - -Logs can now be configured to use runtime protection from leaking sensitive data. [Details for this experimental feature is available in documentation](https://docs.k8s.io/concepts/cluster-administration/system-logs/#log-sanitization). - -##### Pod resource metrics - -On-demand metrics calculation is now available through `/metrics/resources`. [When enabled]( -https://docs.k8s.io/concepts/cluster-administration/system-metrics#kube-scheduler-metrics), the endpoint will report the requested resources and the desired limits of all running pods. - -##### Introducing `RootCAConfigMap` - -`RootCAConfigMap` graduates to Beta, separating from `BoundServiceAccountTokenVolume`. The `kube-root-ca.crt` ConfigMap is now available to every namespace, by default. It contains the Certificate Authority bundle for verify kube-apiserver connections. - -##### `kubectl debug` graduates to Beta - -`kubectl alpha debug` graduates from alpha to beta in 1.20, becoming `kubectl debug`. -`kubectl debug` provides support for common debugging workflows directly from kubectl. Troubleshooting scenarios supported in this release of `kubectl` include: -Troubleshoot workloads that crash on startup by creating a copy of the pod that uses a different container image or command. -Troubleshoot distroless containers by adding a new container with debugging tools, either in a new copy of the pod or using an ephemeral container. (Ephemeral containers are an alpha feature that are not enabled by default.) -Troubleshoot on a node by creating a container running in the host namespaces and with access to the host’s filesystem. -Note that as a new builtin command, `kubectl debug` takes priority over any `kubectl` plugin named “debug”. You will need to rename the affected plugin. -Invocations using `kubectl alpha debug` are now deprecated and will be removed in a subsequent release. Update your scripts to use `kubectl debug` instead of `kubectl alpha debug`! -For more information about kubectl debug, see [Debugging Running Pods](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-running-pod/) on the Kubernetes website, kubectl help debug, or reach out to SIG CLI by visiting [#sig-cli](https://kubernetes.slack.com/messages/sig-cli) or commenting on [enhancement #1441](https://features.k8s.io/1441). - -##### Removing deprecated flags in kubeadm - -`kubeadm` applies a number of deprecations and removals of deprecated features in this release. More details are available in the Urgent Upgrade Notes and Kind / Deprecation sections. - -##### Pod Hostname as FQDN graduates to Beta - -Previously introduced in 1.19 behind a feature gate, `SetHostnameAsFQDN` is now enabled by default. More details on this behavior are available in [documentation for DNS for Services and Pods](https://docs.k8s.io/concepts/services-networking/dns-pod-service/#pod-sethostnameasfqdn-field) - -##### `TokenRequest` / `TokenRequestProjection` graduates to General Availability - -Service account tokens bound to a pod is now a stable feature. The feature gates will be removed in 1.21 release. For more information, refer to notes below on the changelogs. - -##### RuntimeClass feature graduates to General Availability. - -The `node.k8s.io` API groups are promoted from `v1beta1` to `v1`. `v1beta1` is now deprecated and will be removed in a future release, please start using `v1`. ([#95718](https://github.com/kubernetes/kubernetes/pull/95718), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) [SIG Apps, Auth, Node, Scheduling and Testing] - -##### Cloud Controller Manager now exclusively shipped by Cloud Provider - -Kubernetes will no longer ship an instance of the Cloud Controller Manager binary. Each Cloud Provider is expected to ship their own instance of this binary. Details for a Cloud Provider to create an instance of such a binary can be found [here](https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/cloud-provider/sample). Anyone with questions on building a Cloud Controller Manager should reach out to SIG Cloud Provider. Questions about the Cloud Controller Manager on a Managed Kubernetes solution should go to the relevant Cloud Provider. Questions about the Cloud Controller Manager on a non managed solution can be brought up with SIG Cloud Provider. - - - -#### Important Security Information - -This release contains changes that address the following vulnerabilities: - -##### CVE-2021-25735: Validating Admission Webhook does not observe some previous fields - -A security issue was discovered in kube-apiserver that could allow node -updates to bypass a Validating Admission Webhook. You are only affected -by this vulnerability if you run a Validating Admission Webhook for Nodes -that denies admission based at least partially on the old state of the -Node object. - -**Note**: This only impacts validating admission plugins that rely on old -values in certain fields, and does not impact calls from kubelet that go -through the built-in NodeRestriction admission plugin. - -**Affected Versions**: - - kube-apiserver v1.20.0 - v1.20.5 - - kube-apiserver v1.19.0 - v1.19.9 - - kube-apiserver <= v1.18.17 - -**Fixed Versions**: - - kube-apiserver v1.21.0 - - kube-apiserver v1.20.6 - - kube-apiserver v1.19.10 - - kube-apiserver v1.18.18 - -This vulnerability was reported by Rogerio Bastos & Ari Lima from RedHat - - -**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H) - - - -#### Deprecation - -- Docker support in the kubelet is now deprecated and will be removed in a future release. The kubelet uses a module called "dockershim" which implements CRI support for Docker and it has seen maintenance issues in the Kubernetes community. We encourage you to evaluate moving to a container runtime that is a full-fledged implementation of CRI (v1alpha1 or v1 compliant) as they become available. ([#94624](https://github.com/kubernetes/kubernetes/pull/94624), [@dims](https://github.com/dims)) [SIG Node] -- Kubeadm: deprecate self-hosting support. The experimental command "kubeadm alpha self-hosting" is now deprecated and will be removed in a future release. ([#95125](https://github.com/kubernetes/kubernetes/pull/95125), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: graduate the "kubeadm alpha certs" command to a parent command "kubeadm certs". The command "kubeadm alpha certs" is deprecated and will be removed in a future release. Please migrate. ([#94938](https://github.com/kubernetes/kubernetes/pull/94938), [@yagonobre](https://github.com/yagonobre)) [SIG Cluster Lifecycle] -- Kubeadm: remove the deprecated "kubeadm alpha kubelet config enable-dynamic" command. To continue using the feature please defer to the guide for "Dynamic Kubelet Configuration" at k8s.io. This change also removes the parent command "kubeadm alpha kubelet" as there are no more sub-commands under it for the time being. ([#94668](https://github.com/kubernetes/kubernetes/pull/94668), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: remove the deprecated --kubelet-config flag for the command "kubeadm upgrade node" ([#94869](https://github.com/kubernetes/kubernetes/pull/94869), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubectl: deprecate --delete-local-data ([#95076](https://github.com/kubernetes/kubernetes/pull/95076), [@dougsland](https://github.com/dougsland)) [SIG CLI, Cloud Provider and Scalability] -- Kubelet's deprecated endpoint `metrics/resource/v1alpha1` has been removed, please adopt `metrics/resource`. ([#94272](https://github.com/kubernetes/kubernetes/pull/94272), [@RainbowMango](https://github.com/RainbowMango)) [SIG Instrumentation and Node] -- Removes deprecated scheduler metrics DeprecatedSchedulingDuration, DeprecatedSchedulingAlgorithmPredicateEvaluationSecondsDuration, DeprecatedSchedulingAlgorithmPriorityEvaluationSecondsDuration ([#94884](https://github.com/kubernetes/kubernetes/pull/94884), [@arghya88](https://github.com/arghya88)) [SIG Instrumentation and Scheduling] -- Scheduler alpha metrics binding_duration_seconds and scheduling_algorithm_preemption_evaluation_seconds are deprecated, Both of those metrics are now covered as part of framework_extension_point_duration_seconds, the former as a PostFilter the latter and a Bind plugin. The plan is to remove both in 1.21 ([#95001](https://github.com/kubernetes/kubernetes/pull/95001), [@arghya88](https://github.com/arghya88)) [SIG Instrumentation and Scheduling] -- Support `controlplane` as a valid EgressSelection type in the EgressSelectorConfiguration API. `Master` is deprecated and will be removed in v1.22. ([#95235](https://github.com/kubernetes/kubernetes/pull/95235), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery] -- The v1alpha1 PodPreset API and admission plugin has been removed with no built-in replacement. Admission webhooks can be used to modify pods on creation. ([#94090](https://github.com/kubernetes/kubernetes/pull/94090), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Apps, CLI, Cloud Provider, Scalability and Testing] - - - -#### API Change -- We have added a new Priority & Fairness rule that exempts all probes (/readyz, /healthz, /livez) to prevent - restarting of "healthy" kube-apiserver instance(s) by kubelet. ([#101112](https://github.com/kubernetes/kubernetes/pull/101112), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] -- Fixes using server-side apply with APIService resources ([#100714](https://github.com/kubernetes/kubernetes/pull/100714), [@kevindelgado](https://github.com/kevindelgado)) [SIG API Machinery, Apps and Testing] -- Regenerate protobuf code to fix CVE-2021-3121 ([#100501](https://github.com/kubernetes/kubernetes/pull/100501), [@joelsmith](https://github.com/joelsmith)) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] -- Kubernetes is now built using go1.15.8 ([#98962](https://github.com/kubernetes/kubernetes/pull/98962), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- `TokenRequest` and `TokenRequestProjection` features have been promoted to GA. This feature allows generating service account tokens that are not visible in Secret objects and are tied to the lifetime of a Pod object. See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection for details on configuring and using this feature. The `TokenRequest` and `TokenRequestProjection` feature gates will be removed in v1.21. - - kubeadm's kube-apiserver Pod manifest now includes the following flags by default "--service-account-key-file", "--service-account-signing-key-file", "--service-account-issuer". ([#93258](https://github.com/kubernetes/kubernetes/pull/93258), [@zshihang](https://github.com/zshihang)) [SIG API Machinery, Auth, Cluster Lifecycle, Storage and Testing] -- A new `nofuzz` go build tag now disables gofuzz support. Release binaries enable this. ([#92491](https://github.com/kubernetes/kubernetes/pull/92491), [@BenTheElder](https://github.com/BenTheElder)) [SIG API Machinery] -- Add WindowsContainerResources and Annotations to CRI-API UpdateContainerResourcesRequest ([#95741](https://github.com/kubernetes/kubernetes/pull/95741), [@katiewasnothere](https://github.com/katiewasnothere)) [SIG Node] -- Add a `serving` and `terminating` condition to the EndpointSlice API. - `serving` tracks the readiness of endpoints regardless of their terminating state. This is distinct from `ready` since `ready` is only true when pods are not terminating. - `terminating` is true when an endpoint is terminating. For pods this is any endpoint with a deletion timestamp. ([#92968](https://github.com/kubernetes/kubernetes/pull/92968), [@andrewsykim](https://github.com/andrewsykim)) [SIG Apps and Network] -- Add dual-stack Services (alpha). This is a BREAKING CHANGE to an alpha API. - It changes the dual-stack API wrt Service from a single ipFamily field to 3 - fields: ipFamilyPolicy (SingleStack, PreferDualStack, RequireDualStack), - ipFamilies (a list of families assigned), and clusterIPs (inclusive of - clusterIP). Most users do not need to set anything at all, defaulting will - handle it for them. Services are single-stack unless the user asks for - dual-stack. This is all gated by the "IPv6DualStack" feature gate. ([#91824](https://github.com/kubernetes/kubernetes/pull/91824), [@khenidak](https://github.com/khenidak)) [SIG API Machinery, Apps, CLI, Network, Node, Scheduling and Testing] -- Add support for hugepages to downward API ([#86102](https://github.com/kubernetes/kubernetes/pull/86102), [@derekwaynecarr](https://github.com/derekwaynecarr)) [SIG API Machinery, Apps, CLI, Network, Node, Scheduling and Testing] -- Adds kubelet alpha feature, `GracefulNodeShutdown` which makes kubelet aware of node system shutdowns and result in graceful termination of pods during a system shutdown. ([#96129](https://github.com/kubernetes/kubernetes/pull/96129), [@bobbypage](https://github.com/bobbypage)) [SIG Node] -- AppProtocol is now GA for Endpoints and Services. The ServiceAppProtocol feature gate will be deprecated in 1.21. ([#96327](https://github.com/kubernetes/kubernetes/pull/96327), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- Automatic allocation of NodePorts for services with type LoadBalancer can now be disabled by setting the (new) parameter - Service.spec.allocateLoadBalancerNodePorts=false. The default is to allocate NodePorts for services with type LoadBalancer which is the existing behavior. ([#92744](https://github.com/kubernetes/kubernetes/pull/92744), [@uablrek](https://github.com/uablrek)) [SIG Apps and Network] -- Certain fields on Service objects will be automatically cleared when changing the service's `type` to a mode that does not need those fields. For example, changing from type=LoadBalancer to type=ClusterIP will clear the NodePort assignments, rather than forcing the user to clear them. ([#95196](https://github.com/kubernetes/kubernetes/pull/95196), [@thockin](https://github.com/thockin)) [SIG API Machinery, Apps, Network and Testing] -- Document that ServiceTopology feature is required to use `service.spec.topologyKeys`. ([#96528](https://github.com/kubernetes/kubernetes/pull/96528), [@andrewsykim](https://github.com/andrewsykim)) [SIG Apps] -- EndpointSlice has a new NodeName field guarded by the EndpointSliceNodeName feature gate. - - EndpointSlice topology field will be deprecated in an upcoming release. - - EndpointSlice "IP" address type is formally removed after being deprecated in Kubernetes 1.17. - - The discovery.k8s.io/v1alpha1 API is deprecated and will be removed in Kubernetes 1.21. ([#96440](https://github.com/kubernetes/kubernetes/pull/96440), [@robscott](https://github.com/robscott)) [SIG API Machinery, Apps and Network] -- External facing API podresources is now available under k8s.io/kubelet/pkg/apis/ ([#92632](https://github.com/kubernetes/kubernetes/pull/92632), [@RenaudWasTaken](https://github.com/RenaudWasTaken)) [SIG Node and Testing] -- Fewer candidates are enumerated for preemption to improve performance in large clusters. ([#94814](https://github.com/kubernetes/kubernetes/pull/94814), [@adtac](https://github.com/adtac)) -- Fix conversions for custom metrics. ([#94481](https://github.com/kubernetes/kubernetes/pull/94481), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery and Instrumentation] -- GPU metrics provided by kubelet are now disabled by default. ([#95184](https://github.com/kubernetes/kubernetes/pull/95184), [@RenaudWasTaken](https://github.com/RenaudWasTaken)) -- If BoundServiceAccountTokenVolume is enabled, cluster admins can use metric `serviceaccount_stale_tokens_total` to monitor workloads that are depending on the extended tokens. If there are no such workloads, turn off extended tokens by starting `kube-apiserver` with flag `--service-account-extend-token-expiration=false` ([#96273](https://github.com/kubernetes/kubernetes/pull/96273), [@zshihang](https://github.com/zshihang)) [SIG API Machinery and Auth] -- Introduce alpha support for exec-based container registry credential provider plugins in the kubelet. ([#94196](https://github.com/kubernetes/kubernetes/pull/94196), [@andrewsykim](https://github.com/andrewsykim)) [SIG Node and Release] -- Introduces a metric source for HPAs which allows scaling based on container resource usage. ([#90691](https://github.com/kubernetes/kubernetes/pull/90691), [@arjunrn](https://github.com/arjunrn)) [SIG API Machinery, Apps, Autoscaling and CLI] -- Kube-apiserver now deletes expired kube-apiserver Lease objects: - - The feature is under feature gate `APIServerIdentity`. - - A flag is added to kube-apiserver: `identity-lease-garbage-collection-check-period-seconds` ([#95895](https://github.com/kubernetes/kubernetes/pull/95895), [@roycaihw](https://github.com/roycaihw)) [SIG API Machinery, Apps, Auth and Testing] -- Kube-controller-manager: volume plugins can be restricted from contacting local and loopback addresses by setting `--volume-host-allow-local-loopback=false`, or from contacting specific CIDR ranges by setting `--volume-host-cidr-denylist` (for example, `--volume-host-cidr-denylist=127.0.0.1/28,feed::/16`) ([#91785](https://github.com/kubernetes/kubernetes/pull/91785), [@mattcary](https://github.com/mattcary)) [SIG API Machinery, Apps, Auth, CLI, Network, Node, Storage and Testing] -- Migrate scheduler, controller-manager and cloud-controller-manager to use LeaseLock ([#94603](https://github.com/kubernetes/kubernetes/pull/94603), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery, Apps, Cloud Provider and Scheduling] -- Modify DNS-1123 error messages to indicate that RFC 1123 is not followed exactly ([#94182](https://github.com/kubernetes/kubernetes/pull/94182), [@mattfenwick](https://github.com/mattfenwick)) [SIG API Machinery, Apps, Auth, Network and Node] -- Move configurable fsgroup change policy for pods to beta ([#96376](https://github.com/kubernetes/kubernetes/pull/96376), [@gnufied](https://github.com/gnufied)) [SIG Apps and Storage] -- New flag is introduced, i.e. --topology-manager-scope=container|pod. - The default value is the "container" scope. ([#92967](https://github.com/kubernetes/kubernetes/pull/92967), [@cezaryzukowski](https://github.com/cezaryzukowski)) [SIG Instrumentation, Node and Testing] -- New parameter `defaultingType` for `PodTopologySpread` plugin allows to use k8s defined or user provided default constraints ([#95048](https://github.com/kubernetes/kubernetes/pull/95048), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling] -- NodeAffinity plugin can be configured with AddedAffinity. ([#96202](https://github.com/kubernetes/kubernetes/pull/96202), [@alculquicondor](https://github.com/alculquicondor)) [SIG Node, Scheduling and Testing] -- Promote RuntimeClass feature to GA. - Promote node.k8s.io API groups from v1beta1 to v1. ([#95718](https://github.com/kubernetes/kubernetes/pull/95718), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) [SIG Apps, Auth, Node, Scheduling and Testing] -- Reminder: The labels "failure-domain.beta.kubernetes.io/zone" and "failure-domain.beta.kubernetes.io/region" are deprecated in favor of "topology.kubernetes.io/zone" and "topology.kubernetes.io/region" respectively. All users of the "failure-domain.beta..." labels should switch to the "topology..." equivalents. ([#96033](https://github.com/kubernetes/kubernetes/pull/96033), [@thockin](https://github.com/thockin)) [SIG API Machinery, Apps, CLI, Cloud Provider, Network, Node, Scheduling, Storage and Testing] -- Server Side Apply now treats LabelSelector fields as atomic (meaning the entire selector is managed by a single writer and updated together), since they contain interrelated and inseparable fields that do not merge in intuitive ways. ([#93901](https://github.com/kubernetes/kubernetes/pull/93901), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Storage and Testing] -- Services will now have a `clusterIPs` field to go with `clusterIP`. `clusterIPs[0]` is a synonym for `clusterIP` and will be synchronized on create and update operations. ([#95894](https://github.com/kubernetes/kubernetes/pull/95894), [@thockin](https://github.com/thockin)) [SIG Network] -- The ServiceAccountIssuerDiscovery feature gate is now Beta and enabled by default. ([#91921](https://github.com/kubernetes/kubernetes/pull/91921), [@mtaufen](https://github.com/mtaufen)) [SIG Auth] -- The status of v1beta1 CRDs without "preserveUnknownFields:false" now shows a violation, "spec.preserveUnknownFields: Invalid value: true: must be false". ([#93078](https://github.com/kubernetes/kubernetes/pull/93078), [@vareti](https://github.com/vareti)) -- The usage of mixed protocol values in the same LoadBalancer Service is possible if the new feature gate MixedProtocolLBService is enabled. The feature gate is disabled by default. The user has to enable it for the API Server. ([#94028](https://github.com/kubernetes/kubernetes/pull/94028), [@janosi](https://github.com/janosi)) [SIG API Machinery and Apps] -- This PR will introduce a feature gate CSIServiceAccountToken with two additional fields in `CSIDriverSpec`. ([#93130](https://github.com/kubernetes/kubernetes/pull/93130), [@zshihang](https://github.com/zshihang)) [SIG API Machinery, Apps, Auth, CLI, Network, Node, Storage and Testing] -- Users can try the CronJob controller v2 using the feature gate. This will be the default controller in future releases. ([#93370](https://github.com/kubernetes/kubernetes/pull/93370), [@alaypatel07](https://github.com/alaypatel07)) [SIG API Machinery, Apps, Auth and Testing] -- VolumeSnapshotDataSource moves to GA in 1.20 release ([#95282](https://github.com/kubernetes/kubernetes/pull/95282), [@xing-yang](https://github.com/xing-yang)) [SIG Apps] -- WinOverlay feature graduated to beta ([#94807](https://github.com/kubernetes/kubernetes/pull/94807), [@ksubrmnn](https://github.com/ksubrmnn)) [SIG Windows] - - - -#### Feature - -- Kubernetes is now built using Go 1.15.13 ([#102786](https://github.com/kubernetes/kubernetes/pull/102786), [@thejoycekung](https://github.com/thejoycekung)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Kubernetes is now built using go1.15.11 ([#101192](https://github.com/kubernetes/kubernetes/pull/101192), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Kubernetes is now built using go1.15.12 ([#101845](https://github.com/kubernetes/kubernetes/pull/101845), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- AWS cloudprovider supports auto-discovering subnets without any kubernetes.io/cluster/ tags. It also supports additional service annotation service.beta.kubernetes.io/aws-load-balancer-subnets to manually configure the subnets. ([#97431](https://github.com/kubernetes/kubernetes/pull/97431), [@kishorj](https://github.com/kishorj)) [SIG Cloud Provider] -- Kubernetes is now built using go1.15.10 ([#100375](https://github.com/kubernetes/kubernetes/pull/100375), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- A new metric `apiserver_request_filter_duration_seconds` has been introduced that - measures request filter latency in seconds. ([#95207](https://github.com/kubernetes/kubernetes/pull/95207), [@tkashem](https://github.com/tkashem)) [SIG API Machinery and Instrumentation] -- A new set of alpha metrics are reported by the Kubernetes scheduler under the `/metrics/resources` endpoint that allow administrators to easily see the resource consumption (requests and limits for all resources on the pods) and compare it to actual pod usage or node capacity. ([#94866](https://github.com/kubernetes/kubernetes/pull/94866), [@smarterclayton](https://github.com/smarterclayton)) [SIG API Machinery, Instrumentation, Node and Scheduling] -- Add --experimental-logging-sanitization flag enabling runtime protection from leaking sensitive data in logs ([#96370](https://github.com/kubernetes/kubernetes/pull/96370), [@serathius](https://github.com/serathius)) [SIG API Machinery, Cluster Lifecycle and Instrumentation] -- Add a StorageVersionAPI feature gate that makes API server update storageversions before serving certain write requests. - This feature allows the storage migrator to manage storage migration for built-in resources. - Enabling internal.apiserver.k8s.io/v1alpha1 API and APIServerIdentity feature gate are required to use this feature. ([#93873](https://github.com/kubernetes/kubernetes/pull/93873), [@roycaihw](https://github.com/roycaihw)) [SIG API Machinery, Auth and Testing] -- Add a metric for time taken to perform recursive permission change ([#95866](https://github.com/kubernetes/kubernetes/pull/95866), [@JornShen](https://github.com/JornShen)) [SIG Instrumentation and Storage] -- Add a new `vSphere` metric: `cloudprovider_vsphere_vcenter_versions`. Its content shows `vCenter` hostnames with the associated server version. ([#94526](https://github.com/kubernetes/kubernetes/pull/94526), [@Danil-Grigorev](https://github.com/Danil-Grigorev)) [SIG Cloud Provider and Instrumentation] -- Add a new flag to set priority for the kubelet on Windows nodes so that workloads cannot overwhelm the node thereby disrupting kubelet process. ([#96051](https://github.com/kubernetes/kubernetes/pull/96051), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Node and Windows] -- Add feature to size memory backed volumes ([#94444](https://github.com/kubernetes/kubernetes/pull/94444), [@derekwaynecarr](https://github.com/derekwaynecarr)) [SIG Storage and Testing] -- Add foreground cascading deletion to kubectl with the new `kubectl delete foreground|background|orphan` option. ([#93384](https://github.com/kubernetes/kubernetes/pull/93384), [@zhouya0](https://github.com/zhouya0)) -- Add metrics for azure service operations (route and loadbalancer). ([#94124](https://github.com/kubernetes/kubernetes/pull/94124), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider and Instrumentation] -- Add network rule support in Azure account creation. ([#94239](https://github.com/kubernetes/kubernetes/pull/94239), [@andyzhangx](https://github.com/andyzhangx)) -- Add node_authorizer_actions_duration_seconds metric that can be used to estimate load to node authorizer. ([#92466](https://github.com/kubernetes/kubernetes/pull/92466), [@mborsz](https://github.com/mborsz)) [SIG API Machinery, Auth and Instrumentation] -- Add pod_ based CPU and memory metrics to Kubelet's /metrics/resource endpoint ([#95839](https://github.com/kubernetes/kubernetes/pull/95839), [@egernst](https://github.com/egernst)) [SIG Instrumentation, Node and Testing] -- Added `get-users` and `delete-user` to the `kubectl config` subcommand ([#89840](https://github.com/kubernetes/kubernetes/pull/89840), [@eddiezane](https://github.com/eddiezane)) [SIG CLI] -- Added counter metric "apiserver_request_self" to count API server self-requests with labels for verb, resource, and subresource. ([#94288](https://github.com/kubernetes/kubernetes/pull/94288), [@LogicalShark](https://github.com/LogicalShark)) [SIG API Machinery, Auth, Instrumentation and Scheduling] -- Added new k8s.io/component-helpers repository providing shared helper code for (core) components. ([#92507](https://github.com/kubernetes/kubernetes/pull/92507), [@ingvagabund](https://github.com/ingvagabund)) [SIG Apps, Node, Release and Scheduling] -- Adds `create ingress` command to `kubectl` ([#78153](https://github.com/kubernetes/kubernetes/pull/78153), [@amimof](https://github.com/amimof)) [SIG CLI and Network] -- Adds a headless service on node-local-cache addon. ([#88412](https://github.com/kubernetes/kubernetes/pull/88412), [@stafot](https://github.com/stafot)) [SIG Cloud Provider and Network] -- Allow cross-compilation of kubernetes on different platforms. ([#94403](https://github.com/kubernetes/kubernetes/pull/94403), [@bnrjee](https://github.com/bnrjee)) [SIG Release] -- Azure: Support multiple services sharing one IP address ([#94991](https://github.com/kubernetes/kubernetes/pull/94991), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- CRDs: For structural schemas, non-nullable null map fields will now be dropped and defaulted if a default is available. null items in the list will continue being preserved, and fail validation if not nullable. ([#95423](https://github.com/kubernetes/kubernetes/pull/95423), [@apelisse](https://github.com/apelisse)) [SIG API Machinery] -- Changed: default "Accept: */*" header added to HTTP probes. See https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#http-probes (https://github.com/kubernetes/website/pull/24756) ([#95641](https://github.com/kubernetes/kubernetes/pull/95641), [@fonsecas72](https://github.com/fonsecas72)) [SIG Network and Node] -- Client-go credential plugins can now be passed in the current cluster information via the KUBERNETES_EXEC_INFO environment variable. ([#95489](https://github.com/kubernetes/kubernetes/pull/95489), [@ankeesler](https://github.com/ankeesler)) [SIG API Machinery and Auth] -- Command to start network proxy changes from 'KUBE_ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE ./cluster/kube-up.sh' to 'KUBE_ENABLE_KONNECTIVITY_SERVICE=true ./hack/kube-up.sh' ([#92669](https://github.com/kubernetes/kubernetes/pull/92669), [@Jefftree](https://github.com/Jefftree)) [SIG Cloud Provider] -- Configure AWS LoadBalancer health check protocol via service annotations. ([#94546](https://github.com/kubernetes/kubernetes/pull/94546), [@kishorj](https://github.com/kishorj)) -- DefaultPodTopologySpread graduated to Beta. The feature gate is enabled by default. ([#95631](https://github.com/kubernetes/kubernetes/pull/95631), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling and Testing] -- E2e test for PodFsGroupChangePolicy ([#96247](https://github.com/kubernetes/kubernetes/pull/96247), [@saikat-royc](https://github.com/saikat-royc)) [SIG Storage and Testing] -- Ephemeral containers now apply the same API defaults as initContainers and containers ([#94896](https://github.com/kubernetes/kubernetes/pull/94896), [@wawa0210](https://github.com/wawa0210)) [SIG Apps and CLI] -- Graduate the Pod Resources API to G.A - Introduces the pod_resources_endpoint_requests_total metric which tracks the total number of requests to the pod resources API ([#92165](https://github.com/kubernetes/kubernetes/pull/92165), [@RenaudWasTaken](https://github.com/RenaudWasTaken)) [SIG Instrumentation, Node and Testing] -- In dual-stack bare-metal clusters, you can now pass dual-stack IPs to `kubelet --node-ip`. - eg: `kubelet --node-ip 10.1.0.5,fd01::0005`. This is not yet supported for non-bare-metal - clusters. - - In dual-stack clusters where nodes have dual-stack addresses, hostNetwork pods - will now get dual-stack PodIPs. ([#95239](https://github.com/kubernetes/kubernetes/pull/95239), [@danwinship](https://github.com/danwinship)) [SIG Network and Node] -- Introduce api-extensions category which will return: mutating admission configs, validating admission configs, CRDs and APIServices when used in kubectl get, for example. ([#95603](https://github.com/kubernetes/kubernetes/pull/95603), [@soltysh](https://github.com/soltysh)) [SIG API Machinery] -- Introduces a new GCE specific cluster creation variable KUBE_PROXY_DISABLE. When set to true, this will skip over the creation of kube-proxy (whether the daemonset or static pod). This can be used to control the lifecycle of kube-proxy separately from the lifecycle of the nodes. ([#91977](https://github.com/kubernetes/kubernetes/pull/91977), [@varunmar](https://github.com/varunmar)) [SIG Cloud Provider] -- Kube-apiserver now maintains a Lease object to identify itself: - - The feature is under feature gate `APIServerIdentity`. - - Two flags are added to kube-apiserver: `identity-lease-duration-seconds`, `identity-lease-renew-interval-seconds` ([#95533](https://github.com/kubernetes/kubernetes/pull/95533), [@roycaihw](https://github.com/roycaihw)) [SIG API Machinery] -- Kube-apiserver: The timeout used when making health check calls to etcd can now be configured with `--etcd-healthcheck-timeout`. The default timeout is 2 seconds, matching the previous behavior. ([#93244](https://github.com/kubernetes/kubernetes/pull/93244), [@Sh4d1](https://github.com/Sh4d1)) [SIG API Machinery] -- Kube-apiserver: added support for compressing rotated audit log files with `--audit-log-compress` ([#94066](https://github.com/kubernetes/kubernetes/pull/94066), [@lojies](https://github.com/lojies)) [SIG API Machinery and Auth] -- Kubeadm now prints warnings instead of throwing errors if the current system time is outside of the NotBefore and NotAfter bounds of a loaded certificate. ([#94504](https://github.com/kubernetes/kubernetes/pull/94504), [@neolit123](https://github.com/neolit123)) -- Kubeadm: Add a preflight check that the control-plane node has at least 1700MB of RAM ([#93275](https://github.com/kubernetes/kubernetes/pull/93275), [@xlgao-zju](https://github.com/xlgao-zju)) [SIG Cluster Lifecycle] -- Kubeadm: add the "--cluster-name" flag to the "kubeadm alpha kubeconfig user" to allow configuring the cluster name in the generated kubeconfig file ([#93992](https://github.com/kubernetes/kubernetes/pull/93992), [@prabhu43](https://github.com/prabhu43)) [SIG Cluster Lifecycle] -- Kubeadm: add the "--kubeconfig" flag to the "kubeadm init phase upload-certs" command to allow users to pass a custom location for a kubeconfig file. ([#94765](https://github.com/kubernetes/kubernetes/pull/94765), [@zhanw15](https://github.com/zhanw15)) [SIG Cluster Lifecycle] -- Kubeadm: make etcd pod request 100m CPU, 100Mi memory and 100Mi ephemeral_storage by default ([#94479](https://github.com/kubernetes/kubernetes/pull/94479), [@knight42](https://github.com/knight42)) [SIG Cluster Lifecycle] -- Kubeadm: make the command "kubeadm alpha kubeconfig user" accept a "--config" flag and remove the following flags: - - apiserver-advertise-address / apiserver-bind-port: use either localAPIEndpoint from InitConfiguration or controlPlaneEndpoint from ClusterConfiguration. - - cluster-name: use clusterName from ClusterConfiguration - - cert-dir: use certificatesDir from ClusterConfiguration ([#94879](https://github.com/kubernetes/kubernetes/pull/94879), [@knight42](https://github.com/knight42)) [SIG Cluster Lifecycle] -- Kubectl create now supports creating ingress objects. ([#94327](https://github.com/kubernetes/kubernetes/pull/94327), [@rikatz](https://github.com/rikatz)) [SIG CLI and Network] -- Kubectl rollout history sts/sts-name --revision=some-revision will start showing the detailed view of the sts on that specified revision ([#86506](https://github.com/kubernetes/kubernetes/pull/86506), [@dineshba](https://github.com/dineshba)) [SIG CLI] -- Kubectl: Previously users cannot provide arguments to a external diff tool via KUBECTL_EXTERNAL_DIFF env. This release now allow users to specify args to KUBECTL_EXTERNAL_DIFF env. ([#95292](https://github.com/kubernetes/kubernetes/pull/95292), [@dougsland](https://github.com/dougsland)) [SIG CLI] -- Kubemark now supports both real and hollow nodes in a single cluster. ([#93201](https://github.com/kubernetes/kubernetes/pull/93201), [@ellistarn](https://github.com/ellistarn)) [SIG Scalability] -- Kubernetes E2E test image manifest lists now contain Windows images. ([#77398](https://github.com/kubernetes/kubernetes/pull/77398), [@claudiubelu](https://github.com/claudiubelu)) [SIG Testing and Windows] -- Kubernetes is now built using go1.15.2 - - build: Update to k/repo-infra@v0.1.1 (supports go1.15.2) - - build: Use go-runner:buster-v2.0.1 (built using go1.15.1) - - bazel: Replace --features with Starlark build settings flag - - hack/lib/util.sh: some bash cleanups - - - switched one spot to use kube::logging - - make kube::util::find-binary return an error when it doesn't find - anything so that hack scripts fail fast instead of with "binary not - found errors". - - this required deleting some genfeddoc stuff. the binary no longer - exists in k/k repo since we removed federation/, and I don't see it - in https://github.com/kubernetes-sigs/kubefed/ either. I'm assuming - that it's gone for good now. - - - bazel: output go_binary rule directly from go_binary_conditional_pure - - From: [@mikedanese](https://github.com/mikedanese): - Instead of aliasing. Aliases are annoying in a number of ways. This is - specifically bugging me now because they make the action graph harder to - analyze programmatically. By using aliases here, we would need to handle - potentially aliased go_binary targets and dereference to the effective - target. - - The comment references an issue with `pure = select(...)` which appears - to be resolved considering this now builds. - - - make kube::util::find-binary not dependent on bazel-out/ structure - - Implement an aspect that outputs go_build_mode metadata for go binaries, - and use that during binary selection. ([#94449](https://github.com/kubernetes/kubernetes/pull/94449), [@justaugustus](https://github.com/justaugustus)) [SIG Architecture, CLI, Cluster Lifecycle, Node, Release and Testing] -- Kubernetes is now built using go1.15.5 - - build: Update to k/repo-infra@v0.1.2 (supports go1.15.5) ([#95776](https://github.com/kubernetes/kubernetes/pull/95776), [@justaugustus](https://github.com/justaugustus)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- New default scheduling plugins order reduces scheduling and preemption latency when taints and node affinity are used ([#95539](https://github.com/kubernetes/kubernetes/pull/95539), [@soulxu](https://github.com/soulxu)) [SIG Scheduling] -- Only update Azure data disks when attach/detach ([#94265](https://github.com/kubernetes/kubernetes/pull/94265), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Promote SupportNodePidsLimit to GA to provide node-to-pod PID isolation. - Promote SupportPodPidsLimit to GA to provide the ability to limit PIDs per pod. ([#94140](https://github.com/kubernetes/kubernetes/pull/94140), [@derekwaynecarr](https://github.com/derekwaynecarr)) -- SCTP support in API objects (Pod, Service, NetworkPolicy) is now GA. - Note that this has no effect on whether SCTP is enabled on nodes at the kernel level, - and note that some cloud platforms and network plugins do not support SCTP traffic. ([#95566](https://github.com/kubernetes/kubernetes/pull/95566), [@danwinship](https://github.com/danwinship)) [SIG Apps and Network] -- Scheduler now ignores Pod update events if the resourceVersion of old and new Pods are identical. ([#96071](https://github.com/kubernetes/kubernetes/pull/96071), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling] -- Scheduling Framework: expose Run[Pre]ScorePlugins functions to PreemptionHandle which can be used in PostFilter extension point. ([#93534](https://github.com/kubernetes/kubernetes/pull/93534), [@everpeace](https://github.com/everpeace)) [SIG Scheduling and Testing] -- SelectorSpreadPriority maps to PodTopologySpread plugin when DefaultPodTopologySpread feature is enabled ([#95448](https://github.com/kubernetes/kubernetes/pull/95448), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling] -- Send GCE node startup scripts' logs to console and journal. ([#95311](https://github.com/kubernetes/kubernetes/pull/95311), [@karan](https://github.com/karan)) -- SetHostnameAsFQDN has been graduated to Beta and therefore it is enabled by default. ([#95267](https://github.com/kubernetes/kubernetes/pull/95267), [@javidiaz](https://github.com/javidiaz)) [SIG Node] -- Support [service.beta.kubernetes.io/azure-pip-ip-tags] annotations to allow customers to specify ip-tags to influence public-ip creation in Azure [Tag1=Value1, Tag2=Value2, etc.] ([#94114](https://github.com/kubernetes/kubernetes/pull/94114), [@MarcPow](https://github.com/MarcPow)) [SIG Cloud Provider] -- Support custom tags for cloud provider managed resources ([#96450](https://github.com/kubernetes/kubernetes/pull/96450), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Support customize load balancer health probe protocol and request path ([#96338](https://github.com/kubernetes/kubernetes/pull/96338), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Support for Windows container images (OS Versions: 1809, 1903, 1909, 2004) was added to the pause:3.4 image. ([#91452](https://github.com/kubernetes/kubernetes/pull/91452), [@claudiubelu](https://github.com/claudiubelu)) [SIG Node, Release and Windows] -- Support multiple standard load balancers in one cluster ([#96111](https://github.com/kubernetes/kubernetes/pull/96111), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- The beta `RootCAConfigMap` feature gate is enabled by default and causes kube-controller-manager to publish a "kube-root-ca.crt" ConfigMap to every namespace. This ConfigMap contains a CA bundle used for verifying connections to the kube-apiserver. ([#96197](https://github.com/kubernetes/kubernetes/pull/96197), [@zshihang](https://github.com/zshihang)) [SIG API Machinery, Apps, Auth and Testing] -- The kubelet_runtime_operations_duration_seconds metric buckets were set to 0.005 0.0125 0.03125 0.078125 0.1953125 0.48828125 1.220703125 3.0517578125 7.62939453125 19.073486328125 47.6837158203125 119.20928955078125 298.0232238769531 and 745.0580596923828 seconds ([#96054](https://github.com/kubernetes/kubernetes/pull/96054), [@alvaroaleman](https://github.com/alvaroaleman)) [SIG Instrumentation and Node] -- There is a new pv_collector_total_pv_count metric that counts persistent volumes by the volume plugin name and volume mode. ([#95719](https://github.com/kubernetes/kubernetes/pull/95719), [@tsmetana](https://github.com/tsmetana)) [SIG Apps, Instrumentation, Storage and Testing] -- Volume snapshot e2e test to validate PVC and VolumeSnapshotContent finalizer ([#95863](https://github.com/kubernetes/kubernetes/pull/95863), [@RaunakShah](https://github.com/RaunakShah)) [SIG Cloud Provider, Storage and Testing] -- Warns user when executing kubectl apply/diff to a resource currently being deleted. ([#95544](https://github.com/kubernetes/kubernetes/pull/95544), [@SaiHarshaK](https://github.com/SaiHarshaK)) [SIG CLI] -- `kubectl alpha debug` has graduated to beta and is now `kubectl debug`. ([#96138](https://github.com/kubernetes/kubernetes/pull/96138), [@verb](https://github.com/verb)) [SIG CLI and Testing] -- `kubectl debug` gains support for changing container images when copying a pod for debugging, similar to how `kubectl set image` works. See `kubectl help debug` for more information. ([#96058](https://github.com/kubernetes/kubernetes/pull/96058), [@verb](https://github.com/verb)) [SIG CLI] - - - -#### Documentation - -- Fake dynamic client: document that List does not preserve TypeMeta in UnstructuredList ([#95117](https://github.com/kubernetes/kubernetes/pull/95117), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery] -- Kubelet: remove alpha warnings for CNI flags. ([#94508](https://github.com/kubernetes/kubernetes/pull/94508), [@andrewsykim](https://github.com/andrewsykim)) [SIG Network and Node] -- Updates docs and guidance on cloud provider InstancesV2 and Zones interface for external cloud providers: - - removes experimental warning for InstancesV2 - - document that implementation of InstancesV2 will disable calls to Zones - - deprecate Zones in favor of InstancesV2 ([#96397](https://github.com/kubernetes/kubernetes/pull/96397), [@andrewsykim](https://github.com/andrewsykim)) [SIG Cloud Provider] - - - -#### Failing Test - -- Fixes the `should receive events on concurrent watches in same order` conformance test to work properly on clusters that auto-create additional configmaps in namespaces ([#101950](https://github.com/kubernetes/kubernetes/pull/101950), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing] -- Fix handing special characters in the volume path on Windows ([#99008](https://github.com/kubernetes/kubernetes/pull/99008), [@yujuhong](https://github.com/yujuhong)) [SIG Storage] -- Kube-proxy: fix a bug on UDP NodePort Services where stale conntrack entries may blackhole the traffic directed to the NodePort. ([#98305](https://github.com/kubernetes/kubernetes/pull/98305), [@aojea](https://github.com/aojea)) [SIG Network] -- Kubelet: the HostPort implementation in dockershim was not taking into consideration the HostIP field, causing that the same HostPort can not be used with different IP addresses. - This bug causes the conformance test "HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" to fail. ([#98838](https://github.com/kubernetes/kubernetes/pull/98838), [@aojea](https://github.com/aojea)) [SIG Network and Node] -- Resolves an issue running Ingress conformance tests on clusters which use finalizers on Ingress objects to manage releasing load balancer resources ([#96742](https://github.com/kubernetes/kubernetes/pull/96742), [@spencerhance](https://github.com/spencerhance)) [SIG Network and Testing] -- The Conformance test "validates that there is no conflict between pods with same hostPort but different hostIP and protocol" now validates the connectivity to each hostPort, in addition to the functionality. ([#96627](https://github.com/kubernetes/kubernetes/pull/96627), [@aojea](https://github.com/aojea)) [SIG Scheduling and Testing] - - - -#### Bug or Regression - -- Added jitter factor to lease controller that better smears load on kube-apiserver over time. ([#101652](https://github.com/kubernetes/kubernetes/pull/101652), [@marseel](https://github.com/marseel)) [SIG API Machinery and Scalability] -- Avoid caching the Azure VMSS instances whose network profile is nil ([#100948](https://github.com/kubernetes/kubernetes/pull/100948), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Azure: avoid setting cached Sku when updating VMSS and VMSS instances ([#102005](https://github.com/kubernetes/kubernetes/pull/102005), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Fix a bug on the endpoint slices mirroring controller where endpoint NotReadyAddresses were mirrored as Ready to the corresponding EndpointSlice ([#102683](https://github.com/kubernetes/kubernetes/pull/102683), [@aojea](https://github.com/aojea)) [SIG Apps and Network] -- Fix a bug that a preemptor pod may exist as a phantom in the scheduler. ([#102498](https://github.com/kubernetes/kubernetes/pull/102498), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling] -- Fix errors when accessing Windows container stats for Dockershim ([#98510](https://github.com/kubernetes/kubernetes/pull/98510), [@jsturtevant](https://github.com/jsturtevant)) [SIG Node and Windows] -- Fix removing pods from podTopologyHints mapping ([#101896](https://github.com/kubernetes/kubernetes/pull/101896), [@aheng-ch](https://github.com/aheng-ch)) [SIG Node] -- Fix: avoid nil-pointer panic when checking the frontend IP configuration ([#101739](https://github.com/kubernetes/kubernetes/pull/101739), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix: delete non existing disk issue ([#102083](https://github.com/kubernetes/kubernetes/pull/102083), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fixed false-positive uncertain volume attachments, which led to unexpected detachment of CSI migrated volumes ([#101737](https://github.com/kubernetes/kubernetes/pull/101737), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Apps and Storage] -- Fixed garbage collection of dangling VolumeAttachments for PersistentVolumes migrated to CSI on startup of kube-controller-manager. ([#102176](https://github.com/kubernetes/kubernetes/pull/102176), [@timebertt](https://github.com/timebertt)) [SIG Apps and Storage] -- Improve speed of vSphere PV provisioning and reduce number of API calls ([#102350](https://github.com/kubernetes/kubernetes/pull/102350), [@gnufied](https://github.com/gnufied)) [SIG Cloud Provider and Storage] -- Kubeadm: remove the "ephemeral_storage" request from the etcd static pod that kubeadm deploys on stacked etcd control plane nodes. This request has caused sporadic failures on some setups due to a problem in the kubelet with cadvisor and the LocalStorageCapacityIsolation feature gate. See this issue for more details: https://github.com/kubernetes/kubernetes/issues/99305 ([#102673](https://github.com/kubernetes/kubernetes/pull/102673), [@jackfrancis](https://github.com/jackfrancis)) [SIG Cluster Lifecycle] -- Register/Deregister Targets in chunks for AWS TargetGroup ([#101592](https://github.com/kubernetes/kubernetes/pull/101592), [@M00nF1sh](https://github.com/M00nF1sh)) [SIG Cloud Provider] -- Respect annotation size limit for server-side apply updates to the client-side apply annotation. Also, fix opt-out of this behavior by setting the client-side apply annotation to the empty string. ([#102105](https://github.com/kubernetes/kubernetes/pull/102105), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG API Machinery] -- Reverted the previous fix for portforward cleanup because it introduced a kubelet regression which can lead into segmentation faults. ([#102586](https://github.com/kubernetes/kubernetes/pull/102586), [@saschagrunert](https://github.com/saschagrunert)) [SIG API Machinery and Node] -- ServiceOwnsFrontendIP shouldn't report error when the public IP doesn't match ([#102516](https://github.com/kubernetes/kubernetes/pull/102516), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Azurefile: Normalize share name to not include capital letters ([#100731](https://github.com/kubernetes/kubernetes/pull/100731), [@kassarl](https://github.com/kassarl)) [SIG Cloud Provider and Storage] -- EndpointSlice IP validation now matches Endpoints IP validation. ([#101084](https://github.com/kubernetes/kubernetes/pull/101084), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- EndpointSlice controllers are less likely to create duplicate EndpointSlices. ([#101763](https://github.com/kubernetes/kubernetes/pull/101763), [@aojea](https://github.com/aojea)) [SIG Apps and Network] -- Ensure service deleted when the Azure resource group has been deleted ([#100944](https://github.com/kubernetes/kubernetes/pull/100944), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Fix panic in JSON logging format caused by missing Duration encoder ([#101158](https://github.com/kubernetes/kubernetes/pull/101158), [@serathius](https://github.com/serathius)) [SIG API Machinery, Cluster Lifecycle and Instrumentation] -- Fix smb mount PermissionDenied issue on Windows ([#99550](https://github.com/kubernetes/kubernetes/pull/99550), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider, Storage and Windows] -- Fix: azure file inline volume namespace issue in csi migration translation ([#101235](https://github.com/kubernetes/kubernetes/pull/101235), [@andyzhangx](https://github.com/andyzhangx)) [SIG Apps, Cloud Provider, Node and Storage] -- Fix: not tagging static public IP ([#101752](https://github.com/kubernetes/kubernetes/pull/101752), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix: set "host is down" as corrupted mount ([#101398](https://github.com/kubernetes/kubernetes/pull/101398), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fixed a bug where startupProbe stopped working after a container's first restart ([#101093](https://github.com/kubernetes/kubernetes/pull/101093), [@wzshiming](https://github.com/wzshiming)) [SIG Node] -- Fixed port-forward memory leak for long-running and heavily used connections. ([#99839](https://github.com/kubernetes/kubernetes/pull/99839), [@saschagrunert](https://github.com/saschagrunert)) [SIG API Machinery and Node] -- Kubectl create service now respects namespace flag ([#101005](https://github.com/kubernetes/kubernetes/pull/101005), [@zxh326](https://github.com/zxh326)) [SIG CLI] -- Kubelet: improve the performance when waiting for a synchronization of the node list with the kube-apiserver ([#99336](https://github.com/kubernetes/kubernetes/pull/99336), [@neolit123](https://github.com/neolit123)) [SIG Node] -- No support endpointslice in linux userpace mode ([#101503](https://github.com/kubernetes/kubernetes/pull/101503), [@JornShen](https://github.com/JornShen)) [SIG Network] -- Renames the timeout field for the DelegatingAuthenticationOptions to TokenRequestTimeout and set the timeout only for the token review client. Previously the timeout was also applied to watches making them reconnecting every 10 seconds. ([#101103](https://github.com/kubernetes/kubernetes/pull/101103), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery, Auth and Cloud Provider] -- Respect ExecProbeTimeout=false for dockershim ([#101126](https://github.com/kubernetes/kubernetes/pull/101126), [@jackfrancis](https://github.com/jackfrancis)) [SIG Node and Testing] -- Fix priority expander falling back to a random choice even though there is a higher priority option to choose -- Clone `kubernetes/kubernetes` in `update-vendor.sh` shallowly, instead of fetching all revisions -- Speed up binpacking by reducing the number of PreFilter calls (call once per pod instead of `pods` * `nodes times`) -- Speed up finding unneeded nodes by 5x+ in very large clusters by reducing the number of PreFilter calls -- Expose `--max-nodes-total` as a metric -- Errors in `IncreaseSize` changed from type `apiError` to `cloudProviderError` -- Make `build-in-docker` and `test-in-docker` work on Linux systems with SELinux enabled -- Fix an error where existing nodes were not considered as destinations while finding place for pods in scale-down simulations -- Remove redundant log lines and reduce severity around parsing kubeEnv -- Don't treat nodes created by virtual kubelet as nodes from non-autoscaled node groups -- Remove redundant logging around calculating node utilization -- Add configurable `--network` and `--rm` flags for docker in `Makefile` -- Subtract DaemonSet pods' requests from node allocatable in the denominator while computing node utilization -- Include taints by condition when determining if a node is unready/still starting -- Fix `update-vendor.sh` to work on OSX and zsh -- Add best-effort eviction for DaemonSet pods while scaling down non-empty nodes -- Add build support for ARM64 -- Regenerate list of EC2 instances -- Fix pricing endpoint in AWS China Region -- Avoid systemd-logind loading configuration warning ([#97950](https://github.com/kubernetes/kubernetes/pull/97950), [@wzshiming](https://github.com/wzshiming)) [SIG Node] -- Count pod overhead against an entity's ResourceQuota ([#99600](https://github.com/kubernetes/kubernetes/pull/99600), [@gjkim42](https://github.com/gjkim42)) [SIG API Machinery and Node] -- EndpointSlice controller is now less likely to emit FailedToUpdateEndpointSlices events. ([#100113](https://github.com/kubernetes/kubernetes/pull/100113), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- EndpointSliceMirroring controller is now less likely to emit FailedToUpdateEndpointSlices events. ([#100143](https://github.com/kubernetes/kubernetes/pull/100143), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- Ensure only one LoadBalancer rule is created when HA mode is enabled ([#99825](https://github.com/kubernetes/kubernetes/pull/99825), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Fix kubelet from panic after getting the wrong signal ([#98200](https://github.com/kubernetes/kubernetes/pull/98200), [@wzshiming](https://github.com/wzshiming)) [SIG Node] -- Fix repeatedly acquire the inhibit lock ([#98088](https://github.com/kubernetes/kubernetes/pull/98088), [@wzshiming](https://github.com/wzshiming)) [SIG Node] -- Fixed bug that caused cAdvisor to incorrectly detect single-socket multi-NUMA topology. ([#99207](https://github.com/kubernetes/kubernetes/pull/99207), [@iwankgb](https://github.com/iwankgb)) [SIG Node] -- Fixing a bug where a failed node may not have the NoExecute taint set correctly ([#98168](https://github.com/kubernetes/kubernetes/pull/98168), [@CKchen0726](https://github.com/CKchen0726)) [SIG Apps and Node] -- Kubelet now cleans up orphaned volume directories automatically ([#95301](https://github.com/kubernetes/kubernetes/pull/95301), [@lorenz](https://github.com/lorenz)) [SIG Node and Storage] -- Resolves spurious `Failed to list *v1.Secret` or `Failed to list *v1.ConfigMap` messages in kubelet logs. ([#99538](https://github.com/kubernetes/kubernetes/pull/99538), [@liggitt](https://github.com/liggitt)) [SIG Auth and Node] -- Sync node status during kubelet node shutdown. - Adds an pod admission handler that rejects new pods when the node is in progress of shutting down. ([#98005](https://github.com/kubernetes/kubernetes/pull/98005), [@wzshiming](https://github.com/wzshiming)) [SIG Node] -- We will no longer automatically delete all data when a failure is detected during creation of the volume data file on a CSI volume. Now we will only remove the data file and volume path. ([#96021](https://github.com/kubernetes/kubernetes/pull/96021), [@huffmanca](https://github.com/huffmanca)) [SIG Storage] -- Aggregate errors when putting vmss ([#98350](https://github.com/kubernetes/kubernetes/pull/98350), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Avoid marking node as Ready until node has synced with API servers at least once ([#97995](https://github.com/kubernetes/kubernetes/pull/97995), [@ehashman](https://github.com/ehashman)) [SIG Node] -- Cleanup subnet in frontend IP configs to prevent huge subnet request bodies in some scenarios. ([#98132](https://github.com/kubernetes/kubernetes/pull/98132), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix CSI-migrated inline EBS volumes failing to mount if their volumeID is prefixed by aws:// ([#96821](https://github.com/kubernetes/kubernetes/pull/96821), [@wongma7](https://github.com/wongma7)) [SIG Storage] -- Fix azure file migration issue ([#97877](https://github.com/kubernetes/kubernetes/pull/97877), [@andyzhangx](https://github.com/andyzhangx)) [SIG Auth, Cloud Provider and Storage] -- Fix kubectl-convert import known versions ([#97754](https://github.com/kubernetes/kubernetes/pull/97754), [@wzshiming](https://github.com/wzshiming)) [SIG CLI and Testing] -- Fix the description of command line flags that can override --config ([#98786](https://github.com/kubernetes/kubernetes/pull/98786), [@changshuchao](https://github.com/changshuchao)) [SIG Scheduling] -- Fix the panic when kubelet registers if a node object already exists with no Status.Capacity or Status.Allocatable ([#97803](https://github.com/kubernetes/kubernetes/pull/97803), [@TeddyAndrieux](https://github.com/TeddyAndrieux)) [SIG Node] -- Fix the regression with the slow pods termination. Before this fix pods may take an additional time to terminate - up to one minute. Reversing the change that ensured that CNI resources cleaned up when the pod is removed on API server. ([#97980](https://github.com/kubernetes/kubernetes/pull/97980), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) [SIG Node] -- Fix to recover CSI volumes from certain dangling attachments ([#96617](https://github.com/kubernetes/kubernetes/pull/96617), [@yuga711](https://github.com/yuga711)) [SIG Apps and Storage] -- Fixed a bug that the kubelet cannot start on BtrfS. ([#98014](https://github.com/kubernetes/kubernetes/pull/98014), [@gjkim42](https://github.com/gjkim42)) [SIG Node] -- Fixed an issue with garbage collection failing to clean up namespaced children of an object also referenced incorrectly by cluster-scoped children ([#98068](https://github.com/kubernetes/kubernetes/pull/98068), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Apps] -- Fixed provisioning of Cinder volumes migrated to CSI when StorageClass with AllowedTopologies was used. ([#98311](https://github.com/kubernetes/kubernetes/pull/98311), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Fixes a panic in the disruption budget controller for PDB objects with invalid selectors ([#98775](https://github.com/kubernetes/kubernetes/pull/98775), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Apps] -- Fixes connection errors when using `--volume-host-cidr-denylist` or `--volume-host-allow-local-loopback` ([#98436](https://github.com/kubernetes/kubernetes/pull/98436), [@liggitt](https://github.com/liggitt)) [SIG Network and Storage] -- Kubeadm: get k8s CI version markers from k8s infra bucket ([#98836](https://github.com/kubernetes/kubernetes/pull/98836), [@hasheddan](https://github.com/hasheddan)) [SIG Cluster Lifecycle and Release] -- Kubelet should ignore cgroup driver check on Windows node. ([#98383](https://github.com/kubernetes/kubernetes/pull/98383), [@pacoxu](https://github.com/pacoxu)) [SIG Node] -- Make podTopologyHints protected by lock ([#95111](https://github.com/kubernetes/kubernetes/pull/95111), [@choury](https://github.com/choury)) [SIG Node] -- Static pods will be deleted gracefully. ([#98103](https://github.com/kubernetes/kubernetes/pull/98103), [@gjkim42](https://github.com/gjkim42)) [SIG Node] -- Truncates a message if it hits the NoteLengthLimit when the scheduler records an event for the pod that indicates the pod has failed to schedule. ([#98715](https://github.com/kubernetes/kubernetes/pull/98715), [@carlory](https://github.com/carlory)) [SIG Scheduling] -- Warning about using a deprecated volume plugin is logged only once. ([#96751](https://github.com/kubernetes/kubernetes/pull/96751), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Fix Azure file share not deleted issue when the namespace is deleted ([#97417](https://github.com/kubernetes/kubernetes/pull/97417), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fix counting error in service/nodeport/loadbalancer quota check ([#97826](https://github.com/kubernetes/kubernetes/pull/97826), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery and Network] -- Fix missing cadvisor machine metrics. ([#97006](https://github.com/kubernetes/kubernetes/pull/97006), [@lingsamuel](https://github.com/lingsamuel)) [SIG Node] -- Fix: azure file latency issue for metadata-heavy workloads ([#97082](https://github.com/kubernetes/kubernetes/pull/97082), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fixed bug in CPUManager with race on container map access ([#97427](https://github.com/kubernetes/kubernetes/pull/97427), [@klueska](https://github.com/klueska)) [SIG Node] -- GCE Internal LoadBalancer sync loop will now release the ILB IP address upon sync failure. An error in ILB forwarding rule creation will no longer leak IP addresses. ([#97740](https://github.com/kubernetes/kubernetes/pull/97740), [@prameshj](https://github.com/prameshj)) [SIG Cloud Provider and Network] -- Kubeadm: avoid detection of the container runtime for commands that do not need it ([#97847](https://github.com/kubernetes/kubernetes/pull/97847), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] -- Performance regression [#97685](https://github.com/kubernetes/kubernetes/issues/97685) has been fixed. ([#97860](https://github.com/kubernetes/kubernetes/pull/97860), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery] -- Use network.Interface.VirtualMachine.ID to get the binded VM - Skip standalone VM when reconciling LoadBalancer ([#97639](https://github.com/kubernetes/kubernetes/pull/97639), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- AcceleratorStats will be available in the Summary API of kubelet when cri_stats_provider is used. ([#97018](https://github.com/kubernetes/kubernetes/pull/97018), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG Node] -- Fixed FibreChannel volume plugin corrupting filesystems on detach of multipath volumes. ([#97013](https://github.com/kubernetes/kubernetes/pull/97013), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Fixed a bug in kubelet that will saturate CPU utilization after containerd got restarted. ([#97175](https://github.com/kubernetes/kubernetes/pull/97175), [@hanlins](https://github.com/hanlins)) [SIG Node] -- Kubeadm now installs version 3.4.13 of etcd when creating a cluster with v1.19 ([#97284](https://github.com/kubernetes/kubernetes/pull/97284), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] -- Kubeadm: Fixes a kubeadm upgrade bug that could cause a custom CoreDNS configuration to be replaced with the default. ([#97016](https://github.com/kubernetes/kubernetes/pull/97016), [@rajansandeep](https://github.com/rajansandeep)) [SIG Cluster Lifecycle] -- Add kubectl wait --ignore-not-found flag ([#90969](https://github.com/kubernetes/kubernetes/pull/90969), [@zhouya0](https://github.com/zhouya0)) [SIG CLI] -- Added support to kube-proxy for externalTrafficPolicy=Local setting via Direct Server Return (DSR) load balancers on Windows. ([#93166](https://github.com/kubernetes/kubernetes/pull/93166), [@elweb9858](https://github.com/elweb9858)) [SIG Network] -- Alter wording to describe pods using a pvc ([#95635](https://github.com/kubernetes/kubernetes/pull/95635), [@RaunakShah](https://github.com/RaunakShah)) [SIG CLI] -- An issues preventing volume expand controller to annotate the PVC with `volume.kubernetes.io/storage-resizer` when the PVC StorageClass is already updated to the out-of-tree provisioner is now fixed. ([#94489](https://github.com/kubernetes/kubernetes/pull/94489), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG API Machinery, Apps and Storage] -- Azure ARM client: don't segfault on empty response and http error ([#94078](https://github.com/kubernetes/kubernetes/pull/94078), [@bpineau](https://github.com/bpineau)) [SIG Cloud Provider] -- Azure armclient backoff step defaults to 1 (no retry). ([#94180](https://github.com/kubernetes/kubernetes/pull/94180), [@feiskyer](https://github.com/feiskyer)) -- Azure: fix a bug that kube-controller-manager would panic if wrong Azure VMSS name is configured ([#94306](https://github.com/kubernetes/kubernetes/pull/94306), [@knight42](https://github.com/knight42)) [SIG Cloud Provider] -- Both apiserver_request_duration_seconds metrics and RequestReceivedTimestamp fields of an audit event now take into account the time a request spends in the apiserver request filters. ([#94903](https://github.com/kubernetes/kubernetes/pull/94903), [@tkashem](https://github.com/tkashem)) -- Build/lib/release: Explicitly use '--platform' in building server images - - When we switched to go-runner for building the apiserver, - controller-manager, and scheduler server components, we no longer - reference the individual architectures in the image names, specifically - in the 'FROM' directive of the server image Dockerfiles. - - As a result, server images for non-amd64 images copy in the go-runner - amd64 binary instead of the go-runner that matches that architecture. - - This commit explicitly sets the '--platform=linux/${arch}' to ensure - we're pulling the correct go-runner arch from the manifest list. - - Before: - `FROM ${base_image}` - - After: - `FROM --platform=linux/${arch} ${base_image}` ([#94552](https://github.com/kubernetes/kubernetes/pull/94552), [@justaugustus](https://github.com/justaugustus)) [SIG Release] -- Bump node-problem-detector version to v0.8.5 to fix OOM detection in with Linux kernels 5.1+ ([#96716](https://github.com/kubernetes/kubernetes/pull/96716), [@tosi3k](https://github.com/tosi3k)) [SIG Cloud Provider, Scalability and Testing] -- CSIDriver object can be deployed during volume attachment. ([#93710](https://github.com/kubernetes/kubernetes/pull/93710), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Apps, Node, Storage and Testing] -- Ceph RBD volume expansion now works even when ceph.conf was not provided. ([#92027](https://github.com/kubernetes/kubernetes/pull/92027), [@juliantaylor](https://github.com/juliantaylor)) -- Change plugin name in fsgroupapplymetrics of csi and flexvolume to distinguish different driver ([#95892](https://github.com/kubernetes/kubernetes/pull/95892), [@JornShen](https://github.com/JornShen)) [SIG Instrumentation, Storage and Testing] -- Change the calculation of pod UIDs so that static pods get a unique value - will cause all containers to be killed and recreated after in-place upgrade. ([#87461](https://github.com/kubernetes/kubernetes/pull/87461), [@bboreham](https://github.com/bboreham)) [SIG Node] -- Change the mount way from systemd to normal mount except ceph and glusterfs intree-volume. ([#94916](https://github.com/kubernetes/kubernetes/pull/94916), [@smileusd](https://github.com/smileusd)) [SIG Apps, Cloud Provider, Network, Node, Storage and Testing] -- Changes to timeout parameter handling in 1.20.0-beta.2 have been reverted to avoid breaking backwards compatibility with existing clients. ([#96727](https://github.com/kubernetes/kubernetes/pull/96727), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing] -- Clear UDP conntrack entry on endpoint changes when using nodeport ([#71573](https://github.com/kubernetes/kubernetes/pull/71573), [@JacobTanenbaum](https://github.com/JacobTanenbaum)) [SIG Network] -- Cloud node controller: handle empty providerID from getProviderID ([#95342](https://github.com/kubernetes/kubernetes/pull/95342), [@nicolehanjing](https://github.com/nicolehanjing)) [SIG Cloud Provider] -- Disable watchcache for events ([#96052](https://github.com/kubernetes/kubernetes/pull/96052), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery] -- Disabled `LocalStorageCapacityIsolation` feature gate is honored during scheduling. ([#96092](https://github.com/kubernetes/kubernetes/pull/96092), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling] -- Do not fail sorting empty elements. ([#94666](https://github.com/kubernetes/kubernetes/pull/94666), [@soltysh](https://github.com/soltysh)) [SIG CLI] -- Dual-stack: make nodeipam compatible with existing single-stack clusters when dual-stack feature gate become enabled by default ([#90439](https://github.com/kubernetes/kubernetes/pull/90439), [@SataQiu](https://github.com/SataQiu)) [SIG API Machinery] -- Duplicate owner reference entries in create/update/patch requests now get deduplicated by the API server. The client sending the request now receives a warning header in the API response. Clients should stop sending requests with duplicate owner references. The API server may reject such requests as early as 1.24. ([#96185](https://github.com/kubernetes/kubernetes/pull/96185), [@roycaihw](https://github.com/roycaihw)) [SIG API Machinery and Testing] -- Endpoint slice controller now mirrors parent's service label to its corresponding endpoint slices. ([#94443](https://github.com/kubernetes/kubernetes/pull/94443), [@aojea](https://github.com/aojea)) -- Ensure getPrimaryInterfaceID not panic when network interfaces for Azure VMSS are null ([#94355](https://github.com/kubernetes/kubernetes/pull/94355), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Exposes and sets a default timeout for the SubjectAccessReview client for DelegatingAuthorizationOptions ([#95725](https://github.com/kubernetes/kubernetes/pull/95725), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery and Cloud Provider] -- Exposes and sets a default timeout for the TokenReview client for DelegatingAuthenticationOptions ([#96217](https://github.com/kubernetes/kubernetes/pull/96217), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery and Cloud Provider] -- Fix CVE-2020-8555 for Quobyte client connections. ([#95206](https://github.com/kubernetes/kubernetes/pull/95206), [@misterikkit](https://github.com/misterikkit)) [SIG Storage] -- Fix IP fragmentation of UDP and TCP packets not supported issues on LoadBalancer rules ([#96464](https://github.com/kubernetes/kubernetes/pull/96464), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix a bug that DefaultPreemption plugin is disabled when using (legacy) scheduler policy. ([#96439](https://github.com/kubernetes/kubernetes/pull/96439), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling and Testing] -- Fix a bug where loadbalancer deletion gets stuck because of missing resource group. ([#93962](https://github.com/kubernetes/kubernetes/pull/93962), [@phiphi282](https://github.com/phiphi282)) -- Fix a concurrent map writes error in kubelet ([#93773](https://github.com/kubernetes/kubernetes/pull/93773), [@knight42](https://github.com/knight42)) [SIG Node] -- Fix a panic in `kubectl debug` when a pod has multiple init or ephemeral containers. ([#94580](https://github.com/kubernetes/kubernetes/pull/94580), [@kiyoshim55](https://github.com/kiyoshim55)) -- Fix a regression where kubeadm bails out with a fatal error when an optional version command line argument is supplied to the "kubeadm upgrade plan" command ([#94421](https://github.com/kubernetes/kubernetes/pull/94421), [@rosti](https://github.com/rosti)) [SIG Cluster Lifecycle] -- Fix azure disk attach failure for disk size bigger than 4TB ([#95463](https://github.com/kubernetes/kubernetes/pull/95463), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix azure disk data loss issue on Windows when unmount disk ([#95456](https://github.com/kubernetes/kubernetes/pull/95456), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fix azure file migration panic ([#94853](https://github.com/kubernetes/kubernetes/pull/94853), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix bug in JSON path parser where an error occurs when a range is empty ([#95933](https://github.com/kubernetes/kubernetes/pull/95933), [@brianpursley](https://github.com/brianpursley)) [SIG API Machinery] -- Fix client-go prometheus metrics to correctly present the API path accessed in some environments. ([#74363](https://github.com/kubernetes/kubernetes/pull/74363), [@aanm](https://github.com/aanm)) [SIG API Machinery] -- Fix detach azure disk issue when vm not exist ([#95177](https://github.com/kubernetes/kubernetes/pull/95177), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix etcd_object_counts metric reported by kube-apiserver ([#94773](https://github.com/kubernetes/kubernetes/pull/94773), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] -- Fix incorrectly reported verbs for kube-apiserver metrics for CRD objects ([#93523](https://github.com/kubernetes/kubernetes/pull/93523), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery and Instrumentation] -- Fix k8s.io/apimachinery/pkg/api/meta.SetStatusCondition to update ObservedGeneration ([#95961](https://github.com/kubernetes/kubernetes/pull/95961), [@KnicKnic](https://github.com/KnicKnic)) [SIG API Machinery] -- Fix kubectl SchemaError on CRDs with schema using x-kubernetes-preserve-unknown-fields on array types. ([#94888](https://github.com/kubernetes/kubernetes/pull/94888), [@sttts](https://github.com/sttts)) [SIG API Machinery] -- Fix memory leak in kube-apiserver when underlying time goes forth and back. ([#96266](https://github.com/kubernetes/kubernetes/pull/96266), [@chenyw1990](https://github.com/chenyw1990)) [SIG API Machinery] -- Fix missing csi annotations on node during parallel csinode update. ([#94389](https://github.com/kubernetes/kubernetes/pull/94389), [@pacoxu](https://github.com/pacoxu)) [SIG Storage] -- Fix network_programming_latency metric reporting for Endpoints/EndpointSlice deletions, where we don't have correct timestamp ([#95363](https://github.com/kubernetes/kubernetes/pull/95363), [@wojtek-t](https://github.com/wojtek-t)) [SIG Network and Scalability] -- Fix paging issues when Azure API returns empty values with non-empty nextLink ([#96211](https://github.com/kubernetes/kubernetes/pull/96211), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Fix pull image error from multiple ACRs using azure managed identity ([#96355](https://github.com/kubernetes/kubernetes/pull/96355), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix race condition on timeCache locks. ([#94751](https://github.com/kubernetes/kubernetes/pull/94751), [@auxten](https://github.com/auxten)) -- Fix regression on `kubectl port-forward` when TCP and UCP services were configured on the same port. ([#94728](https://github.com/kubernetes/kubernetes/pull/94728), [@amorenoz](https://github.com/amorenoz)) -- Fix scheduler cache snapshot when a Node is deleted before its Pods ([#95130](https://github.com/kubernetes/kubernetes/pull/95130), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling] -- Fix the `cloudprovider_azure_api_request_duration_seconds` metric buckets to correctly capture the latency metrics. Previously, the majority of the calls would fall in the "+Inf" bucket. ([#94873](https://github.com/kubernetes/kubernetes/pull/94873), [@marwanad](https://github.com/marwanad)) [SIG Cloud Provider and Instrumentation] -- Fix vSphere volumes that could be erroneously attached to wrong node ([#96224](https://github.com/kubernetes/kubernetes/pull/96224), [@gnufied](https://github.com/gnufied)) [SIG Cloud Provider and Storage] -- Fix verb & scope reporting for kube-apiserver metrics (LIST reported instead of GET) ([#95562](https://github.com/kubernetes/kubernetes/pull/95562), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery and Testing] -- Fix vSphere detach failure for static PVs ([#95447](https://github.com/kubernetes/kubernetes/pull/95447), [@gnufied](https://github.com/gnufied)) [SIG Cloud Provider and Storage] -- Fix: azure disk resize error if source does not exist ([#93011](https://github.com/kubernetes/kubernetes/pull/93011), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix: detach azure disk broken on Azure Stack ([#94885](https://github.com/kubernetes/kubernetes/pull/94885), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix: resize Azure disk issue when it's in attached state ([#96705](https://github.com/kubernetes/kubernetes/pull/96705), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix: smb valid path error ([#95583](https://github.com/kubernetes/kubernetes/pull/95583), [@andyzhangx](https://github.com/andyzhangx)) [SIG Storage] -- Fix: use sensitiveOptions on Windows mount ([#94126](https://github.com/kubernetes/kubernetes/pull/94126), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fixed a bug causing incorrect formatting of `kubectl describe ingress`. ([#94985](https://github.com/kubernetes/kubernetes/pull/94985), [@howardjohn](https://github.com/howardjohn)) [SIG CLI and Network] -- Fixed a bug in client-go where new clients with customized `Dial`, `Proxy`, `GetCert` config may get stale HTTP transports. ([#95427](https://github.com/kubernetes/kubernetes/pull/95427), [@roycaihw](https://github.com/roycaihw)) [SIG API Machinery] -- Fixed a bug that prevents kubectl to validate CRDs with schema using x-kubernetes-preserve-unknown-fields on object fields. ([#96369](https://github.com/kubernetes/kubernetes/pull/96369), [@gautierdelorme](https://github.com/gautierdelorme)) [SIG API Machinery and Testing] -- Fixed a bug that prevents the use of ephemeral containers in the presence of a validating admission webhook. ([#94685](https://github.com/kubernetes/kubernetes/pull/94685), [@verb](https://github.com/verb)) [SIG Node and Testing] -- Fixed a bug where aggregator_unavailable_apiservice metrics were reported for deleted apiservices. ([#96421](https://github.com/kubernetes/kubernetes/pull/96421), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG API Machinery and Instrumentation] -- Fixed a bug where improper storage and comparison of endpoints led to excessive API traffic from the endpoints controller ([#94112](https://github.com/kubernetes/kubernetes/pull/94112), [@damemi](https://github.com/damemi)) [SIG Apps, Network and Testing] -- Fixed a regression which prevented pods with `docker/default` seccomp annotations from being created in 1.19 if a PodSecurityPolicy was in place which did not allow `runtime/default` seccomp profiles. ([#95985](https://github.com/kubernetes/kubernetes/pull/95985), [@saschagrunert](https://github.com/saschagrunert)) [SIG Auth] -- Fixed bug in reflector that couldn't recover from "Too large resource version" errors with API servers 1.17.0-1.18.5 ([#94316](https://github.com/kubernetes/kubernetes/pull/94316), [@janeczku](https://github.com/janeczku)) [SIG API Machinery] -- Fixed bug where kubectl top pod output is not sorted when --sort-by and --containers flags are used together ([#93692](https://github.com/kubernetes/kubernetes/pull/93692), [@brianpursley](https://github.com/brianpursley)) [SIG CLI] -- Fixed kubelet creating extra sandbox for pods with RestartPolicyOnFailure after all containers succeeded ([#92614](https://github.com/kubernetes/kubernetes/pull/92614), [@tnqn](https://github.com/tnqn)) [SIG Node and Testing] -- Fixes an issue proxying to ipv6 pods without specifying a port ([#94834](https://github.com/kubernetes/kubernetes/pull/94834), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Network] -- Fixes code generation for non-namespaced create subresources fake client test. ([#96586](https://github.com/kubernetes/kubernetes/pull/96586), [@Doude](https://github.com/Doude)) [SIG API Machinery] -- Fixes high CPU usage in kubectl drain ([#95260](https://github.com/kubernetes/kubernetes/pull/95260), [@amandahla](https://github.com/amandahla)) [SIG CLI] -- For vSphere Cloud Provider, If VM of worker node is deleted, the node will also be deleted by node controller ([#92608](https://github.com/kubernetes/kubernetes/pull/92608), [@lubronzhan](https://github.com/lubronzhan)) [SIG Cloud Provider] -- Gracefully delete nodes when their parent scale set went missing ([#95289](https://github.com/kubernetes/kubernetes/pull/95289), [@bpineau](https://github.com/bpineau)) [SIG Cloud Provider] -- HTTP/2 connection health check is enabled by default in all Kubernetes clients. The feature should work out-of-the-box. If needed, users can tune the feature via the HTTP2_READ_IDLE_TIMEOUT_SECONDS and HTTP2_PING_TIMEOUT_SECONDS environment variables. The feature is disabled if HTTP2_READ_IDLE_TIMEOUT_SECONDS is set to 0. ([#95981](https://github.com/kubernetes/kubernetes/pull/95981), [@caesarxuchao](https://github.com/caesarxuchao)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Node] -- If the user specifies an invalid timeout in the request URL, the request will be aborted with an HTTP 400. - - If the user specifies a timeout in the request URL that exceeds the maximum request deadline allowed by the apiserver, the request will be aborted with an HTTP 400. ([#96061](https://github.com/kubernetes/kubernetes/pull/96061), [@tkashem](https://github.com/tkashem)) [SIG API Machinery, Network and Testing] -- If we set SelectPolicy MinPolicySelect on scaleUp behavior or scaleDown behavior,Horizontal Pod Autoscaler doesn't automatically scale the number of pods correctly ([#95647](https://github.com/kubernetes/kubernetes/pull/95647), [@JoshuaAndrew](https://github.com/JoshuaAndrew)) [SIG Apps and Autoscaling] -- Ignore apparmor for non-linux operating systems ([#93220](https://github.com/kubernetes/kubernetes/pull/93220), [@wawa0210](https://github.com/wawa0210)) [SIG Node and Windows] -- Ignore root user check when windows pod starts ([#92355](https://github.com/kubernetes/kubernetes/pull/92355), [@wawa0210](https://github.com/wawa0210)) [SIG Node and Windows] -- Improve error messages related to nodePort endpoint changes conntrack entries cleanup. ([#96251](https://github.com/kubernetes/kubernetes/pull/96251), [@ravens](https://github.com/ravens)) [SIG Network] -- In dual-stack clusters, kubelet will now set up both IPv4 and IPv6 iptables rules, which may - fix some problems, eg with HostPorts. ([#94474](https://github.com/kubernetes/kubernetes/pull/94474), [@danwinship](https://github.com/danwinship)) [SIG Network and Node] -- Increase maximum IOPS of AWS EBS io1 volume to current maximum (64,000). ([#90014](https://github.com/kubernetes/kubernetes/pull/90014), [@jacobmarble](https://github.com/jacobmarble)) -- Ipvs: ensure selected scheduler kernel modules are loaded ([#93040](https://github.com/kubernetes/kubernetes/pull/93040), [@cmluciano](https://github.com/cmluciano)) [SIG Network] -- K8s.io/apimachinery: runtime.DefaultUnstructuredConverter.FromUnstructured now handles converting integer fields to typed float values ([#93250](https://github.com/kubernetes/kubernetes/pull/93250), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Kube-proxy now trims extra spaces found in loadBalancerSourceRanges to match Service validation. ([#94107](https://github.com/kubernetes/kubernetes/pull/94107), [@robscott](https://github.com/robscott)) [SIG Network] -- Kubeadm ensures "kubeadm reset" does not unmount the root "/var/lib/kubelet" directory if it is mounted by the user. ([#93702](https://github.com/kubernetes/kubernetes/pull/93702), [@thtanaka](https://github.com/thtanaka)) -- Kubeadm now makes sure the etcd manifest is regenerated upon upgrade even when no etcd version change takes place ([#94395](https://github.com/kubernetes/kubernetes/pull/94395), [@rosti](https://github.com/rosti)) [SIG Cluster Lifecycle] -- Kubeadm now warns (instead of error out) on missing "ca.key" files for root CA, front-proxy CA and etcd CA, during "kubeadm join --control-plane" if the user has provided all certificates, keys and kubeconfig files which require signing with the given CA keys. ([#94988](https://github.com/kubernetes/kubernetes/pull/94988), [@neolit123](https://github.com/neolit123)) -- Kubeadm: add missing "--experimental-patches" flag to "kubeadm init phase control-plane" ([#95786](https://github.com/kubernetes/kubernetes/pull/95786), [@Sh4d1](https://github.com/Sh4d1)) [SIG Cluster Lifecycle] -- Kubeadm: avoid a panic when determining if the running version of CoreDNS is supported during upgrades ([#94299](https://github.com/kubernetes/kubernetes/pull/94299), [@zouyee](https://github.com/zouyee)) [SIG Cluster Lifecycle] -- Kubeadm: ensure the etcd data directory is created with 0700 permissions during control-plane init and join ([#94102](https://github.com/kubernetes/kubernetes/pull/94102), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: fix coredns migration should be triggered when there are newdefault configs during kubeadm upgrade ([#96907](https://github.com/kubernetes/kubernetes/pull/96907), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] -- Kubeadm: fix the bug that kubeadm tries to call 'docker info' even if the CRI socket was for another CR ([#94555](https://github.com/kubernetes/kubernetes/pull/94555), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Kubeadm: for Docker as the container runtime, make the "kubeadm reset" command stop containers before removing them ([#94586](https://github.com/kubernetes/kubernetes/pull/94586), [@BedivereZero](https://github.com/BedivereZero)) [SIG Cluster Lifecycle] -- Kubeadm: make the kubeconfig files for the kube-controller-manager and kube-scheduler use the LocalAPIEndpoint instead of the ControlPlaneEndpoint. This makes kubeadm clusters more reseliant to version skew problems during immutable upgrades: https://kubernetes.io/docs/setup/release/version-skew-policy/#kube-controller-manager-kube-scheduler-and-cloud-controller-manager ([#94398](https://github.com/kubernetes/kubernetes/pull/94398), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: relax the validation of kubeconfig server URLs. Allow the user to define custom kubeconfig server URLs without erroring out during validation of existing kubeconfig files (e.g. when using external CA mode). ([#94816](https://github.com/kubernetes/kubernetes/pull/94816), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubectl: print error if users place flags before plugin name ([#92343](https://github.com/kubernetes/kubernetes/pull/92343), [@knight42](https://github.com/knight42)) [SIG CLI] -- Kubelet: assume that swap is disabled when `/proc/swaps` does not exist ([#93931](https://github.com/kubernetes/kubernetes/pull/93931), [@SataQiu](https://github.com/SataQiu)) [SIG Node] -- New Azure instance types do now have correct max data disk count information. ([#94340](https://github.com/kubernetes/kubernetes/pull/94340), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Cloud Provider and Storage] -- Port mapping now allows the same `containerPort` of different containers to different `hostPort` without naming the mapping explicitly. ([#94494](https://github.com/kubernetes/kubernetes/pull/94494), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) -- Print go stack traces at -v=4 and not -v=2 ([#94663](https://github.com/kubernetes/kubernetes/pull/94663), [@soltysh](https://github.com/soltysh)) [SIG CLI] -- Recreate EndpointSlices on rapid Service creation. ([#94730](https://github.com/kubernetes/kubernetes/pull/94730), [@robscott](https://github.com/robscott)) -- Reduce volume name length for vSphere volumes ([#96533](https://github.com/kubernetes/kubernetes/pull/96533), [@gnufied](https://github.com/gnufied)) [SIG Storage] -- Remove ready file and its directory (which is created during volume SetUp) during emptyDir volume TearDown. ([#95770](https://github.com/kubernetes/kubernetes/pull/95770), [@jingxu97](https://github.com/jingxu97)) [SIG Storage] -- Reorganized iptables rules to fix a performance issue ([#95252](https://github.com/kubernetes/kubernetes/pull/95252), [@tssurya](https://github.com/tssurya)) [SIG Network] -- Require feature flag CustomCPUCFSQuotaPeriod if setting a non-default cpuCFSQuotaPeriod in kubelet config. ([#94687](https://github.com/kubernetes/kubernetes/pull/94687), [@karan](https://github.com/karan)) [SIG Node] -- Resolves a regression in 1.19+ with workloads targeting deprecated beta os/arch labels getting stuck in NodeAffinity status on node startup. ([#96810](https://github.com/kubernetes/kubernetes/pull/96810), [@liggitt](https://github.com/liggitt)) [SIG Node] -- Resolves non-deterministic behavior of the garbage collection controller when ownerReferences with incorrect data are encountered. Events with a reason of `OwnerRefInvalidNamespace` are recorded when namespace mismatches between child and owner objects are detected. The [kubectl-check-ownerreferences](https://github.com/kubernetes-sigs/kubectl-check-ownerreferences) tool can be run prior to upgrading to locate existing objects with invalid ownerReferences. - - A namespaced object with an ownerReference referencing a uid of a namespaced kind which does not exist in the same namespace is now consistently treated as though that owner does not exist, and the child object is deleted. - - A cluster-scoped object with an ownerReference referencing a uid of a namespaced kind is now consistently treated as though that owner is not resolvable, and the child object is ignored by the garbage collector. ([#92743](https://github.com/kubernetes/kubernetes/pull/92743), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Apps and Testing] -- Skip [k8s.io/kubernetes@v1.19.0/test/e2e/storage/testsuites/base.go:162]: Driver azure-disk doesn't support snapshot type DynamicSnapshot -- skipping - skip [k8s.io/kubernetes@v1.19.0/test/e2e/storage/testsuites/base.go:185]: Driver azure-disk doesn't support ntfs -- skipping ([#96144](https://github.com/kubernetes/kubernetes/pull/96144), [@qinpingli](https://github.com/qinpingli)) [SIG Storage and Testing] -- StatefulSet Controller now waits for PersistentVolumeClaim deletion before creating pods. ([#93457](https://github.com/kubernetes/kubernetes/pull/93457), [@ymmt2005](https://github.com/ymmt2005)) -- StreamWatcher now calls HandleCrash at appropriate sequence. ([#93108](https://github.com/kubernetes/kubernetes/pull/93108), [@lixiaobing1](https://github.com/lixiaobing1)) -- Support the node label `node.kubernetes.io/exclude-from-external-load-balancers` ([#95542](https://github.com/kubernetes/kubernetes/pull/95542), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- The AWS network load balancer attributes can now be specified during service creation ([#95247](https://github.com/kubernetes/kubernetes/pull/95247), [@kishorj](https://github.com/kishorj)) [SIG Cloud Provider] -- The `/debug/api_priority_and_fairness/dump_requests` path at an apiserver will no longer return a phantom line for each exempt priority level. ([#93406](https://github.com/kubernetes/kubernetes/pull/93406), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery] -- The kube-apiserver will no longer serve APIs that should have been deleted in GA non-alpha levels. Alpha levels will continue to serve the removed APIs so that CI doesn't immediately break. ([#96525](https://github.com/kubernetes/kubernetes/pull/96525), [@deads2k](https://github.com/deads2k)) [SIG API Machinery] -- The kubelet recognizes the --containerd-namespace flag to configure the namespace used by cadvisor. ([#87054](https://github.com/kubernetes/kubernetes/pull/87054), [@changyaowei](https://github.com/changyaowei)) [SIG Node] -- Unhealthy pods covered by PDBs can be successfully evicted if enough healthy pods are available. ([#94381](https://github.com/kubernetes/kubernetes/pull/94381), [@michaelgugino](https://github.com/michaelgugino)) [SIG Apps] -- Update Calico to v3.15.2 ([#94241](https://github.com/kubernetes/kubernetes/pull/94241), [@lmm](https://github.com/lmm)) [SIG Cloud Provider] -- Update default etcd server version to 3.4.13 ([#94287](https://github.com/kubernetes/kubernetes/pull/94287), [@jingyih](https://github.com/jingyih)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing] -- Update max azure data disk count map ([#96308](https://github.com/kubernetes/kubernetes/pull/96308), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Update the PIP when it is not in the Succeeded provisioning state during the LB update. ([#95748](https://github.com/kubernetes/kubernetes/pull/95748), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Update the frontend IP config when the service's `pipName` annotation is changed ([#95813](https://github.com/kubernetes/kubernetes/pull/95813), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Update the route table tag in the route reconcile loop ([#96545](https://github.com/kubernetes/kubernetes/pull/96545), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Use NLB Subnet CIDRs instead of VPC CIDRs in Health Check SG Rules ([#93515](https://github.com/kubernetes/kubernetes/pull/93515), [@t0rr3sp3dr0](https://github.com/t0rr3sp3dr0)) [SIG Cloud Provider] -- Users will see increase in time for deletion of pods and also guarantee that removal of pod from api server would mean deletion of all the resources from container runtime. ([#92817](https://github.com/kubernetes/kubernetes/pull/92817), [@kmala](https://github.com/kmala)) [SIG Node] -- Very large patches may now be specified to `kubectl patch` with the `--patch-file` flag instead of including them directly on the command line. The `--patch` and `--patch-file` flags are mutually exclusive. ([#93548](https://github.com/kubernetes/kubernetes/pull/93548), [@smarterclayton](https://github.com/smarterclayton)) [SIG CLI] -- Volume binding: report UnschedulableAndUnresolvable status instead of an error when bound PVs not found ([#95541](https://github.com/kubernetes/kubernetes/pull/95541), [@cofyc](https://github.com/cofyc)) [SIG Apps, Scheduling and Storage] -- Warn instead of fail when creating Roles and ClusterRoles with custom verbs via kubectl ([#92492](https://github.com/kubernetes/kubernetes/pull/92492), [@eddiezane](https://github.com/eddiezane)) [SIG CLI] -- When creating a PVC with the volume.beta.kubernetes.io/storage-provisioner annotation already set, the PV controller might have incorrectly deleted the newly provisioned PV instead of binding it to the PVC, depending on timing and system load. ([#95909](https://github.com/kubernetes/kubernetes/pull/95909), [@pohly](https://github.com/pohly)) [SIG Apps and Storage] -- [kubectl] Fail when local source file doesn't exist ([#90333](https://github.com/kubernetes/kubernetes/pull/90333), [@bamarni](https://github.com/bamarni)) [SIG CLI] - - - - -#### Other (Cleanup or Flake) - -- Update the Debian images to pick up CVE fixes in the base images: - - Update the `debian-base` image to v1.7.0 - - Update the `debian-iptables` image to v1.6.1 ([#102341](https://github.com/kubernetes/kubernetes/pull/102341), [@cpanato](https://github.com/cpanato)) [SIG API Machinery and Testing] -- Kubeadm: change the default image repository for CI images from 'gcr.io/kubernetes-ci-images' to 'gcr.io/k8s-staging-ci-images' ([#97087](https://github.com/kubernetes/kubernetes/pull/97087), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Resolves flakes in the Ingress conformance tests due to conflicts with controllers updating the Ingress object ([#98430](https://github.com/kubernetes/kubernetes/pull/98430), [@liggitt](https://github.com/liggitt)) [SIG Network and Testing] -- Handle slow CronJob lister in CronJob controller v2 and improve memory footprint. ([#96443](https://github.com/kubernetes/kubernetes/pull/96443), [@alaypatel07](https://github.com/alaypatel07)) [SIG Apps] -- --redirect-container-streaming is no longer functional. The flag will be removed in v1.22 ([#95935](https://github.com/kubernetes/kubernetes/pull/95935), [@tallclair](https://github.com/tallclair)) [SIG Node] -- A new metric `requestAbortsTotal` has been introduced that counts aborted requests for each `group`, `version`, `verb`, `resource`, `subresource` and `scope`. ([#95002](https://github.com/kubernetes/kubernetes/pull/95002), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery, Cloud Provider, Instrumentation and Scheduling] -- API priority and fairness metrics use snake_case in label names ([#96236](https://github.com/kubernetes/kubernetes/pull/96236), [@adtac](https://github.com/adtac)) [SIG API Machinery, Cluster Lifecycle, Instrumentation and Testing] -- Add fine-grained debugging to intra-pod conformance test to troubleshoot networking issues for potentially unhealthy nodes when running conformance or sonobuoy tests. ([#93837](https://github.com/kubernetes/kubernetes/pull/93837), [@jayunit100](https://github.com/jayunit100)) -- Add the following metrics: - - network_plugin_operations_total - - network_plugin_operations_errors_total ([#93066](https://github.com/kubernetes/kubernetes/pull/93066), [@AnishShah](https://github.com/AnishShah)) -- Adds a bootstrapping ClusterRole, ClusterRoleBinding and group for /metrics, /livez/*, /readyz/*, & /healthz/- endpoints. ([#93311](https://github.com/kubernetes/kubernetes/pull/93311), [@logicalhan](https://github.com/logicalhan)) [SIG API Machinery, Auth, Cloud Provider and Instrumentation] -- AdmissionReview objects sent for the creation of Namespace API objects now populate the `namespace` attribute consistently (previously the `namespace` attribute was empty for Namespace creation via POST requests, and populated for Namespace creation via server-side-apply PATCH requests) ([#95012](https://github.com/kubernetes/kubernetes/pull/95012), [@nodo](https://github.com/nodo)) [SIG API Machinery and Testing] -- Applies translations on all command descriptions ([#95439](https://github.com/kubernetes/kubernetes/pull/95439), [@HerrNaN](https://github.com/HerrNaN)) [SIG CLI] -- Base-images: Update to debian-iptables:buster-v1.3.0 - - Uses iptables 1.8.5 - - base-images: Update to debian-base:buster-v1.2.0 - - cluster/images/etcd: Build etcd:3.4.13-1 image - - Uses debian-base:buster-v1.2.0 ([#94733](https://github.com/kubernetes/kubernetes/pull/94733), [@justaugustus](https://github.com/justaugustus)) [SIG API Machinery, Release and Testing] -- Changed: default "Accept-Encoding" header removed from HTTP probes. See https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#http-probes ([#96127](https://github.com/kubernetes/kubernetes/pull/96127), [@fonsecas72](https://github.com/fonsecas72)) [SIG Network and Node] -- Client-go header logging (at verbosity levels >= 9) now masks `Authorization` header contents ([#95316](https://github.com/kubernetes/kubernetes/pull/95316), [@sfowl](https://github.com/sfowl)) [SIG API Machinery] -- Decrease warning message frequency on setting volume ownership for configmap/secret. ([#92878](https://github.com/kubernetes/kubernetes/pull/92878), [@jvanz](https://github.com/jvanz)) -- Enhance log information of verifyRunAsNonRoot, add pod, container information ([#94911](https://github.com/kubernetes/kubernetes/pull/94911), [@wawa0210](https://github.com/wawa0210)) [SIG Node] -- Fix func name NewCreateCreateDeploymentOptions ([#91931](https://github.com/kubernetes/kubernetes/pull/91931), [@lixiaobing1](https://github.com/lixiaobing1)) [SIG CLI] -- Fix kubelet to properly log when a container is started. Previously, kubelet may log that container is dead and was restarted when it was actually started for the first time. This behavior only happened on pods with initContainers and regular containers. ([#91469](https://github.com/kubernetes/kubernetes/pull/91469), [@rata](https://github.com/rata)) -- Fixes the message about no auth for metrics in scheduler. ([#94035](https://github.com/kubernetes/kubernetes/pull/94035), [@zhouya0](https://github.com/zhouya0)) [SIG Scheduling] -- Generators for services are removed from kubectl ([#95256](https://github.com/kubernetes/kubernetes/pull/95256), [@Git-Jiro](https://github.com/Git-Jiro)) [SIG CLI] -- Introduce kubectl-convert plugin. ([#96190](https://github.com/kubernetes/kubernetes/pull/96190), [@soltysh](https://github.com/soltysh)) [SIG CLI and Testing] -- Kube-scheduler now logs processed component config at startup ([#96426](https://github.com/kubernetes/kubernetes/pull/96426), [@damemi](https://github.com/damemi)) [SIG Scheduling] -- Kubeadm: Separate argument key/value in log msg ([#94016](https://github.com/kubernetes/kubernetes/pull/94016), [@mrueg](https://github.com/mrueg)) [SIG Cluster Lifecycle] -- Kubeadm: remove the CoreDNS check for known image digests when applying the addon ([#94506](https://github.com/kubernetes/kubernetes/pull/94506), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: update the default pause image version to 1.4.0 on Windows. With this update the image supports Windows versions 1809 (2019LTS), 1903, 1909, 2004 ([#95419](https://github.com/kubernetes/kubernetes/pull/95419), [@jsturtevant](https://github.com/jsturtevant)) [SIG Cluster Lifecycle and Windows] -- Kubectl: the `generator` flag of `kubectl autoscale` has been deprecated and has no effect, it will be removed in a feature release ([#92998](https://github.com/kubernetes/kubernetes/pull/92998), [@SataQiu](https://github.com/SataQiu)) [SIG CLI] -- Lock ExternalPolicyForExternalIP to default, this feature gate will be removed in 1.22. ([#94581](https://github.com/kubernetes/kubernetes/pull/94581), [@knabben](https://github.com/knabben)) [SIG Network] -- Mask ceph RBD adminSecrets in logs when logLevel >= 4. ([#95245](https://github.com/kubernetes/kubernetes/pull/95245), [@sfowl](https://github.com/sfowl)) -- Remove offensive words from kubectl cluster-info command. ([#95202](https://github.com/kubernetes/kubernetes/pull/95202), [@rikatz](https://github.com/rikatz)) -- Remove support for "ci/k8s-master" version label in kubeadm, use "ci/latest" instead. See [kubernetes/test-infra#18517](https://github.com/kubernetes/test-infra/pull/18517). ([#93626](https://github.com/kubernetes/kubernetes/pull/93626), [@vikkyomkar](https://github.com/vikkyomkar)) -- Remove the dependency of csi-translation-lib module on apiserver/cloud-provider/controller-manager ([#95543](https://github.com/kubernetes/kubernetes/pull/95543), [@wawa0210](https://github.com/wawa0210)) [SIG Release] -- Scheduler framework interface moved from pkg/scheduler/framework/v1alpha to pkg/scheduler/framework ([#95069](https://github.com/kubernetes/kubernetes/pull/95069), [@farah](https://github.com/farah)) [SIG Scheduling, Storage and Testing] -- Service.beta.kubernetes.io/azure-load-balancer-disable-tcp-reset is removed. All Standard load balancers will always enable tcp resets. ([#94297](https://github.com/kubernetes/kubernetes/pull/94297), [@MarcPow](https://github.com/MarcPow)) [SIG Cloud Provider] -- Stop propagating SelfLink (deprecated in 1.16) in kube-apiserver ([#94397](https://github.com/kubernetes/kubernetes/pull/94397), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery and Testing] -- Strip unnecessary security contexts on Windows ([#93475](https://github.com/kubernetes/kubernetes/pull/93475), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Node, Testing and Windows] -- To ensure the code be strong, add unit test for GetAddressAndDialer ([#93180](https://github.com/kubernetes/kubernetes/pull/93180), [@FreeZhang61](https://github.com/FreeZhang61)) [SIG Node] -- UDP and SCTP protocols can left stale connections that need to be cleared to avoid services disruption, but they can cause problems that are hard to debug. - Kubernetes components using a loglevel greater or equal than 4 will log the conntrack operations and its output, to show the entries that were deleted. ([#95694](https://github.com/kubernetes/kubernetes/pull/95694), [@aojea](https://github.com/aojea)) [SIG Network] -- Update CNI plugins to v0.8.7 ([#94367](https://github.com/kubernetes/kubernetes/pull/94367), [@justaugustus](https://github.com/justaugustus)) [SIG Cloud Provider, Network, Node, Release and Testing] -- Update cri-tools to [v1.19.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.19.0) ([#94307](https://github.com/kubernetes/kubernetes/pull/94307), [@xmudrii](https://github.com/xmudrii)) [SIG Cloud Provider] -- Update etcd client side to v3.4.13 ([#94259](https://github.com/kubernetes/kubernetes/pull/94259), [@jingyih](https://github.com/jingyih)) [SIG API Machinery and Cloud Provider] -- Users will now be able to configure all supported values for AWS NLB health check interval and thresholds for new resources. ([#96312](https://github.com/kubernetes/kubernetes/pull/96312), [@kishorj](https://github.com/kishorj)) [SIG Cloud Provider] -- V1helpers.MatchNodeSelectorTerms now accepts just a Node and a list of Terms ([#95871](https://github.com/kubernetes/kubernetes/pull/95871), [@damemi](https://github.com/damemi)) [SIG Apps, Scheduling and Storage] -- vSphere: improve logging message on node cache refresh event ([#95236](https://github.com/kubernetes/kubernetes/pull/95236), [@andrewsykim](https://github.com/andrewsykim)) [SIG Cloud Provider] -- `MatchNodeSelectorTerms` function moved to `k8s.io/component-helpers` ([#95531](https://github.com/kubernetes/kubernetes/pull/95531), [@damemi](https://github.com/damemi)) [SIG Apps, Scheduling and Storage] -- `kubectl api-resources` now prints the API version (as 'API group/version', same as output of `kubectl api-versions`). The column APIGROUP is now APIVERSION ([#95253](https://github.com/kubernetes/kubernetes/pull/95253), [@sallyom](https://github.com/sallyom)) [SIG CLI] -- `kubectl get ingress` now prefers the `networking.k8s.io/v1` over `extensions/v1beta1` (deprecated since v1.14). To explicitly request the deprecated version, use `kubectl get ingress.v1beta1.extensions`. ([#94309](https://github.com/kubernetes/kubernetes/pull/94309), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and CLI] - - - -#### Dependencies - -##### Added -- cloud.google.com/go/firestore: v1.1.0 -- github.com/Azure/go-autorest: [v14.2.0+incompatible](https://github.com/Azure/go-autorest/tree/v14.2.0) -- github.com/armon/go-metrics: [f0300d1](https://github.com/armon/go-metrics/tree/f0300d1) -- github.com/armon/go-radix: [7fddfc3](https://github.com/armon/go-radix/tree/7fddfc3) -- github.com/bketelsen/crypt: [5cbc8cc](https://github.com/bketelsen/crypt/tree/5cbc8cc) -- github.com/form3tech-oss/jwt-go: [v3.2.2+incompatible](https://github.com/form3tech-oss/jwt-go/tree/v3.2.2) -- github.com/fvbommel/sortorder: [v1.0.1](https://github.com/fvbommel/sortorder/tree/v1.0.1) -- github.com/hashicorp/consul/api: [v1.1.0](https://github.com/hashicorp/consul/api/tree/v1.1.0) -- github.com/hashicorp/consul/sdk: [v0.1.1](https://github.com/hashicorp/consul/sdk/tree/v0.1.1) -- github.com/hashicorp/errwrap: [v1.0.0](https://github.com/hashicorp/errwrap/tree/v1.0.0) -- github.com/hashicorp/go-cleanhttp: [v0.5.1](https://github.com/hashicorp/go-cleanhttp/tree/v0.5.1) -- github.com/hashicorp/go-immutable-radix: [v1.0.0](https://github.com/hashicorp/go-immutable-radix/tree/v1.0.0) -- github.com/hashicorp/go-msgpack: [v0.5.3](https://github.com/hashicorp/go-msgpack/tree/v0.5.3) -- github.com/hashicorp/go-multierror: [v1.0.0](https://github.com/hashicorp/go-multierror/tree/v1.0.0) -- github.com/hashicorp/go-rootcerts: [v1.0.0](https://github.com/hashicorp/go-rootcerts/tree/v1.0.0) -- github.com/hashicorp/go-sockaddr: [v1.0.0](https://github.com/hashicorp/go-sockaddr/tree/v1.0.0) -- github.com/hashicorp/go-uuid: [v1.0.1](https://github.com/hashicorp/go-uuid/tree/v1.0.1) -- github.com/hashicorp/go.net: [v0.0.1](https://github.com/hashicorp/go.net/tree/v0.0.1) -- github.com/hashicorp/logutils: [v1.0.0](https://github.com/hashicorp/logutils/tree/v1.0.0) -- github.com/hashicorp/mdns: [v1.0.0](https://github.com/hashicorp/mdns/tree/v1.0.0) -- github.com/hashicorp/memberlist: [v0.1.3](https://github.com/hashicorp/memberlist/tree/v0.1.3) -- github.com/hashicorp/serf: [v0.8.2](https://github.com/hashicorp/serf/tree/v0.8.2) -- github.com/jmespath/go-jmespath/internal/testify: [v1.5.1](https://github.com/jmespath/go-jmespath/releases/tag/internal%2Ftestify%2Fv1.5.1) -- github.com/mitchellh/cli: [v1.0.0](https://github.com/mitchellh/cli/tree/v1.0.0) -- github.com/mitchellh/go-testing-interface: [v1.0.0](https://github.com/mitchellh/go-testing-interface/tree/v1.0.0) -- github.com/mitchellh/gox: [v0.4.0](https://github.com/mitchellh/gox/tree/v0.4.0) -- github.com/mitchellh/iochan: [v1.0.0](https://github.com/mitchellh/iochan/tree/v1.0.0) -- github.com/pascaldekloe/goe: [57f6aae](https://github.com/pascaldekloe/goe/tree/57f6aae) -- github.com/posener/complete: [v1.1.1](https://github.com/posener/complete/tree/v1.1.1) -- github.com/ryanuber/columnize: [9b3edd6](https://github.com/ryanuber/columnize/tree/9b3edd6) -- github.com/sean-/seed: [e2103e2](https://github.com/sean-/seed/tree/e2103e2) -- github.com/subosito/gotenv: [v1.2.0](https://github.com/subosito/gotenv/tree/v1.2.0) -- github.com/willf/bitset: [d5bec33](https://github.com/willf/bitset/tree/d5bec33) -- gopkg.in/ini.v1: v1.51.0 -- gopkg.in/yaml.v3: 9f266ea -- rsc.io/quote/v3: v3.1.0 -- rsc.io/sampler: v1.3.0 - -##### Changed -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.9 → v0.0.19 -- github.com/gogo/protobuf: [v1.3.1 → v1.3.2](https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2) -- github.com/kisielk/errcheck: [v1.2.0 → v1.5.0](https://github.com/kisielk/errcheck/compare/v1.2.0...v1.5.0) -- github.com/yuin/goldmark: [v1.1.27 → v1.2.1](https://github.com/yuin/goldmark/compare/v1.1.27...v1.2.1) -- golang.org/x/sync: cd5d95a → 67f06af -- golang.org/x/tools: c1934b7 → 113979e -- sigs.k8s.io/structured-merge-diff/v4: v4.0.1 → v4.0.3 -- github.com/google/cadvisor: [v0.37.0 → v0.38.8](https://github.com/google/cadvisor/compare/v0.37.0...v0.38.8) -- cloud.google.com/go/bigquery: v1.0.1 → v1.4.0 -- cloud.google.com/go/datastore: v1.0.0 → v1.1.0 -- cloud.google.com/go/pubsub: v1.0.1 → v1.2.0 -- cloud.google.com/go/storage: v1.0.0 → v1.6.0 -- cloud.google.com/go: v0.51.0 → v0.54.0 -- github.com/Azure/go-autorest/autorest/adal: [v0.8.2 → v0.9.5](https://github.com/Azure/go-autorest/compare/autorest/adal/v0.8.2...autorest/adal/v0.9.5) -- github.com/Azure/go-autorest/autorest/date: [v0.2.0 → v0.3.0](https://github.com/Azure/go-autorest/compare/autorest/date/v0.2.0...autorest/date/v0.3.0) -- github.com/Azure/go-autorest/autorest/mocks: [v0.3.0 → v0.4.1](https://github.com/Azure/go-autorest/compare/autorest/mocks/v0.3.0...autorest/mocks/v0.4.1) -- github.com/Azure/go-autorest/autorest: [v0.9.6 → v0.11.1](https://github.com/Azure/go-autorest/compare/autorest/v0.9.6...autorest/v0.11.1) -- github.com/Azure/go-autorest/logger: [v0.1.0 → v0.2.0](https://github.com/Azure/go-autorest/compare/logger/v0.1.0...logger/v0.2.0) -- github.com/Azure/go-autorest/tracing: [v0.5.0 → v0.6.0](https://github.com/Azure/go-autorest/compare/tracing/v0.5.0...tracing/v0.6.0) -- github.com/Microsoft/go-winio: [fc70bd9 → v0.4.15](https://github.com/Microsoft/go-winio/compare/fc70bd9...v0.4.15) -- github.com/aws/aws-sdk-go: [v1.28.2 → v1.35.24](https://github.com/aws/aws-sdk-go/compare/v1.28.2...v1.35.24) -- github.com/blang/semver: [v3.5.0+incompatible → v3.5.1+incompatible](https://github.com/blang/semver/compare/v3.5.0...v3.5.1) -- github.com/checkpoint-restore/go-criu/v4: [v4.0.2 → v4.1.0](https://github.com/checkpoint-restore/go-criu/compare/v4.0.2...v4.1.0) -- github.com/containerd/containerd: [v1.3.3 → v1.4.1](https://github.com/containerd/containerd/compare/v1.3.3...v1.4.1) -- github.com/containerd/ttrpc: [v1.0.0 → v1.0.2](https://github.com/containerd/ttrpc/compare/v1.0.0...v1.0.2) -- github.com/containerd/typeurl: [v1.0.0 → v1.0.1](https://github.com/containerd/typeurl/compare/v1.0.0...v1.0.1) -- github.com/coreos/etcd: [v3.3.10+incompatible → v3.3.13+incompatible](https://github.com/coreos/etcd/compare/v3.3.10...v3.3.13) -- github.com/docker/docker: [aa6a989 → bd33bbf](https://github.com/docker/docker/compare/aa6a989...bd33bbf) -- github.com/go-gl/glfw/v3.3/glfw: [12ad95a → 6f7a984](https://github.com/go-gl/glfw/v3.3/glfw/compare/12ad95a...6f7a984) -- github.com/golang/groupcache: [215e871 → 8c9f03a](https://github.com/golang/groupcache/compare/215e871...8c9f03a) -- github.com/golang/mock: [v1.3.1 → v1.4.1](https://github.com/golang/mock/compare/v1.3.1...v1.4.1) -- github.com/golang/protobuf: [v1.4.2 → v1.4.3](https://github.com/golang/protobuf/compare/v1.4.2...v1.4.3) -- github.com/google/go-cmp: [v0.4.0 → v0.5.2](https://github.com/google/go-cmp/compare/v0.4.0...v0.5.2) -- github.com/google/pprof: [d4f498a → 1ebb73c](https://github.com/google/pprof/compare/d4f498a...1ebb73c) -- github.com/google/uuid: [v1.1.1 → v1.1.2](https://github.com/google/uuid/compare/v1.1.1...v1.1.2) -- github.com/gorilla/mux: [v1.7.3 → v1.8.0](https://github.com/gorilla/mux/compare/v1.7.3...v1.8.0) -- github.com/gorilla/websocket: [v1.4.0 → v1.4.2](https://github.com/gorilla/websocket/compare/v1.4.0...v1.4.2) -- github.com/jmespath/go-jmespath: [c2b33e8 → v0.4.0](https://github.com/jmespath/go-jmespath/compare/c2b33e8...v0.4.0) -- github.com/karrick/godirwalk: [v1.7.5 → v1.16.1](https://github.com/karrick/godirwalk/compare/v1.7.5...v1.16.1) -- github.com/opencontainers/go-digest: [v1.0.0-rc1 → v1.0.0](https://github.com/opencontainers/go-digest/compare/v1.0.0-rc1...v1.0.0) -- github.com/opencontainers/runc: [819fcc6 → v1.0.0-rc92](https://github.com/opencontainers/runc/compare/819fcc6...v1.0.0-rc92) -- github.com/opencontainers/runtime-spec: [237cc4f → 4d89ac9](https://github.com/opencontainers/runtime-spec/compare/237cc4f...4d89ac9) -- github.com/opencontainers/selinux: [v1.5.2 → v1.6.0](https://github.com/opencontainers/selinux/compare/v1.5.2...v1.6.0) -- github.com/prometheus/procfs: [v0.1.3 → v0.2.0](https://github.com/prometheus/procfs/compare/v0.1.3...v0.2.0) -- github.com/quobyte/api: [v0.1.2 → v0.1.8](https://github.com/quobyte/api/compare/v0.1.2...v0.1.8) -- github.com/spf13/cobra: [v1.0.0 → v1.1.1](https://github.com/spf13/cobra/compare/v1.0.0...v1.1.1) -- github.com/spf13/viper: [v1.4.0 → v1.7.0](https://github.com/spf13/viper/compare/v1.4.0...v1.7.0) -- github.com/storageos/go-api: [343b3ef → v2.2.0+incompatible](https://github.com/storageos/go-api/compare/343b3ef...v2.2.0) -- github.com/stretchr/testify: [v1.4.0 → v1.6.1](https://github.com/stretchr/testify/compare/v1.4.0...v1.6.1) -- github.com/vishvananda/netns: [52d707b → db3c7e5](https://github.com/vishvananda/netns/compare/52d707b...db3c7e5) -- go.etcd.io/etcd: 17cef6e → dd1b699 -- go.opencensus.io: v0.22.2 → v0.22.3 -- golang.org/x/crypto: 75b2880 → 7f63de1 -- golang.org/x/exp: da58074 → 6cc2880 -- golang.org/x/lint: fdd1cda → 738671d -- golang.org/x/net: ab34263 → 69a7880 -- golang.org/x/oauth2: 858c2ad → bf48bf1 -- golang.org/x/sys: ed371f2 → 5cba982 -- golang.org/x/text: v0.3.3 → v0.3.4 -- golang.org/x/time: 555d28b → 3af7569 -- golang.org/x/xerrors: 9bdfabe → 5ec99f8 -- google.golang.org/api: v0.15.1 → v0.20.0 -- google.golang.org/genproto: cb27e3a → 8816d57 -- google.golang.org/grpc: v1.27.0 → v1.27.1 -- google.golang.org/protobuf: v1.24.0 → v1.25.0 -- honnef.co/go/tools: v0.0.1-2019.2.3 → v0.0.1-2020.1.3 -- k8s.io/gengo: 8167cfd → 83324d8 -- k8s.io/klog/v2: v2.2.0 → v2.4.0 -- k8s.io/kube-openapi: 6aeccd4 → d219536 -- k8s.io/system-validators: v1.1.2 → v1.2.0 -- k8s.io/utils: d5654de → 67b214c - -##### Removed -- github.com/armon/consul-api: [eb2c6b5](https://github.com/armon/consul-api/tree/eb2c6b5) -- github.com/go-ini/ini: [v1.9.0](https://github.com/go-ini/ini/tree/v1.9.0) -- github.com/ugorji/go: [v1.1.4](https://github.com/ugorji/go/tree/v1.1.4) -- github.com/xlab/handysort: [fb3537e](https://github.com/xlab/handysort/tree/fb3537e) -- github.com/xordataexchange/crypt: [b2862e3](https://github.com/xordataexchange/crypt/tree/b2862e3) -- vbom.ml/util: db5cfe1 - - -### aws-ebs-csi-driver [2.1.0](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.1.0) - -#### Changed - -- Update aws-ebs-csi-driver to v1.1.0. - - - -### aws-cni [1.8.0](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.8.0) - -Changes since v1.7.10: - -* Bug - Use symmetric return path for non-VPC traffic - alternate solution (#1475, @kishorj) -* Bug - Gracefully handle failed ENI SG update (#1341, @jayanthvn) -* Bug - Fix CNI crashing when there is no available IP addresses (#1499, @M00nF1sh) -* Bug - Use primary ENI SGs if SG is null for Custom networking (#1259, @jayanthvn) -* Bug - Don't cache dynamic VPC IPv4 CIDR info (#1113, @anguslees) -* Improvement - Address Excessive API Server calls from CNI Pods (#1419, @achevuru) -* Improvement - refine ENI tagging logic (#1482, @M00nF1sh) -* Improvement - Change tryAssignIPs to assign up to configured WARM_IP_TARGET (#1279, @jacksontj) -* Improvement - Use regional STS endpoint (#1332, @nithu0115) -* Improvement - Update containernetworking dependencies (#1200, @mogren) -* Improvement - Split Calico manifest into two (#1410, @caseydavenport) -* Improvement - Update Calico manifest to support ARM & AMD (#1282, @jayanthvn) -* Improvement - Auto gen of AWS CNI, metrics helper and calico artifacts through helm (#1271, @jayanthvn) -* Improvement - Refactor EC2 Metadata IMDS code (#1225, @anguslees) -* Improvement - Unnecessary logging for each CNI invocation (#1469, @jayanthvn) -* Improvement - New instance types (#1463, @jayanthvn) -* Improvement - Use 'exec' ENTRYPOINTs (#1432, @anguslees) -* Improvement - Fix logging texts for ENI cleanup (#1209, @mogren) -* Improvement - Remove Duplicated vlan IPTable rules (#1208, @mogren) -* Improvement - Minor code cleanup (#1198, @mogren) -* HelmChart - Adding flags to support overriding container runtime endpoint. (#1443, @haouc) -* HelmChart - Add podLabels to amazon-vpc-cni chart (#1440, @haouc) -* HelmChart - Add workflow to sync aws-vpc-cni helm chart to eks-charts (#1430, @fawadkhaliq) -* Testing - Remove validation of VPC CIDRs from ip rules (#1476, @kishorj) -* Testing - Updated agent version (#1474, @cgchinmay) -* Testing - Fix for CI failure (#1470, @achevuru) -* Testing - Binary for mtu and veth prefix check (#1458, @cgchinmay) -* Testing - add test to verify cni-metrics-helper puts metrics to CW (#1461, @abhipth) -* Testing - add e2e test for security group for pods (#1459, @abhipth) -* Testing - Added Test cases for EnvVars check on CNI daemonset (#1431, @cgchinmay) -* Testing - add test to verify host networking setup & cleanup (#1457, @abhipth) -* Testing - Runners failing because of docker permissions (#1456, @jayanthvn) -* Testing - decouple test helper input struct from netlink library (#1455, @abhipth) -* Testing - add custom networking e2e test suite (#1445, @abhipth) -* Testing - add integration test for ipamd env variables (#1453, @abhipth) -* Testing - add agent for testing pod networking (#1448, @abhipth) -* Testing - fix format of commited code to fix unit test step (#1449, @abhipth) -* Testing - Unblocks Github Action Integration Tests (#1435, @couralex6) -* Testing - add warm ENI/IP target integration tests (#1438, @abhipth) -* Testing - add service connectivity test (#1436, @abhipth) -* Testing - add network connectivity test (#1424, @abhipth) -* Testing - add ginkgo automation framework (#1416, @abhipth) -* Testing - Add some test coverage to allocating ENIs (#1234, @mogren) -* Testing - Add some minimal tests to metrics (#1228, @mogren) - -Changes since v1.7.9: - -* Improvement - Multi card support - Prevent route override for primary ENI across multi-cards ENAs (#1396 , [@jayanthvn](https://github.com/Jayanthvn)) - -Changes since v1.7.8: -* Improvement - Adds http timeout to aws sessions (#1370 by couralex6) -* Improvement - Switch calico to be deployed with the Tigera operator (#1297 by tmjd) -* Improvement - Update calico to v3.17.1 (#1328 by lwr20) -* Improvement - update plugins to v0.9.0 (#1362 by fr0stbyte) -* Improvement - update github.com/containernetworking/plugins to v0.9.0 (#1350 by fr0stbyte) -* Bug - Fix regex match for getting primary interface (#1311 by Jayanthvn) -* Bug - Output to stderr when no log file path is passed (#1275 by couralex6) -* Bug - Fix deletion of hostVeth rule for pods using security group (#1376 by SaranBalaji90) - - - -### cluster-autoscaler [1.20.3](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.20.3) - -#### Changed -- Allow users to set container resources; -- Update cluster-autoscaler to version `1.20.0`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.1.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.1.0.md deleted file mode 100644 index 579d6007b5..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.1.0.md +++ /dev/null @@ -1,199 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v15.1.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v15.1.0 - version: 15.1.0 - version_tag: v15.1.0 -date: '2021-08-03T10:00:00' -description: Release notes for AWS workload cluster release v15.1.0, published on - 03 August 2021, 10:00. -title: Workload cluster release v15.1.0 for AWS ---- - -This release provides stability improvements and bug fixes for various components. - -**Highlights** -- Kubernetes 1.20.9; -- Kiam 4.1 - -## Change details - - -### kubernetes [1.20.9](https://github.com/kubernetes/kubernetes/releases/tag/v1.20.9) - -#### Feature -- Kubernetes 1.20.x is now built using Go 1.15.14 ([#103677](https://github.com/kubernetes/kubernetes/pull/103677), [@puerco](https://github.com/puerco)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Updates the following images to pick up CVE fixes: - - `debian` to v1.8.0 - - `debian-iptables` to v1.6.5 - - `setcap` to v2.0.3 ([#103235](https://github.com/kubernetes/kubernetes/pull/103235), [@thejoycekung](https://github.com/thejoycekung)) [SIG API Machinery, Release and Testing] -#### Bug or Regression -- Fix scoring for NodeResourcesMostAllocated and NodeResourcesBalancedAllocation plugins when nodes have containers with no requests. This was leaving to under-utilization of small nodes. ([#102925](https://github.com/kubernetes/kubernetes/pull/102925), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling] -- Switch scheduler to generate the merge patch on pod status instead of the full pod ([#103133](https://github.com/kubernetes/kubernetes/pull/103133), [@marwanad](https://github.com/marwanad)) [SIG Scheduling] -- VSphere: Fix regression during attach disk if datastore is within a storage folder or datastore cluster. ([#102999](https://github.com/kubernetes/kubernetes/pull/102999), [@gnufied](https://github.com/gnufied)) [SIG Cloud Provider] -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -- sigs.k8s.io/structured-merge-diff/v4: v4.0.3 → v4.1.2 -#### Removed -_Nothing has changed._ - - - -### etcd [3.4.16](https://github.com/etcd-io/etcd/releases/tag/v3.4.16) - -#### etcd server -- Log [successful etcd server-side health check in debug level](https://github.com/etcd-io/etcd/pull/12677). -- Fix [64 KB websocket notification message limit](https://github.com/etcd-io/etcd/pull/12402). -- Add [`--experimental-warning-apply-duration`](https://github.com/etcd-io/etcd/pull/12448) flag which allows apply duration threshold to be configurable. -- Fix [`--unsafe-no-fsync`](https://github.com/etcd-io/etcd/pull/12751) to still write-out data avoiding corruption (most of the time). -- Reduce [around 30% memory allocation by logging range response size without marshal](https://github.com/etcd-io/etcd/pull/12871). -- Add [exclude alarms from health check conditionally](https://github.com/etcd-io/etcd/pull/12880). - -#### Package `fileutil` -- Fix [`F_OFD_` constants](https://github.com/etcd-io/etcd/pull/12444). - -#### Metrics -- Fix [incorrect metrics generated when clients cancel watches](https://github.com/etcd-io/etcd/pull/12803) back-ported from (https://github.com/etcd-io/etcd/pull/12196). - -#### Dependency -- Bump up [`gorilla/websocket` to v1.4.2](https://github.com/etcd-io/etcd/pull/12645). - -#### Go -- Compile with [*Go 1.12.17*](https://golang.org/doc/devel/release.html#go1.12). - - - -### calico [3.15.5](https://github.com/projectcalico/calico/releases/tag/v3.15.5) - -#### Bug fixes - - Fix that calico/node would fail to set NetworkUnavailable to false for etcd clusters with mismatched nodenames [node #949](https://github.com/projectcalico/node/pull/949) (@caseydavenport) - - Fixes a bug where IPv6 networks were not handled properly by the failsafe rules [felix #2748](https://github.com/projectcalico/felix/pull/2748) (@mgleung) - - Fix that, after a netlink read failure, Felix would tight loop reading from a closed channel. Restart the event poll in that case. [felix #2713](https://github.com/projectcalico/felix/pull/2713) (@fasaxc) -#### Other changes - - FailsafeInboundHostPorts & FailsafeOutboundHostPorts now support restricting to specific cidrs. New format :: [felix #2721](https://github.com/projectcalico/felix/pull/2721) (@mgleung) - - - -### app-operator [5.1.0](https://github.com/giantswarm/app-operator/releases/tag/v5.1.0) - -#### Changed -- Create `AppCatalogEntry` CRs into the same namespace of Catalog CR. -- Include `chart.keywords`, `chart.description` and `chart.upstreamChartVersion` in `AppCatalogEntry` CRs. -- Create `AppCatalog` CRs from `Catalog` CRs for compatibility with existing app-operator releases. -- Prepare helm values to configuration management. -- Use `Catalog` CRs in `App` controller. -- Reconcile to `Catalog` CRs instead of `AppCatalog`. -- Get `Chart` CRD from the GitHub resources. -- Get metadata constants from k8smetadata library not apiextensions. - -#### Fixed -- For the chart CR watcher get the kubeconfig secret from the chart-operator app CR to avoid hardcoding it. -- Quote namespace in helm templates to handle numeric workload cluster IDs. - - - -### aws-ebs-csi-driver [2.2.0](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.2.0) - -#### Added -- CRD for snapshot-controller. - -### Changed -- Update aws-ebs-csi-driver to v1.1.1. -- Reduce default log level to 2. -- Default volume resizing. - - - -### kiam [2.0.0](https://github.com/giantswarm/kiam-app/releases/tag/v2.0.0) - -#### Changed -- Upgrade `kiam` version to 4.1. -- Update RBAC API version from `v1beta1` to `v1`. -- Add `kind: Issuer` and `group: cert-manager.io` to `Certificate` templates. - - - -### cert-manager [2.8.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.8.0) - -#### Changed -- Label deployments with `giantswarm.io/monitoring_basic_sli: "true"`. ([#171](https://github.com/giantswarm/cert-manager-app/pull/171)) -- Migrate values file structure to match `config` repo. ([#172](https://github.com/giantswarm/cert-manager-app/pull/172)) - - - -### coredns [1.6.0](https://github.com/giantswarm/coredns-app/releases/tag/v1.6.0) - -#### Changed -- Make `targetCPUUtilizationPercentage` in HPA configurable. -- Update `coredns` to upstream version [1.8.3](https://coredns.io/2021/02/24/coredns-1.8.3-release/). -- Increase maximum replica count to 50 when using horizontal pod autoscaling. - - - -### kube-state-metrics [1.3.1](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.3.1) - -#### Changed -- Set docker.io as the default registry - - - -### metrics-server [1.3.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v1.3.0) - -#### Added -- Added new configuration value `extraArgs`. - - - -### net-exporter [1.10.2](https://github.com/giantswarm/net-exporter/releases/tag/v1.10.2) - -#### Changed -- Allow to customize dns service. -- Only check pod existence on dial errors. Check pod deletion directly by IP instead of listing pods and searching. - - - -### external-dns [2.4.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.4.0) - -#### Changed -- Upgrade upstream external-dns from v0.7.6 to [v0.8.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.8.0). -- Allow to configure the minimum interval between two consecutive synchronizations triggered from kubernetes events through `externalDNS.minEventSyncInterval`. - - - -### cert-exporter [1.7.1](https://github.com/giantswarm/cert-exporter/releases/tag/v1.7.1) - -#### Fixed -- Fix configuration version in `Chart.yaml`. - - - -### chart-operator [2.18.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.18.0) - -#### Added -- Add releasemaxhistory resource which ensures we retry at a reduced rate when there are repeated failed upgrades. -- Proxy support in helm template. - -#### Changed -- Upgrade Helm release when failed even if version or values have not changed to handle situations like failed webhooks where we should retry. -- Prepare helm values to configuration management. -- Update architect-orb to v3.0.0. -- [CAPI] Add tolerations to start on `NotReady` nodes for installing CNI. -- [CAPI] Create `giantswarm-critical` priority class. -- [CAPI] Use host network to allow installing CNI packaged as an app. - -#### Fixed -- Improve status message when helm release has failed max number of attempts. - - - -### cluster-operator [3.9.0](https://github.com/giantswarm/cluster-operator/releases/tag/v3.9.0) - -#### Changed -Use app-operator-konfigure configmap for the app-operator per workload cluster. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.1.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.1.1.md deleted file mode 100644 index d69400af2c..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.1.1.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v15.1.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v15.1.1 - version: 15.1.1 - version_tag: v15.1.1 -date: '2021-08-20T10:09:07' -description: Release notes for AWS workload cluster release v15.1.1, published on - 20 August 2021, 10:09. -title: Workload cluster release v15.1.1 for AWS ---- - -This release provides a bug fix for `ebs-csi-driver` to enable it to resize EBS volumes. - -## Change details - -### aws-ebs-csi-driver [2.2.1](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.2.1) - -#### Fixed -- Enable permissions for ebs volume resizing by default. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.2.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.2.0.md deleted file mode 100644 index ef8455045d..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.2.0.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v15.2.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v15.2.0 - version: 15.2.0 - version_tag: v15.2.0 -date: '2021-08-23T10:00:00' -description: Release notes for AWS workload cluster release v15.2.0, published on - 23 August 2021, 10:00. -title: Workload cluster release v15.2.0 for AWS ---- - -This release adds support to `aws-operator` to comply with the following additional AWS S3 policies: -* `s3-bucket-public-read-prohibited` -* `s3-bucket-ssl-requests-only` -* `s3-bucket-public-write-prohibited` -* `s3-bucket-server-side-encryption-enabled` -* `s3-bucket-logging-enabled`. - -## Change details - - -### aws-operator [10.7.1](https://github.com/giantswarm/aws-operator/releases/tag/v10.7.1) - -### Added - -- Add security settings to S3 bucket to comply with aws policies `s3-bucket-public-read-prohibited,s3-bucket-ssl-requests-only,s3-bucket-public-write-prohibited,s3-bucket-server-side-encryption-enabled,s3-bucket-logging-enabled`, `aws-operator` will need additonal permissions `s3:PutBucketPublicAccessBlock` and `s3:PutBucketPolicy`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.2.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.2.1.md deleted file mode 100644 index 55ab06b1c4..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.2.1.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v15.2.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v15.2.1 - version: 15.2.1 - version_tag: v15.2.1 -date: '2021-08-26T10:00:00' -description: Release notes for AWS workload cluster release v15.2.1, published on - 26 August 2021, 10:00. -title: Workload cluster release v15.2.1 for AWS ---- - -This release provides a bug fix for `ebs-csi-driver` to enable it to resize EBS volumes. - -## Change details - -### aws-ebs-csi-driver [2.2.1](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.2.1) - -#### Fixed -- Enable permissions for ebs volume resizing by default. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.2.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.2.2.md deleted file mode 100644 index 4c36171b82..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v15.2.2.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v15.2.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v15.2.2 - version: 15.2.2 - version_tag: v15.2.2 -date: '2021-10-01T11:49:41' -description: Release notes for AWS workload cluster release v15.2.2, published on - 01 October 2021, 11:49. -title: Workload cluster release v15.2.2 for AWS ---- - -This release provides a security fix for [CVE-2021-25741](https://nvd.nist.gov/vuln/detail/CVE-2021-25741). - -## Change details - - -### kubernetes [1.20.11](https://github.com/kubernetes/kubernetes/releases/tag/v1.20.11) - -#### Bug or Regression -- Kube-proxy: delete stale conntrack UDP entries for loadbalancer ingress IP. ([#104152](https://github.com/kubernetes/kubernetes/pull/104152), [@aojea](https://github.com/aojea)) [SIG Network] -- Metrics changes: Fix exposed buckets of `scheduler_volume_scheduling_duration_seconds_bucket` metric ([#100720](https://github.com/kubernetes/kubernetes/pull/100720), [@dntosas](https://github.com/dntosas)) [SIG Apps, Instrumentation, Scheduling and Storage] -- Pass additional flags to subpath mount to avoid flakes in certain conditions ([#104348](https://github.com/kubernetes/kubernetes/pull/104348), [@mauriciopoppe](https://github.com/mauriciopoppe)) [SIG Storage] -- When using `kubectl replace` (or the equivalent API call) on a Service, the caller no longer needs to do a read-modify-write cycle to fetch the allocated values for `.spec.clusterIP` and `.spec.ports[].nodePort`. Instead the API server will automatically carry these forward from the original object when the new object does not specify them. ([#104674](https://github.com/kubernetes/kubernetes/pull/104674), [@thockin](https://github.com/thockin)) [SIG Network] -#### Other (Cleanup or Flake) -- Kube-apiserver: sets an upper-bound on the lifetime of idle keep-alive connections and time to read the headers of incoming requests ([#103958](https://github.com/kubernetes/kubernetes/pull/103958), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Node] -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -_Nothing has changed._ -#### Removed -_Nothing has changed._ diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.0.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.0.0.md deleted file mode 100644 index 1048449c5a..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.0.0.md +++ /dev/null @@ -1,705 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.0.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.0.0 - version: 16.0.0 - version_tag: v16.0.0 -date: '2021-10-04T10:00:00' -description: Release notes for AWS workload cluster release v16.0.0, published on - 04 October 2021, 10:00. -title: Workload cluster release v16.0.0 for AWS ---- - -This release provides support for Kubernetes 1.21. - -**Highlights** -- Kubernetes 1.21 support; -- New clusters must be created in the organization's namespaces. Clusters which don't respect this rule will be rejected; -- Tags on custom resources are propagated to S3 buckets and AWS CNI ENIs; -- `aws-operator` and `cluster-operator` have support for Cluster API `v1alpha3` resources; -- Security fixes: - * 7 Linux CVEs; - * 2 Systemd CVEs; - * 2 openssl CVEs; - * 1 Kubernetes CVE; - * 1 Go CVE. - -> **_Warning:_** Starting with this release new clusters have to be created in the organization's namespace. Any new cluster defined in a different namespace is going to be rejected. Automation that creates Cluster CRs directly needs to be updated to define these clusters in the organization's namespace. Existing clusters are not impacted by this change and will be migrated later. - -## Change details - - -### aws-operator [10.9.1](https://github.com/giantswarm/aws-operator/releases/tag/v10.9.1) - -#### Added -- Add cloud tags propagation to S3 buckets. -- Add provider tags to the AWS CNI ENIs. -- Add configuration for `systemd-networkd` to ignore network interfaces used for AWS CNI. -- Add changes to run properly on Flatcar 2905 and newer. - -#### Changed -- Update `aws-attach-etcd-dep` image version to `0.2.0` to include bugfixes. -- Upgrade `k8scloudconfig` which is required for k8s 1.21. -- Introducing `v1alpha3` CR's. -- Update Flatcar AMI's to the latest stable releases. - - - -### containerlinux [2905.2.3](https://www.flatcar-linux.org/releases/#release-2905.2.3) - -**Security fixes** - -* Linux - - [CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653) - - [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656) - - [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166) - - [CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556) - - [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477) - - [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205) - - [CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576) -* openssl - - [CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711) - - [CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712) -* Go - - [CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221) -* Systemd - - [CVE-2020-13529](https://nvd.nist.gov/vuln/detail/CVE-2020-13529) - - [CVE-2021-33910](https://nvd.nist.gov/vuln/detail/CVE-2021-33910) - - -**Bug Fixes** - -* Re-enabled kernel config FS_ENCRYPTION ([coreos-overlay#1212](https://github.com/kinvolk/coreos-overlay/pull/1212/)) -* Fixed Perl in dev-container ([coreos-overlay#1238](https://github.com/kinvolk/coreos-overlay/pull/1238)) -* Fixed pam.d sssd LDAP auth with sudo ([coreos-overlay#1170](https://github.com/kinvolk/coreos-overlay/pull/1170)) -* Let network-cleanup.service finish before entering rootfs ([coreos-overlay#1182](https://github.com/kinvolk/coreos-overlay/pull/1182)) -* Set the cilium_vxlan interface to be not managed by networkd’s default setup with DHCP as it’s managed by Cilium. ([init#43](https://github.com/kinvolk/init/pull/43)) -* Disabled SELinux by default on dockerd wrapper script ([coreos-overlay#1149](https://github.com/kinvolk/coreos-overlay/pull/1149)) -* GCE: Granted CAP_NET_ADMIN to set routes for the TCP LB when starting oem-gce.service ([coreos-overlay#1146](https://github.com/kinvolk/coreos-overlay/pull/1146)) - - - -**Changes** - -* Switched to zstd for the initramfs ([coreos-overlay#1136](https://github.com/kinvolk/coreos-overlay/pull/1136)) -* Embedded new subkey in flatcar-install ([coreos-overlay#1180](https://github.com/kinvolk/coreos-overlay/pull/1180)) - - - -**Updates** - -* Linux ([5.10.61](https://lwn.net/Articles/867497/)) -* openssl ([1.1.1l](https://mta.openssl.org/pipermail/openssl-announce/2021-August/000206.html)) -* Systemd ([247.9](https://github.com/systemd/systemd-stable/releases/tag/v247.9)) -* Go ([1.16.7](https://golang.org/doc/devel/release#go1.16.minor)) -* portage-utils ([0.90](https://github.com/gentoo/portage-utils/releases/tag/v0.90)) - - - -### kubernetes [1.21.5](https://github.com/kubernetes/kubernetes/releases/tag/v1.21.5) - -#### What's New (Major Themes) - -##### Deprecation of PodSecurityPolicy - -PSP as an admission controller resource is being deprecated. Deployed PodSecurityPolicy's will keep working until version 1.25, their target removal from the codebase. A new feature, with a working title of "PSP replacement policy", is being developed in [KEP-2579](https://features.k8s.io/2579). To learn more, read [PodSecurityPolicy Deprecation: Past, Present, and Future](https://blog.k8s.io/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/). - -##### Kubernetes API Reference Documentation - -The API reference is now generated with [`gen-resourcesdocs`](https://github.com/kubernetes-sigs/reference-docs/tree/c96658d89fb21037b7d00d27e6dbbe6b32375837/gen-resourcesdocs) and it is moving to [Kubernetes API](https://docs.k8s.io/reference/kubernetes-api/) - -##### Kustomize Updates in Kubectl - -[Kustomize](https://github.com/kubernetes-sigs/kustomize) version in kubectl had a jump from v2.0.3 to [v4.0.5](https://github.com/kubernetes/kubernetes/pull/98946). Kustomize is now treated as a library and future updates will be less sporadic. - -##### Default Container Annotation - -Pod with multiple containers can use `kubectl.kubernetes.io/default-container` annotation to have a container preselected for kubectl commands. More can be read in [KEP-2227](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/2227-kubectl-default-container/README.md). - -##### Immutable Secrets and ConfigMaps - -Immutable Secrets and ConfigMaps graduates to GA. This feature allows users to specify that the contents of a particular Secret or ConfigMap is immutable for its object lifetime. For such instances, Kubelet will not watch/poll for changes and therefore reducing apiserver load. - -##### Structured Logging in Kubelet - -Kubelet has adopted structured logging, thanks to community effort in accomplishing this within the release timeline. Structured logging in the project remains an ongoing effort -- for folks interested in participating, [keep an eye / chime in to the mailing list discussion](https://groups.google.com/g/kubernetes-dev/c/y4WIw-ntUR8). - -##### Storage Capacity Tracking - -Traditionally, the Kubernetes scheduler was based on the assumptions that additional persistent storage is available everywhere in the cluster and has infinite capacity. Topology constraints addressed the first point, but up to now pod scheduling was still done without considering that the remaining storage capacity may not be enough to start a new pod. [Storage capacity tracking](https://docs.k8s.io/concepts/storage/storage-capacity/) addresses that by adding an API for a CSI driver to report storage capacity and uses that information in the Kubernetes scheduler when choosing a node for a pod. This feature serves as a stepping stone for supporting dynamic provisioning for local volumes and other volume types that are more capacity constrained. - -##### Generic Ephemeral Volumes - -[Generic ephermeral volumes](https://docs.k8s.io/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes) feature allows any existing storage driver that supports dynamic provisioning to be used as an ephemeral volume with the volume’s lifecycle bound to the Pod. It can be used to provide scratch storage that is different from the root disk, for example persistent memory, or a separate local disk on that node. All StorageClass parameters for volume provisioning are supported. All features supported with PersistentVolumeClaims are supported, such as storage capacity tracking, snapshots and restore, and volume resizing. - -##### CSI Service Account Token - -CSI Service Account Token feature moves to Beta in 1.21. This feature improves the security posture and allows CSI drivers to receive pods' [bound service account tokens](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md). This feature also provides a knob to re-publish volumes so that short-lived volumes can be refreshed. - -##### CSI Health Monitoring - -The CSI health monitoring feature is being released as a second Alpha in Kubernetes 1.21. This feature enables CSI Drivers to share abnormal volume conditions from the underlying storage systems with Kubernetes so that they can be reported as events on PVCs or Pods. This feature serves as a stepping stone towards programmatic detection and resolution of individual volume health issues by Kubernetes. - -#### Important Security Information - -This release contains changes that address the following vulnerabilities: - -##### CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access - -A security issue was discovered in Kubernetes where a user may be able to -create a container with subpath volume mounts to access files & -directories outside of the volume, including on the host filesystem. - -#### API Change - -- "Auto" is now a valid value for the `service.kubernetes.io/topology-aware-hints` annotation. ([#100728](https://github.com/kubernetes/kubernetes/pull/100728), [@robscott](https://github.com/robscott)) [SIG Apps, Instrumentation and Network] -- We have added a new Priority & Fairness rule that exempts all probes (/readyz, /healthz, /livez) to prevent - restarting of "healthy" kube-apiserver instance(s) by kubelet. ([#101111](https://github.com/kubernetes/kubernetes/pull/101111), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] - -#### Known Issues - -##### `TopologyAwareHints` feature falls back to default behavior - -The feature gate currently falls back to the default behavior in most cases. Enabling the feature gate will add hints to `EndpointSlices`, but functional differences are only observed in non-dual stack kube-proxy implementation. This is fixed by [#101054](https://github.com/kubernetes/kubernetes/pull/101054). - -#### Urgent Upgrade Notes - -##### (No, really, you MUST read this before you upgrade) - -- Kube-proxy's IPVS proxy mode no longer sets the net.ipv4.conf.all.route_localnet sysctl parameter. Nodes upgrading will have net.ipv4.conf.all.route_localnet set to 1 but new nodes will inherit the system default (usually 0). If you relied on any behavior requiring net.ipv4.conf.all.route_localnet, you must set ensure it is enabled as kube-proxy will no longer set it automatically. This change helps to further mitigate CVE-2020-8558. ([#92938](https://github.com/kubernetes/kubernetes/pull/92938), [@lbernail](https://github.com/lbernail)) [SIG Network and Release] - - Kubeadm: during "init" an empty cgroupDriver value in the KubeletConfiguration is now always set to "systemd" unless the user is explicit about it. This requires existing machine setups to configure the container runtime to use the "systemd" driver. Documentation on this topic can be found here: https://kubernetes.io/docs/setup/production-environment/container-runtimes/. When upgrading existing clusters / nodes using "kubeadm upgrade" the old cgroupDriver value is preserved, but in 1.22 this change will also apply to "upgrade". For more information on migrating to the "systemd" driver or remaining on the "cgroupfs" driver see: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/. ([#99471](https://github.com/kubernetes/kubernetes/pull/99471), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] - - Newly provisioned PVs by EBS plugin will no longer use the deprecated "failure-domain.beta.kubernetes.io/zone" and "failure-domain.beta.kubernetes.io/region" labels. It will use "topology.kubernetes.io/zone" and "topology.kubernetes.io/region" labels instead. ([#99130](https://github.com/kubernetes/kubernetes/pull/99130), [@ayberk](https://github.com/ayberk)) [SIG Cloud Provider, Storage and Testing] - - Newly provisioned PVs by OpenStack Cinder plugin will no longer use the deprecated "failure-domain.beta.kubernetes.io/zone" and "failure-domain.beta.kubernetes.io/region" labels. It will use "topology.kubernetes.io/zone" and "topology.kubernetes.io/region" labels instead. ([#99719](https://github.com/kubernetes/kubernetes/pull/99719), [@jsafrane](https://github.com/jsafrane)) [SIG Cloud Provider and Storage] - - Newly provisioned PVs by gce-pd will no longer have the beta FailureDomain label. gce-pd volume plugin will start to have GA topology label instead. ([#98700](https://github.com/kubernetes/kubernetes/pull/98700), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Cloud Provider, Storage and Testing] - - OpenStack Cinder CSI migration is on by default, Clinder CSI driver must be installed on clusters on OpenStack for Cinder volumes to work. ([#98538](https://github.com/kubernetes/kubernetes/pull/98538), [@dims](https://github.com/dims)) [SIG Storage] - - Remove alpha `CSIMigrationXXComplete` flag and add alpha `InTreePluginXXUnregister` flag. Deprecate `CSIMigrationvSphereComplete` flag and it will be removed in v1.22. ([#98243](https://github.com/kubernetes/kubernetes/pull/98243), [@Jiawei0227](https://github.com/Jiawei0227)) - - Remove storage metrics `storage_operation_errors_total`, since we already have `storage_operation_status_count`.And add new field `status` for `storage_operation_duration_seconds`, so that we can know about all status storage operation latency. ([#98332](https://github.com/kubernetes/kubernetes/pull/98332), [@JornShen](https://github.com/JornShen)) [SIG Instrumentation and Storage] - - The metric `storage_operation_errors_total` is not removed, but is marked deprecated, and the metric `storage_operation_status_count` is marked deprecated. In both cases the `storage_operation_duration_seconds` metric can be used to recover equivalent counts (using `status=fail-unknown` in the case of `storage_operations_errors_total`). ([#99045](https://github.com/kubernetes/kubernetes/pull/99045), [@mattcary](https://github.com/mattcary)) - - `ServiceNodeExclusion`, `NodeDisruptionExclusion` and `LegacyNodeRoleBehavior` features have been promoted to GA. `ServiceNodeExclusion` and `NodeDisruptionExclusion` are now unconditionally enabled, while `LegacyNodeRoleBehavior` is unconditionally disabled. To prevent control plane nodes from being added to load balancers automatically, upgrade users need to add "node.kubernetes.io/exclude-from-external-load-balancers" label to control plane nodes. ([#97543](https://github.com/kubernetes/kubernetes/pull/97543), [@pacoxu](https://github.com/pacoxu)) - -#### Deprecation - -- Aborting the drain command in a list of nodes will be deprecated. The new behavior will make the drain command go through all nodes even if one or more nodes failed during the drain. For now, users can try such experience by enabling --ignore-errors flag. ([#98203](https://github.com/kubernetes/kubernetes/pull/98203), [@yuzhiquan](https://github.com/yuzhiquan)) -- Delete deprecated `service.beta.kubernetes.io/azure-load-balancer-mixed-protocols` mixed procotol annotation in favor of the MixedProtocolLBService feature ([#97096](https://github.com/kubernetes/kubernetes/pull/97096), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Deprecate the `topologyKeys` field in Service. This capability will be replaced with upcoming work around Topology Aware Subsetting and Service Internal Traffic Policy. ([#96736](https://github.com/kubernetes/kubernetes/pull/96736), [@andrewsykim](https://github.com/andrewsykim)) [SIG Apps] -- Kube-proxy: remove deprecated --cleanup-ipvs flag of kube-proxy, and make --cleanup flag always to flush IPVS ([#97336](https://github.com/kubernetes/kubernetes/pull/97336), [@maaoBit](https://github.com/maaoBit)) [SIG Network] -- Kubeadm: deprecated command "alpha selfhosting pivot" is now removed. ([#97627](https://github.com/kubernetes/kubernetes/pull/97627), [@knight42](https://github.com/knight42)) -- Kubeadm: graduate the command `kubeadm alpha kubeconfig user` to `kubeadm kubeconfig user`. The `kubeadm alpha kubeconfig user` command is deprecated now. ([#97583](https://github.com/kubernetes/kubernetes/pull/97583), [@knight42](https://github.com/knight42)) [SIG Cluster Lifecycle] -- Kubeadm: the "kubeadm alpha certs" command is removed now, please use "kubeadm certs" instead. ([#97706](https://github.com/kubernetes/kubernetes/pull/97706), [@knight42](https://github.com/knight42)) [SIG Cluster Lifecycle] -- Kubeadm: the deprecated kube-dns is no longer supported as an option. If "ClusterConfiguration.dns.type" is set to "kube-dns" kubeadm will now throw an error. ([#99646](https://github.com/kubernetes/kubernetes/pull/99646), [@rajansandeep](https://github.com/rajansandeep)) [SIG Cluster Lifecycle] -- Kubectl: The deprecated `kubectl alpha debug` command is removed. Use `kubectl debug` instead. ([#98111](https://github.com/kubernetes/kubernetes/pull/98111), [@pandaamanda](https://github.com/pandaamanda)) [SIG CLI] -- Official support to build kubernetes with docker-machine / remote docker is removed. This change does not affect building kubernetes with docker locally. ([#97935](https://github.com/kubernetes/kubernetes/pull/97935), [@adeniyistephen](https://github.com/adeniyistephen)) [SIG Release and Testing] -- Remove deprecated `--generator, --replicas, --service-generator, --service-overrides, --schedule` from `kubectl run` - Deprecate `--serviceaccount, --hostport, --requests, --limits` in `kubectl run` ([#99732](https://github.com/kubernetes/kubernetes/pull/99732), [@soltysh](https://github.com/soltysh)) -- Remove the deprecated metrics "scheduling_algorithm_preemption_evaluation_seconds" and "binding_duration_seconds", suggest to use "scheduler_framework_extension_point_duration_seconds" instead. ([#96447](https://github.com/kubernetes/kubernetes/pull/96447), [@chendave](https://github.com/chendave)) [SIG Cluster Lifecycle, Instrumentation, Scheduling and Testing] -- Removing experimental windows container hyper-v support with Docker ([#97141](https://github.com/kubernetes/kubernetes/pull/97141), [@wawa0210](https://github.com/wawa0210)) [SIG Node and Windows] -- Rename metrics `etcd_object_counts` to `apiserver_storage_object_counts` and mark it as stable. The original `etcd_object_counts` metrics name is marked as "Deprecated" and will be removed in the future. ([#99785](https://github.com/kubernetes/kubernetes/pull/99785), [@erain](https://github.com/erain)) [SIG API Machinery, Instrumentation and Testing] -- The GA TokenRequest and TokenRequestProjection feature gates have been removed and are unconditionally enabled. Remove explicit use of those feature gates in CLI invocations. ([#97148](https://github.com/kubernetes/kubernetes/pull/97148), [@wawa0210](https://github.com/wawa0210)) [SIG Node] -- The PodSecurityPolicy API is deprecated in 1.21, and will no longer be served starting in 1.25. ([#97171](https://github.com/kubernetes/kubernetes/pull/97171), [@deads2k](https://github.com/deads2k)) [SIG Auth and CLI] -- The `batch/v2alpha1` CronJob type definitions and clients are deprecated and removed. ([#96987](https://github.com/kubernetes/kubernetes/pull/96987), [@soltysh](https://github.com/soltysh)) [SIG API Machinery, Apps, CLI and Testing] -- The `export` query parameter (inconsistently supported by API resources and deprecated in v1.14) is fully removed. Requests setting this query parameter will now receive a 400 status response. ([#98312](https://github.com/kubernetes/kubernetes/pull/98312), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Auth and Testing] -- `audit.k8s.io/v1beta1` and `audit.k8s.io/v1alpha1` audit policy configuration and audit events are deprecated in favor of `audit.k8s.io/v1`, available since v1.13. kube-apiserver invocations that specify alpha or beta policy configurations with `--audit-policy-file`, or explicitly request alpha or beta audit events with `--audit-log-version` / `--audit-webhook-version` must update to use `audit.k8s.io/v1` and accept `audit.k8s.io/v1` events prior to v1.24. ([#98858](https://github.com/kubernetes/kubernetes/pull/98858), [@carlory](https://github.com/carlory)) [SIG Auth] -- `discovery.k8s.io/v1beta1` EndpointSlices are deprecated in favor of `discovery.k8s.io/v1`, and will no longer be served in Kubernetes v1.25. ([#100472](https://github.com/kubernetes/kubernetes/pull/100472), [@liggitt](https://github.com/liggitt)) -- `diskformat` storage class parameter for in-tree vSphere volume plugin is deprecated as of v1.21 release. Please consider updating storageclass and remove `diskformat` parameter. vSphere CSI Driver does not support diskformat storageclass parameter. - - vSphere releases less than 67u3 are deprecated as of v1.21. Please consider upgrading vSphere to 67u3 or above. vSphere CSI Driver requires minimum vSphere 67u3. - - VM Hardware version less than 15 is deprecated as of v1.21. Please consider upgrading the Node VM Hardware version to 15 or above. vSphere CSI Driver recommends Node VM's Hardware version set to at least vmx-15. - - Multi vCenter support is deprecated as of v1.21. If you have a Kubernetes cluster spanning across multiple vCenter servers, please consider moving all k8s nodes to a single vCenter Server. vSphere CSI Driver does not support Kubernetes deployment spanning across multiple vCenter servers. - - Support for these deprecations will be available till Kubernetes v1.24. ([#98546](https://github.com/kubernetes/kubernetes/pull/98546), [@divyenpatel](https://github.com/divyenpatel)) - -#### API Change - -- 1. PodAffinityTerm includes a namespaceSelector field to allow selecting eligible namespaces based on their labels. - 2. A new CrossNamespacePodAffinity quota scope API that allows restricting which namespaces allowed to use PodAffinityTerm with corss-namespace reference via namespaceSelector or namespaces fields. ([#98582](https://github.com/kubernetes/kubernetes/pull/98582), [@ahg-g](https://github.com/ahg-g)) [SIG API Machinery, Apps, Auth and Testing] -- Add Probe-level terminationGracePeriodSeconds field ([#99375](https://github.com/kubernetes/kubernetes/pull/99375), [@ehashman](https://github.com/ehashman)) [SIG API Machinery, Apps, Node and Testing] -- Added `.spec.completionMode` field to Job, with accepted values `NonIndexed` (default) and `Indexed`. This is an alpha field and is only honored by servers with the `IndexedJob` feature gate enabled. ([#98441](https://github.com/kubernetes/kubernetes/pull/98441), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and CLI] -- Adds support for endPort field in NetworkPolicy ([#97058](https://github.com/kubernetes/kubernetes/pull/97058), [@rikatz](https://github.com/rikatz)) [SIG Apps and Network] -- CSIServiceAccountToken graduates to Beta and enabled by default. ([#99298](https://github.com/kubernetes/kubernetes/pull/99298), [@zshihang](https://github.com/zshihang)) -- Cluster admins can now turn off `/debug/pprof` and `/debug/flags/v` endpoint in kubelet by setting `enableProfilingHandler` and `enableDebugFlagsHandler` to `false` in the Kubelet configuration file. Options `enableProfilingHandler` and `enableDebugFlagsHandler` can be set to `true` only when `enableDebuggingHandlers` is also set to `true`. ([#98458](https://github.com/kubernetes/kubernetes/pull/98458), [@SaranBalaji90](https://github.com/SaranBalaji90)) -- DaemonSets accept a MaxSurge integer or percent on their rolling update strategy that will launch the updated pod on nodes and wait for those pods to go ready before marking the old out-of-date pods as deleted. This allows workloads to avoid downtime during upgrades when deployed using DaemonSets. This feature is alpha and is behind the DaemonSetUpdateSurge feature gate. ([#96441](https://github.com/kubernetes/kubernetes/pull/96441), [@smarterclayton](https://github.com/smarterclayton)) [SIG Apps and Testing] -- Enable SPDY pings to keep connections alive, so that `kubectl exec` and `kubectl portforward` won't be interrupted. ([#97083](https://github.com/kubernetes/kubernetes/pull/97083), [@knight42](https://github.com/knight42)) [SIG API Machinery and CLI] -- FieldManager no longer owns fields that get reset before the object is persisted (e.g. "status wiping"). ([#99661](https://github.com/kubernetes/kubernetes/pull/99661), [@kevindelgado](https://github.com/kevindelgado)) [SIG API Machinery, Auth and Testing] -- Fixes server-side apply for APIService resources. ([#98576](https://github.com/kubernetes/kubernetes/pull/98576), [@kevindelgado](https://github.com/kevindelgado)) -- Generic ephemeral volumes are beta. ([#99643](https://github.com/kubernetes/kubernetes/pull/99643), [@pohly](https://github.com/pohly)) [SIG API Machinery, Apps, Auth, CLI, Node, Storage and Testing] -- Hugepages request values are limited to integer multiples of the page size. ([#98515](https://github.com/kubernetes/kubernetes/pull/98515), [@lala123912](https://github.com/lala123912)) [SIG Apps] -- Implement the GetAvailableResources in the podresources API. ([#95734](https://github.com/kubernetes/kubernetes/pull/95734), [@fromanirh](https://github.com/fromanirh)) [SIG Instrumentation, Node and Testing] -- IngressClass resource can now reference a resource in a specific namespace - for implementation-specific configuration (previously only Cluster-level resources were allowed). - This feature can be enabled using the IngressClassNamespacedParams feature gate. ([#99275](https://github.com/kubernetes/kubernetes/pull/99275), [@hbagdi](https://github.com/hbagdi)) -- Jobs API has a new `.spec.suspend` field that can be used to suspend and resume Jobs. This is an alpha field which is only honored by servers with the `SuspendJob` feature gate enabled. ([#98727](https://github.com/kubernetes/kubernetes/pull/98727), [@adtac](https://github.com/adtac)) -- Kubelet Graceful Node Shutdown feature graduates to Beta and enabled by default. ([#99735](https://github.com/kubernetes/kubernetes/pull/99735), [@bobbypage](https://github.com/bobbypage)) -- Kubernetes is now built using go1.15.7 ([#98363](https://github.com/kubernetes/kubernetes/pull/98363), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Node, Release and Testing] -- Namespace API objects now have a `kubernetes.io/metadata.name` label matching their metadata.name field to allow selecting any namespace by its name using a label selector. ([#96968](https://github.com/kubernetes/kubernetes/pull/96968), [@jayunit100](https://github.com/jayunit100)) [SIG API Machinery, Apps, Cloud Provider, Storage and Testing] -- One new field "InternalTrafficPolicy" in Service is added. - It specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. - "Cluster" routes internal traffic to a Service to all endpoints. - "Local" routes traffic to node-local endpoints only, and traffic is dropped if no node-local endpoints are ready. - The default value is "Cluster". ([#96600](https://github.com/kubernetes/kubernetes/pull/96600), [@maplain](https://github.com/maplain)) [SIG API Machinery, Apps and Network] -- PodDisruptionBudget API objects can now contain conditions in status. ([#98127](https://github.com/kubernetes/kubernetes/pull/98127), [@mortent](https://github.com/mortent)) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Cluster Lifecycle and Instrumentation] -- PodSecurityPolicy only stores "generic" as allowed volume type if the GenericEphemeralVolume feature gate is enabled ([#98918](https://github.com/kubernetes/kubernetes/pull/98918), [@pohly](https://github.com/pohly)) [SIG Auth and Security] -- Promote CronJobs to batch/v1 ([#99423](https://github.com/kubernetes/kubernetes/pull/99423), [@soltysh](https://github.com/soltysh)) [SIG API Machinery, Apps, CLI and Testing] -- Promote Immutable Secrets/ConfigMaps feature to Stable. This allows to set `immutable` field in Secret or ConfigMap object to mark their contents as immutable. ([#97615](https://github.com/kubernetes/kubernetes/pull/97615), [@wojtek-t](https://github.com/wojtek-t)) [SIG Apps, Architecture, Node and Testing] -- Remove support for building Kubernetes with bazel. ([#99561](https://github.com/kubernetes/kubernetes/pull/99561), [@BenTheElder](https://github.com/BenTheElder)) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scalability, Scheduling, Storage, Testing and Windows] -- Scheduler extender filter interface now can report unresolvable failed nodes in the new field `FailedAndUnresolvableNodes` of `ExtenderFilterResult` struct. Nodes in this map will be skipped in the preemption phase. ([#92866](https://github.com/kubernetes/kubernetes/pull/92866), [@cofyc](https://github.com/cofyc)) [SIG Scheduling] -- Services can specify loadBalancerClass to use a custom load balancer ([#98277](https://github.com/kubernetes/kubernetes/pull/98277), [@XudongLiuHarold](https://github.com/XudongLiuHarold)) -- Storage capacity tracking (= the CSIStorageCapacity feature) graduates to Beta and enabled by default, storage.k8s.io/v1alpha1/VolumeAttachment and storage.k8s.io/v1alpha1/CSIStorageCapacity objects are deprecated ([#99641](https://github.com/kubernetes/kubernetes/pull/99641), [@pohly](https://github.com/pohly)) -- Support for Indexed Job: a Job that is considered completed when Pods associated to indexes from 0 to (.spec.completions-1) have succeeded. ([#98812](https://github.com/kubernetes/kubernetes/pull/98812), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and CLI] -- The BoundServiceAccountTokenVolume feature has been promoted to beta, and enabled by default. - - This changes the tokens provided to containers at `/var/run/secrets/kubernetes.io/serviceaccount/token` to be time-limited, auto-refreshed, and invalidated when the containing pod is deleted. - - Clients should reload the token from disk periodically (once per minute is recommended) to ensure they continue to use a valid token. `k8s.io/client-go` version v11.0.0+ and v0.15.0+ reload tokens automatically. - - By default, injected tokens are given an extended lifetime so they remain valid even after a new refreshed token is provided. The metric `serviceaccount_stale_tokens_total` can be used to monitor for workloads that are depending on the extended lifetime and are continuing to use tokens even after a refreshed token is provided to the container. If that metric indicates no existing workloads are depending on extended lifetimes, injected token lifetime can be shortened to 1 hour by starting `kube-apiserver` with `--service-account-extend-token-expiration=false`. ([#95667](https://github.com/kubernetes/kubernetes/pull/95667), [@zshihang](https://github.com/zshihang)) [SIG API Machinery, Auth, Cluster Lifecycle and Testing] -- The EndpointSlice Controllers are now GA. The `EndpointSliceController` will not populate the `deprecatedTopology` field and will only provide topology information through the `zone` and `nodeName` fields. ([#99870](https://github.com/kubernetes/kubernetes/pull/99870), [@swetharepakula](https://github.com/swetharepakula)) -- The Endpoints controller will now set the `endpoints.kubernetes.io/over-capacity` annotation to "warning" when an Endpoints resource contains more than 1000 addresses. In a future release, the controller will truncate Endpoints that exceed this limit. The EndpointSlice API can be used to support significantly larger number of addresses. ([#99975](https://github.com/kubernetes/kubernetes/pull/99975), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- The PodDisruptionBudget API has been promoted to policy/v1 with no schema changes. The only functional change is that an empty selector (`{}`) written to a policy/v1 PodDisruptionBudget now selects all pods in the namespace. The behavior of the policy/v1beta1 API remains unchanged. The policy/v1beta1 PodDisruptionBudget API is deprecated and will no longer be served in 1.25+. ([#99290](https://github.com/kubernetes/kubernetes/pull/99290), [@mortent](https://github.com/mortent)) [SIG API Machinery, Apps, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Scheduling and Testing] -- The `EndpointSlice` API is now GA. The `EndpointSlice` topology field has been removed from the GA API and will be replaced by a new per Endpoint Zone field. If the topology field was previously used, it will be converted into an annotation in the v1 Resource. The `discovery.k8s.io/v1alpha1` API is removed. ([#99662](https://github.com/kubernetes/kubernetes/pull/99662), [@swetharepakula](https://github.com/swetharepakula)) -- The `controller.kubernetes.io/pod-deletion-cost` annotation can be set to offer a hint on the cost of deleting a `Pod` compared to other pods belonging to the same ReplicaSet. Pods with lower deletion cost are deleted first. This is an alpha feature. ([#99163](https://github.com/kubernetes/kubernetes/pull/99163), [@ahg-g](https://github.com/ahg-g)) -- The kube-apiserver now resets `managedFields` that got corrupted by a mutating admission controller. ([#98074](https://github.com/kubernetes/kubernetes/pull/98074), [@kwiesmueller](https://github.com/kwiesmueller)) -- Topology Aware Hints are now available in alpha and can be enabled with the `TopologyAwareHints` feature gate. ([#99522](https://github.com/kubernetes/kubernetes/pull/99522), [@robscott](https://github.com/robscott)) [SIG API Machinery, Apps, Auth, Instrumentation, Network and Testing] -- Users might specify the `kubectl.kubernetes.io/default-exec-container` annotation in a Pod to preselect container for kubectl commands. ([#97099](https://github.com/kubernetes/kubernetes/pull/97099), [@pacoxu](https://github.com/pacoxu)) [SIG CLI] - -#### Feature -- Kubernetes is now built with Golang 1.16.8 ([#104906](https://github.com/kubernetes/kubernetes/pull/104906), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Update the setcap image to buster-v2.0.1 ([#102377](https://github.com/kubernetes/kubernetes/pull/102377), [@xmudrii](https://github.com/xmudrii)) [SIG Release] -- Add NeedResize function to kubernetes/mount-utils, user can call this function to determine if fs need to be resized ([#101253](https://github.com/kubernetes/kubernetes/pull/101253), [@AndyXiangLi](https://github.com/AndyXiangLi)) [SIG Storage] -- Base image updates to mitigate kube-proxy and etcd container image CVEs - - debian-base to buster-v1.6.0 - - debian-iptables to buster-v1.6.0 ([#100976](https://github.com/kubernetes/kubernetes/pull/100976), [@jindijamie](https://github.com/jindijamie)) [SIG Release and Testing] -- A client-go metric, rest_client_exec_plugin_call_total, has been added to track total calls to client-go credential plugins. ([#98892](https://github.com/kubernetes/kubernetes/pull/98892), [@ankeesler](https://github.com/ankeesler)) [SIG API Machinery, Auth, Cluster Lifecycle and Instrumentation] -- A new histogram metric to track the time it took to delete a job by the `TTLAfterFinished` controller ([#98676](https://github.com/kubernetes/kubernetes/pull/98676), [@ahg-g](https://github.com/ahg-g)) -- AWS cloud provider supports auto-discovering subnets without any `kubernetes.io/cluster/` tags. It also supports additional service annotation `service.beta.kubernetes.io/aws-load-balancer-subnets` to manually configure the subnets. ([#97431](https://github.com/kubernetes/kubernetes/pull/97431), [@kishorj](https://github.com/kishorj)) -- Aborting the drain command in a list of nodes will be deprecated. The new behavior will make the drain command go through all nodes even if one or more nodes failed during the drain. For now, users can try such experience by enabling --ignore-errors flag. ([#98203](https://github.com/kubernetes/kubernetes/pull/98203), [@yuzhiquan](https://github.com/yuzhiquan)) -- Add --permit-address-sharing flag to `kube-apiserver` to listen with `SO_REUSEADDR`. While allowing to listen on wildcard IPs like 0.0.0.0 and specific IPs in parallel, it avoids waiting for the kernel to release socket in `TIME_WAIT` state, and hence, considerably reducing `kube-apiserver` restart times under certain conditions. ([#93861](https://github.com/kubernetes/kubernetes/pull/93861), [@sttts](https://github.com/sttts)) -- Add `csi_operations_seconds` metric on kubelet that exposes CSI operations duration and status for node CSI operations. ([#98979](https://github.com/kubernetes/kubernetes/pull/98979), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Instrumentation and Storage] -- Add `migrated` field into `storage_operation_duration_seconds` metric ([#99050](https://github.com/kubernetes/kubernetes/pull/99050), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Apps, Instrumentation and Storage] -- Add flag --lease-reuse-duration-seconds for kube-apiserver to config etcd lease reuse duration. ([#97009](https://github.com/kubernetes/kubernetes/pull/97009), [@lingsamuel](https://github.com/lingsamuel)) [SIG API Machinery and Scalability] -- Add metric etcd_lease_object_counts for kube-apiserver to observe max objects attached to a single etcd lease. ([#97480](https://github.com/kubernetes/kubernetes/pull/97480), [@lingsamuel](https://github.com/lingsamuel)) [SIG API Machinery, Instrumentation and Scalability] -- Add support to generate client-side binaries for new darwin/arm64 platform ([#97743](https://github.com/kubernetes/kubernetes/pull/97743), [@dims](https://github.com/dims)) [SIG Release and Testing] -- Added `ephemeral_volume_controller_create[_failures]_total` counters to kube-controller-manager metrics ([#99115](https://github.com/kubernetes/kubernetes/pull/99115), [@pohly](https://github.com/pohly)) [SIG API Machinery, Apps, Cluster Lifecycle, Instrumentation and Storage] -- Added support for installing `arm64` node artifacts. ([#99242](https://github.com/kubernetes/kubernetes/pull/99242), [@liu-cong](https://github.com/liu-cong)) -- Adds alpha feature `VolumeCapacityPriority` which makes the scheduler prioritize nodes based on the best matching size of statically provisioned PVs across multiple topologies. ([#96347](https://github.com/kubernetes/kubernetes/pull/96347), [@cofyc](https://github.com/cofyc)) [SIG Apps, Network, Scheduling, Storage and Testing] -- Adds the ability to pass --strict-transport-security-directives to the kube-apiserver to set the HSTS header appropriately. Be sure you understand the consequences to browsers before setting this field. ([#96502](https://github.com/kubernetes/kubernetes/pull/96502), [@249043822](https://github.com/249043822)) [SIG Auth] -- Adds two new metrics to cronjobs, a histogram to track the time difference when a job is created and the expected time when it should be created, as well as a gauge for the missed schedules of a cronjob ([#99341](https://github.com/kubernetes/kubernetes/pull/99341), [@alaypatel07](https://github.com/alaypatel07)) -- Alpha implementation of Kubectl Command Headers: SIG CLI KEP 859 enabled when KUBECTL_COMMAND_HEADERS environment variable set on the client command line. ([#98952](https://github.com/kubernetes/kubernetes/pull/98952), [@seans3](https://github.com/seans3)) -- Base-images: Update to debian-iptables:buster-v1.4.0 - - Uses iptables 1.8.5 - - base-images: Update to debian-base:buster-v1.3.0 - - cluster/images/etcd: Build etcd:3.4.13-2 image - - Uses debian-base:buster-v1.3.0 ([#98401](https://github.com/kubernetes/kubernetes/pull/98401), [@pacoxu](https://github.com/pacoxu)) [SIG Testing] -- CRIContainerLogRotation graduates to GA and unconditionally enabled. ([#99651](https://github.com/kubernetes/kubernetes/pull/99651), [@umohnani8](https://github.com/umohnani8)) -- Component owner can configure the allowlist of metric label with flag '--allow-metric-labels'. ([#99385](https://github.com/kubernetes/kubernetes/pull/99385), [@YoyinZyc](https://github.com/YoyinZyc)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Release] -- Component owner can configure the allowlist of metric label with flag '--allow-metric-labels'. ([#99738](https://github.com/kubernetes/kubernetes/pull/99738), [@YoyinZyc](https://github.com/YoyinZyc)) [SIG API Machinery, Cluster Lifecycle and Instrumentation] -- EmptyDir memory backed volumes are sized as the the minimum of pod allocatable memory on a host and an optional explicit user provided value. ([#100319](https://github.com/kubernetes/kubernetes/pull/100319), [@derekwaynecarr](https://github.com/derekwaynecarr)) [SIG Node] -- Enables Kubelet to check volume condition and log events to corresponding pods. ([#99284](https://github.com/kubernetes/kubernetes/pull/99284), [@fengzixu](https://github.com/fengzixu)) [SIG Apps, Instrumentation, Node and Storage] -- EndpointSliceNodeName graduates to GA and thus will be unconditionally enabled -- NodeName will always be available in the v1beta1 API. ([#99746](https://github.com/kubernetes/kubernetes/pull/99746), [@swetharepakula](https://github.com/swetharepakula)) -- Export `NewDebuggingRoundTripper` function and `DebugLevel` options in the k8s.io/client-go/transport package. ([#98324](https://github.com/kubernetes/kubernetes/pull/98324), [@atosatto](https://github.com/atosatto)) -- Kube-proxy iptables: new metric sync_proxy_rules_iptables_total that exposes the number of rules programmed per table in each iteration ([#99653](https://github.com/kubernetes/kubernetes/pull/99653), [@aojea](https://github.com/aojea)) [SIG Instrumentation and Network] -- Kube-scheduler now logs plugin scoring summaries at --v=4 ([#99411](https://github.com/kubernetes/kubernetes/pull/99411), [@damemi](https://github.com/damemi)) [SIG Scheduling] -- Kubeadm now includes CoreDNS v1.8.0. ([#96429](https://github.com/kubernetes/kubernetes/pull/96429), [@rajansandeep](https://github.com/rajansandeep)) [SIG Cluster Lifecycle] -- Kubeadm: IPv6DualStack feature gate graduates to Beta and enabled by default ([#99294](https://github.com/kubernetes/kubernetes/pull/99294), [@pacoxu](https://github.com/pacoxu)) -- Kubeadm: a warning to user as ipv6 site-local is deprecated ([#99574](https://github.com/kubernetes/kubernetes/pull/99574), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle and Network] -- Kubeadm: add support for certificate chain validation. When using kubeadm in external CA mode, this allows an intermediate CA to be used to sign the certificates. The intermediate CA certificate must be appended to each signed certificate for this to work correctly. ([#97266](https://github.com/kubernetes/kubernetes/pull/97266), [@robbiemcmichael](https://github.com/robbiemcmichael)) [SIG Cluster Lifecycle] -- Kubeadm: amend the node kernel validation to treat CGROUP_PIDS, FAIR_GROUP_SCHED as required and CFS_BANDWIDTH, CGROUP_HUGETLB as optional ([#96378](https://github.com/kubernetes/kubernetes/pull/96378), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Node] -- Kubeadm: apply the "node.kubernetes.io/exclude-from-external-load-balancers" label on control plane nodes during "init", "join" and "upgrade" to preserve backwards compatibility with the lagacy LB mode where nodes labeled as "master" where excluded. To opt-out you can remove the label from a node. See #97543 and the linked KEP for more details. ([#98269](https://github.com/kubernetes/kubernetes/pull/98269), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: if the user has customized their image repository via the kubeadm configuration, pass the custom pause image repository and tag to the kubelet via --pod-infra-container-image not only for Docker but for all container runtimes. This flag tells the kubelet that it should not garbage collect the image. ([#99476](https://github.com/kubernetes/kubernetes/pull/99476), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: perform pre-flight validation on host/node name upon `kubeadm init` and `kubeadm join`, showing warnings on non-compliant names ([#99194](https://github.com/kubernetes/kubernetes/pull/99194), [@pacoxu](https://github.com/pacoxu)) -- Kubectl version changed to write a warning message to stderr if the client and server version difference exceeds the supported version skew of +/-1 minor version. ([#98250](https://github.com/kubernetes/kubernetes/pull/98250), [@brianpursley](https://github.com/brianpursley)) [SIG CLI] -- Kubectl: Add `--use-protocol-buffers` flag to kubectl top pods and nodes. ([#96655](https://github.com/kubernetes/kubernetes/pull/96655), [@serathius](https://github.com/serathius)) -- Kubectl: `kubectl get` will omit managed fields by default now. Users could set `--show-managed-fields` to true to show managedFields when the output format is either `json` or `yaml`. ([#96878](https://github.com/kubernetes/kubernetes/pull/96878), [@knight42](https://github.com/knight42)) [SIG CLI and Testing] -- Kubectl: a Pod can be preselected as default container using `kubectl.kubernetes.io/default-container` annotation ([#99833](https://github.com/kubernetes/kubernetes/pull/99833), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Kubectl: add bash-completion for comma separated list on `kubectl get` ([#98301](https://github.com/kubernetes/kubernetes/pull/98301), [@phil9909](https://github.com/phil9909)) -- Kubernetes is now built using go1.15.8 ([#98834](https://github.com/kubernetes/kubernetes/pull/98834), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Kubernetes is now built with Golang 1.16 ([#98572](https://github.com/kubernetes/kubernetes/pull/98572), [@justaugustus](https://github.com/justaugustus)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release and Testing] -- Kubernetes is now built with Golang 1.16.1 ([#100106](https://github.com/kubernetes/kubernetes/pull/100106), [@justaugustus](https://github.com/justaugustus)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Metrics can now be disabled explicitly via a command line flag (i.e. '--disabled-metrics=metric1,metric2') ([#99217](https://github.com/kubernetes/kubernetes/pull/99217), [@logicalhan](https://github.com/logicalhan)) -- New admission controller `DenyServiceExternalIPs` is available. Clusters which do not *need* the Service `externalIPs` feature should enable this controller and be more secure. ([#97395](https://github.com/kubernetes/kubernetes/pull/97395), [@thockin](https://github.com/thockin)) -- Overall, enable the feature of `PreferNominatedNode` will improve the performance of scheduling where preemption might frequently happen, but in theory, enable the feature of `PreferNominatedNode`, the pod might not be scheduled to the best candidate node in the cluster. ([#93179](https://github.com/kubernetes/kubernetes/pull/93179), [@chendave](https://github.com/chendave)) [SIG Scheduling and Testing] -- Persistent Volumes formatted with the btrfs filesystem will now automatically resize when expanded. ([#99361](https://github.com/kubernetes/kubernetes/pull/99361), [@Novex](https://github.com/Novex)) [SIG Storage] -- Port the devicemanager to Windows node to allow device plugins like directx ([#93285](https://github.com/kubernetes/kubernetes/pull/93285), [@aarnaud](https://github.com/aarnaud)) [SIG Node, Testing and Windows] -- Removes cAdvisor JSON metrics (/stats/container, /stats//, /stats////) from the kubelet. ([#99236](https://github.com/kubernetes/kubernetes/pull/99236), [@pacoxu](https://github.com/pacoxu)) -- Rename metrics `etcd_object_counts` to `apiserver_storage_object_counts` and mark it as stable. The original `etcd_object_counts` metrics name is marked as "Deprecated" and will be removed in the future. ([#99785](https://github.com/kubernetes/kubernetes/pull/99785), [@erain](https://github.com/erain)) [SIG API Machinery, Instrumentation and Testing] -- Sysctls graduates to General Availability and thus unconditionally enabled. ([#99158](https://github.com/kubernetes/kubernetes/pull/99158), [@wgahnagl](https://github.com/wgahnagl)) -- The Kubernetes pause image manifest list now contains an image for Windows Server 20H2. ([#97322](https://github.com/kubernetes/kubernetes/pull/97322), [@claudiubelu](https://github.com/claudiubelu)) [SIG Windows] -- The NodeAffinity plugin implements the PreFilter extension, offering enhanced performance for Filter. ([#99213](https://github.com/kubernetes/kubernetes/pull/99213), [@AliceZhang2016](https://github.com/AliceZhang2016)) [SIG Scheduling] -- The `CronJobControllerV2` feature flag graduates to Beta and set to be enabled by default. ([#98878](https://github.com/kubernetes/kubernetes/pull/98878), [@soltysh](https://github.com/soltysh)) -- The `EndpointSlice` mirroring controller mirrors endpoints annotations and labels to the generated endpoint slices, it also ensures that updates on any of these fields are mirrored. - The well-known annotation `endpoints.kubernetes.io/last-change-trigger-time` is skipped and not mirrored. ([#98116](https://github.com/kubernetes/kubernetes/pull/98116), [@aojea](https://github.com/aojea)) -- The `RunAsGroup` feature has been promoted to GA in this release. ([#94641](https://github.com/kubernetes/kubernetes/pull/94641), [@krmayankk](https://github.com/krmayankk)) [SIG Auth and Node] -- The `ServiceAccountIssuerDiscovery` feature has graduated to GA, and is unconditionally enabled. The `ServiceAccountIssuerDiscovery` feature-gate will be removed in 1.22. ([#98553](https://github.com/kubernetes/kubernetes/pull/98553), [@mtaufen](https://github.com/mtaufen)) [SIG API Machinery, Auth and Testing] -- The `TTLAfterFinished` feature flag is now beta and enabled by default ([#98678](https://github.com/kubernetes/kubernetes/pull/98678), [@ahg-g](https://github.com/ahg-g)) -- The apimachinery util/net function used to detect the bind address `ResolveBindAddress()` takes into consideration global IP addresses on loopback interfaces when 1) the host has default routes, or 2) there are no global IPs on those interfaces in order to support more complex network scenarios like BGP Unnumbered RFC 5549 ([#95790](https://github.com/kubernetes/kubernetes/pull/95790), [@aojea](https://github.com/aojea)) [SIG Network] -- The feature gate `RootCAConfigMap` graduated to GA in v1.21 and therefore will be unconditionally enabled. This flag will be removed in v1.22 release. ([#98033](https://github.com/kubernetes/kubernetes/pull/98033), [@zshihang](https://github.com/zshihang)) -- The pause image upgraded to `v3.4.1` in kubelet and kubeadm for both Linux and Windows. ([#98205](https://github.com/kubernetes/kubernetes/pull/98205), [@pacoxu](https://github.com/pacoxu)) -- Update pause container to run as pseudo user and group `65535:65535`. This implies the release of version 3.5 of the container images. ([#97963](https://github.com/kubernetes/kubernetes/pull/97963), [@saschagrunert](https://github.com/saschagrunert)) [SIG CLI, Cloud Provider, Cluster Lifecycle, Node, Release, Security and Testing] -- Update the latest validated version of Docker to 20.10 ([#98977](https://github.com/kubernetes/kubernetes/pull/98977), [@neolit123](https://github.com/neolit123)) [SIG CLI, Cluster Lifecycle and Node] -- Upgrade node local dns to 1.17.0 for better IPv6 support ([#99749](https://github.com/kubernetes/kubernetes/pull/99749), [@pacoxu](https://github.com/pacoxu)) [SIG Cloud Provider and Network] -- Upgrades `IPv6Dualstack` to `Beta` and turns it on by default. New clusters or existing clusters are not be affected until an actor starts adding secondary Pods and service CIDRS CLI flags as described here: [IPv4/IPv6 Dual-stack](https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/563-dual-stack) ([#98969](https://github.com/kubernetes/kubernetes/pull/98969), [@khenidak](https://github.com/khenidak)) -- Users might specify the `kubectl.kubernetes.io/default-container` annotation in a Pod to preselect container for kubectl commands. ([#99581](https://github.com/kubernetes/kubernetes/pull/99581), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG CLI] -- When downscaling ReplicaSets, ready and creation timestamps are compared in a logarithmic scale. ([#99212](https://github.com/kubernetes/kubernetes/pull/99212), [@damemi](https://github.com/damemi)) [SIG Apps and Testing] -- When the kubelet is watching a ConfigMap or Secret purely in the context of setting environment variables - for containers, only hold that watch for a defined duration before cancelling it. This change reduces the CPU - and memory usage of the kube-apiserver in large clusters. ([#99393](https://github.com/kubernetes/kubernetes/pull/99393), [@chenyw1990](https://github.com/chenyw1990)) [SIG API Machinery, Node and Testing] -- WindowsEndpointSliceProxying feature gate has graduated to beta and is enabled by default. This means kube-proxy will read from EndpointSlices instead of Endpoints on Windows by default. ([#99794](https://github.com/kubernetes/kubernetes/pull/99794), [@robscott](https://github.com/robscott)) [SIG Network] -- `kubectl wait` ensures that observedGeneration >= generation to prevent stale state reporting. An example scenario can be found on CRD updates. ([#97408](https://github.com/kubernetes/kubernetes/pull/97408), [@KnicKnic](https://github.com/KnicKnic)) - -#### Failing Test -- Fixes the `should receive events on concurrent watches in same order` conformance test to work properly on clusters that auto-create additional configmaps in namespaces ([#101950](https://github.com/kubernetes/kubernetes/pull/101950), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing] -- Fixed generic ephemeal volumes with OwnerReferencesPermissionEnforcement admission plugin enabled. ([#101186](https://github.com/kubernetes/kubernetes/pull/101186), [@jsafrane](https://github.com/jsafrane)) [SIG Auth and Storage] -- Resolves an issue with the "ServiceAccountIssuerDiscovery should support OIDC discovery" conformance test failing on clusters which are configured with issuers outside the cluster ([#101725](https://github.com/kubernetes/kubernetes/pull/101725), [@mtaufen](https://github.com/mtaufen)) [SIG Auth and Testing] -- Escape the special characters like `[`, `]` and ` ` that exist in vsphere windows path ([#98830](https://github.com/kubernetes/kubernetes/pull/98830), [@liyanhui1228](https://github.com/liyanhui1228)) [SIG Storage and Windows] -- Kube-proxy: fix a bug on UDP `NodePort` Services where stale connection tracking entries may blackhole the traffic directed to the `NodePort` ([#98305](https://github.com/kubernetes/kubernetes/pull/98305), [@aojea](https://github.com/aojea)) -- Kubelet: fixes a bug in the HostPort dockershim implementation that caused the conformance test "HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" to fail. ([#98755](https://github.com/kubernetes/kubernetes/pull/98755), [@aojea](https://github.com/aojea)) [SIG Cloud Provider, Network and Node] - - -#### Bug or Regression -- Fix NodeAuthenticator tests in dualstack ([#104840](https://github.com/kubernetes/kubernetes/pull/104840), [@ardaguclu](https://github.com/ardaguclu)) [SIG Auth and Testing] -- Fix: skip case sensitivity when checking Azure NSG rules - fix: ensure InstanceShutdownByProviderID return false for creating Azure VMs ([#104447](https://github.com/kubernetes/kubernetes/pull/104447), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Fixed occasional pod cgroup freeze when using cgroup v1 and systemd driver. - Fixed "failed to create container ... unit already exists" when using cgroup v1 and systemd driver. ([#104530](https://github.com/kubernetes/kubernetes/pull/104530), [@kolyshkin](https://github.com/kolyshkin)) [SIG CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Storage and Testing] -- Kube-proxy: delete stale conntrack UDP entries for loadbalancer ingress IP. ([#104151](https://github.com/kubernetes/kubernetes/pull/104151), [@aojea](https://github.com/aojea)) [SIG Network] -- Metrics changes: Fix exposed buckets of `scheduler_volume_scheduling_duration_seconds_bucket` metric ([#100720](https://github.com/kubernetes/kubernetes/pull/100720), [@dntosas](https://github.com/dntosas)) [SIG Apps, Instrumentation, Scheduling and Storage] -- Pass additional flags to subpath mount to avoid flakes in certain conditions ([#104347](https://github.com/kubernetes/kubernetes/pull/104347), [@mauriciopoppe](https://github.com/mauriciopoppe)) [SIG Storage] -- When using `kubectl replace` (or the equivalent API call) on a Service, the caller no longer needs to do a read-modify-write cycle to fetch the allocated values for `.spec.clusterIP` and `.spec.ports[].nodePort`. Instead the API server will automatically carry these forward from the original object when the new object does not specify them. ([#104673](https://github.com/kubernetes/kubernetes/pull/104673), [@thockin](https://github.com/thockin)) [SIG Network] -- Disable aufs module for gce clusters ([#103831](https://github.com/kubernetes/kubernetes/pull/103831), [@lizhuqi](https://github.com/lizhuqi)) [SIG Cloud Provider] -- Fix kube-apiserver metric reporting for the deprecated watch path of /api//watch/... ([#104190](https://github.com/kubernetes/kubernetes/pull/104190), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery and Instrumentation] -- Fix the code is leaking the defaulting between unrelated pod instances. ([#103284](https://github.com/kubernetes/kubernetes/pull/103284), [@kebe7jun](https://github.com/kebe7jun)) [SIG CLI] -- Fix: Provide IPv6 support for internal load balancer ([#103794](https://github.com/kubernetes/kubernetes/pull/103794), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix: cleanup outdated routes ([#102935](https://github.com/kubernetes/kubernetes/pull/102935), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix: delete non existing disk issue ([#102083](https://github.com/kubernetes/kubernetes/pull/102083), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix: ignore not a VMSS error for VMAS nodes in reconcileBackendPools ([#103997](https://github.com/kubernetes/kubernetes/pull/103997), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix: return empty VMAS name if using standalone VM ([#103470](https://github.com/kubernetes/kubernetes/pull/103470), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fixed a bug that scheduler extenders are not called on preemptions ([#103019](https://github.com/kubernetes/kubernetes/pull/103019), [@ordovicia](https://github.com/ordovicia)) [SIG Scheduling] -- Fixes an issue cleaning up CertificateSigningRequest objects with an unparseable `status.certificate` field ([#103948](https://github.com/kubernetes/kubernetes/pull/103948), [@liggitt](https://github.com/liggitt)) [SIG Apps and Auth] -- Fixes issue with websocket-based watches of Service objects not closing correctly on timeout ([#102541](https://github.com/kubernetes/kubernetes/pull/102541), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing] -- Fix scoring for NodeResourcesMostAllocated and NodeResourcesBalancedAllocation plugins when nodes have containers with no requests. This was leaving to under-utilization of small nodes. ([#102925](https://github.com/kubernetes/kubernetes/pull/102925), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling] -- ServiceOwnsFrontendIP shouldn't report error when the public IP doesn't match ([#102516](https://github.com/kubernetes/kubernetes/pull/102516), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Switch scheduler to generate the merge patch on pod status instead of the full pod ([#103133](https://github.com/kubernetes/kubernetes/pull/103133), [@marwanad](https://github.com/marwanad)) [SIG Scheduling] -- VSphere: Fix regression during attach disk if datastore is within a storage folder or datastore cluster. ([#102969](https://github.com/kubernetes/kubernetes/pull/102969), [@gnufied](https://github.com/gnufied)) [SIG Cloud Provider] -- Added jitter factor to lease controller that better smears load on kube-apiserver over time. ([#101652](https://github.com/kubernetes/kubernetes/pull/101652), [@marseel](https://github.com/marseel)) [SIG API Machinery and Scalability] -- Avoid caching the Azure VMSS instances whose network profile is nil ([#100948](https://github.com/kubernetes/kubernetes/pull/100948), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Azure: avoid setting cached Sku when updating VMSS and VMSS instances ([#102005](https://github.com/kubernetes/kubernetes/pull/102005), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Fix a bug on the endpoint slices mirroring controller where endpoint NotReadyAddresses were mirrored as Ready to the corresponding EndpointSlice ([#102683](https://github.com/kubernetes/kubernetes/pull/102683), [@aojea](https://github.com/aojea)) [SIG Apps and Network] -- Fix a bug that a preemptor pod may exist as a phantom in the scheduler. ([#102498](https://github.com/kubernetes/kubernetes/pull/102498), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling] -- Fix removing pods from podTopologyHints mapping ([#101892](https://github.com/kubernetes/kubernetes/pull/101892), [@aheng-ch](https://github.com/aheng-ch)) [SIG Node] -- Fix resource enforcement when using systemd cgroup driver ([#102147](https://github.com/kubernetes/kubernetes/pull/102147), [@kolyshkin](https://github.com/kolyshkin)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Storage and Testing] -- Fix: avoid nil-pointer panic when checking the frontend IP configuration ([#101739](https://github.com/kubernetes/kubernetes/pull/101739), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix: not tagging static public IP ([#101752](https://github.com/kubernetes/kubernetes/pull/101752), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fixed false-positive uncertain volume attachments, which led to unexpected detachment of CSI migrated volumes ([#101737](https://github.com/kubernetes/kubernetes/pull/101737), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Apps and Storage] -- Fixed garbage collection of dangling VolumeAttachments for PersistentVolumes migrated to CSI on startup of kube-controller-manager. ([#102176](https://github.com/kubernetes/kubernetes/pull/102176), [@timebertt](https://github.com/timebertt)) [SIG Apps and Storage] -- Kube-proxy log now shows the "Skipping topology aware endpoint filtering since no hints were provided for zone" warning under the right conditions ([#101857](https://github.com/kubernetes/kubernetes/pull/101857), [@dervoeti](https://github.com/dervoeti)) [SIG Network] -- Kubeadm: remove the "ephemeral_storage" request from the etcd static pod that kubeadm deploys on stacked etcd control plane nodes. This request has caused sporadic failures on some setups due to a problem in the kubelet with cadvisor and the LocalStorageCapacityIsolation feature gate. See this issue for more details: https://github.com/kubernetes/kubernetes/issues/99305 ([#102673](https://github.com/kubernetes/kubernetes/pull/102673), [@jackfrancis](https://github.com/jackfrancis)) [SIG Cluster Lifecycle] -- Kubeadm: when using a custom image repository for CoreDNS kubeadm now will append the "coredns" image name instead of "coredns/coredns", thus restoring the behaviour existing before the v1.21 release. Users who rely on nested folder for the coredns image should set the "clusterConfiguration.dns.imageRepository" value including the nested path name (e.g using "registry.company.xyz/coredns" will force kubeadm to use "registry.company.xyz/coredns/coredns" image). No action is needed if using the default registry (k8s.gcr.io). ([#102502](https://github.com/kubernetes/kubernetes/pull/102502), [@ykakarap](https://github.com/ykakarap)) [SIG Cluster Lifecycle] -- Register/Deregister Targets in chunks for AWS TargetGroup ([#101592](https://github.com/kubernetes/kubernetes/pull/101592), [@M00nF1sh](https://github.com/M00nF1sh)) [SIG Cloud Provider] -- Respect annotation size limit for server-side apply updates to the client-side apply annotation. Also, fix opt-out of this behavior by setting the client-side apply annotation to the empty string. ([#102105](https://github.com/kubernetes/kubernetes/pull/102105), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG API Machinery] -- Reverted the previous fix for portforward cleanup because it introduced a kubelet regression which can lead into segmentation faults. ([#102587](https://github.com/kubernetes/kubernetes/pull/102587), [@saschagrunert](https://github.com/saschagrunert)) [SIG API Machinery and Node] -- Adds node event handlers to dual stack kube-proxy implementation to fix Topology Aware Hints. ([#101054](https://github.com/kubernetes/kubernetes/pull/101054), [@robscott](https://github.com/robscott)) [SIG Network] -- Azurefile: Normalize share name to not include capital letters ([#100731](https://github.com/kubernetes/kubernetes/pull/100731), [@kassarl](https://github.com/kassarl)) [SIG Cloud Provider and Storage] -- EndpointSlice IP validation now matches Endpoints IP validation. ([#101084](https://github.com/kubernetes/kubernetes/pull/101084), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- Ensure service deleted when the Azure resource group has been deleted ([#100944](https://github.com/kubernetes/kubernetes/pull/100944), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Fix EndpointSlice describe panic when an Endpoint doesn't have zone ([#101025](https://github.com/kubernetes/kubernetes/pull/101025), [@tnqn](https://github.com/tnqn)) [SIG CLI] -- Fix display of Job completion mode on kubectl describe ([#101198](https://github.com/kubernetes/kubernetes/pull/101198), [@alculquicondor](https://github.com/alculquicondor)) [SIG CLI] -- Fix: azure file inline volume namespace issue in csi migration translation ([#101235](https://github.com/kubernetes/kubernetes/pull/101235), [@andyzhangx](https://github.com/andyzhangx)) [SIG Apps, Cloud Provider, Node and Storage] -- Fix: set "host is down" as corrupted mount ([#101398](https://github.com/kubernetes/kubernetes/pull/101398), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fixed a bug where startupProbe stopped working after a container's first restart ([#101093](https://github.com/kubernetes/kubernetes/pull/101093), [@wzshiming](https://github.com/wzshiming)) [SIG Node] -- Fixed port-forward memory leak for long-running and heavily used connections. ([#99839](https://github.com/kubernetes/kubernetes/pull/99839), [@saschagrunert](https://github.com/saschagrunert)) [SIG API Machinery and Node] -- Kubectl create service now respects namespace flag ([#101005](https://github.com/kubernetes/kubernetes/pull/101005), [@zxh326](https://github.com/zxh326)) [SIG CLI] -- Kubelet: improve the performance when waiting for a synchronization of the node list with the kube-apiserver ([#99336](https://github.com/kubernetes/kubernetes/pull/99336), [@neolit123](https://github.com/neolit123)) [SIG Node] -- No support endpointslice in linux userpace mode ([#101504](https://github.com/kubernetes/kubernetes/pull/101504), [@JornShen](https://github.com/JornShen)) [SIG Network] -- Renames the timeout field for the DelegatingAuthenticationOptions to TokenRequestTimeout and set the timeout only for the token review client. Previously the timeout was also applied to watches making them reconnecting every 10 seconds. ([#101102](https://github.com/kubernetes/kubernetes/pull/101102), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery, Auth and Cloud Provider] -- Respect ExecProbeTimeout=false for dockershim ([#101127](https://github.com/kubernetes/kubernetes/pull/101127), [@jackfrancis](https://github.com/jackfrancis)) [SIG Node and Testing] -- Upgrades functionality of `kubectl kustomize` as described at https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.1.0 ([#101177](https://github.com/kubernetes/kubernetes/pull/101177), [@KnVerey](https://github.com/KnVerey)) [SIG CLI] -- AcceleratorStats will be available in the Summary API of kubelet when cri_stats_provider is used. ([#96873](https://github.com/kubernetes/kubernetes/pull/96873), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG Node] -- All data is no longer automatically deleted when a failure is detected during creation of the volume data file on a CSI volume. Now only the data file and volume path is removed. ([#96021](https://github.com/kubernetes/kubernetes/pull/96021), [@huffmanca](https://github.com/huffmanca)) -- Clean ReplicaSet by revision instead of creation timestamp in deployment controller ([#97407](https://github.com/kubernetes/kubernetes/pull/97407), [@waynepeking348](https://github.com/waynepeking348)) [SIG Apps] -- Cleanup subnet in frontend IP configs to prevent huge subnet request bodies in some scenarios. ([#98133](https://github.com/kubernetes/kubernetes/pull/98133), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Client-go exec credential plugins will pass stdin only when interactive terminal is detected on stdin. This fixes a bug where previously it was checking if **stdout** is an interactive terminal. ([#99654](https://github.com/kubernetes/kubernetes/pull/99654), [@ankeesler](https://github.com/ankeesler)) -- Cloud-controller-manager: routes controller should not depend on --allocate-node-cidrs ([#97029](https://github.com/kubernetes/kubernetes/pull/97029), [@andrewsykim](https://github.com/andrewsykim)) [SIG Cloud Provider and Testing] -- Cluster Autoscaler version bump to v1.20.0 ([#97011](https://github.com/kubernetes/kubernetes/pull/97011), [@towca](https://github.com/towca)) -- Creating a PVC with DataSource should fail for non-CSI plugins. ([#97086](https://github.com/kubernetes/kubernetes/pull/97086), [@xing-yang](https://github.com/xing-yang)) [SIG Apps and Storage] -- EndpointSlice controller is now less likely to emit FailedToUpdateEndpointSlices events. ([#99345](https://github.com/kubernetes/kubernetes/pull/99345), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- EndpointSlice controllers are less likely to create duplicate EndpointSlices. ([#100103](https://github.com/kubernetes/kubernetes/pull/100103), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- EndpointSliceMirroring controller is now less likely to emit FailedToUpdateEndpointSlices events. ([#99756](https://github.com/kubernetes/kubernetes/pull/99756), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- Ensure all vSphere nodes are are tracked by volume attach-detach controller ([#96689](https://github.com/kubernetes/kubernetes/pull/96689), [@gnufied](https://github.com/gnufied)) -- Ensure empty string annotations are copied over in rollbacks. ([#94858](https://github.com/kubernetes/kubernetes/pull/94858), [@waynepeking348](https://github.com/waynepeking348)) -- Ensure only one LoadBalancer rule is created when HA mode is enabled ([#99825](https://github.com/kubernetes/kubernetes/pull/99825), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Ensure that client-go's EventBroadcaster is safe (non-racy) during shutdown. ([#95664](https://github.com/kubernetes/kubernetes/pull/95664), [@DirectXMan12](https://github.com/DirectXMan12)) [SIG API Machinery] -- Explicitly pass `KUBE_BUILD_CONFORMANCE=y` in `package-tarballs` to reenable building the conformance tarballs. ([#100571](https://github.com/kubernetes/kubernetes/pull/100571), [@puerco](https://github.com/puerco)) -- Fix Azure file migration e2e test failure when CSIMigration is turned on. ([#97877](https://github.com/kubernetes/kubernetes/pull/97877), [@andyzhangx](https://github.com/andyzhangx)) -- Fix CSI-migrated inline EBS volumes failing to mount if their volumeID is prefixed by aws:// ([#96821](https://github.com/kubernetes/kubernetes/pull/96821), [@wongma7](https://github.com/wongma7)) [SIG Storage] -- Fix CVE-2020-8555 for Gluster client connections. ([#97922](https://github.com/kubernetes/kubernetes/pull/97922), [@liggitt](https://github.com/liggitt)) [SIG Storage] -- Fix NPE in ephemeral storage eviction ([#98261](https://github.com/kubernetes/kubernetes/pull/98261), [@wzshiming](https://github.com/wzshiming)) [SIG Node] -- Fix PermissionDenied issue on SMB mount for Windows ([#99550](https://github.com/kubernetes/kubernetes/pull/99550), [@andyzhangx](https://github.com/andyzhangx)) -- Fix bug that would let the Horizontal Pod Autoscaler scale down despite at least one metric being unavailable/invalid ([#99514](https://github.com/kubernetes/kubernetes/pull/99514), [@mikkeloscar](https://github.com/mikkeloscar)) [SIG Apps and Autoscaling] -- Fix cgroup handling for systemd with cgroup v2 ([#98365](https://github.com/kubernetes/kubernetes/pull/98365), [@odinuge](https://github.com/odinuge)) [SIG Node] -- Fix counting error in service/nodeport/loadbalancer quota check ([#97451](https://github.com/kubernetes/kubernetes/pull/97451), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery, Network and Testing] -- Fix errors when accessing Windows container stats for Dockershim ([#98510](https://github.com/kubernetes/kubernetes/pull/98510), [@jsturtevant](https://github.com/jsturtevant)) [SIG Node and Windows] -- Fix kube-proxy container image architecture for non amd64 images. ([#98526](https://github.com/kubernetes/kubernetes/pull/98526), [@saschagrunert](https://github.com/saschagrunert)) -- Fix missing cadvisor machine metrics. ([#97006](https://github.com/kubernetes/kubernetes/pull/97006), [@lingsamuel](https://github.com/lingsamuel)) [SIG Node] -- Fix nil VMSS name when setting service to auto mode ([#97366](https://github.com/kubernetes/kubernetes/pull/97366), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix privileged config of Pod Sandbox which was previously ignored. ([#96877](https://github.com/kubernetes/kubernetes/pull/96877), [@xeniumlee](https://github.com/xeniumlee)) -- Fix the panic when kubelet registers if a node object already exists with no Status.Capacity or Status.Allocatable ([#95269](https://github.com/kubernetes/kubernetes/pull/95269), [@SataQiu](https://github.com/SataQiu)) [SIG Node] -- Fix the regression with the slow pods termination. Before this fix pods may take an additional time to terminate - up to one minute. Reversing the change that ensured that CNI resources cleaned up when the pod is removed on API server. ([#97980](https://github.com/kubernetes/kubernetes/pull/97980), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) [SIG Node] -- Fix to recover CSI volumes from certain dangling attachments ([#96617](https://github.com/kubernetes/kubernetes/pull/96617), [@yuga711](https://github.com/yuga711)) [SIG Apps and Storage] -- Fix: azure file latency issue for metadata-heavy workloads ([#97082](https://github.com/kubernetes/kubernetes/pull/97082), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fixed Cinder volume IDs on OpenStack Train ([#96673](https://github.com/kubernetes/kubernetes/pull/96673), [@jsafrane](https://github.com/jsafrane)) [SIG Cloud Provider] -- Fixed FibreChannel volume plugin corrupting filesystems on detach of multipath volumes. ([#97013](https://github.com/kubernetes/kubernetes/pull/97013), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Fixed a bug in kubelet that will saturate CPU utilization after containerd got restarted. ([#97174](https://github.com/kubernetes/kubernetes/pull/97174), [@hanlins](https://github.com/hanlins)) [SIG Node] -- Fixed a bug that causes smaller number of conntrack-max being used under CPU static policy. (#99225, @xh4n3) ([#99613](https://github.com/kubernetes/kubernetes/pull/99613), [@xh4n3](https://github.com/xh4n3)) [SIG Network] -- Fixed a bug that on k8s nodes, when the policy of INPUT chain in filter table is not ACCEPT, healthcheck nodeport would not work. - Added iptables rules to allow healthcheck nodeport traffic. ([#97824](https://github.com/kubernetes/kubernetes/pull/97824), [@hanlins](https://github.com/hanlins)) [SIG Network] -- Fixed a bug that the kubelet cannot start on BtrfS. ([#98042](https://github.com/kubernetes/kubernetes/pull/98042), [@gjkim42](https://github.com/gjkim42)) [SIG Node] -- Fixed a race condition on API server startup ensuring previously created webhook configurations are effective before the first write request is admitted. ([#95783](https://github.com/kubernetes/kubernetes/pull/95783), [@roycaihw](https://github.com/roycaihw)) [SIG API Machinery] -- Fixed an issue with garbage collection failing to clean up namespaced children of an object also referenced incorrectly by cluster-scoped children ([#98068](https://github.com/kubernetes/kubernetes/pull/98068), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Apps] -- Fixed authentication_duration_seconds metric scope. Previously, it included whole apiserver request duration which yields inaccurate results. ([#99944](https://github.com/kubernetes/kubernetes/pull/99944), [@marseel](https://github.com/marseel)) -- Fixed bug in CPUManager with race on container map access ([#97427](https://github.com/kubernetes/kubernetes/pull/97427), [@klueska](https://github.com/klueska)) [SIG Node] -- Fixed bug that caused cAdvisor to incorrectly detect single-socket multi-NUMA topology. ([#99315](https://github.com/kubernetes/kubernetes/pull/99315), [@iwankgb](https://github.com/iwankgb)) [SIG Node] -- Fixed cleanup of block devices when /var/lib/kubelet is a symlink. ([#96889](https://github.com/kubernetes/kubernetes/pull/96889), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Fixed no effect namespace when exposing deployment with --dry-run=client. ([#97492](https://github.com/kubernetes/kubernetes/pull/97492), [@masap](https://github.com/masap)) [SIG CLI] -- Fixed provisioning of Cinder volumes migrated to CSI when StorageClass with AllowedTopologies was used. ([#98311](https://github.com/kubernetes/kubernetes/pull/98311), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Fixes a bug of identifying the correct containerd process. ([#97888](https://github.com/kubernetes/kubernetes/pull/97888), [@pacoxu](https://github.com/pacoxu)) -- Fixes add-on manager leader election to use leases instead of endpoints, similar to what kube-controller-manager does in 1.20 ([#98968](https://github.com/kubernetes/kubernetes/pull/98968), [@liggitt](https://github.com/liggitt)) -- Fixes connection errors when using `--volume-host-cidr-denylist` or `--volume-host-allow-local-loopback` ([#98436](https://github.com/kubernetes/kubernetes/pull/98436), [@liggitt](https://github.com/liggitt)) [SIG Network and Storage] -- Fixes problem where invalid selector on `PodDisruptionBudget` leads to a nil pointer dereference that causes the Controller manager to crash loop. ([#98750](https://github.com/kubernetes/kubernetes/pull/98750), [@mortent](https://github.com/mortent)) -- Fixes spurious errors about IPv6 in `kube-proxy` logs on nodes with IPv6 disabled. ([#99127](https://github.com/kubernetes/kubernetes/pull/99127), [@danwinship](https://github.com/danwinship)) -- Fixing a bug where a failed node may not have the NoExecute taint set correctly ([#96876](https://github.com/kubernetes/kubernetes/pull/96876), [@howieyuen](https://github.com/howieyuen)) [SIG Apps and Node] -- GCE Internal LoadBalancer sync loop will now release the ILB IP address upon sync failure. An error in ILB forwarding rule creation will no longer leak IP addresses. ([#97740](https://github.com/kubernetes/kubernetes/pull/97740), [@prameshj](https://github.com/prameshj)) [SIG Cloud Provider and Network] -- Ignore update pod with no new images in alwaysPullImages admission controller ([#96668](https://github.com/kubernetes/kubernetes/pull/96668), [@pacoxu](https://github.com/pacoxu)) [SIG Apps, Auth and Node] -- Improve speed of vSphere PV provisioning and reduce number of API calls ([#100054](https://github.com/kubernetes/kubernetes/pull/100054), [@gnufied](https://github.com/gnufied)) [SIG Cloud Provider and Storage] -- KUBECTL_EXTERNAL_DIFF now accepts equal sign for additional parameters. ([#98158](https://github.com/kubernetes/kubernetes/pull/98158), [@dougsland](https://github.com/dougsland)) [SIG CLI] -- Kube-apiserver: an update of a pod with a generic ephemeral volume dropped that volume if the feature had been disabled since creating the pod with such a volume ([#99446](https://github.com/kubernetes/kubernetes/pull/99446), [@pohly](https://github.com/pohly)) [SIG Apps, Node and Storage] -- Kube-proxy: remove deprecated --cleanup-ipvs flag of kube-proxy, and make --cleanup flag always to flush IPVS ([#97336](https://github.com/kubernetes/kubernetes/pull/97336), [@maaoBit](https://github.com/maaoBit)) [SIG Network] -- Kubeadm installs etcd v3.4.13 when creating cluster v1.19 ([#97244](https://github.com/kubernetes/kubernetes/pull/97244), [@pacoxu](https://github.com/pacoxu)) -- Kubeadm: Fixes a kubeadm upgrade bug that could cause a custom CoreDNS configuration to be replaced with the default. ([#97016](https://github.com/kubernetes/kubernetes/pull/97016), [@rajansandeep](https://github.com/rajansandeep)) [SIG Cluster Lifecycle] -- Kubeadm: Some text in the `kubeadm upgrade plan` output has changed. If you have scripts or other automation that parses this output, please review these changes and update your scripts to account for the new output. ([#98728](https://github.com/kubernetes/kubernetes/pull/98728), [@stmcginnis](https://github.com/stmcginnis)) [SIG Cluster Lifecycle] -- Kubeadm: fix a bug in the host memory detection code on 32bit Linux platforms ([#97403](https://github.com/kubernetes/kubernetes/pull/97403), [@abelbarrera15](https://github.com/abelbarrera15)) [SIG Cluster Lifecycle] -- Kubeadm: fix a bug where "kubeadm join" would not properly handle missing names for existing etcd members. ([#97372](https://github.com/kubernetes/kubernetes/pull/97372), [@ihgann](https://github.com/ihgann)) [SIG Cluster Lifecycle] -- Kubeadm: fix a bug where "kubeadm upgrade" commands can fail if CoreDNS v1.8.0 is installed. ([#97919](https://github.com/kubernetes/kubernetes/pull/97919), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: fix a bug where external credentials in an existing admin.conf prevented the CA certificate to be written in the cluster-info ConfigMap. ([#98882](https://github.com/kubernetes/kubernetes/pull/98882), [@kvaps](https://github.com/kvaps)) [SIG Cluster Lifecycle] -- Kubeadm: get k8s CI version markers from k8s infra bucket ([#98836](https://github.com/kubernetes/kubernetes/pull/98836), [@hasheddan](https://github.com/hasheddan)) [SIG Cluster Lifecycle and Release] -- Kubeadm: skip validating pod subnet against node-cidr-mask when allocate-node-cidrs is set to be false ([#98984](https://github.com/kubernetes/kubernetes/pull/98984), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Kubectl logs: `--ignore-errors` is now honored by all containers, maintaining consistency with parallelConsumeRequest behavior. ([#97686](https://github.com/kubernetes/kubernetes/pull/97686), [@wzshiming](https://github.com/wzshiming)) -- Kubectl-convert: Fix `no kind "Ingress" is registered for version` error ([#97754](https://github.com/kubernetes/kubernetes/pull/97754), [@wzshiming](https://github.com/wzshiming)) -- Kubectl: Fixed panic when describing an ingress backend without an API Group ([#100505](https://github.com/kubernetes/kubernetes/pull/100505), [@lauchokyip](https://github.com/lauchokyip)) [SIG CLI] -- Kubelet now cleans up orphaned volume directories automatically ([#95301](https://github.com/kubernetes/kubernetes/pull/95301), [@lorenz](https://github.com/lorenz)) [SIG Node and Storage] -- Kubelet.exe on Windows now checks that the process running as administrator and the executing user account is listed in the built-in administrators group. This is the equivalent to checking the process is running as uid 0. ([#96616](https://github.com/kubernetes/kubernetes/pull/96616), [@perithompson](https://github.com/perithompson)) [SIG Node and Windows] -- Kubelet: Fix kubelet from panic after getting the wrong signal ([#98200](https://github.com/kubernetes/kubernetes/pull/98200), [@wzshiming](https://github.com/wzshiming)) [SIG Node] -- Kubelet: Fix repeatedly acquiring the inhibit lock ([#98088](https://github.com/kubernetes/kubernetes/pull/98088), [@wzshiming](https://github.com/wzshiming)) [SIG Node] -- Kubelet: Fixed the bug of getting the number of cpu when the number of cpu logical processors is more than 64 in windows ([#97378](https://github.com/kubernetes/kubernetes/pull/97378), [@hwdef](https://github.com/hwdef)) [SIG Node and Windows] -- Limits lease to have 1000 maximum attached objects. ([#98257](https://github.com/kubernetes/kubernetes/pull/98257), [@lingsamuel](https://github.com/lingsamuel)) -- Mitigate CVE-2020-8555 for kube-up using GCE by preventing local loopback folume hosts. ([#97934](https://github.com/kubernetes/kubernetes/pull/97934), [@mattcary](https://github.com/mattcary)) [SIG Cloud Provider and Storage] -- On single-stack configured (IPv4 or IPv6, but not both) clusters, Services which are both headless (no clusterIP) and selectorless (empty or undefined selector) will report `ipFamilyPolicy RequireDualStack` and will have entries in `ipFamilies[]` for both IPv4 and IPv6. This is a change from alpha, but does not have any impact on the manually-specified Endpoints and EndpointSlices for the Service. ([#99555](https://github.com/kubernetes/kubernetes/pull/99555), [@thockin](https://github.com/thockin)) [SIG Apps and Network] -- Performance regression #97685 has been fixed. ([#97860](https://github.com/kubernetes/kubernetes/pull/97860), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery] -- Pod Log stats for windows now reports metrics ([#99221](https://github.com/kubernetes/kubernetes/pull/99221), [@jsturtevant](https://github.com/jsturtevant)) [SIG Node, Storage, Testing and Windows] -- Pod status updates faster when reacting on probe results. The first readiness probe will be called faster when startup probes succeeded, which will make Pod status as ready faster. ([#98376](https://github.com/kubernetes/kubernetes/pull/98376), [@matthyx](https://github.com/matthyx)) -- Readjust `kubelet_containers_per_pod_count` buckets to only show metrics greater than 1. ([#98169](https://github.com/kubernetes/kubernetes/pull/98169), [@wawa0210](https://github.com/wawa0210)) -- Remove CSI topology from migrated in-tree gcepd volume. ([#97823](https://github.com/kubernetes/kubernetes/pull/97823), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Cloud Provider and Storage] -- Requests with invalid timeout parameters in the request URL now appear in the audit log correctly. ([#96901](https://github.com/kubernetes/kubernetes/pull/96901), [@tkashem](https://github.com/tkashem)) [SIG API Machinery and Testing] -- Resolve a "concurrent map read and map write" crashing error in the kubelet ([#95111](https://github.com/kubernetes/kubernetes/pull/95111), [@choury](https://github.com/choury)) [SIG Node] -- Resolves spurious `Failed to list *v1.Secret` or `Failed to list *v1.ConfigMap` messages in kubelet logs. ([#99538](https://github.com/kubernetes/kubernetes/pull/99538), [@liggitt](https://github.com/liggitt)) [SIG Auth and Node] -- ResourceQuota of an entity now inclusively calculate Pod overhead ([#99600](https://github.com/kubernetes/kubernetes/pull/99600), [@gjkim42](https://github.com/gjkim42)) -- Return zero time (midnight on Jan. 1, 1970) instead of negative number when reporting startedAt and finishedAt of the not started or a running Pod when using `dockershim` as a runtime. ([#99585](https://github.com/kubernetes/kubernetes/pull/99585), [@Iceber](https://github.com/Iceber)) -- Reverts breaking change to inline AzureFile volumes; referenced secrets are now searched for in the same namespace as the pod as in previous releases. ([#100563](https://github.com/kubernetes/kubernetes/pull/100563), [@msau42](https://github.com/msau42)) -- Scores from InterPodAffinity have stronger differentiation. ([#98096](https://github.com/kubernetes/kubernetes/pull/98096), [@leileiwan](https://github.com/leileiwan)) [SIG Scheduling] -- Specifying the KUBE_TEST_REPO environment variable when e2e tests are executed will instruct the test infrastructure to load that image from a location within the specified repo, using a predefined pattern. ([#93510](https://github.com/kubernetes/kubernetes/pull/93510), [@smarterclayton](https://github.com/smarterclayton)) [SIG Testing] -- Static pods will be deleted gracefully. ([#98103](https://github.com/kubernetes/kubernetes/pull/98103), [@gjkim42](https://github.com/gjkim42)) [SIG Node] -- Sync node status during kubelet node shutdown. - Adds an pod admission handler that rejects new pods when the node is in progress of shutting down. ([#98005](https://github.com/kubernetes/kubernetes/pull/98005), [@wzshiming](https://github.com/wzshiming)) [SIG Node] -- The calculation of pod UIDs for static pods has changed to ensure each static pod gets a unique value - this will cause all static pod containers to be recreated/restarted if an in-place kubelet upgrade from 1.20 to 1.21 is performed. Note that draining pods before upgrading the kubelet across minor versions is the supported upgrade path. ([#87461](https://github.com/kubernetes/kubernetes/pull/87461), [@bboreham](https://github.com/bboreham)) [SIG Node] -- The maximum number of ports allowed in EndpointSlices has been increased from 100 to 20,000 ([#99795](https://github.com/kubernetes/kubernetes/pull/99795), [@robscott](https://github.com/robscott)) [SIG Network] -- Truncates a message if it hits the `NoteLengthLimit` when the scheduler records an event for the pod that indicates the pod has failed to schedule. ([#98715](https://github.com/kubernetes/kubernetes/pull/98715), [@carlory](https://github.com/carlory)) -- Updated k8s.gcr.io/ingress-gce-404-server-with-metrics-amd64 to a version that serves /metrics endpoint on a non-default port. ([#97621](https://github.com/kubernetes/kubernetes/pull/97621), [@vbannai](https://github.com/vbannai)) [SIG Cloud Provider] -- Updates the commands ` - - kubectl kustomize {arg} - - kubectl apply -k {arg} - `to use same code as kustomize CLI [v4.0.5](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.0.5) ([#98946](https://github.com/kubernetes/kubernetes/pull/98946), [@monopole](https://github.com/monopole)) -- Use force unmount for NFS volumes if regular mount fails after 1 minute timeout ([#96844](https://github.com/kubernetes/kubernetes/pull/96844), [@gnufied](https://github.com/gnufied)) [SIG Storage] -- Use network.Interface.VirtualMachine.ID to get the binded VM - Skip standalone VM when reconciling LoadBalancer ([#97635](https://github.com/kubernetes/kubernetes/pull/97635), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Using exec auth plugins with kubectl no longer results in warnings about constructing many client instances from the same exec auth config. ([#97857](https://github.com/kubernetes/kubernetes/pull/97857), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Auth] -- When a CNI plugin returns dual-stack pod IPs, kubelet will now try to respect the - "primary IP family" of the cluster by picking a primary pod IP of the same family - as the (primary) node IP, rather than assuming that the CNI plugin returned the IPs - in the order the administrator wanted (since some CNI plugins don't allow - configuring this). ([#97979](https://github.com/kubernetes/kubernetes/pull/97979), [@danwinship](https://github.com/danwinship)) [SIG Network and Node] -- When dynamically provisioning Azure File volumes for a premium account, the requested size will be set to 100GB if the request is initially lower than this value to accommodate Azure File requirements. ([#99122](https://github.com/kubernetes/kubernetes/pull/99122), [@huffmanca](https://github.com/huffmanca)) [SIG Cloud Provider and Storage] -- When using `Containerd` on Windows, the `C:\Windows\System32\drivers\etc\hosts` file will now be managed by kubelet. ([#83730](https://github.com/kubernetes/kubernetes/pull/83730), [@claudiubelu](https://github.com/claudiubelu)) -- `VolumeBindingArgs` now allow `BindTimeoutSeconds` to be set as zero, while the value zero indicates no waiting for the checking of volume binding operation. ([#99835](https://github.com/kubernetes/kubernetes/pull/99835), [@chendave](https://github.com/chendave)) [SIG Scheduling and Storage] -- `kubectl exec` and `kubectl attach` now honor the `--quiet` flag which suppresses output from the local binary that could be confused by a script with the remote command output (all non-failure output is hidden). In addition, print inline with exec and attach the list of alternate containers when we default to the first spec.container. ([#99004](https://github.com/kubernetes/kubernetes/pull/99004), [@smarterclayton](https://github.com/smarterclayton)) [SIG CLI] - - - - -#### Other (Cleanup or Flake) -- Kube-apiserver: sets an upper-bound on the lifetime of idle keep-alive connections and time to read the headers of incoming requests ([#103958](https://github.com/kubernetes/kubernetes/pull/103958), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Node] -- Client-go: reduce verbosity of "Starting/Stopping reflector" messages to 3 again ([#102788](https://github.com/kubernetes/kubernetes/pull/102788), [@pohly](https://github.com/pohly)) [SIG API Machinery] -- Update the Debian images to pick up CVE fixes in the base images: - - Update the `debian-base` image to v1.7.0 - - Update the `debian-iptables` image to v1.6.1 ([#102340](https://github.com/kubernetes/kubernetes/pull/102340), [@cpanato](https://github.com/cpanato)) [SIG API Machinery and Testing] -- APIs for kubelet annotations and labels from `k8s.io/kubernetes/pkg/kubelet/apis` are now moved under `k8s.io/kubelet/pkg/apis/` ([#98931](https://github.com/kubernetes/kubernetes/pull/98931), [@michaelbeaumont](https://github.com/michaelbeaumont)) -- Apiserver_request_duration_seconds is promoted to stable status. ([#99925](https://github.com/kubernetes/kubernetes/pull/99925), [@logicalhan](https://github.com/logicalhan)) [SIG API Machinery, Instrumentation and Testing] -- Bump github.com/Azure/go-autorest/autorest to v0.11.12 ([#97033](https://github.com/kubernetes/kubernetes/pull/97033), [@patrickshan](https://github.com/patrickshan)) [SIG API Machinery, CLI, Cloud Provider and Cluster Lifecycle] -- Clients required to use go1.15.8+ or go1.16+ if kube-apiserver has the goaway feature enabled to avoid unexpected data race condition. ([#98809](https://github.com/kubernetes/kubernetes/pull/98809), [@answer1991](https://github.com/answer1991)) -- Delete deprecated `service.beta.kubernetes.io/azure-load-balancer-mixed-protocols` mixed procotol annotation in favor of the MixedProtocolLBService feature ([#97096](https://github.com/kubernetes/kubernetes/pull/97096), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- EndpointSlice generation is now incremented when labels change. ([#99750](https://github.com/kubernetes/kubernetes/pull/99750), [@robscott](https://github.com/robscott)) [SIG Network] -- Featuregate AllowInsecureBackendProxy graduates to GA and unconditionally enabled. ([#99658](https://github.com/kubernetes/kubernetes/pull/99658), [@deads2k](https://github.com/deads2k)) -- Increase timeout for pod lifecycle test to reach pod status=ready ([#96691](https://github.com/kubernetes/kubernetes/pull/96691), [@hh](https://github.com/hh)) -- Increased `CSINodeIDMaxLength` from 128 bytes to 192 bytes. ([#98753](https://github.com/kubernetes/kubernetes/pull/98753), [@Jiawei0227](https://github.com/Jiawei0227)) -- Kube-apiserver: The OIDC authenticator no longer waits 10 seconds before attempting to fetch the metadata required to verify tokens. ([#97693](https://github.com/kubernetes/kubernetes/pull/97693), [@enj](https://github.com/enj)) [SIG API Machinery and Auth] -- Kube-proxy: Traffic from the cluster directed to ExternalIPs is always sent directly to the Service. ([#96296](https://github.com/kubernetes/kubernetes/pull/96296), [@aojea](https://github.com/aojea)) [SIG Network and Testing] -- Kubeadm: change the default image repository for CI images from 'gcr.io/kubernetes-ci-images' to 'gcr.io/k8s-staging-ci-images' ([#97087](https://github.com/kubernetes/kubernetes/pull/97087), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Kubectl: The deprecated `kubectl alpha debug` command is removed. Use `kubectl debug` instead. ([#98111](https://github.com/kubernetes/kubernetes/pull/98111), [@pandaamanda](https://github.com/pandaamanda)) [SIG CLI] -- Kubelet command line flags related to dockershim are now showing deprecation message as they will be removed along with dockershim in future release. ([#98730](https://github.com/kubernetes/kubernetes/pull/98730), [@dims](https://github.com/dims)) -- Official support to build kubernetes with docker-machine / remote docker is removed. This change does not affect building kubernetes with docker locally. ([#97618](https://github.com/kubernetes/kubernetes/pull/97618), [@jherrera123](https://github.com/jherrera123)) [SIG Release and Testing] -- Process start time on Windows now uses current process information ([#97491](https://github.com/kubernetes/kubernetes/pull/97491), [@jsturtevant](https://github.com/jsturtevant)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Windows] -- Resolves flakes in the Ingress conformance tests due to conflicts with controllers updating the Ingress object ([#98430](https://github.com/kubernetes/kubernetes/pull/98430), [@liggitt](https://github.com/liggitt)) [SIG Network and Testing] -- The `AttachVolumeLimit` feature gate (GA since v1.17) has been removed and now unconditionally enabled. ([#96539](https://github.com/kubernetes/kubernetes/pull/96539), [@ialidzhikov](https://github.com/ialidzhikov)) -- The `CSINodeInfo` feature gate that is GA since v1.17 is unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#96561](https://github.com/kubernetes/kubernetes/pull/96561), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Apps, Auth, Scheduling, Storage and Testing] -- The `apiserver_request_total` metric is promoted to stable status and no longer has a content-type dimensions, so any alerts/charts which presume the existence of this will fail. This is however, unlikely to be the case since it was effectively an unbounded dimension in the first place. ([#99788](https://github.com/kubernetes/kubernetes/pull/99788), [@logicalhan](https://github.com/logicalhan)) -- The default delegating authorization options now allow unauthenticated access to healthz, readyz, and livez. A system:masters user connecting to an authz delegator will not perform an authz check. ([#98325](https://github.com/kubernetes/kubernetes/pull/98325), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Auth, Cloud Provider and Scheduling] -- The deprecated feature gates `CSIDriverRegistry`, `BlockVolume` and `CSIBlockVolume` are now unconditionally enabled and can no longer be specified in component invocations. ([#98021](https://github.com/kubernetes/kubernetes/pull/98021), [@gavinfish](https://github.com/gavinfish)) [SIG Storage] -- The deprecated feature gates `RotateKubeletClientCertificate`, `AttachVolumeLimit`, `VolumePVCDataSource` and `EvenPodsSpread` are now unconditionally enabled and can no longer be specified in component invocations. ([#97306](https://github.com/kubernetes/kubernetes/pull/97306), [@gavinfish](https://github.com/gavinfish)) [SIG Node, Scheduling and Storage] -- The e2e suite can be instructed not to wait for pods in kube-system to be ready or for all nodes to be ready by passing `--allowed-not-ready-nodes=-1` when invoking the e2e.test program. This allows callers to run subsets of the e2e suite in scenarios other than perfectly healthy clusters. ([#98781](https://github.com/kubernetes/kubernetes/pull/98781), [@smarterclayton](https://github.com/smarterclayton)) [SIG Testing] -- The feature gates `WindowsGMSA` and `WindowsRunAsUserName` that are GA since v1.18 are now removed. ([#96531](https://github.com/kubernetes/kubernetes/pull/96531), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Node and Windows] -- The new `-gce-zones` flag on the `e2e.test` binary instructs tests that check for information about how the cluster interacts with the cloud to limit their queries to the provided zone list. If not specified, the current behavior of asking the cloud provider for all available zones in multi zone clusters is preserved. ([#98787](https://github.com/kubernetes/kubernetes/pull/98787), [@smarterclayton](https://github.com/smarterclayton)) [SIG API Machinery, Cluster Lifecycle and Testing] -- Update cri-tools to [v1.20.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.20.0) ([#97967](https://github.com/kubernetes/kubernetes/pull/97967), [@rajibmitra](https://github.com/rajibmitra)) [SIG Cloud Provider] -- Windows nodes on GCE will take longer to start due to dependencies installed at node creation time. ([#98284](https://github.com/kubernetes/kubernetes/pull/98284), [@pjh](https://github.com/pjh)) [SIG Cloud Provider] -- `apiserver_storage_objects` (a newer version of `etcd_object_counts`) is promoted and marked as stable. ([#100082](https://github.com/kubernetes/kubernetes/pull/100082), [@logicalhan](https://github.com/logicalhan)) - - - -### app-operator [5.2.0](https://github.com/giantswarm/app-operator/releases/tag/v5.2.0) - -#### Changed -- Reject App CRs with version labels with the legacy `1.0.0` value. -- Validate `.spec.catalog` using Catalog CRs instead of AppCatalog CRs. - -#### Fixed -- Fix creating `AppCatalog` CRs in appcatalogsync resource. - - - -### aws-cni [1.9.0](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.9.0) - -* Enhancement - [EC2 sdk model override](https://github.com/aws/amazon-vpc-cni-k8s/pull/1508) (#1508, [@jayanthvn](https://github.com/jayanthvn)) -* Enhancement - [Prefix Delegation feature support](https://github.com/aws/amazon-vpc-cni-k8s/pull/1516) (#1516, [@jayanthvn](https://github.com/jayanthvn)) -* Enhancement - [Header formatting for env variable](https://github.com/aws/amazon-vpc-cni-k8s/pull/1522) (#1522, [@jayanthvn](https://github.com/jayanthvn)) -* Enhancement - [non-nitro instances init issues](https://github.com/aws/amazon-vpc-cni-k8s/pull/1527) (#1527, [@jayanthvn](https://github.com/jayanthvn)) -* Enhancement - [Add metrics for total prefix count and ips used per cidr](https://github.com/aws/amazon-vpc-cni-k8s/pull/1530) (#1530, [@jayanthvn](https://github.com/jayanthvn)) -* Enhancement - [Update documentation for PD](https://github.com/aws/amazon-vpc-cni-k8s/pull/1540) (#1540, [@jayanthvn](https://github.com/jayanthvn)) -* Enhancement - [Update SDK Go version](https://github.com/aws/amazon-vpc-cni-k8s/pull/1544) (#1544, [@jayanthvn](https://github.com/jayanthvn)) - - - -### cluster-operator [3.10.0](https://github.com/giantswarm/cluster-operator/releases/tag/v3.10.0) - -#### Changed -- Introducing `v1alpha3` CR's. - - - -### external-dns [2.5.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.5.0) - -#### Changed -- Upgrade upstream external-dns from v0.8.0 to [v0.9.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.9.0). The new release brings a lot of smaller improvements and bug fixes. - - - -### cert-exporter [1.8.0](https://github.com/giantswarm/cert-exporter/releases/tag/v1.8.0) - -#### Added -- Add new `cert_exporter_certificate_cr_not_after` metric. This metric exports the `status.notAfter` field of cert-manager `Certificate` CR. -#### Changed -- Remove static certificate source label from `cert_exporter_secret_not_after` (static value `secret`) and `cert_exporter_not_after` (static value `file`) metrics. - - - -### cert-manager [2.11.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.11.0) - -#### Changed -- Upgrade to upstream `v1.5.4` ([#191](https://github.com/giantswarm/cert-manager-app/pull/191)). -- Add metadata to enable metrics scraping ([#181](https://github.com/giantswarm/cert-manager-app/pull/181)). -- Fix startubjob PSP ([#191](https://github.com/giantswarm/cert-manager-app/pull/191)) -- Upgrade to upstream `v1.5.3` ([#184](https://github.com/giantswarm/cert-manager-app/pull/184)). This is the first version compatible with Kubernetes 1.22. -- Add metadata to enable metrics scraping ([#181](https://github.com/giantswarm/cert-manager-app/pull/181)). -- Update to upstream `v1.4.2` ([#174](https://github.com/giantswarm/cert-manager-app/pull/174)). This deprecates `v1alpha2`, `v1alpha3` and `v1beta1` versions of `cert-manager.io` and `acme.cert-manager.io` CRDs. Further information can be found in the [upstream release notes](https://cert-manager.io/docs/release-notes/release-notes-1.4/) of cert-manager. -- Increase resource requests for the ClusterIssuer and CRD installation Jobs ([#174](https://github.com/giantswarm/cert-manager-app/pull/174)) to prevent timeouts. - - - -### chart-operator [2.19.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.19.0) - -#### Removed -- Remove `tillermigration` resource now Helm 3 migration is complete. - -#### Changed -- Increase memory limit for deploying large charts in workload clusters. - - - -### cluster-autoscaler [1.21.0-gs2](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.21.0-gs2) - -#### Changed -- Fix RBAC for cluster autoscaler 1.21. -- Updated cluster-autoscaler to version `1.21.0`. -- Use new node selector `node-role.kubernetes.io/master` in place of deprecated one `kubernetes.io/role`. -- Prepare helm values to configuration management. -- Update architect-orb to v4.0.0. - -#### Added -- Add `VerticalPodAutoscaler` resource to adjust limits automatically. - - - -### external-dns [2.5.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.5.0) - -### Changed -- Upgrade upstream external-dns from v0.8.0 to [v0.9.0](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.9.0). The new release brings a lot of smaller improvements and bug fixes. - - - -### kube-state-metrics [1.4.0](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.4.0) - -#### Changed -- Migrate to configuration management. -- Update `architect-orb` to v4.0.0. - - - -### metrics-server [1.5.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v1.5.0) - -#### Changed -- Bumped API version for `RoleBinding` to `v1` as it was using a deprecated version (removed in 1.22). - - - -### net-exporter [1.10.3](https://github.com/giantswarm/net-exporter/releases/tag/v1.10.3) - -#### Changed -- Prepare helm values to configuration management. -- Update architect-orb to v4.0.0. - - - -### node-exporter [1.8.0](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.8.0) - -#### Changed -- Migrate to configuration management. -- Update `architect-orb` to v4.0.0. - - - -### aws-ebs-csi-driver [2.3.1](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.3.1) - -#### Fixed -- Enable permissions for ebs volume resizing by default. - -#### Changed -- Bump aws-ebs-csi-driver version to `v1.2.0` diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.0.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.0.1.md deleted file mode 100644 index a0e1eaba49..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.0.1.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.0.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.0.1 - version: 16.0.1 - version_tag: v16.0.1 -date: '2021-10-18T09:51:09' -description: Release notes for AWS workload cluster release v16.0.1, published on - 18 October 2021, 09:51. -title: Workload cluster release v16.0.1 for AWS ---- - -This release provides a fix for `cert-operator` to ensure `certConfig` is in the same org namespace as the `Cluster` resource. - -## Change details - - -### cert-operator [1.2.0](https://github.com/giantswarm/cert-operator/releases/tag/v1.2.0) - -#### Changed -- Introducing `v1alpha3` CR's. -#### Added -- Add check to ensure that the `Cluster` resource is in the same namespace as the `certConfig` before creating the secret there. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.1.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.1.0.md deleted file mode 100644 index ef300074c8..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.1.0.md +++ /dev/null @@ -1,191 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.1.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.1.0 - version: 16.1.0 - version_tag: v16.1.0 -date: '2021-12-02T08:00:00' -description: Release notes for AWS workload cluster release v16.1.0, published on - 02 December 2021, 08:00. -title: Workload cluster release v16.1.0 for AWS ---- - -This release provides stability improvements, bug fixes and security fixes for various components. It also adds AWS CNI prefix delegation support. - -**Highlights** -- Kubernetes 1.21.7 support; -- [AWS CNI prefix delegation](https://docs.giantswarm.io/ui-api/management-api/crd/awsclusters.infrastructure.giantswarm.io/#v1alpha2-alpha.cni.aws.giantswarm.io/prefix-delegation); -- AWS EBS CSI driver with volume snapshot support; -- Security fixes: - * 10 Linux CVEs; - * 1 containerd CVEs. - -## Change details - - -### aws-cni [1.9.3](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.9.3) - -* Improvement - [Update golang](https://github.com/aws/amazon-vpc-cni-k8s/pull/1665) (#1665, [@jayanthvn](https://github.com/jayanthvn)) -* Improvement - [Pod startup latency with Calico and EKS](https://github.com/aws/amazon-vpc-cni-k8s/pull/1629) (#1629, [@jayanthvn](https://github.com/jayanthvn)) -* Bug - [Make error count granular](https://github.com/aws/amazon-vpc-cni-k8s/pull/1651) (#1651, [@jayanthvn](https://github.com/jayanthvn)) -* Bug - [ServiceAccount should precede DaemonSet in yaml aws](https://github.com/aws/amazon-vpc-cni-k8s/pull/1637) (#1637, [@sramabad1](https://github.com/sramabad1)) -* Bug - [Fallback for get hypervisor type and eni ipv4 limits](https://github.com/aws/amazon-vpc-cni-k8s/pull/1616) (#1616, [@jayanthvn](https://github.com/jayanthvn)) -* Bug - [fix typo and regenerate limits file ](https://github.com/aws/amazon-vpc-cni-k8s/pull/1597) (#1597, [@jayanthvn](https://github.com/jayanthvn)) -* Testing - [Enable unit tests upon PR to release branch](https://github.com/aws/amazon-vpc-cni-k8s/pull/1684) (#1684, [@vikasmb](https://github.com/vikasmb)) -* Testing - [Upgrade EKS cluster version](https://github.com/aws/amazon-vpc-cni-k8s/pull/1680) (#1680, [@vikasmb](https://github.com/vikasmb)) -* Testing - [UTs for no_manage=false](https://github.com/aws/amazon-vpc-cni-k8s/pull/1612) (#1612, [@jayanthvn](https://github.com/jayanthvn)) -* Testing - [Run integration test on release branch](https://github.com/aws/amazon-vpc-cni-k8s/pull/1615) (#1615, [@vikasmb](https://github.com/vikasmb)) -* Enhancement - [Support DISABLE_NETWORK_RESOURCE_PROVISIONING](https://github.com/aws/amazon-vpc-cni-k8s/pull/1586) (#1586, [@jayanthvn](https://github.com/jayanthvn)) -* Enhancement - [Allow reconciler retry for InsufficientCIDR EC2 error](https://github.com/aws/amazon-vpc-cni-k8s/pull/1585) (#1585, [@jayanthvn](https://github.com/jayanthvn)) -* Enhancement - [Support for setting no_manage=false](https://github.com/aws/amazon-vpc-cni-k8s/pull/1607) (#1607, [@jayanthvn](https://github.com/jayanthvn)) -* Enhancement - [Support for m6i instances](https://github.com/aws/amazon-vpc-cni-k8s/pull/1601) (#1601, [@causton81](https://github.com/causton81)) - - - -### aws-ebs-csi-driver [2.7.1](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.7.1) - -#### Changed -- Bump aws-ebs-csi-driver version to v1.4.0. -- Pre-Hook for snapshot CRDs. -- Use deployment for external-snapshot-controller. -- Change VolumeSnapshotter CRDs storage version from v1beta1 to v1. - -#### Fixed -- Move CRD's to template. - -#### Added -- Add common labels to allow helm operating on CRD's. - - - -### aws-operator [10.10.1](https://github.com/giantswarm/aws-operator/releases/tag/v10.10.1) - -#### Added - -- Adding latest flatcar images. -- Introduce AWS CNI Prefix delegation. - -#### Changed - -- Use k8smetadata for annotations. - -#### Fixed - -- Setting `kubernetes.io/replace/internal-elb` tag on private subnet TCNP stack. - - - -### cluster-operator [3.11.0](https://github.com/giantswarm/cluster-operator/releases/tag/v3.11.0) - -#### Added -- Check if `kiam-watchdog` app has to be enabled. -- Add cluster CA to cluster values configmap for apps like dex that need to -verify it. - - - -### containerlinux [2905.2.6](https://www.flatcar-linux.org/releases/#release-2905.2.6) - -**Security fixes** - -* Linux - - [CVE-2021-3764](https://nvd.nist.gov/vuln/detail/CVE-2021-3764) - - [CVE-2021-3744](https://nvd.nist.gov/vuln/detail/CVE-2021-3744) - - [CVE-2021-38300](https://nvd.nist.gov/vuln/detail/CVE-2021-38300) - - [CVE-2021-20321](https://nvd.nist.gov/vuln/detail/CVE-2021-20321) - - [CVE-2021-41864](https://nvd.nist.gov/vuln/detail/CVE-2021-41864) - - [CVE-2021-41073](https://nvd.nist.gov/vuln/detail/CVE-2021-41073) - - [CVE-2020-16119](https://nvd.nist.gov/vuln/detail/CVE-2020-16119) - - [CVE-2021-3753](https://nvd.nist.gov/vuln/detail/CVE-2021-3753) - - [CVE-2021-3739](https://nvd.nist.gov/vuln/detail/CVE-2021-3739) - - [CVE-2021-40490](https://nvd.nist.gov/vuln/detail/CVE-2021-40490) -* containerd - - [CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103) - - -**Bux fixes** - -* The tcsd service for TPM 1 is not started on machines with TPM 2 anymore where it fails and isn’t necessary ([flatcar-linux/coreos-overlay#1364](https://github.com/flatcar-linux/coreos-overlay/pull/1364)) -* The Mellanox NIC Linux driver issue introduced in the previous release was fixed ([Flatcar#520](https://github.com/flatcar-linux/Flatcar/issues/520)) - - - -**Updates** - -Linux ([5.10.75](https://lwn.net/Articles/873465/)) -ca-certificates ([3.69.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_69_1.html#nss-3-69-1-release-notes)) -containerd ([1.5.7](https://github.com/containerd)) - - - -### kiam-watchdog [0.4.0](https://github.com/giantswarm/kiam-watchdog/releases/tag/v0.4.0) - -#### Added - -- Add node-selector and tolerations. - - - -### kube-state-metrics [1.5.1](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.5.1) - -#### Changed - -- Update architect-orb to v4.8.0 to stop pushing to app collection helm chart. -- Bumped to upstream version v2.2.4. - -#### Fixed - -- Fix permission to list and watch `leases.coordination.k8s.io`. - - - -### kubernetes [1.21.7](https://github.com/kubernetes/kubernetes/releases/tag/v1.21.7) - -#### API Change -- Kube-apiserver: Fixes handling of CRD schemas containing literal null values in enums (#104989, @liggitt) [SIG API Machinery, Apps and Network] - -#### Feature -- Kubernetes is now built with Golang 1.16.10 (#106224, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Update debian-base, debian-iptables, setcap images to pick up CVE fixes - - Debian-base to v1.9.0 - - Debian-iptables to v1.6.7 - - setcap to v2.0.4 (#106147, @cpanato) [SIG Release and Testing] -- Kubernetes is now built with Golang 1.16.9 (#105672, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing] - -#### Failing Test -- Fixes hostpath storage e2e tests within SELinux enabled env (#105787, @Elbehery) [SIG Testing] -- Backport: e2e.test now uses the secure port to retrieve metrics data to ensure compatibility with 1.21 and 1.22 (for upgrade tests) (#104328, @pohly) [SIG API Machinery, Instrumentation, Storage and Testing] - -#### Bug or Regression -- EndpointSlice Mirroring controller now cleans up managed EndpointSlices when a Service selector is added (#106135, @robscott) [SIG Apps, Network and Testing] -- Fix a bug that `--disabled-metrics` doesn't function well. (#106391, @Huang-Wei) [SIG API Machinery, Cluster Lifecycle and Instrumentation] -- Fix a panic in kubectl when creating secrets with an improper output type (#106354, @lauchokyip) [SIG CLI] -- Fix concurrent map access causing panics when logging timed-out API calls. (#106113, @marseel) [SIG API Machinery] -- Fixed very rare volume corruption when a pod is deleted while kubelet is offline. - Retry FibreChannel devices cleanup after error to ensure FC device is detached before it can be used on another node. (#102656, @jsafrane) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage] -- Support more than 100 disk mounts on Windows (#105673, @andyzhangx) [SIG Storage and Windows] -- Aggregate errors when putting vmss - fix: consolidate logs for instance not found error (#105365, @nilo19) [SIG Cloud Provider] -- Allow CSI drivers to just run offline expansion tests (#102740, @gnufied) [SIG Storage and Testing] -- Bump klog to v2.9.0, fixing log lines that render as byte arrays (#105407, @ehashman) [SIG Architecture, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage] -- Fix overriding logs files on reboot. (#105614, @rphillips) [SIG Node] -- Fix winkernel kube-proxy to only use dual stack when host and networking supports it (#101047, @jsturtevant) [SIG Network and Windows] -- Fix: ignore not a VMSS error for VMAS nodes in EnsureBackendPoolDeleted. (#105402, @ialidzhikov) [SIG Cloud Provider] -- Revert PR #102925 which introduced unexpected scheduling behavior based on balanced resource allocation (#105238, @damemi) [SIG Scheduling] -- Updates golang.org/x/text to v0.3.6 to fix CVE-2020-28852 (#102601, @jonesbr17) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] - -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -- k8s.io/kube-openapi: 591a79e → 3cc51fd -- k8s.io/utils: 67b214c → da69540 -- k8s.io/klog/v2: v2.8.0 → v2.9.0 -- golang.org/x/text: v0.3.4 → v0.3.6 -#### Removed -_Nothing has changed._ diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.1.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.1.1.md deleted file mode 100644 index 151c75d33a..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.1.1.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.1.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.1.1 - version: 16.1.1 - version_tag: v16.1.1 -date: '2022-02-21T08:27:28' -description: Release notes for AWS workload cluster release v16.1.1, published on - 21 February 2022, 08:27. -title: Workload cluster release v16.1.1 for AWS ---- - -This release provides a fix for `aws-ebs-csi-driver` to ensure all taints for `ebs-node` are tolerated as well as selecting the right node selector for all nodes. - -## Change details - - -### aws-ebs-csi-driver [2.8.1](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.8.1) - -#### Fixed -- Use node selector according to control-plane and nodepool labels. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.2.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.2.0.md deleted file mode 100644 index 90f721dbeb..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.2.0.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.2.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.2.0 - version: 16.2.0 - version_tag: v16.2.0 -date: '2021-12-09T10:14:45' -description: Release notes for AWS workload cluster release v16.2.0, published on - 09 December 2021, 10:14. -title: Workload cluster release v16.2.0 for AWS ---- - -This is a security release featuring the latest Flatcar Linux version as well as various updates to Giant Swarm applications. - -> **_Warning:_** The `flatcar` image included in this release enabled `cgroups v2` by default. Java applications can crash if they are using older JDK versions because they are unable to identify the memory limits from `cgroups v2`. This has been fixed on newer JDK versions. Please make sure that your applications are using the latest JDK 15, JDK 16 or JDK 17 before upgrading to this release. Upstream issue: https://bugs.openjdk.java.net/browse/JDK-8230305 . - -## Change details - - -### app-operator [5.3.1](https://github.com/giantswarm/app-operator/releases/tag/v5.3.1) - -#### Added -- Support for App CRs with a v prefixed version. This enables Flux to automatically update the version based on its image tag. - -#### Changed -- Use dynamic client instead of generated client for watching chart CRs. -- Validate `.spec.kubeConfig.secret.name` in validation resource. - - - -### containerlinux [2983.2.0](https://www.flatcar-linux.org/releases/#release-2983.2.0) - -Upgraded from version 2905.2.6. - -This upgrade provides the solution for a high number of security issues in the Linux Kernel, Containerd and Golang. -Please check details in the [upstream changelog page](https://www.flatcar-linux.org/releases/). - - - -### etcd [3.4.18](https://github.com/etcd-io/etcd/releases/tag/v3.4.18) - -Upgraded from version 3.4.16. - -Please check details in the [upstream changelog page](https://github.com/etcd-io/etcd/blob/main/CHANGELOG-3.4.md). - - - -### cert-exporter [2.0.0](https://github.com/giantswarm/cert-exporter/releases/tag/v2.0.0) - -#### Changed -- Export presence of `giantswarm.io/service-type: managed` label in cert-manager `Issuer` and `ClusterIssuer` CR referenced by `Certificate` CR `issuerRef` spec field to `cert_exporter_certificate_cr_not_after` metric as `managed_issuer` label. -- Add `--monitor-files` and `--monitor-secrets` flags. -- Add Deployment to helm chart to avoid exporting secrets and certificate metrics from DaemonSets. -- Build container image using retagged giantswarm alpine. -- Run as non-root inside container. - - -### aws-ebs-csi-driver [2.8.0](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.8.0) - -### Changed - -- Bump aws-ebs-csi-driver version to `v1.5.0`. -- Enable metrics. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.2.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.2.1.md deleted file mode 100644 index 2c02e5035d..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.2.1.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.2.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.2.1 - version: 16.2.1 - version_tag: v16.2.1 -date: '2021-12-21T16:16:03' -description: Release notes for AWS workload cluster release v16.2.1, published on - 21 December 2021, 16:16. -title: Workload cluster release v16.2.1 for AWS ---- - -This release downgrades Flatcar to version `2905.2.6` to restore version 1 of the kernel cgroups feature. -It also bumps to latest Kubernetes 1.21 patch release and to latest 1.21 cluster autoscaler. - -## Change details - -### containerlinux [2905.2.6](https://www.flatcar-linux.org/releases/#release-2905.2.6) - -Downgraded from 2983.2.0 to restore Cgroups v1. - -### kubernetes [1.21.8](https://github.com/kubernetes/kubernetes/releases/tag/v1.21.8) - -#### Feature -- Kubernetes is now built with Golang 1.16.11 ([#106839](https://github.com/kubernetes/kubernetes/pull/106839), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Kubernetes is now built with Golang 1.16.12 ([#106983](https://github.com/kubernetes/kubernetes/pull/106983), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63 ([#106961](https://github.com/kubernetes/kubernetes/pull/106961), [@cpanato](https://github.com/cpanato)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] -#### Bug or Regression -- Fix: skip instance not found when decoupling vmss from lb ([#105835](https://github.com/kubernetes/kubernetes/pull/105835), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fixed SELinux relabeling of CSI volumes after CSI driver failure. ([#106553](https://github.com/kubernetes/kubernetes/pull/106553), [@jsafrane](https://github.com/jsafrane)) [SIG Node and Storage] -- Kubeadm: allow the "certs check-expiration" command to not require the existence of the cluster CA key (ca.key file) when checking the expiration of managed certificates in kubeconfig files. ([#106929](https://github.com/kubernetes/kubernetes/pull/106929), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: during execution of the "check expiration" command, treat the etcd CA as external if there is a missing etcd CA key file (etcd/ca.key) and perform the proper validation on certificates signed by the etcd CA. Additionally, make sure that the CA for all entries in the output table is included - for both certificates on disk and in kubeconfig files. ([#106924](https://github.com/kubernetes/kubernetes/pull/106924), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- The scheduler's assumed pods have 2min instead of 30s to receive nodeName pod updates ([#106632](https://github.com/kubernetes/kubernetes/pull/106632), [@ahg-g](https://github.com/ahg-g)) [SIG Scheduling] -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -- golang.org/x/net: 3d97a24 → 491a49a -#### Removed -_Nothing has changed._ - - - -### cluster-autoscaler [1.21.2-gs1](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.21.2-gs1) - -### Changed - -- Upgraded to upstream version 1.21.2. - - -### cert-exporter [2.0.1](https://github.com/giantswarm/cert-exporter/releases/tag/v2.0.1) - -#### Changed -- Equalise labels in the helm chart. - - - -### external-dns [2.7.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.7.0) - -#### Changed -- Upgrade upstream external-dns from v0.9.0 to [v0.10.2](https://github.com/kubernetes-sigs/external-dns/releases/tag/v0.10.2). The new release brings a lot of smaller improvements and bug fixes. -- Remove support for Kubernetes <= 1.18. -#### Fixed -- Fix dry-run option. - - - -### cert-manager [2.12.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.12.0) - -#### Changed -- Upgrade to upstream image [`v1.6.1`](https://github.com/jetstack/cert-manager/releases/tag/v1.6.1) ([#204](https://github.com/giantswarm/cert-manager-app/pull/204)). This version stops serving cert-manager API versions `v1alpha2, v1alpha3, and v1beta1`. If you need to upgrade your resources, [this document](https://cert-manager.io/docs/installation/upgrading/remove-deprecated-apis/#upgrading-existing-cert-manager-resources) explains the process. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.3.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.3.0.md deleted file mode 100644 index 8f398dab0d..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.3.0.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.3.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.3.0 - version: 16.3.0 - version_tag: v16.3.0 -date: '2022-01-05T07:55:50' -description: Release notes for AWS workload cluster release v16.3.0, published on - 05 January 2022, 07:55. -title: Workload cluster release v16.3.0 for AWS ---- - -This version provides the latest releases of aws-cni, coredns, kiam and kube-state-metrics as well as the latest version -of many Giant Swarm apps. - -Among other things, with this release the `EBS Volume Snapshot` feature is fixed and the new `af-south-1` AWS region is supported. - -It keeps using the 2905.2.6 version of Flatcar Linux with cgroups v1. - -## Change details - - -### app-operator [5.4.0](https://github.com/giantswarm/app-operator/releases/tag/v5.4.0) - -#### Changed -- Update Helm to `v3.6.3`. -- Use controller-runtime client to remove CAPI dependency. -- Use `apptestctl` to install CRDs in integration tests to avoid hitting GitHub rate limits. -#### Removed -- Remove `releasemigration` resource now migration to Helm 3 is complete. - - - -### aws-cni [1.10.1](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.10.1) - -Upgraded from version 1.9.3. Please check [upstream changelog](https://github.com/aws/amazon-vpc-cni-k8s/releases) for details. - - -### cert-operator [1.3.0](https://github.com/giantswarm/cert-operator/releases/tag/v1.3.0) - -#### Changed -- Use `RenewSelf` instead of `LookupSelf` to prevent expiration of `Vault token`. - - - -### aws-operator [10.11.0](https://github.com/giantswarm/aws-operator/releases/tag/v10.11.0) - -#### Added -- Add AMI for `af-south-1` region. -- IAM permission for EBS snapshots. -#### Fixed -- Adjusted aws-cni manifests to support version 1.10.1. - - - -### chart-operator [2.20.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.20.0) - -#### Changed -- Update Helm to v3.6.3. -- Use controller-runtime client to remove CAPI dependency. -#### Removed -- Remove unused helm 2 release collector. - - - -### coredns [1.7.0](https://github.com/giantswarm/coredns-app/releases/tag/v1.7.0) - -#### Changed -- Update `coredns` to upstream version [1.8.6](https://coredns.io/2021/10/07/coredns-1.8.6-release/). - - - -### kiam [2.1.0](https://github.com/giantswarm/kiam-app/releases/tag/v2.1.0) - -#### Changed -- Upgrade `kiam` version to 4.2. -- Increase AWS session duration to `60m`. -- Increase AWS session refresh to `10m`. - - - -### kube-state-metrics [1.6.0](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.6.0) - -#### Changed -- Bumped to upstream version v2.3.0. - - - -### metrics-server [1.6.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v1.6.0) - -#### Changed -- Updated metrics-server version to 0.5.2. - - - -### node-exporter [1.9.0](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.9.0) - -#### Updated -- Updated node-exporter version to 1.3.1. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.3.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.3.1.md deleted file mode 100644 index b296926aec..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.3.1.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.3.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.3.1 - version: 16.3.1 - version_tag: v16.3.1 -date: '2022-01-19T10:23:42' -description: Release notes for AWS workload cluster release v16.3.1, published on - 19 January 2022, 10:23. -title: Workload cluster release v16.3.1 for AWS ---- - -This release correctly accounts for the recently added instance types in the calculation of max pods. - -## Change details - - -### aws-operator [10.12.0](https://github.com/giantswarm/aws-operator/releases/tag/v10.12.0) - -#### Changed -- Max pods setting per for new EC2 instances. -- Bump `etcd-cluster-migrator` version to `v1.1.0`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.4.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.4.0.md deleted file mode 100644 index d841387838..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.4.0.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.4.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.4.0 - version: 16.4.0 - version_tag: v16.4.0 -date: '2022-02-03T10:00:00' -description: Release notes for AWS workload cluster release v16.4.0, published on - 03 February 2022, 10:00. -title: Workload cluster release v16.4.0 for AWS ---- - -This release provides a new feature to automatically rotate the Kubernetes API key used to encrypt secret data in etcd. It also includes the latest version of Calico. - -**Highlights** -- Automation of the Kubernetes API key used to encrypt secret data in etcd; -- Calico `v3.21.3`; -- Fixed IAM policy to select ARNs of EBS snapshots for AWS China; -- `kiam-watchdog` now probes STS instead of Route53 by default. - -**How does the Kubernetes API key rotation work?** - -* The rotation is disabled by default and has to be enabled by setting the `encryption.giantswarm.io/enable-rotation` annotation on the `${CLUSTER-ID}-encryption-provider-config` secret; -* The key rotation happens if the key is at least 180 days old (counting from creation timestamp on `${CLUSTER-ID}-encryption-provider-config` secret or from last key rotation). It can also be forced by setting the `encryption.giantswarm.io/force-rotation` annotation to start the rotation process immediately; -* A new config is generated containing the new and old keys as soon as the process starts; -* The next step requires a roll of the control plane nodes (either manually or during an update); -* After the control plane nodes have been rolled and are using the new encryption configuration, the `encryption-provider-operator` will rewrite all secrets. This leads to the re-encryption of all secrets with the new key; -* The operator will remove the old encryption key after all the secrets are rewritten. - - -## Change details - - -### aws-ebs-csi-driver [2.8.1](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.8.1) - -#### Fixed -- Use node selector according to control-plane and nodepool labels. - - -### aws-operator [10.14.1](https://github.com/giantswarm/aws-operator/releases/tag/v10.14.1) - -#### Fixed -- Autoselect region ARN for ebs snapshots. - -#### Changed -- Changes to EncryptionConfig in order to fully work with `encryption=provider-operator`. - - -### cluster-operator [3.13.0](https://github.com/giantswarm/cluster-operator/releases/tag/v3.13.0) - -#### Changed -- Removed encryption key creation. Encryption keys will be managed by `encryption-provider-operator`. - - -### calico [3.21.3](https://github.com/projectcalico/calico/releases/tag/v3.21.3) - -#### BGP Improvements -For users of BGP you can now view the status of your BGP routers, including session status, RIB / FIB contents, and agent health via the new CalicoNodeStatus API. See the API documentation for more details. -In addition, you can control BGP advertisement of certain prefixes using the new disableBGPExport option on each IP pool, allowing greater control of your route sharing scheme. -Pull requests: -- Added Calico node status resource (CalicoNodeStatus) which represents a collection of status information for a node that Calico reports back to the user for use during troubleshooting. libcalico-go #1502 (@song-jiang) -- Report node BGP status from calico/node. node #1234 (@song-jiang) -- Add new syncer for BGP status API. typha #662 (@song-jiang) -- Don’t export BGP routes for IP pools that have disableBGPExport==true confd #647 (@coutinhop) -#### Service-based network policy improvements -In v3.20, we introduced egress policy rules that can match on Kubernetes services. In v3.21, we improved upon that in two ways. First, you can now use service matches in Calico NetworkPolicy and GlobalNetworkPolicy ingress rules. Second, you can now use service-based network policy rules on Windows nodes. -Pull requests: -- Policy ingress rules now support service selectors. felix #3024 (@mgleung) -- Windows data plane support for Service-based network policy rules felix #2917 (@caseydavenport) -- Allow services to be specified in the Source field of Ingress rules libcalico-go #1517 (@mgleung) -#### Option to run Calico as non-privileged and non-root -Calico can now optionally run in non-privileged and non-root mode, with some limitations. See the documentation for more information. -Pull requests: -- Change node and supporting binary permissions so that they can be run as a non-root user node #1224 (@mgleung) -- CNI plugin now sets route_localnet=1 for container interfaces cni-plugin #1168 (@mgleung) -- CNI plugins now have SUID bit set in order to run as non-root cni-plugin #1168 (@mgleung) -#### IPReservations API -You can use the new IPReservations API to reserve certain IP addresses so that they will not be used by Calico IPAM. This allows for fine-grained control of the IP space in your cluster. -Pull requests: -- Add support for IPReservations libcalico-go #1509 (@fasaxc) -#### Bug fixes -- Fix a serious regression introduced in v3.21.0 where the datastore watcher could get stuck and report stale information in clusters with >500 policies/pods/etc. The bug was triggered by needing to do a resync (for example after an etcd compaction) when there were enough resources to trigger the list pager. [calico #5332](https://github.com/projectcalico/calico/pull/5332) (@robbrockbank) -- Pass ExceptUpgradeService param to stop-calico.ps1 as well node #1372 (@lmm) -- Restrict Typha server to FIPS compliant cipher suites. typha #696 (@caseydavenport) -- Fix log spam from Calico upgrade service for Windows node #1343 (@song-jiang) -- Increase timeout for setting NetworkUnavailable on shutdown node #1341 (@caseydavenport) -- Fix potential panic and memory leak in kube-controllers caused by adding and subsequently deleting IPAM blocks kube-controllers #912 (@caseydavenport) -- IPAM GC correctly handles multiple IP addresses allocated with the same handle ID. kube-controllers #903 (@caseydavenport) -- Fix bug where invalid port structures were being sent to Felix, preventing pods with hostPorts specified from working. libcalico-go #1545 (@caseydavenport) -- Downgrade repetitive info level logging in calico/node autodetection code node #1237 (@caseydavenport) -- Updated ubi base images and CentOS repos to stop CVE false positives from being reported. node #1136 (@coutinhop) -- Fixed typo in umount command pod2daemon #64 (@ScheererJ) -- Fixes this bug which caused WireGuard stats to be collected even when WireGuard was disabled. Additionally, the version of the wgctrl dependency has been updated as the previous version caused thread leaks. felix #3057 (@mikestephen) -- Fix blackhole route table interface matches to handle empty interface regexes. felix #3007 (@robbrockbank) -- Fix slow performance when updating a Kubernetes namespace when there are many Pods (and in turn, slow startup performance when there are many namespaces). felix #2964 (@fasaxc) -- Close race condition that could result in an extra IPAM block being allocated to a node. libcalico-go #1488 (@caseydavenport) -- Fix that podIP annotation could be incorrectly clobbered for stateful set pods: https://github.com/projectcalico/calico/issues/4710 libcalico-go #1472 (@fasaxc) -- Fix removal of old CNI configuration on name-change cni-plugin #1153 (@caseydavenport) -- Readiness depends on all syncers typha #613 (@robbrockbank) -- Exclude RR nodes from BGP full mesh confd #619 (@coutinhop) -- Fixed a bug in ExternalTrafficPolicy=Local that lead to connection stalling. felix #3015 (@tomastigera) -- Fixed broken connections when client used the same port to connect to the same backed via a nodeport on different nodes. felix #2983 (@tomastigera) -- The eBPF mode implementation of DoNotTrack policy was incorrectly allowing an inbound connection through a HostEndpoint, when the HostEndpoint had DoNotTrack policy for the ingress direction but not for egress. For precise compatibility with Calico’s established DoNotTrack semantics, that connection should be disallowed, and now is. (Because of the lack of connection tracking, successful use of DoNotTrack policy to allow flows requires configuring the DoNotTrack policy symmetrically in both directions.) felix #2982 (@neiljerram) -#### Other changes -- Replace github.com/dgrijalva/jwt-go with active fork github.com/golang-jwt/jwt that resolves vulnerability flagged by scanners. libcalico-go #1554 (@lmm) -- calico/node logs write to /var/log/calico within the container by default, in addition to stdout node #1133 (@song-jiang) -- Read pod IP information from Amazon VPC CNI annotation, if present on the pod. libcalico-go #1523 (@caseydavenport) -- Update etcd client version to v3.5.0 libcalico-go #1495 (@Aceralon) -- Optimize lists and watches made against the Kubernetes API libcalico-go #1484 (@caseydavenport) -- WorkloadEndpoints now support hostPorts libcalico-go #1471 (@AloysAugustin) -- Include CNI plugin release v1.0.0 cni-plugin #1141 (@caseydavenport) -- Allow configuration of num_queues for Calico created veth interfaces cni-plugin #1116 (@arikachen) -- Typha now gives newly connected clients an extra grace period to catch up after sending the snapshot to reduce the possibility of cyclic disconnects. typha #614 (@fasaxc) -- Add calico-node upgrade service for upgrades on Windows node #1254 (@lmm) -- eBPF arm64/aarch64 node #1044 (@frozenprocess) -- BPF: Endpoints in EndpointsSlices that are not ready are excluded from NAT felix #3017 (@tomastigera) -- Calico’s eBPF dataplane now fully implements DoNotTrack policy felix #2910 (@neiljerram) -- Add HostPort support in the gRPC dataplane cni-plugin #1119 (@AloysAugustin) - -### external-dns [2.9.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.9.0) - -This release contains some changes to mitigate rate limiting on AWS clusters. Please take note of the defaults -for values `aws.batchChangeInterval`, `aws.zonesCacheDuration`, `externalDNS.interval` -and `externalDNS.minEventSyncInterval`. -If you already specify `--aws-batch-change-interval` or `--aws-zones-cache-duration`, please migrate to the new values `aws.batchChangeInterval` and `aws.zonesCacheDuration`. -#### Added -- Allow to set `--aws-batch-change-interval` through `aws.batchChangeInterval` value. Default `10s`. -- Allow to set `--aws-zones-cache-duration` through `aws.zonesCacheDuration` value. Default `3h`. -#### Changed -- Set default `externalDNS.interval` to `5m`. -- Set default `externalDNS.minEventSyncInterval` to `30s`. -- Allow setting Route53 credentials (`externalDNS.aws_access_key_id` and `externalDNS.aws_secret_access_key`) indepentent from `aws.access` value. -- Allow setting the AWS default region (`aws.region`) indepentent from `aws.access` value. -- Allow to omit the `--domain-filter` flag completely by setting `externalDNS.domainFilterList` to `null`. -- -### kiam-watchdog [0.5.1](https://github.com/giantswarm/kiam-watchdog/releases/tag/v0.5.1) - -### Added - -- Added --probe-mode flag to allow using either 'route53' or 'sts' to probe AWS API. 'sts' is the default. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.4.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.4.1.md deleted file mode 100644 index 9b9166c8b7..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.4.1.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.4.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.4.1 - version: 16.4.1 - version_tag: v16.4.1 -date: '2022-02-23T10:00:00' -description: Release notes for AWS workload cluster release v16.4.1, published on - 23 February 2022, 10:00. -title: Workload cluster release v16.4.1 for AWS ---- - -This release allows one replica of `coredns` to run on the control plane nodes for clusters without any node pools. - -## Change details - - -### kubernetes [1.21.9](https://github.com/kubernetes/kubernetes/releases/tag/v1.21.9) - -#### Feature -- Kube-apiserver: when merging lists, Server Side Apply now prefers the order of the submitted request instead of the existing persisted object ([#107569](https://github.com/kubernetes/kubernetes/pull/107569), [@jiahuif](https://github.com/jiahuif)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing] -#### Bug or Regression -- An inefficient lock in EndpointSlice controller metrics cache has been reworked. Network programming latency may be significantly reduced in certain scenarios, especially in clusters with a large number of Services. ([#107169](https://github.com/kubernetes/kubernetes/pull/107169), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- Client-go: fix that paged list calls with ResourceVersionMatch set would fail once paging kicked in. ([#107336](https://github.com/kubernetes/kubernetes/pull/107336), [@fasaxc](https://github.com/fasaxc)) [SIG API Machinery] -- Fix a panic when using invalid output format in kubectl create secret command ([#107345](https://github.com/kubernetes/kubernetes/pull/107345), [@rikatz](https://github.com/rikatz)) [SIG CLI] -- Fixes a rare race condition handling requests that timeout ([#107460](https://github.com/kubernetes/kubernetes/pull/107460), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Mount-utils: Detect potential stale file handle ([#107040](https://github.com/kubernetes/kubernetes/pull/107040), [@andyzhangx](https://github.com/andyzhangx)) [SIG Storage] -#### Other (Cleanup or Flake) -- Updates konnectivity-network-proxy to v0.0.27. This includes a memory leak fix for the network proxy ([#107188](https://github.com/kubernetes/kubernetes/pull/107188), [@rata](https://github.com/rata)) [SIG API Machinery and Cloud Provider] -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -- github.com/google/cadvisor: [v0.39.0 → v0.39.3](https://github.com/google/cadvisor/compare/v0.39.0...v0.39.3) -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.22 → v0.0.27 -- sigs.k8s.io/structured-merge-diff/v4: v4.1.2 → v4.2.1 -#### Removed -_Nothing has changed._ - - - -### coredns [1.8.0](https://github.com/giantswarm/coredns-app/releases/tag/v1.8.0) - -#### Changed -- Add deployment to run one replica of coredns in master nodes (for clusters with no node pools). diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.4.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.4.2.md deleted file mode 100644 index 78089e52e0..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.4.2.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.4.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.4.2 - version: 16.4.2 - version_tag: v16.4.2 -date: '2022-06-02T10:00:00' -description: Release notes for AWS workload cluster release v16.4.2, published on - 02 June 2022, 10:00. -title: Workload cluster release v16.4.2 for AWS ---- - -This release provides security hardening of app-operator to tighten RBAC permissions as well as honoring write contexts more accurately. - -## Change details - - -### app-operator [5.10.2](https://github.com/giantswarm/app-operator/releases/tag/v5.10.2) - -#### Fixed -- Add missing permissions for `apps/deployments`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.5.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.5.0.md deleted file mode 100644 index cf6aa63cfa..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.5.0.md +++ /dev/null @@ -1,117 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.5.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.5.0 - version: 16.5.0 - version_tag: v16.5.0 -date: '2022-07-05T08:53:31' -description: Release notes for AWS workload cluster release v16.5.0, published on - 05 July 2022, 08:53. -title: Workload cluster release v16.5.0 for AWS ---- - -This is a security release featuring the latest version of Kubernetes 1.21 (1.21.14) and all of Giant Swarm applications. - -## Change details - - -### cluster-operator [3.14.1](https://github.com/giantswarm/cluster-operator/releases/tag/v3.14.1) - -#### Changed -- Update `aws-pod-identity-webhook` app version. - - - -### app-operator [6.0.1](https://github.com/giantswarm/app-operator/releases/tag/v6.0.1) - -#### Added -- Add support for Catalogs that define multiple repository mirrors to be used in case some of them are unreachable. -#### Changed -- Only run `PodMonitor` outside of bootstrap mode. - - - -### aws-cni [1.11.2-iptables](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.11.2-iptables) - -Upgraded from version 1.10.1. Please check [upstream changelog](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.11.2) for details. - - -### kubernetes [1.21.14](https://github.com/kubernetes/kubernetes/releases/tag/v1.21.14) - -Upgraded from 1.21.9. - -This release brings bug and security fixes. - -Please refer to the [official changelog](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.21.md#v1219) for all the details. - - -### calico [3.21.5](https://github.com/projectcalico/calico/releases/tag/v3.21.5) - -Upgraded from 3.12.3. - -This upgrade bring security and bug fixes. - -Please refer to the [official changelog](https://projectcalico.docs.tigera.io/archive/v3.21/release-notes/#v3215) for all details. - - -### external-dns [2.15.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.15.0) - -#### Changed -- Update test dependencies and py-helm-charts version to [0.7.0](https://github.com/giantswarm/pytest-helm-charts/blob/master/CHANGELOG.md) ([#173](https://github.com/giantswarm/external-dns-app/pull/173)) -- Ignore IRSA annotation for service account when using AWS `external` access. - - - -### chart-operator [2.24.1](https://github.com/giantswarm/chart-operator/releases/tag/v2.24.1) - -#### Changed -- Update `helmclient` to v4.10.1. - - - -### node-exporter [1.13.0](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.13.0) - -#### Changed -- Disable boot partition from the `filesystem` exporter. - - - -### metrics-server [1.7.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v1.7.0) - -#### Changed -- Set `kubelet-preferred-address-types` to `Hostname` on `AWS`. - - - -### cert-manager [2.15.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.15.0) - -#### Changed -- Upgrade to upstream image [`v1.7.3`](https://github.com/jetstack/cert-manager/releases/tag/v1.7.3) which increases some hard-coded timeouts for certain ACME issuers (ZeroSSL and Sectigo) ([#243](https://github.com/giantswarm/cert-manager-app/pull/243)) -- Update kubectl container version to `1.24.2` ([#243](https://github.com/giantswarm/cert-manager-app/pull/243)) - - - -### aws-ebs-csi-driver [2.14.0](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.14.0) - -#### Changed -- Remove `imagePullSecrets` from values.yaml -- Bump aws-ebs-csi-driver version to `v1.6.2`. - - - -### coredns [1.10.0](https://github.com/giantswarm/coredns-app/releases/tag/v1.10.0) - -#### Added -- Add `app.kubernetes.io/component` on deployments so that management-cluster-admission controller does not complain. - - - -### kube-state-metrics [1.11.0](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.11.0) - -#### Add -- Allow `application.giantswarm.io/team` label. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.5.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.5.1.md deleted file mode 100644 index 9e3f8005ac..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.5.1.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.5.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/v16.5.1 - version: 16.5.1 - version_tag: v16.5.1 -date: '2022-07-22T09:19:21' -description: Release notes for AWS workload cluster release v16.5.1, published on - 22 July 2022, 09:19. -title: Workload cluster release v16.5.1 for AWS ---- - -This is a patch release to downgrade Cert Manager to release 2.11.0 due to breaking changes fo API Versions for older k8s releases. - -## Change details - -### cert-manager [2.11.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.11.0) - -#### Revert breaking changes from Cert Manager `2.15.0` update with API versions diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.5.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.5.2.md deleted file mode 100644 index 45757dad45..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v16.5.2.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v16.5.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v16.5.2 - version: 16.5.2 - version_tag: v16.5.2 -date: '2022-11-17T11:50:16' -description: Release notes for AWS workload cluster release v16.5.2, published on - 17 November 2022, 11:50. -title: Workload cluster release v16.5.2 for AWS ---- - -This is a patch release to add missing Elastic File System (EFS) IAM permissions. It also allows EFS CSI Driver to get the Instance Identity from the Instance Metadata Service (IMDS). - -## Change details - - -### aws-operator [10.14.2](https://github.com/giantswarm/aws-operator/releases/tag/v10.14.2) - -#### Fixed -- Added EFS policy to the ec2 instance role to allow to use the EFS driver out of the box - - - -### kiam [2.5.1](https://github.com/giantswarm/kiam-app/releases/tag/v2.5.1) - -#### Fixed -- Allow `whiteListRouteRegexp` to default to `/latest/*`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.0.0-alpha1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.0.0-alpha1.md deleted file mode 100644 index c679195780..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.0.0-alpha1.md +++ /dev/null @@ -1,1106 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.0.0-alpha1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.0.0-alpha1 - version: 17.0.0-alpha1 - version_tag: v17.0.0-alpha1 -date: '2022-01-31T10:00:00' -description: Release notes for AWS workload cluster release v17.0.0-alpha1, published - on 31 January 2022, 10:00. -title: Workload cluster release v17.0.0-alpha1 for AWS ---- - -This release provides support for Kubernetes 1.22 and has Control Groups v2 enabled by default. - -**Highlights** -- Kubernetes 1.22 support; -- Control Groups v2 are enabled by default; -- Security fixes: - * 30 Linux CVEs; - * 8 Go CVEs; - * 4 Docker CVEs; - * 3 curl CVEs; - * 3 vim CVEs; - * 2 bash CVEs; - * 2 binutils CVEs; - * 2 containerd CVEs; - * 2 nettle CVEs; - * 2 SDK: bison CVEs; - * 1 ca-certificates CVE; - * 1 util-linux CVE; - * 1 git CVE; - * 1 glibc CVE; - * 1 gnupg CVE; - * 1 libgcrypt CVE; - * 1 polkit CVE; - * 1 sssd CVE; - * 1 SDK: perl CVE; - -> **_Warning:_** This is an **`alpha preview release`** intended only for testing Kubernetes v1.22 changes and Control Groups v2 compatibility. Upgrading to or from this version is not supported. - -> **_Warning:_** Kubernetes v1.22 removed certain APIs and features. More details are available in the [upstream blog post](https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/). - -**Known Issues** -- Java applications are unable to identify memory limits when using a `JRE` prior to v15 in a Control Groups v2 environment. Support was added in `JRE` v15 and later. More details are available in the [upstream issue](https://bugs.openjdk.java.net/browse/JDK-8230305). We recommend using the latest LTS JRE available (currently v17) to ensure continued compatibility with future releases. - -**Control Groups v1** -To ensure a smooth transition, in case you need time to modify applications to make them compatible with Control Groups v2, we provide a mechanism that will allow using Control Groups v1 on specific node pools. More details are available in our [documentation](https://docs.giantswarm.io/advanced/forcing-cgroupsv1/). - -## Change details - - -### kubernetes [1.22.5](https://github.com/kubernetes/kubernetes/releases/tag/v1.22.5) - -#### What's New (Major Themes) - -##### Removal of several beta Kubernetes APIs - -A number of APIs are no longer serving specific Beta versions in favour of the GA version of those APIs. All existing objects can be interacted with via general availability APIs. This removal includes beta versions of `ValidatingWebhookConfiguration`, `MutatingWebhookConfiguration`, `CustomResourceDefinition`, `APIService`, `TokenReview`, `SubjectAccessReview`, `CertificateSigningRequest`, `Lease`, `Ingress`, and `IngressClass` APIs. For the full list check out [Deprecated API Migration Guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22) and the blog post [Kubernetes API and Feature Removals In 1.22: Here’s What You Need To Know](https://blog.k8s.io/2021/07/14/upcoming-changes-in-kubernetes-1-22/). - -##### Kubernetes release cadence change - -We all have to adapt to change in our lives, and especially so in the past year. The Kubernetes release team was also affected from the COVID-19 pandemic and has listened to its user base regarding the number of releases in a calendar year. From April 23, 2021 it was made official that Kubernetes release cadence has reduced from 4 releases per year to 3 releases per year. - -You can read more in the official blog post [Kubernetes Release Cadence Change: Here’s What You Need To Know](https://blog.k8s.io/2021/07/20/new-kubernetes-release-cadence/). - -##### External credential providers - -Kubernetes client [credential plugins](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins) have been in beta since 1.11, a few eons ago. With the release of Kubernetes 1.22, this feature set graduates to stable. The GA feature set includes improved support for plugins that provide interactive login flows. -This release also contains a number of bug fixes to the feature set. Aspiring plugin authors can look at [sample-exec-plugin](https://github.com/ankeesler/sample-exec-plugin) as a way to get started. - -Related to this topic, the in-tree Azure and GCP authentication plugins have been [deprecated](https://github.com/kubernetes/kubernetes/pull/102181) in favor of out-of-tree implementations. - -##### Server-side Apply graduates to GA - -Server-side Apply is a new object merge algorithm, as well as tracking of field ownership, running on the Kubernetes API server. Server-side Apply helps users and controllers manage their resources via declarative configurations. It allows them to create and/or modify their objects declaratively, simply by sending their fully specified intent. After being in beta for a couple releases, [Server-side Apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) is now generally available. - -##### Cluster Storage Interface graduations - -CSI support for Windows nodes moves to GA in the 1.22 release. In Kubernetes v1.22, Windows privileged containers are only an alpha feature. To allow using CSI storage on Windows nodes, [CSIProxy](https://github.com/kubernetes-csi/csi-proxy) enables CSI node plugins to be deployed as unprivileged pods, using the proxy to perform privileged storage operations on the node. - -Another feature moving to GA in v1.22 is CSI Service Account Token support. This feature allows CSI drivers to use pods' [bound service account tokens](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume) instead of a more privileged identity. It also provides control over to re-publishing these volumes, so that short-lived tokens can be refreshed. - -##### SIG Windows development tools - -To grow the developer community, SIG Windows released multiple [tools](https://github.com/kubernetes-sigs/sig-windows-dev-tools/). The new tools support multiple CNI providers (Antrea, Calico), can run on multiple platforms (any vagrant compatible provider, such as Hyper-V, VirtualBox, or vSphere). -There is also a new way to run bleeding edge Windows features from scratch by compiling the windows kubelet and kube-proxy, then using them along with daily builds of other Kubernetes components. - -##### Deploy a more secure control plane with kubeadm - -A new alpha feature allows running the kubeadm control plane components as non-root users. This is a long requested security measure in kubeadm. To try it you must enable the kubeadm-specific `RootlessControlPlane` feature gate. When you deploy a cluster using this alpha feature, your control plane runs with lower privileges. - -A new [v1beta3 configuration API](https://github.com/kubernetes/kubeadm/issues/1796). It [iterates over v1beta2](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3) by adding some long requested features and deprecating some existing ones. The `V1beta3` is now the preferred API version; the `v1beta2` API also remains available and is not yet deprecated. - -##### etcd moves to version 3.5.0 - -Kubernetes' default backend storage, etcd, has a new release 3.5.0 and the community embraced it. The new release comes with improvements to the Security, performance, monitoring and developer experience. There are numerous bug fixes to lease objects causing memory leaks, and compact operation causing deadlocks and more. A couple of new features are also introduced like the migration to structured logging and build in log rotation. The release comes with a detailed future roadmap to implement a solution to traffic overload. A full and detailed list of changes can be read in the [3.5.0 release announcement](https://etcd.io/blog/2021/announcing-etcd-3.5/). - -##### Kubernetes Node system swap support - -Every system administrator or Kubernetes user has been in the same boat regarding setting up and using Kubernetes: disable swap space. With the release of Kubernetes 1.22, *alpha* support is available to run nodes with swap memory. This change lets administrators opt in to configuring swap on Linux nodes, treating a portion of block storage as additional virtual memory. - -##### Cluster-wide seccomp defaults - -A new alpha feature gate `SeccompDefault` has been added to the kubelet, together with a corresponding command line flag `--seccomp-default` and kubelet configuration. If both are enabled, then the kubelet's behavior changes for pods that don't explicitly set a seccomp profile. -With cluster-wide seccomp defaults, the kubelet uses the `RuntimeDefault` seccomp profile by default, rather than than `Unconfined`. This allows enhancing the default cluster wide workload security of the Kubernetes deployment. Security administrators will now sleep better knowing there is some security by default for the workloads. - -To learn more about the feature, please refer to the official [seccomp tutorial](https://kubernetes.io/docs/tutorials/clusters/seccomp/#enable-the-use-of-runtimedefault-as-the-default-seccomp-profile-for-all-workloads). - -##### Quality of Service for memory resources - -Originally, Kubernetes used the v1 cgroups API. With that design, the QoS class for a pod only applied to CPU resources (such as `cpu_shares`). The Kubernetes cgroup manager uses `memory.limit_in_bytes` in v1 cgroups to limit the memory capacity for a container, and uses `oom_scores` to recommend an order for killing container processes if an out-of-memory event occurs. This implementation has shortcomings: for `Guaranteed` pods, memory can not be fully reserved, and the page cache is at risk of being recycled. For `Burstable` pods, overcommitting memory (setting `request` less than `limit` ) could increase the risk of a container being killed when the Linux kernel detects an out of memory condition. - -As an alpha feature, Kubernetes v1.22 can use the cgroups v2 API to control memory allocation and isolation. This feature is designed to improve workload and node availability when there is contention for memory resources. - -##### API changes and improvements for ephemeral containers - -The API used to create [Ephemeral Containers](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/) changed in 1.22. The Ephemeral Containers feature is alpha and disabled by default, and the new API does not work with clients that attempt to use the old API. - -For stable features, the `kubectl` tool follows the Kubernetes [version skew policy](https://kubernetes.io/releases/version-skew-policy/); -however, kubectl v1.21 and older do not support the new API for ephemeral containers. -Users who create ephemeral containers using `kubectl debug` should note that kubectl version 1.22 will attempt to fall back to the old API; older versions of kubectl will not work with cluster versions of 1.22 or later. Please update kubectl to 1.22 if you wish to use `kubectl debug` with a mix of cluster versions. - -#### Known Issues - -##### CPU and Memory manager are not working correctly for Guaranteed Pods with multiple containers - -A regression bug was found where guaranteed Pods with multiple containers do not work properly with set allocations for CPU, Memory, and Device manager. [The fix will be availability in coming releases](https://github.com/kubernetes/kubernetes/pull/103979). - -##### `CSIMigrationvSphere` feature gate has not migrated to new CRD APIs - -If CSIMigrationvSphere feature gate is enabled, user should not upgrade to Kubernetes v1.22. vSphere CSI Driver does not support Kubernetes v1.22 yet because it uses v1beta1 CRD APIs. Support for v1.22 will be added at a later release. Check the following document for supported Kubernetes releases for a given [vSphere CSI Driver version](https://vsphere-csi-driver.sigs.k8s.io/compatiblity_matrix.html#compatibility-matrix-for-vsphere-csi-driver). - -#### Urgent Upgrade Notes - -##### (No, really, you MUST read this before you upgrade) - -- Audit log files are now created with a mode of 0600. Existing file permissions will not be changed. If you need the audit file to be readable by a non-root user, you can pre-create the file with the desired permissions. ([#95387](https://github.com/kubernetes/kubernetes/pull/95387), [@JAORMX](https://github.com/JAORMX)) [SIG API Machinery and Auth] - - CSI migration of AWS EBS volumes requires AWS EBS CSI driver ver. 1.0 that supports `allowAutoIOPSPerGBIncrease` parameter in StorageClass. ([#101082](https://github.com/kubernetes/kubernetes/pull/101082), [@jsafrane](https://github.com/jsafrane)) - - Conformance image is now built with Distroless. Users running Conformance testing should rely on container entrypoint instead of manual invocation to `/run_e2e.sh` or `/gorunner`, as they are now deprecated and will be removed in 1.25 release. Invoking `ginkgo` and `e2e.test` are still supported through overriding entrypoint (docker) or defining container `spec.command` (kubernetes). ([#99178](https://github.com/kubernetes/kubernetes/pull/99178), [@wilsonehusin](https://github.com/wilsonehusin)) - - Default `StreamingProxyRedirects` to disabled. If there is a >= 2 version skew between master and nodes, and the old nodes were enabling `--redirect-container-streaming`, this will break them. In this case, the `StreamingProxyRedirects` can still be manually enabled. ([#101647](https://github.com/kubernetes/kubernetes/pull/101647), [@pacoxu](https://github.com/pacoxu)) - - Intree volume plugin scaleIO support has been completely removed from Kubernetes. ([#101685](https://github.com/kubernetes/kubernetes/pull/101685), [@Jiawei0227](https://github.com/Jiawei0227)) - - Kubeadm: remove the automatic detection and matching of cgroup drivers for Docker. For new clusters if you have not configured the cgroup driver explicitly you might get a failure in the `kubelet` on driver mismatch (kubeadm clusters should be using the `systemd` driver). Also remove the `IsDockerSystemdCheck` preflight check (warning) that checks if the Docker cgroup driver is set to `systemd`. Ideally such detection / coordination should be on the side of CRI implementers and the kubelet (tracked [here](https://github.com/kubernetes/kubernetes/issues/99808)). Please see the [page](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/) on how to configure cgroup drivers with kubeadm manually ([#99647](https://github.com/kubernetes/kubernetes/pull/99647), [@neolit123](https://github.com/neolit123)) - - Kubeadm: the flag `--cri-socket` is no longer allowed in a mixture with the flag `--config`. Please use the kubeadm configuration for setting the CRI socket for a node using `{Init|Join}Configuration.nodeRegistration.criSocket`. ([#101600](https://github.com/kubernetes/kubernetes/pull/101600), [@KofClubs](https://github.com/KofClubs)) - - Newly provisioned PVs by Azure disk will no longer have the beta `FailureDomain` label. Azure disk volume plugin will start to have GA topology label instead. ([#101534](https://github.com/kubernetes/kubernetes/pull/101534), [@kassarl](https://github.com/kassarl)) - - Scheduler's CycleState now embeds internal read/write locking inside its `Read()` and `Write()` functions. Meanwhile, `Lock()` and `Unlock()` function are removed. Scheduler plugin developers are now required to remove `CycleState#Lock()` and `CycleState#Unlock()`. Just simply use `Read()` and `Write()` as they're natively thread-safe now. ([#101542](https://github.com/kubernetes/kubernetes/pull/101542), [@Huang-Wei](https://github.com/Huang-Wei)) - - The `CSIMigrationVSphereComplete` feature flag is removed. `InTreePluginvSphereUnregister` will be the way moving forward. ([#101272](https://github.com/kubernetes/kubernetes/pull/101272), [@Jiawei0227](https://github.com/Jiawei0227)) - - The flag `--experimental-patches` is now deprecated and will be removed in a future release. You can migrate to using the new flag `--patches`. Add a new field `{Init|Join}Configuration.patches.directory` that can be used for the same purpose. For `init` and `join` it is now recommended that you migrate to configure patches via `{Init|Join}Configuration.patches.directory`. For the time being, these flags can be mixed with `--config`, but that might change in the future. On a command line, the last *patches flag takes precedence over previous flags and the value in config. `kubeadm upgrade --patches` will continue to be the only available option, since `upgrade` does not support a configuration file yet. ([#103063](https://github.com/kubernetes/kubernetes/pull/103063), [@neolit123](https://github.com/neolit123)) - - -#### Important Security Information - -This release contains changes that address the following vulnerabilities: - -##### CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access - -A security issue was discovered in Kubernetes where a user may be able to -create a container with subpath volume mounts to access files & -directories outside of the volume, including on the host filesystem. - -**Affected Versions**: - - kubelet v1.22.0 - v1.22.1 - - kubelet v1.21.0 - v1.21.4 - - kubelet v1.20.0 - v1.20.10 - - kubelet <= v1.19.14 - -**Fixed Versions**: - - kubelet v1.22.2 - - kubelet v1.21.5 - - kubelet v1.20.11 - - kubelet v1.19.15 - -This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google. - -**CVSS Rating:** High (8.8) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) - - -#### Deprecation - -- Controller-manager: the following flags have no effect and would be removed in v1.24: - - `--port` - - `--address` - The insecure port flags `--port` may only be set to 0 now. - - In addtion, please be careful that: - - controller-manager MUST start with `--authorization-kubeconfig` and `--authentication-kubeconfig` correctly set to get authentication/authorization working. - - liveness/readiness probes to controller-manager MUST use HTTPS now, and the default port has been changed to 10257. - - Applications that fetch metrics from controller-manager should use a dedicated service account which is allowed to access nonResourceURLs `/metrics`. ([#96216](https://github.com/kubernetes/kubernetes/pull/96216), [@knight42](https://github.com/knight42)) [SIG API Machinery, Cloud Provider, Instrumentation and Testing] -- Deprecate `--record` flag in `kubectl`. The `--record` flag is being replaced with the [mechanism](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/859-kubectl-headers) which annotates HTTP requests with kubectl command details. ([#102873](https://github.com/kubernetes/kubernetes/pull/102873), [@soltysh](https://github.com/soltysh)) -- E2e.test: removed the `--viper-config` flag. If you were previously using this to pass flags to `e2e.test` via a file, you will need to pass them directly on the command line, e.g. `e2e.test --e2e-output-dir`. ([#102598](https://github.com/kubernetes/kubernetes/pull/102598), [@dims](https://github.com/dims)) -- For `kubeadm`: remove the ClusterStatus API from v1beta3 and its management in the kube-system/kubeadm-config ConfigMap. This method of keeping track of what API endpoints exists in the cluster was replaced (in a prior release) by a method to annotate the etcd Pods that `kubeadm` creates in "stacked etcd" clusters. The following CLI sub-phases are deprecated and are now a NO-OP: for `kubeadm join`: "control-plane-join/update-status", for `kubeadm reset`: "update-cluster-status". Unless you are using these phases explicitly, you should not be affected. ([#101915](https://github.com/kubernetes/kubernetes/pull/101915), [@neolit123](https://github.com/neolit123)) -- Kubeadm: remove the deprecated `--csr-only` and `--csr-dir` flags from `kubeadm init phase certs`. Deprecate the same flags under `kubeadm certs renew`. In both the cases the command `kubeadm certs generate-csr` should be used instead. ([#102108](https://github.com/kubernetes/kubernetes/pull/102108), [@neolit123](https://github.com/neolit123)) -- Kubeadm: Remove the deprecated command `kubeadm alpha kubeconfig`. Please use `kubeadm kubeconfig` instead. ([#101938](https://github.com/kubernetes/kubernetes/pull/101938), [@knight42](https://github.com/knight42)) -- Kubeadm: Remove the deprecated hyperkube image support in `v1beta3`. This implies removal of `ClusterConfiguration.UseHyperKubeImage.` ([#101537](https://github.com/kubernetes/kubernetes/pull/101537), [@neolit123](https://github.com/neolit123)) -- Kubeadm: Remove the field `ClusterConfiguration.DNS.Type` in v1beta3 since CoreDNS is the only supported DNS type. ([#101547](https://github.com/kubernetes/kubernetes/pull/101547), [@neolit123](https://github.com/neolit123)) -- Kubeadm: remove the deprecated command `kubeadm config view`. A replacement for this command is `kubectl get cm -n kube-system kubeadm-config -o=jsonpath="{.data.ClusterConfiguration}"` ([#102071](https://github.com/kubernetes/kubernetes/pull/102071), [@neolit123](https://github.com/neolit123)) -- Kubeadm: remove the deprecated flag '--image-pull-timeout' for 'kubeadm upgrade apply' command ([#102093](https://github.com/kubernetes/kubernetes/pull/102093), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Kubeadm: remove the deprecated flag `--insecure-port` from the kube-apiserver manifest that kubeadm manages. The flag had no effect since 1.20, since the insecure serving of the component was disabled in the same version. ([#102121](https://github.com/kubernetes/kubernetes/pull/102121), [@pacoxu](https://github.com/pacoxu)) -- Kubeadm: remove the deprecated kubeadm API `v1beta1`. Introduce a new kubeadm API `v1beta3`. See [kubeadm/v1beta3](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3) for a list of changes since `v1beta2`. Note that `v1beta2` is not yet deprecated, but will be in a future release. ([#101129](https://github.com/kubernetes/kubernetes/pull/101129), [@neolit123](https://github.com/neolit123)) -- Newly provisioned PVs by vSphere in-tree plugin will no longer have the beta `FailureDomain` label. vSphere volume plugin will start to have GA topology label ([#102414](https://github.com/kubernetes/kubernetes/pull/102414), [@divyenpatel](https://github.com/divyenpatel)) -- Removal of the CSI `NodePublish` path by the kubelet is deprecated. This must be done by the CSI plugin according to the CSI spec. ([#101441](https://github.com/kubernetes/kubernetes/pull/101441), [@dobsonj](https://github.com/dobsonj)) -- Remove support for the Service `topologyKeys` field (alpha) and the `kube-proxy` implementation of it. This field was deprecated several cycles ago. This functionality is replaced by the combination of automatic topology hints per-endpoint (alpha) and the Service `internalTrafficPolicy` field (alpha). ([#102412](https://github.com/kubernetes/kubernetes/pull/102412), [@andrewsykim](https://github.com/andrewsykim)) -- The `PodUnknown` phase is now deprecated. ([#95286](https://github.com/kubernetes/kubernetes/pull/95286), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) -- The `storageos`, `quobyte` and `flocker` storage volume plugins are deprecated and will be removed in a later release. ([#101773](https://github.com/kubernetes/kubernetes/pull/101773), [@Jiawei0227](https://github.com/Jiawei0227)) -- The deprecated flag `--hard-pod-affinity-symmetric-weight` and `--scheduler-name` have been removed from `kube-scheduler`. Use `ComponentConfig` instead to configure those parameters. ([#102805](https://github.com/kubernetes/kubernetes/pull/102805), [@ahg-g](https://github.com/ahg-g)) -- The feature Dynamic Kubelet Configuration is deprecated and kubelet will report warning when the flag `--dynamic-config-dir` is used. Feature gate `DynamicKubeletConfig` is disabled out of the box and needs to be explicitly enabled. ([#102966](https://github.com/kubernetes/kubernetes/pull/102966), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) [SIG Cloud Provider, Instrumentation and Node] -- The in-tree azure and gcp auth plugins have been deprecated. The https://github.com/Azure/kubelogin and gcloud commands serve as out-of-tree replacements via the kubectl/client-go credential plugin mechanism. ([#102181](https://github.com/kubernetes/kubernetes/pull/102181), [@enj](https://github.com/enj)) [SIG API Machinery and Auth] -- The ingress `v1beta1` has been deprecated. ([#102030](https://github.com/kubernetes/kubernetes/pull/102030), [@aojea](https://github.com/aojea)) - - -#### API Change -- A new score extension for NodeResourcesFit plugin that merges the functionality of `NodeResourcesLeastAllocated`, `NodeResourcesMostAllocated`, `RequestedToCapacityRatio` plugins, which are marked as deprecated as of v1beta2. In v1beta1, the three plugins can still be used in v1beta1 but not at the same time with the score extension of `NodeResourcesFit`. ([#101822](https://github.com/kubernetes/kubernetes/pull/101822), [@yuzhiquan](https://github.com/yuzhiquan)) -- A value of `Auto` is now a valid for the `service.kubernetes.io/topology-aware-hints` annotation. ([#100728](https://github.com/kubernetes/kubernetes/pull/100728), [@robscott](https://github.com/robscott)) -- Add `DataSourceRef` alpha field to PVC spec, which allows contents other than `PVCs` and `VolumeSnapshots` to be data sources. ([#103276](https://github.com/kubernetes/kubernetes/pull/103276), [@bswartz](https://github.com/bswartz)) -- Add `PersistentVolumeClaimDeletePoilcy` to StatefulSet API. ([#99378](https://github.com/kubernetes/kubernetes/pull/99378), [@mattcary](https://github.com/mattcary)) -- Add a new Priority and Fairness rule that exempts all probes (`/readyz`, `/healthz`, `/livez`) to prevent restarting of healthy `kube-apiserver` instance by kubelet. ([#100678](https://github.com/kubernetes/kubernetes/pull/100678), [@tkashem](https://github.com/tkashem)) -- Add alpha support for HostProcess containers on Windows ([#99576](https://github.com/kubernetes/kubernetes/pull/99576), [@marosset](https://github.com/marosset)) [SIG API Machinery, Apps, Node, Testing and Windows] -- Add distributed tracing to the `kube-apiserver`. It is can be enabled with the feature gate `APIServerTracing` ([#94942](https://github.com/kubernetes/kubernetes/pull/94942), [@dashpole](https://github.com/dashpole)) -- Add three metrics to the job controller to monitor if a job works in healthy condition. - `IndexedJob` has been promoted to Beta. ([#101292](https://github.com/kubernetes/kubernetes/pull/101292), [@AliceZhang2016](https://github.com/AliceZhang2016)) -- Added field `.status.uncountedTerminatedPods` to the Job resource. This field is used by the job controller to keep track of finished pods before adding them to the Job status counters. Pods created by the job controller get the finalizer `batch.kubernetes.io/job-tracking` - Jobs that are tracked using this mechanism get the annotation `batch.kubernetes.io/job-tracking`. This is a temporary measure. Two releases after this feature graduates to beta, the annotation won't be added to Jobs anymore. ([#98817](https://github.com/kubernetes/kubernetes/pull/98817), [@alculquicondor](https://github.com/alculquicondor)) -- Added new kubelet alpha feature `SeccompDefault`. This feature enables falling back to - the `RuntimeDefault` (former `runtime/default`) seccomp profile if nothing else is specified - in the pod/container `SecurityContext` or the pod annotation level. To use the feature, enable - the feature gate as well as set the kubelet configuration option `SeccompDefault` - (`--seccomp-default`) to `true`. ([#101943](https://github.com/kubernetes/kubernetes/pull/101943), [@saschagrunert](https://github.com/saschagrunert)) [SIG Node] -- Adds the `ReadWriteOncePod` access mode for `PersistentVolumes` and `PersistentVolumeClaims`. Restricts volume access to a single pod on a single node. ([#102028](https://github.com/kubernetes/kubernetes/pull/102028), [@chrishenzie](https://github.com/chrishenzie)) -- Alpha swap support can now be enabled on Kubernetes nodes with the `NodeSwapEnabled` feature flag. See [KEP-2400](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2400-node-swap/README.md#design-details) for details. ([#102823](https://github.com/kubernetes/kubernetes/pull/102823), [@ehashman](https://github.com/ehashman)) -- Because of the implementation logic of `time.Format` in golang, the displayed time zone is not consistent. ([#102366](https://github.com/kubernetes/kubernetes/pull/102366), [@cndoit18](https://github.com/cndoit18)) -- Corrected the documentation for escaping dollar signs in a container's env, command and args property. ([#101916](https://github.com/kubernetes/kubernetes/pull/101916), [@MartinKanters](https://github.com/MartinKanters)) [SIG Apps] -- Enable `MaxSurge` for `DaemonSet` by default. ([#101742](https://github.com/kubernetes/kubernetes/pull/101742), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Enforce the `ReadWriteOncePod` PVC access mode during scheduling ([#103082](https://github.com/kubernetes/kubernetes/pull/103082), [@chrishenzie](https://github.com/chrishenzie)) -- Ephemeral containers are now allowed to configure a `securityContext` that differs from that of the Pod. Cluster administrators should ensure that security policy controllers support `EphemeralContainers` before enabling this feature in clusters. ([#99023](https://github.com/kubernetes/kubernetes/pull/99023), [@verb](https://github.com/verb)) -- Exec plugin authors can override default handling of standard input via new `interactiveMode` kubeconfig field. ([#99310](https://github.com/kubernetes/kubernetes/pull/99310), [@ankeesler](https://github.com/ankeesler)) -- If someone had the `ProbeTerminationGracePeriod` alpha feature enabled in 1.21, they should update/delete any workloads/pods with probe `terminationGracePeriods` < 1 before upgrading ([#103245](https://github.com/kubernetes/kubernetes/pull/103245), [@wzshiming](https://github.com/wzshiming)) -- Improved parsing of label selectors ([#102188](https://github.com/kubernetes/kubernetes/pull/102188), [@alculquicondor](https://github.com/alculquicondor)) [SIG API Machinery] -- Introduce `minReadySeconds` api to the `StatefulSets`. ([#100842](https://github.com/kubernetes/kubernetes/pull/100842), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Introducing Memory quality of service support with `cgroups v2 (Alpha)`. The `MemoryQoS` feature is now in Alpha. This allows `kubelet` running with `cgroups v2` to set memory QoS at container, pod and QoS level to protect and guarantee better memory quality. This feature can be enabled through feature gate Memory QoS. ([#102970](https://github.com/kubernetes/kubernetes/pull/102970), [@borgerli](https://github.com/borgerli)) -- Kube API server accepts `Impersonate-Uid` header to impersonate a user with a specific UID, in the same way that you can currently use `Impersonate-User`, `Impersonate-Group` and `Impersonate-Extra`. ([#99961](https://github.com/kubernetes/kubernetes/pull/99961), [@margocrawf](https://github.com/margocrawf)) -- Kube-apiserver: `--service-account-issuer` can be specified multiple times now, to enable non-disruptive change of issuer. ([#101155](https://github.com/kubernetes/kubernetes/pull/101155), [@zshihang](https://github.com/zshihang)) [SIG API Machinery, Auth, Node and Testing] -- Kube-controller-manager: the `--horizontal-pod-autoscaler-use-rest-clients` flag and Heapster support in the horizontal pod autoscaler, deprecated since 1.12, is removed. ([#90368](https://github.com/kubernetes/kubernetes/pull/90368), [@serathius](https://github.com/serathius)) -- Kube-scheduler: a plugin enabled in a v1beta2 configuration file takes precedence over the default configuration for that plugin. This simplifies enabling default plugins with custom configuration without needing to explicitly disable those default plugins. ([#99582](https://github.com/kubernetes/kubernetes/pull/99582), [@chendave](https://github.com/chendave)) -- New `node-high` priority-level has been added to Suggested API Priority and Fairness configuration.([#101151](https://github.com/kubernetes/kubernetes/pull/101151), [@mborsz](https://github.com/mborsz)) -- NodeSwapEnabled feature flag was renamed to NodeSwap - - The flag was only available in the 1.22.0-beta.1 release, and the new flag should be used going forward. ([#103553](https://github.com/kubernetes/kubernetes/pull/103553), [@ehashman](https://github.com/ehashman)) [SIG Node] -- Omit comparison with boolean constant ([#101523](https://github.com/kubernetes/kubernetes/pull/101523), [@chuntaochen](https://github.com/chuntaochen)) [SIG CLI and Cloud Provider] -- Removed the feature flag for probe-level termination grace period from Kubelet. If a user wants to disable this feature on already created pods, they will have to delete and recreate the pods. ([#103168](https://github.com/kubernetes/kubernetes/pull/103168), [@raisaat](https://github.com/raisaat)) [SIG Apps and Node] -- Revert addition of Add `PersistentVolumeClaimDeletePoilcy` to `StatefulSet`API. ([#103747](https://github.com/kubernetes/kubernetes/pull/103747), [@mattcary](https://github.com/mattcary)) -- Scheduler could be configured to consider new resources beside CPU and memory, GPU for example, for the score plugin of `NodeResourcesBalancedAllocation`. ([#101946](https://github.com/kubernetes/kubernetes/pull/101946), [@chendave](https://github.com/chendave)) [SIG Scheduling] -- Server Side Apply now treats all Selector fields as atomic (meaning the entire selector is managed by a single writer and updated together), since they contain interrelated and inseparable fields that do not merge in intuitive ways. ([#97989](https://github.com/kubernetes/kubernetes/pull/97989), [@Danil-Grigorev](https://github.com/Danil-Grigorev)) [SIG API Machinery] -- Suspend Job feature graduated to beta. Added the `action` label to Job controller sync metrics `job_sync_total` and `job_sync_duration_seconds`. ([#102022](https://github.com/kubernetes/kubernetes/pull/102022), [@adtac](https://github.com/adtac)) -- The API documentation for the DaemonSet's `spec.updateStrategy.rollingUpdate.maxUnavailable` field was corrected to state that the value is rounded up. ([#101296](https://github.com/kubernetes/kubernetes/pull/101296), [@Miciah](https://github.com/Miciah)) -- The `CSIServiceAccountToken` graduates to Ga and is unconditionally enabled. ([#103001](https://github.com/kubernetes/kubernetes/pull/103001), [@zshihang](https://github.com/zshihang)) -- The `CertificateSigningRequest.certificates.k8s.io` API supports an optional expirationSeconds field to allow the client to request a particular duration for the issued certificate. The default signer implementations provided by the Kubernetes controller manager will honor this field as long as it does not exceed the --cluster-signing-duration flag. ([#99494](https://github.com/kubernetes/kubernetes/pull/99494), [@enj](https://github.com/enj)) -- The `EndpointSlicen Mirroring controller` no longer mirrors the `last-applied-configuration` annotation created by `kubectl` to update `EndpointSlices`. ([#102731](https://github.com/kubernetes/kubernetes/pull/102731), [@sharmarajdaksh](https://github.com/sharmarajdaksh)) -- The `NetworkPolicyEndPort` is graduated to beta and is enabled by default. ([#102834](https://github.com/kubernetes/kubernetes/pull/102834), [@rikatz](https://github.com/rikatz)) -- The `PodDeletionCost` feature has been promoted to beta, and enabled by default. ([#101080](https://github.com/kubernetes/kubernetes/pull/101080), [@ahg-g](https://github.com/ahg-g)) -- The `Server Side Apply` treats certain structs as atomic. Meaning the entire selector field is managed by a single writer and updated together. ([#100684](https://github.com/kubernetes/kubernetes/pull/100684), [@Jefftree](https://github.com/Jefftree)) -- The `ServiceAppProtocol` feature gate has been removed. It reached GA in Kubernetes ([#103190](https://github.com/kubernetes/kubernetes/pull/103190), [@robscott](https://github.com/robscott)) -- The `TerminationGracePeriodSeconds` on pod specs and container probes should not be negative. Negative values of `TerminationGracePeriodSeconds` will be treated as the value `1s` on the delete path. Immutable field validation will be relaxed in order to update negative values. In a future release, negative values will not be permitted. ([#98866](https://github.com/kubernetes/kubernetes/pull/98866), [@wzshiming](https://github.com/wzshiming)) -- The `kube-scheduler` component config `v1beta2` API available - Three scheduler plugins deprecated (`NodeLabel`, `ServiceAffinity`, `NodePreferAvoidPods`). ([#99597](https://github.com/kubernetes/kubernetes/pull/99597), [@adtac](https://github.com/adtac)) -- The `pod/eviction` subresource now accepts `policy/v1` eviction requests in addition to `policy/v1beta1` eviction requests ([#100724](https://github.com/kubernetes/kubernetes/pull/100724), [@liggitt](https://github.com/liggitt)) -- The `podAffinity`, `NamespaceSelector` and the associated `CrossNamespaceAffinity` quota scope features graduate to Beta and they are now enabled by default. ([#101496](https://github.com/kubernetes/kubernetes/pull/101496), [@ahg-g](https://github.com/ahg-g)) -- The `pods/ephemeralcontainers` API now returns and expects a `Pod` object instead of `EphemeralContainers`. This is incompatible with the previous alpha-level API. ([#101034](https://github.com/kubernetes/kubernetes/pull/101034), [@verb](https://github.com/verb)) [SIG Apps, Auth, CLI and Testing] -- The `v1.Node` and `.status.images[].names` are now optional. ([#102159](https://github.com/kubernetes/kubernetes/pull/102159), [@roycaihw](https://github.com/roycaihw)) -- The deprecated flag `--algorithm-provider` has been removed from `kube-scheduler`. Use instead `ComponentConfig` to configure the set of enabled plugins. ([#102239](https://github.com/kubernetes/kubernetes/pull/102239), [@Haleygo](https://github.com/Haleygo)) -- The options `--ssh-user` and `--ssh-key` are removed. They only functioned on GCE, and only in-tree. Use the apiserver network proxy instead. ([#102297](https://github.com/kubernetes/kubernetes/pull/102297), [@deads2k](https://github.com/deads2k)) -- Track Job completion through status and Pod finalizers, removing dependency on Pod tombstones. ([#98238](https://github.com/kubernetes/kubernetes/pull/98238), [@alculquicondor](https://github.com/alculquicondor)) [SIG API Machinery, Apps, Auth and Testing] -- Track ownership of scale subresource for all scalable resources i.e. Deployment, ReplicaSet, StatefulSet, ReplicationController, and Custom Resources. ([#98377](https://github.com/kubernetes/kubernetes/pull/98377), [@nodo](https://github.com/nodo)) [SIG API Machinery and Testing] -#### Feature -- Kubernetes is now built with Golang 1.16.12 ([#106982](https://github.com/kubernetes/kubernetes/pull/106982), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63 ([#106960](https://github.com/kubernetes/kubernetes/pull/106960), [@cpanato](https://github.com/cpanato)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] -- Kubernetes is now built with Golang 1.16.10 (#106223, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Update debian-base, debian-iptables, setcap images to pick up CVE fixes - - Debian-base to v1.9.0 - - Debian-iptables to v1.6.7 - - setcap to v2.0.4 (#106143, @cpanato) [SIG Release and Testing] -- A `system-cluster-critical` pod should not get a low OOM Score. - - As of now both `system-node-critical` and `system-cluster-critical` pods have -997 OOM score, making them one of the last processes to be OOMKilled. By definition `system-cluster-critical` pods can be scheduled elsewhere if there is a resource crunch on the node where as `system-node-critical` pods cannot be rescheduled. This was the reason for `system-node-critical` to have higher priority value than `system-cluster-critical`. This change allows only `system-node-critical` priority class to have low OOMScore. - - action required - If the user wants to have the pod to be OOMKilled last and the pod has `system-cluster-critical` priority class, it has to be changed to `system-node-critical` priority class to preserve the existing behavior ([#99729](https://github.com/kubernetes/kubernetes/pull/99729), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- API Server tracing can now trace re-entrant api requests. ([#103218](https://github.com/kubernetes/kubernetes/pull/103218), [@dashpole](https://github.com/dashpole)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle and Instrumentation] -- APIServerTracing now collects spans from etcd client calls, and propagates context to etcd. ([#103216](https://github.com/kubernetes/kubernetes/pull/103216), [@dashpole](https://github.com/dashpole)) [SIG API Machinery, Cloud Provider and Instrumentation] -- APIServerTracing now collects spans from outgoing requests to admission webhooks. ([#103601](https://github.com/kubernetes/kubernetes/pull/103601), [@dashpole](https://github.com/dashpole)) [SIG API Machinery] -- Add a namespace label for all `apiserver_admission_* metrics`. - Expand the histogram range to 0-10s for all `apiserver_admission_*_duration_seconds` metrics. ([#101208](https://github.com/kubernetes/kubernetes/pull/101208), [@voutcn](https://github.com/voutcn)) -- Add unified map on CRI to support `cgroup v2`. Refer to https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#unified. ([#102578](https://github.com/kubernetes/kubernetes/pull/102578), [@payall4u](https://github.com/payall4u)) -- Added BinaryData description to `kubectl describe` command. ([#100568](https://github.com/kubernetes/kubernetes/pull/100568), [@lauchokyip](https://github.com/lauchokyip)) -- Added a new metric `apiserver_flowcontrol_request_concurrency_in_use` that shows the number of - seats (concurrency) occupied by the currently executing requests in the API Priority and Fairness system. ([#102795](https://github.com/kubernetes/kubernetes/pull/102795), [@tkashem](https://github.com/tkashem)) -- Added field-selector option for `kubectl top pod` ([#102155](https://github.com/kubernetes/kubernetes/pull/102155), [@lauchokyip](https://github.com/lauchokyip)) [SIG CLI] -- Added new metrics about API Priority and Fairness. Each one has a label `priority_level`. The last two also have a label `bound` taking values `min` and `max. - - apiserver_flowcontrol_current_r: R(the time of the last change in state of the queues) - - apiserver_flowcontrol_dispatch_r: R(the time of the latest request dispatch) - - apiserver_flowcontrol_latest_s: S(the request last dispatched) = R(when that request starts executing in the virtual world) - - apiserver_flowcontrol_next_s_bounds: min and max next S among non-empty queues - - apiserver_flowcontrol_next_discounted_s_bounds: min and max next S - (sum [over requests executing] width * estimatedDuration) among non-empty queues ([#102859](https://github.com/kubernetes/kubernetes/pull/102859), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery and Instrumentation] -- Adding `--restart-kubelet` flag on E2E Node test suite ([#97028](https://github.com/kubernetes/kubernetes/pull/97028), [@knabben](https://github.com/knabben)) [SIG Node and Testing] -- Adds feature gate `KubeletInUserNamespace` which enables support for running kubelet in a user namespace. - - The user namespace has to be created before running kubelet. - All the node components such as CRI need to be running in the same user namespace. - - When the feature gate is enabled, kubelet ignores errors that happens during setting the following sysctl values: `vm.overcommit_memory`, `vm.panic_on_oom`, `kernel.panic`, `kernel.panic_on_oops`, `kernel.keys.root_maxkeys`, `kernel.keys.root_maxbytes`. (These sysctl values for the host, not for the containers) - - kubelet also ignores an error during opening `/dev/kmsg`. - This feature gate also allows kube-proxy to ignore an error during setting `RLIMIT_NOFILE`. - - This feature gate is especially useful for running Kubernetes inside Rootless Docker/Podman with `kind` or `minikube`. ([#92863](https://github.com/kubernetes/kubernetes/pull/92863), [@AkihiroSuda](https://github.com/AkihiroSuda)) [SIG Network, Node and Testing] -- Adds metrics for the delegated authenticator used by extension APIs that delegate authentication logic to the Kube API server. ([#99364](https://github.com/kubernetes/kubernetes/pull/99364), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- Adds metrics for the delegated authorizer used by extension APIs that delegate authorization logic to the Kube API server. ([#100339](https://github.com/kubernetes/kubernetes/pull/100339), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- Adds two kubemark flags, `--max-pods` and `--extended-resources`. ([#100267](https://github.com/kubernetes/kubernetes/pull/100267), [@Jeffwan](https://github.com/Jeffwan)) -- An audit log entry will be generated when a `ValidatingAdmissionWebhook` is failing to open. ([#92739](https://github.com/kubernetes/kubernetes/pull/92739), [@cnphil](https://github.com/cnphil)) -- Base images: Updated to - - debian-base:buster-v1.6.0 - - debian-iptables:buster-v1.6.0 ([#100976](https://github.com/kubernetes/kubernetes/pull/100976), [@jindijamie](https://github.com/jindijamie)) -- Base-images: Update to `debian-base:buster-v1.7.1` ([#102594](https://github.com/kubernetes/kubernetes/pull/102594), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Deprecated warning message for `igonre-errors` flag. ([#102677](https://github.com/kubernetes/kubernetes/pull/102677), [@yuzhiquan](https://github.com/yuzhiquan)) -- Endpoints that have more than 1000 endpoints will be truncated and the `endpoints.kubernetes.io/over-capacity` annotation on the Endpoints resource will be set to `truncated`. ([#103520](https://github.com/kubernetes/kubernetes/pull/103520), [@swetharepakula](https://github.com/swetharepakula)) [SIG Apps and Network] -- Expose `/debug/flags/v` to allow dynamically setting log level for kube-proxy. ([#98306](https://github.com/kubernetes/kubernetes/pull/98306), [@borgerli](https://github.com/borgerli)) [SIG Network] -- Expose container start time as `container_start_time_seconds` in the kubelet `/metrics/resource` endpoint. ([#102444](https://github.com/kubernetes/kubernetes/pull/102444), [@sanwishe](https://github.com/sanwishe)) -- Extended resources defined in `LeastAllocated`, `MostAllocated` and `RequestedToCapacityRatio` plugin argument are bypassed by the scheduler if the incoming Pod doesn't request them in the pod spec. ([#103169](https://github.com/kubernetes/kubernetes/pull/103169), [@Huang-Wei](https://github.com/Huang-Wei)) -- Feat: change parittion style to GPT on Windows ([#101412](https://github.com/kubernetes/kubernetes/pull/101412), [@andyzhangx](https://github.com/andyzhangx)) [SIG Storage and Windows] -- Features gates `EndpointSliceProxying` & `WindowsEndpointSliceProxying` graduates to GA and are unconditionally enabled. Kube-proxy will use EndpointSlices for endpoint information. ([#103451](https://github.com/kubernetes/kubernetes/pull/103451), [@swetharepakula](https://github.com/swetharepakula)) -- Fluentd: isolate logging resources in separate namespace `logging` ([#68004](https://github.com/kubernetes/kubernetes/pull/68004), [@saravanan30erd](https://github.com/saravanan30erd)) -- For `kubeadm`: add `--validity-period` flag for `kubeadm kubeconfig user` command. ([#100907](https://github.com/kubernetes/kubernetes/pull/100907), [@SataQiu](https://github.com/SataQiu)) -- Implement `minReadySeconds` for the `StatefulSets`. ([#101316](https://github.com/kubernetes/kubernetes/pull/101316), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Improve logging of `APIService` availability changes in kube-apiserver. ([#101420](https://github.com/kubernetes/kubernetes/pull/101420), [@sttts](https://github.com/sttts)) -- Introduce a feature gate `DisableCloudProviders` allowing to disable cloud-provider initialization in KAPI, KCM and kubelet. - `DisableCloudProviders` FeatureGate is currently in Alpha, which means is currently disabled by default. Once the FeatureGate moves to beta, in-tree cloud providers would be disabled by default, and a user won't be able to specify `--cloud-provider=` anymore to any of KCM, KAPI or kubelet. Only a '--cloud-provider=external' would be allowed. CCM would have to run out-of-tree with CSI. ([#100136](https://github.com/kubernetes/kubernetes/pull/100136), [@Danil-Grigorev](https://github.com/Danil-Grigorev)) -- JSON logging format is no longer available by default in non-core Kubernetes Components and require owners to opt in. ([#102869](https://github.com/kubernetes/kubernetes/pull/102869), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG API Machinery, Cluster Lifecycle and Instrumentation] -- Kube-apiserver: the alpha PodSecurity feature can be enabled by passing `--feature-gates=PodSecurity=true`, and enables controlling allowed pods using namespace labels. See https://git.k8s.io/enhancements/keps/sig-auth/2579-psp-replacement for more details. ([#103099](https://github.com/kubernetes/kubernetes/pull/103099), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth, Instrumentation, Release, Security and Testing] -- Kube-proxy uses V1 `EndpointSlices`. ([#103306](https://github.com/kubernetes/kubernetes/pull/103306), [@swetharepakula](https://github.com/swetharepakula)) -- Kubeadm: Add the `RootlessControlPlane` kubeadm specific feature gate (Alpha in 1.22, disabled by default). It can be used to enable an experimental feature that makes the control plane component static Pod containers for `kube-apiserver`, `kube-controller-manager`, `kube-scheduler` and `etcd` to run as a non-root users. ([#102158](https://github.com/kubernetes/kubernetes/pull/102158), [@vinayakankugoyal](https://github.com/vinayakankugoyal)) -- Kubeadm: Set the `seccompProfile` to `runtime/default` in the `PodSecurityContext` of the control-plane components that run as static Pods. ([#100234](https://github.com/kubernetes/kubernetes/pull/100234), [@vinayakankugoyal](https://github.com/vinayakankugoyal)) -- Kubeadm: add a new field `skipPhases` to `v1beta3` `InitConfiguration` and `JoinConfiguration` that can contain a list of phases to skip during "kubeadm init" and "kubeadm join". The flag "--skip-phases" takes precedence over this field. ([#101923](https://github.com/kubernetes/kubernetes/pull/101923), [@neolit123](https://github.com/neolit123)) -- Kubeadm: add the `--dry-run` flag to the `control-plane` phase of "kubeadm init". ([#102722](https://github.com/kubernetes/kubernetes/pull/102722), [@vinayakankugoyal](https://github.com/vinayakankugoyal)) -- Kubeadm: add the `imagePullPolicy` field in the `nodeRegistration` section of `InitConfiguration` and `JoinConfiguration` in `v1beta3`. This allows the user to specify the image pull policy during "kubeadm init" and "kubeadm join". The value of this field must be one of `Always`, `IfNotPresent` or `Never`. The default behavior continues to be `IfNotPresent`. ([#102901](https://github.com/kubernetes/kubernetes/pull/102901), [@wangyysde](https://github.com/wangyysde)) -- Kubeadm: during "kubeadm init/join/upgrade", always default the `cgroupDriver` value in the `KubeletConfiguration` to `systemd`, unless the user was explicit about the value. See [configure-cgroup-driver](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/) for more details. ([#102133](https://github.com/kubernetes/kubernetes/pull/102133), [@pacoxu](https://github.com/pacoxu)) -- Kubeadm: update `CoreDNS` to 1.8.4. Grant `CoreDNS` permissions to "list" and "watch" `EndpointSlice` objects to accommodate dual-stack support. ([#102466](https://github.com/kubernetes/kubernetes/pull/102466), [@pacoxu](https://github.com/pacoxu)) -- Kubectl: add `LAST RESTART` column to `kubectl get pods` output. ([#100142](https://github.com/kubernetes/kubernetes/pull/100142), [@Ethyling](https://github.com/Ethyling)) -- Kubemark's hollow-node will now print flags before starting. ([#101181](https://github.com/kubernetes/kubernetes/pull/101181), [@mm4tt](https://github.com/mm4tt)) -- Kubernetes is now built with Golang 1.16.3 ([#101206](https://github.com/kubernetes/kubernetes/pull/101206), [@justaugustus](https://github.com/justaugustus)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Kubernetes is now built with Golang 1.16.4 ([#101809](https://github.com/kubernetes/kubernetes/pull/101809), [@justaugustus](https://github.com/justaugustus)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Kubernetes is now built with Golang 1.16.5. ([#102689](https://github.com/kubernetes/kubernetes/pull/102689), [@cpanato](https://github.com/cpanato)) -- Kubernetes is now built with Golang 1.16.6 ([#103669](https://github.com/kubernetes/kubernetes/pull/103669), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Leader Migration for controller managers graduated to beta. ([#103533](https://github.com/kubernetes/kubernetes/pull/103533), [@jiahuif](https://github.com/jiahuif)) [SIG API Machinery and Cloud Provider] -- Make kubectl command headers default for beta. ([#103238](https://github.com/kubernetes/kubernetes/pull/103238), [@seans3](https://github.com/seans3)) [SIG CLI] -- Mark `net.ipv4.ip_unprivileged_port_start` as safe `sysctl`. ([#103326](https://github.com/kubernetes/kubernetes/pull/103326), [@pacoxu](https://github.com/pacoxu)) -- Metrics server nanny has now poll period set to 30s (previously 5 minutes) to allow faster scaling of metrics server. ([#101869](https://github.com/kubernetes/kubernetes/pull/101869), [@olagacek](https://github.com/olagacek)) [SIG Cloud Provider and Instrumentation] -- NetworkPolicy validation framework support for windows. ([#98077](https://github.com/kubernetes/kubernetes/pull/98077), [@jayunit100](https://github.com/jayunit100)) -- New feature gate `ExpandedDNSConfig` is now available. This feature allows Kubernetes to have expanded DNS configuration. ([#100651](https://github.com/kubernetes/kubernetes/pull/100651), [@gjkim42](https://github.com/gjkim42)) -- New metrics: `apiserver_kube_aggregator_x509_missing_san_total` and `apiserver_webhooks_x509_missing_san_total`. This metric measures a number of connections to webhooks/aggregated API servers that use certificates without Subject Alternative Names. It being non-zero is a warning sign that these connections will stop functioning in the future since Golang is going to deprecate x509 certificate subject Common Names for server hostname verification. ([#95396](https://github.com/kubernetes/kubernetes/pull/95396), [@stlaz](https://github.com/stlaz)) [SIG API Machinery, Auth and Instrumentation] -- Node Problem Detector is now available for GCE Windows nodes. ([#101539](https://github.com/kubernetes/kubernetes/pull/101539), [@jeremyje](https://github.com/jeremyje)) [SIG Cloud Provider, Node and Windows] -- Promote Cronjobs storage version to `batch/v1`. ([#102363](https://github.com/kubernetes/kubernetes/pull/102363), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Promote `CronJobControllerV2` flag to GA, with removal in 1.23. ([#102529](https://github.com/kubernetes/kubernetes/pull/102529), [@soltysh](https://github.com/soltysh)) -- Promote `EndpointSliceTerminatingCondition` to Beta. This enables the `terminating` and `serving` conditions for EndpointSlice by default. ([#103596](https://github.com/kubernetes/kubernetes/pull/103596), [@andrewsykim](https://github.com/andrewsykim)) -- Run etcd as non-root on GCE provider ([#100635](https://github.com/kubernetes/kubernetes/pull/100635), [@cindy52](https://github.com/cindy52)) -- Scheduler nows provides an option for plugin developers to move `Pods` to activeQ. ([#103383](https://github.com/kubernetes/kubernetes/pull/103383), [@Huang-Wei](https://github.com/Huang-Wei)) -- Secret values are now masked by default in `kubectl diff` output. ([#96084](https://github.com/kubernetes/kubernetes/pull/96084), [@loozhengyuan](https://github.com/loozhengyuan)) -- Services with `externalTrafficPolicy: Local` now support graceful termination when using - the iptables or ipvs mode of kube-proxy with `EndpointSlices` enabled. Specifically, if a - connection for such a service arrives on a node when there are no "Ready" endpoints - for the service, but there is at least one Terminating pod for that service on the node, - then kube-proxy will send the traffic to the Terminating pod rather than dropping it. This - patches up a race condition between when a pod is killed and when the external load - balancer notices that it has been killed. ([#97238](https://github.com/kubernetes/kubernetes/pull/97238), [@andrewsykim](https://github.com/andrewsykim)) -- Shell completion has been migrated to Cobra's go solution. `kubectl` is now smarter about disabling file completion when it does not apply. Furthermore, completion for the `cp` command does not show all files unless the user has started typing something. ([#96087](https://github.com/kubernetes/kubernetes/pull/96087), [@marckhouzam](https://github.com/marckhouzam)) [SIG CLI] -- Some of the in-tree storage drivers indicate support for the `MetricsProvider` interface, but fail to configure this for BlockMode volumes. With a recent change, `Kubelet` will call `GetMetrics()` for BlockMode volumes, and the in-tree drivers that miss the support cause a Go panic. Now the in-tree storage drivers that support BlockMode volumes, will return the Capacity of the volume in the `GetMetrics()` call. ([#101587](https://github.com/kubernetes/kubernetes/pull/101587), [@nixpanic](https://github.com/nixpanic)) -- Support `FakeClientset` match subresource. ([#100939](https://github.com/kubernetes/kubernetes/pull/100939), [@wzshiming](https://github.com/wzshiming)) -- The "Leader Migration" now support a wildcard component name and the default value. ([#102711](https://github.com/kubernetes/kubernetes/pull/102711), [@jiahuif](https://github.com/jiahuif)) -- The CSI driver supports the NodeServiceCapability `VOLUME_MOUNT_GROUP` and the `DelegateFSGroupToCSIDriver` feature gate is enabled, kubelet will delegate applying FSGroup to the driver by passing it to `NodeStageVolume` and `NodePublishVolume`, regardless of what other `FSGroup` policies are set, this is an alpha feature. ([#103244](https://github.com/kubernetes/kubernetes/pull/103244), [@verult](https://github.com/verult)) -- The Memory Manager feature graduates to Beta and it is enabled by default. ([#101947](https://github.com/kubernetes/kubernetes/pull/101947), [@cynepco3hahue](https://github.com/cynepco3hahue)) -- The `BoundServiceAccountTokenVolume` graduates to GA and thus will be unconditionally enabled. The feature gate is going to be removed in 1.23. ([#101992](https://github.com/kubernetes/kubernetes/pull/101992), [@zshihang](https://github.com/zshihang)) -- The `EmptyDir` memory backed volumes are sized as the the minimum of pod allocatable memory on a host and an optional explicit user provided value. ([#101048](https://github.com/kubernetes/kubernetes/pull/101048), [@dims](https://github.com/dims)) -- The `HugePageStorageMediumSize` feature graduates to GA and unconditionally enabled. Allowing unconditional usage of multiple sizes huge page resources on a container level. ([#99144](https://github.com/kubernetes/kubernetes/pull/99144), [@bart0sh](https://github.com/bart0sh)) -- The `IngressClassNamespacedParams` feature gate has graduated to beta and is enabled by default. This means IngressClass resource will now have two new fields - `spec.paramters.namespace` and `spec.parameters.scope`. ([#101711](https://github.com/kubernetes/kubernetes/pull/101711), [@hbagdi](https://github.com/hbagdi)) -- The `LogarithmicScaleDown` feature graduates to Beta and enabled by default. ([#101767](https://github.com/kubernetes/kubernetes/pull/101767), [@damemi](https://github.com/damemi)) -- The `NamespaceDefaultLabelName` is promoted to GA in this release. All Namespace API objects have a `kubernetes.io/metadata.name` label matching their `metadata.name` field to allow selecting any `namespace` by its name using a label selector. ([#101342](https://github.com/kubernetes/kubernetes/pull/101342), [@rosenhouse](https://github.com/rosenhouse)) -- The `ServiceInternalTrafficPolicy` feature graduates to Beta and enable by default, which enables the `internalTrafficPolicy` field of Service by default. ([#103462](https://github.com/kubernetes/kubernetes/pull/103462), [@andrewsykim](https://github.com/andrewsykim)) -- The `ServiceLBNodePortControl` graduates to Beta and is enabled by default. ([#100412](https://github.com/kubernetes/kubernetes/pull/100412), [@hanlins](https://github.com/hanlins)) -- The `SetHostnameAsFQDN` graduates to GA and thus will be unconditionally disabled. ([#101294](https://github.com/kubernetes/kubernetes/pull/101294), [@javidiaz](https://github.com/javidiaz)) -- The `WarningHeader` feature is now GA and is unconditionally enabled. The `apiserver_requested_deprecated_apis` metric has graduated to stable status. The `WarningHeader` feature-gate is no longer operative and will be removed in v1.24. ([#100754](https://github.com/kubernetes/kubernetes/pull/100754), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Instrumentation and Testing] -- The `kubectl debug` is able to create ephemeral containers in pre-1.22 clusters with the `EphemeralContainers` feature enabled. Note that versions of kubectl prior to 1.22 are unable to create ephemeral containers in clusters version 1.22 and greater due to an API change. ([#103292](https://github.com/kubernetes/kubernetes/pull/103292), [@verb](https://github.com/verb)) -- The client-go credential plugins are now GA and are enabled by default. ([#102890](https://github.com/kubernetes/kubernetes/pull/102890), [@ankeesler](https://github.com/ankeesler)) -- The feature gate `SSA` graduated to GA in v1.22 and therefore is unconditionally enabled. ([#100139](https://github.com/kubernetes/kubernetes/pull/100139), [@Jefftree](https://github.com/Jefftree)) -- The job controller removes running pods when the number of completions is achieved. ([#99963](https://github.com/kubernetes/kubernetes/pull/99963), [@alculquicondor](https://github.com/alculquicondor)) -- The kubeconfig is now exposed in `the kube-scheduler` framework handle. Out-of-tree plugins can leverage that to build CRD informers easily. ([#100644](https://github.com/kubernetes/kubernetes/pull/100644), [@Huang-Wei](https://github.com/Huang-Wei)) -- The new flag `--chunk-size=SIZE` for `kubectl drain` has been promoted to beta, and enabled by default. This flag may be used to alter the number of items or disable this feature when `0` is passed. ([#100148](https://github.com/kubernetes/kubernetes/pull/100148), [@KnVerey](https://github.com/KnVerey)) -- The new flag `--chunk-size=SIZE` has been added to `kubectl describe`. This flag may be used to alter the number of items or disable this feature when `0` is passed. ([#101171](https://github.com/kubernetes/kubernetes/pull/101171), [@KnVerey](https://github.com/KnVerey)) -- The pod resource API will provide memory manager metrics in the case when the memory manager feature gate is enabled, and the memory manager policy is static. ([#101030](https://github.com/kubernetes/kubernetes/pull/101030), [@cynepco3hahue](https://github.com/cynepco3hahue)) -- The prefer nominated node graduates to Beta and enabld by default. ([#102201](https://github.com/kubernetes/kubernetes/pull/102201), [@chendave](https://github.com/chendave)) -- Update etcd version to 3.5.0-beta.3. ([#102062](https://github.com/kubernetes/kubernetes/pull/102062), [@serathius](https://github.com/serathius)) -- Update the Debian images to pick up CVE fixes in the base images: - - Update the `debian-base` image to v1.7.0 - - Update the `debian-iptables` image to v1.6.1 ([#102302](https://github.com/kubernetes/kubernetes/pull/102302), [@xmudrii](https://github.com/xmudrii)) -- Update the setcap image to buster-v2.0.1. ([#102377](https://github.com/kubernetes/kubernetes/pull/102377), [@xmudrii](https://github.com/xmudrii)) -- Update the system-validators library to v1.5.0. Includes validation for `seccomp` and fixes a stdout/stderr problem in the Docker validator. ([#103390](https://github.com/kubernetes/kubernetes/pull/103390), [@ironyman](https://github.com/ironyman)) -- Updates the following images to pick up CVE fixes: - - `debian` to v1.8.0 - - `debian-iptables` to v1.6.5 - - `setcap` to v2.0.3 ([#103235](https://github.com/kubernetes/kubernetes/pull/103235), [@thejoycekung](https://github.com/thejoycekung)) [SIG API Machinery, Release and Testing] -- Warnings for the use of deprecated and known-bad values in pod specs are now sent. ([#101688](https://github.com/kubernetes/kubernetes/pull/101688), [@liggitt](https://github.com/liggitt)) -- Watch requests are now handled throttled by priority and fairness filter in `kube-apiserver`. ([#102171](https://github.com/kubernetes/kubernetes/pull/102171), [@wojtek-t](https://github.com/wojtek-t)) -- You can use this Builder function to create events Field Selector ([#101817](https://github.com/kubernetes/kubernetes/pull/101817), [@cndoit18](https://github.com/cndoit18)) [SIG API Machinery and Scalability] -- `Scheduler` now registers event handlers dynamically. ([#101394](https://github.com/kubernetes/kubernetes/pull/101394), [@Huang-Wei](https://github.com/Huang-Wei)) -- `kubectl`: Enable using protocol buffers to request Metrics API. ([#102039](https://github.com/kubernetes/kubernetes/pull/102039), [@serathius](https://github.com/serathius)) - -#### Documentation -- The command`kubectl debug` will now print a warning message when using the `--target` option since many container runtimes do not support this yet. ([#101074](https://github.com/kubernetes/kubernetes/pull/101074), [@verb](https://github.com/verb)) - -#### Failing Test -- Fixes hostpath storage e2e tests within SELinux enabled env (#105786, @Elbehery) [SIG Testing] -- Fixed generic ephemeal volumes with `OwnerReferencesPermissionEnforcement` admission plugin enabled. ([#101186](https://github.com/kubernetes/kubernetes/pull/101186), [@jsafrane](https://github.com/jsafrane)) -- Fixes `kubectl drain --dry-run=server`. ([#100206](https://github.com/kubernetes/kubernetes/pull/100206), [@KnVerey](https://github.com/KnVerey)) -- Fixes an overly restrictive conformance test to accept service account tokens signed by an ECDSA key ([#100680](https://github.com/kubernetes/kubernetes/pull/100680), [@smira](https://github.com/smira)) [SIG Architecture, Auth and Testing] -- Fixes the `should receive events on concurrent watches in same order` conformance test to work properly on clusters that auto-create additional configmaps in namespaces. ([#101950](https://github.com/kubernetes/kubernetes/pull/101950), [@liggitt](https://github.com/liggitt)) -- Resolves an issue with the "ServiceAccountIssuerDiscovery should support OIDC discovery" conformance test failing on clusters which are configured with issuers outside the cluster ([#101589](https://github.com/kubernetes/kubernetes/pull/101589), [@mtaufen](https://github.com/mtaufen)) [SIG Auth and Testing] - - -#### Bug or Regression -- A pod that the Kubelet rejects was still considered as being accepted for a brief period of time after rejection, which might cause some pods to be rejected briefly that could fit on the node. A pod that is still terminating (but has status indicating it has failed) may also still be consuming resources and so should also be considered. ([#104918](https://github.com/kubernetes/kubernetes/pull/104918), [@ehashman](https://github.com/ehashman)) [SIG Node] -- Fix: skip instance not found when decoupling vmss from lb ([#105836](https://github.com/kubernetes/kubernetes/pull/105836), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Kubeadm: allow the "certs check-expiration" command to not require the existence of the cluster CA key (ca.key file) when checking the expiration of managed certificates in kubeconfig files. ([#106930](https://github.com/kubernetes/kubernetes/pull/106930), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: during execution of the "check expiration" command, treat the etcd CA as external if there is a missing etcd CA key file (etcd/ca.key) and perform the proper validation on certificates signed by the etcd CA. Additionally, make sure that the CA for all entries in the output table is included - for both certificates on disk and in kubeconfig files. ([#106925](https://github.com/kubernetes/kubernetes/pull/106925), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Respect grace period when updating static pods. ([#106394](https://github.com/kubernetes/kubernetes/pull/106394), [@gjkim42](https://github.com/gjkim42)) [SIG Node and Testing] -- Reverts graceful node shutdown to match 1.21 behavior of setting pods that have not yet successfully completed to "Failed" phase if the GracefulNodeShutdown feature is enabled in kubelet. The GracefulNodeShutdown feature is beta and must be explicitly configured via kubelet config to be enabled in 1.21+. This changes 1.22 and 1.23 behavior on node shutdown to match 1.21. If you do not want pods to be marked terminated on node shutdown in 1.22 and 1.23, disable the GracefulNodeShutdown feature. ([#106899](https://github.com/kubernetes/kubernetes/pull/106899), [@bobbypage](https://github.com/bobbypage)) [SIG Node] -- Scheduler's assumed pods have 2min instead of 30s to receive nodeName pod updates ([#106633](https://github.com/kubernetes/kubernetes/pull/106633), [@ahg-g](https://github.com/ahg-g)) [SIG Scheduling] -- EndpointSlice Mirroring controller now cleans up managed EndpointSlices when a Service selector is added (#106132, @robscott) [SIG Apps, Network and Testing] -- Fix a bug that `--disabled-metrics` doesn't function well. (#105793, @Huang-Wei) [SIG API Machinery, Cluster Lifecycle and Instrumentation] -- Fix a panic in kubectl when creating secrets with an improper output type (#106356, @lauchokyip) [SIG CLI] -- Fix concurrent map access causing panics when logging timed-out API calls. (#106112, @marseel) [SIG API Machinery] -- Fix kube-proxy regression on UDP services because the logic to detect stale connections was not considering if the endpoint was ready. (#106239, @aojea) [SIG Network and Testing] -- Fix scoring for NodeResourcesBalancedAllocation plugins when nodes have containers with no requests. (#106081, @ahmad-diaa) [SIG Scheduling] -- Support more than 100 disk mounts on Windows (#105673, @andyzhangx) [SIG Storage and Windows] -- The --leader-elect* CLI args are now honored correctly in scheduler. (#106130, @Huang-Wei) [SIG Scheduling] -- The kube-proxy sync_proxy_rules_iptables_total metric now gives - the correct number of rules, rather than being off by one. - - Fixed multiple iptables proxy regressions introduced in 1.22: - - - When using Services with SessionAffinity, client affinity for an - endpoint now gets broken when that endpoint becomes non-ready - (rather than continuing until the endpoint is fully deleted). - - - Traffic to a service IP now starts getting rejected (as opposed to - merely dropped) as soon as there are no longer any *usable* - endpoints, rather than waiting until all of the terminating - endpoints have terminated even when those terminating endpoints - were not being used. - - - Chains for endpoints that won't be used are no longer output to - iptables, saving a bit of memory/time/cpu. (#106373, @aojea) [SIG Network] -- Watch requests that are delegated to aggregated apiservers no longer reserve concurrency units (seats) in the API Priority and Fairness dispatcher for their entire duration. (#105827, @benluddy) [SIG API Machinery] -- Fix Job tracking with finalizers for more than 500 pods, ensuring all finalizers are removed before counting the Pod. ([#104876](https://github.com/kubernetes/kubernetes/pull/104876), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps] -- Fix: skip case sensitivity when checking Azure NSG rules - fix: ensure InstanceShutdownByProviderID return false for creating Azure VMs ([#104446](https://github.com/kubernetes/kubernetes/pull/104446), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Fixed occasional pod cgroup freeze when using cgroup v1 and systemd driver. ([#104529](https://github.com/kubernetes/kubernetes/pull/104529), [@kolyshkin](https://github.com/kolyshkin)) [SIG Node] -- Fixes a regression that could cause panics in LRU caches in controller-manager, kubelet, kube-apiserver, or client-go EventSourceObjectSpamFilter ([#104469](https://github.com/kubernetes/kubernetes/pull/104469), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage] -- When using `kubectl replace` (or the equivalent API call) on a Service, the caller no longer needs to do a read-modify-write cycle to fetch the allocated values for `.spec.clusterIP` and `.spec.ports[].nodePort`. Instead the API server will automatically carry these forward from the original object when the new object does not specify them. ([#104672](https://github.com/kubernetes/kubernetes/pull/104672), [@thockin](https://github.com/thockin)) [SIG Network] -- Fix kube-apiserver metric reporting for the deprecated watch path of /api//watch/... ([#104188](https://github.com/kubernetes/kubernetes/pull/104188), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery and Instrumentation] -- Kube-proxy: delete stale conntrack UDP entries for loadbalancer ingress IP. ([#104009](https://github.com/kubernetes/kubernetes/pull/104009), [@aojea](https://github.com/aojea)) [SIG Network] -- Pass additional flags to subpath mount to avoid flakes in certain conditions ([#104346](https://github.com/kubernetes/kubernetes/pull/104346), [@mauriciopoppe](https://github.com/mauriciopoppe)) [SIG Storage] -- Added jitter factor to lease controller that better smears load on kube-apiserver over time. ([#101652](https://github.com/kubernetes/kubernetes/pull/101652), [@marseel](https://github.com/marseel)) [SIG API Machinery and Scalability] -- Added privileges for `EndpointSlice` to the default view & edit RBAC roles. ([#101203](https://github.com/kubernetes/kubernetes/pull/101203), [@mtougeron](https://github.com/mtougeron)) -- After DBus restarts, make `GracefulNodeShutdown` work again ([#100369](https://github.com/kubernetes/kubernetes/pull/100369), [@wzshiming](https://github.com/wzshiming)) -- Aggregate errors when putting vmss. ([#98350](https://github.com/kubernetes/kubernetes/pull/98350), [@nilo19](https://github.com/nilo19)) -- Aggregate write permissions on events to users with edit and admin role. ([#102858](https://github.com/kubernetes/kubernetes/pull/102858), [@tumido](https://github.com/tumido)) -- Aggregated roles no longer include write access to `EndpointSlices`. This rolls back part of a change that was introduced earlier in the Kubernetes 1.22 cycle. ([#103703](https://github.com/kubernetes/kubernetes/pull/103703), [@robscott](https://github.com/robscott)) -- Applying fix for not deleting existing public IP when a service is deleted in Azure. ([#100694](https://github.com/kubernetes/kubernetes/pull/100694), [@nilo19](https://github.com/nilo19)) -- Applying fix for not tagging static public IP. ([#101752](https://github.com/kubernetes/kubernetes/pull/101752), [@nilo19](https://github.com/nilo19)) -- Applying fix so that deleting non-existing disk returns success. ([#102083](https://github.com/kubernetes/kubernetes/pull/102083), [@andyzhangx](https://github.com/andyzhangx)) -- Applying fix: cleanup outdated routes. ([#102935](https://github.com/kubernetes/kubernetes/pull/102935), [@nilo19](https://github.com/nilo19)) -- Avoid caching the Azure VMSS instances whose network profile is nil ([#100948](https://github.com/kubernetes/kubernetes/pull/100948), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Azure: Avoid setting cached Sku when updating VMSS and VMSS instances. ([#102005](https://github.com/kubernetes/kubernetes/pull/102005), [@feiskyer](https://github.com/feiskyer)) -- Azurefile: Normalize share name to not include the capital letters ([#100731](https://github.com/kubernetes/kubernetes/pull/100731), [@kassarl](https://github.com/kassarl)) -- Chain the field manager creation calls in `newDefaultFieldManager` to be explicit about the order of operations. ([#101076](https://github.com/kubernetes/kubernetes/pull/101076), [@kevindelgado](https://github.com/kevindelgado)) -- Disruption controller shouldn't error while syncing for unmanaged pods. ([#103414](https://github.com/kubernetes/kubernetes/pull/103414), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Apps and Testing] -- Ensure service is deleted when the Azure resource group has been deleted. ([#100944](https://github.com/kubernetes/kubernetes/pull/100944), [@feiskyer](https://github.com/feiskyer)) -- Ensures `ExecProbeTimeout=false` kubelet feature gate with dockershim is taken into account, when the exec probe takes longer than `timeoutSeconds` configuration. ([#100200](https://github.com/kubernetes/kubernetes/pull/100200), [@jackfrancis](https://github.com/jackfrancis)) -- Expose `rest_client_rate_limiter_duration_seconds` metric to component-base to track client side rate limiter latency in seconds. Broken down by verb and URL. ([#100311](https://github.com/kubernetes/kubernetes/pull/100311), [@IonutBajescu](https://github.com/IonutBajescu)) [SIG API Machinery, Cluster Lifecycle and Instrumentation] -- Fire an event when failing to open `NodePort`. ([#100599](https://github.com/kubernetes/kubernetes/pull/100599), [@masap](https://github.com/masap)) -- Fix Azure node public IP fetching issues from instance metadata service when the node is part of standard load balancer backend pool. ([#100690](https://github.com/kubernetes/kubernetes/pull/100690), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Fix `EndpointSlice` describe panic when an Endpoint doesn't have zone. ([#101025](https://github.com/kubernetes/kubernetes/pull/101025), [@tnqn](https://github.com/tnqn)) -- Fix `kubectl set env` or `resources` not working for initcontainers. ([#101669](https://github.com/kubernetes/kubernetes/pull/101669), [@carlory](https://github.com/carlory)) -- Fix `kubectl` alpha debug node does not work on tainted(NoExecute) nodes and tolerate everything. ([#98431](https://github.com/kubernetes/kubernetes/pull/98431), [@wawa0210](https://github.com/wawa0210)) -- Fix a bug on the `endpointslicemirroring` controller where endpoint `NotReadyAddresses` were mirrored as Ready to the corresponding `EndpointSlice`. ([#102683](https://github.com/kubernetes/kubernetes/pull/102683), [@aojea](https://github.com/aojea)) -- Fix a bug that a preemptor pod may exist as a phantom in the scheduler. ([#102498](https://github.com/kubernetes/kubernetes/pull/102498), [@Huang-Wei](https://github.com/Huang-Wei)) -- Fix a number of race conditions in the kubelet when pods are starting up or shutting down that might cause pods to take a long time to shut down. ([#102344](https://github.com/kubernetes/kubernetes/pull/102344), [@smarterclayton](https://github.com/smarterclayton)) [SIG Apps, Node, Storage and Testing] -- Fix an issue with `kubectl` on certain older version of Windows or when legacy console mode is enabled on Windows 8 which causes `kubectl exec` to crash. ([#102825](https://github.com/kubernetes/kubernetes/pull/102825), [@n4j](https://github.com/n4j)) -- Fix availability set cache in vmss cache ([#100110](https://github.com/kubernetes/kubernetes/pull/100110), [@CecileRobertMichon](https://github.com/CecileRobertMichon)) [SIG Cloud Provider] -- Fix how nulls are handled in array and objects in [json patches](https://github.com/evanphx/json-patch). ([#102467](https://github.com/kubernetes/kubernetes/pull/102467), [@pacoxu](https://github.com/pacoxu)) -- Fix panic when `kubectl create ingress` has annotation flag and an empty value set. ([#101377](https://github.com/kubernetes/kubernetes/pull/101377), [@rikatz](https://github.com/rikatz)) -- Fix performance regression for update and apply operations on large CRDs. ([#103318](https://github.com/kubernetes/kubernetes/pull/103318), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage] -- Fix raw block mode CSI `NodePublishVolume` stage miss pod info. ([#99069](https://github.com/kubernetes/kubernetes/pull/99069), [@phantooom](https://github.com/phantooom)) -- Fix resource enforcement when using systemd cgroup driver ([#102147](https://github.com/kubernetes/kubernetes/pull/102147), [@kolyshkin](https://github.com/kolyshkin)) -- Fix rounding of volume storage requests. ([#100100](https://github.com/kubernetes/kubernetes/pull/100100), [@maxlaverse](https://github.com/maxlaverse)) -- Fix runtime container status for `PostStart` hook error. ([#100608](https://github.com/kubernetes/kubernetes/pull/100608), [@pacoxu](https://github.com/pacoxu)) -- Fix scoring for `NodeResourcesMostAllocated` and `NodeResourcesBalancedAllocation` plugins when nodes have containers with no requests. This was leaving to under-utilization of small nodes. ([#102925](https://github.com/kubernetes/kubernetes/pull/102925), [@alculquicondor](https://github.com/alculquicondor)) -- Fix the code is leaking the defaulting between unrelated pod instances. ([#103284](https://github.com/kubernetes/kubernetes/pull/103284), [@kebe7jun](https://github.com/kebe7jun)) [SIG CLI] -- Fix winkernel kube-proxy to only use dual stack when host and networking supports it ([#101047](https://github.com/kubernetes/kubernetes/pull/101047), [@jsturtevant](https://github.com/jsturtevant)) [SIG Network and Windows] -- Fix: Azure file inline volume namespace issue in CSI migration translation ([#101235](https://github.com/kubernetes/kubernetes/pull/101235), [@andyzhangx](https://github.com/andyzhangx)) -- Fix: Bug in `kube-proxy` latency metrics to calculate only the latency value for the `Endpoints` that are created after it starts running. This is needed because all the `Endpoints` objects are processed on restarts, independently when they were. ([#100861](https://github.com/kubernetes/kubernetes/pull/100861), [@aojea](https://github.com/aojea)) -- Fix: avoid nil-pointer panic when checking the frontend IP configuration ([#101739](https://github.com/kubernetes/kubernetes/pull/101739), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix: display of Job completion mode in `kubectl describe`. ([#101160](https://github.com/kubernetes/kubernetes/pull/101160), [@alculquicondor](https://github.com/alculquicondor)) -- Fix: return empty VMAS name if using standalone VM ([#103470](https://github.com/kubernetes/kubernetes/pull/103470), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix: set "host is down" as corrupted mount. When SMB server is down, there is no way to terminate pod which is using SMB mount, would get an error. ([#101398](https://github.com/kubernetes/kubernetes/pull/101398), [@andyzhangx](https://github.com/andyzhangx)) -- Fix: using NVMe AWS EBS volumes partitions. ([#100500](https://github.com/kubernetes/kubernetes/pull/100500), [@jsafrane](https://github.com/jsafrane)) -- Fixed 'kubelet' runtime panic for timed-out portforward streams. ([#102489](https://github.com/kubernetes/kubernetes/pull/102489), [@saschagrunert](https://github.com/saschagrunert)) -- Fixed SELinux relabeling of CSI volumes after CSI driver failure. ([#103154](https://github.com/kubernetes/kubernetes/pull/103154), [@jsafrane](https://github.com/jsafrane)) [SIG Node and Storage] -- Fixed `garbage collection` of dangling `VolumeAttachments` for `PersistentVolumes` migrated to CSI on startup of `kube-controller-manager`. ([#102176](https://github.com/kubernetes/kubernetes/pull/102176), [@timebertt](https://github.com/timebertt)) -- Fixed `port-forward` memory leak for long-running and heavily used connections. ([#99839](https://github.com/kubernetes/kubernetes/pull/99839), [@saschagrunert](https://github.com/saschagrunert)) -- Fixed a bug due to which the controller was not populating the `lastSuccessfulTime` field added to `cronjob.status` in `batch/v1`. ([#102642](https://github.com/kubernetes/kubernetes/pull/102642), [@alaypatel07](https://github.com/alaypatel07)) -- Fixed a bug that `kubectl create configmap` always returns zero exit code when failed. ([#101780](https://github.com/kubernetes/kubernetes/pull/101780), [@nak3](https://github.com/nak3)) [SIG CLI] -- Fixed a bug that scheduler extenders are not called on preemptions. ([#103019](https://github.com/kubernetes/kubernetes/pull/103019), [@ordovicia](https://github.com/ordovicia)) -- Fixed a bug where `startupProbe` stopped working after a container's first restart. ([#101093](https://github.com/kubernetes/kubernetes/pull/101093), [@wzshiming](https://github.com/wzshiming)) -- Fixed an issue blocking azure auth to prompt to device code authentication flow when refresh token expires. ([#102063](https://github.com/kubernetes/kubernetes/pull/102063), [@tdihp](https://github.com/tdihp)) -- Fixed false-positive uncertain volume attachments, which led to unexpected detachment of CSI migrated volumes ([#101737](https://github.com/kubernetes/kubernetes/pull/101737), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Apps and Storage] -- Fixed mounting of NFS volumes when IPv6 address is used as a server. ([#101067](https://github.com/kubernetes/kubernetes/pull/101067), [@Elbehery](https://github.com/Elbehery)) [SIG Storage] -- Fixed starting new pods after previous pod timed out unmounting its volumes. ([#100183](https://github.com/kubernetes/kubernetes/pull/100183), [@jsafrane](https://github.com/jsafrane)) -- Fixed very rare volume corruption when a pod is deleted while kubelet is offline. ([#102059](https://github.com/kubernetes/kubernetes/pull/102059), [@jsafrane](https://github.com/jsafrane)) -- Fixes a data race issue in the priority and fairness API server filter. ([#100638](https://github.com/kubernetes/kubernetes/pull/100638), [@tkashem](https://github.com/tkashem)) -- Fixes issue with websocket-based watches of Service objects not closing correctly on timeout. ([#102539](https://github.com/kubernetes/kubernetes/pull/102539), [@liggitt](https://github.com/liggitt)) -- For `kubeadm`: support for custom imagetags for etcd images which contain build metadata, when imagetags are in the form of version_metadata. For instance, if the etcd version is v3.4.13+patch.0, the supported imagetag would be v3.4.13_patch.0 ([#100350](https://github.com/kubernetes/kubernetes/pull/100350), [@jr0d](https://github.com/jr0d)) -- For vSphere: fix regression during attach disk if datastore is within a storage folder or datastore cluster. ([#102892](https://github.com/kubernetes/kubernetes/pull/102892), [@gnufied](https://github.com/gnufied)) -- GCE Windows clusters have their TCP/IP parameters are set to GCE's recommended values. ([#103057](https://github.com/kubernetes/kubernetes/pull/103057), [@jeremyje](https://github.com/jeremyje)) [SIG Cloud Provider and Windows] -- GCE Windows will no longer install Docker on containerd nodes. ([#101747](https://github.com/kubernetes/kubernetes/pull/101747), [@jeremyje](https://github.com/jeremyje)) [SIG Cloud Provider and Windows] -- Generated OpenAPI now correctly specifies 201 as a possible response code for PATCH operations. ([#100141](https://github.com/kubernetes/kubernetes/pull/100141), [@brendandburns](https://github.com/brendandburns)) -- Graceful termination will now be honored when deleting a collection of pods. ([#100101](https://github.com/kubernetes/kubernetes/pull/100101), [@deads2k](https://github.com/deads2k)) -- If `kube-proxy` mode is userspace do not enable `EndpointSlices`. ([#100913](https://github.com/kubernetes/kubernetes/pull/100913), [@JornShen](https://github.com/JornShen)) -- Kubeadm: allow passing the flag `--log-file` if `--config` is passed. If you wish to log to a file you must also pass `--logtostderr=false` or `--alsologtostderr=true`. Alternatively you can pipe to a file using "kubeadm ... | tee ...". ([#101449](https://github.com/kubernetes/kubernetes/pull/101449), [@CaoDonghui123](https://github.com/CaoDonghui123)) -- Kubeadm: enable `--experimental-patches` flag for `kubeadm join phase control-plane-join all` command. ([#101110](https://github.com/kubernetes/kubernetes/pull/101110), [@SataQiu](https://github.com/SataQiu)) -- Kubeadm: fix a bug where `kubeadm join` for control plane nodes would download certificates and keys from the cluster, but would not write publicly readable certificates and public keys with mode `0644` and instead use mode `0600`. ([#103313](https://github.com/kubernetes/kubernetes/pull/103313), [@neolit123](https://github.com/neolit123)) -- Kubeadm: fix the bug that `kubeadm` only uses the first hash in `caCertHashes` to verify the root CA. ([#101977](https://github.com/kubernetes/kubernetes/pull/101977), [@SataQiu](https://github.com/SataQiu)) -- Kubeadm: remove the "ephemeral_storage" request from the etcd static pod that kubeadm deploys on stacked etcd control plane nodes. This request has caused sporadic failures on some setups due to a problem in the kubelet with cadvisor and the LocalStorageCapacityIsolation feature gate. See this issue for more details: https://github.com/kubernetes/kubernetes/issues/99305 ([#102673](https://github.com/kubernetes/kubernetes/pull/102673), [@jackfrancis](https://github.com/jackfrancis)) [SIG Cluster Lifecycle] -- Kubeadm: when using a custom image repository for CoreDNS kubeadm now will append the `coredns` image name instead of `coredns/coredns`, thus restoring the behaviour existing before the v1.21 release. Users who rely on nested folder for the coredns image should set the `clusterConfiguration.dns.imageRepository` value including the nested path name (e.g using `registry.company.xyz/coredns` will force kubeadm to use `registry.company.xyz/coredns/coredns` image). No action is needed if using the default registry (k8s.gcr.io). ([#102502](https://github.com/kubernetes/kubernetes/pull/102502), [@ykakarap](https://github.com/ykakarap)) -- Kubelet: improve the performance when waiting for a synchronization of the node list with the `kube-apiserver`. ([#99336](https://github.com/kubernetes/kubernetes/pull/99336), [@neolit123](https://github.com/neolit123)) -- Kubelet: the returned value for PodIPs is the same in the Downward API and in the `pod.status.PodIPs` field ([#103307](https://github.com/kubernetes/kubernetes/pull/103307), [@aojea](https://github.com/aojea)) -- Limit vSphere volume name to 63 characters long. ([#100404](https://github.com/kubernetes/kubernetes/pull/100404), [@gnufied](https://github.com/gnufied)) -- Logging for GCE Windows clusters will be more accurate and complete when using Fluent bit. ([#101271](https://github.com/kubernetes/kubernetes/pull/101271), [@jeremyje](https://github.com/jeremyje)) -- Metrics Server will use Addon Manager 1.8.3 ([#103541](https://github.com/kubernetes/kubernetes/pull/103541), [@jbartosik](https://github.com/jbartosik)) [SIG Cloud Provider and Instrumentation] -- Output for `kubectl describe podsecuritypolicy` is now kind specific and cleaner ([#101436](https://github.com/kubernetes/kubernetes/pull/101436), [@KnVerey](https://github.com/KnVerey)) -- Parsing of cpuset information now properly detects more invalid input such as `1--3` or `10-6`. ([#100565](https://github.com/kubernetes/kubernetes/pull/100565), [@lack](https://github.com/lack)) -- Pods that are known to the kubelet to have previously been Running should not revert to Pending state, the kubelet will now infer a termination. ([#102821](https://github.com/kubernetes/kubernetes/pull/102821), [@ehashman](https://github.com/ehashman)) -- Prevent Kubelet stuck in `DiskPressure` when `imagefs.minReclaim` is set ([#99095](https://github.com/kubernetes/kubernetes/pull/99095), [@maxlaverse](https://github.com/maxlaverse)) -- Reduces delay initializing on non-AWS platforms docker runtime. ([#93260](https://github.com/kubernetes/kubernetes/pull/93260), [@nckturner](https://github.com/nckturner)) [SIG Cloud Provider] -- Register/Deregister Targets in chunks for AWS TargetGroup ([#101592](https://github.com/kubernetes/kubernetes/pull/101592), [@M00nF1sh](https://github.com/M00nF1sh)) [SIG Cloud Provider] -- Removed `/sbin/apparmor_parser` requirement for the AppArmor host validation. - This allows using AppArmor on distributions which ship the binary in a different path. ([#97968](https://github.com/kubernetes/kubernetes/pull/97968), [@saschagrunert](https://github.com/saschagrunert)) [SIG Node and Testing] -- Renames the timeout field for the `DelegatingAuthenticationOptions` to `TokenRequestTimeout` and set the timeout only for the token review client. Previously the timeout was also applied to watches making them reconnecting every 10 seconds. ([#100959](https://github.com/kubernetes/kubernetes/pull/100959), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- Reorganized iptables rules to reduce rules in `KUBE-SERVICES` and `KUBE-NODEPORTS`. ([#96959](https://github.com/kubernetes/kubernetes/pull/96959), [@tssurya](https://github.com/tssurya)) -- Respect annotation size limit for server-side apply updates to the client-side apply annotation. Also, fix opt-out of this behavior by setting the client-side apply annotation to the empty string. ([#102105](https://github.com/kubernetes/kubernetes/pull/102105), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG API Machinery] -- Retry `FibreChannel` devices cleanup after error to ensure `FibreChannel` device is detached before it can be used on another node. ([#101862](https://github.com/kubernetes/kubernetes/pull/101862), [@jsafrane](https://github.com/jsafrane)) -- Support correct sorting for cpu, memory, storage, ephemeral-storage, hugepages, and attachable-volumes. ([#100435](https://github.com/kubernetes/kubernetes/pull/100435), [@lauchokyip](https://github.com/lauchokyip)) -- Switch scheduler to generate the merge patch on pod status instead of the full pod ([#103133](https://github.com/kubernetes/kubernetes/pull/103133), [@marwanad](https://github.com/marwanad)) [SIG Scheduling] -- The `EndpointSlice` IP validation now matches `Endpoints` IP validation. ([#101084](https://github.com/kubernetes/kubernetes/pull/101084), [@robscott](https://github.com/robscott)) -- The `kube-apiserver` now reports the synthetic verb when logging requests, better explaining the user intent and matching what is reported in the metrics. ([#102934](https://github.com/kubernetes/kubernetes/pull/102934), [@lavalamp](https://github.com/lavalamp)) -- The `kube-controller-manager'` sets the upper-bound timeout limit for outgoing requests to 70s. Previously ([#99358](https://github.com/kubernetes/kubernetes/pull/99358), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- The `kube-proxy` log now shows the "Skipping topology aware endpoint filtering since no hints were provided for zone" warning under the right conditions. ([#101857](https://github.com/kubernetes/kubernetes/pull/101857), [@dervoeti](https://github.com/dervoeti)) -- The `kubectl create service` now respects the `namespace` flag. ([#101005](https://github.com/kubernetes/kubernetes/pull/101005), [@zxh326](https://github.com/zxh326)) -- The `kubectl get` now truncates multi-line strings to avoid breaking printing ([#103514](https://github.com/kubernetes/kubernetes/pull/103514), [@soltysh](https://github.com/soltysh)) -- The `kubectl wait --for=delete` command now ignores the not found error correctly. ([#96702](https://github.com/kubernetes/kubernetes/pull/96702), [@lingsamuel](https://github.com/lingsamuel)) -- The `kubelet` now reports distinguishes log messages about certificate rotation for its client cert and server cert separately to make debugging problems with one or the other easier. ([#101252](https://github.com/kubernetes/kubernetes/pull/101252), [@smarterclayton](https://github.com/smarterclayton)) -- The `serviceOwnsFrontendIP` shouldn't report error when the public IP doesn't match. ([#102516](https://github.com/kubernetes/kubernetes/pull/102516), [@nilo19](https://github.com/nilo19)) -- The `system:aggregate-to-edit` role no longer includes write access to the Endpoints API. For new Kubernetes 1.22 clusters, the `edit` and `admin` roles will no longer include that access in newly created Kubernetes 1.22 clusters. This will have no affect on existing clusters upgrading to Kubernetes 1.22. To retain write access to Endpoints in the aggregated `edit` and `admin` roles for newly created 1.22 clusters, refer to https://github.com/kubernetes/website/pull/29025. ([#103704](https://github.com/kubernetes/kubernetes/pull/103704), [@robscott](https://github.com/robscott)) [SIG Auth and Network] -- The conformance tests: - - Services should serve multiport endpoints from pods - - Services should serve a basic endpoint from pods - were only validating the API objects, not performing any validation on the actual Services implementation. - Those tests now validate that the Services under test are able to forward traffic to the endpoints. ([#101709](https://github.com/kubernetes/kubernetes/pull/101709), [@aojea](https://github.com/aojea)) [SIG Network and Testing] -- The current behavior for Services that `IPFamilyPolicy` set as `PreferDualstack`. The current behavior when the cluster is upgraded to dual-stack is: - - Services that have been set to IPFamilyPolicy = PreferDualstack will be upgraded when the service object is updated. e.g., when a user change a label. - - This behavior will change to: - - Services that have been set IPFamilyPolicy = PreferDualstack will not be upgraded when the service object is updated. User can still change policy, type etc and existing behaviors remain the same. ([#102898](https://github.com/kubernetes/kubernetes/pull/102898), [@khenidak](https://github.com/khenidak)) [SIG Network and Testing] -- The reason and message fields for pod status are no longer reset unless the phase also changes. ([#103785](https://github.com/kubernetes/kubernetes/pull/103785), [@smarterclayton](https://github.com/smarterclayton)) [SIG Node] -- Treat VSphere "File (vmdk path here) was not found" errors as success during volume deletion ([#92372](https://github.com/kubernetes/kubernetes/pull/92372), [@breunigs](https://github.com/breunigs)) [SIG Cloud Provider and Storage] -- Update `kube-proxy` base image `debian-iptables` to v1.6.2 to pickup [documentation](https://github.com/kubernetes/release/pull/2106) - \n"- `debian-iptables`: select nft mode if ntf lines > legacy lines, matching [iptables-wrappers](https://github.com/kubernetes-sigs/iptables-wrappers/)" ([#102590](https://github.com/kubernetes/kubernetes/pull/102590), [@BenTheElder](https://github.com/BenTheElder)) -- Update klog v2.9.0. ([#102332](https://github.com/kubernetes/kubernetes/pull/102332), [@pacoxu](https://github.com/pacoxu)) -- Updated the Graceful Node Shutdown Pod termination reason and message. - Updated the Graceful Node Shutdown Pod rejection reason and message. ([#102840](https://github.com/kubernetes/kubernetes/pull/102840), [@Kissy](https://github.com/Kissy)) -- Updates dependency `sigs.k8s.io/structured-merge-diff` to v4.1.1. ([#100784](https://github.com/kubernetes/kubernetes/pull/100784), [@kevindelgado](https://github.com/kevindelgado)) -- Updates hostprocess tests to specify user. ([#102965](https://github.com/kubernetes/kubernetes/pull/102965), [@jsturtevant](https://github.com/jsturtevant)) -- Upgrades functionality of `kubectl kustomize` as described at - https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.2.0 ([#103419](https://github.com/kubernetes/kubernetes/pull/103419), [@natasha41575](https://github.com/natasha41575)) [SIG CLI] -- Upgrades functionality of `kubectl kustomize` as described at [kustomize/v4.1.2](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.1.2) ([#101120](https://github.com/kubernetes/kubernetes/pull/101120), [@monopole](https://github.com/monopole)) -- Upgrading etcd: `kubeadm` upgrade etcd to 3.4.13-3 ([#100612](https://github.com/kubernetes/kubernetes/pull/100612), [@pacoxu](https://github.com/pacoxu)) -- Use default timeout of 10s for Azure ACR credential provider. ([#100686](https://github.com/kubernetes/kubernetes/pull/100686), [@hasheddan](https://github.com/hasheddan)) [SIG Cloud Provider] -- We no longer allow the cluster operator to delete any suggested priority & fairness bootstrap configuration object. If a cluster operator removes a suggested configuration, it will be restored by the apiserver. ([#102067](https://github.com/kubernetes/kubernetes/pull/102067), [@tkashem](https://github.com/tkashem)) -- When `DisableAcceleratorUsageMetrics` is set, do not collect accelerator metrics using cAdvisor. ([#101712](https://github.com/kubernetes/kubernetes/pull/101712), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) [SIG Instrumentation and Node] -- YAML documents separators ("---") can now be followed by whitespace and comments ("# ....") on the same line. This fixes a bug where documents starting with a comment after the separator were ignored. Other types of content on the same line will result in an error. ([#103457](https://github.com/kubernetes/kubernetes/pull/103457), [@codearky](https://github.com/codearky)) [SIG API Machinery] -- `oc describe quota` used has the same unit format as hard ([#102177](https://github.com/kubernetes/kubernetes/pull/102177), [@atiratree](https://github.com/atiratree)) [SIG CLI] - -#### Other (Cleanup or Flake) -- Kube-apiserver: sets an upper-bound on the lifetime of idle keep-alive connections and time to read the headers of incoming requests ([#103958](https://github.com/kubernetes/kubernetes/pull/103958), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Node] -- After the deprecation period,now the Kubelet's `--chaos-chance` flag are removed. ([#101057](https://github.com/kubernetes/kubernetes/pull/101057), [@wangyysde](https://github.com/wangyysde)) [SIG Node] -- Allow CSI drivers to just run offline expansion tests. ([#102665](https://github.com/kubernetes/kubernetes/pull/102665), [@gnufied](https://github.com/gnufied)) -- Changed buildmode of non static Kubernetes binaries to produce position independent executables (PIE). ([#102323](https://github.com/kubernetes/kubernetes/pull/102323), [@saschagrunert](https://github.com/saschagrunert)) -- Clarified the description of a test in the e2e suite that mentions "SCTP" but is - actually intended to be testing the behavior of network plugins that don't - implement SCTP. ([#102509](https://github.com/kubernetes/kubernetes/pull/102509), [@danwinship](https://github.com/danwinship)) -- Client-go: reduce verbosity of `Starting/Stopping reflector` messages to 3 again. ([#102788](https://github.com/kubernetes/kubernetes/pull/102788), [@pohly](https://github.com/pohly)) -- Disable log sampling when using json logging format. ([#102620](https://github.com/kubernetes/kubernetes/pull/102620), [@serathius](https://github.com/serathius)) -- Exposes `WithCustomRoundTripper` method for specifying a middleware function for custom HTTP behaviour for the delegated auth clients. ([#99775](https://github.com/kubernetes/kubernetes/pull/99775), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- Fake clients now implement a `FakeClient` interface ([#100940](https://github.com/kubernetes/kubernetes/pull/100940), [@markusthoemmes](https://github.com/markusthoemmes)) [SIG API Machinery and Instrumentation] -- Featuregate `ServiceLoadBalancerClass` graduates to Beta and is enables by default. ([#103129](https://github.com/kubernetes/kubernetes/pull/103129), [@XudongLiuHarold](https://github.com/XudongLiuHarold)) -- Improve func `ToSelectableFields`' performance for event. ([#102461](https://github.com/kubernetes/kubernetes/pull/102461), [@goodluckbot](https://github.com/goodluckbot)) -- Increased `CSINodeIDMaxLength` from 128 bytes to 192 bytes. Prepare to increase the length limit to 256 bytes in 1.23 release. ([#101256](https://github.com/kubernetes/kubernetes/pull/101256), [@Jiawei0227](https://github.com/Jiawei0227)) -- JSON logging now supports having information about source code location in the logging format, source code information is available under the key "caller". ([#102437](https://github.com/kubernetes/kubernetes/pull/102437), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) -- Kubeadm: move the BootstrapToken* API and related utilities from v1beta3 to a separate API group/version - bootstraptoken/v1. ([#102964](https://github.com/kubernetes/kubernetes/pull/102964), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: the `CriticalAddonsOnly` toleration has been removed from `kube-proxy` DaemonSet ([#101966](https://github.com/kubernetes/kubernetes/pull/101966), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Metrics Server updated to use `0.4.4` image that doesn't depend on deprecated `authorization.k8s.io/v1beta1` subjectaccessreviews API version. ([#101477](https://github.com/kubernetes/kubernetes/pull/101477), [@x13n](https://github.com/x13n)) -- Migrate `proxy/ipvs/proxier.go` logs to structured logging. ([#97796](https://github.com/kubernetes/kubernetes/pull/97796), [@JornShen](https://github.com/JornShen)) -- Migrate `staging/src/k8s.io/apiserver/pkg/registry` logs to structured logging. ([#98287](https://github.com/kubernetes/kubernetes/pull/98287), [@lala123912](https://github.com/lala123912)) -- Migrate some log messages to structured logging in `pkg/volume/plugins.go`. ([#101510](https://github.com/kubernetes/kubernetes/pull/101510), [@huchengze](https://github.com/huchengze)) -- Migrate some log messages to structured logging in `pkg/volume/volume_linux.go`. ([#99566](https://github.com/kubernetes/kubernetes/pull/99566), [@huchengze](https://github.com/huchengze)) -- Official binaries now include the golang generated build ID `buildid` instead of an empty string. ([#101411](https://github.com/kubernetes/kubernetes/pull/101411), [@saschagrunert](https://github.com/saschagrunert)) -- Remove balanced attached node volumes feature. ([#102443](https://github.com/kubernetes/kubernetes/pull/102443), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Remove deprecated `--generator` flag from `kubectl autoscale`. ([#99900](https://github.com/kubernetes/kubernetes/pull/99900), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) -- Remove the deprecated flag `--generator` from `kubectl create deployment` command. ([#99915](https://github.com/kubernetes/kubernetes/pull/99915), [@BLasan](https://github.com/BLasan)) -- Remove the duplicate packet import. ([#101187](https://github.com/kubernetes/kubernetes/pull/101187), [@chuntaochen](https://github.com/chuntaochen)) -- Replace `go-bindata` with `//go:embed`. ([#99829](https://github.com/kubernetes/kubernetes/pull/99829), [@palnabarun](https://github.com/palnabarun)) -- The `DynamicFakeClient` now exposes its tracker via a `Tracker()` function. ([#100085](https://github.com/kubernetes/kubernetes/pull/100085), [@markusthoemmes](https://github.com/markusthoemmes)) -- The `VolumeSnapshotDataSource` feature gate that is GA since v1.20 is unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#101531](https://github.com/kubernetes/kubernetes/pull/101531), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Storage] -- The deprecated `CRIContainerLogRotation` feature-gate has been removed, since the `CRIContainerLogRotation` feature graduated to GA in 1.21 and was unconditionally enabled. ([#101578](https://github.com/kubernetes/kubernetes/pull/101578), [@carlory](https://github.com/carlory)) -- The deprecated `RootCAConfigMap` feature-gate has been removed, since the `RootCAConfigMap` feature graduated to GA in 1.21 and is unconditionally enabled. ([#101579](https://github.com/kubernetes/kubernetes/pull/101579), [@carlory](https://github.com/carlory)) -- The deprecated `runAsGroup` feature-gate has been removed, since the `runAsGroup` feature graduated to GA in 1.21. ([#101581](https://github.com/kubernetes/kubernetes/pull/101581), [@carlory](https://github.com/carlory)) -- The etcd client has been updated to 3.5.0; `github.com/golang/protobuf`, `google.golang.org/protobuf`, and `google.golang.org/grpc` have been updated to current versions. ([#100488](https://github.com/kubernetes/kubernetes/pull/100488), [@liggitt](https://github.com/liggitt)) -- Update Azure Go SDK to v55.0.0. ([#102441](https://github.com/kubernetes/kubernetes/pull/102441), [@feiskyer](https://github.com/feiskyer)) -- Update Azure Go SDK version to v53.1.0 ([#101357](https://github.com/kubernetes/kubernetes/pull/101357), [@feiskyer](https://github.com/feiskyer)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle and Instrumentation] -- Update CNI plugins to v0.9.1. ([#102328](https://github.com/kubernetes/kubernetes/pull/102328), [@lentzi90](https://github.com/lentzi90)) -- Update Calico to v3.19.1. ([#102386](https://github.com/kubernetes/kubernetes/pull/102386), [@JornShen](https://github.com/JornShen)) -- Update cri-tools dependency to `v1.21.0`. ([#100956](https://github.com/kubernetes/kubernetes/pull/100956), [@saschagrunert](https://github.com/saschagrunert)) -- Update dep `google/gnostic` and `google/go-cmp` to v0.5.5 and updating transitive dependencies `protobuf`. ([#102783](https://github.com/kubernetes/kubernetes/pull/102783), [@mcbenjemaa](https://github.com/mcbenjemaa)) -- Update golang.org/x/net to v0.0.0-20210520170846-37e1c6afe023 ([#103176](https://github.com/kubernetes/kubernetes/pull/103176), [@CaoDonghui123](https://github.com/CaoDonghui123)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Node and Storage] -- Updated command descriptions and examples for grammar and punctuation consistency. ([#103524](https://github.com/kubernetes/kubernetes/pull/103524), [@bergerhoffer](https://github.com/bergerhoffer)) [SIG Auth and CLI] -- Updated pause image to version 3.5, which now runs per default as pseudo user and group `65535:65535`. This does not have any effect on remote container runtimes like CRI-O and containerd, which setup the pod sandbox user and group on their own. ([#100292](https://github.com/kubernetes/kubernetes/pull/100292), [@saschagrunert](https://github.com/saschagrunert)) -- Upgrade functionality of `kubectl kustomize` as described at [kustomize/v4.1.3](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.1.3). ([#102193](https://github.com/kubernetes/kubernetes/pull/102193), [@gautierdelorme](https://github.com/gautierdelorme)) - - -#### Dependencies -#### Added -- github.com/antihax/optional: [v1.0.0](https://github.com/antihax/optional/tree/v1.0.0) -- github.com/benbjohnson/clock: [v1.0.3](https://github.com/benbjohnson/clock/tree/v1.0.3) -- github.com/bits-and-blooms/bitset: [v1.2.0](https://github.com/bits-and-blooms/bitset/tree/v1.2.0) -- github.com/certifi/gocertifi: [2c3bb06](https://github.com/certifi/gocertifi/tree/2c3bb06) -- github.com/checkpoint-restore/go-criu/v5: [v5.0.0](https://github.com/checkpoint-restore/go-criu/v5/tree/v5.0.0) -- github.com/cncf/udpa/go: [5459f2c](https://github.com/cncf/udpa/go/tree/5459f2c) -- github.com/cockroachdb/errors: [v1.2.4](https://github.com/cockroachdb/errors/tree/v1.2.4) -- github.com/cockroachdb/logtags: [eb05cc2](https://github.com/cockroachdb/logtags/tree/eb05cc2) -- github.com/coredns/caddy: [v1.1.0](https://github.com/coredns/caddy/tree/v1.1.0) -- github.com/felixge/httpsnoop: [v1.0.1](https://github.com/felixge/httpsnoop/tree/v1.0.1) -- github.com/frankban/quicktest: [v1.11.3](https://github.com/frankban/quicktest/tree/v1.11.3) -- github.com/getsentry/raven-go: [v0.2.0](https://github.com/getsentry/raven-go/tree/v0.2.0) -- github.com/go-kit/log: [v0.1.0](https://github.com/go-kit/log/tree/v0.1.0) -- github.com/gofrs/uuid: [v4.0.0+incompatible](https://github.com/gofrs/uuid/tree/v4.0.0) -- github.com/josharian/intern: [v1.0.0](https://github.com/josharian/intern/tree/v1.0.0) -- github.com/jpillora/backoff: [v1.0.0](https://github.com/jpillora/backoff/tree/v1.0.0) -- github.com/nxadm/tail: [v1.4.4](https://github.com/nxadm/tail/tree/v1.4.4) -- github.com/opentracing/opentracing-go: [v1.1.0](https://github.com/opentracing/opentracing-go/tree/v1.1.0) -- github.com/robfig/cron/v3: [v3.0.1](https://github.com/robfig/cron/v3/tree/v3.0.1) -- github.com/stoewer/go-strcase: [v1.2.0](https://github.com/stoewer/go-strcase/tree/v1.2.0) -- go.etcd.io/etcd/api/v3: v3.5.0 -- go.etcd.io/etcd/client/pkg/v3: v3.5.0 -- go.etcd.io/etcd/client/v2: v2.305.0 -- go.etcd.io/etcd/client/v3: v3.5.0 -- go.etcd.io/etcd/pkg/v3: v3.5.0 -- go.etcd.io/etcd/raft/v3: v3.5.0 -- go.etcd.io/etcd/server/v3: v3.5.0 -- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.20.0 -- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.20.0 -- go.opentelemetry.io/contrib: v0.20.0 -- go.opentelemetry.io/otel/exporters/otlp: v0.20.0 -- go.opentelemetry.io/otel/metric: v0.20.0 -- go.opentelemetry.io/otel/oteltest: v0.20.0 -- go.opentelemetry.io/otel/sdk/export/metric: v0.20.0 -- go.opentelemetry.io/otel/sdk/metric: v0.20.0 -- go.opentelemetry.io/otel/sdk: v0.20.0 -- go.opentelemetry.io/otel/trace: v0.20.0 -- go.opentelemetry.io/otel: v0.20.0 -- go.opentelemetry.io/proto/otlp: v0.7.0 -- go.uber.org/goleak: v1.1.10 -#### Changed -- golang.org/x/net: 37e1c6a → 491a49a -- github.com/opencontainers/runc: [v1.0.1 → v1.0.2](https://github.com/opencontainers/runc/compare/v1.0.1...v1.0.2) -- k8s.io/utils: 4b05e18 → bdf08cb -- github.com/Azure/azure-sdk-for-go: [v43.0.0+incompatible → v55.0.0+incompatible](https://github.com/Azure/azure-sdk-for-go/compare/v43.0.0...v55.0.0) -- github.com/Azure/go-ansiterm: [d6e3b33 → d185dfc](https://github.com/Azure/go-ansiterm/compare/d6e3b33...d185dfc) -- github.com/Azure/go-autorest/autorest/adal: [v0.9.5 → v0.9.13](https://github.com/Azure/go-autorest/autorest/adal/compare/v0.9.5...v0.9.13) -- github.com/Azure/go-autorest/autorest/to: [v0.2.0 → v0.4.0](https://github.com/Azure/go-autorest/autorest/to/compare/v0.2.0...v0.4.0) -- github.com/Azure/go-autorest/autorest: [v0.11.12 → v0.11.18](https://github.com/Azure/go-autorest/autorest/compare/v0.11.12...v0.11.18) -- github.com/Azure/go-autorest/logger: [v0.2.0 → v0.2.1](https://github.com/Azure/go-autorest/logger/compare/v0.2.0...v0.2.1) -- github.com/alecthomas/units: [c3de453 → f65c72e](https://github.com/alecthomas/units/compare/c3de453...f65c72e) -- github.com/auth0/go-jwt-middleware: [5493cab → v1.0.1](https://github.com/auth0/go-jwt-middleware/compare/5493cab...v1.0.1) -- github.com/aws/aws-sdk-go: [v1.35.24 → v1.38.49](https://github.com/aws/aws-sdk-go/compare/v1.35.24...v1.38.49) -- github.com/cilium/ebpf: [v0.2.0 → v0.6.2](https://github.com/cilium/ebpf/compare/v0.2.0...v0.6.2) -- github.com/cockroachdb/datadriven: [80d97fb → bf6692d](https://github.com/cockroachdb/datadriven/compare/80d97fb...bf6692d) -- github.com/container-storage-interface/spec: [v1.3.0 → v1.5.0](https://github.com/container-storage-interface/spec/compare/v1.3.0...v1.5.0) -- github.com/containerd/console: [v1.0.1 → v1.0.2](https://github.com/containerd/console/compare/v1.0.1...v1.0.2) -- github.com/containernetworking/cni: [v0.8.0 → v0.8.1](https://github.com/containernetworking/cni/compare/v0.8.0...v0.8.1) -- github.com/coredns/corefile-migration: [v1.0.11 → v1.0.12](https://github.com/coredns/corefile-migration/compare/v1.0.11...v1.0.12) -- github.com/coreos/go-systemd/v22: [v22.1.0 → v22.3.2](https://github.com/coreos/go-systemd/v22/compare/v22.1.0...v22.3.2) -- github.com/envoyproxy/go-control-plane: [5f8ba28 → 668b12f](https://github.com/envoyproxy/go-control-plane/compare/5f8ba28...668b12f) -- github.com/evanphx/json-patch: [v4.9.0+incompatible → v4.11.0+incompatible](https://github.com/evanphx/json-patch/compare/v4.9.0...v4.11.0) -- github.com/form3tech-oss/jwt-go: [v3.2.2+incompatible → v3.2.3+incompatible](https://github.com/form3tech-oss/jwt-go/compare/v3.2.2...v3.2.3) -- github.com/go-logfmt/logfmt: [v0.4.0 → v0.5.0](https://github.com/go-logfmt/logfmt/compare/v0.4.0...v0.5.0) -- github.com/go-openapi/jsonpointer: [v0.19.3 → v0.19.5](https://github.com/go-openapi/jsonpointer/compare/v0.19.3...v0.19.5) -- github.com/go-openapi/jsonreference: [v0.19.3 → v0.19.5](https://github.com/go-openapi/jsonreference/compare/v0.19.3...v0.19.5) -- github.com/go-openapi/swag: [v0.19.5 → v0.19.14](https://github.com/go-openapi/swag/compare/v0.19.5...v0.19.14) -- github.com/godbus/dbus/v5: [v5.0.3 → v5.0.4](https://github.com/godbus/dbus/v5/compare/v5.0.3...v5.0.4) -- github.com/golang/groupcache: [8c9f03a → 41bb18b](https://github.com/golang/groupcache/compare/8c9f03a...41bb18b) -- github.com/golang/protobuf: [v1.4.3 → v1.5.2](https://github.com/golang/protobuf/compare/v1.4.3...v1.5.2) -- github.com/google/btree: [v1.0.0 → v1.0.1](https://github.com/google/btree/compare/v1.0.0...v1.0.1) -- github.com/google/cadvisor: [v0.39.0 → v0.39.2](https://github.com/google/cadvisor/compare/v0.39.0...v0.39.2) -- github.com/google/go-cmp: [v0.5.2 → v0.5.5](https://github.com/google/go-cmp/compare/v0.5.2...v0.5.5) -- github.com/googleapis/gnostic: [v0.4.1 → v0.5.5](https://github.com/googleapis/gnostic/compare/v0.4.1...v0.5.5) -- github.com/gopherjs/gopherjs: [0766667 → fce0ec3](https://github.com/gopherjs/gopherjs/compare/0766667...fce0ec3) -- github.com/grpc-ecosystem/go-grpc-middleware: [f849b54 → v1.3.0](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/f849b54...v1.3.0) -- github.com/grpc-ecosystem/grpc-gateway: [v1.9.5 → v1.16.0](https://github.com/grpc-ecosystem/grpc-gateway/compare/v1.9.5...v1.16.0) -- github.com/heketi/heketi: [v10.2.0+incompatible → v10.3.0+incompatible](https://github.com/heketi/heketi/compare/v10.2.0...v10.3.0) -- github.com/jonboulle/clockwork: [v0.1.0 → v0.2.2](https://github.com/jonboulle/clockwork/compare/v0.1.0...v0.2.2) -- github.com/json-iterator/go: [v1.1.10 → v1.1.11](https://github.com/json-iterator/go/compare/v1.1.10...v1.1.11) -- github.com/julienschmidt/httprouter: [v1.2.0 → v1.3.0](https://github.com/julienschmidt/httprouter/compare/v1.2.0...v1.3.0) -- github.com/kr/pretty: [v0.2.0 → v0.2.1](https://github.com/kr/pretty/compare/v0.2.0...v0.2.1) -- github.com/mailru/easyjson: [v0.7.0 → v0.7.6](https://github.com/mailru/easyjson/compare/v0.7.0...v0.7.6) -- github.com/mattn/go-isatty: [v0.0.4 → v0.0.3](https://github.com/mattn/go-isatty/compare/v0.0.4...v0.0.3) -- github.com/miekg/dns: [v1.1.35 → v1.0.14](https://github.com/miekg/dns/compare/v1.1.35...v1.0.14) -- github.com/moby/sys/mountinfo: [v0.4.0 → v0.4.1](https://github.com/moby/sys/mountinfo/compare/v0.4.0...v0.4.1) -- github.com/moby/term: [df9cb8a → 9d4ed18](https://github.com/moby/term/compare/df9cb8a...9d4ed18) -- github.com/mwitkow/go-conntrack: [cc309e4 → 2f06839](https://github.com/mwitkow/go-conntrack/compare/cc309e4...2f06839) -- github.com/onsi/ginkgo: [v1.11.0 → v1.14.0](https://github.com/onsi/ginkgo/compare/v1.11.0...v1.14.0) -- github.com/onsi/gomega: [v1.7.0 → v1.10.1](https://github.com/onsi/gomega/compare/v1.7.0...v1.10.1) -- github.com/opencontainers/runc: [v1.0.0-rc93 → v1.0.1](https://github.com/opencontainers/runc/compare/v1.0.0-rc93...v1.0.1) -- github.com/opencontainers/runtime-spec: [e6143ca → 1c3f411](https://github.com/opencontainers/runtime-spec/compare/e6143ca...1c3f411) -- github.com/opencontainers/selinux: [v1.8.0 → v1.8.2](https://github.com/opencontainers/selinux/compare/v1.8.0...v1.8.2) -- github.com/prometheus/client_golang: [v1.7.1 → v1.11.0](https://github.com/prometheus/client_golang/compare/v1.7.1...v1.11.0) -- github.com/prometheus/common: [v0.10.0 → v0.26.0](https://github.com/prometheus/common/compare/v0.10.0...v0.26.0) -- github.com/prometheus/procfs: [v0.2.0 → v0.6.0](https://github.com/prometheus/procfs/compare/v0.2.0...v0.6.0) -- github.com/rogpeppe/fastuuid: [6724a57 → v1.2.0](https://github.com/rogpeppe/fastuuid/compare/6724a57...v1.2.0) -- github.com/sirupsen/logrus: [v1.7.0 → v1.8.1](https://github.com/sirupsen/logrus/compare/v1.7.0...v1.8.1) -- github.com/smartystreets/assertions: [b2de0cb → v1.1.0](https://github.com/smartystreets/assertions/compare/b2de0cb...v1.1.0) -- github.com/soheilhy/cmux: [v0.1.4 → v0.1.5](https://github.com/soheilhy/cmux/compare/v0.1.4...v0.1.5) -- github.com/spf13/cobra: [v1.1.1 → v1.1.3](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.3) -- github.com/spf13/jwalterweatherman: [v1.1.0 → v1.0.0](https://github.com/spf13/jwalterweatherman/compare/v1.1.0...v1.0.0) -- github.com/stretchr/testify: [v1.6.1 → v1.7.0](https://github.com/stretchr/testify/compare/v1.6.1...v1.7.0) -- github.com/tmc/grpc-websocket-proxy: [0ad062e → e5319fd](https://github.com/tmc/grpc-websocket-proxy/compare/0ad062e...e5319fd) -- github.com/yuin/goldmark: [v1.2.1 → v1.3.5](https://github.com/yuin/goldmark/compare/v1.2.1...v1.3.5) -- go.etcd.io/bbolt: v1.3.5 → v1.3.6 -- go.uber.org/atomic: v1.4.0 → v1.7.0 -- go.uber.org/multierr: v1.1.0 → v1.6.0 -- go.uber.org/zap: v1.10.0 → v1.17.0 -- golang.org/x/lint: 738671d → 6edffad -- golang.org/x/mod: ce943fd → v0.4.2 -- golang.org/x/net: 3d97a24 → 37e1c6a -- golang.org/x/sync: 67f06af → 036812b -- golang.org/x/sys: a50acf3 → 59db8d7 -- golang.org/x/text: v0.3.4 → v0.3.6 -- golang.org/x/time: f8bda1e → 1f47c86 -- golang.org/x/tools: v0.1.0 → v0.1.2 -- google.golang.org/genproto: 8816d57 → f16073e -- google.golang.org/grpc: v1.27.1 → v1.38.0 -- google.golang.org/protobuf: v1.25.0 → v1.26.0 -- gopkg.in/yaml.v3: 9f266ea → 496545a -- k8s.io/klog/v2: v2.8.0 → v2.9.0 -- k8s.io/kube-openapi: 591a79e → 9528897 -- k8s.io/system-validators: v1.4.0 → v1.5.0 -- k8s.io/utils: 67b214c → 4b05e18 -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.15 → v0.0.22 -- sigs.k8s.io/kustomize/api: v0.8.5 → v0.8.11 -- sigs.k8s.io/kustomize/cmd/config: v0.9.7 → v0.9.13 -- sigs.k8s.io/kustomize/kustomize/v4: v4.0.5 → v4.2.0 -- sigs.k8s.io/kustomize/kyaml: v0.10.15 → v0.11.0 -- sigs.k8s.io/structured-merge-diff/v4: v4.1.0 → v4.1.2 -#### Removed -- github.com/agnivade/levenshtein: [v1.0.1](https://github.com/agnivade/levenshtein/tree/v1.0.1) -- github.com/alecthomas/template: [fb15b89](https://github.com/alecthomas/template/tree/fb15b89) -- github.com/andreyvit/diff: [c7f18ee](https://github.com/andreyvit/diff/tree/c7f18ee) -- github.com/bifurcation/mint: [93c51c6](https://github.com/bifurcation/mint/tree/93c51c6) -- github.com/caddyserver/caddy: [v1.0.3](https://github.com/caddyserver/caddy/tree/v1.0.3) -- github.com/cenkalti/backoff: [v2.1.1+incompatible](https://github.com/cenkalti/backoff/tree/v2.1.1) -- github.com/checkpoint-restore/go-criu/v4: [v4.1.0](https://github.com/checkpoint-restore/go-criu/v4/tree/v4.1.0) -- github.com/cheekybits/genny: [9127e81](https://github.com/cheekybits/genny/tree/9127e81) -- github.com/go-acme/lego: [v2.5.0+incompatible](https://github.com/go-acme/lego/tree/v2.5.0) -- github.com/go-bindata/go-bindata: [v3.1.1+incompatible](https://github.com/go-bindata/go-bindata/tree/v3.1.1) -- github.com/go-openapi/analysis: [v0.19.5](https://github.com/go-openapi/analysis/tree/v0.19.5) -- github.com/go-openapi/errors: [v0.19.2](https://github.com/go-openapi/errors/tree/v0.19.2) -- github.com/go-openapi/loads: [v0.19.4](https://github.com/go-openapi/loads/tree/v0.19.4) -- github.com/go-openapi/runtime: [v0.19.4](https://github.com/go-openapi/runtime/tree/v0.19.4) -- github.com/go-openapi/spec: [v0.19.5](https://github.com/go-openapi/spec/tree/v0.19.5) -- github.com/go-openapi/strfmt: [v0.19.5](https://github.com/go-openapi/strfmt/tree/v0.19.5) -- github.com/go-openapi/validate: [v0.19.8](https://github.com/go-openapi/validate/tree/v0.19.8) -- github.com/gobuffalo/here: [v0.6.0](https://github.com/gobuffalo/here/tree/v0.6.0) -- github.com/hpcloud/tail: [v1.0.0](https://github.com/hpcloud/tail/tree/v1.0.0) -- github.com/jimstudt/http-authentication: [3eca13d](https://github.com/jimstudt/http-authentication/tree/3eca13d) -- github.com/klauspost/cpuid: [v1.2.0](https://github.com/klauspost/cpuid/tree/v1.2.0) -- github.com/kr/logfmt: [b84e30a](https://github.com/kr/logfmt/tree/b84e30a) -- github.com/kylelemons/godebug: [d65d576](https://github.com/kylelemons/godebug/tree/d65d576) -- github.com/lucas-clemente/aes12: [cd47fb3](https://github.com/lucas-clemente/aes12/tree/cd47fb3) -- github.com/lucas-clemente/quic-clients: [v0.1.0](https://github.com/lucas-clemente/quic-clients/tree/v0.1.0) -- github.com/lucas-clemente/quic-go-certificates: [d2f8652](https://github.com/lucas-clemente/quic-go-certificates/tree/d2f8652) -- github.com/lucas-clemente/quic-go: [v0.10.2](https://github.com/lucas-clemente/quic-go/tree/v0.10.2) -- github.com/markbates/pkger: [v0.17.1](https://github.com/markbates/pkger/tree/v0.17.1) -- github.com/marten-seemann/qtls: [v0.2.3](https://github.com/marten-seemann/qtls/tree/v0.2.3) -- github.com/mholt/certmagic: [6a42ef9](https://github.com/mholt/certmagic/tree/6a42ef9) -- github.com/naoina/go-stringutil: [v0.1.0](https://github.com/naoina/go-stringutil/tree/v0.1.0) -- github.com/naoina/toml: [v0.1.1](https://github.com/naoina/toml/tree/v0.1.1) -- github.com/robfig/cron: [v1.1.0](https://github.com/robfig/cron/tree/v1.1.0) -- github.com/satori/go.uuid: [v1.2.0](https://github.com/satori/go.uuid/tree/v1.2.0) -- github.com/thecodeteam/goscaleio: [v0.1.0](https://github.com/thecodeteam/goscaleio/tree/v0.1.0) -- github.com/tidwall/pretty: [v1.0.0](https://github.com/tidwall/pretty/tree/v1.0.0) -- github.com/vektah/gqlparser: [v1.1.2](https://github.com/vektah/gqlparser/tree/v1.1.2) -- github.com/willf/bitset: [v1.1.11](https://github.com/willf/bitset/tree/v1.1.11) -- go.etcd.io/etcd: dd1b699 -- go.mongodb.org/mongo-driver: v1.1.2 -- gopkg.in/cheggaaa/pb.v1: v1.0.25 -- gopkg.in/fsnotify.v1: v1.4.7 -- gopkg.in/mcuadros/go-syslog.v2: v2.2.1 -- gopkg.in/resty.v1: v1.12.0 -- k8s.io/heapster: v1.2.0-beta.1 - - - -### containerlinux [3033.2.0](https://www.flatcar-linux.org/releases/#release-3033.2.0) - -**Breaking changes** - -* CGroupsV2 are enabled by default. Applications might need to be updated if they don't have support. There are -several known issues: - - Java applications must use JRE >= 15; Please see OpenJDK -[upstream issue](https://bugs.openjdk.java.net/browse/JDK-8230305) for more details. - -**Security fixes** - -* Linux - - [CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002) - - [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820) - - [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001) - - [CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975) - - [CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739) - - [CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760) - - [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772) - - [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327) - - [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056) - - [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267) - - [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389) - - CVE-2021-3609 - - [CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653) - - CVE-2021-3655 - - [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656) - - [CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760) - - [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772) - - [CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541) - - [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039) - - [CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576) - - [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543) - - [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909) - - [CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556) - - [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477) - - [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166) - - [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205) - - [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327) - - [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056) - - [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267) - - [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389) -* Go - - [CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923) - - [CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293) - - [CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297) - - [CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293) - - [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717) - - [CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716) - - [CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771) - - [CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772) -* bash - - [CVE-2019-9924](https://nvd.nist.gov/vuln/detail/CVE-2019-9924) - - [CVE-2019-18276](https://nvd.nist.gov/vuln/detail/CVE-2019-18276) -* binutils - - [CVE-2021-3530](https://nvd.nist.gov/vuln/detail/CVE-2021-3530) - - [CVE-2021-3549](https://nvd.nist.gov/vuln/detail/CVE-2021-3549) -* ca-certificates - - [CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527) -* containerd - - [CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103) - - [CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190) -* curl - - [CVE-2021-22945](https://nvd.nist.gov/vuln/detail/CVE-2021-22945) - - [CVE-2021-22946](https://nvd.nist.gov/vuln/detail/CVE-2021-22946) - - [CVE-2021-22947](https://nvd.nist.gov/vuln/detail/CVE-2021-22947) -* Docker - - [CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092) - - [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089) - - [CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091) - - [CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190) -* git - - [CVE-2021-40330](https://nvd.nist.gov/vuln/detail/CVE-2021-40330) -* glibc - - [CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604) -* gnupg - - [CVE-2020-25125](https://nvd.nist.gov/vuln/detail/CVE-2020-25125) -* libgcrypt - - [CVE-2021-40528](https://nvd.nist.gov/vuln/detail/CVE-2021-40528) -* nettle - - [CVE-2021-20305](https://nvd.nist.gov/vuln/detail/CVE-2021-20305) - - [CVE-2021-3580](https://nvd.nist.gov/vuln/detail/CVE-2021-3580) -* polkit - - [CVE-2021-3560](https://nvd.nist.gov/vuln/detail/CVE-2021-3560) -* sssd - - [CVE-2021-3621](https://nvd.nist.gov/vuln/detail/CVE-2021-3621) -* util-linux - - [CVE-2021-37600](https://nvd.nist.gov/vuln/detail/CVE-2021-37600) -* vim - - [CVE-2021-3770](https://nvd.nist.gov/vuln/detail/CVE-2021-3770) - - [CVE-2021-3778](https://nvd.nist.gov/vuln/detail/CVE-2021-3778) - - [CVE-2021-3796](https://nvd.nist.gov/vuln/detail/CVE-2021-3796) -* SDK: bison - - [CVE-2020-14150](https://nvd.nist.gov/vuln/detail/CVE-2020-14150) - - [CVE-2020-24240](https://nvd.nist.gov/vuln/detail/CVE-2020-24240) -* SDK: perl - - [CVE-2020-10878](https://nvd.nist.gov/vuln/detail/CVE-2020-10878) - -**Bug fixes** -* arm64: the Polkit service does not crash anymore. ([flatcar-linux/Flatcar#156](https://github.com/flatcar-linux/Flatcar/issues/156)) -* toolbox: fixed support for multi-layered docker images ([toolbox#5](https://github.com/flatcar-linux/toolbox/pull/5)) -* Run emergency.target on ignition/torcx service unit failure in dracut ([bootengine#28](https://github.com/flatcar-linux/bootengine/pull/28)) -* Fix vim warnings on missing file, when built with USE=”minimal” ([portage-stable#260](https://github.com/flatcar-linux/portage-stable/pull/260)) -* The Torcx profile docker-1.12-no got fixed to reference the current Docker version instead of 19.03 which wasn’t found on the image, causing Torcx to fail to provide Docker ([PR#1456](https://github.com/flatcar-linux/coreos-overlay/pull/1456)) -* Use https protocol instead of git for Github URLs ([flatcar-linux/coreos-overlay#1394](https://github.com/flatcar-linux/coreos-overlay/pull/1394)) - -**Changes** -* Added GPIO support ([coreos-overlay#1236](https://github.com/flatcar-linux/coreos-overlay/pull/1236)) -* Enabled SELinux in permissive mode on ARM64 ([coreos-overlay#1245](https://github.com/flatcar-linux/coreos-overlay/pull/1245)) -* The iptables command uses the nftables kernel backend instead of the iptables backend, you can also migrate to using the nft tool instead of iptables. Containers with iptables binaries that use the iptables backend will result in mixing both kernel backends which is supported but you have to look up the rules separately (on the host you can use the iptables-legacy and friends). -* Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar-linux/coreos-overlay/pull/1426)) - -**Updates** -* Linux ([5.10.84](https://lwn.net/Articles/878041/)) -* Linux Firmware ([20210919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20210919)) -* Docker ([20.10.9](https://docs.docker.com/engine/release-notes/#20109)) -* Go ([1.17.5](https://go.googlesource.com/go/+/refs/tags/go1.17.5)) -* containerd ([1.5.8](https://github.com/containerd/containerd/releases/tag/v1.5.8)) -* systemd ([249.4](https://github.com/systemd/systemd-stable/blob/v249.4/NEWS)) -* bash ([5.1_p8](https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00003.html)) -* binutils ([2.37](https://sourceware.org/pipermail/binutils/2021-July/117384.html)) -* curl ([7.79.1](https://curl.se/changes.html#7_79_1)) -* ca-certificates ([3.73](https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/vy9284s8APM)) -* duktape ([2.6.0](https://github.com/svaarala/duktape/blob/master/doc/release-notes-v2-6.rst)) -* ebtables ([2.0.11](https://lwn.net/Articles/806179/)) -* git ([2.32.0](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt)) -* gnupg ([2.2.29](https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html)) -* iptables ([1.8.7](https://lwn.net/Articles/843069/)) -* keyutils ([1.6.1](https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/tag/?h=v1.6.1)) -* ldb ([2.3.0](https://gitlab.com/samba-team/samba/-/tags/ldb-2.3.0)) -* libgcrypt ([1.9.4](https://dev.gnupg.org/T5402)) -* libmnl ([1.0.4](https://marc.info/?l=netfilter-devel&m=146745072727070&w=2)) -* libnftnl ([1.2.0](https://marc.info/?l=netfilter&m=162194376520385&w=2)) -* libtirpc ([1.3.2](https://www.spinics.net/lists/linux-nfs/msg84129.html)) -* lvm2 ([2.02.188](https://github.com/lvmteam/lvm2/releases/tag/v2_02_188)) -* nettle ([3.7.3](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00002.html)) -* nftables ([0.9.9](https://lwn.net/Articles/857369/)) -* net-tools ([2.10](https://sourceforge.net/p/net-tools/code/ci/v2.10/tree/)) -* openssh ([8.7_p1-r1](https://www.openssh.com/txt/release-8.7)) -* open-vm-tools ([11.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.5)) -* polkit ([0.119](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/NEWS)) -* realmd ([0.17.0](https://gitlab.freedesktop.org/realmd/realmd/-/tags/0.17.0)) -* runc ([1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3)) -* talloc ([2.3.2](https://gitlab.com/samba-team/samba/-/tags/talloc-2.3.2)) -* util-linux ([2.37.2](https://github.com/karelzak/util-linux/blob/v2.37.2/NEWS)) -* vim ([8.2.3428](https://github.com/vim/vim/releases/tag/v8.2.3428)) -* xenstore ([4.14.2](https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-2/)) -* SDK: gnuconfig (20210107) -* SDK: google-cloud-sdk ([355.0.0](https://groups.google.com/g/google-cloud-sdk-announce/c/HoJuttxnzNQ)) -* SDK: meson (0.57.2) -* SDK: mtools (4.0.35) -* SDK: perl ([5.34.0](https://perldoc.perl.org/perl5340delta)) -* SDK: Rust ([1.55.0](https://blog.rust-lang.org/2021/09/09/Rust-1.55.0.html)) -* SDK: texinfo ([6.8](https://github.com/debian-tex/texinfo/releases/tag/upstream%2F6.8)) - - -### calico [3.21.3](https://github.com/projectcalico/calico/releases/tag/v3.21.3) - -#### BGP Improvements -For users of BGP you can now view the status of your BGP routers, including session status, RIB / FIB contents, and agent health via the new CalicoNodeStatus API. See the API documentation for more details. - -In addition, you can control BGP advertisement of certain prefixes using the new disableBGPExport option on each IP pool, allowing greater control of your route sharing scheme. - -Pull requests: -- Added Calico node status resource (CalicoNodeStatus) which represents a collection of status information for a node that Calico reports back to the user for use during troubleshooting. libcalico-go #1502 (@song-jiang) -- Report node BGP status from calico/node. node #1234 (@song-jiang) -- Add new syncer for BGP status API. typha #662 (@song-jiang) -- Don’t export BGP routes for IP pools that have disableBGPExport==true confd #647 (@coutinhop) - -#### Service-based network policy improvements -In v3.20, we introduced egress policy rules that can match on Kubernetes services. In v3.21, we improved upon that in two ways. First, you can now use service matches in Calico NetworkPolicy and GlobalNetworkPolicy ingress rules. Second, you can now use service-based network policy rules on Windows nodes. - -Pull requests: -- Policy ingress rules now support service selectors. felix #3024 (@mgleung) -- Windows data plane support for Service-based network policy rules felix #2917 (@caseydavenport) -- Allow services to be specified in the Source field of Ingress rules libcalico-go #1517 (@mgleung) - -#### Option to run Calico as non-privileged and non-root -Calico can now optionally run in non-privileged and non-root mode, with some limitations. See the documentation for more information. - -Pull requests: -- Change node and supporting binary permissions so that they can be run as a non-root user node #1224 (@mgleung) -- CNI plugin now sets route_localnet=1 for container interfaces cni-plugin #1168 (@mgleung) -- CNI plugins now have SUID bit set in order to run as non-root cni-plugin #1168 (@mgleung) - -#### IPReservations API -You can use the new IPReservations API to reserve certain IP addresses so that they will not be used by Calico IPAM. This allows for fine-grained control of the IP space in your cluster. - -Pull requests: -- Add support for IPReservations libcalico-go #1509 (@fasaxc) - - -#### Bug fixes -- Fix a serious regression introduced in v3.21.0 where the datastore watcher could get stuck and report stale information in clusters with >500 policies/pods/etc. The bug was triggered by needing to do a resync (for example after an etcd compaction) when there were enough resources to trigger the list pager. [calico #5332](https://github.com/projectcalico/calico/pull/5332) (@robbrockbank) -- Pass ExceptUpgradeService param to stop-calico.ps1 as well node #1372 (@lmm) -- Restrict Typha server to FIPS compliant cipher suites. typha #696 (@caseydavenport) -- Fix log spam from Calico upgrade service for Windows node #1343 (@song-jiang) -- Increase timeout for setting NetworkUnavailable on shutdown node #1341 (@caseydavenport) -- Fix potential panic and memory leak in kube-controllers caused by adding and subsequently deleting IPAM blocks kube-controllers #912 (@caseydavenport) -- IPAM GC correctly handles multiple IP addresses allocated with the same handle ID. kube-controllers #903 (@caseydavenport) -- Fix bug where invalid port structures were being sent to Felix, preventing pods with hostPorts specified from working. libcalico-go #1545 (@caseydavenport) -- Downgrade repetitive info level logging in calico/node autodetection code node #1237 (@caseydavenport) -- Updated ubi base images and CentOS repos to stop CVE false positives from being reported. node #1136 (@coutinhop) -- Fixed typo in umount command pod2daemon #64 (@ScheererJ) -- Fixes this bug which caused WireGuard stats to be collected even when WireGuard was disabled. Additionally, the version of the wgctrl dependency has been updated as the previous version caused thread leaks. felix #3057 (@mikestephen) -- Fix blackhole route table interface matches to handle empty interface regexes. felix #3007 (@robbrockbank) -- Fix slow performance when updating a Kubernetes namespace when there are many Pods (and in turn, slow startup performance when there are many namespaces). felix #2964 (@fasaxc) -- Close race condition that could result in an extra IPAM block being allocated to a node. libcalico-go #1488 (@caseydavenport) -- Fix that podIP annotation could be incorrectly clobbered for stateful set pods: https://github.com/projectcalico/calico/issues/4710 libcalico-go #1472 (@fasaxc) -- Fix removal of old CNI configuration on name-change cni-plugin #1153 (@caseydavenport) -- Readiness depends on all syncers typha #613 (@robbrockbank) -- Exclude RR nodes from BGP full mesh confd #619 (@coutinhop) -- Fixed a bug in ExternalTrafficPolicy=Local that lead to connection stalling. felix #3015 (@tomastigera) -- Fixed broken connections when client used the same port to connect to the same backed via a nodeport on different nodes. felix #2983 (@tomastigera) -- The eBPF mode implementation of DoNotTrack policy was incorrectly allowing an inbound connection through a HostEndpoint, when the HostEndpoint had DoNotTrack policy for the ingress direction but not for egress. For precise compatibility with Calico’s established DoNotTrack semantics, that connection should be disallowed, and now is. (Because of the lack of connection tracking, successful use of DoNotTrack policy to allow flows requires configuring the DoNotTrack policy symmetrically in both directions.) felix #2982 (@neiljerram) - - - -#### Other changes -- Replace github.com/dgrijalva/jwt-go with active fork github.com/golang-jwt/jwt that resolves vulnerability flagged by scanners. libcalico-go #1554 (@lmm) -- calico/node logs write to /var/log/calico within the container by default, in addition to stdout node #1133 (@song-jiang) -- Read pod IP information from Amazon VPC CNI annotation, if present on the pod. libcalico-go #1523 (@caseydavenport) -- Update etcd client version to v3.5.0 libcalico-go #1495 (@Aceralon) -- Optimize lists and watches made against the Kubernetes API libcalico-go #1484 (@caseydavenport) -- WorkloadEndpoints now support hostPorts libcalico-go #1471 (@AloysAugustin) -- Include CNI plugin release v1.0.0 cni-plugin #1141 (@caseydavenport) -- Allow configuration of num_queues for Calico created veth interfaces cni-plugin #1116 (@arikachen) -- Typha now gives newly connected clients an extra grace period to catch up after sending the snapshot to reduce the possibility of cyclic disconnects. typha #614 (@fasaxc) -- Add calico-node upgrade service for upgrades on Windows node #1254 (@lmm) -- eBPF arm64/aarch64 node #1044 (@frozenprocess) -- BPF: Endpoints in EndpointsSlices that are not ready are excluded from NAT felix #3017 (@tomastigera) -- Calico’s eBPF dataplane now fully implements DoNotTrack policy felix #2910 (@neiljerram) -- Add HostPort support in the gRPC dataplane cni-plugin #1119 (@AloysAugustin) - - -### app-operator [5.4.1](https://github.com/giantswarm/app-operator/releases/tag/v5.4.1) - -#### Fixed -- Embed Chart CRD in app-operator to prevent hitting GitHub API rate limits. - - - -### aws-operator [10.15.0](https://github.com/giantswarm/aws-operator/releases/tag/v10.15.0) - -### Added - -- Add support for feature that enables forcing cgroups v1 for Flatcar version `3033.2.0` and above. - -#### Changed -- Max pods setting per for new EC2 instances. -- Bump `etcd-cluster-migrator` version to `v1.1.0`. -- Bump `k8scloudconfig` version to `v11.0.1`. -- Changes to EncryptionConfig in order to fully work with `encryption-provider-operator`. - -### aws-cni [1.10.1-nftables](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.10.1-nftables) - -#### Changed -- Use `nftables` instead of `iptables`. - - -### external-dns [2.8.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.8.0) - -#### Changed -- Add ability to specify extra arguments to the external-dns deployment through `externalDNS.extraArgs`. - - - -### cluster-autoscaler [1.22.2-gs2](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.22.2-gs2) - -#### Fixed -- Fix RBAC for version 1.22. - -#### Changed -- Updated cluster-autoscaler to version `1.22.2`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.0.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.0.0.md deleted file mode 100644 index 1cc1b19cb0..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.0.0.md +++ /dev/null @@ -1,1226 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.0.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.0.0 - version: 17.0.0 - version_tag: v17.0.0 -date: '2022-02-17T10:00:00' -description: Release notes for AWS workload cluster release v17.0.0, published on - 17 February 2022, 10:00. -title: Workload cluster release v17.0.0 for AWS ---- - -This release provides support for Kubernetes 1.22, has Control Groups v2 enabled by default and includes the Vertical Pod autoscaler. - -**Highlights** -- Kubernetes 1.22 support; -- Control Groups v2 are enabled by default; -- The Vertical Pod autoscaler is included by default to help size pods for the optimal CPU and memory usage; -- `rpcbind` is disabled by default to mitigate security risks. NFS `v2` and `v3` are not supported anymore; -- `ebs-csi-node` tolerates all custom taints; -- Security fixes: - * 44 Linux CVEs; - * 10 expat; - * 8 Go CVEs; - * 5 glibc CVE; - * 4 Docker CVEs; - * 3 curl CVEs; - * 3 vim CVEs; - * 2 polkit CVE; - * 2 bash CVEs; - * 2 binutils CVEs; - * 3 containerd CVEs; - * 2 nettle CVEs; - * 2 SDK: bison CVEs; - * 1 ca-certificates CVE; - * 1 util-linux CVE; - * 1 git CVE; - * 1 gnupg CVE; - * 1 libgcrypt CVE; - * 1 sssd CVE; - * 1 SDK: perl CVE; - -> **_Warning:_** Kubernetes v1.22 removed certain APIs and features. More details are available in the [upstream blog post](https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/). - -> **_Warning:_** `rpcbind` is disabled by default to mitigate security risks. Any application which requires it will no longer work. NFS `v2` and `v3` are such applications and are no longer supported. Please, check if any you have any application which depend on `rpcbind` before you upgrade. - -**Known Issues** -- Java applications are unable to identify memory limits when using a `JRE` prior to v15 in a Control Groups v2 environment. Support was added in `JRE` v15 and later. More details are available in the [upstream issue](https://bugs.openjdk.java.net/browse/JDK-8230305). We recommend using the latest LTS JRE available (currently v17) to ensure continued compatibility with future releases; -- Go applications, which use an older version of [uber-go/automaxprocs](https://github.com/uber-go/automaxprocs), are unable to properly set `GOMAXPROCS`. Such applications need to be updated to use at least `v1.5.1` of `uber-go/automaxprocs`. - -**Control Groups v1** -To ensure a smooth transition, in case you need time to modify applications to make them compatible with Control Groups v2, we provide a mechanism that will allow using Control Groups v1 on specific node pools. More details are available in our [documentation](https://docs.giantswarm.io/advanced/forcing-cgroupsv1/). - -**Note when upgrading from v16 to v17:** Existing `Vertical Pod Autoscaler` app installations need to be removed from the workload cluster prior to upgrading to v17 because the `Vertical Pod Autscaler` is provided as a default application. The two applications have different names which leads to them fighting each other. - - -## Change details - - -### kubernetes [1.22.6](https://github.com/kubernetes/kubernetes/releases/tag/v1.22.6) - -#### What's New (Major Themes) - -##### Removal of several beta Kubernetes APIs - -A number of APIs are no longer serving specific Beta versions in favour of the GA version of those APIs. All existing objects can be interacted with via general availability APIs. This removal includes beta versions of `ValidatingWebhookConfiguration`, `MutatingWebhookConfiguration`, `CustomResourceDefinition`, `APIService`, `TokenReview`, `SubjectAccessReview`, `CertificateSigningRequest`, `Lease`, `Ingress`, and `IngressClass` APIs. For the full list check out [Deprecated API Migration Guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22) and the blog post [Kubernetes API and Feature Removals In 1.22: Here’s What You Need To Know](https://blog.k8s.io/2021/07/14/upcoming-changes-in-kubernetes-1-22/). - -##### Kubernetes release cadence change - -We all have to adapt to change in our lives, and especially so in the past year. The Kubernetes release team was also affected from the COVID-19 pandemic and has listened to its user base regarding the number of releases in a calendar year. From April 23, 2021 it was made official that Kubernetes release cadence has reduced from 4 releases per year to 3 releases per year. - -You can read more in the official blog post [Kubernetes Release Cadence Change: Here’s What You Need To Know](https://blog.k8s.io/2021/07/20/new-kubernetes-release-cadence/). - -##### External credential providers - -Kubernetes client [credential plugins](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins) have been in beta since 1.11, a few eons ago. With the release of Kubernetes 1.22, this feature set graduates to stable. The GA feature set includes improved support for plugins that provide interactive login flows. -This release also contains a number of bug fixes to the feature set. Aspiring plugin authors can look at [sample-exec-plugin](https://github.com/ankeesler/sample-exec-plugin) as a way to get started. - -Related to this topic, the in-tree Azure and GCP authentication plugins have been [deprecated](https://github.com/kubernetes/kubernetes/pull/102181) in favor of out-of-tree implementations. - -##### Server-side Apply graduates to GA - -Server-side Apply is a new object merge algorithm, as well as tracking of field ownership, running on the Kubernetes API server. Server-side Apply helps users and controllers manage their resources via declarative configurations. It allows them to create and/or modify their objects declaratively, simply by sending their fully specified intent. After being in beta for a couple releases, [Server-side Apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) is now generally available. - -##### Cluster Storage Interface graduations - -CSI support for Windows nodes moves to GA in the 1.22 release. In Kubernetes v1.22, Windows privileged containers are only an alpha feature. To allow using CSI storage on Windows nodes, [CSIProxy](https://github.com/kubernetes-csi/csi-proxy) enables CSI node plugins to be deployed as unprivileged pods, using the proxy to perform privileged storage operations on the node. - -Another feature moving to GA in v1.22 is CSI Service Account Token support. This feature allows CSI drivers to use pods' [bound service account tokens](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume) instead of a more privileged identity. It also provides control over to re-publishing these volumes, so that short-lived tokens can be refreshed. - -##### SIG Windows development tools - -To grow the developer community, SIG Windows released multiple [tools](https://github.com/kubernetes-sigs/sig-windows-dev-tools/). The new tools support multiple CNI providers (Antrea, Calico), can run on multiple platforms (any vagrant compatible provider, such as Hyper-V, VirtualBox, or vSphere). -There is also a new way to run bleeding edge Windows features from scratch by compiling the windows kubelet and kube-proxy, then using them along with daily builds of other Kubernetes components. - -##### Deploy a more secure control plane with kubeadm - -A new alpha feature allows running the kubeadm control plane components as non-root users. This is a long requested security measure in kubeadm. To try it you must enable the kubeadm-specific `RootlessControlPlane` feature gate. When you deploy a cluster using this alpha feature, your control plane runs with lower privileges. - -A new [v1beta3 configuration API](https://github.com/kubernetes/kubeadm/issues/1796). It [iterates over v1beta2](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3) by adding some long requested features and deprecating some existing ones. The `V1beta3` is now the preferred API version; the `v1beta2` API also remains available and is not yet deprecated. - -##### etcd moves to version 3.5.0 - -Kubernetes' default backend storage, etcd, has a new release 3.5.0 and the community embraced it. The new release comes with improvements to the Security, performance, monitoring and developer experience. There are numerous bug fixes to lease objects causing memory leaks, and compact operation causing deadlocks and more. A couple of new features are also introduced like the migration to structured logging and build in log rotation. The release comes with a detailed future roadmap to implement a solution to traffic overload. A full and detailed list of changes can be read in the [3.5.0 release announcement](https://etcd.io/blog/2021/announcing-etcd-3.5/). - -##### Kubernetes Node system swap support - -Every system administrator or Kubernetes user has been in the same boat regarding setting up and using Kubernetes: disable swap space. With the release of Kubernetes 1.22, *alpha* support is available to run nodes with swap memory. This change lets administrators opt in to configuring swap on Linux nodes, treating a portion of block storage as additional virtual memory. - -##### Cluster-wide seccomp defaults - -A new alpha feature gate `SeccompDefault` has been added to the kubelet, together with a corresponding command line flag `--seccomp-default` and kubelet configuration. If both are enabled, then the kubelet's behavior changes for pods that don't explicitly set a seccomp profile. -With cluster-wide seccomp defaults, the kubelet uses the `RuntimeDefault` seccomp profile by default, rather than than `Unconfined`. This allows enhancing the default cluster wide workload security of the Kubernetes deployment. Security administrators will now sleep better knowing there is some security by default for the workloads. - -To learn more about the feature, please refer to the official [seccomp tutorial](https://kubernetes.io/docs/tutorials/clusters/seccomp/#enable-the-use-of-runtimedefault-as-the-default-seccomp-profile-for-all-workloads). - -##### Quality of Service for memory resources - -Originally, Kubernetes used the v1 cgroups API. With that design, the QoS class for a pod only applied to CPU resources (such as `cpu_shares`). The Kubernetes cgroup manager uses `memory.limit_in_bytes` in v1 cgroups to limit the memory capacity for a container, and uses `oom_scores` to recommend an order for killing container processes if an out-of-memory event occurs. This implementation has shortcomings: for `Guaranteed` pods, memory can not be fully reserved, and the page cache is at risk of being recycled. For `Burstable` pods, overcommitting memory (setting `request` less than `limit` ) could increase the risk of a container being killed when the Linux kernel detects an out of memory condition. - -As an alpha feature, Kubernetes v1.22 can use the cgroups v2 API to control memory allocation and isolation. This feature is designed to improve workload and node availability when there is contention for memory resources. - -##### API changes and improvements for ephemeral containers - -The API used to create [Ephemeral Containers](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/) changed in 1.22. The Ephemeral Containers feature is alpha and disabled by default, and the new API does not work with clients that attempt to use the old API. - -For stable features, the `kubectl` tool follows the Kubernetes [version skew policy](https://kubernetes.io/releases/version-skew-policy/); -however, kubectl v1.21 and older do not support the new API for ephemeral containers. -Users who create ephemeral containers using `kubectl debug` should note that kubectl version 1.22 will attempt to fall back to the old API; older versions of kubectl will not work with cluster versions of 1.22 or later. Please update kubectl to 1.22 if you wish to use `kubectl debug` with a mix of cluster versions. - -#### Known Issues - -##### CPU and Memory manager are not working correctly for Guaranteed Pods with multiple containers - -A regression bug was found where guaranteed Pods with multiple containers do not work properly with set allocations for CPU, Memory, and Device manager. [The fix will be availability in coming releases](https://github.com/kubernetes/kubernetes/pull/103979). - -##### `CSIMigrationvSphere` feature gate has not migrated to new CRD APIs - -If CSIMigrationvSphere feature gate is enabled, user should not upgrade to Kubernetes v1.22. vSphere CSI Driver does not support Kubernetes v1.22 yet because it uses v1beta1 CRD APIs. Support for v1.22 will be added at a later release. Check the following document for supported Kubernetes releases for a given [vSphere CSI Driver version](https://vsphere-csi-driver.sigs.k8s.io/compatiblity_matrix.html#compatibility-matrix-for-vsphere-csi-driver). - -#### Urgent Upgrade Notes - -##### (No, really, you MUST read this before you upgrade) - -- Audit log files are now created with a mode of 0600. Existing file permissions will not be changed. If you need the audit file to be readable by a non-root user, you can pre-create the file with the desired permissions. ([#95387](https://github.com/kubernetes/kubernetes/pull/95387), [@JAORMX](https://github.com/JAORMX)) [SIG API Machinery and Auth] - - CSI migration of AWS EBS volumes requires AWS EBS CSI driver ver. 1.0 that supports `allowAutoIOPSPerGBIncrease` parameter in StorageClass. ([#101082](https://github.com/kubernetes/kubernetes/pull/101082), [@jsafrane](https://github.com/jsafrane)) - - Conformance image is now built with Distroless. Users running Conformance testing should rely on container entrypoint instead of manual invocation to `/run_e2e.sh` or `/gorunner`, as they are now deprecated and will be removed in 1.25 release. Invoking `ginkgo` and `e2e.test` are still supported through overriding entrypoint (docker) or defining container `spec.command` (kubernetes). ([#99178](https://github.com/kubernetes/kubernetes/pull/99178), [@wilsonehusin](https://github.com/wilsonehusin)) - - Default `StreamingProxyRedirects` to disabled. If there is a >= 2 version skew between master and nodes, and the old nodes were enabling `--redirect-container-streaming`, this will break them. In this case, the `StreamingProxyRedirects` can still be manually enabled. ([#101647](https://github.com/kubernetes/kubernetes/pull/101647), [@pacoxu](https://github.com/pacoxu)) - - Intree volume plugin scaleIO support has been completely removed from Kubernetes. ([#101685](https://github.com/kubernetes/kubernetes/pull/101685), [@Jiawei0227](https://github.com/Jiawei0227)) - - Kubeadm: remove the automatic detection and matching of cgroup drivers for Docker. For new clusters if you have not configured the cgroup driver explicitly you might get a failure in the `kubelet` on driver mismatch (kubeadm clusters should be using the `systemd` driver). Also remove the `IsDockerSystemdCheck` preflight check (warning) that checks if the Docker cgroup driver is set to `systemd`. Ideally such detection / coordination should be on the side of CRI implementers and the kubelet (tracked [here](https://github.com/kubernetes/kubernetes/issues/99808)). Please see the [page](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/) on how to configure cgroup drivers with kubeadm manually ([#99647](https://github.com/kubernetes/kubernetes/pull/99647), [@neolit123](https://github.com/neolit123)) - - Kubeadm: the flag `--cri-socket` is no longer allowed in a mixture with the flag `--config`. Please use the kubeadm configuration for setting the CRI socket for a node using `{Init|Join}Configuration.nodeRegistration.criSocket`. ([#101600](https://github.com/kubernetes/kubernetes/pull/101600), [@KofClubs](https://github.com/KofClubs)) - - Newly provisioned PVs by Azure disk will no longer have the beta `FailureDomain` label. Azure disk volume plugin will start to have GA topology label instead. ([#101534](https://github.com/kubernetes/kubernetes/pull/101534), [@kassarl](https://github.com/kassarl)) - - Scheduler's CycleState now embeds internal read/write locking inside its `Read()` and `Write()` functions. Meanwhile, `Lock()` and `Unlock()` function are removed. Scheduler plugin developers are now required to remove `CycleState#Lock()` and `CycleState#Unlock()`. Just simply use `Read()` and `Write()` as they're natively thread-safe now. ([#101542](https://github.com/kubernetes/kubernetes/pull/101542), [@Huang-Wei](https://github.com/Huang-Wei)) - - The `CSIMigrationVSphereComplete` feature flag is removed. `InTreePluginvSphereUnregister` will be the way moving forward. ([#101272](https://github.com/kubernetes/kubernetes/pull/101272), [@Jiawei0227](https://github.com/Jiawei0227)) - - The flag `--experimental-patches` is now deprecated and will be removed in a future release. You can migrate to using the new flag `--patches`. Add a new field `{Init|Join}Configuration.patches.directory` that can be used for the same purpose. For `init` and `join` it is now recommended that you migrate to configure patches via `{Init|Join}Configuration.patches.directory`. For the time being, these flags can be mixed with `--config`, but that might change in the future. On a command line, the last *patches flag takes precedence over previous flags and the value in config. `kubeadm upgrade --patches` will continue to be the only available option, since `upgrade` does not support a configuration file yet. ([#103063](https://github.com/kubernetes/kubernetes/pull/103063), [@neolit123](https://github.com/neolit123)) - - -#### Important Security Information - -This release contains changes that address the following vulnerabilities: - -##### CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access - -A security issue was discovered in Kubernetes where a user may be able to -create a container with subpath volume mounts to access files & -directories outside of the volume, including on the host filesystem. - -**Affected Versions**: - - kubelet v1.22.0 - v1.22.1 - - kubelet v1.21.0 - v1.21.4 - - kubelet v1.20.0 - v1.20.10 - - kubelet <= v1.19.14 - -**Fixed Versions**: - - kubelet v1.22.2 - - kubelet v1.21.5 - - kubelet v1.20.11 - - kubelet v1.19.15 - -This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google. - -**CVSS Rating:** High (8.8) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) - - -#### Deprecation - -- Controller-manager: the following flags have no effect and would be removed in v1.24: - - `--port` - - `--address` - The insecure port flags `--port` may only be set to 0 now. - - In addtion, please be careful that: - - controller-manager MUST start with `--authorization-kubeconfig` and `--authentication-kubeconfig` correctly set to get authentication/authorization working. - - liveness/readiness probes to controller-manager MUST use HTTPS now, and the default port has been changed to 10257. - - Applications that fetch metrics from controller-manager should use a dedicated service account which is allowed to access nonResourceURLs `/metrics`. ([#96216](https://github.com/kubernetes/kubernetes/pull/96216), [@knight42](https://github.com/knight42)) [SIG API Machinery, Cloud Provider, Instrumentation and Testing] -- Deprecate `--record` flag in `kubectl`. The `--record` flag is being replaced with the [mechanism](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/859-kubectl-headers) which annotates HTTP requests with kubectl command details. ([#102873](https://github.com/kubernetes/kubernetes/pull/102873), [@soltysh](https://github.com/soltysh)) -- E2e.test: removed the `--viper-config` flag. If you were previously using this to pass flags to `e2e.test` via a file, you will need to pass them directly on the command line, e.g. `e2e.test --e2e-output-dir`. ([#102598](https://github.com/kubernetes/kubernetes/pull/102598), [@dims](https://github.com/dims)) -- For `kubeadm`: remove the ClusterStatus API from v1beta3 and its management in the kube-system/kubeadm-config ConfigMap. This method of keeping track of what API endpoints exists in the cluster was replaced (in a prior release) by a method to annotate the etcd Pods that `kubeadm` creates in "stacked etcd" clusters. The following CLI sub-phases are deprecated and are now a NO-OP: for `kubeadm join`: "control-plane-join/update-status", for `kubeadm reset`: "update-cluster-status". Unless you are using these phases explicitly, you should not be affected. ([#101915](https://github.com/kubernetes/kubernetes/pull/101915), [@neolit123](https://github.com/neolit123)) -- Kubeadm: remove the deprecated `--csr-only` and `--csr-dir` flags from `kubeadm init phase certs`. Deprecate the same flags under `kubeadm certs renew`. In both the cases the command `kubeadm certs generate-csr` should be used instead. ([#102108](https://github.com/kubernetes/kubernetes/pull/102108), [@neolit123](https://github.com/neolit123)) -- Kubeadm: Remove the deprecated command `kubeadm alpha kubeconfig`. Please use `kubeadm kubeconfig` instead. ([#101938](https://github.com/kubernetes/kubernetes/pull/101938), [@knight42](https://github.com/knight42)) -- Kubeadm: Remove the deprecated hyperkube image support in `v1beta3`. This implies removal of `ClusterConfiguration.UseHyperKubeImage.` ([#101537](https://github.com/kubernetes/kubernetes/pull/101537), [@neolit123](https://github.com/neolit123)) -- Kubeadm: Remove the field `ClusterConfiguration.DNS.Type` in v1beta3 since CoreDNS is the only supported DNS type. ([#101547](https://github.com/kubernetes/kubernetes/pull/101547), [@neolit123](https://github.com/neolit123)) -- Kubeadm: remove the deprecated command `kubeadm config view`. A replacement for this command is `kubectl get cm -n kube-system kubeadm-config -o=jsonpath="{.data.ClusterConfiguration}"` ([#102071](https://github.com/kubernetes/kubernetes/pull/102071), [@neolit123](https://github.com/neolit123)) -- Kubeadm: remove the deprecated flag '--image-pull-timeout' for 'kubeadm upgrade apply' command ([#102093](https://github.com/kubernetes/kubernetes/pull/102093), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Kubeadm: remove the deprecated flag `--insecure-port` from the kube-apiserver manifest that kubeadm manages. The flag had no effect since 1.20, since the insecure serving of the component was disabled in the same version. ([#102121](https://github.com/kubernetes/kubernetes/pull/102121), [@pacoxu](https://github.com/pacoxu)) -- Kubeadm: remove the deprecated kubeadm API `v1beta1`. Introduce a new kubeadm API `v1beta3`. See [kubeadm/v1beta3](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3) for a list of changes since `v1beta2`. Note that `v1beta2` is not yet deprecated, but will be in a future release. ([#101129](https://github.com/kubernetes/kubernetes/pull/101129), [@neolit123](https://github.com/neolit123)) -- Newly provisioned PVs by vSphere in-tree plugin will no longer have the beta `FailureDomain` label. vSphere volume plugin will start to have GA topology label ([#102414](https://github.com/kubernetes/kubernetes/pull/102414), [@divyenpatel](https://github.com/divyenpatel)) -- Removal of the CSI `NodePublish` path by the kubelet is deprecated. This must be done by the CSI plugin according to the CSI spec. ([#101441](https://github.com/kubernetes/kubernetes/pull/101441), [@dobsonj](https://github.com/dobsonj)) -- Remove support for the Service `topologyKeys` field (alpha) and the `kube-proxy` implementation of it. This field was deprecated several cycles ago. This functionality is replaced by the combination of automatic topology hints per-endpoint (alpha) and the Service `internalTrafficPolicy` field (alpha). ([#102412](https://github.com/kubernetes/kubernetes/pull/102412), [@andrewsykim](https://github.com/andrewsykim)) -- The `PodUnknown` phase is now deprecated. ([#95286](https://github.com/kubernetes/kubernetes/pull/95286), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) -- The `storageos`, `quobyte` and `flocker` storage volume plugins are deprecated and will be removed in a later release. ([#101773](https://github.com/kubernetes/kubernetes/pull/101773), [@Jiawei0227](https://github.com/Jiawei0227)) -- The deprecated flag `--hard-pod-affinity-symmetric-weight` and `--scheduler-name` have been removed from `kube-scheduler`. Use `ComponentConfig` instead to configure those parameters. ([#102805](https://github.com/kubernetes/kubernetes/pull/102805), [@ahg-g](https://github.com/ahg-g)) -- The feature Dynamic Kubelet Configuration is deprecated and kubelet will report warning when the flag `--dynamic-config-dir` is used. Feature gate `DynamicKubeletConfig` is disabled out of the box and needs to be explicitly enabled. ([#102966](https://github.com/kubernetes/kubernetes/pull/102966), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) [SIG Cloud Provider, Instrumentation and Node] -- The in-tree azure and gcp auth plugins have been deprecated. The https://github.com/Azure/kubelogin and gcloud commands serve as out-of-tree replacements via the kubectl/client-go credential plugin mechanism. ([#102181](https://github.com/kubernetes/kubernetes/pull/102181), [@enj](https://github.com/enj)) [SIG API Machinery and Auth] -- The ingress `v1beta1` has been deprecated. ([#102030](https://github.com/kubernetes/kubernetes/pull/102030), [@aojea](https://github.com/aojea)) - - -#### API Change -- A new score extension for NodeResourcesFit plugin that merges the functionality of `NodeResourcesLeastAllocated`, `NodeResourcesMostAllocated`, `RequestedToCapacityRatio` plugins, which are marked as deprecated as of v1beta2. In v1beta1, the three plugins can still be used in v1beta1 but not at the same time with the score extension of `NodeResourcesFit`. ([#101822](https://github.com/kubernetes/kubernetes/pull/101822), [@yuzhiquan](https://github.com/yuzhiquan)) -- A value of `Auto` is now a valid for the `service.kubernetes.io/topology-aware-hints` annotation. ([#100728](https://github.com/kubernetes/kubernetes/pull/100728), [@robscott](https://github.com/robscott)) -- Add `DataSourceRef` alpha field to PVC spec, which allows contents other than `PVCs` and `VolumeSnapshots` to be data sources. ([#103276](https://github.com/kubernetes/kubernetes/pull/103276), [@bswartz](https://github.com/bswartz)) -- Add `PersistentVolumeClaimDeletePoilcy` to StatefulSet API. ([#99378](https://github.com/kubernetes/kubernetes/pull/99378), [@mattcary](https://github.com/mattcary)) -- Add a new Priority and Fairness rule that exempts all probes (`/readyz`, `/healthz`, `/livez`) to prevent restarting of healthy `kube-apiserver` instance by kubelet. ([#100678](https://github.com/kubernetes/kubernetes/pull/100678), [@tkashem](https://github.com/tkashem)) -- Add alpha support for HostProcess containers on Windows ([#99576](https://github.com/kubernetes/kubernetes/pull/99576), [@marosset](https://github.com/marosset)) [SIG API Machinery, Apps, Node, Testing and Windows] -- Add distributed tracing to the `kube-apiserver`. It is can be enabled with the feature gate `APIServerTracing` ([#94942](https://github.com/kubernetes/kubernetes/pull/94942), [@dashpole](https://github.com/dashpole)) -- Add three metrics to the job controller to monitor if a job works in healthy condition. - `IndexedJob` has been promoted to Beta. ([#101292](https://github.com/kubernetes/kubernetes/pull/101292), [@AliceZhang2016](https://github.com/AliceZhang2016)) -- Added field `.status.uncountedTerminatedPods` to the Job resource. This field is used by the job controller to keep track of finished pods before adding them to the Job status counters. Pods created by the job controller get the finalizer `batch.kubernetes.io/job-tracking` - Jobs that are tracked using this mechanism get the annotation `batch.kubernetes.io/job-tracking`. This is a temporary measure. Two releases after this feature graduates to beta, the annotation won't be added to Jobs anymore. ([#98817](https://github.com/kubernetes/kubernetes/pull/98817), [@alculquicondor](https://github.com/alculquicondor)) -- Added new kubelet alpha feature `SeccompDefault`. This feature enables falling back to - the `RuntimeDefault` (former `runtime/default`) seccomp profile if nothing else is specified - in the pod/container `SecurityContext` or the pod annotation level. To use the feature, enable - the feature gate as well as set the kubelet configuration option `SeccompDefault` - (`--seccomp-default`) to `true`. ([#101943](https://github.com/kubernetes/kubernetes/pull/101943), [@saschagrunert](https://github.com/saschagrunert)) [SIG Node] -- Adds the `ReadWriteOncePod` access mode for `PersistentVolumes` and `PersistentVolumeClaims`. Restricts volume access to a single pod on a single node. ([#102028](https://github.com/kubernetes/kubernetes/pull/102028), [@chrishenzie](https://github.com/chrishenzie)) -- Alpha swap support can now be enabled on Kubernetes nodes with the `NodeSwapEnabled` feature flag. See [KEP-2400](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2400-node-swap/README.md#design-details) for details. ([#102823](https://github.com/kubernetes/kubernetes/pull/102823), [@ehashman](https://github.com/ehashman)) -- Because of the implementation logic of `time.Format` in golang, the displayed time zone is not consistent. ([#102366](https://github.com/kubernetes/kubernetes/pull/102366), [@cndoit18](https://github.com/cndoit18)) -- Corrected the documentation for escaping dollar signs in a container's env, command and args property. ([#101916](https://github.com/kubernetes/kubernetes/pull/101916), [@MartinKanters](https://github.com/MartinKanters)) [SIG Apps] -- Enable `MaxSurge` for `DaemonSet` by default. ([#101742](https://github.com/kubernetes/kubernetes/pull/101742), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Enforce the `ReadWriteOncePod` PVC access mode during scheduling ([#103082](https://github.com/kubernetes/kubernetes/pull/103082), [@chrishenzie](https://github.com/chrishenzie)) -- Ephemeral containers are now allowed to configure a `securityContext` that differs from that of the Pod. Cluster administrators should ensure that security policy controllers support `EphemeralContainers` before enabling this feature in clusters. ([#99023](https://github.com/kubernetes/kubernetes/pull/99023), [@verb](https://github.com/verb)) -- Exec plugin authors can override default handling of standard input via new `interactiveMode` kubeconfig field. ([#99310](https://github.com/kubernetes/kubernetes/pull/99310), [@ankeesler](https://github.com/ankeesler)) -- If someone had the `ProbeTerminationGracePeriod` alpha feature enabled in 1.21, they should update/delete any workloads/pods with probe `terminationGracePeriods` < 1 before upgrading ([#103245](https://github.com/kubernetes/kubernetes/pull/103245), [@wzshiming](https://github.com/wzshiming)) -- Improved parsing of label selectors ([#102188](https://github.com/kubernetes/kubernetes/pull/102188), [@alculquicondor](https://github.com/alculquicondor)) [SIG API Machinery] -- Introduce `minReadySeconds` api to the `StatefulSets`. ([#100842](https://github.com/kubernetes/kubernetes/pull/100842), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Introducing Memory quality of service support with `cgroups v2 (Alpha)`. The `MemoryQoS` feature is now in Alpha. This allows `kubelet` running with `cgroups v2` to set memory QoS at container, pod and QoS level to protect and guarantee better memory quality. This feature can be enabled through feature gate Memory QoS. ([#102970](https://github.com/kubernetes/kubernetes/pull/102970), [@borgerli](https://github.com/borgerli)) -- Kube API server accepts `Impersonate-Uid` header to impersonate a user with a specific UID, in the same way that you can currently use `Impersonate-User`, `Impersonate-Group` and `Impersonate-Extra`. ([#99961](https://github.com/kubernetes/kubernetes/pull/99961), [@margocrawf](https://github.com/margocrawf)) -- Kube-apiserver: `--service-account-issuer` can be specified multiple times now, to enable non-disruptive change of issuer. ([#101155](https://github.com/kubernetes/kubernetes/pull/101155), [@zshihang](https://github.com/zshihang)) [SIG API Machinery, Auth, Node and Testing] -- Kube-controller-manager: the `--horizontal-pod-autoscaler-use-rest-clients` flag and Heapster support in the horizontal pod autoscaler, deprecated since 1.12, is removed. ([#90368](https://github.com/kubernetes/kubernetes/pull/90368), [@serathius](https://github.com/serathius)) -- Kube-scheduler: a plugin enabled in a v1beta2 configuration file takes precedence over the default configuration for that plugin. This simplifies enabling default plugins with custom configuration without needing to explicitly disable those default plugins. ([#99582](https://github.com/kubernetes/kubernetes/pull/99582), [@chendave](https://github.com/chendave)) -- New `node-high` priority-level has been added to Suggested API Priority and Fairness configuration.([#101151](https://github.com/kubernetes/kubernetes/pull/101151), [@mborsz](https://github.com/mborsz)) -- NodeSwapEnabled feature flag was renamed to NodeSwap - - The flag was only available in the 1.22.0-beta.1 release, and the new flag should be used going forward. ([#103553](https://github.com/kubernetes/kubernetes/pull/103553), [@ehashman](https://github.com/ehashman)) [SIG Node] -- Omit comparison with boolean constant ([#101523](https://github.com/kubernetes/kubernetes/pull/101523), [@chuntaochen](https://github.com/chuntaochen)) [SIG CLI and Cloud Provider] -- Removed the feature flag for probe-level termination grace period from Kubelet. If a user wants to disable this feature on already created pods, they will have to delete and recreate the pods. ([#103168](https://github.com/kubernetes/kubernetes/pull/103168), [@raisaat](https://github.com/raisaat)) [SIG Apps and Node] -- Revert addition of Add `PersistentVolumeClaimDeletePoilcy` to `StatefulSet`API. ([#103747](https://github.com/kubernetes/kubernetes/pull/103747), [@mattcary](https://github.com/mattcary)) -- Scheduler could be configured to consider new resources beside CPU and memory, GPU for example, for the score plugin of `NodeResourcesBalancedAllocation`. ([#101946](https://github.com/kubernetes/kubernetes/pull/101946), [@chendave](https://github.com/chendave)) [SIG Scheduling] -- Server Side Apply now treats all Selector fields as atomic (meaning the entire selector is managed by a single writer and updated together), since they contain interrelated and inseparable fields that do not merge in intuitive ways. ([#97989](https://github.com/kubernetes/kubernetes/pull/97989), [@Danil-Grigorev](https://github.com/Danil-Grigorev)) [SIG API Machinery] -- Suspend Job feature graduated to beta. Added the `action` label to Job controller sync metrics `job_sync_total` and `job_sync_duration_seconds`. ([#102022](https://github.com/kubernetes/kubernetes/pull/102022), [@adtac](https://github.com/adtac)) -- The API documentation for the DaemonSet's `spec.updateStrategy.rollingUpdate.maxUnavailable` field was corrected to state that the value is rounded up. ([#101296](https://github.com/kubernetes/kubernetes/pull/101296), [@Miciah](https://github.com/Miciah)) -- The `CSIServiceAccountToken` graduates to Ga and is unconditionally enabled. ([#103001](https://github.com/kubernetes/kubernetes/pull/103001), [@zshihang](https://github.com/zshihang)) -- The `CertificateSigningRequest.certificates.k8s.io` API supports an optional expirationSeconds field to allow the client to request a particular duration for the issued certificate. The default signer implementations provided by the Kubernetes controller manager will honor this field as long as it does not exceed the --cluster-signing-duration flag. ([#99494](https://github.com/kubernetes/kubernetes/pull/99494), [@enj](https://github.com/enj)) -- The `EndpointSlicen Mirroring controller` no longer mirrors the `last-applied-configuration` annotation created by `kubectl` to update `EndpointSlices`. ([#102731](https://github.com/kubernetes/kubernetes/pull/102731), [@sharmarajdaksh](https://github.com/sharmarajdaksh)) -- The `NetworkPolicyEndPort` is graduated to beta and is enabled by default. ([#102834](https://github.com/kubernetes/kubernetes/pull/102834), [@rikatz](https://github.com/rikatz)) -- The `PodDeletionCost` feature has been promoted to beta, and enabled by default. ([#101080](https://github.com/kubernetes/kubernetes/pull/101080), [@ahg-g](https://github.com/ahg-g)) -- The `Server Side Apply` treats certain structs as atomic. Meaning the entire selector field is managed by a single writer and updated together. ([#100684](https://github.com/kubernetes/kubernetes/pull/100684), [@Jefftree](https://github.com/Jefftree)) -- The `ServiceAppProtocol` feature gate has been removed. It reached GA in Kubernetes ([#103190](https://github.com/kubernetes/kubernetes/pull/103190), [@robscott](https://github.com/robscott)) -- The `TerminationGracePeriodSeconds` on pod specs and container probes should not be negative. Negative values of `TerminationGracePeriodSeconds` will be treated as the value `1s` on the delete path. Immutable field validation will be relaxed in order to update negative values. In a future release, negative values will not be permitted. ([#98866](https://github.com/kubernetes/kubernetes/pull/98866), [@wzshiming](https://github.com/wzshiming)) -- The `kube-scheduler` component config `v1beta2` API available - Three scheduler plugins deprecated (`NodeLabel`, `ServiceAffinity`, `NodePreferAvoidPods`). ([#99597](https://github.com/kubernetes/kubernetes/pull/99597), [@adtac](https://github.com/adtac)) -- The `pod/eviction` subresource now accepts `policy/v1` eviction requests in addition to `policy/v1beta1` eviction requests ([#100724](https://github.com/kubernetes/kubernetes/pull/100724), [@liggitt](https://github.com/liggitt)) -- The `podAffinity`, `NamespaceSelector` and the associated `CrossNamespaceAffinity` quota scope features graduate to Beta and they are now enabled by default. ([#101496](https://github.com/kubernetes/kubernetes/pull/101496), [@ahg-g](https://github.com/ahg-g)) -- The `pods/ephemeralcontainers` API now returns and expects a `Pod` object instead of `EphemeralContainers`. This is incompatible with the previous alpha-level API. ([#101034](https://github.com/kubernetes/kubernetes/pull/101034), [@verb](https://github.com/verb)) [SIG Apps, Auth, CLI and Testing] -- The `v1.Node` and `.status.images[].names` are now optional. ([#102159](https://github.com/kubernetes/kubernetes/pull/102159), [@roycaihw](https://github.com/roycaihw)) -- The deprecated flag `--algorithm-provider` has been removed from `kube-scheduler`. Use instead `ComponentConfig` to configure the set of enabled plugins. ([#102239](https://github.com/kubernetes/kubernetes/pull/102239), [@Haleygo](https://github.com/Haleygo)) -- The options `--ssh-user` and `--ssh-key` are removed. They only functioned on GCE, and only in-tree. Use the apiserver network proxy instead. ([#102297](https://github.com/kubernetes/kubernetes/pull/102297), [@deads2k](https://github.com/deads2k)) -- Track Job completion through status and Pod finalizers, removing dependency on Pod tombstones. ([#98238](https://github.com/kubernetes/kubernetes/pull/98238), [@alculquicondor](https://github.com/alculquicondor)) [SIG API Machinery, Apps, Auth and Testing] -- Track ownership of scale subresource for all scalable resources i.e. Deployment, ReplicaSet, StatefulSet, ReplicationController, and Custom Resources. ([#98377](https://github.com/kubernetes/kubernetes/pull/98377), [@nodo](https://github.com/nodo)) [SIG API Machinery and Testing] - - -#### Feature -- Kube-apiserver: when merging lists, Server Side Apply now prefers the order of the submitted request instead of the existing persisted object ([#107568](https://github.com/kubernetes/kubernetes/pull/107568), [@jiahuif](https://github.com/jiahuif)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing] -- Kubernetes is now built with Golang 1.16.12 ([#106982](https://github.com/kubernetes/kubernetes/pull/106982), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63 ([#106960](https://github.com/kubernetes/kubernetes/pull/106960), [@cpanato](https://github.com/cpanato)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] -- Kubernetes is now built with Golang 1.16.10 (#106223, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Update debian-base, debian-iptables, setcap images to pick up CVE fixes - - Debian-base to v1.9.0 - - Debian-iptables to v1.6.7 - - setcap to v2.0.4 (#106143, @cpanato) [SIG Release and Testing] -- A `system-cluster-critical` pod should not get a low OOM Score. - - As of now both `system-node-critical` and `system-cluster-critical` pods have -997 OOM score, making them one of the last processes to be OOMKilled. By definition `system-cluster-critical` pods can be scheduled elsewhere if there is a resource crunch on the node where as `system-node-critical` pods cannot be rescheduled. This was the reason for `system-node-critical` to have higher priority value than `system-cluster-critical`. This change allows only `system-node-critical` priority class to have low OOMScore. - - action required - If the user wants to have the pod to be OOMKilled last and the pod has `system-cluster-critical` priority class, it has to be changed to `system-node-critical` priority class to preserve the existing behavior ([#99729](https://github.com/kubernetes/kubernetes/pull/99729), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- API Server tracing can now trace re-entrant api requests. ([#103218](https://github.com/kubernetes/kubernetes/pull/103218), [@dashpole](https://github.com/dashpole)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle and Instrumentation] -- APIServerTracing now collects spans from etcd client calls, and propagates context to etcd. ([#103216](https://github.com/kubernetes/kubernetes/pull/103216), [@dashpole](https://github.com/dashpole)) [SIG API Machinery, Cloud Provider and Instrumentation] -- APIServerTracing now collects spans from outgoing requests to admission webhooks. ([#103601](https://github.com/kubernetes/kubernetes/pull/103601), [@dashpole](https://github.com/dashpole)) [SIG API Machinery] -- Add a namespace label for all `apiserver_admission_* metrics`. - Expand the histogram range to 0-10s for all `apiserver_admission_*_duration_seconds` metrics. ([#101208](https://github.com/kubernetes/kubernetes/pull/101208), [@voutcn](https://github.com/voutcn)) -- Add unified map on CRI to support `cgroup v2`. Refer to https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#unified. ([#102578](https://github.com/kubernetes/kubernetes/pull/102578), [@payall4u](https://github.com/payall4u)) -- Added BinaryData description to `kubectl describe` command. ([#100568](https://github.com/kubernetes/kubernetes/pull/100568), [@lauchokyip](https://github.com/lauchokyip)) -- Added a new metric `apiserver_flowcontrol_request_concurrency_in_use` that shows the number of - seats (concurrency) occupied by the currently executing requests in the API Priority and Fairness system. ([#102795](https://github.com/kubernetes/kubernetes/pull/102795), [@tkashem](https://github.com/tkashem)) -- Added field-selector option for `kubectl top pod` ([#102155](https://github.com/kubernetes/kubernetes/pull/102155), [@lauchokyip](https://github.com/lauchokyip)) [SIG CLI] -- Added new metrics about API Priority and Fairness. Each one has a label `priority_level`. The last two also have a label `bound` taking values `min` and `max. - - apiserver_flowcontrol_current_r: R(the time of the last change in state of the queues) - - apiserver_flowcontrol_dispatch_r: R(the time of the latest request dispatch) - - apiserver_flowcontrol_latest_s: S(the request last dispatched) = R(when that request starts executing in the virtual world) - - apiserver_flowcontrol_next_s_bounds: min and max next S among non-empty queues - - apiserver_flowcontrol_next_discounted_s_bounds: min and max next S - (sum [over requests executing] width * estimatedDuration) among non-empty queues ([#102859](https://github.com/kubernetes/kubernetes/pull/102859), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery and Instrumentation] -- Adding `--restart-kubelet` flag on E2E Node test suite ([#97028](https://github.com/kubernetes/kubernetes/pull/97028), [@knabben](https://github.com/knabben)) [SIG Node and Testing] -- Adds feature gate `KubeletInUserNamespace` which enables support for running kubelet in a user namespace. - - The user namespace has to be created before running kubelet. - All the node components such as CRI need to be running in the same user namespace. - - When the feature gate is enabled, kubelet ignores errors that happens during setting the following sysctl values: `vm.overcommit_memory`, `vm.panic_on_oom`, `kernel.panic`, `kernel.panic_on_oops`, `kernel.keys.root_maxkeys`, `kernel.keys.root_maxbytes`. (These sysctl values for the host, not for the containers) - - kubelet also ignores an error during opening `/dev/kmsg`. - This feature gate also allows kube-proxy to ignore an error during setting `RLIMIT_NOFILE`. - - This feature gate is especially useful for running Kubernetes inside Rootless Docker/Podman with `kind` or `minikube`. ([#92863](https://github.com/kubernetes/kubernetes/pull/92863), [@AkihiroSuda](https://github.com/AkihiroSuda)) [SIG Network, Node and Testing] -- Adds metrics for the delegated authenticator used by extension APIs that delegate authentication logic to the Kube API server. ([#99364](https://github.com/kubernetes/kubernetes/pull/99364), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- Adds metrics for the delegated authorizer used by extension APIs that delegate authorization logic to the Kube API server. ([#100339](https://github.com/kubernetes/kubernetes/pull/100339), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- Adds two kubemark flags, `--max-pods` and `--extended-resources`. ([#100267](https://github.com/kubernetes/kubernetes/pull/100267), [@Jeffwan](https://github.com/Jeffwan)) -- An audit log entry will be generated when a `ValidatingAdmissionWebhook` is failing to open. ([#92739](https://github.com/kubernetes/kubernetes/pull/92739), [@cnphil](https://github.com/cnphil)) -- Base images: Updated to - - debian-base:buster-v1.6.0 - - debian-iptables:buster-v1.6.0 ([#100976](https://github.com/kubernetes/kubernetes/pull/100976), [@jindijamie](https://github.com/jindijamie)) -- Base-images: Update to `debian-base:buster-v1.7.1` ([#102594](https://github.com/kubernetes/kubernetes/pull/102594), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Deprecated warning message for `igonre-errors` flag. ([#102677](https://github.com/kubernetes/kubernetes/pull/102677), [@yuzhiquan](https://github.com/yuzhiquan)) -- Endpoints that have more than 1000 endpoints will be truncated and the `endpoints.kubernetes.io/over-capacity` annotation on the Endpoints resource will be set to `truncated`. ([#103520](https://github.com/kubernetes/kubernetes/pull/103520), [@swetharepakula](https://github.com/swetharepakula)) [SIG Apps and Network] -- Expose `/debug/flags/v` to allow dynamically setting log level for kube-proxy. ([#98306](https://github.com/kubernetes/kubernetes/pull/98306), [@borgerli](https://github.com/borgerli)) [SIG Network] -- Expose container start time as `container_start_time_seconds` in the kubelet `/metrics/resource` endpoint. ([#102444](https://github.com/kubernetes/kubernetes/pull/102444), [@sanwishe](https://github.com/sanwishe)) -- Extended resources defined in `LeastAllocated`, `MostAllocated` and `RequestedToCapacityRatio` plugin argument are bypassed by the scheduler if the incoming Pod doesn't request them in the pod spec. ([#103169](https://github.com/kubernetes/kubernetes/pull/103169), [@Huang-Wei](https://github.com/Huang-Wei)) -- Feat: change parittion style to GPT on Windows ([#101412](https://github.com/kubernetes/kubernetes/pull/101412), [@andyzhangx](https://github.com/andyzhangx)) [SIG Storage and Windows] -- Features gates `EndpointSliceProxying` & `WindowsEndpointSliceProxying` graduates to GA and are unconditionally enabled. Kube-proxy will use EndpointSlices for endpoint information. ([#103451](https://github.com/kubernetes/kubernetes/pull/103451), [@swetharepakula](https://github.com/swetharepakula)) -- Fluentd: isolate logging resources in separate namespace `logging` ([#68004](https://github.com/kubernetes/kubernetes/pull/68004), [@saravanan30erd](https://github.com/saravanan30erd)) -- For `kubeadm`: add `--validity-period` flag for `kubeadm kubeconfig user` command. ([#100907](https://github.com/kubernetes/kubernetes/pull/100907), [@SataQiu](https://github.com/SataQiu)) -- Implement `minReadySeconds` for the `StatefulSets`. ([#101316](https://github.com/kubernetes/kubernetes/pull/101316), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Improve logging of `APIService` availability changes in kube-apiserver. ([#101420](https://github.com/kubernetes/kubernetes/pull/101420), [@sttts](https://github.com/sttts)) -- Introduce a feature gate `DisableCloudProviders` allowing to disable cloud-provider initialization in KAPI, KCM and kubelet. - `DisableCloudProviders` FeatureGate is currently in Alpha, which means is currently disabled by default. Once the FeatureGate moves to beta, in-tree cloud providers would be disabled by default, and a user won't be able to specify `--cloud-provider=` anymore to any of KCM, KAPI or kubelet. Only a '--cloud-provider=external' would be allowed. CCM would have to run out-of-tree with CSI. ([#100136](https://github.com/kubernetes/kubernetes/pull/100136), [@Danil-Grigorev](https://github.com/Danil-Grigorev)) -- JSON logging format is no longer available by default in non-core Kubernetes Components and require owners to opt in. ([#102869](https://github.com/kubernetes/kubernetes/pull/102869), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG API Machinery, Cluster Lifecycle and Instrumentation] -- Kube-apiserver: the alpha PodSecurity feature can be enabled by passing `--feature-gates=PodSecurity=true`, and enables controlling allowed pods using namespace labels. See https://git.k8s.io/enhancements/keps/sig-auth/2579-psp-replacement for more details. ([#103099](https://github.com/kubernetes/kubernetes/pull/103099), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth, Instrumentation, Release, Security and Testing] -- Kube-proxy uses V1 `EndpointSlices`. ([#103306](https://github.com/kubernetes/kubernetes/pull/103306), [@swetharepakula](https://github.com/swetharepakula)) -- Kubeadm: Add the `RootlessControlPlane` kubeadm specific feature gate (Alpha in 1.22, disabled by default). It can be used to enable an experimental feature that makes the control plane component static Pod containers for `kube-apiserver`, `kube-controller-manager`, `kube-scheduler` and `etcd` to run as a non-root users. ([#102158](https://github.com/kubernetes/kubernetes/pull/102158), [@vinayakankugoyal](https://github.com/vinayakankugoyal)) -- Kubeadm: Set the `seccompProfile` to `runtime/default` in the `PodSecurityContext` of the control-plane components that run as static Pods. ([#100234](https://github.com/kubernetes/kubernetes/pull/100234), [@vinayakankugoyal](https://github.com/vinayakankugoyal)) -- Kubeadm: add a new field `skipPhases` to `v1beta3` `InitConfiguration` and `JoinConfiguration` that can contain a list of phases to skip during "kubeadm init" and "kubeadm join". The flag "--skip-phases" takes precedence over this field. ([#101923](https://github.com/kubernetes/kubernetes/pull/101923), [@neolit123](https://github.com/neolit123)) -- Kubeadm: add the `--dry-run` flag to the `control-plane` phase of "kubeadm init". ([#102722](https://github.com/kubernetes/kubernetes/pull/102722), [@vinayakankugoyal](https://github.com/vinayakankugoyal)) -- Kubeadm: add the `imagePullPolicy` field in the `nodeRegistration` section of `InitConfiguration` and `JoinConfiguration` in `v1beta3`. This allows the user to specify the image pull policy during "kubeadm init" and "kubeadm join". The value of this field must be one of `Always`, `IfNotPresent` or `Never`. The default behavior continues to be `IfNotPresent`. ([#102901](https://github.com/kubernetes/kubernetes/pull/102901), [@wangyysde](https://github.com/wangyysde)) -- Kubeadm: during "kubeadm init/join/upgrade", always default the `cgroupDriver` value in the `KubeletConfiguration` to `systemd`, unless the user was explicit about the value. See [configure-cgroup-driver](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/) for more details. ([#102133](https://github.com/kubernetes/kubernetes/pull/102133), [@pacoxu](https://github.com/pacoxu)) -- Kubeadm: update `CoreDNS` to 1.8.4. Grant `CoreDNS` permissions to "list" and "watch" `EndpointSlice` objects to accommodate dual-stack support. ([#102466](https://github.com/kubernetes/kubernetes/pull/102466), [@pacoxu](https://github.com/pacoxu)) -- Kubectl: add `LAST RESTART` column to `kubectl get pods` output. ([#100142](https://github.com/kubernetes/kubernetes/pull/100142), [@Ethyling](https://github.com/Ethyling)) -- Kubemark's hollow-node will now print flags before starting. ([#101181](https://github.com/kubernetes/kubernetes/pull/101181), [@mm4tt](https://github.com/mm4tt)) -- Kubernetes is now built with Golang 1.16.3 ([#101206](https://github.com/kubernetes/kubernetes/pull/101206), [@justaugustus](https://github.com/justaugustus)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Kubernetes is now built with Golang 1.16.4 ([#101809](https://github.com/kubernetes/kubernetes/pull/101809), [@justaugustus](https://github.com/justaugustus)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Kubernetes is now built with Golang 1.16.5. ([#102689](https://github.com/kubernetes/kubernetes/pull/102689), [@cpanato](https://github.com/cpanato)) -- Kubernetes is now built with Golang 1.16.6 ([#103669](https://github.com/kubernetes/kubernetes/pull/103669), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Leader Migration for controller managers graduated to beta. ([#103533](https://github.com/kubernetes/kubernetes/pull/103533), [@jiahuif](https://github.com/jiahuif)) [SIG API Machinery and Cloud Provider] -- Make kubectl command headers default for beta. ([#103238](https://github.com/kubernetes/kubernetes/pull/103238), [@seans3](https://github.com/seans3)) [SIG CLI] -- Mark `net.ipv4.ip_unprivileged_port_start` as safe `sysctl`. ([#103326](https://github.com/kubernetes/kubernetes/pull/103326), [@pacoxu](https://github.com/pacoxu)) -- Metrics server nanny has now poll period set to 30s (previously 5 minutes) to allow faster scaling of metrics server. ([#101869](https://github.com/kubernetes/kubernetes/pull/101869), [@olagacek](https://github.com/olagacek)) [SIG Cloud Provider and Instrumentation] -- NetworkPolicy validation framework support for windows. ([#98077](https://github.com/kubernetes/kubernetes/pull/98077), [@jayunit100](https://github.com/jayunit100)) -- New feature gate `ExpandedDNSConfig` is now available. This feature allows Kubernetes to have expanded DNS configuration. ([#100651](https://github.com/kubernetes/kubernetes/pull/100651), [@gjkim42](https://github.com/gjkim42)) -- New metrics: `apiserver_kube_aggregator_x509_missing_san_total` and `apiserver_webhooks_x509_missing_san_total`. This metric measures a number of connections to webhooks/aggregated API servers that use certificates without Subject Alternative Names. It being non-zero is a warning sign that these connections will stop functioning in the future since Golang is going to deprecate x509 certificate subject Common Names for server hostname verification. ([#95396](https://github.com/kubernetes/kubernetes/pull/95396), [@stlaz](https://github.com/stlaz)) [SIG API Machinery, Auth and Instrumentation] -- Node Problem Detector is now available for GCE Windows nodes. ([#101539](https://github.com/kubernetes/kubernetes/pull/101539), [@jeremyje](https://github.com/jeremyje)) [SIG Cloud Provider, Node and Windows] -- Promote Cronjobs storage version to `batch/v1`. ([#102363](https://github.com/kubernetes/kubernetes/pull/102363), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Promote `CronJobControllerV2` flag to GA, with removal in 1.23. ([#102529](https://github.com/kubernetes/kubernetes/pull/102529), [@soltysh](https://github.com/soltysh)) -- Promote `EndpointSliceTerminatingCondition` to Beta. This enables the `terminating` and `serving` conditions for EndpointSlice by default. ([#103596](https://github.com/kubernetes/kubernetes/pull/103596), [@andrewsykim](https://github.com/andrewsykim)) -- Run etcd as non-root on GCE provider ([#100635](https://github.com/kubernetes/kubernetes/pull/100635), [@cindy52](https://github.com/cindy52)) -- Scheduler nows provides an option for plugin developers to move `Pods` to activeQ. ([#103383](https://github.com/kubernetes/kubernetes/pull/103383), [@Huang-Wei](https://github.com/Huang-Wei)) -- Secret values are now masked by default in `kubectl diff` output. ([#96084](https://github.com/kubernetes/kubernetes/pull/96084), [@loozhengyuan](https://github.com/loozhengyuan)) -- Services with `externalTrafficPolicy: Local` now support graceful termination when using - the iptables or ipvs mode of kube-proxy with `EndpointSlices` enabled. Specifically, if a - connection for such a service arrives on a node when there are no "Ready" endpoints - for the service, but there is at least one Terminating pod for that service on the node, - then kube-proxy will send the traffic to the Terminating pod rather than dropping it. This - patches up a race condition between when a pod is killed and when the external load - balancer notices that it has been killed. ([#97238](https://github.com/kubernetes/kubernetes/pull/97238), [@andrewsykim](https://github.com/andrewsykim)) -- Shell completion has been migrated to Cobra's go solution. `kubectl` is now smarter about disabling file completion when it does not apply. Furthermore, completion for the `cp` command does not show all files unless the user has started typing something. ([#96087](https://github.com/kubernetes/kubernetes/pull/96087), [@marckhouzam](https://github.com/marckhouzam)) [SIG CLI] -- Some of the in-tree storage drivers indicate support for the `MetricsProvider` interface, but fail to configure this for BlockMode volumes. With a recent change, `Kubelet` will call `GetMetrics()` for BlockMode volumes, and the in-tree drivers that miss the support cause a Go panic. Now the in-tree storage drivers that support BlockMode volumes, will return the Capacity of the volume in the `GetMetrics()` call. ([#101587](https://github.com/kubernetes/kubernetes/pull/101587), [@nixpanic](https://github.com/nixpanic)) -- Support `FakeClientset` match subresource. ([#100939](https://github.com/kubernetes/kubernetes/pull/100939), [@wzshiming](https://github.com/wzshiming)) -- The "Leader Migration" now support a wildcard component name and the default value. ([#102711](https://github.com/kubernetes/kubernetes/pull/102711), [@jiahuif](https://github.com/jiahuif)) -- The CSI driver supports the NodeServiceCapability `VOLUME_MOUNT_GROUP` and the `DelegateFSGroupToCSIDriver` feature gate is enabled, kubelet will delegate applying FSGroup to the driver by passing it to `NodeStageVolume` and `NodePublishVolume`, regardless of what other `FSGroup` policies are set, this is an alpha feature. ([#103244](https://github.com/kubernetes/kubernetes/pull/103244), [@verult](https://github.com/verult)) -- The Memory Manager feature graduates to Beta and it is enabled by default. ([#101947](https://github.com/kubernetes/kubernetes/pull/101947), [@cynepco3hahue](https://github.com/cynepco3hahue)) -- The `BoundServiceAccountTokenVolume` graduates to GA and thus will be unconditionally enabled. The feature gate is going to be removed in 1.23. ([#101992](https://github.com/kubernetes/kubernetes/pull/101992), [@zshihang](https://github.com/zshihang)) -- The `EmptyDir` memory backed volumes are sized as the the minimum of pod allocatable memory on a host and an optional explicit user provided value. ([#101048](https://github.com/kubernetes/kubernetes/pull/101048), [@dims](https://github.com/dims)) -- The `HugePageStorageMediumSize` feature graduates to GA and unconditionally enabled. Allowing unconditional usage of multiple sizes huge page resources on a container level. ([#99144](https://github.com/kubernetes/kubernetes/pull/99144), [@bart0sh](https://github.com/bart0sh)) -- The `IngressClassNamespacedParams` feature gate has graduated to beta and is enabled by default. This means IngressClass resource will now have two new fields - `spec.paramters.namespace` and `spec.parameters.scope`. ([#101711](https://github.com/kubernetes/kubernetes/pull/101711), [@hbagdi](https://github.com/hbagdi)) -- The `LogarithmicScaleDown` feature graduates to Beta and enabled by default. ([#101767](https://github.com/kubernetes/kubernetes/pull/101767), [@damemi](https://github.com/damemi)) -- The `NamespaceDefaultLabelName` is promoted to GA in this release. All Namespace API objects have a `kubernetes.io/metadata.name` label matching their `metadata.name` field to allow selecting any `namespace` by its name using a label selector. ([#101342](https://github.com/kubernetes/kubernetes/pull/101342), [@rosenhouse](https://github.com/rosenhouse)) -- The `ServiceInternalTrafficPolicy` feature graduates to Beta and enable by default, which enables the `internalTrafficPolicy` field of Service by default. ([#103462](https://github.com/kubernetes/kubernetes/pull/103462), [@andrewsykim](https://github.com/andrewsykim)) -- The `ServiceLBNodePortControl` graduates to Beta and is enabled by default. ([#100412](https://github.com/kubernetes/kubernetes/pull/100412), [@hanlins](https://github.com/hanlins)) -- The `SetHostnameAsFQDN` graduates to GA and thus will be unconditionally disabled. ([#101294](https://github.com/kubernetes/kubernetes/pull/101294), [@javidiaz](https://github.com/javidiaz)) -- The `WarningHeader` feature is now GA and is unconditionally enabled. The `apiserver_requested_deprecated_apis` metric has graduated to stable status. The `WarningHeader` feature-gate is no longer operative and will be removed in v1.24. ([#100754](https://github.com/kubernetes/kubernetes/pull/100754), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Instrumentation and Testing] -- The `kubectl debug` is able to create ephemeral containers in pre-1.22 clusters with the `EphemeralContainers` feature enabled. Note that versions of kubectl prior to 1.22 are unable to create ephemeral containers in clusters version 1.22 and greater due to an API change. ([#103292](https://github.com/kubernetes/kubernetes/pull/103292), [@verb](https://github.com/verb)) -- The client-go credential plugins are now GA and are enabled by default. ([#102890](https://github.com/kubernetes/kubernetes/pull/102890), [@ankeesler](https://github.com/ankeesler)) -- The feature gate `SSA` graduated to GA in v1.22 and therefore is unconditionally enabled. ([#100139](https://github.com/kubernetes/kubernetes/pull/100139), [@Jefftree](https://github.com/Jefftree)) -- The job controller removes running pods when the number of completions is achieved. ([#99963](https://github.com/kubernetes/kubernetes/pull/99963), [@alculquicondor](https://github.com/alculquicondor)) -- The kubeconfig is now exposed in `the kube-scheduler` framework handle. Out-of-tree plugins can leverage that to build CRD informers easily. ([#100644](https://github.com/kubernetes/kubernetes/pull/100644), [@Huang-Wei](https://github.com/Huang-Wei)) -- The new flag `--chunk-size=SIZE` for `kubectl drain` has been promoted to beta, and enabled by default. This flag may be used to alter the number of items or disable this feature when `0` is passed. ([#100148](https://github.com/kubernetes/kubernetes/pull/100148), [@KnVerey](https://github.com/KnVerey)) -- The new flag `--chunk-size=SIZE` has been added to `kubectl describe`. This flag may be used to alter the number of items or disable this feature when `0` is passed. ([#101171](https://github.com/kubernetes/kubernetes/pull/101171), [@KnVerey](https://github.com/KnVerey)) -- The pod resource API will provide memory manager metrics in the case when the memory manager feature gate is enabled, and the memory manager policy is static. ([#101030](https://github.com/kubernetes/kubernetes/pull/101030), [@cynepco3hahue](https://github.com/cynepco3hahue)) -- The prefer nominated node graduates to Beta and enabld by default. ([#102201](https://github.com/kubernetes/kubernetes/pull/102201), [@chendave](https://github.com/chendave)) -- Update etcd version to 3.5.0-beta.3. ([#102062](https://github.com/kubernetes/kubernetes/pull/102062), [@serathius](https://github.com/serathius)) -- Update the Debian images to pick up CVE fixes in the base images: - - Update the `debian-base` image to v1.7.0 - - Update the `debian-iptables` image to v1.6.1 ([#102302](https://github.com/kubernetes/kubernetes/pull/102302), [@xmudrii](https://github.com/xmudrii)) -- Update the setcap image to buster-v2.0.1. ([#102377](https://github.com/kubernetes/kubernetes/pull/102377), [@xmudrii](https://github.com/xmudrii)) -- Update the system-validators library to v1.5.0. Includes validation for `seccomp` and fixes a stdout/stderr problem in the Docker validator. ([#103390](https://github.com/kubernetes/kubernetes/pull/103390), [@ironyman](https://github.com/ironyman)) -- Updates the following images to pick up CVE fixes: - - `debian` to v1.8.0 - - `debian-iptables` to v1.6.5 - - `setcap` to v2.0.3 ([#103235](https://github.com/kubernetes/kubernetes/pull/103235), [@thejoycekung](https://github.com/thejoycekung)) [SIG API Machinery, Release and Testing] -- Warnings for the use of deprecated and known-bad values in pod specs are now sent. ([#101688](https://github.com/kubernetes/kubernetes/pull/101688), [@liggitt](https://github.com/liggitt)) -- Watch requests are now handled throttled by priority and fairness filter in `kube-apiserver`. ([#102171](https://github.com/kubernetes/kubernetes/pull/102171), [@wojtek-t](https://github.com/wojtek-t)) -- You can use this Builder function to create events Field Selector ([#101817](https://github.com/kubernetes/kubernetes/pull/101817), [@cndoit18](https://github.com/cndoit18)) [SIG API Machinery and Scalability] -- `Scheduler` now registers event handlers dynamically. ([#101394](https://github.com/kubernetes/kubernetes/pull/101394), [@Huang-Wei](https://github.com/Huang-Wei)) -- `kubectl`: Enable using protocol buffers to request Metrics API. ([#102039](https://github.com/kubernetes/kubernetes/pull/102039), [@serathius](https://github.com/serathius)) - -#### Documentation -- The command`kubectl debug` will now print a warning message when using the `--target` option since many container runtimes do not support this yet. ([#101074](https://github.com/kubernetes/kubernetes/pull/101074), [@verb](https://github.com/verb)) - -#### Failing Test -- Fixes hostpath storage e2e tests within SELinux enabled env (#105786, @Elbehery) [SIG Testing] -- Fixed generic ephemeal volumes with `OwnerReferencesPermissionEnforcement` admission plugin enabled. ([#101186](https://github.com/kubernetes/kubernetes/pull/101186), [@jsafrane](https://github.com/jsafrane)) -- Fixes `kubectl drain --dry-run=server`. ([#100206](https://github.com/kubernetes/kubernetes/pull/100206), [@KnVerey](https://github.com/KnVerey)) -- Fixes an overly restrictive conformance test to accept service account tokens signed by an ECDSA key ([#100680](https://github.com/kubernetes/kubernetes/pull/100680), [@smira](https://github.com/smira)) [SIG Architecture, Auth and Testing] -- Fixes the `should receive events on concurrent watches in same order` conformance test to work properly on clusters that auto-create additional configmaps in namespaces. ([#101950](https://github.com/kubernetes/kubernetes/pull/101950), [@liggitt](https://github.com/liggitt)) -- Resolves an issue with the "ServiceAccountIssuerDiscovery should support OIDC discovery" conformance test failing on clusters which are configured with issuers outside the cluster ([#101589](https://github.com/kubernetes/kubernetes/pull/101589), [@mtaufen](https://github.com/mtaufen)) [SIG Auth and Testing] - - -#### Other (Cleanup or Flake) -- Updates konnectivity-network-proxy to v0.0.27. This includes a memory leak fix for the network proxy ([#107187](https://github.com/kubernetes/kubernetes/pull/107187), [@rata](https://github.com/rata)) [SIG API Machinery, Auth and Cloud Provider] - - -#### Bug or Regression -- An inefficient lock in EndpointSlice controller metrics cache has been reworked. Network programming latency may be significantly reduced in certain scenarios, especially in clusters with a large number of Services. ([#107168](https://github.com/kubernetes/kubernetes/pull/107168), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- Client-go: fix that paged list calls with ResourceVersionMatch set would fail once paging kicked in. ([#107335](https://github.com/kubernetes/kubernetes/pull/107335), [@fasaxc](https://github.com/fasaxc)) [SIG API Machinery] -- Fix a panic when using invalid output format in kubectl create secret command ([#107346](https://github.com/kubernetes/kubernetes/pull/107346), [@rikatz](https://github.com/rikatz)) [SIG CLI] -- Fix: azuredisk parameter lowercase translation issue ([#107429](https://github.com/kubernetes/kubernetes/pull/107429), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fixes a rare race condition handling requests that timeout ([#107459](https://github.com/kubernetes/kubernetes/pull/107459), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Mount-utils: Detect potential stale file handle ([#107039](https://github.com/kubernetes/kubernetes/pull/107039), [@andyzhangx](https://github.com/andyzhangx)) [SIG Storage] -- A pod that the Kubelet rejects was still considered as being accepted for a brief period of time after rejection, which might cause some pods to be rejected briefly that could fit on the node. A pod that is still terminating (but has status indicating it has failed) may also still be consuming resources and so should also be considered. ([#104918](https://github.com/kubernetes/kubernetes/pull/104918), [@ehashman](https://github.com/ehashman)) [SIG Node] -- Fix: skip instance not found when decoupling vmss from lb ([#105836](https://github.com/kubernetes/kubernetes/pull/105836), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Kubeadm: allow the "certs check-expiration" command to not require the existence of the cluster CA key (ca.key file) when checking the expiration of managed certificates in kubeconfig files. ([#106930](https://github.com/kubernetes/kubernetes/pull/106930), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: during execution of the "check expiration" command, treat the etcd CA as external if there is a missing etcd CA key file (etcd/ca.key) and perform the proper validation on certificates signed by the etcd CA. Additionally, make sure that the CA for all entries in the output table is included - for both certificates on disk and in kubeconfig files. ([#106925](https://github.com/kubernetes/kubernetes/pull/106925), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Respect grace period when updating static pods. ([#106394](https://github.com/kubernetes/kubernetes/pull/106394), [@gjkim42](https://github.com/gjkim42)) [SIG Node and Testing] -- Reverts graceful node shutdown to match 1.21 behavior of setting pods that have not yet successfully completed to "Failed" phase if the GracefulNodeShutdown feature is enabled in kubelet. The GracefulNodeShutdown feature is beta and must be explicitly configured via kubelet config to be enabled in 1.21+. This changes 1.22 and 1.23 behavior on node shutdown to match 1.21. If you do not want pods to be marked terminated on node shutdown in 1.22 and 1.23, disable the GracefulNodeShutdown feature. ([#106899](https://github.com/kubernetes/kubernetes/pull/106899), [@bobbypage](https://github.com/bobbypage)) [SIG Node] -- Scheduler's assumed pods have 2min instead of 30s to receive nodeName pod updates ([#106633](https://github.com/kubernetes/kubernetes/pull/106633), [@ahg-g](https://github.com/ahg-g)) [SIG Scheduling] -- EndpointSlice Mirroring controller now cleans up managed EndpointSlices when a Service selector is added (#106132, @robscott) [SIG Apps, Network and Testing] -- Fix a bug that `--disabled-metrics` doesn't function well. (#105793, @Huang-Wei) [SIG API Machinery, Cluster Lifecycle and Instrumentation] -- Fix a panic in kubectl when creating secrets with an improper output type (#106356, @lauchokyip) [SIG CLI] -- Fix concurrent map access causing panics when logging timed-out API calls. (#106112, @marseel) [SIG API Machinery] -- Fix kube-proxy regression on UDP services because the logic to detect stale connections was not considering if the endpoint was ready. (#106239, @aojea) [SIG Network and Testing] -- Fix scoring for NodeResourcesBalancedAllocation plugins when nodes have containers with no requests. (#106081, @ahmad-diaa) [SIG Scheduling] -- Support more than 100 disk mounts on Windows (#105673, @andyzhangx) [SIG Storage and Windows] -- The --leader-elect* CLI args are now honored correctly in scheduler. (#106130, @Huang-Wei) [SIG Scheduling] -- The kube-proxy sync_proxy_rules_iptables_total metric now gives - the correct number of rules, rather than being off by one. - - Fixed multiple iptables proxy regressions introduced in 1.22: - - - When using Services with SessionAffinity, client affinity for an - endpoint now gets broken when that endpoint becomes non-ready - (rather than continuing until the endpoint is fully deleted). - - - Traffic to a service IP now starts getting rejected (as opposed to - merely dropped) as soon as there are no longer any *usable* - endpoints, rather than waiting until all of the terminating - endpoints have terminated even when those terminating endpoints - were not being used. - - - Chains for endpoints that won't be used are no longer output to - iptables, saving a bit of memory/time/cpu. (#106373, @aojea) [SIG Network] -- Watch requests that are delegated to aggregated apiservers no longer reserve concurrency units (seats) in the API Priority and Fairness dispatcher for their entire duration. (#105827, @benluddy) [SIG API Machinery] -- Fix Job tracking with finalizers for more than 500 pods, ensuring all finalizers are removed before counting the Pod. ([#104876](https://github.com/kubernetes/kubernetes/pull/104876), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps] -- Fix: skip case sensitivity when checking Azure NSG rules - fix: ensure InstanceShutdownByProviderID return false for creating Azure VMs ([#104446](https://github.com/kubernetes/kubernetes/pull/104446), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Fixed occasional pod cgroup freeze when using cgroup v1 and systemd driver. ([#104529](https://github.com/kubernetes/kubernetes/pull/104529), [@kolyshkin](https://github.com/kolyshkin)) [SIG Node] -- Fixes a regression that could cause panics in LRU caches in controller-manager, kubelet, kube-apiserver, or client-go EventSourceObjectSpamFilter ([#104469](https://github.com/kubernetes/kubernetes/pull/104469), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage] -- When using `kubectl replace` (or the equivalent API call) on a Service, the caller no longer needs to do a read-modify-write cycle to fetch the allocated values for `.spec.clusterIP` and `.spec.ports[].nodePort`. Instead the API server will automatically carry these forward from the original object when the new object does not specify them. ([#104672](https://github.com/kubernetes/kubernetes/pull/104672), [@thockin](https://github.com/thockin)) [SIG Network] -- Fix kube-apiserver metric reporting for the deprecated watch path of /api//watch/... ([#104188](https://github.com/kubernetes/kubernetes/pull/104188), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery and Instrumentation] -- Kube-proxy: delete stale conntrack UDP entries for loadbalancer ingress IP. ([#104009](https://github.com/kubernetes/kubernetes/pull/104009), [@aojea](https://github.com/aojea)) [SIG Network] -- Pass additional flags to subpath mount to avoid flakes in certain conditions ([#104346](https://github.com/kubernetes/kubernetes/pull/104346), [@mauriciopoppe](https://github.com/mauriciopoppe)) [SIG Storage] -- Added jitter factor to lease controller that better smears load on kube-apiserver over time. ([#101652](https://github.com/kubernetes/kubernetes/pull/101652), [@marseel](https://github.com/marseel)) [SIG API Machinery and Scalability] -- Added privileges for `EndpointSlice` to the default view & edit RBAC roles. ([#101203](https://github.com/kubernetes/kubernetes/pull/101203), [@mtougeron](https://github.com/mtougeron)) -- After DBus restarts, make `GracefulNodeShutdown` work again ([#100369](https://github.com/kubernetes/kubernetes/pull/100369), [@wzshiming](https://github.com/wzshiming)) -- Aggregate errors when putting vmss. ([#98350](https://github.com/kubernetes/kubernetes/pull/98350), [@nilo19](https://github.com/nilo19)) -- Aggregate write permissions on events to users with edit and admin role. ([#102858](https://github.com/kubernetes/kubernetes/pull/102858), [@tumido](https://github.com/tumido)) -- Aggregated roles no longer include write access to `EndpointSlices`. This rolls back part of a change that was introduced earlier in the Kubernetes 1.22 cycle. ([#103703](https://github.com/kubernetes/kubernetes/pull/103703), [@robscott](https://github.com/robscott)) -- Applying fix for not deleting existing public IP when a service is deleted in Azure. ([#100694](https://github.com/kubernetes/kubernetes/pull/100694), [@nilo19](https://github.com/nilo19)) -- Applying fix for not tagging static public IP. ([#101752](https://github.com/kubernetes/kubernetes/pull/101752), [@nilo19](https://github.com/nilo19)) -- Applying fix so that deleting non-existing disk returns success. ([#102083](https://github.com/kubernetes/kubernetes/pull/102083), [@andyzhangx](https://github.com/andyzhangx)) -- Applying fix: cleanup outdated routes. ([#102935](https://github.com/kubernetes/kubernetes/pull/102935), [@nilo19](https://github.com/nilo19)) -- Avoid caching the Azure VMSS instances whose network profile is nil ([#100948](https://github.com/kubernetes/kubernetes/pull/100948), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Azure: Avoid setting cached Sku when updating VMSS and VMSS instances. ([#102005](https://github.com/kubernetes/kubernetes/pull/102005), [@feiskyer](https://github.com/feiskyer)) -- Azurefile: Normalize share name to not include the capital letters ([#100731](https://github.com/kubernetes/kubernetes/pull/100731), [@kassarl](https://github.com/kassarl)) -- Chain the field manager creation calls in `newDefaultFieldManager` to be explicit about the order of operations. ([#101076](https://github.com/kubernetes/kubernetes/pull/101076), [@kevindelgado](https://github.com/kevindelgado)) -- Disruption controller shouldn't error while syncing for unmanaged pods. ([#103414](https://github.com/kubernetes/kubernetes/pull/103414), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Apps and Testing] -- Ensure service is deleted when the Azure resource group has been deleted. ([#100944](https://github.com/kubernetes/kubernetes/pull/100944), [@feiskyer](https://github.com/feiskyer)) -- Ensures `ExecProbeTimeout=false` kubelet feature gate with dockershim is taken into account, when the exec probe takes longer than `timeoutSeconds` configuration. ([#100200](https://github.com/kubernetes/kubernetes/pull/100200), [@jackfrancis](https://github.com/jackfrancis)) -- Expose `rest_client_rate_limiter_duration_seconds` metric to component-base to track client side rate limiter latency in seconds. Broken down by verb and URL. ([#100311](https://github.com/kubernetes/kubernetes/pull/100311), [@IonutBajescu](https://github.com/IonutBajescu)) [SIG API Machinery, Cluster Lifecycle and Instrumentation] -- Fire an event when failing to open `NodePort`. ([#100599](https://github.com/kubernetes/kubernetes/pull/100599), [@masap](https://github.com/masap)) -- Fix Azure node public IP fetching issues from instance metadata service when the node is part of standard load balancer backend pool. ([#100690](https://github.com/kubernetes/kubernetes/pull/100690), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Fix `EndpointSlice` describe panic when an Endpoint doesn't have zone. ([#101025](https://github.com/kubernetes/kubernetes/pull/101025), [@tnqn](https://github.com/tnqn)) -- Fix `kubectl set env` or `resources` not working for initcontainers. ([#101669](https://github.com/kubernetes/kubernetes/pull/101669), [@carlory](https://github.com/carlory)) -- Fix `kubectl` alpha debug node does not work on tainted(NoExecute) nodes and tolerate everything. ([#98431](https://github.com/kubernetes/kubernetes/pull/98431), [@wawa0210](https://github.com/wawa0210)) -- Fix a bug on the `endpointslicemirroring` controller where endpoint `NotReadyAddresses` were mirrored as Ready to the corresponding `EndpointSlice`. ([#102683](https://github.com/kubernetes/kubernetes/pull/102683), [@aojea](https://github.com/aojea)) -- Fix a bug that a preemptor pod may exist as a phantom in the scheduler. ([#102498](https://github.com/kubernetes/kubernetes/pull/102498), [@Huang-Wei](https://github.com/Huang-Wei)) -- Fix a number of race conditions in the kubelet when pods are starting up or shutting down that might cause pods to take a long time to shut down. ([#102344](https://github.com/kubernetes/kubernetes/pull/102344), [@smarterclayton](https://github.com/smarterclayton)) [SIG Apps, Node, Storage and Testing] -- Fix an issue with `kubectl` on certain older version of Windows or when legacy console mode is enabled on Windows 8 which causes `kubectl exec` to crash. ([#102825](https://github.com/kubernetes/kubernetes/pull/102825), [@n4j](https://github.com/n4j)) -- Fix availability set cache in vmss cache ([#100110](https://github.com/kubernetes/kubernetes/pull/100110), [@CecileRobertMichon](https://github.com/CecileRobertMichon)) [SIG Cloud Provider] -- Fix how nulls are handled in array and objects in [json patches](https://github.com/evanphx/json-patch). ([#102467](https://github.com/kubernetes/kubernetes/pull/102467), [@pacoxu](https://github.com/pacoxu)) -- Fix panic when `kubectl create ingress` has annotation flag and an empty value set. ([#101377](https://github.com/kubernetes/kubernetes/pull/101377), [@rikatz](https://github.com/rikatz)) -- Fix performance regression for update and apply operations on large CRDs. ([#103318](https://github.com/kubernetes/kubernetes/pull/103318), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage] -- Fix raw block mode CSI `NodePublishVolume` stage miss pod info. ([#99069](https://github.com/kubernetes/kubernetes/pull/99069), [@phantooom](https://github.com/phantooom)) -- Fix resource enforcement when using systemd cgroup driver ([#102147](https://github.com/kubernetes/kubernetes/pull/102147), [@kolyshkin](https://github.com/kolyshkin)) -- Fix rounding of volume storage requests. ([#100100](https://github.com/kubernetes/kubernetes/pull/100100), [@maxlaverse](https://github.com/maxlaverse)) -- Fix runtime container status for `PostStart` hook error. ([#100608](https://github.com/kubernetes/kubernetes/pull/100608), [@pacoxu](https://github.com/pacoxu)) -- Fix scoring for `NodeResourcesMostAllocated` and `NodeResourcesBalancedAllocation` plugins when nodes have containers with no requests. This was leaving to under-utilization of small nodes. ([#102925](https://github.com/kubernetes/kubernetes/pull/102925), [@alculquicondor](https://github.com/alculquicondor)) -- Fix the code is leaking the defaulting between unrelated pod instances. ([#103284](https://github.com/kubernetes/kubernetes/pull/103284), [@kebe7jun](https://github.com/kebe7jun)) [SIG CLI] -- Fix winkernel kube-proxy to only use dual stack when host and networking supports it ([#101047](https://github.com/kubernetes/kubernetes/pull/101047), [@jsturtevant](https://github.com/jsturtevant)) [SIG Network and Windows] -- Fix: Azure file inline volume namespace issue in CSI migration translation ([#101235](https://github.com/kubernetes/kubernetes/pull/101235), [@andyzhangx](https://github.com/andyzhangx)) -- Fix: Bug in `kube-proxy` latency metrics to calculate only the latency value for the `Endpoints` that are created after it starts running. This is needed because all the `Endpoints` objects are processed on restarts, independently when they were. ([#100861](https://github.com/kubernetes/kubernetes/pull/100861), [@aojea](https://github.com/aojea)) -- Fix: avoid nil-pointer panic when checking the frontend IP configuration ([#101739](https://github.com/kubernetes/kubernetes/pull/101739), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix: display of Job completion mode in `kubectl describe`. ([#101160](https://github.com/kubernetes/kubernetes/pull/101160), [@alculquicondor](https://github.com/alculquicondor)) -- Fix: return empty VMAS name if using standalone VM ([#103470](https://github.com/kubernetes/kubernetes/pull/103470), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] -- Fix: set "host is down" as corrupted mount. When SMB server is down, there is no way to terminate pod which is using SMB mount, would get an error. ([#101398](https://github.com/kubernetes/kubernetes/pull/101398), [@andyzhangx](https://github.com/andyzhangx)) -- Fix: using NVMe AWS EBS volumes partitions. ([#100500](https://github.com/kubernetes/kubernetes/pull/100500), [@jsafrane](https://github.com/jsafrane)) -- Fixed 'kubelet' runtime panic for timed-out portforward streams. ([#102489](https://github.com/kubernetes/kubernetes/pull/102489), [@saschagrunert](https://github.com/saschagrunert)) -- Fixed SELinux relabeling of CSI volumes after CSI driver failure. ([#103154](https://github.com/kubernetes/kubernetes/pull/103154), [@jsafrane](https://github.com/jsafrane)) [SIG Node and Storage] -- Fixed `garbage collection` of dangling `VolumeAttachments` for `PersistentVolumes` migrated to CSI on startup of `kube-controller-manager`. ([#102176](https://github.com/kubernetes/kubernetes/pull/102176), [@timebertt](https://github.com/timebertt)) -- Fixed `port-forward` memory leak for long-running and heavily used connections. ([#99839](https://github.com/kubernetes/kubernetes/pull/99839), [@saschagrunert](https://github.com/saschagrunert)) -- Fixed a bug due to which the controller was not populating the `lastSuccessfulTime` field added to `cronjob.status` in `batch/v1`. ([#102642](https://github.com/kubernetes/kubernetes/pull/102642), [@alaypatel07](https://github.com/alaypatel07)) -- Fixed a bug that `kubectl create configmap` always returns zero exit code when failed. ([#101780](https://github.com/kubernetes/kubernetes/pull/101780), [@nak3](https://github.com/nak3)) [SIG CLI] -- Fixed a bug that scheduler extenders are not called on preemptions. ([#103019](https://github.com/kubernetes/kubernetes/pull/103019), [@ordovicia](https://github.com/ordovicia)) -- Fixed a bug where `startupProbe` stopped working after a container's first restart. ([#101093](https://github.com/kubernetes/kubernetes/pull/101093), [@wzshiming](https://github.com/wzshiming)) -- Fixed an issue blocking azure auth to prompt to device code authentication flow when refresh token expires. ([#102063](https://github.com/kubernetes/kubernetes/pull/102063), [@tdihp](https://github.com/tdihp)) -- Fixed false-positive uncertain volume attachments, which led to unexpected detachment of CSI migrated volumes ([#101737](https://github.com/kubernetes/kubernetes/pull/101737), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Apps and Storage] -- Fixed mounting of NFS volumes when IPv6 address is used as a server. ([#101067](https://github.com/kubernetes/kubernetes/pull/101067), [@Elbehery](https://github.com/Elbehery)) [SIG Storage] -- Fixed starting new pods after previous pod timed out unmounting its volumes. ([#100183](https://github.com/kubernetes/kubernetes/pull/100183), [@jsafrane](https://github.com/jsafrane)) -- Fixed very rare volume corruption when a pod is deleted while kubelet is offline. ([#102059](https://github.com/kubernetes/kubernetes/pull/102059), [@jsafrane](https://github.com/jsafrane)) -- Fixes a data race issue in the priority and fairness API server filter. ([#100638](https://github.com/kubernetes/kubernetes/pull/100638), [@tkashem](https://github.com/tkashem)) -- Fixes issue with websocket-based watches of Service objects not closing correctly on timeout. ([#102539](https://github.com/kubernetes/kubernetes/pull/102539), [@liggitt](https://github.com/liggitt)) -- For `kubeadm`: support for custom imagetags for etcd images which contain build metadata, when imagetags are in the form of version_metadata. For instance, if the etcd version is v3.4.13+patch.0, the supported imagetag would be v3.4.13_patch.0 ([#100350](https://github.com/kubernetes/kubernetes/pull/100350), [@jr0d](https://github.com/jr0d)) -- For vSphere: fix regression during attach disk if datastore is within a storage folder or datastore cluster. ([#102892](https://github.com/kubernetes/kubernetes/pull/102892), [@gnufied](https://github.com/gnufied)) -- GCE Windows clusters have their TCP/IP parameters are set to GCE's recommended values. ([#103057](https://github.com/kubernetes/kubernetes/pull/103057), [@jeremyje](https://github.com/jeremyje)) [SIG Cloud Provider and Windows] -- GCE Windows will no longer install Docker on containerd nodes. ([#101747](https://github.com/kubernetes/kubernetes/pull/101747), [@jeremyje](https://github.com/jeremyje)) [SIG Cloud Provider and Windows] -- Generated OpenAPI now correctly specifies 201 as a possible response code for PATCH operations. ([#100141](https://github.com/kubernetes/kubernetes/pull/100141), [@brendandburns](https://github.com/brendandburns)) -- Graceful termination will now be honored when deleting a collection of pods. ([#100101](https://github.com/kubernetes/kubernetes/pull/100101), [@deads2k](https://github.com/deads2k)) -- If `kube-proxy` mode is userspace do not enable `EndpointSlices`. ([#100913](https://github.com/kubernetes/kubernetes/pull/100913), [@JornShen](https://github.com/JornShen)) -- Kubeadm: allow passing the flag `--log-file` if `--config` is passed. If you wish to log to a file you must also pass `--logtostderr=false` or `--alsologtostderr=true`. Alternatively you can pipe to a file using "kubeadm ... | tee ...". ([#101449](https://github.com/kubernetes/kubernetes/pull/101449), [@CaoDonghui123](https://github.com/CaoDonghui123)) -- Kubeadm: enable `--experimental-patches` flag for `kubeadm join phase control-plane-join all` command. ([#101110](https://github.com/kubernetes/kubernetes/pull/101110), [@SataQiu](https://github.com/SataQiu)) -- Kubeadm: fix a bug where `kubeadm join` for control plane nodes would download certificates and keys from the cluster, but would not write publicly readable certificates and public keys with mode `0644` and instead use mode `0600`. ([#103313](https://github.com/kubernetes/kubernetes/pull/103313), [@neolit123](https://github.com/neolit123)) -- Kubeadm: fix the bug that `kubeadm` only uses the first hash in `caCertHashes` to verify the root CA. ([#101977](https://github.com/kubernetes/kubernetes/pull/101977), [@SataQiu](https://github.com/SataQiu)) -- Kubeadm: remove the "ephemeral_storage" request from the etcd static pod that kubeadm deploys on stacked etcd control plane nodes. This request has caused sporadic failures on some setups due to a problem in the kubelet with cadvisor and the LocalStorageCapacityIsolation feature gate. See this issue for more details: https://github.com/kubernetes/kubernetes/issues/99305 ([#102673](https://github.com/kubernetes/kubernetes/pull/102673), [@jackfrancis](https://github.com/jackfrancis)) [SIG Cluster Lifecycle] -- Kubeadm: when using a custom image repository for CoreDNS kubeadm now will append the `coredns` image name instead of `coredns/coredns`, thus restoring the behaviour existing before the v1.21 release. Users who rely on nested folder for the coredns image should set the `clusterConfiguration.dns.imageRepository` value including the nested path name (e.g using `registry.company.xyz/coredns` will force kubeadm to use `registry.company.xyz/coredns/coredns` image). No action is needed if using the default registry (k8s.gcr.io). ([#102502](https://github.com/kubernetes/kubernetes/pull/102502), [@ykakarap](https://github.com/ykakarap)) -- Kubelet: improve the performance when waiting for a synchronization of the node list with the `kube-apiserver`. ([#99336](https://github.com/kubernetes/kubernetes/pull/99336), [@neolit123](https://github.com/neolit123)) -- Kubelet: the returned value for PodIPs is the same in the Downward API and in the `pod.status.PodIPs` field ([#103307](https://github.com/kubernetes/kubernetes/pull/103307), [@aojea](https://github.com/aojea)) -- Limit vSphere volume name to 63 characters long. ([#100404](https://github.com/kubernetes/kubernetes/pull/100404), [@gnufied](https://github.com/gnufied)) -- Logging for GCE Windows clusters will be more accurate and complete when using Fluent bit. ([#101271](https://github.com/kubernetes/kubernetes/pull/101271), [@jeremyje](https://github.com/jeremyje)) -- Metrics Server will use Addon Manager 1.8.3 ([#103541](https://github.com/kubernetes/kubernetes/pull/103541), [@jbartosik](https://github.com/jbartosik)) [SIG Cloud Provider and Instrumentation] -- Output for `kubectl describe podsecuritypolicy` is now kind specific and cleaner ([#101436](https://github.com/kubernetes/kubernetes/pull/101436), [@KnVerey](https://github.com/KnVerey)) -- Parsing of cpuset information now properly detects more invalid input such as `1--3` or `10-6`. ([#100565](https://github.com/kubernetes/kubernetes/pull/100565), [@lack](https://github.com/lack)) -- Pods that are known to the kubelet to have previously been Running should not revert to Pending state, the kubelet will now infer a termination. ([#102821](https://github.com/kubernetes/kubernetes/pull/102821), [@ehashman](https://github.com/ehashman)) -- Prevent Kubelet stuck in `DiskPressure` when `imagefs.minReclaim` is set ([#99095](https://github.com/kubernetes/kubernetes/pull/99095), [@maxlaverse](https://github.com/maxlaverse)) -- Reduces delay initializing on non-AWS platforms docker runtime. ([#93260](https://github.com/kubernetes/kubernetes/pull/93260), [@nckturner](https://github.com/nckturner)) [SIG Cloud Provider] -- Register/Deregister Targets in chunks for AWS TargetGroup ([#101592](https://github.com/kubernetes/kubernetes/pull/101592), [@M00nF1sh](https://github.com/M00nF1sh)) [SIG Cloud Provider] -- Removed `/sbin/apparmor_parser` requirement for the AppArmor host validation. - This allows using AppArmor on distributions which ship the binary in a different path. ([#97968](https://github.com/kubernetes/kubernetes/pull/97968), [@saschagrunert](https://github.com/saschagrunert)) [SIG Node and Testing] -- Renames the timeout field for the `DelegatingAuthenticationOptions` to `TokenRequestTimeout` and set the timeout only for the token review client. Previously the timeout was also applied to watches making them reconnecting every 10 seconds. ([#100959](https://github.com/kubernetes/kubernetes/pull/100959), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- Reorganized iptables rules to reduce rules in `KUBE-SERVICES` and `KUBE-NODEPORTS`. ([#96959](https://github.com/kubernetes/kubernetes/pull/96959), [@tssurya](https://github.com/tssurya)) -- Respect annotation size limit for server-side apply updates to the client-side apply annotation. Also, fix opt-out of this behavior by setting the client-side apply annotation to the empty string. ([#102105](https://github.com/kubernetes/kubernetes/pull/102105), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG API Machinery] -- Retry `FibreChannel` devices cleanup after error to ensure `FibreChannel` device is detached before it can be used on another node. ([#101862](https://github.com/kubernetes/kubernetes/pull/101862), [@jsafrane](https://github.com/jsafrane)) -- Support correct sorting for cpu, memory, storage, ephemeral-storage, hugepages, and attachable-volumes. ([#100435](https://github.com/kubernetes/kubernetes/pull/100435), [@lauchokyip](https://github.com/lauchokyip)) -- Switch scheduler to generate the merge patch on pod status instead of the full pod ([#103133](https://github.com/kubernetes/kubernetes/pull/103133), [@marwanad](https://github.com/marwanad)) [SIG Scheduling] -- The `EndpointSlice` IP validation now matches `Endpoints` IP validation. ([#101084](https://github.com/kubernetes/kubernetes/pull/101084), [@robscott](https://github.com/robscott)) -- The `kube-apiserver` now reports the synthetic verb when logging requests, better explaining the user intent and matching what is reported in the metrics. ([#102934](https://github.com/kubernetes/kubernetes/pull/102934), [@lavalamp](https://github.com/lavalamp)) -- The `kube-controller-manager'` sets the upper-bound timeout limit for outgoing requests to 70s. Previously ([#99358](https://github.com/kubernetes/kubernetes/pull/99358), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- The `kube-proxy` log now shows the "Skipping topology aware endpoint filtering since no hints were provided for zone" warning under the right conditions. ([#101857](https://github.com/kubernetes/kubernetes/pull/101857), [@dervoeti](https://github.com/dervoeti)) -- The `kubectl create service` now respects the `namespace` flag. ([#101005](https://github.com/kubernetes/kubernetes/pull/101005), [@zxh326](https://github.com/zxh326)) -- The `kubectl get` now truncates multi-line strings to avoid breaking printing ([#103514](https://github.com/kubernetes/kubernetes/pull/103514), [@soltysh](https://github.com/soltysh)) -- The `kubectl wait --for=delete` command now ignores the not found error correctly. ([#96702](https://github.com/kubernetes/kubernetes/pull/96702), [@lingsamuel](https://github.com/lingsamuel)) -- The `kubelet` now reports distinguishes log messages about certificate rotation for its client cert and server cert separately to make debugging problems with one or the other easier. ([#101252](https://github.com/kubernetes/kubernetes/pull/101252), [@smarterclayton](https://github.com/smarterclayton)) -- The `serviceOwnsFrontendIP` shouldn't report error when the public IP doesn't match. ([#102516](https://github.com/kubernetes/kubernetes/pull/102516), [@nilo19](https://github.com/nilo19)) -- The `system:aggregate-to-edit` role no longer includes write access to the Endpoints API. For new Kubernetes 1.22 clusters, the `edit` and `admin` roles will no longer include that access in newly created Kubernetes 1.22 clusters. This will have no affect on existing clusters upgrading to Kubernetes 1.22. To retain write access to Endpoints in the aggregated `edit` and `admin` roles for newly created 1.22 clusters, refer to https://github.com/kubernetes/website/pull/29025. ([#103704](https://github.com/kubernetes/kubernetes/pull/103704), [@robscott](https://github.com/robscott)) [SIG Auth and Network] -- The conformance tests: - - Services should serve multiport endpoints from pods - - Services should serve a basic endpoint from pods - were only validating the API objects, not performing any validation on the actual Services implementation. - Those tests now validate that the Services under test are able to forward traffic to the endpoints. ([#101709](https://github.com/kubernetes/kubernetes/pull/101709), [@aojea](https://github.com/aojea)) [SIG Network and Testing] -- The current behavior for Services that `IPFamilyPolicy` set as `PreferDualstack`. The current behavior when the cluster is upgraded to dual-stack is: - - Services that have been set to IPFamilyPolicy = PreferDualstack will be upgraded when the service object is updated. e.g., when a user change a label. - - This behavior will change to: - - Services that have been set IPFamilyPolicy = PreferDualstack will not be upgraded when the service object is updated. User can still change policy, type etc and existing behaviors remain the same. ([#102898](https://github.com/kubernetes/kubernetes/pull/102898), [@khenidak](https://github.com/khenidak)) [SIG Network and Testing] -- The reason and message fields for pod status are no longer reset unless the phase also changes. ([#103785](https://github.com/kubernetes/kubernetes/pull/103785), [@smarterclayton](https://github.com/smarterclayton)) [SIG Node] -- Treat VSphere "File (vmdk path here) was not found" errors as success during volume deletion ([#92372](https://github.com/kubernetes/kubernetes/pull/92372), [@breunigs](https://github.com/breunigs)) [SIG Cloud Provider and Storage] -- Update `kube-proxy` base image `debian-iptables` to v1.6.2 to pickup [documentation](https://github.com/kubernetes/release/pull/2106) - \n"- `debian-iptables`: select nft mode if ntf lines > legacy lines, matching [iptables-wrappers](https://github.com/kubernetes-sigs/iptables-wrappers/)" ([#102590](https://github.com/kubernetes/kubernetes/pull/102590), [@BenTheElder](https://github.com/BenTheElder)) -- Update klog v2.9.0. ([#102332](https://github.com/kubernetes/kubernetes/pull/102332), [@pacoxu](https://github.com/pacoxu)) -- Updated the Graceful Node Shutdown Pod termination reason and message. - Updated the Graceful Node Shutdown Pod rejection reason and message. ([#102840](https://github.com/kubernetes/kubernetes/pull/102840), [@Kissy](https://github.com/Kissy)) -- Updates dependency `sigs.k8s.io/structured-merge-diff` to v4.1.1. ([#100784](https://github.com/kubernetes/kubernetes/pull/100784), [@kevindelgado](https://github.com/kevindelgado)) -- Updates hostprocess tests to specify user. ([#102965](https://github.com/kubernetes/kubernetes/pull/102965), [@jsturtevant](https://github.com/jsturtevant)) -- Upgrades functionality of `kubectl kustomize` as described at - https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.2.0 ([#103419](https://github.com/kubernetes/kubernetes/pull/103419), [@natasha41575](https://github.com/natasha41575)) [SIG CLI] -- Upgrades functionality of `kubectl kustomize` as described at [kustomize/v4.1.2](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.1.2) ([#101120](https://github.com/kubernetes/kubernetes/pull/101120), [@monopole](https://github.com/monopole)) -- Upgrading etcd: `kubeadm` upgrade etcd to 3.4.13-3 ([#100612](https://github.com/kubernetes/kubernetes/pull/100612), [@pacoxu](https://github.com/pacoxu)) -- Use default timeout of 10s for Azure ACR credential provider. ([#100686](https://github.com/kubernetes/kubernetes/pull/100686), [@hasheddan](https://github.com/hasheddan)) [SIG Cloud Provider] -- We no longer allow the cluster operator to delete any suggested priority & fairness bootstrap configuration object. If a cluster operator removes a suggested configuration, it will be restored by the apiserver. ([#102067](https://github.com/kubernetes/kubernetes/pull/102067), [@tkashem](https://github.com/tkashem)) -- When `DisableAcceleratorUsageMetrics` is set, do not collect accelerator metrics using cAdvisor. ([#101712](https://github.com/kubernetes/kubernetes/pull/101712), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) [SIG Instrumentation and Node] -- YAML documents separators ("---") can now be followed by whitespace and comments ("# ....") on the same line. This fixes a bug where documents starting with a comment after the separator were ignored. Other types of content on the same line will result in an error. ([#103457](https://github.com/kubernetes/kubernetes/pull/103457), [@codearky](https://github.com/codearky)) [SIG API Machinery] -- `oc describe quota` used has the same unit format as hard ([#102177](https://github.com/kubernetes/kubernetes/pull/102177), [@atiratree](https://github.com/atiratree)) [SIG CLI] - -#### Other (Cleanup or Flake) -- Kube-apiserver: sets an upper-bound on the lifetime of idle keep-alive connections and time to read the headers of incoming requests ([#103958](https://github.com/kubernetes/kubernetes/pull/103958), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Node] -- After the deprecation period,now the Kubelet's `--chaos-chance` flag are removed. ([#101057](https://github.com/kubernetes/kubernetes/pull/101057), [@wangyysde](https://github.com/wangyysde)) [SIG Node] -- Allow CSI drivers to just run offline expansion tests. ([#102665](https://github.com/kubernetes/kubernetes/pull/102665), [@gnufied](https://github.com/gnufied)) -- Changed buildmode of non static Kubernetes binaries to produce position independent executables (PIE). ([#102323](https://github.com/kubernetes/kubernetes/pull/102323), [@saschagrunert](https://github.com/saschagrunert)) -- Clarified the description of a test in the e2e suite that mentions "SCTP" but is - actually intended to be testing the behavior of network plugins that don't - implement SCTP. ([#102509](https://github.com/kubernetes/kubernetes/pull/102509), [@danwinship](https://github.com/danwinship)) -- Client-go: reduce verbosity of `Starting/Stopping reflector` messages to 3 again. ([#102788](https://github.com/kubernetes/kubernetes/pull/102788), [@pohly](https://github.com/pohly)) -- Disable log sampling when using json logging format. ([#102620](https://github.com/kubernetes/kubernetes/pull/102620), [@serathius](https://github.com/serathius)) -- Exposes `WithCustomRoundTripper` method for specifying a middleware function for custom HTTP behaviour for the delegated auth clients. ([#99775](https://github.com/kubernetes/kubernetes/pull/99775), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- Fake clients now implement a `FakeClient` interface ([#100940](https://github.com/kubernetes/kubernetes/pull/100940), [@markusthoemmes](https://github.com/markusthoemmes)) [SIG API Machinery and Instrumentation] -- Featuregate `ServiceLoadBalancerClass` graduates to Beta and is enables by default. ([#103129](https://github.com/kubernetes/kubernetes/pull/103129), [@XudongLiuHarold](https://github.com/XudongLiuHarold)) -- Improve func `ToSelectableFields`' performance for event. ([#102461](https://github.com/kubernetes/kubernetes/pull/102461), [@goodluckbot](https://github.com/goodluckbot)) -- Increased `CSINodeIDMaxLength` from 128 bytes to 192 bytes. Prepare to increase the length limit to 256 bytes in 1.23 release. ([#101256](https://github.com/kubernetes/kubernetes/pull/101256), [@Jiawei0227](https://github.com/Jiawei0227)) -- JSON logging now supports having information about source code location in the logging format, source code information is available under the key "caller". ([#102437](https://github.com/kubernetes/kubernetes/pull/102437), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) -- Kubeadm: move the BootstrapToken* API and related utilities from v1beta3 to a separate API group/version - bootstraptoken/v1. ([#102964](https://github.com/kubernetes/kubernetes/pull/102964), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: the `CriticalAddonsOnly` toleration has been removed from `kube-proxy` DaemonSet ([#101966](https://github.com/kubernetes/kubernetes/pull/101966), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Metrics Server updated to use `0.4.4` image that doesn't depend on deprecated `authorization.k8s.io/v1beta1` subjectaccessreviews API version. ([#101477](https://github.com/kubernetes/kubernetes/pull/101477), [@x13n](https://github.com/x13n)) -- Migrate `proxy/ipvs/proxier.go` logs to structured logging. ([#97796](https://github.com/kubernetes/kubernetes/pull/97796), [@JornShen](https://github.com/JornShen)) -- Migrate `staging/src/k8s.io/apiserver/pkg/registry` logs to structured logging. ([#98287](https://github.com/kubernetes/kubernetes/pull/98287), [@lala123912](https://github.com/lala123912)) -- Migrate some log messages to structured logging in `pkg/volume/plugins.go`. ([#101510](https://github.com/kubernetes/kubernetes/pull/101510), [@huchengze](https://github.com/huchengze)) -- Migrate some log messages to structured logging in `pkg/volume/volume_linux.go`. ([#99566](https://github.com/kubernetes/kubernetes/pull/99566), [@huchengze](https://github.com/huchengze)) -- Official binaries now include the golang generated build ID `buildid` instead of an empty string. ([#101411](https://github.com/kubernetes/kubernetes/pull/101411), [@saschagrunert](https://github.com/saschagrunert)) -- Remove balanced attached node volumes feature. ([#102443](https://github.com/kubernetes/kubernetes/pull/102443), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Remove deprecated `--generator` flag from `kubectl autoscale`. ([#99900](https://github.com/kubernetes/kubernetes/pull/99900), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) -- Remove the deprecated flag `--generator` from `kubectl create deployment` command. ([#99915](https://github.com/kubernetes/kubernetes/pull/99915), [@BLasan](https://github.com/BLasan)) -- Remove the duplicate packet import. ([#101187](https://github.com/kubernetes/kubernetes/pull/101187), [@chuntaochen](https://github.com/chuntaochen)) -- Replace `go-bindata` with `//go:embed`. ([#99829](https://github.com/kubernetes/kubernetes/pull/99829), [@palnabarun](https://github.com/palnabarun)) -- The `DynamicFakeClient` now exposes its tracker via a `Tracker()` function. ([#100085](https://github.com/kubernetes/kubernetes/pull/100085), [@markusthoemmes](https://github.com/markusthoemmes)) -- The `VolumeSnapshotDataSource` feature gate that is GA since v1.20 is unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#101531](https://github.com/kubernetes/kubernetes/pull/101531), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Storage] -- The deprecated `CRIContainerLogRotation` feature-gate has been removed, since the `CRIContainerLogRotation` feature graduated to GA in 1.21 and was unconditionally enabled. ([#101578](https://github.com/kubernetes/kubernetes/pull/101578), [@carlory](https://github.com/carlory)) -- The deprecated `RootCAConfigMap` feature-gate has been removed, since the `RootCAConfigMap` feature graduated to GA in 1.21 and is unconditionally enabled. ([#101579](https://github.com/kubernetes/kubernetes/pull/101579), [@carlory](https://github.com/carlory)) -- The deprecated `runAsGroup` feature-gate has been removed, since the `runAsGroup` feature graduated to GA in 1.21. ([#101581](https://github.com/kubernetes/kubernetes/pull/101581), [@carlory](https://github.com/carlory)) -- The etcd client has been updated to 3.5.0; `github.com/golang/protobuf`, `google.golang.org/protobuf`, and `google.golang.org/grpc` have been updated to current versions. ([#100488](https://github.com/kubernetes/kubernetes/pull/100488), [@liggitt](https://github.com/liggitt)) -- Update Azure Go SDK to v55.0.0. ([#102441](https://github.com/kubernetes/kubernetes/pull/102441), [@feiskyer](https://github.com/feiskyer)) -- Update Azure Go SDK version to v53.1.0 ([#101357](https://github.com/kubernetes/kubernetes/pull/101357), [@feiskyer](https://github.com/feiskyer)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle and Instrumentation] -- Update CNI plugins to v0.9.1. ([#102328](https://github.com/kubernetes/kubernetes/pull/102328), [@lentzi90](https://github.com/lentzi90)) -- Update Calico to v3.19.1. ([#102386](https://github.com/kubernetes/kubernetes/pull/102386), [@JornShen](https://github.com/JornShen)) -- Update cri-tools dependency to `v1.21.0`. ([#100956](https://github.com/kubernetes/kubernetes/pull/100956), [@saschagrunert](https://github.com/saschagrunert)) -- Update dep `google/gnostic` and `google/go-cmp` to v0.5.5 and updating transitive dependencies `protobuf`. ([#102783](https://github.com/kubernetes/kubernetes/pull/102783), [@mcbenjemaa](https://github.com/mcbenjemaa)) -- Update golang.org/x/net to v0.0.0-20210520170846-37e1c6afe023 ([#103176](https://github.com/kubernetes/kubernetes/pull/103176), [@CaoDonghui123](https://github.com/CaoDonghui123)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Node and Storage] -- Updated command descriptions and examples for grammar and punctuation consistency. ([#103524](https://github.com/kubernetes/kubernetes/pull/103524), [@bergerhoffer](https://github.com/bergerhoffer)) [SIG Auth and CLI] -- Updated pause image to version 3.5, which now runs per default as pseudo user and group `65535:65535`. This does not have any effect on remote container runtimes like CRI-O and containerd, which setup the pod sandbox user and group on their own. ([#100292](https://github.com/kubernetes/kubernetes/pull/100292), [@saschagrunert](https://github.com/saschagrunert)) -- Upgrade functionality of `kubectl kustomize` as described at [kustomize/v4.1.3](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.1.3). ([#102193](https://github.com/kubernetes/kubernetes/pull/102193), [@gautierdelorme](https://github.com/gautierdelorme)) - - -#### Dependencies -#### Added -- github.com/antihax/optional: [v1.0.0](https://github.com/antihax/optional/tree/v1.0.0) -- github.com/benbjohnson/clock: [v1.0.3](https://github.com/benbjohnson/clock/tree/v1.0.3) -- github.com/bits-and-blooms/bitset: [v1.2.0](https://github.com/bits-and-blooms/bitset/tree/v1.2.0) -- github.com/certifi/gocertifi: [2c3bb06](https://github.com/certifi/gocertifi/tree/2c3bb06) -- github.com/checkpoint-restore/go-criu/v5: [v5.0.0](https://github.com/checkpoint-restore/go-criu/v5/tree/v5.0.0) -- github.com/cncf/udpa/go: [5459f2c](https://github.com/cncf/udpa/go/tree/5459f2c) -- github.com/cockroachdb/errors: [v1.2.4](https://github.com/cockroachdb/errors/tree/v1.2.4) -- github.com/cockroachdb/logtags: [eb05cc2](https://github.com/cockroachdb/logtags/tree/eb05cc2) -- github.com/coredns/caddy: [v1.1.0](https://github.com/coredns/caddy/tree/v1.1.0) -- github.com/felixge/httpsnoop: [v1.0.1](https://github.com/felixge/httpsnoop/tree/v1.0.1) -- github.com/frankban/quicktest: [v1.11.3](https://github.com/frankban/quicktest/tree/v1.11.3) -- github.com/getsentry/raven-go: [v0.2.0](https://github.com/getsentry/raven-go/tree/v0.2.0) -- github.com/go-kit/log: [v0.1.0](https://github.com/go-kit/log/tree/v0.1.0) -- github.com/gofrs/uuid: [v4.0.0+incompatible](https://github.com/gofrs/uuid/tree/v4.0.0) -- github.com/josharian/intern: [v1.0.0](https://github.com/josharian/intern/tree/v1.0.0) -- github.com/jpillora/backoff: [v1.0.0](https://github.com/jpillora/backoff/tree/v1.0.0) -- github.com/nxadm/tail: [v1.4.4](https://github.com/nxadm/tail/tree/v1.4.4) -- github.com/opentracing/opentracing-go: [v1.1.0](https://github.com/opentracing/opentracing-go/tree/v1.1.0) -- github.com/robfig/cron/v3: [v3.0.1](https://github.com/robfig/cron/v3/tree/v3.0.1) -- github.com/stoewer/go-strcase: [v1.2.0](https://github.com/stoewer/go-strcase/tree/v1.2.0) -- go.etcd.io/etcd/api/v3: v3.5.0 -- go.etcd.io/etcd/client/pkg/v3: v3.5.0 -- go.etcd.io/etcd/client/v2: v2.305.0 -- go.etcd.io/etcd/client/v3: v3.5.0 -- go.etcd.io/etcd/pkg/v3: v3.5.0 -- go.etcd.io/etcd/raft/v3: v3.5.0 -- go.etcd.io/etcd/server/v3: v3.5.0 -- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.20.0 -- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.20.0 -- go.opentelemetry.io/contrib: v0.20.0 -- go.opentelemetry.io/otel/exporters/otlp: v0.20.0 -- go.opentelemetry.io/otel/metric: v0.20.0 -- go.opentelemetry.io/otel/oteltest: v0.20.0 -- go.opentelemetry.io/otel/sdk/export/metric: v0.20.0 -- go.opentelemetry.io/otel/sdk/metric: v0.20.0 -- go.opentelemetry.io/otel/sdk: v0.20.0 -- go.opentelemetry.io/otel/trace: v0.20.0 -- go.opentelemetry.io/otel: v0.20.0 -- go.opentelemetry.io/proto/otlp: v0.7.0 -- go.uber.org/goleak: v1.1.10 -#### Changed -- github.com/google/cadvisor: [v0.39.2 → v0.39.3](https://github.com/google/cadvisor/compare/v0.39.2...v0.39.3) -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.22 → v0.0.27 -- sigs.k8s.io/structured-merge-diff/v4: v4.1.2 → v4.2.1 -- golang.org/x/net: 37e1c6a → 491a49a -- github.com/opencontainers/runc: [v1.0.1 → v1.0.2](https://github.com/opencontainers/runc/compare/v1.0.1...v1.0.2) -- k8s.io/utils: 4b05e18 → bdf08cb -- github.com/Azure/azure-sdk-for-go: [v43.0.0+incompatible → v55.0.0+incompatible](https://github.com/Azure/azure-sdk-for-go/compare/v43.0.0...v55.0.0) -- github.com/Azure/go-ansiterm: [d6e3b33 → d185dfc](https://github.com/Azure/go-ansiterm/compare/d6e3b33...d185dfc) -- github.com/Azure/go-autorest/autorest/adal: [v0.9.5 → v0.9.13](https://github.com/Azure/go-autorest/autorest/adal/compare/v0.9.5...v0.9.13) -- github.com/Azure/go-autorest/autorest/to: [v0.2.0 → v0.4.0](https://github.com/Azure/go-autorest/autorest/to/compare/v0.2.0...v0.4.0) -- github.com/Azure/go-autorest/autorest: [v0.11.12 → v0.11.18](https://github.com/Azure/go-autorest/autorest/compare/v0.11.12...v0.11.18) -- github.com/Azure/go-autorest/logger: [v0.2.0 → v0.2.1](https://github.com/Azure/go-autorest/logger/compare/v0.2.0...v0.2.1) -- github.com/alecthomas/units: [c3de453 → f65c72e](https://github.com/alecthomas/units/compare/c3de453...f65c72e) -- github.com/auth0/go-jwt-middleware: [5493cab → v1.0.1](https://github.com/auth0/go-jwt-middleware/compare/5493cab...v1.0.1) -- github.com/aws/aws-sdk-go: [v1.35.24 → v1.38.49](https://github.com/aws/aws-sdk-go/compare/v1.35.24...v1.38.49) -- github.com/cilium/ebpf: [v0.2.0 → v0.6.2](https://github.com/cilium/ebpf/compare/v0.2.0...v0.6.2) -- github.com/cockroachdb/datadriven: [80d97fb → bf6692d](https://github.com/cockroachdb/datadriven/compare/80d97fb...bf6692d) -- github.com/container-storage-interface/spec: [v1.3.0 → v1.5.0](https://github.com/container-storage-interface/spec/compare/v1.3.0...v1.5.0) -- github.com/containerd/console: [v1.0.1 → v1.0.2](https://github.com/containerd/console/compare/v1.0.1...v1.0.2) -- github.com/containernetworking/cni: [v0.8.0 → v0.8.1](https://github.com/containernetworking/cni/compare/v0.8.0...v0.8.1) -- github.com/coredns/corefile-migration: [v1.0.11 → v1.0.12](https://github.com/coredns/corefile-migration/compare/v1.0.11...v1.0.12) -- github.com/coreos/go-systemd/v22: [v22.1.0 → v22.3.2](https://github.com/coreos/go-systemd/v22/compare/v22.1.0...v22.3.2) -- github.com/envoyproxy/go-control-plane: [5f8ba28 → 668b12f](https://github.com/envoyproxy/go-control-plane/compare/5f8ba28...668b12f) -- github.com/evanphx/json-patch: [v4.9.0+incompatible → v4.11.0+incompatible](https://github.com/evanphx/json-patch/compare/v4.9.0...v4.11.0) -- github.com/form3tech-oss/jwt-go: [v3.2.2+incompatible → v3.2.3+incompatible](https://github.com/form3tech-oss/jwt-go/compare/v3.2.2...v3.2.3) -- github.com/go-logfmt/logfmt: [v0.4.0 → v0.5.0](https://github.com/go-logfmt/logfmt/compare/v0.4.0...v0.5.0) -- github.com/go-openapi/jsonpointer: [v0.19.3 → v0.19.5](https://github.com/go-openapi/jsonpointer/compare/v0.19.3...v0.19.5) -- github.com/go-openapi/jsonreference: [v0.19.3 → v0.19.5](https://github.com/go-openapi/jsonreference/compare/v0.19.3...v0.19.5) -- github.com/go-openapi/swag: [v0.19.5 → v0.19.14](https://github.com/go-openapi/swag/compare/v0.19.5...v0.19.14) -- github.com/godbus/dbus/v5: [v5.0.3 → v5.0.4](https://github.com/godbus/dbus/v5/compare/v5.0.3...v5.0.4) -- github.com/golang/groupcache: [8c9f03a → 41bb18b](https://github.com/golang/groupcache/compare/8c9f03a...41bb18b) -- github.com/golang/protobuf: [v1.4.3 → v1.5.2](https://github.com/golang/protobuf/compare/v1.4.3...v1.5.2) -- github.com/google/btree: [v1.0.0 → v1.0.1](https://github.com/google/btree/compare/v1.0.0...v1.0.1) -- github.com/google/cadvisor: [v0.39.0 → v0.39.2](https://github.com/google/cadvisor/compare/v0.39.0...v0.39.2) -- github.com/google/go-cmp: [v0.5.2 → v0.5.5](https://github.com/google/go-cmp/compare/v0.5.2...v0.5.5) -- github.com/googleapis/gnostic: [v0.4.1 → v0.5.5](https://github.com/googleapis/gnostic/compare/v0.4.1...v0.5.5) -- github.com/gopherjs/gopherjs: [0766667 → fce0ec3](https://github.com/gopherjs/gopherjs/compare/0766667...fce0ec3) -- github.com/grpc-ecosystem/go-grpc-middleware: [f849b54 → v1.3.0](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/f849b54...v1.3.0) -- github.com/grpc-ecosystem/grpc-gateway: [v1.9.5 → v1.16.0](https://github.com/grpc-ecosystem/grpc-gateway/compare/v1.9.5...v1.16.0) -- github.com/heketi/heketi: [v10.2.0+incompatible → v10.3.0+incompatible](https://github.com/heketi/heketi/compare/v10.2.0...v10.3.0) -- github.com/jonboulle/clockwork: [v0.1.0 → v0.2.2](https://github.com/jonboulle/clockwork/compare/v0.1.0...v0.2.2) -- github.com/json-iterator/go: [v1.1.10 → v1.1.11](https://github.com/json-iterator/go/compare/v1.1.10...v1.1.11) -- github.com/julienschmidt/httprouter: [v1.2.0 → v1.3.0](https://github.com/julienschmidt/httprouter/compare/v1.2.0...v1.3.0) -- github.com/kr/pretty: [v0.2.0 → v0.2.1](https://github.com/kr/pretty/compare/v0.2.0...v0.2.1) -- github.com/mailru/easyjson: [v0.7.0 → v0.7.6](https://github.com/mailru/easyjson/compare/v0.7.0...v0.7.6) -- github.com/mattn/go-isatty: [v0.0.4 → v0.0.3](https://github.com/mattn/go-isatty/compare/v0.0.4...v0.0.3) -- github.com/miekg/dns: [v1.1.35 → v1.0.14](https://github.com/miekg/dns/compare/v1.1.35...v1.0.14) -- github.com/moby/sys/mountinfo: [v0.4.0 → v0.4.1](https://github.com/moby/sys/mountinfo/compare/v0.4.0...v0.4.1) -- github.com/moby/term: [df9cb8a → 9d4ed18](https://github.com/moby/term/compare/df9cb8a...9d4ed18) -- github.com/mwitkow/go-conntrack: [cc309e4 → 2f06839](https://github.com/mwitkow/go-conntrack/compare/cc309e4...2f06839) -- github.com/onsi/ginkgo: [v1.11.0 → v1.14.0](https://github.com/onsi/ginkgo/compare/v1.11.0...v1.14.0) -- github.com/onsi/gomega: [v1.7.0 → v1.10.1](https://github.com/onsi/gomega/compare/v1.7.0...v1.10.1) -- github.com/opencontainers/runc: [v1.0.0-rc93 → v1.0.1](https://github.com/opencontainers/runc/compare/v1.0.0-rc93...v1.0.1) -- github.com/opencontainers/runtime-spec: [e6143ca → 1c3f411](https://github.com/opencontainers/runtime-spec/compare/e6143ca...1c3f411) -- github.com/opencontainers/selinux: [v1.8.0 → v1.8.2](https://github.com/opencontainers/selinux/compare/v1.8.0...v1.8.2) -- github.com/prometheus/client_golang: [v1.7.1 → v1.11.0](https://github.com/prometheus/client_golang/compare/v1.7.1...v1.11.0) -- github.com/prometheus/common: [v0.10.0 → v0.26.0](https://github.com/prometheus/common/compare/v0.10.0...v0.26.0) -- github.com/prometheus/procfs: [v0.2.0 → v0.6.0](https://github.com/prometheus/procfs/compare/v0.2.0...v0.6.0) -- github.com/rogpeppe/fastuuid: [6724a57 → v1.2.0](https://github.com/rogpeppe/fastuuid/compare/6724a57...v1.2.0) -- github.com/sirupsen/logrus: [v1.7.0 → v1.8.1](https://github.com/sirupsen/logrus/compare/v1.7.0...v1.8.1) -- github.com/smartystreets/assertions: [b2de0cb → v1.1.0](https://github.com/smartystreets/assertions/compare/b2de0cb...v1.1.0) -- github.com/soheilhy/cmux: [v0.1.4 → v0.1.5](https://github.com/soheilhy/cmux/compare/v0.1.4...v0.1.5) -- github.com/spf13/cobra: [v1.1.1 → v1.1.3](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.3) -- github.com/spf13/jwalterweatherman: [v1.1.0 → v1.0.0](https://github.com/spf13/jwalterweatherman/compare/v1.1.0...v1.0.0) -- github.com/stretchr/testify: [v1.6.1 → v1.7.0](https://github.com/stretchr/testify/compare/v1.6.1...v1.7.0) -- github.com/tmc/grpc-websocket-proxy: [0ad062e → e5319fd](https://github.com/tmc/grpc-websocket-proxy/compare/0ad062e...e5319fd) -- github.com/yuin/goldmark: [v1.2.1 → v1.3.5](https://github.com/yuin/goldmark/compare/v1.2.1...v1.3.5) -- go.etcd.io/bbolt: v1.3.5 → v1.3.6 -- go.uber.org/atomic: v1.4.0 → v1.7.0 -- go.uber.org/multierr: v1.1.0 → v1.6.0 -- go.uber.org/zap: v1.10.0 → v1.17.0 -- golang.org/x/lint: 738671d → 6edffad -- golang.org/x/mod: ce943fd → v0.4.2 -- golang.org/x/net: 3d97a24 → 37e1c6a -- golang.org/x/sync: 67f06af → 036812b -- golang.org/x/sys: a50acf3 → 59db8d7 -- golang.org/x/text: v0.3.4 → v0.3.6 -- golang.org/x/time: f8bda1e → 1f47c86 -- golang.org/x/tools: v0.1.0 → v0.1.2 -- google.golang.org/genproto: 8816d57 → f16073e -- google.golang.org/grpc: v1.27.1 → v1.38.0 -- google.golang.org/protobuf: v1.25.0 → v1.26.0 -- gopkg.in/yaml.v3: 9f266ea → 496545a -- k8s.io/klog/v2: v2.8.0 → v2.9.0 -- k8s.io/kube-openapi: 591a79e → 9528897 -- k8s.io/system-validators: v1.4.0 → v1.5.0 -- k8s.io/utils: 67b214c → 4b05e18 -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.15 → v0.0.22 -- sigs.k8s.io/kustomize/api: v0.8.5 → v0.8.11 -- sigs.k8s.io/kustomize/cmd/config: v0.9.7 → v0.9.13 -- sigs.k8s.io/kustomize/kustomize/v4: v4.0.5 → v4.2.0 -- sigs.k8s.io/kustomize/kyaml: v0.10.15 → v0.11.0 -- sigs.k8s.io/structured-merge-diff/v4: v4.1.0 → v4.1.2 -#### Removed -- github.com/agnivade/levenshtein: [v1.0.1](https://github.com/agnivade/levenshtein/tree/v1.0.1) -- github.com/alecthomas/template: [fb15b89](https://github.com/alecthomas/template/tree/fb15b89) -- github.com/andreyvit/diff: [c7f18ee](https://github.com/andreyvit/diff/tree/c7f18ee) -- github.com/bifurcation/mint: [93c51c6](https://github.com/bifurcation/mint/tree/93c51c6) -- github.com/caddyserver/caddy: [v1.0.3](https://github.com/caddyserver/caddy/tree/v1.0.3) -- github.com/cenkalti/backoff: [v2.1.1+incompatible](https://github.com/cenkalti/backoff/tree/v2.1.1) -- github.com/checkpoint-restore/go-criu/v4: [v4.1.0](https://github.com/checkpoint-restore/go-criu/v4/tree/v4.1.0) -- github.com/cheekybits/genny: [9127e81](https://github.com/cheekybits/genny/tree/9127e81) -- github.com/go-acme/lego: [v2.5.0+incompatible](https://github.com/go-acme/lego/tree/v2.5.0) -- github.com/go-bindata/go-bindata: [v3.1.1+incompatible](https://github.com/go-bindata/go-bindata/tree/v3.1.1) -- github.com/go-openapi/analysis: [v0.19.5](https://github.com/go-openapi/analysis/tree/v0.19.5) -- github.com/go-openapi/errors: [v0.19.2](https://github.com/go-openapi/errors/tree/v0.19.2) -- github.com/go-openapi/loads: [v0.19.4](https://github.com/go-openapi/loads/tree/v0.19.4) -- github.com/go-openapi/runtime: [v0.19.4](https://github.com/go-openapi/runtime/tree/v0.19.4) -- github.com/go-openapi/spec: [v0.19.5](https://github.com/go-openapi/spec/tree/v0.19.5) -- github.com/go-openapi/strfmt: [v0.19.5](https://github.com/go-openapi/strfmt/tree/v0.19.5) -- github.com/go-openapi/validate: [v0.19.8](https://github.com/go-openapi/validate/tree/v0.19.8) -- github.com/gobuffalo/here: [v0.6.0](https://github.com/gobuffalo/here/tree/v0.6.0) -- github.com/hpcloud/tail: [v1.0.0](https://github.com/hpcloud/tail/tree/v1.0.0) -- github.com/jimstudt/http-authentication: [3eca13d](https://github.com/jimstudt/http-authentication/tree/3eca13d) -- github.com/klauspost/cpuid: [v1.2.0](https://github.com/klauspost/cpuid/tree/v1.2.0) -- github.com/kr/logfmt: [b84e30a](https://github.com/kr/logfmt/tree/b84e30a) -- github.com/kylelemons/godebug: [d65d576](https://github.com/kylelemons/godebug/tree/d65d576) -- github.com/lucas-clemente/aes12: [cd47fb3](https://github.com/lucas-clemente/aes12/tree/cd47fb3) -- github.com/lucas-clemente/quic-clients: [v0.1.0](https://github.com/lucas-clemente/quic-clients/tree/v0.1.0) -- github.com/lucas-clemente/quic-go-certificates: [d2f8652](https://github.com/lucas-clemente/quic-go-certificates/tree/d2f8652) -- github.com/lucas-clemente/quic-go: [v0.10.2](https://github.com/lucas-clemente/quic-go/tree/v0.10.2) -- github.com/markbates/pkger: [v0.17.1](https://github.com/markbates/pkger/tree/v0.17.1) -- github.com/marten-seemann/qtls: [v0.2.3](https://github.com/marten-seemann/qtls/tree/v0.2.3) -- github.com/mholt/certmagic: [6a42ef9](https://github.com/mholt/certmagic/tree/6a42ef9) -- github.com/naoina/go-stringutil: [v0.1.0](https://github.com/naoina/go-stringutil/tree/v0.1.0) -- github.com/naoina/toml: [v0.1.1](https://github.com/naoina/toml/tree/v0.1.1) -- github.com/robfig/cron: [v1.1.0](https://github.com/robfig/cron/tree/v1.1.0) -- github.com/satori/go.uuid: [v1.2.0](https://github.com/satori/go.uuid/tree/v1.2.0) -- github.com/thecodeteam/goscaleio: [v0.1.0](https://github.com/thecodeteam/goscaleio/tree/v0.1.0) -- github.com/tidwall/pretty: [v1.0.0](https://github.com/tidwall/pretty/tree/v1.0.0) -- github.com/vektah/gqlparser: [v1.1.2](https://github.com/vektah/gqlparser/tree/v1.1.2) -- github.com/willf/bitset: [v1.1.11](https://github.com/willf/bitset/tree/v1.1.11) -- go.etcd.io/etcd: dd1b699 -- go.mongodb.org/mongo-driver: v1.1.2 -- gopkg.in/cheggaaa/pb.v1: v1.0.25 -- gopkg.in/fsnotify.v1: v1.4.7 -- gopkg.in/mcuadros/go-syslog.v2: v2.2.1 -- gopkg.in/resty.v1: v1.12.0 -- k8s.io/heapster: v1.2.0-beta.1 - - - -### containerlinux [3033.2.2](https://www.flatcar-linux.org/releases/#release-3033.2.2) - -**Breaking changes** - -* CGroupsV2 are enabled by default. Applications might need to be updated if they don't have support. There are -several known issues: - - Java applications must use JRE >= 15; Please see OpenJDK -[upstream issue](https://bugs.openjdk.java.net/browse/JDK-8230305) for more details. - -**Security fixes** - -* Linux - - [CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976) - - [CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330) - - [CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942) - - [CVE-2021-4135](https://nvd.nist.gov/vuln/detail/CVE-2021-4135) - - [CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155) - - [CVE-2021-28711](https://nvd.nist.gov/vuln/detail/CVE-2021-28711) - - [CVE-2021-28712](https://nvd.nist.gov/vuln/detail/CVE-2021-28712) - - [CVE-2021-28713](https://nvd.nist.gov/vuln/detail/CVE-2021-28713) - - [CVE-2021-28714](https://nvd.nist.gov/vuln/detail/CVE-2021-28714) - - [CVE-2021-28715](https://nvd.nist.gov/vuln/detail/CVE-2021-28715) - - [CVE-2021-39685](https://nvd.nist.gov/vuln/detail/CVE-2021-39685) - - [CVE-2021-44733](https://nvd.nist.gov/vuln/detail/CVE-2021-44733) - - [CVE-2021-45095](https://nvd.nist.gov/vuln/detail/CVE-2021-45095) - - [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185) - - [CVE-2021-4002](https://nvd.nist.gov/vuln/detail/CVE-2021-4002) - - [CVE-2020-27820](https://nvd.nist.gov/vuln/detail/CVE-2020-27820) - - [CVE-2021-4001](https://nvd.nist.gov/vuln/detail/CVE-2021-4001) - - [CVE-2021-43975](https://nvd.nist.gov/vuln/detail/CVE-2021-43975) - - [CVE-2021-42739](https://nvd.nist.gov/vuln/detail/CVE-2021-42739) - - [CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760) - - [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772) - - [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327) - - [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056) - - [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267) - - [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389) - - CVE-2021-3609 - - [CVE-2021-3653](https://nvd.nist.gov/vuln/detail/CVE-2021-3653) - - CVE-2021-3655 - - [CVE-2021-3656](https://nvd.nist.gov/vuln/detail/CVE-2021-3656) - - [CVE-2021-3760](https://nvd.nist.gov/vuln/detail/CVE-2021-3760) - - [CVE-2021-3772](https://nvd.nist.gov/vuln/detail/CVE-2021-3772) - - [CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541) - - [CVE-2021-35039](https://nvd.nist.gov/vuln/detail/CVE-2021-35039) - - [CVE-2021-37576](https://nvd.nist.gov/vuln/detail/CVE-2021-37576) - - [CVE-2021-22543](https://nvd.nist.gov/vuln/detail/CVE-2021-22543) - - [CVE-2021-33909](https://nvd.nist.gov/vuln/detail/CVE-2021-33909) - - [CVE-2021-34556](https://nvd.nist.gov/vuln/detail/CVE-2021-34556) - - [CVE-2021-35477](https://nvd.nist.gov/vuln/detail/CVE-2021-35477) - - [CVE-2021-38166](https://nvd.nist.gov/vuln/detail/CVE-2021-38166) - - [CVE-2021-38205](https://nvd.nist.gov/vuln/detail/CVE-2021-38205) - - [CVE-2021-42327](https://nvd.nist.gov/vuln/detail/CVE-2021-42327) - - [CVE-2021-43056](https://nvd.nist.gov/vuln/detail/CVE-2021-43056) - - [CVE-2021-43267](https://nvd.nist.gov/vuln/detail/CVE-2021-43267) - - [CVE-2021-43389](https://nvd.nist.gov/vuln/detail/CVE-2021-43389) -* Go - - [CVE-2021-29923](https://nvd.nist.gov/vuln/detail/CVE-2021-29923) - - [CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293) - - [CVE-2021-38297](https://nvd.nist.gov/vuln/detail/CVE-2021-38297) - - [CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293) - - [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717) - - [CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716) - - [CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771) - - [CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772) -* bash - - [CVE-2019-9924](https://nvd.nist.gov/vuln/detail/CVE-2019-9924) - - [CVE-2019-18276](https://nvd.nist.gov/vuln/detail/CVE-2019-18276) -* binutils - - [CVE-2021-3530](https://nvd.nist.gov/vuln/detail/CVE-2021-3530) - - [CVE-2021-3549](https://nvd.nist.gov/vuln/detail/CVE-2021-3549) -* ca-certificates - - [CVE-2021-43527](https://nvd.nist.gov/vuln/detail/CVE-2021-43527) -* containerd - - [CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816) - - [CVE-2021-41103](https://nvd.nist.gov/vuln/detail/CVE-2021-41103) - - [CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190) -* curl - - [CVE-2021-22945](https://nvd.nist.gov/vuln/detail/CVE-2021-22945) - - [CVE-2021-22946](https://nvd.nist.gov/vuln/detail/CVE-2021-22946) - - [CVE-2021-22947](https://nvd.nist.gov/vuln/detail/CVE-2021-22947) -* Docker - - [CVE-2021-41092](https://nvd.nist.gov/vuln/detail/CVE-2021-41092) - - [CVE-2021-41089](https://nvd.nist.gov/vuln/detail/CVE-2021-41089) - - [CVE-2021-41091](https://nvd.nist.gov/vuln/detail/CVE-2021-41091) - - [CVE-2021-41190](https://nvd.nist.gov/vuln/detail/CVE-2021-41190) -* expat - - [CVE-2022-23852](hrrp://nvd.nist.gov/vuln/detail/CVE-2022-23852) - - [CVE-2022-23990](https://nvd.nist.gov/vuln/detail/CVE-2022-23990) - - [CVE-2021-45960](https://nvd.nist.gov/vuln/detail/CVE-2021-45960) - - [CVE-2021-46143](https://nvd.nist.gov/vuln/detail/CVE-2021-46143) - - [CVE-2022-22822](https://nvd.nist.gov/vuln/detail/CVE-2022-22822) - - [CVE-2022-22823](https://nvd.nist.gov/vuln/detail/CVE-2022-22823) - - [CVE-2022-22824](https://nvd.nist.gov/vuln/detail/CVE-2022-22824) - - [CVE-2022-22825](https://nvd.nist.gov/vuln/detail/CVE-2022-22825) - - [CVE-2022-22826](https://nvd.nist.gov/vuln/detail/CVE-2022-22826) - - [CVE-2022-22827](https://nvd.nist.gov/vuln/detail/CVE-2022-22827) -* git - - [CVE-2021-40330](https://nvd.nist.gov/vuln/detail/CVE-2021-40330) -* glibc - - [CVE-2021-3998](https://nvd.nist.gov/vuln/detail/CVE-2021-3998) - - [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999) - - [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218) - - [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219) - - [CVE-2021-38604](https://nvd.nist.gov/vuln/detail/CVE-2021-38604) -* gnupg - - [CVE-2020-25125](https://nvd.nist.gov/vuln/detail/CVE-2020-25125) -* libgcrypt - - [CVE-2021-40528](https://nvd.nist.gov/vuln/detail/CVE-2021-40528) -* nettle - - [CVE-2021-20305](https://nvd.nist.gov/vuln/detail/CVE-2021-20305) - - [CVE-2021-3580](https://nvd.nist.gov/vuln/detail/CVE-2021-3580) -* polkit - - [CVE-2021-40340](https://nvd.nist.gov/vuln/detail/CVE-2021-40340) - - [CVE-2021-3560](https://nvd.nist.gov/vuln/detail/CVE-2021-3560) -* sssd - - [CVE-2021-3621](https://nvd.nist.gov/vuln/detail/CVE-2021-3621) -* util-linux - - [CVE-2021-37600](https://nvd.nist.gov/vuln/detail/CVE-2021-37600) -* vim - - [CVE-2021-3770](https://nvd.nist.gov/vuln/detail/CVE-2021-3770) - - [CVE-2021-3778](https://nvd.nist.gov/vuln/detail/CVE-2021-3778) - - [CVE-2021-3796](https://nvd.nist.gov/vuln/detail/CVE-2021-3796) -* SDK: bison - - [CVE-2020-14150](https://nvd.nist.gov/vuln/detail/CVE-2020-14150) - - [CVE-2020-24240](https://nvd.nist.gov/vuln/detail/CVE-2020-24240) -* SDK: perl - - [CVE-2020-10878](https://nvd.nist.gov/vuln/detail/CVE-2020-10878) - -**Bug fixes** -* SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store ([flatcar-linux/coreos-overlay#1502](https://github.com/flatcar-linux/coreos-overlay/pull/1502)) -* Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in policycoreutils instead of /var/lib/selinux ([flatcar-linux/Flatcar#596](https://github.com/flatcar-linux/Flatcar/issues/596)) -* Ensured that the /run/xtables.lock coordination file exists for modifications of the xtables backend from containers (must be bind-mounted) or the iptables-legacy binaries on the host ([flatcar-linux/init#57](https://github.com/flatcar-linux/init/pull/57)) -* dev container: Fix github URL for coreos-overlay and portage-stable to use repos from flatcar-linux org directly instead of relying on redirects from the kinvolk org. This fixes checkouts with emerge-gitclone inside dev-container. ([flatcar-linux/scripts#194](https://github.com/flatcar-linux/scripts/pull/194)) -* SDK: Fixed build error popping up in the new SDK Container because policycoreutils used the wrong ROOT to update the SELinux store ([flatcar-linux/coreos-overlay#1502](https://github.com/flatcar-linux/coreos-overlay/pull/1502)) -* arm64: the Polkit service does not crash anymore. ([flatcar-linux/Flatcar#156](https://github.com/flatcar-linux/Flatcar/issues/156)) -* toolbox: fixed support for multi-layered docker images ([toolbox#5](https://github.com/flatcar-linux/toolbox/pull/5)) -* Run emergency.target on ignition/torcx service unit failure in dracut ([bootengine#28](https://github.com/flatcar-linux/bootengine/pull/28)) -* Fix vim warnings on missing file, when built with USE=”minimal” ([portage-stable#260](https://github.com/flatcar-linux/portage-stable/pull/260)) -* The Torcx profile docker-1.12-no got fixed to reference the current Docker version instead of 19.03 which wasn’t found on the image, causing Torcx to fail to provide Docker ([PR#1456](https://github.com/flatcar-linux/coreos-overlay/pull/1456)) -* Use https protocol instead of git for Github URLs ([flatcar-linux/coreos-overlay#1394](https://github.com/flatcar-linux/coreos-overlay/pull/1394)) - -**Changes** -* Backported elf support for iproute2 ([flatcar-linux/coreos-overlay#1256](https://github.com/flatcar-linux/coreos-overlay/pull/1526)) -* Added GPIO support ([coreos-overlay#1236](https://github.com/flatcar-linux/coreos-overlay/pull/1236)) -* Enabled SELinux in permissive mode on ARM64 ([coreos-overlay#1245](https://github.com/flatcar-linux/coreos-overlay/pull/1245)) -* The iptables command uses the nftables kernel backend instead of the iptables backend, you can also migrate to using the nft tool instead of iptables. Containers with iptables binaries that use the iptables backend will result in mixing both kernel backends which is supported but you have to look up the rules separately (on the host you can use the iptables-legacy and friends). -* Added missing SELinux rule as initial step to resolve Torcx unpacking issue ([coreos-overlay#1426](https://github.com/flatcar-linux/coreos-overlay/pull/1426)) - -**Updates** -* Linux ([5.10.96](https://lwn.net/Articles/883442)) -* Linux Firmware ([20211216](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20211216)) -* expat ([2.4.4](https://github.com/libexpat/libexpat/blob/R_2_4_4/expat/Changes)) -* ca-certificates ([3.74](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_74.html)) -* Docker ([20.10.12](https://docs.docker.com/engine/release-notes/#201012)) -* containerd ([1.5.9](https://github.com/containerd/containerd/releases/tag/v1.5.9)) -* Go ([1.17.5](https://go.googlesource.com/go/+/refs/tags/go1.17.5)) -* systemd ([249.4](https://github.com/systemd/systemd-stable/blob/v249.4/NEWS)) -* bash ([5.1_p8](https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00003.html)) -* binutils ([2.37](https://sourceware.org/pipermail/binutils/2021-July/117384.html)) -* curl ([7.79.1](https://curl.se/changes.html#7_79_1)) -* duktape ([2.6.0](https://github.com/svaarala/duktape/blob/master/doc/release-notes-v2-6.rst)) -* ebtables ([2.0.11](https://lwn.net/Articles/806179/)) -* git ([2.32.0](https://github.com/git/git/blob/master/Documentation/RelNotes/2.32.0.txt)) -* gnupg ([2.2.29](https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html)) -* iptables ([1.8.7](https://lwn.net/Articles/843069/)) -* keyutils ([1.6.1](https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/tag/?h=v1.6.1)) -* ldb ([2.3.0](https://gitlab.com/samba-team/samba/-/tags/ldb-2.3.0)) -* libgcrypt ([1.9.4](https://dev.gnupg.org/T5402)) -* libmnl ([1.0.4](https://marc.info/?l=netfilter-devel&m=146745072727070&w=2)) -* libnftnl ([1.2.0](https://marc.info/?l=netfilter&m=162194376520385&w=2)) -* libtirpc ([1.3.2](https://www.spinics.net/lists/linux-nfs/msg84129.html)) -* lvm2 ([2.02.188](https://github.com/lvmteam/lvm2/releases/tag/v2_02_188)) -* nettle ([3.7.3](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00002.html)) -* nftables ([0.9.9](https://lwn.net/Articles/857369/)) -* net-tools ([2.10](https://sourceforge.net/p/net-tools/code/ci/v2.10/tree/)) -* openssh ([8.7_p1-r1](https://www.openssh.com/txt/release-8.7)) -* open-vm-tools ([11.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-11.3.5)) -* polkit ([0.119](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/NEWS)) -* realmd ([0.17.0](https://gitlab.freedesktop.org/realmd/realmd/-/tags/0.17.0)) -* runc ([1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3)) -* talloc ([2.3.2](https://gitlab.com/samba-team/samba/-/tags/talloc-2.3.2)) -* util-linux ([2.37.2](https://github.com/karelzak/util-linux/blob/v2.37.2/NEWS)) -* vim ([8.2.3428](https://github.com/vim/vim/releases/tag/v8.2.3428)) -* xenstore ([4.14.2](https://xenproject.org/downloads/xen-project-archives/xen-project-4-14-series/xen-project-4-14-2/)) -* SDK: gnuconfig (20210107) -* SDK: google-cloud-sdk ([355.0.0](https://groups.google.com/g/google-cloud-sdk-announce/c/HoJuttxnzNQ)) -* SDK: meson (0.57.2) -* SDK: mtools (4.0.35) -* SDK: perl ([5.34.0](https://perldoc.perl.org/perl5340delta)) -* SDK: Rust ([1.55.0](https://blog.rust-lang.org/2021/09/09/Rust-1.55.0.html)) -* SDK: texinfo ([6.8](https://github.com/debian-tex/texinfo/releases/tag/upstream%2F6.8)) - - -### calico [3.21.3](https://github.com/projectcalico/calico/releases/tag/v3.21.3) - -#### BGP Improvements -For users of BGP you can now view the status of your BGP routers, including session status, RIB / FIB contents, and agent health via the new CalicoNodeStatus API. See the API documentation for more details. - -In addition, you can control BGP advertisement of certain prefixes using the new disableBGPExport option on each IP pool, allowing greater control of your route sharing scheme. - -Pull requests: -- Added Calico node status resource (CalicoNodeStatus) which represents a collection of status information for a node that Calico reports back to the user for use during troubleshooting. libcalico-go #1502 (@song-jiang) -- Report node BGP status from calico/node. node #1234 (@song-jiang) -- Add new syncer for BGP status API. typha #662 (@song-jiang) -- Don’t export BGP routes for IP pools that have disableBGPExport==true confd #647 (@coutinhop) - -#### Service-based network policy improvements -In v3.20, we introduced egress policy rules that can match on Kubernetes services. In v3.21, we improved upon that in two ways. First, you can now use service matches in Calico NetworkPolicy and GlobalNetworkPolicy ingress rules. Second, you can now use service-based network policy rules on Windows nodes. - -Pull requests: -- Policy ingress rules now support service selectors. felix #3024 (@mgleung) -- Windows data plane support for Service-based network policy rules felix #2917 (@caseydavenport) -- Allow services to be specified in the Source field of Ingress rules libcalico-go #1517 (@mgleung) - -#### Option to run Calico as non-privileged and non-root -Calico can now optionally run in non-privileged and non-root mode, with some limitations. See the documentation for more information. - -Pull requests: -- Change node and supporting binary permissions so that they can be run as a non-root user node #1224 (@mgleung) -- CNI plugin now sets route_localnet=1 for container interfaces cni-plugin #1168 (@mgleung) -- CNI plugins now have SUID bit set in order to run as non-root cni-plugin #1168 (@mgleung) - -#### IPReservations API -You can use the new IPReservations API to reserve certain IP addresses so that they will not be used by Calico IPAM. This allows for fine-grained control of the IP space in your cluster. - -Pull requests: -- Add support for IPReservations libcalico-go #1509 (@fasaxc) - - -#### Bug fixes -- Fix a serious regression introduced in v3.21.0 where the datastore watcher could get stuck and report stale information in clusters with >500 policies/pods/etc. The bug was triggered by needing to do a resync (for example after an etcd compaction) when there were enough resources to trigger the list pager. [calico #5332](https://github.com/projectcalico/calico/pull/5332) (@robbrockbank) -- Pass ExceptUpgradeService param to stop-calico.ps1 as well node #1372 (@lmm) -- Restrict Typha server to FIPS compliant cipher suites. typha #696 (@caseydavenport) -- Fix log spam from Calico upgrade service for Windows node #1343 (@song-jiang) -- Increase timeout for setting NetworkUnavailable on shutdown node #1341 (@caseydavenport) -- Fix potential panic and memory leak in kube-controllers caused by adding and subsequently deleting IPAM blocks kube-controllers #912 (@caseydavenport) -- IPAM GC correctly handles multiple IP addresses allocated with the same handle ID. kube-controllers #903 (@caseydavenport) -- Fix bug where invalid port structures were being sent to Felix, preventing pods with hostPorts specified from working. libcalico-go #1545 (@caseydavenport) -- Downgrade repetitive info level logging in calico/node autodetection code node #1237 (@caseydavenport) -- Updated ubi base images and CentOS repos to stop CVE false positives from being reported. node #1136 (@coutinhop) -- Fixed typo in umount command pod2daemon #64 (@ScheererJ) -- Fixes this bug which caused WireGuard stats to be collected even when WireGuard was disabled. Additionally, the version of the wgctrl dependency has been updated as the previous version caused thread leaks. felix #3057 (@mikestephen) -- Fix blackhole route table interface matches to handle empty interface regexes. felix #3007 (@robbrockbank) -- Fix slow performance when updating a Kubernetes namespace when there are many Pods (and in turn, slow startup performance when there are many namespaces). felix #2964 (@fasaxc) -- Close race condition that could result in an extra IPAM block being allocated to a node. libcalico-go #1488 (@caseydavenport) -- Fix that podIP annotation could be incorrectly clobbered for stateful set pods: https://github.com/projectcalico/calico/issues/4710 libcalico-go #1472 (@fasaxc) -- Fix removal of old CNI configuration on name-change cni-plugin #1153 (@caseydavenport) -- Readiness depends on all syncers typha #613 (@robbrockbank) -- Exclude RR nodes from BGP full mesh confd #619 (@coutinhop) -- Fixed a bug in ExternalTrafficPolicy=Local that lead to connection stalling. felix #3015 (@tomastigera) -- Fixed broken connections when client used the same port to connect to the same backed via a nodeport on different nodes. felix #2983 (@tomastigera) -- The eBPF mode implementation of DoNotTrack policy was incorrectly allowing an inbound connection through a HostEndpoint, when the HostEndpoint had DoNotTrack policy for the ingress direction but not for egress. For precise compatibility with Calico’s established DoNotTrack semantics, that connection should be disallowed, and now is. (Because of the lack of connection tracking, successful use of DoNotTrack policy to allow flows requires configuring the DoNotTrack policy symmetrically in both directions.) felix #2982 (@neiljerram) - - - -#### Other changes -- Replace github.com/dgrijalva/jwt-go with active fork github.com/golang-jwt/jwt that resolves vulnerability flagged by scanners. libcalico-go #1554 (@lmm) -- calico/node logs write to /var/log/calico within the container by default, in addition to stdout node #1133 (@song-jiang) -- Read pod IP information from Amazon VPC CNI annotation, if present on the pod. libcalico-go #1523 (@caseydavenport) -- Update etcd client version to v3.5.0 libcalico-go #1495 (@Aceralon) -- Optimize lists and watches made against the Kubernetes API libcalico-go #1484 (@caseydavenport) -- WorkloadEndpoints now support hostPorts libcalico-go #1471 (@AloysAugustin) -- Include CNI plugin release v1.0.0 cni-plugin #1141 (@caseydavenport) -- Allow configuration of num_queues for Calico created veth interfaces cni-plugin #1116 (@arikachen) -- Typha now gives newly connected clients an extra grace period to catch up after sending the snapshot to reduce the possibility of cyclic disconnects. typha #614 (@fasaxc) -- Add calico-node upgrade service for upgrades on Windows node #1254 (@lmm) -- eBPF arm64/aarch64 node #1044 (@frozenprocess) -- BPF: Endpoints in EndpointsSlices that are not ready are excluded from NAT felix #3017 (@tomastigera) -- Calico’s eBPF dataplane now fully implements DoNotTrack policy felix #2910 (@neiljerram) -- Add HostPort support in the gRPC dataplane cni-plugin #1119 (@AloysAugustin) - - -### app-operator [5.6.0](https://github.com/giantswarm/app-operator/releases/tag/v5.6.0) - -#### Added -- Support watching app CRs in organization namespace with cluster label selector. - -#### Changed -- Get tarball URL for chart CRs from index.yaml for better community app catalog support. - -#### Fixed -- Embed Chart CRD in app-operator to prevent hitting GitHub API rate limits. -- When bootstrapping chart-operator the helm release should not include the cluster ID. -- Fix getting kubeconfig in chart CR watcher. -- Fix error handling in chart CR watcher when chart CRD not installed. - - -### aws-cni [1.10.2](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.10.2) - -Upgraded from version 1.10.1. Please check [upstream changelog](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.10.2) for details. - - -### aws-ebs-csi-driver [2.8.1](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.8.1) - -#### Fixed -- Use node selector according to control-plane and nodepool labels. - - -### aws-operator [10.17.0](https://github.com/giantswarm/aws-operator/releases/tag/v10.17.0) - -#### Added -- New flatcar releases. -- Add support for feature that enables forcing cgroups v1 for Flatcar version `3033.2.0` and above. - -#### Changed -- Bumped k8scloudconfig to disable rpc-statd service. -- Max pods setting per for new EC2 instances. -- Bump `etcd-cluster-migrator` version to `v1.1.0`. -- Bump `k8scloudconfig` version to `v11.0.1`. -- Changes to EncryptionConfig in order to fully work with `encryption-provider-operator`. - -#### Fixed -- Autoselect region ARN for ebs snapshots. - - -### cluster-autoscaler [1.22.2-gs3](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.22.2-gs3) - -#### Added -- Added support for specifying `balance-similar-node-groups` flag - -#### Changed -- Updated cluster-autoscaler to version `1.22.2`. - -#### Fixed -- Fix RBAC for version 1.22. - - -### external-dns [2.9.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.9.0) - -This release contains some changes to mitigate rate limiting on AWS clusters. Please take note of the defaults -for values `aws.batchChangeInterval`, `aws.zonesCacheDuration`, `externalDNS.interval` -and `externalDNS.minEventSyncInterval`. - -If you already specify `--aws-batch-change-interval` or `--aws-zones-cache-duration`, please migrate to the new values `aws.batchChangeInterval` and `aws.zonesCacheDuration`. - -#### Added -- Allow to set `--aws-batch-change-interval` through `aws.batchChangeInterval` value. Default `10s`. -- Allow to set `--aws-zones-cache-duration` through `aws.zonesCacheDuration` value. Default `3h`. - -#### Changed -- Set default `externalDNS.interval` to `5m`. -- Set default `externalDNS.minEventSyncInterval` to `30s`. -- Allow setting Route53 credentials (`externalDNS.aws_access_key_id` and `externalDNS.aws_secret_access_key`) indepentent from `aws.access` value. -- Allow setting the AWS default region (`aws.region`) indepentent from `aws.access` value. -- Allow to omit the `--domain-filter` flag completely by setting `externalDNS.domainFilterList` to null. -- Add ability to specify extra arguments to the external-dns deployment through `externalDNS.extraArgs`. - - -### kiam-watchdog [0.5.1](https://github.com/giantswarm/kiam-watchdog/releases/tag/v0.5.1) - -#### Added -- Added `--probe-mode` flag to allow using either 'route53' or 'sts' to probe AWS API. - -#### Fixed -- Fix sts successful check. - - -### kube-state-metrics [1.7.0](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.7.0) - -#### Changed -- Raise priorityClass to `system-cluster-critical` to increase scheduling chances in master-only clusters. - -#### Fixed -- Fixed missing labels from kube__labels - -### vertical-pod-autoscaler [2.1.1](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v2.1.1) - -#### Fixed -- Fix naming of VPA deployments in workload clusters. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.0.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.0.1.md deleted file mode 100644 index 7f2858b03f..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.0.1.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.0.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.0.1 - version: 17.0.1 - version_tag: v17.0.1 -date: '2022-02-23T10:00:00' -description: Release notes for AWS workload cluster release v17.0.1, published on - 23 February 2022, 10:00. -title: Workload cluster release v17.0.1 for AWS ---- - -This release allows one replica of `coredns` to run on the control plane nodes for clusters without any node pools. - -> **_Warning:_** Kubernetes v1.22 removed certain APIs and features. More details are available in the [upstream blog post](https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/). - -**Known Issues** -- Java applications are unable to identify memory limits when using a `JRE` prior to v15 in a Control Groups v2 environment. Support was added in `JRE` v15 and later. More details are available in the [upstream issue](https://bugs.openjdk.java.net/browse/JDK-8230305). We recommend using the latest LTS JRE available (currently v17) to ensure continued compatibility with future releases. - -**Control Groups v1** -To ensure a smooth transition, in case you need time to modify applications to make them compatible with Control Groups v2, we provide a mechanism that will allow using Control Groups v1 on specific node pools. More details are available in our [documentation](https://docs.giantswarm.io/advanced/forcing-cgroupsv1/). - -**Note when upgrading from v16 to v17:** Existing `Vertical Pod Autoscaler` app installations need to be removed from the workload cluster prior to upgrading to v17 because the `Vertical Pod Autscaler` is provided as a default application. The two applications have different names which leads to them fighting each other. - -## Change details - - -### coredns [1.8.0](https://github.com/giantswarm/coredns-app/releases/tag/v1.8.0) - -#### Changed -- Add deployment to run one replica of coredns in master nodes (for clusters with no node pools). diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.0.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.0.2.md deleted file mode 100644 index bd640f1391..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.0.2.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.0.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.0.2 - version: 17.0.2 - version_tag: v17.0.2 -date: '2022-03-10T11:21:44' -description: Release notes for AWS workload cluster release v17.0.2, published on - 10 March 2022, 11:21. -title: Workload cluster release v17.0.2 for AWS ---- - -This release downgrades the version of the Flatcar AMI from `3033.2.2` to `3033.2.0` due to a bug in version `3033.2.1` -> `3033.2.3` preventing successful boot on some EC2 instance type families. (Notably the `m4` instance types) - -* [Giant Swarm roadmap issue](https://github.com/giantswarm/roadmap/issues/891) -* [Upstream bug issue](https://github.com/flatcar-linux/Flatcar/issues/665) - -**Note when upgrading from v16 to v17:** Existing `Vertical Pod Autoscaler` app installations need to be removed from the workload cluster prior to upgrading to v17 because the `Vertical Pod Autscaler` is provided as a default application. The two applications have different names which leads to them fighting each other. - -## Change details - -### containerlinux [3033.2.0](https://www.flatcar-linux.org/releases/#release-3033.2.0) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.1.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.1.0.md deleted file mode 100644 index 0fad3fe8b4..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.1.0.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.1.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.1.0 - version: 17.1.0 - version_tag: v17.1.0 -date: '2022-03-15T08:00:00' -description: Release notes for AWS workload cluster release v17.1.0, published on - 15 March 2022, 08:00. -title: Workload cluster release v17.1.0 for AWS ---- - -This release introduces IAM roles for service accounts (IRSA) as an alternative to Kiam. More details are available in the [documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/). - -> **_Warning:_** IAM roles for service accounts requires the following additional permissions to be granted: -- `iam:CreateOpenIDConnectProvider` -- `iam:DeleteOpenIDConnectProvider` -- `iam:TagOpenIDConnectProvider` -- `iam:UntagOpenIDConnectProvider` -- `s3:PutObjectAcl` - -All the AWS prerequisites are available in the [giantswarm-aws-account-prerequisites repository](https://github.com/giantswarm/giantswarm-aws-account-prerequisites). - -**Note when upgrading from v16 to v17:** Existing `Vertical Pod Autoscaler` app installations need to be removed from the workload cluster prior to upgrading to v17 because the `Vertical Pod Autscaler` is provided as a default application. The two applications have different names which leads to them fighting each other. - - -## Change details - - -### cluster-operator [3.14.1](https://github.com/giantswarm/cluster-operator/releases/tag/v3.14.1) - -#### Added -- Add IAM Roles for Service Accounts feature support for AWS. - -### Changed -- Update `aws-pod-identity-webhook` app version. - - - -### aws-operator [10.18.0](https://github.com/giantswarm/aws-operator/releases/tag/v10.18.0) - -#### Added -- Add support for IAM Roles for Service Accounts feature. - - - -### net-exporter [1.11.0](https://github.com/giantswarm/net-exporter/releases/tag/v1.11.0) - -#### Added -- Add networkpolicy to allow egress towards `k8s-dns-node-cache-app` endpoints. - - - -### kiam [2.2.0](https://github.com/giantswarm/kiam-app/releases/tag/v2.2.0) - -#### Changed -- Updated `whiteListRouteRegexp` to default to `/latest/meta-data/placement/availability-zone` - -#### Fixed -- Merged two release workflows into one to handle both tags - -#### Added -- Build script to generate an IRSA compatible version of each release diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.2.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.2.0.md deleted file mode 100644 index e925dd3759..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.2.0.md +++ /dev/null @@ -1,191 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.2.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.2.0 - version: 17.2.0 - version_tag: v17.2.0 -date: '2022-04-04T08:00:00' -description: Release notes for AWS workload cluster release v17.2.0, published on - 04 April 2022, 08:00. -title: Workload cluster release v17.2.0 for AWS ---- - -This release improves the performance of `etcd` by using `gp3` volumes with provisioned IOPS. It also provides stability improvements, bug fixes and security fixes for various components. - -**Highlights** -- [`etcd` `gp3` volumes with provisioned IOPS](https://github.com/giantswarm/roadmap/issues/916); -- [Control Groups v1 can be enabled without rebooting the instance](https://github.com/giantswarm/roadmap/issues/944); -- [`m4` instance types can be used again](https://github.com/giantswarm/roadmap/issues/891); -- Security fixes: - * 11 Linux CVEs; - * 5 expat CVEs; - * 4 Go CVEs; - * 1 systemd CVE; - * 1 containerd CVE; - * 1 openssl CVE; - * 1 ignition - -**Note when upgrading from v16 to v17:** Existing `Vertical Pod Autoscaler` app installations need to be removed from the workload cluster prior to upgrading to v17 because the `Vertical Pod Autscaler` is provided as a default application. The two applications have different names which leads to them fighting each other. - -## Change details - - -### aws-operator [11.1.0](https://github.com/giantswarm/aws-operator/releases/tag/v11.1.0) - -#### Added - - Add annotation to ASG to make cluster-autoscaler work when scaling from zero replicas. - -#### Changed -- Update CAPI dependencies. -- Allow resource limits/requests to be passed as values. -- Switch `gp2` to `gp3` volumes. -- Allow etcd volume IOPS and Throughput to be set. - - - -### cluster-operator [4.0.1](https://github.com/giantswarm/cluster-operator/releases/tag/v4.0.1) - -#### Changed -- Update CAPI dependencies. - -#### Fixed -- Only list apps from cluster namespace. - - - -### kubernetes [1.22.8](https://github.com/kubernetes/kubernetes/releases/tag/v1.22.8) - -#### API Change -- Fixes a regression in v1beta1 PodDisruptionBudget handling of "strategic merge patch"-type API requests for the `selector` field. Prior to 1.21, these requests would merge `matchLabels` content and replace `matchExpressions` content. In 1.21, patch requests touching the `selector` field started replacing the entire selector. This is consistent with server-side apply and the v1 PodDisruptionBudget behavior, but should not have been changed for v1beta1. ([#108141](https://github.com/kubernetes/kubernetes/pull/108141), [@liggitt](https://github.com/liggitt)) [SIG Auth and Testing] - -#### Feature -- Kubernetes is now built with Golang 1.16.15 ([#108564](https://github.com/kubernetes/kubernetes/pull/108564), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] - -#### Bug or Regression -- Bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client to v0.0.30, fixing goroutine leaks in kube-apiserver. ([#108439](https://github.com/kubernetes/kubernetes/pull/108439), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery, Auth and Cloud Provider] -- Fix static pod restarts in cases where the container is not present. ([#108189](https://github.com/kubernetes/kubernetes/pull/108189), [@rphillips](https://github.com/rphillips)) [SIG Node] -- Fixes a bug where a partial EndpointSlice update could cause node name information to be dropped from endpoints that were not updated. ([#108202](https://github.com/kubernetes/kubernetes/pull/108202), [@robscott](https://github.com/robscott)) [SIG Network] -- Fixes a regression in the kubelet restarting static pods. ([#108303](https://github.com/kubernetes/kubernetes/pull/108303), [@rphillips](https://github.com/rphillips)) [SIG Node and Testing] -- Increase Azure ACR credential provider timeout ([#108209](https://github.com/kubernetes/kubernetes/pull/108209), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix Azurefile volumeid collision issue in csi migration ([#107575](https://github.com/kubernetes/kubernetes/pull/107575), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fix: delete non existing Azure disk issue ([#107406](https://github.com/kubernetes/kubernetes/pull/107406), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix: ignore the case when comparing azure tags in service annotation (azure) ([#107580](https://github.com/kubernetes/kubernetes/pull/107580), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider] - -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.27 → v0.0.30 -- k8s.io/utils: bdf08cb → 6203023 -#### Removed -_Nothing has changed._ - - - -### containerlinux [3033.2.4](https://www.flatcar-linux.org/releases/#release-3033.2.4) - -New **Stable** Release **3033.2.4** - -**Changes since Stable-3033.2.3** - -#### Security fixes -- Linux - - [CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636) - - [CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) - - [CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617) - - [CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959) - - [CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492) - - [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516) - - [CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435) - - [CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487) - - [CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375) - - [CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258) - - [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847) -- Go - - [CVE-2022-24921](https://nvd.nist.gov/vuln/detail/CVE-2022-24921) - - [CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806) - - [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772) - - [CVE-2022-23773](https://nvd.nist.gov/vuln/detail/CVE-2022-23773) -- systemd ([CVE-2021-3997](https://nvd.nist.gov/vuln/detail/CVE-2021-3997)) -- containerd ([CVE-2022-23648](https://nvd.nist.gov/vuln/detail/CVE-2022-23648)) -- openssl ([CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778)) -- ignition - - [CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040) -- expat - - [CVE-2022-25235](https://nvd.nist.gov/vuln/detail/CVE-2022-25235) - - [CVE-2022-25236](https://nvd.nist.gov/vuln/detail/CVE-2022-25236) - - [CVE-2022-25313](https://nvd.nist.gov/vuln/detail/CVE-2022-25313) - - [CVE-2022-25314](https://nvd.nist.gov/vuln/detail/CVE-2022-25314) - - [CVE-2022-25315](https://nvd.nist.gov/vuln/detail/CVE-2022-25315) - -#### Bug fixes -- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar-linux/Flatcar/issues/665), [coreos-overlay#1720](https://github.com/flatcar-linux/coreos-overlay/pull/1720)) -- Disabled the systemd-networkd settings ManageForeignRoutes and ManageForeignRoutingPolicyRules by default to ensure that CNIs like Cilium don’t get their routes or routing policy rules discarded on network reconfiguration events ([Flatcar#620](https://github.com/flatcar-linux/Flatcar/issues/620)). -- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directory when creating a btrfs root filesystem ([ignition#35](https://github.com/flatcar-linux/ignition/pull/35)) -- Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium ([Flatcar#626](https://github.com/flatcar-linux/Flatcar/issues/626), [coreos-overlay#1682](https://github.com/flatcar-linux/coreos-overlay/pull/1682)) - -#### Changes -- Added support for switching back to CGroupsV1 without requiring a reboot. Create `/etc/flatcar-cgroupv1` through ignition. ([coreos-overlay#1666](https://github.com/flatcar-linux/coreos-overlay/pull/1666)) - -#### Updates -- Linux ([5.10.107](https://lwn.net/Articles/888522) (from 5.10.102, includes [5.10.103](https://lwn.net/Articles/886570), [5.10.104](https://lwn.net/Articles/887220), [5.10.105](https://lwn.net/Articles/887639), [5.10.106](https://lwn.net/Articles/888115))) -- Go ([1.17.8](https://go.googlesource.com/go/+/refs/tags/go1.17.8)) -- systemd ([249.10](https://github.com/systemd/systemd-stable/releases/tag/v249.10)) -- ca-certificates ([3.76](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_76.html)) -- containerd ([1.5.10](https://github.com/containerd/containerd/releases/tag/v1.5.10)) -- openssl ([1.1.1n](https://www.openssl.org/news/changelog.html#openssl-111)) -- expat ([2.4.6](https://github.com/libexpat/libexpat/blob/R_2_4_6/expat/Changes)) - - - -### kiam [2.3.0](https://github.com/giantswarm/kiam-app/releases/tag/v2.3.0) - -#### Added -- Add VerticalPodAutoscaler CR. - - - -### kiam-watchdog [0.6.0](https://github.com/giantswarm/kiam-watchdog/releases/tag/v0.6.0) - -#### Added -- Add VerticalPodAutoscaler CR. - - - -### aws-ebs-csi-driver [2.9.0](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.9.0) - -#### Added -- Add VerticalPodAutoscaler CR. - - - -### chart-operator [2.20.1](https://github.com/giantswarm/chart-operator/releases/tag/v2.20.1) - -#### Changed -- Use `apptestctl` to install CRDs in integration tests to avoid hitting GitHub rate limits. - -#### Fixed -- Fix `status` resource to use Helm release status if it exists. - - - -### cert-operator [2.0.0](https://github.com/giantswarm/cert-operator/releases/tag/v2.0.0) - -#### Changed -- Use v1beta1 CAPI CRDs. -- Bump `giantswarm/apiextensions` to `v6.0.0`. -- Bump `giantswarm/exporterkit` to `v1.0.0`. -- Bump `giantswarm/microendpoint` to `v1.0.0`. -- Bump `giantswarm/microerror` to `v0.4.0`. -- Bump `giantswarm/microkit` to `v1.0.0`. -- Bump `giantswarm/micrologger` to `v0.6.0`. -- Bump `giantswarm/k8sclient` to `v7.0.1`. -- Bump `giantswarm/operatorkit` to `v7.0.1`. -- Bump k8s dependencies to `v0.22.2`. -- Bump `controller-runtime` to `v0.10.3`. -- Use `apptestctl` to install CRDs in integration tests to avoid hitting GitHub rate limits. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.3.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.3.0.md deleted file mode 100644 index ba75fb3e57..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.3.0.md +++ /dev/null @@ -1,343 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.3.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.3.0 - version: 17.3.0 - version_tag: v17.3.0 -date: '2022-04-25T09:00:00' -description: Release notes for AWS workload cluster release v17.3.0, published on - 25 April 2022, 09:00. -title: Workload cluster release v17.3.0 for AWS ---- - -This release adds support for [Node Local DNS Cache](https://github.com/giantswarm/roadmap/issues/828). It also provides stability improvements, bug fixes and security fixes for various components. - -**Highlights** -- [Node Local DNS Cache](https://github.com/giantswarm/roadmap/issues/828). It can be enabled by installing the `k8s-dns-node-cache-app` from the `Playground` catalog; -- Tag `IAM Roles for Service Accounts` AWS resources. See [roadmap issue](https://github.com/giantswarm/roadmap/issues/984); -- Enable encryption for the S3 bucket used by `IAM Roles for Service Accounts`. See [roadmap issue](https://github.com/giantswarm/roadmap/issues/985); -- VPA configuration for `kube-proxy`; -- Security fixes: - * 18 SDK: QEMU CVEs; - * 8 vim CVEs; - * 4 SDK: edk2-ovmf CVEs; - * 3 SDK: mantle CVEs; - * 2 Linux CVEs; - * 2 containerd CVEs; - * 2 Ignition CVEs; - * 2 Go CVEs; - * 2 libarchive CVEs; - * 2 torcx CVEs; - * 1 OpenSSH CVE; - * 1 openssl CVE; - * 1 gcc CVE; - * 1 krb5 CVE; - * 1 SDK: libxslt CVE; - * 1 SDK: Rust. - - -## Change details - -### aws-ebs-csi-driver [2.12.0](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.12.0) - -#### Added -- Allow specifying `driverMode` for the `controller` component. -- Also push to control-plane app catalog. - -#### Changed -- Allow specifying `nodeSelector` and `hostNetwork` for `controller` and `node`. -- Bump aws-ebs-csi-driver version to `v1.5.1`. - - -### aws-operator [11.9.2](https://github.com/giantswarm/aws-operator/releases/tag/v11.9.2) - -#### Added -- Added separate service account flag for IRSA. -- Add `POD_SECURITY_GROUP_ENFORCING_MODE` to `aws-node` Daemonset. -- Added latest flatcar images. - -#### Fixed -- Issuer S3 endpoint for IRSA. -- AWS Region Endpoint for IRSA. -- Ignore S3 bucket deletion for audit logs. - -#### Removed -- Remove tag `kubernetes.io/role/internal-elb` from machine deployment subnets. - -#### Changed -- Bumped k8scc to 13.4.0 to enable VPA for kube-proxy. - - - -### aws-cni [1.11.0](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.11.0) - -Upgraded from version 1.10.2. Please check [upstream changelog](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.11.0) for details. - -### cert-operator [2.0.1](https://github.com/giantswarm/cert-operator/releases/tag/v2.0.1) - -#### Fixed -- Bump go module major version. - - - -### cluster-operator [4.0.2](https://github.com/giantswarm/cluster-operator/releases/tag/v4.0.2) - -#### Fixed -- List apps by namespace. - - - -### containerlinux [3139.2.0](https://www.flatcar-linux.org/releases/#release-3139.2.0) - -New **Stable** Release **3139.2.0** - -_Changes since **Stable 3033.2.4**_ - -#### Security fixes: - -- Linux ([CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016)) -- Go ([CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716), [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717)) -- containerd ([CVE-2021-43816](https://nvd.nist.gov/vuln/detail/CVE-2021-43816), [CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769)) -- gcc ([CVE-2020-13844](https://nvd.nist.gov/vuln/detail/CVE-2020-13844)) -- Ignition ([CVE-2020-14040](https://nvd.nist.gov/vuln/detail/CVE-2020-14040), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561)) -- krb5 ([CVE-2021-37750](https://nvd.nist.gov/vuln/detail/CVE-2021-37750)) -- libarchive ([libarchive-1565](https://github.com/libarchive/libarchive/issues/1565), [libarchive-1566](https://github.com/libarchive/libarchive/issues/1566)) -- OpenSSH ([CVE-2021-41617](https://nvd.nist.gov/vuln/detail/CVE-2021-41617)) -- openssl ([CVE-2021-4044](https://nvd.nist.gov/vuln/detail/CVE-2021-4044)) -- torcx ([CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565)) -- vim ([CVE-2021-3872](https://nvd.nist.gov/vuln/detail/CVE-2021-3872), [CVE-2021-3875](https://nvd.nist.gov/vuln/detail/CVE-2021-3875), [CVE-2021-3903](https://nvd.nist.gov/vuln/detail/CVE-2021-3903), [CVE-2021-3927](https://nvd.nist.gov/vuln/detail/CVE-2021-3927), [CVE-2021-3928](https://nvd.nist.gov/vuln/detail/CVE-2021-3928), [CVE-2021-3968](https://nvd.nist.gov/vuln/detail/CVE-2021-3968), [CVE-2021-3973](https://nvd.nist.gov/vuln/detail/CVE-2021-3973), [CVE-2021-3974](https://nvd.nist.gov/vuln/detail/CVE-2021-3974)) -- SDK: edk2-ovmf ([CVE-2019-14584](https://nvd.nist.gov/vuln/detail/CVE-2019-14584), [CVE-2021-28210](https://nvd.nist.gov/vuln/detail/CVE-2021-28210), [CVE-2021-28211](https://nvd.nist.gov/vuln/detail/CVE-2021-28211), [CVE-2021-28213](https://nvd.nist.gov/vuln/detail/CVE-2021-28213)) -- SDK: libxslt ([CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560)) -- SDK: mantle ([CVE-2021-3121](https://nvd.nist.gov/vuln/detail/CVE-2021-3121), [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561), [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565)) -- SDK: QEMU ([CVE-2020-35504](https://nvd.nist.gov/vuln/detail/CVE-2020-35504), [CVE-2020-35505](https://nvd.nist.gov/vuln/detail/CVE-2020-35505), [CVE-2020-35506](https://nvd.nist.gov/vuln/detail/CVE-2020-35506), [CVE-2020-35517](https://nvd.nist.gov/vuln/detail/CVE-2020-35517), [CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255), [CVE-2021-20257](https://nvd.nist.gov/vuln/detail/CVE-2021-20257), [CVE-2021-20263](https://nvd.nist.gov/vuln/detail/CVE-2021-20263), [CVE-2021-3409](https://nvd.nist.gov/vuln/detail/CVE-2021-3409), [CVE-2021-3416](https://nvd.nist.gov/vuln/detail/CVE-2021-3416), [CVE-2021-3527](https://nvd.nist.gov/vuln/detail/CVE-2021-3527), [CVE-2021-3544](https://nvd.nist.gov/vuln/detail/CVE-2021-3544), [CVE-2021-3545](https://nvd.nist.gov/vuln/detail/CVE-2021-3545), [CVE-2021-3546](https://nvd.nist.gov/vuln/detail/CVE-2021-3546), [CVE-2021-3582](https://nvd.nist.gov/vuln/detail/CVE-2021-3582), [CVE-2021-3607](https://nvd.nist.gov/vuln/detail/CVE-2021-3607), [CVE-2021-3608](https://nvd.nist.gov/vuln/detail/CVE-2021-3608), [CVE-2021-3682](https://nvd.nist.gov/vuln/detail/CVE-2021-3682)) -- SDK: Rust ([CVE-2022-21658](https://nvd.nist.gov/vuln/detail/CVE-2022-21658)) - -#### Bug fixes: - -- Excluded the Kubenet cbr0 interface from networkd's DHCP config and set it to Unmanaged to prevent interference and ensure that it is not part of the network online check ([init#55](https://github.com/flatcar-linux/init/pull/55)) -- Fixed the dracut emergency Ignition log printing that had a scripting error causing the cat command to fail ([bootengine#33](https://github.com/flatcar-linux/bootengine/pull/33)) -- network: Accept ICMPv6 Router Advertisements to fix IPv6 address assignment in the default DHCP setting ([init#51](https://github.com/flatcar-linux/init/pull/51), [coreos-cloudinit#12](https://github.com/flatcar-linux/coreos-cloudinit/pull/12), [bootengine#30](https://github.com/flatcar-linux/bootengine/pull/30)) -- flatcar-update: Stopped checking for the `USER` environment variable which may not be set in all environments, causing the script to fail unless a workaround was used like prepending an additional `sudo` invocation ([init#58](https://github.com/flatcar-linux/init/pull/58)) -- Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) ([Flatcar#665](https://github.com/flatcar-linux/Flatcar/issues/665), [coreos-overlay#1723](https://github.com/flatcar-linux/coreos-overlay/pull/1723)) -- Re-added the `brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc` kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used ([bootengine#40](https://github.com/flatcar-linux/bootengine/pull/40)) - -#### Changes: - -- Added a new flatcar-update tool to the image to ease manual updates, rollbacks, channel/release jumping, and airgapped updates ([init#53](https://github.com/flatcar-linux/init/pull/53)) -- Update-engine now creates the `/run/reboot-required` flag file for [kured](https://github.com/weaveworks/kured) ([update_engine#15](https://github.com/flatcar-linux/update_engine/pull/15)) -- Excluded special network interface devices like bridge, tunnel, vxlan, and veth devices from the default DHCP configuration to prevent networkd interference ([init#56](https://github.com/flatcar-linux/init/pull/56)) -- Added CONFIG_NF_CT_NETLINK_HELPER (for libnetfilter_cthelper), CONFIG_NET_VRF (for virtual routing and forwarding) and CONFIG_KEY_DH_OPERATIONS (for keyutils) to the kernel config ([coreos-overlay#1524](https://github.com/flatcar-linux/coreos-overlay/pull/1524)) -- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([coreos-overlay#1602](https://github.com/flatcar-linux/coreos-overlay/pull/1602)) -- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar-linux/portage-stable/pull/312)) -- Rework the way we set up the default python intepreter in SDK - it is now without specifying a version. This should work fine as long as we keep having one version of python in SDK. -- Add a way to remove packages that are hard-blockers for update. A hard-blocker means that the package needs to be removed (for example with `emerge -C`) before an update can happen. -- Removed the pre-shipped `/etc/flatcar/update.conf` file, leaving it totally to the user to define the contents as it was unnecessarily overwriting the `/use/share/flatcar/update.conf` ([scripts#212](https://github.com/flatcar-linux/scripts/pull/212)) - -#### Updates: - -- Linux ([5.15.32](https://lwn.net/Articles/889438)) (from 5.15.30) -- Linux headers ([5.15](https://lwn.net/Articles/876611/)) -- GCC [9.4.0](https://lists.gnu.org/archive/html/info-gnu/2021-06/msg00000.html) -- acl ([2.3.1](https://git.savannah.nongnu.org/cgit/acl.git/log/?h=v2.3.1)) -- attr ([2.5.1](https://git.savannah.nongnu.org/cgit/attr.git/log/?h=v2.5.1)) -- audit ([3.0.6](https://listman.redhat.com/archives/linux-audit/2021-October/msg00000.html)) -- boost ([1.76.0](https://www.boost.org/users/history/version_1_76_0.html)) -- btrfs-progs ([5.15.1](https://btrfs.wiki.kernel.org/index.php/Changelog#btrfs-progs_v5.15_.28Nov_2021.29)) -- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html)) -- containerd ([1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11)) -- coreutils ([8.32](https://lists.gnu.org/archive/html/coreutils-announce/2020-03/msg00000.html)) -- diffutils ([3.8](https://lists.gnu.org/archive/html/info-gnu/2021-08/msg00000.html)) -- ethtool ([5.10](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v5.10)) -- findutils ([4.8.0](https://savannah.gnu.org/forum/forum.php?forum_id=9914)) -- glib ([2.68.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.68.4)) -- i2c-tools ([4.2](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/log/?h=v4.2)) -- iproute2 ([5.15](https://lwn.net/ml/linux-kernel/20211101164705.6f4f2e41%40hermes.local/)) -- ipset ([7.11](https://ipset.netfilter.org/changelog.html)) -- iputils ([20210722](https://github.com/iputils/iputils/releases/tag/20210722)) -- ipvsadm ([1.27](http://archive.linuxvirtualserver.org/html/lvs-devel/2013-09/msg00011.html)) -- kmod ([29](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=b6ecfc916a17eab8f93be5b09f4e4f845aabd3d1)) -- libarchive [3.5.2](https://github.com/libarchive/libarchive/releases/tag/v3.5.2) -- libcap-ng ([0.8.2](https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.2)) -- libseccomp ([2.5.1](https://github.com/seccomp/libseccomp/releases/tag/v2.5.1)) -- lshw ([02.19.2b_p20210121](https://www.ezix.org/project/wiki/HardwareLiSter#Changes)) -- lsof ([4.94.0](https://github.com/lsof-org/lsof/releases/tag/4.94.0)) -- openssh ([8.8](http://www.openssh.com/txt/release-8.8)) -- openssl ([3.0.2](https://www.openssl.org/news/changelog.html#openssl-30)) -- parted ([3.4](https://savannah.gnu.org/forum/forum.php?forum_id=9924) (includes [3.3](https://savannah.gnu.org/forum/forum.php?forum_id=9569))) -- pciutils ([3.7.0](https://github.com/pciutils/pciutils/commit/864aecdea9c7db626856d8d452f6c784316a878c)) -- polkit ([0.120](https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.120/NEWS)) -- runc ([1.1.0](https://github.com/opencontainers/runc/releases/tag/v1.1.0)) -- sbsigntools ([0.9.4](https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/tag/?h=v0.9.4)) -- sed ([4.8](https://savannah.gnu.org/forum/forum.php?forum_id=9647)) -- usbutils ([014](https://github.com/gregkh/usbutils/commit/57fb18e59cce31a50a1ca62d1e192512c905ba00)) -- vim [8.2.3582](https://github.com/vim/vim/releases/tag/v8.2.3582) -- Azure: Python for OEM images ([3.9.8](https://www.python.org/downloads/release/python-398/)) -- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2)) -- SDK: edk2-ovmf [202105](https://github.com/tianocore/edk2/releases/tag/edk2-stable202105) -- SDK: file ([5.40](https://mailman.astron.com/pipermail/file/2021-March/000478.html)) -- SDK: ipxe [1.21.1](https://github.com/ipxe/ipxe/releases/tag/v1.21.1) -- SDK: mantle ([0.18.0](https://github.com/flatcar-linux/mantle/releases/tag/v0.18.0)) -- SDK: perf ([5.15](https://kernelnewbies.org/LinuxChanges#Linux_5.15.Tracing.2C_perf_and_BPF)) -- SDK: Python ([3.9.8](https://www.python.org/downloads/release/python-398/)) -- SDK: qemu ([6.1.0](https://wiki.qemu.org/ChangeLog/6.1) -- SDK: Rust ([1.58.1](https://github.com/rust-lang/rust/releases/tag/1.58.1)) -- SDK: seabios [1.14.0](https://seabios.org/Releases#SeaBIOS_1.14.0) -- SDK: sgabios [0.1_pre10](https://git.qemu.org/?p=sgabios.git;a=tree;h=a85446adb0e0) - -_Changes since **Beta 3139.1.1**_ - -#### Security fixes: - -- Linux ([CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016)) -- containerd ([CVE-2022-24769](https://nvd.nist.gov/vuln/detail/CVE-2022-24769)) - -#### Changes: - -- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar-linux/portage-stable/pull/312)) - -#### Updates: - -- Linux ([5.15.32](https://lwn.net/Articles/889438)) (from 5.15.30) -- ca-certificates ([3.77](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_77.html)) -- containerd ([1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11)) -- Azure: WALinuxAgent ([2.6.0.2](https://github.com/Azure/WALinuxAgent/releases/tag/v2.6.0.2)) - - - -### app-operator [5.9.0](https://github.com/giantswarm/app-operator/releases/tag/v5.9.0) - -#### Changed -- Update `helmclient` to v4.10.0. -- Update giantswarm/appcatalog to `v0.7.0`, adding support for internal OCI chart catalogs. - -#### Added -- Add support for relative URLs in catalog indexes. -- Annotate App CRs after bootstrapping chart-operator to trigger reconciliation. - -#### Fixed -- Continue processing `AppCatalogEntry` CRs if an error occurs. -- Only show `AppCatalogEntry` CRs that are compatible with the current provider. -- For internal catalogs generate tarball URLs instead of checking `index.yaml` -to prevent chicken egg problems in new clusters. -- Fix label selector in app values watcher so it supports CAPI clusters. -- Strip cluster name from App CR name to determine Chart CR name in `chart/current.go` resource to fix WC app updates. -- Allow usage of chart-operator PSP so it can be bootstrapped. -- Fixing patch to not reset fields. -- Remove compatible providers validation for `AppCatalogEntry` as its overly strict. -- Push image to Docker Hub to not rely on crsync. -- Restrict PSP usage to only named resource. - - - -### cert-exporter [2.2.0](https://github.com/giantswarm/cert-exporter/releases/tag/v2.2.0) - -#### Changed -- Change priorityClass to `system-node-critical` for the daemonset. -- Make exporter's monitor flags configurable. - -#### Fixed -- Allow egress to port 1053 to make in-cluster DNS queries work. -- Allow egress to port 443 to allow accessing vault. - - - -### cert-manager [2.13.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.13.0) - -#### Changed -- Use retagged container image for HTTP01 AcmeSolver ([#212](https://github.com/giantswarm/cert-manager-app/pull/212)) -- Pin kubectl to 1.23.3 in crd-install and clusterissuer-install jobs ([#216](https://github.com/giantswarm/cert-manager-app/pull/216)) -- Add `application.giantswarm.io/team` to default labels ([#224](https://github.com/giantswarm/cert-manager-app/pull/224)). - - - -### chart-operator [2.21.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.21.0) - -#### Changed -- Update `helmclient` to v4.10.0. - - - -### cluster-autoscaler [1.22.2-gs6](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.22.2-gs6) - -#### Added -- Support cloud provider alias names (GCP -> GCE). - -#### Fixed -- Updated to correct cluster-autoscaler version. -- Use GS-built 1.22 image to deliver upstream [unreleased fix](https://github.com/kubernetes/autoscaler/pull/4600). - - - -### coredns [1.9.0](https://github.com/giantswarm/coredns-app/releases/tag/v1.9.0) - -#### Added -- Add toleration for `node.cloudprovider.kubernetes.io/uninitialized`. -#### Changed -- Update `coredns` to upstream version [1.8.7](https://coredns.io/2021/12/09/coredns-1.8.7-release/). - - - - -### external-dns [2.9.1](https://github.com/giantswarm/external-dns-app/releases/tag/v2.9.1) - -#### Changed -- Allow setting the AWS default region (`aws.region`) indepentent from any other value. - - - -### kiam-watchdog [0.7.0](https://github.com/giantswarm/kiam-watchdog/releases/tag/v0.7.0) - -#### Added -- Add PriorityClassName. - - - -### kubernetes [1.22.9](https://github.com/kubernetes/kubernetes/releases/tag/v1.22.9) - -#### Bug or Regression - -- Fixed a regression that could incorrectly reject pods with OutOfCpu errors if they were rapidly scheduled after other pods were reported as complete in the API. The Kubelet now waits to report the phase of a pod as terminal in the API until all running containers are guaranteed to have stopped and no new containers can be started. Short-lived pods may take slightly longer (~1s) to report Succeeded or Failed after this change. ([#108749](https://github.com/kubernetes/kubernetes/pull/108749), [@bobbypage](https://github.com/bobbypage)) [SIG Apps, Node and Testing] -- Fixes error handling in a kubectl method used in downstream packages. ([#108520](https://github.com/kubernetes/kubernetes/pull/108520), [@heybronson](https://github.com/heybronson)) [SIG CLI] - -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -_Nothing has changed._ -#### Removed -_Nothing has changed._ - - - -### kube-state-metrics [1.10.0](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.10.0) - -#### Changed -- Make `--metric-labels-allowlist` configurable through user values. -- Add Node Pool labels to the default allowed labels in `--metric-labels-allowlist`. -- Allow `giantswarm.io/service-type` labels from kube__labels (Deployment, DaemonSet, StatefulSet). - - - -### net-exporter [1.12.0](https://github.com/giantswarm/net-exporter/releases/tag/v1.12.0) - -#### Changed -- Use parameter for CoreDNS namespace (defaulted to kube-system) - - - -### vertical-pod-autoscaler [2.1.2](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v2.1.2) - -#### Fixed -- Fixed default value for admission controller PDB. - - - -### vertical-pod-autoscaler-crd [1.0.1](https://github.com/giantswarm/vertical-pod-autoscaler-crd/releases/tag/v1.0.1) - -#### Added -- Add cluster singleton restriction so app can only be installed once. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.3.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.3.1.md deleted file mode 100644 index c7160a5a94..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.3.1.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.3.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.3.1 - version: 17.3.1 - version_tag: v17.3.1 -date: '2022-05-02T11:17:02' -description: Release notes for AWS workload cluster release v17.3.1, published on - 02 May 2022, 11:17. -title: Workload cluster release v17.3.1 for AWS ---- - -This release fixes a bug in AWS CNI when external SNAT is enabled. - -## Change details - - -### aws-operator [11.9.3](https://github.com/giantswarm/aws-operator/releases/tag/v11.9.3) - -#### Fixed -- Set `AWS_VPC_K8S_CNI_RANDOMIZESNAT` to `prng` when SNAT is enabled. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.3.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.3.2.md deleted file mode 100644 index 9ef1b6762d..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.3.2.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.3.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.3.2 - version: 17.3.2 - version_tag: v17.3.2 -date: '2022-05-11T10:00:00' -description: Release notes for AWS workload cluster release v17.3.2, published on - 11 May 2022, 10:00. -title: Workload cluster release v17.3.2 for AWS ---- - -This release reintroduces tagging private subnets on node pools to enable autodiscovery for internal ELBs by setting the annotation `alpha.aws.giantswarm.io/internal-elb: ""` on AWSMachineDeployment CR's. - -## Change details - - -### aws-operator [11.10.0](https://github.com/giantswarm/aws-operator/releases/tag/v11.10.0) - -#### Added - - Set optionally the `kubernetes.io/role/internal-elb` tag to machine deployment subnets. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.3.3.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.3.3.md deleted file mode 100644 index 956960830d..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.3.3.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.3.3/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.3.3 - version: 17.3.3 - version_tag: v17.3.3 -date: '2022-06-02T10:00:00' -description: Release notes for AWS workload cluster release v17.3.3, published on - 02 June 2022, 10:00. -title: Workload cluster release v17.3.3 for AWS ---- - -This release provides security hardening of app-operator to tighten RBAC permissions as well as honoring write contexts more accurately. - -## Change details - - -### app-operator [5.10.2](https://github.com/giantswarm/app-operator/releases/tag/v5.10.2) - -#### Fixed -- Add missing permissions for `apps/deployments`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.0.md deleted file mode 100644 index 316b0b5673..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.0.md +++ /dev/null @@ -1,170 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.4.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.4.0 - version: 17.4.0 - version_tag: v17.4.0 -date: '2022-07-05T14:27:03' -description: Release notes for AWS workload cluster release v17.4.0, published on - 05 July 2022, 14:27. -title: Workload cluster release v17.4.0 for AWS ---- - -This is a security release featuring the latest version of Kubernetes 1.22 (1.22.11), Flatcar Container Linux (3139.2.3) and all of Giant Swarm applications. -It also enables auditd monitoring of `execve` syscalls to ease audit logging and adds a new exporter to get visibility over the number of objects stored in the Kubernetes API at all times. - -## Change details - - -### aws-operator [11.16.0](https://github.com/giantswarm/aws-operator/releases/tag/v11.16.0) - -#### Added -- Added new flatcar 3139.2.3 image release. -#### Changed -- Tighten pod and container security contexts for PSS restricted policies. -- Bump `k8scc` to enable `auditd` monitoring for `execve` syscalls. - - - -### cluster-operator [4.3.0](https://github.com/giantswarm/cluster-operator/releases/tag/v4.3.0) - -#### Changed -- Do not update "app-operator.giantswarm.io/version" label on app-operators when their value is 0.0.0 (aka they are reconciled by the management cluster app-operator). This is a use-case for App Bundles for example, because the App CRs they contain should be created in the MC so should be reconciled by the MC app-operator. - - - -### app-operator [6.0.1](https://github.com/giantswarm/app-operator/releases/tag/v6.0.1) - -#### Added -- Add support for Catalogs that define multiple repository mirrors to be used in case some of them are unreachable. -#### Changed -- Only run `PodMonitor` outside of bootstrap mode. - - - -### aws-cni [1.11.2-nftables](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.11.2-nftables) - -Upgraded from version 1.11.0. Please check [upstream changelog](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.11.2) for details. - - -### containerlinux [3139.2.3](https://www.flatcar-linux.org/releases/#release-3139.2.3) - -New **Stable** Release **3139.2.3** - -Changes since **Stable 3139.2.2** - -#### Security fixes: - -- Linux ([CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1972](https://nvd.nist.gov/vuln/detail/CVE-2022-1972), [CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981)) -- libpcre2 ([CVE-2022-1586](https://nvd.nist.gov/vuln/detail/CVE-2022-1586), [CVE-2022-1587](https://nvd.nist.gov/vuln/detail/CVE-2022-1587)) - -#### Updates: - -- Linux ([5.15.48](https://lwn.net/Articles/898124) (includes [5.15.47](https://lwn.net/Articles/897904), [5.15.46](https://lwn.net/Articles/897377), [5.15.45](https://lwn.net/Articles/897167), [5.15.44](https://lwn.net/Articles/896647))) -- ca-certificates ([3.79](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_79.html)) -- libpcre2 ([10.40](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS)) - - -### kubernetes [1.22.11](https://github.com/kubernetes/kubernetes/releases/tag/v1.22.11) - -#### Bug or Regression -- Bug Fix: Kube-proxy dropped endpointSlice's local endpoints when upgrading from 1.20 to 1.22 ([#110245](https://github.com/kubernetes/kubernetes/pull/110245), [@xh4n3](https://github.com/xh4n3)) [SIG Network] -- EndpointSlices marked for deletion are now ignored during reconciliation. ([#110482](https://github.com/kubernetes/kubernetes/pull/110482), [@aryan9600](https://github.com/aryan9600)) [SIG Apps and Network] -- Fixed a kubelet issue that could result in invalid pod status updates to be sent to the api-server where pods would be reported in a terminal phase but also report a ready condition of true in some cases. ([#110481](https://github.com/kubernetes/kubernetes/pull/110481), [@bobbypage](https://github.com/bobbypage)) [SIG Node and Testing] -- Pods will now post their readiness during termination. ([#110418](https://github.com/kubernetes/kubernetes/pull/110418), [@aojea](https://github.com/aojea)) [SIG Network, Node and Testing] - - -### calico [3.21.5](https://github.com/projectcalico/calico/releases/tag/v3.21.5) - -Not found - - -### external-dns [2.15.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.15.0) - -#### Changed -- Update test dependencies and py-helm-charts version to [0.7.0](https://github.com/giantswarm/pytest-helm-charts/blob/master/CHANGELOG.md) ([#173](https://github.com/giantswarm/external-dns-app/pull/173)) -- Ignore IRSA annotation for service account when using AWS `external` access. - - - -### chart-operator [2.24.1](https://github.com/giantswarm/chart-operator/releases/tag/v2.24.1) - -#### Changed -- Update `helmclient` to v4.10.1. - - - -### node-exporter [1.13.0](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.13.0) - -#### Changed -- Disable boot partition from the `filesystem` exporter. - - - -### vertical-pod-autoscaler [2.4.0](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v2.4.0) - -#### Changed -- Use patched docker image tagged `0.10.0-oomfix` for `recommender` and updater (see https://github.com/giantswarm/roadmap/issues/923). - - - -### metrics-server [1.7.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v1.7.0) - -#### Changed -- Set `kubelet-preferred-address-types` to `Hostname` on `AWS`. - - - -### cert-manager [2.15.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.15.0) - -#### Changed -- Upgrade to upstream image [`v1.7.3`](https://github.com/jetstack/cert-manager/releases/tag/v1.7.3) which increases some hard-coded timeouts for certain ACME issuers (ZeroSSL and Sectigo) ([#243](https://github.com/giantswarm/cert-manager-app/pull/243)) -- Update kubectl container version to `1.24.2` ([#243](https://github.com/giantswarm/cert-manager-app/pull/243)) - - - -### aws-ebs-csi-driver [2.14.0](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.14.0) - -#### Changed -- Remove `imagePullSecrets` from values.yaml -- Bump aws-ebs-csi-driver version to `v1.6.2`. - - - -### cluster-autoscaler [1.22.2-gs7](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.22.2-gs7) - -### Changed - -- Enable balance similar nodepools by default - -### Fixed - -- Ignore labels to consider nodepools similar groups - -### Added - -- Support to add extra arguments - - -### coredns [1.10.0](https://github.com/giantswarm/coredns-app/releases/tag/v1.10.0) - -#### Added -- Add `app.kubernetes.io/component` on deployments so that management-cluster-admission controller does not complain. - - - -### kube-state-metrics [1.11.0](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.11.0) - -#### Add -- Allow `application.giantswarm.io/team` label. - - - -### etcd-kubernetes-resources-count-exporter [0.5.0](https://github.com/giantswarm/etcd-kubernetes-resources-count-exporter/releases/tag/v0.5.0) - -Added new default app to expose count of kubernetes objects in the cluster. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.1.md deleted file mode 100644 index a5212d9e99..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.1.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.4.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.4.1 - version: 17.4.1 - version_tag: v17.4.1 -date: '2022-07-07T11:08:42' -description: Release notes for AWS workload cluster release v17.4.1, published on - 07 July 2022, 11:08. -title: Workload cluster release v17.4.1 for AWS ---- - -This is a patch release bringing improvements to app-operator and chart-operator such as pod and container security contexts for PSS and more. It also contains a change in cert-manager to automatically upgrade stored custom resources stored in deprecated apiversions. - -## Change details - - -### app-operator [6.1.0](https://github.com/giantswarm/app-operator/releases/tag/v6.1.0) - -#### Changed -- Use downward API to set deployment env var `KUBERNETES_SERVICE_HOST` to `status.hostIP`. -- Change `initialBootstrapMode` configuration value to `bootstrapMode`. -- Tighten pod and container security contexts for PSS restricted policies. -#### Added -- Allow to set api server pod port when enabling `initialBootstrapMode`. - - - -### chart-operator [2.25.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.25.0) - -#### Changed -- Tighten pod and container security contexts for PSS restricted policies. -- Use downward API to set deployment env var `KUBERNETES_SERVICE_HOST` to `status.hostIP`. -- Change `initialBootstrapMode` configuration value to `bootstrapMode`. -- Use private Helm client for installing app-operators from control-plane-test-catalog -#### Added -- Allow to set api server pod port when enabling `initialBootstrapMode`. - - - -### cert-manager [2.15.1](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.15.1) - -#### Fixed -- Automatically try to execute `cmctl upgrade migrate-api-version` in crd install job to upgrade stored apiversions ([#245](https://github.com/giantswarm/cert-manager-app/pull/245)) - - - -### vertical-pod-autoscaler [2.4.1](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v2.4.1) - -#### Fixed -- Correct selector in admission controller PDB diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.2.md deleted file mode 100644 index ead66e6a5b..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.2.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.4.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.4.2 - version: 17.4.2 - version_tag: v17.4.2 -date: '2022-07-28T07:19:36' -description: Release notes for AWS workload cluster release v17.4.2, published on - 28 July 2022, 07:19. -title: Workload cluster release v17.4.2 for AWS ---- - -This is a patch release bringing improvements to cert-manager, fixing an issue which can occur during upgrades to `v17.4.1`. Fresh installations of `v17.4.1` still work, existing workload clusters should be upgraded to this release. - -## Change details - -### cert-manager [2.15.2](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.15.2) - -#### Fixed - -- RBAC for `cmctl upgrade migrate-api-version` ([#249](https://github.com/giantswarm/cert-manager-app/pull/249)). diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.3.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.3.md deleted file mode 100644 index 67befa5904..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.3.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.4.3/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.4.3 - version: 17.4.3 - version_tag: v17.4.3 -date: '2022-07-28T13:37:47' -description: Release notes for AWS workload cluster release v17.4.3, published on - 28 July 2022, 13:37. -title: Workload cluster release v17.4.3 for AWS ---- - -This release brings improvements to the aws-ebs-csi-driver app. It is especially important for customers running AWS clusters in China due to image pull issues. - -## Change details - - -### aws-ebs-csi-driver [2.16.1](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.16.1) - -#### Fixed -- Changing controller `httpEndpoint` to `8610` because of overlapping ports. -- Use global.image.registry as registry domain for all images. -- Bump aws-ebs-csi-driver version to v1.8.0. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.4.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.4.md deleted file mode 100644 index c71fbee146..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v17.4.4.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v17.4.4/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v17.4.4 - version: 17.4.4 - version_tag: v17.4.4 -date: '2022-11-25T12:22:45' -description: Release notes for AWS workload cluster release v17.4.4, published on - 25 November 2022, 12:22. -title: Workload cluster release v17.4.4 for AWS ---- - -This is a patch release to add missing Elastic File System (EFS) IAM permissions. It also allows EFS CSI Driver to get the Instance Identity from the Instance Metadata Service (IMDS). - -## Change details - - -### aws-operator [11.16.1](https://github.com/giantswarm/aws-operator/releases/tag/v11.16.1) - -#### Fixed -- Added EFS policy to the ec2 instance role to allow to use the EFS driver out of the box - - - -### kiam [2.5.1](https://github.com/giantswarm/kiam-app/releases/tag/v2.5.1) - -#### Fixed -- Allow `whiteListRouteRegexp` to default to `/latest/*`. - - - -### cert-manager [2.15.3](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.15.3) - -#### Added -- Webhook: Add `PodDisruptionBudget` and pod anti-affinity. -- Startup API check: Add `NetworkPolicy`. -#### Changed -- Webhook: Increase replica count to 2. - - - -### external-dns [2.15.2](https://github.com/giantswarm/external-dns-app/releases/tag/v2.15.2) - -#### Changed -- Update init container image to v3.16.2([#182](https://github.com/giantswarm/external-dns-app/pull/182)) - -### etcd-kubernetes-resources-count-exporter [1.8.0](https://github.com/giantswarm/etcd-kubernetes-resources-count-exporter/releases/tag/v1.8.0) - -Bump to latest version to address security and performance issues. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.0-alpha1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.0-alpha1.md deleted file mode 100644 index 9f128deb81..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.0-alpha1.md +++ /dev/null @@ -1,797 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.0.0-alpha1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.0.0-alpha1 - version: 18.0.0-alpha1 - version_tag: v18.0.0-alpha1 -date: '2022-07-27T11:11:59' -description: Release notes for AWS workload cluster release v18.0.0-alpha1, published - on 27 July 2022, 11:11. -title: Workload cluster release v18.0.0-alpha1 for AWS ---- - -This release provides support for Kubernetes 1.23 and replaces the use of AWS CNI with Cilium. Release also upgrades most of running components which can be found further in release notes. - -> **_Warning:_** This is an **`alpha preview release`** intended only for testing Kubernetes v1.23 changes and replacement of AWS CNI with Cilium. Upgrading to or from this version is not supported. - -***Cilium highlights*** -- [Network Policy](https://docs.cilium.io/en/stable/concepts/kubernetes/policy/#networkpolicy-state) provided by Cilium does not cover support for setting [ipBlock with Pod IP](https://github.com/cilium/cilium/issues/9209). Components in need of this will have to use [CiliumNetworkPolicy](https://docs.cilium.io/en/stable/concepts/kubernetes/policy/#ciliumnetworkpolicy) which has wider scope. -- The AWS CNI pod subnets are no longer used by Cilium. Please add custom routes with the node subnet(s) CIDR(s) instead of the AWS CNI pod subnets CIDR before upgrading to this release. - - - ## Change details - -### kubernetes [1.23.9](https://github.com/kubernetes/kubernetes/releases/tag/v1.23.9) - -Upgraded from version 1.22. Please refer to the [official changelog](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md) for all details. - -#### What's New (Major Themes) - -##### Deprecation of FlexVolume - -FlexVolume is deprecated. Out-of-tree CSI driver is the recommended way to write volume drivers in Kubernetes. -See [this doc](https://github.com/kubernetes/community/blob/master/sig-storage/volume-plugin-faq.md#kubernetes-volume-plugin-faq-for-storage-vendors) for more information. -Maintainers of FlexVolume drivers should implement a CSI driver and move users of FlexVolume to CSI. -Users of FlexVolume should move their workloads to CSI driver. - -##### Deprecation of klog specific flags - -To simplify the code base, several [logging flags got marked as deprecated](https://kubernetes.io/docs/concepts/cluster-administration/system-logs/#klog) in Kubernetes 1.23. -The code which implements them will be removed in a future release, so users of those need to start replacing the deprecated flags with some alternative solutions. - -##### Software Supply Chain SLSA Level 1 Compliance in the Kubernetes Release Process - -Kubernetes releases are now generating provenance attestation files describing the staging and release phases of the release process and artifacts are verified as they are handed over from one phase to the next. -This final piece completes the work needed to comply with Level 1 of the [SLSA security framework](https://slsa.dev/) (Supply-chain Levels for Software Artifacts). - -##### IPv4/IPv6 Dual-stack Networking graduates to GA - -[IPv4/IPv6 dual-stack networking](https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/563-dual-stack) graduates to GA. -Since 1.21, Kubernetes clusters are enabled to support dual-stack networking by default. -In 1.23, the `IPv6DualStack` feature gate is removed. -The use of dual-stack networking is not mandatory. -Although clusters are enabled to support dual-stack networking, Pods and Services continue to default to single-stack. -To use dual-stack networking: Kubernetes nodes have routable IPv4/IPv6 network interfaces, a dual-stack capable CNI network plugin is used, Pods are configured to be dual-stack and Services have their `.spec.ipFamilyPolicy` field set to either `PreferDualStack` or `RequireDualStack`. - -##### HorizontalPodAutoscaler v2 graduates to GA - -Version 2 of the HorizontalPodAutoscaler API graduates to stable in the 1.23 release. The HorizontalPodAutoscaler `autoscaling/v2beta2` API is deprecated in favor of the new `autoscaling/v2` API, which the Kubernetes project recommends for all use cases. - -This release does *not* deprecate the v1 HorizontalPodAutoscaler API. - -##### Generic Ephemeral Volume feature graduates to GA - -The generic ephemeral volume feature moved to GA in 1.23. -This feature allows any existing storage driver that supports dynamic provisioning to be used as an ephemeral volume with the volume’s lifecycle bound to the Pod. -All StorageClass parameters for volume provisioning and all features supported with PersistentVolumeClaims are supported. - -##### Skip Volume Ownership change graduates to GA - -The feature to configure volume permission and ownership change policy for Pods moved to GA in 1.23. -This allows users to skip recursive permission changes on mount and speeds up the pod start up time. - -##### Allow CSI drivers to opt-in to volume ownership and permission change graduates to GA - -The feature to allow CSI Drivers to declare support for fsGroup based permissions graduates to GA in 1.23. - -##### PodSecurity graduates to Beta - -[PodSecurity](https://kubernetes.io/docs/concepts/security/pod-security-admission/) moves to Beta. -`PodSecurity` replaces the deprecated `PodSecurityPolicy` admission controller. -`PodSecurity` is an admission controller that enforces Pod Security Standards on Pods in a Namespace based on specific namespace labels that set the enforcement level. -In 1.23, the `PodSecurity` feature gate is enabled by default. - -##### Container Runtime Interface (CRI) v1 is default - -The Kubelet now supports the CRI `v1` API, which is now the project-wide default. -If a container runtime does not support the `v1` API, Kubernetes will fall back to the `v1alpha2` implementation. -There is no intermediate action required by end-users, because `v1` and `v1alpha2` do not differ in their implementation. -It is likely that `v1alpha2` will be removed in one of the future Kubernetes releases to be able to develop `v1`. - -##### Structured logging graduate to Beta - -Structured logging reached its Beta milestone. Most log messages from kubelet and kube-scheduler have been converted. Users are encouraged to try out JSON output or parsing of the structured text format and provide feedback on possible solutions for the open issues, such as handling of multi-line strings in log values. - -##### Simplified Multi-point plugin configuration for scheduler - -The kube-scheduler is adding a new, simplified config field for Plugins to allow multiple extension points to be enabled in one spot. -The new `multiPoint` plugin field is intended to simplify most scheduler setups for administrators. -Plugins that are enabled via `multiPoint` will automatically be registered for each individual extension point that they implement. -For example, a plugin that implements Score and Filter extensions can be simultaneously enabled for both. -This means entire plugins can be enabled and disabled without having to manually edit individual extension point settings. -These extension points can now be abstracted away due to their irrelevance for most users. - -##### CSI Migration updates - -CSI Migration enables the replacement of existing in-tree storage plugins such as `kubernetes.io/gce-pd` or `kubernetes.io/aws-ebs` with a corresponding CSI driver. -If CSI Migration is working properly, Kubernetes end users shouldn’t notice a difference. -After migration, Kubernetes users may continue to rely on all the functionality of in-tree storage plugins using the existing interface. -- CSI Migration feature is turned on by default but stays in Beta for GCE PD, AWS EBS, and Azure Disk in 1.23. -- CSI Migration is introduced as an Alpha feature for Ceph RBD and Portworx in 1.23. - -#### Urgent Upgrade Notes - -##### (No, really, you MUST read this before you upgrade) - -- Kubeadm: remove the deprecated flag `--experimental-patches` for the `init|join|upgrade` commands. The flag `--patches` is no longer allowed in a mixture with the flag `--config`. Please use the kubeadm configuration for setting patches for a node using `{Init|Join}Configuration.patches`. ([#104065](https://github.com/kubernetes/kubernetes/pull/104065), [@pacoxu](https://github.com/pacoxu)) - - Log messages in JSON format are written to stderr by default now (same as text format) instead of stdout. Users who expected JSON output on stdout must now capture stderr instead or in addition to stdout. ([#106146](https://github.com/kubernetes/kubernetes/pull/106146), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture, Cluster Lifecycle and Instrumentation] - - Support for the seccomp annotations `seccomp.security.alpha.kubernetes.io/pod` and `container.seccomp.security.alpha.kubernetes.io/[name]` has been deprecated since 1.19, will be dropped in 1.25. Transition to using the `seccompProfile` API field. ([#104389](https://github.com/kubernetes/kubernetes/pull/104389), [@saschagrunert](https://github.com/saschagrunert)) - - [kube-log-runner](https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/component-base/logs/kube-log-runner) is included in release tar balls. It can be used to replace the deprecated `--log-file` parameter. ([#106123](https://github.com/kubernetes/kubernetes/pull/106123), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture, Cloud Provider, Cluster Lifecycle and Instrumentation] - - Kubernetes is built using golang 1.17. This version of go removes the ability to use a `GODEBUG=x509ignoreCN=0` environment setting to re-enable deprecated legacy behavior of treating the CommonName of X.509 serving certificates as a host name. This behavior has been disabled by default since Kubernetes 1.19 / go 1.15. Serving certificates used by admission webhooks, custom resource conversion webhooks, and aggregated API servers must now include valid Subject Alternative Names. If you are running Kubernetes 1.22 with `GODEBUG=x509ignoreCN=0` set, check the `apiserver_kube_aggregator_x509_missing_san_total` and `apiserver_webhooks_x509_missing_san_total` metrics for non-zero values to see if the API server is connecting to webhooks or aggregated API servers using certificates that will be considered invalid in Kubernetes 1.23+. - -#### Known Issues - -##### Etcd v3.5.[0-2] data corruption - -Data corruption issue was found in etcd v3.5.0 release that was shipped with 1.22 Kubernetes release. Please read up-to-date [production recommendations for etcd](https://github.com/etcd-io/etcd/tree/main/CHANGELOG). - -##### Deprecation - -- A deprecation notice has been added when using the kube-proxy userspace proxier, which will be removed in v1.25. (#103860) ([#104631](https://github.com/kubernetes/kubernetes/pull/104631), [@perithompson](https://github.com/perithompson)) -- Added `apiserver_longrunning_requests` metric to replace the soon to be deprecated `apiserver_longrunning_gauge` metric. ([#103799](https://github.com/kubernetes/kubernetes/pull/103799), [@jyz0309](https://github.com/jyz0309)) -- Controller-manager: the following flags have no effect and would be removed in v1.24: - - `--port` - - `--address` - The insecure port flags `--port` may only be set to 0 now. -- Kube-scheduler: the `--port` and `--address` flags have no effect and would be removed in v1.24. - The insecure port flags `--port` may only be set to 0 now. - Also `metricsBindAddress` and `healthzBindAddress` fields from `kubescheduler.config.k8s.io/v1beta1` are no-op and expected to be empty. Removed in `kubescheduler.config.k8s.io/v1beta2` completely. ([#96345](https://github.com/kubernetes/kubernetes/pull/96345), [@ingvagabund](https://github.com/ingvagabund)) - In addition, please be careful that: - - kube-scheduler MUST start with `--authorization-kubeconfig` and `--authentication-kubeconfig` correctly set to get authentication/authorization working. - - liveness/readiness probes to kube-scheduler MUST use HTTPS now, and the default port has been changed to 10259. - - Applications that fetch metrics from kube-scheduler should use a dedicated service account which is allowed to access nonResourceURLs `/metrics`. ([#96345](https://github.com/kubernetes/kubernetes/pull/96345), [@ingvagabund](https://github.com/ingvagabund)) [SIG Cloud Provider, Scheduling and Testing] -- Feature-gate `VolumeSubpath` has been deprecated and cannot be disabled. It will be completely removed in 1.25 ([#105474](https://github.com/kubernetes/kubernetes/pull/105474), [@mauriciopoppe](https://github.com/mauriciopoppe)) -- Kubeadm: add a new `output/v1alpha2` API that is identical to the `output/v1alpha1`, but attempts to resolve some internal dependencies with the `kubeadm/v1beta2` API. The `output/v1alpha1` API is now deprecated and will be removed in a future release. ([#105295](https://github.com/kubernetes/kubernetes/pull/105295), [@neolit123](https://github.com/neolit123)) -- Kubeadm: add the kubeadm specific, Alpha (disabled by default) feature gate UnversionedKubeletConfigMap. When this feature is enabled kubeadm will start using a new naming format for the ConfigMap where it stores the KubeletConfiguration structure. The old format included the Kubernetes version - "kube-system/kubelet-config-1.22", while the new format does not - "kube-system/kubelet-config". A similar formatting change is done for the related RBAC rules. The old format is now DEPRECATED and will be removed after the feature graduates to GA. When writing the ConfigMap kubeadm (init, upgrade apply) will respect the value of UnversionedKubeletConfigMap, while when reading it (join, reset, upgrade), it would attempt to use new format first and fallback to the legacy format if needed. ([#105741](https://github.com/kubernetes/kubernetes/pull/105741), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Testing] -- Kubeadm: remove the deprecated / NO-OP phase `update-cluster-status` in `kubeadm reset` ([#105888](https://github.com/kubernetes/kubernetes/pull/105888), [@neolit123](https://github.com/neolit123)) -- Remove 'master' as a valid EgressSelection type in the EgressSelectorConfiguration API. ([#102242](https://github.com/kubernetes/kubernetes/pull/102242), [@pacoxu](https://github.com/pacoxu)) -- Removed `kubectl --dry-run` empty default value and boolean values. `kubectl --dry-run` usage must be specified with `--dry-run=(server|client|none)`. ([#105327](https://github.com/kubernetes/kubernetes/pull/105327), [@julianvmodesto](https://github.com/julianvmodesto)) -- Removed deprecated metric `scheduler_volume_scheduling_duration_seconds`. ([#104518](https://github.com/kubernetes/kubernetes/pull/104518), [@dntosas](https://github.com/dntosas)) -- The deprecated `--experimental-bootstrap-kubeconfig` flag has been removed. - This can be set via `--bootstrap-kubeconfig`. ([#103172](https://github.com/kubernetes/kubernetes/pull/103172), [@niulechuan](https://github.com/niulechuan)) - -#### API Change - -- A new field `omitManagedFields` has been added to both `audit.Policy` and `audit.PolicyRule` - so cluster operators can opt in to omit managed fields of the request and response bodies from - being written to the API audit log. ([#94986](https://github.com/kubernetes/kubernetes/pull/94986), [@tkashem](https://github.com/tkashem)) [SIG API Machinery, Auth, Cloud Provider and Testing] -- A small regression in Service updates was fixed. The circumstances are so unlikely that probably nobody would ever hit it. ([#104601](https://github.com/kubernetes/kubernetes/pull/104601), [@thockin](https://github.com/thockin)) -- Added a feature gate `StatefulSetAutoDeletePVC`, which allows PVCs automatically created for StatefulSet pods to be automatically deleted. ([#99728](https://github.com/kubernetes/kubernetes/pull/99728), [@mattcary](https://github.com/mattcary)) -- Client-go impersonation config can specify a UID to pass impersonated uid information through in requests. ([#104483](https://github.com/kubernetes/kubernetes/pull/104483), [@margocrawf](https://github.com/margocrawf)) -- Create HPA v2 from v2beta2 with some fields changed. ([#102534](https://github.com/kubernetes/kubernetes/pull/102534), [@wangyysde](https://github.com/wangyysde)) [SIG API Machinery, Apps, Auth, Autoscaling and Testing] -- Ephemeral containers graduated to beta and are now available by default. ([#105405](https://github.com/kubernetes/kubernetes/pull/105405), [@verb](https://github.com/verb)) -- Fix kube-proxy regression on UDP services because the logic to detect stale connections was not considering if the endpoint was ready. ([#106163](https://github.com/kubernetes/kubernetes/pull/106163), [@aojea](https://github.com/aojea)) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Contributor Experience, Instrumentation, Network, Node, Release, Scalability, Scheduling, Storage, Testing and Windows] -- If a conflict occurs when creating an object with `generateName`, the server now returns an "AlreadyExists" error with a retry option. ([#104699](https://github.com/kubernetes/kubernetes/pull/104699), [@vincepri](https://github.com/vincepri)) -- Implement support for recovering from volume expansion failures ([#106154](https://github.com/kubernetes/kubernetes/pull/106154), [@gnufied](https://github.com/gnufied)) [SIG API Machinery, Apps and Storage] -- In kubelet, log verbosity and flush frequency can also be configured via the configuration file and not just via command line flags. In other commands (kube-apiserver, kube-controller-manager), the flags are listed in the "Logs flags" group and not under "Global" or "Misc". The type for `-vmodule` was made a bit more descriptive (`pattern=N,...` instead of `moduleSpec`). ([#106090](https://github.com/kubernetes/kubernetes/pull/106090), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture, CLI, Cluster Lifecycle, Instrumentation, Node and Scheduling] -- Introduce `OS` field in the PodSpec ([#104693](https://github.com/kubernetes/kubernetes/pull/104693), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Introduce `v1beta3` API for scheduler. This version - - increases the weight of user specifiable priorities. - The weights of following priority plugins are increased - - `TaintTolerations` to 3 - as leveraging node tainting to group nodes in the cluster is becoming a widely-adopted practice - - `NodeAffinity` to 2 - - `InterPodAffinity` to 2 - - - Won't have `HealthzBindAddress`, `MetricsBindAddress` fields ([#104251](https://github.com/kubernetes/kubernetes/pull/104251), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Introduce v1beta2 for Priority and Fairness with no changes in API spec. ([#104399](https://github.com/kubernetes/kubernetes/pull/104399), [@tkashem](https://github.com/tkashem)) -- JSON log output is configurable and now supports writing info messages to stdout and error messages to stderr. Info messages can be buffered in memory. The default is to write both to stdout without buffering, as before. ([#104873](https://github.com/kubernetes/kubernetes/pull/104873), [@pohly](https://github.com/pohly)) -- JobTrackingWithFinalizers graduates to beta. Feature is enabled by default. ([#105687](https://github.com/kubernetes/kubernetes/pull/105687), [@alculquicondor](https://github.com/alculquicondor)) -- Kube-apiserver: Fixes handling of CRD schemas containing literal null values in enums. ([#104969](https://github.com/kubernetes/kubernetes/pull/104969), [@liggitt](https://github.com/liggitt)) -- Kube-apiserver: The `rbac.authorization.k8s.io/v1alpha1` API version is removed; use the `rbac.authorization.k8s.io/v1` API, available since v1.8. The `scheduling.k8s.io/v1alpha1` API version is removed; use the `scheduling.k8s.io/v1` API, available since v1.14. ([#104248](https://github.com/kubernetes/kubernetes/pull/104248), [@liggitt](https://github.com/liggitt)) -- Kube-scheduler: support for configuration file version `v1beta1` is removed. Update configuration files to v1beta2(xref: https://github.com/kubernetes/enhancements/issues/2901) or v1beta3 before upgrading to 1.23. ([#104782](https://github.com/kubernetes/kubernetes/pull/104782), [@kerthcet](https://github.com/kerthcet)) -- KubeSchedulerConfiguration provides a new field `MultiPoint` which will register a plugin for all valid extension points ([#105611](https://github.com/kubernetes/kubernetes/pull/105611), [@damemi](https://github.com/damemi)) [SIG Scheduling and Testing] -- Kubelet should reject pods whose OS doesn't match the node's OS label. ([#105292](https://github.com/kubernetes/kubernetes/pull/105292), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Apps and Node] -- Kubelet: turn the KubeletConfiguration v1beta1 `ResolverConfig` field from a `string` to `*string`. ([#104624](https://github.com/kubernetes/kubernetes/pull/104624), [@Haleygo](https://github.com/Haleygo)) -- Kubernetes is now built using go 1.17. ([#103692](https://github.com/kubernetes/kubernetes/pull/103692), [@justaugustus](https://github.com/justaugustus)) -- Performs strict server side schema validation requests via the `fieldValidation=[Strict,Warn,Ignore]`. ([#105916](https://github.com/kubernetes/kubernetes/pull/105916), [@kevindelgado](https://github.com/kevindelgado)) -- Promote `IPv6DualStack` feature to stable. - Controller Manager flags for the node IPAM controller have slightly changed: - 1. When configuring a dual-stack cluster, the user must specify both `--node-cidr-mask-size-ipv4` and `--node-cidr-mask-size-ipv6` to set the per-node IP mask sizes, instead of the previous `--node-cidr-mask-size` flag. - 2. The `--node-cidr-mask-size` flag is mutually exclusive with `--node-cidr-mask-size-ipv4` and `--node-cidr-mask-size-ipv6`. - 3. Single-stack clusters do not need to change, but may choose to use the more specific flags. Users can use either the older `--node-cidr-mask-size` flag or one of the newer `--node-cidr-mask-size-ipv4` or `--node-cidr-mask-size-ipv6` flags to configure the per-node IP mask size, provided that the flag's IP family matches the cluster's IP family (--cluster-cidr). ([#104691](https://github.com/kubernetes/kubernetes/pull/104691), [@khenidak](https://github.com/khenidak)) -- Remove `NodeLease` feature gate that was graduated and locked to stable in 1.17 release. ([#105222](https://github.com/kubernetes/kubernetes/pull/105222), [@cyclinder](https://github.com/cyclinder)) -- Removed deprecated `--seccomp-profile-root`/`seccompProfileRoot` config. ([#103941](https://github.com/kubernetes/kubernetes/pull/103941), [@saschagrunert](https://github.com/saschagrunert)) -- Since golang 1.17 both net.ParseIP and net.ParseCIDR rejects leading zeros in the dot-decimal notation of IPv4 addresses, - Kubernetes will keep allowing leading zeros on IPv4 address to not break the compatibility. - IMPORTANT: Kubernetes interprets leading zeros on IPv4 addresses as decimal, users must not rely on parser alignment to not being impacted by the associated security advisory: - CVE-2021-29923 golang standard library "net" - Improper Input Validation of octal literals in golang 1.16.2 and below standard library "net" results in indeterminate SSRF & RFI vulnerabilities. - Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-29923 ([#104368](https://github.com/kubernetes/kubernetes/pull/104368), [@aojea](https://github.com/aojea)) -- StatefulSet `minReadySeconds` is promoted to beta. ([#104045](https://github.com/kubernetes/kubernetes/pull/104045), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Support pod priority based node graceful shutdown. ([#102915](https://github.com/kubernetes/kubernetes/pull/102915), [@wzshiming](https://github.com/wzshiming)) -- The "Generic Ephemeral Volume" feature graduates to GA. It is now enabled unconditionally. ([#105609](https://github.com/kubernetes/kubernetes/pull/105609), [@pohly](https://github.com/pohly)) -- The Kubelet's `--register-with-taints` option is now available via the Kubelet config file field registerWithTaints ([#105437](https://github.com/kubernetes/kubernetes/pull/105437), [@cmssczy](https://github.com/cmssczy)) [SIG Node and Scalability] -- The `CSIDriver.Spec.StorageCapacity` can now be modified. ([#101789](https://github.com/kubernetes/kubernetes/pull/101789), [@pohly](https://github.com/pohly)) -- The `CSIVolumeFSGroupPolicy` feature has moved from beta to GA. ([#105940](https://github.com/kubernetes/kubernetes/pull/105940), [@dobsonj](https://github.com/dobsonj)) -- The `IngressClass.Spec.Parameters.Namespace` field is now GA. ([#104636](https://github.com/kubernetes/kubernetes/pull/104636), [@hbagdi](https://github.com/hbagdi)) -- The `Service.spec.ipFamilyPolicy` field is now *required* in order to create or update a Service as dual-stack. This is a breaking change from the beta behavior. Previously the server would try to infer the value of that field from either `ipFamilies` or `clusterIPs`, but that caused ambiguity on updates. Users who want a dual-stack Service MUST specify `ipFamilyPolicy` as either "PreferDualStack" or "RequireDualStack". ([#96684](https://github.com/kubernetes/kubernetes/pull/96684), [@thockin](https://github.com/thockin)) -- The `TTLAfterFinished` feature gate is now GA and enabled by default. ([#105219](https://github.com/kubernetes/kubernetes/pull/105219), [@sahilvv](https://github.com/sahilvv)) -- The `kube-controller-manager` supports `--concurrent-ephemeralvolume-syncs` flag to set the number of ephemeral volume controller workers. ([#102981](https://github.com/kubernetes/kubernetes/pull/102981), [@SataQiu](https://github.com/SataQiu)) -- The legacy scheduler policy config is removed in v1.23, the associated flags `policy-config-file`, `policy-configmap`, `policy-configmap-namespace` and `use-legacy-policy-config` are also removed. Migrate to Component Config instead, see https://kubernetes.io/docs/reference/scheduling/config/ for details. ([#105424](https://github.com/kubernetes/kubernetes/pull/105424), [@kerthcet](https://github.com/kerthcet)) -- Track the number of Pods with a Ready condition in Job status. The feature is alpha and needs the feature gate JobReadyPods to be enabled. ([#104915](https://github.com/kubernetes/kubernetes/pull/104915), [@alculquicondor](https://github.com/alculquicondor)) -- Users of `LogFormatRegistry` in component-base must update their code to use the logr v1.0.0 API. The JSON log output now uses the format from go-logr/zapr (no `v` field for error messages, additional information for invalid calls) and has some fixes (correct source code location for warnings about invalid log calls). ([#104103](https://github.com/kubernetes/kubernetes/pull/104103), [@pohly](https://github.com/pohly)) -- Validation rules for Custom Resource Definitions can be written in the [CEL expression language](https://github.com/google/cel-spec) using the `x-kubernetes-validations` extension in OpenAPIv3 schemas (alpha). This is gated by the alpha "CustomResourceValidationExpressions" feature gate. ([#106051](https://github.com/kubernetes/kubernetes/pull/106051), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Storage and Testing] -- Fix OpenAPI serialization of the x-kubernetes-validations field ([#108030](https://github.com/kubernetes/kubernetes/pull/108030), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Fixes a regression in v1beta1 PodDisruptionBudget handling of "strategic merge patch"-type API requests for the `selector` field. Prior to 1.21, these requests would merge `matchLabels` content and replace `matchExpressions` content. In 1.21, patch requests touching the `selector` field started replacing the entire selector. This is consistent with server-side apply and the v1 PodDisruptionBudget behavior, but should not have been changed for v1beta1. ([#108139](https://github.com/kubernetes/kubernetes/pull/108139), [@liggitt](https://github.com/liggitt)) [SIG Auth and Testing] -- Omits alpha-level enums from the static openapi file captured in api/openapi-spec ([#109179](https://github.com/kubernetes/kubernetes/pull/109179), [@liggitt](https://github.com/liggitt)) [SIG Apps and Auth] -- Sets JobTrackingWithFinalizers, beta feature, as disabled by default, due to unresolved bug https://github.com/kubernetes/kubernetes/issues/109485 ([#109491](https://github.com/kubernetes/kubernetes/pull/109491), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps, Auth, CLI, Network, Node, Scheduling, Storage and Testing] - -#### Feature - -- (beta feature) If the CSI driver supports the NodeServiceCapability `VOLUME_MOUNT_GROUP` and the `DelegateFSGroupToCSIDriver` feature gate is enabled, kubelet will delegate applying FSGroup to the driver by passing it to NodeStageVolume and NodePublishVolume, regardless of what other FSGroup policies are set. ([#106330](https://github.com/kubernetes/kubernetes/pull/106330), [@verult](https://github.com/verult)) [SIG Storage] -- Add a new `distribute-cpus-across-numa` option to the static `CPUManager` policy. When enabled, this will trigger the `CPUManager` to evenly distribute CPUs across NUMA nodes in cases where more than one NUMA node is required to satisfy the allocation. ([#105631](https://github.com/kubernetes/kubernetes/pull/105631), [@klueska](https://github.com/klueska)) -- Add fish shell completion to kubectl. ([#92989](https://github.com/kubernetes/kubernetes/pull/92989), [@WLun001](https://github.com/WLun001)) -- Add mechanism to load simple sniffer class into fluentd-elasticsearch image ([#92853](https://github.com/kubernetes/kubernetes/pull/92853), [@cosmo0920](https://github.com/cosmo0920)) -- Add support for Portworx plugin to csi-translation-lib. Alpha release - - Portworx CSI driver is required to enable migration. - This PR adds support of the `CSIMigrationPortworx` feature gate, which can be enabled by: - - 1. Adding the feature flag to the kube-controller-manager `--feature-gates=CSIMigrationPortworx=true` - 2. Adding the feature flag to the kubelet config: - - featureGates: - CSIMigrationPortworx: true ([#103447](https://github.com/kubernetes/kubernetes/pull/103447), [@trierra](https://github.com/trierra)) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scalability, Scheduling, Storage, Testing and Windows] -- Add support to generate client-side binaries for windows/arm64 platform ([#104894](https://github.com/kubernetes/kubernetes/pull/104894), [@pacoxu](https://github.com/pacoxu)) -- Added PowerShell completion generation by running `kubectl completion powershell`. ([#103758](https://github.com/kubernetes/kubernetes/pull/103758), [@zikhan](https://github.com/zikhan)) -- Added a `Processing` condition for the `workqueue` API. - Changed `Shutdown` for the `workqueue` API to wait until the work queue finishes processing all in-flight items. ([#101928](https://github.com/kubernetes/kubernetes/pull/101928), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) -- Added a new feature gate `CustomResourceValidationExpressions` to enable expression validation for Custom Resource. ([#105107](https://github.com/kubernetes/kubernetes/pull/105107), [@cici37](https://github.com/cici37)) -- Added a new flag `--append-server-path` to `kubectl proxy` that will automatically append the kube context server path to each request. ([#97350](https://github.com/kubernetes/kubernetes/pull/97350), [@FabianKramm](https://github.com/FabianKramm)) -- Added ability for `kubectl wait` to wait on arbitary JSON path ([#105776](https://github.com/kubernetes/kubernetes/pull/105776), [@lauchokyip](https://github.com/lauchokyip)) -- Added support for `PodAndContainerStatsFromCRI` feature gate, which allows a user to specify their pod stats must also come from the CRI, not `cAdvisor`. ([#103095](https://github.com/kubernetes/kubernetes/pull/103095), [@haircommander](https://github.com/haircommander)) -- Added support for setting controller-manager log level online. ([#104571](https://github.com/kubernetes/kubernetes/pull/104571), [@h4ghhh](https://github.com/h4ghhh)) -- Added the ability to specify whether to use an RFC7396 JSON Merge Patch, an RFC6902 JSON Patch, or a Strategic Merge Patch to perform an override of the resources created by `kubectl run` and `kubectl expose`. ([#105140](https://github.com/kubernetes/kubernetes/pull/105140), [@brianpursley](https://github.com/brianpursley)) -- Adding option for `kubectl cp` to resume on network errors until completion, requires tar in addition to tail inside the container image ([#104792](https://github.com/kubernetes/kubernetes/pull/104792), [@matthyx](https://github.com/matthyx)) -- Adding support for multiple `--from-env-file flags`. ([#104232](https://github.com/kubernetes/kubernetes/pull/104232), [@lauchokyip](https://github.com/lauchokyip)) -- Adding support for multiple `--from-env-file` flags. ([#101646](https://github.com/kubernetes/kubernetes/pull/101646), [@lauchokyip](https://github.com/lauchokyip)) -- Adds `--as-uid` flag to `kubectl` to allow uid impersonation in the same way as user and group impersonation. ([#105794](https://github.com/kubernetes/kubernetes/pull/105794), [@margocrawf](https://github.com/margocrawf)) -- Adds new [alpha] command 'kubectl events' ([#99557](https://github.com/kubernetes/kubernetes/pull/99557), [@bboreham](https://github.com/bboreham)) -- Allow node expansion of local volumes. ([#102886](https://github.com/kubernetes/kubernetes/pull/102886), [@gnufied](https://github.com/gnufied)) -- Allow to build kubernetes with a custom `kube-cross` image. ([#104185](https://github.com/kubernetes/kubernetes/pull/104185), [@dims](https://github.com/dims)) -- Allows users to prevent garbage collection on pinned images ([#103299](https://github.com/kubernetes/kubernetes/pull/103299), [@wgahnagl](https://github.com/wgahnagl)) [SIG Node] -- CRI v1 is now the project default. If a container runtime does not support the v1 API, Kubernetes will fall back to the v1alpha2 implementation. ([#106501](https://github.com/kubernetes/kubernetes/pull/106501), [@ehashman](https://github.com/ehashman)) -- Changed feature `CSIMigrationAWS` to on by default. This feature requires the AWS EBS CSI driver to be installed. ([#106098](https://github.com/kubernetes/kubernetes/pull/106098), [@wongma7](https://github.com/wongma7)) -- Client-go: pass `DeleteOptions` down to the fake client `Reactor` ([#102945](https://github.com/kubernetes/kubernetes/pull/102945), [@chenchun](https://github.com/chenchun)) -- Cloud providers can set service account names for cloud controllers. ([#103178](https://github.com/kubernetes/kubernetes/pull/103178), [@nckturner](https://github.com/nckturner)) -- Display Labels when kubectl describe ingress. ([#103894](https://github.com/kubernetes/kubernetes/pull/103894), [@kabab](https://github.com/kabab)) -- Enhance scheduler `VolumeBinding` plugin to handle Lost PVC as `UnschedulableAndUnresolvable` ([#105245](https://github.com/kubernetes/kubernetes/pull/105245), [@yibozhuang](https://github.com/yibozhuang)) -- Ensures that volume is deleted from the storage backend when the user tries to delete the PV object manually and the PV `ReclaimPolicy` is set to `Delete`. ([#105773](https://github.com/kubernetes/kubernetes/pull/105773), [@deepakkinni](https://github.com/deepakkinni)) -- Expose a `NewUnstructuredExtractor` from apply configurations `meta/v1` package that enables extracting objects into unstructured apply configurations. ([#103564](https://github.com/kubernetes/kubernetes/pull/103564), [@kevindelgado](https://github.com/kevindelgado)) -- Feature gate `StorageObjectInUseProtection` has been deprecated and cannot be disabled. It will be completely removed in 1.25 ([#105495](https://github.com/kubernetes/kubernetes/pull/105495), [@ikeeip](https://github.com/ikeeip)) -- Graduating `controller_admission_duration_seconds`, `step_admission_duration_seconds`, `webhook_admission_duration_seconds`, `apiserver_current_inflight_requests` and `apiserver_response_sizes` metrics to stable. ([#106122](https://github.com/kubernetes/kubernetes/pull/106122), [@rezakrimi](https://github.com/rezakrimi)) [SIG API Machinery, Instrumentation and Testing] -- Graduating `pending_pods`, `preemption_attempts_total`, `preemption_victims` and `schedule_attempts_total` metrics to stable. Also `e2e_scheduling_duration_seconds` is renamed to `scheduling_attempt_duration_seconds` and the latter is graduated to stable. ([#105941](https://github.com/kubernetes/kubernetes/pull/105941), [@rezakrimi](https://github.com/rezakrimi)) [SIG Instrumentation, Scheduling and Testing] -- Health check of kube-controller-manager now includes each controller. ([#104667](https://github.com/kubernetes/kubernetes/pull/104667), [@jiahuif](https://github.com/jiahuif)) -- Integration testing now takes periodic Prometheus scrapes from the etcd server. - There is a new script ,`hack/run-prometheus-on-etcd-scrapes.sh`, that runs a containerized Prometheus server against an archive of such scrapes. ([#106190](https://github.com/kubernetes/kubernetes/pull/106190), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery and Testing] -- Introduce a feature gate `DisableKubeletCloudCredentialProviders` which allows disabling the in-tree kubelet credential providers. - - The feature gate `DisableKubeletCloudCredentialProviders` is currently in Alpha, which means is currently disabled by default. Once this feature gate moves to beta, in-tree credential providers will be disabled by default, and users will need to migrate to use external credential providers. ([#102507](https://github.com/kubernetes/kubernetes/pull/102507), [@ostrain](https://github.com/ostrain)) -- Introduces a new metric: `admission_webhook_request_total` with the following labels: name (string) - the webhook name, type (string) - the admission type, operation (string) - the requested verb, code (int) - the HTTP status code, rejected (bool) - whether the request was rejected, namespace (string) - the namespace of the requested resource. ([#103162](https://github.com/kubernetes/kubernetes/pull/103162), [@rmoriar1](https://github.com/rmoriar1)) -- Kubeadm: add support for dry running `kubeadm join`. The new flag `kubeadm join --dry-run` is similar to the existing flag for `kubeadm init/upgrade` and allows you to see what changes would be applied. ([#103027](https://github.com/kubernetes/kubernetes/pull/103027), [@Haleygo](https://github.com/Haleygo)) -- Kubeadm: do not check if the `/etc/kubernetes/manifests` folder is empty on joining worker nodes during preflight ([#104942](https://github.com/kubernetes/kubernetes/pull/104942), [@SataQiu](https://github.com/SataQiu)) -- Kubectl will now provide shell completion choices for the `--output/-o` flag ([#105851](https://github.com/kubernetes/kubernetes/pull/105851), [@marckhouzam](https://github.com/marckhouzam)) -- Kubelet should reconcile `kubernetes.io/os` and `kubernetes.io/arch` labels on the node object. The side-effect of this is kubelet would deny admission to pod which has nodeSelector with label `kubernetes.io/os` or `kubernetes.io/arch` which doesn't match the underlying OS or arch on the host OS. - - The label reconciliation happens as part of periodic status update which can be configured via flag `--node-status-update-frequency` ([#104613](https://github.com/kubernetes/kubernetes/pull/104613), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Node, Testing and Windows] -- Kubernetes is now built with Golang 1.16.7. ([#104199](https://github.com/kubernetes/kubernetes/pull/104199), [@cpanato](https://github.com/cpanato)) -- Kubernetes is now built with Golang 1.17.1. ([#104904](https://github.com/kubernetes/kubernetes/pull/104904), [@cpanato](https://github.com/cpanato)) -- Kubernetes is now built with Golang 1.17.2 ([#105563](https://github.com/kubernetes/kubernetes/pull/105563), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Kubernetes is now built with Golang 1.17.3 ([#106209](https://github.com/kubernetes/kubernetes/pull/106209), [@cpanato](https://github.com/cpanato)) [SIG API Machinery, Cloud Provider, Instrumentation, Release and Testing] -- Move `ConfigurableFSGroupPolicy` to GA and rename metric `volume_fsgroup_recursive_apply` to `volume_apply_access_control` ([#105885](https://github.com/kubernetes/kubernetes/pull/105885), [@gnufied](https://github.com/gnufied)) -- Move the `GetAllocatableResources` Endpoint in PodResource API to the beta that will make it enabled by default. ([#105003](https://github.com/kubernetes/kubernetes/pull/105003), [@swatisehgal](https://github.com/swatisehgal)) -- Moving `WindowsHostProcessContainers` feature to beta ([#106058](https://github.com/kubernetes/kubernetes/pull/106058), [@marosset](https://github.com/marosset)) -- Node affinity, Node selectors, and tolerations are now mutable for Jobs that are suspended and have never been started ([#105479](https://github.com/kubernetes/kubernetes/pull/105479), [@ahg-g](https://github.com/ahg-g)) -- Pod template annotations and labels are now mutable for Jobs that are suspended and have never been started ([#105980](https://github.com/kubernetes/kubernetes/pull/105980), [@ahg-g](https://github.com/ahg-g)) -- PodSecurity: in 1.23+ restricted policy levels, Pods and containers which set `runAsUser=0` are forbidden at admission-time; previously, they would be rejected at runtime ([#105857](https://github.com/kubernetes/kubernetes/pull/105857), [@liggitt](https://github.com/liggitt)) -- Shell completion now knows to continue suggesting resource names when the command supports it. For example `kubectl get pod pod1 ` will suggest more Pod names. ([#105711](https://github.com/kubernetes/kubernetes/pull/105711), [@marckhouzam](https://github.com/marckhouzam)) -- Support to enable Hyper-V in GCE Windows Nodes created with `kube-up` ([#105999](https://github.com/kubernetes/kubernetes/pull/105999), [@mauriciopoppe](https://github.com/mauriciopoppe)) -- The CPUManager policy options are now enabled, and we introduce a graduation path for the new CPU Manager policy options. ([#105012](https://github.com/kubernetes/kubernetes/pull/105012), [@fromanirh](https://github.com/fromanirh)) -- The Pods and Pod controllers that are exempted from the PodSecurity admission process are now marked with the `pod-security.kubernetes.io/exempt: user/namespace/runtimeClass` annotation, based on what caused the exemption. - - The enforcement level that allowed or denied a Pod during PodSecurity admission is now marked by the `pod-security.kubernetes.io/enforce-policy` annotation. - - The annotation that informs about audit policy violations changed from `pod-security.kubernetes.io/audit` to `pod-security.kubernetes.io/audit-violation`. ([#105908](https://github.com/kubernetes/kubernetes/pull/105908), [@stlaz](https://github.com/stlaz)) -- The `/openapi/v3` endpoint will be populated with OpenAPI v3 if the feature flag is enabled ([#105945](https://github.com/kubernetes/kubernetes/pull/105945), [@Jefftree](https://github.com/Jefftree)) -- The `CSIMigrationGCE` feature flag is turned `ON` by default ([#104722](https://github.com/kubernetes/kubernetes/pull/104722), [@leiyiz](https://github.com/leiyiz)) -- The `DownwardAPIHugePages` feature is now enabled by default. ([#106271](https://github.com/kubernetes/kubernetes/pull/106271), [@mysunshine92](https://github.com/mysunshine92)) -- The `PodSecurity `admission plugin has graduated to `beta` and is enabled by default. The admission configuration version has been promoted to `pod-security.admission.config.k8s.io/v1beta1`. See https://kubernetes.io/docs/concepts/security/pod-security-admission/ for usage guidelines. ([#106089](https://github.com/kubernetes/kubernetes/pull/106089), [@liggitt](https://github.com/liggitt)) -- The `ServiceAccountIssuerDiscovery` feature gate is removed. It reached GA in Kubernetes 1.21. ([#103685](https://github.com/kubernetes/kubernetes/pull/103685), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- The `constants/variables` from k8s.io for STABLE metrics is now supported. ([#103654](https://github.com/kubernetes/kubernetes/pull/103654), [@coffeepac](https://github.com/coffeepac)) -- The `kubectl describe namespace` now shows Conditions ([#106219](https://github.com/kubernetes/kubernetes/pull/106219), [@dlipovetsky](https://github.com/dlipovetsky)) -- The etcd container image now supports Windows. ([#92433](https://github.com/kubernetes/kubernetes/pull/92433), [@claudiubelu](https://github.com/claudiubelu)) -- The kube-apiserver's Prometheus metrics have been extended with some that describe the costs of handling LIST requests. They are as follows. - - *apiserver_cache_list_total*: Counter of LIST requests served from watch cache, broken down by resource_prefix and index_name - - *apiserver_cache_list_fetched_objects_total*: Counter of objects read from watch cache in the course of serving a LIST request, broken down by resource_prefix and index_name - - *apiserver_cache_list_evaluated_objects_total*: Counter of objects tested in the course of serving a LIST request from watch cache, broken down by resource_prefix - - *apiserver_cache_list_returned_objects_total*: Counter of objects returned for a LIST request from watch cache, broken down by resource_prefix - - *apiserver_storage_list_total*: Counter of LIST requests served from etcd, broken down by resource - - *apiserver_storage_list_fetched_objects_total*: Counter of objects read from etcd in the course of serving a LIST request, broken down by resource - - *apiserver_storage_list_evaluated_objects_total*: Counter of objects tested in the course of serving a LIST request from etcd, broken down by resource - - *apiserver_storage_list_returned_objects_total*: Counter of objects returned for a LIST request from etcd, broken down by resource ([#104983](https://github.com/kubernetes/kubernetes/pull/104983), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) -- The pause image list now contains Windows Server 2022. ([#104438](https://github.com/kubernetes/kubernetes/pull/104438), [@nick5616](https://github.com/nick5616)) -- The script `kube-up.sh` installs `csi-proxy v1.0.1-gke.0`. ([#104426](https://github.com/kubernetes/kubernetes/pull/104426), [@mauriciopoppe](https://github.com/mauriciopoppe)) -- This PR adds the following metrics for API Priority and Fairness. - - **apiserver_flowcontrol_priority_level_seat_count_samples**: histograms of seats occupied by executing requests (both regular and final-delay phases included), broken down by priority_level; the observations are taken once per millisecond. - - **apiserver_flowcontrol_priority_level_seat_count_watermarks**: histograms of high and low watermarks of number of seats occupied by executing requests (both regular and final-delay phases included), broken down by priority_level. - - **apiserver_flowcontrol_watch_count_samples**: histograms of number of watches relevant to a given mutating request, broken down by that request's priority_level and flow_schema. ([#105873](https://github.com/kubernetes/kubernetes/pull/105873), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery, Instrumentation and Testing] -- Topology Aware Hints have graduated to beta. ([#106433](https://github.com/kubernetes/kubernetes/pull/106433), [@robscott](https://github.com/robscott)) [SIG Network] -- Turn on CSIMigrationAzureDisk by default on 1.23 ([#104670](https://github.com/kubernetes/kubernetes/pull/104670), [@andyzhangx](https://github.com/andyzhangx)) -- Update the system-validators library to v1.6.0 ([#106323](https://github.com/kubernetes/kubernetes/pull/106323), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Node] -- Updated Cluster Autosaler to version `1.22.0`. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.22.0. ([#104293](https://github.com/kubernetes/kubernetes/pull/104293), [@x13n](https://github.com/x13n)) -- Updates `debian-iptables` to v1.6.7 to pick up CVE fixes. ([#104970](https://github.com/kubernetes/kubernetes/pull/104970), [@PushkarJ](https://github.com/PushkarJ)) -- Updates the following images to pick up CVE fixes: - - `debian` to v1.9.0 - - `debian-iptables` to v1.6.6 - - `setcap` to v2.0.4 ([#104142](https://github.com/kubernetes/kubernetes/pull/104142), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Upgrade etcd to 3.5.1 ([#105706](https://github.com/kubernetes/kubernetes/pull/105706), [@uthark](https://github.com/uthark)) [SIG Cloud Provider, Cluster Lifecycle and Testing] -- When feature gate `JobTrackingWithFinalizers` is enabled: - - Limit the number of Pods tracked in a single Job sync to avoid starvation of small Jobs. - - The metric `job_pod_finished_total` counts the number of finished Pods tracked by the Job controller. ([#105197](https://github.com/kubernetes/kubernetes/pull/105197), [@alculquicondor](https://github.com/alculquicondor)) -- When using `RequestedToCapacityRatio` ScoringStrategy, empty shape will cause error. ([#106169](https://github.com/kubernetes/kubernetes/pull/106169), [@kerthcet](https://github.com/kerthcet)) [SIG Scheduling] -- `client-go` event library allows customizing spam filtering function. - It is now possible to override `SpamKeyFunc`, which is used by event filtering to detect spam in the events. ([#103918](https://github.com/kubernetes/kubernetes/pull/103918), [@olagacek](https://github.com/olagacek)) -- `client-go`, using log level 9, traces the following events of a HTTP request: - - DNS lookup - - TCP dialing - - TLS handshake - - Time to get a connection from the pool - - Time to process a request ([#105156](https://github.com/kubernetes/kubernetes/pull/105156), [@aojea](https://github.com/aojea)) -- Allow KUBE_TEST_REPO_LIST to be a remote url ([#109512](https://github.com/kubernetes/kubernetes/pull/109512), [@eddiezane](https://github.com/eddiezane)) [SIG Cloud Provider and Testing] -- Kubernetes is now built with Golang 1.17.11 ([#110423](https://github.com/kubernetes/kubernetes/pull/110423), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Kube-apiserver: when merging lists, Server Side Apply now prefers the order of the submitted request instead of the existing persisted object ([#107567](https://github.com/kubernetes/kubernetes/pull/107567), [@jiahuif](https://github.com/jiahuif)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing] - -#### Documentation - -- Graduating `pod_scheduling_duration_seconds`, `pod_scheduling_attempts`, `framework_extension_point_duration_seconds`, `plugin_execution_duration_seconds` and `queue_incoming_pods_total` metrics to stable. ([#106266](https://github.com/kubernetes/kubernetes/pull/106266), [@ahg-g](https://github.com/ahg-g)) [SIG Instrumentation, Scheduling and Testing] -- The test "[sig-network] EndpointSlice should have Endpoints and EndpointSlices pointing to API Server [Conformance]" only requires that there is an EndpointSlice that references the "kubernetes.default" service, it no longer requires that its named "kubernetes". ([#104664](https://github.com/kubernetes/kubernetes/pull/104664), [@aojea](https://github.com/aojea)) -- Update description of `--audit-log-maxbackup` to describe behavior when `value = 0`. ([#103843](https://github.com/kubernetes/kubernetes/pull/103843), [@Arkessler](https://github.com/Arkessler)) -- Users should not rely on unsupported CRON_TZ variable when specifying schedule, both the API server and cronjob controller will emit warnings pointing to https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/ containing explanation ([#106455](https://github.com/kubernetes/kubernetes/pull/106455), [@soltysh](https://github.com/soltysh)) [SIG Apps] - -#### Failing Test - -- Fixes hostPath storage E2E tests within SELinux enabled env ([#104551](https://github.com/kubernetes/kubernetes/pull/104551), [@Elbehery](https://github.com/Elbehery)) -- Allow KUBE_TEST_REPO_LIST to be a remote url ([#109512](https://github.com/kubernetes/kubernetes/pull/109512), [@eddiezane](https://github.com/eddiezane)) [SIG Cloud Provider and Testing] - -#### Bug or Regression - -- (PodSecurity admission) errors validating workload resources (deployment, replicaset, etc.) no longer block admission. ([#106017](https://github.com/kubernetes/kubernetes/pull/106017), [@tallclair](https://github.com/tallclair)) [SIG Auth] -- A pod that the Kubelet rejects was still considered as being accepted for a brief period of time after rejection, which might cause some pods to be rejected briefly that could fit on the node. A pod that is still terminating (but has status indicating it has failed) may also still be consuming resources and so should also be considered. ([#104817](https://github.com/kubernetes/kubernetes/pull/104817), [@smarterclayton](https://github.com/smarterclayton)) -- Add Kubernetes Events to the `Kubelet Graceful Shutdown` feature. ([#101081](https://github.com/kubernetes/kubernetes/pull/101081), [@rphillips](https://github.com/rphillips)) -- Add Pod Security admission metrics: `pod_security_evaluations_total`, `pod_security_exemptions_total`, `pod_security_errors_total` ([#105898](https://github.com/kubernetes/kubernetes/pull/105898), [@tallclair](https://github.com/tallclair)) -- Add support for Windows Network stats in Containerd ([#105744](https://github.com/kubernetes/kubernetes/pull/105744), [@jsturtevant](https://github.com/jsturtevant)) [SIG Node, Testing and Windows] -- Added show-capacity option to `kubectl top node` to show `Capacity` resource usage ([#102917](https://github.com/kubernetes/kubernetes/pull/102917), [@bysnupy](https://github.com/bysnupy)) [SIG CLI] -- Apimachinery: Pretty printed JSON and YAML output is now indented consistently. ([#105466](https://github.com/kubernetes/kubernetes/pull/105466), [@liggitt](https://github.com/liggitt)) -- Be able to create a Pod with Generic Ephemeral Volumes as raw block devices. ([#105682](https://github.com/kubernetes/kubernetes/pull/105682), [@pohly](https://github.com/pohly)) -- CA, certificate and key bundles for the `generic-apiserver` based servers will be reloaded immediately after the files are changed. ([#104102](https://github.com/kubernetes/kubernetes/pull/104102), [@tnqn](https://github.com/tnqn)) -- Change `kubectl diff --invalid-arg` status code from 1 to 2 to match docs ([#105445](https://github.com/kubernetes/kubernetes/pull/105445), [@ardaguclu](https://github.com/ardaguclu)) -- Changed kubectl describe to compute age of an event using the `EventSeries.count` and `EventSeries.lastObservedTime`. ([#104482](https://github.com/kubernetes/kubernetes/pull/104482), [@harjas27](https://github.com/harjas27)) -- Changes behaviour of kube-proxy start; does not attempt to set specific `sysctl` values (which does not work in recent Kernel versions anymore in non-init namespaces), when the current sysctl values are already set higher. ([#103174](https://github.com/kubernetes/kubernetes/pull/103174), [@Napsty](https://github.com/Napsty)) -- Client-go uses the same HTTP client for all the generated groups and versions, allowing to share customized transports for multiple groups versions. ([#105490](https://github.com/kubernetes/kubernetes/pull/105490), [@aojea](https://github.com/aojea)) -- Disable aufs module for gce clusters. ([#103831](https://github.com/kubernetes/kubernetes/pull/103831), [@lizhuqi](https://github.com/lizhuqi)) -- Do not unmount and mount subpath bind mounts during container creation unless bind mount changes ([#105512](https://github.com/kubernetes/kubernetes/pull/105512), [@gnufied](https://github.com/gnufied)) [SIG Storage] -- Don't prematurely close reflectors in case of slow initialization in watch based manager to fix issues with inability to properly mount secrets/configmaps. ([#104604](https://github.com/kubernetes/kubernetes/pull/104604), [@wojtek-t](https://github.com/wojtek-t)) -- Don't use a custom dialer for the kubelet if is not rotating certificates, so we can reuse TCP connections and have only one between the apiserver and the kubelet. If users experiment problems with stale connections using HTTP1.1, they can force the previous behavior of the kubelet by setting the environment variable DISABLE_HTTP2. ([#104844](https://github.com/kubernetes/kubernetes/pull/104844), [@aojea](https://github.com/aojea)) [SIG API Machinery, Auth and Node] -- EndpointSlice Mirroring controller now cleans up managed EndpointSlices when a Service selector is added ([#105997](https://github.com/kubernetes/kubernetes/pull/105997), [@robscott](https://github.com/robscott)) [SIG Apps, Network and Testing] -- Enhanced event messages for pod failed for exec probe timeout ([#106201](https://github.com/kubernetes/kubernetes/pull/106201), [@yxxhero](https://github.com/yxxhero)) [SIG Node] -- Ensure Pods are removed from the scheduler cache when the scheduler misses deletion events due to transient errors ([#106102](https://github.com/kubernetes/kubernetes/pull/106102), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling] -- Ensure `InstanceShutdownByProviderID` return false for creating Azure VMs. ([#104382](https://github.com/kubernetes/kubernetes/pull/104382), [@feiskyer](https://github.com/feiskyer)) -- Evicted and other terminated Pods will no longer revert to the `Running` phase. ([#105462](https://github.com/kubernetes/kubernetes/pull/105462), [@ehashman](https://github.com/ehashman)) -- Fix `kube-apiserver` metric reporting for the deprecated watch path of `/api//watch/...`. ([#104161](https://github.com/kubernetes/kubernetes/pull/104161), [@wojtek-t](https://github.com/wojtek-t)) -- Fix a regression where the Kubelet failed to exclude already completed pods from calculations about how many resources it was currently using when deciding whether to allow more pods. ([#104577](https://github.com/kubernetes/kubernetes/pull/104577), [@smarterclayton](https://github.com/smarterclayton)) -- Fix detach disk issue on deleting vmss node. ([#104572](https://github.com/kubernetes/kubernetes/pull/104572), [@andyzhangx](https://github.com/andyzhangx)) -- Fix job controller syncs: In case of conflicts, ensure that the sync happens with the most up to date information. Improves reliability of JobTrackingWithFinalizers. ([#105214](https://github.com/kubernetes/kubernetes/pull/105214), [@alculquicondor](https://github.com/alculquicondor)) -- Fix job tracking with finalizers for more than 500 pods, ensuring all finalizers are removed before counting the Pod. ([#104666](https://github.com/kubernetes/kubernetes/pull/104666), [@alculquicondor](https://github.com/alculquicondor)) -- Fix pod name of NonIndexed Jobs to not include rogue `-1` substring ([#105676](https://github.com/kubernetes/kubernetes/pull/105676), [@alculquicondor](https://github.com/alculquicondor)) -- Fix scoring for `NodeResourcesBalancedAllocation` plugins when nodes have containers with no requests. ([#105845](https://github.com/kubernetes/kubernetes/pull/105845), [@ahmad-diaa](https://github.com/ahmad-diaa)) -- Fix system default topology spreading when nodes don't have zone labels. Pods correctly spread by default now. ([#105046](https://github.com/kubernetes/kubernetes/pull/105046), [@alculquicondor](https://github.com/alculquicondor)) -- Fix: do not try to delete a LoadBalancer that does not exist ([#105777](https://github.com/kubernetes/kubernetes/pull/105777), [@nilo19](https://github.com/nilo19)) -- Fix: ignore non-VMSS error for VMAS nodes in `reconcileBackendPools`. ([#103997](https://github.com/kubernetes/kubernetes/pull/103997), [@nilo19](https://github.com/nilo19)) -- Fix: leave the probe path empty for TCP probes ([#105253](https://github.com/kubernetes/kubernetes/pull/105253), [@nilo19](https://github.com/nilo19)) -- Fix: remove VMSS and VMSS instances from SLB backend pool only when necessary ([#105839](https://github.com/kubernetes/kubernetes/pull/105839), [@nilo19](https://github.com/nilo19)) -- Fix: skip `instance not found` when decoupling VMSSs from LB ([#105666](https://github.com/kubernetes/kubernetes/pull/105666), [@nilo19](https://github.com/nilo19)) -- Fix: skip case sensitivity when checking Azure NSG rules. ([#104384](https://github.com/kubernetes/kubernetes/pull/104384), [@feiskyer](https://github.com/feiskyer)) -- Fixed a bug that prevents a PersistentVolume that has a PersistentVolumeClaim UID which doesn't exist in local cache but exists in etcd from being updated to the Released phase. ([#105211](https://github.com/kubernetes/kubernetes/pull/105211), [@xiaopingrubyist](https://github.com/xiaopingrubyist)) -- Fixed a bug where using `kubectl patch` with `$deleteFromPrimitiveList` on a nonexistent or empty list would add the item to the list ([#105421](https://github.com/kubernetes/kubernetes/pull/105421), [@brianpursley](https://github.com/brianpursley)) -- Fixed a bug which could cause webhooks to have an incorrect copy of the old object after an Apply or Update ([#106195](https://github.com/kubernetes/kubernetes/pull/106195), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery] -- Fixed a bug which kubectl would emit duplicate warning messages for flag names that contain an underscore and recommend using a nonexistent flag in some cases. ([#103852](https://github.com/kubernetes/kubernetes/pull/103852), [@brianpursley](https://github.com/brianpursley)) -- Fixed a panic in `kubectl` when creating secrets with an improper output type ([#106317](https://github.com/kubernetes/kubernetes/pull/106317), [@lauchokyip](https://github.com/lauchokyip)) -- Fixed a regression setting `--audit-log-path=-` to log to stdout in 1.22 pre-release. ([#103875](https://github.com/kubernetes/kubernetes/pull/103875), [@andrewrynhard](https://github.com/andrewrynhard)) -- Fixed an issue which didn't append OS's environment variables with the one provided in Credential Provider Config file, which may fail execution of external credential provider binary. See https://github.com/kubernetes/kubernetes/issues/102750. ([#103231](https://github.com/kubernetes/kubernetes/pull/103231), [@n4j](https://github.com/n4j)) -- Fixed applying of SELinux labels to CSI volumes on very busy systems (with "error checking for SELinux support: could not get consistent content of /proc/self/mountinfo after 3 attempts") ([#105934](https://github.com/kubernetes/kubernetes/pull/105934), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Fixed architecture within manifest for non `amd64` etcd images. ([#104116](https://github.com/kubernetes/kubernetes/pull/104116), [@saschagrunert](https://github.com/saschagrunert)) -- Fixed architecture within manifest for non `amd64` etcd images. ([#105484](https://github.com/kubernetes/kubernetes/pull/105484), [@saschagrunert](https://github.com/saschagrunert)) -- Fixed azure disk translation issue due to lower case `managed` kind. ([#103439](https://github.com/kubernetes/kubernetes/pull/103439), [@andyzhangx](https://github.com/andyzhangx)) -- Fixed client IP preservation for NodePort service with protocol SCTP in ipvs. ([#104756](https://github.com/kubernetes/kubernetes/pull/104756), [@tnqn](https://github.com/tnqn)) -- Fixed concurrent map access causing panics when logging timed-out API calls. ([#105734](https://github.com/kubernetes/kubernetes/pull/105734), [@marseel](https://github.com/marseel)) -- Fixed consolidate logs for `instance not found` error -- Fixed skip `not found` nodes when reconciling LB backend address pools ([#105188](https://github.com/kubernetes/kubernetes/pull/105188), [@nilo19](https://github.com/nilo19)) -- Fixed occasional pod cgroup freeze when using cgroup v1 and systemd driver. ([#104528](https://github.com/kubernetes/kubernetes/pull/104528), [@kolyshkin](https://github.com/kolyshkin)) -- Fixed the issue where logging output of kube-scheduler configuration files included line breaks and escape characters. The output also attempted to output the configuration file in one section without showing the user a more readable format. ([#106228](https://github.com/kubernetes/kubernetes/pull/106228), [@sanchayanghosh](https://github.com/sanchayanghosh)) [SIG Scheduling] -- Fixes a bug that could result in the EndpointSlice controller unnecessarily updating EndpointSlices associated with a Service that had Topology Aware Hints enabled. ([#105267](https://github.com/kubernetes/kubernetes/pull/105267), [@llhuii](https://github.com/llhuii)) -- Fixes a regression that could cause panics in LRU caches in controller-manager, kubelet, kube-apiserver, or client-go. ([#104466](https://github.com/kubernetes/kubernetes/pull/104466), [@stbenjam](https://github.com/stbenjam)) -- Fixes an issue where an admission webhook can observe a v1 Pod object that does not have the `defaultMode` field set in the injected service account token volume in kube-api-server. ([#104523](https://github.com/kubernetes/kubernetes/pull/104523), [@liggitt](https://github.com/liggitt)) -- Fixes the `should support building a client with a CSR` E2E test to work with clusters configured with short certificate lifetimes ([#105396](https://github.com/kubernetes/kubernetes/pull/105396), [@liggitt](https://github.com/liggitt)) -- Graceful node shutdown, allow the actual inhibit delay to be greater than the expected inhibit delay. ([#103137](https://github.com/kubernetes/kubernetes/pull/103137), [@wzshiming](https://github.com/wzshiming)) -- Handle Generic Ephemeral Volumes properly in the node limits scheduler filter and the kubelet `hostPath` check. ([#100482](https://github.com/kubernetes/kubernetes/pull/100482), [@pohly](https://github.com/pohly)) -- Headless Services with no selector which were created without dual-stack enabled will be defaulted to RequireDualStack instead of PreferDualStack. This is consistent with such Services which are created with dual-stack enabled. ([#104986](https://github.com/kubernetes/kubernetes/pull/104986), [@thockin](https://github.com/thockin)) -- Ignore `not a vmss instance` error for VMAS nodes in `EnsureBackendPoolDeleted`. ([#105185](https://github.com/kubernetes/kubernetes/pull/105185), [@ialidzhikov](https://github.com/ialidzhikov)) -- Ignore the case when comparing azure tags in service annotation. ([#104705](https://github.com/kubernetes/kubernetes/pull/104705), [@nilo19](https://github.com/nilo19)) -- Ignore the case when updating Azure tags. ([#104593](https://github.com/kubernetes/kubernetes/pull/104593), [@nilo19](https://github.com/nilo19)) -- Introduce a new server run option 'shutdown-send-retry-after'. If true the HTTP Server will continue listening until all non longrunning request(s) in flight have been drained, during this window all incoming requests will be rejected with a status code `429` and a 'Retry-After' response header. ([#101257](https://github.com/kubernetes/kubernetes/pull/101257), [@tkashem](https://github.com/tkashem)) -- Kube-apiserver: Avoid unnecessary repeated calls to `admission webhooks` that reject an update or delete request. ([#104182](https://github.com/kubernetes/kubernetes/pull/104182), [@liggitt](https://github.com/liggitt)) -- Kube-apiserver: Server Side Apply merge order is reverted to match v1.22 behavior until `http://issue.k8s.io/104641` is resolved. ([#106661](https://github.com/kubernetes/kubernetes/pull/106661), [@liggitt](https://github.com/liggitt)) -- Kube-apiserver: events created via the `events.k8s.io` API group for cluster-scoped objects are now permitted in the default namespace as well for compatibility with events clients and the `v1` API ([#100125](https://github.com/kubernetes/kubernetes/pull/100125), [@h4ghhh](https://github.com/h4ghhh)) -- Kube-apiserver: fix a memory leak when deleting multiple objects with a `deletecollection`. ([#105606](https://github.com/kubernetes/kubernetes/pull/105606), [@sxllwx](https://github.com/sxllwx)) -- Kube-proxy health check ports used to listen to `:` for each of the services. This is not needed and opens ports in addresses the cluster user may not have intended. The PR limits listening to all node address which are controlled by `--nodeport-addresses` flag. if no addresses are provided then we default to existing behavior by listening to `:` for each service ([#104742](https://github.com/kubernetes/kubernetes/pull/104742), [@khenidak](https://github.com/khenidak)) -- Kube-proxy: delete stale conntrack UDP entries for loadbalancer ingress IP. ([#104009](https://github.com/kubernetes/kubernetes/pull/104009), [@aojea](https://github.com/aojea)) -- Kube-scheduler now doesn't print any usage message when unknown flag is specified. ([#104503](https://github.com/kubernetes/kubernetes/pull/104503), [@sanposhiho](https://github.com/sanposhiho)) -- Kube-up now includes CoreDNS version v1.8.6 ([#106091](https://github.com/kubernetes/kubernetes/pull/106091), [@rajansandeep](https://github.com/rajansandeep)) [SIG Cloud Provider] -- Kubeadm: When adding an etcd peer to an existing cluster, if an error is returned indicating the peer has already been added, this is accepted and a `ListMembers` call is used instead to return the existing cluster. This helps to diminish the exponential backoff when the first AddMember call times out, while still retaining a similar performance when the peer has already been added from a previous call. ([#104134](https://github.com/kubernetes/kubernetes/pull/104134), [@ihgann](https://github.com/ihgann)) -- Kubeadm: do not allow empty `--config` paths to be passed to `kubeadm kubeconfig user` ([#105649](https://github.com/kubernetes/kubernetes/pull/105649), [@navist2020](https://github.com/navist2020)) -- Kubeadm: fix a bug on Windows worker nodes, where the downloaded KubeletConfiguration from the cluster can contain Linux paths that do not work on Windows and can trip the kubelet binary. ([#105992](https://github.com/kubernetes/kubernetes/pull/105992), [@hwdef](https://github.com/hwdef)) [SIG Cluster Lifecycle and Windows] -- Kubeadm: switch the preflight check (called 'Swap') that verifies if swap is enabled on Linux hosts to report a warning instead of an error. This is related to the graduation of the NodeSwap feature gate in the kubelet to Beta and being enabled by default in 1.23 - allows swap support on Linux hosts. In the next release of kubeadm (1.24) the preflight check will be removed, thus we recommend that you stop using it - e.g. via `--ignore-preflight-errors` or the kubeadm config. ([#104854](https://github.com/kubernetes/kubernetes/pull/104854), [@pacoxu](https://github.com/pacoxu)) -- Kubelet did not report `kubelet_volume_stats_*` metrics for Generic Ephemeral Volumes. ([#105569](https://github.com/kubernetes/kubernetes/pull/105569), [@pohly](https://github.com/pohly)) -- Kubelet's Node Grace Shutdown will terminate probes when shutting down ([#105215](https://github.com/kubernetes/kubernetes/pull/105215), [@rphillips](https://github.com/rphillips)) -- Kubelet: fixes a file descriptor leak in log rotation ([#106382](https://github.com/kubernetes/kubernetes/pull/106382), [@rphillips](https://github.com/rphillips)) [SIG Node] -- Kubelet: the printing of flags at the start of kubelet now uses the final logging configuration. ([#106520](https://github.com/kubernetes/kubernetes/pull/106520), [@pohly](https://github.com/pohly)) -- Make the etcd client (used by the API server) retry certain types of errors. The full list of retriable (codes.Unavailable) errors can be found at https://github.com/etcd-io/etcd/blob/main/api/v3rpc/rpctypes/error.go#L72 ([#105069](https://github.com/kubernetes/kubernetes/pull/105069), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- Metrics changes: Fix exposed buckets of `scheduler_volume_scheduling_duration_seconds_bucket` metric. ([#100720](https://github.com/kubernetes/kubernetes/pull/100720), [@dntosas](https://github.com/dntosas)) -- Migrated kubernetes object references (= name + namespace) to structured logging when using JSON as log output format ([#104877](https://github.com/kubernetes/kubernetes/pull/104877), [@pohly](https://github.com/pohly)) -- Pass additional flags to subpath mount to avoid flakes in certain conditions. ([#104253](https://github.com/kubernetes/kubernetes/pull/104253), [@mauriciopoppe](https://github.com/mauriciopoppe)) -- Pod SecurityContext sysctls name parameter for update requests where the existing object's sysctl contains slashes and kubelet sysctl whitelist support contains slashes. ([#102393](https://github.com/kubernetes/kubernetes/pull/102393), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG Apps, Auth, Node, Storage and Testing] -- Pod will not start when Init container was OOM killed. ([#104650](https://github.com/kubernetes/kubernetes/pull/104650), [@yxxhero](https://github.com/yxxhero)) [SIG Node] -- PodResources interface was changed, now it returns only isolated CPUs ([#97415](https://github.com/kubernetes/kubernetes/pull/97415), [@AlexeyPerevalov](https://github.com/AlexeyPerevalov)) -- Provide IPv6 support for internal load balancer. ([#103794](https://github.com/kubernetes/kubernetes/pull/103794), [@nilo19](https://github.com/nilo19)) -- Reduce the number of calls to docker for stats via dockershim. For Windows this reduces the latency when calling docker, for Linux this saves cpu cycles. ([#104287](https://github.com/kubernetes/kubernetes/pull/104287), [@jsturtevant](https://github.com/jsturtevant)) [SIG Node and Windows] -- Removed the error message label from the `kubelet_started_pods_errors_total` metric ([#105213](https://github.com/kubernetes/kubernetes/pull/105213), [@yxxhero](https://github.com/yxxhero)) -- Resolves a potential issue with GC and NS controllers which may delete objects after getting a 404 response from the server during its startup. This PR ensures that requests to aggregated APIs will get 503, not 404 while the APIServiceRegistrationController hasn't finished its job. ([#104748](https://github.com/kubernetes/kubernetes/pull/104748), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- Respect grace period when updating static pods. ([#104743](https://github.com/kubernetes/kubernetes/pull/104743), [@gjkim42](https://github.com/gjkim42)) [SIG Node and Testing] -- Revert building binaries with PIE mode. ([#105352](https://github.com/kubernetes/kubernetes/pull/105352), [@ehashman](https://github.com/ehashman)) -- Reverts adding namespace label to admission metrics (and histogram exansion) due to cardinality issues. ([#104033](https://github.com/kubernetes/kubernetes/pull/104033), [@s-urbaniak](https://github.com/s-urbaniak)) -- Reverts the CRI API version surfaced by dockershim to `v1alpha2`. ([#106808](https://github.com/kubernetes/kubernetes/pull/106808), [@saschagrunert](https://github.com/saschagrunert)) -- Scheduler resource metrics over fractional binary quantities (2.5Gi, 1.1Ki) were incorrectly reported as very small values. ([#103751](https://github.com/kubernetes/kubernetes/pull/103751), [@y-tag](https://github.com/y-tag)) -- Support more than 100 disk mounts on Windows ([#105673](https://github.com/kubernetes/kubernetes/pull/105673), [@andyzhangx](https://github.com/andyzhangx)) -- Support using negative array index in JSON patch replace operations. ([#105896](https://github.com/kubernetes/kubernetes/pull/105896), [@zqzten](https://github.com/zqzten)) -- The `--leader-elect*` CLI args are now honored in scheduler. ([#105915](https://github.com/kubernetes/kubernetes/pull/105915), [@Huang-Wei](https://github.com/Huang-Wei)) -- The `--leader-elect*` CLI args are now honored in the scheduler. ([#105712](https://github.com/kubernetes/kubernetes/pull/105712), [@Huang-Wei](https://github.com/Huang-Wei)) -- The `client-go` dynamic client sets the header `Content-Type: application/json` by default ([#104327](https://github.com/kubernetes/kubernetes/pull/104327), [@sxllwx](https://github.com/sxllwx)) -- The `kube-Proxy` now correctly filters out unready endpoints for Services with Topology. ([#106507](https://github.com/kubernetes/kubernetes/pull/106507), [@robscott](https://github.com/robscott)) -- The `pods/binding` subresource now honors `metadata.uid` and `metadata.resourceVersion` ([#105913](https://github.com/kubernetes/kubernetes/pull/105913), [@aholic](https://github.com/aholic)) -- The kube-proxy sync_proxy_rules_iptables_total metric now gives - the correct number of rules, rather than being off by one. - Fixed multiple iptables proxy regressions introduced in 1.22: - - When using Services with SessionAffinity, client affinity for an - endpoint now gets broken when that endpoint becomes non-ready - (rather than continuing until the endpoint is fully deleted). - - Traffic to a service IP now starts getting rejected (as opposed to - merely dropped) as soon as there are no longer any *usable* - endpoints, rather than waiting until all of the terminating - endpoints have terminated even when those terminating endpoints - were not being used. - - Chains for endpoints that won't be used are no longer output to - iptables, saving a bit of memory/time/cpu. ([#106030](https://github.com/kubernetes/kubernetes/pull/106030), [@danwinship](https://github.com/danwinship)) [SIG Network] -- Topology Aware Hints now ignores unready endpoints when assigning hints. ([#106510](https://github.com/kubernetes/kubernetes/pull/106510), [@robscott](https://github.com/robscott)) -- Topology Hints now excludes control plane notes from capacity calculations. ([#104744](https://github.com/kubernetes/kubernetes/pull/104744), [@robscott](https://github.com/robscott)) -- Update Go used to build migrate script in etcd image to v1.16.7. ([#104301](https://github.com/kubernetes/kubernetes/pull/104301), [@serathius](https://github.com/serathius)) -- Updated json representation for a conflicted taint to `Key=Effect` when a conflicted taint occurs in kubectl taint. ([#104011](https://github.com/kubernetes/kubernetes/pull/104011), [@manugupt1](https://github.com/manugupt1)) -- Upgrades functionality of `kubectl kustomize` as described at - https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.4.1 ([#106389](https://github.com/kubernetes/kubernetes/pull/106389), [@natasha41575](https://github.com/natasha41575)) [SIG CLI] -- Watch requests that are delegated to aggregated API servers no longer reserve concurrency units (seats) in the API Priority and Fairness dispatcher for their entire duration. ([#105511](https://github.com/kubernetes/kubernetes/pull/105511), [@benluddy](https://github.com/benluddy)) -- When a static pod file is deleted and recreated while using a fixed UID, the pod was not properly restarted. ([#104847](https://github.com/kubernetes/kubernetes/pull/104847), [@smarterclayton](https://github.com/smarterclayton)) -- XFS-filesystems are now force-formatted (option `-f`) in order to avoid problems being formatted due to detection of magic super-blocks. This aligns with the behaviour of formatting of ext3/4 filesystems. ([#104923](https://github.com/kubernetes/kubernetes/pull/104923), [@davidkarlsen](https://github.com/davidkarlsen)) -- `--log-flush-frequency` had no effect in several commands or was missing. Help and warning texts were not always using the right format for a command (`add_dir_header` instead of `add-dir-header`). Fixing this included cleaning up flag handling in component-base/logs: that package no longer adds flags to the global flag sets. Commands which want the klog and `--log-flush-frequency` flags must explicitly call `logs.AddFlags`; the new `cli.Run` does that for commands. That helper function also covers flag normalization and printing of usage and errors in a consistent way (print usage text first if parsing failed, then the error). ([#105076](https://github.com/kubernetes/kubernetes/pull/105076), [@pohly](https://github.com/pohly)) -- Kubeadm: allow the "certs check-expiration" command to not require the existence of the cluster CA key (ca.key file) when checking the expiration of managed certificates in kubeconfig files. ([#106931](https://github.com/kubernetes/kubernetes/pull/106931), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: during execution of the "check expiration" command, treat the etcd CA as external if there is a missing etcd CA key file (etcd/ca.key) and perform the proper validation on certificates signed by the etcd CA. Additionally, make sure that the CA for all entries in the output table is included - for both certificates on disk and in kubeconfig files. ([#106926](https://github.com/kubernetes/kubernetes/pull/106926), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubectl: restores `--dry-run`, `--dry-run=true`, and `--dry-run=false` for compatibility with pre-1.23 invocations. ([#107021](https://github.com/kubernetes/kubernetes/pull/107021), [@liggitt](https://github.com/liggitt)) [SIG CLI and Testing] -- Reverts graceful node shutdown to match 1.21 behavior of setting pods that have not yet successfully completed to "Failed" phase if the GracefulNodeShutdown feature is enabled in kubelet. The GracefulNodeShutdown feature is beta and must be explicitly configured via kubelet config to be enabled in 1.21+. This changes 1.22 and 1.23 behavior on node shutdown to match 1.21. If you do not want pods to be marked terminated on node shutdown in 1.22 and 1.23, disable the GracefulNodeShutdown feature. ([#106900](https://github.com/kubernetes/kubernetes/pull/106900), [@bobbypage](https://github.com/bobbypage)) [SIG Node and Testing] -- An inefficient lock in EndpointSlice controller metrics cache has been reworked. Network programming latency may be significantly reduced in certain scenarios, especially in clusters with a large number of Services. ([#107167](https://github.com/kubernetes/kubernetes/pull/107167), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- Client-go: fix that paged list calls with ResourceVersionMatch set would fail once paging kicked in. ([#107334](https://github.com/kubernetes/kubernetes/pull/107334), [@fasaxc](https://github.com/fasaxc)) [SIG API Machinery] -- Fix a panic when using invalid output format in kubectl create secret command ([#107347](https://github.com/kubernetes/kubernetes/pull/107347), [@rikatz](https://github.com/rikatz)) [SIG CLI] -- Fix: azuredisk parameter lowercase translation issue ([#107429](https://github.com/kubernetes/kubernetes/pull/107429), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fixed a bug that a pod's .status.nominatedNodeName is not cleared properly, and thus over-occupied system resources. ([#107109](https://github.com/kubernetes/kubernetes/pull/107109), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling and Testing] -- Fixes a rare race condition handling requests that timeout ([#107458](https://github.com/kubernetes/kubernetes/pull/107458), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Mount-utils: Detect potential stale file handle ([#106988](https://github.com/kubernetes/kubernetes/pull/106988), [@andyzhangx](https://github.com/andyzhangx)) [SIG Storage] -- The feature gate was mentioned as `csiMigrationRBD` where it should have been `CSIMigrationRBD` to be in parity with other migration plugins. This release correct the same and keep it as `CSIMigrationRBD`. Users who have configured this feature gate as `csiMigrationRBD` has to reconfigure the same to `CSIMigrationRBD` from this release. ([#107554](https://github.com/kubernetes/kubernetes/pull/107554), [@humblec](https://github.com/humblec)) [SIG Storage] -- Fix: delete non existing Azure disk issue ([#107406](https://github.com/kubernetes/kubernetes/pull/107406), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fixes a regression in 1.23 that incorrectly pruned data from array items of a custom resource that set `x-kubernetes-preserve-unknown-fields: true` ([#107689](https://github.com/kubernetes/kubernetes/pull/107689), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Fix Azurefile volumeid collision issue in csi migration ([#107575](https://github.com/kubernetes/kubernetes/pull/107575), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fix e2e test "Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true)" ([#107902](https://github.com/kubernetes/kubernetes/pull/107902), [@xueqzhan](https://github.com/xueqzhan)) [SIG Network and Testing] -- Fixes a regression in 1.23 where update requests to previously persisted `Service` objects that have not been modified since 1.19 can be rejected with an incorrect `spec.clusterIPs: Required value` error ([#107875](https://github.com/kubernetes/kubernetes/pull/107875), [@liggitt](https://github.com/liggitt)) [SIG Network and Testing] -- Fixes static pod add and removes restarts in certain cases. ([#107761](https://github.com/kubernetes/kubernetes/pull/107761), [@rphillips](https://github.com/rphillips)) [SIG Node] -- Bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client to v0.0.30, fixing goroutine leaks in kube-apiserver. ([#108438](https://github.com/kubernetes/kubernetes/pull/108438), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery, Auth and Cloud Provider] -- Fix kubectl config flags incorrectly setting burst and discovery limits ([#108401](https://github.com/kubernetes/kubernetes/pull/108401), [@ulucinar](https://github.com/ulucinar)) [SIG CLI] -- Fix static pod restarts in cases where the container is not present. ([#108164](https://github.com/kubernetes/kubernetes/pull/108164), [@rphillips](https://github.com/rphillips)) [SIG Node] -- Fixes a bug where a partial EndpointSlice update could cause node name information to be dropped from endpoints that were not updated. ([#108201](https://github.com/kubernetes/kubernetes/pull/108201), [@robscott](https://github.com/robscott)) [SIG Network] -- Fixes a regression in the kubelet restarting static pods. ([#107931](https://github.com/kubernetes/kubernetes/pull/107931), [@rphillips](https://github.com/rphillips)) [SIG Node and Testing] -- Fixes error handling in a kubectl method used in downstream packages. ([#107938](https://github.com/kubernetes/kubernetes/pull/107938), [@heybronson](https://github.com/heybronson)) [SIG CLI] -- Increase Azure ACR credential provider timeout ([#108209](https://github.com/kubernetes/kubernetes/pull/108209), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Kube-apiserver: removed apf_fd from server logs (added in 1.23.0) which could contain data identifying the requesting user ([#108634](https://github.com/kubernetes/kubernetes/pull/108634), [@jupblb](https://github.com/jupblb)) [SIG API Machinery and Scalability] -- Bug: client-go clientset was not defaulting the user agent, using the default golang agent for all the requests. ([#108791](https://github.com/kubernetes/kubernetes/pull/108791), [@aojea](https://github.com/aojea)) [SIG API Machinery and Instrumentation] -- E2e tests wait for kube-root-ca.crt to be populated in namespaces for use with projected service account tokens, reducing delays starting those test pods and errors in the logs. ([#108860](https://github.com/kubernetes/kubernetes/pull/108860), [@eddiezane](https://github.com/eddiezane)) [SIG Testing] -- Failure to start a container cannot accidentally result in the pod being considered "Succeeded" in the presence of deletion. ([#108882](https://github.com/kubernetes/kubernetes/pull/108882), [@rphillips](https://github.com/rphillips)) [SIG Node] -- Fix indexer bug that resulted in incorrect index updates if number of index values for a given object was changing during update ([#109137](https://github.com/kubernetes/kubernetes/pull/109137), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery] -- Fix the overestimated cost of delegated API requests in kube-apiserver API priority&fairness ([#109216](https://github.com/kubernetes/kubernetes/pull/109216), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery] -- Fixed a regression that could incorrectly reject pods with OutOfCpu errors if they were rapidly scheduled after other pods were reported as complete in the API. The Kubelet now waits to report the phase of a pod as terminal in the API until all running containers are guaranteed to have stopped and no new containers can be started. Short-lived pods may take slightly longer (~1s) to report Succeeded or Failed after this change. ([#108723](https://github.com/kubernetes/kubernetes/pull/108723), [@bobbypage](https://github.com/bobbypage)) [SIG Apps, Node and Testing] -- Correct event registration for multiple scheduler plugins; this fixes a potential significant delay in re-queueing unschedulable pods. ([#109446](https://github.com/kubernetes/kubernetes/pull/109446), [@ahg-g](https://github.com/ahg-g)) [SIG Scheduling and Testing] -- Existing InTree AzureFile PVs which don't have a secret namespace defined will now work properly after enabling CSI migration - the namespace will be obtained from ClaimRef. ([#108000](https://github.com/kubernetes/kubernetes/pull/108000), [@RomanBednar](https://github.com/RomanBednar)) [SIG Cloud Provider and Storage] -- Fix JobTrackingWithFinalizers that: - - was declaring a job finished before counting all the created pods in the status - - was leaving pods with finalizers, blocking pod and job deletions - - JobTrackingWithFinalizers is still disabled by default. ([#109486](https://github.com/kubernetes/kubernetes/pull/109486), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing] -- Fix a bug that out-of-tree plugin is misplaced when using scheduler v1beta3 config ([#108890](https://github.com/kubernetes/kubernetes/pull/108890), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling] -- Fix kubectl completion zsh to use any command name rather than hardcoded kubectl ([#109235](https://github.com/kubernetes/kubernetes/pull/109235), [@soltysh](https://github.com/soltysh)) [SIG CLI] -- Kubeadm: add the flag "--experimental-initial-corrupt-check" to etcd static Pod manifests to ensure etcd member data consistency ([#109075](https://github.com/kubernetes/kubernetes/pull/109075), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- EndpointSlices marked for deletion are now ignored during reconciliation. ([#110483](https://github.com/kubernetes/kubernetes/pull/110483), [@aryan9600](https://github.com/aryan9600)) [SIG Apps and Network] -- Fixed a kubelet issue that could result in invalid pod status updates to be sent to the api-server where pods would be reported in a terminal phase but also report a ready condition of true in some cases. ([#110480](https://github.com/kubernetes/kubernetes/pull/110480), [@bobbypage](https://github.com/bobbypage)) [SIG Node and Testing] -- Pods will now post their readiness during termination. ([#110417](https://github.com/kubernetes/kubernetes/pull/110417), [@aojea](https://github.com/aojea)) [SIG Network, Node and Testing] -- Fix a bug that caused the wrong result length when using --chunk-size and --selector together ([#110757](https://github.com/kubernetes/kubernetes/pull/110757), [@Abirdcfly](https://github.com/Abirdcfly)) [SIG API Machinery and Testing] -- Fix bug that prevented the job controller from enforcing activeDeadlineSeconds when set ([#110545](https://github.com/kubernetes/kubernetes/pull/110545), [@harshanarayana](https://github.com/harshanarayana)) [SIG Apps] -- Fix image pulling failure when IMDS is unavailable in kubelet startup ([#110523](https://github.com/kubernetes/kubernetes/pull/110523), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix printing resources with int64 fields ([#110602](https://github.com/kubernetes/kubernetes/pull/110602), [@sanchezl](https://github.com/sanchezl)) [SIG API Machinery] -- Fixed a regression introduced in 1.23.0 where Azure load balancers were not kept up to date with the state of cluster nodes. In particular, nodes that are not in the ready state and are not newly created (i.e. not having the `node.cloudprovider.kubernetes.io/uninitialized` taint) now get removed from Azure load balancers. ([#109932](https://github.com/kubernetes/kubernetes/pull/109932), [@ricky-rav](https://github.com/ricky-rav)) [SIG Cloud Provider] -- Fixed potential scheduler crash when scheduling with unsatisfied nodes in PodTopologySpread. ([#110853](https://github.com/kubernetes/kubernetes/pull/110853), [@kerthcet](https://github.com/kerthcet)) [SIG Scheduling] -- Kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join ([#111022](https://github.com/kubernetes/kubernetes/pull/111022), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Reduced time taken to sync proxy rules on Windows kube-proxy with kernelspace mode ([#110702](https://github.com/kubernetes/kubernetes/pull/110702), [@daschott](https://github.com/daschott)) [SIG Network and Windows] -- Updated cAdvisor to v0.43.1 to pick up a kubelet fix where network metrics can be missing in some cases when used with containerd ([#111013](https://github.com/kubernetes/kubernetes/pull/111013), [@bobbypage](https://github.com/bobbypage)) [SIG Node] - -#### Other (Cleanup or Flake) - -- All `klog` flags except for `-v` and `-vmodule` are deprecated. Support for `-vmodule` is only guaranteed for the text log format. ([#105042](https://github.com/kubernetes/kubernetes/pull/105042), [@pohly](https://github.com/pohly)) -- Better pod events ("waiting for ephemeral volume controller to create the persistentvolumeclaim"" instead of "persistentvolumeclaim not found") when using generic ephemeral volumes. ([#104605](https://github.com/kubernetes/kubernetes/pull/104605), [@pohly](https://github.com/pohly)) -- Changed buckets in apiserver_request_duration_seconds metric from [0.05, 0.1, 0.15, 0.2, 0.25, 0.3, 0.35, 0.4, 0.45, 0.5, 0.6, 0.7, 0.8, 0.9, 1.0,1.25, 1.5, 1.75, 2.0, 2.5, 3.0, 3.5, 4.0, 4.5, 5, 6, 7, 8, 9, 10, 15, 20, 25, 30, 40, 50, 60] to [0.05, 0.1, 0.2, 0.4, 0.6, 0.8, 1.0, 1.25, 1.5, 2, 3, 4, 5, 6, 8, 10, 15, 20, 30, 45, 60] ([#106306](https://github.com/kubernetes/kubernetes/pull/106306), [@pawbana](https://github.com/pawbana)) [SIG API Machinery, Instrumentation and Testing] -- Deprecate `apiserver_longrunning_gauge` and `apiserver_register_watchers` in 1.23.0. ([#103793](https://github.com/kubernetes/kubernetes/pull/103793), [@yan-lgtm](https://github.com/yan-lgtm)) -- Enhanced error message for nodes not selected by scheduler due to pod's PersistentVolumeClaim(s) bound to PersistentVolume(s) that do not exist. ([#105196](https://github.com/kubernetes/kubernetes/pull/105196), [@yibozhuang](https://github.com/yibozhuang)) -- Fix an issue in cleaning up `CertificateSigningRequest` objects with an unparseable `status.certificate` field. ([#103823](https://github.com/kubernetes/kubernetes/pull/103823), [@liggitt](https://github.com/liggitt)) -- Kube-apiserver: requests to node, Service, and Pod `/proxy` subresources with no additional URL path now only automatically redirect GET and HEAD requests. ([#95128](https://github.com/kubernetes/kubernetes/pull/95128), [@Riaankl](https://github.com/Riaankl)) -- Kube-apiserver: sets an upper-bound on the lifetime of idle keep-alive connections and the time to read the headers of incoming requests. ([#103958](https://github.com/kubernetes/kubernetes/pull/103958), [@liggitt](https://github.com/liggitt)) -- Kubeadm: external etcd endpoints passed in the `ClusterConfiguration` that have Unicode characters are no longer IDNA encoded (converted to Punycode). They are now just URL encoded as per Go's implementation of RFC-3986, have duplicate "/" removed from the URL paths, and passed like that directly to the `kube-apiserver` `--etcd-servers` flag. If you have etcd endpoints that have Unicode characters, it is advisable to encode them in advance with tooling that is fully IDNA compliant. If you don't do that, the Go standard library (used in k8s and etcd) would do it for you when making requests to the endpoints. ([#103801](https://github.com/kubernetes/kubernetes/pull/103801), [@gkarthiks](https://github.com/gkarthiks)) -- Kubeadm: remove the `--port` flag from the manifest for the `kube-controller-manager` since the flag has been a NO-OP since 1.22 and insecure serving was removed for the component. ([#104157](https://github.com/kubernetes/kubernetes/pull/104157), [@knight42](https://github.com/knight42)) -- Kubeadm: remove the `--port` flag from the manifest for the kube-scheduler since the flag has been a NO-OP since 1.23 and insecure serving was removed for the component. ([#105034](https://github.com/kubernetes/kubernetes/pull/105034), [@pacoxu](https://github.com/pacoxu)) -- Kubeadm: update references to legacy artifacts locations, the `ci-cross` prefix has been removed from the version match as it does not exist in the new `gs://k8s-release-dev` bucket. ([#103813](https://github.com/kubernetes/kubernetes/pull/103813), [@SataQiu](https://github.com/SataQiu)) -- Kubectl: deprecated command line flags (like several of the klog flags) now have a `DEPRECATED: ` comment. ([#106172](https://github.com/kubernetes/kubernetes/pull/106172), [@pohly](https://github.com/pohly)) [SIG CLI] -- Kubemark is now built as a portable, static binary. ([#106150](https://github.com/kubernetes/kubernetes/pull/106150), [@pohly](https://github.com/pohly)) [SIG Scalability and Testing] -- Migrate `cmd/proxy/{config, healthcheck, winkernel}` to structured logging ([#104944](https://github.com/kubernetes/kubernetes/pull/104944), [@jyz0309](https://github.com/jyz0309)) -- Migrate `pkg/proxy` to structured logging ([#104908](https://github.com/kubernetes/kubernetes/pull/104908), [@CIPHERTron](https://github.com/CIPHERTron)) -- Migrate `pkg/scheduler/framework/plugins/interpodaffinity/filtering.go`,`pkg/scheduler/framework/plugins/podtopologyspread/filtering.go`, `pkg/scheduler/framework/plugins/volumezone/volume_zone.go` to structured logging ([#105931](https://github.com/kubernetes/kubernetes/pull/105931), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Migrate `pkg/scheduler` to structured logging. ([#99273](https://github.com/kubernetes/kubernetes/pull/99273), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) -- Migrate cmd/proxy/app and pkg/proxy/meta_proxier to structured logging ([#104928](https://github.com/kubernetes/kubernetes/pull/104928), [@jyz0309](https://github.com/jyz0309)) -- Migrated `cmd/kube-scheduler/app/server.go`, `pkg/scheduler/framework/plugins/nodelabel/node_label.go`, `pkg/scheduler/framework/plugins/nodevolumelimits/csi.go`, `pkg/scheduler/framework/plugins/nodevolumelimits/non_csi.go` to structured logging ([#105855](https://github.com/kubernetes/kubernetes/pull/105855), [@shivanshu1333](https://github.com/shivanshu1333)) -- Migrated `pkg/proxy/ipvs` to structured logging ([#104932](https://github.com/kubernetes/kubernetes/pull/104932), [@shivanshu1333](https://github.com/shivanshu1333)) -- Migrated `pkg/proxy/userspace` to structured logging. ([#104931](https://github.com/kubernetes/kubernetes/pull/104931), [@shivanshu1333](https://github.com/shivanshu1333)) -- Migrated `pkg/proxy` to structured logging ([#104891](https://github.com/kubernetes/kubernetes/pull/104891), [@shivanshu1333](https://github.com/shivanshu1333)) -- Migrated `pkg/scheduler/framework/plugins/volumebinding/assume_cache.go` to structured logging. ([#105904](https://github.com/kubernetes/kubernetes/pull/105904), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG Instrumentation, Scheduling and Storage] -- Migrated `pkg/scheduler/framework/preemption/preemption.go`, `pkg/scheduler/framework/plugins/examples/stateful/stateful.go`, and `pkg/scheduler/framework/plugins/noderesources/resource_allocation.go` to structured logging ([#105967](https://github.com/kubernetes/kubernetes/pull/105967), [@shivanshu1333](https://github.com/shivanshu1333)) [SIG Instrumentation, Node and Scheduling] -- Migrated pkg/proxy/winuserspace to structured logging ([#105035](https://github.com/kubernetes/kubernetes/pull/105035), [@shivanshu1333](https://github.com/shivanshu1333)) -- Migrated scheduler file `cache.go` to structured logging ([#105969](https://github.com/kubernetes/kubernetes/pull/105969), [@shivanshu1333](https://github.com/shivanshu1333)) [SIG Instrumentation and Scheduling] -- Migrated scheduler files `comparer.go`, `dumper.go`, `node_tree.go` to structured logging ([#105968](https://github.com/kubernetes/kubernetes/pull/105968), [@shivanshu1333](https://github.com/shivanshu1333)) [SIG Instrumentation and Scheduling] -- More detailed logging has been added to the EndpointSlice controller for Topology. ([#104741](https://github.com/kubernetes/kubernetes/pull/104741), [@robscott](https://github.com/robscott)) -- Remove deprecated and not supported old cronjob controller. ([#106126](https://github.com/kubernetes/kubernetes/pull/106126), [@soltysh](https://github.com/soltysh)) [SIG Apps] -- Remove ignore error flag for drain, and set this feature as default ([#105571](https://github.com/kubernetes/kubernetes/pull/105571), [@yuzhiquan](https://github.com/yuzhiquan)) [SIG CLI] -- Remove the deprecated flags `--csr-only` and `--csr-dir` from `kubeadm certs renew`. Please use `kubeadm certs generate-csr` instead. ([#104796](https://github.com/kubernetes/kubernetes/pull/104796), [@RA489](https://github.com/RA489)) -- Support allocating whole NUMA nodes in the CPUManager when there is not a 1:1 mapping between socket and NUMA node ([#102015](https://github.com/kubernetes/kubernetes/pull/102015), [@klueska](https://github.com/klueska)) -- Support for Windows Server 2022 was added to the `k8s.gcr.io/pause:3.6` image. ([#104711](https://github.com/kubernetes/kubernetes/pull/104711), [@claudiubelu](https://github.com/claudiubelu)) -- Surface warning when users don't set `propagationPolicy` for jobs while deleting. ([#104080](https://github.com/kubernetes/kubernetes/pull/104080), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- The `AllowInsecureBackendProxy` feature gate is removed. It reached GA in Kubernetes 1.21. ([#103796](https://github.com/kubernetes/kubernetes/pull/103796), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- The `BoundServiceAccountTokenVolume` feature gate that is GA since v1.22 is unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#104167](https://github.com/kubernetes/kubernetes/pull/104167), [@ialidzhikov](https://github.com/ialidzhikov)) -- The `StartupProbe` feature gate that is GA since v1.20 is unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#104168](https://github.com/kubernetes/kubernetes/pull/104168), [@ialidzhikov](https://github.com/ialidzhikov)) -- The `SupportPodPidsLimit` and `SupportNodePidsLimit` feature gates that are GA since v1.20 are unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#104163](https://github.com/kubernetes/kubernetes/pull/104163), [@ialidzhikov](https://github.com/ialidzhikov)) -- The `apiserver` exposes 4 new metrics that allow to track the status of the Service CIDRs allocations: - - current number of available IPs per Service CIDR - - current number of used IPs per Service CIDR - - total number of allocation per Service CIDR - - total number of allocation errors per ServiceCIDR ([#104119](https://github.com/kubernetes/kubernetes/pull/104119), [@aojea](https://github.com/aojea)) -- The flag `--deployment-controller-sync-period` has been deprecated and will be removed in v1.24. ([#103538](https://github.com/kubernetes/kubernetes/pull/103538), [@Pingan2017](https://github.com/Pingan2017)) -- The image `gcr.io/kubernetes-e2e-test-images` will no longer be used in E2E / CI testing, `k8s.gcr.io/e2e-test-images` will be used instead. ([#103724](https://github.com/kubernetes/kubernetes/pull/103724), [@claudiubelu](https://github.com/claudiubelu)) -- The kube-proxy image contains `/go-runner` as a replacement for deprecated klog flags. ([#106301](https://github.com/kubernetes/kubernetes/pull/106301), [@pohly](https://github.com/pohly)) -- The maximum length of the `CSINode` id field has increased to 256 bytes to match the CSI spec. ([#104160](https://github.com/kubernetes/kubernetes/pull/104160), [@pacoxu](https://github.com/pacoxu)) -- Troubleshooting: informers log handlers that take more than 100 milliseconds to process an object if the `DeltaFIFO` queue starts to grow beyond 10 elements. ([#103917](https://github.com/kubernetes/kubernetes/pull/103917), [@aojea](https://github.com/aojea)) -- Update `cri-tools` dependency to v1.22.0. ([#104430](https://github.com/kubernetes/kubernetes/pull/104430), [@saschagrunert](https://github.com/saschagrunert)) -- Update `migratecmd/kube-proxy/app` logs to structured logging. ([#98913](https://github.com/kubernetes/kubernetes/pull/98913), [@yxxhero](https://github.com/yxxhero)) -- Update build images to Debian 11 (Bullseye) - - debian-base:bullseye-v1.0.0 - - debian-iptables:bullseye-v1.0.0 - - go-runner:v2.3.1-go1.17.1-bullseye.0 - - kube-cross:v1.23.0-go1.17.1-bullseye.1 - - setcap:bullseye-v1.0.0 - - cluster/images/etcd: Build 3.5.0-2 image - - test/conformance/image: Update runner image to base-debian11 ([#105158](https://github.com/kubernetes/kubernetes/pull/105158), [@justaugustus](https://github.com/justaugustus)) -- Update conformance image to use `debian-base:buster-v1.9.0`. ([#104696](https://github.com/kubernetes/kubernetes/pull/104696), [@PushkarJ](https://github.com/PushkarJ)) -- `volume.kubernetes.io/storage-provisioner` annotation will be added to dynamic provisioning required PVC. `volume.beta.kubernetes.io/storage-provisioner` annotation is deprecated. ([#104590](https://github.com/kubernetes/kubernetes/pull/104590), [@Jiawei0227](https://github.com/Jiawei0227)) -- Updates konnectivity-network-proxy to v0.0.27. This includes a memory leak fix for the network proxy ([#107037](https://github.com/kubernetes/kubernetes/pull/107037), [@jdnurme](https://github.com/jdnurme)) [SIG API Machinery, Auth and Cloud Provider] - -### Dependencies - -#### Added -- bazil.org/fuse: 371fbbd -- github.com/OneOfOne/xxhash: [v1.2.2](https://github.com/OneOfOne/xxhash/tree/v1.2.2) -- github.com/antlr/antlr4/runtime/Go/antlr: [b48c857](https://github.com/antlr/antlr4/runtime/Go/antlr/tree/b48c857) -- github.com/cespare/xxhash: [v1.1.0](https://github.com/cespare/xxhash/tree/v1.1.0) -- github.com/cncf/xds/go: [fbca930](https://github.com/cncf/xds/go/tree/fbca930) -- github.com/getkin/kin-openapi: [v0.76.0](https://github.com/getkin/kin-openapi/tree/v0.76.0) -- github.com/go-logr/zapr: [v1.2.0](https://github.com/go-logr/zapr/tree/v1.2.0) -- github.com/google/cel-go: [v0.9.0](https://github.com/google/cel-go/tree/v0.9.0) -- github.com/google/cel-spec: [v0.6.0](https://github.com/google/cel-spec/tree/v0.6.0) -- github.com/google/martian/v3: [v3.1.0](https://github.com/google/martian/v3/tree/v3.1.0) -- github.com/kr/fs: [v0.1.0](https://github.com/kr/fs/tree/v0.1.0) -- github.com/pkg/sftp: [v1.10.1](https://github.com/pkg/sftp/tree/v1.10.1) -- github.com/spaolacci/murmur3: [f09979e](https://github.com/spaolacci/murmur3/tree/f09979e) -- sigs.k8s.io/json: c049b76 - -#### Changed -- cloud.google.com/go/bigquery: v1.4.0 → v1.8.0 -- cloud.google.com/go/storage: v1.6.0 → v1.10.0 -- cloud.google.com/go: v0.54.0 → v0.81.0 -- github.com/GoogleCloudPlatform/k8s-cloud-provider: [7901bc8 → ea6160c](https://github.com/GoogleCloudPlatform/k8s-cloud-provider/compare/7901bc8...ea6160c) -- github.com/Microsoft/go-winio: [v0.4.15 → v0.4.17](https://github.com/Microsoft/go-winio/compare/v0.4.15...v0.4.17) -- github.com/Microsoft/hcsshim: [5eafd15 → v0.8.22](https://github.com/Microsoft/hcsshim/compare/5eafd15...v0.8.22) -- github.com/benbjohnson/clock: [v1.0.3 → v1.1.0](https://github.com/benbjohnson/clock/compare/v1.0.3...v1.1.0) -- github.com/bketelsen/crypt: [5cbc8cc → v0.0.4](https://github.com/bketelsen/crypt/compare/5cbc8cc...v0.0.4) -- github.com/containerd/cgroups: [0dbf7f0 → v1.0.1](https://github.com/containerd/cgroups/compare/0dbf7f0...v1.0.1) -- github.com/containerd/containerd: [v1.4.4 → v1.4.11](https://github.com/containerd/containerd/compare/v1.4.4...v1.4.11) -- github.com/containerd/continuity: [aaeac12 → v0.1.0](https://github.com/containerd/continuity/compare/aaeac12...v0.1.0) -- github.com/containerd/fifo: [a9fb20d → v1.0.0](https://github.com/containerd/fifo/compare/a9fb20d...v1.0.0) -- github.com/containerd/go-runc: [5a6d9f3 → v1.0.0](https://github.com/containerd/go-runc/compare/5a6d9f3...v1.0.0) -- github.com/containerd/typeurl: [v1.0.1 → v1.0.2](https://github.com/containerd/typeurl/compare/v1.0.1...v1.0.2) -- github.com/coredns/corefile-migration: [v1.0.12 → v1.0.14](https://github.com/coredns/corefile-migration/compare/v1.0.12...v1.0.14) -- github.com/docker/docker: [v20.10.2+incompatible → v20.10.7+incompatible](https://github.com/docker/docker/compare/v20.10.2...v20.10.7) -- github.com/envoyproxy/go-control-plane: [668b12f → 63b5d3c](https://github.com/envoyproxy/go-control-plane/compare/668b12f...63b5d3c) -- github.com/evanphx/json-patch: [v4.11.0+incompatible → v4.12.0+incompatible](https://github.com/evanphx/json-patch/compare/v4.11.0...v4.12.0) -- github.com/go-logr/logr: [v0.4.0 → v1.2.0](https://github.com/go-logr/logr/compare/v0.4.0...v1.2.0) -- github.com/golang/glog: [23def4e → v1.0.0](https://github.com/golang/glog/compare/23def4e...v1.0.0) -- github.com/golang/mock: [v1.4.4 → v1.5.0](https://github.com/golang/mock/compare/v1.4.4...v1.5.0) -- github.com/google/cadvisor: [v0.39.2 → v0.43.0](https://github.com/google/cadvisor/compare/v0.39.2...v0.43.0) -- github.com/google/pprof: [1ebb73c → cbba55b](https://github.com/google/pprof/compare/1ebb73c...cbba55b) -- github.com/hashicorp/golang-lru: [v0.5.1 → v0.5.0](https://github.com/hashicorp/golang-lru/compare/v0.5.1...v0.5.0) -- github.com/ianlancetaylor/demangle: [5e5cf60 → 28f6c0f](https://github.com/ianlancetaylor/demangle/compare/5e5cf60...28f6c0f) -- github.com/json-iterator/go: [v1.1.11 → v1.1.12](https://github.com/json-iterator/go/compare/v1.1.11...v1.1.12) -- github.com/magiconair/properties: [v1.8.1 → v1.8.5](https://github.com/magiconair/properties/compare/v1.8.1...v1.8.5) -- github.com/mitchellh/go-homedir: [v1.1.0 → v1.0.0](https://github.com/mitchellh/go-homedir/compare/v1.1.0...v1.0.0) -- github.com/mitchellh/mapstructure: [v1.1.2 → v1.4.1](https://github.com/mitchellh/mapstructure/compare/v1.1.2...v1.4.1) -- github.com/modern-go/reflect2: [v1.0.1 → v1.0.2](https://github.com/modern-go/reflect2/compare/v1.0.1...v1.0.2) -- github.com/opencontainers/runc: [v1.0.1 → v1.0.2](https://github.com/opencontainers/runc/compare/v1.0.1...v1.0.2) -- github.com/pelletier/go-toml: [v1.2.0 → v1.9.3](https://github.com/pelletier/go-toml/compare/v1.2.0...v1.9.3) -- github.com/prometheus/common: [v0.26.0 → v0.28.0](https://github.com/prometheus/common/compare/v0.26.0...v0.28.0) -- github.com/spf13/afero: [v1.2.2 → v1.6.0](https://github.com/spf13/afero/compare/v1.2.2...v1.6.0) -- github.com/spf13/cast: [v1.3.0 → v1.3.1](https://github.com/spf13/cast/compare/v1.3.0...v1.3.1) -- github.com/spf13/cobra: [v1.1.3 → v1.2.1](https://github.com/spf13/cobra/compare/v1.1.3...v1.2.1) -- github.com/spf13/jwalterweatherman: [v1.0.0 → v1.1.0](https://github.com/spf13/jwalterweatherman/compare/v1.0.0...v1.1.0) -- github.com/spf13/viper: [v1.7.0 → v1.8.1](https://github.com/spf13/viper/compare/v1.7.0...v1.8.1) -- github.com/yuin/goldmark: [v1.3.5 → v1.4.0](https://github.com/yuin/goldmark/compare/v1.3.5...v1.4.0) -- go.opencensus.io: v0.22.3 → v0.23.0 -- go.uber.org/zap: v1.17.0 → v1.19.0 -- golang.org/x/crypto: 5ea612d → 32db794 -- golang.org/x/net: 37e1c6a → e898025 -- golang.org/x/oauth2: bf48bf1 → 2bc19b1 -- golang.org/x/sys: 59db8d7 → f4d4317 -- golang.org/x/term: 6a3ed07 → 6886f2d -- golang.org/x/text: v0.3.6 → v0.3.7 -- golang.org/x/tools: v0.1.2 → d4cc65f -- google.golang.org/api: v0.20.0 → v0.46.0 -- google.golang.org/appengine: v1.6.5 → v1.6.7 -- google.golang.org/genproto: f16073e → fe13028 -- google.golang.org/grpc: v1.38.0 → v1.40.0 -- google.golang.org/protobuf: v1.26.0 → v1.27.1 -- gopkg.in/ini.v1: v1.51.0 → v1.62.0 -- honnef.co/go/tools: v0.0.1-2020.1.3 → v0.0.1-2020.1.4 -- k8s.io/gengo: b6c5ce2 → 485abfe -- k8s.io/klog/v2: v2.9.0 → v2.30.0 -- k8s.io/kube-openapi: 9528897 → e816edb -- k8s.io/system-validators: v1.5.0 → v1.6.0 -- sigs.k8s.io/kustomize/api: v0.8.11 → v0.10.1 -- sigs.k8s.io/kustomize/cmd/config: v0.9.13 → v0.10.2 -- sigs.k8s.io/kustomize/kustomize/v4: v4.2.0 → v4.4.1 -- sigs.k8s.io/kustomize/kyaml: v0.11.0 → v0.13.0 -- golang.org/x/net: e898025 → 491a49a -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.25 → v0.0.27 -- sigs.k8s.io/structured-merge-diff/v4: v4.1.2 → v4.2.1 -- k8s.io/utils: cb0fa31 → 6203023 -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.27 → v0.0.30 -- github.com/google/cadvisor: [v0.43.0 → v0.43.1](https://github.com/google/cadvisor/compare/v0.43.0...v0.43.1) - -#### Removed -- cloud.google.com/go/datastore: v1.1.0 -- cloud.google.com/go/pubsub: v1.2.0 -- github.com/alecthomas/units: [f65c72e](https://github.com/alecthomas/units/tree/f65c72e) -- github.com/coreos/bbolt: [v1.3.2](https://github.com/coreos/bbolt/tree/v1.3.2) -- github.com/coreos/etcd: [v3.3.13+incompatible](https://github.com/coreos/etcd/tree/v3.3.13) -- github.com/coreos/go-systemd: [95778df](https://github.com/coreos/go-systemd/tree/95778df) -- github.com/coreos/pkg: [399ea9e](https://github.com/coreos/pkg/tree/399ea9e) -- github.com/dgrijalva/jwt-go: [v3.2.0+incompatible](https://github.com/dgrijalva/jwt-go/tree/v3.2.0) -- github.com/google/martian: [v2.1.0+incompatible](https://github.com/google/martian/tree/v2.1.0) -- github.com/jpillora/backoff: [v1.0.0](https://github.com/jpillora/backoff/tree/v1.0.0) -- gotest.tools: v2.2.0+incompatible - -### aws-operator [13.0.0-alpha2](https://github.com/giantswarm/aws-operator/releases/tag/v13.0.0-alpha2) - -Upgraded from 11.16.0. - -Please refer to the [changelog](https://github.com/giantswarm/aws-operator/blob/master/CHANGELOG.md) for all details. - - -### etcd [3.5.4](https://github.com/etcd-io/etcd/releases/tag/v3.5.4) - -Upgraded from 3.4.18. - -This is a minor release bump, bringing several security and bug fixes and important performance improvements. - -Please refer to the [official changelog](https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md#v354-2022-04-24) and [the announcement blog post](https://etcd.io/blog/2021/announcing-etcd-3.5/) for all details. - - -### app-operator [6.3.0](https://github.com/giantswarm/app-operator/releases/tag/v6.3.0) - -#### Added -- If no userconfig configmap or secret reference is specified but one is found following the default naming convention (`*-user-values` / `*-user-secrets`) then the App resource is updated to reference the found configmap/secret. - - - -### cluster-operator [4.4.0](https://github.com/giantswarm/cluster-operator/releases/tag/v4.4.0) - -#### Changed -- Set `chartOperator.cni.install` to true to allow installing CNI as app. - - - -### aws-ebs-csi-driver [2.16.1](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.16.1) - -#### Fixed -- Changing controller `httpEndpoint` to `8610` because of overlapping ports. - - - -### coredns [1.11.0](https://github.com/giantswarm/coredns-app/releases/tag/v1.11.0) - -#### Changed -- Update `coredns` to upstream version [1.9.3](https://coredns.io/2022/05/27/coredns-1.9.3-release/). - - - -### cluster-autoscaler [1.23.1](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/1.23.1) - -Upgraded from 1.22.2-gs7 to support newer kubernetes version. - -Please refer to the [changelog](https://github.com/giantswarm/cluster-autoscaler-app/blob/master/CHANGELOG.md). - - - -### metrics-server [1.8.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v1.8.0) - -#### Changed -- Updated metrics-server version to 0.6.1. - - - -### vertical-pod-autoscaler [2.4.2](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v2.4.2) - -### Changed - -- Change default webhook timeout to 5 seconds - -### Fixed - -- Correct selector in admission controller PDB - - -### aws-cloud-controller-manager [1.23.1-gs2](https://github.com/giantswarm/aws-cloud-controller-manager-app/releases/tag/v1.23.2-gs2) - -This app was not present in previous release. - - -### cilium [0.2.6](https://github.com/giantswarm/cilium-app/releases/tag/v0.2.6) - -Cilium is now the CNI in place of calico and AWS-cni. - - -### chart-operator [2.26.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.26.0) - -#### Changed -- Use `127.0.0.1` as KUBERNETES_SERVICE_HOST when `bootstrapMode` is enabled. - -### cert-manager [2.15.2](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.15.2) - -#### Fixed - -- RBAC for `cmctl upgrade migrate-api-version` ([#249](https://github.com/giantswarm/cert-manager-app/pull/249)). diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.0.md deleted file mode 100644 index e480131165..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.0.md +++ /dev/null @@ -1,824 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.0.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.0.0 - version: 18.0.0 - version_tag: v18.0.0 -date: '2022-08-18T07:24:06' -description: Release notes for AWS workload cluster release v18.0.0, published on - 18 August 2022, 07:24. -title: Workload cluster release v18.0.0 for AWS ---- - -This release provides support for Kubernetes 1.23, replaces the use of AWS CNI with Cilium and upgrades most components. CloudFront and a private S3 bucket are now used by IRSA in non-China regions. - -> **_Warning:_** The AWS CNI pod subnets are no longer used by Cilium. Please add custom routes with the node subnet(s) CIDR(s) instead of the AWS CNI pod subnets CIDR before upgrading to this release. - -***Cilium highlights*** -- [Network Policy](https://docs.cilium.io/en/stable/concepts/kubernetes/policy/#networkpolicy-state) provided by Cilium does not cover support for setting [ipBlock with Pod IP](https://github.com/cilium/cilium/issues/9209). Components in need of this will have to use [CiliumNetworkPolicy](https://docs.cilium.io/en/stable/concepts/kubernetes/policy/#ciliumnetworkpolicy) which has wider scope. -- The AWS CNI pod subnets are no longer used by Cilium. Please add custom routes with the node subnet(s) CIDR(s) instead of the AWS CNI pod subnets CIDR before upgrading to this release. - -***IRSA highlights*** -- Please read the [updated documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/) -- Prior to upgrades please reach out to your Account Engineer and GiantSwarm team will help you in seemless migration if you have already enabled IRSA. -- Please remember to adapt the IAM policies prior to upgrade as specified in the [documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/) - -## Change details - -### containerlinux [3227.2.1](https://www.flatcar-linux.org/releases/#release-3227.2.1) - -New Stable Release 3227.2.1 - -Changes since Stable 3227.2.0 - -#### Security fixes: - -- Linux ([CVE-2022-23816](https://nvd.nist.gov/vuln/detail/CVE-2022-23816), [CVE-2022-23825](https://nvd.nist.gov/vuln/detail/CVE-2022-23825), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901)) - -#### Bug fixes: - -- Added support for Openstack for cloud-init activation ([flatcar-linux/init#76](https://github.com/flatcar-linux/init/pull/76)) -- Excluded Wireguard interface from `systemd-networkd` default management ([Flatcar#808](https://github.com/flatcar-linux/Flatcar/issues/808)) -- Fixed `/etc/resolv.conf` symlink by pointing it at `resolv.conf` instead of `stub-resolv.conf`. This bug was present since the update to systemd v250 ([coreos-overlay#2057](https://github.com/flatcar-linux/coreos-overlay/pull/2057)) -- Fixed excluded interface type from default systemd-networkd configuration ([flatcar-linux/init#78](https://github.com/flatcar-linux/init/pull/78)) -- Fixed space escaping in the `networkd` Ignition translation ([Flatcar#812](https://github.com/flatcar-linux/Flatcar/issues/812)) - -#### Updates: - -- Linux ([5.15.58](https://lwn.net/Articles/902917) (includes [5.15.57](https://lwn.net/Articles/902317), [5.15.56](https://lwn.net/Articles/902101))) -- ca-certificates ([3.81](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_81.html)) - -### kubernetes [1.23.9](https://github.com/kubernetes/kubernetes/releases/tag/v1.23.9) - -Upgraded from version 1.22. Please refer to the [official changelog](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md) for all details. - -#### What's New (Major Themes) - -##### Deprecation of FlexVolume - -FlexVolume is deprecated. Out-of-tree CSI driver is the recommended way to write volume drivers in Kubernetes. -See [this doc](https://github.com/kubernetes/community/blob/master/sig-storage/volume-plugin-faq.md#kubernetes-volume-plugin-faq-for-storage-vendors) for more information. -Maintainers of FlexVolume drivers should implement a CSI driver and move users of FlexVolume to CSI. -Users of FlexVolume should move their workloads to CSI driver. - -##### Deprecation of klog specific flags - -To simplify the code base, several [logging flags got marked as deprecated](https://kubernetes.io/docs/concepts/cluster-administration/system-logs/#klog) in Kubernetes 1.23. -The code which implements them will be removed in a future release, so users of those need to start replacing the deprecated flags with some alternative solutions. - -##### Software Supply Chain SLSA Level 1 Compliance in the Kubernetes Release Process - -Kubernetes releases are now generating provenance attestation files describing the staging and release phases of the release process and artifacts are verified as they are handed over from one phase to the next. -This final piece completes the work needed to comply with Level 1 of the [SLSA security framework](https://slsa.dev/) (Supply-chain Levels for Software Artifacts). - -##### IPv4/IPv6 Dual-stack Networking graduates to GA - -[IPv4/IPv6 dual-stack networking](https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/563-dual-stack) graduates to GA. -Since 1.21, Kubernetes clusters are enabled to support dual-stack networking by default. -In 1.23, the `IPv6DualStack` feature gate is removed. -The use of dual-stack networking is not mandatory. -Although clusters are enabled to support dual-stack networking, Pods and Services continue to default to single-stack. -To use dual-stack networking: Kubernetes nodes have routable IPv4/IPv6 network interfaces, a dual-stack capable CNI network plugin is used, Pods are configured to be dual-stack and Services have their `.spec.ipFamilyPolicy` field set to either `PreferDualStack` or `RequireDualStack`. - -##### HorizontalPodAutoscaler v2 graduates to GA - -Version 2 of the HorizontalPodAutoscaler API graduates to stable in the 1.23 release. The HorizontalPodAutoscaler `autoscaling/v2beta2` API is deprecated in favor of the new `autoscaling/v2` API, which the Kubernetes project recommends for all use cases. - -This release does *not* deprecate the v1 HorizontalPodAutoscaler API. - -##### Generic Ephemeral Volume feature graduates to GA - -The generic ephemeral volume feature moved to GA in 1.23. -This feature allows any existing storage driver that supports dynamic provisioning to be used as an ephemeral volume with the volume’s lifecycle bound to the Pod. -All StorageClass parameters for volume provisioning and all features supported with PersistentVolumeClaims are supported. - -##### Skip Volume Ownership change graduates to GA - -The feature to configure volume permission and ownership change policy for Pods moved to GA in 1.23. -This allows users to skip recursive permission changes on mount and speeds up the pod start up time. - -##### Allow CSI drivers to opt-in to volume ownership and permission change graduates to GA - -The feature to allow CSI Drivers to declare support for fsGroup based permissions graduates to GA in 1.23. - -##### PodSecurity graduates to Beta - -[PodSecurity](https://kubernetes.io/docs/concepts/security/pod-security-admission/) moves to Beta. -`PodSecurity` replaces the deprecated `PodSecurityPolicy` admission controller. -`PodSecurity` is an admission controller that enforces Pod Security Standards on Pods in a Namespace based on specific namespace labels that set the enforcement level. -In 1.23, the `PodSecurity` feature gate is enabled by default. - -##### Container Runtime Interface (CRI) v1 is default - -The Kubelet now supports the CRI `v1` API, which is now the project-wide default. -If a container runtime does not support the `v1` API, Kubernetes will fall back to the `v1alpha2` implementation. -There is no intermediate action required by end-users, because `v1` and `v1alpha2` do not differ in their implementation. -It is likely that `v1alpha2` will be removed in one of the future Kubernetes releases to be able to develop `v1`. - -##### Structured logging graduate to Beta - -Structured logging reached its Beta milestone. Most log messages from kubelet and kube-scheduler have been converted. Users are encouraged to try out JSON output or parsing of the structured text format and provide feedback on possible solutions for the open issues, such as handling of multi-line strings in log values. - -##### Simplified Multi-point plugin configuration for scheduler - -The kube-scheduler is adding a new, simplified config field for Plugins to allow multiple extension points to be enabled in one spot. -The new `multiPoint` plugin field is intended to simplify most scheduler setups for administrators. -Plugins that are enabled via `multiPoint` will automatically be registered for each individual extension point that they implement. -For example, a plugin that implements Score and Filter extensions can be simultaneously enabled for both. -This means entire plugins can be enabled and disabled without having to manually edit individual extension point settings. -These extension points can now be abstracted away due to their irrelevance for most users. - -##### CSI Migration updates - -CSI Migration enables the replacement of existing in-tree storage plugins such as `kubernetes.io/gce-pd` or `kubernetes.io/aws-ebs` with a corresponding CSI driver. -If CSI Migration is working properly, Kubernetes end users shouldn’t notice a difference. -After migration, Kubernetes users may continue to rely on all the functionality of in-tree storage plugins using the existing interface. -- CSI Migration feature is turned on by default but stays in Beta for GCE PD, AWS EBS, and Azure Disk in 1.23. -- CSI Migration is introduced as an Alpha feature for Ceph RBD and Portworx in 1.23. - -#### Urgent Upgrade Notes - -##### (No, really, you MUST read this before you upgrade) - -- Kubeadm: remove the deprecated flag `--experimental-patches` for the `init|join|upgrade` commands. The flag `--patches` is no longer allowed in a mixture with the flag `--config`. Please use the kubeadm configuration for setting patches for a node using `{Init|Join}Configuration.patches`. ([#104065](https://github.com/kubernetes/kubernetes/pull/104065), [@pacoxu](https://github.com/pacoxu)) - - Log messages in JSON format are written to stderr by default now (same as text format) instead of stdout. Users who expected JSON output on stdout must now capture stderr instead or in addition to stdout. ([#106146](https://github.com/kubernetes/kubernetes/pull/106146), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture, Cluster Lifecycle and Instrumentation] - - Support for the seccomp annotations `seccomp.security.alpha.kubernetes.io/pod` and `container.seccomp.security.alpha.kubernetes.io/[name]` has been deprecated since 1.19, will be dropped in 1.25. Transition to using the `seccompProfile` API field. ([#104389](https://github.com/kubernetes/kubernetes/pull/104389), [@saschagrunert](https://github.com/saschagrunert)) - - [kube-log-runner](https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/component-base/logs/kube-log-runner) is included in release tar balls. It can be used to replace the deprecated `--log-file` parameter. ([#106123](https://github.com/kubernetes/kubernetes/pull/106123), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture, Cloud Provider, Cluster Lifecycle and Instrumentation] - - Kubernetes is built using golang 1.17. This version of go removes the ability to use a `GODEBUG=x509ignoreCN=0` environment setting to re-enable deprecated legacy behavior of treating the CommonName of X.509 serving certificates as a host name. This behavior has been disabled by default since Kubernetes 1.19 / go 1.15. Serving certificates used by admission webhooks, custom resource conversion webhooks, and aggregated API servers must now include valid Subject Alternative Names. If you are running Kubernetes 1.22 with `GODEBUG=x509ignoreCN=0` set, check the `apiserver_kube_aggregator_x509_missing_san_total` and `apiserver_webhooks_x509_missing_san_total` metrics for non-zero values to see if the API server is connecting to webhooks or aggregated API servers using certificates that will be considered invalid in Kubernetes 1.23+. - -#### Known Issues - -##### Etcd v3.5.[0-2] data corruption - -Data corruption issue was found in etcd v3.5.0 release that was shipped with 1.22 Kubernetes release. Please read up-to-date [production recommendations for etcd](https://github.com/etcd-io/etcd/tree/main/CHANGELOG). - -##### Deprecation - -- A deprecation notice has been added when using the kube-proxy userspace proxier, which will be removed in v1.25. (#103860) ([#104631](https://github.com/kubernetes/kubernetes/pull/104631), [@perithompson](https://github.com/perithompson)) -- Added `apiserver_longrunning_requests` metric to replace the soon to be deprecated `apiserver_longrunning_gauge` metric. ([#103799](https://github.com/kubernetes/kubernetes/pull/103799), [@jyz0309](https://github.com/jyz0309)) -- Controller-manager: the following flags have no effect and would be removed in v1.24: - - `--port` - - `--address` - The insecure port flags `--port` may only be set to 0 now. -- Kube-scheduler: the `--port` and `--address` flags have no effect and would be removed in v1.24. - The insecure port flags `--port` may only be set to 0 now. - Also `metricsBindAddress` and `healthzBindAddress` fields from `kubescheduler.config.k8s.io/v1beta1` are no-op and expected to be empty. Removed in `kubescheduler.config.k8s.io/v1beta2` completely. ([#96345](https://github.com/kubernetes/kubernetes/pull/96345), [@ingvagabund](https://github.com/ingvagabund)) - In addition, please be careful that: - - kube-scheduler MUST start with `--authorization-kubeconfig` and `--authentication-kubeconfig` correctly set to get authentication/authorization working. - - liveness/readiness probes to kube-scheduler MUST use HTTPS now, and the default port has been changed to 10259. - - Applications that fetch metrics from kube-scheduler should use a dedicated service account which is allowed to access nonResourceURLs `/metrics`. ([#96345](https://github.com/kubernetes/kubernetes/pull/96345), [@ingvagabund](https://github.com/ingvagabund)) [SIG Cloud Provider, Scheduling and Testing] -- Feature-gate `VolumeSubpath` has been deprecated and cannot be disabled. It will be completely removed in 1.25 ([#105474](https://github.com/kubernetes/kubernetes/pull/105474), [@mauriciopoppe](https://github.com/mauriciopoppe)) -- Kubeadm: add a new `output/v1alpha2` API that is identical to the `output/v1alpha1`, but attempts to resolve some internal dependencies with the `kubeadm/v1beta2` API. The `output/v1alpha1` API is now deprecated and will be removed in a future release. ([#105295](https://github.com/kubernetes/kubernetes/pull/105295), [@neolit123](https://github.com/neolit123)) -- Kubeadm: add the kubeadm specific, Alpha (disabled by default) feature gate UnversionedKubeletConfigMap. When this feature is enabled kubeadm will start using a new naming format for the ConfigMap where it stores the KubeletConfiguration structure. The old format included the Kubernetes version - "kube-system/kubelet-config-1.22", while the new format does not - "kube-system/kubelet-config". A similar formatting change is done for the related RBAC rules. The old format is now DEPRECATED and will be removed after the feature graduates to GA. When writing the ConfigMap kubeadm (init, upgrade apply) will respect the value of UnversionedKubeletConfigMap, while when reading it (join, reset, upgrade), it would attempt to use new format first and fallback to the legacy format if needed. ([#105741](https://github.com/kubernetes/kubernetes/pull/105741), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Testing] -- Kubeadm: remove the deprecated / NO-OP phase `update-cluster-status` in `kubeadm reset` ([#105888](https://github.com/kubernetes/kubernetes/pull/105888), [@neolit123](https://github.com/neolit123)) -- Remove 'master' as a valid EgressSelection type in the EgressSelectorConfiguration API. ([#102242](https://github.com/kubernetes/kubernetes/pull/102242), [@pacoxu](https://github.com/pacoxu)) -- Removed `kubectl --dry-run` empty default value and boolean values. `kubectl --dry-run` usage must be specified with `--dry-run=(server|client|none)`. ([#105327](https://github.com/kubernetes/kubernetes/pull/105327), [@julianvmodesto](https://github.com/julianvmodesto)) -- Removed deprecated metric `scheduler_volume_scheduling_duration_seconds`. ([#104518](https://github.com/kubernetes/kubernetes/pull/104518), [@dntosas](https://github.com/dntosas)) -- The deprecated `--experimental-bootstrap-kubeconfig` flag has been removed. - This can be set via `--bootstrap-kubeconfig`. ([#103172](https://github.com/kubernetes/kubernetes/pull/103172), [@niulechuan](https://github.com/niulechuan)) - -#### API Change - -- A new field `omitManagedFields` has been added to both `audit.Policy` and `audit.PolicyRule` - so cluster operators can opt in to omit managed fields of the request and response bodies from - being written to the API audit log. ([#94986](https://github.com/kubernetes/kubernetes/pull/94986), [@tkashem](https://github.com/tkashem)) [SIG API Machinery, Auth, Cloud Provider and Testing] -- A small regression in Service updates was fixed. The circumstances are so unlikely that probably nobody would ever hit it. ([#104601](https://github.com/kubernetes/kubernetes/pull/104601), [@thockin](https://github.com/thockin)) -- Added a feature gate `StatefulSetAutoDeletePVC`, which allows PVCs automatically created for StatefulSet pods to be automatically deleted. ([#99728](https://github.com/kubernetes/kubernetes/pull/99728), [@mattcary](https://github.com/mattcary)) -- Client-go impersonation config can specify a UID to pass impersonated uid information through in requests. ([#104483](https://github.com/kubernetes/kubernetes/pull/104483), [@margocrawf](https://github.com/margocrawf)) -- Create HPA v2 from v2beta2 with some fields changed. ([#102534](https://github.com/kubernetes/kubernetes/pull/102534), [@wangyysde](https://github.com/wangyysde)) [SIG API Machinery, Apps, Auth, Autoscaling and Testing] -- Ephemeral containers graduated to beta and are now available by default. ([#105405](https://github.com/kubernetes/kubernetes/pull/105405), [@verb](https://github.com/verb)) -- Fix kube-proxy regression on UDP services because the logic to detect stale connections was not considering if the endpoint was ready. ([#106163](https://github.com/kubernetes/kubernetes/pull/106163), [@aojea](https://github.com/aojea)) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Contributor Experience, Instrumentation, Network, Node, Release, Scalability, Scheduling, Storage, Testing and Windows] -- If a conflict occurs when creating an object with `generateName`, the server now returns an "AlreadyExists" error with a retry option. ([#104699](https://github.com/kubernetes/kubernetes/pull/104699), [@vincepri](https://github.com/vincepri)) -- Implement support for recovering from volume expansion failures ([#106154](https://github.com/kubernetes/kubernetes/pull/106154), [@gnufied](https://github.com/gnufied)) [SIG API Machinery, Apps and Storage] -- In kubelet, log verbosity and flush frequency can also be configured via the configuration file and not just via command line flags. In other commands (kube-apiserver, kube-controller-manager), the flags are listed in the "Logs flags" group and not under "Global" or "Misc". The type for `-vmodule` was made a bit more descriptive (`pattern=N,...` instead of `moduleSpec`). ([#106090](https://github.com/kubernetes/kubernetes/pull/106090), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture, CLI, Cluster Lifecycle, Instrumentation, Node and Scheduling] -- Introduce `OS` field in the PodSpec ([#104693](https://github.com/kubernetes/kubernetes/pull/104693), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Introduce `v1beta3` API for scheduler. This version - - increases the weight of user specifiable priorities. - The weights of following priority plugins are increased - - `TaintTolerations` to 3 - as leveraging node tainting to group nodes in the cluster is becoming a widely-adopted practice - - `NodeAffinity` to 2 - - `InterPodAffinity` to 2 - - - Won't have `HealthzBindAddress`, `MetricsBindAddress` fields ([#104251](https://github.com/kubernetes/kubernetes/pull/104251), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Introduce v1beta2 for Priority and Fairness with no changes in API spec. ([#104399](https://github.com/kubernetes/kubernetes/pull/104399), [@tkashem](https://github.com/tkashem)) -- JSON log output is configurable and now supports writing info messages to stdout and error messages to stderr. Info messages can be buffered in memory. The default is to write both to stdout without buffering, as before. ([#104873](https://github.com/kubernetes/kubernetes/pull/104873), [@pohly](https://github.com/pohly)) -- JobTrackingWithFinalizers graduates to beta. Feature is enabled by default. ([#105687](https://github.com/kubernetes/kubernetes/pull/105687), [@alculquicondor](https://github.com/alculquicondor)) -- Kube-apiserver: Fixes handling of CRD schemas containing literal null values in enums. ([#104969](https://github.com/kubernetes/kubernetes/pull/104969), [@liggitt](https://github.com/liggitt)) -- Kube-apiserver: The `rbac.authorization.k8s.io/v1alpha1` API version is removed; use the `rbac.authorization.k8s.io/v1` API, available since v1.8. The `scheduling.k8s.io/v1alpha1` API version is removed; use the `scheduling.k8s.io/v1` API, available since v1.14. ([#104248](https://github.com/kubernetes/kubernetes/pull/104248), [@liggitt](https://github.com/liggitt)) -- Kube-scheduler: support for configuration file version `v1beta1` is removed. Update configuration files to v1beta2(xref: https://github.com/kubernetes/enhancements/issues/2901) or v1beta3 before upgrading to 1.23. ([#104782](https://github.com/kubernetes/kubernetes/pull/104782), [@kerthcet](https://github.com/kerthcet)) -- KubeSchedulerConfiguration provides a new field `MultiPoint` which will register a plugin for all valid extension points ([#105611](https://github.com/kubernetes/kubernetes/pull/105611), [@damemi](https://github.com/damemi)) [SIG Scheduling and Testing] -- Kubelet should reject pods whose OS doesn't match the node's OS label. ([#105292](https://github.com/kubernetes/kubernetes/pull/105292), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Apps and Node] -- Kubelet: turn the KubeletConfiguration v1beta1 `ResolverConfig` field from a `string` to `*string`. ([#104624](https://github.com/kubernetes/kubernetes/pull/104624), [@Haleygo](https://github.com/Haleygo)) -- Kubernetes is now built using go 1.17. ([#103692](https://github.com/kubernetes/kubernetes/pull/103692), [@justaugustus](https://github.com/justaugustus)) -- Performs strict server side schema validation requests via the `fieldValidation=[Strict,Warn,Ignore]`. ([#105916](https://github.com/kubernetes/kubernetes/pull/105916), [@kevindelgado](https://github.com/kevindelgado)) -- Promote `IPv6DualStack` feature to stable. - Controller Manager flags for the node IPAM controller have slightly changed: - 1. When configuring a dual-stack cluster, the user must specify both `--node-cidr-mask-size-ipv4` and `--node-cidr-mask-size-ipv6` to set the per-node IP mask sizes, instead of the previous `--node-cidr-mask-size` flag. - 2. The `--node-cidr-mask-size` flag is mutually exclusive with `--node-cidr-mask-size-ipv4` and `--node-cidr-mask-size-ipv6`. - 3. Single-stack clusters do not need to change, but may choose to use the more specific flags. Users can use either the older `--node-cidr-mask-size` flag or one of the newer `--node-cidr-mask-size-ipv4` or `--node-cidr-mask-size-ipv6` flags to configure the per-node IP mask size, provided that the flag's IP family matches the cluster's IP family (--cluster-cidr). ([#104691](https://github.com/kubernetes/kubernetes/pull/104691), [@khenidak](https://github.com/khenidak)) -- Remove `NodeLease` feature gate that was graduated and locked to stable in 1.17 release. ([#105222](https://github.com/kubernetes/kubernetes/pull/105222), [@cyclinder](https://github.com/cyclinder)) -- Removed deprecated `--seccomp-profile-root`/`seccompProfileRoot` config. ([#103941](https://github.com/kubernetes/kubernetes/pull/103941), [@saschagrunert](https://github.com/saschagrunert)) -- Since golang 1.17 both net.ParseIP and net.ParseCIDR rejects leading zeros in the dot-decimal notation of IPv4 addresses, - Kubernetes will keep allowing leading zeros on IPv4 address to not break the compatibility. - IMPORTANT: Kubernetes interprets leading zeros on IPv4 addresses as decimal, users must not rely on parser alignment to not being impacted by the associated security advisory: - CVE-2021-29923 golang standard library "net" - Improper Input Validation of octal literals in golang 1.16.2 and below standard library "net" results in indeterminate SSRF & RFI vulnerabilities. - Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-29923 ([#104368](https://github.com/kubernetes/kubernetes/pull/104368), [@aojea](https://github.com/aojea)) -- StatefulSet `minReadySeconds` is promoted to beta. ([#104045](https://github.com/kubernetes/kubernetes/pull/104045), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Support pod priority based node graceful shutdown. ([#102915](https://github.com/kubernetes/kubernetes/pull/102915), [@wzshiming](https://github.com/wzshiming)) -- The "Generic Ephemeral Volume" feature graduates to GA. It is now enabled unconditionally. ([#105609](https://github.com/kubernetes/kubernetes/pull/105609), [@pohly](https://github.com/pohly)) -- The Kubelet's `--register-with-taints` option is now available via the Kubelet config file field registerWithTaints ([#105437](https://github.com/kubernetes/kubernetes/pull/105437), [@cmssczy](https://github.com/cmssczy)) [SIG Node and Scalability] -- The `CSIDriver.Spec.StorageCapacity` can now be modified. ([#101789](https://github.com/kubernetes/kubernetes/pull/101789), [@pohly](https://github.com/pohly)) -- The `CSIVolumeFSGroupPolicy` feature has moved from beta to GA. ([#105940](https://github.com/kubernetes/kubernetes/pull/105940), [@dobsonj](https://github.com/dobsonj)) -- The `IngressClass.Spec.Parameters.Namespace` field is now GA. ([#104636](https://github.com/kubernetes/kubernetes/pull/104636), [@hbagdi](https://github.com/hbagdi)) -- The `Service.spec.ipFamilyPolicy` field is now *required* in order to create or update a Service as dual-stack. This is a breaking change from the beta behavior. Previously the server would try to infer the value of that field from either `ipFamilies` or `clusterIPs`, but that caused ambiguity on updates. Users who want a dual-stack Service MUST specify `ipFamilyPolicy` as either "PreferDualStack" or "RequireDualStack". ([#96684](https://github.com/kubernetes/kubernetes/pull/96684), [@thockin](https://github.com/thockin)) -- The `TTLAfterFinished` feature gate is now GA and enabled by default. ([#105219](https://github.com/kubernetes/kubernetes/pull/105219), [@sahilvv](https://github.com/sahilvv)) -- The `kube-controller-manager` supports `--concurrent-ephemeralvolume-syncs` flag to set the number of ephemeral volume controller workers. ([#102981](https://github.com/kubernetes/kubernetes/pull/102981), [@SataQiu](https://github.com/SataQiu)) -- The legacy scheduler policy config is removed in v1.23, the associated flags `policy-config-file`, `policy-configmap`, `policy-configmap-namespace` and `use-legacy-policy-config` are also removed. Migrate to Component Config instead, see https://kubernetes.io/docs/reference/scheduling/config/ for details. ([#105424](https://github.com/kubernetes/kubernetes/pull/105424), [@kerthcet](https://github.com/kerthcet)) -- Track the number of Pods with a Ready condition in Job status. The feature is alpha and needs the feature gate JobReadyPods to be enabled. ([#104915](https://github.com/kubernetes/kubernetes/pull/104915), [@alculquicondor](https://github.com/alculquicondor)) -- Users of `LogFormatRegistry` in component-base must update their code to use the logr v1.0.0 API. The JSON log output now uses the format from go-logr/zapr (no `v` field for error messages, additional information for invalid calls) and has some fixes (correct source code location for warnings about invalid log calls). ([#104103](https://github.com/kubernetes/kubernetes/pull/104103), [@pohly](https://github.com/pohly)) -- Validation rules for Custom Resource Definitions can be written in the [CEL expression language](https://github.com/google/cel-spec) using the `x-kubernetes-validations` extension in OpenAPIv3 schemas (alpha). This is gated by the alpha "CustomResourceValidationExpressions" feature gate. ([#106051](https://github.com/kubernetes/kubernetes/pull/106051), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Storage and Testing] -- Fix OpenAPI serialization of the x-kubernetes-validations field ([#108030](https://github.com/kubernetes/kubernetes/pull/108030), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Fixes a regression in v1beta1 PodDisruptionBudget handling of "strategic merge patch"-type API requests for the `selector` field. Prior to 1.21, these requests would merge `matchLabels` content and replace `matchExpressions` content. In 1.21, patch requests touching the `selector` field started replacing the entire selector. This is consistent with server-side apply and the v1 PodDisruptionBudget behavior, but should not have been changed for v1beta1. ([#108139](https://github.com/kubernetes/kubernetes/pull/108139), [@liggitt](https://github.com/liggitt)) [SIG Auth and Testing] -- Omits alpha-level enums from the static openapi file captured in api/openapi-spec ([#109179](https://github.com/kubernetes/kubernetes/pull/109179), [@liggitt](https://github.com/liggitt)) [SIG Apps and Auth] -- Sets JobTrackingWithFinalizers, beta feature, as disabled by default, due to unresolved bug https://github.com/kubernetes/kubernetes/issues/109485 ([#109491](https://github.com/kubernetes/kubernetes/pull/109491), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps, Auth, CLI, Network, Node, Scheduling, Storage and Testing] - -#### Feature - -- (beta feature) If the CSI driver supports the NodeServiceCapability `VOLUME_MOUNT_GROUP` and the `DelegateFSGroupToCSIDriver` feature gate is enabled, kubelet will delegate applying FSGroup to the driver by passing it to NodeStageVolume and NodePublishVolume, regardless of what other FSGroup policies are set. ([#106330](https://github.com/kubernetes/kubernetes/pull/106330), [@verult](https://github.com/verult)) [SIG Storage] -- Add a new `distribute-cpus-across-numa` option to the static `CPUManager` policy. When enabled, this will trigger the `CPUManager` to evenly distribute CPUs across NUMA nodes in cases where more than one NUMA node is required to satisfy the allocation. ([#105631](https://github.com/kubernetes/kubernetes/pull/105631), [@klueska](https://github.com/klueska)) -- Add fish shell completion to kubectl. ([#92989](https://github.com/kubernetes/kubernetes/pull/92989), [@WLun001](https://github.com/WLun001)) -- Add mechanism to load simple sniffer class into fluentd-elasticsearch image ([#92853](https://github.com/kubernetes/kubernetes/pull/92853), [@cosmo0920](https://github.com/cosmo0920)) -- Add support for Portworx plugin to csi-translation-lib. Alpha release - - Portworx CSI driver is required to enable migration. - This PR adds support of the `CSIMigrationPortworx` feature gate, which can be enabled by: - - 1. Adding the feature flag to the kube-controller-manager `--feature-gates=CSIMigrationPortworx=true` - 2. Adding the feature flag to the kubelet config: - - featureGates: - CSIMigrationPortworx: true ([#103447](https://github.com/kubernetes/kubernetes/pull/103447), [@trierra](https://github.com/trierra)) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scalability, Scheduling, Storage, Testing and Windows] -- Add support to generate client-side binaries for windows/arm64 platform ([#104894](https://github.com/kubernetes/kubernetes/pull/104894), [@pacoxu](https://github.com/pacoxu)) -- Added PowerShell completion generation by running `kubectl completion powershell`. ([#103758](https://github.com/kubernetes/kubernetes/pull/103758), [@zikhan](https://github.com/zikhan)) -- Added a `Processing` condition for the `workqueue` API. - Changed `Shutdown` for the `workqueue` API to wait until the work queue finishes processing all in-flight items. ([#101928](https://github.com/kubernetes/kubernetes/pull/101928), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) -- Added a new feature gate `CustomResourceValidationExpressions` to enable expression validation for Custom Resource. ([#105107](https://github.com/kubernetes/kubernetes/pull/105107), [@cici37](https://github.com/cici37)) -- Added a new flag `--append-server-path` to `kubectl proxy` that will automatically append the kube context server path to each request. ([#97350](https://github.com/kubernetes/kubernetes/pull/97350), [@FabianKramm](https://github.com/FabianKramm)) -- Added ability for `kubectl wait` to wait on arbitary JSON path ([#105776](https://github.com/kubernetes/kubernetes/pull/105776), [@lauchokyip](https://github.com/lauchokyip)) -- Added support for `PodAndContainerStatsFromCRI` feature gate, which allows a user to specify their pod stats must also come from the CRI, not `cAdvisor`. ([#103095](https://github.com/kubernetes/kubernetes/pull/103095), [@haircommander](https://github.com/haircommander)) -- Added support for setting controller-manager log level online. ([#104571](https://github.com/kubernetes/kubernetes/pull/104571), [@h4ghhh](https://github.com/h4ghhh)) -- Added the ability to specify whether to use an RFC7396 JSON Merge Patch, an RFC6902 JSON Patch, or a Strategic Merge Patch to perform an override of the resources created by `kubectl run` and `kubectl expose`. ([#105140](https://github.com/kubernetes/kubernetes/pull/105140), [@brianpursley](https://github.com/brianpursley)) -- Adding option for `kubectl cp` to resume on network errors until completion, requires tar in addition to tail inside the container image ([#104792](https://github.com/kubernetes/kubernetes/pull/104792), [@matthyx](https://github.com/matthyx)) -- Adding support for multiple `--from-env-file flags`. ([#104232](https://github.com/kubernetes/kubernetes/pull/104232), [@lauchokyip](https://github.com/lauchokyip)) -- Adding support for multiple `--from-env-file` flags. ([#101646](https://github.com/kubernetes/kubernetes/pull/101646), [@lauchokyip](https://github.com/lauchokyip)) -- Adds `--as-uid` flag to `kubectl` to allow uid impersonation in the same way as user and group impersonation. ([#105794](https://github.com/kubernetes/kubernetes/pull/105794), [@margocrawf](https://github.com/margocrawf)) -- Adds new [alpha] command 'kubectl events' ([#99557](https://github.com/kubernetes/kubernetes/pull/99557), [@bboreham](https://github.com/bboreham)) -- Allow node expansion of local volumes. ([#102886](https://github.com/kubernetes/kubernetes/pull/102886), [@gnufied](https://github.com/gnufied)) -- Allow to build kubernetes with a custom `kube-cross` image. ([#104185](https://github.com/kubernetes/kubernetes/pull/104185), [@dims](https://github.com/dims)) -- Allows users to prevent garbage collection on pinned images ([#103299](https://github.com/kubernetes/kubernetes/pull/103299), [@wgahnagl](https://github.com/wgahnagl)) [SIG Node] -- CRI v1 is now the project default. If a container runtime does not support the v1 API, Kubernetes will fall back to the v1alpha2 implementation. ([#106501](https://github.com/kubernetes/kubernetes/pull/106501), [@ehashman](https://github.com/ehashman)) -- Changed feature `CSIMigrationAWS` to on by default. This feature requires the AWS EBS CSI driver to be installed. ([#106098](https://github.com/kubernetes/kubernetes/pull/106098), [@wongma7](https://github.com/wongma7)) -- Client-go: pass `DeleteOptions` down to the fake client `Reactor` ([#102945](https://github.com/kubernetes/kubernetes/pull/102945), [@chenchun](https://github.com/chenchun)) -- Cloud providers can set service account names for cloud controllers. ([#103178](https://github.com/kubernetes/kubernetes/pull/103178), [@nckturner](https://github.com/nckturner)) -- Display Labels when kubectl describe ingress. ([#103894](https://github.com/kubernetes/kubernetes/pull/103894), [@kabab](https://github.com/kabab)) -- Enhance scheduler `VolumeBinding` plugin to handle Lost PVC as `UnschedulableAndUnresolvable` ([#105245](https://github.com/kubernetes/kubernetes/pull/105245), [@yibozhuang](https://github.com/yibozhuang)) -- Ensures that volume is deleted from the storage backend when the user tries to delete the PV object manually and the PV `ReclaimPolicy` is set to `Delete`. ([#105773](https://github.com/kubernetes/kubernetes/pull/105773), [@deepakkinni](https://github.com/deepakkinni)) -- Expose a `NewUnstructuredExtractor` from apply configurations `meta/v1` package that enables extracting objects into unstructured apply configurations. ([#103564](https://github.com/kubernetes/kubernetes/pull/103564), [@kevindelgado](https://github.com/kevindelgado)) -- Feature gate `StorageObjectInUseProtection` has been deprecated and cannot be disabled. It will be completely removed in 1.25 ([#105495](https://github.com/kubernetes/kubernetes/pull/105495), [@ikeeip](https://github.com/ikeeip)) -- Graduating `controller_admission_duration_seconds`, `step_admission_duration_seconds`, `webhook_admission_duration_seconds`, `apiserver_current_inflight_requests` and `apiserver_response_sizes` metrics to stable. ([#106122](https://github.com/kubernetes/kubernetes/pull/106122), [@rezakrimi](https://github.com/rezakrimi)) [SIG API Machinery, Instrumentation and Testing] -- Graduating `pending_pods`, `preemption_attempts_total`, `preemption_victims` and `schedule_attempts_total` metrics to stable. Also `e2e_scheduling_duration_seconds` is renamed to `scheduling_attempt_duration_seconds` and the latter is graduated to stable. ([#105941](https://github.com/kubernetes/kubernetes/pull/105941), [@rezakrimi](https://github.com/rezakrimi)) [SIG Instrumentation, Scheduling and Testing] -- Health check of kube-controller-manager now includes each controller. ([#104667](https://github.com/kubernetes/kubernetes/pull/104667), [@jiahuif](https://github.com/jiahuif)) -- Integration testing now takes periodic Prometheus scrapes from the etcd server. - There is a new script ,`hack/run-prometheus-on-etcd-scrapes.sh`, that runs a containerized Prometheus server against an archive of such scrapes. ([#106190](https://github.com/kubernetes/kubernetes/pull/106190), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery and Testing] -- Introduce a feature gate `DisableKubeletCloudCredentialProviders` which allows disabling the in-tree kubelet credential providers. - - The feature gate `DisableKubeletCloudCredentialProviders` is currently in Alpha, which means is currently disabled by default. Once this feature gate moves to beta, in-tree credential providers will be disabled by default, and users will need to migrate to use external credential providers. ([#102507](https://github.com/kubernetes/kubernetes/pull/102507), [@ostrain](https://github.com/ostrain)) -- Introduces a new metric: `admission_webhook_request_total` with the following labels: name (string) - the webhook name, type (string) - the admission type, operation (string) - the requested verb, code (int) - the HTTP status code, rejected (bool) - whether the request was rejected, namespace (string) - the namespace of the requested resource. ([#103162](https://github.com/kubernetes/kubernetes/pull/103162), [@rmoriar1](https://github.com/rmoriar1)) -- Kubeadm: add support for dry running `kubeadm join`. The new flag `kubeadm join --dry-run` is similar to the existing flag for `kubeadm init/upgrade` and allows you to see what changes would be applied. ([#103027](https://github.com/kubernetes/kubernetes/pull/103027), [@Haleygo](https://github.com/Haleygo)) -- Kubeadm: do not check if the `/etc/kubernetes/manifests` folder is empty on joining worker nodes during preflight ([#104942](https://github.com/kubernetes/kubernetes/pull/104942), [@SataQiu](https://github.com/SataQiu)) -- Kubectl will now provide shell completion choices for the `--output/-o` flag ([#105851](https://github.com/kubernetes/kubernetes/pull/105851), [@marckhouzam](https://github.com/marckhouzam)) -- Kubelet should reconcile `kubernetes.io/os` and `kubernetes.io/arch` labels on the node object. The side-effect of this is kubelet would deny admission to pod which has nodeSelector with label `kubernetes.io/os` or `kubernetes.io/arch` which doesn't match the underlying OS or arch on the host OS. - - The label reconciliation happens as part of periodic status update which can be configured via flag `--node-status-update-frequency` ([#104613](https://github.com/kubernetes/kubernetes/pull/104613), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Node, Testing and Windows] -- Kubernetes is now built with Golang 1.16.7. ([#104199](https://github.com/kubernetes/kubernetes/pull/104199), [@cpanato](https://github.com/cpanato)) -- Kubernetes is now built with Golang 1.17.1. ([#104904](https://github.com/kubernetes/kubernetes/pull/104904), [@cpanato](https://github.com/cpanato)) -- Kubernetes is now built with Golang 1.17.2 ([#105563](https://github.com/kubernetes/kubernetes/pull/105563), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Kubernetes is now built with Golang 1.17.3 ([#106209](https://github.com/kubernetes/kubernetes/pull/106209), [@cpanato](https://github.com/cpanato)) [SIG API Machinery, Cloud Provider, Instrumentation, Release and Testing] -- Move `ConfigurableFSGroupPolicy` to GA and rename metric `volume_fsgroup_recursive_apply` to `volume_apply_access_control` ([#105885](https://github.com/kubernetes/kubernetes/pull/105885), [@gnufied](https://github.com/gnufied)) -- Move the `GetAllocatableResources` Endpoint in PodResource API to the beta that will make it enabled by default. ([#105003](https://github.com/kubernetes/kubernetes/pull/105003), [@swatisehgal](https://github.com/swatisehgal)) -- Moving `WindowsHostProcessContainers` feature to beta ([#106058](https://github.com/kubernetes/kubernetes/pull/106058), [@marosset](https://github.com/marosset)) -- Node affinity, Node selectors, and tolerations are now mutable for Jobs that are suspended and have never been started ([#105479](https://github.com/kubernetes/kubernetes/pull/105479), [@ahg-g](https://github.com/ahg-g)) -- Pod template annotations and labels are now mutable for Jobs that are suspended and have never been started ([#105980](https://github.com/kubernetes/kubernetes/pull/105980), [@ahg-g](https://github.com/ahg-g)) -- PodSecurity: in 1.23+ restricted policy levels, Pods and containers which set `runAsUser=0` are forbidden at admission-time; previously, they would be rejected at runtime ([#105857](https://github.com/kubernetes/kubernetes/pull/105857), [@liggitt](https://github.com/liggitt)) -- Shell completion now knows to continue suggesting resource names when the command supports it. For example `kubectl get pod pod1 ` will suggest more Pod names. ([#105711](https://github.com/kubernetes/kubernetes/pull/105711), [@marckhouzam](https://github.com/marckhouzam)) -- Support to enable Hyper-V in GCE Windows Nodes created with `kube-up` ([#105999](https://github.com/kubernetes/kubernetes/pull/105999), [@mauriciopoppe](https://github.com/mauriciopoppe)) -- The CPUManager policy options are now enabled, and we introduce a graduation path for the new CPU Manager policy options. ([#105012](https://github.com/kubernetes/kubernetes/pull/105012), [@fromanirh](https://github.com/fromanirh)) -- The Pods and Pod controllers that are exempted from the PodSecurity admission process are now marked with the `pod-security.kubernetes.io/exempt: user/namespace/runtimeClass` annotation, based on what caused the exemption. - - The enforcement level that allowed or denied a Pod during PodSecurity admission is now marked by the `pod-security.kubernetes.io/enforce-policy` annotation. - - The annotation that informs about audit policy violations changed from `pod-security.kubernetes.io/audit` to `pod-security.kubernetes.io/audit-violation`. ([#105908](https://github.com/kubernetes/kubernetes/pull/105908), [@stlaz](https://github.com/stlaz)) -- The `/openapi/v3` endpoint will be populated with OpenAPI v3 if the feature flag is enabled ([#105945](https://github.com/kubernetes/kubernetes/pull/105945), [@Jefftree](https://github.com/Jefftree)) -- The `CSIMigrationGCE` feature flag is turned `ON` by default ([#104722](https://github.com/kubernetes/kubernetes/pull/104722), [@leiyiz](https://github.com/leiyiz)) -- The `DownwardAPIHugePages` feature is now enabled by default. ([#106271](https://github.com/kubernetes/kubernetes/pull/106271), [@mysunshine92](https://github.com/mysunshine92)) -- The `PodSecurity `admission plugin has graduated to `beta` and is enabled by default. The admission configuration version has been promoted to `pod-security.admission.config.k8s.io/v1beta1`. See https://kubernetes.io/docs/concepts/security/pod-security-admission/ for usage guidelines. ([#106089](https://github.com/kubernetes/kubernetes/pull/106089), [@liggitt](https://github.com/liggitt)) -- The `ServiceAccountIssuerDiscovery` feature gate is removed. It reached GA in Kubernetes 1.21. ([#103685](https://github.com/kubernetes/kubernetes/pull/103685), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- The `constants/variables` from k8s.io for STABLE metrics is now supported. ([#103654](https://github.com/kubernetes/kubernetes/pull/103654), [@coffeepac](https://github.com/coffeepac)) -- The `kubectl describe namespace` now shows Conditions ([#106219](https://github.com/kubernetes/kubernetes/pull/106219), [@dlipovetsky](https://github.com/dlipovetsky)) -- The etcd container image now supports Windows. ([#92433](https://github.com/kubernetes/kubernetes/pull/92433), [@claudiubelu](https://github.com/claudiubelu)) -- The kube-apiserver's Prometheus metrics have been extended with some that describe the costs of handling LIST requests. They are as follows. - - *apiserver_cache_list_total*: Counter of LIST requests served from watch cache, broken down by resource_prefix and index_name - - *apiserver_cache_list_fetched_objects_total*: Counter of objects read from watch cache in the course of serving a LIST request, broken down by resource_prefix and index_name - - *apiserver_cache_list_evaluated_objects_total*: Counter of objects tested in the course of serving a LIST request from watch cache, broken down by resource_prefix - - *apiserver_cache_list_returned_objects_total*: Counter of objects returned for a LIST request from watch cache, broken down by resource_prefix - - *apiserver_storage_list_total*: Counter of LIST requests served from etcd, broken down by resource - - *apiserver_storage_list_fetched_objects_total*: Counter of objects read from etcd in the course of serving a LIST request, broken down by resource - - *apiserver_storage_list_evaluated_objects_total*: Counter of objects tested in the course of serving a LIST request from etcd, broken down by resource - - *apiserver_storage_list_returned_objects_total*: Counter of objects returned for a LIST request from etcd, broken down by resource ([#104983](https://github.com/kubernetes/kubernetes/pull/104983), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) -- The pause image list now contains Windows Server 2022. ([#104438](https://github.com/kubernetes/kubernetes/pull/104438), [@nick5616](https://github.com/nick5616)) -- The script `kube-up.sh` installs `csi-proxy v1.0.1-gke.0`. ([#104426](https://github.com/kubernetes/kubernetes/pull/104426), [@mauriciopoppe](https://github.com/mauriciopoppe)) -- This PR adds the following metrics for API Priority and Fairness. - - **apiserver_flowcontrol_priority_level_seat_count_samples**: histograms of seats occupied by executing requests (both regular and final-delay phases included), broken down by priority_level; the observations are taken once per millisecond. - - **apiserver_flowcontrol_priority_level_seat_count_watermarks**: histograms of high and low watermarks of number of seats occupied by executing requests (both regular and final-delay phases included), broken down by priority_level. - - **apiserver_flowcontrol_watch_count_samples**: histograms of number of watches relevant to a given mutating request, broken down by that request's priority_level and flow_schema. ([#105873](https://github.com/kubernetes/kubernetes/pull/105873), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery, Instrumentation and Testing] -- Topology Aware Hints have graduated to beta. ([#106433](https://github.com/kubernetes/kubernetes/pull/106433), [@robscott](https://github.com/robscott)) [SIG Network] -- Turn on CSIMigrationAzureDisk by default on 1.23 ([#104670](https://github.com/kubernetes/kubernetes/pull/104670), [@andyzhangx](https://github.com/andyzhangx)) -- Update the system-validators library to v1.6.0 ([#106323](https://github.com/kubernetes/kubernetes/pull/106323), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Node] -- Updated Cluster Autosaler to version `1.22.0`. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.22.0. ([#104293](https://github.com/kubernetes/kubernetes/pull/104293), [@x13n](https://github.com/x13n)) -- Updates `debian-iptables` to v1.6.7 to pick up CVE fixes. ([#104970](https://github.com/kubernetes/kubernetes/pull/104970), [@PushkarJ](https://github.com/PushkarJ)) -- Updates the following images to pick up CVE fixes: - - `debian` to v1.9.0 - - `debian-iptables` to v1.6.6 - - `setcap` to v2.0.4 ([#104142](https://github.com/kubernetes/kubernetes/pull/104142), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Upgrade etcd to 3.5.1 ([#105706](https://github.com/kubernetes/kubernetes/pull/105706), [@uthark](https://github.com/uthark)) [SIG Cloud Provider, Cluster Lifecycle and Testing] -- When feature gate `JobTrackingWithFinalizers` is enabled: - - Limit the number of Pods tracked in a single Job sync to avoid starvation of small Jobs. - - The metric `job_pod_finished_total` counts the number of finished Pods tracked by the Job controller. ([#105197](https://github.com/kubernetes/kubernetes/pull/105197), [@alculquicondor](https://github.com/alculquicondor)) -- When using `RequestedToCapacityRatio` ScoringStrategy, empty shape will cause error. ([#106169](https://github.com/kubernetes/kubernetes/pull/106169), [@kerthcet](https://github.com/kerthcet)) [SIG Scheduling] -- `client-go` event library allows customizing spam filtering function. - It is now possible to override `SpamKeyFunc`, which is used by event filtering to detect spam in the events. ([#103918](https://github.com/kubernetes/kubernetes/pull/103918), [@olagacek](https://github.com/olagacek)) -- `client-go`, using log level 9, traces the following events of a HTTP request: - - DNS lookup - - TCP dialing - - TLS handshake - - Time to get a connection from the pool - - Time to process a request ([#105156](https://github.com/kubernetes/kubernetes/pull/105156), [@aojea](https://github.com/aojea)) -- Allow KUBE_TEST_REPO_LIST to be a remote url ([#109512](https://github.com/kubernetes/kubernetes/pull/109512), [@eddiezane](https://github.com/eddiezane)) [SIG Cloud Provider and Testing] -- Kubernetes is now built with Golang 1.17.11 ([#110423](https://github.com/kubernetes/kubernetes/pull/110423), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -- Kube-apiserver: when merging lists, Server Side Apply now prefers the order of the submitted request instead of the existing persisted object ([#107567](https://github.com/kubernetes/kubernetes/pull/107567), [@jiahuif](https://github.com/jiahuif)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing] - -#### Documentation - -- Graduating `pod_scheduling_duration_seconds`, `pod_scheduling_attempts`, `framework_extension_point_duration_seconds`, `plugin_execution_duration_seconds` and `queue_incoming_pods_total` metrics to stable. ([#106266](https://github.com/kubernetes/kubernetes/pull/106266), [@ahg-g](https://github.com/ahg-g)) [SIG Instrumentation, Scheduling and Testing] -- The test "[sig-network] EndpointSlice should have Endpoints and EndpointSlices pointing to API Server [Conformance]" only requires that there is an EndpointSlice that references the "kubernetes.default" service, it no longer requires that its named "kubernetes". ([#104664](https://github.com/kubernetes/kubernetes/pull/104664), [@aojea](https://github.com/aojea)) -- Update description of `--audit-log-maxbackup` to describe behavior when `value = 0`. ([#103843](https://github.com/kubernetes/kubernetes/pull/103843), [@Arkessler](https://github.com/Arkessler)) -- Users should not rely on unsupported CRON_TZ variable when specifying schedule, both the API server and cronjob controller will emit warnings pointing to https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/ containing explanation ([#106455](https://github.com/kubernetes/kubernetes/pull/106455), [@soltysh](https://github.com/soltysh)) [SIG Apps] - -#### Failing Test - -- Fixes hostPath storage E2E tests within SELinux enabled env ([#104551](https://github.com/kubernetes/kubernetes/pull/104551), [@Elbehery](https://github.com/Elbehery)) -- Allow KUBE_TEST_REPO_LIST to be a remote url ([#109512](https://github.com/kubernetes/kubernetes/pull/109512), [@eddiezane](https://github.com/eddiezane)) [SIG Cloud Provider and Testing] - -#### Bug or Regression - -- (PodSecurity admission) errors validating workload resources (deployment, replicaset, etc.) no longer block admission. ([#106017](https://github.com/kubernetes/kubernetes/pull/106017), [@tallclair](https://github.com/tallclair)) [SIG Auth] -- A pod that the Kubelet rejects was still considered as being accepted for a brief period of time after rejection, which might cause some pods to be rejected briefly that could fit on the node. A pod that is still terminating (but has status indicating it has failed) may also still be consuming resources and so should also be considered. ([#104817](https://github.com/kubernetes/kubernetes/pull/104817), [@smarterclayton](https://github.com/smarterclayton)) -- Add Kubernetes Events to the `Kubelet Graceful Shutdown` feature. ([#101081](https://github.com/kubernetes/kubernetes/pull/101081), [@rphillips](https://github.com/rphillips)) -- Add Pod Security admission metrics: `pod_security_evaluations_total`, `pod_security_exemptions_total`, `pod_security_errors_total` ([#105898](https://github.com/kubernetes/kubernetes/pull/105898), [@tallclair](https://github.com/tallclair)) -- Add support for Windows Network stats in Containerd ([#105744](https://github.com/kubernetes/kubernetes/pull/105744), [@jsturtevant](https://github.com/jsturtevant)) [SIG Node, Testing and Windows] -- Added show-capacity option to `kubectl top node` to show `Capacity` resource usage ([#102917](https://github.com/kubernetes/kubernetes/pull/102917), [@bysnupy](https://github.com/bysnupy)) [SIG CLI] -- Apimachinery: Pretty printed JSON and YAML output is now indented consistently. ([#105466](https://github.com/kubernetes/kubernetes/pull/105466), [@liggitt](https://github.com/liggitt)) -- Be able to create a Pod with Generic Ephemeral Volumes as raw block devices. ([#105682](https://github.com/kubernetes/kubernetes/pull/105682), [@pohly](https://github.com/pohly)) -- CA, certificate and key bundles for the `generic-apiserver` based servers will be reloaded immediately after the files are changed. ([#104102](https://github.com/kubernetes/kubernetes/pull/104102), [@tnqn](https://github.com/tnqn)) -- Change `kubectl diff --invalid-arg` status code from 1 to 2 to match docs ([#105445](https://github.com/kubernetes/kubernetes/pull/105445), [@ardaguclu](https://github.com/ardaguclu)) -- Changed kubectl describe to compute age of an event using the `EventSeries.count` and `EventSeries.lastObservedTime`. ([#104482](https://github.com/kubernetes/kubernetes/pull/104482), [@harjas27](https://github.com/harjas27)) -- Changes behaviour of kube-proxy start; does not attempt to set specific `sysctl` values (which does not work in recent Kernel versions anymore in non-init namespaces), when the current sysctl values are already set higher. ([#103174](https://github.com/kubernetes/kubernetes/pull/103174), [@Napsty](https://github.com/Napsty)) -- Client-go uses the same HTTP client for all the generated groups and versions, allowing to share customized transports for multiple groups versions. ([#105490](https://github.com/kubernetes/kubernetes/pull/105490), [@aojea](https://github.com/aojea)) -- Disable aufs module for gce clusters. ([#103831](https://github.com/kubernetes/kubernetes/pull/103831), [@lizhuqi](https://github.com/lizhuqi)) -- Do not unmount and mount subpath bind mounts during container creation unless bind mount changes ([#105512](https://github.com/kubernetes/kubernetes/pull/105512), [@gnufied](https://github.com/gnufied)) [SIG Storage] -- Don't prematurely close reflectors in case of slow initialization in watch based manager to fix issues with inability to properly mount secrets/configmaps. ([#104604](https://github.com/kubernetes/kubernetes/pull/104604), [@wojtek-t](https://github.com/wojtek-t)) -- Don't use a custom dialer for the kubelet if is not rotating certificates, so we can reuse TCP connections and have only one between the apiserver and the kubelet. If users experiment problems with stale connections using HTTP1.1, they can force the previous behavior of the kubelet by setting the environment variable DISABLE_HTTP2. ([#104844](https://github.com/kubernetes/kubernetes/pull/104844), [@aojea](https://github.com/aojea)) [SIG API Machinery, Auth and Node] -- EndpointSlice Mirroring controller now cleans up managed EndpointSlices when a Service selector is added ([#105997](https://github.com/kubernetes/kubernetes/pull/105997), [@robscott](https://github.com/robscott)) [SIG Apps, Network and Testing] -- Enhanced event messages for pod failed for exec probe timeout ([#106201](https://github.com/kubernetes/kubernetes/pull/106201), [@yxxhero](https://github.com/yxxhero)) [SIG Node] -- Ensure Pods are removed from the scheduler cache when the scheduler misses deletion events due to transient errors ([#106102](https://github.com/kubernetes/kubernetes/pull/106102), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling] -- Ensure `InstanceShutdownByProviderID` return false for creating Azure VMs. ([#104382](https://github.com/kubernetes/kubernetes/pull/104382), [@feiskyer](https://github.com/feiskyer)) -- Evicted and other terminated Pods will no longer revert to the `Running` phase. ([#105462](https://github.com/kubernetes/kubernetes/pull/105462), [@ehashman](https://github.com/ehashman)) -- Fix `kube-apiserver` metric reporting for the deprecated watch path of `/api//watch/...`. ([#104161](https://github.com/kubernetes/kubernetes/pull/104161), [@wojtek-t](https://github.com/wojtek-t)) -- Fix a regression where the Kubelet failed to exclude already completed pods from calculations about how many resources it was currently using when deciding whether to allow more pods. ([#104577](https://github.com/kubernetes/kubernetes/pull/104577), [@smarterclayton](https://github.com/smarterclayton)) -- Fix detach disk issue on deleting vmss node. ([#104572](https://github.com/kubernetes/kubernetes/pull/104572), [@andyzhangx](https://github.com/andyzhangx)) -- Fix job controller syncs: In case of conflicts, ensure that the sync happens with the most up to date information. Improves reliability of JobTrackingWithFinalizers. ([#105214](https://github.com/kubernetes/kubernetes/pull/105214), [@alculquicondor](https://github.com/alculquicondor)) -- Fix job tracking with finalizers for more than 500 pods, ensuring all finalizers are removed before counting the Pod. ([#104666](https://github.com/kubernetes/kubernetes/pull/104666), [@alculquicondor](https://github.com/alculquicondor)) -- Fix pod name of NonIndexed Jobs to not include rogue `-1` substring ([#105676](https://github.com/kubernetes/kubernetes/pull/105676), [@alculquicondor](https://github.com/alculquicondor)) -- Fix scoring for `NodeResourcesBalancedAllocation` plugins when nodes have containers with no requests. ([#105845](https://github.com/kubernetes/kubernetes/pull/105845), [@ahmad-diaa](https://github.com/ahmad-diaa)) -- Fix system default topology spreading when nodes don't have zone labels. Pods correctly spread by default now. ([#105046](https://github.com/kubernetes/kubernetes/pull/105046), [@alculquicondor](https://github.com/alculquicondor)) -- Fix: do not try to delete a LoadBalancer that does not exist ([#105777](https://github.com/kubernetes/kubernetes/pull/105777), [@nilo19](https://github.com/nilo19)) -- Fix: ignore non-VMSS error for VMAS nodes in `reconcileBackendPools`. ([#103997](https://github.com/kubernetes/kubernetes/pull/103997), [@nilo19](https://github.com/nilo19)) -- Fix: leave the probe path empty for TCP probes ([#105253](https://github.com/kubernetes/kubernetes/pull/105253), [@nilo19](https://github.com/nilo19)) -- Fix: remove VMSS and VMSS instances from SLB backend pool only when necessary ([#105839](https://github.com/kubernetes/kubernetes/pull/105839), [@nilo19](https://github.com/nilo19)) -- Fix: skip `instance not found` when decoupling VMSSs from LB ([#105666](https://github.com/kubernetes/kubernetes/pull/105666), [@nilo19](https://github.com/nilo19)) -- Fix: skip case sensitivity when checking Azure NSG rules. ([#104384](https://github.com/kubernetes/kubernetes/pull/104384), [@feiskyer](https://github.com/feiskyer)) -- Fixed a bug that prevents a PersistentVolume that has a PersistentVolumeClaim UID which doesn't exist in local cache but exists in etcd from being updated to the Released phase. ([#105211](https://github.com/kubernetes/kubernetes/pull/105211), [@xiaopingrubyist](https://github.com/xiaopingrubyist)) -- Fixed a bug where using `kubectl patch` with `$deleteFromPrimitiveList` on a nonexistent or empty list would add the item to the list ([#105421](https://github.com/kubernetes/kubernetes/pull/105421), [@brianpursley](https://github.com/brianpursley)) -- Fixed a bug which could cause webhooks to have an incorrect copy of the old object after an Apply or Update ([#106195](https://github.com/kubernetes/kubernetes/pull/106195), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery] -- Fixed a bug which kubectl would emit duplicate warning messages for flag names that contain an underscore and recommend using a nonexistent flag in some cases. ([#103852](https://github.com/kubernetes/kubernetes/pull/103852), [@brianpursley](https://github.com/brianpursley)) -- Fixed a panic in `kubectl` when creating secrets with an improper output type ([#106317](https://github.com/kubernetes/kubernetes/pull/106317), [@lauchokyip](https://github.com/lauchokyip)) -- Fixed a regression setting `--audit-log-path=-` to log to stdout in 1.22 pre-release. ([#103875](https://github.com/kubernetes/kubernetes/pull/103875), [@andrewrynhard](https://github.com/andrewrynhard)) -- Fixed an issue which didn't append OS's environment variables with the one provided in Credential Provider Config file, which may fail execution of external credential provider binary. See https://github.com/kubernetes/kubernetes/issues/102750. ([#103231](https://github.com/kubernetes/kubernetes/pull/103231), [@n4j](https://github.com/n4j)) -- Fixed applying of SELinux labels to CSI volumes on very busy systems (with "error checking for SELinux support: could not get consistent content of /proc/self/mountinfo after 3 attempts") ([#105934](https://github.com/kubernetes/kubernetes/pull/105934), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] -- Fixed architecture within manifest for non `amd64` etcd images. ([#104116](https://github.com/kubernetes/kubernetes/pull/104116), [@saschagrunert](https://github.com/saschagrunert)) -- Fixed architecture within manifest for non `amd64` etcd images. ([#105484](https://github.com/kubernetes/kubernetes/pull/105484), [@saschagrunert](https://github.com/saschagrunert)) -- Fixed azure disk translation issue due to lower case `managed` kind. ([#103439](https://github.com/kubernetes/kubernetes/pull/103439), [@andyzhangx](https://github.com/andyzhangx)) -- Fixed client IP preservation for NodePort service with protocol SCTP in ipvs. ([#104756](https://github.com/kubernetes/kubernetes/pull/104756), [@tnqn](https://github.com/tnqn)) -- Fixed concurrent map access causing panics when logging timed-out API calls. ([#105734](https://github.com/kubernetes/kubernetes/pull/105734), [@marseel](https://github.com/marseel)) -- Fixed consolidate logs for `instance not found` error -- Fixed skip `not found` nodes when reconciling LB backend address pools ([#105188](https://github.com/kubernetes/kubernetes/pull/105188), [@nilo19](https://github.com/nilo19)) -- Fixed occasional pod cgroup freeze when using cgroup v1 and systemd driver. ([#104528](https://github.com/kubernetes/kubernetes/pull/104528), [@kolyshkin](https://github.com/kolyshkin)) -- Fixed the issue where logging output of kube-scheduler configuration files included line breaks and escape characters. The output also attempted to output the configuration file in one section without showing the user a more readable format. ([#106228](https://github.com/kubernetes/kubernetes/pull/106228), [@sanchayanghosh](https://github.com/sanchayanghosh)) [SIG Scheduling] -- Fixes a bug that could result in the EndpointSlice controller unnecessarily updating EndpointSlices associated with a Service that had Topology Aware Hints enabled. ([#105267](https://github.com/kubernetes/kubernetes/pull/105267), [@llhuii](https://github.com/llhuii)) -- Fixes a regression that could cause panics in LRU caches in controller-manager, kubelet, kube-apiserver, or client-go. ([#104466](https://github.com/kubernetes/kubernetes/pull/104466), [@stbenjam](https://github.com/stbenjam)) -- Fixes an issue where an admission webhook can observe a v1 Pod object that does not have the `defaultMode` field set in the injected service account token volume in kube-api-server. ([#104523](https://github.com/kubernetes/kubernetes/pull/104523), [@liggitt](https://github.com/liggitt)) -- Fixes the `should support building a client with a CSR` E2E test to work with clusters configured with short certificate lifetimes ([#105396](https://github.com/kubernetes/kubernetes/pull/105396), [@liggitt](https://github.com/liggitt)) -- Graceful node shutdown, allow the actual inhibit delay to be greater than the expected inhibit delay. ([#103137](https://github.com/kubernetes/kubernetes/pull/103137), [@wzshiming](https://github.com/wzshiming)) -- Handle Generic Ephemeral Volumes properly in the node limits scheduler filter and the kubelet `hostPath` check. ([#100482](https://github.com/kubernetes/kubernetes/pull/100482), [@pohly](https://github.com/pohly)) -- Headless Services with no selector which were created without dual-stack enabled will be defaulted to RequireDualStack instead of PreferDualStack. This is consistent with such Services which are created with dual-stack enabled. ([#104986](https://github.com/kubernetes/kubernetes/pull/104986), [@thockin](https://github.com/thockin)) -- Ignore `not a vmss instance` error for VMAS nodes in `EnsureBackendPoolDeleted`. ([#105185](https://github.com/kubernetes/kubernetes/pull/105185), [@ialidzhikov](https://github.com/ialidzhikov)) -- Ignore the case when comparing azure tags in service annotation. ([#104705](https://github.com/kubernetes/kubernetes/pull/104705), [@nilo19](https://github.com/nilo19)) -- Ignore the case when updating Azure tags. ([#104593](https://github.com/kubernetes/kubernetes/pull/104593), [@nilo19](https://github.com/nilo19)) -- Introduce a new server run option 'shutdown-send-retry-after'. If true the HTTP Server will continue listening until all non longrunning request(s) in flight have been drained, during this window all incoming requests will be rejected with a status code `429` and a 'Retry-After' response header. ([#101257](https://github.com/kubernetes/kubernetes/pull/101257), [@tkashem](https://github.com/tkashem)) -- Kube-apiserver: Avoid unnecessary repeated calls to `admission webhooks` that reject an update or delete request. ([#104182](https://github.com/kubernetes/kubernetes/pull/104182), [@liggitt](https://github.com/liggitt)) -- Kube-apiserver: Server Side Apply merge order is reverted to match v1.22 behavior until `http://issue.k8s.io/104641` is resolved. ([#106661](https://github.com/kubernetes/kubernetes/pull/106661), [@liggitt](https://github.com/liggitt)) -- Kube-apiserver: events created via the `events.k8s.io` API group for cluster-scoped objects are now permitted in the default namespace as well for compatibility with events clients and the `v1` API ([#100125](https://github.com/kubernetes/kubernetes/pull/100125), [@h4ghhh](https://github.com/h4ghhh)) -- Kube-apiserver: fix a memory leak when deleting multiple objects with a `deletecollection`. ([#105606](https://github.com/kubernetes/kubernetes/pull/105606), [@sxllwx](https://github.com/sxllwx)) -- Kube-proxy health check ports used to listen to `:` for each of the services. This is not needed and opens ports in addresses the cluster user may not have intended. The PR limits listening to all node address which are controlled by `--nodeport-addresses` flag. if no addresses are provided then we default to existing behavior by listening to `:` for each service ([#104742](https://github.com/kubernetes/kubernetes/pull/104742), [@khenidak](https://github.com/khenidak)) -- Kube-proxy: delete stale conntrack UDP entries for loadbalancer ingress IP. ([#104009](https://github.com/kubernetes/kubernetes/pull/104009), [@aojea](https://github.com/aojea)) -- Kube-scheduler now doesn't print any usage message when unknown flag is specified. ([#104503](https://github.com/kubernetes/kubernetes/pull/104503), [@sanposhiho](https://github.com/sanposhiho)) -- Kube-up now includes CoreDNS version v1.8.6 ([#106091](https://github.com/kubernetes/kubernetes/pull/106091), [@rajansandeep](https://github.com/rajansandeep)) [SIG Cloud Provider] -- Kubeadm: When adding an etcd peer to an existing cluster, if an error is returned indicating the peer has already been added, this is accepted and a `ListMembers` call is used instead to return the existing cluster. This helps to diminish the exponential backoff when the first AddMember call times out, while still retaining a similar performance when the peer has already been added from a previous call. ([#104134](https://github.com/kubernetes/kubernetes/pull/104134), [@ihgann](https://github.com/ihgann)) -- Kubeadm: do not allow empty `--config` paths to be passed to `kubeadm kubeconfig user` ([#105649](https://github.com/kubernetes/kubernetes/pull/105649), [@navist2020](https://github.com/navist2020)) -- Kubeadm: fix a bug on Windows worker nodes, where the downloaded KubeletConfiguration from the cluster can contain Linux paths that do not work on Windows and can trip the kubelet binary. ([#105992](https://github.com/kubernetes/kubernetes/pull/105992), [@hwdef](https://github.com/hwdef)) [SIG Cluster Lifecycle and Windows] -- Kubeadm: switch the preflight check (called 'Swap') that verifies if swap is enabled on Linux hosts to report a warning instead of an error. This is related to the graduation of the NodeSwap feature gate in the kubelet to Beta and being enabled by default in 1.23 - allows swap support on Linux hosts. In the next release of kubeadm (1.24) the preflight check will be removed, thus we recommend that you stop using it - e.g. via `--ignore-preflight-errors` or the kubeadm config. ([#104854](https://github.com/kubernetes/kubernetes/pull/104854), [@pacoxu](https://github.com/pacoxu)) -- Kubelet did not report `kubelet_volume_stats_*` metrics for Generic Ephemeral Volumes. ([#105569](https://github.com/kubernetes/kubernetes/pull/105569), [@pohly](https://github.com/pohly)) -- Kubelet's Node Grace Shutdown will terminate probes when shutting down ([#105215](https://github.com/kubernetes/kubernetes/pull/105215), [@rphillips](https://github.com/rphillips)) -- Kubelet: fixes a file descriptor leak in log rotation ([#106382](https://github.com/kubernetes/kubernetes/pull/106382), [@rphillips](https://github.com/rphillips)) [SIG Node] -- Kubelet: the printing of flags at the start of kubelet now uses the final logging configuration. ([#106520](https://github.com/kubernetes/kubernetes/pull/106520), [@pohly](https://github.com/pohly)) -- Make the etcd client (used by the API server) retry certain types of errors. The full list of retriable (codes.Unavailable) errors can be found at https://github.com/etcd-io/etcd/blob/main/api/v3rpc/rpctypes/error.go#L72 ([#105069](https://github.com/kubernetes/kubernetes/pull/105069), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- Metrics changes: Fix exposed buckets of `scheduler_volume_scheduling_duration_seconds_bucket` metric. ([#100720](https://github.com/kubernetes/kubernetes/pull/100720), [@dntosas](https://github.com/dntosas)) -- Migrated kubernetes object references (= name + namespace) to structured logging when using JSON as log output format ([#104877](https://github.com/kubernetes/kubernetes/pull/104877), [@pohly](https://github.com/pohly)) -- Pass additional flags to subpath mount to avoid flakes in certain conditions. ([#104253](https://github.com/kubernetes/kubernetes/pull/104253), [@mauriciopoppe](https://github.com/mauriciopoppe)) -- Pod SecurityContext sysctls name parameter for update requests where the existing object's sysctl contains slashes and kubelet sysctl whitelist support contains slashes. ([#102393](https://github.com/kubernetes/kubernetes/pull/102393), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG Apps, Auth, Node, Storage and Testing] -- Pod will not start when Init container was OOM killed. ([#104650](https://github.com/kubernetes/kubernetes/pull/104650), [@yxxhero](https://github.com/yxxhero)) [SIG Node] -- PodResources interface was changed, now it returns only isolated CPUs ([#97415](https://github.com/kubernetes/kubernetes/pull/97415), [@AlexeyPerevalov](https://github.com/AlexeyPerevalov)) -- Provide IPv6 support for internal load balancer. ([#103794](https://github.com/kubernetes/kubernetes/pull/103794), [@nilo19](https://github.com/nilo19)) -- Reduce the number of calls to docker for stats via dockershim. For Windows this reduces the latency when calling docker, for Linux this saves cpu cycles. ([#104287](https://github.com/kubernetes/kubernetes/pull/104287), [@jsturtevant](https://github.com/jsturtevant)) [SIG Node and Windows] -- Removed the error message label from the `kubelet_started_pods_errors_total` metric ([#105213](https://github.com/kubernetes/kubernetes/pull/105213), [@yxxhero](https://github.com/yxxhero)) -- Resolves a potential issue with GC and NS controllers which may delete objects after getting a 404 response from the server during its startup. This PR ensures that requests to aggregated APIs will get 503, not 404 while the APIServiceRegistrationController hasn't finished its job. ([#104748](https://github.com/kubernetes/kubernetes/pull/104748), [@p0lyn0mial](https://github.com/p0lyn0mial)) -- Respect grace period when updating static pods. ([#104743](https://github.com/kubernetes/kubernetes/pull/104743), [@gjkim42](https://github.com/gjkim42)) [SIG Node and Testing] -- Revert building binaries with PIE mode. ([#105352](https://github.com/kubernetes/kubernetes/pull/105352), [@ehashman](https://github.com/ehashman)) -- Reverts adding namespace label to admission metrics (and histogram exansion) due to cardinality issues. ([#104033](https://github.com/kubernetes/kubernetes/pull/104033), [@s-urbaniak](https://github.com/s-urbaniak)) -- Reverts the CRI API version surfaced by dockershim to `v1alpha2`. ([#106808](https://github.com/kubernetes/kubernetes/pull/106808), [@saschagrunert](https://github.com/saschagrunert)) -- Scheduler resource metrics over fractional binary quantities (2.5Gi, 1.1Ki) were incorrectly reported as very small values. ([#103751](https://github.com/kubernetes/kubernetes/pull/103751), [@y-tag](https://github.com/y-tag)) -- Support more than 100 disk mounts on Windows ([#105673](https://github.com/kubernetes/kubernetes/pull/105673), [@andyzhangx](https://github.com/andyzhangx)) -- Support using negative array index in JSON patch replace operations. ([#105896](https://github.com/kubernetes/kubernetes/pull/105896), [@zqzten](https://github.com/zqzten)) -- The `--leader-elect*` CLI args are now honored in scheduler. ([#105915](https://github.com/kubernetes/kubernetes/pull/105915), [@Huang-Wei](https://github.com/Huang-Wei)) -- The `--leader-elect*` CLI args are now honored in the scheduler. ([#105712](https://github.com/kubernetes/kubernetes/pull/105712), [@Huang-Wei](https://github.com/Huang-Wei)) -- The `client-go` dynamic client sets the header `Content-Type: application/json` by default ([#104327](https://github.com/kubernetes/kubernetes/pull/104327), [@sxllwx](https://github.com/sxllwx)) -- The `kube-Proxy` now correctly filters out unready endpoints for Services with Topology. ([#106507](https://github.com/kubernetes/kubernetes/pull/106507), [@robscott](https://github.com/robscott)) -- The `pods/binding` subresource now honors `metadata.uid` and `metadata.resourceVersion` ([#105913](https://github.com/kubernetes/kubernetes/pull/105913), [@aholic](https://github.com/aholic)) -- The kube-proxy sync_proxy_rules_iptables_total metric now gives - the correct number of rules, rather than being off by one. - Fixed multiple iptables proxy regressions introduced in 1.22: - - When using Services with SessionAffinity, client affinity for an - endpoint now gets broken when that endpoint becomes non-ready - (rather than continuing until the endpoint is fully deleted). - - Traffic to a service IP now starts getting rejected (as opposed to - merely dropped) as soon as there are no longer any *usable* - endpoints, rather than waiting until all of the terminating - endpoints have terminated even when those terminating endpoints - were not being used. - - Chains for endpoints that won't be used are no longer output to - iptables, saving a bit of memory/time/cpu. ([#106030](https://github.com/kubernetes/kubernetes/pull/106030), [@danwinship](https://github.com/danwinship)) [SIG Network] -- Topology Aware Hints now ignores unready endpoints when assigning hints. ([#106510](https://github.com/kubernetes/kubernetes/pull/106510), [@robscott](https://github.com/robscott)) -- Topology Hints now excludes control plane notes from capacity calculations. ([#104744](https://github.com/kubernetes/kubernetes/pull/104744), [@robscott](https://github.com/robscott)) -- Update Go used to build migrate script in etcd image to v1.16.7. ([#104301](https://github.com/kubernetes/kubernetes/pull/104301), [@serathius](https://github.com/serathius)) -- Updated json representation for a conflicted taint to `Key=Effect` when a conflicted taint occurs in kubectl taint. ([#104011](https://github.com/kubernetes/kubernetes/pull/104011), [@manugupt1](https://github.com/manugupt1)) -- Upgrades functionality of `kubectl kustomize` as described at - https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.4.1 ([#106389](https://github.com/kubernetes/kubernetes/pull/106389), [@natasha41575](https://github.com/natasha41575)) [SIG CLI] -- Watch requests that are delegated to aggregated API servers no longer reserve concurrency units (seats) in the API Priority and Fairness dispatcher for their entire duration. ([#105511](https://github.com/kubernetes/kubernetes/pull/105511), [@benluddy](https://github.com/benluddy)) -- When a static pod file is deleted and recreated while using a fixed UID, the pod was not properly restarted. ([#104847](https://github.com/kubernetes/kubernetes/pull/104847), [@smarterclayton](https://github.com/smarterclayton)) -- XFS-filesystems are now force-formatted (option `-f`) in order to avoid problems being formatted due to detection of magic super-blocks. This aligns with the behaviour of formatting of ext3/4 filesystems. ([#104923](https://github.com/kubernetes/kubernetes/pull/104923), [@davidkarlsen](https://github.com/davidkarlsen)) -- `--log-flush-frequency` had no effect in several commands or was missing. Help and warning texts were not always using the right format for a command (`add_dir_header` instead of `add-dir-header`). Fixing this included cleaning up flag handling in component-base/logs: that package no longer adds flags to the global flag sets. Commands which want the klog and `--log-flush-frequency` flags must explicitly call `logs.AddFlags`; the new `cli.Run` does that for commands. That helper function also covers flag normalization and printing of usage and errors in a consistent way (print usage text first if parsing failed, then the error). ([#105076](https://github.com/kubernetes/kubernetes/pull/105076), [@pohly](https://github.com/pohly)) -- Kubeadm: allow the "certs check-expiration" command to not require the existence of the cluster CA key (ca.key file) when checking the expiration of managed certificates in kubeconfig files. ([#106931](https://github.com/kubernetes/kubernetes/pull/106931), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubeadm: during execution of the "check expiration" command, treat the etcd CA as external if there is a missing etcd CA key file (etcd/ca.key) and perform the proper validation on certificates signed by the etcd CA. Additionally, make sure that the CA for all entries in the output table is included - for both certificates on disk and in kubeconfig files. ([#106926](https://github.com/kubernetes/kubernetes/pull/106926), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- Kubectl: restores `--dry-run`, `--dry-run=true`, and `--dry-run=false` for compatibility with pre-1.23 invocations. ([#107021](https://github.com/kubernetes/kubernetes/pull/107021), [@liggitt](https://github.com/liggitt)) [SIG CLI and Testing] -- Reverts graceful node shutdown to match 1.21 behavior of setting pods that have not yet successfully completed to "Failed" phase if the GracefulNodeShutdown feature is enabled in kubelet. The GracefulNodeShutdown feature is beta and must be explicitly configured via kubelet config to be enabled in 1.21+. This changes 1.22 and 1.23 behavior on node shutdown to match 1.21. If you do not want pods to be marked terminated on node shutdown in 1.22 and 1.23, disable the GracefulNodeShutdown feature. ([#106900](https://github.com/kubernetes/kubernetes/pull/106900), [@bobbypage](https://github.com/bobbypage)) [SIG Node and Testing] -- An inefficient lock in EndpointSlice controller metrics cache has been reworked. Network programming latency may be significantly reduced in certain scenarios, especially in clusters with a large number of Services. ([#107167](https://github.com/kubernetes/kubernetes/pull/107167), [@robscott](https://github.com/robscott)) [SIG Apps and Network] -- Client-go: fix that paged list calls with ResourceVersionMatch set would fail once paging kicked in. ([#107334](https://github.com/kubernetes/kubernetes/pull/107334), [@fasaxc](https://github.com/fasaxc)) [SIG API Machinery] -- Fix a panic when using invalid output format in kubectl create secret command ([#107347](https://github.com/kubernetes/kubernetes/pull/107347), [@rikatz](https://github.com/rikatz)) [SIG CLI] -- Fix: azuredisk parameter lowercase translation issue ([#107429](https://github.com/kubernetes/kubernetes/pull/107429), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fixed a bug that a pod's .status.nominatedNodeName is not cleared properly, and thus over-occupied system resources. ([#107109](https://github.com/kubernetes/kubernetes/pull/107109), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling and Testing] -- Fixes a rare race condition handling requests that timeout ([#107458](https://github.com/kubernetes/kubernetes/pull/107458), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Mount-utils: Detect potential stale file handle ([#106988](https://github.com/kubernetes/kubernetes/pull/106988), [@andyzhangx](https://github.com/andyzhangx)) [SIG Storage] -- The feature gate was mentioned as `csiMigrationRBD` where it should have been `CSIMigrationRBD` to be in parity with other migration plugins. This release correct the same and keep it as `CSIMigrationRBD`. Users who have configured this feature gate as `csiMigrationRBD` has to reconfigure the same to `CSIMigrationRBD` from this release. ([#107554](https://github.com/kubernetes/kubernetes/pull/107554), [@humblec](https://github.com/humblec)) [SIG Storage] -- Fix: delete non existing Azure disk issue ([#107406](https://github.com/kubernetes/kubernetes/pull/107406), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fixes a regression in 1.23 that incorrectly pruned data from array items of a custom resource that set `x-kubernetes-preserve-unknown-fields: true` ([#107689](https://github.com/kubernetes/kubernetes/pull/107689), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Fix Azurefile volumeid collision issue in csi migration ([#107575](https://github.com/kubernetes/kubernetes/pull/107575), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fix e2e test "Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true)" ([#107902](https://github.com/kubernetes/kubernetes/pull/107902), [@xueqzhan](https://github.com/xueqzhan)) [SIG Network and Testing] -- Fixes a regression in 1.23 where update requests to previously persisted `Service` objects that have not been modified since 1.19 can be rejected with an incorrect `spec.clusterIPs: Required value` error ([#107875](https://github.com/kubernetes/kubernetes/pull/107875), [@liggitt](https://github.com/liggitt)) [SIG Network and Testing] -- Fixes static pod add and removes restarts in certain cases. ([#107761](https://github.com/kubernetes/kubernetes/pull/107761), [@rphillips](https://github.com/rphillips)) [SIG Node] -- Bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client to v0.0.30, fixing goroutine leaks in kube-apiserver. ([#108438](https://github.com/kubernetes/kubernetes/pull/108438), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery, Auth and Cloud Provider] -- Fix kubectl config flags incorrectly setting burst and discovery limits ([#108401](https://github.com/kubernetes/kubernetes/pull/108401), [@ulucinar](https://github.com/ulucinar)) [SIG CLI] -- Fix static pod restarts in cases where the container is not present. ([#108164](https://github.com/kubernetes/kubernetes/pull/108164), [@rphillips](https://github.com/rphillips)) [SIG Node] -- Fixes a bug where a partial EndpointSlice update could cause node name information to be dropped from endpoints that were not updated. ([#108201](https://github.com/kubernetes/kubernetes/pull/108201), [@robscott](https://github.com/robscott)) [SIG Network] -- Fixes a regression in the kubelet restarting static pods. ([#107931](https://github.com/kubernetes/kubernetes/pull/107931), [@rphillips](https://github.com/rphillips)) [SIG Node and Testing] -- Fixes error handling in a kubectl method used in downstream packages. ([#107938](https://github.com/kubernetes/kubernetes/pull/107938), [@heybronson](https://github.com/heybronson)) [SIG CLI] -- Increase Azure ACR credential provider timeout ([#108209](https://github.com/kubernetes/kubernetes/pull/108209), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Kube-apiserver: removed apf_fd from server logs (added in 1.23.0) which could contain data identifying the requesting user ([#108634](https://github.com/kubernetes/kubernetes/pull/108634), [@jupblb](https://github.com/jupblb)) [SIG API Machinery and Scalability] -- Bug: client-go clientset was not defaulting the user agent, using the default golang agent for all the requests. ([#108791](https://github.com/kubernetes/kubernetes/pull/108791), [@aojea](https://github.com/aojea)) [SIG API Machinery and Instrumentation] -- E2e tests wait for kube-root-ca.crt to be populated in namespaces for use with projected service account tokens, reducing delays starting those test pods and errors in the logs. ([#108860](https://github.com/kubernetes/kubernetes/pull/108860), [@eddiezane](https://github.com/eddiezane)) [SIG Testing] -- Failure to start a container cannot accidentally result in the pod being considered "Succeeded" in the presence of deletion. ([#108882](https://github.com/kubernetes/kubernetes/pull/108882), [@rphillips](https://github.com/rphillips)) [SIG Node] -- Fix indexer bug that resulted in incorrect index updates if number of index values for a given object was changing during update ([#109137](https://github.com/kubernetes/kubernetes/pull/109137), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery] -- Fix the overestimated cost of delegated API requests in kube-apiserver API priority&fairness ([#109216](https://github.com/kubernetes/kubernetes/pull/109216), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery] -- Fixed a regression that could incorrectly reject pods with OutOfCpu errors if they were rapidly scheduled after other pods were reported as complete in the API. The Kubelet now waits to report the phase of a pod as terminal in the API until all running containers are guaranteed to have stopped and no new containers can be started. Short-lived pods may take slightly longer (~1s) to report Succeeded or Failed after this change. ([#108723](https://github.com/kubernetes/kubernetes/pull/108723), [@bobbypage](https://github.com/bobbypage)) [SIG Apps, Node and Testing] -- Correct event registration for multiple scheduler plugins; this fixes a potential significant delay in re-queueing unschedulable pods. ([#109446](https://github.com/kubernetes/kubernetes/pull/109446), [@ahg-g](https://github.com/ahg-g)) [SIG Scheduling and Testing] -- Existing InTree AzureFile PVs which don't have a secret namespace defined will now work properly after enabling CSI migration - the namespace will be obtained from ClaimRef. ([#108000](https://github.com/kubernetes/kubernetes/pull/108000), [@RomanBednar](https://github.com/RomanBednar)) [SIG Cloud Provider and Storage] -- Fix JobTrackingWithFinalizers that: - - was declaring a job finished before counting all the created pods in the status - - was leaving pods with finalizers, blocking pod and job deletions - - JobTrackingWithFinalizers is still disabled by default. ([#109486](https://github.com/kubernetes/kubernetes/pull/109486), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing] -- Fix a bug that out-of-tree plugin is misplaced when using scheduler v1beta3 config ([#108890](https://github.com/kubernetes/kubernetes/pull/108890), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling] -- Fix kubectl completion zsh to use any command name rather than hardcoded kubectl ([#109235](https://github.com/kubernetes/kubernetes/pull/109235), [@soltysh](https://github.com/soltysh)) [SIG CLI] -- Kubeadm: add the flag "--experimental-initial-corrupt-check" to etcd static Pod manifests to ensure etcd member data consistency ([#109075](https://github.com/kubernetes/kubernetes/pull/109075), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- EndpointSlices marked for deletion are now ignored during reconciliation. ([#110483](https://github.com/kubernetes/kubernetes/pull/110483), [@aryan9600](https://github.com/aryan9600)) [SIG Apps and Network] -- Fixed a kubelet issue that could result in invalid pod status updates to be sent to the api-server where pods would be reported in a terminal phase but also report a ready condition of true in some cases. ([#110480](https://github.com/kubernetes/kubernetes/pull/110480), [@bobbypage](https://github.com/bobbypage)) [SIG Node and Testing] -- Pods will now post their readiness during termination. ([#110417](https://github.com/kubernetes/kubernetes/pull/110417), [@aojea](https://github.com/aojea)) [SIG Network, Node and Testing] -- Fix a bug that caused the wrong result length when using --chunk-size and --selector together ([#110757](https://github.com/kubernetes/kubernetes/pull/110757), [@Abirdcfly](https://github.com/Abirdcfly)) [SIG API Machinery and Testing] -- Fix bug that prevented the job controller from enforcing activeDeadlineSeconds when set ([#110545](https://github.com/kubernetes/kubernetes/pull/110545), [@harshanarayana](https://github.com/harshanarayana)) [SIG Apps] -- Fix image pulling failure when IMDS is unavailable in kubelet startup ([#110523](https://github.com/kubernetes/kubernetes/pull/110523), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix printing resources with int64 fields ([#110602](https://github.com/kubernetes/kubernetes/pull/110602), [@sanchezl](https://github.com/sanchezl)) [SIG API Machinery] -- Fixed a regression introduced in 1.23.0 where Azure load balancers were not kept up to date with the state of cluster nodes. In particular, nodes that are not in the ready state and are not newly created (i.e. not having the `node.cloudprovider.kubernetes.io/uninitialized` taint) now get removed from Azure load balancers. ([#109932](https://github.com/kubernetes/kubernetes/pull/109932), [@ricky-rav](https://github.com/ricky-rav)) [SIG Cloud Provider] -- Fixed potential scheduler crash when scheduling with unsatisfied nodes in PodTopologySpread. ([#110853](https://github.com/kubernetes/kubernetes/pull/110853), [@kerthcet](https://github.com/kerthcet)) [SIG Scheduling] -- Kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join ([#111022](https://github.com/kubernetes/kubernetes/pull/111022), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Reduced time taken to sync proxy rules on Windows kube-proxy with kernelspace mode ([#110702](https://github.com/kubernetes/kubernetes/pull/110702), [@daschott](https://github.com/daschott)) [SIG Network and Windows] -- Updated cAdvisor to v0.43.1 to pick up a kubelet fix where network metrics can be missing in some cases when used with containerd ([#111013](https://github.com/kubernetes/kubernetes/pull/111013), [@bobbypage](https://github.com/bobbypage)) [SIG Node] - -#### Other (Cleanup or Flake) - -- All `klog` flags except for `-v` and `-vmodule` are deprecated. Support for `-vmodule` is only guaranteed for the text log format. ([#105042](https://github.com/kubernetes/kubernetes/pull/105042), [@pohly](https://github.com/pohly)) -- Better pod events ("waiting for ephemeral volume controller to create the persistentvolumeclaim"" instead of "persistentvolumeclaim not found") when using generic ephemeral volumes. ([#104605](https://github.com/kubernetes/kubernetes/pull/104605), [@pohly](https://github.com/pohly)) -- Changed buckets in apiserver_request_duration_seconds metric from [0.05, 0.1, 0.15, 0.2, 0.25, 0.3, 0.35, 0.4, 0.45, 0.5, 0.6, 0.7, 0.8, 0.9, 1.0,1.25, 1.5, 1.75, 2.0, 2.5, 3.0, 3.5, 4.0, 4.5, 5, 6, 7, 8, 9, 10, 15, 20, 25, 30, 40, 50, 60] to [0.05, 0.1, 0.2, 0.4, 0.6, 0.8, 1.0, 1.25, 1.5, 2, 3, 4, 5, 6, 8, 10, 15, 20, 30, 45, 60] ([#106306](https://github.com/kubernetes/kubernetes/pull/106306), [@pawbana](https://github.com/pawbana)) [SIG API Machinery, Instrumentation and Testing] -- Deprecate `apiserver_longrunning_gauge` and `apiserver_register_watchers` in 1.23.0. ([#103793](https://github.com/kubernetes/kubernetes/pull/103793), [@yan-lgtm](https://github.com/yan-lgtm)) -- Enhanced error message for nodes not selected by scheduler due to pod's PersistentVolumeClaim(s) bound to PersistentVolume(s) that do not exist. ([#105196](https://github.com/kubernetes/kubernetes/pull/105196), [@yibozhuang](https://github.com/yibozhuang)) -- Fix an issue in cleaning up `CertificateSigningRequest` objects with an unparseable `status.certificate` field. ([#103823](https://github.com/kubernetes/kubernetes/pull/103823), [@liggitt](https://github.com/liggitt)) -- Kube-apiserver: requests to node, Service, and Pod `/proxy` subresources with no additional URL path now only automatically redirect GET and HEAD requests. ([#95128](https://github.com/kubernetes/kubernetes/pull/95128), [@Riaankl](https://github.com/Riaankl)) -- Kube-apiserver: sets an upper-bound on the lifetime of idle keep-alive connections and the time to read the headers of incoming requests. ([#103958](https://github.com/kubernetes/kubernetes/pull/103958), [@liggitt](https://github.com/liggitt)) -- Kubeadm: external etcd endpoints passed in the `ClusterConfiguration` that have Unicode characters are no longer IDNA encoded (converted to Punycode). They are now just URL encoded as per Go's implementation of RFC-3986, have duplicate "/" removed from the URL paths, and passed like that directly to the `kube-apiserver` `--etcd-servers` flag. If you have etcd endpoints that have Unicode characters, it is advisable to encode them in advance with tooling that is fully IDNA compliant. If you don't do that, the Go standard library (used in k8s and etcd) would do it for you when making requests to the endpoints. ([#103801](https://github.com/kubernetes/kubernetes/pull/103801), [@gkarthiks](https://github.com/gkarthiks)) -- Kubeadm: remove the `--port` flag from the manifest for the `kube-controller-manager` since the flag has been a NO-OP since 1.22 and insecure serving was removed for the component. ([#104157](https://github.com/kubernetes/kubernetes/pull/104157), [@knight42](https://github.com/knight42)) -- Kubeadm: remove the `--port` flag from the manifest for the kube-scheduler since the flag has been a NO-OP since 1.23 and insecure serving was removed for the component. ([#105034](https://github.com/kubernetes/kubernetes/pull/105034), [@pacoxu](https://github.com/pacoxu)) -- Kubeadm: update references to legacy artifacts locations, the `ci-cross` prefix has been removed from the version match as it does not exist in the new `gs://k8s-release-dev` bucket. ([#103813](https://github.com/kubernetes/kubernetes/pull/103813), [@SataQiu](https://github.com/SataQiu)) -- Kubectl: deprecated command line flags (like several of the klog flags) now have a `DEPRECATED: ` comment. ([#106172](https://github.com/kubernetes/kubernetes/pull/106172), [@pohly](https://github.com/pohly)) [SIG CLI] -- Kubemark is now built as a portable, static binary. ([#106150](https://github.com/kubernetes/kubernetes/pull/106150), [@pohly](https://github.com/pohly)) [SIG Scalability and Testing] -- Migrate `cmd/proxy/{config, healthcheck, winkernel}` to structured logging ([#104944](https://github.com/kubernetes/kubernetes/pull/104944), [@jyz0309](https://github.com/jyz0309)) -- Migrate `pkg/proxy` to structured logging ([#104908](https://github.com/kubernetes/kubernetes/pull/104908), [@CIPHERTron](https://github.com/CIPHERTron)) -- Migrate `pkg/scheduler/framework/plugins/interpodaffinity/filtering.go`,`pkg/scheduler/framework/plugins/podtopologyspread/filtering.go`, `pkg/scheduler/framework/plugins/volumezone/volume_zone.go` to structured logging ([#105931](https://github.com/kubernetes/kubernetes/pull/105931), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Migrate `pkg/scheduler` to structured logging. ([#99273](https://github.com/kubernetes/kubernetes/pull/99273), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) -- Migrate cmd/proxy/app and pkg/proxy/meta_proxier to structured logging ([#104928](https://github.com/kubernetes/kubernetes/pull/104928), [@jyz0309](https://github.com/jyz0309)) -- Migrated `cmd/kube-scheduler/app/server.go`, `pkg/scheduler/framework/plugins/nodelabel/node_label.go`, `pkg/scheduler/framework/plugins/nodevolumelimits/csi.go`, `pkg/scheduler/framework/plugins/nodevolumelimits/non_csi.go` to structured logging ([#105855](https://github.com/kubernetes/kubernetes/pull/105855), [@shivanshu1333](https://github.com/shivanshu1333)) -- Migrated `pkg/proxy/ipvs` to structured logging ([#104932](https://github.com/kubernetes/kubernetes/pull/104932), [@shivanshu1333](https://github.com/shivanshu1333)) -- Migrated `pkg/proxy/userspace` to structured logging. ([#104931](https://github.com/kubernetes/kubernetes/pull/104931), [@shivanshu1333](https://github.com/shivanshu1333)) -- Migrated `pkg/proxy` to structured logging ([#104891](https://github.com/kubernetes/kubernetes/pull/104891), [@shivanshu1333](https://github.com/shivanshu1333)) -- Migrated `pkg/scheduler/framework/plugins/volumebinding/assume_cache.go` to structured logging. ([#105904](https://github.com/kubernetes/kubernetes/pull/105904), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG Instrumentation, Scheduling and Storage] -- Migrated `pkg/scheduler/framework/preemption/preemption.go`, `pkg/scheduler/framework/plugins/examples/stateful/stateful.go`, and `pkg/scheduler/framework/plugins/noderesources/resource_allocation.go` to structured logging ([#105967](https://github.com/kubernetes/kubernetes/pull/105967), [@shivanshu1333](https://github.com/shivanshu1333)) [SIG Instrumentation, Node and Scheduling] -- Migrated pkg/proxy/winuserspace to structured logging ([#105035](https://github.com/kubernetes/kubernetes/pull/105035), [@shivanshu1333](https://github.com/shivanshu1333)) -- Migrated scheduler file `cache.go` to structured logging ([#105969](https://github.com/kubernetes/kubernetes/pull/105969), [@shivanshu1333](https://github.com/shivanshu1333)) [SIG Instrumentation and Scheduling] -- Migrated scheduler files `comparer.go`, `dumper.go`, `node_tree.go` to structured logging ([#105968](https://github.com/kubernetes/kubernetes/pull/105968), [@shivanshu1333](https://github.com/shivanshu1333)) [SIG Instrumentation and Scheduling] -- More detailed logging has been added to the EndpointSlice controller for Topology. ([#104741](https://github.com/kubernetes/kubernetes/pull/104741), [@robscott](https://github.com/robscott)) -- Remove deprecated and not supported old cronjob controller. ([#106126](https://github.com/kubernetes/kubernetes/pull/106126), [@soltysh](https://github.com/soltysh)) [SIG Apps] -- Remove ignore error flag for drain, and set this feature as default ([#105571](https://github.com/kubernetes/kubernetes/pull/105571), [@yuzhiquan](https://github.com/yuzhiquan)) [SIG CLI] -- Remove the deprecated flags `--csr-only` and `--csr-dir` from `kubeadm certs renew`. Please use `kubeadm certs generate-csr` instead. ([#104796](https://github.com/kubernetes/kubernetes/pull/104796), [@RA489](https://github.com/RA489)) -- Support allocating whole NUMA nodes in the CPUManager when there is not a 1:1 mapping between socket and NUMA node ([#102015](https://github.com/kubernetes/kubernetes/pull/102015), [@klueska](https://github.com/klueska)) -- Support for Windows Server 2022 was added to the `k8s.gcr.io/pause:3.6` image. ([#104711](https://github.com/kubernetes/kubernetes/pull/104711), [@claudiubelu](https://github.com/claudiubelu)) -- Surface warning when users don't set `propagationPolicy` for jobs while deleting. ([#104080](https://github.com/kubernetes/kubernetes/pull/104080), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- The `AllowInsecureBackendProxy` feature gate is removed. It reached GA in Kubernetes 1.21. ([#103796](https://github.com/kubernetes/kubernetes/pull/103796), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- The `BoundServiceAccountTokenVolume` feature gate that is GA since v1.22 is unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#104167](https://github.com/kubernetes/kubernetes/pull/104167), [@ialidzhikov](https://github.com/ialidzhikov)) -- The `StartupProbe` feature gate that is GA since v1.20 is unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#104168](https://github.com/kubernetes/kubernetes/pull/104168), [@ialidzhikov](https://github.com/ialidzhikov)) -- The `SupportPodPidsLimit` and `SupportNodePidsLimit` feature gates that are GA since v1.20 are unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#104163](https://github.com/kubernetes/kubernetes/pull/104163), [@ialidzhikov](https://github.com/ialidzhikov)) -- The `apiserver` exposes 4 new metrics that allow to track the status of the Service CIDRs allocations: - - current number of available IPs per Service CIDR - - current number of used IPs per Service CIDR - - total number of allocation per Service CIDR - - total number of allocation errors per ServiceCIDR ([#104119](https://github.com/kubernetes/kubernetes/pull/104119), [@aojea](https://github.com/aojea)) -- The flag `--deployment-controller-sync-period` has been deprecated and will be removed in v1.24. ([#103538](https://github.com/kubernetes/kubernetes/pull/103538), [@Pingan2017](https://github.com/Pingan2017)) -- The image `gcr.io/kubernetes-e2e-test-images` will no longer be used in E2E / CI testing, `k8s.gcr.io/e2e-test-images` will be used instead. ([#103724](https://github.com/kubernetes/kubernetes/pull/103724), [@claudiubelu](https://github.com/claudiubelu)) -- The kube-proxy image contains `/go-runner` as a replacement for deprecated klog flags. ([#106301](https://github.com/kubernetes/kubernetes/pull/106301), [@pohly](https://github.com/pohly)) -- The maximum length of the `CSINode` id field has increased to 256 bytes to match the CSI spec. ([#104160](https://github.com/kubernetes/kubernetes/pull/104160), [@pacoxu](https://github.com/pacoxu)) -- Troubleshooting: informers log handlers that take more than 100 milliseconds to process an object if the `DeltaFIFO` queue starts to grow beyond 10 elements. ([#103917](https://github.com/kubernetes/kubernetes/pull/103917), [@aojea](https://github.com/aojea)) -- Update `cri-tools` dependency to v1.22.0. ([#104430](https://github.com/kubernetes/kubernetes/pull/104430), [@saschagrunert](https://github.com/saschagrunert)) -- Update `migratecmd/kube-proxy/app` logs to structured logging. ([#98913](https://github.com/kubernetes/kubernetes/pull/98913), [@yxxhero](https://github.com/yxxhero)) -- Update build images to Debian 11 (Bullseye) - - debian-base:bullseye-v1.0.0 - - debian-iptables:bullseye-v1.0.0 - - go-runner:v2.3.1-go1.17.1-bullseye.0 - - kube-cross:v1.23.0-go1.17.1-bullseye.1 - - setcap:bullseye-v1.0.0 - - cluster/images/etcd: Build 3.5.0-2 image - - test/conformance/image: Update runner image to base-debian11 ([#105158](https://github.com/kubernetes/kubernetes/pull/105158), [@justaugustus](https://github.com/justaugustus)) -- Update conformance image to use `debian-base:buster-v1.9.0`. ([#104696](https://github.com/kubernetes/kubernetes/pull/104696), [@PushkarJ](https://github.com/PushkarJ)) -- `volume.kubernetes.io/storage-provisioner` annotation will be added to dynamic provisioning required PVC. `volume.beta.kubernetes.io/storage-provisioner` annotation is deprecated. ([#104590](https://github.com/kubernetes/kubernetes/pull/104590), [@Jiawei0227](https://github.com/Jiawei0227)) -- Updates konnectivity-network-proxy to v0.0.27. This includes a memory leak fix for the network proxy ([#107037](https://github.com/kubernetes/kubernetes/pull/107037), [@jdnurme](https://github.com/jdnurme)) [SIG API Machinery, Auth and Cloud Provider] - -### Dependencies - -#### Added -- bazil.org/fuse: 371fbbd -- github.com/OneOfOne/xxhash: [v1.2.2](https://github.com/OneOfOne/xxhash/tree/v1.2.2) -- github.com/antlr/antlr4/runtime/Go/antlr: [b48c857](https://github.com/antlr/antlr4/runtime/Go/antlr/tree/b48c857) -- github.com/cespare/xxhash: [v1.1.0](https://github.com/cespare/xxhash/tree/v1.1.0) -- github.com/cncf/xds/go: [fbca930](https://github.com/cncf/xds/go/tree/fbca930) -- github.com/getkin/kin-openapi: [v0.76.0](https://github.com/getkin/kin-openapi/tree/v0.76.0) -- github.com/go-logr/zapr: [v1.2.0](https://github.com/go-logr/zapr/tree/v1.2.0) -- github.com/google/cel-go: [v0.9.0](https://github.com/google/cel-go/tree/v0.9.0) -- github.com/google/cel-spec: [v0.6.0](https://github.com/google/cel-spec/tree/v0.6.0) -- github.com/google/martian/v3: [v3.1.0](https://github.com/google/martian/v3/tree/v3.1.0) -- github.com/kr/fs: [v0.1.0](https://github.com/kr/fs/tree/v0.1.0) -- github.com/pkg/sftp: [v1.10.1](https://github.com/pkg/sftp/tree/v1.10.1) -- github.com/spaolacci/murmur3: [f09979e](https://github.com/spaolacci/murmur3/tree/f09979e) -- sigs.k8s.io/json: c049b76 - -#### Changed -- cloud.google.com/go/bigquery: v1.4.0 → v1.8.0 -- cloud.google.com/go/storage: v1.6.0 → v1.10.0 -- cloud.google.com/go: v0.54.0 → v0.81.0 -- github.com/GoogleCloudPlatform/k8s-cloud-provider: [7901bc8 → ea6160c](https://github.com/GoogleCloudPlatform/k8s-cloud-provider/compare/7901bc8...ea6160c) -- github.com/Microsoft/go-winio: [v0.4.15 → v0.4.17](https://github.com/Microsoft/go-winio/compare/v0.4.15...v0.4.17) -- github.com/Microsoft/hcsshim: [5eafd15 → v0.8.22](https://github.com/Microsoft/hcsshim/compare/5eafd15...v0.8.22) -- github.com/benbjohnson/clock: [v1.0.3 → v1.1.0](https://github.com/benbjohnson/clock/compare/v1.0.3...v1.1.0) -- github.com/bketelsen/crypt: [5cbc8cc → v0.0.4](https://github.com/bketelsen/crypt/compare/5cbc8cc...v0.0.4) -- github.com/containerd/cgroups: [0dbf7f0 → v1.0.1](https://github.com/containerd/cgroups/compare/0dbf7f0...v1.0.1) -- github.com/containerd/containerd: [v1.4.4 → v1.4.11](https://github.com/containerd/containerd/compare/v1.4.4...v1.4.11) -- github.com/containerd/continuity: [aaeac12 → v0.1.0](https://github.com/containerd/continuity/compare/aaeac12...v0.1.0) -- github.com/containerd/fifo: [a9fb20d → v1.0.0](https://github.com/containerd/fifo/compare/a9fb20d...v1.0.0) -- github.com/containerd/go-runc: [5a6d9f3 → v1.0.0](https://github.com/containerd/go-runc/compare/5a6d9f3...v1.0.0) -- github.com/containerd/typeurl: [v1.0.1 → v1.0.2](https://github.com/containerd/typeurl/compare/v1.0.1...v1.0.2) -- github.com/coredns/corefile-migration: [v1.0.12 → v1.0.14](https://github.com/coredns/corefile-migration/compare/v1.0.12...v1.0.14) -- github.com/docker/docker: [v20.10.2+incompatible → v20.10.7+incompatible](https://github.com/docker/docker/compare/v20.10.2...v20.10.7) -- github.com/envoyproxy/go-control-plane: [668b12f → 63b5d3c](https://github.com/envoyproxy/go-control-plane/compare/668b12f...63b5d3c) -- github.com/evanphx/json-patch: [v4.11.0+incompatible → v4.12.0+incompatible](https://github.com/evanphx/json-patch/compare/v4.11.0...v4.12.0) -- github.com/go-logr/logr: [v0.4.0 → v1.2.0](https://github.com/go-logr/logr/compare/v0.4.0...v1.2.0) -- github.com/golang/glog: [23def4e → v1.0.0](https://github.com/golang/glog/compare/23def4e...v1.0.0) -- github.com/golang/mock: [v1.4.4 → v1.5.0](https://github.com/golang/mock/compare/v1.4.4...v1.5.0) -- github.com/google/cadvisor: [v0.39.2 → v0.43.0](https://github.com/google/cadvisor/compare/v0.39.2...v0.43.0) -- github.com/google/pprof: [1ebb73c → cbba55b](https://github.com/google/pprof/compare/1ebb73c...cbba55b) -- github.com/hashicorp/golang-lru: [v0.5.1 → v0.5.0](https://github.com/hashicorp/golang-lru/compare/v0.5.1...v0.5.0) -- github.com/ianlancetaylor/demangle: [5e5cf60 → 28f6c0f](https://github.com/ianlancetaylor/demangle/compare/5e5cf60...28f6c0f) -- github.com/json-iterator/go: [v1.1.11 → v1.1.12](https://github.com/json-iterator/go/compare/v1.1.11...v1.1.12) -- github.com/magiconair/properties: [v1.8.1 → v1.8.5](https://github.com/magiconair/properties/compare/v1.8.1...v1.8.5) -- github.com/mitchellh/go-homedir: [v1.1.0 → v1.0.0](https://github.com/mitchellh/go-homedir/compare/v1.1.0...v1.0.0) -- github.com/mitchellh/mapstructure: [v1.1.2 → v1.4.1](https://github.com/mitchellh/mapstructure/compare/v1.1.2...v1.4.1) -- github.com/modern-go/reflect2: [v1.0.1 → v1.0.2](https://github.com/modern-go/reflect2/compare/v1.0.1...v1.0.2) -- github.com/opencontainers/runc: [v1.0.1 → v1.0.2](https://github.com/opencontainers/runc/compare/v1.0.1...v1.0.2) -- github.com/pelletier/go-toml: [v1.2.0 → v1.9.3](https://github.com/pelletier/go-toml/compare/v1.2.0...v1.9.3) -- github.com/prometheus/common: [v0.26.0 → v0.28.0](https://github.com/prometheus/common/compare/v0.26.0...v0.28.0) -- github.com/spf13/afero: [v1.2.2 → v1.6.0](https://github.com/spf13/afero/compare/v1.2.2...v1.6.0) -- github.com/spf13/cast: [v1.3.0 → v1.3.1](https://github.com/spf13/cast/compare/v1.3.0...v1.3.1) -- github.com/spf13/cobra: [v1.1.3 → v1.2.1](https://github.com/spf13/cobra/compare/v1.1.3...v1.2.1) -- github.com/spf13/jwalterweatherman: [v1.0.0 → v1.1.0](https://github.com/spf13/jwalterweatherman/compare/v1.0.0...v1.1.0) -- github.com/spf13/viper: [v1.7.0 → v1.8.1](https://github.com/spf13/viper/compare/v1.7.0...v1.8.1) -- github.com/yuin/goldmark: [v1.3.5 → v1.4.0](https://github.com/yuin/goldmark/compare/v1.3.5...v1.4.0) -- go.opencensus.io: v0.22.3 → v0.23.0 -- go.uber.org/zap: v1.17.0 → v1.19.0 -- golang.org/x/crypto: 5ea612d → 32db794 -- golang.org/x/net: 37e1c6a → e898025 -- golang.org/x/oauth2: bf48bf1 → 2bc19b1 -- golang.org/x/sys: 59db8d7 → f4d4317 -- golang.org/x/term: 6a3ed07 → 6886f2d -- golang.org/x/text: v0.3.6 → v0.3.7 -- golang.org/x/tools: v0.1.2 → d4cc65f -- google.golang.org/api: v0.20.0 → v0.46.0 -- google.golang.org/appengine: v1.6.5 → v1.6.7 -- google.golang.org/genproto: f16073e → fe13028 -- google.golang.org/grpc: v1.38.0 → v1.40.0 -- google.golang.org/protobuf: v1.26.0 → v1.27.1 -- gopkg.in/ini.v1: v1.51.0 → v1.62.0 -- honnef.co/go/tools: v0.0.1-2020.1.3 → v0.0.1-2020.1.4 -- k8s.io/gengo: b6c5ce2 → 485abfe -- k8s.io/klog/v2: v2.9.0 → v2.30.0 -- k8s.io/kube-openapi: 9528897 → e816edb -- k8s.io/system-validators: v1.5.0 → v1.6.0 -- sigs.k8s.io/kustomize/api: v0.8.11 → v0.10.1 -- sigs.k8s.io/kustomize/cmd/config: v0.9.13 → v0.10.2 -- sigs.k8s.io/kustomize/kustomize/v4: v4.2.0 → v4.4.1 -- sigs.k8s.io/kustomize/kyaml: v0.11.0 → v0.13.0 -- golang.org/x/net: e898025 → 491a49a -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.25 → v0.0.27 -- sigs.k8s.io/structured-merge-diff/v4: v4.1.2 → v4.2.1 -- k8s.io/utils: cb0fa31 → 6203023 -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.27 → v0.0.30 -- github.com/google/cadvisor: [v0.43.0 → v0.43.1](https://github.com/google/cadvisor/compare/v0.43.0...v0.43.1) - -#### Removed -- cloud.google.com/go/datastore: v1.1.0 -- cloud.google.com/go/pubsub: v1.2.0 -- github.com/alecthomas/units: [f65c72e](https://github.com/alecthomas/units/tree/f65c72e) -- github.com/coreos/bbolt: [v1.3.2](https://github.com/coreos/bbolt/tree/v1.3.2) -- github.com/coreos/etcd: [v3.3.13+incompatible](https://github.com/coreos/etcd/tree/v3.3.13) -- github.com/coreos/go-systemd: [95778df](https://github.com/coreos/go-systemd/tree/95778df) -- github.com/coreos/pkg: [399ea9e](https://github.com/coreos/pkg/tree/399ea9e) -- github.com/dgrijalva/jwt-go: [v3.2.0+incompatible](https://github.com/dgrijalva/jwt-go/tree/v3.2.0) -- github.com/google/martian: [v2.1.0+incompatible](https://github.com/google/martian/tree/v2.1.0) -- github.com/jpillora/backoff: [v1.0.0](https://github.com/jpillora/backoff/tree/v1.0.0) -- gotest.tools: v2.2.0+incompatible - -### cluster-operator [4.5.2](https://github.com/giantswarm/cluster-operator/releases/tag/v4.5.2) - -#### Changed -- Set `cni.exclusive` to `false` in cilium app config. -- Set `chartOperator.cni.install` to true to allow installing CNI as app. - -### kiam [2.5.0](https://github.com/giantswarm/kiam-app/releases/tag/v2.5.0) - -### external-dns [2.15.1](https://github.com/giantswarm/external-dns-app/releases/tag/v2.15.1) - -#### Changed -- Update alpine image to v3.15.5 ([#178](https://github.com/giantswarm/external-dns-app/pull/178)) - -### app-operator [6.3.0](https://github.com/giantswarm/app-operator/releases/tag/v6.3.0) - -#### Added -- If no userconfig configmap or secret reference is specified but one is found following the default naming convention (`*-user-values` / `*-user-secrets`) then the App resource is updated to reference the found configmap/secret. - -### chart-operator [2.27.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.27.0) - -#### Added -- Ensure the `giantswarm` PriorityClass is created first on initial installation. - -#### Changed -- Use `127.0.0.1` as KUBERNETES_SERVICE_HOST when `bootstrapMode` is enabled. - -### etcd-kubernetes-resources-count-exporter [0.5.1](https://github.com/giantswarm/etcd-kubernetes-resources-count-exporter/releases/tag/v0.5.1) - -#### Changed -- Bump build image to alpine 3.16.1. - -### vertical-pod-autoscaler [2.5.0](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v2.5.0) - -#### Changed -- Upgrade vertical-pod-autoscaler to [0.11.0](https://github.com/kubernetes/autoscaler/releases/tag/vertical-pod-autoscaler-0.11.0) - Potentially breaking change: - - Added validation - CPU values will be accepted only with resolution of 1 mCPU, memory with resolution of 1 b - Other changes: - - Switch to go 1.16 - - Admission controller now logs when it fails to start - - Increase resolution of admission_latency_seconds metric - - Reduce verbosity of some logs -- Change default webhook timeout to 5 seconds - -#### Fixed -- Correct selector in admission controller PDB - -### aws-ebs-csi-driver [2.16.1](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.16.1) - -#### Fixed -- Changing controller `httpEndpoint` to `8610` because of overlapping ports. - -### coredns [1.11.0](https://github.com/giantswarm/coredns-app/releases/tag/v1.11.0) - -#### Changed -- Update `coredns` to upstream version [1.9.3](https://coredns.io/2022/05/27/coredns-1.9.3-release/). - -### cluster-autoscaler [1.23.1](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/1.23.1) - -Upgraded from 1.22.2-gs7 to support newer kubernetes version. - -Please refer to the [changelog](https://github.com/giantswarm/cluster-autoscaler-app/blob/master/CHANGELOG.md). - -### metrics-server [1.8.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v1.8.0) - -#### Changed -- Updated metrics-server version to 0.6.1. - -### cert-manager [2.15.2](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.15.2) - -#### Fixed - -- RBAC for `cmctl upgrade migrate-api-version` ([#249](https://github.com/giantswarm/cert-manager-app/pull/249)). - -### aws-operator [13.0.0](https://github.com/giantswarm/aws-operator/releases/tag/v13.0.0) - -#### Changed -- Use Cloudfront Domain for IRSA for non-China regions. -- Ensure `aws-node` daemonset does not schedule on upgraded nodes. -- Ensure `aws-node` daemonset has `AWS_VPC_K8S_CNI_EXCLUDE_SNAT_CIDRS` env var set to the cilium cidr during migration to cilium. -- Cleanup `aws-node` resources after a successful migration. -- Cleanup `calico` resources after a successful migration. -- Use `cilium.giantswarm.io/pod-cidr` annotation as Cilium Pod CIDR. -- Add Flatcar `3227.2.1` AMI. -- Bump `k8scloudconfig` to support newer flatcar. -- Set EC2's `HttpPutResponseHopLimit` flag to 2. - -### cilium [0.2.6](https://github.com/giantswarm/cilium-app/releases/tag/v0.2.6) - -Cilium is now the CNI in place of calico and AWS-cni. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.1.md deleted file mode 100644 index f26e0dd9f7..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.1.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.0.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.0.1 - version: 18.0.1 - version_tag: v18.0.1 -date: '2022-08-24T08:28:27' -description: Release notes for AWS workload cluster release v18.0.1, published on - 24 August 2022, 08:28. -title: Workload cluster release v18.0.1 for AWS ---- - -This release provides support for Kubernetes 1.23 and upgrades most components. CloudFront and a private S3 bucket are now used by IRSA in non-China regions. - -***IRSA highlights*** -- Please read the [updated documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/) -- Prior to upgrades please reach out to your Account Engineer and GiantSwarm team will help you in seemless migration if you have already enabled IRSA. -- Please remember to adapt the IAM policies prior to upgrade as specified in the [documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/) - -*** Features removed from previous release*** - -- Cilium CNI was rolled back, and this release once again uses AWS CNI. This was done because of an upstream bug that prevented some advanced networking features to work properly. -- Out-of-tree cloud controller manager was removed, and in-tree alternative was enabled again because of an upstream bug regarding AWS CNI. Bug is already fixed in 1.24 version of upstream repo. - -## Change details - -### aws-operator [13.2.0](https://github.com/giantswarm/aws-operator/releases/tag/v13.2.0) - -Update to latest aws-operator release to support k8s 1.23. - -### cert-manager [2.15.3](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.15.3) - -### Added - -- Webhook: Add `PodDisruptionBudget` and pod anti-affinity. -- Startup API check: Add `NetworkPolicy`. - -### Changed - -- Webhook: Increase replica count to 2. - -### external-dns [2.15.2](https://github.com/giantswarm/external-dns-app/releases/tag/v2.15.2) - -### Changed - -- Update init container image to v3.16.2([#182](https://github.com/giantswarm/external-dns-app/pull/182)) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.2.md deleted file mode 100644 index 5ca44f7546..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.2.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.0.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.0.2 - version: 18.0.2 - version_tag: v18.0.2 -date: '2022-08-31T13:42:44' -description: Release notes for AWS workload cluster release v18.0.2, published on - 31 August 2022, 13:42. -title: Workload cluster release v18.0.2 for AWS ---- - -This release fixes incompability with Cgroups V1 that was introduced in v18.0.0. The issue came from dropping dockershim and switching to containerd. - -***IRSA highlights*** -- Please read the [updated documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/) -- Prior to upgrades please reach out to your Account Engineer and GiantSwarm team will help you in seemless migration if you have already enabled IRSA. -- Please remember to adapt the IAM policies prior to upgrade as specified in the [documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/) - -***Features removed from v18.0.0*** - -- Cilium CNI was rolled back, and this release once again uses AWS CNI. This was done because of an upstream bug that prevented some advanced networking features to work properly. -- Out-of-tree cloud controller manager was removed, and in-tree alternative was enabled again because of an upstream bug regarding AWS CNI. Bug is already fixed in 1.24 version of upstream repo. - -## Change details - - -### aws-operator [13.2.1](https://github.com/giantswarm/aws-operator/releases/tag/v13.2.1) - -### Fixed - -- Fixed regression on cgroups v1 support after switching to containerd. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.3.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.3.md deleted file mode 100644 index d2b8c95207..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.0.3.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.0.3/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.0.3 - version: 18.0.3 - version_tag: v18.0.3 -date: '2022-11-02T09:34:12' -description: Release notes for AWS workload cluster release v18.0.3, published on - 02 November 2022, 09:34. -title: Workload cluster release v18.0.3 for AWS ---- - -This release fixes a misconfiguration of IRSA that caused downtime in the API server during upgrades between v17 and v18 with IRSA feature enabled. - -***IRSA highlights*** -- Please read the [updated documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/) -- Prior to upgrades please reach out to your Account Engineer and GiantSwarm team will help you in seemless migration if you have already enabled IRSA. -- Please remember to adapt the IAM policies prior to upgrade as specified in the [documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/) - -***Features removed from v18.0.0*** - -- Cilium CNI was rolled back, and this release still uses AWS CNI. This was done because of an upstream bug that prevented some advanced networking features to work properly. -- Out-of-tree cloud controller manager was removed, and in-tree alternative was enabled again because of an upstream bug regarding AWS CNI. Bug is already fixed in 1.24 version of upstream repo. - -## Change details - - -### aws-operator [13.2.4](https://github.com/giantswarm/aws-operator/releases/tag/v13.2.4) - -### Changed - -- Avoid duplicate --service-account-signing-key-file flag being set for API server. -- Add old cloudfront domain name as service-account-issuer when domain alias is enabled in IRSA. - -### Fixed - -- Add cluster API endpoint as sts audience. - -### metrics-server [2.0.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v2.0.0) - -### Changed - -- Switch to HA setup. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.1.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.1.0.md deleted file mode 100644 index e8290db91c..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.1.0.md +++ /dev/null @@ -1,174 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.1.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.1.0 - version: 18.1.0 - version_tag: v18.1.0 -date: '2022-11-15T13:27:55' -description: Release notes for AWS workload cluster release v18.1.0, published on - 15 November 2022, 13:27. -title: Workload cluster release v18.1.0 for AWS ---- - -This release contains changes that address several kubernetes vulnerabilities as well as improvements. Kubernetes api-server's cpu request are changed to be the half of the CPUs of the VM. Additionally we ensure IAM permissions for Elastic File System (EFS) are set correctly on workload clusters. - -## Change details - - -### app-operator [6.4.1](https://github.com/giantswarm/app-operator/releases/tag/v6.4.1) - -#### Fixed -- Fix a bug that skips adding the chart-values or chart-secrets entries to the Chart CR when they are only created via extra configs of the App CR - - - -### cluster-operator [5.3.0](https://github.com/giantswarm/cluster-operator/releases/tag/v5.3.0) - -#### Changed -- Enable IRSA by default on v19+ clusters. - - - -### kubernetes [1.23.14](https://github.com/kubernetes/kubernetes/releases/tag/v1.23.14) - -#### API Change -- Make STS available replicas optional again, ([#109241](https://github.com/kubernetes/kubernetes/pull/109241), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG API Machinery and Apps] -- Make STS available replicas optional again. ([#113122](https://github.com/kubernetes/kubernetes/pull/113122), [@ashrayjain](https://github.com/ashrayjain)) [SIG Apps] -- Protobuf serialization of metav1.MicroTime timestamps (used in `Lease` and `Event` API objects) has been corrected to truncate to microsecond precision, to match the documented behavior and JSON/YAML serialization. Any existing persisted data is truncated to microsecond when read from etcd. ([#111936](https://github.com/kubernetes/kubernetes/pull/111936), [@haoruan](https://github.com/haoruan)) [SIG API Machinery] -#### Bug or Regression -- Consider only plugin directory and not entire kubelet root when cleaning up mounts ([#112921](https://github.com/kubernetes/kubernetes/pull/112921), [@mattcary](https://github.com/mattcary)) [SIG Storage] -- Etcd: Update to v3.5.5 ([#113100](https://github.com/kubernetes/kubernetes/pull/113100), [@mk46](https://github.com/mk46)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing] -- Fixed a bug where a change in the `appProtocol` for a Service did not trigger a load balancer update. ([#113033](https://github.com/kubernetes/kubernetes/pull/113033), [@MartinForReal](https://github.com/MartinForReal)) [SIG Cloud Provider and Network] -- Kube-proxy, will restart in case it detects that the Node assigned pod.Spec.PodCIDRs have changed ([#113258](https://github.com/kubernetes/kubernetes/pull/113258), [@code-elinka](https://github.com/code-elinka)) [SIG Network] -- Kubelet no longer reports terminated container metrics from cAdvisor ([#112964](https://github.com/kubernetes/kubernetes/pull/112964), [@bobbypage](https://github.com/bobbypage)) [SIG Node] -- Kubelet: fix GetAllocatableCPUs method in cpumanager ([#113422](https://github.com/kubernetes/kubernetes/pull/113422), [@Garrybest](https://github.com/Garrybest)) [SIG Node] -- Pod logs using --timestamps are not broken up with timestamps anymore. ([#113517](https://github.com/kubernetes/kubernetes/pull/113517), [@rphillips](https://github.com/rphillips)) [SIG Node] -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -- github.com/stretchr/objx: [v0.2.0 → v0.4.0](https://github.com/stretchr/objx/compare/v0.2.0...v0.4.0) -- github.com/stretchr/testify: [v1.7.0 → v1.8.0](https://github.com/stretchr/testify/compare/v1.7.0...v1.8.0) -- go.uber.org/goleak: v1.1.10 → v1.2.0 -- gopkg.in/yaml.v3: 496545a → v3.0.1 -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.30 → v0.0.33 -#### Removed -_Nothing has changed._ - - - -### etcd [3.5.5](https://github.com/etcd-io/etcd/releases/tag/v3.5.5) - -#### Deprecations -- Deprecated [SetKeepAlive and SetKeepAlivePeriod in limitListenerConn](https://github.com/etcd-io/etcd/pull/14366). - -#### Package `clientv3` -- Fix [do not overwrite authTokenBundle on dial](https://github.com/etcd-io/etcd/pull/14132). -- Fix [IsOptsWithPrefix returns false even if WithPrefix() is included](https://github.com/etcd-io/etcd/pull/14187). - -#### etcd server -- [Build official darwin/arm64 artifacts](https://github.com/etcd-io/etcd/pull/14436). -- Add [`etcd --max-concurrent-streams`](https://github.com/etcd-io/etcd/pull/14219) flag to configure the max concurrent streams each client can open at a time, and defaults to math.MaxUint32. -- Add [`etcd --experimental-compact-hash-check-enabled --experimental-compact-hash-check-time`](https://github.com/etcd-io/etcd/issues/14039) flags to support enabling reliable corruption detection on compacted revisions. -- Fix [unexpected error during txn](https://github.com/etcd-io/etcd/issues/14110). -- Fix [lease leak issue due to tokenProvider isn't enabled when restoring auth store from a snapshot](https://github.com/etcd-io/etcd/pull/13205). -- Fix [the race condition between goroutine and channel on the same leases to be revoked](https://github.com/etcd-io/etcd/pull/14087). -- Fix [lessor may continue to schedule checkpoint after stepping down leader role](https://github.com/etcd-io/etcd/pull/14087). -- Fix [Restrict the max size of each WAL entry to the remaining size of the WAL file](https://github.com/etcd-io/etcd/pull/14127). -- Fix [Protect rangePermCache with a RW lock correctly](https://github.com/etcd-io/etcd/pull/14227) -- Fix [memberID equals zero in corruption alarm](https://github.com/etcd-io/etcd/pull/14272) -- Fix [Durability API guarantee broken in single node cluster](https://github.com/etcd-io/etcd/pull/14424) -- Fix [etcd fails to start after performing alarm list operation and then power off/on](https://github.com/etcd-io/etcd/pull/14429) -- Fix [authentication data not loaded on member startup](https://github.com/etcd-io/etcd/pull/14409) - -#### etcdctl v3 - -- Fix [etcdctl move-leader may fail for multiple endpoints](https://github.com/etcd-io/etcd/pull/14434) - - -#### Other -- [Bump golang.org/x/crypto to latest version](https://github.com/etcd-io/etcd/pull/13996) to address [CVE-2022-27191](https://github.com/advisories/GHSA-8c26-wmh5-6g9v). -- [Bump OpenTelemetry to 1.0.1 and gRPC to 1.41.0](https://github.com/etcd-io/etcd/pull/14312). - - -### kiam [2.5.1](https://github.com/giantswarm/kiam-app/releases/tag/v2.5.1) - -#### Fixed -- Allow `whiteListRouteRegexp` to default to `/latest/*`. - - - -### aws-ebs-csi-driver [2.18.0](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.18.0) - -#### Changed -- Update aws-ebs-csi-driver version to `v1.13.0`. - - - -### cert-exporter [2.3.0](https://github.com/giantswarm/cert-exporter/releases/tag/v2.3.0) - -#### Changed -- Update base container image to quay.io/giantswarm/alpine:3.16.2-giantswarm. -- Update go to 1.18. -- Update github.com/giantswarm/k8sclient to v7.0.1. -- Update github.com/hashicorp/vault/api to v1.7.2. -- Update github.com/prometheus/client_golang to v1.13.0. -- Update github.com/spf13/afero to v1.9.2. -- Update k8s.io/api to v0.23.10. -- Update k8s.io/apimachinery to v0.23.10. -- Update k8s.io/client-go to v0.23.10. -#### Added -- Add /etc/kubernetes/pki to --cert-paths flag in DaemonSet deployment. - - - -### cert-manager [2.18.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.18.0) - -#### Added -- Support for running behind a proxy. - - `HTTP_PROXY`,`HTTPS_PROXY` and `NO_PROXY` are set as environment variables in `deployment/cert-manager-cainjector`, `deployment/cert-manager-controller` and `deployment/cert-manager-webhook` if defined in `values.yaml`. -- Support for using `cluster-apps-operator` specific `cluster.proxy` values. - - - -### chart-operator [2.32.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.32.0) - -#### Added -- Support for running behind a proxy. - - `HTTP_PROXY`,`HTTPS_PROXY` and `NO_PROXY` are set as environment variables in `deployment/chart-operator` if defined in `values.yaml`. -- Support for using `cluster-apps-operator` generated `cluster.proxy` values. - - - -### external-dns [2.17.1](https://github.com/giantswarm/external-dns-app/releases/tag/v2.17.1) - -#### Changed -- Allow using AWS Route53 from any provider [#200](https://github.com/giantswarm/external-dns-app/pull/200) - - - -### kube-state-metrics [1.14.0](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.14.0) - -#### Changed -- Upgrade kube-state-metrics to 2.6.0 - - - -### aws-operator [14.1.0](https://github.com/giantswarm/aws-operator/releases/tag/v14.1.0) - -#### Changed -- Use custom KMS key for encryption on your Amazon EBS volumes. -- Enable IRSA by default in release v19.0.0. -- Bump k8scc to [15.1.1](https://github.com/giantswarm/k8scloudconfig/blob/master/CHANGELOG.md#1511---2022-11-03). (Set CPU and Memory requests for Api server to be half of VM CPUs.) -- Added EFS policy to the ec2 instance role to allow to use the EFS driver out of the box -- Add both the cloudfront domain and alias domain in route53manager role policy. - -#### Fixed -- Allow rolling nodes when there is a change in the AWSMachineDeployment even when CF stack was never updated before. -- Quickly delete DrainerConfigs during cluster or machine deployment deletion to speedup cluster deletion process. -- Fix disabling of kube-proxy in v19+. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.1.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.1.1.md deleted file mode 100644 index 7b282e9168..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.1.1.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.1.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.1.1 - version: 18.1.1 - version_tag: v18.1.1 -date: '2023-01-13T08:48:17' -description: Release notes for AWS workload cluster release v18.1.1, published on - 13 January 2023, 08:48. -title: Workload cluster release v18.1.1 for AWS ---- - -This release contains revised allocation calculation on the master nodes. Kubernetes api-server's cpu request are changed to be the half of the **available** CPUs in the VM. This fix will open up more space for other workloads scheduled to run on the master nodes. - -## Change details - - -### aws-operator [14.1.1](https://github.com/giantswarm/aws-operator/releases/tag/v14.1.1) - -#### Changed -- Bump k8scc to [15.4.0](https://github.com/giantswarm/k8scloudconfig/blob/master/CHANGELOG.md#1540---2023-01-11). (Lower apiserver's cpu request to be 1/2 of the available CPUs in the VM.) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.2.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.2.0.md deleted file mode 100644 index dc57829aaa..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.2.0.md +++ /dev/null @@ -1,211 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.2.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.2.0 - version: 18.2.0 - version_tag: v18.2.0 -date: '2023-02-03T12:22:25' -description: Release notes for AWS workload cluster release v18.2.0, published on - 03 February 2023, 12:22. -title: Workload cluster release v18.2.0 for AWS ---- - -This release contains changes that address several Kubernetes vulnerabilities bringing it to the latest `1.23.15` version. - -Additionally to allow customers better cost optimatization the size of [EBS Volumes for Logging, Docker and Containerd can be now modified](https://docs.giantswarm.io/use-the-api/management-api/crd/awsmachinedeployments.infrastructure.giantswarm.io/#v1alpha3). After analysis of the Logging EBS Volume usage itself, the default has been changed from 100GB to 15GB per node for cost savings. Please contact your Account Engineer to start the analysis of the Docker and Contanerd Volumes sizes for the targets to be modified. - -***Important to note this release adds new component:*** -- [observability-bundle](https://github.com/giantswarm/observability-bundle) - revised monitoring solution that provides necessary components to enable observability capabilities in a workload cluster. This upgrade can temporairly affect prometheus but the monitoring team is paged immediately to perform manual steps and cleanup. Hence there should be little to no impact. If prometheus-operator is in use on the Workload Clusters, please reach out to your Account Engineer who will notify and sync with Giant Swarm monitoring team upfront. - -***Summary of further improvements can be found in the list below:*** -- Node pool nodes will be labeled with the current cgroup version. -- Docker Rate Limits will be fixed when trying to pull images too often -- Custom kernel parameters in the 'net.*' namespace are allowed to be set -- IP limit for node is removed when `Prefix Delegation` is enabled, without we keep the limit of `110` -- The `ALB Controller` IAM role (`gs-$CLUSTERID-ALBController-Role`) will be created by default for each cluster - -## Change details - - -### kubernetes [1.23.15](https://github.com/kubernetes/kubernetes/releases/tag/v1.23.15) - -#### Feature -- Kubeadm: use the image registry registry.k8s.io instead of k8s.gcr.io for new clusters. During upgrade, migrate users to registry.k8s.io if they were using the default of k8s.gcr.io. ([#113393](https://github.com/kubernetes/kubernetes/pull/113393), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -#### Bug or Regression -- Fix endpoint reconciler not being able to delete the apiserver lease on shutdown ([#114153](https://github.com/kubernetes/kubernetes/pull/114153), [@aojea](https://github.com/aojea)) [SIG API Machinery] -- Fix for volume reconstruction of CSI ephemeral volumes ([#113347](https://github.com/kubernetes/kubernetes/pull/113347), [@dobsonj](https://github.com/dobsonj)) [SIG Node, Storage and Testing] -- Fix performance issue when creating large objects using SSA with fully unspecified schemas (preserveUnknownFields). ([#111914](https://github.com/kubernetes/kubernetes/pull/111914), [@aojea](https://github.com/aojea)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing] -#### Other (Cleanup or Flake) -- Kubelet now defaults to pulling the pause image from registry.k8s.io ([#114340](https://github.com/kubernetes/kubernetes/pull/114340), [@liggitt](https://github.com/liggitt)) [SIG Node] -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -- sigs.k8s.io/structured-merge-diff/v4: v4.2.1 → v4.2.3 -#### Removed -_Nothing has changed._ - - - -### etcd [3.5.6](https://github.com/etcd-io/etcd/releases/tag/v3.5.6) - -#### etcd server -- Fix [auth invalid token and old revision errors in watch](https://github.com/etcd-io/etcd/pull/14547) -- Fix [avoid closing a watch with ID 0 incorrectly](https://github.com/etcd-io/etcd/pull/14563) -- Fix [auth: fix data consistency issue caused by recovery from snapshot](https://github.com/etcd-io/etcd/pull/14648) -- Fix [revision might be inconsistency between members when etcd crashes during processing defragmentation operation](https://github.com/etcd-io/etcd/pull/14733) -- Fix [timestamp in inconsistent format](https://github.com/etcd-io/etcd/pull/14799) -- Fix [Failed resolving host due to lost DNS record](https://github.com/etcd-io/etcd/pull/14573) -#### Package `clientv3` -- Fix [Add backoff before retry when watch stream returns unavailable](https://github.com/etcd-io/etcd/pull/14582). -- Fix [stack overflow error in double barrier](https://github.com/etcd-io/etcd/pull/14658) -- Fix [Refreshing token on CommonName based authentication causes segmentation violation in client](https://github.com/etcd-io/etcd/pull/14790). -#### etcd grpc-proxy -- Add [`etcd grpc-proxy start --listen-cipher-suites`](https://github.com/etcd-io/etcd/pull/14500) flag to support adding configurable cipher list. - - - -### app-operator [6.6.0](https://github.com/giantswarm/app-operator/releases/tag/v6.6.0) - -#### Added -- Add support for dependencies between apps using `app-operator.giantswarm.io/depends-on` annotation. - - - -### aws-operator [14.7.1](https://github.com/giantswarm/aws-operator/releases/tag/v14.7.1) - -#### Added -- Label node pool nodes with cgroups.giantswarm.io/version to indicate which cgroup version they are running. -- Add ALB Controller IAM role. -- Allow disk size configuration of logging volume. New default value is 15Gb. -- Allow different values for docker and containerd volume. - -#### Changed -- Switch container registry in China -- Add AMIs for flatcar versions 3374.2.0, 3374.2.1, 3374.2.2 and 3374.2.3. -- Update k8scloudconfig to allow setting custom kernel parameters in the 'net.*' namespace. -- Remove IP limit when prefix delegation is enabled. IP limit will be 110 for nodes with Prefix Delegation. -- Bump k8scc to [15.4.0](https://github.com/giantswarm/k8scloudconfig/blob/master/CHANGELOG.md#1540---2023-01-11). (Lower apiserver's cpu request to be 1/2 of the available CPUs in the VM) -- Bump k8scc to [15.3.0](https://github.com/giantswarm/k8scloudconfig/blob/master/CHANGELOG.md#1530---2022-11-29). (Label master nodes with node-role.kubernetes.io/control-plane to comply with kubeadm/CAPI) -- Bump k8scc to [15.2.0](https://github.com/giantswarm/k8scloudconfig/blob/master/CHANGELOG.md#1520---2022-11-24). (Add component label to scheduler and controller-manager's manifests. Add missing registry mirror to containerd config.) - - -#### Fixed -- Adjust ALBController IAM role name. -- Fix Docker rate limit for pulling images. - - -### cluster-operator [5.5.0](https://github.com/giantswarm/cluster-operator/releases/tag/v5.5.0) - -#### Fixed -- Fix user config CM mapping for bundle apps. -#### Added -- Read app dependencies from Release CR to avoid deadlock installing apps in new clusters. - - - -### node-exporter [1.15.0](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.15.0) - -#### Fixed -- Fix collector `systemd` -- Fix duplicate scrapping by GiantSwarm Prometheus -#### Added -- Add values schema - - - -### vertical-pod-autoscaler [2.5.3](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v2.5.3) - -#### Changed -- Increased memory limits for updater, recommender and admissionController - - - -### aws-ebs-csi-driver [2.20.0](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.20.0) - -#### Changed -- Updated ebs-csi-driver to `v1.15` and updated sidecar images. - - - -### cert-exporter [2.3.1](https://github.com/giantswarm/cert-exporter/releases/tag/v2.3.1) - -#### Fixed -- Allow eviction for cert-exporter-deployment. - - - -### chart-operator [2.33.2](https://github.com/giantswarm/chart-operator/releases/tag/v2.33.2) - -#### Added -- Add support to run in private cloud clusters, which cannot provide any working externalDNSIP. -- New error for values schema validation. - -#### Changed -- Use transitional errors coming from running Helm in the Chart CR status. - - - -### coredns [1.13.0](https://github.com/giantswarm/coredns-app/releases/tag/v1.13.0) - -#### Added -- `values.schema.json` file -#### Changed -- Move nodeselector `label:value` to values.yaml to allow customizing it for CAPZ -- Add toleration for `node-role.kubernetes.io/control-plane` to masters instance - - - -### external-dns [2.23.2](https://github.com/giantswarm/external-dns-app/releases/tag/v2.23.2) - -#### Fixed -- Hardcode `external-dns.name` default name dropping the `-app` suffix ([#235](https://github.com/giantswarm/external-dns-app/pull/235)) - - - -### kiam [2.6.0](https://github.com/giantswarm/kiam-app/releases/tag/v2.6.0) - -- Support for running behind a proxy. - - `HTTP_PROXY`,`HTTPS_PROXY` and `NO_PROXY` are set as environment variables in deployment if defined in `values.yaml`. -- Support for using `cluster-apps-operator` specific `cluster.proxy` values. - - - -### kube-state-metrics [1.14.2](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.14.2) - -#### Changed -- Re add to Azure collections. - - - -### metrics-server [2.0.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v2.0.0) - -#### Changed -- Switch to HA setup. - - - -### net-exporter [1.13.0](https://github.com/giantswarm/net-exporter/releases/tag/v1.13.0) - -#### Added -- Add helm chart values schema -#### Changed -- Update to Go 1.18 -- Update github.com/giantswarm/k8sclient to v7.0.1 -- Update github.com/giantswarm/micrologger to v1.0.0 -- Update github.com/miekg/dns to v1.1.50 -- Update k8s.io deps to v0.26.0 -- Update docker-kubectl to 1.25.4 - - - -### observability-bundle [0.1.9](https://github.com/giantswarm/observability-bundle/releases/tag/v0.1.9) - -#### Changed -- Upgrade `prometheus-operator-app` to 3.0.0. -- Upgrade `prometheus-operator-crd` to 3.0.0. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.2.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.2.1.md deleted file mode 100644 index d853a08926..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.2.1.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.2.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.2.1 - version: 18.2.1 - version_tag: v18.2.1 -date: '2023-03-02T10:06:00' -description: Release notes for AWS workload cluster release v18.2.1, published on - 02 March 2023, 10:06. -title: Workload cluster release v18.2.1 for AWS ---- - -This release contains changes that improves the stability of cluster upgrades - -## Change details - - -### aws-operator [14.8.0](https://github.com/giantswarm/aws-operator/releases/tag/v14.8.0) - -#### Changed -- Adjust the tccpn stack heartbeat to improve cluster upgrades. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.2.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.2.2.md deleted file mode 100644 index 62d0cc4a1b..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.2.2.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.2.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.2.2 - version: 18.2.2 - version_tag: v18.2.2 -date: '2023-04-27T09:33:40' -description: Release notes for AWS workload cluster release v18.2.2, published on - 27 April 2023, 09:33. -title: Workload cluster release v18.2.2 for AWS ---- - -This release contains a bugfix for Giantswarm `aws-operator`. It fixes an issue where the `aws-operator` would not be able to create any new cluster because of the recent changes for S3 buckets. [Official documentation available here.](https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/) - -***IAM Permissions Requirements*** -The minimal requirement for the IAM permissions is [Version 3.1.0](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/blob/master/CHANGELOG.md#310---2023-04-27) of [giantswarm-aws-account-prerequisites](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/) repository. - -## Change details - - -### aws-operator [14.8.1](https://github.com/giantswarm/aws-operator/releases/tag/v14.8.1) - -#### Fixed -- Allow to enable ACLs for a S3 buckets. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.3.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.3.0.md deleted file mode 100644 index 191012cc42..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.3.0.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.3.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.3.0 - version: 18.3.0 - version_tag: v18.3.0 -date: '2023-04-04T11:22:19' -description: Release notes for AWS workload cluster release v18.3.0, published on - 04 April 2023, 11:22. -title: Workload cluster release v18.3.0 for AWS ---- - -This release contains changes that address several vulnerabilities as well as improvements in the stability of etcd cluster for large clusters. - -## Change details - - -### containerlinux [3374.2.3](https://www.flatcar-linux.org/releases/#release-3374.2.3) - -_Changes since **Stable 3374.2.2**_ - -#### Security fixes: - -- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3344](https://nvd.nist.gov/vuln/detail/CVE-2022-3344), [CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934), [CVE-2022-47518](https://nvd.nist.gov/vuln/detail/CVE-2022-47518), [CVE-2022-47519](https://nvd.nist.gov/vuln/detail/CVE-2022-47519), [CVE-2022-47520](https://nvd.nist.gov/vuln/detail/CVE-2022-47520), [CVE-2022-47521](https://nvd.nist.gov/vuln/detail/CVE-2022-47521)) -- git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903)) - -#### Bug fixes: - -- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we stay with Kernel 5.15.86. ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2402](https://github.com/flatcar/coreos-overlay/pull/2402)) - -#### Changes: - - -#### Updates: - -- Linux ([5.15.86](https://lwn.net/Articles/918808) (includes [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400), [5.15.81](https://lwn.net/Articles/916763), [5.15.80](https://lwn.net/Articles/916003))) -- git ([2.37.5](https://github.com/git/git/blob/v2.37.5/Documentation/RelNotes/2.37.5.txt)) - - - -### aws-operator [14.12.0](https://github.com/giantswarm/aws-operator/releases/tag/v14.12.0) - -#### Changed -- Set ENV for nftables in `aws-cni`. -- Improved etcd resiliency and allow customization of --quota-backend-bytes. -- Bump k8s-api-healthz image to 0.2.0. -- When creating a cluster, create the master ASGs in parallel. - -#### Fixed -- Don't mark master instance as unhealthy if local etcd instance is unresponsive but the whole etcd cluster is also down. -- Don't mark master instance as unhealthy if local API server instance is unresponsive but the whole API server is also down. - - - -### kubernetes [1.23.17](https://github.com/kubernetes/kubernetes/releases/tag/v1.23.17) - -#### Feature -- Kubelet TCP and HTTP probes are more effective using networking resources: conntrack entries, sockets, ... - This is achieved by reducing the TIME-WAIT state of the connection to 1 second, instead of the defaults 60 seconds. This allows kubelet to free the socket, and free conntrack entry and ephemeral port associated. ([#115143](https://github.com/kubernetes/kubernetes/pull/115143), [@aojea](https://github.com/aojea)) [SIG Network and Node] -- Kubernetes is now built with Go 1.19.6 ([#115830](https://github.com/kubernetes/kubernetes/pull/115830), [@cpanato](https://github.com/cpanato)) [SIG Cloud Provider, Instrumentation, Release and Testing] -#### Bug or Regression -- Golang.org/x/net updates to v0.7.0 to fix CVE-2022-41723 ([#115790](https://github.com/kubernetes/kubernetes/pull/115790), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Security and Storage] -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -- golang.org/x/net: 1e63c2f → v0.7.0 -- golang.org/x/sys: v0.3.0 → v0.5.0 -- golang.org/x/term: v0.3.0 → v0.5.0 -- golang.org/x/text: v0.5.0 → v0.7.0 -#### Removed -_Nothing has changed._ - - - -### aws-cni [1.12.6](https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.12.6) - -* Bug - [Fix MTU parameter in egress-v4-cni plugin](https://github.com/aws/amazon-vpc-cni-k8s/pull/2295) (@jdn5126 ) -* Documentation - [Fixing the log message to be meaningful](https://github.com/aws/amazon-vpc-cni-k8s/pull/2260) (@rajeeshckr ) -* Improvement - [Add bmn-sf1.metal instance support](https://github.com/aws/amazon-vpc-cni-k8s/pull/2286) (@vpineda1996 ) -* Improvement - [Support routing to external IPs behind service](https://github.com/aws/amazon-vpc-cni-k8s/pull/2243) (@jdn5126 ) -* Improvement - [Use Go 1.19; fix egress-v4-cni MTU parsing, update containerd](https://github.com/aws/amazon-vpc-cni-k8s/pull/2303) (@jdn5126 ) -* Improvement - [Added enviroment variable to allow ipamd to manage the ENIs on a non schedulable node](https://github.com/aws/amazon-vpc-cni-k8s/pull/2296) (@rajeeshckr ) -* Improvement - [Use GET for IAM Permissions event; update controller-runtime from 0.13.1 to 0.14.4 and client-go from v0.25.5 to v0.26.1](https://github.com/aws/amazon-vpc-cni-k8s/pull/2304) (@jdn5126 ) -* Improvement - [Remove old checkpoint migration logic; update containerd version](https://github.com/aws/amazon-vpc-cni-k8s/pull/2307) (@jdn5126 ) - - - -### cluster-autoscaler [1.23.1-gs1](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.23.1-gs1) - -#### Changed -- Add 'projected' volumes to the PSP. -- Add new-pod-scale-up-delay variable. - - -### observability-bundle [0.3.0](https://github.com/giantswarm/observability-bundle/releases/tag/v0.3.0) - -#### Changed -- Add new app dependency mechanism (`app-operator.giantswarm.io/depends-on`) to the prometheus-operator-app and agent so they are not installed until the CRD app is deployed. -- prometheus-operator: drop `apiserver_request_slo_duration_seconds_bucket` metrics from apiserver -- upgrade `prometheus-operator-app` to 4.0.1 and `prometheus-operator-crd` to 4.0.0 -- upgrade `prometheus-agent` to 0.3.0 to support chinese registry -#### Added -- Add `promtail-app` v1.0.1 disabled by default. - - - -### coredns [1.14.2](https://github.com/giantswarm/coredns-app/releases/tag/v1.14.2) - -#### Changed -- ConfigMap: Add lameduck of 5 seconds to health check ([#191](https://github.com/giantswarm/coredns-app/pull/191)). - - - -### cert-manager [2.20.3](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.20.3) - -#### Added -- Add `node-role.kubernetes.io/control-plane` key to list of tolerations diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.3.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.3.1.md deleted file mode 100644 index b2ce8b7a9f..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.3.1.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.3.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.3.1 - version: 18.3.1 - version_tag: v18.3.1 -date: '2023-04-27T11:16:29' -description: Release notes for AWS workload cluster release v18.3.1, published on - 27 April 2023, 11:16. -title: Workload cluster release v18.3.1 for AWS ---- - -This release contains a bugfix for Giantswarm `aws-operator`. It fixes an issue where the `aws-operator` would not be able to create any new cluster because of the recent changes for S3 buckets. [Official documentation available here.](https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/) - -***IAM Permissions Requirements*** -The minimal requirement for the IAM permissions is [Version 3.1.0](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/blob/master/CHANGELOG.md#310---2023-04-27) of [giantswarm-aws-account-prerequisites](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/) repository. - -## Change details - - -### aws-operator [14.12.2](https://github.com/giantswarm/aws-operator/releases/tag/v14.12.2) - -#### Fixed -- Allow to enable ACLs for a S3 buckets. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.4.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.4.0.md deleted file mode 100644 index 5b7d6833e1..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.4.0.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.4.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.4.0 - version: 18.4.0 - version_tag: v18.4.0 -date: '2023-04-19T07:42:31' -description: Release notes for AWS workload cluster release v18.4.0, published on - 19 April 2023, 07:42. -title: Workload cluster release v18.4.0 for AWS ---- - -This release contains changes that address several vulnerabilities and overall improvements. Most important change is extending the IRSA trust policy for external-dns IAM role so it can be used by multiple external-dns in your workload clusters with IRSA enabled. - -This release also adds a new component `cilium-prerequisites` that installs `CiliumNetworkPolicy` CRDs towards the easier and downtime-free Cilium migration. This application can also be installed from the catalog. - -***Important for IRSA*** -When upgrading to AWS Release `v18.4.0` you can additionally set a annotation on AWSCluster CR `alpha.aws.giantswarm.io/enable-cloudfront-alias: ""` to enable the usage of the Cloudfront alternate domain name before v19 where it will be a default. This is useful if you want to take immeditately actions replacing `Kiam`. - -***IAM Permissions Requirements*** -The minimal requirement for the IAM permissions is [Version 3.1.0](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/blob/master/CHANGELOG.md#310---2023-04-27) of [giantswarm-aws-account-prerequisites](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/) repository. - -## Change details - - -### aws-operator [14.13.1](https://github.com/giantswarm/aws-operator/releases/tag/v14.13.1) - -#### Fixed -- Allow to enable ACLs for a S3 buckets. - - - -### containerlinux [3374.2.5](https://www.flatcar-linux.org/releases/#release-3374.2.5) - - _Changes since **Stable 3374.2.4**_ - - #### Security fixes: - - - Linux ([CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842), [CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073), [CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559)) - - #### Bug fixes: - - - Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)). - - #### Updates: - - - Linux ([5.15.92](https://lwn.net/Articles/922340) (includes [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029))) - - - -### cilium-prerequisites [0.1.1](https://github.com/giantswarm/cilium-prerequisites/releases/tag/v0.1.1) - -#### Fixed -- Fixed kube-linter. - - - -### observability-bundle [0.4.2](https://github.com/giantswarm/observability-bundle/releases/tag/v0.4.2) - -#### Changed -- Upgrade `prometheus-agent-app` to 0.4.1. - - - -### vertical-pod-autoscaler [3.4.2](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v3.4.2) - -#### Changed -- Remove circleci job for pushing to shared app collection - - - -### vertical-pod-autoscaler-crd [2.0.1](https://github.com/giantswarm/vertical-pod-autoscaler-crd/releases/tag/v2.0.1) - -#### Changed -- in [#59](https://github.com/giantswarm/vertical-pod-autoscaler-crd/pull/59) removed duplicate resources for the CRDs definition causing errors during mc-bootstrap diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.4.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.4.1.md deleted file mode 100644 index e954054775..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.4.1.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.4.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v18.4.1 - version: 18.4.1 - version_tag: v18.4.1 -date: '2023-05-05T11:03:09' -description: Release notes for AWS workload cluster release v18.4.1, published on - 05 May 2023, 11:03. -title: Workload cluster release v18.4.1 for AWS ---- - -This release contains small improvements. It disables ETCD compaction request from apiserver which is included in etcd by default and upgrades `observability-bundle`. - -***Important for IRSA*** -When upgrading to AWS Release `v18.4.1` you can additionally set a annotation on AWSCluster CR `alpha.aws.giantswarm.io/enable-cloudfront-alias: ""` to enable the usage of the Cloudfront alternate domain name before v19 where it will be a default. This is useful if you want to take immeditate actions replacing `Kiam`. - -***IAM Permissions Requirements*** -The minimal requirement for the IAM permissions is [Version 3.2.0](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/blob/master/CHANGELOG.md#320---2023-04-27) of [giantswarm-aws-account-prerequisites](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/) repository. - -## Change details - - -### aws-operator [14.13.2](https://github.com/giantswarm/aws-operator/releases/tag/v14.13.2) - -#### Changed -- Disable ETCD compaction request from apiserver. - - - -### observability-bundle [0.4.3](https://github.com/giantswarm/observability-bundle/releases/tag/v0.4.3) - -- Upgrade `prometheus-operator-app` to 4.2.3. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.4.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.4.2.md deleted file mode 100644 index c6295f0b3f..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v18.4.2.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v18.4.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/v18.4.2 - version: 18.4.2 - version_tag: v18.4.2 -date: '2023-05-10T15:48:39' -description: Release notes for AWS workload cluster release v18.4.2, published on - 10 May 2023, 15:48. -title: Workload cluster release v18.4.2 for AWS ---- - -This is a patch release that fixes a problem causing CNI downtime when upgrading from v18 to v19. - -***IAM Permissions Requirements*** -The minimal requirement for the IAM permissions is [Version 3.3.0](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/blob/master/CHANGELOG.md#330---2023-05-11) of [giantswarm-aws-account-prerequisites](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/) repository. - -## Change details - - -### aws-operator [14.13.3-patch1](https://github.com/giantswarm/aws-operator/releases/tag/v14.13.3-patch1) - -#### Removed - -- Remove implementation of `prepareawscniformigration` and `restrictawsnodedaemonset` to avoid race condition issues during cluster upgrades. - -#### Fixed -- Ensure `net.ipv4.conf.eth0.rp_filter` is set to `2` if aws-CNI is used. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.0.0-alpha1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.0.0-alpha1.md deleted file mode 100644 index 7d6afb39be..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.0.0-alpha1.md +++ /dev/null @@ -1,852 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v19.0.0-alpha1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v19.0.0-alpha1 - version: 19.0.0-alpha1 - version_tag: v19.0.0-alpha1 -date: '2023-03-13T14:07:34' -description: Release notes for AWS workload cluster release v19.0.0-alpha1, published - on 13 March 2023, 14:07. -title: Workload cluster release v19.0.0-alpha1 for AWS ---- - -***THIS IS AN ALPHA RELEASE - SOLELY FOR THE PURPOSE OF CREATING NEW PLAYGROUND CLUSTERS ONLY*** - -This Giant Swarm release introduces Kubernetes 1.24, replaces the use of AWS CNI with Cilium and upgrades most components. This release also deprecates and removes use of `kiam` by default in favor of `IAM Roles for Service Accounts (IRSA)`. - -> **_CNI Warning:_** The AWS CNI pod subnets are no longer used by Cilium. Please add custom routes with the node subnet(s) CIDR(s) instead of the AWS CNI pod subnets CIDR before upgrading to this release. - -> **_IAM Warning:_** The `kiam` application will be removed from clusters in favor of IAM Roles for Service Accounts (IRSA). Please read release notes and prepare for migration. - -***Cilium highlights*** -- [Network Policy](https://docs.cilium.io/en/stable/concepts/kubernetes/policy/#networkpolicy-state) provided by Cilium does not cover support for setting [ipBlock with Pod IP](https://github.com/cilium/cilium/issues/9209). Components in need of this will have to use [CiliumNetworkPolicy](https://docs.cilium.io/en/stable/concepts/kubernetes/policy/#ciliumnetworkpolicy) which has wider scope. -- The AWS CNI pod subnets are no longer used by Cilium. Please add custom routes with the node subnet(s) CIDR(s) instead of the AWS CNI pod subnets CIDR before upgrading to this release. -- The upgrade process [documentation](https://handbook.giantswarm.io/docs/support-and-ops/ops-recipes/upgrade-to-cilium/) is available. Please read it carefully and reach out in case of questions. -- Cilium will have Hubble UI enabled by default for troubleshooting and observability. -- Due to changes to CRs during upgrade the `gitops` automation will have to be suspended and any applied changes backported to the repos before resuming. - -***IRSA highlights*** -- Please read the [updated documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/) -- Please remember to adapt the IAM policies prior to upgrade as specified in the [documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/) -- There has been changes introduced to the `Cloudfront domain alias` to provide greater predictability and enable easier automation of AWS IAM role creation by customers. Please adjust AWS IAM roles accordingly to the [documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/#aws-release-v19) prior to the upgrade. - -***General highlights*** -- The [k8s-dns-node-cache-app](https://github.com/giantswarm/k8s-dns-node-cache-app/) is now deployed by default. After the upgrade please delete the application if you have deployed it through managed catalog. Afterwards the app will be installed automatically. -- The [prometheus-blackbox-exporter](https://github.com/giantswarm/prometheus-blackbox-exporter/) is a new monitoring component deployed by default. This is a blackbox monitoring tool that will validate internal, DNS and external connectivity. - - - -## Change details - - -### cert-operator [3.0.1](https://github.com/giantswarm/cert-operator/releases/tag/v3.0.1) - -#### Fixed -- Allow running unique and non unique cert-operators in the same namespace. - - - -### aws-operator [14.9.0](https://github.com/giantswarm/aws-operator/releases/tag/v14.9.0) - -#### Changed -- Bump k8s-api-healthz image to 0.2.0. -#### Fixed -- Don't mark master instance as unhealthy if local etcd instance is unresponsive but the whole etcd cluster is also down. -- Don't mark master instance as unhealthy if local API server instance is unresponsive but the whole API server is also down. - - - -### containerlinux [3374.2.3](https://www.flatcar-linux.org/releases/#release-3374.2.3) - -_Changes since **Stable 3374.2.2**_ - -#### Security fixes: - -- Linux ([CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3344](https://nvd.nist.gov/vuln/detail/CVE-2022-3344), [CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3545](https://nvd.nist.gov/vuln/detail/CVE-2022-3545), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934), [CVE-2022-47518](https://nvd.nist.gov/vuln/detail/CVE-2022-47518), [CVE-2022-47519](https://nvd.nist.gov/vuln/detail/CVE-2022-47519), [CVE-2022-47520](https://nvd.nist.gov/vuln/detail/CVE-2022-47520), [CVE-2022-47521](https://nvd.nist.gov/vuln/detail/CVE-2022-47521)) -- git ([CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903)) - -#### Bug fixes: - -- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we stay with Kernel 5.15.86. ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2402](https://github.com/flatcar/coreos-overlay/pull/2402)) - -#### Changes: - - -#### Updates: - -- Linux ([5.15.86](https://lwn.net/Articles/918808) (includes [5.15.85](https://lwn.net/Articles/918329), [5.15.84](https://lwn.net/Articles/918206), [5.15.83](https://lwn.net/Articles/917896), [5.15.82](https://lwn.net/Articles/917400), [5.15.81](https://lwn.net/Articles/916763), [5.15.80](https://lwn.net/Articles/916003))) -- git ([2.37.5](https://github.com/git/git/blob/v2.37.5/Documentation/RelNotes/2.37.5.txt)) - -### etcd [3.5.7](https://github.com/etcd-io/etcd/releases/tag/v3.5.7) - -#### etcd server -- Fix [Remove memberID from data corrupt alarm](https://github.com/etcd-io/etcd/pull/14852). -- Fix [Allow non mutating requests pass through quotaKVServer when NOSPACE](https://github.com/etcd-io/etcd/pull/14884). -- Fix [nil pointer panic for readonly txn due to nil response](https://github.com/etcd-io/etcd/pull/14899). -- Fix [The last record which was partially synced to disk isn't automatically repaired](https://github.com/etcd-io/etcd/pull/15069). -- Fix [etcdserver might promote a non-started learner](https://github.com/etcd-io/etcd/pull/15096). -#### Package `clientv3` -- Reverted the fix to [auth invalid token and old revision errors in watch](https://github.com/etcd-io/etcd/pull/14995). -#### Security -- Use [distroless base image](https://github.com/etcd-io/etcd/pull/15016) to address critical Vulnerabilities. -- Updated [base image from base-debian11 to static-debian11 and removed dependency on busybox](https://github.com/etcd-io/etcd/pull/15037). -- Bumped [some dependencies](https://github.com/etcd-io/etcd/pull/15018) to address some HIGH Vulnerabilities. -#### Go -- Require [Go 1.17+](https://github.com/etcd-io/etcd/pull/15019). -- Compile with [Go 1.17+](https://go.dev/doc/devel/release#go1.17) - - - -### aws-cloud-controller-manager [1.24.1-gs1](https://github.com/giantswarm/aws-cloud-controller-manager-app/releases/tag/v1.24.1-gs1) - -#### Changed -- Bump to upstream version 1.24.1. - - - -### cert-manager [2.20.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.20.0) - -#### Added -- Adds support for DNS01 challenge via AWS Route53 ([#284](https://github.com/giantswarm/cert-manager-app/pull/292)) - - - -### chart-operator [2.34.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.34.0) - -#### Changed -- Selecting private Helm client on demand for some operations. - - - -### cilium [0.8.0](https://github.com/giantswarm/cilium-app/releases/tag/v0.8.0) - -#### Changed -- Bump all manifests to upstream version 1.13. -- Enable Hubble -- Enable Monitoring for Agent, Operator and Hubble - - - -### cluster-autoscaler [1.24.0-gs1](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.24.0-gs1) - -#### Changed -- Update cluster-autoscaler to version `1.24.0`. - - - -### coredns [1.14.2](https://github.com/giantswarm/coredns-app/releases/tag/v1.14.2) - -#### Changed -- ConfigMap: Add lameduck of 5 seconds to health check ([#191](https://github.com/giantswarm/coredns-app/pull/191)). - - - -### external-dns [2.33.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.33.0) - -#### Added -- Add support to run in `hostNetwork` (primary used in `CAPZ` based management clusters) - - - -### vertical-pod-autoscaler [3.2.0](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v3.2.0) - -#### Added -- Add VPA CR to VPA. - - - -### vertical-pod-autoscaler-crd [2.0.0](https://github.com/giantswarm/vertical-pod-autoscaler-crd/releases/tag/v2.0.0) - -#### Changed -- Synced with new upstream repo -#### Changed -- Remove `push-to-app-collection` jobs for onprem providers since this app became a part of default apps bundle. -#### Added -- Add icon to Chart.yml for use in happa - - - -### observability-bundle [0.2.0](https://github.com/giantswarm/observability-bundle/releases/tag/v0.2.0) - -#### Changed -- Upgrade `prometheus-agent` from to 0.1.7 to 0.2.0. - - - -### k8s-dns-node-cache-app [2.0.0](https://github.com/giantswarm/k8s-dns-node-cache-app/releases/tag/v2.0.0) - -#### Breaking change, application only compatible with Cilium from this release onwards. -#### Changed -- Adapt application to be deployed on Cilium. - - - -### prometheus-blackbox-exporter [0.2.2](https://github.com/giantswarm/prometheus-blackbox-exporter/releases/tag/v0.2.2) - -#### Changed -- Add IRSA webhook module -- Fix k8s CA for API probe -- Use IPV4 by default - - - -### cilium-servicemonitors [0.0.2](https://github.com/giantswarm/cilium-servicemonitors-app/releases/tag/v0.0.2) - -#### Changed -- Add labels to servicemonitors - - - -### irsa-servicemonitors [0.0.1](https://github.com/giantswarm/irsa-servicemonitors-app/releases/tag/v0.0.1) - -#### Added - -- First release - - -### kubernetes [1.24.11](https://github.com/kubernetes/kubernetes/releases/tag/v1.24.11) - -#### Changelog since v1.23.0 - -#### Major Themes - -##### Dockershim Removed from kubelet - -After its deprecation in v1.20, the dockershim component has been removed from the kubelet. -From v1.24 onwards, you will need to either use one of the other [supported runtimes](https://kubernetes.io/docs/setup/production-environment/container-runtimes/) (such as containerd or CRI-O) -or use cri-dockerd if you are relying on Docker Engine as your container runtime. -For more information about ensuring your cluster is ready for this removal, please -see [this guide](https://kubernetes.io/blog/2022/03/31/ready-for-dockershim-removal/). - -##### Beta APIs Off by Default - -[New beta APIs will not be enabled in clusters by default](https://github.com/kubernetes/enhancements/issues/3136). -Existing beta APIs and new versions of existing beta APIs, will continue to be enabled by default. - -##### Signing Release Artifacts - -Release artifacts are [signed](https://github.com/kubernetes/enhancements/issues/3031) using [cosign](https://github.com/sigstore/cosign) -signatures -and there is experimental support for [verifying image signatures](https://kubernetes.io/docs/tasks/administer-cluster/verify-signed-images/). -Signing and verification of release artifacts is part of [increasing software supply chain security for the Kubernetes release process](https://github.com/kubernetes/enhancements/issues/3027). - -##### OpenAPI v3 - -Kubernetes 1.24 offers beta support for publishing its APIs in the [OpenAPI v3 format](https://github.com/kubernetes/enhancements/issues/2896). - -##### Storage Capacity and Volume Expansion Are Generally Available - -[Storage capacity tracking](https://github.com/kubernetes/enhancements/issues/1472) -supports exposing currently available storage capacity via [CSIStorageCapacity objects](https://kubernetes.io/docs/concepts/storage/storage-capacity/#api) -and enhances scheduling of pods that use CSI volumes with late binding. - -[Volume expansion](https://github.com/kubernetes/enhancements/issues/284) adds support -for resizing existing persistent volumes. - -##### NonPreemptingPriority to Stable - -This feature adds [a new option to PriorityClasses](https://github.com/kubernetes/enhancements/issues/902), -which can enable or disable pod preemption. - -##### Storage Plugin Migration - -There is work under way to [migrate the internals of in-tree storage plugins](https://github.com/kubernetes/enhancements/issues/625) to call out to CSI Plugins, -while maintaining the original API. -The [Azure Disk](https://github.com/kubernetes/enhancements/issues/1490) -and [OpenStack Cinder](https://github.com/kubernetes/enhancements/issues/1489) plugins -have both been migrated. - -##### gRPC Probes Graduate to Beta - -With Kubernetes 1.24, the [gRPC probes functionality](https://github.com/kubernetes/enhancements/issues/2727) -has entered beta and is available by default. You can now [configure startup, liveness, and readiness probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) for your gRPC app -natively within Kubernetes, without exposing an HTTP endpoint or -using an extra executable. - -##### Kubelet Credential Provider Graduates to Beta - -Originally released as Alpha in Kubernetes 1.20, the kubelet's support for -[image credential providers](https://kubernetes.io/docs/tasks/kubelet-credential-provider/kubelet-credential-provider/) -has now graduated to Beta. -This allows the kubelet to dynamically retrieve credentials for a container image registry -using exec plugins, rather than storing credentials on the node's filesystem. - -##### Contextual Logging in Alpha - -Kubernetes 1.24 has introduced [contextual logging](https://github.com/kubernetes/enhancements/issues/3077) -that enables the caller of a function to control all aspects of logging (output formatting, verbosity, additional values and names). - -##### Avoiding Collisions in IP allocation to Services - -Kubernetes 1.24 introduced a new opt-in feature that allows you to -[soft-reserve a range for static IP address assignments](https://kubernetes.io/docs/concepts/services-networking/service/#service-ip-static-sub-range) -to Services. -With the manual enablement of this feature, the cluster will prefer automatic assignment from -the pool of Service IP addresses thereby reducing the risk of collision. - -A Service `ClusterIP` can be assigned: - -* dynamically, which means the cluster will automatically pick a free IP within the configured Service IP range. -* statically, which means the user will set one IP within the configured Service IP range. - -Service `ClusterIP` are unique, hence, trying to create a Service with a `ClusterIP` that has already been allocated will return an error. - -#### Urgent Upgrade Notes - -##### (No, really, you MUST read this before you upgrade) - -- Docker runtime support using dockershim in the kubelet is now completely removed in 1.24. The kubelet used to have a module called dockershim, which implements CRI support for Docker, and it has seen maintenance issues in the Kubernetes community. From 1.24 onwards, please move to a container runtime that is a full-fledged implementation of CRI (v1alpha1 or v1 compliant) as they become available. ([#97252](https://github.com/kubernetes/kubernetes/pull/97252), [@dims](https://github.com/dims)) -- Fixed bug with leads to Node goes `Not-ready` state when credentials for vCenter stored in a secret and Zones feature is in use. Zone labels setup moved to KCM component, kubelet skips this step during startup in such case. If credentials stored in cloud-provider config file as plaintext current behaviour does not change and no action required. For proper functioning `kube-system:vsphere-legacy-cloud-provider` should be allowed to update node object if vCenter credentials stored in secret and Zone feature used. ([#101028](https://github.com/kubernetes/kubernetes/pull/101028), [@lobziik](https://github.com/lobziik)) -- The `LegacyServiceAccountTokenNoAutoGeneration` feature gate is beta, and enabled by default. When enabled, Secret API objects containing service account tokens are no longer auto-generated for every ServiceAccount. Use the [TokenRequest](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) API to acquire service account tokens, or if a non-expiring token is required, create a Secret API object for the token controller to populate with a service account token by following this [guide](https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets). ([#108309](https://github.com/kubernetes/kubernetes/pull/108309), [@zshihang](https://github.com/zshihang)) -- The calculations for Pod topology spread skew now exclude nodes that - don't match the node affinity/selector. This may lead to unschedulable pods if you previously had pods - matching the spreading selector on those excluded nodes (not matching the node affinity/selector), - especially when the `topologyKey` is not node-level. Revisit the node affinity and/or pod selector in the - topology spread constraints to avoid this scenario. ([#107009](https://github.com/kubernetes/kubernetes/pull/107009), [@kerthcet](https://github.com/kerthcet)) -- Remove the deprecated flag `--experimental-check-node-capabilities-before-mount`. With CSI now GA, there is a better alternative. Remove any use of `--experimental-check-node-capabilities-before-mount` from your kubelet scripts or manifests. ([#104732](https://github.com/kubernetes/kubernetes/pull/104732), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- `kubeadm.k8s.io/v1beta2` has been deprecated and will be removed in a future release, possibly in 3 releases (one year). You should start using `kubeadm.k8s.io/v1beta3` for new clusters. To migrate your old configuration files on disk you can use the `kubeadm config migrate` command. ([#107013](https://github.com/kubernetes/kubernetes/pull/107013), [@pacoxu](https://github.com/pacoxu)) -- Kubeadm: default the kubeadm configuration to the containerd socket (Unix: `unix:///var/run/containerd/containerd.sock`, Windows: `npipe:////./pipe/containerd-containerd`) instead of the one for Docker. If the `Init|JoinConfiguration.nodeRegistration.criSocket` field is empty during cluster creation and multiple sockets are found on the host always throw an error and ask the user to specify which one to use by setting the value in the field. Make sure you update any kubeadm configuration files on disk, to not include the dockershim socket unless you are still using kubelet version < 1.24 with kubeadm >= 1.24. Remove the DockerValidor and ServiceCheck for the `docker` service from kubeadm preflight. Docker is no longer special cased during host validation and ideally this task should be done in the now external cri-dockerd project where the importance of the compatibility matters. Use `crictl` for all communication with CRI sockets for actions like pulling images and obtaining a list of running containers instead of using the docker CLI in the case of Docker. ([#107317](https://github.com/kubernetes/kubernetes/pull/107317), [@neolit123](https://github.com/neolit123)) -- The feature gate was mentioned as `csiMigrationRBD` where it should have been `CSIMigrationRBD` to be in parity with other migration plugins. This release correct the same and keep it as `CSIMigrationRBD`. - users who have configured this feature gate as `csiMigrationRBD` has to reconfigure the same to `CSIMigrationRBD` from this release. ([#107554](https://github.com/kubernetes/kubernetes/pull/107554), [@humblec](https://github.com/humblec)) -- The experimental dynamic log sanitization feature has been deprecated and removed in the 1.24 release. The feature is no longer available for use. ([#107207](https://github.com/kubernetes/kubernetes/pull/107207), [@ehashman](https://github.com/ehashman)) -- Kubeadm: apply `second stage` of the plan to migrate kubeadm away from the usage of the word `master` in labels and taints. For new clusters, the label `node-role.kubernetes.io/master` will no longer be added to control plane nodes, only the label `node-role.kubernetes.io/control-plane` will be added. For clusters that are being upgraded to 1.24 with `kubeadm upgrade apply`, the command will remove the label `node-role.kubernetes.io/master` from existing control plane nodes. For new clusters, both the old taint `node-role.kubernetes.io/master:NoSchedule` and new taint `node-role.kubernetes.io/control-plane:NoSchedule` will be added to control plane nodes. In release 1.20 (`first stage`), a release note instructed to preemptively tolerate the new taint. For clusters that are being upgraded to 1.24 with `kubeadm upgrade apply`, the command will add the new taint `node-role.kubernetes.io/control-plane:NoSchedule` to existing control plane nodes. Please adapt your infrastructure to these changes. In 1.25 the old taint `node-role.kubernetes.io/master:NoSchedule` will be removed. ([#107533](https://github.com/kubernetes/kubernetes/pull/107533), [@neolit123](https://github.com/neolit123)) - -#### Changes by Kind - -##### Deprecation - -- Deprecated `Service.Spec.LoadBalancerIP`. This field was under-specified and its meaning varies across implementations. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version. ([#107235](https://github.com/kubernetes/kubernetes/pull/107235), [@uablrek](https://github.com/uablrek)) -- Kube-apiserver: the `--master-count` flag and `--endpoint-reconciler-type=master-count` reconciler are deprecated in favor of the lease reconciler ([#108062](https://github.com/kubernetes/kubernetes/pull/108062), [@aojea](https://github.com/aojea)) -- Kube-apiserver: the insecure address flags `--address`, `--insecure-bind-address`, `--port` and `--insecure-port` (inert since 1.20) are removed ([#106859](https://github.com/kubernetes/kubernetes/pull/106859), [@knight42](https://github.com/knight42)) -- Kubeadm: graduated the `UnversionedKubeletConfigMap` feature gate to Beta and enabled the feature by default. This implies that 1) for new clusters kubeadm will start using the `kube-system/kubelet-config` naming scheme for the kubelet ConfigMap and RBAC rules, instead of the legacy `kubelet-config-x.yy` naming. 2) during upgrade, kubeadm will only write the new scheme ConfigMap and RBAC objects. To disable the feature you can pass `UnversionedKubeletConfigMap: false` in the kubeadm config for new clusters. For upgrade on existing clusters you can also override the behavior by patching the ClusterConfiguration object in `kube-system/kubeadm-config`. More details in the associated KEP. ([#108027](https://github.com/kubernetes/kubernetes/pull/108027), [@neolit123](https://github.com/neolit123)) -- Remove `tolerate-unready-endpoints` annotation in Service deprecated from 1.11, use `Service.spec.publishNotReadyAddresses` instead. ([#108020](https://github.com/kubernetes/kubernetes/pull/108020), [@tossmilestone](https://github.com/tossmilestone)) -- Remove deprecated feature gates `ValidateProxyRedirects` and `StreamingProxyRedirects` ([#106830](https://github.com/kubernetes/kubernetes/pull/106830), [@pacoxu](https://github.com/pacoxu)) -- Remove insecure serving configuration from cloud-provider package, which is consumed by cloud-controller-managers. ([#108953](https://github.com/kubernetes/kubernetes/pull/108953), [@nckturner](https://github.com/nckturner)) -- The `--pod-infra-container-image` kubelet flag is deprecated and will be removed in future releases ([#108045](https://github.com/kubernetes/kubernetes/pull/108045), [@hakman](https://github.com/hakman)) -- The `client.authentication.k8s.io/v1alpha1` ExecCredential has been removed. If you are using a client-go credential plugin that relies on the v1alpha1 API please contact the distributor of your plugin for instructions on how to migrate to the v1 API. ([#108616](https://github.com/kubernetes/kubernetes/pull/108616), [@margocrawf](https://github.com/margocrawf)) -- The `node.k8s.io/v1alpha1` RuntimeClass API is no longer served. Use the `node.k8s.io/v1` API version, available since v1.20 ([#103061](https://github.com/kubernetes/kubernetes/pull/103061), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) -- The cluster addon for dashboard was removed. To install dashboard, see [here](https://github.com/kubernetes/dashboard/blob/master/docs/user/README.md). ([#107481](https://github.com/kubernetes/kubernetes/pull/107481), [@shu-mutou](https://github.com/shu-mutou)) -- The in-tree Azure plugin has been deprecated. The Azure kubelogin plugin serves as an out-of-tree replacement via the kubectl/client-go credential plugin mechanism. Users will now see a warning in the logs regarding this deprecation. ([#107904](https://github.com/kubernetes/kubernetes/pull/107904), [@sabbey37](https://github.com/sabbey37)) -- The insecure address flags `--address` and `--port` in kube-controller-manager have had no effect since v1.20 and are removed in v1.24. ([#106860](https://github.com/kubernetes/kubernetes/pull/106860), [@knight42](https://github.com/knight42)) -- The metadata.clusterName field is deprecated. This field has always been unwritable and always blank, but its presence is confusing, so we will remove it next release. Out of an abundance of caution, this release we have merely changed the name in the go struct to ensure any accidental client uses are found before complete removal. ([#108717](https://github.com/kubernetes/kubernetes/pull/108717), [@lavalamp](https://github.com/lavalamp)) -- VSphere releases less than 7.0u2 are deprecated as of v1.24. Please consider upgrading vSphere to 7.0u2 or above. vSphere CSI Driver requires minimum vSphere 7.0u2. - - General Support for vSphere 6.7 will end on October 15, 2022. vSphere 6.7 Update 3 is deprecated in Kubernetes v1.24. Customers are recommended to upgrade vSphere (both ESXi and vCenter) to 7.0u2 or above. vSphere CSI Driver 2.2.3 and higher supports CSI Migration. - - Support for these deprecations will be available till October 15, 2022. ([#109089](https://github.com/kubernetes/kubernetes/pull/109089), [@deepakkinni](https://github.com/deepakkinni)) - -##### API Change - -- Kubernetes 1.24 is now built with go1.19.4 ([#113956](https://github.com/kubernetes/kubernetes/pull/113956), [@liggitt](https://github.com/liggitt)) [SIG Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] -- Protobuf serialization of metav1.MicroTime timestamps (used in `Lease` and `Event` API objects) has been corrected to truncate to microsecond precision, to match the documented behavior and JSON/YAML serialization. Any existing persisted data is truncated to microsecond when read from etcd. ([#111936](https://github.com/kubernetes/kubernetes/pull/111936), [@haoruan](https://github.com/haoruan)) [SIG API Machinery] -- Revert regression that prevented client-go latency metrics to be reported with a template URL to avoid label cardinality. ([#112056](https://github.com/kubernetes/kubernetes/pull/112056), [@aanm](https://github.com/aanm)) [SIG API Machinery] -- Add 2 new options for kube-proxy running in winkernel mode. `--forward-healthcheck-vip`, if specified as true, health check traffic whose destination is service VIP will be forwarded to kube-proxy's healthcheck service. `--root-hnsendpoint-name` specifies the name of the hns endpoint for the root network namespace. This option enables the pass-through load balancers like Google's GCLB to correctly health check the backend services. Without this change, the health check packets is dropped, and Windows node will be considered to be unhealthy by those load balancers. ([#99287](https://github.com/kubernetes/kubernetes/pull/99287), [@anfernee](https://github.com/anfernee)) -- Added CEL runtime cost calculation into CustomerResource validation. CustomerResource validation will fail if runtime cost exceeds the budget. ([#108482](https://github.com/kubernetes/kubernetes/pull/108482), [@cici37](https://github.com/cici37)) -- Added a new metric `webhook_fail_open_count` to monitor webhooks that fail to open. ([#107171](https://github.com/kubernetes/kubernetes/pull/107171), [@ltagliamonte-dd](https://github.com/ltagliamonte-dd)) -- Adds a new Status subresource in Network Policy objects ([#107963](https://github.com/kubernetes/kubernetes/pull/107963), [@rikatz](https://github.com/rikatz)) -- Adds support for `InterfaceNamePrefix` and `BridgeInterface` as arguments to `--detect-local-mode` option and also introduces a new optional `--pod-interface-name-prefix` and `--pod-bridge-interface` flags to kube-proxy. ([#95400](https://github.com/kubernetes/kubernetes/pull/95400), [@tssurya](https://github.com/tssurya)) -- CEL CRD validation expressions may now reference existing object state using the identifier `oldSelf`. ([#108073](https://github.com/kubernetes/kubernetes/pull/108073), [@benluddy](https://github.com/benluddy)) -- CRD deep copies should no longer contain shallow copies of `JSONSchemaProps.XValidations`. ([#107956](https://github.com/kubernetes/kubernetes/pull/107956), [@benluddy](https://github.com/benluddy)) -- CRD writes will generate validation errors if a CEL validation rule references the identifier `oldSelf` on a part of the schema that does not support it. ([#108013](https://github.com/kubernetes/kubernetes/pull/108013), [@benluddy](https://github.com/benluddy)) -- CSIStorageCapacity.storage.k8s.io: The v1beta1 version of this API is deprecated in favor of v1, and will be removed in v1.27. If a CSI driver supports storage capacity tracking, then it must get deployed with a release of external-provisioner that supports the v1 API. ([#108445](https://github.com/kubernetes/kubernetes/pull/108445), [@pohly](https://github.com/pohly)) -- Custom resource requests with `fieldValidation=Strict` consistently require `apiVersion` and `kind`, matching non-strict requests ([#109019](https://github.com/kubernetes/kubernetes/pull/109019), [@liggitt](https://github.com/liggitt)) -- Feature of `DefaultPodTopologySpread` is graduated to GA ([#108278](https://github.com/kubernetes/kubernetes/pull/108278), [@kerthcet](https://github.com/kerthcet)) -- Feature of `NonPreemptingPriority` is graduated to GA ([#107432](https://github.com/kubernetes/kubernetes/pull/107432), [@denkensk](https://github.com/denkensk)) -- Feature of `PodOverhead` is graduated to GA ([#108441](https://github.com/kubernetes/kubernetes/pull/108441), [@pacoxu](https://github.com/pacoxu)) -- Fixed OpenAPI serialization of the x-kubernetes-validations field ([#107970](https://github.com/kubernetes/kubernetes/pull/107970), [@liggitt](https://github.com/liggitt)) -- Fixed failed flushing logs in defer function when kubelet cmd exit 1. ([#104774](https://github.com/kubernetes/kubernetes/pull/104774), [@kerthcet](https://github.com/kerthcet)) -- Fixes a regression in v1beta1 PodDisruptionBudget handling of `strategic merge patch`-type API requests for the `selector` field. Prior to 1.21, these requests would merge `matchLabels` content and replace `matchExpressions` content. In 1.21, patch requests touching the `selector` field started replacing the entire selector. This is consistent with server-side apply and the v1 PodDisruptionBudget behavior, but should not have been changed for v1beta1. ([#108138](https://github.com/kubernetes/kubernetes/pull/108138), [@liggitt](https://github.com/liggitt)) -- Improve kubectl's user help commands readability ([#104736](https://github.com/kubernetes/kubernetes/pull/104736), [@lauchokyip](https://github.com/lauchokyip)) -- Indexed Jobs graduated to stable. ([#107395](https://github.com/kubernetes/kubernetes/pull/107395), [@alculquicondor](https://github.com/alculquicondor)) -- Introduce a v1alpha1 networking API for ClusterCIDRConfig ([#108290](https://github.com/kubernetes/kubernetes/pull/108290), [@sarveshr7](https://github.com/sarveshr7)) -- Introduction of a new "sync_proxy_rules_no_local_endpoints_total" proxy metric. This metric represents the number of services with no internal endpoints. The "traffic_policy" label will contain both "internal" or "external". ([#108930](https://github.com/kubernetes/kubernetes/pull/108930), [@MaxRenaud](https://github.com/MaxRenaud)) -- JobReadyPods graduates to Beta and it's enabled by default. ([#107476](https://github.com/kubernetes/kubernetes/pull/107476), [@alculquicondor](https://github.com/alculquicondor)) -- Kube-apiserver: `--audit-log-version` and `--audit-webhook-version` now only support the default value of `audit.k8s.io/v1`. The v1alpha1 and v1beta1 audit log versions, deprecated since 1.13, have been removed. ([#108092](https://github.com/kubernetes/kubernetes/pull/108092), [@carlory](https://github.com/carlory)) -- Kube-apiserver: the `metadata.selfLink` field can no longer be populated by kube-apiserver; it was deprecated in 1.16 and has not been populated by default since 1.20+. ([#107527](https://github.com/kubernetes/kubernetes/pull/107527), [@wojtek-t](https://github.com/wojtek-t)) -- Kubelet external Credential Provider feature is moved to Beta. Credential Provider Plugin and Credential Provider Config API's updated from v1alpha1 to v1beta1 with no API changes. ([#108847](https://github.com/kubernetes/kubernetes/pull/108847), [@adisky](https://github.com/adisky)) -- Make STS available replicas optional again. ([#109241](https://github.com/kubernetes/kubernetes/pull/109241), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- MaxUnavailable for StatefulSets, allows faster RollingUpdate by taking down more than 1 pod at a time. The number of pods you want to take down during a RollingUpdate is configurable using maxUnavailable parameter. ([#82162](https://github.com/kubernetes/kubernetes/pull/82162), [@krmayankk](https://github.com/krmayankk)) -- Non-graceful node shutdown handling is enabled for stateful workload failovers ([#108486](https://github.com/kubernetes/kubernetes/pull/108486), [@sonasingh46](https://github.com/sonasingh46)) -- Omit enum declarations from the static openapi file captured at https://git.k8s.io/kubernetes/api/openapi-spec. This file is used to generate API clients, and use of enums in those generated clients (rather than strings) can break forward compatibility with additional future values in those fields. See https://issue.k8s.io/109177 for details. ([#109178](https://github.com/kubernetes/kubernetes/pull/109178), [@liggitt](https://github.com/liggitt)) -- OpenAPI V3 is turned on by default ([#109031](https://github.com/kubernetes/kubernetes/pull/109031), [@Jefftree](https://github.com/Jefftree)) -- Pod affinity namespace selector and cross-namespace quota graduated to GA. The feature gate `PodAffinityNamespaceSelector` is locked and will be removed in 1.26. ([#108136](https://github.com/kubernetes/kubernetes/pull/108136), [@ahg-g](https://github.com/ahg-g)) -- Promote IdentifyPodOS feature to beta. ([#107859](https://github.com/kubernetes/kubernetes/pull/107859), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Remove a v1alpha1 networking API for ClusterCIDRConfig ([#109436](https://github.com/kubernetes/kubernetes/pull/109436), [@JamesLaverack](https://github.com/JamesLaverack)) -- Renamed metrics `evictions_number` to `evictions_total` and mark it as stable. The original `evictions_number` metrics name is marked as "Deprecated" and has been removed in kubernetes 1.23 . ([#106366](https://github.com/kubernetes/kubernetes/pull/106366), [@cyclinder](https://github.com/cyclinder)) -- Skip x-kubernetes-validations rules if having fundamental error against the OpenAPIv3 schema. ([#108859](https://github.com/kubernetes/kubernetes/pull/108859), [@cici37](https://github.com/cici37)) -- Support for gRPC probes is now in beta. GRPCContainerProbe feature gate is enabled by default. ([#108522](https://github.com/kubernetes/kubernetes/pull/108522), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) -- Suspend job to GA. The feature gate `SuspendJob` is locked and will be removed in 1.26. ([#108129](https://github.com/kubernetes/kubernetes/pull/108129), [@ahg-g](https://github.com/ahg-g)) -- The AnyVolumeDataSource feature is now beta, and the feature gate is enabled by default. In order to provide user feedback on PVCs with data sources, deployers must install the VolumePopulators CRD and the data-source-validator controller. ([#108736](https://github.com/kubernetes/kubernetes/pull/108736), [@bswartz](https://github.com/bswartz)) -- The CertificateSigningRequest `spec.expirationSeconds` API field has graduated to GA. The `CSRDuration` feature gate for the field is now unconditionally enabled and will be removed in 1.26. ([#108782](https://github.com/kubernetes/kubernetes/pull/108782), [@cfryanr](https://github.com/cfryanr)) -- The `ServerSideFieldValidation` feature has graduated to beta and is now enabled by default. Kubectl 1.24 and newer will use server-side validation instead of client-side validation when writing to API servers with the feature enabled. ([#108889](https://github.com/kubernetes/kubernetes/pull/108889), [@kevindelgado](https://github.com/kevindelgado)) -- The `ServiceLBNodePortControl` feature has graduated to GA. The feature gate will be removed in 1.26. ([#107027](https://github.com/kubernetes/kubernetes/pull/107027), [@uablrek](https://github.com/uablrek)) -- The deprecated kube-controller-manager flag '--deployment-controller-sync-period' has been removed, it is not used by the deployment controller. ([#107178](https://github.com/kubernetes/kubernetes/pull/107178), [@SataQiu](https://github.com/SataQiu)) -- The feature `DynamicKubeletConfig` has been removed from the kubelet. ([#106932](https://github.com/kubernetes/kubernetes/pull/106932), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) -- The infrastructure for contextual logging is complete (feature gate implemented, JSON backend ready). ([#108995](https://github.com/kubernetes/kubernetes/pull/108995), [@pohly](https://github.com/pohly)) -- This adds an optional `timeZone` field as part of the CronJob spec to support running cron jobs in a specific time zone. ([#108032](https://github.com/kubernetes/kubernetes/pull/108032), [@deejross](https://github.com/deejross)) -- Updated the default API priority-and-fairness config to avoid endpoint/configmaps operations from controller-manager to all match leader-election priority level. ([#106725](https://github.com/kubernetes/kubernetes/pull/106725), [@wojtek-t](https://github.com/wojtek-t)) -- `topologySpreadConstraints` includes `minDomains` field to limit the minimum number of topology domains. ([#107674](https://github.com/kubernetes/kubernetes/pull/107674), [@sanposhiho](https://github.com/sanposhiho)) - -##### Feature - - -- Kubelet TCP and HTTP probes are more effective using networking resources: conntrack entries, sockets, ... - This is achieved by reducing the TIME-WAIT state of the connection to 1 second, instead of the defaults 60 seconds. This allows kubelet to free the socket, and free conntrack entry and ephemeral port associated. ([#115143](https://github.com/kubernetes/kubernetes/pull/115143), [@aojea](https://github.com/aojea)) [SIG Network and Node] -- Kubernetes is now built with Go 1.19.6 ([#115831](https://github.com/kubernetes/kubernetes/pull/115831), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] -- Kubeadm: use the image registry registry.k8s.io instead of k8s.gcr.io for new clusters. During upgrade, migrate users to registry.k8s.io if they were using the default of k8s.gcr.io. ([#113395](https://github.com/kubernetes/kubernetes/pull/113395), [@neolit123](https://github.com/neolit123)) [SIG Cloud Provider and Cluster Lifecycle] -- Kubernetes is now built with Go 1.19.5 ([#115012](https://github.com/kubernetes/kubernetes/pull/115012), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]- A new Priority and Fairness metric 'apiserver_flowcontrol_work_estimate_seats_samples' has been added that tracks the estimated seats associated with a request. ([#106628](https://github.com/kubernetes/kubernetes/pull/106628), [@tkashem](https://github.com/tkashem)) -- Add a deprecated cmd flag for the time interval between flushing pods from unschedulable queue to active queue or backoff queue. ([#108017](https://github.com/kubernetes/kubernetes/pull/108017), [@denkensk](https://github.com/denkensk)) -- Add one metrics(`kubelet_volume_stats_health_abnormal`) of volume health state to kubelet ([#105585](https://github.com/kubernetes/kubernetes/pull/105585), [@fengzixu](https://github.com/fengzixu)) -- Add the metric `container_oom_events_total` to kubelet's cAdvisor metric endpoint. ([#108004](https://github.com/kubernetes/kubernetes/pull/108004), [@jonkerj](https://github.com/jonkerj)) -- Added `SetTransform` to `SharedInformer` to allow users to transform objects before they are stored. ([#107507](https://github.com/kubernetes/kubernetes/pull/107507), [@alexzielenski](https://github.com/alexzielenski)) -- Added a `proxy-url` flag into `kubectl config set-cluster`. ([#105566](https://github.com/kubernetes/kubernetes/pull/105566), [@ardaguclu](https://github.com/ardaguclu)) -- Added a metric for measuring end-to-end volume mount timing. ([#107006](https://github.com/kubernetes/kubernetes/pull/107006), [@gnufied](https://github.com/gnufied)) -- Added a new Priority and Fairness metric `apiserver_flowcontrol_request_dispatch_no_accommodation_total` to track the number of times a request dispatch attempt results in a no-accommodation status due to lack of available seats. ([#106629](https://github.com/kubernetes/kubernetes/pull/106629), [@tkashem](https://github.com/tkashem)) -- Added a path `/header?key=` to `agnhost netexec` allowing one to view what the header value is of the incoming request. - - Ex: - ``` - $ curl -H "X-Forwarded-For: something" 172.17.0.2:8080/header?key=X-Forwarded-For - something - ``` - ([#107796](https://github.com/kubernetes/kubernetes/pull/107796), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) -- Added completion for `kubectl config set-context`. ([#106739](https://github.com/kubernetes/kubernetes/pull/106739), [@kebe7jun](https://github.com/kebe7jun)) -- Added field `add_ambient_capabilities` to the Capabilities message in the CRI-API. ([#104620](https://github.com/kubernetes/kubernetes/pull/104620), [@vinayakankugoyal](https://github.com/vinayakankugoyal)) -- Added label selector flag to all `kubectl rollout` commands. ([#99758](https://github.com/kubernetes/kubernetes/pull/99758), [@aramperes](https://github.com/aramperes)) -- Added more message for no PodSandbox container. ([#107116](https://github.com/kubernetes/kubernetes/pull/107116), [@yxxhero](https://github.com/yxxhero)) -- Added prune flag into `diff` command to simulate `apply --prune`. ([#105164](https://github.com/kubernetes/kubernetes/pull/105164), [@ardaguclu](https://github.com/ardaguclu)) -- Added support for `btrfs` resizing ([#108561](https://github.com/kubernetes/kubernetes/pull/108561), [@RomanBednar](https://github.com/RomanBednar)) -- Added support for kubectl commands (`kubectl exec` and `kubectl port-forward`) via a SOCKS5 proxy. ([#105632](https://github.com/kubernetes/kubernetes/pull/105632), [@xens](https://github.com/xens)) -- Adds `OpenAPIV3SchemaInterface` to `DiscoveryClient` and its variants for fetching OpenAPI v3 schema documents. ([#108992](https://github.com/kubernetes/kubernetes/pull/108992), [@alexzielenski](https://github.com/alexzielenski)) -- Allow kubectl to manage resources by filename patterns without the shell expanding it first ([#102265](https://github.com/kubernetes/kubernetes/pull/102265), [@danielrodriguez](https://github.com/danielrodriguez)) -- An alpha flag `--subresource` is added to get, patch, edit replace kubectl commands to fetch and update status and scale subresources. ([#99556](https://github.com/kubernetes/kubernetes/pull/99556), [@nikhita](https://github.com/nikhita)) -- Apiextensions_openapi_v3_regeneration_count metric (alpha) will be emitted for OpenAPI V3. ([#109128](https://github.com/kubernetes/kubernetes/pull/109128), [@Jefftree](https://github.com/Jefftree)) -- Apply ProxyTerminatingEndpoints to all traffic policies (external, internal, cluster, local). ([#108691](https://github.com/kubernetes/kubernetes/pull/108691), [@andrewsykim](https://github.com/andrewsykim)) -- CEL regex patterns in x-kubernetes-valiation rules are compiled when CRDs are created/updated if the pattern is provided as a string constant in the expression. Any regex compile errors are reported as a CRD create/update validation error. ([#108617](https://github.com/kubernetes/kubernetes/pull/108617), [@jpbetz](https://github.com/jpbetz)) -- CRD `x-kubernetes-validations` rules now support the CEL functions: `isSorted`, `sum`, `min`, `max`, `indexOf`, `lastIndexOf`, `find` and `findAll`. ([#108312](https://github.com/kubernetes/kubernetes/pull/108312), [@jpbetz](https://github.com/jpbetz)) -- Changes the kubectl `--validate` flag from a bool to a string that accepts the values {true, strict, warn, false, ignore} - - true/strict - perform validation and error the request on any invalid fields in the ojbect. It will attempt to perform server-side validation if it is enabled on the apiserver, otherwise it will fall back to client-side validation. - - warn - perform server-side validation and warn on any invalid fields (but ultimately let the request succeed by dropping any invalid fields from the object). If validation is not available on the server, perform no validation. - - false/ignore - perform no validation, silently dropping invalid fields from the object. ([#108350](https://github.com/kubernetes/kubernetes/pull/108350), [@kevindelgado](https://github.com/kevindelgado)) -- Client-go metrics: change bucket distribution for `rest_client_request_duration_seconds` and `rest_client_rate_limiter_duration_seconds` from [0.001, 0.002, 0.004, 0.008, 0.016, 0.032, 0.064, 0.128, 0.256, 0.512] to [0.005, 0.025, 0.1, 0.25, 0.5, 1.0, 2.0, 4.0, 8.0, 15.0, 30.0, 60.0}] ([#106911](https://github.com/kubernetes/kubernetes/pull/106911), [@aojea](https://github.com/aojea)) -- Client-go: add new histogram metric to record the size of the requests and responses. ([#108296](https://github.com/kubernetes/kubernetes/pull/108296), [@aojea](https://github.com/aojea)) -- CycleState is now optimized for "write once and read many times". ([#108724](https://github.com/kubernetes/kubernetes/pull/108724), [@sanposhiho](https://github.com/sanposhiho)) -- Enabled beta feature HonorPVReclaimPolicy by default. ([#109035](https://github.com/kubernetes/kubernetes/pull/109035), [@deepakkinni](https://github.com/deepakkinni)) -- Env var for additional cli flags used in the csi-proxy binary when a Windows nodepool is created with `kube-up.sh` ([#107806](https://github.com/kubernetes/kubernetes/pull/107806), [@mauriciopoppe](https://github.com/mauriciopoppe)) -- Feature of `PreferNominatedNode` is graduated to GA. ([#106619](https://github.com/kubernetes/kubernetes/pull/106619), [@chendave](https://github.com/chendave)) -- In text format, log messages that previously used quoting to prevent multi-line output (for example, text="some \"quotation\", a\nline break") will now be printed with more readable multi-line output without the escape sequences. ([#107103](https://github.com/kubernetes/kubernetes/pull/107103), [@pohly](https://github.com/pohly)) -- Increase default value of discovery cache TTL for kubectl to 6 hours. ([#107141](https://github.com/kubernetes/kubernetes/pull/107141), [@mk46](https://github.com/mk46)) -- Introduce policy to allow the HPA to consume the `external.metrics.k8s.io` API group. ([#104244](https://github.com/kubernetes/kubernetes/pull/104244), [@dgrisonnet](https://github.com/dgrisonnet)) -- Kube-apiserver: Subresources such as `status` and `scale` now support tabular output content types. ([#103516](https://github.com/kubernetes/kubernetes/pull/103516), [@ykakarap](https://github.com/ykakarap)) -- Kube-apiserver: when merging lists, Server Side Apply now prefers the order of the submitted request instead of the existing persisted object. ([#107565](https://github.com/kubernetes/kubernetes/pull/107565), [@jiahuif](https://github.com/jiahuif)) -- Kubeadm: added support for dry running `kubeadm reset`. The new flag `kubeadm reset --dry-run` is similar to the existing flag for `kubeadm init/join/upgrade` and allows you to see what changes would be applied. ([#107512](https://github.com/kubernetes/kubernetes/pull/107512), [@SataQiu](https://github.com/SataQiu)) -- Kubeadm: added the flag `--experimental-initial-corrupt-check` to etcd static Pod manifests to ensure etcd member data consistency ([#109074](https://github.com/kubernetes/kubernetes/pull/109074), [@neolit123](https://github.com/neolit123)) -- Kubeadm: better surface errors during `kubeadm upgrade` when waiting for the kubelet to restart static pods on control plane nodes ([#108315](https://github.com/kubernetes/kubernetes/pull/108315), [@Monokaix](https://github.com/Monokaix)) -- Kubeadm: improve the strict parsing of user YAML/JSON configuration files. Next to printing warnings for unknown and duplicate fields (current state), also print warnings for fields with incorrect case sensitivity - e.g. `controlPlaneEndpoint` (valid), `ControlPlaneEndpoint` (invalid). Instead of only printing warnings during `init` and `join` also print warnings when downloading the ClusterConfiguration, KubeletConfiguration or KubeProxyConfiguration objects from the cluster. This can be useful if the user has patched these objects in their respective ConfigMaps with mistakes. ([#107725](https://github.com/kubernetes/kubernetes/pull/107725), [@neolit123](https://github.com/neolit123)) -- Kubectl now supports shell completion for the / format for specifying resources. - kubectl now provides shell completion for container names following the `--container/-c` flag of the `exec` command. - kubectl's shell completion now suggests resource types for commands that only apply to pods. ([#108493](https://github.com/kubernetes/kubernetes/pull/108493), [@marckhouzam](https://github.com/marckhouzam)) -- Kubelet: add `kubelet_volume_metric_collection_duration_seconds` metrics for volume disk usage calculation duration ([#107201](https://github.com/kubernetes/kubernetes/pull/107201), [@pacoxu](https://github.com/pacoxu)) -- Kubelet: the following dockershim related flags are also removed along with dockershim `--experimental-dockershim-root-directory`, `--docker-endpoint`, `--image-pull-progress-deadline`, `--network-plugin`, `--cni-conf-dir`, `--cni-bin-dir`, `--cni-cache-dir`, `--network-plugin-mtu`. ([#106907](https://github.com/kubernetes/kubernetes/pull/106907), [@cyclinder](https://github.com/cyclinder)) -- Kubernetes 1.24 bumped version of golang it is compiled with to go1.18, which introduced significant changes to its garbage collection algorithm. As a result, we observed an increase in memory usage for kube-apiserver in larger an heavily loaded clusters up to ~25% (with the benefit of API call latencies drop by up to 10x on 99th percentiles). If the memory increase is not acceptable for you you can mitigate by setting GOGC env variable (for our tests using GOGC=63 brings memory usage back to original value, although the exact value may depend on usage patterns on your cluster). ([#108870](https://github.com/kubernetes/kubernetes/pull/108870), [@dims](https://github.com/dims)) -- Kubernetes 1.24 is built with go1.18, which will no longer validate certificates signed with a SHA-1 hash algorithm by default. See https://golang.org/doc/go1.18#sha1 for more details. If you are using certificates like this in admission or conversion ([#109024](https://github.com/kubernetes/kubernetes/pull/109024), [@stlaz](https://github.com/stlaz)) -- Leader Migration is now GA. All new configuration files onwards should use version v1. ([#109072](https://github.com/kubernetes/kubernetes/pull/109072), [@jiahuif](https://github.com/jiahuif)) -- Mark AzureDisk CSI migration as GA ([#107681](https://github.com/kubernetes/kubernetes/pull/107681), [@andyzhangx](https://github.com/andyzhangx)) -- Move volume expansion feature to GA ([#108929](https://github.com/kubernetes/kubernetes/pull/108929), [@gnufied](https://github.com/gnufied)) -- Moving MixedProtocolLBService from alpha to beta ([#109213](https://github.com/kubernetes/kubernetes/pull/109213), [@bridgetkromhout](https://github.com/bridgetkromhout)) -- New "field_validation_request_duration_seconds" metric, measures how long requests take, indicating the value of the fieldValidation query parameter and whether or not server-side field validation is enabled on the apiserver ([#109120](https://github.com/kubernetes/kubernetes/pull/109120), [@kevindelgado](https://github.com/kevindelgado)) -- New feature gate, ServiceIPStaticSubrange, to enable the new strategy in the Service IP allocators, so the IP range is subdivided and dynamic allocated ClusterIP addresses for Services are allocated preferently from the upper range. ([#106792](https://github.com/kubernetes/kubernetes/pull/106792), [@aojea](https://github.com/aojea)) -- OpenAPI definitions served by kube-apiserver now include enum types by default. ([#108898](https://github.com/kubernetes/kubernetes/pull/108898), [@jiahuif](https://github.com/jiahuif)) -- OpenStack Cinder CSI migration is now GA and switched on by default, Cinder CSI driver must be installed on clusters on OpenStack for Cinder volumes to work (has been since v1.21). ([#107462](https://github.com/kubernetes/kubernetes/pull/107462), [@dims](https://github.com/dims)) -- PreFilter extension in the scheduler framework now returns not only status but also PreFilterResult ([#108648](https://github.com/kubernetes/kubernetes/pull/108648), [@ahg-g](https://github.com/ahg-g)) -- Promoted graceful shutdown based on pod priority to beta ([#107986](https://github.com/kubernetes/kubernetes/pull/107986), [@wzshiming](https://github.com/wzshiming)) -- Removed feature gate `SetHostnameAsFQDN`. ([#108038](https://github.com/kubernetes/kubernetes/pull/108038), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Removed kube-scheduler insecure flags. You can use `--bind-address` and `--secure-port` instead. ([#106865](https://github.com/kubernetes/kubernetes/pull/106865), [@jonyhy96](https://github.com/jonyhy96)) -- Removed the `ImmutableEphemeralVolumes` feature gate. ([#107152](https://github.com/kubernetes/kubernetes/pull/107152), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Set `PodMaxUnschedulableQDuration` as 5 min. ([#108761](https://github.com/kubernetes/kubernetes/pull/108761), [@denkensk](https://github.com/denkensk)) -- Support in-tree PV deletion protection finalizer. ([#108400](https://github.com/kubernetes/kubernetes/pull/108400), [@deepakkinni](https://github.com/deepakkinni)) -- The `.spec.loadBalancerClass` field for Services is now generally available. ([#107979](https://github.com/kubernetes/kubernetes/pull/107979), [@XudongLiuHarold](https://github.com/XudongLiuHarold)) -- The `NamespaceDefaultLabelName` feature gate, GA since v1.22, is now removed. ([#106838](https://github.com/kubernetes/kubernetes/pull/106838), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- The `kubectl logs` will now warn and default to the first container in a pod. This new behavior brings it in line with `kubectl exec`. ([#105964](https://github.com/kubernetes/kubernetes/pull/105964), [@kidlj](https://github.com/kidlj)) -- The `v1` version of `LeaderMigrationConfiguration` supports only `leases` API for leader election. To use formerly supported mechanisms, please continue using `v1beta1`. ([#108016](https://github.com/kubernetes/kubernetes/pull/108016), [@jiahuif](https://github.com/jiahuif)) -- The kubelet now creates an iptables chain named `KUBE-IPTABLES-HINT` in - the `mangle` table. Containerized components that need to modify iptables - rules in the host network namespace can use the existence of this chain - to more-reliably determine whether the system is using iptables-legacy or - iptables-nft. ([#109059](https://github.com/kubernetes/kubernetes/pull/109059), [@danwinship](https://github.com/danwinship)) -- The output of `kubectl describe ingress` now includes an IngressClass name if available. ([#107921](https://github.com/kubernetes/kubernetes/pull/107921), [@mpuckett159](https://github.com/mpuckett159)) -- The scheduler prints info logs when the extender returned an error. (`--v>5`) ([#107974](https://github.com/kubernetes/kubernetes/pull/107974), [@sanposhiho](https://github.com/sanposhiho)) -- The script `cluster/gce/gci/configure.sh` now supports downloading `crictl` on ARM64 nodes ([#108034](https://github.com/kubernetes/kubernetes/pull/108034), [@tstapler](https://github.com/tstapler)) -- Turn on `CSIMigrationAzureFile` by default on 1.24 ([#105070](https://github.com/kubernetes/kubernetes/pull/105070), [@andyzhangx](https://github.com/andyzhangx)) -- Update the k8s.io/system-validators library to v1.7.0 ([#108988](https://github.com/kubernetes/kubernetes/pull/108988), [@neolit123](https://github.com/neolit123)) -- Updated golang.org/x/net to v0.0.0-20211209124913-491a49abca63. ([#106949](https://github.com/kubernetes/kubernetes/pull/106949), [@cpanato](https://github.com/cpanato)) -- Updates `kubectl kustomize` and `kubectl apply -k` to Kustomize v4.5.4 ([#108994](https://github.com/kubernetes/kubernetes/pull/108994), [@KnVerey](https://github.com/KnVerey)) -- When invoked with `-list-images`, the `e2e.test` binary now also lists the images that might be needed for storage tests. ([#108458](https://github.com/kubernetes/kubernetes/pull/108458), [@pohly](https://github.com/pohly)) -- `kubectl config delete-user` now supports completion ([#107142](https://github.com/kubernetes/kubernetes/pull/107142), [@dimbleby](https://github.com/dimbleby)) -- `kubectl create token` can now be used to request a service account token, and permission to request service account tokens is added to the `edit` and `admin` RBAC roles ([#107880](https://github.com/kubernetes/kubernetes/pull/107880), [@liggitt](https://github.com/liggitt)) -- `kubectl version` now includes information on the embedded version of Kustomize ([#108817](https://github.com/kubernetes/kubernetes/pull/108817), [@KnVerey](https://github.com/KnVerey)) - -##### Bug or Regression - -- Fix the regression that introduced 34s timeout for DELETECOLLECTION calls ([#115482](https://github.com/kubernetes/kubernetes/pull/115482), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] -- Fixed bug which caused the status of Indexed Jobs to only be updated when there are newly completed indexes. The completed indexes are now updated if the .status.completedIndexes has values outside of the [0, .spec.completions> range ([#115457](https://github.com/kubernetes/kubernetes/pull/115457), [@danielvegamyhre](https://github.com/danielvegamyhre)) [SIG Apps] -- Golang.org/x/net updates to v0.7.0 to fix CVE-2022-41723 ([#115789](https://github.com/kubernetes/kubernetes/pull/115789), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Security and Storage] -- The Kubernetes API server now correctly detects and closes existing TLS connections when its client certificate file for kubelet authentication has been rotated. ([#115580](https://github.com/kubernetes/kubernetes/pull/115580), [@enj](https://github.com/enj)) [SIG API Machinery, Node and Testing] -- Client-go: fixes potential data races retrying requests using a custom io.Reader body; with this fix, only requests with no body or with string / []byte / runtime.Object bodies can be retried ([#113933](https://github.com/kubernetes/kubernetes/pull/113933), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Do not include preemptor pod metadata in the event message ([#115024](https://github.com/kubernetes/kubernetes/pull/115024), [@mimowo](https://github.com/mimowo)) [SIG Scheduling] -- Failed pods associated with a job with `parallelism = 1` are recreated by the job controller honoring exponential backoff delay again. However, for jobs with `parallelism > 1`, pods might be created without exponential backoff delay. ([#115021](https://github.com/kubernetes/kubernetes/pull/115021), [@nikhita](https://github.com/nikhita)) [SIG Apps] -- Fix a regression that the scheduler always goes through all Filter plugins. ([#114526](https://github.com/kubernetes/kubernetes/pull/114526), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling] -- Fix bug in CRD Validation Rules (beta) and ValidatingAdmissionPolicy (alpha) where all admission requests could result in `internal error: runtime error: index out of range [3] with length 3 evaluating rule: ` under certain circumstances. ([#114865](https://github.com/kubernetes/kubernetes/pull/114865), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery] -- Fix performance issue when creating large objects using SSA with fully unspecified schemas (preserveUnknownFields). ([#111915](https://github.com/kubernetes/kubernetes/pull/111915), [@aojea](https://github.com/aojea)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing] -- Fixed StatefulSet to show the valid status even if the new replica creation fails. ([#112083](https://github.com/kubernetes/kubernetes/pull/112083), [@gjkim42](https://github.com/gjkim42)) [SIG Apps and Testing] -- Fixing issue in Winkernel Proxier - Unexpected active TCP connection drops while horizontally scaling the endpoints for a LoadBalancer Service with External Traffic Policy: Local ([#114040](https://github.com/kubernetes/kubernetes/pull/114040), [@princepereira](https://github.com/princepereira)) [SIG Network] -- Fixing issue with Winkernel Proxier - No ingress load balancer rules with endpoints to support load balancing when all the endpoints are terminating. ([#114451](https://github.com/kubernetes/kubernetes/pull/114451), [@princepereira](https://github.com/princepereira)) [SIG Network] -- Kube-apiserver: bugfix DeleteCollection API fails if request body is non-empty ([#113968](https://github.com/kubernetes/kubernetes/pull/113968), [@sxllwx](https://github.com/sxllwx)) [SIG API Machinery] -- Optimizing loadbalancer creation with the help of attribute Internal Traffic Policy: Local ([#114466](https://github.com/kubernetes/kubernetes/pull/114466), [@princepereira](https://github.com/princepereira)) [SIG Network] -- Update the system-validators library to v1.8.0 ([#114060](https://github.com/kubernetes/kubernetes/pull/114060), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] -- [aws] Fixed a bug which reduces the number of unnecessary calls to STS in the event of assume role failures in the legacy cloud provider ([#110706](https://github.com/kubernetes/kubernetes/pull/110706), [@prateekgogia](https://github.com/prateekgogia)) [SIG Cloud Provider] -- Fix endpoint reconciler not being able to delete the apiserver lease on shutdown ([#114138](https://github.com/kubernetes/kubernetes/pull/114138), [@aojea](https://github.com/aojea)) [SIG API Machinery] -- Fix for volume reconstruction of CSI ephemeral volumes ([#113346](https://github.com/kubernetes/kubernetes/pull/113346), [@dobsonj](https://github.com/dobsonj)) [SIG Node, Storage and Testing] -- Kube-apiserver: resolves possible hung connections using konnectivity network proxy with TCP or UDS HTTP connect configurations ([#113862](https://github.com/kubernetes/kubernetes/pull/113862), [@jkh52](https://github.com/jkh52)) [SIG API Machinery] -- Resolves an issue that causes winkernel proxier to treat stale VIPs as valid ([#113567](https://github.com/kubernetes/kubernetes/pull/113567), [@daschott](https://github.com/daschott)) [SIG Network and Windows] -- Updates golang.org/x/net to fix CVE-2022-41717 ([#114322](https://github.com/kubernetes/kubernetes/pull/114322), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] -- Updates golang.org/x/net to v0.1.1-0.20221027164007-c63010009c80 to resolve CVE-2022-27664 ([#113459](https://github.com/kubernetes/kubernetes/pull/113459), [@aimuz](https://github.com/aimuz)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release and Storage] -- Volumes are no longer detached from healthy nodes after 6 minutes timeout. 6 minute force-detach timeout is used only for unhealthy nodes (`node.status.conditions["Ready"] != true`). ([#110721](https://github.com/kubernetes/kubernetes/pull/110721), [@jsafrane](https://github.com/jsafrane)) [SIG Apps] -- Consider only plugin directory and not entire kubelet root when cleaning up mounts ([#112920](https://github.com/kubernetes/kubernetes/pull/112920), [@mattcary](https://github.com/mattcary)) [SIG Storage] -- Etcd: Update to v3.5.5 ([#113099](https://github.com/kubernetes/kubernetes/pull/113099), [@mk46](https://github.com/mk46)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing] -- Fixed a bug where a change in the `appProtocol` for a Service did not trigger a load balancer update. ([#113032](https://github.com/kubernetes/kubernetes/pull/113032), [@MartinForReal](https://github.com/MartinForReal)) [SIG Cloud Provider and Network] -- Kube-proxy, will restart in case it detects that the Node assigned pod.Spec.PodCIDRs have changed ([#113252](https://github.com/kubernetes/kubernetes/pull/113252), [@code-elinka](https://github.com/code-elinka)) [SIG Cloud Provider, Network, Node and Storage] -- Kubelet no longer reports terminated container metrics from cAdvisor ([#112963](https://github.com/kubernetes/kubernetes/pull/112963), [@bobbypage](https://github.com/bobbypage)) [SIG Node] -- Kubelet: fix GetAllocatableCPUs method in cpumanager ([#113421](https://github.com/kubernetes/kubernetes/pull/113421), [@Garrybest](https://github.com/Garrybest)) [SIG Node] -- Pod logs using --timestamps are not broken up with timestamps anymore. ([#113516](https://github.com/kubernetes/kubernetes/pull/113516), [@rphillips](https://github.com/rphillips)) [SIG Node] -- Allow Label section in vsphere e2e cloudprovider configuration ([#112479](https://github.com/kubernetes/kubernetes/pull/112479), [@gnufied](https://github.com/gnufied)) [SIG Storage and Testing] -- Kube-apiserver: gzip compression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. ([#112399](https://github.com/kubernetes/kubernetes/pull/112399), [@shyamjvs](https://github.com/shyamjvs)) [SIG API Machinery] -- Kube-apiserver: resolved a regression that treated `304 Not Modified` responses from aggregated API servers as internal errors ([#112528](https://github.com/kubernetes/kubernetes/pull/112528), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Kubeadm: allow RSA and ECDSA format keys in preflight check ([#112535](https://github.com/kubernetes/kubernetes/pull/112535), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Fix an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectl while exec auth was in use. ([#112337](https://github.com/kubernetes/kubernetes/pull/112337), [@enj](https://github.com/enj)) [SIG API Machinery and Auth] -- Fix problem in updating VolumeAttached in node status ([#112304](https://github.com/kubernetes/kubernetes/pull/112304), [@xing-yang](https://github.com/xing-yang)) [SIG Apps] -- Kube-apiserver: redirect responses are no longer returned from backends by default. Set `--aggregator-reject-forwarding-redirect=false` to continue forwarding redirect responses. ([#112331](https://github.com/kubernetes/kubernetes/pull/112331), [@enj](https://github.com/enj)) [SIG API Machinery] -- UserName check for 'ContainerAdministrator' is now case-insensitive if runAsNonRoot is set to true on Windows. ([#112211](https://github.com/kubernetes/kubernetes/pull/112211), [@PushkarJ](https://github.com/PushkarJ)) [SIG Node, Testing and Windows] -- Fix JobTrackingWithFinalizers when a pod succeeds after the job is considered failed, which led to API conflicts that blocked finishing the job. ([#111664](https://github.com/kubernetes/kubernetes/pull/111664), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing] -- Fix memory leak in the job controller related to JobTrackingWithFinalizers ([#111722](https://github.com/kubernetes/kubernetes/pull/111722), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps] -- Fix memory leak on kube-scheduler preemption ([#111803](https://github.com/kubernetes/kubernetes/pull/111803), [@amewayne](https://github.com/amewayne)) [SIG Scheduling] -- Fixed potential scheduler crash when scheduling with unsatisfied nodes in PodTopologySpread. ([#111511](https://github.com/kubernetes/kubernetes/pull/111511), [@kerthcet](https://github.com/kerthcet)) [SIG Scheduling] -- Fixing issue on Windows nodes where HostProcess containers may not be created as expected. ([#110966](https://github.com/kubernetes/kubernetes/pull/110966), [@marosset](https://github.com/marosset)) [SIG Node and Windows] -- If the parent directory of the file specified in the `--audit-log-path` argument does not exist, Kubernetes now creates it. ([#111225](https://github.com/kubernetes/kubernetes/pull/111225), [@vpnachev](https://github.com/vpnachev)) [SIG Auth] -- Namespace editors and admins can now create leases.coordination.k8s.io and should use this type for leaderelection instead of configmaps. ([#111515](https://github.com/kubernetes/kubernetes/pull/111515), [@deads2k](https://github.com/deads2k)) [SIG API Machinery and Auth] -- Reduce API server memory when many CRDs are loaded by sharing a single etcd3 client logger across all clients ([#111648](https://github.com/kubernetes/kubernetes/pull/111648), [@negz](https://github.com/negz)) [SIG API Machinery] -- Run kubelet, when there is an error exit, print the error log ([#110917](https://github.com/kubernetes/kubernetes/pull/110917), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Node] -- Fix a bug on endpointslices tests comparing the wrong metrics ([#110920](https://github.com/kubernetes/kubernetes/pull/110920), [@jluhrsen](https://github.com/jluhrsen)) [SIG Apps and Network] -- Fix a bug that caused the wrong result length when using --chunk-size and --selector together ([#110735](https://github.com/kubernetes/kubernetes/pull/110735), [@Abirdcfly](https://github.com/Abirdcfly)) [SIG API Machinery and Testing] -- Fix bug that prevented the job controller from enforcing activeDeadlineSeconds when set ([#110544](https://github.com/kubernetes/kubernetes/pull/110544), [@harshanarayana](https://github.com/harshanarayana)) [SIG Apps] -- Fix image pulling failure when IMDS is unavailable in kubelet startup ([#110523](https://github.com/kubernetes/kubernetes/pull/110523), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix printing resources with int64 fields ([#110572](https://github.com/kubernetes/kubernetes/pull/110572), [@sanchezl](https://github.com/sanchezl)) [SIG API Machinery] -- Fix unnecessary recreation of placeholder EndpointSlice ([#110732](https://github.com/kubernetes/kubernetes/pull/110732), [@jluhrsen](https://github.com/jluhrsen)) [SIG Apps and Network] -- Fixed a regression introduced in 1.24.0 where Azure load balancers were not kept up to date with the state of cluster nodes. In particular, nodes that are not in the ready state and are not newly created (i.e. not having the `node.cloudprovider.kubernetes.io/uninitialized` taint) now get removed from Azure load balancers. ([#109931](https://github.com/kubernetes/kubernetes/pull/109931), [@ricky-rav](https://github.com/ricky-rav)) [SIG Cloud Provider] -- Kubeadm: fix error adding extra prefix unix:// to CRI endpoints that were missing URL scheme ([#110634](https://github.com/kubernetes/kubernetes/pull/110634), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] -- Kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join ([#111021](https://github.com/kubernetes/kubernetes/pull/111021), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- EndpointSlices marked for deletion are now ignored during reconciliation. ([#110484](https://github.com/kubernetes/kubernetes/pull/110484), [@aryan9600](https://github.com/aryan9600)) [SIG Apps and Network] -- Fixed a kubelet issue that could result in invalid pod status updates to be sent to the api-server where pods would be reported in a terminal phase but also report a ready condition of true in some cases. ([#110479](https://github.com/kubernetes/kubernetes/pull/110479), [@bobbypage](https://github.com/bobbypage)) [SIG Node and Testing] -- Pods will now post their readiness during termination. ([#110416](https://github.com/kubernetes/kubernetes/pull/110416), [@aojea](https://github.com/aojea)) [SIG Network, Node and Testing] -- The pod phase lifecycle guarantees that terminal Pods, those whose states are Unready or Succeeded, can not regress and will have all container stopped. Hence, terminal Pods will never be reachable and should not publish their IP addresses on the Endpoints or EndpointSlices, independently of the Service TolerateUnready option. ([#110258](https://github.com/kubernetes/kubernetes/pull/110258), [@robscott](https://github.com/robscott)) [SIG Apps, Network, Node and Testing] -- Fix JobTrackingWithFinalizers that: - - was declaring a job finished before counting all the created pods in the status - - was leaving pods with finalizers, blocking pod and job deletions - - JobTrackingWithFinalizers is still disabled by default. ([#109486](https://github.com/kubernetes/kubernetes/pull/109486), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing] -- Kubeadm: only taint control plane nodes when the legacy "master" taint is present. This avoids a bug where "kubeadm upgrade" will re-taint a control plane node with the new "control plane" taint even if the user explicitly untainted the node. ([#109841](https://github.com/kubernetes/kubernetes/pull/109841), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- A node IP provided to kublet via `--node-ip` will now be preferred for when determining the node's primary IP and using the external cloud provider (CCM). ([#107750](https://github.com/kubernetes/kubernetes/pull/107750), [@stephenfin](https://github.com/stephenfin)) -- A static pod that is rapidly updated was failing to start until the Kubelet was restarted. ([#107900](https://github.com/kubernetes/kubernetes/pull/107900), [@smarterclayton](https://github.com/smarterclayton)) -- Add one metrics(`kubelet_volume_stats_health_abnormal`) of volume health state to kubelet ([#108758](https://github.com/kubernetes/kubernetes/pull/108758), [@fengzixu](https://github.com/fengzixu)) -- Added a new label `type` to `apiserver_flowcontrol_request_execution_seconds` metric - it has the following values: - 'regular': indicates that it is a non long running request - 'watch': indicates that it is a watch request. ([#105517](https://github.com/kubernetes/kubernetes/pull/105517), [@tkashem](https://github.com/tkashem)) -- Added a test to guarantee that conformance clusters require at least 2 untainted nodes. ([#106313](https://github.com/kubernetes/kubernetes/pull/106313), [@aojea](https://github.com/aojea)) -- Adds PV deletion protection finalizer only when PV reclaimPolicy is Delete for dynamically provisioned volumes. ([#109205](https://github.com/kubernetes/kubernetes/pull/109205), [@deepakkinni](https://github.com/deepakkinni)) -- Allowed attached volumes to be mounted quicker by skipping exponential backoff when checking for reported-in-use volumes. ([#106853](https://github.com/kubernetes/kubernetes/pull/106853), [@gnufied](https://github.com/gnufied)) -- Alowed useful inclusion of `-args $prog_args` in KUBE_TEST_ARGS, when doing `make test-integration`. ([#107516](https://github.com/kubernetes/kubernetes/pull/107516), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) -- An inefficient lock in EndpointSlice controller metrics cache has been reworked. Network programming latency may be significantly reduced in certain scenarios, especially in clusters with a large number of Services. ([#107091](https://github.com/kubernetes/kubernetes/pull/107091), [@robscott](https://github.com/robscott)) -- Apiserver will now reject connection attempts to `0.0.0.0/::` when handling a proxy subresource request. ([#107402](https://github.com/kubernetes/kubernetes/pull/107402), [@anguslees](https://github.com/anguslees)) -- Bug: client-go clientset was not defaulting to the user agent, and was using the default golang agent for all the requests. ([#108772](https://github.com/kubernetes/kubernetes/pull/108772), [@aojea](https://github.com/aojea)) -- Bump `sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.0.30` to fix a goroutine leak in kube-apiserver when using egress selctor with the gRPC mode. ([#108437](https://github.com/kubernetes/kubernetes/pull/108437), [@andrewsykim](https://github.com/andrewsykim)) -- CEL validation failure returns object type instead of object. ([#107090](https://github.com/kubernetes/kubernetes/pull/107090), [@cici37](https://github.com/cici37)) -- CRI-API: IPs returned by `PodSandboxNetworkStatus`` are ignored by the kubelet for host-network pods. ([#106715](https://github.com/kubernetes/kubernetes/pull/106715), [@aojea](https://github.com/aojea)) -- Call `NodeExpand` on all nodes in case of RWX volumes ([#108693](https://github.com/kubernetes/kubernetes/pull/108693), [@gnufied](https://github.com/gnufied)) -- Changed node staging path for CSI driver to use a PV agnostic path. Nodes must be drained before updating the kubelet with this change. ([#107065](https://github.com/kubernetes/kubernetes/pull/107065), [@saikat-royc](https://github.com/saikat-royc)) -- Client-go: fixed the paged list calls with `ResourceVersionMatch` set would fail once paging is kicked in. ([#107311](https://github.com/kubernetes/kubernetes/pull/107311), [@fasaxc](https://github.com/fasaxc)) -- Correct event registration for multiple scheduler plugins; this fixes a potential significant delay in re-queueing unschedulable pods. ([#109442](https://github.com/kubernetes/kubernetes/pull/109442), [@ahg-g](https://github.com/ahg-g)) -- Etcd: Update to v3.5.3 ([#109471](https://github.com/kubernetes/kubernetes/pull/109471), [@justaugustus](https://github.com/justaugustus)) -- Existing InTree AzureFile PVs which don't have a secret namespace defined will now work properly after enabling CSI migration - the namespace will be obtained from ClaimRef. ([#108000](https://github.com/kubernetes/kubernetes/pull/108000), [@RomanBednar](https://github.com/RomanBednar)) -- Failure to start a container cannot accidentally result in the pod being considered "Succeeded" in the presence of deletion. ([#107845](https://github.com/kubernetes/kubernetes/pull/107845), [@smarterclayton](https://github.com/smarterclayton)) -- Fix a race in the timeout handler that could lead to kube-apiserver crashes ([#108455](https://github.com/kubernetes/kubernetes/pull/108455), [@Argh4k](https://github.com/Argh4k)) -- Fix container creation errors for pods with cpu requests bigger than 256 cpus ([#106570](https://github.com/kubernetes/kubernetes/pull/106570), [@odinuge](https://github.com/odinuge)) -- Fix issue where the job controller might not remove the job tracking finalizer from pods when deleting a job, or when the pod is orphan ([#108752](https://github.com/kubernetes/kubernetes/pull/108752), [@alculquicondor](https://github.com/alculquicondor)) -- Fix libct/cg/fs2: fixed GetStats for unsupported hugetlb error on Raspbian Bullseye ([#106912](https://github.com/kubernetes/kubernetes/pull/106912), [@Letme](https://github.com/Letme)) -- Fix the bug that the outdated services may be sent to the cloud provider ([#107631](https://github.com/kubernetes/kubernetes/pull/107631), [@lzhecheng](https://github.com/lzhecheng)) -- Fix the overestimated cost of delegated API requests in kube-apiserver API priority & fairness ([#109188](https://github.com/kubernetes/kubernetes/pull/109188), [@wojtek-t](https://github.com/wojtek-t)) -- Fix to allow `fsGroup` to be applied for CSI Inline Volumes ([#108662](https://github.com/kubernetes/kubernetes/pull/108662), [@dobsonj](https://github.com/dobsonj)) -- Fixed CSI migration of Azure Disk in-tree StorageClasses with topology requirements in Azure regions that do not have availability zones. ([#109154](https://github.com/kubernetes/kubernetes/pull/109154), [@jsafrane](https://github.com/jsafrane)) -- Fixed `--retries` functionality for negative values in `kubectl cp` ([#108748](https://github.com/kubernetes/kubernetes/pull/108748), [@atiratree](https://github.com/atiratree)) -- Fixed `azureDisk` parameter lowercase translation issue. ([#107429](https://github.com/kubernetes/kubernetes/pull/107429), [@andyzhangx](https://github.com/andyzhangx)) -- Fixed `azureFile` `volumeID` collision issue in CSI migration. ([#107575](https://github.com/kubernetes/kubernetes/pull/107575), [@andyzhangx](https://github.com/andyzhangx)) -- Fixed a bug in attachdetach controller that didn't properly handle kube-apiserver errors leading to stuck attachments/detachments. ([#108167](https://github.com/kubernetes/kubernetes/pull/108167), [@jfremy](https://github.com/jfremy)) -- Fixed a bug that a pod's `.status.nominatedNodeName` is not cleared properly, and thus over-occupied system resources. ([#106816](https://github.com/kubernetes/kubernetes/pull/106816), [@Huang-Wei](https://github.com/Huang-Wei)) -- Fixed a bug that caused credentials in an exec plugin to override the static certificates set in a kubeconfig. ([#107410](https://github.com/kubernetes/kubernetes/pull/107410), [@margocrawf](https://github.com/margocrawf)) -- Fixed a bug that could cause panic when a `/healthz` request times out. ([#107034](https://github.com/kubernetes/kubernetes/pull/107034), [@benluddy](https://github.com/benluddy)) -- Fixed a bug that out-of-tree plugin is misplaced when using scheduler v1beta3 config ([#108613](https://github.com/kubernetes/kubernetes/pull/108613), [@Huang-Wei](https://github.com/Huang-Wei)) -- Fixed a bug where a partial `EndpointSlice` update could cause node name information to be dropped from endpoints that were not updated. ([#108198](https://github.com/kubernetes/kubernetes/pull/108198), [@liggitt](https://github.com/liggitt)) -- Fixed a bug where unwanted fields were being returned from a `create --dry-run`: uid and, if generateName was used, name. ([#107088](https://github.com/kubernetes/kubernetes/pull/107088), [@joejulian](https://github.com/joejulian)) -- Fixed a bug where vSphere client connections where not being closed during testing. Leaked vSphere client sessions were causing resource exhaustion during automated testing. ([#107337](https://github.com/kubernetes/kubernetes/pull/107337), [@derek-pryor](https://github.com/derek-pryor)) -- Fixed a panic when using invalid output format in `kubectl create secret` command. ([#107221](https://github.com/kubernetes/kubernetes/pull/107221), [@rikatz](https://github.com/rikatz)) -- Fixed a rare race condition handling requests that timeout. ([#107452](https://github.com/kubernetes/kubernetes/pull/107452), [@liggitt](https://github.com/liggitt)) -- Fixed a regression in 1.23 that incorrectly pruned data from array items of a custom resource that set `x-kubernetes-preserve-unknown-fields: true`. ([#107688](https://github.com/kubernetes/kubernetes/pull/107688), [@liggitt](https://github.com/liggitt)) -- Fixed a regression in 1.23 where update requests to previously persisted `Service` objects that have not been modified since 1.19 can be rejected with an incorrect `spec.clusterIPs: Required value` error. ([#107847](https://github.com/kubernetes/kubernetes/pull/107847), [@thockin](https://github.com/thockin)) -- Fixed a regression that could incorrectly reject pods with `OutOfCpu` errors if they were rapidly scheduled after other pods were reported as complete in the API. The Kubelet now waits to report the phase of a pod as terminal in the API until all running containers are guaranteed to have stopped and no new containers can be started. Short-lived pods may take slightly longer (~1s) to report Succeeded or Failed after this change. ([#108366](https://github.com/kubernetes/kubernetes/pull/108366), [@smarterclayton](https://github.com/smarterclayton)) -- Fixed bug in `TopologyManager` for ensuring aligned allocations on machines with more than 2 NUMA nodes ([#108052](https://github.com/kubernetes/kubernetes/pull/108052), [@klueska](https://github.com/klueska)) -- Fixed bug in error messaging for basic-auth and ssh secret validations. ([#106179](https://github.com/kubernetes/kubernetes/pull/106179), [@vivek-koppuru](https://github.com/vivek-koppuru)) -- Fixed detaching CSI volumes from nodes when a CSI driver name has prefix "csi-". ([#107025](https://github.com/kubernetes/kubernetes/pull/107025), [@jsafrane](https://github.com/jsafrane)) -- Fixed duplicate port opening in kube-proxy when `--nodeport-addresses` is empty. ([#107413](https://github.com/kubernetes/kubernetes/pull/107413), [@tnqn](https://github.com/tnqn)) -- Fixed handling of objects with invalid selectors. ([#107559](https://github.com/kubernetes/kubernetes/pull/107559), [@liggitt](https://github.com/liggitt)) -- Fixed indexer bug that resulted in incorrect index updates if number of index values for a given object was changing during update ([#109137](https://github.com/kubernetes/kubernetes/pull/109137), [@wojtek-t](https://github.com/wojtek-t)) -- Fixed kubectl bug where bash completions don't work if `--context` flag is specified with a value that contains a colon. ([#107439](https://github.com/kubernetes/kubernetes/pull/107439), [@brianpursley](https://github.com/brianpursley)) -- Fixed performance regression in JSON logging caused by syncing stdout every time error was logged. ([#107035](https://github.com/kubernetes/kubernetes/pull/107035), [@serathius](https://github.com/serathius)) -- Fixed regression in CPUManager that it will release exclusive CPUs in app containers inherited from init containers when the init containers were removed. ([#104837](https://github.com/kubernetes/kubernetes/pull/104837), [@eggiter](https://github.com/eggiter)) -- Fixed static pod add and removes restarts in certain cases. ([#107695](https://github.com/kubernetes/kubernetes/pull/107695), [@rphillips](https://github.com/rphillips)) -- Fixed: deleted a non-existent Azure disk issue. ([#107406](https://github.com/kubernetes/kubernetes/pull/107406), [@andyzhangx](https://github.com/andyzhangx)) -- Fixed: do not return early in the node informer when there is no change of the topology label. ([#108149](https://github.com/kubernetes/kubernetes/pull/108149), [@nilo19](https://github.com/nilo19)) -- Fixed: removed outdated ipv4 route when the corresponding node is deleted. ([#106164](https://github.com/kubernetes/kubernetes/pull/106164), [@nilo19](https://github.com/nilo19)) -- Fixes bug in CronJob Controller V2 where it would lose track of jobs upon job template labels change. ([#107997](https://github.com/kubernetes/kubernetes/pull/107997), [@d-honeybadger](https://github.com/d-honeybadger)) -- If drainer has nil for Ctx or Client it will error with `RunCordonOrUncordon`. ([#105297](https://github.com/kubernetes/kubernetes/pull/105297), [@jackfrancis](https://github.com/jackfrancis)) -- Improved handling of unmount failures when device may be in-use by another container/process. ([#107789](https://github.com/kubernetes/kubernetes/pull/107789), [@gnufied](https://github.com/gnufied)) -- Improved logging when volume times out waiting for attach/detach. ([#108628](https://github.com/kubernetes/kubernetes/pull/108628), [@RomanBednar](https://github.com/RomanBednar)) -- Improved the rounding of `PodTopologySpread` scores to offer better scoring when spreading a low number of pods. ([#107384](https://github.com/kubernetes/kubernetes/pull/107384), [@sanposhiho](https://github.com/sanposhiho)) -- Increase Azure ACR credential provider timeout ([#108209](https://github.com/kubernetes/kubernetes/pull/108209), [@andyzhangx](https://github.com/andyzhangx)) -- Kube-apiserver: Server Side Apply merge order is reverted to match v1.22 behavior until http://issue.k8s.io/104641 is resolved. ([#106660](https://github.com/kubernetes/kubernetes/pull/106660), [@liggitt](https://github.com/liggitt)) -- Kube-apiserver: ensures the namespace of objects sent to admission webhooks matches the request namespace. Previously, objects without a namespace set would have the request namespace populated after mutating admission, and objects with a namespace that did not match the request namespace would be rejected after admission. ([#94637](https://github.com/kubernetes/kubernetes/pull/94637), [@liggitt](https://github.com/liggitt)) -- Kube-apiserver: removed `apf_fd` from server logs which could contain data identifying the requesting user ([#108631](https://github.com/kubernetes/kubernetes/pull/108631), [@jupblb](https://github.com/jupblb)) -- Kube-proxy in iptables mode now only logs the full iptables input at `-v=9` rather than `-v=5`. ([#108224](https://github.com/kubernetes/kubernetes/pull/108224), [@danwinship](https://github.com/danwinship)) -- Kube-proxy will no longer hold service node ports open on the node. Users are still advised not to run any listener on node ports range used by kube-proxy. ([#108496](https://github.com/kubernetes/kubernetes/pull/108496), [@khenidak](https://github.com/khenidak)) -- Kubeadm: allow the `certs check-expiration` command to not require the existence of the cluster CA key (ca.key file) when checking the expiration of managed certificates in kubeconfig files. ([#106854](https://github.com/kubernetes/kubernetes/pull/106854), [@neolit123](https://github.com/neolit123)) -- Kubeadm: during execution of the `certs check-expiration` command, treat the etcd CA as external if there is a missing etcd CA key file (etcd/ca.key) and perform the proper validation on certificates signed by the etcd CA. Additionally, make sure that the CA for all entries in the output table is included - for both certificates on disk and in kubeconfig files. ([#106891](https://github.com/kubernetes/kubernetes/pull/106891), [@neolit123](https://github.com/neolit123)) -- Kubeadm: fixed a bug related to a warning printed if the `KubeletConfiguration` `resolvConf` field value does not match `/run/systemd/resolve/resolv.conf` ([#107785](https://github.com/kubernetes/kubernetes/pull/107785), [@chendave](https://github.com/chendave)) -- Kubeadm: fixed a bug when using `kubeadm init --dry-run` with certificate authority files (`ca.key` / `ca.crt`) present in `/etc/kubernetes/pki`) ([#108410](https://github.com/kubernetes/kubernetes/pull/108410), [@Haleygo](https://github.com/Haleygo)) -- Kubeadm: fixed a bug where Windows nodes fail to join an IPv6 cluster due to preflight errors ([#108769](https://github.com/kubernetes/kubernetes/pull/108769), [@SataQiu](https://github.com/SataQiu)) -- Kubeadm: fixed the bug that `kubeadm certs generate-csr` command does not remove duplicated SANs ([#107982](https://github.com/kubernetes/kubernetes/pull/107982), [@SataQiu](https://github.com/SataQiu)) -- Kubelet now checks "NoExecute" taint/toleration before accepting pods, except for static pods. ([#101218](https://github.com/kubernetes/kubernetes/pull/101218), [@gjkim42](https://github.com/gjkim42)) -- Metrics Server image bumped to v0.5.2 ([#106492](https://github.com/kubernetes/kubernetes/pull/106492), [@serathius](https://github.com/serathius)) -- Modified command line errors (for example, `kubectl list` -> `unknown command`) that were printed as log message with escaped line breaks instead of a multi-line plain text, making the error hard to read. ([#107044](https://github.com/kubernetes/kubernetes/pull/107044), [@pohly](https://github.com/pohly)) -- Modified log messages that were logged with `"v":0` in JSON output although they were debug messages with a higher verbosity. ([#106978](https://github.com/kubernetes/kubernetes/pull/106978), [@pohly](https://github.com/pohly)) -- No ([#107769](https://github.com/kubernetes/kubernetes/pull/107769), [@liurupeng](https://github.com/liurupeng)) [SIG Cloud Provider and Windows] -- NodeRestriction admission: nodes are now allowed to update PersistentVolumeClaim status fields `resizeStatus` and `allocatedResources` when the `RecoverVolumeExpansionFailure` feature is enabled. ([#107686](https://github.com/kubernetes/kubernetes/pull/107686), [@gnufied](https://github.com/gnufied)) -- Only extend token lifetimes when `--service-account-extend-token-expiration` is true and the requested token audiences are empty or exactly match all values for `--api-audiences`. ([#105954](https://github.com/kubernetes/kubernetes/pull/105954), [@jyotimahapatra](https://github.com/jyotimahapatra)) -- Prevent kube-scheduler from nominating a Pod that was already scheduled to a node ([#109245](https://github.com/kubernetes/kubernetes/pull/109245), [@alculquicondor](https://github.com/alculquicondor)) -- Prevent unnecessary `Endpoints` and `EndpointSlice` updates caused by `Pod ResourceVersion` change ([#108078](https://github.com/kubernetes/kubernetes/pull/108078), [@tnqn](https://github.com/tnqn)) -- Print `` as the value in case kubectl describe ingress shows `default-backend:80` when no default backend is present ([#108506](https://github.com/kubernetes/kubernetes/pull/108506), [@jlsong01](https://github.com/jlsong01)) -- Publishing kube-proxy metrics for Windows kernel-mode ([#106581](https://github.com/kubernetes/kubernetes/pull/106581), [@knabben](https://github.com/knabben)) -- Re-adds response status and headers on verbose kubectl responses ([#108505](https://github.com/kubernetes/kubernetes/pull/108505), [@rikatz](https://github.com/rikatz)) -- Record requests rejected with 429 in the apiserver_request_total metric ([#108927](https://github.com/kubernetes/kubernetes/pull/108927), [@wojtek-t](https://github.com/wojtek-t)) -- Removed validation if AppArmor profiles are loaded on the local node. This should be handled by the container runtime. ([#97966](https://github.com/kubernetes/kubernetes/pull/97966), [@saschagrunert](https://github.com/saschagrunert)) -- Replace the url label of `rest_client_request_duration_seconds` and `rest_client_rate_limiter_duration_seconds` metrics with a host label to prevent cardinality explosions and keep only the useful information. This is a breaking change required for security reasons. ([#106539](https://github.com/kubernetes/kubernetes/pull/106539), [@dgrisonnet](https://github.com/dgrisonnet)) -- Restored `NumPDBViolations` info of nodes, when `HTTPExtender ProcessPreemption`. This info will be used in subsequent filtering steps - `pickOneNodeForPreemption` ([#105853](https://github.com/kubernetes/kubernetes/pull/105853), [@caden2016](https://github.com/caden2016)) -- Reverted graceful node shutdown to match 1.21 behavior of setting pods that have not yet successfully completed to "Failed" phase if the GracefulNodeShutdown feature is enabled in kubelet. The GracefulNodeShutdown feature is beta and must be explicitly configured via kubelet config to be enabled in 1.21+. This changes 1.22 and 1.23 behavior on node shutdown to match 1.21. If you do not want pods to be marked terminated on node shutdown in 1.22 and 1.23, disable the GracefulNodeShutdown feature. ([#106901](https://github.com/kubernetes/kubernetes/pull/106901), [@bobbypage](https://github.com/bobbypage)) -- Reverts the CRI API version surfaced by dockershim to v1alpha2 ([#106803](https://github.com/kubernetes/kubernetes/pull/106803), [@saschagrunert](https://github.com/saschagrunert)) -- Services with "internalTrafficPolicy: Local" now behave more like - "externalTrafficPolicy: Local". Also, "internalTrafficPolicy: Local, - externalTrafficPolicy: Cluster" is now implemented correctly. ([#106497](https://github.com/kubernetes/kubernetes/pull/106497), [@danwinship](https://github.com/danwinship)) -- Sets JobTrackingWithFinalizers, a beta feature, as disabled by default, due to unresolved bug https://github.com/kubernetes/kubernetes/issues/109485 ([#109487](https://github.com/kubernetes/kubernetes/pull/109487), [@alculquicondor](https://github.com/alculquicondor)) -- Skip re-allocate logic if pod is already removed to avoid panic ([#108831](https://github.com/kubernetes/kubernetes/pull/108831), [@waynepeking348](https://github.com/waynepeking348)) -- The Service field `spec.internalTrafficPolicy` is no longer defaulted for Services when the type is `ExternalName`. The field is also dropped on read when the Service type is `ExternalName`. ([#104846](https://github.com/kubernetes/kubernetes/pull/104846), [@andrewsykim](https://github.com/andrewsykim)) -- The `ServerSideFieldValidation` feature has been reverted to alpha for 1.24. ([#109271](https://github.com/kubernetes/kubernetes/pull/109271), [@liggitt](https://github.com/liggitt)) -- The `TopologyAwareHints` feature gate is now enabled by default. This will allow users to opt-in to Topology Aware Hints by setting the `service.kubernetes.io/topology-aware-hints` on a Service. This will not affect any Services without that annotation set. ([#108747](https://github.com/kubernetes/kubernetes/pull/108747), [@robscott](https://github.com/robscott)) -- The deprecated flag `--really-crash-for-testing` was removed. ([#101719](https://github.com/kubernetes/kubernetes/pull/101719), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) -- The kubelet no longer forcefully closes active connections on heartbeat failures, using the HTTP2 health check mechanism to detect broken connections. Users can force the previous behavior of the kubelet by setting the environment variable DISABLE_HTTP2. ([#108107](https://github.com/kubernetes/kubernetes/pull/108107), [@aojea](https://github.com/aojea)) -- This code change fixes the bug that UDP services would trigger unnecessary LoadBalancer updates. The root cause is that a field not working for non-TCP protocols is considered. - ref: https://github.com/kubernetes-sigs/cloud-provider-azure/pull/1090 ([#107981](https://github.com/kubernetes/kubernetes/pull/107981), [@lzhecheng](https://github.com/lzhecheng)) -- Topology translation of in-tree vSphere volume to vSphere CSI. ([#108611](https://github.com/kubernetes/kubernetes/pull/108611), [@divyenpatel](https://github.com/divyenpatel)) -- Updating kubelet permissions check for Windows nodes to see if process is elevated instead of checking if process owner is in Administrators group ([#108146](https://github.com/kubernetes/kubernetes/pull/108146), [@marosset](https://github.com/marosset)) -- `apiserver`, if configured to reconcile the `kubernetes.default` service endpoints, checks if the configured Service IP range matches the apiserver public address IP family, and fails to start if not. ([#106721](https://github.com/kubernetes/kubernetes/pull/106721), [@aojea](https://github.com/aojea)) -- `kubectl version` now fails when given extra arguments. ([#107967](https://github.com/kubernetes/kubernetes/pull/107967), [@jlsong01](https://github.com/jlsong01)) - -##### Other (Cleanup or Flake) - -- Kubelet now defaults to pulling the pause image from registry.k8s.io ([#114341](https://github.com/kubernetes/kubernetes/pull/114341), [@liggitt](https://github.com/liggitt)) [SIG Node] -- '`build/dependencies.yaml`: remove the dependency on Docker. With the dockershim removal, core Kubernetes no longer - has to track the latest validated version of Docker.' ([#107607](https://github.com/kubernetes/kubernetes/pull/107607), [@neolit123](https://github.com/neolit123)) -- API server's deprecated `--experimental-encryption-provider-config` flag is now removed. Adapt your machinery to use the `--encryption-provider-config` flag that is available since v1.13. ([#108423](https://github.com/kubernetes/kubernetes/pull/108423), [@ialidzhikov](https://github.com/ialidzhikov)) -- API server's deprecated `--target-ram-mb` flag is now removed. ([#108457](https://github.com/kubernetes/kubernetes/pull/108457), [@ialidzhikov](https://github.com/ialidzhikov)) -- Added PreemptionPolicy in PriorityClass describe ([#108701](https://github.com/kubernetes/kubernetes/pull/108701), [@denkensk](https://github.com/denkensk)) -- Added an e2e test to verify that the cluster is not vulnerable to CVE-2021-29923 when using Services with IPs with leading zeros, note that this test is a necessary but not sufficient condition, all the components in the clusters that consume IPs addresses from the APIs MUST interpret them as decimal or discard them. ([#107552](https://github.com/kubernetes/kubernetes/pull/107552), [@aojea](https://github.com/aojea)) -- Added an example for the `kubectl plugin list` command. ([#106600](https://github.com/kubernetes/kubernetes/pull/106600), [@bergerhoffer](https://github.com/bergerhoffer)) -- Added details about preemption in the event for scheduling failed. ([#107775](https://github.com/kubernetes/kubernetes/pull/107775), [@denkensk](https://github.com/denkensk)) -- Allow KUBE_TEST_REPO_LIST to be a remote url ([#108429](https://github.com/kubernetes/kubernetes/pull/108429), [@dims](https://github.com/dims)) -- Client-go: if resetting the body fails before a retry, an error is now surfaced to the user. ([#109050](https://github.com/kubernetes/kubernetes/pull/109050), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) -- Deprecate apiserver_dropped_requests_total metric. The same data can be read from apiserver_request_terminations_total metric. ([#109018](https://github.com/kubernetes/kubernetes/pull/109018), [@wojtek-t](https://github.com/wojtek-t)) -- Deprecated types in `k8s.io/apimachinery/util/clock`. Please use `k8s.io/utils/clock` instead. ([#106850](https://github.com/kubernetes/kubernetes/pull/106850), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) -- E2e tests wait for `kube-root-ca.crt` to be populated in namespaces for use with projected service account tokens, reducing delays starting those test pods and errors in the logs. ([#107763](https://github.com/kubernetes/kubernetes/pull/107763), [@smarterclayton](https://github.com/smarterclayton)) -- Endpoints and EndpointSlice controllers no longer populate [resourceVersion of targetRef](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-reference/#ObjectReference) in Endpoints and EndpointSlices ([#108450](https://github.com/kubernetes/kubernetes/pull/108450), [@tnqn](https://github.com/tnqn)) -- Fixed default config flags for `NewDefaultKubectlCommand`. ([#107131](https://github.com/kubernetes/kubernetes/pull/107131), [@jonnylangefeld](https://github.com/jonnylangefeld)) -- Fixed documentation typo in cloud-provider. ([#106445](https://github.com/kubernetes/kubernetes/pull/106445), [@majst01](https://github.com/majst01)) -- Fixed spelling of implemented in pkg/proxy/apis/config/types.go line 206 ([#106453](https://github.com/kubernetes/kubernetes/pull/106453), [@davidleitw](https://github.com/davidleitw)) -- Improve error message when applying CRDs before the CRD exists in a cluster ([#107363](https://github.com/kubernetes/kubernetes/pull/107363), [@eddiezane](https://github.com/eddiezane)) -- Improved algorithm for selecting `best` non-preferred hint in the TopologyManager ([#108154](https://github.com/kubernetes/kubernetes/pull/108154), [@klueska](https://github.com/klueska)) -- Kube-proxy doesn't set the sysctl `net.ipv4.conf.all.route_localnet=1` if no IPv4 loopback address is selected by the `nodePortAddresses` configuration parameter. ([#107684](https://github.com/kubernetes/kubernetes/pull/107684), [@aojea](https://github.com/aojea)) -- Kubeadm: all warning messages are printed to stderr instead of stdout. ([#107467](https://github.com/kubernetes/kubernetes/pull/107467), [@SataQiu](https://github.com/SataQiu)) -- Kubeadm: handled the removal of dockershim related flags for new kubeadm clusters. If kubelet <1.24 is on the host, kubeadm >=1.24 can continue using the built-in dockershim in the kubelet if the user passes the `{Init|Join}Configuration.nodeRegistration.criSocket` value in the kubeadm configuration to be equal to `unix:///var/run/dockershim.sock` on Unix or `npipe:////./pipe/dockershim` on Windows. If kubelet version >=1.24 is on the host, kubeadm >=1.24 will treat all container runtimes as "remote" using the kubelet flags `--container-runtime=remote --container-runtime-endpoint=scheme://some/path`. The special management for kubelet <1.24 will be removed in kubeadm 1.25. ([#106973](https://github.com/kubernetes/kubernetes/pull/106973), [@neolit123](https://github.com/neolit123)) -- Kubeadm: make sure that `kubeadm init/join` always use a URL scheme (unix:// on Linux and npipe:// on Windows) when passing a value to the `--container-runtime-endpoint` kubelet flag. This flag's value is taken from the kubeadm configuration `criSocket` field or the `--cri-socket` CLI flag. Automatically add a missing URL scheme to the user configuration in memory, but warn them that they should also update their configuration on disk manually. During `kubeadm upgrade apply/node` mutate the `/var/lib/kubelet/kubeadm-flags.env` file on disk and the `kubeadm.alpha.kubernetes.io/cri-socket` annotation Node object if needed. These automatic actions are temporary and will be removed in a future release. In the future the kubelet may not support CRI endpoints without an URL scheme. ([#107295](https://github.com/kubernetes/kubernetes/pull/107295), [@neolit123](https://github.com/neolit123)) -- Kubeadm: remove the `IPv6DualStack` feature gate. The feature has been GA and locked to enabled since 1.23. ([#106648](https://github.com/kubernetes/kubernetes/pull/106648), [@calvin0327](https://github.com/calvin0327)) -- Kubeadm: removed the deprecated `output/v1alpha1` API used for machine readable output by some kubeadm commands. In 1.23 kubeadm started using the newer version `output/v1alpha2` for the same purpose. ([#107468](https://github.com/kubernetes/kubernetes/pull/107468), [@neolit123](https://github.com/neolit123)) -- Kubeadm: removed the restriction that the `ca.crt` can only contain one certificate. If there is more than one certificate in the `ca.crt` file, kubeadm will pick the first one by default. ([#107327](https://github.com/kubernetes/kubernetes/pull/107327), [@SataQiu](https://github.com/SataQiu)) -- Kubectl stack traces now only print at verbose `-v=99` and not `-v=6` ([#108053](https://github.com/kubernetes/kubernetes/pull/108053), [@eddiezane](https://github.com/eddiezane)) -- Kubectl: restored `--dry-run`, `--dry-run=true`, and `--dry-run=false` for compatibility with pre-1.23 invocations. ([#107003](https://github.com/kubernetes/kubernetes/pull/107003), [@julianvmodesto](https://github.com/julianvmodesto)) -- Kubelet config validation error messages are updated. ([#105360](https://github.com/kubernetes/kubernetes/pull/105360), [@shuheiktgw](https://github.com/shuheiktgw)) -- Kubernetes e2e framework will use the url `invalid.registry.k8s.io/invalid` instead `invalid.com/invalid` for test that use an invalid registry. ([#107455](https://github.com/kubernetes/kubernetes/pull/107455), [@aojea](https://github.com/aojea)) -- Marked kubelet `--container-runtime-endpoint` and `--image-service-endpoint` CLI flags as stable. ([#106954](https://github.com/kubernetes/kubernetes/pull/106954), [@saschagrunert](https://github.com/saschagrunert)) -- Migrate `volume/csi/csi-client.go` logs to structured logging. ([#99441](https://github.com/kubernetes/kubernetes/pull/99441), [@CKchen0726](https://github.com/CKchen0726)) -- Migrate statefulset files to structured logging ([#106109](https://github.com/kubernetes/kubernetes/pull/106109), [@h4ghhh](https://github.com/h4ghhh)) -- Refactor kubelet command line for enabling features and "drop `RuntimeClass` feature gate" if present. Note that this feature has been on by default since 1.14 and was GA'ed in 1.20. ([#106882](https://github.com/kubernetes/kubernetes/pull/106882), [@cyclinder](https://github.com/cyclinder)) -- Remove deprecated `--serviceaccount`, `--hostport`, `--requests` and `--limits` from kubectl run. ([#108820](https://github.com/kubernetes/kubernetes/pull/108820), [@mozillazg](https://github.com/mozillazg)) -- Remove support for `node-expansion` between `node-stage` and `node-publish` ([#108614](https://github.com/kubernetes/kubernetes/pull/108614), [@gnufied](https://github.com/gnufied)) -- Removed deprecated `generator` and `container-port` flags ([#106824](https://github.com/kubernetes/kubernetes/pull/106824), [@lauchokyip](https://github.com/lauchokyip)) -- Removed kubelet `--non-masquerade-cidr` deprecated CLI flag ([#107096](https://github.com/kubernetes/kubernetes/pull/107096), [@hakman](https://github.com/hakman)) -- Rename unschedulableQ to unschedulablePods ([#108919](https://github.com/kubernetes/kubernetes/pull/108919), [@denkensk](https://github.com/denkensk)) -- SPDY transport in client-go will no longer follow redirects. ([#108531](https://github.com/kubernetes/kubernetes/pull/108531), [@tallclair](https://github.com/tallclair)) -- ServerResources was deprecated in February 2019 (https://github.com/kubernetes/kubernetes/commit/618050e) and now it's being removed and ServerGroupsAndResources is suggested to be used instead ([#107180](https://github.com/kubernetes/kubernetes/pull/107180), [@ardaguclu](https://github.com/ardaguclu)) -- The API server's deprecated `--deserialization-cache-size` flag is now removed. ([#108448](https://github.com/kubernetes/kubernetes/pull/108448), [@ialidzhikov](https://github.com/ialidzhikov)) -- The `--container-runtime` kubelet flag is deprecated and will be removed in future releases. ([#107094](https://github.com/kubernetes/kubernetes/pull/107094), [@adisky](https://github.com/adisky)) -- The `WarningHeaders` feature gate that is GA since v1.22 is unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#108394](https://github.com/kubernetes/kubernetes/pull/108394), [@ialidzhikov](https://github.com/ialidzhikov)) -- The `e2e.test` binary supports a new `--kubelet-root` parameter to override the default `/var/lib/kubelet` path. CSI storage tests use this. ([#108253](https://github.com/kubernetes/kubernetes/pull/108253), [@pohly](https://github.com/pohly)) -- The fluentd-elasticsearch addon is no longer included in the cluster directory. It is available from https://github.com/kubernetes-sigs/instrumentation-addons/tree/master/fluentd-elasticsearch. ([#107553](https://github.com/kubernetes/kubernetes/pull/107553), [@liggitt](https://github.com/liggitt)) -- The scheduler framework option `runAllFilters` is removed. ([#108829](https://github.com/kubernetes/kubernetes/pull/108829), [@kerthcet](https://github.com/kerthcet)) -- Updated cri-tools to [v1.23.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.23.0). ([#107604](https://github.com/kubernetes/kubernetes/pull/107604), [@saschagrunert](https://github.com/saschagrunert)) -- Updated runc to 1.1.0 and updated cadvisor to 0.44.0 ([#109029](https://github.com/kubernetes/kubernetes/pull/109029), [@ehashman](https://github.com/ehashman)) -- Updated runc to 1.1.1 ([#109104](https://github.com/kubernetes/kubernetes/pull/109104), [@kolyshkin](https://github.com/kolyshkin)) -- Updated the error message to not use the `--max-resource-write-bytes` & `--json-patch-max-copy-bytes` string. ([#106875](https://github.com/kubernetes/kubernetes/pull/106875), [@warmchang](https://github.com/warmchang)) -- Users who look at iptables dumps will see some changes in the naming and structure of rules. ([#109060](https://github.com/kubernetes/kubernetes/pull/109060), [@thockin](https://github.com/thockin)) -- Windows Pause no longer has support for SAC releases 1903, 1909, 2004. Windows image support is now Ltcs 2019 (1809), 20H2, LTSC 2022 ([#107056](https://github.com/kubernetes/kubernetes/pull/107056), [@jsturtevant](https://github.com/jsturtevant)) -- [k8s.io/utils/clock]: IntervalClock is now deprecated in favour of SimpleIntervalClock ([#108059](https://github.com/kubernetes/kubernetes/pull/108059), [@RaghavRoy145](https://github.com/RaghavRoy145)) -- `kube-addon-manager` image version is bumped to 9.1.6 ([#108341](https://github.com/kubernetes/kubernetes/pull/108341), [@zshihang](https://github.com/zshihang)) -- Add SourceVolumeMode field to VolumeSnapshotContents. Documentation for this alpha feature is pending. ([#665](https://github.com/kubernetes-csi/external-snapshotter/pull/665), [@RaunakShah](https://github.com/RaunakShah)) -- Update snapshotter module to v6 and client module to v5. Documentation for this alpha feature is pending. ([#670],(https://github.com/kubernetes-csi/external-snapshotter/pull/670), [@RaunakShah](https://github.com/RaunakShah)) - -##### Uncategorized - -- Deprecate kubectl version long output, will be replaced with kubectl version ` --short`. Users requiring full output should use `--output=yaml|json` instead. ([#108987](https://github.com/kubernetes/kubernetes/pull/108987), [@soltysh](https://github.com/soltysh)) - - -#### Dependencies - -##### Added -- github.com/armon/go-socks5: [e753329](https://github.com/armon/go-socks5/tree/e753329) -- github.com/blang/semver/v4: [v4.0.0](https://github.com/blang/semver/v4/tree/v4.0.0) -- github.com/google/gnostic: [v0.5.7-v3refs](https://github.com/google/gnostic/tree/v0.5.7-v3refs) - -##### Changed -- golang.org/x/net: 1e63c2f → v0.7.0 -- golang.org/x/sys: v0.3.0 → v0.5.0 -- golang.org/x/term: v0.3.0 → v0.5.0 -- golang.org/x/text: v0.5.0 → v0.7.0 -- github.com/google/cel-go: [v0.10.2 → v0.10.4](https://github.com/google/cel-go/compare/v0.10.2...v0.10.4) -- k8s.io/system-validators: v1.7.0 → v1.8.0 -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.33 → v0.0.35 -- sigs.k8s.io/structured-merge-diff/v4: v4.2.1 → v4.2.3 -- github.com/yuin/goldmark: [v1.4.1 → v1.4.13](https://github.com/yuin/goldmark/compare/v1.4.1...v1.4.13) -- golang.org/x/mod: 9b9b3d8 → 86c51ed -- golang.org/x/sync: 036812b → 886fb93 -- golang.org/x/tools: 897bd77 → v0.1.12 -- github.com/stretchr/objx: [v0.2.0 → v0.4.0](https://github.com/stretchr/objx/compare/v0.2.0...v0.4.0) -- github.com/stretchr/testify: [v1.7.0 → v1.8.0](https://github.com/stretchr/testify/compare/v1.7.0...v1.8.0) -- go.uber.org/goleak: v1.1.10 → v1.2.0 -- golang.org/x/lint: 6edffad → 83fdc39 -- gopkg.in/yaml.v3: 496545a → v3.0.1 -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.30 → v0.0.33 -- github.com/cespare/xxhash/v2: [v2.1.1 → v2.1.2](https://github.com/cespare/xxhash/v2/compare/v2.1.1...v2.1.2) -- github.com/checkpoint-restore/go-criu/v5: [v5.0.0 → v5.3.0](https://github.com/checkpoint-restore/go-criu/v5/compare/v5.0.0...v5.3.0) -- github.com/cilium/ebpf: [v0.6.2 → v0.7.0](https://github.com/cilium/ebpf/compare/v0.6.2...v0.7.0) -- github.com/containerd/console: [v1.0.2 → v1.0.3](https://github.com/containerd/console/compare/v1.0.2...v1.0.3) -- github.com/containerd/containerd: [v1.4.11 → v1.4.12](https://github.com/containerd/containerd/compare/v1.4.11...v1.4.12) -- github.com/cpuguy83/go-md2man/v2: [v2.0.0 → v2.0.1](https://github.com/cpuguy83/go-md2man/v2/compare/v2.0.0...v2.0.1) -- github.com/cyphar/filepath-securejoin: [v0.2.2 → v0.2.3](https://github.com/cyphar/filepath-securejoin/compare/v0.2.2...v0.2.3) -- github.com/docker/distribution: [v2.7.1+incompatible → v2.8.1+incompatible](https://github.com/docker/distribution/compare/v2.7.1...v2.8.1) -- github.com/docker/docker: [v20.10.7+incompatible → v20.10.12+incompatible](https://github.com/docker/docker/compare/v20.10.7...v20.10.12) -- github.com/godbus/dbus/v5: [v5.0.4 → v5.0.6](https://github.com/godbus/dbus/v5/compare/v5.0.4...v5.0.6) -- github.com/golang/mock: [v1.5.0 → v1.6.0](https://github.com/golang/mock/compare/v1.5.0...v1.6.0) -- github.com/google/cadvisor: [v0.43.0 → v0.44.1](https://github.com/google/cadvisor/compare/v0.43.0...v0.44.1) -- github.com/moby/sys/mountinfo: [v0.4.1 → v0.6.0](https://github.com/moby/sys/mountinfo/compare/v0.4.1...v0.6.0) -- github.com/moby/term: [9d4ed18 → 3f7ff69](https://github.com/moby/term/compare/9d4ed18...3f7ff69) -- github.com/opencontainers/image-spec: [v1.0.1 → v1.0.2](https://github.com/opencontainers/image-spec/compare/v1.0.1...v1.0.2) -- github.com/opencontainers/runc: [v1.0.2 → v1.1.1](https://github.com/opencontainers/runc/compare/v1.0.2...v1.1.1) -- github.com/opencontainers/selinux: [v1.8.2 → v1.10.0](https://github.com/opencontainers/selinux/compare/v1.8.2...v1.10.0) -- github.com/prometheus/client_golang: [v1.11.0 → v1.12.1](https://github.com/prometheus/client_golang/compare/v1.11.0...v1.12.1) -- github.com/prometheus/common: [v0.28.0 → v0.32.1](https://github.com/prometheus/common/compare/v0.28.0...v0.32.1) -- github.com/prometheus/procfs: [v0.6.0 → v0.7.3](https://github.com/prometheus/procfs/compare/v0.6.0...v0.7.3) -- github.com/russross/blackfriday/v2: [v2.0.1 → v2.1.0](https://github.com/russross/blackfriday/v2/compare/v2.0.1...v2.1.0) -- github.com/seccomp/libseccomp-golang: [v0.9.1 → 3879420](https://github.com/seccomp/libseccomp-golang/compare/v0.9.1...3879420) -- github.com/spf13/cobra: [v1.2.1 → v1.4.0](https://github.com/spf13/cobra/compare/v1.2.1...v1.4.0) -- go.etcd.io/etcd/api/v3: v3.5.0 → v3.5.1 -- go.etcd.io/etcd/client/pkg/v3: v3.5.0 → v3.5.1 -- go.etcd.io/etcd/client/v3: v3.5.0 → v3.5.1 -- golang.org/x/crypto: 32db794 → 8634188 -- golang.org/x/oauth2: 2bc19b1 → d3ed0bb -- golang.org/x/time: 1f47c86 → 90d013b -- google.golang.org/genproto: fe13028 → 42d7afd -- k8s.io/gengo: 485abfe → c02415c -- k8s.io/klog/v2: v2.30.0 → v2.60.1 -- k8s.io/kube-openapi: e816edb → 3ee0da9 -- k8s.io/utils: cb0fa31 → 3a6ce19 -- sigs.k8s.io/json: c049b76 → 9f7c6b3 -- sigs.k8s.io/kustomize/api: v0.10.1 → v0.11.4 -- sigs.k8s.io/kustomize/cmd/config: v0.10.2 → v0.10.6 -- sigs.k8s.io/kustomize/kustomize/v4: v4.4.1 → v4.5.4 -- sigs.k8s.io/kustomize/kyaml: v0.13.0 → v0.13.6 - -##### Removed -- cloud.google.com/go/firestore: v1.1.0 -- github.com/armon/go-metrics: [f0300d1](https://github.com/armon/go-metrics/tree/f0300d1) -- github.com/armon/go-radix: [7fddfc3](https://github.com/armon/go-radix/tree/7fddfc3) -- github.com/bgentry/speakeasy: [v0.1.0](https://github.com/bgentry/speakeasy/tree/v0.1.0) -- github.com/bits-and-blooms/bitset: [v1.2.0](https://github.com/bits-and-blooms/bitset/tree/v1.2.0) -- github.com/bketelsen/crypt: [v0.0.4](https://github.com/bketelsen/crypt/tree/v0.0.4) -- github.com/containernetworking/cni: [v0.8.1](https://github.com/containernetworking/cni/tree/v0.8.1) -- github.com/fatih/color: [v1.7.0](https://github.com/fatih/color/tree/v1.7.0) -- github.com/googleapis/gnostic: [v0.5.5](https://github.com/googleapis/gnostic/tree/v0.5.5) -- github.com/hashicorp/consul/api: [v1.1.0](https://github.com/hashicorp/consul/api/tree/v1.1.0) -- github.com/hashicorp/consul/sdk: [v0.1.1](https://github.com/hashicorp/consul/sdk/tree/v0.1.1) -- github.com/hashicorp/errwrap: [v1.0.0](https://github.com/hashicorp/errwrap/tree/v1.0.0) -- github.com/hashicorp/go-cleanhttp: [v0.5.1](https://github.com/hashicorp/go-cleanhttp/tree/v0.5.1) -- github.com/hashicorp/go-immutable-radix: [v1.0.0](https://github.com/hashicorp/go-immutable-radix/tree/v1.0.0) -- github.com/hashicorp/go-msgpack: [v0.5.3](https://github.com/hashicorp/go-msgpack/tree/v0.5.3) -- github.com/hashicorp/go-multierror: [v1.0.0](https://github.com/hashicorp/go-multierror/tree/v1.0.0) -- github.com/hashicorp/go-rootcerts: [v1.0.0](https://github.com/hashicorp/go-rootcerts/tree/v1.0.0) -- github.com/hashicorp/go-sockaddr: [v1.0.0](https://github.com/hashicorp/go-sockaddr/tree/v1.0.0) -- github.com/hashicorp/go-syslog: [v1.0.0](https://github.com/hashicorp/go-syslog/tree/v1.0.0) -- github.com/hashicorp/go-uuid: [v1.0.1](https://github.com/hashicorp/go-uuid/tree/v1.0.1) -- github.com/hashicorp/go.net: [v0.0.1](https://github.com/hashicorp/go.net/tree/v0.0.1) -- github.com/hashicorp/golang-lru: [v0.5.0](https://github.com/hashicorp/golang-lru/tree/v0.5.0) -- github.com/hashicorp/hcl: [v1.0.0](https://github.com/hashicorp/hcl/tree/v1.0.0) -- github.com/hashicorp/logutils: [v1.0.0](https://github.com/hashicorp/logutils/tree/v1.0.0) -- github.com/hashicorp/mdns: [v1.0.0](https://github.com/hashicorp/mdns/tree/v1.0.0) -- github.com/hashicorp/memberlist: [v0.1.3](https://github.com/hashicorp/memberlist/tree/v0.1.3) -- github.com/hashicorp/serf: [v0.8.2](https://github.com/hashicorp/serf/tree/v0.8.2) -- github.com/magiconair/properties: [v1.8.5](https://github.com/magiconair/properties/tree/v1.8.5) -- github.com/mattn/go-colorable: [v0.0.9](https://github.com/mattn/go-colorable/tree/v0.0.9) -- github.com/mattn/go-isatty: [v0.0.3](https://github.com/mattn/go-isatty/tree/v0.0.3) -- github.com/miekg/dns: [v1.0.14](https://github.com/miekg/dns/tree/v1.0.14) -- github.com/mitchellh/cli: [v1.0.0](https://github.com/mitchellh/cli/tree/v1.0.0) -- github.com/mitchellh/go-homedir: [v1.0.0](https://github.com/mitchellh/go-homedir/tree/v1.0.0) -- github.com/mitchellh/go-testing-interface: [v1.0.0](https://github.com/mitchellh/go-testing-interface/tree/v1.0.0) -- github.com/mitchellh/gox: [v0.4.0](https://github.com/mitchellh/gox/tree/v0.4.0) -- github.com/mitchellh/iochan: [v1.0.0](https://github.com/mitchellh/iochan/tree/v1.0.0) -- github.com/pascaldekloe/goe: [57f6aae](https://github.com/pascaldekloe/goe/tree/57f6aae) -- github.com/pelletier/go-toml: [v1.9.3](https://github.com/pelletier/go-toml/tree/v1.9.3) -- github.com/posener/complete: [v1.1.1](https://github.com/posener/complete/tree/v1.1.1) -- github.com/ryanuber/columnize: [9b3edd6](https://github.com/ryanuber/columnize/tree/9b3edd6) -- github.com/sean-/seed: [e2103e2](https://github.com/sean-/seed/tree/e2103e2) -- github.com/shurcooL/sanitized_anchor_name: [v1.0.0](https://github.com/shurcooL/sanitized_anchor_name/tree/v1.0.0) -- github.com/spf13/cast: [v1.3.1](https://github.com/spf13/cast/tree/v1.3.1) -- github.com/spf13/jwalterweatherman: [v1.1.0](https://github.com/spf13/jwalterweatherman/tree/v1.1.0) -- github.com/spf13/viper: [v1.8.1](https://github.com/spf13/viper/tree/v1.8.1) -- github.com/subosito/gotenv: [v1.2.0](https://github.com/subosito/gotenv/tree/v1.2.0) -- gopkg.in/ini.v1: v1.62.0 diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.0.0-beta1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.0.0-beta1.md deleted file mode 100644 index 6c698c6ac2..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.0.0-beta1.md +++ /dev/null @@ -1,181 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v19.0.0-beta1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v19.0.0-beta1 - version: 19.0.0-beta1 - version_tag: v19.0.0-beta1 -date: '2023-04-05T14:25:19' -description: Release notes for AWS workload cluster release v19.0.0-beta1, published - on 05 April 2023, 14:25. -title: Workload cluster release v19.0.0-beta1 for AWS ---- - -***THIS IS A BETA RELEASE - We highly advise to test your upgrades in lowest environment or new clusters*** - -This Giant Swarm release introduces Kubernetes 1.24, replaces the use of AWS CNI with Cilium and upgrades most components. This release also deprecates and removes use of `kiam` by default in favor of `IAM Roles for Service Accounts (IRSA)`. - -> **_CNI Warning:_** Upgrade includes changes from AWS CNI to Cilium, please check `Cilium breaking changes` section for further details. - -> **_IAM Warning:_** The `kiam` application will be removed from clusters in favor of IAM Roles for Service Accounts (IRSA). please check `IRSA breaking changes` section for further details. - -> **_Network Policies Warning:_** Cilium implementation of Kubernetes `NetworkPolicies` has known limitations regarding CIDR selectors. If you have NetworkPolicies containing `ipBlock` fields referencing IPs of the cluster nodes and/or Pod IPs and/or Service IPs and/or 0.0.0.0/0 your applications might stop working when upgrading to this release. Please get in touch with your SA for further details. - -:rotating_light: ***Cilium breaking changes*** -- The AWS CNI pod subnets are no longer used by Cilium. Please add custom routes with the node subnet(s) CIDR(s) instead of the AWS CNI pod subnets CIDR before upgrading to this release. -- [Network Policy](https://docs.cilium.io/en/stable/concepts/kubernetes/policy/#networkpolicy-state) provided by Cilium does not cover support for setting [ipBlock with Pod IP](https://github.com/cilium/cilium/issues/9209). Components in need of this will have to use [CiliumNetworkPolicy](https://docs.cilium.io/en/stable/concepts/kubernetes/policy/#ciliumnetworkpolicy) which has wider scope. Please inspect your workloads and configured Network Policies carefully. -- The upgrade process [documentation](https://handbook.giantswarm.io/docs/support-and-ops/ops-recipes/upgrade-to-cilium/) is available. Please read it carefully and reach out in case of questions. -- Due to changes to CRs during upgrade the `gitops` automation will have to be suspended and any applied changes backported to the repos before resuming. - -:rotating_light: ***IRSA breaking changes*** -- Please read the [updated documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/) -- Please remember that `kiam-app` will be removed by default during the upgrade. -- Please remember to adapt the IAM policies prior to upgrade as specified in the [documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/) -- There have been breaking changes introduced to the `Cloudfront domain alias` to provide greater predictability and enable easier automation of AWS IAM role creation by customers. Please adjust AWS IAM roles accordingly to the [documentation](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/#aws-release-v19) prior to the upgrade. - -***General highlights*** -- The [k8s-dns-node-cache-app](https://github.com/giantswarm/k8s-dns-node-cache-app/) is now deployed by default. After the upgrade please delete the application if you have deployed it through managed catalog. Afterwards the app will be installed automatically. -- The [prometheus-blackbox-exporter](https://github.com/giantswarm/prometheus-blackbox-exporter/) is a new monitoring component deployed by default. This is a blackbox monitoring tool that will validate internal, DNS and external connectivity. -- `Cilium` will have Hubble UI enabled by default for troubleshooting and observability. - -## Change details - - -### app-operator [6.6.3](https://github.com/giantswarm/app-operator/releases/tag/v6.6.3) - -### Changed - -- Lowered resource requests and limits -- Changed VPA to consider unique and workload cluster operators as well and added support for min allowed fields of CPU and memory - - -### aws-operator [14.15.0](https://github.com/giantswarm/aws-operator/releases/tag/v14.15.0) - -### Fixed -- Allow to enable ACLs for a S3 buckets. - - - -### cluster-operator [5.6.0](https://github.com/giantswarm/cluster-operator/releases/tag/v5.6.0) - -#### Added -- Add use of runtime/default seccomp profile. -#### Changed -- Disable `default policies` creation for Cilium App. -- Add `cert-manager` as dependency for `aws-pod-identity-webhook` app. -- Enable `ciliumNetworkPolicy.enabled` flag for all apps. -#### Fixed -- Don't remove finalizer for in-cluster apps when cluster is being deleted. - - - -### aws-ebs-csi-driver [2.21.0](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.21.0) - -#### Added -- Add cilium network policies. - - - -### cert-exporter [2.4.0](https://github.com/giantswarm/cert-exporter/releases/tag/v2.4.0) - -#### Added -- Add cilium network policies. - - - -### cert-manager [2.21.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.21.0) - -#### Added -- Chart: Add `CiliumNetworkPolicy`. ([#301](https://github.com/giantswarm/cert-manager-app/pull/301)) - - - -### cilium [0.9.3](https://github.com/giantswarm/cilium-app/releases/tag/v0.9.3) - -#### Changed -- Use `image.registry` value as image registry for all containers in the chart. - -#### Added -- Add network policy to allow exposing hubble UI through ingress. - - -### external-dns [2.35.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.35.0) - -#### Changed -- Make CiliumNetworkPolicy CR creation be deployed or not with a flag in the Values. - - - -### kube-state-metrics [1.15.0](https://github.com/giantswarm/kube-state-metrics-app/releases/tag/v1.15.0) - -#### Added -- Add cilium network policies. - - - -### metrics-server [2.1.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v2.1.0) - -#### Added -- Add cilium network policies. - - - -### net-exporter [1.14.0](https://github.com/giantswarm/net-exporter/releases/tag/v1.14.0) - -#### Added -- Add `Cilium Network Policy` to net-exporter. -#### Changed -- Don't push net-exporter to capa-app-collection because it's already a default app. -- Don't push net-exporter to cloud-director-app-collection and vsphere-app-collection because it's already in default app bundles. - - - -### vertical-pod-autoscaler [3.4.0](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v3.4.0) - -#### Added -- Add cilium network policies. - - - -### observability-bundle [0.3.0](https://github.com/giantswarm/observability-bundle/releases/tag/v0.3.0) - -#### Changed -- Add new app dependency mechanism (`app-operator.giantswarm.io/depends-on`) to the prometheus-operator-app and agent so they are not installed until the CRD app is deployed. -- prometheus-operator: drop `apiserver_request_slo_duration_seconds_bucket` metrics from apiserver -- upgrade `prometheus-operator-app` to 4.0.1 and `prometheus-operator-crd` to 4.0.0 -- upgrade `prometheus-agent` to 0.3.0 to support chinese registry -#### Added -- Add `promtail-app` v1.0.1 disabled by default. - - - -### k8s-dns-node-cache-app [2.1.0](https://github.com/giantswarm/k8s-dns-node-cache-app/releases/tag/v2.1.0) - -#### Changed -- Switch to ServiceMonitors for metrics scraping. - - - -### prometheus-blackbox-exporter [0.3.1](https://github.com/giantswarm/prometheus-blackbox-exporter/releases/tag/v0.3.1) - -#### Fixed -- Change image registry for DaemonSet. - - - -### cilium-servicemonitors [0.0.2](https://github.com/giantswarm/cilium-servicemonitors-app/releases/tag/v0.0.2) - -#### Changed -- Add labels to servicemonitors - - - -### irsa-servicemonitors [0.0.1](https://github.com/giantswarm/irsa-servicemonitors-app/releases/tag/v0.0.1) - -#### Added - -- First release. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.0.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.0.0.md deleted file mode 100644 index af9ba745cb..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.0.0.md +++ /dev/null @@ -1,1106 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v19.0.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/v19.0.0 - version: 19.0.0 - version_tag: v19.0.0 -date: '2023-05-17T09:34:06' -description: Release notes for AWS workload cluster release v19.0.0, published on - 17 May 2023, 09:34. -title: Workload cluster release v19.0.0 for AWS ---- - -> **WARNING:** Please talk to your Account Engineer prior to upgrading. You will be provided with a checklist to follow and validate your clusters. - -This release includes upgrades of components and Kubernetes version to 1.24. The upgrade to `v19.0.0` involve two major changes for customers, namely the migration from the AWS VPC CNI to Cilium and the replacement of Kiam with IAM Roles for Service Accounts(IRSA) for authenticating pods against the AWS API. -Next sections are describing important changes we will introduce with the new release, the key benefits, what customers can do to prepare and how to avoid downtime during this crucial upgrade. - -***IAM Permissions Requirements*** -The minimal requirement for the IAM permissions is [Version 3.3.0](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/blob/master/CHANGELOG.md#330---2023-05-11) of [giantswarm-aws-account-prerequisites](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/) repository. - -## Cilium - -Say goodbye to slow network initialization times and hello to lightning-fast performance with [Cilium](https://github.com/cilium/cilium), our new Kubernetes CNI solution! - -### Key Highlights - -- Service Mesh integration: `Cilium` is designed to work seamlessly with popular service meshes like `Istio`, `Linkerd`, and `Envoy`. This allows for more advanced networking and security features, such as mTLS encryption and observability. -- `Cilium` uses a virtual network which provides more flexibility, faster network initialization, and more advanced networking features compared to `AWS CNI` affecting the IP addresses. -- Advanced networking features: `Cilium` supports advanced networking features such as load balancing, network segmentation, and eBPF-based packet filtering. These features allow for more granular control over network traffic and improve security. -- Scalability: `Cilium's` eBPF-based data plane is highly scalable and performs well even at scale. It is also highly efficient, reducing overhead and maximizing performance. -- Improvements in pods time to come up due to cilium endpoint refresh substituting the kubeproxy refresh of iptables. -- More efficient usage of IP space - fully described in `Cilium and IP space` section below. - -### What changes with Cilium? - -With `Cilium`, you'll no longer be using the `AWS CNI` Pod subnets, so be sure to add custom routes with the `Node subnet(s) CIDR(s)` instead. - -Additionally, while `Cilium's Network Policy` provides powerful security features, support for setting `ipBlock` with `Pod IPs` is not implemented in Cilium, so be sure to inspect your workloads and configure `Network Policies` carefully. The Account Engineers will reach out to you and help to provide the `CiliumNetworkPolicies` before the upgrade in order to have no downtime during the switch. [Cilium-prerequisites](https://github.com/giantswarm/cilium-prerequisites) app that installs the `CiliumNetworkPolicy` CRD is available in the catalog as well as will be installed with GS version `v18.4.0` to provide seemless upgrade experience. - -It's important to note that due to changes to `Cluster CR's` during the upgrade process, `GitOps` automation will have to be suspended and any applied changes backported to the repos before resuming. Keep this in mind as you prepare for the upgrade. This needs to be evaluated on a case-by-case basis, since different GitOps implementations might only keep _some_ parts of `Cluster` CRs in Git. Feel free to reach out to your Account Engineer to understand more about these changes. - -To ensure a smooth transition to `Cilium`, we've prepared a [comprehensive upgrade process](https://handbook.giantswarm.io/docs/support-and-ops/ops-recipes/upgrade-to-cilium/) that explains every migration step in detail, so you can feel confident in following the process and avoid any potential issues. We have also extended our [documentation](https://docs.giantswarm.io/platform-overview/cluster-management/vintage/aws/#pod-networking) which describes differences between `AWS CNI` and `Cilium` - -#### Cilium and AWS Load Balancer Controller - -If you are running `aws-load-balancer-controller` inside your clusters for managing [Network Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html) and you did set the annotation `service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip`, you need to change it to `service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance`. - -For further information, please checkout the [documentation](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/service/annotations/#traffic-routing) - -#### Cilium and pod CIDR - -While switching to Cilium we are forced to change the CIDR used to assign IPs to Pods (192.168.0.0/16 by default). -The process is automated for the vast majority of the clusters, but if you had set up custom networking settings in your cluster the upgrade might be blocked by admission controllers. If that is the case, reach out to your SA and you'll receive guidance how to move on with the upgrade. Same thing applies if you don't want to stick with the default value and prefer to change it. - -#### Cilium and improved IP space usage - -Migration from AWS CNI to Cilium allowed us to improve the IP space delegation per WC, meaning that starting with AWS v19 release customers will be able to use full range of the CIDR instead of 25%. - -#### AWS-CNI in releases prior to v19 - -By default at Giant Swarm the pod CIDR is set to 10.2.0.0/16 and can be customized in the AWSCluster CR. -The CIDR is added in the VPC CIDR and thus cannot overlap with other CIDRs in the cluster and any other CIDR in peered VPCs. - -The pod CIDR space needs to be split into separate, contiguous CIDR space, one for each AZ. Since Giant Swarm supports 3 AZs, we need to divide the range into 4 subranges. In the default scenario, we end up with 4 /18 blocks (16k addresses each). One of the /18 blocks is unused meaning we have 16k (or 1/4th) IP addresses "lost". - -#### Cilium in releases v19 and further - -In v19 and further releases the default pod CIDR is 192.168.0.0/16. The default can be changed by setting a field in the AWSCluster CR as it was the case so far. - -*WARNING*: If pods need to talk directly with private IP addresses reachable through the VPC (for example peered resources) then those target private IP addresses must be on a separate IP space. - -This CIDR is used across the whole cluster, regardless of AZs and all addresses from the range can be used. In the default setting, each node gets assigned a /25 subnet for pods running in it. Meaning we can have as many as 65k pods in a cluster (~ 595 nodes in theory) but that can be increased by providing a larger pod cidr space to begin with. - -#### Maximum number of pods in a node - -With AWS-CNI, IP addresses assigned to pods are actually IP addresses assigned to the node itself. -Depending on the instance type, there is a limit on the number of IP addresses assignable to each instance. This means in practice that clusters using AWS-CNI will have less pods per node in principle. With Cilium, we can use the max number of pods per node as [suggested by k8s](https://kubernetes.io/docs/setup/best-practices/cluster-large/) which is 110. - -#### Cilium Troubleshooting -We have included a small [ops-recipe](https://handbook.giantswarm.io/docs/support-and-ops/ops-recipes/cilium-troubleshooting/) for details how you can start troubleshoot Cilium issues. - -## IAM roles for service accounts (IRSA) - -By switching from `KIAM` to `IAM Roles for Service Accounts (IRSA)`, we're making it easier and more secure for your Kubernetes workloads to interact with AWS services. - -### Key Highlights - -- Official AWS way to authenticate pods to AWS API. -- Reduced complexity: IRSA eliminates the need for a separate service like KIAM, streamlining your Kubernetes clusters. -- Regional STS (Security Token Service) rather than using global STS - -### What changes with IRSA? - -During the upgrade, we are removing `KIAM` as a default app in your workload clusters but it is possible to install it optionally. If you need to keep using KIAM in v19 clusters, please reach out to your SA. - -Additionally, we are creating a `Cloudfront Domain Alias` (except China) for each cluster which is used as the [OpenID Connect (OIDC) identity provider](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html) to improve predictability and simplify IAM role creation. - -To ensure that your applications can assume the appropriate IAM roles, you need to add the `Cloudfront Domain Alias` to those roles as a [trust entity](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/#aws-release-v19). - -We have also adjusted the `external-dns` IRSA trust policy to facilitate externalDNS role being assumed by any Service Account containing `external-dns` phrase to allow multiple app deployments. - -To help make your transition to `IRSA` as easy as possible, we've added more context on our [official docs](https://docs.giantswarm.io/advanced/iam-roles-for-service-accounts/). - -## Other release highlights - -### 🎣 DNS Node Cache - -To improve the DNS performance of your cluster [k8s-dns-node-cache-app](https://github.com/giantswarm/k8s-dns-node-cache-app) will be deployed by default. - -#### Key Highlights - -- Faster DNS lookups: The app caches DNS lookups on each node, reducing the time it takes to resolve domain names. -- Lower latency: By caching DNS requests locally on each node, the app reduces the need to query external DNS servers, which can improve latency. -- Reducing network traffic: By caching DNS responses locally on each node, the app reduces the need for repeated queries to external DNS servers, which can reduce network traffic. - -If you previously deployed `k8s-dns-node-cache-app` through the managed catalog, you can delete the application after the upgrade, as it will be automatically re-installed. - -### Prometheus Blackbox Exporter - -The [prometheus-blackbox-exporter](https://github.com/giantswarm/prometheus-blackbox-exporter-app) is a new monitoring component installed by default with release `v19`. - -#### Key Highlights - -- Flexible monitoring: The blackbox exporter allows users to monitor endpoints from various protocols like HTTP, HTTPS, DNS, TCP, ICMP, and more. -- Real-time monitoring: The exporter provides real-time monitoring of the endpoints and helps detect issues before they turn into major problems. -- Customizable checks: The blackbox exporter can be customized to perform specific checks on the endpoints, which helps in identifying problems quickly. -- Integration with Prometheus: The exporter integrates seamlessly with Prometheus, allowing users to visualize and analyze data collected from the endpoints. - -We're aiming to provide a comprehensive blackbox monitoring tool that can validate internal, DNS and external connectivity. - -### 🔭 Cilium Hubble - -`Cilium` will have [Hubble](https://github.com/cilium/hubble) enabled by default for troubleshooting and observability. - -#### Key Highlights - -- Provides real-time visibility into network traffic with advanced filtering and aggregation capabilities. -- Helps troubleshoot connectivity issues with its network flow and DNS query analysis features. - -#### Caveats and know limitations - -- Hubble's UI is not exposed by default, but can be reached using port forwarding. More information regarding the access in the [ops-recipe](https://handbook.giantswarm.io/docs/support-and-ops/ops-recipes/cilium-troubleshooting/#hubble-ui) - -## Change details - - -### app-operator [6.7.0](https://github.com/giantswarm/app-operator/releases/tag/v6.7.0) - -#### Changed -- Only include PodSecurityPolicy on clusters with policy/v1beta1 api available. -- Only include PodMonitor on clusters with monitoring.coreos.com/v1 api available. -#### Removed -- Stop pushing to `openstack-app-collection`. - - - -### aws-operator [14.17.1-patch3](https://github.com/giantswarm/aws-operator/releases/tag/v14.17.1-patch3) - -#### Added -- Add toleration for new control-plane taint. -#### Fixed -- Ensure `net.ipv4.conf.eth0.rp_filter` is set to `2` if aws-CNI is used. -- Make `routes-fixer` script compatible with alpine. -- Change AWS LB Controller Trust Policy for the new S3 bucket in China clusters. -### Changed -- Change Route53 Trust Policy to allow multiple applications to use the role. -- Update IAM policy for AWS LoadBalancer Controller. - -### cluster-operator [5.6.1-patch1](https://github.com/giantswarm/cluster-operator/releases/tag/v5.6.1-patch1) - -#### Fixed -- Don't enable Cilium network policies on Azure. -#### Changed -- Patch app operator version on all apps instead of just optional ones. - -### k8s-dns-node-cache-app [v2.3.1](https://github.com/giantswarm/k8s-dns-node-cache-app/releases/tag/v2.3.1) - -### Changed -- Disable IPV6 queries. -- Remove VPA. -- Remove resource limits. - - -### aws-cloud-controller-manager [1.24.1-gs9](https://github.com/giantswarm/aws-cloud-controller-manager-app/releases/tag/v1.24.1-gs9) - -#### Changed -- Adjusted VerticalPodAutoscaler minimum allowed CPU and memory - -#### Fixed -- Quote environment variables that contain numeric values, because it's required by kubernetes. - - - -### aws-ebs-csi-driver [2.21.1](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.21.1) - -#### Fixed -- Use `string` type for the proxy parameters on the `values.schema.json` file. - - - -### cert-exporter [2.5.1](https://github.com/giantswarm/cert-exporter/releases/tag/v2.5.1) - -#### Changed -- Allow requests from the api-server. -- Update icon -- Disable PSPs for k8s 1.25 and newer. - - - -### chart-operator [2.35.0](https://github.com/giantswarm/chart-operator/releases/tag/v2.35.0) - -#### Changed -- Disable PSPs for k8s 1.25 and newer. - - - -### cilium [0.10.0](https://github.com/giantswarm/cilium-app/releases/tag/v0.10.0) - -#### Changed -- Enable PDB for `cilium-operator`. - - - -### cluster-autoscaler [1.24.0-gs3](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.24.0-gs3) - -#### Changed -- Adjusted VerticalPodAutoscaler minimum allowed CPU and memory -- Add 'projected' volumes to the PSP. -- Add new-pod-scale-up-delay variable. -- Disable PSPs for k8s 1.25 and newer. - - - -### coredns [1.17.1](https://github.com/giantswarm/coredns-app/releases/tag/v1.17.1) - -#### Added -- Add scaling based on custom metrics ([#209](https://github.com/giantswarm/coredns-app/pull/209)). -#### Changed -- Decouple PDB configuration from deployment updateStrategy ([#208](https://github.com/giantswarm/coredns-app/pull/208)). -- Disable IPV6. - - - -### external-dns [2.37.1](https://github.com/giantswarm/external-dns-app/releases/tag/v2.37.1) - -#### Changed -- Disable PSPs for k8s 1.25 and newer. - - - -### metrics-server [2.2.0](https://github.com/giantswarm/metrics-server-app/releases/tag/v2.2.0) - -#### Changed -- Disable PSPs for k8s 1.25 and newer. -- Switch to `apiVersion: policy/v1` for PodDisruptionBudget. - - - -### net-exporter [1.15.0](https://github.com/giantswarm/net-exporter/releases/tag/v1.15.0) - -#### Changed -- Allow requests from the api-server. -- Disable PSPs for k8s 1.25 and newer. - - - -### node-exporter [1.16.0](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.16.0) - -#### Changed -- Disable PSPs for k8s 1.25 and newer. - - - -### vertical-pod-autoscaler [3.5.2](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v3.5.2) - -#### Changed -- Remove circleci job for pushing to shared app collection -- Raised resources for updater and recommender. -- Drop all CAPabilities in container SecurityContext for Kyverno Policy compliance -- Set AllowPrivilegeEscalation=false in container SecurityContext for Kyverno Policy compliance - - -### vertical-pod-autoscaler-crd [2.0.1](https://github.com/giantswarm/vertical-pod-autoscaler-crd/releases/tag/v2.0.1) - -#### Changed -- in [#59](https://github.com/giantswarm/vertical-pod-autoscaler-crd/pull/59) removed duplicate resources for the CRDs definition causing errors during mc-bootstrap - - - - - -### observability-bundle [0.5.1](https://github.com/giantswarm/observability-bundle/releases/tag/v0.5.1) - -#### Changed -- Remove cluster prefix to app name in _helpers.tpl - - - -### prometheus-blackbox-exporter [0.3.2](https://github.com/giantswarm/prometheus-blackbox-exporter/releases/tag/v0.3.2) - -#### Added -- Add icon. - - - -### cilium-servicemonitors [0.1.1](https://github.com/giantswarm/cilium-servicemonitors-app/releases/tag/v0.1.1) - -#### Added -- Add overridability to the servicemonitors relabelings and metric_relabelings sections. - - - -### cert-manager [2.25.0](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.25.0) - -### Changed - -- Remove control plane node toleration of CA injector deployment. This caused problems on single control plane node clusters. ([#362](https://github.com/giantswarm/cert-manager-app/pull/362)) -- Update container image versions to use [v1.12.4](https://github.com/cert-manager/cert-manager/releases/tag/v1.12.4) - - - -### kubernetes [1.24.13](https://github.com/kubernetes/kubernetes/releases/tag/v1.24.13) - -#### Changelog since v1.23.0 - -#### Major Themes - -##### Dockershim Removed from kubelet - -After its deprecation in v1.20, the dockershim component has been removed from the kubelet. -From v1.24 onwards, you will need to either use one of the other [supported runtimes](https://kubernetes.io/docs/setup/production-environment/container-runtimes/) (such as containerd or CRI-O) -or use cri-dockerd if you are relying on Docker Engine as your container runtime. -For more information about ensuring your cluster is ready for this removal, please -see [this guide](https://kubernetes.io/blog/2022/03/31/ready-for-dockershim-removal/). - -##### Beta APIs Off by Default - -[New beta APIs will not be enabled in clusters by default](https://github.com/kubernetes/enhancements/issues/3136). -Existing beta APIs and new versions of existing beta APIs, will continue to be enabled by default. - -##### Signing Release Artifacts - -Release artifacts are [signed](https://github.com/kubernetes/enhancements/issues/3031) using [cosign](https://github.com/sigstore/cosign) -signatures -and there is experimental support for [verifying image signatures](https://kubernetes.io/docs/tasks/administer-cluster/verify-signed-images/). -Signing and verification of release artifacts is part of [increasing software supply chain security for the Kubernetes release process](https://github.com/kubernetes/enhancements/issues/3027). - -##### OpenAPI v3 - -Kubernetes 1.24 offers beta support for publishing its APIs in the [OpenAPI v3 format](https://github.com/kubernetes/enhancements/issues/2896). - -##### Storage Capacity and Volume Expansion Are Generally Available - -[Storage capacity tracking](https://github.com/kubernetes/enhancements/issues/1472) -supports exposing currently available storage capacity via [CSIStorageCapacity objects](https://kubernetes.io/docs/concepts/storage/storage-capacity/#api) -and enhances scheduling of pods that use CSI volumes with late binding. - -[Volume expansion](https://github.com/kubernetes/enhancements/issues/284) adds support -for resizing existing persistent volumes. - -##### NonPreemptingPriority to Stable - -This feature adds [a new option to PriorityClasses](https://github.com/kubernetes/enhancements/issues/902), -which can enable or disable pod preemption. - -##### Storage Plugin Migration - -There is work under way to [migrate the internals of in-tree storage plugins](https://github.com/kubernetes/enhancements/issues/625) to call out to CSI Plugins, -while maintaining the original API. -The [Azure Disk](https://github.com/kubernetes/enhancements/issues/1490) -and [OpenStack Cinder](https://github.com/kubernetes/enhancements/issues/1489) plugins -have both been migrated. - -##### gRPC Probes Graduate to Beta - -With Kubernetes 1.24, the [gRPC probes functionality](https://github.com/kubernetes/enhancements/issues/2727) -has entered beta and is available by default. You can now [configure startup, liveness, and readiness probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) for your gRPC app -natively within Kubernetes, without exposing an HTTP endpoint or -using an extra executable. - -##### Kubelet Credential Provider Graduates to Beta - -Originally released as Alpha in Kubernetes 1.20, the kubelet's support for -[image credential providers](https://kubernetes.io/docs/tasks/kubelet-credential-provider/kubelet-credential-provider/) -has now graduated to Beta. -This allows the kubelet to dynamically retrieve credentials for a container image registry -using exec plugins, rather than storing credentials on the node's filesystem. - -##### Contextual Logging in Alpha - -Kubernetes 1.24 has introduced [contextual logging](https://github.com/kubernetes/enhancements/issues/3077) -that enables the caller of a function to control all aspects of logging (output formatting, verbosity, additional values and names). - -##### Avoiding Collisions in IP allocation to Services - -Kubernetes 1.24 introduced a new opt-in feature that allows you to -[soft-reserve a range for static IP address assignments](https://kubernetes.io/docs/concepts/services-networking/service/#service-ip-static-sub-range) -to Services. -With the manual enablement of this feature, the cluster will prefer automatic assignment from -the pool of Service IP addresses thereby reducing the risk of collision. - -A Service `ClusterIP` can be assigned: - -* dynamically, which means the cluster will automatically pick a free IP within the configured Service IP range. -* statically, which means the user will set one IP within the configured Service IP range. - -Service `ClusterIP` are unique, hence, trying to create a Service with a `ClusterIP` that has already been allocated will return an error. - -#### Urgent Upgrade Notes - -##### (No, really, you MUST read this before you upgrade) - -- Docker runtime support using dockershim in the kubelet is now completely removed in 1.24. The kubelet used to have a module called dockershim, which implements CRI support for Docker, and it has seen maintenance issues in the Kubernetes community. From 1.24 onwards, please move to a container runtime that is a full-fledged implementation of CRI (v1alpha1 or v1 compliant) as they become available. ([#97252](https://github.com/kubernetes/kubernetes/pull/97252), [@dims](https://github.com/dims)) -- Fixed bug with leads to Node goes `Not-ready` state when credentials for vCenter stored in a secret and Zones feature is in use. Zone labels setup moved to KCM component, kubelet skips this step during startup in such case. If credentials stored in cloud-provider config file as plaintext current behaviour does not change and no action required. For proper functioning `kube-system:vsphere-legacy-cloud-provider` should be allowed to update node object if vCenter credentials stored in secret and Zone feature used. ([#101028](https://github.com/kubernetes/kubernetes/pull/101028), [@lobziik](https://github.com/lobziik)) -- The `LegacyServiceAccountTokenNoAutoGeneration` feature gate is beta, and enabled by default. When enabled, Secret API objects containing service account tokens are no longer auto-generated for every ServiceAccount. Use the [TokenRequest](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) API to acquire service account tokens, or if a non-expiring token is required, create a Secret API object for the token controller to populate with a service account token by following this [guide](https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets). ([#108309](https://github.com/kubernetes/kubernetes/pull/108309), [@zshihang](https://github.com/zshihang)) -- The calculations for Pod topology spread skew now exclude nodes that - don't match the node affinity/selector. This may lead to unschedulable pods if you previously had pods - matching the spreading selector on those excluded nodes (not matching the node affinity/selector), - especially when the `topologyKey` is not node-level. Revisit the node affinity and/or pod selector in the - topology spread constraints to avoid this scenario. ([#107009](https://github.com/kubernetes/kubernetes/pull/107009), [@kerthcet](https://github.com/kerthcet)) -- Remove the deprecated flag `--experimental-check-node-capabilities-before-mount`. With CSI now GA, there is a better alternative. Remove any use of `--experimental-check-node-capabilities-before-mount` from your kubelet scripts or manifests. ([#104732](https://github.com/kubernetes/kubernetes/pull/104732), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- `kubeadm.k8s.io/v1beta2` has been deprecated and will be removed in a future release, possibly in 3 releases (one year). You should start using `kubeadm.k8s.io/v1beta3` for new clusters. To migrate your old configuration files on disk you can use the `kubeadm config migrate` command. ([#107013](https://github.com/kubernetes/kubernetes/pull/107013), [@pacoxu](https://github.com/pacoxu)) -- Kubeadm: default the kubeadm configuration to the containerd socket (Unix: `unix:///var/run/containerd/containerd.sock`, Windows: `npipe:////./pipe/containerd-containerd`) instead of the one for Docker. If the `Init|JoinConfiguration.nodeRegistration.criSocket` field is empty during cluster creation and multiple sockets are found on the host always throw an error and ask the user to specify which one to use by setting the value in the field. Make sure you update any kubeadm configuration files on disk, to not include the dockershim socket unless you are still using kubelet version < 1.24 with kubeadm >= 1.24. Remove the DockerValidor and ServiceCheck for the `docker` service from kubeadm preflight. Docker is no longer special cased during host validation and ideally this task should be done in the now external cri-dockerd project where the importance of the compatibility matters. Use `crictl` for all communication with CRI sockets for actions like pulling images and obtaining a list of running containers instead of using the docker CLI in the case of Docker. ([#107317](https://github.com/kubernetes/kubernetes/pull/107317), [@neolit123](https://github.com/neolit123)) -- The feature gate was mentioned as `csiMigrationRBD` where it should have been `CSIMigrationRBD` to be in parity with other migration plugins. This release correct the same and keep it as `CSIMigrationRBD`. - users who have configured this feature gate as `csiMigrationRBD` has to reconfigure the same to `CSIMigrationRBD` from this release. ([#107554](https://github.com/kubernetes/kubernetes/pull/107554), [@humblec](https://github.com/humblec)) -- The experimental dynamic log sanitization feature has been deprecated and removed in the 1.24 release. The feature is no longer available for use. ([#107207](https://github.com/kubernetes/kubernetes/pull/107207), [@ehashman](https://github.com/ehashman)) -- Kubeadm: apply `second stage` of the plan to migrate kubeadm away from the usage of the word `master` in labels and taints. For new clusters, the label `node-role.kubernetes.io/master` will no longer be added to control plane nodes, only the label `node-role.kubernetes.io/control-plane` will be added. For clusters that are being upgraded to 1.24 with `kubeadm upgrade apply`, the command will remove the label `node-role.kubernetes.io/master` from existing control plane nodes. For new clusters, both the old taint `node-role.kubernetes.io/master:NoSchedule` and new taint `node-role.kubernetes.io/control-plane:NoSchedule` will be added to control plane nodes. In release 1.20 (`first stage`), a release note instructed to preemptively tolerate the new taint. For clusters that are being upgraded to 1.24 with `kubeadm upgrade apply`, the command will add the new taint `node-role.kubernetes.io/control-plane:NoSchedule` to existing control plane nodes. Please adapt your infrastructure to these changes. In 1.25 the old taint `node-role.kubernetes.io/master:NoSchedule` will be removed. ([#107533](https://github.com/kubernetes/kubernetes/pull/107533), [@neolit123](https://github.com/neolit123)) - -#### Changes by Kind - -##### Deprecation - -- Deprecated `Service.Spec.LoadBalancerIP`. This field was under-specified and its meaning varies across implementations. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version. ([#107235](https://github.com/kubernetes/kubernetes/pull/107235), [@uablrek](https://github.com/uablrek)) -- Kube-apiserver: the `--master-count` flag and `--endpoint-reconciler-type=master-count` reconciler are deprecated in favor of the lease reconciler ([#108062](https://github.com/kubernetes/kubernetes/pull/108062), [@aojea](https://github.com/aojea)) -- Kube-apiserver: the insecure address flags `--address`, `--insecure-bind-address`, `--port` and `--insecure-port` (inert since 1.20) are removed ([#106859](https://github.com/kubernetes/kubernetes/pull/106859), [@knight42](https://github.com/knight42)) -- Kubeadm: graduated the `UnversionedKubeletConfigMap` feature gate to Beta and enabled the feature by default. This implies that 1) for new clusters kubeadm will start using the `kube-system/kubelet-config` naming scheme for the kubelet ConfigMap and RBAC rules, instead of the legacy `kubelet-config-x.yy` naming. 2) during upgrade, kubeadm will only write the new scheme ConfigMap and RBAC objects. To disable the feature you can pass `UnversionedKubeletConfigMap: false` in the kubeadm config for new clusters. For upgrade on existing clusters you can also override the behavior by patching the ClusterConfiguration object in `kube-system/kubeadm-config`. More details in the associated KEP. ([#108027](https://github.com/kubernetes/kubernetes/pull/108027), [@neolit123](https://github.com/neolit123)) -- Remove `tolerate-unready-endpoints` annotation in Service deprecated from 1.11, use `Service.spec.publishNotReadyAddresses` instead. ([#108020](https://github.com/kubernetes/kubernetes/pull/108020), [@tossmilestone](https://github.com/tossmilestone)) -- Remove deprecated feature gates `ValidateProxyRedirects` and `StreamingProxyRedirects` ([#106830](https://github.com/kubernetes/kubernetes/pull/106830), [@pacoxu](https://github.com/pacoxu)) -- Remove insecure serving configuration from cloud-provider package, which is consumed by cloud-controller-managers. ([#108953](https://github.com/kubernetes/kubernetes/pull/108953), [@nckturner](https://github.com/nckturner)) -- The `--pod-infra-container-image` kubelet flag is deprecated and will be removed in future releases ([#108045](https://github.com/kubernetes/kubernetes/pull/108045), [@hakman](https://github.com/hakman)) -- The `client.authentication.k8s.io/v1alpha1` ExecCredential has been removed. If you are using a client-go credential plugin that relies on the v1alpha1 API please contact the distributor of your plugin for instructions on how to migrate to the v1 API. ([#108616](https://github.com/kubernetes/kubernetes/pull/108616), [@margocrawf](https://github.com/margocrawf)) -- The `node.k8s.io/v1alpha1` RuntimeClass API is no longer served. Use the `node.k8s.io/v1` API version, available since v1.20 ([#103061](https://github.com/kubernetes/kubernetes/pull/103061), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) -- The cluster addon for dashboard was removed. To install dashboard, see [here](https://github.com/kubernetes/dashboard/blob/master/docs/user/README.md). ([#107481](https://github.com/kubernetes/kubernetes/pull/107481), [@shu-mutou](https://github.com/shu-mutou)) -- The in-tree Azure plugin has been deprecated. The Azure kubelogin plugin serves as an out-of-tree replacement via the kubectl/client-go credential plugin mechanism. Users will now see a warning in the logs regarding this deprecation. ([#107904](https://github.com/kubernetes/kubernetes/pull/107904), [@sabbey37](https://github.com/sabbey37)) -- The insecure address flags `--address` and `--port` in kube-controller-manager have had no effect since v1.20 and are removed in v1.24. ([#106860](https://github.com/kubernetes/kubernetes/pull/106860), [@knight42](https://github.com/knight42)) -- The metadata.clusterName field is deprecated. This field has always been unwritable and always blank, but its presence is confusing, so we will remove it next release. Out of an abundance of caution, this release we have merely changed the name in the go struct to ensure any accidental client uses are found before complete removal. ([#108717](https://github.com/kubernetes/kubernetes/pull/108717), [@lavalamp](https://github.com/lavalamp)) -- VSphere releases less than 7.0u2 are deprecated as of v1.24. Please consider upgrading vSphere to 7.0u2 or above. vSphere CSI Driver requires minimum vSphere 7.0u2. - - General Support for vSphere 6.7 will end on October 15, 2022. vSphere 6.7 Update 3 is deprecated in Kubernetes v1.24. Customers are recommended to upgrade vSphere (both ESXi and vCenter) to 7.0u2 or above. vSphere CSI Driver 2.2.3 and higher supports CSI Migration. - - Support for these deprecations will be available till October 15, 2022. ([#109089](https://github.com/kubernetes/kubernetes/pull/109089), [@deepakkinni](https://github.com/deepakkinni)) - -##### API Change - -- Kubernetes 1.24 is now built with go1.19.4 ([#113956](https://github.com/kubernetes/kubernetes/pull/113956), [@liggitt](https://github.com/liggitt)) [SIG Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] -- Protobuf serialization of metav1.MicroTime timestamps (used in `Lease` and `Event` API objects) has been corrected to truncate to microsecond precision, to match the documented behavior and JSON/YAML serialization. Any existing persisted data is truncated to microsecond when read from etcd. ([#111936](https://github.com/kubernetes/kubernetes/pull/111936), [@haoruan](https://github.com/haoruan)) [SIG API Machinery] -- Revert regression that prevented client-go latency metrics to be reported with a template URL to avoid label cardinality. ([#112056](https://github.com/kubernetes/kubernetes/pull/112056), [@aanm](https://github.com/aanm)) [SIG API Machinery] -- Add 2 new options for kube-proxy running in winkernel mode. `--forward-healthcheck-vip`, if specified as true, health check traffic whose destination is service VIP will be forwarded to kube-proxy's healthcheck service. `--root-hnsendpoint-name` specifies the name of the hns endpoint for the root network namespace. This option enables the pass-through load balancers like Google's GCLB to correctly health check the backend services. Without this change, the health check packets is dropped, and Windows node will be considered to be unhealthy by those load balancers. ([#99287](https://github.com/kubernetes/kubernetes/pull/99287), [@anfernee](https://github.com/anfernee)) -- Added CEL runtime cost calculation into CustomerResource validation. CustomerResource validation will fail if runtime cost exceeds the budget. ([#108482](https://github.com/kubernetes/kubernetes/pull/108482), [@cici37](https://github.com/cici37)) -- Added a new metric `webhook_fail_open_count` to monitor webhooks that fail to open. ([#107171](https://github.com/kubernetes/kubernetes/pull/107171), [@ltagliamonte-dd](https://github.com/ltagliamonte-dd)) -- Adds a new Status subresource in Network Policy objects ([#107963](https://github.com/kubernetes/kubernetes/pull/107963), [@rikatz](https://github.com/rikatz)) -- Adds support for `InterfaceNamePrefix` and `BridgeInterface` as arguments to `--detect-local-mode` option and also introduces a new optional `--pod-interface-name-prefix` and `--pod-bridge-interface` flags to kube-proxy. ([#95400](https://github.com/kubernetes/kubernetes/pull/95400), [@tssurya](https://github.com/tssurya)) -- CEL CRD validation expressions may now reference existing object state using the identifier `oldSelf`. ([#108073](https://github.com/kubernetes/kubernetes/pull/108073), [@benluddy](https://github.com/benluddy)) -- CRD deep copies should no longer contain shallow copies of `JSONSchemaProps.XValidations`. ([#107956](https://github.com/kubernetes/kubernetes/pull/107956), [@benluddy](https://github.com/benluddy)) -- CRD writes will generate validation errors if a CEL validation rule references the identifier `oldSelf` on a part of the schema that does not support it. ([#108013](https://github.com/kubernetes/kubernetes/pull/108013), [@benluddy](https://github.com/benluddy)) -- CSIStorageCapacity.storage.k8s.io: The v1beta1 version of this API is deprecated in favor of v1, and will be removed in v1.27. If a CSI driver supports storage capacity tracking, then it must get deployed with a release of external-provisioner that supports the v1 API. ([#108445](https://github.com/kubernetes/kubernetes/pull/108445), [@pohly](https://github.com/pohly)) -- Custom resource requests with `fieldValidation=Strict` consistently require `apiVersion` and `kind`, matching non-strict requests ([#109019](https://github.com/kubernetes/kubernetes/pull/109019), [@liggitt](https://github.com/liggitt)) -- Feature of `DefaultPodTopologySpread` is graduated to GA ([#108278](https://github.com/kubernetes/kubernetes/pull/108278), [@kerthcet](https://github.com/kerthcet)) -- Feature of `NonPreemptingPriority` is graduated to GA ([#107432](https://github.com/kubernetes/kubernetes/pull/107432), [@denkensk](https://github.com/denkensk)) -- Feature of `PodOverhead` is graduated to GA ([#108441](https://github.com/kubernetes/kubernetes/pull/108441), [@pacoxu](https://github.com/pacoxu)) -- Fixed OpenAPI serialization of the x-kubernetes-validations field ([#107970](https://github.com/kubernetes/kubernetes/pull/107970), [@liggitt](https://github.com/liggitt)) -- Fixed failed flushing logs in defer function when kubelet cmd exit 1. ([#104774](https://github.com/kubernetes/kubernetes/pull/104774), [@kerthcet](https://github.com/kerthcet)) -- Fixes a regression in v1beta1 PodDisruptionBudget handling of `strategic merge patch`-type API requests for the `selector` field. Prior to 1.21, these requests would merge `matchLabels` content and replace `matchExpressions` content. In 1.21, patch requests touching the `selector` field started replacing the entire selector. This is consistent with server-side apply and the v1 PodDisruptionBudget behavior, but should not have been changed for v1beta1. ([#108138](https://github.com/kubernetes/kubernetes/pull/108138), [@liggitt](https://github.com/liggitt)) -- Improve kubectl's user help commands readability ([#104736](https://github.com/kubernetes/kubernetes/pull/104736), [@lauchokyip](https://github.com/lauchokyip)) -- Indexed Jobs graduated to stable. ([#107395](https://github.com/kubernetes/kubernetes/pull/107395), [@alculquicondor](https://github.com/alculquicondor)) -- Introduce a v1alpha1 networking API for ClusterCIDRConfig ([#108290](https://github.com/kubernetes/kubernetes/pull/108290), [@sarveshr7](https://github.com/sarveshr7)) -- Introduction of a new "sync_proxy_rules_no_local_endpoints_total" proxy metric. This metric represents the number of services with no internal endpoints. The "traffic_policy" label will contain both "internal" or "external". ([#108930](https://github.com/kubernetes/kubernetes/pull/108930), [@MaxRenaud](https://github.com/MaxRenaud)) -- JobReadyPods graduates to Beta and it's enabled by default. ([#107476](https://github.com/kubernetes/kubernetes/pull/107476), [@alculquicondor](https://github.com/alculquicondor)) -- Kube-apiserver: `--audit-log-version` and `--audit-webhook-version` now only support the default value of `audit.k8s.io/v1`. The v1alpha1 and v1beta1 audit log versions, deprecated since 1.13, have been removed. ([#108092](https://github.com/kubernetes/kubernetes/pull/108092), [@carlory](https://github.com/carlory)) -- Kube-apiserver: the `metadata.selfLink` field can no longer be populated by kube-apiserver; it was deprecated in 1.16 and has not been populated by default since 1.20+. ([#107527](https://github.com/kubernetes/kubernetes/pull/107527), [@wojtek-t](https://github.com/wojtek-t)) -- Kubelet external Credential Provider feature is moved to Beta. Credential Provider Plugin and Credential Provider Config API's updated from v1alpha1 to v1beta1 with no API changes. ([#108847](https://github.com/kubernetes/kubernetes/pull/108847), [@adisky](https://github.com/adisky)) -- Make STS available replicas optional again. ([#109241](https://github.com/kubernetes/kubernetes/pull/109241), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- MaxUnavailable for StatefulSets, allows faster RollingUpdate by taking down more than 1 pod at a time. The number of pods you want to take down during a RollingUpdate is configurable using maxUnavailable parameter. ([#82162](https://github.com/kubernetes/kubernetes/pull/82162), [@krmayankk](https://github.com/krmayankk)) -- Non-graceful node shutdown handling is enabled for stateful workload failovers ([#108486](https://github.com/kubernetes/kubernetes/pull/108486), [@sonasingh46](https://github.com/sonasingh46)) -- Omit enum declarations from the static openapi file captured at https://git.k8s.io/kubernetes/api/openapi-spec. This file is used to generate API clients, and use of enums in those generated clients (rather than strings) can break forward compatibility with additional future values in those fields. See https://issue.k8s.io/109177 for details. ([#109178](https://github.com/kubernetes/kubernetes/pull/109178), [@liggitt](https://github.com/liggitt)) -- OpenAPI V3 is turned on by default ([#109031](https://github.com/kubernetes/kubernetes/pull/109031), [@Jefftree](https://github.com/Jefftree)) -- Pod affinity namespace selector and cross-namespace quota graduated to GA. The feature gate `PodAffinityNamespaceSelector` is locked and will be removed in 1.26. ([#108136](https://github.com/kubernetes/kubernetes/pull/108136), [@ahg-g](https://github.com/ahg-g)) -- Promote IdentifyPodOS feature to beta. ([#107859](https://github.com/kubernetes/kubernetes/pull/107859), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -- Remove a v1alpha1 networking API for ClusterCIDRConfig ([#109436](https://github.com/kubernetes/kubernetes/pull/109436), [@JamesLaverack](https://github.com/JamesLaverack)) -- Renamed metrics `evictions_number` to `evictions_total` and mark it as stable. The original `evictions_number` metrics name is marked as "Deprecated" and has been removed in kubernetes 1.23 . ([#106366](https://github.com/kubernetes/kubernetes/pull/106366), [@cyclinder](https://github.com/cyclinder)) -- Skip x-kubernetes-validations rules if having fundamental error against the OpenAPIv3 schema. ([#108859](https://github.com/kubernetes/kubernetes/pull/108859), [@cici37](https://github.com/cici37)) -- Support for gRPC probes is now in beta. GRPCContainerProbe feature gate is enabled by default. ([#108522](https://github.com/kubernetes/kubernetes/pull/108522), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) -- Suspend job to GA. The feature gate `SuspendJob` is locked and will be removed in 1.26. ([#108129](https://github.com/kubernetes/kubernetes/pull/108129), [@ahg-g](https://github.com/ahg-g)) -- The AnyVolumeDataSource feature is now beta, and the feature gate is enabled by default. In order to provide user feedback on PVCs with data sources, deployers must install the VolumePopulators CRD and the data-source-validator controller. ([#108736](https://github.com/kubernetes/kubernetes/pull/108736), [@bswartz](https://github.com/bswartz)) -- The CertificateSigningRequest `spec.expirationSeconds` API field has graduated to GA. The `CSRDuration` feature gate for the field is now unconditionally enabled and will be removed in 1.26. ([#108782](https://github.com/kubernetes/kubernetes/pull/108782), [@cfryanr](https://github.com/cfryanr)) -- The `ServerSideFieldValidation` feature has graduated to beta and is now enabled by default. Kubectl 1.24 and newer will use server-side validation instead of client-side validation when writing to API servers with the feature enabled. ([#108889](https://github.com/kubernetes/kubernetes/pull/108889), [@kevindelgado](https://github.com/kevindelgado)) -- The `ServiceLBNodePortControl` feature has graduated to GA. The feature gate will be removed in 1.26. ([#107027](https://github.com/kubernetes/kubernetes/pull/107027), [@uablrek](https://github.com/uablrek)) -- The deprecated kube-controller-manager flag '--deployment-controller-sync-period' has been removed, it is not used by the deployment controller. ([#107178](https://github.com/kubernetes/kubernetes/pull/107178), [@SataQiu](https://github.com/SataQiu)) -- The feature `DynamicKubeletConfig` has been removed from the kubelet. ([#106932](https://github.com/kubernetes/kubernetes/pull/106932), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) -- The infrastructure for contextual logging is complete (feature gate implemented, JSON backend ready). ([#108995](https://github.com/kubernetes/kubernetes/pull/108995), [@pohly](https://github.com/pohly)) -- This adds an optional `timeZone` field as part of the CronJob spec to support running cron jobs in a specific time zone. ([#108032](https://github.com/kubernetes/kubernetes/pull/108032), [@deejross](https://github.com/deejross)) -- Updated the default API priority-and-fairness config to avoid endpoint/configmaps operations from controller-manager to all match leader-election priority level. ([#106725](https://github.com/kubernetes/kubernetes/pull/106725), [@wojtek-t](https://github.com/wojtek-t)) -- `topologySpreadConstraints` includes `minDomains` field to limit the minimum number of topology domains. ([#107674](https://github.com/kubernetes/kubernetes/pull/107674), [@sanposhiho](https://github.com/sanposhiho)) - -##### Feature - -- Kubernetes is now built with Go 1.19.8 ([#117132](https://github.com/kubernetes/kubernetes/pull/117132), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing] -- Kubelet TCP and HTTP probes are more effective using networking resources: conntrack entries, sockets, ... - This is achieved by reducing the TIME-WAIT state of the connection to 1 second, instead of the defaults 60 seconds. This allows kubelet to free the socket, and free conntrack entry and ephemeral port associated. ([#115143](https://github.com/kubernetes/kubernetes/pull/115143), [@aojea](https://github.com/aojea)) [SIG Network and Node] -- Kubeadm: use the image registry registry.k8s.io instead of k8s.gcr.io for new clusters. During upgrade, migrate users to registry.k8s.io if they were using the default of k8s.gcr.io. ([#113395](https://github.com/kubernetes/kubernetes/pull/113395), [@neolit123](https://github.com/neolit123)) [SIG Cloud Provider and Cluster Lifecycle] -- Kubernetes is now built with Go 1.19.5 ([#115012](https://github.com/kubernetes/kubernetes/pull/115012), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]- A new Priority and Fairness metric 'apiserver_flowcontrol_work_estimate_seats_samples' has been added that tracks the estimated seats associated with a request. ([#106628](https://github.com/kubernetes/kubernetes/pull/106628), [@tkashem](https://github.com/tkashem)) -- Add a deprecated cmd flag for the time interval between flushing pods from unschedulable queue to active queue or backoff queue. ([#108017](https://github.com/kubernetes/kubernetes/pull/108017), [@denkensk](https://github.com/denkensk)) -- Add one metrics(`kubelet_volume_stats_health_abnormal`) of volume health state to kubelet ([#105585](https://github.com/kubernetes/kubernetes/pull/105585), [@fengzixu](https://github.com/fengzixu)) -- Add the metric `container_oom_events_total` to kubelet's cAdvisor metric endpoint. ([#108004](https://github.com/kubernetes/kubernetes/pull/108004), [@jonkerj](https://github.com/jonkerj)) -- Added `SetTransform` to `SharedInformer` to allow users to transform objects before they are stored. ([#107507](https://github.com/kubernetes/kubernetes/pull/107507), [@alexzielenski](https://github.com/alexzielenski)) -- Added a `proxy-url` flag into `kubectl config set-cluster`. ([#105566](https://github.com/kubernetes/kubernetes/pull/105566), [@ardaguclu](https://github.com/ardaguclu)) -- Added a metric for measuring end-to-end volume mount timing. ([#107006](https://github.com/kubernetes/kubernetes/pull/107006), [@gnufied](https://github.com/gnufied)) -- Added a new Priority and Fairness metric `apiserver_flowcontrol_request_dispatch_no_accommodation_total` to track the number of times a request dispatch attempt results in a no-accommodation status due to lack of available seats. ([#106629](https://github.com/kubernetes/kubernetes/pull/106629), [@tkashem](https://github.com/tkashem)) -- Added a path `/header?key=` to `agnhost netexec` allowing one to view what the header value is of the incoming request. - - Ex: - ``` - $ curl -H "X-Forwarded-For: something" 172.17.0.2:8080/header?key=X-Forwarded-For - something - ``` - ([#107796](https://github.com/kubernetes/kubernetes/pull/107796), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) -- Added completion for `kubectl config set-context`. ([#106739](https://github.com/kubernetes/kubernetes/pull/106739), [@kebe7jun](https://github.com/kebe7jun)) -- Added field `add_ambient_capabilities` to the Capabilities message in the CRI-API. ([#104620](https://github.com/kubernetes/kubernetes/pull/104620), [@vinayakankugoyal](https://github.com/vinayakankugoyal)) -- Added label selector flag to all `kubectl rollout` commands. ([#99758](https://github.com/kubernetes/kubernetes/pull/99758), [@aramperes](https://github.com/aramperes)) -- Added more message for no PodSandbox container. ([#107116](https://github.com/kubernetes/kubernetes/pull/107116), [@yxxhero](https://github.com/yxxhero)) -- Added prune flag into `diff` command to simulate `apply --prune`. ([#105164](https://github.com/kubernetes/kubernetes/pull/105164), [@ardaguclu](https://github.com/ardaguclu)) -- Added support for `btrfs` resizing ([#108561](https://github.com/kubernetes/kubernetes/pull/108561), [@RomanBednar](https://github.com/RomanBednar)) -- Added support for kubectl commands (`kubectl exec` and `kubectl port-forward`) via a SOCKS5 proxy. ([#105632](https://github.com/kubernetes/kubernetes/pull/105632), [@xens](https://github.com/xens)) -- Adds `OpenAPIV3SchemaInterface` to `DiscoveryClient` and its variants for fetching OpenAPI v3 schema documents. ([#108992](https://github.com/kubernetes/kubernetes/pull/108992), [@alexzielenski](https://github.com/alexzielenski)) -- Allow kubectl to manage resources by filename patterns without the shell expanding it first ([#102265](https://github.com/kubernetes/kubernetes/pull/102265), [@danielrodriguez](https://github.com/danielrodriguez)) -- An alpha flag `--subresource` is added to get, patch, edit replace kubectl commands to fetch and update status and scale subresources. ([#99556](https://github.com/kubernetes/kubernetes/pull/99556), [@nikhita](https://github.com/nikhita)) -- Apiextensions_openapi_v3_regeneration_count metric (alpha) will be emitted for OpenAPI V3. ([#109128](https://github.com/kubernetes/kubernetes/pull/109128), [@Jefftree](https://github.com/Jefftree)) -- Apply ProxyTerminatingEndpoints to all traffic policies (external, internal, cluster, local). ([#108691](https://github.com/kubernetes/kubernetes/pull/108691), [@andrewsykim](https://github.com/andrewsykim)) -- CEL regex patterns in x-kubernetes-valiation rules are compiled when CRDs are created/updated if the pattern is provided as a string constant in the expression. Any regex compile errors are reported as a CRD create/update validation error. ([#108617](https://github.com/kubernetes/kubernetes/pull/108617), [@jpbetz](https://github.com/jpbetz)) -- CRD `x-kubernetes-validations` rules now support the CEL functions: `isSorted`, `sum`, `min`, `max`, `indexOf`, `lastIndexOf`, `find` and `findAll`. ([#108312](https://github.com/kubernetes/kubernetes/pull/108312), [@jpbetz](https://github.com/jpbetz)) -- Changes the kubectl `--validate` flag from a bool to a string that accepts the values {true, strict, warn, false, ignore} - - true/strict - perform validation and error the request on any invalid fields in the ojbect. It will attempt to perform server-side validation if it is enabled on the apiserver, otherwise it will fall back to client-side validation. - - warn - perform server-side validation and warn on any invalid fields (but ultimately let the request succeed by dropping any invalid fields from the object). If validation is not available on the server, perform no validation. - - false/ignore - perform no validation, silently dropping invalid fields from the object. ([#108350](https://github.com/kubernetes/kubernetes/pull/108350), [@kevindelgado](https://github.com/kevindelgado)) -- Client-go metrics: change bucket distribution for `rest_client_request_duration_seconds` and `rest_client_rate_limiter_duration_seconds` from [0.001, 0.002, 0.004, 0.008, 0.016, 0.032, 0.064, 0.128, 0.256, 0.512] to [0.005, 0.025, 0.1, 0.25, 0.5, 1.0, 2.0, 4.0, 8.0, 15.0, 30.0, 60.0}] ([#106911](https://github.com/kubernetes/kubernetes/pull/106911), [@aojea](https://github.com/aojea)) -- Client-go: add new histogram metric to record the size of the requests and responses. ([#108296](https://github.com/kubernetes/kubernetes/pull/108296), [@aojea](https://github.com/aojea)) -- CycleState is now optimized for "write once and read many times". ([#108724](https://github.com/kubernetes/kubernetes/pull/108724), [@sanposhiho](https://github.com/sanposhiho)) -- Enabled beta feature HonorPVReclaimPolicy by default. ([#109035](https://github.com/kubernetes/kubernetes/pull/109035), [@deepakkinni](https://github.com/deepakkinni)) -- Env var for additional cli flags used in the csi-proxy binary when a Windows nodepool is created with `kube-up.sh` ([#107806](https://github.com/kubernetes/kubernetes/pull/107806), [@mauriciopoppe](https://github.com/mauriciopoppe)) -- Feature of `PreferNominatedNode` is graduated to GA. ([#106619](https://github.com/kubernetes/kubernetes/pull/106619), [@chendave](https://github.com/chendave)) -- In text format, log messages that previously used quoting to prevent multi-line output (for example, text="some \"quotation\", a\nline break") will now be printed with more readable multi-line output without the escape sequences. ([#107103](https://github.com/kubernetes/kubernetes/pull/107103), [@pohly](https://github.com/pohly)) -- Increase default value of discovery cache TTL for kubectl to 6 hours. ([#107141](https://github.com/kubernetes/kubernetes/pull/107141), [@mk46](https://github.com/mk46)) -- Introduce policy to allow the HPA to consume the `external.metrics.k8s.io` API group. ([#104244](https://github.com/kubernetes/kubernetes/pull/104244), [@dgrisonnet](https://github.com/dgrisonnet)) -- Kube-apiserver: Subresources such as `status` and `scale` now support tabular output content types. ([#103516](https://github.com/kubernetes/kubernetes/pull/103516), [@ykakarap](https://github.com/ykakarap)) -- Kube-apiserver: when merging lists, Server Side Apply now prefers the order of the submitted request instead of the existing persisted object. ([#107565](https://github.com/kubernetes/kubernetes/pull/107565), [@jiahuif](https://github.com/jiahuif)) -- Kubeadm: added support for dry running `kubeadm reset`. The new flag `kubeadm reset --dry-run` is similar to the existing flag for `kubeadm init/join/upgrade` and allows you to see what changes would be applied. ([#107512](https://github.com/kubernetes/kubernetes/pull/107512), [@SataQiu](https://github.com/SataQiu)) -- Kubeadm: added the flag `--experimental-initial-corrupt-check` to etcd static Pod manifests to ensure etcd member data consistency ([#109074](https://github.com/kubernetes/kubernetes/pull/109074), [@neolit123](https://github.com/neolit123)) -- Kubeadm: better surface errors during `kubeadm upgrade` when waiting for the kubelet to restart static pods on control plane nodes ([#108315](https://github.com/kubernetes/kubernetes/pull/108315), [@Monokaix](https://github.com/Monokaix)) -- Kubeadm: improve the strict parsing of user YAML/JSON configuration files. Next to printing warnings for unknown and duplicate fields (current state), also print warnings for fields with incorrect case sensitivity - e.g. `controlPlaneEndpoint` (valid), `ControlPlaneEndpoint` (invalid). Instead of only printing warnings during `init` and `join` also print warnings when downloading the ClusterConfiguration, KubeletConfiguration or KubeProxyConfiguration objects from the cluster. This can be useful if the user has patched these objects in their respective ConfigMaps with mistakes. ([#107725](https://github.com/kubernetes/kubernetes/pull/107725), [@neolit123](https://github.com/neolit123)) -- Kubectl now supports shell completion for the / format for specifying resources. - kubectl now provides shell completion for container names following the `--container/-c` flag of the `exec` command. - kubectl's shell completion now suggests resource types for commands that only apply to pods. ([#108493](https://github.com/kubernetes/kubernetes/pull/108493), [@marckhouzam](https://github.com/marckhouzam)) -- Kubelet: add `kubelet_volume_metric_collection_duration_seconds` metrics for volume disk usage calculation duration ([#107201](https://github.com/kubernetes/kubernetes/pull/107201), [@pacoxu](https://github.com/pacoxu)) -- Kubelet: the following dockershim related flags are also removed along with dockershim `--experimental-dockershim-root-directory`, `--docker-endpoint`, `--image-pull-progress-deadline`, `--network-plugin`, `--cni-conf-dir`, `--cni-bin-dir`, `--cni-cache-dir`, `--network-plugin-mtu`. ([#106907](https://github.com/kubernetes/kubernetes/pull/106907), [@cyclinder](https://github.com/cyclinder)) -- Kubernetes 1.24 bumped version of golang it is compiled with to go1.18, which introduced significant changes to its garbage collection algorithm. As a result, we observed an increase in memory usage for kube-apiserver in larger an heavily loaded clusters up to ~25% (with the benefit of API call latencies drop by up to 10x on 99th percentiles). If the memory increase is not acceptable for you you can mitigate by setting GOGC env variable (for our tests using GOGC=63 brings memory usage back to original value, although the exact value may depend on usage patterns on your cluster). ([#108870](https://github.com/kubernetes/kubernetes/pull/108870), [@dims](https://github.com/dims)) -- Kubernetes 1.24 is built with go1.18, which will no longer validate certificates signed with a SHA-1 hash algorithm by default. See https://golang.org/doc/go1.18#sha1 for more details. If you are using certificates like this in admission or conversion ([#109024](https://github.com/kubernetes/kubernetes/pull/109024), [@stlaz](https://github.com/stlaz)) -- Leader Migration is now GA. All new configuration files onwards should use version v1. ([#109072](https://github.com/kubernetes/kubernetes/pull/109072), [@jiahuif](https://github.com/jiahuif)) -- Mark AzureDisk CSI migration as GA ([#107681](https://github.com/kubernetes/kubernetes/pull/107681), [@andyzhangx](https://github.com/andyzhangx)) -- Move volume expansion feature to GA ([#108929](https://github.com/kubernetes/kubernetes/pull/108929), [@gnufied](https://github.com/gnufied)) -- Moving MixedProtocolLBService from alpha to beta ([#109213](https://github.com/kubernetes/kubernetes/pull/109213), [@bridgetkromhout](https://github.com/bridgetkromhout)) -- New "field_validation_request_duration_seconds" metric, measures how long requests take, indicating the value of the fieldValidation query parameter and whether or not server-side field validation is enabled on the apiserver ([#109120](https://github.com/kubernetes/kubernetes/pull/109120), [@kevindelgado](https://github.com/kevindelgado)) -- New feature gate, ServiceIPStaticSubrange, to enable the new strategy in the Service IP allocators, so the IP range is subdivided and dynamic allocated ClusterIP addresses for Services are allocated preferently from the upper range. ([#106792](https://github.com/kubernetes/kubernetes/pull/106792), [@aojea](https://github.com/aojea)) -- OpenAPI definitions served by kube-apiserver now include enum types by default. ([#108898](https://github.com/kubernetes/kubernetes/pull/108898), [@jiahuif](https://github.com/jiahuif)) -- OpenStack Cinder CSI migration is now GA and switched on by default, Cinder CSI driver must be installed on clusters on OpenStack for Cinder volumes to work (has been since v1.21). ([#107462](https://github.com/kubernetes/kubernetes/pull/107462), [@dims](https://github.com/dims)) -- PreFilter extension in the scheduler framework now returns not only status but also PreFilterResult ([#108648](https://github.com/kubernetes/kubernetes/pull/108648), [@ahg-g](https://github.com/ahg-g)) -- Promoted graceful shutdown based on pod priority to beta ([#107986](https://github.com/kubernetes/kubernetes/pull/107986), [@wzshiming](https://github.com/wzshiming)) -- Removed feature gate `SetHostnameAsFQDN`. ([#108038](https://github.com/kubernetes/kubernetes/pull/108038), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Removed kube-scheduler insecure flags. You can use `--bind-address` and `--secure-port` instead. ([#106865](https://github.com/kubernetes/kubernetes/pull/106865), [@jonyhy96](https://github.com/jonyhy96)) -- Removed the `ImmutableEphemeralVolumes` feature gate. ([#107152](https://github.com/kubernetes/kubernetes/pull/107152), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- Set `PodMaxUnschedulableQDuration` as 5 min. ([#108761](https://github.com/kubernetes/kubernetes/pull/108761), [@denkensk](https://github.com/denkensk)) -- Support in-tree PV deletion protection finalizer. ([#108400](https://github.com/kubernetes/kubernetes/pull/108400), [@deepakkinni](https://github.com/deepakkinni)) -- The `.spec.loadBalancerClass` field for Services is now generally available. ([#107979](https://github.com/kubernetes/kubernetes/pull/107979), [@XudongLiuHarold](https://github.com/XudongLiuHarold)) -- The `NamespaceDefaultLabelName` feature gate, GA since v1.22, is now removed. ([#106838](https://github.com/kubernetes/kubernetes/pull/106838), [@mengjiao-liu](https://github.com/mengjiao-liu)) -- The `kubectl logs` will now warn and default to the first container in a pod. This new behavior brings it in line with `kubectl exec`. ([#105964](https://github.com/kubernetes/kubernetes/pull/105964), [@kidlj](https://github.com/kidlj)) -- The `v1` version of `LeaderMigrationConfiguration` supports only `leases` API for leader election. To use formerly supported mechanisms, please continue using `v1beta1`. ([#108016](https://github.com/kubernetes/kubernetes/pull/108016), [@jiahuif](https://github.com/jiahuif)) -- The kubelet now creates an iptables chain named `KUBE-IPTABLES-HINT` in - the `mangle` table. Containerized components that need to modify iptables - rules in the host network namespace can use the existence of this chain - to more-reliably determine whether the system is using iptables-legacy or - iptables-nft. ([#109059](https://github.com/kubernetes/kubernetes/pull/109059), [@danwinship](https://github.com/danwinship)) -- The output of `kubectl describe ingress` now includes an IngressClass name if available. ([#107921](https://github.com/kubernetes/kubernetes/pull/107921), [@mpuckett159](https://github.com/mpuckett159)) -- The scheduler prints info logs when the extender returned an error. (`--v>5`) ([#107974](https://github.com/kubernetes/kubernetes/pull/107974), [@sanposhiho](https://github.com/sanposhiho)) -- The script `cluster/gce/gci/configure.sh` now supports downloading `crictl` on ARM64 nodes ([#108034](https://github.com/kubernetes/kubernetes/pull/108034), [@tstapler](https://github.com/tstapler)) -- Turn on `CSIMigrationAzureFile` by default on 1.24 ([#105070](https://github.com/kubernetes/kubernetes/pull/105070), [@andyzhangx](https://github.com/andyzhangx)) -- Update the k8s.io/system-validators library to v1.7.0 ([#108988](https://github.com/kubernetes/kubernetes/pull/108988), [@neolit123](https://github.com/neolit123)) -- Updated golang.org/x/net to v0.0.0-20211209124913-491a49abca63. ([#106949](https://github.com/kubernetes/kubernetes/pull/106949), [@cpanato](https://github.com/cpanato)) -- Updates `kubectl kustomize` and `kubectl apply -k` to Kustomize v4.5.4 ([#108994](https://github.com/kubernetes/kubernetes/pull/108994), [@KnVerey](https://github.com/KnVerey)) -- When invoked with `-list-images`, the `e2e.test` binary now also lists the images that might be needed for storage tests. ([#108458](https://github.com/kubernetes/kubernetes/pull/108458), [@pohly](https://github.com/pohly)) -- `kubectl config delete-user` now supports completion ([#107142](https://github.com/kubernetes/kubernetes/pull/107142), [@dimbleby](https://github.com/dimbleby)) -- `kubectl create token` can now be used to request a service account token, and permission to request service account tokens is added to the `edit` and `admin` RBAC roles ([#107880](https://github.com/kubernetes/kubernetes/pull/107880), [@liggitt](https://github.com/liggitt)) -- `kubectl version` now includes information on the embedded version of Kustomize ([#108817](https://github.com/kubernetes/kubernetes/pull/108817), [@KnVerey](https://github.com/KnVerey)) - -##### Bug or Regression - -- Fix missing delete events on informer re-lists to ensure all delete events are correctly emitted and using the latest known object state, so that all event handlers and stores always reflect the actual apiserver state as best as possible ([#115901](https://github.com/kubernetes/kubernetes/pull/115901), [@odinuge](https://github.com/odinuge)) [SIG API Machinery] -- Fix: Route controller should update routes with NodeIP changed ([#116360](https://github.com/kubernetes/kubernetes/pull/116360), [@lzhecheng](https://github.com/lzhecheng)) [SIG Cloud Provider] -- Kubelet: Fix fs quota monitoring on volumes ([#116795](https://github.com/kubernetes/kubernetes/pull/116795), [@pacoxu](https://github.com/pacoxu)) [SIG Storage] -- Fix the regression that introduced 34s timeout for DELETECOLLECTION calls ([#115482](https://github.com/kubernetes/kubernetes/pull/115482), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] -- Fixed bug which caused the status of Indexed Jobs to only be updated when there are newly completed indexes. The completed indexes are now updated if the .status.completedIndexes has values outside of the [0, .spec.completions> range ([#115457](https://github.com/kubernetes/kubernetes/pull/115457), [@danielvegamyhre](https://github.com/danielvegamyhre)) [SIG Apps] -- Golang.org/x/net updates to v0.7.0 to fix CVE-2022-41723 ([#115789](https://github.com/kubernetes/kubernetes/pull/115789), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Security and Storage] -- The Kubernetes API server now correctly detects and closes existing TLS connections when its client certificate file for kubelet authentication has been rotated. ([#115580](https://github.com/kubernetes/kubernetes/pull/115580), [@enj](https://github.com/enj)) [SIG API Machinery, Node and Testing] -- Client-go: fixes potential data races retrying requests using a custom io.Reader body; with this fix, only requests with no body or with string / []byte / runtime.Object bodies can be retried ([#113933](https://github.com/kubernetes/kubernetes/pull/113933), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Do not include preemptor pod metadata in the event message ([#115024](https://github.com/kubernetes/kubernetes/pull/115024), [@mimowo](https://github.com/mimowo)) [SIG Scheduling] -- Failed pods associated with a job with `parallelism = 1` are recreated by the job controller honoring exponential backoff delay again. However, for jobs with `parallelism > 1`, pods might be created without exponential backoff delay. ([#115021](https://github.com/kubernetes/kubernetes/pull/115021), [@nikhita](https://github.com/nikhita)) [SIG Apps] -- Fix a regression that the scheduler always goes through all Filter plugins. ([#114526](https://github.com/kubernetes/kubernetes/pull/114526), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling] -- Fix bug in CRD Validation Rules (beta) and ValidatingAdmissionPolicy (alpha) where all admission requests could result in `internal error: runtime error: index out of range [3] with length 3 evaluating rule: ` under certain circumstances. ([#114865](https://github.com/kubernetes/kubernetes/pull/114865), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery] -- Fix performance issue when creating large objects using SSA with fully unspecified schemas (preserveUnknownFields). ([#111915](https://github.com/kubernetes/kubernetes/pull/111915), [@aojea](https://github.com/aojea)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing] -- Fixed StatefulSet to show the valid status even if the new replica creation fails. ([#112083](https://github.com/kubernetes/kubernetes/pull/112083), [@gjkim42](https://github.com/gjkim42)) [SIG Apps and Testing] -- Fixing issue in Winkernel Proxier - Unexpected active TCP connection drops while horizontally scaling the endpoints for a LoadBalancer Service with External Traffic Policy: Local ([#114040](https://github.com/kubernetes/kubernetes/pull/114040), [@princepereira](https://github.com/princepereira)) [SIG Network] -- Fixing issue with Winkernel Proxier - No ingress load balancer rules with endpoints to support load balancing when all the endpoints are terminating. ([#114451](https://github.com/kubernetes/kubernetes/pull/114451), [@princepereira](https://github.com/princepereira)) [SIG Network] -- Kube-apiserver: bugfix DeleteCollection API fails if request body is non-empty ([#113968](https://github.com/kubernetes/kubernetes/pull/113968), [@sxllwx](https://github.com/sxllwx)) [SIG API Machinery] -- Optimizing loadbalancer creation with the help of attribute Internal Traffic Policy: Local ([#114466](https://github.com/kubernetes/kubernetes/pull/114466), [@princepereira](https://github.com/princepereira)) [SIG Network] -- Update the system-validators library to v1.8.0 ([#114060](https://github.com/kubernetes/kubernetes/pull/114060), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] -- [aws] Fixed a bug which reduces the number of unnecessary calls to STS in the event of assume role failures in the legacy cloud provider ([#110706](https://github.com/kubernetes/kubernetes/pull/110706), [@prateekgogia](https://github.com/prateekgogia)) [SIG Cloud Provider] -- Fix endpoint reconciler not being able to delete the apiserver lease on shutdown ([#114138](https://github.com/kubernetes/kubernetes/pull/114138), [@aojea](https://github.com/aojea)) [SIG API Machinery] -- Fix for volume reconstruction of CSI ephemeral volumes ([#113346](https://github.com/kubernetes/kubernetes/pull/113346), [@dobsonj](https://github.com/dobsonj)) [SIG Node, Storage and Testing] -- Kube-apiserver: resolves possible hung connections using konnectivity network proxy with TCP or UDS HTTP connect configurations ([#113862](https://github.com/kubernetes/kubernetes/pull/113862), [@jkh52](https://github.com/jkh52)) [SIG API Machinery] -- Resolves an issue that causes winkernel proxier to treat stale VIPs as valid ([#113567](https://github.com/kubernetes/kubernetes/pull/113567), [@daschott](https://github.com/daschott)) [SIG Network and Windows] -- Updates golang.org/x/net to fix CVE-2022-41717 ([#114322](https://github.com/kubernetes/kubernetes/pull/114322), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] -- Updates golang.org/x/net to v0.1.1-0.20221027164007-c63010009c80 to resolve CVE-2022-27664 ([#113459](https://github.com/kubernetes/kubernetes/pull/113459), [@aimuz](https://github.com/aimuz)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release and Storage] -- Volumes are no longer detached from healthy nodes after 6 minutes timeout. 6 minute force-detach timeout is used only for unhealthy nodes (`node.status.conditions["Ready"] != true`). ([#110721](https://github.com/kubernetes/kubernetes/pull/110721), [@jsafrane](https://github.com/jsafrane)) [SIG Apps] -- Consider only plugin directory and not entire kubelet root when cleaning up mounts ([#112920](https://github.com/kubernetes/kubernetes/pull/112920), [@mattcary](https://github.com/mattcary)) [SIG Storage] -- Etcd: Update to v3.5.5 ([#113099](https://github.com/kubernetes/kubernetes/pull/113099), [@mk46](https://github.com/mk46)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing] -- Fixed a bug where a change in the `appProtocol` for a Service did not trigger a load balancer update. ([#113032](https://github.com/kubernetes/kubernetes/pull/113032), [@MartinForReal](https://github.com/MartinForReal)) [SIG Cloud Provider and Network] -- Kube-proxy, will restart in case it detects that the Node assigned pod.Spec.PodCIDRs have changed ([#113252](https://github.com/kubernetes/kubernetes/pull/113252), [@code-elinka](https://github.com/code-elinka)) [SIG Cloud Provider, Network, Node and Storage] -- Kubelet no longer reports terminated container metrics from cAdvisor ([#112963](https://github.com/kubernetes/kubernetes/pull/112963), [@bobbypage](https://github.com/bobbypage)) [SIG Node] -- Kubelet: fix GetAllocatableCPUs method in cpumanager ([#113421](https://github.com/kubernetes/kubernetes/pull/113421), [@Garrybest](https://github.com/Garrybest)) [SIG Node] -- Pod logs using --timestamps are not broken up with timestamps anymore. ([#113516](https://github.com/kubernetes/kubernetes/pull/113516), [@rphillips](https://github.com/rphillips)) [SIG Node] -- Allow Label section in vsphere e2e cloudprovider configuration ([#112479](https://github.com/kubernetes/kubernetes/pull/112479), [@gnufied](https://github.com/gnufied)) [SIG Storage and Testing] -- Kube-apiserver: gzip compression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. ([#112399](https://github.com/kubernetes/kubernetes/pull/112399), [@shyamjvs](https://github.com/shyamjvs)) [SIG API Machinery] -- Kube-apiserver: resolved a regression that treated `304 Not Modified` responses from aggregated API servers as internal errors ([#112528](https://github.com/kubernetes/kubernetes/pull/112528), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] -- Kubeadm: allow RSA and ECDSA format keys in preflight check ([#112535](https://github.com/kubernetes/kubernetes/pull/112535), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Fix an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectl while exec auth was in use. ([#112337](https://github.com/kubernetes/kubernetes/pull/112337), [@enj](https://github.com/enj)) [SIG API Machinery and Auth] -- Fix problem in updating VolumeAttached in node status ([#112304](https://github.com/kubernetes/kubernetes/pull/112304), [@xing-yang](https://github.com/xing-yang)) [SIG Apps] -- Kube-apiserver: redirect responses are no longer returned from backends by default. Set `--aggregator-reject-forwarding-redirect=false` to continue forwarding redirect responses. ([#112331](https://github.com/kubernetes/kubernetes/pull/112331), [@enj](https://github.com/enj)) [SIG API Machinery] -- UserName check for 'ContainerAdministrator' is now case-insensitive if runAsNonRoot is set to true on Windows. ([#112211](https://github.com/kubernetes/kubernetes/pull/112211), [@PushkarJ](https://github.com/PushkarJ)) [SIG Node, Testing and Windows] -- Fix JobTrackingWithFinalizers when a pod succeeds after the job is considered failed, which led to API conflicts that blocked finishing the job. ([#111664](https://github.com/kubernetes/kubernetes/pull/111664), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing] -- Fix memory leak in the job controller related to JobTrackingWithFinalizers ([#111722](https://github.com/kubernetes/kubernetes/pull/111722), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps] -- Fix memory leak on kube-scheduler preemption ([#111803](https://github.com/kubernetes/kubernetes/pull/111803), [@amewayne](https://github.com/amewayne)) [SIG Scheduling] -- Fixed potential scheduler crash when scheduling with unsatisfied nodes in PodTopologySpread. ([#111511](https://github.com/kubernetes/kubernetes/pull/111511), [@kerthcet](https://github.com/kerthcet)) [SIG Scheduling] -- Fixing issue on Windows nodes where HostProcess containers may not be created as expected. ([#110966](https://github.com/kubernetes/kubernetes/pull/110966), [@marosset](https://github.com/marosset)) [SIG Node and Windows] -- If the parent directory of the file specified in the `--audit-log-path` argument does not exist, Kubernetes now creates it. ([#111225](https://github.com/kubernetes/kubernetes/pull/111225), [@vpnachev](https://github.com/vpnachev)) [SIG Auth] -- Namespace editors and admins can now create leases.coordination.k8s.io and should use this type for leaderelection instead of configmaps. ([#111515](https://github.com/kubernetes/kubernetes/pull/111515), [@deads2k](https://github.com/deads2k)) [SIG API Machinery and Auth] -- Reduce API server memory when many CRDs are loaded by sharing a single etcd3 client logger across all clients ([#111648](https://github.com/kubernetes/kubernetes/pull/111648), [@negz](https://github.com/negz)) [SIG API Machinery] -- Run kubelet, when there is an error exit, print the error log ([#110917](https://github.com/kubernetes/kubernetes/pull/110917), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Node] -- Fix a bug on endpointslices tests comparing the wrong metrics ([#110920](https://github.com/kubernetes/kubernetes/pull/110920), [@jluhrsen](https://github.com/jluhrsen)) [SIG Apps and Network] -- Fix a bug that caused the wrong result length when using --chunk-size and --selector together ([#110735](https://github.com/kubernetes/kubernetes/pull/110735), [@Abirdcfly](https://github.com/Abirdcfly)) [SIG API Machinery and Testing] -- Fix bug that prevented the job controller from enforcing activeDeadlineSeconds when set ([#110544](https://github.com/kubernetes/kubernetes/pull/110544), [@harshanarayana](https://github.com/harshanarayana)) [SIG Apps] -- Fix image pulling failure when IMDS is unavailable in kubelet startup ([#110523](https://github.com/kubernetes/kubernetes/pull/110523), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix printing resources with int64 fields ([#110572](https://github.com/kubernetes/kubernetes/pull/110572), [@sanchezl](https://github.com/sanchezl)) [SIG API Machinery] -- Fix unnecessary recreation of placeholder EndpointSlice ([#110732](https://github.com/kubernetes/kubernetes/pull/110732), [@jluhrsen](https://github.com/jluhrsen)) [SIG Apps and Network] -- Fixed a regression introduced in 1.24.0 where Azure load balancers were not kept up to date with the state of cluster nodes. In particular, nodes that are not in the ready state and are not newly created (i.e. not having the `node.cloudprovider.kubernetes.io/uninitialized` taint) now get removed from Azure load balancers. ([#109931](https://github.com/kubernetes/kubernetes/pull/109931), [@ricky-rav](https://github.com/ricky-rav)) [SIG Cloud Provider] -- Kubeadm: fix error adding extra prefix unix:// to CRI endpoints that were missing URL scheme ([#110634](https://github.com/kubernetes/kubernetes/pull/110634), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] -- Kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join ([#111021](https://github.com/kubernetes/kubernetes/pull/111021), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- EndpointSlices marked for deletion are now ignored during reconciliation. ([#110484](https://github.com/kubernetes/kubernetes/pull/110484), [@aryan9600](https://github.com/aryan9600)) [SIG Apps and Network] -- Fixed a kubelet issue that could result in invalid pod status updates to be sent to the api-server where pods would be reported in a terminal phase but also report a ready condition of true in some cases. ([#110479](https://github.com/kubernetes/kubernetes/pull/110479), [@bobbypage](https://github.com/bobbypage)) [SIG Node and Testing] -- Pods will now post their readiness during termination. ([#110416](https://github.com/kubernetes/kubernetes/pull/110416), [@aojea](https://github.com/aojea)) [SIG Network, Node and Testing] -- The pod phase lifecycle guarantees that terminal Pods, those whose states are Unready or Succeeded, can not regress and will have all container stopped. Hence, terminal Pods will never be reachable and should not publish their IP addresses on the Endpoints or EndpointSlices, independently of the Service TolerateUnready option. ([#110258](https://github.com/kubernetes/kubernetes/pull/110258), [@robscott](https://github.com/robscott)) [SIG Apps, Network, Node and Testing] -- Fix JobTrackingWithFinalizers that: - - was declaring a job finished before counting all the created pods in the status - - was leaving pods with finalizers, blocking pod and job deletions - - JobTrackingWithFinalizers is still disabled by default. ([#109486](https://github.com/kubernetes/kubernetes/pull/109486), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing] -- Kubeadm: only taint control plane nodes when the legacy "master" taint is present. This avoids a bug where "kubeadm upgrade" will re-taint a control plane node with the new "control plane" taint even if the user explicitly untainted the node. ([#109841](https://github.com/kubernetes/kubernetes/pull/109841), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] -- A node IP provided to kublet via `--node-ip` will now be preferred for when determining the node's primary IP and using the external cloud provider (CCM). ([#107750](https://github.com/kubernetes/kubernetes/pull/107750), [@stephenfin](https://github.com/stephenfin)) -- A static pod that is rapidly updated was failing to start until the Kubelet was restarted. ([#107900](https://github.com/kubernetes/kubernetes/pull/107900), [@smarterclayton](https://github.com/smarterclayton)) -- Add one metrics(`kubelet_volume_stats_health_abnormal`) of volume health state to kubelet ([#108758](https://github.com/kubernetes/kubernetes/pull/108758), [@fengzixu](https://github.com/fengzixu)) -- Added a new label `type` to `apiserver_flowcontrol_request_execution_seconds` metric - it has the following values: - 'regular': indicates that it is a non long running request - 'watch': indicates that it is a watch request. ([#105517](https://github.com/kubernetes/kubernetes/pull/105517), [@tkashem](https://github.com/tkashem)) -- Added a test to guarantee that conformance clusters require at least 2 untainted nodes. ([#106313](https://github.com/kubernetes/kubernetes/pull/106313), [@aojea](https://github.com/aojea)) -- Adds PV deletion protection finalizer only when PV reclaimPolicy is Delete for dynamically provisioned volumes. ([#109205](https://github.com/kubernetes/kubernetes/pull/109205), [@deepakkinni](https://github.com/deepakkinni)) -- Allowed attached volumes to be mounted quicker by skipping exponential backoff when checking for reported-in-use volumes. ([#106853](https://github.com/kubernetes/kubernetes/pull/106853), [@gnufied](https://github.com/gnufied)) -- Alowed useful inclusion of `-args $prog_args` in KUBE_TEST_ARGS, when doing `make test-integration`. ([#107516](https://github.com/kubernetes/kubernetes/pull/107516), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) -- An inefficient lock in EndpointSlice controller metrics cache has been reworked. Network programming latency may be significantly reduced in certain scenarios, especially in clusters with a large number of Services. ([#107091](https://github.com/kubernetes/kubernetes/pull/107091), [@robscott](https://github.com/robscott)) -- Apiserver will now reject connection attempts to `0.0.0.0/::` when handling a proxy subresource request. ([#107402](https://github.com/kubernetes/kubernetes/pull/107402), [@anguslees](https://github.com/anguslees)) -- Bug: client-go clientset was not defaulting to the user agent, and was using the default golang agent for all the requests. ([#108772](https://github.com/kubernetes/kubernetes/pull/108772), [@aojea](https://github.com/aojea)) -- Bump `sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.0.30` to fix a goroutine leak in kube-apiserver when using egress selctor with the gRPC mode. ([#108437](https://github.com/kubernetes/kubernetes/pull/108437), [@andrewsykim](https://github.com/andrewsykim)) -- CEL validation failure returns object type instead of object. ([#107090](https://github.com/kubernetes/kubernetes/pull/107090), [@cici37](https://github.com/cici37)) -- CRI-API: IPs returned by `PodSandboxNetworkStatus`` are ignored by the kubelet for host-network pods. ([#106715](https://github.com/kubernetes/kubernetes/pull/106715), [@aojea](https://github.com/aojea)) -- Call `NodeExpand` on all nodes in case of RWX volumes ([#108693](https://github.com/kubernetes/kubernetes/pull/108693), [@gnufied](https://github.com/gnufied)) -- Changed node staging path for CSI driver to use a PV agnostic path. Nodes must be drained before updating the kubelet with this change. ([#107065](https://github.com/kubernetes/kubernetes/pull/107065), [@saikat-royc](https://github.com/saikat-royc)) -- Client-go: fixed the paged list calls with `ResourceVersionMatch` set would fail once paging is kicked in. ([#107311](https://github.com/kubernetes/kubernetes/pull/107311), [@fasaxc](https://github.com/fasaxc)) -- Correct event registration for multiple scheduler plugins; this fixes a potential significant delay in re-queueing unschedulable pods. ([#109442](https://github.com/kubernetes/kubernetes/pull/109442), [@ahg-g](https://github.com/ahg-g)) -- Etcd: Update to v3.5.3 ([#109471](https://github.com/kubernetes/kubernetes/pull/109471), [@justaugustus](https://github.com/justaugustus)) -- Existing InTree AzureFile PVs which don't have a secret namespace defined will now work properly after enabling CSI migration - the namespace will be obtained from ClaimRef. ([#108000](https://github.com/kubernetes/kubernetes/pull/108000), [@RomanBednar](https://github.com/RomanBednar)) -- Failure to start a container cannot accidentally result in the pod being considered "Succeeded" in the presence of deletion. ([#107845](https://github.com/kubernetes/kubernetes/pull/107845), [@smarterclayton](https://github.com/smarterclayton)) -- Fix a race in the timeout handler that could lead to kube-apiserver crashes ([#108455](https://github.com/kubernetes/kubernetes/pull/108455), [@Argh4k](https://github.com/Argh4k)) -- Fix container creation errors for pods with cpu requests bigger than 256 cpus ([#106570](https://github.com/kubernetes/kubernetes/pull/106570), [@odinuge](https://github.com/odinuge)) -- Fix issue where the job controller might not remove the job tracking finalizer from pods when deleting a job, or when the pod is orphan ([#108752](https://github.com/kubernetes/kubernetes/pull/108752), [@alculquicondor](https://github.com/alculquicondor)) -- Fix libct/cg/fs2: fixed GetStats for unsupported hugetlb error on Raspbian Bullseye ([#106912](https://github.com/kubernetes/kubernetes/pull/106912), [@Letme](https://github.com/Letme)) -- Fix the bug that the outdated services may be sent to the cloud provider ([#107631](https://github.com/kubernetes/kubernetes/pull/107631), [@lzhecheng](https://github.com/lzhecheng)) -- Fix the overestimated cost of delegated API requests in kube-apiserver API priority & fairness ([#109188](https://github.com/kubernetes/kubernetes/pull/109188), [@wojtek-t](https://github.com/wojtek-t)) -- Fix to allow `fsGroup` to be applied for CSI Inline Volumes ([#108662](https://github.com/kubernetes/kubernetes/pull/108662), [@dobsonj](https://github.com/dobsonj)) -- Fixed CSI migration of Azure Disk in-tree StorageClasses with topology requirements in Azure regions that do not have availability zones. ([#109154](https://github.com/kubernetes/kubernetes/pull/109154), [@jsafrane](https://github.com/jsafrane)) -- Fixed `--retries` functionality for negative values in `kubectl cp` ([#108748](https://github.com/kubernetes/kubernetes/pull/108748), [@atiratree](https://github.com/atiratree)) -- Fixed `azureDisk` parameter lowercase translation issue. ([#107429](https://github.com/kubernetes/kubernetes/pull/107429), [@andyzhangx](https://github.com/andyzhangx)) -- Fixed `azureFile` `volumeID` collision issue in CSI migration. ([#107575](https://github.com/kubernetes/kubernetes/pull/107575), [@andyzhangx](https://github.com/andyzhangx)) -- Fixed a bug in attachdetach controller that didn't properly handle kube-apiserver errors leading to stuck attachments/detachments. ([#108167](https://github.com/kubernetes/kubernetes/pull/108167), [@jfremy](https://github.com/jfremy)) -- Fixed a bug that a pod's `.status.nominatedNodeName` is not cleared properly, and thus over-occupied system resources. ([#106816](https://github.com/kubernetes/kubernetes/pull/106816), [@Huang-Wei](https://github.com/Huang-Wei)) -- Fixed a bug that caused credentials in an exec plugin to override the static certificates set in a kubeconfig. ([#107410](https://github.com/kubernetes/kubernetes/pull/107410), [@margocrawf](https://github.com/margocrawf)) -- Fixed a bug that could cause panic when a `/healthz` request times out. ([#107034](https://github.com/kubernetes/kubernetes/pull/107034), [@benluddy](https://github.com/benluddy)) -- Fixed a bug that out-of-tree plugin is misplaced when using scheduler v1beta3 config ([#108613](https://github.com/kubernetes/kubernetes/pull/108613), [@Huang-Wei](https://github.com/Huang-Wei)) -- Fixed a bug where a partial `EndpointSlice` update could cause node name information to be dropped from endpoints that were not updated. ([#108198](https://github.com/kubernetes/kubernetes/pull/108198), [@liggitt](https://github.com/liggitt)) -- Fixed a bug where unwanted fields were being returned from a `create --dry-run`: uid and, if generateName was used, name. ([#107088](https://github.com/kubernetes/kubernetes/pull/107088), [@joejulian](https://github.com/joejulian)) -- Fixed a bug where vSphere client connections where not being closed during testing. Leaked vSphere client sessions were causing resource exhaustion during automated testing. ([#107337](https://github.com/kubernetes/kubernetes/pull/107337), [@derek-pryor](https://github.com/derek-pryor)) -- Fixed a panic when using invalid output format in `kubectl create secret` command. ([#107221](https://github.com/kubernetes/kubernetes/pull/107221), [@rikatz](https://github.com/rikatz)) -- Fixed a rare race condition handling requests that timeout. ([#107452](https://github.com/kubernetes/kubernetes/pull/107452), [@liggitt](https://github.com/liggitt)) -- Fixed a regression in 1.23 that incorrectly pruned data from array items of a custom resource that set `x-kubernetes-preserve-unknown-fields: true`. ([#107688](https://github.com/kubernetes/kubernetes/pull/107688), [@liggitt](https://github.com/liggitt)) -- Fixed a regression in 1.23 where update requests to previously persisted `Service` objects that have not been modified since 1.19 can be rejected with an incorrect `spec.clusterIPs: Required value` error. ([#107847](https://github.com/kubernetes/kubernetes/pull/107847), [@thockin](https://github.com/thockin)) -- Fixed a regression that could incorrectly reject pods with `OutOfCpu` errors if they were rapidly scheduled after other pods were reported as complete in the API. The Kubelet now waits to report the phase of a pod as terminal in the API until all running containers are guaranteed to have stopped and no new containers can be started. Short-lived pods may take slightly longer (~1s) to report Succeeded or Failed after this change. ([#108366](https://github.com/kubernetes/kubernetes/pull/108366), [@smarterclayton](https://github.com/smarterclayton)) -- Fixed bug in `TopologyManager` for ensuring aligned allocations on machines with more than 2 NUMA nodes ([#108052](https://github.com/kubernetes/kubernetes/pull/108052), [@klueska](https://github.com/klueska)) -- Fixed bug in error messaging for basic-auth and ssh secret validations. ([#106179](https://github.com/kubernetes/kubernetes/pull/106179), [@vivek-koppuru](https://github.com/vivek-koppuru)) -- Fixed detaching CSI volumes from nodes when a CSI driver name has prefix "csi-". ([#107025](https://github.com/kubernetes/kubernetes/pull/107025), [@jsafrane](https://github.com/jsafrane)) -- Fixed duplicate port opening in kube-proxy when `--nodeport-addresses` is empty. ([#107413](https://github.com/kubernetes/kubernetes/pull/107413), [@tnqn](https://github.com/tnqn)) -- Fixed handling of objects with invalid selectors. ([#107559](https://github.com/kubernetes/kubernetes/pull/107559), [@liggitt](https://github.com/liggitt)) -- Fixed indexer bug that resulted in incorrect index updates if number of index values for a given object was changing during update ([#109137](https://github.com/kubernetes/kubernetes/pull/109137), [@wojtek-t](https://github.com/wojtek-t)) -- Fixed kubectl bug where bash completions don't work if `--context` flag is specified with a value that contains a colon. ([#107439](https://github.com/kubernetes/kubernetes/pull/107439), [@brianpursley](https://github.com/brianpursley)) -- Fixed performance regression in JSON logging caused by syncing stdout every time error was logged. ([#107035](https://github.com/kubernetes/kubernetes/pull/107035), [@serathius](https://github.com/serathius)) -- Fixed regression in CPUManager that it will release exclusive CPUs in app containers inherited from init containers when the init containers were removed. ([#104837](https://github.com/kubernetes/kubernetes/pull/104837), [@eggiter](https://github.com/eggiter)) -- Fixed static pod add and removes restarts in certain cases. ([#107695](https://github.com/kubernetes/kubernetes/pull/107695), [@rphillips](https://github.com/rphillips)) -- Fixed: deleted a non-existent Azure disk issue. ([#107406](https://github.com/kubernetes/kubernetes/pull/107406), [@andyzhangx](https://github.com/andyzhangx)) -- Fixed: do not return early in the node informer when there is no change of the topology label. ([#108149](https://github.com/kubernetes/kubernetes/pull/108149), [@nilo19](https://github.com/nilo19)) -- Fixed: removed outdated ipv4 route when the corresponding node is deleted. ([#106164](https://github.com/kubernetes/kubernetes/pull/106164), [@nilo19](https://github.com/nilo19)) -- Fixes bug in CronJob Controller V2 where it would lose track of jobs upon job template labels change. ([#107997](https://github.com/kubernetes/kubernetes/pull/107997), [@d-honeybadger](https://github.com/d-honeybadger)) -- If drainer has nil for Ctx or Client it will error with `RunCordonOrUncordon`. ([#105297](https://github.com/kubernetes/kubernetes/pull/105297), [@jackfrancis](https://github.com/jackfrancis)) -- Improved handling of unmount failures when device may be in-use by another container/process. ([#107789](https://github.com/kubernetes/kubernetes/pull/107789), [@gnufied](https://github.com/gnufied)) -- Improved logging when volume times out waiting for attach/detach. ([#108628](https://github.com/kubernetes/kubernetes/pull/108628), [@RomanBednar](https://github.com/RomanBednar)) -- Improved the rounding of `PodTopologySpread` scores to offer better scoring when spreading a low number of pods. ([#107384](https://github.com/kubernetes/kubernetes/pull/107384), [@sanposhiho](https://github.com/sanposhiho)) -- Increase Azure ACR credential provider timeout ([#108209](https://github.com/kubernetes/kubernetes/pull/108209), [@andyzhangx](https://github.com/andyzhangx)) -- Kube-apiserver: Server Side Apply merge order is reverted to match v1.22 behavior until http://issue.k8s.io/104641 is resolved. ([#106660](https://github.com/kubernetes/kubernetes/pull/106660), [@liggitt](https://github.com/liggitt)) -- Kube-apiserver: ensures the namespace of objects sent to admission webhooks matches the request namespace. Previously, objects without a namespace set would have the request namespace populated after mutating admission, and objects with a namespace that did not match the request namespace would be rejected after admission. ([#94637](https://github.com/kubernetes/kubernetes/pull/94637), [@liggitt](https://github.com/liggitt)) -- Kube-apiserver: removed `apf_fd` from server logs which could contain data identifying the requesting user ([#108631](https://github.com/kubernetes/kubernetes/pull/108631), [@jupblb](https://github.com/jupblb)) -- Kube-proxy in iptables mode now only logs the full iptables input at `-v=9` rather than `-v=5`. ([#108224](https://github.com/kubernetes/kubernetes/pull/108224), [@danwinship](https://github.com/danwinship)) -- Kube-proxy will no longer hold service node ports open on the node. Users are still advised not to run any listener on node ports range used by kube-proxy. ([#108496](https://github.com/kubernetes/kubernetes/pull/108496), [@khenidak](https://github.com/khenidak)) -- Kubeadm: allow the `certs check-expiration` command to not require the existence of the cluster CA key (ca.key file) when checking the expiration of managed certificates in kubeconfig files. ([#106854](https://github.com/kubernetes/kubernetes/pull/106854), [@neolit123](https://github.com/neolit123)) -- Kubeadm: during execution of the `certs check-expiration` command, treat the etcd CA as external if there is a missing etcd CA key file (etcd/ca.key) and perform the proper validation on certificates signed by the etcd CA. Additionally, make sure that the CA for all entries in the output table is included - for both certificates on disk and in kubeconfig files. ([#106891](https://github.com/kubernetes/kubernetes/pull/106891), [@neolit123](https://github.com/neolit123)) -- Kubeadm: fixed a bug related to a warning printed if the `KubeletConfiguration` `resolvConf` field value does not match `/run/systemd/resolve/resolv.conf` ([#107785](https://github.com/kubernetes/kubernetes/pull/107785), [@chendave](https://github.com/chendave)) -- Kubeadm: fixed a bug when using `kubeadm init --dry-run` with certificate authority files (`ca.key` / `ca.crt`) present in `/etc/kubernetes/pki`) ([#108410](https://github.com/kubernetes/kubernetes/pull/108410), [@Haleygo](https://github.com/Haleygo)) -- Kubeadm: fixed a bug where Windows nodes fail to join an IPv6 cluster due to preflight errors ([#108769](https://github.com/kubernetes/kubernetes/pull/108769), [@SataQiu](https://github.com/SataQiu)) -- Kubeadm: fixed the bug that `kubeadm certs generate-csr` command does not remove duplicated SANs ([#107982](https://github.com/kubernetes/kubernetes/pull/107982), [@SataQiu](https://github.com/SataQiu)) -- Kubelet now checks "NoExecute" taint/toleration before accepting pods, except for static pods. ([#101218](https://github.com/kubernetes/kubernetes/pull/101218), [@gjkim42](https://github.com/gjkim42)) -- Metrics Server image bumped to v0.5.2 ([#106492](https://github.com/kubernetes/kubernetes/pull/106492), [@serathius](https://github.com/serathius)) -- Modified command line errors (for example, `kubectl list` -> `unknown command`) that were printed as log message with escaped line breaks instead of a multi-line plain text, making the error hard to read. ([#107044](https://github.com/kubernetes/kubernetes/pull/107044), [@pohly](https://github.com/pohly)) -- Modified log messages that were logged with `"v":0` in JSON output although they were debug messages with a higher verbosity. ([#106978](https://github.com/kubernetes/kubernetes/pull/106978), [@pohly](https://github.com/pohly)) -- No ([#107769](https://github.com/kubernetes/kubernetes/pull/107769), [@liurupeng](https://github.com/liurupeng)) [SIG Cloud Provider and Windows] -- NodeRestriction admission: nodes are now allowed to update PersistentVolumeClaim status fields `resizeStatus` and `allocatedResources` when the `RecoverVolumeExpansionFailure` feature is enabled. ([#107686](https://github.com/kubernetes/kubernetes/pull/107686), [@gnufied](https://github.com/gnufied)) -- Only extend token lifetimes when `--service-account-extend-token-expiration` is true and the requested token audiences are empty or exactly match all values for `--api-audiences`. ([#105954](https://github.com/kubernetes/kubernetes/pull/105954), [@jyotimahapatra](https://github.com/jyotimahapatra)) -- Prevent kube-scheduler from nominating a Pod that was already scheduled to a node ([#109245](https://github.com/kubernetes/kubernetes/pull/109245), [@alculquicondor](https://github.com/alculquicondor)) -- Prevent unnecessary `Endpoints` and `EndpointSlice` updates caused by `Pod ResourceVersion` change ([#108078](https://github.com/kubernetes/kubernetes/pull/108078), [@tnqn](https://github.com/tnqn)) -- Print `` as the value in case kubectl describe ingress shows `default-backend:80` when no default backend is present ([#108506](https://github.com/kubernetes/kubernetes/pull/108506), [@jlsong01](https://github.com/jlsong01)) -- Publishing kube-proxy metrics for Windows kernel-mode ([#106581](https://github.com/kubernetes/kubernetes/pull/106581), [@knabben](https://github.com/knabben)) -- Re-adds response status and headers on verbose kubectl responses ([#108505](https://github.com/kubernetes/kubernetes/pull/108505), [@rikatz](https://github.com/rikatz)) -- Record requests rejected with 429 in the apiserver_request_total metric ([#108927](https://github.com/kubernetes/kubernetes/pull/108927), [@wojtek-t](https://github.com/wojtek-t)) -- Removed validation if AppArmor profiles are loaded on the local node. This should be handled by the container runtime. ([#97966](https://github.com/kubernetes/kubernetes/pull/97966), [@saschagrunert](https://github.com/saschagrunert)) -- Replace the url label of `rest_client_request_duration_seconds` and `rest_client_rate_limiter_duration_seconds` metrics with a host label to prevent cardinality explosions and keep only the useful information. This is a breaking change required for security reasons. ([#106539](https://github.com/kubernetes/kubernetes/pull/106539), [@dgrisonnet](https://github.com/dgrisonnet)) -- Restored `NumPDBViolations` info of nodes, when `HTTPExtender ProcessPreemption`. This info will be used in subsequent filtering steps - `pickOneNodeForPreemption` ([#105853](https://github.com/kubernetes/kubernetes/pull/105853), [@caden2016](https://github.com/caden2016)) -- Reverted graceful node shutdown to match 1.21 behavior of setting pods that have not yet successfully completed to "Failed" phase if the GracefulNodeShutdown feature is enabled in kubelet. The GracefulNodeShutdown feature is beta and must be explicitly configured via kubelet config to be enabled in 1.21+. This changes 1.22 and 1.23 behavior on node shutdown to match 1.21. If you do not want pods to be marked terminated on node shutdown in 1.22 and 1.23, disable the GracefulNodeShutdown feature. ([#106901](https://github.com/kubernetes/kubernetes/pull/106901), [@bobbypage](https://github.com/bobbypage)) -- Reverts the CRI API version surfaced by dockershim to v1alpha2 ([#106803](https://github.com/kubernetes/kubernetes/pull/106803), [@saschagrunert](https://github.com/saschagrunert)) -- Services with "internalTrafficPolicy: Local" now behave more like - "externalTrafficPolicy: Local". Also, "internalTrafficPolicy: Local, - externalTrafficPolicy: Cluster" is now implemented correctly. ([#106497](https://github.com/kubernetes/kubernetes/pull/106497), [@danwinship](https://github.com/danwinship)) -- Sets JobTrackingWithFinalizers, a beta feature, as disabled by default, due to unresolved bug https://github.com/kubernetes/kubernetes/issues/109485 ([#109487](https://github.com/kubernetes/kubernetes/pull/109487), [@alculquicondor](https://github.com/alculquicondor)) -- Skip re-allocate logic if pod is already removed to avoid panic ([#108831](https://github.com/kubernetes/kubernetes/pull/108831), [@waynepeking348](https://github.com/waynepeking348)) -- The Service field `spec.internalTrafficPolicy` is no longer defaulted for Services when the type is `ExternalName`. The field is also dropped on read when the Service type is `ExternalName`. ([#104846](https://github.com/kubernetes/kubernetes/pull/104846), [@andrewsykim](https://github.com/andrewsykim)) -- The `ServerSideFieldValidation` feature has been reverted to alpha for 1.24. ([#109271](https://github.com/kubernetes/kubernetes/pull/109271), [@liggitt](https://github.com/liggitt)) -- The `TopologyAwareHints` feature gate is now enabled by default. This will allow users to opt-in to Topology Aware Hints by setting the `service.kubernetes.io/topology-aware-hints` on a Service. This will not affect any Services without that annotation set. ([#108747](https://github.com/kubernetes/kubernetes/pull/108747), [@robscott](https://github.com/robscott)) -- The deprecated flag `--really-crash-for-testing` was removed. ([#101719](https://github.com/kubernetes/kubernetes/pull/101719), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) -- The kubelet no longer forcefully closes active connections on heartbeat failures, using the HTTP2 health check mechanism to detect broken connections. Users can force the previous behavior of the kubelet by setting the environment variable DISABLE_HTTP2. ([#108107](https://github.com/kubernetes/kubernetes/pull/108107), [@aojea](https://github.com/aojea)) -- This code change fixes the bug that UDP services would trigger unnecessary LoadBalancer updates. The root cause is that a field not working for non-TCP protocols is considered. - ref: https://github.com/kubernetes-sigs/cloud-provider-azure/pull/1090 ([#107981](https://github.com/kubernetes/kubernetes/pull/107981), [@lzhecheng](https://github.com/lzhecheng)) -- Topology translation of in-tree vSphere volume to vSphere CSI. ([#108611](https://github.com/kubernetes/kubernetes/pull/108611), [@divyenpatel](https://github.com/divyenpatel)) -- Updating kubelet permissions check for Windows nodes to see if process is elevated instead of checking if process owner is in Administrators group ([#108146](https://github.com/kubernetes/kubernetes/pull/108146), [@marosset](https://github.com/marosset)) -- `apiserver`, if configured to reconcile the `kubernetes.default` service endpoints, checks if the configured Service IP range matches the apiserver public address IP family, and fails to start if not. ([#106721](https://github.com/kubernetes/kubernetes/pull/106721), [@aojea](https://github.com/aojea)) -- `kubectl version` now fails when given extra arguments. ([#107967](https://github.com/kubernetes/kubernetes/pull/107967), [@jlsong01](https://github.com/jlsong01)) - -##### Other (Cleanup or Flake) - -- Service session affinity timeout tests are no longer required for Kubernetes network plugin conformance due to variations in existing implementations. New conformance tests will be developed to better express conformance in future releases. ([#112806](https://github.com/kubernetes/kubernetes/pull/112806), [@dcbw](https://github.com/dcbw)) [SIG Architecture, Network and Testing] -- Kubelet now defaults to pulling the pause image from registry.k8s.io ([#114341](https://github.com/kubernetes/kubernetes/pull/114341), [@liggitt](https://github.com/liggitt)) [SIG Node] -- '`build/dependencies.yaml`: remove the dependency on Docker. With the dockershim removal, core Kubernetes no longer - has to track the latest validated version of Docker.' ([#107607](https://github.com/kubernetes/kubernetes/pull/107607), [@neolit123](https://github.com/neolit123)) -- API server's deprecated `--experimental-encryption-provider-config` flag is now removed. Adapt your machinery to use the `--encryption-provider-config` flag that is available since v1.13. ([#108423](https://github.com/kubernetes/kubernetes/pull/108423), [@ialidzhikov](https://github.com/ialidzhikov)) -- API server's deprecated `--target-ram-mb` flag is now removed. ([#108457](https://github.com/kubernetes/kubernetes/pull/108457), [@ialidzhikov](https://github.com/ialidzhikov)) -- Added PreemptionPolicy in PriorityClass describe ([#108701](https://github.com/kubernetes/kubernetes/pull/108701), [@denkensk](https://github.com/denkensk)) -- Added an e2e test to verify that the cluster is not vulnerable to CVE-2021-29923 when using Services with IPs with leading zeros, note that this test is a necessary but not sufficient condition, all the components in the clusters that consume IPs addresses from the APIs MUST interpret them as decimal or discard them. ([#107552](https://github.com/kubernetes/kubernetes/pull/107552), [@aojea](https://github.com/aojea)) -- Added an example for the `kubectl plugin list` command. ([#106600](https://github.com/kubernetes/kubernetes/pull/106600), [@bergerhoffer](https://github.com/bergerhoffer)) -- Added details about preemption in the event for scheduling failed. ([#107775](https://github.com/kubernetes/kubernetes/pull/107775), [@denkensk](https://github.com/denkensk)) -- Allow KUBE_TEST_REPO_LIST to be a remote url ([#108429](https://github.com/kubernetes/kubernetes/pull/108429), [@dims](https://github.com/dims)) -- Client-go: if resetting the body fails before a retry, an error is now surfaced to the user. ([#109050](https://github.com/kubernetes/kubernetes/pull/109050), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) -- Deprecate apiserver_dropped_requests_total metric. The same data can be read from apiserver_request_terminations_total metric. ([#109018](https://github.com/kubernetes/kubernetes/pull/109018), [@wojtek-t](https://github.com/wojtek-t)) -- Deprecated types in `k8s.io/apimachinery/util/clock`. Please use `k8s.io/utils/clock` instead. ([#106850](https://github.com/kubernetes/kubernetes/pull/106850), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) -- E2e tests wait for `kube-root-ca.crt` to be populated in namespaces for use with projected service account tokens, reducing delays starting those test pods and errors in the logs. ([#107763](https://github.com/kubernetes/kubernetes/pull/107763), [@smarterclayton](https://github.com/smarterclayton)) -- Endpoints and EndpointSlice controllers no longer populate [resourceVersion of targetRef](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-reference/#ObjectReference) in Endpoints and EndpointSlices ([#108450](https://github.com/kubernetes/kubernetes/pull/108450), [@tnqn](https://github.com/tnqn)) -- Fixed default config flags for `NewDefaultKubectlCommand`. ([#107131](https://github.com/kubernetes/kubernetes/pull/107131), [@jonnylangefeld](https://github.com/jonnylangefeld)) -- Fixed documentation typo in cloud-provider. ([#106445](https://github.com/kubernetes/kubernetes/pull/106445), [@majst01](https://github.com/majst01)) -- Fixed spelling of implemented in pkg/proxy/apis/config/types.go line 206 ([#106453](https://github.com/kubernetes/kubernetes/pull/106453), [@davidleitw](https://github.com/davidleitw)) -- Improve error message when applying CRDs before the CRD exists in a cluster ([#107363](https://github.com/kubernetes/kubernetes/pull/107363), [@eddiezane](https://github.com/eddiezane)) -- Improved algorithm for selecting `best` non-preferred hint in the TopologyManager ([#108154](https://github.com/kubernetes/kubernetes/pull/108154), [@klueska](https://github.com/klueska)) -- Kube-proxy doesn't set the sysctl `net.ipv4.conf.all.route_localnet=1` if no IPv4 loopback address is selected by the `nodePortAddresses` configuration parameter. ([#107684](https://github.com/kubernetes/kubernetes/pull/107684), [@aojea](https://github.com/aojea)) -- Kubeadm: all warning messages are printed to stderr instead of stdout. ([#107467](https://github.com/kubernetes/kubernetes/pull/107467), [@SataQiu](https://github.com/SataQiu)) -- Kubeadm: handled the removal of dockershim related flags for new kubeadm clusters. If kubelet <1.24 is on the host, kubeadm >=1.24 can continue using the built-in dockershim in the kubelet if the user passes the `{Init|Join}Configuration.nodeRegistration.criSocket` value in the kubeadm configuration to be equal to `unix:///var/run/dockershim.sock` on Unix or `npipe:////./pipe/dockershim` on Windows. If kubelet version >=1.24 is on the host, kubeadm >=1.24 will treat all container runtimes as "remote" using the kubelet flags `--container-runtime=remote --container-runtime-endpoint=scheme://some/path`. The special management for kubelet <1.24 will be removed in kubeadm 1.25. ([#106973](https://github.com/kubernetes/kubernetes/pull/106973), [@neolit123](https://github.com/neolit123)) -- Kubeadm: make sure that `kubeadm init/join` always use a URL scheme (unix:// on Linux and npipe:// on Windows) when passing a value to the `--container-runtime-endpoint` kubelet flag. This flag's value is taken from the kubeadm configuration `criSocket` field or the `--cri-socket` CLI flag. Automatically add a missing URL scheme to the user configuration in memory, but warn them that they should also update their configuration on disk manually. During `kubeadm upgrade apply/node` mutate the `/var/lib/kubelet/kubeadm-flags.env` file on disk and the `kubeadm.alpha.kubernetes.io/cri-socket` annotation Node object if needed. These automatic actions are temporary and will be removed in a future release. In the future the kubelet may not support CRI endpoints without an URL scheme. ([#107295](https://github.com/kubernetes/kubernetes/pull/107295), [@neolit123](https://github.com/neolit123)) -- Kubeadm: remove the `IPv6DualStack` feature gate. The feature has been GA and locked to enabled since 1.23. ([#106648](https://github.com/kubernetes/kubernetes/pull/106648), [@calvin0327](https://github.com/calvin0327)) -- Kubeadm: removed the deprecated `output/v1alpha1` API used for machine readable output by some kubeadm commands. In 1.23 kubeadm started using the newer version `output/v1alpha2` for the same purpose. ([#107468](https://github.com/kubernetes/kubernetes/pull/107468), [@neolit123](https://github.com/neolit123)) -- Kubeadm: removed the restriction that the `ca.crt` can only contain one certificate. If there is more than one certificate in the `ca.crt` file, kubeadm will pick the first one by default. ([#107327](https://github.com/kubernetes/kubernetes/pull/107327), [@SataQiu](https://github.com/SataQiu)) -- Kubectl stack traces now only print at verbose `-v=99` and not `-v=6` ([#108053](https://github.com/kubernetes/kubernetes/pull/108053), [@eddiezane](https://github.com/eddiezane)) -- Kubectl: restored `--dry-run`, `--dry-run=true`, and `--dry-run=false` for compatibility with pre-1.23 invocations. ([#107003](https://github.com/kubernetes/kubernetes/pull/107003), [@julianvmodesto](https://github.com/julianvmodesto)) -- Kubelet config validation error messages are updated. ([#105360](https://github.com/kubernetes/kubernetes/pull/105360), [@shuheiktgw](https://github.com/shuheiktgw)) -- Kubernetes e2e framework will use the url `invalid.registry.k8s.io/invalid` instead `invalid.com/invalid` for test that use an invalid registry. ([#107455](https://github.com/kubernetes/kubernetes/pull/107455), [@aojea](https://github.com/aojea)) -- Marked kubelet `--container-runtime-endpoint` and `--image-service-endpoint` CLI flags as stable. ([#106954](https://github.com/kubernetes/kubernetes/pull/106954), [@saschagrunert](https://github.com/saschagrunert)) -- Migrate `volume/csi/csi-client.go` logs to structured logging. ([#99441](https://github.com/kubernetes/kubernetes/pull/99441), [@CKchen0726](https://github.com/CKchen0726)) -- Migrate statefulset files to structured logging ([#106109](https://github.com/kubernetes/kubernetes/pull/106109), [@h4ghhh](https://github.com/h4ghhh)) -- Refactor kubelet command line for enabling features and "drop `RuntimeClass` feature gate" if present. Note that this feature has been on by default since 1.14 and was GA'ed in 1.20. ([#106882](https://github.com/kubernetes/kubernetes/pull/106882), [@cyclinder](https://github.com/cyclinder)) -- Remove deprecated `--serviceaccount`, `--hostport`, `--requests` and `--limits` from kubectl run. ([#108820](https://github.com/kubernetes/kubernetes/pull/108820), [@mozillazg](https://github.com/mozillazg)) -- Remove support for `node-expansion` between `node-stage` and `node-publish` ([#108614](https://github.com/kubernetes/kubernetes/pull/108614), [@gnufied](https://github.com/gnufied)) -- Removed deprecated `generator` and `container-port` flags ([#106824](https://github.com/kubernetes/kubernetes/pull/106824), [@lauchokyip](https://github.com/lauchokyip)) -- Removed kubelet `--non-masquerade-cidr` deprecated CLI flag ([#107096](https://github.com/kubernetes/kubernetes/pull/107096), [@hakman](https://github.com/hakman)) -- Rename unschedulableQ to unschedulablePods ([#108919](https://github.com/kubernetes/kubernetes/pull/108919), [@denkensk](https://github.com/denkensk)) -- SPDY transport in client-go will no longer follow redirects. ([#108531](https://github.com/kubernetes/kubernetes/pull/108531), [@tallclair](https://github.com/tallclair)) -- ServerResources was deprecated in February 2019 (https://github.com/kubernetes/kubernetes/commit/618050e) and now it's being removed and ServerGroupsAndResources is suggested to be used instead ([#107180](https://github.com/kubernetes/kubernetes/pull/107180), [@ardaguclu](https://github.com/ardaguclu)) -- The API server's deprecated `--deserialization-cache-size` flag is now removed. ([#108448](https://github.com/kubernetes/kubernetes/pull/108448), [@ialidzhikov](https://github.com/ialidzhikov)) -- The `--container-runtime` kubelet flag is deprecated and will be removed in future releases. ([#107094](https://github.com/kubernetes/kubernetes/pull/107094), [@adisky](https://github.com/adisky)) -- The `WarningHeaders` feature gate that is GA since v1.22 is unconditionally enabled, and can no longer be specified via the `--feature-gates` argument. ([#108394](https://github.com/kubernetes/kubernetes/pull/108394), [@ialidzhikov](https://github.com/ialidzhikov)) -- The `e2e.test` binary supports a new `--kubelet-root` parameter to override the default `/var/lib/kubelet` path. CSI storage tests use this. ([#108253](https://github.com/kubernetes/kubernetes/pull/108253), [@pohly](https://github.com/pohly)) -- The fluentd-elasticsearch addon is no longer included in the cluster directory. It is available from https://github.com/kubernetes-sigs/instrumentation-addons/tree/master/fluentd-elasticsearch. ([#107553](https://github.com/kubernetes/kubernetes/pull/107553), [@liggitt](https://github.com/liggitt)) -- The scheduler framework option `runAllFilters` is removed. ([#108829](https://github.com/kubernetes/kubernetes/pull/108829), [@kerthcet](https://github.com/kerthcet)) -- Updated cri-tools to [v1.23.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.23.0). ([#107604](https://github.com/kubernetes/kubernetes/pull/107604), [@saschagrunert](https://github.com/saschagrunert)) -- Updated runc to 1.1.0 and updated cadvisor to 0.44.0 ([#109029](https://github.com/kubernetes/kubernetes/pull/109029), [@ehashman](https://github.com/ehashman)) -- Updated runc to 1.1.1 ([#109104](https://github.com/kubernetes/kubernetes/pull/109104), [@kolyshkin](https://github.com/kolyshkin)) -- Updated the error message to not use the `--max-resource-write-bytes` & `--json-patch-max-copy-bytes` string. ([#106875](https://github.com/kubernetes/kubernetes/pull/106875), [@warmchang](https://github.com/warmchang)) -- Users who look at iptables dumps will see some changes in the naming and structure of rules. ([#109060](https://github.com/kubernetes/kubernetes/pull/109060), [@thockin](https://github.com/thockin)) -- Windows Pause no longer has support for SAC releases 1903, 1909, 2004. Windows image support is now Ltcs 2019 (1809), 20H2, LTSC 2022 ([#107056](https://github.com/kubernetes/kubernetes/pull/107056), [@jsturtevant](https://github.com/jsturtevant)) -- [k8s.io/utils/clock]: IntervalClock is now deprecated in favour of SimpleIntervalClock ([#108059](https://github.com/kubernetes/kubernetes/pull/108059), [@RaghavRoy145](https://github.com/RaghavRoy145)) -- `kube-addon-manager` image version is bumped to 9.1.6 ([#108341](https://github.com/kubernetes/kubernetes/pull/108341), [@zshihang](https://github.com/zshihang)) -- Add SourceVolumeMode field to VolumeSnapshotContents. Documentation for this alpha feature is pending. ([#665](https://github.com/kubernetes-csi/external-snapshotter/pull/665), [@RaunakShah](https://github.com/RaunakShah)) -- Update snapshotter module to v6 and client module to v5. Documentation for this alpha feature is pending. ([#670],(https://github.com/kubernetes-csi/external-snapshotter/pull/670), [@RaunakShah](https://github.com/RaunakShah)) - -##### Uncategorized - -- Deprecate kubectl version long output, will be replaced with kubectl version ` --short`. Users requiring full output should use `--output=yaml|json` instead. ([#108987](https://github.com/kubernetes/kubernetes/pull/108987), [@soltysh](https://github.com/soltysh)) - - -#### Dependencies - -##### Added -- github.com/armon/go-socks5: [e753329](https://github.com/armon/go-socks5/tree/e753329) -- github.com/blang/semver/v4: [v4.0.0](https://github.com/blang/semver/v4/tree/v4.0.0) -- github.com/google/gnostic: [v0.5.7-v3refs](https://github.com/google/gnostic/tree/v0.5.7-v3refs) - -##### Changed -- golang.org/x/net: 1e63c2f → v0.7.0 -- golang.org/x/sys: v0.3.0 → v0.5.0 -- golang.org/x/term: v0.3.0 → v0.5.0 -- golang.org/x/text: v0.5.0 → v0.7.0 -- github.com/google/cel-go: [v0.10.2 → v0.10.4](https://github.com/google/cel-go/compare/v0.10.2...v0.10.4) -- k8s.io/system-validators: v1.7.0 → v1.8.0 -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.33 → v0.0.35 -- sigs.k8s.io/structured-merge-diff/v4: v4.2.1 → v4.2.3 -- github.com/yuin/goldmark: [v1.4.1 → v1.4.13](https://github.com/yuin/goldmark/compare/v1.4.1...v1.4.13) -- golang.org/x/mod: 9b9b3d8 → 86c51ed -- golang.org/x/sync: 036812b → 886fb93 -- golang.org/x/tools: 897bd77 → v0.1.12 -- github.com/stretchr/objx: [v0.2.0 → v0.4.0](https://github.com/stretchr/objx/compare/v0.2.0...v0.4.0) -- github.com/stretchr/testify: [v1.7.0 → v1.8.0](https://github.com/stretchr/testify/compare/v1.7.0...v1.8.0) -- go.uber.org/goleak: v1.1.10 → v1.2.0 -- golang.org/x/lint: 6edffad → 83fdc39 -- gopkg.in/yaml.v3: 496545a → v3.0.1 -- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.30 → v0.0.33 -- github.com/cespare/xxhash/v2: [v2.1.1 → v2.1.2](https://github.com/cespare/xxhash/v2/compare/v2.1.1...v2.1.2) -- github.com/checkpoint-restore/go-criu/v5: [v5.0.0 → v5.3.0](https://github.com/checkpoint-restore/go-criu/v5/compare/v5.0.0...v5.3.0) -- github.com/cilium/ebpf: [v0.6.2 → v0.7.0](https://github.com/cilium/ebpf/compare/v0.6.2...v0.7.0) -- github.com/containerd/console: [v1.0.2 → v1.0.3](https://github.com/containerd/console/compare/v1.0.2...v1.0.3) -- github.com/containerd/containerd: [v1.4.11 → v1.4.12](https://github.com/containerd/containerd/compare/v1.4.11...v1.4.12) -- github.com/cpuguy83/go-md2man/v2: [v2.0.0 → v2.0.1](https://github.com/cpuguy83/go-md2man/v2/compare/v2.0.0...v2.0.1) -- github.com/cyphar/filepath-securejoin: [v0.2.2 → v0.2.3](https://github.com/cyphar/filepath-securejoin/compare/v0.2.2...v0.2.3) -- github.com/docker/distribution: [v2.7.1+incompatible → v2.8.1+incompatible](https://github.com/docker/distribution/compare/v2.7.1...v2.8.1) -- github.com/docker/docker: [v20.10.7+incompatible → v20.10.12+incompatible](https://github.com/docker/docker/compare/v20.10.7...v20.10.12) -- github.com/godbus/dbus/v5: [v5.0.4 → v5.0.6](https://github.com/godbus/dbus/v5/compare/v5.0.4...v5.0.6) -- github.com/golang/mock: [v1.5.0 → v1.6.0](https://github.com/golang/mock/compare/v1.5.0...v1.6.0) -- github.com/google/cadvisor: [v0.43.0 → v0.44.1](https://github.com/google/cadvisor/compare/v0.43.0...v0.44.1) -- github.com/moby/sys/mountinfo: [v0.4.1 → v0.6.0](https://github.com/moby/sys/mountinfo/compare/v0.4.1...v0.6.0) -- github.com/moby/term: [9d4ed18 → 3f7ff69](https://github.com/moby/term/compare/9d4ed18...3f7ff69) -- github.com/opencontainers/image-spec: [v1.0.1 → v1.0.2](https://github.com/opencontainers/image-spec/compare/v1.0.1...v1.0.2) -- github.com/opencontainers/runc: [v1.0.2 → v1.1.1](https://github.com/opencontainers/runc/compare/v1.0.2...v1.1.1) -- github.com/opencontainers/selinux: [v1.8.2 → v1.10.0](https://github.com/opencontainers/selinux/compare/v1.8.2...v1.10.0) -- github.com/prometheus/client_golang: [v1.11.0 → v1.12.1](https://github.com/prometheus/client_golang/compare/v1.11.0...v1.12.1) -- github.com/prometheus/common: [v0.28.0 → v0.32.1](https://github.com/prometheus/common/compare/v0.28.0...v0.32.1) -- github.com/prometheus/procfs: [v0.6.0 → v0.7.3](https://github.com/prometheus/procfs/compare/v0.6.0...v0.7.3) -- github.com/russross/blackfriday/v2: [v2.0.1 → v2.1.0](https://github.com/russross/blackfriday/v2/compare/v2.0.1...v2.1.0) -- github.com/seccomp/libseccomp-golang: [v0.9.1 → 3879420](https://github.com/seccomp/libseccomp-golang/compare/v0.9.1...3879420) -- github.com/spf13/cobra: [v1.2.1 → v1.4.0](https://github.com/spf13/cobra/compare/v1.2.1...v1.4.0) -- go.etcd.io/etcd/api/v3: v3.5.0 → v3.5.1 -- go.etcd.io/etcd/client/pkg/v3: v3.5.0 → v3.5.1 -- go.etcd.io/etcd/client/v3: v3.5.0 → v3.5.1 -- golang.org/x/crypto: 32db794 → 8634188 -- golang.org/x/oauth2: 2bc19b1 → d3ed0bb -- golang.org/x/time: 1f47c86 → 90d013b -- google.golang.org/genproto: fe13028 → 42d7afd -- k8s.io/gengo: 485abfe → c02415c -- k8s.io/klog/v2: v2.30.0 → v2.60.1 -- k8s.io/kube-openapi: e816edb → 3ee0da9 -- k8s.io/utils: cb0fa31 → 3a6ce19 -- sigs.k8s.io/json: c049b76 → 9f7c6b3 -- sigs.k8s.io/kustomize/api: v0.10.1 → v0.11.4 -- sigs.k8s.io/kustomize/cmd/config: v0.10.2 → v0.10.6 -- sigs.k8s.io/kustomize/kustomize/v4: v4.4.1 → v4.5.4 -- sigs.k8s.io/kustomize/kyaml: v0.13.0 → v0.13.6 - -##### Removed -- cloud.google.com/go/firestore: v1.1.0 -- github.com/armon/go-metrics: [f0300d1](https://github.com/armon/go-metrics/tree/f0300d1) -- github.com/armon/go-radix: [7fddfc3](https://github.com/armon/go-radix/tree/7fddfc3) -- github.com/bgentry/speakeasy: [v0.1.0](https://github.com/bgentry/speakeasy/tree/v0.1.0) -- github.com/bits-and-blooms/bitset: [v1.2.0](https://github.com/bits-and-blooms/bitset/tree/v1.2.0) -- github.com/bketelsen/crypt: [v0.0.4](https://github.com/bketelsen/crypt/tree/v0.0.4) -- github.com/containernetworking/cni: [v0.8.1](https://github.com/containernetworking/cni/tree/v0.8.1) -- github.com/fatih/color: [v1.7.0](https://github.com/fatih/color/tree/v1.7.0) -- github.com/googleapis/gnostic: [v0.5.5](https://github.com/googleapis/gnostic/tree/v0.5.5) -- github.com/hashicorp/consul/api: [v1.1.0](https://github.com/hashicorp/consul/api/tree/v1.1.0) -- github.com/hashicorp/consul/sdk: [v0.1.1](https://github.com/hashicorp/consul/sdk/tree/v0.1.1) -- github.com/hashicorp/errwrap: [v1.0.0](https://github.com/hashicorp/errwrap/tree/v1.0.0) -- github.com/hashicorp/go-cleanhttp: [v0.5.1](https://github.com/hashicorp/go-cleanhttp/tree/v0.5.1) -- github.com/hashicorp/go-immutable-radix: [v1.0.0](https://github.com/hashicorp/go-immutable-radix/tree/v1.0.0) -- github.com/hashicorp/go-msgpack: [v0.5.3](https://github.com/hashicorp/go-msgpack/tree/v0.5.3) -- github.com/hashicorp/go-multierror: [v1.0.0](https://github.com/hashicorp/go-multierror/tree/v1.0.0) -- github.com/hashicorp/go-rootcerts: [v1.0.0](https://github.com/hashicorp/go-rootcerts/tree/v1.0.0) -- github.com/hashicorp/go-sockaddr: [v1.0.0](https://github.com/hashicorp/go-sockaddr/tree/v1.0.0) -- github.com/hashicorp/go-syslog: [v1.0.0](https://github.com/hashicorp/go-syslog/tree/v1.0.0) -- github.com/hashicorp/go-uuid: [v1.0.1](https://github.com/hashicorp/go-uuid/tree/v1.0.1) -- github.com/hashicorp/go.net: [v0.0.1](https://github.com/hashicorp/go.net/tree/v0.0.1) -- github.com/hashicorp/golang-lru: [v0.5.0](https://github.com/hashicorp/golang-lru/tree/v0.5.0) -- github.com/hashicorp/hcl: [v1.0.0](https://github.com/hashicorp/hcl/tree/v1.0.0) -- github.com/hashicorp/logutils: [v1.0.0](https://github.com/hashicorp/logutils/tree/v1.0.0) -- github.com/hashicorp/mdns: [v1.0.0](https://github.com/hashicorp/mdns/tree/v1.0.0) -- github.com/hashicorp/memberlist: [v0.1.3](https://github.com/hashicorp/memberlist/tree/v0.1.3) -- github.com/hashicorp/serf: [v0.8.2](https://github.com/hashicorp/serf/tree/v0.8.2) -- github.com/magiconair/properties: [v1.8.5](https://github.com/magiconair/properties/tree/v1.8.5) -- github.com/mattn/go-colorable: [v0.0.9](https://github.com/mattn/go-colorable/tree/v0.0.9) -- github.com/mattn/go-isatty: [v0.0.3](https://github.com/mattn/go-isatty/tree/v0.0.3) -- github.com/miekg/dns: [v1.0.14](https://github.com/miekg/dns/tree/v1.0.14) -- github.com/mitchellh/cli: [v1.0.0](https://github.com/mitchellh/cli/tree/v1.0.0) -- github.com/mitchellh/go-homedir: [v1.0.0](https://github.com/mitchellh/go-homedir/tree/v1.0.0) -- github.com/mitchellh/go-testing-interface: [v1.0.0](https://github.com/mitchellh/go-testing-interface/tree/v1.0.0) -- github.com/mitchellh/gox: [v0.4.0](https://github.com/mitchellh/gox/tree/v0.4.0) -- github.com/mitchellh/iochan: [v1.0.0](https://github.com/mitchellh/iochan/tree/v1.0.0) -- github.com/pascaldekloe/goe: [57f6aae](https://github.com/pascaldekloe/goe/tree/57f6aae) -- github.com/pelletier/go-toml: [v1.9.3](https://github.com/pelletier/go-toml/tree/v1.9.3) -- github.com/posener/complete: [v1.1.1](https://github.com/posener/complete/tree/v1.1.1) -- github.com/ryanuber/columnize: [9b3edd6](https://github.com/ryanuber/columnize/tree/9b3edd6) -- github.com/sean-/seed: [e2103e2](https://github.com/sean-/seed/tree/e2103e2) -- github.com/shurcooL/sanitized_anchor_name: [v1.0.0](https://github.com/shurcooL/sanitized_anchor_name/tree/v1.0.0) -- github.com/spf13/cast: [v1.3.1](https://github.com/spf13/cast/tree/v1.3.1) -- github.com/spf13/jwalterweatherman: [v1.1.0](https://github.com/spf13/jwalterweatherman/tree/v1.1.0) -- github.com/spf13/viper: [v1.8.1](https://github.com/spf13/viper/tree/v1.8.1) -- github.com/subosito/gotenv: [v1.2.0](https://github.com/subosito/gotenv/tree/v1.2.0) -- gopkg.in/ini.v1: v1.62.0 - - - -### containerlinux [3510.2.0](https://www.flatcar-linux.org/releases/#release-3510.2.0) - -_Changes since **Stable 3374.2.5**_ - -#### Security fixes: - -- Linux ([CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-1281](https://nvd.nist.gov/vuln/detail/CVE-2023-1281), [CVE-2023-1513](https://nvd.nist.gov/vuln/detail/CVE-2023-1513), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545)) -- bind tools ([CVE-2022-2795](https://nvd.nist.gov/vuln/detail/CVE-2022-2795), [CVE-2022-2881](https://nvd.nist.gov/vuln/detail/CVE-2022-2881), [CVE-2022-2906](https://nvd.nist.gov/vuln/detail/CVE-2022-2906), [CVE-2022-3080](https://nvd.nist.gov/vuln/detail/CVE-2022-3080), [CVE-2022-38177](https://nvd.nist.gov/vuln/detail/CVE-2022-38177), [CVE-2022-38178](https://nvd.nist.gov/vuln/detail/CVE-2022-38178)) -- binutils ([CVE-2022-38126](https://nvd.nist.gov/vuln/detail/CVE-2022-38126), [CVE-2022-38127](https://nvd.nist.gov/vuln/detail/CVE-2022-38127)) -- containerd ([CVE-2022-23471](https://nvd.nist.gov/vuln/detail/CVE-2022-23471)) -- cpio ([CVE-2021-38185](https://nvd.nist.gov/vuln/detail/CVE-2021-38185)) -- curl ([CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252), [CVE-2022-43551](https://nvd.nist.gov/vuln/detail/CVE-2022-43551), [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552),[CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-35260](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42915](https://nvd.nist.gov/vuln/detail/CVE-2022-32221), [CVE-2022-42916](https://nvd.nist.gov/vuln/detail/CVE-2022-32221)) -- dbus ([CVE-2022-42010](https://nvd.nist.gov/vuln/detail/CVE-2022-42010), [CVE-2022-42011](https://nvd.nist.gov/vuln/detail/CVE-2022-42011), [CVE-2022-42012](https://nvd.nist.gov/vuln/detail/CVE-2022-42012)) -- git ([CVE-2022-39253](https://nvd.nist.gov/vuln/detail/CVE-2022-39253), [CVE-2022-39260](https://nvd.nist.gov/vuln/detail/CVE-2022-39260), [CVE-2022-23521](https://nvd.nist.gov/vuln/detail/CVE-2022-23521), [CVE-2022-41903](https://nvd.nist.gov/vuln/detail/CVE-2022-41903)) -- glib ([fixes to normal form handling in GVariant](https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835)) -- Go ([CVE-2022-41717](https://nvd.nist.gov/vuln/detail/CVE-2022-41717)) -- libarchive ([CVE-2022-36227](https://nvd.nist.gov/vuln/detail/CVE-2022-36227)) -- libksba ([CVE-2022-47629](https://nvd.nist.gov/vuln/detail/CVE-2022-47629), [CVE-2022-3515](https://nvd.nist.gov/vuln/detail/CVE-2022-3515)) -- libxml2 ([CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303), [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304)) -- logrotate ([CVE-2022-1348](https://nvd.nist.gov/vuln/detail/CVE-2022-1348)) -- multipath-tools ([CVE-2022-41973](https://nvd.nist.gov/vuln/detail/CVE-2022-41973), [CVE-2022-41974](https://nvd.nist.gov/vuln/detail/CVE-2022-41974)) -- sudo ([CVE-2023-22809](https://nvd.nist.gov/vuln/detail/CVE-2023-22809), [CVE-2022-43995](https://nvd.nist.gov/vuln/detail/CVE-2022-43995)) -- systemd ([CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821), [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415)) -- vim ([CVE-2023-0049](https://nvd.nist.gov/vuln/detail/CVE-2023-0049), [CVE-2023-0051](https://nvd.nist.gov/vuln/detail/CVE-2023-0051), [CVE-2023-0054](https://nvd.nist.gov/vuln/detail/CVE-2023-0054), [CVE-2022-3705](https://nvd.nist.gov/vuln/detail/CVE-2022-3705), [CVE-2022-3491](https://nvd.nist.gov/vuln/detail/CVE-2022-3491), [CVE-2022-3520](https://nvd.nist.gov/vuln/detail/CVE-2022-3520), [CVE-2022-3591](https://nvd.nist.gov/vuln/detail/CVE-2022-3591), [CVE-2022-4141](https://nvd.nist.gov/vuln/detail/CVE-2022-4141), [CVE-2022-4292](https://nvd.nist.gov/vuln/detail/CVE-2022-4292), [CVE-2022-4293](https://nvd.nist.gov/vuln/detail/CVE-2022-4293),[CVE-2022-1725](https://nvd.nist.gov/vuln/detail/CVE-2022-1725), [CVE-2022-3234](https://nvd.nist.gov/vuln/detail/CVE-2022-3234), [CVE-2022-3235](https://nvd.nist.gov/vuln/detail/CVE-2022-3235), [CVE-2022-3278](https://nvd.nist.gov/vuln/detail/CVE-2022-3278), [CVE-2022-3256](https://nvd.nist.gov/vuln/detail/CVE-2022-3256), [CVE-2022-3296](https://nvd.nist.gov/vuln/detail/CVE-2022-3296), [CVE-2022-3297](https://nvd.nist.gov/vuln/detail/CVE-2022-3297), [CVE-2022-3324](https://nvd.nist.gov/vuln/detail/CVE-2022-3324), [CVE-2022-3352](https://nvd.nist.gov/vuln/detail/CVE-2022-3352), [CVE-2022-2042](https://nvd.nist.gov/vuln/detail/CVE-2022-2042), [CVE-2022-2124](https://nvd.nist.gov/vuln/detail/CVE-2022-2124), [CVE-2022-2125](https://nvd.nist.gov/vuln/detail/CVE-2022-2125), [CVE-2022-2126](https://nvd.nist.gov/vuln/detail/CVE-2022-2126), [CVE-2022-2129](https://nvd.nist.gov/vuln/detail/CVE-2022-2129), [CVE-2022-2175](https://nvd.nist.gov/vuln/detail/CVE-2022-2175), [CVE-2022-2182](https://nvd.nist.gov/vuln/detail/CVE-2022-2182), [CVE-2022-2183](https://nvd.nist.gov/vuln/detail/CVE-2022-2183), [CVE-2022-2206](https://nvd.nist.gov/vuln/detail/CVE-2022-2206), [CVE-2022-2207](https://nvd.nist.gov/vuln/detail/CVE-2022-2207), [CVE-2022-2208](https://nvd.nist.gov/vuln/detail/CVE-2022-2208), [CVE-2022-2210](https://nvd.nist.gov/vuln/detail/CVE-2022-2210), [CVE-2022-2231](https://nvd.nist.gov/vuln/detail/CVE-2022-2231), [CVE-2022-2257](https://nvd.nist.gov/vuln/detail/CVE-2022-2257), [CVE-2022-2264](https://nvd.nist.gov/vuln/detail/CVE-2022-2264), [CVE-2022-2284](https://nvd.nist.gov/vuln/detail/CVE-2022-2284), [CVE-2022-2285](https://nvd.nist.gov/vuln/detail/CVE-2022-2285), [CVE-2022-2286](https://nvd.nist.gov/vuln/detail/CVE-2022-2286), [CVE-2022-2287](https://nvd.nist.gov/vuln/detail/CVE-2022-2287), [CVE-2022-2288](https://nvd.nist.gov/vuln/detail/CVE-2022-2288), [CVE-2022-2289](https://nvd.nist.gov/vuln/detail/CVE-2022-2289), [CVE-2022-2304](https://nvd.nist.gov/vuln/detail/CVE-2022-2304), [CVE-2022-2343](https://nvd.nist.gov/vuln/detail/CVE-2022-2343), [CVE-2022-2344](https://nvd.nist.gov/vuln/detail/CVE-2022-2344), [CVE-2022-2345](https://nvd.nist.gov/vuln/detail/CVE-2022-2345), [CVE-2022-2522](https://nvd.nist.gov/vuln/detail/CVE-2022-2522), [CVE-2022-2816](https://nvd.nist.gov/vuln/detail/CVE-2022-2816), [CVE-2022-2817](https://nvd.nist.gov/vuln/detail/CVE-2022-2817), [CVE-2022-2819](https://nvd.nist.gov/vuln/detail/CVE-2022-2819), [CVE-2022-2845](https://nvd.nist.gov/vuln/detail/CVE-2022-2845), [CVE-2022-2849](https://nvd.nist.gov/vuln/detail/CVE-2022-2849), [CVE-2022-2862](https://nvd.nist.gov/vuln/detail/CVE-2022-2862), [CVE-2022-2874](https://nvd.nist.gov/vuln/detail/CVE-2022-2874), [CVE-2022-2889](https://nvd.nist.gov/vuln/detail/CVE-2022-2889), [CVE-2022-2923](https://nvd.nist.gov/vuln/detail/CVE-2022-2923), [CVE-2022-2946](https://nvd.nist.gov/vuln/detail/CVE-2022-2946), [CVE-2022-2980](https://nvd.nist.gov/vuln/detail/CVE-2022-2980), [CVE-2022-2982](https://nvd.nist.gov/vuln/detail/CVE-2022-2982), [CVE-2022-3016](https://nvd.nist.gov/vuln/detail/CVE-2022-3016), [CVE-2022-3099](https://nvd.nist.gov/vuln/detail/CVE-2022-3099), [CVE-2022-3134](https://nvd.nist.gov/vuln/detail/CVE-2022-3134), [CVE-2022-3153](https://nvd.nist.gov/vuln/detail/CVE-2022-3153)) -- SDK: Python ([CVE-2015-20107](https://nvd.nist.gov/vuln/detail/CVE-2015-20107), [CVE-2020-10735](https://nvd.nist.gov/vuln/detail/CVE-2020-10735), [CVE-2021-3654](https://nvd.nist.gov/vuln/detail/CVE-2021-3654), [CVE-2022-37454](https://nvd.nist.gov/vuln/detail/CVE-2022-37454), [CVE-2022-42919](https://nvd.nist.gov/vuln/detail/CVE-2022-42919), [CVE-2022-45061](https://nvd.nist.gov/vuln/detail/CVE-2022-45061)) -- SDK: qemu ([CVE-2022-4172](https://nvd.nist.gov/vuln/detail/CVE-2022-4172), [CVE-2020-14394](https://nvd.nist.gov/vuln/detail/CVE-2020-14394), [CVE-2022-0216](https://nvd.nist.gov/vuln/detail/CVE-2022-0216), [CVE-2022-35414](https://nvd.nist.gov/vuln/detail/CVE-2022-35414), [CVE-2022-3872](https://nvd.nist.gov/vuln/detail/CVE-2022-3872)) -- SDK: rust ([CVE-2022-46176](https://nvd.nist.gov/vuln/detail/CVE-2022-46176), [CVE-2022-36113](https://nvd.nist.gov/vuln/detail/CVE-2022-36113), [CVE-2022-36114](https://nvd.nist.gov/vuln/detail/CVE-2022-36114)) - -#### Bug fixes: - -- Added back Ignition support for Vagrant ([coreos-overlay#2351](https://github.com/flatcar/coreos-overlay/pull/2351)) -- Added support for hardware security keys in update-ssh-keys ([update-ssh-keys#7](https://github.com/flatcar/update-ssh-keys/pull/7)) -- Enabled IOMMU on arm64 kernels, the lack of which prevented some systems from booting ([coreos-overlay#2235](https://github.com/flatcar/coreos-overlay/pull/2235)) -- Fixed a regression (in Alpha/Beta) where machines failed to boot if they didnt have the `core` user or group in `/etc/passwd` or `/etc/group` ([baselayout#26](https://github.com/flatcar/baselayout/pull/26)) -- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream ([Flatcar#847](https://github.com/flatcar/Flatcar/issues/847), [coreos-overlay#2315](https://github.com/flatcar/coreos-overlay/pull/2315)) -- Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58)) -- The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files ([Flatcar#944](https://github.com/flatcar/Flatcar/issues/944)) - -#### Changes: - -- Added `CONFIG_NF_CONNTRACK_BRIDGE` (for nf_conntrack_bridge) and `CONFIG_NFT_BRIDGE_META` (for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names ([coreos-overlay#2207](https://github.com/flatcar/coreos-overlay/pull/2207)) -- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92)) -- Change CONFIG_WIREGUARD kernel option to module to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239)) -- Disable several arch specific arm64 kernel config options for unsupported platforms to save space on boot partition ([coreos-overlay#2239](https://github.com/flatcar/coreos-overlay/pull/2239)) -- Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58)) -- Switched from `--strip-unneeded` to `--strip-debug` when installing kernel modules, which makes kernel stacktraces more accurate and makes debugging issues easier ([coreos-overlay#2196](https://github.com/flatcar/coreos-overlay/pull/2196)) -- The flatcar-update tool got two new flags to customize ports used on the host while updating flatcar ([init#81](https://github.com/flatcar/init/pull/81)) -- Toolbox now uses containerd to download and mount the image ([toolbox#7](https://github.com/flatcar/toolbox/pull/7)) -- Add qemu-guest-agent to all amd64 images, it will be automatically enabled when qemu-ga virtio-port is detected ([coreos-overlay#2240](https://github.com/flatcar/coreos-overlay/pull/2240), [portage-stable#373](https://github.com/flatcar/portage-stable/pull/373)) - -#### Updates: - -- Linux ([5.15.98](https://lwn.net/Articles/925080) (includes [5.15.97](https://lwn.net/Articles/925064), [5.15.96](https://lwn.net/Articles/924441), [5.15.95](https://lwn.net/Articles/924073), [5.15.94](https://lwn.net/Articles/923308), [5.15.93](https://lwn.net/Articles/922814))) -- Linux Firmware ([20230117](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230117)) -- adcli ([0.9.2](https://gitlab.freedesktop.org/realmd/adcli/-/commits/8e88e3590a19006362ea8b8dfdc18bb88b3cb3b5/)) -- bind tools ([9.16.36](https://bind9.readthedocs.io/en/v9_16_36/notes.html#notes-for-bind-9-16-36) (includes [9.16.34](https://bind9.readthedocs.io/en/v9_16_35/notes.html#notes-for-bind-9-16-34) and [9.16.35](https://bind9.readthedocs.io/en/v9_16_34/notes.html#notes-for-bind-9-16-35))) -- binutils ([2.39](https://sourceware.org/pipermail/binutils/2022-August/122246.html)) -- bpftool ([5.19.12](https://lwn.net/Articles/909678/)) -- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html)) -- containerd ([1.6.16](https://github.com/containerd/containerd/releases/tag/v1.6.16)) -- cpio ([2.13](https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html)) -- curl ([7.87.0](https://curl.se/changes.html#7_87_0) (includes [7.85](https://curl.se/mail/archive-2022-08/0012.html))) -- dbus ([1.14.4](https://gitlab.freedesktop.org/dbus/dbus/-/raw/dbus-1.14.4/NEWS)) -- Docker ([20.10.23](https://docs.docker.com/engine/release-notes/#201023)) -- elfutils ([0.188](https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html) (includes [0.187](https://sourceware.org/pipermail/elfutils-devel/2022q2/004978.html))) -- Expat ([2.5.0](https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes)) -- gawk ([5.2.1](https://lists.gnu.org/archive/html/help-gawk/2022-11/msg00008.html) (contains [5.2.0](https://lists.gnu.org/archive/html/help-gawk/2022-09/msg00000.html))) -- gettext ([0.21.1](https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=blob;f=NEWS;h=cdbb16746c23555e70bb1e16917f5c349ce92d9e;hb=8b38ee827251cadbb90cb6cb576ae98702566288)) -- git ([2.39.1](https://github.com/git/git/blob/v2.39.1/Documentation/RelNotes/2.39.1.txt) (includes [2.39.0](https://github.com/git/git/blob/v2.39.0/Documentation/RelNotes/2.39.0.txt))) -- glib ([2.74.4](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.4)) -- Go ([1.19.5](https://go.dev/doc/devel/release#go1.19.5)) -- glibc ([2.36](https://sourceware.org/pipermail/libc-alpha/2022-August/141193.html) (includes [2.35](https://savannah.gnu.org/forum/forum.php?forum_id=10111))) -- GnuTLS ([3.7.8](https://lists.gnupg.org/pipermail/gnutls-help/2022-September/004765.html)) -- I2C tools ([4.3](https://git.kernel.org/pub/scm/utils/i2c-tools/i2c-tools.git/tree/CHANGES?id=d8bc1f1ff4b00a6bd988aa114100ae9b787f50d8)) -- Intel Microcode ([20221108](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20221108)) -- iptables ([1.8.8](https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.8.txt)) -- iputils ([20211215](https://github.com/iputils/iputils/releases/tag/20211215)) -- libcap ([2.66](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.d9ygdose5kw)) -- libcap-ng ([0.8.3](https://people.redhat.com/sgrubb/libcap-ng/ChangeLog)) -- libksba ([1.6.3](https://dev.gnupg.org/T6304)) -- libseccomp ([2.5.4](https://github.com/seccomp/libseccomp/releases/tag/v2.5.4) (contains [2.5.2](https://github.com/seccomp/libseccomp/releases/tag/v2.5.2), [2.5.3](https://github.com/seccomp/libseccomp/releases/tag/v2.5.3))) -- libxml2 ([2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3)) -- logrotate ([3.20.1](https://github.com/logrotate/logrotate/releases/tag/3.20.1)) -- MIT Kerberos V ([1.20.1](https://web.mit.edu/kerberos/krb5-1.20/krb5-1.20.1.html)) -- multipath-tools ([0.9.3](https://github.com/opensvc/multipath-tools/releases/tag/0.9.3)) -- nettle ([3.8.1](https://git.lysator.liu.se/nettle/nettle/-/blob/990abad16ceacd070747dcc76ed16a39c129321e/ChangeLog)) -- nmap ([7.93](https://nmap.org/changelog.html#7.93)) -- OpenSSH ([9.1](http://www.openssh.com/releasenotes.html#9.1)) -- rsync ([3.2.7](https://download.samba.org/pub/rsync/NEWS#3.2.7)) -- shadow ([4.13](https://github.com/shadow-maint/shadow/releases/tag/4.13)) -- sqlite ([3.40.1](https://www.sqlite.org/releaselog/3_40_1.html) (contains [3.40.0](https://www.sqlite.org/releaselog/3_40_0.html) and [3.39.4](https://sqlite.org/releaselog/3_39_4.html))) -- strace ([5.19](https://github.com/strace/strace/releases/tag/v5.19)) -- sudo ([1.9.12_p2](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2)) -- systemd ([252.5](https://github.com/systemd/systemd-stable/releases/tag/v252.5) (includes [252](https://github.com/systemd/systemd/releases/tag/v252))) -- vim ([9.0.1157](https://github.com/vim/vim/releases/tag/v9.0.1157) (includes [9.0.0469](https://github.com/vim/vim/releases/tag/v9.0.0469))) -- wget ([1.21.3](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00017.html)) -- whois ([5.5.14](https://github.com/rfc1036/whois/commit/ab10466cf2e1ec4887f6a44375c3e29c1720157f)) -- wireguard-tools ([1.0.20210914](https://github.com/WireGuard/wireguard-tools/releases/tag/v1.0.20210914)) -- XZ utils ([5.4.1](https://github.com/tukaani-project/xz/releases/tag/v5.4.1) (includes [5.4.0](https://github.com/tukaani-project/xz/releases/tag/v5.4.0))) -- zlib ([1.2.13](https://github.com/madler/zlib/releases/tag/v1.2.13)) -- OEM: python-oem ([3.9.16](https://www.python.org/downloads/release/python-3916/)) -- SDK: boost ([1.81.0](https://www.boost.org/users/history/version_1_81_0.html)) -- SDK: catalyst ([3.0.21](https://gitweb.gentoo.org/proj/catalyst.git/log/?h=3.0.21)) -- SDK: cmake ([3.23.3](https://cmake.org/cmake/help/v3.23/release/3.23.html)) -- SDK: file ([5.43](https://mailman.astron.com/pipermail/file/2022-September/000857.html) (includes [5.44](https://github.com/file/file/blob/FILE5_44/ChangeLog))) -- SDK: libpng ([1.6.39](http://www.libpng.org/pub/png/src/libpng-1.6.39-README.txt) (includes [1.6.38](http://www.libpng.org/pub/png/src/libpng-1.6.38-README.txt))) -- SDK: libxslt ([1.1.37](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.37)) -- SDK: meson ([0.62.2](https://mesonbuild.com/Release-notes-for-0-62-0.html)) -- SDK: ninja ([1.11.0](https://groups.google.com/g/ninja-build/c/R2oCyDctDf8/m/-U94Y5I8AgAJ?pli=1)) -- SDK: pahole ([1.23](https://git.kernel.org/pub/scm/devel/pahole/pahole.git/tag/?h=v1.23)) -- SDK: perl ([5.36.0](https://perldoc.perl.org/5.36.0/perldelta)) -- SDK: portage ([3.0.43](https://github.com/gentoo/portage/blob/portage-3.0.43/NEWS) (includes [3.0.42](https://github.com/gentoo/portage/blob/portage-3.0.42/NEWS), [3.0.41](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.41))) -- SDK: qemu ([7.2.0](https://wiki.qemu.org/ChangeLog/7.2) (includes [7.1.0](https://wiki.qemu.org/ChangeLog/7.1))) -- SDK: Rust ([1.67.0](https://github.com/rust-lang/rust/releases/tag/1.67.0)) -- VMware: open-vm-tools ([12.1.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.5)) - -_Changes since **Beta 3510.1.0**_ - -#### Security fixes: - - -#### Bug fixes: - -- Restored the support to specify OEM partition files in Ignition when `/usr/share/oem` is given as initrd mount point ([bootengine#58](https://github.com/flatcar/bootengine/pull/58)) - -#### Changes: - -- Added new image signing pub key to `flatcar-install`, needed for download verification of releases built from July 2023 onwards, if you have copies of `flatcar-install` or the image signing pub key, you need to update them as well ([init#92](https://github.com/flatcar/init/pull/92)) -- Specifying the OEM filesystem in Ignition to write files to `/usr/share/oem` is not needed anymore ([bootengine#58](https://github.com/flatcar/bootengine/pull/58)) - -#### Updates: - -- ca-certificates ([3.89](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_89.html)) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.0.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.0.1.md deleted file mode 100644 index c25c1dfa5e..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.0.1.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v19.0.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/v19.0.1 - version: 19.0.1 - version_tag: v19.0.1 -date: '2023-08-02T09:59:41' -description: Release notes for AWS workload cluster release v19.0.1, published on - 02 August 2023, 09:59. -title: Workload cluster release v19.0.1 for AWS ---- - -This is a patch release that provides improved performance for in-cluster DNS resolution. - -## Change details - - -### coredns [1.18.1](https://github.com/giantswarm/coredns-app/releases/tag/v1.18.1) - -#### Added -- Add a new field `additionalLocalZones` which can be used to introduce more internal local zones, e.g. linkerd. -#### Changed -- Create a `coredns` zone for each cluster domain. -- Adjust the settings for upscaling HPA when hitting 60% CPU. -- Adjust the settings for downscaling HPA to 30 minutes. -- Adjust the min and max memory settings per Pod. -- Enable cache inconditionaly for `.` and local zones. -- Adjust the settings for upscaling HPA when hitting 80% Memory. -#### Fixed -- Remove fallthrough for reverse zones from kubernetes plugin. - - - -### k8s-dns-node-cache-app [2.4.0](https://github.com/giantswarm/k8s-dns-node-cache-app/releases/tag/v2.4.0) - -#### Changed -- Upgrade application to version 1.22.23 (includes coredns 1.10) -- Enable TCP connections for external zones - - -### vertical-pod-autoscaler-app [3.5.4](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v3.5.4) - -#### Changed -- Specified `failureThreshold` and `periodSeconds` for recommender's liveness probe. -- Upgrade dependency chart to 7.1.0. -- Upgrade VPA components to 0.14.0 diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.1.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.1.0.md deleted file mode 100644 index b37d51cf05..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.1.0.md +++ /dev/null @@ -1,267 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v19.1.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v19.1.0 - version: 19.1.0 - version_tag: v19.1.0 -date: '2023-09-13T06:20:40' -description: Release notes for AWS workload cluster release v19.1.0, published on - 13 September 2023, 06:20. -title: Workload cluster release v19.1.0 for AWS ---- - -This is a maintenance release featuring latest 1.24 Kubernetes versions as well as components upgrades. This release also introduces new features which are described in next sections. - -***IAM Permissions Requirements*** -The minimal requirement for the IAM permissions is [Version 3.3.0](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/blob/master/CHANGELOG.md#330---2023-05-11) of [giantswarm-aws-account-prerequisites](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/) repository. - -## Cilium AWS ENI mode - -Following our work on changing the CNI of the Giant Swarm Workload Clusters towards Cilium, we have added a possibility to migrate to the Cilium AWS ENI mode instead of plain Cilium setup. - -> **WARNING:** The Cilium AWS ENI mode can *ONLY* be enabled while upgrading from `18.4.2` to `19.1.0` release. From that point forward the Workload Clusters will be running in Cilium AWS ENI mode and cannot be switched back to our default Cilium that comes with `19.0.0`. Both the Cilium and Cilium AWS ENI mode will receive the same level of support going forward. - -This feature can be enabled via the annotation `cilium.giantswarm.io/ipam-mode: eni`, set on the Cluster CR, while on `18.4.2` release and prior to `19.1.0` upgrade. When the upgrade is triggered, the underlying infrastructure will choose to continue with the [Cilium AWS ENI mode](https://docs.cilium.io/en/latest/network/concepts/ipam/eni/). This is meant for the users that do not want to migrate any of the underlying network infrastructure that has been linked with the Giant Swarm Workload Clusters. The network setup after the upgrade will be the same as while running `aws-cni` with `kube-proxy`. - -## Kyverno by default - -This release prepares for the migration away from Pod Security Policies (PSP) in favor of Pod Security Standards (PSS) in Kubernetes 1.25. Our `security-bundle` is now installed by default, and will deploy `kyverno` and `restricted` level PSS policies in `audit` mode. These resources are provided in order to allow time to create exceptions for workloads which need them before the policies are changed to `enforce` in a future release. For more information about PSS please read our official [documentation](https://docs.giantswarm.io/advanced/security-policy-enforcement/). Please also take a look at the `kyverno` [documentation](https://docs.giantswarm.io/platform-overview/security/platform-security/#kyverno) to fully utilize its potential. - -> **WARNING:** If you are already running `kyverno` as Giant Swarm Managed App, the installation of `security-bundle` will fail. However the already existing `kyverno` deployment and its configuration can be adopted by the bundle after the upgrade is finished. Please talk to your Account Engineer if you have any questions. - -## AWSMachineDeployment CR's annotation to change the Flatcar Release Version - -This feature allows customers to set an annotation on AWSMachineDeployment CR's to change the Flatcar Release Version. For now it only allows setting `alpha.giantswarm.io/flatcar-release-version: "3689.0.0"` or higher version. We have added this feature to accommodate the issues with Cilium CNI high CPU usage on small clusters. This feature is solely to enable customers to run the Flatcar `alpha` channel which consists of the `kernel 6` version that fixes the issue, while waiting for a `stable` Flatcar release. - -The annotation behaves as follows: -- when setting the annotation, the TCNP CloudFormation Stack for the specific node pool is rolled and replaces the OS image -- when removing the annotation, the node pool is updated and switches back to the default OS image which is coming from the AWS release -- when upgrading the cluster to a new AWS release, the node pool uses the specific flatcar release from the annotation as long as you don't change by either setting it to a higher version or removing the annotation. - -## Change details - - -### etcd [3.5.9](https://github.com/etcd-io/etcd/releases/tag/v3.5.9) - -#### etcd server -- Fix [LeaseTimeToLive API may return keys to clients which have no read permission on the keys](https://github.com/etcd-io/etcd/pull/15815). -#### Dependencies -- Compile binaries using [go 1.19.9](https://github.com/etcd-io/etcd/pull/15822). - - - -### kubernetes [1.24.17](https://github.com/kubernetes/kubernetes/releases/tag/v1.24.17) - -#### Feature -- Kubernetes is now built with Go 1.20.7 ([#119837](https://github.com/kubernetes/kubernetes/pull/119837), [@jeremyrickard](https://github.com/jeremyrickard)) [SIG Apps, Cloud Provider, Node, Release, Storage and Testing] -#### Bug or Regression -- Fixed a bug where clusters that use KMS v1 with skewed API servers on versions v1.24 and v1.25 would see internal errors when attempting to read encrypted data via the v1.24 API servers. ([#119387](https://github.com/kubernetes/kubernetes/pull/119387), [@enj](https://github.com/enj)) [SIG API Machinery and Auth] -#### Dependencies -#### Added -_Nothing has changed._ -#### Changed -_Nothing has changed._ -#### Removed -_Nothing has changed._ - - - -### app-operator [6.8.0](https://github.com/giantswarm/app-operator/releases/tag/v6.8.0) - -#### Added -- Add Service Monitor by default to make it complain with the latest monitoring improvements - - - -### aws-operator [14.22.0](https://github.com/giantswarm/aws-operator/releases/tag/v14.22.0) - -#### Added -- Allow newer flatcar releases for node pools as provided by AWS release. -- Add sigs.k8s.io/cluster-api-provider-aws/role tag to all subnets as preparation for migration to CAPI. - -#### Changed -- Get AMI data from helm value rather than from hardcoded string in the code. -- Unmanage interfaces for CNI eth[1-9] on workers eth[2-9] on masters -- *cilium eni mode* - Only run aws-node, calico and kube-proxy on old nodes during migration to cilium. - - - - -### cluster-operator [5.8.0-patch1](https://github.com/giantswarm/cluster-operator/releases/tag/v5.8.0-patch1) - -#### Added -- Add ENI mode for Cilium on AWS. -- Consider new control-plane label. -- Create external-dns-cluster-values configmap on cluster creation. -#### Changed -- Propagate `global.podSecurityStandards.enforced` value set to `false` for PSS migration -- Rename function for better readbility. - - - -### containerlinux [3510.2.7](https://www.flatcar-linux.org/releases/#release-3510.2.7) - - _Changes since **Stable 3510.2.6**_ - - #### Security fixes: - - - Linux ([CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-4004](https://nvd.nist.gov/vuln/detail/CVE-2023-4004), [CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908)) - - #### Bug fixes: - - - Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal ([flatcar#1157](https://github.com/flatcar/Flatcar/issues/1157)) - - #### Updates: - - - Linux ([5.15.125](https://lwn.net/Articles/940801) (includes [5.15.124](https://lwn.net/Articles/940339), [5.15.123](https://lwn.net/Articles/939424))) - - -### net-exporter [1.17.0](https://github.com/giantswarm/net-exporter/releases/tag/v1.17.0) - -#### Changed -- Add security context values to make chart comply to PodSecurityStandard restricted profile. - - - -### node-exporter [1.17.1](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.17.1) - -#### Changed -- fix apparmor annotation - - -### cilium-servicemonitors [0.1.2](https://github.com/giantswarm/cilium-servicemonitors-app/releases/tag/v0.1.2) - -#### Changed -- Drop metrics with high cardinality. -- Increase scrape interval to 60s. - - - -### cert-exporter [2.6.0](https://github.com/giantswarm/cert-exporter/releases/tag/v2.6.0) - - - - -### cilium [0.12.0](https://github.com/giantswarm/cilium-app/releases/tag/v0.12.0) - -#### Added -- Support creating `CiliumNetworkPolicy` manifests that allow egress requests to DNS and proxy hosts -#### Changed -- Add missing conditional for PSP rendering of default-policies installer job - - - -### external-dns [2.39.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.39.0) - -#### Changed -- Replace monitoring labels with ServiceMonitor ([#296](https://github.com/giantswarm/external-dns-app/pull/296)). -- Update ATS to 0.4.1 and python deps ([#297](https://github.com/giantswarm/external-dns-app/pull/297)). - - - -### vertical-pod-autoscaler [4.2.0](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v4.2.0) - -#### Changed -WARNING: this version requires Cilium to run because of the dependency on the CiliumNetworkPolicy CRD -- Upgrade dependency chart to 9.2.0. -- In order to facilitate the migration from aws-cni to cilium we need to keep the standard network policies in place so that VPA can communicate with the k8s API while the clusters are being upgraded. -- Adjusted the resource and limits to accomodate larger clusters by default -- Adjusted the admission controller to give it more QPS against the API -- Adjusted the updater to give it more QPS against the API -- Adjusted the recommender to give it - - more QPS against the API - - doubling the memory in case of an OOMKilled event - - Using the 95% percentile for the calculation of the CPU usage: should allow to scale up more precisely to account for spikes in CPU consumption of the workload - - Adjusted the resource and limits to accomodate larger clusters by default - - Calculating recommendations only for workloads which do have a VPA custom resource, instead of all workloads - - Removed standard network policies to decrease maintenance burden - - Fixed Cilium Network Policy to allow CRD jobs execution - - Added Cilium Network Policy weight for an early execution - - Disabled VPA for the updater pod otherwise it keeps on getting re-scheduled because the memory consumption varies a lot between reconsiling resources and idle - - Disabled VPA for the recommender pod otherwise it keeps on getting re-scheduled because the memory consumption varies a lot between reconsiling resources and idle - - - -### observability-bundle [0.8.2](https://github.com/giantswarm/observability-bundle/releases/tag/v0.8.2) - -- Upgrade promtail to 1.4.0. - - - -### cilium-servicemonitors [0.1.2](https://github.com/giantswarm/cilium-servicemonitors-app/releases/tag/v0.1.2) - -#### Changed -- Drop metrics with high cardinality. -- Increase scrape interval to 60s. - - - -### aws-ebs-csi-driver [2.27.0](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.27.0) - -#### Changed -- Updated ebs-csi-driver to `v1.21.0` and updated sidecar images. -- Upgraded all components to latest release. - -#### Fixed -- Fix RBAC issue with snapshots. - -#### Added -- Add global.podSecurityStandards.enforced value for PSS migration. - -### cluster-autoscaler [1.24.3](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.24.3) - -#### Changed -- Change ScaleDownUtilizationThreshold default from 0.5 to 0.7 -- Update cluster-autoscaler to version `1.24.3`. - - - -### cilium [0.12.0](https://github.com/giantswarm/cilium-app/releases/tag/v0.12.0) - -#### Added -- Support creating `CiliumNetworkPolicy` manifests that allow egress requests to DNS and proxy hosts -#### Changed -- Add missing conditional for PSP rendering of default-policies installer job - - - -### external-dns [2.39.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.39.0) - -#### Changed -- Replace monitoring labels with ServiceMonitor ([#296](https://github.com/giantswarm/external-dns-app/pull/296)). -- Update ATS to 0.4.1 and python deps ([#297](https://github.com/giantswarm/external-dns-app/pull/297)). - - - -### cert-exporter [2.6.0](https://github.com/giantswarm/cert-exporter/releases/tag/v2.6.0) - -### Changed - -- Remove the `Exist` toleration from deployment. This allows the pod to be rescheduled on a drained node sometimes causing the drain of a node to fail and require a manual fix - - -### security-bundle [0.17.0](https://github.com/giantswarm/security-bundle/releases/tag/v0.17.0) - -#### Added - -- Update to kyverno (app) upstream version 1.10.2. Note: This update includes breaking changes in the values structure, please check the migration docs before upgrading. -- Update to trivy (app) version 0.8.3. -- Update to falco (app) version 0.6.5. - - - -### k8s-audit-metrics [0.7.1](https://github.com/giantswarm/k8s-audit-metrics/releases/tag/v0.7.1) - -#### - -- Removed /metrics checks in cilium network policy. - -#### Changed - -- Switched to kube-system namespace by default -- Added Cilium Network Policy to scrape /metrics on port 8000 diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.1.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.1.1.md deleted file mode 100644 index e2dd791f18..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.1.1.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v19.1.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v19.1.1 - version: 19.1.1 - version_tag: v19.1.1 -date: '2023-10-10T10:22:01' -description: Release notes for AWS workload cluster release v19.1.1, published on - 10 October 2023, 10:22. -title: Workload cluster release v19.1.1 for AWS ---- - -This is a patch release that provides new `security-bundle` version consisting of two new components in preparation for PSS migration. Please refer to the changelog below for further details. - -## Change details - -### security-bundle [0.19.2](https://github.com/giantswarm/security-bundle/releases/tag/v0.19.2) - -#### Added -- Add `exception-recommender` (app) to the security bundle to create Giant Swarm PolicyException recommendations. -- Add `kyverno-policy-operator` (app) to the security bundle to automatically create Kyverno PolicyExceptions from Giant Swarm PolicyExceptions. -- Update to `kyverno-policies` (app) version 0.20.1. -- Update to `trivy-operator` (app) to version 0.4.1. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.2.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.2.0.md deleted file mode 100644 index 1f43173436..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.2.0.md +++ /dev/null @@ -1,232 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v19.2.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/v19.2.0 - version: 19.2.0 - version_tag: v19.2.0 -date: '2023-10-11T08:27:27' -description: Release notes for AWS workload cluster release v19.2.0, published on - 11 October 2023, 08:27. -title: Workload cluster release v19.2.0 for AWS ---- - -This is a security release bringing newest stable Flatcar where most of recent CVEs have been adressed. Additionally functionality of Cilium ENI mode has been improved by fixing maximum pod calculations per node as well as VPC peerings. - -## Change details - - -### app-operator [6.8.1](https://github.com/giantswarm/app-operator/releases/tag/v6.8.1) - -#### Fixed -- Use the right name for Chart CR to be deleted. - - - -### aws-operator [14.23.0](https://github.com/giantswarm/aws-operator/releases/tag/v14.23.0) - -#### Fixed -- Cleanup `kube-proxy` VPA after switching to Cilium. -- Bump k8scc to enable max pod calculations when cilium is in ENI IPAM mode. - - - -### cluster-operator [5.9.0](https://github.com/giantswarm/cluster-operator/releases/tag/v5.9.0) - -#### Changed -- Disable masquerading when cilium is in ENI mode. - - - -### containerlinux [3602.2.0](https://www.flatcar-linux.org/releases/#release-3602.2.0) - -_Changes since **Beta 3602.1.6**_ - -#### Security fixes: - - - Linux ([CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755)) - - #### Bug fixes: - - - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202)) - - #### Changes: - - - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132)) - - #### Updates: - - - Linux ([5.15.133](https://lwn.net/Articles/945380)) - -_Changes compared to **Stable 3510.2.8**_ - -#### Security fixes: - - - Linux ([CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752), [CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753), [CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921)) - - Go ([CVE-2023-24532](https://nvd.nist.gov/vuln/detail/CVE-2023-24532), [CVE-2023-24534](https://nvd.nist.gov/vuln/detail/CVE-2023-24534), [CVE-2023-24536](https://nvd.nist.gov/vuln/detail/CVE-2023-24536), [CVE-2023-24537](https://nvd.nist.gov/vuln/detail/CVE-2023-24537), [CVE-2023-24538](https://nvd.nist.gov/vuln/detail/CVE-2023-24538), [CVE-2023-24539](https://nvd.nist.gov/vuln/detail/CVE-2023-24539), [CVE-2023-24540](https://nvd.nist.gov/vuln/detail/CVE-2023-24540), [CVE-2023-29400](https://nvd.nist.gov/vuln/detail/CVE-2023-29400), [CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723), [CVE-2022-41724](https://nvd.nist.gov/vuln/detail/CVE-2022-41724), [CVE-2022-41725](https://nvd.nist.gov/vuln/detail/CVE-2022-41725)) - - bash ([CVE-2022-3715](https://nvd.nist.gov/vuln/detail/CVE-2022-3715)) - - c-ares ([CVE-2022-4904](https://nvd.nist.gov/vuln/detail/CVE-2022-4904)) - - containerd ([CVE-2023-25153](https://nvd.nist.gov/vuln/detail/CVE-2023-25153), [CVE-2023-25173](https://nvd.nist.gov/vuln/detail/CVE-2023-25173)) - - curl ([CVE-2023-23914](https://nvd.nist.gov/vuln/detail/CVE-2023-23914), [CVE-2023-23915](https://nvd.nist.gov/vuln/detail/CVE-2023-23915) and [CVE-2023-23916](https://nvd.nist.gov/vuln/detail/CVE-2023-23916), [CVE-2023-27533](https://nvd.nist.gov/vuln/detail/CVE-2023-27533), [CVE-2023-27534](https://nvd.nist.gov/vuln/detail/CVE-2023-27534), [CVE-2023-27535](https://nvd.nist.gov/vuln/detail/CVE-2023-27535), [CVE-2023-27536](https://nvd.nist.gov/vuln/detail/CVE-2023-27536), [CVE-2023-27537](https://nvd.nist.gov/vuln/detail/CVE-2023-27537), [CVE-2023-27538](https://nvd.nist.gov/vuln/detail/CVE-2023-27538)) - - Docker ([CVE-2023-28840](https://nvd.nist.gov/vuln/detail/CVE-2023-28840), [CVE-2023-28841](https://nvd.nist.gov/vuln/detail/CVE-2023-28841), [CVE-2023-28842](https://nvd.nist.gov/vuln/detail/CVE-2023-28842)) - - e2fsprogs ([CVE-2022-1304](https://nvd.nist.gov/vuln/detail/CVE-2022-1304)) - - git ([CVE-2023-22490](https://nvd.nist.gov/vuln/detail/CVE-2023-22490), [CVE-2023-23946](https://nvd.nist.gov/vuln/detail/CVE-2023-23946)) - - GnuTLS ([CVE-2023-0361](https://nvd.nist.gov/vuln/detail/CVE-2023-0361)) - - intel-microcode ([CVE-2022-21216](https://nvd.nist.gov/vuln/detail/CVE-2022-21216), [CVE-2022-33196](https://nvd.nist.gov/vuln/detail/CVE-2022-33196), [CVE-2022-38090](https://nvd.nist.gov/vuln/detail/CVE-2022-38090)) - - less ([CVE-2022-46663](https://nvd.nist.gov/vuln/detail/CVE-2022-46663)) - - libxml2 ([CVE-2023-28484](https://nvd.nist.gov/vuln/detail/CVE-2023-28484), [CVE-2023-29469](https://nvd.nist.gov/vuln/detail/CVE-2023-29469)) - - OpenSSH ([CVE-2023-25136](https://nvd.nist.gov/vuln/detail/CVE-2023-25136), [CVE-2023-28531](https://nvd.nist.gov/vuln/detail/CVE-2023-28531), [CVE-2023-38408](https://nvd.nist.gov/vuln/detail/CVE-2023-38408)) - - OpenSSL ([CVE-2022-4203](https://nvd.nist.gov/vuln/detail/CVE-2022-4203), [CVE-2022-4304](https://nvd.nist.gov/vuln/detail/CVE-2022-4304), [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450), [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215), [CVE-2023-0216](https://nvd.nist.gov/vuln/detail/CVE-2023-0216), [CVE-2023-0217](https://nvd.nist.gov/vuln/detail/CVE-2023-0217), [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286), [CVE-2023-0401](https://nvd.nist.gov/vuln/detail/CVE-2023-0401), [CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464), [CVE-2023-0465](https://nvd.nist.gov/vuln/detail/CVE-2023-0465), [CVE-2023-0466](https://nvd.nist.gov/vuln/detail/CVE-2023-0466), [CVE-2023-1255](https://nvd.nist.gov/vuln/detail/CVE-2023-1255)) - - runc ([CVE-2023-25809](https://nvd.nist.gov/vuln/detail/CVE-2023-25809), [CVE-2023-27561](https://nvd.nist.gov/vuln/detail/CVE-2023-27561), [CVE-2023-28642](https://nvd.nist.gov/vuln/detail/CVE-2023-28642)) - - tar ([CVE-2022-48303](https://nvd.nist.gov/vuln/detail/CVE-2022-48303)) - - torcx ([CVE-2022-32149](https://nvd.nist.gov/vuln/detail/CVE-2022-32149)) - - vim ([CVE-2023-0288](https://nvd.nist.gov/vuln/detail/CVE-2023-0288), [CVE-2023-0433](https://nvd.nist.gov/vuln/detail/CVE-2023-0433), [CVE-2023-1127](https://nvd.nist.gov/vuln/detail/CVE-2023-1127), [CVE-2023-1175](https://nvd.nist.gov/vuln/detail/CVE-2023-1175), [CVE-2023-1170](https://nvd.nist.gov/vuln/detail/CVE-2023-1170)) - - SDK: dnsmasq ([CVE-2022-0934](https://nvd.nist.gov/vuln/detail/CVE-2022-0934)) - - SDK: pkgconf ([CVE-2023-24056](https://nvd.nist.gov/vuln/detail/CVE-2023-24056)) - - SDK: python ([CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329)) - - #### Bug fixes: - - - Ensured that `/var/log/journal/` is created early enough for systemd-journald to persist the logs on first boot ([bootengine#60](https://github.com/flatcar/bootengine/pull/60), [baselayout#29](https://github.com/flatcar/baselayout/pull/29)) - - Fixed `journalctl --user` permission issue ([Flatcar#989](https://github.com/flatcar/Flatcar/issues/989)) - - Ensured that the folder `/var/log/sssd` is created if it doesn't exist, required for `sssd.service` ([Flatcar#1096](https://github.com/flatcar/Flatcar/issues/1096)) - - Fixed a miscompilation of getfacl causing it to dump core when executed ([scripts#809](https://github.com/flatcar/scripts/pull/809)) - - Restored the reboot warning and delay for non-SSH console sessions ([locksmith#21](https://github.com/flatcar/locksmith/pull/21)) - - Triggered re-reading of partition table to fix adding partitions to the boot disk ([scripts#1202](https://github.com/flatcar/scripts/pull/1202)) - - Worked around a bash regression in `flatcar-install` and added error reporting for disk write failures ([Flatcar#1059](https://github.com/flatcar/Flatcar/issues/1059)) - - #### Changes: - - - Added `pigz` to the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports ([coreos-overlay#2504](https://github.com/flatcar/coreos-overlay/pull/2504)) - - Added a new `flatcar-reset` tool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift ([bootengine#55](https://github.com/flatcar/bootengine/pull/55), [init#91](https://github.com/flatcar/init/pull/91)) - - Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core ([coreos-overlay#2489](https://github.com/flatcar/coreos-overlay/pull/2489)) - - Improved the OS reset tool to offer preview, backup and restore ([init#94](https://github.com/flatcar/init/pull/94)) - - On boot any files in `/etc` that are the same as provided by the booted `/usr/share/flatcar/etc` default for the overlay mount on `/etc` are deleted to ensure that future updates of `/usr/share/flatcar/etc` are propagated - to opt out create `/etc/.no-dup-update` in case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied ([bootengine#54](https://github.com/flatcar/bootengine/pull/54)) - - Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit ([coreos-overlay#2436](https://github.com/flatcar/coreos-overlay/pull/2436)) - - `/etc` is now set up as overlayfs with the original `/etc` folder being the store for changed files/directories and `/usr/share/flatcar/etc` providing the lower default directory tree ([bootengine#53](https://github.com/flatcar/bootengine/pull/53), [scripts#666](https://github.com/flatcar/scripts/pull/666)) - - Changed coreos-cloudinit to now set the short hostname instead of the FQDN when fetched from the metadata service ([coreos-cloudinit#19](https://github.com/flatcar/coreos-cloudinit/pull/19)) - - Use qcow2 compressed format instead of additional compression layer in Qemu images ([Flatcar#1135](https://github.com/flatcar/Flatcar/issues/1135), [scripts#1132](https://github.com/flatcar/scripts/pull/1132)) - - #### Updates: - - - Linux ([5.15.133](https://lwn.net/Articles/945380) (includes [5.15.132](https://lwn.net/Articles/944877), [5.15.131](https://lwn.net/Articles/943755), [5.15.130](https://lwn.net/Articles/943404), [5.15.129](https://lwn.net/Articles/943113), [5.15.128](https://lwn.net/Articles/942866), [5.15.127](https://lwn.net/Articles/941775), [5.15.126](https://lwn.net/Articles/941273), [5.15.125](https://lwn.net/Articles/940798), [5.15.124](https://lwn.net/Articles/940339), [5.15.123](https://lwn.net/Articles/939424), [5.15.122](https://lwn.net/Articles/939104), [5.15.121](https://lwn.net/Articles/939016), [5.15.120](https://lwn.net/Articles/937404), [5.15.119](https://lwn.net/Articles/936675), [5.15.118](https://lwn.net/Articles/935584), [5.15.117](https://lwn.net/Articles/934622), [5.15.116](https://lwn.net/Articles/934320), [5.15.115](https://lwn.net/Articles/933909), [5.15.114](https://lwn.net/Articles/933280), [5.15.113](https://lwn.net/Articles/932883), [5.15.112](https://lwn.net/Articles/932134), [5.15.111](https://lwn.net/Articles/931652), [5.15.110](https://lwn.net/Articles/930600), [5.15.109](https://lwn.net/Articles/930263), [5.15.108](https://lwn.net/Articles/929679), [5.15.107](https://lwn.net/Articles/929015/), [5.15.106](https://lwn.net/Articles/928343), [5.15.105](https://lwn.net/Articles/927860), [5.15.104](https://lwn.net/Articles/926873), [5.15.103](https://lwn.net/Articles/926415), [5.15.102](https://lwn.net/Articles/925991), [5.15.101](https://lwn.net/Articles/925939), [5.15.100](https://lwn.net/Articles/925913), [5.15.99](https://lwn.net/Articles/925844))) - - Linux Firmware ([20230404](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230404) (includes [20230310](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230310), [20230210](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230210))) - - Go ([1.19.9](https://go.dev/doc/devel/release#go1.19.9) (includes [1.19.8](https://go.dev/doc/devel/release#go1.19.8), [1.19.7](https://go.dev/doc/devel/release#go1.19.7), [1.19.6](https://go.dev/doc/devel/release#go1.19.6))) - - bash ([5.2](https://lists.gnu.org/archive/html/bash-announce/2022-09/msg00000.html)) - - bind tools ([9.16.37](https://bind9.readthedocs.io/en/v9_16_37/notes.html#notes-for-bind-9-16-37)) - - bpftool ([6.2.1](https://kernelnewbies.org/LinuxChanges#Linux_6.2.Tracing.2C_perf_and_BPF)) - - btrfs-progs ([6.0.2](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2-2022-11-24), includes [6.0](https://btrfs.readthedocs.io/en/latest/CHANGES.html#btrfs-progs-6-0-2022-10-11)) - - c-ares ([1.19.0](https://c-ares.org/changelog.html#1_19_0)) - - containerd ([1.6.21](https://github.com/containerd/containerd/releases/tag/v1.6.21) (includes [1.6.20](https://github.com/containerd/containerd/releases/tag/v1.6.20), [1.6.19](https://github.com/containerd/containerd/releases/tag/v1.6.19) [1.6.18](https://github.com/containerd/containerd/releases/tag/v1.6.18)) - - curl ([8.0.1](https://curl.se/changes.html#8_0_1) (includes [7.88.1](https://curl.se/changes.html#7_88_1), [7.88.0](https://curl.se/changes.html#7_88_0))) - - diffutils ([3.9](https://savannah.gnu.org/forum/forum.php?forum_id=10282)) - - Docker ([20.10.24](https://docs.docker.com/engine/release-notes/20.10/#201024)) - - e2fsprogs ([1.47.0](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html##1.47.0) (includes [1.46.6](https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6))) - - findutils ([4.9.0](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00003.html)) - - gcc ([12.2.1](https://gcc.gnu.org/gcc-12/changes.html)) - - gdb ([13.1.90](https://lwn.net/Articles/923819/)) - - git ([2.39.2](https://github.com/git/git/blob/v2.39.2/Documentation/RelNotes/2.39.2.txt)) - - GLib ([2.74.6](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.6) (includes [2.74.5](https://gitlab.gnome.org/GNOME/glib/-/tags/2.74.5))) - - GnuTLS ([3.8.0](https://gitlab.com/gnutls/gnutls/-/blob/3.8.0/NEWS)) - - ignition ([2.15.0](https://coreos.github.io/ignition/release-notes/#ignition-2150-2023-02-21)) - - intel-microcode ([20230214](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214)) - - iperf ([3.13](https://github.com/esnet/iperf/blob/3.13/RELNOTES.md)) - - iputils ([20221126](https://github.com/iputils/iputils/releases/tag/20221126)) - - less ([608](http://www.greenwoodsoftware.com/less/news.608.html)) - - libarchive ([3.6.2](https://github.com/libarchive/libarchive/releases/tag/v3.6.2)) - - libpcap ([1.10.3](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.3:/CHANGES) (includes [1.10.2](https://git.tcpdump.org/libpcap/blob/refs/tags/libpcap-1.10.2:/CHANGES))) - - libpcre2 ([10.42](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.42/NEWS)) - - libxml2 ([2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.4)) - - multipath-tools ([0.9.4](https://github.com/opensvc/multipath-tools/commits/0.9.4)) - - OpenSSH ([9.3](http://www.openssh.com/releasenotes.html#9.3) (includes [9.2](http://www.openssh.com/releasenotes.html#9.2))) - - OpenSSL ([3.0.8](https://github.com/openssl/openssl/blob/openssl-3.0.8/NEWS.md#major-changes-between-openssl-307-and-openssl-308-7-feb-2023)) - - pinentry ([1.2.1](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=blob;f=NEWS;h=c080b34e57d01a6ccca9d2996d7096c42b1a3f84;hb=8ab1682e80a2b4185ee9ef66cbb44340245966fc)) - - qemu guest agent ([7.1.0](https://wiki.qemu.org/ChangeLog/7.1#Guest_agent)) - - readline ([8.2](https://lists.gnu.org/archive/html/info-gnu/2022-09/msg00013.html)) - - runc ([1.1.7](https://github.com/opencontainers/runc/releases/tag/v1.1.7) (includes [1.1.6](https://github.com/opencontainers/runc/releases/tag/v1.1.6), [1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5))) - - socat ([1.7.4.4](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.7.4.4:/CHANGES)) - - sqlite ([3.41.2](https://sqlite.org/releaselog/3_41_2.html)) - - strace ([6.1](https://github.com/strace/strace/releases/tag/v6.1)) - - traceroute (2.1.1) - - vim ([9.0.1403](https://github.com/vim/vim/releases/tag/v9.0.1403) (includes [9.0.1363](https://github.com/vim/vim/releases/tag/v9.0.1363))) - - XZ utils ([5.4.2](https://github.com/tukaani-project/xz/releases/tag/v5.4.2)) - - Zstandard ([1.5.4](https://github.com/facebook/zstd/releases/tag/v1.5.4) (includes [1.5.2](https://github.com/facebook/zstd/releases/tag/v1.5.2), [1.5.1](https://github.com/facebook/zstd/releases/tag/v1.5.1) and [1.5.0](https://github.com/facebook/zstd/releases/tag/v1.5.0))) - - SDK: cmake ([3.25.2](https://cmake.org/cmake/help/v3.25/release/3.25.html)) - - SDK: dnsmasq ([2.89](https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q1/016859.html)) - - SDK: pahole ([1.24](https://github.com/acmel/dwarves/releases/tag/v1.24)) - - SDK: portage ([3.0.44](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.44)) - - SDK: python ([3.10.10](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-10-final) (includes [3.10.9](https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-9-final), [3.10](https://www.python.org/downloads/release/python-3100/))) - - SDK: Rust ([1.68.2](https://github.com/rust-lang/rust/releases/tag/1.68.2) (includes [1.68.0](https://github.com/rust-lang/rust/releases/tag/1.68.0), [1.67.1](https://github.com/rust-lang/rust/releases/tag/1.67.1))) - - SDK: nano ([7.2](https://git.savannah.gnu.org/cgit/nano.git/tree/NEWS?h=v7.2)) - - VMware: open-vm-tools ([12.2.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.0)) - - -### cert-exporter [2.7.0](https://github.com/giantswarm/cert-exporter/releases/tag/v2.7.0) - -#### Changed -- Add Service Monitor. - - - -### chart-operator [3.0.0](https://github.com/giantswarm/chart-operator/releases/tag/v3.0.0) - -#### Removed -- Removed `giantswarm.io/monitoring: "true"` label from the `Service` resource. To get metrics `chart-operator` should - be from now on used in conjunction with `chart-operator-extensions` version `v1.1.1` or later to deploy - `ServiceMonitor` resource for it. It was split up as `chart-operator` is one of the first component to get into - a cluster that will deploy most other things, for example Prometheus that will eventually actually deploy the - CRD for `ServiceMonitor`. - - - -### cilium [0.13.0](https://github.com/giantswarm/cilium-app/releases/tag/v0.13.0) - -#### Added -- Support removal of previously-deployed default policies by setting `defaultPolicies.enabled=false` and `defaultPolicies.remove=false` - - - -### external-dns [2.42.0](https://github.com/giantswarm/external-dns-app/releases/tag/v2.42.0) - -#### Changed -- Make CRD install job compliant with PSS ([#309](https://github.com/giantswarm/external-dns-app/pull/309)). - - - - - -### coredns [1.19.0](https://github.com/giantswarm/coredns-app/releases/tag/v1.19.0) - -#### Changed -- Make App compliant with PSS policies ([#234](https://github.com/giantswarm/coredns-app/pull/234)): - - Set seccompProfile to `RuntimeDefault`. - - Fix capabilities typo. - - Remove `NET_BIND_SERVICE` capabilities. - - Set `runAsNonRoot` as true. - - - -### metrics-server [2.4.1](https://github.com/giantswarm/metrics-server-app/releases/tag/v2.4.1) - -#### Added -- Add possibility to configure `hostNetwork`. -#### Changed -- Upgrade metrics-server to v0.6.4. - - - -### net-exporter [1.18.0](https://github.com/giantswarm/net-exporter/releases/tag/v1.18.0) - -#### Changed -- Enable PSP resource deployment based on global value. - - - -### observability-bundle [0.8.7](https://github.com/giantswarm/observability-bundle/releases/tag/v0.8.7) - -#### Changed -- Upgrade `prometheus-agent` to 0.6.4. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.3.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.3.0.md deleted file mode 100644 index f9ecc2fb9a..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.3.0.md +++ /dev/null @@ -1,222 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v19.3.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v19.3.0 - version: 19.3.0 - version_tag: v19.3.0 -date: '2023-11-27T07:37:49' -description: Release notes for AWS workload cluster release v19.3.0, published on - 27 November 2023, 07:37. -title: Workload cluster release v19.3.0 for AWS ---- - -This release marks the final step for migration away from Pod Security Policies (PSP) in favor of Pod Security Standards (PSS). The `security-bundle` that was added as a default application in the `19.1.0` release with `kyverno` in PSS `audit` mode will now switch to `enforce` mode, meaning PSS policies will be actively enforced and any configured PolicyExceptions will be evaluated and applied. - -The `PodSecurityPolicy` type still exists in this release. However, PSPs have been removed from all Giant Swarm applications deployed with this release in preparation for the upcoming upgrade to the Kubernetes v1.25, where PSPs will no longer exist. Security policy for Giant Swarm applications is now enforced by PSS in order to ensure the security of these applications. - -Our docs offer additional information about [Pod Security Standards](https://docs.giantswarm.io/advanced/security-policy-enforcement/) as well as a [PSS migration guide](https://docs.giantswarm.io/advanced/security/security-policy-enforcement/cluster-admin-guide/) for cluster administrators. - -> **WARNING:** Before upgrading to this release, it is required to upgrade ALL Managed Applications provided by Giant Swarm to the latest version supporting PSS. Please reach out to your Account Engineer to validate the versions of applications that are required. - -> **WARNING:** After upgrading to `19.3.0`, it is highly advised to begin removal of all PSPs from the cluster. Kubernetes `v1.25` removes the Pod Security Policy resource from the API, meaning workloads (like Helm charts) which still contain PSPs will fail to install after the upcoming Giant Swarm `v20` release. - -## Change details - - -### aws-operator [14.24.1](https://github.com/giantswarm/aws-operator/releases/tag/v14.24.1) - -#### Added -- Add `global.podSecurityStandards.enforced` value for PSS migration. -- Emit event when an unhealthy node is terminated. -- Bump `badnodedetector` to be able to use `node-problem-detector` app for unhealthy node termination. -- Add a additional IAM permission for `cluster-autoscaler`. -#### Changed -- Bump k8scc to disable PSPs in preparation for switch to PSS. -- Disable cluster autoscaler during rollouts of node pool ASGs. -- Bump etcd-cluster-migrator to v1.2.0 to disable PSPs in preparation for switch to PSS - - - -### cluster-operator [5.10.0](https://github.com/giantswarm/cluster-operator/releases/tag/v5.10.0) - -#### Changed -- Automatically set `global.podSecurityStandards.enforced` to `true` for clusters >= 19.3.0. - - - -### containerlinux [3602.2.2](https://www.flatcar-linux.org/releases/#release-3602.2.2) - -:warning: From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information. - - - _Changes since **Stable 3602.2.1**_ - - #### Security fixes: - - - Linux ([CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-5178](https://nvd.nist.gov/vuln/detail/CVE-2023-5178), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717)) - - - #### Changes: - - - Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes - - OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the `.gz` or `.bz2` images) - - linux kernel: added zstd support for squashfs kernel module ([scripts#1297](https://github.com/flatcar/scripts/pull/1297)) - - #### Updates: - - - Linux ([5.15.138](https://lwn.net/Articles/950714) (includes [5.15.137](https://lwn.net/Articles/948818))) - - -### etcd [3.5.10](https://github.com/etcd-io/etcd/releases/tag/v3.5.10) - -#### etcd server -- Fix [`--socket-reuse-port` and `--socket-reuse-address` not able to be set in configuration file](https://github.com/etcd-io/etcd/pull/16435). -- Fix [corruption check may get a `ErrCompacted` error when server has just been compacted](https://github.com/etcd-io/etcd/pull/16048) -- Improve [Lease put performance for the case that auth is disabled or the user is admin](https://github.com/etcd-io/etcd/pull/16019) -- Improve [Skip getting authInfo from incoming context when auth is disabled](https://github.com/etcd-io/etcd/pull/16241) -- Fix [Hash and HashKV have duplicated RESTful API](https://github.com/etcd-io/etcd/pull/16490) -#### etcdutl v3 -- Add [optional --bump-revision and --mark-compacted flag to etcdutl snapshot restore operation](https://github.com/etcd-io/etcd/pull/16165). -#### etcdctl v3 -- Add [optional --bump-revision and --mark-compacted flag to etcdctl snapshot restore operation](https://github.com/etcd-io/etcd/pull/16165). -#### etcd grpc-proxy -- Fix [Memberlist results not updated when proxy node down](https://github.com/etcd-io/etcd/pull/15907). -#### Package `clientv3` -- Fix [Multiple endpoints with same prefix got mixed up](https://github.com/etcd-io/etcd/pull/15939) -- Fix [Unexpected blocking when barrier waits on a nonexistent key](https://github.com/etcd-io/etcd/pull/16188) -- Fix [Reset auth token when failing to authenticate due to auth being disabled](https://github.com/etcd-io/etcd/pull/16241) -- Fix [panic in etcd validate secure endpoints](https://github.com/etcd-io/etcd/pull/16565) -#### Dependencies -- Compile binaries using [go 1.20.10](https://github.com/etcd-io/etcd/pull/16745). -- Upgrade gRPC to 1.58.3 in https://github.com/etcd-io/etcd/pull/16625, https://github.com/etcd-io/etcd/pull/16781 and https://github.com/etcd-io/etcd/pull/16790. Note that gRPC server will reject requests with connection header (refer to https://github.com/grpc/grpc-go/pull/4803). -- Upgrade [bbolt to v1.3.8](https://github.com/etcd-io/etcd/pull/16833) - - - -### app-operator [6.10.1](https://github.com/giantswarm/app-operator/releases/tag/v6.10.1) - -#### Fixed -- Add policy exception so that controller can be deployed in bootstrap mode (uses host network) - - - -### chart-operator [3.1.0](https://github.com/giantswarm/chart-operator/releases/tag/v3.1.0) - -#### Changed -- Force-disable PSP-related resources when `global.podSecurityStandards.enforced` value is true. - - - -### coredns [1.19.1](https://github.com/giantswarm/coredns-app/releases/tag/v1.19.1) - -#### Changed -- Build App with ABS. -- Add basic tests with ATS. -- ATS: Rework tests. ([#248](https://github.com/giantswarm/coredns-app/pull/248)) -- Chart: Fix usage of `name` & `namespace`. ([#249](https://github.com/giantswarm/coredns-app/pull/249)) - - - -### node-exporter [1.18.1](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.18.1) - -#### Changed -- Make PolicyException namespace configurable. - - - -### cert-exporter [2.8.4](https://github.com/giantswarm/cert-exporter/releases/tag/v2.8.4) - -#### Fixed -- Fix daemonset and deployment Kyverno PolicyException. - - - -### k8s-dns-node-cache-app [2.5.0](https://github.com/giantswarm/k8s-dns-node-cache-app/releases/tag/v2.5.0) - -#### Changed -- Install PSP resource based on values for PSP deprecation. -- Add PolicyExceptions for PSS compliance. -- Replace build pipeline with ABS. -- Replace testing pipeline with ATS basic test. - - - -### security-bundle [1.4.0](https://github.com/giantswarm/security-bundle/releases/tag/v1.4.0) - -#### Changed -- Revert namespace change of `exception-recommender` and `kyverno-policy-operator`. -- Update to `kyverno` (app) version 0.16.2. -- Update to `kyverno-policy-operator` (app) v0.0.5. -- Update to `exception-recommender` (app) v0.0.3. -- Update to `falco` (app) to v0.7.0. - - - -### cilium [0.17.0](https://github.com/giantswarm/cilium-app/releases/tag/v0.17.0) - -#### Changed -- Generate cilium chart using our fork and `vendir`. - - - -### cluster-autoscaler [1.24.3-gs3](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.24.3-gs3) - -#### Added - -- Kyverno policy exceptions for cluster-autoscaler. - - -### vertical-pod-autoscaler [4.6.0](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v4.6.0) - -#### Changed -- Revert docker image to `0.14.0` - - - -### prometheus-blackbox-exporter [0.4.0](https://github.com/giantswarm/prometheus-blackbox-exporter/releases/tag/v0.4.0) - -#### Added -- Add `global.podSecurityStandards.enforced` value for PSS migration. - - - -### aws-cloud-controller-manager [1.24.1-gs10](https://github.com/giantswarm/aws-cloud-controller-manager-app/releases/tag/v1.24.1-gs10) - -#### Fixed -- Add required values for pss policies. -#### Added -- Add toggle mechanism for `PSPs`. - - - -### aws-ebs-csi-driver [2.28.0](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.28.0) - -#### Added -- Add a job that removes a gp2 storage class for EKS. - - - -### cert-manager [2.25.2](https://github.com/giantswarm/cert-manager-app/releases/tag/v2.25.2) - -### Added -- Added support for PSS resolving issue on upgrade to newer v3+ releases - -### Changed -- Changed conditional for PSPs to `{{- if not .global.podSecurityStandards.enforced }}` - -### observability-bundle [0.10.1](https://github.com/giantswarm/observability-bundle/releases/tag/v0.10.1) - -#### Fixed -- Extend `prometheus-operator-app` timeout to avoid race condition with VPA causing the app to be stuck in `pending-install` state. - - - -### k8s-audit-metrics [0.8.0](https://github.com/giantswarm/k8s-audit-metrics/releases/tag/v0.8.0) - -#### Changed -- Replace condition for PSP CR installation. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.3.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.3.2.md deleted file mode 100644 index 89090d847d..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.3.2.md +++ /dev/null @@ -1,151 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v19.3.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v19.3.2 - version: 19.3.2 - version_tag: v19.3.2 -date: '2024-02-26T07:33:27' -description: Release notes for AWS workload cluster release v19.3.2, published on - 26 February 2024, 07:33. -title: Workload cluster release v19.3.2 for AWS ---- - -This patch release includes the latest stable Flatcar release containing important CVE patches, most notably the Leaky Vessels [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) affecting `containerd`. It also includes an update to the `security-bundle` intended to improve upgrade stability. - -**Note:** This release does _not_ include patches for the other 3 Leaky Vessels BuildKit CVEs affecting `docker`. Normal cluster operations (e.g. pulling images) do not use `docker`, but if you run untrusted workloads which mount or use `docker` directly, please get in touch to discuss other mitigation options. - -## Change details - - -### containerlinux [3815.2.0](https://www.flatcar-linux.org/releases/#release-3815.2.0) - - _Changes since **Stable 3760.2.0**_ - - #### Security fixes: - - - Linux ([CVE-2023-46838](https://nvd.nist.gov/vuln/detail/CVE-2023-46838), [CVE-2023-50431](https://nvd.nist.gov/vuln/detail/CVE-2023-50431), [CVE-2023-6610](https://nvd.nist.gov/vuln/detail/CVE-2023-6610), [CVE-2023-6915](https://nvd.nist.gov/vuln/detail/CVE-2023-6915), [CVE-2024-1085](https://nvd.nist.gov/vuln/detail/CVE-2024-1085), [CVE-2024-1086](https://nvd.nist.gov/vuln/detail/CVE-2024-1086), [CVE-2024-23849](https://nvd.nist.gov/vuln/detail/CVE-2024-23849)) - - Go ([CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326), [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285)) - - VMWare: open-vm-tools ([CVE-2023-34058](https://nvd.nist.gov/vuln/detail/CVE-2023-34058), [CVE-2023-34059](https://nvd.nist.gov/vuln/detail/CVE-2023-34059)) - - docker ([CVE-2024-24557](https://nvd.nist.gov/vuln/detail/CVE-2024-24557)) - - nghttp2 ([CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)) - - runc ([CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)) - - samba ([CVE-2023-4091](https://nvd.nist.gov/vuln/detail/CVE-2023-4091)) - - zlib ([CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853)) - - #### Bug fixes: - - - Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release ([Flatcar#1332](https://github.com/flatcar/Flatcar/issues/1332), [update_engine#38](https://github.com/flatcar/update_engine/pull/38)) - - Forwarded the proxy environment variables of `update-engine.service` to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy ([Flatcar#1326](https://github.com/flatcar/Flatcar/issues/1326)) - - Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma ([scripts#1280](https://github.com/flatcar/scripts/pull/1280)) - - #### Changes: - - - **torcx was replaced by systemd-sysext in the OS image**. Learn more about sysext and how to customise OS images [here](https://www.flatcar.org/docs/latest/provisioning/sysext/). - (which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates). - - Torcx entered deprecation 2 years ago in favour of [deploying plain Docker binaries](https://www.flatcar.org/docs/latest/container-runtimes/use-a-custom-docker-or-containerd-version/) - - Torcx has been removed entirely; if you use torcx to extend the Flatcar base OS image, please refer to our [conversion script](https://www.flatcar.org/docs/latest/provisioning/sysext/#torcx-deprecation) and to the sysext documentation mentioned above for migrating. - - Consequently, `update_engine` will not perform torcx sanity checks post-update anymore. - - Relevant changes: [scripts#1216](https://github.com/flatcar/scripts/pull/1216), [update_engine#30](https://github.com/flatcar/update_engine/pull/30), [Mantle#466](https://github.com/flatcar/mantle/pull/466), [Mantle#465](https://github.com/flatcar/mantle/pull/465). - - **NOTE:** The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the `overlay2` driver - ([changelog](https://docs.docker.com/engine/release-notes/23.0/#bug-fixes-and-enhancements-6), [upstream pr](https://github.com/moby/moby/pull/42661)). - - **NOTE:** If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the `btrfs` storage driver for backwards-compatibility with your deployment. - - **Docker will remove the `btrfs` driver entirely in a future version. Please consider migrating your deployments to the `overlay2` driver.** - Using the btrfs driver can still be enforced by creating a respective [docker config](https://docs.docker.com/storage/storagedriver/btrfs-driver/#configure-docker-to-use-the-btrfs-storage-driver) at `/etc/docker/daemon.json`. - - cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see "updates"). - - GCP OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr` and being part of the OEM A/B updates ([flatcar#1146](https://github.com/flatcar/Flatcar/issues/1146)) - - Added a `flatcar-update --oem-payloads ` flag to skip providing OEM payloads, e.g., for downgrades ([init#114](https://github.com/flatcar/init/pull/114)) - - #### Updates: -- Linux ([6.1.77](https://lwn.net/Articles/961012) (includes [6.1.76](https://lwn.net/Articles/960442), [6.1.75](https://lwn.net/Articles/959513), [6.1.74](https://lwn.net/Articles/958863))) -- Linux Firmware ([20231111](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231111) (includes [20231030](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231030))) -- Go ([1.20.12](https://go.dev/doc/devel/release#go1.20.12)) -- Azure: WALinuxAgent ([v2.9.1.1](https://github.com/Azure/WALinuxAgent/releases/tag/v2.9.1.1)) -- DEV: Azure ([3.11.6](https://docs.python.org/release/3.11.6/whatsnew/changelog.html#python-3-11-6)) -- DEV: iperf ([3.15](https://github.com/esnet/iperf/releases/tag/3.15)) -- DEV: smartmontools ([7.4](https://www.smartmontools.org/browser/tags/RELEASE_7_4/smartmontools/NEWS)) -- SDK: Rust ([1.73.0](https://github.com/rust-lang/rust/releases/tag/1.73.0)) -- SDK: Python ([3.11.0](https://github.com/platformdirs/platformdirs/releases/tag/3.11.0) (includes [23.2](https://github.com/pypa/packaging/releases/tag/23.2))) -- VMWare: open-vm-tools ([12.3.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5)) -- acpid ([2.0.34](https://sourceforge.net/p/acpid2/code/ci/2.0.34/tree/Changelog)) -- ca-certificates ([3.97](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_97.html)) -- containerd ([1.7.9](https://github.com/containerd/containerd/releases/tag/v1.7.9) (includes [1.7.8](https://github.com/containerd/containerd/releases/tag/v1.7.8), [1.7.13](https://github.com/containerd/containerd/releases/tag/v1.7.13), [1.7.10](https://github.com/containerd/containerd/releases/tag/v1.7.10))) -- cri-tools ([1.27.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.27.0)) -- ding-libs ([0.6.2](https://github.com/SSSD/ding-libs/releases/tag/0.6.2)) -- docker ([24.0.9](https://github.com/moby/moby/releases/tag/v24.0.9) (includes [24.0.6](https://docs.docker.com/engine/release-notes/24.0/), [23.0](https://docs.docker.com/engine/release-notes/23.0/))) -- efibootmgr ([18](https://github.com/rhboot/efibootmgr/releases/tag/18)) -- efivar ([38](https://github.com/rhboot/efivar/releases/tag/38)) -- ethtool ([6.5](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.5)) -- hwdata ([v0.375](https://github.com/vcrhonek/hwdata/releases/tag/v0.375) (includes [0.374](https://github.com/vcrhonek/hwdata/commits/v0.374))) -- iproute2 ([6.5.0](https://marc.info/?l=linux-netdev&m=169401822317373&w=2)) -- ipvsadm ([1.31](https://git.kernel.org/pub/scm/utils/kernel/ipvsadm/ipvsadm.git/tag/?h=v1.31) (includes [1.30](https://git.kernel.org/pub/scm/utils/kernel/ipvsadm/ipvsadm.git/tag/?h=v1.30), [1.29](https://git.kernel.org/pub/scm/utils/kernel/ipvsadm/ipvsadm.git/tag/?h=v1.29), [1.28](https://git.kernel.org/pub/scm/utils/kernel/ipvsadm/ipvsadm.git/tag/?h=v1.28))) -- json-c ([0.17](https://github.com/json-c/json-c/blob/json-c-0.17-20230812/ChangeLog)) -- libffi ([3.4.4](https://github.com/libffi/libffi/releases/tag/v3.4.4) (includes [3.4.3](https://github.com/libffi/libffi/releases/tag/v3.4.3), [3.4.2](https://github.com/libffi/libffi/releases/tag/v3.4.2))) -- liblinear ([246](https://github.com/cjlin1/liblinear/releases/tag/v246)) -- libmnl ([1.0.5](https://git.netfilter.org/libmnl/log/?h=libmnl-1.0.5)) -- libnetfilter_conntrack ([1.0.9](https://git.netfilter.org/libnetfilter_conntrack/log/?h=libnetfilter_conntrack-1.0.9)) -- libnetfilter_cthelper ([1.0.1](https://git.netfilter.org/libnetfilter_cthelper/log/?id=8cee0347cc6969c39bb64000dfaa676a8f9e30f0)) -- libnetfilter_cttimeout ([1.0.1](https://git.netfilter.org/libnetfilter_cttimeout/log/?id=068d36d6291f53a0a609ab1f695aa06e94ce3d30)) -- libnfnetlink ([1.0.2](https://git.netfilter.org/libnfnetlink/log/?h=libnfnetlink-1.0.2)) -- libsodium ([1.0.19](https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE)) -- libunistring ([1.1](https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=8006860b710aae2e8442088c3ddc7d819dfa8ac7)) -- libunwind ([1.7.2](https://github.com/libunwind/libunwind/releases/tag/v1.7.2) (includes [1.7.0](https://github.com/libunwind/libunwind/releases/tag/v1.7.0))) -- liburing ([2.3](https://github.com/axboe/liburing/blob/liburing-2.3/CHANGELOG)) -- mpc ([1.3.1](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00049.html) (includes [1.3.0](https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00028.html))) -- mpfr ([4.2.1](https://gitlab.inria.fr/mpfr/mpfr/-/blob/4.2.1/NEWS)) -- nghttp2 ([1.57.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0) (includes [1.56.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.56.0), [1.55.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.1), [1.55.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.55.0), [1.54.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.54.0), [1.53.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.53.0), [1.52.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0))) -- nspr ([4.35](https://hg.mozilla.org/projects/nspr/log/b563bfc16c887c48b038b7b441fcc4e40a126d3b)) -- ntp ([4.2.8p17](https://www.ntp.org/support/securitynotice/4_2_8p17-release-announcement/)) -- nvme-cli ([v2.6](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.6) (includes [v1.6](https://github.com/linux-nvme/libnvme/releases/tag/v1.6))) -- protobuf ([21.12](https://github.com/protocolbuffers/protobuf/releases/tag/v21.12) (includes [21.11](https://github.com/protocolbuffers/protobuf/releases/tag/v21.11), [21.10](https://github.com/protocolbuffers/protobuf/releases/tag/v21.10))) -- runc ([1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12)) -- samba ([4.18.8](https://www.samba.org/samba/history/samba-4.18.8.html)) -- sqlite ([3.43.2](https://www.sqlite.org/releaselog/3_43_2.html)) -- squashfs-tools ([4.6.1](https://github.com/plougher/squashfs-tools/releases/tag/4.6.1) (includes [4.6](https://github.com/plougher/squashfs-tools/releases/tag/4.6))) -- thin-provisioning-tools ([1.0.6](https://github.com/jthornber/thin-provisioning-tools/blob/v1.0.6/CHANGES)) - - _Changes since **Beta 3815.1.0**_ - - #### Security fixes: - - - Linux ([CVE-2023-46838](https://nvd.nist.gov/vuln/detail/CVE-2023-46838), [CVE-2023-50431](https://nvd.nist.gov/vuln/detail/CVE-2023-50431), [CVE-2023-6610](https://nvd.nist.gov/vuln/detail/CVE-2023-6610), [CVE-2023-6915](https://nvd.nist.gov/vuln/detail/CVE-2023-6915), [CVE-2024-1085](https://nvd.nist.gov/vuln/detail/CVE-2024-1085), [CVE-2024-1086](https://nvd.nist.gov/vuln/detail/CVE-2024-1086), [CVE-2024-23849](https://nvd.nist.gov/vuln/detail/CVE-2024-23849)) - - docker ([CVE-2024-24557](https://nvd.nist.gov/vuln/detail/CVE-2024-24557)) - - runc ([CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)) - - #### Bug fixes: - - - Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release ([Flatcar#1332](https://github.com/flatcar/Flatcar/issues/1332), [update_engine#38](https://github.com/flatcar/update_engine/pull/38)) - - Forwarded the proxy environment variables of `update-engine.service` to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy ([Flatcar#1326](https://github.com/flatcar/Flatcar/issues/1326)) - - #### Changes: - - - Added a `flatcar-update --oem-payloads ` flag to skip providing OEM payloads, e.g., for downgrades ([init#114](https://github.com/flatcar/init/pull/114)) - - #### Updates: - - - Linux ([6.1.77](https://lwn.net/Articles/961012) (includes [6.1.76](https://lwn.net/Articles/960442), [6.1.75](https://lwn.net/Articles/959513), [6.1.74](https://lwn.net/Articles/958863))) - - ca-certificates ([3.97](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_97.html)) - - containerd ([1.7.13](https://github.com/containerd/containerd/releases/tag/v1.7.13)) - - docker ([24.0.9](https://github.com/moby/moby/releases/tag/v24.0.9)) - - runc ([1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12)) - -### security-bundle [v1.6.2](https://github.com/giantswarm/security-bundle/blob/main/CHANGELOG.md#162---2024-02-22) - -_Changes since v1.4.2_ - -#### Added - -- A new Helm value `global.namespace` was added to allow setting the namespace for all security-bundle apps (except Kyverno). - -#### Changed - -- Kyverno (app) was updated to [v0.17.6](https://github.com/giantswarm/kyverno-app/blob/main/CHANGELOG.md#0176---2024-02-22), which includes several Cilium-related improvements, enables API priority and fairness features to improve API stability in large clusters, and upgrades Kyverno to v1.11.4, containing several bug fixes for generate rules. -- exception-recommender was updated to [v0.1.1](https://github.com/giantswarm/exception-recommender/blob/main/CHANGELOG.md#011---2024-02-07), supporting the new Kyverno (v1.11+) report structure. -- Trivy Operator (app) was updated to [v0.7.2](https://github.com/giantswarm/trivy-operator-app/blob/main/CHANGELOG.md#072---2024-01-31), upgrading to v0.18.3, and including improvements to Cilium network policies and benchmark scanning behavior. -- Falco (app) was updated to [v0.8.0](https://github.com/giantswarm/falco-app/blob/main/CHANGELOG.md#080---2024-01-25), including improvements for Cilium network policies. -- kyverno-policy-operator was updated to [v0.0.7](https://github.com/giantswarm/falco-app/blob/main/CHANGELOG.md#080---2024-01-25), updating the generated Kyverno PolicyException resources to `policyexceptions.kyverno.io/v2beta1`. -- starboard-exporter was updated to [v0.7.8](https://github.com/giantswarm/starboard-exporter/blob/main/CHANGELOG.md#078---2024-01-16), adding KEDA scaling support. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.3.3.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.3.3.md deleted file mode 100644 index ffe7704dc0..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v19.3.3.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v19.3.3/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v19.3.3 - version: 19.3.3 - version_tag: v19.3.3 -date: '2024-04-16T07:18:41' -description: Release notes for AWS workload cluster release v19.3.3, published on - 16 April 2024, 07:18. -title: Workload cluster release v19.3.3 for AWS ---- - -This is a patch release that fixes an issue with clusters running in IMDSv2 mode only. If you are not using IMDSv2 only mode, you can skip this release. - -As a reminder, enabling `IMDS v2` only support for the EC2 instances can be set via an annotation `alpha.aws.giantswarm.io/metadata-v2: required` on `AWSMachineDeployment` (for nodepools) and to `AWSControlPlane` (for control-plane nodes). The setting can be either configured before the upgrade or can be triggered to be effective with nodes rollout. - -## Change details - - -### aws-operator [15.1.0](https://github.com/giantswarm/aws-operator/releases/tag/v15.1.0) - -#### Fixed -- [Backport] Bump k8scc to 16.8.1 fix issues with IMDS v2. - - - -### containerlinux [3815.2.1](https://www.flatcar-linux.org/releases/#release-3815.2.1) - -_Changes since **Stable 3815.2.0**_ - - #### Security fixes: - - - Linux ([CVE-2023-52429](https://nvd.nist.gov/vuln/detail/CVE-2023-52429), [CVE-2023-52434](https://nvd.nist.gov/vuln/detail/CVE-2023-52434), [CVE-2023-52435](https://nvd.nist.gov/vuln/detail/CVE-2023-52435), [CVE-2024-0340](https://nvd.nist.gov/vuln/detail/CVE-2024-0340), [CVE-2024-1151](https://nvd.nist.gov/vuln/detail/CVE-2024-1151), [CVE-2024-23850](https://nvd.nist.gov/vuln/detail/CVE-2024-23850), [CVE-2024-23851](https://nvd.nist.gov/vuln/detail/CVE-2024-23851), [CVE-2024-26582](https://nvd.nist.gov/vuln/detail/CVE-2024-26582), [CVE-2024-26583](https://nvd.nist.gov/vuln/detail/CVE-2024-26583), [CVE-2024-26586](https://nvd.nist.gov/vuln/detail/CVE-2024-26586), [CVE-2024-26593](https://nvd.nist.gov/vuln/detail/CVE-2024-26593)) - - #### Bug fixes: - - - Fixed that systemd-sysext images can extend directories where Flatcar extensions are also shipping files, e.g., that the sysext-bakery Kubernetes extension works when OEM extensions are present ([sysext-bakery#50](https://github.com/flatcar/sysext-bakery/issues/50)) - - Fixed the handling of OEM update payloads in a Nebraska response with self-hosted packages in an airgapped environment ([update_engine#39](https://github.com/flatcar/update_engine/pull/39)) - - Restored support for custom OEMs supplied in the PXE boot where `/usr/share/oem` brings the OEM partition contents ([Flatcar#1376](https://github.com/flatcar/Flatcar/issues/1376)) - - #### Changes: - - - #### Updates: - - - Linux ([6.1.81](https://lwn.net/Articles/964562) (includes [6.1.80](https://lwn.net/Articles/964174), [6.1.79](https://lwn.net/Articles/963358), [6.1.78](https://lwn.net/Articles/962559))) - - ca-certificates ([3.98](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_98.html)) - - keyutils ([1.6.3](https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/commit/?id=cb3bb194cca88211cbfcdde2f10c0f43c3fb8ec3) (includes [1.6.2](https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/commit/?id=454f80f537e5d1aad506599b6776e4cc1cf5f0f2))) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v20.0.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v20.0.0.md deleted file mode 100644 index 1624160758..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v20.0.0.md +++ /dev/null @@ -1,483 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v20.0.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v20.0.0 - version: 20.0.0 - version_tag: v20.0.0 -date: '2024-03-11T07:39:11' -description: Release notes for AWS workload cluster release v20.0.0, published on - 11 March 2024, 07:39. -title: Workload cluster release v20.0.0 for AWS ---- - -The new major version is the first release supporting Kubernetes 1.25. - -Please remember that the Pod Security Policies (PSP) are no longer supported in this version and they have to be removed *BEFORE* the upgrade. From now on the Pod Security Standards (PSS) are the default for securing the clusters. Our docs offer additional information about [Pod Security Standards](https://docs.giantswarm.io/advanced/security-policy-enforcement/) as well as a [PSS migration guide](https://docs.giantswarm.io/advanced/security/security-policy-enforcement/cluster-admin-guide/) for cluster administrators. - -This release will also be used as a base for the migration from `Giant Swarm Vintage` to `Cluster API for AWS` (CAPA). The migration will be scheduled as any other upgrade. We will be reaching out separately to each customer to present the plan as well as the CAPA benefits. - -> **WARNING:** After upgrading to `19.3.0`, it is highly advised to begin removal of all customer-managed PSPs from the cluster. Kubernetes `v1.25` removes the Pod Security Policy resource from the API, meaning workloads (like Helm charts) which still contain PSPs will fail to install after the Giant Swarm `v20` upgrade. - -> **WARNING:** `observability-bundle` will be upgraded to `v1.3.0`, which contains breaking changes to the configuration for the bundled apps. Please check our [upgrade guide](https://github.com/giantswarm/observability-bundle/blob/main/docs/upgrade.md) or reach out to your Account Engineer for more details. - -## Change details - - -### app-operator [6.10.3](https://github.com/giantswarm/app-operator/releases/tag/v6.10.3) - -#### Fixed -- Move pss values under the global property - - - -### aws-operator [16..0](https://github.com/giantswarm/aws-operator/releases/tag/v16.1.0) - -#### Changed -- Bump k8scc to v18 to enable k8s 1.25 support. -- Bump k8scc to avoid running etcd defrag on all masters at the same time. - -### Fixed - -- Handle karpenter nodes in node-termination-handler. - -### etcd [3.5.12](https://github.com/etcd-io/etcd/releases/tag/v3.5.12) - -#### etcd server -- Add [livez/readyz HTTP endpoints](https://github.com/etcd-io/etcd/pull/17039) -- Fix [not validating database consistent index, and panicking on nil backend](https://github.com/etcd-io/etcd/pull/17151) -- Document [`experimental-enable-lease-checkpoint-persist` flag in etcd help](https://github.com/etcd-io/etcd/pull/17190) -- Fix [needlessly flocking snapshot files when deleting](https://github.com/etcd-io/etcd/pull/17206) -- Add [digest for etcd base image](https://github.com/etcd-io/etcd/pull/17205) -- Fix [delete inconsistencies in read buffer](https://github.com/etcd-io/etcd/pull/17230) -#### Dependencies -- Compile binaries using [go 1.20.13](https://github.com/etcd-io/etcd/pull/17275) -- Upgrade [golang.org/x/crypto to v0.17+ to address CVE-2023-48795](https://github.com/etcd-io/etcd/pull/17346) - - - -### chart-operator-extensions [1.1.2](https://github.com/giantswarm/chart-operator-extensions/releases/tag/v1.1.2) - -#### Fixed -- Move pss values under the global property - - - -### node-exporter [1.19.0](https://github.com/giantswarm/node-exporter-app/releases/tag/v1.19.0) - -#### Added -- Add VPA configuration to `node-exporter` app. - - - -### k8s-dns-node-cache-app [2.6.1](https://github.com/giantswarm/k8s-dns-node-cache-app/releases/tag/v2.6.1) - -#### Changed -- Configure `gsoci.azurecr.io` as the default container image registry. -- Revert force_tcp option from external DNS zone (#67). - - - -### aws-ebs-csi-driver [2.30.1](https://github.com/giantswarm/aws-ebs-csi-driver-app/releases/tag/v2.30.1) - -#### Changed -- Configure `gsoci.azurecr.io` as the default container image registry. - -### Fixed - -- Disable PSPs for CRD job when `podSecurityStandards` are enforced. - -### Removed - -- Remove unused service for controller. -- Add `Port` definition for metrics port in controller. -- Remove legacy monitoring labels. - -### cluster-autoscaler [1.25.1-gs2](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.25.1-gs2) - -#### Fixed -- Adjusted minimum allowed CPU and memory - - - -### prometheus-blackbox-exporter [0.4.1](https://github.com/giantswarm/prometheus-blackbox-exporter/releases/tag/v0.4.1) - -#### Changed -- Configure `gsoci.azurecr.io` as the default container image registry. - - - -### security-bundle [1.6.2](https://github.com/giantswarm/security-bundle/releases/tag/v1.6.2) - -#### Changed -- Update to exception-recommender (app) to v0.1.1. -- Update to falco (app) to v0.8.0. -- Update to kyverno-policy-operator (app) version v0.0.7. -- Update to kyverno (app) version v0.17.6. -- Update to starboard-exporter (app) version v0.7.8. -- Update to trivy-operator (app) to v0.7.2. -- Update to trivy (app) to v0.10.0. -- Update to kyverno (app) to v0.17.5. - - -### aws-cloud-controller-manager [1.25.14-gs2](https://github.com/giantswarm/aws-cloud-controller-manager-app/releases/tag/v1.25.14-gs2) - -#### Changed -- Configure `gsoci.azurecr.io` as the default container image registry. - - - -### chart-operator [3.1.3](https://github.com/giantswarm/chart-operator/releases/tag/v3.1.3) - -#### Fixed -- Move pss values under the global property -#### Changed -- Use base images from `gsoci.azurecr.io` - - - -### cilium [0.19.2](https://github.com/giantswarm/cilium-app/releases/tag/v0.19.2) - -#### Fixed -- Replace `ToServices`/`ToPorts` combination in CiliumNetworkPolicy because of breakage in Cilium v1.14 - -#### Changed -- Upgrade cilium to 1.14.5. - - -### metrics-server [2.4.2](https://github.com/giantswarm/metrics-server-app/releases/tag/v2.4.2) - -#### Changed -- Configure `gsoci.azurecr.io` as the default container image registry. - - - -### vertical-pod-autoscaler-crd [3.0.0](https://github.com/giantswarm/vertical-pod-autoscaler-crd/releases/tag/v3.0.0) - -#### Changed -- Synced VPA CRD for v1.0.0 - - - -### etcd-kubernetes-resources-count-exporter [1.9.0](https://github.com/giantswarm/etcd-kubernetes-resources-count-exporter/releases/tag/v1.9.0) - -#### Changed -- Configure `gsoci.azurecr.io` as the default container image registry. - - - -### observability-bundle [1.3.2](https://github.com/giantswarm/observability-bundle/releases/tag/v1.3.2) - -#### Changed -- *Breaking change*: Simplify configuration for the bundled apps. See our [upgrade guide](https://github.com/giantswarm/observability-bundle/blob/main/docs/upgrade.md) - - Move all user configs from under `apps..userConfig` from string to regular helm values to `userConfig.` - - Rename `prometheus-operator-app` to `kube-prometheus-stack` - - Rename `promtail-app` to `promtail` - -- Upgrade promtail to 1.5.3 - Adjust CPU settings and set RAM limit to 2x requests -- Upgrade `kube-prometheus-stack` to 9.1.0. -- Upgrade `prometheus-operator-crd` to 9.0.0. -- Add the `global.podSecurityStandards.enforced` value back to be able to work on CAPI WCs. -- Add dependency on prometheus-operator-crd to all apps. -- Upgrade `grafana-agent` to 0.4.1. -- upgrade `prometheus-agent` to 0.6.9. -- Enforce `Cilium Network Policy` by default. -- Enforce `Pod Security Standard` by default. - -### cert-exporter [2.9.0](https://github.com/giantswarm/cert-exporter/releases/tag/v2.9.0) - -#### Added -- Add cert name to secret metric. - - -### cert-manager [3.7.1](https://github.com/giantswarm/cert-manager-app/releases/tag/v3.7.1) - -#### Added -- Added `acme-solvers-networkpolicy` `NetworkPolicy` namespace to `kube-system` - - -### coredns [1.21.0](https://github.com/giantswarm/coredns-app/releases/tag/v1.21.0) - -#### Changed -- Configure `gsoci.azurecr.io` as the default container image registry. - - -### vertical-pod-autoscaler [5.0.0](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v5.0.0) - -#### Changed -- Change ImageRegistry to `gsoci.azurecr.io`. -- Upgrade dependency chart to 9.6.0 - -### containerlinux [3815.2.0](https://www.flatcar-linux.org/releases/#release-3815.2.0) - -⚠️ From Alpha 3794.0.0 Torcx has been removed - please assert that you don’t rely on specific Torcx mechanism but now use systemd-sysext. See [here](https://www.flatcar.org/docs/latest/provisioning/sysext/) for more information. - -**Changes since Stable-3602.2.3** - -#### Security fixes -- Linux ([CVE-2023-7192](https://nvd.nist.gov/vuln/detail/CVE-2023-7192) (includes [CVE-2023-6932](https://nvd.nist.gov/vuln/detail/CVE-2023-6932), [CVE-2023-6931](https://nvd.nist.gov/vuln/detail/CVE-2023-6931), [CVE-2023-6817](https://nvd.nist.gov/vuln/detail/CVE-2023-6817), [CVE-2023-6622](https://nvd.nist.gov/vuln/detail/CVE-2023-6622), [CVE-2023-6606](https://nvd.nist.gov/vuln/detail/CVE-2023-6606), [CVE-2023-6546](https://nvd.nist.gov/vuln/detail/CVE-2023-6546), [CVE-2023-6531](https://nvd.nist.gov/vuln/detail/CVE-2023-6531), [CVE-2023-6176](https://nvd.nist.gov/vuln/detail/CVE-2023-6176), [CVE-2023-6121](https://nvd.nist.gov/vuln/detail/CVE-2023-6121), [CVE-2023-5717](https://nvd.nist.gov/vuln/detail/CVE-2023-5717), [CVE-2023-5345](https://nvd.nist.gov/vuln/detail/CVE-2023-5345), [CVE-2023-5197](https://nvd.nist.gov/vuln/detail/CVE-2023-5197), [CVE-2023-51782](https://nvd.nist.gov/vuln/detail/CVE-2023-51782), [CVE-2023-51781](https://nvd.nist.gov/vuln/detail/CVE-2023-51781), [CVE-2023-51780](https://nvd.nist.gov/vuln/detail/CVE-2023-51780), [CVE-2023-51779](https://nvd.nist.gov/vuln/detail/CVE-2023-51779), [CVE-2023-5158](https://nvd.nist.gov/vuln/detail/CVE-2023-5158), [CVE-2023-5090](https://nvd.nist.gov/vuln/detail/CVE-2023-5090), [CVE-2023-4921](https://nvd.nist.gov/vuln/detail/CVE-2023-4921), [CVE-2023-46862](https://nvd.nist.gov/vuln/detail/CVE-2023-46862), [CVE-2023-46813](https://nvd.nist.gov/vuln/detail/CVE-2023-46813), [CVE-2023-4623](https://nvd.nist.gov/vuln/detail/CVE-2023-4623), [CVE-2023-45871](https://nvd.nist.gov/vuln/detail/CVE-2023-45871), [CVE-2023-45863](https://nvd.nist.gov/vuln/detail/CVE-2023-45863), [CVE-2023-45862](https://nvd.nist.gov/vuln/detail/CVE-2023-45862), [CVE-2023-4569](https://nvd.nist.gov/vuln/detail/CVE-2023-4569), [CVE-2023-4459](https://nvd.nist.gov/vuln/detail/CVE-2023-4459), [CVE-2023-44466](https://nvd.nist.gov/vuln/detail/CVE-2023-44466), [CVE-2023-4394](https://nvd.nist.gov/vuln/detail/CVE-2023-4394), [CVE-2023-4389](https://nvd.nist.gov/vuln/detail/CVE-2023-4389), [CVE-2023-4387](https://nvd.nist.gov/vuln/detail/CVE-2023-4387), [CVE-2023-4385](https://nvd.nist.gov/vuln/detail/CVE-2023-4385), [CVE-2023-42755](https://nvd.nist.gov/vuln/detail/CVE-2023-42755), [CVE-2023-42754](https://nvd.nist.gov/vuln/detail/CVE-2023-42754), [CVE-2023-42753](https://nvd.nist.gov/vuln/detail/CVE-2023-42753), [CVE-2023-42752](https://nvd.nist.gov/vuln/detail/CVE-2023-42752), [CVE-2023-4273](https://nvd.nist.gov/vuln/detail/CVE-2023-4273), [CVE-2023-4244](https://nvd.nist.gov/vuln/detail/CVE-2023-4244), [CVE-2023-4208](https://nvd.nist.gov/vuln/detail/CVE-2023-4208), [CVE-2023-4207](https://nvd.nist.gov/vuln/detail/CVE-2023-4207), [CVE-2023-4206](https://nvd.nist.gov/vuln/detail/CVE-2023-4206), [CVE-2023-4155](https://nvd.nist.gov/vuln/detail/CVE-2023-4155), [CVE-2023-4147](https://nvd.nist.gov/vuln/detail/CVE-2023-4147), [CVE-2023-4132](https://nvd.nist.gov/vuln/detail/CVE-2023-4132), [CVE-2023-40283](https://nvd.nist.gov/vuln/detail/CVE-2023-40283), [CVE-2023-4015](https://nvd.nist.gov/vuln/detail/CVE-2023-4015), [CVE-2023-4004](https://nvd.nist.gov/vuln/detail/CVE-2023-4004), [CVE-2023-39198](https://nvd.nist.gov/vuln/detail/CVE-2023-39198), [CVE-2023-39197](https://nvd.nist.gov/vuln/detail/CVE-2023-39197), [CVE-2023-39194](https://nvd.nist.gov/vuln/detail/CVE-2023-39194), [CVE-2023-39193](https://nvd.nist.gov/vuln/detail/CVE-2023-39193), [CVE-2023-39192](https://nvd.nist.gov/vuln/detail/CVE-2023-39192), [CVE-2023-39189](https://nvd.nist.gov/vuln/detail/CVE-2023-39189), [CVE-2023-3867](https://nvd.nist.gov/vuln/detail/CVE-2023-3867), [CVE-2023-3866](https://nvd.nist.gov/vuln/detail/CVE-2023-3866), [CVE-2023-3865](https://nvd.nist.gov/vuln/detail/CVE-2023-3865), [CVE-2023-3863](https://nvd.nist.gov/vuln/detail/CVE-2023-3863), [CVE-2023-38432](https://nvd.nist.gov/vuln/detail/CVE-2023-38432), [CVE-2023-38431](https://nvd.nist.gov/vuln/detail/CVE-2023-38431), [CVE-2023-38430](https://nvd.nist.gov/vuln/detail/CVE-2023-38430), [CVE-2023-38429](https://nvd.nist.gov/vuln/detail/CVE-2023-38429), [CVE-2023-38428](https://nvd.nist.gov/vuln/detail/CVE-2023-38428), [CVE-2023-38427](https://nvd.nist.gov/vuln/detail/CVE-2023-38427), [CVE-2023-38426](https://nvd.nist.gov/vuln/detail/CVE-2023-38426), [CVE-2023-38409](https://nvd.nist.gov/vuln/detail/CVE-2023-38409), [CVE-2023-3812](https://nvd.nist.gov/vuln/detail/CVE-2023-3812), [CVE-2023-3777](https://nvd.nist.gov/vuln/detail/CVE-2023-3777), [CVE-2023-3776](https://nvd.nist.gov/vuln/detail/CVE-2023-3776), [CVE-2023-3773](https://nvd.nist.gov/vuln/detail/CVE-2023-3773), [CVE-2023-3772](https://nvd.nist.gov/vuln/detail/CVE-2023-3772), [CVE-2023-3611](https://nvd.nist.gov/vuln/detail/CVE-2023-3611), [CVE-2023-3610](https://nvd.nist.gov/vuln/detail/CVE-2023-3610), [CVE-2023-3609](https://nvd.nist.gov/vuln/detail/CVE-2023-3609), [CVE-2023-35829](https://nvd.nist.gov/vuln/detail/CVE-2023-35829), [CVE-2023-35828](https://nvd.nist.gov/vuln/detail/CVE-2023-35828), [CVE-2023-35827](https://nvd.nist.gov/vuln/detail/CVE-2023-35827), [CVE-2023-35826](https://nvd.nist.gov/vuln/detail/CVE-2023-35826), [CVE-2023-35824](https://nvd.nist.gov/vuln/detail/CVE-2023-35824), [CVE-2023-35823](https://nvd.nist.gov/vuln/detail/CVE-2023-35823), [CVE-2023-35788](https://nvd.nist.gov/vuln/detail/CVE-2023-35788), [CVE-2023-3567](https://nvd.nist.gov/vuln/detail/CVE-2023-3567), [CVE-2023-35001](https://nvd.nist.gov/vuln/detail/CVE-2023-35001), [CVE-2023-3439](https://nvd.nist.gov/vuln/detail/CVE-2023-3439), [CVE-2023-34324](https://nvd.nist.gov/vuln/detail/CVE-2023-34324), [CVE-2023-34319](https://nvd.nist.gov/vuln/detail/CVE-2023-34319), [CVE-2023-34256](https://nvd.nist.gov/vuln/detail/CVE-2023-34256), [CVE-2023-33952](https://nvd.nist.gov/vuln/detail/CVE-2023-33952), [CVE-2023-33951](https://nvd.nist.gov/vuln/detail/CVE-2023-33951), [CVE-2023-3390](https://nvd.nist.gov/vuln/detail/CVE-2023-3390), [CVE-2023-3359](https://nvd.nist.gov/vuln/detail/CVE-2023-3359), [CVE-2023-3358](https://nvd.nist.gov/vuln/detail/CVE-2023-3358), [CVE-2023-3357](https://nvd.nist.gov/vuln/detail/CVE-2023-3357), [CVE-2023-3355](https://nvd.nist.gov/vuln/detail/CVE-2023-3355), [CVE-2023-33288](https://nvd.nist.gov/vuln/detail/CVE-2023-33288), [CVE-2023-33203](https://nvd.nist.gov/vuln/detail/CVE-2023-33203), [CVE-2023-3269](https://nvd.nist.gov/vuln/detail/CVE-2023-3269), [CVE-2023-3268](https://nvd.nist.gov/vuln/detail/CVE-2023-3268), [CVE-2023-32269](https://nvd.nist.gov/vuln/detail/CVE-2023-32269), [CVE-2023-32258](https://nvd.nist.gov/vuln/detail/CVE-2023-32258), [CVE-2023-32257](https://nvd.nist.gov/vuln/detail/CVE-2023-32257), [CVE-2023-32254](https://nvd.nist.gov/vuln/detail/CVE-2023-32254), [CVE-2023-32252](https://nvd.nist.gov/vuln/detail/CVE-2023-32252), [CVE-2023-32250](https://nvd.nist.gov/vuln/detail/CVE-2023-32250), [CVE-2023-32248](https://nvd.nist.gov/vuln/detail/CVE-2023-32248), [CVE-2023-32247](https://nvd.nist.gov/vuln/detail/CVE-2023-32247), [CVE-2023-32233](https://nvd.nist.gov/vuln/detail/CVE-2023-32233), [CVE-2023-3220](https://nvd.nist.gov/vuln/detail/CVE-2023-3220), [CVE-2023-3212](https://nvd.nist.gov/vuln/detail/CVE-2023-3212), [CVE-2023-3161](https://nvd.nist.gov/vuln/detail/CVE-2023-3161), [CVE-2023-3159](https://nvd.nist.gov/vuln/detail/CVE-2023-3159), [CVE-2023-31436](https://nvd.nist.gov/vuln/detail/CVE-2023-31436), [CVE-2023-3141](https://nvd.nist.gov/vuln/detail/CVE-2023-3141), [CVE-2023-31248](https://nvd.nist.gov/vuln/detail/CVE-2023-31248), [CVE-2023-3111](https://nvd.nist.gov/vuln/detail/CVE-2023-3111), [CVE-2023-31085](https://nvd.nist.gov/vuln/detail/CVE-2023-31085), [CVE-2023-3090](https://nvd.nist.gov/vuln/detail/CVE-2023-3090), [CVE-2023-30772](https://nvd.nist.gov/vuln/detail/CVE-2023-30772), [CVE-2023-30456](https://nvd.nist.gov/vuln/detail/CVE-2023-30456), [CVE-2023-3006](https://nvd.nist.gov/vuln/detail/CVE-2023-3006), [CVE-2023-2985](https://nvd.nist.gov/vuln/detail/CVE-2023-2985), [CVE-2023-2898](https://nvd.nist.gov/vuln/detail/CVE-2023-2898), [CVE-2023-28866](https://nvd.nist.gov/vuln/detail/CVE-2023-28866), [CVE-2023-28466](https://nvd.nist.gov/vuln/detail/CVE-2023-28466), [CVE-2023-28410](https://nvd.nist.gov/vuln/detail/CVE-2023-28410), [CVE-2023-28328](https://nvd.nist.gov/vuln/detail/CVE-2023-28328), [CVE-2023-28327](https://nvd.nist.gov/vuln/detail/CVE-2023-28327), [CVE-2023-26607](https://nvd.nist.gov/vuln/detail/CVE-2023-26607), [CVE-2023-26606](https://nvd.nist.gov/vuln/detail/CVE-2023-26606), [CVE-2023-26545](https://nvd.nist.gov/vuln/detail/CVE-2023-26545), [CVE-2023-26544](https://nvd.nist.gov/vuln/detail/CVE-2023-26544), [CVE-2023-25775](https://nvd.nist.gov/vuln/detail/CVE-2023-25775), [CVE-2023-2513](https://nvd.nist.gov/vuln/detail/CVE-2023-2513), [CVE-2023-25012](https://nvd.nist.gov/vuln/detail/CVE-2023-25012), [CVE-2023-2430](https://nvd.nist.gov/vuln/detail/CVE-2023-2430), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559), [CVE-2023-23455](https://nvd.nist.gov/vuln/detail/CVE-2023-23455), [CVE-2023-23454](https://nvd.nist.gov/vuln/detail/CVE-2023-23454), [CVE-2023-23002](https://nvd.nist.gov/vuln/detail/CVE-2023-23002), [CVE-2023-23001](https://nvd.nist.gov/vuln/detail/CVE-2023-23001), [CVE-2023-22999](https://nvd.nist.gov/vuln/detail/CVE-2023-22999), [CVE-2023-22998](https://nvd.nist.gov/vuln/detail/CVE-2023-22998), [CVE-2023-22997](https://nvd.nist.gov/vuln/detail/CVE-2023-22997), [CVE-2023-22996](https://nvd.nist.gov/vuln/detail/CVE-2023-22996), [CVE-2023-2269](https://nvd.nist.gov/vuln/detail/CVE-2023-2269), [CVE-2023-2236](https://nvd.nist.gov/vuln/detail/CVE-2023-2236), [CVE-2023-2235](https://nvd.nist.gov/vuln/detail/CVE-2023-2235), [CVE-2023-2194](https://nvd.nist.gov/vuln/detail/CVE-2023-2194), [CVE-2023-2177](https://nvd.nist.gov/vuln/detail/CVE-2023-2177), [CVE-2023-2166](https://nvd.nist.gov/vuln/detail/CVE-2023-2166), [CVE-2023-2163](https://nvd.nist.gov/vuln/detail/CVE-2023-2163), [CVE-2023-2162](https://nvd.nist.gov/vuln/detail/CVE-2023-2162), [CVE-2023-2156](https://nvd.nist.gov/vuln/detail/CVE-2023-2156), [CVE-2023-21255](https://nvd.nist.gov/vuln/detail/CVE-2023-21255), [CVE-2023-2124](https://nvd.nist.gov/vuln/detail/CVE-2023-2124), [CVE-2023-21106](https://nvd.nist.gov/vuln/detail/CVE-2023-21106), [CVE-2023-21102](https://nvd.nist.gov/vuln/detail/CVE-2023-21102), [CVE-2023-20938](https://nvd.nist.gov/vuln/detail/CVE-2023-20938), [CVE-2023-20928](https://nvd.nist.gov/vuln/detail/CVE-2023-20928), [CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593), [CVE-2023-20588](https://nvd.nist.gov/vuln/detail/CVE-2023-20588), [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569), [CVE-2023-2019](https://nvd.nist.gov/vuln/detail/CVE-2023-2019), [CVE-2023-2008](https://nvd.nist.gov/vuln/detail/CVE-2023-2008), [CVE-2023-2006](https://nvd.nist.gov/vuln/detail/CVE-2023-2006), [CVE-2023-2002](https://nvd.nist.gov/vuln/detail/CVE-2023-2002), [CVE-2023-1998](https://nvd.nist.gov/vuln/detail/CVE-2023-1998), [CVE-2023-1990](https://nvd.nist.gov/vuln/detail/CVE-2023-1990), [CVE-2023-1989](https://nvd.nist.gov/vuln/detail/CVE-2023-1989), [CVE-2023-1872](https://nvd.nist.gov/vuln/detail/CVE-2023-1872), [CVE-2023-1859](https://nvd.nist.gov/vuln/detail/CVE-2023-1859), [CVE-2023-1855](https://nvd.nist.gov/vuln/detail/CVE-2023-1855), [CVE-2023-1838](https://nvd.nist.gov/vuln/detail/CVE-2023-1838), [CVE-2023-1829](https://nvd.nist.gov/vuln/detail/CVE-2023-1829), [CVE-2023-1670](https://nvd.nist.gov/vuln/detail/CVE-2023-1670), [CVE-2023-1652](https://nvd.nist.gov/vuln/detail/CVE-2023-1652), [CVE-2023-1637](https://nvd.nist.gov/vuln/detail/CVE-2023-1637), [CVE-2023-1611](https://nvd.nist.gov/vuln/detail/CVE-2023-1611), [CVE-2023-1583](https://nvd.nist.gov/vuln/detail/CVE-2023-1583), [CVE-2023-1582](https://nvd.nist.gov/vuln/detail/CVE-2023-1582), [CVE-2023-1513](https://nvd.nist.gov/vuln/detail/CVE-2023-1513), [CVE-2023-1382](https://nvd.nist.gov/vuln/detail/CVE-2023-1382), [CVE-2023-1380](https://nvd.nist.gov/vuln/detail/CVE-2023-1380), [CVE-2023-1281](https://nvd.nist.gov/vuln/detail/CVE-2023-1281), [CVE-2023-1249](https://nvd.nist.gov/vuln/detail/CVE-2023-1249), [CVE-2023-1206](https://nvd.nist.gov/vuln/detail/CVE-2023-1206), [CVE-2023-1194](https://nvd.nist.gov/vuln/detail/CVE-2023-1194), [CVE-2023-1193](https://nvd.nist.gov/vuln/detail/CVE-2023-1193), [CVE-2023-1192](https://nvd.nist.gov/vuln/detail/CVE-2023-1192), [CVE-2023-1118](https://nvd.nist.gov/vuln/detail/CVE-2023-1118), [CVE-2023-1095](https://nvd.nist.gov/vuln/detail/CVE-2023-1095), [CVE-2023-1079](https://nvd.nist.gov/vuln/detail/CVE-2023-1079), [CVE-2023-1078](https://nvd.nist.gov/vuln/detail/CVE-2023-1078), [CVE-2023-1077](https://nvd.nist.gov/vuln/detail/CVE-2023-1077), [CVE-2023-1076](https://nvd.nist.gov/vuln/detail/CVE-2023-1076), [CVE-2023-1075](https://nvd.nist.gov/vuln/detail/CVE-2023-1075), [CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074), [CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073), [CVE-2023-1032](https://nvd.nist.gov/vuln/detail/CVE-2023-1032), [CVE-2023-0615](https://nvd.nist.gov/vuln/detail/CVE-2023-0615), [CVE-2023-0590](https://nvd.nist.gov/vuln/detail/CVE-2023-0590), [CVE-2023-0469](https://nvd.nist.gov/vuln/detail/CVE-2023-0469), [CVE-2023-0468](https://nvd.nist.gov/vuln/detail/CVE-2023-0468), [CVE-2023-0461](https://nvd.nist.gov/vuln/detail/CVE-2023-0461), [CVE-2023-0459](https://nvd.nist.gov/vuln/detail/CVE-2023-0459), [CVE-2023-0458](https://nvd.nist.gov/vuln/detail/CVE-2023-0458), [CVE-2023-0394](https://nvd.nist.gov/vuln/detail/CVE-2023-0394), [CVE-2023-0386](https://nvd.nist.gov/vuln/detail/CVE-2023-0386), [CVE-2023-0266](https://nvd.nist.gov/vuln/detail/CVE-2023-0266), [CVE-2023-0210](https://nvd.nist.gov/vuln/detail/CVE-2023-0210), [CVE-2023-0179](https://nvd.nist.gov/vuln/detail/CVE-2023-0179), [CVE-2023-0160](https://nvd.nist.gov/vuln/detail/CVE-2023-0160), [CVE-2023-0045](https://nvd.nist.gov/vuln/detail/CVE-2023-0045), [CVE-2022-48619](https://nvd.nist.gov/vuln/detail/CVE-2022-48619), [CVE-2022-48502](https://nvd.nist.gov/vuln/detail/CVE-2022-48502), [CVE-2022-48425](https://nvd.nist.gov/vuln/detail/CVE-2022-48425), [CVE-2022-48424](https://nvd.nist.gov/vuln/detail/CVE-2022-48424), [CVE-2022-48423](https://nvd.nist.gov/vuln/detail/CVE-2022-48423), [CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842), [CVE-2022-47943](https://nvd.nist.gov/vuln/detail/CVE-2022-47943), [CVE-2022-47942](https://nvd.nist.gov/vuln/detail/CVE-2022-47942), [CVE-2022-47941](https://nvd.nist.gov/vuln/detail/CVE-2022-47941), [CVE-2022-47940](https://nvd.nist.gov/vuln/detail/CVE-2022-47940), [CVE-2022-47939](https://nvd.nist.gov/vuln/detail/CVE-2022-47939), [CVE-2022-47938](https://nvd.nist.gov/vuln/detail/CVE-2022-47938), [CVE-2022-47929](https://nvd.nist.gov/vuln/detail/CVE-2022-47929), [CVE-2022-47521](https://nvd.nist.gov/vuln/detail/CVE-2022-47521), [CVE-2022-47520](https://nvd.nist.gov/vuln/detail/CVE-2022-47520), [CVE-2022-47519](https://nvd.nist.gov/vuln/detail/CVE-2022-47519), [CVE-2022-47518](https://nvd.nist.gov/vuln/detail/CVE-2022-47518), [CVE-2022-4662](https://nvd.nist.gov/vuln/detail/CVE-2022-4662), [CVE-2022-45934](https://nvd.nist.gov/vuln/detail/CVE-2022-45934), [CVE-2022-45919](https://nvd.nist.gov/vuln/detail/CVE-2022-45919), [CVE-2022-45887](https://nvd.nist.gov/vuln/detail/CVE-2022-45887), [CVE-2022-45886](https://nvd.nist.gov/vuln/detail/CVE-2022-45886), [CVE-2022-45869](https://nvd.nist.gov/vuln/detail/CVE-2022-45869), [CVE-2022-43945](https://nvd.nist.gov/vuln/detail/CVE-2022-43945), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2022-4379](https://nvd.nist.gov/vuln/detail/CVE-2022-4379), [CVE-2022-4378](https://nvd.nist.gov/vuln/detail/CVE-2022-4378), [CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750), [CVE-2022-42896](https://nvd.nist.gov/vuln/detail/CVE-2022-42896), [CVE-2022-42895](https://nvd.nist.gov/vuln/detail/CVE-2022-42895), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42703](https://nvd.nist.gov/vuln/detail/CVE-2022-42703), [CVE-2022-4269](https://nvd.nist.gov/vuln/detail/CVE-2022-4269), [CVE-2022-42432](https://nvd.nist.gov/vuln/detail/CVE-2022-42432), [CVE-2022-42329](https://nvd.nist.gov/vuln/detail/CVE-2022-42329), [CVE-2022-42328](https://nvd.nist.gov/vuln/detail/CVE-2022-42328), [CVE-2022-41858](https://nvd.nist.gov/vuln/detail/CVE-2022-41858), [CVE-2022-41850](https://nvd.nist.gov/vuln/detail/CVE-2022-41850), [CVE-2022-41849](https://nvd.nist.gov/vuln/detail/CVE-2022-41849), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-4139](https://nvd.nist.gov/vuln/detail/CVE-2022-4139), [CVE-2022-4128](https://nvd.nist.gov/vuln/detail/CVE-2022-4128), [CVE-2022-41218](https://nvd.nist.gov/vuln/detail/CVE-2022-41218), [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982), [CVE-2022-4095](https://nvd.nist.gov/vuln/detail/CVE-2022-4095), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307), [CVE-2022-40133](https://nvd.nist.gov/vuln/detail/CVE-2022-40133), [CVE-2022-3977](https://nvd.nist.gov/vuln/detail/CVE-2022-3977), [CVE-2022-39190](https://nvd.nist.gov/vuln/detail/CVE-2022-39190), [CVE-2022-39189](https://nvd.nist.gov/vuln/detail/CVE-2022-39189), [CVE-2022-3910](https://nvd.nist.gov/vuln/detail/CVE-2022-3910), [CVE-2022-38457](https://nvd.nist.gov/vuln/detail/CVE-2022-38457), [CVE-2022-3707](https://nvd.nist.gov/vuln/detail/CVE-2022-3707), [CVE-2022-36946](https://nvd.nist.gov/vuln/detail/CVE-2022-36946), [CVE-2022-36879](https://nvd.nist.gov/vuln/detail/CVE-2022-36879), [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649), [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646), [CVE-2022-3643](https://nvd.nist.gov/vuln/detail/CVE-2022-3643), [CVE-2022-3640](https://nvd.nist.gov/vuln/detail/CVE-2022-3640), [CVE-2022-3635](https://nvd.nist.gov/vuln/detail/CVE-2022-3635), [CVE-2022-3630](https://nvd.nist.gov/vuln/detail/CVE-2022-3630), [CVE-2022-3629](https://nvd.nist.gov/vuln/detail/CVE-2022-3629), [CVE-2022-36280](https://nvd.nist.gov/vuln/detail/CVE-2022-36280), [CVE-2022-3628](https://nvd.nist.gov/vuln/detail/CVE-2022-3628), [CVE-2022-3625](https://nvd.nist.gov/vuln/detail/CVE-2022-3625), [CVE-2022-3623](https://nvd.nist.gov/vuln/detail/CVE-2022-3623), [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621), [CVE-2022-3619](https://nvd.nist.gov/vuln/detail/CVE-2022-3619), [CVE-2022-36123](https://nvd.nist.gov/vuln/detail/CVE-2022-36123), [CVE-2022-3595](https://nvd.nist.gov/vuln/detail/CVE-2022-3595), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594), [CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586), [CVE-2022-3577](https://nvd.nist.gov/vuln/detail/CVE-2022-3577), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3564](https://nvd.nist.gov/vuln/detail/CVE-2022-3564), [CVE-2022-3543](https://nvd.nist.gov/vuln/detail/CVE-2022-3543), [CVE-2022-3541](https://nvd.nist.gov/vuln/detail/CVE-2022-3541), [CVE-2022-3534](https://nvd.nist.gov/vuln/detail/CVE-2022-3534), [CVE-2022-3526](https://nvd.nist.gov/vuln/detail/CVE-2022-3526), [CVE-2022-3524](https://nvd.nist.gov/vuln/detail/CVE-2022-3524), [CVE-2022-3521](https://nvd.nist.gov/vuln/detail/CVE-2022-3521), [CVE-2022-34918](https://nvd.nist.gov/vuln/detail/CVE-2022-34918), [CVE-2022-34495](https://nvd.nist.gov/vuln/detail/CVE-2022-34495), [CVE-2022-34494](https://nvd.nist.gov/vuln/detail/CVE-2022-34494), [CVE-2022-3435](https://nvd.nist.gov/vuln/detail/CVE-2022-3435), [CVE-2022-3424](https://nvd.nist.gov/vuln/detail/CVE-2022-3424), [CVE-2022-33981](https://nvd.nist.gov/vuln/detail/CVE-2022-33981), [CVE-2022-33744](https://nvd.nist.gov/vuln/detail/CVE-2022-33744), [CVE-2022-33743](https://nvd.nist.gov/vuln/detail/CVE-2022-33743), [CVE-2022-33742](https://nvd.nist.gov/vuln/detail/CVE-2022-33742), [CVE-2022-33741](https://nvd.nist.gov/vuln/detail/CVE-2022-33741), [CVE-2022-33740](https://nvd.nist.gov/vuln/detail/CVE-2022-33740), [CVE-2022-3344](https://nvd.nist.gov/vuln/detail/CVE-2022-3344), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-32981](https://nvd.nist.gov/vuln/detail/CVE-2022-32981), [CVE-2022-3239](https://nvd.nist.gov/vuln/detail/CVE-2022-3239), [CVE-2022-32296](https://nvd.nist.gov/vuln/detail/CVE-2022-32296), [CVE-2022-32250](https://nvd.nist.gov/vuln/detail/CVE-2022-32250), [CVE-2022-3202](https://nvd.nist.gov/vuln/detail/CVE-2022-3202), [CVE-2022-3169](https://nvd.nist.gov/vuln/detail/CVE-2022-3169), [CVE-2022-3115](https://nvd.nist.gov/vuln/detail/CVE-2022-3115), [CVE-2022-3113](https://nvd.nist.gov/vuln/detail/CVE-2022-3113), [CVE-2022-3112](https://nvd.nist.gov/vuln/detail/CVE-2022-3112), [CVE-2022-3111](https://nvd.nist.gov/vuln/detail/CVE-2022-3111), [CVE-2022-3110](https://nvd.nist.gov/vuln/detail/CVE-2022-3110), [CVE-2022-3108](https://nvd.nist.gov/vuln/detail/CVE-2022-3108), [CVE-2022-3107](https://nvd.nist.gov/vuln/detail/CVE-2022-3107), [CVE-2022-3105](https://nvd.nist.gov/vuln/detail/CVE-2022-3105), [CVE-2022-3104](https://nvd.nist.gov/vuln/detail/CVE-2022-3104), [CVE-2022-3078](https://nvd.nist.gov/vuln/detail/CVE-2022-3078), [CVE-2022-3077](https://nvd.nist.gov/vuln/detail/CVE-2022-3077), [CVE-2022-30594](https://nvd.nist.gov/vuln/detail/CVE-2022-30594), [CVE-2022-3028](https://nvd.nist.gov/vuln/detail/CVE-2022-3028), [CVE-2022-29968](https://nvd.nist.gov/vuln/detail/CVE-2022-29968), [CVE-2022-29901](https://nvd.nist.gov/vuln/detail/CVE-2022-29901), [CVE-2022-29900](https://nvd.nist.gov/vuln/detail/CVE-2022-29900), [CVE-2022-2978](https://nvd.nist.gov/vuln/detail/CVE-2022-2978), [CVE-2022-2977](https://nvd.nist.gov/vuln/detail/CVE-2022-2977), [CVE-2022-2964](https://nvd.nist.gov/vuln/detail/CVE-2022-2964), [CVE-2022-2959](https://nvd.nist.gov/vuln/detail/CVE-2022-2959), [CVE-2022-29582](https://nvd.nist.gov/vuln/detail/CVE-2022-29582), [CVE-2022-29581](https://nvd.nist.gov/vuln/detail/CVE-2022-29581), [CVE-2022-2938](https://nvd.nist.gov/vuln/detail/CVE-2022-2938), [CVE-2022-29156](https://nvd.nist.gov/vuln/detail/CVE-2022-29156), [CVE-2022-2905](https://nvd.nist.gov/vuln/detail/CVE-2022-2905), [CVE-2022-28893](https://nvd.nist.gov/vuln/detail/CVE-2022-28893), [CVE-2022-28796](https://nvd.nist.gov/vuln/detail/CVE-2022-28796), [CVE-2022-2873](https://nvd.nist.gov/vuln/detail/CVE-2022-2873), [CVE-2022-28390](https://nvd.nist.gov/vuln/detail/CVE-2022-28390), [CVE-2022-28389](https://nvd.nist.gov/vuln/detail/CVE-2022-28389), [CVE-2022-28388](https://nvd.nist.gov/vuln/detail/CVE-2022-28388), [CVE-2022-28356](https://nvd.nist.gov/vuln/detail/CVE-2022-28356), [CVE-2022-27950](https://nvd.nist.gov/vuln/detail/CVE-2022-27950), [CVE-2022-2785](https://nvd.nist.gov/vuln/detail/CVE-2022-2785), [CVE-2022-27672](https://nvd.nist.gov/vuln/detail/CVE-2022-27672), [CVE-2022-27666](https://nvd.nist.gov/vuln/detail/CVE-2022-27666), [CVE-2022-27223](https://nvd.nist.gov/vuln/detail/CVE-2022-27223), [CVE-2022-26966](https://nvd.nist.gov/vuln/detail/CVE-2022-26966), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-26490](https://nvd.nist.gov/vuln/detail/CVE-2022-26490), [CVE-2022-2639](https://nvd.nist.gov/vuln/detail/CVE-2022-2639), [CVE-2022-26373](https://nvd.nist.gov/vuln/detail/CVE-2022-26373), [CVE-2022-26365](https://nvd.nist.gov/vuln/detail/CVE-2022-26365), [CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-2590](https://nvd.nist.gov/vuln/detail/CVE-2022-2590), [CVE-2022-2588](https://nvd.nist.gov/vuln/detail/CVE-2022-2588), [CVE-2022-2586](https://nvd.nist.gov/vuln/detail/CVE-2022-2586), [CVE-2022-2585](https://nvd.nist.gov/vuln/detail/CVE-2022-2585), [CVE-2022-25636](https://nvd.nist.gov/vuln/detail/CVE-2022-25636), [CVE-2022-25375](https://nvd.nist.gov/vuln/detail/CVE-2022-25375), [CVE-2022-25258](https://nvd.nist.gov/vuln/detail/CVE-2022-25258), [CVE-2022-2503](https://nvd.nist.gov/vuln/detail/CVE-2022-2503), [CVE-2022-24959](https://nvd.nist.gov/vuln/detail/CVE-2022-24959), [CVE-2022-24958](https://nvd.nist.gov/vuln/detail/CVE-2022-24958), [CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448), [CVE-2022-23960](https://nvd.nist.gov/vuln/detail/CVE-2022-23960), [CVE-2022-2380](https://nvd.nist.gov/vuln/detail/CVE-2022-2380), [CVE-2022-23222](https://nvd.nist.gov/vuln/detail/CVE-2022-23222), [CVE-2022-2318](https://nvd.nist.gov/vuln/detail/CVE-2022-2318), [CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308), [CVE-2022-23042](https://nvd.nist.gov/vuln/detail/CVE-2022-23042), [CVE-2022-23041](https://nvd.nist.gov/vuln/detail/CVE-2022-23041), [CVE-2022-23040](https://nvd.nist.gov/vuln/detail/CVE-2022-23040), [CVE-2022-23039](https://nvd.nist.gov/vuln/detail/CVE-2022-23039), [CVE-2022-23038](https://nvd.nist.gov/vuln/detail/CVE-2022-23038), [CVE-2022-23037](https://nvd.nist.gov/vuln/detail/CVE-2022-23037), [CVE-2022-23036](https://nvd.nist.gov/vuln/detail/CVE-2022-23036), [CVE-2022-22942](https://nvd.nist.gov/vuln/detail/CVE-2022-22942), [CVE-2022-2196](https://nvd.nist.gov/vuln/detail/CVE-2022-2196), [CVE-2022-2153](https://nvd.nist.gov/vuln/detail/CVE-2022-2153), [CVE-2022-21505](https://nvd.nist.gov/vuln/detail/CVE-2022-21505), [CVE-2022-21499](https://nvd.nist.gov/vuln/detail/CVE-2022-21499), [CVE-2022-21166](https://nvd.nist.gov/vuln/detail/CVE-2022-21166), [CVE-2022-21125](https://nvd.nist.gov/vuln/detail/CVE-2022-21125), [CVE-2022-21123](https://nvd.nist.gov/vuln/detail/CVE-2022-21123), [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078), [CVE-2022-20572](https://nvd.nist.gov/vuln/detail/CVE-2022-20572), [CVE-2022-20566](https://nvd.nist.gov/vuln/detail/CVE-2022-20566), [CVE-2022-20423](https://nvd.nist.gov/vuln/detail/CVE-2022-20423), [CVE-2022-20422](https://nvd.nist.gov/vuln/detail/CVE-2022-20422), [CVE-2022-20421](https://nvd.nist.gov/vuln/detail/CVE-2022-20421), [CVE-2022-20369](https://nvd.nist.gov/vuln/detail/CVE-2022-20369), [CVE-2022-20368](https://nvd.nist.gov/vuln/detail/CVE-2022-20368), [CVE-2022-20158](https://nvd.nist.gov/vuln/detail/CVE-2022-20158), [CVE-2022-20008](https://nvd.nist.gov/vuln/detail/CVE-2022-20008), [CVE-2022-1998](https://nvd.nist.gov/vuln/detail/CVE-2022-1998), [CVE-2022-1976](https://nvd.nist.gov/vuln/detail/CVE-2022-1976), [CVE-2022-1975](https://nvd.nist.gov/vuln/detail/CVE-2022-1975), [CVE-2022-1974](https://nvd.nist.gov/vuln/detail/CVE-2022-1974), [CVE-2022-1973](https://nvd.nist.gov/vuln/detail/CVE-2022-1973), [CVE-2022-1943](https://nvd.nist.gov/vuln/detail/CVE-2022-1943), [CVE-2022-1882](https://nvd.nist.gov/vuln/detail/CVE-2022-1882), [CVE-2022-1852](https://nvd.nist.gov/vuln/detail/CVE-2022-1852), [CVE-2022-1789](https://nvd.nist.gov/vuln/detail/CVE-2022-1789), [CVE-2022-1734](https://nvd.nist.gov/vuln/detail/CVE-2022-1734), [CVE-2022-1729](https://nvd.nist.gov/vuln/detail/CVE-2022-1729), [CVE-2022-1679](https://nvd.nist.gov/vuln/detail/CVE-2022-1679), [CVE-2022-1671](https://nvd.nist.gov/vuln/detail/CVE-2022-1671), [CVE-2022-1652](https://nvd.nist.gov/vuln/detail/CVE-2022-1652), [CVE-2022-1651](https://nvd.nist.gov/vuln/detail/CVE-2022-1651), [CVE-2022-1516](https://nvd.nist.gov/vuln/detail/CVE-2022-1516), [CVE-2022-1462](https://nvd.nist.gov/vuln/detail/CVE-2022-1462), [CVE-2022-1353](https://nvd.nist.gov/vuln/detail/CVE-2022-1353), [CVE-2022-1263](https://nvd.nist.gov/vuln/detail/CVE-2022-1263), [CVE-2022-1205](https://nvd.nist.gov/vuln/detail/CVE-2022-1205), [CVE-2022-1204](https://nvd.nist.gov/vuln/detail/CVE-2022-1204), [CVE-2022-1199](https://nvd.nist.gov/vuln/detail/CVE-2022-1199), [CVE-2022-1198](https://nvd.nist.gov/vuln/detail/CVE-2022-1198), [CVE-2022-1184](https://nvd.nist.gov/vuln/detail/CVE-2022-1184), [CVE-2022-1158](https://nvd.nist.gov/vuln/detail/CVE-2022-1158), [CVE-2022-1055](https://nvd.nist.gov/vuln/detail/CVE-2022-1055), [CVE-2022-1048](https://nvd.nist.gov/vuln/detail/CVE-2022-1048), [CVE-2022-1016](https://nvd.nist.gov/vuln/detail/CVE-2022-1016), [CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015), [CVE-2022-1012](https://nvd.nist.gov/vuln/detail/CVE-2022-1012), [CVE-2022-1011](https://nvd.nist.gov/vuln/detail/CVE-2022-1011), [CVE-2022-0995](https://nvd.nist.gov/vuln/detail/CVE-2022-0995), [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/CVE-2022-0847), [CVE-2022-0742](https://nvd.nist.gov/vuln/detail/CVE-2022-0742), [CVE-2022-0617](https://nvd.nist.gov/vuln/detail/CVE-2022-0617), [CVE-2022-0516](https://nvd.nist.gov/vuln/detail/CVE-2022-0516), [CVE-2022-0500](https://nvd.nist.gov/vuln/detail/CVE-2022-0500), [CVE-2022-0494](https://nvd.nist.gov/vuln/detail/CVE-2022-0494), [CVE-2022-0492](https://nvd.nist.gov/vuln/detail/CVE-2022-0492), [CVE-2022-0487](https://nvd.nist.gov/vuln/detail/CVE-2022-0487), [CVE-2022-0435](https://nvd.nist.gov/vuln/detail/CVE-2022-0435), [CVE-2022-0433](https://nvd.nist.gov/vuln/detail/CVE-2022-0433), [CVE-2022-0382](https://nvd.nist.gov/vuln/detail/CVE-2022-0382), [CVE-2022-0330](https://nvd.nist.gov/vuln/detail/CVE-2022-0330), [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185), [CVE-2022-0168](https://nvd.nist.gov/vuln/detail/CVE-2022-0168), [CVE-2022-0002](https://nvd.nist.gov/vuln/detail/CVE-2022-0002), [CVE-2022-0001](https://nvd.nist.gov/vuln/detail/CVE-2022-0001), [CVE-2021-45469](https://nvd.nist.gov/vuln/detail/CVE-2021-45469), [CVE-2021-44879](https://nvd.nist.gov/vuln/detail/CVE-2021-44879), [CVE-2021-43976](https://nvd.nist.gov/vuln/detail/CVE-2021-43976), [CVE-2021-4197](https://nvd.nist.gov/vuln/detail/CVE-2021-4197), [CVE-2021-4155](https://nvd.nist.gov/vuln/detail/CVE-2021-4155), [CVE-2021-3923](https://nvd.nist.gov/vuln/detail/CVE-2021-3923), [CVE-2021-33655](https://nvd.nist.gov/vuln/detail/CVE-2021-33655), [CVE-2021-33135](https://nvd.nist.gov/vuln/detail/CVE-2021-33135), [CVE-2021-26401](https://nvd.nist.gov/vuln/detail/CVE-2021-26401), [CVE-2020-36516](https://nvd.nist.gov/vuln/detail/CVE-2020-36516))) -- Go ([CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323), [CVE-2023-39322](https://nvd.nist.gov/vuln/detail/CVE-2023-39322), [CVE-2023-39321](https://nvd.nist.gov/vuln/detail/CVE-2023-39321), [CVE-2023-39320](https://nvd.nist.gov/vuln/detail/CVE-2023-39320), [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319), [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318), [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409), [CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406), [CVE-2023-29405](https://nvd.nist.gov/vuln/detail/CVE-2023-29405), [CVE-2023-29404](https://nvd.nist.gov/vuln/detail/CVE-2023-29404), [CVE-2023-29403](https://nvd.nist.gov/vuln/detail/CVE-2023-29403), [CVE-2023-29402](https://nvd.nist.gov/vuln/detail/CVE-2023-29402)) -- OpenSSL ([CVE-2023-3446](https://nvd.nist.gov/vuln/detail/CVE-2023-3446), [CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975), [CVE-2023-2650](https://nvd.nist.gov/vuln/detail/CVE-2023-2650)) -- Python ([CVE-2023-41105](https://nvd.nist.gov/vuln/detail/CVE-2023-41105), [CVE-2023-40217](https://nvd.nist.gov/vuln/detail/CVE-2023-40217)) -- SDK: Rust ([CVE-2023-38497](https://nvd.nist.gov/vuln/detail/CVE-2023-38497)) -- VMware: open-vm-tools ([CVE-2023-20900](https://nvd.nist.gov/vuln/detail/CVE-2023-20900), [CVE-2023-20867](https://nvd.nist.gov/vuln/detail/CVE-2023-20867)) -- binutils ([CVE-2023-1579](https://nvd.nist.gov/vuln/detail/CVE-2023-1579), [CVE-2022-4285](https://nvd.nist.gov/vuln/detail/CVE-2022-4285), [CVE-2022-38533](https://nvd.nist.gov/vuln/detail/CVE-2022-38533)) -- c-ares ([CVE-2023-32067](https://nvd.nist.gov/vuln/detail/CVE-2023-32067), [CVE-2023-31147](https://nvd.nist.gov/vuln/detail/CVE-2023-31147), [CVE-2023-31130](https://nvd.nist.gov/vuln/detail/CVE-2023-31130), [CVE-2023-31124](https://nvd.nist.gov/vuln/detail/CVE-2023-31124)) -- curl ([CVE-2023-38546](https://nvd.nist.gov/vuln/detail/CVE-2023-38546), [CVE-2023-38545](https://nvd.nist.gov/vuln/detail/CVE-2023-38545), [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039), [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322), [CVE-2023-28321](https://nvd.nist.gov/vuln/detail/CVE-2023-28321), [CVE-2023-28320](https://nvd.nist.gov/vuln/detail/CVE-2023-28320), [CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319)) -- git ([CVE-2023-29007](https://nvd.nist.gov/vuln/detail/CVE-2023-29007), [CVE-2023-25815](https://nvd.nist.gov/vuln/detail/CVE-2023-25815), [CVE-2023-25652](https://nvd.nist.gov/vuln/detail/CVE-2023-25652)) -- glibc ([CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911), [CVE-2023-4806](https://nvd.nist.gov/vuln/detail/CVE-2023-4806), [CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527)) -- go ([CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)) -- grub ([CVE-2023-4693](https://nvd.nist.gov/vuln/detail/CVE-2023-4693), [CVE-2023-4692](https://nvd.nist.gov/vuln/detail/CVE-2023-4692), [CVE-2022-3775](https://nvd.nist.gov/vuln/detail/CVE-2022-3775), [CVE-2022-28737](https://nvd.nist.gov/vuln/detail/CVE-2022-28737), [CVE-2022-28736](https://nvd.nist.gov/vuln/detail/CVE-2022-28736), [CVE-2022-28735](https://nvd.nist.gov/vuln/detail/CVE-2022-28735), [CVE-2022-28734](https://nvd.nist.gov/vuln/detail/CVE-2022-28734), [CVE-2022-28733](https://nvd.nist.gov/vuln/detail/CVE-2022-28733), [CVE-2022-2601](https://nvd.nist.gov/vuln/detail/CVE-2022-2601), [CVE-2021-3981](https://nvd.nist.gov/vuln/detail/CVE-2021-3981), [CVE-2021-3697](https://nvd.nist.gov/vuln/detail/CVE-2021-3697), [CVE-2021-3696](https://nvd.nist.gov/vuln/detail/CVE-2021-3696), [CVE-2021-3695](https://nvd.nist.gov/vuln/detail/CVE-2021-3695), [CVE-2021-20233](https://nvd.nist.gov/vuln/detail/CVE-2021-20233), [CVE-2021-20225](https://nvd.nist.gov/vuln/detail/CVE-2021-20225), [CVE-2020-27779](https://nvd.nist.gov/vuln/detail/CVE-2020-27779), [CVE-2020-27749](https://nvd.nist.gov/vuln/detail/CVE-2020-27749), [CVE-2020-25647](https://nvd.nist.gov/vuln/detail/CVE-2020-25647), [CVE-2020-25632](https://nvd.nist.gov/vuln/detail/CVE-2020-25632), [CVE-2020-14372](https://nvd.nist.gov/vuln/detail/CVE-2020-14372), [CVE-2020-10713](https://nvd.nist.gov/vuln/detail/CVE-2020-10713)) -- intel-microcode ([CVE-2023-23908](https://nvd.nist.gov/vuln/detail/CVE-2023-23908), [CVE-2022-41804](https://nvd.nist.gov/vuln/detail/CVE-2022-41804), [CVE-2022-40982](https://nvd.nist.gov/vuln/detail/CVE-2022-40982)) -- libarchive ([libarchive-20230729](https://github.com/libarchive/libarchive/releases/tag/v3.7.1)) -- libcap ([CVE-2023-2603](https://nvd.nist.gov/vuln/detail/CVE-2023-2603), [CVE-2023-2602](https://nvd.nist.gov/vuln/detail/CVE-2023-2602)) -- libmicrohttpd ([CVE-2023-27371](https://nvd.nist.gov/vuln/detail/CVE-2023-27371)) -- libtirpc ([libtirpc-rhbg-2224666](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75), [libtirpc-rhbg-2150611](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b), [libtirpc-rhbg-2138317](http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d)) -- libxml2 ([libxml2-20230428](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4)) -- lua ([CVE-2022-33099](https://nvd.nist.gov/vuln/detail/CVE-2022-33099)) -- mit-krb5 ([CVE-2023-36054](https://nvd.nist.gov/vuln/detail/CVE-2023-36054)) -- ncurses ([CVE-2023-29491](https://nvd.nist.gov/vuln/detail/CVE-2023-29491)) -- nvidia-drivers ([CVE-2023-25516](https://nvd.nist.gov/vuln/detail/CVE-2023-25516), [CVE-2023-25515](https://nvd.nist.gov/vuln/detail/CVE-2023-25515)) -- openldap ([CVE-2023-2953](https://nvd.nist.gov/vuln/detail/CVE-2023-2953)) -- procps ([CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016)) -- protobuf ([CVE-2022-1941](https://nvd.nist.gov/vuln/detail/CVE-2022-1941)) -- qemu ([CVE-2023-2861](https://nvd.nist.gov/vuln/detail/CVE-2023-2861), [CVE-2023-0330](https://nvd.nist.gov/vuln/detail/CVE-2023-0330)) -- samba ([CVE-2022-1615](https://nvd.nist.gov/vuln/detail/CVE-2022-1615), [CVE-2021-44142](https://nvd.nist.gov/vuln/detail/CVE-2021-44142)) -- shadow ([CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383)) -- sudo ([CVE-2023-28487](https://nvd.nist.gov/vuln/detail/CVE-2023-28487), [CVE-2023-28486](https://nvd.nist.gov/vuln/detail/CVE-2023-28486), [CVE-2023-27320](https://nvd.nist.gov/vuln/detail/CVE-2023-27320)) -- torcx ([CVE-2022-28948](https://nvd.nist.gov/vuln/detail/CVE-2022-28948)) -- vim ([CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610), [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609), [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426)) - - -#### Bug fixes - - AWS: Fixed the Amazon SSM agent that was crashing. ([Flatcar#1307](https://github.com/flatcar/Flatcar/issues/1307)) - - Added AWS EKS support for versions 1.24-1.28. Fixed `/usr/share/amazon/eks/download-kubelet.sh` to include download paths for these versions. ([scripts#1210](https://github.com/flatcar/scripts/pull/1210)) - - Fix the RemainAfterExit clause in nvidia.service ([Flatcar#1169](https://github.com/flatcar/Flatcar/issues/1169)) - - Fixed a bug resulting in coreos-cloudinit resetting the instance hostname to 'localhost' if no metadata could be found ([coreos-cloudinit#25](https://github.com/flatcar/coreos-cloudinit/pull/25), [Flatcar#1262](https://github.com/flatcar/Flatcar/issues/1262)), with contributions from [MichaelEischer](https://github.com/MichaelEischer) - - Fixed bug in handling renamed network interfaces when generating login issue ([init#102](https://github.com/flatcar/init/pull/102)) - - Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y ([update-engine#31](https://github.com/flatcar/update_engine/pull/31)) - - Fixed quotes handling for update-engine ([Flatcar#1209](https://github.com/flatcar/Flatcar/issues/1209)) - - Fixed supplying extension update payloads with a custom base URL in Nebraska ([Flatcar#1281](https://github.com/flatcar/Flatcar/issues/1281)) - - Fixed the missing `/etc/extensions/` symlinks for the inbuilt Docker/containerd systemd-sysext images on update from Beta 3760.1.0 ([update_engine#32](https://github.com/flatcar/update_engine/pull/32)) - - Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y ([update_engine#29](https://github.com/flatcar/update_engine/pull/29)) - - GCP: Fixed OS Login enabling ([scripts#1445](https://github.com/flatcar/scripts/pull/1445)) - - Made `sshkeys.service` more robust to only run `coreos-metadata-sshkeys@core.service` when not masked and also retry on failure ([init#112](https://github.com/flatcar/init/pull/112)) - -#### Changes - - :warning: Dropped support for niftycloud and interoute. For interoute we haven't been generating the images for some time already. ([scripts#971](https://github.com/flatcar/scripts/pull/971)) :warning: - - AWS OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr` - - Added TLS Kernel module ([scripts#865](https://github.com/flatcar/scripts/pull/865)) - - Added support for multipart MIME userdata in coreos-cloudinit. Ignition now detects multipart userdata and delegates execution to coreos-cloudinit. (scripts#873) - - Azure and QEMU OEM images now use systemd-sysext images for layering additional platform-specific software on top of `/usr`. For Azure images this also means that the image has a normal Python installation available through the sysext image. The OEM software is still not updated but this will be added soon. - - Change nvidia.service to type oneshot (from the default "simple") so the subsequent services (configured with "Requires/After") are executed after the driver installation is successfully finished (flatcar/Flatcar#1136) - - Enabled the virtio GPU driver ([scripts#830](https://github.com/flatcar/scripts/pull/830)) - - Migrate to Type=notify in containerd.service. Changed the unit to Type=notify, utilizing the existing containerd support for sd_notify call after socket setup. - - Migrated the NVIDIA installer from the Azure/AWS OEM partition to `/usr` to make it available on all platforms ([scripts#932](https://github.com/flatcar/scripts/pull/932/), [Flatcar#1077](https://github.com/flatcar/Flatcar/issues/1077)) - - Moved a mountpoint of the OEM partition from `/usr/share/oem` to `/oem`. `/usr/share/oem` became a symlink to `/oem` for backward compatibility. Despite the move, the initrd images providing files through `/usr/share/oem` should keep using `/usr/share/oem`. The move was done to enable activating the OEM sysext images that are placed in the OEM partition. - - OEM vendor tools are now A/B updated if they are shipped as systemd-sysext images, the migration happens when both partitions require a systemd-sysext OEM image - note that this will delete the `nvidia.service` from `/etc` on Azure because it's now part of `/usr` ([Flatcar#60](https://github.com/flatcar/Flatcar/issues/60)) - - Reworked the VMware OEM software to be shipped as A/B updated systemd-sysext image - - SDK: Experimental support for [prefix builds](https://github.com/flatcar/scripts/blob/main/PREFIX.md) to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from [chewi](https://github.com/chewi) and [HappyTobi](https://github.com/HappyTobi). - - Started shipping default ssh client and ssh daemon configs in `/etc/ssh/ssh_config` and `/etc/ssh/sshd_config` which include config snippets in `/etc/ssh/ssh_config.d` and `/etc/ssh/sshd_config.d`, respectively. - - The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth - - Updated locksmith to use non-deprecated resource control options in the systemd unit ([Locksmith#20](https://github.com/flatcar/locksmith/pull/20)) - -#### Updates -- Linux ([6.1.73](https://lwn.net/Articles/958343) (includes [6.1.72](https://lwn.net/Articles/957376), [6.1.71](https://lwn.net/Articles/957009), [6.1.70](https://lwn.net/Articles/956526), [6.1.69](https://lwn.net/Articles/955814), [6.1.68](https://lwn.net/Articles/954989), [6.1.67](https://lwn.net/Articles/954455), [6.1.66](https://lwn.net/Articles/954112), [6.1.65](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.1.65), [6.1.64](https://lwn.net/Articles/953132), [6.1.63](https://lwn.net/Articles/952003), [6.1.62](https://lwn.net/Articles/950700), [6.1.61](https://lwn.net/Articles/949826), [6.1.60](https://lwn.net/Articles/948817), [6.1.59](https://lwn.net/Articles/948299), [6.1.58](https://lwn.net/Articles/947820), [6.1.57](https://lwn.net/Articles/947298), [6.1.56](https://lwn.net/Articles/946854), [6.1.55](https://lwn.net/Articles/945379), [6.1.54](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.1.54), [6.1.53](https://lwn.net/Articles/944358), [6.1.52](https://lwn.net/Articles/943754), [6.1.51](https://lwn.net/Articles/943403), [6.1.50](https://lwn.net/Articles/943112), [6.1.49](https://lwn.net/Articles/942880), [6.1.48](https://lwn.net/Articles/942865), [6.1.47](https://lwn.net/Articles/942531), [6.1.46](https://lwn.net/Articles/941774), [6.1.45](https://lwn.net/Articles/941273), [6.1.44](https://lwn.net/Articles/940800), [6.1.43](https://lwn.net/Articles/940338), [6.1.42](https://lwn.net/Articles/939423), [6.1.41](https://lwn.net/Articles/939103), [6.1.40](https://lwn.net/Articles/939015), [6.1.39](https://lwn.net/Articles/938619), [6.1.38](https://lwn.net/Articles/937403), [6.1.37](https://lwn.net/Articles/937082), [6.1.36](https://lwn.net/Articles/936674), [6.1.35](https://lwn.net/Articles/935588), [6.1.34](https://lwn.net/Articles/934623), [6.1.33](https://lwn.net/Articles/934319), [6.1.32](https://lwn.net/Articles/933908), [6.1.31](https://lwn.net/Articles/933281), [6.1.30](https://lwn.net/Articles/932882), [6.1.29](https://lwn.net/Articles/932133), [6.1.28](https://lwn.net/Articles/931651), [6.1.27](https://lwn.net/Articles/930597/), [6.1](https://kernelnewbies.org/Linux_6.1))) -- Linux Firmware ([20230919](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230919) (includes [20230804](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230804), [20230625](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625), [20230515](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230515))) -- AWS: amazon-ssm-agent ([3.2.985.0](https://github.com/aws/amazon-ssm-agent/releases/tag/3.2.985.0)) -- Go ([1.20.9](https://go.dev/doc/devel/release#go1.20.9) (includes [1.20.8](https://go.dev/doc/devel/release#go1.20.8), [1.20.7](https://go.dev/doc/devel/release#go1.20.7), [1.20.6](https://go.dev/doc/devel/release#go1.20.6), [1.20.5](https://go.dev/doc/devel/release#go1.20.5), [1.20.4](https://go.dev/doc/devel/release#go1.20.4), [1.20.10](https://go.dev/doc/devel/release#go1.20.10), [1.19.13](https://go.dev/doc/devel/release#go1.19.13), [1.19.12](https://go.dev/doc/devel/release#go1.19.12), [1.19.11](https://go.dev/doc/devel/release#go1.19.11), [1.19.10](https://go.dev/doc/devel/release#go1.19.10))) -- OpenSSL ([3.0.9](https://github.com/openssl/openssl/blob/openssl-3.0.9/NEWS.md#major-changes-between-openssl-308-and-openssl-309-30-may-2023)) -- SDK: Rust ([1.72.1](https://github.com/rust-lang/rust/releases/tag/1.72.1) (includes [1.72.0](https://github.com/rust-lang/rust/releases/tag/1.72.0), [1.71.1](https://github.com/rust-lang/rust/releases/tag/1.71.1), [1.71.0](https://github.com/rust-lang/rust/releases/tag/1.71.0), [1.70.0](https://github.com/rust-lang/rust/releases/tag/1.70.0))) -- SDK: file ([5.45](https://github.com/file/file/blob/FILE5_45/ChangeLog)) -- SDK: gnuconfig ([20230731](https://git.savannah.gnu.org/cgit/config.git/log/?id=d4e37b5868ef910e3e52744c34408084bb13051c)) -- SDK: libxslt ([1.1.38](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.38)) -- SDK: man-db ([2.11.2](https://gitlab.com/man-db/man-db/-/tags/2.11.2)) -- SDK: man-pages ([6.03](https://lore.kernel.org/lkml/d56662b2-538c-7252-9052-8afbf325f843@gmail.com/T/)) -- SDK: pahole ([1.25](https://github.com/acmel/dwarves/blob/master/changes-v1.25)) -- SDK: perf ([6.3](https://kernelnewbies.org/LinuxChanges#Linux_6.3.Tracing.2C_perf_and_BPF)) -- SDK: perl ([5.36.1](https://perldoc.perl.org/perl5361delta)) -- SDK: portage ([3.0.49](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.49) (includes [3.0.49](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.49), [3.0.46](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.46))) -- SDK: python ([3.11.5](https://www.python.org/downloads/release/python-3115/) (includes [3.11.3](https://www.python.org/downloads/release/python-3113/), [3.10.12](https://www.python.org/downloads/release/python-31012/), [3.10.11](https://www.python.org/downloads/release/python-31011/))) -- SDK: qemu ([8.0.4](https://wiki.qemu.org/ChangeLog/8.0) (includes [8.0.3](https://wiki.qemu.org/ChangeLog/8.0), [7.2.3](https://wiki.qemu.org/ChangeLog/7.2))) -- SDK: qemu-guest-agent ([8.0.3](https://wiki.qemu.org/ChangeLog/8.0#Guest_agent) (includes [8.0.0](https://wiki.qemu.org/ChangeLog/8.0#Guest_agent))) -- VMWARE: libdnet ([1.16.2](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.2) (includes [1.16](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16))) -- VMware: open-vm-tools ([12.3.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0) (includes [12.2.5](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.5))) -- XZ Utils ([5.4.3](https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=2f4d35adca6198671434d2988803cc9316ad1ec8;hb=dbb3a536ed9873ffa0870321f6873e564c6a9da8)) -- afterburn ([5.5.0](https://github.com/coreos/afterburn/releases/tag/v5.5.0)) -- bind-tools ([9.16.42](https://bind9.readthedocs.io/en/v9.16.42/notes.html#notes-for-bind-9-16-42) (includes [9.16.41](https://bind9.readthedocs.io/en/v9.16.41/notes.html#notes-for-bind-9-16-41))) -- binutils ([2.40](https://lists.gnu.org/archive/html/info-gnu/2023-01/msg00003.html)) -- bpftool ([6.3](https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/log/tools/bpf/bpftool?h=v6.3)) -- c-ares ([1.19.1](https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1)) -- cJSON ([1.7.16](https://github.com/DaveGamble/cJSON/releases/tag/v1.7.16)) -- ca-certificates ([3.96.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html) (includes [3.96](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96.html))) -- checkpolicy ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5)) -- cifs-utils ([7.0](https://lists.samba.org/archive/samba-technical/2022-August/137528.html)) -- containerd ([1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7) (includes [1.7.6](https://github.com/containerd/containerd/releases/tag/v1.7.6), [1.7.5](https://github.com/containerd/containerd/releases/tag/v1.7.5), [1.7.4](https://github.com/containerd/containerd/releases/tag/v1.7.4), [1.7.3](https://github.com/containerd/containerd/releases/tag/v1.7.3), [1.7.2](https://github.com/containerd/containerd/releases/tag/v1.7.2))) -- coreutils ([9.3](https://lists.gnu.org/archive/html/info-gnu/2023-04/msg00006.html) (includes [9.1](https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v9.1))) -- cryptsetup ([2.6.1](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.1/docs/v2.6.1-ReleaseNotes) (includes [2.6.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.0/docs/v2.6.0-ReleaseNotes), [2.5.0](https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.5.0/docs/v2.5.0-ReleaseNotes))) -- curl ([8.4.0](https://curl.se/changes.html#8_4_0) (includes [8.3.0](https://curl.se/changes.html#8_3_0), [8.2.1](https://curl.se/changes.html#8_2_1), [8.2.0](https://curl.se/changes.html#8_2_0), [8.1.2](https://curl.se/changes.html#8_1_2), [8.1.0](https://curl.se/changes.html#8_1_0))) -- debianutils ([5.7](https://metadata.ftp-master.debian.org/changelogs//main/d/debianutils/debianutils_5.7-0.4_changelog)) -- diffutils ([3.10](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00009.html)) -- elfutils ([0.189](https://sourceware.org/pipermail/elfutils-devel/2023q1/006023.html)) -- ethtool ([6.4](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.4) (includes [6.3](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/commit/?id=7bdf78f0d2a9ae1571fe9444e552490130e573fd), [6.2](https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.2))) -- gawk ([5.2.2](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00008.html)) -- gcc ([13.2](https://gcc.gnu.org/gcc-13/changes.html)) -- gdb ([13.2](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00011.html)) -- gdbm ([1.23](https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00004.html)) -- git ([2.41.0](https://lore.kernel.org/git/xmqqleh3a3wm.fsf@gitster.g/) (includes [2.39.3](https://github.com/git/git/blob/v2.39.3/Documentation/RelNotes/2.39.3.txt))) -- glib ([2.76.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.4) (includes [2.76.3](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.3), [2.76.2](https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.2))) -- glibc ([2.37](https://sourceware.org/git/?p=glibc.git;a=tag;h=refs/tags/glibc-2.37)) -- gmp ([6.3.0](https://gmplib.org/gmp6.3)) -- gptfdisk ([1.0.9](https://sourceforge.net/p/gptfdisk/code/ci/1d46f3723bc25f5598266f7d9a3548af3cee0c77/tree/NEWS)) -- grep ([3.8](http://savannah.gnu.org/forum/forum.php?forum_id=10227) (includes [3.11](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00004.html))) -- grub ([2.06](https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00022.html)) -- gzip ([1.13](https://savannah.gnu.org/news/?id=10501)) -- hwdata ([0.373](https://github.com/vcrhonek/hwdata/commits/v0.373) (includes [0.372](https://github.com/vcrhonek/hwdata/commits/v0.372), [0.371](https://github.com/vcrhonek/hwdata/commits/v0.371), [0.367](https://github.com/vcrhonek/hwdata/releases/tag/v0.367))) -- inih ([57](https://github.com/benhoyt/inih/releases/tag/r57) (includes [56](https://github.com/benhoyt/inih/releases/tag/r56))) -- intel-microcode ([20230808](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808) (includes [20230613](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230613), [20230512](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230512))) -- iperf ([3.14](https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-314-2023-07-07)) -- iproute2 ([6.4.0](https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v6.4.0) (includes [6.3.0](https://lwn.net/Articles/930473/), [6.2](https://lwn.net/Articles/923952/))) -- ipset ([7.17](https://git.netfilter.org/ipset/tree/ChangeLog?id=186f9b57c60bb53aae5f6633eff1e9d5e9095c3e)) -- kbd ([2.6.1](https://github.com/legionus/kbd/releases/tag/v2.6.1) (includes [2.6.0](https://github.com/legionus/kbd/releases/tag/v2.6.0), [2.5.1](https://github.com/legionus/kbd/releases/tag/v2.5.1))) -- kexec-tools ([2.0.24](https://github.com/horms/kexec-tools/releases/tag/v2.0.24)) -- kmod ([30](https://lwn.net/Articles/899526/)) -- ldb ([2.4.4](https://gitlab.com/samba-team/samba/-/commit/b686ef00da46d4a0c0aba0c61b1866cbc9b462b6) (includes [2.4.3](https://gitlab.com/samba-team/samba/-/commit/604f94704f30e90ef960aa2be62a14d2e614a002), [2.4.2](https://gitlab.com/samba-team/samba/-/commit/d93892d2e8ed69758c15ab18bc03bba09e715bc6))) -- less ([633](http://www.greenwoodsoftware.com/less/news.633.html) (includes [632](http://www.greenwoodsoftware.com/less/news.632.html))) -- libarchive ([3.7.1](https://github.com/libarchive/libarchive/releases/tag/v3.7.1) (includes [3.7.0](https://github.com/libarchive/libarchive/releases/tag/v3.7.0))) -- libassuan ([2.5.6](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libassuan.git;a=blob;f=NEWS;h=e52bb5dd36ac93ea227e53e89f82af9ccf38f339;hb=6b50ee6bcdd6aa81bd7cc3fb2379864c3ed479b8)) -- libbsd ([0.11.7](https://lists.freedesktop.org/archives/libbsd/2022-October/000337.html)) -- libcap ([2.69](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe)) -- libgcrypt ([1.10.2](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=c9a239615f8070427a96688b1be40a81e59e9b8a;hb=1c5cbacf3d88dded5063e959ee68678ff7d0fa56) (includes [1.10.1](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=03132c2a115e35783a782c64777cf5f5b1a2825f;hb=ae0e567820c37f9640440b3cff77d7c185aa6742))) -- libgpg-error ([1.47](https://dev.gnupg.org/T6231) (includes [1.46](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;h=14b0ba97d6ba2b10b3178f2e4a3e24bfc2355bb3;hb=ea031873aa9642831017937fd33e9009d514ee07))) -- libksba ([1.6.4](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=blob;f=NEWS;h=f640523209c1c9ce9855040e53914a79d24d6a67;hb=557999424ebd13e70d6fc17e648a5dd2a06f440b)) -- libmd ([1.1.0](https://git.hadrons.org/cgit/libmd.git/log/?h=1.1.0)) -- libmicrohttpd ([0.9.77](https://gitlab.com/libmicrohttpd/libmicrohttpd/-/releases/v0.9.77) (includes [0.9.76](https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html))) -- libnftnl ([1.2.6](https://git.netfilter.org/libnftnl/log/?h=libnftnl-1.2.6) (includes [1.2.5](https://git.netfilter.org/libnftnl/log/?h=libnftnl-1.2.5))) -- libnl ([3.8.0](https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0)) -- libnvme ([1.5](https://github.com/linux-nvme/libnvme/releases/tag/v1.5)) -- libpcap ([1.10.4](https://github.com/the-tcpdump-group/libpcap/blob/24832dd2728bd95ed9b9464ef27b47a943c38003/CHANGES#L51)) -- libpcre ([8.45](https://www.pcre.org/original/changelog.txt)) -- libpipeline ([1.5.7](https://gitlab.com/libpipeline/libpipeline/-/tags/1.5.7)) -- libselinux ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5)) -- libsemanage ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5)) -- libsepol ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5)) -- libtirpc ([1.3.4](https://marc.info/?l=linux-nfs&m=169667640909830&w=2)) -- libusb ([1.0.26](https://github.com/libusb/libusb/blob/v1.0.26/ChangeLog)) -- libuv ([1.46.0](https://github.com/libuv/libuv/releases/tag/v1.46.0) (includes [1.45.0](https://github.com/libuv/libuv/releases/tag/v1.45.0))) -- libxml2 ([2.11.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5) (includes [2.11.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4))) -- lsof ([4.98.0](https://github.com/lsof-org/lsof/blob/4.98.0/00DIST#L5471)) -- lua ([5.4.6](https://www.lua.org/manual/5.4/readme.html#changes) (includes [5.4.4](https://www.lua.org/manual/5.4/readme.html#changes))) -- mit-krb5 ([1.21.2](http://web.mit.edu/kerberos/krb5-1.21/)) -- multipath-tools ([0.9.5](https://github.com/opensvc/multipath-tools/commits/0.9.5)) -- ncurses ([6.4](https://invisible-island.net/ncurses/announce.html#h2-release-notes)) -- nettle ([3.9.1](https://git.lysator.liu.se/nettle/nettle/-/blob/nettle_3.9.1_release_20230601/ChangeLog)) -- nmap ([7.94](https://nmap.org/changelog.html#7.94)) -- nvidia-drivers ([535.104.05](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-535-104-05/index.html)) -- nvme-cli ([2.5](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.5) (includes [2.3](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.3))) -- open-isns ([0.102](https://github.com/open-iscsi/open-isns/blob/v0.102/ChangeLog)) -- openldap ([2.6.4](https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_4/CHANGES) (includes [2.6.3](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/FQJM2JSSSOMLQH7XC7Q5IZJYOGCTV2LK/), [2.6](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/IHS5V46H6NFNFUERMC6AWMPHTWRVNLFA/), [2.5.14](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/), [2.5](https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/BH3VDPG6IYYF5L5U6LZGHHKMJY5HFA3L/))) -- openssh ([9.5p1](https://www.openssh.com/releasenotes.html#9.5p1) (includes [9.4p1](https://www.openssh.com/releasenotes.html#9.4p1))) -- parted ([3.6](https://git.savannah.gnu.org/gitweb/?p=parted.git;a=blob;f=NEWS;h=52bb11697039f70e55120c571750f9ee761a75aa;hb=3b5f327b213d21e9adb9ba933c78dd898fee5b1d)) -- pax-utils ([1.3.7](https://gitweb.gentoo.org/proj/pax-utils.git/log/?h=v1.3.7)) -- pciutils ([3.9.0](https://github.com/pciutils/pciutils/releases/tag/v3.9.0) (includes [3.10.0](https://github.com/pciutils/pciutils/blob/v3.10.0/ChangeLog))) -- pigz ([2.8](https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html)) -- policycoreutils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5)) -- popt ([1.19](https://github.com/rpm-software-management/popt/releases/tag/popt-1.19-release)) -- procps ([4.0.4](https://gitlab.com/procps-ng/procps/-/releases/v4.0.4) (includes [4.0.3](https://gitlab.com/procps-ng/procps/-/releases/v4.0.3), [4.0.0](https://gitlab.com/procps-ng/procps/-/releases/v4.0.0))) -- protobuf ([21.9](https://github.com/protocolbuffers/protobuf/releases/tag/v21.9)) -- psmisc ([23.6](https://gitlab.com/psmisc/psmisc/-/blob/v23.6/ChangeLog)) -- quota ([4.09](https://sourceforge.net/p/linuxquota/code/ci/87d2fd7635e4bca54fa2a00b8d5b073ba9ca521b/tree/Changelog)) -- rpcsvc-proto ([1.4.4](https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.4)) -- runc ([1.1.9](https://github.com/opencontainers/runc/releases/tag/v1.1.9) (includes [1.1.8](https://github.com/opencontainers/runc/releases/tag/v1.1.8))) -- samba ([4.18.4](https://wiki.samba.org/index.php/Samba_4.18_Features_added/changed#Samba_4.18.4)) -- sed ([4.9](https://lists.gnu.org/archive/html/info-gnu/2022-11/msg00001.html)) -- selinux-base ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101)) -- selinux-base-policy ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101)) -- selinux-container ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101)) -- selinux-sssd ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101)) -- selinux-unconfined ([2.20221101](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101)) -- semodule-utils ([3.5](https://github.com/SELinuxProject/selinux/releases/tag/3.5)) -- smartmontools ([7.3](https://github.com/smartmontools/smartmontools/releases/tag/RELEASE_7_3)) -- sqlite ([3.42.0](https://sqlite.org/releaselog/3_42_0.html)) -- strace ([6.4](https://github.com/strace/strace/releases/tag/v6.4) (includes [6.3](https://github.com/strace/strace/releases/tag/v6.3), [6.2](https://github.com/strace/strace/releases/tag/v6.2))) -- sudo ([1.9.13p3](https://www.sudo.ws/releases/stable/#1.9.13p3)) -- talloc ([2.4.0](https://gitlab.com/samba-team/samba/-/commit/5224ed98eeba43f22b5f5f87de5947fbb1c1c7c1) (includes [2.3.4](https://gitlab.com/samba-team/samba/-/commit/0189ccf9fc3d2a77cc83cffe180e307bcdccebb4))) -- tar ([1.35](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html)) -- tdb ([1.4.8](https://gitlab.com/samba-team/samba/-/commit/eab796a4f9172e602dc262f3c99ead35b35929e7) (includes [1.4.7](https://gitlab.com/samba-team/samba/-/commit/27ceb1c3ad786386e746a5e2968780d791393b9e), [1.4.6](https://gitlab.com/samba-team/samba/-/commit/1c776e54cf33b46b2ed73263f093d596a0cdbb2f))) -- tevent ([0.14.1](https://gitlab.com/samba-team/samba/-/commit/d80f28b081e515e32a480daf80b42cf782447a9c) (includes [0.14.0](https://gitlab.com/samba-team/samba/-/commit/3c6d28ebae27dba8e40558ae37ae8138ea0b4bdc), [0.13.0](https://gitlab.com/samba-team/samba/-/commit/63d4db63feda920c8020f8484a8b31065b7f1380), [0.12.1](https://gitlab.com/samba-team/samba/-/commit/53692735c733d01acbd953641f831a1f5e0cf6c5), [0.12.0](https://gitlab.com/samba-team/samba/-/tags/tevent-0.12.0))) -- usbutils ([015](https://github.com/gregkh/usbutils/blob/79b796f945ea7d5c2b0e2a74f9b8819cb7948680/NEWS)) -- userspace-rcu ([0.14.0](https://github.com/urcu/userspace-rcu/blob/v0.13.2/ChangeLog)) -- util-linux ([2.38.1](https://github.com/util-linux/util-linux/releases/tag/v2.38.1)) -- vim ([9.0.1678](https://github.com/vim/vim/commits/v9.0.1678) (includes [9.0.1677](https://github.com/vim/vim/commits/v9.0.1677), [9.0.1503](https://github.com/vim/vim/commits/v9.0.1503))) -- wget ([1.21.4](https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00003.html)) -- whois ([5.5.18](https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog) (includes [5.5.17](https://github.com/rfc1036/whois/commit/bac7108b01cfd54c517444efa1239e10e6edd5a4))) -- xfsprogs ([6.4.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.4.0) (includes [6.3.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.3.0))) -- zstd ([1.5.5](https://github.com/facebook/zstd/releases/tag/v1.5.5)) - - -**Changes since Beta-3760.1.1** - - #### Security fixes: - - - Linux ([CVE-2023-1193](https://nvd.nist.gov/vuln/detail/CVE-2023-1193), [CVE-2023-51779](https://nvd.nist.gov/vuln/detail/CVE-2023-51779), [CVE-2023-51780](https://nvd.nist.gov/vuln/detail/CVE-2023-51780), [CVE-2023-51781](https://nvd.nist.gov/vuln/detail/CVE-2023-51781), [CVE-2023-51782](https://nvd.nist.gov/vuln/detail/CVE-2023-51782), [CVE-2023-6531](https://nvd.nist.gov/vuln/detail/CVE-2023-6531), [CVE-2023-6606](https://nvd.nist.gov/vuln/detail/CVE-2023-6606), [CVE-2023-6622](https://nvd.nist.gov/vuln/detail/CVE-2023-6622), [CVE-2023-6817](https://nvd.nist.gov/vuln/detail/CVE-2023-6817), [CVE-2023-6931](https://nvd.nist.gov/vuln/detail/CVE-2023-6931)) - - #### Bug fixes: - - - AWS: Fixed the Amazon SSM agent that was crashing. ([Flatcar#1307](https://github.com/flatcar/Flatcar/issues/1307)) - - Fixed a bug resulting in coreos-cloudinit resetting the instance hostname to 'localhost' if no metadata could be found ([coreos-cloudinit#25](https://github.com/flatcar/coreos-cloudinit/pull/25), [Flatcar#1262](https://github.com/flatcar/Flatcar/issues/1262)), with contributions from [MichaelEischer](https://github.com/MichaelEischer) - - Fixed supplying extension update payloads with a custom base URL in Nebraska ([Flatcar#1281](https://github.com/flatcar/Flatcar/issues/1281)) - - -#### Updates -- Linux ([6.1.73](https://lwn.net/Articles/958343) (includes [6.1.72](https://lwn.net/Articles/957376), [6.1.71](https://lwn.net/Articles/957009), [6.1.70](https://lwn.net/Articles/956526), [6.1.69](https://lwn.net/Articles/955814), [6.1.68](https://lwn.net/Articles/954989), [6.1.67](https://lwn.net/Articles/954455))) -- ca-certificates ([3.96.1](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html) (includes [3.96](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96.html))) - -- Upgrade VPA components to 1.0.0 - - -### kubernetes [1.25.16](https://github.com/kubernetes/kubernetes/releases/tag/v1.25.16) - -> **DISCLAIMER:** Summary of upstream Kubernetes release notes generated with the help of ChatGPT - -Kubernetes version 1.25 introduces numerous enhancements and features to improve the stability, scalability, and security of the platform. Some highlights include: - -1. *Security Deep Dive* -- *Pod Security Admission (PSA):* PSA offers significant control and customization for security (Pod Security Polices are removed from the API): - - *Hierarchical Namespaces:* You can structure how policies are applied across your cluster's namespaces. - - *Three Levels of Enforcement:* Offers "enforce", "audit", and "warn" modes, giving you flexibility during migration and testing. - - *Flexible Policy Definition:* Policies are defined within Kubernetes itself, providing easier integration and management. - - *Migration Notes:* If you heavily rely on PSPs, investigate built-in replacement policies or consider developing custom PSA policies for complex requirements. -2. *Storage Deep Dive* - - *CSI Ephemeral Volume Support:Pod-level Temporary Storage:* Ideal for scratch space needed within the Pod's lifecycle (caches, build artifacts, etc.). - - *Volume Data Stays Local:* Data is written to the host node's filesystem, not a persistent storage backend. - - *CSI Drivers:* The specific implementation may vary depending on your CSI driver's capabilities. - - *Volume Expansion:Online Resizing:* You can change volume size while Pods are still using them. - - *Restrictions:* Not all storage providers may support this, and you may need to update your CSI drivers or storage classes. - - *Local Ephemeral Storage Capacity Isolation:Protects Node Resources:* Helps prevent Pods with ephemeral storage from overwhelming a node's storage capacity. - - *Improved Node Stability:* Ensures critical system components and other workloads aren't starved for storage resources. -3. *Additional Details* - - *cgroups v2 Support:Modern cgroups:* Improved resource accounting and control for container workloads, especially important in resource-constrained environments. You may need to make changes to your cluster configuration if you were customizing cgroup settings for version 1. - - *CRD Validation:Enforce Data Quality:* Ensures the data stored in Custom Resources adheres to your defined rules (structure, ranges, etc.). -4. *Important to Remember* -- *Experimental Features:* Version 1.25 likely contains other experimental features. Proceed with caution if you choose to implement them in production. -- *Tooling Impact:* Certain tools and integrations you use with your Kubernetes-as-a-Service might require updates to be compatible with the newer APIs and removals introduced in this version. - -These are just a few of the key highlights of Kubernetes 1.25. The release includes many other enhancements, bug fixes, and updates to existing features. - -Kubernetes version 1.25 to 1.25.16 includes several enhancements, bug fixes, and stability improvements. Some notable changes in this release range include: - -1. Stability improvements: Various enhancements have been made to improve the stability and reliability of the Kubernetes platform, addressing issues reported by users and community contributors. -2. Bug fixes: Numerous bugs have been fixed across different components of Kubernetes, including issues related to networking, storage, scheduling, and authentication. -3. Performance optimizations: Efforts have been made to optimize the performance of Kubernetes, resulting in improved resource utilization and responsiveness. -4. Security enhancements: Several security-related enhancements have been implemented to strengthen the overall security posture of Kubernetes, addressing vulnerabilities and improving security features. -5. API updates: Updates to the Kubernetes API have been introduced, including new features, improvements, and changes to existing resources and endpoints. -6. Deprecations and removals: Certain features, APIs, or components may have been deprecated or removed in this release, with guidance provided for users to adapt their configurations accordingly. -7. Documentation improvements: The documentation has been updated and expanded to provide more comprehensive guidance for users, administrators, and developers working with Kubernetes. - -Overall, Kubernetes 1.25 to 1.25.16 brings a range of improvements to enhance the stability, performance, security, and usability of the platform for users and administrators. - -Users are encouraged to review the [detailed release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md) for a comprehensive overview of the changes and to ensure compatibility with their existing deployments. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v8.2.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v8.2.0.md deleted file mode 100644 index ec8d4364c7..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v8.2.0.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v8.2.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v8.2.0 - version: 8.2.0 - version_tag: v8.2.0 -date: '2019-06-03T10:00:00' -description: Release notes for AWS workload cluster release v8.2.0, published on 03 - June 2019, 10:00. -title: Workload cluster release v8.2.0 for AWS ---- - - diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v8.5.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v8.5.0.md deleted file mode 100644 index f4ddd873ea..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v8.5.0.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v8.5.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v8.5.0 - version: 8.5.0 - version_tag: v8.5.0 -date: '2019-09-02T13:30:00' -description: Release notes for AWS workload cluster release v8.5.0, published on 02 - September 2019, 13:30. -title: Workload cluster release v8.5.0 for AWS ---- - -**IMPORTANT**: Due to cgroup restructure (change can be found [here](https://github.com/giantswarm/k8scloudconfig/pull/564)) and more resource reservation for core components, we are now switching to bigger master instance types (from m4.large to m4.xlarge). This adds some room for additional workload scheduling on master. -This release also contains multiple fixes to the private/public hosted zones which were altered in the previous release. In-Cluster communication between services and the Kubernetes API should now stay inside the VPC without issues. - -On the feature side, the release introduces an internal-api endpoint, which allows communication with Kubernetes API via the private network. This allows you, for example, to restrict public Kubernetes API access to Giant Swarm VPN addresses only and use internal API via peered networks. - -### aws-operator v5.4.0 -- Duplicate etcd recordset into public hosted zone. -- Add ingress internal load-balancer in private hosted zone. -- Use private subnets for internal Kubernetes API loadbalancer. -- Refactor Kubernetes API whitelisting with public/private subnets. -- Add internal-api recordset into public hosted zone. - -### cluster-operator v0.20.0 -- Install chart-operator from default app catalog. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.0.md deleted file mode 100644 index e6e4075bba..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.0.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.0.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.0.0 - version: 9.0.0 - version_tag: v9.0.0 -date: '2019-10-28T12:00:00' -description: Release notes for AWS workload cluster release v9.0.0, published on 28 - October 2019, 12:00. -title: Workload cluster release v9.0.0 for AWS ---- - -### Kubernetes v1.15.5 -- Updated from v1.14.6 - [changelog](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.15.md#kubernetes-v115-release-notes) -- Includes a fix for CVE-2019-11253 related to json/yaml decoding where large or malformed documents could consume excessive server resources. Request bodies for normal API requests (create/delete/update/patch operations of regular resources) are now limited to 3MB. - -### Calico v3.9.1 -- Updated from v3.8.2 - [changelog](https://docs.projectcalico.org/v3.9/release-notes/) - -### CoreOS Container Linux v2191.5.0 -- Updated from v2135.4.0 - [changelog](https://coreos.com/releases/#2191.5.0) - -### etcd v3.3.15 -- Updated from v3.3.13 - [changelog](https://github.com/etcd-io/etcd/blob/master/CHANGELOG-3.3.md#v3315-2019-08-19) - -### kube-state-metrics v1.8.0 ([GS v0.6.0](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#v060)) -- Updated from upstream `kube-state-metrics` v1.7.2 - [changelog](https://github.com/kubernetes/kube-state-metrics/blob/master/CHANGELOG.md#v180--2019-10-) - -### nginx-ingress-controller v0.26.1 ([GS v1.0.0](https://github.com/giantswarm/kubernetes-nginx-ingress-controller/blob/master/CHANGELOG.md#100)) -- Updated from upstream `ingress-nginx` v0.25.1 - [changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0261) -- **Note** Includes the following breaking changes - - The variable `$the_real_ip` was removed from template and default `log_format`. - - The default value of configmap setting `proxy-add-original-uri-header` is now `false`. - - When the setting `proxy-add-original-uri-header` is `true`, the ingress controller adds a new header `X-Original-Uri` with the value of NGINX variable `$request_uri`. In most of the cases this is not an issue but with request with long URLs it could lead to unexpected errors in the application defined in the `Ingress` `serviceName`, like issue https://github.com/kubernetes/ingress-nginx/issues/4593. - -### coreDNS v1.6.4 ([GS v0.8.0](https://github.com/giantswarm/coredns-app/blob/master/CHANGELOG.md#v080)) -- Updated from upstream `coredns` v1.6.2 - [changelog](https://coredns.io/2019/09/27/coredns-1.6.4-release/) - -### Cluster Autoscaler v1.15.2 ([GS v0.9.0](https://github.com/giantswarm/cluster-autoscaler-app/blob/master/CHANGELOG.md#v090)) -- Updated from upstream `Cluster Autoscaler` v1.14.3 - [changelog](https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.15.2) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.1.md deleted file mode 100644 index 6b755b05f9..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.1.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.0.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.0.1 - version: 9.0.1 - version_tag: v9.0.1 -date: '2020-03-27T19:00:00' -description: Release notes for AWS workload cluster release v9.0.1, published on 27 - March 2020, 19:00. -title: Workload cluster release v9.0.1 for AWS ---- - -This release includes Kubernetes v1.15.11 as well as some reliability and user experience improvements. -We highly recommend you to upgrade to this release if you want to continue running on Kubernetes 1.15 for now. - -This is also the first release which is internally represented by our [Release CRD](https://docs.giantswarm.io/reference/cp-k8s-api/releases.release.giantswarm.io/). This is done in preparation of opening up the control plane to you. - ---- - -**Note** If you are upgrading from 8.5.0 or 9.0.0: - -Configuration that used to be on the Tenant Cluster has been moved to the Control Plane. - -Services like the `nginx-ingress-controller`, `coredns`, and `cluster-autoscaler` -are no longer configurable through ConfigMaps on the tenant cluster. - -Existing ConfigMaps will be automatically migrated when you upgrade, however if -you do not have access to the Control Plane API you will not be able to -manually configure these services. - -e.g: If you had a cluster with id `e05c8`, then you'll find your -`nginx-ingress-controller-user-values` configmap now in a namespace called `e05c8` -on the Control Plane. - -Please contact your Solution Engineer for more information. - ---- - -This release includes multiple improvements to the NGINX Ingress Controller app: -1. It upgrades to upstream ingress-nginx `v0.30.0`. -2. Optional metrics Service for prometheus-operator support was added. This allows prometheus-operator to scrape metrics to monitor the app. -3. NGINX IC SSL support for old browsers and clients (e.g. Safari 9) is dropped. This is due to default SSL ciphers no longer including AES-CBC based ciphers since they are considered weak. At your own risk, weak ciphers can still be enabled on demand independently for each cluster. - -Below, you can find more details on components that were changed with this release. - -### Kubernetes [v1.15.11](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.15.md#changelog-since-v11510) -- Updated from v1.15.5. -- Includes fixes for CVE-2020-8551 and CVE-2020-8552. -- Fixed a regression where the kubelet would fail to update the ready status of pods. -- Various other improvements to the management of cloud and cluster resources. - -### aws-operator [v5.5.1](https://github.com/giantswarm/aws-operator/releases/tag/v5.5.1) -- Streamlined image templating for core components for quicker and easier releases in the future. -- Enabled per-cluster configuration of kube-proxy's `conntrackMaxPerCore` parameter. - -### cert-exporter (GS [v1.2.1](https://github.com/giantswarm/cert-exporter/blob/master/CHANGELOG.md#121-2019-12-24)) - -- Removed CPU limits. - -### chart-operator [v0.12.1](https://github.com/giantswarm/chart-operator/releases/tag/v0.12.1) - -- Removed usage of legacy chartconfig CRs in Tiller metrics. -- Added chartmigration resource for migrating from chartconfig to chart CRs. -- Updated release resource. - - Do not wait when installing or updating long running Helm releases. - - Use version field from chart CR to reduce number of HTTP requests to pull chart tarballs. - - Wait for deleted Helm release before removing finalizer. -- Updated status resource. - - Improve reason field in CR status when installing a chart fails. -- Removed legacy chartconfig controller. -- Allowed usage of custom kubernetes domain. -- Handled timeouts pulling chart tarballs. -- Removed CPU limits. -- Updated for Kubernetes 1.16 compatibility. -- Cancelled the resource reconciliation in case of tarball errors. - -### cluster-autoscaler v1.16.2 (GS [v1.1.4](https://github.com/giantswarm/cluster-autoscaler-app/blob/master/CHANGELOG.md#v114-2020-02-05)) - -- Increased memory request and limits to 400MB. -- Added CSINode access to RBAC role. -- Updated for Kubernetes 1.16 compatibility. -- Removed CPU limits. -- Updated to upstream version 1.16.2. - - -### cluster-operator [v0.23.8](https://github.com/giantswarm/cluster-operator/releases/tag/v0.23.8) - -- Stop setting IC replicas count. -- Fix cluster deletion by gracefully handling Tenant Cluster API errors. -- Initial cluster profile detection support. - -### coredns v1.6.5 ([Giant Swarm app v1.1.8](https://github.com/giantswarm/coredns-app/blob/master/CHANGELOG.md#v118-2020-03-20)) - -- Updated coredns to upstream version 1.6.5. -- Removed CPU limits. -- Updated for Kubernetes 1.16 compatibility. -- Make `autopath` plugin configurable, optional and disabled by default. -- Allow custom forward configuration destination and options. -- Add Pod Disruption Budget. -- Use cluster.kubernetes.clusterDomain instead of cluster.kubernetes.domain for custom DNS suffix. - -### kube-state-metrics v1.9.5 ([Giant Swarm app v1.0.5](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#v105)) - -- Updated to upstream version 1.9.5 for some stability fixes. -- Updated for Kubernetes 1.16 compatibility. -- Removed addon resizer sidecar container. -- Removed CPU and memory limits. - -### metrics-server v0.3.3 ([Giant Swarm app v1.0.0](https://github.com/giantswarm/metrics-server-app/blob/master/CHANGELOG.md#v100-2020-01-03)) - -- Updated for Kubernetes 1.16 compatibility. - -### nginx-ingress-controller v0.30.0 ([Giant Swarm app v1.6.5](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v165-2020-03-23)) - -- Enabled HorizontalPodAutoscaler by default for selected cluster profiles. -- Updated from upstream `ingress-nginx` v0.26.1 - for details see the [changelog](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.30.0). -- Configured app icon. -- Added optional metrics Service (disabled by default) for prometheus-operator support. -- Added support for overriding all nginx [configmap settings](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md#configuration-options). - -### node-exporter v0.18.1 ([Giant Swarm app v1.2.0](https://github.com/giantswarm/node-exporter-app/blob/master/CHANGELOG.md#120-2020-01-08)) - -- Updated to upstream version 0.18.1. -- Changed priority class to `system-node-critical`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.10.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.10.md deleted file mode 100644 index c7c3a64a57..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.10.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.0.10/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.0.10 - version: 9.0.10 - version_tag: v9.0.10 -date: '2020-08-20T10:34:28' -description: Release notes for AWS workload cluster release v9.0.10, published on - 20 August 2020, 10:34. -title: Workload cluster release v9.0.10 for AWS ---- - -This release provides a new aws-operator which is fixing an issue with overlapping networks when creating legacy clusters together with node pools clusters. - -## Change details - -### aws-operator [5.5.6](https://github.com/giantswarm/aws-operator/releases/tag/v5.5.6) - -- Check node pools clusters for reserved subnets. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.2.md deleted file mode 100644 index 1d624e1e99..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.2.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.0.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.0.2 - version: 9.0.2 - version_tag: v9.0.2 -date: '2020-04-14T12:00:00' -description: Release notes for AWS workload cluster release v9.0.2, published on 14 - April 2020, 12:00. -title: Workload cluster release v9.0.2 for AWS ---- - -**If you are upgrading from 9.0.1, upgrading to this release will not roll your nodes. It will only update the apps.** - ---- - -**Note** If you are upgrading from 8.5.0 or 9.0.0: - -Configuration that used to be on the Tenant Cluster has been moved to the Control Plane. - -Services like the `nginx-ingress-controller`, `coredns`, and `cluster-autoscaler` -are no longer configurable through ConfigMaps on the tenant cluster. - -Existing ConfigMaps will be automatically migrated when you upgrade, however if -you do not have access to the Control Plane API you will not be able to -manually configure these services. - -e.g: If you had a cluster with id `e05c8`, then you'll find your -`nginx-ingress-controller-user-values` configmap now in a namespace called `e05c8` -on the Control Plane. - -Please contact your Solution Engineer for more information. - ---- - -This release improves the reliability of NGINX Ingress Controller. Most important, termination configuration was adjusted so that active connections now get drained gracefully. - -Below, you can find more details on components that were changed with this release. - -### nginx-ingress-controller v0.30.0 ([Giant Swarm app v1.6.8](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v168-2020-04-09)) - -- Aligned graceful termination configuration with changes done in upstream [ingress-nginx 0.26.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.26.0) - - Use `wait-shutdown` as preStop hook - - Make `terminationGracePeriodSeconds` configurable - - Set `terminationGracePeriodSeconds` by default to 5min, to align with 270 second default `worker-shutdown-timeout`. -- Default `max-worker-connections` to `0`, making it same as `max-worker-open-files` i.e. `max open files (system's limit) / worker-processes - 1024`. - This optimizes for high load conditions where it improves performance at the cost of increasing RAM utilization (even on idle). -- HorizontalPodAutoscaler was tuned to use `targetMemoryUtilizationPercentage` of `80` due to increased RAM utilization with new default for `max-worker-connections` of `0`. -- Changed default `error-log-level` from `error` to `notice`. -- Removed use of `enable-dynamic-certificates` CLI flag, it has been deprecated since [ingress-nginx 0.26.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0260) via [ingress-nginx PR #4356](https://github.com/kubernetes/ingress-nginx/pull/4356). -- Added a link to the README in the sources of Chart.yaml diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.3.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.3.md deleted file mode 100644 index f5e0947eab..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.3.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.0.3/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.0.3 - version: 9.0.3 - version_tag: v9.0.3 -date: '2020-04-23T12:00:00' -description: Release notes for AWS workload cluster release v9.0.3, published on 23 - April 2020, 12:00. -title: Workload cluster release v9.0.3 for AWS ---- - -**If you are upgrading from 9.0.2, upgrading to this release will not roll your nodes. It will only update the apps.** - ---- - -**Note** If you are upgrading from 8.5.0 or 9.0.0: - -Configuration that used to be on the Tenant Cluster has been moved to the Control Plane. - -Services like the `nginx-ingress-controller`, `coredns`, and `cluster-autoscaler` -are no longer configurable through ConfigMaps on the tenant cluster. - -Existing ConfigMaps will be automatically migrated when you upgrade, however if -you do not have access to the Control Plane API you will not be able to -manually configure these services. - -e.g: If you had a cluster with id `e05c8`, then you'll find your -`nginx-ingress-controller-user-values` configmap now in a namespace called `e05c8` -on the Control Plane. - -Please contact your Solution Engineer for more information. - ---- - -This release improves the reliability of NGINX Ingress Controller. Most importantly, kernel and app settings have been tuned to increase out-of-the-box performance. The app's Helm chart was also adjusted to improve its availability when rolling out configuration changes. - -This version also includes improvements to other components (chart-operator) as detailed in the changelog. - -Below, you can find more details on components that were changed with this release. - -### chart-operator [v0.13.0](https://github.com/giantswarm/chart-operator/blob/master/CHANGELOG.md#v0130-2020-04-21) - -- Fix update state calculation and status resource for long running deployments. -- Handle 503 responses when GitHub Pages is unavailable. -- Make HTTP client timeout configurable for pulling chart tarballs in AWS China. -- Switch from dep to go modules. -- Fix problem pushing chart to default app catalog. -- Always set chart CR annotations so update state calculation is accurate. -- Only update failed Helm releases if the chart values or version has changed. -- Deploy as a unique app in app collection in control plane clusters. - -### nginx-ingress-controller v0.30.0 ([Giant Swarm app v1.6.9](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v169-2020-04-22)) - -- Restricted PodSecurityPolicy volumes to only those required (removes wildcard). -- Tuned `net.ipv4.ip_local_port_range` to `1024 65535` as a safe sysctl. -- Tuned `net.core.somaxconn` to `32768` via an initContainer with privilege escalation. -- Default `worker-processes` to `4`. -- Default `max-worker-connections` to upstream default (currently `16384`). -- Ignore NGINX IC Deployment replica count configuration when HorizontalPodAutoscaler is enabled. -- Dropped unnecessary Helm release revision annotation from NGINX IC Deployment. -- Adjusted README for display in the web interface context. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.4.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.4.md deleted file mode 100644 index d6e45aac50..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.4.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.0.4/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.0.4 - version: 9.0.4 - version_tag: v9.0.4 -date: '2020-05-06T13:00:00' -description: Release notes for AWS workload cluster release v9.0.4, published on 06 - May 2020, 13:00. -title: Workload cluster release v9.0.4 for AWS ---- - -**Note** If you are upgrading from 8.5.0 or 9.0.0: - -Configuration that used to be on the Tenant Cluster has been moved to the Control Plane. - -Services like the `nginx-ingress-controller`, `coredns`, and `cluster-autoscaler` -are no longer configurable through ConfigMaps on the tenant cluster. - -Existing ConfigMaps will be automatically migrated when you upgrade, however if -you do not have access to the Control Plane API you will not be able to -manually configure these services. - -e.g: If you had a cluster with id `e05c8`, then you'll find your -`nginx-ingress-controller-user-values` configmap now in a namespace called `e05c8` -on the Control Plane. - -Please contact your Solution Engineer for more information. - ---- - -## aws-operator [v5.5.2](https://github.com/giantswarm/aws-operator/releases/tag/v5.5.2) - -- Relax error matching for Kubernetes API connection errors diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.5.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.5.md deleted file mode 100644 index f0ddf8615a..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.5.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.0.5/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.0.5 - version: 9.0.5 - version_tag: v9.0.5 -date: '2020-05-12T11:00:00' -description: Release notes for AWS workload cluster release v9.0.5, published on 12 - May 2020, 11:00. -title: Workload cluster release v9.0.5 for AWS ---- - -This release fixes a rare bug that would prevent the NGINX IC from being installed on a new cluster. - -This bug would only occur on cluster creation if you had a nginx-ingress-controller-user-values configmap in the kube-system namespace while the cluster was still initialising. - -Solution Engineers have already done the manual fix for affected customers. - -It also modifies release templates to support the coming upgrade to Helm 3. - -**Note to SEs when upgrading from 8.5.0 or 9.0.0:** Existing customer automation or processes that manage the configuration of coredns, nginx-ingress-controller, or cluster-autoscaler must be modified in order to work with the changed location and format of the *-user-values configmaps. Please see our docs on [Tenant Cluster Release Versions: Versions that use the App Platform](https://docs.giantswarm.io/reference/release-versions/#versions-that-use-the-app-platform) for more details. - -**Note for future 9.0.x releases:** Please include this note and the one above in all future 9.0.x releases. - -## cluster-operator [v0.23.9](https://github.com/giantswarm/cluster-operator/releases/tag/v0.23.9) - -- Fix a bug in user values migration logic for apps. - -## cert-exporter (GS [v1.2.2](https://github.com/giantswarm/cert-exporter/blob/master/CHANGELOG.md#v122-2020-04-01)) - -- Change daemonset to use release revision not time for Helm 3 support. - -## net-exporter [v1.7.1](https://github.com/giantswarm/net-exporter/blob/master/CHANGELOG.md#v171-2020-04-01) - -- Change daemonset to use release revision not time for Helm 3 support. -- Only set hosts arg if a value is present. -- Remove label from role ref in cluster role binding. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.6.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.6.md deleted file mode 100644 index 87107c00b4..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.6.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.0.6/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.0.6 - version: 9.0.6 - version_tag: v9.0.6 -date: '2020-06-02T11:00:00' -description: Release notes for AWS workload cluster release v9.0.6, published on 02 - June 2020, 11:00. -title: Workload cluster release v9.0.6 for AWS ---- - -This release [replaces CoreOS with Flatcar Container Linux](https://www.giantswarm.io/blog/time-to-catch-a-new-train-flatcar-linux). -CoreOS has gone [end-of-life](https://coreos.com/os/eol/) and is being rapidly phased out. -Flatcar is a compatible fork of CoreOS which receives ongoing support. -To continue receiving security updates and to minimize the effort needed to migrate in the future, we recommend upgrading to this release. - -**Note to SEs when upgrading from 8.5.0 or 9.0.0:** Existing customer automation or processes that manage the configuration of coredns, nginx-ingress-controller, or cluster-autoscaler must be modified in order to work with the changed location and format of the *-user-values configmaps. Please see our docs on [Tenant Cluster Release Versions: Versions that use the App Platform](https://docs.giantswarm.io/reference/release-versions/#versions-that-use-the-app-platform) for more details. - -**Note for future 9.0.x releases:** Please include this note and the one above in all future 9.0.x releases. - -Below, you can find more details on components that were changed with this release. - -### aws-operator [v5.5.3](https://github.com/giantswarm/aws-operator/releases/tag/v5.5.3) -- Fixed issue with kube-proxy's `conntrackMaxPerCore` parameter not taking effect. - -### Calico [v3.9.6](https://docs.projectcalico.org/archive/v3.9/release-notes/) -- Updated from Calico v3.9.1. -- Fixed IPv6 rogue router advertisement vulnerability CVE-2020-13597. See [security bulletin](https://www.projectcalico.org/security-bulletins/) for more information. - -### Flatcar Container Linux [v2512.2.0](https://www.flatcar-linux.org/releases/#release-2512.2.0) -- Updated from CoreOS Container Linux 2191.5.0. -- Updated Linux Kernel to 4.19.124. - -### Kubernetes [v1.15.12](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.15.md#changelog-since-v11511) -- Updated from v1.15.11. - -### nginx-ingress-controller v0.30.0 ([Giant Swarm app v1.6.12](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v1612-2020-06-04)) - -- Made healthcheck probes configurable. -- Made liveness probe more resilient. -- Aligned labels using `app.kubernetes.io/name` instead of `k8s-app` where possible. `k8s-app` remains to be used for compatibility reasons as selectors are not modifiable without recreating the Deployment. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.7.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.7.md deleted file mode 100644 index 6a6280679e..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.7.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.0.7/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.0.7 - version: 9.0.7 - version_tag: v9.0.7 -date: '2020-07-15T12:00:00' -description: Release notes for AWS workload cluster release v9.0.7, published on 15 - July 2020, 12:00. -title: Workload cluster release v9.0.7 for AWS ---- - -This release updates managed apps to the latest releases. - -**Note to SEs when upgrading from 8.5.0 or 9.0.0:** Existing customer automation or processes that manage the configuration of coredns, nginx-ingress-controller, or cluster-autoscaler must be modified in order to work with the changed location and format of the *-user-values configmaps. Please see our docs on [Tenant Cluster Release Versions: Versions that use the App Platform](https://docs.giantswarm.io/reference/release-versions/#versions-that-use-the-app-platform) for more details. - -**Note for future 9.0.x releases:** Please include this note and the one above in all future 9.0.x releases. - -Below, you can find more details on components that were changed with this release. - -### cert-exporter [v1.2.3](https://github.com/giantswarm/cert-exporter/blob/master/CHANGELOG.md#v123-2020-05-15) - -- Updated prometheus/client_golang dependency. -- Migrated from dep to go modules. -- Moved to App deployment. - -### cluster-autoscaler v1.16.5 ([Giant Swarm app v1.16.0](https://github.com/giantswarm/cluster-autoscaler-app/blob/master/CHANGELOG.md#v1160-2020-05-26)) - -- Upgraded upstream cluster-autoscaler from v1.16.2 to v1.16.5 - [changelog](https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.16.5). -- Set `scan-interval` to 30 seconds (from 10 seconds) to save resources. -- Set `scale-down-unneeded-time` to 5 minutes (from the default of 10 minutes) to release unneeded nodes earlier. -- Lower `scaleDownUtilizationThreshold` to 0.5. - -### cluster-operator [v0.23.12](https://github.com/giantswarm/cluster-operator/releases/tag/v0.23.12) - -- Align with NGINX IC App 1.7.0, move of LB Service management from azure-operator to the app itself. - -### coredns v1.6.5 ([Giant Swarm app v1.2.0](https://github.com/giantswarm/coredns-app/blob/master/CHANGELOG.md#v120-2020-07-13)) - -- Make resource requests/limits configurable. -- Make forward options optional. -- Apply a readiness probe. -- Increase the liveness probe failure threshold from 5 failures to 7 failures. - -### kube-state-metrics v1.9.5 ([Giant Swarm app v1.1.0](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#110---2020-06-17)) - -- Added 100.64.0.0/10 to the allowed egress subnets in NetworkPolicy. -- Fixed invalid cluster role binding for Helm 3 compatibility. - -### metrics-server v0.3.3 ([Giant Swarm app v1.1.0](https://github.com/giantswarm/metrics-server-app/blob/master/CHANGELOG.md#110---2020-06-17)) - -- Added 100.64.0.0/10 to the allowed egress subnets in NetworkPolicy. - -### net-exporter [v1.9.0](https://github.com/giantswarm/net-exporter/blob/master/CHANGELOG.md#190---2020-06-29) - -- Add `ntp` collector. -- Added 100.64.0.0/10 to the allowed egress subnets in NetworkPolicy. - -### nginx-ingress-controller v0.34.0 ([Giant Swarm app v1.7.2](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v172-2020-07-10)) - -- Upgraded upstream ingress-nginx from v0.30.0 to v0.34.0 - [changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0340). -- Improved observability, enabled monitoring Service by default for monitoring targets discovery and removed support for disabling it. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.8.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.8.md deleted file mode 100644 index b22b437abf..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.8.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.0.8/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.0.8 - version: 9.0.8 - version_tag: v9.0.8 -date: '2020-07-21T15:00:00' -description: Release notes for AWS workload cluster release v9.0.8, published on 21 - July 2020, 15:00. -title: Workload cluster release v9.0.8 for AWS ---- - -**If you are upgrading from 9.0.7, upgrading to this release will not roll your nodes. It will only update the apps.** - -This release updates NGINX Ingress Controller to the latest upstream release. -Most importantly, it includes a fix for a regression introduced in the previous upstream release related to `use-regex` and `rewrite` annotations. - -**Note to SEs when upgrading from 8.5.0 or 9.0.0:** Existing customer automation or processes that manage the configuration of coredns, nginx-ingress-controller, or cluster-autoscaler must be modified in order to work with the changed location and format of the *-user-values configmaps. Please see our docs on [Tenant Cluster Release Versions: Versions that use the App Platform](https://docs.giantswarm.io/reference/release-versions/#versions-that-use-the-app-platform) for more details. - -**Note for future 9.0.x releases:** Please include this note and the one above in all future 9.0.x releases. - -Below, you can find more details on components that were changed with this release. - -### nginx-ingress-controller v0.34.1 ([Giant Swarm app v1.7.2](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v173-2020-07-16)) - -- Upgraded upstream ingress-nginx from v0.34.0 to v0.34.1 - [changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0341). diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.9.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.9.md deleted file mode 100644 index e2c1adb188..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.0.9.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.0.9/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.0.9 - version: 9.0.9 - version_tag: v9.0.9 -date: '2020-07-31T15:00:00' -description: Release notes for AWS workload cluster release v9.0.9, published on 31 - July 2020, 15:00. -title: Workload cluster release v9.0.9 for AWS ---- - -This release updates managed apps to the latest releases, Calico to version `3.13.4`, and Flatcar Container Linux to `2512.2.1`. - -Below, you can find more details on components that were changed with this release. - -### aws-operator [5.5.5](https://github.com/giantswarm/aws-operator/releases/tag/v5.5.5) - -- Changes required to run Container linux `2512.2.1` and calico `3.13.4`. - -### calico [3.14.3](https://docs.projectcalico.org/archive/v3.13/release-notes/) - -- Fix IPAM garbage collection in etcd mode on clusters where node name does not match Kubernetes node name. kube-controllers. - -### cluster-operator [0.23.14](https://github.com/giantswarm/cluster-operator/releases/tag/v0.23.14) - -- Make NGINX optional on KVM, by ignoring existing NGINX IC App CRs which were managed by cluster-operator. -- Enable NGINX App managed NodePort Service on KVM. - -### Container Linux [2512.2.1](https://www.flatcar-linux.org/releases/#release-2512.2.1) - -- Fix the Intel Microcode vulnerabilities (CVE-2020-0543) -- Updated Linux kernel to 4.19.128 -- Updated intel-microcode to 20200609. - -### kube-state-metrics v1.9.7 ([Giant Swarm app v1.1.1](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#111---2020-07-22)) - -- Updated kube-state-metrics version from 1.9.5 to 1.9.7. Check the [upstream changelog](https://github.com/kubernetes/kube-state-metrics/blob/master/CHANGELOG.md#v197--2020-05-24) for details on all changes. - -### metrics-server v0.3.6 ([Giant Swarm app v1.1.1](https://github.com/giantswarm/metrics-server-app/blob/master/CHANGELOG.md#111---2020-07-23)) - -- Updated metrics-server version from 0.3.3 to 0.3.6. Check the [upstream changelog](https://github.com/kubernetes-sigs/metrics-server/releases) for details on all changes. - -### nginx-ingress-controller v0.34.1 ([Giant Swarm app v1.8.3](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#183---2020-07-31)) - -- Drop support for deprecated configuration properties. - -### node-exporter v1.0.1 ([Giant Swarm app v1.3.0](https://github.com/giantswarm/node-exporter-app/blob/master/CHANGELOG.md#130---2020-07-23)) - -- Updated node-exporter version from 0.18.1 to 1.0.1. Check the [upstream changelog](https://github.com/prometheus/node_exporter/blob/master/CHANGELOG.md#101--2020-06-15) for details on all changes. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.1.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.1.0.md deleted file mode 100644 index b6ceac8b09..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.1.0.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.1.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.1.0 - version: 9.1.0 - version_tag: v9.1.0 -date: '2020-01-28T12:00:00' -description: Release notes for AWS workload cluster release v9.1.0, published on 28 - January 2020, 12:00. -title: Workload cluster release v9.1.0 for AWS ---- - -This is the first Giant Swarm release which includes Kubernetes v1.16. In addition to this update, CPU limits have been removed from several supporting components and priority classes have been adjusted to ensure system reliability under heavy load. Further details about changes to individual components can be found below. - -**Note** This is a legacy port of [AWS release v11.0.0](https://github.com/giantswarm/releases/tree/master/aws/archived/v11.0.0) with Kubernetes v1.16.3 for non-node pool clusters (i.e. cluster versions < 10). - -### Important upgrade notes -- This release includes a new [network policy](https://docs.giantswarm.io/guides/limiting-pod-communication-with-network-policies/#default-policies) which blocks network traffic to and from pods in the `giantswarm` and `kube-system` namespaces by default to improve security. Giant Swarm components have been modified to work under this environment, but any other pods in the cluster communicating with these system pods may cease to function without a network policy allowing traffic. Thus, if you are running pods that need to talk to system pods, you will need to allow those explicitly by adding a [network policy](https://docs.giantswarm.io/guides/limiting-pod-communication-with-network-policies/) for them. -- [As previously communicated](https://github.com/giantswarm/giantswarm/blob/master/news/2019/10/product/k8s_1.16_breaking_changes.md), Kubernetes v1.16 has removed several API groups which were already deprecated. Please ensure that you have migrated your deployments and pipelines from the deprecated to the new API groups. You can check the above-linked breaking change communication and consult with your Solution Engineer for help with that. -- Previous Giant Swarm releases included Tiller v2.14 in the `giantswarm` namespace which is not compatible with Kubernetes v1.16. This Tiller - used by Giant Swarm to manage the cluster - has therefore been updated to the Kubernetes v1.16-compatible v2.16. Any Tiller instances deployed in other namespaces will likewise need to be updated to v2.16 or greater to continue to function after an upgrade. - ---- - -### Kubernetes v1.16.3 -- Updated from v1.15.5 - [changelog](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.16.md#kubernetes-v1160-release-notes). -- **Custom resources**: CRDs are in widespread use as a way to extend Kubernetes to persist and serve new resource types, and have been available in beta since the 1.7 release. The 1.16 release marks the graduation of CRDs to general availability (GA). -- **Admission webhooks**: Admission webhooks are in widespread use as a Kubernetes extensibility mechanism and have been available in beta since the 1.9 release. The 1.16 release marks the graduation of admission webhooks to general availability (GA). -- **Overhauled metrics**: Kubernetes has previously made extensive use of a global metrics registry to register metrics to be exposed. By implementing a metrics registry, metrics are registered in more transparent means. Previously, Kubernetes metrics have been excluded from any kind of stability requirements. -- **Volume Extension**: There are quite a few enhancements in this release that pertain to volumes and volume modifications. Volume resizing support in CSI specs is moving to beta which allows for any CSI spec volume plugin to be resizable. -- **Node labels** beta.kubernetes.io/metadata-proxy-ready, beta.kubernetes.io/metadata-proxy-ready and beta.kubernetes.io/kube-proxy-ds-ready are no longer added on new nodes. -- **Network Policies**: Giantswarm added a `deny-all` network policy by default. This policy is applied to all pods in sensitive namespaces such as `giantswarm` or `kube-system`. To communicate with any pods in these namespaces you need to explicitly create a Network Policy that allows it. -- As previously communicated, resources under `apps/v1beta1` and `apps/v1beta2` groups have been moved to `apps/v1` instead. Similarly, `daemonsets`, `deployments`, `replicasets` resources under `extensions/v1beta1` have been moved to `apps/v1`, `networkpolicies` under `extensions/v1beta1` to `networking.k8s.io/v1`, and `podsecuritypolicies` under `extensions/v1beta1` to `policy/v1beta1`. - -### aws-operator v5.6.0 -- Updated to support Kubernetes v1.16. - -### Calico v3.10.1 -- Updated from v3.9.1 - [changelog](https://docs.projectcalico.org/v3.10/release-notes/). -- Calico now supports two new top-level selectors to make writing Calico network policy easier. The `namespaceSelector` allows you to select the namespace(s) to apply a global network policy to. This enables you to write a single network policy applicable to one or more namespaces. -- Calico now supports BGP advertisement of Kubernetes service ExternalIPs in addition to advertising ClusterIPs. Advertising service external IPs allows for more flexible routing architectures. -- Configurable default IPv4, IPv6 block sizes and pool node selectors. -- Typha is now run as a non-root user for improved security. - -### cert-exporter [v1.2.1](https://github.com/giantswarm/cert-exporter/blob/master/CHANGELOG.md#121-2019-12-24) -- Removed CPU limits to improve reliability. - -### cluster-autoscaler v1.16.2 ([Giant Swarm app v1.1.3](https://github.com/giantswarm/cluster-autoscaler-app/releases/tag/v1.1.3)) -- Updated manifests for Kubernetes 1.16 compatibility. - -### chart-operator [v0.11.3](https://github.com/giantswarm/chart-operator/releases/tag/v0.11.3) -- Removed CPU limits to improve reliability. -- Adjusted RBAC permissions. - -### cluster-operator [v0.21.4](https://github.com/giantswarm/cluster-operator/releases/tag/v0.21.4) -- Added additional settings for coredns to cluster configmap. - -### coreDNS v1.6.5 ([Giant Swarm app v1.1.0](https://github.com/giantswarm/coredns-app/blob/master/CHANGELOG.md#v110)) -- Updated from upstream `coredns` v1.6.4 - [changelog](https://coredns.io/2019/11/05/coredns-1.6.5-release/). -- Removed CPU limits to improve reliability. -- Migrated to be deployed via an app CR not a chartconfig CR. - -### CoreOS Container Linux v2247.6.0 -- Updated from v2191.5.0 - [changelog](https://coreos.com/releases/#2247.6.0). -- Updated Linux kernel to 4.19.78. - -### etcd v3.3.17 -- Updated from v3.3.15 - [changelog](https://github.com/etcd-io/etcd/blob/master/CHANGELOG-3.3.md#v3317-2019-10-11). - -### Helm v2.16.1 (primarily for Giant Swarm internal use) -- Updated from v2.14.3 - [changelog](https://github.com/helm/helm/releases/tag/v2.16.1). -- Helm v2.15 was the last feature release for Helm v2 as new feature development now happens in Helm v3. The v2.16 release includes fixes to issues that are too large of a change for a patch release. - -### kube-state-metrics v1.9.2 ([Giant Swarm app v1.0.2](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#v102)) -- Updated to upstream version 1.9.2 - [changelog](https://github.com/kubernetes/kube-state-metrics/blob/master/CHANGELOG.md#v192--2020-01-13). -- Adjusted RBAC configuration. - -### net-exporter [v1.5.1](https://github.com/giantswarm/net-exporter/blob/master/CHANGELOG.md#151-2020-01-08) -- Changed priority class to `system-node-critical`. - -### nginx-ingress-controller v0.26.1 ([Giant Swarm app v1.1.1](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v111-2020-01-04)) -- Updated manifests for Kubernetes v1.16 compatibility. - -### node-exporter v0.18.1 ([Giant Swarm app v1.2.0](https://github.com/giantswarm/node-exporter-app/blob/master/CHANGELOG.md#120-2020-01-08)) -- Updated to upstream version 0.18.1 - [changelog](https://github.com/prometheus/node_exporter/blob/master/CHANGELOG.md#0181--2019-06-04). -- Changed priority class to `system-node-critical`. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.0.md deleted file mode 100644 index 46f3a4b7c6..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.0.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.2.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.2.0 - version: 9.2.0 - version_tag: v9.2.0 -date: '2020-02-26T12:00:00' -description: Release notes for AWS workload cluster release v9.2.0, published on 26 - February 2020, 12:00. -title: Workload cluster release v9.2.0 for AWS ---- - -**If you are upgrading from 9.1.0, upgrading to this release merely updates the app. It will *not* roll your nodes.** - -This release includes multiple improvements to the NGINX Ingress Controller app. - -One, it upgrades to upstream ingress-nginx v0.29.0. Two, optional metrics Service for prometheus-operator support was added. This allows prometheus-operator to scrape metrics to monitor the app. - -Three, NGINX IC SSL support for old browsers and clients (e.g. Safari 9) is dropped. This is due to default SSL ciphers no longer including AES-CBC based ciphers since they are considered weak. At your own risk, weak ciphers can still be enabled on demand independently for each cluster. - -To ensure a smooth upgrade and migration experience, and for additional questions you may have in relation to these changes, as always, please consult with your Solution Engineer. - -Below, you can find more details on components that were changed with this release. - -### net-exporter [v1.6.0](https://github.com/giantswarm/net-exporter/blob/master/CHANGELOG.md#160-2020-01-29) - -- Allowed disabling TCP DNS check. - -### nginx-ingress-controller v0.29.0 ([Giant Swarm app v1.5.0](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v150-2020-02-18)) - -- Updated from upstream `ingress-nginx` v0.26.1 - for details see changelogs of all included releases [0.26.2](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.26.2), [0.27.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.27.0), [0.27.1](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.27.1), [0.28.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.28.0), [0.29.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.29.0). -- Added optional metrics Service (disabled by default) for prometheus-operator support. -- Added support for overriding all nginx [configmap settings](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md#configuration-options). diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.1.md deleted file mode 100644 index e984560ad6..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.1.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.2.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.2.1 - version: 9.2.1 - version_tag: v9.2.1 -date: '2020-03-18T12:00:00' -description: Release notes for AWS workload cluster release v9.2.1, published on 18 - March 2020, 12:00. -title: Workload cluster release v9.2.1 for AWS ---- - -**With this release, horizontal pod autoscaling (HPA) is enabled by default for NGINX Ingress Controller (NGINX IC) on selected cluster profiles.** - -Here, you will find the NGINX IC to be more elastic thus driving down your costs. The criteria for which cluster profiles are selected will be adjusted as we collect data from running in production. - -Version development included work with the upstream maintainer. Prior to release, we ran trials with customers. We performed these tests on small and large clusters alike, in order to ensure stability and scalability. - -This version also includes an upgrade to the latest upstream NGINX IC 0.30.0, as well as improvements to other components (cluster-operator, kube-state-metrics, chart-operator) as detailed in the changelog. - -To upgrade, please contact your Solution Engineer. - -Below, you can find more details on components that were changed with this release. - -### cert-manager v0.9.0 ([Giant Swarm app v1.0.6](https://github.com/giantswarm/cert-manager-app/blob/master/CHANGELOG.md#v106-2020-02-28)) - -- Configured app icon. - -### chart-operator [v0.12.1](https://github.com/giantswarm/chart-operator/releases/tag/v0.12.1) - -- Added chartmigration resource for migrating from chartconfig to chart CRs. -- Updated release resource. - - Do not wait when installing or updating long running Helm releases. - - Use version field from chart CR to reduce number of HTTP requests to pull chart tarballs. - - Wait for deleted Helm release before removing finalizer. -- Updated status resource. - - Improve reason field in CR status when installing a chart fails. -- Removed legacy chartconfig controller. - -### cluster-operator [v0.23.6](https://github.com/giantswarm/cluster-operator/releases/tag/v0.23.6) - -- Gracefully handle Tenant Cluster API errors during cluster deletion. -- Fix regression, re-enable proxy protocol by default for AWS clusters. -- Initial cluster profile detection support. - -### kube-state-metrics v1.9.2 ([Giant Swarm app v1.0.3](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#v103)) - -- Removed CPU and memory limits to improve reliability. - -### nginx-ingress-controller v0.30.0 ([Giant Swarm app v1.6.4](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v164-2020-03-17)) - -- Enabled HorizontalPodAutoscaler by default for selected cluster profiles. -- Updated from upstream `ingress-nginx` v0.29.0 - for details see the [changelog](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.30.0). -- Configured app icon. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.2.md deleted file mode 100644 index dcd2d7a4b3..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.2.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.2.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.2.2 - version: 9.2.2 - version_tag: v9.2.2 -date: '2020-04-01T12:00:00' -description: Release notes for AWS workload cluster release v9.2.2, published on 01 - April 2020, 12:00. -title: Workload cluster release v9.2.2 for AWS ---- - -**If you are upgrading from 9.2.1, upgrading to this release will not roll your nodes. It will only update the apps.** - -This release includes multiple reliability improvements to pre-installed apps such as coreDNS, kube-state-metrics, cluster-autoscaler as detailed in the changelog. - -Below, you can find more details on components that were changed with this release. - -### cluster-autoscaler v1.16.2 ([Giant Swarm app v1.1.4](https://github.com/giantswarm/cluster-autoscaler-app/blob/master/CHANGELOG.md#v114-2020-02-05)) - -- Increase memory request and limits to 400MB. - -### coreDNS v1.6.5 ([Giant Swarm app v1.1.8](https://github.com/giantswarm/coredns-app/blob/master/CHANGELOG.md#v118-2020-03-20)) - -- Add Pod Disruption Budget. -- Allow custom forward configuration destination and options. -- Make `autopath` plugin configurable, optional and disabled by default. - -### kube-state-metrics v1.9.5 ([Giant Swarm app v1.0.5](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#v103)) - -- Upgraded from upstream kube-state-metrics v1.9.2 to [v1.9.5](https://github.com/kubernetes/kube-state-metrics/releases/tag/v1.9.5). - -### net-exporter [v1.7.0](https://github.com/giantswarm/net-exporter/blob/master/CHANGELOG.md#v170-2020-03-20) - -- Ignore dial error if the Pod doesn't exist anymore. - -### nginx-ingress-controller v0.30.0 ([Giant Swarm app v1.6.5](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v165-2020-03-23)) - -- Fix small cluster profile resource requests configuration. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.3.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.3.md deleted file mode 100644 index fff5e763f5..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.3.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.2.3/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.2.3 - version: 9.2.3 - version_tag: v9.2.3 -date: '2020-04-09T12:00:00' -description: Release notes for AWS workload cluster release v9.2.3, published on 09 - April 2020, 12:00. -title: Workload cluster release v9.2.3 for AWS ---- - -**If you are upgrading from 9.2.2, upgrading to this release will not roll your nodes. It will only update the apps.** - -This release improves the reliability of NGINX Ingress Controller. Most important, termination configuration was adjusted so that active connections now get drained gracefully. - -Below, you can find more details on components that were changed with this release. - -### nginx-ingress-controller v0.30.0 ([Giant Swarm app v1.6.8](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v168-2020-04-09)) - -- Aligned graceful termination configuration with changes done in upstream [ingress-nginx 0.26.0](https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.26.0) - - Use `wait-shutdown` as preStop hook - - Make `terminationGracePeriodSeconds` configurable - - Set `terminationGracePeriodSeconds` by default to 5min, to align with 270 second default `worker-shutdown-timeout`. -- Default `max-worker-connections` to `0`, making it same as `max-worker-open-files` i.e. `max open files (system's limit) / worker-processes - 1024`. - This optimizes for high load conditions where it improves performance at the cost of increasing RAM utilization (even on idle). -- HorizontalPodAutoscaler was tuned to use `targetMemoryUtilizationPercentage` of `80` due to increased RAM utilization with new default for `max-worker-connections` of `0`. -- Changed default `error-log-level` from `error` to `notice`. -- Removed use of `enable-dynamic-certificates` CLI flag, it has been deprecated since [ingress-nginx 0.26.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0260) via [ingress-nginx PR #4356](https://github.com/kubernetes/ingress-nginx/pull/4356). -- Added a link to the README in the sources of Chart.yaml diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.4.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.4.md deleted file mode 100644 index 307c961116..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.4.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.2.4/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.2.4 - version: 9.2.4 - version_tag: v9.2.4 -date: '2020-04-22T12:00:00' -description: Release notes for AWS workload cluster release v9.2.4, published on 22 - April 2020, 12:00. -title: Workload cluster release v9.2.4 for AWS ---- - -**If you are upgrading from 9.2.3, upgrading to this release will not roll your nodes. It will only update the apps.** - -This release improves the reliability of NGINX Ingress Controller. Most importantly, kernel and app settings have been tuned to increase out-of-the-box performance. The app's Helm chart was also adjusted to improve its availability when rolling out configuration changes. - -Below, you can find more details on components that were changed with this release. - -### nginx-ingress-controller v0.30.0 ([Giant Swarm app v1.6.9](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v169-2020-04-22)) - -- Restricted PodSecurityPolicy volumes to only those required (removes wildcard). -- Tuned `net.ipv4.ip_local_port_range` to `1024 65535` as a safe sysctl. -- Tuned `net.core.somaxconn` to `32768` via an initContainer with privilege escalation. -- Default `worker-processes` to `4`. -- Default `max-worker-connections` to upstream default (currently `16384`). -- Ignore NGINX IC Deployment replica count configuration when HorizontalPodAutoscaler is enabled. -- Dropped unnecessary Helm release revision annotation from NGINX IC Deployment. -- Adjusted README for display in the web interface context. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.5.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.5.md deleted file mode 100644 index 8c566c3ccc..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.5.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.2.5/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.2.5 - version: 9.2.5 - version_tag: v9.2.5 -date: '2020-04-24T12:00:00' -description: Release notes for AWS workload cluster release v9.2.5, published on 24 - April 2020, 12:00. -title: Workload cluster release v9.2.5 for AWS ---- - -**If you are upgrading from 9.2.4, upgrading to this release will not roll your nodes. It will only update the apps.** - -This release improves the reliability of chart-operator. - -Below, you can find more details on components that were changed with this release. - -### chart-operator [v0.13.0](https://github.com/giantswarm/chart-operator/blob/master/CHANGELOG.md#v0130-2020-04-21) - -- Fix update state calculation and status resource for long running deployments. -- Handle 503 responses when GitHub Pages is unavailable. -- Make HTTP client timeout configurable for pulling chart tarballs in AWS China. -- Switch from dep to go modules. -- Fix problem pushing chart to default app catalog. -- Always set chart CR annotations so update state calculation is accurate. -- Only update failed Helm releases if the chart values or version has changed. -- Deploy as a unique app in app collection in control plane clusters. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.6.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.6.md deleted file mode 100644 index a00ac19b80..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.2.6.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.2.6/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.2.6 - version: 9.2.6 - version_tag: v9.2.6 -date: '2020-05-07T12:00:00' -description: Release notes for AWS workload cluster release v9.2.6, published on 07 - May 2020, 12:00. -title: Workload cluster release v9.2.6 for AWS ---- - -This release fixes a problem in aws-operator communicating to the Control Plane Kubernetes API. - -## aws-operator [v5.6.1](https://github.com/giantswarm/aws-operator/releases/tag/v5.6.1) - -- Relax error matching for Kubernetes API connection errors diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.0.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.0.md deleted file mode 100644 index dcb0a914f6..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.0.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.3.0/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.3.0 - version: 9.3.0 - version_tag: v9.3.0 -date: '2020-05-07T12:00:00' -description: Release notes for AWS workload cluster release v9.3.0, published on 07 - May 2020, 12:00. -title: Workload cluster release v9.3.0 for AWS ---- - -This release includes Kubernetes v1.16.9 as well as reliability and user experience improvements. - -In addition, this release [replaces CoreOS with Flatcar Container Linux](https://www.giantswarm.io/blog/time-to-catch-a-new-train-flatcar-linux). -CoreOS has gone [end-of-life](https://coreos.com/os/eol/) and is being rapidly phased out. -Flatcar is a compatible fork of CoreOS which receives ongoing support. -To continue receiving security updates and to minimize the effort needed to migrate in the future, we recommend upgrading to this release. - -Below, you can find more details on components that were changed with this release. - -### Kubernetes [v1.16.9](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.16.md#changelog-since-v1168) -- Updated from v1.16.3. - -### aws-operator [v5.7.1](https://github.com/giantswarm/aws-operator/releases/tag/v5.7.1) -- Replaced CoreOS with Flatcar Container Linux. -- Streamlined image templating for core components for quicker and easier releases in the future. -- Support setting OIDC username and groups prefix. -- Enabled per-cluster configuration of kube-proxy's `conntrackMaxPerCore` parameter. - -### Flatcar Linux [2345.3.1](https://www.flatcar-linux.org/releases/#release-2345.3.1) -- Updated from CoreOS 2191.5.0. -- Updated Linux Kernel to 4.19.107. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.1.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.1.md deleted file mode 100644 index bfa3ca1f86..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.1.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.3.1/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.3.1 - version: 9.3.1 - version_tag: v9.3.1 -date: '2020-05-12T11:00:00' -description: Release notes for AWS workload cluster release v9.3.1, published on 12 - May 2020, 11:00. -title: Workload cluster release v9.3.1 for AWS ---- - -This release fixes a rare bug that would prevent the NGINX IC from being installed on a new cluster. - -This bug would only occur on cluster creation if you had a nginx-ingress-controller-user-values configmap in the kube-system namespace while the cluster was still initialising. - -Solution Engineers have already done the manual fix for affected customers. - -It also modifies release templates to support the coming upgrade to Helm 3. - -## cluster-operator [v0.23.9](https://github.com/giantswarm/cluster-operator/releases/tag/v0.23.9) - -- Fix a bug in user values migration logic for apps. - -## cert-exporter (GS [v1.2.2](https://github.com/giantswarm/cert-exporter/blob/master/CHANGELOG.md#v122-2020-04-01)) - -- Change daemonset to use release revision not time for Helm 3 support. - -## net-exporter [v1.7.1](https://github.com/giantswarm/net-exporter/blob/master/CHANGELOG.md#v171-2020-04-01) - -- Change daemonset to use release revision not time for Helm 3 support. -- Only set hosts arg if a value is present. -- Remove label from role ref in cluster role binding. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.2.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.2.md deleted file mode 100644 index a9dd2fb228..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.2.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.3.2/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.3.2 - version: 9.3.2 - version_tag: v9.3.2 -date: '2020-05-26T15:00:00' -description: Release notes for AWS workload cluster release v9.3.2, published on 26 - May 2020, 15:00. -title: Workload cluster release v9.3.2 for AWS ---- - -This release fixes an issue where upgrading from an earlier platform release to platform release v9.3.0 or v9.3.1 would result in the `nginx-ingress-controller` service having no endpoints, causing the NGINX IC app to not work. - -Solution Engineers have applied a manual fix to affected clusters. This release provides a working upgrade path for clusters using AWS 9.x.x and older. - -## nginx-ingress-controller v0.30.0 ([Giant Swarm app v1.6.11](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v1611-2020-05-26)) - -- Align labels, using `app.kubernetes.io/name` instead of `k8s-app` where possible. `k8s-app` remains to be used for compatibility reasons. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.3.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.3.md deleted file mode 100644 index aeed752782..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.3.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.3.3/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.3.3 - version: 9.3.3 - version_tag: v9.3.3 -date: '2020-06-05T15:00:00' -description: Release notes for AWS workload cluster release v9.3.3, published on 05 - June 2020, 15:00. -title: Workload cluster release v9.3.3 for AWS ---- - -**If you are upgrading from 9.3.2, upgrading to this release will not roll your nodes. It will only update the apps.** - -This release improves the reliability of NGINX Ingress Controller. - -Specifically, liveness probe is configured to be more fault tolerant than readiness probe. This helps shed load when it goes beyond replica capacity, speeding up recovery when NGINX gets overloaded. - -Below, you can find more details on components that were changed with this release. - -### nginx-ingress-controller v0.30.0 ([Giant Swarm app v1.6.12](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v1612-2020-06-04)) - -- Made healthcheck probes configurable. -- Made liveness probe more resilient. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.4.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.4.md deleted file mode 100644 index 6ec9b8ab1f..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.4.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.3.4/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.3.4 - version: 9.3.4 - version_tag: v9.3.4 -date: '2020-07-13T15:00:00' -description: Release notes for AWS workload cluster release v9.3.4, published on 13 - July 2020, 15:00. -title: Workload cluster release v9.3.4 for AWS ---- - -This release makes security fixes for 2 CVEs: -- IPv6 rogue router advertisement vulnerability [CVE-2020-13597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13597) -- [CVE-2020-8558](https://github.com/kubernetes/kubernetes/issues/92315) which allows for neighboring hosts to bypass localhost boundary - -It also updates managed apps to the latest releases. - -Below, you can find more details on components that were changed with this release. - -### calico [v3.10.4](https://docs.projectcalico.org/archive/v3.10/release-notes/) - -- Fixes IPv6 rogue router advertisement vulnerability [CVE-2020-13597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13597). - -For complete details for changes since v3.10.1 please check the upstream release notes at https://docs.projectcalico.org/archive/v3.10/release-notes/. - -### cert-exporter [v1.2.3](https://github.com/giantswarm/cert-exporter/blob/master/CHANGELOG.md#v123-2020-05-15) - -- Updated prometheus/client_golang dependency. -- Migrated from dep to go modules. -- Moved to App deployment. - -### cluster-autoscaler v1.16.5 ([Giant Swarm app v1.16.0](https://github.com/giantswarm/cluster-autoscaler-app/blob/master/CHANGELOG.md#v1160-2020-05-26)) - -- Upgraded upstream cluster-autoscaler from v1.16.2 to v1.16.5 - [changelog](https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.16.5). -- Set `scan-interval` to 30 seconds (from 10 seconds) to save resources. -- Set `scale-down-unneeded-time` to 5 minutes (from the default of 10 minutes) to release unneeded nodes earlier. -- Lower `scaleDownUtilizationThreshold` to 0.5. - -### cluster-operator [v0.23.12](https://github.com/giantswarm/cluster-operator/releases/tag/v0.23.12) - -- Align with NGINX IC App 1.7.0, move of LB Service management from azure-operator to the app itself. - -### coredns v1.6.5 ([Giant Swarm app v1.2.0](https://github.com/giantswarm/coredns-app/blob/master/CHANGELOG.md#v120-2020-07-13)) - -- Make resource requests/limits configurable. -- Make forward options optional. -- Apply a readiness probe. -- Increase the liveness probe failure threshold from 5 failures to 7 failures. - -### kube-state-metrics v1.9.5 ([Giant Swarm app v1.1.0](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#110---2020-06-17)) - -- Added 100.64.0.0/10 to the allowed egress subnets in NetworkPolicy. -- Fixed invalid cluster role binding for Helm 3 compatibility. - -### Kubernetes 1.16.11 -- Updated from Kubernetes 1.16.9 - -changelog since [v1.16.10](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.16.md#changelog-since-v11610) and -since [v1.16.9](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.16.md#changelog-since-v1169) -- Includes a fix for CVE-2020-8558, which allows for neighboring hosts to bypass localhost boundary - -### metrics-server v0.3.3 ([Giant Swarm app v1.1.0](https://github.com/giantswarm/metrics-server-app/blob/master/CHANGELOG.md#110---2020-06-17)) - -- Added 100.64.0.0/10 to the allowed egress subnets in NetworkPolicy. - -### net-exporter [v1.9.0](https://github.com/giantswarm/net-exporter/blob/master/CHANGELOG.md#190---2020-06-29) - -- Add `ntp` collector. -- Added 100.64.0.0/10 to the allowed egress subnets in NetworkPolicy. - -### nginx-ingress-controller v0.34.0 ([Giant Swarm app v1.7.2](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v172-2020-07-10)) - -- Upgraded upstream ingress-nginx from v0.30.0 to v0.34.0 - [changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0340). -- Improved observability, enabled monitoring Service by default for monitoring targets discovery and removed support for disabling it. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.5.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.5.md deleted file mode 100644 index fa6c003fd8..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.5.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.3.5/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.3.5 - version: 9.3.5 - version_tag: v9.3.5 -date: '2020-07-21T15:00:00' -description: Release notes for AWS workload cluster release v9.3.5, published on 21 - July 2020, 15:00. -title: Workload cluster release v9.3.5 for AWS ---- - -This release updates NGINX Ingress Controller to the latest upstream release. -Most importantly, it includes a fix for a regression introduced in the previous upstream release related to `use-regex` and `rewrite` annotations. - -Release also includes Kubernetes upgrade to 1.16.12, among other things to address a kube-proxy crash looping issue. - -Below, you can find more details on components that were changed with this release. - -### Kubernetes 1.16.12 - -- Updated from Kubernetes 1.16.11 - -changelog since [v1.16.11](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.16.md#changelog-since-v11611) -- Added a wrapper script for iptables in the recently upgraded hyperkube image to avoid crash looping of kube-proxy. - -### nginx-ingress-controller v0.34.1 ([Giant Swarm app v1.7.3](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#v173-2020-07-16)) - -- Upgraded upstream ingress-nginx from v0.34.0 to v0.34.1 - [changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0341). diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.6.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.6.md deleted file mode 100644 index 19729d14f1..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.6.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.3.6/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.3.6 - version: 9.3.6 - version_tag: v9.3.6 -date: '2020-07-31T15:00:00' -description: Release notes for AWS workload cluster release v9.3.6, published on 31 - July 2020, 15:00. -title: Workload cluster release v9.3.6 for AWS ---- - -This release updates managed apps to the latest releases, updates Calico to version `3.13.4`, and Flatcar Container Linux to `2512.2.1`. - -Below, you can find more details on components that were changed with this release. - -### aws-operator [5.7.3](https://github.com/giantswarm/aws-operator/releases/tag/v5.7.3) - -- Changes required to run Container linux `2512.2.1` and calico `3.13.4`. - -### calico [3.14.3](https://docs.projectcalico.org/archive/v3.13/release-notes/) - -- Fix IPAM garbage collection in etcd mode on clusters where node name does not match Kubernetes node name. kube-controllers. - -### cluster-operator [0.23.14](https://github.com/giantswarm/cluster-operator/releases/tag/v0.23.14) - -- Make NGINX optional on KVM, by ignoring existing NGINX IC App CRs which were managed by cluster-operator. -- Enable NGINX App managed NodePort Service on KVM. - -### Container Linux [2512.2.1](https://www.flatcar-linux.org/releases/#release-2512.2.1) - -- Fix the Intel Microcode vulnerabilities (CVE-2020-0543) -- Updated Linux kernel to 4.19.128 -- Updated intel-microcode to 20200609. - -### kube-state-metrics v1.9.7 ([Giant Swarm app v1.1.1](https://github.com/giantswarm/kube-state-metrics-app/blob/master/CHANGELOG.md#111---2020-07-22)) - -- Updated kube-state-metrics version from 1.9.5 to 1.9.7. Check the [upstream changelog](https://github.com/kubernetes/kube-state-metrics/blob/master/CHANGELOG.md#v197--2020-05-24) for details on all changes. - -### metrics-server v0.3.6 ([Giant Swarm app v1.1.1](https://github.com/giantswarm/metrics-server-app/blob/master/CHANGELOG.md#111---2020-07-23)) - -- Updated metrics-server version from 0.3.3 to 0.3.6. Check the [upstream changelog](https://github.com/kubernetes-sigs/metrics-server/releases) for details on all changes. - -### nginx-ingress-controller v0.34.1 ([Giant Swarm app v1.8.3](https://github.com/giantswarm/nginx-ingress-controller-app/blob/master/CHANGELOG.md#183---2020-07-31)) - -- Drop support for deprecated configuration properties. - -### node-exporter v1.0.1 ([Giant Swarm app v1.3.0](https://github.com/giantswarm/node-exporter-app/blob/master/CHANGELOG.md#130---2020-07-23)) - -- Updated node-exporter version from 0.18.1 to 1.0.1. Check the [upstream changelog](https://github.com/prometheus/node_exporter/blob/master/CHANGELOG.md#101--2020-06-15) for details on all changes. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.7.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.7.md deleted file mode 100644 index 35d7c2d7b3..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.7.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.3.7/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.3.7 - version: 9.3.7 - version_tag: v9.3.7 -date: '2020-08-20T10:39:57' -description: Release notes for AWS workload cluster release v9.3.7, published on 20 - August 2020, 10:39. -title: Workload cluster release v9.3.7 for AWS ---- - -This release provides a new aws-operator which is fixing an issue with overlapping networks when creating legacy clusters together with node pools clusters. - -## Change details - -### aws-operator [5.7.4](https://github.com/giantswarm/aws-operator/releases/tag/v5.7.4) - -- Check node pools cluster for reserved subnet. diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.8.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.8.md deleted file mode 100644 index c6b3e01461..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.8.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.3.8/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.3.8 - version: 9.3.8 - version_tag: v9.3.8 -date: '2020-08-31T15:00:00' -description: Release notes for AWS workload cluster release v9.3.8, published on 31 - August 2020, 15:00. -title: Workload cluster release v9.3.8 for AWS ---- - -This is a patch release to update core component versions and remove memory limits from calico-kube-controllers which caused some control plane instability in certain clusters. - -## Change details - - -### aws-operator [5.7.6](https://github.com/giantswarm/aws-operator/releases/tag/v5.7.6) - -### Added - -- Updated AMI mapping to add Flatcar Container Linux 2512.3.0 AMIs. - -### Changed - -- Removed memory and CPU limits from calico-kube-controllers. - -### kubernetes [1.16.14](https://github.com/kubernetes/kubernetes/releases/tag/v1.16.14) - -#### Bug or Regression -- Do not add nodes labeled with kubernetes.azure.com/managed=false to backend pool of load balancer. ([#93034](https://github.com/kubernetes/kubernetes/pull/93034), [@matthias50](https://github.com/matthias50)) [SIG Cloud Provider] -- Fix instance not found issues when an Azure Node is recreated in a short time ([#93316](https://github.com/kubernetes/kubernetes/pull/93316), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider] -- Fix: don't use docker config cache if it's empty ([#92330](https://github.com/kubernetes/kubernetes/pull/92330), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] -- Fix: initial delay in mounting azure disk & file ([#93052](https://github.com/kubernetes/kubernetes/pull/93052), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage] -- Fixed a performance issue applying json patches to deeply nested objects ([#93813](https://github.com/kubernetes/kubernetes/pull/93813), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, CLI, Cloud Provider and Cluster Lifecycle] -- Fixed a regression in kubeadm manifests for kube-scheduler and kube-controller-manager which caused continuous restarts because of failing health checks ([#93208](https://github.com/kubernetes/kubernetes/pull/93208), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] -- Fixes a regression in kube-apiserver causing 500 errors from the `/readyz` endpoint ([#93645](https://github.com/kubernetes/kubernetes/pull/93645), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG API Machinery] -#### Other (Cleanup or Flake) -- Build: Update Debian base images - - debian-base:v2.1.3 - - debian-iptables:v12.1.2 - - debian-hyperkube-base:v1.1.3 ([#93927](https://github.com/kubernetes/kubernetes/pull/93927), [@justaugustus](https://github.com/justaugustus)) [SIG API Machinery, Cluster Lifecycle and Release] -- Kubernetes is now built with go1.13.15 ([#93956](https://github.com/kubernetes/kubernetes/pull/93956), [@justaugustus](https://github.com/justaugustus)) [SIG Release and Testing] -- Update Golang to v1.13.14 - - Update bazel to 2.2.0 - - Update repo-infra to 0.0.8 (to support go1.14.6 and go1.13.14) - - Includes: - - bazelbuild/bazel-toolchains@3.4.0 - - bazelbuild/rules_go@v0.22.8 ([#93235](https://github.com/kubernetes/kubernetes/pull/93235), [@justaugustus](https://github.com/justaugustus)) [SIG API Machinery, Release and Testing] - -### calico [3.10.4](https://github.com/projectcalico/calico/releases/tag/v3.10.4) - -#### Other changes -- Use mv to install CNI binaries instead of cp cni-plugin #852 (@caseydavenport) - - - -### etcd [3.3.25](https://github.com/etcd-io/etcd/releases/tag/v3.3.25) - -See [code changes](https://github.com/etcd-io/etcd/compare/v3.3.23...v3.3.25) and [v3.3 upgrade guide](https://github.com/etcd-io/etcd/blob/master/Documentation/upgrades/upgrade_3_3.md) for any breaking changes. -#### Security -- A [log warning](https://github.com/etcd-io/etcd/pull/12242) is added when etcd use any existing directory that has a permission different than 700 on Linux and 777 on Windows. - - - -### containerlinux [2512.3.0](https://www.flatcar-linux.org/releases/#release-2512.3.0) - -Security fixes: - -* Bind: fixes for [CVE-2020-8616](https://nvd.nist.gov/vuln/detail/CVE-2020-8616), [CVE-2020-8617](https://nvd.nist.gov/vuln/detail/CVE-2020-8617), [CVE-2020-8620](https://nvd.nist.gov/vuln/detail/CVE-2020-8620), [CVE-2020-8621](https://nvd.nist.gov/vuln/detail/CVE-2020-8621), [CVE-2020-8622](https://nvd.nist.gov/vuln/detail/CVE-2020-8622), [CVE-2020-8623](https://nvd.nist.gov/vuln/detail/CVE-2020-8623), [CVE-2020-8624](https://nvd.nist.gov/vuln/detail/CVE-2020-8624) - -Bug fixes: - -* The static IP address configuration in the initramfs works again in the format `ip=::::::none[:[:]]` ([flatcar-linux/bootengine#15](https://github.com/flatcar-linux/bootengine/pull/15)) -* app-admin/{kubelet, etcd, flannel}-wrapper: don't overwrite the user supplied –insecure-options argument ([flatcar-linux/coreos-overlay#426](https://github.com/flatcar-linux/coreos-overlay/pull/426)) -* etcd-wrapper: Adjust data dir permissions ([flatcar-linux/coreos-overlay#536](https://github.com/flatcar-linux/coreos-overlay/pull/536)) - -Changes: - -* Vultr support in Ignition ([flatcar-linux/ignition#13](https://github.com/flatcar-linux/ignition/pull/13)) -* VMware OVF settings default to ESXi 6.5 and Linux 3.x - -Updates: - -* Linux [4.19.140](https://lwn.net/Articles/829107/) -* bind-tools [9.11.22](https://ftp.isc.org/isc/bind9/cur/9.11/RELEASE-NOTES-bind-9.11.22.txt) -* etcd-wrapper [3.3.24](https://github.com/etcd-io/etcd/releases/tag/v3.3.24) -* Git [2.26.2](https://raw.githubusercontent.com/git/git/v2.26.2/Documentation/RelNotes/2.26.2.txt) diff --git a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.9.md b/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.9.md deleted file mode 100644 index 86dabf38fb..0000000000 --- a/src/content/changes/workload-cluster-releases-aws/releases/aws-v9.3.9.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-aws/releases/aws-v9.3.9/ -changes_categories: -- Workload cluster releases for AWS -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/aws/archived/v9.3.9 - version: 9.3.9 - version_tag: v9.3.9 -date: '2020-10-20T10:00:00' -description: Release notes for AWS workload cluster release v9.3.9, published on 20 - October 2020, 10:00. -title: Workload cluster release v9.3.9 for AWS ---- - -**If you are upgrading from 9.3.8, upgrading to this release will not roll your nodes.** - -This patch release fixes a problem causing the accidental deletion and reinstallation of Preinstalled Apps (such as CoreDNS) in 9.x.x tenant clusters. - -Please upgrade all older clusters to this version in order to prevent possible downtime. - -## Change details - -### cluster-operator [0.23.18](https://github.com/giantswarm/cluster-operator/blob/legacy/CHANGELOG.md#02318---2020-10-21) - -### Changed - -- Get app-operator version from releases CR. - -### Fixed - -- Remove all chartconfig migration logic that caused accidental deletion and is no longer needed. - -### chart-operator [0.13.2](https://github.com/giantswarm/chart-operator/blob/helm2/CHANGELOG.md#v0132-2020-06-23) - -### Changed - -- Calculating md5sum from Chart go struct. -- Add metrics for Helm releases with a mismatched namespace. diff --git a/src/content/changes/workload-cluster-releases-azure/releases/azure-25.0.0.md b/src/content/changes/workload-cluster-releases-azure/releases/azure-25.0.0.md index 5affed35e6..26256b19da 100644 --- a/src/content/changes/workload-cluster-releases-azure/releases/azure-25.0.0.md +++ b/src/content/changes/workload-cluster-releases-azure/releases/azure-25.0.0.md @@ -21,7 +21,7 @@ We are happy to announce the first release for Azure that uses the new release f In order to consume the new flow, the following two fields need to be manually adapted: -* In ConfigMap `-userconfig` set `.Values.global.release` to the release version, e.g. `25.0.0`. +* In ConfigMap `-userconfig` set `.Values.global.release.version` to the release version, e.g. `25.0.0`. * In App `` remove the `spec.version` field. In case of GitOps, Flux might complain that the app manifest is invalid as the `spec.version` field is mandatory. In that case, edit the live App CR and set `spec.version` to an empty string. That will unblock Flux and allow it reconcile successfully. And if you want to use `kubectl-gs` to create a cluster, you'd need to now specify the release version, e.g.: diff --git a/src/content/changes/workload-cluster-releases-capa/releases/aws-26.0.0.md b/src/content/changes/workload-cluster-releases-capa/releases/aws-26.0.0.md deleted file mode 100644 index caa3cbae4e..0000000000 --- a/src/content/changes/workload-cluster-releases-capa/releases/aws-26.0.0.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-capa/releases/capa-aws-26.0.0/ -changes_categories: -- Workload cluster releases for CAPA -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/capa/v26.0.0 - version: aws-26.0.0 - version_tag: aws-26.0.0 -date: '2024-06-26T09:00:00' -description: Release notes for CAPA workload cluster release aws-26.0.0, published - on 26 June 2024, 09:00. -title: Workload cluster release aws-26.0.0 for CAPA ---- - -## Changes compared to v25.0.0 - -- Kubernetes version change from 1.25.16 to 1.26.15 -- cloud-provider-aws (formerly aws-cloud-controller-manager-app) from 1.25.14-gs3 to 1.26.11-gs1 -- cluster-autoscaler from 1.27.3-gs9 to 1.27.3-gs10 diff --git a/src/content/changes/workload-cluster-releases-capa/releases/aws-27.0.0.md b/src/content/changes/workload-cluster-releases-capa/releases/aws-27.0.0.md deleted file mode 100644 index 0e49987beb..0000000000 --- a/src/content/changes/workload-cluster-releases-capa/releases/aws-27.0.0.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-capa/releases/capa-aws-27.0.0/ -changes_categories: -- Workload cluster releases for CAPA -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/capa/v27.0.0 - version: aws-27.0.0 - version_tag: aws-27.0.0 -date: '2024-07-09T12:00:00' -description: Release notes for CAPA workload cluster release aws-27.0.0, published - on 09 July 2024, 12:00. -title: Workload cluster release aws-27.0.0 for CAPA ---- - -## Changes compared to v26.0.0 - -- Kubernetes version change from 1.26.15 to 1.27.14 -- cloud-provider-aws (formerly aws-cloud-controller-manager-app) from 1.26.11-gs1 to 1.27.7-gs1 -- cluster-aws from 1.0.0 to 1.0.1 diff --git a/src/content/changes/workload-cluster-releases-capa/releases/aws-28.0.0.md b/src/content/changes/workload-cluster-releases-capa/releases/aws-28.0.0.md deleted file mode 100644 index bfeac5fc88..0000000000 --- a/src/content/changes/workload-cluster-releases-capa/releases/aws-28.0.0.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-capa/releases/capa-aws-28.0.0/ -changes_categories: -- Workload cluster releases for CAPA -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/capa/v28.0.0 - version: aws-28.0.0 - version_tag: aws-28.0.0 -date: '2024-07-10T09:00:00' -description: Release notes for CAPA workload cluster release aws-28.0.0, published - on 10 July 2024, 09:00. -title: Workload cluster release aws-28.0.0 for CAPA ---- - -## Changes compared to v27.0.0 - -- Kubernetes version change from 1.27.14 to 1.28.11 -- cloud-provider-aws (formerly aws-cloud-controller-manager-app) from 1.27.7-gs1 to 1.28.6-gs1 -- cluster-autoscaler from 1.27.3-gs9 to 1.28.5-gs1 diff --git a/src/content/changes/workload-cluster-releases-capa/releases/aws-28.0.1.md b/src/content/changes/workload-cluster-releases-capa/releases/aws-28.0.1.md deleted file mode 100644 index 1acc9ba40a..0000000000 --- a/src/content/changes/workload-cluster-releases-capa/releases/aws-28.0.1.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-capa/releases/capa-aws-28.0.1/ -changes_categories: -- Workload cluster releases for CAPA -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/capa/v28.0.1 - version: aws-28.0.1 - version_tag: aws-28.0.1 -date: '2024-08-26T12:00:00' -description: Release notes for CAPA workload cluster release aws-28.0.1, published - on 26 August 2024, 12:00. -title: Workload cluster release aws-28.0.1 for CAPA ---- - -This release fixes an issue where certain apps installed during or before v25 will break due to API removals when upgrading to v29. - -## Changes compared to v28.0.0 - -### Apps - -- security-bundle from v1.7.0 to v1.7.2 - -### security-bundle [v1.7.0...v1.7.2](https://github.com/giantswarm/security-bundle/compare/v1.7.0...v1.7.2) - -#### Changed - -- Update `trivy-operator` (app) to v0.9.1. -- Update `kyverno` (app) to v0.17.14. -- Update `starboard-exporter` (app) to v0.7.11. diff --git a/src/content/changes/workload-cluster-releases-capa/releases/aws-28.1.0.md b/src/content/changes/workload-cluster-releases-capa/releases/aws-28.1.0.md deleted file mode 100644 index f71dd72b5c..0000000000 --- a/src/content/changes/workload-cluster-releases-capa/releases/aws-28.1.0.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-capa/releases/capa-aws-28.1.0/ -changes_categories: -- Workload cluster releases for CAPA -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/capa/v28.1.0 - version: aws-28.1.0 - version_tag: aws-28.1.0 -date: '2024-07-30T11:00:00' -description: Release notes for CAPA workload cluster release aws-28.1.0, published - on 30 July 2024, 11:00. -title: Workload cluster release aws-28.1.0 for CAPA ---- - -This release updates the apps and components, keeping them up to date with the latest v25, v26 and v27 releases. It also brings improvements for the container registry usage. - -## Change details compared to CAPA 28.0.0 - -### cluster-aws [1.3.0](https://github.com/giantswarm/cluster-aws/releases/tag/v1.3.0) - -#### Changed - -- All workload clusters will by default use Zot registry as a pull-through cache of Azure Container Registry. - -### cert-manager [3.7.9](https://github.com/giantswarm/cert-manager-app/releases/tag/v3.7.9) - -#### Fix -- Remove quotes from acme-http01-solver-image argument. The quotes are used when looking up the image which causes an error. - -#### Update -- Improves container security by setting `runAsGroup` and `runAsUser` greater than zero for all deployments. - -### containerlinux [3815.2.5](https://www.flatcar-linux.org/releases/#release-3815.2.5) - -_Changes since **Stable 3815.2.4**_ - -#### Security fixes: - -- openssh ([CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387)) - -#### Updates: - -- Linux ([6.1.96](https://lwn.net/Articles/979851)) -- openssh ([9.7_p1](https://www.openssh.com/txt/release-9.7)) - -### cilium [0.25.1](https://github.com/giantswarm/cilium-app/releases/tag/v0.25.1) - -#### Changed -- Fix regression setting Policy BPF Max map policyMapMax back to 65536 from 16384. -- Upgrade cilium to v1.15.6. diff --git a/src/content/changes/workload-cluster-releases-capa/releases/aws-29.0.0.md b/src/content/changes/workload-cluster-releases-capa/releases/aws-29.0.0.md deleted file mode 100644 index 2e02c9c1c4..0000000000 --- a/src/content/changes/workload-cluster-releases-capa/releases/aws-29.0.0.md +++ /dev/null @@ -1,175 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-capa/releases/capa-aws-29.0.0/ -changes_categories: -- Workload cluster releases for CAPA -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/capa/v29.0.0 - version: aws-29.0.0 - version_tag: aws-29.0.0 -date: '2024-08-07T12:00:00' -description: Release notes for CAPA workload cluster release aws-29.0.0, published - on 07 August 2024, 12:00. -title: Workload cluster release aws-29.0.0 for CAPA ---- - -## Changes compared to v28.1.0 - -### Components - -- cluster-aws from v1.3.0 to v2.0.0 -- Kubernetes from v1.28.11 to v1.29.7 - -### cluster-aws [v1.3.0...v2.0.0](https://github.com/giantswarm/cluster-aws/compare/v1.3.0...v2.0.0) - -#### Added - -- Add `global.metadata.labels` to values schema. This field is used to add labels to the cluster resources. -- Enable `observability-policies` app. - -#### Changed - -- Update cluster chart to v1.1.0. - - This sets cilium `kubeProxyReplacement` config to `"true"` instead to `"strict"` (`"strict"` has been deprecated since cilium v1.14, see [this upstream cilium](https://github.com/cilium/cilium/issues/32711) issue for more details). -- Update `ami` named template to correctly render OS image name with the new format `flatcar-stable--kube--tooling--gs`. - -### Apps - -- cert-exporter from v2.9.0 to v2.9.1 -- cert-manager from v3.7.9 to v3.8.1 -- cloud-provider-aws from v1.28.6-gs1 to v1.29.3-gs1 -- cluster-autoscaler from v1.28.5-gs1 to v1.29.3-gs1 -- irsa-servicemonitors from v0.0.1 to v0.1.0 -- k8s-audit-metrics from v0.9.0 to v0.10.0 -- k8s-dns-node-cache from v2.6.2 to v2.8.1 -- net-exporter from v1.19.0 to v1.21.0 -- observability-bundle from v1.3.4 to v1.5.2 -- observability-policies v0.0.1 -- prometheus-blackbox-exporter from v0.4.1 to v0.4.2 -- security-bundle from v1.7.0 to v1.8.0 -- teleport-kube-agent from v0.9.0 to v0.9.2 -- vertical-pod-autoscaler from v5.2.2 to v5.2.4 - -### cert-exporter [v2.9.0...v2.9.1](https://github.com/giantswarm/cert-exporter/compare/v2.9.0...v2.9.1) - -#### Changed - -- Chart: Update PolicyExceptions to v2beta1. ([#358](https://github.com/giantswarm/cert-exporter/pull/358)) - -### cert-manager [v3.7.9...v3.8.1](https://github.com/giantswarm/cert-manager-app/compare/v3.7.8...v3.8.1) - -#### Changed - -- Bump architect-orb@5.3.1 to fix CVE-2024-24790. -- Improves `cainjector`'s Vertical Pod Autoscaler - -### cloud-provider-aws [v1.28.6-gs1...v1.29.3-gs1](https://github.com/giantswarm/aws-cloud-controller-manager-app/compare/v1.28.6-gs1...v1.29.3-gs1) - -#### Changed - -- Chart: Update to upstream v1.29.3. ([#62](https://github.com/giantswarm/aws-cloud-controller-manager-app/pull/62)) - -### cluster-autoscaler [v1.28.5-gs1...v1.29.3-gs1](https://github.com/giantswarm/cluster-autoscaler-app/compare/v1.28.5-gs1...v1.29.3-gs1) - -#### Changed - -- Chart: Update to upstream v1.29.3. ([#279](https://github.com/giantswarm/cluster-autoscaler-app/pull/279)) - -### irsa-servicemonitors [v0.0.1...v0.1.0](https://github.com/giantswarm/irsa-servicemonitors-app/compare/v0.0.1...v0.1.0) - -#### Changed - -- Removing duplicate label ([#5](https://github.com/giantswarm/irsa-servicemonitors-app/pull/5)) - -### k8s-audit-metrics [v0.9.0...v0.10.0](https://github.com/giantswarm/k8s-audit-metrics/compare/v0.9.0...v0.10.0) - -#### Changed - -- Add `securityContext.readOnlyRootFilesystem` helm value (default true). - -### k8s-dns-node-cache [v2.6.2...v2.8.1](https://github.com/giantswarm/k8s-dns-node-cache-app/compare/v2.6.2...v2.8.1) - -#### Changed - -- Make the app visible for all providers. -- Reduce security exceptions [#89](https://github.com/giantswarm/k8s-dns-node-cache-app/pull/89). - - Enable readOnly FS moving config to emptyDir volume. - - Remove `NET_ADMIN` and drop `ALL` capabilities. - - Add `NET_BIND_SERVICE` capability. - - Add policy exception for `require-non-root-groups/autogen-check-runasgroup`. - - Remove disallow-capabilities-* policy exceptions. -- Update PolicyException CR version to v2beta1. - -### net-exporter [v1.19.0...v1.21.0](https://github.com/giantswarm/net-exporter/compare/v1.19.0...v1.21.0) - -#### Changed - -- Enable readOnlyRootFilesystem in securityContext (#376)[https://github.com/giantswarm/net-exporter/pull/376]. -- Update module google.golang.org/grpc to v1.65.0 (#373). -- Update k8s modules to v0.30.2 (#375). -- Update quay.io/giantswarm/alpine Docker tag to v3.20.1 (#372). -- Add `node` and `app` labels in ServiceMonitor. - -### observability-bundle [v1.3.4...v1.5.2](https://github.com/giantswarm/observability-bundle/compare/v1.3.4...v1.5.2) - -#### Added - -- Add `alloy` v0.3.0 as `alloy-logs` - -#### Changed - -- Fix CNP issues (allow traffic from pods in kube-system to nginx-ingress-controller) - - Upgrade `grafana-agent` to 0.4.5. - - Upgrade `alloy` to 0.3.1. - - Upgrade `promtail` to 1.5.4. -- Upgrade `prometheus-operator-crd` to 11.0.1. -- prometheus-operator will not check promql syntax for prometheusRules that are labelled `application.giantswarm.io/prometheus-rule-kind: loki` -- Upgrade `kube-prometheus-stack` to 11.0.0 and `prometheus-operator-crd` to 11.0.0. This upgrade mainly consists in: - - kube-prometheus-stack dependency chart upgraded from [56.21.2](https://github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-56.21.2) to [61.0.0](https://github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-61.0.0) - - prometheus upgrade from 2.50.1 to [2.53.0](https://github.com/prometheus-community/helm-charts/releases/tag/prometheus-25.22.0) - - thanos ruler upgrade from 0.34.1 to [0.35.1](https://github.com/thanos-io/thanos/releases/tag/v0.35.1) - - kube-state-metrics from 2.10.0 to 2.12.0 - - prometheus-operator from 0.71.2 [0.75.0](https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.75.0) - adding remoteWrite.proxyFromEnvironment and Scrape Class support - - prometheus-node-exporter upgraded from 1.8.0 to [1.8.1](https://github.com/prometheus/node_exporter/releases/tag/v1.8.1) -- Upgrade `grafana-agent` from 0.4.3 to 0.4.4 - - This version enables the override the grafana agent `CiliumNetworkPolicy` egress and ingress sections. - -### observability-policies [v0.0.1](https://github.com/giantswarm/observability-policies-app/releases/v0.0.1) - -#### Added - -- Add a ClusterPolicy to prevent prometheus-operator CRDs deletion. -- Create `observability-policies` app to deploy Kyverno Observability Policies into clusters. - -### prometheus-blackbox-exporter [v0.4.1...v0.4.2](https://github.com/giantswarm/prometheus-blackbox-exporter-app/compare/v0.4.1...v0.4.2) - -#### Changed - -- Remove duplicated team label. - -### security-bundle [v1.7.0...v1.8.0](https://github.com/giantswarm/security-bundle/compare/v1.7.0...v1.8.0) - -#### Added - -- Add `kyverno-crds` app to handle Kyverno CRD install. - -#### Changed - -- Update `kyverno` (app) to v0.17.15. This version disables the CRD install job in favor of `kyverno-crds` App. -- Update `starboard-exporter` (app) to v0.7.11. - -### teleport-kube-agent [v0.9.0...v0.9.2](https://github.com/giantswarm/teleport-kube-agent-app/compare/v0.9.0...v0.9.2) - -#### Changed - -- Introduced `podAntiAffinity` so `teleport-kube-agent` pods run on different `control-plane` nodes also increased the number of replicas to 3 to maintain better high availability. -- Changed the way registry is being parsed in helm templates - -### vertical-pod-autoscaler [v5.2.2...v5.2.4](https://github.com/giantswarm/vertical-pod-autoscaler-app/compare/v5.2.2...v5.2.4) - -#### Changed - -- Chart: Update Helm release vertical-pod-autoscaler to v9.8.3. ([#301](https://github.com/giantswarm/vertical-pod-autoscaler-app/pull/301)) -- Chart: Change `restartPolicy` to `OnFailure` for the CRD job. ([#298](https://github.com/giantswarm/vertical-pod-autoscaler-app/pull/298)) diff --git a/src/content/changes/workload-cluster-releases-capa/releases/aws-29.3.1.md b/src/content/changes/workload-cluster-releases-capa/releases/aws-29.3.1.md deleted file mode 100644 index 2e92cadea1..0000000000 --- a/src/content/changes/workload-cluster-releases-capa/releases/aws-29.3.1.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. -aliases: -- /changes/tenant-cluster-releases-capa/releases/capa-aws-29.3.1/ -changes_categories: -- Workload cluster releases for CAPA -changes_entry: - repository: giantswarm/releases - url: https://github.com/giantswarm/releases/tree/master/capa/v29.3.1 - version: aws-29.3.1 - version_tag: aws-29.3.1 -date: '2024-09-30T12:00:00' -description: Release notes for CAPA workload cluster release aws-29.3.1, published - on 30 September 2024, 12:00. -title: Workload cluster release aws-29.3.1 for CAPA ---- - -## Changes compared to v29.3.0 - -This release does not contain any changes to components or apps, but makes use of an cluster-aws chart which allows custom tags applied to EC2 instances only using the `global.providerSpecific.additionalNodeTags` property. - -Expose the maxHealthyPercentage property to allow setting the maximum percentage of healthy machines in the Auto Scaling Group during upgrades. diff --git a/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-27.0.0.md b/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-27.0.0.md index 18edfe9dc3..386077fe6d 100644 --- a/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-27.0.0.md +++ b/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-27.0.0.md @@ -21,11 +21,11 @@ We are happy to announce the first release for VMware Cloud Director that uses t In order to consume the new flow, the following two fields need to be manually adapted: -* In ConfigMap `-userconfig` set `.Values.global.release` to the release version, e.g. `27.0.0`. +* In ConfigMap `-userconfig` set `.Values.global.release.version` to the release version, e.g. `27.0.0`. * In App `` remove the `spec.version` field. In case of GitOps, Flux might complain that the app manifest is invalid as the `spec.version` field is mandatory. In that case, edit the live App CR and set `spec.version` to an empty string. That will unblock Flux and allow it reconcile successfully. And if you want to use `kubectl-gs` to create a cluster, you'd need to now specify the release version, e.g.: ```bash -kubectl-gs template cluster --provider cloud-director --organization my_org --name cluster_name --release v27.0.0 +kubectl-gs template cluster --provider cloud-director --organization my_org --name cluster_name --release 27.0.0 ``` diff --git a/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-28.0.0.md b/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-28.0.0.md new file mode 100644 index 0000000000..f230a4706e --- /dev/null +++ b/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-28.0.0.md @@ -0,0 +1,22 @@ +--- +# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. +aliases: +- /changes/tenant-cluster-releases-cloud-director/releases/cloud-director-cloud-director-28.0.0/ +changes_categories: +- Workload cluster releases for CLOUD-DIRECTOR +changes_entry: + repository: giantswarm/releases + url: https://github.com/giantswarm/releases/tree/master/cloud-director/v28.0.0 + version: cloud-director-28.0.0 + version_tag: cloud-director-28.0.0 +date: '2024-11-13T12:00:00' +description: Release notes for CLOUD-DIRECTOR workload cluster release cloud-director-28.0.0, + published on 13 November 2024, 12:00. +title: Workload cluster release cloud-director-28.0.0 for CLOUD-DIRECTOR +--- + +## Changes compared to v27.0.0 + +### Components + +- Kubernetes from v1.27.16 to v1.28.15 diff --git a/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-29.0.0.md b/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-29.0.0.md new file mode 100644 index 0000000000..27c73a1fd2 --- /dev/null +++ b/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-29.0.0.md @@ -0,0 +1,106 @@ +--- +# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. +aliases: +- /changes/tenant-cluster-releases-cloud-director/releases/cloud-director-cloud-director-29.0.0/ +changes_categories: +- Workload cluster releases for CLOUD-DIRECTOR +changes_entry: + repository: giantswarm/releases + url: https://github.com/giantswarm/releases/tree/master/cloud-director/v29.0.0 + version: cloud-director-29.0.0 + version_tag: cloud-director-29.0.0 +date: '2024-11-15T12:00:00' +description: Release notes for CLOUD-DIRECTOR workload cluster release cloud-director-29.0.0, + published on 15 November 2024, 12:00. +title: Workload cluster release cloud-director-29.0.0 for CLOUD-DIRECTOR +--- + +## Changes compared to v28.0.0 + +### Components + +- Flatcar from v3815.2.5 to [v3975.2.2](https://www.flatcar.org/releases#release-3975.2.2) +- Kubernetes from v1.28.15 to [v1.29.10](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md) + +### Apps + +- cert-exporter from v2.9.1 to v2.9.2 +- coredns from v1.21.0 to v1.22.0 +- node-exporter from v1.19.0 to v1.20.0 +- observability-bundle from v1.5.3 to v1.6.2 +- security-bundle from v1.8.0 to v1.8.2 +- teleport-kube-agent from v0.9.2 to v0.10.3 +- vertical-pod-autoscaler from v5.2.4 to v5.3.0 +- vertical-pod-autoscaler-crd from v3.1.0 to v3.1.1 + +### cert-exporter [v2.9.1...v2.9.2](https://github.com/giantswarm/cert-exporter/compare/v2.9.1...v2.9.2) + +#### Added + +- Chart: Add VPA and resources configuration for deployment and daemonset. ([#382](https://github.com/giantswarm/cert-exporter/pull/382)) + +### coredns [v1.21.0...v1.22.0](https://github.com/giantswarm/coredns-app/compare/v1.21.0...v1.22.0) + +#### Changed + +- Update `coredns` image to [1.11.3](https://github.com/coredns/coredns/releases/tag/v1.11.3). + +#### Removed + +- Removed legacy Giant Swarm monitoring labels as coredns is monitored through a prometheus-operator generated servicemonitor. + +### node-exporter [v1.19.0...v1.20.0](https://github.com/giantswarm/node-exporter-app/compare/v1.19.0...v1.20.0) + +#### Changed + +- Synced with upstream chart v4.38.0 (node-exporter 1.8.2). + +### observability-bundle [v1.5.3...v1.6.2](https://github.com/giantswarm/observability-bundle/compare/v1.5.3...v1.6.2) + +#### Added + +- Add `alloy` v0.4.0 as `alloyMetrics`. + +#### Changed + +- Fixed `alloyMetrics` catalog +- Disable usage reporting to GrafanaLabs by: +- Bumping `alloyLogs` and `alloyMetrics` to v0.4.1. +- Bumping `grafanaAgent` to v0.4.6. + +### security-bundle [v1.8.0...v1.8.2](https://github.com/giantswarm/security-bundle/compare/v1.8.0...v1.8.2) + +#### Changed + +- Update `cloudnative-pg` (app) to v0.0.6. +- Update `trivy-operator` (app) to v0.10.0. +- Update `kyverno-policy-operator` (app) to v0.0.8. +- Update `kyverno` (app) to v0.17.16. + +### teleport-kube-agent [v0.9.2...v0.10.3](https://github.com/giantswarm/teleport-kube-agent-app/compare/v0.9.2...v0.10.3) + +#### Changed + +- Disable JAMF components on chart templates +- Fix issues with templates +- Change ownership to Team Shield +- Added small fix on `podSecurityContext` for `seccompProfile`. +- Upgraded to Teleport `version 16` + +### vertical-pod-autoscaler [v5.2.4...v5.3.0](https://github.com/giantswarm/vertical-pod-autoscaler-app/compare/v5.2.4...v5.3.0) + +#### Changed + +- Chart: Update Helm release vertical-pod-autoscaler to v9.9.0. ([#314](https://github.com/giantswarm/vertical-pod-autoscaler-app/pull/314)) +- Chart: Consume `global.imageRegistry`. ([#315](https://github.com/giantswarm/vertical-pod-autoscaler-app/pull/315)) + +#### Removed + +- Chart: Do not override `crds.image.tag`. ([#316](https://github.com/giantswarm/vertical-pod-autoscaler-app/pull/316)) + +### vertical-pod-autoscaler-crd [v3.1.0...v3.1.1](https://github.com/giantswarm/vertical-pod-autoscaler-crd/compare/v3.1.0...v3.1.1) + +#### Changed + +- Chart: Improve `Chart.yaml`. ([#110](https://github.com/giantswarm/vertical-pod-autoscaler-crd/pull/110)) +- Repository: Some chores. ([#111](https://github.com/giantswarm/vertical-pod-autoscaler-crd/pull/111)) diff --git a/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-29.1.0.md b/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-29.1.0.md new file mode 100644 index 0000000000..9f30589e80 --- /dev/null +++ b/src/content/changes/workload-cluster-releases-cloud-director/releases/cloud-director-29.1.0.md @@ -0,0 +1,48 @@ +--- +# Generated by scripts/aggregate-changelogs. WARNING: Manual edits to this files will be overwritten. +aliases: +- /changes/tenant-cluster-releases-cloud-director/releases/cloud-director-cloud-director-29.1.0/ +changes_categories: +- Workload cluster releases for CLOUD-DIRECTOR +changes_entry: + repository: giantswarm/releases + url: https://github.com/giantswarm/releases/tree/master/cloud-director/v29.1.0 + version: cloud-director-29.1.0 + version_tag: cloud-director-29.1.0 +date: '2024-11-25T12:00:00' +description: Release notes for CLOUD-DIRECTOR workload cluster release cloud-director-29.1.0, + published on 25 November 2024, 12:00. +title: Workload cluster release cloud-director-29.1.0 for CLOUD-DIRECTOR +--- + +## Changes compared to v29.0.0 + +### Apps + +- cert-exporter from v2.9.2 to v2.9.3 +- observability-bundle from v1.6.2 to v1.8.0 + +### cert-exporter [v2.9.2...v2.9.3](https://github.com/giantswarm/cert-exporter/compare/v2.9.2...v2.9.3) + +#### Changed + +- Chart: Enable `global.podSecurityStandards.enforced`. ([#420](https://github.com/giantswarm/cert-exporter/pull/420)) + +### observability-bundle [v1.6.2...v1.8.0](https://github.com/giantswarm/observability-bundle/compare/v1.6.2...v1.8.0) + +#### Changed + +- Upgrade `prometheus-agent` from v0.6.9 to v0.7.0. + - Adds extraArgs to be able to use nice features like wal truncation +- upgrade `kube-prometheus-stack` from 61.0.0 to 65.1.1 + - prometheus-operator CRDs from 0.73.0 to 0.75.0 + - prometheus-operator from 0.75.0 to 0.77.1 + - prometheus upgraded from 2.53.0 to 2.54.1 + - grafana from 8.2.0 to 8.5.0 + - thanos ruler upgraded from 0.35.1 to 0.36.1 + - prometheus-node-exporter upgraded from 1.8.1 to 1.8.2 +- Add missing depends on annotation on alloy-metrics and alloy-logs to make sure they are deployed after the prometheus-operator-crds. +- Upgrade `alloyLogs` to v0.6.1 + - Allow passing PodLogs via helm chart values + - Upgrade to Alloy v1.4.2 which fixes a bug with component reload/evaluation and keeping Alloy up-to-date + - Fixes an issue with CiliumNetworkPolicy preventing Alloy to run in clustering mode diff --git a/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-27.0.0.md b/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-27.0.0.md index 72a6fbb258..59a6bc9bf0 100644 --- a/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-27.0.0.md +++ b/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-27.0.0.md @@ -7,12 +7,12 @@ changes_categories: changes_entry: repository: giantswarm/releases url: https://github.com/giantswarm/releases/tree/master/vsphere/v27.0.0 - version: sphere-27.0.0 + version: vsphere-27.0.0 version_tag: vsphere-27.0.0 date: '2024-08-12T12:00:00' -description: Release notes for VSPHERE workload cluster release sphere-27.0.0, published +description: Release notes for VSPHERE workload cluster release vsphere-27.0.0, published on 12 August 2024, 12:00. -title: Workload cluster release sphere-27.0.0 for VSPHERE +title: Workload cluster release vsphere-27.0.0 for VSPHERE --- We are happy to announce the first release for vSphere that uses the new release framework. @@ -21,11 +21,11 @@ We are happy to announce the first release for vSphere that uses the new release In order to consume the new flow, the following two fields need to be manually adapted: -* In ConfigMap `-userconfig` set `.Values.global.release` to the release version, e.g. `27.0.0`. +* In ConfigMap `-userconfig` set `.Values.global.release.version` to the release version, e.g. `27.0.0`. * In App `` remove the `spec.version` field. In case of GitOps, Flux might complain that the app manifest is invalid as the `spec.version` field is mandatory. In that case, edit the live App CR and set `spec.version` to an empty string. That will unblock Flux and allow it reconcile successfully. And if you want to use `kubectl-gs` to create a cluster, you'd need to now specify the release version, e.g.: ```bash -kubectl-gs template cluster --provider vsphere --organization my_org --name cluster_name -vsphere-network-name network_name --release v27.0.0 +kubectl-gs template cluster --provider vsphere --organization my_org --name cluster_name -vsphere-network-name network_name --release 27.0.0 ``` diff --git a/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-27.0.1.md b/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-27.0.1.md index d97c259eb5..6b181aad1e 100644 --- a/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-27.0.1.md +++ b/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-27.0.1.md @@ -7,12 +7,12 @@ changes_categories: changes_entry: repository: giantswarm/releases url: https://github.com/giantswarm/releases/tree/master/vsphere/v27.0.1 - version: sphere-27.0.1 + version: vsphere-27.0.1 version_tag: vsphere-27.0.1 date: '2024-10-23T12:00:00' -description: Release notes for VSPHERE workload cluster release sphere-27.0.1, published +description: Release notes for VSPHERE workload cluster release vsphere-27.0.1, published on 23 October 2024, 12:00. -title: Workload cluster release sphere-27.0.1 for VSPHERE +title: Workload cluster release vsphere-27.0.1 for VSPHERE --- We are happy to announce the first release for vSphere that uses the new release framework. @@ -21,11 +21,11 @@ We are happy to announce the first release for vSphere that uses the new release In order to consume the new flow, the following two fields need to be manually adapted: -* In ConfigMap `-userconfig` set `.Values.global.release` to the release version, e.g. `27.0.1`. +* In ConfigMap `-userconfig` set `.Values.global.release.version` to the release version, e.g. `27.0.1`. * In App `` remove the `spec.version` field. In case of GitOps, Flux might complain that the app manifest is invalid as the `spec.version` field is mandatory. In that case, edit the live App CR and set `spec.version` to an empty string. That will unblock Flux and allow it reconcile successfully. And if you want to use `kubectl-gs` to create a cluster, you'd need to now specify the release version, e.g.: ```bash -kubectl-gs template cluster --provider vsphere --organization my_org --name cluster_name -vsphere-network-name network_name --release v27.0.1 +kubectl-gs template cluster --provider vsphere --organization my_org --name cluster_name -vsphere-network-name network_name --release 27.0.1 ``` diff --git a/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-28.0.0.md b/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-28.0.0.md index 28492226dc..dcd29d3215 100644 --- a/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-28.0.0.md +++ b/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-28.0.0.md @@ -7,12 +7,12 @@ changes_categories: changes_entry: repository: giantswarm/releases url: https://github.com/giantswarm/releases/tree/master/vsphere/v28.0.0 - version: sphere-28.0.0 + version: vsphere-28.0.0 version_tag: vsphere-28.0.0 date: '2024-10-18T12:00:00' -description: Release notes for VSPHERE workload cluster release sphere-28.0.0, published +description: Release notes for VSPHERE workload cluster release vsphere-28.0.0, published on 18 October 2024, 12:00. -title: Workload cluster release sphere-28.0.0 for VSPHERE +title: Workload cluster release vsphere-28.0.0 for VSPHERE --- ## Changes compared to v27.0.0 diff --git a/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-28.0.1.md b/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-28.0.1.md index 36dc600771..586505aa06 100644 --- a/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-28.0.1.md +++ b/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-28.0.1.md @@ -7,12 +7,12 @@ changes_categories: changes_entry: repository: giantswarm/releases url: https://github.com/giantswarm/releases/tree/master/vsphere/v28.0.1 - version: sphere-28.0.1 + version: vsphere-28.0.1 version_tag: vsphere-28.0.1 date: '2024-10-23T12:00:00' -description: Release notes for VSPHERE workload cluster release sphere-28.0.1, published +description: Release notes for VSPHERE workload cluster release vsphere-28.0.1, published on 23 October 2024, 12:00. -title: Workload cluster release sphere-28.0.1 for VSPHERE +title: Workload cluster release vsphere-28.0.1 for VSPHERE --- ## Changes compared to v27.0.1 diff --git a/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-29.0.0.md b/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-29.0.0.md index d85b06f0fe..91fe0b0b63 100644 --- a/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-29.0.0.md +++ b/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-29.0.0.md @@ -7,12 +7,12 @@ changes_categories: changes_entry: repository: giantswarm/releases url: https://github.com/giantswarm/releases/tree/master/vsphere/v29.0.0 - version: sphere-29.0.0 + version: vsphere-29.0.0 version_tag: vsphere-29.0.0 date: '2024-10-23T12:00:00' -description: Release notes for VSPHERE workload cluster release sphere-29.0.0, published +description: Release notes for VSPHERE workload cluster release vsphere-29.0.0, published on 23 October 2024, 12:00. -title: Workload cluster release sphere-29.0.0 for VSPHERE +title: Workload cluster release vsphere-29.0.0 for VSPHERE --- ## Changes compared to v28.0.1 diff --git a/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-29.1.0.md b/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-29.1.0.md index 0d974c209d..3823791819 100644 --- a/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-29.1.0.md +++ b/src/content/changes/workload-cluster-releases-vsphere/releases/vsphere-29.1.0.md @@ -7,12 +7,12 @@ changes_categories: changes_entry: repository: giantswarm/releases url: https://github.com/giantswarm/releases/tree/master/vsphere/v29.1.0 - version: sphere-29.1.0 + version: vsphere-29.1.0 version_tag: vsphere-29.1.0 date: '2024-11-13T12:00:00' -description: Release notes for VSPHERE workload cluster release sphere-29.1.0, published +description: Release notes for VSPHERE workload cluster release vsphere-29.1.0, published on 13 November 2024, 12:00. -title: Workload cluster release sphere-29.1.0 for VSPHERE +title: Workload cluster release vsphere-29.1.0 for VSPHERE --- ## Changes compared to v29.0.0 diff --git a/src/content/getting-started/access-to-platform-api/_index.md b/src/content/getting-started/access-to-platform-api/_index.md index da20627944..3e16d03b2f 100644 --- a/src/content/getting-started/access-to-platform-api/_index.md +++ b/src/content/getting-started/access-to-platform-api/_index.md @@ -1,7 +1,7 @@ --- title: Access to the platform API description: How engineers can access the platform API to provision new workload clusters or deploy applications. -weight: 30 +weight: 20 last_review_date: 2024-07-17 menu: principal: @@ -14,17 +14,17 @@ user_questions: - What do I need to do to access the platform API? --- -Giant Swarm's platform API, a Kubernetes API that operates on the management cluster, offers unique features and custom resources. These enable you to perform a range of actions, from creating and updating clusters to deploying applications, enhancing your cluster and workload resource management capabilities. +Giant Swarm's platform API, a `Kubernetes` API that operates on the management cluster, offers unique features and custom resources. These enable you to perform a range of actions, from creating and updating clusters to deploying applications, enhancing your cluster and workload resource management capabilities. You can have multiple management clusters, for example, if different cloud providers are used. Each management cluster has its own API endpoint and is isolated from the others. In this guide, you learn how to access the platform API of one of these management clusters. Usually, to interact with the platform API, you have three options: 1. Use GitOps flavour using Flux -2. Use the `kubectl` command-line tool with our custom plugin -3. Use the [Giant Swarm Web UI](https://docs.giantswarm.io/ui-api/) +2. Use the `kubectl` command-line tool with our [custom plugin]({{< relref "/reference/kubectl-gs" >}}) +3. Use the [Giant Swarm Web UI]({{< relref "/vintage/platform-overview/web-interface/overview" >}}) -This guide focuses on the second option, using the `kubectl` command-line tool. However, you can find more information about the other options in the [tutorials](https://docs.giantswarm.io/tutorials/). +This guide focuses on the second option, using the `kubectl` command-line tool. However, you can find more information about the other options in the [tutorials]({{< relref "/tutorials" >}}). ## Requirements @@ -60,7 +60,7 @@ A new kubectl context named 'gs-wombat' has been created and selected. To switch kubectl config use-context gs-wombat ``` -When logging in, you must authenticate in your browser using the configured identity provider (for example, by signing into an Active Directory or GitHub user account). To learn more about the different authentication methods, see the [authentication page]({{< relref "/overview/architecture/authentication" >}}). +When logging in, you must authenticate in your browser using the configured identity provider (for example, by signing into an `Active Directory` or `GitHub` user account). To learn more about the different authentication methods, see the [authentication page]({{< relref "/overview/architecture/authentication" >}}). ## Step 2: Explore the platform @@ -76,7 +76,7 @@ testing 97d giantswarm 97d ``` -Organizations are a way to separate and isolate clusters, apps, etc., between different teams or environments. More information can be found in [Multi-tenancy]({{< relref "/vintage/platform-overview/multi-tenancy" >}}). +Organizations are a way to separate and isolate clusters, apps, etc., between different teams or environments. More information can be found in [Multi-tenancy]({{< relref "/overview/fleet-management/multi-tenancy" >}}). Secondly, run the `kubectl gs get clusters -A` command, which shows all the clusters managed by your management cluster, the `-A` flag stands for all namespaces. @@ -115,4 +115,4 @@ You can notice that the apps are deployed in the `org-x` namespace and are prefi ## Next step -Now that you have access to the platform API and know a bit more about it, you are ready to [create a workload cluster]({{< relref "/vintage/getting-started/create-workload-cluster" >}}). +Now that you have access to the platform API and know a bit more about it, you are ready to [create a workload cluster]({{< relref "/getting-started/provision-your-first-workload-cluster/" >}}). diff --git a/src/content/getting-started/install-an-application/_index.md b/src/content/getting-started/install-an-application/_index.md index 35150514b0..40fe22f7cd 100644 --- a/src/content/getting-started/install-an-application/_index.md +++ b/src/content/getting-started/install-an-application/_index.md @@ -2,8 +2,8 @@ title: Install an application using the app platform linkTitle: Install an application description: Add capabilities to your platform by deploying applications from our catalog. -weight: 50 -last_review_date: 2024-09-06 +weight: 40 +last_review_date: 2024-11-28 menu: principal: parent: getting-started @@ -17,7 +17,7 @@ user_questions: The _Giant Swarm App Platform_ is built on top of [Helm](https://helm.sh/) charts and allows you to manage apps and their configurations represented by `App` custom resources (CRs) for multiple clusters, from a single place: the [Platform API]({{< relref "/overview/architecture#platform-api" >}}) on the management cluster. -In this guide, we will install a `hello-world` app together with an ingress nginx controller to serve the web application publicly. We will do this by using kubectl, to create an [App]({{< relref "/vintage/use-the-api/management-api/crd/apps.application.giantswarm.io.md" >}}) CR using the platform API of your management cluster. +In this guide, we will install a `hello-world` app together with an ingress nginx controller to serve the web application publicly. We will do this by using kubectl, to create an [App]({{< relref "/reference/platform-api/crd/apps.application.giantswarm.io.md" >}}) CR using the platform API of your management cluster. In general, you can manage `App` CRs with any tool that can communicate with the Kubernetes API such as Helm or GitOps tools (like Argo CD or Flux CD). @@ -55,13 +55,13 @@ test01-vertical-pod-autoscaler 5.2.4 12m 110s __Note__: We don't enforce the cluster prefix (here: `test01-`), but it's a good practice to have it. -You can see that several applications already exist for the workload cluster `test01`. Most of the apps run directly in the workload cluster itself. The operator which actually deploys the applications to the workload clusters is running on the management cluster and is called `app-operator`. Learn more about this process [in this guide]({{< relref "/vintage/platform-overview/app-platform/" >}}). +You can see that several applications already exist for the workload cluster `test01`. Most of the apps run directly in the workload cluster itself. The operator which actually deploys the applications to the workload clusters is running on the management cluster and is called `app-operator`. Learn more about this process [in this guide]({{< relref "/overview/fleet-management/app-management" >}}). ## Step 2: Install an ingress nginx controller {#install-ingress-controller} Before installing the `hello-world` app, an ingress controller must be running in the cluster. The ingress controller is responsible for routing the incoming traffic to the correct service in the cluster and make it available publicly. -To know which applications are available for customers we've extended the platform with two custom resources. The first resource is [`Catalog`]({{< relref "/vintage/use-the-api/management-api/crd/catalogs.application.giantswarm.io/" >}}) which contains application definitions that are available for installation in the workload clusters. The second is the [`AppCatalogEntry`]({{< relref "/vintage/use-the-api/management-api/crd/appcatalogentries.application.giantswarm.io.md" >}}) which is the application definition for each application version. +To know which applications are available for customers we've extended the platform with two custom resources. The first resource is [`Catalog`]({{< relref "/reference/platform-api/crd/catalogs.application.giantswarm.io.md" >}}) which contains application definitions that are available for installation in the workload clusters. The second is the [`AppCatalogEntry`]({{< relref "/reference/platform-api/crd/appcatalogentries.application.giantswarm.io.md" >}}) which is the application definition for each application version. By default there is a single catalog in the platform with the applications maintained by us: @@ -199,7 +199,7 @@ spec: version: 2.3.2 ``` -The `spec.name` field is the application's name in the catalog, while `metadata.name` designates the name of the `App` object in the cluster and can therefore be freely chosen. [Read more information about the properties here]({{ relref "/vintage/use-the-api/management-api/crd/apps.application.giantswarm.io/" }}). +The `spec.name` field is the application's name in the catalog, while `metadata.name` designates the name of the `App` object in the cluster and can therefore be freely chosen. [Read more information about the properties here]({{ relref "/reference/platform-api/crd/apps.application.giantswarm.io/" }}). Now let's push the file to your GitOps repository, or apply it directly to the platform API with the following command: diff --git a/src/content/getting-started/observe-your-clusters-and-apps/_index.md b/src/content/getting-started/observe-your-clusters-and-apps/_index.md index 2508f36398..ebd6476cad 100644 --- a/src/content/getting-started/observe-your-clusters-and-apps/_index.md +++ b/src/content/getting-started/observe-your-clusters-and-apps/_index.md @@ -1,8 +1,12 @@ --- title: Observe your clusters and apps description: Check cluster and app metrics with the observability tools provided with the Giant Swarm platform. -weight: 70 -last_review_date: 2024-08-10 +weight: 60 +last_review_date: 2024-11-28 +menu: + principal: + parent: getting-started + identifier: getting-started-observe owner: - https://github.com/orgs/giantswarm/teams/sig-docs user_questions: @@ -65,7 +69,7 @@ Along with service monitor metrics, you can check metrics for DNS, Ingress, Flux ## Step 3: Create your own dashboard -In some occasions, you may want to create a custom dashboard to visualize the metrics of your application. Once logged into the [platform API]({{< relref "/vintage/use-the-api/management-api/_index.md" >}}) you can create a special `ConfigMap` containing the dashboard in JSON format. It will look like this: +In some occasions, you may want to create a custom dashboard to visualize the metrics of your application. Once logged into the [platform API]({{< relref "/reference/platform-api" >}}) you can create a special `ConfigMap` containing the dashboard in JSON format. It will look like this: ```yaml apiVersion: v1 @@ -108,4 +112,4 @@ As you can see in the image above, the dashboard shows some information about th ## Next step -After knowing how your application behaves let's explore what's the [security baseline and how does it affect your workload]({{< relref "/getting-started/secure-your-app" >}}). +After knowing how your application behaves let's explore how security is handled in the platform. Learn more [in the security overview]({{< relref "/overview/security" >}}). diff --git a/src/content/getting-started/prepare-your-provider-account/_index.md b/src/content/getting-started/prepare-your-provider-infrastructure/_index.md similarity index 60% rename from src/content/getting-started/prepare-your-provider-account/_index.md rename to src/content/getting-started/prepare-your-provider-infrastructure/_index.md index bbaabe0e87..60bba7c245 100644 --- a/src/content/getting-started/prepare-your-provider-account/_index.md +++ b/src/content/getting-started/prepare-your-provider-infrastructure/_index.md @@ -1,17 +1,17 @@ --- -title: Prepare your provider account +title: Prepare your provider infrastructure description: Set up your infrastructure provider (e.g. AWS account) in order to run a Giant Swarm management cluster and workload clusters, all remaining under your ownership. weight: 10 -last_review_date: 2024-04-25 +last_review_date: 2024-11-28 menu: principal: parent: getting-started - identifier: getting-started-prepare-provider-account + identifier: getting-started-prepare-provider-infrastructure owner: - https://github.com/orgs/giantswarm/teams/sig-docs user_questions: - - How do I prepare my provider account for the cloud-native developer platform? - - What do I need to do to prepare my provider account for the cloud-native developer platform? + - How do I prepare my provider infrastructure for the cloud-native developer platform? + - What do I need to do to prepare my provider infrastructure for the cloud-native developer platform? --- diff --git a/src/content/getting-started/prepare-your-provider-account/aws/_index.md b/src/content/getting-started/prepare-your-provider-infrastructure/aws/_index.md similarity index 99% rename from src/content/getting-started/prepare-your-provider-account/aws/_index.md rename to src/content/getting-started/prepare-your-provider-infrastructure/aws/_index.md index 19a4b4a337..a3fb721f77 100644 --- a/src/content/getting-started/prepare-your-provider-account/aws/_index.md +++ b/src/content/getting-started/prepare-your-provider-infrastructure/aws/_index.md @@ -2,9 +2,9 @@ title: Prepare your AWS account description: Prepare your AWS account to start building your cloud-native developer platform with Giant Swarm. weight: 10 -last_review_date: 2024-06-14 +last_review_date: 2024-11-28 owner: - - https://github.com/orgs/giantswarm/teams/sig-docs + - https://github.com/orgs/giantswarm/teams/team-phoenix user_questions: - How do I prepare my AWS account for the cloud-native developer platform? - What do I need to do to prepare my AWS account for the cloud-native developer platform? diff --git a/src/content/getting-started/prepare-your-provider-account/aws/aws-roles-attach-policy.png b/src/content/getting-started/prepare-your-provider-infrastructure/aws/aws-roles-attach-policy.png similarity index 100% rename from src/content/getting-started/prepare-your-provider-account/aws/aws-roles-attach-policy.png rename to src/content/getting-started/prepare-your-provider-infrastructure/aws/aws-roles-attach-policy.png diff --git a/src/content/getting-started/prepare-your-provider-account/aws/aws-roles-create-policy.png b/src/content/getting-started/prepare-your-provider-infrastructure/aws/aws-roles-create-policy.png similarity index 100% rename from src/content/getting-started/prepare-your-provider-account/aws/aws-roles-create-policy.png rename to src/content/getting-started/prepare-your-provider-infrastructure/aws/aws-roles-create-policy.png diff --git a/src/content/getting-started/prepare-your-provider-account/aws/aws-roles-create-role.png b/src/content/getting-started/prepare-your-provider-infrastructure/aws/aws-roles-create-role.png similarity index 100% rename from src/content/getting-started/prepare-your-provider-account/aws/aws-roles-create-role.png rename to src/content/getting-started/prepare-your-provider-infrastructure/aws/aws-roles-create-role.png diff --git a/src/content/getting-started/prepare-your-provider-account/aws/aws-roles-review.png b/src/content/getting-started/prepare-your-provider-infrastructure/aws/aws-roles-review.png similarity index 100% rename from src/content/getting-started/prepare-your-provider-account/aws/aws-roles-review.png rename to src/content/getting-started/prepare-your-provider-infrastructure/aws/aws-roles-review.png diff --git a/src/content/getting-started/prepare-your-provider-account/aws/aws-service-limits.png b/src/content/getting-started/prepare-your-provider-infrastructure/aws/aws-service-limits.png similarity index 100% rename from src/content/getting-started/prepare-your-provider-account/aws/aws-service-limits.png rename to src/content/getting-started/prepare-your-provider-infrastructure/aws/aws-service-limits.png diff --git a/src/content/getting-started/prepare-your-provider-account/aws/aws_onboarding.png b/src/content/getting-started/prepare-your-provider-infrastructure/aws/aws_onboarding.png similarity index 100% rename from src/content/getting-started/prepare-your-provider-account/aws/aws_onboarding.png rename to src/content/getting-started/prepare-your-provider-infrastructure/aws/aws_onboarding.png diff --git a/src/content/getting-started/prepare-your-provider-account/azure/_index.md b/src/content/getting-started/prepare-your-provider-infrastructure/azure/_index.md similarity index 99% rename from src/content/getting-started/prepare-your-provider-account/azure/_index.md rename to src/content/getting-started/prepare-your-provider-infrastructure/azure/_index.md index 506e5c6eaa..d6eca053a9 100644 --- a/src/content/getting-started/prepare-your-provider-account/azure/_index.md +++ b/src/content/getting-started/prepare-your-provider-infrastructure/azure/_index.md @@ -3,9 +3,9 @@ title: Prepare your provider account for Azure linkTitle: Prepare your Azure account description: Prepare your Azure account to start building your cloud-native developer platform with Giant Swarm. weight: 20 -last_review_date: 2024-05-28 +last_review_date: 2024-11-28 owner: - - https://github.com/orgs/giantswarm/teams/sig-docs + - https://github.com/orgs/giantswarm/teams/team-phoenix user_questions: - How do I prepare my Azure account for the cloud-native developer platform? - How must I prepare my Azure account for the cloud-native developer platform? diff --git a/src/content/getting-started/prepare-your-provider-account/azure/quota_editing.png b/src/content/getting-started/prepare-your-provider-infrastructure/azure/quota_editing.png similarity index 100% rename from src/content/getting-started/prepare-your-provider-account/azure/quota_editing.png rename to src/content/getting-started/prepare-your-provider-infrastructure/azure/quota_editing.png diff --git a/src/content/getting-started/prepare-your-provider-account/azure/quotas_general.png b/src/content/getting-started/prepare-your-provider-infrastructure/azure/quotas_general.png similarity index 100% rename from src/content/getting-started/prepare-your-provider-account/azure/quotas_general.png rename to src/content/getting-started/prepare-your-provider-infrastructure/azure/quotas_general.png diff --git a/src/content/getting-started/prepare-your-provider-account/vmware-cloud-director/_index.md b/src/content/getting-started/prepare-your-provider-infrastructure/vmware-cloud-director/_index.md similarity index 83% rename from src/content/getting-started/prepare-your-provider-account/vmware-cloud-director/_index.md rename to src/content/getting-started/prepare-your-provider-infrastructure/vmware-cloud-director/_index.md index 9140d666d6..846e6d7e03 100644 --- a/src/content/getting-started/prepare-your-provider-account/vmware-cloud-director/_index.md +++ b/src/content/getting-started/prepare-your-provider-infrastructure/vmware-cloud-director/_index.md @@ -1,14 +1,14 @@ --- -title: Prepare your provider account for VMware Cloud Director -linkTitle: Prepare your VCD account +title: Prepare your provider environment for VMware Cloud Director +linkTitle: Prepare your VCD environment description: Prepare your VMware Cloud Director setup to start building your cloud-native developer platform with Giant Swarm. -weight: 10 -last_review_date: 2024-05-17 +weight: 30 +last_review_date: 2024-11-28 owner: - https://github.com/orgs/giantswarm/teams/sig-docs user_questions: - - How do I prepare my VMware Cloud Director account for the cloud-native developer platform? - - What do I need to do to prepare my VCD account for the cloud-native developer platform? + - How do I prepare my VMware Cloud Director environment for the cloud-native developer platform? + - What do I need to do to prepare my VCD environment for the cloud-native developer platform? --- In order to run the Giant Swarm platform in your VMware Cloud Director (VCD) environment, several prerequisites must be satisfied to support Cluster API Provider VMware Cloud Director (CAPVCD). @@ -35,7 +35,7 @@ In terms of virtual networking, the following requirements must be met: - The virtual machines (VMs) must have access to the VCD API endpoint for the controllers to work. -- Access to the Internet is required for some of our automation to pull artifacts from the registry or get new certificates from Let's Encrypt. It's possible to configure an egress HTTP proxy to control the traffic. You can check the list of domains that need to be accessible [here]({{< relref "/vintage/platform-overview/security/cluster-security/domain-allowlist/#on-premise-installations" >}}). +- Access to the Internet is required for some of our automation to pull artifacts from the registry or get new certificates from Let's Encrypt. It's possible to configure an egress HTTP proxy to control the traffic. You can check the list of domains that need to be accessible [here]({{< relref "/overview/security/domain-allowlist/#on-premise-installations" >}}). ## Step 2: Permissions @@ -54,13 +54,13 @@ To obtain the credentials, you need to create a new role by browsing to `Adminis ## Step 3: Virtual machine templates -To provision the virtual machines (VMs) for the cluster nodes, the necessary `vApp templates` must be provided in the `giantswarm` organization's catalog. The templates use a convention with the Linux distribution and Kubernetes version on the name (for example `flatcar-stable-3815.2.1-kube-v1.25.16`). +To provision the virtual machines (VMs) for the cluster nodes, the necessary `vApp templates` must be provided in the `giantswarm` organization's catalog. The templates use a convention with the Linux distribution and Kubernetes version on the name (for example `flatcar-stable-xxxx.y.z-kube-x.yy.zz-tooling-x.yy.1-gs`). -__Note__: Our engineers can upload the `vApp templates` to the `giantswarm` catalog or provide you with them, as uploads can fail over a WAN connection in some VCD environments. +__Note__: Our engineers can upload the `vApp templates` to the `giantswarm` catalog, or they can provide them to you if uploads fail over a WAN connection like in some VCD environments. ## Step 4: Virtual machine sizing -To define the set of instance types available to the users when deploying clusters, you need to prepare the [virtual machine sizing policies](https://docs.vmware.com/en/VMware-Cloud-Director/10.4/VMware-Cloud-Director-Service-Provider-Admin-Portal-Guide/GUID-F6719175-7A29-42CA-BB00-A6BDC22B3EEC.html). You can choose the name and size of these policies, but we propose the following ones as a recommendation +To define the set of instance types available to the users when deploying clusters, you need to prepare the [virtual machine sizing policies](https://docs.vmware.com/en/VMware-Cloud-Director/10.4/VMware-Cloud-Director-Service-Provider-Admin-Portal-Guide/GUID-F6719175-7A29-42CA-BB00-A6BDC22B3EEC.html). You can choose the name and sizes of these policies, but we propose the following ones as a starting point | Name | vCPU | Memory | |------|------|--------| @@ -70,7 +70,7 @@ To define the set of instance types available to the users when deploying cluste | m1.xlarge | 8 | 16GB | | m1.2xlarge | 16 | 64GB | -After all requirements are met, you can [create your first cluster following this guide]({{< relref "/vintage/getting-started/create-workload-cluster" >}}). +After all requirements are met, you can [create your first cluster following this guide]({{< relref "/getting-started/provision-your-first-workload-cluster/" >}}). ## Next step diff --git a/src/content/getting-started/prepare-your-provider-account/vmware-cloud-director/vcd-networking.png b/src/content/getting-started/prepare-your-provider-infrastructure/vmware-cloud-director/vcd-networking.png similarity index 100% rename from src/content/getting-started/prepare-your-provider-account/vmware-cloud-director/vcd-networking.png rename to src/content/getting-started/prepare-your-provider-infrastructure/vmware-cloud-director/vcd-networking.png diff --git a/src/content/getting-started/prepare-your-provider-account/vmware-vsphere/_index.md b/src/content/getting-started/prepare-your-provider-infrastructure/vmware-vsphere/_index.md similarity index 71% rename from src/content/getting-started/prepare-your-provider-account/vmware-vsphere/_index.md rename to src/content/getting-started/prepare-your-provider-infrastructure/vmware-vsphere/_index.md index 15bf5098bf..e08ce56211 100644 --- a/src/content/getting-started/prepare-your-provider-account/vmware-vsphere/_index.md +++ b/src/content/getting-started/prepare-your-provider-infrastructure/vmware-vsphere/_index.md @@ -1,14 +1,14 @@ --- -title: Prepare your provider account for VMware vSphere -linkTitle: Prepare your vSphere account +title: Prepare your provider environment for VMware vSphere +linkTitle: Prepare your vSphere environment description: Prepare your VMware vSphere setup to start building your cloud-native developer platform with Giant Swarm. -weight: 10 -last_review_date: 2024-05-17 +weight: 40 +last_review_date: 2024-11-28 owner: - https://github.com/orgs/giantswarm/teams/sig-docs user_questions: - - How do I prepare my VMware vSphere account for the cloud-native developer platform? - - What do I need to do to prepare my VMware vSphere account for the cloud-native developer platform? + - How do I prepare my vSphere environment for the cloud-native developer platform? + - What do I need to do to prepare my vSphere environment for the cloud-native developer platform? --- In order to run the Giant Swarm platform in your VMware vSphere environment, several prerequisites must be satisfied to support Cluster API Provider VMware Cloud Director (CAPVCD). @@ -33,13 +33,15 @@ It's recommended to create one resource pool across the hosts where the workload ## Step 1: Networking -In the cluster definition, you need to specify a network for the controller to provision the default gateway and connect the virtual machines (VMs). The DHCP service must be enabled on this network to assign IP addresses to the cluster nodes automatically. +The network must have: -__Warning__: In case you plan to use several networks on the cluster please contact Giant Swarm support to discuss the network configuration. +- DHCP enabled. +- Access to vCenter endpoint on port `443` so the controllers can manage the cluster's lifecycle. +- Access to internet on port `443` to pull artifacts from our repositories, download CVE databases, pull container images, etc. You can whitelist the domains in this [domain allow list]({{ relref "/overview/security/domain-allowlist" }}). Note that we also support authenticated HTTP proxies. -The cluster nodes must have access to the vCenter endpoint on port `443` so the controllers can manage the cluster's lifecycle. At the same time, they must have access to the Internet on port `443` to pull artifacts from our repositories, download CVE databases, pull container images, etc. We support authenticated HTTP proxies and provide a [domain allowing list](https://docs.giantswarm.io/vintage/platform-overview/security/cluster-security/domain-allowlist/) to guide you to configure the company's firewall. +**Warning**: In case you plan to use several networks on the cluster please contact Giant Swarm support to discuss the network configuration. -A vSphere environment has no concept of the load balancer, which Kubernetes requires to expose services of the type load balancer and the API in a highly available mode. As a result, the Cluster API implementation includes `kube-vip`, a layer-2 load balancer to address all environments. The other option is to use NSX Advanced Load Balancer when available in your environment. +A vSphere environment has no concept of load balancer, which Kubernetes requires to expose services of type load balancer, and the API in a highly available mode. As a result, we include `kube-vip`, a layer-2 load balancer to address all environments. The other option is to use NSX Advanced Load Balancer when available in your environment. {{< tabs >}} {{< tab id="flags-kubevip" title="kube-vip">}} @@ -72,10 +74,9 @@ The `controller` in NSX ALB plays a pivotal role. It's responsible for communica The Cluster API controller that provisions the infrastructure in the vSphere environment needs a role with a set of permissions. To follow the principle of least privilege, it's recommended that a specific user and role be created for the controller. -> [!CAUTION] -> The password mustn’t contain ` \ ` (backslash) characters. Ideally restrict special characters to ` . , ! ? - ` +**Warning**: The password may not contain `\` (backslash) characters. Ideally restrict special characters to ` . , ! ? - ` -__Note__: The user creation is out of the scope of this document, but you can follow the [official VMware documentation](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-authentication/GUID-31F302A6-D622-4FEC-9007-EE3BA1205AEA.html) in case you need help. +**Note**: The user creation is out of the scope of this document, but you can follow the [official VMware documentation](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-authentication/GUID-31F302A6-D622-4FEC-9007-EE3BA1205AEA.html) in case you need help. Create the user role browsing to `Administration > Access Control > Roles`and clicking `NEW`. The role must have at least the following permissions: @@ -89,7 +90,8 @@ Create the user role browsing to `Administration > Access Control > Roles`and cl | `Sessions` | `Message`
`Validate session` | | `Profile driven storage` _(vSphere 7)_
`VM storage policies` _(vSphere 8)_ | `Profile-driven storage view`
`View VM storage policies` | | `vApp` | `Import` | -| `Virtual machine` | `Change Configuration`
`- Add existing disk`
`- Add new disk`
`- Add or remove device`
`- Advanced configuration`
`- Change CPU count`
`- Change Memory`
`- Change Settings`
`- Configure Raw device`
`- Extend virtual disk`
`- Modify device settings`
`- Remove disk`
`-Rename`
`Edit inventory`
`- Create from existing`
`- Create new`
`- Remove`
`Interaction`
`- Power off`
`- Power on`
`Provisioning`
`- Clone template`
`- Customize guest`
`- Deploy template`
`- Mark as template`
`- Mark as virtual machine` | +| `vSphere Tagging` | `Assign or Unassign vSphere Tag`
`Assign or Unassign vSphere Tag on Object` | +| `Virtual machine` | `Change Configuration`
`- Add existing disk`
`- Add new disk`
`- Add or remove device`
`- Advanced configuration`
`- Change CPU count`
`- Change Memory`
`- Change Settings`
`- Configure Raw device`
`- Extend virtual disk`
`- Modify device settings`
`- Remove disk`
`-Rename`
`Edit inventory`
`- Create from existing`
`- Create new`
`- Remove`
`Interaction`
`- Console interaction`
`- Power off`
`- Power on`
`Provisioning`
`- Clone template`
`- Customize guest`
`- Deploy template`
`- Mark as template`
`- Mark as virtual machine` | Apart of the permissions you need to assign the role to the following objects: @@ -104,11 +106,11 @@ Apart of the permissions you need to assign the role to the following objects: | Distributed Switch | | | VM and Template folders | Yes | -__Warning__: In case you want to leverage failure domains at the host level where a group of hosts is a failure domain (data centers, racks, PDU distribution, Etcd), Cluster API implementation needs permissions to work with `anti-affinity` rules. As a result the role requires the following permissions: `Host > Edit > Modify cluster`. +**Warning**: In case you want to use failure domains at the host level where a group of hosts is a failure domain (data centers, racks, PDU distribution, Etcd), Cluster API implementation needs permissions to work with `anti-affinity` rules. As a result the role requires the following permissions: `Host > Edit > Modify cluster`. ## Step 3: Virtual machine templates -To provision the virtual machines (VMs) for the cluster nodes, Giant Swarm needs permissions to upload `VM templates` to vCenter Server. The templates use a convention with the Linux distribution and Kubernetes version on the name (for example `flatcar-stable-3815.2.1-kube-v1.25.16`). +To provision the virtual machines (VMs) for the cluster nodes, Giant Swarm needs permissions to upload `VM templates` to vCenter Server (included in the table above). The templates use a convention with the Linux distribution and Kubernetes version on the name (for example `flatcar-stable-xxxx.y.z-kube-x.yy.zz-tooling-x.yy.1-gs`). ## Next step diff --git a/src/content/getting-started/prepare-your-provider-account/vmware-vsphere/capv-kubevip-excalidraw.png b/src/content/getting-started/prepare-your-provider-infrastructure/vmware-vsphere/capv-kubevip-excalidraw.png similarity index 100% rename from src/content/getting-started/prepare-your-provider-account/vmware-vsphere/capv-kubevip-excalidraw.png rename to src/content/getting-started/prepare-your-provider-infrastructure/vmware-vsphere/capv-kubevip-excalidraw.png diff --git a/src/content/getting-started/prepare-your-provider-account/vmware-vsphere/capv-kubevip-ipam-excalidraw.png b/src/content/getting-started/prepare-your-provider-infrastructure/vmware-vsphere/capv-kubevip-ipam-excalidraw.png similarity index 100% rename from src/content/getting-started/prepare-your-provider-account/vmware-vsphere/capv-kubevip-ipam-excalidraw.png rename to src/content/getting-started/prepare-your-provider-infrastructure/vmware-vsphere/capv-kubevip-ipam-excalidraw.png diff --git a/src/content/getting-started/prepare-your-provider-account/vmware-vsphere/capv-nsxalb-excalidraw.png b/src/content/getting-started/prepare-your-provider-infrastructure/vmware-vsphere/capv-nsxalb-excalidraw.png similarity index 100% rename from src/content/getting-started/prepare-your-provider-account/vmware-vsphere/capv-nsxalb-excalidraw.png rename to src/content/getting-started/prepare-your-provider-infrastructure/vmware-vsphere/capv-nsxalb-excalidraw.png diff --git a/src/content/getting-started/provision-your-first-workload-cluster/_index.md b/src/content/getting-started/provision-your-first-workload-cluster/_index.md index 19b622d646..43c4ab35fa 100644 --- a/src/content/getting-started/provision-your-first-workload-cluster/_index.md +++ b/src/content/getting-started/provision-your-first-workload-cluster/_index.md @@ -1,14 +1,15 @@ --- title: Create a first workload cluster description: Experience configuring and provisioning your first workload cluster using the platform API. -weight: 40 -last_review_date: 2024-08-21 +weight: 30 +last_review_date: 2024-11-28 menu: principal: parent: getting-started identifier: getting-started-provision-cluster owner: - - https://github.com/orgs/giantswarm/teams/sig-docs + - https://github.com/orgs/giantswarm/teams/team-rocket + - https://github.com/orgs/giantswarm/teams/team-phoenix user_questions: - How do I configure and provision my first workload cluster? - What do I need to do to configure and provision my first workload cluster? @@ -44,7 +45,7 @@ kubectl gs template cluster \ You can select the AWS account by specifying the `aws-cluster-role-identity-name` argument when templating the cluster. -The name passed to `aws-cluster-role-identity-name` must match the name of [an existing `AWSClusterRoleIdentity`]({{< relref "getting-started/prepare-your-provider-account/aws/#configure-cluster-role-identity" >}}). +The name passed to `aws-cluster-role-identity-name` must match the name of [an existing `AWSClusterRoleIdentity`]({{< relref "getting-started/prepare-your-provider-infrastructure/aws/#configure-cluster-role-identity" >}}). ```sh kubectl gs template cluster \ @@ -73,7 +74,7 @@ kubectl gs template cluster \ You can select the AWS account by specifying the `aws-cluster-role-identity-name` argument when templating the cluster. -The name passed to `aws-cluster-role-identity-name` must match the name of [an existing `AWSClusterRoleIdentity`]({{< relref "getting-started/prepare-your-provider-account/aws/#configure-cluster-role-identity" >}}). +The name passed to `aws-cluster-role-identity-name` must match the name of [an existing `AWSClusterRoleIdentity`]({{< relref "getting-started/prepare-your-provider-infrastructure/aws/#configure-cluster-role-identity" >}}). ```sh kubectl gs template cluster \ diff --git a/src/content/getting-started/secure-your-app/_index.md b/src/content/getting-started/secure-your-app/_index.md deleted file mode 100644 index 3d73e1c517..0000000000 --- a/src/content/getting-started/secure-your-app/_index.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Secure your app -description: Learn how to secure and protect your application on the Giant Swarm platform. -weight: 70 -last_review_date: 2024-10-08 -owner: - - https://github.com/orgs/giantswarm/teams/sig-docs -user_questions: - - How do I observe the platform metrics and logs for my application? - - What do I need to do to observe the platform metrics and logs for my application? ---- - - - -## Requirements - - - -## Step 1: To be determined - - - -## Step 2: To be determined - - - -## Next step - -Journey ends here but we can point to tutorials diff --git a/src/content/getting-started/understand-connectivity/_index.md b/src/content/getting-started/understand-connectivity/_index.md index e9d0695c7e..3e25780f18 100644 --- a/src/content/getting-started/understand-connectivity/_index.md +++ b/src/content/getting-started/understand-connectivity/_index.md @@ -1,8 +1,8 @@ --- title: Control the application connectivity description: Understand how basic connectivity works in the platform and which options are available for exposing your app. -weight: 60 -last_review_date: 2024-09-01 +weight: 50 +last_review_date: 2024-11-28 menu: principal: parent: getting-started diff --git a/src/content/meta/shared-installation.md b/src/content/meta/shared-installation.md index 01f4c0c988..e85a16387a 100644 --- a/src/content/meta/shared-installation.md +++ b/src/content/meta/shared-installation.md @@ -52,13 +52,13 @@ Together, you and Giant Swarm agree on a project. You have an account engineer a ### Pick an organization name -It's up to you to decide for an organization name that represents you as a company, business unit, or team. Please take our [naming conventions]({{< relref "/vintage/platform-overview/multi-tenancy#naming-conventions" >}}) into account. +It's up to you to decide for an organization name that represents you as a company, business unit, or team. Please take our [naming conventions]({{< relref "/overview/fleet-management/multi-tenancy#naming-conventions" >}}) into account. ### Prepare a cloud provider account To create and manage workload clusters on your behalf, our team ask you to prepare some configuration, roles, and quotas in your cloud provider account. -Find our detailed guides both for [AWS]({{< relref "/getting-started/prepare-your-provider-account/aws" >}}) and [Azure]({{< relref "/getting-started/prepare-your-provider-account/azure" >}}). Note **the account is only needed for the workload clusters**, but not for a management cluster in the case of a shared installation. +Find our detailed guides both for [AWS]({{< relref "/getting-started/prepare-your-provider-infrastructure/aws" >}}) and [Azure]({{< relref "/getting-started/prepare-your-provider-infrastructure/azure" >}}). Note **the account is only needed for the workload clusters**, but not for a management cluster in the case of a shared installation. When done, hand the account information to your Account Engineer at Giant Swarm. diff --git a/src/content/overview/architecture/_index.md b/src/content/overview/architecture/_index.md index ec744fa739..cebeccb28e 100644 --- a/src/content/overview/architecture/_index.md +++ b/src/content/overview/architecture/_index.md @@ -11,10 +11,10 @@ user_questions: - What is the architecture of the Giant Swarm cloud-native developer platform? owner: - https://github.com/orgs/giantswarm/teams/team-planeteers -last_review_date: 2024-11-04 +last_review_date: 2024-11-29 --- -Giant Swarm's cloud-native developer platform integrates open-source components that work together to provide a seamless experience for managing the lifecycle of containerized applications. The platform is based on Kubernetes and designed to be cloud-agnostic, allowing you to deploy your applications on any of the supported cloud providers, including on-premises. The interfaces allow development teams and automation to deploy applications, keep the clusters secure, and use other capabilities that we explain below. On top, you benefit from our strong support model that ensures your long-term success and stability of workloads. +Giant Swarm's cloud-native developer platform integrates open-source components that work together to provide a seamless experience for managing the lifecycle of containerized applications. The platform is based on Kubernetes and designed to be cloud-agnostic, allowing you to deploy your applications on any of the supported cloud providers, including on-premises. The interfaces allow development teams and automation to deploy applications, keep the clusters secure, and use other capabilities that are explained below. On top, you benefit from our strong support model that ensures your long-term success and stability of workloads. ## Platform architecture @@ -27,7 +27,7 @@ The platform architecture consists of the following layers: - Capabilities: features offered by the platform, such as application deployment, autoscaling, security or observability. -- Infrastructure: the Kubernetes-based platform can manage clusters on several cloud providers. We support AWS, Azure, VMware (on-premises) or a mixture thereof ("hybrid"). +- Infrastructure: the Kubernetes-based platform can manage clusters on several cloud providers. The product supports AWS, Azure, VMware (on-premises) or a mixture thereof ("hybrid"). Along these layers, Giant Swarm provides a live support channel, incident management, and good documentation to help you get the most out of the platform. Additionally, you have a dedicated account engineer to help create a common roadmap and to provide guidance on how to use the platform for your goals. @@ -61,11 +61,11 @@ Single Sign-On (SSO) simplifies user authentication across your use of the Giant ## Network and connectivity -The different technologies used in the Giant Swarm platform provide you with a secure and reliable network and connectivity between your applications and services. Platform engineers can create network policies to control traffic flows and enforce security rules, ensuring that data is protected and isolated. Relying on the built-in networking capabilities of `Kubernetes` as well as the extended capabilities of `Cilium CNI`, the platform supports many routing and load balancing strategies, ingress and egress capabilities, enabling seamless communication between services and applications. +The different technologies used in the Giant Swarm platform provide you with a secure and reliable network and connectivity between your applications and services. Platform engineers can create network policies to control traffic flows and enforce security rules, ensuring that data is protected and isolated. Relying on the built-in networking capabilities of `Kubernetes` as well as the extended capabilities of `Cilium CNI`, the platform supports many routing and load balancing strategies, ingress and egress capabilities, enabling seamless communication between services and applications. [Learn more about connectivity]({{< relref "overview/connectivity/" >}}). ## Platform security -Platform security is a critical aspect on the Giant Swarm platform, encompassing various components to ensure the safety and integrity of systems. [Kyverno](https://www.cncf.io/projects/kyverno/) plays a pivotal role as a policy engine by establishing, enforcing, and automating security policies across all your environments. These policies govern access controls, resource configurations, and compliance requirements, ensuring that all your workloads adhere to organizational and regulatory standards. On top of that, the platform provides intrusion detection, vulnerability scanning, and automated threat response capabilities thanks to [Falco](https://www.cncf.io/projects/falco/) and [Trivy](https://www.cncf.io/online-programs/trivy-open-source-scanner-for-container-images-just-download-and-run/). +Platform security is a critical aspect on the Giant Swarm platform, encompassing various components to ensure the safety and integrity of systems. [Kyverno](https://www.cncf.io/projects/kyverno/) plays a pivotal role as a policy engine by establishing, enforcing, and automating security policies across all your environments. These policies govern access controls, resource configurations, and compliance requirements, ensuring that all your workloads adhere to organizational and regulatory standards. On top of that, the platform provides intrusion detection, vulnerability scanning, and automated threat response capabilities thanks to [Falco](https://www.cncf.io/projects/falco/) and [Trivy](https://www.cncf.io/online-programs/trivy-open-source-scanner-for-container-images-just-download-and-run/). Discover more about the platform security features in our [security overview]({{< relref "/overview/security" >}}). ## Cost management @@ -73,12 +73,12 @@ Cost control is becoming increasingly important as organizations seek to optimiz ## Automatic cluster management -Based on `Cluster API` and other operators, the Giant Swarm platform provides automated provisioning, scaling, (planned) upgrading and deletion of clusters, reducing the operational burden on your team. The platform ensures clusters are always running optimally and securely, allowing developers to focus on building and deploying applications without worrying about underlying infrastructure management. In addition, special capabilities such as private clusters and routing are possible, allowing you to integrate the platform in your existing networks. +Based on `Cluster API` and other operators, the Giant Swarm platform provides automated provisioning, scaling, (planned) upgrading and deletion of clusters, reducing the operational burden on your team. The platform ensures clusters are always running optimally and securely, allowing developers to focus on building and deploying applications without worrying about underlying infrastructure management. In addition, special capabilities such as private clusters and routing are possible, allowing you to integrate the platform in your existing networks. Check all the information on [cluster management]({{< relref "/tutorials/fleet-management/cluster-management" >}}) section. ## Cluster scaling -One of the key features of the Giant Swarm platform is the ability to scale clusters automatically. It allows for dynamic adjustment of resources based on demand, supporting both horizontal and vertical scaling, ensuring applications have the necessary resources to handle varying workloads. By automating the scaling process, the platform helps maintain performance and reliability while optimizing resource utilization and cost. +One of the key features of the Giant Swarm platform is the ability to scale clusters automatically. It allows for dynamic adjustment of resources based on demand, supporting both horizontal and vertical scaling, ensuring applications have the necessary resources to handle varying workloads. By automating the scaling process, the platform helps maintain performance and reliability while optimizing resource utilization and cost. Learn how to configure [cluster scaling]({{< relref "/tutorials/fleet-management/cluster-management/cluster-scaling/" >}}). ## Cloud resources provisioning -Most likely, you have already external cloud resources which could be managed by the platform. Thanks to [Crossplane](https://www.cncf.io/projects/crossplane/) included in the management API, you can include all your infrastructure, such as databases, queues or buckets, as part of the platform, relying on the same principles `Kubernetes` offers. Centralizing the management of all the infrastructure in a single place, helps you reduce the operational overhead and offer a self-service experience to your developers. +Most likely, you have already external cloud resources which could be managed by the platform. Thanks to [Crossplane](https://www.cncf.io/projects/crossplane/) included in the platform API, you can include all your infrastructure, such as databases, queues or buckets, as part of the platform, relying on the same principles `Kubernetes` offers. Centralizing the management of all the infrastructure in a single place, helps you reduce the operational overhead and offer a self-service experience to your developers. Learn how to [provision cloud resources with Crossplane]({{< relref "/tutorials/fleet-management/infrastructure-management/crossplane" >}}). diff --git a/src/content/overview/architecture/authentication/_index.md b/src/content/overview/architecture/authentication/_index.md index 447aa064e7..3e01256331 100644 --- a/src/content/overview/architecture/authentication/_index.md +++ b/src/content/overview/architecture/authentication/_index.md @@ -25,13 +25,13 @@ Dex acts as a portal to other identity providers (idP) through connectors. The s ### Authorization: Platform API -We utilize Kubernetes-native RBAC to control access to resources in the platform API. Resources are segregated into organizations, each represented by a dedicated namespace, enabling improved access control. This approach allows for fine-grained permissions at both the organization and namespace levels. For more detailed information on this topic, you can refer to our comprehensive [multi-tenancy documentation](https://docs.giantswarm.io/vintage/platform-overview/multi-tenancy/). +We utilize Kubernetes-native RBAC to control access to resources in the platform API. Resources are segregated into organizations, each represented by a dedicated namespace, enabling improved access control. This approach allows for fine-grained permissions at both the organization and namespace levels. For more detailed information on this topic, you can refer to our comprehensive [multi-tenancy documentation]({{< relref "/overview/fleet-management/multi-tenancy" >}}). ## Workload Cluster ### Authentication: Workload Cluster -For the workload cluster - where you run your applications - we don't enforce any specific OpenID Connect (OIDC) tool to enable single sign-on (SSO). However, if you wish to implement SSO for accessing your workload cluster, we provide a detailed guide on how to configure Dex for this purpose, you can follow our comprehensive guide: [Configure OIDC using Dex to access your clusters](https://docs.giantswarm.io/vintage/advanced/access-management/configure-dex-in-your-cluster/). +For the workload cluster - where you run your applications - we don't enforce any specific OpenID Connect (OIDC) tool to enable single sign-on (SSO). However, if you wish to implement SSO for accessing your workload cluster, we provide a detailed guide on how to configure Dex for this purpose, you can follow our comprehensive guide: [Configure OIDC using Dex to access your clusters]({{< relref "/vintage/advanced/access-management/configure-dex-in-your-cluster/" >}}). ### Authorization: Workload Cluster diff --git a/src/content/vintage/platform-overview/security/operational-layers/index.md b/src/content/overview/architecture/operational-layers/index.md similarity index 50% rename from src/content/vintage/platform-overview/security/operational-layers/index.md rename to src/content/overview/architecture/operational-layers/index.md index bb9359a593..527b40870a 100644 --- a/src/content/vintage/platform-overview/security/operational-layers/index.md +++ b/src/content/overview/architecture/operational-layers/index.md @@ -6,7 +6,7 @@ weight: 20 menu: main: parent: platform-overview-security -last_review_date: 2023-12-11 +last_review_date: 2024-12-04 user_questions: - What are the Giant Swarm operational layers? - Why does Giant Swarm use several operational layers? @@ -31,38 +31,37 @@ owner: - https://github.com/orgs/giantswarm/teams/team-planeteers --- -A Giant Swarm installation has several operational layers. At Giant Swarm we use the term operational layers in order to indicate the different layers of code that may require access by different users for different activities. Operational layers in this context are in effect a representation of a separation of concerns both on an operational and on a security level. In this document we will define the layers and explain the operational model. +A Giant Swarm installation has several operational layers. At Giant Swarm we use the term operational layers in order to indicate the different layers of the system that may require access by different users for different activities. Operational layers in this context are in effect a representation of a separation of concerns both on an operational and on a security level. In this document we will define the layers and explain the operational model. ## Operational layers We will go through the operational layers one by one from the bottom (infrastructure) to the top (user space) and explain the intended operational model by defining (typical) users and permission levels. The layers are: 1. [Infrastructure](#infrastructure) -2. [Giant Swarm management cluster](#management-cluster) -3. [Giant Swarm REST API](#giant-swarm-api) -4. [User Space](#userspace) +2. [Giant Swarm management cluster and Platform API](#management-cluster) +3. [User Space](#userspace) ### Infrastructure {#infrastructure} -The infrastructure layer covers the area on top of actual (or virtual) machines, networking, etc., which is managed by Giant Swarm SREs (Site Reliability Engineers). It is usually accessed through VPN and bastion hosts as well as through the cloud provider APIs if applicable. +The infrastructure layer covers the area on top of actual (or virtual) machines, networking, etc., which is managed by Giant Swarm SREs (Site Reliability Engineers). It is usually accessed through VPN and bastion hosts as well as through the cloud provider APIs if applicable. In most installations there's also ssh access through [Teleport]({{< relref "/vintage/platform-overview/security/cluster-security/cluster-access/#admin-access-via-teleport" >}}). This layer does not include the actual hardware and maintenance of the data center. This is either covered by the (internal or external) data center provider or by the cloud provider. -On this layer, Giant Swarm SREs have root level SSH access to everything that pertains to a Giant Swarm installation. This is facilitated by a Single Sign On (SSO) mechanism including MFA (multi-factor authentication). On the cloud they additionally have access to the cloud account/subscription through a role to set up and manage the cloud resources. +On this layer, Giant Swarm SREs have root level SSH access to everything that pertains to a Giant Swarm installation. This is facilitated by a Single Sign On (SSO) mechanism including MFA (multi-factor authentication) - in most cases using through Teleport, which keeps access auditable. On the cloud they additionally have access to the cloud account/subscription through a role to set up and manage the cloud resources. ### Giant Swarm management cluster {#management-cluster} The Giant Swarm management cluster consists mainly of services running inside the management cluster. -Network access to the Management API is allowed only through Giant Swarm VPN and customer VPN. +Network access to the Platform API is allowed only through the respective customer network or VPN as well as Teleport or the Giant Swarm VPN. -Giant Swarm SREs and operations personnel have cluster admin access to the Management API through a tunnel. It is facilitated by SSO with MFA, as described above. +Giant Swarm SREs and operations personnel have cluster admin access to the Platform API through a VPN or Teleport tunnel. Authentication is facilitated by SSO with MFA, as described above. -A customer has *tenant admin* and *view* access via OpenID Connect (OIDC), configured towards the supported identity provider. +A customer has *tenant admin* and *view* access via OpenID Connect (OIDC), integrated with the respective customer identity provider and bound to respective user groups there. -#### Management API access for Customers +#### Platform API access for Customers -The Kubernetes API on every management cluster has [dex](https://github.com/dexidp/dex) installed as an OIDC issuer. Dex is configured with an identity provider chosen by the customer. A list of supported providers can be found in the [dex github repository](https://github.com/dexidp/dex/tree/master/connector). +The Platform API is basically the Kubernetes API on every management cluster. It has [dex](https://github.com/dexidp/dex) installed as an OIDC issuer. Dex is configured with an identity provider chosen by the customer. A list of supported providers can be found in the [dex GitHub repository](https://github.com/dexidp/dex/tree/master/connector). ##### Authorization @@ -72,41 +71,30 @@ With a valid *jwt* token, received from your chosen identity provider, customers - *get*/*list*/*watch* access to all resources in the management cluster, except for `configmaps` and `secrets`. - *get*/*list*/*watch* access to all resources (including `configmaps` and `secrets`) in workload cluster namespaces. - *admin* - - full access, to the `cluster`, `node pool`, `appcatalogs` and `apps` resources of management cluster Kubernetes. + - full access, to the `cluster`, `node pool`, `appcatalogs` and `apps` resources of the management cluster. - includes *view* level access. -### Giant Swarm REST API {#giant-swarm-api} +There's a possibility for admins to create sub-roles to give other users within their organization access to Platform API features. As the API is a Kubernetes API, this is facilitated with standard RBAC role definitions. -The [Giant Swarm REST API](/api/) is a customer facing API that is usually whitelisted for only a certain IP range within the customer's network. This layer covers the API itself, and its client manifestations in the form of the Giant Swarm Web UI and `gsctl` CLI. +This enables use cases where the central platform team can give limited access to sub-teams like and observability team, but also go as far as to give end user developers access to certain resources and use the Platform API as the API to their own Developer Platform. -On this layer there are two levels of access: - -#### 1. Giant Swarm REST API admin - -This access level is reserved for Giant Swarm operations and support personnel and like the above layers is facilitated by SSO with MFA. - -Admin users have access to all organizations and all clusters in the Giant Swarm installation. - -#### 2. Giant Swarm REST API user - -This is the standard type of Giant Swarm REST API user that is given out to DevOps/Operations personnel on the customer side. Usually that covers only few users that are tasked with cluster creation and management. - -Such users have access to all clusters in the organizations they belong to. They can create new clusters and organizations as well as manage or delete cluster and organization that they are part of. They can be considered multi-cluster admins. +Additionally, the Platform API includes a concept called organizations, which are special namespaces that can hold clusters and their apps, and are used to create a level of multi-tenancy within the Platform API. Tenant admins can create such organizations and bind users and user groups to them, so that action of these users are limited to the resources in the organizations they are part of. ### User space {#userspace} The user space layer is defined as the layer pertaining to a single workload cluster Kubernetes API. Workload clusters are the Kubernetes clusters that run your workloads. -Users on this level are either created by a Giant Swarm REST API user (in form of key pairs) or managed in an external identity provider (IdP), like [Azure Active Directory]({{< relref "/vintage/advanced/access-management/authentication-azure-ad" >}}) or any other OIDC-compliant IdP. +Tenant admins can manage access to workload clusters through different mechanisms: + +They can create certificate-based access using the kubectl gs CLI. Using this access should be time-limited to set up RBAC roles and bindings for Service Accounts and OIDC users. -However, a user with access to the Kubernetes API does not gain any permisssions by default, as the clusters are locked down by RBAC. To provide access, a cluster admin first needs to create roles and bindings for the users. These roles can be defined as narrowly or broadly as needed for the specific Tenant Kubernetes Cluster. They can be bound to either single users or groups of them. +End users on this level are then created by a Tenant admin either as Service Accounts inside the workload cluster or managed in an external identity provider (IdP), like [Azure Active Directory]({{< relref "/vintage/advanced/access-management/authentication-azure-ad" >}}) or any other OIDC-compliant IdP. -This enables the customer to individually set up their user management according to the needs of their organization. The configuration for this can be kept in version control and needs to be done by an initial cluster admin user, which can be created by the Giant Swarm REST API user mentioned above. +However, a user with access to the Kubernetes API does not gain any permissions by default, as the clusters are locked down using RBAC. To provide access, a cluster admin needs to create roles and bindings for the users. These roles can be defined as narrow or broad as needed for the specific cluster. They can be bound to either single users or groups of them. -Giant Swarm operational layers are the means which we use to keep a separation of concerns between different users of the Giant Swarm platform. This reduces burden from an operational perspective as well as enhancing security. +This enables the customer to individually set up their user management according to the needs of their organization. The configuration for this can be kept in version control and needs to be done by an initial cluster admin user. ## Further reading - [Securing your Cluster with RBAC and PSP]({{< relref "/vintage/getting-started/security" >}}) -- [Creating a kubeconfig with gsctl]({{< relref "/vintage/use-the-api/gsctl/create-kubeconfig" >}}) -- [Creating a key pair with gsctl]({{< relref "/vintage/use-the-api/gsctl/create-keypair" >}}) +- [Creating a client certificate for workload cluster access]({{< relref "/reference/kubectl-gs/login/#workload-cluster-client-certificate" >}}) diff --git a/src/content/overview/fleet-management/app-management/index.md b/src/content/overview/fleet-management/app-management/index.md index e36415d69c..0eb5cc9e0c 100644 --- a/src/content/overview/fleet-management/app-management/index.md +++ b/src/content/overview/fleet-management/app-management/index.md @@ -129,7 +129,7 @@ It’s possible to create your own `App Catalog`. This is useful if you want to You can interact with the Giant Swarm app platform through creating `App` custom resources using the platform API or the developer portal. -- [App CRD reference]({{< relref "/vintage/use-the-api/management-api/crd/apps.application.giantswarm.io.md" >}}) +- [App CRD reference]({{< relref "/reference/platform-api/crd/apps.application.giantswarm.io.md" >}}) - [The Giant Swarm developer portal]({{< relref "/overview/developer-portal/" >}}) As you have direct access to the platform API you can also interact with the above mentioned resources using `kubectl`, and automate them just as you have been automating other parts of your stack. And as Kubernetes resources and especially some custom resource definitions require lots of boilerplate and conventions, our team built a [kubectl plugin]({{< relref "/reference/kubectl-gs" >}}) to help you with that. diff --git a/src/content/overview/fleet-management/cluster-management/cluster-concepts/multi-account/_index.md b/src/content/overview/fleet-management/cluster-management/cluster-concepts/multi-account/_index.md index aa5cf9324d..42a837fd9d 100644 --- a/src/content/overview/fleet-management/cluster-management/cluster-concepts/multi-account/_index.md +++ b/src/content/overview/fleet-management/cluster-management/cluster-concepts/multi-account/_index.md @@ -41,9 +41,9 @@ In both cases, customers benefit from simpler usage and cost allocation, plus a Details of the implementation differ between AWS and Azure. -- On CAPA, Giant Swarms needs some role configuration in order to act in the workload cluster account: one for use by automation, one for technical support staff. Details on the exact permissions required can be found in our guide on [preparing an AWS account to run Giant Swarm workload clusters]({{< relref "/getting-started/prepare-your-provider-account/aws" >}}). +- On CAPA, Giant Swarms needs some role configuration in order to act in the workload cluster account: one for use by automation, one for technical support staff. Details on the exact permissions required can be found in our guide on [preparing an AWS account to run Giant Swarm workload clusters]({{< relref "/getting-started/prepare-your-provider-infrastructure/aws" >}}). -- On CAPZ, one service principal is configured for Giant Swarm, used by automation and technical support staff. Details can be found in our guide on [preparing an Azure subscription to run Giant Swarm workload clusters]({{< relref "/getting-started/prepare-your-provider-account/azure" >}}). +- On CAPZ, one service principal is configured for Giant Swarm, used by automation and technical support staff. Details can be found in our guide on [preparing an Azure subscription to run Giant Swarm workload clusters]({{< relref "/getting-started/prepare-your-provider-infrastructure/azure" >}}). ## Additional information {#details} @@ -59,12 +59,12 @@ To create clusters in a new cloud provider account, you first need to provide th To prepare your credentials, either as AWS account roles or as an Azure service principle, please follow our specific guides: -- [Prepare an AWS account to run Giant Swarm workload clusters]({{< relref "/getting-started/prepare-your-provider-account/aws" >}}) -- [Prepare an Azure subscription to run Giant Swarm workload clusters]({{< relref "/getting-started/prepare-your-provider-account/azure" >}}) +- [Prepare an AWS account to run Giant Swarm workload clusters]({{< relref "/getting-started/prepare-your-provider-infrastructure/aws" >}}) +- [Prepare an Azure subscription to run Giant Swarm workload clusters]({{< relref "/getting-started/prepare-your-provider-infrastructure/azure" >}}) Then when creating a cluster, you can specify the organization that should be used for the cluster. This can be done: -- In CAPA using the `AWSClusterRoleIdentity` like it's explained [here]({{< relref "/getting-started/prepare-your-provider-account/aws/#configure-cluster-role-identity" >}}). -- In CAPZ using the `AzureClusterIdentity` like it's explained [here]({{< relref "/getting-started/prepare-your-provider-account/azure/#configure-cluster-role-identity" >}}) command +- In CAPA using the `AWSClusterRoleIdentity` like it's explained [here]({{< relref "/getting-started/prepare-your-provider-infrastructure/aws/#configure-cluster-role-identity" >}}). +- In CAPZ using the `AzureClusterIdentity` like it's explained [here]({{< relref "/getting-started/prepare-your-provider-infrastructure/azure/#configure-cluster-role-identity" >}}) command __Note__: For sharing any secret with us please read [this article]({{< relref "/overview/security/sharing-secrets" >}}) first. diff --git a/src/content/overview/fleet-management/cluster-management/cluster-concepts/organizations/_index.md b/src/content/overview/fleet-management/cluster-management/cluster-concepts/organizations/_index.md index ca7eeb9cf7..ae013b836f 100644 --- a/src/content/overview/fleet-management/cluster-management/cluster-concepts/organizations/_index.md +++ b/src/content/overview/fleet-management/cluster-management/cluster-concepts/organizations/_index.md @@ -40,7 +40,7 @@ At Giant Swarm, for example, we run several shared installations where we allow If the concept of custom resources (CR) and custom resource definitions (CRD) is new to you: Kubernetes allows to define [arbitrary objects](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) to be handled via the Kubernetes API. The schema of such an object is specified by a custom resource definition. The actual objects are called the custom resources. -Giant Swarm management clusters provide a CRD named `Organization` (long form: `organizations.security.giantswarm.io`, [schema documentation]({{< relref "/vintage/use-the-api/management-api/crd/organizations.security.giantswarm.io.md" >}})). An organization is defined simply by a custom resource using that CRD, which we'll call an "organization CR" here for brevity. +Giant Swarm management clusters provide a CRD named `Organization` (long form: `organizations.security.giantswarm.io`, [schema documentation]({{< relref "/reference/platform-api/crd/organizations.security.giantswarm.io.md" >}})). An organization is defined simply by a custom resource using that CRD, which we'll call an "organization CR" here for brevity. The single most important aspect of an organization CR is its name. Therefore the CR looks as simple as this: @@ -82,11 +82,4 @@ We default to storing all resources of an organization in its organization `org- ## Managing organizations -Organizations can be managed in several ways. - - -- The [web user interface]({{< relref "/vintage/platform-overview/web-interface/organizations/_index.md" >}}) allows creating and deleting organizations interactively. - -- The [platform API]({{< relref "/vintage/use-the-api/management-api/_index.md" >}}) provides full, native support for managing all organization-related resources. - -In addition, we plan to enhance the `kubectl` user experience for organization management via our [`gs`]({{< relref "/reference/kubectl-gs/_index.md" >}}) plug-in. +The [platform API]({{< relref "/reference/platform-api" >}}) provides full, native support for managing all organization-related resources. diff --git a/src/content/overview/fleet-management/cluster-management/installation-name/index.md b/src/content/overview/fleet-management/cluster-management/installation-name/index.md new file mode 100644 index 0000000000..fd79af44ab --- /dev/null +++ b/src/content/overview/fleet-management/cluster-management/installation-name/index.md @@ -0,0 +1,43 @@ +--- +linkTitle: Installation names +title: Picking an installation name +description: Every Giant Swarm installation has a unique name. Learn the rules to select a proper name for a new installation. +weight: 100 +menu: + principal: + parent: overview-fleet-management-clusters + identifier: overview-fleet-management-clusters-installation-name +user_questions: + - How do I determine the name for my Giant Swarm installation / management cluster? +owner: + - https://github.com/orgs/giantswarm/teams/team-rocket + - https://github.com/orgs/giantswarm/teams/team-phoenix +last_review_date: 2024-11-28 +--- + +A Giant Swarm installation is the management cluster where all our platform components run. It's attached to a cloud provider account and region, or an on-premise data center, and it's the central point and API to use the platform capabilities. + +## Why an installation name + +Once a name is decided on, you will use it often in your communication with Giant Swarm. Of course, you can +also use it in your internal communication. + +For example, if the installation is called `panda`, it's easy to refer to a concrete workload cluster called `prod-eu1` as follows in chat: + +> Dear Giant Swarm support, we see this problem on panda/prod-eu1 + +## Criteria for good installation names + +There are many criteria which distinguish a good installation name. It should be easy to pronounce in an English language context, easy to type, and ideally easy to memorize. On the other hand, it shouldn't reveal information about you as a customer. + +The installation name can't be changed. So the best names are long-lasting, even in the case of context changes. Be aware you can change the purpose of the installation, or even a company name change. + +There is a GitHub repository with [installation name candidates](https://github.com/giantswarm/installation-names) available for you to pick from. The names offered there should fulfill all of our criteria for a name. + +## How to claim a name + +To claim a name for your new installation, please + +1. Browse the available names in the `.txt` files within the [installation-names](https://github.com/giantswarm/installation-names) repository and decide on a name. Feel free to pick the one you like best, for whatever reason. +2. Contact Giant Swarm support to ensure the name is still available and our team will reserve it for you. +3. Our team will remove the name from the list in the repository. diff --git a/src/content/overview/fleet-management/multi-tenancy/_index.md b/src/content/overview/fleet-management/multi-tenancy/_index.md index 7d8dddee28..7519596947 100644 --- a/src/content/overview/fleet-management/multi-tenancy/_index.md +++ b/src/content/overview/fleet-management/multi-tenancy/_index.md @@ -37,7 +37,7 @@ At Giant Swarm, for example, we run several shared installations where we allow If the concept of custom resources (CR) and custom resource definitions (CRD) is new to you, Kubernetes allows you to define [arbitrary objects](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) handled via the Kubernetes API. A custom resource definition specifies the schema of such an object. The actual objects are called the custom resources. -Giant Swarm management clusters provide a CRD named `Organization` (long form: `organizations.security.giantswarm.io`, [schema documentation]({{< relref "/vintage/use-the-api/management-api/crd/organizations.security.giantswarm.io.md" >}})). An organization is defined simply by a custom resource using that CRD, which we'll call an "organization CR" here for brevity. +Giant Swarm management clusters provide a CRD named `Organization` (long form: `organizations.security.giantswarm.io`, [schema documentation]({{< relref "/reference/platform-api/crd/organizations.security.giantswarm.io.md" >}})). An organization is defined simply by a custom resource using that CRD, which we'll call an "organization CR" here for brevity. The single most crucial aspect of an organization's CR is its name. Therefore, the CR looks as simple as this: diff --git a/src/content/overview/observability/logging/architecture/index.md b/src/content/overview/observability/logging/architecture/index.md index be6e989622..c2f7a815a9 100644 --- a/src/content/overview/observability/logging/architecture/index.md +++ b/src/content/overview/observability/logging/architecture/index.md @@ -63,11 +63,11 @@ The logging agents that we've deployed on management and workload clusters curre - Kubernetes Pod logs from the `kube-system` and `giantswarm` namespaces. - Kubernetes Events created in the `kube-system` and `giantswarm` namespaces. -- [Kubernetes audit logs]({{< relref "../../../vintage/getting-started/observability/logging/audit-logs#kubernetes-audit-logs" >}}) +- [Kubernetes audit logs]({{< relref "/vintage/getting-started/observability/logging/audit-logs#kubernetes-audit-logs" >}}) In the future, we will also store the following logs: -- [Machine (Node) audit logs]({{< relref "../../../vintage/getting-started/observability/logging/audit-logs#machine-audit-logs" >}}) +- [Machine (Node) audit logs]({{< relref "/vintage/getting-started/observability/logging/audit-logs#machine-audit-logs" >}}) - Teleport audit logs, tracked in https://github.com/giantswarm/roadmap/issues/3250 - Giant Swarm customer workload logs as part of our observability platform, tracked in https://github.com/giantswarm/roadmap/issues/2771 diff --git a/src/content/vintage/platform-overview/security/cluster-security/domain-allowlist/_index.md b/src/content/overview/security/domain-allowlist/_index.md similarity index 65% rename from src/content/vintage/platform-overview/security/cluster-security/domain-allowlist/_index.md rename to src/content/overview/security/domain-allowlist/_index.md index c513d62fd0..6698762994 100644 --- a/src/content/vintage/platform-overview/security/cluster-security/domain-allowlist/_index.md +++ b/src/content/overview/security/domain-allowlist/_index.md @@ -1,6 +1,6 @@ --- description: A list of all external domains Giant Swarm clusters need access to in order to function. -last_review_date: 2024-11-14 +last_review_date: 2024-11-29 linkTitle: Domain allowlist menu: main: @@ -12,24 +12,23 @@ weight: 40 user_questions: - What domains do Giant Swarm clusters need access to? aliases: + - /vintage/platform-overview/security/cluster-security/domain-allowlist/ - /platform-overview/security/cluster-security/domain-allowlist - - /security/domain-allowlist - - /reference/domain-allowlist/ --- -Below is a list of the external domains we require access to for our clusters to function. +List of the external domains we require access to for our clusters to function. -- alpinelinux.org +- `alpinelinux.org` - domains: - `*.alpinelinux.org` - Alpine container images may update their package index. -- amazonaws.com +- `amazonaws.com` - domains: - `*.amazonaws.com` - `ec2.eu-west-2.amazonaws.com` - `sts.eu-central-1.amazonaws.com` - - AWS services are used for a variety of tasks, such as etcd backup storage. -- azurecr.io + - AWS services are used for a variety of tasks, such as `etcd` backup storage. +- `azurecr.io` - domains: - `giantswarm.azurecr.io` - `giantswarmpublic.azurecr.io` @@ -37,127 +36,127 @@ Below is a list of the external domains we require access to for our clusters to - `gsociprivate.azurecr.io` - `.blob.core.windows.net` - `azure.microsoft.com` - - Container images and app catalogs are hosted on Azure Container Registry. -- auth0.com + - Container images and app catalogs are hosted on Azure container registry. +- `auth0.com` - domains: - `giantswarm.eu.auth0.com` - - Used to secure access to Grafana and Prometheus. -- cloudfront.net + - Used to secure access to `Grafana` and `Prometheus`. +- `cloudfront.net` - domains: - `*.cloudfront.net` - - Operators may pull from sites behind Cloudfront. -- docker.com + - Operators may pull from sites behind `Cloudfront`. +- `docker.com` - domains: - `*.docker.com` - `production.cloudflare.docker.com` - - Container images are hosted on Dockerhub. - - Dockerhub uses Cloudflare as the CDN for serving Docker Image layer blobs, manifests, etc. -- docker.io + - Container images are hosted on `Dockerhub`. + - `Dockerhub` uses `Cloudflare` as the `CDN` for serving Docker image layer blobs, manifests, etc. +- `docker.io` - domains: - `*.docker.io` - - Container images are hosted on Dockerhub. -- flatcar.com + - Container images are hosted on `Dockerhub`. +- `flatcar.com` - domains: - `*.flatcar-linux.org` - Flatcar OS images and signing keys. -- ghcr.io +- `ghcr.io` - domains: - `ghcr.io` - - Official Falco rules are hosted at `ghcr.io/falcosecurity`. This domain is optional if official rulesets are disabled or hosted elsewhere. -- github.com + - Official `Falco` rules are hosted at `ghcr.io/falcosecurity`. This domain is optional if official rulesets are disabled or hosted elsewhere. +- `github.com` - domains: - `*.github.com` - Various operators need to pull information from GitHub repositories. -- github.io +- `github.io` - domains: - `*.github.io` - Helm chart tarballs are pulled from GitHub Pages. -- githubusercontent.com +- `githubusercontent.com` - domains: - `raw.githubusercontent.com` - `pkg-containers.githubusercontent.com` - - Flux applies some manifests using the raw domain. - - Falco optionally loads resources from the pkg-containers domain. -- gcr.io + - `Flux` applies some manifests using the raw domain. + - `Falco` optionally loads resources from the pkg-containers domain. +- `gcr.io` - domains: - `k8s.gcr.io` - - (Legacy) K8s container images are hosted on Google Container Registry. -- googleapis.com + - (Legacy) k8s container images are hosted on Google Container Registry. +- `googleapis.com` - domains: - `storage.googleapis.com` - - Google Container Registry is backed by a Google cloud storage bucket. -- grafana.com + - Google container registry is backed by a Google cloud storage bucket. +- `grafana.com` - domains: - `grafana.com` - Grafana may download plugins from the Grafana plugin registry. -- grafana.net +- `grafana.net` - domains: - `prometheus-us-central1.grafana.net` - Some metrics are pushed to our hosted Grafana tenant. -- giantswarm.io +- `giantswarm.io - domains: - `vault.operations.giantswarm.io` - `schema.giantswarm.io` - Our operations Vault is used for unsealing customer Vault servers. - - Our schema server hosts the schema's for container image validation. -- k8s.io + - Our schema server hosts the schemas for container image validation. +- `k8s.io` - domains: - `registry.k8s.io` - - Container registry and a global CDN for the K8s project’s container images. -- keybase.io + - Container registry and a global `CDN` for the k8s project’s container images. +- `keybase.io` - domains: - `*.keybase.io` - - Vault initialisation and unsealing requires access to Keybase. -- letsencrypt.org + - Vault initialization and unsealing requires access to `Keybase`. +- `letsencrypt.org` - domains: - `*.api.letsencrypt.org` - cert-manager will request certificates from Lets Encrypt. -- microsoft.com +- `microsoft.com` - domains: - `graph.microsoft.com` - Used when logging into the cluster with Microsoft AD. -- microsoftonline.com +- `microsoftonline.com` - domains: - `login.microsoftonline.com` - Used when logging into the cluster with Microsoft AD. -- opsgenie.com +- `opsgenie.com` - domains: - `api.opsgenie.com` - Opsgenie's API is used to send alerts. -- quay.io +- `quay.io` - domains: - `*.quay.io` - Container images are hosted on Quay. -- sentry.io +- `sentry.io` - domains: - `o346224.ingest.sentry.io` - Monitoring and crash reporting for `happa`. -- sigstore.dev +- `sigstore.dev` - domains: - `*.sigstore.dev` - Used for verifying signatures on artifacts signed with the cosign keyless signing method. -- slack.com +- `slack.com` - domains: - `*.slack.com` - Used to send alerts on slack channels -- teleport.giantswarm.io +- `teleport.giantswarm.io` - domains: - `teleport.giantswarm.io` - Used to securely access Kubernetes cluster and SSH access to nodes. -- xpkg.upbound.io +- `xpkg.upbound.io` - domains: - `xpkg.upbound.io` - - Used to fetch Crossplane packages. + - Used to fetch `Crossplane` packages. ## On-premise installations These domains are only required for on-premise installations. -- cloudflare.com +- `cloudflare.com` - domains: - `api.cloudflare.com` - cert-manager may create ACME challenge DNS records. -- api.mailgun.net +- `api.mailgun.net` - domains: - `api.mailgun.net` - This is the mail service we use to send the invites for our Rest API user accounts. diff --git a/src/content/reference/kubectl-gs/_index.md b/src/content/reference/kubectl-gs/_index.md index 9c327092bd..736773d1f9 100644 --- a/src/content/reference/kubectl-gs/_index.md +++ b/src/content/reference/kubectl-gs/_index.md @@ -1,6 +1,6 @@ --- -linkTitle: kubectl-gs -title: kubectl-gs reference +linkTitle: kubectl-gs CLI +title: kubectl-gs CLI reference description: Main page for documentation on kubectl-gs, the Giant Swarm kubectl plugin, with an overview of all commands, plus information on how to install and upgrade. weight: 30 @@ -34,7 +34,7 @@ aliases: | [`get nodepools`][5] | [List node pools or get details on a single node pool][5] | | [`get organizations`][15] | [List organizations or get details on a single organization][15] | | [`get releases`][11] | [List releases or get details on a single release][11] | -| [`gitops`][14] | [Gathers GitOps related subcommand][14] | +| [`gitops`][14] | [Gathers GitOps related subcommands][14] | | [`template app`][6] | [Create manifests for an app][6] | | [`template catalog`][7] | [Create manifests for a catalog][7] | | [`template cluster`][8] | [Create manifests for a cluster][8] | diff --git a/src/content/reference/kubectl-gs/get-catalogs.md b/src/content/reference/kubectl-gs/get-catalogs.md index 24c14fe668..605203302b 100644 --- a/src/content/reference/kubectl-gs/get-catalogs.md +++ b/src/content/reference/kubectl-gs/get-catalogs.md @@ -20,7 +20,7 @@ Like with all `get` commands in `kubectl`, this command can be used to get detai custom resource in this case, or list several of them. The Catalog CRD is namespace scoped and replaces the [AppCatalog]({{< relref "/reference/platform-api/crd/appcatalogs.application.giantswarm.io.md" >}}) -CRD which is cluster scoped. This is to improve multi-tenancy support when used with the [Management API]({{< relref "/vintage/platform-overview/management-api" >}}). +CRD which is cluster scoped. This is to improve multi-tenancy support when used with the [platform API]({{< relref "/overview/architecture/#platform-api" >}}). ## Usage diff --git a/src/content/reference/kubectl-gs/gitops/add-update.md b/src/content/reference/kubectl-gs/gitops/add-update.md index 7395704ac2..6c1877a494 100644 --- a/src/content/reference/kubectl-gs/gitops/add-update.md +++ b/src/content/reference/kubectl-gs/gitops/add-update.md @@ -73,7 +73,7 @@ kubectl gs gitops add automatic-update \ --organization demoorg \ --workload-cluster demowc \ --app hello-world \ - --version-repository giantswarmpublic.azurecr.io/giantswarm-catalog/hello-world-app \ + --version-repository giantswarmpublic.azurecr.io/giantswarm-catalog/hello-world \ --repository gitops-demo \ --dry-run ``` @@ -131,7 +131,7 @@ kind: ImageRepository metadata: name: demowc-hello-world spec: - image: giantswarmpublic.azurecr.io/giantswarm-catalog/hello-world-app + image: giantswarmpublic.azurecr.io/giantswarm-catalog/hello-world interval: 10m0s @@ -176,7 +176,7 @@ kubectl gs gitops add automatic-update \ --organization demoorg \ --workload-cluster demowc \ --app hello-world \ - --version-repository giantswarmpublic.azurecr.io/giantswarm-catalog/hello-world-app \ + --version-repository giantswarmpublic.azurecr.io/giantswarm-catalog/hello-world \ --repository gitops-demo \ --dry-run ``` diff --git a/src/content/reference/kubectl-gs/login.md b/src/content/reference/kubectl-gs/login.md index 148478df61..97cca4ff9c 100644 --- a/src/content/reference/kubectl-gs/login.md +++ b/src/content/reference/kubectl-gs/login.md @@ -50,9 +50,7 @@ For the `MANAGEMENT_CLUSTER` argument there are several options. 1. **Management API endpoint URL:** The URL of the cluster's Kubernetes API endpoint. This can be also be a workload cluster, if OIDC has been set up for it. -2. **Web interface URL:** The URL of the management cluster's [web UI]({{< relref "/vintage/platform-overview/web-interface/" >}}) instance. - -3. **Context name:** Name of a Giant Swarm kubectl context, generated via one of the two methods above. The context name normally starts with the `gs-` prefix, however that prefix can be omitted for convenience. If no OIDC context can be found, an attempt to select a client certificate will be made. +2. **Context name:** Name of a Giant Swarm kubectl context, generated via one of the two methods above. The context name normally starts with the `gs-` prefix, however that prefix can be omitted for convenience. If no OIDC context can be found, an attempt to select a client certificate will be made. ### c) `kubectl gs login [MANAGEMENT_CLUSTER] [WORKLOAD_CLUSTER]` diff --git a/src/content/reference/kubectl-gs/template-app.md b/src/content/reference/kubectl-gs/template-app.md index 16ccb11169..572184cf7e 100644 --- a/src/content/reference/kubectl-gs/template-app.md +++ b/src/content/reference/kubectl-gs/template-app.md @@ -75,7 +75,9 @@ It also supports the following optional flags: - `--user-secret`: Path to the user secrets YAML file. - `--namespace-annotations`: Additional annotations to be appended to the metadata of the target namespace (through [`spec.namespaceConfig.annotations`]({{< relref "/vintage/getting-started/app-platform/namespace-configuration/index.md" >}}) of [App]({{< relref "/reference/platform-api/crd/apps.application.giantswarm.io.md" >}}) CR) in form `key=value`. To specify multiple annotations, either separate annotation pairs with commata (,) or specify the flag multiple times. - `--namespace-labels`: Additional labels to be appended to the metadata of the target namespace (through [`spec.namespaceConfig.labels`]({{< relref "/vintage/getting-started/app-platform/namespace-configuration/index.md" >}}) of [App]({{< relref "/reference/platform-api/crd/apps.application.giantswarm.io.md" >}}) CR) in form `key=value`. To specify multiple labels, either separate label pairs with commata (,) or specify the flag multiple times. -- `--in-cluster`: Creates in-cluster app by setting `.spec.kubeConfig.inCluster` field of the [App]({{< relref "/reference/platform-api/crd/apps.application.giantswarm.io.md" >}}) CR to `true`. This is necessary for installing collection of apps, for example [Security Pack]({{< relref "/vintage/platform-overview/security" >}}). +- `--in-cluster`: Creates in-cluster app by setting `.spec.kubeConfig.inCluster` field of the [App]({{< relref "/reference/platform-api/crd/apps.application.giantswarm.io.md" >}}) CR to `true`. This is necessary for installing collection of apps. + + Only required fields are templated. Other fields are are set by the [defaulting webhook]({{< relref "/vintage/getting-started/app-platform/defaulting-validation" >}}). diff --git a/src/content/reference/kubectl-gs/template-catalog.md b/src/content/reference/kubectl-gs/template-catalog.md index 020a32061f..fb2f1dd17b 100644 --- a/src/content/reference/kubectl-gs/template-catalog.md +++ b/src/content/reference/kubectl-gs/template-catalog.md @@ -21,7 +21,7 @@ The `template catalog` command allows to create an [app catalog]({{< relref "/vi The resulting manifest will define a [`Catalog`]({{< relref "/reference/platform-api/crd/catalogs.application.giantswarm.io.md" >}}) resource (API group/version `application.giantswarm.io/v1alpha1`). **Note:** The `Catalog` CRD is namespace scoped and replaces the [AppCatalog]({{< relref "/reference/platform-api/crd/appcatalogs.application.giantswarm.io.md" >}}) -CRD which is cluster scoped. This is to improve multi-tenancy support when used with the [Management API]({{< relref "/vintage/platform-overview/management-api" >}}). +CRD which is cluster scoped. This is to improve multi-tenancy support when used with the [platform API]({{< relref "/overview/architecture/#platform-api" >}}). The Catalog CRD supports having a related `ConfigMap` and/or `Secret` resource with values YAML. These values serve as a base for the rest of the [configuration]({{< relref "/vintage/getting-started/app-platform/app-configuration/index.md" >}}) when Apps are deployed from this App Catalog. diff --git a/src/content/reference/kubectl-gs/template-cluster.md b/src/content/reference/kubectl-gs/template-cluster.md index f52246c3ab..ff83c23773 100644 --- a/src/content/reference/kubectl-gs/template-cluster.md +++ b/src/content/reference/kubectl-gs/template-cluster.md @@ -25,9 +25,9 @@ The outcome depends on the provider, set via the `--provider` flag. For CAPI providers (`--provider {capa,capv,capvcd,capz,eks,...}`): - [`App (name=)`]({{< relref "/reference/platform-api/crd/apps.application.giantswarm.io.md" >}}) (API version `application.giantswarm.io/v1alpha1`) - describes the Giant Swarm App which defines the helm release which in turn creates the actual cluster resources. -- `ConfigMap (name=-userconfig)` - describes the configuration for the above cluster chart. Please see [Creating a workload cluster]({{< relref "/vintage/getting-started/create-workload-cluster" >}}) for which cluster chart is used, depending on the cloud provider. +- `ConfigMap (name=-userconfig)` - describes the configuration for the above cluster chart. Please see [Creating a workload cluster]({{< relref "/getting-started/provision-your-first-workload-cluster/" >}}) for which cluster chart is used, depending on the cloud provider. - [`App (name=-default-apps)`]({{< relref "/reference/platform-api/crd/apps.application.giantswarm.io.md" >}}) (API version `application.giantswarm.io/v1alpha1`) - describes the Giant Swarm App which defines the helm release which in turn creates the preinstalled apps which run in the workload cluster. -- `ConfigMap (name=-default-apps-userconfig)` - describes the configuration for the above preinstalled apps charts. Please see [Creating a workload cluster]({{< relref "/vintage/getting-started/create-workload-cluster" >}}) for which default apps chart is used, depending on the cloud provider. +- `ConfigMap (name=-default-apps-userconfig)` - describes the configuration for the above preinstalled apps charts. Please see [Creating a workload cluster]({{< relref "/getting-started/provision-your-first-workload-cluster/" >}}) for which default apps chart is used, depending on the cloud provider. {{< /tab >}} {{< tab id="flags-aws" for-impl="vintage_aws">}} diff --git a/src/content/reference/kubectl-gs/template-organization.md b/src/content/reference/kubectl-gs/template-organization.md index c09b78d0bc..cab7baa75f 100644 --- a/src/content/reference/kubectl-gs/template-organization.md +++ b/src/content/reference/kubectl-gs/template-organization.md @@ -14,7 +14,7 @@ user_questions: aliases: - /vintage/use-the-api/kubectl-gs/template-organization/ --- -The `template organization` command creates an [organization]({{< relref "/vintage/platform-overview/multi-tenancy/index.md" >}}) +The `template organization` command creates an [organization]({{< relref "/overview/fleet-management/multi-tenancy" >}}) manifest which can be applied to a management cluster, e. g. via `kubectl apply`. The manifest will define an [`Organization`]({{< relref "/reference/platform-api/crd/organizations.security.giantswarm.io.md" >}}) resource (API group/version `security.giantswarm.io/v1alpha1`). diff --git a/src/content/reference/kubectl-gs/update-app.md b/src/content/reference/kubectl-gs/update-app.md index 5b1eada9ba..51b97b1474 100644 --- a/src/content/reference/kubectl-gs/update-app.md +++ b/src/content/reference/kubectl-gs/update-app.md @@ -24,7 +24,7 @@ The command to execute is `kubectl gs update app`. It supports the following required flags: - `--name`: Name of the App CR to update. -- `--version`: New version to update the app to. The version must exist in the [Catalog]({{< relref "/vintage/platform-overview/app-platform/index.md#what-kind-of-app-catalogs-are-there" >}}). +- `--version`: New version to update the app to. The version must exist in the [Catalog]({{< relref "/overview/fleet-management/app-management" >}}). **Important:** ensure you have selected the correct namespace for your cluster with the `--namespace` flag. diff --git a/src/content/reference/kubectl-gs/update-cluster.md b/src/content/reference/kubectl-gs/update-cluster.md index 9be44a98e6..20947d897f 100644 --- a/src/content/reference/kubectl-gs/update-cluster.md +++ b/src/content/reference/kubectl-gs/update-cluster.md @@ -1,13 +1,13 @@ --- linkTitle: update cluster -title: "'kubectl gs update cluster' command reference" +title: "'kubectl gs update cluster' command reference (cluster upgrades)" description: Reference documentation on how to upgrade a workload cluster using kubectl-gs. weight: 130 menu: principal: parent: reference-kubectlgs identifier: reference-kubectlgs-updatecluster -last_review_date: 2024-11-25 +last_review_date: 2024-11-28 owner: - https://github.com/orgs/giantswarm/teams/team-phoenix user_questions: @@ -21,12 +21,39 @@ This command's purpose is to modify details of a workload cluster. Currently it ## Usage -### Upgrading a workload cluster {#cluster-upgrade} +### Upgrading a workload cluster {#cluster-upgrade} for CAPI cluster + +**Note:** This feature is currently only working when the cluster configuration is **not stored** via GitOps. Upgrades can either be triggered immediately, or the upgrade can be scheduled to happen at a specific date and time. The following example shows how to upgrade a workload cluster to the release specified via the `--release-version` flag. +```nohighlight +kubectl gs update cluster \ + --provider capa \ + --namespace org-acme \ + --name a1b2c \ + --release-version 26.2.0 +``` + +To schedule a workload cluster upgrade in the future, the `--scheduled-time` flag is used, like in the example below: + +```nohighlight +kubectl-gs update cluster \ + --provider capa \ + --name a1b2c \ + --namespace org-acme \ + --release-version 29.0.0 + --scheduled-time "2024-08-28 12:10" +``` + +This adds annotations to the cluster resource, triggering the upgrade to the specified version at the scheduled time. + +### Upgrading a workload cluster {#cluster-upgrade} for Vintage cluster + +To upgrade a workload cluster immediately, use the following command: + ```nohighlight kubectl gs update cluster \ --provider aws \ @@ -48,11 +75,9 @@ kubectl gs update cluster \ --scheduled-time "2022-01-01 02:00" ``` -This adds annotations to the cluster resource, triggering the upgrade to the specified version at the scheduled time. - ## Flags -- `--provider` - The infrastructure provider of the installation, either `aws` or `azure`. +- `--provider` - The infrastructure provider of the installation, `aws` or `azure` for Vintage cluster, `capa`, `capz`, `vsphere` or `cloud-director` for CAPI cluster. - `--name` - Name of the cluster. - `--namespace` - Namespace of the cluster resource. - `--release-version` - Version of the release the cluster should be upgraded to. diff --git a/src/content/reference/platform-api/cluster-apps/_index.md b/src/content/reference/platform-api/cluster-apps/_index.md index 9102b4a26e..b93eb8c5f8 100644 --- a/src/content/reference/platform-api/cluster-apps/_index.md +++ b/src/content/reference/platform-api/cluster-apps/_index.md @@ -1,7 +1,7 @@ --- linkTitle: Cluster app charts -title: Cluster app charts to build new clusters -description: The Giant Swarm Cluster Charts to provision new clusters and default components. +title: Cluster app charts +description: These charts are used to provision clusters in the Giant Swarm platform (here, even clusters are apps, in a way). weight: 100 menu: principal: @@ -11,3 +11,7 @@ last_review_date: 2024-10-29 owner: - https://github.com/orgs/giantswarm/teams/team-planeteers --- + +Note that we maintain one provider-agnostic chart named `cluster` that has most configuration options, while the provider-specific ones (named in the form `cluster-PROVIDER`) only add options specific to the respective provider. + +See [Create a workload cluster]({{< relref "/getting-started/provision-your-first-workload-cluster" >}}) to learn how to create clusters. diff --git a/src/content/reference/platform-api/crd/_index.md b/src/content/reference/platform-api/crd/_index.md index 6373555156..e9d3b89a46 100644 --- a/src/content/reference/platform-api/crd/_index.md +++ b/src/content/reference/platform-api/crd/_index.md @@ -1,7 +1,7 @@ --- linkTitle: CRDs -title: Platform API CRDs -description: Schema reference of all custom resource definitions (CRD) and custom resources (CR) you can use with the Platform API. +title: Custom resource definitions (CRDs) +description: Schema reference of all CRDs provided by Giant Swarm, in use in the Platform API. layout: management-api-reference weight: 50 menu: diff --git a/src/content/reference/platform-api/crd/appcatalogentries.application.giantswarm.io.md b/src/content/reference/platform-api/crd/appcatalogentries.application.giantswarm.io.md index 115e55f3f0..2d7a5a63e0 100644 --- a/src/content/reference/platform-api/crd/appcatalogentries.application.giantswarm.io.md +++ b/src/content/reference/platform-api/crd/appcatalogentries.application.giantswarm.io.md @@ -22,7 +22,6 @@ owner: - https://github.com/orgs/giantswarm/teams/team-honeybadger aliases: - /use-the-api/management-api/crd/appcatalogentries.application.giantswarm.io/ - - /reference/cp-k8s-api/appcatalogentries.application.giantswarm.io/ technical_name: appcatalogentries.application.giantswarm.io source_repository: https://github.com/giantswarm/apiextensions-application source_repository_ref: v0.6.2 diff --git a/src/content/reference/platform-api/crd/appcatalogs.application.giantswarm.io.md b/src/content/reference/platform-api/crd/appcatalogs.application.giantswarm.io.md index e03eaceed5..3a3b2f74df 100644 --- a/src/content/reference/platform-api/crd/appcatalogs.application.giantswarm.io.md +++ b/src/content/reference/platform-api/crd/appcatalogs.application.giantswarm.io.md @@ -26,7 +26,6 @@ owner: - https://github.com/orgs/giantswarm/teams/team-honeybadger aliases: - /use-the-api/management-api/crd/appcatalogs.application.giantswarm.io/ - - /reference/cp-k8s-api/appcatalogs.application.giantswarm.io/ technical_name: appcatalogs.application.giantswarm.io source_repository: https://github.com/giantswarm/apiextensions-application source_repository_ref: v0.6.2 diff --git a/src/content/reference/platform-api/crd/apps.application.giantswarm.io.md b/src/content/reference/platform-api/crd/apps.application.giantswarm.io.md index 10ab397705..954b12fc9a 100644 --- a/src/content/reference/platform-api/crd/apps.application.giantswarm.io.md +++ b/src/content/reference/platform-api/crd/apps.application.giantswarm.io.md @@ -22,7 +22,6 @@ owner: - https://github.com/orgs/giantswarm/teams/team-honeybadger aliases: - /use-the-api/management-api/crd/apps.application.giantswarm.io/ - - /reference/cp-k8s-api/apps.application.giantswarm.io/ technical_name: apps.application.giantswarm.io source_repository: https://github.com/giantswarm/apiextensions-application source_repository_ref: v0.6.2 diff --git a/src/content/reference/platform-api/crd/catalogs.application.giantswarm.io.md b/src/content/reference/platform-api/crd/catalogs.application.giantswarm.io.md index 9a7ecdb2df..fa9fb209dc 100644 --- a/src/content/reference/platform-api/crd/catalogs.application.giantswarm.io.md +++ b/src/content/reference/platform-api/crd/catalogs.application.giantswarm.io.md @@ -22,7 +22,6 @@ owner: - https://github.com/orgs/giantswarm/teams/team-honeybadger aliases: - /use-the-api/management-api/crd/catalogs.application.giantswarm.io/ - - /reference/cp-k8s-api/catalogs.application.giantswarm.io/ technical_name: catalogs.application.giantswarm.io source_repository: https://github.com/giantswarm/apiextensions-application source_repository_ref: v0.6.2 diff --git a/src/content/reference/platform-api/crd/charts.application.giantswarm.io.md b/src/content/reference/platform-api/crd/charts.application.giantswarm.io.md index 37fb003d95..93f0847fc2 100644 --- a/src/content/reference/platform-api/crd/charts.application.giantswarm.io.md +++ b/src/content/reference/platform-api/crd/charts.application.giantswarm.io.md @@ -22,7 +22,6 @@ owner: - https://github.com/orgs/giantswarm/teams/team-honeybadger aliases: - /use-the-api/management-api/crd/charts.application.giantswarm.io/ - - /reference/cp-k8s-api/charts.application.giantswarm.io/ technical_name: charts.application.giantswarm.io source_repository: https://github.com/giantswarm/apiextensions-application source_repository_ref: v0.6.2 diff --git a/src/content/reference/platform-api/crd/organizations.security.giantswarm.io.md b/src/content/reference/platform-api/crd/organizations.security.giantswarm.io.md index a4390ac557..d3e5fe628c 100644 --- a/src/content/reference/platform-api/crd/organizations.security.giantswarm.io.md +++ b/src/content/reference/platform-api/crd/organizations.security.giantswarm.io.md @@ -23,7 +23,6 @@ owner: - https://github.com/orgs/giantswarm/teams/team-shield aliases: - /use-the-api/management-api/crd/organizations.security.giantswarm.io/ - - /reference/cp-k8s-api/organizations.security.giantswarm.io/ technical_name: organizations.security.giantswarm.io source_repository: https://github.com/giantswarm/organization-operator source_repository_ref: v2.0.2 diff --git a/src/content/reference/platform-api/crd/policyexceptiondrafts.policy.giantswarm.io.md b/src/content/reference/platform-api/crd/policyexceptiondrafts.policy.giantswarm.io.md index 7ebd5157fd..05eb02529d 100644 --- a/src/content/reference/platform-api/crd/policyexceptiondrafts.policy.giantswarm.io.md +++ b/src/content/reference/platform-api/crd/policyexceptiondrafts.policy.giantswarm.io.md @@ -21,7 +21,6 @@ owner: - https://github.com/orgs/giantswarm/teams/team-shield aliases: - /use-the-api/management-api/crd/policyexceptiondrafts.policy.giantswarm.io/ - - /reference/cp-k8s-api/policyexceptiondrafts.policy.giantswarm.io/ technical_name: policyexceptiondrafts.policy.giantswarm.io source_repository: https://github.com/giantswarm/exception-recommender source_repository_ref: v0.1.1 diff --git a/src/content/reference/platform-api/crd/policyexceptions.policy.giantswarm.io.md b/src/content/reference/platform-api/crd/policyexceptions.policy.giantswarm.io.md index ae1a755787..9b033fa5d9 100644 --- a/src/content/reference/platform-api/crd/policyexceptions.policy.giantswarm.io.md +++ b/src/content/reference/platform-api/crd/policyexceptions.policy.giantswarm.io.md @@ -21,7 +21,6 @@ owner: - https://github.com/orgs/giantswarm/teams/team-shield aliases: - /use-the-api/management-api/crd/policyexceptions.policy.giantswarm.io/ - - /reference/cp-k8s-api/policyexceptions.policy.giantswarm.io/ technical_name: policyexceptions.policy.giantswarm.io source_repository: https://github.com/giantswarm/kyverno-policy-operator source_repository_ref: v0.0.8 diff --git a/src/content/reference/platform-api/crd/releases.release.giantswarm.io.md b/src/content/reference/platform-api/crd/releases.release.giantswarm.io.md index 0f716b6e57..8fcfd96d0f 100644 --- a/src/content/reference/platform-api/crd/releases.release.giantswarm.io.md +++ b/src/content/reference/platform-api/crd/releases.release.giantswarm.io.md @@ -23,7 +23,6 @@ owner: - https://github.com/orgs/giantswarm/teams/team-honeybadger aliases: - /use-the-api/management-api/crd/releases.release.giantswarm.io/ - - /reference/cp-k8s-api/releases.release.giantswarm.io/ technical_name: releases.release.giantswarm.io source_repository: https://github.com/giantswarm/release-operator source_repository_ref: v4.2.0 diff --git a/src/content/reference/platform-api/crd/rolebindingtemplates.auth.giantswarm.io.md b/src/content/reference/platform-api/crd/rolebindingtemplates.auth.giantswarm.io.md index a0a0890a9a..96ee995f76 100644 --- a/src/content/reference/platform-api/crd/rolebindingtemplates.auth.giantswarm.io.md +++ b/src/content/reference/platform-api/crd/rolebindingtemplates.auth.giantswarm.io.md @@ -22,7 +22,6 @@ owner: - https://github.com/orgs/giantswarm/teams/team-shield aliases: - /use-the-api/management-api/crd/rolebindingtemplates.auth.giantswarm.io/ - - /reference/cp-k8s-api/rolebindingtemplates.auth.giantswarm.io/ technical_name: rolebindingtemplates.auth.giantswarm.io source_repository: https://github.com/giantswarm/rbac-operator source_repository_ref: v0.41.1 diff --git a/src/content/reference/platform-api/crd/silences.monitoring.giantswarm.io.md b/src/content/reference/platform-api/crd/silences.monitoring.giantswarm.io.md index d613adc3a8..6673772fdb 100644 --- a/src/content/reference/platform-api/crd/silences.monitoring.giantswarm.io.md +++ b/src/content/reference/platform-api/crd/silences.monitoring.giantswarm.io.md @@ -22,7 +22,6 @@ owner: - https://github.com/orgs/giantswarm/teams/team-atlas aliases: - /use-the-api/management-api/crd/silences.monitoring.giantswarm.io/ - - /reference/cp-k8s-api/silences.monitoring.giantswarm.io/ technical_name: silences.monitoring.giantswarm.io source_repository: https://github.com/giantswarm/silence-operator source_repository_ref: v0.12.0 diff --git a/src/content/support/_index.md b/src/content/support/_index.md index e6f9eae03a..9a37abe8ac 100644 --- a/src/content/support/_index.md +++ b/src/content/support/_index.md @@ -1,8 +1,8 @@ --- title: Support -description: How does our support is designed making sure that customer platforms are up to date and functional 24/7. +description: How our support model works and how our operation team handles the incidents. weight: 40 -last_review_date: 2024-03-07 +last_review_date: 2024-11-28 owner: - https://github.com/orgs/giantswarm/teams/sig-docs --- diff --git a/src/content/vintage/support/p1-process/escalate_screenshot.png b/src/content/support/incident-process/escalate_screenshot.png similarity index 100% rename from src/content/vintage/support/p1-process/escalate_screenshot.png rename to src/content/support/incident-process/escalate_screenshot.png diff --git a/src/content/support/incident-process/index.md b/src/content/support/incident-process/index.md new file mode 100644 index 0000000000..9002155694 --- /dev/null +++ b/src/content/support/incident-process/index.md @@ -0,0 +1,119 @@ +--- +title: Incident process +description: The process used by the Giant Swarm support team when a priority one incident is called. +weight: 100 +aliases: + - /support/p1-process +menu: + principal: + parent: support + identifier: support-incident +user_questions: + - What process does Giant Swarm follow in case of critical incidents? +owner: + - https://github.com/orgs/giantswarm/teams/teddyfriends +last_review_date: 2024-11-26 +--- + +After years of handling critical enterprise workloads in production, Giant Swarm has strengthened the incident process based on valuable learnings. This document focuses on critical incidents, called `Priority 1` (P1) incidents, although some steps may also apply to regular incidents. + +Giant Swarm classifies incidents as either critical (`P1`) or routine (`P2`). Critical incidents impair a customer production system, while routine incidents don't impact production and follow a straightforward process. + +## Separation of responsibilities + +It’s important to ensure that everyone involved in an incident knows their role and what's expected of them, without conflicting with others' responsibilities. Somewhat counterintuitively, a clear separation of responsibilities allows individuals more autonomy, as they don't need to constantly coordinate actions. + +### Roles + +At Giant Swarm, two roles are defined: `Incident Coordinators` and `Operations Engineers`. + +### Incident coordinator + +The `Incident Coordinator` maintains the high-level overview of the incident. Structuring the incident response, the coordinator assigns responsibilities according to need and priority. By default, the coordinator holds all positions/responsibilities not delegated. If necessary, the coordinator can remove roadblocks that prevent operations engineers from working effectively. + +The coordinator is the public face of the incident response, responsible for issuing periodic updates to all involved teams—both customer teams and within Giant Swarm—acting as the bridge between customer and team. The coordinator will need to be present in the situation rooms of customers. For this reason, an [Opsgenie team](https://support.atlassian.com/opsgenie/docs/what-are-teams-in-opsgenie/) groups all members who can act as incident coordinators. + +When there is a dedicated coordinator assigned to an incident, this person isn’t debugging systems but focuses on coordinating the team and managing customer communication. + +### Operations engineer + +The `Operations Engineer` works with the coordinator to respond to the incident, responsible for debugging and applying changes to a system. + +Out teams are on-call in [`Opsgenie`](https://support.atlassian.com/opsgenie/docs/what-are-teams-in-opsgenie/) in case any incident is triggered at any point of time. + +## Incident process + +Inspired by the well-known [Incident Command System](https://en.wikipedia.org/wiki/Incident_Command_System) used by US firefighters, the process is adapted to manage developer platforms. + +The main tenet is to have a simple process integrated with incident tooling ([Incident.io](https://incident.io/)) to simplify life for engineers. Once a critical incident is declared, the process should guide actions without needing to read instructions. + +The process is broken down into these steps: + +1. [Identify](#identify) +2. [Investigate](#investigate) +3. [Fixing](#fixing) +4. [Monitoring](#monitoring) +5. [Closing up](#closing-up) + +### Identify + +The first step is to identify the incident and understand its impact and severity. There are three possible sources: + +1. Alert received pointing to an impacted production system +2. Customer reaches out via Slack +3. Customer sends an urgent email + +For the first two options, the engineer [declares an incident](https://help.incident.io/en/articles/5947915-declaring-incidents) using the `Slack` shortcut directly on the alert or customer message in the communication channel. The shortcut generates a pop-up to introduce details of the incident, such as name, whether it's a live incident or triage, severity, summary, or affected customer. + +![Incident.io Shortcut Popup Screenshot](shortcut_screenshot.png) + +If the incident comes from an urgent email, [incident.io](https://incident.io/) automatically creates a channel for the incident and notifies the person on call. The incident is created in `triage` so the Operations Engineer needs to confirm the severity of the issue before triggering the P1 process. Often, the customer provides a call link to join and confirm the problem. + +__Note__: For `triage` incidents, a [decision workflow](https://incident.io/blog/using-decision-flows) is designed to help engineers decide the severity of an incident. + +Once the `P1` criticality is confirmed, [incident.io](https://incident.io/) triggers a set of [workflows](https://help.incident.io/en/articles/6971329-getting-started-with-workflows) to drive the incident. These workflows include: + +- `Escalation Matrix`, displaying different customer contacts to call in an emergency. +- `Role assignment`, automatically assigning the Operations Engineer role to the person reporting the incident. +- `Ping people on call`, notifying colleagues who are on call once the incident is created automatically by urgent email. + +For `P1` incidents, the first step is to build the team. Often, the engineer creating the channel isn't part of the [Incident Coordinators Group](https://giantswarm.app.opsgenie.com/teams/dashboard/f02504a3-83d4-4ea8-b55c-8c67756f9b2e/main), so escalation is needed to involve someone from that team. When creating an incident channel, [incident.io](https://incident.io/) provides a button to escalate and select the coordinator schedule from `Opsgenie`. At least a two-person team is needed to manage a critical incident (communications and operations). + +![Incident.io Escalate Screenshot](escalate_screenshot.png) + +### Investigate + +Once the team is built, the person assigned to the `Operations Engineer` role will carry on with the investigation. The incident coordinator will be in contact with the customer, via messaging or in a call, providing information to the Operator to aid the investigation. + +__Note__: In exceptional cases, the person who acknowledges the alert can manage communication and fix the problem simultaneously, but in such cases, ensure the customer is aware of the measures implemented to solve the issue. + +Operations Engineers focus on the investigation, but 30-minute intervals are established to update the customer on the current state. Findings are shared in the channel, and the coordinator can pin these messages to help track actions performed. + +If the coordinator needs more responders, escalation to more team members is possible using [incident.io](https://incident.io/) command `/inc escalate`. + +By default, every 30 minutes [incident.io](https://incident.io/) will remind the coordinator to share updates with the customer or report any progress on the incident channel. + +### Fixing + +After identifying the root cause, a solution is implemented to prevent further downtime for the customer service. Often, the solution is temporary and replaced once the actual fix is rolled out to the platform. Once the cause is identified and the problem is being fixed, the coordinator updates the incident channel status to `Fixing` (using `/inc update`). The same command can be used to update the summary with any progress. + +### Monitoring + +Once the fix or workaround is implemented, the coordinator communicates with the customer and moves the incident status to the monitoring phase, where the team remains on standby. The engineer monitors metrics and communication channels to confirm no regression. The incident remains in this state for a period, typically a day or two, until agreement with the customer confirms no regression. + +### Closing up + +Closing the incident doesn’t mean the work is done. The coordinator creates a [`Postmortem`](https://docs.giantswarm.io/support/overview/#postmortem-process) document detailing all information collected during the incident and shares it with the customer. The [incident.io](https://incident.io/) functionality allows generating a `Google` document as post-mortem, filling most parts with metadata and pinned messages gathered during the incident. The dedicated account engineer for the customer will review and seek feedback from any incident participants. + +Any remaining follow-up items are converted into GitHub tickets by the coordinator and moved to the product teams to improve service and avoid repeating mistakes. + +### Diagram + +The entire workflow is visualized for better understanding, focusing on the most common scenario and excluding all possible ramifications as those are exceptions. + +![Incident Workflow](p1_flow_diagram.jpg) + +## More info + +- This process takes inspiration from [`incident coordinator` role](https://en.wikipedia.org/wiki/Incident_commander). +- [Incident shortcut cheatsheet](https://help.incident.io/en/articles/5948163-shortcuts-cheatsheet) diff --git a/src/content/vintage/support/p1-process/p1_flow_diagram.jpg b/src/content/support/incident-process/p1_flow_diagram.jpg similarity index 100% rename from src/content/vintage/support/p1-process/p1_flow_diagram.jpg rename to src/content/support/incident-process/p1_flow_diagram.jpg diff --git a/src/content/vintage/support/p1-process/shortcut_screenshot.png b/src/content/support/incident-process/shortcut_screenshot.png similarity index 100% rename from src/content/vintage/support/p1-process/shortcut_screenshot.png rename to src/content/support/incident-process/shortcut_screenshot.png diff --git a/src/content/support/overview/index.md b/src/content/support/overview/index.md new file mode 100644 index 0000000000..18dc8a7f36 --- /dev/null +++ b/src/content/support/overview/index.md @@ -0,0 +1,68 @@ +--- +linkTitle: Overview +title: Customer support +description: The support we provide is an essential part of our offering. Here we explain various support service processes and workflows. +weight: 10 +last_review_date: 2024-11-25 +user_questions: + - What should I know when working with Giant Swarm's support staff? + - How is Giant Swarm organizing support? +menu: + principal: + parent: support + identifier: support-overview +owner: + - https://github.com/orgs/giantswarm/teams/team-planeteers +--- + +Giant Swarm has developed a custom support model to offer exceptional assistance by defining different layers of support. + +## Direct support via Slack + +Our first level of support involves close interactions via Slack, ensuring bi-directional feedback as quickly as possible. This channel is also used to answer a variety of questions, which can extend beyond the platform to include anything cloud-native. + +The first level support is available from 08:00 to 18:00 (CET) on Monday-Friday. With a distributed team across the world, questions are often answered outside these hours. Support shifts rotate across teams, focusing on channels with clear internal handovers. + +In case the first line support is unable to resolve your request, it's escalated to an engineer from the team responsible of the component or application in question. This is managed through a 24-hour rotating shift. + +## Project management + +The shared goal is to build a developer platform together. As the expert in your company's domain, you are supported in creating a valuable experience for your developers. This collaboration involves creating a roadmap and defining the necessary milestones. At the same time, our Solution Architects have created a [training program]({{< relref "/support/training-catalog" >}}) to help you get the most out of the platform. + +Every customer is assigned a dedicated `Account Engineer` who holds regular sync meetings to discuss project progress, address any blockers, or manage changes in requirements. This go-to person provides additional support and acts as a backup if the first line support is overloaded. + +## Operational support + +Our team trust the `DevOps` principle `You build it, you run it` and for that reason each part of the platform is managed by a different team. + +On-call engineers monitor all alerts from environments where your workloads run. These engineers are available every day, ensuring that issues are addressed as quick as possible, even during nights and weekends. + +Currently, the mean time to acknowledge an alert is around two minutes, with incident resolution typically taking less than two hours. Not all alerts result in downtime; alerts are configured to resolve issues before they lead to actual incidents. + +Additionally, you have a dedicated email address to contact the on-call engineer at any time for cases where problems are noticed that haven't been detected by monitoring. + +### Fully monitored platform + +The Giant Swarm platform includes a monitoring and alerting system that helps the operations team maintain Service Level Agreements (SLAs) across all customer platforms. + +The monitoring stack observes the platform's underlying infrastructure, including the networking layer, DNS resolution, Kubernetes core components, cloud providers, and other targets, providing a complete view of system health. + +Applications running on top of the platform, offering observability, connectivity, or security, are instrumented to expose metrics to the monitoring system, ensuring continuous operation. + +### Incident handling + +Whenever an on-call engineer receives an alert from the monitoring platform, the incident process begins. A new Slack channel is created specifically for the issue, where information is gathered. Thanks to [incident.io](https://incident.io) automation, the ops team can quickly escalate an incident or generate a report for you (postmortem). + +Treating major alerts as incidents offers many benefits: information is contained in a single channel, recurrent problems or trends can be identified to improve the support process, and there is a historical record of actions and information related to specific issues. More information about the incident process can be found in the [Giant Swarm incident process]({{< relref "/support/incident-process" >}}). + +### Postmortem process + +The `postmortem` culture, [created by Google](https://sre.google/sre-book/postmortem-culture/), is established to document problems correctly, find root causes, and fix them permanently across all installations. Every time an incident is closed, if it's not a false positive, a postmortem is created. + +Postmortems are developed throughout the week. On Mondays, the product team meets to distribute postmortems across product teams. During each team's weekly sprint planning, a specific engineer is assigned to each postmortem. Postmortems take priority over feature development, with engineers dedicating at least one day a week to solving these problems. + +A postmortem is only closed once the underlying issue is fixed and deployed to all affected environments. Additionally, postmortems often result in new or refined alerts and operational recipes to share knowledge across the operations team. + +## The future + +The support process is always evolving. As improvements are made, policies, processes, and tools are refined. However, the goals remain clear and steadfast: to provide seamless support to you, the customer. diff --git a/src/content/support/training-catalog/index.md b/src/content/support/training-catalog/index.md new file mode 100644 index 0000000000..fecef9f229 --- /dev/null +++ b/src/content/support/training-catalog/index.md @@ -0,0 +1,84 @@ +--- +linkTitle: Training catalog +title: Giant Swarm training catalog +description: Overview of the trainings and workshops offered to customers in order to share our knowledge and best practices with them and answer possible follow-up questions. +weight: 20 +menu: + principal: + parent: support + identifier: support-training +last_review_date: 2024-11-25 +user_questions: + - Which trainings does Giant Swarm offer? + - How can I learn about Cloud Native topics? + - How can I fully fully utilize my Giant Swarm setup? + - How do I learn about the Giant Swarm platform? + - How do I get up to speed once I become a Giant Swarm customer? +owner: + - https://github.com/orgs/giantswarm/teams/team-planeteers +--- + +Giant Swarm perceives the cloud-native landscape as a journey, and it takes time and effort to get across it successfully. Based on the lessons learnt through these years helping our customers, our teams have built a training set that guides customers to understand the principles and the tools. The training is why-focused rather than how-focused, meaning that the aim is to explain the reasons behind the tools and practices, rather than just how to use them. + +### Getting Started with Giant Swarm + +Giant Swarm offers a series of training sessions to help you get started with our platform. During the onboarding process, your account engineer will schedule these sessions. Our experts will present to you the following topics: + +[_Team Planeteers_](https://www.giantswarm.io/about) + +- Who is Giant Swarm? +- What's the support model? +- The onboarding into the web UI and the CLI - `kubectl gs` +- How does GS help platform teams serve application teams? +- What are best practices that we should aim for together? +- What's some useful "technical" knowledge? What differentiates Giant Swarm from other providers? + +### Kubernetes 101 + +[_Team Planeteers_](https://www.giantswarm.io/about) + +- High level overview of microservices +- What's `Kubernetes` and what are the reasons to use it +- Basic `Kubernetes` concepts +- Basic `Kubernetes` best practices + +### GitOps 101 + +[_Team Honeybadger_](https://www.giantswarm.io/about) + +- What's `GitOps`? +- What led us to `GitOps` in the first place? +- What are the advantages and reasons to work towards this method? +- Tooling - our recommendations +- Internal tour of how Giant Swarm automation and pipeline is setup +- An example of `GitOps` in action + +### Cloud Native Security 101 + +[_Team Shield_](https://www.giantswarm.io/about) + +- What does security mean in a cloud-native world? +- What are `Pod Security Standards`, `Network Policies`, `RBAC`, etc.? +- What needs to be considered in securing infrastructure outside of `Kubernetes` clusters? +- Tooling options for "Day 2" operations +- Our default security stack + +### Monitoring and Observability 101 + +[_Team Atlas_](https://www.giantswarm.io/about) + +- What's the advantage of observability on `Kubernetes`? +- Which tools do we provide and recommend? Why? +- How does Giant Swarm do alerting internally? +- What does the Giant Swarm monitoring stack look like? +- Monitoring infrastructure and applications + +### Troubleshooting and Best Practices 101 + +[_Team Planeteers_](https://www.giantswarm.io/about) + +- What are the most common mistakes we've seen in 10 years of experience? +- How do we make deployments Cloud Native? +- How do we ensure proper scalability? +- How do we debug issues in a `Kubernetes` cluster? +- Tips and tricks for day-to-day operations and debugging diff --git a/src/content/tutorials/access-management/_index.md b/src/content/tutorials/access-management/_index.md index 326da34cb3..00fd0143fc 100644 --- a/src/content/tutorials/access-management/_index.md +++ b/src/content/tutorials/access-management/_index.md @@ -1,14 +1,15 @@ --- -title: Access management +title: Platform access management +linkTitle: Access management description: How the users can access the Giant Swarm platform and manage their applications. weight: 20 menu: principal: parent: tutorials identifier: tutorials-access-management -last_review_date: 2024-10-28 -owner: - - https://github.com/orgs/giantswarm/teams/sig-docs user_questions: - Where can I learn about how to manage access to the Giant Swarm platform? +last_review_date: 2024-11-29 +owner: + - https://github.com/orgs/giantswarm/teams/team-shield --- diff --git a/src/content/tutorials/access-management/authentication/_index.md b/src/content/tutorials/access-management/authentication/_index.md index ecc9caf100..a901df46fd 100644 --- a/src/content/tutorials/access-management/authentication/_index.md +++ b/src/content/tutorials/access-management/authentication/_index.md @@ -4,7 +4,7 @@ title: Authentication for the platform API description: Instructions on how to authenticate for the platform API, both as a user and in an automation context. We also provide some technical background information and requirements for new customers. weight: 20 menu: - main: + principal: identifier: tutorials-access-management-authentication parent: tutorials-access-management last_review_date: 2024-10-28 diff --git a/src/content/tutorials/access-management/authentication/additional-details/index.md b/src/content/tutorials/access-management/authentication/additional-details/index.md index b934c06e49..f0bcd9c1f3 100644 --- a/src/content/tutorials/access-management/authentication/additional-details/index.md +++ b/src/content/tutorials/access-management/authentication/additional-details/index.md @@ -4,10 +4,10 @@ title: Additional details on authentication for the platform API description: Here we provide additional information about single sign-on with the platform API. weight: 30 menu: - main: + principal: identifier: tutorials-access-management-authentication-details parent: tutorials-access-management-authentication -last_review_date: 2024-10-28 +last_review_date: 2024-11-29 user_questions: - How long do ID tokens live? - How can I refresh my groups memberships for platform API authorization? diff --git a/src/content/tutorials/access-management/authentication/automation/index.md b/src/content/tutorials/access-management/authentication/automation/index.md index 06705b0c1c..4760b88cf1 100644 --- a/src/content/tutorials/access-management/authentication/automation/index.md +++ b/src/content/tutorials/access-management/authentication/automation/index.md @@ -4,10 +4,10 @@ title: Authentication for the platform API in automation description: Using the platform API from an automation requires a hands-free way to provide credentials to kubectl or any `kubernetes` client. This article explains how to obtain a service account token to use in such a scenario. weight: 20 menu: - main: + principal: identifier: tutorials-access-management-authentication-automation parent: tutorials-access-management-authentication -last_review_date: 2024-10-28 +last_review_date: 2024-11-29 user_questions: - How can I use the platform API in a programmatic way? owner: diff --git a/src/content/tutorials/access-management/authentication/user/index.md b/src/content/tutorials/access-management/authentication/user/index.md index 7def441433..731a3c3b47 100644 --- a/src/content/tutorials/access-management/authentication/user/index.md +++ b/src/content/tutorials/access-management/authentication/user/index.md @@ -4,10 +4,10 @@ title: Authentication for the platform API as a user description: Here you learn how to log in to the platform API as a user, using single sign-on (SSO), to use tools like kubectl. weight: 10 menu: - main: + principal: identifier: tutorials-access-management-authentication-user parent: tutorials-access-management-authentication -last_review_date: 2024-10-28 +last_review_date: 2024-11-29 user_questions: - How can I authenticate as a user to the platform API? - How can I authenticate to the platform API without kubectl-gs? diff --git a/src/content/tutorials/access-management/authorization/index.md b/src/content/tutorials/access-management/authorization/index.md index 449d04433f..b25992d4fe 100644 --- a/src/content/tutorials/access-management/authorization/index.md +++ b/src/content/tutorials/access-management/authorization/index.md @@ -2,9 +2,9 @@ linkTitle: Authorization title: Authorization in the platform API description: Granting users specific permission to certain resources is what authorization is all about. The Platform API uses Kubernetes' role based access control (RBAC) primitives and provides automation on top of it to make authorization easy for most real-life use cases. Here we explain them in detail. -weight: 20 +weight: 30 menu: - main: + principal: identifier: tutorials-access-management-authorization parent: tutorials-access-management last_review_date: 2024-10-28 @@ -53,10 +53,10 @@ Next, the following resources reside in the `default` namespace: ### Organization namespaces {#org-namespaces} -For each [organization]({{< relref "/vintage/platform-overview/multi-tenancy" >}}) there is a namespace to be used as the standard location for storing resources. In these namespaces you will usually find: +For each [organization]({{< relref "/overview/fleet-management/multi-tenancy" >}}) there is a namespace to be used as the standard location for storing resources. In these namespaces you will usually find: - Resources defining [workload clusters and node pools]({{< relref "/getting-started/provision-your-first-workload-cluster" >}}) -- [Cloud provider credentials]({{< relref "/getting-started/prepare-your-provider-account#configure-cluster-role-identity" >}}) in the form of `Secret` resources +- [Cloud provider credentials]({{< relref "/getting-started/prepare-your-provider-infrastructure#configure-cluster-role-identity" >}}) in the form of `Secret` resources - [`App`]({{< relref "/reference/platform-api/crd/apps.application.giantswarm.io.md" >}}) which defines an app to be installed in a workload clusters - `ConfigMap` which optionally provides configuration for such an app - `Secret` which provides additional (confidential) configuration for such an app @@ -81,7 +81,7 @@ We'll explain the effect of binding these roles in the next section on RBAC auto As explained previously, various resources reside in different scopes and namespaces, and in the case of the workload cluster namespaces, they even come and go as clusters are created and deleted. To simplify authorization under these circumstances, we've some automation in place, provided by [rbac-operator](https://github.com/giantswarm/rbac-operator) running in the management cluster. Here is what it does. -- __Grant admin permissions to a default group__. Where customers own a Giant Swarm installation exclusively (which is the opposite case of using a [shared installation]({{< relref "/vintage/support/shared-installation" >}})), they name a group from their identity provider to gain admin permissions. This group will automatically be bound to the `cluster-admin` role in all namespaces and in the cluster scope. +- __Grant admin permissions to a default group__. Customers name a group from their identity provider to gain admin permissions. This group will automatically be bound to the `cluster-admin` role in all namespaces and in the cluster scope. - __Provide service accounts with admin privileges__. Service accounts named `automation` are created in the `default` namespace and in all organization namespaces, bound to the pre-defined `cluster-admin` role. @@ -111,7 +111,7 @@ For the purpose of this documentation article we'll introduce a few example case 2. __Developer__: allowed to install, configure, upgrade and uninstall certain apps in/from workload clusters of a certain organization. In order to discovers clusters and navigate the web UI, users of this type also require read permission to various resources like clusters, node pools, releases, and app catalogs. -3. __Organization admin__: users who have full permissions to resources belonging to a specific [organization]({{< relref "/vintage/platform-overview/multi-tenancy" >}}). +3. __Organization admin__: users who have full permissions to resources belonging to a specific [organization]({{< relref "/overview/fleet-management/multi-tenancy" >}}). 4. __Admin__: a type of user that has permission to create, modify, and delete most types of resources in the management cluster. diff --git a/src/content/tutorials/access-management/configure-dex-in-your-cluster/dex-architecture.png b/src/content/tutorials/access-management/configure-dex-in-your-cluster/dex-architecture.png new file mode 100644 index 0000000000..3bf55e21fe Binary files /dev/null and b/src/content/tutorials/access-management/configure-dex-in-your-cluster/dex-architecture.png differ diff --git a/src/content/tutorials/access-management/configure-dex-in-your-cluster/index.md b/src/content/tutorials/access-management/configure-dex-in-your-cluster/index.md new file mode 100644 index 0000000000..b06c48d37f --- /dev/null +++ b/src/content/tutorials/access-management/configure-dex-in-your-cluster/index.md @@ -0,0 +1,485 @@ +--- +linkTitle: OpenID Connect for workload clusters +title: Configure OIDC using Dex to access your clusters +description: A general explanation on how to install and configure Dex to work as an authenticator mechanism to provide OpenID tokens. +weight: 40 +menu: + principal: + parent: tutorials-access-management + identifier: tutorials-access-management-oidc +user_questions: + - How can I configure OIDC in my cluster? + - How can I add a new OIDC connector? +last_review_date: 2024-11-29 +owner: + - https://github.com/orgs/giantswarm/teams/team-bigmac +--- + +## Introduction + +At Giant Swarm, the platform automatically configure `Dex` in the management cluster to allow you to authenticate using your own identity providers, towards allowing you to manage your infrastructure using the platform API (management cluster `Kubernetes` API). + +For workload clusters - where you run your applications - there is no default OpenID Connect (OIDC) tool to enable single sign-on (SSO). In this article, you will learn how to configure [`Dex`](https://dexidp.io/) in those clusters, to provide `SSO` using `OIDC`. + +![Multi cluster Dex architecture](dex-architecture.png) + + +## Why `Dex` + +There are other projects that help to configure `OIDC` to access clusters, but our team considers [`Dex`](https://dexidp.io/) to be the most feature-rich. First of all, it's not tied to `Kubernetes`, so you can use it to handle authentication and authorization for your own apps as well. Secondly, `Dex` can act like an identity provider hub, where you can plug in different providers via different connectors, and choose between them when you want to log in. + +## OpenID Connect in Kubernetes + +The `Kubernetes` API allows users to authenticate using the `OIDC` protocol, making it possible to enforce multi-factor authentication (MFA) or password policies by delegating to your identity provider. The API will use the field named `id_token` from the response as a bearer token to authenticate users. + +## Configure the OpenID Connect values on the cluster resource + +You need to set values for the OpenID Connect (OIDC) issuer address and client ID. You can define those values in the cluster custom resource. These values will then be set as flags on the `Kubernetes` API server (specifically, `--oidc-issuer-url` and `--oidc-client-id`). + +{{< tabs >}} +{{< tab title="Azure">}} + +```yaml +apiVersion: cluster.x-k8s.io/v1alpha3 +kind: Cluster +metadata: + annotations: + oidc.giantswarm.io/client-id: dex-k8s-authenticator + oidc.giantswarm.io/issuer-url: https://dex.CLUSTER_NAME.BASE_DOMAIN + oidc.giantswarm.io/group-claim: groups + oidc.giantswarm.io/username-claim: email + ... +``` + +{{< /tab >}} +{{< tab title="AWS">}} + +```yaml +apiVersion: infrastructure.giantswarm.io/v1alpha2 +kind: AWSCluster +spec: + cluster: + ... + oidc: + claims: + groups: groups + username: email + clientID: dex-k8s-authenticator + issuerURL: https://dex.CLUSTER_NAME.BASE_DOMAIN +``` + +{{< /tab >}} +{{< tab title="OpenStack">}} + +```yaml +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlaneTemplate +spec: + template: + spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + oidc-issuer-url: https://dex.CLUSTER_NAME.BASE_DOMAIN + oidc-client-id: dex-k8s-authenticator + oidc-username-claim: email + oidc-groups-claim: groups +``` + +{{< /tab >}} +{{< tab title="Cluster API (any)">}} + +```yaml +# Config map with values for the Workload Cluster app +apiVersion: v1 +kind: ConfigMap +data: + values: | + ... + global: + controlPlane: + oidc: + issuerUrl: https://dex.CLUSTER_NAME.BASE_DOMAIN + clientId: dex-k8s-authenticator + usernameClaim: email + groupsClaim: groups +``` + +{{< /tab >}} +{{< tab title="Cluster API (AWS EKS)">}} + +```yaml +# Config map with values for the Workload Cluster app +apiVersion: v1 +kind: ConfigMap +data: + values: | + ... + global: + controlPlane: + oidcIdentityProviderConfig: + issuerUrl: https://dex.CLUSTER_NAME.BASE_DOMAIN + clientId: dex-k8s-authenticator + usernameClaim: email + groupsClaim: groups + identityProviderConfigName: dex-k8s-authenticator +``` + +{{< /tab >}} +{{< /tabs >}} + +__Note__: In the above snippets you need to replace the `CLUSTER_NAME` and `BASE_DOMAIN` placeholder with the correct values, which is the name of the workload cluster you are configuring, and the base domain that you use for your installation. You can also derive them from the workload cluster's `Kubernetes` API endpoint, which has an address in the format of `https://api.CLUSTER_NAME.BASE_DOMAIN`. + +## Deploy the app to your cluster + +In this guide, you will use a single app deployment for each cluster that you want to authenticate towards. There are different ways to set up how you authenticate towards your Kubernetes API with Dex, but in our opinion, using a single deployment per cluster is more resilient than having a common Dex deployment for all your workload clusters. + +You will use the [app platform]({{< relref "/overview/fleet-management/app-management" >}}) to deploy the app, as it allows you to deploy apps across workload clusters using a single API endpoint. In this example, you create an `App` custom resource (CR) with the parameters to install your [`dex-app`](https://github.com/giantswarm/dex-app) in the desired cluster, and a `Secret` with the configuration values. The app platform also supports providing the configuration values in a `ConfigMap`, but in the case of Dex, some configuration values are credentials; therefore, using a `Secret` is the preferred method. It's also possible to split the configuration values, provide the public part in a `ConfigMap` and the credentials in a `Secret`, but in this example, you will provide the entire configuration in a `Secret`: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: dex-app-user-values + namespace: CLUSTER_NAMESPACE_NAME +data: + values: ... # base64 encoded connector config +``` + +The format of the `connector config` content can look different depending on the OpenID Connect provider you want to use. Some examples can be found below. +Details on all connectors and their respective configuration is available in the [Dex documentation](https://dexidp.io/docs/connectors/). + +{{< tabs >}} +{{< tab title="Keycloak">}} + +```yaml +isWorkloadCluster: true +oidc: + expiry: + signingKeys: 6h + idTokens: 30m + customer: + enabled: true + connectors: + - id: customer + connectorName: test + connectorType: oidc + connectorConfig: | + clientID: CLIENT_ID + clientSecret: CLIENT_SECRET + insecureEnableGroups: true + scopes: + - email + - groups + - profile + issuer: https://KEYCLOAK_HOST/realms/master + redirectURI: https://dex.CLUSTER_NAME.BASE_DOMAIN/callback +``` + +The values for `CLIENT_ID` and `CLIENT_SECRET` are created/defined in the `Keycloak` OpenID Connect client configuration. `KEYCLOAK_HOST` is the fully qualified `hostname` of your `Keycloak` instance. + +{{< /tab >}} +{{< tab title="GitHub">}} + +```yaml +isWorkloadCluster: true +oidc: + expiry: + signingKeys: 6h + idTokens: 30m + customer: + enabled: true + connectors: + - id: customer + connectorName: test + connectorType: github + connectorConfig: | + clientID: CLIENT_ID + clientSecret: CLIENT_SECRET + loadAllGroups: false + teamNameField: slug + redirectURI: https://dex.CLUSTER_NAME.BASE_DOMAIN/callback + orgs: + - name: GITHUB_ORGANIZATION + teams: + - GITHUB_TEAM_SLUG +``` + +The value for `CLIENT_ID` is automatically generated by GitHub after the creation of an `OAuth` app. Please also generate a client secret for that app and replace `CLIENT_SECRET` with the contents of that secret. + +In the above example you see how to configure access for a certain GitHub team (named `GITHUB_TEAM_SLUG`, belonging to the `GITHUB_ORGANIZATION` organization). To restrict access in this way, make sure to list the team's _slug_ as it appears in the handle and team address. For example, for a team named `Team Infra`, the handle may be `@my-organization/team-infra`, and the slug used here would be `team-infra`. + +Specifying `teams` enables Dex's [group filtering]({{< relref "/tutorials/access-management/configure-dex-in-your-cluster#dex-group-filtering" >}}). + +{{< /tab >}} +{{< tab title="Active Directory">}} + +```yaml +isWorkloadCluster: true +oidc: + expiry: + signingKeys: 6h + idTokens: 30m + customer: + enabled: true + connectors: + - id: customer + connectorName: test + connectorType: microsoft + connectorConfig: | + clientID: CLIENT_ID + clientSecret: CLIENT_SECRET + tenant: TENANT + redirectURI: https://dex.CLUSTER_NAME.BASE_DOMAIN/callback + useGroupsAsWhitelist: true + groups: + - AD_GROUP_NAME +``` + +The values to be filled in as `CLIENT_ID` and `CLIENT_SECRET` are obtained when creating a client application in Active Directory. Please replace `TENANT` with your Azure AD tenant ID. + +Specifying `groups` and `useGroupsAsWhitelist` enables Dex's [group filtering]({{< relref "/tutorials/access-management/configure-dex-in-your-cluster#dex-group-filtering" >}}). + +{{< /tab >}} +{{< tab title="Okta">}} + +```yaml +isWorkloadCluster: true +oidc: + expiry: + signingKeys: 6h + idTokens: 30m + customer: + enabled: true + connectors: + - id: customer + connectorName: test + connectorType: oidc + connectorConfig: | + clientID: CLIENT_ID + clientSecret: CLIENT_SECRET + insecureEnableGroups: true + getUserInfo: true + scopes: + - email + - groups + - profile + issuer: https://OKTA_OIDC_ENDPOINT + redirectURI: https://dex.CLUSTER_NAME.BASE_DOMAIN/callback +``` + +The values for `CLIENT_ID` and `CLIENT_SECRET` must be created in the `Okta` configuration. `OKTA_OIDC_ENDPOINT` must be replaced with the fully qualified host name of your `Okta` instance. + +{{< /tab >}} +{{< /tabs >}} + +__Warning__: With `oidc` connector you might need to add `getUserInfo` in the connector configuration to force a second call to the identity provider in order to get groups. This is required for example by `Okta`. More info on this can be found in [dexidp/dex#1065](https://github.com/dexidp/dex/issues/1065). + +__Note__: In the above snippet you have to replace the `CLUSTER_NAME` variable and select a connector. Here you see examples for `Keycloak`, `Active Directory`, and `GitHub`. +You can use more than one connector, but they need to have a different `id` value. Our advice is to use `- id: customer` for your primary connector. + +After you have applied the `Secret` manifest to the platform API you have to submit the `App` custom resource that defines the intent to install the `Dex` app in the given cluster. You can directly apply it to the platform API. + +```yaml +apiVersion: application.giantswarm.io/v1alpha1 +kind: App +metadata: + labels: + app.kubernetes.io/name: dex-app + name: dex-app + namespace: CLUSTER_NAMESPACE_NAME +spec: + catalog: giantswarm + kubeConfig: + context: + name: CLUSTER_NAME + secret: + name: CLUSTER_NAME-kubeconfig + namespace: CLUSTER_NAMESPACE_NAME + name: dex-app + namespace: dex + userConfig: + secret: + name: dex-app-user-values + namespace: CLUSTER_NAMESPACE_NAME + version: 1.22.2 +``` + +__Note__: When applying the example in the snippet above, please replace the `CLUSTER_NAME` placeholder with the name of the workload cluster which you are configuring and the `CLUSTER_NAMESPACE_NAME` placeholder with the name of the namespace which contains the cluster. + +Then submit the resource to the management API and the app operator will manage it to make the actual installation and configuration. You can log in now into the cluster API with your identity provider using the login endpoint that `Dex` creates for you. By default, it will be `https://login.CLUSTER_NAME.BASE_DOMAIN`. + +__Warning__: It's assumed that you have an [ingress controller and cert-manager]({{< relref "/getting-started/install-an-application" >}}) running in your cluster in order to make Dex available for the callback request made by your identity provider securely. Both of these apps are offered in our managed app catalog. If you supply custom certificates when deploying `Dex`, then you can skip cert-manager installation. + +### Using Dex group filtering {#dex-group-filtering} + +Group or team filtering is a valuable mechanism that instructs Dex to selectively include only a specific set of groups in the ID tokens' group claims. + +Our recommendation is to use group filtering as the default setting for two compelling reasons: + +- Users who aren't part of any pre-configured groups will be unable to acquire an ID token, ensuring tighter security. +- Extensive group memberships can result in larger ID tokens, causing issues such as oversized `HTTP` headers. + +The disadvantage of using group filtering is that each time you want to use a new group, you will have to update the `Dex` connector configuration. + +### Deploying Dex with custom certificates + +`Dex` gets certificates from the cert-manager by default. In case the cert-manager is configured to use a custom certification authority, which isn't publicly trusted, `Dex` needs to be configured to trust it. +The custom certification authority needs to be stored in a `Secret` and referenced in the `trustedRootCA` section of the `Secret` or `ConfigMap` with configuration values for the Dex app. + +```yaml +trustedRootCA: + secretName: ... # Name of the secret, which contains the custom CA + name: ... # Name of the property inside the secret +``` + +It's also possible to disable retrieving certificates from the cert-manager and supply custom certificates to `Dex` directly. They can be configured in the `ingress` section of the `Secret` or `ConfigMap` with the configuration values for the `Dex` app: + +```yaml +ingress: + tls: + letsencrypt: false + caPemB64: ... + crtPemB64: ... + keyPemB64: ... +``` + +### Running Dex in a private workload cluster + +When deploying `Dex` to a private workload cluster, it's required to specify a proxy configuration in order to ensure that `Dex` has access to the outside network. Proxy setup can be provided in the `cluster.proxy` section of the `Secret` or `ConfigMap` with configuration values for the `Dex` app. + +It's required to specify the address of the `HTTPS` proxy in the `https` property and exclude Kubernetes API from running through the proxy by adding its IP address or network to the `noProxy` property. + +```yaml +cluster: + proxy: + http: ... # HTTP proxy URL + https: ... # HTTPS proxy URL + noProxy: ... # Hostnames or networks/IP ranges excluded from going through the proxy + +``` + +## Dex observability + +To get an overview on the authentication success and error rates of your `Dex` instances, our product offers a Grafana dashboard named "Dex" as part of our [observability setup]({{< relref "/tutorials/observability/data-exploration/accessing-grafana" >}}). + +## Logging into your workload cluster via `kubectl gs` with `Athena` + +Once `Dex` is set up in your workload cluster, you can enable access via OIDC through our `kubectl` plugin [kubectl gs]({{< relref "/reference/kubectl-gs" >}}). + +In order to communicate with the API, `kubectl gs` needs the cluster's `CA` certificate as well as some cluster-specific information, such as the management cluster name and the dex issuer address. + +On all Giant Swarm management clusters, there is a public service called `Athena` to expose the `CA` certificate and some information on the installation to the client. + +For easy integration with `kubectl gs` you can install [Athena](https://github.com/giantswarm/athena) on your workload cluster via the [app platform]({{< relref "/getting-started/install-an-application" >}}). + +Other than the app itself, you will need to provide a `values.yaml` configuration. + +The management cluster name is needed as minimal configuration for `Athena`. + +```yaml +managementCluster: + name: test +``` + +It's also possible to override the api and issuer addresses,`CA` as well as the cluster name and provider in case it's needed: + +```yaml +managementCluster: + name: test +clusterID: example +provider: + kind: aws +kubernetes: + caPem: | + -----BEGIN CERTIFICATE----- + M...= + -----END CERTIFICATE----- + api: + address: https://api.test.example.io:6443 +oidc: + issuerAddress: https://dex.test.example.io +``` + +__Note__: For workload cluster using [Cluster API `AWS`](https://github.com/giantswarm/cluster-aws) (CAPA) provider, use `443` instead of `6443` for the API address port. + +__Warning__: For workload cluster using [Cluster API `EKS`](https://github.com/giantswarm/cluster-eks) provider, you'll need to configure Athena to use an AWS-managed EKS API server endpoint. This API server endpoint is uniquely allocated to your EKS cluster and can be easily accessed through the AWS EKS console by navigating to the `Overview` tab and under the `Details` section from the EKS cluster information page. For example: + +```yaml +kubernetes: + api: + address: https://6EAE2F2E28XUD92EXZF54DFEF7C37081D.gr7.eu-central-1.eks.amazonaws.com +``` + +Access to `Athena` can be restricted to certain `CIDRs`. + +```yaml +security: + subnet: + customer: + public: x.x.x.x/x,x.x.x.x/x + private: x.x.x.x/x + restrictAccess: + gsAPI: true +``` + +Athena also supports custom certificates, same as the `Dex` app. +The certificates need to be provided in the `ingress` section of the configuration: + +```yaml +ingress: + tls: + letsencrypt: false + caPemB64: ... + crtPemB64: ... + keyPemB64: ... +``` + +If both `Dex` and `Athena` are configured correctly and you have installed `kubectl gs` on your machine, you can create a kubectl context using the platform API address. + +```sh +kubectl gs login https://api.test.example.io +``` + +## Assign Users or Groups to Roles + +The following YAML examples showcase how to assign roles to users or groups in the cluster, granting them specific access permissions. Refer to the [Kubernetes RBAC documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) for a deeper understanding of RBAC concepts. + +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dex-user-to-cluster-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: User + name: you@example.io + apiGroup: rbac.authorization.k8s.io +``` + +__Warning__: This example assigns the `cluster-admin` role to the user `you@example.io`. The `cluster-admin` is a powerful role granting extensive access to the cluster and should only be used with caution and for specific purposes. + +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dex-group-to-cluster-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: Group + name: customer:example-admin + apiGroup: rbac.authorization.k8s.io +``` + +This example assigns the `cluster-admin` role to members of the group `customer:example-admin`. + +__Want to simplify initial access setup?__ Use our [RBAC bootstrap app](https://github.com/giantswarm/rbac-bootstrap-app). This app helps you easily configure the users and groups that will initially have access to the cluster. + +Learn how to [use `ServiceAccount` to authenticate against platform API]({{< relref "/tutorials/access-management/authentication/automation" >}}). diff --git a/src/content/tutorials/connectivity/ingress/configuration/index.md b/src/content/tutorials/connectivity/ingress/configuration/index.md index 77a9a34d85..825a7766c1 100644 --- a/src/content/tutorials/connectivity/ingress/configuration/index.md +++ b/src/content/tutorials/connectivity/ingress/configuration/index.md @@ -340,7 +340,7 @@ Ingress nginx controller allows you to define the timeout that waits to close a Many other timeouts can be customized when configuring an ingress. Take a look at the [official docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#custom-timeouts). -__Warning__: When running in cloud provider environments, you may often rely on integrated services like AWS NLBs or Azure LBs. Those intermediate Load Balancers could have their own settings which can be in the request path conflicting with values defined in ingress Resources. [Read how to configure ingress nginx controller in cloud environments to avoid unexpected results]({{< relref "/vintage/advanced/connectivity/ingress/service-type-loadbalancer/index.md" >}}#other-aws-elb-configuration-options). +__Warning__: When running in cloud provider environments, you may often rely on integrated services like AWS NLBs or Azure LBs. Those intermediate Load Balancers could have their own settings which can be in the request path conflicting with values defined in ingress Resources. [Read how to configure ingress nginx controller in cloud environments to avoid unexpected results]({{< relref "/vintage/advanced/connectivity/ingress/service-type-loadbalancer#other-aws-elb-configuration-options" >}}). ### Session affinity diff --git a/src/content/tutorials/continuous-deployment/apps/add_app_template.md b/src/content/tutorials/continuous-deployment/apps/add_app_template.md index 2296b96e93..650f66556e 100644 --- a/src/content/tutorials/continuous-deployment/apps/add_app_template.md +++ b/src/content/tutorials/continuous-deployment/apps/add_app_template.md @@ -45,7 +45,7 @@ cd bases/apps/ mkdir ${APP_NAME} ``` -Now, navigate to the newly created directory and use [the kubectl-gs plugin](https://github.com/giantswarm/kubectl-gs) to generate the [`App` resource](https://docs.giantswarm.io/ui-api/kubectl-gs/template-app/): +Now, navigate to the newly created directory and use [the kubectl-gs plugin](https://github.com/giantswarm/kubectl-gs) to generate the [`App` resource]({{< relref "/reference/kubectl-gs/template-app" >}}): ```sh cd ${APP_NAME}/ diff --git a/src/content/tutorials/continuous-deployment/apps/add_appcr.md b/src/content/tutorials/continuous-deployment/apps/add_appcr.md index 297af42ef2..5c35e45ad9 100644 --- a/src/content/tutorials/continuous-deployment/apps/add_appcr.md +++ b/src/content/tutorials/continuous-deployment/apps/add_appcr.md @@ -62,7 +62,7 @@ export APP_CATALOG=APP_CATALOG export APP_NAMESPACE=APP_NAMESPACE ``` -Go to the newly created directory and use [the kubectl-gs plugin](https://github.com/giantswarm/kubectl-gs) to generate the [`App` resource](https://docs.giantswarm.io/ui-api/kubectl-gs/template-app/): +Go to the newly created directory and use [the kubectl-gs plugin](https://github.com/giantswarm/kubectl-gs) to generate the [`App` resource]({{< relref "/reference/kubectl-gs/template-app/" >}}): ```sh cd ${APP_NAME}/ @@ -84,7 +84,7 @@ Additionally you can provide a default configuration adding these flags to the p __Note__: Including `${cluster_name}` in the app name avoids collision between clusters running same apps within the same organization. -Reference [the app configuration](https://docs.giantswarm.io/app-platform/app-configuration/) for more details on how to create respective `ConfigMaps` or secrets. +Reference [the app configuration]({{< relref "/tutorials/fleet-management/app-platform/app-configuration" >}}) for more details on how to create respective `ConfigMaps` or secrets. As optional step, you can place the `ConfigMap` and `Secret` with values as the `configmap.yaml` and `secret.enc.yaml` files respectively: diff --git a/src/content/tutorials/continuous-deployment/bases/index.md b/src/content/tutorials/continuous-deployment/bases/index.md index 929a3b1b73..dc48324f1a 100644 --- a/src/content/tutorials/continuous-deployment/bases/index.md +++ b/src/content/tutorials/continuous-deployment/bases/index.md @@ -14,7 +14,7 @@ owner: last_review_date: 2024-11-11 --- -In Giant Swarm the interface to define a workload cluster is built on top of `Helm` and [the app platform](https://docs.giantswarm.io/overview/fleet-management/app-management/). The application custom resource contains the specification and configuration of the cluster in this format: +In Giant Swarm the interface to define a workload cluster is built on top of `Helm` and [the app platform]({{< relref "/overview/fleet-management/app-management/" >}}). The application custom resource contains the specification and configuration of the cluster in this format: ```yaml apiVersion: application.giantswarm.io/v1alpha1 diff --git a/src/content/tutorials/continuous-deployment/manage-workload-clusters/index.md b/src/content/tutorials/continuous-deployment/manage-workload-clusters/index.md index 56ea32f595..456f48186c 100644 --- a/src/content/tutorials/continuous-deployment/manage-workload-clusters/index.md +++ b/src/content/tutorials/continuous-deployment/manage-workload-clusters/index.md @@ -134,7 +134,7 @@ flux-demo True Fetched revision: main/74f8d19cc2ac9bee6f45660236344a054 ### Setting up secrets {#setting-up-secrets} -The next step, you configure the keys used by `Flux` in the management cluster to decipher secrets kept in the repository. Our recommendation is to keep secrets encrypted in the repository together with your applications but if your company policy doesn't allow it you can use [`external secret operator`](https://docs.giantswarm.io/vintage/advanced/security/external-secrets-operator/) to use different sources. +The next step, you configure the keys used by `Flux` in the management cluster to decipher secrets kept in the repository. Our recommendation is to keep secrets encrypted in the repository together with your applications but if your company policy doesn't allow it you can use [`external secret operator`]({{< relref "/vintage/advanced/security/external-secrets-operator/" >}}) to use different sources. Giant Swarm uses `sops` with `pgp` for key management, creating master keys for all the `kustomizations` in the management cluster. In `kubectl-gs` you can generate a master and public key for the management cluster. diff --git a/src/content/tutorials/continuous-deployment/tools/index.md b/src/content/tutorials/continuous-deployment/tools/index.md index 0006f40006..e93a416f19 100644 --- a/src/content/tutorials/continuous-deployment/tools/index.md +++ b/src/content/tutorials/continuous-deployment/tools/index.md @@ -3,8 +3,6 @@ linkTitle: Tooling title: Tooling to support the GitOps journey description: A description of the tools availble and how to use them to augment the GitOps journey. weight: 80 -aliases: - - /advanced/gitops/tools menu: principal: parent: tutorials-continuous-deployment diff --git a/src/content/tutorials/fleet-management/app-platform/_index.md b/src/content/tutorials/fleet-management/app-platform/_index.md index 17700b1daf..c40c8925e8 100644 --- a/src/content/tutorials/fleet-management/app-platform/_index.md +++ b/src/content/tutorials/fleet-management/app-platform/_index.md @@ -1,11 +1,10 @@ --- -linkTitle: App platform -title: Guides for using the App platform +linkTitle: App management +title: App management description: The app platform allows to manage app catalogs and apps, for simple and standardized deployment in all your workload clusters. -weight: 30 menu: principal: - parent: tutorials + parent: tutorials-fleet-management identifier: tutorials-fleet-management-app-platform owner: - https://github.com/orgs/giantswarm/teams/team-honeybadger diff --git a/src/content/tutorials/fleet-management/app-platform/app-bundle/index.md b/src/content/tutorials/fleet-management/app-platform/app-bundle/index.md index 9910349381..0a6bde27f6 100644 --- a/src/content/tutorials/fleet-management/app-platform/app-bundle/index.md +++ b/src/content/tutorials/fleet-management/app-platform/app-bundle/index.md @@ -7,10 +7,6 @@ menu: parent: tutorials-fleet-management-app-platform identifier: tutorials-fleet-management-app-platform-app-bundle weight: 50 -aliases: - - /getting-started/app-platform/app-bundle - - /developer-platform/app-platform/app-configuration - - /app-platform/app-configuration owner: - https://github.com/orgs/giantswarm/teams/team-honeybadger user_questions: @@ -23,7 +19,7 @@ last_review_date: 2024-10-28 ## App bundle definition {#app-bundle-definition} -As stated in the [app platform overview]({{< relref "/overview/fleet-management/app-management" >}}) all managed apps are packaged, maintained and offered as `helm` charts and it's no different for the app bundles. What makes them special in comparison to solitary apps is that the bundle `helm` chart, instead of carrying a regular resources composing the actual application, carries [`App` custom resources]({{< relref "/vintage/use-the-api/management-api/crd/apps.application.giantswarm.io.md" >}}) which, once delivered and consumed by the app platform, install the expected applications and their resources. +As stated in the [app platform overview]({{< relref "/overview/fleet-management/app-management" >}}) all managed apps are packaged, maintained and offered as `helm` charts and it's no different for the app bundles. What makes them special in comparison to solitary apps is that the bundle `helm` chart, instead of carrying a regular resources composing the actual application, carries [`App` custom resources]({{< relref "/reference/platform-api/crd/apps.application.giantswarm.io.md" >}}) which, once delivered and consumed by the app platform, install the expected applications and their resources. In other words, an app bundle can be thought of a meta package, not installing anything in the workload cluster on its own, but requesting installation of certain pre-defined applications. @@ -48,7 +44,7 @@ The figure below depicts the process. Note however, some parts present in the [A ![App bundle installation process](app-bundle-installation.png) -When `App` custom resource for the bundle is created within the management cluster, it's first picked up by the management cluster's app operator which is called, by convention, `unique`. It lives under the protected `giantswarm` namespace, but in principle operates the same way the workload clusters app operators do. Essentially, it reconciles the `App` custom resource by creating a corresponding [`Chart` custom resource]({{< relref "/vintage/use-the-api/management-api/crd/charts.application.giantswarm.io.md" >}}) in the `giantswarm` namespace, which is then picked up by the management cluster's chart operator also living in that namespace. The chart operator then installs the app resources, which in this case are nested `App` custom resources to be created in the workload cluster namespace. Once delivered, the nested `App` custom resources are picked up by the workload cluster's app operator and installed in the well known way. +When `App` custom resource for the bundle is created within the management cluster, it's first picked up by the management cluster's app operator which is called, by convention, `unique`. It lives under the protected `giantswarm` namespace, but in principle operates the same way the workload clusters app operators do. Essentially, it reconciles the `App` custom resource by creating a corresponding [`Chart` custom resource]({{< relref "/reference/platform-api/crd/charts.application.giantswarm.io.md" >}}) in the `giantswarm` namespace, which is then picked up by the management cluster's chart operator also living in that namespace. The chart operator then installs the app resources, which in this case are nested `App` custom resources to be created in the workload cluster namespace. Once delivered, the nested `App` custom resources are picked up by the workload cluster's app operator and installed in the well known way.
-

{{ .LinkTitle }}

+

{{ .Title }}

{{ if or .Description .Content }} {{- with .Description -}} @@ -29,7 +29,7 @@

{{ .LinkTitle }}

    {{ range .Pages.ByWeight }}
  • - {{ .LinkTitle }} + {{ .Title }}
    {{ .Description }}
    • {{ end }} diff --git a/src/layouts/index.html b/src/layouts/index.html index 6f156896db..fcc80b9613 100644 --- a/src/layouts/index.html +++ b/src/layouts/index.html @@ -30,15 +30,15 @@

    Giant Swarm Documentation

    -

    Platform Overview

    +

    Platform Overview

    This is where you find some introductory and high-level description of what to expect with Giant Swarm.

    -

    Getting started

    +

    Getting started

    Guides that help you get going with your new Giant Swarm installation quickly.

    -

    Advanced setup

    +

    Tutorials

    More advanced guides for optimization and solutions to specific problems.

    @@ -49,8 +49,8 @@

    Reference

    API documentation and CLI command reference.

-

Support & Training

-

Learn about all the features of the Giant Swarm Developer Platform.

+

Support & Training

+

How our support model works and how to get in touch with us.

Changes and releases

diff --git a/src/layouts/partials/footer.html b/src/layouts/partials/footer.html index 71648c2b4b..d4e1287ad4 100644 --- a/src/layouts/partials/footer.html +++ b/src/layouts/partials/footer.html @@ -4,7 +4,9 @@
-

This part of our documentation may not be accurate as we are migrating away from our vintage product. Currently we are working actively to provide up-to-date documentation on the latest generation of our product, using the Kubernetes Cluster API.

+

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs. + +

diff --git a/src/layouts/shortcodes/gsctl_deprecation_disclaimer.html b/src/layouts/shortcodes/gsctl_deprecation_disclaimer.html index c3e9296da3..0f0a8c23d3 100644 --- a/src/layouts/shortcodes/gsctl_deprecation_disclaimer.html +++ b/src/layouts/shortcodes/gsctl_deprecation_disclaimer.html @@ -1 +1 @@ -

gsctl and the REST API are being phased out. We recommend to familiarize yourself with our Management API and the kubectl gs plugin as a future-proof replacement. We provide a migration page to help you with the transition.

\ No newline at end of file +

gsctl and the REST API are deprecated and no longer usable with up-to-date Giant Swarm management clusters. This documentation is kept available for reference.

\ No newline at end of file