filename | sha512 hash |
---|---|
kubernetes.tar.gz | d1f4e9badc6a4422b9a261a5375769d63f0cac7fff2aff4122a325417b77d5e5317ba76a180cda2baa9fb1079c33e396fc16f82b31eeebea61004b0aabdf8c32 |
kubernetes-src.tar.gz | 2ab20b777311746bf9af0947a2bea8ae36e27da7d917149518d7c2d2612f513bbf88d1f2c7efff6dc169aa43c2dd3be73985ef619172d50d99faa56492b35ce4 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 55523fd5cfce0c5b79e981c6a4d5572790cfe4488ed23588be45ee13367e374cf703f611769751583986557b2607f271704d9f27e03f558e35e7c75796476b10 |
kubernetes-client-darwin-amd64.tar.gz | 13e696782713da96f5fb2c3fa54d99ca40bc71262cb2cbc8e77a6d19ffd33b0767d3f27e693aa84103aca465f9b00ed109996d3579b4bd28566b8998212a0872 |
kubernetes-client-linux-386.tar.gz | 7f4818599b84712edd2bf1d94f02f9a53c1f827b428a888356e793ff62e897276afcbc97f03bc0317e7d729740410037c57e6443f65c691eb959b676833511fa |
kubernetes-client-linux-amd64.tar.gz | 8a2656289d7d86cbded42831f6bc660b579609622c16428cf6cc782ac8b52df4c8511c5aad65aa520f398a65e35dee6ea5b5ad8e5fd14c5a8690a7248dc4c109 |
kubernetes-client-linux-arm.tar.gz | 418606bc109b9acb2687ed297fa2eec272e8cb4ad3ce1173acd15a4b43cec0ecfd95e944faeecf862b349114081dd99dfac8615dc95cffc1cd4983c5b38e9c4e |
kubernetes-client-linux-arm64.tar.gz | 2eb943b745c270cd161e01a12195cfb38565de892a1da89e851495fb6f9d6664055e384e30d3551c25f120964e816e44df5415aff7c12a8639c30a42271abef7 |
kubernetes-client-linux-ppc64le.tar.gz | 262e7d61e167e7accd43c47e9ce28323ae4614939a5af09ecc1023299cd2580220646e7c90d31fee0a17302f5d9df1e7da1e6774cc7e087248666b33399e8821 |
kubernetes-client-linux-s390x.tar.gz | 8f0cfe669a211423dd697fdab722011ea9641ce3db64debafa539d4a424dd26065c8de5da7502a4d40235ff39158f3935bd337b807a63771391dffb282563ccf |
kubernetes-client-windows-386.tar.gz | b1deab89653f4cd3ad8ad68b8ec3e1c038d1ef35bd2e4475d71d4781acf0b2002443f9c2b7d2cf06cbb9c568bea3881c06d723b0529cc8210f99450dc2dc5e43 |
kubernetes-client-windows-amd64.tar.gz | 0e3b5150767efd0ed5d60b2327d2b7f6f2bda1a3532fca8e84a7ca161f6e069fae15af37d3fe8a641d34c9a65fc61f1c44dd3265ef6cacfd2df55c9c004bc6bd |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 32688295df1fcdb9472ed040dc5e8b19d04d62789d2eca64cfe08080d08ffee1eaa4853ce40bd336aabd2f764dd65b36237d4f9f1c697e2d6572861c0c8eff01 |
kubernetes-server-linux-arm.tar.gz | c8ea6d66e966889a54194f9dce2021131e9bae34040c56d8839341c47fc4074d6322cc8aadce28e7cdcee88ec79d37a73d52276deb1cc1eee231e4d3083d54e5 |
kubernetes-server-linux-arm64.tar.gz | 12b42cfa33ff824392b81a604b7edcab95ecc67cddfc24c47ef67adb356a333998bc7b913b00daf7a213692d8d441153904474947b46c7f76ef03d4b2a63eab0 |
kubernetes-server-linux-ppc64le.tar.gz | e03f0eba181c03ddb7535e56ff330dafebb7dcb40889fd04f5609617ebb717f9f833e89810bff36d5299f72ae75d356fffb80f7b3bab2232c7597abcc003b8ba |
kubernetes-server-linux-s390x.tar.gz | 4e7bd061317a3445ad4b6b308f26218777677a1fef5fda181ee1a19e532a758f6bd3746a3fe1917a057ed71c94892aeaf00dd4eb008f61418ec3c80169a1f057 |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | dc5606c17f0191afc6f28dce5ab566fd8f21a69fa3989a1c8f0976d7b8ccd32e26bb21e9fec9f4529c5a6c8301747d278484688a0592da291866f8fa4893dcbb |
kubernetes-node-linux-arm.tar.gz | 3d5d9893e06fd7be51dca11182ecb9e93108e86af40298fe66bb62e5e86f0bf4713667ba63d00b02cfddaf20878dd78cc738e76bf1ca715bbbe79347ca518ec4 |
kubernetes-node-linux-arm64.tar.gz | fd18a02f32aeafc5cce8f3f2eadd0e532857bd5264b7299b4e48f458f77ebaa53be94b1d1fe2062168f9d88c8a97e6c2d904fc3401a2d9e69dd4e8c87d01d915 |
kubernetes-node-linux-ppc64le.tar.gz | 703afd80140db2fae897d83b3d2bc8889ff6c6249bb79be7a1cce6f0c9326148d22585a5249c2e976c69a2518e3f887eef4c9dc4a970ebb854a78e72c1385ccb |
kubernetes-node-linux-s390x.tar.gz | 445d4ef4f9d63eabe3b7c16114906bc450cfde3e7bf7c8aedd084c79a5e399bd24a7a9c2283b58d382fb11885bb2b412773a36fffb6fc2fac15d696439a0b800 |
kubernetes-node-windows-amd64.tar.gz | 88b04171c3c0134044b7555fbc9b88071f5a73dbf2dac21f8a27b394b0870dff349a56b0ee4d8e1d9cfbeb98645e485f40b8d8863f3f3e833cba0ca6b1383ccf |
- Fix a bug in apiserver that could cause a valid update request to be rejected with a precondition check failure. (#82303, @roycaihw)
- Webhook client credentials configured with
--admission-control-config-file
must include non-default ports in the configured hostnames. For example, a webhook configured to speak to port 8443 on servicemysvc
in namespacemyns
would specify client credentials in a stanza withname: mysvc.myns.svc:8443
. See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#authenticate-apiservers for more details. (#82252, @liggitt) - Ensure the KUBE-MARK-DROP chain in kube-proxy mode=ipvs. The chain is ensured for both ipv4 and ipv6 in dual-stack operation. (#82214, @uablrek)
kubectl cp
no longer supports copying symbolic links from containers; to support this use case, seekubectl exec --help
for examples usingtar
directly (#82143, @soltysh)- kubeadm: fix for HTTPProxy check for IPv6 addresses (kubernetes/kubeadm#1769) (#82267, @kad)
- Add PodOverhead awareness to kubectl (#81929, @egernst)
- The nbf (not before) claim, if present in ID token, is now enforced. (#81413, @anderseknert)
- Server-side apply will now use the openapi provided in the CRD validation field to help figure out how to correctly merge objects and update ownership. (#77354, @jennybuckley)
- Adds Endpoint Slice support for kubectl when discovery API group is enabled. (#81795, @robscott)
- Node-Problem-Detector v0.7.1 is used for addon daemonset. (#82140, @wangzhen127)
- aggregated discovery requests can now timeout. Aggregated apiserver must complete discovery calls within five seconds. Other requests can take longer. (#82146, @deads2k)
- Use feature gate
EnableAggregatedDiscoveryTimeout=false
if you must remove this check, but that feature gate will be removed next release.
- Use feature gate
- Graduating Windows GMSA support from alpha to beta (#82110, @wk8)
- Add UnschedulableAndUnresolvable status code for Scheduler Framework (#82034, @alculquicondor)
- Kubeadm now includes CoreDNS version 1.6.2 (#82127, @rajansandeep)
-
- The CoreDNS Deployment now checks readiness via the `ready` plugin.
-
- The `proxy` plugin has been deprecated. The `forward` plugin is to be used instead.
-
- `kubernetes` plugin removes the `resyncperiod` option.
-
- The `upstream` option is deprecated and ignored if included.
-
- Make kubectl get --ignore-not-found continue processing when encountering error. (#82120, @soltysh)
- Dual stack services (Phase II of IPv6DualStack feature) are enabled via the IPVS proxier. iptables proxier does not support dualstack yet. Dualstack iptables proxier is WIP and should catchup soon. (#82091, @khenidak)
- to enable, kube-proxy must be have the following flags:
- --proxy-mode=ipvs
- --cluster-cidrs=,
- The apiserver now uses http/1.1 to communicate with admission webhooks, opening multiple connections to satisfy concurrent requests, and allowing spreading requests across multiple backing pods. (#82090, @liggitt)
- Added support to specify a global-access annotation for gce ILB. (#81549, @prameshj)
- Added new startupProbe, related to KEP kubernetes/enhancements#950. (#77807, @matthyx)
- Adds \livez for liveness health checking for kube-apiserver. Using the parameter
--maximum-startup-sequence-duration
will allow the liveness endpoint to defer boot-sequence failures for the specified duration period. (#81969, @logicalhan) - Server-side apply is now Beta. (#81956, @apelisse)
- The
rejected
label inapiserver_admission_webhook_admission_duration_seconds
metrices now properly indicates if a request was rejected. Add a new counter metricsapiserver_admission_webhook_rejection_count
with details about the causing for a webhook rejection. (#81399, @roycaihw) - Add
container_state
label torunning_container_count
kubelet metrics, to get count of containers based on their state(running/exited/created/unknown) (#81573, @irajdeep) - Fix a bug in CRD openapi controller that user-defined CRD can overwrite OpenAPI definition/path for the CRD API. (#81436, @roycaihw)
- Service account tokens now include the JWT Key ID field in their header. (#78502, @ahmedtd)
- Adds EndpointSlice integration to kube-proxy, can be enabled with EndpointSlice feature gate. (#81430, @robscott)
- Azure supports IPv6 only on ELB not ILB. The cloud provider will return an error if the service is internal and is IPv6. (#80485, @khenidak)
- Notes on LB name:
- to ensure backword and forward compat:
-
- SingleStack -v4 (pre v1.16) => BackendPool name == clusterName
-
- SingleStack -v6 => BackendPool name == clusterName (all cluster bootstrap uses this name)
- DualStack:
- => IPv4 BackendPool name == clusterName
- => IPv6 BackendPool name == -IPv6
- This result into:
-
- clusters moving from IPv4 to duakstack will require no changes
-
- clusters moving from IPv6 (while not seen in the wild, we can not rule out thier existance) to dualstack will require deleting backend pools (the reconciler will take care of creating correct backendpools)
- Promotes VolumePVCDataSource (Cloning) feature to beta for 1.16 release (#81792, @j-griffith)
- Remove kubectl log, use kubectl logs instead (#78098, @soltysh)
- CSI ephemeral inline volume support is beta, i.e. the CSIInlineVolume feature gate is enabled by default (#82004, @pohly)
- kubectl: the --all-namespaces flag is now honored by
kubectl wait
(#81468, @ashutoshgngwr) - Kube-proxy metrics are now marked as with the ALPHA stability level. (#81626, @logicalhan)
- Kube-controller-manager and cloud-controller-manager metrics are now marked as with the ALPHA stability level. (#81624, @logicalhan)
- Adds Endpoint Slice Controller for managing new EndpointSlice resource, disabled by default. (#81048, @robscott)
-
- to run: (#79386, @khenidak)
- Master: convert service CIDR to list
--service-cluster-ip-range=<CIDR>,<CIDR>
and make sureIPv6DualStack
feature flag is turned on. The flag is validated and used as the following: -
--service-cluster-ip-range[0]
is consider primary service range, and will be used for any service withService.Spec.IPFamily = nil
or any service in the at the time of turning on the feature flag.
-
- A cluster can be dualstack (i.e. Pods and nodes carry dualstack IPs) but does not need to support ingress on dualstack. In this case the cluster can perform egress using
PodIPs
(according to family and binding selection in user code) but will ingress will only be performed against the pod primary IP. This can be configured by supplying single entry to--service-cluster-ip-range
flag.
- A cluster can be dualstack (i.e. Pods and nodes carry dualstack IPs) but does not need to support ingress on dualstack. In this case the cluster can perform egress using
-
- Maximum of two entries is allowed in
--service-cluster-ip-range
and they are validated to be dual stackedi.e. --service-cluster-ip-range=<v4>,<v6> or --service-cluster-ip-range=<v6>,<v4>
- Maximum of two entries is allowed in
-
- Max 20 bit for range (min network bits
<v6>/108
or /12)
- Max 20 bit for range (min network bits
- kube-controller-manager: convert service CIDR to list
--service-cluster-ip-range=<CIDR>,<CIDR>
and make sureIPv6DualStack
feature flag is turned on. The flag is validated as above. -
- to use:
- A new service spec field
Service.Spec.IPFamily
has been added. The default of this field is family of (first service cidr in --service-cluster-ip-range flag). The value is defaulted as described above once the feature gate is turned on. Here are the possible values for this field: -
- IPv4: api-server will assign an IP from a
service-cluster-ip-range
that isipv4
(either the primary or the secondary, according to how they were configured).
- IPv4: api-server will assign an IP from a
-
- IPv6: api-server will assign an IP from a
service-cluster-ip-range
that isipv6
(either the primary or the secondary, according to how they were configured).
- IPv6: api-server will assign an IP from a
- Notes (v1.16):
-
- IPVS is the only proxy supported (as of v1.16 ) by Dualstack.
-
- Dualstack is mutually exclusive with
EndpointSlice
feature. They can not be turned on together.metaproxy
is yet to implement EndpointSlice handling.
- Dualstack is mutually exclusive with
- Master: convert service CIDR to list
- to run: (#79386, @khenidak)
- Kubelet metrics for /metrics and /metrics/probes are now marked as with the ALPHA stability level. (#81534, @logicalhan)
- Added metrics 'authentication_attempts' that can be used to understand the attempts of authentication. (#81509, @RainbowMango)
- Fix in kube-proxy for SCTP nodeport service which only works for node's InternalIP, but doesn't work for other IPs present in the node when ipvs is enabled. (#81477, @paulsubrata55)
- The
CustomResourceValidation
,CustomResourceSubresources
,CustomResourceWebhookConversion
andCustomResourcePublishOpenAPI
features are now GA, and the associated feature gates deprecated and will be removed in v1.18. (#81965, @roycaihw) - Node-Problem-Detector v0.7.1 is used on GCI. (#80726, @wangzhen127)
- kubeadm: prevent overriding of certain kubelet security configuration parameters if the user wished to modify them (#81903, @jfbai)
- Introduce
node.kubernetes.io/exclude-balancer
andnode.kubernetes.io/exclude-disruption
labels in alpha to prevent cluster deployers from being dependent on the optionalnode-role
labels which not all clusters may provide. (#80238, @smarterclayton) - Scheduler metrics are now marked as with the ALPHA stability level. (#81576, @logicalhan)
- cache-control headers are now set appropriately. Only openapi is cacheable if etags match. (#81946, @deads2k)
- Added E2E tests validating WindowsOptions.RunAsUserName. (#79539, @bclau)
- Kube-apiserver metrics are now marked as with the ALPHA stability level. (#81531, @logicalhan)
- Move CSI volume expansion to beta. (#81467, @bertinatto)
- Support Kubelet plugin watcher on Windows nodes. (#81397, @ddebroy)
- Updates the requestedToCapacityRatioArguments to add resources parameter that allows the users to specify the resource name along with weights for each resource to score nodes based on the request to capacity ratio. (#77688, @sudeshsh)
- Finalizer Protection for Service LoadBalancers is now in Beta (enabled by default). This feature ensures the Service resource is not fully deleted until the correlating load balancer resources are deleted. (#81691, @MrHohn)
- Adds support for vSphere volumes on Windows (#80911, @gab-satchi)
- Log when kube-apiserver regenerates the OpenAPI spec and why. OpenAPI spec generation is a very CPU-heavy process that is sensitive to continuous updates of CRDs and APIServices. (#81786, @sttts)
- Added metrics aggregator_openapi_v2_regeneration_count, aggregator_openapi_v2_regeneration_gauge and apiextension_openapi_v2_regeneration_count metrics counting the triggering APIService and CRDs and the reason (add, update, delete).
- Fix an issue with toleration merging & whitelist checking in the PodTolerationRestriction admission controller. (#81732, @tallclair)
- Add a helper function to decode scheduler plugin args. (#80696, @hex108)
- Add metadata.generation=1 to old CustomResources. (#82005, @sttts)
- kubeadm no longer performs IPVS checks as part of its preflight checks (#81791, @yastij)
- The RemainingItemCount feature is now beta. (#81682, @caesarxuchao)
- remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is estimating the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.
- The CustomResourceDefaulting feature is promoted to beta and enabled by default. Defaults may be specified in structural schemas via the
apiextensions.k8s.io/v1
API. See https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#specifying-a-structural-schema for details. (#81872, @sttts) - kubectl could scale custom resource again (#81342, @knight42)
- a CSI driver that supports ephemeral inline volumes must explicitly declare that by providing a CSIDriver object where the new "mode" field is set to "ephemeral" or "persistent+ephemeral" (#80568, @pohly)
framework.ExpectNoError
no longer logs the error and instead relies on using the newlog.Fail
as Gomega fail handler. (#80253, @pohly)- Audit events now log the existence and patch of mutating webhooks. (#77824, @roycaihw) * At Metadata audit level or higher, an annotation with key "mutation.webhook.admission.k8s.io/round_{round idx}index{order idx}" gets logged with JSON payload indicating a webhook gets invoked for given request and whether it mutated the object or not. * At Request audit level or higher, an annotation with key "patch.webhook.admission.k8s.io/round_{round idx}index{order idx}" get logged with the JSON payload logging the patch sent by a webhook for given request.
- Resolves an issue that prevented block volumes from being resized. (#81429, @huffmanca)
- Verify that CRD default values in OpenAPI specs are pruned, with the exceptions of values under
metadata
. (#78829, @sttts) - Use PostFilter instead of Postfilter in the scheduling framework (#81800, @draveness)
- Use PreFilter instead of Prefilter in the scheduling framework
- Use PreBind instead of Prebind in the scheduling framework
- Fix
kubectl logs -f
for windows server containers. (#81747, @Random-Liu) - fix azure disk naming matching issue due to case sensitive comparison (#81720, @andyzhangx)
- Fixes a bug that when there is a "connection refused" error, the reflector's ListAndWatch func will return directly but what expected is that sleep 1 second and rewatch since the specified resourceVersion. (#81634, @likakuli)
- Fixed a bug with the openAPI definition for io.k8s.apimachinery.pkg.runtime.RawExtension, which previously required a field "raw" to be specified (#80773, @jennybuckley)
- kubeadm: print the stack trace of an error for klog level --v>=5 (#80937, @neolit123)
- Fixes a problem with the iptables proxy mode that could result in long delays (#80368, @danwinship)
- updating Service/Endpoints IPs in very large clusters on RHEL/CentOS 7.
- kubeadm: support any Linux kernel version newer than 3.10 (#81623, @neolit123)
- Added a metric 'apiserver_watch_events_sizes' that can be used to estimate sizes of watch events in the system. (#80477, @mborsz)
- NormalizeScore plugin set is removed from scheduler framework config API. Use ScorePlugin only. (#80930, @liu-cong)
- kubeadm reset: unmount directories under "/var/lib/kubelet" for linux only (#81494, @Klaven)
- updates fluentd-elasticsearch docker image to fluentd 1.6.3 (#80912, @monotek)
- Kubeadm now seamlessly migrates the CoreDNS Configuration when upgrading CoreDNS. (#78033, @rajansandeep)
- Introduce support for applying pod overhead to pod cgroups, if the PodOverhead feature is enabled. (#79247, @egernst)
- Windows nodes on GCE now run with Windows Defender enabled. (#81625, @pjh)
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 16513ebb52b01afee26156dcd4c449455dc328d7a080ba54b3f3a4584dbd9297025e33a9dafe758b259ae6e33ccb84a18038f6f415e98be298761c4d3dfee94b |
kubernetes-src.tar.gz | 3933f441ebca812835d6f893ec378896a8adb7ae88ca53247fa402aee1fda00d533301ac806f6bf106badf2f91be8c2524fd98e9757244b4b597c39124c59d01 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 28f0a8979f956aa5b3be1c1158a3ade1b242aac332696cb604fbdba44c4279caa1008840af01e50692bf48d0342018f882dd6e30f9fe3279e9784094cfc9ff3c |
kubernetes-client-darwin-amd64.tar.gz | 8804f60b690e5180125cf6ac6d739ad5432b364c5e0d0ee0d2f06220c86ca3a2cffc475e0e3c46c19466e5d1566a5b8bf0a33191cba5bbd3ff27ac64ceee57a0 |
kubernetes-client-linux-386.tar.gz | 8f7f86db5a496afd269b926b6baf341bbd4208f49b48fad1a44c5424812667b3bd7912b5b97bd7844dee2a7c6f9441628f7b5db3caa14429020de7788289191c |
kubernetes-client-linux-amd64.tar.gz | 7407dc1216cac39f15ca9f75be47c0463a151a3fda7d9843a67c0043c69858fb36eaa6b4194ce5cefd125acd7f521c4b958d446bb0c95ca73a3b3ae47af2c3ee |
kubernetes-client-linux-arm.tar.gz | 249a82a0af7d8062f49edd9221b3823590b6d166c1bca12c787ae640d6a131bd6a3d7c99136de62074afa6cabe8900dcf4e11037ddbfdf9d5252fc16e256eeb5 |
kubernetes-client-linux-arm64.tar.gz | 3a8416d99b6ae9bb6d568ff15d1783dc521fe58c60230f38126c64a7739bf03d8490a9a10042d1c4ef07290eaced6cb9d42a9728d4b937305d63f8d3cc7a66f8 |
kubernetes-client-linux-ppc64le.tar.gz | 105bf4afeccf0b314673265b969d1a7f3796ca3098afa788c43cd9ff3e14ee409392caa5766631cca180e790d92731a48f5e7156167637b97abc7c178dd390f3 |
kubernetes-client-linux-s390x.tar.gz | 98de73accb7deba9896e14a5012a112f6fd00d6e6868e4d21f61b06605efa8868f1965a1c1ba72bb8847416bc789bd7ef5c1a125811b6c6df060217cd84fdb2c |
kubernetes-client-windows-386.tar.gz | 7a43f3285b0ab617990497d41ceadfbd2be2b72d433b02508c198e9d380fb5e0a96863cc14d0e9bf0317df13810af1ab6b7c47cd4fa1d0619a00c9536dc60f0f |
kubernetes-client-windows-amd64.tar.gz | f3fafcffc949bd7f8657dd684c901e199b21c4812009aca1f8cf3c8bf3c3230cab072208d3702d7a248c0b957bc513306dd437fb6a54e1e64b4d7dc8c3c180cd |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 87b46e73ae2162ee49f510da6549e57503d3ea94b3c4488f39b0b93d45603f540ece30c3784c5e201711a7ddd1260481cd20ac4c618eaf46879e841d054a115a |
kubernetes-server-linux-arm.tar.gz | 80ba8e615497c0b9c339fbd2d6a4dda54fdbd5659abd7d8e8d448d8d8c24ba7f0ec48693e4bf8ed20513c46432f2a0f1039ab9044f0ed006b935a58772372d95 |
kubernetes-server-linux-arm64.tar.gz | b4a76a5fc026b4b3b5f9666df05e46896220591b21c147982ff3d91cec7330ed78cf1fc63f5ab759820aadbcfe400c1ad75d5151d9217d42e3da5873e0ff540d |
kubernetes-server-linux-ppc64le.tar.gz | fb435dfd5514e4cd3bc16b9e71865bff3cdd5123fc272c8cbc5956c260449e0dcfd30d2fdb120da73134e62f48507c5a02d4528d7b9d978765ff4ed740b274e8 |
kubernetes-server-linux-s390x.tar.gz | 65ed3d372a4d03493d0a586c7f67f1236aa99f02552195f1fb58079bc24787200d9a0f34d0c311a846345d0d70d02ad726f74376a91d3ced234bbfdce80c5133 |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | c9161689532a5e995a68bb0985a983dc43d8e747a05f37849cd33062c07e5202417b26bff652b8bc9c0005026618b7ebc56f918c71747a3addb5da044e683b4a |
kubernetes-node-linux-arm.tar.gz | 7dba9fdb290f33678983c046eb145446edb1b7479c2403f9e8bd835c3d832ab1f2acb28124c53af5b046d47ab433312d6a654f000a22f8e10795b0bc45bfbddb |
kubernetes-node-linux-arm64.tar.gz | 8c435824667cd9ec7efdfb72c1d060f62ca61b285cbb9575a6e6013e20ec5b379f77f51d43ae21c1778a3eb3ef69df8895213c54e4b9f39c67c929a276be12de |
kubernetes-node-linux-ppc64le.tar.gz | 2cfca30dbe49a38cd1f3c78135f60bf7cb3dae0a8ec5d7fa651e1c5949254876fbab8a724ed9a13f733a85b9960edcc4cc971dc3c16297db609209c4270f144f |
kubernetes-node-linux-s390x.tar.gz | 63bbe469ddd1be48624ef5627fef1e1557a691819c71a77d419d59d101e8e6ee391eb8545da35b412b94974c06d73329a13660484ab26087a178f34a827a3dcb |
kubernetes-node-windows-amd64.tar.gz | 07cb97d5a3b7d0180a9e22696f417422a0c043754c81ae68338aab7b520aa7c119ff53b9ad835f9a0bc9ea8c07483ce506af48d65641dd15d30209a696b064bb |
- scheduler.alpha.kubernetes.io/critical-pod annotation is removed. Pod priority (spec.priorityClassName) should be used instead to mark pods as critical. Action required! (#80342, @draveness)
- Removed cadvisor metric labels
pod_name
andcontainer_name
to match instrumentation guidelines. (#80376, @ehashman)- Action required: any Prometheus queries that match
pod_name
andcontainer_name
labels (e.g. cadvisor or kubelet probe metrics) must be updated to usepod
andcontainer
instead.
- Action required: any Prometheus queries that match
- Remove DirectCodecFactory(replace with serializer.WithoutConversionCodecFactory), DirectEncoder(replace with runtime.WithVersionEncoder) and DirectDecoder(replace with runtime.WithoutVersionDecoder). action required (#79263, @draveness)
- fix: detach azure disk issue using dangling error (#81266, @andyzhangx)
- Conversion webhooks can now indicate they support receiving and responding with
ConversionReview
API objects in theapiextensions.k8s.io/v1
version by includingv1
in theconversionReviewVersions
list in their CustomResourceDefinition. Conversion webhooks must respond with a ConversionReview object in the same apiVersion they receive.apiextensions.k8s.io/v1
ConversionReview
responses must specify aresponse.uid
that matches therequest.uid
of the object they were sent. (#81476, @liggitt) - The
CustomResourceDefinition
API type is promoted toapiextensions.k8s.io/v1
with the following changes: (#79604, @liggitt)- Use of the new
default
feature in validation schemas is limited to v1 spec.scope
is no longer defaulted toNamespaced
and must be explicitly specifiedspec.version
is removed; usespec.versions
insteadspec.validation
is removed; usespec.versions[*].schema
insteadspec.subresources
is removed; usespec.versions[*].subresources
insteadspec.additionalPrinterColumns
is removed; usespec.versions[*].additionalPrinterColumns
insteadspec.conversion.webhookClientConfig
is moved tospec.conversion.webhook.clientConfig
spec.conversion.conversionReviewVersions
is moved tospec.conversion.webhook.conversionReviewVersions
spec.versions[*].schema.openAPIV3Schema
is now required when creating v1 CustomResourceDefinitionsspec.preserveUnknownFields: true
is disallowed when creating v1 CustomResourceDefinitions; it must be specified within schema definitions asx-kubernetes-preserve-unknown-fields: true
- In
additionalPrinterColumns
items, theJSONPath
field was renamed tojsonPath
(fixes kubernetes#66531)
- Use of the new
- openapi now advertises correctly supported patch types for custom resources (#81515, @liggitt)
- Kubelet could be run with no Azure identity without subscriptionId configured now. (#81500, @feiskyer)
- A sample cloud provider configure is: '{"vmType": "vmss", "useInstanceMetadata": true}'.
- Volumes specified in a pod but not used in it are no longer unnecessarily formatted, mounted and reported in
node.status.volumesInUse
. (#81163, @jsafrane) - kubeadm: use etcd's /health endpoint for a HTTP liveness probe on localhost instead of having a custom health check using etcdctl (#81385, @neolit123)
- kubeamd: use the --pod-network-cidr flag to init or use the podSubnet field in the kubeadm config to pass a comma separated list of pod CIDRs. (#79033, @Arvinderpal)
- Update to use go 1.12.9 (#81489, @BenTheElder)
- Update Azure SDK + go-autorest API versions (#79574, @justaugustus)
- Extender bind should respect IsInterested (#79804, @yqwang-ms)
- Add instruction to setup "Application Default Credentials" to run GCE Windows e2e tests locally. (#81337, @YangLu1031)
- Scheduler should terminate when it looses leader lock. (#81306, @ravisantoshgudimetla)
- kubelet now exports an "kubelet_evictions" metric that counts the number of pod evictions carried out by the kubelet to reclaim resources (#81377, @sjenning)
- Return error when the scoring plugin returns score out of range [0, 100]. (#81015, @draveness)
- Update to use go 1.12.8 (#81390, @cblecker)
- kube-proxy --cleanup will return the correct exit code if the cleanup was successful (#78775, @johscheuer)
- remove iSCSI volume storage cleartext secrets in logs (#81215, @zouyee)
- Use a named array instead of a score array in normalizing-score phase. (#80901, @draveness)
- If scheduler extender filtered a not found node, current scheduling round for this pod will just be skipped. (#79641, @yqwang-ms)
- Update golang/x/net dependency to bring in fixes for CVE-2019-9512, CVE-2019-9514 (#81394, @cblecker)
- Fixes CVE-2019-11250: client-go header logging (at verbosity levels >= 7) now masks
Authorization
header contents (#81330, @tedyu) - Resolves a transient 404 response to custom resource requests during server startup (#81244, @liggitt)
- Non nil DataSource entries on PVC's are now displayed as part of
describe pvc
output. (#76463, @j-griffith) - Fix Azure client requests stuck issues on http.StatusTooManyRequests (HTTP Code 429). (#81279, @feiskyer)
- Implement a new feature that allows applying kustomize patches to static pod manifests generated by kubeadm. (#80905, @fabriziopandini)
- Add a service annotation
service.beta.kubernetes.io/azure-pip-name
to specify the public IP name for Azure load balancer. (#81213, @nilo19) - Fix a bug in the IPVS proxier where virtual servers are not cleaned up even though the corresponding Service object was deleted. (#80942, @gongguan)
- Add scheduling support for RuntimeClasses. RuntimeClasses can now specify nodeSelector constraints & tolerations, which are merged into the PodSpec for pods using that RuntimeClass. (#80825, @tallclair)
- etcd Docker image can be run as non-root (#79722, @randomvariable)
- kubeadm: the permissions of generated CSR files are changed from 0644 to 0600 (#81217, @SataQiu)
- Fix conflicted cache when the requests are canceled by other Azure operations. (#81282, @feiskyer)
- Fix kubelet NodeLease potential performance issues. Kubelet now will try to update lease using cached one instead of get from API Server every time. (#81174, @answer1991)
- Improves validation errors for custom resources (#81212, @liggitt)
- Improvement in Kube-proxy. Kube-proxy waits for some duration for the node to be defined. (#77167, @paulsubrata55)
- hyperkube will drop support for cloud-controller-manager in a future release (#81219, @dims)
- added an new Prometheus counter metric "sync_proxy_rules_iptables_restore_failures_total" for kube-proxy iptables-restore failures (both ipvs and iptables modes) (#81210, @figo)
- Add a
Patch
method toScaleInterface
(#80699, @knight42) - switch to VM Update call in attach/detach disk operation, original CreateOrUpdate call may lead to orphaned VMs or blocked resources (#81208, @andyzhangx)
- Add a azure cloud configuration
LoadBalancerName
andLoadBalancerResourceGroup
to allow the corresponding customizations of azure load balancer. (#81054, @nilo19) - Update the GCE windows node image to include hot fixes since July. (#81106, @YangLu1031)
- Kubelet considers all static pods as critical. Static pods pass kubelet admission even if a node does not have enough resources. Users must ensure that they account for resources when creating static pods. (#80491, @hpandeycodeit)
- kube-apiserver: the
--basic-auth-file
flag and authentication mode is deprecated and will be removed in a future release. It is not recommended for production environments. (#81152, @tedyu) - Fix a bug that pretty printer marshals empty byte or uint8 slice as null (#81096, @roycaihw)
- Deprecate the
--cloud-provider-gce-lb-src-cidrs
flag in the kube-apiserver. This flag will be removed once the GCE Cloud Provider is removed from kube-apiserver. (#81094, @andrewsykim) - cloud-controller-manager binaries and docker images are no longer shipped with kubernetes releases. (#81029, @dims)
- API: the metadata.selfLink field is deprecated in individual and list objects. It will no longer be returned starting in v1.20, and the field will be removed entirely in v1.21. (#80978, @wojtek-t)
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 82bc119f8d1e44518ab4f4bdefb96158b1a3634c003fe1bc8dcd62410189449fbd6736126409d39a6e2d211a036b4aa98baef3b3c6d9f7505e63430847d127c2 |
kubernetes-src.tar.gz | bbf330b887a5839e3d3219f5f4aa38f1c70eab64228077f846da80395193b2b402b60030741de14a9dd4de963662cfe694f6ab04035309e54dc48e6dddd5c05d |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 8d509bdc1ca62463cbb25548ec270792630f6a883f3194e5bdbbb3d6f8568b00f695e39950b7b01713f2f05f206c4d1df1959c6ee80f8a3e390eb94759d344b2 |
kubernetes-client-darwin-amd64.tar.gz | 1b00b3a478c210e3c3e6c346f5c4f7f43a00d5ef6acb8d9c1feaf26f913b9d4f97eb6db99bbf67953ef6399abe4fbb79324973c1744a6a8cd76067cb2aeed2ca |
kubernetes-client-linux-386.tar.gz | 82424207b4ef52c3722436eaaf86dbe5c93c6670fd09c2b04320251028fd1bb75724b4f490b6e8b443bd8e5f892ab64612cd22206119924dafde424bdee9348a |
kubernetes-client-linux-amd64.tar.gz | 57ba937e58755d3b7dfd19626fedb95718f9c1d44ac1c5b4c8c46d11ba0f8783f3611c7b946b563cac9a3cf104c35ba5605e5e76b48ba2a707d787a7f50f7027 |
kubernetes-client-linux-arm.tar.gz | 3a3601026e019b299a6f662b887ebe749f08782d7ed0d37a807c38a01c6ba19f23e2837c9fb886053ad6e236a329f58a11ee3ec4ba96a8729905ae78a7f6c58c |
kubernetes-client-linux-arm64.tar.gz | 4cdeb2e678c6b817a04f9f5d92c5c6df88e0f954550961813fca63af4501d04c08e3f4353dd8b6dce96e2ee197a4c688245f03c888417a436b3cf70abd4ba53a |
kubernetes-client-linux-ppc64le.tar.gz | 0cc7c8f7b48f5affb679352a94e42d8b4003b9ca6f8cbeaf315d2eceddd2e8446a58ba1d4a0df18e8f9c69d0d3b5a46f25b2e6a916e57975381e504d1a4daa1b |
kubernetes-client-linux-s390x.tar.gz | 9d8fa639f543e707dc65f24ce2f8c73a50c606ec7bc27d17840f45ac150d00b3b3f83de5e3b21f72b598acf08273e4b9a889f199f4ce1b1d239b28659e6cd131 |
kubernetes-client-windows-386.tar.gz | 05bf6e696da680bb8feec4f411f342a9661b6165f4f0c72c069871983f199418c4d4fa1e034136bc8be41c5fecc9934a123906f2d5666c09a876db16ae8c11ad |
kubernetes-client-windows-amd64.tar.gz | b2097bc851f5d3504e562f68161910098b46c66c726b92b092a040acda965fed01f45e7b9e513a4259c7a5ebd65d7aa3e3b711f4179139a935720d91216ef5c2 |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 721bd09b64e5c8f220332417089a772d9073c0dc5cdfa240984cfeb0d681b4a02620fb3ebf1b9f6a82a4dd3423f5831c259d4bad502dce87f145e0a08cb73ee9 |
kubernetes-server-linux-arm.tar.gz | e7638ce4b88b4282f0a157593cfe809fa9cc9139ea7ebae4762ef5ac1dfaa516903a8acb34a45937eb94b2699e5d4c68c639cbe40cbed2a6b97681aeace9948e |
kubernetes-server-linux-arm64.tar.gz | 395566c4be3c2ca5b07e81221b3370bc7ccbef0879f96a9384650fcaf4f699f3b2744ba1d97ae42cc6c5d9e1a65a41a793a8b0c9e01a0a65f57c56b1420f8141 |
kubernetes-server-linux-ppc64le.tar.gz | 90fcba066efd76d2f271a0eb26ed4d90483674d04f5e8cc39ec1e5b7f343311f2f1c40de386f35d3c69759628a1c7c075559c09b6c4542e42fbbe0daeb61a5fa |
kubernetes-server-linux-s390x.tar.gz | b25014bcf4138722a710451f6e58ee57588b4d47fcceeda8f6866073c1cc08641082ec56e94b0c6d586c0835ce9b55d205d254436fc22a744b24d8c74e8e5cce |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 6925a71096530f7114a68e755d07cb8ba714bc60b477360c85d76d7b71d3a3c0b78a650877d81aae35b308ded27c8207b5fe72d990abc43db3aa8a7d6d7f94f4 |
kubernetes-node-linux-arm.tar.gz | 073310e1ccf9a8af998d4c0402ae86bee4f253d2af233b0c45cea55902268c2fe7190a41a990b079e24536e9efa27b94249c3a9236531a166ba3ac06c0f26f92 |
kubernetes-node-linux-arm64.tar.gz | c55e9aecef906e56a6003f441a7d336846edb269aed1c7a31cf834b0730508706e73ea0ae135c1604b0697c9e2582480fbfba8ba105152698c240e324da0cbd2 |
kubernetes-node-linux-ppc64le.tar.gz | e89d72d27bb0a7f9133ef7310f455ba2b4c46e9852c43e0a981b68a413bcdd18de7168eb16d93cf87a5ada6a4958592d3be80c9be1e6895fa48e2f7fa70f188d |
kubernetes-node-linux-s390x.tar.gz | 6ef8a25f2f80a806672057dc030654345e87d269babe7cf166f7443e04c0b3a9bc1928cbcf5abef1f0f0fcd37f3a727f789887dbbdae62f9d1fd90a71ed26b39 |
kubernetes-node-windows-amd64.tar.gz | 22fd1cea6e0150c06dbdc7249635bbf93c4297565d5a9d13e653f9365cd61a0b8306312efc806d267c47be81621016b114510a269c622cccc916ecff4d10f33c |
- ACTION REQUIRED: (#80676, @fabriziopandini)
- kubeadm now deletes the bootstrap-kubelet.conf file after TLS bootstrap
- User relying on bootstrap-kubelet.conf should switch to kubelet.conf that contains node credentials
- Fixes validation of VolumeAttachment API objects created with inline volume sources. (#80945, @tedyu)
- Azure disks of shared kind will no longer fail if they do not contain skuname or (#80837, @rmweir)
-
storageaccounttype.
-
- kubeadm: fix "certificate-authority" files not being pre-loaded when using file discovery (#80966, @neolit123)
- Errors from pod volume set up are now propagated as pod events. (#80369, @jsafrane)
- kubeadm: enable secure serving for the kube-scheduler (#80951, @neolit123)
- Kubernetes client users may disable automatic compression when invoking Kubernetes APIs by setting the
DisableCompression
field on their rest.Config. This is recommended when clients communicate primarily over high bandwidth / low latency networks where response compression does not improve end to end latency. (#80919, @smarterclayton) - kubectl get did not correctly count the number of binaryData keys when listing config maps. (#80827, @smarterclayton)
- Implement "post-filter" extension point for scheduling framework (#78097, @draveness)
- Reduces GCE PD Node Attach Limits by 1 since the node boot disk is considered an attachable disk (#80923, @davidz627)
- This PR fixes an error when using external etcd but storing etcd certificates in the same folder and with the same name used by kubeadm for local etcd certificates; for an older version of kubeadm, the workaround is to avoid file name used by kubeadm for local etcd. (#80867, @fabriziopandini)
- When specifying
--(kube|system)-reserved-cgroup
, with--cgroup-driver=systemd
, it is now possible to use the fully qualified cgroupfs name (i.e./test-cgroup.slice
). (#78793, @mattjmcnaughton) - kubeadm: treat non-fatal errors as warnings when doing reset (#80862, @drpaneas)
- kube-addon-manager has been updated to v9.0.2 to fix a bug in leader election (kubernetes#80575) (#80861, @mborsz)
- Determine system model to get credentials for windows nodes. (#80764, @liyanhui1228)
- TBD (#80730, @jennybuckley)
- The
AdmissionReview
API sent to and received from admission webhooks has been promoted toadmission.k8s.io/v1
. Webhooks can specify a preference for receivingv1
AdmissionReview objects withadmissionReviewVersions: ["v1","v1beta1"]
, and must respond with an API object in the sameapiVersion
they are sent. When webhooks useadmission.k8s.io/v1
, the following additional validation is performed on their responses: (#80231, @liggitt) *response.patch
andresponse.patchType
are not permitted from validating admission webhooks *apiVersion: "admission.k8s.io/v1"
is required *kind: "AdmissionReview"
is required *response.uid: "<value of request.uid>"
is required *response.patchType: "JSONPatch"
is required (ifresponse.patch
is set) - "kubeadm join" fails if file-based discovery is too long, with a default timeout of 5 minutes. (#80804, @olivierlemasle)
- enhance Azure cloud provider code to support both AAD and ADFS authentication. (#80841, @rjaini)
- Attempt to set the kubelet's hostname & internal IP if
--cloud-provider=external
and no node addresses exists (#75229, @andrewsykim) - kubeadm: avoid double deletion of the upgrade prepull DaemonSet (#80798, @xlgao-zju)
- Fixes problems with connecting to services on localhost on some systems; in particular, DNS queries to systemd-resolved on Ubuntu. (#80591, @danwinship)
- Implement normalize plugin extension point for the scheduler framework. (#80383, @liu-cong)
- Fixed the bash completion error with override flags. (#80802, @dtaniwaki)
- Fix CVE-2019-11247: API server allows access to custom resources via wrong scope (#80750, @sttts)
- Failed iscsi logout is now re-tried periodically. (#78941, @jsafrane)
- Fix public IP not found issues for VMSS nodes (#80703, @feiskyer)
- In order to enable dual-stack support within kubeadm and kubernetes components, as part of the init config file, the user should set feature-gate IPv6DualStack=true in the ClusterConfiguration. Additionally, for each worker node, the user should set the feature-gate for kubelet using either nodeRegistration.kubeletExtraArgs or KUBELET_EXTRA_ARGS. (#80531, @Arvinderpal)
- Fix error in
kubeadm join --discovery-file
when using discovery files with embedded credentials (#80675, @fabriziopandini)
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 7dfa3f8b9e98e528e2b49ed9cca5e95f265b9e102faac636ff0c29e045689145be236b98406a62eb0385154dc0c1233cac049806c99c9e46590cad5aa729183f |
kubernetes-src.tar.gz | 7cf14b92c96cab5fcda3115ec66b44562ca26ea6aa46bc7fa614fa66bda1bdf9ac1f3c94ef0dfa0e37c992c7187ecf4205b253f37f280857e88a318f8479c9a9 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 4871756de2cd1add0b07ec1e577c500d18a59e2f761595b939e1d4e10fbe0a119479ecaaf53d75cb2138363deae23cc88cba24fe3018cec6a27a3182f37cae92 |
kubernetes-client-darwin-amd64.tar.gz | dbd9ca5fd90652ffc1606f50029d711eb52d34b707b7c04f29201f85aa8a5081923a53585513634f3adb6ace2bc59be9d4ad2abc49fdc3790ef805378c111e68 |
kubernetes-client-linux-386.tar.gz | 6b049098b1dc65416c5dcc30346b82e5cf69a1cdd7e7b065429a76d302ef4b2a1c8e2dc621e9d5c1a6395a1fbd97f196d99404810880d118576e7b94e5621e4c |
kubernetes-client-linux-amd64.tar.gz | 7240a9d49e445e9fb0c9d360a9287933c6c6e7d81d6e11b0d645d3f9b6f3f1372cc343f03d10026518df5d6c95525e84c41b06a034c9ec2c9e306323dbd9325b |
kubernetes-client-linux-arm.tar.gz | 947b0d9aeeef08961c0582b4c3c94b7ae1016d20b0c9f50af5fe760b3573f17497059511bcb57ac971a5bdadeb5c77dfd639d5745042ecc67541dd702ee7c657 |
kubernetes-client-linux-arm64.tar.gz | aff0258a223f5061552d340cda36872e3cd7017368117bbb14dc0f8a3a4db8c715c11743bedd72189cd43082aa9ac1ced64a6337c2f174bdcbeef094b47e76b0 |
kubernetes-client-linux-ppc64le.tar.gz | 3eabecd62290ae8d876ae45333777b2c9959e39461197dbe90e6ba07d0a4c50328cbdf44e77d2bd626e435ffc69593d0e8b807b36601c19dd1a1ef17e6810b4f |
kubernetes-client-linux-s390x.tar.gz | 6651b2d95d0a8dd748c33c9e8018ab606b4061956cc2b6775bd0b008b04ea33df27be819ce6c391ceb2191b53acbbc088d602ed2d86bdd7a3a3fc1c8f876798a |
kubernetes-client-windows-386.tar.gz | 4b6c11b7a318e5fcac19144f6ab1638126c299e08c7b908495591674abcf4c7dd16f63c74c7d901beff24006150d2a31e0f75e28a9e14d6d0d88a09dafb014f0 |
kubernetes-client-windows-amd64.tar.gz | 760ae08da6045ae7089fb27a9324e77bed907662659364857e1a8d103d19ba50e80544d8c21a086738b15baebfd9a5fa78d63638eff7bbe725436c054ba649cc |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 69db41f3d79aa0581c36a3736ab8dc96c92127b82d3cf25c5effc675758fe713ca7aa7e5b414914f1bc73187c6cee5f76d76b74a2ee1c0e7fa61557328f1b8ef |
kubernetes-server-linux-arm.tar.gz | ca302f53ee91ab4feb697bb34d360d0872a7abea59c5f28cceefe9237a914c77d68722b85743998ab12bf8e42005e63a1d1a441859c2426c1a8d745dd33f4276 |
kubernetes-server-linux-arm64.tar.gz | 79ab1f0a542ce576ea6d81cd2a7c068da6674177b72f1b5f5e3ca47edfdb228f533683a073857b6bc53225a230d15d3ba4b0cb9b6d5d78a309aa6e24c2f6c500 |
kubernetes-server-linux-ppc64le.tar.gz | fbe5b45326f1d03bcdd9ffd46ab454917d79f629ba23dae9d667d0c7741bc2f5db2960bf3c989bb75c19c9dc1609dacbb8a6dc9a440e5b192648e70db7f68721 |
kubernetes-server-linux-s390x.tar.gz | eb13ac306793679a3a489136bb7eb6588472688b2bb2aa0e54e61647d8c9da6d3589c19e7ac434c24defa78cb65f7b72593eedec1e7431c7ecae872298efc4de |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | a4bde88f3e0f6233d04f04d380d5f612cd3c574bd66b9f3ee531fa76e3e0f1c6597edbc9fa61251a377e8230bce0ce6dc1cf57fd19080bb7d13f14a391b27fe8 |
kubernetes-node-linux-arm.tar.gz | 7d72aa8c1d883b9f047e5b98dbb662bdfd314f9c06af4213068381ffaac116e68d1aad76327ead7a4fd97976ea72277cebcf765c56b265334cb3a02c83972ec1 |
kubernetes-node-linux-arm64.tar.gz | c9380bb59ba26dcfe1ab52b5cb02e2d920313defda09ec7d19ccbc18f54def4b57cf941ac8a397392beb5836fdc12bc9600d4055f2cfd1319896cfc9631cab10 |
kubernetes-node-linux-ppc64le.tar.gz | 7bcd79b368a62c24465fce7dcb024bb629eae034e09fb522fb43bb5798478ca2660a3ccc596b424325c6f69e675468900f3b41f3924e7ff453e3db40150b3c16 |
kubernetes-node-linux-s390x.tar.gz | 9bda9dd24ee5ca65aaefece4213b46ef57cde4904542d94e6147542e42766f8b80fe24d99a6b8711bd7dbe00c415169a9f258f433c5f5345c2e17c2bb82f2670 |
kubernetes-node-windows-amd64.tar.gz | d5906f229d2d8e99bdb37e7d155d54560b82ea28ce881c5a0cde8f8d20bff8fd2e82ea4b289ae3e58616d3ec8c23ac9b473cb714892a377feb87ecbce156147d |
- Revert "scheduler.alpha.kubernetes.io/critical-pod annotation is removed. Pod priority (spec.priorityClassName) should be used instead to mark pods as critical. Action required!" (#80277, @draveness)
- ACTION REQUIRED: container images tar files for 'amd64' will now contain the architecture in the RepoTags manifest.json section. (#80266, @javier-b-perez)
- If you are using docker manifests there are not visible changes.
- Use HTTPS as etcd-apiserver protocol when mTLS between etcd and kube-apiserver on master is enabled, change etcd metrics/health port to 2382. (#77561, @wenjiaswe)
- kubelet: change node-lease-renew-interval to 0.25 of lease-renew-duration (#80429, @gaorong)
- Fix error handling and potential go null pointer exception in kubeadm upgrade diff (#80648, @odinuge)
- New flag --endpoint-updates-batch-period in kube-controller-manager can be used to reduce number of endpoints updates generated by pod changes. (#80509, @mborsz)
- kubeadm: produce errors if they occur when resetting cluster status for a control-plane node (#80573, @bart0sh)
- When a load balancer type service is created in a k8s cluster that is backed by Azure Standard Load Balancer, the corresponding load balancer rule added in the Azure Standard Load Balancer would now have the "EnableTcpReset" property set to true. (#80624, @xuto2)
- Update portworx plugin dependency on libopenstorage/openstorage to v1.0.0 (#80495, @adityadani)
- Fixed detachment of deleted volumes on OpenStack / Cinder. (#80518, @jsafrane)
- when PodInfoOnMount is enabled for a CSI driver, the new csi.storage.k8s.io/ephemeral parameter in the volume context allows a driver's NodePublishVolume implementation to determine on a case-by-case basis whether the volume is ephemeral or a normal persistent volume (#79983, @pohly)
- Update gogo/protobuf to serialize backward, as to get better performance on deep objects. (#77355, @apelisse)
- Remove GetReference() and GetPartialReference() function from pkg/api/ref, as the same function exists also in staging/src/k8s.io/client-go/tools/ref (#80361, @wojtek-t)
- Fixed a bug in the CSI metrics that does not return not supported error when a CSI driver does not support metrics. (#79851, @jparklab)
- Fixed a bug in kube-addon-manager's leader election logic that made all replicas active. (#80575, @mborsz)
- Kibana has been slightly revamped/improved in the latest version (#80421, @lostick)
- kubeadm: fixed ignoring errors when pulling control plane images (#80529, @bart0sh)
- CRDs under k8s.io and kubernetes.io must have the "api-approved.kubernetes.io" set to either
unapproved.*
or a link to the pull request approving the schema. See kubernetes/enhancements#1111 for more details. (#79992, @deads2k) - Reduce kube-proxy cpu usage in IPVS mode when a large number of nodePort services exist. (#79444, @cezarsa)
- Add CSI Migration Shim for VerifyVolumesAreAttached and BulkVolumeVerify (#80443, @davidz627)
- Fix a bug that causes DaemonSet rolling update hang when there exist failed pods. (#78170, @DaiHao)
- Fix retry issues when the nodes are under deleting on Azure (#80419, @feiskyer)
- Add support for AWS EBS on windows (#79552, @wongma7)
- Passing an invalid policy name in the
--cpu-manager-policy
flag will now cause the kubelet to fail instead of simply ignoring the flag and running thecpumanager
s default policy instead. (#80294, @klueska) - Add Filter extension point to the scheduling framework. (#78477, @YoubingLi)
- cpuUsageNanoCores is now reported in the Kubelet summary API on Windows nodes (#80176, @liyanhui1228)
[]TopologySpreadConstraint
is introduced into PodSpec to support the "Even Pods Spread" alpha feature. (#77327, @Huang-Wei)- kubeadm: fall back to client version in case of certain HTTP errors (#80024, @RainbowMango)
- NFS Drivers are now enabled to collect metrics, StatFS metrics provider is used to collect the metrics. (#75805 , @brahmaroutu) (#75805, @brahmaroutu)
- make node lease renew interval more heuristic based on node-status-update-frequency in kubelet (#80173, @gaorong)
- Introduction of the pod overhead feature to the scheduler. This functionality is alpha-level as of (#78319, @egernst)
- Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.gate.
- N/A (#80260, @khenidak)
- Add v1.Container.SecurityContext.WindowsOptions.RunAsUserName to the pod spec (#79489, @bclau)
- Pass-through volume MountOptions to global mount (NodeStageVolume) on the node for CSI (#80191, @davidz627)
- Add Score extension point to the scheduling framework. (#79109, @ahg-g)
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 4834c52267414000fa93c0626bded5a969cf65d3d4681c20e5ae2c5f62002a51dfb8ee869484f141b147990915ba57be96108227f86c4e9f571b4b25e7ed0773 |
kubernetes-src.tar.gz | 9329d51f5c73f830f3c895c2601bc78e51d2d412b928c9dae902e9ba8d46338f246a79329a27e4248ec81410ff103510ba9b605bb03e08a48414b2935d2c164b |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 3cedffb92a0fca4f0b2d41f8b09baa59dff58df96446e8eece4e1b81022d9fdda8da41b5f73a3468435474721f03cffc6e7beabb25216b089a991b68366c73bc |
kubernetes-client-darwin-amd64.tar.gz | 14de6bb296b4d022f50778b160c98db3508c9c7230946e2af4eb2a1d662d45b86690e9e04bf3e592ec094e12bed1f2bb74cd59d769a0eaac3c81d9b80e0a79c8 |
kubernetes-client-linux-386.tar.gz | 8b2b9fa55890895239b99fabb866babe50aca599591db1ecf9429e49925ae478b7c813b9d7704a20f41f2d50947c3b3deecb594544f1f3eae6c4e97ae9bb9b70 |
kubernetes-client-linux-amd64.tar.gz | e927ac7b314777267b95e0871dd70c352ec0fc967ba221cb6cba523fa6f18d9d193e4ce92a1f9fa669f9c961de0e34d69e770ef745199ed3693647dd0d692e57 |
kubernetes-client-linux-arm.tar.gz | 4a230a6d34e2ffd7df40c5b726fbcbb7ef1373d81733bfb75685b2448ed181eb49ef27668fc33700f30de88e5bbdcc1e52649b9d31c7940760f48c6e6eb2f403 |
kubernetes-client-linux-arm64.tar.gz | 87c8d7185df23b3496ceb74606558d895a64daf0c41185c833a233e29216131baac6e356a57bb78293ed9d0396966ecc3b00789f2b66af352dc286b101bcc69a |
kubernetes-client-linux-ppc64le.tar.gz | 16ea5efa2fc29bc7448a609a7118e7994e901ab26462aac52f03b4851d4c9d103ee12d2335360f8aa503ddbb2a71f3000f0fcb33597dd813df4f5ad5f4819fa9 |
kubernetes-client-linux-s390x.tar.gz | 7390ad1682227a70550b20425fa5287fecf6a5d413493b03df3a7795614263e7883f30f3078bbb9fbd389d2a1dab073f8f401be89b82bd5861fa6b0aeda579eb |
kubernetes-client-windows-386.tar.gz | 88251896dfe38e59699b879f643704c0195e7a5af2cb00078886545f49364a2e3b497590781f135b80d60e256bad3a4ea197211f4f061c98dee096f0845e7a9b |
kubernetes-client-windows-amd64.tar.gz | 766b2a9bf097e45b2549536682cf25129110bd0562ab0df70e841ff8657dd7033119b0929e7a213454f90594b19b90fa57d89918cee33ceadba7d689449fe333 |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | dfd5c2609990c9b9b94249c654931b240dc072f2cc303e1e1d6dec1fddfb0a9e127e3898421ace00ab1947a3ad2f87cfd1266fd0b6193ef00f942269388ef372 |
kubernetes-server-linux-arm.tar.gz | 7704c2d3c57950f184322263ac2be1649a0d737d176e7fed1897031d0efb8375805b5f12c7cf9ba87ac06ad8a635d6e399382d99f3cbb418961a4f0901465f50 |
kubernetes-server-linux-arm64.tar.gz | fbbd87cc38cfb6429e3741bfd87ecec4b69b551df6fb7c121900ced4c1cd0bc77a317ca8abd41f71ffd7bc0b1c7144fecb22fa405d0b211b238df24d28599333 |
kubernetes-server-linux-ppc64le.tar.gz | cfed5b936eb2fe44df5d0c9c6484bee38ef370fb1258522e8c62fb6a526e9440c1dc768d8bf33403451ae00519cab1450444da854fd6c6a37665ce925c4e7d69 |
kubernetes-server-linux-s390x.tar.gz | 317681141734347260ad9f918fa4b67e48751f5a7df64a848d2a83c79a4e9dba269c51804b09444463ba88a2c0efa1c307795cd8f06ed840964eb2c725a4ecc3 |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | b3b1013453d35251b8fc4759f6ac26bdeb37f14a98697078535f7f902e8ebca581b5629bbb4493188a7e6077eb5afc61cf275f42bf4d9f503b70bfc58b9730b2 |
kubernetes-node-linux-arm.tar.gz | 0bacc1791d260d2863ab768b48daf66f0f7f89eeee70e68dd515b05fc9d7f14b466382fe16fa84a103e0023324f681767489d9485560baf9eb80fe0e7ffab503 |
kubernetes-node-linux-arm64.tar.gz | 73bd70cb9d27ce424828a95d715c16fd9dd22396dbe1dfe721eb0aea9e186ec46e6978956613b0978a8da3c22df39790739b038991c0192281881fce41d7c9f1 |
kubernetes-node-linux-ppc64le.tar.gz | a865f98838143dc7e1e12d1e258e5f5f2855fcf6e88488fb164ad62cf886d8e2a47fdf186ad6b55172f73826ae19da9b2642b9a0df0fa08f9351a66aeef3cf17 |
kubernetes-node-linux-s390x.tar.gz | d2f9f746ed0fe00be982a847a3ae1b6a698d5c506be1d3171156902140fec64642ec6d99aa68de08bdc7d65c9a35ac2c36bda53c4db873cb8e7edc419a4ab958 |
kubernetes-node-windows-amd64.tar.gz | 37f48a6d8174f38668bc41c81222615942bfe07e01f319bdfed409f83a3de3773dceb09fd86330018bb05f830e165e7bd85b3d23d26a50227895e4ec07f8ab98 |
- Migrate scheduler to use v1beta1 Event API. action required: any tool targeting scheduler events needs to use v1beta1 Event API (#78447, @yastij)
- scheduler.alpha.kubernetes.io/critical-pod annotation is removed. Pod priority (spec.priorityClassName) should be used instead to mark pods as critical. Action required! (#79554, @draveness)
- hyperkube: the
--make-symlinks
flag, deprecated in v1.14, has been removed. (#80017, @Pothulapati) - Node labels
beta.kubernetes.io/metadata-proxy-ready
,beta.kubernetes.io/metadata-proxy-ready
andbeta.kubernetes.io/kube-proxy-ds-ready
are no longer added on new nodes. (#79305, @paivagustavo) * ip-mask-agent addon starts to use the labelnode.kubernetes.io/masq-agent-ds-ready
instead ofbeta.kubernetes.io/masq-agent-ds-ready
as its node selector. * kube-proxy addon starts to use the labelnode.kubernetes.io/kube-proxy-ds-ready
instead ofbeta.kubernetes.io/kube-proxy-ds-ready
as its node selector. * metadata-proxy addon starts to use the labelcloud.google.com/metadata-proxy-ready
instead ofbeta.kubernetes.io/metadata-proxy-ready
as its node selector. * Kubelet removes the ability to setkubernetes.io
ork8s.io
labels via --node-labels other than the specifically allowed labels/prefixes. - The following APIs are no longer served by default: (#70672, @liggitt)
* All resources under
apps/v1beta1
andapps/v1beta2
- useapps/v1
instead *daemonsets
,deployments
,replicasets
resources underextensions/v1beta1
- useapps/v1
instead *networkpolicies
resources underextensions/v1beta1
- usenetworking.k8s.io/v1
instead *podsecuritypolicies
resources underextensions/v1beta1
- usepolicy/v1beta1
instead- Serving these resources can be temporarily re-enabled using the
--runtime-config
apiserver flag.apps/v1beta1=true
apps/v1beta2=true
extensions/v1beta1/daemonsets=true,extensions/v1beta1/deployments=true,extensions/v1beta1/replicasets=true,extensions/v1beta1/networkpolicies=true,extensions/v1beta1/podsecuritypolicies=true
- The ability to serve these resources will be completely removed in v1.18.
- Serving these resources can be temporarily re-enabled using the
- ACTION REQUIRED: Removed deprecated flag
--resource-container
from kube-proxy. (#78294, @vllry)- The deprecated
--resource-container
flag has been removed from kube-proxy, and specifying it will now cause an error. The behavior is now as if you specified--resource-container=""
. If you previously specified a non-empty--resource-container
, you can no longer do so as of kubernetes 1.16.
- The deprecated
- When HPAScaleToZero feature gate is enabled HPA supports scaling to zero pods based on object or external metrics. HPA remains active as long as at least one metric value available. (#74526, @DXist)
- To downgrade the cluster to version that does not support scale-to-zero feature:
-
- make sure there are no hpa objects with minReplicas=0. Here is a oneliner to update it to 1:
-
$ kubectl get hpa --all-namespaces --no-headers=true | awk '{if($6==0) printf "kubectl patch hpa/%s --namespace=%s -p \"{\\"spec\\":{\\"minReplicas\\":1}}\"
", $2, $1 }' | sh * 2. disable HPAScaleToZero feature gate
- Add support for writing out of tree custom scheduler plugins. (#78162, @hex108)
- Remove deprecated github.com/kardianos/osext dependency (#80142, @loqutus)
- Add Bind extension point to the scheduling framework. (#79313, @chenchun)
- On Windows systems, %USERPROFILE% is now preferred over %HOMEDRIVE%%HOMEPATH% as the home folder if %HOMEDRIVE%%HOMEPATH% does not contain a .kube* Add --kubernetes-version to "kubeadm init phase certs ca" and "kubeadm init phase kubeconfig" (#80115, @gyuho)
- kubeadm ClusterConfiguration now supports featureGates: IPv6DualStack: true (#80145, @Arvinderpal)
- Fix a bug that ListOptions.AllowWatchBookmarks wasn't propagating correctly in kube-apiserver. (#80157, @wojtek-t)
- Bugfix: csi plugin supporting raw block that does not need attach mounted failed (#79920, @cwdsuzhou)
- Increase log level for graceful termination to v=5 (#80100, @andrewsykim)
- kubeadm: support fetching configuration from the original cluster for 'upgrade diff' (#80025, @SataQiu)
- The sample-apiserver gains support for OpenAPI v2 spec serving at
/openapi/v2
. (#79843, @sttts)- The
generate-internal-groups.sh
script in k8s.io/code-generator will generate OpenAPI definitions by default inpkg/generated/openapi
. Additional API group dependencies can be added viaOPENAPI_EXTRA_PACKAGES=<group>/<version> <group2>/<version2>...
.
- The
- Cinder and ScaleIO volume providers have been deprecated and will be removed in a future release. (#80099, @dims)
- kubelet's --containerized flag was deprecated in 1.14. This flag is removed in 1.16. (#80043, @dims)
- Optimize EC2 DescribeInstances API calls in aws cloud provider library by querying instance ID instead of EC2 filters when possible (#78140, @zhan849)
- etcd migration image no longer supports etcd2 version. (#80037, @dims)
- Promote WatchBookmark feature to beta and enable it by default. (#79786, @wojtek-t)
- With WatchBookmark feature, clients are able to request watch events with BOOKMARK type. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session.
- update to use go 1.12.7 (#79966, @tao12345666333)
- Add --shutdown-delay-duration to kube-apiserver in order to delay a graceful shutdown.
/healthz
will keep returning success during this time and requests are normally served, but/readyz
will return faillure immediately. This delay can be used to allow the SDN to update iptables on all nodes and stop sending traffic. (#74416, @sttts) - The
MutatingWebhookConfiguration
andValidatingWebhookConfiguration
APIs have been promoted toadmissionregistration.k8s.io/v1
: (#79549, @liggitt) *failurePolicy
default changed fromIgnore
toFail
for v1 *matchPolicy
default changed fromExact
toEquivalent
for v1 *timeout
default changed from30s
to10s
for v1 *sideEffects
default value is removed and the field made required for v1 *admissionReviewVersions
default value is removed and the field made required for v1 (supported versions for AdmissionReview arev1
andv1beta1
) * Thename
field for specified webhooks must be unique forMutatingWebhookConfiguration
andValidatingWebhookConfiguration
objects created viaadmissionregistration.k8s.io/v1
- The
admissionregistration.k8s.io/v1beta1
versions ofMutatingWebhookConfiguration
andValidatingWebhookConfiguration
are deprecated and will no longer be served in v1.19.
- The
- The garbage collector and generic object quota controller have been updated to use the metadata client which improves memory (#78742, @smarterclayton)
- and CPU usage of the Kube controller manager.
- SubjectAccessReview requests sent for RBAC escalation, impersonation, and pod security policy authorization checks now populate the version attribute. (#80007, @liggitt)
- na (#79892, @mikebrow)
- Use O_CLOEXEC to ensure file descriptors do not leak to subprocesses. (#74691, @cpuguy83)
- The namespace controller has been updated to use the metadata client which improves memory (#78744, @smarterclayton)
- and CPU usage of the Kube controller manager.
- NONE (#79933, @mm4tt)
- add
kubectl replace --raw
andkubectl delete --raw
to have parity with create and get (#79724, @deads2k) - E2E tests no longer add command line flags directly to the command line, test suites that want that need to be updated if they don't use HandleFlags (#75593, @pohly)
- loading a -viper-config=e2e.yaml with suffix (introduced in 1.13) works again and now has a regression test
- Kubernetes now supports transparent compression of API responses. Clients that send
Accept-Encoding: gzip
will now receive a GZIP compressed response body if the API call was larger than 128KB. Go clients automatically request gzip-encoding by default and should see reduced transfer times for very large API requests. Clients in other languages may need to make changes to benefit from compression. (#77449, @smarterclayton) - Resolves an issue serving aggregated APIs backed by services that respond to requests to
/
with non-2xx HTTP responses (#79895, @deads2k) - updated fluentd to 1.5.1, elasticsearchs & kibana to 7.1.1 (#79014, @monotek)
- kubeadm: implement support for concurrent add/remove of stacked etcd members (#79677, @neolit123)
- Added a metric 'apiserver_watch_events_total' that can be used to understand the number of watch events in the system. (#78732, @mborsz)
- KMS Providers will install a healthz check for the status of kms-pluign in kube-apiservers' encryption config. (#78540, @immutableT)
- Fixes a bug in openapi published for custom resources using x-kubernetes-preserve-unknown-fields extensions, so that kubectl will allow sending unknown fields for that portion of the object. (#79636, @liggitt)
- A new client
k8s.io/client-go/metadata.Client
has been added for accessing objects generically. This client makes it easier to retrieve only the metadata (themetadata
sub-section) from resources on the cluster in an efficient manner for use cases that deal with objects generically, like the garbage collector, quota, or the namespace controller. The client asks the server to return ameta.k8s.io/v1 PartialObjectMetadata
object for list, get, delete, watch, and patch operations on both normal APIs and custom resources which can be encoded in protobuf for additional work. If the server does not yet support this API the client will gracefully fall back to JSON and transform the response objects into PartialObjectMetadata. (#77819, @smarterclayton) - changes timeout value in csi plugin from 15s to 2min which fixes the timeout issue (#79529, @andyzhangx)
- kubeadm: provide "--control-plane-endpoint" flag for
controlPlaneEndpoint
(#79270, @SataQiu) - Fixes invalid "time stamp is the future" error when kubectl cp-ing a file (#73982, @tanshanshan)
- Kubelet should now more reliably report the same primary node IP even if the set of node IPs reported by the CloudProvider changes. (#79391, @danwinship)
- To configure controller manager to use ipv6dual stack: (#73977, @khenidak)
-
use --cluster-cidr=",".
-
Notes:
-
- Only the first two cidrs are used (soft limits for Alpha, might be lifted later on).
-
- Only the "RangeAllocator" (default) is allowed as a value for --cidr-allocator-type . Cloud allocators are not compatible with ipv6dualstack
-
- When using the conformance test image, a new environment variable E2E_USE_GO_RUNNER will cause the tests to be run with the new Golang-based test runner rather than the current bash wrapper. (#79284, @johnSchnake)
- kubeadm: prevent PSP blocking of upgrade image prepull by using a non-root user (#77792, @neolit123)
- kubelet now accepts a --cni-cache-dir option, which defaults to /var/lib/cni/cache, where CNI stores cache files. (#78908, @dcbw)
- Update Azure API versions (containerregistry --> 2018-09-01, network --> 2018-08-01) (#79583, @justaugustus)
- Fix possible fd leak and closing of dirs in doSafeMakeDir (#79534, @odinuge)
- kubeadm: fix the bug that "--cri-socket" flag does not work for
kubeadm reset
(#79498, @SataQiu) - kubectl logs --selector will support --tail=-1. (#74943, @JishanXing)
- Introduce a new admission controller for RuntimeClass. Initially, RuntimeClass will be used to apply the pod overhead associated with a given RuntimeClass to the Pod.Spec if a corresponding RuntimeClassName is specified. (#78484, @egernst)
- PodOverhead is an alpha feature as of Kubernetes 1.16.
- Fix kubelet errors in AArch64 with huge page sizes smaller than 1MiB (#78495, @odinuge)
- The alpha
metadata.initializers
field, deprecated in 1.13, has been removed. (#79504, @yue9944882) - Fix duplicate error messages in cli commands (#79493, @odinuge)
- Default resourceGroup should be used when the value of annotation azure-load-balancer-resource-group is an empty string. (#79514, @feiskyer)
- Fixes output of
kubectl get --watch-only
when watching a single resource (#79345, @liggitt) - RateLimiter add a context-aware method, fix client-go request goruntine backlog in async timeout scene. (#79375, @answer1991)
- Fix a bug where kubelet would not retry pod sandbox creation when the restart policy of the pod is Never (#79451, @yujuhong)
- Fix CRD validation error on 'items' field. (#76124, @tossmilestone)
- The CRD handler now properly re-creates stale CR storage to reflect CRD update. (#79114, @roycaihw)
- Integrated volume limits for in-tree and CSI volumes into one scheduler predicate. (#77595, @bertinatto)
- Fix a bug in server printer that could cause kube-apiserver to panic. (#79349, @roycaihw)
- Mounts /home/kubernetes/bin/nvidia/vulkan/icd.d on the host to /etc/vulkan/icd.d inside containers requesting GPU. (#78868, @chardch)
- Remove CSIPersistentVolume feature gates (#79309, @draveness)
- Init container resource requests now impact pod QoS class (#75223, @sjenning)
- Correct the maximum allowed insecure bind port for the kube-scheduler and kube-apiserver to 65535. (#79346, @ncdc)
- Fix remove the etcd member from the cluster during a kubeadm reset. (#79326, @bradbeam)
- Remove KubeletPluginsWatcher feature gates (#79310, @draveness)
- Remove HugePages, VolumeScheduling, CustomPodDNS and PodReadinessGates feature flags (#79307, @draveness)
- The GA PodPriority feature gate is now on by default and cannot be disabled. The feature gate will be removed in v1.18. (#79262, @draveness)
- Remove pids cgroup controller requirement when related feature gates are disabled (#79073, @rafatio)
- Add Bind extension point of the scheduling framework (#78513, @chenchun)
- if targetPort is changed that will process by service controller (#77712, @Sn0rt)
- update to use go 1.12.6 (#78958, @tao12345666333)
- kubeadm: fix a potential panic if kubeadm discovers an invalid, existing kubeconfig file (#79165, @neolit123)
- fix kubelet fail to delete orphaned pod directory when the kubelet's pods directory (default is "/var/lib/kubelet/pods") symbolically links to another disk device's directory (#79094, @gaorong)
- Addition of Overhead field to the PodSpec and RuntimeClass types as part of the Pod Overhead KEP (#76968, @egernst)
- fix pod list return value of framework.WaitForPodsWithLabelRunningReady (#78687, @pohly)
- The behavior of the default handler for 404 requests fro the GCE Ingress load balancer is slightly modified in the sense that it now exports metrics using prometheus. The metrics exported include: (#79106, @vbannai)
-
- http_404_request_total (the number of 404 requests handled)
-
- http_404_request_duration_ms (the amount of time the server took to respond in ms)
- Also includes percentile groupings. The directory for the default 404 handler includes instructions on how to enable prometheus for monitoring and setting alerts.
-
- The kube-apiserver has improved behavior for both startup and shutdown sequences and also now exposes
eadyz
for readiness checking. Readyz includes all existing healthz checks but also adds a shutdown check. When a cluster admin initiates a shutdown, the kube-apiserver will try to process existing requests (for the duration of request timeout) before killing the apiserver process. (#78458, @logicalhan)- The apiserver also now takes an optional flag "--maximum-startup-sequence-duration". This allows you to explicitly define an upper bound on the apiserver startup sequences before healthz begins to fail. By keeping the kubelet liveness initial delay short, this can enable quick kubelet recovery as soon as we have a boot sequence which has not completed in our expected time frame, despite lack of completion from longer boot sequences (like RBAC). Kube-apiserver behavior when the value of this flag is zero is backwards compatible (this is as the defaulted value of the flag).
- fix: make azure disk URI as case insensitive (#79020, @andyzhangx)
- Enable cadvisor ProcessMetrics collecting. (#79002, @jiayingz)
- Fixes a bug where
kubectl set config
hangs and uses 100% CPU on some invalid property names (#79000, @pswica) - Fix a string comparison bug in IPVS graceful termination where UDP real servers are not deleted. (#78999, @andrewsykim)
- Reflector watchHandler Warning log 'The resourceVersion for the provided watch is too old.' is now logged as Info. (#78991, @sallyom)
- fix a bug that pods not be deleted from unmatched nodes by daemon controller (#78974, @DaiHao)
- NONE (#78821, @jhedev)
- Volume expansion is enabled in the default GCE storageclass (#78672, @msau42)
- kubeadm: use the service-cidr flag to pass the desired service CIDR to the kube-controller-manager via its service-cluster-ip-range flag. (#78625, @Arvinderpal)
- kubeadm: introduce deterministic ordering for the certificates generation in the phase command "kubeadm init phase certs" . (#78556, @neolit123)
- Add Pre-filter extension point to the scheduling framework. (#78005, @ahg-g)
- fix pod stuck issue due to corrupt mnt point in flexvol plugin, call Unmount if PathExists returns any error (#75234, @andyzhangx)