filename | sha256 hash |
---|---|
kubernetes.tar.gz | a48d4f6eb4bf329a87915d2264250f2045aab1e8c6cc3e574a887ec42b5c6edc |
kubernetes-src.tar.gz | 3b51bf50370fc022f5e4578b071db6b63963cd64b35c41954d4a2a8f6738c0a7 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 8f35d820d21bfdb3186074eb2ed5212b983e119215356a7a76a9f773f2a1e6a3 |
kubernetes-client-darwin-amd64.tar.gz | ae06d0cd8f6fa8d145a9dbdb77e6cba99ad9cfce98b01c766df1394c17443e42 |
kubernetes-client-linux-386.tar.gz | 8147723a68763b9791def5b41d75745e835ddd82f23465a2ba7797b84ad73554 |
kubernetes-client-linux-amd64.tar.gz | 845668fe2f854b05aa6f0b133314df83bb41a486a6ba613dbb1374bf3fbe8720 |
kubernetes-client-linux-arm.tar.gz | 5d2552a6781ef0ecaf308fe6a02637faef217c98841196d4bd7c52a0f1a4bfa0 |
kubernetes-client-linux-arm64.tar.gz | 9d5e4ba43ad7250429015f33f728c366daa81e894e8bfe8063d73ce990e82944 |
kubernetes-client-linux-ppc64le.tar.gz | acabf3a26870303641ce60a59b5bb9702c8a7445b16f4293abc7868e91d252c8 |
kubernetes-client-linux-s390x.tar.gz | 8d836df10b50d11434b5ee797aecc21714723f02fc47fe3dd600426eb83b9e38 |
kubernetes-client-windows-386.tar.gz | ca183b66f910ff11fa468e47251c68d256ef145fcfc2d23d4347d066e7787971 |
kubernetes-client-windows-amd64.tar.gz | 817aea754a059c635f4d690aa0232a8e77eb74e76357cafd8f10556972022e9e |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | f2e0505bee7d9217332b96be11d1b88c06f51049f7a44666b0ede80bfb92fdf6 |
kubernetes-server-linux-arm.tar.gz | a7be68c32a299c98353633f3161f910c4b970c8364ccee5f98e1991364b3ce69 |
kubernetes-server-linux-arm64.tar.gz | 4df4add2891d02101818653ac68b57e6ce4760fd298f47467ce767ac029f4508 |
kubernetes-server-linux-ppc64le.tar.gz | 199b52461930c0218f984884069770fb7e6ceaf66342d5855b209ff1889025b8 |
kubernetes-server-linux-s390x.tar.gz | 578f93fc22d2a5bec7dc36633946eb5b7359d96233a2ce74f8b3c5a231494584 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 8c03412881eaab5f3ea828bbb81e8ebcfc092d311b2685585817531fa7c2a289 |
kubernetes-node-linux-arm.tar.gz | d6a413fcadb1b933a761ac9b0c864f596498a8ac3cc4922c1569306cd0047b1d |
kubernetes-node-linux-arm64.tar.gz | 46d6b74759fbc3b2aad42357f019dae0e882cd4639e499e31b5b029340dabd42 |
kubernetes-node-linux-ppc64le.tar.gz | bdecc12feab2464ad917623ade0cbf58675e0566db38284b79445841d246fc08 |
kubernetes-node-linux-s390x.tar.gz | afe35c2854f35939be75ccfb0ec81399acf4043ae7cf19dd6fbe6386288972c2 |
kubernetes-node-windows-amd64.tar.gz | eac14e3420ca9769e067cbf929b5383cd77d56e460880a30c0df1bbfbb5a43db |
Many of the changes within SIG-Node revolve around control. With the beta release of the kubelet.config.k8s.io
API group, a significant subset of Kubelet configuration can now be configured via a versioned config file. Kubernetes v1.10 adds alpha support for the ability to configure whether containers in a pod should share a single process namespace, and the CRI has been upgraded to v1alpha2, which adds support for Windows Container Configuration. Kubernetes v1.10 also ships with the beta release of the CRI validation test suite.
The Resource Management Working Group graduated three features to beta in the 1.10 release. First, CPU Manager, which allows users to request exclusive CPU cores. This helps performance in a variety of use-cases, including network latency sensitive applications, as well as applications that benefit from CPU cache residency. Next, Huge Pages, which allows pods to consume either 2Mi or 1Gi Huge Pages. This benefits applications that consume large amounts of memory. Use of Huge Pages is a common tuning recommendation for databases and JVMs. Finally, the Device Plugin feature, which provides a framework for vendors to advertise their resources to the Kubelet without changing Kubernetes core code. Targeted devices include GPUs, High-performance NICs, FPGAs, InfiniBand, and other similar computing resources that may require vendor specific initialization and setup.
This release brings additional power to both local storage and Persistent Volumes. Mount namespace propagation allows a container to mount a volume as rslave so that host mounts can be seen inside the container, or as rshared so that mounts made inside a container can be seen by the host. (Note that this is not supported on Windows.) Local Ephemeral Storage Capacity Isolation makes it possible to set requests and limits on ephemeral local storage resources. In addition, you can now create Local Persistent Storage, which enables PersistentVolumes to be created with locally attached disks, and not just network volumes.
On the Persistent Volumes side, this release Prevents deletion of Persistent Volume Claims that are used by a pod and Persistent Volumes that are bound to a Persistent Volume Claim, making it impossible to delete storage that is in use by a pod.
This release also includes Topology Aware Volume Scheduling for local persistent volumes, the stable release of Detailed storage metrics of internal state, and beta support for Out-of-tree CSI Volume Plugins.
This release continues to enable more existing features on Windows, including container CPU resources, image filesystem stats, and flexvolumes. It also adds Windows service control manager support and experimental support for Hyper-V isolation of single-container pods.
SIG-OpenStack updated the OpenStack provider to use newer APIs, consolidated community code into one repository, engaged with the Cloud Provider Working Group to have a consistent plan for moving provider code into individual repositories, improved testing of provider code, and strengthened ties with the OpenStack developer community.
API Aggregation has been upgraded to “stable” in Kubernetes 1.10, so you can use it in production. Webhooks have seen numerous improvements, including alpha Support for self-hosting authorizer webhooks.
This release lays the groundwork for new authentication methods, including the alpha release of External client-go credential providers and the TokenRequest API. In addition, Pod Security Policy now lets administrators decide what contexts pods can run in, and gives administrators the ability to limit node access to the API.
Kubernetes 1.10 includes alpha Azure support for cluster-autoscaler, as well as support for Azure Virtual Machine Scale Sets.
This release includes a change to kubectl get and describe to work better with extensions, as the server, rather than the client, returns this information for a smoother user experience.
In terms of networking, Kubernetes 1.10 is about control. Users now have beta support for the ability to configure a pod’s resolv.conf, rather than relying on the cluster DNS, as well as configuring the NodePort IP address. You can also switch the default DNS plugin to CoreDNS (beta).
In-place node upgrades to this release from versions 1.7.14, 1.8.9, and 1.9.4 are not supported if using subpath volumes with PVCs. Such pods should be drained from the node first.
The minimum supported version of Docker is now 1.11; if you are using Docker 1.10 or below, be sure to upgrade Docker before upgrading Kubernetes. (#57845, @yujuhong)
The Container Runtime Interface (CRI) version has increased from v1alpha1 to v1alpha2. Runtimes implementing the CRI will need to update to the new version, which configures container namespaces using an enumeration rather than booleans. This change to the alpha API is not backwards compatible; implementations of the CRI such as containerd, will need to update to the new API version. (#58973, @verb)
The default Flexvolume plugin directory for COS images on GCE has changed to /home/kubernetes/flexvolume
, rather than /etc/srv/kubernetes/kubelet-plugins/volume/exec
. Existing Flexvolume installations in clusters using COS images must be moved to the new directory, and installation processes must be updated with the new path. (#58171, @verult)
Default values differ between the Kubelet’s componentconfig (config file) API and the Kubelet’s command line. Be sure to review the default values when migrating to using a config file. For example, the authz mode is set to “AlwaysAllow” if you rely on the command line, but defaults to the more secure “Webhook” mode if you load config from a file. (#59666, @mtaufen)
[GCP kube-up.sh] Variables that were part of kube-env that were only used for kubelet flags are no longer being set, and are being replaced by the more portable mechanism of the kubelet configuration file. The individual variables in the kube-env metadata entry were never meant to be a stable interface and this release note only applies if you are depending on them. (#60020, @roberthbailey)
kube-proxy: feature gates are now specified as a map when provided via a JSON or YAML KubeProxyConfiguration, rather than as a string of key-value pairs. For example:
KubeProxyConfiguration Before:
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
**featureGates: "SupportIPVSProxyMode=true"**
KubeProxyConfiguration After:
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
**featureGates:**
** SupportIPVSProxyMode: true**
The kubeletconfig
API group has graduated from alpha to beta, and the name has changed to kubelet.config.k8s.io
. Please use kubelet.config.k8s.io/v1beta1
, as kubeletconfig/v1alpha1
is no longer available. (#53833, @mtaufen)
kube-apiserver: the experimental in-tree Keystone password authenticator has been removed in favor of extensions that enable use of Keystone tokens. (#59492, @dims)
The udpTimeoutMilliseconds field in the kube-proxy configuration file has been renamed to udpIdleTimeout. Administrators must update their files accordingly. (#57754, @ncdc)
The kubelet’s --cloud-provider=auto-detect
feature has been removed; make certain to specify the cloud provider. (#56287, @stewart-yu)
kube-apiserver: the OpenID Connect authenticator no longer accepts tokens from the Google v3 token APIs; users must switch to the “https://www.googleapis.com/oauth2/v4/token" endpoint.
kube-apiserver: the root /proxy paths have been removed (deprecated since v1.2). Use the /proxy subresources on objects that support HTTP proxying. (#59884, @mikedanese)
Eviction thresholds set to 0% or 100% will turn off eviction. (#59681, @mtaufen)
CustomResourceDefinitions: OpenAPI v3 validation schemas containing $ref
references are no longer permitted. Before upgrading, ensure CRD definitions do not include those $ref
fields. (#58438, @carlory)
Webhooks now do not skip cluster-scoped resources. Before upgrading your Kubernetes clusters, double check whether you have configured webhooks for cluster-scoped objects (e.g., nodes, persistentVolume), as these webhooks will start to take effect. Delete/modify the configs if that’s not desirable. (#58185, @caesarxuchao)
Using kubectl gcp auth plugin with a Google Service Account to authenticate to a cluster now additionally requests a token with the “userinfo.email” scope. This way, users can write ClusterRoleBindings/RoleBindings with the email address of the service account directly. (This is a breaking change if the numeric uniqueIDs of the Google service accounts were being used in RBAC role bindings. The behavior can be overridden by explicitly specifying the scope values as comma-separated string in the “users[*].config.scopes” field in the KUBECONFIG file.) This way, users can now set a Google Service Account JSON key in the GOOGLE_APPLICATION_CREDENTIALS environment variable, craft a kubeconfig file with GKE master IP+CA cert, and authenticate to GKE in headless mode without requiring gcloud CLI. (#58141, @ahmetb)
kubectl port-forward no longer supports the deprecated -p <pod-name>
. (#59705, @phsiao)
Removed deprecated –require-kubeconfig flag, removed default –kubeconfig value ((#58367, @zhangxiaoyu-zidif)
The public-address-override, address, and port flags have been removed and replaced by bind-address, insecure-bind-address, and insecure-port, respectively. They are marked as deprecated in #36604, which is more than a year ago. (#59018, @hzxuzhonghu)
The alpha --init-config-dir
flag has been removed. Instead, use the --config
flag to reference a kubelet configuration file directly. (#57624, @mtaufen)
Removed deprecated and unmaintained salt support. kubernetes-salt.tar.gz will no longer be published in the release tarball. (#58248, @mikedanese)
The deprecated –mode switch for GCE has been removed.(#61203)
The word “manifest” has been expunged from the Kubelet API. (#60314)
https://github.com/kubernetes/kubernetes/issues/49213 sig-cluster-lifecycle has decided to phase out the cluster/ directory over the next couple of releases in favor of deployment automations maintained outside of the core repo and outside of kubernetes orgs. @kubernetes/sig-cluster-lifecycle-misc)
Remove deprecated ContainerVM support from GCE kube-up. (#58247, @mikedanese)
Remove deprecated kube-push.sh functionality. (#58246, @mikedanese)
Remove deprecated container-linux support in gce kube-up.sh. (#58098, @mikedanese)
Remove deprecated and unmaintained photon-controller kube-up.sh. (#58096, @mikedanese)
Remove deprecated and unmaintained libvirt-coreos kube-up.sh. (#58023, @mikedanese)
Remove deprecated and unmaintained windows installer. (#58020, @mikedanese)
Remove deprecated and unmaintained openstack-heat kube-up.sh. (#58021, @mikedanese)
Remove deprecated vagrant kube-up.sh. (#58118,@roberthbailey)
The DaemonSet controller, its integration tests, and its e2e tests, have been updated to use the apps/v1 API. Users should, but are not yet required to, update their scripts accordingly. (#59883, @kow3ns)
MountPropagation feature is now beta. As a consequence, all volume mounts in containers are now rslave
on Linux by default. To make this default work in all Linux environments the entire mount tree should be marked as shareable, e.g. via mount --make-rshared /
. All Linux distributions that use systemd already have the root directory mounted as rshared and hence they need not do anything. In Linux environments without systemd we recommend running mount --make-rshared /
during boot before docker is started, (@jsafrane)
Use of subPath module with hostPath volumes can cause issues during reconstruction (#61446) and with containerized kubelets (#61456). The workaround for this issue is to specify the complete path in the hostPath volume. Use of subPathmounts nested within atomic writer volumes (configmap, secret, downwardAPI, projected) does not work (#61545), and socket files cannot be loaded from a subPath (#62377). Work on these issues is ongoing.
Kubeadm is currently omitting etcd certificates in a self-hosted deployment; this will be fixed in a point relelase. (#61322)
Some users, especially those with very large clusters, may see higher memory usage by the kube-controller-manager in 1.10. (#61041)
etcd2 as a backend is deprecated and support will be removed in Kubernetes 1.13.
VolumeScheduling and LocalPersistentVolume features are beta and enabled by default. The PersistentVolume NodeAffinity alpha annotation is deprecated and will be removed in a future release. (#59391, @msau42)
The alpha Accelerators feature gate is deprecated and will be removed in v1.11. Please use device plugins (https://github.com/kubernetes/features/issues/368) instead. They can be enabled using the DevicePlugins feature gate. (#57384, @mindprince)
The ability to use kubectl scale jobs is deprecated. All other scale operations remain in place, but the ability to scale jobs will be removed in a future release. (#60139, @soltysh)
Flags that can be set via the Kubelet’s –config file are now deprecated in favor of the file. (#60148, @mtaufen)
--show-all
(which only affected pods and only for human readable/non-API printers) is now defaulted to true and deprecated. The flag determines whether pods in a terminal state are displayed. It will be inert in 1.11 and removed in a future release. (#60210, @deads2k)
The ability to use the insecure HTTP port of kube-controller-manager and cloud-controller-manager has been deprecated, and will be removed in a future release. Use --secure-port
and --bind-address
instead. (#59582, @sttts)
The ability to use the insecure flags --insecure-bind-address
, --insecure-port
in the apiserver has been deprecated and will be removed in a future release. Use --secure-port
and --bind-address
instead. (#59018, @hzxuzhonghu)
The recycling reclaim policy has been deprecated. Users should use dynamic provisioning instead. (#59063, @ayushpateria)
kube-apiserver flag –tls-ca-file has had no effect for some time. It is now deprecated and slated for removal in 1.11. If you are specifying this flag, you must remove it from your launch config before upgrading to 1.11. (#58968, @deads2k)
The PodSecurityPolicy
API has been moved to the policy/v1beta1
API group. The PodSecurityPolicy
API in the extensions/v1beta1
API group is deprecated and will be removed in a future release. Authorizations for using pod security policy resources should change to reference the policy
API group after upgrading to 1.11. (#54933, @php-coder)
Add --enable-admission-plugin
--disable-admission-plugin
flags and deprecate --admission-control
. When using the separate flag, the order in which they’re specified doesn’t matter. (#58123, @hzxuzhonghu)
The kubelet –docker-disable-shared-pid flag, which runs docker containers with a process namespace that is shared between all containers in a pod, is now deprecated and will be removed in a future release. It is replaced by v1.Pod.Spec.ShareProcessNamespace
, which configures this behavior. This field is alpha and can be enabled with –feature-gates=PodShareProcessNamespace=true. (#58093, @verb)
The kubelet’s cadvisor port has been deprecated. The default will change to 0 (disabled) in 1.12, and the cadvisor port will be removed entirely in 1.13. (#59827, @dashpole)
rktnetes has been deprecated in favor of rktlet. Please see https://github.com/kubernetes-incubator/rktlet for more information. (#58418, @yujuhong)
The Kubelet now explicitly registers all of its command-line flags with an internal flagset, which prevents flags from third party libraries from unintentionally leaking into the Kubelet’s command-line API. Many unintentionally leaked flags are now marked deprecated, so that users have a chance to migrate away from them before they are removed. In addition, one previously leaked flag, –cloud-provider-gce-lb-src-cidrs, has been entirely removed from the Kubelet’s command-line API, because it is irrelevant to Kubelet operation. The deprecated flags are:
The boostrapped RBAC role and rolebinding for the cloud-provider
service account is now deprecated. If you’re currently using this service account, you must create and apply your own RBAC policy for new clusters. (#59949, @nicksardo)
Format-separated endpoints for the OpenAPI spec, such as /swagger.json, /swagger-2.0.0.0.json, and so on, have been deprecated. The old endpoints will remain in 1.10, 1.11, 1.12 and 1.13, and get removed in 1.14. Please use single /openapi/v2
endpoint with the appropriate Accept: header instead. For example:
previous | now |
GET /swagger.json | GET /openapi/v2 Accept: application/json |
GET /swagger-2.0.0.pb-v1 | GET /openapi/v2 Accept: application/com.github.proto-openapi.spec.v2@v1.0+protobuf |
GET /swagger-2.0.0.pb-v1.gz | GET /openapi/v2 Accept: application/com.github.proto-openapi.spec.v2@v1.0+protobuf Accept-Encoding: gzip |
Updated defaultbackend image to 1.4 and deployment apiVersion to apps/v1. Users should concentrate on updating scripts to the new version. (#57866, @zouyee)
Fix StatefulSet to work correctly with set-based selectors. (#59365, @ayushpateria)
Fixes a case when Deployment with recreate strategy could get stuck on old failed Pod. (#60301, @tnozicka)
ConfigMap objects now support binary data via a new binaryData
field. When using kubectl create configmap --from-file
, files containing non-UTF8 data will be placed in this new field in order to preserve the non-UTF8 data. Note that kubectl’s --append-hash
feature doesn’t take binaryData
into account. Use of this feature requires 1.10+ apiserver and kubelets. (#57938, @dims)
Add AWS cloud provider option to use an assumed IAM role. For example, this allows running Controller Manager in a account separate from the worker nodes, but still allows all resources created to interact with the workers. ELBs created would be in the same account as the worker nodes for instance.(#59668, @brycecarman)
AWS EBS volume plugin now includes block and volumeMode support. (#58625, @screeley44)
On AWS kubelet returns an error when started under conditions that do not allow it to work (AWS has not yet tagged the instance), rather than failing silently. (#60125, @vainu-arto)
AWS Security Groups created for ELBs will now be tagged with the same additional tags as the ELB; that is, the tags specified by the “service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags” annotation. This is useful for identifying orphaned resources. (#58767, @2rs2ts)
AWS Network Load Balancers will now be deleted properly, including security group rules. Fixes #57568 (#57569, @micahhausler)
Time for attach/detach retry operations has been decreased from 10-12s to 2-6s (#56974, @gnufied)
vSphere operations will no longer fail due to authentication errors. (#57978, @prashima)
This removes the cloud-provider role and role binding from the rbac boostrapper and replaces it with a policy applied via addon mgr. This also creates a new clusterrole allowing the service account to create events for any namespace.
client-go: alpha support for out-of-tree exec-based credential providers. For example, a cloud provider could create their own authentication system rather than using the standard authentication provided with Kubernetes. (#59495, @ericchiang)
The node authorizer now allows nodes to request service account tokens for the service accounts of pods running on them. This allows agents using the node identity to take actions on behalf of local pods. (#55019, @mikedanese)
kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the –oidc-signing-algs flag. (#58544, @ericchiang)
Requests with invalid credentials no longer match audit policy rules where users or groups are set, correcting a problem where authorized requests were getting through. (#59398, @CaoShuFeng)
The Stackdriver Metadata Agent addon now includes RBAC manifests, enabling it to watch nodes and pods. (#57455, @kawych)
Fix RBAC role for certificate controller to allow cleaning up of Certificate Signing Requests that are Approved and issued or Denied. (#59375, @mikedanese)
kube-apiserver: Use of the --admission-control-config-file
with a file containing an AdmissionConfiguration apiserver.k8s.io/v1alpha1 config object no longer leads to an error when launching kube-apiserver. (#58439 @liggitt)
Default enabled admission plugins are now NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota
. Please note that if you previously had not set the --admission-control
flag, your cluster behavior may change (to be more standard). (#58684, @hzxuzhonghu)
Encryption key and encryption provider rotation now works properly. (#58375, @liggitt
RBAC: The system:kubelet-api-admin cluster role can be used to grant full access to the kubelet API so integrators can grant this role to the –kubelet-client-certificate credential given to the apiserver. (#57128, @liggitt)
DenyEscalatingExec admission controller now checks psp HostNetwork as well as hostIPC and hostPID. hostNetwork is also checked to deny exec /attach. (#56839, [@hzxuzhonghu]=(https://github.com/hzxuzhonghu))
When using Role-Based Access Control, the “admin”, “edit”, and “view” roles now have the expected permissions on NetworkPolicy resources, rather than reserving those permissions to only cluster-admin. (#56650, @danwinship)
Added docker-logins config to kubernetes-worker charm. (#56217, @Cynerva)
Add ability to control primary GID of containers through Pod Spec at Pod level and Per Container SecurityContext level. (#52077)
Use structured generator for kubectl autoscale. (#55913, @wackxu)
Allow kubectl to set image|env on a cronjob (#57742, @soltysh)
Fixed crash in kubectl cp when path has multiple leading slashes. (#58144, @tomerf)
kubectl port-forward now allows using resource name (e.g., deployment/www) to select a matching pod, as well as the use of –pod-running-timeout to wait until at least one pod is running. (#59705, @phsiao)
‘cj’ has been added as a shortname for CronJobs, as in kubectl get cj
(#59499, @soltysh)
crds
has been added as a shortname for CustomResourceDefinition, as in kubectl get crds
(#59061, @nikhita)
Fix kubectl explain for resources not existing in default version of API group, such as batch/v1, Kind=CronJob
. (#58753, @soltysh)
Added the ability to select pods in a chosen node to be drained based on given pod label-selector. (#56864, @juanvallejo)
Kubectl explain now prints out the Kind and API version of the resource being explained. (#55689, @luksa)
The default Kubernetes version for kubeadm is now 1.10. (#61127, @timothysc)
The minimum Kubernetes version in kubeadm is now v1.9.0. (#57233, @xiangpengzhao)
Fixes a bug in Heapster deployment for google sink. (#57902, @kawych)
On cluster provision or upgrade, kubeadm now generates certs and secures all connections to the etcd static-pod with mTLS. This includes the etcd serving cert, the etcd peer cert, and the apiserver etcd client cert. Flags and hostMounts are added to the etcd and apiserver static-pods to load these certs. For connections to etcd, https is now used in favor of http. (#57415, @stealthybox These certs are also generated on upgrade. (#60385, @stealthybox)
Demoted controlplane passthrough flags apiserver-extra-args, controller-manager-extra-args, scheduler-extra-args to alpha flags (#59882, @kris-nova)
The new flag --apiserver-advertise-dns-address
is used in the node’s kubelet.confg to point to the API server, allowing users to define a DNS entry instead of an IP address. (#59288, @stevesloka)
MasterConfiguration manifiest The criSocket flag is now usable within the MasterConfiguration
and NodeConfiguration
manifest files that exist for configuring kubeadm. Before it only existed as a command line flag and was not able to be configured when using the --config
flag and the manifest files. (#59057(#59292, @JordanFaust)
kubeadm init
can now omit the tainting of the master node if configured to do so in kubeadm.yaml
using noTaintMaster: true
. For example, uses can create a file with the content:
apiVersion: [kubeadm.k8s.io/v1alpha1](http://kubeadm.k8s.io/v1alpha1)
kind: MasterConfiguration
kubernetesVersion: v1.9.1
noTaintMaster: true
And point to the file using the –config flag, as in
kubeadm init --config /etc/kubeadm/kubeadm.yaml
kubeadm: New “imagePullPolicy” option in the init configuration file, that gets forwarded to kubelet static pods to control pull policy for etcd and control plane images. This option allows for precise image pull policy specification for master nodes and thus for more tight control over images. It is useful in CI environments and in environments, where the user has total control over master VM templates (thus, the master VM templates can be preloaded with the required Docker images for the control plane services). (#58960, @rosti)
Fixed issue with charm upgrades resulting in an error state. (#59064, @hyperbolic2346)
kube-apiserver –advertise-address is now set using downward API for self-hosted Kubernetes with kubeadm. (#56084, @andrewsykim)
When using client or server certificate rotation, the Kubelet will no longer wait until the initial rotation succeeds or fails before starting static pods. This makes running self-hosted masters with rotation more predictable. (#58930, @smarterclayton)
Kubeadm no longer throws an error for the –cloud-provider=external flag. (#58259, @dims)
Added support for network spaces in the kubeapi-load-balancer charm. (#58708, @hyperbolic2346)
Added support for network spaces in the kubernetes-master charm. (#58704, @hyperbolic2346)
Added support for network spaces in the kubernetes-worker charm. (#58523, @hyperbolic2346)
Added support for changing nginx and default backend images to kubernetes-worker config. (#58542, @hyperbolic2346)
kubeadm now accepts --apiserver-extra-args
, --controller-manager-extra-args
and --scheduler-extra-args
, making it possible to override / specify additional flags for control plane components. One good example is to deploy Kubernetes with a different admission-control flag on API server. (#58080, @simonferquel)
Alpha Initializers have been removed from kubadm admission control. Kubeadm users who still want to use Initializers can use apiServerExtraArgs through the kubeadm config file to enable it when booting up the cluster. (#58428, @dixudx)
ValidatingAdmissionWebhook and MutatingAdmissionWebhook are beta, and are enabled in kubeadm by default. (#58255, @dixudx)
Add proxy_read_timeout flag to kubeapi_load_balancer charm. (#57926, @wwwtyro)
Check for known manifests during preflight instead of only checking for non-empty manifests directory. This makes the preflight checks less heavy-handed by specifically checking for well-known files (kube-apiserver.yaml, kube-controller-manager.yaml, kube-scheduler.yaml, etcd.yaml) in /etc/kubernetes/manifests instead of simply checking for a non-empty directory. (#57287, @mattkelly)
PVC Protection alpha feature was renamed to Storage Protection. The Storage Protection feature is beta. (#59052, @pospispa)
iSCSI sessions managed by kubernetes will now explicitly set startup.mode to ‘manual’ to prevent automatic login after node failure recovery. This is the default open-iscsi mode, so this change will only impact users who have changed their startup.mode to be ‘automatic’ in /etc/iscsi/iscsid.conf. (#57475, @stmcginnis)
The IPVS feature gateway is now enabled by default in kubeadm, which makes the –feature-gates=SupportIPVSProxyMode=true obsolete, and it is no longer supported. (#60540, @m1093782566)
For advanced auditing, audit policy supports subresources wildcard matching, such as “resource/”, “/subresource”,”*“. (#55306, @hzxuzhonghu)
Auditing is now enabled behind a featureGate in kubeadm. A user can supply their own audit policy with configuration option as well as a place for the audit logs to live. If no policy is supplied a default policy will be provided. The default policy will log all Metadata level policy logs. It is the example provided in the documentation. (#59067, @chuckha)
Reduce Metrics Server memory requirement from 140Mi + 4Mi per node to 40Mi + 4Mi per node. (#58391, @kawych)
Annotations is added to advanced audit api. (#58806, @CaoShuFeng)
Reorganized iptables rules to fix a performance regression on clusters with thousands of services. (#56164, @danwinship)
Container runtime daemon (e.g. dockerd) logs in GCE cluster will be uploaded to stackdriver and elasticsearch with tag container-runtime
. (#59103, @Random-Liu)
Enable prometheus apiserver metrics for custom resources. (#57682, @nikhita)
Add apiserver metric for number of requests dropped because of inflight limit, making it easier to figure out on which dimension the master is overloaded. (#58340, @gmarek)
The Metrics Server now exposes metrics via the /metric endpoint. These metrics are in the prometheus format. (#57456, @kawych)
Reduced the CPU and memory requests for the Metrics Server Nanny sidecar container to free up unused resources. (#57252, @kawych)
Enabled log rotation for load balancer’s api logs to prevent running out of disk space. (#56979, @hyperbolic2346)
Fixed etcd-version-monitor
to backward compatibly support etcd 3.1 go-grpc-prometheus metrics format. (#56871, @jpbetz)
Summary of Container Runtime changes:
Fixed race conditions around devicemanager Allocate() and endpoint deletion. (#60856, @jiayingz)
kubelet initial flag parse now normalizes flags instead of exiting. (#61053, @andrewsykim)
Fixed regression where kubelet –cpu-cfs-quota flag did not work when –cgroups-per-qos was enabled (#61294, @derekwaynecarr)
Kubelet now supports container log rotation for container runtimes implementing CRI (container runtime interface). The feature can be enabled with feature gate CRIContainerLogRotation
. The flags --container-log-max-size
and --container-log-max-files
can be used to configure the rotation behavior. (#59898, @Random-Liu)
Fixed a bug where if an error was returned that was not an autorest.DetailedError
we would return "not found", nil
which caused nodes to go to NotReady
state. (#57484, @brendandburns)
HugePages feature is beta, and thus enabled by default. (#56939, @derekwaynecarr)
Avoid panic when failing to allocate a Cloud CIDR (aka GCE Alias IP Range). (#58186, @negz)
‘none’ can now be specified in KubeletConfiguration.EnforceNodeAllocatable (–enforce-node-allocatable) to explicitly disable enforcement. (#59515, @mtaufen)
The alpha KubeletConfiguration.ConfigTrialDuration field is no longer available. It can still be set using the dynamic configuration alpha feature. (#59628, @mtaufen)
Summary API will include pod CPU and Memory stats for CRI container runtime. (#60328, @Random-Liu)
Some field names in the Kubelet’s now v1beta1 config API differ from the v1alpha1 API: for example, PodManifestPath is renamed to StaticPodPath, ManifestURL is renamed to StaticPodURL, and ManifestURLHeader is renamed to StaticPodURLHeader. Users should focus on switching to the v1beta1 API. (#60314, @mtaufen)
The DevicePlugins feature has graduated to beta, and is now enabled by default; users should focus on moving to the v1beta API if possible. (#60170, @jiayingz)
Per-cpu metrics have been disabled by default for to improve scalability. (#60106, @dashpole)
When the PodShareProcessNamespace
alpha feature is enabled, setting pod.Spec.ShareProcessNamespace
to true
will cause a single process namespace to be shared between all containers in a pod. (#58716, @verb)
Resource quotas on extended resources such as GPUs are now supported. (#57302, @lichuqiang)
If the TaintNodesByCondition is enabled, a node will be tainted when it is under PID pressure. (#60008, @k82cn)
The Kubelet Summary API will now include total usage of pods through the “pods” SystemContainer. (#57802, @dashpole)
vSphere Cloud Provider supports VMs provisioned on vSphere v6.5. (#59519, @abrarshivani)
Created k8s.gcr.io image repo alias to pull images from the closest regional repo. Replaces gcr.io/google_containers. (#57824, @thockin)
Fix the bug where kubelet in the standalone mode would wait for the update from the apiserver source, even if there wasn’t one. (#59276, @roboll)
Changes secret, configMap, downwardAPI and projected volumes to mount read-only, instead of allowing applications to write data and then reverting it automatically. Until version 1.11, setting the feature gate ReadOnlyAPIDataVolumes=false will preserve the old behavior. (#58720, @joelsmith)
Fixes a bug where kubelet crashes trying to free memory under memory pressure. (#58574, @yastij)
New alpha feature limits the number of processes running in a pod. Cluster administrators will be able to place limits by using the new kubelet command line parameter –pod-max-pids. Note that since this is a alpha feature they will need to enable the “SupportPodPidsLimit” feature. By default, we do not set any maximum limit, If an administrator wants to enable this, they should enable SupportPodPidsLimit=true in the –feature-gates= parameter to kubelet and specify the limit using the –pod-max-pids parameter. The limit set is the total count of all processes running in all containers in the pod. (#57973,@dims)
Fixes bug finding master replicas in GCE when running multiple Kubernetes clusters. (#58561, @jesseshieh)
–tls-min-version on kubelet and kube-apiserver allow for configuring minimum TLS versions (#58528, @deads2k)
Fix a bug affecting nested data volumes such as secret, configmap, etc. (#57422, @joelsmith)
kubelet will no longer attempt to remove images being used by running containers when garbage collecting. (#57020, @dixudx)
Allow kubernetes components to react to SIGTERM signal and shutdown gracefully. (#57756, @mborsz)
Fixed garbage collection and resource quota issue when the controller-manager uses –leader-elect=false (#57340, @jmcmeek)
Fixed issue creating docker secrets with kubectl 1.9 for accessing docker private registries. (#57463, @dims)
The CPU Manager feature is now beta, and is enabled by default, but the default policy is no-op so no action is required. (#55977, @ConnorDoyle)
Fixed a bug in the OpenStack cloud provider where dual stack deployments (IPv4 and IPv6) did not work well when using kubenet as the network plugin. (#59749, @zioproto)
Fixed a bug that tries to use the octavia client to query flip. (#59075, @jrperritt)
Kubernetes now registers metadata.hostname as node name for OpenStack nodes, eliminating a problem with invalid node names. (#58502, @dixudx)
Authentication information for OpenStack cloud provider can now be specified as environment variables. When we convert the OpenStack cloud provider to run in an external process, we can now use the kubernetes Secrets capability to inject the OS* variables. This way we can specify the cloud configuration as a configmap, and specify secrets for the userid/password information. The configmap is mounted as a file, and the secrets are made available as environment variables. The external controller itself runs as a pod/daemonset. For backward compatibility, we preload all the OS* variables, and if anything is in the config file, then that overrides the environment variables. (#58300, @dims)
Fixed issue when using OpenStack config drive for node metadata. Since we need to run commands such as blkid, we need to ensure that api server and kube controller are running in the privileged mode. (#57561, @dims)
Orphaned routes are properly removed from terminated instances. (#56258, @databus23)
OpenStack Cinder will now detach properly when Nova is shut down. (#56846, @zetaab)
Added the ability to limit the increase in apiserver memory usage when audit logging with buffering is enabled. (#61118, @shyamjvs)
Upgrade to etcd client 3.2.13 and grpc 1.7.5 to improve HA etcd cluster stability. (#57480, @jpbetz)
Fixes CVE-2017-1002101 - See https://issue.k8s.io/60813 for details on this major security fix. (#61044, @liggitt)
Fixed missing error checking that could cause kubelet to crash in a race condition. (#60962, @technicianted)
Fixed a regression that prevented using subPath
volume mounts with secret, configMap, projected, and downwardAPI volumes. (#61080, @liggitt)
K8s supports cephfs fuse mount. (#55866, @zhangxiaoyu-zidif)
Use GiB unit for creating and resizing volumes for Glusterfs. (#56581, @gnufied)
Adding support for Block Volume type to rbd plugin. (#56651, @sbezverk)
Add FSType for CSI volume source to specify filesystems (alpha defaults to ext4) (#58209, @NickrenREN)
Enabled File system resize of mounted volumes. (#58794, @gnufied)
The Local Volume Plugin has been updated to support Block volumeMode PVs. With this change, it is now possible to create local volume PVs for raw block devices. (#59303, @dhirajh)
Fixed an issue where Portworx volume driver wasn’t passing namespace and annotations to the Portworx Create API. (#59607, @harsh-px)
Addressed breaking changes introduced by new 0.2.0 release of CSI spec. Specifically, csi.Version was removed from all API calls and CcontrollerProbe and NodeProbe were consolidated into a single Probe API call. (#59209, @sbezverk)
GCE PD volume plugin now supports block volumes. (#58710, @screeley44)
Implements MountDevice and UnmountDevice for the CSI Plugin, the functions will call through to NodeStageVolume/NodeUnstageVolume for CSI plugins. (#60115, @davidz627)
The LocalStorageCapacityIsolation feature is beta and enabled by default. The LocalStorageCapacityIsolation feature added a new resource type ResourceEphemeralStorage “ephemeral-storage” so that this resource can be allocated, limited, and consumed as the same way as CPU/memory. All the features related to resource management (resource request/limit, quota, limitrange) are available for local ephemeral storage. This local ephemeral storage represents the storage for root file system, which will be consumed by containers’ writable layer and logs. Some volumes such as emptyDir might also consume this storage. (#60159, @jingxu97)
VolumeScheduling and LocalPersistentVolume features are beta and enabled by default. The PersistentVolume NodeAffinity alpha annotation is deprecated and will be removed in a future release. (#59391, @msau42)
K8s now supports rbd-nbd for Ceph rbd volume mounts. (#58916, @ianchakeres)
CSI now allows credentials to be specified on CreateVolume/DeleteVolume, ControllerPublishVolume/ControllerUnpublishVolume, and NodePublishVolume/NodeUnpublishVolume operations. Before this change all API calls had to fetch key/value stored in secret and use it to authenticate/authorize these operations. With this change API calls receive key/value as a input parameter so they not need to know where and how credentials were stored and fetched. Main goal was to make these API calls CO (Container Orchestrator) agnostic. (#60118, @sbezverk)
StorageOS volume plugin has been updated to support mount options and environments where the kubelet runs in a container and the device location should be specified. (#58816, @croomes)
Get parent dir via canonical absolute path when trying to judge mount-point, fixing a problem that caused an NFS volume with improper permissions to get stuck in TERMINATING
status. (#58433, [@yue9944882]](https://github.com/yue9944882))
Clusters with GCE feature ‘DiskAlphaAPI’ enabled can now dynamically provision GCE PD volumes. (#59447, @verult)
Added keyring
parameter for Ceph RBD provisioner. (#58287, @madddi)
Added xfsprogs to hyperkube container image. (#56937, @redbaron)
Improved messages user gets during and after volume resizing is done, providing a clear message to the user explaining what to do when resizing is finished. (#58415, @gnufied)
MountPropagation feature is now beta. As consequence, all volume mounts in containers are now “rslave” on Linux by default. To make this default work in all Linux environments you should have entire mount tree marked as shareable via “mount –make-rshared /”. All Linux distributions that use systemd already have root directory mounted as rshared and hence they need not do anything. In Linux environments without systemd we recommend running “mount –make-rshared /” during boot, before docker is started. (#59252, @jsafrane)
Volume metrics support for vSphere Cloud Provider has been added. You can now monitor available space, capacity, and used space on volumes created using vSphere. (#59328, @divyenpatel)
Emit number of bound and unbound persistent volumes as Metrics. This PR adds four kinds of Volume Metrics for kube-controller-manager: bound PVC numbers, unbound PVC numbers, bound PV numbers and unbound PV numbers. The PVC metrics use namespace as dimension and the PV metrics use StorageClassName as its dimension. With these metrics we can better monitor the use of volumes in the cluster. (#57872, @mlmhl)
Add windows config to Kubelet CRI so that WindowsContainerResources can be managed. (#57076, @feiskyer)
PersistentVolumes that are bound to a PersistentVolumeClaim will not be deleted. (#58743, @NickrenREN)
The VolumeAttachment API is now available as V1beta1, and is enabled by default. The Alpha API is deprecated and will be removed in a future release. (#58462, @NickrenREN)
Add storage-backend configuration option to kubernetes-master charm. (#58830, @wwwtyro)
Fixed dynamic provisioning of GCE PDs to round to the next GB (base 1000) instead of GiB (base 1024). (#56600, @edisonxiang)
PersistentVolume flexVolume sources can now reference secrets in a namespace other than the PersistentVolumeClaim’s namespace. (#56460, @liggitt)
kubelet and kube-proxy can now be run as native Windows services. (#60144, @alinbalutoiu)
WindowsContainerResources is set now for windows containers. (#59333, @feiskyer)
Disable mount propagation for windows containers (because it is not supported by the OS). (#60275, @feiskyer)
Fix image file system stats for windows nodes. (#59743, @feiskyer)
Kubernetes will now return an error if New-SmbGlobalMapping failed when mounting an azure file on Windows. (#59540, @andyzhangx)
Kubernetes now uses the more reliable GlobalMemoryStatusEx to get total physical memory on windows nodes. (#57124, @JiangtianLi)
Windows containers now support experimental Hyper-V isolation by setting annotation experimental.windows.kubernetes.io/isolation-type=hyperv
and feature gates HyperVContainer. At the moment this function only supports one container per pod. (#58751, @feiskyer)
Get windows kernel version directly from registry rather than windows.getVersion(). (#58498, @feiskyer)
Fixed controller manager crash when using mixed case names in a vSphere cloud provider environment. (#57286, @rohitjogvmw)
Flexvolume is now enabled on Windows nodes. (#56921, @andyzhangx)
The getSubnetIDForLB() returns subnet id rather than net id. (#58208, @FengyunPan)
kubectl scale
can now scale any resource (kube, CRD, aggregate) conforming to the standard scale endpoint (#58298, @p0lyn0mial)
Cluster Autoscaler has been updated to Version 1.2.0, which includes fixes around GPUs and base image change. See https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.2.0for details. (#60842, @mwielgus)
Allows HorizontalPodAutoscaler to use global metrics not associated with any Kubernetes object (for example metrics from a hosting service running outside of the Kubernetes cluster). (#60096, @MaciekPytel)
fluentd-gcp resources can be modified via a ScalingPolicy. (#59657, @x13n)
Added anti-affinity to kube-dns pods. Otherwise the “no single point of failure” setting doesn’t actually work (a single node failure can still take down the entire cluster). (#57683, @vainu-arto)
Fixed webhooks to use the scheme provided in clientConfig, instead of defaulting to http. (#60943, @jennybuckley)
The webhook admission controller in a custom apiserver now works off-the-shelf. (#60995, @caesarxuchao)
Upgrade the default etcd server version to 3.1.12 to pick up critical etcd “mvcc “unsynced” watcher restore operation” fix. (#60998, @jpbetz)
Fixed bug allowing garbage collector to enter a broken state that could only be fixed by restarting the controller-manager. (#61201, @jennybuckley)
kube-apiserver: The external hostname no longer longer use the cloud provider API to select a default. It can be set explicitly using –external-hostname, if needed. If there is no default, AdvertiseAddress or os.Hostname() will be used, in that order. (#56812, @dims)
Custom resources can be listed with a set of grouped resources (category) by specifying the categories in the CustomResourceDefinition spec. Example: They can be used with kubectl get important
, where important
is a category. (#59561, @nikhita)
Fixed an issue making it possible to create a situation in which two webhooks make it impossible to delete each other. ValidatingWebhooks and MutatingWebhooks will not be called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects in the admissionregistration.k8s.io group (#59840, @jennybuckley)
Fixed potential deadlock when deleting CustomResourceDefinition for custom resources with finalizers. (#60542, @liggitt)
A buffered audit backend can be used with other audit backends. (#60076, @crassirostris)
Introduced --http2-max-streams-per-connection
command line flag on api-servers and set default to 1000 for aggregated API servers. (#60054, @MikeSpreitzer)
APIserver backed by etcdv3 exports metric shows number of resources per kind. (#59757, @gmarek)
Add kubectl create job --from-cronjob
command. (#60084, @soltysh)
/status
and /scale
subresources have been added for custom resources. See https://github.com/kubernetes/kubernetes/pull/55168 for more details. (#55168, @nikhita)
Restores the ability of older clients to delete and scale jobs with initContainers. (#59880, @liggitt)
Fixed a race condition causing apiserver crashes during etcd healthchecking. (#60069, @wojtek-t)
Fixed a race condition in k8s.io/client-go/tools/cache.SharedInformer that could violate the sequential delivery guarantee and cause panics on shutdown in Kubernetes 1.8.* and 1.9.*. (#59828, @krousey)
Add automatic etcd 3.2->3.1 and 3.1->3.0 minor version rollback support to gcr.io/google_container/etcd images. For HA clusters, all members must be stopped before performing a rollback. (#59298, @jpbetz)
The meta.k8s.io/v1alpha1
objects for retrieving tabular responses from the server (Table
) or fetching just the ObjectMeta
for an object (as PartialObjectMetadata
) are now beta as part of meta.k8s.io/v1beta1
and configurations must be changed to use the new API. Clients may request alternate representations of normal Kubernetes objects by passing an Accept
header like application/json;as=Table;g=meta.k8s.io;v=v1beta1
or application/json;as=PartialObjectMetadata;g=meta.k8s.io;v1=v1beta1
. Older servers will ignore this representation or return an error if it is not available. Clients may request fallback to the normal object by adding a non-qualified mime-type to their Accept
header like application/json
- the server will then respond with either the alternate representation if it is supported or the fallback mime-type which is the normal object response. (#59059, @smarterclayton)
kube-apiserver now uses SSH tunnels for webhooks if the webhook is not directly routable from apiserver’s network environment. (#58644, @yguo0905)
Access to externally managed IP addresses via the kube-apiserver service proxy subresource is no longer allowed by default. This can be re-enabled via the ServiceProxyAllowExternalIPs
feature gate, but will be disallowed completely in 1.11 (#57265, @brendandburns)
The apiregistration.k8s.io (aggregation) is now generally available. Users should transition from the v1beta1 API to the v1 API. (#58393, @deads2k)
Fixes an issue where the resourceVersion of an object in a DELETE watch event was not the resourceVersion of the delete itself, but of the last update to the object. This could disrupt the ability of clients clients to re-establish watches properly. (#58547, @liggitt)
kube-apiserver: requests to endpoints handled by unavailable extension API servers (as indicated by an Available
condition of false
in the registered APIService) now return 503
errors instead of 404
errors. (#58070, @weekface)
Custom resources can now be submitted to and received from the API server in application/yaml format, consistent with other API resources. (#58260, @liggitt)
Fixed kube-proxy to work correctly with iptables 1.6.2 and later. (#60978, @danwinship)
Makes the kube-dns addon optional so that users can deploy their own DNS solution. (#57113, @wwwtyro)
kubectl port-forward
now supports specifying a service to port forward to, as in kubectl port-forward svc/myservice 8443:443
. Additional support has also been added for looking up targetPort for a service, as well as enabling using svc/name to select a pod. (#59809, @phsiao)
Make NodePort IP addressses configurable. (#58052, @m1093782566)
Fixed the issue in kube-proxy iptables/ipvs mode to properly handle incorrect IP version. (#56880, @MrHohn)
Kubeadm: CoreDNS supports migration of the kube-dns configuration to CoreDNS configuration when upgrading the service discovery from kube-dns to CoreDNS as part of Beta. (#58828, @rajansandeep)
Adds BETA support for DNSConfig
field in PodSpec and DNSPolicy=None
, so configurable pod resolve.conf is now enabled by default. (#59771, @MrHohn)
Removed some redundant rules created by the iptables proxier to improve performance on systems with very many services. (#57461, @danwinship)
Fix an issue where port forwarding doesn’t forward local TCP6 ports to the pod (#57457, @vfreex)
Correctly handle transient connection reset errors on GET requests from client library. (#58520, @porridge)
GCE: Allows existing internal load balancers to continue using a subnetwork that may have been wrongfully chosen due to a bug choosing subnetworks on automatic networks. (#57861, @nicksardo)
Set node external IP for azure node when disabling UseInstanceMetadata. (#60959, @feiskyer)
Changed default azure file/dir mode to 0755. (#56551, @andyzhangx)
Fixed azure file plugin failure issue on Windows after node restart. (#60625, @andyzhangx)(#60623, @feiskyer)
Fixed race condition issue when detaching azure disk, preventing Multi-Attach error
s when scheduling one pod from one node to another. (#60183, @andyzhangx)
Map correct vmset name for Azure internal load balancers. (#59747, @feiskyer)
Node’s providerID will now follow the Azure resource ID format (azure:///subscriptions/<id>/resourceGroups/<rg>/providers/Microsoft.Compute/virtualMachines/<node-name>
rather than azure://d84a1c30-0c9f-11e8-8a34-000d3a919531
) when useInstanceMetadata is enabled (#59539, @feiskyer)
Azure public IP is now correctly removed after a service is deleted. (#59340, @feiskyer)
Added PV size grow feature for azure filesystems. (#57017, @andyzhangx)
Ensured IP is set for Azure internal load balancer. (#59083, @feiskyer)
Set fsGroup by securityContext.fsGroup in azure file. However,f user both sets gid=xxx in mountOptions in azure storage class and securityContext.fsGroup, gid=xxx setting in mountOptions takes precedence. (#58316, @andyzhangx)
If an Azure disk is not found, K8s will immediately detach it. (#58345, @rootfs)
Instrumented the Azure cloud provider for Prometheus monitoring. (#58204, @cosmincojocar)
Fixed device name change issues for azure disk. (#57953, @andyzhangx) (#57549, @andyzhangx)
Support multiple scale sets in Azure cloud provider. (#57543, @feiskyer)
Support LoadBalancer for Azure Virtual Machine Scale Sets (#57131, @feiskyer)
Fixed incorrect error info when creating an azure file PVC failed. (#56550, @andyzhangx)
Added mount options support for azure disk. For example:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: hdd
provisioner: kubernetes.io/azure-disk
mountOptions:
- barrier=1
- acl
parameters:
skuname: Standard_LRS
kind: Managed
fstype: ext3
Fixed a bug the in scheduler cache by using Pod UID as the cache key instead of namespace/name (#61069, @anfernee)
When TaintNodesByCondition
is enabled, added node.kubernetes.io/unschedulable:NoSchedule
(#61161, @k82cn)
kube-scheduler: Support extender managed extended resources in kube-scheduler (#60332, @yguo0905)
Updated priority of mirror pod according to PriorityClassName. (#58485, @k82cn)
kube-scheduler: restores default leader election behavior. Setting the --leader-elect
command line parameter to true
(#60524, @dims)
All pods with priorityClassName system-node-critical and system-cluster-critical will be critical pods while preserving backwards compatibility. (#58835, @ravisantoshgudimetla)
Priority admission controller picks a global default with the lowest priority value if more than one such default PriorityClass exists. (#59991, @bsalamat)
Disallow PriorityClass names with ‘system-’ prefix for user defined priority classes. (#59382, @bsalamat)
kube-scheduler: Use default predicates/prioritizers if they are unspecified in the policy config. (#59363, @yguo0905)
Scheduler should be able to read from config file if configmap is not present. (#59386, @ravisantoshgudimetla)
Add apiserver metric for current inflight-request usage. (#58342, @gmarek)
Stability: Make Pod delete event handling of scheduler more robust. (#58712, @bsalamat)* Allow scheduler set AlwaysCheckAllPredicates, short circuit all predicates if one predicate fails can greatly improve the scheduling performance. (#56926, @wgliang)
GCE: support passing kube-scheduler policy config via SCHEDULER_POLICY_CONFIG. This allows us to specify a customized scheduler policy configuration. (#57425, @yguo0905)
Returns an error for non overcommitable resources if they don’t have limit field set in container spec to prevent users from creating invalid configurations. (#57170, @jiayingz)
GCE: Fixed ILB creation on automatic networks with manually created subnetworks. (#57351, @nicksardo)
Multiple Performance Improvements to the MatchInterPodAffinity predicate (#57476, @misterikkit)(#57477, @misterikkit)
The calico-node addon tolerates all NoExecute and NoSchedule taints by default. So Calico components can even be scheduled on tainted nodes. (#57122, @caseydavenport)
The scheduler skips pods that use a PVC that either does not exist or is being deleted. (#55957, @jsafrane)
Updated dashboard version to v1.8.3, which keeps auto-generated certs in memory. (#57326, @floreks)
fluentd-gcp addon: Fixed bug with reporting metrics in event-exporter. (#60126, @serathius)
Avoid hook errors when effecting label changes on kubernetes-worker charm. (#59803, @wwwtyro)
Fixed charm issue where docker login would run prior to daemon options being set. (#59396, @kwmonroe)
Implementers of the cloud provider interface will note the addition of a context to this interface. Trivial code modification will be necessary for a cloud provider to continue to compile. (#59287, @cheftako)
Added configurable etcd quota backend bytes in GCE. (#59259, @wojtek-t)
GCP: allow a master to not include a metadata concealment firewall rule (if it’s not running the metadata proxy). (#58104, @ihmccreery)
Fixed issue with kubernetes-worker option allow-privileged not properly handling the value True with a capital T. (#59116, @hyperbolic2346)
Controller-manager –service-sync-period flag has been removed. (It was never used in the code and should have no user impact.) (#59359, @khenidak)
[fluentd-gcp addon] Switch to the image provided by Stackdriver. The Stackdriver Logging Agent container image uses fluentd v0.14.25. (#59128, @bmoyles0117)
CRI now uses moutpoint as image filesystem identifier instead of UUID. (#59475, @Random-Liu)
GCE: support Cloud TPU API in cloud provider (#58029, @yguo0905)
kubelet now notifies systemd that it has finished starting, if systemd is available and running. (#60654, @dcbw)
Do not count failed pods as unready in HPA controller (#60648, @bskiba)
fixed foreground deletion of podtemplates (#60683, @nilebox)
Conformance tests are added for the DaemonSet kinds in the apps/v1 group version. Deprecated versions of DaemonSet will not be tested for conformance, and conformance is only applicable to release 1.10 and later. (#60456, @kow3ns)
Log audit backend can now be configured to perform batching before writing events to disk. (#60237, @crassirostris)
New conformance tests added for the Garbage Collector (#60116, @jennybuckley)
Fixes a bug where character devices are not recognized by the kubelet (#60440, @andrewsykim)
StatefulSet in apps/v1 is now included in Conformance Tests. (#60336, @enisoc)
dockertools: disable memory swap on Linux. (#59404, @ohmystack)
Increase timeout of integration tests (#60458, @jennybuckley)
force node name lowercase on static pod name generating (#59849, @yue9944882
fix device name change issue for azure disk (#60346, @andyzhangx)
Additional changes to iptables kube-proxy backend to improve performance on clusters with very large numbers of services. (#60306, @danwinship)
Increase allowed lag for ssh key sync loop in tunneler to allow for one failure (#60068, @wojtek-t)
Set an upper bound (5 minutes) on how long the Kubelet will wait before exiting when the client cert from disk is missing or invalid. This prevents the Kubelet from waiting forever without attempting to bootstrap a new client credentials. (#59316, @smarterclayton)
Add ipset binary for IPVS to hyperkube docker image (#57648, @Fsero)
Making sure CSI E2E test runs on a local cluster (#60017, @sbezverk)
Separate current ARM rate limiter into read/write (#59830, @khenidak)
Improve control over how ARM rate limiter is used within Azure cloud provider, add generic cache for Azure VM/LB/NSG/RouteTable (#59520, @feiskyer)
fix typo (#59619, @jianliao82)
DaemonSet, Deployment, ReplicaSet, and StatefulSet objects are now persisted in etcd in apps/v1 format (#58854, @liggitt)
YAMLDecoder Read now tracks rest of buffer on io.ErrShortBuffer (#58817, @karlhungus)
Prevent kubelet from getting wedged if initialization of modules returns an error. (#59020, @brendandburns)
Fixed a race condition inside kubernetes-worker that would result in a temporary error situation. (#59005, @hyperbolic2346)
Fix regression in the CRI: do not add a default hostname on short image names (#58955, @runcom)
use containing API group when resolving shortname from discovery (#58741, @dixudx)
fluentd-es addon: multiline stacktraces are now grouped into one entry automatically (#58063, @monotek)
Default scheduler code is moved out of the plugin directory. (#57852, @misterikkit)
CDK nginx ingress is now handled via a daemon set. (#57530, @hyperbolic2346)
Move local PV negative scheduling tests to integration (#57570, @sbezverk)
Only create Privileged PSP binding during e2e tests if RBAC is enabled. (#56382, @mikkeloscar)
ignore nonexistent ns net file error when deleting container network in case a retry (#57697, @dixudx)
Use old dns-ip mechanism with older cdk-addons. (#57403, @wwwtyro)
Retry ‘connection refused’ errors when setting up clusters on GCE. (#57394, @mborsz)
YAMLDecoder Read now returns the number of bytes read (#57000, @sel)
Drop hacks used for Mesos integration that was already removed from main kubernetes repository (#56754, @dims)
Compare correct file names for volume detach operation (#57053, @prashima)
The ConfigOK node condition has been renamed to KubeletConfigOk. (#59905, @mtaufen)
Adding pkg/kubelet/apis/deviceplugin/v1beta1 API. (#59588, @jiayingz)
Fixes volume predicate handler for equiv class (#59335, @resouer)
Bugfix: vSphere Cloud Provider (VCP) does not need any special service account anymore. (#59440, @rohitjogvmw)
fix the error prone account creation method of blob disk (#59739, @andyzhangx)
Updated kubernetes-worker to request new security tokens when the aws cloud provider changes the registered node name. (#59730, @hyperbolic2346)
Pod priority can be specified ins PodSpec even when the feature is disabled, but it will be effective only when the feature is enabled. (#59291, @bsalamat)* Add generic cache for Azure VMSS (#59652, @feiskyer)
fix the create azure file pvc failure if there is no storage account in current resource group (#56557, @andyzhangx)
Implement envelope service with gRPC, so that KMS providers can be pulled out from API server. (#55684, @wu-qiang)
Enable golint for pkg/scheduler
and fix the golint errors in it. (#58437, @tossmilestone)
Ensure euqiv hash calculation is per schedule (#59245, @resouer)
Upped the timeout for apiserver communication in the juju kubernetes-worker charm. (#59219, @hyperbolic2346)
kubeadm init: skip checking cri socket in preflight checks (#58802, @dixudx)
Configurable etcd compaction frequency in GCE (#59106, @wojtek-t)
Fixed a bug which caused the apiserver reboot failure in the presence of malfunctioning webhooks. (#59073, @caesarxuchao)
GCE: Apiserver uses InternalIP
as the most preferred kubelet address type by default. (#59019, @MrHohn)
CRI: Add a call to reopen log file for a container. (#58899, @yujuhong)
The alpha KubeletConfigFile feature gate has been removed, because it was redundant with the Kubelet’s –config flag. It is no longer necessary to set this gate to use the flag. The –config flag is still considered alpha. (#58978, @mtaufen)
Fixing extra_sans option on master and load balancer. (#58843, @hyperbolic2346)
Ensure config has been created before attempting to launch ingress. (#58756, @wwwtyro)
Support metrics API in kubectl top
commands. (#56206, @brancz)
Bump GCE metadata proxy to v0.1.9 to pick up security fixes. (#58221, @ihmccreery)
“ExternalTrafficLocalOnly” has been removed from feature gate. It has been a GA feature since v1.7. (#56948, @MrHohn)
feat(fakeclient): push event on watched channel on add/update/delete (#57504, @yue9944882)
Fixes a possible deadlock preventing quota from being recalculated (#58107, @ironcladlou)
Bump metadata proxy version to v0.1.7 to pick up security fix. (#57762, @ihmccreery)
The kubelet uses a new release 3.1 of the pause container with the Docker runtime. This version will clean up orphaned zombie processes that it inherits. (#57517, @verb)
Add cache for VM get operation in azure cloud provider (#57432, @karataliu)
Configurable liveness probe initial delays for etcd and kube-apiserver in GCE (#57749, @wojtek-t)
Improve scheduler performance of MatchInterPodAffinity predicate. (#57478, @misterikkit)
Add the path ‘/version/’ to the system:discovery
cluster role. (#57368, @brendandburns)
adding predicates ordering for the kubernetes scheduler. (#57168, @yastij)
Fix ipvs proxier nodeport ethassumption (#56685, @m1093782566)
Fix Heapster configuration and Metrics Server configuration to enable overriding default resource requirements. (#56965, @kawych)
Improved event generation in volume mount, attach, and extend operations (#56872, @davidz627)
Remove ScrubDNS interface from cloudprovider. (#56955, @feiskyer)
Fixed a garbage collection race condition where objects with ownerRefs pointing to cluster-scoped objects could be deleted incorrectly. (#57211, @liggitt)
api-server provides specific events when unable to repair a service cluster ip or node port (#54304, @frodenas)
delete useless params containerized (#56146, @jiulongzaitian)
dockershim now makes an Image’s Labels available in the Info field of ImageStatusResponse (#58036, @shlevy)
Support GetLabelsForVolume in OpenStack Provider (#58871, @edisonxiang)
Add “nominatedNodeName” field to PodStatus. This field is set when a pod preempts other pods on the node. (#58990, @bsalamat)* Fix the PersistentVolumeLabel controller from initializing the PV labels when it’s not the next pending initializer. (#56831, @jhorwit2)
Rename StorageProtection to StorageObjectInUseProtection (#59901, @NickrenREN)
Add support for cloud-controller-manager in local-up-cluster.sh (#57757, @dims)
GCE: A role and clusterrole will now be provided with GCE/GKE for allowing the cloud-provider to post warning events on all services and watching configmaps in the kube-system namespace. No user action is required. (#59686, @nicksardo)
Wait for kubedns to be ready when collecting the cluster IP. (#57337, @wwwtyro)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | d7409a0bf36558b8328eefc01959920641f1fb2630fe3ac19b266fcea05a1646 |
kubernetes-src.tar.gz | 4384bfe4151850e5d169b125c0cba51b7c2f00aa9972a6b4c22c44af74e8e3f8 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 1eb98b5d527ee9ed375f06df96c1158b9879880eb12d68a81e823d7a92e3866d |
kubernetes-client-darwin-amd64.tar.gz | be7e35e9698b84ace37e0ed54640c3958c0d9eea8bd413eb8b604ec02922321a |
kubernetes-client-linux-386.tar.gz | 825a80abdb1171e72c1660fb7854ed6e8290cb7cb54ebb88c3570b3f95e77a02 |
kubernetes-client-linux-amd64.tar.gz | 97e22907c3f0780818b7124c50451ae78e930cd99ec8f96f188cdd080547e21b |
kubernetes-client-linux-arm64.tar.gz | d27674c7daec425f0fa72ca14695e7f13c81cfd08517ceb1f5ce1bb052b5b9b2 |
kubernetes-client-linux-arm.tar.gz | e54f1fc7cf95981f54d68108ad0113396357ff0c7baaf6a76a635f0de21fb944 |
kubernetes-client-linux-ppc64le.tar.gz | 7535a6668e6ca6888b22615439fae8c68d37d62f572b284755db87600050a6c6 |
kubernetes-client-linux-s390x.tar.gz | 6a9f90e2ea5cb50b2691c45d327cca444ae9bfc41cba43ca22016679da940a71 |
kubernetes-client-windows-386.tar.gz | cc5fef5e054588ad41870a379662d8429bd0f09500bcf4a67648bf6593d18aaf |
kubernetes-client-windows-amd64.tar.gz | a06033004c5cecc43494d95dd5d5e75f698cf8e4d358c229c5fef222c131b077 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | e844897e9a39ca14a449e077cb4e4f2dc6c7d5326b95a1e47bef3b6f9c6057f7 |
kubernetes-server-linux-arm64.tar.gz | c15476626cd750a8f59c30c3389ada482995aea66b510c43732035d33e87e774 |
kubernetes-server-linux-arm.tar.gz | 74a1ff7478d7ca5c4ccb2fb772ef13745a20cfb512e3e66f238abb98122cc4eb |
kubernetes-server-linux-ppc64le.tar.gz | 3b004717fe811352c15fe71f3122d2eaac7e0d1c4ff07d8810894c877b409c0f |
kubernetes-server-linux-s390x.tar.gz | b6ff40f13355b47e2c02c6c016ac334a3f5008769ed7b4377c617c2fc9e30b7a |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | a3a3e27c2b77fa46b7c9ff3b8bfdc672c2657e47fc4b1ca3d76cdc102ca27630 |
kubernetes-node-linux-arm64.tar.gz | af172c9d71ba2d15e14354159ac34ca7fe112b7d2d2ba38325c467950aa04755 |
kubernetes-node-linux-arm.tar.gz | fb904aa009c3309e92505ceff15863f83d9317af15cbf729bcbd198f5be3379f |
kubernetes-node-linux-ppc64le.tar.gz | 659f0091578e42b111417d45f708be2ac60447512e485dab7d2f4abaeee36f49 |
kubernetes-node-linux-s390x.tar.gz | ce40dcc55ca299401ddf146b2622dd7f19532e95620bae63aea58a45a8020875 |
kubernetes-node-windows-amd64.tar.gz | 0f8b5c551f58cdf298d41258483311cef66fe1b41093152a43120514a493b23d |
TaintNodesByCondition
enabled, added node.kubernetes.io/unschedulable:NoSchedule
(#61161, @k82cn)
spec.Unschedulable
is true.ScheduleDaemonSetPods
enabled, node.kubernetes.io/unschedulable:NoSchedule
unschedulable
field offilename | sha256 hash |
---|---|
kubernetes.tar.gz | 69132f3edcf549c686055903e8ef007f0c92ec05a8ec1e3fea4d5b4dc4685580 |
kubernetes-src.tar.gz | 60ba32e493c0a1449cdbd615d709e9d46780c91c88255e8e9f468c5e4e124576 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 80ef567c51aa705511ca20fbfcad2e85f1dc4fb750c0f58e0d82f4166359273f |
kubernetes-client-darwin-amd64.tar.gz | 925830f3c6c135adec206012ae94807b58b9438008ae87881e7a9d648ab993ec |
kubernetes-client-linux-386.tar.gz | 9e4f40325a27b79f16eb3254c6283d67e2fecd313535b300f9931800e4c495a4 |
kubernetes-client-linux-amd64.tar.gz | 85ee9bfa519e49283ab711c73f52809f8fc43616cc2076dc060987e6f262ff95 |
kubernetes-client-linux-arm.tar.gz | f0123581243a278052413e862208a797e78e7689c6dba0da08ab3200feedd66c |
kubernetes-client-linux-arm64.tar.gz | dd19b034e1798f5bb0b1c6230ef294ca8f3ef7944837c5d49dce4659bb284b8e |
kubernetes-client-linux-ppc64le.tar.gz | 84a46003fe0140f8ecec03befceed7a4d955f9f88abdced99ecee24bc675b113 |
kubernetes-client-linux-s390x.tar.gz | c4ee2bf9f7ea66ab41b350220920644bee3eeceb13cfd19873843a9ab43b372d |
kubernetes-client-windows-386.tar.gz | 917e768179e82a33232281b9b6e555cee75cf6315bd3c60a1fce4717fbd0e538 |
kubernetes-client-windows-amd64.tar.gz | 915f3cc888332b360701a4b20d1af384ec5388636f2c3e3868e36124ce8a96a8 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 01b50da6bae8abe4e2c813381c3848ff615fc1d8164d11b163ac0819554ad7b4 |
kubernetes-server-linux-arm.tar.gz | 0a1ebd399759a68972e6248b09ce46a76deef931e51c807e032fefc4210e3dde |
kubernetes-server-linux-arm64.tar.gz | b8298a06aed6cd1c624855fb4e2d7258e8f9201fbc5bfebc8190c24273e95d9b |
kubernetes-server-linux-ppc64le.tar.gz | b3b03dc71476f70c8a62cf5ac72fe0bfa433005778d39bfbc43fe225675f9986 |
kubernetes-server-linux-s390x.tar.gz | 940bc9b4f73f32896f3c55d1b5824f931517689ec62b70600c8699e84bc725ee |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | bcc29195864e4e486a7e8194be06f3cf575203e012790ea6d70003349b108701 |
kubernetes-node-linux-arm.tar.gz | 35ab99a6cd30c2ea6a1f2347d244fb8583bfd7ef1d54f89fbf9a3a3be14fb9e7 |
kubernetes-node-linux-arm64.tar.gz | fcb611d964c7e1c546fbbb38c8b30b3e3bb54226540caa0b80930f53e321dd2e |
kubernetes-node-linux-ppc64le.tar.gz | 4de7b25cf712df27b6eec5232dc2891e07dbeb8c3699a145f777cc0629f1fe9c |
kubernetes-node-linux-s390x.tar.gz | 2f0b6a01c7c86209f031f47e1901bf3da82efef4db5b73b4e7d83be04b03c814 |
kubernetes-node-windows-amd64.tar.gz | 619013157435d8da7f58bb339aa21d5a080c341aebe226934d1139d29cff72be |
subPath
volume mounts with secret, configMap, projected, and downwardAPI volumes (#61080, @liggitt)filename | sha256 hash |
---|---|
kubernetes.tar.gz | 65880d0bb77eeb83554bb0a6c78b6d3a25cd38ef7d714bbe2c73b203386618d6 |
kubernetes-src.tar.gz | e9fbf8198fd80c92dd7e2ecf0cf6cefda06f9b89e7986ae141412f8732dae47c |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 50b1a41e70804f74b3e76d7603752d45dfd47011fd986d055462e1330330aa45 |
kubernetes-client-darwin-amd64.tar.gz | 3658e70ae9761464df50c6cae8d57349648c80d16658892e42ea898ddab362bc |
kubernetes-client-linux-386.tar.gz | 00b8c048b201931ab1fb059df030e0bfc866f3c3ff464213aa6071ff261a3d33 |
kubernetes-client-linux-amd64.tar.gz | 364d6439185399e72f96bea1bf2863deb2080f4bf6df721932ef14ec45b2d5fc |
kubernetes-client-linux-arm.tar.gz | 98670b2e965e118fb02901aa949cd1eb12d34ffd0bba7ff22014e9ad587556bc |
kubernetes-client-linux-arm64.tar.gz | 5f4febc543aa2f10c0c8aee9c9a8cb169b19b04486bda4cf1f72c80fa7a3a483 |
kubernetes-client-linux-ppc64le.tar.gz | ff3d020e97e2ff4c1824db910f13945d70320fc3988cc24385708cab58d4065f |
kubernetes-client-linux-s390x.tar.gz | 508695afe6d3466488bc20cad31c184723cb238d1c311d2d1c4f9f1c9e981bd6 |
kubernetes-client-windows-386.tar.gz | 9f6372cfb973d04a150e1388d96cb60e7fe6ccb9ba63a146ff2dee491c2e3f4e |
kubernetes-client-windows-amd64.tar.gz | 2c85f2f13dc535d3c777f186b7e6d9403d64ac18ae01d1e460a8979e62845e04 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 4797ada6fd43e223d67840e815c1edb244a3b40a3a1b6ecfde7789119f2add3d |
kubernetes-server-linux-arm.tar.gz | fb2fdb4b2feb41adbbd33fe4b7abbe9780d91a288a64ff7acf85d5ef942d3960 |
kubernetes-server-linux-arm64.tar.gz | bc1f35e1999beaac91b65050f70c8e539918b927937e88bfcfa34a0c26b96701 |
kubernetes-server-linux-ppc64le.tar.gz | cce312f5af7dd182c8cc4ef35a768fef788a849a93a6f2f36e9d2991e721b362 |
kubernetes-server-linux-s390x.tar.gz | 42edec36fa34a4cc4959af20a587fb05924ccc87c94b0f845953ba1ceec56bb7 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | e517986261e3789cada07d9063ae96ed9b17ffd80c1b220b6ae9c41238c07c08 |
kubernetes-node-linux-arm.tar.gz | 9eb213248982816a855a7ff18c9421d5e987d5f1c472880a16bc6c477ce8da2a |
kubernetes-node-linux-arm64.tar.gz | e938dce3ec05cedcd6ab8e2b63224170db00e2c47e67685eb3cb4bad247ac8c0 |
kubernetes-node-linux-ppc64le.tar.gz | bc9bf3d55f85d3b30f0a28fd79b7610ecdf019b8bc8d7f978da62ee0006c72eb |
kubernetes-node-linux-s390x.tar.gz | c5a1b18b8030ec86748e23d45f1de63783c2e95d67b0d6c2fcbcd545d205db8d |
kubernetes-node-windows-amd64.tar.gz | df4f4e8df8665ed08a9a3d9816e61c6c9f0ce50e4185b6c7a7f34135ad1f91d0 |
filename | sha256 hash |
---|---|
kubernetes.tar.gz | d07d77f16664cdb5ce86c87de36727577f48113efdb00f83283714ac1373d521 |
kubernetes-src.tar.gz | c27b06e748e4c10f42472f51ddfef7e9546e4ec9d2ce9f7a9a3c5768de8d97bf |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | d63168f9155f04e4b47fe96381f9aa06c3d498b6e6b71d1fb8c3ffeb0f3c6e4c |
kubernetes-client-darwin-amd64.tar.gz | f473cbe830c1bfb738b0a66f07b3cd858ba185232eba26fe776f90d8a27bd7c1 |
kubernetes-client-linux-386.tar.gz | 2a0f74d30cdaf19ed7c3fde3528e98a8cd98fdb9dc6e6a501525e69895674d56 |
kubernetes-client-linux-amd64.tar.gz | 69c18569717a97cb5e6bc22bebcf2f64969ba68b11685faaf2949c4ffbcd0b73 |
kubernetes-client-linux-arm.tar.gz | 10e1d76a1ee6c0df9f9cce40d18c350a1e3e3665e6fe64d22e4433b6283d3fe2 |
kubernetes-client-linux-arm64.tar.gz | 12f081b99770548c8ddd688ae6b417c196f8308bd5901abbed6f203e133411ae |
kubernetes-client-linux-ppc64le.tar.gz | 6e1a035b4857539c90324e00b150ae65aaf4f4524250c9ca7d77ad5936f0628e |
kubernetes-client-linux-s390x.tar.gz | 5a8e2b0d14e18a39f821b09a7d73fa5c085cf6c197aeb540a3fe289e04fcc0d9 |
kubernetes-client-windows-386.tar.gz | 03fac6befb94b85fb90e0bb47596868b4da507d803806fad2a5fb4b85c98d87d |
kubernetes-client-windows-amd64.tar.gz | 3bf8dd42eb70735ebdbda4ec4ec54e9507410e2f97ab2f364b88c2f24fdf471c |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 1278703060865281aa48b1366e3c4b0720d4eca623ba08cf852a4719a6680ec3 |
kubernetes-server-linux-arm.tar.gz | b1e2b399bec8c25b7b6037203485d2d09b091afc51ffebf861d5bddb8bb076ac |
kubernetes-server-linux-arm64.tar.gz | 4c3d0ed44d6a19ae178034117891678ec373894b02f8d33627b37a36c2ea815b |
kubernetes-server-linux-ppc64le.tar.gz | 88a7b52030104a4c6fb1f8c5f79444ed853f381e1463fec7e4939a9998d92dff |
kubernetes-server-linux-s390x.tar.gz | 35981580c00bff0e3d92238f961e37dd505c08bcd4cafb11e274daa1eb8ced5f |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | ceedb0a322167bae33042407da5369e0b7889fbaa3568281500c921afcdbe310 |
kubernetes-node-linux-arm.tar.gz | b84ab4c486bc8f00841fccce2aafe4dcef25606c8f3184bce2551ab6486c8f71 |
kubernetes-node-linux-arm64.tar.gz | b79a41145c28358a64d7a689cd282cf8361fe87c410fbae1cdc8db76cfcf6e5b |
kubernetes-node-linux-ppc64le.tar.gz | afc00f67b9f6d4fc149d4426fc8bbf6083077e11a1d2330d70be7e765b6cb923 |
kubernetes-node-linux-s390x.tar.gz | f6128bbccddfe8ce39762bacb5c13c6c68d76a4bf8d35e773560332eb05a2c86 |
kubernetes-node-windows-amd64.tar.gz | b1dde1ed2582cd511236fec69ebd6ca30281b30cc37e0841c493f06924a466cf |
filename | sha256 hash |
---|---|
kubernetes.tar.gz | 428139d9877f5f94acc806cc4053b0a5f8eac2acc219f06efd0817807473dbc5 |
kubernetes-src.tar.gz | 5bfdecdbb43d946ea965f22ec6b8a0fc7195197a523aefebc2b7b926d4252edf |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 8cc086e901fe699df5e0711438195e675e099848a72ba272b290d22abc107a93 |
kubernetes-client-darwin-amd64.tar.gz | b2782b8f6dbfe3fa962b08606cbf3366b071b78c47794d2ef67f9d484b4af4e4 |
kubernetes-client-linux-386.tar.gz | a4001ad2387ccb4557b15c560b0ea8ea4d7c7ed494375346e3f83c10eb9426ac |
kubernetes-client-linux-amd64.tar.gz | b95d354e80d9f00a883e5eeb8c2e0ceaacc0f3cc8c904cb2eca1e1b6d91462b2 |
kubernetes-client-linux-arm64.tar.gz | 647d234c59bc1d6f8eea88624d85b09bbe1272d9e27e1f7963e03cc025530ed0 |
kubernetes-client-linux-arm.tar.gz | 187da9ad060ac7d426811772f6c3d891a354945af6a7d8832ac7097e19d4b46d |
kubernetes-client-linux-ppc64le.tar.gz | 6112396b8f0e7b1401b374aa2ae6195849da7718572036b6f060a722a89dc319 |
kubernetes-client-linux-s390x.tar.gz | 09789cf33d8eed610ad2eef7d3ae25a4b4a63ee5525e452f9094097a172a1ce9 |
kubernetes-client-windows-386.tar.gz | 1e71bc9979c8915587cdea980dad36b0cafd502f972c051c2aa63c3bbfeceb14 |
kubernetes-client-windows-amd64.tar.gz | 3c2978479c6f65f1cb5043ba182a0571480090298b7d62090d9bf11b043dd27d |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | d887411450bbc06e2f4a24ce3c478fe6844856a8707b3236c045d44ab93b27d2 |
kubernetes-server-linux-arm64.tar.gz | 907f037eea90bf893520d3adeccdf29eda69eea32c564b08cecbedfd06471acd |
kubernetes-server-linux-arm.tar.gz | f2ac4ad4f831a970cb35c1d7194788850dff722e859a08a879c918db1233aaa7 |
kubernetes-server-linux-ppc64le.tar.gz | 0bebb59217b491c5aa4b4b9dc740c0c8c5518872f6f86853cbe30493ea8539a5 |
kubernetes-server-linux-s390x.tar.gz | 5f343764e04e3a8639dffe225cc6f8bc6f17e1584b2c68923708546f48d38f89 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | c4475c315d4ae27c30f80bc01d6ea8b0b8549ec6a60a5dc745cf11a0c4398c23 |
kubernetes-node-linux-arm64.tar.gz | 4512a4c3e62cd26fb0d3f78bfc8de9a860e7d88e7c913c5df4c239536f89da42 |
kubernetes-node-linux-arm.tar.gz | 1da407ad152b185f520f04215775a8fe176550a31a2bb79e3e82968734bdfb5c |
kubernetes-node-linux-ppc64le.tar.gz | f23f6f819e6d894f8ca7457f80ee4ede729fd35ac59e9c65ab031b56aa06d4a1 |
kubernetes-node-linux-s390x.tar.gz | 205c789f52a4c666a63ac7944ffa8ee325cb97e788b748c262eae59b838a94ba |
kubernetes-node-windows-amd64.tar.gz | aa7675fd22d9ca671585f429f6981aa79798f1894025c3abe3a7154f3c94aae6 |
/home/kubernetes/flexvolume
. (#58171, @verult)/openapi/v2
endpoint instead. (#59293, @roycaihw)cloud-provider
service account is now deprecated. If you’re currently using this service account, you must create and apply your own RBAC policy for new clusters. (#59949, @nicksardo)kubeletconfig
API group has graduated from alpha to beta, and the name has changed to kubelet.config.k8s.io
. Please use kubelet.config.k8s.io/v1beta1
, as kubeletconfig/v1alpha1
is no longer available. (#53833, @mtaufen)DNSConfig
field in PodSpec and DNSPolicy=None
. (#59771, @MrHohn)--http2-max-streams-per-connection
command line flag on api-servers and set default to 1000 for aggregated API servers. (#60054, @MikeSpreitzer)kubectl get all
, where all
is a category. (#59561, @nikhita)--show-all
(which only affected pods and only for human readable/non-API printers) is now defaulted to true and deprecated. It will be inert in 1.11 and removed in a future release. (#60210, @deads2k)PodShareProcessNamespace
alpha feature is enabled, setting pod.Spec.ShareProcessNamespace
to true
will cause a single process namespace to be shared between all containers in a pod. (#60181, @verb)CRIContainerLogRotation
.--container-log-max-size
and --container-log-max-files
can be used to configure the rotation behavior./status
and /scale
subresources are added for custom resources. (#55168, @nikhita)NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota
(#58684, @hzxuzhonghu)--apiserver-advertise-dns-address
which is used in node kubelet.confg to point to API server (#59288, @stevesloka)PodSecurityPolicy
API has been moved to the policy/v1beta1
API group. The PodSecurityPolicy
API in the extensions/v1beta1
API group is deprecated and will be removed in a future release. Authorizations for using pod security policy resources should change to reference the policy
API group after upgrading to 1.11. (#54933, @php-coder)kubectl port-forward
now supports specifying a service to port forward to: kubectl port-forward svc/myservice 8443:443
(#59809, @phsiao)container-runtime
(#59103, @Random-Liu)--secure-port
and --bind-address
instead. (#59582, @sttts)kubeadm init
can now omit the tainting of the master node if configured to do so in kubeadm.yaml
. (#55479, @ijc)pkg/scheduler
and fix the golint errors in it. (#58437, @tossmilestone)meta.k8s.io/v1alpha1
objects for retrieving tabular responses from the server (Table
) or fetching just the ObjectMeta
for an object (as PartialObjectMetadata
) are now beta as part of meta.k8s.io/v1beta1
. Clients may request alternate representations of normal Kubernetes objects by passing an Accept
header like application/json;as=Table;g=meta.k8s.io;v=v1beta1
or application/json;as=PartialObjectMetadata;g=meta.k8s.io;v1=v1beta1
. Older servers will ignore this representation or return an error if it is not available. Clients may request fallback to the normal object by adding a non-qualified mime-type to their Accept
header like application/json
- the server will then respond with either the alternate representation if it is supported or the fallback mime-type which is the normal object response. (#59059, @smarterclayton)filename | sha256 hash |
---|---|
kubernetes.tar.gz | 246f0373ccb25a243a387527b32354b69fc2211c422e71479d22bfb3a829c8fb |
kubernetes-src.tar.gz | f9c60bb37fb7b363c9f66d8efd8aa5a36ea2093c61317c950719b3ddc86c5e10 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | ca8dfd7fbd34478e7ba9bba3779fcca08f7efd4f218b0c8a7f52bbeea0f42cd7 |
kubernetes-client-darwin-amd64.tar.gz | 713c35d99f44bd19d225d2c9f2d7c4f3976b5dd76e9a817b2aaf68ee0cb5a939 |
kubernetes-client-linux-386.tar.gz | 7601e55e3bb0f0fc11611c68c4bc000c3cbbb7a09652c386e482a1671be7e2d6 |
kubernetes-client-linux-amd64.tar.gz | 8a6c498531c1832176e22d622008a98bac6043f05dec96747649651531ed3fd7 |
kubernetes-client-linux-arm64.tar.gz | 81561820fb5a000152e9d8d94882e0ed6228025ea7973ee98173b5fc89d62a42 |
kubernetes-client-linux-arm.tar.gz | 6ce8c3ed253a10d78e62e000419653a29c411cd64910325b21ff3370cb0a89eb |
kubernetes-client-linux-ppc64le.tar.gz | a46b42c94040767f6bbf2ce10aef36d8dbe94c0069f866a848d69b2274f8f0bc |
kubernetes-client-linux-s390x.tar.gz | fa3e656b612277fc4c303aef95c60b58ed887e36431db23d26b536f226a23cf6 |
kubernetes-client-windows-386.tar.gz | 832e12266495ac55cb54a999bc5ae41d42d160387b487d8b4ead577d96686b62 |
kubernetes-client-windows-amd64.tar.gz | 7056a3eb5a8f9e8fa0326aa6e0bf97fc5b260447315f8ec7340be5747a16f5fd |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | dc8e2be2fcb6477249621fb5c813c853371a3bf8732c5cb3a6d6cab667cfa324 |
kubernetes-server-linux-arm64.tar.gz | 399071ad9042a72bccd6e1aa322405c02b4a807c0b4f987d608c4c9c369979d6 |
kubernetes-server-linux-arm.tar.gz | 7457ad16665e331fa9224a3d61690206723721197ad9760c3b488de9602293f5 |
kubernetes-server-linux-ppc64le.tar.gz | ffcb728d879c0347bd751c9bccac3520bb057d203ba1acd55f8c727295282049 |
kubernetes-server-linux-s390x.tar.gz | f942f6e15886a1fb0d91d04adf47677068c56070dff060f38c371c3ee3e99648 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 81b22beb30be9d270016c7b35b86ea585f29c0c5f09128da9341f9f67c8865f9 |
kubernetes-node-linux-arm64.tar.gz | d9020b99c145f44c519b1a95b55ed24e69d9c679a02352c7e05e86042daca9d1 |
kubernetes-node-linux-arm.tar.gz | 1d10bee4ed62d70b318f5703b2cd8295a08e199f810d6b361f367907e3f01fb6 |
kubernetes-node-linux-ppc64le.tar.gz | 67cd4dde212abda37e6f9e6dee1bb59db96e0727100ef0aa561c15562df0f3e1 |
kubernetes-node-linux-s390x.tar.gz | 362b030e011ea6222b1f2dec62311d3971bcce4dba94997963e2a091efbf967b |
kubernetes-node-windows-amd64.tar.gz | e609a2b0410acbb64d3ee6d7f134d98723d82d05bdbead1eaafd3584d3e45c39 |
experimental.windows.kubernetes.io/isolation-type=hyperv
and feature gates HyperVContainer. Only one container per pod is supported yet. (#58751, @feiskyer)crds
is added as a shortname for CustomResourceDefinition i.e. kubectl get crds
can now be used. (#59061, @nikhita)InternalIP
as the most preferred kubelet address type by default. (#59019, @MrHohn)--insecure-bind-address
, --insecure-port
and remove --public-address-override
. (#59018, @hzxuzhonghu)kubectl scale
can now scale any resource (kube, CRD, aggregate) conforming to the standard scale endpoint (#58298, @p0lyn0mial)filename | sha256 hash |
---|---|
kubernetes.tar.gz | 89efeb8b16c40e5074f092f51399995f0fe4a0312367a8f54bd227c3c6fcb629 |
kubernetes-src.tar.gz | eefbbf435f1b7a0e416f4e6b2c936c49ce5d692994da8d235c5e25bc408eec57 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 878366200ddfb9128a133d7d377057c6f878b24357062cf5243c0f0aac26b292 |
kubernetes-client-darwin-amd64.tar.gz | dc065b9ecfa513607eac6e7dd125b2c25c9a9e7c13d0b2b6e56586e17bbd6ae5 |
kubernetes-client-linux-386.tar.gz | 93c2462051935d8f6bca6c72d09948963d47cd64426660f63e0cea7d37e24812 |
kubernetes-client-linux-amd64.tar.gz | 0eef61285fad1f9ff8392c59986d3a41887abc642bcb5cb451c5a5300927e2c4 |
kubernetes-client-linux-arm64.tar.gz | 6cf7913730a57b503beaf37f5c4d0f97789358983ed03654036f8b986b60cc62 |
kubernetes-client-linux-arm.tar.gz | f03c3ecbf4c08d263f2daa8cbe838e20452d6650b80e9a74762c155c26a579b7 |
kubernetes-client-linux-ppc64le.tar.gz | 25a2f93ebb721901d262adae4c0bdaa4cf1293793e9dff4507e031b85f46aff8 |
kubernetes-client-linux-s390x.tar.gz | 3e0b9ef771f36edb61bd61ccb67996ed41793c01f8686509bf93e585ee882c94 |
kubernetes-client-windows-386.tar.gz | 387e5e6b0535f4f5996c0732f1b591d80691acaec86e35482c7b90e00a1856f7 |
kubernetes-client-windows-amd64.tar.gz | c10a72d40252707b732d33d03beec3c6380802d0a6e3214cbbf4af258fddf28c |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 42c1e016e8b0c5cc36c7bf574abca18c63e16d719d35e19ddbcbcd5aaeabc46c |
kubernetes-server-linux-arm64.tar.gz | b7774c54344c75bf5c703d4ca271f0af6c230e86cbe40eafd9cbf98a4f4be6e9 |
kubernetes-server-linux-arm.tar.gz | c11c8554506b64d6fd1a6e79bfc4e1e19f4f826b9ba98de81bc757901e8cdc43 |
kubernetes-server-linux-ppc64le.tar.gz | 196bd957804b2a9049189d225e49bf78e52e9adef12c072128e4e85d35da438e |
kubernetes-server-linux-s390x.tar.gz | be12fbea28a6cb089734782fe11e6f90a30785b9ad1ec02bc08a59afeb95c173 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | a1feb239dfc473b49adf95d7d94e4a9c6c7d07416d4e935e3fc10175ffaa7163 |
kubernetes-node-linux-arm64.tar.gz | 26583c0bd08313bdc0bdfba6745f3ccd0f117431d3a5e2623bb5015675d506b8 |
kubernetes-node-linux-arm.tar.gz | 79c6299a5482467e3e85ee881f21edf5d491bc28c94e547d9297d1e1ad1b7458 |
kubernetes-node-linux-ppc64le.tar.gz | 2732fd288f1eac44c599423ce28cbdb85b54a646970a3714be5ff86d1b14b5e2 |
kubernetes-node-linux-s390x.tar.gz | 8d49432f0ff3baf55e71c29fb6ffc1673b2a45b9eae2e1906138b1409da53940 |
kubernetes-node-windows-amd64.tar.gz | 15ff74edfa98cd1afadcc4e53dd592b1e2935fbab76ad731309d355ae23bdd09 |
binaryData
field. When using kubectl create configmap --from-file
, files containing non-UTF8 data will be placed in this new field in order to preserve the non-UTF8 data. Use of this feature requires 1.10+ apiserver and kubelets. (#57938, @dims)ServiceProxyAllowExternalIPs
feature gate, but will be disallowed completely in 1.11 (#57265, @brendandburns)kubectl top
commands. (#56206, @brancz)$ref
references are no longer permitted (valid references could not be constructed previously because property ids were not permitted either). Before upgrading, ensure CRD definitions do not include those $ref
fields. (#58438, @carlory)Available
condition of false
in the registered APIService) now return 503
errors instead of 404
errors. (#58070, @weekface)--apiserver-extra-args
, --controller-manager-extra-args
and --scheduler-extra-args
to override / specify additional flags for control plane components (#58080, @simonferquel)--enable-admission-plugin
--disable-admission-plugin
flags and deprecate --admission-control
. (#58123, @hzxuzhonghu)
--admission-control-config-file
containing AdmissionConfiguration apiserver.k8s.io/v1alpha1 config object (#58439, @liggitt)v1.Pod
that configures this behavior. (#58093, @verb)--init-config-dir
flag has been removed. Instead, use the --config
flag to reference a kubelet configuration file directly. (#57624, @mtaufen)autorest.DetailedError
we would return "not found", nil
which caused nodes to go to NotReady
state. (#57484, @brendandburns)system:discovery
cluster role. (#57368, @brendandburns)filename | sha256 hash |
---|---|
kubernetes.tar.gz | 403b90bfa32f7669b326045a629bd15941c533addcaf0c49d3c3c561da0542f2 |
kubernetes-src.tar.gz | 266da065e9eddf19d36df5ad325f2f854101a0e712766148e87d998e789b80cf |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 5aaa8e294ae4060d34828239e37f37b45fa5a69508374be668965102848626be |
kubernetes-client-darwin-amd64.tar.gz | 40a8e3bab11b88a2bb8e748f0b29da806d89b55775508039abe9c38c5f4ab97d |
kubernetes-client-linux-386.tar.gz | e08dde0b561529f0b2bb39c141f4d7b1c943749ef7c1f9779facf5fb5b385d6a |
kubernetes-client-linux-amd64.tar.gz | 76a05d31acaab932ef45c67e1d6c9273933b8bc06dd5ce9bad3c7345d5267702 |
kubernetes-client-linux-arm64.tar.gz | 4b833c9e80f3e4ac4958ea0ffb5ae564b31d2a524f6a14e58802937b2b936d73 |
kubernetes-client-linux-arm.tar.gz | f1484ab75010a2258ed7717b1284d0c139d17e194ac9e391b8f1c0999eec3c2d |
kubernetes-client-linux-ppc64le.tar.gz | da884f09ec753925b2c1f27ea0a1f6c3da2056855fc88f47929bb3d6c2a09312 |
kubernetes-client-linux-s390x.tar.gz | c486f760c6707fc92d1659d3cbe33d68c03190760b73ac215957ee52f9c19195 |
kubernetes-client-windows-386.tar.gz | 514c550b7ff85ac33e6ed333bcc06461651fe4004d8b7c12ca67f5dc1d2198bf |
kubernetes-client-windows-amd64.tar.gz | ddad59222f6a8cb4e88c4330c2a967c4126cb22ac5e0d7126f9f65cca0fb9f45 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 514efd798ce1d7fe4233127f3334a3238faad6c26372a2d457eff02cbe72d756 |
kubernetes-server-linux-arm64.tar.gz | f71f75fb96221f65891fc3e04fd52ae4e5628da8b7b4fbedece3fab4cb650afa |
kubernetes-server-linux-arm.tar.gz | a9d8c2386813fd690e60623a6ee1968fe8f0a1a8e13bc5cc12b2caf8e8a862e1 |
kubernetes-server-linux-ppc64le.tar.gz | 21336a5e40aead4e2ec7e744a99d72bf8cb552341f3141abf8f235beb250cd93 |
kubernetes-server-linux-s390x.tar.gz | 257e44d38fef83f08990b6b9b5e985118e867c0c33f0e869f0900397b9d30498 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 97bf1210f0595ebf496ca7b000c4367f8a459d97ef72459efc6d0e07a072398f |
kubernetes-node-linux-arm64.tar.gz | eebcd3c14fb4faeb82ab047a2152db528adc2d9f7b20eef6f5dc58202ebe3124 |
kubernetes-node-linux-arm.tar.gz | 3d4428416c775a0a6463f623286bd2ecdf9240ce901e1fbae180dfb564c53ea1 |
kubernetes-node-linux-ppc64le.tar.gz | 5cc96b24fad0ac1779a66f9b136d90e975b07bf619fea905e6c26ac5a4c41168 |
kubernetes-node-linux-s390x.tar.gz | 134c13338edf4efcd511f4161742fbaa6dc232965d3d926c3de435e8a080fcbb |
kubernetes-node-windows-amd64.tar.gz | ae54bf2bbcb99cdcde959140460d0f83c0ecb187d060b594ae9c5349960ab055 |
--cloud-provider=auto-detect
feature (#56287, @stewart-yu)etcd-version-monitor
to backward compatibly support etcd 3.1 go-grpc-prometheus metrics format. (#56871, @jpbetz)See the Releases Page for older releases.
Release notes of older releases can be found in:
[]()