- v1.26.7
- v1.26.6
- v1.26.5
- v1.26.4
- v1.26.3
- v1.26.2
- v1.26.1
- v1.26.0
- v1.26.0-rc.1
- v1.26.0-rc.0
- v1.26.0-beta.0
- v1.26.0-alpha.3
- v1.26.0-alpha.2
- v1.26.0-alpha.1
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 427b640ba7391715c278532e24651d0d6ae0adc9e0b1280d6a02ae35a29004399b9112c89d834ad6147c0eecf877d3877054e7b9eae414bee24daf02f8f64de4 |
kubernetes-src.tar.gz | 656225858c48047813b86a06b8f423306a4697f89a440817f308a4d362c89ea82cd989e806a79216dfb5603b29d63a7119137442789d12770190cae0567d0606 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | f9dac5e9e8b66749ca02bf1bbd56e2f24cfd3823974250e5c1aa5d05f0c0529610f158ed639fc39a62cd65a270979f53c3c2f1a2d0f97b9e88381adcaf23c91a |
kubernetes-client-darwin-arm64.tar.gz | b63e71ee7b0885bcc14d2119930fa8a275909a5f8665668102b3ee0273c5f1228e95a60821b91f56902fdc4ccc8c025ff8ce5675fbd0a9fb5d2613c732843d96 |
kubernetes-client-linux-386.tar.gz | 0667d15b0f2a80b97aa47b279cad505a912cf0e142b0634d0fc0c422d9174d9379224481a13410be0917429bb1ad46440c9d62d0f55b11be7728784473824cd0 |
kubernetes-client-linux-amd64.tar.gz | 031579fce4e2a62da2cd601543fd43630dcc365a86540984efaf8656021b569b7147f189078938ef3c6e81d9bf5a60016774d018d2b97d0cb4a797ba0e715558 |
kubernetes-client-linux-arm.tar.gz | 69d51faf682297672e6a7bfb96b4beeedc4e432c3b29c89854f925286aeb6cddb2c52e83f9dc46396b80407811f863a2906d70bf69dad89734df98ac57682cf1 |
kubernetes-client-linux-arm64.tar.gz | d16e2ee4a7c27153425cd22e4909a7d76394456743004d1bb1b4ad7200681cc08e6fb0b30b082107609ae3ee93c6235d107f40a61ef605499497febfb2a1da2f |
kubernetes-client-linux-ppc64le.tar.gz | 7548a7a7a32cb183744065360269532e5678d0dca96f488db3c2c4392d6842e29451b2c8efa74bc373bfa7aaadba3d3486d921b9455b73caa7472c296c200e34 |
kubernetes-client-linux-s390x.tar.gz | 2a1bc4d1c3e4183d0bff6147f79835968e0057aa87e3f6b492c6cf74eb8b0a99d8d52d1f9f9f1d43e0ae8c5c34bf5118d1c161547b2607aa0bbd982f3a063908 |
kubernetes-client-windows-386.tar.gz | fdd03326304233df5f067bcde8f8e1c924e1c9555532e0215d4d8cd3fce206608cb44e73c4433ddbf667c8a1cda6b2007377d010ceff8374650eccf06b19741a |
kubernetes-client-windows-amd64.tar.gz | 1fa892644a589a1907e783eb4e58605f5f893196139489819739b28042754f2eeea6acfde29f45dd8cf369ecaf55700a4e6cefb86b7d819cc6f7e415b96b3b5f |
kubernetes-client-windows-arm64.tar.gz | aa5c0c63fcf3e50fec3f1b07bf186f5c90f00d5475740b6d96a455d1c4ff93edc6e3d9168b68ff2d662d8d70c5b660becd96c6e9722f802c39992f9c16abd558 |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 51e9e8a2a5bb9d675828a84e9c4fca7f96ad1d732fe6b59e4f0f9528e2423cda446e4e964d0f1ed656ec2ce6f230c8d9973614ede71e2f9217391998baa96d5c |
kubernetes-server-linux-arm.tar.gz | 6b18fe2847efc11d967d8e2e8b175e6b34bcb51b9696ac1f4d864147f4fe6cbaa228ef60b9f18fed979c8ada87b676dc2200162f3923bd515098030bfd112adf |
kubernetes-server-linux-arm64.tar.gz | d5f20ca6fc5e2888cd22580c7182ed05e943bf70bb1e9fb063dd4f6b9cf20305792f7fd77d25250044176743ae16aaa80ff8ddc14e5c22eddc0415608e033079 |
kubernetes-server-linux-ppc64le.tar.gz | adb7f9812673f4c0edcf3a0475e19bfca18a3be9a960e008f1e04a69d7dd371354ba8aea1223d0606991aa57b62bdcc7d6c6fdfba4c916a9acd4c73a5492c51d |
kubernetes-server-linux-s390x.tar.gz | 00b034cf27967f8ff747ca348fa97d5658d863f3169aa42eed6d28eea65e6eddffc745379d784223a35feb6d679ff1f309560e176083635ff38c99a95eb13421 |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 9c7327d500848cef054099435179512a2224b79e5df2c031f0a106c9deedf8c1efae14217a3847d23391e4959852ded621b11adf40bad2f9782bd183bfb21fd8 |
kubernetes-node-linux-arm.tar.gz | f2674eb38e1595c04fc8d6c70c0976f5e00746f6d200803ab44c5f7a307a4bb8f91b131bc5c2c119bdb7265236720daa942727402c84142ebf30bcfed01786ff |
kubernetes-node-linux-arm64.tar.gz | e20c360abdfd1852300e6d1a3222db5a3c9b13487f2138d065cc94821411b1c4e2baf4c28163d5f5be68ff2350a7e03cf1fbe11be4e0d9b0711524488be05710 |
kubernetes-node-linux-ppc64le.tar.gz | 6501d4eb3e584910dd4526c83ebe348efb0aef5114bd40b0e2a4acf954b3f9d4c6a1b68ed4bb88c0926c5defdf06ebb4011448f882d2d59fdbf32bf7a5b8d51a |
kubernetes-node-linux-s390x.tar.gz | 85ab0f86ab611804d77700ed92738e4623ad49015886b9913e17f0555c6d346820bbbd2f78fdd8c043a98e7d509fe99ee44debe17f6fd90b2af446bcbde6882b |
kubernetes-node-windows-amd64.tar.gz | 1ed1d2a6a2e3d315998ca9b396208c090b0f4f9d3e305bccd926e72e6ab955a27c8eaa0a20f562c155718a357219a8a54916b55d16e051910732f4654e948f7f |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
- GCE does not support LoadBalancer Services with ports with different protocols (TCP and UDP) (#115966, @aojea) [SIG Apps and Cloud Provider]
- Kubernetes 1.26.x is now built with Go 1.20.5 (#119201, @cpanato) [SIG Release and Testing]
- Kubernetes is now built with Go 1.20.6 (#119367, @xmudrii) [SIG Release and Testing]
- Fix component status calling etcd health endpoint over http which exposed kubernetes to the risk of complete watch starvation and is inconsistent with other etcd probing done by kube-apiserver. (#119038, @serathius) [SIG API Machinery]
- Fix cronjob controller handling of complex schedules, like "30 6-16/4 * * 1-5", for example (#119138, @kmala) [SIG Apps]
- Fixed a performance issue where pods weren't created/deleted in parallel for a StatefulSet with podManagementPolicy: Parallel. (#119223, @aleksandra-malinowska) [SIG Apps]
- Fixed file permission issues that happened during update of Secret/ConfigMap/projected volume when fsGroup is used. The problem caused a race condition where application gets intermittent permission denied error when reading files that were just updated, before the correct permissions were applied. (#114728, @furkatgofurov7) [SIG Storage]
- Fixed vSphere cloud provider not to skip detach volumes from nodes at kube-controller-startup. (#117243, @jsafrane) [SIG Cloud Provider]
- Kubeadm: explicitly set
priority
for static pods withpriorityClassName: system-node-critical
(#119117, @champtar) [SIG Cluster Lifecycle] - Only declare Job as finished after removing all Pod finalizers to avoid orphan Pods (#119163, @alculquicondor) [SIG Apps and Testing]
- The Daemonset controller creates replacements for terminal Pods, which can appear during VM preemptions or when using Pod finalizers (#118912, @alculquicondor) [SIG Apps and Testing]
- This PR adds additional validation for endpoint ip configuration while iterating through queried endpoint list. (#117225, @princepereira) [SIG Network and Windows]
- Updated cAdvisor to v0.46.1 - Fix metrics in cri-o when a container restarts (#118798, @harche) [SIG Node]
Nothing has changed.
- github.com/google/cadvisor: v0.46.0 → v0.46.1
- github.com/rogpeppe/go-internal: v1.10.0 → v1.11.0
- golang.org/x/mod: v0.8.0 → v0.9.0
Nothing has changed.
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 163945f51f6cf9cd4b23952533902f8f58d0bf5c6e1825bcc83a57319c07824ad5adc375484fa54d823d685ecf81cbe3fc2fe3d373c6ffac00ec36ee92350109 |
kubernetes-src.tar.gz | 0929b7a01cb261d2df8f0f58f905cf3efec73a8b826dbafa1bb16d9bb4407a04cb9dd0a7dc4be9642c0c654969a6509e20aaf0420053c172b55b45af1dc74836 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | 9563e3038b1238bf4bc81d5f16902660d6b63ba54c6c0411466ad311333bd9ebc5281c0511d850927d5bbdc981b5d944319b0f34892ef59e650e1cb10cf618b0 |
kubernetes-client-darwin-arm64.tar.gz | d635b09a430d3be3b835f5b0b6c1e754c97c54f8b0c35ff30e1e7ab22039c820ca6dca1cd8ed568ef3dd6529a1f5648396248e8a79c9b6727f514aa7974f61d7 |
kubernetes-client-linux-386.tar.gz | 76ef2fd226a74d99dee3cf91c89910e0c5aae3df21a9679200c9d03a1f1cf81b6283f291bb8beec399aae549e1f265c81cf68b0940c80b2610ce79cfd025b45d |
kubernetes-client-linux-amd64.tar.gz | aebb2bc49141ca8881d84a24b71d1f67e645efed0acc0b66c34a3e8c4de17eb4e2c0b5ae869d7a964dad4839e7e51480f6398bf24ff135085c9c5575798d2376 |
kubernetes-client-linux-arm.tar.gz | 569e174c138d1de1cd5356e0c329abdc0769864683baf652636c36c9eb2514746b071ff3ac064fbcadd6440656850265845cc2b59ae36533e2628c61ee9efdda |
kubernetes-client-linux-arm64.tar.gz | c8c7307d96b737dcb55f01cdd3888befff8168100cbd55f0dec78bb2662e03cfc7dcf2c5acdb00eced7226e5ae8350a624c3c8d2d158401569ef6f2057462665 |
kubernetes-client-linux-ppc64le.tar.gz | ecd7ab115b92610d229991005460e58f0cf2606dfadb3b63be900cedc71e48b9ffe48af0ddf2c433aa89458c30c435bb24bbad805c20e196ebd826d193a19938 |
kubernetes-client-linux-s390x.tar.gz | 137e1babf87a0e7c6050693ebe6dd68715ad29678eb7978a81ff5fad28e2568506d6c0ac070271132c44e9112a87b2d6061d7c4b4551f9b496d47f96bf819882 |
kubernetes-client-windows-386.tar.gz | 36f6eee8ac1db536919d93c019fc2e641b8f8e4263b99aa3cf8cb44c26e127c5f8dca188b9bc03395d0fa457153942940b9f5f1c30df4331704b9bb83e3757d6 |
kubernetes-client-windows-amd64.tar.gz | 9b907c88503a63d626b60d74b75dd42132ffb5c555508a809e7b299aedad5ae298960491226ffe4ccfec291a55b0613726f14625a49867b41a5d5ff641381667 |
kubernetes-client-windows-arm64.tar.gz | 3ac375ba345a04799303d6f6fb76d5950671a1d0039d6fb8fd44bc0d8f8d3e9c0138e624dbcf4317dba37b1ad8caa206d96186b289ee17e5324876d49aff0b71 |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 29a0d1715291cb4c75e0205281d15e1ab47ef63878f2a4e001ad897c11925138deb4c82ac2384c97fff9a679a8a7264358791454d645348a0a13a7061930e2a3 |
kubernetes-server-linux-arm.tar.gz | b688e8d2a6d4ec008ae87552cef9c673c20751f27fc4cd547d1a97b9cbee340eb41a3214e50304eb24e0dd906a9144280abcf4c9c29d3d5c98c0646dc8071f7d |
kubernetes-server-linux-arm64.tar.gz | 24395dde77bd68fd4440f11ad3f47b6caaddb20770b1db4ec211f71247bf314139be4cfb05bb66f2efded2b5a39514b8b8e628719ddb3485067b6d1bb96e90b5 |
kubernetes-server-linux-ppc64le.tar.gz | 8deb3a808bf55e6c9f983c54a3b8c190ae3c29064a3a50747a838a46a92e9863a6e89af8e9543764e9c48590f60a6a5418d9d1f7d323f7dee8171c407deb53c6 |
kubernetes-server-linux-s390x.tar.gz | 74d5c4872308c82a5cccd16e957cd53dbc464f05c2b4f6942b009ec9da36dc542254f23c349dbd18ec69620c93364d5d20dc458f24ad9ba96c70c536ab71d28c |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 2c6d6356de128c7e32b68cd0d44f8631480c0e880c6edc7c9e1e9fe8bef0da3f9186eab1742ad4a9967102ac16aba230bd7c39b0c92b5920d19ded0f0b51a919 |
kubernetes-node-linux-arm.tar.gz | cac2e10c808cdb81f2a772d4adf1a685044bdc7f5a9dc4cb81285233c6be9ce1f77fae2bd235388dc76f0b644f9ba9b3d3405f5217a99ea2958d7635d46713a0 |
kubernetes-node-linux-arm64.tar.gz | f06b6950ef31bcf76cb3f7689adb67c691124c22b0ca603a5f95a563f9bc9bb5345e753946f0b603af0324c8a17bb693f16b2a7a3efc223cf4314a645aaec7ce |
kubernetes-node-linux-ppc64le.tar.gz | 091660d6bf8e5a4b03aaf1207a6ef477935a8f0147f3a635c7e2f463ff011e41d6b88a183a2c6dcbeab101e81c5f02849c6edda07dcb386743c54577d04ea02b |
kubernetes-node-linux-s390x.tar.gz | 4c2fd30b7f90df0df86d4d0ac20652d511df94b037e3226814863371b80a3739400512abc08dcedd17b746b79bd7d058527fb0beb72ebfc60887fb09e1f6866d |
kubernetes-node-windows-amd64.tar.gz | 5b7a8f7ef9dfd38729054a06d41709b25f284a8a84f701f17ed766865b2bf9d20880cf40f3e10f7c092a532bc975f48e58e58f8860bd9e3dcaaa111161dae609 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
This release contains changes that address the following vulnerabilities:
CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account's secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets
annotation are used together with ephemeral containers.
Note: This only impacts the cluster if the ServiceAccount admission plugin is used (most cluster should have this on by default as recommended in https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#serviceaccount), the kubernetes.io/enforce-mountable-secrets
annotation is used by a service account (this annotation is not added by default), and Pods are using ephemeral containers.
Affected Versions:
- kube-apiserver v1.27.0 - v1.27.2
- kube-apiserver v1.26.0 - v1.26.5
- kube-apiserver v1.25.0 - v1.25.10
- kube-apiserver <= v1.24.14
Fixed Versions:
- kube-apiserver v1.27.3
- kube-apiserver v1.26.6
- kube-apiserver v1.25.11
- kube-apiserver v1.24.15
CVSS Rating: Medium (6.5) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
- Kubernetes 1.26.x is now built with Go 1.19.10 (#118555, @puerco) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release, Storage and Testing]
- Add DisruptionTarget condition to the pod preempted by Kubelet to make room for a critical pod (#118221, @mimowo) [SIG Node and Testing]
- Fixes a bug at kube-apiserver start where APIService objects for custom resources could be deleted and recreated. (#118104, @liggitt) [SIG API Machinery and Testing]
- If
kubeadm reset
finds no etcd member ID for the peer it removes during theremove-etcd-member
phase, it continues immediately to other phases, instead of retrying the phase for up to 3 minutes before continuing. (#117916, @dlipovetsky) [SIG Cluster Lifecycle] - Kubeadm: fix a bug where the static pod changes detection logic is inconsistent with kubelet (#118069, @SataQiu) [SIG Cluster Lifecycle]
- github.com/a8m/tree: 10a5fd5
- github.com/dougm/pretty: 2ee9d74
- github.com/rasky/go-xdr: 4930550
- github.com/vmware/vmw-guestinfo: 25eff15
- github.com/google/uuid: v1.1.2 → v1.3.0
- github.com/kr/pretty: v0.2.1 → v0.3.0
- github.com/rogpeppe/go-internal: v1.3.0 → v1.10.0
- github.com/vmware/govmomi: v0.20.3 → v0.30.0
Nothing has changed.
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 18438efecabb4f2fa59a8bb72adbf1f317f9631c579cb0f0550d063be484054e4058cac3cbb6da87492c8d64bf39df018ba37a7abb30db34a7c2512963a352d1 |
kubernetes-src.tar.gz | 134b2da4865e4899fc826f1acc51ae7c2ba6b29d9ce2fa709a0e9d9e3398271b8cca99fe98f449e6f7e18e9439e4838761465b4f0133bc5f623f188f2d0b0173 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | c1acdfeb6ae020c38e1bc6ab21a15eff6bcb4925101ca8fe501ec9017de25a608862ccf64b3792f27cd9025b8c750c11aa6e3b0ef807bfc6d1809c794c9ab651 |
kubernetes-client-darwin-arm64.tar.gz | 311af6a0a3a2a569ded1018be7e421b0785981910f722d383880e7f0c9bab7bd64011a1eebd6d2c3d5d71c61fa2db120490f6f9d86d1d7885271f78d24c668ab |
kubernetes-client-linux-386.tar.gz | cd800cf0d231e9eae2996719e22bb2278c131881e2ba86725c8df8fd486968d9d0e57b315668727de19e374acaa78127684f0d9c8f0616e57efb1718e2de14b9 |
kubernetes-client-linux-amd64.tar.gz | 54cbf70ad1e2f3a329999fae8f230ab23273fdf5ce0fd96aed82390da74f47004fb13e858fce610a395c2deb27c5b7011a72e981218c8a9e2a4fe3924905aea9 |
kubernetes-client-linux-arm.tar.gz | b86ecb55b8d7d7d7ce061f5908b88307d0cb4a5751c699aea710a594182bfb8a1325229746745e64b4f4dc3612ed754077a1e5ba93a013bcb7120a2c47098275 |
kubernetes-client-linux-arm64.tar.gz | 29ccab3926c6d9c4444281f7b9bb61b78485ea3acfaeff7cc1a62ab74b9d0e0dbfa4e55ba7ea5854714a88ecc74724485fd792ab18cd5e8f8d15758f2147d25a |
kubernetes-client-linux-ppc64le.tar.gz | 66cf7b492b7bf1b23158cc5ca076a6336fb88f492da1c646b4066b85987cff8e325fc8937c6c314b9f26d66a09aef8aa590e960dfedf3e0a01dc8d6cc9883e1f |
kubernetes-client-linux-s390x.tar.gz | a102b4c78223ea8e804a5d97073d0e7f338273891a1394d1de62973f131c3251c360b5ecc76cd78bb0e9f376a657de4cc9367daccc623b87515178ea49175d93 |
kubernetes-client-windows-386.tar.gz | 97e3d8fc793c27b2526c3f558b63ad5b22d1ed002b3ab0d56311ebe200e9b5254d144e8220d236422f4dfe475fce24803b9ccab6ee14d15dcc4aa01777067808 |
kubernetes-client-windows-amd64.tar.gz | b87540e9ba072f5a335f658aa66321fa8eb5673640f0682f86e5de533a441f7d95c9cb0a7f12d73591864656a4b89bbcf3e4bddd6e8c19d6ebad3fd148d0fd37 |
kubernetes-client-windows-arm64.tar.gz | 052a80fbcee9440522569f4f19a4ee5634bb893be0b398f8981564ef57e49caf11aebaf6bbb9d064e0afc623c07a27454ba2007441df6da78b7aee86c34d158e |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 50b2a1c4ed255b9f88fdeb2bb6177bea31547f477389d8bcad777074b204469eb6772aa7a10c76bf99e3b8af46f0ebda3a498657f110a32348193db905134195 |
kubernetes-server-linux-arm.tar.gz | 44abc4cb8854ae365f9aaa4115fb2f6ed0b6126c971791106fc6391681c243602e67a99f4f34b6098f91d0957cf9ad43ddcf7225300f0ffa30fb4bae45b0a546 |
kubernetes-server-linux-arm64.tar.gz | 68ee0cce7936e307deb3b2557ce3d5e75e496ce07b9be77477f088e73b7efce3dc7b41a6b425eaca1b6b3bd1f95e4d994aaa5600ea05b9751ec2b0616496e246 |
kubernetes-server-linux-ppc64le.tar.gz | 3ee0b1f67c800b82f2a5bee75709e77001d983bd8c547cfd95453d091e80bbb8b8f2b9448f182eb9cc1e0be1d9fa6dd14853cf318bc324e09200f01cc7ec0721 |
kubernetes-server-linux-s390x.tar.gz | fef74956da4c83fd4dd664a605f81d334cbf78f20f133c7cb07805e308e8641337119ce17c17b7f514c0002594fe90c960c5a7944d077361c735d072cdf1a879 |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 32ba84701e50b480eb9c5e5b1a0df119b6dfaa9e1d9944937f133e2e18c3d777b36afd0f4784cf20e4ef8e36a6e9b74086718ca9c179d6c6065c9b656cbcc173 |
kubernetes-node-linux-arm.tar.gz | cc49effb748f0e0a1262b91d3fe3cdf9c4800b8465914cf5b9327d340bebb00bf3b1981dcf863a162062044c0450e878430ee7ced64861ad103b0ea47c2941b3 |
kubernetes-node-linux-arm64.tar.gz | 4e4cc93d244f64535726632d905272b0d4a0943f298493c2774342ebebe6f39b97f64bca80325c2f127053a136171acaf4489a7ab9d03ebe65e638f263f04812 |
kubernetes-node-linux-ppc64le.tar.gz | 2eda0bf53db0e69f9806547fa239ad40bcce17b98ed4d7e1fca0b6a848bf6cd824e0a6fef7e40101a92418e72ce810b0ec05d2fd7bf886837d000addf86e13df |
kubernetes-node-linux-s390x.tar.gz | 3aaafec1ba19c0799db9d422c24fa1061b545730a4a174f088fa86058a7d3d9fb7c966bd1ff5750b4a06eab7f9d4dcb892bca033f91f306ae05e21adc97f961a |
kubernetes-node-windows-amd64.tar.gz | 99eab9022d127ca4cd50c567bdc137beb23ec3e6df0cdf6323e7349ad636d59b222b647338b805eb4f708187c033aa63d321fa301d067fc5c47cc7dc63d88569 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
- Added error handling for seccomp localhost configurations that do not properly set a localhostProfile (#117020, @cji) [SIG API Machinery and Node]
- Fixed an issue where kubelet does not set case-insensitive headers for http probes. (#117182, @dddddai) (#117323, @dddddai) [SIG API Machinery, Apps and Node]
- Revised the comment about the feature-gate level for PodFailurePolicy from alpha to beta (#117814, @kerthcet) [SIG Apps]
- Allow Azure Disk e2es to use newer topology labels if available from nodes (#117216, @gnufied) [SIG Storage and Testing]
- CVE-2023-27561 CVE-2023-25809 CVE-2023-28642: Bump fix runc v1.1.4 -> v1.1.5
- During device plugin allocation, resources requested by the pod can only be allocated if the device plugin has registered itself to kubelet AND healthy devices are present on the node to be allocated. If these conditions are not sattisfied, the pod would fail with
UnexpectedAdmissionError
error. (#116337, @swatisehgal) [SIG Node and Testing] - Fix incorrect calculation for ResourceQuota with PriorityClass as its scope. (#117826, @Huang-Wei) [SIG API Machinery]
- Fix: the volume is not detached after the pod and PVC objects are deleted (#117340, @cvvz) [SIG Storage]
- Fixed a memory leak in the Kubernetes API server that occurs during APIService processing. (#117311, @enj) [SIG API Machinery]
- Fixes a regression in kubectl and client-go discovery when configured with a server URL other than the root of a server. (#117686, @ardaguclu) [SIG API Machinery]
- Number of errors reported to the metric
storage_operation_duration_seconds_count
for emptyDir decreased significantly because previously one error was reported for each projected volume created. (#117022, @mpatlasov) [SIG Storage] - Recreate DaemonSet pods completed with Succeeded phase (#117496, @mimowo) [SIG Apps and Testing]
- Resolves a spurious "Unknown discovery response content-type" error in client-go discovery requests by tolerating extra content-type parameters in API responses (#117638, @seans3) [SIG API Machinery]
- Setting a mirror pod's phase to Succeeded or Failed can prevent the corresponding static pod from restarting due mutation of a Kubelet cache. (#116482, @smarterclayton) [SIG Node]
- [KCCM] service controller: change the cloud controller manager to make
providerID
a predicate when synchronizing nodes. This change allows load balancer integrations to ensure that theproviderID
is set when configuring load balancers and targets. (#117452, @alexanderConstantinescu) [SIG Cloud Provider and Network]
- A v2-level info log will be added, which will output the details of the pod being preempted, including victim and preemptor (#117214, @HirazawaUi) [SIG Scheduling]
Nothing has changed.
- github.com/opencontainers/runc: v1.1.4 → v1.1.6
- golang.org/x/mod: v0.6.0 → v0.8.0
- golang.org/x/net: v0.7.0 → v0.8.0
- golang.org/x/sync: 886fb93 → v0.1.0
- golang.org/x/sys: v0.5.0 → v0.6.0
- golang.org/x/term: v0.5.0 → v0.6.0
- golang.org/x/text: v0.7.0 → v0.8.0
- golang.org/x/tools: v0.2.0 → v0.6.0
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.36 → v0.0.37
Nothing has changed.
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 308c5584f353fb2a59e91f28c9d70693e6587c45c80c95f44cb1be85b6bae02705eaa95e5a2d8e729d6b2c52d529f1d159aeddbfe4ca23b653a5fd5b7ea908b7 |
kubernetes-src.tar.gz | f2c79ec1f844a6c4211c8a829488f64979c9ae17dbb64e9863850e286c70ffa0a263d11c309907f5ca00749e82e4308286b1dc07f6f408bc36f50cba8be80e30 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | 4ef66474031194fd10f233d1fe8a48d7166edffa4f04d41c24e7cb6242e3efda676f86e838b629392db1855ee36e8849be60d9b9789e93cdcf80aa4be0652a05 |
kubernetes-client-darwin-arm64.tar.gz | 17f3783758cde6ea566ebd02f3b62b067042123d11ff8039cd805910414601d0932b48e80a774f0ce5db733a9712eb2337708f708493a7f7072f282bbe014a88 |
kubernetes-client-linux-386.tar.gz | fcf8ce77bcbdea986ac9d8c5b9be4d1da77f88cca6228bc1661b2fda4ce1b98da9690a4c67ecdf0ef32fc9ff0d33223907e4f0c9fff8cb3b592a47eaa844c4e5 |
kubernetes-client-linux-amd64.tar.gz | ef75896aa6266dc71b1491761031b9acf6bf51f062a42e7e965b0d8bee059761d4b40357730c13f5a17682bda36bc2dce1dd6d8e57836bf7d66fe5a889556ce9 |
kubernetes-client-linux-arm.tar.gz | 9676bae0183b1a759f7f875f8505436881e016b5e49907f53818f94b5a5399a168acb19d5ffb69d13e9c5824cb057bc3a86d14343a0f493aa9bd069ddfdac34c |
kubernetes-client-linux-arm64.tar.gz | 54a74482b69c31317712d292511ba2573cc644ec81b64d5ae785734596e25d039afd029922acba1402c651b9ed3c770531dbaa50ce1ad6ef20dae29a70b0fdda |
kubernetes-client-linux-ppc64le.tar.gz | fdd242533acd682183dfa45a61b5855a76a87a7ac801471f08d66824be399e8447a4fc5e5a00dacd6866ed82691fa5a9425657d68e50c119be1092b376e621bc |
kubernetes-client-linux-s390x.tar.gz | 1e609d7dc828afe3956fe3bdbd12cb1fb08b6b12288fd5f11eb7022b76b6192466ddc7d98adc686055b3f5214336dcda5abd1b37d4ed99471e3c17dc13c92111 |
kubernetes-client-windows-386.tar.gz | 2b1c70b19c57e06e052e507497a66bd1aeaa51c7909479a82ea60f3e6dc9ff46b4fffe028f147d336e4a26fef5abee3a151e57fa74f18bed0011c0b6230c1ba9 |
kubernetes-client-windows-amd64.tar.gz | 9214fab06d93d4e3afaad4c34a39fb732d0eb3ec7aaa30d83dfc0ce38aea31dabdd2794f80af0a428c399400ecfb093931458d1da897470e9aac36f46068fb07 |
kubernetes-client-windows-arm64.tar.gz | eff5a0e6cc2afb56562615f8d9f58e8d97d9ae75265020bc0afc51d91c95c05127dccdca5c0046e67a852ebb8766d971af1b26ce8ce509669b595b96bd5276e0 |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | db686014c2e6ff9bc677f090a1c342d669457dc22716e2489bb5265e3f643a116efff117563d7994b19572f132b36ad8634b8da55501350d6200e1813ad43bdf |
kubernetes-server-linux-arm.tar.gz | b950adaabfda38e31831bb60a1bb75a9db538ae53e0e17b2ca8ee0c243651434f59517e2f3b697d15398619b89ed8099020503b3df727d9ce6ca0cac07c251dc |
kubernetes-server-linux-arm64.tar.gz | 45a86cb7d82a85991bff25406dd4303c7816a08395ae1ff0b6f26471b15df1621f4ec3473304b30701f1d73fe151ac6b24049853aef794bef48891d09a867c99 |
kubernetes-server-linux-ppc64le.tar.gz | 2a30ac1aa598b2fda85915616da20cb4b98afa0b675e733ab59a81a59edb7054789bb5fc04d64f0ceaa2480d8e7358220a497617d45f63d42f160f37fad4ca52 |
kubernetes-server-linux-s390x.tar.gz | 88f592a01207777662023bc15a88f5170a4f256e212a258a68e014be05230e02a4992591951b2f843ae0c9b4ad5b8ed032a208379e2b675e4172835f1f4b42fc |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | fe025affdc41fc3ab55a67ce3298d0282aa18925f65b1f52e726a0cfaddee1e979eecd97f31da236e5508f649ec60d3e6ac5ecc44ed012e2d65076d595e8b170 |
kubernetes-node-linux-arm.tar.gz | fbbfaea5c37dca135f62c0998c24729af7364dac2205340704f92a377052434976aabe5ddafd358b46597dd377d6d9704d116ff5de587d70cfe67258927164c7 |
kubernetes-node-linux-arm64.tar.gz | 64c563aaa09a294a7d290263fe1c427cbdae8adfd07698cada8d17f333c019a860c7180ea2cb1ba04ee0615a767562bd7e0f3b0a59425c50a86f4bed175a1081 |
kubernetes-node-linux-ppc64le.tar.gz | e342ed08eb4e689415f20caec744f680f2ca81143a5053d128297e27ea0c79cc70e50cd3aca0ac06b4d6d48306f9536f12eaf9739d674e0e24c5870948747c0f |
kubernetes-node-linux-s390x.tar.gz | ba6f98bfabbcd4f8a7cc2eeafe0254f787fe991cd12094f60820f8074fef5441eeb0231cd0a16c9912b3e9c6fb6e829843f0b98db3e0fc410c3ef716d0c19c92 |
kubernetes-node-windows-amd64.tar.gz | abaeb069133ed9101fe13bd9a262489fa1396fdf5184645e409a55daf6aeca3c7731d4c3fb6cda7d52f9ca79004bd222860d7dc3495fbdffc3c3b06807bc4f51 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
- Kubernetes is now built with Go 1.19.8 (#117133, @xmudrii) [SIG Release and Testing]
- Unlocked the
CSIMigrationvSphere
feature gate. The change allow users to continue using the in-tree vSphere driver,pending a vSphere CSI driver release that has with GA support for Windows, XFS, and raw block access. (#116396, @msau42) [SIG Storage]
- Fix missing delete events on informer re-lists to ensure all delete events are correctly emitted and using the latest known object state, so that all event handlers and stores always reflect the actual apiserver state as best as possible (#115899, @odinuge) [SIG API Machinery]
- Fix: Route controller should update routes with NodeIP changed (#116362, @lzhecheng) [SIG Cloud Provider]
- Fixed two regressions introduced by the PodDisruptionConditions feature (on by default in 1.26):
- pod eviction API calls returned spurious precondition errors and required a second evict API call to succeed
- dry-run eviction API calls persisted a DisruptionTarget condition into the pod being evicted (#116750, @atiratree) [SIG API Machinery and Testing]
- Fixes a regression in the pod binding subresource to honor the
metadata.uid
precondition. This allows kube-scheduler to ensure it is assigns node names to the same instances of pods it made scheduling decisions for. (#116763, @alculquicondor) [SIG API Machinery and Testing] - Kubelet: Fix fs quota monitoring on volumes (#116793, @pacoxu) [SIG Storage]
Nothing has changed.
Nothing has changed.
Nothing has changed.
filename | sha512 hash |
---|---|
kubernetes.tar.gz | d1c6c8c9844ec63c043138bed0f01a0129d89c9c7cc130b794db0e1abea0062f4b2fe78ec7904cb32a1d628b6f5fb6f72c8374197e415f21ae3afd41fc82e0be |
kubernetes-src.tar.gz | 0bcbd694e8be752d9be4dbc9b707fa351438df3dbbb4ee6bd860480216c9ed440a8fc02462dabc8df28cb34c0af1e0624f3ae98e1263cdd2182ac88f333b97f2 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | 25afba938a425b552c48a0671bed23e7b3af7b104ea33db8c4079b1d7690d7b9bfbaf75d8b2fb7597d6e5bfa528f72381f0e11c142381592f61162027cebf05c |
kubernetes-client-darwin-arm64.tar.gz | fb09b7832c238a45acfbf0b9013836a2b7f4b371eb49db21eeee944b614b97a29fbe2b6f72729a295d0d5ac7da90b963d301f490b48acb063f29d801265da144 |
kubernetes-client-linux-386.tar.gz | 15d182c0a5fc07c09694b8007f780bce51901124125bf0d1133de616cc0b01128c300411ccf6b2a3b603570decf5f62888184afc0f1ca8284b3953d3f9d35c5b |
kubernetes-client-linux-amd64.tar.gz | 66ac1edead4ce24fc3ec8f1427f1e7fb81e963ef0bc9dc877d272e7526ff18f309c729ae73f744e530072bb8c7a0391dc3b5dc027fa88313eeb41a3d26566f95 |
kubernetes-client-linux-arm.tar.gz | f499ed92222db1d29970dec1dbd2ef9f87f3eb0f30dc5eba94a1226161ee6fbd19bfeedb6d2a2ee00ea8a999303cd76f9e537ae85954f03a2fab60be4516ea77 |
kubernetes-client-linux-arm64.tar.gz | e9d483ca22582aa0b30606febe47bf3de17e01dd0962f6563aff04526511bfb917335ea86cd2e9aede892cf1451a291f55996580294c729491e5255d0a8d91ba |
kubernetes-client-linux-ppc64le.tar.gz | de9a27b857093e76a0a1bfbf9914ca71622b942ceeb1db9b5cf3707a8f0974c7a9518d37ebab742210afbc29bd0c1358c15ac325376f7338565568d6cc324be6 |
kubernetes-client-linux-s390x.tar.gz | 7e7864b1785792e4cb72fddfc10bd8a4d479a9ea5e720ad5789189b09420654a917fee5f361effcf21f79c5ab582019eb517cbf6e586a10a1ea0ce122e740f5c |
kubernetes-client-windows-386.tar.gz | 3bcb0d114679cf80a560e0f6c32e51b2cec6c8ac3d2c6dcdab758be87ed32149b718e48bfb3c58e84bf28419c1cf0a7ce44398fe6c829ad65106633d38a7df6b |
kubernetes-client-windows-amd64.tar.gz | 370bfa9d7e185a5591ce859351a88e7cad839d9ea14c214ab1601364e8162bdb9721a611fbfef00b66c4492b568f98595fd39eb528d966fad2c4d8a25927d1f6 |
kubernetes-client-windows-arm64.tar.gz | 04a2073d7ca3de752b90e24522d2b659cb3e7e604a0e50bfb809fb60c509b806f65a28323139d89a45deb503dd05a4962442210245c1df133a3a93fbc46045eb |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 27d88683b737d5790c68a5ae4b5011f3afead81f4f83ecd26232458f9b15d3581705758f068d8f94681afddda0f2494f815ba758167d064c8d682766479a1023 |
kubernetes-server-linux-arm.tar.gz | d3b98291660e8dc6d182f5b26c8384e9a5eea30374354dc7c26612167545bb07bce46145e7429b59c3b813030933f3dd3ef86968cfb90c3ffa69303c4a6ca8c3 |
kubernetes-server-linux-arm64.tar.gz | ea74da4e70dd0a3fe79a2da0a8421efc6c45c019af44d7fc04d35dcd154c1c09a487d300155cdf0e7c664512e5f84969dd668d82b5e2fcff1e4768351638793c |
kubernetes-server-linux-ppc64le.tar.gz | 00a0a5da6cc3ef3e833825f2102b851b7e1c03708e3cb7101565c66925341df69dfa5e524d15608275727913a5d65c66ba1c1f3e775a38d60879bdfa8affae0a |
kubernetes-server-linux-s390x.tar.gz | d38e5b2ab8a1a537bd923508350fb656a1d47ed307d52160aa19112028e93e5f824d05a3f7a4c82d7f938a12950c3120d20986d8826e9decccab9bc4f6a55ccb |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 7f88001adf29c583bf6c1bd10cc0b45e82dda166fe5adc5c3b0995231ce51c9bfd6980dfc59b2cedb393234d9976dc7c5920d96b5231b15470d26d01521b209f |
kubernetes-node-linux-arm.tar.gz | 7cffa75197caaae55d750a91473621a846bd4577ed7582fbb66c9ebf4c013ce109fa20e61dd40a0a93746ff9d827a8abf444024ec97e5a8b7c4a225cc48af30f |
kubernetes-node-linux-arm64.tar.gz | 05d2f7213c5e2f5c706f2be111ff62f8cc7943c46bbc20ac7a2a10df1cfb932677d99a7308e6a881847b9b442cef4c4150d2cd3f33794a7ca998cc0bf17b6d1f |
kubernetes-node-linux-ppc64le.tar.gz | e8f96a50b514de4347821fa0d64353d2c1a4bddd141e55df22c7ddda1d4d5ee88935b73496838403664708c8c7e92bb3000b8cced6baa7366848c71bfa6d2505 |
kubernetes-node-linux-s390x.tar.gz | 38fbaa084f5a7dd6fe76cf16e2450f78c68efd37a8de4fdd39099daeaac4531916ff990609aa368e50290c4a5a8bc5ef8f94f6e07c5005d5c22b48d6fc94d9ab |
kubernetes-node-windows-amd64.tar.gz | 9a20dd3b6263ac164555c6064cd0fa3b64c5c06790ea8541f6dc9bf7419bdfaa67c411eb0104d90ecacc627e79c7b8f04d8f6e30f1ef466effb4cf87fac727b8 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
- Volumes:
resource.claims
gets cleared for PVC specs during create or update of a pod spec with inline PVC template or of a PVC because it has no effect. (#115928, @pohly) [SIG API Machinery, Apps and Storage]
- Kubernetes is now built with Go 1.19.7 (#116407, @cpanato) [SIG Release and Testing]
- The go version defined in
.go-version
is now fetched when invoking test, build, and code generation targets if the current go version does not match it. Set $FORCE_HOST_GO=y while testing or building to skip this behavior, or set $GO_VERSION to override the selected go version. (#115496, @liggitt) [SIG Release and Testing]
- Fix data race in kube-scheduler when preemption races with a Pod update. (#116438, @alculquicondor) [SIG Scheduling]
- Fix log line in scheduler that inaccurately implies that volume binding has finalized (#116050, @TommyStarK) [SIG Scheduling and Storage]
- Fix race in alpha aggregated discovery handler Yes, discovery document will correctly return the resources for aggregated apiservers that do not implement aggregated disovery (#115805, @alexzielenski) [SIG API Machinery]
- Fixed a bug where Kubernetes would apply a default StorageClass to a PersistentVolumeClaim,
even when the deprecated annotation
volume.beta.kubernetes.io/storage-class
was set. (#116089, @cvvz) [SIG Apps and Storage] - Fixed an EndpointSlice Controller hashing bug that could cause EndpointSlices to incorrectly handle Pods with duplicate IP addresses. For example this could happen when a new Pod reused an IP that was also assigned to a Pod in a completed state. (#115907, @qinqon) [SIG Apps and Network]
- Fixed performance regression in scheduler caused by frequent metric lookup on critical code path. (#116441, @alculquicondor) [SIG Scheduling]
- Fixing issue with Winkernel Proxier - ClusterIP Loadbalancers are missing if the ExternalTrafficPolicy is set to Local and the available endpoints are all remoteEndpoints. (#116001, @princepereira) [SIG Network]
- Fixing issue with Winkernel Proxier - IPV6 load balancer policies are missing when service is configured with ipFamilyPolicy: RequireDualStack (#115614, @princepereira) [SIG Network]
- Make kubectl diff --prune behave correctly with the --selector/-l flag (#116149, @nathanmartins) [SIG CLI and Testing]
- Remove check for CSI driver running on node for CSI migration (#115772, @sunnylovestiramisu) [SIG Apps and Storage]
- Set device stage path whenever available for expansion during mount (#115346, @gnufied) [SIG Storage and Testing]
Nothing has changed.
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.35 → v0.0.36
Nothing has changed.
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 15b2efb385dfb80e1ea163589d198954fed75b2ddef27c1f5b7e79bb8b3bea828e644f4e4f7c25cc5dcd1f58e0a8d91112c72fb2046f2bbdfc2f1ccea38ec4eb |
kubernetes-src.tar.gz | 68f82f5279690072b8dc600dbdbf808508f1d1f99197a088f2aff8b62078c0cee41a8f36a5f49496096573d6e0c90d9baf30cb1d2cf50e7445b372c69b8d4ec8 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | 8de3e817a4e1c05836dd80a392ba49dfc40e5e113d6b9808057686431402c7c8b3bb351aa146a971806d04b4becbdb030bbfecb5667982187f40f78c601bb5fe |
kubernetes-client-darwin-arm64.tar.gz | 6a8616c395a742b79cf9e77b037a5048e1a458e40948fc54735196fa8aec453fa210edb7b58b629751d95d6973737c1b8a8f49840f8648cccbe01abc81078d54 |
kubernetes-client-linux-386.tar.gz | 5c2804ff18bcb0160b15198095c312d46059d89033ad7a4a2bac796e1d03d1eda3b1eebba8b27f80be3a4d1e24c5d0c1d52b080a98e56c9492bc8ba50cbd37d9 |
kubernetes-client-linux-amd64.tar.gz | 1f969bf9bcbab145aa7f8f8407d83ec6b13039d0739e7445a740f0f07bfec77816243bcc203bcd44227d8011b827f6db7e4a0d20c7011bb658a6cf0cf8d3b028 |
kubernetes-client-linux-arm.tar.gz | 115043bd54708b0e52c2cd7f07d646e2f20fc8c7d82cdbb0babd87e5ad81d365b1799aacf835588eecef15bde562851ba5cebcbf61bacaf60b3e706f0bf85966 |
kubernetes-client-linux-arm64.tar.gz | 17bbb61e0ed3a6a42638aad15ed4b6b7969f99446dcf2db7845a0b8b6001aa0e7c11cf298695183345270a715600fbcb0789c26850e0d49c32edf75456957db4 |
kubernetes-client-linux-ppc64le.tar.gz | 6d288a64c616d90a4b4c2734495e93835b0afecbe9699e6f40f3ddafd9f324d6afee05ac6b4ea3a274c8738e3af25d7e220ae958492cfeef0dcbf35a07d5f6c6 |
kubernetes-client-linux-s390x.tar.gz | b5edfa36a9e61e949fd3733b7ed4204dc03a9c546b43a3fea5eef938d3d76a549064178037399f18aa0d555eee7cd9c6d49de41849314bbe6f308c0b88db085c |
kubernetes-client-windows-386.tar.gz | 0c50858b56f3140e9650f5491c6bf53762b049eac58818b4521907f06ca2a3b8cb39076c17ba52d379a409b34b5eb1f8276f0724d695c6f6b61653b6df0580d6 |
kubernetes-client-windows-amd64.tar.gz | 2c884682507bcf8184b431e26e80febe27157fb26c5475a01410db73fd9e4abf3e0e7b0827f95896ae1ac37b10ebf664d995981a2846937ce7b1f4448447e4d7 |
kubernetes-client-windows-arm64.tar.gz | 552e3d7b93c64aad132144a66a3ec6e6d7a83b6949387cd5b3ff2d2e9a26b368eb2bc38500bf199374cbc992cbd89ce3f958e1a10ad9394e50ae7c90b503c81c |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | e54061b0a7f5717e59916a10f9e85b78a4ad751c0c630bdc9493aa9cc98058837bff8058641332e06ed103afdbe67ec62d9803ff1b17c8770db324ab801e46ce |
kubernetes-server-linux-arm.tar.gz | 9ca3e295087309f6b7d2ad9dad1db60bba6d2c3a51dc3cc23391e9bae359746b4c30db2e73e3bf608ed67e9796ff0738aaad763f3b63426df99c9b1cf764624b |
kubernetes-server-linux-arm64.tar.gz | 5231542124556d480c7b719ebfe0eaadd35529e123123b4ca596295eb992f5296ef73971a6d5beaf98dfbd190f3b630764b399c2b97825d0664874d9f751af4d |
kubernetes-server-linux-ppc64le.tar.gz | 737c2b0d81ebb434ec97ab9e4c716a77c3a5b29697aadac3715847b2c5804befd68d5daed7ee60210d47481eebd283b2d0213483f67b154da33508e49f806bb1 |
kubernetes-server-linux-s390x.tar.gz | 2f46e7802ae7e733ee3f10bb1510ac1436e1c625d06c9cf6384215659577bed3322f3dca4b8a653650cdcc367f146cb605510949d951590cc9e1969f61df9c8d |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 92e92333a9e5c27436c7966b338395d4ea5d2ada22b53d1aebefeb6893fe6770cd3e7c4d64f0b89cbf39e13047bb56ffad34b03b2c16ac836d335d64758f4085 |
kubernetes-node-linux-arm.tar.gz | e1b394c4b21f2f4d73ba981808df23b5b76e670389f72957a002f0b10239848c34f210033651c519d4ef55c3eb0c3769df9c434b1495743627a076b300a55c89 |
kubernetes-node-linux-arm64.tar.gz | eed5122b45cda658b82ee02b5f230c14b91c7626c2df45f31672298fc33db10faae859a6d7b20bfc6e5a79f3392e4f92f5a056596f77bc0a5490810430d86e83 |
kubernetes-node-linux-ppc64le.tar.gz | fedf9b4820d731e13286473b51d81060707efbd3d0d044c0f6247835e2fa7c236d4cb2c576099028840da850235e8a092ca7d67fc4575e5b2488766a74025a8c |
kubernetes-node-linux-s390x.tar.gz | aca15e761b6b9671921671c3f58910d58e205d3738aec6da1228f079882807b82084177061a49d09b7bff05a99255beb5662c9ebaee90e8ebfee10a93bde896d |
kubernetes-node-windows-amd64.tar.gz | f85cc35f6d5d6d38f8324a430c9fa142d529f778b10e0ad60c01e4f9d03e4dc99ad65c6851d7c7927f165c3a89f0e91cf8db6e836ffe775296f982f02b467e0c |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
- A fix in the resource.k8s.io/v1alpha1/ResourceClaim API avoids harmless (?) ".status.reservedFor: element 0: associative list without keys has an element that's a map type" errors in the apiserver. Validation now rejects the incorrect reuse of the same UID in different entries. (#115354, @pohly) [SIG API Machinery]
- K8s.io/component-base/logs: usage of the pflag values in a normal Go flag set led to panics when printing the help message (#114680, @pohly) [SIG Instrumentation]
- Kubelet TCP and HTTP probes are more effective using networking resources: conntrack entries, sockets, ... This is achieved by reducing the TIME-WAIT state of the connection to 1 second, instead of the defaults 60 seconds. This allows kubelet to free the socket, and free conntrack entry and ephemeral port associated. (#115143, @aojea) [SIG Network and Node]
- Kubernetes is now built with Go 1.19.6 (#115833, @cpanato) [SIG Release and Testing]
- Use HorizontalPodAutoscaler v2 for kubectl (#114886, @a7i) [SIG CLI]
- Do not add DisruptionTarget condition by PodGC for pods which are in terminal phase (#115104, @mimowo) [SIG Apps and Testing]
- Enforce nodeName cannot be set along with non-empty schedulingGates (#115636, @Huang-Wei) [SIG Apps and Scheduling]
- Fix a bug that caused to panic the apiserver when trying to allocate a Service with a dynamic ClusterIP and it has been configured with Service CIDRs with a /28 mask for IPv4 and a /124 mask for IPv6 (#115333, @aojea) [SIG Testing]
- Fix nil pointer error in nodevolumelimits csi logging (#115347, @sunnylovestiramisu) [SIG Scheduling]
- Fix the regression that introduced 34s timeout for DELETECOLLECTION calls (#115479, @tkashem) [SIG API Machinery]
- Fixed bug which caused the status of Indexed Jobs to only be updated when there are newly completed indexes. The completed indexes are now updated if the .status.completedIndexes has values outside of the [0, .spec.completions> range (#115462, @danielvegamyhre) [SIG Apps]
- Fixes bug in ValidatingAdmissionPolicy alpha which prevented policies from using a paramKind previously used by another policy (#115185, @alexzielenski) [SIG API Machinery]
- Golang.org/x/net updates to v0.7.0 to fix CVE-2022-41723 (#115787, @liggitt) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
- The Kubernetes API server now correctly detects and closes existing TLS connections when its client certificate file for kubelet authentication has been rotated. (#115566, @enj) [SIG API Machinery, Node and Testing]
Nothing has changed.
- golang.org/x/net: 1e63c2f → v0.7.0
- golang.org/x/sys: v0.3.0 → v0.5.0
- golang.org/x/term: v0.3.0 → v0.5.0
- golang.org/x/text: v0.5.0 → v0.7.0
Nothing has changed.
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 65d8e6456b48737e496bd7e57ed630825654a1527de52890481be5f6df89a88675b809e6cb0ffa75b71c7d723ee64145a92b859afff296c7ee6f077f66c05c48 |
kubernetes-src.tar.gz | cb4c5b1502899144798663ace828ff705d5b727a7bbb9a71c63138a4aef91dc394bdc83e8f7634fa1762b1cd08c3203a08c06856629d22463f89ab309f6388a3 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | c70bd6ae44d1d5bbd5141fdcd69db0aa43aa3556345fec647e71f54f971ae91079b07f7e8cc3e609cb64e1a51b825f2ecbf99b040ca46b63f776f2c0d7b0ce46 |
kubernetes-client-darwin-arm64.tar.gz | 0e913e33cd285c9e822eb8c8612b2acb301a9b28b9b59d15f120017bbd8b1d6282b8d0fc1426d4ec425a8a487232b8435cc271f9a3a45aa18b92bf1e6dc6340d |
kubernetes-client-linux-386.tar.gz | 21651edaecb3d17c99a9a65a8db21dbbedfc35d444d435e6f9e4b477e1f9ad4813df4a3a42e385c373560dcf97090da0862f9b0c59feda75db7a408fb1295fdc |
kubernetes-client-linux-amd64.tar.gz | d82f8fb12b3667c9c613092ac8c5c38c2f0db2db719f8d8b308f1146ef4ac2942b66554fc99ddc1e947492f4cec845a21feebbf804289173c42928a2d355490f |
kubernetes-client-linux-arm.tar.gz | dbac85e316b0a46e7bc6f2de990b916bd3605631a14fa457819fc354238dad392535d738a8f98fabd4ca76cc4e66c19be3d1a7766aaf05a4ef6d1717208d99a4 |
kubernetes-client-linux-arm64.tar.gz | 58ebebde0f387dd9b0c314e2f20d3af875e0524d392ea97c1d3930ee07f4ad57b3acffee7894077f4e5dc40c83c04612c17fe77fa0501f1f25a90db6178b6786 |
kubernetes-client-linux-ppc64le.tar.gz | 211c3a698f5608eb1270702bad9fc67911b7168b025e3d8979754ab6d20140ff1ba1f616604a33667cdf47693481de1668ad0b87cf53fd08199d8b356c0b96ee |
kubernetes-client-linux-s390x.tar.gz | 970d2d6ae7c4c7eba363c14e2d5962c17c015877d11b265764b1e56472fa7a23d54fd9a9cbe2022db7d05539c1bff8d6f1c5f78300d22102ce1079f26256a3b7 |
kubernetes-client-windows-386.tar.gz | 3318ad3f1a28258d7bb6d40066f16ac137de9bf2542871f52ab510346e13cc9640fa17b2914faa8cfdd762b42ff8fb8dfd1443f104e779b5ff5b52aeec7301eb |
kubernetes-client-windows-amd64.tar.gz | 24454f8b50523329ff1fdcce92c49b9dda7fe18c8c0c20ef17fbb281e104915539a9576a36ae548a0d667e0ae6c2b96fc8247990c18e6582300e9a418aad88ac |
kubernetes-client-windows-arm64.tar.gz | 1b91b903be14ffb6e98a21459ac261361cef206f9e6a9902bbf3e45eb798560574d3a86b1455e8b42d4e8be7adda977f8a24e43e5f6edeecff0463b9aea9fbc9 |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 46812ef66997de951da309aa8b594384d8a9fad77812bbb6cadcb684f82f0b56e4df7bfb7772b225a6f5db4096b2e681bc28d4e5044306c09528d6cac405c41c |
kubernetes-server-linux-arm.tar.gz | 1961fb217b3b7a2c6967e1cf07f1315930e48c11551a0d329811f4d2e5e4470cbb36dc3980cb65459912c633e9b528b66dce14a9f0c2f91b1d4b6c24018e8c4e |
kubernetes-server-linux-arm64.tar.gz | 9f7fc8a6ce7c15d2db56df30a1551402127745091b26231c54484855ec5acdd1813b53f4ebc979d0a85f4e7701bee11ee0ba6e84d94b146d8384b8bb4600078b |
kubernetes-server-linux-ppc64le.tar.gz | 5bb0c0f3ae57e403f0f710110896e2e6ab5d777cafd0b9f98f121ef442e0b2eeeee66c1a4917ab6b2f218b5d12a93efb86310a1fcc6ef342843813a5c24b22c0 |
kubernetes-server-linux-s390x.tar.gz | 539812c41439f7851838edd98ad76c16a9efad2cadcc9f8f88aa193d8e359c06f481c5df4a58b561cc7594126c65e841387f547523c42b2ddfe56edb094865d3 |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 8ab33c800a7616302e03c36e087ddb70e2d74ca1228b6f2df654a23f7adf684cc949f98bb9c639f2aa8a125f06dddc6cd7a4568eec1197b1eba1002806782c4f |
kubernetes-node-linux-arm.tar.gz | 65fc0444ac19ddae8b06f48f99b42d78816dcf641823ecbcb4378c2dc4a9698af764686a1b6da97fcda898243e8b08a9cef64d99d4d697d34ec95443a5995943 |
kubernetes-node-linux-arm64.tar.gz | 7f5c045c152e3aa14da87778935b9a81052a075cfc929bd52d8ee956da78ecacb16436e7fa648bc99b886bfce56d2588346cd843b1fcae0f38fb25c722c0d59b |
kubernetes-node-linux-ppc64le.tar.gz | bbd574bb6dc5f4d1d5f895af6e1ebeeae806d1c2fb626061ae5d6b1eecf1d516efdc5eb8b4a80d553425427d7fd7cd7f34a68d524b89ff6194c8b2edf4b699de |
kubernetes-node-linux-s390x.tar.gz | 3908f0a66082846d75927c3ebd1854035996f4db405d6709e483c6fc8d80973d8afec1898ca052c33efb548e2c4d0bb63df470efc51add76d5877fd3dd4569aa |
kubernetes-node-windows-amd64.tar.gz | e4dac0f8df0cf97d35f2fe9498f072e384182b2c4fdfeced83960f771c638827cfa25b5003a8bfe9c4246b353a136118f8c4ea3c371f8d9e8d20b568ca68e562 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
- The list-type of the alpha resourceClaims field introduced to Pods in 1.26.0 was modified from "set" to "map", resolving an incompatibility with use of this schema in CustomResourceDefinitions and with server-side apply. (#114617, @JoelSpeed) [SIG API Machinery]
- Deflake a preemption test that may patch Nodes incorrectly. (#114350, @Huang-Wei) [SIG Scheduling and Testing]
- Client-go: fixes potential data races retrying requests using a custom io.Reader body; with this fix, only requests with no body or with string / []byte / runtime.Object bodies can be retried (#113933, @liggitt) [SIG API Machinery]
- Do not include preemptor pod metadata in the event message (#114946, @mimowo) [SIG Scheduling]
- Do not include preemptor pod metadata in the message of DisruptionTarget condition (#114945, @mimowo) [SIG Scheduling]
- Failed pods associated with a job with
parallelism = 1
are recreated by the job controller honoring exponential backoff delay again. However, for jobs withparallelism > 1
, pods might be created without exponential backoff delay. (#115027, @nikhita) [SIG Apps] - Fix a regression that the scheduler always goes through all Filter plugins. (#114524, @Huang-Wei) [SIG Scheduling]
- Fix bug in CRD Validation Rules (beta) and ValidatingAdmissionPolicy (alpha) where all admission requests could result in
internal error: runtime error: index out of range [3] with length 3 evaluating rule: <rule name>
under certain circumstances. (#114861, @jpbetz) [SIG API Machinery, Auth and Cloud Provider] - Fix clearing of rate-limiter for the queue of checks for cleaning stale pod disruption conditions. The bug could result in the PDB synchronization updates firing too often or the pod disruption cleanups taking too long to happen. (#114780, @mimowo) [SIG Apps]
- Fixed DaemonSet to update the status even if it fails to create a pod. (#114819, @gjkim42) [SIG Apps and Testing]
- Fixes stuck apiserver if an aggregated apiservice returned 304 Not Modified for aggregated discovery information (#114459, @alexzielenski) [SIG API Machinery]
- Fixing issue in Winkernel Proxier - Unexpected active TCP connection drops while horizontally scaling the endpoints for a LoadBalancer Service with External Traffic Policy: Local (#114038, @princepereira) [SIG Network]
- Fixing issue with Winkernel Proxier - No ingress load balancer rules with endpoints to support load balancing when all the endpoints are terminating. (#114453, @princepereira) [SIG Network and Windows]
- Optimizing loadbalancer creation with the help of attribute Internal Traffic Policy: Local (#114468, @princepereira) [SIG Network]
Nothing has changed.
- github.com/google/cel-go: v0.12.5 → v0.12.6
- go.uber.org/goleak: v1.2.0 → v1.1.12
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.33 → v0.0.35
Nothing has changed.
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 3062a427a45548bd9c5a8358c740f0a5cfea7b546dca724c71d28768bb36c628280c91263a362afd01c89ef3944f5a768ed44e75d421fe9dc1ec2e8ba26214f3 |
kubernetes-src.tar.gz | 30ef5d75282fee72e6affff34c72f76fc1d0154b3f37ad2897dec8c63ce6620d9e3237cc3c34ba3cab5d31f64ed43c4ec79c8bc40e832de6c4895a449d05682f |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | a8c7d82db6a415e7c16bc6a35ee59115e91491f842816b0128b5668821223ab9477697151ec31fb052cd893d57fc507b0a3b68f9bffd666f9d4b821c336a10c8 |
kubernetes-client-darwin-arm64.tar.gz | 5b449a69eb22902bdc5cc110b65d3103e459639c4b8eb84eed005a79efc8c9f42dd0a37f5d51b073e96f69a5de36b44c00b3bf730334d1296bd3df3a2f7c603b |
kubernetes-client-linux-386.tar.gz | 32881e912da9edf44d304bb67b4302fd271d4925928c28cd9e8d94fa677e8e8d4706eb1d9a7490f51f87cf39cf087133895a047aaf1564caa8783e3e3af190e9 |
kubernetes-client-linux-amd64.tar.gz | e4e55a2b7cfcb8a61a982b4c5630119dac74c793fad285a5753f3fad20122c266fce4f291889a03c562d6416d9f07992bf5de78298bd6801b06a8c36dc7a0acf |
kubernetes-client-linux-arm.tar.gz | 72b2899747277a8c50f2ccf8dc9293532e9d0f18fbfc5ce2bd847f46939930819a031d2ef6e6f624ea7b48d61653d14cc8869651c6155d4cada801e63e45a90f |
kubernetes-client-linux-arm64.tar.gz | 54081ebe799fd11ace1b54b66a4ad3c87f233dcc8f14ec38fd02d69daccf8a5e46e42e615582316a0930528fd108c679590813edc69aea151a1e8e384d3d5b31 |
kubernetes-client-linux-ppc64le.tar.gz | 1cb6bcae4e060cb581c89121dc623d75cd07d665876f12fc441a2cae54f194883e2f9aa02e2f61a066f7d604626c98b6baeb38ac2aea22d34eee68ce3530d12a |
kubernetes-client-linux-s390x.tar.gz | 568313713168e29b13849ff2bc3e275af54acb8048a7fe5b7569f713453523f32904f974b3e4888b60cd59ad2d00a97a170c33ee0525cfa224384c936b5bdb97 |
kubernetes-client-windows-386.tar.gz | 81aff59ef27eee27edce5222dfab420e3f9ffe090897820db07cf69bf212adcbe5fe3ce8d8551da6c2dc99c9a0ce05d9f0bad79544043c613e1bb841fe711c14 |
kubernetes-client-windows-amd64.tar.gz | ab37bc7569fef9e852944af6cc82a9763d89244749a28b8dd819e9234acccf89ca168cb485fbb8e4dc28c25ec3d4686503f3b3dfa5509283c674f7460fe84456 |
kubernetes-client-windows-arm64.tar.gz | a4373d6d3d37dcde3f86ed17e5d079c74247ee412fc062fe58472215a09cdbbefd03ba55d299fc8cbcfb70419e3400a69f84da17b078ffc149c6078df8d0ac50 |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 55de8adfe4d98826cf5f55007b8dbb63cd42fc898b399cd2c74d6c4818f2fbad1de4bd7cba2a94f8edc5a13a6297816691e62ffd0113428d23b8e7592d9d2eb6 |
kubernetes-server-linux-arm.tar.gz | 59305ba936cae7f021f41944491e53b43fce21f64491be44881b68c78b03b25591b850faf24472d10a17941e440ce9d4977e29fce46a7bb7786257311721fd61 |
kubernetes-server-linux-arm64.tar.gz | c0c0c6d1288f4b417b8b4b5960df9af081d2caf8b2abd2117e26677fc4b5b6d3bd5a0638f2559c86e77f7bb6c9acf5bd4e7f33aa4a8f0d9ba50e448c5a780ca9 |
kubernetes-server-linux-ppc64le.tar.gz | 837fc57905aa29f27c253ea392ce331c762789b69a581e2d3709c22f14af0b475d4f691fe48d05f5bac3784b84a6c59e9fbda527b4d9e169f93a10fe09f2d195 |
kubernetes-server-linux-s390x.tar.gz | edf1c11412cff5423389daa6bde79be302d2e8d9962d191247a8935189927ee89f5c24f4be2ffe2a8be0516395677d085d4367d9436bcdd46c5270c36713645f |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 19d0941ff71a8c7fd9695e69fc03e446dab48d081985f4288a6ff6d6f5a76b1e5c2cec643a9090597760f9444f0846978ddfe6a97e2b3ab59d8530d524be75bb |
kubernetes-node-linux-arm.tar.gz | f75cca0a72a4a4cc1f89210d08b36e7d1777d6af02e74497c3f93fef3308040c278f0600d65d1ccc052f14d567590762327d67453a3a4c06a5fe529dca99f7ae |
kubernetes-node-linux-arm64.tar.gz | 94579d7a3cb146ceffc0af42b5fd886510041fec0a5d5e9c2383e91ae3f6dd663b9691193f67646f38265195757f04bcc55e17ea3fc414174c375e672249c606 |
kubernetes-node-linux-ppc64le.tar.gz | 0487d68b2598a12bc40f7012c2b68a4d2cb0dbfac59eb7d468eb23966ebbbad3cc14e061fb4cb4562366812eefa7a7df704c435522a4d6fb68fec1268b845775 |
kubernetes-node-linux-s390x.tar.gz | a4dc195f599ebe3bc0ea5d2eb9f9004d9770cad7c8333b273f6ff9af0f73528a08c4949c360647f9096cc48a4daf65ecc71b70683728ab75cf3041857b6df965 |
kubernetes-node-windows-amd64.tar.gz | 6331bffc65bea362245a0bcba2ce28521679c60e0332e329872c5a588d21cca0162c48cac4ac2fcdb303116f5f4f62596f81658cc056d34add27857ec53b22d1 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
- Deprecated beta APIs scheduled for removal in
v1.26
are no longer served. See https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-26 for more information. (#111973, @liggitt) - The in-tree cloud provider for OpenStack (and the cinder volume provider) has been removed. Please use the external cloud provider and csi driver from cloud-provider-openstack instead. (#67782, @dims)
GlusterFS
in-tree storage driver which was deprecated in kubernetes 1.25 release is now removed entirely inv1.26
. Volumes must be migrated to an alternate storage solution before upgrading tov1.26
. (#112015, @humblec)
- CLI flag
pod-eviction-timeout
is deprecated and will be removed together withenable-taint-manager
in v1.27. (#113710, @kerthcet) - Kube-apiserver: the unused
--master-service-namespace
flag was deprecated and will be removed in v1.27. (#112797, @SataQiu) - The
gcp
andazure
auth plugins have been removed fromclient-go
andkubectl
. See kubelogin and Kubectl Auth Changes in GKE for details about the cloud-specific replacements. (#112341, @enj)
- 'A new
preEnqueue
extension point was added to scheduler's component configv1beta2/v1beta3/v1
.' (#113275, @Huang-Wei) - 'Added a
ResourceClaim
API (in theresource.k8s.io/v1alpha1
API group and behind theDynamicResourceAllocation
feature gate). The new API is now more flexible than the existing Device Plugins feature of Kubernetes because it allows Pods to request (claim) special kinds of resources, which can be available at node level, cluster level, or following any other model you implement.' (#111023, @pohly) - 'Container
preStop
andpostStart
lifecycle handlers usinghttpGet
now honor the specifiedscheme
andheaders
fields. This enables setting custom headers and changing the scheme toHTTPS
, consistent with container startup/readiness/liveness probe capabilities. Lifecycle handlers configured withscheme: HTTPS
that encounter errors indicating the endpoint is actually using HTTP fall back to making the request over HTTP for compatibility with previous releases. When this happens, aLifecycleHTTPFallback
event is recorded in the namespace of the pod and akubelet_lifecycle_handler_http_fallbacks_total
metric in the kubelet is incremented. Cluster administrators can opt out of the expanded lifecycle handler capabilities by setting--feature-gates=ConsistentHTTPGetHandlers=false
inkubelet
.' (#86139, @jasimmons) - 'Graduated
JobTrackingWithFinalizers
to stable. Jobs created before the feature was enabled are still tracked without finalizers. Jobs tracked with finalizers have the annotation batch.kubernetes.io/job-tracking. If the annotation is present and the user attempts to remove it, the control plane adds it back. The annotationbatch.kubernetes.io/job-tracking
is now deprecated. The control plane will ignore it and stop adding it for new Jobs in v1.27.' (#113510, @alculquicondor) - 'Kubelet added the following Pod failure conditions:
- 'Priority and Fairness has introduced a new feature called borrowing that allows an API priority level
to borrow a number of seats from other priority level(s). As a cluster operator, you can enable borrowing
for a certain priority level configuration object via the two newly introduced fields
lendablePercent
, andborrowingLimitPercent
located under the.spec.limited
field of the designated priority level. This change added the following metrics:apiserver_flowcontrol_nominal_limit_seats
: Nominal number of execution seats configured for each priority levelapiserver_flowcontrol_lower_limit_seats
: Configured lower bound on number of execution seats available to each priority levelapiserver_flowcontrol_upper_limit_seats
: Configured upper bound on number of execution seats available to each priority levelapiserver_flowcontrol_demand_seats
: Observations, at the end of every nanosecond, of (the number of seats each priority level could use) / (nominal number of seats for that level)apiserver_flowcontrol_demand_seats_high_watermark
: High watermark, over last adjustment period, of demand_seatsapiserver_flowcontrol_demand_seats_average
: Time-weighted average, over last adjustment period, of demand_seatsapiserver_flowcontrol_demand_seats_stdev
: Time-weighted standard deviation, over last adjustment period, of demand_seatsapiserver_flowcontrol_demand_seats_smoothed
: Smoothed seat demandsapiserver_flowcontrol_target_seats
: Seat allocation targetsapiserver_flowcontrol_seat_fair_frac
: Fair fraction of server's concurrency to allocate to each priority level that can use itapiserver_flowcontrol_current_limit_seats
: current derived number of execution seats available to each priority level The possibility of borrowing means that the old metricapiserver_flowcontrol_request_concurrency_limit
can no longer mean both the configured concurrency limit and the enforced concurrency limit. Henceforth it means the configured concurrency limit.' (#113485, @MikeSpreitzer)
- '
NodeInclusionPolicy
inpodTopologySpread
plugin is now enabled by default.' (#113500, @kerthcet) - '
PodDisruptionBudget
now adds an alphaspec.unhealthyPodEvictionPolicy
field. When thePDBUnhealthyPodEvictionPolicy
feature-gate is enabled inkube-apiserver
, setting this field to"AlwaysAllow"
allows pods to be evicted if they do not have a ready condition, regardless of whether the PodDisruptionBudget is currently healthy.' (#113375, @atiratree) - '
metav1.LabelSelectors
specified in API objects are now validated to ensure they do not contain invalid label values that will error at time of use. Existing invalid objects can be updated, but new objects are required to contain valid label selectors.' (#113699, @liggitt) - Add
percentageOfNodesToScore
as a scheduler profile level parameter to API versionv1
. When a profilepercentageOfNodesToScore
is set, it will override globalpercentageOfNodesToScore
. (#112521, @yuanchen8911) - Add auth API to get self subject attributes (new selfsubjectreviews API is added).
The corresponding command for kubctl is provided -
kubectl auth whoami
. (#111333, @nabokihms) [SIG API Machinery, Auth, CLI and Testing] - Added
kubernetes_feature_enabled
metric series to track whether each active feature gate is enabled. (#112690, @logicalhan) - Added a
--topology-manager-policy-options
flag to the kubelet to support fine tuning the topology manager policies. The first policy option,prefer-closest-numa-nodes
, allows these policies to favor sets of NUMA nodes with shorter distance between nodes when making admission decisions. (#112914, @PiotrProkop) - Added a feature that allows a
StatefulSet
to start numbering replicas from an arbitrary non-negative ordinal, using the.spec.ordinals.start
field. (#112744, @pwschuurman) - Added a kube-proxy flag (
--iptables-localhost-nodeports
, default true) to allow disabling NodePort services on loopback addresses. Note: this only applies to iptables mode and ipv4. (#108250, @cyclinder) - Added a new namespace alpha field to
DataSourceRef
field inPersistentVolumeClaim
API. (#113186, @ttakahashi21) - Aggregated discovery will be alpha and can be toggled with the
AggregatedDiscoveryEndpoint
feature flag. (#113171, @Jefftree) - Clarified the CFS quota as 100ms in the code comments and set the minimum
cpuCFSQuotaPeriod
to 1ms to match Linux kernel expectations. (#112123, @paskal) - Component-base: make the validation logic about LeaderElectionConfiguration consistent between component-base and client-go (#111758, @SataQiu) [SIG API Machinery and Scheduling]
- Deprecated the
apiserver_request_slo_duration_seconds
metric for v1.27 in favor ofapiserver_request_sli_duration_seconds
for naming consistency purposes with other SLI-specific metrics and to avoid any confusion between SLOs and SLIs. (#112679, @dgrisonnet) - Enable the "Retriable and non-retriable pod failures for jobs" feature into beta. (#113360, @mimowo)
- Enabled
kube-controller-manager
to support '--concurrent-horizontal-pod-autoscaler-syncs' flag to set the number of horizontal pod autoscaler controller workers. (#108501, @zroubalik) - Fixed spurious
field is immutable
errors validating updates to Event API objects via theevents.k8s.io/v1
API. (#112183, @liggitt) - Graduated
ServiceInternalTrafficPolicy
feature to GA. (#113496, @avoltz) - In
kube-proxy
: The "userspace" proxy mode (deprecated for over a year) is no longer supported on either Linux or Windows. Users should use "iptables" or "ipvs" on Linux, or "kernelspace" on Windows. (#112133, @knabben) - Introduce
v1beta3
for Priority and Fairness with the following changes to the API spec: - Introduced
v1alpha1
API for validating admission policies, enabling extensible admission control via CEL expressions (KEP 3488: CEL for Admission Control). To use, enable theValidatingAdmissionPolicy
feature gate and theadmissionregistration.k8s.io/v1alpha1
API via--runtime-config
. (#113314, @cici37) - KMS: added validation for duplicate kms config name when auto reload is enabled. If you enabled automatic reload of encryption configuration with API server flag
--encryption-provider-config-automatic-reload
, ensure all the KMS provider names (v1 and v2) in the encryption configuration are unique. (#113697, @aramase) - Kubelet external Credential Provider feature is moved to GA. Credential Provider Plugin and Credential Provider Config APIs updated from
v1beta1
tov1
with no API changes. (#111616, @ndixita) - Legacy klog flags are no longer available. Only
-v
and-vmodule
are still supported. (#112120, @pohly) [SIG Architecture, CLI, Instrumentation, Node and Testing] - Moved
MixedProtocolLBService
from beta to GA. (#112895, @janosi) - New Pod API field
.spec.schedulingGates
is introduced to enable users to control when to mark a Pod as scheduling ready. (#113274, @Huang-Wei) - Protobuf serialization of metav1.MicroTime timestamps (used in
Lease
andEvent
API objects) has been corrected to truncate to microsecond precision, to match the documented behavior and JSON/YAML serialization. Any existing persisted data is truncated to microsecond when read from etcd. (#111936, @haoruan) - Removed feature gates
ServiceLoadBalancerClass
andServiceLBNodePortControl
. These feature gates were enabled (and locked) sincev1.24
. (#112577, @andrewsykim) - Reverted regression that prevented
client-go
latency metrics to be reported with a template URL to avoid label cardinality. (#111752, @aanm) - The
EndpointSliceTerminatingCondition
feature gate was graduated to GA. The gate is now locked and will be removed in v1.28. (#113351, @andrewsykim) DynamicKubeletConfig
feature gate has been removed from the API server. Dynamic kubelet reconfiguration now can't be used even when older nodes are still attempting to rely on it. This is aligned with the Kubernetes version skew policy. (#112643, @SergeyKanzhelev)kubectl wait
command withjsonpath
flag will wait for target path until timeout. (#109525, @jonyhy96)
- 'Added selector validation to
HorizontalPodAutoscaler
: when multiple HPAs select the same set of Pods, scaling now will be disabled for those HPAs with the reasonAmbiguousSelector
. This change also covers a case when multiple HPAs point to the same deployment.' (#112011, @pbeschetnov) - 'Pod Security admission: the pod-security
warn
level will now default to theenforce
level.' (#113491, @tallclair) - 'Promoted the
APIServerIdentity
feature to Beta. By default, eachkube-apiserver
will now create a Lease in thekube-system
namespace. These lease objects can be used to identify the number of active API servers in the cluster, and may also be used for future features such as the Storage Version API.' (#113629, @andrewsykim) - 'The iptables kube-proxy backend now process service/endpoint changes more efficiently in very large clusters.' (#110268, @danwinship)
- '
CSIMigrationvSphere
was upgraded to GA and locked to true. Do not upgrade to K8s 1.26 if you need Windows, or XFS, or raw block support until vSphere CSI Driver adds support for them in a version post v2.7.x.' (#113336, @divyenpatel) - '
DelegateFSGroupToCSIDriver
feature is GA.' (#113225, @bertinatto) - '
NodeOutOfServiceVolumeDetach
is now beta.' (#113511, @xing-yang) - '
RetroactiveDefaultStorageClass
feature is now beta.' (#113329, @RomanBednar) - '
registered_metric_total
will now report the number of metrics broken down by stability level and deprecated version.' (#112907, @logicalhan) - A new
DisableCompression
field (default =false
) has been added to kubeconfig under cluster info. When set totrue
, clients using the kubeconfig opt out of response compression for all requests to the apiserver. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112309, @shyamjvs) - A new
pod_status_sync_duration_seconds
histogram is reported at alpha metrics stability that estimates how long the Kubelet takes to write a pod status change once it is detected. (#107896, @smarterclayton) [SIG Apps, Architecture, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - API Server Tracing now includes a variety of new spans and span events. (#113172, @dashpole) [SIG API Machinery, Architecture, Auth, Instrumentation, Network, Node and Scheduling]
- API Server tracing now includes the latency of authorization, priorityandfairness, impersonation, audit, and authentication filters. (#113217, @dashpole)
- API Server tracing root span name for opentelemetry is changed from
KubernetesAPI
toHTTP GET
. (#112545, @dims) - Added
--disable-compression
flag tokubectl
(default = false). When true, it opts out of response compression for all requests to theapiserver
. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112580, @shyamjvs) - Added a method
StreamWithContext
toremotecommand.Executor
to support cancelable SPDY executor stream. (#103177, @arkbriar) - Added a new feature gate
CelValidatingAdmissionExtensibility
to enable expression validation for Admission Control. (#112792, @cici37) [SIG API Machinery] - Added alpha support for
WindowsHostNetworking
feature. (#112961, @marosset) - Added alpha support for returning container and pod metrics from CRI, instead of cAdvsior. (#113609, @haircommander)
- Added categories column to the
kubectl api-resources
command's wide output (-o wide
). Added--categories
flag to thekubectl api-resources
command, which can be used to filter the output to show only resources belonging to one or more categories. (#111096, @brianpursley) [SIG CLI] - Added kubelet metrics to track the cpumanager cpu allocation and pinning (#112855, @fromanirh)
- Added new Golang runtime-related metrics to Kubernetes components:
- go_gc_cycles_automatic_gc_cycles_total
- go_gc_cycles_forced_gc_cycles_total
- go_gc_cycles_total_gc_cycles_total
- go_gc_heap_allocs_by_size_bytes
- go_gc_heap_allocs_bytes_total
- go_gc_heap_allocs_objects_total
- go_gc_heap_frees_by_size_bytes
- go_gc_heap_frees_bytes_total
- go_gc_heap_frees_objects_total
- go_gc_heap_goal_bytes
- go_gc_heap_objects_objects
- go_gc_heap_tiny_allocs_objects_total
- go_gc_pauses_seconds
- go_memory_classes_heap_free_bytes
- go_memory_classes_heap_objects_bytes
- go_memory_classes_heap_released_bytes
- go_memory_classes_heap_stacks_bytes
- go_memory_classes_heap_unused_bytes
- go_memory_classes_metadata_mcache_free_bytes
- go_memory_classes_metadata_mcache_inuse_bytes
- go_memory_classes_metadata_mspan_free_bytes
- go_memory_classes_metadata_mspan_inuse_bytes
- go_memory_classes_metadata_other_bytes
- go_memory_classes_os_stacks_bytes
- go_memory_classes_other_bytes
- go_memory_classes_profiling_buckets_bytes
- go_memory_classes_total_bytes
- go_sched_goroutines_goroutines
- go_sched_latencies_seconds (#111910, @tosi3k)
- Added new metric
job_controller_terminated_pods_tracking_finalizer
which can be used to monitor whether the job controller is removing Pod finalizers from terminated Pods after accounting them in Job status. (#113176, @alculquicondor) - Added publishing events when enabling/disabling
TopologyAwareHints
. (#113544, @LiorLieberman) - Added reconstruction of SELinux mount context after kubelet restart. Feature
SELinuxMountReadWriteOncePod
is now fully implemented and kubelet does not lose its cache of SELinux contexts after kubelet process restart. (#113596, @jsafrane) - Added support for Evented PLEG feature gate. (#111384, @harche)
- Added the metric
pod_start_sli_duration_seconds
to kubelet. (#111930, @azylinski) - Added validation for the
--container-runtime-endpoint
flag of kubelet to be non-empty. (#112542, @astraw99) - Adds alpha --output plaintext protected by environment variable
KUBECTL_EXPLAIN_OPENAPIV3
(#113146, @alexzielenski) [SIG CLI] - Adds metrics
force_delete_pods_total
andforce_delete_pod_errors_total
in the Pod GC Controller. (#113519, @xing-yang) [SIG Apps] - Azure File CSI migration is now GA. (#113160, @andyzhangx)
- Changed
preemption_victims
metric bucket fromLinearBuckets
toExponentialBuckets
. (#112939, @lengrongfu) - Exposed health check SLI metrics on
metrics/slis
for apiserver. (#112741, @logicalhan) - Extend the job
job_finished_total metric by new
reason` label and introduce a new job metric to count pod failures handled by pod failure policy with respect to the action applied. (#113324, @mimowo) [SIG Apps and Testing] - Graduate
ServiceIPStaticSubrange
feature to GA. (#112163, @aojea) - Graduated Kubelet CPU Manager to GA. (#113018, @fromanirh)
- Graduated Kubelet Device Manager to GA. (#112980, @swatisehgal)
- If
ComponentSLIs
feature gate is enabled, then/metrics/slis
becomes available on kubelet, allowing you to scrape health check metrics. (#113030, @Richabanker) [SIG Node] - If
ComponentSLIs
feature gate is enabled, then/metrics/slis
now becomes available on cloud-controller-manager allowing you to scrape health check metrics. (#113340, @Richabanker) - If more than one StorageClass is designated as default (via the "storageclass.kubernetes.io/is-default-class" annotation), choose the newest one instead of throwing an error. (#110559, @danishprakash)
- In
client-go
SharedInformerFactory
will now support waiting for goroutines during shutdown. (#112200, @pohly) - In
kubeadm
, commandkubeadm join phase control-plane-prepare certs
now supports to run withdry-run
mode on it's own. (#113005, @chendave) - Kube-apiserver:
gzip
compression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. (#112299, @shyamjvs) - Kubeadm: added
show-join-command
as a new separate phase at the end ofkubeadm init
. You can skip printing the join information by usingkubeadm init --skip-phases=show-join-command
. Executing only this phase on demand will throw an error because the phase needs dependencies such as bootstrap tokens to be pre-populated. (#111512, @SataQiu) - Kubeadm: added the "--cleanup-tmp-dir" flag for
kubeadm reset
. It will cleanup the contents of/etc/kubernetes/tmp
. The flag is off by default. (#112172, @chendave) - Kubeadm: now supports image repository format validation. (#112732, @SataQiu)
- Kubeadm: sub-phases are now able to support the dry-run mode, e.g. kubeadm reset phase cleanup-node --dry-run (#112945, @chendave) [SIG Cluster Lifecycle]
- Kubeadm: tried to load CA cert from external CertificateAuthority file when CertificateAuthorityData is empty for existing kubeconfig. (#111783, @SataQiu)
- Kubectl shell completions for the bash shell now include descriptions. (#113636, @marckhouzam)
- Kubernetes is now built with Go 1.19.1 (#112287, @palnabarun) [SIG Release and Testing]
- Kubernetes is now built with Go 1.19.2 (#112900, @xmudrii) [SIG Release and Testing]
- Kubernetes is now built with Go 1.19.3. (#113550, @xmudrii)
- Logs of requests that were timed out by a timeout handler no longer contain a
statusStack
andlogging error output
fields. (#112374, @Argh4k) - Metrics for
RetroactiveDefaultStorageClass
feature are now available. To see an attempt count for updating PVC retroactively with a default StorageClass seeretroactive_storageclass_total
metric and for total numer of errors seeretroactive_storageclass_errors_total
. (#113323, @RomanBednar) - Promoted
kubectl alpha events
tokubectl events
. (#113819, @soltysh) - Promoting
WindowsHostProcessContainers
to stable. (#113476, @marosset) - Scheduler now retries updating a pod's status on
ServiceUnavailable
andInternalError
errors, in addition tonet.ConnectionRefused
error. (#111809, @Huang-Wei) - Shell completion now shows plugin names when appropriate. Furthermore, shell completion will work for plugins that provide such support. (#105867, @marckhouzam)
- Switched kubectl to use
github.com/russross/blackfriday/v2
(#112731, @pacoxu) - The ExpandedDNSConfig feature has graduated to beta and is enabled by default. Note that this feature requires container runtime support. (#112824, @gjkim42) [SIG Network and Testing]
- The
LegacyServiceAccountTokenNoAutoGeneration
feature gate was promoted to GA. (#112838, @zshihang) - The
ProxyTerminatingEndpoints
feature is now Beta and enabled by default. When enabled, kube-proxy will attempt to route traffic to terminating pods when the traffic policy isLocal
and there are only terminating pods remaining on a node. (#113363, @andrewsykim) - The
goroutines
metric is newly added in the scheduler. It replacesscheduler_goroutines
metric and it counts the number of goroutine in more places thanscheduler_goroutine
does. (#112003, @sanposhiho) [SIG Instrumentation and Scheduling] - Updated cAdvisor to v0.46.0. (#113769, @bobbypage)
- Updated the Lease identity naming format for the
APIServerIdentity
feature to use a persistent name. (#113307, @andrewsykim) - When
ComponentSLIs
feature gate is enabled,/metrics/slis
becomes available on kube-scheduler, allowing you to scrape health check metrics. (#113026, @Richabanker) - When
ComponentSLIs
feature gate is enabled, then/metrics/slis
becomes available onkube-proxy
allowing you to scrape health check metrics. (#113057, @Richabanker) - When
ComponentSLIs
feature gate is enabled, then/metrics/slis
becomes available on kube-controller-manager, allowing you to scrape health check metrics. (#112978, @logicalhan) - When the alpha
LegacyServiceAccountTokenTracking
feature gate is enabled, secret-based service account tokens will have akubernetes.io/legacy-token-last-used
applied to them containing the date they were last used. (#108858, @zshihang) [SIG API Machinery, Auth and Testing] CSRDuration
feature gate that graduated to GA in 1.24 and is unconditionally enabled now removed in v1.26. (#112386, @Shubham82)kubectl config view
now automatically redacts any secret fields marked with adatapolicy
tag. (#109189, @mpuckett159)
- Added back unused flags on
kubectl run
command, which did not go through the required deprecation period before being removed. (#112243, @brianpursley) - Added support for RSA and ECDSA format keys in preflight check on
kubeadm
. (#112508, @SataQiu) - Allowed
Label
section in vSphere e2e cloud provider configuration. (#112427, @gnufied) - Apiserver
/healthz/etcd
endpoint rate limits the number of forwarded health check requests to the etcd backends, answering with the last known state if the rate limit is exceeded. The rate limit is based on 1/2 of the timeout configured, with no burst allowed. (#112046, @aojea) - Apiserver: used the correct error when logging errors updating managedFields. (#113711, @andrewsykim)
- Avoided propagating hosts
search .
into containers in/etc/resolv.conf
. (#112157, @dghubble) - Bump
golang.org/x/net
tov0.1.1-0.20221027164007-c63010009c80
. (#112693, @aimuz) - Bump runc to v1.1.4. (#113719, @pacoxu)
- Callers using
DelegatingAuthenticationOptions
can now useDisableAnonymous
to disable Anonymous authentication. (#112181, @xueqzhan) - Changed error message when resource is not supported by given patch type in
kubectl patch
. (#112556, @ardaguclu) - Correct the calculating error in
podTopologySpread
plugin to avoid unexpected scheduling results. (#112507, @kerthcet) - Etcd: Updated to v3.5.5. (#112489, @dims)
- Fixed Admission controllers that caused unnecessary significant load on `apiserver'. (#112696, @aimuz)
- Fixed a bug where a change in the
appProtocol
for a Service did not trigger a load balancer update. (#112785, @MartinForReal) [SIG Cloud Provider and Network] - Fixed a bug where the kubelet choose the wrong container by its name when running
kubectl exec
. (#113041, @saschagrunert) - Fixed an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by
kubectl
while exec auth was in use. (#112017, @enj) - Fixed an issue in
winkernel
proxier that causes proxy rules to leak anytime service backends are modified. (#112837, @daschott) - Fixed bug in
kubectl rollout history
where only the latest revision was displayed when a specific revision was requested and an output format was specified. (#111093, @brianpursley) - Fixed bug where dry run message was not printed when running
kubectl label
with--dry-run
flag. (#111571, @brianpursley) - Fixed code to ensure that pods running on nodes tainted with
NoExecute
continue to run when thePodDisruptionConditions
feature gate is enabled. (#112518, @mimowo) - Fixed cost estimation of token creation request for service account in Priority and Fairness. (#113206, @marseel)
- Fixed issue where the APIServer would panic on startup if an egress selector without a controlplane configuration is specified when using APIServerTracing. (#112979, @dashpole)
- Fixed list cost estimation in Priority and Fairness for list requests with
metadata.name
specified. (#112557, @marseel) - Fixed race condition in GCE between containerized mounter setup in the kubelet. (#112195, @mattcary)
- Fixed relative CPU priority for pods where containers explicitly request zero cpu by giving the lowest priority instead of falling back to the cpu limit to avoid possible cpu starvation of other pods. (#108832, @waynepeking348)
- Fixed that disruption controller used to change the status of a stale disruption condition after 2 min when the
PodDisruptionConditions
feature gate is enabled. (#113580, @mimowo) - Fixed the
PodAndContainerStatsFromCRI
feature, instead of supplementing with stats from cAdvisor. (#113291, @mengjiao-liu) - Fixed the occasional double-counting of the
job_finished_total
metric. (#112948, @mimowo) - For
kubectl
,--server-side
now migrates ownership of all fields used by client-side-apply to the specified--fieldmanager
. This prevents fields previously specified using kubectl from being able to live outside of server-side-apply's management and become undeleteable. (#112905, @alexzielenski) - For raw block CSI volumes on Kubernetes, kubelet was incorrectly calling CSI
NodeStageVolume
for every single "map" (i.e. raw block "mount") operation for a volume already attached to the node. This change modified that behavior to ensure it is only called once per volume per node. (#112403, @akankshakumari393) - Improved
kubectl
display of invalid request errors returned by the API server. (#112150, @liggitt) - In
kube-apiserver
,x-kubernetes-list-type
validation is now enforced when updating status of custom resources. (#111866, @pacoxu) - In
kube-apiserver
, custom resources can now be specified in the--encryption-provider-config
file and can be encrypted in etcd. (#113015, @ritazh) - Increased the maximum backoff delay of the endpointslice controller to match the expected sequence of delays when syncing Services. (#112353, @dgrisonnet)
- Known issue: Job field
.spec.podFailurePolicy.rules[*].onExitCode
might be ignored if the Pod is deleted before it terminates. (#113856, @alculquicondor) - Kube-apiserver:
DELETECOLLECTION API
requests are now recorded in metrics with the correct verb. (#113133, @sxllwx) - Kube-apiserver: redirect responses are no longer returned from backends by default. Set
--aggregator-reject-forwarding-redirect=false
to continue forwarding redirect responses. (#112193, @jindijamie) [SIG API Machinery and Testing] - Kube-apiserver: redirects from backend API servers are no longer followed when checking availability with requests to
/apis/$group/$version
(#112772, @liggitt) [SIG API Machinery and Testing] - Kube-apiserver: resolved a regression that treated
304 Not Modified
responses from aggregated API servers as internal errors. (#112526, @liggitt) - Kube-proxy no longer falls back from ipvs mode to iptables mode if you ask it to do ipvs but the system is not correctly configured. Instead, it will just exit with an error. (#111806, @danwinship) [SIG Network]
- Kube-scheduler: added taints filtering logic consistent with
TaintToleration
plugin forPodTopologySpread
plugin. (#112357, @SataQiu) - Kubeadm will cleanup the stale data on best effort basis. Stale data will be removed when each reset phase are executed, default etcd data directory will be cleanup when the
remove-etcd-member
phase are executed. (#110972, @chendave) [SIG Cluster Lifecycle] - Kubeadm: fixed a bug when performing validation on
ClusterConfiguration
networking fields. (#112751, @SataQiu) - Kubeadm: when a sub command is needed but not provided for a kubeadm command, print a help screen instead of showing a short message. (#111277, @chymy)
- Kubectl apply: warning that kubectl will ignore no-namespaced resource
pv & namespace
in a future release if the namespace is specified and allowlist is not specified. (#110907, @pacoxu) - Kubectl: fixed a bug where
kubectl convert
did not pick the right API version (#112700, @SataQiu) - Kubelet now cleans up the Node's cloud node IP annotation correctly if you
stop using
--node-ip
. (In particular, this fixes the problem where people who were unnecessarily using--node-ip
with an external cloud provider in 1.23, and then running into problems with 1.24, could not fix the problem by just removing the unnecessary--node-ip
from the kubelet arguments, because that wouldn't remove the annotation that caused the problems.) (#112184, @danwinship) [SIG Network and Node] - Kubelet: Fixed a startup crash in devicemanager. (#113021, @rphillips)
- Kubelet: fixed log spam from kubelet_getters.go
Path does not exist
. (#112650, @rphillips) - Kubelet: fixed nil pointer in reflector start for standalone mode. (#113501, @pacoxu)
- Kubelet: when there are multi option lines in /etc/resolv.conf, merge all options into one line in a pod with the
Default
DNS policy. (#112414, @pacoxu) [SIG Network and Node] - Log messages and metrics for the watch cache are now keyed by
<resource>.<group>
instead ofgo
struct type. This means e.g. that*v1.Pod
becomespods
. Additionally, resources that come fromCustomResourceDefinitions
are displayed as the correct resource and group, instead of*unstructured.Unstructured
. (#111807, @ncdc) - Moved
LocalStorageCapacityIsolationFSQuotaMonitoring
back to Alpha. (#112076, @rphillips) - NOTE (#113749, @jpbetz) [SIG API Machinery]
- Nested
MountPoints
are now grouped correctly on all cases. (#112571, @claudiubelu) - Pod failed in scheduling due to expected error will be updated with the reason of
SchedulerError
rather thanUnschedulable
. (#111999, @kerthcet) - Pod logs using
--timestamps
are not broken up with timestamps anymore. (#113481, @rphillips) - Removed of raising an error when setting an annotation with the same value, just ignore it. (#109505, @zigarn)
- Resolved an issue that caused winkernel proxier to treat stale VIPs as valid. (#113521, @daschott)
- The
ResourceVersion
returned in objects from delete responses is now consistent with theResourceVersion
contained in the delete watch event. (#113369, @wojtek-t) - The
kube-scheduler
andkube-controller-manager
now use server side apply to set conditions related to pod disruption. (#113304, @mimowo) [SIG API Machinery, Apps and Scheduling] - The errors in
k8s.io/apimachinery/pkg/api/meta
now support for thestdlibs
errors.Is
matching, including when wrapped. (#111808, @alvaroaleman) - The metrics
etcd_request_duration_seconds
andetcd_bookmark_counts
now differentiate by group resource instead of object type, allowing unique entries perCustomResourceDefinition
, instead of grouping them all under*unstructured.Unstructured
. (#112042, @ncdc) - The pod admission error message was improved for usability. (#112644, @vitorfhc) [SIG Node]
- The time duration of a failed or unschedulable scheduling attempt will be longer, it now includes the time duration of the unreserve operation. (#113113, @kerthcet)
- Updated
kube-proxy
to restart in case it detects that the Node assignedpod.Spec.PodCIDRs
have changed. (#111344, @aojea) - Updated creation of
LoadBalancer
services, for there to be fewer AWS security group rules in most cases. (#112267, @sjenning) - Updated the system-validators library to v1.8.0 (#112026, @pacoxu)
- Updates
golang.org/x/text`` to
v0.3.8`` to fix CVE-2022-32149 (#112989, @ameukam) - Volume mount cleanup now considers only plugin directory and not the entire kubelet root (#112607, @mattcary)
kubectl
now escapes terminal special characters in output. This fixes CVE-2021-25743. (#112553, @dgl)
- 'Promoted
cronjob_job_creation_skew
metric to stable to follow the cronjob v2 controller, the following metrics had their name updated to match metrics API guidelines: - 'Promoted job-related metrics to stable to follow IndexedJobs GA. The following metrics have their name updated to match metrics API guidelines:
- '
kubelet_kubelet_credential_provider_plugin_duration
was renamed tokubelet_credential_provider_plugin_duration
andkubelet_kubelet_credential_provider_plugin_errors
was renamed tokubelet_credential_provider_plugin_errors
.' (#113754, @logicalhan) - A new API server flag
--encryption-provider-config-automatic-reload
was added to control when the encryption config should be automatically reloaded without needing to restart the server. All KMS plugins are now merged into a single healthz check at/healthz/kms-providers
when reload is enabled, or when only KMS v2 plugins are used. (#113529, @enj) - Added a
--prune-allowlist
flag that can be used withkubectl apply --prune
. This flag now replaces and functions the same as the--prune-whitelist
flag, which has been deprecated. (#113116, @brianpursley) - Added a
kubernetes_feature_enabled
metric which will tell you if a feature is enabled. (#112652, @logicalhan) - Deprecated the following kubectl run flags, which are ignored if set:
--cascade
,--filename
,--force
,--grace-period
,--kustomize
,--recursive
,--timeout
,--wait
. (#112261, @brianpursley) - Dropped support for the Container Runtime Interface (CRI) version
v1alpha2
, which means that container runtimes just have to implementv1
. (#110618, @saschagrunert) - E2e: tests can now register callbacks with
ginkgo.BeforeEach
,ginkgo.AfterEach
orginkgo.DeferCleanup
directly after creating a framework instance and are guaranteed that their code is called after the framework is initialized and before it gets cleaned up.ginkgo.DeferCleanup
replacesf.AddAfterEach
andAddCleanupAction
which got removed to simplify the framework. (#111998, @pohly) - Introduce
ComponentSLIs
alpha feature-gate for component SLIs metrics endpoint. (#112884, @logicalhan) [SIG API Machinery] - Kube scheduler Component Config release version v1beta3 is deprecated in v1.26 and will be removed in v1.29, also v1beta2 will be removed in v1.28. (#112257, @kerthcet) [SIG Scheduling]
- Kube-scheduler: the
DefaultPodTopologySpread
,NonPreemptingPriority
,PodAffinityNamespaceSelector
andPreferNominatedNode
feature gates that graduated to GA in v1.24 and were unconditionally enabled have been removed in v1.26. (#112567, @SataQiu) - Kubeadm: removed the
UnversionedKubeletConfigMap
feature gate. The feature has been GA and locked to enabled sincev1.25
. (#113448, @pacoxu) - Kubeadm: removed the toleration for the
node-role.kubernetes.io/master
taint from the CoreDNS deployment ofkubeadm
. With the 1.25 release of kubeadm the taintnode-role.kubernetes.io/master
is no longer applied to control plane nodes and the toleration for it can be removed with the release of 1.26. You can also perform the same toleration removal from your own addon manifests. (#112008, @pacoxu) - Kubeadm: removed the usage of the
--container-runtime=remote
flag for the kubelet during kubeadm init/join/upgrade. The flag valueremote
had been the only possible value sincedockershim
was removed from the kubelet. (#112000, @pacoxu) - Locked
ServerSideApply
feature gate to true with the feature already being GA. (#112748, @wojtek-t) - Refactored
test/e2e/framework
so that the core framework is smaller. Optional functionality like resource monitoring, log size monitoring, metrics gathering and debug information dumping must be imported by specific e2e test suites. Init packages are provided which can be imported to re-enable the functionality that traditionally was in the core framework. If you have code that no longer compiles because of this PR, you can use the script from a commit message to update that code. (#112043, @pohly) - Release-note (#111708, @yangjunmyfm192085) [SIG Apps, Instrumentation and Network]
- Removed
PodOverhead
feature gate as the feature is in GA sincev1.24
. (#112579, @SergeyKanzhelev) - Removing Windows Server, Version 20H2 flavors from various container images. (#112924, @marosset)
- Renamed the feature gate for CEL in Admission Control to
ValidatingAdmissionPolicy
. (#113735, @cici37) - Reworded log message upon image garbage collection failure to be more clear. (#112631, @tzneal) [SIG Node]
- Scheduler dumper now exposes a summary to indicate the number of pending pods in each internal queue. (#111726, @Huang-Wei) [SIG Scheduling and Testing]
- Service session affinity timeout tests are no longer required for Kubernetes network plugin conformance due to variations in existing implementations. New conformance tests will be developed to better express conformance in future releases. (#112806, @dcbw) [SIG Architecture, Network and Testing]
- The
IndexedJob
andSuspendJob
feature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26. (#112589, @SataQiu) - The
e2e.test
binary no longer emits JSON structs to document progress. (#113212, @pohly) - The metric
etcd_db_total_size_in_bytes
is renamed toapiserver_storage_db_total_size_in_bytes
. (#113310, @logicalhan) [SIG API Machinery] - Updated
cri-tools
to [v1.25.0(https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.25.0) (#112058, @saschagrunert) GlusterFS
in-tree storage driver which was deprecated in kubernetes 1.25 release is now removed entirely in 1.26. (#112015, @humblec)
- cloud.google.com/go/datastore: v1.1.0
- cloud.google.com/go/firestore: v1.1.0
- cloud.google.com/go/pubsub: v1.3.1
- github.com/OneOfOne/xxhash: v1.2.2
- github.com/alecthomas/template: fb15b89
- github.com/alecthomas/units: f65c72e
- github.com/armon/consul-api: eb2c6b5
- github.com/armon/go-metrics: f0300d1
- github.com/armon/go-radix: 7fddfc3
- github.com/bgentry/speakeasy: v0.1.0
- github.com/bketelsen/crypt: 5cbc8cc
- github.com/cenkalti/backoff/v4: v4.1.3
- github.com/cespare/xxhash: v1.1.0
- github.com/client9/misspell: v0.3.4
- github.com/coreos/bbolt: v1.3.2
- github.com/coreos/etcd: v3.3.13+incompatible
- github.com/coreos/go-systemd: 95778df
- github.com/coreos/pkg: 399ea9e
- github.com/dgrijalva/jwt-go: v3.2.0+incompatible
- github.com/dgryski/go-sip13: e10d5fe
- github.com/fatih/color: v1.7.0
- github.com/go-gl/glfw: e6da0ac
- github.com/go-logr/stdr: v1.2.2
- github.com/google/martian: v2.1.0+incompatible
- github.com/grpc-ecosystem/grpc-gateway/v2: v2.7.0
- github.com/hashicorp/consul/api: v1.1.0
- github.com/hashicorp/consul/sdk: v0.1.1
- github.com/hashicorp/errwrap: v1.0.0
- github.com/hashicorp/go-cleanhttp: v0.5.1
- github.com/hashicorp/go-immutable-radix: v1.0.0
- github.com/hashicorp/go-msgpack: v0.5.3
- github.com/hashicorp/go-multierror: v1.0.0
- github.com/hashicorp/go-rootcerts: v1.0.0
- github.com/hashicorp/go-sockaddr: v1.0.0
- github.com/hashicorp/go-syslog: v1.0.0
- github.com/hashicorp/go-uuid: v1.0.1
- github.com/hashicorp/go.net: v0.0.1
- github.com/hashicorp/golang-lru: v0.5.1
- github.com/hashicorp/hcl: v1.0.0
- github.com/hashicorp/logutils: v1.0.0
- github.com/hashicorp/mdns: v1.0.0
- github.com/hashicorp/memberlist: v0.1.3
- github.com/hashicorp/serf: v0.8.2
- github.com/jpillora/backoff: v1.0.0
- github.com/jstemmer/go-junit-report: v0.9.1
- github.com/kr/logfmt: b84e30a
- github.com/kr/pty: v1.1.1
- github.com/magiconair/properties: v1.8.1
- github.com/mattn/go-colorable: v0.0.9
- github.com/mattn/go-isatty: v0.0.3
- github.com/miekg/dns: v1.0.14
- github.com/mitchellh/cli: v1.0.0
- github.com/mitchellh/go-homedir: v1.1.0
- github.com/mitchellh/go-testing-interface: v1.0.0
- github.com/mitchellh/gox: v0.4.0
- github.com/mitchellh/iochan: v1.0.0
- github.com/oklog/ulid: v1.3.1
- github.com/pascaldekloe/goe: 57f6aae
- github.com/pelletier/go-toml: v1.2.0
- github.com/posener/complete: v1.1.1
- github.com/prometheus/tsdb: v0.7.1
- github.com/ryanuber/columnize: 9b3edd6
- github.com/sean-/seed: e2103e2
- github.com/shurcooL/sanitized_anchor_name: v1.0.0
- github.com/spaolacci/murmur3: f09979e
- github.com/spf13/cast: v1.3.0
- github.com/spf13/jwalterweatherman: v1.0.0
- github.com/spf13/viper: v1.7.0
- github.com/subosito/gotenv: v1.2.0
- github.com/ugorji/go: v1.1.4
- github.com/xordataexchange/crypt: b2862e3
- go.opentelemetry.io/contrib/propagators/b3: v1.10.0
- go.opentelemetry.io/otel/exporters/otlp/internal/retry: v1.10.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.10.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.10.0
- gopkg.in/ini.v1: v1.51.0
- gopkg.in/resty.v1: v1.12.0
- rsc.io/binaryregexp: v0.2.0
- rsc.io/quote/v3: v3.1.0
- rsc.io/sampler: v1.3.0
- dmitri.shuralyov.com/gpu/mtl: 28db891 → 666a987
- github.com/antlr/antlr4/runtime/Go/antlr: f25a4f6 → v1.4.10
- github.com/aws/aws-sdk-go: v1.38.49 → v1.44.116
- github.com/container-storage-interface/spec: v1.6.0 → v1.7.0
- github.com/containerd/ttrpc: v1.0.2 → v1.1.0
- github.com/cpuguy83/go-md2man/v2: v2.0.1 → v2.0.2
- github.com/dnaeon/go-vcr: v1.0.1 → v1.2.0
- github.com/docker/docker: v20.10.17+incompatible → v20.10.18+incompatible
- github.com/docker/go-units: v0.4.0 → v0.5.0
- github.com/emicklei/go-restful/v3: v3.8.0 → v3.9.0
- github.com/felixge/httpsnoop: v1.0.1 → v1.0.3
- github.com/fsnotify/fsnotify: v1.4.9 → v1.6.0
- github.com/go-kit/log: v0.1.0 → v0.2.0
- github.com/go-logfmt/logfmt: v0.5.0 → v0.5.1
- github.com/go-openapi/jsonreference: v0.19.5 → v0.20.0
- github.com/google/cadvisor: v0.45.0 → v0.46.0
- github.com/google/cel-go: v0.12.4 → v0.12.5
- github.com/google/go-cmp: v0.5.6 → v0.5.9
- github.com/google/pprof: 94a9f03 → 4bb14d4
- github.com/gopherjs/gopherjs: fce0ec3 → 0766667
- github.com/inconshreveable/mousetrap: v1.0.0 → v1.0.1
- github.com/karrick/godirwalk: v1.16.1 → v1.17.0
- github.com/konsorten/go-windows-terminal-sequences: v1.0.2 → v1.0.3
- github.com/matttproud/golang_protobuf_extensions: v1.0.1 → v1.0.2
- github.com/moby/sys/mountinfo: v0.6.0 → v0.6.2
- github.com/moby/term: 3f7ff69 → 39b0c02
- github.com/onsi/ginkgo/v2: v2.1.4 → v2.4.0
- github.com/onsi/gomega: v1.19.0 → v1.23.0
- github.com/opencontainers/runc: v1.1.3 → v1.1.4
- github.com/prometheus/client_golang: v1.12.1 → v1.14.0
- github.com/prometheus/client_model: v0.2.0 → v0.3.0
- github.com/prometheus/common: v0.32.1 → v0.37.0
- github.com/prometheus/procfs: v0.7.3 → v0.8.0
- github.com/smartystreets/assertions: v1.1.0 → b2de0cb
- github.com/spf13/afero: v1.6.0 → v1.2.2
- github.com/spf13/cobra: v1.4.0 → v1.6.0
- github.com/stretchr/objx: v0.2.0 → v0.4.0
- github.com/stretchr/testify: v1.7.0 → v1.8.0
- go.etcd.io/etcd/api/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/client/pkg/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/client/v2: v2.305.4 → v2.305.5
- go.etcd.io/etcd/client/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/pkg/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/raft/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/server/v3: v3.5.4 → v3.5.5
- go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful: v0.20.0 → v0.35.0
- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.20.0 → v0.35.0
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.20.0 → v0.35.0
- go.opentelemetry.io/otel/metric: v0.20.0 → v0.31.0
- go.opentelemetry.io/otel/sdk: v0.20.0 → v1.10.0
- go.opentelemetry.io/otel/trace: v0.20.0 → v1.10.0
- go.opentelemetry.io/otel: v0.20.0 → v1.10.0
- go.opentelemetry.io/proto/otlp: v0.7.0 → v0.19.0
- go.uber.org/goleak: v1.1.10 → v1.2.0
- golang.org/x/crypto: 3147a52 → v0.1.0
- golang.org/x/exp: 85be41e → 6cc2880
- golang.org/x/mobile: e6ae53a → d2bd2a2
- golang.org/x/mod: 86c51ed → v0.6.0
- golang.org/x/net: a158d28 → 1e63c2f
- golang.org/x/oauth2: d3ed0bb → ee48083
- golang.org/x/sys: 8c9f86f → v0.3.0
- golang.org/x/term: 03fcf44 → v0.3.0
- golang.org/x/text: v0.3.7 → v0.5.0
- golang.org/x/tools: v0.1.12 → v0.2.0
- google.golang.org/grpc: v1.47.0 → v1.49.0
- google.golang.org/protobuf: v1.28.0 → v1.28.1
- k8s.io/gengo: c02415c → c0856e2
- k8s.io/klog/v2: v2.70.1 → v2.80.1
- k8s.io/kube-openapi: 67bda5d → 172d655
- k8s.io/system-validators: v1.7.0 → v1.8.0
- k8s.io/utils: ee6ede2 → 1a15be2
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.32 → v0.0.33
- sigs.k8s.io/yaml: v1.2.0 → v1.3.0
- github.com/ajstarks/svgo: 644b8db
- github.com/auth0/go-jwt-middleware: v1.0.1
- github.com/boltdb/bolt: v1.3.1
- github.com/fogleman/gg: 0403632
- github.com/getkin/kin-openapi: v0.76.0
- github.com/go-ozzo/ozzo-validation: v3.5.0+incompatible
- github.com/golang/freetype: e2365df
- github.com/gophercloud/gophercloud: v0.1.0
- github.com/gorilla/mux: v1.8.0
- github.com/heketi/heketi: v10.3.0+incompatible
- github.com/heketi/tests: f3775cb
- github.com/jung-kurt/gofpdf: 24315ac
- github.com/kr/fs: v0.1.0
- github.com/lpabon/godbc: v0.1.1
- github.com/mvdan/xurls: v1.1.0
- github.com/pkg/sftp: v1.10.1
- github.com/remyoudompheng/bigfft: 52369c6
- github.com/russross/blackfriday: v1.5.2
- github.com/urfave/negroni: v1.0.0
- go.opentelemetry.io/contrib/propagators: v0.20.0
- go.opentelemetry.io/contrib: v0.20.0
- go.opentelemetry.io/otel/exporters/otlp: v0.20.0
- go.opentelemetry.io/otel/oteltest: v0.20.0
- go.opentelemetry.io/otel/sdk/export/metric: v0.20.0
- go.opentelemetry.io/otel/sdk/metric: v0.20.0
- gonum.org/v1/gonum: v0.6.2
- gonum.org/v1/netlib: 7672324
- gonum.org/v1/plot: e2840ee
- modernc.org/cc: v1.0.0
- modernc.org/golex: v1.0.0
- modernc.org/mathutil: v1.0.0
- modernc.org/strutil: v1.0.0
- modernc.org/xc: v1.0.0
- rsc.io/pdf: v0.1.1
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 9f60096e87359e5a35f16d5ceafae855124ce252e124ec6454d8a34757f25a104a22285faed562f8c6ad8178eb79c6bcd9c7b1dde0b81c062eea776e95f50a72 |
kubernetes-src.tar.gz | 127edcbd0e28070ea70ac57c4d0bb2989e02ef19d0f5b8ff90d23f6c09cdc1befd6a27ea53684928850669d50bc59ad25e62e5a9bade725bd69c0c5dadfe1fd3 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | c4d3aceb58ac81b4b2c0225d58bca75a527d3b686bdcc8f94abdeb84a64729ab9fafed83caee47ded141e1b3ac63cfa4ddcd5c7a249c5e30766fe3b4206f2c5e |
kubernetes-client-darwin-arm64.tar.gz | 3b9d7474394187d97b4b8c8aad22744425e44bca875231644d609a4086da3ef9c805d0b2205aaedc3214e4727fe322f83e1bc7de0e86de8073aad73663c6a232 |
kubernetes-client-linux-386.tar.gz | 8034ebfe53d8197e059e5702f5fad6a78295ea170150a5deb0def6aaa833b1d28b9b58e95ad0e342f462e0cf433416802e473e2819c2f0444ce123daa3f90a94 |
kubernetes-client-linux-amd64.tar.gz | 236a3d1b1bd39ae66187fe7b4d841d3efaf8a0d00047b4a7cf0604881f7c596b760271bc6d359664878f9687ff1b0a76be079ae98a42ceeca4bf9d19b1a31ecf |
kubernetes-client-linux-arm.tar.gz | 6b53cfc34b015e36579039426b1eadfd0126ccc5d8ad443226a2ccf60069133d9b753f9432ad8cc0137c70c91095ad851d8a1263967b25fb8a259c7d75ca52fd |
kubernetes-client-linux-arm64.tar.gz | 5792a32fa1ee641b8e73150c67e252a9c358a6f9c71954e31324241a9316e97561cbcf07244eba7f9bcaba1f93ff6a6315d8298f706ef31abcfb827d3a37d334 |
kubernetes-client-linux-ppc64le.tar.gz | 3056e95dd631f94bd992955242520239d7d011a7fa3024581598094bd5fb9a7a85d04c1ab4e5673ba8d669133d9b97ee590c99e24e7f2d1ba115ab4930593007 |
kubernetes-client-linux-s390x.tar.gz | f8424a03a46d2b65f7d853dd74f6ee03ce29669e878c3f2584a25d2f03f9b90c48f6cdb4667f524657eca222adf04dbc8cba31f9bef5a1c8426e97a97ffda135 |
kubernetes-client-windows-386.tar.gz | c9218f53497e7ce05607d79c130194262f19948d5b4c1ac16093fef48bcebdbc69162677cfd2d3e1b1bf73220a331156e28460f2443ba47006d9e4aa8a21e0a5 |
kubernetes-client-windows-amd64.tar.gz | 62e115a066335a43d504c86b6f6f8749e018ebc1271a6bc75e8e0007c29384c153349731db551996f81dd31cae01f8d74cf9abe170ddb1a134083df0fc9575e9 |
kubernetes-client-windows-arm64.tar.gz | 15e8ee687996b69c3eae81beeefac84292adb3e2da9bd8d4103a5c9c44bde4f5bf134ec6851cc32c1b07ac73c710160c938a2f4059c40149daf665cb8800e63a |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 8c8ade7261823c05e5e9818ea3e50271ff1900fcefe53be88f82d4b22e489211411f934d798d056406b3c4d409eec6deeaa0ee66287c0f0ac5969949edb050c2 |
kubernetes-server-linux-arm.tar.gz | a2265ce14e0638d95f2732a15fb431548d7a88ae5e24015bff638a762944791c86d2b79163485308a3dc5b8fa2239bbdb1d0963b88b55cacd138e49581fc8c6f |
kubernetes-server-linux-arm64.tar.gz | 445d1e73673f8dd91e3afb6e4fc63c5b470b3f882bbe3c0008763730915fce6f43ac7c21175c51c9ce4abaf4d26b09348bb8fd1fd762df27bdccc4595364ecfc |
kubernetes-server-linux-ppc64le.tar.gz | 2fcfc2772587c195adbdbe67a357e0c4536c0ce8cfa14a8fed63d021452fa6b75f9ddf499243a6cf99ac6f34ea5bfcffa61d7a22d7e42cbd5a7b3d040c311e54 |
kubernetes-server-linux-s390x.tar.gz | 6e03a5fcbcc4c03137535ac70f1f2156376ec67870de9e52c06a4df1db1bae209309f9f40c4b8607ffb3319c035be279d854487edba1f77ac38173e63fe185ca |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 4d409c919817fd8b0b786e76ed7b15efa823ed779732a17945a0cd29e37511a98b54959ab89445f2f75e56f8ec243193f706cc6499434ad71e3472f50f95438e |
kubernetes-node-linux-arm.tar.gz | e97630f0e442db2839e8b841b2442005687e57f74f6070ab874bed2deb5f4955ee945555237c6102c306db44677dc1f3db83b734ed03d64ddc47d2278de8c1c0 |
kubernetes-node-linux-arm64.tar.gz | 7e51982c019417b6f1ef05e07a03cc10c236908b78fec86d59d1102c707373775dbe2e6992fd818b103a86e6e2ce0c603123e346c334844e06908cb8db698b31 |
kubernetes-node-linux-ppc64le.tar.gz | 27154ac9cf36f74ba7d42cb7cc0002673519dab9b6ab8ff6784fcc2613091f5da5828b24dd7cfcc708fd561fbfecd4f48920e159e96bf86a1712417965614490 |
kubernetes-node-linux-s390x.tar.gz | 9e1f47c40bff72bfa9be18c4eedfd0b334c509dab2639ff9ae8e1f0273fca13ff793e27fcf2cadc8f519ba630d66d324ecbb46e32838760d0cebe3e54228eed0 |
kubernetes-node-windows-amd64.tar.gz | d0daa931f9a1fe301a1e5875789c466acf2fef5c769c08776d11b33ba21e7f49c00aa826c5c5a8b696835df0c3132325580393ca79d45e54dfe98f759d3b1768 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
-
Fix endpoint reconciler not being able to delete the apiserver lease on shutdown (#114122, @aojea) [SIG API Machinery]
-
Fixed a bug that resulted in "grpc: the client connection is closing" errors shortly after the Kubernetes API server automatically reloaded its encryption-at-rest config due to an observed change to the file. This bug was only encountered when the --encryption-provider-config-automatic-reload flag was set to true. (#113955, @enj) [SIG API Machinery, Auth and Testing]
-
When the feature gates
PodDisruptionConditions
andJobPodFailurePolicy
are both enabled, the Job controller now does not consider a terminating Pod (a pod that has a.metadata.deletionTimestamp
) as a failure until that Pod is terminal (its.status.phase
isFailed
orSucceeded
).However, the Job controller creates a replacement Pod as soon as the termination becomes apparent. Once the pod terminates, the Job controller evaluates
.backoffLimit
and.podFailurePolicy
for the relevant Job, taking this now-terminated Pod into consideration.This behavior is limited to Jobs with
.spec.podFailurePolicy
set, and only when those two feature gates are both enabled. If either of these requirements is not satisfied, the Job controller counts a terminating Pod as an immediate failure, even if that Pod later terminates withphase: "Succeeded"
. (#113860, @alculquicondor) [SIG Apps]
Nothing has changed.
Nothing has changed.
Nothing has changed.
filename | sha512 hash |
---|---|
kubernetes.tar.gz | c029cbe4bac02811164d6caf5c2474afb57ef0c8d1e5d4c3728a5ca38deff50dff354bc5b63f6a5c831a5d1944c559f5c33ebb5a6f13b2219bcc889127b74184 |
kubernetes-src.tar.gz | 0166a2421ce2ac5a6a5eb9a47f6c3195072e2ea3c6cf042e90fa20ed9624b7f6f3c3fc7fb9403c005e25c14b668cd33aa153c18d66b3a38722d2ea22edb13d88 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | 73dd4446f6f58698f5dacc771d49eea436ee7a35edbf29b0470e077325385882544a35bc6c0aa4da8a0fcb4f521d25bb394097fc7895fc8b82e70d928d610dcd |
kubernetes-client-darwin-arm64.tar.gz | 8b09a1ab7cd916cfe8a957b459d47dc789405232a09d17313b73ba2174ed61443460835dbdc9420731e29620954713eadc608546c16888902ef729ffa2a4207c |
kubernetes-client-linux-386.tar.gz | 2766bc4210815f141a1862c00c827bc6c4c1f2184d10f40884647da896855a4ae35e174daebda22b55a40ba5d18a4a4efef26ba4a57f25a0cb5b6cb5c0d52604 |
kubernetes-client-linux-amd64.tar.gz | e9dc23e70cf54b2daddeb6c6b8dd4a7688311b9aa073ed7a6b7e49f197c4c2c4f5c08eb8289f5341bfd6da6e34f9b9d3a050d20d6e3de82af7c43387ff84abff |
kubernetes-client-linux-arm.tar.gz | d19a5b00fa829a541bab13150ecdfd4427c1f2ae92061c338a93ca3c36c8609fa77dfe5fc05c7f54f117e0c299a79beb5ac14921819cd5a34e3debc9818aeedc |
kubernetes-client-linux-arm64.tar.gz | 63a69da8a5570a08daf2fed9e55e456a761df0aba683cd3b84c6ee3dc6657d982adacf00655c485e6bfb03e9d60e0b89e1dbb568ca92e8e1c458752e24a64bbc |
kubernetes-client-linux-ppc64le.tar.gz | 1d63b821339b4bb2c3cc9e3eec949a33143c0fbff96d7f723dcd7aecdb2fc7c40d66b569c70f58c012070e206826d9e0070aaed0bb2c87b251a1d644915a5a2a |
kubernetes-client-linux-s390x.tar.gz | dda2f1cb4def6094184d24be792fb8de12cd217eda75cf5f9510191956fa01bf3d130329a3318e2b26845b3335fb1dc74e92adb4d20bc5c7842670836eefc993 |
kubernetes-client-windows-386.tar.gz | b3a2fea1264a00f6cc1e09b76df6de9ea63988bccc1e568724a1f5a028e921c0832ef09665ea81077d2b58a8127345faa94d3570c4ccb0d4329a85c492152e34 |
kubernetes-client-windows-amd64.tar.gz | ac2db53ec5a5421bdebe24ac0ac7a5b585c9e6883f95c2424d6041707bf6b68a8b1e8a9f2ca594fa969e9d555b375cffe684922bfd65149d0d738067bcad0aa9 |
kubernetes-client-windows-arm64.tar.gz | 0f8c501689f44cdeee4c5917c09e57ee6e5bcac78626fc1fe839a367a80f16ac9724dcc0220e29d169aa3fa8fe379365167814883c1d8596f220b418433cdf55 |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 083916605845bce97c5cb371086122ac1d985853bf565f4619c9463d70f4e0f9f538a1dde9a2c2b79ea4646ced702600b7abab166554d607a6edaec3dc6a73ef |
kubernetes-server-linux-arm.tar.gz | 68212f3854e33b5657f280839f3bda53bf048adf5630342070447db1b3a37004923f3388c51f9d40a54831f9709010669fa712ee937ad4bcf1c9f5c5f4f1b0f8 |
kubernetes-server-linux-arm64.tar.gz | 8ded836f67e98240e8e5e6c9ce0a56c3466563462c75e55b5043afe4d1dea30059753fb49d00044083d50b1fda3cbc3b7ac1ba3232ea743706a38684a55131a7 |
kubernetes-server-linux-ppc64le.tar.gz | 4bf5a296b54e805b795777f99b40054287b4a7d5857897b47e3da4f6cdbfe4b91d771c85facfaf96340d14f3764d15d3b019a53961c0b5ffd76fb1e60f2fa586 |
kubernetes-server-linux-s390x.tar.gz | 4cf0e6a16d011fc0f2a6801b5b0c09e70caffe949f0ef1b5230379ef6f79a9a874b7c6a1c7a49ed8080324c0bf12d43e8181aca9ab2251df7d508dc9e050d6a3 |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | b60d6ecaa093b912478c3402a0bb4b01a553fbf8220ce0ed587c5181df2473b7b85750d47e6e30bf935cf616aa1912a5c034fe2e425e5b51bf9a71af634f76ea |
kubernetes-node-linux-arm.tar.gz | f8120e276b91fbb88e2458e14b067c2f3517d09d8250cfbdf0306d51fff8355c7dc3e83f66216c803a34b521c40f3ad5b62d79a7f4f86f1a25e2057f098ac024 |
kubernetes-node-linux-arm64.tar.gz | 09ca76f6a681a489cc6c291358eeca10666ffee7a82382e87714684f24e67ea97bffdafb0b83a01641893db5cabe480b83f9afc77fabb850eeb0a173a2349526 |
kubernetes-node-linux-ppc64le.tar.gz | a09d28611f73193f33f07da4e2fff5987a4332893381f8322fc7a48a2884856c75cce306fced1cb0cd18119e9f801c95307128567400749792a67cd797b5ba01 |
kubernetes-node-linux-s390x.tar.gz | 665b856bb641960a654829ef532dab84768e59a6653b07d7d8fd613364e07eff79f102b05799ca718b7ad5f0bd01128b3aa3498ea5afea70992c4cbcb3154065 |
kubernetes-node-windows-amd64.tar.gz | f1d1d38db0a22e68f8c872bcb0569452ade58d5d3d4bb93233a0bea45c70bd8264eaa5cd03cc92e463f7f4c29ee3114a8696748f8f925da5033144e0e9298376 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
- Add a
ResourceClaim
API (in the resource.k8s.io/v1alpha1 API group and behind theDynamicResourceAllocation
feature gate). The new API is more flexible than the existing Device Plugins feature of Kubernetes because it allows Pods to request (claim) special kinds of resources, which can be available at node level, cluster level, or following any other model you implement. (#111023, @pohly) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release, Scheduling, Storage and Testing] - PodDisruptionBudget adds an alpha
spec.unhealthyPodEvictionPolicy
field. When thePDBUnhealthyPodEvictionPolicy
feature-gate is enabled inkube-apiserver
, setting this field to"AlwaysAllow"
allows pods to be evicted if they do not have a ready condition, regardless of whether the PodDisruptionBudget is currently healthy. (#113375, @atiratree) [SIG API Machinery, Apps, Auth and Testing]
- Known issue: Job field
.spec.podFailurePolicy.rules[*].onExitCode
might be ignored if the Pod is deleted before it terminates. (#113856, @alculquicondor) [SIG Apps]
Nothing has changed.
Nothing has changed.
Nothing has changed.
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 9aa7ea4dac63ca19b62dbb5ff3769f96d52f17d14050bdb4832936b6732879b93544ffae4411783e57b5171e12bc7bba8dbd275fdbc0755712a0b80069d06097 |
kubernetes-src.tar.gz | 350ee84981bdc47f1ccee421efe2102d1323195b605c79884a0a3628c49d20533bbf3f49d54a3ce94b2a5627290103a4edd14cfdd1bd732c859f88ad06ad178a |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | 8333a7b382ce29c79f9d2958c90e5e34c3af205a64d7f99bf94817df92879b136ba1f40a675555368aee68a9278a03142f20b8cb1797d1eaa3ba2344e2109904 |
kubernetes-client-darwin-arm64.tar.gz | 5f263002532b818c9dca80119f7fe78474f7fee66d13409e8fad588b1aa7edda7a333a1f0982b86582b0a202f57253a6ae7a64ecba9569e9b08f478f1cc2c2e3 |
kubernetes-client-linux-386.tar.gz | 344a33e30a29043533810d48f42d34d25a919925f85610b232c8c2f9da04c6faa2e43bc45dc7cb2d04c4c7bc24e6d77621abdc667a4a0707082212505babe5d5 |
kubernetes-client-linux-amd64.tar.gz | 267dd3143813d7462dc821ec2ebf22c266280420fdecbbaf73e4f03a803ef4be5e0e98bbac036e0ba96e4c56ba937cf1064ed91208dff0b91797b3243810d097 |
kubernetes-client-linux-arm.tar.gz | c1779aa4bed88510640de2f2c964c981f188a6a15d2e468e503982ad63f20a0f282752d9e3d9e811895ccf7e8847fe9c7bbecb76d64d087e83a9677c8d6a6ad0 |
kubernetes-client-linux-arm64.tar.gz | 82170b76010c8f54c8a40684a1226433626afabd6c585cd41035e17aa8923d1c3991cbae0d77ca79153a972d8840b92d1958e253e3a9ae5eda2b9e8d9c09d01e |
kubernetes-client-linux-ppc64le.tar.gz | d0e59ec798ef03c01990e184847b1bfd38805d9e95901699c5bbbdf31d2e942dab63a8fb68656dc9affd0fa483efb360751d5d0b445f9d6c1e9713c1f10d1f7f |
kubernetes-client-linux-s390x.tar.gz | d2ebeadcdd809f9f1ee4bd1884efd5093279cc3511c791007061ee980becdf7e1e3980f61f644b7425d1ec10c386d8c74e9296031472376bf8ea481c047920e9 |
kubernetes-client-windows-386.tar.gz | 04d7a1387112428283081fc74bcaf83d7a7dbe59f58bad45794603e8dfa4cee723aa1b4fd1616c96dc9ff2e49a246345d4135756d9779a86916d41e4cbeae46c |
kubernetes-client-windows-amd64.tar.gz | db7680b960de8f2f0da782ae2e6b2e396c5b4606e7c894af5bf4e5627fb83d635b3b7f893af80252515bd0fef2accf6b598ba5042ffd5e9c8d71cff68fc4ab25 |
kubernetes-client-windows-arm64.tar.gz | 7ff409c0c1f2ca26f42dd6199b559df390238f17c1bf868a10e8d1433bfe7305bed57f20b187a806076f2788a64ad224998ac5dfaeb20a7cef01dfc6bf025de0 |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | ef82141b01f845ad0576207cf528a9d1f8be681e1fd4744d4e01f3692491a0a640de92f79ef4294d924deee29926de4b0eefc6757addc6a27557c79ca94e3c46 |
kubernetes-server-linux-arm.tar.gz | 14f2be17866492accd69225b55ddca636aa46cd825a9092bb2bf05cd2adc04c59e0b8271adab4b345b8368337863a3884d608ca7e8de48d3598d1b144e4142dc |
kubernetes-server-linux-arm64.tar.gz | c7df332e9bb9c20abdd3a0e2a57509e3ef7b5ea0eadee6cffc09c6cbffb0e01fb845a1135a7d4ea3e784227022839bae8936a3d95846b5fde23bf7e096413c1c |
kubernetes-server-linux-ppc64le.tar.gz | a5e5b2d60a4fde3db2214a0509c677e94c205fab7350b57dca79558a999f28752fe096ee863d4c9c410079fab3a08665aec84cb1a1732d53e9ac09cffe65b389 |
kubernetes-server-linux-s390x.tar.gz | 4d84170a3a5bcea73db3c922154724e4021dd3fd20833698428002975eec1a958f528f54d747870ace58859741eeebc7caec1074ae84ba08b35d5a1efa1ab0d1 |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 2a194c2e2da4949df32806a7592716406ab3148287e6c97285155e0c7390b8cbcdbd426fb4ff40885f1db7b31355e7bcf9f590edeb77318ba5e39e92e40569f1 |
kubernetes-node-linux-arm.tar.gz | 960ab6a725cd5b9ac59449cda00605a4f4d876541b362852cd2c915b1cf449713139c540f1a7d8e48920a67515fc3389007313cfa348e886ec7e4cb7c783e90e |
kubernetes-node-linux-arm64.tar.gz | ee3c62ab7174e737c372325a5bc086b61d42b957211e6fb1061aafee8f24284ceca22c0d7c2e92020327a8cf4bd1fe9a8cd685174c0c5ae03bb7ed293c1d6dc6 |
kubernetes-node-linux-ppc64le.tar.gz | 28dc29007d319172c82b6ae675a218ce4dc484ddb81371ddccd5e5aeced90aa4033a08eb6ac3d562627b7762988d7de2f72fbfddada454009b9f3c0137d23864 |
kubernetes-node-linux-s390x.tar.gz | ebdb47d96ae97ec6abfa9ec0863b1ead84615c49be950e79dff27a8a6a2454044854976545017947528ab104007f9010a27d68b96916219934e541bbafd23851 |
kubernetes-node-windows-amd64.tar.gz | f2197c28414f98a77cc501a47a960be22c45a19f1023c0a4a426442aa719a7c6b66a660ad9721d817216e59ac2ce8a2d0e7db89c1e36b4938833329af40b85af |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
- CLI flag
pod-eviction-timeout
is deprecated and will be removed together withenable-taint-manager
in v1.27. (#113710, @kerthcet) [SIG API Machinery and Apps]
-
A new
preEnqueue
extension point is added to scheduler's component config v1beta2/v1beta3/v1. (#113275, @Huang-Wei) [SIG API Machinery, Apps, Instrumentation, Scheduling and Testing] -
Add a new namespace alpha field to dataSourceRef field in PersistentVolumeClaim API. (#113186, @ttakahashi21) [SIG API Machinery, Apps, Storage and Testing]
-
Add a kube-proxy flag (--iptables-localhost-nodeports, default true) to allow disabling NodePort services on loopback addresses. Note: this only applies to iptables mode and ipv4. (#108250, @cyclinder) [SIG API Machinery, Cloud Provider, Network, Node, Scalability, Storage and Testing]
-
Added a --topology-manager-policy-options flag to the kubelet to support fine tuning the topology manager policies. The first policy option,
prefer-closest-numa-nodes
, allows these policies to favor sets of NUMA nodes with shorter distance between nodes when making admission decisions. (#112914, @PiotrProkop) [SIG API Machinery and Node] -
Added a feature that allows a StatefulSet to start numbering replicas from an arbitrary non-negative ordinal, using the
.spec.ordinals.start
field. (#112744, @pwschuurman) [SIG API Machinery and Apps] -
Deprecate the apiserver_request_slo_duration_seconds metric for v1.27 in favor of apiserver_request_sli_duration_seconds for naming consistency purposes with other SLI-specific metrics and to avoid any confusion between SLOs and SLIs. (#112679, @dgrisonnet) [SIG API Machinery and Instrumentation]
-
Enable the "Retriable and non-retriable pod failures for jobs" feature into beta (#113360, @mimowo) [SIG Apps, Auth, Node, Scheduling and Testing]
-
Graduate JobTrackingWithFinalizers to stable. Jobs created before the feature was enabled are still tracked without finalizers. Users can choose to migrate jobs to tracking with finalizers by adding the annotation batch.kubernetes.io/job-tracking. If the annotation was already present and the user attempts to remove it, the control plane adds the annotation back. (#113510, @alculquicondor) [SIG API Machinery, Apps and Testing]
-
Graduate ServiceInternalTrafficPolicy feature to GA (#113496, @avoltz) [SIG Apps and Network]
-
If you enabled automatic reload of encryption configuration with API server flag --encryption-provider-config-automatic-reload, ensure all the KMS provider names (v1 and v2) in the encryption configuration are unique. (#113697, @aramase) [SIG API Machinery and Auth]
-
Introduce v1alpha1 API for validating admission policies, enabling extensible admission control via CEL expressions (KEP 3488: CEL for Admission Control). To use, enable the
ValidatingAdmissionPolicy
feature gate and theadmissionregistration.k8s.io/v1alpha1
API via--runtime-config
. (#113314, @cici37) [SIG API Machinery, Auth, Cloud Provider and Testing] -
Kubelet adds the following pod failure conditions:
-
Metav1.LabelSelectors specified in API objects are now validated to ensure they do not contain invalid label values that will error at time of use. Existing invalid objects can be updated, but new objects are required to contain valid label selectors. (#113699, @liggitt) [SIG API Machinery, Apps, Auth, Network and Storage]
-
Moving MixedProtocolLBService from beta to GA (#112895, @janosi) [SIG Apps, Network and Testing]
-
New Pod API field
.spec.schedulingGates
is introduced to enable users to control when to mark a Pod as scheduling ready. (#113274, @Huang-Wei) [SIG Apps, Scheduling and Testing] -
NodeInclusionPolicy in podTopologySpread plugin is enabled by default. (#113500, @kerthcet) [SIG API Machinery, Apps, Scheduling and Testing]
-
Priority and Fairness has introduced a new feature called borrowing that allows an API priority level to borrow a number of seats from other priority level(s). As a cluster operator, you can enable borrowing for a certain priority level configuration object via the two newly introduced fields
lendablePercent
, andborrowingLimitPercent
located under the.spec.limited
field of the designated priority level. This PR adds the following metrics.apiserver_flowcontrol_nominal_limit_seats
: Nominal number of execution seats configured for each priority levelapiserver_flowcontrol_lower_limit_seats
: Configured lower bound on number of execution seats available to each priority levelapiserver_flowcontrol_upper_limit_seats
: Configured upper bound on number of execution seats available to each priority levelapiserver_flowcontrol_demand_seats
: Observations, at the end of every nanosecond, of (the number of seats each priority level could use) / (nominal number of seats for that level)apiserver_flowcontrol_demand_seats_high_watermark
: High watermark, over last adjustment period, of demand_seatsapiserver_flowcontrol_demand_seats_average
: Time-weighted average, over last adjustment period, of demand_seatsapiserver_flowcontrol_demand_seats_stdev
: Time-weighted standard deviation, over last adjustment period, of demand_seatsapiserver_flowcontrol_demand_seats_smoothed
: Smoothed seat demandsapiserver_flowcontrol_target_seats
: Seat allocation targetsapiserver_flowcontrol_seat_fair_frac
: Fair fraction of server's concurrency to allocate to each priority level that can use itapiserver_flowcontrol_current_limit_seats
: current derived number of execution seats available to each priority level
The possibility of borrowing means that the old metric apiserver_flowcontrol_request_concurrency_limit can no longer mean both the configured concurrency limit and the enforced concurrency limit. Henceforth it means the configured concurrency limit. (#113485, @MikeSpreitzer) [SIG API Machinery and Testing]
-
The EndpointSliceTerminatingCondition feature gate has graduated to GA. The gate is now locked and will be removed in v1.28. (#113351, @andrewsykim) [SIG API Machinery, Apps, Network and Testing]
-
Yes, aggregated discovery will be alpha and can be toggled with the AggregatedDiscoveryEndpoint feature flag (#113171, @Jefftree) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Network, Node, Release, Scalability, Scheduling, Storage and Testing]
- API Server tracing now includes the latency of authorization, priorityandfairness, impersonation, audit, and authentication filters. (#113217, @dashpole) [SIG API Machinery and Instrumentation]
- Add a method
StreamWithContext
to remotecommand.Executor to support cancelable SPDY executor stream. (#103177, @arkbriar) [SIG API Machinery, CLI, Node and Testing] - Add alpha support for returning container and pod metrics from CRI, instead of cAdvsior (#113609, @haircommander) [SIG Architecture, Instrumentation and Node]
- Add support for Evented PLEG feature gate (#111384, @harche) [SIG Node and Testing]
- Add the metric pod_start_sli_duration_seconds to kubelet (#111930, @azylinski) [SIG Instrumentation, Node and Testing]
- Added reconstruction of SELinux mount context after kubelet restart. Feature SELinuxMountReadWriteOncePod is now fully implemented and kubelet does not lose its cache of SELinux contexts after kubelet process restart. (#113596, @jsafrane) [SIG Apps, Node, Storage and Testing]
- Added selector validation to HorizontalPodAutoscaler: when multiple HPAs select the same set of Pods, scaling now will be disabled for those HPAs with the reason
AmbiguousSelector
. This change also covers a case when multiple HPAs point to the same deployment. (#112011, @pbeschetnov) [SIG Apps and Autoscaling] - Added: publishing events when enabling/disabling topologyAwareHints. (#113544, @LiorLieberman) [SIG Apps and Network]
- Adding alpha support for WindowsHostNetworking feature (#112961, @marosset) [SIG Node and Windows]
- Adds alpha --output plaintext protected by environment variable
KUBECTL_EXPLAIN_OPENAPIV3
(#113146, @alexzielenski) [SIG CLI] - Adds metrics
force_delete_pods_total
andforce_delete_pod_errors_total
in the Pod GC Controller. (#113519, @xing-yang) [SIG Apps] - CSIMigrationvSphere upgraded to GA and locked to true. Do not upgrade to K8s 1.26 if you need Windows support until vSphere CSI Driver adds support for it in a version post v2.7.x. (#113336, @divyenpatel) [SIG Storage]
- DelegateFSGroupToCSIDriver feature is GA. (#113225, @bertinatto) [SIG Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
- Graduate Kubelet CPU Manager to GA. (#113018, @fromanirh) [SIG Node and Testing]
- Graduate Kubelet Device Manager to GA. (#112980, @swatisehgal) [SIG Cloud Provider and Node]
- If
ComponentSLIs
feature gate is enabled, then/metrics/slis
becomes available on cloud-controller-manager allowing you to scrape health check metrics. (#113340, @Richabanker) [SIG Cloud Provider] - Kubectl config view now automatically redacts any secret fields marked with a datapolicy tag (#109189, @mpuckett159) [SIG API Machinery, Auth, CLI and Testing]
- Kubectl shell completions for the bash shell now include descriptions. (#113636, @marckhouzam) [SIG CLI]
- Kubernetes is now built with Go 1.19.3 (#113550, @xmudrii) [SIG Release and Testing]
- Make Azure File CSI migration as GA in 1.26 (#113160, @andyzhangx) [SIG Cloud Provider]
- NodeOutOfServiceVolumeDetach is now beta. (#113511, @xing-yang) [SIG Node and Storage]
- Pod Security admission: the pod-security
warn
level will now default to theenforce
level. (#113491, @tallclair) [SIG Auth and Security] - Promote kubectl alpha events to kubectl events (#113819, @soltysh) [SIG CLI and Testing]
- Promote the
APIServerIdentity
feature to Beta. By default, each kube-apiserver will now create a Lease in thekube-system
namespace. These lease objects can be used to identify the number of active API servers in the cluster, and may also be used for future features such as the Storage Version API. (#113629, @andrewsykim) [SIG API Machinery and Testing] - Promoting WindowsHostProcessContainers to stable (#113476, @marosset) [SIG Apps, Node, Testing and Windows]
- RetroactiveDefaultStorageClass feature is now beta. (#113329, @RomanBednar) [SIG Apps, Storage and Testing]
- The LegacyServiceAccountTokenNoAutoGeneration feature gate has been promoted to GA (#112838, @zshihang) [SIG API Machinery, Apps, Auth and Testing]
- The ProxyTerminatingEndpoints feature is now Beta and enabled by default. When enabled, kube-proxy will attempt to route traffic to terminating pods when the traffic policy is Local and there are only terminating pods remaining on a node. (#113363, @andrewsykim) [SIG Network]
- The iptables kube-proxy backend should process service/endpoint changes more efficiently in very large clusters. (#110268, @danwinship) [SIG Instrumentation and Network]
- Update the Lease identity naming format for the APIServerIdentity feature to use a persistent name (#113307, @andrewsykim) [SIG API Machinery, Node and Testing]
- Updated cAdvisor to v0.46.0 (#113769, @bobbypage) [SIG Architecture, CLI, Cloud Provider, Node and Storage]
- Apiserver: use the correct error when logging errors updating managedFields (#113711, @andrewsykim) [SIG API Machinery]
- Bump runc to v1.1.4 (#113719, @pacoxu) [SIG Node]
- Do not raise an error when setting an annotation with the same value, just ignore it. (#109505, @zigarn) [SIG CLI]
- Fix cost estimation of token creation request for service account in Priority and Fairness. (#113206, @marseel) [SIG API Machinery]
- Fix that disruption controller changes the status of a stale disruption condition after 2 min when the PodDisruptionConditions feature gate is enabled (#113580, @mimowo) [SIG Auth]
- Fix the PodAndContainerStatsFromCRI feature, instead of supplementing with stats from cAdvisor. (#113291, @mengjiao-liu) [SIG Instrumentation and Node]
- For
kubectl
,--server-side
now migrates ownership of all fields used by client-side-apply to the specified--fieldmanager
. This prevents fields previously specified using kubectl from being able to live outside of server-side-apply's management and become undeleteable. (#112905, @alexzielenski) [SIG API Machinery, CLI and Testing] - Kubectl apply: warning that kubectl will ignore no-namespaced resource
pv & namespace
in a future release if the namespace is specified and allowlist is not specified (#110907, @pacoxu) [SIG CLI] - Kubelet: Fixes a startup crash in devicemanager (#113021, @rphillips) [SIG Node]
- Kubelet: fix nil pointer in reflector start for standalone mode (#113501, @pacoxu) [SIG Node]
- NOTE (#113749, @jpbetz) [SIG API Machinery]
- Pod logs using --timestamps are not broken up with timestamps anymore. (#113481, @rphillips) [SIG Node]
- Resolves an issue that causes winkernel proxier to treat stale VIPs as valid (#113521, @daschott) [SIG Network and Windows]
- The resourceVersion returned in objects from delete responses is now consistent with the resourceVersion contained in the delete watch event (#113369, @wojtek-t) [SIG API Machinery]
- A new API server flag --encryption-provider-config-automatic-reload has been added to control when the encryption config should be automatically reloaded without needing to restart the server. All KMS plugins are merged into a single healthz check at /healthz/kms-providers when reload is enabled, or when only KMS v2 plugins are used. (#113529, @enj) [SIG API Machinery, Auth and Testing]
- Added a
--prune-allowlist
flag that can be used withkubectl apply --prune
. This flag replaces and functions the same as the--prune-whitelist
flag, which has been deprecated. (#113116, @brianpursley) [SIG CLI] - Deprecated the following kubectl run flags, which are ignored if set: --cascade, --filename, --force, --grace-period, --kustomize, --recursive, --timeout, --wait (#112261, @brianpursley) [SIG CLI]
- Dropped support for the Container Runtime Interface (CRI) version
v1alpha2
, which means that container runtimes just have to implementv1
. (#110618, @saschagrunert) [SIG Node and Security] - Promote job-related metrics to stable to follow IndexedJobs GA, the following metrics had their name updated to match metrics API guidelines:
- Promote cronjob_job_creation_skew metric to stable to follow the cronjob v2 controller, the following metrics had their name updated to match metrics API guidelines:
- Rename the feature gate for CEL in Admission Control to
ValidatingAdmissionPolicy
. (#113735, @cici37) [SIG API Machinery and Testing] kubelet_kubelet_credential_provider_plugin_duration
is renamedkubelet_credential_provider_plugin_duration
andkubelet_kubelet_credential_provider_plugin_errors
is renamedkubelet_credential_provider_plugin_errors
. (#113754, @logicalhan) [SIG Instrumentation and Node]
Nothing has changed.
- github.com/container-storage-interface/spec: v1.6.0 → v1.7.0
- github.com/containerd/ttrpc: v1.0.2 → v1.1.0
- github.com/docker/docker: v20.10.17+incompatible → v20.10.18+incompatible
- github.com/docker/go-units: v0.4.0 → v0.5.0
- github.com/google/cadvisor: v0.45.0 → v0.46.0
- github.com/karrick/godirwalk: v1.16.1 → v1.17.0
- github.com/moby/sys/mountinfo: v0.6.0 → v0.6.2
- github.com/moby/term: 3f7ff69 → 39b0c02
- github.com/opencontainers/runc: v1.1.3 → v1.1.4
- github.com/prometheus/client_golang: v1.13.0 → v1.14.0
- github.com/prometheus/client_model: v0.2.0 → v0.3.0
- k8s.io/utils: 665eaae → 1a15be2
Nothing has changed.
filename | sha512 hash |
---|---|
kubernetes.tar.gz | e38caad0331adb21176e326bbcf1b4f55385b00011fd476c12a7872a2cfa1d25d2d961f2986cc336549be71bc8f3513578317a852d39c0ad6c62bd3bd4ce17d1 |
kubernetes-src.tar.gz | f5931854054f3d739636fccc78c29a9cb579e3885143dae7d89c72d9e41857acf91ee0166ef92766e414355258409ca209ce7c2cf512322cc0f2b17bb9670098 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | fbfa2b4af54b8765465a8892ad7ceb56f019132805d7c1f0d63e9e569a33a722862234c1184f395c865bf1e8393951b8ea50bf972766d8283281bd2fc0ada86a |
kubernetes-client-darwin-arm64.tar.gz | 5b9af35b9284a7f4813031f913e3aa014d3a1b1fa7823564409c8c6ce7a8a2272b2fb306bcbb777736d241b7997fcf4fed97388614ccdb25463f8f41f3398204 |
kubernetes-client-linux-386.tar.gz | 0fe3a80e9dfa85798f1da7b24c94c83328d4a00e4032b6dbe03c674fe39bd35a8a53c7b005fc9d81f0992920d4b66d25dc3a50c87df9884cdc4df9a61cca82f8 |
kubernetes-client-linux-amd64.tar.gz | 36ef2a886f871bbf674aa740de4c2f61be4f80b8dd68c38b784af4a92a03af659ffab8de6a06cb400fbeea6bcb6f2eef9e809c5959a9050de5e0dd63521fcefa |
kubernetes-client-linux-arm.tar.gz | ae8a4f8e568843ea6f4321b0b7e2779ef1177e86ea979355509cf5788a05d1b08eaae54d400296b41ef5463d7e576df9d5943104ac830cf17f7e9e879460dc43 |
kubernetes-client-linux-arm64.tar.gz | c8f10f35b38509b9c02af2946dfa96e86a8dca69c587754cdfe0cda0cfee8fbcf118fd8fa92543a04571d370c3a9942f40d19e0740efa301a2f9e542be4c0051 |
kubernetes-client-linux-ppc64le.tar.gz | c416055c92483ec93d0ecfd4c1738ed1c9aafd9d68f806dc0e9b3fbe994c60fbb41baaa9a64fd1a5725ae16d6e22e93c40f8be5af4e122d1eb1d095d2f7a6c26 |
kubernetes-client-linux-s390x.tar.gz | 88155930c24f784d6f73864af07518d0cdde486e32857d1d057d0ed0bfce7c8c7501f1fc29275747d7b50d812e910b1fb2fa14f7ef91aeedeaf530cdbe9094f7 |
kubernetes-client-windows-386.tar.gz | 3c89c5044ca402bb022af618404839eb0cadb3e89552c4002386503911b1e4622a16a4452c26310ee2ead49058faa17711136435f3303271be903dabce93ae0d |
kubernetes-client-windows-amd64.tar.gz | 8d053b7eb02e850d2d70492d0cbd76e6b68ff43b3373539563c67ab2dc66895a387f4e7dfb31dffde85a32086beb8db3a12a55dd5e9f4261bd768c853be3e6fa |
kubernetes-client-windows-arm64.tar.gz | 0034b8b34b66cf72f9a77ffe0ab441517f12ba7bafbcf8abea7b6650f8936da0a4e90f56a315dc2d16392684167850401de6c1dbf386bce2e28aeab9e3b4963d |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 1b7c60428a326c337c59080923766d46c7b4a9c0ffc7125d6000f410a1cbd488403a00d36ea22a7fbddf70aa78c53e06c4d0cb434f254b7e883481393a99dec7 |
kubernetes-server-linux-arm.tar.gz | 4eec57f333e4d5cc99929465e6bf01f057351925d5b38c92751c1b30a2f1f61d81db14d95100c5ea01950eee4ef172772e91dc38000ec50bfa1e01f8a62e0d54 |
kubernetes-server-linux-arm64.tar.gz | a6a11db5f669e0705083269df9813c8da9e7d61f76c78ac0cb55ea9cfffad865e0de7b129727192cec03ecae89d7e51f1097b010290106a5ac8a563294fb69b2 |
kubernetes-server-linux-ppc64le.tar.gz | 3b66310e6adad44b38a02eb315281e15e3f6f4fd6490ea279a3f962ca27b6537f4210a2db8e0648816614e2a9d73a622fdf0bac2ea0dc2c462543ce44acc3a45 |
kubernetes-server-linux-s390x.tar.gz | 4dd94f22f4a309aa3fc0f92d1708a31660b291270107baf8ed80bbb49677136cce17345edf21e1a132584702218192e85876d36211884880629a8a38b98e6680 |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 1c8b21a36d18a9a6c3ebf92cd61d9b36ef06b5e415f4bbf86518d3a740cb132a767c1b806e0b65e3a52eb8a2fc6452d0e897aaeea4505ad5206b0b304f784e0e |
kubernetes-node-linux-arm.tar.gz | 23797df2c5eb2fe473d06edb3fe032f2c55bb68eaa2074d1ce3f0455545076be5859288bc835d194da2291dc488da375ecbf21511f9876ca80da978f5ff3491c |
kubernetes-node-linux-arm64.tar.gz | 5f2ce6867228dc4cdb4a418421ac28d7f3a4e4e2f5ba7470cd141dc3b45978537d19ba81f0bd3751ba0ba31a3f67b41d7fac7932623cfd719b526fe3a879e42c |
kubernetes-node-linux-ppc64le.tar.gz | 9acdaf23e8e8a8bc5afac8fbccd1325f45a0bcf7ac1e02beaf2e54e54dfc95e5d90b5efeb9dfbfa9ebfd83331f7daeb928f2ad579ba02d234e0294a9df1e1d6e |
kubernetes-node-linux-s390x.tar.gz | d971dc06b94a02b23d384c366946a0304f53513717180351c70eef989841a33940fa56698d4f30161cd15ac47f2577569ff2cf63775d5c191ba798695d48f252 |
kubernetes-node-windows-amd64.tar.gz | a2db5de15c72c6bc9bcd29dca31f6abf5c6cd3dd60c448bf4c4d93ad13f2864cd0904feaa5f0d3954c0199dcd64191dc97128863275e69705a3208c91f7f8b73 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
-
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
([#86139](kubernetes#86139), [@jasimmons](https://github.com/jasimmons)) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Contributor Experience, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] -
Add percentageOfNodesToScore as a scheduler profile level parameter to API version v1. If a profile percentageOfNodesToScore is set, it will override global percentageOfNodesToScore. (#112521, @yuanchen8911) [SIG API Machinery, Scheduling and Testing]
-
Kube-controller-manager supports '--concurrent-horizontal-pod-autoscaler-syncs' flag to set the number of horizontal pod autoscaler controller workers. (#108501, @zroubalik) [SIG API Machinery, Apps and Autoscaling]
-
Kube-proxy: The "userspace" proxy mode (deprecated for over a year) is no longer supported on either Linux or Windows. Users should use "iptables" or "ipvs" on Linux, or "kernelspace" on Windows. (#112133, @knabben) [SIG API Machinery, Network, Scalability, Testing and Windows]
-
Kubectl wait command with jsonpath flag will wait for target path appear until timeout. (#109525, @jonyhy96) [SIG CLI and Testing]
-
Kubelet external Credential Provider feature is moved to GA. Credential Provider Plugin and Credential Provider Config APIs updated from v1beta1 to v1 with no API changes. (#111616, @ndixita) [SIG API Machinery, Node, Scheduling and Testing]
-
The
DynamicKubeletConfig
feature gate has been removed from the API server. Dynamic kubelet reconfiguration now cannot be used even when older nodes are still attempting to rely on it. This is aligned with the Kubernetes version skew policy. (#112643, @SergeyKanzhelev) [SIG API Machinery, Apps, Auth, Node and Testing]
- API Server Tracing now includes a variety of new spans and span events. (#113172, @dashpole) [SIG API Machinery, Architecture, Auth, Instrumentation, Network, Node and Scheduling]
- Add kubelet metrics to track the cpumanager cpu allocation and pinning (#112855, @fromanirh) [SIG Instrumentation, Node and Testing]
- Added categories column to the
kubectl api-resources
command's wide output (-o wide
). Added--categories
flag to thekubectl api-resources
command, which can be used to filter the output to show only resources belonging to one or more categories. (#111096, @brianpursley) [SIG CLI] - Admission control plugin "DefaultStorageClass": If more than one StorageClass is designated as default (via the "storageclass.kubernetes.io/is-default-class" annotation), choose the newest one instead of throwing an error. (#110559, @danishprakash) [SIG Apps and Storage]
- Change
preemption_victims
metric bucket fromLinearBuckets
toExponentialBuckets
. (#112939, @lengrongfu) [SIG Instrumentation and Scheduling] - Extend the job
job_finished_total metric by new
reason` label and introduce a new job metric to count pod failures handled by pod failure policy with respect to the action applied. (#113324, @mimowo) [SIG Apps and Testing] - Graduate ServiceIPStaticSubrange feature to GA (#112163, @aojea) [SIG Network]
- If
ComponentSLIs
feature gate is enabled, then/metrics/slis
becomes available on kube-controller-manager, allowing you to scrape health check metrics. (#112978, @logicalhan) [SIG API Machinery and Cloud Provider] - If
ComponentSLIs
feature gate is enabled, then/metrics/slis
becomes available on kube-proxy allowing you to scrape health check metrics. (#113057, @Richabanker) [SIG Network] - If
ComponentSLIs
feature gate is enabled, then/metrics/slis
becomes available on kube-scheduler, allowing you to scrape health check metrics. (#113026, @Richabanker) [SIG Scheduling] - If
ComponentSLIs
feature gate is enabled, then/metrics/slis
becomes available on kubelet, allowing you to scrape health check metrics. (#113030, @Richabanker) [SIG Node] - Kubeadm: command
kubeadm join phase control-plane-prepare certs
is now supporting to run withdry-run
mode on it's own (#113005, @chendave) [SIG Cluster Lifecycle] - Logs of requests that were timed out by a timeout handler will no longer contain a "statusStack" and "logging error output" fields (#112374, @Argh4k) [SIG API Machinery]
- Metrics for RetroactiveDefaultStorageClass feature are now available. To see an attempt count for updating PVC retroactively with a default StorageClass see
retroactive_storageclass_total
metric and for total numer of errors seeretroactive_storageclass_errors_total
. (#113323, @RomanBednar) [SIG Apps] - New metric job_controller_terminated_pods_tracking_finalizer can be used to monitor whether the job controller is removing Pod finalizers from terminated Pods after accounting them in Job status. (#113176, @alculquicondor) [SIG Apps, Instrumentation and Testing]
- Shell completion will now show plugin names when appropriate. Furthermore, shell completion will work for plugins that provide such support. (#105867, @marckhouzam) [SIG CLI]
- The ExpandedDNSConfig feature has graduated to beta and is enabled by default. Note that this feature requires container runtime support. (#112824, @gjkim42) [SIG Network and Testing]
- When the alpha
LegacyServiceAccountTokenTracking
feature gate is enabled, secret-based service account tokens will have akubernetes.io/legacy-token-last-used
applied to them containing the date they were last used. (#108858, @zshihang) [SIG API Machinery, Auth and Testing]
- Bump golang.org/x/net to v0.1.1-0.20221027164007-c63010009c80 (#112693, @aimuz) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Security and Storage]
- Fix the occasional double-counting of the job_finished_total metric (#112948, @mimowo) [SIG Apps, Architecture, Instrumentation and Testing]
- Fixed a bug where a change in the
appProtocol
for a Service did not trigger a load balancer update. (#112785, @MartinForReal) [SIG Cloud Provider and Network] - Fixed a bug where the kubelet chooses the wrong container by its name when running
kubectl exec
. (#113041, @saschagrunert) [SIG Node] - Fixed an issue where the APIServer would panic on startup if an egress selector without a controlplane configuration is specified when using APIServerTracing (#112979, @dashpole) [SIG API Machinery, Instrumentation and Testing]
- Fixed: #22422 Admission controllers can cause unnecessary significant load on apiserver (#112696, @aimuz) [SIG Scalability]
- Kube-apiserver: DELETECOLLECTION API requests are now recorded in metrics with the correct verb. (#113133, @sxllwx) [SIG API Machinery]
- Kube-apiserver: custom resources can now be specified in the --encryption-provider-config file and can be encrypted in etcd (#113015, @ritazh) [SIG API Machinery, Auth and Testing]
- Kube-proxy, will restart in case it detects that the Node assigned pod.Spec.PodCIDRs have changed (#111344, @aojea) [SIG Network]
- Kubectl now escapes terminal special characters in output. This fixes CVE-2021-25743. (#112553, @dgl) [SIG CLI and Security]
- Kubectl: fixed a bug where
kubectl convert
did not pick the right API version (#112700, @SataQiu) [SIG CLI] - Kubelet: Fixes a startup crash in devicemanager (#113021, @rphillips) [SIG Node]
- Nested mountpoints are now group correctly on all cases. (#112571, @claudiubelu) [SIG Storage and Windows]
- The metrics(time duration) of a failed or unschedulable scheduling attempt will be longer for it will include the duration time of the unreserve operation now. (#113113, @kerthcet) [SIG Scheduling]
- Updates golang.org/x/text to v0.3.8 to fix CVE-2022-32149 (#112989, @ameukam) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
- Use SSA to add pod disruption conditions by scheduler and controller-manager (#113304, @mimowo) [SIG API Machinery, Apps and Scheduling]
- Kubeadm: remove the UnversionedKubeletConfigMap feature gate. The feature has been GA and locked to enabled since 1.25. (#113448, @pacoxu) [SIG Cluster Lifecycle]
- Removing Windows Server, Version 20H2 flavors from various container images (#112924, @marosset) [SIG Testing and Windows]
- Service session affinity timeout tests are no longer required for Kubernetes network plugin conformance due to variations in existing implementations. New conformance tests will be developed to better express conformance in future releases. (#112806, @dcbw) [SIG Architecture, Network and Testing]
- The e2e.test binary no longer emits JSON structs to document progress. (#113212, @pohly) [SIG Testing]
- The metric
etcd_db_total_size_in_bytes
is renamed toapiserver_storage_db_total_size_in_bytes
. (#113310, @logicalhan) [SIG API Machinery]
- cloud.google.com/go/datastore: v1.1.0
- cloud.google.com/go/firestore: v1.1.0
- cloud.google.com/go/pubsub: v1.3.1
- dmitri.shuralyov.com/gpu/mtl: 666a987
- github.com/BurntSushi/xgb: 27f1227
- github.com/OneOfOne/xxhash: v1.2.2
- github.com/alecthomas/template: fb15b89
- github.com/alecthomas/units: f65c72e
- github.com/armon/consul-api: eb2c6b5
- github.com/armon/go-metrics: f0300d1
- github.com/armon/go-radix: 7fddfc3
- github.com/bgentry/speakeasy: v0.1.0
- github.com/bketelsen/crypt: 5cbc8cc
- github.com/cespare/xxhash: v1.1.0
- github.com/client9/misspell: v0.3.4
- github.com/coreos/bbolt: v1.3.2
- github.com/coreos/etcd: v3.3.13+incompatible
- github.com/coreos/go-systemd: 95778df
- github.com/coreos/pkg: 399ea9e
- github.com/dgrijalva/jwt-go: v3.2.0+incompatible
- github.com/dgryski/go-sip13: e10d5fe
- github.com/fatih/color: v1.7.0
- github.com/go-gl/glfw/v3.3/glfw: 6f7a984
- github.com/go-gl/glfw: e6da0ac
- github.com/google/martian: v2.1.0+incompatible
- github.com/gopherjs/gopherjs: 0766667
- github.com/hashicorp/consul/api: v1.1.0
- github.com/hashicorp/consul/sdk: v0.1.1
- github.com/hashicorp/errwrap: v1.0.0
- github.com/hashicorp/go-cleanhttp: v0.5.1
- github.com/hashicorp/go-immutable-radix: v1.0.0
- github.com/hashicorp/go-msgpack: v0.5.3
- github.com/hashicorp/go-multierror: v1.0.0
- github.com/hashicorp/go-rootcerts: v1.0.0
- github.com/hashicorp/go-sockaddr: v1.0.0
- github.com/hashicorp/go-syslog: v1.0.0
- github.com/hashicorp/go-uuid: v1.0.1
- github.com/hashicorp/go.net: v0.0.1
- github.com/hashicorp/golang-lru: v0.5.1
- github.com/hashicorp/hcl: v1.0.0
- github.com/hashicorp/logutils: v1.0.0
- github.com/hashicorp/mdns: v1.0.0
- github.com/hashicorp/memberlist: v0.1.3
- github.com/hashicorp/serf: v0.8.2
- github.com/jstemmer/go-junit-report: v0.9.1
- github.com/jtolds/gls: v4.20.0+incompatible
- github.com/kr/logfmt: b84e30a
- github.com/kr/pty: v1.1.1
- github.com/magiconair/properties: v1.8.1
- github.com/mattn/go-colorable: v0.0.9
- github.com/mattn/go-isatty: v0.0.3
- github.com/miekg/dns: v1.0.14
- github.com/mitchellh/cli: v1.0.0
- github.com/mitchellh/go-homedir: v1.1.0
- github.com/mitchellh/go-testing-interface: v1.0.0
- github.com/mitchellh/gox: v0.4.0
- github.com/mitchellh/iochan: v1.0.0
- github.com/oklog/ulid: v1.3.1
- github.com/pascaldekloe/goe: 57f6aae
- github.com/pelletier/go-toml: v1.2.0
- github.com/posener/complete: v1.1.1
- github.com/prometheus/tsdb: v0.7.1
- github.com/ryanuber/columnize: 9b3edd6
- github.com/sean-/seed: e2103e2
- github.com/shurcooL/sanitized_anchor_name: v1.0.0
- github.com/smartystreets/assertions: b2de0cb
- github.com/smartystreets/goconvey: v1.6.4
- github.com/spaolacci/murmur3: f09979e
- github.com/spf13/afero: v1.2.2
- github.com/spf13/cast: v1.3.0
- github.com/spf13/jwalterweatherman: v1.0.0
- github.com/spf13/viper: v1.7.0
- github.com/subosito/gotenv: v1.2.0
- github.com/ugorji/go: v1.1.4
- github.com/xordataexchange/crypt: b2862e3
- golang.org/x/exp: 6cc2880
- golang.org/x/image: cff245a
- golang.org/x/mobile: d2bd2a2
- gopkg.in/ini.v1: v1.51.0
- gopkg.in/resty.v1: v1.12.0
- rsc.io/binaryregexp: v0.2.0
- rsc.io/quote/v3: v3.1.0
- rsc.io/sampler: v1.3.0
- github.com/aws/aws-sdk-go: v1.38.49 → v1.44.116
- github.com/dnaeon/go-vcr: v1.0.1 → v1.2.0
- github.com/fsnotify/fsnotify: v1.5.4 → v1.6.0
- github.com/google/pprof: 94a9f03 → 4bb14d4
- github.com/inconshreveable/mousetrap: v1.0.0 → v1.0.1
- github.com/konsorten/go-windows-terminal-sequences: v1.0.2 → v1.0.3
- github.com/onsi/ginkgo/v2: v2.2.0 → v2.4.0
- github.com/onsi/gomega: v1.20.1 → v1.23.0
- github.com/spf13/cobra: v1.5.0 → v1.6.0
- golang.org/x/crypto: 7b82a4e → v0.1.0
- golang.org/x/lint: 1621716 → 6edffad
- golang.org/x/mod: 86c51ed → v0.6.0
- golang.org/x/net: a158d28 → c630100
- golang.org/x/sys: 8c9f86f → v0.1.0
- golang.org/x/term: 03fcf44 → v0.1.0
- golang.org/x/text: v0.3.7 → v0.4.0
- golang.org/x/tools: v0.1.12 → v0.2.0
- k8s.io/kube-openapi: 67bda5d → 172d655
- github.com/getkin/kin-openapi: v0.76.0
filename | sha512 hash |
---|---|
kubernetes.tar.gz | ed5a0f1b0d45e3b6ea0f3d05f5aa4e924e8205a45b0238080e02a6ad60004f106f3f5442a302a44ae5b848ba7426e63e22a42806ddc1977214d964874165b6ca |
kubernetes-src.tar.gz | 7db2dcb528ead7a879aa12a525e488d1175ab55f5a710833bf80e3380a8db53fa5d35020b02d39a653465b7686fd4f6520a41218c7c55358d3de6ef54fa0b61a |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | c024438cb9ab879e6489413a969e891e2ba3216940e4ff6c8d5a79a6956312d9e6143a4b469b0decfd94358b60844c845f15426574673ea54460dc8f5ee7053f |
kubernetes-client-darwin-arm64.tar.gz | ba9c72d75ae09c0fac0c29ff9034e3a94882f3bbcb1de1f8bcf7c65453048a4588980694b4d33af4ccd0458dfb9549fd8fd07a594dcc995743a8d154066ec09e |
kubernetes-client-linux-386.tar.gz | 550a6348ee1d2ca9f2395855e740e4ef7efbba5b223088dae718fd6f9d5ae1cb6194a1e9cf123fee78414074eddda9ce534151a7e7ed4eaffa2d3f74830da623 |
kubernetes-client-linux-amd64.tar.gz | 9ace57236b3581ebbb517cc1d730ffa0120fc5049c430dbf5b566786414e3a846a0db7edc9c6b7956fcc39267c3ef0dae3868f13fefafe971cd8fd6a8af946fa |
kubernetes-client-linux-arm.tar.gz | 6473fed98b9e55b50b600ea522d0a8b701ae483c1ae237014ccf2afbd7a6d85c3b2271d541eb1a3e897264ad455eedb6794c7cf48c07e62fa1778609794c293f |
kubernetes-client-linux-arm64.tar.gz | 0ea3085811cd374473afb2cf7448ea018bbb3140c7f97e0d9b26f6fcf31c38734d0a08988b2d20427f476b69406f9835c0afa5196c95328941b56e51166405a9 |
kubernetes-client-linux-ppc64le.tar.gz | 6ca4a7bca557732e1f5b9cba044457e76c8d660b5ef6f29bb029f072edcd8f359600c4334ecbb2aa6a84c6c206188f51d1c3736a6ae36f1c860627ce0414bc5e |
kubernetes-client-linux-s390x.tar.gz | 39004468389c84931ca2a9c76e69949eb1d1f0a752293bb430568f5779852e1e889ecd920629b8358a651f787a770f6dff4839d4c4e02ae3b561e4ae8a68d7fa |
kubernetes-client-windows-386.tar.gz | ee407cd43b50ab75bf0b5fe2b270b357f5797a9e0af31b198262e72c0dd5ca978ccfe0848ea05841ef006334e645b32a52992d30219ccf8df4c8123083a10ddc |
kubernetes-client-windows-amd64.tar.gz | af44e5848f5290db7138cfeafdf42c72a34b9eca3bdbff7058c02f88fd0a242cd5ecf19c392b6ea4145bc2df8c194967d22164a739c8d17160b6d6d7a6a5f738 |
kubernetes-client-windows-arm64.tar.gz | 2a2b664e7f98f02a81f6845e05e2ed1159381f3fb68fffd8edcbd2c36e942962260da980887b44e1cf150b25abb5e69b9519be7c9cb9e5b3a5e7ef8af7523654 |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 7700f4f8c2bd7944698c455b4bb3e40d7e877d194fb20baea4956fb76a97b21dc10731c7280c4b5ec8824fde4dad19e6845f8abb1c5f651d736bdb045bac0a90 |
kubernetes-server-linux-arm.tar.gz | ae796dde4c3316a6b8c429107fd782a6a3c038d7d99770c8060f2aa350f44f9805d1d2e567885106840f8ac684258b3247271ca6e807cd72a65299b1c697677a |
kubernetes-server-linux-arm64.tar.gz | 5e32de6a1a768b8e9b56bdf6af8462bb0a70c5a8dd3c1dc4c1f8e19023b59dc33375b3166db66690468631202e781f2b9b995a76e98f6a14fb481e330c9fb5f2 |
kubernetes-server-linux-ppc64le.tar.gz | feb17b943812dc4f3aca7d7c0853d9e86509a5896952146abc210f07b832b8de0eaebb833e62f5ca9cc2673e77c28f76af7dd9d822b1504ec4753347aa912c91 |
kubernetes-server-linux-s390x.tar.gz | ce497964a7aad6b9bc0a95f1214c706e83c01c5d828818cef685c0df4eb3187018bcbb47b57a62cbc7da7c4d8c32f9c423eb7d07dd68e5f55afa09345ebaf9ce |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 545617a9b0c3e410a4c98547e1c9a208f41c0217b542fcc12103a0e077d56888d20e36d1b4a86ecd1bea8765b1f71ed08b1210e6fca688101b087a6bc42a8203 |
kubernetes-node-linux-arm.tar.gz | 13fc8a993cc6ad5c5d260f559dbe613b8aa853f216caf56357610b77500c8a4946586e0c283021dc46e3b7f1272779a913d9ef050a7c7f8273c04abcae009c5c |
kubernetes-node-linux-arm64.tar.gz | 66a7911433f57cdf1d28115f0067dad2ed7987d4ea611110b52d1af055df5f589542601481586de8c7f5f807e9ffe5326048cd9f21c131cea7a7960e34203d32 |
kubernetes-node-linux-ppc64le.tar.gz | 06967565fed29fcc299c88392666256edb6f4e5783bda8d7f798a501d53a56001bc3ec05d79b09d2e0dae2281374a853cf883bccbb37c34a7a48ec650c3626bb |
kubernetes-node-linux-s390x.tar.gz | cf69a140ac23ad5af38b49b3125edc2f8102420ac2183a8a4bd3be855cbafdae48e25c1103d24fe8e0d7e01eb9b6d98b47383440ec7f5dde7b9e38580c1af1df |
kubernetes-node-windows-amd64.tar.gz | 3454248b6393437372a44b2ce2dbe71eaae61d2b2ecec056bce49fec4670a9ce45255a4139afef32e73a84f7c9383e77b6d68883474bf169ed914d7282803547 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
- Kube-apiserver: the unused '--master-service-namespace' flag is deprecated and will be removed in v1.27. (#112797, @SataQiu) [SIG API Machinery]
- Add
kubernetes_feature_enabled
metric series to track whether each active feature gate is enabled. (#112690, @logicalhan) [SIG API Machinery, Architecture, Cluster Lifecycle, Instrumentation, Network, Node and Scheduling] - Introduce v1beta3 for Priority and Fairness with the following changes to the API spec:
- Legacy klog flags are no longer available. Only
-v
and-vmodule
are still supported. (#112120, @pohly) [SIG Architecture, CLI, Instrumentation, Node and Testing] - The feature gates ServiceLoadBalancerClass and ServiceLBNodePortControl have been removed. These feature gates were enabled (and locked) since v1.24. (#112577, @andrewsykim) [SIG Apps]
- A new --disable-compression flag has been added to kubectl (default = false). When true, it opts out of response compression for all requests to the apiserver. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112580, @shyamjvs) [SIG CLI and Testing]
- A new
pod_status_sync_duration_seconds
histogram is reported at alpha metrics stability that estimates how long the Kubelet takes to write a pod status change once it is detected. (#107896, @smarterclayton) [SIG Apps, Architecture, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] - Added a new feature gate
CELValidatingAdmission
to enable expression validation for Admission Control. (#112792, @cici37) [SIG API Machinery] - Added validation for the --container-runtime-endpoint flag of kubelet to be non-empty. (#112542, @astraw99) [SIG Node]
- Expose health check SLI metrics on "metrics/slis" for apiserver (#112741, @logicalhan) [SIG API Machinery, Architecture, Auth and Instrumentation]
- Kubeadm: sub-phases are now able to support the dry-run mode, e.g. kubeadm reset phase cleanup-node --dry-run (#112945, @chendave) [SIG Cluster Lifecycle]
- Kubeadm: support image repository format validation (#112732, @SataQiu) [SIG Cluster Lifecycle]
- Kubernetes is now built with Go 1.19.2 (#112900, @xmudrii) [SIG Release and Testing]
- Switch kubectl to use
github.com/russross/blackfriday/v2
(#112731, @pacoxu) [SIG CLI] registered_metric_total
now reports the number of metrics broken down by stability level and deprecated version (#112907, @logicalhan) [SIG Architecture and Instrumentation]
- Consider only plugin directory and not entire kubelet root when cleaning up mounts (#112607, @mattcary) [SIG Storage]
- Fix that pods running on nodes tainted with NoExecute continue to run when the PodDisruptionConditions feature gate is enabled (#112518, @mimowo) [SIG Apps and Auth]
- Fixes an issue in winkernel proxier that causes proxy rules to leak anytime service backends are modified. (#112837, @daschott) [SIG Network and Windows]
- Kube-apiserver: redirects from backend API servers are no longer followed when checking availability with requests to
/apis/$group/$version
(#112772, @liggitt) [SIG API Machinery and Testing] - Kubeadm: fix a bug when performing validation on ClusterConfiguration networking fields (#112751, @SataQiu) [SIG Cluster Lifecycle]
- Kubelet now cleans up the Node's cloud node IP annotation correctly if you
stop using
--node-ip
. (In particular, this fixes the problem where people who were unnecessarily using--node-ip
with an external cloud provider in 1.23, and then running into problems with 1.24, could not fix the problem by just removing the unnecessary--node-ip
from the kubelet arguments, because that wouldn't remove the annotation that caused the problems.) (#112184, @danwinship) [SIG Network and Node] - Kubelet: Fix log spam from kubelet_getters.go "Path does not exist" (#112650, @rphillips) [SIG Node]
- Kubelet: when there are multi option lines in /etc/resolv.conf, merge all options into one line in a pod with the
Default
DNS policy. (#112414, @pacoxu) [SIG Network and Node] - The pod admission error message was improved for usability. (#112644, @vitorfhc) [SIG Node]
- Adds a kubernetes_feature_enabled metric which will tell you if a feature is enabled. (#112652, @logicalhan) [SIG Architecture and Instrumentation]
- Introduce
ComponentSLIs
alpha feature-gate for component SLIs metrics endpoint. (#112884, @logicalhan) [SIG API Machinery] - Lock ServerSideApply feature gate to true with the feature already being GA. (#112748, @wojtek-t) [SIG API Machinery, Apps, Instrumentation and Testing]
- PodOverhead feature gate was removed as the feature is in GA since 1.24 (#112579, @SergeyKanzhelev) [SIG Node and Scheduling]
- Reworded log message upon image garbage collection failure to be more clear. (#112631, @tzneal) [SIG Node]
- The IndexedJob and SuspendJob feature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26 (#112589, @SataQiu) [SIG Apps]
- The test/e2e/framework was refactored so that the core framework is smaller. Optional functionality like resource monitoring, log size monitoring, metrics gathering and debug information dumping must be imported by specific e2e test suites. Init packages are provided which can be imported to re-enable the functionality that traditionally was in the core framework. If you have code that no longer compiles because of this PR, you can use the script from a commit message to update that code. (#112043, @pohly) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage, Testing and Windows]
- Updated cri-tools to [v1.25.0(https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.25.0) (#112058, @saschagrunert) [SIG Cloud Provider and Release]
Nothing has changed.
- github.com/fsnotify/fsnotify: v1.4.9 → v1.5.4
- github.com/go-openapi/jsonreference: v0.19.5 → v0.20.0
- github.com/matttproud/golang_protobuf_extensions: v1.0.1 → v1.0.2
- go.uber.org/goleak: v1.1.12 → v1.2.0
- k8s.io/utils: ee6ede2 → 665eaae
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.32 → v0.0.33
- sigs.k8s.io/yaml: v1.2.0 → v1.3.0
- dmitri.shuralyov.com/gpu/mtl: 28db891
- github.com/BurntSushi/xgb: 27f1227
- github.com/ajstarks/svgo: 644b8db
- github.com/fogleman/gg: 0403632
- github.com/go-gl/glfw/v3.3/glfw: 6f7a984
- github.com/golang/freetype: e2365df
- github.com/jung-kurt/gofpdf: 24315ac
- github.com/kr/fs: v0.1.0
- github.com/mvdan/xurls: v1.1.0
- github.com/pkg/sftp: v1.10.1
- github.com/remyoudompheng/bigfft: 52369c6
- github.com/russross/blackfriday: v1.5.2
- github.com/spf13/afero: v1.6.0
- golang.org/x/exp: 85be41e
- golang.org/x/image: cff245a
- golang.org/x/mobile: e6ae53a
- gonum.org/v1/gonum: v0.6.2
- gonum.org/v1/netlib: 7672324
- gonum.org/v1/plot: e2840ee
- modernc.org/cc: v1.0.0
- modernc.org/golex: v1.0.0
- modernc.org/mathutil: v1.0.0
- modernc.org/strutil: v1.0.0
- modernc.org/xc: v1.0.0
- rsc.io/pdf: v0.1.1
filename | sha512 hash |
---|---|
kubernetes.tar.gz | dfcda26750af76145c47aebe4d5e9f49569273da3545338814c99ce0657bea48e552c4ded5539ef484cd54f40800ef2c096c5bb556e4ae57f6027661a36c366b |
kubernetes-src.tar.gz | c87d326a23cb5bf1e276259d89d66eaadbc5402dfe74c47c83490ea987d3fa74dafa96ef7730bfe0300662587076a75af9eb308c18ee1ae860b786256bcfe546 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | 2573e0f0cb8dcb9332056353b077305d33ed172fbd2872ba7c086da7187f19c3192ab1ca11c08747e27598f325d4ec55447b4329f1b2bd1dafd968f803714e99 |
kubernetes-client-darwin-arm64.tar.gz | 1e47e1944ea5abc71f66588e87ea37a46026e8ba3f0ccf429c3db03e97524642dc32064854bffc46657e7144b4ed35ae83e59b35239c633851018b7613ec00a7 |
kubernetes-client-linux-386.tar.gz | 6006d4b9ac6044139b157ebe8d4744c88864630bf8970d0e4df452bc14d31ae4d27ab1048b044a1e90001efa8645e4a75f1c4870a2715a25395a27a5ab16e9e8 |
kubernetes-client-linux-amd64.tar.gz | bb756cc5dd5264d2fe4e58782ea8e6b37e14188dbdd18ca0bb359a4b484a194890dbd2450bff5e2f7605379b3f421c86d22d4d5920c2074e7353bbd4cb0e1221 |
kubernetes-client-linux-arm.tar.gz | 0d6c565474d0929a770d0ab08d85c89f80706f11325063d346fce4519bb9fbdf6fdda6a34691fc94a645e55833b50ef5f3f3f2d318abbcc3b12280d3e30386c8 |
kubernetes-client-linux-arm64.tar.gz | 0465e93a8d50370cae1840f2d098647e4d8648b0aa9e3a37ebd00749e86cf2d12e97600e4ba1f11f74f87f3dc088b929e7aca082ef27a181154e5e1aa204e4ec |
kubernetes-client-linux-ppc64le.tar.gz | f4885fedf19c43fcb609bf86c1c01a13843004fe87cb843b60623509c031ae44bffd1357c61b83609c3ecb6294a96047d8d9d2148a66626a1e3765d6a09a6400 |
kubernetes-client-linux-s390x.tar.gz | 3992a39912ec45ef06f287fab11101d5397933984ca80867f787704108865b6a312fc70e95721ddb352e87c47724fbfc8767e97985c74b65aa9e275cf26d23ec |
kubernetes-client-windows-386.tar.gz | 65fc586f14f0cc1765eae377f3a3eba4bfafcb574d5d255627aed65128a0b56d5ea5ec913d29e7431333ef51a7d917a9703ea0f974feb98e9f2543a3612440a8 |
kubernetes-client-windows-amd64.tar.gz | 239fc7c6a6ef6fe3c1b20cff5d9793d1ac21225a289320ec6615c1305336ef40676096d4a9ebe60947d8b162b4e9a9df44e12c52581003ee0a3a0733c98edac0 |
kubernetes-client-windows-arm64.tar.gz | c54b0a367e655842af4785a181dc366b3872fc8322495cfcb309518a854f87ed1064ed1c0a72fc663c31c8de7801fd041f0f05f7b788663c5e6941fc1313bcae |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 736b911f58e4cf532726acba525a884827a627a95ed35be3ea9b444521183af6c4fb183afb3f82ceb715f0407fafb2e928f0e22fbc45ab62829721dd9f7c0811 |
kubernetes-server-linux-arm.tar.gz | a78bbd06e8581e4132abf7ddbb62f0d95bff61bf9c706c651f8d4d085372c9c787919a4f7d75a49a256f8f58f78e396cf7effa64f84405be03feb63c1e2d1474 |
kubernetes-server-linux-arm64.tar.gz | 5994ab21f9c7b85566de977a0cf4067c020aeadb3007edad4072edd7692b0fb903a57de732e694d9f5777358c12ee650aca7b58985b11243e0d1b2c565b7d03d |
kubernetes-server-linux-ppc64le.tar.gz | bd605e9b0e511805c7dbff4dbac8b111bc738343eacaeba1b234b4518da0f7bf33e64f26c231cdfb89532e57211b7dec10eb4d86969997dfc6a6cdbce0a6ccc9 |
kubernetes-server-linux-s390x.tar.gz | 39a8008ff250656bb6eeb3645ad3260e560c1565ef71e93e2908a73c88462906f776ed55623f8595f9e2a6a452ed75babd872df9e6506a8ed93828dbe4a5dc57 |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 26965fb576f6adf0c894e30619b89c1d72048809e61cbfd45bf1da1a159f21d4920a894acdcf8c9cfc2d22e21a623f81c9a099150e9769419c3f91f1dd058de6 |
kubernetes-node-linux-arm.tar.gz | cfa1033c9caec034018503887e59013110725cde423b43a6f774900316888442d060cf9d9bb7d84286eea4f53b1bea409390540438bc363207dc962b083008b0 |
kubernetes-node-linux-arm64.tar.gz | ac4f903a2aba9f98ca7ca221456f6e846a6cc5b71a8b58fa5e948a7c39057a35d2bf26b0e901abb9ae66e0916bb5ae71f0cea99aae33f254a9584a907047b8b2 |
kubernetes-node-linux-ppc64le.tar.gz | 8bc8aa34cec00241a3dbda0721af30f77401bc999020104d291c20b484e7ec4735395fc4c7859b58745046783a75f07590ae2b61ecd6a0eec734f44d682f2cb2 |
kubernetes-node-linux-s390x.tar.gz | 91373c07bf2a1b381f4c410c38b3f70d6914bacbe38090799878a45c3caf7d6acf0777225562ffc059d09f9f8fbe8fff5c3598f9c9403b0102bbf68911d84eea |
kubernetes-node-windows-amd64.tar.gz | 91ca1e2cfe2d3e998af00bc443c12eaaf9a4061579c271de8dc409f1a61a746bb894743406ecb8c549900893ec30409eac0fd181eaa9bc2f283d00d108c7d606 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
- Deprecated beta APIs scheduled for removal in 1.26 are no longer served. See https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-26 for more information. (#111973, @liggitt) [SIG API Machinery]
- The in-tree cloud provider for OpenStack (and the cinder volume provider) has now been removed. Please use the external cloud provider and csi driver from https://github.com/kubernetes/cloud-provider-openstack instead. (#67782, @dims) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release, Scheduling, Storage and Testing]
- The
gcp
andazure
auth plugins have been removed from client-go and kubectl. See https://github.com/Azure/kubelogin and https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke for details about the cloud-specific replacements. (#112341, @enj) [SIG API Machinery and Auth]
- Add auth API to get self subject attributes (new selfsubjectreviews API is added).
The corresponding command for kubctl is provided -
kubectl auth whoami
. (#111333, @nabokihms) [SIG API Machinery, Auth, CLI and Testing] - Clarified the CFS quota as 100ms in the code comments and set the minimum cpuCFSQuotaPeriod to 1ms to match Linux kernel expectations. (#112123, @paskal) [SIG API Machinery and Node]
- Component-base: make the validation logic about LeaderElectionConfiguration consistent between component-base and client-go (#111758, @SataQiu) [SIG API Machinery and Scheduling]
- Fixes spurious
field is immutable
errors validating updates to Event API objects via theevents.k8s.io/v1
API (#112183, @liggitt) [SIG Apps] - Protobuf serialization of metav1.MicroTime timestamps (used in
Lease
andEvent
API objects) has been corrected to truncate to microsecond precision, to match the documented behavior and JSON/YAML serialization. Any existing persisted data is truncated to microsecond when read from etcd. (#111936, @haoruan) [SIG API Machinery] - Revert regression that prevented client-go latency metrics to be reported with a template URL to avoid label cardinality. (#111752, @aanm) [SIG API Machinery]
- [kubelet] Change default
cpuCFSQuotaPeriod
value with enabledcpuCFSQuotaPeriod
flag from 100ms to 100µs to match the Linux CFS and k8s defaults.cpuCFSQuotaPeriod
of 100ms now requirescustomCPUCFSQuotaPeriod
flag to be set to work. (#111520, @paskal) [SIG API Machinery and Node]
- A new "DisableCompression" field (default = false) has been added to kubeconfig under cluster info. When set to true, clients using the kubeconfig opt out of response compression for all requests to the apiserver. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112309, @shyamjvs) [SIG API Machinery and Auth]
- API Server tracing root span name for opentelemetry is changed from "KubernetesAPI" to "HTTP GET" (#112545, @dims) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Storage and Testing]
- Add new Golang runtime-related metrics to Kubernetes components:
- go_gc_cycles_automatic_gc_cycles_total
- go_gc_cycles_forced_gc_cycles_total
- go_gc_cycles_total_gc_cycles_total
- go_gc_heap_allocs_by_size_bytes
- go_gc_heap_allocs_bytes_total
- go_gc_heap_allocs_objects_total
- go_gc_heap_frees_by_size_bytes
- go_gc_heap_frees_bytes_total
- go_gc_heap_frees_objects_total
- go_gc_heap_goal_bytes
- go_gc_heap_objects_objects
- go_gc_heap_tiny_allocs_objects_total
- go_gc_pauses_seconds
- go_memory_classes_heap_free_bytes
- go_memory_classes_heap_objects_bytes
- go_memory_classes_heap_released_bytes
- go_memory_classes_heap_stacks_bytes
- go_memory_classes_heap_unused_bytes
- go_memory_classes_metadata_mcache_free_bytes
- go_memory_classes_metadata_mcache_inuse_bytes
- go_memory_classes_metadata_mspan_free_bytes
- go_memory_classes_metadata_mspan_inuse_bytes
- go_memory_classes_metadata_other_bytes
- go_memory_classes_os_stacks_bytes
- go_memory_classes_other_bytes
- go_memory_classes_profiling_buckets_bytes
- go_memory_classes_total_bytes
- go_sched_goroutines_goroutines
- go_sched_latencies_seconds (#111910, @tosi3k) [SIG API Machinery, Architecture, Auth, Cloud Provider and Instrumentation]
- CSRDuration feature gate that graduated to GA in 1.24 and was unconditionally enabled has been removed in v1.26 (#112386, @Shubham82) [SIG Auth]
- Client-go: SharedInformerFactory supports waiting for goroutines during shutdown (#112200, @pohly) [SIG API Machinery]
- Kube-apiserver: gzip compression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. (#112299, @shyamjvs) [SIG API Machinery]
- Kubeadm: "show-join-command" has been added as a new separate phase at the end of "kubeadm init". You can skip printing the join information by using "kubeadm init --skip-phases=show-join-command". Executing only this phase on demand will throw an error because the phase needs dependencies such as bootstrap tokens to be pre-populated. (#111512, @SataQiu) [SIG Cluster Lifecycle]
- Kubeadm: add the flag "--cleanup-tmp-dir" for "kubeadm reset". It will cleanup the contents of "/etc/kubernetes/tmp". The flag is off by default. (#112172, @chendave) [SIG Cluster Lifecycle]
- Kubeadm: try to load CA cert from external CertificateAuthority file when CertificateAuthorityData is empty for existing kubeconfig (#111783, @SataQiu) [SIG Cluster Lifecycle]
- Kubernetes is now built with Go 1.19.1 (#112287, @palnabarun) [SIG Release and Testing]
- Scheduler now retries updating a pod's status on ServiceUnavailable and InternalError errors, in addition to net ConnectionRefused error. (#111809, @Huang-Wei) [SIG Scheduling]
- The
goroutines
metric is newly added in the scheduler. It replacesscheduler_goroutines
metric and it counts the number of goroutine in more places thanscheduler_goroutine
does. (#112003, @sanposhiho) [SIG Instrumentation and Scheduling]
- Adds back in unused flags on kubectl run command, which did not go through the required deprecation period before being removed. (#112243, @brianpursley) [SIG CLI]
- Allow Label section in vsphere e2e cloudprovider configuration (#112427, @gnufied) [SIG Storage and Testing]
- Apiserver /healthz/etcd endpoint rate limits the number of forwarded health check requests to the etcd backends, answering with the last known state if the rate limit is exceeded. The rate limit is based on 1/2 of the timeout configured, with no burst allowed. (#112046, @aojea) [SIG API Machinery]
- Avoid propagating hosts'
search .
into containers'/etc/resolv.conf
(#112157, @dghubble) [SIG Network and Node] - Callers using DelegatingAuthenticationOptions can use DisableAnonymous to disable Anonymous authentication. (#112181, @xueqzhan) [SIG API Machinery and Auth]
- Change error message when resource is not supported by given patch type in kubectl patch (#112556, @ardaguclu) [SIG CLI]
- Correct the calculating error in podTopologySpread plugin to avoid unexpected scheduling results. (#112507, @kerthcet) [SIG Scheduling]
- Etcd: Update to v3.5.5 (#112489, @dims) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing]
- Fix an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectl while exec auth was in use. (#112017, @enj) [SIG API Machinery and Auth]
- Fix list cost estimation in Priority and Fairness for list requests with metadata.name specified. (#112557, @marseel) [SIG API Machinery]
- Fix race condition in GCE between containerized mounter setup in the kubelet and node startup. (#112195, @mattcary) [SIG Cloud Provider and Storage]
- Fix relative cpu priority for pods where containers explicitly request zero cpu by giving the lowest priority instead of falling back to the cpu limit to avoid possible cpu starvation of other pods (#108832, @waynepeking348) [SIG Node]
- Fixed bug in kubectl rollout history where only the latest revision was displayed when a specific revision was requested and an output format was specified (#111093, @brianpursley) [SIG CLI and Testing]
- Fixed bug where dry run message was not printed when running kubectl label with --dry-run flag. (#111571, @brianpursley) [SIG CLI]
- For raw block CSI volumes on Kubernetes, kubelet was incorrectly calling CSI NodeStageVolume for every single "map" (i.e. raw block "mount") operation for a volume already attached to the node. This PR ensures it is only called once per volume per node. (#112403, @akankshakumari393) [SIG Storage]
- Improves kubectl display of invalid request errors returned by the API server (#112150, @liggitt) [SIG CLI]
- Increase the maximum backoff delay of the endpointslice controller to match the expected sequence of delays when syncing Services. (#112353, @dgrisonnet) [SIG Apps and Network]
- Kube-apiserver: redirect responses are no longer returned from backends by default. Set
--aggregator-reject-forwarding-redirect=false
to continue forwarding redirect responses. (#112193, @jindijamie) [SIG API Machinery and Testing] - Kube-apiserver: resolved a regression that treated
304 Not Modified
responses from aggregated API servers as internal errors (#112526, @liggitt) [SIG API Machinery] - Kube-apiserver: x-kubernetes-list-type validation is now enforced when updating status of custom resources (#111866, @pacoxu) [SIG API Machinery]
- Kube-proxy no longer falls back from ipvs mode to iptables mode if you ask it to do ipvs but the system is not correctly configured. Instead, it will just exit with an error. (#111806, @danwinship) [SIG Network]
- Kube-scheduler: add taints filtering logic consistent with TaintToleration plugin for PodTopologySpread plugin (#112357, @SataQiu) [SIG Scheduling and Testing]
- Kubeadm will cleanup the stale data on best effort basis. Stale data will be removed when each reset phase are executed, default etcd data directory will be cleanup when the
remove-etcd-member
phase are executed. (#110972, @chendave) [SIG Cluster Lifecycle] - Kubeadm: allow RSA and ECDSA format keys in preflight check (#112508, @SataQiu) [SIG Cluster Lifecycle]
- Kubeadm: when a subcommand is needed but not provided for a kubeadm command, print a help screen instead of showing a short message. (#111277, @chymy) [SIG Cluster Lifecycle]
- Log messages and metrics for the watch cache are now keyed by
<resource>.<group>
instead ofgo
struct type. This means e.g. that*v1.Pod
becomespods
. Additionally, resources that come from CustomResourceDefinitions are now displayed as the correct resource and group, instead of*unstructured.Unstructured
. (#111807, @ncdc) [SIG API Machinery and Instrumentation] - Move LocalStorageCapacityIsolationFSQuotaMonitoring back to Alpha. (#112076, @rphillips) [SIG Node and Testing]
- Pod failed in scheduling due to expected error will be updated with the reason of "SchedulerError" rather than "Unschedulable" (#111999, @kerthcet) [SIG Scheduling and Testing]
- Services of type LoadBalancer create fewer AWS security group rules in most cases (#112267, @sjenning) [SIG Cloud Provider]
- The errors in k8s.io/apimachinery/pkg/api/meta gained support for the stdlibs errors.Is matching, including when wrapped (#111808, @alvaroaleman) [SIG API Machinery]
- The metrics etcd_request_duration_seconds and etcd_bookmark_counts now differentiate by group resource instead of object type, allowing unique entries per CustomResourceDefinition, instead of grouping them all under
*unstructured.Unstructured
. (#112042, @ncdc) [SIG API Machinery] - Update the system-validators library to v1.8.0 (#112026, @pacoxu) [SIG Cluster Lifecycle]
- E2e: tests can now register callbacks with ginkgo.BeforeEach/AfterEach/DeferCleanup directly after creating a framework instance and are guaranteed that their code is called after the framework is initialized and before it gets cleaned up. ginkgo.DeferCleanup replaces f.AddAfterEach and AddCleanupAction which got removed to simplify the framework. (#111998, @pohly) [SIG Storage and Testing]
- GlusterFS in-tree storage driver which was deprecated at kubernetes 1.25 release has been removed entirely in 1.26. (#112015, @humblec) [SIG API Machinery, Cloud Provider, Instrumentation, Node, Scalability, Storage and Testing]
- Kube scheduler Component Config release version v1beta3 is deprecated in v1.26 and will be removed in v1.29, also v1beta2 will be removed in v1.28. (#112257, @kerthcet) [SIG Scheduling]
- Kube-scheduler: the DefaultPodTopologySpread, NonPreemptingPriority, PodAffinityNamespaceSelector, PreferNominatedNode feature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26 (#112567, @SataQiu) [SIG Scheduling]
- Kubeadm: remove the toleration for the "node-role.kubernetes.io/master" taint from the CoreDNS deployment of kubeadm. With the 1.25 release of kubeadm the taint "node-role.kubernetes.io/master" is no longer applied to control plane nodes and the toleration for it can be removed with the release of 1.26. You can also perform the same toleration removal from your own addon manifests. (#112008, @pacoxu) [SIG Cluster Lifecycle]
- Kubeadm: remove the usage of the --container-runtime=remote flag for the kubelet during kubeadm init/join/upgrade. The flag value "remote" has been the only possible value since dockershim was removed from the kubelet. (#112000, @pacoxu) [SIG Cluster Lifecycle]
- NoneNone (#111533, @zhoumingcheng) [SIG CLI]
- Release-note (#111708, @yangjunmyfm192085) [SIG Apps, Instrumentation and Network]
- Scheduler dumper now exposes a summary to indicate the number of pending pods in each internal queue. (#111726, @Huang-Wei) [SIG Scheduling and Testing]
- The IndexedJob and SuspendJob feature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26 (#112589, @SataQiu) [SIG Apps]
- github.com/cenkalti/backoff/v4: v4.1.3
- github.com/go-logr/stdr: v1.2.2
- github.com/grpc-ecosystem/grpc-gateway/v2: v2.7.0
- github.com/jpillora/backoff: v1.0.0
- go.opentelemetry.io/contrib/propagators/b3: v1.10.0
- go.opentelemetry.io/otel/exporters/otlp/internal/retry: v1.10.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.10.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.10.0
- github.com/antlr/antlr4/runtime/Go/antlr: f25a4f6 → v1.4.10
- github.com/cpuguy83/go-md2man/v2: v2.0.1 → v2.0.2
- github.com/emicklei/go-restful/v3: v3.8.0 → v3.9.0
- github.com/felixge/httpsnoop: v1.0.1 → v1.0.3
- github.com/go-kit/log: v0.1.0 → v0.2.0
- github.com/go-logfmt/logfmt: v0.5.0 → v0.5.1
- github.com/google/cel-go: v0.12.4 → v0.12.5
- github.com/google/go-cmp: v0.5.6 → v0.5.9
- github.com/onsi/ginkgo/v2: v2.1.4 → v2.2.0
- github.com/onsi/gomega: v1.19.0 → v1.20.1
- github.com/prometheus/client_golang: v1.12.1 → v1.13.0
- github.com/prometheus/common: v0.32.1 → v0.37.0
- github.com/prometheus/procfs: v0.7.3 → v0.8.0
- github.com/spf13/cobra: v1.4.0 → v1.5.0
- github.com/stretchr/objx: v0.2.0 → v0.4.0
- github.com/stretchr/testify: v1.7.0 → v1.8.0
- go.etcd.io/etcd/api/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/client/pkg/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/client/v2: v2.305.4 → v2.305.5
- go.etcd.io/etcd/client/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/pkg/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/raft/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/server/v3: v3.5.4 → v3.5.5
- go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful: v0.20.0 → v0.35.0
- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.20.0 → v0.35.0
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.20.0 → v0.35.0
- go.opentelemetry.io/otel/metric: v0.20.0 → v0.31.0
- go.opentelemetry.io/otel/sdk: v0.20.0 → v1.10.0
- go.opentelemetry.io/otel/trace: v0.20.0 → v1.10.0
- go.opentelemetry.io/otel: v0.20.0 → v1.10.0
- go.opentelemetry.io/proto/otlp: v0.7.0 → v0.19.0
- go.uber.org/goleak: v1.1.10 → v1.1.12
- golang.org/x/crypto: 3147a52 → 7b82a4e
- golang.org/x/lint: 6edffad → 1621716
- golang.org/x/oauth2: d3ed0bb → ee48083
- google.golang.org/grpc: v1.47.0 → v1.49.0
- google.golang.org/protobuf: v1.28.0 → v1.28.1
- k8s.io/gengo: c02415c → c0856e2
- k8s.io/klog/v2: v2.70.1 → v2.80.1
- k8s.io/system-validators: v1.7.0 → v1.8.0
- github.com/auth0/go-jwt-middleware: v1.0.1
- github.com/boltdb/bolt: v1.3.1
- github.com/go-ozzo/ozzo-validation: v3.5.0+incompatible
- github.com/gophercloud/gophercloud: v0.1.0
- github.com/gopherjs/gopherjs: fce0ec3
- github.com/gorilla/mux: v1.8.0
- github.com/heketi/heketi: v10.3.0+incompatible
- github.com/heketi/tests: f3775cb
- github.com/jtolds/gls: v4.20.0+incompatible
- github.com/lpabon/godbc: v0.1.1
- github.com/smartystreets/assertions: v1.1.0
- github.com/smartystreets/goconvey: v1.6.4
- github.com/urfave/negroni: v1.0.0
- go.opentelemetry.io/contrib/propagators: v0.20.0
- go.opentelemetry.io/contrib: v0.20.0
- go.opentelemetry.io/otel/exporters/otlp: v0.20.0
- go.opentelemetry.io/otel/oteltest: v0.20.0
- go.opentelemetry.io/otel/sdk/export/metric: v0.20.0
- go.opentelemetry.io/otel/sdk/metric: v0.20.0