Skip to content

Latest commit

 

History

History
693 lines (635 loc) · 106 KB

CHANGELOG-1.9.md

File metadata and controls

693 lines (635 loc) · 106 KB

v1.9.0-alpha.3

Documentation & Examples

Downloads for v1.9.0-alpha.3

filename sha256 hash
kubernetes.tar.gz dce2a70ca51fb4f8979645330f36c346b9c02be0501708380ae50956485a53a4
kubernetes-src.tar.gz 4a8c8eaf32c83968e18f75888ae0d432210262090893cad0a105eebab82b0302

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 354d6c8d65e4248c3393a3789e9394b8c31c63da4c42f3da60c7b8bc4713ad51
kubernetes-client-darwin-amd64.tar.gz 98c53e4108276535218f4c89c58974121cc28308cecf5bca676f68fa083a62c5
kubernetes-client-linux-386.tar.gz c0dc219073dcae6fb654f33ca6d83faf5f37a2dcba3cc86b32ea5f9e18054faa
kubernetes-client-linux-amd64.tar.gz df68fc512d173d1914f7863303cc0a4335439eb76000fa5a6134d5c454f4ef31
kubernetes-client-linux-arm64.tar.gz edbf086c5446a7b48bbf5ac0e65dacf472e7e2eb7ac434ffb4835b0c643363a4
kubernetes-client-linux-arm.tar.gz 138b02e0e96e9e30772e814d2650b40594e9f190442c9b31af5dcf4bd3c29fb2
kubernetes-client-linux-ppc64le.tar.gz 8edb568048f64052e9ab3e2f0d9d9fee3a5c90667d00669d815c07cc1986eb03
kubernetes-client-linux-s390x.tar.gz 9f0f0464041e85221cb65ab5908f7295d7237acdb6a39abff062e40be0a53b4c
kubernetes-client-windows-386.tar.gz a9d4b6014c2856b0602b7124dad41f2f932cccea7f48ba57583352f0fbf2710f
kubernetes-client-windows-amd64.tar.gz 16827a05b0538ab8ef6e47b173dc5ad1c4398070324b0d2fc0510ad1efe66567

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz e2aad29fff3cc3a98c642d8bc021a6caa42b4143696ca9d42a1ae3f7e803e777
kubernetes-server-linux-arm64.tar.gz a7e2370d29086dadcb59fc4c3f6e88610ef72ff168577cc1854b4e9c221cad8a
kubernetes-server-linux-arm.tar.gz b8da04e06946b221b2ac4f6ebc8e0900cf8e750f0ca5d2e213984644048d1903
kubernetes-server-linux-ppc64le.tar.gz 539db8044dcacc154fff92029d7c18ac9a68de426477cabcd52e01053e8de6e6
kubernetes-server-linux-s390x.tar.gz d793be99d39f1f7b55d381f656b059e4cd78418a6c6bcc77c2c026db82e98769

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 22dae55dd97026eae31562fde6d8459f1594b050313ef294e009144aa8c27a8e
kubernetes-node-linux-arm64.tar.gz 8d9bd9307cd5463b2e13717c862e171e20a1ba29a91d86fa3918a460006c823b
kubernetes-node-linux-arm.tar.gz c696f882b4a95b13c8cf3c2e05695decb81407359911fba169a308165b06be55
kubernetes-node-linux-ppc64le.tar.gz 611a0e04b1014263e66be91ef108a4a56291cae1438da562b157d04dfe84fd1a
kubernetes-node-linux-s390x.tar.gz 61b619e3af7fcb836072c4b855978d7d76d6256aa99b9378488f063494518a0e
kubernetes-node-windows-amd64.tar.gz c274258e4379f0b50b2023f659bc982a82783c3de3ae07ef2759159300175a8a

Changelog since v1.9.0-alpha.2

Action Required

  • action required: The storage.k8s.io/v1beta1 API and volume.beta.kubernetes.io/storage-class annotation are deprecated. They will be removed in a future release. Please use v1 API and field v1.PersistentVolumeClaim.Spec.StorageClassName/v1.PersistentVolume.Spec.StorageClassName instead. (#53580, @xiangpengzhao)
  • action required: Deprecated flags --portal-net and service-node-ports of kube-apiserver are removed. (#52547, @xiangpengzhao)
  • The node.kubernetes.io/memory-pressure taint now respects the configured whitelist. If you need to use it, you'll have to add it to the whitelist. (#55251, @deads2k)

Other notable changes

  • hyperkube: add cloud-controller-manager (#54197, @colemickens)
  • Metrics have been added for monitoring admission plugins, including the new dynamic (webhook-based) ones. (#55183, @jpbetz)
  • Addon manager supports HA masters. (#55466, @x13n)
    • Add PodSecurityPolicies for cluster addons (#55509, @tallclair)
        • Remove SSL cert HostPath volumes from heapster addons
  • Add iptables rules to allow Pod traffic even when default iptables policy is to reject. (#52569, @tmjd)
  • Validate positive capacity for PVs and PVCs. (#55532, @ianchakeres)
  • Kubelet supports running mount utilities and final mount in a container instead running them on the host. (#53440, @jsafrane)
  • The PodSecurityPolicy annotation kubernetes.io/psp on pods is only set once on create. (#55486, @sttts)
  • The apiserver sends external versioned object to the admission webhooks now. Please update the webhooks to expect admissionReview.spec.object.raw to be serialized external versions of objects. (#55127, @caesarxuchao)
  • RBAC ClusterRoles can now select other roles to aggregate (#54005, @deads2k)
  • GCE nodes with NVIDIA GPUs attached now expose nvidia.com/gpu as a resource instead of alpha.kubernetes.io/nvidia-gpu. (#54826, @mindprince)
  • Remove docker dependency during kubelet start up (#54405, @resouer)
  • Fix session affinity issue with external load balancer traffic when ExternalTrafficPolicy=Local. (#55519, @MrHohn)
  • Add the concurrent service sync flag to the Cloud Controller Manager to allow changing the number of workers. (--concurrent-service-syncs) (#55561, @jhorwit2)
  • move IsMissingVersion comments (#55523, @chenpengdev)
  • The dynamic admission webhook now supports a URL in addition to a service reference, to accommodate out-of-cluster webhooks. (#54889, @lavalamp)
  • Correct wording of kubeadm upgrade response for missing ConfigMap. (#53337, @jmhardison)
  • add create priorityclass sub command (#54858, @wackxu)
  • Added namespaceSelector to externalAdmissionWebhook configuration to allow applying webhooks only to objects in the namespaces that have matching labels. (#54727, @caesarxuchao)
  • Base images bumped to Debian Stretch (9) (#52744, @rphillips)
  • [fluentd-elasticsearch addon] Elasticsearch service name can be overridden via env variable ELASTICSEARCH_SERVICE_NAME (#54215, @mrahbar)
  • Increase waiting time (120s) for docker startup in health-monitor.sh (#54099, @dchen1107)
  • not calculate new priority when user update other spec of a pod (#55221, @CaoShuFeng)
  • kubectl create pdb will no longer set the min-available field by default. (#53047, @yuexiao-wang)
  • StatefulSet status now has support for conditions, making it consistent with other core controllers in v1 (#55268, @foxish)
  • kubeadm: use the CRI for preflights checks (#55055, @runcom)
  • kubeadm now produces error during preflight checks if swap is enabled. Users, who can setup kubelet to run in unsupported environment with enabled swap, will be able to skip that preflight check. (#55399, @kad)
    • kubeadm will produce error if kubelet too new for control plane (#54868, @kad)
  • validate if default and defaultRequest match when creating LimitRange for GPU and hugepages. (#54919, @tianshapjq)
  • Add extra-args configs to kubernetes-worker charm (#55334, @Cynerva)
  • Restored kube-proxy's support for 0 values for conntrack min, max, max per core, tcp close wait timeout, and tcp established timeout. (#55261, @ncdc)
  • Audit policy files without apiVersion and kind are treated as invalid. (#54267, @ericchiang)
  • ReplicationController now shares its underlying controller implementation with ReplicaSet to reduce the maintenance burden going forward. However, they are still separate resources and there should be no externally visible effects from this change. (#49429, @enisoc)
  • Add limitrange/resourcequota/downward_api e2e tests for local ephemeral storage (#52523, @NickrenREN)
  • Support copying "options" in resolv.conf into pod sandbox when dnsPolicy is Default (#54773, @phsiao)
  • Fix support for configmap resource lock type in CCM (#55125, @jhorwit2)
  • The minimum supported go version bumps to 1.9.1. (#55301, @xiangpengzhao)
  • GCE: provide an option to disable docker's live-restore on COS/ubuntu (#55260, @yujuhong)
  • Azure NSG rules for services exposed via external load balancer (#54177, @itowlson)
    • now limit the destination IP address to the relevant front end load
    • balancer IP.
  • DaemonSet status now has a new field named "conditions", making it consistent with other workloads controllers. (#55272, @janetkuo)
  • kubeadm: Add an experimental mode to deploy CoreDNS instead of KubeDNS (#52501, @rajansandeep)
  • Allow HPA to read custom metrics. (#54854, @kawych)
  • Fixed 'Schedulercache is corrupted' error in kube-scheduler (#55262, @liggitt)
  • API discovery failures no longer crash the kube controller manager via the garbage collector. (#55259, @ironcladlou)
  • The kube-scheduler command now supports a --config flag which is the location of a file containing a serialized scheduler configuration. Most other kube-scheduler flags are now deprecated. (#52562, @ironcladlou)
  • add field selector for kubectl get (#50140, @dixudx)
  • Removes Priority Admission Controller from kubeadm since it's alpha. (#55237, @andrewsykim)
  • Add support for the webhook authorizer to make a Deny decision that short-circuits the union authorizer and immediately returns Deny. (#53273, @mikedanese)
  • kubeadm init: fix a bug that prevented the --token-ttl flag and tokenTTL configuration value from working as expected for infinite (0) values. (#54640, @mattmoyer)
  • Add CRI log parsing library at pkg/kubelet/apis/cri/logs (#55140, @feiskyer)
  • Add extra-args configs for scheduler and controller-manager to kubernetes-master charm (#55185, @Cynerva)
  • Add masquerading rules by default to GCE/GKE (#55178, @dnardo)
  • Upgraded Azure SDK to v11.1.1. (#54971, @itowlson)
  • Disable the termination grace period for the calico/node add-on DaemonSet to reduce downtime during a rolling upgrade or deletion. (#55015, @fasaxc)
  • Google KMS integration was removed from in-tree in favor of a out-of-process extension point that will be used for all KMS providers. (#54759, @sakshamsharma)
  • kubeadm: reset: use crictl to reset containers (#54721, @runcom)
  • Check for available volume before attach/delete operation in EBS (#55008, @gnufied)
  • DaemonSet, Deployment, ReplicaSet, and StatefulSet have been promoted to GA and are available in the apps/v1 group version. (#53679, @kow3ns)
  • In conversion-gen removed Kubernetes core API from default extra-peer-dirs. (#54394, @sttts)
  • Fix IPVS availability check (#51874, @vfreex)
  • ScaleIO driver completely removes dependency on drv_cfg binary so a Kubernetes cluster can easily run a containerized kubelet. (#54956, @vladimirvivien)
  • Avoid unnecessary spam in kube-controller-manager log if --cluster-cidr is not specified and --allocate-node-cidrs is false. (#54934, @akosiaris)
  • It is now possible to set multiple manifest url headers via the Kubelet's --manifest-url-header flag. Multiple headers for the same key will be added in the order provided. The ManifestURLHeader field in KubeletConfiguration object (kubeletconfig/v1alpha1) is now a map[string][]string, which facilitates writing JSON and YAML files. (#54643, @mtaufen)
  • Add support for PodSecurityPolicy on GCE: ENABLE_POD_SECURITY_POLICY=true enables the admission controller, and installs policies for default addons. (#52367, @tallclair)
  • In PodTolerationRestriction admisson plugin, if namespace level tolerations are empty, now they override cluster level tolerations. (#54812, @aveshagarwal)
    • Fix handling of IPv6 URLs in NO_PROXY. (#53898, @kad)
  • Added extra_sans config option to kubeapi-load-balancer charm. This allows the user to specify extra SAN entries on the certificate generated for the load balancer. (#54947, @hyperbolic2346)
  • set leveled logging (v=4) for 'updating container' message (#54865, @phsiao)
  • Fix a bug where pod address is not removed from endpoints object while pod is in graceful termination. (#54828, @freehan)
  • kubeadm: Add support for adding a Windows node (#53553, @bsteciuk)

v1.9.0-alpha.2

Documentation & Examples

Downloads for v1.9.0-alpha.2

filename sha256 hash
kubernetes.tar.gz 9d548271e8475171114b3b68323ab3c0e024cf54e25debe4702ffafe3f1d0952
kubernetes-src.tar.gz 99901fa7f996ddf75ecab7fcd1d33a3faca38e9d1398daa2ae30c9b3ac6a71ce

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 5a5e1ce20db98d7f7f0c88957440ab6c7d4b4a4dfefcb31dcd1d6546e9db01d6
kubernetes-client-darwin-amd64.tar.gz 094481f8f650321f39ba79cd6348de5052db2bb3820f55a74cf5ce33d5c98701
kubernetes-client-linux-386.tar.gz 9a7d8e682a35772ba24bd3fa7a06fb153067b9387daa4db285e15dda75de757d
kubernetes-client-linux-amd64.tar.gz 3bb742ffed1a6a51cac01c16614873fea2864c2a4432057a15db90a9d7e40aed
kubernetes-client-linux-arm64.tar.gz 928936f06161e8a6f40196381d3e0dc215ca7e7dbc5f7fe6ebccd8d8268b8177
kubernetes-client-linux-arm.tar.gz 0a0fa24107f490db0ad57f33638b1aa9ba2baccb5f250caa75405d6612a3e10a
kubernetes-client-linux-ppc64le.tar.gz a92f790d1a480318ea206d84d24d2c1d7e43c3683e60f22e7735b63ee73ccbb4
kubernetes-client-linux-s390x.tar.gz 1bfb7f056ad91fcbc50657fb9760310a0920c15a5770eaa74cf1a17b1725a232
kubernetes-client-windows-386.tar.gz d1b0abbc9cd0376fa0d56096e42094db8a40485082b301723d05c8e78d8f4717
kubernetes-client-windows-amd64.tar.gz 69799ea8741caadac8949a120a455e08aba4d2babba6b63fba2ee9aaeb10c84b

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz f3d9f67e94176aa65cffcc6557a7a251ec2384a3f89a81d3daedd8f8dd4c51a7
kubernetes-server-linux-arm64.tar.gz 3747b7e26d8bfba59c53b3f20d547e7e90cbb9356e513183ac27f901d7317630
kubernetes-server-linux-arm.tar.gz 397b7a49adf90735ceea54720dbf012c8566b34dadde911599bceefb507bc29a
kubernetes-server-linux-ppc64le.tar.gz 56f76ebb0788c4e23fc3ede36b52eb34b50b456bb5ff0cf7d78c383c04837565
kubernetes-server-linux-s390x.tar.gz 83d961657a50513db82bf421854c567206ccd34240eb8a017167cb98bdb6d38f

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 1bb0f5ac920e27b4e51260a80fbfaa013ed7d446d58cd1f9d5f73af4d9517edf
kubernetes-node-linux-arm64.tar.gz 47635b9097fc6e3d9b1f1f2c3bd1558d144b1a26d1bf03cfc2e97a3c6db4c439
kubernetes-node-linux-arm.tar.gz 212117f1d027c79d50e7c7388951da40b440943748691ba82a3f9f6af75b3ed0
kubernetes-node-linux-ppc64le.tar.gz f2b1d086d07bf2f807dbf02e1f0cd7f6528e57c55be9dadfcecde73e73980068
kubernetes-node-linux-s390x.tar.gz ba6803a5c065b06cf43d1db674319008f15d4bc45900299d0b90105002af245e
kubernetes-node-windows-amd64.tar.gz 6d928e3bdba87db3b9198e02f84696f7345b4b78d07ff4ea048d47691c67b212

Changelog since v1.8.0

Action Required

  • PodSecurityPolicy: Fixes a compatibility issue that caused policies that previously allowed privileged pods to start forbidding them, due to an incorrect default value for allowPrivilegeEscalation. PodSecurityPolicy objects defined using a 1.8.0 client or server that intended to set allowPrivilegeEscalation to false must be reapplied after upgrading to 1.8.1. (#53443, @liggitt)
  • RBAC objects are now stored in etcd in v1 format. After completing an upgrade to 1.9, RBAC objects (Roles, RoleBindings, ClusterRoles, ClusterRoleBindings) should be migrated to ensure all persisted objects are written in v1 format, prior to v1alpha1 support being removed in a future release. (#52950, @liggitt)

Other notable changes

  • Log error of failed healthz check (#53048, @mrIncompetent)
  • fix azure file mount limit issue on windows due to using drive letter (#53629, @andyzhangx)
  • Update AWS SDK to 1.12.7 (#53561, @justinsb)
  • The kubernetes.io/created-by annotation is no longer added to controller-created objects. Use the metadata.ownerReferences item that has controller set to true to determine which controller, if any, owns an object. (#54445, @crimsonfaith91)
  • Fix overlay2 container disk metrics for Docker and CRI-O (#54827, @dashpole)
  • Fix iptables FORWARD policy for Docker 1.13 in kubernetes-worker charm (#54796, @Cynerva)
  • Fix kubeadm upgrade plan for offline operation: ignore errors when trying to fetch latest versions from dl.k8s.io (#54016, @praseodym)
  • fluentd now supports CRI log format. (#54777, @Random-Liu)
  • Validate that PersistentVolumeSource is not changed during PV Update (#54761, @ianchakeres)
  • If you are using the cloud provider API to determine the external host address of the apiserver, set --external-hostname explicitly instead. The cloud provider detection has been deprecated and will be removed in the future (#54516, @dims)
  • Fixes discovery information for scale subresources in the apps API group (#54683, @liggitt)
  • Optimize Repeated registration of AlgorithmProvider when ApplyFeatureGates (#54047, @kuramal)
  • kubectl get will by default fetch large lists of resources in chunks of up to 500 items rather than requesting all resources up front from the server. This reduces the perceived latency of managing large clusters since the server returns the first set of results to the client much more quickly. A new flag --chunk-size=SIZE may be used to alter the number of items or disable this feature when 0 is passed. This is a beta feature. (#53768, @smarterclayton)
  • Add a new feature gate for enabling an alpha annotation which, if present, excludes the annotated node from being added to a service load balancers. (#54644, @brendandburns)
  • Implement graceful shutdown of the kube-apiserver by waiting for open connections to finish before exiting. Moreover, the audit backend will stop dropping events on shutdown. (#53695, @hzxuzhonghu)
  • fix warning messages due to GetMountRefs func not implemented in windows (#52401, @andyzhangx)
  • Object count quotas supported on all standard resources using count/<resource>.<group> syntax (#54320, @derekwaynecarr)
  • Add openssh-client back into the hyperkube image. This allows the gitRepo volume plugin to work properly. (#54250, @ixdy)
  • Bump version of all prometheus-to-sd images to v0.2.2. (#54635, @loburm)
  • [fluentd-gcp addon] Fluentd now runs in its own network, not in the host one. (#54395, @crassirostris)
  • fix azure storage account num exhausting issue (#54459, @andyzhangx)
  • Add Windows support to the system verification check (#53730, @bsteciuk)
  • allow windows mount path (#51240, @andyzhangx)
  • Development of Kubernetes Federation has moved to github.com/kubernetes/federation. This move out of tree also means that Federation will begin releasing separately from Kubernetes. The impact of this is Federation-specific behavior will no longer be included in kubectl, kubefed will no longer be released as part of Kubernetes, and the Federation servers will no longer be included in the hyperkube binary and image. (#53816, @marun)
  • Metadata concealment on GCE is now controlled by the ENABLE_METADATA_CONCEALMENT env var. See cluster/gce/config-default.sh for more info. (#54150, @ihmccreery)
  • Fixed a bug which is causes kube-apiserver to not run without specifying service-cluster-ip-range (#52870, @jennybuckley)
  • the generic admission webhook is now available in the generic apiserver (#54513, @deads2k)
  • ScaleIO persistent volumes now support referencing a secret in a namespace other than the bound persistent volume claim's namespace; this is controlled during provisioning with the secretNamespace storage class parameter; StoragePool and ProtectionDomain attributes no longer defaults to the value default (#54013, @vladimirvivien)
  • Feature gates now check minimum versions (#54539, @jamiehannaford)
  • fix azure pv crash due to volumeSource.ReadOnly value nil (#54607, @andyzhangx)
  • Fix an issue where pods were briefly transitioned to a "Pending" state during the deletion process. (#54593, @dashpole)
  • move getMaxVols function to predicates.go and add some NewVolumeCountPredicate funcs (#51783, @jiulongzaitian)
  • Remove the LbaasV1 of OpenStack cloud provider, currently only support LbaasV2. (#52717, @FengyunPan)
  • generic webhook admission now takes a config file which describes how to authenticate to webhook servers (#54414, @deads2k)
  • The NodeController will not support kubelet 1.2. (#48996, @k82cn)
    • fluentd-gcp runs with a dedicated fluentd-gcp service account (#54175, @tallclair)
        • Stop mounting the host certificates into fluentd's prometheus-to-sd container
  • fix azure disk mount failure on coreos and some other distros (#54334, @andyzhangx)
  • Allow GCE users to configure the service account made available on their nodes (#52868, @ihmccreery)
  • Load kernel modules automatically inside a kube-proxy pod (#52003, @vfreex)
  • kube-apiserver: --ssh-user and --ssh-keyfile are now deprecated and will be removed in a future release. Users of SSH tunnel functionality used in Google Container Engine for the Master -> Cluster communication should plan to transition to alternate methods for bridging master and node networks. (#54433, @dims)
  • Fix hyperkube kubelet --experimental-dockershim (#54508, @ivan4th)
  • Fix clustered datastore name to be absolute. (#54438, @pshahzeb)
  • Fix for service controller so that it won't retry on doNotRetry service update failure. (#54184, @MrHohn)
  • Add support for RBAC support to Kubernetes via Juju (#53820, @ktsakalozos)
  • RBD Persistent Volume Sources can now reference User's Secret in namespaces other than the namespace of the bound Persistent Volume Claim (#54302, @sbezverk)
  • Apiserver proxy rewrites URL when service returns absolute path with request's host. (#52556, @roycaihw)
  • Logging cleanups (#54443, @bowei) * Updates kube-dns to use client-go 3 * Updates containers to use alpine as the base image on all platforms * Adds support for IPv6
  • add --raw to kubectl create to POST using the normal transport (#54245, @deads2k)
  • Remove the --network-plugin-dir flag. (#53564, @supereagle)
  • Introduces a polymorphic scale client, allowing HorizontalPodAutoscalers to properly function on scalable resources in any API group. (#53743, @DirectXMan12)
  • Add PodDisruptionBudget to scheduler cache. (#53914, @bsalamat)
    • API machinery's httpstream/spdy calls now support CIDR notation for NO_PROXY (#54413, @kad)
  • Added option lb-provider to OpenStack cloud provider config (#54176, @gonzolino)
  • Allow for configuring etcd hostname in the manifest (#54403, @wojtek-t)
    • kubeadm will warn users if access to IP ranges for Pods or Services will be done via HTTP proxy. (#52792, @kad)
  • Resolves forbidden error when accessing replicasets and daemonsets via the apps API group (#54309, @liggitt)
  • Cluster Autoscaler 1.0.1 (#54298, @mwielgus)
  • secret data containing Docker registry auth objects is now generated using the config.json format (#53916, @juanvallejo)
  • Added support for SAN entries in the master node certificate via juju kubernetes-master config. (#54234, @hyperbolic2346)
  • support imagePullSecrets and imagePullPolicy in kubefed init (#50740, @dixudx)
  • update gRPC to v1.6.0 to pick up data race fix grpc/grpc-go#1316 (#53128, @dixudx)
  • admission webhook registrations without a specific failure policy default to failing closed. (#54162, @deads2k)
  • Device plugin Alpha API no longer supports returning artifacts per device as part of AllocateResponse. (#53031, @vishh)
  • admission webhook registration now allows URL paths (#54145, @deads2k)
  • The Kubelet's --enable-custom-metrics flag is now marked deprecated. (#54154, @mtaufen)
  • Use multi-arch busybox image for e2e (#54034, @dixudx)
  • sample-controller: add example CRD controller (#52753, @munnerz)
  • RBAC PolicyRules now allow resource=*/<subresource> to cover any-resource/<subresource>. For example, */scale covers replicationcontroller/scale. (#53722, @deads2k)
  • Upgrade to go1.9 (#51375, @cblecker)
  • Webhook always retries connection reset error. (#53947, @crassirostris)
  • fix PV Recycle failed on non-amd64 platfrom (#53958, @dixudx)
  • Verbose option is added to each status function in CRI. Container runtime could return extra information in status response for debugging. (#53965, @Random-Liu)
  • Fixed log fallback termination messages when using docker with journald log driver (#52503, @joelsmith)
  • falls back to parse Docker runtime version as generic if not semver (#54040, @dixudx)
  • kubelet: prevent removal of default labels from Node API objects on startup (#54073, @liggitt)
  • Change scheduler to skip pod with updates only on pod annotations (#54008, @yguo0905)
  • PodSecurityPolicy: when multiple policies allow a submitted pod, priority is given to ones which do not require any fields in the pod spec to be defaulted. If the pod must be defaulted, the first policy (ordered by name) that allows the pod is used. (#52849, @liggitt)
  • Control HPA tolerance through the horizontal-pod-autoscaler-tolerance flag. (#52275, @mattjmcnaughton)
  • bump CNI to v0.6.0 (#51250, @dixudx)
  • Improve resilience by annotating kube-dns addon with podAntiAffinity to prefer scheduling on different nodes. (#52193, @StevenACoffman)
  • Azure cloudprovider: Fix controller manager crash issue on a manually created k8s cluster. (#53694, @andyzhangx)
  • Enable Priority admission control in kubeadm. (#53175, @andrewsykim)
  • Add --no-negcache flag to kube-dns to prevent caching of NXDOMAIN responses. (#53604, @cblecker)
  • kubelet provides more specific events when unable to sync pod (#53857, @derekwaynecarr)
  • Kubelet evictions take pod priority into account (#53542, @dashpole)
  • Adds a new controller which automatically cleans up Certificate Signing Requests that are (#51840, @jcbsmpsn)
    • Approved and Issued, or Denied.
  • Optimize random string generator to avoid multiple locks & use bit-masking (#53720, @shyamjvs)
  • update cluster printer to enable --show-labels (#53771, @dixudx)
  • add RequestReceivedTimestamp and StageTimestamp to audit event (#52981, @CaoShuFeng)
  • Deprecation: The flag etcd-quorum-read of kube-apiserver is deprecated and the ability to switch off quorum read will be removed in a future release. (#53795, @xiangpengzhao)
  • Use separate client for leader election in scheduler to avoid starving leader election by regular scheduler operations. (#53793, @wojtek-t)
  • Support autoprobing node-security-group for openstack cloud provider, Support multiple Security Groups for cluster's nodes. (#50836, @FengyunPan)
  • fix a bug where disk pressure could trigger prematurely when using overlay2 (#53684, @dashpole)
  • "kubectl cp" updated to honor destination names (#51215, @juanvallejo)
  • kubeadm: Strip bootstrap tokens from the kubeadm-config ConfigMap (#53559, @fabriziopandini)
  • Skip podpreset test if the alpha feature setttings/v1alpha1 is disabled (#53080, @jennybuckley)
  • Log when node is successfully initialized by Cloud Controller Manager (#53517, @andrewsykim)
  • apiserver: --etcd-quorum-read now defaults to true, to ensure correct operation with HA etcd clusters (#53717, @liggitt)
  • The Kubelet's feature gates are now specified as a map when provided via a JSON or YAML KubeletConfiguration, rather than as a string of key-value pairs. (#53025, @mtaufen)
  • Address a bug which allowed the horizontal pod autoscaler to allocate desiredReplicas > maxReplicas in certain instances. (#53690, @mattjmcnaughton)
  • Horizontal pod autoscaler uses REST clients through the kube-aggregator instead of the legacy client through the API server proxy. (#53205, @kawych)
  • Fix to prevent downward api change break on older versions (#53673, @timothysc)
  • API chunking via the limit and continue request parameters is promoted to beta in this release. Client libraries using the Informer or ListWatch types will automatically opt in to chunking. (#52949, @smarterclayton)
  • GCE: Bump GLBC version to 0.9.7. (#53625, @nikhiljindal)
  • kubelet's --cloud-provider flag no longer defaults to "auto-detect". If you want cloud-provider support in kubelet, you must set a specific cloud-provider explicitly. (#53573, @dims)
  • Ignore extended resources that are not registered with kubelet during container resource allocation. (#53547, @jiayingz)
  • kubectl top pod and node should sort by namespace / name so that results don't jump around. (#53560, @dixudx)
  • Added --dry-run option to kubectl drain (#52440, @juanvallejo)
  • Fix a bug that prevents client-go metrics from being registered in prometheus in multiple components. (#53434, @crassirostris)
  • Adjust batching audit webhook default parameters: increase queue size, batch size, and initial backoff. Add throttling to the batching audit webhook. Default rate limit is 10 QPS. (#53417, @crassirostris)
  • Added integration test for TaintNodeByCondition. (#53184, @k82cn)
  • Add API version apps/v1, and bump DaemonSet to apps/v1 (#53278, @janetkuo)
  • Change kubeadm create token to default to the group that almost everyone will want to use. The group is system:bootstrappers:kubeadm:default-node-token and is the group that kubeadm sets up, via an RBAC binding, for auto-approval (system:certificates.k8s.io:certificatesigningrequests:nodeclient). (#53512, @jbeda)
  • Using OpenStack service catalog to do version detection (#53115, @FengyunPan)
  • Fix metrics API group name in audit configuration (#53493, @piosz)
  • GCE: Fixes ILB sync on legacy networks and auto networks with unique subnet names (#53410, @nicksardo)
  • outputs <none> for columns specified by -o custom-columns but not found in object (#51750, @jianhuiz)
  • Metrics were added to network plugin to report latency of CNI operations (#53446, @sjenning)
  • GCE: Fix issue deleting internal load balancers when the firewall resource may not exist. (#53450, @nicksardo)
  • Custom resources served through CustomResourceDefinition now support field selectors for metadata.name and metadata.namespace. (#53345, @ncdc)
  • Add generate-groups.sh and generate-internal-groups.sh to k8s.io/code-generator to easily run generators against CRD or User API Server types. (#52186, @sttts)
  • kubelet --cert-dir now defaults to /var/lib/kubelet/pki, in order to ensure bootstrapped and rotated certificates persist beyond a reboot. resolves an issue in kubeadm with false-positive /var/lib/kubelet is not empty message during pre-flight checks (#53317, @liggitt)
  • Fix multi-attach error spam in logs and events (#53401, @gnufied)
  • Use not-ready to replace notReady in node condition taint keys. (#51266, @resouer)
  • Support completion for --clusterrole of kubectl create clusterrolebinding (#48267, @superbrothers)
  • Don't remove extended resource capacities that are not registered with kubelet from node status. (#53353, @jiayingz)
  • Kubectl: Remove swagger 1.2 validation. Also removes options --use-openapi and --schema-cache-dir as these are no longer needed. (#53232, @apelisse)
  • kubectl explain now uses openapi rather than swagger 1.2. (#53228, @apelisse)
  • Fixes a performance issue (#51899) identified in large-scale clusters when deleting thousands of pods simultaneously across hundreds of nodes, by actively removing containers of deleted pods, rather than waiting for periodic garbage collection and batching resulting pod API deletion requests. (#53233, @dashpole)
  • Improve explanation of ReplicaSet (#53403, @rcorre)
  • avoid newline " " in the error to break log msg to 2 lines (#49826, @dixudx)
  • don't recreate a mirror pod for static pod when node gets deleted (#48339, @dixudx)
  • Fix permissions for Metrics Server. (#53330, @kawych)
  • default fail-swap-on to false for kubelet on kubernetes-worker charm (#53386, @wwwtyro)
  • Add --etcd-compaction-interval to apiserver for controlling request of compaction to etcd3 from apiserver. (#51765, @mitake)
  • Apply algorithm in scheduler by feature gates. (#52723, @k82cn)
  • etcd: update version to 3.1.10 (#49393, @hongchaodeng)
  • support nodeSelector in kubefed init (#50749, @dixudx)
  • Upgrade fluentd-elasticsearch addon to Elasticsearch/Kibana 5.6.2 (#53307, @aknuds1)
  • enable to specific unconfined AppArmor profile (#52395, @dixudx)
  • Update Influxdb image to latest version. (#53319, @kairen)
    • Update Grafana image to latest version.
    • Change influxdb-grafana-controller resource to Deployment.
  • Only do UpdateContainerResources when cpuset is set (#53122, @resouer)
  • Fixes an issue with RBAC reconciliation that could cause duplicated subjects in some bootstrapped rolebindings on each restart of the API server. (#53239, @enj)
  • gce: remove compute-rw, see what breaks (#53266, @mikedanese)
  • Fix the bug that query Kubelet's stats summary with CRI stats enabled results in error. (#53107, @Random-Liu)
  • kubeadm allows the kubelets in the cluster to automatically renew their client certificates (#53252, @kad)
  • Fixes an issue with kubectl set commands encountering conversion errors for ReplicaSet and DaemonSet objects (#53158, @liggitt)
  • RBAC: The default admin and edit roles now include read/write permissions and the view role includes read permissions on poddisruptionbudget.policy resources. (#52654, @liggitt)
  • Change ImageGCManage to consume ImageFS stats from StatsProvider (#53094, @yguo0905)
  • BugFix: Exited containers are not Garbage Collected by the kubelet while the pod is running (#53167, @dashpole)
    • Improved generation of deb and rpm packages in bazel build (#53163, @kad)
  • Add a label which prevents a node from being added to a cloud load balancer (#53146, @brendandburns)
  • Fixes an issue pulling pod specs referencing unqualified images from docker.io on centos/fedora/rhel (#53161, @dims)
  • Update kube-dns to 1.14.5 (#53153, @bowei)
    • kubeadm init can now deploy exact build from CI area by specifying ID with "ci/" prefix. Example: "ci/v1.9.0-alpha.1.123+01234567889" (#53043, @kad)
        • kubeadm upgrade apply supports all standard ways of specifying version via labels. Examples: stable-1.8, latest-1.8, ci/latest-1.9 and similar.
    • kubeadm 1.9 will detect and fail init or join pre-flight checks if kubelet is lower than 1.8.0-alpha (#52913, @kad)
  • s390x ingress controller support (#52663, @wwwtyro)
  • NONE (#50532, @steveperry-53)
  • CRI: Add stdout/stderr fields to Exec and Attach requests. (#52686, @yujuhong)
  • NONE (#53001, @ericchiang)
  • Cluster Autoscaler 1.0.0 (#53005, @mwielgus)
  • Remove the --docker-exec-handler flag. Only native exec handler is supported. (#52287, @yujuhong)
  • The Rackspace cloud provider has been removed after a long deprecation period. It was deprecated because it duplicates a lot of the OpenStack logic and can no longer be maintained. Please use the OpenStack cloud provider instead. (#52855, @NickrenREN)
  • Fixes an initializer bug where update requests which had an empty pending initializers list were erroneously rejected. (#52558, @jennybuckley)
  • BulkVerifyVolumes() implementation for vSphere (#52131, @BaluDontu)
  • added --list option to the kubectl label command (#51971, @juanvallejo)
  • Removing --prom-push-gateway flag from e2e tests (#52485, @nielsole)
  • If a container does not create a file at the terminationMessagePath, no message should be output about being unable to find the file. (#52567, @smarterclayton)
  • Support German cloud for azure disk mount feature (#50673, @clement-buchart)
  • Add s390x to juju kubernetes (#52537, @ktsakalozos)
  • Fix kubernetes charms not restarting services properly after host reboot on LXD (#52445, @Cynerva)
  • Add monitoring of Windows Server containers metrics in the kubelet via the stats/summary endpoint. (#50396, @bobbypage)
  • Restores redirect behavior for proxy subresources (#52933, @liggitt)
  • A new service annotation has been added for services of type LoadBalancer on Azure, (#51757, @itowlson)
    • to specify the subnet on which the service's front end IP should be provisioned. The
    • annotation is service.beta.kubernetes.io/azure-load-balancer-internal-subnet and its
    • value is the subnet name (not the subnet ARM ID). If omitted, the default is the
    • master subnet. It is ignored if the service is not on Azure, if the type is not
    • LoadBalancer, or if the load balancer is not internal.
  • Adds a command-line argument to kube-apiserver called (#51698, @rphillips)
    • --alpha-endpoint-reconciler-type=(master-count, lease, none) (default
    • "master-count"). The original reconciler is 'master-count'. The 'lease'
    • reconciler uses the storageapi and a TTL to keep alive an endpoint within the
    • kube-apiserver-endpoint storage namespace. The 'none' reconciler is a noop
    • reconciler that does not do anything. This is useful for self-hosted
    • environments.
  • Improved Italian translation for kubectl (#51463, @lucab85)
  • Add a metric to the kubelet to monitor remaining lifetime of the certificate that (#51031, @jcbsmpsn)
    • authenticates the kubelet to the API server.
  • change AddEventHandlerWithResyncPeriod to AddEventHandler in factory.go (#51582, @jiulongzaitian)
  • Validate that cronjob names are 52 characters or less (#52733, @julia-stripe)
  • add readme file of ipvs (#51937, @Lion-Wei)

v1.9.0-alpha.1

Documentation & Examples

Downloads for v1.9.0-alpha.1

filename sha256 hash
kubernetes.tar.gz e2dc3eebf79368c783b64f5b6642a287cc2fd777547d99f240a35cce1f620ffc
kubernetes-src.tar.gz ca8659187047f2d38a7c0ee313189c19ec35646c6ebaa8f59f2f098eca33dca0

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 51e0df7e6611ff4a9b3759b05e65c80555317bff03282ef39a9b53b27cdeff42
kubernetes-client-darwin-amd64.tar.gz c6c57cc92cc456a644c0965a6aa2bd260125807b450d69376e0edb6c98aaf4d7
kubernetes-client-linux-386.tar.gz 399c8cb448d76accb71edcb00bee474f172d416c8c4f5253994e4e2d71e0dece
kubernetes-client-linux-amd64.tar.gz fde75d7267592b34609299a93ee7e54b26a948e6f9a1f64ced666c0aae4455aa
kubernetes-client-linux-arm64.tar.gz b38810cf87735efb0af027b7c77e4e8c8f5821f235cf33ae9eee346e6d1a0b84
kubernetes-client-linux-arm.tar.gz a36427c2f2b81d42702a12392070f7dd3635b651bb04ae925d0bdf3ec50f83aa
kubernetes-client-linux-ppc64le.tar.gz 9dee0f636eef09bfec557a50e4f8f4b69e0588bbd0b77f6da50cc155e1679880
kubernetes-client-linux-s390x.tar.gz 4a6246d5de5c3957ed41b8943fa03e74fb646595346f7c72beaf7b030fe6872e
kubernetes-client-windows-386.tar.gz 1ee384f4bb02e614c86bf84cdfdc42faffa659aaba4a1c759ec26f03eb438149
kubernetes-client-windows-amd64.tar.gz e70d8935abefea0307780e899238bb10ec27c8f0d77702cf25de230b6abf7fb4

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 7fff06370c4f37e1fe789cc160fce0c93535991f63d7fe7d001378f17027d9d8
kubernetes-server-linux-arm64.tar.gz 65cd60512ea0bf508aa65f8d22a6f3094db394f00b3cd6bd63fe02b795514ab2
kubernetes-server-linux-arm.tar.gz 0ecb341a047f1a9dface197f11f05f15853570cfb474c82538c7d61b40bd53ae
kubernetes-server-linux-ppc64le.tar.gz cea9eed4c24e7f29994ecc12674bff69d108692d3c9be3e8bd939b3c4f281892
kubernetes-server-linux-s390x.tar.gz 4d50799e5989de6d9ec316d2051497a3617b635e89fa44e01e64fed544d96e07

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz e956b9c1e5b47f800953ad0f82fae23774a2f43079dc02d98a90d5bfdca0bad6
kubernetes-node-linux-arm64.tar.gz ede6a85db555dd84e8d7180bdd58712933c38567ab6c97a80d0845be2974d968
kubernetes-node-linux-arm.tar.gz 4ac6a1784fa1e20be8a4e7fa0ff8b4defc725e6c058ff97068bf7bfa6a11c77d
kubernetes-node-linux-ppc64le.tar.gz 0d9c8c7e0892d7b678f3b4b7736087da91cb40c5f169e4302e9f4637c516207a
kubernetes-node-linux-s390x.tar.gz 2fdde192a84410c784e5d1e813985e9a19ce62e3d9bb2215481cbce9286329da
kubernetes-node-windows-amd64.tar.gz 543110cc69b57471f3824d96cbd16b003ac2cddaa19ca4bdefced0af61fd24f2

Changelog since v1.8.0-alpha.3

Action Required

  • New GCE or GKE clusters created with cluster/kube-up.sh will not enable the legacy ABAC authorizer by default. If you would like to enable the legacy ABAC authorizer, export ENABLE_LEGACY_ABAC=true before running cluster/kube-up.sh. (#51367, @cjcullen)
  • The OwnerReferencesPermissionEnforcement admission plugin now requires update permission on the finalizers subresource of the referenced owner in order to set blockOwnerDeletion on an owner reference. (#49133, @deads2k)
  • The deprecated alpha and beta initContainer annotations are no longer supported. Init containers must be specified using the initContainers field in the pod spec. (#51816, @liggitt)
  • Action required: validation rule on metadata.initializers.pending[x].name is tightened. The initializer name needs to contain at least three segments separated by dots. If you create objects with pending initializers, (i.e., not relying on apiserver adding pending initializers according to initializerconfiguration), you need to update the initializer name in existing objects and in configuration files to comply to the new validation rule. (#51283, @caesarxuchao)
  • Audit policy supports matching subresources and resource names, but the top level resource no longer matches the subresouce. For example "pods" no longer matches requests to the logs subresource of pods. Use "pods/logs" to match subresources. (#48836, @ericchiang)
  • Protobuf serialization does not distinguish between [] and null. (#45294, @liggitt)
    • API fields previously capable of storing and returning either [] and null via JSON API requests (for example, the Endpoints subsets field) can now store only null when created using the protobuf content-type or stored in etcd using protobuf serialization (the default in 1.6+). JSON API clients should tolerate null values for such fields, and treat null and [] as equivalent in meaning unless specifically documented otherwise for a particular field.

Other notable changes

  • PersistentVolumeLabel admission controller is now deprecated. (#52618, @dims)
  • Mark the LBaaS v1 of OpenStack cloud provider deprecated. (#52821, @FengyunPan)
  • NONE (#52819, @verult)
  • Mark image as deliberately optional in v1 Container struct. Many objects in the Kubernetes API inherit the container struct and only Pods require the field to be set. (#48406, @gyliu513)
  • [fluentd-gcp addon] Update Stackdriver plugin to version 0.6.7 (#52565, @crassirostris)
  • Remove duplicate proto errors in kubelet. (#52132, @adityadani)
  • [fluentd-gcp addon] Remove audit logs from the fluentd configuration (#52777, @crassirostris)
  • Set defaults for successfulJobsHistoryLimit (3) and failedJobsHistoryLimit (1) in batch/v1beta1.CronJobs (#52533, @soltysh)
  • Fix: update system spec to support Docker 17.03 (#52666, @yguo0905)
  • Fix panic in ControllerManager on GCE when it has a problem with creating external loadbalancer healthcheck (#52646, @gmarek)
  • PSP: add support for using * as a value in allowedCapabilities to allow to request any capabilities (#51337, @php-coder)
  • [fluentd-gcp addon] By default ingest apiserver audit logs written to file in JSON format. (#52541, @crassirostris)
  • The autoscaling/v2beta1 API group is now enabled by default. (#52549, @DirectXMan12)
  • Add CLUSTER_SIGNING_DURATION environment variable to cluster (#52497, @jcbsmpsn)
    • configuration scripts to allow configuration of signing duration of
    • certificates issued via the Certificate Signing Request API.
  • Introduce policy to allow the HPA to consume the metrics.k8s.io and custom.metrics.k8s.io API groups. (#52572, @DirectXMan12)
  • kubelet to master communication when doing node status updates now has a timeout to prevent indefinite hangs (#52176, @liggitt)
  • Introduced Metrics Server in version v0.2.0. For more details see https://github.com/kubernetes-incubator/metrics-server/releases/tag/v0.2.0. (#52548, @piosz)
  • Adds ROTATE_CERTIFICATES environment variable to kube-up.sh script for GCE (#52115, @jcbsmpsn)
    • clusters. When that var is set to true, the command line flag enabling kubelet
    • client certificate rotation will be added to the kubelet command line.
  • Make sure that resources being updated are handled correctly by Quota system (#52452, @gnufied)
  • WATCHLIST calls are now reported as WATCH verbs in prometheus for the apiserver_request_* series. A new "scope" label is added to all apiserver_request_* values that is either 'cluster', 'resource', or 'namespace' depending on which level the query is performed at. (#52237, @smarterclayton)
  • Fixed the webhook admission plugin so that it works even if the apiserver and the nodes are in two networks (e.g., in GKE). (#50476, @caesarxuchao)
    • Fixed the webhook admission plugin so that webhook author could use the DNS name of the service as the CommonName when generating the server cert for the webhook.
    • Action required:
    • Anyone who generated server cert for admission webhooks need to regenerate the cert. Previously, when generating server cert for the admission webhook, the CN value doesn't matter. Now you must set it to the DNS name of the webhook service, i.e., <service.Name>.<service.Namespace>.svc.
  • Ignore pods marked for deletion that exceed their grace period in ResourceQuota (#46542, @derekwaynecarr)
  • custom resources that use unconventional pluralization now work properly with kubectl and garbage collection (#50012, @deads2k)
  • [fluentd-gcp addon] Fluentd will trim lines exceeding 100KB instead of dropping them. (#52289, @crassirostris)
  • dockershim: check the error when syncing the checkpoint. (#52125, @yujuhong)
  • By default, clusters on GCE no longer sends RequestReceived audit event, if advanced audit is configured. (#52343, @crassirostris)
  • [BugFix] Soft Eviction timer works correctly (#52046, @dashpole)
  • Azuredisk mount on windows node (#51252, @andyzhangx)
  • [fluentd-gcp addon] Bug with event-exporter leaking memory on metrics in clusters with CA is fixed. (#52263, @crassirostris)
  • kubeadm: Enable kubelet client certificate rotation (#52196, @luxas)
  • Scheduler predicate developer should respect equivalence class cache (#52146, @resouer)
  • The kube-cloud-controller-manager flag --service-account-private-key-file was non-functional and is now deprecated. (#50289, @liggitt)
    • The kube-cloud-controller-manager flag --use-service-account-credentials is now honored consistently, regardless of whether --service-account-private-key-file was specified.
  • Fix credentials providers for docker sandbox image. (#51870, @feiskyer)
  • NONE (#52120, @abgworrall)
  • Fixed an issue looking up cronjobs when they existed in more than one API version (#52227, @liggitt)
  • Add priority-based preemption to the scheduler. (#50949, @bsalamat)
  • Add CLUSTER_SIGNING_DURATION environment variable to cluster configuration scripts (#51844, @jcbsmpsn)
    • to allow configuration of signing duration of certificates issued via the Certificate
    • Signing Request API.
  • Adding German translation for kubectl (#51867, @Steffen911)
  • The ScaleIO volume plugin can now read the SDC GUID value as node label scaleio.sdcGuid; if binary drv_cfg is not installed, the plugin will still work properly; if node label not found, it defaults to drv_cfg if installed. (#50780, @vladimirvivien)
  • A policy with 0 rules should return an error (#51782, @charrywanganthony)
  • Log a warning when --audit-policy-file not passed to apiserver (#52071, @CaoShuFeng)
  • Fixes an issue with upgrade requests made via pod/service/node proxy subresources sending a non-absolute HTTP request-uri to backends (#52065, @liggitt)
  • kubeadm: add kubeadm phase addons command (#51171, @andrewrynhard)
  • Fix for Nodes in vSphere lacking an InternalIP. (#48760) (#49202, @cbonte)
  • v2 of the autoscaling API group, including improvements to the HorizontalPodAutoscaler, has moved from alpha1 to beta1. (#50708, @DirectXMan12)
  • Fixed a bug where some alpha features were enabled by default. (#51839, @jennybuckley)
  • Implement StatsProvider interface using CRI stats (#51557, @yguo0905)
  • set AdvancedAuditing feature gate to true by default (#51943, @CaoShuFeng)
  • Migrate the metrics/v1alpha1 API to metrics/v1beta1. The HorizontalPodAutoscaler (#51653, @DirectXMan12)
    • controller REST client now uses that version. For v1beta1, the API is now known as
    • resource-metrics.metrics.k8s.io.
  • In GCE with COS, increase TasksMax for Docker service to raise cap on number of threads/processes used by containers. (#51986, @yujuhong)
  • Fixes an issue with APIService auto-registration affecting rolling HA apiserver restarts that add or remove API groups being served. (#51921, @liggitt)
  • Sharing a PID namespace between containers in a pod is disabled by default in 1.8. To enable for a node, use the --docker-disable-shared-pid=false kubelet flag. Note that PID namespace sharing requires docker >= 1.13.1. (#51634, @verb)
  • Build test targets for all server platforms (#51873, @luxas)
  • Add EgressRule to NetworkPolicy (#51351, @cmluciano)
  • Allow DNS resolution of service name for COS using containerized mounter. It fixed the issue with DNS resolution of NFS and Gluster services. (#51645, @jingxu97)
  • Fix journalctl leak on kubelet restart (#51751, @dashpole)
    • Fix container memory rss
    • Add hugepages monitoring support
    • Fix incorrect CPU usage metrics with 4.7 kernel
    • Add tmpfs monitoring support
  • Support for Huge pages in empty_dir volume plugin (#50072, @squall0gd)
    • Huge pages can now be used with empty dir volume plugin.
  • Alpha support for pre-allocated hugepages (#50859, @derekwaynecarr)
  • add support for client-side spam filtering of events (#47367, @derekwaynecarr)
  • Provide a way to omit Event stages in audit policy (#49280, @CaoShuFeng)
  • Introduced Metrics Server (#51792, @piosz)
  • Implement Controller for growing persistent volumes (#49727, @gnufied)
  • Kubernetes 1.8 supports docker version 1.11.x, 1.12.x and 1.13.x. And also supports overlay2. (#51845, @Random-Liu)
  • The Deployment, DaemonSet, and ReplicaSet kinds in the extensions/v1beta1 group version are now deprecated, as are the Deployment, StatefulSet, and ControllerRevision kinds in apps/v1beta1. As they will not be removed until after a GA version becomes available, you may continue to use these kinds in existing code. However, all new code should be developed against the apps/v1beta2 group version. (#51828, @kow3ns)
  • kubeadm: Detect kubelet readiness and error out if the kubelet is unhealthy (#51369, @luxas)
  • Fix providerID update validation (#51761, @karataliu)
  • Calico has been updated to v2.5, RBAC added, and is now automatically scaled when GCE clusters are resized. (#51237, @gunjan5)
  • Add backoff policy and failed pod limit for a job (#51153, @clamoriniere1A)
  • Adds a new alpha EventRateLimit admission control that is used to limit the number of event queries that are accepted by the API Server. (#50925, @staebler)
  • The OpenID Connect authenticator can now use a custom prefix, or omit the default prefix, for username and groups claims through the --oidc-username-prefix and --oidc-groups-prefix flags. For example, the authenticator can map a user with the username "jane" to "google:jane" by supplying the "google:" username prefix. (#50875, @ericchiang)
  • Implemented kubeadm upgrade plan for checking whether you can upgrade your cluster to a newer version (#48899, @luxas)
    • Implemented kubeadm upgrade apply for upgrading your cluster from one version to an other
  • Switch to audit.k8s.io/v1beta1 in audit. (#51719, @soltysh)
  • update QEMU version to v2.9.1 (#50597, @dixudx)
  • controllers backoff better in face of quota denial (#49142, @joelsmith)
  • The event table output under kubectl describe has been simplified to show only the most essential info. (#51748, @smarterclayton)
  • Use arm32v7|arm64v8 images instead of the deprecated armhf|aarch64 image organizations (#50602, @dixudx)
  • audit newest impersonated user info in the ResponseStarted, ResponseComplete audit stage (#48184, @CaoShuFeng)
  • Fixed bug in AWS provider to handle multiple IPs when using more than 1 network interface per ec2 instance. (#50112, @jlz27)
  • Add flag "--include-uninitialized" to kubectl annotate, apply, edit-last-applied, delete, describe, edit, get, label, set. "--include-uninitialized=true" makes kubectl commands apply to uninitialized objects, which by default are ignored if the names of the objects are not provided. "--all" also makes kubectl commands apply to uninitialized objects. Please see the initializer doc for more details. (#50497, @dixudx)
  • GCE: Service object now supports "Network Tiers" as an Alpha feature via annotations. (#51301, @yujuhong)
  • When using kube-up.sh on GCE, user could set env ENABLE_POD_PRIORITY=true to enable pod priority feature gate. (#51069, @MrHohn)
  • The names generated for ControllerRevision and ReplicaSet are consistent with the GenerateName functionality of the API Server and will not contain "bad words". (#51538, @kow3ns)
  • PersistentVolumeClaim metrics like "volume_stats_inodes" and "volume_stats_capacity_bytes" are now reported via kubelet prometheus (#51553, @wongma7)
  • When using IP aliases, use a secondary range rather than subnetwork to reserve cluster IPs. (#51690, @bowei)
  • IPAM controller unifies handling of node pod CIDR range allocation. (#51374, @bowei)
    • It is intended to supersede the logic that is currently in range_allocator
    • and cloud_cidr_allocator. (ALPHA FEATURE)
    • Note: for this change, the other allocators still exist and are the default.
    • It supports two modes:
      • CIDR range allocations done within the cluster that are then propagated out to the cloud provider.
      • Cloud provider managed IPAM that is then reflected into the cluster.
  • The Kubernetes API server now supports the ability to break large LIST calls into multiple smaller chunks. A client can specify a limit to the number of results to return, and if more results exist a token will be returned that allows the client to continue the previous list call repeatedly until all results are retrieved. The resulting list is identical to a list call that does not perform chunking thanks to capabilities provided by etcd3. This allows the server to use less memory and CPU responding with very large lists. This feature is gated as APIListChunking and is not enabled by default. The 1.9 release will begin using this by default from all informers. (#48921, @smarterclayton)
  • add reconcile command to kubectl auth (#51636, @deads2k)
  • Advanced audit allows logging failed login attempts (#51119, @soltysh)
  • kubeadm: Add support for using an external CA whose key is never stored in the cluster (#50832, @nckturner)
  • the custom metrics API (custom.metrics.k8s.io) has moved from v1alpha1 to v1beta1 (#50920, @DirectXMan12)
  • Add backoff policy and failed pod limit for a job (#48075, @clamoriniere1A)
  • Performs validation (when applying for example) against OpenAPI schema rather than Swagger 1.0. (#51364, @apelisse)
  • Make all e2e tests lookup image to use from a centralized place. In that centralized place, add support for multiple platforms. (#49457, @mkumatag)
  • kubelet has alpha support for mount propagation. It is disabled by default and it is there for testing only. This feature may be redesigned or even removed in a future release. (#46444, @jsafrane)
  • Add selfsubjectrulesreview API for allowing users to query which permissions they have in a given namespace. (#48051, @xilabao)
  • Kubelet re-binds /var/lib/kubelet directory with rshared mount propagation during startup if it is not shared yet. (#45724, @jsafrane)
  • Deviceplugin jiayingz (#51209, @jiayingz)
  • Make logdump support kubemark and support gke with 'use_custom_instance_list' (#51834, @shyamjvs)
  • add apps/v1beta2 conversion test (#49645, @dixudx)
  • Fixed an issue (#47800) where kubectl logs -f failed with unexpected stream type "". (#50381, @sczizzo)
  • GCE: Internal load balancer IPs are now reserved during service sync to prevent losing the address to another service. (#51055, @nicksardo)
  • Switch JSON marshal/unmarshal to json-iterator library. Performance should be close to previous with no generated code. (#48287, @thockin)
  • Adds optional group and version information to the discovery interface, so that if an endpoint uses non-default values, the proper value of "kind" can be determined. Scale is a common example. (#49971, @deads2k)
  • Fix security holes in GCE metadata proxy. (#51302, @ihmccreery)
  • #43077 introduced a condition where DaemonSet controller did not respect the TerminationGracePeriodSeconds of the Pods it created. This is now corrected. (#51279, @kow3ns)
  • Tainted nodes by conditions as following: (#49257, @k82cn) * 'node.kubernetes.io/network-unavailable=:NoSchedule' if NetworkUnavailable is true * 'node.kubernetes.io/disk-pressure=:NoSchedule' if DiskPressure is true * 'node.kubernetes.io/memory-pressure=:NoSchedule' if MemoryPressure is true * 'node.kubernetes.io/out-of-disk=:NoSchedule' if OutOfDisk is true
  • rbd: default image format to v2 instead of deprecated v1 (#51574, @dillaman)
  • Surface reasonable error when client detects connection closed. (#51381, @mengqiy)
  • Allow PSP's to specify a whitelist of allowed paths for host volume (#50212, @jhorwit2)
  • For Deployment, ReplicaSet, and DaemonSet, selectors are now immutable when updating via the new apps/v1beta2 API. For backward compatibility, selectors can still be changed when updating via apps/v1beta1 or extensions/v1beta1. (#50719, @crimsonfaith91)
  • Allows kubectl to use http caching mechanism for the OpenAPI schema. The cache directory can be configured through --cache-dir command line flag to kubectl. If set to empty string, caching will be disabled. (#50404, @apelisse)
  • Pod log attempts are now reported in apiserver prometheus metrics with verb CONNECT since they can run for very long periods of time. (#50123, @WIZARD-CXY)
  • The emptyDir.sizeLimit field is now correctly omitted from API requests and responses when unset. (#50163, @jingxu97)
  • Promote CronJobs to batch/v1beta1. (#51465, @soltysh)
  • Add local ephemeral storage support to LimitRange (#50757, @NickrenREN)
  • Add mount options field to StorageClass. The options listed there are automatically added to PVs provisioned using the class. (#51228, @wongma7)
  • Add 'kubectl set env' command for setting environment variables inside containers for resources embedding pod templates (#50998, @zjj2wry)
  • Implement IPVS-based in-cluster service load balancing (#46580, @dujun1990)
  • Release the kubelet client certificate rotation as beta. (#51045, @jcbsmpsn)
  • Adds --append-hash flag to kubectl create configmap/secret, which will append a short hash of the configmap/secret contents to the name during creation. (#49961, @mtaufen)
  • Add validation for CustomResources via JSON Schema. (#47263, @nikhita)
  • enqueue a sync task to wake up jobcontroller to check job ActiveDeadlineSeconds in time (#48454, @weiwei04)
  • Remove previous local ephemeral storage resource names: "ResourceStorageOverlay" and "ResourceStorageScratch" (#51425, @NickrenREN)
  • Add retainKeys to patchStrategy for v1 Volumes and extentions/v1beta1 DeploymentStrategy. (#50296, @mengqiy)
  • Add mount options field to PersistentVolume spec (#50919, @wongma7)
  • Use of the alpha initializers feature now requires enabling the Initializers feature gate. This feature gate is auto-enabled if the Initialzers admission plugin is enabled. (#51436, @liggitt)
  • Fix inconsistent Prometheus cAdvisor metrics (#51473, @bboreham)
  • Add local ephemeral storage to downward API (#50435, @NickrenREN)
  • kubectl zsh autocompletion will work with compinit (#50561, @cblecker)
  • [Experiment Only] When using kube-up.sh on GCE, user could set env KUBE_PROXY_DAEMONSET=true to run kube-proxy as a DaemonSet. kube-proxy is run as static pods by default. (#50705, @MrHohn)
  • Add --request-timeout to kube-apiserver to make global request timeout configurable. (#51415, @jpbetz)
  • Deprecate auto detecting cloud providers in kubelet. Auto detecting cloud providers go against the initiative for out-of-tree cloud providers as we'll now depend on cAdvisor integrations with cloud providers instead of the core repo. In the near future, --cloud-provider for kubelet will either be an empty string or external. (#51312, @andrewsykim)
  • Add local ephemeral storage support to Quota (#49610, @NickrenREN)
  • Kubelet updates default labels if those are deprecated (#47044, @mrIncompetent)
  • Add error count and time-taken metrics for storage operations such as mount and attach, per-volume-plugin. (#50036, @wongma7)
  • A new predicates, named 'CheckNodeCondition', was added to replace node condition filter. 'NetworkUnavailable', 'OutOfDisk' and 'NotReady' maybe reported as a reason when failed to schedule pods. (#51117, @k82cn)
  • Add support for configurable groups for bootstrap token authentication. (#50933, @mattmoyer)
  • Fix forbidden message format (#49006, @CaoShuFeng)
  • make volumesInUse sorted in node status updates (#49849, @dixudx)
  • Adds InstanceExists and InstanceExistsByProviderID to cloud provider interface for the cloud controller manager (#51087, @prydie)
  • Dynamic Flexvolume plugin discovery. Flexvolume plugins can now be discovered on the fly rather than only at system initialization time. (#50031, @verult)
  • add fieldSelector spec.schedulerName (#50582, @dixudx)
  • Change eviction manager to manage one single local ephemeral storage resource (#50889, @NickrenREN)
  • Cloud Controller Manager now sets Node.Spec.ProviderID (#50730, @andrewsykim)
  • Paramaterize session affinity timeout seconds in service API for Client IP based session affinity. (#49850, @m1093782566)
  • Changing scheduling part of the alpha feature 'LocalStorageCapacityIsolation' to manage one single local ephemeral storage resource (#50819, @NickrenREN)
  • set --audit-log-format default to json (#50971, @CaoShuFeng)
  • kubeadm: Implement a --dry-run mode and flag for kubeadm (#51122, @luxas)
  • kubectl rollout history, status, and undo subcommands now support StatefulSets. (#49674, @crimsonfaith91)
  • Add IPBlock to Network Policy (#50033, @cmluciano)
  • Adding Italian translation for kubectl (#50155, @lucab85)
  • Simplify capabilities handling in FlexVolume. (#51169, @MikaelCluseau)
  • NONE (#50669, @jiulongzaitian)
  • cloudprovider.Zones should support external cloud providers (#50858, @andrewsykim)
  • Finalizers are now honored on custom resources, and on other resources even when garbage collection is disabled via the apiserver flag --enable-garbage-collector=false (#51148, @ironcladlou)
  • Renamed the API server flag --experimental-bootstrap-token-auth to --enable-bootstrap-token-auth. The old value is accepted with a warning in 1.8 and will be removed in 1.9. (#51198, @mattmoyer)
  • Azure file persistent volumes can use a new secretNamespace field to reference a secret in a different namespace than the one containing their bound persistent volume claim. The azure file persistent volume provisioner honors a corresponding secretNamespace storage class parameter to determine where to place secrets containing the storage account key. (#47660, @rootfs)
  • Bumped gRPC version to 1.3.0 (#51154, @RenaudWasTaken)
  • Delete load balancers if the UIDs for services don't match. (#50539, @brendandburns)
  • Show events when describing service accounts (#51035, @mrogers950)
  • implement proposal 34058: hostPath volume type (#46597, @dixudx)
  • HostAlias is now supported for both non-HostNetwork Pods and HostNetwork Pods. (#50646, @rickypai)
  • CRDs support metadata.generation and implement spec/status split (#50764, @nikhita)
  • Allow attach of volumes to multiple nodes for vSphere (#51066, @BaluDontu)

Please see the Releases Page for older releases.

Release notes of older releases can be found in:

Analytics