filename | sha256 hash |
---|---|
kubernetes.tar.gz | dce2a70ca51fb4f8979645330f36c346b9c02be0501708380ae50956485a53a4 |
kubernetes-src.tar.gz | 4a8c8eaf32c83968e18f75888ae0d432210262090893cad0a105eebab82b0302 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 354d6c8d65e4248c3393a3789e9394b8c31c63da4c42f3da60c7b8bc4713ad51 |
kubernetes-client-darwin-amd64.tar.gz | 98c53e4108276535218f4c89c58974121cc28308cecf5bca676f68fa083a62c5 |
kubernetes-client-linux-386.tar.gz | c0dc219073dcae6fb654f33ca6d83faf5f37a2dcba3cc86b32ea5f9e18054faa |
kubernetes-client-linux-amd64.tar.gz | df68fc512d173d1914f7863303cc0a4335439eb76000fa5a6134d5c454f4ef31 |
kubernetes-client-linux-arm64.tar.gz | edbf086c5446a7b48bbf5ac0e65dacf472e7e2eb7ac434ffb4835b0c643363a4 |
kubernetes-client-linux-arm.tar.gz | 138b02e0e96e9e30772e814d2650b40594e9f190442c9b31af5dcf4bd3c29fb2 |
kubernetes-client-linux-ppc64le.tar.gz | 8edb568048f64052e9ab3e2f0d9d9fee3a5c90667d00669d815c07cc1986eb03 |
kubernetes-client-linux-s390x.tar.gz | 9f0f0464041e85221cb65ab5908f7295d7237acdb6a39abff062e40be0a53b4c |
kubernetes-client-windows-386.tar.gz | a9d4b6014c2856b0602b7124dad41f2f932cccea7f48ba57583352f0fbf2710f |
kubernetes-client-windows-amd64.tar.gz | 16827a05b0538ab8ef6e47b173dc5ad1c4398070324b0d2fc0510ad1efe66567 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | e2aad29fff3cc3a98c642d8bc021a6caa42b4143696ca9d42a1ae3f7e803e777 |
kubernetes-server-linux-arm64.tar.gz | a7e2370d29086dadcb59fc4c3f6e88610ef72ff168577cc1854b4e9c221cad8a |
kubernetes-server-linux-arm.tar.gz | b8da04e06946b221b2ac4f6ebc8e0900cf8e750f0ca5d2e213984644048d1903 |
kubernetes-server-linux-ppc64le.tar.gz | 539db8044dcacc154fff92029d7c18ac9a68de426477cabcd52e01053e8de6e6 |
kubernetes-server-linux-s390x.tar.gz | d793be99d39f1f7b55d381f656b059e4cd78418a6c6bcc77c2c026db82e98769 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 22dae55dd97026eae31562fde6d8459f1594b050313ef294e009144aa8c27a8e |
kubernetes-node-linux-arm64.tar.gz | 8d9bd9307cd5463b2e13717c862e171e20a1ba29a91d86fa3918a460006c823b |
kubernetes-node-linux-arm.tar.gz | c696f882b4a95b13c8cf3c2e05695decb81407359911fba169a308165b06be55 |
kubernetes-node-linux-ppc64le.tar.gz | 611a0e04b1014263e66be91ef108a4a56291cae1438da562b157d04dfe84fd1a |
kubernetes-node-linux-s390x.tar.gz | 61b619e3af7fcb836072c4b855978d7d76d6256aa99b9378488f063494518a0e |
kubernetes-node-windows-amd64.tar.gz | c274258e4379f0b50b2023f659bc982a82783c3de3ae07ef2759159300175a8a |
- action required: The
storage.k8s.io/v1beta1
API andvolume.beta.kubernetes.io/storage-class
annotation are deprecated. They will be removed in a future release. Please use v1 API and fieldv1.PersistentVolumeClaim.Spec.StorageClassName
/v1.PersistentVolume.Spec.StorageClassName
instead. (#53580, @xiangpengzhao) - action required: Deprecated flags
--portal-net
andservice-node-ports
of kube-apiserver are removed. (#52547, @xiangpengzhao) - The
node.kubernetes.io/memory-pressure
taint now respects the configured whitelist. If you need to use it, you'll have to add it to the whitelist. (#55251, @deads2k)
- hyperkube: add cloud-controller-manager (#54197, @colemickens)
- Metrics have been added for monitoring admission plugins, including the new dynamic (webhook-based) ones. (#55183, @jpbetz)
- Addon manager supports HA masters. (#55466, @x13n)
-
- Add PodSecurityPolicies for cluster addons (#55509, @tallclair)
-
- Remove SSL cert HostPath volumes from heapster addons
-
- Add PodSecurityPolicies for cluster addons (#55509, @tallclair)
- Add iptables rules to allow Pod traffic even when default iptables policy is to reject. (#52569, @tmjd)
- Validate positive capacity for PVs and PVCs. (#55532, @ianchakeres)
- Kubelet supports running mount utilities and final mount in a container instead running them on the host. (#53440, @jsafrane)
- The PodSecurityPolicy annotation
kubernetes.io/psp
on pods is only set once on create. (#55486, @sttts) - The apiserver sends external versioned object to the admission webhooks now. Please update the webhooks to expect admissionReview.spec.object.raw to be serialized external versions of objects. (#55127, @caesarxuchao)
- RBAC ClusterRoles can now select other roles to aggregate (#54005, @deads2k)
- GCE nodes with NVIDIA GPUs attached now expose
nvidia.com/gpu
as a resource instead ofalpha.kubernetes.io/nvidia-gpu
. (#54826, @mindprince) - Remove docker dependency during kubelet start up (#54405, @resouer)
- Fix session affinity issue with external load balancer traffic when ExternalTrafficPolicy=Local. (#55519, @MrHohn)
- Add the concurrent service sync flag to the Cloud Controller Manager to allow changing the number of workers. (
--concurrent-service-syncs
) (#55561, @jhorwit2) - move IsMissingVersion comments (#55523, @chenpengdev)
- The dynamic admission webhook now supports a URL in addition to a service reference, to accommodate out-of-cluster webhooks. (#54889, @lavalamp)
- Correct wording of kubeadm upgrade response for missing ConfigMap. (#53337, @jmhardison)
- add create priorityclass sub command (#54858, @wackxu)
- Added namespaceSelector to externalAdmissionWebhook configuration to allow applying webhooks only to objects in the namespaces that have matching labels. (#54727, @caesarxuchao)
- Base images bumped to Debian Stretch (9) (#52744, @rphillips)
- [fluentd-elasticsearch addon] Elasticsearch service name can be overridden via env variable ELASTICSEARCH_SERVICE_NAME (#54215, @mrahbar)
- Increase waiting time (120s) for docker startup in health-monitor.sh (#54099, @dchen1107)
- not calculate new priority when user update other spec of a pod (#55221, @CaoShuFeng)
- kubectl create pdb will no longer set the min-available field by default. (#53047, @yuexiao-wang)
- StatefulSet status now has support for conditions, making it consistent with other core controllers in v1 (#55268, @foxish)
- kubeadm: use the CRI for preflights checks (#55055, @runcom)
- kubeadm now produces error during preflight checks if swap is enabled. Users, who can setup kubelet to run in unsupported environment with enabled swap, will be able to skip that preflight check. (#55399, @kad)
- validate if default and defaultRequest match when creating LimitRange for GPU and hugepages. (#54919, @tianshapjq)
- Add extra-args configs to kubernetes-worker charm (#55334, @Cynerva)
- Restored kube-proxy's support for 0 values for conntrack min, max, max per core, tcp close wait timeout, and tcp established timeout. (#55261, @ncdc)
- Audit policy files without apiVersion and kind are treated as invalid. (#54267, @ericchiang)
- ReplicationController now shares its underlying controller implementation with ReplicaSet to reduce the maintenance burden going forward. However, they are still separate resources and there should be no externally visible effects from this change. (#49429, @enisoc)
- Add limitrange/resourcequota/downward_api e2e tests for local ephemeral storage (#52523, @NickrenREN)
- Support copying "options" in resolv.conf into pod sandbox when dnsPolicy is Default (#54773, @phsiao)
- Fix support for configmap resource lock type in CCM (#55125, @jhorwit2)
- The minimum supported go version bumps to 1.9.1. (#55301, @xiangpengzhao)
- GCE: provide an option to disable docker's live-restore on COS/ubuntu (#55260, @yujuhong)
- Azure NSG rules for services exposed via external load balancer (#54177, @itowlson)
- now limit the destination IP address to the relevant front end load
- balancer IP.
- DaemonSet status now has a new field named "conditions", making it consistent with other workloads controllers. (#55272, @janetkuo)
- kubeadm: Add an experimental mode to deploy CoreDNS instead of KubeDNS (#52501, @rajansandeep)
- Allow HPA to read custom metrics. (#54854, @kawych)
- Fixed 'Schedulercache is corrupted' error in kube-scheduler (#55262, @liggitt)
- API discovery failures no longer crash the kube controller manager via the garbage collector. (#55259, @ironcladlou)
- The kube-scheduler command now supports a
--config
flag which is the location of a file containing a serialized scheduler configuration. Most other kube-scheduler flags are now deprecated. (#52562, @ironcladlou) - add field selector for kubectl get (#50140, @dixudx)
- Removes Priority Admission Controller from kubeadm since it's alpha. (#55237, @andrewsykim)
- Add support for the webhook authorizer to make a Deny decision that short-circuits the union authorizer and immediately returns Deny. (#53273, @mikedanese)
- kubeadm init: fix a bug that prevented the --token-ttl flag and tokenTTL configuration value from working as expected for infinite (0) values. (#54640, @mattmoyer)
- Add CRI log parsing library at pkg/kubelet/apis/cri/logs (#55140, @feiskyer)
- Add extra-args configs for scheduler and controller-manager to kubernetes-master charm (#55185, @Cynerva)
- Add masquerading rules by default to GCE/GKE (#55178, @dnardo)
- Upgraded Azure SDK to v11.1.1. (#54971, @itowlson)
- Disable the termination grace period for the calico/node add-on DaemonSet to reduce downtime during a rolling upgrade or deletion. (#55015, @fasaxc)
- Google KMS integration was removed from in-tree in favor of a out-of-process extension point that will be used for all KMS providers. (#54759, @sakshamsharma)
- kubeadm: reset: use crictl to reset containers (#54721, @runcom)
- Check for available volume before attach/delete operation in EBS (#55008, @gnufied)
- DaemonSet, Deployment, ReplicaSet, and StatefulSet have been promoted to GA and are available in the apps/v1 group version. (#53679, @kow3ns)
- In conversion-gen removed Kubernetes core API from default extra-peer-dirs. (#54394, @sttts)
- Fix IPVS availability check (#51874, @vfreex)
- ScaleIO driver completely removes dependency on drv_cfg binary so a Kubernetes cluster can easily run a containerized kubelet. (#54956, @vladimirvivien)
- Avoid unnecessary spam in kube-controller-manager log if --cluster-cidr is not specified and --allocate-node-cidrs is false. (#54934, @akosiaris)
- It is now possible to set multiple manifest url headers via the Kubelet's --manifest-url-header flag. Multiple headers for the same key will be added in the order provided. The ManifestURLHeader field in KubeletConfiguration object (kubeletconfig/v1alpha1) is now a map[string][]string, which facilitates writing JSON and YAML files. (#54643, @mtaufen)
- Add support for PodSecurityPolicy on GCE:
ENABLE_POD_SECURITY_POLICY=true
enables the admission controller, and installs policies for default addons. (#52367, @tallclair) - In PodTolerationRestriction admisson plugin, if namespace level tolerations are empty, now they override cluster level tolerations. (#54812, @aveshagarwal)
- Added extra_sans config option to kubeapi-load-balancer charm. This allows the user to specify extra SAN entries on the certificate generated for the load balancer. (#54947, @hyperbolic2346)
- set leveled logging (v=4) for 'updating container' message (#54865, @phsiao)
- Fix a bug where pod address is not removed from endpoints object while pod is in graceful termination. (#54828, @freehan)
- kubeadm: Add support for adding a Windows node (#53553, @bsteciuk)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | 9d548271e8475171114b3b68323ab3c0e024cf54e25debe4702ffafe3f1d0952 |
kubernetes-src.tar.gz | 99901fa7f996ddf75ecab7fcd1d33a3faca38e9d1398daa2ae30c9b3ac6a71ce |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 5a5e1ce20db98d7f7f0c88957440ab6c7d4b4a4dfefcb31dcd1d6546e9db01d6 |
kubernetes-client-darwin-amd64.tar.gz | 094481f8f650321f39ba79cd6348de5052db2bb3820f55a74cf5ce33d5c98701 |
kubernetes-client-linux-386.tar.gz | 9a7d8e682a35772ba24bd3fa7a06fb153067b9387daa4db285e15dda75de757d |
kubernetes-client-linux-amd64.tar.gz | 3bb742ffed1a6a51cac01c16614873fea2864c2a4432057a15db90a9d7e40aed |
kubernetes-client-linux-arm64.tar.gz | 928936f06161e8a6f40196381d3e0dc215ca7e7dbc5f7fe6ebccd8d8268b8177 |
kubernetes-client-linux-arm.tar.gz | 0a0fa24107f490db0ad57f33638b1aa9ba2baccb5f250caa75405d6612a3e10a |
kubernetes-client-linux-ppc64le.tar.gz | a92f790d1a480318ea206d84d24d2c1d7e43c3683e60f22e7735b63ee73ccbb4 |
kubernetes-client-linux-s390x.tar.gz | 1bfb7f056ad91fcbc50657fb9760310a0920c15a5770eaa74cf1a17b1725a232 |
kubernetes-client-windows-386.tar.gz | d1b0abbc9cd0376fa0d56096e42094db8a40485082b301723d05c8e78d8f4717 |
kubernetes-client-windows-amd64.tar.gz | 69799ea8741caadac8949a120a455e08aba4d2babba6b63fba2ee9aaeb10c84b |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | f3d9f67e94176aa65cffcc6557a7a251ec2384a3f89a81d3daedd8f8dd4c51a7 |
kubernetes-server-linux-arm64.tar.gz | 3747b7e26d8bfba59c53b3f20d547e7e90cbb9356e513183ac27f901d7317630 |
kubernetes-server-linux-arm.tar.gz | 397b7a49adf90735ceea54720dbf012c8566b34dadde911599bceefb507bc29a |
kubernetes-server-linux-ppc64le.tar.gz | 56f76ebb0788c4e23fc3ede36b52eb34b50b456bb5ff0cf7d78c383c04837565 |
kubernetes-server-linux-s390x.tar.gz | 83d961657a50513db82bf421854c567206ccd34240eb8a017167cb98bdb6d38f |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 1bb0f5ac920e27b4e51260a80fbfaa013ed7d446d58cd1f9d5f73af4d9517edf |
kubernetes-node-linux-arm64.tar.gz | 47635b9097fc6e3d9b1f1f2c3bd1558d144b1a26d1bf03cfc2e97a3c6db4c439 |
kubernetes-node-linux-arm.tar.gz | 212117f1d027c79d50e7c7388951da40b440943748691ba82a3f9f6af75b3ed0 |
kubernetes-node-linux-ppc64le.tar.gz | f2b1d086d07bf2f807dbf02e1f0cd7f6528e57c55be9dadfcecde73e73980068 |
kubernetes-node-linux-s390x.tar.gz | ba6803a5c065b06cf43d1db674319008f15d4bc45900299d0b90105002af245e |
kubernetes-node-windows-amd64.tar.gz | 6d928e3bdba87db3b9198e02f84696f7345b4b78d07ff4ea048d47691c67b212 |
- PodSecurityPolicy: Fixes a compatibility issue that caused policies that previously allowed privileged pods to start forbidding them, due to an incorrect default value for
allowPrivilegeEscalation
. PodSecurityPolicy objects defined using a 1.8.0 client or server that intended to setallowPrivilegeEscalation
tofalse
must be reapplied after upgrading to 1.8.1. (#53443, @liggitt) - RBAC objects are now stored in etcd in v1 format. After completing an upgrade to 1.9, RBAC objects (Roles, RoleBindings, ClusterRoles, ClusterRoleBindings) should be migrated to ensure all persisted objects are written in
v1
format, prior tov1alpha1
support being removed in a future release. (#52950, @liggitt)
- Log error of failed healthz check (#53048, @mrIncompetent)
- fix azure file mount limit issue on windows due to using drive letter (#53629, @andyzhangx)
- Update AWS SDK to 1.12.7 (#53561, @justinsb)
- The
kubernetes.io/created-by
annotation is no longer added to controller-created objects. Use themetadata.ownerReferences
item that hascontroller
set totrue
to determine which controller, if any, owns an object. (#54445, @crimsonfaith91) - Fix overlay2 container disk metrics for Docker and CRI-O (#54827, @dashpole)
- Fix iptables FORWARD policy for Docker 1.13 in kubernetes-worker charm (#54796, @Cynerva)
- Fix
kubeadm upgrade plan
for offline operation: ignore errors when trying to fetch latest versions from dl.k8s.io (#54016, @praseodym) - fluentd now supports CRI log format. (#54777, @Random-Liu)
- Validate that PersistentVolumeSource is not changed during PV Update (#54761, @ianchakeres)
- If you are using the cloud provider API to determine the external host address of the apiserver, set --external-hostname explicitly instead. The cloud provider detection has been deprecated and will be removed in the future (#54516, @dims)
- Fixes discovery information for scale subresources in the apps API group (#54683, @liggitt)
- Optimize Repeated registration of AlgorithmProvider when ApplyFeatureGates (#54047, @kuramal)
kubectl get
will by default fetch large lists of resources in chunks of up to 500 items rather than requesting all resources up front from the server. This reduces the perceived latency of managing large clusters since the server returns the first set of results to the client much more quickly. A new flag--chunk-size=SIZE
may be used to alter the number of items or disable this feature when0
is passed. This is a beta feature. (#53768, @smarterclayton)- Add a new feature gate for enabling an alpha annotation which, if present, excludes the annotated node from being added to a service load balancers. (#54644, @brendandburns)
- Implement graceful shutdown of the kube-apiserver by waiting for open connections to finish before exiting. Moreover, the audit backend will stop dropping events on shutdown. (#53695, @hzxuzhonghu)
- fix warning messages due to GetMountRefs func not implemented in windows (#52401, @andyzhangx)
- Object count quotas supported on all standard resources using
count/<resource>.<group>
syntax (#54320, @derekwaynecarr) - Add openssh-client back into the hyperkube image. This allows the gitRepo volume plugin to work properly. (#54250, @ixdy)
- Bump version of all prometheus-to-sd images to v0.2.2. (#54635, @loburm)
- [fluentd-gcp addon] Fluentd now runs in its own network, not in the host one. (#54395, @crassirostris)
- fix azure storage account num exhausting issue (#54459, @andyzhangx)
- Add Windows support to the system verification check (#53730, @bsteciuk)
- allow windows mount path (#51240, @andyzhangx)
- Development of Kubernetes Federation has moved to github.com/kubernetes/federation. This move out of tree also means that Federation will begin releasing separately from Kubernetes. The impact of this is Federation-specific behavior will no longer be included in kubectl, kubefed will no longer be released as part of Kubernetes, and the Federation servers will no longer be included in the hyperkube binary and image. (#53816, @marun)
- Metadata concealment on GCE is now controlled by the
ENABLE_METADATA_CONCEALMENT
env var. See cluster/gce/config-default.sh for more info. (#54150, @ihmccreery) - Fixed a bug which is causes kube-apiserver to not run without specifying service-cluster-ip-range (#52870, @jennybuckley)
- the generic admission webhook is now available in the generic apiserver (#54513, @deads2k)
- ScaleIO persistent volumes now support referencing a secret in a namespace other than the bound persistent volume claim's namespace; this is controlled during provisioning with the
secretNamespace
storage class parameter; StoragePool and ProtectionDomain attributes no longer defaults to the valuedefault
(#54013, @vladimirvivien) - Feature gates now check minimum versions (#54539, @jamiehannaford)
- fix azure pv crash due to volumeSource.ReadOnly value nil (#54607, @andyzhangx)
- Fix an issue where pods were briefly transitioned to a "Pending" state during the deletion process. (#54593, @dashpole)
- move getMaxVols function to predicates.go and add some NewVolumeCountPredicate funcs (#51783, @jiulongzaitian)
- Remove the LbaasV1 of OpenStack cloud provider, currently only support LbaasV2. (#52717, @FengyunPan)
- generic webhook admission now takes a config file which describes how to authenticate to webhook servers (#54414, @deads2k)
- The NodeController will not support kubelet 1.2. (#48996, @k82cn)
-
- fluentd-gcp runs with a dedicated fluentd-gcp service account (#54175, @tallclair)
-
- Stop mounting the host certificates into fluentd's prometheus-to-sd container
-
- fluentd-gcp runs with a dedicated fluentd-gcp service account (#54175, @tallclair)
- fix azure disk mount failure on coreos and some other distros (#54334, @andyzhangx)
- Allow GCE users to configure the service account made available on their nodes (#52868, @ihmccreery)
- Load kernel modules automatically inside a kube-proxy pod (#52003, @vfreex)
- kube-apiserver:
--ssh-user
and--ssh-keyfile
are now deprecated and will be removed in a future release. Users of SSH tunnel functionality used in Google Container Engine for the Master -> Cluster communication should plan to transition to alternate methods for bridging master and node networks. (#54433, @dims) - Fix hyperkube kubelet --experimental-dockershim (#54508, @ivan4th)
- Fix clustered datastore name to be absolute. (#54438, @pshahzeb)
- Fix for service controller so that it won't retry on doNotRetry service update failure. (#54184, @MrHohn)
- Add support for RBAC support to Kubernetes via Juju (#53820, @ktsakalozos)
- RBD Persistent Volume Sources can now reference User's Secret in namespaces other than the namespace of the bound Persistent Volume Claim (#54302, @sbezverk)
- Apiserver proxy rewrites URL when service returns absolute path with request's host. (#52556, @roycaihw)
- Logging cleanups (#54443, @bowei) * Updates kube-dns to use client-go 3 * Updates containers to use alpine as the base image on all platforms * Adds support for IPv6
- add
--raw
tokubectl create
to POST using the normal transport (#54245, @deads2k) - Remove the --network-plugin-dir flag. (#53564, @supereagle)
- Introduces a polymorphic scale client, allowing HorizontalPodAutoscalers to properly function on scalable resources in any API group. (#53743, @DirectXMan12)
- Add PodDisruptionBudget to scheduler cache. (#53914, @bsalamat)
- Added option lb-provider to OpenStack cloud provider config (#54176, @gonzolino)
- Allow for configuring etcd hostname in the manifest (#54403, @wojtek-t)
- Resolves forbidden error when accessing replicasets and daemonsets via the apps API group (#54309, @liggitt)
- Cluster Autoscaler 1.0.1 (#54298, @mwielgus)
- secret data containing Docker registry auth objects is now generated using the config.json format (#53916, @juanvallejo)
- Added support for SAN entries in the master node certificate via juju kubernetes-master config. (#54234, @hyperbolic2346)
- support imagePullSecrets and imagePullPolicy in kubefed init (#50740, @dixudx)
- update gRPC to v1.6.0 to pick up data race fix grpc/grpc-go#1316 (#53128, @dixudx)
- admission webhook registrations without a specific failure policy default to failing closed. (#54162, @deads2k)
- Device plugin Alpha API no longer supports returning artifacts per device as part of AllocateResponse. (#53031, @vishh)
- admission webhook registration now allows URL paths (#54145, @deads2k)
- The Kubelet's --enable-custom-metrics flag is now marked deprecated. (#54154, @mtaufen)
- Use multi-arch busybox image for e2e (#54034, @dixudx)
- sample-controller: add example CRD controller (#52753, @munnerz)
- RBAC PolicyRules now allow resource=
*/<subresource>
to coverany-resource/<subresource>
. For example,*/scale
coversreplicationcontroller/scale
. (#53722, @deads2k) - Upgrade to go1.9 (#51375, @cblecker)
- Webhook always retries connection reset error. (#53947, @crassirostris)
- fix PV Recycle failed on non-amd64 platfrom (#53958, @dixudx)
- Verbose option is added to each status function in CRI. Container runtime could return extra information in status response for debugging. (#53965, @Random-Liu)
- Fixed log fallback termination messages when using docker with journald log driver (#52503, @joelsmith)
- falls back to parse Docker runtime version as generic if not semver (#54040, @dixudx)
- kubelet: prevent removal of default labels from Node API objects on startup (#54073, @liggitt)
- Change scheduler to skip pod with updates only on pod annotations (#54008, @yguo0905)
- PodSecurityPolicy: when multiple policies allow a submitted pod, priority is given to ones which do not require any fields in the pod spec to be defaulted. If the pod must be defaulted, the first policy (ordered by name) that allows the pod is used. (#52849, @liggitt)
- Control HPA tolerance through the
horizontal-pod-autoscaler-tolerance
flag. (#52275, @mattjmcnaughton) - bump CNI to v0.6.0 (#51250, @dixudx)
- Improve resilience by annotating kube-dns addon with podAntiAffinity to prefer scheduling on different nodes. (#52193, @StevenACoffman)
- Azure cloudprovider: Fix controller manager crash issue on a manually created k8s cluster. (#53694, @andyzhangx)
- Enable Priority admission control in kubeadm. (#53175, @andrewsykim)
- Add --no-negcache flag to kube-dns to prevent caching of NXDOMAIN responses. (#53604, @cblecker)
- kubelet provides more specific events when unable to sync pod (#53857, @derekwaynecarr)
- Kubelet evictions take pod priority into account (#53542, @dashpole)
- Adds a new controller which automatically cleans up Certificate Signing Requests that are (#51840, @jcbsmpsn)
- Approved and Issued, or Denied.
- Optimize random string generator to avoid multiple locks & use bit-masking (#53720, @shyamjvs)
- update cluster printer to enable --show-labels (#53771, @dixudx)
- add RequestReceivedTimestamp and StageTimestamp to audit event (#52981, @CaoShuFeng)
- Deprecation: The flag
etcd-quorum-read
of kube-apiserver is deprecated and the ability to switch off quorum read will be removed in a future release. (#53795, @xiangpengzhao) - Use separate client for leader election in scheduler to avoid starving leader election by regular scheduler operations. (#53793, @wojtek-t)
- Support autoprobing node-security-group for openstack cloud provider, Support multiple Security Groups for cluster's nodes. (#50836, @FengyunPan)
- fix a bug where disk pressure could trigger prematurely when using overlay2 (#53684, @dashpole)
- "kubectl cp" updated to honor destination names (#51215, @juanvallejo)
- kubeadm: Strip bootstrap tokens from the
kubeadm-config
ConfigMap (#53559, @fabriziopandini) - Skip podpreset test if the alpha feature setttings/v1alpha1 is disabled (#53080, @jennybuckley)
- Log when node is successfully initialized by Cloud Controller Manager (#53517, @andrewsykim)
- apiserver: --etcd-quorum-read now defaults to true, to ensure correct operation with HA etcd clusters (#53717, @liggitt)
- The Kubelet's feature gates are now specified as a map when provided via a JSON or YAML KubeletConfiguration, rather than as a string of key-value pairs. (#53025, @mtaufen)
- Address a bug which allowed the horizontal pod autoscaler to allocate
desiredReplicas
>maxReplicas
in certain instances. (#53690, @mattjmcnaughton) - Horizontal pod autoscaler uses REST clients through the kube-aggregator instead of the legacy client through the API server proxy. (#53205, @kawych)
- Fix to prevent downward api change break on older versions (#53673, @timothysc)
- API chunking via the
limit
andcontinue
request parameters is promoted to beta in this release. Client libraries using the Informer or ListWatch types will automatically opt in to chunking. (#52949, @smarterclayton) - GCE: Bump GLBC version to 0.9.7. (#53625, @nikhiljindal)
- kubelet's
--cloud-provider
flag no longer defaults to "auto-detect". If you want cloud-provider support in kubelet, you must set a specific cloud-provider explicitly. (#53573, @dims) - Ignore extended resources that are not registered with kubelet during container resource allocation. (#53547, @jiayingz)
- kubectl top pod and node should sort by namespace / name so that results don't jump around. (#53560, @dixudx)
- Added --dry-run option to
kubectl drain
(#52440, @juanvallejo) - Fix a bug that prevents client-go metrics from being registered in prometheus in multiple components. (#53434, @crassirostris)
- Adjust batching audit webhook default parameters: increase queue size, batch size, and initial backoff. Add throttling to the batching audit webhook. Default rate limit is 10 QPS. (#53417, @crassirostris)
- Added integration test for TaintNodeByCondition. (#53184, @k82cn)
- Add API version apps/v1, and bump DaemonSet to apps/v1 (#53278, @janetkuo)
- Change
kubeadm create token
to default to the group that almost everyone will want to use. The group is system:bootstrappers:kubeadm:default-node-token and is the group that kubeadm sets up, via an RBAC binding, for auto-approval (system:certificates.k8s.io:certificatesigningrequests:nodeclient). (#53512, @jbeda) - Using OpenStack service catalog to do version detection (#53115, @FengyunPan)
- Fix metrics API group name in audit configuration (#53493, @piosz)
- GCE: Fixes ILB sync on legacy networks and auto networks with unique subnet names (#53410, @nicksardo)
- outputs
<none>
for columns specified by-o custom-columns
but not found in object (#51750, @jianhuiz) - Metrics were added to network plugin to report latency of CNI operations (#53446, @sjenning)
- GCE: Fix issue deleting internal load balancers when the firewall resource may not exist. (#53450, @nicksardo)
- Custom resources served through CustomResourceDefinition now support field selectors for
metadata.name
andmetadata.namespace
. (#53345, @ncdc) - Add generate-groups.sh and generate-internal-groups.sh to k8s.io/code-generator to easily run generators against CRD or User API Server types. (#52186, @sttts)
- kubelet
--cert-dir
now defaults to/var/lib/kubelet/pki
, in order to ensure bootstrapped and rotated certificates persist beyond a reboot. resolves an issue in kubeadm with false-positive/var/lib/kubelet is not empty
message during pre-flight checks (#53317, @liggitt) - Fix multi-attach error spam in logs and events (#53401, @gnufied)
- Use
not-ready
to replacenotReady
in node condition taint keys. (#51266, @resouer) - Support completion for --clusterrole of kubectl create clusterrolebinding (#48267, @superbrothers)
- Don't remove extended resource capacities that are not registered with kubelet from node status. (#53353, @jiayingz)
- Kubectl: Remove swagger 1.2 validation. Also removes options
--use-openapi
and--schema-cache-dir
as these are no longer needed. (#53232, @apelisse) kubectl explain
now uses openapi rather than swagger 1.2. (#53228, @apelisse)- Fixes a performance issue (#51899) identified in large-scale clusters when deleting thousands of pods simultaneously across hundreds of nodes, by actively removing containers of deleted pods, rather than waiting for periodic garbage collection and batching resulting pod API deletion requests. (#53233, @dashpole)
- Improve explanation of ReplicaSet (#53403, @rcorre)
- avoid newline " " in the error to break log msg to 2 lines (#49826, @dixudx)
- don't recreate a mirror pod for static pod when node gets deleted (#48339, @dixudx)
- Fix permissions for Metrics Server. (#53330, @kawych)
- default fail-swap-on to false for kubelet on kubernetes-worker charm (#53386, @wwwtyro)
- Add --etcd-compaction-interval to apiserver for controlling request of compaction to etcd3 from apiserver. (#51765, @mitake)
- Apply algorithm in scheduler by feature gates. (#52723, @k82cn)
- etcd: update version to 3.1.10 (#49393, @hongchaodeng)
- support nodeSelector in kubefed init (#50749, @dixudx)
- Upgrade fluentd-elasticsearch addon to Elasticsearch/Kibana 5.6.2 (#53307, @aknuds1)
- enable to specific unconfined AppArmor profile (#52395, @dixudx)
- Update Influxdb image to latest version. (#53319, @kairen)
- Update Grafana image to latest version.
- Change influxdb-grafana-controller resource to Deployment.
- Only do UpdateContainerResources when cpuset is set (#53122, @resouer)
- Fixes an issue with RBAC reconciliation that could cause duplicated subjects in some bootstrapped rolebindings on each restart of the API server. (#53239, @enj)
- gce: remove compute-rw, see what breaks (#53266, @mikedanese)
- Fix the bug that query Kubelet's stats summary with CRI stats enabled results in error. (#53107, @Random-Liu)
- kubeadm allows the kubelets in the cluster to automatically renew their client certificates (#53252, @kad)
- Fixes an issue with
kubectl set
commands encountering conversion errors for ReplicaSet and DaemonSet objects (#53158, @liggitt) - RBAC: The default
admin
andedit
roles now include read/write permissions and theview
role includes read permissions onpoddisruptionbudget.policy
resources. (#52654, @liggitt) - Change ImageGCManage to consume ImageFS stats from StatsProvider (#53094, @yguo0905)
- BugFix: Exited containers are not Garbage Collected by the kubelet while the pod is running (#53167, @dashpole)
- Add a label which prevents a node from being added to a cloud load balancer (#53146, @brendandburns)
- Fixes an issue pulling pod specs referencing unqualified images from docker.io on centos/fedora/rhel (#53161, @dims)
- Update kube-dns to 1.14.5 (#53153, @bowei)
- s390x ingress controller support (#52663, @wwwtyro)
- NONE (#50532, @steveperry-53)
- CRI: Add stdout/stderr fields to Exec and Attach requests. (#52686, @yujuhong)
- NONE (#53001, @ericchiang)
- Cluster Autoscaler 1.0.0 (#53005, @mwielgus)
- Remove the --docker-exec-handler flag. Only native exec handler is supported. (#52287, @yujuhong)
- The Rackspace cloud provider has been removed after a long deprecation period. It was deprecated because it duplicates a lot of the OpenStack logic and can no longer be maintained. Please use the OpenStack cloud provider instead. (#52855, @NickrenREN)
- Fixes an initializer bug where update requests which had an empty pending initializers list were erroneously rejected. (#52558, @jennybuckley)
- BulkVerifyVolumes() implementation for vSphere (#52131, @BaluDontu)
- added --list option to the
kubectl label
command (#51971, @juanvallejo) - Removing
--prom-push-gateway
flag from e2e tests (#52485, @nielsole) - If a container does not create a file at the
terminationMessagePath
, no message should be output about being unable to find the file. (#52567, @smarterclayton) - Support German cloud for azure disk mount feature (#50673, @clement-buchart)
- Add s390x to juju kubernetes (#52537, @ktsakalozos)
- Fix kubernetes charms not restarting services properly after host reboot on LXD (#52445, @Cynerva)
- Add monitoring of Windows Server containers metrics in the kubelet via the stats/summary endpoint. (#50396, @bobbypage)
- Restores redirect behavior for proxy subresources (#52933, @liggitt)
- A new service annotation has been added for services of type LoadBalancer on Azure, (#51757, @itowlson)
- to specify the subnet on which the service's front end IP should be provisioned. The
- annotation is service.beta.kubernetes.io/azure-load-balancer-internal-subnet and its
- value is the subnet name (not the subnet ARM ID). If omitted, the default is the
- master subnet. It is ignored if the service is not on Azure, if the type is not
- LoadBalancer, or if the load balancer is not internal.
- Adds a command-line argument to kube-apiserver called (#51698, @rphillips)
- --alpha-endpoint-reconciler-type=(master-count, lease, none) (default
- "master-count"). The original reconciler is 'master-count'. The 'lease'
- reconciler uses the storageapi and a TTL to keep alive an endpoint within the
kube-apiserver-endpoint
storage namespace. The 'none' reconciler is a noop- reconciler that does not do anything. This is useful for self-hosted
- environments.
- Improved Italian translation for kubectl (#51463, @lucab85)
- Add a metric to the kubelet to monitor remaining lifetime of the certificate that (#51031, @jcbsmpsn)
- authenticates the kubelet to the API server.
- change AddEventHandlerWithResyncPeriod to AddEventHandler in factory.go (#51582, @jiulongzaitian)
- Validate that cronjob names are 52 characters or less (#52733, @julia-stripe)
- add readme file of ipvs (#51937, @Lion-Wei)
filename | sha256 hash |
---|---|
kubernetes.tar.gz | e2dc3eebf79368c783b64f5b6642a287cc2fd777547d99f240a35cce1f620ffc |
kubernetes-src.tar.gz | ca8659187047f2d38a7c0ee313189c19ec35646c6ebaa8f59f2f098eca33dca0 |
filename | sha256 hash |
---|---|
kubernetes-client-darwin-386.tar.gz | 51e0df7e6611ff4a9b3759b05e65c80555317bff03282ef39a9b53b27cdeff42 |
kubernetes-client-darwin-amd64.tar.gz | c6c57cc92cc456a644c0965a6aa2bd260125807b450d69376e0edb6c98aaf4d7 |
kubernetes-client-linux-386.tar.gz | 399c8cb448d76accb71edcb00bee474f172d416c8c4f5253994e4e2d71e0dece |
kubernetes-client-linux-amd64.tar.gz | fde75d7267592b34609299a93ee7e54b26a948e6f9a1f64ced666c0aae4455aa |
kubernetes-client-linux-arm64.tar.gz | b38810cf87735efb0af027b7c77e4e8c8f5821f235cf33ae9eee346e6d1a0b84 |
kubernetes-client-linux-arm.tar.gz | a36427c2f2b81d42702a12392070f7dd3635b651bb04ae925d0bdf3ec50f83aa |
kubernetes-client-linux-ppc64le.tar.gz | 9dee0f636eef09bfec557a50e4f8f4b69e0588bbd0b77f6da50cc155e1679880 |
kubernetes-client-linux-s390x.tar.gz | 4a6246d5de5c3957ed41b8943fa03e74fb646595346f7c72beaf7b030fe6872e |
kubernetes-client-windows-386.tar.gz | 1ee384f4bb02e614c86bf84cdfdc42faffa659aaba4a1c759ec26f03eb438149 |
kubernetes-client-windows-amd64.tar.gz | e70d8935abefea0307780e899238bb10ec27c8f0d77702cf25de230b6abf7fb4 |
filename | sha256 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 7fff06370c4f37e1fe789cc160fce0c93535991f63d7fe7d001378f17027d9d8 |
kubernetes-server-linux-arm64.tar.gz | 65cd60512ea0bf508aa65f8d22a6f3094db394f00b3cd6bd63fe02b795514ab2 |
kubernetes-server-linux-arm.tar.gz | 0ecb341a047f1a9dface197f11f05f15853570cfb474c82538c7d61b40bd53ae |
kubernetes-server-linux-ppc64le.tar.gz | cea9eed4c24e7f29994ecc12674bff69d108692d3c9be3e8bd939b3c4f281892 |
kubernetes-server-linux-s390x.tar.gz | 4d50799e5989de6d9ec316d2051497a3617b635e89fa44e01e64fed544d96e07 |
filename | sha256 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | e956b9c1e5b47f800953ad0f82fae23774a2f43079dc02d98a90d5bfdca0bad6 |
kubernetes-node-linux-arm64.tar.gz | ede6a85db555dd84e8d7180bdd58712933c38567ab6c97a80d0845be2974d968 |
kubernetes-node-linux-arm.tar.gz | 4ac6a1784fa1e20be8a4e7fa0ff8b4defc725e6c058ff97068bf7bfa6a11c77d |
kubernetes-node-linux-ppc64le.tar.gz | 0d9c8c7e0892d7b678f3b4b7736087da91cb40c5f169e4302e9f4637c516207a |
kubernetes-node-linux-s390x.tar.gz | 2fdde192a84410c784e5d1e813985e9a19ce62e3d9bb2215481cbce9286329da |
kubernetes-node-windows-amd64.tar.gz | 543110cc69b57471f3824d96cbd16b003ac2cddaa19ca4bdefced0af61fd24f2 |
- New GCE or GKE clusters created with
cluster/kube-up.sh
will not enable the legacy ABAC authorizer by default. If you would like to enable the legacy ABAC authorizer, export ENABLE_LEGACY_ABAC=true before runningcluster/kube-up.sh
. (#51367, @cjcullen) - The OwnerReferencesPermissionEnforcement admission plugin now requires
update
permission on thefinalizers
subresource of the referenced owner in order to setblockOwnerDeletion
on an owner reference. (#49133, @deads2k) - The deprecated alpha and beta initContainer annotations are no longer supported. Init containers must be specified using the initContainers field in the pod spec. (#51816, @liggitt)
- Action required: validation rule on metadata.initializers.pending[x].name is tightened. The initializer name needs to contain at least three segments separated by dots. If you create objects with pending initializers, (i.e., not relying on apiserver adding pending initializers according to initializerconfiguration), you need to update the initializer name in existing objects and in configuration files to comply to the new validation rule. (#51283, @caesarxuchao)
- Audit policy supports matching subresources and resource names, but the top level resource no longer matches the subresouce. For example "pods" no longer matches requests to the logs subresource of pods. Use "pods/logs" to match subresources. (#48836, @ericchiang)
- Protobuf serialization does not distinguish between
[]
andnull
. (#45294, @liggitt)- API fields previously capable of storing and returning either
[]
andnull
via JSON API requests (for example, the Endpointssubsets
field) can now store onlynull
when created using the protobuf content-type or stored in etcd using protobuf serialization (the default in 1.6+). JSON API clients should toleratenull
values for such fields, and treatnull
and[]
as equivalent in meaning unless specifically documented otherwise for a particular field.
- API fields previously capable of storing and returning either
- PersistentVolumeLabel admission controller is now deprecated. (#52618, @dims)
- Mark the LBaaS v1 of OpenStack cloud provider deprecated. (#52821, @FengyunPan)
- NONE (#52819, @verult)
- Mark image as deliberately optional in v1 Container struct. Many objects in the Kubernetes API inherit the container struct and only Pods require the field to be set. (#48406, @gyliu513)
- [fluentd-gcp addon] Update Stackdriver plugin to version 0.6.7 (#52565, @crassirostris)
- Remove duplicate proto errors in kubelet. (#52132, @adityadani)
- [fluentd-gcp addon] Remove audit logs from the fluentd configuration (#52777, @crassirostris)
- Set defaults for successfulJobsHistoryLimit (3) and failedJobsHistoryLimit (1) in batch/v1beta1.CronJobs (#52533, @soltysh)
- Fix: update system spec to support Docker 17.03 (#52666, @yguo0905)
- Fix panic in ControllerManager on GCE when it has a problem with creating external loadbalancer healthcheck (#52646, @gmarek)
- PSP: add support for using
*
as a value inallowedCapabilities
to allow to request any capabilities (#51337, @php-coder) - [fluentd-gcp addon] By default ingest apiserver audit logs written to file in JSON format. (#52541, @crassirostris)
- The autoscaling/v2beta1 API group is now enabled by default. (#52549, @DirectXMan12)
- Add CLUSTER_SIGNING_DURATION environment variable to cluster (#52497, @jcbsmpsn)
- configuration scripts to allow configuration of signing duration of
- certificates issued via the Certificate Signing Request API.
- Introduce policy to allow the HPA to consume the metrics.k8s.io and custom.metrics.k8s.io API groups. (#52572, @DirectXMan12)
- kubelet to master communication when doing node status updates now has a timeout to prevent indefinite hangs (#52176, @liggitt)
- Introduced Metrics Server in version v0.2.0. For more details see https://github.com/kubernetes-incubator/metrics-server/releases/tag/v0.2.0. (#52548, @piosz)
- Adds ROTATE_CERTIFICATES environment variable to kube-up.sh script for GCE (#52115, @jcbsmpsn)
- clusters. When that var is set to true, the command line flag enabling kubelet
- client certificate rotation will be added to the kubelet command line.
- Make sure that resources being updated are handled correctly by Quota system (#52452, @gnufied)
- WATCHLIST calls are now reported as WATCH verbs in prometheus for the apiserver_request_* series. A new "scope" label is added to all apiserver_request_* values that is either 'cluster', 'resource', or 'namespace' depending on which level the query is performed at. (#52237, @smarterclayton)
- Fixed the webhook admission plugin so that it works even if the apiserver and the nodes are in two networks (e.g., in GKE). (#50476, @caesarxuchao)
- Fixed the webhook admission plugin so that webhook author could use the DNS name of the service as the CommonName when generating the server cert for the webhook.
- Action required:
- Anyone who generated server cert for admission webhooks need to regenerate the cert. Previously, when generating server cert for the admission webhook, the CN value doesn't matter. Now you must set it to the DNS name of the webhook service, i.e.,
<service.Name>.<service.Namespace>.svc
.
- Ignore pods marked for deletion that exceed their grace period in ResourceQuota (#46542, @derekwaynecarr)
- custom resources that use unconventional pluralization now work properly with kubectl and garbage collection (#50012, @deads2k)
- [fluentd-gcp addon] Fluentd will trim lines exceeding 100KB instead of dropping them. (#52289, @crassirostris)
- dockershim: check the error when syncing the checkpoint. (#52125, @yujuhong)
- By default, clusters on GCE no longer sends RequestReceived audit event, if advanced audit is configured. (#52343, @crassirostris)
- [BugFix] Soft Eviction timer works correctly (#52046, @dashpole)
- Azuredisk mount on windows node (#51252, @andyzhangx)
- [fluentd-gcp addon] Bug with event-exporter leaking memory on metrics in clusters with CA is fixed. (#52263, @crassirostris)
- kubeadm: Enable kubelet client certificate rotation (#52196, @luxas)
- Scheduler predicate developer should respect equivalence class cache (#52146, @resouer)
- The
kube-cloud-controller-manager
flag--service-account-private-key-file
was non-functional and is now deprecated. (#50289, @liggitt)- The
kube-cloud-controller-manager
flag--use-service-account-credentials
is now honored consistently, regardless of whether--service-account-private-key-file
was specified.
- The
- Fix credentials providers for docker sandbox image. (#51870, @feiskyer)
- NONE (#52120, @abgworrall)
- Fixed an issue looking up cronjobs when they existed in more than one API version (#52227, @liggitt)
- Add priority-based preemption to the scheduler. (#50949, @bsalamat)
- Add CLUSTER_SIGNING_DURATION environment variable to cluster configuration scripts (#51844, @jcbsmpsn)
- to allow configuration of signing duration of certificates issued via the Certificate
- Signing Request API.
- Adding German translation for kubectl (#51867, @Steffen911)
- The ScaleIO volume plugin can now read the SDC GUID value as node label scaleio.sdcGuid; if binary drv_cfg is not installed, the plugin will still work properly; if node label not found, it defaults to drv_cfg if installed. (#50780, @vladimirvivien)
- A policy with 0 rules should return an error (#51782, @charrywanganthony)
- Log a warning when --audit-policy-file not passed to apiserver (#52071, @CaoShuFeng)
- Fixes an issue with upgrade requests made via pod/service/node proxy subresources sending a non-absolute HTTP request-uri to backends (#52065, @liggitt)
- kubeadm: add
kubeadm phase addons
command (#51171, @andrewrynhard) - Fix for Nodes in vSphere lacking an InternalIP. (#48760) (#49202, @cbonte)
- v2 of the autoscaling API group, including improvements to the HorizontalPodAutoscaler, has moved from alpha1 to beta1. (#50708, @DirectXMan12)
- Fixed a bug where some alpha features were enabled by default. (#51839, @jennybuckley)
- Implement StatsProvider interface using CRI stats (#51557, @yguo0905)
- set AdvancedAuditing feature gate to true by default (#51943, @CaoShuFeng)
- Migrate the metrics/v1alpha1 API to metrics/v1beta1. The HorizontalPodAutoscaler (#51653, @DirectXMan12)
- controller REST client now uses that version. For v1beta1, the API is now known as
- resource-metrics.metrics.k8s.io.
- In GCE with COS, increase TasksMax for Docker service to raise cap on number of threads/processes used by containers. (#51986, @yujuhong)
- Fixes an issue with APIService auto-registration affecting rolling HA apiserver restarts that add or remove API groups being served. (#51921, @liggitt)
- Sharing a PID namespace between containers in a pod is disabled by default in 1.8. To enable for a node, use the --docker-disable-shared-pid=false kubelet flag. Note that PID namespace sharing requires docker >= 1.13.1. (#51634, @verb)
- Build test targets for all server platforms (#51873, @luxas)
- Add EgressRule to NetworkPolicy (#51351, @cmluciano)
- Allow DNS resolution of service name for COS using containerized mounter. It fixed the issue with DNS resolution of NFS and Gluster services. (#51645, @jingxu97)
- Fix journalctl leak on kubelet restart (#51751, @dashpole)
- Fix container memory rss
- Add hugepages monitoring support
- Fix incorrect CPU usage metrics with 4.7 kernel
- Add tmpfs monitoring support
- Support for Huge pages in empty_dir volume plugin (#50072, @squall0gd)
- Huge pages can now be used with empty dir volume plugin.
- Alpha support for pre-allocated hugepages (#50859, @derekwaynecarr)
- add support for client-side spam filtering of events (#47367, @derekwaynecarr)
- Provide a way to omit Event stages in audit policy (#49280, @CaoShuFeng)
- Introduced Metrics Server (#51792, @piosz)
- Implement Controller for growing persistent volumes (#49727, @gnufied)
- Kubernetes 1.8 supports docker version 1.11.x, 1.12.x and 1.13.x. And also supports overlay2. (#51845, @Random-Liu)
- The Deployment, DaemonSet, and ReplicaSet kinds in the extensions/v1beta1 group version are now deprecated, as are the Deployment, StatefulSet, and ControllerRevision kinds in apps/v1beta1. As they will not be removed until after a GA version becomes available, you may continue to use these kinds in existing code. However, all new code should be developed against the apps/v1beta2 group version. (#51828, @kow3ns)
- kubeadm: Detect kubelet readiness and error out if the kubelet is unhealthy (#51369, @luxas)
- Fix providerID update validation (#51761, @karataliu)
- Calico has been updated to v2.5, RBAC added, and is now automatically scaled when GCE clusters are resized. (#51237, @gunjan5)
- Add backoff policy and failed pod limit for a job (#51153, @clamoriniere1A)
- Adds a new alpha EventRateLimit admission control that is used to limit the number of event queries that are accepted by the API Server. (#50925, @staebler)
- The OpenID Connect authenticator can now use a custom prefix, or omit the default prefix, for username and groups claims through the --oidc-username-prefix and --oidc-groups-prefix flags. For example, the authenticator can map a user with the username "jane" to "google:jane" by supplying the "google:" username prefix. (#50875, @ericchiang)
- Implemented
kubeadm upgrade plan
for checking whether you can upgrade your cluster to a newer version (#48899, @luxas)- Implemented
kubeadm upgrade apply
for upgrading your cluster from one version to an other
- Implemented
- Switch to audit.k8s.io/v1beta1 in audit. (#51719, @soltysh)
- update QEMU version to v2.9.1 (#50597, @dixudx)
- controllers backoff better in face of quota denial (#49142, @joelsmith)
- The event table output under
kubectl describe
has been simplified to show only the most essential info. (#51748, @smarterclayton) - Use arm32v7|arm64v8 images instead of the deprecated armhf|aarch64 image organizations (#50602, @dixudx)
- audit newest impersonated user info in the ResponseStarted, ResponseComplete audit stage (#48184, @CaoShuFeng)
- Fixed bug in AWS provider to handle multiple IPs when using more than 1 network interface per ec2 instance. (#50112, @jlz27)
- Add flag "--include-uninitialized" to kubectl annotate, apply, edit-last-applied, delete, describe, edit, get, label, set. "--include-uninitialized=true" makes kubectl commands apply to uninitialized objects, which by default are ignored if the names of the objects are not provided. "--all" also makes kubectl commands apply to uninitialized objects. Please see the initializer doc for more details. (#50497, @dixudx)
- GCE: Service object now supports "Network Tiers" as an Alpha feature via annotations. (#51301, @yujuhong)
- When using kube-up.sh on GCE, user could set env
ENABLE_POD_PRIORITY=true
to enable pod priority feature gate. (#51069, @MrHohn) - The names generated for ControllerRevision and ReplicaSet are consistent with the GenerateName functionality of the API Server and will not contain "bad words". (#51538, @kow3ns)
- PersistentVolumeClaim metrics like "volume_stats_inodes" and "volume_stats_capacity_bytes" are now reported via kubelet prometheus (#51553, @wongma7)
- When using IP aliases, use a secondary range rather than subnetwork to reserve cluster IPs. (#51690, @bowei)
- IPAM controller unifies handling of node pod CIDR range allocation. (#51374, @bowei)
- It is intended to supersede the logic that is currently in range_allocator
- and cloud_cidr_allocator. (ALPHA FEATURE)
- Note: for this change, the other allocators still exist and are the default.
- It supports two modes:
- CIDR range allocations done within the cluster that are then propagated out to the cloud provider.
- Cloud provider managed IPAM that is then reflected into the cluster.
- The Kubernetes API server now supports the ability to break large LIST calls into multiple smaller chunks. A client can specify a limit to the number of results to return, and if more results exist a token will be returned that allows the client to continue the previous list call repeatedly until all results are retrieved. The resulting list is identical to a list call that does not perform chunking thanks to capabilities provided by etcd3. This allows the server to use less memory and CPU responding with very large lists. This feature is gated as APIListChunking and is not enabled by default. The 1.9 release will begin using this by default from all informers. (#48921, @smarterclayton)
- add reconcile command to kubectl auth (#51636, @deads2k)
- Advanced audit allows logging failed login attempts (#51119, @soltysh)
- kubeadm: Add support for using an external CA whose key is never stored in the cluster (#50832, @nckturner)
- the custom metrics API (custom.metrics.k8s.io) has moved from v1alpha1 to v1beta1 (#50920, @DirectXMan12)
- Add backoff policy and failed pod limit for a job (#48075, @clamoriniere1A)
- Performs validation (when applying for example) against OpenAPI schema rather than Swagger 1.0. (#51364, @apelisse)
- Make all e2e tests lookup image to use from a centralized place. In that centralized place, add support for multiple platforms. (#49457, @mkumatag)
- kubelet has alpha support for mount propagation. It is disabled by default and it is there for testing only. This feature may be redesigned or even removed in a future release. (#46444, @jsafrane)
- Add selfsubjectrulesreview API for allowing users to query which permissions they have in a given namespace. (#48051, @xilabao)
- Kubelet re-binds /var/lib/kubelet directory with rshared mount propagation during startup if it is not shared yet. (#45724, @jsafrane)
- Deviceplugin jiayingz (#51209, @jiayingz)
- Make logdump support kubemark and support gke with 'use_custom_instance_list' (#51834, @shyamjvs)
- add apps/v1beta2 conversion test (#49645, @dixudx)
- Fixed an issue (#47800) where
kubectl logs -f
failed withunexpected stream type ""
. (#50381, @sczizzo) - GCE: Internal load balancer IPs are now reserved during service sync to prevent losing the address to another service. (#51055, @nicksardo)
- Switch JSON marshal/unmarshal to json-iterator library. Performance should be close to previous with no generated code. (#48287, @thockin)
- Adds optional group and version information to the discovery interface, so that if an endpoint uses non-default values, the proper value of "kind" can be determined. Scale is a common example. (#49971, @deads2k)
- Fix security holes in GCE metadata proxy. (#51302, @ihmccreery)
- #43077 introduced a condition where DaemonSet controller did not respect the TerminationGracePeriodSeconds of the Pods it created. This is now corrected. (#51279, @kow3ns)
- Tainted nodes by conditions as following: (#49257, @k82cn) * 'node.kubernetes.io/network-unavailable=:NoSchedule' if NetworkUnavailable is true * 'node.kubernetes.io/disk-pressure=:NoSchedule' if DiskPressure is true * 'node.kubernetes.io/memory-pressure=:NoSchedule' if MemoryPressure is true * 'node.kubernetes.io/out-of-disk=:NoSchedule' if OutOfDisk is true
- rbd: default image format to v2 instead of deprecated v1 (#51574, @dillaman)
- Surface reasonable error when client detects connection closed. (#51381, @mengqiy)
- Allow PSP's to specify a whitelist of allowed paths for host volume (#50212, @jhorwit2)
- For Deployment, ReplicaSet, and DaemonSet, selectors are now immutable when updating via the new
apps/v1beta2
API. For backward compatibility, selectors can still be changed when updating viaapps/v1beta1
orextensions/v1beta1
. (#50719, @crimsonfaith91) - Allows kubectl to use http caching mechanism for the OpenAPI schema. The cache directory can be configured through
--cache-dir
command line flag to kubectl. If set to empty string, caching will be disabled. (#50404, @apelisse) - Pod log attempts are now reported in apiserver prometheus metrics with verb
CONNECT
since they can run for very long periods of time. (#50123, @WIZARD-CXY) - The
emptyDir.sizeLimit
field is now correctly omitted from API requests and responses when unset. (#50163, @jingxu97) - Promote CronJobs to batch/v1beta1. (#51465, @soltysh)
- Add local ephemeral storage support to LimitRange (#50757, @NickrenREN)
- Add mount options field to StorageClass. The options listed there are automatically added to PVs provisioned using the class. (#51228, @wongma7)
- Add 'kubectl set env' command for setting environment variables inside containers for resources embedding pod templates (#50998, @zjj2wry)
- Implement IPVS-based in-cluster service load balancing (#46580, @dujun1990)
- Release the kubelet client certificate rotation as beta. (#51045, @jcbsmpsn)
- Adds --append-hash flag to kubectl create configmap/secret, which will append a short hash of the configmap/secret contents to the name during creation. (#49961, @mtaufen)
- Add validation for CustomResources via JSON Schema. (#47263, @nikhita)
- enqueue a sync task to wake up jobcontroller to check job ActiveDeadlineSeconds in time (#48454, @weiwei04)
- Remove previous local ephemeral storage resource names: "ResourceStorageOverlay" and "ResourceStorageScratch" (#51425, @NickrenREN)
- Add
retainKeys
to patchStrategy for v1 Volumes and extentions/v1beta1 DeploymentStrategy. (#50296, @mengqiy) - Add mount options field to PersistentVolume spec (#50919, @wongma7)
- Use of the alpha initializers feature now requires enabling the
Initializers
feature gate. This feature gate is auto-enabled if theInitialzers
admission plugin is enabled. (#51436, @liggitt) - Fix inconsistent Prometheus cAdvisor metrics (#51473, @bboreham)
- Add local ephemeral storage to downward API (#50435, @NickrenREN)
- kubectl zsh autocompletion will work with compinit (#50561, @cblecker)
- [Experiment Only] When using kube-up.sh on GCE, user could set env
KUBE_PROXY_DAEMONSET=true
to run kube-proxy as a DaemonSet. kube-proxy is run as static pods by default. (#50705, @MrHohn) - Add --request-timeout to kube-apiserver to make global request timeout configurable. (#51415, @jpbetz)
- Deprecate auto detecting cloud providers in kubelet. Auto detecting cloud providers go against the initiative for out-of-tree cloud providers as we'll now depend on cAdvisor integrations with cloud providers instead of the core repo. In the near future,
--cloud-provider
for kubelet will either be an empty string orexternal
. (#51312, @andrewsykim) - Add local ephemeral storage support to Quota (#49610, @NickrenREN)
- Kubelet updates default labels if those are deprecated (#47044, @mrIncompetent)
- Add error count and time-taken metrics for storage operations such as mount and attach, per-volume-plugin. (#50036, @wongma7)
- A new predicates, named 'CheckNodeCondition', was added to replace node condition filter. 'NetworkUnavailable', 'OutOfDisk' and 'NotReady' maybe reported as a reason when failed to schedule pods. (#51117, @k82cn)
- Add support for configurable groups for bootstrap token authentication. (#50933, @mattmoyer)
- Fix forbidden message format (#49006, @CaoShuFeng)
- make volumesInUse sorted in node status updates (#49849, @dixudx)
- Adds
InstanceExists
andInstanceExistsByProviderID
to cloud provider interface for the cloud controller manager (#51087, @prydie) - Dynamic Flexvolume plugin discovery. Flexvolume plugins can now be discovered on the fly rather than only at system initialization time. (#50031, @verult)
- add fieldSelector spec.schedulerName (#50582, @dixudx)
- Change eviction manager to manage one single local ephemeral storage resource (#50889, @NickrenREN)
- Cloud Controller Manager now sets Node.Spec.ProviderID (#50730, @andrewsykim)
- Paramaterize session affinity timeout seconds in service API for Client IP based session affinity. (#49850, @m1093782566)
- Changing scheduling part of the alpha feature 'LocalStorageCapacityIsolation' to manage one single local ephemeral storage resource (#50819, @NickrenREN)
- set --audit-log-format default to json (#50971, @CaoShuFeng)
- kubeadm: Implement a
--dry-run
mode and flag forkubeadm
(#51122, @luxas) - kubectl rollout
history
,status
, andundo
subcommands now support StatefulSets. (#49674, @crimsonfaith91) - Add IPBlock to Network Policy (#50033, @cmluciano)
- Adding Italian translation for kubectl (#50155, @lucab85)
- Simplify capabilities handling in FlexVolume. (#51169, @MikaelCluseau)
- NONE (#50669, @jiulongzaitian)
- cloudprovider.Zones should support external cloud providers (#50858, @andrewsykim)
- Finalizers are now honored on custom resources, and on other resources even when garbage collection is disabled via the apiserver flag
--enable-garbage-collector=false
(#51148, @ironcladlou) - Renamed the API server flag
--experimental-bootstrap-token-auth
to--enable-bootstrap-token-auth
. The old value is accepted with a warning in 1.8 and will be removed in 1.9. (#51198, @mattmoyer) - Azure file persistent volumes can use a new
secretNamespace
field to reference a secret in a different namespace than the one containing their bound persistent volume claim. The azure file persistent volume provisioner honors a correspondingsecretNamespace
storage class parameter to determine where to place secrets containing the storage account key. (#47660, @rootfs) - Bumped gRPC version to 1.3.0 (#51154, @RenaudWasTaken)
- Delete load balancers if the UIDs for services don't match. (#50539, @brendandburns)
- Show events when describing service accounts (#51035, @mrogers950)
- implement proposal 34058: hostPath volume type (#46597, @dixudx)
- HostAlias is now supported for both non-HostNetwork Pods and HostNetwork Pods. (#50646, @rickypai)
- CRDs support metadata.generation and implement spec/status split (#50764, @nikhita)
- Allow attach of volumes to multiple nodes for vSphere (#51066, @BaluDontu)
Please see the Releases Page for older releases.
Release notes of older releases can be found in: