Skip to content

Latest commit

 

History

History
2712 lines (1931 loc) · 258 KB

CHANGELOG-1.7.md

File metadata and controls

2712 lines (1931 loc) · 258 KB

v1.7.8

Documentation & Examples

Downloads for v1.7.8

filename sha256 hash
kubernetes.tar.gz 219bbdd3b36949004432230629f14caf6e36839537bac54d75c02ca0bc91af73
kubernetes-src.tar.gz 7d70756b49029921a4609db0748be279b9473cbb24319d45813f0f018248de67

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 4d3d683fd1520a2f3e229cac7f823c63a2630b831874cbd3b4c130fea6ce86cf
kubernetes-client-darwin-amd64.tar.gz 6c2d1d6de6d78823e4a4d66f02f780204214ed03aab89766cc4526b97eb56062
kubernetes-client-linux-386.tar.gz 318b0f1053d666b296be37a9ca264b31311cfd700f213bbff87a9010c786ef4b
kubernetes-client-linux-amd64.tar.gz 90d64d3642b1fd25d19f369803fee4b84bb53baa128f71c30ed67c9c4b9081aa
kubernetes-client-linux-arm64.tar.gz b8eb3ae3598ccaf9cfd637110b8b6cb5fa324f772dc188b12bb1ca18cf3250e7
kubernetes-client-linux-arm.tar.gz 200cbc7076740781bb5a95ffbb2040a7b6c751d2c050f040c293adf0c41f5c4a
kubernetes-client-linux-ppc64le.tar.gz e9033569028313d339cc2290447fcd96987c5ac56f8666063f1f147a71e76746
kubernetes-client-linux-s390x.tar.gz 5a6f597d73d43f34c40664940a79e096a2e3c645c6baf72bf0e8c60b723a6799
kubernetes-client-windows-386.tar.gz 306388adaf891b2636f8d74c4b473d3f67245daff480503a07ed8e92c9bf6127
kubernetes-client-windows-amd64.tar.gz 42e4bebbdafd6274ac816ef4d560011721b100a4c5caf54324193653779ad377

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 80507ed2b515ab1762d3982b0a8ae18e78f1aeb7abd25e03b8777d66db1accfe
kubernetes-server-linux-arm64.tar.gz e4401984dd3951985e390296bfca2383b78f7157519c9fa75ff56ee5a8654f93
kubernetes-server-linux-arm.tar.gz 4a515461dd9e10e3fac848bdb2e78d115ac154c10a2052a2489d34eb4a106bdb
kubernetes-server-linux-ppc64le.tar.gz 3c04ef5b83898aec1db99b4eea11b69763399e9787d1fc1df292e372537af480
kubernetes-server-linux-s390x.tar.gz 139c4292b88a076f576766d28cc2f2d1f3cc5805eedd8926e0b676f639628ffe

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz d485ba3ef78a5450f2c1f826a811a0812244fee469e583e8c99882f1d4a6c310
kubernetes-node-linux-arm64.tar.gz 3914eb9963347e2800ad1f821e61dd863f83bbffaf9a76d3f873c5e48c5163c8
kubernetes-node-linux-arm.tar.gz cf90a98a505908e5a92de0720341f43d5a5c938467b3b161c1e11ca76f8216fa
kubernetes-node-linux-ppc64le.tar.gz 1f57f27cdd9a0ba6be5298a6b28c5aea5c53197cff65fddb02ff051bda1acc6e
kubernetes-node-linux-s390x.tar.gz f6ff6604e758643cc6a6710eab98d968ede12b255b0c9d66e5160c88a263ccad
kubernetes-node-windows-amd64.tar.gz 31babad05d172c11a08e8433fd4d19cc273ee8a18a885f74ebdcda6f02a769ad

Changelog since v1.7.7

Other notable changes

  • Ignore pods marked for deletion that exceed their grace period in ResourceQuota (#46542, @derekwaynecarr)
  • kubelet to master communication when doing node status updates now has a timeout to prevent indefinite hangs (#52176, @liggitt)
  • Bumped Heapster version to 1.4.3 - more details https://github.com/kubernetes/heapster/releases/tag/v1.4.3 (#53376, @loburm)
  • Delete the federation namespace from control plane instead of individual objects (#51768, @shashidharatd)
  • Bugfix: OpenAPI models may not get group-version-kind extension if kubernetes is vendored in another project (e.g. minikube). Kubectl 1.8 needs this extension to work with those projects. (#53152, @mbohlool)
  • Fix for Nodes in vSphere lacking an InternalIP. (#48760) (#49202, @cbonte)
  • [fluentd-gcp addon] Update Stackdriver plugin to version 0.6.7 (#52565, @crassirostris)
  • Fixes an issue with RBAC reconciliation that could cause duplicated subjects in some bootstrapped rolebindings on each restart of the API server. (#53239, @enj)
  • Restores redirect behavior for proxy subresources (#52933, @liggitt)
  • Fix panic in ControllerManager on GCE when it has a problem with creating external loadbalancer healthcheck (#52646, @gmarek)
  • custom resources that use unconventional pluralization now work properly with kubectl and garbage collection (#50012, @deads2k)
  • When performing a GET then PUT, the kube-apiserver must write the canonical representation of the object to etcd if the current value does not match. That allows external agents to migrate content in etcd from one API version to another, across different storage types, or across varying encryption levels. This fixes a bug introduced in 1.5 where we unintentionally stopped writing the newest data. (#48394, @smarterclayton)

v1.7.7

Documentation & Examples

Downloads for v1.7.7

filename sha256 hash
kubernetes.tar.gz 1fbf1672931464c7b66b93298a6623c97727d9359e5409e7e139a7fbec486591
kubernetes-src.tar.gz 572eda617bdfc4456a5d370a4616bea5684ff8e999faf4677f4665f181961d86

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 661700a452f9ca1c91530e9d0ac1ef7552ae75cfaa86eaa99021b0f30300acd5
kubernetes-client-darwin-amd64.tar.gz eceadcbb092f8bde9d09a1a170aa1ae2af5c07f399995750915a53f0ebbb9f45
kubernetes-client-linux-386.tar.gz 2856189ab86b440439bf1a3eab984fa24a1e2280c0741422940c5f06fe66e49e
kubernetes-client-linux-amd64.tar.gz c314a175fe64c7874d0381037d4ffa8bbfdb729af52f8081a9530771203b3852
kubernetes-client-linux-arm64.tar.gz 5ad395eff828384feec88f624624fe4da822def6e85a540136bbc1968c5f4b6c
kubernetes-client-linux-arm.tar.gz 4636e3f5d1084a31c5abbffe775d241f75bb62d42624b87a7bb85e01f4bdd558
kubernetes-client-linux-ppc64le.tar.gz 08943b8745d463c82c29edaf8adfbb22d5409a57a1d88cbe3d08f584bcd36582
kubernetes-client-linux-s390x.tar.gz 71efa60865c2bbc7024e60f4437404d68417e7855586896ce15856f94972d4e4
kubernetes-client-windows-386.tar.gz 1af19fcb54371732839cf658cb62d6092aef335b234c735a13119b88b667893d
kubernetes-client-windows-amd64.tar.gz 887db68565adac992e0cb2989058b958b60ce4e93704c4286a013277d5e545c5

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 674d73c536e0fccd0c8a773d53c94c27257a63b3a91e36be7b045d6d4a43bd8a
kubernetes-server-linux-arm64.tar.gz 945b7e8d632e9aa5aff7f27d83049a5434472c5fc7ae60010478af42f2c7d85c
kubernetes-server-linux-arm.tar.gz ae535d3875242fadac615655aa86fbefcf86ec244705a9ededbe34e46419ad22
kubernetes-server-linux-ppc64le.tar.gz 1bd286bc6aaea225191953a576fd3be6721624f5baa441257036a7efd382f293
kubernetes-server-linux-s390x.tar.gz 742e11b8eb127ed5fc1f2520f8c4428c4fdace065412f048c6fe6656d7f165be

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 37f0e39673dcaebec761929b13d7a4951cddf9f772adf68d4e43b0783d0a0897
kubernetes-node-linux-arm64.tar.gz 35a1b338484aa6c031a6a3b671e626605d3c89cd9da81ab009b12e69ef9440a2
kubernetes-node-linux-arm.tar.gz 99bedd7379faafde9917090f7c98148b2e9a8b00705738a8ce3e6863644a030e
kubernetes-node-linux-ppc64le.tar.gz 5e9235f4ea823dc6c074ac2d1fcdd23786efc5c9908bf053c7d92540cbf8f4bb
kubernetes-node-linux-s390x.tar.gz 43ed881a44d125e0bf9b00725cfa48f77e7e61661c43e651914879fe2e3305d0
kubernetes-node-windows-amd64.tar.gz 938fa3b2cf0ccc6ab1deb6259e49e88e982cc46dcf801365ba48dda616841ca6

Changelog since v1.7.6

Other notable changes

  • Update kube-dns to 1.14.5 (#53114, @bowei)
  • StatefulSet will now fill the hostname and subdomain fields if they're empty on existing Pods it owns. This allows it to self-correct the issue where StatefulSet Pod DNS entries disappear after upgrading to v1.7.x (#48327). (#51199, @kow3ns)
  • Third Party Resource tests in the e2e suite were incorrectly marked as part of the conformance bucket. They are alpha and are not required for conformance. (#52823, @smarterclayton)
  • fixes upgrade test to work with tightened validation of initializer names in 1.8 (#52592, @liggitt)
  • Fix inconsistent Prometheus cAdvisor metrics (#51473, @bboreham)
  • Fixed an issue reporting lack of progress for a deployment prematurely (#52178, @kargakis)
  • [fluentd-gcp addon] Bug with event-exporter leaking memory on metrics in clusters with CA is fixed. (#52263, @crassirostris)

v1.7.6

Documentation & Examples

Downloads for v1.7.6

filename sha256 hash
kubernetes.tar.gz 6d2462aed79097845129e05375fdf16b724c32d47579d30a9b563a8d360d3ae3
kubernetes-src.tar.gz ee66724a04900f4b90bc6eccbd6487095d888a90cf7cfdc0f5b5e9425ae95e47

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz fc5ee8d608cc551693839ac79c1330b7a688930a8f16b0d313128844d598e4d3
kubernetes-client-darwin-amd64.tar.gz 0e9dad45f6dd4ef06d9aef7151ba02612300ddebf7fb4b7e64174408590e340e
kubernetes-client-linux-386.tar.gz 74fc57544bd2b109fb620f0f8f1e821a66e83082700a49cfc38e5b2c1d7221a6
kubernetes-client-linux-amd64.tar.gz 0d46a9c297d193bc193487aa1734141be764a0078759748ec800f92bd183de5f
kubernetes-client-linux-arm64.tar.gz ef9dbbd93e4ad02e02297466b631e779f5fd96f2a449a5f628b239068e615a22
kubernetes-client-linux-arm.tar.gz 25637797aed9d4904e8209d5085ade93df12a9fbcf6c09499e3a20cba6876122
kubernetes-client-linux-ppc64le.tar.gz 9a9cc9e747fd56330c87b68508c9cb6cedbe988a7682e70f6410a0d1c6bc9256
kubernetes-client-linux-s390x.tar.gz 8cdaaf06618b5e936ad90bdae608ea0e9f352b91197002031b3802fbdeda6aa3
kubernetes-client-windows-386.tar.gz e1e74224d151d0317eba54ac02bdac21e86416af475b27a068e9f72749b10481
kubernetes-client-windows-amd64.tar.gz 37d9a7c0fbf3ff1e47d51a986f939c4f257bf265916c5f1b2e809b8161f48953

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 302c3c48f9c2def14fd4503f5caf3c66e8abefd478e735ec7a270b3ba313f93c
kubernetes-server-linux-arm64.tar.gz 04a28285cc98e57dee3d41987adb4e08e049b9c0d493ed3ae1b7017c2d4aaa66
kubernetes-server-linux-arm.tar.gz caf808442d09784dea5b18d89a39cbfe318257bd5efa03ab81b4393a5aa3e370
kubernetes-server-linux-ppc64le.tar.gz b156c17df4a4c2badd1c7e580652ffe6d816c1134ebb22e1ca1fa7ef1b8326df
kubernetes-server-linux-s390x.tar.gz 1a4fedd1ec94429b5ea8ef894b04940e248f872fab272f28fddff5951e4ee571

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 8d798ef84c933c9aa4ba144277ebe571879b2237239827565327be2c97726bbc
kubernetes-node-linux-arm64.tar.gz ca0976faf03812a415da6a0dc244a65222a3f8d81b3da929530988a36ce0dc1a
kubernetes-node-linux-arm.tar.gz 92fd22d0bb51d32e24490a0ec12c48e28b5c5a19826c10f5e9061d06620ca12f
kubernetes-node-linux-ppc64le.tar.gz 1b39b2a89a5522a9f1d23b90a51070a13bede72a66c3b6b217289fa4fadbc0d6
kubernetes-node-linux-s390x.tar.gz fda8c1ed4ebd406a6c19d0a982ba6705f0533e6c1db96e2bd121392deb4018ed
kubernetes-node-windows-amd64.tar.gz 325caebf0f5d9dc79259f9609014e80385753d3ad1fff7fb276b19d2f272ef3b

Changelog since v1.7.5

Other notable changes

  • [fluentd-gcp addon] Fluentd will trim lines exceeding 100KB instead of dropping them. (#52289, @crassirostris)
  • Cluster Autoscaler 0.6.2 (#52359, @mwielgus)
  • Add --request-timeout to kube-apiserver to make global request timeout configurable. (#51415, @jpbetz)
  • Fix credentials providers for docker sandbox image. (#51870, @feiskyer)
  • Fix security holes in GCE metadata proxy. (#51302, @ihmccreery)
  • Fixed an issue looking up cronjobs when they existed in more than one API version (#52227, @liggitt)
  • Fixes an issue with upgrade requests made via pod/service/node proxy subresources sending a non-absolute HTTP request-uri to backends (#52065, @liggitt)
  • Fix a kube-controller-manager crash which can result when --concurrent-resource-quota-syncs is >1 and pods exist in the system containing certain alpha/beta annotation keys. (#52092, @ironcladlou)
  • Make logdump support kubemark and support gke with 'use_custom_instance_list' (#51834, @shyamjvs)
  • Fixes an issue with APIService auto-registration affecting rolling HA apiserver restarts that add or remove API groups being served. (#51921, @liggitt)
  • In GCE with COS, increase TasksMax for Docker service to raise cap on number of threads/processes used by containers. (#51986, @yujuhong)
  • Fix providerID update validation (#51761, @karataliu)
  • Automated cherry pick of #50381 to release-1.7 (#51871, @feiskyer)
  • The emptyDir.sizeLimit field is now correctly omitted from API requests and responses when unset. (#50163, @jingxu97)
  • Calico has been updated to v2.5, RBAC added, and is now automatically scaled when GCE clusters are resized. (#51237, @gunjan5)

v1.7.5

Documentation & Examples

Downloads for v1.7.5

filename sha256 hash
kubernetes.tar.gz bc96c1ec02da6a82f90bc04064d2c4d6463a4d9dd37e5882a23f8c74bdf1b20b
kubernetes-src.tar.gz e06ebc6b73b6b38aeb55891b9e5c0bbd26e755e05674d70866cdc41f749f62a5

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 2c1c40c161e5ccae6df0dc5846a9a8bd55ebcd5b55012e09c01ec00bc81f4a81
kubernetes-client-darwin-amd64.tar.gz 6e749df53f9b4f5e2c1a94c360e06e9d4c4c0bf34c0dd2a02476d476e8da3f68
kubernetes-client-linux-386.tar.gz d0edb7229ec27c4354589a1045766d8e12605be5c2ab82cef3e30d324ba66095
kubernetes-client-linux-amd64.tar.gz e246dc357be1ccaad1c5f79d4696abdc31a90bd8eae642e5bacd1e7d820517ad
kubernetes-client-linux-arm64.tar.gz bf94c70e00cb3c451a3b024e64fd5933098850fe3414e8b72d42244cbd478a2e
kubernetes-client-linux-arm.tar.gz 17d4af2b552377ee580230c0f0ea0de8469e682c01cd0ebde8f50c52cd02bed3
kubernetes-client-linux-ppc64le.tar.gz bfa32c4b1d70474dd5fccd588bd4e836c6d330b1d6d04de3ceeb3acc4f65a21b
kubernetes-client-linux-s390x.tar.gz c2a3822d358b24c909b8965a25ac759f510bab3f60b6117cf522dccabc724cb0
kubernetes-client-windows-386.tar.gz b70b3de5a33eb7762aa371b1b7e426a0cafc1d468bb33dff2db20997d244bd37
kubernetes-client-windows-amd64.tar.gz 7f995b5a4f9338b9aa62508ac71ccd615f0ef577841d603f9e9ea6683be688b0

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 7482c12dae75fb195f2f3afa92f62c354cafb97bee5703c4fdaa617d27c7cf68
kubernetes-server-linux-arm64.tar.gz 0be475479062f113fcc41d91215c21409c6e4c000e96ffc0246e4597b6737a29
kubernetes-server-linux-arm.tar.gz 07527fbe49a2f12eae25ccd49e8a95deae7f5a8c8bae2014e5dc2561e4a04fdb
kubernetes-server-linux-ppc64le.tar.gz fed7ee43ba5db918d277e26da9ca556254fa365445d51cb33a3e304d1e3841e9
kubernetes-server-linux-s390x.tar.gz 47b548cc2c6e224c49fe286da3db61c0cf1905239df2869b88b9b8607edbbd73

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz f5dd62f21d2cc516768b55d191bc20fc20901b9fa2e1165eef2adcca4821e23d
kubernetes-node-linux-arm64.tar.gz 8ee0d5f417651f2ce9ab5e504bbd47fbfe0f15d6e3923a1356b2def4f1012b66
kubernetes-node-linux-arm.tar.gz 40882a5c505fee370eb69e890b8974d3bb9c896307795d81bf7dff52797e4eeb
kubernetes-node-linux-ppc64le.tar.gz 597bd33af9f03874fabc0778de3df057f13364630d590cc4443e4c858ffbe7f3
kubernetes-node-linux-s390x.tar.gz dd57a82a5d71d03a97cebf901bf9cc5273b935218f4fc1c3f1471b93842a4414
kubernetes-node-windows-amd64.tar.gz d95511742d26c375b5a705b85b498b200c8e081fec365c4b60df18def49d151c

Changelog since v1.7.4

Other notable changes

  • Bumped Heapster version to 1.4.2 - more details https://github.com/kubernetes/heapster/releases/tag/v1.4.2. (#51620, @piosz)
  • Fix for Pod stuck in ContainerCreating with error "Volume is not yet attached according to node". (#50806, @verult)
  • Fixed controller manager crash by making it tolerant to discovery errors.(#49767, @deads2k)
  • Finalizers are now honored on custom resources, and on other resources even when garbage collection is disabled via the apiserver flag --enable-garbage-collector=false (#51469, @ironcladlou)
  • Allow attach of volumes to multiple nodes for vSphere (#51066, @BaluDontu)
  • vSphere: Fix attach volume failing on the first try. (#51217, @BaluDontu)
  • azure: support retrieving access tokens via managed identity extension (#48854, @colemickens)
  • Fixed a bug in strategic merge patch that caused kubectl apply to error out under some conditions (#50862, @guoshimin)
  • It is now posible to use flexVolumes to bind mount directories and files. (#50596, @adelton)
  • StatefulSet: Fix "forbidden pod updates" error on Pods created prior to upgrading to 1.7. (#48327) (#51149, @kow3ns)
  • Fixed regression in initial kubectl exec terminal dimensions (#51127, @chen-anders)
  • Enforcement of fsGroup; enable ScaleIO multiple-instance volume mapping; default PVC capacity; alignment of PVC, PV, and volume names for dynamic provisioning (#48999, @vladimirvivien)

v1.7.4

Documentation & Examples

Downloads for v1.7.4

filename sha256 hash
kubernetes.tar.gz dfc4521a81cdcb6a644757247f7b5311ed371d767053e0b28ac1c6a58a890bd2
kubernetes-src.tar.gz d9e0e091b202c2ca155d31ed88b616a4cb759bc14d84b637271b55d6b0774bd1

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz e87bb880f89766c0642eadfca387d91b82845da4c26eb4b213665b82d9060641
kubernetes-client-darwin-amd64.tar.gz a913d8f2578449e926c822a5e96b3c7185fd0c97589d45f4f9224940f3f2e4c9
kubernetes-client-linux-386.tar.gz 03ed586c6c2c1e5fbdf3e75627b2d981b5e54fe1f4090a23759e34f1cfe6e7d0
kubernetes-client-linux-amd64.tar.gz 19eef604019d4562e9b1107ad8d1d3886512ba240a9eb82f8d6b4332b2cd5e7d
kubernetes-client-linux-arm64.tar.gz 9c60f289d55674b3af26bc219b4478aa2d46f6cbf7743493c14ad49099a17794
kubernetes-client-linux-arm.tar.gz 6fb2260f8a5ac18b5f16cfcf34579c675ee2222b54508d0abd36624acb24f314
kubernetes-client-linux-ppc64le.tar.gz e5fe4b73cbd4e5662e77b1ca72e959f692fde39459bd1e9711814d877dabf137
kubernetes-client-linux-s390x.tar.gz 2ed3545580731b838f732cc0b8f805e0aa03478bf2913fd3ae3230042edea2c3
kubernetes-client-windows-386.tar.gz 5b1c79aea5e5174e0d135a15dd3a33cdbdb2c465f08af1878c5fc38aaf28ba7b
kubernetes-client-windows-amd64.tar.gz 07ca92b2f7659ecc8f5c93a707767fe6de099c20d5a81451f652968a326ec063

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 09c420fdb9b912c172b19638d67b27bc7994e2608185051f412804fa55790076
kubernetes-server-linux-arm64.tar.gz 49d0a383fced290223b3727011904283e16183f0356f7d952f587eef9dbef4a8
kubernetes-server-linux-arm.tar.gz 74442000ff61b10b12f783594cb15b6a1db3dd0d879fe8c0863e8b5ec7de7de4
kubernetes-server-linux-ppc64le.tar.gz 809cf588ca15ab57ca4570aa7939fb08b7dc7e038a0475098f9f4ba5ced9e4c7
kubernetes-server-linux-s390x.tar.gz 33961f57ece65872976065614055b41a0bb3237152bb86ae40b9fa6a0089ab2f

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 59e0643c46f9ad5b401b9bb8aa067d1263f0b22f06f16008b5c7518ee905324e
kubernetes-node-linux-arm64.tar.gz 216523d47ec6b451308708eda53ef5fe05f59c3c1c912955094be798dfe8f7bb
kubernetes-node-linux-arm.tar.gz 13ccad18701f67930991128c39efecea3ba873e21cecc81d79a5563c11f16ad2
kubernetes-node-linux-ppc64le.tar.gz a6b644f842e84b3dc6059fae19dffe4da1d3dbc8e6464f264664169634f89a02
kubernetes-node-linux-s390x.tar.gz b753f1bf1b26a62bc26def4b6b49dacdd16389d2d57ca2c384f449727daacc1d
kubernetes-node-windows-amd64.tar.gz 1fabda88ff9cbfcae406707c8584efc75600b2484317a0f22d56a0c44ca32184

Changelog since v1.7.3

Other notable changes

  • Azure: Allow VNet to be in a separate Resource Group. (#49725, @sylr)
  • Fix an issue where if a CSR is not approved initially by the SAR approver is not retried. (#49788, @mikedanese)
  • Cluster Autoscaler - fixes issues with taints and updates kube-proxy cpu request. (#50514, @mwielgus)
  • Bumped Heapster version to 1.4.1: (#50642, @piosz)
      • handle gracefully problem when kubelet reports duplicated stats for the same container (see #47853) on Heapster side
      • fixed bugs and improved performance in Stackdriver Sink
  • fluentd-gcp addon: Fix a bug in the event-exporter, when repeated events were not sent to Stackdriver. (#50511, @crassirostris)
  • Collect metrics from Heapster in Stackdriver mode. (#50517, @piosz)
  • fixes a bug around using the Global config ElbSecurityGroup where Kuberentes would modify the passed in Security Group. (#49805, @nbutton23)
  • Updates Cinder AttachDisk operation to be more reliable by delegating Detaches to volume manager. (#50042, @jingxu97)
  • fixes kubefed's ability to create RBAC roles in version-skewed clusters (#50537, @liggitt)
  • Fix data race during addition of new CRD (#50098, @nikhita)
  • Fix bug in scheduler that caused initially unschedulable pods to stuck in Pending state forever. (#50028, @julia-stripe)
  • Fix incorrect retry logic in scheduler (#50106, @julia-stripe)
  • GCE: Bump GLBC version to 0.9.6 (#50096, @nicksardo)
  • The NodeRestriction admission plugin now allows a node to evict pods bound to itself (#48707, @danielfm)
  • Fixed a bug in the API server watch cache, which could cause a missing watch event immediately after cache initialization. (#49992, @liggitt)

v1.7.3

Documentation & Examples

Downloads for v1.7.3

filename sha256 hash
kubernetes.tar.gz 8afa3919b6bff47ada1c298837881ef7eed9516694d54517ac2a59b0bbe7308c
kubernetes-src.tar.gz 54f77cb2d392de742580fc5fb9ca5acf29adfb4620f4dcb09050d7dfbbd260d7

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 9a62ebc7b25847ce3201e01df6a845139e1de6ea4e9cc02ef4c713d33c5a9916
kubernetes-client-darwin-amd64.tar.gz b786b39e89908ed567a17dac6e554cf5580f0ad817334ad2bd447a8f8b5bde95
kubernetes-client-linux-386.tar.gz aed5d3ccaf9fafb52775234d27168674f9b536ce72cb56e51376761f2f77c653
kubernetes-client-linux-amd64.tar.gz 8d66c7912914ac9add514e660fdc8c963b748a7c588c43a14533157a9f0e1c92
kubernetes-client-linux-arm64.tar.gz 7b65dd3d72712e419679685dfe6324274b080415eb556a2dca95bcb61cbf8882
kubernetes-client-linux-arm.tar.gz 42843f265bcf56a801942cee378f235b94eea1b8ac431315a9db0fb7d78736ad
kubernetes-client-linux-ppc64le.tar.gz c2976c26f9f4842f59cf0d5e8a79913f688b57843b825bfdd300ca4d8b4e7f1f
kubernetes-client-linux-s390x.tar.gz 7f019b5a32e927422136be0672e0dd97bcf496e7c25935a3e3d68474c2bd543d
kubernetes-client-windows-386.tar.gz 2d4d26928f31342081337bc9b8508067b3a29c9f673a6f67186e04c447d274c1
kubernetes-client-windows-amd64.tar.gz 90423aaa71fdd813ac58ceb25e670bd8b53a417e6ac34e67ad2cacc7f5a4c579

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz f4ae8d6655eedc1bed14c6d7da74156cb1f43a01a554f6399a177e3acb385bf1
kubernetes-server-linux-arm64.tar.gz 4a2ab8183f944f7e952b929008a4f39297897b7d411b233e7f952a8a755eb65c
kubernetes-server-linux-arm.tar.gz fde4d9f8a2e360d8cabfa7d56ed1b2ec25a09ce1ab8db3d2e5e673f098586488
kubernetes-server-linux-ppc64le.tar.gz 7d012b8393c06bd2418b1173fb306879e6fd11437f874b92bffcdba5ef4fb14a
kubernetes-server-linux-s390x.tar.gz 364b2c768bca178844de0752b5c0e4d3ee37cfc98ca4b8deac71e71aded84d5a

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 29b7a0649f0fed7f4e892d4c5ecbe7dfc57d3631e29c90dfafd305b19e324e57
kubernetes-node-linux-arm64.tar.gz 6c8f2d8651bddd625e336a16546b923cd18a8a8f01df6d236db46b914b9edbe0
kubernetes-node-linux-arm.tar.gz 1ad3c378ad56f7233b4e75cdb3fb1ba52cde1f7695a536b2ccbefc614f56208f
kubernetes-node-linux-ppc64le.tar.gz 32860144cf02a62b29bd2a8fcaa155ccf3f004352e363d398ff1eccf90ebaae7
kubernetes-node-linux-s390x.tar.gz eb34c895267d91324841abc0cc17788def37bfee297f3067cbee6f088f6c6b39
kubernetes-node-windows-amd64.tar.gz de2efc1cf0979bade8db64c342bbcec021d5dd271b2e5232c9d282104afb4368

Changelog since v1.7.2

Other notable changes

  • fix pdb validation bug on PodDisruptionBudgetSpec (#48706, @dixudx)
  • kubeadm: Fix join preflight check false negative (#49825, @erhudy)
  • Revert deprecation of vCenter port in vSphere Cloud Provider. (#49689, @divyenpatel)
  • Fluentd-gcp DaemonSet exposes different set of metrics. (#48812, @crassirostris)
  • Fixed OpenAPI Description and Nickname of API objects with subresources (#49357, @mbohlool)
  • Websocket requests to aggregated APIs now perform TLS verification using the service DNS name instead of the backend server's IP address, consistent with non-websocket requests. (#49353, @liggitt)
  • kubeadm: Fixes a small bug where --config and --skip-* flags couldn't be passed at the same time in validation. (#49498, @luxas)
  • kubeadm: Don't set a specific spc_t SELinux label on the etcd Static Pod as that is more privs than etcd needs and due to that spc_t isn't compatible with some OSes. (#49328, @euank)
  • Websocket requests to aggregated APIs now perform TLS verification using the service DNS name instead of the backend server's IP address, consistent with non-websocket requests. (#49353, @liggitt)
  • kubectl drain no longer spins trying to delete pods that do not exist (#49444, @eparis)
  • Fixes #49418 where kube-controller-manager can panic on volume.CanSupport methods and enter a crash loop. (#49420, @gnufied)
  • Fix Cinder to support http status 300 in pagination (#47602, @rootfs)
  • Automated cherry pick of #49079 upstream release 1.7 (#49254, @feiskyer)
  • Fixed GlusterFS volumes taking too long to time out (#48709, @jsafrane)
  • The IP address and port for kube-proxy metrics server is now configurable via flag --metrics-bind-address (#48625, @mrhohn)
    • Special notice for kube-proxy in 1.7+ (including 1.7.0):
      • Healthz server (/healthz) will be served on 0.0.0.0:10256 by default.
      • Metrics server (/metrics and /proxyMode) will be served on 127.0.0.1:10249 by default.
      • Metrics server will continue serving /healthz.

v1.7.2

Documentation & Examples

Downloads for v1.7.2

filename sha256 hash
kubernetes.tar.gz 35281f3552ec4bdf0c219bb7d25b22033648a81e3726594d25500418653eb2f0
kubernetes-src.tar.gz 450ab45c9d69b12ca9d658247ace8fc67fa02a658fbb474f2a7deae85ebff223

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 9fc3629c9eee02008cda0a1045d8a80d6c4ede057e989bdb9c187630c8977438
kubernetes-client-darwin-amd64.tar.gz c163afbf8effd3f1ae041fbcf147f49c478656665158503ddabfb8f64f764bdc
kubernetes-client-linux-386.tar.gz 8ec8a0f40a8c7726b2610a30dd4bfa2aef736147a9771234651c1e005e832519
kubernetes-client-linux-amd64.tar.gz 9c2363710d61a12a28df2d8a4688543b785156369973d33144ab1f2c1d5c7b53
kubernetes-client-linux-arm64.tar.gz 320e89b12fd59863ad64bb49f0a208aba98064f5ead0fe43945f7c5b3fc260e9
kubernetes-client-linux-arm.tar.gz 08566e8f7d200d4d23c59947a66b2737122bffd897e8079f056b76d39156167c
kubernetes-client-linux-ppc64le.tar.gz 681842ae5f8364be1a0dcdb0703958e450ec9c46eb7bf875a86bc3d6b21a9bb0
kubernetes-client-linux-s390x.tar.gz a779720a07fa22bdaf0e28d93e6a946f479ce408ec25644a3b45aeb03cd04cc8
kubernetes-client-windows-386.tar.gz 3fe1e082176e09aba62b6414f5fb4ea8d43880ab04766535ae68e6500c868764
kubernetes-client-windows-amd64.tar.gz 1ddbdc59bd97b044b63a46da175a5e5298b8947cc49511e3b378d0298736c66d

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz b281a1b0ff2f0f38e88642d492e184aa087a985baf54bcaae588948e675d96a3
kubernetes-server-linux-arm64.tar.gz 2b87266d43f7e38e8d7328b923ee75adba0fc64a2299851a8e915b9321f66e3d
kubernetes-server-linux-arm.tar.gz 3f00de82ba4d623fbec8f05fc9b249435671a2f6f976654ea5f1f839dca1f804
kubernetes-server-linux-ppc64le.tar.gz 4b70ff24a6bf9c3d9f58c51fe60a279ac3ce8d996708a4bf58295fa740168b27
kubernetes-server-linux-s390x.tar.gz 83da55f793bbd040f7282cb155ce219bf1039195f53762098633c44a6971b759

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz ecee3f66f62ff87a1718ee7279b720f411fba1b4439255664364e3c5968207b5
kubernetes-node-linux-arm64.tar.gz d03252370caa631afd5710e5d40ff35b1e0764bc19a911f3e3f6c9c300b2e354
kubernetes-node-linux-arm.tar.gz e1885e36ca699c7ed75a2212d7e8be4482c544ea80e0a229b32703e3efd16ddc
kubernetes-node-linux-ppc64le.tar.gz 6a3fdc63c1fbcd66440dba4f8252a26959cb42ac92298d12c447c7f3d8d7cc29
kubernetes-node-linux-s390x.tar.gz 8b2eabb3cee1b990c75835a80ce3429d2a2a7bae7e90916f64efda131da70eaa
kubernetes-node-windows-amd64.tar.gz 8f563627db05d6f12a2034bb01961b012dcadcec17d3bc399d05b6837340d3b3

Changelog since v1.7.1

Other notable changes

  • Use port 20256 for node-problem-detector in standalone mode. (#49316, @ajitak)
  • GCE Cloud Provider: New created LoadBalancer type Service will have health checks for nodes by default if all nodes have version >= v1.7.2. (#49330, @MrHohn)
  • Azure PD (Managed/Blob) (#46360, @khenidak)
  • Fix Pods using Portworx volumes getting stuck in ContainerCreating phase. (#48898, @harsh-px)
  • kubeadm: Make kube-proxy tolerate the external cloud provider taint so that an external cloud provider can be easily used on top of kubeadm (#49017, @luxas)
  • Fix pods failing to start when subPath is a dangling symlink from kubelet point of view, which can happen if it is running inside a container (#48555, @redbaron)
  • Never prevent deletion of resources as part of namespace lifecycle (#48733, @liggitt)
  • kubectl: Fix bug that showed terminated/evicted pods even without --show-all. (#48786, @janetkuo)
  • Add a runtime warning about the kubeadm default token TTL changes. (#48838, @mattmoyer)
  • Local storage teardown fix (#48402, @ianchakeres)
  • Fix udp service blackhole problem when number of backends changes from 0 to non-0 (#48524, @freehan)
  • hpa: Prevent scaling below MinReplicas if desiredReplicas is zero (#48997, @johanneswuerbach)
  • kubeadm: Fix a bug where kubeadm join would wait 5 seconds without doing anything. Now kubeadm join executes the tasks immediately. (#48737, @mattmoyer)
  • Fix a regression that broke the --config flag for kubeadm init. (#48915, @mattmoyer)
  • Fix service controller crash loop when Service with GCP LoadBalancer uses static IP (#48848, @nicksardo) (#48849, @nicksardo)

v1.7.1

Documentation & Examples

Downloads for v1.7.1

filename sha256 hash
kubernetes.tar.gz 76bddfd19a50f92136456af5bbc3a9d4239260c0c40dccfe704156286a93127c
kubernetes-src.tar.gz 159100f6506c4d59d640a3b0fc7691c4a5023b346d7c3911c5cbbedce2ad8184

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 340ceb858bff489fa7ae15c6b526c4316d9c7b6ca354f68ff187c8b5eff08f45
kubernetes-client-darwin-amd64.tar.gz 1f1db50d57750115abd6e6e060c914292af7a6e2933a48ccf28ebbe8942c7826
kubernetes-client-linux-386.tar.gz 5eac1c92aee40cd2ef14248639d39d7cee910f077dd006a868c510116852fbba
kubernetes-client-linux-amd64.tar.gz 6b807520a69b8432baaa89304e8d1ff286d07af20e2a3712b8b2e38d61dbb445
kubernetes-client-linux-arm64.tar.gz a91e0ea4381f659f60380b5b9d6f8114e13337f90a32bcb4a72b8168caef2e00
kubernetes-client-linux-arm.tar.gz 6e0e2e557d4e3df18e967e6025a36205aae5b8979dcbb33df6d6e44d9224809a
kubernetes-client-linux-ppc64le.tar.gz 22264e96ceaa2d853120be7dcbdc70a9938915cd10eaf5a2c75f4fb2dd12a2eb
kubernetes-client-linux-s390x.tar.gz 9b5ac9a66df99a2a8abdc908ef3cd933010facf4c08e96597e041fc359a62aa9
kubernetes-client-windows-386.tar.gz bd3f99ead21f6c6c34dba7ef5c2d2308ef6770bcb255f286d9d5edbf33f5ccff
kubernetes-client-windows-amd64.tar.gz e2578ca743bf03b367c473c32657cbed4cf27a12545841058f8bb873fb70e872

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 467201c89d473bdec82a67c9b24453a2037eef1a1ed552f0dc55310355d21ea3
kubernetes-server-linux-arm64.tar.gz 1c1c5cad62423655b1e79bc831de5765cbe683aeef4efe9a823d2597334e19c1
kubernetes-server-linux-arm.tar.gz 17eee900df8ac9bbdd047b2f7d7cb2684820f71cb700dcb305e986acbddf66eb
kubernetes-server-linux-ppc64le.tar.gz b1ae5f6d728cfe61b38acbc081e66ddf77ecc38ebdfdb42bfdd53e51fcd3aa2b
kubernetes-server-linux-s390x.tar.gz 20a273b20b10233fc2632d8a65e0b123fc87166e1f50171e7ede76c59f3118cd

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz da0e6d5d6532ef7dba6e5db59e5bc142a52a0314bbb2c70e1fa8e73fe07d0e31
kubernetes-node-linux-arm64.tar.gz 939b6f779257671a141ecb243bc01e9a5dfb1cd05808820044d915049c3f591a
kubernetes-node-linux-arm.tar.gz 512fddbbb7353d6dd02e51e79e05101ab857c09e4a4970404258c783ab094c95
kubernetes-node-linux-ppc64le.tar.gz 795150d92ef93aa53be2db245b9f88cc40fe0fd27045835a23c8eee830c419ba
kubernetes-node-linux-s390x.tar.gz 58c9b1ef8f8b30fd7061ac87e60b7be9eb79b5bd50c2eef1564838768e7b1d02
kubernetes-node-windows-amd64.tar.gz eae772609aa50d6a1f4f7cf6df5df2f56cbd438b9034f9be622bc0cfe1d13072

Changelog since v1.7.0

Other notable changes

  • Added new flag to kubeadm init: --node-name, that lets you specify the name of the Node object that will be created (#48594, @GheRivero)
  • Added new flag to kubeadm join: --node-name, that lets you specify the name of the Node object that's gonna be created (#48538, @GheRivero)
  • Fixes issue where you could not mount NFS or glusterFS volumes using hostnames on GCI/GKE with COS images. (#42376, @jingxu97)
  • Reduce amount of noise in Stackdriver Logging, generated by the event-exporter component in the fluentd-gcp addon. (#48712, @crassirostris)
  • Add generic NoSchedule toleration to fluentd in gcp config. (#48182, @gmarek)
  • RBAC role and role-binding reconciliation now ensures namespaces exist when reconciling on startup. (#48480, @liggitt)
  • Support NoSchedule taints correctly in DaemonSet controller. (#48189, @mikedanese)
  • kubeadm: Expose only the cluster-info ConfigMap in the kube-public ns (#48050, @luxas)

v1.7.0

Documentation & Examples

Downloads for v1.7.0

filename sha256 hash
kubernetes.tar.gz 947f1dd9a9b6b427faac84067a30c86e83e6391eb42f09ddcc50a8694765c31a
kubernetes-src.tar.gz d3d8b0bfc31164dd703b38d8484cfed7981cacd1e496731880afa87f8bf39aac

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz da298e24318e57ac8a558c390117bd7e9e596b3bdf1c5960979898fefe6c5c88
kubernetes-client-darwin-amd64.tar.gz c22f72e1592731155db5b05d0d660f1d7314288cb020f7980e2a109d9e7ba0e5
kubernetes-client-linux-386.tar.gz fc8e90e96360c3a2c8ec56903ab5acde1dffa4d641e1ee27b804ee6d8e824cf6
kubernetes-client-linux-amd64.tar.gz 8b3ed03f8a4b3a1ec124abde01632ee6dcec9daf9376f0288fd7500b5173981c
kubernetes-client-linux-arm64.tar.gz 8930c74dab9ada31e6994f0dc3fb22d41a602a2880b6b17112718ce73eac0574
kubernetes-client-linux-arm.tar.gz 20a6f4645cab3c0aef72f849ae90b2691605fd3f670ce36cc8aa11aef31c6edb
kubernetes-client-linux-ppc64le.tar.gz 509e214d55e8df1906894cbdc166e791761a3b82a52bcea0de65ceca3143c8b5
kubernetes-client-linux-s390x.tar.gz fd39f47b691fc608f2ea3fed35408dd4c0b1d198605ec17363b0987b123a4702
kubernetes-client-windows-386.tar.gz d9b72cfeefee0cd2db5f6a388bdb9da1e33514498f4d88be1b04282db5bfbd3d
kubernetes-client-windows-amd64.tar.gz c536952bd29a7ae12c8fa148d592cc3c353dea4d0079e8497edaf8a759a16006

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 175fc9360d4f26b5f60b467798d851061f01d0ca555c254ef44a8a9822cf7560
kubernetes-server-linux-arm64.tar.gz f1e039e0e2923d1ea02fd76453aa51715ca83c5c26ca1a761ace2c717b79154f
kubernetes-server-linux-arm.tar.gz 48dc95e5230d7a44b64b379f9cf2e1ec72b7c4c7c62f4f3e92a73076ad6376db
kubernetes-server-linux-ppc64le.tar.gz dc079cd18333c201cfd0f5b0e93e602d020a9e665d8c13968170a2cd89eebeb4
kubernetes-server-linux-s390x.tar.gz fe6674e7d69aeffd522e543e957897e2cb943e82d5ccd368ccb9009e1128273f

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 6c6cece62bad5bfeaf4a4b14e93c9ba99c96dc82b7855a2214cdf37a65251de8
kubernetes-node-linux-arm64.tar.gz dd75dc044fb1f337b60cb4b27c9bbdca4742d8bc0a1d03d13553a1b8fc593e98
kubernetes-node-linux-arm.tar.gz c5d832c93c24d77414a880d8b7c4fac9a7443305e8e5c704f637ff023ff56f94
kubernetes-node-linux-ppc64le.tar.gz 649813a257353c5b85605869e33aeeb0c070e64e6fee18bc9c6e70472aa05677
kubernetes-node-linux-s390x.tar.gz 5ca0a7e9e90b2de7aff7bbdc84f662140ce847ea46cdb78802ce75459e0cc043
kubernetes-node-windows-amd64.tar.gz 4b84b0025aff1d4406f3e5cd5fa86940f594e3ec6e1d12d3ce1eea5f5b3fc55d

Major Themes

Kubernetes 1.7 is a milestone release that adds security, stateful application, and extensibility features motivated by widespread production use of Kubernetes.

Security enhancements in this release include encrypted secrets (alpha), network policy for pod-to-pod communication, the node authorizer to limit Kubelet access to API resources, and Kubelet client / server TLS certificate rotation (alpha).

Major features for stateful applications include automated updates to StatefulSets, enhanced updates for DaemonSets, a burst mode for faster StatefulSets scaling, and (alpha) support for local storage.

Extensibility features include API aggregation (beta), CustomResourceDefinitions (beta) in favor of ThirdPartyResources, support for extensible admission controllers (alpha), pluggable cloud providers (alpha), and container runtime interface (CRI) enhancements.

Action Required Before Upgrading

Network

  • NetworkPolicy has been promoted from extensions/v1beta1 to the new networking.k8s.io/v1 API group. The structure remains unchanged from the v1beta1 API. The net.beta.kubernetes.io/network-policy annotation on Namespaces (used to opt in to isolation) has been removed. Instead, isolation is now determined on a per-pod basis. A NetworkPolicy may target a pod for isolation by including the pod in its spec.podSelector. Targeted Pods accept the traffic specified in the respective NetworkPolicy (and nothing else). Pods not targeted by any NetworkPolicy accept all traffic by default. (#39164, @danwinship)

    Action Required: When upgrading to Kubernetes 1.7 (and a network plugin that supports the new NetworkPolicy v1 semantics), you should consider the following.

    The v1beta1 API used an annotation on Namespaces to activate the DefaultDeny policy for an entire Namespace. To activate default deny in the v1 API, you can create a NetworkPolicy that matches all Pods but does not allow any traffic:

    kind: NetworkPolicy
    apiVersion: networking.k8s.io/v1
    metadata:
      name: default-deny
    spec:
      podSelector:

    This will ensure that Pods that aren't matched by any other NetworkPolicy will continue to be fully-isolated, as they were in v1beta1.

    In Namespaces that previously did not have the "DefaultDeny" annotation, you should delete any existing NetworkPolicy objects. These had no effect in the v1beta1 API, but with v1 semantics they might cause some traffic to be unintentionally blocked.

Storage

  • Alpha volume provisioning is removed and default storage class should be used instead. (#44090, @NickrenREN)

  • Portworx volume driver no longer has to run on the master. (#45518, @harsh-px)

  • Default behavior in Cinder storageclass is changed. If availability is not specified, the zone is chosen by algorithm. It makes possible to spread stateful pods across many zones. (#44798, @zetaab)

  • PodSpecs containing parent directory references such as .. (for example, ../bar) in hostPath volume path or in volumeMount subpaths must be changed to the simple absolute path. Backsteps .. are no longer allowed.(#47290, @jhorwit2).

API Machinery

  • The Namespace API object no longer supports the deletecollection operation. (#46407, @liggitt)

  • The following alpha API groups were unintentionally enabled by default in previous releases, and will no longer be enabled by default in v1.8: (#47690, @caesarxuchao)

    • rbac.authorization.k8s.io/v1alpha1

    • settings.k8s.io/v1alpha1

    • If you wish to continue using them in v1.8, please enable them explicitly using the --runtime-config flag on the apiserver (for example, --runtime-config="rbac.authorization.k8s.io/v1alpha1,settings.k8s.io/v1alpha1")

  • cluster/update-storage-objects.sh now supports updating StorageClasses in etcd to storage.k8s.io/v1. You must do this prior to upgrading to 1.8. (#46116, @ncdc)

Controller Manager

  • kube-controller-manager has dropped support for the --insecure-experimental-approve-all-kubelet-csrs-for-group flag. It is accepted in 1.7, but ignored. Instead, the csrapproving controller uses authorization checks to determine whether to approve certificate signing requests: (#45619, @mikedanese)

    • Before upgrading, users must ensure their controller manager will enable the csrapproving controller, create an RBAC ClusterRole and ClusterRoleBinding to approve CSRs for the same group, then upgrade. Example roles to enable the equivalent behavior can be found in the TLS bootstrapping documentation.

kubectl (CLI)

  • kubectl create role and kubectl create clusterrole invocations must be updated to specify multiple resource names as repeated --resource-name arguments instead of comma-separated arguments to a single --resource-name argument. E.g. --resource-name=x,y must become --resource-name x --resource-name y (#44950, @xilabao)

  • kubectl create rolebinding and kubectl create clusterrolebinding invocations must be updated to specify multiple subjects as repeated --user, --group, or --serviceaccount arguments instead of comma-separated arguments to a single --user, --group, or --serviceaccount. E.g. --user=x,y must become --user x --user y (#43903, @xilabao)

kubeadm

  • kubeadm: Modifications to cluster-internal resources installed by kubeadm will be overwritten when upgrading from v1.6 to v1.7. (#47081, @luxas)

  • kubeadm deb/rpm packages: cAdvisor doesn't listen on 0.0.0.0:4194 without authentication/authorization because of the possible information leakage. The cAdvisor API can still be accessed via https://{node-ip}:10250/stats/, though. (kubernetes/release#356, @luxas)

Cloud Providers

  • Azure: Container permissions for provisioned volumes have changed to private. If you have existing Azure volumes that were created by Kubernetes v1.6.0-v1.6.5, you should change the permissions on them manually. (#47605, @brendandburns)

  • GKE/GCE: New and upgraded 1.7 GCE/GKE clusters no longer have an RBAC ClusterRoleBinding that grants the cluster-admin ClusterRole to the default service account in the kube-system Namespace. (#46750, @cjcullen). If this permission is still desired, run the following command to explicitly grant it, either before or after upgrading to 1.7:

    kubectl create clusterrolebinding kube-system-default --serviceaccount=kube-system:default --clusterrole=cluster-admin

Known Issues

Populated via v1.7.x known issues / FAQ accumulator

  • The kube-apiserver discovery APIs (for example, /apis) return information about the API groups being served, and can change dynamically. During server startup, prior to the server reporting healthy (via /healthz), not all API groups may be reported. Wait for the server to report healthy (via /healthz) before depending on the information provided by the discovery APIs. Additionally, since the information returned from the discovery APIs may change dynamically, a cache of the results should not be considered authoritative. ETag support is planned in a future version to facilitate client caching. (#47977, #44957)

  • The DaemonSet controller will evict running Pods that do not tolerate the NoSchedule taint if the taint is added to a Node. There is an open PR (#48189) to resolve this issue, but as this issue also exists in 1.6, and as we do not wish to risk release stability by merging it directly prior to a release without sufficient testing, we have decided to defer merging the PR until the next point release for each minor version (#48190).

  • Protobuf serialization does not distinguish between [] and null. API fields previously capable of storing and returning either [] and null via JSON API requests (for example, the Endpoints subsets field) can now store only null when created using the protobuf content-type or stored in etcd using protobuf serialization (the default in 1.6). JSON API clients should tolerate null values for such fields, and treat null and [] as equivalent in meaning unless specifically documented otherwise for a particular field. (#44593)

  • Local volume source paths that are directories and not mount points fail to unmount. A fix is in process (#48331).

  • Services of type LoadBalancer (on GCE/GKE) that have static IP addresses will cause the Service Controller to panic and thereby causing the kube-controller-manager to crash loop. (#48848)

Deprecations

Cluster provisioning scripts

Client libraries

  • Swagger 1.2 spec (/swaggerapi/*) is deprecated. Please use OpenAPI instead.

DaemonSet

  • DaemonSet’s spec.templateGeneration has been deprecated. (#45924, @janetkuo)

kube-proxy

  • In 1.7, the kube-proxy component has been converted to use a configuration file. The old flags still work in 1.7, but they are being deprecated and will be removed in a future release. Cluster administrators are advised to switch to using the configuration file, but no action is strictly necessary in 1.7. (#34727, @ncdc)

Namespace

  • The Namespace API object no longer supports the deletecollection operation. (#46407, @liggitt)

Scheduling

  • If you are using AffinityInAnnotations=true in --feature-gates, then the 1.7 release is your last opportunity to convert from specifying affinity/anti-affinity using the scheduler.alpha.kubernetes.io/affinity annotation on Pods, to using the Affinity field of PodSpec. Support for the alpha version of node and pod affinity (which uses the scheduler.alpha.kubernetes.io/affinity annotations on Pods) is going away in Kubernetes 1.8 (not this release, but the next release). If you have not enabled AffinityInAnnotations=true in --feature-gates, then this change does not affect you.

Notable Features

Features for this release were tracked via the use of the kubernetes/features issues repo. Each Feature issue is owned by a Special Interest Group from kubernetes/community

Kubefed

  • Deprecate the --secret-name flag from kubefed join, instead generating the secret name arbitrarily. (#42513, @perotinus)

Kubernetes API

User Provided Extensions

Application Deployment

StatefulSet

  • [beta] StatefulSet supports RollingUpdate and OnDelete update strategies.

  • [alpha] StatefulSet authors should be able to relax the ordering and parallelism policies for software that can safely support rapid, out-of-order changes.

DaemonSet

Deployments

  • [beta] Deployments uses a hashing collision avoidance mechanism that ensures new rollouts will not block on hashing collisions anymore. (kubernetes/features#287)

PodDisruptionBudget

  • [beta] PodDisruptionBudget has a new field MaxUnavailable, which allows users to specify the maximum number of disruptions that can be tolerated during eviction. For more information, see Pod Disruptions and Specifying a Disruption Budget for your Application.
  • PodDisruptionBudget now uses ControllerRef to make the right decisions about Pod eviction even if the built in application controllers have overlapping selectors.

Security

Admission Control

TLS Bootstrapping

Audit Logging

  • [alpha] Advanced Auditing enhances the Kubernetes API audit logging capabilities through a customizable policy, pluggable audit backends, and richer audit data.

Encryption at Rest

Node Authorization

  • [beta] A new Node authorization mode and NodeRestriction admission plugin, when used in combination, limit nodes' access to specific APIs, so that they may only modify their own Node API object, only modify Pod objects bound to themselves, and only retrieve secrets and configmaps referenced by pods bound to themselves. See Using Node Authorization for more information.

Application Autoscaling

Horizontal Pod Autoscaler

Cluster Lifecycle

kubeadm

Cloud Provider Support

Cluster Federation

Placement Policy

  • [alpha] The federation-apiserver now supports a SchedulingPolicy admission controller that enables policy-based control over placement of federated resources. For more information, see Set up placement policies in Federation.

Cluster Selection

Instrumentation

Core Metrics API

  • [alpha] Introduces a lightweight monitoring component for serving the core resource metrics API used by the Horizontal Pod Autoscaler and other components (kubernetes/features#271)

Internationalization

kubectl (CLI)

  • Features

    • kubectl logs supports specifying a container name when using label selectors (#44282, @derekwaynecarr)

    • kubectl rollout supports undo and history for DaemonSet (#46144, @janetkuo)

    • kubectl rollout supports status and history for StatefulSet (#46669, @kow3ns).

    • Implement kubectl get controllerrevisions (#46655, @janetkuo)

    • kubectl create clusterrole supports --non-resource-url (#45809, @CaoShuFeng)

    • kubectl logs and kubectl attach support specifying a wait timeout with --pod-running-timeout (#41813, @shiywang)

    • New commands

    • Strategic Merge Patch

      • Reference docs now display the patch type and patch merge key used by kubectl apply to merge and identify unique elements in arrays.

        • kubectl edit and kubectl apply will keep the ordering of elements in merged lists (#45980, @mengqiy)

        • New patch directive (retainKeys) to specifying clearing fields missing from the request (#44597, @mengqiy)

        • Open API now includes strategic merge patch tags (previously only in go struct tags) (#44121, @mbohlool)

    • Plugins

      • Introduces the ability to extend kubectl by adding third-party plugins. Developer preview, please refer to the documentation for instructions about how to use it. (#37499, @fabianofranz)

      • Added support for a hierarchy of kubectl plugins (a tree of plugins as children of other plugins). (#45981, @fabianofranz)

      • Added exported env vars to kubectl plugins so that plugin developers have access to global flags, namespace, the plugin descriptor and the full path to the caller binary.

    • Enhancement

      • kubectl auth can-i now supports non-resource URLs (#46432, @CaoShuFeng)

      • kubectl set selector and kubectl set subject no longer print "running in local/dry-run mode..." at the top. The output can now be piped and interpretted as yaml or json (#46507, @bboreham)

      • When using an in-cluster client with an empty configuration, the --namespace flag is now honored (#46299, @ncdc)

      • The help message for missingResourceError is now generic (#45582, @CaoShuFeng)

      • kubectl taint node now supports label selectors (#44740, @ravisantoshgudimetla)

      • kubectl proxy --www now logs a warning when the dir is invalid (#44952, @CaoShuFeng)

      • kubectl taint output has been enhanced with the operation (#43171, @ravisantoshgudimetla)

      • kubectl --user and --cluster now support completion (#44251, @superbrothers)

      • kubectl config use-context now supports completion (#42336, @superbrothers)

      • kubectl version now supports --output (#39858, @alejandroEsc)

      • kubectl create configmap has a new option --from-env-file that populates a configmap from file which follows a key=val format for each line. (#38882, @fraenkel)

      • kubectl create secret has a new option --from-env-file that populates a secret from file which follows a key=val format for each line.

    • Printing/describe

      • Print conditions of RC/RS in kubectl describe command. (#44710, @xiangpengzhao)

      • Improved output on kubectl get and kubectl describe for generic objects. (#44222, @fabianofranz)

      • In kubectl describe, find controllers with ControllerRef, instead of showing the original creator. (#42849, @janetkuo)

        • kubectl version has new flag --output (=json or yaml) allowing result of the command to be parsed in either json format or yaml. (#39858, @alejandroEsc)
    • Bug fixes

      • Fix some false negatives in detection of meaningful conflicts during strategic merge patch with maps and lists. (#43469, @enisoc)

        • Fix false positive "meaningful conflict" detection for strategic merge patch with integer values. (#44788, @enisoc)

        • Restored the ability of kubectl running inside a pod to consume resource files specifying a different namespace than the one the pod is running in. (#44862, @liggitt)

      • Kubectl commands run inside a pod using a kubeconfig file now use the namespace specified in the kubeconfig file, instead of using the pod namespace. If no kubeconfig file is used, or the kubeconfig does not specify a namespace, the pod namespace is still used as a fallback. (#44570, @liggitt)

      • Fixed kubectl cluster-info dump to support multi-container pod. (#44088, @xingzhou)

      • Kubectl will print a warning when deleting the current context (#42538, @adohe)

      • Fix VolumeClaims/capacity in kubectl describe statefulsets output. (#47573, @k82cn)

Networking

Network Policy

Load Balancing

  • [stable] Source IP Preservation - change Cloud load-balancer strategy to health-checks and respond to health check only on nodes that host pods for the service. See Create an External Load Balancer - Preserving the client source IP. Two annotations have been promoted to API fields:

    • Service.Spec.ExternalTrafficPolicy was 'service.beta.kubernetes.io/external-traffic' annotation.

    • Service.Spec.HealthCheckNodePort was 'service.beta.kubernetes.io/healthcheck-nodeport' annotation.

Node Components

Container Runtime Interface

Scheduling

Scheduler Extender

Storage

Local Storage

  • [alpha] This feature adds capacity isolation support for local storage at node, container, and volume levels. See updated Reserve Compute Resources for System Daemons documentation.

  • [alpha] Make locally attached (non-network attached) storage available as a persistent volume source. For more information, see Storage Volumes - local.

Volume Plugins

Metrics

Other notable changes

Admission plugin

  • OwnerReferencesPermissionEnforcement admission plugin ignores pods/status. (#45747, @derekwaynecarr)

  • Ignored mirror pods in PodPreset admission plugin. (#45958, @k82cn)

API Machinery

  • The protobuf serialization of API objects has been updated to store maps in a predictable order to ensure that the representation of that object does not change when saved into etcd. This prevents the same object from being seen as being modified, even when no values have changed. (#47701, @smarterclayton)

  • API resource discovery now includes the singularName used to refer to the resource. (#43312, @deads2k)

  • Enhance the garbage collection admission plugin so that a user who doesn't have delete permission of the owning object cannot modify the blockOwnerDeletion field of existing ownerReferences, or add new ownerReferences with blockOwnerDeletion=true (#43876, @caesarxuchao)

  • Exec and portforward actions over SPDY now properly handle redirects sent by the Kubelet (#44451, @ncdc)

  • The proxy subresource APIs for nodes, services, and pods now support the HTTP PATCH method. (#44929, @liggitt)

  • The Categories []string field on discovered API resources represents the list of group aliases (e.g. "all") that each resource belongs to. (#43338, @fabianofranz)

  • [alpha] The Kubernetes API supports retrieving tabular output for API resources via a new mime-type application/json;as=Table;v=v1alpha1;g=meta.k8s.io. The returned object (if the server supports it) will be of type meta.k8s.io/v1alpha1 with Table, and contain column and row information related to the resource. Each row will contain information about the resource - by default it will be the object metadata, but callers can add the ?includeObject=Object query parameter and receive the full object. In the future kubectl will use this to retrieve the results of kubectl get. (#40848, @smarterclayton)

  • The behavior of some watch calls to the server when filtering on fields was incorrect. If watching objects with a filter, when an update was made that no longer matched the filter a DELETE event was correctly sent. However, the object that was returned by that delete was not the (correct) version before the update, but instead, the newer version. That meant the new object was not matched by the filter. This was a regression from behavior between cached watches on the server side and uncached watches, and thus broke downstream API clients. (#46223, @smarterclayton)

  • OpenAPI spec is now available in protobuf binary and gzip format (with ETag support) (#45836, @mbohlool)

  • Updating apiserver to return UID of the deleted resource. Clients can use this UID to verify that the resource was deleted or waiting for finalizers. (#45600, @nikhiljindal)

  • Fix incorrect conflict errors applying strategic merge patches to resources. (#43871, @liggitt)

  • Fix init container status reporting when active deadline is exceeded. (#46305, @sjenning)

  • Moved qos to api.helpers. (#44906, @k82cn)

  • Fix issue with the resource quota controller causing add quota to be resynced at the wrong (#45685, @derekwaynecarr)

  • Added Group/Version/Kind and Action extension to OpenAPI Operations (#44787, @mbohlool)

  • Make clear that meta.KindToResource is only a guess (#45272, @sttts)

  • Add APIService conditions (#43301, @deads2k)

  • Create and push a docker image for the cloud-controller-manager (#45154, @luxas)

  • Deprecated Binding objects in 1.7. (#47041, @k82cn)

  • Adds the Categories []string field to API resources, which represents the list of group aliases (e.g. "all") that every resource belongs to. (#43338, @fabianofranz)

  • --service-account-lookup now defaults to true, requiring the Secret API object containing the token to exist in order for a service account token to be valid. This enables service account tokens to be revoked by deleting the Secret object containing the token. (#44071, @liggitt)

  • API Registration is now in beta. (#45247, @mbohlool)

  • The Kubernetes API server now exits if it encounters a networking failure (e.g. the networking interface hosting its address goes away) to allow a process manager (systemd/kubelet/etc) to react to the problem. Previously the server would log the failure and try again to bind to its configured address:port. (#42272, @marun)

  • The Prometheus metrics for the kube-apiserver for tracking incoming API requests and latencies now return the subresource label for correctly attributing the type of API call. (#46354, @smarterclayton)

  • kube-apiserver now drops unneeded path information if an older version of Windows kubectl sends it. (#44421, @mml)

Application autoscaling

  • Make "upscale forbidden window" and "downscale forbidden window" duration configurable in arguments of kube-controller-manager. (#42101, @Dmitry1987)

Application Deployment

  • StatefulSetStatus now tracks replicas, readyReplicas, currentReplicas, and updatedReplicas. The semantics of replicas is now consistent with DaemonSet and ReplicaSet, and readyReplicas has the semantics that replicas did prior to 1.7 (#46669, @kow3ns).

  • ControllerRevision type has been added for StatefulSet and DaemonSet history. Clients should not depend on the stability of this type as it may change, as necessary, in future releases to support StatefulSet and DaemonSet update and rollback. We enable this type as we do with beta features, because StatefulSet update and DaemonSet update are enabled. (#45867, @kow3ns)

  • PodDisruptionBudget now uses ControllerRef to decide which controller owns a given Pod, so it doesn't get confused by controllers with overlapping selectors. (#45003, @krmayankk)

  • Deployments are updated to use (1) a more stable hashing algorithm (fnv) than the previous one (adler) and (2) a hashing collision avoidance mechanism that will ensure new rollouts will not block on hashing collisions anymore. (#44774, @kargakis)(kubernetes/features#287)

  • Deployments and DaemonSets rollouts are considered complete when all of the desired replicas are updated and available. This change affects kubectl rollout status and Deployment condition. (#44672, @kargakis)

  • Job controller now respects ControllerRef to avoid fighting over Pods. (#42176, @enisoc)

  • CronJob controller now respects ControllerRef to avoid fighting with other controllers. (#42177, @enisoc)

Cluster Autoscaling

  • Cluster Autoscaler 0.6. More information available here.

  • cluster-autoscaler: Fix duplicate writing of logs. (#45017, @MaciekPytel)

Cloud Provider Enhancement

  • AWS:

    • New 'service.beta.kubernetes.io/aws-load-balancer-extra-security-groups' Service annotation to specify extra Security Groups to be added to ELB created by AWS cloudprovider (#45268, @redbaron)

    • Clean up blackhole routes when using kubenet (#47572, @justinsb)

    • Maintain a cache of all instances, to fix problem with > 200 nodes with ELBs (#47410, @justinsb)

    • Avoid spurious ELB listener recreation - ignore case when matching protocol (#47391, @justinsb)

    • Allow configuration of a single security group for ELBs (#45500, @nbutton23)

    • Remove check that forces loadBalancerSourceRanges to be 0.0.0.0/0. (#38636, @dhawal55)

      • Allow setting KubernetesClusterID or KubernetesClusterTag in combination with VPC. (#42512, @scheeles)

      • Start recording cloud provider metrics for AWS (#43477, @gnufied)

      • AWS: Batch DescribeInstance calls with nodeNames to 150 limit, to stay within AWS filter limits. (#47516, @gnufied)

      • AWS: Process disk attachments even with duplicate NodeNames (#47406, @justinsb)

    • Allow configuration of a single security group for ELBs (#45500, @nbutton23)

    • Fix support running the master with a different AWS account or even on a different cloud provider than the nodes. (#44235, @mrIncompetent)

    • Support node port health check (#43585, @foolusion)

    • Support for ELB tagging by users (#45932, @lpabon)

  • Azure:

  • GCP:

    • Bump GLBC version to 0.9.5 - fixes loss of manually modified GCLB health check settings upon upgrade from pre-1.6.4 to either 1.6.4 or 1.6.5. (#47567, @nicksardo)

    • [beta] Support creation of GCP Internal Load Balancers from Service objects (#46663, @nicksardo)

    • GCE installs will now avoid IP masquerade for all RFC-1918 IP blocks, rather than just 10.0.0.0/8. This means that clusters can be created in 192.168.0.0./16 and 172.16.0.0/12 while preserving the container IPs (which would be lost before). (#46473, @thockin)

    • The Calico version included in kube-up for GCE has been updated to v2.2. (#38169, @caseydavenport)

    • Add ip-masq-agent addon to the addons folder which is used in GCE if --non-masquerade-cidr is set to 0/0 (#46038, @dnardo)

    • Enable kubelet csr bootstrap in GCE/GKE (#40760, @mikedanese)

    • Adds support for allocation of pod IPs via IP aliases. (#42147, @bowei)

      • gce kube-up: The Node authorization mode and NodeRestriction admission controller are now enabled (#46796, @mikedanese)

      • Tokens retrieved from Google Cloud with application default credentials will not be cached if the client fails authorization (#46694, @matt-tyler)

      • Add metrics to all major gce operations {latency, errors} (#44510, @bowei)

        • The new metrics are:

        • cloudprovider_gce_api_request_duration_seconds{request, region, zone}

        • cloudprovider_gce_api_request_errors{request, region, zone}

        • request is the specific function that is used.

        • region is the target region (Will be "<n/a>" if not applicable)

        • zone is the target zone (Will be "<n/a>" if not applicable)

        • Note: this fixes some issues with the previous implementation of metrics for disks:

          • Time duration tracked was of the initial API call, not the entire operation.

          • Metrics label tuple would have resulted in many independent histograms stored, one for each disk. (Did not aggregate well).

    • Fluentd now tolerates all NoExecute Taints when run in gcp configuration. (#45715, @gmarek)

      • Taints support in gce/salt startup scripts. (#47632, @mwielgus)

      • GCE installs will now avoid IP masquerade for all RFC-1918 IP blocks, rather than just 10.0.0.0/8. This means that clusters can (#46473, @thockin) be created in 192.168.0.0./16 and 172.16.0.0/12 while preserving the container IPs (which would be lost before).

      • Support running Ubuntu image on GCE node (#44744, @yguo0905)

    • The gce metadata server can now be hidden behind a proxy, hiding the kubelet's token. (#45565, @Q-Lee)

  • OpenStack:

  • vSphere:

Cluster Provisioning

  • Juju:

    • Add Kubernetes 1.6 support to Juju charms (#44500, @Cynerva)

      • Add metric collection to charms for autoscaling

      • Update kubernetes-e2e charm to fail when test suite fails

      • Update Juju charms to use snaps

      • Add registry action to the kubernetes-worker charm

      • Add support for kube-proxy cluster-cidr option to kubernetes-worker charm

      • Fix kubernetes-master charm starting services before TLS certs are saved

      • Fix kubernetes-worker charm failures in LXD

      • Fix stop hook failure on kubernetes-worker charm

      • Fix handling of juju kubernetes-worker.restart-needed state

      • Fix nagios checks in charms

    • Enable GPU mode if GPU hardware detected (#43467, @tvansteenburgh)

    • Fix ceph-secret type to kubernetes.io/rbd in kubernetes-master charm (#44635, @Cynerva)

    • Disallows installation of upstream docker from PPA in the Juju kubernetes-worker charm. (#44681, @wwwtyro)

    • Resolves juju vsphere hostname bug showing only a single node in a scaled node-pool. (#44780, @chuckbutler)

    • Fixes a bug in the kubernetes-worker Juju charm code that attempted to give kube-proxy more than one api endpoint. (#44677, @wwwtyro)

    • Added CIFS PV support for Juju Charms (#45117, @chuckbutler)

    • Fixes juju kubernetes master: 1. Get certs from a dead leader. 2. Append tokens. (#43620, @ktsakalozos)

    • kubernetes-master juju charm properly detects etcd-scale events and reconfigures appropriately. (#44967, @chuckbutler)

      • Use correct option name in the kubernetes-worker layer registry action (#44921, @jacekn)

      • Send dns details only after cdk-addons are configured (#44945, @ktsakalozos)

      • Added support to the pause action in the kubernetes-worker charm for new flag --delete-local-data (#44931, @chuckbutler)

      • Add namespace-{list, create, delete} actions to the kubernetes-master layer (#44277, @jacekn)

      • Using http2 in kubeapi-load-balancer to fix kubectl exec uses (#43625, @mbruzek)

    • Don't append :443 to registry domain in the kubernetes-worker layer registry action (#45550, @jacekn)

  • kubeadm

    • Enable the Node Authorizer/Admission plugin in v1.7 (#46879, @luxas)

    • Users can now pass extra parameters to etcd in a kubeadm cluster (#42246, @jamiehannaford)

    • Make kubeadm use the new CSR approver in v1.7 (#46864, @luxas)

    • Allow enabling multiple authorization modes at the same time (#42557, @xilabao)

    • add proxy client-certs to kube-apiserver to allow it to proxy aggregated api servers (#43715, @deads2k)* CentOS provider

  • hyperkube

    • The hyperkube image has been slimmed down and no longer includes addon manifests and other various scripts. These were introduced for the now removed docker-multinode setup system. (#44555, @luxas)
  • Support secure etcd cluster for centos provider. (#42994, @Shawyeok)

  • Update to kube-addon-manager:v6.4-beta.2: kubectl v1.6.4 and refreshed base images (#47389, @ixdy)

  • Remove Initializers from admission-control in kubernetes-master charm for pre-1.7 (#46987, @Cynerva)

  • Added state guards to the idle_status messaging in the kubernetes-master charm to make deployment faster on initial deployment. (#47183, @chuckbutler)

Cluster federation

  • Features:

    • Adds annotations to all Federation objects created by kubefed. (#42683, @perotinus)

      • Mechanism of adding federation domain maps to kube-dns deployment via --federations flag is superseded by adding/updating federations key in kube-system/kube-dns configmap. If user is using kubefed tool to join cluster federation, adding federation domain maps to kube-dns is already taken care by kubefed join and does not need further action.

      • Prints out status updates when running kubefed init (#41849, @perotinus)

      • kubefed init now supports overriding the default etcd image name with the --etcd-image parameter. (#46247, @marun)

      • kubefed will now configure NodeInternalIP as the federation API server endpoint when NodeExternalIP is unavailable for federation API servers exposed as NodePort services (#46960, @lukaszo)

      • Automate configuring nameserver in cluster-dns for CoreDNS provider (#42895, @shashidharatd)

      • A new controller for managing DNS records is introduced which can be optionally disabled to enable third party components to manage DNS records for federated services. (#45034, @shashidharatd)

    • Remove the --secret-name flag from kubefed join, instead generating the secret name arbitrarily. (#42513, @perotinus)

    • Use StorageClassName for etcd pvc (#46323, @marun)

  • Bug fixes:

    • Allow disabling federation controllers through override args (#44209, @irfanurrehman)

    • Kubefed: Use service accounts instead of the user's credentials when accessing joined clusters' API servers. (#42042, @perotinus)

    • Avoid panic if route53 fields are nil (#44380, @justinsb)

Credential provider

Information for Kubernetes clients (openapi, swagger, client-go)

  • Features:

    • Add Host field to TCPSocketAction (#42902, @louyihua)

      • Add the ability to lock on ConfigMaps to support HA for self hosted components (#42666, @timothysc)

      • validateClusterInfo: use clientcmdapi.NewCluster() (#44221, @ncdc)

      • OpenAPI spec is now available in protobuf binary and gzip format (with ETag support) (#45836, @mbohlool)

      • HostAliases is now parsed with hostAliases json keys to be in line with the feature's name. (#47512, @rickypai)

      • Add redirect support to SpdyRoundTripper (#44451, @ncdc)

      • Duplicate recurring Events now include the latest event's Message string (#46034, @kensimon)

  • Bug fixes:

    • Fix serialization of EnforceNodeAllocatable (#44606, @ivan4th)

      • Use OS-specific libs when computing client User-Agent in kubectl, etc. (#44423, @monopole)

Instrumentation

Internal storage layer

  • prevent pods/status from touching ownerreferences (#45826, @deads2k)

  • Ensure that autoscaling/v1 is the preferred version for API discovery when autoscaling/v2alpha1 is enabled. (#45741, @DirectXMan12)

  • The proxy subresource APIs for nodes, services, and pods now support the HTTP PATCH method. (#44929, @liggitt)

  • Fluentd now tolerates all NoExecute Taints when run in gcp configuration. (#45715, @gmarek)

Kubernetes Dashboard

kube-dns

  • Updates kube-dns to 1.14.2 (#45684, @bowei)

    • Support kube-master-url flag without kubeconfig

    • Fix concurrent R/Ws in dns.go

    • Fix confusing logging when initialize server

    • Fix printf in cmd/kube-dns/app/server.go

    • Fix version on startup and --version flag

    • Support specifying port number for nameserver in stubDomains

kube-proxy

  • Features:

    • ratelimit runs of iptables by sync-period flags (#46266, @thockin)

    • Log warning when invalid dir passed to kubectl proxy --www (#44952, @CaoShuFeng)

    • Add --write-config-to flag to kube-proxy to allow users to write the default configuration settings to a file. (#45908, @ncdc)

      • When switching from the service.beta.kubernetes.io/external-traffic annotation to the new (#46716, @thockin) externalTrafficPolicy field, the values chnag as follows: * "OnlyLocal" becomes "Local" * "Global" becomes "Cluster".
  • Bug fixes:

kube-scheduler

  • Scheduler can receive its policy configuration from a ConfigMap (#43892, @bsalamat)

  • Aggregated used ports at the NodeInfo level for PodFitsHostPorts predicate. (#42524, @k82cn)

  • leader election lock based on scheduler name (#42961, @wanghaoran1988)

Storage

  • Features

    • The options passed to a Flexvolume plugin's mount command now contains the pod name (kubernetes.io/pod.name), namespace (kubernetes.io/pod.namespace), uid (kubernetes.io/pod.uid), and service account name (kubernetes.io/serviceAccount.name). (#39488, @liggitt)

    • GCE and AWS dynamic provisioners extension: admins can configure zone(s) in which a persistent volume shall be created. (#38505, @pospispa)

    • Implement API usage metrics for GCE storage. (#40338, @gnufied)

    • Add support for emitting metrics from openstack cloudprovider about storage operations. (#46008, @NickrenREN)

    • vSphere cloud provider: vSphere storage policy support for dynamic volume provisioning. (#46176, @BaluDontu)

    • Support StorageClass in Azure file volume (#42170, @rootfs)

    • Start recording cloud provider metrics for AWS (#43477, @gnufied)

    • Support iSCSI CHAP authentication (#43396, @rootfs)

    • Openstack cinder v1/v2/auto API support (#40423, @mkutsevol)

    • Alpha feature: allows users to set storage limit to isolate EmptyDir volumes. It enforces the limit by evicting pods that exceed their storage limits (#45686, @jingxu97)

  • Bug fixes

    • Fixes issue with Flexvolume, introduced in 1.6.0, where drivers without an attacher would fail (node indefinitely waiting for attach). A driver API addition is introduced: drivers that don't implement attach should return attach: false on init. (#47503, @chakri-nelluri)

    • Fix dynamic provisioning of PVs with inaccurate AccessModes by refusing to provision when PVCs ask for AccessModes that can't be satisfied by the PVs' underlying volume plugin. (#47274, @wongma7)

    • Fix pods failing to start if they specify a file as a volume subPath to mount. (#45623, @wongma7)

    • Fix erroneous FailedSync and FailedMount events being periodically and indefinitely posted on Pods after kubelet is restarted. (#44781, @wongma7)

    • Fix AWS EBS volumes not getting detached from node if routine to verify volumes are attached runs while the node is down (#46463, @wongma7)

    • Improves performance of Cinder volume attach/detach operations. (#41785, @jamiehannaford)

    • Fix iSCSI iSER mounting. (#47281, @mtanino)

    • iscsi storage plugin: Fix dangling session when using multiple target portal addresses. (#46239, @mtanino)

    • Fix log spam due to unnecessary status update when node is deleted. (#45923, @verult)

    • Don't try to attach volume to new node if it is already attached to another node and the volume does not support multi-attach. (#45346, @codablock)

    • detach the volume when pod is terminated (#45286, @gnufied)

    • Roll up volume error messages in the kubelet sync loop. (#44938, @jayunit100)

    • Catch error when failed to make directory in NFS volume plugin (#38801, @nak3)

Networking

  • DNS and name resolution

    • Updates kube-dns to 1.14.2 (#45684, @bowei)

      • Support kube-master-url flag without kubeconfig

      • Fix concurrent R/Ws in dns.go

      • Fix confusing logging when initializing server

      • Support specifying port number for nameserver in stubDomains

    • A new field hostAliases has been added to pod.spec to support adding entries to a Pod's /etc/hosts file. (#44641, @rickypai)

    • Fix DNS suffix search list support in Windows kube-proxy. (#45642, @JiangtianLi)

  • Kube-proxy

    • ratelimit runs of iptables by sync-period flags (#46266, @thockin)

    • Fix corner-case with OnlyLocal Service healthchecks. (#44313, @thockin)

  • Exclude nodes labeled as master from LoadBalancer / NodePort; restores documented behaviour. (#44745, @justinsb)

  • Adds support for CNI ConfigLists, which permit plugin chaining. (#42202, @squeed)

  • Fix node selection logic on initial LB creation (#45773, @justinsb)

  • When switching from the service.beta.kubernetes.io/external-traffic annotation to the new externalTrafficPolicy field, the values change as follows: * "OnlyLocal" becomes "Local" * "Global" becomes "Cluster". (#46716, @thockin)

  • servicecontroller: Fix node selection logic on initial LB creation (#45773, @justinsb)

  • fixed HostAlias in PodSpec to allow foo.bar hostnames instead of just foo DNS labels. (#46809, @rickypai)

Node controller

Node Components

  • Features

    • Removes the deprecated kubelet flag --babysit-daemons (#44230, @mtaufen)

    • make dockershim.sock configurable (#43914, @ncdc)

    • Support running Ubuntu image on GCE node (#44744, @yguo0905)

    • Kubernetes now shares a single PID namespace among all containers in a pod when running with docker >= 1.13.1. This means processes can now signal processes in other containers in a pod, but it also means that the kubectl exec {pod} kill 1 pattern will cause the Pod to be restarted rather than a single container. (#45236, @verb)

    • A new field hostAliases has been added to the pod spec to support adding entries to a Pod's /etc/hosts file. (#44641, @rickypai)

    • With --feature-gates=RotateKubeletClientCertificate=true set, the Kubelet will (#41912, @jcbsmpsn)

      • request a client certificate from the API server during the boot cycle and pause

      • waiting for the request to be satisfied. It will continually refresh the certificate

    • Create clusters with GPUs in GCE by specifying type=<gpu-type>,count=<gpu-count> to NODE_ACCELERATORS environment variable. (#45130, @vishh)

    • Disk Pressure triggers the deletion of terminated containers on the node. (#45896, @dashpole)

    • Support status.hostIP in downward API (#42717, @andrewsykim)

    • Upgrade Node Problem Detector to v0.4.1. New features added:

      • Add /dev/kmsg support for kernel log parsing. (#112, @euank)

      • Add ABRT support. (#105, @juliusmilan)

      • Add a docker image corruption problem detection in the default docker monitor config. (#117, @ajitak)

    • Upgrade CAdvisor to v0.26.1. New features added:

      • Add Docker overlay2 storage driver support.

      • Add ZFS support.

      • Add UDP metrics (collection disabled by default).

    • Roll up volume error messages in the kubelet sync loop. (#44938, @jayunit100)

    • Allow pods to opt out of PodPreset mutation via an annotation on the pod. (#44965, @jpeeler)

    • Add generic Toleration for NoExecute Taints to NodeProblemDetector, so that NPD can be scheduled to nodes with NoExecute taints by default. (#45883, @gmarek)

    • Prevent kubelet from setting allocatable < 0 for a resource upon initial creation. (#46516, @derekwaynecarr)

  • Bug fixes

    • Changed Kubelet default image-gc-high-threshold to 85% to resolve a conflict with default settings in docker that prevented image garbage collection from resolving low disk space situations when using devicemapper storage. (#40432, @sjenning)

    • Mark all static pods on the Master node as critical to prevent preemption (#47356, @dashpole)

    • Restrict active deadline seconds max allowed value to be maximum uint32 to avoid overflow (#46640, @derekwaynecarr)

    • Fix a bug with cAdvisorPort in the KubeletConfiguration that prevented setting it to 0, which is in fact a valid option, as noted in issue #11710. (#46876, @mtaufen)

    • Fix a bug where container cannot run as root when SecurityContext.RunAsNonRoot is false. (#47009, @yujuhong)

    • Fix the Kubelet PLEG update timestamp to better reflect the health of the component when the container runtime request hangs. (#45496, @andyxning)

    • Avoid failing sync loop health check on container runtime errors (#47124, @andyxning)

    • Fix a bug where Kubelet does not ignore pod manifest files starting with dots (#45111, @dwradcliffe)

    • Fix kubelet reset liveness probe failure count across pod restart boundaries (#46371, @sjenning)

    • Fix log spam due to unnecessary status update when node is deleted. (#45923, @verult)

    • Fix kubelet event recording for selected events. (#46246, @derekwaynecarr)

    • Fix image garbage collector attempting to remove in-use images. (#46121, @Random-Liu)

    • Detach the volume when pod is terminated (#45286, @gnufied)

    • CRI: Fix StopContainer timeout (#44970, @Random-Liu)

    • CRI: Fix kubelet failing to start when using rkt. (#44569, @yujuhong)

    • CRI: kubectl logs -f now stops following when container stops, as it did pre-CRI. (#44406, @Random-Liu)

    • Fixes a bug where pods were evicted even after images are successfully deleted. (#44986, @dashpole)

    • When creating a container using envFrom. (#42083, @fraenkel)

      • validate the name of the ConfigMap in a ConfigMapRef
      • validate the name of the Secret in a SecretRef
    • Fix the bug where StartedAt time is not reported for exited containers. (#45977, @yujuhong)

  • Changes/deprecations

    • Marks the Kubelet's --master-service-namespace flag deprecated (#44250, @mtaufen)

    • Remove PodSandboxStatus.Linux.Namespaces.Network from CRI since it is not used/needed. (#45166, @feiskyer)

    • Remove the --enable-cri flag. CRI is now the default, and the only way to integrate with Kubelet for the container runtimes.(#45194, @yujuhong)

    • CRI has been moved to package pkg/kubelet/apis/cri/v1alpha1/runtime as part of Kubelet API path cleanup. (#47113, @feiskyer)

Scheduling

Security

  • Features:

    • Permission to use a PodSecurityPolicy can now be granted within a single namespace by allowing the use verb on the podsecuritypolicies resource within the namespace. (#42360, @liggitt)

    • Break the 'certificatesigningrequests' controller into a 'csrapprover' controller and 'csrsigner' controller. (#45514, @mikedanese)

    • kubectl auth can-i now supports non-resource URLs (#46432, @CaoShuFeng)

    • Promote kubelet tls bootstrap to beta. Add a non-experimental flag to use it and deprecate the old flag. (#46799, @mikedanese)

    • Add the alpha.image-policy.k8s.io/failed-open=true annotation when the image policy webhook encounters an error and fails open. (#46264, @Q-Lee)

    • Add an AEAD encrypting transformer for storing secrets encrypted at rest (#41939, @smarterclayton)

    • Add secretbox and AES-CBC encryption modes to at rest encryption. AES-CBC is considered superior to AES-GCM because it is resistant to nonce-reuse attacks, and secretbox uses Poly1305 and XSalsa20. (#46916, @smarterclayton)

  • Bug fixes:

    • Make gcp auth provider not to override the Auth header if it's already exits (#45575, @wanghaoran1988)

    • The oidc client plugin has reduce round trips and fix scopes requested (#45317, @ericchiang)

    • API requests using impersonation now include the system:authenticated group in the impersonated user automatically. (#44076, @liggitt)

    • RBAC role and rolebinding auto-reconciliation is now performed only when the RBAC authorization mode is enabled. (#43813, @liggitt)

    • PodSecurityPolicy now recognizes pods that specify runAsNonRoot: false in their security context and does not overwrite the specified value (#47073, @Q-Lee)

    • Tokens retrieved from Google Cloud with application default credentials will not be cached if the client fails authorization (#46694, @matt-tyler)

    • Update kube-dns, metadata-proxy, and fluentd-gcp, event-exporter, prometheus-to-sd, and ip-masq-agent addons with new base images containing fixes for CVE-2016-4448, CVE-2016-9841, CVE-2016-9843, CVE-2017-1000366, CVE-2017-2616, and CVE-2017-9526. (#47877, @ixdy)

    • Fixed an issue mounting the wrong secret into pods as a service account token. (#44102, @ncdc)

Scalability

  • The HorizontalPodAutoscaler controller will now only send updates when it has new status information, reducing the number of writes caused by the controller. (#47078, @DirectXMan12)

External Dependency Version Information

Continuous integration builds have used the following versions of external dependencies, however, this is not a strong recommendation and users should consult an appropriate installation or upgrade guide before deciding what versions of etcd, docker or rkt to use.

  • Docker versions 1.10.3, 1.11.2, 1.12.6 have been validated

    • Docker version 1.12.6 known issues

      • overlay2 driver not fully supported

      • live-restore not fully supported

      • no shared pid namespace support

    • Docker version 1.11.2 known issues

      • Kernel crash with Aufs storage driver on Debian Jessie (#27885) which can be identified by the node problem detector

      • Leaked File descriptors (#275)

      • Additional memory overhead per container (#21737)

    • Docker 1.10.3 contains backports provided by RedHat for known issues

  • For issues with Docker 1.13.X please see the 1.13.X tracking issue

  • rkt version 1.23.0+

  • etcd version 3.0.17

  • Go version: 1.8.3. Link to announcement

    • Kubernetes can only be compiled with Go 1.8. Support for all other versions is dropped.

Previous Releases Included in v1.7.0

v1.7.0-rc.1

Documentation & Examples

Downloads for v1.7.0-rc.1

filename sha256 hash
kubernetes.tar.gz 9da0e04de83e14f87540b5b58f415b5cdb78e552e07dc35985ddb1b7f618a2f2
kubernetes-src.tar.gz f4e6cfd0d859d7880d14d1052919a9eb79c26e1cd4105330dda8b05f073cab40

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 5f161559ce91321577c09f03edf6d3416f1964056644c8725394d9c23089b052
kubernetes-client-darwin-amd64.tar.gz c54b07d2b0240e2be57ff6bf95794bf826a082a7b4e8316c9ec45e92539d6252
kubernetes-client-linux-386.tar.gz d61874a51678dee6cb1e5514e703b7070c27fb728e8b18533a5233fcca2e30fd
kubernetes-client-linux-amd64.tar.gz 4004cec39c637fa7a2e3d309d941f3e73e0a16a3511c5e46cbb2fa6bb27d89e5
kubernetes-client-linux-arm64.tar.gz 88c37ea21d7a2c464be6fee29db4f295d738028871127197253923cec00cf179
kubernetes-client-linux-arm.tar.gz 0e5e5f52fe93a78003c6cac171a6aae8cb1f2f761e325d509558df84aba57b32
kubernetes-client-linux-ppc64le.tar.gz d4586a64f239654a53faf1a6c18fc5d5c99bb95df593bf92b5e9fac0daba71e2
kubernetes-client-linux-s390x.tar.gz 728097218b051df26b90863779588517183fa4e1f55dee414aff188e4a50e7df
kubernetes-client-windows-386.tar.gz d949bd6977a707b46609ee740f3a16592e7676a6dc81ad495d9f511cb4d2cb98
kubernetes-client-windows-amd64.tar.gz b787198e3320ef4094112f44e0442f062c04ce2137c14bbec10f5df9fbb3f404

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz e5eaa8951d021621b160d41bc1350dcf64178c46a0e6e656be78a5e5b267dc5d
kubernetes-server-linux-arm64.tar.gz 08b694b46bf7b5906408a331a9ccfb9143114d414d64fcca8a6daf6ec79c282b
kubernetes-server-linux-arm.tar.gz ca980d1669e22cc3846fc2bdf77e6bdc1c49820327128db0d0388c4def77bc16
kubernetes-server-linux-ppc64le.tar.gz c656106048696bd2c4b66a3f8e348b37634abf48a9dc1f4eb941e01da9597b26
kubernetes-server-linux-s390x.tar.gz 7888ed82b33b0002a488224ffa7a93e865e1d2b01e4ccc44b8d04ff4be5fef71

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 26c74018b048e2ec0d2df61216bda77bdf29c23f34dac6d7b8a55a56f0f95927
kubernetes-node-linux-arm64.tar.gz e5c6d38556f840067b0eea4ca862c5c79a89ff47063dccecf1c0fdc2c25a9a9b
kubernetes-node-linux-arm.tar.gz 4cf1d7843ede557bd629970d1bc21a936b76bf9138fc96224e538c5a61f6e203
kubernetes-node-linux-ppc64le.tar.gz e7a870c53af210cc00f0854e2ffad8ee06b20c4028f256d60d04f31a630291d1
kubernetes-node-linux-s390x.tar.gz 78865fe4029a39744865e0acb4dd15f6f22de8264f7c65a65df52891c3b91967
kubernetes-node-windows-amd64.tar.gz 8b632e7c79e750e7102d02120508f0394d3f11a2c36b42d2c5f96ec4f0f1f1ed

Changelog since v1.7.0-beta.2

Action Required

  • The following alpha API groups were unintentionally enabled by default in previous releases, and will no longer be enabled by default in v1.8: (#47690, @caesarxuchao)
    • rbac.authorization.k8s.io/v1alpha1
    • settings.k8s.io/v1alpha1
    • If you wish to continue using them in v1.8, please enable them explicitly using the --runtime-config flag of the apiserver (for example, --runtime-config="rbac.authorization.k8s.io/v1alpha1,settings.k8s.io/v1alpha1")
  • Paths containing backsteps (for example, "../bar") are no longer allowed in hostPath volume paths, or in volumeMount subpaths (#47290, @jhorwit2)
  • Azure: Change container permissions to private for provisioned volumes. If you have existing Azure volumes that were created by Kubernetes v1.6.0-v1.6.5, you should change the permissions on them manually. (#47605, @brendandburns)

Other notable changes

  • Update kube-dns, metadata-proxy, and fluentd-gcp, event-exporter, prometheus-to-sd, and ip-masq-agent addons with new base images containing fixes for CVE-2016-4448, CVE-2016-9841, CVE-2016-9843, CVE-2017-1000366, CVE-2017-2616, and CVE-2017-9526. (#47877, @ixdy)
  • Bump the memory request/limit for ip-masq-daemon. (#47887, @dnardo)
  • HostAliases is now parsed with hostAliases json keys to be in line with the feature's name. (#47512, @rickypai)
  • Fixes issue w/Flex volume, introduced in 1.6.0, where drivers without an attacher would fail (node indefinitely waiting for attach). Drivers that don't implement attach should return attach: false on init. (#47503, @chakri-nelluri)
  • Tokens retrieved from Google Cloud with application default credentials will not be cached if the client fails authorization (#46694, @matt-tyler)
  • ip-masq-agent is now the default for GCE (#47794, @dnardo)
  • Taints support in gce/salt startup scripts. (#47632, @mwielgus)
  • Fix VolumeClaims/capacity in "kubectl describe statefulsets" output. (#47573, @k82cn)
  • New 'service.beta.kubernetes.io/aws-load-balancer-extra-security-groups' Service annotation to specify extra Security Groups to be added to ELB created by AWS cloudprovider (#45268, @redbaron)
  • AWS: clean up blackhole routes when using kubenet (#47572, @justinsb)
  • The protobuf serialization of API objects has been updated to store maps in a predictable order to ensure that the representation of that object does not change when saved into etcd. This prevents the same object from being seen as being modified, even when no values have changed. (#47701, @smarterclayton)
  • Mark Static pods on the Master as critical (#47356, @dashpole)
  • kubectl logs with label selector supports specifying a container name (#44282, @derekwaynecarr)
  • Adds an approval work flow to the the certificate approver that will approve certificate signing requests from kubelets that meet all the criteria of kubelet server certificates. (#46884, @jcbsmpsn)
  • AWS: Maintain a cache of all instances, to fix problem with > 200 nodes with ELBs (#47410, @justinsb)
  • Bump GLBC version to 0.9.5 - fixes loss of manually modified GCLB health check settings upon upgrade from pre-1.6.4 to either 1.6.4 or 1.6.5. (#47567, @nicksardo)
  • Update cluster-proportional-autoscaler, metadata-proxy, and fluentd-gcp addons with fixes for CVE-2016-4448, CVE-2016-8859, CVE-2016-9841, CVE-2016-9843, and CVE-2017-9526. (#47545, @ixdy)
  • AWS: Batch DescribeInstance calls with nodeNames to 150 limit, to stay within AWS filter limits. (#47516, @gnufied)

v1.7.0-beta.2

Documentation & Examples

Downloads for v1.7.0-beta.2

filename sha256 hash
kubernetes.tar.gz 40814fcc343ee49df6a999165486714b5e970d90a368332c8e233a5741306a4c
kubernetes-src.tar.gz 864561a13af5869722276eb0f2d7c0c3bb8946c4ea23551b6a8a68027737cf1b

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz f4802f28767b55b0b29251485482e4db06dc15b257d9e9c8917d47a8531ebc20
kubernetes-client-darwin-amd64.tar.gz 0a9bb88dec66390e428f499046b35a9e3fbb253d1357006821240f3854fd391e
kubernetes-client-linux-386.tar.gz fbf5c1c9b0d9bfa987936539c8635d809becf2ab447187f6e908ad3d5acebdc5
kubernetes-client-linux-amd64.tar.gz 6b56b70519093c87a6a86543bcd137d8bea7b8ae172fdaa2914793baf47883eb
kubernetes-client-linux-arm64.tar.gz ff075b68d0dbbfd04788772d39299f16ee4c1a0f8ff175ed697afca206574707
kubernetes-client-linux-arm.tar.gz 81fec317664151ae318eca49436c9273e106ec869267b453c377544446d865e8
kubernetes-client-linux-ppc64le.tar.gz 91ee08c0209b767a576164eb6b44450f12ef29dedbca78b3daa447c6516b42fb
kubernetes-client-linux-s390x.tar.gz 28868e4bdd72861c87dd6bce4218fe56e578dd5998cab2da56bde0335904a26b
kubernetes-client-windows-386.tar.gz 779e7d864d762af4b039e511e14362426d8e60491a02f5ef571092aac9bc2b22
kubernetes-client-windows-amd64.tar.gz d35a306cb041026625335a330b4edffa8babec8e0b2d90b170ab8f318af87ff6

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 27f71259e3a7e819a6f5ffcf8ad63827f09e928173402e85690ec6943ef3a2fe
kubernetes-server-linux-arm64.tar.gz c9e331c452902293ea00e89ea1944d144c9200b97f033b56f469636c8c7b718d
kubernetes-server-linux-arm.tar.gz bf3e1b45982ef0a25483bd212553570fa3a1cda49f9a097a9796400fbb70e810
kubernetes-server-linux-ppc64le.tar.gz 90da52c556b0634241d2da84347537c49b16bfcb0d226afb4213f4ea5a9b80ec
kubernetes-server-linux-s390x.tar.gz 0c4243bae5310764508dba649d8440afbbd11fde2cac3ce651872a9f22694d45

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz d6c9d9642c31150b68b8da5143384bd4eee0617e16833d9bbafff94f25a76161
kubernetes-node-linux-arm64.tar.gz b91b52b5708539710817a9378295ca4c19afbb75016aa2908c00678709d641ec
kubernetes-node-linux-arm.tar.gz 3b3421abb90985773745a68159df338eb12c47645434a56c3806dd48e92cb023
kubernetes-node-linux-ppc64le.tar.gz a6b843af1284252636cf31a9523ff825c23dee5d57da24bf970031c846242ce5
kubernetes-node-linux-s390x.tar.gz 43830c0509e9477534661292fc3f4a100250adbee316028c5e869644d75aa478
kubernetes-node-windows-amd64.tar.gz 0ea1ee0dfc483248b3d20177bf023375289214ba153a6466a68764cf02931b52

Changelog since v1.7.0-beta.1

Action Required

  • New and upgraded 1.7 GCE/GKE clusters no longer have an RBAC ClusterRoleBinding that grants the cluster-admin ClusterRole to the default service account in the kube-system namespace. (#46750, @cjcullen)
    • If this permission is still desired, run the following command to explicitly grant it, either before or after upgrading to 1.7:
    • kubectl create clusterrolebinding kube-system-default --serviceaccount=kube-system:default --clusterrole=cluster-admin

Other notable changes

  • AWS: Process disk attachments even with duplicate NodeNames (#47406, @justinsb)
  • kubefed will now configure NodeInternalIP as the federation API server endpoint when NodeExternalIP is unavailable for federation API servers exposed as NodePort services (#46960, @lukaszo)
  • PodSecurityPolicy now recognizes pods that specify runAsNonRoot: false in their security context and does not overwrite the specified value (#47073, @Q-Lee)
  • Bump GLBC version to 0.9.4 (#47468, @nicksardo)
  • Stackdriver Logging deployment exposes metrics on node port 31337 when enabled. (#47402, @crassirostris)
  • Update to kube-addon-manager:v6.4-beta.2: kubectl v1.6.4 and refreshed base images (#47389, @ixdy)
  • Enable iptables -w in kubeadm selfhosted (#46372, @cmluciano)
  • Azure plugin for client auth (#43987, @cosmincojocar)
  • Fix dynamic provisioning of PVs with inaccurate AccessModes by refusing to provision when PVCs ask for AccessModes that can't be satisfied by the PVs' underlying volume plugin (#47274, @wongma7)
  • AWS: Avoid spurious ELB listener recreation - ignore case when matching protocol (#47391, @justinsb)
  • gce kube-up: The Node authorization mode and NodeRestriction admission controller are now enabled (#46796, @mikedanese)
  • update gophercloud/gophercloud dependency for reauthentication fixes (#45545, @stuart-warren)
  • fix sync loop health check with separating runtime errors (#47124, @andyxning)
  • servicecontroller: Fix node selection logic on initial LB creation (#45773, @justinsb)
  • Fix iSCSI iSER mounting. (#47281, @mtanino)
  • StorageOS Volume Driver (#42156, @croomes)
    • StorageOS can be used as a storage provider for Kubernetes. With StorageOS, capacity from local or attached storage is pooled across the cluster, providing converged infrastructure for cloud-native applications.
  • CRI has been moved to package pkg/kubelet/apis/cri/v1alpha1/runtime. (#47113, @feiskyer)
  • Make gcp auth provider not to override the Auth header if it's already exits (#45575, @wanghaoran1988)
  • Allow pods to opt out of PodPreset mutation via an annotation on the pod. (#44965, @jpeeler)
  • Add Traditional Chinese translation for kubectl (#46559, @warmchang)
  • Remove Initializers from admission-control in kubernetes-master charm for pre-1.7 (#46987, @Cynerva)
  • Added state guards to the idle_status messaging in the kubernetes-master charm to make deployment faster on initial deployment. (#47183, @chuckbutler)
  • Bump up Node Problem Detector version to v0.4.0, which added support of parsing log from /dev/kmsg and ABRT. (#46743, @Random-Liu)
  • kubeadm: Enable the Node Authorizer/Admission plugin in v1.7 (#46879, @luxas)
  • Deprecated Binding objects in 1.7. (#47041, @k82cn)
  • Add secretbox and AES-CBC encryption modes to at rest encryption. AES-CBC is considered superior to AES-GCM because it is resistant to nonce-reuse attacks, and secretbox uses Poly1305 and XSalsa20. (#46916, @smarterclayton)
  • The HorizontalPodAutoscaler controller will now only send updates when it has new status information, reducing the number of writes caused by the controller. (#47078, @DirectXMan12)
  • gpusInUse info error when kubelet restarts (#46087, @tianshapjq)
  • kubeadm: Modifications to cluster-internal resources installed by kubeadm will be overwritten when upgrading from v1.6 to v1.7. (#47081, @luxas)

v1.7.0-beta.1

Documentation & Examples

Downloads for v1.7.0-beta.1

filename sha256 hash
kubernetes.tar.gz e2fe83b443544dbb17c5ce481b6b3dcc9e62fbc573b5e270939282a31a910543
kubernetes-src.tar.gz 321df2749cf4687ec62549bc532eb9e17f159c26f4748732746bce1a4d41e77f

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 308cc980ee14aca49235569302e188dac08879f9236ed405884dada3b4984f44
kubernetes-client-darwin-amd64.tar.gz 791bc498c2bfd858497d7257500954088bec19dbfeb9809e7c09983fba04f2a6
kubernetes-client-linux-386.tar.gz d9ecac5521cedcc6a94d6b07a57f58f15bb25e43bd766911d2f16cf491a985ac
kubernetes-client-linux-amd64.tar.gz 33e800a541a1ce7a89e26dcfaa3650c06cf7239ae22272da944fb0d1288380e1
kubernetes-client-linux-arm64.tar.gz 8b245f239ebbede700adac1380f63a71025b8e1f7010e97665c77a0af84effaf
kubernetes-client-linux-arm.tar.gz 730aeeda02e500cc9300c7a555d4e0a1221b7cf182e95e6a9fbe16d90bbbc762
kubernetes-client-linux-ppc64le.tar.gz 7c97431547f40e9dece33e602993c19eab53306e64d16bf44c5e881ba52e5ab4
kubernetes-client-linux-s390x.tar.gz 8e95fcc59d9741d67789a8e6370a545c273206f7ff07e19154fe8f0126754571
kubernetes-client-windows-386.tar.gz 8bcd3ed7b6081e2a68e5a68cca71632104fef57e96ec5c16191028d113d7e54b
kubernetes-client-windows-amd64.tar.gz 1b32e418255f0c6b122b7aba5df9798d37c44c594ac36915ef081076d7464d52

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 2df51991734490871a6d6933ad15e785d543ecae2b06563fc92eb97a019f7eea
kubernetes-server-linux-arm64.tar.gz 8c97a97249d644fffbdcd87867e516f1029a3609979379ac4c6ea077f5b5b9b7
kubernetes-server-linux-arm.tar.gz 8e98741d19bd4a51ad275ca6bf793e0c305b75f2ac6569fb553b6cb62daa943e
kubernetes-server-linux-ppc64le.tar.gz 71398347d2aae5345431f4e4c2bedcbdf5c3f406952ce254ef0ae9e4f55355a1
kubernetes-server-linux-s390x.tar.gz 1f4fcbc1a70692a57accdab420ad2411acd4672f546473e977ef1c09357418bb

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz b84d291bc3e35912b4da067b3bf328dded87f875dc479b994408a161867c80e5
kubernetes-node-linux-arm64.tar.gz 2d306f1e757c49f9358791d7b0176e29f1aa32b6e6d70369b0e40c11a18b2df0
kubernetes-node-linux-arm.tar.gz 3957988bd800514a67ee1cf9e21f99f7e0797810ef3c22fd1604f0b6d1d6dad4
kubernetes-node-linux-ppc64le.tar.gz f7b3c9c01a25e6afd31dafaeed1eb926f6aae741c0f0967cca2c12492e509fd0
kubernetes-node-linux-s390x.tar.gz de7db84acd32cd7d5b3ac0957cded289335e187539e5495899e05b4043974892
kubernetes-node-windows-amd64.tar.gz efbafcae12ee121cf3a507bba8e36ac43d23d8262dc1a575b85e546ff81030fb

Changelog since v1.7.0-alpha.4

Action Required

  • kube-apiserver: a new authorization mode (--authorization-mode=Node) authorizes nodes to access secrets, configmaps, persistent volume claims and persistent volumes related to their pods. (#46076, @liggitt) * Nodes must use client credentials that place them in the system:nodes group with a username of system:node:<nodeName> in order to be authorized by the node authorizer (the credentials obtained by the kubelet via TLS bootstrapping satisfy these requirements) * When used in combination with the RBAC authorization mode (--authorization-mode=Node,RBAC), the system:node role is no longer automatically granted to the system:nodes group.
  • kube-controller-manager has dropped support for the --insecure-experimental-approve-all-kubelet-csrs-for-group flag. Instead, the csrapproving controller uses authorization checks to determine whether to approve certificate signing requests: (#45619, @mikedanese) * requests for a TLS client certificate for any node are approved if the CSR creator has create permission on the certificatesigningrequests resource and nodeclient subresource in the certificates.k8s.io API group * requests from a node for a TLS client certificate for itself are approved if the CSR creator has create permission on the certificatesigningrequests resource and the selfnodeclient subresource in the certificates.k8s.io API group * requests from a node for a TLS serving certificate for itself are approved if the CSR creator has create permission on the certificatesigningrequests resource and the selfnodeserver subresource in the certificates.k8s.io API group
  • Support updating storageclasses in etcd to storage.k8s.io/v1. You must do this prior to upgrading to 1.8. (#46116, @ncdc)
  • The namespace API object no longer supports the deletecollection operation. (#46407, @liggitt)
  • NetworkPolicy has been moved from extensions/v1beta1 to the new (#39164, @danwinship) networking.k8s.io/v1 API group. The structure remains unchanged from the beta1 API. The net.beta.kubernetes.io/network-policy annotation on Namespaces to opt in to isolation has been removed. Instead, isolation is now determined at a per-pod level, with pods being isolated if there is any NetworkPolicy whose spec.podSelector targets them. Pods that are targeted by NetworkPolicies accept traffic that is accepted by any of the NetworkPolicies (and nothing else), and pods that are not targeted by any NetworkPolicy accept all traffic by default. Action Required: When upgrading to Kubernetes 1.7 (and a network plugin that supports the new NetworkPolicy v1 semantics), to ensure full behavioral compatibility with v1beta1:
    1. In Namespaces that previously had the "DefaultDeny" annotation, you can create equivalent v1 semantics by creating a NetworkPolicy that matches all pods but does not allow any traffic:

          kind: NetworkPolicy
          apiVersion: networking.k8s.io/v1
          metadata:
            name: default-deny
          spec:
            podSelector:

      This will ensure that pods that aren't matched by any other NetworkPolicy will continue to be fully-isolated, as they were before.

    2. In Namespaces that previously did not have the "DefaultDeny" annotation, you should delete any existing NetworkPolicy objects. These would have had no effect before, but with v1 semantics they might cause some traffic to be blocked that you didn't intend to be blocked.

Other notable changes

  • Added exponential backoff to Azure cloudprovider (#46660, @jackfrancis)
  • fixed HostAlias in PodSpec to allow foo.bar hostnames instead of just foo DNS labels. (#46809, @rickypai)
  • Implements rolling update for StatefulSets. Updates can be performed using the RollingUpdate, Paritioned, or OnDelete strategies. OnDelete implements the manual behavior from 1.6. status now tracks (#46669, @kow3ns)
    • replicas, readyReplicas, currentReplicas, and updatedReplicas. The semantics of replicas is now consistent with DaemonSet and ReplicaSet, and readyReplicas has the semantics that replicas did prior to this release.
  • Add Japanese translation for kubectl (#46756, @girikuncoro)
  • federation: Add admission controller for policy-based placement (#44786, @tsandall)
  • Get command uses OpenAPI schema to enhance display for a resource if run with flag 'use-openapi-print-columns'. (#46235, @droot)
    • An example command:
    • kubectl get pods --use-openapi-print-columns
  • add gzip compression to GET and LIST requests (#45666, @ilackarms)
  • Fix the bug where container cannot run as root when SecurityContext.RunAsNonRoot is false. (#47009, @yujuhong)
  • Fixes a bug with cAdvisorPort in the KubeletConfiguration that prevented setting it to 0, which is in fact a valid option, as noted in issue #11710. (#46876, @mtaufen)
  • Stackdriver cluster logging now deploys a new component to export Kubernetes events. (#46700, @crassirostris)
  • Alpha feature: allows users to set storage limit to isolate EmptyDir volumes. It enforces the limit by evicting pods that exceed their storage limits (#45686, @jingxu97)
  • Adds the Categories []string field to API resources, which represents the list of group aliases (e.g. "all") that every resource belongs to. (#43338, @fabianofranz)
  • Promote kubelet tls bootstrap to beta. Add a non-experimental flag to use it and deprecate the old flag. (#46799, @mikedanese)
  • Fix disk partition discovery for brtfs (#46816, @dashpole)
    • Add ZFS support
    • Add overlay2 storage driver support
  • Support creation of GCP Internal Load Balancers from Service objects (#46663, @nicksardo)
  • Introduces status conditions to the HorizontalPodAutoscaler in autoscaling/v2alpha1, indicating the current status of a given HorizontalPodAutoscaler, and why it is or is not scaling. (#46550, @DirectXMan12)
  • Support OpenAPI spec aggregation for kube-aggregator (#46734, @mbohlool)
  • Implement kubectl rollout undo and history for DaemonSet (#46144, @janetkuo)
  • Respect PDBs during node upgrades and add test coverage to the ServiceTest upgrade test. (#45748, @mml)
  • Disk Pressure triggers the deletion of terminated containers on the node. (#45896, @dashpole)
  • Add the alpha.image-policy.k8s.io/failed-open=true annotation when the image policy webhook encounters an error and fails open. (#46264, @Q-Lee)
  • Enable kubelet csr bootstrap in GCE/GKE (#40760, @mikedanese)
  • Implement Daemonset history (#45924, @janetkuo)
  • When switching from the service.beta.kubernetes.io/external-traffic annotation to the new (#46716, @thockin)
    • externalTrafficPolicy field, the values chnag as follows: * "OnlyLocal" becomes "Local" * "Global" becomes "Cluster".
  • Fix kubelet reset liveness probe failure count across pod restart boundaries (#46371, @sjenning)
  • The gce metadata server can be hidden behind a proxy, hiding the kubelet's token. (#45565, @Q-Lee)
  • AWS: Allow configuration of a single security group for ELBs (#45500, @nbutton23)
  • Allow remote admission controllers to be dynamically added and removed by administrators. External admission controllers make an HTTP POST containing details of the requested action which the service can approve or reject. (#46388, @lavalamp)
  • iscsi storage plugin: Fix dangling session when using multiple target portal addresses. (#46239, @mtanino)
  • Duplicate recurring Events now include the latest event's Message string (#46034, @kensimon)
  • With --feature-gates=RotateKubeletClientCertificate=true set, the kubelet will (#41912, @jcbsmpsn)
    • request a client certificate from the API server during the boot cycle and pause
    • waiting for the request to be satisfied. It will continually refresh the certificate
    • as the certificates expiration approaches.
  • The Kubernetes API supports retrieving tabular output for API resources via a new mime-type application/json;as=Table;v=v1alpha1;g=meta.k8s.io. The returned object (if the server supports it) will be of type meta.k8s.io/v1alpha1 with Table, and contain column and row information related to the resource. Each row will contain information about the resource - by default it will be the object metadata, but callers can add the ?includeObject=Object query parameter and receive the full object. In the future kubectl will use this to retrieve the results of kubectl get. (#40848, @smarterclayton)
  • This change add nonResourceURL to kubectl auth cani (#46432, @CaoShuFeng)
  • Webhook added to the API server which omits structured audit log events. (#45919, @ericchiang)
  • By default, --low-diskspace-threshold-mb is not set, and --eviction-hard includes "nodefs.available<10%,nodefs.inodesFree<5%" (#46448, @dashpole)
  • kubectl edit and kubectl apply will keep the ordering of elements in merged lists (#45980, @mengqiy)
  • [Federation][kubefed]: Use StorageClassName for etcd pvc (#46323, @marun)
  • Restrict active deadline seconds max allowed value to be maximum uint32 (#46640, @derekwaynecarr)
  • Implement kubectl get controllerrevisions (#46655, @janetkuo)
  • Local storage plugin (#44897, @msau42)
  • With --feature-gates=RotateKubeletServerCertificate=true set, the kubelet will (#45059, @jcbsmpsn)
    • request a server certificate from the API server during the boot cycle and pause
    • waiting for the request to be satisfied. It will continually refresh the certificate as
    • the certificates expiration approaches.
  • Allow PSP's to specify a whitelist of allowed paths for host volume based on path prefixes (#43946, @jhorwit2)
  • Add kubectl config rename-context (#46114, @arthur0)
  • Fix AWS EBS volumes not getting detached from node if routine to verify volumes are attached runs while the node is down (#46463, @wongma7)
  • Move hardPodAffinitySymmetricWeight to scheduler policy config (#44159, @wanghaoran1988)
  • AWS: support node port health check (#43585, @foolusion)
  • Add generic Toleration for NoExecute Taints to NodeProblemDetector (#45883, @gmarek)
  • support replaceKeys patch strategy and directive for strategic merge patch (#44597, @mengqiy)
  • Augment CRI to support retrieving container stats from the runtime. (#45614, @yujuhong)
  • Prevent kubelet from setting allocatable < 0 for a resource upon initial creation. (#46516, @derekwaynecarr)
  • add --non-resource-url to kubectl create clusterrole (#45809, @CaoShuFeng)
  • Add kubectl apply edit-last-applied subcommand (#42256, @shiywang)
  • Adding admissionregistration API group which enables dynamic registration of initializers and external admission webhooks. It is an alpha feature. (#46294, @caesarxuchao)
  • Fix log spam due to unnecessary status update when node is deleted. (#45923, @verult)
  • GCE installs will now avoid IP masquerade for all RFC-1918 IP blocks, rather than just 10.0.0.0/8. This means that clusters can (#46473, @thockin)
    • be created in 192.168.0.0./16 and 172.16.0.0/12 while preserving the container IPs (which would be lost before).
  • set selector and set subject no longer print "running in local/dry-run mode..." at the top, so their output can be piped as valid yaml or json (#46507, @bboreham)
  • ControllerRevision type added for StatefulSet and DaemonSet history. (#45867, @kow3ns)
  • Bump Go version to 1.8.3 (#46429, @wojtek-t)
  • Upgrade Elasticsearch Addon to v5.4.0 (#45589, @it-svit)
  • PodDisruptionBudget now uses ControllerRef to decide which controller owns a given Pod, so it doesn't get confused by controllers with overlapping selectors. (#45003, @krmayankk)
  • aws: Support for ELB tagging by users (#45932, @lpabon)
  • Portworx volume driver no longer has to run on the master. (#45518, @harsh-px)
  • kube-proxy: ratelimit runs of iptables by sync-period flags (#46266, @thockin)
  • Deployments are updated to use (1) a more stable hashing algorithm (fnv) than the previous one (adler) and (2) a hashing collision avoidance mechanism that will ensure new rollouts will not block on hashing collisions anymore. (#44774, @kargakis)
  • The Prometheus metrics for the kube-apiserver for tracking incoming API requests and latencies now return the subresource label for correctly attributing the type of API call. (#46354, @smarterclayton)
  • Add Simplified Chinese translation for kubectl (#45573, @shiywang)
  • The --namespace flag is now honored for in-cluster clients that have an empty configuration. (#46299, @ncdc)
  • Fix init container status reporting when active deadline is exceeded. (#46305, @sjenning)
  • Improves performance of Cinder volume attach/detach operations (#41785, @jamiehannaford)
  • GCE and AWS dynamic provisioners extension: admins can configure zone(s) in which a persistent volume shall be created. (#38505, @pospispa)
  • Break the 'certificatesigningrequests' controller into a 'csrapprover' controller and 'csrsigner' controller. (#45514, @mikedanese)
  • Modifies kubefed to create and the federation controller manager to use credentials associated with a service account rather than the user's credentials. (#42042, @perotinus)
  • Adds a MaxUnavailable field to PodDisruptionBudget (#45587, @foxish)
  • The behavior of some watch calls to the server when filtering on fields was incorrect. If watching objects with a filter, when an update was made that no longer matched the filter a DELETE event was correctly sent. However, the object that was returned by that delete was not the (correct) version before the update, but instead, the newer version. That meant the new object was not matched by the filter. This was a regression from behavior between cached watches on the server side and uncached watches, and thus broke downstream API clients. (#46223, @smarterclayton)
  • vSphere cloud provider: vSphere Storage policy Support for dynamic volume provisioning (#46176, @BaluDontu)
  • Add support for emitting metrics from openstack cloudprovider about storage operations. (#46008, @NickrenREN)
  • 'kubefed init' now supports overriding the default etcd image name with the --etcd-image parameter. (#46247, @marun)
  • remove the elasticsearch template (#45952, @harryge00)
  • Adds the CustomResourceDefinition (crd) types to the kube-apiserver. These are the successors to ThirdPartyResource. See https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/thirdpartyresources.md for more details. (#46055, @deads2k)
  • StatefulSets now include an alpha scaling feature accessible by setting the spec.podManagementPolicy field to Parallel. The controller will not wait for pods to be ready before adding the other pods, and will replace deleted pods as needed. Since parallel scaling creates pods out of order, you cannot depend on predictable membership changes within your set. (#44899, @smarterclayton)
  • fix kubelet event recording for selected events. (#46246, @derekwaynecarr)
  • Moved qos to api.helpers. (#44906, @k82cn)
  • Kubelet PLEG updates the relist timestamp only after successfully relisting. (#45496, @andyxning)
  • OpenAPI spec is now available in protobuf binary and gzip format (with ETag support) (#45836, @mbohlool)
  • Added support to a hierarchy of kubectl plugins (a tree of plugins as children of other plugins). (#45981, @fabianofranz)
    • Added exported env vars to kubectl plugins so that plugin developers have access to global flags, namespace, the plugin descriptor and the full path to the caller binary.
  • Ignored mirror pods in PodPreset admission plugin. (#45958, @k82cn)
  • Don't try to attach volume to new node if it is already attached to another node and the volume does not support multi-attach. (#45346, @codablock)
  • The Calico version included in kube-up for GCE has been updated to v2.2. (#38169, @caseydavenport)
  • Kubelet: Fix image garbage collector attempting to remove in-use images. (#46121, @Random-Liu)
  • Add ip-masq-agent addon to the addons folder which is used in GCE if --non-masquerade-cidr is set to 0/0 (#46038, @dnardo)
  • Fix serialization of EnforceNodeAllocatable (#44606, @ivan4th)
  • Add --write-config-to flag to kube-proxy to allow users to write the default configuration settings to a file. (#45908, @ncdc)
  • The NodeRestriction admission plugin limits the Node and Pod objects a kubelet can modify. In order to be limited by this admission plugin, kubelets must use credentials in the system:nodes group, with a username in the form system:node:<nodeName>. Such kubelets will only be allowed to modify their own Node API object, and only modify Pod API objects that are bound to their node. (#45929, @liggitt)
  • vSphere cloud provider: Report same Node IP as both internal and external. (#45201, @abrarshivani)
  • The options passed to a flexvolume plugin's mount command now contains the pod name (kubernetes.io/pod.name), namespace (kubernetes.io/pod.namespace), uid (kubernetes.io/pod.uid), and service account name (kubernetes.io/serviceAccount.name). (#39488, @liggitt)

v1.7.0-alpha.4

Documentation & Examples

Downloads for v1.7.0-alpha.4

filename sha256 hash
kubernetes.tar.gz 14ef2ce3c9348dce7e83aeb167be324da93b90dbb8016f2aecb097c982abf790
kubernetes-src.tar.gz faef422988e805a3970985eabff03ed88cfb95ad0d2223abe03011145016e5d0

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 077dc5637f42a35c316a5e1c3a38e09625971894a186dd7b1e60408c9a0ac4b8
kubernetes-client-darwin-amd64.tar.gz 8e43eb7d1969e82eeb17973e4f09e9fe44ff3430cd2c35170d72a631c460deeb
kubernetes-client-linux-386.tar.gz 6ddfdbcb25243901c965b1e009e26a90b1fd08d6483906e1235ef380f6f93c97
kubernetes-client-linux-amd64.tar.gz 3e7cdd8e0e4d67ff2a0ee2548a4c48a433f84a25384ee9d22c06f4eb2e6db6d7
kubernetes-client-linux-arm64.tar.gz 3970c88d2c36fcb43a64d4e889a3eb2cc298e893f6084b9a3c902879d777487d
kubernetes-client-linux-arm.tar.gz 156909c55feb06036afff72aa180bd20c14758690cd04c7d8867f49c968e6372
kubernetes-client-linux-ppc64le.tar.gz 601fe881a131ce7868fdecfb1439da94ab5a1f1d3700efe4b8319617ceb23d4e
kubernetes-client-linux-s390x.tar.gz 2ed3e74e6a972d9ed5b2206fa5e811663497082384f488eada9901e9a99929c7
kubernetes-client-windows-386.tar.gz 1aba520fe0bf620f0e77f697194dfd5e336e4a97e2af01f8b94b0f03dbb6299c
kubernetes-client-windows-amd64.tar.gz aaf4a42549ea1113915649e636612ea738ead383140d92944c80f3c0d5df8161

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 1389c798e7805ec26826c0d3b17ab0d4bd51e0db21cf2f5d4bda5e2b530a6bf1
kubernetes-server-linux-arm64.tar.gz ccb99da4b069e63695b3b1d8add9a173e21a0bcaf03d031014460092ec726fb4
kubernetes-server-linux-arm.tar.gz 6eb3fe27e5017ed834a309cba21342a8c1443486a75ec87611fa66649dd5926a
kubernetes-server-linux-ppc64le.tar.gz 9b5030b0205ccccfd08b832eec917853fee8bcd34b04033ba35f17698be4a32f
kubernetes-server-linux-s390x.tar.gz 36b692c221005b52c2a243ddfc16e41a7b157e10fee8662bcd8270280b3f0927

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz bba76ad441716f938df0fd8c23c48588d1f80603e39dcca1a29c8b3bbe8c1658
kubernetes-node-linux-arm64.tar.gz e3e729847a13fd41ee7f969aabb14d3a0f6f8523f6f079f77a618bf5d781fb9c
kubernetes-node-linux-arm.tar.gz 520f98f244dd35bb0d96072003548f8b3aacc1e7beb31b5bc527416f07af9d32
kubernetes-node-linux-ppc64le.tar.gz 686490ba55ea8c7569b3b506f898315c8b1b243de23733e0cd537e2db8e067cb
kubernetes-node-linux-s390x.tar.gz a36bb76b390007b271868987739c550c8ac4e856f218f67f2fd780309a2a522e
kubernetes-node-windows-amd64.tar.gz e78c5a32584d96ec177e38b445c053e40c358e0549b925981c118f4c23578261

Changelog since v1.7.0-alpha.3

Action Required

  • kubectl create role and kubectl create clusterrole no longer allow specifying multiple resource names as comma-separated arguments. Use repeated --resource-name arguments to specify multiple resource names. (#44950, @xilabao)

Other notable changes

  • avoid concrete examples for missingResourceError (#45582, @CaoShuFeng)
  • Fix DNS suffix search list support in Windows kube-proxy. (#45642, @JiangtianLi)
  • Fix the bug where StartedAt time is not reported for exited containers. (#45977, @yujuhong)
  • Update Dashboard version to 1.6.1 (#45953, @maciaszczykm)
  • Examples: fixed cassandra mirror detection that assumes an FTP site will always be presented (#45965, @pompomJuice)
  • Removes the deprecated kubelet flag --babysit-daemons (#44230, @mtaufen)
  • [Federation] Automate configuring nameserver in cluster-dns for CoreDNS provider (#42895, @shashidharatd)
  • Add an AEAD encrypting transformer for storing secrets encrypted at rest (#41939, @smarterclayton)
  • Update Minio example (#45444, @NitishT)
  • [Federation] Segregate DNS related code to separate controller (#45034, @shashidharatd)
  • API Registration is now in beta. (#45247, @mbohlool)
  • Allow kcm and scheduler to lock on ConfigMaps. (#45739, @timothysc)
  • kubelet config should actually ignore files starting with dots (#45111, @dwradcliffe)
  • Fix lint failures on kubernetes-e2e charm (#45832, @Cynerva)
  • Mirror pods must now indicate the nodeName they are bound to on creation. The mirror pod annotation is now treated as immutable and cannot be added to an existing pod, removed from a pod, or modified. (#45775, @liggitt)
  • Updating apiserver to return UID of the deleted resource. Clients can use this UID to verify that the resource was deleted or waiting for finalizers. (#45600, @nikhiljindal)
  • OwnerReferencesPermissionEnforcement admission plugin ignores pods/status. (#45747, @derekwaynecarr)
  • prevent pods/status from touching ownerreferences (#45826, @deads2k)
  • Fix lint errors in juju kubernetes master and e2e charms (#45494, @ktsakalozos)
  • Ensure that autoscaling/v1 is the preferred version for API discovery when autoscaling/v2alpha1 is enabled. (#45741, @DirectXMan12)
  • Promotes Source IP preservation for Virtual IPs to GA. (#41162, @MrHohn)
    • Two api fields are defined correspondingly:
      • Service.Spec.ExternalTrafficPolicy <- 'service.beta.kubernetes.io/external-traffic' annotation.
      • Service.Spec.HealthCheckNodePort <- 'service.beta.kubernetes.io/healthcheck-nodeport' annotation.
  • Fix pods failing to start if they specify a file as a volume subPath to mount. (#45623, @wongma7)
  • the resource quota controller was not adding quota to be resynced at proper interval (#45685, @derekwaynecarr)
  • Marks the Kubelet's --master-service-namespace flag deprecated (#44250, @mtaufen)
  • fluentd will tolerate all NoExecute Taints when run in gcp configuration. (#45715, @gmarek)
  • Added Group/Version/Kind and Action extension to OpenAPI Operations (#44787, @mbohlool)
  • Updates kube-dns to 1.14.2 (#45684, @bowei)
      • Support kube-master-url flag without kubeconfig
      • Fix concurrent R/Ws in dns.go
      • Fix confusing logging when initialize server
      • Fix printf in cmd/kube-dns/app/server.go
      • Fix version on startup and --version flag
      • Support specifying port number for nameserver in stubDomains
  • detach the volume when pod is terminated (#45286, @gnufied)
  • Don't append :443 to registry domain in the kubernetes-worker layer registry action (#45550, @jacekn)
  • vSphere cloud provider: Fix volume detach on node failure. (#45569, @divyenpatel)
  • Remove the deprecated --enable-cri flag. CRI is now the default, (#45194, @yujuhong)
    • and the only way to integrate with kubelet for the container runtimes.
  • AWS: Remove check that forces loadBalancerSourceRanges to be 0.0.0.0/0. (#38636, @dhawal55)
  • Fix erroneous FailedSync and FailedMount events being periodically and indefinitely posted on Pods after kubelet is restarted (#44781, @wongma7)
  • Kubernetes now shares a single PID namespace among all containers in a pod when running with docker >= 1.13.1. This means processes can now signal processes in other containers in a pod, but it also means that the kubectl exec {pod} kill 1 pattern will cause the pod to be restarted rather than a single container. (#45236, @verb)
  • azure: add support for UDP ports (#45523, @colemickens)
    • azure: fix support for multiple loadBalancerSourceRanges
    • azure: support the Service spec's sessionAffinity
  • The fix makes scheduling go routine waiting for cache (e.g. Pod) to be synced. (#45453, @k82cn)
  • vSphere cloud provider: Filter out IPV6 node addresses. (#45181, @BaluDontu)
  • Default behaviour in cinder storageclass is changed. If availability is not specified, the zone is chosen by algorithm. It makes possible to spread stateful pods across many zones. (#44798, @zetaab)
  • A small clean up to remove unnecessary functions. (#45018, @ravisantoshgudimetla)
  • Removed old scheduler constructor. (#45472, @k82cn)
  • vSphere cloud provider: Fix fetching of VM UUID on Ubuntu 16.04 and Fedora. (#45311, @divyenpatel)
  • This fixes the overflow for priorityconfig- valid range {1, 9223372036854775806}. (#45122, @ravisantoshgudimetla)
  • Bump cluster autoscaler to v0.5.4, which fixes scale down issues with pods ignoring SIGTERM. (#45483, @mwielgus)
  • Create clusters with GPUs in GKE by specifying "type=,count=" to NODE_ACCELERATORS env var. (#45130, @vishh)
  • Remove deprecated node address type NodeLegacyHostIP. (#44830, @NickrenREN)
  • UIDs and GIDs now use apimachinery types (#44714, @jamiehannaford)
  • Enable basic auth username rotation for GCI (#44590, @ihmccreery)
  • Kubectl taint node based on label selector (#44740, @ravisantoshgudimetla)
  • Scheduler perf modular extensions. (#44770, @ravisantoshgudimetla)

v1.7.0-alpha.3

Documentation & Examples

Downloads for v1.7.0-alpha.3

filename sha256 hash
kubernetes.tar.gz 03437cacddd91bb7dc21960c960d673ceb99b53040860638aa1d1fbde6d59fb5
kubernetes-src.tar.gz 190441318abddb44cfcbaec2f1b91d1a76167b91165ce5ae0d1a99c1130a2a36

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 1c3dcc57e014b15395a140eeeb285e38cf5510939b4113d053006d57d8e13087
kubernetes-client-darwin-amd64.tar.gz c33d893f67d8ac90834c36284ef88c529c43662c7179e2a9e4b17671c057400b
kubernetes-client-linux-386.tar.gz 5f3e44b8450db4f93a7ea1f366259c6333007a4536cb242212837bb241c3bbef
kubernetes-client-linux-amd64.tar.gz 85ac41dd849f3f9e033d4e123f79c4bd5d7b43bdd877d57dfc8fd2cadcef94be
kubernetes-client-linux-arm64.tar.gz f693032dde194de67900fe8cc5252959d70992b89a24ea43e11e9949835df5db
kubernetes-client-linux-arm.tar.gz 22fa2d2a77310acac1b08a7091929b03977afb2e4a246b054d38b3da15b84e33
kubernetes-client-linux-ppc64le.tar.gz 8717e6042a79f6a79f4527370adb1bbc903b0b9930c6aeee0174687b7443f9d4
kubernetes-client-linux-s390x.tar.gz 161c1da92b681decfb9800854bf3b9ff0110ba75c11008a784b891f3a57b032d
kubernetes-client-windows-386.tar.gz 19f5898a1fdef8c4caf27c6c2b79b0e085127b1d209f57361bce52ca8080842d
kubernetes-client-windows-amd64.tar.gz ff79c61efa87af3eeb7357740a495997d223d256b2e54c139572154e113dc247

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 13677b0400758f0d74087768be7abf3fd7bd927f0b874b8d6becc11394cdec2c
kubernetes-server-linux-arm64.tar.gz 0a2df3a6ebe157aa8a7e89bd8805dbad3623e122cc0f3614bfcb4ad528bd6ab1
kubernetes-server-linux-arm.tar.gz 76611e01de80c07ec954c91612a550063b9efc0c223e5dd638d71f4a3f3d9430
kubernetes-server-linux-ppc64le.tar.gz 2fe29a5871afe693f020e9642e6bc664c497e71598b70673d4f2c4523f57e28b
kubernetes-server-linux-s390x.tar.gz 33a1eb93a5d7004987de38ef54e888f0593e31cf9250be3e25118a1d1b474c07

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz de369ca9e5207fb67b26788b41cee1c75935baae348fedc1adf9dbae8c066e7d
kubernetes-node-linux-arm64.tar.gz 21839fe6c2a3fd3c165dea6ddbacdec008cdd154c9704866d13ac4dfb14ad7ae
kubernetes-node-linux-arm.tar.gz 2326a074f7c9ba205d996f4f42b8f511c33d909aefd3ea329cc579c4c14b5300
kubernetes-node-linux-ppc64le.tar.gz 58a3aeb5d55d040fd3133dbaa26eb966057ed2b35a5e0522ce8c1ebf4e9b2364
kubernetes-node-linux-s390x.tar.gz 2c231a8357d891012574b522ee7fa5e25c6b62b6d888d9bbbb195950cbe18536
kubernetes-node-windows-amd64.tar.gz 870bb1ab53a3f2bb5a3c068b425cd6330e71c86dc2ab899c79f733b63ddb51c5

Changelog since v1.7.0-alpha.2

Action Required

Other notable changes

  • kubeadm: Fix invalid assign statement so it is possible to register the master kubelet with other initial Taints (#45376, @luxas)
  • Use Docker API Version instead of docker version (#44068, @mkumatag)
  • bump(golang.org/x/oauth2): a6bd8cefa1811bd24b86f8902872e4e8225f74c4 (#45056, @ericchiang)
  • apimachinery: make explicit that meta.KindToResource is only a guess (#45272, @sttts)
  • Remove PodSandboxStatus.Linux.Namespaces.Network from CRI. (#45166, @feiskyer)
  • Fixed misspelled http URL in the cluster-dns example (#45246, @psiwczak)
  • separate discovery from the apiserver (#43003, @deads2k)
  • Remove the --secret-name flag from kubefed join, instead generating the secret name arbitrarily. (#42513, @perotinus)
  • Added InterPodAffinity unit test case with Namespace. (#45152, @k82cn)
  • Use munged semantic version for side-loaded docker tag (#44981, @ixdy)
  • Increase Dashboard's memory requests and limits (#44712, @maciaszczykm)
  • PodSpec's HostAliases now write entries into the Kubernetes-managed hosts file. (#45148, @rickypai)
  • Create and push a docker image for the cloud-controller-manager (#45154, @luxas)
  • Align Extender's validation with prioritizers. (#45091, @k82cn)
  • Retry calls we report config changes quickly. (#44959, @ktsakalozos)
  • A new field hostAliases has been added to pod.spec to support adding entries to a Pod's /etc/hosts file. (#44641, @rickypai)
  • Added CIFS PV support for Juju Charms (#45117, @chuckbutler)
  • Some container runtimes share a process (PID) namespace for all containers in a pod. This will become the default for Docker in a future release of Kubernetes. You can preview this functionality if running with the CRI and Docker 1.13.1 by enabling the --experimental-docker-enable-shared-pid kubelet flag. (#41583, @verb)
  • add APIService conditions (#43301, @deads2k)
  • Log warning when invalid dir passed to kubectl proxy --www (#44952, @CaoShuFeng)
  • Roll up volume error messages in the kubelet sync loop. (#44938, @jayunit100)
  • Introduces the ability to extend kubectl by adding third-party plugins. Developer preview, please refer to the documentation for instructions about how to use it. (#37499, @fabianofranz)
  • Fixes juju kubernetes master: 1. Get certs from a dead leader. 2. Append tokens. (#43620, @ktsakalozos)
  • Use correct option name in the kubernetes-worker layer registry action (#44921, @jacekn)
  • Start recording cloud provider metrics for AWS (#43477, @gnufied)
  • Bump GLBC version to 0.9.3 (#45055, @nicksardo)
  • Add metrics to all major gce operations {latency, errors} (#44510, @bowei)
    • The new metrics are:

    • cloudprovider_gce_api_request_duration_seconds{request, region, zone}

    • cloudprovider_gce_api_request_errors{request, region, zone}

    • request is the specific function that is used.

    • region is the target region (Will be "<n/a>" if not applicable)

    • zone is the target zone (Will be "<n/a>" if not applicable)

    • Note: this fixes some issues with the previous implementation of

    • metrics for disks:

      • Time duration tracked was of the initial API call, not the entire
    • operation.

      • Metrics label tuple would have resulted in many independent
    • histograms stored, one for each disk. (Did not aggregate well).

  • Update kubernetes-e2e charm to use snaps (#45044, @Cynerva)
  • Log the error (if any) in e2e metrics gathering step (#45039, @shyamjvs)
  • The proxy subresource APIs for nodes, services, and pods now support the HTTP PATCH method. (#44929, @liggitt)
  • cluster-autoscaler: Fix duplicate writing of logs. (#45017, @MaciekPytel)
  • CRI: Fix StopContainer timeout (#44970, @Random-Liu)
  • Fixes a bug where pods were evicted even after images are successfully deleted. (#44986, @dashpole)
  • Fix some false negatives in detection of meaningful conflicts during strategic merge patch with maps and lists. (#43469, @enisoc)
  • kubernetes-master juju charm properly detects etcd-scale events and reconfigures appropriately. (#44967, @chuckbutler)
  • Add redirect support to SpdyRoundTripper (#44451, @ncdc)
  • Support running Ubuntu image on GCE node (#44744, @yguo0905)
  • Send dns details only after cdk-addons are configured (#44945, @ktsakalozos)
  • Added support to the pause action in the kubernetes-worker charm for new flag --delete-local-data (#44931, @chuckbutler)
  • Upgrade go version to v1.8 (#41636, @luxas)
  • Add namespace-{list, create, delete} actions to the kubernetes-master layer (#44277, @jacekn)
  • Fix problems with scaling up the cluster when unschedulable pods have some persistent volume claims. (#44860, @mwielgus)
  • Feature/hpa upscale downscale delay configurable (#42101, @Dmitry1987)
  • Add short name "netpol" for networkpolicies (#42241, @xiangpengzhao)
  • Restored the ability of kubectl running inside a pod to consume resource files specifying a different namespace than the one the pod is running in. (#44862, @liggitt)
  • e2e: handle nil ReplicaSet in checkDeploymentRevision (#44859, @sttts)
  • Fix false positive "meaningful conflict" detection for strategic merge patch with integer values. (#44788, @enisoc)
  • Documented NodePort networking for CDK. (#44863, @chuckbutler)
  • Deployments and DaemonSets are now considered complete once all of the new pods are up and running - affects kubectl rollout status (and ProgressDeadlineSeconds for Deployments) (#44672, @kargakis)
  • Exclude nodes labeled as master from LoadBalancer / NodePort; restores documented behaviour. (#44745, @justinsb)
  • Fixes issue during LB creation where ports where incorrectly assigned to a floating IP (#44387, @jamiehannaford)
  • Remove redis-proxy.yaml sample, as the image is nowhere to be found. (#44801, @klausenbusk)
  • Resolves juju vsphere hostname bug showing only a single node in a scaled node-pool. (#44780, @chuckbutler)
  • kubectl commands run inside a pod using a kubeconfig file now use the namespace specified in the kubeconfig file, instead of using the pod namespace. If no kubeconfig file is used, or the kubeconfig does not specify a namespace, the pod namespace is still used as a fallback. (#44570, @liggitt)
  • This adds support for CNI ConfigLists, which permit plugin chaining. (#42202, @squeed)
  • API requests using impersonation now include the system:authenticated group in the impersonated user automatically. (#44076, @liggitt)
  • Print conditions of RC/RS in 'kubectl describe' command. (#44710, @xiangpengzhao)
  • cinder: Add support for the KVM virtio-scsi driver (#41498, @mikebryant)
  • Disallows installation of upstream docker from PPA in the Juju kubernetes-worker charm. (#44681, @wwwtyro)
  • Fluentd manifest pod is no longer created on non-registered master when creating clusters using kube-up.sh. (#44721, @piosz)
  • Job controller now respects ControllerRef to avoid fighting over Pods. (#42176, @enisoc)
  • CronJob controller now respects ControllerRef to avoid fighting with other controllers. (#42177, @enisoc)
  • The hyperkube image has been slimmed down and no longer includes addon manifests and other various scripts. These were introduced for the now removed docker-multinode setup system. (#44555, @luxas)
  • Refactoring reorganize taints function in kubectl to expose operations (#43171, @ravisantoshgudimetla)
  • The Kubernetes API server now exits if it encounters a networking failure (e.g. the networking interface hosting its address goes away) to allow a process manager (systemd/kubelet/etc) to react to the problem. Previously the server would log the failure and try again to bind to its configured address:port. (#42272, @marun)
  • Fixes a bug in the kubernetes-worker Juju charm code that attempted to give kube-proxy more than one api endpoint. (#44677, @wwwtyro)
  • Fixes a missing comma in a list of strings. (#44678, @wwwtyro)
  • Fix ceph-secret type to kubernetes.io/rbd in kubernetes-master charm (#44635, @Cynerva)

v1.7.0-alpha.2

Documentation & Examples

Downloads for v1.7.0-alpha.2

filename sha256 hash
kubernetes.tar.gz d60465c07b8aa4b5bc8e3de98769d72d22985489e5cdfd1a3165e36c755d6c3b
kubernetes-src.tar.gz b0b388571225e37a5b9bca6624a92e69273af907cdb300a6d0ac6a0d0d364bd4

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 55b04bc43c45bd93cf30174036ad64109ca1070ab3b331882e956f483dac2b6a
kubernetes-client-darwin-amd64.tar.gz d61c055ca90aacb6feb10f45feaaf11f188052598cfef79f4930358bb37e09ad
kubernetes-client-linux-386.tar.gz e10ce9339ee6158759675bfb002409fa7f70c701aa5a8a5ac97abc56742561b7
kubernetes-client-linux-amd64.tar.gz b9cb60ba71dfa144ed1e6f2116afd078782372d427912838c56f3b77a74afda0
kubernetes-client-linux-arm64.tar.gz bc0446c484dba91d8f1e32c0175b81dca5c6ff0ac9f5dd3f69cff529afb83aff
kubernetes-client-linux-arm.tar.gz f794765ca98a2c0611fda32756250eff743c25b66cd4d973fc5720a55771c1c6
kubernetes-client-linux-ppc64le.tar.gz 216cb6e96ba6af5ae259c069576fcd873c48a8a4e8918f5e08ac13427fbefd57
kubernetes-client-linux-s390x.tar.gz fb7903d028744fdfe3119ade6b2ee71532e3d69a82bd5834206fe84e50821253
kubernetes-client-windows-386.tar.gz 6bdfbd12361f814c86f268dcc807314f322efe9390ca2d91087e617814e91684
kubernetes-client-windows-amd64.tar.gz fd26fc5f0e967b9f6ab18bc28893f2037712891179ddb67b035434c94612f7e3

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz e14c0748789f6a1c3840ab05d0ad5b796a0f03722ee923f8208740f702c0bc19
kubernetes-server-linux-arm64.tar.gz 270e0a6fcc0a2f38c8c6e8929a4a593535014bde88f69479a52c5b625bca435c
kubernetes-server-linux-arm.tar.gz 0bd58c2f8d8b6e8110354ccd71eb97eb873aca7b074ce9f83dab4f62a696e964
kubernetes-server-linux-ppc64le.tar.gz 57a4a5dcdb573fb6dc08dbd53d0f196c66d245fa2159a92bf8da0d29128e486d
kubernetes-server-linux-s390x.tar.gz 404c8dcc300281f5588e6f4dd15e3c41f858c6597e37a817913112d545a7f736

Changelog since v1.7.0-alpha.1

Action Required

  • kubectl create rolebinding and kubectl create clusterrolebinding no longer allow specifying multiple subjects as comma-separated arguments. Use repeated --user, --group, or --serviceaccount arguments to specify multiple subjects. (#43903, @xilabao)

Other notable changes

  • Add support for Azure internal load balancer (#43510, @karataliu)
  • Improved output on 'kubectl get' and 'kubectl describe' for generic objects. (#44222, @fabianofranz)
  • Add Kubernetes 1.6 support to Juju charms (#44500, @Cynerva)
    • Add metric collection to charms for autoscaling
    • Update kubernetes-e2e charm to fail when test suite fails
    • Update Juju charms to use snaps
    • Add registry action to the kubernetes-worker charm
    • Add support for kube-proxy cluster-cidr option to kubernetes-worker charm
    • Fix kubernetes-master charm starting services before TLS certs are saved
    • Fix kubernetes-worker charm failures in LXD
    • Fix stop hook failure on kubernetes-worker charm
    • Fix handling of juju kubernetes-worker.restart-needed state
    • Fix nagios checks in charms
  • Users can now specify listen and advertise URLs for etcd in a kubeadm cluster (#42246, @jamiehannaford)
  • Fixed kubectl cluster-info dump to support multi-container pod. (#44088, @xingzhou)
  • Prints out status updates when running kubefed init (#41849, @perotinus)
  • CRI: Fix kubelet failing to start when using rkt. (#44569, @yujuhong)
  • Remove deprecatedPublicIPs field (#44519, @thockin)
  • Remove deprecated ubuntu kube-up deployment. (#44344, @mikedanese)
  • Use OS-specific libs when computing client User-Agent in kubectl, etc. (#44423, @monopole)
  • kube-apiserver now drops unneeded path information if an older version of Windows kubectl sends it. (#44421, @mml)
  • Extending the gc admission plugin so that a user who doesn't have delete permission of the owner cannot modify blockOwnerDeletion field of existing ownerReferences, or add new ownerReference with blockOwnerDeletion=true (#43876, @caesarxuchao)
  • kube-apiserver: --service-account-lookup now defaults to true, requiring the Secret API object containing the token to exist in order for a service account token to be valid. This enables service account tokens to be revoked by deleting the Secret object containing the token. (#44071, @liggitt)
  • CRI: kubectl logs -f now stops following when container stops, as it did pre-CRI. (#44406, @Random-Liu)
  • Add completion support for --namespace and --cluster to kubectl (#44251, @superbrothers)
  • dnsprovider: avoid panic if route53 fields are nil (#44380, @justinsb)
  • In 'kubectl describe', find controllers with ControllerRef, instead of showing the original creator. (#42849, @janetkuo)
  • Heat cluster operations now support environments that have multiple Swift URLs (#41561, @jamiehannaford)
  • Adds support for allocation of pod IPs via IP aliases. (#42147, @bowei)
  • alpha volume provisioning is removed and default storage class should be used instead. (#44090, @NickrenREN)
  • validateClusterInfo: use clientcmdapi.NewCluster() (#44221, @ncdc)
  • Fix corner-case with OnlyLocal Service healthchecks. (#44313, @thockin)
  • Adds annotations to all Federation objects created by kubefed. (#42683, @perotinus)
  • [Federation][Kubefed] Bug fix to enable disabling federation controllers through override args (#44209, @irfanurrehman)
  • [Federation] Remove deprecated federation-apiserver-kubeconfig secret (#44287, @shashidharatd)
  • Scheduler can receive its policy configuration from a ConfigMap (#43892, @bsalamat)
  • AWS cloud provider: fix support running the master with a different AWS account or even on a different cloud provider than the nodes. (#44235, @mrIncompetent)
  • add rancher credential provider (#40160, @wlan0)
  • Support generating Open API extensions for strategic merge patch tags in go struct tags (#44121, @mbohlool)
  • Use go1.8.1 for arm and ppc64le (#44216, @mkumatag)
  • Aggregated used ports at the NodeInfo level for PodFitsHostPorts predicate. (#42524, @k82cn)
  • Catch error when failed to make directory in NFS volume plugin (#38801, @nak3)
  • Support iSCSI CHAP authentication (#43396, @rootfs)
  • Support context completion for kubectl config use-context (#42336, @superbrothers)
  • print warning when delete current context (#42538, @adohe)
  • Add node e2e tests for hostPid (#44119, @feiskyer)
  • kubeadm: Make kubeadm reset tolerant of a disabled docker service. (#43951, @luxas)
  • kubelet: make dockershim.sock configurable (#43914, @ncdc)
  • Fix broken service accounts when using dedicated service account key. (#44169, @mikedanese)
  • Fix incorrect conflict errors applying strategic merge patches to resources. (#43871, @liggitt)
  • Fix transition between NotReady and Unreachable taints. (#44042, @gmarek)
  • leader election lock based on scheduler name (#42961, @wanghaoran1988)
  • [Federation] Remove FEDERATIONS_DOMAIN_MAP references (#43137, @shashidharatd)
  • Fix for federation failing to propagate cascading deletion. (#44108, @csbell)
  • Fix bug with service nodeports that have no backends not being rejected, when they should be. This is not a regression vs v1.5 - it's a fix that didn't quite fix hard enough. (#43972, @thockin)
  • Fix for failure to delete federation controllers with finalizers. (#44084, @nikhiljindal)
  • Fix container hostPid settings. (#44097, @feiskyer)
  • Fixed an issue mounting the wrong secret into pods as a service account token. (#44102, @ncdc)

v1.7.0-alpha.1

Documentation & Examples

Downloads for v1.7.0-alpha.1

filename sha256 hash
kubernetes.tar.gz a8430f678ae5abb16909183bb6472d49084b26c2990854dac73f55be69941435
kubernetes-src.tar.gz 09792d0b31c3c0f085f54a62c0d151029026cee3c57ac8c3456751ef2243967f

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 115543a5ec55f9039136e0ecfd90d6510b146075d13987fad9c03db3761fbac6
kubernetes-client-darwin-amd64.tar.gz 91b7cc89386041125af2ecafd3c6e73197f0b7af3ec817d9aed4822e1543eee9
kubernetes-client-linux-386.tar.gz 7a77bfec2873907ad1f955e33414a9afa029d37d90849bf652e7bab1f2c668ed
kubernetes-client-linux-amd64.tar.gz 674d1a839869ac308f3a273ab41be42dab8b52e96526effdbd268255ab6ad4c1
kubernetes-client-linux-arm64.tar.gz 4b0164b0474987df5829dcd88c0cdf2d16dbcba30a03cd0ad5ca860d6b4a2f3f
kubernetes-client-linux-arm.tar.gz cb5a941c3e61465eab544c7b23acd4be6969d74ac23bd9370aa3f9dfc24f2b42
kubernetes-client-linux-ppc64le.tar.gz d583aff4c86de142b5e6e23cd5c8eb9617fea6574acede9fa2420169405429c6
kubernetes-client-linux-s390x.tar.gz ab14c4806b4e9c7a41993924467969886e1288216d80d2d077a2c35f26fc8cc5
kubernetes-client-windows-386.tar.gz 0af3f9d1193d9ea49bb4e1cb46142b846b70ceb49ab47ad6fc2497a0dc88395d
kubernetes-client-windows-amd64.tar.gz 12a9dffda6ba8916149b681f49af506790be97275fe6fc16552ac765aef20a99

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz d6b4c285a89172692e4ba82b777cc9df5b2f5061caa0a9cef6add246a848eeb9
kubernetes-server-linux-arm64.tar.gz e73fb04d4ff692f19de09cfc3cfa17014e23df4150b26c20c3329f688c164358
kubernetes-server-linux-arm.tar.gz 98763b72ba6652abfd5b671981506f8c35ab522d34af34636e5095413769eeb5
kubernetes-server-linux-ppc64le.tar.gz b39dbb0dc96dcdf1ec4cbd5788e00e46c0d11efb42c6dbdec64758aa8aa9d8e5
kubernetes-server-linux-s390x.tar.gz c0171e2f22c4e51f25185e71387301ad2c0ade90139fe96dec1c2f999de71716

Changelog since v1.6.0

Other notable changes

  • Juju: Enable GPU mode if GPU hardware detected (#43467, @tvansteenburgh)
  • Check the error before parsing the apiversion (#44047, @yujuhong)
  • get-kube-local.sh checks pods with option "--namespace=kube-system" (#42518, @mtanino)
  • Using http2 in kubeapi-load-balancer to fix kubectl exec uses (#43625, @mbruzek)
  • Support status.hostIP in downward API (#42717, @andrewsykim)
  • AWS cloud provider: allow to set KubernetesClusterID or KubernetesClusterTag in combination with VPC. (#42512, @scheeles)
  • changed kubelet default image-gc-high-threshold to 85% to resolve a conflict with default settings in docker that prevented image garbage collection from resolving low disk space situations when using devicemapper storage. (#40432, @sjenning)
  • When creating a container using envFrom, (#42083, @fraenkel)
      1. validate the name of the ConfigMap in a ConfigMapRef
      1. validate the name of the Secret in a SecretRef
  • RBAC role and rolebinding auto-reconciliation is now performed only when the RBAC authorization mode is enabled. (#43813, @liggitt)
  • Permission to use a PodSecurityPolicy can now be granted within a single namespace by allowing the use verb on the podsecuritypolicies resource within the namespace. (#42360, @liggitt)
  • Enable audit log in local cluster (#42379, @xilabao)
  • Fix a deadlock in kubeadm master initialization. (#43835, @mikedanese)
  • Implement API usage metrics for gce storage (#40338, @gnufied)
  • kubeadm: clean up exited containers and network checkpoints (#43836, @yujuhong)
  • ActiveDeadlineSeconds is validated in workload controllers now, make sure it's not set anywhere (it shouldn't be set by default and having it set means your controller will restart the Pods at some point) (#38741, @sandflee)
  • azure: all clients poll duration is now 5 seconds (#43699, @colemickens)
  • addressing issue #39427 adding a flag --output to 'kubectl version' (#39858, @alejandroEsc)
  • Support secure etcd cluster for centos provider. (#42994, @Shawyeok)
  • Use Cluster Autoscaler 0.5.1, which fixes an issue in Cluster Autoscaler 0.5 where the cluster may be scaled up unnecessarily. Also the status of Cluster Autoscaler is now exposed in kube-system/cluster-autoscaler-status config map. (#43745, @mwielgus)
  • Use ProviderID to address nodes in the cloudprovider (#42604, @wlan0)
  • Openstack cinder v1/v2/auto API support (#40423, @mkutsevol)
  • API resource discovery now includes the singularName used to refer to the resource. (#43312, @deads2k)
  • Add the ability to lock on ConfigMaps to support HA for self hosted components (#42666, @timothysc)
  • OpenStack clusters can now specify whether worker nodes are assigned a floating IP (#42638, @jamiehannaford)
  • Add Host field to TCPSocketAction (#42902, @louyihua)
  • Support StorageClass in Azure file volume (#42170, @rootfs)
  • Be able to specify the timeout to wait for pod for kubectl logs/attach (#41813, @shiywang)
  • Add support for bring-your-own ip address for Services on Azure (#42034, @brendandburns)
  • kubectl create configmap has a new option --from-env-file that populates a configmap from file which follows a key=val format for each line. (#38882, @fraenkel)
  • kubectl create secret has a new option --from-env-file that populates a secret from file which follows a key=val format for each line.
  • update the signing key for percona debian and ubuntu packages (#41186, @dixudx)
  • fc: Drop multipath.conf snippet (#36698, @fabiand)

Please see the Releases Page for older releases.

Release notes of older releases can be found in: