Skip to content

Latest commit

 

History

History
258 lines (239 loc) · 39 KB

CHANGELOG-1.12.md

File metadata and controls

258 lines (239 loc) · 39 KB
Raw

v1.12.0-alpha.1

Documentation & Examples

Downloads for v1.12.0-alpha.1

filename sha256 hash
kubernetes.tar.gz 603345769f5e2306e5c22db928aa1cbedc6af63f387ab7a8818cb0111292133f
kubernetes-src.tar.gz f8fb4610cee20195381e54bfd163fbaeae228d68986817b685948b8957f324d0

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz e081c275601bcaa45d906a976d35902256f836bb60caa738a2fd8719ff3e1048
kubernetes-client-darwin-amd64.tar.gz 2dd222a267ac247dce4dfc52aff313f20c427b4351f7410aadebe8569ede3139
kubernetes-client-linux-386.tar.gz 46b16d6b0429163da67b06242772c3c6c5ab9da6deda5306e63d21be04b4811d
kubernetes-client-linux-amd64.tar.gz 8b8bf0a8a4568559d3762a72c1095ab37785fc8bbbb290aaff3a34341a24d7eb
kubernetes-client-linux-arm.tar.gz d71dc60e087746b2832e66170053816dc8ed42e95efe0769ed926a6e044175ef
kubernetes-client-linux-arm64.tar.gz e9091bbfb997d1603dfd17ba9f145ca7dacf304f04d10230e056f8a12ce44445
kubernetes-client-linux-ppc64le.tar.gz fc6c0985ccbd806add497f2557000f7e90f3176427250e019a40e8acf7c42282
kubernetes-client-linux-s390x.tar.gz b8c64b318d702f6e8be76330fd5da9b87e2e4e31e904ea7e00c0cd6412ab2bcf
kubernetes-client-windows-386.tar.gz cb96e353eb5d400756a93c8d16321d0fac87d6a4f8ad89fda42858f8e4d85e9d
kubernetes-client-windows-amd64.tar.gz 003284f983cafc6fd0ce1205c03d47e638a999def1ef4e1e77bfb9149e5f598b

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz d9c282cd02c8c3fdbeb2f46abd0ddd257a8449e94be3beed2514c6e30a335a87
kubernetes-server-linux-arm.tar.gz 613390ba73f4236feb10bb4f70cbf96e504cf8d598da0180efc887d316b8bc5e
kubernetes-server-linux-arm64.tar.gz 1dd417f59d17c3583c6b4a3989d24c57e4989eb7b6ab9f2aa10c4cbf9bf5c11b
kubernetes-server-linux-ppc64le.tar.gz 44e9e6424ed3a5a91f5adefa456b2b71c0c5d3b01be9f60f5c8c0f958815ffc1
kubernetes-server-linux-s390x.tar.gz 3118d9c955f9a50f86ebba324894f06dbf7c1cb8f9bc5bdf6a95caf2a6678805

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 6b4d363d190e0ce6f4e41d19a0ac350b39cad7859bc442166a1da9124d1a82bb
kubernetes-node-linux-arm.tar.gz c80ac005c228217b871bf3e9de032044659db3aa048cc95b101820e31d62264c
kubernetes-node-linux-arm64.tar.gz d8b84e7cc6ff5d0e26b045de37bdd40ca8809c303b601d8604902e5957d98621
kubernetes-node-linux-ppc64le.tar.gz b0a667c5c905e6e724fba95d44797fb52afb564aedd1c25cbd4e632e152843e9
kubernetes-node-linux-s390x.tar.gz 78e7dbb82543ea6ac70767ed63c92823726adb6257f6b70b5911843d18288df7
kubernetes-node-windows-amd64.tar.gz 1a3e11cc3f1a0297de2b894a43eb56ede5fbd5cdc43e4da7e61171f5c1f3ef60

Changelog since v1.11.0

Action Required

  • action required: the API server and client-go libraries have been fixed to support additional non-alpha-numeric characters in UserInfo "extra" data keys. Both should be updated in order to properly support extra data containing "/" characters or other characters disallowed in HTTP headers. (#65799, @dekkagaijin)
  • [action required] The NodeConfiguration kind in the kubeadm v1alpha2 API has been renamed JoinConfiguration in v1alpha3 (#65951, @luxas)
  • ACTION REQUIRED: Removes defaulting of CSI file system type to ext4. All the production drivers listed under https://kubernetes-csi.github.io/docs/Drivers.html were inspected and should not be impacted after this change. If you are using a driver not in that list, please test the drivers on an updated test cluster first. ``` (#65499, @krunaljain)
  • [action required] The MasterConfiguration kind in the kubeadm v1alpha2 API has been renamed InitConfiguration in v1alpha3 (#65945, @luxas)
  • [action required] The formerly publicly-available cAdvisor web UI that the kubelet started using --cadvisor-port is now entirely removed in 1.12. The recommended way to run cAdvisor if you still need it, is via a DaemonSet. (#65707, @dims)
  • Cluster Autoscaler version updated to 1.3.1-beta.1. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.1-beta.1 (#65857, @aleksandra-malinowska)
    • Default value for expendable pod priority cutoff in GCP deployment of Cluster Autoscaler changed from 0 to -10.
    • action required: users deploying workloads with priority lower than 0 may want to use priority lower than -10 to avoid triggering scale-up.
  • [action required] kubeadm: The v1alpha1 config API has been removed. (#65628, @luxas)
    • Please convert your v1alpha1 configuration files to v1alpha2 using the
    • kubeadm config migrate command of kubeadm v1.11.x
  • kube-apiserver: the Priority admission plugin is now enabled by default when using --enable-admission-plugins. If using --admission-control to fully specify the set of admission plugins, the Priority admission plugin should be added if using the PodPriority feature, which is enabled by default in 1.11. (#65739, @liggitt)
  • The system-node-critical and system-cluster-critical priority classes are now limited to the kube-system namespace by the PodPriority admission plugin. (#65593, @bsalamat)
  • kubernetes-worker juju charm: Added support for setting the --enable-ssl-chain-completion option on the ingress proxy. "action required": if your installation relies on supplying incomplete certificate chains and using OCSP to fill them in, you must set "ingress-ssl-chain-completion" to "true" in your juju configuration. (#63845, @paulgear)

Other notable changes

  • admin RBAC role now aggregates edit and view. edit RBAC role now aggregates view. (#66684, @deads2k)
  • Speed up HPA reaction to metric changes by removing scale up forbidden window. (#66615, @jbartosik)
    • Scale up forbidden window was protecting HPA against making decision to scale up based on metrics gathered during pod initialisation (which may be invalid, for example pod may be using a lot of CPU despite not doing any "actual" work).
    • To avoid that negative effect only use per pod metrics from pods that are:
      • ready (so metrics about them should be valid), or
      • unready but creation and last readiness change timestamps are apart more than 10s (pods that have formerly been ready and so metrics are in at least some cases (pod becoming unready because of overload) very useful).
  • The kubectl patch command no longer exits with exit code 1 when a redundant patch results in a no-op (#66725, @juanvallejo)
  • Improved the output of kubectl get events to prioritize showing the message, and move some fields to -o wide. (#66643, @smarterclayton)
  • Added CPU Manager state validation in case of changed CPU topology. (#66718, @ipuustin)
  • Make EBS volume expansion faster (#66728, @gnufied)
  • Kubelet serving certificate bootstrapping and rotation has been promoted to beta status. (#66726, @liggitt)
  • Flag --pod (-p shorthand) of kubectl exec command marked as deprecated (#66558, @quasoft)
  • Fixed an issue which prevented gcloud from working on GCE when metadata concealment was enabled. (#66630, @dekkagaijin)
  • Azure Go SDK has been upgraded to v19.0.0 and VirtualMachineScaleSetVM now supports availability zones. (#66648, @feiskyer)
  • kubeadm now can join the cluster with pre-existing client certificate if provided (#66482, @dixudx)
  • If TaintNodesByCondition enabled, taint node with TaintNodeUnschedulable when (#63955, @k82cn)
    • initializing node to avoid race condition.
  • kubeadm: remove misleading error message regarding image pulling (#66658, @dixudx)
  • Fix Stackdriver integration based on node annotation container.googleapis.com/instance_id. (#66676, @kawych)
  • Fix kubelet startup failure when using ExecPlugin in kubeconfig (#66395, @awly)
  • When attaching iSCSI volumes, kubelet now scans only the specific (#63176, @bswartz)
    • LUNs being attached, and also deletes them after detaching. This avoids
    • dangling references to LUNs that no longer exist, which used to be the
    • cause of random I/O errors/timeouts in kernel logs, slowdowns during
    • block-device related operations, and very rare cases of data corruption.
  • kubeadm: Pull sidecar and dnsmasq-nanny images when using kube-dns (#66499, @rosti)
  • Extender preemption should respect IsInterested() (#66291, @resouer)
  • Properly autopopulate OpenAPI version field without needing other OpenAPI fields present in generic API server code. (#66411, @DirectXMan12)
  • renamed command line option --cri-socket-path of the kubeadm subcommand "kubeadm config images pull" to --cri-socket to be consistent with the rest of kubeadm subcommands. (#66382, @bart0sh)
  • The --docker-disable-shared-pid kubelet flag has been removed. PID namespace sharing can instead be enable per-pod using the ShareProcessNamespace option. (#66506, @verb)
  • Add support for using User Assigned MSI (https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview) with Kubernetes cluster on Azure. (#66180, @kkmsft)
  • fix acr could not be listed in sp issue (#66429, @andyzhangx)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63665, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • Fix volume limit for EBS on m5 and c5 instance types (#66397, @gnufied)
  • Extend TLS timeouts to work around slow arm64 math/big (#66264, @joejulian)
  • kubeadm: stop setting UID in the kubelet ConfigMap (#66341, @runiq)
  • kubectl: fixes a panic displaying pods with nominatedNodeName set (#66406, @liggitt)
  • Update crictl to v1.11.1. (#66152, @Random-Liu)
  • fixes a panic when using a mutating webhook admission plugin with a DELETE operation (#66425, @liggitt)
  • GCE: Fixes loadbalancer creation and deletion issues appearing in 1.10.5. (#66400, @nicksardo)
  • Azure nodes with availability zone now will have label failure-domain.beta.kubernetes.io/zone=<region>-<zoneID>. (#66242, @feiskyer)
  • Re-design equivalence class cache to two level cache (#65714, @resouer)
  • Checks CREATE admission for create-on-update requests instead of UPDATE admission (#65572, @yue9944882)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63666, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • Fixed a panic in the node status update logic when existing node has nil labels. (#66307, @guoshimin)
  • Bump Ingress-gce version to 1.2.0 (#65641, @freehan)
  • Bump event-exporter to 0.2.2 to pick up security fixes. (#66157, @loburm)
  • Allow ScaleIO volumes to be provisioned without having to first manually create /dev/disk/by-id path on each kubernetes node (if not already present) (#66174, @ddebroy)
  • fix rollout status for statefulsets (#62943, @faraazkhan)
  • Fix for resourcepool-path configuration in the vsphere.conf file. (#66261, @divyenpatel)
  • OpenAPI spec and documentation reflect 202 Accepted response path for delete request (#63418, @roycaihw)
  • fixes a validation error that could prevent updates to StatefulSet objects containing non-normalized resource requests (#66165, @liggitt)
  • Fix validation for HealthzBindAddress in kube-proxy when --healthz-port is set to 0 (#66138, @wsong)
  • kubeadm: use an HTTP request timeout when fetching the latest version of Kubernetes from dl.k8s.io (#65676, @dkoshkin)
  • Support configuring the Azure load balancer idle connection timeout for services (#66045, @cpuguy83)
  • kubectl config set-context can now set attributes of the current context, like the current namespace, by passing --current instead of a specific context name (#66140, @liggitt)
  • The alpha Initializers admission plugin is no longer enabled by default. This matches the off-by-default behavior of the alpha API which drives initializer behavior. (#66039, @liggitt)
  • kubeadm: Default component configs are printable via kubeadm config print-default (#66074, @rosti)
  • prevents infinite CLI wait on delete when item is recreated (#66136, @deads2k)
  • Preserve vmUUID when renewing nodeinfo in vSphere cloud provider (#66007, @w-leads)
  • Cluster Autoscaler version updated to 1.3.1. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.1 (#66122, @aleksandra-malinowska)
  • Expose docker registry config for addons used in Juju deployments (#66092, @kwmonroe)
  • kubelets that specify --cloud-provider now only report addresses in Node status as determined by the cloud provider (#65594, @liggitt) * kubelet serving certificate rotation now reacts to changes in reported node addresses, and will request certificates for addresses set by an external cloud provider
  • Fix the bug where image garbage collection is disabled by mistake. (#66051, @jiaxuanzhou)
  • fixes an issue with multi-line annotations injected via downward API files getting scrambled (#65992, @liggitt)
  • kubeadm: run kube-proxy on non-master tainted nodes (#65931, @neolit123)
  • "kubectl delete" no longer waits for dependent objects to be deleted when removing parent resources (#65908, @juanvallejo)
  • Introduce a new flag --keepalive for kubectl proxy to allow setting keep-alive period for long-running request. (#63793, @hzxuzhonghu)
  • If Openstack LoadBalancer is not defined in cloud config, the loadbalancer is not initialized any more in openstack. All setups must have some setting under that section (#65781, @zetaab)
  • Re-adds pkg/generated/bindata.go to the repository to allow some parts of k8s.io/kubernetes to be go-vendorable. (#65985, @ixdy)
  • Fix a bug that preempting a pod may block forever. (#65987, @Random-Liu)
  • Fix flexvolume in containarized kubelets (#65549, @gnufied)
  • Add volume mode filed to constructed volume spec for CSI plugin (#65456, @wenlxie)
  • Fix an issue with dropped audit logs, when truncating and batch backends enabled at the same time. (#65823, @loburm)
  • Support traffic shaping for CNI network driver (#63194, @m1093782566)
  • kubeadm: Use separate YAML documents for the kubelet and kube-proxy ComponentConfigs (#65787, @luxas)
  • kubeadm: Fix pause image to not use architecture, as it is a manifest list (#65920, @dims)
  • kubeadm: print required flags when running kubeadm upgrade plan (#65802, @xlgao-zju)
  • Fix RunAsGroup which doesn't work since 1.10. (#65926, @Random-Liu)
  • Running kubectl describe pvc now shows which pods are mounted to the pvc being described with the Mounted By field (#65837, @clandry94)
  • fix azure storage account creation failure (#65846, @andyzhangx)
  • Allow kube- and cloud-controller-manager to listen on ports up to 65535. (#65860, @sttts)
  • Allow kube-scheduler to listen on ports up to 65535. (#65833, @sttts)
  • kubeadm: Remove usage of PersistentVolumeLabel (#65827, @xlgao-zju)
  • kubeadm: Add a v1alpha3 API. (#65629, @luxas)
  • Update to use go1.10.3 (#65726, @ixdy)
  • LimitRange and Endpoints resources can be created via an update API call if the object does not already exist. When this occurs, an authorization check is now made to ensure the user making the API call is authorized to create the object. In previous releases, only an update authorization check was performed. (#65150, @jennybuckley)
  • Fix 'kubectl cp' with no arguments causes a panic (#65482, @wgliang)
  • bazel deb package bugfix: The kubeadm deb package now reloads the kubelet after installation (#65554, @rdodev)
  • fix smb mount issue (#65751, @andyzhangx)
  • More fields are allowed at the root of the CRD validation schema when the status subresource is enabled. (#65357, @nikhita)
  • Reload systemd config files before starting kubelet. (#65702, @mborsz)
  • Unix: support ZFS as a valid graph driver for Docker (#65635, @neolit123)
  • Fix controller-manager crashes when flex plugin is removed from flex plugin directory (#65536, @gnufied)
  • Enable etcdv3 client prometheus metics (#64741, @wgliang)
  • skip nodes that have a primary NIC in a 'Failed' provisioningState (#65412, @yastij)
  • kubeadm: remove redundant flags settings for kubelet (#64682, @dixudx)
  • Fixes the wrong elasticsearch node counter (#65627, @IvanovOleg)
  • Add Ubuntu 18.04 (Bionic) series to Juju charms (#65644, @tvansteenburgh)
  • Fix local volume directory can't be deleted because of volumeMode error (#65310, @wenlxie)
  • kubectl: --use-openapi-print-columns is deprecated in favor of --server-print (#65601, @liggitt)
  • Add prometheus scrape port to CoreDNS service (#65589, @rajansandeep)
  • fixes an out of range panic in the NoExecuteTaintManager controller when running a non-64-bit build (#65596, @liggitt)
  • kubectl: fixes a regression with --use-openapi-print-columns that would not print object contents (#65600, @liggitt)
  • Hostnames are now converted to lowercase before being used for node lookups in the kubernetes-worker charm. (#65487, @dshcherb)
  • N/A (#64660, @figo)
  • bugfix: Do not print feature gates in the generic apiserver code for glog level 0 (#65584, @neolit123)
  • Add metrics for PVC in-use (#64527, @gnufied)
  • Fixed exception detection in fluentd-gcp plugin. (#65361, @xperimental)
  • api-machinery utility functions SetTransportDefaults and DialerFor once again respect custom Dial functions set on transports (#65547, @liggitt)
  • Improve the display of jobs in kubectl get and kubectl describe to emphasize progress and duration. (#65463, @smarterclayton)
  • kubectl convert previous created a list inside of a list. Now it is only wrapped once. (#65489, @deads2k)
  • fix azure disk creation issue when specifying external resource group (#65516, @andyzhangx)
  • fixes a regression in kube-scheduler to properly load client connection information from a --config file that references a kubeconfig file (#65507, @liggitt)
  • Fixed cleanup of CSI metadata files. (#65323, @jsafrane)
  • Update Rescheduler's manifest to use version 0.4.0. (#65454, @bsalamat)
  • On COS, NPD creates a node condition for frequent occurrences of unregister_netdevice (#65342, @dashpole)
  • Properly manage security groups for loadbalancer services on OpenStack. (#65373, @multi-io)
  • Add user-agent to audit-logging. (#64812, @hzxuzhonghu)
  • kubeadm: notify the user of manifest upgrade timeouts (#65164, @xlgao-zju)
  • Fixes incompatibility with custom scheduler extender configurations specifying bindVerb (#65424, @liggitt)
  • Using kubectl describe on CRDs that use underscores will be prettier. (#65391, @smarterclayton)
  • Improve scheduler's performance by eliminating sorting of nodes by their score. (#65396, @bsalamat)
  • Add more conditions to the list of predicate failures that won't be resolved by preemption. (#64995, @bsalamat)
  • Allow access to ClusterIP from the host network namespace when kube-proxy is started in IPVS mode without either masqueradeAll or clusterCIDR flags (#65388, @lbernail)
  • User can now use sudo crictl on GCE cluster. (#65389, @Random-Liu)
  • Tolerate missing watch permission when deleting a resource (#65370, @deads2k)
  • Prevents a kubectl delete hang when deleting controller managed lists (#65367, @deads2k)
  • fixes a memory leak in the kube-controller-manager observed when large numbers of pods with tolerations are created/deleted (#65339, @liggitt)
  • checkLimitsForResolvConf for the pod create and update events instead of checking period (#64860, @wgliang)
  • Fix concurrent map access panic (#65334, @dashpole)
    • Don't watch .mount cgroups to reduce number of inotify watches
    • Fix NVML initialization race condition
    • Fix brtfs disk metrics when using a subdirectory of a subvolume
  • Change Azure ARM Rate limiting error message. (#65292, @wgliang)
  • AWS now checks for validity of ecryption key when creating encrypted volumes. Dynamic provisioning of encrypted volume may get slower due to these checks. (#65223, @jsafrane)
  • Report accurate status for kubernetes-master and -worker charms. (#65187, @kwmonroe)
  • Fixed issue 63608, which is that under rare circumstances the ResourceQuota admission controller could lose track of an request in progress and time out after waiting 10 seconds for a decision to be made. (#64598, @MikeSpreitzer)
  • In the vSphere cloud provider the Global.vm-uuid configuration option is not deprecated anymore, it can be used to overwrite the VMUUID on the controller-manager (#65152, @alvaroaleman)
  • fluentd-gcp grace termination period increased to 60s. (#65084, @x13n)
  • Pass cluster_location argument to Heapster (#65176, @kawych)
  • Fix a scalability issue where high rates of event writes degraded etcd performance. (#64539, @ccding)
  • Corrected a mistake in the documentation for wait.PollImmediate(...) (#65026, @spew)
  • Split 'scheduling_latency_seconds' metric into finer steps (predicate, priority, premption) (#65306, @shyamjvs)
  • Etcd health checks by the apiserver now ensure the apiserver can connect to and exercise the etcd API (#65027, @liggitt)
  • Add e2e regression tests for the kubelet being secure (#64140, @dixudx)
  • set EnableHTTPSTrafficOnly in azure storage account creation (#64957, @andyzhangx)
  • Fixes an issue where Portworx PVCs remain in pending state when created using a StorageClass with empty parameters (#64895, @harsh-px)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63662, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63661, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63660, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • Updated default image for nginx ingress in CDK to match current Kubernetes docs. (#64285, @hyperbolic2346)
  • Added block volume support to Cinder volume plugin. (#64879, @bertinatto)
  • fixed incorrect OpenAPI schema for CustomResourceDefinition objects (#65256, @liggitt)
  • ignore not found file error when watching manifests (#64880, @dixudx)
  • add port-forward examples for sevice (#64773, @MasayaAoyama)
  • Fix issues for block device not mapped to container. (#64555, @wenlxie)
  • Update crictl on GCE to v1.11.0. (#65254, @Random-Liu)
  • Fixes missing nodes lines when kubectl top nodes (#64389, @yue9944882)
  • keep pod state consistent when scheduler cache UpdatePod (#64692, @adohe)
  • add external resource group support for azure disk (#64427, @andyzhangx)
  • Increase the gRPC max message size to 16MB in the remote container runtime. (#64672, @mcluseau)
  • The new default value for the --allow-privileged parameter of the Kubernetes-worker charm has been set to true based on changes which went into the Kubernetes 1.10 release. Before this change the default value was set to false. If you're installing Canonical Kubernetes you should expect this value to now be true by default and you should now look to use PSP (pod security policies). (#64104, @CalvinHartwell)
  • The --remove-extra-subjects and --remove-extra-permissions flags have been enabled for kubectl auth reconcile (#64541, @mrogers950)
  • Fix kubectl drain --timeout option when eviction is used. (#64378, @wrdls)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63659, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.