github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 19:01:49 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into kube-proxy-cleanup

Browse Source
This commit is contained in:
Vallery Lancey 2019-03-13 13:31:48 -07:00 committed by GitHub
commit 22ff746e4a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4591 changed files with 468856 additions and 156883 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.generated_files
View File

@ -25,5 +25,3 @@ file-name types_swagger_doc_generated.go
path-prefix Godeps/
path-prefix vendor/
path-prefix pkg/generated/
paths-from-repo docs/.generated_docs

7
.github/ISSUE_TEMPLATE/bug-report.md vendored
View File

@ -5,7 +5,10 @@ labels: kind/bug
---
<!-- Please use this template while reporting a bug and provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner. Thanks!-->
<!-- Please use this template while reporting a bug and provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner. Thanks!
If the matter is security related, please disclose it privately via https://kubernetes.io/security/
-->
**What happened**:
@ -19,7 +22,7 @@ labels: kind/bug
**Environment**:
- Kubernetes version (use `kubectl version`):
- Cloud provider or hardware configuration:
- OS (e.g. from /etc/os-release):
- OS (e.g: `cat /etc/os-release`):
- Kernel (e.g. `uname -a`):
- Install tools:
- Others:

2
.github/ISSUE_TEMPLATE/support.md vendored
View File

@ -5,7 +5,7 @@ labels: triage/support
---
<!--
<!--
STOP -- PLEASE READ!
GitHub is not the right place for support requests.

2
.github/OWNERS vendored
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
reviewers:
- castrojo
- cblecker

4
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -24,7 +24,7 @@ https://git.k8s.io/community/contributors/devel/release.md#issue-kind-label
**What this PR does / why we need it**:
**Which issue(s) this PR fixes**:
<!--
<!--
*Automatically closes linked issue when PR is merged.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
_If PR is about `failing-tests or flakes`, please post the related issues/tests in a comment and do not use `Fixes`_*
@ -34,7 +34,7 @@ Fixes #
**Special notes for your reviewer**:
**Does this PR introduce a user-facing change?**:
<!--
<!--
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".

237
CHANGELOG-1.10.md
View File

@ -1,96 +1,103 @@
<!-- BEGIN MUNGE: GENERATED_TOC -->
- [v1.10.12](#v11012)
- [Downloads for v1.10.12](#downloads-for-v11012)
- [v1.10.13](#v11013)
- [Downloads for v1.10.13](#downloads-for-v11013)
- [Client Binaries](#client-binaries)
- [Server Binaries](#server-binaries)
- [Node Binaries](#node-binaries)
- [Changelog since v1.10.11](#changelog-since-v11011)
- [Changelog since v1.10.12](#changelog-since-v11012)
- [Other notable changes](#other-notable-changes)
- [v1.10.11](#v11011)
- [Downloads for v1.10.11](#downloads-for-v11011)
- [v1.10.12](#v11012)
- [Downloads for v1.10.12](#downloads-for-v11012)
- [Client Binaries](#client-binaries-1)
- [Server Binaries](#server-binaries-1)
- [Node Binaries](#node-binaries-1)
- [Changelog since v1.10.10](#changelog-since-v11010)
- [Changelog since v1.10.11](#changelog-since-v11011)
- [Other notable changes](#other-notable-changes-1)
- [v1.10.10](#v11010)
- [Downloads for v1.10.10](#downloads-for-v11010)
- [v1.10.11](#v11011)
- [Downloads for v1.10.11](#downloads-for-v11011)
- [Client Binaries](#client-binaries-2)
- [Server Binaries](#server-binaries-2)
- [Node Binaries](#node-binaries-2)
- [Changelog since v1.10.9](#changelog-since-v1109)
- [Changelog since v1.10.10](#changelog-since-v11010)
- [Other notable changes](#other-notable-changes-2)
- [v1.10.9](#v1109)
- [Downloads for v1.10.9](#downloads-for-v1109)
- [v1.10.10](#v11010)
- [Downloads for v1.10.10](#downloads-for-v11010)
- [Client Binaries](#client-binaries-3)
- [Server Binaries](#server-binaries-3)
- [Node Binaries](#node-binaries-3)
- [Changelog since v1.10.8](#changelog-since-v1108)
- [Changelog since v1.10.9](#changelog-since-v1109)
- [Other notable changes](#other-notable-changes-3)
- [v1.10.8](#v1108)
- [Downloads for v1.10.8](#downloads-for-v1108)
- [v1.10.9](#v1109)
- [Downloads for v1.10.9](#downloads-for-v1109)
- [Client Binaries](#client-binaries-4)
- [Server Binaries](#server-binaries-4)
- [Node Binaries](#node-binaries-4)
- [Changelog since v1.10.7](#changelog-since-v1107)
- [Changelog since v1.10.8](#changelog-since-v1108)
- [Other notable changes](#other-notable-changes-4)
- [v1.10.7](#v1107)
- [Downloads for v1.10.7](#downloads-for-v1107)
- [v1.10.8](#v1108)
- [Downloads for v1.10.8](#downloads-for-v1108)
- [Client Binaries](#client-binaries-5)
- [Server Binaries](#server-binaries-5)
- [Node Binaries](#node-binaries-5)
- [Changelog since v1.10.6](#changelog-since-v1106)
- [Action Required](#action-required)
- [Changelog since v1.10.7](#changelog-since-v1107)
- [Other notable changes](#other-notable-changes-5)
- [v1.10.6](#v1106)
- [Downloads for v1.10.6](#downloads-for-v1106)
- [v1.10.7](#v1107)
- [Downloads for v1.10.7](#downloads-for-v1107)
- [Client Binaries](#client-binaries-6)
- [Server Binaries](#server-binaries-6)
- [Node Binaries](#node-binaries-6)
- [Changelog since v1.10.5](#changelog-since-v1105)
- [Action Required](#action-required-1)
- [Changelog since v1.10.6](#changelog-since-v1106)
- [Action Required](#action-required)
- [Other notable changes](#other-notable-changes-6)
- [v1.10.5](#v1105)
- [Downloads for v1.10.5](#downloads-for-v1105)
- [v1.10.6](#v1106)
- [Downloads for v1.10.6](#downloads-for-v1106)
- [Client Binaries](#client-binaries-7)
- [Server Binaries](#server-binaries-7)
- [Node Binaries](#node-binaries-7)
- [Changelog since v1.10.4](#changelog-since-v1104)
- [Action Required](#action-required-2)
- [Changelog since v1.10.5](#changelog-since-v1105)
- [Action Required](#action-required-1)
- [Other notable changes](#other-notable-changes-7)
- [v1.10.4](#v1104)
- [Downloads for v1.10.4](#downloads-for-v1104)
- [v1.10.5](#v1105)
- [Downloads for v1.10.5](#downloads-for-v1105)
- [Client Binaries](#client-binaries-8)
- [Server Binaries](#server-binaries-8)
- [Node Binaries](#node-binaries-8)
- [Changelog since v1.10.3](#changelog-since-v1103)
- [Changelog since v1.10.4](#changelog-since-v1104)
- [Action Required](#action-required-2)
- [Other notable changes](#other-notable-changes-8)
- [v1.10.3](#v1103)
- [Downloads for v1.10.3](#downloads-for-v1103)
- [v1.10.4](#v1104)
- [Downloads for v1.10.4](#downloads-for-v1104)
- [Client Binaries](#client-binaries-9)
- [Server Binaries](#server-binaries-9)
- [Node Binaries](#node-binaries-9)
- [Changelog since v1.10.2](#changelog-since-v1102)
- [Changelog since v1.10.3](#changelog-since-v1103)
- [Other notable changes](#other-notable-changes-9)
- [v1.10.2](#v1102)
- [Downloads for v1.10.2](#downloads-for-v1102)
- [v1.10.3](#v1103)
- [Downloads for v1.10.3](#downloads-for-v1103)
- [Client Binaries](#client-binaries-10)
- [Server Binaries](#server-binaries-10)
- [Node Binaries](#node-binaries-10)
- [Changelog since v1.10.1](#changelog-since-v1101)
- [Changelog since v1.10.2](#changelog-since-v1102)
- [Other notable changes](#other-notable-changes-10)
- [v1.10.1](#v1101)
- [Downloads for v1.10.1](#downloads-for-v1101)
- [v1.10.2](#v1102)
- [Downloads for v1.10.2](#downloads-for-v1102)
- [Client Binaries](#client-binaries-11)
- [Server Binaries](#server-binaries-11)
- [Node Binaries](#node-binaries-11)
- [Changelog since v1.10.0](#changelog-since-v1100)
- [Changelog since v1.10.1](#changelog-since-v1101)
- [Other notable changes](#other-notable-changes-11)
- [v1.10.0](#v1100)
- [Downloads for v1.10.0](#downloads-for-v1100)
- [v1.10.1](#v1101)
- [Downloads for v1.10.1](#downloads-for-v1101)
- [Client Binaries](#client-binaries-12)
- [Server Binaries](#server-binaries-12)
- [Node Binaries](#node-binaries-12)
- [Changelog since v1.10.0](#changelog-since-v1100)
- [Other notable changes](#other-notable-changes-12)
- [v1.10.0](#v1100)
- [Downloads for v1.10.0](#downloads-for-v1100)
- [Client Binaries](#client-binaries-13)
- [Server Binaries](#server-binaries-13)
- [Node Binaries](#node-binaries-13)
- [Major Themes](#major-themes)
- [Node](#node)
- [Storage](#storage)
@ -104,7 +111,7 @@
- [Before Upgrading](#before-upgrading)
- [Known Issues](#known-issues)
- [Deprecations](#deprecations)
- [Other Notable Changes](#other-notable-changes-12)
- [Other Notable Changes](#other-notable-changes-13)
- [Apps](#apps)
- [AWS](#aws)
- [Auth](#auth-1)
@ -127,69 +134,125 @@
- [External Dependencies](#external-dependencies)
- [v1.10.0-rc.1](#v1100-rc1)
- [Downloads for v1.10.0-rc.1](#downloads-for-v1100-rc1)
- [Client Binaries](#client-binaries-13)
- [Server Binaries](#server-binaries-13)
- [Node Binaries](#node-binaries-13)
- [Changelog since v1.10.0-beta.4](#changelog-since-v1100-beta4)
- [Other notable changes](#other-notable-changes-13)
- [v1.10.0-beta.4](#v1100-beta4)
- [Downloads for v1.10.0-beta.4](#downloads-for-v1100-beta4)
- [Client Binaries](#client-binaries-14)
- [Server Binaries](#server-binaries-14)
- [Node Binaries](#node-binaries-14)
- [Changelog since v1.10.0-beta.3](#changelog-since-v1100-beta3)
- [Changelog since v1.10.0-beta.4](#changelog-since-v1100-beta4)
- [Other notable changes](#other-notable-changes-14)
- [v1.10.0-beta.3](#v1100-beta3)
- [Downloads for v1.10.0-beta.3](#downloads-for-v1100-beta3)
- [v1.10.0-beta.4](#v1100-beta4)
- [Downloads for v1.10.0-beta.4](#downloads-for-v1100-beta4)
- [Client Binaries](#client-binaries-15)
- [Server Binaries](#server-binaries-15)
- [Node Binaries](#node-binaries-15)
- [Changelog since v1.10.0-beta.2](#changelog-since-v1100-beta2)
- [Changelog since v1.10.0-beta.3](#changelog-since-v1100-beta3)
- [Other notable changes](#other-notable-changes-15)
- [v1.10.0-beta.2](#v1100-beta2)
- [Downloads for v1.10.0-beta.2](#downloads-for-v1100-beta2)
- [v1.10.0-beta.3](#v1100-beta3)
- [Downloads for v1.10.0-beta.3](#downloads-for-v1100-beta3)
- [Client Binaries](#client-binaries-16)
- [Server Binaries](#server-binaries-16)
- [Node Binaries](#node-binaries-16)
- [Changelog since v1.10.0-beta.1](#changelog-since-v1100-beta1)
- [Action Required](#action-required-3)
- [Changelog since v1.10.0-beta.2](#changelog-since-v1100-beta2)
- [Other notable changes](#other-notable-changes-16)
- [v1.10.0-beta.1](#v1100-beta1)
- [Downloads for v1.10.0-beta.1](#downloads-for-v1100-beta1)
- [v1.10.0-beta.2](#v1100-beta2)
- [Downloads for v1.10.0-beta.2](#downloads-for-v1100-beta2)
- [Client Binaries](#client-binaries-17)
- [Server Binaries](#server-binaries-17)
- [Node Binaries](#node-binaries-17)
- [Changelog since v1.10.0-alpha.3](#changelog-since-v1100-alpha3)
- [Action Required](#action-required-4)
- [Changelog since v1.10.0-beta.1](#changelog-since-v1100-beta1)
- [Action Required](#action-required-3)
- [Other notable changes](#other-notable-changes-17)
- [v1.10.0-alpha.3](#v1100-alpha3)
- [Downloads for v1.10.0-alpha.3](#downloads-for-v1100-alpha3)
- [v1.10.0-beta.1](#v1100-beta1)
- [Downloads for v1.10.0-beta.1](#downloads-for-v1100-beta1)
- [Client Binaries](#client-binaries-18)
- [Server Binaries](#server-binaries-18)
- [Node Binaries](#node-binaries-18)
- [Changelog since v1.10.0-alpha.2](#changelog-since-v1100-alpha2)
- [Changelog since v1.10.0-alpha.3](#changelog-since-v1100-alpha3)
- [Action Required](#action-required-4)
- [Other notable changes](#other-notable-changes-18)
- [v1.10.0-alpha.2](#v1100-alpha2)
- [Downloads for v1.10.0-alpha.2](#downloads-for-v1100-alpha2)
- [v1.10.0-alpha.3](#v1100-alpha3)
- [Downloads for v1.10.0-alpha.3](#downloads-for-v1100-alpha3)
- [Client Binaries](#client-binaries-19)
- [Server Binaries](#server-binaries-19)
- [Node Binaries](#node-binaries-19)
- [Changelog since v1.10.0-alpha.1](#changelog-since-v1100-alpha1)
- [Action Required](#action-required-5)
- [Changelog since v1.10.0-alpha.2](#changelog-since-v1100-alpha2)
- [Other notable changes](#other-notable-changes-19)
- [v1.10.0-alpha.1](#v1100-alpha1)
- [Downloads for v1.10.0-alpha.1](#downloads-for-v1100-alpha1)
- [v1.10.0-alpha.2](#v1100-alpha2)
- [Downloads for v1.10.0-alpha.2](#downloads-for-v1100-alpha2)
- [Client Binaries](#client-binaries-20)
- [Server Binaries](#server-binaries-20)
- [Node Binaries](#node-binaries-20)
- [Changelog since v1.10.0-alpha.1](#changelog-since-v1100-alpha1)
- [Action Required](#action-required-5)
- [Other notable changes](#other-notable-changes-20)
- [v1.10.0-alpha.1](#v1100-alpha1)
- [Downloads for v1.10.0-alpha.1](#downloads-for-v1100-alpha1)
- [Client Binaries](#client-binaries-21)
- [Server Binaries](#server-binaries-21)
- [Node Binaries](#node-binaries-21)
- [Changelog since v1.9.0](#changelog-since-v190)
- [Action Required](#action-required-6)
- [Other notable changes](#other-notable-changes-20)
- [Other notable changes](#other-notable-changes-21)
<!-- END MUNGE: GENERATED_TOC -->
<!-- NEW RELEASE NOTES ENTRY -->
# v1.10.13
[Documentation](https://docs.k8s.io)
## Downloads for v1.10.13
filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes.tar.gz) | `8add1e0bb21e5d3be1a91301d522782c3b867d55a48ce865331db23d35cca0ad4289279332dbf74a4c45ccc4ea9dc160cef98e44b7b6bcd072196f099059b913`
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-src.tar.gz) | `65b37053be2b323e21ddec4d2d7abb1614f20fd467d1d420fb880b6e61734eadbe8aaf55f30e5ae5b02e03de746924a64a85459352190848be102f62a768cb21`
### Client Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-client-darwin-386.tar.gz) | `05be88ada7db616a3ccdc50d47136ab1a9213879b65c81db81bbd06c7c97db6dbeb3d05ed1b6fc06d7e399f26428718792b133706b7b274ac7f6981193403647`
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-client-darwin-amd64.tar.gz) | `351769fa9caf9d285d47fb21bd25f8876b00d0d079d14e407b342467e824c61e936049a6adb6f42a7323129f37e8218448a790daa9835db540f0016d71e81139`
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-client-linux-386.tar.gz) | `c7668ec89f32ad524dcaa6f87e9c6646a0d97165daa436a8915e72b2b7f3f6f55231041e44c91e22adbb62e9b7bd9e60360611c5ccd801c3b74fe4e98238995b`
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-client-linux-amd64.tar.gz) | `2355ab1e140ea9a117fd5ea04bbf3795e14880bafc8c177c9797d40244c523d5b8ef6f2c72be252e7e0439eb659258ef9ace3bab9a72213e494ee0bef9c2e0c0`
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-client-linux-arm.tar.gz) | `3aa45783210b465af7a8217ff167ef5a6d2e0318231b451a3eafe9f09799c8f10531dcbc352cef04fdaa7a024205f635ccf3a61b2eb7c1d2d303f002b61250ae`
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-client-linux-arm64.tar.gz) | `e02b43419b8b6d19c18bc03c751df1a29489d8cd0e247c6ac430f83a5f1227671cbf56407cf266fb113dddb3e9353f18f8ce9bcfe83f52a45af3b667898d6ef5`
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-client-linux-ppc64le.tar.gz) | `339fccf4a82898d087d5c48e0c13a4652e8f37b6a5423e7aad4262bbda137d5e5ebd7de96b30bd2c9ef4d0f84d610359a48b4b67591576e298355185d63d0d46`
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-client-linux-s390x.tar.gz) | `b7dd449defcd1b47db78472c8740f99ad96bb921d64db37b57cb9392a055afba4380a012186b28a52518377f96048d47799370497a829f1b474aea0cbac9971f`
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-client-windows-386.tar.gz) | `64657c29c4b90029c9a0739e67566c1a0e781e7ad3a133833f2a7cd4d88a7f16db4c0ed28a5473aecd96dfa4cf8d2cd2fe6f7d72633a2538739497196d704521`
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-client-windows-amd64.tar.gz) | `71bfcea7ff941320b225b5b896c8e2dd6fe1165b05b95d512cefa31950e972b5db95788c2bb031097d5d17408e537af60c0b5b3edca707c472fad80f04fc35d4`
### Server Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-server-linux-amd64.tar.gz) | `6ece286535569786579233809fee92307a103c30947e1350fa009fab29b9f45e82c065f6d3576025ea1499c9a58ee97d2386f540aee3e789aa0b2aaf2b388aca`
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-server-linux-arm.tar.gz) | `35aaaffdf478b6044146d620bd867b1d09e290537ec4200ab29b06fddb3425a339ebadaa5463cd10f0797df00d696a2bfab1a48db9b4a682b1b5d7ba2b7f3fb1`
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-server-linux-arm64.tar.gz) | `dfd7edc27cef7b2750790f3d6b71c4a2beb8b3e4716a3f8a2033708cfed93bb351f60b1af424520e5ce89b159f797a56094a327ce62c08dd2a72fbac69a06b9e`
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-server-linux-ppc64le.tar.gz) | `7f877383ea353510b6e27d6485bac09b71aacae028dc2e9ddf1bbdaca129283aac2cbdb9c0c3bd3542513d268c37eb5efdec2a0711e613337631df3ed4e21992`
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-server-linux-s390x.tar.gz) | `c2e5eb5bf18a127c25ac6a9f182bc8bc36b5d3962f996ce24ebb85dd25704a7da34f1c7eeed1710757b1cbb788a5b20c2e72caefba3d76b9580ac05a39469843`
### Node Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-node-linux-amd64.tar.gz) | `28bed15d3e9b3bfb1d70c6dcd5c0c0f7b6f1c096c796d778f548856f4a446437377d5a4b5b939dc577ebfe8c3e6dbf2d594da77c9fdb8b514fc75c9e0a7b7471`
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-node-linux-arm.tar.gz) | `48b04f7bbe3604429270ad2a1516b3898748153d184213cbb1e7f05571f3cfb4d4588ec2f5fb6f03ac5a666022d7df27e6c60236852fb38bd3240565a96e76c0`
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-node-linux-arm64.tar.gz) | `506299ddf40d53ecf3fe377db6ef9ab8459f47210490108c1af2d5135c53279b8de3dcc0a16bb6014bdd1aae8aaf52cefc123b317b97eaba23d2c5fcaf0c7bd2`
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-node-linux-ppc64le.tar.gz) | `1887d3f85448c35cc1debe4dadde3ccbca6b5c384726c047dff948e17b3df854e78626b4b8c2c2fb4174899e39cbc2b8cd799459d92e4c29f7962150060e9ed5`
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-node-linux-s390x.tar.gz) | `6c2323040b763dbd4b42fd1f1f6154f061f26909fb26b0c663668d9df4673dcaf35be28a35738b97fc00dfa195eefe28982a8bab4aae1bb95d5a21df7a59e33e`
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.10.13/kubernetes-node-windows-amd64.tar.gz) | `002a3d1aab5b928943c6a4378f0af5a3c0844c6fa65a21c1bc0e66ef198bc47a04659fedc00c32d973747d15e92f7dd90c8fca042b0a0ed591baffc51727a703`
## Changelog since v1.10.12
### Other notable changes
* Fixes spurious 0-length API responses. ([#72856](https://github.com/kubernetes/kubernetes/pull/72856), [@liggitt](https://github.com/liggitt))
# v1.10.12
[Documentation](https://docs.k8s.io)
@ -587,7 +650,7 @@ filename | sha256 hash
* Fix creation of custom resources when the CRD contains non-conventional pluralization and subresources ([#66249](https://github.com/kubernetes/kubernetes/pull/66249), [@deads2k](https://github.com/deads2k))
* Bump up version number of debian-base, debian-hyperkube-base and debian-iptables. ([#67026](https://github.com/kubernetes/kubernetes/pull/67026), [@satyasm](https://github.com/satyasm))
* Also updates dependencies of users of debian-base.
* Also updates dependencies of users of debian-base.
* debian-base version 0.3.1 is already available.
* Fix an issue that pods using hostNetwork keep increasing. ([#67456](https://github.com/kubernetes/kubernetes/pull/67456), [@Huang-Wei](https://github.com/Huang-Wei))
* Allows extension API server to dynamically discover the requestheader CA certificate when the core API server doesn't use certificate based authentication for it's clients ([#66394](https://github.com/kubernetes/kubernetes/pull/66394), [@rtripat](https://github.com/rtripat))
@ -1160,7 +1223,7 @@ filename | sha256 hash
### Node
Many of the changes within SIG-Node revolve around control. With the beta release of the `kubelet.config.k8s.io` API group, a significant subset of Kubelet configuration can now be [configured via a versioned config file](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/). Kubernetes v1.10 adds alpha support for the ability to [configure whether containers in a pod should share a single process namespace](https://github.com/kubernetes/enhancements/issues/495), and the CRI has been upgraded to v1alpha2, which adds [support for Windows Container Configuration](https://github.com/kubernetes/enhancements/issues/547). Kubernetes v1.10 also ships with the beta release of the [CRI validation test suite](https://github.com/kubernetes/enhancements/issues/292).
Many of the changes within SIG-Node revolve around control. With the beta release of the `kubelet.config.k8s.io` API group, a significant subset of Kubelet configuration can now be [configured via a versioned config file](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/). Kubernetes v1.10 adds alpha support for the ability to [configure whether containers in a pod should share a single process namespace](https://github.com/kubernetes/enhancements/issues/495), and the CRI has been upgraded to v1alpha2, which adds [support for Windows Container Configuration](https://github.com/kubernetes/enhancements/issues/547). Kubernetes v1.10 also ships with the beta release of the [CRI validation test suite](https://github.com/kubernetes/enhancements/issues/292).
The Resource Management Working Group graduated three features to beta in the 1.10 release. First, [CPU Manager](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/), which allows users to request exclusive CPU cores. This helps performance in a variety of use-cases, including network latency sensitive applications, as well as applications that benefit from CPU cache residency. Next, [Huge Pages](https://kubernetes.io/docs/tasks/manage-hugepages/scheduling-hugepages/), which allows pods to consume either 2Mi or 1Gi Huge Pages. This benefits applications that consume large amounts of memory. Use of Huge Pages is a common tuning recommendation for databases and JVMs. Finally, the [Device Plugin](https://kubernetes.io/docs/concepts/cluster-administration/device-plugins/) feature, which provides a framework for vendors to advertise their resources to the Kubelet without changing Kubernetes core code. Targeted devices include GPUs, High-performance NICs, FPGAs, InfiniBand, and other similar computing resources that may require vendor specific initialization and setup.
@ -1168,7 +1231,7 @@ The Resource Management Working Group graduated three features to beta in the 1.
This release brings additional power to both local storage and Persistent Volumes. [Mount namespace propagation](https://github.com/kubernetes/enhancements/issues/432) allows a container to mount a volume as rslave so that host mounts can be seen inside the container, or as rshared so that mounts made inside a container can be seen by the host. (Note that this is [not supported on Windows](https://github.com/kubernetes/kubernetes/pull/60275).) [Local Ephemeral Storage Capacity Isolation](https://github.com/kubernetes/enhancements/issues/361) makes it possible to set requests and limits on ephemeral local storage resources. In addition, you can now create [Local Persistent Storage](https://github.com/kubernetes/enhancements/issues/121), which enables PersistentVolumes to be created with locally attached disks, and not just network volumes.
On the Persistent Volumes side, this release [Prevents deletion of Persistent Volume Claims that are used by a pod](https://github.com/kubernetes/enhancements/issues/498) and [Persistent Volumes that are bound to a Persistent Volume Claim](https://github.com/kubernetes/enhancements/issues/499), making it impossible to delete storage that is in use by a pod.
On the Persistent Volumes side, this release [Prevents deletion of Persistent Volume Claims that are used by a pod](https://github.com/kubernetes/enhancements/issues/498) and [Persistent Volumes that are bound to a Persistent Volume Claim](https://github.com/kubernetes/enhancements/issues/499), making it impossible to delete storage that is in use by a pod.
This release also includes [Topology Aware Volume Scheduling](https://github.com/kubernetes/enhancements/issues/490) for local persistent volumes, the stable release of [Detailed storage metrics of internal state](https://github.com/kubernetes/enhancements/issues/496), and beta support for [Out-of-tree CSI Volume Plugins](https://github.com/kubernetes/enhancements/issues/178).
@ -1198,7 +1261,7 @@ This release includes a change to [kubectl get and describe to work better with
### Network
In terms of networking, Kubernetes 1.10 is about control. Users now have beta support for the ability to [configure a pod's resolv.conf](https://github.com/kubernetes/enhancements/issues/504), rather than relying on the cluster DNS, as well as [configuring the NodePort IP address](https://github.com/kubernetes/enhancements/issues/539). You can also [switch the default DNS plugin to CoreDNS](https://github.com/kubernetes/enhancements/issues/427) (beta).
In terms of networking, Kubernetes 1.10 is about control. Users now have beta support for the ability to [configure a pod's resolv.conf](https://github.com/kubernetes/enhancements/issues/504), rather than relying on the cluster DNS, as well as [configuring the NodePort IP address](https://github.com/kubernetes/enhancements/issues/539). You can also [switch the default DNS plugin to CoreDNS](https://github.com/kubernetes/enhancements/issues/427) (beta).
## Before Upgrading
@ -1370,7 +1433,7 @@ If no featureGates was specified in `kubeadm-config`, just change `featureGates:
* rktnetes has been deprecated in favor of rktlet. Please see [https://github.com/kubernetes-incubator/rktlet](https://github.com/kubernetes-incubator/rktlet) for more information. ([#58418](https://github.com/kubernetes/kubernetes/pull/58418), [@yujuhong](https://github.com/yujuhong))
* The Kubelet now explicitly registers all of its command-line flags with an internal flagset, which prevents flags from third party libraries from unintentionally leaking into the Kubelet's command-line API. Many unintentionally leaked flags are now marked deprecated, so that users have a chance to migrate away from them before they are removed. In addition, one previously leaked flag, --cloud-provider-gce-lb-src-cidrs, has been entirely removed from the Kubelet's command-line API, because it is irrelevant to Kubelet operation. The deprecated flags are:
* The Kubelet now explicitly registers all of its command-line flags with an internal flagset, which prevents flags from third party libraries from unintentionally leaking into the Kubelet's command-line API. Many unintentionally leaked flags are now marked deprecated, so that users have a chance to migrate away from them before they are removed. In addition, one previously leaked flag, --cloud-provider-gce-lb-src-cidrs, has been entirely removed from the Kubelet's command-line API, because it is irrelevant to Kubelet operation. The deprecated flags are:
* --application_metrics_count_limit
* --boot_id_file
@ -1411,17 +1474,17 @@ If no featureGates was specified in `kubeadm-config`, just change `featureGates:
</tr>
<tr>
<td>GET /swagger.json</td>
<td>GET /openapi/v2
<td>GET /openapi/v2
Accept: application/json</td>
</tr>
<tr>
<td>GET /swagger-2.0.0.pb-v1</td>
<td>GET /openapi/v2
<td>GET /openapi/v2
Accept: application/com.github.proto-openapi.spec.v2@v1.0+protobuf</td>
</tr>
<tr>
<td>GET /swagger-2.0.0.pb-v1.gz</td>
<td>GET /openapi/v2
<td>GET /openapi/v2
Accept: application/com.github.proto-openapi.spec.v2@v1.0+protobuf Accept-Encoding: gzip</td>
</tr>
</table>
@ -1535,7 +1598,7 @@ kubernetesVersion: v1.9.1
noTaintMaster: true
```
And point to the file using the --config flag, as in
And point to the file using the --config flag, as in
`kubeadm init --config /etc/kubeadm/kubeadm.yaml`
@ -2175,13 +2238,13 @@ parameters:
* Updates kube-dns to v1.14.8 ([#57918](https://github.com/kubernetes/kubernetes/pull/57918), [@rramkumar1](https://github.com/rramkumar1))
* Influxdb is unchanged from v1.9: v1.3.3 ([#53319](https://github.com/kubernetes/kubernetes/pull/53319))
* Grafana is unchanged from v1.9: v4.4.3 ([#53319](https://github.com/kubernetes/kubernetes/pull/53319))
* CAdvisor is v0.29.1 ([#60867](https://github.com/kubernetes/kubernetes/pull/60867))
* fluentd-gcp-scaler is v0.3.0 ([#61269](https://github.com/kubernetes/kubernetes/pull/61269))
* CAdvisor is v0.29.1 ([#60867](https://github.com/kubernetes/kubernetes/pull/60867))
* fluentd-gcp-scaler is v0.3.0 ([#61269](https://github.com/kubernetes/kubernetes/pull/61269))
* Updated fluentd in fluentd-es-image to fluentd v1.1.0 ([#58525](https://github.com/kubernetes/kubernetes/pull/58525), [@monotek](https://github.com/monotek))
* fluentd-elasticsearch is v2.0.4 ([#58525](https://github.com/kubernetes/kubernetes/pull/58525))
* fluentd-elasticsearch is v2.0.4 ([#58525](https://github.com/kubernetes/kubernetes/pull/58525))
* Updated fluentd-gcp to v3.0.0. ([#60722](https://github.com/kubernetes/kubernetes/pull/60722))
* Ingress glbc is v1.0.0 ([#61302](https://github.com/kubernetes/kubernetes/pull/61302))
* OIDC authentication is coreos/go-oidc v2 ([#58544](https://github.com/kubernetes/kubernetes/pull/58544))
* Ingress glbc is v1.0.0 ([#61302](https://github.com/kubernetes/kubernetes/pull/61302))
* OIDC authentication is coreos/go-oidc v2 ([#58544](https://github.com/kubernetes/kubernetes/pull/58544))
* Updated fluentd-gcp updated to v2.0.11. ([#56927](https://github.com/kubernetes/kubernetes/pull/56927), [@x13n](https://github.com/x13n))
* Calico has been updated to v2.6.7 ([#59130](https://github.com/kubernetes/kubernetes/pull/59130), [@caseydavenport](https://github.com/caseydavenport))
@ -2243,8 +2306,8 @@ filename | sha256 hash
* Fix bug allowing garbage collector to enter a broken state that could only be fixed by restarting the controller-manager. ([#61201](https://github.com/kubernetes/kubernetes/pull/61201), [@jennybuckley](https://github.com/jennybuckley))
* When `TaintNodesByCondition` enabled, added `node.kubernetes.io/unschedulable:NoSchedule` ([#61161](https://github.com/kubernetes/kubernetes/pull/61161), [@k82cn](https://github.com/k82cn))
* taint to the node if `spec.Unschedulable` is true.
* When `ScheduleDaemonSetPods` enabled, `node.kubernetes.io/unschedulable:NoSchedule`
* toleration is added automatically to DaemonSet Pods; so the `unschedulable` field of
* When `ScheduleDaemonSetPods` enabled, `node.kubernetes.io/unschedulable:NoSchedule`
* toleration is added automatically to DaemonSet Pods; so the `unschedulable` field of
* a node is not respected by the DaemonSet controller.
* Fixed kube-proxy to work correctly with iptables 1.6.2 and later. ([#60978](https://github.com/kubernetes/kubernetes/pull/60978), [@danwinship](https://github.com/danwinship))
* Audit logging with buffering enabled can increase apiserver memory usage (e.g. up to 200MB in 100-node cluster). The increase is bounded by the buffer size (configurable). Ref: issue [#60500](https://github.com/kubernetes/kubernetes/pull/60500) ([#61118](https://github.com/kubernetes/kubernetes/pull/61118), [@shyamjvs](https://github.com/shyamjvs))

182
CHANGELOG-1.11.md
View File

@ -1,61 +1,68 @@
<!-- BEGIN MUNGE: GENERATED_TOC -->
- [v1.11.7](#v1117)
- [Downloads for v1.11.7](#downloads-for-v1117)
- [v1.11.8](#v1118)
- [Downloads for v1.11.8](#downloads-for-v1118)
- [Client Binaries](#client-binaries)
- [Server Binaries](#server-binaries)
- [Node Binaries](#node-binaries)
- [Changelog since v1.11.6](#changelog-since-v1116)
- [Changelog since v1.11.7](#changelog-since-v1117)
- [Other notable changes](#other-notable-changes)
- [v1.11.6](#v1116)
- [Downloads for v1.11.6](#downloads-for-v1116)
- [v1.11.7](#v1117)
- [Downloads for v1.11.7](#downloads-for-v1117)
- [Client Binaries](#client-binaries-1)
- [Server Binaries](#server-binaries-1)
- [Node Binaries](#node-binaries-1)
- [Changelog since v1.11.5](#changelog-since-v1115)
- [Changelog since v1.11.6](#changelog-since-v1116)
- [Other notable changes](#other-notable-changes-1)
- [v1.11.5](#v1115)
- [Downloads for v1.11.5](#downloads-for-v1115)
- [v1.11.6](#v1116)
- [Downloads for v1.11.6](#downloads-for-v1116)
- [Client Binaries](#client-binaries-2)
- [Server Binaries](#server-binaries-2)
- [Node Binaries](#node-binaries-2)
- [Changelog since v1.11.4](#changelog-since-v1114)
- [Changelog since v1.11.5](#changelog-since-v1115)
- [Other notable changes](#other-notable-changes-2)
- [v1.11.4](#v1114)
- [Downloads for v1.11.4](#downloads-for-v1114)
- [v1.11.5](#v1115)
- [Downloads for v1.11.5](#downloads-for-v1115)
- [Client Binaries](#client-binaries-3)
- [Server Binaries](#server-binaries-3)
- [Node Binaries](#node-binaries-3)
- [Changelog since v1.11.3](#changelog-since-v1113)
- [Changelog since v1.11.4](#changelog-since-v1114)
- [Other notable changes](#other-notable-changes-3)
- [v1.11.3](#v1113)
- [Downloads for v1.11.3](#downloads-for-v1113)
- [v1.11.4](#v1114)
- [Downloads for v1.11.4](#downloads-for-v1114)
- [Client Binaries](#client-binaries-4)
- [Server Binaries](#server-binaries-4)
- [Node Binaries](#node-binaries-4)
- [Changelog since v1.11.2](#changelog-since-v1112)
- [Action Required](#action-required)
- [Changelog since v1.11.3](#changelog-since-v1113)
- [Other notable changes](#other-notable-changes-4)
- [v1.11.2](#v1112)
- [Downloads for v1.11.2](#downloads-for-v1112)
- [v1.11.3](#v1113)
- [Downloads for v1.11.3](#downloads-for-v1113)
- [Client Binaries](#client-binaries-5)
- [Server Binaries](#server-binaries-5)
- [Node Binaries](#node-binaries-5)
- [Changelog since v1.11.1](#changelog-since-v1111)
- [Action Required](#action-required-1)
- [Changelog since v1.11.2](#changelog-since-v1112)
- [Action Required](#action-required)
- [Other notable changes](#other-notable-changes-5)
- [v1.11.1](#v1111)
- [Downloads for v1.11.1](#downloads-for-v1111)
- [v1.11.2](#v1112)
- [Downloads for v1.11.2](#downloads-for-v1112)
- [Client Binaries](#client-binaries-6)
- [Server Binaries](#server-binaries-6)
- [Node Binaries](#node-binaries-6)
- [Changelog since v1.11.0](#changelog-since-v1110)
- [Action Required](#action-required-2)
- [Changelog since v1.11.1](#changelog-since-v1111)
- [Action Required](#action-required-1)
- [Other notable changes](#other-notable-changes-6)
- [v1.11.0](#v1110)
- [Downloads for v1.11.0](#downloads-for-v1110)
- [v1.11.1](#v1111)
- [Downloads for v1.11.1](#downloads-for-v1111)
- [Client Binaries](#client-binaries-7)
- [Server Binaries](#server-binaries-7)
- [Node Binaries](#node-binaries-7)
- [Changelog since v1.11.0](#changelog-since-v1110)
- [Action Required](#action-required-2)
- [Other notable changes](#other-notable-changes-7)
- [v1.11.0](#v1110)
- [Downloads for v1.11.0](#downloads-for-v1110)
- [Client Binaries](#client-binaries-8)
- [Server Binaries](#server-binaries-8)
- [Node Binaries](#node-binaries-8)
- [Kubernetes 1.11 Release Notes](#kubernetes-111-release-notes)
- [Urgent Upgrade Notes](#urgent-upgrade-notes)
- [(No, really, you MUST do this before you upgrade)](#no-really-you-must-do-this-before-you-upgrade)
@ -78,7 +85,7 @@
- [Graduated to Stable/GA](#graduated-to-stablega)
- [Graduated to Beta](#graduated-to-beta)
- [New alpha features](#new-alpha-features)
- [Other Notable Changes](#other-notable-changes-7)
- [Other Notable Changes](#other-notable-changes-8)
- [SIG API Machinery](#sig-api-machinery-1)
- [SIG Apps](#sig-apps)
- [SIG Auth](#sig-auth-1)
@ -102,62 +109,129 @@
- [Non-user-facing changes](#non-user-facing-changes)
- [v1.11.0-rc.3](#v1110-rc3)
- [Downloads for v1.11.0-rc.3](#downloads-for-v1110-rc3)
- [Client Binaries](#client-binaries-8)
- [Server Binaries](#server-binaries-8)
- [Node Binaries](#node-binaries-8)
- [Changelog since v1.11.0-rc.2](#changelog-since-v1110-rc2)
- [Other notable changes](#other-notable-changes-8)
- [v1.11.0-rc.2](#v1110-rc2)
- [Downloads for v1.11.0-rc.2](#downloads-for-v1110-rc2)
- [Client Binaries](#client-binaries-9)
- [Server Binaries](#server-binaries-9)
- [Node Binaries](#node-binaries-9)
- [Changelog since v1.11.0-rc.1](#changelog-since-v1110-rc1)
- [Changelog since v1.11.0-rc.2](#changelog-since-v1110-rc2)
- [Other notable changes](#other-notable-changes-9)
- [v1.11.0-rc.1](#v1110-rc1)
- [Downloads for v1.11.0-rc.1](#downloads-for-v1110-rc1)
- [v1.11.0-rc.2](#v1110-rc2)
- [Downloads for v1.11.0-rc.2](#downloads-for-v1110-rc2)
- [Client Binaries](#client-binaries-10)
- [Server Binaries](#server-binaries-10)
- [Node Binaries](#node-binaries-10)
- [Changelog since v1.11.0-beta.2](#changelog-since-v1110-beta2)
- [Action Required](#action-required-3)
- [Changelog since v1.11.0-rc.1](#changelog-since-v1110-rc1)
- [Other notable changes](#other-notable-changes-10)
- [v1.11.0-beta.2](#v1110-beta2)
- [Downloads for v1.11.0-beta.2](#downloads-for-v1110-beta2)
- [v1.11.0-rc.1](#v1110-rc1)
- [Downloads for v1.11.0-rc.1](#downloads-for-v1110-rc1)
- [Client Binaries](#client-binaries-11)
- [Server Binaries](#server-binaries-11)
- [Node Binaries](#node-binaries-11)
- [Changelog since v1.11.0-beta.1](#changelog-since-v1110-beta1)
- [Action Required](#action-required-4)
- [Changelog since v1.11.0-beta.2](#changelog-since-v1110-beta2)
- [Action Required](#action-required-3)
- [Other notable changes](#other-notable-changes-11)
- [v1.11.0-beta.1](#v1110-beta1)
- [Downloads for v1.11.0-beta.1](#downloads-for-v1110-beta1)
- [v1.11.0-beta.2](#v1110-beta2)
- [Downloads for v1.11.0-beta.2](#downloads-for-v1110-beta2)
- [Client Binaries](#client-binaries-12)
- [Server Binaries](#server-binaries-12)
- [Node Binaries](#node-binaries-12)
- [Changelog since v1.11.0-alpha.2](#changelog-since-v1110-alpha2)
- [Action Required](#action-required-5)
- [Changelog since v1.11.0-beta.1](#changelog-since-v1110-beta1)
- [Action Required](#action-required-4)
- [Other notable changes](#other-notable-changes-12)
- [v1.11.0-alpha.2](#v1110-alpha2)
- [Downloads for v1.11.0-alpha.2](#downloads-for-v1110-alpha2)
- [v1.11.0-beta.1](#v1110-beta1)
- [Downloads for v1.11.0-beta.1](#downloads-for-v1110-beta1)
- [Client Binaries](#client-binaries-13)
- [Server Binaries](#server-binaries-13)
- [Node Binaries](#node-binaries-13)
- [Changelog since v1.11.0-alpha.1](#changelog-since-v1110-alpha1)
- [Changelog since v1.11.0-alpha.2](#changelog-since-v1110-alpha2)
- [Action Required](#action-required-5)
- [Other notable changes](#other-notable-changes-13)
- [v1.11.0-alpha.1](#v1110-alpha1)
- [Downloads for v1.11.0-alpha.1](#downloads-for-v1110-alpha1)
- [v1.11.0-alpha.2](#v1110-alpha2)
- [Downloads for v1.11.0-alpha.2](#downloads-for-v1110-alpha2)
- [Client Binaries](#client-binaries-14)
- [Server Binaries](#server-binaries-14)
- [Node Binaries](#node-binaries-14)
- [Changelog since v1.11.0-alpha.1](#changelog-since-v1110-alpha1)
- [Other notable changes](#other-notable-changes-14)
- [v1.11.0-alpha.1](#v1110-alpha1)
- [Downloads for v1.11.0-alpha.1](#downloads-for-v1110-alpha1)
- [Client Binaries](#client-binaries-15)
- [Server Binaries](#server-binaries-15)
- [Node Binaries](#node-binaries-15)
- [Changelog since v1.10.0](#changelog-since-v1100)
- [Action Required](#action-required-6)
- [Other notable changes](#other-notable-changes-14)
- [Other notable changes](#other-notable-changes-15)
<!-- END MUNGE: GENERATED_TOC -->
<!-- NEW RELEASE NOTES ENTRY -->
# v1.11.8
[Documentation](https://docs.k8s.io)
## Downloads for v1.11.8
filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes.tar.gz) | `65ef9150911023033efd486148d6827a9531ef29e2bd5ec0d6269b1e1d5bd1e0497a31a1675c39f54695ba4b526b4619ebf6525b4aab07e10d368ca21c6aeeff`
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-src.tar.gz) | `bea4877aa38da12a3bf99200b02c51a9db8f4f0e58e1b28158fa816e1dc5de0a64edc3e93a2de24720c316a20964ff74754f6511379f1be7952a1cad711537a7`
### Client Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-client-darwin-386.tar.gz) | `002b24d8026be295df278d02f40261b07f6fecf413c794e95ce4501f313e9a5d7fd2098d051a6b5e57c653058bcd4060f1f73a6dfdcb43c9239bb912206a9042`
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-client-darwin-amd64.tar.gz) | `4120da867ed18d1fd5dedbf290c107a5769b767d18c42d4ef9f9e4ed0bd076635abc85e69ca0d5c3d65934266a9ce4869e597ce7152e673d6db689b8c492c208`
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-client-linux-386.tar.gz) | `e9b2053e3b09e895f9149bb94a432ba62a980ea26efddb9f8ab6cc5123db21044028f7072ca3e0180eecb58cb201c326a3d175039f9fbe83abeaf42aa87747be`
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-client-linux-amd64.tar.gz) | `95bc0c1d9b7eea56d5cc20c8f92a486adba379602b9cb6280670e4be458f7f723909fd27898f22500589b3c9c8a6c4bf50b6880d4aef7ab38a5c7dc80254c497`
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-client-linux-arm.tar.gz) | `1a92e09afb9c64be08b45e228c62a4fb69611d8d7d106adf57e8b82ce9774ac2cba4c94092166658b5601b85e784de66c191b854c7ff9dd29219616055477da6`
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-client-linux-arm64.tar.gz) | `a9a823bd51f7a27bd5158edea5fd4ae40f527e4028a8d3e2a2820862593f10e37f37f5bcc767a193e6669390e7e6e6b50c13a44c16805c1370ff99aaf1563444`
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-client-linux-ppc64le.tar.gz) | `8b351358175833a970e664e35ef24b14af6fbe5286983d781856ce6a7a3fdaacf2154fce1bc126dbb07db3118e7cecf5d05ac27e5decee2ad4c1332417ee33ec`
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-client-linux-s390x.tar.gz) | `c110b67a6b73e542af9f20991d4f9d6e80542555a6b7158b629cc1f3f69eff90708438834e3672633f1505f0e1a18e7107516258560cb24d601f846681b9310b`
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-client-windows-386.tar.gz) | `0b5db213b847f49cfd934fa55ee30b1dd6c375d5dd3e6d4e2cfef9742b01afaa4f33ad634d56ef76ea7d0e4a017335c5e3a7221db9f9698d1a6ad8833af81356`
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-client-windows-amd64.tar.gz) | `c842c77215e1d0cf6e7ad8c780488a5085984cbdf0aef46e37709544577b08859daff417db8bec8f130079835ddc2ac521b5418bbe88bd43dd3e5bc04d330402`
### Server Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-server-linux-amd64.tar.gz) | `6a5a8764ac75067ea5f81cc8cca179b56d72a2feb870bd096a8cfba4cfcbce72ea38b69773ff888e5463ee7a5403fc123b4f2a4eeb0145017d533f43d60dd4fc`
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-server-linux-arm.tar.gz) | `e5cf04f368e6c5f455bbd2e584bec8774773ea03672697cd43605c96ad2d8915be78160339557568a8570b0331d5df8d892fe18637eda67b0763c113ad41f7ca`
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-server-linux-arm64.tar.gz) | `4accbd3ce3d1ed5cbe6003ba83ab881378a3fa9e01cebc9d58dc4f8fa10bdb99be469c577c04f3016e83ab9b433526bba17371f3b0b40a64402e905cb6349dbf`
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-server-linux-ppc64le.tar.gz) | `1004fc3bcb09876d002ae0c273736eca27e54861c3194b822fa6f01245b265dc862e3f611bcca6145f65a535355ac067d874787427122700c2db2b34b406aedc`
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-server-linux-s390x.tar.gz) | `c571688de79022ece009adcee44dd18e614b566f1fafa9c1b87174d57a48403e3d2e2600157199bb48aa611ffcd6d5f2f43620d9190c02ad6bfab86a87c6e3cf`
### Node Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-node-linux-amd64.tar.gz) | `224ddda592871d2842c4cea3fdab37e21ea57f355a991f3fcf821305bd72bef942f2fea23407d6555ff5877cf2f495dd97465e44ec3032fc0e39fc77c651792f`
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-node-linux-arm.tar.gz) | `989aa76291cd8e7c5ac49359b210059cbc7ebe6890cffde930c419fb87b498f9a6bc9cd6b8b746b3da10fc3447c76e0d86ea414dcc4fe9c9ce4f4184c7828a10`
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-node-linux-arm64.tar.gz) | `d5880c71de9991ea3415a7931aa82bf080945632bbb2af92cfda581e619390db7609b7241d4b194a2e4664f7ffe8a863089bc5b2464258de4ff0f8e8a8f77c32`
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-node-linux-ppc64le.tar.gz) | `a8f4362b2d00f298e3abbf056387b1c38673babbc02957f3b78b7b5c1ba59d246a0e6038ad08ffd310ad2a55c79717e97c74ceb4af4f5a6242037519ea19affa`
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-node-linux-s390x.tar.gz) | `07e39957e314cb2b343a736a5aded1c46a0dbe1980e48d87355ed794c33401d5ab50760081102d29ad75d2dbc798f6e47f88539580e87fc289a33c4488255f55`
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.11.8/kubernetes-node-windows-amd64.tar.gz) | `84b74af3042c301d94136e67fabb9296e72e4574e35bf9b163fb4ba66a6c60f37ff8c1de3b9b25a327d3b90ac50005873c39d03dcb9bade697969334ffd13a13`
## Changelog since v1.11.7
### Other notable changes
* fix smb remount issue on Windows ([#73661](https://github.com/kubernetes/kubernetes/pull/73661), [@andyzhangx](https://github.com/andyzhangx))
* kube-apiserver: a request body of a CREATE/UPDATE/PATCH/DELETE resource operation larger than 100 MB will return a 413 "request entity too large" error. ([#73805](https://github.com/kubernetes/kubernetes/pull/73805), [@caesarxuchao](https://github.com/caesarxuchao))
* Custom apiservers built with the latest apiserver library will have the 100MB limit on the body of resource requests as well. The limit can be altered via ServerRunOptions.MaxRequestBodyBytes.
* The body size limit does not apply to subresources like pods/proxy that proxy request content to another server.
* The apiserver, including both the kube-apiserver and apiservers built with the generic apiserver library, will now return 413 RequestEntityTooLarge error if a json patch contains more than 10,000 operations. ([#74000](https://github.com/kubernetes/kubernetes/pull/74000), [@caesarxuchao](https://github.com/caesarxuchao))
* Update Cluster Autoscaler to version 1.3.7. ([#74136](https://github.com/kubernetes/kubernetes/pull/74136), [@jkaniuk](https://github.com/jkaniuk))
* Fix watch to not send the same set of events multiple times causing watcher to go back in time ([#73845](https://github.com/kubernetes/kubernetes/pull/73845), [@wojtek-t](https://github.com/wojtek-t))
* fixes an error processing watch events when running skewed apiservers ([#73482](https://github.com/kubernetes/kubernetes/pull/73482), [@liggitt](https://github.com/liggitt))
* MAC Address filter has been fixed in vSphere Cloud Provider, it no longer ignores `00:1c:14` and `00:05:69` prefixes ([#73721](https://github.com/kubernetes/kubernetes/pull/73721), [@frapposelli](https://github.com/frapposelli))
* add goroutine to move unschedulable pods to activeq if they are not retried for more than 1 minute ([#72558](https://github.com/kubernetes/kubernetes/pull/72558), [@denkensk](https://github.com/denkensk))
* Scale max-inflight limits together with master VM sizes. ([#73268](https://github.com/kubernetes/kubernetes/pull/73268), [@wojtek-t](https://github.com/wojtek-t))
* Update to go1.10.8 ([#73379](https://github.com/kubernetes/kubernetes/pull/73379), [@cblecker](https://github.com/cblecker))
# v1.11.7
[Documentation](https://docs.k8s.io)
@ -452,7 +526,7 @@ filename | sha512 hash
* Get public IP for Azure vmss nodes. ([#68498](https://github.com/kubernetes/kubernetes/pull/68498), [@feiskyer](https://github.com/feiskyer))
* Role, ClusterRole and their bindings for cloud-provider is put under system namespace. Their addonmanager mode switches to EnsureExists. ([#67224](https://github.com/kubernetes/kubernetes/pull/67224), [@grayluck](https://github.com/grayluck))
* Bump up version number of debian-base, debian-hyperkube-base and debian-iptables. ([#67026](https://github.com/kubernetes/kubernetes/pull/67026), [@satyasm](https://github.com/satyasm))
* Also updates dependencies of users of debian-base.
* Also updates dependencies of users of debian-base.
* debian-base version 0.3.1 is already available.
* Update debian-iptables and hyperkube-base images to include CVE fixes. ([#67365](https://github.com/kubernetes/kubernetes/pull/67365), [@ixdy](https://github.com/ixdy))
* Support configuring the Azure load balancer idle connection timeout for services ([#66045](https://github.com/kubernetes/kubernetes/pull/66045), [@cpuguy83](https://github.com/cpuguy83))

182
CHANGELOG-1.12.md
View File

@ -1,45 +1,52 @@
<!-- BEGIN MUNGE: GENERATED_TOC -->
- [v1.12.5](#v1125)
- [Downloads for v1.12.5](#downloads-for-v1125)
- [v1.12.6](#v1126)
- [Downloads for v1.12.6](#downloads-for-v1126)
- [Client Binaries](#client-binaries)
- [Server Binaries](#server-binaries)
- [Node Binaries](#node-binaries)
- [Changelog since v1.12.4](#changelog-since-v1124)
- [Changelog since v1.12.5](#changelog-since-v1125)
- [Other notable changes](#other-notable-changes)
- [v1.12.4](#v1124)
- [Downloads for v1.12.4](#downloads-for-v1124)
- [v1.12.5](#v1125)
- [Downloads for v1.12.5](#downloads-for-v1125)
- [Client Binaries](#client-binaries-1)
- [Server Binaries](#server-binaries-1)
- [Node Binaries](#node-binaries-1)
- [Changelog since v1.12.3](#changelog-since-v1123)
- [Action Required](#action-required)
- [Changelog since v1.12.4](#changelog-since-v1124)
- [Other notable changes](#other-notable-changes-1)
- [v1.12.3](#v1123)
- [Downloads for v1.12.3](#downloads-for-v1123)
- [v1.12.4](#v1124)
- [Downloads for v1.12.4](#downloads-for-v1124)
- [Client Binaries](#client-binaries-2)
- [Server Binaries](#server-binaries-2)
- [Node Binaries](#node-binaries-2)
- [Changelog since v1.12.2](#changelog-since-v1122)
- [Changelog since v1.12.3](#changelog-since-v1123)
- [Action Required](#action-required)
- [Other notable changes](#other-notable-changes-2)
- [v1.12.2](#v1122)
- [Downloads for v1.12.2](#downloads-for-v1122)
- [v1.12.3](#v1123)
- [Downloads for v1.12.3](#downloads-for-v1123)
- [Client Binaries](#client-binaries-3)
- [Server Binaries](#server-binaries-3)
- [Node Binaries](#node-binaries-3)
- [Changelog since v1.12.1](#changelog-since-v1121)
- [Changelog since v1.12.2](#changelog-since-v1122)
- [Other notable changes](#other-notable-changes-3)
- [v1.12.1](#v1121)
- [Downloads for v1.12.1](#downloads-for-v1121)
- [v1.12.2](#v1122)
- [Downloads for v1.12.2](#downloads-for-v1122)
- [Client Binaries](#client-binaries-4)
- [Server Binaries](#server-binaries-4)
- [Node Binaries](#node-binaries-4)
- [Changelog since v1.12.0](#changelog-since-v1120)
- [Changelog since v1.12.1](#changelog-since-v1121)
- [Other notable changes](#other-notable-changes-4)
- [v1.12.0](#v1120)
- [Downloads for v1.12.0](#downloads-for-v1120)
- [v1.12.1](#v1121)
- [Downloads for v1.12.1](#downloads-for-v1121)
- [Client Binaries](#client-binaries-5)
- [Server Binaries](#server-binaries-5)
- [Node Binaries](#node-binaries-5)
- [Changelog since v1.12.0](#changelog-since-v1120)
- [Other notable changes](#other-notable-changes-5)
- [v1.12.0](#v1120)
- [Downloads for v1.12.0](#downloads-for-v1120)
- [Client Binaries](#client-binaries-6)
- [Server Binaries](#server-binaries-6)
- [Node Binaries](#node-binaries-6)
- [Known Issues](#known-issues)
- [Major Themes](#major-themes)
- [SIG API Machinery](#sig-api-machinery)
@ -61,7 +68,7 @@
- [Deprecations and removals](#deprecations-and-removals)
- [New Features](#new-features)
- [API Changes](#api-changes)
- [Other Notable Changes](#other-notable-changes-5)
- [Other Notable Changes](#other-notable-changes-6)
- [SIG API Machinery](#sig-api-machinery-1)
- [SIG Apps](#sig-apps)
- [SIG Auth](#sig-auth)
@ -80,54 +87,127 @@
- [SIG Storage](#sig-storage-1)
- [SIG VMWare](#sig-vmware-1)
- [SIG Windows](#sig-windows-1)
- [Other Notable Changes](#other-notable-changes-6)
- [Other Notable Changes](#other-notable-changes-7)
- [Bug Fixes](#bug-fixes)
- [Not Very Notable (that is, non-user-facing)](#not-very-notable-that-is-non-user-facing)
- [External Dependencies](#external-dependencies)
- [v1.12.0-rc.2](#v1120-rc2)
- [Downloads for v1.12.0-rc.2](#downloads-for-v1120-rc2)
- [Client Binaries](#client-binaries-6)
- [Server Binaries](#server-binaries-6)
- [Node Binaries](#node-binaries-6)
- [Changelog since v1.12.0-rc.1](#changelog-since-v1120-rc1)
- [Other notable changes](#other-notable-changes-7)
- [v1.12.0-rc.1](#v1120-rc1)
- [Downloads for v1.12.0-rc.1](#downloads-for-v1120-rc1)
- [Client Binaries](#client-binaries-7)
- [Server Binaries](#server-binaries-7)
- [Node Binaries](#node-binaries-7)
- [Changelog since v1.12.0-beta.2](#changelog-since-v1120-beta2)
- [Action Required](#action-required-2)
- [Changelog since v1.12.0-rc.1](#changelog-since-v1120-rc1)
- [Other notable changes](#other-notable-changes-8)
- [v1.12.0-beta.2](#v1120-beta2)
- [Downloads for v1.12.0-beta.2](#downloads-for-v1120-beta2)
- [v1.12.0-rc.1](#v1120-rc1)
- [Downloads for v1.12.0-rc.1](#downloads-for-v1120-rc1)
- [Client Binaries](#client-binaries-8)
- [Server Binaries](#server-binaries-8)
- [Node Binaries](#node-binaries-8)
- [Changelog since v1.12.0-beta.1](#changelog-since-v1120-beta1)
- [Action Required](#action-required-3)
- [Changelog since v1.12.0-beta.2](#changelog-since-v1120-beta2)
- [Action Required](#action-required-2)
- [Other notable changes](#other-notable-changes-9)
- [v1.12.0-beta.1](#v1120-beta1)
- [Downloads for v1.12.0-beta.1](#downloads-for-v1120-beta1)
- [v1.12.0-beta.2](#v1120-beta2)
- [Downloads for v1.12.0-beta.2](#downloads-for-v1120-beta2)
- [Client Binaries](#client-binaries-9)
- [Server Binaries](#server-binaries-9)
- [Node Binaries](#node-binaries-9)
- [Changelog since v1.12.0-alpha.1](#changelog-since-v1120-alpha1)
- [Action Required](#action-required-4)
- [Changelog since v1.12.0-beta.1](#changelog-since-v1120-beta1)
- [Action Required](#action-required-3)
- [Other notable changes](#other-notable-changes-10)
- [v1.12.0-alpha.1](#v1120-alpha1)
- [Downloads for v1.12.0-alpha.1](#downloads-for-v1120-alpha1)
- [v1.12.0-beta.1](#v1120-beta1)
- [Downloads for v1.12.0-beta.1](#downloads-for-v1120-beta1)
- [Client Binaries](#client-binaries-10)
- [Server Binaries](#server-binaries-10)
- [Node Binaries](#node-binaries-10)
- [Changelog since v1.12.0-alpha.1](#changelog-since-v1120-alpha1)
- [Action Required](#action-required-4)
- [Other notable changes](#other-notable-changes-11)
- [v1.12.0-alpha.1](#v1120-alpha1)
- [Downloads for v1.12.0-alpha.1](#downloads-for-v1120-alpha1)
- [Client Binaries](#client-binaries-11)
- [Server Binaries](#server-binaries-11)
- [Node Binaries](#node-binaries-11)
- [Changelog since v1.11.0](#changelog-since-v1110)
- [Action Required](#action-required-5)
- [Other notable changes](#other-notable-changes-11)
- [Other notable changes](#other-notable-changes-12)
<!-- END MUNGE: GENERATED_TOC -->
<!-- NEW RELEASE NOTES ENTRY -->
# v1.12.6
[Documentation](https://docs.k8s.io)
## Downloads for v1.12.6
filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes.tar.gz) | `22868d7e1e381944e005ff28de4de2a5bf85047dc724a2e59ee5bf9adf11519c0f619f18523bb317474791514d3d5530ce65268cd3bafb8bd3427f10f31f6875`
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-src.tar.gz) | `a694b53e13d7d559750ca6e4a3274591b30dabe9f5735e60a46e37540fde44d2c965489e52c6dabbf1ad316bb334da6dd2170c5cbf7a0e4cf4fc936368b13a61`
### Client Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-client-darwin-386.tar.gz) | `d6ff2bf02a67e081f1813d63ca32d2891d9acc280d5874de16c262a6eca94e4dadddad08330cb3b87d1241b8abddc279126fbc3eb5fffe75de4afca8e2f27e59`
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-client-darwin-amd64.tar.gz) | `87048a989ce273199059d726a61ca67e09521b696e535db983c65847673c7000e32618e8a1b46d2e008dece9cd79bee3e27536ac86b6d2b9c5f8e5df93b0f9ac`
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-client-linux-386.tar.gz) | `485c642f9b73fc1ccff7b33f764e13cb85a12c3f0e0ab6c90ac38ad265d13bf45f02615c8649ca5820798c32640f4129a79e80e2b3a78085897fbdc4926b8a33`
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-client-linux-amd64.tar.gz) | `230946db5a8b2dd835b61119c6527206c6387ed776d55b6ddd4a67953bc99f0ad11b80a40f1d4393a581dbc4639a440553a7e569c6377891d6e0ed4b1848b538`
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-client-linux-arm.tar.gz) | `791e9d1c21333f626241a0975d5dd88a989e8d7498f48906616f43f9a566af8230e3a82565972c7eb20e4a7747402d4cf62aab54a674886e454320708aff4324`
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-client-linux-arm64.tar.gz) | `05e7c47d64a9d2bd249c9f5059b9d1fafd30e6233f14dba0313faa01a765cb5e3d5abc095affae7b638f6d6d9bb5166020b394b6bf3af4cbb1dc5bf10244f6ee`
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-client-linux-ppc64le.tar.gz) | `e2ad0edc976a6a276c736885662caae427f7cef11ccd7a0c923240d4d659b13f968644f3df6c9c343039c1128703644911cd6de2786be83378d4c825ec823abf`
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-client-linux-s390x.tar.gz) | `5f1dbe3b4ddb956b287cda6e9d61f90e0f795ea8400d29fb3b9e5d0422f12d3a584db9319bbf70db3935ae943b0a2e676efb6f571ac9a385d9ee1fe03d51d2b9`
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-client-windows-386.tar.gz) | `9aae0dc316ae765b5b5c9d62ba82b9f36556bbe170574437f750c856d35232a36f6aa9575949f1a80bc4c11c659e556dd3acc0c152f7e9d551423af87afa6453`
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-client-windows-amd64.tar.gz) | `28787f5604287b3e00301c6d1c41f7f388fdff32f0b241f956f3f5b5ef56f06d40f62f3368229247121ad132368dcd9d626308230524b304bab4d3a2de4fc8ef`
### Server Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-server-linux-amd64.tar.gz) | `6854aa0a35a952f3906a62a532ca96394e927e96751a5796927afacccf5c9ebc01c19d5e69dfc80f790af6e9ec0fce2559ce6304ac71dda0c7869291da7f3e27`
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-server-linux-arm.tar.gz) | `d4b16aba17b704efe27e28c813c4577a046846794751032b740ed30975d648298ce886b2a2ca37d83ee280bf7cafe6c60a0cbb4690177f50297b6223e3cc6774`
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-server-linux-arm64.tar.gz) | `20b806b8360256d305ebf1187e024d555d9267f9081e83e47de179ccdb27d21e2f03d90dad92a598d3d1229b23d8f8599a90858c1408881a9d768c4ccc8246dc`
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-server-linux-ppc64le.tar.gz) | `5d4ac12377e3cc236d193566c1a35b3e5a7bc61f78475ba7151285cb920db09c888b33fab529f91bc620fa210554f52e69d14371c0cc1ab95b9ed817c3c56df5`
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-server-linux-s390x.tar.gz) | `83acc09af047d63ce33c84e9d29efddea49911b7f111f10be5b13d3f63ea72acf258553137b3ca06992a4b77afcee38b085dd6a6e8aa748ac033e9b57120f452`
### Node Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-node-linux-amd64.tar.gz) | `0d0bca352f912c5b1a928fc8bcfa79909c54c394a87df7ede3a5a549fed91129997e2266ecb11c2f405d162a9d1e468f8b8ddef73c79aaa3f2ee911aa02c1782`
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-node-linux-arm.tar.gz) | `be7d4db5155579f06592a93c567b9973016a548140a4754e0358c4b052410bcc34d64097b2926ba7edd3faf720b4785b169b68af666978b1b32946f8474c55f4`
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-node-linux-arm64.tar.gz) | `1834a69e0c45029d9ce5e1e489c3b414b89239c3c891a9ef678aeabe634d4d2bdea5e756a0fa199391a8bd3e620ae9100eb6e6003a76b1f7eeb24498bfaf7b1c`
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-node-linux-ppc64le.tar.gz) | `3bd9a5ebe63b91a6bb17f14ef5a65f30d9d386f3bb7b64c5ea1d9a25d4df41e07e3494d8bf7c6f36f11df10f838302b83be01e2fe1de36c3876a4443da6aaf1d`
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-node-linux-s390x.tar.gz) | `900f8ce043f524a5be6db9fe2d1726df4679519732d5b70a247d28e76c91df3f1100f92d8fbfdd89094a1fe79dc28645625aba0378bc88781f96dc8baf9a9396`
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.12.6/kubernetes-node-windows-amd64.tar.gz) | `1426234cd069c0cd51dea51fb1de5f1069c5defbc92cb68eebe6781095b2393477c4f85297f7c2361a4eab6a64e0d0281f3fabeafc764d1e90225c225f3e210c`
## Changelog since v1.12.5
### Other notable changes
* kubeadm: fixed nil pointer dereference caused by a bug in url parsing ([#74454](https://github.com/kubernetes/kubernetes/pull/74454), [@bart0sh](https://github.com/bart0sh))
* kube-apiserver: a request body of a CREATE/UPDATE/PATCH/DELETE resource operation larger than 100 MB will return a 413 "request entity too large" error. ([#73805](https://github.com/kubernetes/kubernetes/pull/73805), [@caesarxuchao](https://github.com/caesarxuchao))
* Custom apiservers built with the latest apiserver library will have the 100MB limit on the body of resource requests as well. The limit can be altered via ServerRunOptions.MaxRequestBodyBytes.
* The body size limit does not apply to subresources like pods/proxy that proxy request content to another server.
* The apiserver, including both the kube-apiserver and apiservers built with the generic apiserver library, will now return 413 RequestEntityTooLarge error if a json patch contains more than 10,000 operations. ([#74000](https://github.com/kubernetes/kubernetes/pull/74000), [@caesarxuchao](https://github.com/caesarxuchao))
* fix smb remount issue on Windows ([#73661](https://github.com/kubernetes/kubernetes/pull/73661), [@andyzhangx](https://github.com/andyzhangx))
* Add `metrics-port` to kube-proxy cmd flags. ([#72682](https://github.com/kubernetes/kubernetes/pull/72682), [@whypro](https://github.com/whypro))
* Adds deleting pods created by DaemonSet assigned to not existing nodes. ([#73401](https://github.com/kubernetes/kubernetes/pull/73401), [@krzysztof-jastrzebski](https://github.com/krzysztof-jastrzebski))
* Fix watch to not send the same set of events multiple times causing watcher to go back in time ([#73845](https://github.com/kubernetes/kubernetes/pull/73845), [@wojtek-t](https://github.com/wojtek-t))
* MAC Address filter has been fixed in vSphere Cloud Provider, it no longer ignores `00:1c:14` and `00:05:69` prefixes ([#73721](https://github.com/kubernetes/kubernetes/pull/73721), [@frapposelli](https://github.com/frapposelli))
* fixes an error processing watch events when running skewed apiservers ([#73482](https://github.com/kubernetes/kubernetes/pull/73482), [@liggitt](https://github.com/liggitt))
* add goroutine to move unschedulable pods to activeq if they are not retried for more than 1 minute ([#72558](https://github.com/kubernetes/kubernetes/pull/72558), [@denkensk](https://github.com/denkensk))
* scheduler: use incremental scheduling cycle in PriorityQueue to put all in-flight unschedulable pods back to active queue if we received move request ([#73309](https://github.com/kubernetes/kubernetes/pull/73309), [@cofyc](https://github.com/cofyc))
* A new `TaintNodesByCondition` admission plugin taints newly created Node objects as "not ready", to fix a race condition that could cause pods to be scheduled on new nodes before their taints were updated to accurately reflect their reported conditions. This admission plugin is enabled by default if the `TaintNodesByCondition` feature is enabled. ([#73097](https://github.com/kubernetes/kubernetes/pull/73097), [@bsalamat](https://github.com/bsalamat))
* Scale max-inflight limits together with master VM sizes. ([#73268](https://github.com/kubernetes/kubernetes/pull/73268), [@wojtek-t](https://github.com/wojtek-t))
* Update to go1.10.8 ([#73329](https://github.com/kubernetes/kubernetes/pull/73329), [@ixdy](https://github.com/ixdy))
* Allow for watching objects larger than 1MB given etcd accepts objects of size up to 1.5MB ([#72053](https://github.com/kubernetes/kubernetes/pull/72053), [@wojtek-t](https://github.com/wojtek-t))
* Improve efficiency of preemption logic in clusters with many pending pods. ([#72895](https://github.com/kubernetes/kubernetes/pull/72895), [@bsalamat](https://github.com/bsalamat))
# v1.12.5
[Documentation](https://docs.k8s.io)
@ -582,7 +662,7 @@ Sig Azure was focused on two primary new alpha features:
Besides the above new features, support for Azure Virtual Machine Scale Sets (VMSS) and Cluster-Autoscaler is now stable and considered GA:
- Azure virtual machine scale sets (VMSS) allow you to create and manage identical load balanced VMs that automatically increase or decrease based on demand or a set schedule.
- With this new stable feature, Kubernetes supports the scaling of containerized applications with Azure VMSS, including the ability to integrate it with cluster-autoscaler to automatically adjust the size of the Kubernetes clusters based on the same conditions.
- With this new stable feature, Kubernetes supports the scaling of containerized applications with Azure VMSS, including the ability to integrate it with cluster-autoscaler to automatically adjust the size of the Kubernetes clusters based on the same conditions.
### SIG-cli
@ -593,11 +673,11 @@ SIG CLI focused on implementing the new plugin mechanism, providing a library wi
This is the first Kubernetes release for this SIG! In v1.12, SIG Cloud Provider focused on building the processes and infrastructure to better support existing and new cloud providers. Some of these initiatives (many of which are still in progress) are:
- Reporting E2E conformance test results to TestGrid from every cloud provider (in collaboration with SIG Testing & SIG Release)
- Defining minimum required documentation from each cloud provider which includes (in collaboration with SIG Docs):
- Defining minimum required documentation from each cloud provider which includes (in collaboration with SIG Docs):
- example manifests for the kube-apiserver, kube-controller-manager, kube-schedule, kubelet, and the cloud-controller-manager
- labels/annotations that are consumed by any cloud specific controllers
In addition to the above, SIG Cloud Provider has been focusing on a long running effort to remove cloud provider code from kubernetes/kubernetes.
In addition to the above, SIG Cloud Provider has been focusing on a long running effort to remove cloud provider code from kubernetes/kubernetes.
### SIG-cluster-lifecycle
@ -638,11 +718,11 @@ No feature work, but a large refactoring of metrics-server as well as a number o
### SIG-node
SIG-node graduated the PodShareProcessNamespace feature from alpha to beta. This feature allows a pod spec to request that all containers in a pod share a common process namespaces.
SIG-node graduated the PodShareProcessNamespace feature from alpha to beta. This feature allows a pod spec to request that all containers in a pod share a common process namespaces.
Two alpha features were also added in this release.
Two alpha features were also added in this release.
The RuntimeClass alpha feature enables a node to surface multiple runtime options to support a variety of workload types. Examples include native linux containers, and “sandboxed” containers that isolate the container from the host kernel.
The RuntimeClass alpha feature enables a node to surface multiple runtime options to support a variety of workload types. Examples include native linux containers, and “sandboxed” containers that isolate the container from the host kernel.
The CustomCFSQuotaPeriod alpha feature enables node administrators to change the default period used to enforce CFS quota on a node. This can improve performance for some workloads that experience latency while using CFS quota with the default measurement period. Finally, the SIG continues to focus on improving reliability by fixing bugs while working out design and implementation of future features.
@ -732,7 +812,7 @@ SIG Windows focused on stability and reliability of our existing feature set. We
- kubeadm: The `v1alpha1` config API has been removed. ([#65628](https://github.com/kubernetes/kubernetes/pull/65628), [@luxas](https://github.com/luxas)) Courtesy of SIG Cluster Lifecycle
- kube-apiserver: When using `--enable-admission-plugins` the `Priority` admission plugin is now enabled by default (matching changes in 1.11.1+). If using `--admission-control` to fully specify the set of admission plugins, it is now necessary to add the `Priority` admission plugin for the PodPriority feature to work properly. ([#65739](https://github.com/kubernetes/kubernetes/pull/65739), [@liggitt](https://github.com/liggitt)) Courtesy of SIG Scheduling
- The `system-node-critical` and `system-cluster-critical` priority classes are now limited to the `kube-system` namespace by the `PodPriority` admission plugin (matching changes in 1.11.1+). ([#65593](https://github.com/kubernetes/kubernetes/pull/65593), [@bsalamat](https://github.com/bsalamat)) Courtesy of SIG Scheduling
- kubeadm: Control plane images (etcd, kube-apiserver, kube-proxy, etc.) no longer use arch suffixes. Arch suffixes are kept for kube-dns only. ([#66960](https://github.com/kubernetes/kubernetes/pull/66960),
- kubeadm: Control plane images (etcd, kube-apiserver, kube-proxy, etc.) no longer use arch suffixes. Arch suffixes are kept for kube-dns only. ([#66960](https://github.com/kubernetes/kubernetes/pull/66960),
[@rosti](https://github.com/rosti)) Courtesy of SIG Cluster Lifecycle, SIG Release, and SIG Testing
- kubeadm - Feature-gates HighAvailability, SelfHosting, CertsInSecrets are now deprecated and can no longer be used for new clusters. Cluster updates using above feature-gates flag is not supported. ([#67786](https://github.com/kubernetes/kubernetes/pull/67786), [@fabriziopandini](https://github.com/fabriziopandini)) Courtesy of SIG Cluster Lifecycle
- 'KubeSchedulerConfiguration' which used to be under GroupVersion 'componentconfig/v1alpha1',
@ -798,7 +878,7 @@ is now under 'kubescheduler.config.k8s.io/v1alpha1'. ([#66916](https://github.c
- kubeadm now supports the phase command "alpha phase kubelet config annotate-cri". ([#68449](https://github.com/kubernetes/kubernetes/pull/68449), [@fabriziopandini](https://github.com/fabriziopandini))
- kubeadm: --cri-socket now defaults to tcp://localhost:2375 when running on Windows. ([#67447](https://github.com/kubernetes/kubernetes/pull/67447), [@benmoss](https://github.com/benmoss))
- kubeadm now includes a new EXPERIMENTAL `--rootfs`, which (if specified) causes kubeadm to chroot before performing any file operations. This is expected to be useful when setting up kubernetes on a different filesystem, such as invoking kubeadm from docker. ([#54935](https://github.com/kubernetes/kubernetes/pull/54935), [@anguslees](https://github.com/anguslees))
- The command line option --cri-socket-path of the kubeadm subcommand "kubeadm config images pull" has been renamed to --cri-socket to be consistent with the rest of kubeadm subcommands.
- The command line option --cri-socket-path of the kubeadm subcommand "kubeadm config images pull" has been renamed to --cri-socket to be consistent with the rest of kubeadm subcommands.
- kubeadm: The ControlPlaneEndpoint was moved from the API config struct to ClusterConfiguration ([#67830](https://github.com/kubernetes/kubernetes/pull/67830), [@fabriziopandini](https://github.com/fabriziopandini))
- kubeadm: InitConfiguration now consists of two structs: InitConfiguration and ClusterConfiguration ([#67441](https://github.com/kubernetes/kubernetes/pull/67441), [@rosti](https://github.com/rosti))
- The RuntimeClass API has been added. This feature is in alpha, and the RuntimeClass feature gate must be enabled in order to use it. The RuntimeClass API resource defines different classes of runtimes that may be used to run containers in the cluster. Pods can select a RuntimeClass to use via the RuntimeClassName field. ([#67737](https://github.com/kubernetes/kubernetes/pull/67737), [@tallclair](https://github.com/tallclair))
@ -845,7 +925,7 @@ is now under 'kubescheduler.config.k8s.io/v1alpha1'. ([#66916](https://github.c
### SIG Auth
- TokenRequest and TokenRequestProjection are now beta features. To enable these feature, the API server needs to be started with the `--service-account-issuer`, `--service-account-signing-key-file`, and `--service-account-api-audiences` flags.
- TokenRequest and TokenRequestProjection are now beta features. To enable these feature, the API server needs to be started with the `--service-account-issuer`, `--service-account-signing-key-file`, and `--service-account-api-audiences` flags.
([#67349](https://github.com/kubernetes/kubernetes/pull/67349), [@mikedanese](https://github.com/mikedanese))
- The admin RBAC role now aggregates edit and view. The edit RBAC role now aggregates view. ([#66684](https://github.com/kubernetes/kubernetes/pull/66684), [@deads2k](https://github.com/deads2k))
- UserInfo derived from service account tokens created from the TokenRequest API now include the pod name and UID in the Extra field. ([#61858](https://github.com/kubernetes/kubernetes/pull/61858), [@mikedanese](https://github.com/mikedanese))
@ -907,7 +987,7 @@ is now under 'kubescheduler.config.k8s.io/v1alpha1'. ([#66916](https://github.c
- kubeadm uses audit policy v1 instead of v1beta1 ([#67176](https://github.com/kubernetes/kubernetes/pull/67176), [@charrywanganthony](https://github.com/charrywanganthony))
- Kubeadm nodes will no longer be able to run with an empty or invalid hostname in /proc/sys/kernel/hostname ([#64815](https://github.com/kubernetes/kubernetes/pull/64815), [@dixudx](https://github.com/dixudx))
- kubeadm now can join the cluster with pre-existing client certificate if provided ([#66482](https://github.com/kubernetes/kubernetes/pull/66482), [@dixudx](https://github.com/dixudx))
([#66382](https://github.com/kubernetes/kubernetes/pull/66382), [@bart0sh](https://github.com/bart0sh))
([#66382](https://github.com/kubernetes/kubernetes/pull/66382), [@bart0sh](https://github.com/bart0sh))
- kubeadm will no longer hang indefinitely if there is no Internet connection and --kubernetes-version is not specified.([#65676](https://github.com/kubernetes/kubernetes/pull/65676), [@dkoshkin](https://github.com/dkoshkin))
- kubeadm: kube-proxy will now run on all nodes, and not just master nodes.([#65931](https://github.com/kubernetes/kubernetes/pull/65931), [@neolit123](https://github.com/neolit123))
- kubeadm now uses separate YAML documents for the kubelet and kube-proxy ComponentConfigs. ([#65787](https://github.com/kubernetes/kubernetes/pull/65787), [@luxas](https://github.com/luxas))
@ -1653,7 +1733,7 @@ filename | sha256 hash
* The PodShareProcessNamespace feature to configure PID namespace sharing within a pod has been promoted to beta. ([#66507](https://github.com/kubernetes/kubernetes/pull/66507), [@verb](https://github.com/verb))
* `kubectl create {clusterrole,role}`'s `--resources` flag supports asterisk to specify all resources. ([#62945](https://github.com/kubernetes/kubernetes/pull/62945), [@nak3](https://github.com/nak3))
* Bump up version number of debian-base, debian-hyperkube-base and debian-iptables. ([#67026](https://github.com/kubernetes/kubernetes/pull/67026), [@satyasm](https://github.com/satyasm))
* Also updates dependencies of users of debian-base.
* Also updates dependencies of users of debian-base.
* debian-base version 0.3.1 is already available.
* DynamicProvisioningScheduling and VolumeScheduling is now supported for Azure managed disks. Feature gates DynamicProvisioningScheduling and VolumeScheduling should be enabled before using this feature. ([#67121](https://github.com/kubernetes/kubernetes/pull/67121), [@feiskyer](https://github.com/feiskyer))
* kube-apiserver now includes all registered API groups in discovery, including registered extension API group/versions for unavailable extension API servers. ([#66932](https://github.com/kubernetes/kubernetes/pull/66932), [@nilebox](https://github.com/nilebox))

227
CHANGELOG-1.13.md
View File

@ -1,23 +1,37 @@
<!-- BEGIN MUNGE: GENERATED_TOC -->
- [v1.13.2](#v1132)
- [Downloads for v1.13.2](#downloads-for-v1132)
- [v1.13.4](#v1134)
- [Downloads for v1.13.4](#downloads-for-v1134)
- [Client Binaries](#client-binaries)
- [Server Binaries](#server-binaries)
- [Node Binaries](#node-binaries)
- [Changelog since v1.13.1](#changelog-since-v1131)
- [Changelog since v1.13.3](#changelog-since-v1133)
- [Other notable changes](#other-notable-changes)
- [v1.13.1](#v1131)
- [Downloads for v1.13.1](#downloads-for-v1131)
- [v1.13.3](#v1133)
- [Downloads for v1.13.3](#downloads-for-v1133)
- [Client Binaries](#client-binaries-1)
- [Server Binaries](#server-binaries-1)
- [Node Binaries](#node-binaries-1)
- [Changelog since v1.13.0](#changelog-since-v1130)
- [Changelog since v1.13.2](#changelog-since-v1132)
- [Other notable changes](#other-notable-changes-1)
- [v1.13.0](#v1130)
- [Downloads for v1.13.0](#downloads-for-v1130)
- [v1.13.2](#v1132)
- [Downloads for v1.13.2](#downloads-for-v1132)
- [Client Binaries](#client-binaries-2)
- [Server Binaries](#server-binaries-2)
- [Node Binaries](#node-binaries-2)
- [Changelog since v1.13.1](#changelog-since-v1131)
- [Other notable changes](#other-notable-changes-2)
- [v1.13.1](#v1131)
- [Downloads for v1.13.1](#downloads-for-v1131)
- [Client Binaries](#client-binaries-3)
- [Server Binaries](#server-binaries-3)
- [Node Binaries](#node-binaries-3)
- [Changelog since v1.13.0](#changelog-since-v1130)
- [Other notable changes](#other-notable-changes-3)
- [v1.13.0](#v1130)
- [Downloads for v1.13.0](#downloads-for-v1130)
- [Client Binaries](#client-binaries-4)
- [Server Binaries](#server-binaries-4)
- [Node Binaries](#node-binaries-4)
- [Kubernetes 1.13 Release Notes](#kubernetes-113-release-notes)
- [Security Content](#security-content)
- [Urgent Upgrade Notes](#urgent-upgrade-notes)
@ -66,60 +80,201 @@
- [External Dependencies](#external-dependencies)
- [v1.13.0-rc.2](#v1130-rc2)
- [Downloads for v1.13.0-rc.2](#downloads-for-v1130-rc2)
- [Client Binaries](#client-binaries-3)
- [Server Binaries](#server-binaries-3)
- [Node Binaries](#node-binaries-3)
- [Changelog since v1.13.0-rc.1](#changelog-since-v1130-rc1)
- [Other notable changes](#other-notable-changes-2)
- [v1.13.0-rc.1](#v1130-rc1)
- [Downloads for v1.13.0-rc.1](#downloads-for-v1130-rc1)
- [Client Binaries](#client-binaries-4)
- [Server Binaries](#server-binaries-4)
- [Node Binaries](#node-binaries-4)
- [Changelog since v1.13.0-beta.2](#changelog-since-v1130-beta2)
- [Other notable changes](#other-notable-changes-3)
- [v1.13.0-beta.2](#v1130-beta2)
- [Downloads for v1.13.0-beta.2](#downloads-for-v1130-beta2)
- [Client Binaries](#client-binaries-5)
- [Server Binaries](#server-binaries-5)
- [Node Binaries](#node-binaries-5)
- [Changelog since v1.13.0-beta.1](#changelog-since-v1130-beta1)
- [Changelog since v1.13.0-rc.1](#changelog-since-v1130-rc1)
- [Other notable changes](#other-notable-changes-4)
- [v1.13.0-beta.1](#v1130-beta1)
- [Downloads for v1.13.0-beta.1](#downloads-for-v1130-beta1)
- [v1.13.0-rc.1](#v1130-rc1)
- [Downloads for v1.13.0-rc.1](#downloads-for-v1130-rc1)
- [Client Binaries](#client-binaries-6)
- [Server Binaries](#server-binaries-6)
- [Node Binaries](#node-binaries-6)
- [Changelog since v1.13.0-alpha.3](#changelog-since-v1130-alpha3)
- [Action Required](#action-required)
- [Changelog since v1.13.0-beta.2](#changelog-since-v1130-beta2)
- [Other notable changes](#other-notable-changes-5)
- [v1.13.0-alpha.3](#v1130-alpha3)
- [Downloads for v1.13.0-alpha.3](#downloads-for-v1130-alpha3)
- [v1.13.0-beta.2](#v1130-beta2)
- [Downloads for v1.13.0-beta.2](#downloads-for-v1130-beta2)
- [Client Binaries](#client-binaries-7)
- [Server Binaries](#server-binaries-7)
- [Node Binaries](#node-binaries-7)
- [Changelog since v1.13.0-alpha.2](#changelog-since-v1130-alpha2)
- [Changelog since v1.13.0-beta.1](#changelog-since-v1130-beta1)
- [Other notable changes](#other-notable-changes-6)
- [v1.13.0-alpha.2](#v1130-alpha2)
- [Downloads for v1.13.0-alpha.2](#downloads-for-v1130-alpha2)
- [v1.13.0-beta.1](#v1130-beta1)
- [Downloads for v1.13.0-beta.1](#downloads-for-v1130-beta1)
- [Client Binaries](#client-binaries-8)
- [Server Binaries](#server-binaries-8)
- [Node Binaries](#node-binaries-8)
- [Changelog since v1.13.0-alpha.1](#changelog-since-v1130-alpha1)
- [Changelog since v1.13.0-alpha.3](#changelog-since-v1130-alpha3)
- [Action Required](#action-required)
- [Other notable changes](#other-notable-changes-7)
- [v1.13.0-alpha.1](#v1130-alpha1)
- [Downloads for v1.13.0-alpha.1](#downloads-for-v1130-alpha1)
- [v1.13.0-alpha.3](#v1130-alpha3)
- [Downloads for v1.13.0-alpha.3](#downloads-for-v1130-alpha3)
- [Client Binaries](#client-binaries-9)
- [Server Binaries](#server-binaries-9)
- [Node Binaries](#node-binaries-9)
- [Changelog since v1.13.0-alpha.2](#changelog-since-v1130-alpha2)
- [Other notable changes](#other-notable-changes-8)
- [v1.13.0-alpha.2](#v1130-alpha2)
- [Downloads for v1.13.0-alpha.2](#downloads-for-v1130-alpha2)
- [Client Binaries](#client-binaries-10)
- [Server Binaries](#server-binaries-10)
- [Node Binaries](#node-binaries-10)
- [Changelog since v1.13.0-alpha.1](#changelog-since-v1130-alpha1)
- [Other notable changes](#other-notable-changes-9)
- [v1.13.0-alpha.1](#v1130-alpha1)
- [Downloads for v1.13.0-alpha.1](#downloads-for-v1130-alpha1)
- [Client Binaries](#client-binaries-11)
- [Server Binaries](#server-binaries-11)
- [Node Binaries](#node-binaries-11)
- [Changelog since v1.12.0](#changelog-since-v1120)
- [Action Required](#action-required-1)
- [Other notable changes](#other-notable-changes-8)
- [Other notable changes](#other-notable-changes-10)
<!-- END MUNGE: GENERATED_TOC -->
<!-- NEW RELEASE NOTES ENTRY -->
# v1.13.4
[Documentation](https://docs.k8s.io)
## Downloads for v1.13.4
filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes.tar.gz) | `591cd3f4f479744a1d47544902817350321c63f8c37ad771d559e293bcdbc421e89d62663300a6739c667d34e1e24bb080dd73562dc29713381db079ba6e9223`
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-src.tar.gz) | `3f3b5318321b661b028da62798b2cb85ccc7d5bfa90605944bd8a626c86e7e77f54fdb7e340587528f41e240fcf2c35bb6808ada7a2f50a4a3b0c755bc18b28c`
### Client Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-client-darwin-386.tar.gz) | `78c604ac5c54beff498fffa398abcd6c91f6d6ee6ec7249b675f10a2fa5866e336a560b85275c408daf8bf250c5d2c8632d2e0a2592d98952fae70ae3586f4aa`
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-client-darwin-amd64.tar.gz) | `0678f0305608589b15dbc6a5dca00de99adfb296d881a33fb1745a1393b17a2e9f59becb3978e519465936796dd6692fd2fda63af84b09bca2db5628ebf74503`
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-client-linux-386.tar.gz) | `2c311839a0b843c9203d4b7a558f2c0cff3fa97c40ebcd3838cf592b764c9387d31c315e0ff39da32d73b4117e600cedf5177348e07beaa38a3faa98abee6c60`
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-client-linux-amd64.tar.gz) | `71f813f0d8461967e9a002a9d8842b3ac40ffcaa59979d84499aff1958b2ac78d7ac75b562cffd5a9d122f0ce758a2c53d5dd788e0412df57756323cc4366a56`
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-client-linux-arm.tar.gz) | `20c1779c51692b1bbcddc96dcb1f41868414d9585c53f62aa07ad0ca3ca4cf7a0e2414ee2095fb3a1096bf86bbe74bc8d323c7cd39ad1698a130bb15971c1daa`
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-client-linux-arm64.tar.gz) | `58dd72a04f31613572b58095279a91fa9c16e8a8c052b0ec3e3badea60cf8a2a33953e9d5b839d931070c040c6f8cd098abec46f192db7cb2fdea75c4b7de096`
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-client-linux-ppc64le.tar.gz) | `1e68cd52396cc554d6446575f5de4656fbe9965a432328fdd9ee317db232f875eda3925bcc2956543085560cbfff7231abc7434f52db446a21882cd0721a6edd`
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-client-linux-s390x.tar.gz) | `3fcba2802db6662392b4eaf2465753f88c6b5de2e4e264e2669ad196f6a984dd4ac0a41bf7f11d955e130e543e8a06bb068d654f9c3b1606db380d146a01592e`
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-client-windows-386.tar.gz) | `47c50b8a4bf9541096efba51e8034e4a9b796ff69221e5d0f5589bf921c186053c5f1617cd75913d8bbd288d394b0a3f38c7d789b9e45f4b7fb71b98488aa467`
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-client-windows-amd64.tar.gz) | `0572c7755a5190b2f687645a17d6b75e8544dc8b84c1dd09a396fc8dec0ec56be367098da903db1127eeeb8a60275338895d0e03fc15e3fecc94930a15846810`
### Server Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-server-linux-amd64.tar.gz) | `a36eff3dd5769df6af8a39c0b50268c6b324db5b7000fe4f6c9a5c83d87b971cf187abf1a38e9970602cb0c06373cfae35b41cc13ef8063824b5a92e74cf4740`
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-server-linux-arm.tar.gz) | `9564dc220de5210d8e690a5a84f46a7ca0d43fd6e1f5f68b49754ab6335e4bb9e0faf8490109ff28417233f0f668791acbe9cbc90f62eeb92310e1eda3143313`
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-server-linux-arm64.tar.gz) | `e9d345633188352caadd9356f3816cd66137721a32b28986bcb516fbd7b9d23dc0dd04223bf177619baf0e0eed6716a801fe51ea24ee6dd97c14f5d0f832f3f9`
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-server-linux-ppc64le.tar.gz) | `3062e04932d9386aeccf142734a0ebe2aca0614b4c57ddef735d7554e439d60927a1a64cbf53160ba0b7c8d115deec40da04efb109cfe8f7863daa6cdd547ef8`
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-server-linux-s390x.tar.gz) | `337cfb3894f818ca116630678e9b596f44506ce680670b416ee0edb2adae98be34110cbddd5faed5f7b672fd7771c315b12217e9a3858fc10c995fd8385d2b2d`
### Node Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-node-linux-amd64.tar.gz) | `1e5e40bb5650a4aef147d21c31af322d44959aa4d7869cda84ba1e2bdd5c983710c6fe50b19c998fb3376cd86eceb45b65cefdfe3d37218d342fe395c73f2f26`
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-node-linux-arm.tar.gz) | `c16b0adbf3296e886a0f0ec6ec36d5a18fb8ff62718bf59ac71ceb06985e73c5f33f0e2c9132faed75e54e8c1d5aa68020136c6167a962ee82269b994bd02b86`
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-node-linux-arm64.tar.gz) | `16cc2c021c0bb09d903ce027a0e8eee5884395ee4e16998969fee29ef87af4e32540e96e6dd90584a6a919b842b9f4e24582406701bc32fc7a770b586cfffd1c`
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-node-linux-ppc64le.tar.gz) | `0bbe3d990fa2aeccf4445980a4046b987d4b508db7d07e09cd6d2570f67d5a0620c11d2026afc142f2fb8cad82bb73267405c611e36c970c4a5dbe412625dd6b`
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-node-linux-s390x.tar.gz) | `0bd7e19efcb09eb0136292dee397cf2893068378e584d098c451e759ffc6b52c86e877f4da2ec61e78871b7ac4c8e5515ae5c963f5665c42315036211725cf27`
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.13.4/kubernetes-node-windows-amd64.tar.gz) | `1909c5b0cc63851f4b9dcbec871ad8e626f974eb86e3488a95eaf1f6736cf15cfd850904f44f2d278f8d6da21ba8251ec6607d61d4786caaf74707ece0cad44a`
## Changelog since v1.13.3
### Other notable changes
* fix get azure accounts timeout issue when there is no out-bound IP ([#74191](https://github.com/kubernetes/kubernetes/pull/74191), [@andyzhangx](https://github.com/andyzhangx))
* fix issue: fail to detach azure disk when there is server side error ([#74398](https://github.com/kubernetes/kubernetes/pull/74398), [@andyzhangx](https://github.com/andyzhangx))
* Fix keymutex issues which may crash in some platforms. ([#74386](https://github.com/kubernetes/kubernetes/pull/74386), [@danielqsj](https://github.com/danielqsj))
* fix parse devicePath issue on Azure Disk ([#74499](https://github.com/kubernetes/kubernetes/pull/74499), [@andyzhangx](https://github.com/andyzhangx))
* kubeadm: fixed nil pointer dereference caused by a bug in url parsing ([#74454](https://github.com/kubernetes/kubernetes/pull/74454), [@bart0sh](https://github.com/bart0sh))
* fix mixed protocol issue for azure load balancer ([#74200](https://github.com/kubernetes/kubernetes/pull/74200), [@andyzhangx](https://github.com/andyzhangx))
* fix smb remount issue on Windows ([#73661](https://github.com/kubernetes/kubernetes/pull/73661), [@andyzhangx](https://github.com/andyzhangx))
* remove stale OutOfDisk condition from kubelet side ([#72507](https://github.com/kubernetes/kubernetes/pull/72507), [@dixudx](https://github.com/dixudx))
* Adds deleting pods created by DaemonSet assigned to not existing nodes. ([#73401](https://github.com/kubernetes/kubernetes/pull/73401), [@krzysztof-jastrzebski](https://github.com/krzysztof-jastrzebski))
* scheduler: use incremental scheduling cycle in PriorityQueue to put all in-flight unschedulable pods back to active queue if we received move request ([#73309](https://github.com/kubernetes/kubernetes/pull/73309), [@cofyc](https://github.com/cofyc))
* Add `metrics-port` to kube-proxy cmd flags. ([#72682](https://github.com/kubernetes/kubernetes/pull/72682), [@whypro](https://github.com/whypro))
* kube-apiserver: a request body of a CREATE/UPDATE/PATCH/DELETE resource operation larger than 100 MB will return a 413 "request entity too large" error. ([#73805](https://github.com/kubernetes/kubernetes/pull/73805), [@caesarxuchao](https://github.com/caesarxuchao))
* Custom apiservers built with the latest apiserver library will have the 100MB limit on the body of resource requests as well. The limit can be altered via ServerRunOptions.MaxRequestBodyBytes.
* The body size limit does not apply to subresources like pods/proxy that proxy request content to another server.
* The apiserver, including both the kube-apiserver and apiservers built with the generic apiserver library, will now return 413 RequestEntityTooLarge error if a json patch contains more than 10,000 operations. ([#74000](https://github.com/kubernetes/kubernetes/pull/74000), [@caesarxuchao](https://github.com/caesarxuchao))
* Fix watch to not send the same set of events multiple times causing watcher to go back in time ([#73845](https://github.com/kubernetes/kubernetes/pull/73845), [@wojtek-t](https://github.com/wojtek-t))
* fixes an error processing watch events when running skewed apiservers ([#73482](https://github.com/kubernetes/kubernetes/pull/73482), [@liggitt](https://github.com/liggitt))
* MAC Address filter has been fixed in vSphere Cloud Provider, it no longer ignores `00:1c:14` and `00:05:69` prefixes ([#73721](https://github.com/kubernetes/kubernetes/pull/73721), [@frapposelli](https://github.com/frapposelli))
# v1.13.3
[Documentation](https://docs.k8s.io)
## Downloads for v1.13.3
filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes.tar.gz) | `151af896b72c7fd09c05da1a7685e8b2f167c717adbe5776f80a264171e5f3359a948af93642856e0bfbabb49d3bf9c274085eacf6109c4b972ba5bc9d24b8a7`
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-src.tar.gz) | `6b9afce63c970e62304767f4a3a58b6974608f7052ede634bffd3b8cc9562e8af56b26c66b8420fb748a0f9aa6336a90454cb57992c7e56c0ff85c37ddb02af8`
### Client Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-client-darwin-386.tar.gz) | `945329155f78bcab5f5c062bda17220d0fea427a1ee522cf17fe4f32fab295e9baa6d20f88531b198abe8218be5df7d9877bff36e209f5700bc1ee6e83436291`
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-client-darwin-amd64.tar.gz) | `3aabe9d26818abdbb66724cc047f8ad2e6fa45e48d62d05eb555ac62180fe941d688169c5b876986b7421922d6a8606fd2481b860c51fa73eec9284d88e9da0d`
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-client-linux-386.tar.gz) | `62e18f5d9551ab56c02fefc4a7e7b5f3ad169a2c11c5d3696742231fefe583d4e6c530907a65019f9bca94305df5900f558addbca7b2c7899c47d38f18992e4b`
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-client-linux-amd64.tar.gz) | `b326f6c1177c1176bea8ef404e3652cd64ceefb895f040a1364432e63a516a0a963eb65ce7f1fd294c7d39890f1b5e1989c36f4ac6d66dd98396055d754ef117`
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-client-linux-arm.tar.gz) | `669949d8eb3b12f1952c4f8f0289268d521cb2b58a2ef4551d7532114c82bcaa5269a42ac4094d7dbed5194761feb70cc17f0a3102abaf09328d2a58d3c6d437`
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-client-linux-arm64.tar.gz) | `efc677cc24279734f669faa056a11f61a5bf069ce07919ab8e007f4ed2f6083aa9b168de3adee50a56fd3503ba87ba94cd35f87d72f741ad0c202b3991428cb2`
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-client-linux-ppc64le.tar.gz) | `2b4fc4bdba12809d3cf0159cd1a8afb8404fad0b55c312c28e85d0064b4d1f7c322d1c322ac2f77f1cb7f6a83b7df65677cec4626b6f232fe6847a98f5386b14`
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-client-linux-s390x.tar.gz) | `aba33e8a2ab026ba687eb46c67e79caeee8c74fc959de167ba9d6f2929e6a5e18d29f05a2d70bf80ed66db4778aa752d815f08bb8fc199db3209cd92232bc950`
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-client-windows-386.tar.gz) | `295920b3797947308b37f5852cf136e47d900bca6d442495df97b88c02182eba2487f23519ea92af2d3f33b5a44c6bae204f73a4ad3bfbbaf5c2728b0ea8c639`
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-client-windows-amd64.tar.gz) | `9cc3b24e92a8b7c49cc6225876ef9513fbb50520da11eaf897f4bd864304350d20726af580dc1663a03839ab6a5d6a8669f4e2a550e03d5f888a83b68ea6b6c3`
### Server Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-server-linux-amd64.tar.gz) | `024847f8a370c4edb920a4621904540bf15c3afc0c688a134090ae8503a51296c83ebc402365f5a2be5aff01a8ca89910423874489dd2412608de0e38b455fb5`
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-server-linux-arm.tar.gz) | `5fc1f6b60102e8830c6946750d0115cf71cdf59ef9878add2fc0edfed7b3396d25f6e1918d51481403ba6694c322ab038e1fc02cfc2192acb57970ce5954a158`
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-server-linux-arm64.tar.gz) | `5cbd4ad922476262eae523c5dddaba9d4af3778b1dd731b7c3c538061d81f0a0913df872c9e34dbfdc5fd57ea5ce33cad1f6377d1a86e966e918af3c27a48fef`
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-server-linux-ppc64le.tar.gz) | `1dfd2365cca9fc828f3cedf61f8d74da108a8416bb9320e0ce071da61808125ad79724092d3345b95c0a9f4e1592e9e6514e4dd6e217274bc631f59208984348`
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-server-linux-s390x.tar.gz) | `cd096d1229c0e89595fe1353b7c095ba0cbbe72be701392672cbd7d73269c2dccf64a6234eee5d90aba5c7c0bed1c78bf49cd0acebe8a4a81bbef2c199d5458a`
### Node Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-node-linux-amd64.tar.gz) | `18245cfc11f3e0eaad4a331f5a73deee5029c747a6c8183184ccc243ff2df010492146ae40b5f8eee312898cfbf2bbaaa6498bcd130d6ff53482daebad2b442d`
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-node-linux-arm.tar.gz) | `52e3e5e6ab31df0be542ee6d4d9a4c2ef4cbbc9e28dc18a819d9f31283af11338bd75683d2722d04894f87e9d0ff14554e88b23d592997d83e3c73fc9ed96a89`
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-node-linux-arm64.tar.gz) | `de4e718e0d996a5e3d7093eb97aef703ec23a0af5bd2d7116a3825a7834a00cd3080fb94acca87786ae6a49ef1966775223c4f4bf02171e80ecd5f372c732f17`
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-node-linux-ppc64le.tar.gz) | `5981ec0b91f1fef0ca11a877362e1507935d03472d1d1de210fe8ef4cb8f45f656829eff23bdf448f68a4210c572cb9d71c34530a3e40e1544e2fd03ca50b10a`
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-node-linux-s390x.tar.gz) | `b4ee2806c67d71697923d29dac821b90004eb0e4f43b3f0d3f3c1d9401c63b00c0e5f54f83111fb857ab69d7dbe78e7aa18e4d3edb9ad60a54aa526dc656d458`
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.13.3/kubernetes-node-windows-amd64.tar.gz) | `3b97d44c038245b860ba08a9b4cc8fe77e75cd1a70b568ead58562dcd4a34e04a9dfa9e7819f2c2098685f3af92d7de34d2bfbb723b68d087f227d0d68f435be`
## Changelog since v1.13.2
### Other notable changes
* Update to go1.11.5 ([#73326](https://github.com/kubernetes/kubernetes/pull/73326), [@ixdy](https://github.com/ixdy))
* add goroutine to move unschedulable pods to activeq if they are not retried for more than 1 minute ([#72558](https://github.com/kubernetes/kubernetes/pull/72558), [@denkensk](https://github.com/denkensk))
* A new `TaintNodesByCondition` admission plugin taints newly created Node objects as "not ready", to fix a race condition that could cause pods to be scheduled on new nodes before their taints were updated to accurately reflect their reported conditions. This admission plugin is enabled by default if the `TaintNodesByCondition` feature is enabled. ([#73097](https://github.com/kubernetes/kubernetes/pull/73097), [@bsalamat](https://github.com/bsalamat))
* kubeadm: add back `--cert-dir` option for `kubeadm init phase certs sa` ([#73239](https://github.com/kubernetes/kubernetes/pull/73239), [@mattkelly](https://github.com/mattkelly))
* Scale max-inflight limits together with master VM sizes. ([#73268](https://github.com/kubernetes/kubernetes/pull/73268), [@wojtek-t](https://github.com/wojtek-t))
* kubeadm: explicitly wait for `etcd` to have grown when joining a new control plane ([#72984](https://github.com/kubernetes/kubernetes/pull/72984), [@ereslibre](https://github.com/ereslibre))
* Improve efficiency of preemption logic in clusters with many pending pods. ([#72895](https://github.com/kubernetes/kubernetes/pull/72895), [@bsalamat](https://github.com/bsalamat))
* Fix AWS NLB security group updates where valid security group ports were incorrectly removed ([#68422](https://github.com/kubernetes/kubernetes/pull/68422), [@kellycampbell](https://github.com/kellycampbell))
* when updating a service or when node changes occur.
* Allow for watching objects larger than 1MB given etcd accepts objects of size up to 1.5MB ([#72053](https://github.com/kubernetes/kubernetes/pull/72053), [@wojtek-t](https://github.com/wojtek-t))
* kubectl: fixed an issue with "too old resource version" errors continuously appearing when calling `kubectl delete` ([#72825](https://github.com/kubernetes/kubernetes/pull/72825), [@liggitt](https://github.com/liggitt))
* Fix scheduling starvation of pods in cluster with large number of unschedulable pods. ([#72619](https://github.com/kubernetes/kubernetes/pull/72619), [@everpeace](https://github.com/everpeace))
* Fixes spurious 0-length API responses. ([#72856](https://github.com/kubernetes/kubernetes/pull/72856), [@liggitt](https://github.com/liggitt))
# v1.13.2
[Documentation](https://docs.k8s.io)

640
CHANGELOG-1.14.md
View File

@ -1,17 +1,649 @@
<!-- BEGIN MUNGE: GENERATED_TOC -->
- [v1.14.0-alpha.1](#v1140-alpha1)
- [Downloads for v1.14.0-alpha.1](#downloads-for-v1140-alpha1)
- [v1.14.0-beta.2](#v1140-beta2)
- [Downloads for v1.14.0-beta.2](#downloads-for-v1140-beta2)
- [Client Binaries](#client-binaries)
- [Server Binaries](#server-binaries)
- [Node Binaries](#node-binaries)
- [Changelog since v1.13.0](#changelog-since-v1130)
- [Changelog since v1.14.0-beta.1](#changelog-since-v1140-beta1)
- [Action Required](#action-required)
- [Other notable changes](#other-notable-changes)
- [v1.14.0-beta.1](#v1140-beta1)
- [Downloads for v1.14.0-beta.1](#downloads-for-v1140-beta1)
- [Client Binaries](#client-binaries-1)
- [Server Binaries](#server-binaries-1)
- [Node Binaries](#node-binaries-1)
- [Changelog since v1.14.0-alpha.3](#changelog-since-v1140-alpha3)
- [Action Required](#action-required-1)
- [Other notable changes](#other-notable-changes-1)
- [v1.14.0-alpha.3](#v1140-alpha3)
- [Downloads for v1.14.0-alpha.3](#downloads-for-v1140-alpha3)
- [Client Binaries](#client-binaries-2)
- [Server Binaries](#server-binaries-2)
- [Node Binaries](#node-binaries-2)
- [Changelog since v1.14.0-alpha.2](#changelog-since-v1140-alpha2)
- [Action Required](#action-required-2)
- [Other notable changes](#other-notable-changes-2)
- [v1.14.0-alpha.2](#v1140-alpha2)
- [Downloads for v1.14.0-alpha.2](#downloads-for-v1140-alpha2)
- [Client Binaries](#client-binaries-3)
- [Server Binaries](#server-binaries-3)
- [Node Binaries](#node-binaries-3)
- [Changelog since v1.14.0-alpha.1](#changelog-since-v1140-alpha1)
- [Action Required](#action-required-3)
- [Other notable changes](#other-notable-changes-3)
- [v1.14.0-alpha.1](#v1140-alpha1)
- [Downloads for v1.14.0-alpha.1](#downloads-for-v1140-alpha1)
- [Client Binaries](#client-binaries-4)
- [Server Binaries](#server-binaries-4)
- [Node Binaries](#node-binaries-4)
- [Changelog since v1.13.0](#changelog-since-v1130)
- [Action Required](#action-required-4)
- [Other notable changes](#other-notable-changes-4)
<!-- END MUNGE: GENERATED_TOC -->
<!-- NEW RELEASE NOTES ENTRY -->
# v1.14.0-beta.2
[Documentation](https://docs.k8s.io)
## Downloads for v1.14.0-beta.2
filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes.tar.gz) | `c1d5f2615c3319fc167c577f40f385abe6652bf4fd3bdb04617b36029dc3000b190c18b4b3a29827da75c680979697d61fffb45b86ba6226f880b98b2f308f4f`
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-src.tar.gz) | `0a8d8ed208bc0bf424060126c76fcd8dbbd53a9b9695647314a4097f7013f548b76850438933760ff76835867676cddddf65134ad79f977ecdb98632fc2edda3`
### Client Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-client-darwin-386.tar.gz) | `c919d030255c5d3879926d8aaa53939cd5aa37084799748452166ca6668bd1d10edf063d633682cddafaaed43dd1b991f4ad09139c5e4f519bd69f581b3fe0aa`
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-client-darwin-amd64.tar.gz) | `ec14d4a1d720890065211544b099be17315265534cfd20435194dc842cc807c20b5fae78f5b95ba7d05f3d921d522017f50861760d195ce1bf5b1acfdb2dbb29`
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-client-linux-386.tar.gz) | `6cee12be5b855600ee80f15d1e0511099941b099bd5b252549abdc2a65c077f10ca4d53ab9804a0ce8d51f3b9cbab829cb551733cd4aed37c0d91238b82a8fe4`
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-client-linux-amd64.tar.gz) | `27d8cd48c1f3259055965b85a6b973ecb5b8a36894f94c232d773f89539e28e6c270bfe35427c70b4ad4800e42c869851981cf88f586b7d488efa538e6c88126`
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-client-linux-arm.tar.gz) | `7f98230569c61fdf2b141e519f042b2e27ff37aeda746dc30bb7ce226b5d6b0c0bb85c6070b9ffc8d38c2441feb5bd8736c67708a59552e86a2c30cc02ecdece`
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-client-linux-arm64.tar.gz) | `159da67010af38d87c5318b7ad594120afd6a9b780d11d6e607e7214862cd6514b00da673cce72574771dbc780ab435dbba0a3267f051a20155c05ee0729ded0`
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-client-linux-ppc64le.tar.gz) | `d8ca7871d3d40947db69061284cb31c4d072d4da56fbb11a4485f6853f041835d9605cfc5dcea88d58c7f484cce13dbca485e80891c845291b9b28c574df310b`
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-client-linux-s390x.tar.gz) | `1c58db90b6e09b8d8f956a00263cb20271b8403f7fb6c5b20d76cca9ed973c35d2f5c910a6d42980ec9159480682d3786a59e9e05ce356a7e3b4181c848ad122`
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-client-windows-386.tar.gz) | `00fb87dd4899208dd6607c22828f3985ebfd5e1f97cb24e3b2c69c249a4887d5c26c603b3bb4c21f9e2b737c917ddf95a1818d9de5c9ec97d3f5faa0c3dada52`
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-client-windows-amd64.tar.gz) | `7afdf637d62dde480162ad1521360b2bc78e0d4d20f6e6201e2f19b55b8e9bbd69c1ce8d03101c750ef389c65a1bc0a94dfc9a2d501d6840fd31eacbd3582028`
### Server Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-server-linux-amd64.tar.gz) | `2ac3c4910cd36f02a62304d78fe144b821edf445c522028e6b57d2dc3bcc7355159a58815d5a6991b3f2c33bb0ef23e07134c8bbf93b34be7452f80c9a9e6edf`
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-server-linux-arm.tar.gz) | `db06b5f1a83ca4ec82428ab771eae2858b188dc23780fb9b146494c06aa6175421090b200c58b670e2d4253a7e0d4b07172a632e0754c35ccdee7e264c636f17`
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-server-linux-arm64.tar.gz) | `b40e1745d1ecfcc95f3a750990244fa128381d6d74246798a62aecb8cec9c77cdcd470e79334eb5c670e1e3a288080b4e26a080c64481ba608e3156c72df474b`
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-server-linux-ppc64le.tar.gz) | `c84297fd2b18b6bdade5a135a3da929e286bbba5c8dd66778091bad4eea1ac4b97a32ab3b146a88f0716bebcce9a4a85a7cd421cb185a3df864dcfa77312b3a9`
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-server-linux-s390x.tar.gz) | `39c8f6e7f52bec155b11652b4e80c2c52acf8754dbdf80a9d5bab5370d1debf4f4783c1a6968d41822b00ff744c72947df6cbc4623578e7679b9ce9a98f64ff3`
### Node Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-node-linux-amd64.tar.gz) | `bf19ae7140836aea1b6f414532eff886e3b91e0746b9224ce46e60e0b83fa90a8c3df1ff8e01ff340a1e1874ce15da28e98224024ed3139589474e89befa19f2`
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-node-linux-arm.tar.gz) | `4b8194340a8675107da3969845173fb34ed2b0a38745ec0ac395ebf2116ee84d55be6e22ff84fafbaf4ca60a05f6debf6e95957a2261ac8a587eea32e5803fd5`
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-node-linux-arm64.tar.gz) | `8494dae5225f3b543afd575003fe0f30eb0f3cf9bc9dfbae72d6bda8f17c5446165433c28842a114af66ac3ae8fca9f92d780d1eb93e9bcb6b5dcc4fe8cd2a7f`
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-node-linux-ppc64le.tar.gz) | `0bd41d95f0a76c1b057a8913a8b2cffbf6d48c47aef1d9beed0de205b8010e8071e8f527eeaa003730ef97a017083278cb2036cf22a1abfb2f4669b935823cdc`
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-node-linux-s390x.tar.gz) | `169b16512df42a6cb5b000a3d6d6da5ae48a733c5d11b034eaec6b3816b86ec97b92e4075872900188bc296427037299841224e552ccf079097d5cf333627cbc`
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.14.0-beta.2/kubernetes-node-windows-amd64.tar.gz) | `ccfebde5176cb28529552889250bf706add04df3c3f9aee5b8bdd9ebdb5bce334add8351cdbeebb9bd4b17b31d994b7739d2c494aa4c64bcb3ceba1a6ef53447`
## Changelog since v1.14.0-beta.1
### Action Required
* ACTION REQUIRED: The node.k8s.io API group and runtimeclasses.node.k8s.io resource have been migrated to a built-in API. If you were using RuntimeClasses (an default-disabled alpha feature, as of Kubernetes v1.12), then you must recreate all RuntimeClasses after upgrading, and the runtimeclasses.node.k8s.io CRD should be manually deleted. RuntimeClasses can no longer be created without a defined handler. ([#74433](https://github.com/kubernetes/kubernetes/pull/74433), [@tallclair](https://github.com/tallclair))
* Introduce a RuntimeClass v1beta1 API. This new beta API renames `runtimeHandler` to `handler`, makes it a required field, and cuts out the spec (handler is a top-level field).
* Transition CSINodeInfo and CSIDriver alpha CRDs to in-tree CSINode and CSIDriver core storage v1beta1 APIs. ([#74283](https://github.com/kubernetes/kubernetes/pull/74283), [@xing-yang](https://github.com/xing-yang))
* ACTION REQUIRED: the alpha CRDs are no longer used and drivers will need to be updated to use the beta APIs.
* The support for `_` in the CSI driver name will be dropped as the CSI Spec does not allow that.
### Other notable changes
* Support collecting pod logs under /var/log/pods/NAMESPACE_NAME_UID to stackdriver with `k8s_pod` resource type. ([#74502](https://github.com/kubernetes/kubernetes/pull/74502), [@Random-Liu](https://github.com/Random-Liu))
* --make-symlinks for hyperkube was marked hidden for a while, This flag is now deprecated and will be removed in a future release. ([#74975](https://github.com/kubernetes/kubernetes/pull/74975), [@dims](https://github.com/dims))
* fix smb unmount issue on Windows ([#75087](https://github.com/kubernetes/kubernetes/pull/75087), [@andyzhangx](https://github.com/andyzhangx))
* Kubelet no longer watches configmaps and secrets for terminated pods, in worst scenario causing it to not be able to send other requests to kube-apiserver ([#74809](https://github.com/kubernetes/kubernetes/pull/74809), [@oxddr](https://github.com/oxddr))
* - Fixes a bug concerning Quobyte volumes where user mappings only worked if the hosts Kubernetes plugin mount was provided via an external configuration using the _allow-usermapping-in-volumename_ option. ([#74520](https://github.com/kubernetes/kubernetes/pull/74520), [@casusbelli](https://github.com/casusbelli))
* Change CRI pod log directory from `/var/log/pods/UID` to `/var/log/pods/NAMESPACE_NAME_UID`. ([#74441](https://github.com/kubernetes/kubernetes/pull/74441), [@Random-Liu](https://github.com/Random-Liu))
* It is recommended to drain the node before upgrade, or reboot the node after upgrade.
* Promote RuntimeClass to beta, and enable by default. ([#75003](https://github.com/kubernetes/kubernetes/pull/75003), [@tallclair](https://github.com/tallclair))
* New "dry_run" metric label (indicating the value of the dryRun query parameter) into the metrics: ([#74997](https://github.com/kubernetes/kubernetes/pull/74997), [@jennybuckley](https://github.com/jennybuckley))
* apiserver_request_total
* apiserver_request_duration_seconds
* New "APPLY" value for the "verb" metric label which indicates a PATCH with "Content-Type: apply-patch+yaml". This value is experimental and will only be present if the ServerSideApply alpha feature is enabled.
* GCE: bump COS image version to cos-beta-73-11647-64-0 ([#75149](https://github.com/kubernetes/kubernetes/pull/75149), [@yguo0905](https://github.com/yguo0905))
* - Add duration metric for CRD webhook converters ([#74376](https://github.com/kubernetes/kubernetes/pull/74376), [@mbohlool](https://github.com/mbohlool))
* Alpha support for ephemeral CSI inline volumes that are embedded in pod specs. ([#74086](https://github.com/kubernetes/kubernetes/pull/74086), [@vladimirvivien](https://github.com/vladimirvivien))
* Add support for node side CSI volume expansion ([#74863](https://github.com/kubernetes/kubernetes/pull/74863), [@gnufied](https://github.com/gnufied))
* - Add mechanism for Admission Webhooks to specify which version of AdmissionReview they support ([#74998](https://github.com/kubernetes/kubernetes/pull/74998), [@mbohlool](https://github.com/mbohlool))
* - Add mechanism for CRD Conversion Webhooks to specify which version of ConversionReview they support
* Add a new kubelet endpoint for serving first-class resource metrics ([#73946](https://github.com/kubernetes/kubernetes/pull/73946), [@dashpole](https://github.com/dashpole))
* Deprecate AWS, Azure, GCE and Cinder specific volume limit predicates. ([#74544](https://github.com/kubernetes/kubernetes/pull/74544), [@gnufied](https://github.com/gnufied))
* PodReadinessGate feature is now GA. The feature gate will not allow disabling it. ([#74434](https://github.com/kubernetes/kubernetes/pull/74434), [@freehan](https://github.com/freehan))
* If CSINodeInfo and CSIMigration feature flags are active in the cluster, Kubelet will post NotReady until CSINode is initialized with basic volume plugin mechanism information for well-known drivers ([#74835](https://github.com/kubernetes/kubernetes/pull/74835), [@davidz627](https://github.com/davidz627))
* Add network stats for Windows nodes and containers ([#74788](https://github.com/kubernetes/kubernetes/pull/74788), [@feiskyer](https://github.com/feiskyer))
* kubeadm: when calling "reset" on a control-plane node, remove the APIEndpoint information for this node from the ClusterStatus in the kubeadm ConfigMap. ([#75082](https://github.com/kubernetes/kubernetes/pull/75082), [@neolit123](https://github.com/neolit123))
* kube-apiserver now serves OpenAPI specs for registered CRDs with defined ([#71192](https://github.com/kubernetes/kubernetes/pull/71192), [@roycaihw](https://github.com/roycaihw))
* validation schemata as an alpha feature, to be enabled via the "CustomResourcePublishOpenAPI" feature gate. Kubectl will validate client-side using those. Note that in
* future, client-side validation in 1.14 kubectl against a 1.15 cluster will reject
* unknown fields for CRDs with validation schema defined.
* Fix kubelet start failure issue on Azure Stack due to InstanceMetadata setting ([#74936](https://github.com/kubernetes/kubernetes/pull/74936), [@rjaini](https://github.com/rjaini))
* add subcommand `kubectl create cronjob` ([#71651](https://github.com/kubernetes/kubernetes/pull/71651), [@Pingan2017](https://github.com/Pingan2017))
* The CSIBlockVolume feature gate is now beta, and defaults to enabled. ([#74909](https://github.com/kubernetes/kubernetes/pull/74909), [@bswartz](https://github.com/bswartz))
* Pre-existing log files are now opened with O_APPEND, instead of O_TRUNC. This helps prevent losing logs when components crash-loop, and also enables external log rotation utilities to truncate log files in-place without components extending log files to their pre-truncation sizes on subsequent writes. ([#74837](https://github.com/kubernetes/kubernetes/pull/74837), [@mtaufen](https://github.com/mtaufen))
* the test/e2e/e2e.test binary can test arbitrary storage drivers, see the `-storage.testdriver` parameter ([#72836](https://github.com/kubernetes/kubernetes/pull/72836), [@pohly](https://github.com/pohly))
* Fix panic in kubectl cp command ([#75037](https://github.com/kubernetes/kubernetes/pull/75037), [@soltysh](https://github.com/soltysh))
* iscsi modules haven't even been loaded /sys/class/iscsi_host directory won't exist ([#74787](https://github.com/kubernetes/kubernetes/pull/74787), [@jianglingxia](https://github.com/jianglingxia))
* the fluentd addon daemonset will now target all nodes. ([#74424](https://github.com/kubernetes/kubernetes/pull/74424), [@liggitt](https://github.com/liggitt))
* setting `ENABLE_METADATA_CONCEALMENT=true` in kube-up will now set a `cloud.google.com/metadata-proxy-ready=true` label on new nodes. In v1.16, the metadata proxy add-on will switch to using that label as a node selector.
* setting `KUBE_PROXY_DAEMONSET=true` in kube-up will now set a `node.kubernetes.io/kube-proxy-ds-ready=true` label on new nodes. In v1.16, the kube-proxy daemonset add-on will switch to using that label as a node selector.
* In 1.16, the masq-agent daemonset add-on will switch to using `node.kubernetes.io/masq-agent-ds-ready` as a node selector.
* - Kubelet: replace `du` and `find` with a golang implementation ([#74675](https://github.com/kubernetes/kubernetes/pull/74675), [@dashpole](https://github.com/dashpole))
* - Kubelet: periodically update machine info to support hot-add/remove
* kubeadm: add certificate-key and skip-certificate-key-print flags to kubeadm init ([#74671](https://github.com/kubernetes/kubernetes/pull/74671), [@yagonobre](https://github.com/yagonobre))
* Admission webhooks rules can now limit scope to only match namespaced, or only cluster-scoped resources with a `scope: "Cluster" | "Namespaced" | "*"` field. ([#74477](https://github.com/kubernetes/kubernetes/pull/74477), [@liggitt](https://github.com/liggitt))
* The CSIPersistentVolume and KubeletPluginWatcher feature gates cannot be disabled, and will be removed in Kubernetes v1.16 ([#74830](https://github.com/kubernetes/kubernetes/pull/74830), [@msau42](https://github.com/msau42))
* Kubelet won't evict a static pod with priority `system-node-critical` upon resource pressure. ([#74222](https://github.com/kubernetes/kubernetes/pull/74222), [@Huang-Wei](https://github.com/Huang-Wei))
* Fixes panic if a kubelet is run against an older kube-apiserver ([#74529](https://github.com/kubernetes/kubernetes/pull/74529), [@liggitt](https://github.com/liggitt))
* The resource group name in Azure providerID is not converted to lower cases. ([#74882](https://github.com/kubernetes/kubernetes/pull/74882), [@feiskyer](https://github.com/feiskyer))
* Remove the out-of-tree PersistentVolumeLabel controller because it cannot run without Initializers (removed in v1.14). If you are using AWS EBS, GCE PD, Azure Disk, Cinder Disk or vSphere volumes and rely on zone labels, then enable the `PersistentVolumeLabel` admission controller in the `kube-apiserver` in the `--enable-admission-plugins` flag. ([#74615](https://github.com/kubernetes/kubernetes/pull/74615), [@andrewsykim](https://github.com/andrewsykim))
* kubeadm: improved RequiredIPVSKernelModulesAvailable warning message ([#74033](https://github.com/kubernetes/kubernetes/pull/74033), [@bart0sh](https://github.com/bart0sh))
* Add `nullable` support to CustomResourceDefinition OpenAPI validation schemata. ([#74804](https://github.com/kubernetes/kubernetes/pull/74804), [@sttts](https://github.com/sttts))
* Fix kube-apiserver not to create default/kubernetes service endpoints before it reports readiness via the /healthz and therefore is ready to serve requests. Also early during startup old endpoints are remove which might be left over from a previously crashed kube-apiserver. ([#74668](https://github.com/kubernetes/kubernetes/pull/74668), [@sttts](https://github.com/sttts))
* kubeadm: fix a bug where standard kubeconfig paths were searched even if the user provided /etc/kubernetes/admin.conf explicitly for commands that accept --kubeconfig, like kubeadm token. ([#71874](https://github.com/kubernetes/kubernetes/pull/71874), [@neolit123](https://github.com/neolit123))
* kubeadm: use the default kubeconfig (/etc/kubernetes/admin.conf) for "kubeadm reset" and "kubeadm upgrade" commands.
* Increase api server client certificate expiration histogram resolution to accommodate short-lived (< 6h) client certificates. ([#74806](https://github.com/kubernetes/kubernetes/pull/74806), [@mxinden](https://github.com/mxinden))
* Default RBAC policy no longer grants access to discovery and permission-checking APIs (used by `kubectl auth can-i`) to *unauthenticated* users. Upgraded clusters preserve prior behavior, but cluster administrators wishing to grant unauthenticated users access in new clusters will need to explicitly opt-in to expose the discovery and/or permission-checking APIs: ([#73807](https://github.com/kubernetes/kubernetes/pull/73807), [@dekkagaijin](https://github.com/dekkagaijin))
* `kubectl create clusterrolebinding anonymous-discovery --clusterrole=system:discovery --group=system:unauthenticated`
* `kubectl create clusterrolebinding anonymous-access-review --clusterrole=system:basic-user --group=system:unauthenticated`
* The PersistentLocalVolumes feature is GA. The feature gate cannot be disabled and will be removed in Kubernetes 1.17 ([#74769](https://github.com/kubernetes/kubernetes/pull/74769), [@msau42](https://github.com/msau42))
* kubelet: resolved hang/timeout issues when running large numbers of pods with unique configmap/secret references by reverting to 1.11 configmap/secret lookup behavior ([#74755](https://github.com/kubernetes/kubernetes/pull/74755), [@liggitt](https://github.com/liggitt))
* Convert `latency`/`latencies` in metrics name to `duration`. ([#74418](https://github.com/kubernetes/kubernetes/pull/74418), [@danielqsj](https://github.com/danielqsj))
* The following metrics are changed and mark previous metrics as deprecated:
* `rest_client_request_latency_seconds` -> `rest_client_request_duration_seconds`
* `apiserver_proxy_tunnel_sync_latency_secs` -> `apiserver_proxy_tunnel_sync_duration_seconds`
* `scheduler_scheduling_latency_seconds` -> `scheduler_scheduling_duration_seconds `
* Fix help message for --container-runtime-endpoint: only unix socket is support on Linux. ([#74712](https://github.com/kubernetes/kubernetes/pull/74712), [@feiskyer](https://github.com/feiskyer))
* Update to use golang 1.12 ([#74632](https://github.com/kubernetes/kubernetes/pull/74632), [@cblecker](https://github.com/cblecker))
* The `RunAsGroup` feature has been promoted to beta and enabled by default. PodSpec and PodSecurityPolicy objects can be used to control the primary GID of containers on supported container runtimes. ([#73007](https://github.com/kubernetes/kubernetes/pull/73007), [@krmayankk](https://github.com/krmayankk))
* fix Azure Container Registry anonymous repo image pull error ([#74715](https://github.com/kubernetes/kubernetes/pull/74715), [@andyzhangx](https://github.com/andyzhangx))
* Adds the same information to an init container as a standard container in a pod when using PodPresets. ([#71479](https://github.com/kubernetes/kubernetes/pull/71479), [@soggiest](https://github.com/soggiest))
* fix the flake in scheduling_queue_test.go ([#74611](https://github.com/kubernetes/kubernetes/pull/74611), [@denkensk](https://github.com/denkensk))
* The kube-apiserver OpenAPI definitions with the prefix "io.k8s.kubernetes.pkg" (deprecated since 1.9) have been removed. ([#74596](https://github.com/kubernetes/kubernetes/pull/74596), [@sttts](https://github.com/sttts))
* kube-conformance image will now run ginkgo with the --dryRun flag if the container is run with the environment variable E2E_DRYRUN set. ([#74731](https://github.com/kubernetes/kubernetes/pull/74731), [@johnSchnake](https://github.com/johnSchnake))
* The deprecated `MountPropagation` feature gate has been removed, and the feature is now unconditionally enabled. ([#74720](https://github.com/kubernetes/kubernetes/pull/74720), [@bertinatto](https://github.com/bertinatto))
* Introduce dynamic volume provisioning shim for CSI migration ([#73653](https://github.com/kubernetes/kubernetes/pull/73653), [@ddebroy](https://github.com/ddebroy))
* Fix --help flag parsing ([#74682](https://github.com/kubernetes/kubernetes/pull/74682), [@soltysh](https://github.com/soltysh))
* This PR removes the following metrics: ([#74636](https://github.com/kubernetes/kubernetes/pull/74636), [@logicalhan](https://github.com/logicalhan))
* reflector_items_per_list
* reflector_items_per_watch
* reflector_last_resource_version
* reflector_list_duration_seconds
* reflector_lists_total
* reflector_short_watches_total
* reflector_watch_duration_seconds
* reflector_watches_total
* While this is a backwards-incompatible change, it would have been impossible to setup reliable monitoring around these metrics since the labels were not stable.
* Add a configuration field to shorten the timeout of validating/mutating admission webhook call. The timeout value must be between 1 and 30 seconds. Default to 30 seconds when unspecified. ([#74562](https://github.com/kubernetes/kubernetes/pull/74562), [@roycaihw](https://github.com/roycaihw))
* client-go: PortForwarder.GetPorts() now contain correct local port if no local port was initially specified when setting up the port forwarder ([#73676](https://github.com/kubernetes/kubernetes/pull/73676), [@martin-helmich](https://github.com/martin-helmich))
* # Apply resources from a directory containing kustomization.yaml ([#74140](https://github.com/kubernetes/kubernetes/pull/74140), [@Liujingfang1](https://github.com/Liujingfang1))
* kubectl apply -k dir
* # Delete resources from a directory containing kustomization.yaml.
* kubectl delete -k dir
* # List resources from a directory containing kustomization.yaml
* kubectl get -k dir
* kubeadm: Allow to download certificate secrets uploaded by `init` or `upload-certs` phase, allowing to transfer certificate secrets (certificates and keys) from the cluster to other master machines when creating HA deployments. ([#74168](https://github.com/kubernetes/kubernetes/pull/74168), [@ereslibre](https://github.com/ereslibre))
* Fixes an issue with missing apiVersion/kind in object data sent to admission webhooks ([#74448](https://github.com/kubernetes/kubernetes/pull/74448), [@liggitt](https://github.com/liggitt))
* client-go: the deprecated versionless API group accessors (like `clientset.Apps()` have been removed). Use an explicit version instead (like `clientset.AppsV1()`) ([#74422](https://github.com/kubernetes/kubernetes/pull/74422), [@liggitt](https://github.com/liggitt))
* The `--quiet` option to `kubectl run` now suppresses resource deletion messages emitted when the `--rm` option is specified. ([#73266](https://github.com/kubernetes/kubernetes/pull/73266), [@awh](https://github.com/awh))
* Add Custom Resource support to "kubectl autoscale" ([#72678](https://github.com/kubernetes/kubernetes/pull/72678), [@rmohr](https://github.com/rmohr))
* Image garbage collection no longer fails for images with only one tag but more than one repository associated. ([#70647](https://github.com/kubernetes/kubernetes/pull/70647), [@corvus-ch](https://github.com/corvus-ch))
* - Fix liveness probe in fluentd-gcp cluster addon ([#74522](https://github.com/kubernetes/kubernetes/pull/74522), [@Pluies](https://github.com/Pluies))
* The new test ``[sig-network] DNS should provide /etc/hosts entries for the cluster [LinuxOnly] [Conformance]`` will validate the host entries set in the ``/etc/hosts`` file (pod's FQDN and hostname), which should be managed by Kubelet. ([#72729](https://github.com/kubernetes/kubernetes/pull/72729), [@bclau](https://github.com/bclau))
* The test has the tag ``[LinuxOnly]`` because individual files cannot be mounted in Windows Containers, which means that it cannot pass using Windows nodes.
# v1.14.0-beta.1
[Documentation](https://docs.k8s.io)
## Downloads for v1.14.0-beta.1
filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes.tar.gz) | `065014c751635f8c077fbcc105df578594baf8afd8b8339004909198e1bd68d0a7ce3644ed5d54e5964d1306aa650f22a5ce83063415240f4dffd6706c1cc33b`
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-src.tar.gz) | `244c19d9fad21ae154ee78fc94888dc60bcfcf3ec72bdc28a82e77c572cbc969d2abbf20397ef9564a35585c08dfe179b105fc25efac973e0a13d78ee2ff8f42`
### Client Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-client-darwin-386.tar.gz) | `78a61a1e922daa39a9f7dd61b8bad87d202b537bda59f90ae8aae941c0ff412e3d328530af9dd9f22462cbd67254e7ce1556defe48bb10bd6a94d4302464fe8e`
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-client-darwin-amd64.tar.gz) | `5a1d66fd90a5dc07b95b7617b5583595e0a4a664e7005f6281f846c85b21e28692b2e2d55b7c40c7b8cbb96b6b8cd6c832f340c7cc67579641beabac033014ad`
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-client-linux-386.tar.gz) | `30991ce0776bae7551b98a811e3ccb5104b0859805c41a216db7d5779cddfb36ef3c5e658ea2adeaf67f8e6f181768850b09a0e8320c2983d34664156ea638ac`
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-client-linux-amd64.tar.gz) | `5501a9c3a95e43f0c691b05043546f2c497d50a6ad88b88219842d61be83d7dcb8871ff9fd2447c02bc842c4c962f298a3ce2e0618fae70e8aa391c9407626e5`
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-client-linux-arm.tar.gz) | `4bf341a2f943719d006f4cacc26fdf4d021560d37d49c8d9c4620d294142041155a88dc721d9373a8617e1baa904c02b4545f379ffe87c6ab20e5459a5d3c2de`
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-client-linux-arm64.tar.gz) | `1c0c660618947b053404ab8ef40bdec0a06d54a1f9edc585a7259806f878327d9ae54100bba98e5b7f44f5db4303276d189792e68517603520a49868c07e684c`
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-client-linux-ppc64le.tar.gz) | `9d2c3f4bfbad03b41859670f9cfda6596f51a89077fd4da2f74490f71b5de10e459954e897d2a1ba3a217c62caaf1be74424e5bf6a5609868dc4f069ac06c94f`
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-client-linux-s390x.tar.gz) | `9be5259caf39ff3c4d0f024d616bff50ac417d42a87c56b6877fbdf5aaadecee05631ac8ddd6dca20d52ae4ca7e1227a1fd5e882be9821f3711e144b84d41099`
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-client-windows-386.tar.gz) | `5b1e75f532d9a4d656cd1c5ec48a19d01c4ca731c6c3d986ebbc48a9f1e1d61d6c5603145808fb929117cf2202bc75f31ec7661a50edf24c5af6b3419ebcc0ab`
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-client-windows-amd64.tar.gz) | `a501d3c0be55d5a73214a83d1f48b39a49d4a84f5f9988fa34cf66ef6bc78d3f3e06c40dc3d59538c3bff07aa2128ee814d9825c31f8b9abbf045e1ebb581bed`
### Server Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-server-linux-amd64.tar.gz) | `aed44ec5bc6bdaf41c20824a9841ee541bfd23362966f9326eca2cafbd03eca69325877784b8c9b058963dc5b8ba656b9da446513fd5eeed8133a783769acd16`
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-server-linux-arm.tar.gz) | `e751cb675013183a70a8817dca0b5c456a1ccf075244b411317e813b5164ae710460a53e81191ded9d2ccaf284ae00304bfbe1b3d219b2a8d57761d733293409`
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-server-linux-arm64.tar.gz) | `3aabb1a9bd07413d0740adfb638b0e5ca4cd4a58eda244c5ebc1ea01780e0b2863806c35792a0590069ef0cccc2665198afed1984d1c49f0726b75d4216609a4`
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-server-linux-ppc64le.tar.gz) | `3c57e2b47b3b9ddc1039684840886877947141b1e4d31f909793678544fe92e10aa82a207936f0bcb3c657044c7b875f34f41f086ccb7f97a154499d01266f73`
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-server-linux-s390x.tar.gz) | `fe418cfafc63cbccc1898086296e52026df27ff498753089792175ce0d41d889ca50a4eb5104a84b78a0a25d524dcdf5ec5eec8aa213d58178ae38411cfb58af`
### Node Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-node-linux-amd64.tar.gz) | `83b63d7e9d18fe35564105fd70629af9ba8f20112933b3ace92a48887702862e013ac3b3e144cfd44c8ead7c766df584766749af9d33a9aaa3808e370d3ea359`
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-node-linux-arm.tar.gz) | `e4ac000be25ced9b308ec698da9702bd10a0a7183bfea9648500ab9d0879989c54328cb4fb51be545831d18676067d6b53e55cc49b14f55f35032a66dfa28806`
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-node-linux-arm64.tar.gz) | `35fa5ec8a7fc001fe33abd89f8a446ce0ea2a011db27dc8ff544c2b199b065b19372afe95e3616f538347243d7599f29fb5cea1a46a3fcfdfe4a0f2a346683b2`
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-node-linux-ppc64le.tar.gz) | `a5b938e9cdc39fc292269af4c3961a17b9bcdaf85b3c58db680f2d1a4fb088eb648efc268dfe3325aed96f6a7cdcff070dc7a3200cc169010ff2b402fae1a26a`
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-node-linux-s390x.tar.gz) | `d8e2b5a945f881ddb0a25576a614d564ccef0ad4e93c84b30cdc57888e81e04932d798415a1a50cdfc6d2f857e1d027e2034ba9c40b5d8ed0009cfbdc8915e0f`
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.14.0-beta.1/kubernetes-node-windows-amd64.tar.gz) | `426774466800ca11cae16821c7d92917b2ce138fcb3f6dca813ec0f060649d6a50187982aaac31fbb081604f5bd2c317616b6f211beb139f53192269194f012e`
## Changelog since v1.14.0-alpha.3
### Action Required
* Added cadvisor metric labels `pod` and `container` where `pod_name` and `container_name` are present to match instrumentation guidelines. ([#69099](https://github.com/kubernetes/kubernetes/pull/69099), [@ehashman](https://github.com/ehashman))
* Action required: any Prometheus queries that match `pod_name` and `container_name` labels (e.g. cadvisor or kubelet probe metrics) should be updated to use `pod` and `container` instead. `pod_name` and `container_name` labels will be present alongside `pod` and `container` labels for one transitional release and removed in the future.
### Other notable changes
* fix parse devicePath issue on Azure Disk ([#74499](https://github.com/kubernetes/kubernetes/pull/74499), [@andyzhangx](https://github.com/andyzhangx))
* fix issue: fail to detach azure disk when there is server side error ([#74398](https://github.com/kubernetes/kubernetes/pull/74398), [@andyzhangx](https://github.com/andyzhangx))
* Allow Cinder volume limit to be configured from node too ([#74542](https://github.com/kubernetes/kubernetes/pull/74542), [@gnufied](https://github.com/gnufied))
* Fix subnet annotation checking for Azure internal loadbalancer ([#74498](https://github.com/kubernetes/kubernetes/pull/74498), [@feiskyer](https://github.com/feiskyer))
* Allow the kubelet to pass Windows GMSA credentials down to Docker ([#73726](https://github.com/kubernetes/kubernetes/pull/73726), [@wk8](https://github.com/wk8))
* PriorityClass in scheduling.k8s.io/v1beta1 and scheduling.k8s.io/v1alpha1 are deprecated by PriorityClass scheduling.k8s.io/v1 and will not be served starting in v1.17. ([#74465](https://github.com/kubernetes/kubernetes/pull/74465), [@bsalamat](https://github.com/bsalamat))
* kubeadm: fixed nil pointer dereference caused by a bug in url parsing ([#74454](https://github.com/kubernetes/kubernetes/pull/74454), [@bart0sh](https://github.com/bart0sh))
* Fix the unexpected NotReady status when Node's iops is full if the runtime is dockershim. ([#74389](https://github.com/kubernetes/kubernetes/pull/74389), [@answer1991](https://github.com/answer1991))
* Split up the mondo `kubernetes-test` tarball into `kubernetes-test-portable` and `kubernetes-test-{OS}-{ARCH}` tarballs. ([#74065](https://github.com/kubernetes/kubernetes/pull/74065), [@ixdy](https://github.com/ixdy))
* Move fluentd-elasticsearch addon images to community controlled location ([#73819](https://github.com/kubernetes/kubernetes/pull/73819), [@coffeepac](https://github.com/coffeepac))
* The PriorityClass API has been promoted to `scheduling.k8s.io/v1` with no changes. The `scheduling.k8s.io/v1beta1` version is now deprecated and will stop being served by default in v1.17. ([#73555](https://github.com/kubernetes/kubernetes/pull/73555), [@bsalamat](https://github.com/bsalamat))
* fix get azure accounts timeout issue when there is no out-bound IP ([#74191](https://github.com/kubernetes/kubernetes/pull/74191), [@andyzhangx](https://github.com/andyzhangx))
* fix mixed protocol issue for azure load balancer ([#74200](https://github.com/kubernetes/kubernetes/pull/74200), [@andyzhangx](https://github.com/andyzhangx))
* Don't update the Pod object after each scheduling attempt by adding a timestamp to the scheduling queue. ([#73700](https://github.com/kubernetes/kubernetes/pull/73700), [@denkensk](https://github.com/denkensk))
* kubeadm: remove local etcd members from the etcd cluster when kubeadm reset ([#74112](https://github.com/kubernetes/kubernetes/pull/74112), [@pytimer](https://github.com/pytimer))
* Fix keymutex issues which may crash in some platforms. ([#74348](https://github.com/kubernetes/kubernetes/pull/74348), [@danielqsj](https://github.com/danielqsj))
* Fixed scanning of failed iSCSI targets. ([#74306](https://github.com/kubernetes/kubernetes/pull/74306), [@jsafrane](https://github.com/jsafrane))
* kubeadm: Do not fail preflight checks when running on >= 5.0 Linux kernel ([#74355](https://github.com/kubernetes/kubernetes/pull/74355), [@brb](https://github.com/brb))
* Reduces the cache TTL for negative responses to 5s minimum. ([#74093](https://github.com/kubernetes/kubernetes/pull/74093), [@blakebarnett](https://github.com/blakebarnett))
* The Ingress API is now available via `networking.k8s.io/v1beta1`. `extensions/v1beta1` Ingress objects are deprecated and will no longer be served in v1.18. ([#74057](https://github.com/kubernetes/kubernetes/pull/74057), [@liggitt](https://github.com/liggitt))
* kubelet's --containerized flag will no longer be supported and will be removed in a future release ([#74267](https://github.com/kubernetes/kubernetes/pull/74267), [@dims](https://github.com/dims))
* Optimize scheduler cache snapshot algorithm to improve scheduling throughput. ([#74041](https://github.com/kubernetes/kubernetes/pull/74041), [@bsalamat](https://github.com/bsalamat))
* Extends the VolumeSubpathEnvExpansion alpha feature to support environment variable expansion ([#71351](https://github.com/kubernetes/kubernetes/pull/71351), [@kevtaylor](https://github.com/kevtaylor))
* Implements subPathExpr field for expanding environment variables into a subPath
* The fields subPathExpr and subPath are mutually exclusive
* Note: This is a breaking change from the previous version of this alpha feature
* Added kube-proxy support for overlay networking and DSR in Windows and new flags for network-name, source-vip, and enable-dsr. ([#70896](https://github.com/kubernetes/kubernetes/pull/70896), [@ksubrmnn](https://github.com/ksubrmnn))
* StorageOS volume plugin updated to fix an issue where volume mount succeeds even if request to mount via StorageOS API fails. ([#69782](https://github.com/kubernetes/kubernetes/pull/69782), [@darkowlzz](https://github.com/darkowlzz))
* kubeadm: Allow to upload certificates required to join a new control-plane to kubeadm-certs secret using the flag `--experimental-upload-certs` on `init` or upload-certs phase. ([#73907](https://github.com/kubernetes/kubernetes/pull/73907), [@yagonobre](https://github.com/yagonobre))
* export query parameter is deprecated and will be removed in a future release ([#73783](https://github.com/kubernetes/kubernetes/pull/73783), [@deads2k](https://github.com/deads2k))
* e2e storage tests run faster and are easier to read ([#72434](https://github.com/kubernetes/kubernetes/pull/72434), [@pohly](https://github.com/pohly))
* kubectl: fix a bug where "describe" cannot obtain the event messages for a static pod ([#74156](https://github.com/kubernetes/kubernetes/pull/74156), [@gaorong](https://github.com/gaorong))
* windows: Ensure graceful termination when being run as windows service ([#73292](https://github.com/kubernetes/kubernetes/pull/73292), [@steffengy](https://github.com/steffengy))
* CoreDNS adds readinessProbe which prevents loadbalancing to unready pods, and also allows rolling updates to work as expected. ([#74137](https://github.com/kubernetes/kubernetes/pull/74137), [@rajansandeep](https://github.com/rajansandeep))
* Fixes use of webhook admission plugins with multi-version custom resources ([#74154](https://github.com/kubernetes/kubernetes/pull/74154), [@mbohlool](https://github.com/mbohlool))
* kubeadm no longer allows using v1alpha3 configs for anything else than converting them to v1beta1. ([#74025](https://github.com/kubernetes/kubernetes/pull/74025), [@rosti](https://github.com/rosti))
* Change kubelet metrics to conform metrics guidelines. ([#72470](https://github.com/kubernetes/kubernetes/pull/72470), [@danielqsj](https://github.com/danielqsj))
* The following metrics are deprecated, and will be removed in a future release:
* `kubelet_pod_worker_latency_microseconds`
* `kubelet_pod_start_latency_microseconds`
* `kubelet_cgroup_manager_latency_microseconds`
* `kubelet_pod_worker_start_latency_microseconds`
* `kubelet_pleg_relist_latency_microseconds`
* `kubelet_pleg_relist_interval_microseconds`
* `kubelet_eviction_stats_age_microseconds`
* `kubelet_runtime_operations`
* `kubelet_runtime_operations_latency_microseconds`
* `kubelet_runtime_operations_errors`
* `kubelet_device_plugin_registration_count`
* `kubelet_device_plugin_alloc_latency_microseconds`
* Please convert to the following metrics:
* `kubelet_pod_worker_duration_seconds`
* `kubelet_pod_start_duration_seconds`
* `kubelet_cgroup_manager_duration_seconds`
* `kubelet_pod_worker_start_duration_seconds`
* `kubelet_pleg_relist_duration_seconds`
* `kubelet_pleg_relist_interval_seconds`
* `kubelet_eviction_stats_age_seconds`
* `kubelet_runtime_operations_total`
* `kubelet_runtime_operations_duration_seconds`
* `kubelet_runtime_operations_errors_total`
* `kubelet_device_plugin_registration_total`
* `kubelet_device_plugin_alloc_duration_seconds`
* This change ensures that volumes get provisioned based on the zone information provided in allowedTopologies. ([#72731](https://github.com/kubernetes/kubernetes/pull/72731), [@skarthiksrinivas](https://github.com/skarthiksrinivas))
* Storage class spec:
* kind: StorageClass
* apiVersion: storage.k8s.io/v1
* metadata:
* name: fastpolicy1
* provisioner: kubernetes.io/vsphere-volume
* parameters:
* diskformat: zeroedthick
* storagePolicyName: vSAN Default Storage Policy
* allowedTopologies:
* - matchLabelExpressions:
* - key: failure-domain.beta.kubernetes.io/zone
* values:
* - zone1
* PV creation Logs:
* I0109 11:17:52.321372 1 vsphere.go:1147] Starting to create a vSphere volume with volumeOptions: &{CapacityKB:1048576 Tags:map[kubernetes.io/created-for/pvc/namespace:default kubernetes.io/created-for/pvc/name:pvcsc-1-policy kubernetes.io/created-for/pv/name:pvc-34650c12-1400-11e9-aef4-005056804cc9] Name:kubernetes-dynamic-pvc-34650c12-1400-11e9-aef4-005056804cc9 DiskFormat:zeroedthick Datastore: VSANStorageProfileData: StoragePolicyName:vSAN Default Storage Policy StoragePolicyID: SCSIControllerType: Zone:[zone1]}
* ...
* I0109 11:17:59.430113 1 vsphere.go:1334] The canonical volume path for the newly created vSphere volume is "[vsanDatastore] 98db185c-6683-d8c7-bc55-0200435ec5da/kubernetes-dynamic-pvc-34650c12-1400-11e9-aef4-005056804cc9.vmdk"
* Ran regression tests (no zone) and they passed.
* vSphere cloud provider correctly retrieves the VM's UUID when running on Windows ([#71147](https://github.com/kubernetes/kubernetes/pull/71147), [@benmoss](https://github.com/benmoss))
* Re-issue Allocate grpc calls before starting a container that requests device-plugin resources if the cached state is missing. ([#73824](https://github.com/kubernetes/kubernetes/pull/73824), [@jiayingz](https://github.com/jiayingz))
* [CRI] Add a new field called `runtime_handler` into PodSandbox and PodSandboxStatus to track the RuntimeClass information of a pod. ([#73833](https://github.com/kubernetes/kubernetes/pull/73833), [@haiyanmeng](https://github.com/haiyanmeng))
* kubelet: OS and Arch information is now recorded in `kubernetes.io/os` and `kubernetes.io/arch` labels on Node objects. The previous labels (`beta.kubernetes.io/os` and `beta.kubernetes.io/arch`) are still recorded, but are deprecated and targeted for removal in 1.18. ([#73333](https://github.com/kubernetes/kubernetes/pull/73333), [@yujuhong](https://github.com/yujuhong))
* This change applies zone labels to vSphere Volumes automatically. The zone labels are visible on the PV: ([#72687](https://github.com/kubernetes/kubernetes/pull/72687), [@subramanian-neelakantan](https://github.com/subramanian-neelakantan))
* $ kubectl get pv --show-labels
* NAME CAPACITY ACCESSMODES STATUS CLAIM REASON AGE LABELS
* pv-abc 5Gi RWO Bound default/claim1 46s failure-domain.beta.kubernetes.io/region=VC1,failure-domain.beta.kubernetes.io/zone=cluster-1
* fix smb remount issue on Windows ([#73661](https://github.com/kubernetes/kubernetes/pull/73661), [@andyzhangx](https://github.com/andyzhangx))
* Kubelet now tries to stop containers in unknown state once before restart or remove. ([#73802](https://github.com/kubernetes/kubernetes/pull/73802), [@Random-Liu](https://github.com/Random-Liu))
* Deprecate --export flag from kubectl get command. ([#73787](https://github.com/kubernetes/kubernetes/pull/73787), [@soltysh](https://github.com/soltysh))
* Breaking changes in client-go: ([#72214](https://github.com/kubernetes/kubernetes/pull/72214), [@caesarxuchao](https://github.com/caesarxuchao))
* The disk-cached discovery client is moved from k8s.io/client-go/discovery to k8s.io/client-go/discovery/cached/disk.
* The memory-cached discovery client is moved from k8s.io/client-go/discovery/cached to k8s.io/client-go/discovery/cached/memory.
* kubelet now accepts `pid=<number>` in the `--system-reserved` and `--kube-reserved` options to ensure that the specified number of process IDs will be reserved for the system as a whole and for Kubernetes system daemons respectively. Please reference `Kube Reserved` and `System Reserved` in `Reserve Compute Resources for System Daemons` in the Kubernetes documentation for general discussion of resource reservation. To utilize this functionality, you must set the feature gate `SupportNodePidsLimit=true` ([#73651](https://github.com/kubernetes/kubernetes/pull/73651), [@RobertKrawitz](https://github.com/RobertKrawitz))
* The apiserver, including both the kube-apiserver and apiservers built with the generic apiserver library, will now return 413 RequestEntityTooLarge error if a json patch contains more than 10,000 operations. ([#74000](https://github.com/kubernetes/kubernetes/pull/74000), [@caesarxuchao](https://github.com/caesarxuchao))
* kubeadm: allow the usage of --kubeconfig-dir and --config flags on kubeadm init ([#73998](https://github.com/kubernetes/kubernetes/pull/73998), [@yagonobre](https://github.com/yagonobre))
* when pleg channel is full, discard events and record its count ([#72709](https://github.com/kubernetes/kubernetes/pull/72709), [@changyaowei](https://github.com/changyaowei))
* Is ->It in line 6 ([#73898](https://github.com/kubernetes/kubernetes/pull/73898), [@xiezongzhe](https://github.com/xiezongzhe))
* Events reported for container creation, start, and stop now report the container name in the message and are more consistently formatted. ([#73892](https://github.com/kubernetes/kubernetes/pull/73892), [@smarterclayton](https://github.com/smarterclayton))
* `kubectl auth reconcile` now outputs details about what changes are being made ([#71564](https://github.com/kubernetes/kubernetes/pull/71564), [@liggitt](https://github.com/liggitt))
* kubeadm: fix a bug in the underlying library for diff related to characters like '%' ([#73941](https://github.com/kubernetes/kubernetes/pull/73941), [@neolit123](https://github.com/neolit123))
* kube-apiserver: a request body of a CREATE/UPDATE/PATCH/DELETE resource operation larger than 100 MB will return a 413 "request entity too large" error. ([#73805](https://github.com/kubernetes/kubernetes/pull/73805), [@caesarxuchao](https://github.com/caesarxuchao))
* Custom apiservers built with the latest apiserver library will have the 100MB limit on the body of resource requests as well. The limit can be altered via ServerRunOptions.MaxRequestBodyBytes.
* The body size limit does not apply to subresources like pods/proxy that proxy request content to another server.
* Kustomize is developed in its own repo https://github.com/kubernetes-sigs/kustomize ([#73033](https://github.com/kubernetes/kubernetes/pull/73033), [@Liujingfang1](https://github.com/Liujingfang1))
* This PR added a new subcommand `kustomize` in kubectl.
* kubectl kustomize <somedir> has the same effect as kustomize build <somedir>
* To build API resources from somedir with a kustomization.yaml file
* kubectl kustomize <somedir>
* This command can be piped to apply or delete
* kubectl kustomize <somedir> | kubectl apply -f -
* kubectl kustomize <somedir> | kubectl delete -f -
* kubeadm: all master components are now exclusively relying on the `PriorityClassName` pod spec for annotating them as cluster critical components. Since `scheduler.alpha.kubernetes.io/critical-pod` annotation is no longer supported by Kubernetes 1.14 this annotation is no longer added to master components. ([#73857](https://github.com/kubernetes/kubernetes/pull/73857), [@ereslibre](https://github.com/ereslibre))
* Speedup kubectl by >10 when calling out to kube-apiserver for discovery information. ([#73345](https://github.com/kubernetes/kubernetes/pull/73345), [@sttts](https://github.com/sttts))
* kubeadm no longer dumps backtrace if it fails to remove the running containers on reset. ([#73951](https://github.com/kubernetes/kubernetes/pull/73951), [@rosti](https://github.com/rosti))
# v1.14.0-alpha.3
[Documentation](https://docs.k8s.io)
## Downloads for v1.14.0-alpha.3
filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes.tar.gz) | `5060dcf689dad4e19da5029eb8fc3060a4b2bad988fddff438d0703a45c02481bcfbc15f45d2855f4fd5e9eb43847400ebb25dce19e24f0e0e194a7f57176ce5`
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-src.tar.gz) | `754c948b5d25b01f211866d473257be5fb576b4b97703eb6fc08679d6525e1f53195a450f3f47b77fabb92bf058583b66230959197b5bcf72528e54ccb349c07`
### Client Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-client-darwin-386.tar.gz) | `5bd74dfc86bacf89d6b05d541e13bf390216039a42cc90fef2b248820acd84f56a445ec66d52497ff77e1af47455f285c993cd1d44cc3050996189bd328ea2be`
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-client-darwin-amd64.tar.gz) | `34e16661d66d337083583dfb478756ec8cc664d7cfc2dd1817bf1da03cdc380668be9df9f178b5fd5ccab5014e6686f83b9fee6192fbf77d2298d397e872a893`
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-client-linux-386.tar.gz) | `15f99e85bcc95f7b8e1b4c6ecc23de36e89a54108003db926e97ec2e7253f363f6ed85e39a47305dbccf596f72e88edd7bcda6d528919da9c0b81541f58506d4`
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-client-linux-amd64.tar.gz) | `2e61cf9b776150c4f1830d068ffee9701cb04979152ed6b62fc1bf53163e6194029a4f75536e7fda71c3dfce1de285f425bde342a4efdd1f7bf973f105750ac4`
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-client-linux-arm.tar.gz) | `67fb3805bb1b4a77f6603fbde9bd1d26e179de1a594c85618aa7b17be6abc510a9a0cd499ef4fe974574cf73b364da641121f21864c8472d713eec76e4c52bca`
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-client-linux-arm64.tar.gz) | `28930dc384b51051081a52874bc4d6dafa3c992dfa214b977ef711de2c2bc3f90bdaa6243bded1e750997fec04b8ffb910db21c266e47e09426c4dbaf916a64d`
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-client-linux-ppc64le.tar.gz) | `f59eda797a57961d52fe67ba8b25a3a10267f9ce46029ed2140ef4b02615ba9944bd83d7a6e7874c7268a09a3422858b9b0c31f861941ef8be126c594fc3a7cc`
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-client-linux-s390x.tar.gz) | `c56bfb64e55cf95251157a8229a3e94310b2c46bb1c1250050893873e3112578978c1f8e29fa56fac63e2aa8a6382523ac34baf6dd523fe0919f8d702521a564`
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-client-windows-386.tar.gz) | `e49a00fbe600892dc5eed0bc21bac64806da65280c818ca79b5e8adbed7fd5ecebb6b647cb9b89ac862257995145b2397996122eefb3c8d127d857c89c29c9ae`
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-client-windows-amd64.tar.gz) | `797e20969ed4935adcbc80ccbcd72ec5aa697e70b0d071eceefc6dbacea69aff9f6660e7eefad6661ace0afb66067c4ffaa4f6bc82e8b081b57811ab0abde218`
### Server Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-server-linux-amd64.tar.gz) | `eddfc9afd7337475c3865443170d1425dcf4a87d981555871a69bcf132e73d99b1ffa08a00490b30c60232f47bbeca4ad6253cf7e1dad44797b4af044dbdbef4`
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-server-linux-arm.tar.gz) | `dc85cd3a039cc0516beb19018c8378f3b7b88fa2edb8fa1476305e89eb7c64fef2d938bd48fd257ea8e690f7d84a69e9784a42aabed35e83ea7362c60773ba67`
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-server-linux-arm64.tar.gz) | `d7c3a72abaa4c3e3243f8b4b3a8adb8be2758e0f883423ea62d2c61b2081464a8976ad43ea0640a7e453aa4d389e3ea2d6d1baedf3b50e1171eca6e49cd087fe`
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-server-linux-ppc64le.tar.gz) | `b268a94eb056eea8bdf4d5739dec430f75a6a6b3c18e30df68d970c3566b3e4a638b3577f6219596ae54eac740628a7ebfecb0772645e6d960f790235e1d62c7`
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-server-linux-s390x.tar.gz) | `f4cfd8d2faacdd1f0065f9e0f4f8d0db7bd8f438f812f70a07f4cb5272ae9bed3ec876b3cbaf2f2a71e65e4de725e1dc0829b43f60f43c9e43656ac928657d5e`
### Node Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-node-linux-amd64.tar.gz) | `7040ee3c032ec4fe14530c3e47ee53d731acb947b06e2d560cbcd0e7e513142c0f300302059aaef03e24311946a9c59b576948eec9b520e2367f28fc4f80226c`
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-node-linux-arm.tar.gz) | `3d32e5243d1c65bce573cfb0f60d643ef3fc684a15551dbc8c3d5435e6854ff104c46c77b0b8708d9c661d52f7865a197ea758f0c17e1ed991993674929ea75e`
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-node-linux-arm64.tar.gz) | `d3a17027fa1c057528422b35e32260f5b7c7246400df595f0ebda5d150456d4388129b1ead4229f98f2b461ff9e85382a7da0d682541844a3c06f0aebe0469b6`
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-node-linux-ppc64le.tar.gz) | `89ed1f5093b49ab9d58d7a70089e881bf388f3316cb2607fa18e3bf072aff3d27aabe99124334774e63decb67349eb82f33ea509b56a72a51e1443c3352b4558`
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-node-linux-s390x.tar.gz) | `755a60824a9b8c4090a791d332e410692708ecece90e37388f58eb2c7ddddea6b859fefcc5a53ec3d275fee0a355086f4446ae8e85482a668d248cca9f5e503c`
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.3/kubernetes-node-windows-amd64.tar.gz) | `c71d8055d89e535771f345e0f673da021915a7a82c75951855ba2574a4250c8a57d0636b4ec9bba209edde8edef30098c6dec2f80403cd46139bb88d814c3751`
## Changelog since v1.14.0-alpha.2
### Action Required
* The --storage-versions flag of kube-apiserver is removed. The storage versions will always be the default value built-in the kube-apiserver binary. ([#67678](https://github.com/kubernetes/kubernetes/pull/67678), [@caesarxuchao](https://github.com/caesarxuchao))
### Other notable changes
* fix [#73264](https://github.com/kubernetes/kubernetes/pull/73264) cpuPeriod was not reset, but used as set via flag, although it was disabled via alpha gate ([#73342](https://github.com/kubernetes/kubernetes/pull/73342), [@szuecs](https://github.com/szuecs))
* Update kubelet CLI summary documentation and generated Webpage ([#73256](https://github.com/kubernetes/kubernetes/pull/73256), [@deitch](https://github.com/deitch))
* Considerably reduced the CPU load in kube-apiserver while aggregating OpenAPI specifications from aggregated API servers. ([#71223](https://github.com/kubernetes/kubernetes/pull/71223), [@sttts](https://github.com/sttts))
* kubeadm: add a preflight check that throws a warning if the cgroup driver for Docker on Linux is not "systemd" as per the k8s.io CRI installation guide. ([#73837](https://github.com/kubernetes/kubernetes/pull/73837), [@neolit123](https://github.com/neolit123))
* Kubelet: add usageNanoCores from CRI stats provider ([#73659](https://github.com/kubernetes/kubernetes/pull/73659), [@feiskyer](https://github.com/feiskyer))
* Fix watch to not send the same set of events multiple times causing watcher to go back in time ([#73845](https://github.com/kubernetes/kubernetes/pull/73845), [@wojtek-t](https://github.com/wojtek-t))
* `system:kube-controller-manager` and `system:kube-scheduler` users are now permitted to perform delegated authentication/authorization checks by default RBAC policy ([#72491](https://github.com/kubernetes/kubernetes/pull/72491), [@liggitt](https://github.com/liggitt))
* Prevent AWS Network Load Balancer security groups ingress rules to be deleted by ensuring target groups are tagged. ([#73594](https://github.com/kubernetes/kubernetes/pull/73594), [@masterzen](https://github.com/masterzen))
* Set a low oom_score_adj for containers in pods with system-critical priorities ([#73758](https://github.com/kubernetes/kubernetes/pull/73758), [@sjenning](https://github.com/sjenning))
* Ensure directories on volumes are group-executable when using fsGroup ([#73533](https://github.com/kubernetes/kubernetes/pull/73533), [@mxey](https://github.com/mxey))
* kube-apiserver now only aggregates openapi schemas from `/openapi/v2` endpoints of aggregated API servers. The fallback to aggregate from `/swagger.json` has been removed. Ensure aggregated API servers provide schema information via `/openapi/v2` (available since v1.10). ([#73441](https://github.com/kubernetes/kubernetes/pull/73441), [@roycaihw](https://github.com/roycaihw))
* Change docker metrics to conform metrics guidelines and using histogram for better aggregation. ([#72323](https://github.com/kubernetes/kubernetes/pull/72323), [@danielqsj](https://github.com/danielqsj))
* The following metrics are deprecated, and will be removed in a future release:
* `docker_operations`
* `docker_operations_latency_microseconds`
* `docker_operations_errors`
* `docker_operations_timeout`
* `network_plugin_operations_latency_microseconds`
* Please convert to the following metrics:
* `docker_operations_total`
* `docker_operations_latency_seconds`
* `docker_operations_errors_total`
* `docker_operations_timeout_total`
* `network_plugin_operations_latency_seconds`
* `kubectl delete --all-namespaces` is a recognized flag. ([#73716](https://github.com/kubernetes/kubernetes/pull/73716), [@deads2k](https://github.com/deads2k))
* MAC Address filter has been fixed in vSphere Cloud Provider, it no longer ignores `00:1c:14` and `00:05:69` prefixes ([#73721](https://github.com/kubernetes/kubernetes/pull/73721), [@frapposelli](https://github.com/frapposelli))
* Add kubelet_node_name metrics. ([#72910](https://github.com/kubernetes/kubernetes/pull/72910), [@danielqsj](https://github.com/danielqsj))
* The HugePages feature gate has graduated to GA, and can no longer be disabled. The feature gate will be removed in v1.16 ([#72785](https://github.com/kubernetes/kubernetes/pull/72785), [@derekwaynecarr](https://github.com/derekwaynecarr))
* Fix a bug that aggregated openapi spec may override swagger securityDefinitions and swagger info in kube-apiserver ([#73484](https://github.com/kubernetes/kubernetes/pull/73484), [@roycaihw](https://github.com/roycaihw))
* Fixes a bug that prevented deletion of dynamically provisioned volumes in Quobyte backends. ([#68925](https://github.com/kubernetes/kubernetes/pull/68925), [@casusbelli](https://github.com/casusbelli))
* error messages returned in authentication webhook status responses are now correctly included in the apiserver log ([#73595](https://github.com/kubernetes/kubernetes/pull/73595), [@liggitt](https://github.com/liggitt))
* kubeadm: `kubeadm alpha preflight` and `kubeadm alpha preflight node` are removed; you can now use `kubeadm join phase preflight` ([#73718](https://github.com/kubernetes/kubernetes/pull/73718), [@fabriziopandini](https://github.com/fabriziopandini))
* kube-apiserver: the deprecated `repair-malformed-updates` has been removed ([#73663](https://github.com/kubernetes/kubernetes/pull/73663), [@danielqsj](https://github.com/danielqsj))
* e2e.test now rejects unknown --provider values instead of merely warning about them. An empty provider name is not accepted anymore and was replaced by "skeleton" (= a provider with no special behavior). ([#73402](https://github.com/kubernetes/kubernetes/pull/73402), [@pohly](https://github.com/pohly))
* Updated AWS SDK to v1.16.26 for ECR PrivateLink support ([#73435](https://github.com/kubernetes/kubernetes/pull/73435), [@micahhausler](https://github.com/micahhausler))
* Expand kubectl wait to work with more types of selectors. ([#71746](https://github.com/kubernetes/kubernetes/pull/71746), [@rctl](https://github.com/rctl))
* The CustomPodDNS feature gate has graduated to GA, and can no longer be disabled. The feature gate will be removed in v1.16 ([#72832](https://github.com/kubernetes/kubernetes/pull/72832), [@MrHohn](https://github.com/MrHohn))
* The `rules` field in RBAC Role and ClusterRole objects is now correctly reported as optional in the openapi schema. ([#73250](https://github.com/kubernetes/kubernetes/pull/73250), [@liggitt](https://github.com/liggitt))
* AWS ELB health checks will now use HTTPS/SSL protocol for HTTPS/SSL backends. ([#70309](https://github.com/kubernetes/kubernetes/pull/70309), [@2rs2ts](https://github.com/2rs2ts))
* kubeadm reset: fixed crash caused by absence of a configuration file ([#73636](https://github.com/kubernetes/kubernetes/pull/73636), [@bart0sh](https://github.com/bart0sh))
* CoreDNS is now version 1.3.1 ([#73610](https://github.com/kubernetes/kubernetes/pull/73610), [@rajansandeep](https://github.com/rajansandeep))
* - A new `k8s_external` plugin that allows external zones to point to Kubernetes in-cluster services.
* - CoreDNS now checks if a zone transfer is allowed. Also allow a TTL of 0 to avoid caching in the cache plugin.
* - TTL is also applied to negative responses (NXDOMAIN, etc).
* Missing directories listed in a user's PATH are no longer considered errors and are instead logged by the "kubectl plugin list" command when listing available plugins. ([#73542](https://github.com/kubernetes/kubernetes/pull/73542), [@juanvallejo](https://github.com/juanvallejo))
* remove kubelet flag '--experimental-fail-swap-on' (deprecated in v1.8) ([#69552](https://github.com/kubernetes/kubernetes/pull/69552), [@Pingan2017](https://github.com/Pingan2017))
* Introduced support for Windows nodes into the cluster bringup scripts for GCE. ([#73442](https://github.com/kubernetes/kubernetes/pull/73442), [@pjh](https://github.com/pjh))
* Now users could get object info like: ([#73063](https://github.com/kubernetes/kubernetes/pull/73063), [@WanLinghao](https://github.com/WanLinghao))
* a. kubectl get pod test-pod -o custom-columns=CONTAINER:.spec.containers[0:3].name
* b. kubectl get pod test-pod -o custom-columns=CONTAINER:.spec.containers[-2:].name
* scheduler: use incremental scheduling cycle in PriorityQueue to put all in-flight unschedulable pods back to active queue if we received move request ([#73309](https://github.com/kubernetes/kubernetes/pull/73309), [@cofyc](https://github.com/cofyc))
* fixes an error processing watch events when running skewed apiservers ([#73482](https://github.com/kubernetes/kubernetes/pull/73482), [@liggitt](https://github.com/liggitt))
* Prometheus metrics for crd_autoregister, crd_finalizer and crd_naming_condition_controller are exported. ([#71767](https://github.com/kubernetes/kubernetes/pull/71767), [@roycaihw](https://github.com/roycaihw))
* Adds deleting pods created by DaemonSet assigned to not existing nodes. ([#73401](https://github.com/kubernetes/kubernetes/pull/73401), [@krzysztof-jastrzebski](https://github.com/krzysztof-jastrzebski))
* Graduate Pod Priority and Preemption to GA. ([#73498](https://github.com/kubernetes/kubernetes/pull/73498), [@bsalamat](https://github.com/bsalamat))
* Adds configuration for AWS endpoint fine control: ([#72245](https://github.com/kubernetes/kubernetes/pull/72245), [@ampsingram](https://github.com/ampsingram))
* OverrideEndpoints bool Set to true to allow custom endpoints
* ServiceDelimiter string Delimiter to use to separate overridden services (multiple services) Defaults to "&"
* ServicenameDelimiter string Delimiter to use to separate servicename from its configuration parameters Defaults "|"
* OverrideSeparator string Delimiter to use to separate region of occurrence, url and signing region for each override Defaults to ","
* ServiceOverrides string example: s3|region1, https://s3.foo.bar, some signing_region & ec2|region2, https://ec2.foo.bar, signing_region
* The CoreDNS configuration now has the forward plugin for proxy in the default configuration instead of the proxy plugin. ([#73267](https://github.com/kubernetes/kubernetes/pull/73267), [@rajansandeep](https://github.com/rajansandeep))
* Fixed a bug that caused PV allocation on non-English vSphere installations to fail ([#73115](https://github.com/kubernetes/kubernetes/pull/73115), [@alvaroaleman](https://github.com/alvaroaleman))
# v1.14.0-alpha.2
[Documentation](https://docs.k8s.io)
## Downloads for v1.14.0-alpha.2
filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes.tar.gz) | `1330e4421b61f6b1e6e4dee276d4742754bd3dd4493508d67ebb4445065277c619c4da8b4835febf0b2cdcf9e75fce96de1c1d99998904bae2bb794a453693f2`
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-src.tar.gz) | `352c043bebf13a616441c920f3eec80d3f02f111d8488c31aa903e1483bce6d1fbe7472208f64730142960c8f778ab921ef7b654540a3ec09e53bd7e644521bd`
### Client Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-client-darwin-386.tar.gz) | `ee5aba4efce323167e6d897a2ff6962a240e466333bcae9390be2c8521c6da50ac2cb6139510b693aad49d6393b97a2118ed1fe4f999dd08bdca6d875d25f804`
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-client-darwin-amd64.tar.gz) | `4b5c0b340322956a8d096c595124a765ac318d0eb460d6320218f2470e22d88221a0a9f1f93d5f3075f1c36b18c7041ee2fcb32e0f9c94d9f79bc3fd3005e68e`
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-client-linux-386.tar.gz) | `7a5bfe68dd58c8478746a410872b615daf8abb9a78754140fb4d014a0c9177a87859ac046f56f5743fb97a9881abc2cf48c3e51aa02c8a86a754bf2cc59edb54`
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-client-linux-amd64.tar.gz) | `c3139f58070241f2da815f701af3c0bd0ea4fdec1fe54bb859bd11237ac9b75ecb01b62ac1c7a459a4dd79696412c6d2f8cbd492fd062a790ceadd3dcc9b07fd`
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-client-linux-arm.tar.gz) | `9d96d2e1e11aa61e2c3a5f4f27c18866feae9833b6ee70b15f5cdb5f992849dc1f79821af856b467487092a21a447231fb9c4de6ee6f17defed3cfa16d35b4c6`
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-client-linux-arm64.tar.gz) | `7b4dd825cf9f217c18b28976a3faa94f0bd4868e541e5be7d57cd770e2b163c6daddf12e5f9ad51d92abde794a444f2a20bf582a30f03c39e60186d356030a2d`
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-client-linux-ppc64le.tar.gz) | `490638e250c24b6bad8b67358fd7890f7a2f6456ae8ffe537c28bb5b3ce7abc591e6fecbddd6744f0f6c0e24b9f44c31f7ca1f7ebfc3c0d17a96fe8cf27b8548`
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-client-linux-s390x.tar.gz) | `9dd8c3361eda15dd1594066c55b79cb9a34578c225b2b48647cd5b34619cf23106b845ee25b80d979f8b69e8733148842177500dc48989177b6944677f071f1c`
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-client-windows-386.tar.gz) | `d624b8aead053201765b713d337528be82a71328ee3dd569f556868ceeb4904e64584892a016d247608fc4521c00ead7aed5d973b1206caa2d00406532d5b8b4`
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-client-windows-amd64.tar.gz) | `a1cf8c67984dd4eb4610fa05d27fe9e9e4123159f933e3986e9db835b9cf136962168f0003071001e01e2c1831804ba0a366f2495741aa60a41587a69c09cb62`
### Server Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-server-linux-amd64.tar.gz) | `b93982b56371994c540cd11e6bc21808279340617164992c10f30d8e6ae4d5e270e41c1edc0625d3458a18944ec7aa8c273acbbcd718d60b6cacbc24220c42ac`
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-server-linux-arm.tar.gz) | `bfd76c6b26e5927166d776f6110b97ee36c1d63ad39e2d18899f3e428ebb0f9615bb677ac8e9bcc1864c72a40efd71e1314fe6d137f9c6e54f720270929e3f46`
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-server-linux-arm64.tar.gz) | `6721dec0df9466cd6c056160c73d598296cebb0af9259eb21b693abb8708901bc8bc30e11815e14d00d6eb12b8bb90b699e3119b922da855e2c411bdf229d6e5`
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-server-linux-ppc64le.tar.gz) | `f8cd307db8141d989ae1218dd2b438bc9cee017d533b1451d2345f9689c451fdb080acd1b9b2f535ed04017e44b81a0585072e7d58a9d201a0ec28fd09df0a6f`
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-server-linux-s390x.tar.gz) | `de7514bbd87a1b363e1bc7787f37d5ea10faac4afe7c5163c23c4df16781aa77570ec553bc4f4b6094166c1fcfc3c431f13e51ffa32f7ea2849e76ec0151ea35`
### Node Binaries
filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-node-linux-amd64.tar.gz) | `8c37fd2fe6232d2c148e23df021b8b5347136263399932bcdff0c7a0186f3145de9ede4936b14de7484cc6db9241517d79b5306c380ed374396882900b63e912`
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-node-linux-arm.tar.gz) | `389e4e77ab9e62968a25b8f4e146a2c3fbb3db2e60e051922edf6395c26cc5380e5a77bf67022339d6ebfe9abd714636d77510bbc42924b4265fdb245fae08c9`
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-node-linux-arm64.tar.gz) | `7efc32dfeefcef7f860913c25431bd891a435e92cb8d5a95f8deca1a82aa899a007d4b19134493694a4bccb5564867488634a780c128f0cf82c61d98afa889f5`
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-node-linux-ppc64le.tar.gz) | `da30c03bca4b81d810a7df006db02333dea87e336d6cdca9c93392e01c7e43bf4902c969efa7fa53e8a70a0e863b403ec26b87bd38226b8b9f98777ddb0051a0`
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-node-linux-s390x.tar.gz) | `cce43b7f0350b9e5a77ea703225adb9714ef022d176db5b99a0327937d19021d7a8e93ef1169389fd53b895bb98725d23c7565ef80afdd17596c26daf41eeeac`
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.14.0-alpha.2/kubernetes-node-windows-amd64.tar.gz) | `d3accf522d80cbfb3d03e9eaa60a09767ba11e88a8a5b44a629192a7c6916b1fb3440f022a5ffc4ea78f3595f254a42f028dd428d117360091cd0c747ec39eb5`
## Changelog since v1.14.0-alpha.1
### Action Required
* Promote ValidateProxyRedirects to Beta, and enable by default. This feature restricts redirect following from the apiserver to same-host redirects. ([#72552](https://github.com/kubernetes/kubernetes/pull/72552), [@tallclair](https://github.com/tallclair))
* ACTION REQUIRED: If nodes are configured to respond to CRI streaming requests on a different host interface than what the apiserver makes requests on (only the case if not using the built-in dockershim & setting the kubelet flag `--redirect-container-streaming=true`), then these requests will be broken. In that case, the feature can be temporarily disabled until the node configuration is corrected. We suggest setting `--redirect-container-streaming=false` on the kubelet to avoid issues.
### Other notable changes
* Added alpha field storageVersionHash to the discovery document for each resource. Its value must be treated as opaque by clients. Only equality comparison on the value is valid. ([#73191](https://github.com/kubernetes/kubernetes/pull/73191), [@caesarxuchao](https://github.com/caesarxuchao))
* Fix admission metrics in seconds. ([#72343](https://github.com/kubernetes/kubernetes/pull/72343), [@danielqsj](https://github.com/danielqsj))
* Add metrics `*_admission_latencies_milliseconds` and `*_admission_latencies_milliseconds_summary` for backward compatible, but will be removed in a future release.
* Pod eviction now honors graceful deletion by default if no delete options are provided in the eviction request ([#72730](https://github.com/kubernetes/kubernetes/pull/72730), [@liggitt](https://github.com/liggitt))
* Update to go1.11.5 ([#73326](https://github.com/kubernetes/kubernetes/pull/73326), [@ixdy](https://github.com/ixdy))
* Change proxy metrics to conform metrics guidelines. ([#72334](https://github.com/kubernetes/kubernetes/pull/72334), [@danielqsj](https://github.com/danielqsj))
* The metrics `sync_proxy_rules_latency_microseconds` is deprecated, and will be removed in a future release, please convert to metrics`sync_proxy_rules_latency_seconds`.
* Add network stats for Windows nodes and pods. ([#70121](https://github.com/kubernetes/kubernetes/pull/70121), [@feiskyer](https://github.com/feiskyer))
* kubeadm: When certificates are present joining a new control plane make sure that they match at least the required SANs ([#73093](https://github.com/kubernetes/kubernetes/pull/73093), [@ereslibre](https://github.com/ereslibre))
* A new `TaintNodesByCondition` admission plugin taints newly created Node objects as "not ready", to fix a race condition that could cause pods to be scheduled on new nodes before their taints were updated to accurately reflect their reported conditions. This admission plugin is enabled by default if the `TaintNodesByCondition` feature is enabled. ([#73097](https://github.com/kubernetes/kubernetes/pull/73097), [@bsalamat](https://github.com/bsalamat))
* kube-addon-manager was updated to v9.0, and now uses kubectl v1.13.2 and prunes workload resources via the apps/v1 API ([#72978](https://github.com/kubernetes/kubernetes/pull/72978), [@liggitt](https://github.com/liggitt))
* When a watch is closed by an HTTP2 load balancer and we are told to go away, skip printing the message to stderr by default. ([#73277](https://github.com/kubernetes/kubernetes/pull/73277), [@smarterclayton](https://github.com/smarterclayton))
* If you are running the cloud-controller-manager and you have the `pvlabel.kubernetes.io` alpha Initializer enabled, you must now enable PersistentVolume labeling using the `PersistentVolumeLabel` admission controller instead. You can do this by adding `PersistentVolumeLabel` in the `--enable-admission-plugins` kube-apiserver flag. ([#73102](https://github.com/kubernetes/kubernetes/pull/73102), [@andrewsykim](https://github.com/andrewsykim))
* The alpha Initializers feature, `admissionregistration.k8s.io/v1alpha1` API version, `Initializers` admission plugin, and use of the `metadata.initializers` API field have been removed. Discontinue use of the alpha feature and delete any existing `InitializerConfiguration` API objects before upgrading. The `metadata.initializers` field will be removed in a future release. ([#72972](https://github.com/kubernetes/kubernetes/pull/72972), [@liggitt](https://github.com/liggitt))
* Scale max-inflight limits together with master VM sizes. ([#73268](https://github.com/kubernetes/kubernetes/pull/73268), [@wojtek-t](https://github.com/wojtek-t))
* kubectl supports copying files with wild card ([#72641](https://github.com/kubernetes/kubernetes/pull/72641), [@dixudx](https://github.com/dixudx))
* kubeadm: add back `--cert-dir` option for `kubeadm init phase certs sa` ([#73239](https://github.com/kubernetes/kubernetes/pull/73239), [@mattkelly](https://github.com/mattkelly))
* Remove deprecated args '--show-all' ([#69255](https://github.com/kubernetes/kubernetes/pull/69255), [@Pingan2017](https://github.com/Pingan2017))
* As per deprecation policy in https://kubernetes.io/docs/reference/using-api/deprecation-policy/ ([#73001](https://github.com/kubernetes/kubernetes/pull/73001), [@shivnagarajan](https://github.com/shivnagarajan))
* the taints "node.alpha.kubernetes.io/notReady" and "node.alpha.kubernetes.io/unreachable". are no
* longer supported or adjusted. These uses should be replaced with "node.kubernetes.io/not-ready"
* and "node.kubernetes.io/unreachable" respectively instead.
* The /swagger.json and /swagger-2.0.0.pb-v1 schema documents, deprecated since v1.10, have been removed in favor of `/openapi/v2` ([#73148](https://github.com/kubernetes/kubernetes/pull/73148), [@liggitt](https://github.com/liggitt))
* CoreDNS is only officially supported on Linux at this time. As such, when kubeadm is used to deploy this component into your kubernetes cluster, it will be restricted (using nodeSelectors) to run only on nodes with that operating system. This ensures that in clusters which include Windows nodes, the scheduler will not ever attempt to place CoreDNS pods on these machines, reducing setup latency and enhancing initial cluster stability. ([#69940](https://github.com/kubernetes/kubernetes/pull/69940), [@MarcPow](https://github.com/MarcPow))
* kubeadm now attempts to detect an installed CRI by its usual domain socket, so that --cri-socket can be omitted from the command line if Docker is not used and there is a single CRI installed. ([#69366](https://github.com/kubernetes/kubernetes/pull/69366), [@rosti](https://github.com/rosti))
* scheduler: makes pod less racing so as to be put back into activeQ properly ([#73078](https://github.com/kubernetes/kubernetes/pull/73078), [@Huang-Wei](https://github.com/Huang-Wei))
* jsonpath expressions containing `[start:end:step]` slice are now evaluated correctly ([#73149](https://github.com/kubernetes/kubernetes/pull/73149), [@liggitt](https://github.com/liggitt))
* metadata.deletionTimestamp is no longer moved into the future when issuing repeated DELETE requests against a resource containing a finalizer. ([#73138](https://github.com/kubernetes/kubernetes/pull/73138), [@liggitt](https://github.com/liggitt))
* The "kubectl api-resources" command will no longer fail to display any resources on a single failure ([#73035](https://github.com/kubernetes/kubernetes/pull/73035), [@juanvallejo](https://github.com/juanvallejo))
* e2e tests that require SSH may be used against clusters that have nodes without external IP addresses by setting the environment variable `KUBE_SSH_BASTION` to the `host:port` of a machine that is allowed to SSH to those nodes. The same private key that the test would use is used for the bastion host. The test connects to the bastion and then tunnels another SSH connection to the node. ([#72286](https://github.com/kubernetes/kubernetes/pull/72286), [@smarterclayton](https://github.com/smarterclayton))
* kubeadm: explicitly wait for `etcd` to have grown when joining a new control plane ([#72984](https://github.com/kubernetes/kubernetes/pull/72984), [@ereslibre](https://github.com/ereslibre))
* Install CSINodeInfo and CSIDriver CRDs in the local cluster. ([#72584](https://github.com/kubernetes/kubernetes/pull/72584), [@xing-yang](https://github.com/xing-yang))
* kubectl loads config file once and uses persistent client config ([#71117](https://github.com/kubernetes/kubernetes/pull/71117), [@dixudx](https://github.com/dixudx))
* remove stale OutOfDisk condition from kubelet side ([#72507](https://github.com/kubernetes/kubernetes/pull/72507), [@dixudx](https://github.com/dixudx))
* Node OS/arch labels are promoted to GA ([#73048](https://github.com/kubernetes/kubernetes/pull/73048), [@yujuhong](https://github.com/yujuhong))
* Fix graceful apiserver shutdown to not drop outgoing bytes before the process terminates. ([#72970](https://github.com/kubernetes/kubernetes/pull/72970), [@sttts](https://github.com/sttts))
* Change apiserver metrics to conform metrics guidelines. ([#72336](https://github.com/kubernetes/kubernetes/pull/72336), [@danielqsj](https://github.com/danielqsj))
* The following metrics are deprecated, and will be removed in a future release:
* `apiserver_request_count`
* `apiserver_request_latencies`
* `apiserver_request_latencies_summary`
* `apiserver_dropped_requests`
* `etcd_helper_cache_hit_count`
* `etcd_helper_cache_miss_count`
* `etcd_helper_cache_entry_count`
* `etcd_request_cache_get_latencies_summary`
* `etcd_request_cache_add_latencies_summary`
* `etcd_request_latencies_summary`
* `transformation_latencies_microseconds `
* `data_key_generation_latencies_microseconds`
* Please convert to the following metrics:
* `apiserver_request_total`
* `apiserver_request_latency_seconds`
* `apiserver_dropped_requests_total`
* `etcd_helper_cache_hit_total`
* `etcd_helper_cache_miss_total`
* `etcd_helper_cache_entry_total`
* `etcd_request_cache_get_latency_seconds`
* `etcd_request_cache_add_latency_seconds`
* `etcd_request_latency_seconds`
* `transformation_latencies_seconds`
* `data_key_generation_latencies_seconds`
* acquire lock before operating unschedulablepodsmap ([#73022](https://github.com/kubernetes/kubernetes/pull/73022), [@denkensk](https://github.com/denkensk))
* Print `SizeLimit` of `EmptyDir` in `kubectl describe pod` outputs. ([#69279](https://github.com/kubernetes/kubernetes/pull/69279), [@dtaniwaki](https://github.com/dtaniwaki))
* add goroutine to move unschedulable pods to activeq if they are not retried for more than 1 minute ([#72558](https://github.com/kubernetes/kubernetes/pull/72558), [@denkensk](https://github.com/denkensk))
* PidPressure evicts pods from lowest priority to highest priority ([#72844](https://github.com/kubernetes/kubernetes/pull/72844), [@dashpole](https://github.com/dashpole))
* Reduce GCE log rotation check from 1 hour to every 5 minutes. Rotation policy is unchanged (new day starts, log file size > 100MB). ([#72062](https://github.com/kubernetes/kubernetes/pull/72062), [@jpbetz](https://github.com/jpbetz))
* Add support for max attach limit for Cinder ([#72980](https://github.com/kubernetes/kubernetes/pull/72980), [@gnufied](https://github.com/gnufied))
* Fixes the setting of NodeAddresses when using the vSphere CloudProvider and nodes that have multiple IP addresses. ([#70805](https://github.com/kubernetes/kubernetes/pull/70805), [@danwinship](https://github.com/danwinship))
* kubeadm: pull images when joining a new control plane instance ([#72870](https://github.com/kubernetes/kubernetes/pull/72870), [@MalloZup](https://github.com/MalloZup))
* Enable mTLS encription between etcd and kube-apiserver in GCE ([#70144](https://github.com/kubernetes/kubernetes/pull/70144), [@wenjiaswe](https://github.com/wenjiaswe))
* The `/swaggerapi/*` schema docs, deprecated since 1.7, have been removed in favor of the /openapi/v2 schema docs. ([#72924](https://github.com/kubernetes/kubernetes/pull/72924), [@liggitt](https://github.com/liggitt))
* Allow users to use Docker 18.09 with kubeadm ([#72823](https://github.com/kubernetes/kubernetes/pull/72823), [@dims](https://github.com/dims))
# v1.14.0-alpha.1
[Documentation](https://docs.k8s.io)
@ -95,7 +727,7 @@ filename | sha512 hash
* Fixes spurious 0-length API responses. ([#72856](https://github.com/kubernetes/kubernetes/pull/72856), [@liggitt](https://github.com/liggitt))
* Updates Fluentd to 1.3.2 & added filter_parser ([#71180](https://github.com/kubernetes/kubernetes/pull/71180), [@monotek](https://github.com/monotek))
* The leaderelection package allows the lease holder to release its lease when the calling context is cancelled. This allows ([#71490](https://github.com/kubernetes/kubernetes/pull/71490), [@smarterclayton](https://github.com/smarterclayton))
* faster handoff when a leader-elected process is gracefully terminated.
* faster handoff when a leader-elected process is gracefully terminated.
* Make volume binder resilient to races between main schedule loop and async binding operation ([#72045](https://github.com/kubernetes/kubernetes/pull/72045), [@cofyc](https://github.com/cofyc))
* Bump minimum docker API version to 1.26 (1.13.1) ([#72831](https://github.com/kubernetes/kubernetes/pull/72831), [@yujuhong](https://github.com/yujuhong))
* If the `TokenRequestProjection` feature gate is disabled, projected serviceAccountToken volume sources are now dropped at object creation time, or at object update time if the existing object did not have a projected serviceAccountToken volume source. Previously, these would result in validation errors. ([#72714](https://github.com/kubernetes/kubernetes/pull/72714), [@mourya007](https://github.com/mourya007))

2
CHANGELOG-1.4.md
View File

@ -433,7 +433,7 @@ filename | sha256 hash
Changelog (vs 55-8872-18-0)
* Cherry-pick runc PR#608: Eliminate redundant parsing of mountinfo
* Updated kubernetes to v1.4.5
* Fixed a bug in e2fsprogs that caused mke2fs to take a very long time. Upstream fix: http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=next&id=d33e690fe7a6cbeb51349d9f2c7fb16a6ebec9c2
* Fixed a bug in e2fsprogs that caused mke2fs to take a very long time. Upstream fix: http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=next&id=d33e690fe7a6cbeb51349d9f2c7fb16a6ebec9c2
```
* Fix fetching pids running in a cgroup, which caused problems with OOM score adjustments & setting the /system cgroup ("misc" in the summary API). ([#36614](https://github.com/kubernetes/kubernetes/pull/36614), [@timstclair](https://github.com/timstclair))

12
CHANGELOG-1.7.md
View File

@ -1375,7 +1375,7 @@ filename | sha256 hash
Kubernetes 1.7 is a milestone release that adds security, stateful application, and extensibility features motivated by widespread production use of Kubernetes.
Security enhancements in this release include encrypted secrets (alpha), network policy for pod-to-pod communication, the node authorizer to limit Kubelet access to API resources, and Kubelet client / server TLS certificate rotation (alpha).
Security enhancements in this release include encrypted secrets (alpha), network policy for pod-to-pod communication, the node authorizer to limit Kubelet access to API resources, and Kubelet client / server TLS certificate rotation (alpha).
Major features for stateful applications include automated updates to StatefulSets, enhanced updates for DaemonSets, a burst mode for faster StatefulSets scaling, and (alpha) support for local storage.
@ -2281,7 +2281,7 @@ Features for this release were tracked via the use of the [kubernetes/features](
* Add ABRT support. ([#105](https://github.com/kubernetes/node-problem-detector/pull/105), [@juliusmilan](https://github.com/juliusmilan))
* Add a docker image corruption problem detection in the default docker monitor config. ([#117](https://github.com/kubernetes/node-problem-detector/pull/117), [@ajitak](https://github.com/ajitak))
* Upgrade CAdvisor to v0.26.1. New features added:
* Add Docker overlay2 storage driver support.
@ -2291,7 +2291,7 @@ Features for this release were tracked via the use of the [kubernetes/features](
* Add UDP metrics (collection disabled by default).
* Roll up volume error messages in the kubelet sync loop. ([#44938](https://github.com/kubernetes/kubernetes/pull/44938), [@jayunit100](https://github.com/jayunit100))
* Allow pods to opt out of PodPreset mutation via an annotation on the pod. ([#44965](https://github.com/kubernetes/kubernetes/pull/44965), [@jpeeler](https://github.com/jpeeler))
* Add generic Toleration for NoExecute Taints to NodeProblemDetector, so that NPD can be scheduled to nodes with NoExecute taints by default. ([#45883](https://github.com/kubernetes/kubernetes/pull/45883), [@gmarek](https://github.com/gmarek))
@ -2608,7 +2608,7 @@ filename | sha256 hash
* servicecontroller: Fix node selection logic on initial LB creation ([#45773](https://github.com/kubernetes/kubernetes/pull/45773), [@justinsb](https://github.com/justinsb))
* Fix iSCSI iSER mounting. ([#47281](https://github.com/kubernetes/kubernetes/pull/47281), [@mtanino](https://github.com/mtanino))
* StorageOS Volume Driver ([#42156](https://github.com/kubernetes/kubernetes/pull/42156), [@croomes](https://github.com/croomes))
* [StorageOS](http://www.storageos.com) can be used as a storage provider for Kubernetes. With StorageOS, capacity from local or attached storage is pooled across the cluster, providing converged infrastructure for cloud-native applications.
* [StorageOS](http://www.storageos.com) can be used as a storage provider for Kubernetes. With StorageOS, capacity from local or attached storage is pooled across the cluster, providing converged infrastructure for cloud-native applications.
* CRI has been moved to package `pkg/kubelet/apis/cri/v1alpha1/runtime`. ([#47113](https://github.com/kubernetes/kubernetes/pull/47113), [@feiskyer](https://github.com/feiskyer))
* Make gcp auth provider not to override the Auth header if it's already exits ([#45575](https://github.com/kubernetes/kubernetes/pull/45575), [@wanghaoran1988](https://github.com/wanghaoran1988))
* Allow pods to opt out of PodPreset mutation via an annotation on the pod. ([#44965](https://github.com/kubernetes/kubernetes/pull/44965), [@jpeeler](https://github.com/jpeeler))
@ -2733,7 +2733,7 @@ filename | sha256 hash
* federation: Add admission controller for policy-based placement ([#44786](https://github.com/kubernetes/kubernetes/pull/44786), [@tsandall](https://github.com/tsandall))
* Get command uses OpenAPI schema to enhance display for a resource if run with flag 'use-openapi-print-columns'. ([#46235](https://github.com/kubernetes/kubernetes/pull/46235), [@droot](https://github.com/droot))
* An example command:
* kubectl get pods --use-openapi-print-columns
* kubectl get pods --use-openapi-print-columns
* add gzip compression to GET and LIST requests ([#45666](https://github.com/kubernetes/kubernetes/pull/45666), [@ilackarms](https://github.com/ilackarms))
* Fix the bug where container cannot run as root when SecurityContext.RunAsNonRoot is false. ([#47009](https://github.com/kubernetes/kubernetes/pull/47009), [@yujuhong](https://github.com/yujuhong))
* Fixes a bug with cAdvisorPort in the KubeletConfiguration that prevented setting it to 0, which is in fact a valid option, as noted in issue [#11710](https://github.com/kubernetes/kubernetes/pull/11710). ([#46876](https://github.com/kubernetes/kubernetes/pull/46876), [@mtaufen](https://github.com/mtaufen))
@ -3046,7 +3046,7 @@ filename | sha256 hash
* The new metrics are:
* cloudprovider_gce_api_request_duration_seconds{request, region, zone}
* cloudprovider_gce_api_request_errors{request, region, zone}
* `request` is the specific function that is used.
* `region` is the target region (Will be "<n/a>" if not applicable)
* `zone` is the target zone (Will be "<n/a>" if not applicable)

10
CHANGELOG-1.8.md
View File

@ -1514,7 +1514,7 @@ For more information, see [#53288](https://issue.k8s.io/53288).
For more information, see [#53356](https://issue.k8s.io/53356#issuecomment-333748618).
* A performance issue was identified in large-scale clusters when deleting thousands of pods simultaneously across hundreds of nodes. Kubelets in this scenario can encounter temporarily increased latency of `delete pod` API calls -- above the target service level objective of 1 second. If you run clusters with this usage pattern and if pod deletion latency could be an issue for you, you might want to wait until the issue is resolved before you upgrade.
* A performance issue was identified in large-scale clusters when deleting thousands of pods simultaneously across hundreds of nodes. Kubelets in this scenario can encounter temporarily increased latency of `delete pod` API calls -- above the target service level objective of 1 second. If you run clusters with this usage pattern and if pod deletion latency could be an issue for you, you might want to wait until the issue is resolved before you upgrade.
For more information and for updates on resolution of this issue, see [#51899](https://github.com/kubernetes/kubernetes/issues/51899).
@ -2322,7 +2322,7 @@ filename | sha256 hash
* PersistentVolumeClaim metrics like "volume_stats_inodes" and "volume_stats_capacity_bytes" are now reported via kubelet prometheus ([#51553](https://github.com/kubernetes/kubernetes/pull/51553), [@wongma7](https://github.com/wongma7))
* When using IP aliases, use a secondary range rather than subnetwork to reserve cluster IPs. ([#51690](https://github.com/kubernetes/kubernetes/pull/51690), [@bowei](https://github.com/bowei))
* IPAM controller unifies handling of node pod CIDR range allocation. ([#51374](https://github.com/kubernetes/kubernetes/pull/51374), [@bowei](https://github.com/bowei))
* It is intended to supersede the logic that is currently in range_allocator
* It is intended to supersede the logic that is currently in range_allocator
* and cloud_cidr_allocator. (ALPHA FEATURE)
* Note: for this change, the other allocators still exist and are the default.
* It supports two modes:
@ -2390,7 +2390,7 @@ filename | sha256 hash
* add fieldSelector spec.schedulerName ([#50582](https://github.com/kubernetes/kubernetes/pull/50582), [@dixudx](https://github.com/dixudx))
* Change eviction manager to manage one single local ephemeral storage resource ([#50889](https://github.com/kubernetes/kubernetes/pull/50889), [@NickrenREN](https://github.com/NickrenREN))
* Cloud Controller Manager now sets Node.Spec.ProviderID ([#50730](https://github.com/kubernetes/kubernetes/pull/50730), [@andrewsykim](https://github.com/andrewsykim))
* Paramaterize session affinity timeout seconds in service API for Client IP based session affinity. ([#49850](https://github.com/kubernetes/kubernetes/pull/49850), [@m1093782566](https://github.com/m1093782566))
* Parameterize session affinity timeout seconds in service API for Client IP based session affinity. ([#49850](https://github.com/kubernetes/kubernetes/pull/49850), [@m1093782566](https://github.com/m1093782566))
* Changing scheduling part of the alpha feature 'LocalStorageCapacityIsolation' to manage one single local ephemeral storage resource ([#50819](https://github.com/kubernetes/kubernetes/pull/50819), [@NickrenREN](https://github.com/NickrenREN))
* set --audit-log-format default to json ([#50971](https://github.com/kubernetes/kubernetes/pull/50971), [@CaoShuFeng](https://github.com/CaoShuFeng))
* kubeadm: Implement a `--dry-run` mode and flag for `kubeadm` ([#51122](https://github.com/kubernetes/kubernetes/pull/51122), [@luxas](https://github.com/luxas))
@ -2951,7 +2951,7 @@ filename | sha256 hash
* servicecontroller: Fix node selection logic on initial LB creation ([#45773](https://github.com/kubernetes/kubernetes/pull/45773), [@justinsb](https://github.com/justinsb))
* Fix iSCSI iSER mounting. ([#47281](https://github.com/kubernetes/kubernetes/pull/47281), [@mtanino](https://github.com/mtanino))
* StorageOS Volume Driver ([#42156](https://github.com/kubernetes/kubernetes/pull/42156), [@croomes](https://github.com/croomes))
* [StorageOS](http://www.storageos.com) can be used as a storage provider for Kubernetes. With StorageOS, capacity from local or attached storage is pooled across the cluster, providing converged infrastructure for cloud-native applications.
* [StorageOS](http://www.storageos.com) can be used as a storage provider for Kubernetes. With StorageOS, capacity from local or attached storage is pooled across the cluster, providing converged infrastructure for cloud-native applications.
* CRI has been moved to package `pkg/kubelet/apis/cri/v1alpha1/runtime`. ([#47113](https://github.com/kubernetes/kubernetes/pull/47113), [@feiskyer](https://github.com/feiskyer))
* Make gcp auth provider not to override the Auth header if it's already exits ([#45575](https://github.com/kubernetes/kubernetes/pull/45575), [@wanghaoran1988](https://github.com/wanghaoran1988))
* Allow pods to opt out of PodPreset mutation via an annotation on the pod. ([#44965](https://github.com/kubernetes/kubernetes/pull/44965), [@jpeeler](https://github.com/jpeeler))
@ -2973,7 +2973,7 @@ filename | sha256 hash
* federation: Add admission controller for policy-based placement ([#44786](https://github.com/kubernetes/kubernetes/pull/44786), [@tsandall](https://github.com/tsandall))
* Get command uses OpenAPI schema to enhance display for a resource if run with flag 'use-openapi-print-columns'. ([#46235](https://github.com/kubernetes/kubernetes/pull/46235), [@droot](https://github.com/droot))
* An example command:
* kubectl get pods --use-openapi-print-columns
* kubectl get pods --use-openapi-print-columns
* add gzip compression to GET and LIST requests ([#45666](https://github.com/kubernetes/kubernetes/pull/45666), [@ilackarms](https://github.com/ilackarms))
* Fix the bug where container cannot run as root when SecurityContext.RunAsNonRoot is false. ([#47009](https://github.com/kubernetes/kubernetes/pull/47009), [@yujuhong](https://github.com/yujuhong))
* Fixes a bug with cAdvisorPort in the KubeletConfiguration that prevented setting it to 0, which is in fact a valid option, as noted in issue [#11710](https://github.com/kubernetes/kubernetes/pull/11710). ([#46876](https://github.com/kubernetes/kubernetes/pull/46876), [@mtaufen](https://github.com/mtaufen))

36
CHANGELOG-1.9.md
View File

@ -274,7 +274,7 @@ filename | sha512 hash
* fix UnmountDevice failure on Windows ([#68608](https://github.com/kubernetes/kubernetes/pull/68608), [@andyzhangx](https://github.com/andyzhangx))
* adjusted http/2 buffer sizes for apiservers to prevent starvation issues between concurrent streams ([#67902](https://github.com/kubernetes/kubernetes/pull/67902), [@liggitt](https://github.com/liggitt))
* Bump up version number of debian-base, debian-hyperkube-base and debian-iptables. ([#67026](https://github.com/kubernetes/kubernetes/pull/67026), [@satyasm](https://github.com/satyasm))
* Also updates dependencies of users of debian-base.
* Also updates dependencies of users of debian-base.
* debian-base version 0.3.1 is already available.
* Update debian-iptables and hyperkube-base images to include CVE fixes. ([#67365](https://github.com/kubernetes/kubernetes/pull/67365), [@ixdy](https://github.com/ixdy))
* Immediately close the other side of the connection when proxying. ([#67288](https://github.com/kubernetes/kubernetes/pull/67288), [@MHBauer](https://github.com/MHBauer))
@ -1121,7 +1121,7 @@ Extensibility. SIG API Machinery added a new class of admission control webhooks
### Apps
The core workloads API, which is composed of the DaemonSet, Deployment, ReplicaSet, and StatefulSet kinds, has been promoted to GA stability in the apps/v1 group version. As such, the apps/v1beta2 group version is deprecated, and all new code should use the kinds in the apps/v1 group version.
The core workloads API, which is composed of the DaemonSet, Deployment, ReplicaSet, and StatefulSet kinds, has been promoted to GA stability in the apps/v1 group version. As such, the apps/v1beta2 group version is deprecated, and all new code should use the kinds in the apps/v1 group version.
### Auth
@ -1151,7 +1151,7 @@ In v1.9 SIG Network has implemented alpha support for IPv6, and alpha support fo
### Node
SIG Node iterated on the ability to support more workloads with better performance and improved reliability. Alpha features were improved around hardware accelerator support, device plugins enablement, and cpu pinning policies to enable us to graduate these features to beta in a future release. In addition, a number of reliability and performance enhancements were made across the node to help operators in production.
SIG Node iterated on the ability to support more workloads with better performance and improved reliability. Alpha features were improved around hardware accelerator support, device plugins enablement, and cpu pinning policies to enable us to graduate these features to beta in a future release. In addition, a number of reliability and performance enhancements were made across the node to help operators in production.
### OpenStack
@ -1175,7 +1175,7 @@ The SIG also focused on adding functionality to the Kubernetes volume subsystem,
We are advancing support for Windows Server and Windows Server Containers to beta along with continued feature and functional advancements on both the Kubernetes and Windows platforms. This opens the door for many Windows-specific applications and workloads to run on Kubernetes, significantly expanding the implementation scenarios and the enterprise reach of Kubernetes.
## Before Upgrading
## Before Upgrading
Consider the following changes, limitations, and guidelines before you upgrade:
@ -1206,7 +1206,7 @@ Consider the following changes, limitations, and guidelines before you upgrade:
### **Multicluster**
* Development of Kubernetes Federation has moved to [github.com/kubernetes/federation](https://github.com/kubernetes/federation). This move out of tree also means that Federation will begin releasing separately from Kubernetes. Impact:
* Development of Kubernetes Federation has moved to [github.com/kubernetes/federation](https://github.com/kubernetes/federation). This move out of tree also means that Federation will begin releasing separately from Kubernetes. Impact:
* Federation-specific behavior will no longer be included in kubectl
* kubefed will no longer be released as part of Kubernetes
* The Federation servers will no longer be included in the hyperkube binary and image. ([#53816](https://github.com/kubernetes/kubernetes/pull/53816),[ @marun](https://github.com/marun))
@ -1236,7 +1236,7 @@ Consider the following changes, limitations, and guidelines before you upgrade:
### **Storage**
* [alpha] The LocalPersistentVolumes alpha feature now also requires the VolumeScheduling alpha feature. This is a breaking change, and the following changes are required:
* [alpha] The LocalPersistentVolumes alpha feature now also requires the VolumeScheduling alpha feature. This is a breaking change, and the following changes are required:
* The VolumeScheduling feature gate must also be enabled on kube-scheduler and kube-controller-manager components.
* The NoVolumeNodeConflict predicate has been removed. For non-default schedulers, update your scheduler policy.
* The CheckVolumeBinding predicate must be enabled in non-default schedulers. ([#55039](https://github.com/kubernetes/kubernetes/pull/55039),[ @msau42](https://github.com/msau42))
@ -1384,7 +1384,7 @@ As announced with the release of version 1.8, the Kubernetes Workloads API is at
* New permissions have been added to default RBAC roles ([#52654](https://github.com/kubernetes/kubernetes/pull/52654),[ @liggitt](https://github.com/liggitt)):
* The default admin and edit roles now include read/write permissions
* The view role includes read permissions on poddisruptionbudget.policy resources.
* The view role includes read permissions on poddisruptionbudget.policy resources.
* RBAC rules can now match the same subresource on any resource using the form `*/(subresource)`. For example, `*/scale` matches requests to `replicationcontroller/scale`. ([#53722](https://github.com/kubernetes/kubernetes/pull/53722),[ @deads2k](https://github.com/deads2k))
* The RBAC bootstrapping policy now allows authenticated users to create selfsubjectrulesreviews. ([#56095](https://github.com/kubernetes/kubernetes/pull/56095),[ @ericchiang](https://github.com/ericchiang))
* RBAC ClusterRoles can now select other roles to aggregate. ([#54005](https://github.com/kubernetes/kubernetes/pull/54005),[ @deads2k](https://github.com/deads2k))
@ -1665,7 +1665,7 @@ This release passes 129/145 Kubernetes e2e conformance tests.
* Load balancing is now more flexible:
* The OpenStack LBaaS v2 Provider is now [configurable](https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/#openstack). ([#54176](https://github.com/kubernetes/kubernetes/pull/54176),[ @gonzolino](https://github.com/gonzolino))
* OpenStack Octavia v2 is now supported as a load balancer provider in addition to the existing support for the Neutron LBaaS V2 implementation. Neutron LBaaS V1 support has been removed. ([#55393](https://github.com/kubernetes/kubernetes/pull/55393),[ @jamiehannaford](https://github.com/jamiehannaford))
* OpenStack security group support has been beefed up ([#50836](https://github.com/kubernetes/kubernetes/pull/50836),[ @FengyunPan](https://github.com/FengyunPan)):
* OpenStack security group support has been beefed up ([#50836](https://github.com/kubernetes/kubernetes/pull/50836),[ @FengyunPan](https://github.com/FengyunPan)):
* Kubernetes will now automatically determine the security group for the node
* Nodes can now belong to multiple security groups
@ -1679,7 +1679,7 @@ This release passes 129/145 Kubernetes e2e conformance tests.
* Scheduler cache ignores updates to an assumed pod if updates are limited to pod annotations. ([#54008](https://github.com/kubernetes/kubernetes/pull/54008),[ @yguo0905](https://github.com/yguo0905))
* Issues with namespace deletion have been resolved. ([#53720](https://github.com/kubernetes/kubernetes/pull/53720),[ @shyamjvs](https://github.com/shyamjvs)) ([#53793](https://github.com/kubernetes/kubernetes/pull/53793),[ @wojtek-t](https://github.com/wojtek-t))
* Pod preemption has been improved.
* Pod preemption has been improved.
* Now takes PodDisruptionBudget into account. ([#56178](https://github.com/kubernetes/kubernetes/pull/56178),[ @bsalamat](https://github.com/bsalamat))
* Nominated pods are taken into account during scheduling to avoid starvation of higher priority pods. ([#55933](https://github.com/kubernetes/kubernetes/pull/55933),[ @bsalamat](https://github.com/bsalamat))
* Fixed 'Schedulercache is corrupted' error in kube-scheduler ([#55262](https://github.com/kubernetes/kubernetes/pull/55262),[ @liggitt](https://github.com/liggitt))
@ -1699,12 +1699,12 @@ This release passes 129/145 Kubernetes e2e conformance tests.
* [alpha] Deletion of `PersistentVolumeClaim` objects that are in use by a pod no longer permitted (if alpha feature is enabled).
* [alpha] Container Storage Interface
* New CSIVolumeSource enables Kubernetes to use external CSI drivers to provision, attach, and mount volumes.
* [alpha] Raw block volumes
* [alpha] Raw block volumes
* Support for surfacing volumes as raw block devices added to Kubernetes storage system.
* Only Fibre Channel volume plugin supports exposes this functionality, in this release.
* [alpha] Volume resizing
* Added file system resizing for the following volume plugins: GCE PD, Ceph RBD, AWS EBS, OpenStack Cinder
* [alpha] Topology Aware Volume Scheduling
* [alpha] Topology Aware Volume Scheduling
* Improved volume scheduling for Local PersistentVolumes, by allowing the scheduler to make PersistentVolume binding decisions while respecting the Pod's scheduling requirements.
* Dynamic provisioning is not supported with this feature yet.
* [alpha] Containerized mount utilities
@ -2082,7 +2082,7 @@ filename | sha256 hash
* The minimum supported go version bumps to 1.9.1. ([#55301](https://github.com/kubernetes/kubernetes/pull/55301), [@xiangpengzhao](https://github.com/xiangpengzhao))
* GCE: provide an option to disable docker's live-restore on COS/ubuntu ([#55260](https://github.com/kubernetes/kubernetes/pull/55260), [@yujuhong](https://github.com/yujuhong))
* Azure NSG rules for services exposed via external load balancer ([#54177](https://github.com/kubernetes/kubernetes/pull/54177), [@itowlson](https://github.com/itowlson))
* now limit the destination IP address to the relevant front end load
* now limit the destination IP address to the relevant front end load
* balancer IP.
* DaemonSet status now has a new field named "conditions", making it consistent with other workloads controllers. ([#55272](https://github.com/kubernetes/kubernetes/pull/55272), [@janetkuo](https://github.com/janetkuo))
* kubeadm: Add an experimental mode to deploy CoreDNS instead of KubeDNS ([#52501](https://github.com/kubernetes/kubernetes/pull/52501), [@rajansandeep](https://github.com/rajansandeep))
@ -2358,10 +2358,10 @@ filename | sha256 hash
* Add monitoring of Windows Server containers metrics in the kubelet via the stats/summary endpoint. ([#50396](https://github.com/kubernetes/kubernetes/pull/50396), [@bobbypage](https://github.com/bobbypage))
* Restores redirect behavior for proxy subresources ([#52933](https://github.com/kubernetes/kubernetes/pull/52933), [@liggitt](https://github.com/liggitt))
* A new service annotation has been added for services of type LoadBalancer on Azure, ([#51757](https://github.com/kubernetes/kubernetes/pull/51757), [@itowlson](https://github.com/itowlson))
* to specify the subnet on which the service's front end IP should be provisioned. The
* annotation is service.beta.kubernetes.io/azure-load-balancer-internal-subnet and its
* value is the subnet name (not the subnet ARM ID). If omitted, the default is the
* master subnet. It is ignored if the service is not on Azure, if the type is not
* to specify the subnet on which the service's front end IP should be provisioned. The
* annotation is service.beta.kubernetes.io/azure-load-balancer-internal-subnet and its
* value is the subnet name (not the subnet ARM ID). If omitted, the default is the
* master subnet. It is ignored if the service is not on Azure, if the type is not
* LoadBalancer, or if the load balancer is not internal.
* Adds a command-line argument to kube-apiserver called ([#51698](https://github.com/kubernetes/kubernetes/pull/51698), [@rphillips](https://github.com/rphillips))
* --alpha-endpoint-reconciler-type=(master-count, lease, none) (default
@ -2544,7 +2544,7 @@ filename | sha256 hash
* PersistentVolumeClaim metrics like "volume_stats_inodes" and "volume_stats_capacity_bytes" are now reported via kubelet prometheus ([#51553](https://github.com/kubernetes/kubernetes/pull/51553), [@wongma7](https://github.com/wongma7))
* When using IP aliases, use a secondary range rather than subnetwork to reserve cluster IPs. ([#51690](https://github.com/kubernetes/kubernetes/pull/51690), [@bowei](https://github.com/bowei))
* IPAM controller unifies handling of node pod CIDR range allocation. ([#51374](https://github.com/kubernetes/kubernetes/pull/51374), [@bowei](https://github.com/bowei))
* It is intended to supersede the logic that is currently in range_allocator
* It is intended to supersede the logic that is currently in range_allocator
* and cloud_cidr_allocator. (ALPHA FEATURE)
* Note: for this change, the other allocators still exist and are the default.
* It supports two modes:
@ -2613,7 +2613,7 @@ filename | sha256 hash
* add fieldSelector spec.schedulerName ([#50582](https://github.com/kubernetes/kubernetes/pull/50582), [@dixudx](https://github.com/dixudx))
* Change eviction manager to manage one single local ephemeral storage resource ([#50889](https://github.com/kubernetes/kubernetes/pull/50889), [@NickrenREN](https://github.com/NickrenREN))
* Cloud Controller Manager now sets Node.Spec.ProviderID ([#50730](https://github.com/kubernetes/kubernetes/pull/50730), [@andrewsykim](https://github.com/andrewsykim))
* Paramaterize session affinity timeout seconds in service API for Client IP based session affinity. ([#49850](https://github.com/kubernetes/kubernetes/pull/49850), [@m1093782566](https://github.com/m1093782566))
* Parameterize session affinity timeout seconds in service API for Client IP based session affinity. ([#49850](https://github.com/kubernetes/kubernetes/pull/49850), [@m1093782566](https://github.com/m1093782566))
* Changing scheduling part of the alpha feature 'LocalStorageCapacityIsolation' to manage one single local ephemeral storage resource ([#50819](https://github.com/kubernetes/kubernetes/pull/50819), [@NickrenREN](https://github.com/NickrenREN))
* set --audit-log-format default to json ([#50971](https://github.com/kubernetes/kubernetes/pull/50971), [@CaoShuFeng](https://github.com/CaoShuFeng))
* kubeadm: Implement a `--dry-run` mode and flag for `kubeadm` ([#51122](https://github.com/kubernetes/kubernetes/pull/51122), [@luxas](https://github.com/luxas))

979
Godeps/Godeps.json generated
View File

File diff suppressed because it is too large Load Diff

8994
Godeps/LICENSES generated
View File

File diff suppressed because it is too large Load Diff

2
Godeps/OWNERS generated
View File

@ -1,2 +1,4 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- dep-approvers

2
OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
filters:
".*":
reviewers:

14
OWNERS_ALIASES
View File

@ -102,7 +102,7 @@ aliases:
- tallclair
sig-auth-policy-reviewers:
- deads2k
- hongchaodeng
- hongchaodeng
- jianhuiz
- liggitt
- mbohlool
@ -125,14 +125,13 @@ aliases:
sig-storage-reviewers:
- saad-ali
- childsb
sig-scheduling-maintainers:
- bsalamat
- davidopp
- k82cn
- timothysc
- wojtek-t
- aveshagarwal
- ravisantoshgudimetla
- Huang-Wei
sig-scheduling:
- bsalamat
- k82cn
@ -141,6 +140,7 @@ aliases:
- misterikkit
- Huang-Wei
- wgliang
sig-cli-maintainers:
- adohe
- brendandburns
@ -288,11 +288,14 @@ aliases:
- jsafrane
- jbeda
dep-approvers:
- apelisse
- BenTheElder
- cblecker
- dims
- thockin
- sttts
- soltysh
feature-approvers:
- AdoHe # CLI
- bgrant0607 # Architecture
- brancz # Instrumentation
- bsalamat # Scheduling
@ -323,6 +326,7 @@ aliases:
- quinton-hoole # Multicluster
- roberthbailey # Cluster Lifecycle
- saad-ali # Storage
- seans3 # CLI
- soltysh # CLI
- tallclair # Auth
- thockin # Network

4
SECURITY_CONTACTS
View File

@ -1,10 +1,10 @@
# Defined below are the security contacts for this repo.
#
# They are the contact point for the Product Security Team to reach out
# They are the contact point for the Product Security Committee to reach out
# to for triaging and handling of incoming issues.
#
# The below names agree to abide by the
# [Embargo Policy](https://github.com/kubernetes/sig-release/blob/master/security-release-process-documentation/security-release-process.md#embargo-policy)
# [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy)
# and will be removed and replaced if they violate that agreement.
#
# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE

18
SUPPORT.md
View File

@ -1,27 +1,27 @@
## Support for deploying and using Kubernetes
## Support for deploying and using Kubernetes
Welcome to Kubernetes! We use GitHub for tracking bugs and feature requests.
This isn't the right place to get support for using Kubernetes, but the following
Welcome to Kubernetes! We use GitHub for tracking bugs and feature requests.
This isn't the right place to get support for using Kubernetes, but the following
resources are available below, thanks for understanding.
### Stack Overflow
The Kubernetes Community is active on Stack Overflow, you can post your questions there:
The Kubernetes Community is active on Stack Overflow, you can post your questions there:
* [Kubernetes on Stack Overflow](http://stackoverflow.com/questions/tagged/kubernetes)
* [Kubernetes on Stack Overflow](https://stackoverflow.com/questions/tagged/kubernetes)
* Here are some tips for [about how to ask good questions](http://stackoverflow.com/help/how-to-ask).
* Here are some tips for [about how to ask good questions](https://stackoverflow.com/help/how-to-ask).
* Don't forget to check to see [what's on topic](http://stackoverflow.com/help/on-topic).
### Documentation
### Documentation
* [User Documentation](https://kubernetes.io/docs/)
* [User Documentation](https://kubernetes.io/docs/)
* [Troubleshooting Guide](https://kubernetes.io/docs/tasks/debug-application-cluster/troubleshooting/)
### Real-time Chat
* [Slack](https://kubernetes.slack.com) ([registration](http://slack.k8s.io)):
The `#kubernetes-users` and `#kubernetes-novice` channels are usual places where
The `#kubernetes-users` and `#kubernetes-novice` channels are usual places where
people offer support.
### Forum

2
api/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
# Disable inheritance as this is an api owners file
options:
no_parent_owners: true

6
api/openapi-spec/README.md
View File

@ -10,7 +10,7 @@ extensions has been added.
### `x-kubernetes-group-version-kind`
Operations and Definitions may have `x-kubernetes-group-version-kind` if they
are associated with a [kubernetes resource](https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#resources).
are associated with a [kubernetes resource](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources).
For example:
@ -35,7 +35,7 @@ For example:
### `x-kubernetes-action`
Operations and Definitions may have `x-kubernetes-action` if they
are associated with a [kubernetes resource](https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#resources).
are associated with a [kubernetes resource](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources).
Action can be one of `get`, `list`, `put`, `patch`, `post`, `delete`, `deletecollection`, `watch`, `watchlist`, `proxy`, or `connect`.
@ -57,4 +57,4 @@ For example:
### `x-kubernetes-patch-strategy` and `x-kubernetes-patch-merge-key`
Some of the definitions may have these extensions. For more information about PatchStrategy and PatchMergeKey see
[strategic-merge-patch](https://git.k8s.io/community/contributors/devel/strategic-merge-patch.md).
[strategic-merge-patch](https://git.k8s.io/community/contributors/devel/sig-api-machinery/strategic-merge-patch.md).

196688
api/openapi-spec/swagger.json generated
View File

File diff suppressed because it is too large Load Diff

98
build/BUILD
View File

@ -1,8 +1,9 @@
package(default_visibility = ["//visibility:public"])
load("@io_bazel_rules_docker//container:container.bzl", "container_bundle", "container_image")
load("@io_kubernetes_build//defs:build.bzl", "release_filegroup")
load("@io_k8s_repo_infra//defs:build.bzl", "release_filegroup")
load(":code_generation_test.bzl", "code_generation_test_suite")
load(":container.bzl", "multi_arch_container", "multi_arch_container_push")
load(":platforms.bzl", "SERVER_PLATFORMS", "for_platforms")
code_generation_test_suite(
name = "code_generation_tests",
@ -30,49 +31,70 @@ filegroup(
# in build/common.sh.
DOCKERIZED_BINARIES = {
"cloud-controller-manager": {
"base": "@debian-base-amd64//image",
"base": "@debian-base-{ARCH}//image",
"target": "//cmd/cloud-controller-manager:cloud-controller-manager",
},
"kube-apiserver": {
"base": "@debian-base-amd64//image",
"base": "@debian-base-{ARCH}//image",
"target": "//cmd/kube-apiserver:kube-apiserver",
},
"kube-controller-manager": {
"base": "@debian-base-amd64//image",
"base": "@debian-base-{ARCH}//image",
"target": "//cmd/kube-controller-manager:kube-controller-manager",
},
"kube-scheduler": {
"base": "@debian-base-amd64//image",
"base": "@debian-base-{ARCH}//image",
"target": "//cmd/kube-scheduler:kube-scheduler",
},
"kube-proxy": {
"base": "@debian-iptables-amd64//image",
"base": "@debian-iptables-{ARCH}//image",
"target": "//cmd/kube-proxy:kube-proxy",
},
}
[container_image(
name = binary + "-internal",
# In the bash-based build (build/lib/release.sh), the images built for amd64 do not use
# an arch in their name (but other arches do), and the GCE cluster scripts
# (which sideload the images via tarfiles) expect there not to be an arch.
# When pushing to gcr.io, we want to use an arch, since the archless name is now used for a
# manifest list. Bazel doesn't support manifest lists (yet), so we can't do that either.
# For now, we use the archless name for the image tars saved in the server tarball,
# to satisfy GCE and other similar providers. (If one were to pull the images via the manifest
# list, the arch wouldn't appear in the name either.)
[multi_arch_container(
name = binary,
architectures = SERVER_PLATFORMS["linux"],
base = meta["base"],
cmd = ["/usr/bin/" + binary],
debs = [
"//build/debs:%s.deb" % binary,
],
debs = select(for_platforms(
for_server = ["//build/debs:%s-{ARCH}.deb" % binary],
only_os = "linux",
)),
# Since the multi_arch_container macro replaces the {ARCH} format string,
# we need to escape the stamping vars.
# Also see comment above about why the push tags use ARCH while the
# non-push tags do not.
docker_push_tags = ["{{STABLE_DOCKER_PUSH_REGISTRY}}/%s-{ARCH}:{{STABLE_DOCKER_TAG}}" % binary],
docker_tags = ["{{STABLE_DOCKER_REGISTRY}}/%s:{{STABLE_DOCKER_TAG}}" % binary],
stamp = True,
symlinks = {
# Some cluster startup scripts expect to find the binaries in /usr/local/bin,
# but the debs install the binaries into /usr/bin.
"/usr/local/bin/" + binary: "/usr/bin/" + binary,
},
tags = ["manual"],
visibility = ["//visibility:private"],
) for binary, meta in DOCKERIZED_BINARIES.items()]
[container_bundle(
name = binary,
images = {
"k8s.gcr.io/%s:{STABLE_DOCKER_TAG}" % binary: binary + "-internal",
# Also roll up all images into a single bundle to push with one target.
multi_arch_container_push(
name = "server-images",
architectures = SERVER_PLATFORMS["linux"],
docker_tags_images = {
"{{STABLE_DOCKER_PUSH_REGISTRY}}/%s-{ARCH}:{{STABLE_DOCKER_TAG}}" % binary: "%s-internal" % binary
for binary in DOCKERIZED_BINARIES.keys()
},
stamp = True,
) for binary in DOCKERIZED_BINARIES.keys()]
tags = ["manual"],
)
[genrule(
name = binary + "_docker_tag",
@ -103,19 +125,19 @@ release_filegroup(
# KUBE_CLIENT_TARGETS
release_filegroup(
name = "client-targets",
srcs = [
conditioned_srcs = for_platforms(for_client = [
"//cmd/kubectl",
],
]),
)
# KUBE_NODE_TARGETS
release_filegroup(
name = "node-targets",
srcs = [
conditioned_srcs = for_platforms(for_node = [
"//cmd/kube-proxy",
"//cmd/kubeadm",
"//cmd/kubelet",
],
]),
)
# KUBE_SERVER_TARGETS
@ -123,31 +145,35 @@ release_filegroup(
# since we include them in the actual build rule.
release_filegroup(
name = "server-targets",
srcs = [
conditioned_srcs = for_platforms(for_server = [
"//cluster/gce/gci/mounter",
"//cmd/cloud-controller-manager",
"//cmd/hyperkube",
"//cmd/kube-apiserver",
"//cmd/kube-controller-manager",
"//cmd/kube-scheduler",
],
]),
)
# kube::golang::test_targets
filegroup(
name = "test-targets",
srcs = [
"//cmd/gendocs",
"//cmd/genkubedocs",
"//cmd/genman",
"//cmd/genswaggertypedocs",
"//cmd/genyaml",
"//cmd/kubemark", # TODO: server platforms only
"//cmd/linkcheck",
"//test/e2e:e2e.test",
"//test/e2e_node:e2e_node.test", # TODO: server platforms only
"//vendor/github.com/onsi/ginkgo/ginkgo",
],
srcs = select(for_platforms(
for_server = [
"//cmd/kubemark",
"//test/e2e_node:e2e_node.test_binary",
],
for_test = [
"//cmd/gendocs",
"//cmd/genkubedocs",
"//cmd/genman",
"//cmd/genswaggertypedocs",
"//cmd/genyaml",
"//cmd/linkcheck",
"//test/e2e:e2e.test_binary",
"//vendor/github.com/onsi/ginkgo/ginkgo",
],
)),
)
# KUBE_TEST_PORTABLE

3
build/OWNERS
View File

@ -1,4 +1,7 @@
# See the OWNERS docs at https://go.k8s.io/owners
reviewers:
- bentheelder
- cblecker
- ixdy
- jbeda

2
build/build-image/cross/Dockerfile
View File

@ -15,7 +15,7 @@
# This file creates a standard build environment for building cross
# platform go binary for the architecture kubernetes cares about.
FROM golang:1.11.5
FROM golang:1.12.0
ENV GOARM 7
ENV KUBE_DYNAMIC_CROSSPLATFORMS \

2
build/build-image/cross/VERSION
View File

@ -1 +1 @@
v1.11.5-1
v1.12.0-1

2
build/code_generation.bzl
View File

@ -14,7 +14,7 @@
load("//build:kazel_generated.bzl", "go_prefix", "tags_values_pkgs")
load("//build:openapi.bzl", "openapi_vendor_prefix")
load("@io_kubernetes_build//defs:go.bzl", "go_genrule")
load("@io_k8s_repo_infra//defs:go.bzl", "go_genrule")
def bazel_go_library(pkg):
"""Returns the Bazel label for the Go library for the provided package.

2
build/code_generation_test.bzl
View File

@ -13,7 +13,7 @@
# limitations under the License.
load(":code_generation.bzl", "bazel_go_library", "go_pkg")
load("@bazel_skylib//:lib.bzl", "asserts", "unittest")
load("@bazel_skylib//lib:unittest.bzl", "asserts", "unittest")
def _bazel_go_library_test_impl(ctx):
env = unittest.begin(ctx)

44
build/common.sh
View File

@ -26,13 +26,13 @@ USER_ID=$(id -u)
GROUP_ID=$(id -g)
DOCKER_OPTS=${DOCKER_OPTS:-""}
DOCKER=(docker ${DOCKER_OPTS})
IFS=" " read -r -a DOCKER <<< "docker ${DOCKER_OPTS}"
DOCKER_HOST=${DOCKER_HOST:-""}
DOCKER_MACHINE_NAME=${DOCKER_MACHINE_NAME:-"kube-dev"}
readonly DOCKER_MACHINE_DRIVER=${DOCKER_MACHINE_DRIVER:-"virtualbox --virtualbox-cpu-count -1"}
# This will canonicalize the path
KUBE_ROOT=$(cd "$(dirname "${BASH_SOURCE}")"/.. && pwd -P)
KUBE_ROOT=$(cd "$(dirname "${BASH_SOURCE[0]}")"/.. && pwd -P)
source "${KUBE_ROOT}/hack/lib/init.sh"
@ -89,8 +89,8 @@ readonly KUBE_CONTAINER_RSYNC_PORT=8730
# $1 - server architecture
kube::build::get_docker_wrapped_binaries() {
local arch=$1
local debian_base_version=0.4.0
local debian_iptables_version=v11.0
local debian_base_version=0.4.1
local debian_iptables_version=v11.0.1
### If you change any of these lists, please also update DOCKERIZED_BINARIES
### in build/BUILD. And kube::golang::server_image_targets
local targets=(
@ -137,7 +137,7 @@ function kube::build::verify_prereqs() {
fi
kube::util::ensure_docker_daemon_connectivity || return 1
if (( ${KUBE_VERBOSE} > 6 )); then
if (( KUBE_VERBOSE > 6 )); then
kube::log::status "Docker Version:"
"${DOCKER[@]}" version | kube::log::info_from_stdin
fi
@ -185,7 +185,8 @@ function kube::build::docker_available_on_osx() {
function kube::build::prepare_docker_machine() {
kube::log::status "docker-machine was found."
local available_memory_bytes=$(sysctl -n hw.memsize 2>/dev/null)
local available_memory_bytes
available_memory_bytes=$(sysctl -n hw.memsize 2>/dev/null)
local bytes_in_mb=1048576
@ -193,7 +194,7 @@ function kube::build::prepare_docker_machine() {
# of multiple by .5, because bash can only multiply by ints.
local memory_divisor=2
local virtualbox_memory_mb=$(( ${available_memory_bytes} / (${bytes_in_mb} * ${memory_divisor}) ))
local virtualbox_memory_mb=$(( available_memory_bytes / (bytes_in_mb * memory_divisor) ))
docker-machine inspect "${DOCKER_MACHINE_NAME}" &> /dev/null || {
kube::log::status "Creating a machine to build Kubernetes"
@ -215,7 +216,7 @@ function kube::build::prepare_docker_machine() {
while ! docker_machine_out=$(docker-machine env "${DOCKER_MACHINE_NAME}" 2>&1); do
if [[ ${docker_machine_out} =~ "Error checking TLS connection" ]]; then
echo "${docker_machine_out}"
docker-machine regenerate-certs ${DOCKER_MACHINE_NAME}
docker-machine regenerate-certs "${DOCKER_MACHINE_NAME}"
else
sleep 1
fi
@ -368,7 +369,7 @@ function kube::build::short_hash() {
else
short_hash=$(echo -n "$1" | md5sum)
fi
echo ${short_hash:0:10}
echo "${short_hash:0:10}"
}
# Pedantically kill, wait-on and remove a container. The -f -v options
@ -412,7 +413,7 @@ function kube::build::clean() {
function kube::build::build_image() {
mkdir -p "${LOCAL_OUTPUT_BUILD_CONTEXT}"
# Make sure the context directory owned by the right user for syncing sources to container.
chown -R ${USER_ID}:${GROUP_ID} "${LOCAL_OUTPUT_BUILD_CONTEXT}"
chown -R "${USER_ID}":"${GROUP_ID}" "${LOCAL_OUTPUT_BUILD_CONTEXT}"
cp /etc/localtime "${LOCAL_OUTPUT_BUILD_CONTEXT}/"
@ -503,7 +504,7 @@ function kube::build::ensure_data_container() {
--name "${KUBE_DATA_CONTAINER_NAME}"
--hostname "${HOSTNAME}"
"${KUBE_BUILD_IMAGE}"
chown -R ${USER_ID}:${GROUP_ID}
chown -R "${USER_ID}":"${GROUP_ID}"
"${REMOTE_ROOT}"
/usr/local/go/pkg/
)
@ -582,7 +583,7 @@ function kube::build::run_build_command_ex() {
if [[ -t 0 ]]; then
docker_run_opts+=(--interactive --tty)
elif [[ "${detach}" == false ]]; then
docker_run_opts+=(--attach=stdout --attach=stderr)
docker_run_opts+=("--attach=stdout" "--attach=stderr")
fi
local -ra docker_cmd=(
@ -599,13 +600,13 @@ function kube::build::run_build_command_ex() {
function kube::build::rsync_probe {
# Wait unil rsync is up and running.
local tries=20
while (( ${tries} > 0 )) ; do
while (( tries > 0 )) ; do
if rsync "rsync://k8s@${1}:${2}/" \
--password-file="${LOCAL_OUTPUT_BUILD_CONTEXT}/rsyncd.password" \
&> /dev/null ; then
return 0
fi
tries=$(( ${tries} - 1))
tries=$(( tries - 1))
sleep 0.1
done
@ -625,7 +626,7 @@ function kube::build::start_rsyncd_container() {
kube::build::stop_rsyncd_container
V=3 kube::log::status "Starting rsyncd container"
kube::build::run_build_command_ex \
"${KUBE_RSYNC_CONTAINER_NAME}" -p 127.0.0.1:${KUBE_RSYNC_PORT}:${KUBE_CONTAINER_RSYNC_PORT} -d \
"${KUBE_RSYNC_CONTAINER_NAME}" -p 127.0.0.1:"${KUBE_RSYNC_PORT}":"${KUBE_CONTAINER_RSYNC_PORT}" -d \
-e ALLOW_HOST="$(${IPTOOL} | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1')" \
-- /rsyncd.sh >/dev/null
@ -643,7 +644,7 @@ function kube::build::start_rsyncd_container() {
# machines) we have to talk directly to the container IP. There is no one
# strategy that works in all cases so we test to figure out which situation we
# are in.
if kube::build::rsync_probe 127.0.0.1 ${mapped_port}; then
if kube::build::rsync_probe 127.0.0.1 "${mapped_port}"; then
KUBE_RSYNC_ADDR="127.0.0.1:${mapped_port}"
return 0
elif kube::build::rsync_probe "${container_ip}" ${KUBE_CONTAINER_RSYNC_PORT}; then
@ -664,12 +665,12 @@ function kube::build::stop_rsyncd_container() {
function kube::build::rsync {
local -a rsync_opts=(
--archive
--password-file="${LOCAL_OUTPUT_BUILD_CONTEXT}/rsyncd.password"
"--password-file=${LOCAL_OUTPUT_BUILD_CONTEXT}/rsyncd.password"
)
if (( ${KUBE_VERBOSE} >= 6 )); then
if (( KUBE_VERBOSE >= 6 )); then
rsync_opts+=("-iv")
fi
if (( ${KUBE_RSYNC_COMPRESS} > 0 )); then
if (( KUBE_RSYNC_COMPRESS > 0 )); then
rsync_opts+=("--compress-level=${KUBE_RSYNC_COMPRESS}")
fi
V=3 kube::log::status "Running rsync"
@ -712,11 +713,6 @@ function kube::build::copy_output() {
kube::build::start_rsyncd_container
local rsync_extra=""
if (( ${KUBE_VERBOSE} >= 6 )); then
rsync_extra="-iv"
fi
# The filter syntax for rsync is a little obscure. It filters on files and
# directories. If you don't go in to a directory you won't find any files
# there. Rules are evaluated in order. The last two rules are a little

132
build/container.bzl Normal file
View File

@ -0,0 +1,132 @@
# Copyright 2019 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
load("@io_bazel_rules_docker//container:container.bzl", "container_bundle", "container_image")
load("@io_bazel_rules_docker//contrib:push-all.bzl", "docker_push")
load("//build:platforms.bzl", "go_platform_constraint")
# multi_arch_container produces a private internal container_image, multiple
# arch-specific tagged container_bundles (named NAME-ARCH), an alias
# from NAME to the appropriately NAME-ARCH container_bundle target, and a
# genrule for NAME.tar copying the appropriate NAME-ARCH container bundle
# tarball output for the currently-configured architecture.
# Additionally, if docker_push_tags is provided, uses multi_arch_container_push
# to create container_bundles named push-NAME-ARCH with the provided push tags,
# along with a push-NAME docker_push target.
# Args:
# name: name used for the alias; the internal container_image and
# container_bundles are based on this name
# architectures: list of architectures (in GOARCH naming parlance) to
# configure
# base: base image to use for the containers. The format string {ARCH} will
# be replaced with the configured GOARCH.
# docker_tags: list of docker tags to apply to the image. The format string
# {ARCH} will be replaced with the configured GOARCH; any stamping variables
# should be escaped, e.g. {{STABLE_MY_VAR}}.
# docker_push_tags: list of docker tags to apply to the image for pushing.
# The format string {ARCH} will be replaced with the configured GOARCH;
# any stamping variables should be escaped, e.g. {{STABLE_MY_VAR}}.
# tags: will be applied to all targets
# visiblity: will be applied only to the container_bundles; the internal
# container_image is private
# All other args will be applied to the internal container_image.
def multi_arch_container(
name,
architectures,
base,
docker_tags,
docker_push_tags = None,
tags = None,
visibility = None,
**kwargs):
container_image(
name = "%s-internal" % name,
base = select({
go_platform_constraint(os = "linux", arch = arch): base.format(ARCH = arch)
for arch in architectures
}),
tags = tags,
visibility = ["//visibility:private"],
**kwargs
)
for arch in architectures:
container_bundle(
name = "%s-%s" % (name, arch),
images = {
docker_tag.format(ARCH = arch): ":%s-internal" % name
for docker_tag in docker_tags
},
tags = tags,
visibility = visibility,
)
native.alias(
name = name,
actual = select({
go_platform_constraint(os = "linux", arch = arch): "%s-%s" % (name, arch)
for arch in architectures
}),
)
native.genrule(
name = "gen_%s.tar" % name,
outs = ["%s.tar" % name],
srcs = select({
go_platform_constraint(os = "linux", arch = arch): ["%s-%s.tar" % (name, arch)]
for arch in architectures
}),
cmd = "cp $< $@",
output_to_bindir = True,
)
if docker_push_tags:
multi_arch_container_push(
name = name,
architectures = architectures,
docker_tags_images = {docker_push_tag: ":%s-internal" % name for docker_push_tag in docker_push_tags},
tags = tags,
)
# multi_arch_container_push creates container_bundles named push-NAME-ARCH for
# the provided architectures, populating them with the images directory.
# It additionally creates a push-NAME docker_push rule which can be run to
# push the images to a Docker repository.
# Args:
# name: name used for targets created by this macro; the internal
# container_bundles are based on this name
# architectures: list of architectures (in GOARCH naming parlance) to
# configure
# docker_tags_images: dictionary mapping docker tag to the corresponding
# container_image target. The format string {ARCH} will be replaced
# in tags with the configured GOARCH; any stamping variables should be
# escaped, e.g. {{STABLE_MY_VAR}}.
# tags: applied to container_bundle targets
def multi_arch_container_push(
name,
architectures,
docker_tags_images,
tags = None):
for arch in architectures:
container_bundle(
name = "push-%s-%s" % (name, arch),
images = {tag.format(ARCH = arch): image for tag, image in docker_tags_images.items()},
tags = tags,
visibility = ["//visibility:private"],
)
docker_push(
name = "push-%s" % name,
bundle = select({
go_platform_constraint(os = "linux", arch = arch): "push-%s-%s" % (name, arch)
for arch in architectures
}),
)

2
build/debian-base/Makefile
View File

@ -18,7 +18,7 @@ REGISTRY ?= staging-k8s.gcr.io
IMAGE ?= $(REGISTRY)/debian-base
BUILD_IMAGE ?= debian-build
TAG ?= 0.4.0
TAG ?= 0.4.1
TAR_FILE ?= rootfs.tar
ARCH?=amd64

4
build/debian-hyperkube-base/Makefile
View File

@ -19,12 +19,12 @@
REGISTRY?=staging-k8s.gcr.io
IMAGE?=$(REGISTRY)/debian-hyperkube-base
TAG=0.12.0
TAG=0.12.1
ARCH?=amd64
ALL_ARCH = amd64 arm arm64 ppc64le s390x
CACHEBUST?=1
BASEIMAGE=k8s.gcr.io/debian-base-$(ARCH):0.4.0
BASEIMAGE=k8s.gcr.io/debian-base-$(ARCH):0.4.1
CNI_VERSION=v0.6.0
TEMP_DIR:=$(shell mktemp -d)

2
build/debian-hyperkube-base/OWNERS
View File

@ -1,2 +1,4 @@
# See the OWNERS docs at https://go.k8s.io/owners
labels:
- sig/release

4
build/debian-iptables/Makefile
View File

@ -16,12 +16,12 @@
REGISTRY?="staging-k8s.gcr.io"
IMAGE=$(REGISTRY)/debian-iptables
TAG?=v11.0
TAG?=v11.0.1
ARCH?=amd64
ALL_ARCH = amd64 arm arm64 ppc64le s390x
TEMP_DIR:=$(shell mktemp -d)
BASEIMAGE?=k8s.gcr.io/debian-base-$(ARCH):0.4.0
BASEIMAGE?=k8s.gcr.io/debian-base-$(ARCH):0.4.1
# This option is for running docker manifest command
export DOCKER_CLI_EXPERIMENTAL := enabled

179
build/debs/BUILD
View File

@ -1,8 +1,15 @@
package(default_visibility = ["//visibility:public"])
load("@io_kubernetes_build//defs:deb.bzl", "k8s_deb", "deb_data")
load("@io_kubernetes_build//defs:build.bzl", "release_filegroup")
load("@io_kubernetes_build//defs:pkg.bzl", "pkg_tar")
load("@io_k8s_repo_infra//defs:deb.bzl", "deb_data", "k8s_deb")
load("@io_k8s_repo_infra//defs:build.bzl", "release_filegroup")
load("@io_k8s_repo_infra//defs:pkg.bzl", "pkg_tar")
load(
"//build:platforms.bzl",
"CLIENT_PLATFORMS",
"NODE_PLATFORMS",
"SERVER_PLATFORMS",
"for_platforms",
)
load("//build:workspace.bzl", "CNI_VERSION", "CRI_TOOLS_VERSION")
# We do not include kube-scheduler, kube-controller-manager,
@ -12,16 +19,61 @@ load("//build:workspace.bzl", "CNI_VERSION", "CRI_TOOLS_VERSION")
# images.
release_filegroup(
name = "debs",
srcs = [
":cri-tools.deb",
":kubeadm.deb",
":kubectl.deb",
":kubelet.deb",
":kubernetes-cni.deb",
],
conditioned_srcs = for_platforms(
default = [],
for_client = [":kubectl.deb"],
for_node = [
":cri-tools.deb",
":kubeadm.deb",
":kubelet.deb",
":kubernetes-cni.deb",
],
only_os = "linux",
),
)
# Create genrules to copy the arch-specific debs to debs without the arch in their filename.
genrule(
name = "kubectl",
srcs = select(for_platforms(
for_client = [":kubectl-{ARCH}.deb"],
only_os = "linux",
)),
outs = ["kubectl.deb"],
cmd = "cp $< $@",
output_to_bindir = True,
)
[genrule(
name = pkg,
srcs = select(for_platforms(
for_node = [":%s-{ARCH}.deb" % pkg],
only_os = "linux",
)),
outs = ["%s.deb" % pkg],
cmd = "cp $< $@",
output_to_bindir = True,
) for pkg in [
"cri-tools",
"kubeadm",
"kubelet",
"kubernetes-cni",
]]
[deb_data(
name = "kubectl",
data = [
{
"files": ["//cmd/kubectl"],
"mode": "0755",
"dir": "/usr/bin",
},
],
goarch = arch,
tags = ["manual"],
) for arch in CLIENT_PLATFORMS["linux"]]
[[deb_data(
name = binary,
data = [
{
@ -30,26 +82,17 @@ release_filegroup(
"dir": "/usr/bin",
},
],
goarch = arch,
tags = ["manual"],
) for binary in [
"cloud-controller-manager",
"kubectl",
"kube-apiserver",
"kube-controller-manager",
"kube-proxy",
]]
"kube-scheduler",
]] for arch in SERVER_PLATFORMS["linux"]]
deb_data(
name = "kube-scheduler",
data = [
{
"files": ["//cmd/kube-scheduler"],
"mode": "0755",
"dir": "/usr/bin",
},
],
)
deb_data(
[deb_data(
name = "kubelet",
data = [
{
@ -63,9 +106,11 @@ deb_data(
"dir": "/lib/systemd/system",
},
],
)
goarch = arch,
tags = ["manual"],
) for arch in NODE_PLATFORMS["linux"]]
deb_data(
[deb_data(
name = "kubeadm",
data = [
{
@ -89,63 +134,79 @@ deb_data(
"dir": "/etc/sysctl.d",
},
],
)
goarch = arch,
tags = ["manual"],
) for arch in NODE_PLATFORMS["linux"]]
pkg_tar(
name = "kubernetes-cni-data",
[pkg_tar(
name = "kubernetes-cni-data-%s" % goarch,
package_dir = "/opt/cni/bin",
deps = ["@kubernetes_cni//file"],
)
tags = ["manual"],
deps = ["@kubernetes_cni_%s//file" % goarch],
) for goarch in NODE_PLATFORMS["linux"]]
pkg_tar(
name = "cri-tools-data",
[pkg_tar(
name = "cri-tools-data-%s" % goarch,
package_dir = "/usr/bin",
deps = ["@cri_tools//file"],
)
tags = ["manual"],
deps = ["@cri_tools_%s//file" % goarch],
) for goarch in NODE_PLATFORMS["linux"]]
k8s_deb(
[k8s_deb(
name = "cloud-controller-manager",
description = "Kubernetes Cloud Controller Manager",
goarch = arch,
tags = ["manual"],
version_file = "//build:os_package_version",
)
) for arch in SERVER_PLATFORMS["linux"]]
k8s_deb(
[k8s_deb(
name = "kubectl",
description = """Kubernetes Command Line Tool
The Kubernetes command line tool for interacting with the Kubernetes API.
""",
goarch = arch,
tags = ["manual"],
version_file = "//build:os_package_version",
)
) for arch in CLIENT_PLATFORMS["linux"]]
k8s_deb(
[k8s_deb(
name = "kube-apiserver",
description = "Kubernetes API Server",
goarch = arch,
tags = ["manual"],
version_file = "//build:os_package_version",
)
) for arch in SERVER_PLATFORMS["linux"]]
k8s_deb(
[k8s_deb(
name = "kube-controller-manager",
description = "Kubernetes Controller Manager",
goarch = arch,
tags = ["manual"],
version_file = "//build:os_package_version",
)
) for arch in SERVER_PLATFORMS["linux"]]
k8s_deb(
[k8s_deb(
name = "kube-scheduler",
description = "Kubernetes Scheduler",
goarch = arch,
tags = ["manual"],
version_file = "//build:os_package_version",
)
) for arch in SERVER_PLATFORMS["linux"]]
k8s_deb(
[k8s_deb(
name = "kube-proxy",
depends = [
"iptables (>= 1.4.21)",
"iproute2",
],
description = "Kubernetes Service Proxy",
goarch = arch,
tags = ["manual"],
version_file = "//build:os_package_version",
)
) for arch in NODE_PLATFORMS["linux"]]
k8s_deb(
[k8s_deb(
name = "kubelet",
depends = [
"conntrack",
@ -161,10 +222,12 @@ k8s_deb(
description = """Kubernetes Node Agent
The node agent of Kubernetes, the container cluster manager
""",
goarch = arch,
tags = ["manual"],
version_file = "//build:os_package_version",
)
) for arch in NODE_PLATFORMS["linux"]]
k8s_deb(
[k8s_deb(
name = "kubeadm",
depends = [
"kubelet (>= 1.8.0)",
@ -175,23 +238,29 @@ k8s_deb(
description = """Kubernetes Cluster Bootstrapping Tool
The Kubernetes command line tool for bootstrapping a Kubernetes cluster.
""",
goarch = arch,
postinst = "postinst",
tags = ["manual"],
version_file = "//build:os_package_version",
)
) for arch in NODE_PLATFORMS["linux"]]
k8s_deb(
[k8s_deb(
name = "kubernetes-cni",
description = """Kubernetes Packaging of CNI
The Container Networking Interface tools for provisioning container networks.
""",
goarch = arch,
tags = ["manual"],
version = CNI_VERSION,
)
) for arch in NODE_PLATFORMS["linux"]]
k8s_deb(
[k8s_deb(
name = "cri-tools",
description = """Container Runtime Interface tools (crictl)""",
goarch = arch,
tags = ["manual"],
version = CRI_TOOLS_VERSION,
)
) for arch in NODE_PLATFORMS["linux"]]
filegroup(
name = "package-srcs",

2
build/debs/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
reviewers:
- luxas
- jbeda

103
build/go.bzl Normal file
View File

@ -0,0 +1,103 @@
# Copyright 2019 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_test")
# Defines several go_binary rules to work around a Bazel issue which makes
# the pure attribute on go_binary not configurable.
# The name provided will have cgo enabled if targeting Linux, and will
# be a pure go binary otherwise. Additionally, if targeting Windows, the
# output filename will have a .exe suffix.
def go_binary_conditional_pure(name, tags = None, **kwargs):
tags = tags or []
tags.append("manual")
go_binary(
name = "_%s-cgo" % name,
out = name,
pure = "off",
tags = tags,
**kwargs
)
# Define a rule for both Unix and Windows exe suffixes.
[go_binary(
name = "_%s-pure" % out,
out = out,
pure = "on",
tags = tags,
**kwargs
) for out in [name, name + ".exe"]]
# The real magic, where we work around the pure attribute not being
# configurable: select the appropriate go_binary rule above based on the
# configured platform.
native.alias(
name = name,
actual = select({
"@io_bazel_rules_go//go/platform:linux": ":_%s-cgo" % name,
"@io_bazel_rules_go//go/platform:windows": ":_%s.exe-pure" % name,
"//conditions:default": ":_%s-pure" % name,
}),
)
# Defines several go_test rules to work around a Bazel issue which makes
# the pure attribute on go_test not configurable.
# This also defines genrules to produce test binaries named ${out} and
# ${out}.exe, and an alias named ${out}_binary which automatically selects
# the correct filename suffix (i.e. with a .exe on Windows).
def go_test_conditional_pure(name, out, tags = None, **kwargs):
tags = tags or []
tags.append("manual")
go_test(
name = "_%s-cgo" % name,
pure = "off",
testonly = False,
tags = tags,
**kwargs
)
go_test(
name = "_%s-pure" % name,
pure = "on",
testonly = False,
tags = tags,
**kwargs
)
native.alias(
name = name,
actual = select({
"@io_bazel_rules_go//go/platform:linux": ":_%s-cgo" % name,
"//conditions:default": ":_%s-pure" % name,
}),
)
[native.genrule(
name = "gen_%s" % o,
srcs = [name],
outs = [o],
cmd = "cp $< $@;",
output_to_bindir = True,
executable = True,
tags = tags,
) for o in [out, out + ".exe"]]
native.alias(
name = "%s_binary" % out,
actual = select({
"@io_bazel_rules_go//go/platform:windows": ":gen_%s.exe" % out,
"//conditions:default": ":gen_%s" % out,
}),
)

8
build/kazel_generated.bzl
View File

@ -62,10 +62,14 @@ tags_values_pkgs = {"openapi-gen": {
"staging/src/k8s.io/api/extensions/v1beta1",
"staging/src/k8s.io/api/imagepolicy/v1alpha1",
"staging/src/k8s.io/api/networking/v1",
"staging/src/k8s.io/api/networking/v1beta1",
"staging/src/k8s.io/api/node/v1alpha1",
"staging/src/k8s.io/api/node/v1beta1",
"staging/src/k8s.io/api/policy/v1beta1",
"staging/src/k8s.io/api/rbac/v1",
"staging/src/k8s.io/api/rbac/v1alpha1",
"staging/src/k8s.io/api/rbac/v1beta1",
"staging/src/k8s.io/api/scheduling/v1",
"staging/src/k8s.io/api/scheduling/v1alpha1",
"staging/src/k8s.io/api/scheduling/v1beta1",
"staging/src/k8s.io/api/settings/v1alpha1",
@ -135,10 +139,14 @@ tags_pkgs_values = {"openapi-gen": {
"staging/src/k8s.io/api/extensions/v1beta1": ["true"],
"staging/src/k8s.io/api/imagepolicy/v1alpha1": ["true"],
"staging/src/k8s.io/api/networking/v1": ["true"],
"staging/src/k8s.io/api/networking/v1beta1": ["true"],
"staging/src/k8s.io/api/node/v1alpha1": ["true"],
"staging/src/k8s.io/api/node/v1beta1": ["true"],
"staging/src/k8s.io/api/policy/v1beta1": ["true"],
"staging/src/k8s.io/api/rbac/v1": ["true"],
"staging/src/k8s.io/api/rbac/v1alpha1": ["true"],
"staging/src/k8s.io/api/rbac/v1beta1": ["true"],
"staging/src/k8s.io/api/scheduling/v1": ["true"],
"staging/src/k8s.io/api/scheduling/v1alpha1": ["true"],
"staging/src/k8s.io/api/scheduling/v1beta1": ["true"],
"staging/src/k8s.io/api/settings/v1alpha1": ["true"],

131
build/lib/release.sh
View File

@ -32,6 +32,11 @@ KUBE_BUILD_HYPERKUBE=${KUBE_BUILD_HYPERKUBE:-y}
KUBE_BUILD_CONFORMANCE=${KUBE_BUILD_CONFORMANCE:-y}
KUBE_BUILD_PULL_LATEST_IMAGES=${KUBE_BUILD_PULL_LATEST_IMAGES:-y}
# The mondo test tarball is deprecated as of Kubernetes 1.14, and the default
# will be set to 'n' in a future release.
# See KEP sig-testing/20190118-breaking-apart-the-kubernetes-test-tarball
KUBE_BUILD_MONDO_TEST_TARBALL=${KUBE_BUILD_MONDO_TEST_TARBALL:-y}
# Validate a ci version
#
# Globals:
@ -89,7 +94,7 @@ function kube::release::package_tarballs() {
kube::util::wait-for-jobs || { kube::log::error "previous tarball phase failed"; return 1; }
kube::release::package_final_tarball & # _final depends on some of the previous phases
kube::release::package_test_tarball & # _test doesn't depend on anything
kube::release::package_test_tarballs & # _test doesn't depend on anything
kube::util::wait-for-jobs || { kube::log::error "previous tarball phase failed"; return 1; }
}
@ -136,7 +141,7 @@ function kube::release::package_client_tarballs() {
# This fancy expression will expand to prepend a path
# (${LOCAL_OUTPUT_BINPATH}/${platform}/) to every item in the
# KUBE_CLIENT_BINARIES array.
# client_bins array.
cp "${client_bins[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
"${release_stage}/client/bin/"
@ -169,7 +174,7 @@ function kube::release::package_node_tarballs() {
fi
# This fancy expression will expand to prepend a path
# (${LOCAL_OUTPUT_BINPATH}/${platform}/) to every item in the
# KUBE_NODE_BINARIES array.
# node_bins array.
cp "${node_bins[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
"${release_stage}/node/bin/"
@ -181,6 +186,9 @@ function kube::release::package_node_tarballs() {
if [[ "${platform%/*}" == "windows" ]]; then
client_bins=("${KUBE_CLIENT_BINARIES_WIN[@]}")
fi
# This fancy expression will expand to prepend a path
# (${LOCAL_OUTPUT_BINPATH}/${platform}/) to every item in the
# client_bins array.
cp "${client_bins[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
"${release_stage}/node/bin/"
@ -248,6 +256,9 @@ function kube::release::package_server_tarballs() {
if [[ "${platform%/*}" == "windows" ]]; then
client_bins=("${KUBE_CLIENT_BINARIES_WIN[@]}")
fi
# This fancy expression will expand to prepend a path
# (${LOCAL_OUTPUT_BINPATH}/${platform}/) to every item in the
# client_bins array.
cp "${client_bins[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
"${release_stage}/server/bin/"
@ -466,39 +477,111 @@ function kube::release::package_kube_manifests_tarball() {
kube::release::create_tarball "${package_name}" "${release_stage}/.."
}
# Builds tarballs for each test platform containing the appropriate binaries.
function kube::release::package_test_platform_tarballs() {
local platform
rm -rf "${RELEASE_STAGE}/test"
# KUBE_TEST_SERVER_PLATFORMS is a subset of KUBE_TEST_PLATFORMS,
# so process it first.
for platform in "${KUBE_TEST_SERVER_PLATFORMS[@]}"; do
local platform_tag=${platform/\//-} # Replace a "/" for a "-"
local release_stage="${RELEASE_STAGE}/test/${platform_tag}/kubernetes"
mkdir -p "${release_stage}/test/bin"
# This fancy expression will expand to prepend a path
# (${LOCAL_OUTPUT_BINPATH}/${platform}/) to every item in the
# KUBE_TEST_SERVER_BINARIES array.
cp "${KUBE_TEST_SERVER_BINARIES[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
"${release_stage}/test/bin/"
done
for platform in "${KUBE_TEST_PLATFORMS[@]}"; do
(
local platform_tag=${platform/\//-} # Replace a "/" for a "-"
kube::log::status "Starting tarball: test $platform_tag"
local release_stage="${RELEASE_STAGE}/test/${platform_tag}/kubernetes"
mkdir -p "${release_stage}/test/bin"
local test_bins=("${KUBE_TEST_BINARIES[@]}")
if [[ "${platform%/*}" == "windows" ]]; then
test_bins=("${KUBE_TEST_BINARIES_WIN[@]}")
fi
# This fancy expression will expand to prepend a path
# (${LOCAL_OUTPUT_BINPATH}/${platform}/) to every item in the
# test_bins array.
cp "${test_bins[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
"${release_stage}/test/bin/"
local package_name="${RELEASE_TARS}/kubernetes-test-${platform_tag}.tar.gz"
kube::release::create_tarball "${package_name}" "${release_stage}/.."
) &
done
kube::log::status "Waiting on test tarballs"
kube::util::wait-for-jobs || { kube::log::error "test tarball creation failed"; exit 1; }
}
# This is the stuff you need to run tests from the binary distribution.
function kube::release::package_test_tarball() {
kube::log::status "Building tarball: test"
function kube::release::package_test_tarballs() {
kube::release::package_test_platform_tarballs
kube::log::status "Building tarball: test portable"
local release_stage="${RELEASE_STAGE}/test/kubernetes"
rm -rf "${release_stage}"
mkdir -p "${release_stage}"
local platform
for platform in "${KUBE_TEST_PLATFORMS[@]}"; do
local test_bins=("${KUBE_TEST_BINARIES[@]}")
if [[ "${platform%/*}" == "windows" ]]; then
test_bins=("${KUBE_TEST_BINARIES_WIN[@]}")
fi
mkdir -p "${release_stage}/platforms/${platform}"
cp "${test_bins[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
"${release_stage}/platforms/${platform}"
done
for platform in "${KUBE_TEST_SERVER_PLATFORMS[@]}"; do
mkdir -p "${release_stage}/platforms/${platform}"
cp "${KUBE_TEST_SERVER_BINARIES[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
"${release_stage}/platforms/${platform}"
done
# Add the test image files
# First add test image files and other portable sources so we can create
# the portable test tarball.
mkdir -p "${release_stage}/test/images"
cp -fR "${KUBE_ROOT}/test/images" "${release_stage}/test/"
tar c "${KUBE_TEST_PORTABLE[@]}" | tar x -C "${release_stage}"
kube::release::clean_cruft
local package_name="${RELEASE_TARS}/kubernetes-test.tar.gz"
kube::release::create_tarball "${package_name}" "${release_stage}/.."
local portable_tarball_name="${RELEASE_TARS}/kubernetes-test-portable.tar.gz"
kube::release::create_tarball "${portable_tarball_name}" "${release_stage}/.."
if [[ "${KUBE_BUILD_MONDO_TEST_TARBALL}" =~ [yY] ]]; then
kube::log::status "Building tarball: test mondo (deprecated by KEP sig-testing/20190118-breaking-apart-the-kubernetes-test-tarball)"
local platform
for platform in "${KUBE_TEST_PLATFORMS[@]}"; do
local test_bins=("${KUBE_TEST_BINARIES[@]}")
if [[ "${platform%/*}" == "windows" ]]; then
test_bins=("${KUBE_TEST_BINARIES_WIN[@]}")
fi
mkdir -p "${release_stage}/platforms/${platform}"
# This fancy expression will expand to prepend a path
# (${LOCAL_OUTPUT_BINPATH}/${platform}/) to every item in the
# test_bins array.
cp "${test_bins[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
"${release_stage}/platforms/${platform}"
done
for platform in "${KUBE_TEST_SERVER_PLATFORMS[@]}"; do
mkdir -p "${release_stage}/platforms/${platform}"
# This fancy expression will expand to prepend a path
# (${LOCAL_OUTPUT_BINPATH}/${platform}/) to every item in the
# KUBE_TEST_SERVER_BINARIES array.
cp "${KUBE_TEST_SERVER_BINARIES[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
"${release_stage}/platforms/${platform}"
done
cat <<EOF > "${release_stage}/DEPRECATION_NOTICE"
The mondo test tarball containing binaries for all platforms is
DEPRECATED as of Kubernetes 1.14.
Users of this tarball should migrate to using the platform-specific
tarballs in combination with the "portable" tarball which contains
scripts, test images, and other manifests.
For more details, please see KEP
sig-testing/20190118-breaking-apart-the-kubernetes-test-tarball.
EOF
kube::release::clean_cruft
local package_name="${RELEASE_TARS}/kubernetes-test.tar.gz"
kube::release::create_tarball "${package_name}" "${release_stage}/.."
fi
}
# This is all the platform-independent stuff you need to run/install kubernetes.

189
build/platforms.bzl Normal file
View File

@ -0,0 +1,189 @@
# Copyright 2019 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
load("@bazel_skylib//lib:new_sets.bzl", "sets")
load("@bazel_skylib//lib:types.bzl", "types")
# KUBE_SERVER_PLATFORMS in hack/lib/golang.sh
SERVER_PLATFORMS = {
"linux": [
"amd64",
"arm",
"arm64",
"ppc64le",
"s390x",
],
}
# KUBE_NODE_PLATFORMS in hack/lib/golang.sh
NODE_PLATFORMS = {
"linux": [
"amd64",
"arm",
"arm64",
"ppc64le",
"s390x",
],
"windows": [
"amd64",
],
}
# KUBE_CLIENT_PLATFORMS in hack/lib/golang.sh
CLIENT_PLATFORMS = {
"linux": [
"386",
"amd64",
"arm",
"arm64",
"ppc64le",
"s390x",
],
"darwin": [
"386",
"amd64",
],
"windows": [
"386",
"amd64",
],
}
# KUBE_TEST_PLATFORMS in hack/lib/golang.sh
TEST_PLATFORMS = {
"linux": [
"amd64",
"arm",
"arm64",
"s390x",
"ppc64le",
],
"darwin": [
"amd64",
],
"windows": [
"amd64",
],
}
# Helper which produces the ALL_PLATFORMS dictionary, composed of the union of
# CLIENT, NODE, SERVER, and TEST platforms
def _all_platforms():
all_platforms = {}
for platforms in [CLIENT_PLATFORMS, NODE_PLATFORMS, SERVER_PLATFORMS, TEST_PLATFORMS]:
for os, archs in platforms.items():
all_platforms[os] = sets.union(
all_platforms.setdefault(os, sets.make()),
sets.make(archs),
)
for os, archs in all_platforms.items():
all_platforms[os] = sets.to_list(archs)
return all_platforms
ALL_PLATFORMS = _all_platforms()
def go_platform_constraint(os, arch):
return "@io_bazel_rules_go//go/platform:%s_%s" % (os, arch)
# Helper to for_platforms which updates the select() dictionary.
# d is the dictionary being updated.
# value is the value to set for each item of platforms, which should
# be a single platform category dictionary (e.g. SERVER_PLATFORMS).
# only_os selects one of the OSes in platforms.
def _update_dict_for_platform_category(d, value, platforms, only_os = None):
if not value:
return
for os, arches in platforms.items():
if only_os and os != only_os:
continue
for arch in arches:
constraint = go_platform_constraint(os, arch)
fmt_args = {"OS": os, "ARCH": arch}
if types.is_list(value):
# Format all items in the list, and hope there are no duplicates
d.setdefault(constraint, []).extend(
[v.format(**fmt_args) for v in value],
)
else:
# Don't overwrite existing value
if constraint in d:
fail("duplicate entry for constraint %s", constraint)
if types.is_dict(value):
# Format dictionary values only
d[constraint] = {
dict_key: dict_value.format(**fmt_args)
for dict_key, dict_value in value.items()
}
else:
# Hopefully this is just a string
d[constraint] = value.format(**fmt_args)
# for_platforms returns a dictionary to be used with select().
# select() is used for configurable attributes (most attributes, notably
# excluding output filenames), and takes a dictionary mapping a condition
# to a value for that attribute.
# select() is described in more detail in the Bazel documentation:
# https://docs.bazel.build/versions/master/be/functions.html#select
#
# One notable condition is the target platform (os and arch).
# Kubernetes binaries generally target particular platform categories,
# such as client binaries like kubectl, or node binaries like kubelet.
# Additionally, some build artifacts need specific configurations such as
# the appropriate arch-specific base image.
#
# This macro produces a dictionary where each of the platform categories
# (client, node, server, test, all) is enumerated and filled in
# the the provided arguments as the values.
#
# For example, a filegroup might want to include one binary for all client
# platforms and another binary for server platforms. The client and server
# platform lists have some shared items but also some disjoint items.
# The client binary can be provided in for_client and the server binary provided
# in for_server; this macro will then return a select() dictionary that
# includes the appropriate binaries based on the configured platform.
#
# Another example selecting the appropriate base image for a docker container.
# One can use select(for_platforms(for_server="base-image-{ARCH}//image"))
# to have the appropriate arch-specific image selected.
#
# The for_platform arguments can be lists, dictionaries, or strings, but
# they should all be the same type for a given call.
# The tokens {OS} and {ARCH} will be substituted with the corresponding values,
# but if a dictionary is provided, only the dictionary values will be formatted.
#
# If default is provided, a default condition will be added with the provided
# value.
# only_os can be used to select a single OS from a platform category that lists
# multiple OSes. For example, it doesn't make sense to build debs or RPMs for
# anything besides Linux, so you might supply only_os="linux" for those rules.
#
# For a complete example, consult something like the release-tars target in
# build/release-tars/BUILD.
def for_platforms(
for_client = None,
for_node = None,
for_server = None,
for_test = None,
for_all = None,
default = None,
only_os = None):
d = {}
if default != None:
d["//conditions:default"] = default
_update_dict_for_platform_category(d, for_client, CLIENT_PLATFORMS, only_os)
_update_dict_for_platform_category(d, for_node, NODE_PLATFORMS, only_os)
_update_dict_for_platform_category(d, for_server, SERVER_PLATFORMS, only_os)
_update_dict_for_platform_category(d, for_test, TEST_PLATFORMS, only_os)
_update_dict_for_platform_category(d, for_all, ALL_PLATFORMS, only_os)
return d

256
build/release-tars/BUILD
View File

@ -1,7 +1,47 @@
package(default_visibility = ["//visibility:public"])
load("@io_kubernetes_build//defs:build.bzl", "release_filegroup")
load("@io_kubernetes_build//defs:pkg.bzl", "pkg_tar")
load(
"//build:platforms.bzl",
"CLIENT_PLATFORMS",
"NODE_PLATFORMS",
"SERVER_PLATFORMS",
"TEST_PLATFORMS",
"for_platforms",
"go_platform_constraint",
)
load("@io_k8s_repo_infra//defs:build.bzl", "release_filegroup")
load("@io_k8s_repo_infra//defs:pkg.bzl", "pkg_tar")
load("//staging:repos_generated.bzl", "staging_repos")
# Bazel doesn't make the output filename
# (such as kubernetes-server-{OS}-{ARCH}.tar.gz) configurable, so we instead
# create rules for all platforms and tag them manual.
# We then select the correct set of platform-specific tarballs in this filegroup
# using a select() statement.
# Thus the release-tars target always selects the correct set of tarballs
# for the configured platform being built.
release_filegroup(
name = "release-tars",
conditioned_srcs = for_platforms(
for_all = [
":kubernetes.tar.gz",
":kubernetes-src.tar.gz",
],
for_client = [":kubernetes-client-{OS}-{ARCH}.tar.gz"],
for_node = [":kubernetes-node-{OS}-{ARCH}.tar.gz"],
for_server = [
":kubernetes-server-{OS}-{ARCH}.tar.gz",
":kubernetes-manifests.tar.gz",
],
for_test = [
":kubernetes-test-portable.tar.gz",
":kubernetes-test-{OS}-{ARCH}.tar.gz",
# TODO(ixdy): remove once the "mondo-test" tarball is deprecated.
# It isn't really mondo under Bazel anyway.
":kubernetes-test.tar.gz",
],
),
)
filegroup(
name = "package-srcs",
@ -16,44 +56,22 @@ filegroup(
tags = ["automanaged"],
)
config_setting(
name = "package_src",
values = {
"define": "PACKAGE_SRC=true",
},
visibility = ["//visibility:private"],
)
genrule(
name = "kubernetes-src-readme",
outs = ["README-src.txt"],
cmd = """
echo For build efficiency, the src was not included in this release.>$@
echo The full source code can be viewed at >>$@
echo -n https://github.com/kubernetes/kubernetes/tree/ >>$@
grep ^STABLE_BUILD_GIT_COMMIT bazel-out/stable-status.txt | cut -d' ' -f2 >>$@
""",
stamp = 1,
)
pkg_tar(
name = "kubernetes-src",
srcs = select({
":package_src": ["//:all-srcs"],
"//conditions:default": ["README-src.txt"],
}),
srcs = ["//:all-srcs"],
extension = "tar.gz",
package_dir = "kubernetes",
strip_prefix = select({
":package_src": "//",
"//conditions:default": ".",
}),
tags = ["no-cache"],
strip_prefix = "//",
symlinks = {
"kubernetes/vendor/%s" % repo: "../../staging/src/%s" % repo
for repo in staging_repos
},
tags = [
"manual",
"no-cache",
],
)
# FIXME: this should be configurable/auto-detected
PLATFORM_ARCH_STRING = "linux-amd64"
# Included in node and server tarballs.
filegroup(
name = "license-targets",
@ -69,19 +87,23 @@ pkg_tar(
srcs = ["//build:client-targets"],
mode = "0755",
package_dir = "client/bin",
tags = ["no-cache"],
tags = [
"manual",
"no-cache",
],
visibility = ["//visibility:private"],
)
pkg_tar(
name = "kubernetes-client-%s" % PLATFORM_ARCH_STRING,
[[pkg_tar(
name = "kubernetes-client-%s-%s" % (os, arch),
extension = "tar.gz",
package_dir = "kubernetes",
tags = ["no-cache"],
deps = [
":_client-bin",
tags = [
"manual",
"no-cache",
],
)
deps = select({go_platform_constraint(os, arch): [":_client-bin"]}),
) for arch in archs] for os, archs in CLIENT_PLATFORMS.items()]
pkg_tar(
name = "_node-bin",
@ -91,21 +113,25 @@ pkg_tar(
],
mode = "0755",
package_dir = "node/bin",
tags = ["no-cache"],
tags = [
"manual",
"no-cache",
],
visibility = ["//visibility:private"],
)
pkg_tar(
name = "kubernetes-node-%s" % PLATFORM_ARCH_STRING,
[[pkg_tar(
name = "kubernetes-node-%s-%s" % (os, arch),
srcs = [":license-targets"],
extension = "tar.gz",
mode = "0644",
package_dir = "kubernetes",
tags = ["no-cache"],
deps = [
":_node-bin",
tags = [
"manual",
"no-cache",
],
)
deps = select({go_platform_constraint(os, arch): [":_node-bin"]}),
) for arch in archs] for os, archs in NODE_PLATFORMS.items()]
pkg_tar(
name = "_server-bin",
@ -117,7 +143,10 @@ pkg_tar(
],
mode = "0755",
package_dir = "server/bin",
tags = ["no-cache"],
tags = [
"manual",
"no-cache",
],
visibility = ["//visibility:private"],
)
@ -135,45 +164,120 @@ pkg_tar(
":.dummy",
],
package_dir = "addons",
tags = ["no-cache"],
tags = [
"manual",
"no-cache",
],
visibility = ["//visibility:private"],
)
pkg_tar(
name = "kubernetes-server-%s" % PLATFORM_ARCH_STRING,
[[pkg_tar(
name = "kubernetes-server-%s-%s" % (os, arch),
srcs = [":license-targets"],
extension = "tar.gz",
mode = "0644",
package_dir = "kubernetes",
tags = ["no-cache"],
deps = [
":_server-addons",
":_server-bin",
tags = [
"manual",
"no-cache",
],
deps = select({
go_platform_constraint(os, arch): [
":_server-addons",
":_server-bin",
],
}),
) for arch in archs] for os, archs in SERVER_PLATFORMS.items()]
# The mondo test tarball is deprecated.
pkg_tar(
name = "_test-mondo-bin",
srcs = ["//build:test-targets"],
mode = "0755",
package_dir = select(for_platforms(
for_test = "platforms/{OS}/{ARCH}",
)),
tags = [
"manual",
"no-cache",
],
visibility = ["//visibility:private"],
)
genrule(
name = "kubernetes-test-mondo-deprecation",
outs = ["DEPRECATION_NOTICE"],
cmd = """cat <<EOF >$@
The mondo test tarball containing binaries for all platforms is
DEPRECATED as of Kubernetes 1.14.
Users of this tarball should migrate to using the platform-specific
tarballs in combination with the "portable" tarball which contains
scripts, test images, and other manifests.
For more details, please see KEP
sig-testing/20190118-breaking-apart-the-kubernetes-test-tarball.
EOF
""",
visibility = ["//visibility:private"],
)
# The mondo test tarball is deprecated.
# This one was never really correct, anyway, since we can't include
# binaries from multiple platforms in a single tarball.
pkg_tar(
name = "kubernetes-test",
srcs = [
":kubernetes-test-mondo-deprecation",
"//build:test-portable-targets",
],
extension = "tar.gz",
package_dir = "kubernetes",
remap_paths = {
"build/release-tars/DEPRECATION_NOTICE": "DEPRECATION_NOTICE",
},
strip_prefix = "//",
tags = [
"manual",
"no-cache",
],
deps = select(for_platforms(
for_test = [":_test-mondo-bin"],
)),
)
pkg_tar(
name = "kubernetes-test-portable",
srcs = ["//build:test-portable-targets"],
extension = "tar.gz",
package_dir = "kubernetes",
strip_prefix = "//",
tags = ["no-cache"],
)
pkg_tar(
name = "_test-bin",
srcs = ["//build:test-targets"],
mode = "0755",
package_dir = "platforms/" + PLATFORM_ARCH_STRING.replace("-", "/"),
tags = ["no-cache"],
# TODO: how to make this multiplatform?
package_dir = "test/bin",
tags = [
"manual",
"no-cache",
],
visibility = ["//visibility:private"],
)
pkg_tar(
name = "kubernetes-test",
srcs = ["//build:test-portable-targets"],
[[pkg_tar(
name = "kubernetes-test-%s-%s" % (os, arch),
extension = "tar.gz",
package_dir = "kubernetes",
strip_prefix = "//",
tags = ["no-cache"],
deps = [
# TODO: how to make this multiplatform?
":_test-bin",
tags = [
"manual",
"no-cache",
],
)
deps = select({go_platform_constraint(os, arch): [":_test-bin"]}),
) for arch in archs] for os, archs in TEST_PLATFORMS.items()]
pkg_tar(
name = "_full_server",
@ -181,7 +285,10 @@ pkg_tar(
":kubernetes-manifests.tar.gz",
],
package_dir = "server",
tags = ["no-cache"],
tags = [
"manual",
"no-cache",
],
visibility = ["//visibility:private"],
)
@ -212,16 +319,3 @@ pkg_tar(
"//cluster:manifests",
],
)
release_filegroup(
name = "release-tars",
srcs = [
":kubernetes.tar.gz",
":kubernetes-client-%s.tar.gz" % PLATFORM_ARCH_STRING,
":kubernetes-node-%s.tar.gz" % PLATFORM_ARCH_STRING,
":kubernetes-server-%s.tar.gz" % PLATFORM_ARCH_STRING,
":kubernetes-manifests.tar.gz",
":kubernetes-src.tar.gz",
":kubernetes-test.tar.gz",
],
)

15
build/root/.bazelrc
View File

@ -24,3 +24,18 @@ test:unit --flaky_test_attempts=3
test:integration --local_test_jobs 4
test:integration --test_tag_filters=integration
# Darwin and Windows only cross-compile pure Go
build:cross:darwin_386 --platforms=@io_bazel_rules_go//go/toolchain:darwin_386
build:cross:darwin_amd64 --platforms=@io_bazel_rules_go//go/toolchain:darwin_amd64
build:cross:windows_386 --platforms=@io_bazel_rules_go//go/toolchain:windows_386
build:cross:windows_amd64 --platforms=@io_bazel_rules_go//go/toolchain:windows_amd64
# We enable cgo cross-compilation for Linux, but need to use our custom crosstool.
build:repo_infra_crosstool --crosstool_top=@io_k8s_repo_infra//tools:toolchain --compiler=gcc
build:cross:linux_386 --config=repo_infra_crosstool --platforms=@io_bazel_rules_go//go/toolchain:linux_386
build:cross:linux_amd64 --config=repo_infra_crosstool --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64 --cpu=amd64
build:cross:linux_arm --config=repo_infra_crosstool --platforms=@io_bazel_rules_go//go/toolchain:linux_arm --cpu=arm
build:cross:linux_arm64 --config=repo_infra_crosstool --platforms=@io_bazel_rules_go//go/toolchain:linux_arm64 --cpu=arm64
build:cross:linux_ppc64le --config=repo_infra_crosstool --platforms=@io_bazel_rules_go//go/toolchain:linux_ppc64le --cpu=ppc64le
build:cross:linux_s390x --config=repo_infra_crosstool --platforms=@io_bazel_rules_go//go/toolchain:linux_s390x --cpu=s390x

43
build/root/BUILD.root
View File

@ -13,33 +13,54 @@
package(default_visibility = ["//visibility:public"])
load("@io_kubernetes_build//defs:build.bzl", "gcs_upload")
load("@io_k8s_repo_infra//defs:build.bzl", "gcs_upload")
load("//build:platforms.bzl", "for_platforms")
filegroup(
name = "_binary-artifacts-and-hashes",
srcs = [
"//build:client-targets-and-hashes",
"//build:docker-artifacts-and-hashes",
"//build:node-targets-and-hashes",
"//build:server-targets-and-hashes",
"//build/debs:debs-and-hashes",
],
srcs = select(for_platforms(
for_client = ["//build:client-targets-and-hashes"],
for_node = [
"//build:node-targets-and-hashes",
"//build/debs:debs-and-hashes",
],
for_server = [
"//build:docker-artifacts-and-hashes",
"//build:server-targets-and-hashes",
],
)),
visibility = ["//visibility:private"],
)
# TODO: collect all relevant docker_push targets into one target that can be run:
# //build:push-server-images
# //cluster/images/conformance:push-conformance
# //cluster/images/hyperkube:push-hyperkube
gcs_upload(
name = "push-build",
data = [
":_binary-artifacts-and-hashes",
"//build/release-tars:release-tars-and-hashes",
"//cluster/gce/gci:gcs-release-artifacts-and-hashes",
"//cluster/gce/windows:gcs-release-artifacts-and-hashes",
],
tags = ["manual"],
upload_paths = {
"//:_binary-artifacts-and-hashes": "bin/linux/amd64",
# Use for_platforms to format the upload path based on the configured
# platform (os/arch).
# For example, this will turn into something like
# upload_paths = select({
# "@io_bazel_rules_go//go/platform:windows_386": {
# ...,"//:binary-artifacts-and-hashes": "bin/windows/386"},
# "@io_bazel_rules_go//go/platform:linux_ppc64le": {
# ...,"//:binary-artifacts-and-hashes": "bin/linux/ppc64le"},
#})
# and bazel will select the correct entry.
upload_paths = select(for_platforms(for_all = {
"//build/release-tars:release-tars-and-hashes": "",
"//cluster/gce/gci:gcs-release-artifacts-and-hashes": "extra/gce",
},
"//cluster/gce/windows:gcs-release-artifacts-and-hashes": "extra/gce/windows",
"//:_binary-artifacts-and-hashes": "bin/{OS}/{ARCH}",
})),
)
filegroup(

5
build/root/Makefile
View File

@ -282,8 +282,12 @@ endif
define TEST_CMD_HELP_INFO
# Build and run cmdline tests.
#
# Args:
# WHAT: List of tests to run, check test/cmd/legacy-script.sh for names.
# For example, WHAT=deployment will run run_deployment_tests function.
# Example:
# make test-cmd
# make test-cmd WHAT="deployment impersonation"
endef
.PHONY: test-cmd
ifeq ($(PRINT_HELP),y)
@ -291,7 +295,6 @@ test-cmd:
@echo "$$TEST_CMD_HELP_INFO"
else
test-cmd: generated_files
hack/make-rules/test-kubeadm-cmd.sh
hack/make-rules/test-cmd.sh
endif

39
build/root/Makefile.generated_files
View File

@ -296,16 +296,23 @@ $(DEFAULTER_GEN): $(k8s.io/kubernetes/vendor/k8s.io/code-generator/cmd/defaulter
# Conversion generation
# Any package that wants conversion functions generated into it must
# include one or more comment-tags in its `doc.go` file, of the form:
# // +k8s:conversion-gen=<INTERNAL_TYPES_DIR>
#
# Any package that wants conversion functions generated must include one or
# more comment-tags in any .go file, in column 0, of the form:
# // +k8s:conversion-gen=<CONVERSION_TARGET_DIR>
# The INTERNAL_TYPES_DIR is a project-local path to another directory
# which should be considered when evaluating peer types for
# conversions. An optional additional comment of the form
# // +k8s:conversion-gen-external-types=<EXTERNAL_TYPES_DIR>
#
# The CONVERSION_TARGET_DIR is a project-local path to another directory which
# should be considered when evaluating peer types for conversions. Types which
# are found in the source package (where conversions are being generated)
# but do not have a peer in one of the target directories will not have
# conversions generated.
# identifies where to find the external types; if there is no such
# comment then the external types are sought in the package where the
# `k8s:conversion` tag is found.
#
# Conversions, in both directions, are generated for every type name
# that is defined in both an internal types package and the external
# types package.
#
# TODO: it might be better in the long term to make peer-types explicit in the
# IDL.
@ -402,8 +409,10 @@ $(CONVERSION_GEN): $(k8s.io/kubernetes/vendor/k8s.io/code-generator/cmd/conversi
OPENAPI_BASENAME := $(GENERATED_FILE_PREFIX)openapi
OPENAPI_FILENAME := $(OPENAPI_BASENAME).go
OPENAPI_OUTPUT_PKG := pkg/generated/openapi
CRD_OPENAPI_OUTPUT_PKG := staging/src/k8s.io/apiextensions-apiserver/pkg/generated/openapi
BOILERPLATE_FILENAME := vendor/k8s.io/code-generator/hack/boilerplate.go.txt
REPORT_FILENAME := $(OUT_DIR)/violations.report
IGNORED_REPORT_FILENAME := $(OUT_DIR)/ignored_violations.report
KNOWN_VIOLATION_FILENAME := api/api-rules/violation_exceptions.list
# When UPDATE_API_KNOWN_VIOLATIONS is set to be true, let the generator to write
# updated API violations to the known API violation exceptions list.
@ -429,10 +438,11 @@ OPENAPI_DIRS := $(shell \
)
OPENAPI_OUTFILE := $(OPENAPI_OUTPUT_PKG)/$(OPENAPI_FILENAME)
CRD_OPENAPI_OUTFILE := $(CRD_OPENAPI_OUTPUT_PKG)/$(OPENAPI_FILENAME)
# This rule is the user-friendly entrypoint for openapi generation.
.PHONY: gen_openapi
gen_openapi: $(OPENAPI_OUTFILE) $(OPENAPI_GEN)
gen_openapi: $(OPENAPI_OUTFILE) $(OPENAPI_GEN) $(CRD_OPENAPI_OUTFILE)
# For each dir in OPENAPI_DIRS, this establishes a dependency between the
# output file and the input files that should trigger a rebuild.
@ -462,6 +472,17 @@ $(OPENAPI_OUTFILE): $(OPENAPI_GEN) $(KNOWN_VIOLATION_FILENAME)
diff $(REPORT_FILENAME) $(KNOWN_VIOLATION_FILENAME) || \
(echo -e $(API_RULE_CHECK_FAILURE_MESSAGE); exit 1)
# TODO(roycaihw): move the automation to apiextensions-apiserver
$(CRD_OPENAPI_OUTFILE): $(OPENAPI_GEN)
./hack/run-in-gopath.sh $(OPENAPI_GEN) \
--v $(KUBE_VERBOSE) \
--logtostderr \
-i "k8s.io/apimachinery/pkg/apis/meta/v1,k8s.io/api/autoscaling/v1" \
-p $(PRJ_SRC_PATH)/$(CRD_OPENAPI_OUTPUT_PKG) \
-O $(OPENAPI_BASENAME) \
-h $(BOILERPLATE_FILENAME) \
-r $(IGNORED_REPORT_FILENAME) \
"$$@"
# How to build the generator tool. The deps for this are defined in
# the $(GO_PKGDEPS_FILE), above.

99
build/root/WORKSPACE
View File

@ -1,98 +1,55 @@
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive", "http_file")
load("//build:workspace_mirror.bzl", "mirror")
load("//build:workspace.bzl", "CNI_VERSION", "CRI_TOOLS_VERSION")
http_archive(
name = "io_bazel_rules_go",
sha256 = "ade51a315fa17347e5c31201fdc55aa5ffb913377aa315dceb56ee9725e620ee",
urls = mirror("https://github.com/bazelbuild/rules_go/releases/download/0.16.6/rules_go-0.16.6.tar.gz"),
)
http_archive(
name = "io_kubernetes_build",
sha256 = "21160531ea8a9a4001610223ad815622bf60671d308988c7057168a495a7e2e8",
strip_prefix = "repo-infra-b4bc4f1552c7fc1d4654753ca9b0e5e13883429f",
urls = mirror("https://github.com/kubernetes/repo-infra/archive/b4bc4f1552c7fc1d4654753ca9b0e5e13883429f.tar.gz"),
)
http_archive(
name = "bazel_skylib",
sha256 = "bbccf674aa441c266df9894182d80de104cabd19be98be002f6d478aaa31574d",
strip_prefix = "bazel-skylib-2169ae1c374aab4a09aa90e65efe1a3aad4e279b",
urls = mirror("https://github.com/bazelbuild/bazel-skylib/archive/2169ae1c374aab4a09aa90e65efe1a3aad4e279b.tar.gz"),
sha256 = "eb5c57e4c12e68c0c20bc774bfbc60a568e800d025557bc4ea022c6479acc867",
strip_prefix = "bazel-skylib-0.6.0",
urls = mirror("https://github.com/bazelbuild/bazel-skylib/archive/0.6.0.tar.gz"),
)
ETCD_VERSION = "3.3.10"
load("@bazel_skylib//lib:versions.bzl", "versions")
versions.check(minimum_bazel_version = "0.18.0")
http_archive(
name = "com_coreos_etcd",
build_file = "@//third_party:etcd.BUILD",
sha256 = "1620a59150ec0a0124a65540e23891243feb2d9a628092fb1edcc23974724a45",
strip_prefix = "etcd-v%s-linux-amd64" % ETCD_VERSION,
urls = mirror("https://github.com/coreos/etcd/releases/download/v%s/etcd-v%s-linux-amd64.tar.gz" % (ETCD_VERSION, ETCD_VERSION)),
name = "io_k8s_repo_infra",
sha256 = "2cc74219eafebb0af1e0cf80b9c2b78aac9aa570de762bfb82b83e9164be9da2",
strip_prefix = "repo-infra-b461270ab6ccfb94ff2d78df96d26f669376d660",
urls = mirror("https://github.com/kubernetes/repo-infra/archive/b461270ab6ccfb94ff2d78df96d26f669376d660.tar.gz"),
)
http_archive(
name = "io_bazel_rules_docker",
sha256 = "29d109605e0d6f9c892584f07275b8c9260803bf0c6fcb7de2623b2bedc910bd",
strip_prefix = "rules_docker-0.5.1",
urls = mirror("https://github.com/bazelbuild/rules_docker/archive/v0.5.1.tar.gz"),
name = "io_bazel_rules_go",
sha256 = "6776d68ebb897625dead17ae510eac3d5f6342367327875210df44dbe2aeeb19",
urls = mirror("https://github.com/bazelbuild/rules_go/releases/download/0.17.1/rules_go-0.17.1.tar.gz"),
)
load("@bazel_skylib//:lib.bzl", "versions")
versions.check(minimum_bazel_version = "0.17.2")
load("@io_bazel_rules_go//go:def.bzl", "go_download_sdk", "go_register_toolchains", "go_rules_dependencies")
load("@io_bazel_rules_docker//docker:docker.bzl", "docker_pull", "docker_repositories")
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
go_rules_dependencies()
go_register_toolchains(
go_version = "1.11.5",
go_version = "1.12",
)
docker_repositories()
http_file(
name = "kubernetes_cni",
downloaded_file_path = "kubernetes_cni.tgz",
sha256 = "f04339a21b8edf76d415e7f17b620e63b8f37a76b2f706671587ab6464411f2d",
urls = mirror("https://storage.googleapis.com/kubernetes-release/network-plugins/cni-plugins-amd64-v%s.tgz" % CNI_VERSION),
http_archive(
name = "io_bazel_rules_docker",
sha256 = "aed1c249d4ec8f703edddf35cbe9dfaca0b5f5ea6e4cd9e83e99f3b0d1136c3d",
strip_prefix = "rules_docker-0.7.0",
urls = mirror("https://github.com/bazelbuild/rules_docker/archive/v0.7.0.tar.gz"),
)
http_file(
name = "cri_tools",
downloaded_file_path = "cri_tools.tgz",
sha256 = "e7d913bcce40bf54e37ab1d4b75013c823d0551e6bc088b217bc1893207b4844",
urls = mirror("https://github.com/kubernetes-incubator/cri-tools/releases/download/v%s/crictl-v%s-linux-amd64.tar.gz" % (CRI_TOOLS_VERSION, CRI_TOOLS_VERSION)),
load(
"@io_bazel_rules_docker//repositories:repositories.bzl",
container_repositories = "repositories",
)
docker_pull(
name = "debian-base-amd64",
digest = "sha256:86176bc8ccdc4d8ea7fbf6ba4b57fcefc2cb61ff7413114630940474ff9bf751",
registry = "k8s.gcr.io",
repository = "debian-base-amd64",
tag = "0.4.0", # ignored, but kept here for documentation
)
container_repositories()
docker_pull(
name = "debian-iptables-amd64",
digest = "sha256:d4ff8136b9037694a3165a7fff6a91e7fc828741b8ea1eda226d4d9ea5d23abb",
registry = "k8s.gcr.io",
repository = "debian-iptables-amd64",
tag = "v11.0", # ignored, but kept here for documentation
)
load("@io_bazel_rules_docker//container:container.bzl", "container_pull")
docker_pull(
name = "debian-hyperkube-base-amd64",
digest = "sha256:4a77bc882f7d629c088a11ff144a2e86660268fddf63b61f52b6a93d16ab83f0",
registry = "k8s.gcr.io",
repository = "debian-hyperkube-base-amd64",
tag = "0.12.0", # ignored, but kept here for documentation
)
docker_pull(
container_pull(
name = "official_busybox",
digest = "sha256:cb63aa0641a885f54de20f61d152187419e8f6b159ed11a251a09d115fdff9bd",
registry = "index.docker.io",
@ -100,6 +57,10 @@ docker_pull(
tag = "latest", # ignored, but kept here for documentation
)
load("//build:workspace.bzl", "release_dependencies")
release_dependencies()
load("//build:workspace_mirror.bzl", "export_urls")
export_urls("workspace_urls")

86
build/rpms/BUILD
View File

@ -1,49 +1,82 @@
package(default_visibility = ["//visibility:public"])
load("@bazel_tools//tools/build_defs/pkg:rpm.bzl", "pkg_rpm")
load("//build:platforms.bzl", "CLIENT_PLATFORMS", "NODE_PLATFORMS", "for_platforms")
load("//build:workspace.bzl", "CNI_VERSION", "CRI_TOOLS_VERSION")
load("@io_k8s_repo_infra//defs:build.bzl", "release_filegroup")
load("@io_k8s_repo_infra//defs:rpm.bzl", "pkg_rpm_for_goarch")
filegroup(
release_filegroup(
name = "rpms",
srcs = [
":cri-tools",
":kubeadm",
":kubectl",
":kubelet",
":kubernetes-cni",
],
conditioned_srcs = for_platforms(
default = [],
for_client = [":kubectl.rpm"],
for_node = [
":cri-tools.rpm",
":kubeadm.rpm",
":kubelet.rpm",
":kubernetes-cni.rpm",
],
only_os = "linux",
),
tags = ["manual"],
visibility = ["//visibility:public"],
)
pkg_rpm(
# Create genrules to copy the arch-specific RPMs to RPMs without the arch in their filename.
genrule(
name = "kubectl",
srcs = select(for_platforms(
for_client = [":kubectl-{ARCH}.rpm"],
only_os = "linux",
)),
outs = ["kubectl.rpm"],
cmd = "cp $< $@",
output_to_bindir = True,
)
[genrule(
name = pkg,
srcs = select(for_platforms(
for_client = [":%s-{ARCH}.rpm" % pkg],
only_os = "linux",
)),
outs = ["%s.rpm" % pkg],
cmd = "cp $< $@",
output_to_bindir = True,
) for pkg in [
"cri-tools",
"kubeadm",
"kubelet",
"kubernetes-cni",
]]
[pkg_rpm_for_goarch(
name = "kubectl",
architecture = "x86_64",
changelog = "//:CHANGELOG.md",
data = [
"//cmd/kubectl",
],
goarch = arch,
spec_file = "kubectl.spec",
tags = ["manual"],
version_file = "//build:os_package_version",
)
) for arch in CLIENT_PLATFORMS["linux"]]
pkg_rpm(
[pkg_rpm_for_goarch(
name = "kubelet",
architecture = "x86_64",
changelog = "//:CHANGELOG.md",
data = [
"kubelet.service",
"//cmd/kubelet",
],
goarch = arch,
spec_file = "kubelet.spec",
tags = ["manual"],
version_file = "//build:os_package_version",
)
) for arch in NODE_PLATFORMS["linux"]]
pkg_rpm(
[pkg_rpm_for_goarch(
name = "kubeadm",
architecture = "x86_64",
changelog = "//:CHANGELOG.md",
data = [
"10-kubeadm.conf",
@ -52,33 +85,34 @@ pkg_rpm(
"kubelet.env",
"//cmd/kubeadm",
],
goarch = arch,
spec_file = "kubeadm.spec",
tags = ["manual"],
version_file = "//build:os_package_version",
)
) for arch in NODE_PLATFORMS["linux"]]
pkg_rpm(
[pkg_rpm_for_goarch(
name = "kubernetes-cni",
architecture = "x86_64",
changelog = "//:CHANGELOG.md",
data = [
"@kubernetes_cni//file",
"@kubernetes_cni_{GOARCH}//file",
],
goarch = arch,
spec_file = "kubernetes-cni.spec",
tags = ["manual"],
version = CNI_VERSION,
)
) for arch in NODE_PLATFORMS["linux"]]
pkg_rpm(
[pkg_rpm_for_goarch(
name = "cri-tools",
architecture = "x86_64",
data = [
"@cri_tools//file",
"@cri_tools_{GOARCH}//file",
],
goarch = arch,
spec_file = "cri-tools.spec",
tags = ["manual"],
version = CRI_TOOLS_VERSION,
)
) for arch in NODE_PLATFORMS["linux"]]
filegroup(
name = "package-srcs",

2
build/rpms/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
reviewers:
- luxas
- jbeda

1
build/visible_to/BUILD
View File

@ -193,6 +193,7 @@ package_group(
"//pkg/kubectl/cmd/expose",
"//pkg/kubectl/cmd/get",
"//pkg/kubectl/cmd/help",
"//pkg/kubectl/cmd/kustomize",
"//pkg/kubectl/cmd/label",
"//pkg/kubectl/cmd/logs",
"//pkg/kubectl/cmd/options",

2
build/visible_to/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
reviewers:
- brendandburns
- dchen1107

2
build/visible_to/README.md
View File

@ -157,7 +157,7 @@ q=//cmd/kubectl:kubectl
bazel query "buildfiles(deps($q))" | \
grep -v @bazel_tools | \
grep -v @io_bazel_rules | \
grep -v @io_kubernetes_build | \
grep -v @io_k8s_repo_infra | \
grep -v @local_config | \
grep -v @local_jdk | \
grep -v //visible_to: | \

97
build/workspace.bzl
View File

@ -12,6 +12,101 @@
# See the License for the specific language governing permissions and
# limitations under the License.
CRI_TOOLS_VERSION = "1.12.0"
load("//build:platforms.bzl", "SERVER_PLATFORMS")
load("//build:workspace_mirror.bzl", "mirror")
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive", "http_file")
load("@io_bazel_rules_docker//container:container.bzl", "container_pull")
CNI_VERSION = "0.6.0"
_CNI_TARBALL_ARCH_SHA256 = {
"amd64": "f04339a21b8edf76d415e7f17b620e63b8f37a76b2f706671587ab6464411f2d",
"arm": "ffb62021d2fc6e1266dc6ef7f2058125b6e6b44c016291a2b04a15ed9b4be70a",
"arm64": "016bbc989877e35e3cd49fafe11415fb2717e52c74fde6b1650411154cb91b81",
"ppc64le": "dd38dec69b167cfe40ecbba4b18cfe5b4296f2e49b90c00804b3988ef968e859",
"s390x": "7708289eee7e52ad055407c421033d8e593f5cf1a0b43a872f09eb4e1508aafc",
}
CRI_TOOLS_VERSION = "1.12.0"
_CRI_TARBALL_ARCH_SHA256 = {
"amd64": "e7d913bcce40bf54e37ab1d4b75013c823d0551e6bc088b217bc1893207b4844",
"arm": "ca6b4ac80278d32d9cc8b8b19de140fd1cc35640f088969f7068fea2df625490",
"arm64": "8466f08b59bf36d2eebcb9428c3d4e6e224c3065d800ead09ad730ce374da6fe",
"ppc64le": "ec6254f1f6ffa064ba41825aab5612b7b005c8171fbcdac2ca3927d4e393000f",
"s390x": "814aa9cd496be416612c2653097a1c9eb5784e38aa4889034b44ebf888709057",
}
ETCD_VERSION = "3.3.10"
_ETCD_TARBALL_ARCH_SHA256 = {
"amd64": "1620a59150ec0a0124a65540e23891243feb2d9a628092fb1edcc23974724a45",
"arm64": "5ec97b0b872adce275b8130d19db314f7f2b803aeb24c4aae17a19e2d66853c4",
"ppc64le": "148fe96f0ec1813c5db9916199e96a913174304546bc8447a2d2f9fee4b8f6c2",
}
# Note that these are digests for the manifest list. We resolve the manifest
# list to each of its platform-specific images in
# debian_image_dependencies().
_DEBIAN_BASE_DIGEST = "sha256:6966a0aedd7592c18ff2dd803c08bd85780ee19f5e3a2e7cf908a4cd837afcde" # 0.4.1
_DEBIAN_IPTABLES_DIGEST = "sha256:656e45c00083359107b1d6ae0411ff3894ba23011a8533e229937a71be84e063" # v11.0.1
_DEBIAN_HYPERKUBE_BASE_DIGEST = "sha256:8cabe02be6e86685d8860b7ace7c7addc9591a339728703027a4854677f1c772" # 0.12.1
# Dependencies needed for a Kubernetes "release", e.g. building docker images,
# debs, RPMs, or tarballs.
def release_dependencies():
cni_tarballs()
cri_tarballs()
debian_image_dependencies()
etcd_tarballs()
def cni_tarballs():
for arch, sha in _CNI_TARBALL_ARCH_SHA256.items():
http_file(
name = "kubernetes_cni_%s" % arch,
downloaded_file_path = "kubernetes_cni.tgz",
sha256 = sha,
urls = mirror("https://storage.googleapis.com/kubernetes-release/network-plugins/cni-plugins-%s-v%s.tgz" % (arch, CNI_VERSION)),
)
def cri_tarballs():
for arch, sha in _CRI_TARBALL_ARCH_SHA256.items():
http_file(
name = "cri_tools_%s" % arch,
downloaded_file_path = "cri_tools.tgz",
sha256 = sha,
urls = mirror("https://github.com/kubernetes-incubator/cri-tools/releases/download/v%s/crictl-v%s-linux-%s.tar.gz" % (CRI_TOOLS_VERSION, CRI_TOOLS_VERSION, arch)),
)
def debian_image_dependencies():
for arch in SERVER_PLATFORMS["linux"]:
container_pull(
name = "debian-base-" + arch,
architecture = arch,
digest = _DEBIAN_BASE_DIGEST,
registry = "k8s.gcr.io",
repository = "debian-base",
)
container_pull(
name = "debian-iptables-" + arch,
architecture = arch,
digest = _DEBIAN_IPTABLES_DIGEST,
registry = "k8s.gcr.io",
repository = "debian-iptables",
)
container_pull(
name = "debian-hyperkube-base-" + arch,
architecture = arch,
digest = _DEBIAN_HYPERKUBE_BASE_DIGEST,
registry = "k8s.gcr.io",
repository = "debian-hyperkube-base",
)
def etcd_tarballs():
for arch, sha in _ETCD_TARBALL_ARCH_SHA256.items():
http_archive(
name = "com_coreos_etcd_%s" % arch,
build_file = "@//third_party:etcd.BUILD",
sha256 = sha,
strip_prefix = "etcd-v%s-linux-%s" % (ETCD_VERSION, arch),
urls = mirror("https://github.com/coreos/etcd/releases/download/v%s/etcd-v%s-linux-%s.tar.gz" % (ETCD_VERSION, ETCD_VERSION, arch)),
)

2
cluster/BUILD
View File

@ -1,6 +1,6 @@
package(default_visibility = ["//visibility:public"])
load("@io_kubernetes_build//defs:pkg.bzl", "pkg_tar")
load("@io_k8s_repo_infra//defs:pkg.bzl", "pkg_tar")
filegroup(
name = "package-srcs",

6
cluster/OWNERS
View File

@ -1,15 +1,19 @@
# See the OWNERS docs at https://go.k8s.io/owners
reviewers:
- bentheelder
- eparis
- jbeda
- Katharine
- mikedanese
- roberthbailey
- spiffxp
- zmerlynn
approvers:
- eparis
- jbeda
- mikedanese
- roberthbailey
- spiffxp
- zmerlynn
labels:
- sig/cluster-lifecycle

2
cluster/addons/BUILD
View File

@ -1,6 +1,6 @@
package(default_visibility = ["//visibility:public"])
load("@io_kubernetes_build//defs:pkg.bzl", "pkg_tar")
load("@io_k8s_repo_infra//defs:pkg.bzl", "pkg_tar")
filegroup(
name = "addon-srcs",

2
cluster/addons/addon-manager/Makefile
View File

@ -18,7 +18,7 @@ TEMP_DIR:=$(shell mktemp -d)
VERSION=v9.0
KUBECTL_VERSION?=v1.13.2
BASEIMAGE=k8s.gcr.io/debian-base-$(ARCH):0.4.0
BASEIMAGE=k8s.gcr.io/debian-base-$(ARCH):0.4.1
SUDO=$(if $(filter 0,$(shell id -u)),,sudo)

2
cluster/addons/addon-manager/OWNERS
View File

@ -1,2 +1,4 @@
# See the OWNERS docs at https://go.k8s.io/owners
reviewers:
- mrhohn

2
cluster/addons/calico-policy-controller/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- bowei
- caseydavenport

6
cluster/addons/cluster-loadbalancing/MAINTAINERS.md
View File

@ -1,6 +0,0 @@
# Maintainers
Prashanth.B <beeps@google.com>
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/cluster/addons/cluster-loadbalancing/MAINTAINERS.md?pixel)]()

2
cluster/addons/cluster-loadbalancing/OWNERS
View File

@ -2,7 +2,9 @@ approvers:
- bowei
- rramkumar1
- mrhohn
- freehan
reviewers:
- bowei
- rramkumar1
- mrhohn
- freehan

111
cluster/addons/cluster-loadbalancing/glbc/README.md
View File

@ -1,112 +1,9 @@
# GCE Load-Balancer Controller (GLBC) Cluster Addon
This cluster addon is composed of:
* A [Google L7 LoadBalancer Controller](https://github.com/kubernetes/contrib/tree/master/ingress/controllers/gce)
* A [404 default backend](https://github.com/kubernetes/contrib/tree/master/404-server) Service + RC
This cluster addon is composed of a 404 default backend service and deployment.
On GCE, this 404 service is used in conjunction with the
[Ingress-GCE](https://github.com/kubernetes/ingress-gce) controller.
It relies on the [Ingress resource](https://kubernetes.io/docs/user-guide/ingress.md) only available in Kubernetes version 1.1 and beyond.
See the Ingress-GCE docs for more information.
## Prerequisites
Before you can receive traffic through the GCE L7 Loadbalancer Controller you need:
* A Working Kubernetes 1.1 cluster
* At least 1 Kubernetes [NodePort Service](https://kubernetes.io/docs/user-guide/services.md#type-nodeport) (this is the endpoint for your Ingress)
* Firewall-rules that allow traffic to the NodePort service, as indicated by `kubectl` at Service creation time
* Adequate quota, as mentioned in the next section
* A single instance of the L7 Loadbalancer Controller pod (if you're using the default GCE setup, this should already be running in the `kube-system` namespace)
## Quota
GLBC is not aware of your GCE quota. As of this writing users get 3 [GCE Backend Services](https://cloud.google.com/compute/docs/load-balancing/http/backend-service) by default. If you plan on creating Ingresses for multiple Kubernetes Services, remember that each one requires a backend service, and request quota. Should you fail to do so the controller will poll periodically and grab the first free backend service slot it finds. You can view your quota:
```console
$ gcloud compute project-info describe --project myproject
```
See [GCE documentation](https://cloud.google.com/compute/docs/resource-quotas#checking_your_quota) for how to request more.
## Latency
It takes ~1m to spin up a loadbalancer (this includes acquiring the public ip), and ~5-6m before the GCE api starts healthchecking backends. So as far as latency goes, here's what to expect:
Assume one creates the following simple Ingress:
```yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress
spec:
backend:
# This will just loopback to the default backend of GLBC
serviceName: default-http-backend
servicePort: 80
```
* time, t=0
```console
$ kubectl get ing
NAME RULE BACKEND ADDRESS
test-ingress - default-http-backend:80
$ kubectl describe ing
No events.
```
* time, t=1m
```console
$ kubectl get ing
NAME RULE BACKEND ADDRESS
test-ingress - default-http-backend:80 130.211.5.27
$ kubectl describe ing
target-proxy: k8s-tp-default-test-ingress
url-map: k8s-um-default-test-ingress
backends: {"k8s-be-32342":"UNKNOWN"}
forwarding-rule: k8s-fw-default-test-ingress
Events:
FirstSeen LastSeen Count From SubobjectPath Reason Message
───────── ──────── ───── ──── ───────────── ────── ───────
46s 46s 1 {loadbalancer-controller } Success Created loadbalancer 130.211.5.27
```
* time, t=5m
```console
$ kubectl describe ing
target-proxy: k8s-tp-default-test-ingress
url-map: k8s-um-default-test-ingress
backends: {"k8s-be-32342":"HEALTHY"}
forwarding-rule: k8s-fw-default-test-ingress
Events:
FirstSeen LastSeen Count From SubobjectPath Reason Message
───────── ──────── ───── ──── ───────────── ────── ───────
46s 46s 1 {loadbalancer-controller } Success Created loadbalancer 130.211.5.27
```
## Disabling GLBC
Since GLBC runs as a cluster addon, you cannot simply delete the RC. The easiest way to disable it is to do as follows:
* IFF you want to tear down existing L7 loadbalancers, hit the /delete-all-and-quit endpoint on the pod:
```console
$ kubectl get pods --namespace=kube-system
NAME READY STATUS RESTARTS AGE
l7-lb-controller-7bb21 1/1 Running 0 1h
$ kubectl exec l7-lb-controller-7bb21 -c l7-lb-controller curl http://localhost:8081/delete-all-and-quit --namespace=kube-system
$ kubectl logs l7-lb-controller-7b221 -c l7-lb-controller --follow
...
I1007 00:30:00.322528 1 main.go:160] Handled quit, awaiting pod deletion.
```
* Nullify the RC (but don't delete it or the addon controller will "fix" it for you)
```console
$ kubectl scale rc l7-lb-controller --replicas=0 --namespace=kube-system
```
## Limitations
* This cluster addon is still in the Beta phase. It behooves you to read through the GLBC documentation mentioned above and make sure there are no surprises.
* The recommended way to tear down a cluster with active Ingresses is to either delete each Ingress, or hit the /delete-all-and-quit endpoint on GLBC as described below, before invoking a cluster teardown script (eg: kube-down.sh). You will have to manually cleanup GCE resources through the [cloud console](https://cloud.google.com/compute/docs/console#access) or [gcloud CLI](https://cloud.google.com/compute/docs/gcloud-compute/) if you simply tear down the cluster with active Ingresses.
* All L7 Loadbalancers created by GLBC have a default backend. If you don't specify one in your Ingress, GLBC will assign the 404 default backend mentioned above.
* All Kubernetes services must serve a 200 page on '/', or whatever custom value you've specified through GLBC's `--health-check-path argument`.
* GLBC is not built for performance. Creating many Ingresses at a time can overwhelm it. It won't fall over, but will take its own time to churn through the Ingress queue. It doesn't understand concepts like fairness or backoff just yet.
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/cluster/addons/cluster-loadbalancing/glbc/README.md?pixel)]()

2
cluster/addons/cluster-monitoring/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- DirectXMan12
- kawych

10
cluster/addons/cluster-monitoring/google/heapster-service.yaml
View File

@ -1,15 +1,15 @@
kind: Service
apiVersion: v1
metadata:
metadata:
name: heapster
namespace: kube-system
labels:
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "Heapster"
spec:
ports:
spec:
ports:
- port: 80
targetPort: 8082
selector:
selector:
k8s-app: heapster

6
cluster/addons/cluster-monitoring/influxdb/heapster-service.yaml
View File

@ -7,9 +7,9 @@ metadata:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "Heapster"
spec:
ports:
spec:
ports:
- port: 80
targetPort: 8082
selector:
selector:
k8s-app: heapster

1
cluster/addons/cluster-monitoring/influxdb/influxdb-grafana-controller.yaml
View File

@ -49,7 +49,6 @@ spec:
mountPath: /data
- name: grafana
image: k8s.gcr.io/heapster-grafana-amd64:v4.4.3
env:
resources:
# keep request = limit to keep this container in guaranteed class
limits:

10
cluster/addons/cluster-monitoring/stackdriver/heapster-service.yaml
View File

@ -1,15 +1,15 @@
kind: Service
apiVersion: v1
metadata:
metadata:
name: heapster
namespace: kube-system
labels:
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "Heapster"
spec:
ports:
spec:
ports:
- port: 80
targetPort: 8082
selector:
selector:
k8s-app: heapster

10
cluster/addons/cluster-monitoring/standalone/heapster-service.yaml
View File

@ -1,15 +1,15 @@
kind: Service
apiVersion: v1
metadata:
metadata:
name: heapster
namespace: kube-system
labels:
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "Heapster"
spec:
ports:
spec:
ports:
- port: 80
targetPort: 8082
selector:
selector:
k8s-app: heapster

2
cluster/addons/dashboard/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- bryk
reviewers:

2
cluster/addons/device-plugins/nvidia-gpu/daemonset.yaml
View File

@ -38,7 +38,7 @@ spec:
hostPath:
path: /dev
containers:
- image: "k8s.gcr.io/nvidia-gpu-device-plugin@sha256:0842734032018be107fa2490c98156992911e3e1f2a21e059ff0105b07dd8e9e"
- image: "k8s.gcr.io/nvidia-gpu-device-plugin@sha256:d18b678437fedc4ec4211c20b3e5469a137a44f989da43dc275e4f2678170db4"
command: ["/usr/bin/nvidia-gpu-device-plugin", "-logtostderr"]
name: nvidia-gpu-device-plugin
resources:

2
cluster/addons/dns-horizontal-autoscaler/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- bowei
- mrhohn

4
cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
View File

@ -33,7 +33,7 @@ rules:
- apiGroups: [""]
resources: ["replicationcontrollers/scale"]
verbs: ["get", "update"]
- apiGroups: ["extensions"]
- apiGroups: ["extensions","apps"]
resources: ["deployments/scale", "replicasets/scale"]
verbs: ["get", "update"]
# Remove the configmaps rule once below issue is fixed:
@ -85,7 +85,7 @@ spec:
fsGroup: 65534
containers:
- name: autoscaler
image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.3.0
image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.4.0
resources:
requests:
cpu: "20m"

2
cluster/addons/dns/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- bowei
- mrhohn

10
cluster/addons/dns/coredns/coredns.yaml.base
View File

@ -70,7 +70,7 @@ data:
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
proxy . /etc/resolv.conf
forward . /etc/resolv.conf
cache 30
loop
reload
@ -106,6 +106,7 @@ spec:
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-cluster-critical
serviceAccountName: coredns
tolerations:
- key: "CriticalAddonsOnly"
@ -114,7 +115,7 @@ spec:
beta.kubernetes.io/os: linux
containers:
- name: coredns
image: k8s.gcr.io/coredns:1.2.6
image: k8s.gcr.io/coredns:1.3.1
imagePullPolicy: IfNotPresent
resources:
limits:
@ -146,6 +147,11 @@ spec:
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:

10
cluster/addons/dns/coredns/coredns.yaml.in
View File

@ -70,7 +70,7 @@ data:
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
proxy . /etc/resolv.conf
forward . /etc/resolv.conf
cache 30
loop
reload
@ -106,6 +106,7 @@ spec:
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-cluster-critical
serviceAccountName: coredns
tolerations:
- key: "CriticalAddonsOnly"
@ -114,7 +115,7 @@ spec:
beta.kubernetes.io/os: linux
containers:
- name: coredns
image: k8s.gcr.io/coredns:1.2.6
image: k8s.gcr.io/coredns:1.3.1
imagePullPolicy: IfNotPresent
resources:
limits:
@ -146,6 +147,11 @@ spec:
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:

10
cluster/addons/dns/coredns/coredns.yaml.sed
View File

@ -70,7 +70,7 @@ data:
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
proxy . /etc/resolv.conf
forward . /etc/resolv.conf
cache 30
loop
reload
@ -106,6 +106,7 @@ spec:
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-cluster-critical
serviceAccountName: coredns
tolerations:
- key: "CriticalAddonsOnly"
@ -114,7 +115,7 @@ spec:
beta.kubernetes.io/os: linux
containers:
- name: coredns
image: k8s.gcr.io/coredns:1.2.6
image: k8s.gcr.io/coredns:1.3.1
imagePullPolicy: IfNotPresent
resources:
limits:
@ -146,6 +147,11 @@ spec:
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:

8
cluster/addons/dns/nodelocaldns/README.md
View File

@ -2,11 +2,11 @@
This addon runs a node-local-dns pod on all cluster nodes. The pod runs CoreDNS as the dns cache. It runs with `hostNetwork:True` and creates a dedicated dummy interface with a link local ip(169.254.20.10/32 by default) to listen for DNS queries. The cache instances connect to clusterDNS in case of cache misses.
Design details [here](https://github.com/kubernetes/community/blob/master/keps/sig-network/0030-nodelocal-dns-cache.md)
Design details [here](https://git.k8s.io/enhancements/keps/sig-network/0030-nodelocal-dns-cache.md)
## nodelocaldns addon template
This directory contains the addon config yaml - `nodelocaldns.yaml`
This directory contains the addon config yaml - `nodelocaldns.yaml`
The variables will be substituted by the configure scripts when the yaml is copied into master.
To create a GCE cluster with nodelocaldns enabled, use the command:
`KUBE_ENABLE_NODELOCAL_DNS=true go run hack/e2e.go -v --up`
@ -35,3 +35,7 @@ spec:
- Ingress
- Egress
```
### Negative caching
The `denial` cache TTL has been reduced to the minimum of 5 seconds [here](https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml#L37). In the unlikely event that this impacts performance, setting this TTL to a higher value make help alleviate issues, but be aware that operations that rely on DNS polling for orchestration may fail (for example operators with StatefulSets).

5
cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
View File

@ -34,7 +34,10 @@ data:
Corefile: |
__PILLAR__DNS__DOMAIN__:53 {
errors
cache 30
cache {
success 9984 30
denial 9984 5
}
reload
loop
bind __PILLAR__LOCAL__DNS__

2
cluster/addons/fluentd-elasticsearch/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- coffeepac
- monotek

186
cluster/addons/fluentd-elasticsearch/README.md
View File

@ -1,83 +1,103 @@
# Elasticsearch Add-On
This add-on consists of a combination of [Elasticsearch][elasticsearch],
[Fluentd][fluentd] and [Kibana][kibana]. Elasticsearch is a search engine
that is responsible for storing our logs and allowing for them to be queried.
Fluentd sends log messages from Kubernetes to Elasticsearch, whereas Kibana
is a graphical interface for viewing and querying the logs stored in
Elasticsearch.
**Note:** this addon should **not** be used as-is in production. This is
an example and you should treat it as such. Please see at least the
[Security](#security) and the [Storage](#storage) sections for more
information.
## Elasticsearch
Elasticsearch is deployed as a [StatefulSet][statefulSet], which is like
a Deployment, but allows for maintaining state on storage volumes.
### Security
Elasticsearch has capabilities to enable authorization using the [X-Pack
plugin][xPack]. For the sake of simplicity this example uses the fully open
source prebuild images from elastic that do not contain the X-Pack plugin. If
you need these features, please consider building the images from either the
"basic" or "platinum" version. After enabling these features, follow [official
documentation][setupCreds] to set up credentials in Elasticsearch and Kibana.
Don't forget to propagate those credentials also to Fluentd in its
[configuration][fluentdCreds], using for example [environment
variables][fluentdEnvVar]. You can utilize [ConfigMaps][configMap] and
[Secrets][secret] to store credentials in the Kubernetes apiserver.
### Initialization
The Elasticsearch StatefulSet manifest specifies that there shall be an
[init container][initContainer] executing before Elasticsearch containers
themselves, in order to ensure that the kernel state variable
`vm.max_map_count` is at least 262144, since this is a requirement of
Elasticsearch. You may remove the init container if you know that your host
OS meets this requirement.
### Storage
The Elasticsearch StatefulSet will use the [EmptyDir][emptyDir] volume to
store data. EmptyDir is erased when the pod terminates, here it is used only
for testing purposes. **Important:** please change the storage to persistent
volume claim before actually using this StatefulSet in your setup!
## Fluentd
Fluentd is deployed as a [DaemonSet][daemonSet] which spawns a pod on each
node that reads logs, generated by kubelet, container runtime and containers
and sends them to Elasticsearch.
**Note:** in order for Fluentd to work, every Kubernetes node must be labeled
with `beta.kubernetes.io/fluentd-ds-ready=true`, as otherwise the Fluentd
DaemonSet will ignore them.
Learn more in the [official Kubernetes documentation][k8sElasticsearchDocs].
### Known problems
Since Fluentd talks to the Elasticsearch service inside the cluster, instances
on masters won't work, because masters have no kube-proxy. Don't mark masters
with the label mentioned in the previous paragraph or add a taint on them to
avoid Fluentd pods scheduling there.
[fluentd]: http://www.fluentd.org/
[elasticsearch]: https://www.elastic.co/products/elasticsearch
[kibana]: https://www.elastic.co/products/kibana
[xPack]: https://www.elastic.co/products/x-pack
[setupCreds]: https://www.elastic.co/guide/en/x-pack/current/setting-up-authentication.html#reset-built-in-user-passwords
[fluentdCreds]: https://github.com/uken/fluent-plugin-elasticsearch#user-password-path-scheme-ssl_verify
[fluentdEnvVar]: https://docs.fluentd.org/v0.12/articles/faq#how-can-i-use-environment-variables-to-configure-parameters-dynamically
[configMap]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/
[secret]: https://kubernetes.io/docs/concepts/configuration/secret/
[statefulSet]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset
[initContainer]: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
[emptyDir]: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
[daemonSet]: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
[k8sElasticsearchDocs]: https://kubernetes.io/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/cluster/addons/fluentd-elasticsearch/README.md?pixel)]()
# Elasticsearch Add-On
This add-on consists of a combination of [Elasticsearch][elasticsearch],
[Fluentd][fluentd] and [Kibana][kibana]. Elasticsearch is a search engine
that is responsible for storing our logs and allowing for them to be queried.
Fluentd sends log messages from Kubernetes to Elasticsearch, whereas Kibana
is a graphical interface for viewing and querying the logs stored in
Elasticsearch.
**Note:** this addon should **not** be used as-is in production. This is
an example and you should treat it as such. Please see at least the
[Security](#security) and the [Storage](#storage) sections for more
information.
## Elasticsearch
Elasticsearch is deployed as a [StatefulSet][statefulSet], which is like
a Deployment, but allows for maintaining state on storage volumes.
### Security
Elasticsearch has capabilities to enable authorization using the [X-Pack
plugin][xPack]. For the sake of simplicity this example uses the fully open
source prebuild images from elastic that do not contain the X-Pack plugin. If
you need these features, please consider building the images from either the
"basic" or "platinum" version. After enabling these features, follow [official
documentation][setupCreds] to set up credentials in Elasticsearch and Kibana.
Don't forget to propagate those credentials also to Fluentd in its
[configuration][fluentdCreds], using for example [environment
variables][fluentdEnvVar]. You can utilize [ConfigMaps][configMap] and
[Secrets][secret] to store credentials in the Kubernetes apiserver.
### Initialization
The Elasticsearch StatefulSet manifest specifies that there shall be an
[init container][initContainer] executing before Elasticsearch containers
themselves, in order to ensure that the kernel state variable
`vm.max_map_count` is at least 262144, since this is a requirement of
Elasticsearch. You may remove the init container if you know that your host
OS meets this requirement.
### Storage
The Elasticsearch StatefulSet will use the [EmptyDir][emptyDir] volume to
store data. EmptyDir is erased when the pod terminates, here it is used only
for testing purposes. **Important:** please change the storage to persistent
volume claim before actually using this StatefulSet in your setup!
## Fluentd
Fluentd is deployed as a [DaemonSet][daemonSet] which spawns a pod on each
node that reads logs, generated by kubelet, container runtime and containers
and sends them to Elasticsearch.
Learn more in the [official Kubernetes documentation][k8sElasticsearchDocs].
## Building
Both images are now being hosted in google cloud and are built via the
[cloud build](https://cloud.google.com/cloud-build/) product. To build these
images yourself you will need to have the [gcloud sdk](https://cloud.google.com/sdk/install)
installed and you will need to login. You can then run `make` in either
image directory to trigger a container build.
### Known problems
Since Fluentd talks to the Elasticsearch service inside the cluster, instances
on masters won't work, because masters have no kube-proxy. Don't mark masters
with the label mentioned in the previous paragraph or add a taint on them to
avoid Fluentd pods scheduling there.
[fluentd]: http://www.fluentd.org/
[elasticsearch]: https://www.elastic.co/products/elasticsearch
[kibana]: https://www.elastic.co/products/kibana
[xPack]: https://www.elastic.co/products/x-pack
[setupCreds]: https://www.elastic.co/guide/en/x-pack/current/setting-up-authentication.html#reset-built-in-user-passwords
[fluentdCreds]: https://github.com/uken/fluent-plugin-elasticsearch#user-password-path-scheme-ssl_verify
[fluentdEnvVar]: https://docs.fluentd.org/v0.12/articles/faq#how-can-i-use-environment-variables-to-configure-parameters-dynamically
[configMap]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/
[secret]: https://kubernetes.io/docs/concepts/configuration/secret/
[statefulSet]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset
[initContainer]: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
[emptyDir]: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
[daemonSet]: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
[k8sElasticsearchDocs]: https://kubernetes.io/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/cluster/addons/fluentd-elasticsearch/README.md?pixel)]()
## Running EFK stack in production
The configurations provided here, for Elasticsearch, Fluentd & Kibana (EFK),
are a starting point and should not be considered to be production ready.
If you like to run these tools in a production environment you could use the
[Helm](https://helm.sh) charts, provided by the Helm community, which are used
by a lot of people and therefore are widely tested. You can find them all via the
[Helm Hub](https://hub.helm.sh/).
The source of the mentioned charts can be found here:
* [Elasticsearch](https://github.com/helm/charts/tree/master/stable/elasticsearch)
* [Fluentd-elasticsearch](https://github.com/kiwigrid/helm-charts/tree/master/charts/fluentd-elasticsearch)
* [Kibana](https://github.com/helm/charts/tree/master/stable/kibana)

10
cluster/addons/fluentd-elasticsearch/es-image/Dockerfile
View File

@ -12,12 +12,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.
FROM docker.elastic.co/elasticsearch/elasticsearch-oss:6.3.2
FROM golang:1.11.5 AS builder
COPY elasticsearch_logging_discovery.go go.mod go.sum /
RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -a -ldflags "-w" -o /elasticsearch_logging_discovery /elasticsearch_logging_discovery.go
FROM docker.elastic.co/elasticsearch/elasticsearch-oss:6.6.1
VOLUME ["/data"]
EXPOSE 9200 9300
COPY elasticsearch_logging_discovery run.sh bin/
COPY --from=builder /elasticsearch_logging_discovery bin/
COPY run.sh bin/
COPY config/elasticsearch.yml config/log4j2.properties config/
USER root

17
cluster/addons/fluentd-elasticsearch/es-image/Makefile
View File

@ -12,20 +12,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
.PHONY: binary build push
.PHONY: build
PREFIX = staging-k8s.gcr.io
PREFIX = gcr.io/fluentd-elasticsearch
IMAGE = elasticsearch
TAG = v6.3.0
TAG = v6.6.1
build:
docker build --pull -t $(PREFIX)/$(IMAGE):$(TAG) .
push:
docker push $(PREFIX)/$(IMAGE):$(TAG)
binary:
CGO_ENABLED=0 GOOS=linux go build -a -ldflags "-w" elasticsearch_logging_discovery.go
clean:
rm elasticsearch_logging_discovery
gcloud builds submit --tag ${PREFIX}/${IMAGE}:${TAG}

35
cluster/addons/fluentd-elasticsearch/es-image/go.mod Normal file
View File

@ -0,0 +1,35 @@
module fake/import/path
require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/docker/distribution v2.7.1+incompatible // indirect
github.com/gogo/protobuf v1.2.0 // indirect
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c // indirect
github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf // indirect
github.com/googleapis/gnostic v0.2.0 // indirect
github.com/gregjones/httpcache v0.0.0-20181110185634-c63ab54fda8f // indirect
github.com/imdario/mergo v0.3.6 // indirect
github.com/json-iterator/go v1.1.5 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.1 // indirect
github.com/opencontainers/go-digest v1.0.0-rc1 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/spf13/pflag v1.0.3 // indirect
github.com/stretchr/testify v1.3.0 // indirect
golang.org/x/crypto v0.0.0-20190122013713-64072686203f // indirect
golang.org/x/net v0.0.0-20190119204137-ed066c81e75e // indirect
golang.org/x/oauth2 v0.0.0-20190115181402-5dab4167f31c // indirect
golang.org/x/sys v0.0.0-20190122071731-054c452bb702 // indirect
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.2.2 // indirect
k8s.io/api v0.0.0-20190111032252-67edc246be36 // indirect
k8s.io/apiextensions-apiserver v0.0.0-20190111034747-7d26de67f177 // indirect
k8s.io/apimachinery v0.0.0-20181127025237-2b1284ed4c93
k8s.io/apiserver v0.0.0-20190111033246-d50e9ac5404f // indirect
k8s.io/client-go v10.0.0+incompatible
k8s.io/klog v0.1.0
k8s.io/kubernetes v1.13.2
k8s.io/utils v0.0.0-20181221173059-8a16e7dd8fb6 // indirect
sigs.k8s.io/yaml v1.1.0 // indirect
)

79
cluster/addons/fluentd-elasticsearch/es-image/go.sum Normal file
View File

@ -0,0 +1,79 @@
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/gogo/protobuf v1.2.0 h1:xU6/SpYbvkNYiptHJYEDRseDLvYE7wSqhYYNy0QSUzI=
github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c h1:964Od4U6p2jUkFxvCydnIczKteheJEzHRToSGK3Bnlw=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf h1:+RRA9JqSOZFfKrOeqr2z77+8R2RKyh8PG66dcu1V0ck=
github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
github.com/googleapis/gnostic v0.2.0 h1:l6N3VoaVzTncYYW+9yOz2LJJammFZGBO13sqgEhpy9g=
github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/gregjones/httpcache v0.0.0-20181110185634-c63ab54fda8f h1:ShTPMJQes6tubcjzGMODIVG5hlrCeImaBnZzKF2N8SM=
github.com/gregjones/httpcache v0.0.0-20181110185634-c63ab54fda8f/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/json-iterator/go v1.1.5 h1:gL2yXlmiIo4+t+y32d4WGwOjKGYcGOuyrg46vadswDE=
github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
golang.org/x/crypto v0.0.0-20190122013713-64072686203f h1:u1CmMhe3a44hy8VIgpInORnI01UVaUYheqR7x9BxT3c=
golang.org/x/crypto v0.0.0-20190122013713-64072686203f/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190119204137-ed066c81e75e h1:MDa3fSUp6MdYHouVmCCNz/zaH2a6CRcxY3VhT/K3C5Q=
golang.org/x/net v0.0.0-20190119204137-ed066c81e75e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/oauth2 v0.0.0-20190115181402-5dab4167f31c h1:pcBdqVcrlT+A3i+tWsOROFONQyey9tisIQHI4xqVGLg=
golang.org/x/oauth2 v0.0.0-20190115181402-5dab4167f31c/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190122071731-054c452bb702 h1:Lk4tbZFnlyPgV+sLgTw5yGfzrlOn9kx4vSombi2FFlY=
golang.org/x/sys v0.0.0-20190122071731-054c452bb702/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c h1:fqgJT0MGcGpPgpWU7VRdRjuArfcOvC4AoJmILihzhDg=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
k8s.io/api v0.0.0-20190111032252-67edc246be36 h1:XrFGq/4TDgOxYOxtNROTyp2ASjHjBIITdk/+aJD+zyY=
k8s.io/api v0.0.0-20190111032252-67edc246be36/go.mod h1:iuAfoD4hCxJ8Onx9kaTIt30j7jUFS00AXQi6QMi99vA=
k8s.io/apiextensions-apiserver v0.0.0-20190111034747-7d26de67f177 h1:jtIDnyMLAy15hJmcjRMq3ia0LwHkQBLVo1IRXdDMS38=
k8s.io/apiextensions-apiserver v0.0.0-20190111034747-7d26de67f177/go.mod h1:IxkesAMoaCRoLrPJdZNZUQp9NfZnzqaVzLhb2VEQzXE=
k8s.io/apimachinery v0.0.0-20181127025237-2b1284ed4c93 h1:tT6oQBi0qwLbbZSfDkdIsb23EwaLY85hoAV4SpXfdao=
k8s.io/apimachinery v0.0.0-20181127025237-2b1284ed4c93/go.mod h1:ccL7Eh7zubPUSh9A3USN90/OzHNSVN6zxzde07TDCL0=
k8s.io/apiserver v0.0.0-20190111033246-d50e9ac5404f h1:jOhsBtH52EgxnCNJrCuToXFfQtb3nQDoBPzItfPmSsI=
k8s.io/apiserver v0.0.0-20190111033246-d50e9ac5404f/go.mod h1:6bqaTSOSJavUIXUtfaR9Os9JtTCm8ZqH2SUl2S60C4w=
k8s.io/client-go v10.0.0+incompatible h1:F1IqCqw7oMBzDkqlcBymRq1450wD0eNqLE9jzUrIi34=
k8s.io/client-go v10.0.0+incompatible/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s=
k8s.io/klog v0.1.0 h1:I5HMfc/DtuVaGR1KPwUrTc476K8NCqNBldC7H4dYEzk=
k8s.io/klog v0.1.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/kubernetes v1.13.2 h1:rBz6dubDY4bfv85G6zo04v9G5wniTxvBI9yQ/QxJS3g=
k8s.io/kubernetes v1.13.2/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
k8s.io/utils v0.0.0-20181221173059-8a16e7dd8fb6 h1:+jRzzMyx+I9J18BvwHYmZ5hpPwoZfh6g39WfNlsMCkY=
k8s.io/utils v0.0.0-20181221173059-8a16e7dd8fb6/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3oVhZz7sSzSiPnVZayjIX0=
sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=

8
cluster/addons/fluentd-elasticsearch/es-statefulset.yaml
View File

@ -54,7 +54,7 @@ metadata:
namespace: kube-system
labels:
k8s-app: elasticsearch-logging
version: v6.3.0
version: v6.6.1
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
@ -63,17 +63,17 @@ spec:
selector:
matchLabels:
k8s-app: elasticsearch-logging
version: v6.3.0
version: v6.6.1
template:
metadata:
labels:
k8s-app: elasticsearch-logging
version: v6.3.0
version: v6.6.1
kubernetes.io/cluster-service: "true"
spec:
serviceAccountName: elasticsearch-logging
containers:
- image: k8s.gcr.io/elasticsearch:v6.3.0
- image: gcr.io/fluentd-elasticsearch/elasticsearch:v6.6.1
name: elasticsearch-logging
resources:
# need more cpu upon initialization, therefore burstable class

2
cluster/addons/fluentd-elasticsearch/fluentd-es-ds.yaml
View File

@ -95,8 +95,6 @@ spec:
readOnly: true
- name: config-volume
mountPath: /etc/fluent/config.d
nodeSelector:
beta.kubernetes.io/fluentd-ds-ready: "true"
terminationGracePeriodSeconds: 30
volumes:
- name: varlog

11
cluster/addons/fluentd-elasticsearch/fluentd-es-image/Makefile
View File

@ -12,14 +12,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
.PHONY: build push
.PHONY: build
PREFIX = staging-k8s.gcr.io
IMAGE = fluentd-elasticsearch
PREFIX = gcr.io/fluentd-elasticsearch
IMAGE = fluentd
TAG = v2.4.0
build:
docker build --pull -t $(PREFIX)/$(IMAGE):$(TAG) .
push:
docker push $(PREFIX)/$(IMAGE):$(TAG)
gcloud builds submit --tag $(PREFIX)/$(IMAGE):$(TAG)

4
cluster/addons/fluentd-elasticsearch/fluentd-es-image/run.sh
View File

@ -20,4 +20,8 @@
# For systems without journald
mkdir -p /var/log/journal
# Use exec to get the signal
# A non-quoted string and add the comment to prevent shellcheck failures on this line.
# See https://github.com/koalaman/shellcheck/wiki/SC2086
# shellcheck disable=SC2086
exec /usr/local/bin/fluentd $FLUENTD_ARGS

2
cluster/addons/fluentd-elasticsearch/kibana-deployment.yaml
View File

@ -21,7 +21,7 @@ spec:
spec:
containers:
- name: kibana-logging
image: docker.elastic.co/kibana/kibana-oss:6.3.2
image: docker.elastic.co/kibana/kibana-oss:6.6.1
resources:
# need more cpu upon initialization, therefore burstable class
limits:

2
cluster/addons/fluentd-gcp/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- piosz
- x13n

8
cluster/addons/fluentd-gcp/fluentd-gcp-ds.yaml
View File

@ -66,19 +66,19 @@ spec:
- '-c'
- >
LIVENESS_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-300};
STUCK_THRESHOLD_SECONDS=${LIVENESS_THRESHOLD_SECONDS:-900};
STUCK_THRESHOLD_SECONDS=${STUCK_THRESHOLD_SECONDS:-900};
if [ ! -e /var/log/fluentd-buffers ];
then
exit 1;
fi;
touch -d "${STUCK_THRESHOLD_SECONDS} seconds ago" /tmp/marker-stuck;
if [[ -z "$(find /var/log/fluentd-buffers -type f -newer /tmp/marker-stuck -print -quit)" ]];
if [ -z "$(find /var/log/fluentd-buffers -type d -newer /tmp/marker-stuck -print -quit)" ];
then
rm -rf /var/log/fluentd-buffers;
exit 1;
fi;
touch -d "${LIVENESS_THRESHOLD_SECONDS} seconds ago" /tmp/marker-liveness;
if [[ -z "$(find /var/log/fluentd-buffers -type f -newer /tmp/marker-liveness -print -quit)" ]];
if [ -z "$(find /var/log/fluentd-buffers -type d -newer /tmp/marker-liveness -print -quit)" ];
then
exit 1;
fi;
@ -103,7 +103,7 @@ spec:
fieldPath: metadata.namespace
# END_PROMETHEUS_TO_SD
nodeSelector:
beta.kubernetes.io/fluentd-ds-ready: "true"
beta.kubernetes.io/os: linux
terminationGracePeriodSeconds: 60
tolerations:
- operator: "Exists"

2
cluster/addons/ip-masq-agent/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- bowei
- dnardo

5
cluster/addons/ip-masq-agent/ip-masq-agent.yaml
View File

@ -15,7 +15,7 @@ metadata:
name: ip-masq-agent
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: Reconcile
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
matchLabels:
@ -45,7 +45,8 @@ spec:
- name: config
mountPath: /etc/config
nodeSelector:
beta.kubernetes.io/masq-agent-ds-ready: "true"
# TODO(liggitt): switch to node.kubernetes.io/masq-agent-ds-ready in 1.16
beta.kubernetes.io/masq-agent-ds-ready: "true"
volumes:
- name: config
configMap:

2
cluster/addons/kube-proxy/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- bowei
- freehan

1
cluster/addons/kube-proxy/kube-proxy-ds.yaml
View File

@ -27,6 +27,7 @@ spec:
priorityClassName: system-node-critical
hostNetwork: true
nodeSelector:
# TODO(liggitt): switch to node.kubernetes.io/kube-proxy-ds-ready in 1.16
beta.kubernetes.io/kube-proxy-ds-ready: "true"
tolerations:
- operator: "Exists"

2
cluster/addons/metadata-agent/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- kawych
- piosz

8
cluster/addons/metadata-agent/stackdriver/metadata-agent.yaml
View File

@ -43,8 +43,8 @@ spec:
failureThreshold: 1
successThreshold: 1
args:
- -o KubernetesUseWatch=true
- -o KubernetesClusterLevelMetadata=false
- -o KubernetesUseWatch=true
- -o KubernetesClusterLevelMetadata=false
- -o MetadataReporterPurgeDeleted=true
ports:
- containerPort: 8000
@ -105,8 +105,8 @@ spec:
failureThreshold: 1
successThreshold: 1
args:
- -o KubernetesUseWatch=true
- -o KubernetesClusterLevelMetadata=true
- -o KubernetesUseWatch=true
- -o KubernetesClusterLevelMetadata=true
- -o MetadataReporterPurgeDeleted=true
ports:
- containerPort: 8000

2
cluster/addons/metadata-proxy/OWNERS
View File

@ -1,3 +1,5 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- q-lee
- cjcullen

2
cluster/addons/metadata-proxy/gce/metadata-proxy.yaml
View File

@ -88,5 +88,7 @@ spec:
fieldPath: metadata.namespace
# END_PROMETHEUS_TO_SD
nodeSelector:
# TODO(liggitt): switch to cloud.google.com/metadata-proxy-ready=true in v1.16
beta.kubernetes.io/metadata-proxy-ready: "true"
beta.kubernetes.io/os: linux
terminationGracePeriodSeconds: 30

Some files were not shown because too many files have changed in this diff Show More