CHANGELOG: fix markdown format

Signed-off-by: chymy <chang.min1@zte.com.cn>
2025-07-23 19:56:01 +00:00 · 2020-12-22 18:26:40 +08:00 · 2020-12-22 18:26:40 +08:00 · 6b5165ae8a
commit 6b5165ae8a
parent 0f7c2dc314
4 changed files with 88 additions and 95 deletions
--- a/CHANGELOG/CHANGELOG-1.3.md
+++ b/CHANGELOG/CHANGELOG-1.3.md
@ -440,7 +440,7 @@ Kubectl flag `--container-port` flag is deprecated: it will be removed in the fu
  * Use /dev/xvdXX names
  * ELB:
    * ELB proxy protocol support 
-    * mixed plaintext/encrypted ports support in ELBs
+	* mixed plaintext/encrypted ports support in ELBs
    * SSL support for ELB listeners
  * Allow VPC CIDR to be specified (experimental)
  * Fix problems with >2 security groups
@ -667,9 +667,7 @@ binary | sha1 hash | md5 hash
 * Stabilize map order in kubectl describe ([#26046](https://github.com/kubernetes/kubernetes/pull/26046), [@timoreimann](https://github.com/timoreimann))
 * Google Cloud DNS dnsprovider - replacement for [#25389](https://github.com/kubernetes/kubernetes/pull/25389) ([#26020](https://github.com/kubernetes/kubernetes/pull/26020), [@quinton-hoole](https://github.com/quinton-hoole))
 * Fix system container detection in kubelet on systemd. ([#25982](https://github.com/kubernetes/kubernetes/pull/25982), [@derekwaynecarr](https://github.com/derekwaynecarr))
-    * This fixed environments where CPU and Memory Accounting were not enabled on the unit
-    * that launched the kubelet or docker from reporting the root cgroup when
-    * monitoring usage stats for those components.
+    * This fixed environments where CPU and Memory Accounting were not enabled on the unit that launched the kubelet or docker from reporting the root cgroup when monitoring usage stats for those components.
 * Added pods-per-core to kubelet. [#25762](https://github.com/kubernetes/kubernetes/pull/25762) ([#25813](https://github.com/kubernetes/kubernetes/pull/25813), [@rrati](https://github.com/rrati))
 * promote sourceRange into service spec ([#25826](https://github.com/kubernetes/kubernetes/pull/25826), [@freehan](https://github.com/freehan))
 * kube-controller-manager: Add configure-cloud-routes option ([#25614](https://github.com/kubernetes/kubernetes/pull/25614), [@justinsb](https://github.com/justinsb))
@ -698,9 +696,7 @@ binary | sha1 hash | md5 hash
 * Fix hyperkube flag parsing ([#25512](https://github.com/kubernetes/kubernetes/pull/25512), [@colhom](https://github.com/colhom))
 * Add a kubectl create secret tls command ([#24719](https://github.com/kubernetes/kubernetes/pull/24719), [@bprashanth](https://github.com/bprashanth))
 * Introduce a new add-on pod NodeProblemDetector. ([#25986](https://github.com/kubernetes/kubernetes/pull/25986), [@Random-Liu](https://github.com/Random-Liu))
-    * NodeProblemDetector is a DaemonSet running on each node, monitoring node health and reporting
-    * node problems as NodeCondition and Event. Currently it already supports kernel log monitoring, and
-    * will support more problem detection in the future. It is enabled by default on gce now.
+    * NodeProblemDetector is a DaemonSet running on each node, monitoring node health and reporting node problems as NodeCondition and Event. Currently it already supports kernel log monitoring, and will support more problem detection in the future. It is enabled by default on gce now.
 * Handle cAdvisor partial failures ([#25933](https://github.com/kubernetes/kubernetes/pull/25933), [@timstclair](https://github.com/timstclair))
 * Use SkyDNS as a library for a more integrated kube DNS ([#23930](https://github.com/kubernetes/kubernetes/pull/23930), [@ArtfulCoder](https://github.com/ArtfulCoder))
 * Introduce node memory pressure condition to scheduler ([#25531](https://github.com/kubernetes/kubernetes/pull/25531), [@ingvagabund](https://github.com/ingvagabund))
@ -717,8 +713,7 @@ binary | sha1 hash | md5 hash
 * Add "kubectl set image" for easier updating container images (for pods or resources with pod templates).  ([#25509](https://github.com/kubernetes/kubernetes/pull/25509), [@janetkuo](https://github.com/janetkuo))
 * NodeController doesn't evict Pods if no Nodes are Ready ([#25571](https://github.com/kubernetes/kubernetes/pull/25571), [@gmarek](https://github.com/gmarek))
 * Incompatible change of kube-up.sh:  ([#25734](https://github.com/kubernetes/kubernetes/pull/25734), [@jszczepkowski](https://github.com/jszczepkowski))
-    * when turning on cluster autoscaler by setting KUBE_ENABLE_NODE_AUTOSCALER=true,
-    * KUBE_AUTOSCALER_MIN_NODES and KUBE_AUTOSCALER_MAX_NODES need to be set.
+    * When turning on cluster autoscaler by setting KUBE_ENABLE_NODE_AUTOSCALER=true,KUBE_AUTOSCALER_MIN_NODES and KUBE_AUTOSCALER_MAX_NODES need to be set.
 * systemd node spec proposal ([#17688](https://github.com/kubernetes/kubernetes/pull/17688), [@derekwaynecarr](https://github.com/derekwaynecarr))
 * Bump GCE ContainerVM to container-v1-3-v20160517 (Docker 1.11.1) ([#25843](https://github.com/kubernetes/kubernetes/pull/25843), [@zmerlynn](https://github.com/zmerlynn))
 * AWS: Move enforcement of attached AWS device limit from kubelet to scheduler ([#23254](https://github.com/kubernetes/kubernetes/pull/23254), [@jsafrane](https://github.com/jsafrane))
@ -803,8 +798,7 @@ binary | sha1 hash | md5 hash
 * GCE: Prefer preconfigured node tags for firewalls, if available ([#25148](https://github.com/kubernetes/kubernetes/pull/25148), [@a-robinson](https://github.com/a-robinson))
 * kubectl rolling-update support for same image ([#24645](https://github.com/kubernetes/kubernetes/pull/24645), [@jlowdermilk](https://github.com/jlowdermilk))
 * Add an entry to the salt config to allow Debian jessie on GCE. ([#25123](https://github.com/kubernetes/kubernetes/pull/25123), [@jlewi](https://github.com/jlewi))
-    * As with the existing Wheezy image on GCE, docker is expected
-    * to already be installed in the image.
+    * As with the existing Wheezy image on GCE, docker is expected to already be installed in the image.
 * Mark kube-push.sh as broken ([#25095](https://github.com/kubernetes/kubernetes/pull/25095), [@ihmccreery](https://github.com/ihmccreery))
 * AWS: Add support for ap-northeast-2 region (Seoul) ([#24457](https://github.com/kubernetes/kubernetes/pull/24457), [@leokhoa](https://github.com/leokhoa))
 * GCI: Update the command to get the image ([#24987](https://github.com/kubernetes/kubernetes/pull/24987), [@andyzheng0831](https://github.com/andyzheng0831))
--- a/CHANGELOG/CHANGELOG-1.4.md
+++ b/CHANGELOG/CHANGELOG-1.4.md
@ -603,7 +603,7 @@ binary | sha256 hash
 * Update GlusterFS provisioning readme with endpoint/service details ([#31854](https://github.com/kubernetes/kubernetes/pull/31854), [@humblec](https://github.com/humblec))
 * Add logging for enabled/disabled API Groups ([#32198](https://github.com/kubernetes/kubernetes/pull/32198), [@deads2k](https://github.com/deads2k))
 * New federation deployment mechanism now allows non-GCP clusters. ([#34620](https://github.com/kubernetes/kubernetes/pull/34620), [@madhusudancs](https://github.com/madhusudancs))
-        * Writes the federation kubeconfig to the local kubeconfig file.
+     * Writes the federation kubeconfig to the local kubeconfig file.



@ -628,7 +628,7 @@ binary | sha256 hash
 * Update GlusterFS provisioning readme with endpoint/service details ([#31854](https://github.com/kubernetes/kubernetes/pull/31854), [@humblec](https://github.com/humblec))
 * Add logging for enabled/disabled API Groups ([#32198](https://github.com/kubernetes/kubernetes/pull/32198), [@deads2k](https://github.com/deads2k))
 * New federation deployment mechanism now allows non-GCP clusters. ([#34620](https://github.com/kubernetes/kubernetes/pull/34620), [@madhusudancs](https://github.com/madhusudancs))
-        * Writes the federation kubeconfig to the local kubeconfig file.
+     * Writes the federation kubeconfig to the local kubeconfig file.



@ -686,8 +686,8 @@ binary | sha256 hash
 ### Other notable changes

 * Update GCI base image: ([#34156](https://github.com/kubernetes/kubernetes/pull/34156), [@adityakali](https://github.com/adityakali))
-        * Enabled VXLAN and IP_SET config options in kernel to support some networking tools (ebtools)
-        * OpenSSL CVE fixes
+   * Enabled VXLAN and IP_SET config options in kernel to support some networking tools (ebtools)
+   * OpenSSL CVE fixes
 * ContainerVm/GCI image: try to use ifdown/ifup if available ([#33595](https://github.com/kubernetes/kubernetes/pull/33595), [@freehan](https://github.com/freehan))
 * Make the informer library available for the go client library. ([#32718](https://github.com/kubernetes/kubernetes/pull/32718), [@mikedanese](https://github.com/mikedanese))
 * Enforce Disk based pod eviction with GCI base image in Kubelet ([#33520](https://github.com/kubernetes/kubernetes/pull/33520), [@vishh](https://github.com/vishh))
@ -920,9 +920,9 @@ binary | sha256 hash
 * Remove cpu limits for dns pod to avoid CPU starvation ([#33227](https://github.com/kubernetes/kubernetes/pull/33227), [@vishh](https://github.com/vishh))
 * Resolves x509 verification issue with masters dialing nodes when started with --kubelet-certificate-authority ([#33141](https://github.com/kubernetes/kubernetes/pull/33141), [@liggitt](https://github.com/liggitt))
 * Upgrading Container-VM base image for k8s on GCE. Brief changelog as follows: ([#32738](https://github.com/kubernetes/kubernetes/pull/32738), [@Amey-D](https://github.com/Amey-D))
-    *     - Fixed performance regression in veth device driver
-    *     - Docker and related binaries are statically linked
-    *     - Fixed the issue of systemd being oom-killable
+    * Fixed performance regression in veth device driver
+    * Docker and related binaries are statically linked
+    * Fixed the issue of systemd being oom-killable
 * Update cAdvisor to v0.24.0 - see the [cAdvisor changelog](https://github.com/google/cadvisor/blob/v0.24.0/CHANGELOG.md) for the full list of changes. ([#33052](https://github.com/kubernetes/kubernetes/pull/33052), [@timstclair](https://github.com/timstclair))


@ -1110,11 +1110,11 @@ binary | sha256 hash
 * Handle overlapping deployments gracefully ([#30730](https://github.com/kubernetes/kubernetes/pull/30730), [@janetkuo](https://github.com/janetkuo))
 * Remove environment variables and internal Kubernetes Docker labels from cAdvisor Prometheus metric labels. ([#31064](https://github.com/kubernetes/kubernetes/pull/31064), [@grobie](https://github.com/grobie))
    * Old behavior:
-    * - environment variables explicitly whitelisted via --docker-env-metadata-whitelist were exported as `container_env_*=*`. Default is zero so by default non were exported
-    * - all docker labels were exported as `container_label_*=*`
+      * environment variables explicitly whitelisted via --docker-env-metadata-whitelist were exported as `container_env_*=*`. Default is zero so by default non were exported
+      * all docker labels were exported as `container_label_*=*`
    * New behavior:
-    * - Only `container_name`, `pod_name`, `namespace`, `id`, `image`, and `name` labels are exposed
-    * - no environment variables will be exposed ever via /metrics, even if whitelisted
+      * Only `container_name`, `pod_name`, `namespace`, `id`, `image`, and `name` labels are exposed
+      * no environment variables will be exposed ever via /metrics, even if whitelisted
 * Filter duplicate network packets in promiscuous bridge mode (with ebtables) ([#28717](https://github.com/kubernetes/kubernetes/pull/28717), [@freehan](https://github.com/freehan))
 * Refactor to simplify the hard-traveled path of the KubeletConfiguration object ([#29216](https://github.com/kubernetes/kubernetes/pull/29216), [@mtaufen](https://github.com/mtaufen))
 * Fix overflow issue in controller-manager rate limiter ([#31396](https://github.com/kubernetes/kubernetes/pull/31396), [@foxish](https://github.com/foxish))
@ -1137,24 +1137,22 @@ binary | sha256 hash

 * Moved init-container feature from alpha to beta. ([#31026](https://github.com/kubernetes/kubernetes/pull/31026), [@erictune](https://github.com/erictune))
    * Security Action Required:
-    * This only applies to you if you use the PodSecurityPolicy feature.  You are using that feature if `kubectl get podsecuritypolicy` returns one or more objects.  If it returns an error, you are not using it.
-    * If there are any pods with the key `pods.beta.kubernetes.io/init-containers`, then that pod may not have been filtered by the PodSecurityPolicy.  You should find such pods and either delete them or audit them to ensure they do not use features that you intend to be blocked by PodSecurityPolicy.
-    * Explanation of Feature
-    * In 1.3, an init container is specified with this annotation key
-    * on the pod or pod template: `pods.alpha.kubernetes.io/init-containers`.
-    * In 1.4, either that key or this key: `pods.beta.kubernetes.io/init-containers`,
-    * can be used.
+      * This only applies to you if you use the PodSecurityPolicy feature.  You are using that feature if `kubectl get podsecuritypolicy` returns one or more objects.  If it returns an error, you are not using it.
+      * If there are any pods with the key `pods.beta.kubernetes.io/init-containers`, then that pod may not have been filtered by the PodSecurityPolicy.  You should find such pods and either delete them or audit them to ensure they do not use features that you intend to be blocked by PodSecurityPolicy.
+    * Explanation of Feature:
+      * In 1.3, an init container is specified with this annotation key on the pod or pod template: `pods.alpha.kubernetes.io/init-containers`.
+      * In 1.4, either that key or this key: `pods.beta.kubernetes.io/init-containers`,can be used.
    * When you GET an object, you will see both annotation keys with the same values.
-    * You can safely roll back from 1.4 to 1.3, and things with init-containers
-    * will still work (pods, deployments, etc).
+      You can safely roll back from 1.4 to 1.3, and things with init-containers
+      will still work (pods, deployments, etc).
    * If you are running 1.3, only use the alpha annotation, or it may be lost when
-    * rolling forward.
-    * The status has moved from annotation key
-    * `pods.beta.kubernetes.io/init-container-statuses` to
-    * `pods.beta.kubernetes.io/init-container-statuses`.
+      rolling forward.
+      The status has moved from annotation key
+      `pods.beta.kubernetes.io/init-container-statuses` to
+      `pods.beta.kubernetes.io/init-container-statuses`.
    * Any code that inspects this annotation should be changed to use the new key.
-    * State of Initialization will continue to be reported in both pods.alpha.kubernetes.io/initialized
-    * and in `podStatus.conditions.{status: "True", type: Initialized}`
+      State of Initialization will continue to be reported in both pods.alpha.kubernetes.io/initialized
+      and in `podStatus.conditions.{status: "True", type: Initialized}`
 * Action required: federation-only: Please update your cluster name to be a valid DNS label. ([#30956](https://github.com/kubernetes/kubernetes/pull/30956), [@nikhiljindal](https://github.com/nikhiljindal))
    * Updating federation.v1beta1.Cluster API to disallow subdomains as valid cluster names. Only DNS labels are allowed as valid cluster names now.
 * [Kubelet] Rename `--config` to `--pod-manifest-path`. `--config` is deprecated. ([#29999](https://github.com/kubernetes/kubernetes/pull/29999), [@mtaufen](https://github.com/mtaufen))
@ -1195,8 +1193,8 @@ binary | sha256 hash
 * Return container command exit codes in kubectl run/exec ([#26541](https://github.com/kubernetes/kubernetes/pull/26541), [@sttts](https://github.com/sttts))
 * Fix kubectl describe to display a container's resource limit env vars as node allocatable when the limits are not set ([#29849](https://github.com/kubernetes/kubernetes/pull/29849), [@aveshagarwal](https://github.com/aveshagarwal))
 * The `valueFrom.fieldRef.name` field on environment variables in pods and objects with pod templates now allows two additional fields to be used: ([#27880](https://github.com/kubernetes/kubernetes/pull/27880), [@smarterclayton](https://github.com/smarterclayton))
-        * `spec.nodeName` will return the name of the node this pod is running on
-        * `spec.serviceAccountName` will return the name of the service account this pod is running under
+  * `spec.nodeName` will return the name of the node this pod is running on
+  * `spec.serviceAccountName` will return the name of the service account this pod is running under
 * Adding ImagePolicyWebhook admission controller. ([#30631](https://github.com/kubernetes/kubernetes/pull/30631), [@ecordell](https://github.com/ecordell))
 * Validate involvedObject.Namespace matches event.Namespace ([#30533](https://github.com/kubernetes/kubernetes/pull/30533), [@liggitt](https://github.com/liggitt))
 * allow group impersonation ([#30803](https://github.com/kubernetes/kubernetes/pull/30803), [@deads2k](https://github.com/deads2k))
@ -1267,13 +1265,14 @@ binary | sha256 hash
 * azure: kube-up respects AZURE_RESOURCE_GROUP ([#28700](https://github.com/kubernetes/kubernetes/pull/28700), [@colemickens](https://github.com/colemickens))
 * Modified influxdb petset to provision persistent  volume. ([#28840](https://github.com/kubernetes/kubernetes/pull/28840), [@jszczepkowski](https://github.com/jszczepkowski))
 * Allow service names up to 63 characters (RFC 1035) ([#29523](https://github.com/kubernetes/kubernetes/pull/29523), [@fraenkel](https://github.com/fraenkel))
-* Change eviction policies in NodeController: ([#28897](https://github.com/kubernetes/kubernetes/pull/28897), [@gmarek](https://github.com/gmarek))
-    * - add a "partialDisruption" mode, when more than 33% of Nodes in the zone are not Ready
-    * - add "fullDisruption" mode, when all Nodes in the zone are not Ready
+* Change eviction logic in NodeController and make it Zone-aware ([#28897](https://github.com/kubernetes/kubernetes/pull/28897), [@gmarek](https://github.com/gmarek))
+    * Change eviction policies in NodeController:
+      *  add a "partialDisruption" mode, when more than 33% of Nodes in the zone are not Ready
+      *  add "fullDisruption" mode, when all Nodes in the zone are not Ready
    * Eviction behavior depends on the mode in which NodeController is operating:
-    * - if the new state is "partialDisruption" or "fullDisruption" we call a user defined function that returns a new QPS to use (default 1/10 of the default rate, and the default rate respectively),
-    * - if the new state is "normal" we resume normal operation (go back to default limiter settings),
-    * - if all zones in the cluster are in "fullDisruption" state we stop all evictions.
+      * if the new state is "partialDisruption" or "fullDisruption" we call a user defined function that returns a new QPS to use (default 1/10 of the default rate, and the default rate respectively),
+      * if the new state is "normal" we resume normal operation (go back to default limiter settings),
+      * if all zones in the cluster are in "fullDisruption" state we stop all evictions.
 * Add a flag for `kubectl expose`to set ClusterIP and allow headless services ([#28239](https://github.com/kubernetes/kubernetes/pull/28239), [@ApsOps](https://github.com/ApsOps))
 * Add support to quota pvc storage requests ([#28636](https://github.com/kubernetes/kubernetes/pull/28636), [@derekwaynecarr](https://github.com/derekwaynecarr))

@ -1295,9 +1294,9 @@ binary | sha256 hash

 * Federation API server kubeconfig secret consumed by federation-controller-manager has a new name. ([#28938](https://github.com/kubernetes/kubernetes/pull/28938), [@madhusudancs](https://github.com/madhusudancs))
    * If you are upgrading your Cluster Federation components from v1.3.x, please run this command to migrate the federation-apiserver-secret to federation-apiserver-kubeconfig serect;
-    * $ kubectl --namespace=federation get secret federation-apiserver-secret -o json | sed 's/federation-apiserver-secret/federation-apiserver-kubeconfig/g' | kubectl create -f -
+    ```$ kubectl --namespace=federation get secret federation-apiserver-secret -o json | sed 's/federation-apiserver-secret/federation-apiserver-kubeconfig/g' | kubectl create -f -```
    * You might also want to delete the old secret using this command:
-    * $ kubectl delete secret --namespace=federation federation-apiserver-secret
+    ```$ kubectl delete secret --namespace=federation federation-apiserver-secret```
 * Stop eating panics ([#28800](https://github.com/kubernetes/kubernetes/pull/28800), [@lavalamp](https://github.com/lavalamp))

 ### Other notable changes
@ -1351,9 +1350,7 @@ binary | sha256 hash
 * Fix watch cache filtering ([#28966](https://github.com/kubernetes/kubernetes/pull/28966), [@liggitt](https://github.com/liggitt))
 * Deprecate deleting-pods-burst ControllerManager flag ([#28882](https://github.com/kubernetes/kubernetes/pull/28882), [@gmarek](https://github.com/gmarek))
 * Add support for terminal resizing for exec, attach, and run. Note that for Docker, exec sessions ([#25273](https://github.com/kubernetes/kubernetes/pull/25273), [@ncdc](https://github.com/ncdc))
-    * inherit the environment from the primary process, so if the container was created with tty=false,
-    * that means the exec session's TERM variable will default to "dumb". Users can override this by
-    * setting TERM=xterm (or whatever is appropriate) to get the correct "smart" terminal behavior.
+    * inherit the environment from the primary process, so if the container was created with tty=false,that means the exec session's TERM variable will default to "dumb". Users can override this by setting TERM=xterm (or whatever is appropriate) to get the correct "smart" terminal behavior.
 * Implement alpha version of PreferAvoidPods ([#20699](https://github.com/kubernetes/kubernetes/pull/20699), [@jiangyaoguo](https://github.com/jiangyaoguo))
 * Retry when apiserver fails to listen on insecure port ([#28797](https://github.com/kubernetes/kubernetes/pull/28797), [@aaronlevy](https://github.com/aaronlevy))
 * Add SSH_OPTS to config ssh and scp port ([#28872](https://github.com/kubernetes/kubernetes/pull/28872), [@lojies](https://github.com/lojies))
--- a/CHANGELOG/CHANGELOG-1.5.md
+++ b/CHANGELOG/CHANGELOG-1.5.md
@ -719,7 +719,7 @@ release [38537](https://github.com/kubernetes/kubernetes/issues/38537)

 ## Action Required Before Upgrading

-* **Important Security-related changes before upgrading
+* Important Security-related changes before upgrading
  * You *MUST* set `--anonymous-auth=false` flag on your kube-apiserver unless you are a developer testing this feature and understand it.
  If you do not, you risk allowing unauthorized users to access your apiserver.
  * You *MUST* set `--anonymous-auth=false` flag on your federation apiserver unless you are a developer testing this feature and understand it.
@ -873,19 +873,21 @@ filename | sha256 hash
 * kube-dns ([#36775](https://github.com/kubernetes/kubernetes/pull/36775), [@bowei](https://github.com/bowei))
    * Added --config-map and --config-map-namespace command line options.
    * If --config-map is set, kube-dns will load dynamic configuration from the config map
-    * referenced by --config-map-namespace, --config-map. The config-map supports
-    * the following properties: "federations".
+      referenced by --config-map-namespace, --config-map. The config-map supports
+      the following properties: "federations".
    * --federations flag is now deprecated. Prefer to set federations via the config-map.
-    * Federations can be configured by settings the "federations" field to the value currently
-    * set in the command line.
+      Federations can be configured by settings the "federations" field to the value currently
+      set in the command line.
    * Example:
-    *   kind: ConfigMap
-    *   apiVersion: v1
-    *   metadata:
-    *     name: kube-dns
-    *     namespace: kube-system
-    *   data:
-    *     federations: abc=def
+      ```yaml
+      kind: ConfigMap
+      apiVersion: v1
+      metadata:
+        name: kube-dns
+        namespace: kube-system
+      data:
+        federations: abc=def
+      ```
 * azure: support multiple ipconfigs on a NIC ([#36841](https://github.com/kubernetes/kubernetes/pull/36841), [@colemickens](https://github.com/colemickens))
 * Fix issue in converting AWS volume ID from mount paths ([#36840](https://github.com/kubernetes/kubernetes/pull/36840), [@jingxu97](https://github.com/jingxu97))
 * fix leaking memory backed volumes of terminated pods ([#36779](https://github.com/kubernetes/kubernetes/pull/36779), [@sjenning](https://github.com/sjenning))
@ -1140,7 +1142,7 @@ filename | sha256 hash
 * pvc.Spec.Resources.Requests min and max can be enforced with a LimitRange of type "PersistentVolumeClaim" in the namespace ([#30145](https://github.com/kubernetes/kubernetes/pull/30145), [@markturansky](https://github.com/markturansky))
 * Federated DaemonSet controller. Supports all the API that regular DaemonSet has. ([#34319](https://github.com/kubernetes/kubernetes/pull/34319), [@mwielgus](https://github.com/mwielgus))
 * New federation deployment mechanism now allows non-GCP clusters. ([#34620](https://github.com/kubernetes/kubernetes/pull/34620), [@madhusudancs](https://github.com/madhusudancs))
-        * Writes the federation kubeconfig to the local kubeconfig file.
+  * Writes the federation kubeconfig to the local kubeconfig file.
 * Update the series and the README to reflect the change. ([#30374](https://github.com/kubernetes/kubernetes/pull/30374), [@mbruzek](https://github.com/mbruzek))
 * Replica set conditions API ([#33905](https://github.com/kubernetes/kubernetes/pull/33905), [@kargakis](https://github.com/kargakis))
 * etcd3: avoid unnecessary decoding in etcd3 client  ([#34435](https://github.com/kubernetes/kubernetes/pull/34435), [@wojtek-t](https://github.com/wojtek-t))
@ -1187,8 +1189,8 @@ binary | sha256 hash
 * kubectl annotate now supports --dry-run ([#34199](https://github.com/kubernetes/kubernetes/pull/34199), [@asalkeld](https://github.com/asalkeld))
 * kubectl: Add external ip information to node when '-o wide' is used ([#33552](https://github.com/kubernetes/kubernetes/pull/33552), [@floreks](https://github.com/floreks))
 * Update GCI base image: ([#34156](https://github.com/kubernetes/kubernetes/pull/34156), [@adityakali](https://github.com/adityakali))
-        * Enabled VXLAN and IP_SET config options in kernel to support some networking tools (ebtools)
-        * OpenSSL CVE fixes
+  * Enabled VXLAN and IP_SET config options in kernel to support some networking tools (ebtools)
+  * OpenSSL CVE fixes
 * ContainerVm/GCI image: try to use ifdown/ifup if available ([#33595](https://github.com/kubernetes/kubernetes/pull/33595), [@freehan](https://github.com/freehan))
 * Use manifest digest (as `docker-pullable://`) as ImageID when available (exposes a canonical, pullable image ID for containers). ([#33014](https://github.com/kubernetes/kubernetes/pull/33014), [@DirectXMan12](https://github.com/DirectXMan12))
 * Add kubelet awareness to taint tolerant match caculator. ([#26501](https://github.com/kubernetes/kubernetes/pull/26501), [@resouer](https://github.com/resouer))
@ -1245,9 +1247,9 @@ binary | sha256 hash
 * Resolves x509 verification issue with masters dialing nodes when started with --kubelet-certificate-authority ([#33141](https://github.com/kubernetes/kubernetes/pull/33141), [@liggitt](https://github.com/liggitt))
 * Fix possible panic in PodAffinityChecker ([#33086](https://github.com/kubernetes/kubernetes/pull/33086), [@ivan4th](https://github.com/ivan4th))
 * Upgrading Container-VM base image for k8s on GCE. Brief changelog as follows: ([#32738](https://github.com/kubernetes/kubernetes/pull/32738), [@Amey-D](https://github.com/Amey-D))
-    *     - Fixed performance regression in veth device driver
-    *     - Docker and related binaries are statically linked
-    *     - Fixed the issue of systemd being oom-killable
+    * Fixed performance regression in veth device driver
+    * Docker and related binaries are statically linked
+    * Fixed the issue of systemd being oom-killable
 * Move HighWaterMark to the top of the struct in order to fix arm ([#33117](https://github.com/kubernetes/kubernetes/pull/33117), [@luxas](https://github.com/luxas))
 * kubenet: SyncHostports for both running and ready to run pods. ([#31388](https://github.com/kubernetes/kubernetes/pull/31388), [@yifan-gu](https://github.com/yifan-gu))
 * Limit the number of names per image reported in the node status ([#32914](https://github.com/kubernetes/kubernetes/pull/32914), [@yujuhong](https://github.com/yujuhong))
@ -1308,11 +1310,11 @@ binary | sha256 hash
 * Handle overlapping deployments gracefully ([#30730](https://github.com/kubernetes/kubernetes/pull/30730), [@janetkuo](https://github.com/janetkuo))
 * Remove environment variables and internal Kubernetes Docker labels from cAdvisor Prometheus metric labels. ([#31064](https://github.com/kubernetes/kubernetes/pull/31064), [@grobie](https://github.com/grobie))
    * Old behavior:
-    * - environment variables explicitly whitelisted via --docker-env-metadata-whitelist were exported as `container_env_*=*`. Default is zero so by default non were exported
-    * - all docker labels were exported as `container_label_*=*`
+      * environment variables explicitly whitelisted via --docker-env-metadata-whitelist were exported as `container_env_*=*`. Default is zero so by default non were exported
+      * all docker labels were exported as `container_label_*=*`
    * New behavior:
-    * - Only `container_name`, `pod_name`, `namespace`, `id`, `image`, and `name` labels are exposed
-    * - no environment variables will be exposed ever via /metrics, even if whitelisted
+      * Only `container_name`, `pod_name`, `namespace`, `id`, `image`, and `name` labels are exposed
+      * no environment variables will be exposed ever via /metrics, even if whitelisted
 * Filter duplicate network packets in promiscuous bridge mode (with ebtables) ([#28717](https://github.com/kubernetes/kubernetes/pull/28717), [@freehan](https://github.com/freehan))
 * Refactor to simplify the hard-traveled path of the KubeletConfiguration object ([#29216](https://github.com/kubernetes/kubernetes/pull/29216), [@mtaufen](https://github.com/mtaufen))
 * Fix overflow issue in controller-manager rate limiter ([#31396](https://github.com/kubernetes/kubernetes/pull/31396), [@foxish](https://github.com/foxish))
--- a/CHANGELOG/CHANGELOG-1.6.md
+++ b/CHANGELOG/CHANGELOG-1.6.md
@ -1287,8 +1287,8 @@ Anyway, the cluster should get back to the proper size after 10 min.
 * Default ClusterRole and ClusterRoleBinding objects are automatically updated at server start to add missing permissions and subjects (extra permissions and subjects are left in place). To prevent autoupdating a particular role or rolebinding, annotate it with `rbac.authorization.kubernetes.io/autoupdate=false`. ([#41155](https://github.com/kubernetes/kubernetes/pull/41155), [@liggitt](https://github.com/liggitt))
 * `v1beta1` RoleBinding/ClusterRoleBinding subjects changed `apiVersion` to `apiGroup` to fully-qualify a subject. ServiceAccount subjects default to an apiGroup of `""`, User and Group subjects default to an apiGroup of `"rbac.authorization.k8s.io"`. ([#41184](https://github.com/kubernetes/kubernetes/pull/41184), [@liggitt](https://github.com/liggitt))
 * To create or update an RBAC RoleBinding or ClusterRoleBinding object, a user must: ([#39383](https://github.com/kubernetes/kubernetes/pull/39383), [@liggitt](https://github.com/liggitt))
-    * 1. Be authorized to make the create or update API request
-    * 2. Be allowed to bind the referenced role, either by already having all of the permissions contained in the referenced role, or by having the "bind" permission on the referenced role.
+     1. Be authorized to make the create or update API request
+     2. Be allowed to bind the referenced role, either by already having all of the permissions contained in the referenced role, or by having the "bind" permission on the referenced role.
 * The `--authorization-rbac-super-user` flag (alpha in 1.5) is deprecated; the `system:masters` group has privileged access ([#38121](https://github.com/kubernetes/kubernetes/pull/38121), [@deads2k](https://github.com/deads2k))
 * special handling of the user `*` in RoleBinding and ClusterRoleBinding objects is removed in v1beta1. To match all users, explicitly bind to the group `system:authenticated` and/or `system:unauthenticated`. Existing v1alpha1 bindings to the user `*` are automatically converted to the group `system:authenticated`. ([#38981](https://github.com/kubernetes/kubernetes/pull/38981), [@liggitt](https://github.com/liggitt))

@ -2253,18 +2253,19 @@ filename | sha256 hash
 * kubelet created cgroups follow lowercase naming conventions ([#42497](https://github.com/kubernetes/kubernetes/pull/42497), [@derekwaynecarr](https://github.com/derekwaynecarr))
 * Support whitespace in command path for gcp auth plugin ([#41653](https://github.com/kubernetes/kubernetes/pull/41653), [@jlowdermilk](https://github.com/jlowdermilk))
 * Updates the dnsmasq cache/mux layer to be managed by dnsmasq-nanny. ([#41826](https://github.com/kubernetes/kubernetes/pull/41826), [@bowei](https://github.com/bowei))
-    * dnsmasq-nanny manages dnsmasq based on values from the
-    * kube-system:kube-dns configmap:
-    * "stubDomains": {
-    * 	"acme.local": ["1.2.3.4"]
-    * },
-    * is a map of domain to list of nameservers for the domain. This is used
-    * to inject private DNS domains into the kube-dns namespace. In the above
-    * example, any DNS requests for *.acme.local will be served by the
-    * nameserver 1.2.3.4.
-    * "upstreamNameservers": ["8.8.8.8", "8.8.4.4"]
-    * is a list of upstreamNameservers to use, overriding the configuration
-    * specified in /etc/resolv.conf.
+    * dnsmasq-nanny manages dnsmasq based on values from the kube-system:kube-dns configmap:
+         ```
+          "stubDomains": {
+              "acme.local": ["1.2.3.4"]
+           },
+         ```
+      is a map of domain to list of nameservers for the domain. This is used
+      to inject private DNS domains into the kube-dns namespace. In the above
+      example, any DNS requests for *.acme.local will be served by the
+      nameserver 1.2.3.4.
+      ```"upstreamNameservers": ["8.8.8.8", "8.8.4.4"]```
+      is a list of upstreamNameservers to use, overriding the configuration
+      specified in /etc/resolv.conf.
 * kubelet exports metrics for cgroup management ([#41988](https://github.com/kubernetes/kubernetes/pull/41988), [@sjenning](https://github.com/sjenning))
 * kubectl: respect deployment strategy parameters for rollout status ([#41809](https://github.com/kubernetes/kubernetes/pull/41809), [@kargakis](https://github.com/kargakis))
 * Remove cmd/kube-discovery from the tree since it's not necessary anymore ([#42070](https://github.com/kubernetes/kubernetes/pull/42070), [@luxas](https://github.com/luxas))
@ -2423,9 +2424,8 @@ filename | sha256 hash
 * Report node not ready on failed PLEG health check ([#41569](https://github.com/kubernetes/kubernetes/pull/41569), [@yujuhong](https://github.com/yujuhong))
 * Delay Deletion of a Pod until volumes are cleaned up ([#41456](https://github.com/kubernetes/kubernetes/pull/41456), [@dashpole](https://github.com/dashpole))
 * Alpha version of dynamic volume provisioning is removed in this release. Annotation ([#40000](https://github.com/kubernetes/kubernetes/pull/40000), [@jsafrane](https://github.com/jsafrane))
-    * "volume.alpha.kubernetes.io/storage-class" does not have any special meaning. A default storage class
-    * and  DefaultStorageClass admission plugin can be used to preserve similar behavior of Kubernetes cluster,
-    * see https://kubernetes.io/docs/user-guide/persistent-volumes/#class-1 for details.
+    * "volume.alpha.kubernetes.io/storage-class" does not have any special meaning. A default storage class and  DefaultStorageClass admission plugin can be used to preserve similar behavior of Kubernetes cluster,
+      see https://kubernetes.io/docs/user-guide/persistent-volumes/#class-1 for details.
 * An `automountServiceAccountToken *bool` field was added to ServiceAccount and PodSpec objects. If set to `false` on a pod spec, no service account token is automounted in the pod. If set to `false` on a service account, no service account token is automounted for that service account unless explicitly overridden in the pod spec. ([#37953](https://github.com/kubernetes/kubernetes/pull/37953), [@liggitt](https://github.com/liggitt))
 * Bump addon-manager version to v6.4-alpha.1 in kubemark ([#41506](https://github.com/kubernetes/kubernetes/pull/41506), [@shyamjvs](https://github.com/shyamjvs))
 * Do not daemonize `salt-minion` for the openstack-heat provider. ([#40722](https://github.com/kubernetes/kubernetes/pull/40722), [@micmro](https://github.com/micmro))
@ -2652,11 +2652,11 @@ filename | sha256 hash
 * Added support for creating HA clusters for centos using kube-up.sh. ([#39462](https://github.com/kubernetes/kubernetes/pull/39462), [@Shawyeok](https://github.com/Shawyeok))
 * azure: fix Azure Container Registry integration ([#40142](https://github.com/kubernetes/kubernetes/pull/40142), [@colemickens](https://github.com/colemickens))
 * - Splits Juju Charm layers into master/worker roles ([#40324](https://github.com/kubernetes/kubernetes/pull/40324), [@chuckbutler](https://github.com/chuckbutler))
-    * - Adds support for 1.5.x series of Kubernetes
-    * - Introduces a tactic for keeping templates in sync with upstream eliminating template drift
-    * - Adds CNI support to the Juju Charms
-    * - Adds durable storage support to the Juju Charms
-    * - Introduces an e2e Charm layer for repeatable testing efforts and validation of clusters
+    * Adds support for 1.5.x series of Kubernetes
+    * Introduces a tactic for keeping templates in sync with upstream eliminating template drift
+    * Adds CNI support to the Juju Charms
+    * Adds durable storage support to the Juju Charms
+    * Introduces an e2e Charm layer for repeatable testing efforts and validation of clusters
 * genericapiserver: more dependency cutoffs ([#40216](https://github.com/kubernetes/kubernetes/pull/40216), [@sttts](https://github.com/sttts))
 * AWS: trust region if found from AWS metadata ([#38880](https://github.com/kubernetes/kubernetes/pull/38880), [@justinsb](https://github.com/justinsb))
 * Volumes and environment variables populated from ConfigMap and Secret objects can now tolerate the named source object or specific keys being missing, by adding `optional: true` to the volume or environment variable source specifications. ([#39981](https://github.com/kubernetes/kubernetes/pull/39981), [@fraenkel](https://github.com/fraenkel))