diff --git a/CHANGELOG.md b/CHANGELOG.md index 3671e249170..44729a1878d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -780,7 +780,7 @@ Extensibility features include API aggregation (beta), CustomResourceDefinitions ### Network -* NetworkPolicy has been promoted from extensions/v1beta1 to the new networking.k8s.io/v1 API group. The structure remains unchanged from the v1beta1 API. The net.beta.kubernetes.io/network-policy annotation on Namespaces (used to opt in to isolation) has been removed. Instead, isolation is now determined on a per-pod basis. A NetworkPolicy may target a pod for isolation by including the pod in its spec.podSelector. Targeted Pods accept the traffic specified in the respective NetworkPolicy (and nothing else). Pods not targeted by any NetworkPolicy accept all traffic by default. ([[#39164](https://github.com/kubernetes/kubernetes/pull/39164)](https://github.com/kubernetes/kubernetes/pull/39164), [[@danwinship](https://github.com/danwinship)](https://github.com/danwinship)) +* NetworkPolicy has been promoted from extensions/v1beta1 to the new networking.k8s.io/v1 API group. The structure remains unchanged from the v1beta1 API. The net.beta.kubernetes.io/network-policy annotation on Namespaces (used to opt in to isolation) has been removed. Instead, isolation is now determined on a per-pod basis. A NetworkPolicy may target a pod for isolation by including the pod in its spec.podSelector. Targeted Pods accept the traffic specified in the respective NetworkPolicy (and nothing else). Pods not targeted by any NetworkPolicy accept all traffic by default. ([#39164](https://github.com/kubernetes/kubernetes/pull/39164), [@danwinship](https://github.com/danwinship)) **Action Required:** When upgrading to Kubernetes 1.7 (and a [network plugin](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/) that supports the new NetworkPolicy v1 semantics), you should consider the following. @@ -802,20 +802,20 @@ Extensibility features include API aggregation (beta), CustomResourceDefinitions ### Storage -* Alpha volume provisioning is removed and default storage class should be used instead. ([[#44090](https://github.com/kubernetes/kubernetes/pull/44090)](https://github.com/kubernetes/kubernetes/pull/44090), [[@NickrenREN](https://github.com/NickrenREN)](https://github.com/NickrenREN)) +* Alpha volume provisioning is removed and default storage class should be used instead. ([#44090](https://github.com/kubernetes/kubernetes/pull/44090), [@NickrenREN](https://github.com/NickrenREN)) -* Portworx volume driver no longer has to run on the master. ([[#45518](https://github.com/kubernetes/kubernetes/pull/45518)](https://github.com/kubernetes/kubernetes/pull/45518), [[@harsh-px](https://github.com/harsh-px)](https://github.com/harsh-px)) +* Portworx volume driver no longer has to run on the master. ([#45518](https://github.com/kubernetes/kubernetes/pull/45518), [@harsh-px](https://github.com/harsh-px)) -* Default behavior in Cinder storageclass is changed. If availability is not specified, the zone is chosen by algorithm. It makes possible to spread stateful pods across many zones. ([[#44798](https://github.com/kubernetes/kubernetes/pull/44798)](https://github.com/kubernetes/kubernetes/pull/44798), [[@zetaab](https://github.com/zetaab)](https://github.com/zetaab)) +* Default behavior in Cinder storageclass is changed. If availability is not specified, the zone is chosen by algorithm. It makes possible to spread stateful pods across many zones. ([#44798](https://github.com/kubernetes/kubernetes/pull/44798), [@zetaab](https://github.com/zetaab)) -* PodSpecs containing parent directory references such as `..` (for example, `../bar`) in hostPath volume path or in volumeMount subpaths must be changed to the simple absolute path. Backsteps `..` are no longer allowed.([[#47290](https://github.com/kubernetes/kubernetes/pull/47290)](https://github.com/kubernetes/kubernetes/pull/47290), [[@jhorwit2](https://github.com/jhorwit2)](https://github.com/jhorwit2)). +* PodSpecs containing parent directory references such as `..` (for example, `../bar`) in hostPath volume path or in volumeMount subpaths must be changed to the simple absolute path. Backsteps `..` are no longer allowed.([#47290](https://github.com/kubernetes/kubernetes/pull/47290), [@jhorwit2](https://github.com/jhorwit2)). ### API Machinery -* The Namespace API object no longer supports the deletecollection operation. ([[#46407](https://github.com/kubernetes/kubernetes/pull/46407)](https://github.com/kubernetes/kubernetes/pull/46407), [[@liggitt](https://github.com/liggitt)](https://github.com/liggitt)) +* The Namespace API object no longer supports the deletecollection operation. ([#46407](https://github.com/kubernetes/kubernetes/pull/46407), [@liggitt](https://github.com/liggitt)) -* The following alpha API groups were unintentionally enabled by default in previous releases, and will no longer be enabled by default in v1.8: ([[#47690](https://github.com/kubernetes/kubernetes/pull/47690)](https://github.com/kubernetes/kubernetes/pull/47690), [[@caesarxuchao](https://github.com/caesarxuchao)](https://github.com/caesarxuchao)) +* The following alpha API groups were unintentionally enabled by default in previous releases, and will no longer be enabled by default in v1.8: ([#47690](https://github.com/kubernetes/kubernetes/pull/47690), [@caesarxuchao](https://github.com/caesarxuchao)) * rbac.authorization.k8s.io/v1alpha1 @@ -823,34 +823,34 @@ Extensibility features include API aggregation (beta), CustomResourceDefinitions * If you wish to continue using them in v1.8, please enable them explicitly using the `--runtime-config` flag on the apiserver (for example, `--runtime-config="rbac.authorization.k8s.io/v1alpha1,settings.k8s.io/v1alpha1"`) -* `cluster/update-storage-objects.sh` now supports updating StorageClasses in etcd to storage.k8s.io/v1. You must do this prior to upgrading to 1.8. ([[#46116](https://github.com/kubernetes/kubernetes/pull/46116)](https://github.com/kubernetes/kubernetes/pull/46116), [[@ncdc](https://github.com/ncdc)](https://github.com/ncdc)) +* `cluster/update-storage-objects.sh` now supports updating StorageClasses in etcd to storage.k8s.io/v1. You must do this prior to upgrading to 1.8. ([#46116](https://github.com/kubernetes/kubernetes/pull/46116), [@ncdc](https://github.com/ncdc)) ### Controller Manager -* kube-controller-manager has dropped support for the `--insecure-experimental-approve-all-kubelet-csrs-for-group` flag. It is accepted in 1.7, but ignored. Instead, the csrapproving controller uses authorization checks to determine whether to approve certificate signing requests: ([[#45619](https://github.com/kubernetes/kubernetes/pull/45619)](https://github.com/kubernetes/kubernetes/pull/45619), [[@mikedanese](https://github.com/mikedanese)](https://github.com/mikedanese)) +* kube-controller-manager has dropped support for the `--insecure-experimental-approve-all-kubelet-csrs-for-group` flag. It is accepted in 1.7, but ignored. Instead, the csrapproving controller uses authorization checks to determine whether to approve certificate signing requests: ([#45619](https://github.com/kubernetes/kubernetes/pull/45619), [@mikedanese](https://github.com/mikedanese)) * Before upgrading, users must ensure their controller manager will enable the csrapproving controller, create an RBAC ClusterRole and ClusterRoleBinding to approve CSRs for the same group, then upgrade. Example roles to enable the equivalent behavior can be found in the [TLS bootstrapping](https://kubernetes.io/docs/admin/kubelet-tls-bootstrapping/) documentation. ### kubectl (CLI) -* `kubectl create role` and `kubectl create clusterrole` invocations must be updated to specify multiple resource names as repeated `--resource-name` arguments instead of comma-separated arguments to a single `--resource-name` argument. E.g. `--resource-name=x,y` must become `--resource-name x --resource-name y` ([[#44950](https://github.com/kubernetes/kubernetes/pull/44950)](https://github.com/kubernetes/kubernetes/pull/44950), [[@xilabao](https://github.com/xilabao)](https://github.com/xilabao)) +* `kubectl create role` and `kubectl create clusterrole` invocations must be updated to specify multiple resource names as repeated `--resource-name` arguments instead of comma-separated arguments to a single `--resource-name` argument. E.g. `--resource-name=x,y` must become `--resource-name x --resource-name y` ([#44950](https://github.com/kubernetes/kubernetes/pull/44950), [@xilabao](https://github.com/xilabao)) -* `kubectl create rolebinding` and `kubectl create clusterrolebinding` invocations must be updated to specify multiple subjects as repeated `--user`, `--group`, or `--serviceaccount` arguments instead of comma-separated arguments to a single `--user`, `--group`, or `--serviceaccount`. E.g. `--user=x,y` must become `--user x --user y` ([[#43903](https://github.com/kubernetes/kubernetes/pull/43903)](https://github.com/kubernetes/kubernetes/pull/43903), [[@xilabao](https://github.com/xilabao)](https://github.com/xilabao)) +* `kubectl create rolebinding` and `kubectl create clusterrolebinding` invocations must be updated to specify multiple subjects as repeated `--user`, `--group`, or `--serviceaccount` arguments instead of comma-separated arguments to a single `--user`, `--group`, or `--serviceaccount`. E.g. `--user=x,y` must become `--user x --user y` ([#43903](https://github.com/kubernetes/kubernetes/pull/43903), [@xilabao](https://github.com/xilabao)) ### kubeadm -* kubeadm: Modifications to cluster-internal resources installed by kubeadm will be overwritten when upgrading from v1.6 to v1.7. ([[#47081](https://github.com/kubernetes/kubernetes/pull/47081)](https://github.com/kubernetes/kubernetes/pull/47081), [[@luxas](https://github.com/luxas)](https://github.com/luxas)) +* kubeadm: Modifications to cluster-internal resources installed by kubeadm will be overwritten when upgrading from v1.6 to v1.7. ([#47081](https://github.com/kubernetes/kubernetes/pull/47081), [@luxas](https://github.com/luxas)) -* kubeadm deb/rpm packages: cAdvisor doesn't listen on `0.0.0.0:4194` without authentication/authorization because of the possible information leakage. The cAdvisor API can still be accessed via `https://{node-ip}:10250/stats/`, though. ([kubernetes/release#356](https://github.com/kubernetes/release/pull/356), [[@luxas](https://github.com/luxas)](https://github.com/luxas)) +* kubeadm deb/rpm packages: cAdvisor doesn't listen on `0.0.0.0:4194` without authentication/authorization because of the possible information leakage. The cAdvisor API can still be accessed via `https://{node-ip}:10250/stats/`, though. ([kubernetes/release#356](https://github.com/kubernetes/release/pull/356), [@luxas](https://github.com/luxas)) ### Cloud Providers -* Azure: Container permissions for provisioned volumes have changed to private. If you have existing Azure volumes that were created by Kubernetes v1.6.0-v1.6.5, you should change the permissions on them manually. ([[#47605](https://github.com/kubernetes/kubernetes/pull/47605)](https://github.com/kubernetes/kubernetes/pull/47605), [[@brendandburns](https://github.com/brendandburns)](https://github.com/brendandburns)) +* Azure: Container permissions for provisioned volumes have changed to private. If you have existing Azure volumes that were created by Kubernetes v1.6.0-v1.6.5, you should change the permissions on them manually. ([#47605](https://github.com/kubernetes/kubernetes/pull/47605), [@brendandburns](https://github.com/brendandburns)) -* GKE/GCE: New and upgraded 1.7 GCE/GKE clusters no longer have an RBAC ClusterRoleBinding that grants the cluster-admin ClusterRole to the default service account in the kube-system Namespace. ([[#46750](https://github.com/kubernetes/kubernetes/pull/46750)](https://github.com/kubernetes/kubernetes/pull/46750), [[@cjcullen](https://github.com/cjcullen)](https://github.com/cjcullen)). If this permission is still desired, run the following command to explicitly grant it, either before or after upgrading to 1.7: +* GKE/GCE: New and upgraded 1.7 GCE/GKE clusters no longer have an RBAC ClusterRoleBinding that grants the cluster-admin ClusterRole to the default service account in the kube-system Namespace. ([#46750](https://github.com/kubernetes/kubernetes/pull/46750), [@cjcullen](https://github.com/cjcullen)). If this permission is still desired, run the following command to explicitly grant it, either before or after upgrading to 1.7: ``` kubectl create clusterrolebinding kube-system-default --serviceaccount=kube-system:default --clusterrole=cluster-admin ``` @@ -864,34 +864,34 @@ During server startup, prior to the server reporting healthy (via `/healthz`), n Wait for the server to report healthy (via `/healthz`) before depending on the information provided by the discovery APIs. Additionally, since the information returned from the discovery APIs may change dynamically, a cache of the results should not be considered authoritative. ETag support is planned in a future version to facilitate client caching. -([[#47977](https://github.com/kubernetes/kubernetes/pull/47977)](https://github.com/kubernetes/kubernetes/issues/47977), [[#44957](https://github.com/kubernetes/kubernetes/pull/44957)](https://github.com/kubernetes/kubernetes/issues/44957)) +([#47977](https://github.com/kubernetes/kubernetes/pull/47977), [#44957](https://github.com/kubernetes/kubernetes/pull/44957)) -* The DaemonSet controller will evict running Pods that do not tolerate the NoSchedule taint if the taint is added to a Node. There is an open PR ([[#48189](https://github.com/kubernetes/kubernetes/pull/48189)](https://github.com/kubernetes/kubernetes/pull/48189)) to resolve this issue, but as this issue also exists in 1.6, and as we do not wish to risk release stability by merging it directly prior to a release without sufficient testing, we have decided to defer merging the PR until the next point release for each minor version ([[#48190](https://github.com/kubernetes/kubernetes/pull/48190)](https://github.com/kubernetes/kubernetes/issues/48190)). +* The DaemonSet controller will evict running Pods that do not tolerate the NoSchedule taint if the taint is added to a Node. There is an open PR ([#48189](https://github.com/kubernetes/kubernetes/pull/48189)) to resolve this issue, but as this issue also exists in 1.6, and as we do not wish to risk release stability by merging it directly prior to a release without sufficient testing, we have decided to defer merging the PR until the next point release for each minor version ([#48190](https://github.com/kubernetes/kubernetes/pull/48190)). * Protobuf serialization does not distinguish between `[]` and `null`. API fields previously capable of storing and returning either `[]` and `null` via JSON API requests (for example, the Endpoints `subsets` field) can now store only `null` when created using the protobuf content-type or stored in etcd using protobuf serialization (the default in 1.6). -JSON API clients should tolerate `null` values for such fields, and treat `null` and `[]` as equivalent in meaning unless specifically documented otherwise for a particular field. ([[#44593](https://github.com/kubernetes/kubernetes/pull/44593)](https://github.com/kubernetes/kubernetes/issues/44593)) +JSON API clients should tolerate `null` values for such fields, and treat `null` and `[]` as equivalent in meaning unless specifically documented otherwise for a particular field. ([#44593](https://github.com/kubernetes/kubernetes/pull/44593)) ## **Deprecations** ### Cluster provisioning scripts -* cluster/ubuntu: Removed due to [deprecation](https://github.com/kubernetes/kubernetes/tree/master/cluster#cluster-configuration) and lack of maintenance. ([[#44344](https://github.com/kubernetes/kubernetes/pull/44344)](https://github.com/kubernetes/kubernetes/pull/44344), [[@mikedanese](https://github.com/mikedanese)](https://github.com/mikedanese)) +* cluster/ubuntu: Removed due to [deprecation](https://github.com/kubernetes/kubernetes/tree/master/cluster#cluster-configuration) and lack of maintenance. ([#44344](https://github.com/kubernetes/kubernetes/pull/44344), [@mikedanese](https://github.com/mikedanese)) -* cluster/aws: Removed due to [deprecation](https://github.com/kubernetes/kubernetes/pull/38772) and lack of maintenance. ([[#42196](https://github.com/kubernetes/kubernetes/pull/42196)](https://github.com/kubernetes/kubernetes/pull/42196), [[@zmerlynn](https://github.com/zmerlynn)](https://github.com/zmerlynn)) +* cluster/aws: Removed due to [deprecation](https://github.com/kubernetes/kubernetes/pull/38772) and lack of maintenance. ([#42196](https://github.com/kubernetes/kubernetes/pull/42196), [@zmerlynn](https://github.com/zmerlynn)) ### Client libraries * Swagger 1.2 spec (`/swaggerapi/*`) is deprecated. Please use OpenAPI instead. ### DaemonSet -* DaemonSet’s spec.templateGeneration has been deprecated. ([[#45924](https://github.com/kubernetes/kubernetes/pull/45924)](https://github.com/kubernetes/kubernetes/pull/45924), [[@janetkuo](https://github.com/janetkuo)](https://github.com/janetkuo)) +* DaemonSet’s spec.templateGeneration has been deprecated. ([#45924](https://github.com/kubernetes/kubernetes/pull/45924), [@janetkuo](https://github.com/janetkuo)) ### kube-proxy -* In 1.7, the kube-proxy component has been converted to use a configuration file. The old flags still work in 1.7, but they are being deprecated and will be removed in a future release. Cluster administrators are advised to switch to using the configuration file, but no action is strictly necessary in 1.7. ([[#34727](https://github.com/kubernetes/kubernetes/pull/34727)](https://github.com/kubernetes/kubernetes/pull/34727), [[@ncdc](https://github.com/ncdc)](https://github.com/ncdc)) +* In 1.7, the kube-proxy component has been converted to use a configuration file. The old flags still work in 1.7, but they are being deprecated and will be removed in a future release. Cluster administrators are advised to switch to using the configuration file, but no action is strictly necessary in 1.7. ([#34727](https://github.com/kubernetes/kubernetes/pull/34727), [@ncdc](https://github.com/ncdc)) ### Namespace -* The Namespace API object no longer supports the deletecollection operation. ([[#46407](https://github.com/kubernetes/kubernetes/pull/46407)](https://github.com/kubernetes/kubernetes/pull/46407), [[@liggitt](https://github.com/liggitt)](https://github.com/liggitt)) +* The Namespace API object no longer supports the deletecollection operation. ([#46407](https://github.com/kubernetes/kubernetes/pull/46407), [@liggitt](https://github.com/liggitt)) ### Scheduling @@ -903,7 +903,7 @@ Features for this release were tracked via the use of the [kubernetes/features]( ## Kubefed -* Deprecate the `--secret-name` flag from `kubefed join`, instead generating the secret name arbitrarily. ([[#42513](https://github.com/kubernetes/kubernetes/pull/42513)](https://github.com/kubernetes/kubernetes/pull/42513), [[@perotinus](https://github.com/perotinus)](https://github.com/perotinus)) +* Deprecate the `--secret-name` flag from `kubefed join`, instead generating the secret name arbitrarily. ([#42513](https://github.com/kubernetes/kubernetes/pull/42513), [@perotinus](https://github.com/perotinus)) ### **Kubernetes API** @@ -912,7 +912,7 @@ Features for this release were tracked via the use of the [kubernetes/features]( * [beta] User-provided apiservers can be aggregated (served along with) the rest of the Kubernetes API. See [Extending the Kubernetes API with the aggregation layer](https://kubernetes.io/docs/concepts/api-extension/apiserver-aggregation/), [Configure the aggregation layer](https://kubernetes.io/docs/tasks/access-kubernetes-api/configure-aggregation-layer/), and [Setup an extension API server](https://kubernetes.io/docs/tasks/access-kubernetes-api/setup-extension-api-server/). -* [alpha] Adding admissionregistration API group which enables dynamic registration of initializers and external admission webhooks. ([[#46294](https://github.com/kubernetes/kubernetes/pull/46294)](https://github.com/kubernetes/kubernetes/pull/46294), [[@caesarxuchao](https://github.com/caesarxuchao)](https://github.com/caesarxuchao)) +* [alpha] Adding admissionregistration API group which enables dynamic registration of initializers and external admission webhooks. ([#46294](https://github.com/kubernetes/kubernetes/pull/46294), [@caesarxuchao](https://github.com/caesarxuchao)) ### **Application Deployment** @@ -980,113 +980,113 @@ Features for this release were tracked via the use of the [kubernetes/features]( ### **Internationalization** -* Add Traditional Chinese translation for kubectl ([[#46559](https://github.com/kubernetes/kubernetes/pull/46559)](https://github.com/kubernetes/kubernetes/pull/46559), [[@warmchang](https://github.com/warmchang)](https://github.com/warmchang)) +* Add Traditional Chinese translation for kubectl ([#46559](https://github.com/kubernetes/kubernetes/pull/46559), [@warmchang](https://github.com/warmchang)) -* Add Japanese translation for kubectl ([[#46756](https://github.com/kubernetes/kubernetes/pull/46756)](https://github.com/kubernetes/kubernetes/pull/46756), [[@girikuncoro](https://github.com/girikuncoro)](https://github.com/girikuncoro)) +* Add Japanese translation for kubectl ([#46756](https://github.com/kubernetes/kubernetes/pull/46756), [@girikuncoro](https://github.com/girikuncoro)) -* Add Simplified Chinese translation for kubectl ([[#45573](https://github.com/kubernetes/kubernetes/pull/45573)](https://github.com/kubernetes/kubernetes/pull/45573), [[@shiywang](https://github.com/shiywang)](https://github.com/shiywang)) +* Add Simplified Chinese translation for kubectl ([#45573](https://github.com/kubernetes/kubernetes/pull/45573), [@shiywang](https://github.com/shiywang)) ### **kubectl (CLI)** * Features - * `kubectl logs` supports specifying a container name when using label selectors ([[#44282](https://github.com/kubernetes/kubernetes/pull/44282)](https://github.com/kubernetes/kubernetes/pull/44282), [[@derekwaynecarr](https://github.com/derekwaynecarr)](https://github.com/derekwaynecarr)) + * `kubectl logs` supports specifying a container name when using label selectors ([#44282](https://github.com/kubernetes/kubernetes/pull/44282), [@derekwaynecarr](https://github.com/derekwaynecarr)) - * `kubectl rollout` supports undo and history for DaemonSet ([[#46144](https://github.com/kubernetes/kubernetes/pull/46144)](https://github.com/kubernetes/kubernetes/pull/46144), [[@janetkuo](https://github.com/janetkuo)](https://github.com/janetkuo)) + * `kubectl rollout` supports undo and history for DaemonSet ([#46144](https://github.com/kubernetes/kubernetes/pull/46144), [@janetkuo](https://github.com/janetkuo)) - * `kubectl rollout` supports status and history for StatefulSet ([[#46669](https://github.com/kubernetes/kubernetes/pull/46669)](https://github.com/kubernetes/kubernetes/pull/46669), [[@kow3ns](https://github.com/kow3ns)](https://github.com/kow3ns)). + * `kubectl rollout` supports status and history for StatefulSet ([#46669](https://github.com/kubernetes/kubernetes/pull/46669), [@kow3ns](https://github.com/kow3ns)). - * Implement `kubectl get controllerrevisions` ([[#46655](https://github.com/kubernetes/kubernetes/pull/46655)](https://github.com/kubernetes/kubernetes/pull/46655), [[@janetkuo](https://github.com/janetkuo)](https://github.com/janetkuo)) + * Implement `kubectl get controllerrevisions` ([#46655](https://github.com/kubernetes/kubernetes/pull/46655), [@janetkuo](https://github.com/janetkuo)) - * `kubectl create clusterrole` supports `--non-resource-url` ([[#45809](https://github.com/kubernetes/kubernetes/pull/45809)](https://github.com/kubernetes/kubernetes/pull/45809), [[@CaoShuFeng](https://github.com/CaoShuFeng)](https://github.com/CaoShuFeng)) + * `kubectl create clusterrole` supports `--non-resource-url` ([#45809](https://github.com/kubernetes/kubernetes/pull/45809), [@CaoShuFeng](https://github.com/CaoShuFeng)) * `kubectl logs` and `kubectl attach` support specifying a wait timeout with `--pod-running-timeout` - * ([[#41813](https://github.com/kubernetes/kubernetes/pull/41813)](https://github.com/kubernetes/kubernetes/pull/41813), [[@shiywang](https://github.com/shiywang)](https://github.com/shiywang)) + * ([#41813](https://github.com/kubernetes/kubernetes/pull/41813), [@shiywang](https://github.com/shiywang)) * New commands - * Add `kubectl config rename-context` ([[#46114](https://github.com/kubernetes/kubernetes/pull/46114)](https://github.com/kubernetes/kubernetes/pull/46114), [[@arthur0](https://github.com/arthur0)](https://github.com/arthur0)) + * Add `kubectl config rename-context` ([#46114](https://github.com/kubernetes/kubernetes/pull/46114), [@arthur0](https://github.com/arthur0)) - * Add `kubectl apply edit-last-applied` subcommand ([[#42256](https://github.com/kubernetes/kubernetes/pull/42256)](https://github.com/kubernetes/kubernetes/pull/42256), [[@shiywang](https://github.com/shiywang)](https://github.com/shiywang)) + * Add `kubectl apply edit-last-applied` subcommand ([#42256](https://github.com/kubernetes/kubernetes/pull/42256), [@shiywang](https://github.com/shiywang)) * Strategic Merge Patch * Reference docs now display the patch type and patch merge key used by `kubectl apply` to merge and identify unique elements in arrays. - * `kubectl edit` and `kubectl apply` will keep the ordering of elements in merged lists ([[#45980](https://github.com/kubernetes/kubernetes/pull/45980)](https://github.com/kubernetes/kubernetes/pull/45980), [[@mengqiy](https://github.com/mengqiy)](https://github.com/mengqiy)) + * `kubectl edit` and `kubectl apply` will keep the ordering of elements in merged lists ([#45980](https://github.com/kubernetes/kubernetes/pull/45980), [@mengqiy](https://github.com/mengqiy)) - * New patch directive (retainKeys) to specifying clearing fields missing from the request ([[#44597](https://github.com/kubernetes/kubernetes/pull/44597)](https://github.com/kubernetes/kubernetes/pull/44597), [[@mengqiy](https://github.com/mengqiy)](https://github.com/mengqiy)) + * New patch directive (retainKeys) to specifying clearing fields missing from the request ([#44597](https://github.com/kubernetes/kubernetes/pull/44597), [@mengqiy](https://github.com/mengqiy)) - * Open API now includes strategic merge patch tags (previously only in go struct tags) ([[#44121](https://github.com/kubernetes/kubernetes/pull/44121)](https://github.com/kubernetes/kubernetes/pull/44121), [[@mbohlool](https://github.com/mbohlool)](https://github.com/mbohlool)) + * Open API now includes strategic merge patch tags (previously only in go struct tags) ([#44121](https://github.com/kubernetes/kubernetes/pull/44121), [@mbohlool](https://github.com/mbohlool)) * Plugins - * Introduces the ability to extend kubectl by adding third-party plugins. Developer preview, please refer to the documentation for instructions about how to use it. ([[#37499](https://github.com/kubernetes/kubernetes/pull/37499)](https://github.com/kubernetes/kubernetes/pull/37499), [[@fabianofranz](https://github.com/fabianofranz)](https://github.com/fabianofranz)) + * Introduces the ability to extend kubectl by adding third-party plugins. Developer preview, please refer to the documentation for instructions about how to use it. ([#37499](https://github.com/kubernetes/kubernetes/pull/37499), [@fabianofranz](https://github.com/fabianofranz)) - * Added support for a hierarchy of kubectl plugins (a tree of plugins as children of other plugins). ([[#45981](https://github.com/kubernetes/kubernetes/pull/45981)](https://github.com/kubernetes/kubernetes/pull/45981), [[@fabianofranz](https://github.com/fabianofranz)](https://github.com/fabianofranz)) + * Added support for a hierarchy of kubectl plugins (a tree of plugins as children of other plugins). ([#45981](https://github.com/kubernetes/kubernetes/pull/45981), [@fabianofranz](https://github.com/fabianofranz)) * Added exported env vars to kubectl plugins so that plugin developers have access to global flags, namespace, the plugin descriptor and the full path to the caller binary. * Enhancement - * `kubectl auth can-i` now supports non-resource URLs ([[#46432](https://github.com/kubernetes/kubernetes/pull/46432)](https://github.com/kubernetes/kubernetes/pull/46432), [[@CaoShuFeng](https://github.com/CaoShuFeng)](https://github.com/CaoShuFeng)) + * `kubectl auth can-i` now supports non-resource URLs ([#46432](https://github.com/kubernetes/kubernetes/pull/46432), [@CaoShuFeng](https://github.com/CaoShuFeng)) - * `kubectl set selector` and `kubectl set subject` no longer print "running in local/dry-run mode..." at the top. The output can now be piped and interpretted as yaml or json ([[#46507](https://github.com/kubernetes/kubernetes/pull/46507)](https://github.com/kubernetes/kubernetes/pull/46507), [[@bboreham](https://github.com/bboreham)](https://github.com/bboreham)) + * `kubectl set selector` and `kubectl set subject` no longer print "running in local/dry-run mode..." at the top. The output can now be piped and interpretted as yaml or json ([#46507](https://github.com/kubernetes/kubernetes/pull/46507), [@bboreham](https://github.com/bboreham)) - * When using an in-cluster client with an empty configuration, the `--namespace` flag is now honored ([[#46299](https://github.com/kubernetes/kubernetes/pull/46299)](https://github.com/kubernetes/kubernetes/pull/46299), [[@ncdc](https://github.com/ncdc)](https://github.com/ncdc)) + * When using an in-cluster client with an empty configuration, the `--namespace` flag is now honored ([#46299](https://github.com/kubernetes/kubernetes/pull/46299), [@ncdc](https://github.com/ncdc)) - * The help message for missingResourceError is now generic ([[#45582](https://github.com/kubernetes/kubernetes/pull/45582)](https://github.com/kubernetes/kubernetes/pull/45582), [[@CaoShuFeng](https://github.com/CaoShuFeng)](https://github.com/CaoShuFeng)) + * The help message for missingResourceError is now generic ([#45582](https://github.com/kubernetes/kubernetes/pull/45582), [@CaoShuFeng](https://github.com/CaoShuFeng)) - * `kubectl taint node` now supports label selectors ([[#44740](https://github.com/kubernetes/kubernetes/pull/44740)](https://github.com/kubernetes/kubernetes/pull/44740), [[@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)](https://github.com/ravisantoshgudimetla)) + * `kubectl taint node` now supports label selectors ([#44740](https://github.com/kubernetes/kubernetes/pull/44740), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) - * `kubectl proxy --www` now logs a warning when the dir is invalid ([[#44952](https://github.com/kubernetes/kubernetes/pull/44952)](https://github.com/kubernetes/kubernetes/pull/44952), [[@CaoShuFeng](https://github.com/CaoShuFeng)](https://github.com/CaoShuFeng)) + * `kubectl proxy --www` now logs a warning when the dir is invalid ([#44952](https://github.com/kubernetes/kubernetes/pull/44952), [@CaoShuFeng](https://github.com/CaoShuFeng)) - * `kubectl taint` output has been enhanced with the operation ([[#43171](https://github.com/kubernetes/kubernetes/pull/43171)](https://github.com/kubernetes/kubernetes/pull/43171), [[@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)](https://github.com/ravisantoshgudimetla)) + * `kubectl taint` output has been enhanced with the operation ([#43171](https://github.com/kubernetes/kubernetes/pull/43171), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) - * kubectl `--user` and `--cluster` now support completion ([[#44251](https://github.com/kubernetes/kubernetes/pull/44251)](https://github.com/kubernetes/kubernetes/pull/44251), [[@superbrothers](https://github.com/superbrothers)](https://github.com/superbrothers)) + * kubectl `--user` and `--cluster` now support completion ([#44251](https://github.com/kubernetes/kubernetes/pull/44251), [@superbrothers](https://github.com/superbrothers)) - * `kubectl config use-context` now supports completion ([[#42336](https://github.com/kubernetes/kubernetes/pull/42336)](https://github.com/kubernetes/kubernetes/pull/42336), [[@superbrothers](https://github.com/superbrothers)](https://github.com/superbrothers)) + * `kubectl config use-context` now supports completion ([#42336](https://github.com/kubernetes/kubernetes/pull/42336), [@superbrothers](https://github.com/superbrothers)) - * `kubectl version` now supports `--output` ([[#39858](https://github.com/kubernetes/kubernetes/pull/39858)](https://github.com/kubernetes/kubernetes/pull/39858), [[@alejandroEsc](https://github.com/alejandroEsc)](https://github.com/alejandroEsc)) + * `kubectl version` now supports `--output` ([#39858](https://github.com/kubernetes/kubernetes/pull/39858), [@alejandroEsc](https://github.com/alejandroEsc)) - * `kubectl create configmap` has a new option `--from-env-file` that populates a configmap from file which follows a key=val format for each line. ([[#38882](https://github.com/kubernetes/kubernetes/pull/38882)](https://github.com/kubernetes/kubernetes/pull/38882), [[@fraenkel](https://github.com/fraenkel)](https://github.com/fraenkel)) + * `kubectl create configmap` has a new option `--from-env-file` that populates a configmap from file which follows a key=val format for each line. ([#38882](https://github.com/kubernetes/kubernetes/pull/38882), [@fraenkel](https://github.com/fraenkel)) * `kubectl create secret` has a new option `--from-env-file` that populates a configmap from file which follows a key=val format for each line. * Printing/describe - * Print conditions of RC/RS in `kubectl describe` command. ([[#44710](https://github.com/kubernetes/kubernetes/pull/44710)](https://github.com/kubernetes/kubernetes/pull/44710), [[@xiangpengzhao](https://github.com/xiangpengzhao)](https://github.com/xiangpengzhao)) + * Print conditions of RC/RS in `kubectl describe` command. ([#44710](https://github.com/kubernetes/kubernetes/pull/44710), [@xiangpengzhao](https://github.com/xiangpengzhao)) - * Improved output on `kubectl get` and `kubectl describe` for generic objects. ([[#44222](https://github.com/kubernetes/kubernetes/pull/44222)](https://github.com/kubernetes/kubernetes/pull/44222), [[@fabianofranz](https://github.com/fabianofranz)](https://github.com/fabianofranz)) + * Improved output on `kubectl get` and `kubectl describe` for generic objects. ([#44222](https://github.com/kubernetes/kubernetes/pull/44222), [@fabianofranz](https://github.com/fabianofranz)) - * In `kubectl describe`, find controllers with ControllerRef, instead of showing the original creator. ([[#42849](https://github.com/kubernetes/kubernetes/pull/42849)](https://github.com/kubernetes/kubernetes/pull/42849), [[@janetkuo](https://github.com/janetkuo)](https://github.com/janetkuo)) + * In `kubectl describe`, find controllers with ControllerRef, instead of showing the original creator. ([#42849](https://github.com/kubernetes/kubernetes/pull/42849), [@janetkuo](https://github.com/janetkuo)) - * `kubectl version` has new flag --output (=json or yaml) allowing result of the command to be parsed in either json format or yaml. ([[#39858](https://github.com/kubernetes/kubernetes/pull/39858)](https://github.com/kubernetes/kubernetes/pull/39858), [[@alejandroEsc](https://github.com/alejandroEsc)](https://github.com/alejandroEsc)) + * `kubectl version` has new flag --output (=json or yaml) allowing result of the command to be parsed in either json format or yaml. ([#39858](https://github.com/kubernetes/kubernetes/pull/39858), [@alejandroEsc](https://github.com/alejandroEsc)) * Bug fixes - * Fix some false negatives in detection of meaningful conflicts during strategic merge patch with maps and lists. ([[#43469](https://github.com/kubernetes/kubernetes/pull/43469)](https://github.com/kubernetes/kubernetes/pull/43469), [[@enisoc](https://github.com/enisoc)](https://github.com/enisoc)) + * Fix some false negatives in detection of meaningful conflicts during strategic merge patch with maps and lists. ([#43469](https://github.com/kubernetes/kubernetes/pull/43469), [@enisoc](https://github.com/enisoc)) - * Fix false positive "meaningful conflict" detection for strategic merge patch with integer values. ([[#44788](https://github.com/kubernetes/kubernetes/pull/44788)](https://github.com/kubernetes/kubernetes/pull/44788), [[@enisoc](https://github.com/enisoc)](https://github.com/enisoc)) + * Fix false positive "meaningful conflict" detection for strategic merge patch with integer values. ([#44788](https://github.com/kubernetes/kubernetes/pull/44788), [@enisoc](https://github.com/enisoc)) - * Restored the ability of kubectl running inside a pod to consume resource files specifying a different namespace than the one the pod is running in. ([[#44862](https://github.com/kubernetes/kubernetes/pull/44862)](https://github.com/kubernetes/kubernetes/pull/44862), [[@liggitt](https://github.com/liggitt)](https://github.com/liggitt)) + * Restored the ability of kubectl running inside a pod to consume resource files specifying a different namespace than the one the pod is running in. ([#44862](https://github.com/kubernetes/kubernetes/pull/44862), [@liggitt](https://github.com/liggitt)) - * Kubectl commands run inside a pod using a kubeconfig file now use the namespace specified in the kubeconfig file, instead of using the pod namespace. If no kubeconfig file is used, or the kubeconfig does not specify a namespace, the pod namespace is still used as a fallback. ([[#44570](https://github.com/kubernetes/kubernetes/pull/44570)](https://github.com/kubernetes/kubernetes/pull/44570), [[@liggitt](https://github.com/liggitt)](https://github.com/liggitt)) + * Kubectl commands run inside a pod using a kubeconfig file now use the namespace specified in the kubeconfig file, instead of using the pod namespace. If no kubeconfig file is used, or the kubeconfig does not specify a namespace, the pod namespace is still used as a fallback. ([#44570](https://github.com/kubernetes/kubernetes/pull/44570), [@liggitt](https://github.com/liggitt)) - * Fixed `kubectl cluster-info` dump to support multi-container pod. ([[#44088](https://github.com/kubernetes/kubernetes/pull/44088)](https://github.com/kubernetes/kubernetes/pull/44088), [[@xingzhou](https://github.com/xingzhou)](https://github.com/xingzhou)) + * Fixed `kubectl cluster-info` dump to support multi-container pod. ([#44088](https://github.com/kubernetes/kubernetes/pull/44088), [@xingzhou](https://github.com/xingzhou)) - * Kubectl will print a warning when deleting the current context ([[#42538](https://github.com/kubernetes/kubernetes/pull/42538)](https://github.com/kubernetes/kubernetes/pull/42538), [[@adohe](https://github.com/adohe)](https://github.com/adohe)) + * Kubectl will print a warning when deleting the current context ([#42538](https://github.com/kubernetes/kubernetes/pull/42538), [@adohe](https://github.com/adohe)) - * Fix VolumeClaims/capacity in `kubectl describe statefulsets` output. ([[#47573](https://github.com/kubernetes/kubernetes/pull/47573)](https://github.com/kubernetes/kubernetes/pull/47573), [[@k82cn](https://github.com/k82cn)](https://github.com/k82cn)) + * Fix VolumeClaims/capacity in `kubectl describe statefulsets` output. ([#47573](https://github.com/kubernetes/kubernetes/pull/47573), [@k82cn](https://github.com/k82cn)) - * Fixed the output of kubectl taint node command with minor improvements. ([[#43171](https://github.com/kubernetes/kubernetes/pull/43171)](https://github.com/kubernetes/kubernetes/pull/43171), [[@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)](https://github.com/ravisantoshgudimetla)) + * Fixed the output of kubectl taint node command with minor improvements. ([#43171](https://github.com/kubernetes/kubernetes/pull/43171), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) ### **Networking** #### Network Policy * [stable] [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) promoted to GA. - * Additionally adds short name "netpol" for networkpolicies ([[#42241](https://github.com/kubernetes/kubernetes/pull/42241)](https://github.com/kubernetes/kubernetes/pull/42241), [[@xiangpengzhao](https://github.com/xiangpengzhao)](https://github.com/xiangpengzhao)) + * Additionally adds short name "netpol" for networkpolicies ([#42241](https://github.com/kubernetes/kubernetes/pull/42241), [@xiangpengzhao](https://github.com/xiangpengzhao)) #### Load Balancing @@ -1132,161 +1132,161 @@ Features for this release were tracked via the use of the [kubernetes/features]( ### **Other notable changes** #### Admission plugin -* OwnerReferencesPermissionEnforcement admission plugin ignores pods/status. ([[#45747](https://github.com/kubernetes/kubernetes/pull/45747)](https://github.com/kubernetes/kubernetes/pull/45747), [[@derekwaynecarr](https://github.com/derekwaynecarr)](https://github.com/derekwaynecarr)) +* OwnerReferencesPermissionEnforcement admission plugin ignores pods/status. ([#45747](https://github.com/kubernetes/kubernetes/pull/45747), [@derekwaynecarr](https://github.com/derekwaynecarr)) -* Ignored mirror pods in PodPreset admission plugin. ([[#45958](https://github.com/kubernetes/kubernetes/pull/45958)](https://github.com/kubernetes/kubernetes/pull/45958), [[@k82cn](https://github.com/k82cn)](https://github.com/k82cn)) +* Ignored mirror pods in PodPreset admission plugin. ([#45958](https://github.com/kubernetes/kubernetes/pull/45958), [@k82cn](https://github.com/k82cn)) #### API Machinery -* The protobuf serialization of API objects has been updated to store maps in a predictable order to ensure that the representation of that object does not change when saved into etcd. This prevents the same object from being seen as being modified, even when no values have changed. ([[#47701](https://github.com/kubernetes/kubernetes/pull/47701)](https://github.com/kubernetes/kubernetes/pull/47701), [[@smarterclayton](https://github.com/smarterclayton)](https://github.com/smarterclayton)) +* The protobuf serialization of API objects has been updated to store maps in a predictable order to ensure that the representation of that object does not change when saved into etcd. This prevents the same object from being seen as being modified, even when no values have changed. ([#47701](https://github.com/kubernetes/kubernetes/pull/47701), [@smarterclayton](https://github.com/smarterclayton)) -* API resource discovery now includes the singularName used to refer to the resource. ([[#43312](https://github.com/kubernetes/kubernetes/pull/43312)](https://github.com/kubernetes/kubernetes/pull/43312), [[@deads2k](https://github.com/deads2k)](https://github.com/deads2k)) +* API resource discovery now includes the singularName used to refer to the resource. ([#43312](https://github.com/kubernetes/kubernetes/pull/43312), [@deads2k](https://github.com/deads2k)) -* Enhance the garbage collection admission plugin so that a user who doesn't have delete permission of the owning object cannot modify the blockOwnerDeletion field of existing ownerReferences, or add new ownerReferences with blockOwnerDeletion=true ([[#43876](https://github.com/kubernetes/kubernetes/pull/43876)](https://github.com/kubernetes/kubernetes/pull/43876), [[@caesarxuchao](https://github.com/caesarxuchao)](https://github.com/caesarxuchao)) +* Enhance the garbage collection admission plugin so that a user who doesn't have delete permission of the owning object cannot modify the blockOwnerDeletion field of existing ownerReferences, or add new ownerReferences with blockOwnerDeletion=true ([#43876](https://github.com/kubernetes/kubernetes/pull/43876), [@caesarxuchao](https://github.com/caesarxuchao)) -* Exec and portforward actions over SPDY now properly handle redirects sent by the Kubelet ([[#44451](https://github.com/kubernetes/kubernetes/pull/44451)](https://github.com/kubernetes/kubernetes/pull/44451), [[@ncdc](https://github.com/ncdc)](https://github.com/ncdc)) +* Exec and portforward actions over SPDY now properly handle redirects sent by the Kubelet ([#44451](https://github.com/kubernetes/kubernetes/pull/44451), [@ncdc](https://github.com/ncdc)) -* The proxy subresource APIs for nodes, services, and pods now support the HTTP PATCH method. ([[#44929](https://github.com/kubernetes/kubernetes/pull/44929)](https://github.com/kubernetes/kubernetes/pull/44929), [[@liggitt](https://github.com/liggitt)](https://github.com/liggitt)) +* The proxy subresource APIs for nodes, services, and pods now support the HTTP PATCH method. ([#44929](https://github.com/kubernetes/kubernetes/pull/44929), [@liggitt](https://github.com/liggitt)) -* The Categories []string field on discovered API resources represents the list of group aliases (e.g. "all") that each resource belongs to. ([[#43338](https://github.com/kubernetes/kubernetes/pull/43338)](https://github.com/kubernetes/kubernetes/pull/43338), [[@fabianofranz](https://github.com/fabianofranz)](https://github.com/fabianofranz)) +* The Categories []string field on discovered API resources represents the list of group aliases (e.g. "all") that each resource belongs to. ([#43338](https://github.com/kubernetes/kubernetes/pull/43338), [@fabianofranz](https://github.com/fabianofranz)) -* [alpha] The Kubernetes API supports retrieving tabular output for API resources via a new mime-type application/json;as=Table;v=v1alpha1;g=meta.k8s.io. The returned object (if the server supports it) will be of type meta.k8s.io/v1alpha1 with Table, and contain column and row information related to the resource. Each row will contain information about the resource - by default it will be the object metadata, but callers can add the ?includeObject=Object query parameter and receive the full object. In the future kubectl will use this to retrieve the results of `kubectl get`. ([[#40848](https://github.com/kubernetes/kubernetes/pull/40848)](https://github.com/kubernetes/kubernetes/pull/40848), [[@smarterclayton](https://github.com/smarterclayton)](https://github.com/smarterclayton)) +* [alpha] The Kubernetes API supports retrieving tabular output for API resources via a new mime-type application/json;as=Table;v=v1alpha1;g=meta.k8s.io. The returned object (if the server supports it) will be of type meta.k8s.io/v1alpha1 with Table, and contain column and row information related to the resource. Each row will contain information about the resource - by default it will be the object metadata, but callers can add the ?includeObject=Object query parameter and receive the full object. In the future kubectl will use this to retrieve the results of `kubectl get`. ([#40848](https://github.com/kubernetes/kubernetes/pull/40848), [@smarterclayton](https://github.com/smarterclayton)) -* The behavior of some watch calls to the server when filtering on fields was incorrect. If watching objects with a filter, when an update was made that no longer matched the filter a DELETE event was correctly sent. However, the object that was returned by that delete was not the (correct) version before the update, but instead, the newer version. That meant the new object was not matched by the filter. This was a regression from behavior between cached watches on the server side and uncached watches, and thus broke downstream API clients. ([[#46223](https://github.com/kubernetes/kubernetes/pull/46223)](https://github.com/kubernetes/kubernetes/pull/46223), [[@smarterclayton](https://github.com/smarterclayton)](https://github.com/smarterclayton)) +* The behavior of some watch calls to the server when filtering on fields was incorrect. If watching objects with a filter, when an update was made that no longer matched the filter a DELETE event was correctly sent. However, the object that was returned by that delete was not the (correct) version before the update, but instead, the newer version. That meant the new object was not matched by the filter. This was a regression from behavior between cached watches on the server side and uncached watches, and thus broke downstream API clients. ([#46223](https://github.com/kubernetes/kubernetes/pull/46223), [@smarterclayton](https://github.com/smarterclayton)) -* OpenAPI spec is now available in protobuf binary and gzip format (with ETag support) ([[#45836](https://github.com/kubernetes/kubernetes/pull/45836)](https://github.com/kubernetes/kubernetes/pull/45836), [[@mbohlool](https://github.com/mbohlool)](https://github.com/mbohlool)) +* OpenAPI spec is now available in protobuf binary and gzip format (with ETag support) ([#45836](https://github.com/kubernetes/kubernetes/pull/45836), [@mbohlool](https://github.com/mbohlool)) -* Updating apiserver to return UID of the deleted resource. Clients can use this UID to verify that the resource was deleted or waiting for finalizers. ([[#45600](https://github.com/kubernetes/kubernetes/pull/45600)](https://github.com/kubernetes/kubernetes/pull/45600), [[@nikhiljindal](https://github.com/nikhiljindal)](https://github.com/nikhiljindal)) +* Updating apiserver to return UID of the deleted resource. Clients can use this UID to verify that the resource was deleted or waiting for finalizers. ([#45600](https://github.com/kubernetes/kubernetes/pull/45600), [@nikhiljindal](https://github.com/nikhiljindal)) -* Fix incorrect conflict errors applying strategic merge patches to resources. ([[#43871](https://github.com/kubernetes/kubernetes/pull/43871)](https://github.com/kubernetes/kubernetes/pull/43871), [[@liggitt](https://github.com/liggitt)](https://github.com/liggitt)) +* Fix incorrect conflict errors applying strategic merge patches to resources. ([#43871](https://github.com/kubernetes/kubernetes/pull/43871), [@liggitt](https://github.com/liggitt)) -* Fix init container status reporting when active deadline is exceeded. ([[#46305](https://github.com/kubernetes/kubernetes/pull/46305)](https://github.com/kubernetes/kubernetes/pull/46305), [[@sjenning](https://github.com/sjenning)](https://github.com/sjenning)) +* Fix init container status reporting when active deadline is exceeded. ([#46305](https://github.com/kubernetes/kubernetes/pull/46305), [@sjenning](https://github.com/sjenning)) -* Moved qos to api.helpers. ([[#44906](https://github.com/kubernetes/kubernetes/pull/44906)](https://github.com/kubernetes/kubernetes/pull/44906), [[@k82cn](https://github.com/k82cn)](https://github.com/k82cn)) +* Moved qos to api.helpers. ([#44906](https://github.com/kubernetes/kubernetes/pull/44906), [@k82cn](https://github.com/k82cn)) -* Fix issue with the resource quota controller causing add quota to be resynced at the wrong ([[#45685](https://github.com/kubernetes/kubernetes/pull/45685)](https://github.com/kubernetes/kubernetes/pull/45685), [[@derekwaynecarr](https://github.com/derekwaynecarr)](https://github.com/derekwaynecarr)) +* Fix issue with the resource quota controller causing add quota to be resynced at the wrong ([#45685](https://github.com/kubernetes/kubernetes/pull/45685), [@derekwaynecarr](https://github.com/derekwaynecarr)) -* Added Group/Version/Kind and Action extension to OpenAPI Operations ([[#44787](https://github.com/kubernetes/kubernetes/pull/44787)](https://github.com/kubernetes/kubernetes/pull/44787), [[@mbohlool](https://github.com/mbohlool)](https://github.com/mbohlool)) +* Added Group/Version/Kind and Action extension to OpenAPI Operations ([#44787](https://github.com/kubernetes/kubernetes/pull/44787), [@mbohlool](https://github.com/mbohlool)) -* Make clear that meta.KindToResource is only a guess ([[#45272](https://github.com/kubernetes/kubernetes/pull/45272)](https://github.com/kubernetes/kubernetes/pull/45272), [[@sttts](https://github.com/sttts)](https://github.com/sttts)) +* Make clear that meta.KindToResource is only a guess ([#45272](https://github.com/kubernetes/kubernetes/pull/45272), [@sttts](https://github.com/sttts)) -* Add APIService conditions ([[#43301](https://github.com/kubernetes/kubernetes/pull/43301)](https://github.com/kubernetes/kubernetes/pull/43301), [[@deads2k](https://github.com/deads2k)](https://github.com/deads2k)) +* Add APIService conditions ([#43301](https://github.com/kubernetes/kubernetes/pull/43301), [@deads2k](https://github.com/deads2k)) -* Create and push a docker image for the cloud-controller-manager ([[#45154](https://github.com/kubernetes/kubernetes/pull/45154)](https://github.com/kubernetes/kubernetes/pull/45154), [[@luxas](https://github.com/luxas)](https://github.com/luxas)) +* Create and push a docker image for the cloud-controller-manager ([#45154](https://github.com/kubernetes/kubernetes/pull/45154), [@luxas](https://github.com/luxas)) -* Deprecated Binding objects in 1.7. ([[#47041](https://github.com/kubernetes/kubernetes/pull/47041)](https://github.com/kubernetes/kubernetes/pull/47041), [[@k82cn](https://github.com/k82cn)](https://github.com/k82cn)) +* Deprecated Binding objects in 1.7. ([#47041](https://github.com/kubernetes/kubernetes/pull/47041), [@k82cn](https://github.com/k82cn)) -* Adds the Categories []string field to API resources, which represents the list of group aliases (e.g. "all") that every resource belongs to. ([[#43338](https://github.com/kubernetes/kubernetes/pull/43338)](https://github.com/kubernetes/kubernetes/pull/43338), [[@fabianofranz](https://github.com/fabianofranz)](https://github.com/fabianofranz)) +* Adds the Categories []string field to API resources, which represents the list of group aliases (e.g. "all") that every resource belongs to. ([#43338](https://github.com/kubernetes/kubernetes/pull/43338), [@fabianofranz](https://github.com/fabianofranz)) -* `--service-account-lookup` now defaults to true, requiring the Secret API object containing the token to exist in order for a service account token to be valid. This enables service account tokens to be revoked by deleting the Secret object containing the token. ([[#44071](https://github.com/kubernetes/kubernetes/pull/44071)](https://github.com/kubernetes/kubernetes/pull/44071), [[@liggitt](https://github.com/liggitt)](https://github.com/liggitt)) +* `--service-account-lookup` now defaults to true, requiring the Secret API object containing the token to exist in order for a service account token to be valid. This enables service account tokens to be revoked by deleting the Secret object containing the token. ([#44071](https://github.com/kubernetes/kubernetes/pull/44071), [@liggitt](https://github.com/liggitt)) -* API Registration is now in beta. ([[#45247](https://github.com/kubernetes/kubernetes/pull/45247)](https://github.com/kubernetes/kubernetes/pull/45247), [[@mbohlool](https://github.com/mbohlool)](https://github.com/mbohlool)) +* API Registration is now in beta. ([#45247](https://github.com/kubernetes/kubernetes/pull/45247), [@mbohlool](https://github.com/mbohlool)) -* The Kubernetes API server now exits if it encounters a networking failure (e.g. the networking interface hosting its address goes away) to allow a process manager (systemd/kubelet/etc) to react to the problem. Previously the server would log the failure and try again to bind to its configured address:port. ([[#42272](https://github.com/kubernetes/kubernetes/pull/42272)](https://github.com/kubernetes/kubernetes/pull/42272), [[@marun](https://github.com/marun)](https://github.com/marun)) +* The Kubernetes API server now exits if it encounters a networking failure (e.g. the networking interface hosting its address goes away) to allow a process manager (systemd/kubelet/etc) to react to the problem. Previously the server would log the failure and try again to bind to its configured address:port. ([#42272](https://github.com/kubernetes/kubernetes/pull/42272), [@marun](https://github.com/marun)) -* The Prometheus metrics for the kube-apiserver for tracking incoming API requests and latencies now return the subresource label for correctly attributing the type of API call. ([[#46354](https://github.com/kubernetes/kubernetes/pull/46354)](https://github.com/kubernetes/kubernetes/pull/46354), [[@smarterclayton](https://github.com/smarterclayton)](https://github.com/smarterclayton)) +* The Prometheus metrics for the kube-apiserver for tracking incoming API requests and latencies now return the subresource label for correctly attributing the type of API call. ([#46354](https://github.com/kubernetes/kubernetes/pull/46354), [@smarterclayton](https://github.com/smarterclayton)) -* kube-apiserver now drops unneeded path information if an older version of Windows kubectl sends it. ([[#44421](https://github.com/kubernetes/kubernetes/pull/44421)](https://github.com/kubernetes/kubernetes/pull/44421), [[@mml](https://github.com/mml)](https://github.com/mml)) +* kube-apiserver now drops unneeded path information if an older version of Windows kubectl sends it. ([#44421](https://github.com/kubernetes/kubernetes/pull/44421), [@mml](https://github.com/mml)) #### Application autoscaling -* Make "upscale forbidden window" and "downscale forbidden window" duration configurable in arguments of kube-controller-manager. ([[#42101](https://github.com/kubernetes/kubernetes/pull/42101)](https://github.com/kubernetes/kubernetes/pull/42101), [[@Dmitry1987](https://github.com/Dmitry1987)](https://github.com/Dmitry1987)) +* Make "upscale forbidden window" and "downscale forbidden window" duration configurable in arguments of kube-controller-manager. ([#42101](https://github.com/kubernetes/kubernetes/pull/42101), [@Dmitry1987](https://github.com/Dmitry1987)) #### Application Deployment -* StatefulSetStatus now tracks replicas, readyReplicas, currentReplicas, and updatedReplicas. The semantics of replicas is now consistent with DaemonSet and ReplicaSet, and readyReplicas has the semantics that replicas did prior to 1.7 ([[#46669](https://github.com/kubernetes/kubernetes/pull/46669)](https://github.com/kubernetes/kubernetes/pull/46669), [[@kow3ns](https://github.com/kow3ns)](https://github.com/kow3ns)). +* StatefulSetStatus now tracks replicas, readyReplicas, currentReplicas, and updatedReplicas. The semantics of replicas is now consistent with DaemonSet and ReplicaSet, and readyReplicas has the semantics that replicas did prior to 1.7 ([#46669](https://github.com/kubernetes/kubernetes/pull/46669), [@kow3ns](https://github.com/kow3ns)). -* ControllerRevision type has been added for StatefulSet and DaemonSet history. Clients should not depend on the stability of this type as it may change, as necessary, in future releases to support StatefulSet and DaemonSet update and rollback. We enable this type as we do with beta features, because StatefulSet update and DaemonSet update are enabled. ([[#45867](https://github.com/kubernetes/kubernetes/pull/45867)](https://github.com/kubernetes/kubernetes/pull/45867), [[@kow3ns](https://github.com/kow3ns)](https://github.com/kow3ns)) +* ControllerRevision type has been added for StatefulSet and DaemonSet history. Clients should not depend on the stability of this type as it may change, as necessary, in future releases to support StatefulSet and DaemonSet update and rollback. We enable this type as we do with beta features, because StatefulSet update and DaemonSet update are enabled. ([#45867](https://github.com/kubernetes/kubernetes/pull/45867), [@kow3ns](https://github.com/kow3ns)) -* PodDisruptionBudget now uses ControllerRef to decide which controller owns a given Pod, so it doesn't get confused by controllers with overlapping selectors. ([[#45003](https://github.com/kubernetes/kubernetes/pull/45003)](https://github.com/kubernetes/kubernetes/pull/45003), [[@krmayankk](https://github.com/krmayankk)](https://github.com/krmayankk)) +* PodDisruptionBudget now uses ControllerRef to decide which controller owns a given Pod, so it doesn't get confused by controllers with overlapping selectors. ([#45003](https://github.com/kubernetes/kubernetes/pull/45003), [@krmayankk](https://github.com/krmayankk)) -* Deployments are updated to use (1) a more stable hashing algorithm (fnv) than the previous one (adler) and (2) a hashing collision avoidance mechanism that will ensure new rollouts will not block on hashing collisions anymore. ([[#44774](https://github.com/kubernetes/kubernetes/pull/44774)](https://github.com/kubernetes/kubernetes/pull/44774), [[@kargakis](https://github.com/kargakis)](https://github.com/kargakis))([kubernetes/features#287](https://github.com/kubernetes/features/issues/287)) +* Deployments are updated to use (1) a more stable hashing algorithm (fnv) than the previous one (adler) and (2) a hashing collision avoidance mechanism that will ensure new rollouts will not block on hashing collisions anymore. ([#44774](https://github.com/kubernetes/kubernetes/pull/44774), [@kargakis](https://github.com/kargakis))([kubernetes/features#287](https://github.com/kubernetes/features/issues/287)) -* Deployments and DaemonSets rollouts are considered complete when all of the desired replicas are updated and available. This change affects `kubectl rollout status` and Deployment condition. ([[#44672](https://github.com/kubernetes/kubernetes/pull/44672)](https://github.com/kubernetes/kubernetes/pull/44672), [[@kargakis](https://github.com/kargakis)](https://github.com/kargakis)) +* Deployments and DaemonSets rollouts are considered complete when all of the desired replicas are updated and available. This change affects `kubectl rollout status` and Deployment condition. ([#44672](https://github.com/kubernetes/kubernetes/pull/44672), [@kargakis](https://github.com/kargakis)) -* Job controller now respects ControllerRef to avoid fighting over Pods. ([[#42176](https://github.com/kubernetes/kubernetes/pull/42176)](https://github.com/kubernetes/kubernetes/pull/42176), [[@enisoc](https://github.com/enisoc)](https://github.com/enisoc)) +* Job controller now respects ControllerRef to avoid fighting over Pods. ([#42176](https://github.com/kubernetes/kubernetes/pull/42176), [@enisoc](https://github.com/enisoc)) -* CronJob controller now respects ControllerRef to avoid fighting with other controllers. ([[#42177](https://github.com/kubernetes/kubernetes/pull/42177)](https://github.com/kubernetes/kubernetes/pull/42177), [[@enisoc](https://github.com/enisoc)](https://github.com/enisoc)) +* CronJob controller now respects ControllerRef to avoid fighting with other controllers. ([#42177](https://github.com/kubernetes/kubernetes/pull/42177), [@enisoc](https://github.com/enisoc)) #### Cluster Autoscaling * Cluster Autoscaler 0.6. More information available [here](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/README.md). -* cluster-autoscaler: Fix duplicate writing of logs. ([[#45017](https://github.com/kubernetes/kubernetes/pull/45017)](https://github.com/kubernetes/kubernetes/pull/45017), [[@MaciekPytel](https://github.com/MaciekPytel)](https://github.com/MaciekPytel)) +* cluster-autoscaler: Fix duplicate writing of logs. ([#45017](https://github.com/kubernetes/kubernetes/pull/45017), [@MaciekPytel](https://github.com/MaciekPytel)) #### Cloud Provider Enhancement * AWS: - * New 'service.beta.kubernetes.io/aws-load-balancer-extra-security-groups' Service annotation to specify extra Security Groups to be added to ELB created by AWS cloudprovider ([[#45268](https://github.com/kubernetes/kubernetes/pull/45268)](https://github.com/kubernetes/kubernetes/pull/45268), [[@redbaron](https://github.com/redbaron)](https://github.com/redbaron)) + * New 'service.beta.kubernetes.io/aws-load-balancer-extra-security-groups' Service annotation to specify extra Security Groups to be added to ELB created by AWS cloudprovider ([#45268](https://github.com/kubernetes/kubernetes/pull/45268), [@redbaron](https://github.com/redbaron)) - * Clean up blackhole routes when using kubenet ([[#47572](https://github.com/kubernetes/kubernetes/pull/47572)](https://github.com/kubernetes/kubernetes/pull/47572), [[@justinsb](https://github.com/justinsb)](https://github.com/justinsb)) + * Clean up blackhole routes when using kubenet ([#47572](https://github.com/kubernetes/kubernetes/pull/47572), [@justinsb](https://github.com/justinsb)) - * Maintain a cache of all instances, to fix problem with > 200 nodes with ELBs ([[#47410](https://github.com/kubernetes/kubernetes/pull/47410)](https://github.com/kubernetes/kubernetes/pull/47410), [[@justinsb](https://github.com/justinsb)](https://github.com/justinsb)) + * Maintain a cache of all instances, to fix problem with > 200 nodes with ELBs ([#47410](https://github.com/kubernetes/kubernetes/pull/47410), [@justinsb](https://github.com/justinsb)) - * Avoid spurious ELB listener recreation - ignore case when matching protocol ([[#47391](https://github.com/kubernetes/kubernetes/pull/47391)](https://github.com/kubernetes/kubernetes/pull/47391), [[@justinsb](https://github.com/justinsb)](https://github.com/justinsb)) + * Avoid spurious ELB listener recreation - ignore case when matching protocol ([#47391](https://github.com/kubernetes/kubernetes/pull/47391), [@justinsb](https://github.com/justinsb)) - * Allow configuration of a single security group for ELBs ([[#45500](https://github.com/kubernetes/kubernetes/pull/45500)](https://github.com/kubernetes/kubernetes/pull/45500), [[@nbutton23](https://github.com/nbutton23)](https://github.com/nbutton23)) + * Allow configuration of a single security group for ELBs ([#45500](https://github.com/kubernetes/kubernetes/pull/45500), [@nbutton23](https://github.com/nbutton23)) - * Remove check that forces loadBalancerSourceRanges to be 0.0.0.0/0. ([[#38636](https://github.com/kubernetes/kubernetes/pull/38636)](https://github.com/kubernetes/kubernetes/pull/38636), [[@dhawal55](https://github.com/dhawal55)](https://github.com/dhawal55)) + * Remove check that forces loadBalancerSourceRanges to be 0.0.0.0/0. ([#38636](https://github.com/kubernetes/kubernetes/pull/38636), [@dhawal55](https://github.com/dhawal55)) - * Allow setting KubernetesClusterID or KubernetesClusterTag in combination with VPC. ([[#42512](https://github.com/kubernetes/kubernetes/pull/42512)](https://github.com/kubernetes/kubernetes/pull/42512), [[@scheeles](https://github.com/scheeles)](https://github.com/scheeles)) + * Allow setting KubernetesClusterID or KubernetesClusterTag in combination with VPC. ([#42512](https://github.com/kubernetes/kubernetes/pull/42512), [@scheeles](https://github.com/scheeles)) - * Start recording cloud provider metrics for AWS ([[#43477](https://github.com/kubernetes/kubernetes/pull/43477)](https://github.com/kubernetes/kubernetes/pull/43477), [[@gnufied](https://github.com/gnufied)](https://github.com/gnufied)) + * Start recording cloud provider metrics for AWS ([#43477](https://github.com/kubernetes/kubernetes/pull/43477), [@gnufied](https://github.com/gnufied)) - * AWS: Batch DescribeInstance calls with nodeNames to 150 limit, to stay within AWS filter limits. ([[#47516](https://github.com/kubernetes/kubernetes/pull/47516)](https://github.com/kubernetes/kubernetes/pull/47516), [[@gnufied](https://github.com/gnufied)](https://github.com/gnufied)) + * AWS: Batch DescribeInstance calls with nodeNames to 150 limit, to stay within AWS filter limits. ([#47516](https://github.com/kubernetes/kubernetes/pull/47516), [@gnufied](https://github.com/gnufied)) - * AWS: Process disk attachments even with duplicate NodeNames ([[#47406](https://github.com/kubernetes/kubernetes/pull/47406)](https://github.com/kubernetes/kubernetes/pull/47406), [[@justinsb](https://github.com/justinsb)](https://github.com/justinsb)) + * AWS: Process disk attachments even with duplicate NodeNames ([#47406](https://github.com/kubernetes/kubernetes/pull/47406), [@justinsb](https://github.com/justinsb)) - * Allow configuration of a single security group for ELBs ([[#45500](https://github.com/kubernetes/kubernetes/pull/45500)](https://github.com/kubernetes/kubernetes/pull/45500), [[@nbutton23](https://github.com/nbutton23)](https://github.com/nbutton23)) + * Allow configuration of a single security group for ELBs ([#45500](https://github.com/kubernetes/kubernetes/pull/45500), [@nbutton23](https://github.com/nbutton23)) - * Fix support running the master with a different AWS account or even on a different cloud provider than the nodes. ([[#44235](https://github.com/kubernetes/kubernetes/pull/44235)](https://github.com/kubernetes/kubernetes/pull/44235), [[@mrIncompetent](https://github.com/mrIncompetent)](https://github.com/mrIncompetent)) + * Fix support running the master with a different AWS account or even on a different cloud provider than the nodes. ([#44235](https://github.com/kubernetes/kubernetes/pull/44235), [@mrIncompetent](https://github.com/mrIncompetent)) - * Support node port health check ([[#43585](https://github.com/kubernetes/kubernetes/pull/43585)](https://github.com/kubernetes/kubernetes/pull/43585), [[@foolusion](https://github.com/foolusion)](https://github.com/foolusion)) + * Support node port health check ([#43585](https://github.com/kubernetes/kubernetes/pull/43585), [@foolusion](https://github.com/foolusion)) - * Support for ELB tagging by users ([[#45932](https://github.com/kubernetes/kubernetes/pull/45932)](https://github.com/kubernetes/kubernetes/pull/45932), [[@lpabon](https://github.com/lpabon)](https://github.com/lpabon)) + * Support for ELB tagging by users ([#45932](https://github.com/kubernetes/kubernetes/pull/45932), [@lpabon](https://github.com/lpabon)) * Azure: - * Add support for UDP ports ([[#45523](https://github.com/kubernetes/kubernetes/pull/45523)](https://github.com/kubernetes/kubernetes/pull/45523), [[@colemickens](https://github.com/colemickens)](https://github.com/colemickens)) + * Add support for UDP ports ([#45523](https://github.com/kubernetes/kubernetes/pull/45523), [@colemickens](https://github.com/colemickens)) - * Fix support for multiple loadBalancerSourceRanges ([[#45523](https://github.com/kubernetes/kubernetes/pull/45523)](https://github.com/kubernetes/kubernetes/pull/45523), [[@colemickens](https://github.com/colemickens)](https://github.com/colemickens)) + * Fix support for multiple loadBalancerSourceRanges ([#45523](https://github.com/kubernetes/kubernetes/pull/45523), [@colemickens](https://github.com/colemickens)) - * Support the Service spec's sessionAffinity ([[#45523](https://github.com/kubernetes/kubernetes/pull/45523)](https://github.com/kubernetes/kubernetes/pull/45523), [[@colemickens](https://github.com/colemickens)](https://github.com/colemickens)) + * Support the Service spec's sessionAffinity ([#45523](https://github.com/kubernetes/kubernetes/pull/45523), [@colemickens](https://github.com/colemickens)) - * Added exponential backoff to Azure cloudprovider ([[#46660](https://github.com/kubernetes/kubernetes/pull/46660)](https://github.com/kubernetes/kubernetes/pull/46660), [[@jackfrancis](https://github.com/jackfrancis)](https://github.com/jackfrancis)) + * Added exponential backoff to Azure cloudprovider ([#46660](https://github.com/kubernetes/kubernetes/pull/46660), [@jackfrancis](https://github.com/jackfrancis)) - * Add support for bring-your-own ip address for Services on Azure ([[#42034](https://github.com/kubernetes/kubernetes/pull/42034)](https://github.com/kubernetes/kubernetes/pull/42034), [[@brendandburns](https://github.com/brendandburns)](https://github.com/brendandburns)) + * Add support for bring-your-own ip address for Services on Azure ([#42034](https://github.com/kubernetes/kubernetes/pull/42034), [@brendandburns](https://github.com/brendandburns)) - * Add support for Azure internal load balancer ([[#43510](https://github.com/kubernetes/kubernetes/pull/43510)](https://github.com/kubernetes/kubernetes/pull/43510), [[@karataliu](https://github.com/karataliu)](https://github.com/karataliu)) + * Add support for Azure internal load balancer ([#43510](https://github.com/kubernetes/kubernetes/pull/43510), [@karataliu](https://github.com/karataliu)) - * Client poll duration is now 5 seconds ([[#43699](https://github.com/kubernetes/kubernetes/pull/43699)](https://github.com/kubernetes/kubernetes/pull/43699), [[@colemickens](https://github.com/colemickens)](https://github.com/colemickens)) + * Client poll duration is now 5 seconds ([#43699](https://github.com/kubernetes/kubernetes/pull/43699), [@colemickens](https://github.com/colemickens)) - * Azure plugin for client auth ([[#43987](https://github.com/kubernetes/kubernetes/pull/43987)](https://github.com/kubernetes/kubernetes/pull/43987), [[@cosmincojocar](https://github.com/cosmincojocar)](https://github.com/cosmincojocar)) + * Azure plugin for client auth ([#43987](https://github.com/kubernetes/kubernetes/pull/43987), [@cosmincojocar](https://github.com/cosmincojocar)) * GCP: - * Bump GLBC version to 0.9.5 - fixes [loss of manually modified GCLB health check settings](https://github.com/kubernetes/kubernetes/issues/47559) upon upgrade from pre-1.6.4 to either 1.6.4 or 1.6.5. ([[#47567](https://github.com/kubernetes/kubernetes/pull/47567)](https://github.com/kubernetes/kubernetes/pull/47567), [[@nicksardo](https://github.com/nicksardo)](https://github.com/nicksardo)) + * Bump GLBC version to 0.9.5 - fixes [loss of manually modified GCLB health check settings](https://github.com/kubernetes/kubernetes/issues/47559) upon upgrade from pre-1.6.4 to either 1.6.4 or 1.6.5. ([#47567](https://github.com/kubernetes/kubernetes/pull/47567), [@nicksardo](https://github.com/nicksardo)) - * [beta] Support creation of GCP Internal Load Balancers from Service objects ([[#46663](https://github.com/kubernetes/kubernetes/pull/46663)](https://github.com/kubernetes/kubernetes/pull/46663), [[@nicksardo](https://github.com/nicksardo)](https://github.com/nicksardo)) + * [beta] Support creation of GCP Internal Load Balancers from Service objects ([#46663](https://github.com/kubernetes/kubernetes/pull/46663), [@nicksardo](https://github.com/nicksardo)) - * GCE installs will now avoid IP masquerade for all RFC-1918 IP blocks, rather than just 10.0.0.0/8. This means that clusters can be created in 192.168.0.0./16 and 172.16.0.0/12 while preserving the container IPs (which would be lost before). ([[#46473](https://github.com/kubernetes/kubernetes/pull/46473)](https://github.com/kubernetes/kubernetes/pull/46473), [[@thockin](https://github.com/thockin)](https://github.com/thockin)) + * GCE installs will now avoid IP masquerade for all RFC-1918 IP blocks, rather than just 10.0.0.0/8. This means that clusters can be created in 192.168.0.0./16 and 172.16.0.0/12 while preserving the container IPs (which would be lost before). ([#46473](https://github.com/kubernetes/kubernetes/pull/46473), [@thockin](https://github.com/thockin)) - * The Calico version included in kube-up for GCE has been updated to v2.2. ([[#38169](https://github.com/kubernetes/kubernetes/pull/38169)](https://github.com/kubernetes/kubernetes/pull/38169), [[@caseydavenport](https://github.com/caseydavenport)](https://github.com/caseydavenport)) + * The Calico version included in kube-up for GCE has been updated to v2.2. ([#38169](https://github.com/kubernetes/kubernetes/pull/38169), [@caseydavenport](https://github.com/caseydavenport)) - * ip-masq-agent is now on by default for GCE ([[#47794](https://github.com/kubernetes/kubernetes/pull/47794)](https://github.com/kubernetes/kubernetes/pull/47794), [[@dnardo](https://github.com/dnardo)](https://github.com/dnardo)) + * ip-masq-agent is now on by default for GCE ([#47794](https://github.com/kubernetes/kubernetes/pull/47794), [@dnardo](https://github.com/dnardo)) - * Add ip-masq-agent addon to the addons folder which is used in GCE if `--non-masquerade-cidr` is set to 0/0 ([[#46038](https://github.com/kubernetes/kubernetes/pull/46038)](https://github.com/kubernetes/kubernetes/pull/46038), [[@dnardo](https://github.com/dnardo)](https://github.com/dnardo)) + * Add ip-masq-agent addon to the addons folder which is used in GCE if `--non-masquerade-cidr` is set to 0/0 ([#46038](https://github.com/kubernetes/kubernetes/pull/46038), [@dnardo](https://github.com/dnardo)) - * Enable kubelet csr bootstrap in GCE/GKE ([[#40760](https://github.com/kubernetes/kubernetes/pull/40760)](https://github.com/kubernetes/kubernetes/pull/40760), [[@mikedanese](https://github.com/mikedanese)](https://github.com/mikedanese)) + * Enable kubelet csr bootstrap in GCE/GKE ([#40760](https://github.com/kubernetes/kubernetes/pull/40760), [@mikedanese](https://github.com/mikedanese)) - * Adds support for allocation of pod IPs via IP aliases. ([[#42147](https://github.com/kubernetes/kubernetes/pull/42147)](https://github.com/kubernetes/kubernetes/pull/42147), [[@bowei](https://github.com/bowei)](https://github.com/bowei)) + * Adds support for allocation of pod IPs via IP aliases. ([#42147](https://github.com/kubernetes/kubernetes/pull/42147), [@bowei](https://github.com/bowei)) - * gce kube-up: The Node authorization mode and NodeRestriction admission controller are now enabled ([[#46796](https://github.com/kubernetes/kubernetes/pull/46796)](https://github.com/kubernetes/kubernetes/pull/46796), [[@mikedanese](https://github.com/mikedanese)](https://github.com/mikedanese)) + * gce kube-up: The Node authorization mode and NodeRestriction admission controller are now enabled ([#46796](https://github.com/kubernetes/kubernetes/pull/46796), [@mikedanese](https://github.com/mikedanese)) - * Tokens retrieved from Google Cloud with application default credentials will not be cached if the client fails authorization ([[#46694](https://github.com/kubernetes/kubernetes/pull/46694)](https://github.com/kubernetes/kubernetes/pull/46694), [[@matt-tyler](https://github.com/matt-tyler)](https://github.com/matt-tyler)) + * Tokens retrieved from Google Cloud with application default credentials will not be cached if the client fails authorization ([#46694](https://github.com/kubernetes/kubernetes/pull/46694), [@matt-tyler](https://github.com/matt-tyler)) - * Add metrics to all major gce operations {latency, errors} ([[#44510](https://github.com/kubernetes/kubernetes/pull/44510)](https://github.com/kubernetes/kubernetes/pull/44510), [[@bowei](https://github.com/bowei)](https://github.com/bowei)) + * Add metrics to all major gce operations {latency, errors} ([#44510](https://github.com/kubernetes/kubernetes/pull/44510), [@bowei](https://github.com/bowei)) * The new metrics are: @@ -1306,40 +1306,40 @@ Features for this release were tracked via the use of the [kubernetes/features]( * Metrics label tuple would have resulted in many independent histograms stored, one for each disk. (Did not aggregate well). - * Fluentd now tolerates all NoExecute Taints when run in gcp configuration. ([[#45715](https://github.com/kubernetes/kubernetes/pull/45715)](https://github.com/kubernetes/kubernetes/pull/45715), [[@gmarek](https://github.com/gmarek)](https://github.com/gmarek)) + * Fluentd now tolerates all NoExecute Taints when run in gcp configuration. ([#45715](https://github.com/kubernetes/kubernetes/pull/45715), [@gmarek](https://github.com/gmarek)) - * Taints support in gce/salt startup scripts. ([[#47632](https://github.com/kubernetes/kubernetes/pull/47632)](https://github.com/kubernetes/kubernetes/pull/47632), [[@mwielgus](https://github.com/mwielgus)](https://github.com/mwielgus)) + * Taints support in gce/salt startup scripts. ([#47632](https://github.com/kubernetes/kubernetes/pull/47632), [@mwielgus](https://github.com/mwielgus)) - * GCE installs will now avoid IP masquerade for all RFC-1918 IP blocks, rather than just 10.0.0.0/8. This means that clusters can ([[#46473](https://github.com/kubernetes/kubernetes/pull/46473)](https://github.com/kubernetes/kubernetes/pull/46473), [[@thockin](https://github.com/thockin)](https://github.com/thockin)) be created in 192.168.0.0./16 and 172.16.0.0/12 while preserving the container IPs (which would be lost before). + * GCE installs will now avoid IP masquerade for all RFC-1918 IP blocks, rather than just 10.0.0.0/8. This means that clusters can ([#46473](https://github.com/kubernetes/kubernetes/pull/46473), [@thockin](https://github.com/thockin)) be created in 192.168.0.0./16 and 172.16.0.0/12 while preserving the container IPs (which would be lost before). - * Support running Ubuntu image on GCE node ([[#44744](https://github.com/kubernetes/kubernetes/pull/44744)](https://github.com/kubernetes/kubernetes/pull/44744), [[@yguo0905](https://github.com/yguo0905)](https://github.com/yguo0905)) + * Support running Ubuntu image on GCE node ([#44744](https://github.com/kubernetes/kubernetes/pull/44744), [@yguo0905](https://github.com/yguo0905)) - * The gce metadata server can now be hidden behind a proxy, hiding the kubelet's token. ([[#45565](https://github.com/kubernetes/kubernetes/pull/45565)](https://github.com/kubernetes/kubernetes/pull/45565), [[@Q-Lee](https://github.com/Q-Lee)](https://github.com/Q-Lee)) + * The gce metadata server can now be hidden behind a proxy, hiding the kubelet's token. ([#45565](https://github.com/kubernetes/kubernetes/pull/45565), [@Q-Lee](https://github.com/Q-Lee)) * OpenStack: - * Fix issue during LB creation where ports were incorrectly assigned to a floating IP ([[#44387](https://github.com/kubernetes/kubernetes/pull/44387)](https://github.com/kubernetes/kubernetes/pull/44387), [[@jamiehannaford](https://github.com/jamiehannaford)](https://github.com/jamiehannaford)) + * Fix issue during LB creation where ports were incorrectly assigned to a floating IP ([#44387](https://github.com/kubernetes/kubernetes/pull/44387), [@jamiehannaford](https://github.com/jamiehannaford)) - * Openstack cinder v1/v2/auto API support ([[#40423](https://github.com/kubernetes/kubernetes/pull/40423)](https://github.com/kubernetes/kubernetes/pull/40423), [[@mkutsevol](https://github.com/mkutsevol)](https://github.com/mkutsevol)) + * Openstack cinder v1/v2/auto API support ([#40423](https://github.com/kubernetes/kubernetes/pull/40423), [@mkutsevol](https://github.com/mkutsevol)) - * OpenStack clusters can now specify whether worker nodes are assigned a floating IP ([[#42638](https://github.com/kubernetes/kubernetes/pull/42638)](https://github.com/kubernetes/kubernetes/pull/42638), [[@jamiehannaford](https://github.com/jamiehannaford)](https://github.com/jamiehannaford)) + * OpenStack clusters can now specify whether worker nodes are assigned a floating IP ([#42638](https://github.com/kubernetes/kubernetes/pull/42638), [@jamiehannaford](https://github.com/jamiehannaford)) * vSphere: - * Fix volume detach on node failure. ([[#45569](https://github.com/kubernetes/kubernetes/pull/45569)](https://github.com/kubernetes/kubernetes/pull/45569), [[@divyenpatel](https://github.com/divyenpatel)](https://github.com/divyenpatel)) + * Fix volume detach on node failure. ([#45569](https://github.com/kubernetes/kubernetes/pull/45569), [@divyenpatel](https://github.com/divyenpatel)) - * Report same Node IP as both internal and external. ([[#45201](https://github.com/kubernetes/kubernetes/pull/45201)](https://github.com/kubernetes/kubernetes/pull/45201), [[@abrarshivani](https://github.com/abrarshivani)](https://github.com/abrarshivani)) + * Report same Node IP as both internal and external. ([#45201](https://github.com/kubernetes/kubernetes/pull/45201), [@abrarshivani](https://github.com/abrarshivani)) - * Filter out IPV6 node addresses. ([[#45181](https://github.com/kubernetes/kubernetes/pull/45181)](https://github.com/kubernetes/kubernetes/pull/45181), [[@BaluDontu](https://github.com/BaluDontu)](https://github.com/BaluDontu)) + * Filter out IPV6 node addresses. ([#45181](https://github.com/kubernetes/kubernetes/pull/45181), [@BaluDontu](https://github.com/BaluDontu)) - * Fix fetching of VM UUID on Ubuntu 16.04 and Fedora. ([[#45311](https://github.com/kubernetes/kubernetes/pull/45311)](https://github.com/kubernetes/kubernetes/pull/45311), [[@divyenpatel](https://github.com/divyenpatel)](https://github.com/divyenpatel)) + * Fix fetching of VM UUID on Ubuntu 16.04 and Fedora. ([#45311](https://github.com/kubernetes/kubernetes/pull/45311), [@divyenpatel](https://github.com/divyenpatel)) #### Cluster Provisioning * Juju: - * Add Kubernetes 1.6 support to Juju charms ([[#44500](https://github.com/kubernetes/kubernetes/pull/44500)](https://github.com/kubernetes/kubernetes/pull/44500), [[@Cynerva](https://github.com/Cynerva)](https://github.com/Cynerva)) + * Add Kubernetes 1.6 support to Juju charms ([#44500](https://github.com/kubernetes/kubernetes/pull/44500), [@Cynerva](https://github.com/Cynerva)) * Add metric collection to charms for autoscaling @@ -1361,146 +1361,146 @@ Features for this release were tracked via the use of the [kubernetes/features]( * Fix nagios checks in charms - * Enable GPU mode if GPU hardware detected ([[#43467](https://github.com/kubernetes/kubernetes/pull/43467)](https://github.com/kubernetes/kubernetes/pull/43467), [[@tvansteenburgh](https://github.com/tvansteenburgh)](https://github.com/tvansteenburgh)) + * Enable GPU mode if GPU hardware detected ([#43467](https://github.com/kubernetes/kubernetes/pull/43467), [@tvansteenburgh](https://github.com/tvansteenburgh)) - * Fix ceph-secret type to kubernetes.io/rbd in kubernetes-master charm ([[#44635](https://github.com/kubernetes/kubernetes/pull/44635)](https://github.com/kubernetes/kubernetes/pull/44635), [[@Cynerva](https://github.com/Cynerva)](https://github.com/Cynerva)) + * Fix ceph-secret type to kubernetes.io/rbd in kubernetes-master charm ([#44635](https://github.com/kubernetes/kubernetes/pull/44635), [@Cynerva](https://github.com/Cynerva)) - * Disallows installation of upstream docker from PPA in the Juju kubernetes-worker charm. ([[#44681](https://github.com/kubernetes/kubernetes/pull/44681)](https://github.com/kubernetes/kubernetes/pull/44681), [[@wwwtyro](https://github.com/wwwtyro)](https://github.com/wwwtyro)) + * Disallows installation of upstream docker from PPA in the Juju kubernetes-worker charm. ([#44681](https://github.com/kubernetes/kubernetes/pull/44681), [@wwwtyro](https://github.com/wwwtyro)) - * Resolves juju vsphere hostname bug showing only a single node in a scaled node-pool. ([[#44780](https://github.com/kubernetes/kubernetes/pull/44780)](https://github.com/kubernetes/kubernetes/pull/44780), [[@chuckbutler](https://github.com/chuckbutler)](https://github.com/chuckbutler)) + * Resolves juju vsphere hostname bug showing only a single node in a scaled node-pool. ([#44780](https://github.com/kubernetes/kubernetes/pull/44780), [@chuckbutler](https://github.com/chuckbutler)) - * Fixes a bug in the kubernetes-worker Juju charm code that attempted to give kube-proxy more than one api endpoint. ([[#44677](https://github.com/kubernetes/kubernetes/pull/44677)](https://github.com/kubernetes/kubernetes/pull/44677), [[@wwwtyro](https://github.com/wwwtyro)](https://github.com/wwwtyro)) + * Fixes a bug in the kubernetes-worker Juju charm code that attempted to give kube-proxy more than one api endpoint. ([#44677](https://github.com/kubernetes/kubernetes/pull/44677), [@wwwtyro](https://github.com/wwwtyro)) - * Added CIFS PV support for Juju Charms ([[#45117](https://github.com/kubernetes/kubernetes/pull/45117)](https://github.com/kubernetes/kubernetes/pull/45117), [[@chuckbutler](https://github.com/chuckbutler)](https://github.com/chuckbutler)) + * Added CIFS PV support for Juju Charms ([#45117](https://github.com/kubernetes/kubernetes/pull/45117), [@chuckbutler](https://github.com/chuckbutler)) - * Fixes juju kubernetes master: 1. Get certs from a dead leader. 2. Append tokens. ([[#43620](https://github.com/kubernetes/kubernetes/pull/43620)](https://github.com/kubernetes/kubernetes/pull/43620), [[@ktsakalozos](https://github.com/ktsakalozos)](https://github.com/ktsakalozos)) + * Fixes juju kubernetes master: 1. Get certs from a dead leader. 2. Append tokens. ([#43620](https://github.com/kubernetes/kubernetes/pull/43620), [@ktsakalozos](https://github.com/ktsakalozos)) - * kubernetes-master juju charm properly detects etcd-scale events and reconfigures appropriately. ([[#44967](https://github.com/kubernetes/kubernetes/pull/44967)](https://github.com/kubernetes/kubernetes/pull/44967), [[@chuckbutler](https://github.com/chuckbutler)](https://github.com/chuckbutler)) + * kubernetes-master juju charm properly detects etcd-scale events and reconfigures appropriately. ([#44967](https://github.com/kubernetes/kubernetes/pull/44967), [@chuckbutler](https://github.com/chuckbutler)) - * Use correct option name in the kubernetes-worker layer registry action ([[#44921](https://github.com/kubernetes/kubernetes/pull/44921)](https://github.com/kubernetes/kubernetes/pull/44921), [[@jacekn](https://github.com/jacekn)](https://github.com/jacekn)) + * Use correct option name in the kubernetes-worker layer registry action ([#44921](https://github.com/kubernetes/kubernetes/pull/44921), [@jacekn](https://github.com/jacekn)) - * Send dns details only after cdk-addons are configured ([[#44945](https://github.com/kubernetes/kubernetes/pull/44945)](https://github.com/kubernetes/kubernetes/pull/44945), [[@ktsakalozos](https://github.com/ktsakalozos)](https://github.com/ktsakalozos)) + * Send dns details only after cdk-addons are configured ([#44945](https://github.com/kubernetes/kubernetes/pull/44945), [@ktsakalozos](https://github.com/ktsakalozos)) - * Added support to the pause action in the kubernetes-worker charm for new flag `--delete-local-data` ([[#44931](https://github.com/kubernetes/kubernetes/pull/44931)](https://github.com/kubernetes/kubernetes/pull/44931), [[@chuckbutler](https://github.com/chuckbutler)](https://github.com/chuckbutler)) + * Added support to the pause action in the kubernetes-worker charm for new flag `--delete-local-data` ([#44931](https://github.com/kubernetes/kubernetes/pull/44931), [@chuckbutler](https://github.com/chuckbutler)) - * Add namespace-{list, create, delete} actions to the kubernetes-master layer ([[#44277](https://github.com/kubernetes/kubernetes/pull/44277)](https://github.com/kubernetes/kubernetes/pull/44277), [[@jacekn](https://github.com/jacekn)](https://github.com/jacekn)) + * Add namespace-{list, create, delete} actions to the kubernetes-master layer ([#44277](https://github.com/kubernetes/kubernetes/pull/44277), [@jacekn](https://github.com/jacekn)) - * Using http2 in kubeapi-load-balancer to fix `kubectl exec` uses ([[#43625](https://github.com/kubernetes/kubernetes/pull/43625)](https://github.com/kubernetes/kubernetes/pull/43625), [[@mbruzek](https://github.com/mbruzek)](https://github.com/mbruzek)) + * Using http2 in kubeapi-load-balancer to fix `kubectl exec` uses ([#43625](https://github.com/kubernetes/kubernetes/pull/43625), [@mbruzek](https://github.com/mbruzek)) - * Don't append :443 to registry domain in the kubernetes-worker layer registry action ([[#45550](https://github.com/kubernetes/kubernetes/pull/45550)](https://github.com/kubernetes/kubernetes/pull/45550), [[@jacekn](https://github.com/jacekn)](https://github.com/jacekn)) + * Don't append :443 to registry domain in the kubernetes-worker layer registry action ([#45550](https://github.com/kubernetes/kubernetes/pull/45550), [@jacekn](https://github.com/jacekn)) * kubeadm - * Enable the Node Authorizer/Admission plugin in v1.7 ([[#46879](https://github.com/kubernetes/kubernetes/pull/46879)](https://github.com/kubernetes/kubernetes/pull/46879), [[@luxas](https://github.com/luxas)](https://github.com/luxas)) + * Enable the Node Authorizer/Admission plugin in v1.7 ([#46879](https://github.com/kubernetes/kubernetes/pull/46879), [@luxas](https://github.com/luxas)) - * Users can now pass extra parameters to etcd in a kubeadm cluster ([[#42246](https://github.com/kubernetes/kubernetes/pull/42246)](https://github.com/kubernetes/kubernetes/pull/42246), [[@jamiehannaford](https://github.com/jamiehannaford)](https://github.com/jamiehannaford)) + * Users can now pass extra parameters to etcd in a kubeadm cluster ([#42246](https://github.com/kubernetes/kubernetes/pull/42246), [@jamiehannaford](https://github.com/jamiehannaford)) - * Make kubeadm use the new CSR approver in v1.7 ([[#46864](https://github.com/kubernetes/kubernetes/pull/46864)](https://github.com/kubernetes/kubernetes/pull/46864), [[@luxas](https://github.com/luxas)](https://github.com/luxas)) + * Make kubeadm use the new CSR approver in v1.7 ([#46864](https://github.com/kubernetes/kubernetes/pull/46864), [@luxas](https://github.com/luxas)) - * Allow enabling multiple authorization modes at the same time ([[#42557](https://github.com/kubernetes/kubernetes/pull/42557)](https://github.com/kubernetes/kubernetes/pull/42557), [[@xilabao](https://github.com/xilabao)](https://github.com/xilabao)) + * Allow enabling multiple authorization modes at the same time ([#42557](https://github.com/kubernetes/kubernetes/pull/42557), [@xilabao](https://github.com/xilabao)) - * add proxy client-certs to kube-apiserver to allow it to proxy aggregated api servers ([[#43715](https://github.com/kubernetes/kubernetes/pull/43715)](https://github.com/kubernetes/kubernetes/pull/43715), [[@deads2k](https://github.com/deads2k)](https://github.com/deads2k))* CentOS provider + * add proxy client-certs to kube-apiserver to allow it to proxy aggregated api servers ([#43715](https://github.com/kubernetes/kubernetes/pull/43715), [@deads2k](https://github.com/deads2k))* CentOS provider * hyperkube - * The hyperkube image has been slimmed down and no longer includes addon manifests and other various scripts. These were introduced for the now removed docker-multinode setup system. ([[#44555](https://github.com/kubernetes/kubernetes/pull/44555)](https://github.com/kubernetes/kubernetes/pull/44555), [[@luxas](https://github.com/luxas)](https://github.com/luxas)) + * The hyperkube image has been slimmed down and no longer includes addon manifests and other various scripts. These were introduced for the now removed docker-multinode setup system. ([#44555](https://github.com/kubernetes/kubernetes/pull/44555), [@luxas](https://github.com/luxas)) -* Support secure etcd cluster for centos provider. ([[#42994](https://github.com/kubernetes/kubernetes/pull/42994)](https://github.com/kubernetes/kubernetes/pull/42994), [[@Shawyeok](https://github.com/Shawyeok)](https://github.com/Shawyeok)) +* Support secure etcd cluster for centos provider. ([#42994](https://github.com/kubernetes/kubernetes/pull/42994), [@Shawyeok](https://github.com/Shawyeok)) -* Update to kube-addon-manager:v6.4-beta.2: kubectl v1.6.4 and refreshed base images ([[#47389](https://github.com/kubernetes/kubernetes/pull/47389)](https://github.com/kubernetes/kubernetes/pull/47389), [[@ixdy](https://github.com/ixdy)](https://github.com/ixdy)) +* Update to kube-addon-manager:v6.4-beta.2: kubectl v1.6.4 and refreshed base images ([#47389](https://github.com/kubernetes/kubernetes/pull/47389), [@ixdy](https://github.com/ixdy)) -* Remove Initializers from admission-control in kubernetes-master charm for pre-1.7 ([[#46987](https://github.com/kubernetes/kubernetes/pull/46987)](https://github.com/kubernetes/kubernetes/pull/46987), [[@Cynerva](https://github.com/Cynerva)](https://github.com/Cynerva)) +* Remove Initializers from admission-control in kubernetes-master charm for pre-1.7 ([#46987](https://github.com/kubernetes/kubernetes/pull/46987), [@Cynerva](https://github.com/Cynerva)) -* Added state guards to the idle_status messaging in the kubernetes-master charm to make deployment faster on initial deployment. ([[#47183](https://github.com/kubernetes/kubernetes/pull/47183)](https://github.com/kubernetes/kubernetes/pull/47183), [[@chuckbutler](https://github.com/chuckbutler)](https://github.com/chuckbutler)) +* Added state guards to the idle_status messaging in the kubernetes-master charm to make deployment faster on initial deployment. ([#47183](https://github.com/kubernetes/kubernetes/pull/47183), [@chuckbutler](https://github.com/chuckbutler)) #### Cluster federation * Features: - * Adds annotations to all Federation objects created by kubefed. ([[#42683](https://github.com/kubernetes/kubernetes/pull/42683)](https://github.com/kubernetes/kubernetes/pull/42683), [[@perotinus](https://github.com/perotinus)](https://github.com/perotinus)) + * Adds annotations to all Federation objects created by kubefed. ([#42683](https://github.com/kubernetes/kubernetes/pull/42683), [@perotinus](https://github.com/perotinus)) * Mechanism of adding `federation domain maps` to kube-dns deployment via `--federations` flag is superseded by adding/updating `federations` key in `kube-system/kube-dns` configmap. If user is using kubefed tool to join cluster federation, adding federation domain maps to kube-dns is already taken care by `kubefed join` and does not need further action. - * Prints out status updates when running `kubefed init` ([[#41849](https://github.com/kubernetes/kubernetes/pull/41849)](https://github.com/kubernetes/kubernetes/pull/41849), [[@perotinus](https://github.com/perotinus)](https://github.com/perotinus)) + * Prints out status updates when running `kubefed init` ([#41849](https://github.com/kubernetes/kubernetes/pull/41849), [@perotinus](https://github.com/perotinus)) - * `kubefed init` now supports overriding the default etcd image name with the `--etcd-image` parameter. ([[#46247](https://github.com/kubernetes/kubernetes/pull/46247)](https://github.com/kubernetes/kubernetes/pull/46247), [[@marun](https://github.com/marun)](https://github.com/marun)) + * `kubefed init` now supports overriding the default etcd image name with the `--etcd-image` parameter. ([#46247](https://github.com/kubernetes/kubernetes/pull/46247), [@marun](https://github.com/marun)) - * kubefed will now configure NodeInternalIP as the federation API server endpoint when NodeExternalIP is unavailable for federation API servers exposed as NodePort services ([[#46960](https://github.com/kubernetes/kubernetes/pull/46960)](https://github.com/kubernetes/kubernetes/pull/46960), [[@lukaszo](https://github.com/lukaszo)](https://github.com/lukaszo)) + * kubefed will now configure NodeInternalIP as the federation API server endpoint when NodeExternalIP is unavailable for federation API servers exposed as NodePort services ([#46960](https://github.com/kubernetes/kubernetes/pull/46960), [@lukaszo](https://github.com/lukaszo)) - * Automate configuring nameserver in cluster-dns for CoreDNS provider ([[#42895](https://github.com/kubernetes/kubernetes/pull/42895)](https://github.com/kubernetes/kubernetes/pull/42895), [[@shashidharatd](https://github.com/shashidharatd)](https://github.com/shashidharatd)) + * Automate configuring nameserver in cluster-dns for CoreDNS provider ([#42895](https://github.com/kubernetes/kubernetes/pull/42895), [@shashidharatd](https://github.com/shashidharatd)) - * A new controller for managing DNS records is introduced which can be optionally disabled to enable third party components to manage DNS records for federated services. ([[#450354](https://github.com/kubernetes/kubernetes/pull/450354)](https://github.com/kubernetes/kubernetes/pull/45034), [[@shashidharatd](https://github.com/shashidharatd)(https://github.com/shashidharatd)]) + * A new controller for managing DNS records is introduced which can be optionally disabled to enable third party components to manage DNS records for federated services. ([#450354](https://github.com/kubernetes/kubernetes/pull/450354), [@shashidharatd](https://github.com/shashidharatd)(https://github.com/shashidharatd)]) - * Remove the `--secret-name` flag from `kubefed join`, instead generating the secret name arbitrarily. ([[#42513](https://github.com/kubernetes/kubernetes/pull/42513)](https://github.com/kubernetes/kubernetes/pull/42513), [[@perotinus](https://github.com/perotinus)](https://github.com/perotinus)) + * Remove the `--secret-name` flag from `kubefed join`, instead generating the secret name arbitrarily. ([#42513](https://github.com/kubernetes/kubernetes/pull/42513), [@perotinus](https://github.com/perotinus)) - * Use StorageClassName for etcd pvc ([[#46323](https://github.com/kubernetes/kubernetes/pull/46323)](https://github.com/kubernetes/kubernetes/pull/46323), [[@marun](https://github.com/marun)](https://github.com/marun)) + * Use StorageClassName for etcd pvc ([#46323](https://github.com/kubernetes/kubernetes/pull/46323), [@marun](https://github.com/marun)) * Bug fixes: - * Allow disabling federation controllers through override args ([[#44209](https://github.com/kubernetes/kubernetes/pull/44209)](https://github.com/kubernetes/kubernetes/pull/44209), [[@irfanurrehman](https://github.com/irfanurrehman)](https://github.com/irfanurrehman)) + * Allow disabling federation controllers through override args ([#44209](https://github.com/kubernetes/kubernetes/pull/44209), [@irfanurrehman](https://github.com/irfanurrehman)) - * Kubefed: Use service accounts instead of the user's credentials when accessing joined clusters' API servers. ([[#42042](https://github.com/kubernetes/kubernetes/pull/42042)](https://github.com/kubernetes/kubernetes/pull/42042), [[@perotinus](https://github.com/perotinus)](https://github.com/perotinus)) + * Kubefed: Use service accounts instead of the user's credentials when accessing joined clusters' API servers. ([#42042](https://github.com/kubernetes/kubernetes/pull/42042), [@perotinus](https://github.com/perotinus)) - * Avoid panic if route53 fields are nil ([[#44380](https://github.com/kubernetes/kubernetes/pull/44380)](https://github.com/kubernetes/kubernetes/pull/44380), [[@justinsb](https://github.com/justinsb)](https://github.com/justinsb)) + * Avoid panic if route53 fields are nil ([#44380](https://github.com/kubernetes/kubernetes/pull/44380), [@justinsb](https://github.com/justinsb)) #### Credential provider -* add rancher credential provider ([[#40160](https://github.com/kubernetes/kubernetes/pull/40160)](https://github.com/kubernetes/kubernetes/pull/40160), [[@wlan0](https://github.com/wlan0)](https://github.com/wlan0)) +* add rancher credential provider ([#40160](https://github.com/kubernetes/kubernetes/pull/40160), [@wlan0](https://github.com/wlan0)) #### Information for Kubernetes clients (openapi, swagger, client-go) * Features: - * Add Host field to TCPSocketAction ([[#42902](https://github.com/kubernetes/kubernetes/pull/42902)](https://github.com/kubernetes/kubernetes/pull/42902), [[@louyihua](https://github.com/louyihua)](https://github.com/louyihua)) + * Add Host field to TCPSocketAction ([#42902](https://github.com/kubernetes/kubernetes/pull/42902), [@louyihua](https://github.com/louyihua)) - * Add the ability to lock on ConfigMaps to support HA for self hosted components ([[#42666](https://github.com/kubernetes/kubernetes/pull/42666)](https://github.com/kubernetes/kubernetes/pull/42666), [[@timothysc](https://github.com/timothysc)](https://github.com/timothysc)) + * Add the ability to lock on ConfigMaps to support HA for self hosted components ([#42666](https://github.com/kubernetes/kubernetes/pull/42666), [@timothysc](https://github.com/timothysc)) - * validateClusterInfo: use clientcmdapi.NewCluster() ([[#44221](https://github.com/kubernetes/kubernetes/pull/44221)](https://github.com/kubernetes/kubernetes/pull/44221), [[@ncdc](https://github.com/ncdc)](https://github.com/ncdc)) + * validateClusterInfo: use clientcmdapi.NewCluster() ([#44221](https://github.com/kubernetes/kubernetes/pull/44221), [@ncdc](https://github.com/ncdc)) - * OpenAPI spec is now available in protobuf binary and gzip format (with ETag support) ([[#45836](https://github.com/kubernetes/kubernetes/pull/45836)](https://github.com/kubernetes/kubernetes/pull/45836), [[@mbohlool](https://github.com/mbohlool)](https://github.com/mbohlool)) + * OpenAPI spec is now available in protobuf binary and gzip format (with ETag support) ([#45836](https://github.com/kubernetes/kubernetes/pull/45836), [@mbohlool](https://github.com/mbohlool)) - * HostAliases is now parsed with hostAliases json keys to be in line with the feature's name. ([[#47512](https://github.com/kubernetes/kubernetes/pull/47512)](https://github.com/kubernetes/kubernetes/pull/47512), [[@rickypai](https://github.com/rickypai)](https://github.com/rickypai)) + * HostAliases is now parsed with hostAliases json keys to be in line with the feature's name. ([#47512](https://github.com/kubernetes/kubernetes/pull/47512), [@rickypai](https://github.com/rickypai)) - * Add redirect support to SpdyRoundTripper ([[#44451](https://github.com/kubernetes/kubernetes/pull/44451)](https://github.com/kubernetes/kubernetes/pull/44451), [[@ncdc](https://github.com/ncdc)](https://github.com/ncdc)) + * Add redirect support to SpdyRoundTripper ([#44451](https://github.com/kubernetes/kubernetes/pull/44451), [@ncdc](https://github.com/ncdc)) - * Duplicate recurring Events now include the latest event's Message string ([[#46034](https://github.com/kubernetes/kubernetes/pull/46034)](https://github.com/kubernetes/kubernetes/pull/46034), [[@kensimon](https://github.com/kensimon)](https://github.com/kensimon)) + * Duplicate recurring Events now include the latest event's Message string ([#46034](https://github.com/kubernetes/kubernetes/pull/46034), [@kensimon](https://github.com/kensimon)) * Bug fixes: - * Fix serialization of EnforceNodeAllocatable ([[#44606](https://github.com/kubernetes/kubernetes/pull/44606)](https://github.com/kubernetes/kubernetes/pull/44606), [[@ivan4th](https://github.com/ivan4th)](https://github.com/ivan4th)) + * Fix serialization of EnforceNodeAllocatable ([#44606](https://github.com/kubernetes/kubernetes/pull/44606), [@ivan4th](https://github.com/ivan4th)) - * Use OS-specific libs when computing client User-Agent in kubectl, etc. ([[#44423](https://github.com/kubernetes/kubernetes/pull/44423)](https://github.com/kubernetes/kubernetes/pull/44423), [[@monopole](https://github.com/monopole)](https://github.com/monopole)) + * Use OS-specific libs when computing client User-Agent in kubectl, etc. ([#44423](https://github.com/kubernetes/kubernetes/pull/44423), [@monopole](https://github.com/monopole)) #### Instrumentation * Bumped Heapster to v1.4.0. More details about the release https://github.com/kubernetes/heapster/releases/tag/v1.4.0 -* Fluentd manifest pod is no longer created on non-registered master when creating clusters using kube-up.sh. ([[#44721](https://github.com/kubernetes/kubernetes/pull/44721)](https://github.com/kubernetes/kubernetes/pull/44721), [[@piosz](https://github.com/piosz)](https://github.com/piosz)) +* Fluentd manifest pod is no longer created on non-registered master when creating clusters using kube-up.sh. ([#44721](https://github.com/kubernetes/kubernetes/pull/44721), [@piosz](https://github.com/piosz)) -* Stackdriver cluster logging now deploys a new component to export Kubernetes events. ([[#46700](https://github.com/kubernetes/kubernetes/pull/46700)](https://github.com/kubernetes/kubernetes/pull/46700), [[@crassirostris](https://github.com/crassirostris)](https://github.com/crassirostris)) +* Stackdriver cluster logging now deploys a new component to export Kubernetes events. ([#46700](https://github.com/kubernetes/kubernetes/pull/46700), [@crassirostris](https://github.com/crassirostris)) -* Stackdriver Logging deployment exposes metrics on node port 31337 when enabled. ([[#47402](https://github.com/kubernetes/kubernetes/pull/47402)](https://github.com/kubernetes/kubernetes/pull/47402), [[@crassirostris](https://github.com/crassirostris)](https://github.com/crassirostris)) +* Stackdriver Logging deployment exposes metrics on node port 31337 when enabled. ([#47402](https://github.com/kubernetes/kubernetes/pull/47402), [@crassirostris](https://github.com/crassirostris)) -* Upgrade Elasticsearch Addon to v5.4.0 ([[#45589](https://github.com/kubernetes/kubernetes/pull/45589)](https://github.com/kubernetes/kubernetes/pull/45589), [[@it-svit](https://github.com/it-svit)](https://github.com/it-svit)) +* Upgrade Elasticsearch Addon to v5.4.0 ([#45589](https://github.com/kubernetes/kubernetes/pull/45589), [@it-svit](https://github.com/it-svit)) #### Internal storage layer -* prevent pods/status from touching ownerreferences ([[#45826](https://github.com/kubernetes/kubernetes/pull/45826)](https://github.com/kubernetes/kubernetes/pull/45826), [[@deads2k](https://github.com/deads2k)](https://github.com/deads2k)) +* prevent pods/status from touching ownerreferences ([#45826](https://github.com/kubernetes/kubernetes/pull/45826), [@deads2k](https://github.com/deads2k)) -* Ensure that autoscaling/v1 is the preferred version for API discovery when autoscaling/v2alpha1 is enabled. ([[#45741](https://github.com/kubernetes/kubernetes/pull/45741)](https://github.com/kubernetes/kubernetes/pull/45741), [[@DirectXMan12](https://github.com/DirectXMan12)](https://github.com/DirectXMan12)) +* Ensure that autoscaling/v1 is the preferred version for API discovery when autoscaling/v2alpha1 is enabled. ([#45741](https://github.com/kubernetes/kubernetes/pull/45741), [@DirectXMan12](https://github.com/DirectXMan12)) -* The proxy subresource APIs for nodes, services, and pods now support the HTTP PATCH method. ([[#44929](https://github.com/kubernetes/kubernetes/pull/44929)](https://github.com/kubernetes/kubernetes/pull/44929), [[@liggitt](https://github.com/liggitt)](https://github.com/liggitt)) +* The proxy subresource APIs for nodes, services, and pods now support the HTTP PATCH method. ([#44929](https://github.com/kubernetes/kubernetes/pull/44929), [@liggitt](https://github.com/liggitt)) -* Fluentd now tolerates all NoExecute Taints when run in gcp configuration. ([[#45715](https://github.com/kubernetes/kubernetes/pull/45715)](https://github.com/kubernetes/kubernetes/pull/45715), [[@gmarek](https://github.com/gmarek)](https://github.com/gmarek)) +* Fluentd now tolerates all NoExecute Taints when run in gcp configuration. ([#45715](https://github.com/kubernetes/kubernetes/pull/45715), [@gmarek](https://github.com/gmarek)) #### Kubernetes Dashboard * Increase Dashboard's memory requests and limits ([#44712](https://github.com/kubernetes/kubernetes/pull/44712), [@maciaszczykm](https://github.com/maciaszczykm)) -* Update Dashboard version to 1.6.1 ([[#45953](https://github.com/kubernetes/kubernetes/pull/45953)](https://github.com/kubernetes/kubernetes/pull/45953), [[@maciaszczykm](https://github.com/maciaszczykm)](https://github.com/maciaszczykm)) +* Update Dashboard version to 1.6.1 ([#45953](https://github.com/kubernetes/kubernetes/pull/45953), [@maciaszczykm](https://github.com/maciaszczykm)) #### kube-dns -* Updates kube-dns to 1.14.2 ([[#45684](https://github.com/kubernetes/kubernetes/pull/45684)](https://github.com/kubernetes/kubernetes/pull/45684), [[@bowei](https://github.com/bowei)](https://github.com/bowei)) +* Updates kube-dns to 1.14.2 ([#45684](https://github.com/kubernetes/kubernetes/pull/45684), [@bowei](https://github.com/bowei)) * Support kube-master-url flag without kubeconfig @@ -1517,82 +1517,82 @@ Features for this release were tracked via the use of the [kubernetes/features]( #### kube-proxy * Features: - * ratelimit runs of iptables by sync-period flags ([[#46266](https://github.com/kubernetes/kubernetes/pull/46266)](https://github.com/kubernetes/kubernetes/pull/46266), [[@thockin](https://github.com/thockin)](https://github.com/thockin)) + * ratelimit runs of iptables by sync-period flags ([#46266](https://github.com/kubernetes/kubernetes/pull/46266), [@thockin](https://github.com/thockin)) - * Log warning when invalid dir passed to `kubectl proxy --www` ([[#44952](https://github.com/kubernetes/kubernetes/pull/44952)](https://github.com/kubernetes/kubernetes/pull/44952), [[@CaoShuFeng](https://github.com/CaoShuFeng)](https://github.com/CaoShuFeng)) + * Log warning when invalid dir passed to `kubectl proxy --www` ([#44952](https://github.com/kubernetes/kubernetes/pull/44952), [@CaoShuFeng](https://github.com/CaoShuFeng)) - * Add `--write-config-to` flag to kube-proxy to allow users to write the default configuration settings to a file. ([[#45908](https://github.com/kubernetes/kubernetes/pull/45908)](https://github.com/kubernetes/kubernetes/pull/45908), [[@ncdc](https://github.com/ncdc)](https://github.com/ncdc)) + * Add `--write-config-to` flag to kube-proxy to allow users to write the default configuration settings to a file. ([#45908](https://github.com/kubernetes/kubernetes/pull/45908), [@ncdc](https://github.com/ncdc)) - * When switching from the service.beta.kubernetes.io/external-traffic annotation to the new ([[#46716](https://github.com/kubernetes/kubernetes/pull/46716)](https://github.com/kubernetes/kubernetes/pull/46716), [[@thockin](https://github.com/thockin)](https://github.com/thockin)) externalTrafficPolicy field, the values chnag as follows: * "OnlyLocal" becomes "Local" * "Global" becomes "Cluster". + * When switching from the service.beta.kubernetes.io/external-traffic annotation to the new ([#46716](https://github.com/kubernetes/kubernetes/pull/46716), [@thockin](https://github.com/thockin)) externalTrafficPolicy field, the values chnag as follows: * "OnlyLocal" becomes "Local" * "Global" becomes "Cluster". * Bug fixes: - * Fix corner-case with OnlyLocal Service healthchecks. ([[#44313](https://github.com/kubernetes/kubernetes/pull/44313)](https://github.com/kubernetes/kubernetes/pull/44313), [[@thockin](https://github.com/thockin)](https://github.com/thockin)) + * Fix corner-case with OnlyLocal Service healthchecks. ([#44313](https://github.com/kubernetes/kubernetes/pull/44313), [@thockin](https://github.com/thockin)) - * Fix DNS suffix search list support in Windows kube-proxy. ([[#45642](https://github.com/kubernetes/kubernetes/pull/45642)](https://github.com/kubernetes/kubernetes/pull/45642), [[@JiangtianLi](https://github.com/JiangtianLi)](https://github.com/JiangtianLi)) + * Fix DNS suffix search list support in Windows kube-proxy. ([#45642](https://github.com/kubernetes/kubernetes/pull/45642), [@JiangtianLi](https://github.com/JiangtianLi)) #### kube-scheduler -* Scheduler can receive its policy configuration from a ConfigMap ([[#43892](https://github.com/kubernetes/kubernetes/pull/43892)](https://github.com/kubernetes/kubernetes/pull/43892), [[@bsalamat](https://github.com/bsalamat)](https://github.com/bsalamat)) +* Scheduler can receive its policy configuration from a ConfigMap ([#43892](https://github.com/kubernetes/kubernetes/pull/43892), [@bsalamat](https://github.com/bsalamat)) -* Aggregated used ports at the NodeInfo level for PodFitsHostPorts predicate. ([[#42524](https://github.com/kubernetes/kubernetes/pull/42524)](https://github.com/kubernetes/kubernetes/pull/42524), [[@k82cn](https://github.com/k82cn)](https://github.com/k82cn)) +* Aggregated used ports at the NodeInfo level for PodFitsHostPorts predicate. ([#42524](https://github.com/kubernetes/kubernetes/pull/42524), [@k82cn](https://github.com/k82cn)) -* leader election lock based on scheduler name ([[#42961](https://github.com/kubernetes/kubernetes/pull/42961)](https://github.com/kubernetes/kubernetes/pull/42961), [[@wanghaoran1988](https://github.com/wanghaoran1988)](https://github.com/wanghaoran1988)) +* leader election lock based on scheduler name ([#42961](https://github.com/kubernetes/kubernetes/pull/42961), [@wanghaoran1988](https://github.com/wanghaoran1988)) - * Fix DNS suffix search list support in Windows kube-proxy. ([[#45642](https://github.com/kubernetes/kubernetes/pull/45642)](https://github.com/kubernetes/kubernetes/pull/45642), [[@JiangtianLi](https://github.com/JiangtianLi)](https://github.com/JiangtianLi)) + * Fix DNS suffix search list support in Windows kube-proxy. ([#45642](https://github.com/kubernetes/kubernetes/pull/45642), [@JiangtianLi](https://github.com/JiangtianLi)) #### Storage * Features - * The options passed to a Flexvolume plugin's mount command now contains the pod name (kubernetes.io/pod.name), namespace (kubernetes.io/pod.namespace), uid (kubernetes.io/pod.uid), and service account name (kubernetes.io/serviceAccount.name). ([[#39488](https://github.com/kubernetes/kubernetes/pull/39488)](https://github.com/kubernetes/kubernetes/pull/39488), [[@liggitt](https://github.com/liggitt)](https://github.com/liggitt)) + * The options passed to a Flexvolume plugin's mount command now contains the pod name (kubernetes.io/pod.name), namespace (kubernetes.io/pod.namespace), uid (kubernetes.io/pod.uid), and service account name (kubernetes.io/serviceAccount.name). ([#39488](https://github.com/kubernetes/kubernetes/pull/39488), [@liggitt](https://github.com/liggitt)) - * GCE and AWS dynamic provisioners extension: admins can configure zone(s) in which a persistent volume shall be created. ([[#38505](https://github.com/kubernetes/kubernetes/pull/38505)](https://github.com/kubernetes/kubernetes/pull/38505), [[@pospispa](https://github.com/pospispa)](https://github.com/pospispa)) + * GCE and AWS dynamic provisioners extension: admins can configure zone(s) in which a persistent volume shall be created. ([#38505](https://github.com/kubernetes/kubernetes/pull/38505), [@pospispa](https://github.com/pospispa)) - * Implement API usage metrics for GCE storage. ([[#40338](https://github.com/kubernetes/kubernetes/pull/40338)](https://github.com/kubernetes/kubernetes/pull/40338), [[@gnufied](https://github.com/gnufied)](https://github.com/gnufied)) + * Implement API usage metrics for GCE storage. ([#40338](https://github.com/kubernetes/kubernetes/pull/40338), [@gnufied](https://github.com/gnufied)) - * Add support for emitting metrics from openstack cloudprovider about storage operations. ([[#46008](https://github.com/kubernetes/kubernetes/pull/46008)](https://github.com/kubernetes/kubernetes/pull/46008), [[@NickrenREN](https://github.com/NickrenREN)](https://github.com/NickrenREN)) + * Add support for emitting metrics from openstack cloudprovider about storage operations. ([#46008](https://github.com/kubernetes/kubernetes/pull/46008), [@NickrenREN](https://github.com/NickrenREN)) - * vSphere cloud provider: vSphere storage policy support for dynamic volume provisioning. ([[#46176](https://github.com/kubernetes/kubernetes/pull/46176)](https://github.com/kubernetes/kubernetes/pull/46176), [[@BaluDontu](https://github.com/BaluDontu)](https://github.com/BaluDontu)) + * vSphere cloud provider: vSphere storage policy support for dynamic volume provisioning. ([#46176](https://github.com/kubernetes/kubernetes/pull/46176), [@BaluDontu](https://github.com/BaluDontu)) - * Support StorageClass in Azure file volume ([[#42170](https://github.com/kubernetes/kubernetes/pull/42170)](https://github.com/kubernetes/kubernetes/pull/42170), [[@rootfs](https://github.com/rootfs)](https://github.com/rootfs)) + * Support StorageClass in Azure file volume ([#42170](https://github.com/kubernetes/kubernetes/pull/42170), [@rootfs](https://github.com/rootfs)) - * Start recording cloud provider metrics for AWS ([[#43477](https://github.com/kubernetes/kubernetes/pull/43477)](https://github.com/kubernetes/kubernetes/pull/43477), [[@gnufied](https://github.com/gnufied)](https://github.com/gnufied)) + * Start recording cloud provider metrics for AWS ([#43477](https://github.com/kubernetes/kubernetes/pull/43477), [@gnufied](https://github.com/gnufied)) - * Support iSCSI CHAP authentication ([[#43396](https://github.com/kubernetes/kubernetes/pull/43396)](https://github.com/kubernetes/kubernetes/pull/43396), [[@rootfs](https://github.com/rootfs)](https://github.com/rootfs)) + * Support iSCSI CHAP authentication ([#43396](https://github.com/kubernetes/kubernetes/pull/43396), [@rootfs](https://github.com/rootfs)) - * Openstack cinder v1/v2/auto API support ([[#40423](https://github.com/kubernetes/kubernetes/pull/40423)](https://github.com/kubernetes/kubernetes/pull/40423), [[@mkutsevol](https://github.com/mkutsevol)](https://github.com/mkutsevol * cinder: Add support for the KVM virtio-scsi driver ([[#41498](https://github.com/kubernetes/kubernetes/pull/41498)](https://github.com/kubernetes/kubernetes/pull/41498), [[@mikebryant](https://github.com/mikebryant)](https://github.com/mikebryant)) + * Openstack cinder v1/v2/auto API support ([#40423](https://github.com/kubernetes/kubernetes/pull/40423), [@mkutsevol](https://github.com/mkutsevol)](https://github.com/kubernetes/kubernetes/pull/41498), [@mikebryant](https://github.com/mikebryant)) - * Alpha feature: allows users to set storage limit to isolate EmptyDir volumes. It enforces the limit by evicting pods that exceed their storage limits ([[#45686](https://github.com/kubernetes/kubernetes/pull/45686)](https://github.com/kubernetes/kubernetes/pull/45686), [[@jingxu97](https://github.com/jingxu97)](https://github.com/jingxu97)) + * Alpha feature: allows users to set storage limit to isolate EmptyDir volumes. It enforces the limit by evicting pods that exceed their storage limits ([#45686](https://github.com/kubernetes/kubernetes/pull/45686), [@jingxu97](https://github.com/jingxu97)) * Bug fixes - * Fixes issue with Flexvolume, introduced in 1.6.0, where drivers without an attacher would fail (node indefinitely waiting for attach). A driver API addition is introduced: drivers that don't implement attach should return attach: false on init. ([[#47503](https://github.com/kubernetes/kubernetes/pull/47503)](https://github.com/kubernetes/kubernetes/pull/47503), [[@chakri-nelluri](https://github.com/chakri-nelluri)](https://github.com/chakri-nelluri)) + * Fixes issue with Flexvolume, introduced in 1.6.0, where drivers without an attacher would fail (node indefinitely waiting for attach). A driver API addition is introduced: drivers that don't implement attach should return attach: false on init. ([#47503](https://github.com/kubernetes/kubernetes/pull/47503), [@chakri-nelluri](https://github.com/chakri-nelluri)) - * Fix dynamic provisioning of PVs with inaccurate AccessModes by refusing to provision when PVCs ask for AccessModes that can't be satisfied by the PVs' underlying volume plugin. ([[#47274](https://github.com/kubernetes/kubernetes/pull/47274)](https://github.com/kubernetes/kubernetes/pull/47274), [[@wongma7](https://github.com/wongma7)](https://github.com/wongma7)) + * Fix dynamic provisioning of PVs with inaccurate AccessModes by refusing to provision when PVCs ask for AccessModes that can't be satisfied by the PVs' underlying volume plugin. ([#47274](https://github.com/kubernetes/kubernetes/pull/47274), [@wongma7](https://github.com/wongma7)) - * Fix pods failing to start if they specify a file as a volume subPath to mount. ([[#45623](https://github.com/kubernetes/kubernetes/pull/45623)](https://github.com/kubernetes/kubernetes/pull/45623), [[@wongma7](https://github.com/wongma7)](https://github.com/wongma7)) + * Fix pods failing to start if they specify a file as a volume subPath to mount. ([#45623](https://github.com/kubernetes/kubernetes/pull/45623), [@wongma7](https://github.com/wongma7)) - * Fix erroneous FailedSync and FailedMount events being periodically and indefinitely posted on Pods after kubelet is restarted. ([[#44781](https://github.com/kubernetes/kubernetes/pull/44781)](https://github.com/kubernetes/kubernetes/pull/44781), [[@wongma7](https://github.com/wongma7)](https://github.com/wongma7)) + * Fix erroneous FailedSync and FailedMount events being periodically and indefinitely posted on Pods after kubelet is restarted. ([#44781](https://github.com/kubernetes/kubernetes/pull/44781), [@wongma7](https://github.com/wongma7)) - * Fix AWS EBS volumes not getting detached from node if routine to verify volumes are attached runs while the node is down ([[#46463](https://github.com/kubernetes/kubernetes/pull/46463)](https://github.com/kubernetes/kubernetes/pull/46463), [[@wongma7](https://github.com/wongma7)](https://github.com/wongma7)) + * Fix AWS EBS volumes not getting detached from node if routine to verify volumes are attached runs while the node is down ([#46463](https://github.com/kubernetes/kubernetes/pull/46463), [@wongma7](https://github.com/wongma7)) - * Improves performance of Cinder volume attach/detach operations. ([[#41785](https://github.com/kubernetes/kubernetes/pull/41785)](https://github.com/kubernetes/kubernetes/pull/41785), [[@jamiehannaford](https://github.com/jamiehannaford)](https://github.com/jamiehannaford)) + * Improves performance of Cinder volume attach/detach operations. ([#41785](https://github.com/kubernetes/kubernetes/pull/41785), [@jamiehannaford](https://github.com/jamiehannaford)) - * Fix iSCSI iSER mounting. ([[#47281](https://github.com/kubernetes/kubernetes/pull/47281)](https://github.com/kubernetes/kubernetes/pull/47281), [[@mtanino](https://github.com/mtanino)](https://github.com/mtanino)) + * Fix iSCSI iSER mounting. ([#47281](https://github.com/kubernetes/kubernetes/pull/47281), [@mtanino](https://github.com/mtanino)) - * iscsi storage plugin: Fix dangling session when using multiple target portal addresses. ([[#46239](https://github.com/kubernetes/kubernetes/pull/46239)](https://github.com/kubernetes/kubernetes/pull/46239), [[@mtanino](https://github.com/mtanino)](https://github.com/mtanino)) + * iscsi storage plugin: Fix dangling session when using multiple target portal addresses. ([#46239](https://github.com/kubernetes/kubernetes/pull/46239), [@mtanino](https://github.com/mtanino)) - * Fix log spam due to unnecessary status update when node is deleted. ([[#45923](https://github.com/kubernetes/kubernetes/pull/45923)](https://github.com/kubernetes/kubernetes/pull/45923), [[@verult](https://github.com/verult)](https://github.com/verult)) + * Fix log spam due to unnecessary status update when node is deleted. ([#45923](https://github.com/kubernetes/kubernetes/pull/45923), [@verult](https://github.com/verult)) - * Don't try to attach volume to new node if it is already attached to another node and the volume does not support multi-attach. ([[#45346](https://github.com/kubernetes/kubernetes/pull/45346)](https://github.com/kubernetes/kubernetes/pull/45346), [[@codablock](https://github.com/codablock)](https://github.com/codablock)) + * Don't try to attach volume to new node if it is already attached to another node and the volume does not support multi-attach. ([#45346](https://github.com/kubernetes/kubernetes/pull/45346), [@codablock](https://github.com/codablock)) - * detach the volume when pod is terminated ([[#45286](https://github.com/kubernetes/kubernetes/pull/45286)](https://github.com/kubernetes/kubernetes/pull/45286), [[@gnufied](https://github.com/gnufied)](https://github.com/gnufied)) + * detach the volume when pod is terminated ([#45286](https://github.com/kubernetes/kubernetes/pull/45286), [@gnufied](https://github.com/gnufied)) - * Roll up volume error messages in the kubelet sync loop. ([[#44938](https://github.com/kubernetes/kubernetes/pull/44938)](https://github.com/kubernetes/kubernetes/pull/44938), [[@jayunit100](https://github.com/jayunit100)](https://github.com/jayunit100)) + * Roll up volume error messages in the kubelet sync loop. ([#44938](https://github.com/kubernetes/kubernetes/pull/44938), [@jayunit100](https://github.com/jayunit100)) - * Catch error when failed to make directory in NFS volume plugin ([[#38801](https://github.com/kubernetes/kubernetes/pull/38801)](https://github.com/kubernetes/kubernetes/pull/38801), [[@nak3](https://github.com/nak3)](https://github.com/nak3)) + * Catch error when failed to make directory in NFS volume plugin ([#38801](https://github.com/kubernetes/kubernetes/pull/38801), [@nak3](https://github.com/nak3)) @@ -1600,7 +1600,7 @@ Features for this release were tracked via the use of the [kubernetes/features]( * DNS and name resolution - * Updates kube-dns to 1.14.2 ([[#45684](https://github.com/kubernetes/kubernetes/pull/45684)](https://github.com/kubernetes/kubernetes/pull/45684), [[@bowei](https://github.com/bowei)](https://github.com/bowei)) + * Updates kube-dns to 1.14.2 ([#45684](https://github.com/kubernetes/kubernetes/pull/45684), [@bowei](https://github.com/bowei)) * Support kube-master-url flag without kubeconfig @@ -1610,70 +1610,70 @@ Features for this release were tracked via the use of the [kubernetes/features]( * Support specifying port number for nameserver in stubDomains - * A new field hostAliases has been added to pod.spec to support adding entries to a Pod's /etc/hosts file. ([[#44641](https://github.com/kubernetes/kubernetes/pull/44641)](https://github.com/kubernetes/kubernetes/pull/44641), [[@rickypai](https://github.com/rickypai)](https://github.com/rickypai)) + * A new field hostAliases has been added to pod.spec to support adding entries to a Pod's /etc/hosts file. ([#44641](https://github.com/kubernetes/kubernetes/pull/44641), [@rickypai](https://github.com/rickypai)) - * Fix DNS suffix search list support in Windows kube-proxy. ([[#45642](https://github.com/kubernetes/kubernetes/pull/45642)](https://github.com/kubernetes/kubernetes/pull/45642), [[@JiangtianLi](https://github.com/JiangtianLi)](https://github.com/JiangtianLi)) + * Fix DNS suffix search list support in Windows kube-proxy. ([#45642](https://github.com/kubernetes/kubernetes/pull/45642), [@JiangtianLi](https://github.com/JiangtianLi)) * Kube-proxy - * ratelimit runs of iptables by sync-period flags ([[#46266](https://github.com/kubernetes/kubernetes/pull/46266)](https://github.com/kubernetes/kubernetes/pull/46266), [[@thockin](https://github.com/thockin)](https://github.com/thockin)) + * ratelimit runs of iptables by sync-period flags ([#46266](https://github.com/kubernetes/kubernetes/pull/46266), [@thockin](https://github.com/thockin)) - * Fix corner-case with OnlyLocal Service healthchecks. ([[#44313](https://github.com/kubernetes/kubernetes/pull/44313)](https://github.com/kubernetes/kubernetes/pull/44313), [[@thockin](https://github.com/thockin)](https://github.com/thockin)) + * Fix corner-case with OnlyLocal Service healthchecks. ([#44313](https://github.com/kubernetes/kubernetes/pull/44313), [@thockin](https://github.com/thockin)) -* Exclude nodes labeled as master from LoadBalancer / NodePort; restores documented behaviour. ([[#44745](https://github.com/kubernetes/kubernetes/pull/44745)](https://github.com/kubernetes/kubernetes/pull/44745), [[@justinsb](https://github.com/justinsb)](https://github.com/justinsb)) +* Exclude nodes labeled as master from LoadBalancer / NodePort; restores documented behaviour. ([#44745](https://github.com/kubernetes/kubernetes/pull/44745), [@justinsb](https://github.com/justinsb)) -* Adds support for CNI ConfigLists, which permit plugin chaining. ([[#42202](https://github.com/kubernetes/kubernetes/pull/42202)](https://github.com/kubernetes/kubernetes/pull/42202), [[@squeed](https://github.com/squeed)](https://github.com/squeed)) +* Adds support for CNI ConfigLists, which permit plugin chaining. ([#42202](https://github.com/kubernetes/kubernetes/pull/42202), [@squeed](https://github.com/squeed)) -* Fix node selection logic on initial LB creation ([[#45773](https://github.com/kubernetes/kubernetes/pull/45773)](https://github.com/kubernetes/kubernetes/pull/45773), [[@justinsb](https://github.com/justinsb)](https://github.com/justinsb)) +* Fix node selection logic on initial LB creation ([#45773](https://github.com/kubernetes/kubernetes/pull/45773), [@justinsb](https://github.com/justinsb)) -* When switching from the service.beta.kubernetes.io/external-traffic annotation to the new externalTrafficPolicy field, the values change as follows: * "OnlyLocal" becomes "Local" * "Global" becomes "Cluster". ([[#46716](https://github.com/kubernetes/kubernetes/pull/46716)](https://github.com/kubernetes/kubernetes/pull/46716), [[@thockin](https://github.com/thockin)](https://github.com/thockin)) +* When switching from the service.beta.kubernetes.io/external-traffic annotation to the new externalTrafficPolicy field, the values change as follows: * "OnlyLocal" becomes "Local" * "Global" becomes "Cluster". ([#46716](https://github.com/kubernetes/kubernetes/pull/46716), [@thockin](https://github.com/thockin)) -* servicecontroller: Fix node selection logic on initial LB creation ([[#45773](https://github.com/kubernetes/kubernetes/pull/45773)](https://github.com/kubernetes/kubernetes/pull/45773), [[@justinsb](https://github.com/justinsb)](https://github.com/justinsb)) +* servicecontroller: Fix node selection logic on initial LB creation ([#45773](https://github.com/kubernetes/kubernetes/pull/45773), [@justinsb](https://github.com/justinsb)) -* fixed HostAlias in PodSpec to allow foo.bar hostnames instead of just foo DNS labels. ([[#46809](https://github.com/kubernetes/kubernetes/pull/46809)](https://github.com/kubernetes/kubernetes/pull/46809), [[@rickypai](https://github.com/rickypai)](https://github.com/rickypai)) +* fixed HostAlias in PodSpec to allow foo.bar hostnames instead of just foo DNS labels. ([#46809](https://github.com/kubernetes/kubernetes/pull/46809), [@rickypai](https://github.com/rickypai)) #### Node controller * Bug fixes: - * Fix [transition between NotReady and Unreachable taints](https://github.com/kubernetes/kubernetes/issues/43444). ([[#44042](https://github.com/kubernetes/kubernetes/pull/44042)](https://github.com/kubernetes/kubernetes/pull/44042), [[@gmarek](https://github.com/gmarek)](https://github.com/gmarek)) + * Fix [transition between NotReady and Unreachable taints](https://github.com/kubernetes/kubernetes/issues/43444). ([#44042](https://github.com/kubernetes/kubernetes/pull/44042), [@gmarek](https://github.com/gmarek)) #### Node Components * Features - * Removes the deprecated kubelet flag `--babysit-daemons` ([[#44230](https://github.com/kubernetes/kubernetes/pull/44230)](https://github.com/kubernetes/kubernetes/pull/44230), [[@mtaufen](https://github.com/mtaufen)](https://github.com/mtaufen)) + * Removes the deprecated kubelet flag `--babysit-daemons` ([#44230](https://github.com/kubernetes/kubernetes/pull/44230), [@mtaufen](https://github.com/mtaufen)) - * make dockershim.sock configurable ([[#43914](https://github.com/kubernetes/kubernetes/pull/43914)](https://github.com/kubernetes/kubernetes/pull/43914), [[@ncdc](https://github.com/ncdc)](https://github.com/ncdc)) + * make dockershim.sock configurable ([#43914](https://github.com/kubernetes/kubernetes/pull/43914), [@ncdc](https://github.com/ncdc)) - * Support running Ubuntu image on GCE node ([[#44744](https://github.com/kubernetes/kubernetes/pull/44744)](https://github.com/kubernetes/kubernetes/pull/44744), [[@yguo0905](https://github.com/yguo0905)](https://github.com/yguo0905)) + * Support running Ubuntu image on GCE node ([#44744](https://github.com/kubernetes/kubernetes/pull/44744), [@yguo0905](https://github.com/yguo0905)) - * Kubernetes now shares a single PID namespace among all containers in a pod when running with docker >= 1.13.1. This means processes can now signal processes in other containers in a pod, but it also means that the `kubectl exec {pod} kill 1` pattern will cause the Pod to be restarted rather than a single container. ([[#45236](https://github.com/kubernetes/kubernetes/pull/45236)](https://github.com/kubernetes/kubernetes/pull/45236), [[@verb](https://github.com/verb)](https://github.com/verb)) + * Kubernetes now shares a single PID namespace among all containers in a pod when running with docker >= 1.13.1. This means processes can now signal processes in other containers in a pod, but it also means that the `kubectl exec {pod} kill 1` pattern will cause the Pod to be restarted rather than a single container. ([#45236](https://github.com/kubernetes/kubernetes/pull/45236), [@verb](https://github.com/verb)) - * A new field hostAliases has been added to the pod spec to support [adding entries to a Pod's /etc/hosts file](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/). ([[#44641](https://github.com/kubernetes/kubernetes/pull/44641)](https://github.com/kubernetes/kubernetes/pull/44641), [[@rickypai](https://github.com/rickypai)](https://github.com/rickypai)) + * A new field hostAliases has been added to the pod spec to support [adding entries to a Pod's /etc/hosts file](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/). ([#44641](https://github.com/kubernetes/kubernetes/pull/44641), [@rickypai](https://github.com/rickypai)) - * With `--feature-gates=RotateKubeletClientCertificate=true` set, the Kubelet will ([[#41912](https://github.com/kubernetes/kubernetes/pull/41912)](https://github.com/kubernetes/kubernetes/pull/41912), [[@jcbsmpsn](https://github.com/jcbsmpsn)](https://github.com/jcbsmpsn)) + * With `--feature-gates=RotateKubeletClientCertificate=true` set, the Kubelet will ([#41912](https://github.com/kubernetes/kubernetes/pull/41912), [@jcbsmpsn](https://github.com/jcbsmpsn)) * request a client certificate from the API server during the boot cycle and pause * waiting for the request to be satisfied. It will continually refresh the certificate - * Create clusters with GPUs in GCE by specifying `type=,count=` to NODE_ACCELERATORS environment variable. ([[#45130](https://github.com/kubernetes/kubernetes/pull/45130)](https://github.com/kubernetes/kubernetes/pull/45130), [[@vishh](https://github.com/vishh)](https://github.com/vishh)) + * Create clusters with GPUs in GCE by specifying `type=,count=` to NODE_ACCELERATORS environment variable. ([#45130](https://github.com/kubernetes/kubernetes/pull/45130), [@vishh](https://github.com/vishh)) * List of available GPUs - [https://cloud.google.com/compute/docs/gpus/#introduction](https://cloud.google.com/compute/docs/gpus/#introduction) - * Disk Pressure triggers the deletion of terminated containers on the node. ([[#45896](https://github.com/kubernetes/kubernetes/pull/45896)](https://github.com/kubernetes/kubernetes/pull/45896), [[@dashpole](https://github.com/dashpole)](https://github.com/dashpole)) + * Disk Pressure triggers the deletion of terminated containers on the node. ([#45896](https://github.com/kubernetes/kubernetes/pull/45896), [@dashpole](https://github.com/dashpole)) - * Support status.hostIP in downward API ([[#42717](https://github.com/kubernetes/kubernetes/pull/42717)](https://github.com/kubernetes/kubernetes/pull/42717), [[@andrewsykim](https://github.com/andrewsykim)](https://github.com/andrewsykim)) + * Support status.hostIP in downward API ([#42717](https://github.com/kubernetes/kubernetes/pull/42717), [@andrewsykim](https://github.com/andrewsykim)) * Upgrade Node Problem Detector to v0.4.1. New features added: - * Add /dev/kmsg support for kernel log parsing. ([#112](https://github.com/kubernetes/node-problem-detector/pull/112), [[@euank](https://github.com/euank)](https://github.com/euank)) + * Add /dev/kmsg support for kernel log parsing. ([#112](https://github.com/kubernetes/node-problem-detector/pull/112), [@euank](https://github.com/euank)) - * Add ABRT support. ([#105](https://github.com/kubernetes/node-problem-detector/pull/105), [[@juliusmilan](https://github.com/juliusmilan)](https://github.com/juliusmilan)) + * Add ABRT support. ([#105](https://github.com/kubernetes/node-problem-detector/pull/105), [@juliusmilan](https://github.com/juliusmilan)) - * Add a docker image corruption problem detection in the default docker monitor config. ([#117](https://github.com/kubernetes/node-problem-detector/pull/117), [[@ajitak](https://github.com/ajitak)](https://github.com/ajitak)) + * Add a docker image corruption problem detection in the default docker monitor config. ([#117](https://github.com/kubernetes/node-problem-detector/pull/117), [@ajitak](https://github.com/ajitak)) * Upgrade CAdvisor to v0.26.1. New features added: @@ -1683,120 +1683,120 @@ Features for this release were tracked via the use of the [kubernetes/features]( * Add UDP metrics (collection disabled by default). - * Roll up volume error messages in the kubelet sync loop. ([[#44938](https://github.com/kubernetes/kubernetes/pull/44938)](https://github.com/kubernetes/kubernetes/pull/44938), [[@jayunit100](https://github.com/jayunit100)](https://github.com/jayunit100)) + * Roll up volume error messages in the kubelet sync loop. ([#44938](https://github.com/kubernetes/kubernetes/pull/44938), [@jayunit100](https://github.com/jayunit100)) - * Allow pods to opt out of PodPreset mutation via an annotation on the pod. ([[#44965](https://github.com/kubernetes/kubernetes/pull/44965)](https://github.com/kubernetes/kubernetes/pull/44965), [[@jpeeler](https://github.com/jpeeler)](https://github.com/jpeeler)) + * Allow pods to opt out of PodPreset mutation via an annotation on the pod. ([#44965](https://github.com/kubernetes/kubernetes/pull/44965), [@jpeeler](https://github.com/jpeeler)) - * Add generic Toleration for NoExecute Taints to NodeProblemDetector, so that NPD can be scheduled to nodes with NoExecute taints by default. ([[#45883](https://github.com/kubernetes/kubernetes/pull/45883)](https://github.com/kubernetes/kubernetes/pull/45883), [[@gmarek](https://github.com/gmarek)](https://github.com/gmarek)) + * Add generic Toleration for NoExecute Taints to NodeProblemDetector, so that NPD can be scheduled to nodes with NoExecute taints by default. ([#45883](https://github.com/kubernetes/kubernetes/pull/45883), [@gmarek](https://github.com/gmarek)) - * Prevent kubelet from setting allocatable < 0 for a resource upon initial creation. ([[#46516](https://github.com/kubernetes/kubernetes/pull/46516)](https://github.com/kubernetes/kubernetes/pull/46516), [[@derekwaynecarr](https://github.com/derekwaynecarr)](https://github.com/derekwaynecarr)) + * Prevent kubelet from setting allocatable < 0 for a resource upon initial creation. ([#46516](https://github.com/kubernetes/kubernetes/pull/46516), [@derekwaynecarr](https://github.com/derekwaynecarr)) * Bug fixes - * Changed Kubelet default image-gc-high-threshold to 85% to resolve a conflict with default settings in docker that prevented image garbage collection from resolving low disk space situations when using devicemapper storage. ([[#40432](https://github.com/kubernetes/kubernetes/pull/40432)](https://github.com/kubernetes/kubernetes/pull/40432), [[@sjenning](https://github.com/sjenning)](https://github.com/sjenning)) + * Changed Kubelet default image-gc-high-threshold to 85% to resolve a conflict with default settings in docker that prevented image garbage collection from resolving low disk space situations when using devicemapper storage. ([#40432](https://github.com/kubernetes/kubernetes/pull/40432), [@sjenning](https://github.com/sjenning)) - * Mark all static pods on the Master node as critical to prevent preemption ([[#47356](https://github.com/kubernetes/kubernetes/pull/47356)](https://github.com/kubernetes/kubernetes/pull/47356), [[@dashpole](https://github.com/dashpole)](https://github.com/dashpole)) + * Mark all static pods on the Master node as critical to prevent preemption ([#47356](https://github.com/kubernetes/kubernetes/pull/47356), [@dashpole](https://github.com/dashpole)) - * Restrict active deadline seconds max allowed value to be maximum uint32 to avoid overflow ([[#46640](https://github.com/kubernetes/kubernetes/pull/46640)](https://github.com/kubernetes/kubernetes/pull/46640), [[@derekwaynecarr](https://github.com/derekwaynecarr)](https://github.com/derekwaynecarr)) + * Restrict active deadline seconds max allowed value to be maximum uint32 to avoid overflow ([#46640](https://github.com/kubernetes/kubernetes/pull/46640), [@derekwaynecarr](https://github.com/derekwaynecarr)) - * Fix a bug with cAdvisorPort in the KubeletConfiguration that prevented setting it to 0, which is in fact a valid option, as noted in issue [[#11710](https://github.com/kubernetes/kubernetes/pull/11710)](https://github.com/kubernetes/kubernetes/pull/11710). ([[#46876](https://github.com/kubernetes/kubernetes/pull/46876)](https://github.com/kubernetes/kubernetes/pull/46876), [[@mtaufen](https://github.com/mtaufen)](https://github.com/mtaufen)) + * Fix a bug with cAdvisorPort in the KubeletConfiguration that prevented setting it to 0, which is in fact a valid option, as noted in issue [#11710](https://github.com/kubernetes/kubernetes/pull/11710). ([#46876](https://github.com/kubernetes/kubernetes/pull/46876), [@mtaufen](https://github.com/mtaufen)) - * Fix a bug where container cannot run as root when SecurityContext.RunAsNonRoot is false. ([[#47009](https://github.com/kubernetes/kubernetes/pull/47009)](https://github.com/kubernetes/kubernetes/pull/47009), [[@yujuhong](https://github.com/yujuhong)](https://github.com/yujuhong)) + * Fix a bug where container cannot run as root when SecurityContext.RunAsNonRoot is false. ([#47009](https://github.com/kubernetes/kubernetes/pull/47009), [@yujuhong](https://github.com/yujuhong)) - * Fix the Kubelet PLEG update timestamp to better reflect the health of the component when the container runtime request hangs. ([[#45496](https://github.com/kubernetes/kubernetes/pull/45496)](https://github.com/kubernetes/kubernetes/pull/45496), [[@andyxning](https://github.com/andyxning)](https://github.com/andyxning)) + * Fix the Kubelet PLEG update timestamp to better reflect the health of the component when the container runtime request hangs. ([#45496](https://github.com/kubernetes/kubernetes/pull/45496), [@andyxning](https://github.com/andyxning)) - * Avoid failing sync loop health check on container runtime errors ([[#47124](https://github.com/kubernetes/kubernetes/pull/47124)](https://github.com/kubernetes/kubernetes/pull/47124), [[@andyxning](https://github.com/andyxning)](https://github.com/andyxning)) + * Avoid failing sync loop health check on container runtime errors ([#47124](https://github.com/kubernetes/kubernetes/pull/47124), [@andyxning](https://github.com/andyxning)) - * Fix a bug where Kubelet does not ignore pod manifest files starting with dots ([[#45111](https://github.com/kubernetes/kubernetes/pull/45111)](https://github.com/kubernetes/kubernetes/pull/45111), [[@dwradcliffe](https://github.com/dwradcliffe)](https://github.com/dwradcliffe)) + * Fix a bug where Kubelet does not ignore pod manifest files starting with dots ([#45111](https://github.com/kubernetes/kubernetes/pull/45111), [@dwradcliffe](https://github.com/dwradcliffe)) - * Fix kubelet reset liveness probe failure count across pod restart boundaries ([[#46371](https://github.com/kubernetes/kubernetes/pull/46371)](https://github.com/kubernetes/kubernetes/pull/46371), [[@sjenning](https://github.com/sjenning)](https://github.com/sjenning)) + * Fix kubelet reset liveness probe failure count across pod restart boundaries ([#46371](https://github.com/kubernetes/kubernetes/pull/46371), [@sjenning](https://github.com/sjenning)) - * Fix log spam due to unnecessary status update when node is deleted. ([[#45923](https://github.com/kubernetes/kubernetes/pull/45923)](https://github.com/kubernetes/kubernetes/pull/45923), [[@verult](https://github.com/verult)](https://github.com/verult)) + * Fix log spam due to unnecessary status update when node is deleted. ([#45923](https://github.com/kubernetes/kubernetes/pull/45923), [@verult](https://github.com/verult)) - * Fix kubelet event recording for selected events. ([[#46246](https://github.com/kubernetes/kubernetes/pull/46246)](https://github.com/kubernetes/kubernetes/pull/46246), [[@derekwaynecarr](https://github.com/derekwaynecarr)](https://github.com/derekwaynecarr)) + * Fix kubelet event recording for selected events. ([#46246](https://github.com/kubernetes/kubernetes/pull/46246), [@derekwaynecarr](https://github.com/derekwaynecarr)) - * Fix image garbage collector attempting to remove in-use images. ([[#46121](https://github.com/kubernetes/kubernetes/pull/46121)](https://github.com/kubernetes/kubernetes/pull/46121), [[@Random-Liu](https://github.com/Random-Liu)](https://github.com/Random-Liu)) + * Fix image garbage collector attempting to remove in-use images. ([#46121](https://github.com/kubernetes/kubernetes/pull/46121), [@Random-Liu](https://github.com/Random-Liu)) - * Detach the volume when pod is terminated ([[#45286](https://github.com/kubernetes/kubernetes/pull/45286)](https://github.com/kubernetes/kubernetes/pull/45286), [[@gnufied](https://github.com/gnufied)](https://github.com/gnufied)) + * Detach the volume when pod is terminated ([#45286](https://github.com/kubernetes/kubernetes/pull/45286), [@gnufied](https://github.com/gnufied)) - * CRI: Fix StopContainer timeout ([[#44970](https://github.com/kubernetes/kubernetes/pull/44970)](https://github.com/kubernetes/kubernetes/pull/44970), [[@Random-Liu](https://github.com/Random-Liu)](https://github.com/Random-Liu)) + * CRI: Fix StopContainer timeout ([#44970](https://github.com/kubernetes/kubernetes/pull/44970), [@Random-Liu](https://github.com/Random-Liu)) - * CRI: Fix kubelet failing to start when using rkt. ([[#44569](https://github.com/kubernetes/kubernetes/pull/44569)](https://github.com/kubernetes/kubernetes/pull/44569), [[@yujuhong](https://github.com/yujuhong)](https://github.com/yujuhong)) + * CRI: Fix kubelet failing to start when using rkt. ([#44569](https://github.com/kubernetes/kubernetes/pull/44569), [@yujuhong](https://github.com/yujuhong)) - * CRI: `kubectl logs -f` now stops following when container stops, as it did pre-CRI. ([[#44406](https://github.com/kubernetes/kubernetes/pull/44406)](https://github.com/kubernetes/kubernetes/pull/44406), [[@Random-Liu](https://github.com/Random-Liu)](https://github.com/Random-Liu)) + * CRI: `kubectl logs -f` now stops following when container stops, as it did pre-CRI. ([#44406](https://github.com/kubernetes/kubernetes/pull/44406), [@Random-Liu](https://github.com/Random-Liu)) - * Fixes a bug where pods were evicted even after images are successfully deleted. ([[#44986](https://github.com/kubernetes/kubernetes/pull/44986)](https://github.com/kubernetes/kubernetes/pull/44986), [[@dashpole](https://github.com/dashpole)](https://github.com/dashpole)) + * Fixes a bug where pods were evicted even after images are successfully deleted. ([#44986](https://github.com/kubernetes/kubernetes/pull/44986), [@dashpole](https://github.com/dashpole)) - * When creating a container using envFrom, ([[#42083](https://github.com/kubernetes/kubernetes/pull/42083)](https://github.com/kubernetes/kubernetes/pull/42083), [[@fraenkel](https://github.com/fraenkel)](https://github.com/fraenkel) + * When creating a container using envFrom, ([#42083](https://github.com/kubernetes/kubernetes/pull/42083), [@fraenkel](https://github.com/fraenkel) * validate the name of the ConfigMap in a ConfigMapRef * validate the name of the Secret in a SecretRef - * Fix the bug where StartedAt time is not reported for exited containers. ([[#45977](https://github.com/kubernetes/kubernetes/pull/45977)](https://github.com/kubernetes/kubernetes/pull/45977), [[@yujuhong](https://github.com/yujuhong)](https://github.com/yujuhong)) + * Fix the bug where StartedAt time is not reported for exited containers. ([#45977](https://github.com/kubernetes/kubernetes/pull/45977), [@yujuhong](https://github.com/yujuhong)) * Changes/deprecations - * Marks the Kubelet's `--master-service-namespace` flag deprecated ([[#44250](https://github.com/kubernetes/kubernetes/pull/44250)](https://github.com/kubernetes/kubernetes/pull/44250), [[@mtaufen](https://github.com/mtaufen)](https://github.com/mtaufen)) + * Marks the Kubelet's `--master-service-namespace` flag deprecated ([#44250](https://github.com/kubernetes/kubernetes/pull/44250), [@mtaufen](https://github.com/mtaufen)) - * Remove PodSandboxStatus.Linux.Namespaces.Network from CRI since it is not used/needed. ([[#45166](https://github.com/kubernetes/kubernetes/pull/45166)](https://github.com/kubernetes/kubernetes/pull/45166), [[@feiskyer](https://github.com/feiskyer)](https://github.com/feiskyer)) + * Remove PodSandboxStatus.Linux.Namespaces.Network from CRI since it is not used/needed. ([#45166](https://github.com/kubernetes/kubernetes/pull/45166), [@feiskyer](https://github.com/feiskyer)) - * Remove the `--enable-cri` flag. CRI is now the default, and the only way to integrate with Kubelet for the container runtimes.([[#45194](https://github.com/kubernetes/kubernetes/pull/45194)](https://github.com/kubernetes/kubernetes/pull/45194), [[@yujuhong](https://github.com/yujuhong)](https://github.com/yujuhong)) + * Remove the `--enable-cri` flag. CRI is now the default, and the only way to integrate with Kubelet for the container runtimes.([#45194](https://github.com/kubernetes/kubernetes/pull/45194), [@yujuhong](https://github.com/yujuhong)) - * CRI has been moved to package pkg/kubelet/apis/cri/v1alpha1/runtime as part of Kubelet API path cleanup. ([[#47113](https://github.com/kubernetes/kubernetes/pull/47113)](https://github.com/kubernetes/kubernetes/pull/47113), [[@feiskyer](https://github.com/feiskyer)](https://github.com/feiskyer)) + * CRI has been moved to package pkg/kubelet/apis/cri/v1alpha1/runtime as part of Kubelet API path cleanup. ([#47113](https://github.com/kubernetes/kubernetes/pull/47113), [@feiskyer](https://github.com/feiskyer)) #### Scheduling -* The fix makes scheduling go routine waiting for cache (e.g. Pod) to be synced. ([[#45453](https://github.com/kubernetes/kubernetes/pull/45453)](https://github.com/kubernetes/kubernetes/pull/45453), [[@k82cn](https://github.com/k82cn)](https://github.com/k82cn)) +* The fix makes scheduling go routine waiting for cache (e.g. Pod) to be synced. ([#45453](https://github.com/kubernetes/kubernetes/pull/45453), [@k82cn](https://github.com/k82cn)) -* Move hardPodAffinitySymmetricWeight to scheduler policy config ([[#44159](https://github.com/kubernetes/kubernetes/pull/44159)](https://github.com/kubernetes/kubernetes/pull/44159), [[@wanghaoran1988](https://github.com/wanghaoran1988)](https://github.com/wanghaoran1988)) +* Move hardPodAffinitySymmetricWeight to scheduler policy config ([#44159](https://github.com/kubernetes/kubernetes/pull/44159), [@wanghaoran1988](https://github.com/wanghaoran1988)) -* Align Extender's validation with prioritizers. ([[#45091](https://github.com/kubernetes/kubernetes/pull/45091)](https://github.com/kubernetes/kubernetes/pull/45091), [[@k82cn](https://github.com/k82cn)](https://github.com/k82cn)) +* Align Extender's validation with prioritizers. ([#45091](https://github.com/kubernetes/kubernetes/pull/45091), [@k82cn](https://github.com/k82cn)) -* Removed old scheduler constructor. ([[#45472](https://github.com/kubernetes/kubernetes/pull/45472)](https://github.com/kubernetes/kubernetes/pull/45472), [[@k82cn](https://github.com/k82cn)](https://github.com/k82cn)) +* Removed old scheduler constructor. ([#45472](https://github.com/kubernetes/kubernetes/pull/45472), [@k82cn](https://github.com/k82cn)) -* Fixes the overflow for priorityconfig- valid range {1, 9223372036854775806}. ([[#45122](https://github.com/kubernetes/kubernetes/pull/45122)](https://github.com/kubernetes/kubernetes/pull/45122), [[@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)](https://github.com/ravisantoshgudimetla)) +* Fixes the overflow for priorityconfig- valid range {1, 9223372036854775806}. ([#45122](https://github.com/kubernetes/kubernetes/pull/45122), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) -* Move hardPodAffinitySymmetricWeight to scheduler policy config ([[#44159](https://github.com/kubernetes/kubernetes/pull/44159)](https://github.com/kubernetes/kubernetes/pull/44159), [[@wanghaoran1988](https://github.com/wanghaoran1988)](https://github.com/wanghaoran1988)) +* Move hardPodAffinitySymmetricWeight to scheduler policy config ([#44159](https://github.com/kubernetes/kubernetes/pull/44159), [@wanghaoran1988](https://github.com/wanghaoran1988)) #### Security * Features: - * Permission to use a PodSecurityPolicy can now be granted within a single namespace by allowing the use verb on the podsecuritypolicies resource within the namespace. ([[#42360](https://github.com/kubernetes/kubernetes/pull/42360)](https://github.com/kubernetes/kubernetes/pull/42360), [[@liggitt](https://github.com/liggitt)](https://github.com/liggitt)) + * Permission to use a PodSecurityPolicy can now be granted within a single namespace by allowing the use verb on the podsecuritypolicies resource within the namespace. ([#42360](https://github.com/kubernetes/kubernetes/pull/42360), [@liggitt](https://github.com/liggitt)) - * Break the 'certificatesigningrequests' controller into a 'csrapprover' controller and 'csrsigner' controller. ([[#45514](https://github.com/kubernetes/kubernetes/pull/45514)](https://github.com/kubernetes/kubernetes/pull/45514), [[@mikedanese](https://github.com/mikedanese)](https://github.com/mikedanese)) + * Break the 'certificatesigningrequests' controller into a 'csrapprover' controller and 'csrsigner' controller. ([#45514](https://github.com/kubernetes/kubernetes/pull/45514), [@mikedanese](https://github.com/mikedanese)) - * `kubectl auth can-i` now supports non-resource URLs ([[#46432](https://github.com/kubernetes/kubernetes/pull/46432)](https://github.com/kubernetes/kubernetes/pull/46432), [[@CaoShuFeng](https://github.com/CaoShuFeng)](https://github.com/CaoShuFeng)) + * `kubectl auth can-i` now supports non-resource URLs ([#46432](https://github.com/kubernetes/kubernetes/pull/46432), [@CaoShuFeng](https://github.com/CaoShuFeng)) - * Promote kubelet tls bootstrap to beta. Add a non-experimental flag to use it and deprecate the old flag. ([[#46799](https://github.com/kubernetes/kubernetes/pull/46799)](https://github.com/kubernetes/kubernetes/pull/46799), [[@mikedanese](https://github.com/mikedanese)](https://github.com/mikedanese)) + * Promote kubelet tls bootstrap to beta. Add a non-experimental flag to use it and deprecate the old flag. ([#46799](https://github.com/kubernetes/kubernetes/pull/46799), [@mikedanese](https://github.com/mikedanese)) - * Add the alpha.image-policy.k8s.io/failed-open=true annotation when the image policy webhook encounters an error and fails open. ([[#46264](https://github.com/kubernetes/kubernetes/pull/46264)](https://github.com/kubernetes/kubernetes/pull/46264), [[@Q-Lee](https://github.com/Q-Lee)](https://github.com/Q-Lee)) + * Add the alpha.image-policy.k8s.io/failed-open=true annotation when the image policy webhook encounters an error and fails open. ([#46264](https://github.com/kubernetes/kubernetes/pull/46264), [@Q-Lee](https://github.com/Q-Lee)) - * Add an AEAD encrypting transformer for storing secrets encrypted at rest ([[#41939](https://github.com/kubernetes/kubernetes/pull/41939)](https://github.com/kubernetes/kubernetes/pull/41939), [[@smarterclayton](https://github.com/smarterclayton)](https://github.com/smarterclayton)) + * Add an AEAD encrypting transformer for storing secrets encrypted at rest ([#41939](https://github.com/kubernetes/kubernetes/pull/41939), [@smarterclayton](https://github.com/smarterclayton)) - * Add secretbox and AES-CBC encryption modes to at rest encryption. AES-CBC is considered superior to AES-GCM because it is resistant to nonce-reuse attacks, and secretbox uses Poly1305 and XSalsa20. ([[#46916](https://github.com/kubernetes/kubernetes/pull/46916)](https://github.com/kubernetes/kubernetes/pull/46916), [[@smarterclayton](https://github.com/smarterclayton)](https://github.com/smarterclayton)) + * Add secretbox and AES-CBC encryption modes to at rest encryption. AES-CBC is considered superior to AES-GCM because it is resistant to nonce-reuse attacks, and secretbox uses Poly1305 and XSalsa20. ([#46916](https://github.com/kubernetes/kubernetes/pull/46916), [@smarterclayton](https://github.com/smarterclayton)) * Bug fixes: - * Make gcp auth provider not to override the Auth header if it's already exits ([[#45575](https://github.com/kubernetes/kubernetes/pull/45575)](https://github.com/kubernetes/kubernetes/pull/45575), [[@wanghaoran1988](https://github.com/wanghaoran1988)](https://github.com/wanghaoran1988)) + * Make gcp auth provider not to override the Auth header if it's already exits ([#45575](https://github.com/kubernetes/kubernetes/pull/45575), [@wanghaoran1988](https://github.com/wanghaoran1988)) - * The oidc client plugin has reduce round trips and fix scopes requested ([[#45317](https://github.com/kubernetes/kubernetes/pull/45317)](https://github.com/kubernetes/kubernetes/pull/45317), [[@ericchiang](https://github.com/ericchiang)](https://github.com/ericchiang)) + * The oidc client plugin has reduce round trips and fix scopes requested ([#45317](https://github.com/kubernetes/kubernetes/pull/45317), [@ericchiang](https://github.com/ericchiang)) - * API requests using impersonation now include the system:authenticated group in the impersonated user automatically. ([[#44076](https://github.com/kubernetes/kubernetes/pull/44076)](https://github.com/kubernetes/kubernetes/pull/44076), [[@liggitt](https://github.com/liggitt)](https://github.com/liggitt)) + * API requests using impersonation now include the system:authenticated group in the impersonated user automatically. ([#44076](https://github.com/kubernetes/kubernetes/pull/44076), [@liggitt](https://github.com/liggitt)) - * RBAC role and rolebinding auto-reconciliation is now performed only when the RBAC authorization mode is enabled. ([[#43813](https://github.com/kubernetes/kubernetes/pull/43813)](https://github.com/kubernetes/kubernetes/pull/43813), [[@liggitt](https://github.com/liggitt)](https://github.com/liggitt)) + * RBAC role and rolebinding auto-reconciliation is now performed only when the RBAC authorization mode is enabled. ([#43813](https://github.com/kubernetes/kubernetes/pull/43813), [@liggitt](https://github.com/liggitt)) - * PodSecurityPolicy now recognizes pods that specify runAsNonRoot: false in their security context and does not overwrite the specified value ([[#47073](https://github.com/kubernetes/kubernetes/pull/47073)](https://github.com/kubernetes/kubernetes/pull/47073), [[@Q-Lee](https://github.com/Q-Lee)](https://github.com/Q-Lee)) + * PodSecurityPolicy now recognizes pods that specify runAsNonRoot: false in their security context and does not overwrite the specified value ([#47073](https://github.com/kubernetes/kubernetes/pull/47073), [@Q-Lee](https://github.com/Q-Lee)) - * Tokens retrieved from Google Cloud with application default credentials will not be cached if the client fails authorization ([[#46694](https://github.com/kubernetes/kubernetes/pull/46694)](https://github.com/kubernetes/kubernetes/pull/46694), [[@matt-tyler](https://github.com/matt-tyler)](https://github.com/matt-tyler)) + * Tokens retrieved from Google Cloud with application default credentials will not be cached if the client fails authorization ([#46694](https://github.com/kubernetes/kubernetes/pull/46694), [@matt-tyler](https://github.com/matt-tyler)) - * Update kube-dns, metadata-proxy, and fluentd-gcp, event-exporter, prometheus-to-sd, and ip-masq-agent addons with new base images containing fixes for CVE-2016-4448, CVE-2016-9841, CVE-2016-9843, CVE-2017-1000366, CVE-2017-2616, and CVE-2017-9526. ([[#47877](https://github.com/kubernetes/kubernetes/pull/47877)](https://github.com/kubernetes/kubernetes/pull/47877), [[@ixdy](https://github.com/ixdy)](https://github.com/ixdy)) + * Update kube-dns, metadata-proxy, and fluentd-gcp, event-exporter, prometheus-to-sd, and ip-masq-agent addons with new base images containing fixes for CVE-2016-4448, CVE-2016-9841, CVE-2016-9843, CVE-2017-1000366, CVE-2017-2616, and CVE-2017-9526. ([#47877](https://github.com/kubernetes/kubernetes/pull/47877), [@ixdy](https://github.com/ixdy)) - * Fixed an issue mounting the wrong secret into pods as a service account token. ([[#44102](https://github.com/kubernetes/kubernetes/pull/44102)](https://github.com/kubernetes/kubernetes/pull/44102), [[@ncdc](https://github.com/ncdc)](https://github.com/ncdc)) + * Fixed an issue mounting the wrong secret into pods as a service account token. ([#44102](https://github.com/kubernetes/kubernetes/pull/44102), [@ncdc](https://github.com/ncdc)) #### Scalability -* The HorizontalPodAutoscaler controller will now only send updates when it has new status information, reducing the number of writes caused by the controller. ([[#47078](https://github.com/kubernetes/kubernetes/pull/47078)](https://github.com/kubernetes/kubernetes/pull/47078), [[@DirectXMan12](https://github.com/DirectXMan12)](https://github.com/DirectXMan12)) +* The HorizontalPodAutoscaler controller will now only send updates when it has new status information, reducing the number of writes caused by the controller. ([#47078](https://github.com/kubernetes/kubernetes/pull/47078), [@DirectXMan12](https://github.com/DirectXMan12)) ## **External Dependency Version Information** @@ -1815,11 +1815,11 @@ Continuous integration builds have used the following versions of external depen * Docker version 1.11.2 known issues - * Kernel crash with Aufs storage driver on Debian Jessie ([[#27885](https://github.com/kubernetes/kubernetes/pull/27885)](https://github.com/kubernetes/kubernetes/issues/27885)) which can be identified by the [node problem detector](https://kubernetes.io/docs/tasks/debug-application-cluster/monitor-node-health/) + * Kernel crash with Aufs storage driver on Debian Jessie ([#27885](https://github.com/kubernetes/kubernetes/pull/27885)) which can be identified by the [node problem detector](https://kubernetes.io/docs/tasks/debug-application-cluster/monitor-node-health/) * Leaked File descriptors ([#275](https://github.com/docker/containerd/issues/275)) - * Additional memory overhead per container ([[#21737](https://github.com/kubernetes/kubernetes/pull/21737)](https://github.com/docker/docker/issues/21737)) + * Additional memory overhead per container ([#21737](https://github.com/kubernetes/kubernetes/pull/21737)) * Docker 1.10.3 contains [backports provided by RedHat](https://github.com/docker/docker/compare/v1.10.3...runcom:docker-1.10.3-stable) for known issues @@ -2152,7 +2152,6 @@ filename | sha256 hash * The Prometheus metrics for the kube-apiserver for tracking incoming API requests and latencies now return the `subresource` label for correctly attributing the type of API call. ([#46354](https://github.com/kubernetes/kubernetes/pull/46354), [@smarterclayton](https://github.com/smarterclayton)) * Add Simplified Chinese translation for kubectl ([#45573](https://github.com/kubernetes/kubernetes/pull/45573), [@shiywang](https://github.com/shiywang)) * The --namespace flag is now honored for in-cluster clients that have an empty configuration. ([#46299](https://github.com/kubernetes/kubernetes/pull/46299), [@ncdc](https://github.com/ncdc)) -* NONE ([#45317](https://github.com/kubernetes/kubernetes/pull/45317), [@ericchiang](https://github.com/ericchiang)) * Fix init container status reporting when active deadline is exceeded. ([#46305](https://github.com/kubernetes/kubernetes/pull/46305), [@sjenning](https://github.com/sjenning)) * Improves performance of Cinder volume attach/detach operations ([#41785](https://github.com/kubernetes/kubernetes/pull/41785), [@jamiehannaford](https://github.com/jamiehannaford)) * GCE and AWS dynamic provisioners extension: admins can configure zone(s) in which a persistent volume shall be created. ([#38505](https://github.com/kubernetes/kubernetes/pull/38505), [@pospispa](https://github.com/pospispa)) @@ -2610,7 +2609,6 @@ filename | sha256 hash * The Prometheus metrics for the kube-apiserver for tracking incoming API requests and latencies now return the `subresource` label for correctly attributing the type of API call. ([#46354](https://github.com/kubernetes/kubernetes/pull/46354), [@smarterclayton](https://github.com/smarterclayton)) * Add Simplified Chinese translation for kubectl ([#45573](https://github.com/kubernetes/kubernetes/pull/45573), [@shiywang](https://github.com/shiywang)) * The --namespace flag is now honored for in-cluster clients that have an empty configuration. ([#46299](https://github.com/kubernetes/kubernetes/pull/46299), [@ncdc](https://github.com/ncdc)) -* NONE ([#45317](https://github.com/kubernetes/kubernetes/pull/45317), [@ericchiang](https://github.com/ericchiang)) * Fix init container status reporting when active deadline is exceeded. ([#46305](https://github.com/kubernetes/kubernetes/pull/46305), [@sjenning](https://github.com/sjenning)) * Improves performance of Cinder volume attach/detach operations ([#41785](https://github.com/kubernetes/kubernetes/pull/41785), [@jamiehannaford](https://github.com/jamiehannaford)) * GCE and AWS dynamic provisioners extension: admins can configure zone(s) in which a persistent volume shall be created. ([#38505](https://github.com/kubernetes/kubernetes/pull/38505), [@pospispa](https://github.com/pospispa)) @@ -3039,7 +3037,6 @@ filename | sha256 hash * This adds support for CNI ConfigLists, which permit plugin chaining. ([#42202](https://github.com/kubernetes/kubernetes/pull/42202), [@squeed](https://github.com/squeed)) * API requests using impersonation now include the `system:authenticated` group in the impersonated user automatically. ([#44076](https://github.com/kubernetes/kubernetes/pull/44076), [@liggitt](https://github.com/liggitt)) * Print conditions of RC/RS in 'kubectl describe' command. ([#44710](https://github.com/kubernetes/kubernetes/pull/44710), [@xiangpengzhao](https://github.com/xiangpengzhao)) -* `NONE` ([#44487](https://github.com/kubernetes/kubernetes/pull/44487), [@resouer](https://github.com/resouer)) * cinder: Add support for the KVM virtio-scsi driver ([#41498](https://github.com/kubernetes/kubernetes/pull/41498), [@mikebryant](https://github.com/mikebryant)) * Disallows installation of upstream docker from PPA in the Juju kubernetes-worker charm. ([#44681](https://github.com/kubernetes/kubernetes/pull/44681), [@wwwtyro](https://github.com/wwwtyro)) * Fluentd manifest pod is no longer created on non-registered master when creating clusters using kube-up.sh. ([#44721](https://github.com/kubernetes/kubernetes/pull/44721), [@piosz](https://github.com/piosz)) @@ -3158,7 +3155,6 @@ filename | sha256 hash * - gcr.io/google-containers/etcd-empty-dir-cleanup * - gcr.io/google-containers/kube-dnsmasq-amd64 * Check if pathExists before performing Unmount ([#39311](https://github.com/kubernetes/kubernetes/pull/39311), [@rkouj](https://github.com/rkouj)) -* NONE ([#39768](https://github.com/kubernetes/kubernetes/pull/39768), [@rkouj](https://github.com/rkouj)) * Unmount operation should not fail if volume is already unmounted ([#38547](https://github.com/kubernetes/kubernetes/pull/38547), [@rkouj](https://github.com/rkouj)) * Updates base image used for `kube-addon-manager` to latest `python:2.7-slim` and embedded `kubectl` to `v1.3.10`. No functionality changes expected. ([#42842](https://github.com/kubernetes/kubernetes/pull/42842), [@ixdy](https://github.com/ixdy)) * list-resources: don't fail if the grep fails to match any resources ([#41933](https://github.com/kubernetes/kubernetes/pull/41933), [@ixdy](https://github.com/ixdy)) @@ -5370,7 +5366,6 @@ filename | sha256 hash * PodSecurityPolicy resource is now enabled by default in the extensions API group. ([#39743](https://github.com/kubernetes/kubernetes/pull/39743), [@pweil-](https://github.com/pweil-)) * add --controllers to controller manager ([#39740](https://github.com/kubernetes/kubernetes/pull/39740), [@deads2k](https://github.com/deads2k)) * proxy/iptables: don't sync proxy rules if services map didn't change ([#38996](https://github.com/kubernetes/kubernetes/pull/38996), [@dcbw](https://github.com/dcbw)) -* NONE ([#39768](https://github.com/kubernetes/kubernetes/pull/39768), [@rkouj](https://github.com/rkouj)) * Update amd64 kube-proxy base image to debian-iptables-amd64:v5 ([#39725](https://github.com/kubernetes/kubernetes/pull/39725), [@ixdy](https://github.com/ixdy)) * Update dashboard version to v1.5.1 ([#39662](https://github.com/kubernetes/kubernetes/pull/39662), [@rf232](https://github.com/rf232)) * Fix kubectl get -f -o so it prints all items in the file ([#39038](https://github.com/kubernetes/kubernetes/pull/39038), [@ncdc](https://github.com/ncdc)) @@ -6839,10 +6834,8 @@ binary | sha256 hash * Move push-ci-build.sh to kubernetes/release repo ([#32444](https://github.com/kubernetes/kubernetes/pull/32444), [@david-mcmahon](https://github.com/david-mcmahon)) * vendor: update github.com/coreos/go-oidc client package ([#31564](https://github.com/kubernetes/kubernetes/pull/31564), [@ericchiang](https://github.com/ericchiang)) * Fixed an issue that caused a credential error when deploying federation control plane onto a GKE cluster. ([#31747](https://github.com/kubernetes/kubernetes/pull/31747), [@madhusudancs](https://github.com/madhusudancs)) -* NONE ([#32229](https://github.com/kubernetes/kubernetes/pull/32229), [@errordeveloper](https://github.com/errordeveloper)) * Error if a contextName is provided but not found in the kubeconfig. ([#31767](https://github.com/kubernetes/kubernetes/pull/31767), [@asalkeld](https://github.com/asalkeld)) * Use a Deployment for kube-dns ([#32018](https://github.com/kubernetes/kubernetes/pull/32018), [@MrHohn](https://github.com/MrHohn)) -* NONE ([#32067](https://github.com/kubernetes/kubernetes/pull/32067), [@erikh](https://github.com/erikh)) * Support graceful termination in kube-dns ([#31894](https://github.com/kubernetes/kubernetes/pull/31894), [@MrHohn](https://github.com/MrHohn)) * When prompting for passwords, don't echo to the terminal ([#31586](https://github.com/kubernetes/kubernetes/pull/31586), [@brendandburns](https://github.com/brendandburns)) * add group prefix matching for kubectl usage ([#32140](https://github.com/kubernetes/kubernetes/pull/32140), [@deads2k](https://github.com/deads2k)) @@ -7523,7 +7516,6 @@ binary | sha256 hash * allow group impersonation ([#30803](https://github.com/kubernetes/kubernetes/pull/30803), [@deads2k](https://github.com/deads2k)) * Always return command output for exec probes and kubelet RunInContainer ([#30731](https://github.com/kubernetes/kubernetes/pull/30731), [@ncdc](https://github.com/ncdc)) * Enable the garbage collector by default ([#30480](https://github.com/kubernetes/kubernetes/pull/30480), [@caesarxuchao](https://github.com/caesarxuchao)) -* NONE ([#30599](https://github.com/kubernetes/kubernetes/pull/30599), [@therc](https://github.com/therc)) * use valid_resources to replace kubectl.PossibleResourceTypes ([#30955](https://github.com/kubernetes/kubernetes/pull/30955), [@lojies](https://github.com/lojies)) * oidc auth provider: don't trim issuer URL ([#30944](https://github.com/kubernetes/kubernetes/pull/30944), [@ericchiang](https://github.com/ericchiang)) * Add a short `-n` for `kubectl --namespace` ([#30630](https://github.com/kubernetes/kubernetes/pull/30630), [@silasbw](https://github.com/silasbw))