348 KiB
		
	
	
	
	
	
	
	
			
		
		
	
	- v1.26.9
- v1.26.8
- v1.26.7
- v1.26.6
- v1.26.5
- v1.26.4
- v1.26.3
- v1.26.2
- v1.26.1
- v1.26.0
- v1.26.0-rc.1
- v1.26.0-rc.0
- v1.26.0-beta.0
- v1.26.0-alpha.3
- v1.26.0-alpha.2
- v1.26.0-alpha.1
v1.26.9
Downloads for v1.26.9
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | b3c250c125d1851a8eb83022d0a32ee6906ef8c7ca405ed481da950401c87c4c00dd5db35583b2db5b1bc8857c0ec768b77d145885c02fe5288b792f72cc3732 | 
| kubernetes-src.tar.gz | 0a6a8f9c09283aa6bcc6619adfdff8fe6d104c1b7cf00428036bd870f11c8c8554381df69fd88e9559a688bdd3f6555b334c126a2a288cfc384c32d8047e66cd | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | c3dc15dbc38e9a9c0d4023a5c30173e7a9392f819e4d6fcfc5ec2587215ce02827e29b54c9c28ae721864bd690077b3c429be00d8fb4ca37892a1c2281948cec | 
| kubernetes-client-darwin-arm64.tar.gz | 0ca3b195ad56d270e809a8b401e09dfb1a231200f305b61edc142842fffbfc92bbe8bf3eeb4a7606c6598b0f736d7d8b7b61d260d79069444d27ea555b93dd04 | 
| kubernetes-client-linux-386.tar.gz | 8c6d2c075997bc437744ab2018fae8d647f49a5bf52b7eb7723a2bc4ab36838a33ed191a22baa2cc422a9cfd18c1846c71d5b6e80c4648c00753c7fa8edff920 | 
| kubernetes-client-linux-amd64.tar.gz | d23077cbbea4177d889f5cfe821d954665a26779a259f77401589b1a10a2c18834008fb58439f57359ad00d1070715f68f28dd1fa0ecfb05736542daa8f47281 | 
| kubernetes-client-linux-arm.tar.gz | f99ab562480a0c5df27caf9ca3569bf1861570219b2b7670e1496571b84f35726f1678dc094b7d53cdd206ad6b2f64ed94c0c1a317015090b98c1277343386cd | 
| kubernetes-client-linux-arm64.tar.gz | bae2adb54d241389243a946f068fa65294ba8b9531aea316a81ab86aee36ca2a5c5c2bc9766287ebf9c1c22e3d101780e417bef688cdc85620776e071606c36e | 
| kubernetes-client-linux-ppc64le.tar.gz | fef71798f06c676e07de13c573160f93d3d8dc11ecd8fdcbef8d9f4276090bbaae947d9d32097521825f107a2b815d13cc8a62dbbf2e525ee8db1e229c0c9934 | 
| kubernetes-client-linux-s390x.tar.gz | f8efde4546532c33402dea989f55b670f8d7fd9b5197644830545f460fbd30e81796f3a8aea04747dc82a1ff7c6f9eb523d14327d6db641d109278d80faf16b5 | 
| kubernetes-client-windows-386.tar.gz | 2fa7535792ccf0a5b012de7506319708966538bf0e785f9af6a8b241c9940ae50241a1a6121abeeef82ac00e0117e4d9352156b9b089ea292be015b508332bd9 | 
| kubernetes-client-windows-amd64.tar.gz | 134a8478a2dce0dff8090789aa35c80d3e4600d6b7e58ac11d5688932297caf7961601a51e75f780d84b7101d6a646807190455e787835baefc5f606d4f54e2b | 
| kubernetes-client-windows-arm64.tar.gz | 137b08868f2d140bbc49389d6aaedb2e4a40dce954f9f2b209debee4598692ea2604cdd75d6a541c45f7ca692b5142bdf46eb8722673ef13ad980f79edf0a566 | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 70f7a1792c44ec3cc55ca2ab2d4baf9bdb2ef65e3e95f0bd16698d01243a4955e7b1a8a7b4ec6d93d1f93bea30f4fc9aeccdfb61446d30ce0088ea6d2ae4a695 | 
| kubernetes-server-linux-arm.tar.gz | 17eba51ee774321385ad85b31eab3626255905b1c29d010dc258d6e171f08e78553e28881249717b9759de47a64403019e35df52e5479336cc908a9af735afc5 | 
| kubernetes-server-linux-arm64.tar.gz | d298567bc35009b188cff37944630771fbe27b98fff34d1b30ba4d2070e00cc3d398548e3134b6ed01b2ad1e9efb56946e0ca08188fe688d6e1cb60a2c02dcc2 | 
| kubernetes-server-linux-ppc64le.tar.gz | f0937964bef8a277256509ce383ac46845df6eeacfb87be55ffad2de518c1e1ed2c51d88ff0f7e89b3308b93e8808a785a940fe80cd2b1d9f45ee1e1d0e689ca | 
| kubernetes-server-linux-s390x.tar.gz | 01dc19e94695ad1968b726c128dfbe0d6e3dac1fb6740dbad1f1342f475e2ce56f76a116abeb7e35b88997c9c9173c4c3342d78ec7f6fccd3240ddb2f8a9dfd5 | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 30a26836b7dbeb96e91866d585a42a1498d400aff9ee444873be3e252efb30470e9d0364e02cc585334ba8bad30f28b0d9cd3eaba1b5b306391b6d148267c757 | 
| kubernetes-node-linux-arm.tar.gz | 885d97968dc806ccf7d0a918b191ba0c2aa88f47d7a977dad7bbf653e671525a0715b206e279cbcac41671c10a9b01fd685c0833e445ffdb2438a57b37589e98 | 
| kubernetes-node-linux-arm64.tar.gz | efe30fb5e0de9cca8d40fcfbf55956ffe72c96d197ea24e09965e084376df482459e314f057ce93431831159902b9ddec96969fe95fe0350c5e545a02d63edd4 | 
| kubernetes-node-linux-ppc64le.tar.gz | 50010742df6061a09426ef261470da4fcdabbff282331da1d66093eb4c045202109c54403b95b40858ef715df71476311396ed0314076b38dd88b452f3b6b342 | 
| kubernetes-node-linux-s390x.tar.gz | 14f87db9f1efa8358ab16b3165fafbbfe589de0596d7ebc38d3ed68478dd628e051e24cb0b7dcca8ef418050d077fe6b1a7b3af5c3287186d5c06a9bbec39a15 | 
| kubernetes-node-windows-amd64.tar.gz | cdb87a5899ce125c8c0a92f88cbe69a9de2356123b86b37010a4d39bc46ada62a05bafd1735b6eabf26d55c8e8ae2855c163b814bd784ae614a029e8af039d3c | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.8
Changes by Kind
API Change
- Fixed a bug where CEL expressions in CRD validation rules would incorrectly compute a high estimated cost for functions that return strings, lists or maps. The incorrect cost was evident when the result of a function was used in subsequent operations. (#119810, @jpbetz) [SIG API Machinery, Auth and Cloud Provider]
- Mark Job onPodConditions as optional in pod failure policy (#120210, @mimowo) [SIG API Machinery and Apps]
Feature
Bug or Regression
- Cherry-pick #115769: Fix the problem Pod terminating stuck because of trying to umount not actual mounted dir. (#119831, @cartermckinnon) [SIG Node and Storage]
- Fix a concurrent map access in TopologyCache's HasPopulatedHintsmethod. (#120324, @Miciah) [SIG Apps and Network]
- Fixed a 1.26 regression scheduling bug by ensuring that preemption is skipped when a PreFilter plugin returns UnschedulableAndUnresolvable(#119953, @sanposhiho) [SIG Scheduling]
- Fixes a bug where images pinned by the container runtime can be garbage collected by kubelet. (#120055, @ruiwen-zhao) [SIG Node]
- Fixes issue https://github.com/kubernetes-sigs/cloud-provider-azure/issues/4230 and removes the additional filtering on NotReadynodes by the azure cloud provider code (#119128, @alexanderConstantinescu) [SIG Cloud Provider]
- Fixes regression in 1.26.5 causing running pods with devices to be terminated if kubelet is restarted (#119706, @ffromani) [SIG Node and Testing]
- Ignore context canceled from validate and mutate webhook (#120019, @divyasri537) [SIG API Machinery]
- Kubeadm: fix nil pointer when etcd member is already removed (#120012, @neolit123) [SIG Cluster Lifecycle]
Other (Cleanup or Flake)
- When retrieving event resources, the reportingController and reportingInstance fields in the event will contain values. (#120066, @HirazawaUi) [SIG Instrumentation]
Dependencies
Added
Nothing has changed.
Changed
- github.com/google/cel-go: v0.12.6 → v0.12.7
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.35.0 → v0.35.1
Removed
Nothing has changed.
v1.26.8
Downloads for v1.26.8
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | d05a927b6bc3a8f2f2518e26b8403b3659ddd9f6453052e8c5e1041fadba556ebe8b5a114e9bb518a3a284f545a80c52cddc7e596289c09aaa1724f79244a56e | 
| kubernetes-src.tar.gz | 753830d94c25788d0f4cfed0f5ee3422a469b51347567d636eeb41ef35ef3fc9d6854ee53ee3617df43e4b89368fbc708a0c34392a66a20eefc170a48a4711f1 | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | e736767bdd069afb4b05dd6c8fb827095a9196ec84f05ef23fc70474da4f58a8b2bf3f86c832c0903a1b6ae1d250a0632c0982ecb4d0d7bbdcf8bb1df759e449 | 
| kubernetes-client-darwin-arm64.tar.gz | bc9d2da1ee1c5d1b409fa3a0655960585565a621777641118e2f174d1d7b78ceeacd7520dac98c312a937142ee486078481a5849fdc7c8ae680dd2f535ce92b3 | 
| kubernetes-client-linux-386.tar.gz | 073ba93363d7876a60149215e086aedcbdde587ddf0097a879839035bd6eb67e49ecc35f9aca8efae87e8cde85ea1e9d23ee812b9f6946b51823a99917c43bd0 | 
| kubernetes-client-linux-amd64.tar.gz | 98d7f82c1e3b2615e13b5e6b05d9711859908dd6bdc2d1a546bbc7a89ee59e17b9396e11f543e2165dcf090227cffad0cdf984a1348ff6a0b444458f0bfaa6e3 | 
| kubernetes-client-linux-arm.tar.gz | db99eef429747e01a6a6abb3eac3d3559d19ade94e14bdc0d541311a681ea3a645ef8aa95c3c8ad9e55b5f3bad080b3c652c39f245f92661db31367751ea6c68 | 
| kubernetes-client-linux-arm64.tar.gz | 8f0a39a9dc5ebe13227dfcfd558de792c8de8eafcca636570c65463ced79d65907fd302f766f0f69f5724c45ee1dc33005b25f915e9218f699268b41d6ef438d | 
| kubernetes-client-linux-ppc64le.tar.gz | c67800e40946d7ddd13ed6652624bb44bba7c1e58f20ba0265ebe1d05fa1fb58096dc1510d2331785e81fc51d3e8395ecebf20cd09ac4d6fba78a623b10408f2 | 
| kubernetes-client-linux-s390x.tar.gz | d244e243d165291a593bfff7598383063ee64c4fdf1494f4ec7ab39109fd249b82c08e861da70105d84e5dbbdbbba0cda8d4187ee21749523891fdcbf8aa1b49 | 
| kubernetes-client-windows-386.tar.gz | 548f91a91173be73cbe048410ad02c1d0f44cce1bafd2b53437a1a4b08dd34f0c015ea1795a112982ac0e72058c4c3272b73ddd350b6859691406658f4329806 | 
| kubernetes-client-windows-amd64.tar.gz | b3dd181d6191eaa156895175bf71e1fd1493d46faf95e7b107536d11fdaf165058ce061f6a009f7c7926e44ed2b60a1fed2eac065091192b8d946f0abe54036e | 
| kubernetes-client-windows-arm64.tar.gz | f031a47a955e3f517af324eba81b7a67b0d3c7f2fca55dc61df1fee323998b86f956ab803c05f2dd49fa0b277d73e21f1183b3efa08a5c879eab933d52eca6a4 | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | d6b8d6c65ed2cd6cd3c9fcceca8b94febcfeec8ea4bdc868020473dbc3ab92b55483bdcd62d8cd71e70e1a85a427db9378075156bd4bda6566b61644f9bda9e3 | 
| kubernetes-server-linux-arm.tar.gz | 73319f07a94b5a3188a49aab2d94c1064c805a91227f135b2906e8f43c2ff7a5c3e23dc7393ba253b2a1807ad5de278539f72c343423c32b97fcad0eea7ca48f | 
| kubernetes-server-linux-arm64.tar.gz | 7eaa74d7db28642a5cc377721cedba1521bbe4f9f64f54827d847d94a2578d3f42f2bf2dc8fce78618e87263808c789581f5818a93261cb6ba458b6743989ee7 | 
| kubernetes-server-linux-ppc64le.tar.gz | 7a410a48a78dd5ba39baba16890c4f8a7a63bf66195442649a471f9ddfe07ea6de0d8d3f8365106728f4c535c4eb4790776870eae4cd84c5e51ca0c9b5b21f4c | 
| kubernetes-server-linux-s390x.tar.gz | c688e667404a627c2e150410ab461141018249c79f2cf8a105fa0c384f44541c9b9b6a5fae9e4a84f0e26a5a7ae0a815940d2883f0a15a4f16fc6f7269fb81e0 | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | d43905822a0ee9ec7e249e41fbac5301513719e624a13761f226e2a745f288697b2ae1180bdfd76ecdc380d5be74de59129372c815d143d03561c4d27684abc6 | 
| kubernetes-node-linux-arm.tar.gz | e2631abb69a80618f4dee64b8c0f769bee159e9938cf623d243ea581a827e94ae300604b5b0bb872c8be453b86970e7afceeae93461f6703a45a37ecab4d4fb4 | 
| kubernetes-node-linux-arm64.tar.gz | 722e8ef87b7424c3e84f4eb3b45fe5cc6350651ea3247b1b37e9875d536122580ca84c49732f477dd7ca98e32bf920020a43d505dcf0406524c027008a875802 | 
| kubernetes-node-linux-ppc64le.tar.gz | 98924287839ee63e3d4340df22efc1871c4ee19ed7ebb4620ce965a2e60192250221360880dc6d32503bf1db7ee30aa1c45a6a4be9cd35b659bb61f18fb99d76 | 
| kubernetes-node-linux-s390x.tar.gz | d1276aa1972c16e7002438bd057cc32a9fbea76a7cb71c1a1551fca9e118d2c1c525eb13c4c1ff80e4b5f6c8ba1465eb812b6ecdd7e7b126410cb074faea0a87 | 
| kubernetes-node-windows-amd64.tar.gz | 8ec8392b98492522f54fdc4599cecc7c80fff73c2bdec8041b454f42df0f739ebb8cbc777b3e78f6da4b811dbebe7682f7e3a60a8068dfac26ce26f91f050f64 | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.7
Important Security Information
This release contains changes that address the following vulnerabilities:
CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Affected Versions:
- kubelet <= v1.28.0
- kubelet <= v1.27.4
- kubelet <= v1.26.7
- kubelet <= v1.25.12
- kubelet <= v1.24.16
Fixed Versions:
- kubelet v1.28.1
- kubelet v1.27.5
- kubelet v1.26.8
- kubelet v1.25.13
- kubelet v1.24.17
This vulnerability was discovered by James Sturtevant @jsturtevant and Mark Rossetti @marosset during the process of fixing CVE-2023-3676 (that original CVE was reported by Tomer Peled @tomerpeled92)
CVSS Rating: High (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Affected Versions:
- kubelet <= v1.28.0
- kubelet <= v1.27.4
- kubelet <= v1.26.7
- kubelet <= v1.25.12
- kubelet <= v1.24.16
Fixed Versions:
- kubelet v1.28.1
- kubelet v1.27.5
- kubelet v1.26.8
- kubelet v1.25.13
- kubelet v1.24.17
This vulnerability was reported by Tomer Peled @tomerpeled92
CVSS Rating: High (8.8) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Changes by Kind
API Change
- Aggregated discovery now returns responseKind: {}for resources which are missing group/version/kind information, to ensure compatibility with v0.26.0-v0.26.3 clients. (#119835, @liggitt) [SIG API Machinery and Testing]
Feature
- Kubeadm: generate CA certificates with a start time that is offset 5 minutes in the past relative to the current system time to workaround cases of clock desync. client-go: allow to set NotBefore in NewSelfSignedCACert() (#119114, @champtar) [SIG API Machinery, Auth and Cluster Lifecycle]
- Kubernetes is now built with Go 1.20.7 (#119830, @jeremyrickard) [SIG Release and Testing]
Bug or Regression
- 
Fix Topology Aware Hints not working when the topology.kubernetes.io/zonelabel is added after Node creation
- 
Revert kubelet prober metrics podtag to include actual pod name (#118549, @a7i) [SIG Node]
- 
Update kube-apiserver's priority & fairness work estimator such that 'max seats' is MIN(0.15 x nominalCL, nominalCL / handSize) This fixes a bug where clients with requests using hand size x max seats greater than the nominal concurrency limit can starve other requests in the same priority level. (#118601, @andrewsykim) [SIG API Machinery] 
- 
Update the Event series starting count when emitting isomorphic events from 1 to 2. (#119375, @dgrisonnet) [SIG API Machinery and Testing] 
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
v1.26.7
Downloads for v1.26.7
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | 427b640ba7391715c278532e24651d0d6ae0adc9e0b1280d6a02ae35a29004399b9112c89d834ad6147c0eecf877d3877054e7b9eae414bee24daf02f8f64de4 | 
| kubernetes-src.tar.gz | 656225858c48047813b86a06b8f423306a4697f89a440817f308a4d362c89ea82cd989e806a79216dfb5603b29d63a7119137442789d12770190cae0567d0606 | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | f9dac5e9e8b66749ca02bf1bbd56e2f24cfd3823974250e5c1aa5d05f0c0529610f158ed639fc39a62cd65a270979f53c3c2f1a2d0f97b9e88381adcaf23c91a | 
| kubernetes-client-darwin-arm64.tar.gz | b63e71ee7b0885bcc14d2119930fa8a275909a5f8665668102b3ee0273c5f1228e95a60821b91f56902fdc4ccc8c025ff8ce5675fbd0a9fb5d2613c732843d96 | 
| kubernetes-client-linux-386.tar.gz | 0667d15b0f2a80b97aa47b279cad505a912cf0e142b0634d0fc0c422d9174d9379224481a13410be0917429bb1ad46440c9d62d0f55b11be7728784473824cd0 | 
| kubernetes-client-linux-amd64.tar.gz | 031579fce4e2a62da2cd601543fd43630dcc365a86540984efaf8656021b569b7147f189078938ef3c6e81d9bf5a60016774d018d2b97d0cb4a797ba0e715558 | 
| kubernetes-client-linux-arm.tar.gz | 69d51faf682297672e6a7bfb96b4beeedc4e432c3b29c89854f925286aeb6cddb2c52e83f9dc46396b80407811f863a2906d70bf69dad89734df98ac57682cf1 | 
| kubernetes-client-linux-arm64.tar.gz | d16e2ee4a7c27153425cd22e4909a7d76394456743004d1bb1b4ad7200681cc08e6fb0b30b082107609ae3ee93c6235d107f40a61ef605499497febfb2a1da2f | 
| kubernetes-client-linux-ppc64le.tar.gz | 7548a7a7a32cb183744065360269532e5678d0dca96f488db3c2c4392d6842e29451b2c8efa74bc373bfa7aaadba3d3486d921b9455b73caa7472c296c200e34 | 
| kubernetes-client-linux-s390x.tar.gz | 2a1bc4d1c3e4183d0bff6147f79835968e0057aa87e3f6b492c6cf74eb8b0a99d8d52d1f9f9f1d43e0ae8c5c34bf5118d1c161547b2607aa0bbd982f3a063908 | 
| kubernetes-client-windows-386.tar.gz | fdd03326304233df5f067bcde8f8e1c924e1c9555532e0215d4d8cd3fce206608cb44e73c4433ddbf667c8a1cda6b2007377d010ceff8374650eccf06b19741a | 
| kubernetes-client-windows-amd64.tar.gz | 1fa892644a589a1907e783eb4e58605f5f893196139489819739b28042754f2eeea6acfde29f45dd8cf369ecaf55700a4e6cefb86b7d819cc6f7e415b96b3b5f | 
| kubernetes-client-windows-arm64.tar.gz | aa5c0c63fcf3e50fec3f1b07bf186f5c90f00d5475740b6d96a455d1c4ff93edc6e3d9168b68ff2d662d8d70c5b660becd96c6e9722f802c39992f9c16abd558 | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 51e9e8a2a5bb9d675828a84e9c4fca7f96ad1d732fe6b59e4f0f9528e2423cda446e4e964d0f1ed656ec2ce6f230c8d9973614ede71e2f9217391998baa96d5c | 
| kubernetes-server-linux-arm.tar.gz | 6b18fe2847efc11d967d8e2e8b175e6b34bcb51b9696ac1f4d864147f4fe6cbaa228ef60b9f18fed979c8ada87b676dc2200162f3923bd515098030bfd112adf | 
| kubernetes-server-linux-arm64.tar.gz | d5f20ca6fc5e2888cd22580c7182ed05e943bf70bb1e9fb063dd4f6b9cf20305792f7fd77d25250044176743ae16aaa80ff8ddc14e5c22eddc0415608e033079 | 
| kubernetes-server-linux-ppc64le.tar.gz | adb7f9812673f4c0edcf3a0475e19bfca18a3be9a960e008f1e04a69d7dd371354ba8aea1223d0606991aa57b62bdcc7d6c6fdfba4c916a9acd4c73a5492c51d | 
| kubernetes-server-linux-s390x.tar.gz | 00b034cf27967f8ff747ca348fa97d5658d863f3169aa42eed6d28eea65e6eddffc745379d784223a35feb6d679ff1f309560e176083635ff38c99a95eb13421 | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 9c7327d500848cef054099435179512a2224b79e5df2c031f0a106c9deedf8c1efae14217a3847d23391e4959852ded621b11adf40bad2f9782bd183bfb21fd8 | 
| kubernetes-node-linux-arm.tar.gz | f2674eb38e1595c04fc8d6c70c0976f5e00746f6d200803ab44c5f7a307a4bb8f91b131bc5c2c119bdb7265236720daa942727402c84142ebf30bcfed01786ff | 
| kubernetes-node-linux-arm64.tar.gz | e20c360abdfd1852300e6d1a3222db5a3c9b13487f2138d065cc94821411b1c4e2baf4c28163d5f5be68ff2350a7e03cf1fbe11be4e0d9b0711524488be05710 | 
| kubernetes-node-linux-ppc64le.tar.gz | 6501d4eb3e584910dd4526c83ebe348efb0aef5114bd40b0e2a4acf954b3f9d4c6a1b68ed4bb88c0926c5defdf06ebb4011448f882d2d59fdbf32bf7a5b8d51a | 
| kubernetes-node-linux-s390x.tar.gz | 85ab0f86ab611804d77700ed92738e4623ad49015886b9913e17f0555c6d346820bbbd2f78fdd8c043a98e7d509fe99ee44debe17f6fd90b2af446bcbde6882b | 
| kubernetes-node-windows-amd64.tar.gz | 1ed1d2a6a2e3d315998ca9b396208c090b0f4f9d3e305bccd926e72e6ab955a27c8eaa0a20f562c155718a357219a8a54916b55d16e051910732f4654e948f7f | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.6
Changes by Kind
API Change
- GCE does not support LoadBalancer Services with ports with different protocols (TCP and UDP) (#115966, @aojea) [SIG Apps and Cloud Provider]
Feature
- Kubernetes 1.26.x is now built with Go 1.20.5 (#119201, @cpanato) [SIG Release and Testing]
- Kubernetes is now built with Go 1.20.6 (#119367, @xmudrii) [SIG Release and Testing]
Bug or Regression
- Fix component status calling etcd health endpoint over http which exposed kubernetes to the risk of complete watch starvation and is inconsistent with other etcd probing done by kube-apiserver. (#119038, @serathius) [SIG API Machinery]
- Fix cronjob controller handling of complex schedules, like "30 6-16/4 * * 1-5", for example (#119138, @kmala) [SIG Apps]
- Fixed a performance issue where pods weren't created/deleted in parallel for a StatefulSet with podManagementPolicy: Parallel. (#119223, @aleksandra-malinowska) [SIG Apps]
- Fixed file permission issues that happened during update of Secret/ConfigMap/projected volume when fsGroup is used. The problem caused a race condition where application gets intermittent permission denied error when reading files that were just updated, before the correct permissions were applied. (#114728, @furkatgofurov7) [SIG Storage]
- Fixed vSphere cloud provider not to skip detach volumes from nodes at kube-controller-startup. (#117243, @jsafrane) [SIG Cloud Provider]
- Kubeadm: explicitly set priorityfor static pods withpriorityClassName: system-node-critical(#119117, @champtar) [SIG Cluster Lifecycle]
- Only declare Job as finished after removing all Pod finalizers to avoid orphan Pods (#119163, @alculquicondor) [SIG Apps and Testing]
- The Daemonset controller creates replacements for terminal Pods, which can appear during VM preemptions or when using Pod finalizers (#118912, @alculquicondor) [SIG Apps and Testing]
- This PR adds additional validation for endpoint ip configuration while iterating through queried endpoint list. (#117225, @princepereira) [SIG Network and Windows]
- Updated cAdvisor to v0.46.1 - Fix metrics in cri-o when a container restarts (#118798, @harche) [SIG Node]
Dependencies
Added
Nothing has changed.
Changed
- github.com/google/cadvisor: v0.46.0 → v0.46.1
- github.com/rogpeppe/go-internal: v1.10.0 → v1.11.0
- golang.org/x/mod: v0.8.0 → v0.9.0
Removed
Nothing has changed.
v1.26.6
Downloads for v1.26.6
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | 163945f51f6cf9cd4b23952533902f8f58d0bf5c6e1825bcc83a57319c07824ad5adc375484fa54d823d685ecf81cbe3fc2fe3d373c6ffac00ec36ee92350109 | 
| kubernetes-src.tar.gz | 0929b7a01cb261d2df8f0f58f905cf3efec73a8b826dbafa1bb16d9bb4407a04cb9dd0a7dc4be9642c0c654969a6509e20aaf0420053c172b55b45af1dc74836 | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | 9563e3038b1238bf4bc81d5f16902660d6b63ba54c6c0411466ad311333bd9ebc5281c0511d850927d5bbdc981b5d944319b0f34892ef59e650e1cb10cf618b0 | 
| kubernetes-client-darwin-arm64.tar.gz | d635b09a430d3be3b835f5b0b6c1e754c97c54f8b0c35ff30e1e7ab22039c820ca6dca1cd8ed568ef3dd6529a1f5648396248e8a79c9b6727f514aa7974f61d7 | 
| kubernetes-client-linux-386.tar.gz | 76ef2fd226a74d99dee3cf91c89910e0c5aae3df21a9679200c9d03a1f1cf81b6283f291bb8beec399aae549e1f265c81cf68b0940c80b2610ce79cfd025b45d | 
| kubernetes-client-linux-amd64.tar.gz | aebb2bc49141ca8881d84a24b71d1f67e645efed0acc0b66c34a3e8c4de17eb4e2c0b5ae869d7a964dad4839e7e51480f6398bf24ff135085c9c5575798d2376 | 
| kubernetes-client-linux-arm.tar.gz | 569e174c138d1de1cd5356e0c329abdc0769864683baf652636c36c9eb2514746b071ff3ac064fbcadd6440656850265845cc2b59ae36533e2628c61ee9efdda | 
| kubernetes-client-linux-arm64.tar.gz | c8c7307d96b737dcb55f01cdd3888befff8168100cbd55f0dec78bb2662e03cfc7dcf2c5acdb00eced7226e5ae8350a624c3c8d2d158401569ef6f2057462665 | 
| kubernetes-client-linux-ppc64le.tar.gz | ecd7ab115b92610d229991005460e58f0cf2606dfadb3b63be900cedc71e48b9ffe48af0ddf2c433aa89458c30c435bb24bbad805c20e196ebd826d193a19938 | 
| kubernetes-client-linux-s390x.tar.gz | 137e1babf87a0e7c6050693ebe6dd68715ad29678eb7978a81ff5fad28e2568506d6c0ac070271132c44e9112a87b2d6061d7c4b4551f9b496d47f96bf819882 | 
| kubernetes-client-windows-386.tar.gz | 36f6eee8ac1db536919d93c019fc2e641b8f8e4263b99aa3cf8cb44c26e127c5f8dca188b9bc03395d0fa457153942940b9f5f1c30df4331704b9bb83e3757d6 | 
| kubernetes-client-windows-amd64.tar.gz | 9b907c88503a63d626b60d74b75dd42132ffb5c555508a809e7b299aedad5ae298960491226ffe4ccfec291a55b0613726f14625a49867b41a5d5ff641381667 | 
| kubernetes-client-windows-arm64.tar.gz | 3ac375ba345a04799303d6f6fb76d5950671a1d0039d6fb8fd44bc0d8f8d3e9c0138e624dbcf4317dba37b1ad8caa206d96186b289ee17e5324876d49aff0b71 | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 29a0d1715291cb4c75e0205281d15e1ab47ef63878f2a4e001ad897c11925138deb4c82ac2384c97fff9a679a8a7264358791454d645348a0a13a7061930e2a3 | 
| kubernetes-server-linux-arm.tar.gz | b688e8d2a6d4ec008ae87552cef9c673c20751f27fc4cd547d1a97b9cbee340eb41a3214e50304eb24e0dd906a9144280abcf4c9c29d3d5c98c0646dc8071f7d | 
| kubernetes-server-linux-arm64.tar.gz | 24395dde77bd68fd4440f11ad3f47b6caaddb20770b1db4ec211f71247bf314139be4cfb05bb66f2efded2b5a39514b8b8e628719ddb3485067b6d1bb96e90b5 | 
| kubernetes-server-linux-ppc64le.tar.gz | 8deb3a808bf55e6c9f983c54a3b8c190ae3c29064a3a50747a838a46a92e9863a6e89af8e9543764e9c48590f60a6a5418d9d1f7d323f7dee8171c407deb53c6 | 
| kubernetes-server-linux-s390x.tar.gz | 74d5c4872308c82a5cccd16e957cd53dbc464f05c2b4f6942b009ec9da36dc542254f23c349dbd18ec69620c93364d5d20dc458f24ad9ba96c70c536ab71d28c | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 2c6d6356de128c7e32b68cd0d44f8631480c0e880c6edc7c9e1e9fe8bef0da3f9186eab1742ad4a9967102ac16aba230bd7c39b0c92b5920d19ded0f0b51a919 | 
| kubernetes-node-linux-arm.tar.gz | cac2e10c808cdb81f2a772d4adf1a685044bdc7f5a9dc4cb81285233c6be9ce1f77fae2bd235388dc76f0b644f9ba9b3d3405f5217a99ea2958d7635d46713a0 | 
| kubernetes-node-linux-arm64.tar.gz | f06b6950ef31bcf76cb3f7689adb67c691124c22b0ca603a5f95a563f9bc9bb5345e753946f0b603af0324c8a17bb693f16b2a7a3efc223cf4314a645aaec7ce | 
| kubernetes-node-linux-ppc64le.tar.gz | 091660d6bf8e5a4b03aaf1207a6ef477935a8f0147f3a635c7e2f463ff011e41d6b88a183a2c6dcbeab101e81c5f02849c6edda07dcb386743c54577d04ea02b | 
| kubernetes-node-linux-s390x.tar.gz | 4c2fd30b7f90df0df86d4d0ac20652d511df94b037e3226814863371b80a3739400512abc08dcedd17b746b79bd7d058527fb0beb72ebfc60887fb09e1f6866d | 
| kubernetes-node-windows-amd64.tar.gz | 5b7a8f7ef9dfd38729054a06d41709b25f284a8a84f701f17ed766865b2bf9d20880cf40f3e10f7c092a532bc975f48e58e58f8860bd9e3dcaaa111161dae609 | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.5
Important Security Information
This release contains changes that address the following vulnerabilities:
CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account's secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with ephemeral containers.
Note: This only impacts the cluster if the ServiceAccount admission plugin is used (most cluster should have this on by default as recommended in https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#serviceaccount), the kubernetes.io/enforce-mountable-secrets annotation is used by a service account (this annotation is not added by default), and Pods are using ephemeral containers.
Affected Versions:
- kube-apiserver v1.27.0 - v1.27.2
- kube-apiserver v1.26.0 - v1.26.5
- kube-apiserver v1.25.0 - v1.25.10
- kube-apiserver <= v1.24.14
Fixed Versions:
- kube-apiserver v1.27.3
- kube-apiserver v1.26.6
- kube-apiserver v1.25.11
- kube-apiserver v1.24.15
CVSS Rating: Medium (6.5) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Changes by Kind
Feature
- Kubernetes 1.26.x is now built with Go 1.19.10 (#118555, @puerco) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release, Storage and Testing]
Bug or Regression
- Add DisruptionTarget condition to the pod preempted by Kubelet to make room for a critical pod (#118221, @mimowo) [SIG Node and Testing]
- Fixes a bug at kube-apiserver start where APIService objects for custom resources could be deleted and recreated. (#118104, @liggitt) [SIG API Machinery and Testing]
- If kubeadm resetfinds no etcd member ID for the peer it removes during theremove-etcd-memberphase, it continues immediately to other phases, instead of retrying the phase for up to 3 minutes before continuing. (#117916, @dlipovetsky) [SIG Cluster Lifecycle]
- Kubeadm: fix a bug where the static pod changes detection logic is inconsistent with kubelet (#118069, @SataQiu) [SIG Cluster Lifecycle]
Dependencies
Added
- github.com/a8m/tree: 10a5fd5
- github.com/dougm/pretty: 2ee9d74
- github.com/rasky/go-xdr: 4930550
- github.com/vmware/vmw-guestinfo: 25eff15
Changed
- github.com/google/uuid: v1.1.2 → v1.3.0
- github.com/kr/pretty: v0.2.1 → v0.3.0
- github.com/rogpeppe/go-internal: v1.3.0 → v1.10.0
- github.com/vmware/govmomi: v0.20.3 → v0.30.0
Removed
Nothing has changed.
v1.26.5
Downloads for v1.26.5
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | 18438efecabb4f2fa59a8bb72adbf1f317f9631c579cb0f0550d063be484054e4058cac3cbb6da87492c8d64bf39df018ba37a7abb30db34a7c2512963a352d1 | 
| kubernetes-src.tar.gz | 134b2da4865e4899fc826f1acc51ae7c2ba6b29d9ce2fa709a0e9d9e3398271b8cca99fe98f449e6f7e18e9439e4838761465b4f0133bc5f623f188f2d0b0173 | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | c1acdfeb6ae020c38e1bc6ab21a15eff6bcb4925101ca8fe501ec9017de25a608862ccf64b3792f27cd9025b8c750c11aa6e3b0ef807bfc6d1809c794c9ab651 | 
| kubernetes-client-darwin-arm64.tar.gz | 311af6a0a3a2a569ded1018be7e421b0785981910f722d383880e7f0c9bab7bd64011a1eebd6d2c3d5d71c61fa2db120490f6f9d86d1d7885271f78d24c668ab | 
| kubernetes-client-linux-386.tar.gz | cd800cf0d231e9eae2996719e22bb2278c131881e2ba86725c8df8fd486968d9d0e57b315668727de19e374acaa78127684f0d9c8f0616e57efb1718e2de14b9 | 
| kubernetes-client-linux-amd64.tar.gz | 54cbf70ad1e2f3a329999fae8f230ab23273fdf5ce0fd96aed82390da74f47004fb13e858fce610a395c2deb27c5b7011a72e981218c8a9e2a4fe3924905aea9 | 
| kubernetes-client-linux-arm.tar.gz | b86ecb55b8d7d7d7ce061f5908b88307d0cb4a5751c699aea710a594182bfb8a1325229746745e64b4f4dc3612ed754077a1e5ba93a013bcb7120a2c47098275 | 
| kubernetes-client-linux-arm64.tar.gz | 29ccab3926c6d9c4444281f7b9bb61b78485ea3acfaeff7cc1a62ab74b9d0e0dbfa4e55ba7ea5854714a88ecc74724485fd792ab18cd5e8f8d15758f2147d25a | 
| kubernetes-client-linux-ppc64le.tar.gz | 66cf7b492b7bf1b23158cc5ca076a6336fb88f492da1c646b4066b85987cff8e325fc8937c6c314b9f26d66a09aef8aa590e960dfedf3e0a01dc8d6cc9883e1f | 
| kubernetes-client-linux-s390x.tar.gz | a102b4c78223ea8e804a5d97073d0e7f338273891a1394d1de62973f131c3251c360b5ecc76cd78bb0e9f376a657de4cc9367daccc623b87515178ea49175d93 | 
| kubernetes-client-windows-386.tar.gz | 97e3d8fc793c27b2526c3f558b63ad5b22d1ed002b3ab0d56311ebe200e9b5254d144e8220d236422f4dfe475fce24803b9ccab6ee14d15dcc4aa01777067808 | 
| kubernetes-client-windows-amd64.tar.gz | b87540e9ba072f5a335f658aa66321fa8eb5673640f0682f86e5de533a441f7d95c9cb0a7f12d73591864656a4b89bbcf3e4bddd6e8c19d6ebad3fd148d0fd37 | 
| kubernetes-client-windows-arm64.tar.gz | 052a80fbcee9440522569f4f19a4ee5634bb893be0b398f8981564ef57e49caf11aebaf6bbb9d064e0afc623c07a27454ba2007441df6da78b7aee86c34d158e | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 50b2a1c4ed255b9f88fdeb2bb6177bea31547f477389d8bcad777074b204469eb6772aa7a10c76bf99e3b8af46f0ebda3a498657f110a32348193db905134195 | 
| kubernetes-server-linux-arm.tar.gz | 44abc4cb8854ae365f9aaa4115fb2f6ed0b6126c971791106fc6391681c243602e67a99f4f34b6098f91d0957cf9ad43ddcf7225300f0ffa30fb4bae45b0a546 | 
| kubernetes-server-linux-arm64.tar.gz | 68ee0cce7936e307deb3b2557ce3d5e75e496ce07b9be77477f088e73b7efce3dc7b41a6b425eaca1b6b3bd1f95e4d994aaa5600ea05b9751ec2b0616496e246 | 
| kubernetes-server-linux-ppc64le.tar.gz | 3ee0b1f67c800b82f2a5bee75709e77001d983bd8c547cfd95453d091e80bbb8b8f2b9448f182eb9cc1e0be1d9fa6dd14853cf318bc324e09200f01cc7ec0721 | 
| kubernetes-server-linux-s390x.tar.gz | fef74956da4c83fd4dd664a605f81d334cbf78f20f133c7cb07805e308e8641337119ce17c17b7f514c0002594fe90c960c5a7944d077361c735d072cdf1a879 | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 32ba84701e50b480eb9c5e5b1a0df119b6dfaa9e1d9944937f133e2e18c3d777b36afd0f4784cf20e4ef8e36a6e9b74086718ca9c179d6c6065c9b656cbcc173 | 
| kubernetes-node-linux-arm.tar.gz | cc49effb748f0e0a1262b91d3fe3cdf9c4800b8465914cf5b9327d340bebb00bf3b1981dcf863a162062044c0450e878430ee7ced64861ad103b0ea47c2941b3 | 
| kubernetes-node-linux-arm64.tar.gz | 4e4cc93d244f64535726632d905272b0d4a0943f298493c2774342ebebe6f39b97f64bca80325c2f127053a136171acaf4489a7ab9d03ebe65e638f263f04812 | 
| kubernetes-node-linux-ppc64le.tar.gz | 2eda0bf53db0e69f9806547fa239ad40bcce17b98ed4d7e1fca0b6a848bf6cd824e0a6fef7e40101a92418e72ce810b0ec05d2fd7bf886837d000addf86e13df | 
| kubernetes-node-linux-s390x.tar.gz | 3aaafec1ba19c0799db9d422c24fa1061b545730a4a174f088fa86058a7d3d9fb7c966bd1ff5750b4a06eab7f9d4dcb892bca033f91f306ae05e21adc97f961a | 
| kubernetes-node-windows-amd64.tar.gz | 99eab9022d127ca4cd50c567bdc137beb23ec3e6df0cdf6323e7349ad636d59b222b647338b805eb4f708187c033aa63d321fa301d067fc5c47cc7dc63d88569 | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.4
Changes by Kind
API Change
- Added error handling for seccomp localhost configurations that do not properly set a localhostProfile (#117020, @cji) [SIG API Machinery and Node]
- Fixed an issue where kubelet does not set case-insensitive headers for http probes. (#117182, @dddddai) (#117323, @dddddai) [SIG API Machinery, Apps and Node]
- Revised the comment about the feature-gate level for PodFailurePolicy from alpha to beta (#117814, @kerthcet) [SIG Apps]
Feature
Failing Test
- Allow Azure Disk e2es to use newer topology labels if available from nodes (#117216, @gnufied) [SIG Storage and Testing]
Bug or Regression
- CVE-2023-27561 CVE-2023-25809 CVE-2023-28642: Bump fix runc v1.1.4 -> v1.1.5
- During device plugin allocation, resources requested by the pod can only be allocated if the device plugin has registered itself to kubelet AND healthy devices are present on the node to be allocated. If these conditions are not sattisfied, the pod would fail with UnexpectedAdmissionErrorerror. (#116337, @swatisehgal) [SIG Node and Testing]
- Fix incorrect calculation for ResourceQuota with PriorityClass as its scope. (#117826, @Huang-Wei) [SIG API Machinery]
- Fix: the volume is not detached after the pod and PVC objects are deleted (#117340, @cvvz) [SIG Storage]
- Fixed a memory leak in the Kubernetes API server that occurs during APIService processing. (#117311, @enj) [SIG API Machinery]
- Fixes a regression in kubectl and client-go discovery when configured with a server URL other than the root of a server. (#117686, @ardaguclu) [SIG API Machinery]
- Number of errors reported to the metric storage_operation_duration_seconds_countfor emptyDir decreased significantly because previously one error was reported for each projected volume created. (#117022, @mpatlasov) [SIG Storage]
- Recreate DaemonSet pods completed with Succeeded phase (#117496, @mimowo) [SIG Apps and Testing]
- Resolves a spurious "Unknown discovery response content-type" error in client-go discovery requests by tolerating extra content-type parameters in API responses (#117638, @seans3) [SIG API Machinery]
- Setting a mirror pod's phase to Succeeded or Failed can prevent the corresponding static pod from restarting due mutation of a Kubelet cache. (#116482, @smarterclayton) [SIG Node]
- [KCCM] service controller: change the cloud controller manager to make providerIDa predicate when synchronizing nodes. This change allows load balancer integrations to ensure that theproviderIDis set when configuring load balancers and targets. (#117452, @alexanderConstantinescu) [SIG Cloud Provider and Network]
Other (Cleanup or Flake)
- A v2-level info log will be added, which will output the details of the pod being preempted, including victim and preemptor (#117214, @HirazawaUi) [SIG Scheduling]
Dependencies
Added
Nothing has changed.
Changed
- github.com/opencontainers/runc: v1.1.4 → v1.1.6
- golang.org/x/mod: v0.6.0 → v0.8.0
- golang.org/x/net: v0.7.0 → v0.8.0
- golang.org/x/sync: 886fb93 → v0.1.0
- golang.org/x/sys: v0.5.0 → v0.6.0
- golang.org/x/term: v0.5.0 → v0.6.0
- golang.org/x/text: v0.7.0 → v0.8.0
- golang.org/x/tools: v0.2.0 → v0.6.0
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.36 → v0.0.37
Removed
Nothing has changed.
v1.26.4
Downloads for v1.26.4
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | 308c5584f353fb2a59e91f28c9d70693e6587c45c80c95f44cb1be85b6bae02705eaa95e5a2d8e729d6b2c52d529f1d159aeddbfe4ca23b653a5fd5b7ea908b7 | 
| kubernetes-src.tar.gz | f2c79ec1f844a6c4211c8a829488f64979c9ae17dbb64e9863850e286c70ffa0a263d11c309907f5ca00749e82e4308286b1dc07f6f408bc36f50cba8be80e30 | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | 4ef66474031194fd10f233d1fe8a48d7166edffa4f04d41c24e7cb6242e3efda676f86e838b629392db1855ee36e8849be60d9b9789e93cdcf80aa4be0652a05 | 
| kubernetes-client-darwin-arm64.tar.gz | 17f3783758cde6ea566ebd02f3b62b067042123d11ff8039cd805910414601d0932b48e80a774f0ce5db733a9712eb2337708f708493a7f7072f282bbe014a88 | 
| kubernetes-client-linux-386.tar.gz | fcf8ce77bcbdea986ac9d8c5b9be4d1da77f88cca6228bc1661b2fda4ce1b98da9690a4c67ecdf0ef32fc9ff0d33223907e4f0c9fff8cb3b592a47eaa844c4e5 | 
| kubernetes-client-linux-amd64.tar.gz | ef75896aa6266dc71b1491761031b9acf6bf51f062a42e7e965b0d8bee059761d4b40357730c13f5a17682bda36bc2dce1dd6d8e57836bf7d66fe5a889556ce9 | 
| kubernetes-client-linux-arm.tar.gz | 9676bae0183b1a759f7f875f8505436881e016b5e49907f53818f94b5a5399a168acb19d5ffb69d13e9c5824cb057bc3a86d14343a0f493aa9bd069ddfdac34c | 
| kubernetes-client-linux-arm64.tar.gz | 54a74482b69c31317712d292511ba2573cc644ec81b64d5ae785734596e25d039afd029922acba1402c651b9ed3c770531dbaa50ce1ad6ef20dae29a70b0fdda | 
| kubernetes-client-linux-ppc64le.tar.gz | fdd242533acd682183dfa45a61b5855a76a87a7ac801471f08d66824be399e8447a4fc5e5a00dacd6866ed82691fa5a9425657d68e50c119be1092b376e621bc | 
| kubernetes-client-linux-s390x.tar.gz | 1e609d7dc828afe3956fe3bdbd12cb1fb08b6b12288fd5f11eb7022b76b6192466ddc7d98adc686055b3f5214336dcda5abd1b37d4ed99471e3c17dc13c92111 | 
| kubernetes-client-windows-386.tar.gz | 2b1c70b19c57e06e052e507497a66bd1aeaa51c7909479a82ea60f3e6dc9ff46b4fffe028f147d336e4a26fef5abee3a151e57fa74f18bed0011c0b6230c1ba9 | 
| kubernetes-client-windows-amd64.tar.gz | 9214fab06d93d4e3afaad4c34a39fb732d0eb3ec7aaa30d83dfc0ce38aea31dabdd2794f80af0a428c399400ecfb093931458d1da897470e9aac36f46068fb07 | 
| kubernetes-client-windows-arm64.tar.gz | eff5a0e6cc2afb56562615f8d9f58e8d97d9ae75265020bc0afc51d91c95c05127dccdca5c0046e67a852ebb8766d971af1b26ce8ce509669b595b96bd5276e0 | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | db686014c2e6ff9bc677f090a1c342d669457dc22716e2489bb5265e3f643a116efff117563d7994b19572f132b36ad8634b8da55501350d6200e1813ad43bdf | 
| kubernetes-server-linux-arm.tar.gz | b950adaabfda38e31831bb60a1bb75a9db538ae53e0e17b2ca8ee0c243651434f59517e2f3b697d15398619b89ed8099020503b3df727d9ce6ca0cac07c251dc | 
| kubernetes-server-linux-arm64.tar.gz | 45a86cb7d82a85991bff25406dd4303c7816a08395ae1ff0b6f26471b15df1621f4ec3473304b30701f1d73fe151ac6b24049853aef794bef48891d09a867c99 | 
| kubernetes-server-linux-ppc64le.tar.gz | 2a30ac1aa598b2fda85915616da20cb4b98afa0b675e733ab59a81a59edb7054789bb5fc04d64f0ceaa2480d8e7358220a497617d45f63d42f160f37fad4ca52 | 
| kubernetes-server-linux-s390x.tar.gz | 88f592a01207777662023bc15a88f5170a4f256e212a258a68e014be05230e02a4992591951b2f843ae0c9b4ad5b8ed032a208379e2b675e4172835f1f4b42fc | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | fe025affdc41fc3ab55a67ce3298d0282aa18925f65b1f52e726a0cfaddee1e979eecd97f31da236e5508f649ec60d3e6ac5ecc44ed012e2d65076d595e8b170 | 
| kubernetes-node-linux-arm.tar.gz | fbbfaea5c37dca135f62c0998c24729af7364dac2205340704f92a377052434976aabe5ddafd358b46597dd377d6d9704d116ff5de587d70cfe67258927164c7 | 
| kubernetes-node-linux-arm64.tar.gz | 64c563aaa09a294a7d290263fe1c427cbdae8adfd07698cada8d17f333c019a860c7180ea2cb1ba04ee0615a767562bd7e0f3b0a59425c50a86f4bed175a1081 | 
| kubernetes-node-linux-ppc64le.tar.gz | e342ed08eb4e689415f20caec744f680f2ca81143a5053d128297e27ea0c79cc70e50cd3aca0ac06b4d6d48306f9536f12eaf9739d674e0e24c5870948747c0f | 
| kubernetes-node-linux-s390x.tar.gz | ba6f98bfabbcd4f8a7cc2eeafe0254f787fe991cd12094f60820f8074fef5441eeb0231cd0a16c9912b3e9c6fb6e829843f0b98db3e0fc410c3ef716d0c19c92 | 
| kubernetes-node-windows-amd64.tar.gz | abaeb069133ed9101fe13bd9a262489fa1396fdf5184645e409a55daf6aeca3c7731d4c3fb6cda7d52f9ca79004bd222860d7dc3495fbdffc3c3b06807bc4f51 | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.3
Changes by Kind
Feature
- Kubernetes is now built with Go 1.19.8 (#117133, @xmudrii) [SIG Release and Testing]
- Unlocked the CSIMigrationvSpherefeature gate. The change allow users to continue using the in-tree vSphere driver,pending a vSphere CSI driver release that has with GA support for Windows, XFS, and raw block access. (#116396, @msau42) [SIG Storage]
Bug or Regression
- Fix missing delete events on informer re-lists to ensure all delete events are correctly emitted and using the latest known object state, so that all event handlers and stores always reflect the actual apiserver state as best as possible (#115899, @odinuge) [SIG API Machinery]
- Fix: Route controller should update routes with NodeIP changed (#116362, @lzhecheng) [SIG Cloud Provider]
- Fixed two regressions introduced by the PodDisruptionConditions feature (on by default in 1.26):
- pod eviction API calls returned spurious precondition errors and required a second evict API call to succeed
- dry-run eviction API calls persisted a DisruptionTarget condition into the pod being evicted (#116750, @atiratree) [SIG API Machinery and Testing]
 
- Fixes a regression in the pod binding subresource to honor the metadata.uidprecondition. This allows kube-scheduler to ensure it is assigns node names to the same instances of pods it made scheduling decisions for. (#116763, @alculquicondor) [SIG API Machinery and Testing]
- Kubelet: Fix fs quota monitoring on volumes (#116793, @pacoxu) [SIG Storage]
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
v1.26.3
Downloads for v1.26.3
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | d1c6c8c9844ec63c043138bed0f01a0129d89c9c7cc130b794db0e1abea0062f4b2fe78ec7904cb32a1d628b6f5fb6f72c8374197e415f21ae3afd41fc82e0be | 
| kubernetes-src.tar.gz | 0bcbd694e8be752d9be4dbc9b707fa351438df3dbbb4ee6bd860480216c9ed440a8fc02462dabc8df28cb34c0af1e0624f3ae98e1263cdd2182ac88f333b97f2 | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | 25afba938a425b552c48a0671bed23e7b3af7b104ea33db8c4079b1d7690d7b9bfbaf75d8b2fb7597d6e5bfa528f72381f0e11c142381592f61162027cebf05c | 
| kubernetes-client-darwin-arm64.tar.gz | fb09b7832c238a45acfbf0b9013836a2b7f4b371eb49db21eeee944b614b97a29fbe2b6f72729a295d0d5ac7da90b963d301f490b48acb063f29d801265da144 | 
| kubernetes-client-linux-386.tar.gz | 15d182c0a5fc07c09694b8007f780bce51901124125bf0d1133de616cc0b01128c300411ccf6b2a3b603570decf5f62888184afc0f1ca8284b3953d3f9d35c5b | 
| kubernetes-client-linux-amd64.tar.gz | 66ac1edead4ce24fc3ec8f1427f1e7fb81e963ef0bc9dc877d272e7526ff18f309c729ae73f744e530072bb8c7a0391dc3b5dc027fa88313eeb41a3d26566f95 | 
| kubernetes-client-linux-arm.tar.gz | f499ed92222db1d29970dec1dbd2ef9f87f3eb0f30dc5eba94a1226161ee6fbd19bfeedb6d2a2ee00ea8a999303cd76f9e537ae85954f03a2fab60be4516ea77 | 
| kubernetes-client-linux-arm64.tar.gz | e9d483ca22582aa0b30606febe47bf3de17e01dd0962f6563aff04526511bfb917335ea86cd2e9aede892cf1451a291f55996580294c729491e5255d0a8d91ba | 
| kubernetes-client-linux-ppc64le.tar.gz | de9a27b857093e76a0a1bfbf9914ca71622b942ceeb1db9b5cf3707a8f0974c7a9518d37ebab742210afbc29bd0c1358c15ac325376f7338565568d6cc324be6 | 
| kubernetes-client-linux-s390x.tar.gz | 7e7864b1785792e4cb72fddfc10bd8a4d479a9ea5e720ad5789189b09420654a917fee5f361effcf21f79c5ab582019eb517cbf6e586a10a1ea0ce122e740f5c | 
| kubernetes-client-windows-386.tar.gz | 3bcb0d114679cf80a560e0f6c32e51b2cec6c8ac3d2c6dcdab758be87ed32149b718e48bfb3c58e84bf28419c1cf0a7ce44398fe6c829ad65106633d38a7df6b | 
| kubernetes-client-windows-amd64.tar.gz | 370bfa9d7e185a5591ce859351a88e7cad839d9ea14c214ab1601364e8162bdb9721a611fbfef00b66c4492b568f98595fd39eb528d966fad2c4d8a25927d1f6 | 
| kubernetes-client-windows-arm64.tar.gz | 04a2073d7ca3de752b90e24522d2b659cb3e7e604a0e50bfb809fb60c509b806f65a28323139d89a45deb503dd05a4962442210245c1df133a3a93fbc46045eb | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 27d88683b737d5790c68a5ae4b5011f3afead81f4f83ecd26232458f9b15d3581705758f068d8f94681afddda0f2494f815ba758167d064c8d682766479a1023 | 
| kubernetes-server-linux-arm.tar.gz | d3b98291660e8dc6d182f5b26c8384e9a5eea30374354dc7c26612167545bb07bce46145e7429b59c3b813030933f3dd3ef86968cfb90c3ffa69303c4a6ca8c3 | 
| kubernetes-server-linux-arm64.tar.gz | ea74da4e70dd0a3fe79a2da0a8421efc6c45c019af44d7fc04d35dcd154c1c09a487d300155cdf0e7c664512e5f84969dd668d82b5e2fcff1e4768351638793c | 
| kubernetes-server-linux-ppc64le.tar.gz | 00a0a5da6cc3ef3e833825f2102b851b7e1c03708e3cb7101565c66925341df69dfa5e524d15608275727913a5d65c66ba1c1f3e775a38d60879bdfa8affae0a | 
| kubernetes-server-linux-s390x.tar.gz | d38e5b2ab8a1a537bd923508350fb656a1d47ed307d52160aa19112028e93e5f824d05a3f7a4c82d7f938a12950c3120d20986d8826e9decccab9bc4f6a55ccb | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 7f88001adf29c583bf6c1bd10cc0b45e82dda166fe5adc5c3b0995231ce51c9bfd6980dfc59b2cedb393234d9976dc7c5920d96b5231b15470d26d01521b209f | 
| kubernetes-node-linux-arm.tar.gz | 7cffa75197caaae55d750a91473621a846bd4577ed7582fbb66c9ebf4c013ce109fa20e61dd40a0a93746ff9d827a8abf444024ec97e5a8b7c4a225cc48af30f | 
| kubernetes-node-linux-arm64.tar.gz | 05d2f7213c5e2f5c706f2be111ff62f8cc7943c46bbc20ac7a2a10df1cfb932677d99a7308e6a881847b9b442cef4c4150d2cd3f33794a7ca998cc0bf17b6d1f | 
| kubernetes-node-linux-ppc64le.tar.gz | e8f96a50b514de4347821fa0d64353d2c1a4bddd141e55df22c7ddda1d4d5ee88935b73496838403664708c8c7e92bb3000b8cced6baa7366848c71bfa6d2505 | 
| kubernetes-node-linux-s390x.tar.gz | 38fbaa084f5a7dd6fe76cf16e2450f78c68efd37a8de4fdd39099daeaac4531916ff990609aa368e50290c4a5a8bc5ef8f94f6e07c5005d5c22b48d6fc94d9ab | 
| kubernetes-node-windows-amd64.tar.gz | 9a20dd3b6263ac164555c6064cd0fa3b64c5c06790ea8541f6dc9bf7419bdfaa67c411eb0104d90ecacc627e79c7b8f04d8f6e30f1ef466effb4cf87fac727b8 | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.2
Changes by Kind
API Change
- Volumes: resource.claimsgets cleared for PVC specs during create or update of a pod spec with inline PVC template or of a PVC because it has no effect. (#115928, @pohly) [SIG API Machinery, Apps and Storage]
Feature
- Kubernetes is now built with Go 1.19.7 (#116407, @cpanato) [SIG Release and Testing]
- The go version defined in .go-versionis now fetched when invoking test, build, and code generation targets if the current go version does not match it. Set $FORCE_HOST_GO=y while testing or building to skip this behavior, or set $GO_VERSION to override the selected go version. (#115496, @liggitt) [SIG Release and Testing]
Failing Test
Bug or Regression
- Fix data race in kube-scheduler when preemption races with a Pod update. (#116438, @alculquicondor) [SIG Scheduling]
- Fix log line in scheduler that inaccurately implies that volume binding has finalized (#116050, @TommyStarK) [SIG Scheduling and Storage]
- Fix race in alpha aggregated discovery handler Yes, discovery document will correctly return the resources for aggregated apiservers that do not implement aggregated disovery (#115805, @alexzielenski) [SIG API Machinery]
- Fixed a bug where Kubernetes would apply a default StorageClass to a PersistentVolumeClaim,
even when the deprecated annotation volume.beta.kubernetes.io/storage-classwas set. (#116089, @cvvz) [SIG Apps and Storage]
- Fixed an EndpointSlice Controller hashing bug that could cause EndpointSlices to incorrectly handle Pods with duplicate IP addresses. For example this could happen when a new Pod reused an IP that was also assigned to a Pod in a completed state. (#115907, @qinqon) [SIG Apps and Network]
- Fixed performance regression in scheduler caused by frequent metric lookup on critical code path. (#116441, @alculquicondor) [SIG Scheduling]
- Fixing issue with Winkernel Proxier - ClusterIP Loadbalancers are missing if the ExternalTrafficPolicy is set to Local and the available endpoints are all remoteEndpoints. (#116001, @princepereira) [SIG Network]
- Fixing issue with Winkernel Proxier - IPV6 load balancer policies are missing when service is configured with ipFamilyPolicy: RequireDualStack (#115614, @princepereira) [SIG Network]
- Make kubectl diff --prune behave correctly with the --selector/-l flag (#116149, @nathanmartins) [SIG CLI and Testing]
- Remove check for CSI driver running on node for CSI migration (#115772, @sunnylovestiramisu) [SIG Apps and Storage]
- Set device stage path whenever available for expansion during mount (#115346, @gnufied) [SIG Storage and Testing]
Dependencies
Added
Nothing has changed.
Changed
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.35 → v0.0.36
Removed
Nothing has changed.
v1.26.2
Downloads for v1.26.2
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | 15b2efb385dfb80e1ea163589d198954fed75b2ddef27c1f5b7e79bb8b3bea828e644f4e4f7c25cc5dcd1f58e0a8d91112c72fb2046f2bbdfc2f1ccea38ec4eb | 
| kubernetes-src.tar.gz | 68f82f5279690072b8dc600dbdbf808508f1d1f99197a088f2aff8b62078c0cee41a8f36a5f49496096573d6e0c90d9baf30cb1d2cf50e7445b372c69b8d4ec8 | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | 8de3e817a4e1c05836dd80a392ba49dfc40e5e113d6b9808057686431402c7c8b3bb351aa146a971806d04b4becbdb030bbfecb5667982187f40f78c601bb5fe | 
| kubernetes-client-darwin-arm64.tar.gz | 6a8616c395a742b79cf9e77b037a5048e1a458e40948fc54735196fa8aec453fa210edb7b58b629751d95d6973737c1b8a8f49840f8648cccbe01abc81078d54 | 
| kubernetes-client-linux-386.tar.gz | 5c2804ff18bcb0160b15198095c312d46059d89033ad7a4a2bac796e1d03d1eda3b1eebba8b27f80be3a4d1e24c5d0c1d52b080a98e56c9492bc8ba50cbd37d9 | 
| kubernetes-client-linux-amd64.tar.gz | 1f969bf9bcbab145aa7f8f8407d83ec6b13039d0739e7445a740f0f07bfec77816243bcc203bcd44227d8011b827f6db7e4a0d20c7011bb658a6cf0cf8d3b028 | 
| kubernetes-client-linux-arm.tar.gz | 115043bd54708b0e52c2cd7f07d646e2f20fc8c7d82cdbb0babd87e5ad81d365b1799aacf835588eecef15bde562851ba5cebcbf61bacaf60b3e706f0bf85966 | 
| kubernetes-client-linux-arm64.tar.gz | 17bbb61e0ed3a6a42638aad15ed4b6b7969f99446dcf2db7845a0b8b6001aa0e7c11cf298695183345270a715600fbcb0789c26850e0d49c32edf75456957db4 | 
| kubernetes-client-linux-ppc64le.tar.gz | 6d288a64c616d90a4b4c2734495e93835b0afecbe9699e6f40f3ddafd9f324d6afee05ac6b4ea3a274c8738e3af25d7e220ae958492cfeef0dcbf35a07d5f6c6 | 
| kubernetes-client-linux-s390x.tar.gz | b5edfa36a9e61e949fd3733b7ed4204dc03a9c546b43a3fea5eef938d3d76a549064178037399f18aa0d555eee7cd9c6d49de41849314bbe6f308c0b88db085c | 
| kubernetes-client-windows-386.tar.gz | 0c50858b56f3140e9650f5491c6bf53762b049eac58818b4521907f06ca2a3b8cb39076c17ba52d379a409b34b5eb1f8276f0724d695c6f6b61653b6df0580d6 | 
| kubernetes-client-windows-amd64.tar.gz | 2c884682507bcf8184b431e26e80febe27157fb26c5475a01410db73fd9e4abf3e0e7b0827f95896ae1ac37b10ebf664d995981a2846937ce7b1f4448447e4d7 | 
| kubernetes-client-windows-arm64.tar.gz | 552e3d7b93c64aad132144a66a3ec6e6d7a83b6949387cd5b3ff2d2e9a26b368eb2bc38500bf199374cbc992cbd89ce3f958e1a10ad9394e50ae7c90b503c81c | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | e54061b0a7f5717e59916a10f9e85b78a4ad751c0c630bdc9493aa9cc98058837bff8058641332e06ed103afdbe67ec62d9803ff1b17c8770db324ab801e46ce | 
| kubernetes-server-linux-arm.tar.gz | 9ca3e295087309f6b7d2ad9dad1db60bba6d2c3a51dc3cc23391e9bae359746b4c30db2e73e3bf608ed67e9796ff0738aaad763f3b63426df99c9b1cf764624b | 
| kubernetes-server-linux-arm64.tar.gz | 5231542124556d480c7b719ebfe0eaadd35529e123123b4ca596295eb992f5296ef73971a6d5beaf98dfbd190f3b630764b399c2b97825d0664874d9f751af4d | 
| kubernetes-server-linux-ppc64le.tar.gz | 737c2b0d81ebb434ec97ab9e4c716a77c3a5b29697aadac3715847b2c5804befd68d5daed7ee60210d47481eebd283b2d0213483f67b154da33508e49f806bb1 | 
| kubernetes-server-linux-s390x.tar.gz | 2f46e7802ae7e733ee3f10bb1510ac1436e1c625d06c9cf6384215659577bed3322f3dca4b8a653650cdcc367f146cb605510949d951590cc9e1969f61df9c8d | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 92e92333a9e5c27436c7966b338395d4ea5d2ada22b53d1aebefeb6893fe6770cd3e7c4d64f0b89cbf39e13047bb56ffad34b03b2c16ac836d335d64758f4085 | 
| kubernetes-node-linux-arm.tar.gz | e1b394c4b21f2f4d73ba981808df23b5b76e670389f72957a002f0b10239848c34f210033651c519d4ef55c3eb0c3769df9c434b1495743627a076b300a55c89 | 
| kubernetes-node-linux-arm64.tar.gz | eed5122b45cda658b82ee02b5f230c14b91c7626c2df45f31672298fc33db10faae859a6d7b20bfc6e5a79f3392e4f92f5a056596f77bc0a5490810430d86e83 | 
| kubernetes-node-linux-ppc64le.tar.gz | fedf9b4820d731e13286473b51d81060707efbd3d0d044c0f6247835e2fa7c236d4cb2c576099028840da850235e8a092ca7d67fc4575e5b2488766a74025a8c | 
| kubernetes-node-linux-s390x.tar.gz | aca15e761b6b9671921671c3f58910d58e205d3738aec6da1228f079882807b82084177061a49d09b7bff05a99255beb5662c9ebaee90e8ebfee10a93bde896d | 
| kubernetes-node-windows-amd64.tar.gz | f85cc35f6d5d6d38f8324a430c9fa142d529f778b10e0ad60c01e4f9d03e4dc99ad65c6851d7c7927f165c3a89f0e91cf8db6e836ffe775296f982f02b467e0c | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.1
Changes by Kind
API Change
- A fix in the resource.k8s.io/v1alpha1/ResourceClaim API avoids harmless (?) ".status.reservedFor: element 0: associative list without keys has an element that's a map type" errors in the apiserver. Validation now rejects the incorrect reuse of the same UID in different entries. (#115354, @pohly) [SIG API Machinery]
- K8s.io/component-base/logs: usage of the pflag values in a normal Go flag set led to panics when printing the help message (#114680, @pohly) [SIG Instrumentation]
Feature
- Kubelet TCP and HTTP probes are more effective using networking resources: conntrack entries, sockets, ... This is achieved by reducing the TIME-WAIT state of the connection to 1 second, instead of the defaults 60 seconds. This allows kubelet to free the socket, and free conntrack entry and ephemeral port associated. (#115143, @aojea) [SIG Network and Node]
- Kubernetes is now built with Go 1.19.6 (#115833, @cpanato) [SIG Release and Testing]
- Use HorizontalPodAutoscaler v2 for kubectl (#114886, @a7i) [SIG CLI]
Bug or Regression
- Do not add DisruptionTarget condition by PodGC for pods which are in terminal phase (#115104, @mimowo) [SIG Apps and Testing]
- Enforce nodeName cannot be set along with non-empty schedulingGates (#115636, @Huang-Wei) [SIG Apps and Scheduling]
- Fix a bug that caused to panic the apiserver when trying to allocate a Service with a dynamic ClusterIP and it has been configured with Service CIDRs with a /28 mask for IPv4 and a /124 mask for IPv6 (#115333, @aojea) [SIG Testing]
- Fix nil pointer error in nodevolumelimits csi logging (#115347, @sunnylovestiramisu) [SIG Scheduling]
- Fix the regression that introduced 34s timeout for DELETECOLLECTION calls (#115479, @tkashem) [SIG API Machinery]
- Fixed bug which caused the status of Indexed Jobs to only be updated when there are newly completed indexes. The completed indexes are now updated if the .status.completedIndexes has values outside of the [0, .spec.completions> range (#115462, @danielvegamyhre) [SIG Apps]
- Fixes bug in ValidatingAdmissionPolicy alpha which prevented policies from using a paramKind previously used by another policy (#115185, @alexzielenski) [SIG API Machinery]
- Golang.org/x/net updates to v0.7.0 to fix CVE-2022-41723 (#115787, @liggitt) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
- The Kubernetes API server now correctly detects and closes existing TLS connections when its client certificate file for kubelet authentication has been rotated. (#115566, @enj) [SIG API Machinery, Node and Testing]
Dependencies
Added
Nothing has changed.
Changed
- golang.org/x/net: 1e63c2f → v0.7.0
- golang.org/x/sys: v0.3.0 → v0.5.0
- golang.org/x/term: v0.3.0 → v0.5.0
- golang.org/x/text: v0.5.0 → v0.7.0
Removed
Nothing has changed.
v1.26.1
Downloads for v1.26.1
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | 65d8e6456b48737e496bd7e57ed630825654a1527de52890481be5f6df89a88675b809e6cb0ffa75b71c7d723ee64145a92b859afff296c7ee6f077f66c05c48 | 
| kubernetes-src.tar.gz | cb4c5b1502899144798663ace828ff705d5b727a7bbb9a71c63138a4aef91dc394bdc83e8f7634fa1762b1cd08c3203a08c06856629d22463f89ab309f6388a3 | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | c70bd6ae44d1d5bbd5141fdcd69db0aa43aa3556345fec647e71f54f971ae91079b07f7e8cc3e609cb64e1a51b825f2ecbf99b040ca46b63f776f2c0d7b0ce46 | 
| kubernetes-client-darwin-arm64.tar.gz | 0e913e33cd285c9e822eb8c8612b2acb301a9b28b9b59d15f120017bbd8b1d6282b8d0fc1426d4ec425a8a487232b8435cc271f9a3a45aa18b92bf1e6dc6340d | 
| kubernetes-client-linux-386.tar.gz | 21651edaecb3d17c99a9a65a8db21dbbedfc35d444d435e6f9e4b477e1f9ad4813df4a3a42e385c373560dcf97090da0862f9b0c59feda75db7a408fb1295fdc | 
| kubernetes-client-linux-amd64.tar.gz | d82f8fb12b3667c9c613092ac8c5c38c2f0db2db719f8d8b308f1146ef4ac2942b66554fc99ddc1e947492f4cec845a21feebbf804289173c42928a2d355490f | 
| kubernetes-client-linux-arm.tar.gz | dbac85e316b0a46e7bc6f2de990b916bd3605631a14fa457819fc354238dad392535d738a8f98fabd4ca76cc4e66c19be3d1a7766aaf05a4ef6d1717208d99a4 | 
| kubernetes-client-linux-arm64.tar.gz | 58ebebde0f387dd9b0c314e2f20d3af875e0524d392ea97c1d3930ee07f4ad57b3acffee7894077f4e5dc40c83c04612c17fe77fa0501f1f25a90db6178b6786 | 
| kubernetes-client-linux-ppc64le.tar.gz | 211c3a698f5608eb1270702bad9fc67911b7168b025e3d8979754ab6d20140ff1ba1f616604a33667cdf47693481de1668ad0b87cf53fd08199d8b356c0b96ee | 
| kubernetes-client-linux-s390x.tar.gz | 970d2d6ae7c4c7eba363c14e2d5962c17c015877d11b265764b1e56472fa7a23d54fd9a9cbe2022db7d05539c1bff8d6f1c5f78300d22102ce1079f26256a3b7 | 
| kubernetes-client-windows-386.tar.gz | 3318ad3f1a28258d7bb6d40066f16ac137de9bf2542871f52ab510346e13cc9640fa17b2914faa8cfdd762b42ff8fb8dfd1443f104e779b5ff5b52aeec7301eb | 
| kubernetes-client-windows-amd64.tar.gz | 24454f8b50523329ff1fdcce92c49b9dda7fe18c8c0c20ef17fbb281e104915539a9576a36ae548a0d667e0ae6c2b96fc8247990c18e6582300e9a418aad88ac | 
| kubernetes-client-windows-arm64.tar.gz | 1b91b903be14ffb6e98a21459ac261361cef206f9e6a9902bbf3e45eb798560574d3a86b1455e8b42d4e8be7adda977f8a24e43e5f6edeecff0463b9aea9fbc9 | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 46812ef66997de951da309aa8b594384d8a9fad77812bbb6cadcb684f82f0b56e4df7bfb7772b225a6f5db4096b2e681bc28d4e5044306c09528d6cac405c41c | 
| kubernetes-server-linux-arm.tar.gz | 1961fb217b3b7a2c6967e1cf07f1315930e48c11551a0d329811f4d2e5e4470cbb36dc3980cb65459912c633e9b528b66dce14a9f0c2f91b1d4b6c24018e8c4e | 
| kubernetes-server-linux-arm64.tar.gz | 9f7fc8a6ce7c15d2db56df30a1551402127745091b26231c54484855ec5acdd1813b53f4ebc979d0a85f4e7701bee11ee0ba6e84d94b146d8384b8bb4600078b | 
| kubernetes-server-linux-ppc64le.tar.gz | 5bb0c0f3ae57e403f0f710110896e2e6ab5d777cafd0b9f98f121ef442e0b2eeeee66c1a4917ab6b2f218b5d12a93efb86310a1fcc6ef342843813a5c24b22c0 | 
| kubernetes-server-linux-s390x.tar.gz | 539812c41439f7851838edd98ad76c16a9efad2cadcc9f8f88aa193d8e359c06f481c5df4a58b561cc7594126c65e841387f547523c42b2ddfe56edb094865d3 | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 8ab33c800a7616302e03c36e087ddb70e2d74ca1228b6f2df654a23f7adf684cc949f98bb9c639f2aa8a125f06dddc6cd7a4568eec1197b1eba1002806782c4f | 
| kubernetes-node-linux-arm.tar.gz | 65fc0444ac19ddae8b06f48f99b42d78816dcf641823ecbcb4378c2dc4a9698af764686a1b6da97fcda898243e8b08a9cef64d99d4d697d34ec95443a5995943 | 
| kubernetes-node-linux-arm64.tar.gz | 7f5c045c152e3aa14da87778935b9a81052a075cfc929bd52d8ee956da78ecacb16436e7fa648bc99b886bfce56d2588346cd843b1fcae0f38fb25c722c0d59b | 
| kubernetes-node-linux-ppc64le.tar.gz | bbd574bb6dc5f4d1d5f895af6e1ebeeae806d1c2fb626061ae5d6b1eecf1d516efdc5eb8b4a80d553425427d7fd7cd7f34a68d524b89ff6194c8b2edf4b699de | 
| kubernetes-node-linux-s390x.tar.gz | 3908f0a66082846d75927c3ebd1854035996f4db405d6709e483c6fc8d80973d8afec1898ca052c33efb548e2c4d0bb63df470efc51add76d5877fd3dd4569aa | 
| kubernetes-node-windows-amd64.tar.gz | e4dac0f8df0cf97d35f2fe9498f072e384182b2c4fdfeced83960f771c638827cfa25b5003a8bfe9c4246b353a136118f8c4ea3c371f8d9e8d20b568ca68e562 | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.0
Changes by Kind
API Change
- The list-type of the alpha resourceClaims field introduced to Pods in 1.26.0 was modified from "set" to "map", resolving an incompatibility with use of this schema in CustomResourceDefinitions and with server-side apply. (#114617, @JoelSpeed) [SIG API Machinery]
Feature
Failing Test
- Deflake a preemption test that may patch Nodes incorrectly. (#114350, @Huang-Wei) [SIG Scheduling and Testing]
Bug or Regression
- Client-go: fixes potential data races retrying requests using a custom io.Reader body; with this fix, only requests with no body or with string / []byte / runtime.Object bodies can be retried (#113933, @liggitt) [SIG API Machinery]
- Do not include preemptor pod metadata in the event message (#114946, @mimowo) [SIG Scheduling]
- Do not include preemptor pod metadata in the message of DisruptionTarget condition (#114945, @mimowo) [SIG Scheduling]
- Failed pods associated with a job with parallelism = 1are recreated by the job controller honoring exponential backoff delay again. However, for jobs withparallelism > 1, pods might be created without exponential backoff delay. (#115027, @nikhita) [SIG Apps]
- Fix a regression that the scheduler always goes through all Filter plugins. (#114524, @Huang-Wei) [SIG Scheduling]
- Fix bug in CRD Validation Rules (beta) and ValidatingAdmissionPolicy (alpha) where all admission requests could result in internal error: runtime error: index out of range [3] with length 3 evaluating rule: <rule name>under certain circumstances. (#114861, @jpbetz) [SIG API Machinery, Auth and Cloud Provider]
- Fix clearing of rate-limiter for the queue of checks for cleaning stale pod disruption conditions. The bug could result in the PDB synchronization updates firing too often or the pod disruption cleanups taking too long to happen. (#114780, @mimowo) [SIG Apps]
- Fixed DaemonSet to update the status even if it fails to create a pod. (#114819, @gjkim42) [SIG Apps and Testing]
- Fixes stuck apiserver if an aggregated apiservice returned 304 Not Modified for aggregated discovery information (#114459, @alexzielenski) [SIG API Machinery]
- Fixing issue in Winkernel Proxier - Unexpected active TCP connection drops while horizontally scaling the endpoints for a LoadBalancer Service with External Traffic Policy: Local (#114038, @princepereira) [SIG Network]
- Fixing issue with Winkernel Proxier - No ingress load balancer rules with endpoints to support load balancing when all the endpoints are terminating. (#114453, @princepereira) [SIG Network and Windows]
- Optimizing loadbalancer creation with the help of attribute Internal Traffic Policy: Local (#114468, @princepereira) [SIG Network]
Dependencies
Added
Nothing has changed.
Changed
- github.com/google/cel-go: v0.12.5 → v0.12.6
- go.uber.org/goleak: v1.2.0 → v1.1.12
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.33 → v0.0.35
Removed
Nothing has changed.
v1.26.0
Downloads for v1.26.0
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | 3062a427a45548bd9c5a8358c740f0a5cfea7b546dca724c71d28768bb36c628280c91263a362afd01c89ef3944f5a768ed44e75d421fe9dc1ec2e8ba26214f3 | 
| kubernetes-src.tar.gz | 30ef5d75282fee72e6affff34c72f76fc1d0154b3f37ad2897dec8c63ce6620d9e3237cc3c34ba3cab5d31f64ed43c4ec79c8bc40e832de6c4895a449d05682f | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | a8c7d82db6a415e7c16bc6a35ee59115e91491f842816b0128b5668821223ab9477697151ec31fb052cd893d57fc507b0a3b68f9bffd666f9d4b821c336a10c8 | 
| kubernetes-client-darwin-arm64.tar.gz | 5b449a69eb22902bdc5cc110b65d3103e459639c4b8eb84eed005a79efc8c9f42dd0a37f5d51b073e96f69a5de36b44c00b3bf730334d1296bd3df3a2f7c603b | 
| kubernetes-client-linux-386.tar.gz | 32881e912da9edf44d304bb67b4302fd271d4925928c28cd9e8d94fa677e8e8d4706eb1d9a7490f51f87cf39cf087133895a047aaf1564caa8783e3e3af190e9 | 
| kubernetes-client-linux-amd64.tar.gz | e4e55a2b7cfcb8a61a982b4c5630119dac74c793fad285a5753f3fad20122c266fce4f291889a03c562d6416d9f07992bf5de78298bd6801b06a8c36dc7a0acf | 
| kubernetes-client-linux-arm.tar.gz | 72b2899747277a8c50f2ccf8dc9293532e9d0f18fbfc5ce2bd847f46939930819a031d2ef6e6f624ea7b48d61653d14cc8869651c6155d4cada801e63e45a90f | 
| kubernetes-client-linux-arm64.tar.gz | 54081ebe799fd11ace1b54b66a4ad3c87f233dcc8f14ec38fd02d69daccf8a5e46e42e615582316a0930528fd108c679590813edc69aea151a1e8e384d3d5b31 | 
| kubernetes-client-linux-ppc64le.tar.gz | 1cb6bcae4e060cb581c89121dc623d75cd07d665876f12fc441a2cae54f194883e2f9aa02e2f61a066f7d604626c98b6baeb38ac2aea22d34eee68ce3530d12a | 
| kubernetes-client-linux-s390x.tar.gz | 568313713168e29b13849ff2bc3e275af54acb8048a7fe5b7569f713453523f32904f974b3e4888b60cd59ad2d00a97a170c33ee0525cfa224384c936b5bdb97 | 
| kubernetes-client-windows-386.tar.gz | 81aff59ef27eee27edce5222dfab420e3f9ffe090897820db07cf69bf212adcbe5fe3ce8d8551da6c2dc99c9a0ce05d9f0bad79544043c613e1bb841fe711c14 | 
| kubernetes-client-windows-amd64.tar.gz | ab37bc7569fef9e852944af6cc82a9763d89244749a28b8dd819e9234acccf89ca168cb485fbb8e4dc28c25ec3d4686503f3b3dfa5509283c674f7460fe84456 | 
| kubernetes-client-windows-arm64.tar.gz | a4373d6d3d37dcde3f86ed17e5d079c74247ee412fc062fe58472215a09cdbbefd03ba55d299fc8cbcfb70419e3400a69f84da17b078ffc149c6078df8d0ac50 | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 55de8adfe4d98826cf5f55007b8dbb63cd42fc898b399cd2c74d6c4818f2fbad1de4bd7cba2a94f8edc5a13a6297816691e62ffd0113428d23b8e7592d9d2eb6 | 
| kubernetes-server-linux-arm.tar.gz | 59305ba936cae7f021f41944491e53b43fce21f64491be44881b68c78b03b25591b850faf24472d10a17941e440ce9d4977e29fce46a7bb7786257311721fd61 | 
| kubernetes-server-linux-arm64.tar.gz | c0c0c6d1288f4b417b8b4b5960df9af081d2caf8b2abd2117e26677fc4b5b6d3bd5a0638f2559c86e77f7bb6c9acf5bd4e7f33aa4a8f0d9ba50e448c5a780ca9 | 
| kubernetes-server-linux-ppc64le.tar.gz | 837fc57905aa29f27c253ea392ce331c762789b69a581e2d3709c22f14af0b475d4f691fe48d05f5bac3784b84a6c59e9fbda527b4d9e169f93a10fe09f2d195 | 
| kubernetes-server-linux-s390x.tar.gz | edf1c11412cff5423389daa6bde79be302d2e8d9962d191247a8935189927ee89f5c24f4be2ffe2a8be0516395677d085d4367d9436bcdd46c5270c36713645f | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 19d0941ff71a8c7fd9695e69fc03e446dab48d081985f4288a6ff6d6f5a76b1e5c2cec643a9090597760f9444f0846978ddfe6a97e2b3ab59d8530d524be75bb | 
| kubernetes-node-linux-arm.tar.gz | f75cca0a72a4a4cc1f89210d08b36e7d1777d6af02e74497c3f93fef3308040c278f0600d65d1ccc052f14d567590762327d67453a3a4c06a5fe529dca99f7ae | 
| kubernetes-node-linux-arm64.tar.gz | 94579d7a3cb146ceffc0af42b5fd886510041fec0a5d5e9c2383e91ae3f6dd663b9691193f67646f38265195757f04bcc55e17ea3fc414174c375e672249c606 | 
| kubernetes-node-linux-ppc64le.tar.gz | 0487d68b2598a12bc40f7012c2b68a4d2cb0dbfac59eb7d468eb23966ebbbad3cc14e061fb4cb4562366812eefa7a7df704c435522a4d6fb68fec1268b845775 | 
| kubernetes-node-linux-s390x.tar.gz | a4dc195f599ebe3bc0ea5d2eb9f9004d9770cad7c8333b273f6ff9af0f73528a08c4949c360647f9096cc48a4daf65ecc71b70683728ab75cf3041857b6df965 | 
| kubernetes-node-windows-amd64.tar.gz | 6331bffc65bea362245a0bcba2ce28521679c60e0332e329872c5a588d21cca0162c48cac4ac2fcdb303116f5f4f62596f81658cc056d34add27857ec53b22d1 | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.25.0
Urgent Upgrade Notes
(No, really, you MUST read this before you upgrade)
- Deprecated beta APIs scheduled for removal in v1.26are no longer served. See https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-26 for more information. (#111973, @liggitt)
- The in-tree cloud provider for OpenStack (and the cinder volume provider) has been removed. Please use the external cloud provider and csi driver from cloud-provider-openstack instead. (#67782, @dims)
- GlusterFSin-tree storage driver which was deprecated in kubernetes 1.25 release is now removed entirely in- v1.26. Volumes must be migrated to an alternate storage solution before upgrading to- v1.26. (#112015, @humblec)
Changes by Kind
Deprecation
- CLI flag pod-eviction-timeoutis deprecated and will be removed together withenable-taint-managerin v1.27. (#113710, @kerthcet)
- Kube-apiserver: the unused --master-service-namespaceflag was deprecated and will be removed in v1.27. (#112797, @SataQiu)
- The gcpandazureauth plugins have been removed fromclient-goandkubectl. See kubelogin and Kubectl Auth Changes in GKE for details about the cloud-specific replacements. (#112341, @enj)
API Change
- 'A new preEnqueueextension point was added to scheduler's component configv1beta2/v1beta3/v1.' (#113275, @Huang-Wei)
- 'Added a ResourceClaimAPI (in theresource.k8s.io/v1alpha1API group and behind theDynamicResourceAllocationfeature gate). The new API is now more flexible than the existing Device Plugins feature of Kubernetes because it allows Pods to request (claim) special kinds of resources, which can be available at node level, cluster level, or following any other model you implement.' (#111023, @pohly)
- 'Container preStopandpostStartlifecycle handlers usinghttpGetnow honor the specifiedschemeandheadersfields. This enables setting custom headers and changing the scheme toHTTPS, consistent with container startup/readiness/liveness probe capabilities. Lifecycle handlers configured withscheme: HTTPSthat encounter errors indicating the endpoint is actually using HTTP fall back to making the request over HTTP for compatibility with previous releases. When this happens, aLifecycleHTTPFallbackevent is recorded in the namespace of the pod and akubelet_lifecycle_handler_http_fallbacks_totalmetric in the kubelet is incremented. Cluster administrators can opt out of the expanded lifecycle handler capabilities by setting--feature-gates=ConsistentHTTPGetHandlers=falseinkubelet.' (#86139, @jasimmons)
- 'Graduated JobTrackingWithFinalizersto stable. Jobs created before the feature was enabled are still tracked without finalizers. Jobs tracked with finalizers have the annotation batch.kubernetes.io/job-tracking. If the annotation is present and the user attempts to remove it, the control plane adds it back. The annotationbatch.kubernetes.io/job-trackingis now deprecated. The control plane will ignore it and stop adding it for new Jobs in v1.27.' (#113510, @alculquicondor)
- 'Kubelet added the following Pod failure conditions:
- 'Priority and Fairness has introduced a new feature called borrowing that allows an API priority level
to borrow a number of seats from other priority level(s). As a cluster operator, you can enable borrowing
for a certain priority level configuration object via the two newly introduced fields lendablePercent, andborrowingLimitPercentlocated under the.spec.limitedfield of the designated priority level. This change added the following metrics:- apiserver_flowcontrol_nominal_limit_seats: Nominal number of execution seats configured for each priority level
- apiserver_flowcontrol_lower_limit_seats: Configured lower bound on number of execution seats available to each priority level
- apiserver_flowcontrol_upper_limit_seats: Configured upper bound on number of execution seats available to each priority level
- apiserver_flowcontrol_demand_seats: Observations, at the end of every nanosecond, of (the number of seats each priority level could use) / (nominal number of seats for that level)
- apiserver_flowcontrol_demand_seats_high_watermark: High watermark, over last adjustment period, of demand_seats
- apiserver_flowcontrol_demand_seats_average: Time-weighted average, over last adjustment period, of demand_seats
- apiserver_flowcontrol_demand_seats_stdev: Time-weighted standard deviation, over last adjustment period, of demand_seats
- apiserver_flowcontrol_demand_seats_smoothed: Smoothed seat demands
- apiserver_flowcontrol_target_seats: Seat allocation targets
- apiserver_flowcontrol_seat_fair_frac: Fair fraction of server's concurrency to allocate to each priority level that can use it
- apiserver_flowcontrol_current_limit_seats: current derived number of execution seats available to each priority level The possibility of borrowing means that the old metric- apiserver_flowcontrol_request_concurrency_limitcan no longer mean both the configured concurrency limit and the enforced concurrency limit. Henceforth it means the configured concurrency limit.' (#113485, @MikeSpreitzer)
 
- 'NodeInclusionPolicyinpodTopologySpreadplugin is now enabled by default.' (#113500, @kerthcet)
- 'PodDisruptionBudgetnow adds an alphaspec.unhealthyPodEvictionPolicyfield. When thePDBUnhealthyPodEvictionPolicyfeature-gate is enabled inkube-apiserver, setting this field to"AlwaysAllow"allows pods to be evicted if they do not have a ready condition, regardless of whether the PodDisruptionBudget is currently healthy.' (#113375, @atiratree)
- 'metav1.LabelSelectorsspecified in API objects are now validated to ensure they do not contain invalid label values that will error at time of use. Existing invalid objects can be updated, but new objects are required to contain valid label selectors.' (#113699, @liggitt)
- Add percentageOfNodesToScoreas a scheduler profile level parameter to API versionv1. When a profilepercentageOfNodesToScoreis set, it will override globalpercentageOfNodesToScore. (#112521, @yuanchen8911)
- Add auth API to get self subject attributes (new selfsubjectreviews API is added).
The corresponding command for kubctl is provided - kubectl auth whoami. (#111333, @nabokihms) [SIG API Machinery, Auth, CLI and Testing]
- Added kubernetes_feature_enabledmetric series to track whether each active feature gate is enabled. (#112690, @logicalhan)
- Added a --topology-manager-policy-optionsflag to the kubelet to support fine tuning the topology manager policies. The first policy option,prefer-closest-numa-nodes, allows these policies to favor sets of NUMA nodes with shorter distance between nodes when making admission decisions. (#112914, @PiotrProkop)
- Added a feature that allows a StatefulSetto start numbering replicas from an arbitrary non-negative ordinal, using the.spec.ordinals.startfield. (#112744, @pwschuurman)
- Added a kube-proxy flag (--iptables-localhost-nodeports, default true) to allow disabling NodePort services on loopback addresses. Note: this only applies to iptables mode and ipv4. (#108250, @cyclinder)
- Added a new namespace alpha field to DataSourceReffield inPersistentVolumeClaimAPI. (#113186, @ttakahashi21)
- Aggregated discovery will be alpha and can be toggled with the AggregatedDiscoveryEndpointfeature flag. (#113171, @Jefftree)
- Clarified the CFS quota as 100ms in the code comments and set the minimum cpuCFSQuotaPeriodto 1ms to match Linux kernel expectations. (#112123, @paskal)
- Component-base: make the validation logic about LeaderElectionConfiguration consistent between component-base and client-go (#111758, @SataQiu) [SIG API Machinery and Scheduling]
- Deprecated the apiserver_request_slo_duration_secondsmetric for v1.27 in favor ofapiserver_request_sli_duration_secondsfor naming consistency purposes with other SLI-specific metrics and to avoid any confusion between SLOs and SLIs. (#112679, @dgrisonnet)
- Enable the "Retriable and non-retriable pod failures for jobs" feature into beta. (#113360, @mimowo)
- Enabled kube-controller-managerto support '--concurrent-horizontal-pod-autoscaler-syncs' flag to set the number of horizontal pod autoscaler controller workers. (#108501, @zroubalik)
- Fixed spurious field is immutableerrors validating updates to Event API objects via theevents.k8s.io/v1API. (#112183, @liggitt)
- Graduated ServiceInternalTrafficPolicyfeature to GA. (#113496, @avoltz)
- In kube-proxy: The "userspace" proxy mode (deprecated for over a year) is no longer supported on either Linux or Windows. Users should use "iptables" or "ipvs" on Linux, or "kernelspace" on Windows. (#112133, @knabben)
- Introduce v1beta3for Priority and Fairness with the following changes to the API spec:
- Introduced v1alpha1API for validating admission policies, enabling extensible admission control via CEL expressions (KEP 3488: CEL for Admission Control). To use, enable theValidatingAdmissionPolicyfeature gate and theadmissionregistration.k8s.io/v1alpha1API via--runtime-config. (#113314, @cici37)
- KMS: added validation for duplicate kms config name when auto reload is enabled. If you enabled automatic reload of encryption configuration with API server flag --encryption-provider-config-automatic-reload, ensure all the KMS provider names (v1 and v2) in the encryption configuration are unique. (#113697, @aramase)
- Kubelet external Credential Provider feature is moved to GA. Credential Provider Plugin and Credential Provider Config APIs updated from v1beta1tov1with no API changes. (#111616, @ndixita)
- Legacy klog flags are no longer available. Only -vand-vmoduleare still supported. (#112120, @pohly) [SIG Architecture, CLI, Instrumentation, Node and Testing]
- Moved MixedProtocolLBServicefrom beta to GA. (#112895, @janosi)
- New Pod API field .spec.schedulingGatesis introduced to enable users to control when to mark a Pod as scheduling ready. (#113274, @Huang-Wei)
- Protobuf serialization of metav1.MicroTime timestamps (used in LeaseandEventAPI objects) has been corrected to truncate to microsecond precision, to match the documented behavior and JSON/YAML serialization. Any existing persisted data is truncated to microsecond when read from etcd. (#111936, @haoruan)
- Removed feature gates ServiceLoadBalancerClassandServiceLBNodePortControl. These feature gates were enabled (and locked) sincev1.24. (#112577, @andrewsykim)
- Reverted regression that prevented client-golatency metrics to be reported with a template URL to avoid label cardinality. (#111752, @aanm)
- The EndpointSliceTerminatingConditionfeature gate was graduated to GA. The gate is now locked and will be removed in v1.28. (#113351, @andrewsykim)
- DynamicKubeletConfigfeature gate has been removed from the API server. Dynamic kubelet reconfiguration now can't be used even when older nodes are still attempting to rely on it. This is aligned with the Kubernetes version skew policy. (#112643, @SergeyKanzhelev)
- kubectl waitcommand with- jsonpathflag will wait for target path until timeout. (#109525, @jonyhy96)
Feature
- 'Added selector validation to HorizontalPodAutoscaler: when multiple HPAs select the same set of Pods, scaling now will be disabled for those HPAs with the reasonAmbiguousSelector. This change also covers a case when multiple HPAs point to the same deployment.' (#112011, @pbeschetnov)
- 'Pod Security admission: the pod-security warnlevel will now default to theenforcelevel.' (#113491, @tallclair)
- 'Promoted the APIServerIdentityfeature to Beta. By default, eachkube-apiserverwill now create a Lease in thekube-systemnamespace. These lease objects can be used to identify the number of active API servers in the cluster, and may also be used for future features such as the Storage Version API.' (#113629, @andrewsykim)
- 'The iptables kube-proxy backend now process service/endpoint changes more efficiently in very large clusters.' (#110268, @danwinship)
- 'CSIMigrationvSpherewas upgraded to GA and locked to true. Do not upgrade to K8s 1.26 if you need Windows, or XFS, or raw block support until vSphere CSI Driver adds support for them in a version post v2.7.x.' (#113336, @divyenpatel)
- 'DelegateFSGroupToCSIDriverfeature is GA.' (#113225, @bertinatto)
- 'NodeOutOfServiceVolumeDetachis now beta.' (#113511, @xing-yang)
- 'RetroactiveDefaultStorageClassfeature is now beta.' (#113329, @RomanBednar)
- 'registered_metric_totalwill now report the number of metrics broken down by stability level and deprecated version.' (#112907, @logicalhan)
- A new DisableCompressionfield (default =false) has been added to kubeconfig under cluster info. When set totrue, clients using the kubeconfig opt out of response compression for all requests to the apiserver. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112309, @shyamjvs)
- A new pod_status_sync_duration_secondshistogram is reported at alpha metrics stability that estimates how long the Kubelet takes to write a pod status change once it is detected. (#107896, @smarterclayton) [SIG Apps, Architecture, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing]
- API Server Tracing now includes a variety of new spans and span events. (#113172, @dashpole) [SIG API Machinery, Architecture, Auth, Instrumentation, Network, Node and Scheduling]
- API Server tracing now includes the latency of authorization, priorityandfairness, impersonation, audit, and authentication filters. (#113217, @dashpole)
- API Server tracing root span name for opentelemetry is changed from KubernetesAPItoHTTP GET. (#112545, @dims)
- Added --disable-compressionflag tokubectl(default = false). When true, it opts out of response compression for all requests to theapiserver. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112580, @shyamjvs)
- Added a method StreamWithContexttoremotecommand.Executorto support cancelable SPDY executor stream. (#103177, @arkbriar)
- Added a new feature gate CelValidatingAdmissionExtensibilityto enable expression validation for Admission Control. (#112792, @cici37) [SIG API Machinery]
- Added alpha support for WindowsHostNetworkingfeature. (#112961, @marosset)
- Added alpha support for returning container and pod metrics from CRI, instead of cAdvsior. (#113609, @haircommander)
- Added categories column to the kubectl api-resourcescommand's wide output (-o wide). Added--categoriesflag to thekubectl api-resourcescommand, which can be used to filter the output to show only resources belonging to one or more categories. (#111096, @brianpursley) [SIG CLI]
- Added kubelet metrics to track the cpumanager cpu allocation and pinning (#112855, @fromanirh)
- Added new Golang runtime-related metrics to Kubernetes components:
- go_gc_cycles_automatic_gc_cycles_total
- go_gc_cycles_forced_gc_cycles_total
- go_gc_cycles_total_gc_cycles_total
- go_gc_heap_allocs_by_size_bytes
- go_gc_heap_allocs_bytes_total
- go_gc_heap_allocs_objects_total
- go_gc_heap_frees_by_size_bytes
- go_gc_heap_frees_bytes_total
- go_gc_heap_frees_objects_total
- go_gc_heap_goal_bytes
- go_gc_heap_objects_objects
- go_gc_heap_tiny_allocs_objects_total
- go_gc_pauses_seconds
- go_memory_classes_heap_free_bytes
- go_memory_classes_heap_objects_bytes
- go_memory_classes_heap_released_bytes
- go_memory_classes_heap_stacks_bytes
- go_memory_classes_heap_unused_bytes
- go_memory_classes_metadata_mcache_free_bytes
- go_memory_classes_metadata_mcache_inuse_bytes
- go_memory_classes_metadata_mspan_free_bytes
- go_memory_classes_metadata_mspan_inuse_bytes
- go_memory_classes_metadata_other_bytes
- go_memory_classes_os_stacks_bytes
- go_memory_classes_other_bytes
- go_memory_classes_profiling_buckets_bytes
- go_memory_classes_total_bytes
- go_sched_goroutines_goroutines
- go_sched_latencies_seconds (#111910, @tosi3k)
 
- Added new metric job_controller_terminated_pods_tracking_finalizerwhich can be used to monitor whether the job controller is removing Pod finalizers from terminated Pods after accounting them in Job status. (#113176, @alculquicondor)
- Added publishing events when enabling/disabling TopologyAwareHints. (#113544, @LiorLieberman)
- Added reconstruction of SELinux mount context after kubelet restart. Feature SELinuxMountReadWriteOncePodis now fully implemented and kubelet does not lose its cache of SELinux contexts after kubelet process restart. (#113596, @jsafrane)
- Added support for Evented PLEG feature gate. (#111384, @harche)
- Added the metric pod_start_sli_duration_secondsto kubelet. (#111930, @azylinski)
- Added validation for the --container-runtime-endpointflag of kubelet to be non-empty. (#112542, @astraw99)
- Adds alpha --output plaintext protected by environment variable KUBECTL_EXPLAIN_OPENAPIV3(#113146, @alexzielenski) [SIG CLI]
- Adds metrics force_delete_pods_totalandforce_delete_pod_errors_totalin the Pod GC Controller. (#113519, @xing-yang) [SIG Apps]
- Azure File CSI migration is now GA. (#113160, @andyzhangx)
- Changed preemption_victimsmetric bucket fromLinearBucketstoExponentialBuckets. (#112939, @lengrongfu)
- Exposed health check SLI metrics on metrics/slisfor apiserver. (#112741, @logicalhan)
- Extend the job job_finished_total metric by newreason` label and introduce a new job metric to count pod failures handled by pod failure policy with respect to the action applied. (#113324, @mimowo) [SIG Apps and Testing]
- Graduate ServiceIPStaticSubrangefeature to GA. (#112163, @aojea)
- Graduated Kubelet CPU Manager to GA. (#113018, @fromanirh)
- Graduated Kubelet Device Manager to GA. (#112980, @swatisehgal)
- If ComponentSLIsfeature gate is enabled, then/metrics/slisbecomes available on kubelet, allowing you to scrape health check metrics. (#113030, @Richabanker) [SIG Node]
- If ComponentSLIsfeature gate is enabled, then/metrics/slisnow becomes available on cloud-controller-manager allowing you to scrape health check metrics. (#113340, @Richabanker)
- If more than one StorageClass is designated as default (via the "storageclass.kubernetes.io/is-default-class" annotation), choose the newest one instead of throwing an error. (#110559, @danishprakash)
- In client-goSharedInformerFactorywill now support waiting for goroutines during shutdown. (#112200, @pohly)
- In kubeadm, commandkubeadm join phase control-plane-prepare certsnow supports to run withdry-runmode on it's own. (#113005, @chendave)
- Kube-apiserver: gzipcompression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. (#112299, @shyamjvs)
- Kubeadm: added show-join-commandas a new separate phase at the end ofkubeadm init. You can skip printing the join information by usingkubeadm init --skip-phases=show-join-command. Executing only this phase on demand will throw an error because the phase needs dependencies such as bootstrap tokens to be pre-populated. (#111512, @SataQiu)
- Kubeadm: added the "--cleanup-tmp-dir" flag for kubeadm reset. It will cleanup the contents of/etc/kubernetes/tmp. The flag is off by default. (#112172, @chendave)
- Kubeadm: now supports image repository format validation. (#112732, @SataQiu)
- Kubeadm: sub-phases are now able to support the dry-run mode, e.g. kubeadm reset phase cleanup-node --dry-run (#112945, @chendave) [SIG Cluster Lifecycle]
- Kubeadm: tried to load CA cert from external CertificateAuthority file when CertificateAuthorityData is empty for existing kubeconfig. (#111783, @SataQiu)
- Kubectl shell completions for the bash shell now include descriptions. (#113636, @marckhouzam)
- Kubernetes is now built with Go 1.19.1 (#112287, @palnabarun) [SIG Release and Testing]
- Kubernetes is now built with Go 1.19.2 (#112900, @xmudrii) [SIG Release and Testing]
- Kubernetes is now built with Go 1.19.3. (#113550, @xmudrii)
- Logs of requests that were timed out by a timeout handler no longer contain a statusStackandlogging error outputfields. (#112374, @Argh4k)
- Metrics for RetroactiveDefaultStorageClassfeature are now available. To see an attempt count for updating PVC retroactively with a default StorageClass seeretroactive_storageclass_totalmetric and for total numer of errors seeretroactive_storageclass_errors_total. (#113323, @RomanBednar)
- Promoted kubectl alpha eventstokubectl events. (#113819, @soltysh)
- Promoting WindowsHostProcessContainersto stable. (#113476, @marosset)
- Scheduler now retries updating a pod's status on ServiceUnavailableandInternalErrorerrors, in addition tonet.ConnectionRefusederror. (#111809, @Huang-Wei)
- Shell completion now shows plugin names when appropriate. Furthermore, shell completion will work for plugins that provide such support. (#105867, @marckhouzam)
- Switched kubectl to use github.com/russross/blackfriday/v2(#112731, @pacoxu)
- The ExpandedDNSConfig feature has graduated to beta and is enabled by default. Note that this feature requires container runtime support. (#112824, @gjkim42) [SIG Network and Testing]
- The LegacyServiceAccountTokenNoAutoGenerationfeature gate was promoted to GA. (#112838, @zshihang)
- The ProxyTerminatingEndpointsfeature is now Beta and enabled by default. When enabled, kube-proxy will attempt to route traffic to terminating pods when the traffic policy isLocaland there are only terminating pods remaining on a node. (#113363, @andrewsykim)
- The goroutinesmetric is newly added in the scheduler. It replacesscheduler_goroutinesmetric and it counts the number of goroutine in more places thanscheduler_goroutinedoes. (#112003, @sanposhiho) [SIG Instrumentation and Scheduling]
- Updated cAdvisor to v0.46.0. (#113769, @bobbypage)
- Updated the Lease identity naming format for the APIServerIdentityfeature to use a persistent name. (#113307, @andrewsykim)
- When ComponentSLIsfeature gate is enabled,/metrics/slisbecomes available on kube-scheduler, allowing you to scrape health check metrics. (#113026, @Richabanker)
- When ComponentSLIsfeature gate is enabled, then/metrics/slisbecomes available onkube-proxyallowing you to scrape health check metrics. (#113057, @Richabanker)
- When ComponentSLIsfeature gate is enabled, then/metrics/slisbecomes available on kube-controller-manager, allowing you to scrape health check metrics. (#112978, @logicalhan)
- When the alpha LegacyServiceAccountTokenTrackingfeature gate is enabled, secret-based service account tokens will have akubernetes.io/legacy-token-last-usedapplied to them containing the date they were last used. (#108858, @zshihang) [SIG API Machinery, Auth and Testing]
- CSRDurationfeature gate that graduated to GA in 1.24 and is unconditionally enabled now removed in v1.26. (#112386, @Shubham82)
- kubectl config viewnow automatically redacts any secret fields marked with a- datapolicytag. (#109189, @mpuckett159)
Documentation
Bug or Regression
- Added back unused flags on kubectl runcommand, which did not go through the required deprecation period before being removed. (#112243, @brianpursley)
- Added support for RSA and ECDSA format keys in preflight check on kubeadm. (#112508, @SataQiu)
- Allowed Labelsection in vSphere e2e cloud provider configuration. (#112427, @gnufied)
- Apiserver /healthz/etcdendpoint rate limits the number of forwarded health check requests to the etcd backends, answering with the last known state if the rate limit is exceeded. The rate limit is based on 1/2 of the timeout configured, with no burst allowed. (#112046, @aojea)
- Apiserver: used the correct error when logging errors updating managedFields. (#113711, @andrewsykim)
- Avoided propagating hosts search .into containers in/etc/resolv.conf. (#112157, @dghubble)
- Bump golang.org/x/nettov0.1.1-0.20221027164007-c63010009c80. (#112693, @aimuz)
- Bump runc to v1.1.4. (#113719, @pacoxu)
- Callers using DelegatingAuthenticationOptionscan now useDisableAnonymousto disable Anonymous authentication. (#112181, @xueqzhan)
- Changed error message when resource is not supported by given patch type in kubectl patch. (#112556, @ardaguclu)
- Correct the calculating error in podTopologySpreadplugin to avoid unexpected scheduling results. (#112507, @kerthcet)
- Etcd: Updated to v3.5.5. (#112489, @dims)
- Fixed Admission controllers that caused unnecessary significant load on `apiserver'. (#112696, @aimuz)
- Fixed a bug where a change in the appProtocolfor a Service did not trigger a load balancer update. (#112785, @MartinForReal) [SIG Cloud Provider and Network]
- Fixed a bug where the kubelet choose the wrong container by its name when running kubectl exec. (#113041, @saschagrunert)
- Fixed an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectlwhile exec auth was in use. (#112017, @enj)
- Fixed an issue in winkernelproxier that causes proxy rules to leak anytime service backends are modified. (#112837, @daschott)
- Fixed bug in kubectl rollout historywhere only the latest revision was displayed when a specific revision was requested and an output format was specified. (#111093, @brianpursley)
- Fixed bug where dry run message was not printed when running kubectl labelwith--dry-runflag. (#111571, @brianpursley)
- Fixed code to ensure that pods running on nodes tainted with NoExecutecontinue to run when thePodDisruptionConditionsfeature gate is enabled. (#112518, @mimowo)
- Fixed cost estimation of token creation request for service account in Priority and Fairness. (#113206, @marseel)
- Fixed issue where the APIServer would panic on startup if an egress selector without a controlplane configuration is specified when using APIServerTracing. (#112979, @dashpole)
- Fixed list cost estimation in Priority and Fairness for list requests with metadata.namespecified. (#112557, @marseel)
- Fixed race condition in GCE between containerized mounter setup in the kubelet. (#112195, @mattcary)
- Fixed relative CPU priority for pods where containers explicitly request zero cpu by giving the lowest priority instead of falling back to the cpu limit to avoid possible cpu starvation of other pods. (#108832, @waynepeking348)
- Fixed that disruption controller used to change the status of a stale disruption condition after 2 min when the PodDisruptionConditionsfeature gate is enabled. (#113580, @mimowo)
- Fixed the PodAndContainerStatsFromCRIfeature, instead of supplementing with stats from cAdvisor. (#113291, @mengjiao-liu)
- Fixed the occasional double-counting of the job_finished_totalmetric. (#112948, @mimowo)
- For kubectl,--server-sidenow migrates ownership of all fields used by client-side-apply to the specified--fieldmanager. This prevents fields previously specified using kubectl from being able to live outside of server-side-apply's management and become undeleteable. (#112905, @alexzielenski)
- For raw block CSI volumes on Kubernetes, kubelet was incorrectly calling CSI NodeStageVolumefor every single "map" (i.e. raw block "mount") operation for a volume already attached to the node. This change modified that behavior to ensure it is only called once per volume per node. (#112403, @akankshakumari393)
- Improved kubectldisplay of invalid request errors returned by the API server. (#112150, @liggitt)
- In kube-apiserver,x-kubernetes-list-typevalidation is now enforced when updating status of custom resources. (#111866, @pacoxu)
- In kube-apiserver, custom resources can now be specified in the--encryption-provider-configfile and can be encrypted in etcd. (#113015, @ritazh)
- Increased the maximum backoff delay of the endpointslice controller to match the expected sequence of delays when syncing Services. (#112353, @dgrisonnet)
- Known issue: Job field .spec.podFailurePolicy.rules[*].onExitCodemight be ignored if the Pod is deleted before it terminates. (#113856, @alculquicondor)
- Kube-apiserver: DELETECOLLECTION APIrequests are now recorded in metrics with the correct verb. (#113133, @sxllwx)
- Kube-apiserver: redirect responses are no longer returned from backends by default. Set --aggregator-reject-forwarding-redirect=falseto continue forwarding redirect responses. (#112193, @jindijamie) [SIG API Machinery and Testing]
- Kube-apiserver: redirects from backend API servers are no longer followed when checking availability with requests to /apis/$group/$version(#112772, @liggitt) [SIG API Machinery and Testing]
- Kube-apiserver: resolved a regression that treated 304 Not Modifiedresponses from aggregated API servers as internal errors. (#112526, @liggitt)
- Kube-proxy no longer falls back from ipvs mode to iptables mode if you ask it to do ipvs but the system is not correctly configured. Instead, it will just exit with an error. (#111806, @danwinship) [SIG Network]
- Kube-scheduler: added taints filtering logic consistent with TaintTolerationplugin forPodTopologySpreadplugin. (#112357, @SataQiu)
- Kubeadm will cleanup the stale data on best effort basis. Stale data will be removed when each reset phase are executed, default etcd data directory will be cleanup when the remove-etcd-memberphase are executed. (#110972, @chendave) [SIG Cluster Lifecycle]
- Kubeadm: fixed a bug when performing validation on ClusterConfigurationnetworking fields. (#112751, @SataQiu)
- Kubeadm: when a sub command is needed but not provided for a kubeadm command, print a help screen instead of showing a short message. (#111277, @chymy)
- Kubectl apply: warning that kubectl will ignore no-namespaced resource pv & namespacein a future release if the namespace is specified and allowlist is not specified. (#110907, @pacoxu)
- Kubectl: fixed a bug where kubectl convertdid not pick the right API version (#112700, @SataQiu)
- Kubelet now cleans up the Node's cloud node IP annotation correctly if you
stop using --node-ip. (In particular, this fixes the problem where people who were unnecessarily using--node-ipwith an external cloud provider in 1.23, and then running into problems with 1.24, could not fix the problem by just removing the unnecessary--node-ipfrom the kubelet arguments, because that wouldn't remove the annotation that caused the problems.) (#112184, @danwinship) [SIG Network and Node]
- Kubelet: Fixed a startup crash in devicemanager. (#113021, @rphillips)
- Kubelet: fixed log spam from kubelet_getters.go Path does not exist. (#112650, @rphillips)
- Kubelet: fixed nil pointer in reflector start for standalone mode. (#113501, @pacoxu)
- Kubelet: when there are multi option lines in /etc/resolv.conf, merge all options into one line in a pod with the DefaultDNS policy. (#112414, @pacoxu) [SIG Network and Node]
- Log messages and metrics for the watch cache are now keyed by <resource>.<group>instead ofgostruct type. This means e.g. that*v1.Podbecomespods. Additionally, resources that come fromCustomResourceDefinitionsare displayed as the correct resource and group, instead of*unstructured.Unstructured. (#111807, @ncdc)
- Moved LocalStorageCapacityIsolationFSQuotaMonitoringback to Alpha. (#112076, @rphillips)
- NOTE (#113749, @jpbetz) [SIG API Machinery]
- Nested MountPointsare now grouped correctly on all cases. (#112571, @claudiubelu)
- Pod failed in scheduling due to expected error will be updated with the reason of SchedulerErrorrather thanUnschedulable. (#111999, @kerthcet)
- Pod logs using --timestampsare not broken up with timestamps anymore. (#113481, @rphillips)
- Removed of raising an error when setting an annotation with the same value, just ignore it. (#109505, @zigarn)
- Resolved an issue that caused winkernel proxier to treat stale VIPs as valid. (#113521, @daschott)
- The ResourceVersionreturned in objects from delete responses is now consistent with theResourceVersioncontained in the delete watch event. (#113369, @wojtek-t)
- The kube-schedulerandkube-controller-managernow use server side apply to set conditions related to pod disruption. (#113304, @mimowo) [SIG API Machinery, Apps and Scheduling]
- The errors in k8s.io/apimachinery/pkg/api/metanow support for thestdlibserrors.Ismatching, including when wrapped. (#111808, @alvaroaleman)
- The metrics etcd_request_duration_secondsandetcd_bookmark_countsnow differentiate by group resource instead of object type, allowing unique entries perCustomResourceDefinition, instead of grouping them all under*unstructured.Unstructured. (#112042, @ncdc)
- The pod admission error message was improved for usability. (#112644, @vitorfhc) [SIG Node]
- The time duration of a failed or unschedulable scheduling attempt will be longer, it now includes the time duration of the unreserve operation. (#113113, @kerthcet)
- Updated kube-proxyto restart in case it detects that the Node assignedpod.Spec.PodCIDRshave changed. (#111344, @aojea)
- Updated creation of LoadBalancerservices, for there to be fewer AWS security group rules in most cases. (#112267, @sjenning)
- Updated the system-validators library to v1.8.0 (#112026, @pacoxu)
- Updates golang.org/x/text`` tov0.3.8`` to fix CVE-2022-32149 (#112989, @ameukam)
- Volume mount cleanup now considers only plugin directory and not the entire kubelet root (#112607, @mattcary)
- kubectlnow escapes terminal special characters in output. This fixes CVE-2021-25743. (#112553, @dgl)
Other (Cleanup or Flake)
- 'Promoted cronjob_job_creation_skewmetric to stable to follow the cronjob v2 controller, the following metrics had their name updated to match metrics API guidelines:
- 'Promoted job-related metrics to stable to follow IndexedJobs GA. The following metrics have their name updated to match metrics API guidelines:
- 'kubelet_kubelet_credential_provider_plugin_durationwas renamed tokubelet_credential_provider_plugin_durationandkubelet_kubelet_credential_provider_plugin_errorswas renamed tokubelet_credential_provider_plugin_errors.' (#113754, @logicalhan)
- A new API server flag --encryption-provider-config-automatic-reloadwas added to control when the encryption config should be automatically reloaded without needing to restart the server. All KMS plugins are now merged into a single healthz check at/healthz/kms-providerswhen reload is enabled, or when only KMS v2 plugins are used. (#113529, @enj)
- Added a --prune-allowlistflag that can be used withkubectl apply --prune. This flag now replaces and functions the same as the--prune-whitelistflag, which has been deprecated. (#113116, @brianpursley)
- Added a kubernetes_feature_enabledmetric which will tell you if a feature is enabled. (#112652, @logicalhan)
- Deprecated the following kubectl run flags, which are ignored if set: --cascade,--filename,--force,--grace-period,--kustomize,--recursive,--timeout,--wait. (#112261, @brianpursley)
- Dropped support for the Container Runtime Interface (CRI) version v1alpha2, which means that container runtimes just have to implementv1. (#110618, @saschagrunert)
- E2e: tests can now register callbacks with ginkgo.BeforeEach,ginkgo.AfterEachorginkgo.DeferCleanupdirectly after creating a framework instance and are guaranteed that their code is called after the framework is initialized and before it gets cleaned up.ginkgo.DeferCleanupreplacesf.AddAfterEachandAddCleanupActionwhich got removed to simplify the framework. (#111998, @pohly)
- Introduce ComponentSLIsalpha feature-gate for component SLIs metrics endpoint. (#112884, @logicalhan) [SIG API Machinery]
- Kube scheduler Component Config release version v1beta3 is deprecated in v1.26 and will be removed in v1.29, also v1beta2 will be removed in v1.28. (#112257, @kerthcet) [SIG Scheduling]
- Kube-scheduler: the DefaultPodTopologySpread,NonPreemptingPriority,PodAffinityNamespaceSelectorandPreferNominatedNodefeature gates that graduated to GA in v1.24 and were unconditionally enabled have been removed in v1.26. (#112567, @SataQiu)
- Kubeadm: removed the UnversionedKubeletConfigMapfeature gate. The feature has been GA and locked to enabled sincev1.25. (#113448, @pacoxu)
- Kubeadm: removed the toleration for the node-role.kubernetes.io/mastertaint from the CoreDNS deployment ofkubeadm. With the 1.25 release of kubeadm the taintnode-role.kubernetes.io/masteris no longer applied to control plane nodes and the toleration for it can be removed with the release of 1.26. You can also perform the same toleration removal from your own addon manifests. (#112008, @pacoxu)
- Kubeadm: removed the usage of the --container-runtime=remoteflag for the kubelet during kubeadm init/join/upgrade. The flag valueremotehad been the only possible value sincedockershimwas removed from the kubelet. (#112000, @pacoxu)
- Locked ServerSideApplyfeature gate to true with the feature already being GA. (#112748, @wojtek-t)
- Refactored test/e2e/frameworkso that the core framework is smaller. Optional functionality like resource monitoring, log size monitoring, metrics gathering and debug information dumping must be imported by specific e2e test suites. Init packages are provided which can be imported to re-enable the functionality that traditionally was in the core framework. If you have code that no longer compiles because of this PR, you can use the script from a commit message to update that code. (#112043, @pohly)
- Release-note (#111708, @yangjunmyfm192085) [SIG Apps, Instrumentation and Network]
- Removed PodOverheadfeature gate as the feature is in GA sincev1.24. (#112579, @SergeyKanzhelev)
- Removing Windows Server, Version 20H2 flavors from various container images. (#112924, @marosset)
- Renamed the feature gate for CEL in Admission Control to ValidatingAdmissionPolicy. (#113735, @cici37)
- Reworded log message upon image garbage collection failure to be more clear. (#112631, @tzneal) [SIG Node]
- Scheduler dumper now exposes a summary to indicate the number of pending pods in each internal queue. (#111726, @Huang-Wei) [SIG Scheduling and Testing]
- Service session affinity timeout tests are no longer required for Kubernetes network plugin conformance due to variations in existing implementations. New conformance tests will be developed to better express conformance in future releases. (#112806, @dcbw) [SIG Architecture, Network and Testing]
- The IndexedJobandSuspendJobfeature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26. (#112589, @SataQiu)
- The e2e.testbinary no longer emits JSON structs to document progress. (#113212, @pohly)
- The metric etcd_db_total_size_in_bytesis renamed toapiserver_storage_db_total_size_in_bytes. (#113310, @logicalhan) [SIG API Machinery]
- Updated cri-toolsto [v1.25.0(https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.25.0) (#112058, @saschagrunert)
- GlusterFSin-tree storage driver which was deprecated in kubernetes 1.25 release is now removed entirely in 1.26. (#112015, @humblec)
Dependencies
Added
- cloud.google.com/go/datastore: v1.1.0
- cloud.google.com/go/firestore: v1.1.0
- cloud.google.com/go/pubsub: v1.3.1
- github.com/OneOfOne/xxhash: v1.2.2
- github.com/alecthomas/template: fb15b89
- github.com/alecthomas/units: f65c72e
- github.com/armon/consul-api: eb2c6b5
- github.com/armon/go-metrics: f0300d1
- github.com/armon/go-radix: 7fddfc3
- github.com/bgentry/speakeasy: v0.1.0
- github.com/bketelsen/crypt: 5cbc8cc
- github.com/cenkalti/backoff/v4: v4.1.3
- github.com/cespare/xxhash: v1.1.0
- github.com/client9/misspell: v0.3.4
- github.com/coreos/bbolt: v1.3.2
- github.com/coreos/etcd: v3.3.13+incompatible
- github.com/coreos/go-systemd: 95778df
- github.com/coreos/pkg: 399ea9e
- github.com/dgrijalva/jwt-go: v3.2.0+incompatible
- github.com/dgryski/go-sip13: e10d5fe
- github.com/fatih/color: v1.7.0
- github.com/go-gl/glfw: e6da0ac
- github.com/go-logr/stdr: v1.2.2
- github.com/google/martian: v2.1.0+incompatible
- github.com/grpc-ecosystem/grpc-gateway/v2: v2.7.0
- github.com/hashicorp/consul/api: v1.1.0
- github.com/hashicorp/consul/sdk: v0.1.1
- github.com/hashicorp/errwrap: v1.0.0
- github.com/hashicorp/go-cleanhttp: v0.5.1
- github.com/hashicorp/go-immutable-radix: v1.0.0
- github.com/hashicorp/go-msgpack: v0.5.3
- github.com/hashicorp/go-multierror: v1.0.0
- github.com/hashicorp/go-rootcerts: v1.0.0
- github.com/hashicorp/go-sockaddr: v1.0.0
- github.com/hashicorp/go-syslog: v1.0.0
- github.com/hashicorp/go-uuid: v1.0.1
- github.com/hashicorp/go.net: v0.0.1
- github.com/hashicorp/golang-lru: v0.5.1
- github.com/hashicorp/hcl: v1.0.0
- github.com/hashicorp/logutils: v1.0.0
- github.com/hashicorp/mdns: v1.0.0
- github.com/hashicorp/memberlist: v0.1.3
- github.com/hashicorp/serf: v0.8.2
- github.com/jpillora/backoff: v1.0.0
- github.com/jstemmer/go-junit-report: v0.9.1
- github.com/kr/logfmt: b84e30a
- github.com/kr/pty: v1.1.1
- github.com/magiconair/properties: v1.8.1
- github.com/mattn/go-colorable: v0.0.9
- github.com/mattn/go-isatty: v0.0.3
- github.com/miekg/dns: v1.0.14
- github.com/mitchellh/cli: v1.0.0
- github.com/mitchellh/go-homedir: v1.1.0
- github.com/mitchellh/go-testing-interface: v1.0.0
- github.com/mitchellh/gox: v0.4.0
- github.com/mitchellh/iochan: v1.0.0
- github.com/oklog/ulid: v1.3.1
- github.com/pascaldekloe/goe: 57f6aae
- github.com/pelletier/go-toml: v1.2.0
- github.com/posener/complete: v1.1.1
- github.com/prometheus/tsdb: v0.7.1
- github.com/ryanuber/columnize: 9b3edd6
- github.com/sean-/seed: e2103e2
- github.com/shurcooL/sanitized_anchor_name: v1.0.0
- github.com/spaolacci/murmur3: f09979e
- github.com/spf13/cast: v1.3.0
- github.com/spf13/jwalterweatherman: v1.0.0
- github.com/spf13/viper: v1.7.0
- github.com/subosito/gotenv: v1.2.0
- github.com/ugorji/go: v1.1.4
- github.com/xordataexchange/crypt: b2862e3
- go.opentelemetry.io/contrib/propagators/b3: v1.10.0
- go.opentelemetry.io/otel/exporters/otlp/internal/retry: v1.10.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.10.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.10.0
- gopkg.in/ini.v1: v1.51.0
- gopkg.in/resty.v1: v1.12.0
- rsc.io/binaryregexp: v0.2.0
- rsc.io/quote/v3: v3.1.0
- rsc.io/sampler: v1.3.0
Changed
- dmitri.shuralyov.com/gpu/mtl: 28db891 → 666a987
- github.com/antlr/antlr4/runtime/Go/antlr: f25a4f6 → v1.4.10
- github.com/aws/aws-sdk-go: v1.38.49 → v1.44.116
- github.com/container-storage-interface/spec: v1.6.0 → v1.7.0
- github.com/containerd/ttrpc: v1.0.2 → v1.1.0
- github.com/cpuguy83/go-md2man/v2: v2.0.1 → v2.0.2
- github.com/dnaeon/go-vcr: v1.0.1 → v1.2.0
- github.com/docker/docker: v20.10.17+incompatible → v20.10.18+incompatible
- github.com/docker/go-units: v0.4.0 → v0.5.0
- github.com/emicklei/go-restful/v3: v3.8.0 → v3.9.0
- github.com/felixge/httpsnoop: v1.0.1 → v1.0.3
- github.com/fsnotify/fsnotify: v1.4.9 → v1.6.0
- github.com/go-kit/log: v0.1.0 → v0.2.0
- github.com/go-logfmt/logfmt: v0.5.0 → v0.5.1
- github.com/go-openapi/jsonreference: v0.19.5 → v0.20.0
- github.com/google/cadvisor: v0.45.0 → v0.46.0
- github.com/google/cel-go: v0.12.4 → v0.12.5
- github.com/google/go-cmp: v0.5.6 → v0.5.9
- github.com/google/pprof: 94a9f03 → 4bb14d4
- github.com/gopherjs/gopherjs: fce0ec3 → 0766667
- github.com/inconshreveable/mousetrap: v1.0.0 → v1.0.1
- github.com/karrick/godirwalk: v1.16.1 → v1.17.0
- github.com/konsorten/go-windows-terminal-sequences: v1.0.2 → v1.0.3
- github.com/matttproud/golang_protobuf_extensions: v1.0.1 → v1.0.2
- github.com/moby/sys/mountinfo: v0.6.0 → v0.6.2
- github.com/moby/term: 3f7ff69 → 39b0c02
- github.com/onsi/ginkgo/v2: v2.1.4 → v2.4.0
- github.com/onsi/gomega: v1.19.0 → v1.23.0
- github.com/opencontainers/runc: v1.1.3 → v1.1.4
- github.com/prometheus/client_golang: v1.12.1 → v1.14.0
- github.com/prometheus/client_model: v0.2.0 → v0.3.0
- github.com/prometheus/common: v0.32.1 → v0.37.0
- github.com/prometheus/procfs: v0.7.3 → v0.8.0
- github.com/smartystreets/assertions: v1.1.0 → b2de0cb
- github.com/spf13/afero: v1.6.0 → v1.2.2
- github.com/spf13/cobra: v1.4.0 → v1.6.0
- github.com/stretchr/objx: v0.2.0 → v0.4.0
- github.com/stretchr/testify: v1.7.0 → v1.8.0
- go.etcd.io/etcd/api/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/client/pkg/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/client/v2: v2.305.4 → v2.305.5
- go.etcd.io/etcd/client/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/pkg/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/raft/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/server/v3: v3.5.4 → v3.5.5
- go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful: v0.20.0 → v0.35.0
- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.20.0 → v0.35.0
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.20.0 → v0.35.0
- go.opentelemetry.io/otel/metric: v0.20.0 → v0.31.0
- go.opentelemetry.io/otel/sdk: v0.20.0 → v1.10.0
- go.opentelemetry.io/otel/trace: v0.20.0 → v1.10.0
- go.opentelemetry.io/otel: v0.20.0 → v1.10.0
- go.opentelemetry.io/proto/otlp: v0.7.0 → v0.19.0
- go.uber.org/goleak: v1.1.10 → v1.2.0
- golang.org/x/crypto: 3147a52 → v0.1.0
- golang.org/x/exp: 85be41e → 6cc2880
- golang.org/x/mobile: e6ae53a → d2bd2a2
- golang.org/x/mod: 86c51ed → v0.6.0
- golang.org/x/net: a158d28 → 1e63c2f
- golang.org/x/oauth2: d3ed0bb → ee48083
- golang.org/x/sys: 8c9f86f → v0.3.0
- golang.org/x/term: 03fcf44 → v0.3.0
- golang.org/x/text: v0.3.7 → v0.5.0
- golang.org/x/tools: v0.1.12 → v0.2.0
- google.golang.org/grpc: v1.47.0 → v1.49.0
- google.golang.org/protobuf: v1.28.0 → v1.28.1
- k8s.io/gengo: c02415c → c0856e2
- k8s.io/klog/v2: v2.70.1 → v2.80.1
- k8s.io/kube-openapi: 67bda5d → 172d655
- k8s.io/system-validators: v1.7.0 → v1.8.0
- k8s.io/utils: ee6ede2 → 1a15be2
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.32 → v0.0.33
- sigs.k8s.io/yaml: v1.2.0 → v1.3.0
Removed
- github.com/ajstarks/svgo: 644b8db
- github.com/auth0/go-jwt-middleware: v1.0.1
- github.com/boltdb/bolt: v1.3.1
- github.com/fogleman/gg: 0403632
- github.com/getkin/kin-openapi: v0.76.0
- github.com/go-ozzo/ozzo-validation: v3.5.0+incompatible
- github.com/golang/freetype: e2365df
- github.com/gophercloud/gophercloud: v0.1.0
- github.com/gorilla/mux: v1.8.0
- github.com/heketi/heketi: v10.3.0+incompatible
- github.com/heketi/tests: f3775cb
- github.com/jung-kurt/gofpdf: 24315ac
- github.com/kr/fs: v0.1.0
- github.com/lpabon/godbc: v0.1.1
- github.com/mvdan/xurls: v1.1.0
- github.com/pkg/sftp: v1.10.1
- github.com/remyoudompheng/bigfft: 52369c6
- github.com/russross/blackfriday: v1.5.2
- github.com/urfave/negroni: v1.0.0
- go.opentelemetry.io/contrib/propagators: v0.20.0
- go.opentelemetry.io/contrib: v0.20.0
- go.opentelemetry.io/otel/exporters/otlp: v0.20.0
- go.opentelemetry.io/otel/oteltest: v0.20.0
- go.opentelemetry.io/otel/sdk/export/metric: v0.20.0
- go.opentelemetry.io/otel/sdk/metric: v0.20.0
- gonum.org/v1/gonum: v0.6.2
- gonum.org/v1/netlib: 7672324
- gonum.org/v1/plot: e2840ee
- modernc.org/cc: v1.0.0
- modernc.org/golex: v1.0.0
- modernc.org/mathutil: v1.0.0
- modernc.org/strutil: v1.0.0
- modernc.org/xc: v1.0.0
- rsc.io/pdf: v0.1.1
v1.26.0-rc.1
Downloads for v1.26.0-rc.1
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | 9f60096e87359e5a35f16d5ceafae855124ce252e124ec6454d8a34757f25a104a22285faed562f8c6ad8178eb79c6bcd9c7b1dde0b81c062eea776e95f50a72 | 
| kubernetes-src.tar.gz | 127edcbd0e28070ea70ac57c4d0bb2989e02ef19d0f5b8ff90d23f6c09cdc1befd6a27ea53684928850669d50bc59ad25e62e5a9bade725bd69c0c5dadfe1fd3 | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | c4d3aceb58ac81b4b2c0225d58bca75a527d3b686bdcc8f94abdeb84a64729ab9fafed83caee47ded141e1b3ac63cfa4ddcd5c7a249c5e30766fe3b4206f2c5e | 
| kubernetes-client-darwin-arm64.tar.gz | 3b9d7474394187d97b4b8c8aad22744425e44bca875231644d609a4086da3ef9c805d0b2205aaedc3214e4727fe322f83e1bc7de0e86de8073aad73663c6a232 | 
| kubernetes-client-linux-386.tar.gz | 8034ebfe53d8197e059e5702f5fad6a78295ea170150a5deb0def6aaa833b1d28b9b58e95ad0e342f462e0cf433416802e473e2819c2f0444ce123daa3f90a94 | 
| kubernetes-client-linux-amd64.tar.gz | 236a3d1b1bd39ae66187fe7b4d841d3efaf8a0d00047b4a7cf0604881f7c596b760271bc6d359664878f9687ff1b0a76be079ae98a42ceeca4bf9d19b1a31ecf | 
| kubernetes-client-linux-arm.tar.gz | 6b53cfc34b015e36579039426b1eadfd0126ccc5d8ad443226a2ccf60069133d9b753f9432ad8cc0137c70c91095ad851d8a1263967b25fb8a259c7d75ca52fd | 
| kubernetes-client-linux-arm64.tar.gz | 5792a32fa1ee641b8e73150c67e252a9c358a6f9c71954e31324241a9316e97561cbcf07244eba7f9bcaba1f93ff6a6315d8298f706ef31abcfb827d3a37d334 | 
| kubernetes-client-linux-ppc64le.tar.gz | 3056e95dd631f94bd992955242520239d7d011a7fa3024581598094bd5fb9a7a85d04c1ab4e5673ba8d669133d9b97ee590c99e24e7f2d1ba115ab4930593007 | 
| kubernetes-client-linux-s390x.tar.gz | f8424a03a46d2b65f7d853dd74f6ee03ce29669e878c3f2584a25d2f03f9b90c48f6cdb4667f524657eca222adf04dbc8cba31f9bef5a1c8426e97a97ffda135 | 
| kubernetes-client-windows-386.tar.gz | c9218f53497e7ce05607d79c130194262f19948d5b4c1ac16093fef48bcebdbc69162677cfd2d3e1b1bf73220a331156e28460f2443ba47006d9e4aa8a21e0a5 | 
| kubernetes-client-windows-amd64.tar.gz | 62e115a066335a43d504c86b6f6f8749e018ebc1271a6bc75e8e0007c29384c153349731db551996f81dd31cae01f8d74cf9abe170ddb1a134083df0fc9575e9 | 
| kubernetes-client-windows-arm64.tar.gz | 15e8ee687996b69c3eae81beeefac84292adb3e2da9bd8d4103a5c9c44bde4f5bf134ec6851cc32c1b07ac73c710160c938a2f4059c40149daf665cb8800e63a | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 8c8ade7261823c05e5e9818ea3e50271ff1900fcefe53be88f82d4b22e489211411f934d798d056406b3c4d409eec6deeaa0ee66287c0f0ac5969949edb050c2 | 
| kubernetes-server-linux-arm.tar.gz | a2265ce14e0638d95f2732a15fb431548d7a88ae5e24015bff638a762944791c86d2b79163485308a3dc5b8fa2239bbdb1d0963b88b55cacd138e49581fc8c6f | 
| kubernetes-server-linux-arm64.tar.gz | 445d1e73673f8dd91e3afb6e4fc63c5b470b3f882bbe3c0008763730915fce6f43ac7c21175c51c9ce4abaf4d26b09348bb8fd1fd762df27bdccc4595364ecfc | 
| kubernetes-server-linux-ppc64le.tar.gz | 2fcfc2772587c195adbdbe67a357e0c4536c0ce8cfa14a8fed63d021452fa6b75f9ddf499243a6cf99ac6f34ea5bfcffa61d7a22d7e42cbd5a7b3d040c311e54 | 
| kubernetes-server-linux-s390x.tar.gz | 6e03a5fcbcc4c03137535ac70f1f2156376ec67870de9e52c06a4df1db1bae209309f9f40c4b8607ffb3319c035be279d854487edba1f77ac38173e63fe185ca | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 4d409c919817fd8b0b786e76ed7b15efa823ed779732a17945a0cd29e37511a98b54959ab89445f2f75e56f8ec243193f706cc6499434ad71e3472f50f95438e | 
| kubernetes-node-linux-arm.tar.gz | e97630f0e442db2839e8b841b2442005687e57f74f6070ab874bed2deb5f4955ee945555237c6102c306db44677dc1f3db83b734ed03d64ddc47d2278de8c1c0 | 
| kubernetes-node-linux-arm64.tar.gz | 7e51982c019417b6f1ef05e07a03cc10c236908b78fec86d59d1102c707373775dbe2e6992fd818b103a86e6e2ce0c603123e346c334844e06908cb8db698b31 | 
| kubernetes-node-linux-ppc64le.tar.gz | 27154ac9cf36f74ba7d42cb7cc0002673519dab9b6ab8ff6784fcc2613091f5da5828b24dd7cfcc708fd561fbfecd4f48920e159e96bf86a1712417965614490 | 
| kubernetes-node-linux-s390x.tar.gz | 9e1f47c40bff72bfa9be18c4eedfd0b334c509dab2639ff9ae8e1f0273fca13ff793e27fcf2cadc8f519ba630d66d324ecbb46e32838760d0cebe3e54228eed0 | 
| kubernetes-node-windows-amd64.tar.gz | d0daa931f9a1fe301a1e5875789c466acf2fef5c769c08776d11b33ba21e7f49c00aa826c5c5a8b696835df0c3132325580393ca79d45e54dfe98f759d3b1768 | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.0-rc.0
Changes by Kind
Bug or Regression
- 
Fix endpoint reconciler not being able to delete the apiserver lease on shutdown (#114122, @aojea) [SIG API Machinery] 
- 
Fixed a bug that resulted in "grpc: the client connection is closing" errors shortly after the Kubernetes API server automatically reloaded its encryption-at-rest config due to an observed change to the file. This bug was only encountered when the --encryption-provider-config-automatic-reload flag was set to true. (#113955, @enj) [SIG API Machinery, Auth and Testing] 
- 
When the feature gates PodDisruptionConditionsandJobPodFailurePolicyare both enabled, the Job controller now does not consider a terminating Pod (a pod that has a.metadata.deletionTimestamp) as a failure until that Pod is terminal (its.status.phaseisFailedorSucceeded).However, the Job controller creates a replacement Pod as soon as the termination becomes apparent. Once the pod terminates, the Job controller evaluates .backoffLimitand.podFailurePolicyfor the relevant Job, taking this now-terminated Pod into consideration.This behavior is limited to Jobs with .spec.podFailurePolicyset, and only when those two feature gates are both enabled. If either of these requirements is not satisfied, the Job controller counts a terminating Pod as an immediate failure, even if that Pod later terminates withphase: "Succeeded". (#113860, @alculquicondor) [SIG Apps]
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
v1.26.0-rc.0
Downloads for v1.26.0-rc.0
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | c029cbe4bac02811164d6caf5c2474afb57ef0c8d1e5d4c3728a5ca38deff50dff354bc5b63f6a5c831a5d1944c559f5c33ebb5a6f13b2219bcc889127b74184 | 
| kubernetes-src.tar.gz | 0166a2421ce2ac5a6a5eb9a47f6c3195072e2ea3c6cf042e90fa20ed9624b7f6f3c3fc7fb9403c005e25c14b668cd33aa153c18d66b3a38722d2ea22edb13d88 | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | 73dd4446f6f58698f5dacc771d49eea436ee7a35edbf29b0470e077325385882544a35bc6c0aa4da8a0fcb4f521d25bb394097fc7895fc8b82e70d928d610dcd | 
| kubernetes-client-darwin-arm64.tar.gz | 8b09a1ab7cd916cfe8a957b459d47dc789405232a09d17313b73ba2174ed61443460835dbdc9420731e29620954713eadc608546c16888902ef729ffa2a4207c | 
| kubernetes-client-linux-386.tar.gz | 2766bc4210815f141a1862c00c827bc6c4c1f2184d10f40884647da896855a4ae35e174daebda22b55a40ba5d18a4a4efef26ba4a57f25a0cb5b6cb5c0d52604 | 
| kubernetes-client-linux-amd64.tar.gz | e9dc23e70cf54b2daddeb6c6b8dd4a7688311b9aa073ed7a6b7e49f197c4c2c4f5c08eb8289f5341bfd6da6e34f9b9d3a050d20d6e3de82af7c43387ff84abff | 
| kubernetes-client-linux-arm.tar.gz | d19a5b00fa829a541bab13150ecdfd4427c1f2ae92061c338a93ca3c36c8609fa77dfe5fc05c7f54f117e0c299a79beb5ac14921819cd5a34e3debc9818aeedc | 
| kubernetes-client-linux-arm64.tar.gz | 63a69da8a5570a08daf2fed9e55e456a761df0aba683cd3b84c6ee3dc6657d982adacf00655c485e6bfb03e9d60e0b89e1dbb568ca92e8e1c458752e24a64bbc | 
| kubernetes-client-linux-ppc64le.tar.gz | 1d63b821339b4bb2c3cc9e3eec949a33143c0fbff96d7f723dcd7aecdb2fc7c40d66b569c70f58c012070e206826d9e0070aaed0bb2c87b251a1d644915a5a2a | 
| kubernetes-client-linux-s390x.tar.gz | dda2f1cb4def6094184d24be792fb8de12cd217eda75cf5f9510191956fa01bf3d130329a3318e2b26845b3335fb1dc74e92adb4d20bc5c7842670836eefc993 | 
| kubernetes-client-windows-386.tar.gz | b3a2fea1264a00f6cc1e09b76df6de9ea63988bccc1e568724a1f5a028e921c0832ef09665ea81077d2b58a8127345faa94d3570c4ccb0d4329a85c492152e34 | 
| kubernetes-client-windows-amd64.tar.gz | ac2db53ec5a5421bdebe24ac0ac7a5b585c9e6883f95c2424d6041707bf6b68a8b1e8a9f2ca594fa969e9d555b375cffe684922bfd65149d0d738067bcad0aa9 | 
| kubernetes-client-windows-arm64.tar.gz | 0f8c501689f44cdeee4c5917c09e57ee6e5bcac78626fc1fe839a367a80f16ac9724dcc0220e29d169aa3fa8fe379365167814883c1d8596f220b418433cdf55 | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 083916605845bce97c5cb371086122ac1d985853bf565f4619c9463d70f4e0f9f538a1dde9a2c2b79ea4646ced702600b7abab166554d607a6edaec3dc6a73ef | 
| kubernetes-server-linux-arm.tar.gz | 68212f3854e33b5657f280839f3bda53bf048adf5630342070447db1b3a37004923f3388c51f9d40a54831f9709010669fa712ee937ad4bcf1c9f5c5f4f1b0f8 | 
| kubernetes-server-linux-arm64.tar.gz | 8ded836f67e98240e8e5e6c9ce0a56c3466563462c75e55b5043afe4d1dea30059753fb49d00044083d50b1fda3cbc3b7ac1ba3232ea743706a38684a55131a7 | 
| kubernetes-server-linux-ppc64le.tar.gz | 4bf5a296b54e805b795777f99b40054287b4a7d5857897b47e3da4f6cdbfe4b91d771c85facfaf96340d14f3764d15d3b019a53961c0b5ffd76fb1e60f2fa586 | 
| kubernetes-server-linux-s390x.tar.gz | 4cf0e6a16d011fc0f2a6801b5b0c09e70caffe949f0ef1b5230379ef6f79a9a874b7c6a1c7a49ed8080324c0bf12d43e8181aca9ab2251df7d508dc9e050d6a3 | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | b60d6ecaa093b912478c3402a0bb4b01a553fbf8220ce0ed587c5181df2473b7b85750d47e6e30bf935cf616aa1912a5c034fe2e425e5b51bf9a71af634f76ea | 
| kubernetes-node-linux-arm.tar.gz | f8120e276b91fbb88e2458e14b067c2f3517d09d8250cfbdf0306d51fff8355c7dc3e83f66216c803a34b521c40f3ad5b62d79a7f4f86f1a25e2057f098ac024 | 
| kubernetes-node-linux-arm64.tar.gz | 09ca76f6a681a489cc6c291358eeca10666ffee7a82382e87714684f24e67ea97bffdafb0b83a01641893db5cabe480b83f9afc77fabb850eeb0a173a2349526 | 
| kubernetes-node-linux-ppc64le.tar.gz | a09d28611f73193f33f07da4e2fff5987a4332893381f8322fc7a48a2884856c75cce306fced1cb0cd18119e9f801c95307128567400749792a67cd797b5ba01 | 
| kubernetes-node-linux-s390x.tar.gz | 665b856bb641960a654829ef532dab84768e59a6653b07d7d8fd613364e07eff79f102b05799ca718b7ad5f0bd01128b3aa3498ea5afea70992c4cbcb3154065 | 
| kubernetes-node-windows-amd64.tar.gz | f1d1d38db0a22e68f8c872bcb0569452ade58d5d3d4bb93233a0bea45c70bd8264eaa5cd03cc92e463f7f4c29ee3114a8696748f8f925da5033144e0e9298376 | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.0-beta.0
Changes by Kind
API Change
- Add a ResourceClaimAPI (in the resource.k8s.io/v1alpha1 API group and behind theDynamicResourceAllocationfeature gate). The new API is more flexible than the existing Device Plugins feature of Kubernetes because it allows Pods to request (claim) special kinds of resources, which can be available at node level, cluster level, or following any other model you implement. (#111023, @pohly) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release, Scheduling, Storage and Testing]
- PodDisruptionBudget adds an alpha spec.unhealthyPodEvictionPolicyfield. When thePDBUnhealthyPodEvictionPolicyfeature-gate is enabled inkube-apiserver, setting this field to"AlwaysAllow"allows pods to be evicted if they do not have a ready condition, regardless of whether the PodDisruptionBudget is currently healthy. (#113375, @atiratree) [SIG API Machinery, Apps, Auth and Testing]
Feature
Bug or Regression
- Known issue: Job field .spec.podFailurePolicy.rules[*].onExitCodemight be ignored if the Pod is deleted before it terminates. (#113856, @alculquicondor) [SIG Apps]
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
v1.26.0-beta.0
Downloads for v1.26.0-beta.0
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | 9aa7ea4dac63ca19b62dbb5ff3769f96d52f17d14050bdb4832936b6732879b93544ffae4411783e57b5171e12bc7bba8dbd275fdbc0755712a0b80069d06097 | 
| kubernetes-src.tar.gz | 350ee84981bdc47f1ccee421efe2102d1323195b605c79884a0a3628c49d20533bbf3f49d54a3ce94b2a5627290103a4edd14cfdd1bd732c859f88ad06ad178a | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | 8333a7b382ce29c79f9d2958c90e5e34c3af205a64d7f99bf94817df92879b136ba1f40a675555368aee68a9278a03142f20b8cb1797d1eaa3ba2344e2109904 | 
| kubernetes-client-darwin-arm64.tar.gz | 5f263002532b818c9dca80119f7fe78474f7fee66d13409e8fad588b1aa7edda7a333a1f0982b86582b0a202f57253a6ae7a64ecba9569e9b08f478f1cc2c2e3 | 
| kubernetes-client-linux-386.tar.gz | 344a33e30a29043533810d48f42d34d25a919925f85610b232c8c2f9da04c6faa2e43bc45dc7cb2d04c4c7bc24e6d77621abdc667a4a0707082212505babe5d5 | 
| kubernetes-client-linux-amd64.tar.gz | 267dd3143813d7462dc821ec2ebf22c266280420fdecbbaf73e4f03a803ef4be5e0e98bbac036e0ba96e4c56ba937cf1064ed91208dff0b91797b3243810d097 | 
| kubernetes-client-linux-arm.tar.gz | c1779aa4bed88510640de2f2c964c981f188a6a15d2e468e503982ad63f20a0f282752d9e3d9e811895ccf7e8847fe9c7bbecb76d64d087e83a9677c8d6a6ad0 | 
| kubernetes-client-linux-arm64.tar.gz | 82170b76010c8f54c8a40684a1226433626afabd6c585cd41035e17aa8923d1c3991cbae0d77ca79153a972d8840b92d1958e253e3a9ae5eda2b9e8d9c09d01e | 
| kubernetes-client-linux-ppc64le.tar.gz | d0e59ec798ef03c01990e184847b1bfd38805d9e95901699c5bbbdf31d2e942dab63a8fb68656dc9affd0fa483efb360751d5d0b445f9d6c1e9713c1f10d1f7f | 
| kubernetes-client-linux-s390x.tar.gz | d2ebeadcdd809f9f1ee4bd1884efd5093279cc3511c791007061ee980becdf7e1e3980f61f644b7425d1ec10c386d8c74e9296031472376bf8ea481c047920e9 | 
| kubernetes-client-windows-386.tar.gz | 04d7a1387112428283081fc74bcaf83d7a7dbe59f58bad45794603e8dfa4cee723aa1b4fd1616c96dc9ff2e49a246345d4135756d9779a86916d41e4cbeae46c | 
| kubernetes-client-windows-amd64.tar.gz | db7680b960de8f2f0da782ae2e6b2e396c5b4606e7c894af5bf4e5627fb83d635b3b7f893af80252515bd0fef2accf6b598ba5042ffd5e9c8d71cff68fc4ab25 | 
| kubernetes-client-windows-arm64.tar.gz | 7ff409c0c1f2ca26f42dd6199b559df390238f17c1bf868a10e8d1433bfe7305bed57f20b187a806076f2788a64ad224998ac5dfaeb20a7cef01dfc6bf025de0 | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | ef82141b01f845ad0576207cf528a9d1f8be681e1fd4744d4e01f3692491a0a640de92f79ef4294d924deee29926de4b0eefc6757addc6a27557c79ca94e3c46 | 
| kubernetes-server-linux-arm.tar.gz | 14f2be17866492accd69225b55ddca636aa46cd825a9092bb2bf05cd2adc04c59e0b8271adab4b345b8368337863a3884d608ca7e8de48d3598d1b144e4142dc | 
| kubernetes-server-linux-arm64.tar.gz | c7df332e9bb9c20abdd3a0e2a57509e3ef7b5ea0eadee6cffc09c6cbffb0e01fb845a1135a7d4ea3e784227022839bae8936a3d95846b5fde23bf7e096413c1c | 
| kubernetes-server-linux-ppc64le.tar.gz | a5e5b2d60a4fde3db2214a0509c677e94c205fab7350b57dca79558a999f28752fe096ee863d4c9c410079fab3a08665aec84cb1a1732d53e9ac09cffe65b389 | 
| kubernetes-server-linux-s390x.tar.gz | 4d84170a3a5bcea73db3c922154724e4021dd3fd20833698428002975eec1a958f528f54d747870ace58859741eeebc7caec1074ae84ba08b35d5a1efa1ab0d1 | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 2a194c2e2da4949df32806a7592716406ab3148287e6c97285155e0c7390b8cbcdbd426fb4ff40885f1db7b31355e7bcf9f590edeb77318ba5e39e92e40569f1 | 
| kubernetes-node-linux-arm.tar.gz | 960ab6a725cd5b9ac59449cda00605a4f4d876541b362852cd2c915b1cf449713139c540f1a7d8e48920a67515fc3389007313cfa348e886ec7e4cb7c783e90e | 
| kubernetes-node-linux-arm64.tar.gz | ee3c62ab7174e737c372325a5bc086b61d42b957211e6fb1061aafee8f24284ceca22c0d7c2e92020327a8cf4bd1fe9a8cd685174c0c5ae03bb7ed293c1d6dc6 | 
| kubernetes-node-linux-ppc64le.tar.gz | 28dc29007d319172c82b6ae675a218ce4dc484ddb81371ddccd5e5aeced90aa4033a08eb6ac3d562627b7762988d7de2f72fbfddada454009b9f3c0137d23864 | 
| kubernetes-node-linux-s390x.tar.gz | ebdb47d96ae97ec6abfa9ec0863b1ead84615c49be950e79dff27a8a6a2454044854976545017947528ab104007f9010a27d68b96916219934e541bbafd23851 | 
| kubernetes-node-windows-amd64.tar.gz | f2197c28414f98a77cc501a47a960be22c45a19f1023c0a4a426442aa719a7c6b66a660ad9721d817216e59ac2ce8a2d0e7db89c1e36b4938833329af40b85af | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.0-alpha.3
Changes by Kind
Deprecation
- CLI flag pod-eviction-timeoutis deprecated and will be removed together withenable-taint-managerin v1.27. (#113710, @kerthcet) [SIG API Machinery and Apps]
API Change
- 
A new preEnqueueextension point is added to scheduler's component config v1beta2/v1beta3/v1. (#113275, @Huang-Wei) [SIG API Machinery, Apps, Instrumentation, Scheduling and Testing]
- 
Add a new namespace alpha field to dataSourceRef field in PersistentVolumeClaim API. (#113186, @ttakahashi21) [SIG API Machinery, Apps, Storage and Testing] 
- 
Add a kube-proxy flag (--iptables-localhost-nodeports, default true) to allow disabling NodePort services on loopback addresses. Note: this only applies to iptables mode and ipv4. (#108250, @cyclinder) [SIG API Machinery, Cloud Provider, Network, Node, Scalability, Storage and Testing] 
- 
Added a --topology-manager-policy-options flag to the kubelet to support fine tuning the topology manager policies. The first policy option, prefer-closest-numa-nodes, allows these policies to favor sets of NUMA nodes with shorter distance between nodes when making admission decisions. (#112914, @PiotrProkop) [SIG API Machinery and Node]
- 
Added a feature that allows a StatefulSet to start numbering replicas from an arbitrary non-negative ordinal, using the .spec.ordinals.startfield. (#112744, @pwschuurman) [SIG API Machinery and Apps]
- 
Deprecate the apiserver_request_slo_duration_seconds metric for v1.27 in favor of apiserver_request_sli_duration_seconds for naming consistency purposes with other SLI-specific metrics and to avoid any confusion between SLOs and SLIs. (#112679, @dgrisonnet) [SIG API Machinery and Instrumentation] 
- 
Enable the "Retriable and non-retriable pod failures for jobs" feature into beta (#113360, @mimowo) [SIG Apps, Auth, Node, Scheduling and Testing] 
- 
Graduate JobTrackingWithFinalizers to stable. Jobs created before the feature was enabled are still tracked without finalizers. Users can choose to migrate jobs to tracking with finalizers by adding the annotation batch.kubernetes.io/job-tracking. If the annotation was already present and the user attempts to remove it, the control plane adds the annotation back. (#113510, @alculquicondor) [SIG API Machinery, Apps and Testing] 
- 
Graduate ServiceInternalTrafficPolicy feature to GA (#113496, @avoltz) [SIG Apps and Network] 
- 
If you enabled automatic reload of encryption configuration with API server flag --encryption-provider-config-automatic-reload, ensure all the KMS provider names (v1 and v2) in the encryption configuration are unique. (#113697, @aramase) [SIG API Machinery and Auth] 
- 
Introduce v1alpha1 API for validating admission policies, enabling extensible admission control via CEL expressions (KEP 3488: CEL for Admission Control). To use, enable the ValidatingAdmissionPolicyfeature gate and theadmissionregistration.k8s.io/v1alpha1API via--runtime-config. (#113314, @cici37) [SIG API Machinery, Auth, Cloud Provider and Testing]
- 
Kubelet adds the following pod failure conditions: 
- 
Metav1.LabelSelectors specified in API objects are now validated to ensure they do not contain invalid label values that will error at time of use. Existing invalid objects can be updated, but new objects are required to contain valid label selectors. (#113699, @liggitt) [SIG API Machinery, Apps, Auth, Network and Storage] 
- 
Moving MixedProtocolLBService from beta to GA (#112895, @janosi) [SIG Apps, Network and Testing] 
- 
New Pod API field .spec.schedulingGatesis introduced to enable users to control when to mark a Pod as scheduling ready. (#113274, @Huang-Wei) [SIG Apps, Scheduling and Testing]
- 
NodeInclusionPolicy in podTopologySpread plugin is enabled by default. (#113500, @kerthcet) [SIG API Machinery, Apps, Scheduling and Testing] 
- 
Priority and Fairness has introduced a new feature called borrowing that allows an API priority level to borrow a number of seats from other priority level(s). As a cluster operator, you can enable borrowing for a certain priority level configuration object via the two newly introduced fields lendablePercent, andborrowingLimitPercentlocated under the.spec.limitedfield of the designated priority level. This PR adds the following metrics.- apiserver_flowcontrol_nominal_limit_seats: Nominal number of execution seats configured for each priority level
- apiserver_flowcontrol_lower_limit_seats: Configured lower bound on number of execution seats available to each priority level
- apiserver_flowcontrol_upper_limit_seats: Configured upper bound on number of execution seats available to each priority level
- apiserver_flowcontrol_demand_seats: Observations, at the end of every nanosecond, of (the number of seats each priority level could use) / (nominal number of seats for that level)
- apiserver_flowcontrol_demand_seats_high_watermark: High watermark, over last adjustment period, of demand_seats
- apiserver_flowcontrol_demand_seats_average: Time-weighted average, over last adjustment period, of demand_seats
- apiserver_flowcontrol_demand_seats_stdev: Time-weighted standard deviation, over last adjustment period, of demand_seats
- apiserver_flowcontrol_demand_seats_smoothed: Smoothed seat demands
- apiserver_flowcontrol_target_seats: Seat allocation targets
- apiserver_flowcontrol_seat_fair_frac: Fair fraction of server's concurrency to allocate to each priority level that can use it
- apiserver_flowcontrol_current_limit_seats: current derived number of execution seats available to each priority level
 The possibility of borrowing means that the old metric apiserver_flowcontrol_request_concurrency_limit can no longer mean both the configured concurrency limit and the enforced concurrency limit. Henceforth it means the configured concurrency limit. (#113485, @MikeSpreitzer) [SIG API Machinery and Testing] 
- 
The EndpointSliceTerminatingCondition feature gate has graduated to GA. The gate is now locked and will be removed in v1.28. (#113351, @andrewsykim) [SIG API Machinery, Apps, Network and Testing] 
- 
Yes, aggregated discovery will be alpha and can be toggled with the AggregatedDiscoveryEndpoint feature flag (#113171, @Jefftree) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Network, Node, Release, Scalability, Scheduling, Storage and Testing] 
Feature
- API Server tracing now includes the latency of authorization, priorityandfairness, impersonation, audit, and authentication filters. (#113217, @dashpole) [SIG API Machinery and Instrumentation]
- Add a method StreamWithContextto remotecommand.Executor to support cancelable SPDY executor stream. (#103177, @arkbriar) [SIG API Machinery, CLI, Node and Testing]
- Add alpha support for returning container and pod metrics from CRI, instead of cAdvsior (#113609, @haircommander) [SIG Architecture, Instrumentation and Node]
- Add support for Evented PLEG feature gate (#111384, @harche) [SIG Node and Testing]
- Add the metric pod_start_sli_duration_seconds to kubelet (#111930, @azylinski) [SIG Instrumentation, Node and Testing]
- Added reconstruction of SELinux mount context after kubelet restart. Feature SELinuxMountReadWriteOncePod is now fully implemented and kubelet does not lose its cache of SELinux contexts after kubelet process restart. (#113596, @jsafrane) [SIG Apps, Node, Storage and Testing]
- Added selector validation to HorizontalPodAutoscaler: when multiple HPAs select the same set of Pods, scaling now will be disabled for those HPAs with the reason AmbiguousSelector. This change also covers a case when multiple HPAs point to the same deployment. (#112011, @pbeschetnov) [SIG Apps and Autoscaling]
- Added: publishing events when enabling/disabling topologyAwareHints. (#113544, @LiorLieberman) [SIG Apps and Network]
- Adding alpha support for WindowsHostNetworking feature (#112961, @marosset) [SIG Node and Windows]
- Adds alpha --output plaintext protected by environment variable KUBECTL_EXPLAIN_OPENAPIV3(#113146, @alexzielenski) [SIG CLI]
- Adds metrics force_delete_pods_totalandforce_delete_pod_errors_totalin the Pod GC Controller. (#113519, @xing-yang) [SIG Apps]
- CSIMigrationvSphere upgraded to GA and locked to true. Do not upgrade to K8s 1.26 if you need Windows support until vSphere CSI Driver adds support for it in a version post v2.7.x. (#113336, @divyenpatel) [SIG Storage]
- DelegateFSGroupToCSIDriver feature is GA. (#113225, @bertinatto) [SIG Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
- Graduate Kubelet CPU Manager to GA. (#113018, @fromanirh) [SIG Node and Testing]
- Graduate Kubelet Device Manager to GA. (#112980, @swatisehgal) [SIG Cloud Provider and Node]
- If ComponentSLIsfeature gate is enabled, then/metrics/slisbecomes available on cloud-controller-manager allowing you to scrape health check metrics. (#113340, @Richabanker) [SIG Cloud Provider]
- Kubectl config view now automatically redacts any secret fields marked with a datapolicy tag (#109189, @mpuckett159) [SIG API Machinery, Auth, CLI and Testing]
- Kubectl shell completions for the bash shell now include descriptions. (#113636, @marckhouzam) [SIG CLI]
- Kubernetes is now built with Go 1.19.3 (#113550, @xmudrii) [SIG Release and Testing]
- Make Azure File CSI migration as GA in 1.26 (#113160, @andyzhangx) [SIG Cloud Provider]
- NodeOutOfServiceVolumeDetach is now beta. (#113511, @xing-yang) [SIG Node and Storage]
- Pod Security admission: the pod-security warnlevel will now default to theenforcelevel. (#113491, @tallclair) [SIG Auth and Security]
- Promote kubectl alpha events to kubectl events (#113819, @soltysh) [SIG CLI and Testing]
- Promote the APIServerIdentityfeature to Beta. By default, each kube-apiserver will now create a Lease in thekube-systemnamespace. These lease objects can be used to identify the number of active API servers in the cluster, and may also be used for future features such as the Storage Version API. (#113629, @andrewsykim) [SIG API Machinery and Testing]
- Promoting WindowsHostProcessContainers to stable (#113476, @marosset) [SIG Apps, Node, Testing and Windows]
- RetroactiveDefaultStorageClass feature is now beta. (#113329, @RomanBednar) [SIG Apps, Storage and Testing]
- The LegacyServiceAccountTokenNoAutoGeneration feature gate has been promoted to GA (#112838, @zshihang) [SIG API Machinery, Apps, Auth and Testing]
- The ProxyTerminatingEndpoints feature is now Beta and enabled by default. When enabled, kube-proxy will attempt to route traffic to terminating pods when the traffic policy is Local and there are only terminating pods remaining on a node. (#113363, @andrewsykim) [SIG Network]
- The iptables kube-proxy backend should process service/endpoint changes more efficiently in very large clusters. (#110268, @danwinship) [SIG Instrumentation and Network]
- Update the Lease identity naming format for the APIServerIdentity feature to use a persistent name (#113307, @andrewsykim) [SIG API Machinery, Node and Testing]
- Updated cAdvisor to v0.46.0 (#113769, @bobbypage) [SIG Architecture, CLI, Cloud Provider, Node and Storage]
Bug or Regression
- Apiserver: use the correct error when logging errors updating managedFields (#113711, @andrewsykim) [SIG API Machinery]
- Bump runc to v1.1.4 (#113719, @pacoxu) [SIG Node]
- Do not raise an error when setting an annotation with the same value, just ignore it. (#109505, @zigarn) [SIG CLI]
- Fix cost estimation of token creation request for service account in Priority and Fairness. (#113206, @marseel) [SIG API Machinery]
- Fix that disruption controller changes the status of a stale disruption condition after 2 min when the PodDisruptionConditions feature gate is enabled (#113580, @mimowo) [SIG Auth]
- Fix the PodAndContainerStatsFromCRI feature, instead of supplementing with stats from cAdvisor. (#113291, @mengjiao-liu) [SIG Instrumentation and Node]
- For kubectl,--server-sidenow migrates ownership of all fields used by client-side-apply to the specified--fieldmanager. This prevents fields previously specified using kubectl from being able to live outside of server-side-apply's management and become undeleteable. (#112905, @alexzielenski) [SIG API Machinery, CLI and Testing]
- Kubectl apply: warning that kubectl will ignore no-namespaced resource pv & namespacein a future release if the namespace is specified and allowlist is not specified (#110907, @pacoxu) [SIG CLI]
- Kubelet: Fixes a startup crash in devicemanager (#113021, @rphillips) [SIG Node]
- Kubelet: fix nil pointer in reflector start for standalone mode (#113501, @pacoxu) [SIG Node]
- NOTE (#113749, @jpbetz) [SIG API Machinery]
- Pod logs using --timestamps are not broken up with timestamps anymore. (#113481, @rphillips) [SIG Node]
- Resolves an issue that causes winkernel proxier to treat stale VIPs as valid (#113521, @daschott) [SIG Network and Windows]
- The resourceVersion returned in objects from delete responses is now consistent with the resourceVersion contained in the delete watch event (#113369, @wojtek-t) [SIG API Machinery]
Other (Cleanup or Flake)
- A new API server flag --encryption-provider-config-automatic-reload has been added to control when the encryption config should be automatically reloaded without needing to restart the server. All KMS plugins are merged into a single healthz check at /healthz/kms-providers when reload is enabled, or when only KMS v2 plugins are used. (#113529, @enj) [SIG API Machinery, Auth and Testing]
- Added a --prune-allowlistflag that can be used withkubectl apply --prune. This flag replaces and functions the same as the--prune-whitelistflag, which has been deprecated. (#113116, @brianpursley) [SIG CLI]
- Deprecated the following kubectl run flags, which are ignored if set: --cascade, --filename, --force, --grace-period, --kustomize, --recursive, --timeout, --wait (#112261, @brianpursley) [SIG CLI]
- Dropped support for the Container Runtime Interface (CRI) version v1alpha2, which means that container runtimes just have to implementv1. (#110618, @saschagrunert) [SIG Node and Security]
- Promote job-related metrics to stable to follow IndexedJobs GA, the following metrics had their name updated to match metrics API guidelines:
- Promote cronjob_job_creation_skew metric to stable to follow the cronjob v2 controller, the following metrics had their name updated to match metrics API guidelines:
- Rename the feature gate for CEL in Admission Control to ValidatingAdmissionPolicy. (#113735, @cici37) [SIG API Machinery and Testing]
- kubelet_kubelet_credential_provider_plugin_durationis renamed- kubelet_credential_provider_plugin_durationand- kubelet_kubelet_credential_provider_plugin_errorsis renamed- kubelet_credential_provider_plugin_errors. (#113754, @logicalhan) [SIG Instrumentation and Node]
Dependencies
Added
Nothing has changed.
Changed
- github.com/container-storage-interface/spec: v1.6.0 → v1.7.0
- github.com/containerd/ttrpc: v1.0.2 → v1.1.0
- github.com/docker/docker: v20.10.17+incompatible → v20.10.18+incompatible
- github.com/docker/go-units: v0.4.0 → v0.5.0
- github.com/google/cadvisor: v0.45.0 → v0.46.0
- github.com/karrick/godirwalk: v1.16.1 → v1.17.0
- github.com/moby/sys/mountinfo: v0.6.0 → v0.6.2
- github.com/moby/term: 3f7ff69 → 39b0c02
- github.com/opencontainers/runc: v1.1.3 → v1.1.4
- github.com/prometheus/client_golang: v1.13.0 → v1.14.0
- github.com/prometheus/client_model: v0.2.0 → v0.3.0
- k8s.io/utils: 665eaae → 1a15be2
Removed
Nothing has changed.
v1.26.0-alpha.3
Downloads for v1.26.0-alpha.3
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | e38caad0331adb21176e326bbcf1b4f55385b00011fd476c12a7872a2cfa1d25d2d961f2986cc336549be71bc8f3513578317a852d39c0ad6c62bd3bd4ce17d1 | 
| kubernetes-src.tar.gz | f5931854054f3d739636fccc78c29a9cb579e3885143dae7d89c72d9e41857acf91ee0166ef92766e414355258409ca209ce7c2cf512322cc0f2b17bb9670098 | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | fbfa2b4af54b8765465a8892ad7ceb56f019132805d7c1f0d63e9e569a33a722862234c1184f395c865bf1e8393951b8ea50bf972766d8283281bd2fc0ada86a | 
| kubernetes-client-darwin-arm64.tar.gz | 5b9af35b9284a7f4813031f913e3aa014d3a1b1fa7823564409c8c6ce7a8a2272b2fb306bcbb777736d241b7997fcf4fed97388614ccdb25463f8f41f3398204 | 
| kubernetes-client-linux-386.tar.gz | 0fe3a80e9dfa85798f1da7b24c94c83328d4a00e4032b6dbe03c674fe39bd35a8a53c7b005fc9d81f0992920d4b66d25dc3a50c87df9884cdc4df9a61cca82f8 | 
| kubernetes-client-linux-amd64.tar.gz | 36ef2a886f871bbf674aa740de4c2f61be4f80b8dd68c38b784af4a92a03af659ffab8de6a06cb400fbeea6bcb6f2eef9e809c5959a9050de5e0dd63521fcefa | 
| kubernetes-client-linux-arm.tar.gz | ae8a4f8e568843ea6f4321b0b7e2779ef1177e86ea979355509cf5788a05d1b08eaae54d400296b41ef5463d7e576df9d5943104ac830cf17f7e9e879460dc43 | 
| kubernetes-client-linux-arm64.tar.gz | c8f10f35b38509b9c02af2946dfa96e86a8dca69c587754cdfe0cda0cfee8fbcf118fd8fa92543a04571d370c3a9942f40d19e0740efa301a2f9e542be4c0051 | 
| kubernetes-client-linux-ppc64le.tar.gz | c416055c92483ec93d0ecfd4c1738ed1c9aafd9d68f806dc0e9b3fbe994c60fbb41baaa9a64fd1a5725ae16d6e22e93c40f8be5af4e122d1eb1d095d2f7a6c26 | 
| kubernetes-client-linux-s390x.tar.gz | 88155930c24f784d6f73864af07518d0cdde486e32857d1d057d0ed0bfce7c8c7501f1fc29275747d7b50d812e910b1fb2fa14f7ef91aeedeaf530cdbe9094f7 | 
| kubernetes-client-windows-386.tar.gz | 3c89c5044ca402bb022af618404839eb0cadb3e89552c4002386503911b1e4622a16a4452c26310ee2ead49058faa17711136435f3303271be903dabce93ae0d | 
| kubernetes-client-windows-amd64.tar.gz | 8d053b7eb02e850d2d70492d0cbd76e6b68ff43b3373539563c67ab2dc66895a387f4e7dfb31dffde85a32086beb8db3a12a55dd5e9f4261bd768c853be3e6fa | 
| kubernetes-client-windows-arm64.tar.gz | 0034b8b34b66cf72f9a77ffe0ab441517f12ba7bafbcf8abea7b6650f8936da0a4e90f56a315dc2d16392684167850401de6c1dbf386bce2e28aeab9e3b4963d | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 1b7c60428a326c337c59080923766d46c7b4a9c0ffc7125d6000f410a1cbd488403a00d36ea22a7fbddf70aa78c53e06c4d0cb434f254b7e883481393a99dec7 | 
| kubernetes-server-linux-arm.tar.gz | 4eec57f333e4d5cc99929465e6bf01f057351925d5b38c92751c1b30a2f1f61d81db14d95100c5ea01950eee4ef172772e91dc38000ec50bfa1e01f8a62e0d54 | 
| kubernetes-server-linux-arm64.tar.gz | a6a11db5f669e0705083269df9813c8da9e7d61f76c78ac0cb55ea9cfffad865e0de7b129727192cec03ecae89d7e51f1097b010290106a5ac8a563294fb69b2 | 
| kubernetes-server-linux-ppc64le.tar.gz | 3b66310e6adad44b38a02eb315281e15e3f6f4fd6490ea279a3f962ca27b6537f4210a2db8e0648816614e2a9d73a622fdf0bac2ea0dc2c462543ce44acc3a45 | 
| kubernetes-server-linux-s390x.tar.gz | 4dd94f22f4a309aa3fc0f92d1708a31660b291270107baf8ed80bbb49677136cce17345edf21e1a132584702218192e85876d36211884880629a8a38b98e6680 | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 1c8b21a36d18a9a6c3ebf92cd61d9b36ef06b5e415f4bbf86518d3a740cb132a767c1b806e0b65e3a52eb8a2fc6452d0e897aaeea4505ad5206b0b304f784e0e | 
| kubernetes-node-linux-arm.tar.gz | 23797df2c5eb2fe473d06edb3fe032f2c55bb68eaa2074d1ce3f0455545076be5859288bc835d194da2291dc488da375ecbf21511f9876ca80da978f5ff3491c | 
| kubernetes-node-linux-arm64.tar.gz | 5f2ce6867228dc4cdb4a418421ac28d7f3a4e4e2f5ba7470cd141dc3b45978537d19ba81f0bd3751ba0ba31a3f67b41d7fac7932623cfd719b526fe3a879e42c | 
| kubernetes-node-linux-ppc64le.tar.gz | 9acdaf23e8e8a8bc5afac8fbccd1325f45a0bcf7ac1e02beaf2e54e54dfc95e5d90b5efeb9dfbfa9ebfd83331f7daeb928f2ad579ba02d234e0294a9df1e1d6e | 
| kubernetes-node-linux-s390x.tar.gz | d971dc06b94a02b23d384c366946a0304f53513717180351c70eef989841a33940fa56698d4f30161cd15ac47f2577569ff2cf63775d5c191ba798695d48f252 | 
| kubernetes-node-windows-amd64.tar.gz | a2db5de15c72c6bc9bcd29dca31f6abf5c6cd3dd60c448bf4c4d93ad13f2864cd0904feaa5f0d3954c0199dcd64191dc97128863275e69705a3208c91f7f8b73 | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.0-alpha.2
Changes by Kind
API Change
- 
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: ([#86139](https://github.com/kubernetes/kubernetes/pull/86139), [@jasimmons](https://github.com/jasimmons)) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Contributor Experience, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing]- Add percentageOfNodesToScore as a scheduler profile level parameter to API version v1. If a profile percentageOfNodesToScore is set, it will override global percentageOfNodesToScore. (#112521, @yuanchen8911) [SIG API Machinery, Scheduling and Testing]
 
- 
Kube-controller-manager supports '--concurrent-horizontal-pod-autoscaler-syncs' flag to set the number of horizontal pod autoscaler controller workers. (#108501, @zroubalik) [SIG API Machinery, Apps and Autoscaling] 
- 
Kube-proxy: The "userspace" proxy mode (deprecated for over a year) is no longer supported on either Linux or Windows. Users should use "iptables" or "ipvs" on Linux, or "kernelspace" on Windows. (#112133, @knabben) [SIG API Machinery, Network, Scalability, Testing and Windows] 
- 
Kubectl wait command with jsonpath flag will wait for target path appear until timeout. (#109525, @jonyhy96) [SIG CLI and Testing] 
- 
Kubelet external Credential Provider feature is moved to GA. Credential Provider Plugin and Credential Provider Config APIs updated from v1beta1 to v1 with no API changes. (#111616, @ndixita) [SIG API Machinery, Node, Scheduling and Testing] 
- 
The DynamicKubeletConfigfeature gate has been removed from the API server. Dynamic kubelet reconfiguration now cannot be used even when older nodes are still attempting to rely on it. This is aligned with the Kubernetes version skew policy. (#112643, @SergeyKanzhelev) [SIG API Machinery, Apps, Auth, Node and Testing]
Feature
- API Server Tracing now includes a variety of new spans and span events. (#113172, @dashpole) [SIG API Machinery, Architecture, Auth, Instrumentation, Network, Node and Scheduling]
- Add kubelet metrics to track the cpumanager cpu allocation and pinning (#112855, @fromanirh) [SIG Instrumentation, Node and Testing]
- Added categories column to the kubectl api-resourcescommand's wide output (-o wide). Added--categoriesflag to thekubectl api-resourcescommand, which can be used to filter the output to show only resources belonging to one or more categories. (#111096, @brianpursley) [SIG CLI]
- Admission control plugin "DefaultStorageClass": If more than one StorageClass is designated as default (via the "storageclass.kubernetes.io/is-default-class" annotation), choose the newest one instead of throwing an error. (#110559, @danishprakash) [SIG Apps and Storage]
- Change  preemption_victimsmetric bucket fromLinearBucketstoExponentialBuckets. (#112939, @lengrongfu) [SIG Instrumentation and Scheduling]
- Extend the job job_finished_total metric by newreason` label and introduce a new job metric to count pod failures handled by pod failure policy with respect to the action applied. (#113324, @mimowo) [SIG Apps and Testing]
- Graduate ServiceIPStaticSubrange feature to GA (#112163, @aojea) [SIG Network]
- If ComponentSLIsfeature gate is enabled, then/metrics/slisbecomes available on kube-controller-manager, allowing you to scrape health check metrics. (#112978, @logicalhan) [SIG API Machinery and Cloud Provider]
- If ComponentSLIsfeature gate is enabled, then/metrics/slisbecomes available on kube-proxy allowing you to scrape health check metrics. (#113057, @Richabanker) [SIG Network]
- If ComponentSLIsfeature gate is enabled, then/metrics/slisbecomes available on kube-scheduler, allowing you to scrape health check metrics. (#113026, @Richabanker) [SIG Scheduling]
- If ComponentSLIsfeature gate is enabled, then/metrics/slisbecomes available on kubelet, allowing you to scrape health check metrics. (#113030, @Richabanker) [SIG Node]
- Kubeadm: command kubeadm join phase control-plane-prepare certsis now supporting to run withdry-runmode on it's own (#113005, @chendave) [SIG Cluster Lifecycle]
- Logs of requests that were timed out by a timeout handler will no longer contain a "statusStack" and "logging error output" fields (#112374, @Argh4k) [SIG API Machinery]
- Metrics for RetroactiveDefaultStorageClass feature are now available. To see an attempt count for updating PVC retroactively with a default StorageClass see retroactive_storageclass_totalmetric and for total numer of errors seeretroactive_storageclass_errors_total. (#113323, @RomanBednar) [SIG Apps]
- New metric job_controller_terminated_pods_tracking_finalizer can be used to monitor whether the job controller is removing Pod finalizers from terminated Pods after accounting them in Job status. (#113176, @alculquicondor) [SIG Apps, Instrumentation and Testing]
- Shell completion will now show plugin names when appropriate. Furthermore, shell completion will work for plugins that provide such support. (#105867, @marckhouzam) [SIG CLI]
- The ExpandedDNSConfig feature has graduated to beta and is enabled by default. Note that this feature requires container runtime support. (#112824, @gjkim42) [SIG Network and Testing]
- When the alpha LegacyServiceAccountTokenTrackingfeature gate is enabled, secret-based service account tokens will have akubernetes.io/legacy-token-last-usedapplied to them containing the date they were last used. (#108858, @zshihang) [SIG API Machinery, Auth and Testing]
Bug or Regression
- Bump golang.org/x/net to v0.1.1-0.20221027164007-c63010009c80 (#112693, @aimuz) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Security and Storage]
- Fix the occasional double-counting of the job_finished_total metric (#112948, @mimowo) [SIG Apps, Architecture, Instrumentation and Testing]
- Fixed a bug where a change in the appProtocolfor a Service did not trigger a load balancer update. (#112785, @MartinForReal) [SIG Cloud Provider and Network]
- Fixed a bug where the kubelet chooses the wrong container by its name when running kubectl exec. (#113041, @saschagrunert) [SIG Node]
- Fixed an issue where the APIServer would panic on startup if an egress selector without a controlplane configuration is specified when using APIServerTracing (#112979, @dashpole) [SIG API Machinery, Instrumentation and Testing]
- Fixed: #22422 Admission controllers can cause unnecessary significant load on apiserver (#112696, @aimuz) [SIG Scalability]
- Kube-apiserver: DELETECOLLECTION API requests are now recorded in metrics with the correct verb. (#113133, @sxllwx) [SIG API Machinery]
- Kube-apiserver: custom resources can now be specified in the --encryption-provider-config file and can be encrypted in etcd (#113015, @ritazh) [SIG API Machinery, Auth and Testing]
- Kube-proxy, will restart in case it detects that the Node assigned pod.Spec.PodCIDRs have changed (#111344, @aojea) [SIG Network]
- Kubectl now escapes terminal special characters in output. This fixes CVE-2021-25743. (#112553, @dgl) [SIG CLI and Security]
- Kubectl: fixed a bug where kubectl convertdid not pick the right API version (#112700, @SataQiu) [SIG CLI]
- Kubelet: Fixes a startup crash in devicemanager (#113021, @rphillips) [SIG Node]
- Nested mountpoints are now group correctly on all cases. (#112571, @claudiubelu) [SIG Storage and Windows]
- The metrics(time duration) of a failed or unschedulable scheduling attempt will be longer for it will include the duration time of the unreserve operation now. (#113113, @kerthcet) [SIG Scheduling]
- Updates golang.org/x/text to v0.3.8 to fix CVE-2022-32149 (#112989, @ameukam) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
- Use SSA to add pod disruption conditions by scheduler and controller-manager (#113304, @mimowo) [SIG API Machinery, Apps and Scheduling]
Other (Cleanup or Flake)
- Kubeadm: remove the UnversionedKubeletConfigMap feature gate. The feature has been GA and locked to enabled since 1.25. (#113448, @pacoxu) [SIG Cluster Lifecycle]
- Removing Windows Server, Version 20H2 flavors from various container images (#112924, @marosset) [SIG Testing and Windows]
- Service session affinity timeout tests are no longer required for Kubernetes network plugin conformance due to variations in existing implementations. New conformance tests will be developed to better express conformance in future releases. (#112806, @dcbw) [SIG Architecture, Network and Testing]
- The e2e.test binary no longer emits JSON structs to document progress. (#113212, @pohly) [SIG Testing]
- The metric etcd_db_total_size_in_bytesis renamed toapiserver_storage_db_total_size_in_bytes. (#113310, @logicalhan) [SIG API Machinery]
Dependencies
Added
- cloud.google.com/go/datastore: v1.1.0
- cloud.google.com/go/firestore: v1.1.0
- cloud.google.com/go/pubsub: v1.3.1
- dmitri.shuralyov.com/gpu/mtl: 666a987
- github.com/BurntSushi/xgb: 27f1227
- github.com/OneOfOne/xxhash: v1.2.2
- github.com/alecthomas/template: fb15b89
- github.com/alecthomas/units: f65c72e
- github.com/armon/consul-api: eb2c6b5
- github.com/armon/go-metrics: f0300d1
- github.com/armon/go-radix: 7fddfc3
- github.com/bgentry/speakeasy: v0.1.0
- github.com/bketelsen/crypt: 5cbc8cc
- github.com/cespare/xxhash: v1.1.0
- github.com/client9/misspell: v0.3.4
- github.com/coreos/bbolt: v1.3.2
- github.com/coreos/etcd: v3.3.13+incompatible
- github.com/coreos/go-systemd: 95778df
- github.com/coreos/pkg: 399ea9e
- github.com/dgrijalva/jwt-go: v3.2.0+incompatible
- github.com/dgryski/go-sip13: e10d5fe
- github.com/fatih/color: v1.7.0
- github.com/go-gl/glfw/v3.3/glfw: 6f7a984
- github.com/go-gl/glfw: e6da0ac
- github.com/google/martian: v2.1.0+incompatible
- github.com/gopherjs/gopherjs: 0766667
- github.com/hashicorp/consul/api: v1.1.0
- github.com/hashicorp/consul/sdk: v0.1.1
- github.com/hashicorp/errwrap: v1.0.0
- github.com/hashicorp/go-cleanhttp: v0.5.1
- github.com/hashicorp/go-immutable-radix: v1.0.0
- github.com/hashicorp/go-msgpack: v0.5.3
- github.com/hashicorp/go-multierror: v1.0.0
- github.com/hashicorp/go-rootcerts: v1.0.0
- github.com/hashicorp/go-sockaddr: v1.0.0
- github.com/hashicorp/go-syslog: v1.0.0
- github.com/hashicorp/go-uuid: v1.0.1
- github.com/hashicorp/go.net: v0.0.1
- github.com/hashicorp/golang-lru: v0.5.1
- github.com/hashicorp/hcl: v1.0.0
- github.com/hashicorp/logutils: v1.0.0
- github.com/hashicorp/mdns: v1.0.0
- github.com/hashicorp/memberlist: v0.1.3
- github.com/hashicorp/serf: v0.8.2
- github.com/jstemmer/go-junit-report: v0.9.1
- github.com/jtolds/gls: v4.20.0+incompatible
- github.com/kr/logfmt: b84e30a
- github.com/kr/pty: v1.1.1
- github.com/magiconair/properties: v1.8.1
- github.com/mattn/go-colorable: v0.0.9
- github.com/mattn/go-isatty: v0.0.3
- github.com/miekg/dns: v1.0.14
- github.com/mitchellh/cli: v1.0.0
- github.com/mitchellh/go-homedir: v1.1.0
- github.com/mitchellh/go-testing-interface: v1.0.0
- github.com/mitchellh/gox: v0.4.0
- github.com/mitchellh/iochan: v1.0.0
- github.com/oklog/ulid: v1.3.1
- github.com/pascaldekloe/goe: 57f6aae
- github.com/pelletier/go-toml: v1.2.0
- github.com/posener/complete: v1.1.1
- github.com/prometheus/tsdb: v0.7.1
- github.com/ryanuber/columnize: 9b3edd6
- github.com/sean-/seed: e2103e2
- github.com/shurcooL/sanitized_anchor_name: v1.0.0
- github.com/smartystreets/assertions: b2de0cb
- github.com/smartystreets/goconvey: v1.6.4
- github.com/spaolacci/murmur3: f09979e
- github.com/spf13/afero: v1.2.2
- github.com/spf13/cast: v1.3.0
- github.com/spf13/jwalterweatherman: v1.0.0
- github.com/spf13/viper: v1.7.0
- github.com/subosito/gotenv: v1.2.0
- github.com/ugorji/go: v1.1.4
- github.com/xordataexchange/crypt: b2862e3
- golang.org/x/exp: 6cc2880
- golang.org/x/image: cff245a
- golang.org/x/mobile: d2bd2a2
- gopkg.in/ini.v1: v1.51.0
- gopkg.in/resty.v1: v1.12.0
- rsc.io/binaryregexp: v0.2.0
- rsc.io/quote/v3: v3.1.0
- rsc.io/sampler: v1.3.0
Changed
- github.com/aws/aws-sdk-go: v1.38.49 → v1.44.116
- github.com/dnaeon/go-vcr: v1.0.1 → v1.2.0
- github.com/fsnotify/fsnotify: v1.5.4 → v1.6.0
- github.com/google/pprof: 94a9f03 → 4bb14d4
- github.com/inconshreveable/mousetrap: v1.0.0 → v1.0.1
- github.com/konsorten/go-windows-terminal-sequences: v1.0.2 → v1.0.3
- github.com/onsi/ginkgo/v2: v2.2.0 → v2.4.0
- github.com/onsi/gomega: v1.20.1 → v1.23.0
- github.com/spf13/cobra: v1.5.0 → v1.6.0
- golang.org/x/crypto: 7b82a4e → v0.1.0
- golang.org/x/lint: 1621716 → 6edffad
- golang.org/x/mod: 86c51ed → v0.6.0
- golang.org/x/net: a158d28 → c630100
- golang.org/x/sys: 8c9f86f → v0.1.0
- golang.org/x/term: 03fcf44 → v0.1.0
- golang.org/x/text: v0.3.7 → v0.4.0
- golang.org/x/tools: v0.1.12 → v0.2.0
- k8s.io/kube-openapi: 67bda5d → 172d655
Removed
- github.com/getkin/kin-openapi: v0.76.0
v1.26.0-alpha.2
Downloads for v1.26.0-alpha.2
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | ed5a0f1b0d45e3b6ea0f3d05f5aa4e924e8205a45b0238080e02a6ad60004f106f3f5442a302a44ae5b848ba7426e63e22a42806ddc1977214d964874165b6ca | 
| kubernetes-src.tar.gz | 7db2dcb528ead7a879aa12a525e488d1175ab55f5a710833bf80e3380a8db53fa5d35020b02d39a653465b7686fd4f6520a41218c7c55358d3de6ef54fa0b61a | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | c024438cb9ab879e6489413a969e891e2ba3216940e4ff6c8d5a79a6956312d9e6143a4b469b0decfd94358b60844c845f15426574673ea54460dc8f5ee7053f | 
| kubernetes-client-darwin-arm64.tar.gz | ba9c72d75ae09c0fac0c29ff9034e3a94882f3bbcb1de1f8bcf7c65453048a4588980694b4d33af4ccd0458dfb9549fd8fd07a594dcc995743a8d154066ec09e | 
| kubernetes-client-linux-386.tar.gz | 550a6348ee1d2ca9f2395855e740e4ef7efbba5b223088dae718fd6f9d5ae1cb6194a1e9cf123fee78414074eddda9ce534151a7e7ed4eaffa2d3f74830da623 | 
| kubernetes-client-linux-amd64.tar.gz | 9ace57236b3581ebbb517cc1d730ffa0120fc5049c430dbf5b566786414e3a846a0db7edc9c6b7956fcc39267c3ef0dae3868f13fefafe971cd8fd6a8af946fa | 
| kubernetes-client-linux-arm.tar.gz | 6473fed98b9e55b50b600ea522d0a8b701ae483c1ae237014ccf2afbd7a6d85c3b2271d541eb1a3e897264ad455eedb6794c7cf48c07e62fa1778609794c293f | 
| kubernetes-client-linux-arm64.tar.gz | 0ea3085811cd374473afb2cf7448ea018bbb3140c7f97e0d9b26f6fcf31c38734d0a08988b2d20427f476b69406f9835c0afa5196c95328941b56e51166405a9 | 
| kubernetes-client-linux-ppc64le.tar.gz | 6ca4a7bca557732e1f5b9cba044457e76c8d660b5ef6f29bb029f072edcd8f359600c4334ecbb2aa6a84c6c206188f51d1c3736a6ae36f1c860627ce0414bc5e | 
| kubernetes-client-linux-s390x.tar.gz | 39004468389c84931ca2a9c76e69949eb1d1f0a752293bb430568f5779852e1e889ecd920629b8358a651f787a770f6dff4839d4c4e02ae3b561e4ae8a68d7fa | 
| kubernetes-client-windows-386.tar.gz | ee407cd43b50ab75bf0b5fe2b270b357f5797a9e0af31b198262e72c0dd5ca978ccfe0848ea05841ef006334e645b32a52992d30219ccf8df4c8123083a10ddc | 
| kubernetes-client-windows-amd64.tar.gz | af44e5848f5290db7138cfeafdf42c72a34b9eca3bdbff7058c02f88fd0a242cd5ecf19c392b6ea4145bc2df8c194967d22164a739c8d17160b6d6d7a6a5f738 | 
| kubernetes-client-windows-arm64.tar.gz | 2a2b664e7f98f02a81f6845e05e2ed1159381f3fb68fffd8edcbd2c36e942962260da980887b44e1cf150b25abb5e69b9519be7c9cb9e5b3a5e7ef8af7523654 | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 7700f4f8c2bd7944698c455b4bb3e40d7e877d194fb20baea4956fb76a97b21dc10731c7280c4b5ec8824fde4dad19e6845f8abb1c5f651d736bdb045bac0a90 | 
| kubernetes-server-linux-arm.tar.gz | ae796dde4c3316a6b8c429107fd782a6a3c038d7d99770c8060f2aa350f44f9805d1d2e567885106840f8ac684258b3247271ca6e807cd72a65299b1c697677a | 
| kubernetes-server-linux-arm64.tar.gz | 5e32de6a1a768b8e9b56bdf6af8462bb0a70c5a8dd3c1dc4c1f8e19023b59dc33375b3166db66690468631202e781f2b9b995a76e98f6a14fb481e330c9fb5f2 | 
| kubernetes-server-linux-ppc64le.tar.gz | feb17b943812dc4f3aca7d7c0853d9e86509a5896952146abc210f07b832b8de0eaebb833e62f5ca9cc2673e77c28f76af7dd9d822b1504ec4753347aa912c91 | 
| kubernetes-server-linux-s390x.tar.gz | ce497964a7aad6b9bc0a95f1214c706e83c01c5d828818cef685c0df4eb3187018bcbb47b57a62cbc7da7c4d8c32f9c423eb7d07dd68e5f55afa09345ebaf9ce | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 545617a9b0c3e410a4c98547e1c9a208f41c0217b542fcc12103a0e077d56888d20e36d1b4a86ecd1bea8765b1f71ed08b1210e6fca688101b087a6bc42a8203 | 
| kubernetes-node-linux-arm.tar.gz | 13fc8a993cc6ad5c5d260f559dbe613b8aa853f216caf56357610b77500c8a4946586e0c283021dc46e3b7f1272779a913d9ef050a7c7f8273c04abcae009c5c | 
| kubernetes-node-linux-arm64.tar.gz | 66a7911433f57cdf1d28115f0067dad2ed7987d4ea611110b52d1af055df5f589542601481586de8c7f5f807e9ffe5326048cd9f21c131cea7a7960e34203d32 | 
| kubernetes-node-linux-ppc64le.tar.gz | 06967565fed29fcc299c88392666256edb6f4e5783bda8d7f798a501d53a56001bc3ec05d79b09d2e0dae2281374a853cf883bccbb37c34a7a48ec650c3626bb | 
| kubernetes-node-linux-s390x.tar.gz | cf69a140ac23ad5af38b49b3125edc2f8102420ac2183a8a4bd3be855cbafdae48e25c1103d24fe8e0d7e01eb9b6d98b47383440ec7f5dde7b9e38580c1af1df | 
| kubernetes-node-windows-amd64.tar.gz | 3454248b6393437372a44b2ce2dbe71eaae61d2b2ecec056bce49fec4670a9ce45255a4139afef32e73a84f7c9383e77b6d68883474bf169ed914d7282803547 | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.26.0-alpha.1
Changes by Kind
Deprecation
- Kube-apiserver: the unused '--master-service-namespace' flag is deprecated and will be removed in v1.27. (#112797, @SataQiu) [SIG API Machinery]
API Change
- Add kubernetes_feature_enabledmetric series to track whether each active feature gate is enabled. (#112690, @logicalhan) [SIG API Machinery, Architecture, Cluster Lifecycle, Instrumentation, Network, Node and Scheduling]
- Introduce v1beta3 for Priority and Fairness with the following changes to the API spec:
- Legacy klog flags are no longer available. Only -vand-vmoduleare still supported. (#112120, @pohly) [SIG Architecture, CLI, Instrumentation, Node and Testing]
- The feature gates ServiceLoadBalancerClass and ServiceLBNodePortControl have been removed. These feature gates were enabled (and locked) since v1.24. (#112577, @andrewsykim) [SIG Apps]
Feature
- A new --disable-compression flag has been added to kubectl (default = false). When true, it opts out of response compression for all requests to the apiserver. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112580, @shyamjvs) [SIG CLI and Testing]
- A new pod_status_sync_duration_secondshistogram is reported at alpha metrics stability that estimates how long the Kubelet takes to write a pod status change once it is detected. (#107896, @smarterclayton) [SIG Apps, Architecture, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing]
- Added a new feature gate CELValidatingAdmissionto enable expression validation for Admission Control. (#112792, @cici37) [SIG API Machinery]
- Added validation for the --container-runtime-endpoint flag of kubelet to be non-empty. (#112542, @astraw99) [SIG Node]
- Expose health check SLI metrics on "metrics/slis" for apiserver (#112741, @logicalhan) [SIG API Machinery, Architecture, Auth and Instrumentation]
- Kubeadm: sub-phases are now able to support the dry-run mode, e.g. kubeadm reset phase cleanup-node --dry-run (#112945, @chendave) [SIG Cluster Lifecycle]
- Kubeadm: support image repository format validation (#112732, @SataQiu) [SIG Cluster Lifecycle]
- Kubernetes is now built with Go 1.19.2 (#112900, @xmudrii) [SIG Release and Testing]
- Switch kubectl to use github.com/russross/blackfriday/v2(#112731, @pacoxu) [SIG CLI]
- registered_metric_totalnow reports the number of metrics broken down by stability level and deprecated version (#112907, @logicalhan) [SIG Architecture and Instrumentation]
Bug or Regression
- Consider only plugin directory and not entire kubelet root when cleaning up mounts (#112607, @mattcary) [SIG Storage]
- Fix that pods running on nodes tainted with NoExecute continue to run when the PodDisruptionConditions feature gate is enabled (#112518, @mimowo) [SIG Apps and Auth]
- Fixes an issue in winkernel proxier that causes proxy rules to leak anytime service backends are modified. (#112837, @daschott) [SIG Network and Windows]
- Kube-apiserver: redirects from backend API servers are no longer followed when checking availability with requests to /apis/$group/$version(#112772, @liggitt) [SIG API Machinery and Testing]
- Kubeadm: fix a bug when performing validation on ClusterConfiguration networking fields (#112751, @SataQiu) [SIG Cluster Lifecycle]
- Kubelet now cleans up the Node's cloud node IP annotation correctly if you
stop using --node-ip. (In particular, this fixes the problem where people who were unnecessarily using--node-ipwith an external cloud provider in 1.23, and then running into problems with 1.24, could not fix the problem by just removing the unnecessary--node-ipfrom the kubelet arguments, because that wouldn't remove the annotation that caused the problems.) (#112184, @danwinship) [SIG Network and Node]
- Kubelet: Fix log spam from kubelet_getters.go "Path does not exist" (#112650, @rphillips) [SIG Node]
- Kubelet: when there are multi option lines in /etc/resolv.conf, merge all options into one line in a pod with the DefaultDNS policy. (#112414, @pacoxu) [SIG Network and Node]
- The pod admission error message was improved for usability. (#112644, @vitorfhc) [SIG Node]
Other (Cleanup or Flake)
- Adds a kubernetes_feature_enabled metric which will tell you if a feature is enabled. (#112652, @logicalhan) [SIG Architecture and Instrumentation]
- Introduce ComponentSLIsalpha feature-gate for component SLIs metrics endpoint. (#112884, @logicalhan) [SIG API Machinery]
- Lock ServerSideApply feature gate to true with the feature already being GA. (#112748, @wojtek-t) [SIG API Machinery, Apps, Instrumentation and Testing]
- PodOverhead feature gate was removed as the feature is in GA since 1.24 (#112579, @SergeyKanzhelev) [SIG Node and Scheduling]
- Reworded log message upon image garbage collection failure to be more clear. (#112631, @tzneal) [SIG Node]
- The IndexedJob and SuspendJob feature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26 (#112589, @SataQiu) [SIG Apps]
- The test/e2e/framework was refactored so that the core framework is smaller. Optional functionality like resource monitoring, log size monitoring, metrics gathering and debug information dumping must be imported by specific e2e test suites. Init packages are provided which can be imported to re-enable the functionality that traditionally was in the core framework. If you have code that no longer compiles because of this PR, you can use the script from a commit message to update that code. (#112043, @pohly) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage, Testing and Windows]
- Updated cri-tools to [v1.25.0(https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.25.0) (#112058, @saschagrunert) [SIG Cloud Provider and Release]
Dependencies
Added
Nothing has changed.
Changed
- github.com/fsnotify/fsnotify: v1.4.9 → v1.5.4
- github.com/go-openapi/jsonreference: v0.19.5 → v0.20.0
- github.com/matttproud/golang_protobuf_extensions: v1.0.1 → v1.0.2
- go.uber.org/goleak: v1.1.12 → v1.2.0
- k8s.io/utils: ee6ede2 → 665eaae
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.32 → v0.0.33
- sigs.k8s.io/yaml: v1.2.0 → v1.3.0
Removed
- dmitri.shuralyov.com/gpu/mtl: 28db891
- github.com/BurntSushi/xgb: 27f1227
- github.com/ajstarks/svgo: 644b8db
- github.com/fogleman/gg: 0403632
- github.com/go-gl/glfw/v3.3/glfw: 6f7a984
- github.com/golang/freetype: e2365df
- github.com/jung-kurt/gofpdf: 24315ac
- github.com/kr/fs: v0.1.0
- github.com/mvdan/xurls: v1.1.0
- github.com/pkg/sftp: v1.10.1
- github.com/remyoudompheng/bigfft: 52369c6
- github.com/russross/blackfriday: v1.5.2
- github.com/spf13/afero: v1.6.0
- golang.org/x/exp: 85be41e
- golang.org/x/image: cff245a
- golang.org/x/mobile: e6ae53a
- gonum.org/v1/gonum: v0.6.2
- gonum.org/v1/netlib: 7672324
- gonum.org/v1/plot: e2840ee
- modernc.org/cc: v1.0.0
- modernc.org/golex: v1.0.0
- modernc.org/mathutil: v1.0.0
- modernc.org/strutil: v1.0.0
- modernc.org/xc: v1.0.0
- rsc.io/pdf: v0.1.1
v1.26.0-alpha.1
Downloads for v1.26.0-alpha.1
Source Code
| filename | sha512 hash | 
|---|---|
| kubernetes.tar.gz | dfcda26750af76145c47aebe4d5e9f49569273da3545338814c99ce0657bea48e552c4ded5539ef484cd54f40800ef2c096c5bb556e4ae57f6027661a36c366b | 
| kubernetes-src.tar.gz | c87d326a23cb5bf1e276259d89d66eaadbc5402dfe74c47c83490ea987d3fa74dafa96ef7730bfe0300662587076a75af9eb308c18ee1ae860b786256bcfe546 | 
Client Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | 2573e0f0cb8dcb9332056353b077305d33ed172fbd2872ba7c086da7187f19c3192ab1ca11c08747e27598f325d4ec55447b4329f1b2bd1dafd968f803714e99 | 
| kubernetes-client-darwin-arm64.tar.gz | 1e47e1944ea5abc71f66588e87ea37a46026e8ba3f0ccf429c3db03e97524642dc32064854bffc46657e7144b4ed35ae83e59b35239c633851018b7613ec00a7 | 
| kubernetes-client-linux-386.tar.gz | 6006d4b9ac6044139b157ebe8d4744c88864630bf8970d0e4df452bc14d31ae4d27ab1048b044a1e90001efa8645e4a75f1c4870a2715a25395a27a5ab16e9e8 | 
| kubernetes-client-linux-amd64.tar.gz | bb756cc5dd5264d2fe4e58782ea8e6b37e14188dbdd18ca0bb359a4b484a194890dbd2450bff5e2f7605379b3f421c86d22d4d5920c2074e7353bbd4cb0e1221 | 
| kubernetes-client-linux-arm.tar.gz | 0d6c565474d0929a770d0ab08d85c89f80706f11325063d346fce4519bb9fbdf6fdda6a34691fc94a645e55833b50ef5f3f3f2d318abbcc3b12280d3e30386c8 | 
| kubernetes-client-linux-arm64.tar.gz | 0465e93a8d50370cae1840f2d098647e4d8648b0aa9e3a37ebd00749e86cf2d12e97600e4ba1f11f74f87f3dc088b929e7aca082ef27a181154e5e1aa204e4ec | 
| kubernetes-client-linux-ppc64le.tar.gz | f4885fedf19c43fcb609bf86c1c01a13843004fe87cb843b60623509c031ae44bffd1357c61b83609c3ecb6294a96047d8d9d2148a66626a1e3765d6a09a6400 | 
| kubernetes-client-linux-s390x.tar.gz | 3992a39912ec45ef06f287fab11101d5397933984ca80867f787704108865b6a312fc70e95721ddb352e87c47724fbfc8767e97985c74b65aa9e275cf26d23ec | 
| kubernetes-client-windows-386.tar.gz | 65fc586f14f0cc1765eae377f3a3eba4bfafcb574d5d255627aed65128a0b56d5ea5ec913d29e7431333ef51a7d917a9703ea0f974feb98e9f2543a3612440a8 | 
| kubernetes-client-windows-amd64.tar.gz | 239fc7c6a6ef6fe3c1b20cff5d9793d1ac21225a289320ec6615c1305336ef40676096d4a9ebe60947d8b162b4e9a9df44e12c52581003ee0a3a0733c98edac0 | 
| kubernetes-client-windows-arm64.tar.gz | c54b0a367e655842af4785a181dc366b3872fc8322495cfcb309518a854f87ed1064ed1c0a72fc663c31c8de7801fd041f0f05f7b788663c5e6941fc1313bcae | 
Server Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-server-linux-amd64.tar.gz | 736b911f58e4cf532726acba525a884827a627a95ed35be3ea9b444521183af6c4fb183afb3f82ceb715f0407fafb2e928f0e22fbc45ab62829721dd9f7c0811 | 
| kubernetes-server-linux-arm.tar.gz | a78bbd06e8581e4132abf7ddbb62f0d95bff61bf9c706c651f8d4d085372c9c787919a4f7d75a49a256f8f58f78e396cf7effa64f84405be03feb63c1e2d1474 | 
| kubernetes-server-linux-arm64.tar.gz | 5994ab21f9c7b85566de977a0cf4067c020aeadb3007edad4072edd7692b0fb903a57de732e694d9f5777358c12ee650aca7b58985b11243e0d1b2c565b7d03d | 
| kubernetes-server-linux-ppc64le.tar.gz | bd605e9b0e511805c7dbff4dbac8b111bc738343eacaeba1b234b4518da0f7bf33e64f26c231cdfb89532e57211b7dec10eb4d86969997dfc6a6cdbce0a6ccc9 | 
| kubernetes-server-linux-s390x.tar.gz | 39a8008ff250656bb6eeb3645ad3260e560c1565ef71e93e2908a73c88462906f776ed55623f8595f9e2a6a452ed75babd872df9e6506a8ed93828dbe4a5dc57 | 
Node Binaries
| filename | sha512 hash | 
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 26965fb576f6adf0c894e30619b89c1d72048809e61cbfd45bf1da1a159f21d4920a894acdcf8c9cfc2d22e21a623f81c9a099150e9769419c3f91f1dd058de6 | 
| kubernetes-node-linux-arm.tar.gz | cfa1033c9caec034018503887e59013110725cde423b43a6f774900316888442d060cf9d9bb7d84286eea4f53b1bea409390540438bc363207dc962b083008b0 | 
| kubernetes-node-linux-arm64.tar.gz | ac4f903a2aba9f98ca7ca221456f6e846a6cc5b71a8b58fa5e948a7c39057a35d2bf26b0e901abb9ae66e0916bb5ae71f0cea99aae33f254a9584a907047b8b2 | 
| kubernetes-node-linux-ppc64le.tar.gz | 8bc8aa34cec00241a3dbda0721af30f77401bc999020104d291c20b484e7ec4735395fc4c7859b58745046783a75f07590ae2b61ecd6a0eec734f44d682f2cb2 | 
| kubernetes-node-linux-s390x.tar.gz | 91373c07bf2a1b381f4c410c38b3f70d6914bacbe38090799878a45c3caf7d6acf0777225562ffc059d09f9f8fbe8fff5c3598f9c9403b0102bbf68911d84eea | 
| kubernetes-node-windows-amd64.tar.gz | 91ca1e2cfe2d3e998af00bc443c12eaaf9a4061579c271de8dc409f1a61a746bb894743406ecb8c549900893ec30409eac0fd181eaa9bc2f283d00d108c7d606 | 
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.25.0
Urgent Upgrade Notes
(No, really, you MUST read this before you upgrade)
- Deprecated beta APIs scheduled for removal in 1.26 are no longer served. See https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-26 for more information. (#111973, @liggitt) [SIG API Machinery]
- The in-tree cloud provider for OpenStack (and the cinder volume provider) has now been removed. Please use the external cloud provider and csi driver from https://github.com/kubernetes/cloud-provider-openstack instead. (#67782, @dims) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release, Scheduling, Storage and Testing]
Changes by Kind
Deprecation
- The gcpandazureauth plugins have been removed from client-go and kubectl. See https://github.com/Azure/kubelogin and https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke for details about the cloud-specific replacements. (#112341, @enj) [SIG API Machinery and Auth]
API Change
- Add auth API to get self subject attributes (new selfsubjectreviews API is added).
The corresponding command for kubctl is provided - kubectl auth whoami. (#111333, @nabokihms) [SIG API Machinery, Auth, CLI and Testing]
- Clarified the CFS quota as 100ms in the code comments and set the minimum cpuCFSQuotaPeriod to 1ms to match Linux kernel expectations. (#112123, @paskal) [SIG API Machinery and Node]
- Component-base: make the validation logic about LeaderElectionConfiguration consistent between component-base and client-go (#111758, @SataQiu) [SIG API Machinery and Scheduling]
- Fixes spurious field is immutableerrors validating updates to Event API objects via theevents.k8s.io/v1API (#112183, @liggitt) [SIG Apps]
- Protobuf serialization of metav1.MicroTime timestamps (used in LeaseandEventAPI objects) has been corrected to truncate to microsecond precision, to match the documented behavior and JSON/YAML serialization. Any existing persisted data is truncated to microsecond when read from etcd. (#111936, @haoruan) [SIG API Machinery]
- Revert regression that prevented client-go latency metrics to be reported with a template URL to avoid label cardinality. (#111752, @aanm) [SIG API Machinery]
- [kubelet] Change default cpuCFSQuotaPeriodvalue with enabledcpuCFSQuotaPeriodflag from 100ms to 100µs to match the Linux CFS and k8s defaults.cpuCFSQuotaPeriodof 100ms now requirescustomCPUCFSQuotaPeriodflag to be set to work. (#111520, @paskal) [SIG API Machinery and Node]
Feature
- A new "DisableCompression" field (default = false) has been added to kubeconfig under cluster info. When set to true, clients using the kubeconfig opt out of response compression for all requests to the apiserver. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112309, @shyamjvs) [SIG API Machinery and Auth]
- API Server tracing root span name for opentelemetry is changed from "KubernetesAPI" to "HTTP GET" (#112545, @dims) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Storage and Testing]
- Add new Golang runtime-related metrics to Kubernetes components:
- go_gc_cycles_automatic_gc_cycles_total
- go_gc_cycles_forced_gc_cycles_total
- go_gc_cycles_total_gc_cycles_total
- go_gc_heap_allocs_by_size_bytes
- go_gc_heap_allocs_bytes_total
- go_gc_heap_allocs_objects_total
- go_gc_heap_frees_by_size_bytes
- go_gc_heap_frees_bytes_total
- go_gc_heap_frees_objects_total
- go_gc_heap_goal_bytes
- go_gc_heap_objects_objects
- go_gc_heap_tiny_allocs_objects_total
- go_gc_pauses_seconds
- go_memory_classes_heap_free_bytes
- go_memory_classes_heap_objects_bytes
- go_memory_classes_heap_released_bytes
- go_memory_classes_heap_stacks_bytes
- go_memory_classes_heap_unused_bytes
- go_memory_classes_metadata_mcache_free_bytes
- go_memory_classes_metadata_mcache_inuse_bytes
- go_memory_classes_metadata_mspan_free_bytes
- go_memory_classes_metadata_mspan_inuse_bytes
- go_memory_classes_metadata_other_bytes
- go_memory_classes_os_stacks_bytes
- go_memory_classes_other_bytes
- go_memory_classes_profiling_buckets_bytes
- go_memory_classes_total_bytes
- go_sched_goroutines_goroutines
- go_sched_latencies_seconds (#111910, @tosi3k) [SIG API Machinery, Architecture, Auth, Cloud Provider and Instrumentation]
 
- CSRDuration feature gate that graduated to GA in 1.24 and was unconditionally enabled has been removed in v1.26 (#112386, @Shubham82) [SIG Auth]
- Client-go: SharedInformerFactory supports waiting for goroutines during shutdown (#112200, @pohly) [SIG API Machinery]
- Kube-apiserver: gzip compression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. (#112299, @shyamjvs) [SIG API Machinery]
- Kubeadm: "show-join-command" has been added as a new separate phase at the end of "kubeadm init". You can skip printing the join information by using "kubeadm init --skip-phases=show-join-command". Executing only this phase on demand will throw an error because the phase needs dependencies such as bootstrap tokens to be pre-populated. (#111512, @SataQiu) [SIG Cluster Lifecycle]
- Kubeadm: add the flag "--cleanup-tmp-dir" for "kubeadm reset". It will cleanup the contents of "/etc/kubernetes/tmp". The flag is off by default. (#112172, @chendave) [SIG Cluster Lifecycle]
- Kubeadm: try to load CA cert from external CertificateAuthority file when CertificateAuthorityData is empty for existing kubeconfig (#111783, @SataQiu) [SIG Cluster Lifecycle]
- Kubernetes is now built with Go 1.19.1 (#112287, @palnabarun) [SIG Release and Testing]
- Scheduler now retries updating a pod's status on ServiceUnavailable and InternalError errors, in addition to net ConnectionRefused error. (#111809, @Huang-Wei) [SIG Scheduling]
- The goroutinesmetric is newly added in the scheduler. It replacesscheduler_goroutinesmetric and it counts the number of goroutine in more places thanscheduler_goroutinedoes. (#112003, @sanposhiho) [SIG Instrumentation and Scheduling]
Documentation
Bug or Regression
- Adds back in unused flags on kubectl run command, which did not go through the required deprecation period before being removed. (#112243, @brianpursley) [SIG CLI]
- Allow Label section in vsphere e2e cloudprovider configuration (#112427, @gnufied) [SIG Storage and Testing]
- Apiserver /healthz/etcd endpoint rate limits the number of forwarded health check requests to the etcd backends, answering with the last known state if the rate limit is exceeded. The rate limit is based on 1/2 of the timeout configured, with no burst allowed. (#112046, @aojea) [SIG API Machinery]
- Avoid propagating hosts' search .into containers'/etc/resolv.conf(#112157, @dghubble) [SIG Network and Node]
- Callers using DelegatingAuthenticationOptions can use DisableAnonymous to disable Anonymous authentication. (#112181, @xueqzhan) [SIG API Machinery and Auth]
- Change error message when resource is not supported by given patch type in kubectl patch (#112556, @ardaguclu) [SIG CLI]
- Correct the calculating error in podTopologySpread plugin to avoid unexpected scheduling results. (#112507, @kerthcet) [SIG Scheduling]
- Etcd: Update to v3.5.5 (#112489, @dims) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing]
- Fix an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectl while exec auth was in use. (#112017, @enj) [SIG API Machinery and Auth]
- Fix list cost estimation in Priority and Fairness for list requests with metadata.name specified. (#112557, @marseel) [SIG API Machinery]
- Fix race condition in GCE between containerized mounter setup in the kubelet and node startup. (#112195, @mattcary) [SIG Cloud Provider and Storage]
- Fix relative cpu priority for pods where containers explicitly request zero cpu by giving the lowest priority instead of falling back to the cpu limit to avoid possible cpu starvation of other pods (#108832, @waynepeking348) [SIG Node]
- Fixed bug in kubectl rollout history where only the latest revision was displayed when a specific revision was requested and an output format was specified (#111093, @brianpursley) [SIG CLI and Testing]
- Fixed bug where dry run message was not printed when running kubectl label with --dry-run flag. (#111571, @brianpursley) [SIG CLI]
- For raw block CSI volumes on Kubernetes, kubelet was incorrectly calling CSI NodeStageVolume for every single "map" (i.e. raw block "mount") operation for a volume already attached to the node. This PR ensures it is only called once per volume per node. (#112403, @akankshakumari393) [SIG Storage]
- Improves kubectl display of invalid request errors returned by the API server (#112150, @liggitt) [SIG CLI]
- Increase the maximum backoff delay of the endpointslice controller to match the expected sequence of delays when syncing Services. (#112353, @dgrisonnet) [SIG Apps and Network]
- Kube-apiserver: redirect responses are no longer returned from backends by default. Set --aggregator-reject-forwarding-redirect=falseto continue forwarding redirect responses. (#112193, @jindijamie) [SIG API Machinery and Testing]
- Kube-apiserver: resolved a regression that treated 304 Not Modifiedresponses from aggregated API servers as internal errors (#112526, @liggitt) [SIG API Machinery]
- Kube-apiserver: x-kubernetes-list-type validation is now enforced when updating status of custom resources (#111866, @pacoxu) [SIG API Machinery]
- Kube-proxy no longer falls back from ipvs mode to iptables mode if you ask it to do ipvs but the system is not correctly configured. Instead, it will just exit with an error. (#111806, @danwinship) [SIG Network]
- Kube-scheduler: add taints filtering logic consistent with TaintToleration plugin for PodTopologySpread plugin (#112357, @SataQiu) [SIG Scheduling and Testing]
- Kubeadm will cleanup the stale data on best effort basis. Stale data will be removed when each reset phase are executed, default etcd data directory will be cleanup when the remove-etcd-memberphase are executed. (#110972, @chendave) [SIG Cluster Lifecycle]
- Kubeadm: allow RSA and ECDSA format keys in preflight check (#112508, @SataQiu) [SIG Cluster Lifecycle]
- Kubeadm: when a subcommand is needed but not provided for a kubeadm command, print a help screen instead of showing a short message. (#111277, @chymy) [SIG Cluster Lifecycle]
- Log messages and metrics for the watch cache are now keyed by <resource>.<group>instead ofgostruct type. This means e.g. that*v1.Podbecomespods. Additionally, resources that come from CustomResourceDefinitions are now displayed as the correct resource and group, instead of*unstructured.Unstructured. (#111807, @ncdc) [SIG API Machinery and Instrumentation]
- Move LocalStorageCapacityIsolationFSQuotaMonitoring back to Alpha. (#112076, @rphillips) [SIG Node and Testing]
- Pod failed in scheduling due to expected error will be updated with the reason of "SchedulerError" rather than "Unschedulable" (#111999, @kerthcet) [SIG Scheduling and Testing]
- Services of type LoadBalancer create fewer AWS security group rules in most cases (#112267, @sjenning) [SIG Cloud Provider]
- The errors in k8s.io/apimachinery/pkg/api/meta gained support for the stdlibs errors.Is matching, including when wrapped (#111808, @alvaroaleman) [SIG API Machinery]
- The metrics etcd_request_duration_seconds and etcd_bookmark_counts now differentiate by group resource instead of object type, allowing unique entries per CustomResourceDefinition, instead of grouping them all under *unstructured.Unstructured. (#112042, @ncdc) [SIG API Machinery]
- Update the system-validators library to v1.8.0 (#112026, @pacoxu) [SIG Cluster Lifecycle]
Other (Cleanup or Flake)
- E2e: tests can now register callbacks with ginkgo.BeforeEach/AfterEach/DeferCleanup directly after creating a framework instance and are guaranteed that their code is called after the framework is initialized and before it gets cleaned up. ginkgo.DeferCleanup replaces f.AddAfterEach and AddCleanupAction which got removed to simplify the framework. (#111998, @pohly) [SIG Storage and Testing]
- GlusterFS in-tree storage driver which was deprecated at kubernetes 1.25 release has been removed entirely in 1.26. (#112015, @humblec) [SIG API Machinery, Cloud Provider, Instrumentation, Node, Scalability, Storage and Testing]
- Kube scheduler Component Config release version v1beta3 is deprecated in v1.26 and will be removed in v1.29, also v1beta2 will be removed in v1.28. (#112257, @kerthcet) [SIG Scheduling]
- Kube-scheduler: the DefaultPodTopologySpread, NonPreemptingPriority, PodAffinityNamespaceSelector, PreferNominatedNode feature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26 (#112567, @SataQiu) [SIG Scheduling]
- Kubeadm: remove the toleration for the "node-role.kubernetes.io/master" taint from the CoreDNS deployment of kubeadm. With the 1.25 release of kubeadm the taint "node-role.kubernetes.io/master" is no longer applied to control plane nodes and the toleration for it can be removed with the release of 1.26. You can also perform the same toleration removal from your own addon manifests. (#112008, @pacoxu) [SIG Cluster Lifecycle]
- Kubeadm: remove the usage of the --container-runtime=remote flag for the kubelet during kubeadm init/join/upgrade. The flag value "remote" has been the only possible value since dockershim was removed from the kubelet. (#112000, @pacoxu) [SIG Cluster Lifecycle]
- NoneNone (#111533, @zhoumingcheng) [SIG CLI]
- Release-note (#111708, @yangjunmyfm192085) [SIG Apps, Instrumentation and Network]
- Scheduler dumper now exposes a summary to indicate the number of pending pods in each internal queue. (#111726, @Huang-Wei) [SIG Scheduling and Testing]
- The IndexedJob and SuspendJob feature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26 (#112589, @SataQiu) [SIG Apps]
Dependencies
Added
- github.com/cenkalti/backoff/v4: v4.1.3
- github.com/go-logr/stdr: v1.2.2
- github.com/grpc-ecosystem/grpc-gateway/v2: v2.7.0
- github.com/jpillora/backoff: v1.0.0
- go.opentelemetry.io/contrib/propagators/b3: v1.10.0
- go.opentelemetry.io/otel/exporters/otlp/internal/retry: v1.10.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.10.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.10.0
Changed
- github.com/antlr/antlr4/runtime/Go/antlr: f25a4f6 → v1.4.10
- github.com/cpuguy83/go-md2man/v2: v2.0.1 → v2.0.2
- github.com/emicklei/go-restful/v3: v3.8.0 → v3.9.0
- github.com/felixge/httpsnoop: v1.0.1 → v1.0.3
- github.com/go-kit/log: v0.1.0 → v0.2.0
- github.com/go-logfmt/logfmt: v0.5.0 → v0.5.1
- github.com/google/cel-go: v0.12.4 → v0.12.5
- github.com/google/go-cmp: v0.5.6 → v0.5.9
- github.com/onsi/ginkgo/v2: v2.1.4 → v2.2.0
- github.com/onsi/gomega: v1.19.0 → v1.20.1
- github.com/prometheus/client_golang: v1.12.1 → v1.13.0
- github.com/prometheus/common: v0.32.1 → v0.37.0
- github.com/prometheus/procfs: v0.7.3 → v0.8.0
- github.com/spf13/cobra: v1.4.0 → v1.5.0
- github.com/stretchr/objx: v0.2.0 → v0.4.0
- github.com/stretchr/testify: v1.7.0 → v1.8.0
- go.etcd.io/etcd/api/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/client/pkg/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/client/v2: v2.305.4 → v2.305.5
- go.etcd.io/etcd/client/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/pkg/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/raft/v3: v3.5.4 → v3.5.5
- go.etcd.io/etcd/server/v3: v3.5.4 → v3.5.5
- go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful: v0.20.0 → v0.35.0
- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.20.0 → v0.35.0
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.20.0 → v0.35.0
- go.opentelemetry.io/otel/metric: v0.20.0 → v0.31.0
- go.opentelemetry.io/otel/sdk: v0.20.0 → v1.10.0
- go.opentelemetry.io/otel/trace: v0.20.0 → v1.10.0
- go.opentelemetry.io/otel: v0.20.0 → v1.10.0
- go.opentelemetry.io/proto/otlp: v0.7.0 → v0.19.0
- go.uber.org/goleak: v1.1.10 → v1.1.12
- golang.org/x/crypto: 3147a52 → 7b82a4e
- golang.org/x/lint: 6edffad → 1621716
- golang.org/x/oauth2: d3ed0bb → ee48083
- google.golang.org/grpc: v1.47.0 → v1.49.0
- google.golang.org/protobuf: v1.28.0 → v1.28.1
- k8s.io/gengo: c02415c → c0856e2
- k8s.io/klog/v2: v2.70.1 → v2.80.1
- k8s.io/system-validators: v1.7.0 → v1.8.0
Removed
- github.com/auth0/go-jwt-middleware: v1.0.1
- github.com/boltdb/bolt: v1.3.1
- github.com/go-ozzo/ozzo-validation: v3.5.0+incompatible
- github.com/gophercloud/gophercloud: v0.1.0
- github.com/gopherjs/gopherjs: fce0ec3
- github.com/gorilla/mux: v1.8.0
- github.com/heketi/heketi: v10.3.0+incompatible
- github.com/heketi/tests: f3775cb
- github.com/jtolds/gls: v4.20.0+incompatible
- github.com/lpabon/godbc: v0.1.1
- github.com/smartystreets/assertions: v1.1.0
- github.com/smartystreets/goconvey: v1.6.4
- github.com/urfave/negroni: v1.0.0
- go.opentelemetry.io/contrib/propagators: v0.20.0
- go.opentelemetry.io/contrib: v0.20.0
- go.opentelemetry.io/otel/exporters/otlp: v0.20.0
- go.opentelemetry.io/otel/oteltest: v0.20.0
- go.opentelemetry.io/otel/sdk/export/metric: v0.20.0
- go.opentelemetry.io/otel/sdk/metric: v0.20.0