Skip to content

Latest commit

 

History

History
1695 lines (1459 loc) · 220 KB

CHANGELOG-1.12.md

File metadata and controls

1695 lines (1459 loc) · 220 KB

v1.12.2

Documentation

Downloads for v1.12.2

filename sha512 hash
kubernetes.tar.gz 289ecf691164c70e392cea6f9f5b642b081ae9bd19c83113fe1abce8e7dc96baeae807f21e1b86d894345c9db01c8b6c35792b23cff7409d459a62eef45e0d92
kubernetes-src.tar.gz 16d43d25e7a5f37e79b9cd91783e90af78566737c8ad22d2104f63af394377fc84d187c3c0090ba65805f50b3f992e170d0aea52c263c2ce374ef4db4843ccc8

Client Binaries

filename sha512 hash
kubernetes-client-darwin-386.tar.gz cd1781ed2dc1f365a034727b37ba978c2e4ba5c321a2fb768e971f9b9a87276a70e184a61fcd9d87e97d7199ab696c3c92eb0847891fd21ba5b64e0b5417b337
kubernetes-client-darwin-amd64.tar.gz 19422d4e4d47242f7d1ba67f647513d32f179e31a705c861188c1555faa8c521357f68fd81eabc4f14584bc4ab5eff22f8c71990a6c5af6fe701956cbff506a9
kubernetes-client-linux-386.tar.gz 674ebc0ffdb4b5935d4718e80b457605f939ae70509f192aa09dfae206aa01c45052d7c5fe086cd936d9f2b01572ed72419cd9bf3e4c0675fa740533de9114b9
kubernetes-client-linux-amd64.tar.gz 902f7de49be50bad61909790073aa46e9fab66b227fd06bebd6b0f7eecbd76b688e15fd45adf68e3ee88b0500169b8099ce1feceab27b98f0d635d5c6ffba2c7
kubernetes-client-linux-arm.tar.gz 27f0fe9a05af35bfdf9b870788c3474ab7c00dd5617f116f03848ff6f9e31b57e02991def1c16bbe1bc8f711aaad04815d3a4e6560aa2f96e157983711a91479
kubernetes-client-linux-arm64.tar.gz f72944d2f8a16c5890048c3d06e087d9b2031f7d6f0f79a9bacdaa3cc4280495706b2ac71fa8bac0cd14210a7ca2cbac1cb6827660c6910eaff394a0c4908572
kubernetes-client-linux-ppc64le.tar.gz 62f3a806f4a74283a492e8a642d5d3ca625148be3ab7778fcdadc8d25da39f9857e4d060c4c9f3dd30800ef906bd8868b4cf8a09c7a56a1d65c965e4b3e14a00
kubernetes-client-linux-s390x.tar.gz 63c1d6fc331297541b52edd4e59824bba50f8bef36fceaa16eb9792577af8ac09f939f8c6bea2f687b9bc703e6acadb227bad02b2a86aa5a2bf7c91c44403a94
kubernetes-client-windows-386.tar.gz 4406456d3db26bb5cba408ad4d425dd595752745be683387ec043f945f186213e8a7f17713c38f26de4189b5ee9ebd6f15374a44b722a080b739bd31f92fb16c
kubernetes-client-windows-amd64.tar.gz 632853db2e1e2dd9f96406a9a6106c40aa34d1abbceea0b3b641599bb79bb924b01df19d597d42d007a03be0b24bedb107d8092268993b3713a1e0fb54cb6857

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 37b6b05ff429c11895224d7bfff64dd7826b82456b4dbcc84a3adf5e86eec6a130e215de88c4204c45761009319aee3801b44e34344a874b7afeabebc74d7a2f
kubernetes-server-linux-arm.tar.gz cd67cd06d90aad2e66b57abf103021f954c029efb8678df701c53e335c480a7520f423a58f11117b02a8b30a7221967c30ebca991b25e33ba422c2e7a782f15d
kubernetes-server-linux-arm64.tar.gz b8a6a4d6f138e701a3acda8eaa3586ed2f5137463112f339b69bb0f46ff6c73c84df48b84e35efa4863d8f2d0722288ef9fe09eb2ec98d52568bd434661b9da9
kubernetes-server-linux-ppc64le.tar.gz a55fb0b4e618c8e585bae7e526732b33021520947e182c846f85620c513d6610ee2e367b86d74b110903b9e29b4fd8491acef32db80a43dfdb296fc90b0b64a9
kubernetes-server-linux-s390x.tar.gz e63df3aa71a5e60189f7931dfc50764162c6d8d49c3df4dc92c4e10e576cf3656ac629ed18e7da729a6a0c3fa2f845716bef62a52b95ef4089e581596de2f390

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 63a41ae964dd934e378c834998e7f20a4c14b819d68f39607344b6baacaf41f4bb7848be96ac0501e26114006560d89348d4be35aa34cc6650220cbd699bda8b
kubernetes-node-linux-arm.tar.gz 9379574f4458e91ab025a0c0aab5f4abedd991afad23d447b294c2d3293ca2f7f68b6e94eb9417a6fad06dee223877e858dfaaa2582d8b5c092bbb7bce860e14
kubernetes-node-linux-arm64.tar.gz 027b4f5149a3125ac713e7d974cbb8cba079a7b425b9b096877a74ea30697c8525060729de5556214e1caf34bf6b8a9820688e76fa18250165c2061a64446f47
kubernetes-node-linux-ppc64le.tar.gz a486432f3e8a83d10c8e14811e24ba7d5d4e57e17fee7aed11429271aaf8b31ae38403480c2e8fbc2a7c0e2cd855607ce3b398a8b5de25b45c905dbd209669a6
kubernetes-node-linux-s390x.tar.gz 33e4bf55260aec16b4576c09144caa149811bb37868fff34b0138815fa2c159b2d5885c33c47fc4f71ad4edf6f90db6aa851380b05e1e4064f35b2f8e33c8b14
kubernetes-node-windows-amd64.tar.gz e6abdf845e80942ea4757219900a7b0d16fd2d6313f22145d71e51fe22c161ac0b2f0f744d51f99682b2b153cdc8434d61b53c6d37c2585ea46aba6ee26be108

Changelog since v1.12.1

Other notable changes

  • IPVS proxier mode now support connection based graceful termination. (#66012, @Lion-Wei)
  • add more logging for azure disk diagnostics (#70012, @andyzhangx)
  • Scheduling conformance tests related to daemonsets should set the annotation that relaxes node selection restrictions, if any are set. This ensures conformance tests can run on a wider array of clusters. (#68793, @aveshagarwal)
  • Disabled ScheduleDaemonSetPods if kubelet version less than 1.11; and ScheduleDaemonSetPods is not supported on a 1.13 control plane / 1.10 kubelet split. (#69566, @k82cn)
  • kubeadm: fix an issue where 'config view' did not return a config in case of a 1.12 cluster (#69969, @neolit123)
  • Updates defaultbackend to 1.5 (#69380, @bowei)
  • Restrict redirect following from the apiserver to same-host redirects, and ignore redirects in some cases. (#66516, @tallclair)
  • Enable insertId generation, and update Stackdriver Logging Agent image to 0.5-1.5.36-1-k8s. This help reduce log duplication and guarantee log order. (#68920, @qingling128)
  • Fix cluster autoscaler addon permissions so it can access batch/job. (#69858, @losipiuk)
  • Add tolerations for Stackdriver Logging and Metadata Agents. (#69737, @qingling128)
  • change default azure file mount permission to 0777 (#69854, @andyzhangx)
  • Fix a bug in the scheduler that could cause the scheduler to go to an infinite loop when all nodes in a zone are removed. (#69758, @bsalamat)
  • fix GetVolumeLimits log flushing issue (#69558, @andyzhangx)
  • kube-apiserver: fixes procMount field incorrectly being marked as required in openapi schema (#69744, @jessfraz)
  • [GCE] Enable by default audit logging truncating backend. (#68288, @loburm)
  • kubeadm: fix a possible scenario where kubeadm can pull much newer control-plane images (#69301, @neolit123)
  • The runtimeHandler field on the RuntimeClass resource now accepts the empty string. (#69550, @tallclair)
  • OpenAPI spec and API reference now reflect dryRun query parameter for POST/PUT/PATCH operations (#69359, @roycaihw)

v1.12.1

Documentation

Downloads for v1.12.1

filename sha512 hash
kubernetes.tar.gz 5a0cb3c8f99621fb061310585e6cbeb3451788c0d55d444d0af9899302f0ae2bcd9757a052c7c3b3a13c07316ab3ebd4674ff4fe6e28b21708b862987bc8bdae
kubernetes-src.tar.gz 7db4c2b3534bf22506f4a407bb462caad749a60c8098c342300a40ae8a66b23e666b6cb9d42f3ab46dc1dfeb7257086976c3990b2a01fe4ddce9c75abe1cb238

Client Binaries

filename sha512 hash
kubernetes-client-darwin-386.tar.gz 53fc3028d0bfd7a7f7a0a248818a2651db860b01db3bca4d83a40ebfac5165a0180cf6edf6046be783661d98613f79e7be349b484f5178fe4a4e3b8f3e5d31e4
kubernetes-client-darwin-amd64.tar.gz df0c4a9e28da98e19cdeaf7ffaa1fdefd0581937889048fc01954fdacec737d66911e8d6dad36d00867b92656837e090cc146013e0c0d710c1c00c3d35d95ab8
kubernetes-client-linux-386.tar.gz 88b7043803baf288ab3a9bf1aa71a88862142ef6674fb26c367f53aace3416cf651fab999212cb8a4da9f5a540a7860ca39b8eb587bb9f0057656582c01e48ac
kubernetes-client-linux-amd64.tar.gz f8a6f010ee769740d4271792187ee2ec38db385cd8ef86c1acb8858b3bc1393352ccaad82e97383ce43426ac372e705ce1466a47ad5ac6adfc037de0469ec133
kubernetes-client-linux-arm.tar.gz 3db8a72b02b8300f0ce873d9827493cab9f710267716228593c919d4e26e78cb6b9f9f5218e7522f9efc520f2debb14c8b5e3264d88c48d54b5174e05893449b
kubernetes-client-linux-arm64.tar.gz eb66b39ee996a0f40af383c8fbdf638b683c6537bd91be54486c6b79a09242da40398039387e0a3da97b39d6a72d3cc95c7e7b2c73695607789e8a16b9f46f17
kubernetes-client-linux-ppc64le.tar.gz 07d4e4791c196075efa65106ebec4726e5d5ed241178a52d87d6cb90d4d2c5e93204ac134cdf17277b158b992b0413ffb1f14eb1bd1efdd225416c84658cdf91
kubernetes-client-linux-s390x.tar.gz 1cbbeb5bad276d35c20d10fffc3dfc917d02a89dd885cbaecb5b7532992aaadab531229aa78a0aaca091a0fb2e1f5ab72834eda062da1e4b37cfe2766ed76f7b
kubernetes-client-windows-386.tar.gz 5e8772c1f746e09a3f1169b53fb6d90d04380609964921baa7a6f77c2c49b6300df6a1546e5a5775d6e5a12e6f5d22cc08fa5a23d6c921132e398439248a9253
kubernetes-client-windows-amd64.tar.gz 59526f0d745b4a716333a1f2e1800b7a4e35071f170633cab738888ec234aca3f4597f7dff1da41d31533e44330398cace24f4122ff1af377c9971111cd32e9a

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 3e56b8c092c08e419dabf65079078aacc3da66aba73b6376546a420bf888e96ddb94da6a85b44ef8f5854c64dc4d984b2a8df42e17959e65e481db3ed10959ae
kubernetes-server-linux-arm.tar.gz 27129a0934582d6fb6ffaba5cfe7ca11bacd15dd09c83335eb86d94a9a592c4da4009b4d4a06e105b106aed572335d5eb589bc58da9dc019f80541739dfac8fc
kubernetes-server-linux-arm64.tar.gz c21589438ec6d93d9f5777f15ab9d4e24eed31f1d9ad365e792b7e73334454cb841209b50a43bc209377b731b0834c83d5a2c040558032578083ca3b5a3dc6db
kubernetes-server-linux-ppc64le.tar.gz e89ee7b92fca05c41c51d10343da990287ad002764e071f88503b8e701d528d13a2f1416769968e74bce524ac45f2157a032a1fc1bb9fabf1b889d52251f7bc7
kubernetes-server-linux-s390x.tar.gz 7dec3cca91a767feae0bf884c70ebb8b44b73a41f2b0230cbdb12860184a18dcf7b5ae0d01966eb5e9eabe36fe960a9df9e8716f8b78f1f2d13435c4938cf9c4

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz f59f302119dddeb13e11abf321bd17ca0d44d04013d2f142e91590d25ccd2c83a9ab0835bb0634a3baff86f103a5f968021f77739a772736f056e0071d1f115a
kubernetes-node-linux-arm.tar.gz 70b57699c4b2a3e044ef0effa8ddbb090c1879a98a68f065fce0b8c79af9912950aa2d9d33b9658771a5c3d7966055e07383adc67e6ed3fda5986b8e2843f7c5
kubernetes-node-linux-arm64.tar.gz 5b5fc9f0c50d3a820bd601e5b683738d289b19d30c34fb2eaafea371655d3f25126a8da867c5612c0a5debdda27476a1d8086e9a61766ff2faec743134b46afe
kubernetes-node-linux-ppc64le.tar.gz 2801eaca2f5ce1e2a32af5c42f1b08770f1ffad440caa7b8757c2e7c8a82e2e3ff1894a4f79ff805e0fd8877ac0e47d7e22efc2f4a191678e7586711c9107c8f
kubernetes-node-linux-s390x.tar.gz c9b7c824366909babfd058fe05ac2064b4755a32e81065c542a8c68c5ce5f8fddf4f2f3efeb6d4943f5ab0e485ac05c055d3656b53558105678c327f970c8f46
kubernetes-node-windows-amd64.tar.gz 7305cc05c0c37ffeed7ee85bae67e5c6f58a605fd8ad9372ed9ded553c3f1038d04300c36b1eea83c94770294732dd5339535f861d601a417a0477bb13b4f16f

Changelog since v1.12.0

Other notable changes

  • kubeadm now allows mixing of init/cluster and join configuration in a single YAML file (although a warning gets printed in this case). (#69426, @rosti)
  • Pod disruption budgets shouldn't be checked for terminal pods while evicting (#68892, @ravisantoshgudimetla)
  • Update crictl to v1.12.0 (#69033, @feiskyer)
  • Enable AttachVolumeLimit feature (#69225, @gnufied)
  • [GCP] Added env variables to control CPU requests of kube-controller-manager and kube-scheduler. (#68823, @loburm)
  • Fixed panic on iSCSI volume tear down. (#69140, @jsafrane)
  • Fixed CSIDriver API object to allow missing fields. (#69331, @jsafrane)
  • Allows changing nodeName in endpoint update. (#68575, @prameshj)
  • Reduced excessive logging from fluentd-gcp-scaler. (#68837, @x13n)
  • kubeadm: Fixed support of node certificates when joining a cluster (#69328, @bart0sh)
  • Fix an issue where filesystems are not unmounted when a backend is not reachable and returns EIO. (#67097, @chakri-nelluri)
  • Use the mounted "/var/run/secrets/kubernetes.io/serviceaccount/token" as the token file for running in-cluster based e2e testing. (#69273, @dims)
  • Fix panic in kubectl rollout commands (#69151, @soltysh)
  • Fix scheduler crashes when Prioritize Map function returns error. (#69135, @DylanBLE)
  • Add fallbacks to ARM API when getting empty node IP from Azure IMDS (#69077, @feiskyer)
  • fix UnmountDevice failure on Windows (#68608, @andyzhangx)
  • Adds permissions for startup of an on-cluster kube-controller-manager (#69062, @dghubble)
  • Get public IP for Azure vmss nodes. (#68498, @feiskyer)
  • Deduplicate PATH items when reading plugins. (#69170, @soltysh)

v1.12.0

Documentation

Downloads for v1.12.0

filename sha512 hash
kubernetes.tar.gz a3db4289ed722db75e51b50f6070d9ec4237c6da0c15e306846d88f4ac5d23c632e1e91c356f54be8abbaa8826c2e416adcc688612dfcb3dd9b92724e45dbefe
kubernetes-src.tar.gz d7c1b837095eb1c0accdbe56020a4f9e64ecc8856fb95f872ff1eacc932948630f62df1d848320cf29f380ce8683c0e150b1a8ac815f1a00e29c5bd33061c1eb

Client Binaries

filename sha512 hash
kubernetes-client-darwin-386.tar.gz a78608d8a1a88219425d9c6266acbf3d93bf1541862cef4c84a6b0bf4741d80f34c91eb1997587d370f69df2df07af261b724bb8ab6080528df7a65c73239471
kubernetes-client-darwin-amd64.tar.gz eea9201e28dff246730cf43134584df0f94a3de05d1a88191ed62c20ebdab40ce9eae97852571fbc991e9b26f5e0f7042578a5113a75cec1773233e800408fd6
kubernetes-client-linux-386.tar.gz 11c5d6629cd8cbcf9ca241043774ca93085edc642b878afb77b3cef2ef26f8b018af1ade362ed742d3781975ed3b4c227b7364e44e5de4d0d96382ddeac3d764
kubernetes-client-linux-amd64.tar.gz 41d976898cd56a2899bfdcac028a54f2ea5b729320908004bdb3ea33576a1d0f25baa61e12a14c9eb011d876db56b4be91221a1f0898b471f0908b38a2fdf280
kubernetes-client-linux-arm.tar.gz c7f363effbbbaddc85d933d4b86f5b56ce6e6472e763ae59ff6888084280a4efda21c4447afba80a479ac6b021094cb31a02c9bd522da866643c084bc03515df
kubernetes-client-linux-arm64.tar.gz 8dd0ef808d75e4456aa3fd3d109248280f7436be9c72790d99a8cd7643561160569e9ad466c75240d1b195be33241b8020047f78c83b8671b210e9eff201a644
kubernetes-client-linux-ppc64le.tar.gz eff7b0cab10adad04558a24be283c990466380b0dcd0f71be25ac4421c88fec7291e895503308539058cfe178a7b6d4e7b1974c6cb57e2e59853e04ae626d2c3
kubernetes-client-linux-s390x.tar.gz 535fb787c8b26f4dcf9b159a7cd00ea482c4e14d5fc2cd150402ba8ea2ccfb28c2cdae73843b31b689ad8c20ccd18a6caf82935e2bdf0a7778aa2ce6aa94b17c
kubernetes-client-windows-386.tar.gz 11036a56d60c5e9ee12f02147ca9f233498a008c901e1e68196444be961440f5d544e1ca180930183f01e2a486a17e4634324e2453a5d0239504680089075aa7
kubernetes-client-windows-amd64.tar.gz e560abcb8fbe733ec7d945d9e12f6e7a873dd3c0fd1cbe1ecd369775f9374f289242778deea80c47d46d62a0e392b5b64d8dc3bd1258cec088c20508b3af2c4d

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 093d44afc221c9bdf6d5d825726404efbb07b882ca4f69186ec681273f24875f8b8b0065bceba27b1ec1727bf08ba2d0d73649ec48d5e48872b2635c21b5313c
kubernetes-server-linux-arm.tar.gz a3178ed50562d24b63e27fa9bd99ccd1b244dea508b537ad08c49ce78bb4ba0fea606216135aea67b89329a0185cc27abfc36513ff186adca8ec39bb72cef9ae
kubernetes-server-linux-arm64.tar.gz b8bf707dabd0710fbc4590ce75a63773339e00f32779a4b59c5039b94888acfe96689ef76a1599a870d51bd56db62d60e1c22b08b163717b3581dea7c82ad293
kubernetes-server-linux-ppc64le.tar.gz a9d8e1eef7f3a548b44ebb9df3f9f6b5592773d4b89bbe17842242b8c9bb67331a4513255f54169a602933da8a731f6a8820b88c73f2c1e21f5c9d50f6d0ee07
kubernetes-server-linux-s390x.tar.gz e584d42d7059ed917dcc66e328e20ef15487ccc2b0ebffa43f0c466633d8ac49d6e0f6cbdf5f9b3824cd8575acbcca02f7815651ea13616ae1043dd7d518de2d

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 6e0d16a21bd0f9a84222838cf75532a32df350b08b5073b3dbbc3338720daf6a1c24927ee191175d2d07a5b9d3d8bf6b5aaf3cfef6dfeb1f010c6a5f442e5e5e
kubernetes-node-linux-arm.tar.gz 8509894b54a6e0d42aef637ef84443688e2f8ee0942b33842651e5760aad6f8283045a2bd55b8e4f43dcf63aa43a743920be524752d520d50f884dff4dd8d441
kubernetes-node-linux-arm64.tar.gz f1555af73cf96d12e632b2cf42f2c4ac962d8da25fb41f36d768428a93544bee0fdcc86237e5d15d513e71795a63f39aa0c192127c3835fc1f89edd3248790a1
kubernetes-node-linux-ppc64le.tar.gz fb23f3021350d3f60df4ccab113f927f3521fd1f91851e028eb05e246fe6269c25ebe0dc4257b797c61d36accab6772a3bcced0b5208e61b96756890f09aae55
kubernetes-node-linux-s390x.tar.gz fbf6cb2273ab4d253693967a5ee111b5177dd23b08a26d33c1e90ec6e5bf2f1d6877858721ecdd7ad583cbfb548020ac025261bf3ebb6184911ce6f0fb1d0b20
kubernetes-node-windows-amd64.tar.gz fdec44561ef0e4d50c6a256aa6eb7255e5da4f6511e91f08d0e579ff13c91faa42e1e07a7992ad2a03b234d636c5f708c9a08437d837bb24e724caaec90dbf69
  • Start SHA: 91e7b4fd31fcd3d5f436da26c980becec37ceefe
  • End Sha: 337e0e18f1aefa199bd0a1786f8eab42e948064c

Known Issues

  • Feature #566 enabling CoreDNS as the default for kube-up deployments was dropped from the release due to a scalability memory resource consumption issue observed. If a cluster operator is considering using CoreDNS on a cluster greater than 2000 nodes, it may be necessary to give more consideration to CoreDNS pod memory resource limits and experimentally measure that memory usage versus cluster resource availability.
  • kube-controller-manager currently needs a writable --cert-dir (default is /var/run/kubernetes) for generating self-signed certificates, when no --tls-cert-file or --tls-private-key-file are provided.
  • The system:kube-controller-manager ClusterRole lacks permission to get the configmap extension-apiserver-authentication. kube-controller-manager errors if run with a service account bound to the clusterrole.
  • Runtime handler and Windows npipe protocol are not supported yet in crictl v1.11.x. Those features will be supported in crictl v1.12.0, together with Kubernetes v1.12.1.

Major Themes

SIG API Machinery

SIG API work this cycle involved development of the "dry run" functionality, which enables users to see the results of a particular command without persisting those changes.

SIG-autoscaling

SIG Autoscaling focused on improving the Horizontal Pod Autoscaling API and algorithm:

  • We released autoscaling/v2beta2, which cleans up and unifies the API
  • We improved readiness detection and smoothing to work well in a larger variety or use cases

SIG-Azure

Sig Azure was focused on two primary new alpha features:

  • Adding Azure Availability Zones support to cloud provider.
  • Supporting Cross RG resources (disks, Azure File and node [Experimental]

Besides the above new features, support for Azure Virtual Machine Scale Sets (VMSS) and Cluster-Autoscaler is now stable and considered GA:

  • Azure virtual machine scale sets (VMSS) allow you to create and manage identical load balanced VMs that automatically increase or decrease based on demand or a set schedule.
  • With this new stable feature, Kubernetes supports the scaling of containerized applications with Azure VMSS, including the ability to integrate it with cluster-autoscaler to automatically adjust the size of the Kubernetes clusters based on the same conditions.

SIG-cli

SIG CLI focused on implementing the new plugin mechanism, providing a library with common CLI tooling for plugin authors and further refactorings of the code.

SIG-cloud-provider

This is the first Kubernetes release for this SIG! In v1.12, SIG Cloud Provider focused on building the processes and infrastructure to better support existing and new cloud providers. Some of these initiatives (many of which are still in progress) are:

  • Reporting E2E conformance test results to TestGrid from every cloud provider (in collaboration with SIG Testing & SIG Release)
  • Defining minimum required documentation from each cloud provider which includes (in collaboration with SIG Docs):
    • example manifests for the kube-apiserver, kube-controller-manager, kube-schedule, kubelet, and the cloud-controller-manager
    • labels/annotations that are consumed by any cloud specific controllers

In addition to the above, SIG Cloud Provider has been focusing on a long running effort to remove cloud provider code from kubernetes/kubernetes.

SIG-cluster-lifecycle

In 1.12, SIG Cluster lifecycle has focused on improving the user experience in kubeadm, by fixing a number of bugs and adding some new important features.

Here is a list of some of the changes that have been made to kubeadm:

  • Kubeadm internal config has been promoted to v1alpha3:
    • v1alpha1 has been removed.
    • v1alpha3 has split apart MasterConfiguration into separate components; InitConfiguration, ClusterConfiguration, JoinConfiguration, KubeletConfiguration, and KubeProxyConfiguration
    • Different configuration types can be supplied all in the same file separated by ---.
  • Improved CRI handling
    • crictl is no longer required in docker-only setups.
    • Better detection of installed CRI.
    • Better output for image pull errors.
  • Improved air-gapped and offline support
    • kubeadm now handles air-gapped environments by using the local client version as a fallback.
    • Some kubeadm commands are now allowed to work in a completely offline mode.
  • Certificate handling improvements:
    • Renew certs as part of upgrade.
    • New kubeadm alpha phase certs renew command for renewing certificates.
    • Certificates created with kubeadm now have improved uniqueness of Distinguished Name fields.
  • HA improvements:
    • kubeadm join --experimental-control-plane can now be used to join control plane instances to an existing cluster.
    • kubeadm upgrade node experimental-control-plane can now be used for upgrading secondary control plane instances created with kubeadm join --experimental-control-plane. Multi-arch support (EXPERIMENTAL):
    • kubeadm now adds support for docker “schema 2” manifest lists. This is preliminary part of the process of making kubeadm based k8s deployments to support multiple architectures. Deprecating features:
    • The Alpha feature-gates HighAvailability, SelfHosting, CertsInSecrets are now deprecated, and will be removed in k8s v1.13.0.

SIG-ibmcloud

As a newly created SIG, the SIG-ibmcloud has mainly focused on SIG set up, sharing IBM Clouds ongoing Kubernetes work like scalability tests, Kubernetes upgrade strategy etc. with the SIG members and start working on processes to move cloud provider code to a public GitHub repo.

SIG-instrumentation

No feature work, but a large refactoring of metrics-server as well as a number of bug fixes.

SIG-node

SIG-node graduated the PodShareProcessNamespace feature from alpha to beta. This feature allows a pod spec to request that all containers in a pod share a common process namespaces.

Two alpha features were also added in this release.

The RuntimeClass alpha feature enables a node to surface multiple runtime options to support a variety of workload types. Examples include native linux containers, and “sandboxed” containers that isolate the container from the host kernel.

The CustomCFSQuotaPeriod alpha feature enables node administrators to change the default period used to enforce CFS quota on a node. This can improve performance for some workloads that experience latency while using CFS quota with the default measurement period. Finally, the SIG continues to focus on improving reliability by fixing bugs while working out design and implementation of future features.

SIG-OpenStack

SIG-OpenStack development was primarily focused on fixing bugs and improving feature parity with OpenStack resources. New features were primarily limited to the external provider in an effort to drive adoption of the OpenStack external provider over the in-tree provider.

In-tree bug fixes and improvements included:

  • Fix load balancer status without VIP.
  • Fix filtering of server status.
  • Fix resizing PVC of Cinder volume.
  • Disable load balancer configuration if it is not defined in cloud config.
  • Add support for node shutdown taint.

The external provider includes all of the above with the additional fixes and features:

  • Fix bug to prevent allocation of existing floating IP.
  • Fix Cinder authentication bug when OS_DOMAIN_NAME not specified.
  • Fix Keystone authentication errors by skipping synchronization for unscoped tokens.
  • Fix authentication error for client-auth-plugin
  • Fix dependency references from in-tree-provider to point to external provider.
  • Add shutdown instance by Provider ID.
  • Add annotation to preserve floating IP after service delete.
  • Add conformance testing to stable and development branches.
  • Add support support to Manilla for trustee authentication and supplying custom CAs.
  • Add and update documentation.
  • Add support to Manilla for provisioning existing shares.
  • Add cluster name to load balancer description
  • Add synchronization between Kubernetes and Keystone projects
  • Add use internal DNS name for 'hostname' of nodes.
  • Add support for CSI spec v0.3.0 for both Cinder and Manilla
  • Add 'cascade delete' support for Octavia load balancers to improve performance.
  • Add improved load balancer naming.

SIG-scheduling

SIG Scheduling development efforts have been primarily focused on improving performance and reliability of the scheduler.

  • Performance of the inter-pod affinity/anti-affinity feature is improved over 100X via algorithmic optimization.
  • DaemonSet pods, which used to be scheduled by the DaemonSet controller, will be scheduled by the default scheduler in 1.12. This change allows DaemonSet pods to enjoy all the scheduling features of the default scheduler.
  • The Image Locality priority function of the scheduler has been improved and is now enabled by default. With this feature enabled, nodes that have all or a partial set of images required for running a pod are preferred over other nodes, which improves pod start-up time.
  • TaintNodeByCondition has been moved to Beta and is enabled by default.
  • Scheduler throughput has been improved by ~50% in large clusters (>2000 nodes).

SIG-service-catalog

  • The Originating Identity feature, which lets the broker know which user that performed an action, is now GA.
  • Namespaced Brokers, which enable operators to install a broker into a namespace instead of the cluster level, reached GA.
  • The Service Plan Defaults feature is in alpha and is under active development. This feature gives operators the ability to define defaults for when someone provisions a service.
  • We now support filtering which services are exposed by Service Catalog.
  • We have also Improved the CLI experience both for kubectl and svcat by improving the output formatting, and by adding more commands.

SIG-storage

SIG Storage promoted the Kubernetes volume topology feature to beta. This enables Kubernetes to understand and act intelligently on volume accessibility information (such as the “zone” a cloud volume is provisioned in, the “rack” that a SAN array is accessible from, and so on).

The dynamic maximum volume count feature was also moved to beta. This enables a volume plugin to specify the maximum number of a given volume type per node as a function of the node characteristics (for example, a larger limit for larger nodes, a smaller limit for smaller nodes).

SIG Storage also worked on a number of Container Storage Interface (CSI) features this quarter in anticipation of moving support for CSI from beta to GA in the next Kubernetes release. This includes graduating the dependent “mount namespace propagation” feature to GA, moving the Kubelet plugin registration mechanism to beta, adding alpha support for a new CSI driver registry as well as for topology, and adding a number of alpha features to support the use of CSI for “local ephemeral volumes” (that is, volumes that exist for the lifecycle of a pod and contain some injected information, like a token or secret).

With Kubernetes v1.12, SIG Storage also introduced alpha support for volume snapshotting. This feature introduces the ability to create/delete volume snapshots and create new volumes from a snapshot using the Kubernetes API.

SIG-vmware

SIG-VMware development was primarily focused on fixing bugs for the in-tree cloud provider, starting the development of the external cloud provider and taking ownership of the cluster-api provider for vSphere.

In-tree cloud provider bug fixes and improvements included:

  • Adding initial Zones support to the provider using vSphere Tags
  • Improving the testing harness for the cloud provider by introducing vcsim for automated testing
  • Fixing a bug that was preventing updates from 1.10 to 1.11

The external cloud provider was established and reached feature parity with in-tree, and we expect to stabilize it and have it as preferred deployment model by 1.13. We are also getting started on externalizing the vSphere volume functionalities in a CSI plugin to fully reproduce the current in-tree storage functionality.

The Cluster API effort is currently undergoing a complete rehaul of the existing codebase, moving off Terraform and into using govmomi directly.

SIG-windows

SIG Windows focused on stability and reliability of our existing feature set. We primarily fixed bugs as we march towards a near future stable release.

Action Required

  • etcd2 as a backend is deprecated and support will be removed in Kubernetes 1.13.
  • The --storage-versions flag of kube-apiserver is now deprecated. This flag should be omitted to ensure the default storage versions are used. Otherwise the cluster is not safe to upgrade to a version newer than 1.12. This flag will be removed in 1.13. (#68080, @caesarxuchao) Courtesy of SIG API Machinery
  • Volume dynamic provisioning scheduling has been moved to beta, which means that the DynamicProvisioningScheduling alpha feature gate has been removed but the VolumeScheduling beta feature gate is still required for this feature. (#67432, @lichuqiang) Courtesy of SIG Apps, SIG Architecture, SIG Storage, and SIG Testing
  • The API server and client-go libraries have been fixed to support additional non-alpha-numeric characters in UserInfo "extra" data keys. Both should be updated in order to properly support extra data containing "/" characters or other characters disallowed in HTTP headers. (#65799, @dekkagaijin) Courtesy of SIG Auth
  • The NodeConfiguration kind in the kubeadm v1alpha2 API has been renamed JoinConfiguration in v1alpha3 (#65951, @luxas) Courtesy of SIG Cluster Lifecycle
  • The MasterConfiguration kind in the kubeadm v1alpha2 API has been renamed InitConfiguration in v1alpha3 (#65945, @luxas) Courtesy of SIG Cluster Lifecycle
  • The formerly publicly-available cAdvisor web UI that the kubelet started using --cadvisor-port has been entirely removed in 1.12. The recommended way to run cAdvisor if you still need it, is via a DaemonSet. (#65707, @dims)
  • Cluster Autoscaler version has been updated to 1.3.1-beta.1. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.1-beta.1 (#65857, @aleksandra-malinowska) Courtesy of SIG Autoscaling
  • kubeadm: The v1alpha1 config API has been removed. (#65628, @luxas) Courtesy of SIG Cluster Lifecycle
  • kube-apiserver: When using --enable-admission-plugins the Priority admission plugin is now enabled by default (matching changes in 1.11.1+). If using --admission-control to fully specify the set of admission plugins, it is now necessary to add the Priority admission plugin for the PodPriority feature to work properly. (#65739, @liggitt) Courtesy of SIG Scheduling
  • The system-node-critical and system-cluster-critical priority classes are now limited to the kube-system namespace by the PodPriority admission plugin (matching changes in 1.11.1+). (#65593, @bsalamat) Courtesy of SIG Scheduling
  • kubeadm: Control plane images (etcd, kube-apiserver, kube-proxy, etc.) no longer use arch suffixes. Arch suffixes are kept for kube-dns only. (#66960, @rosti) Courtesy of SIG Cluster Lifecycle, SIG Release, and SIG Testing
  • kubeadm - Feature-gates HighAvailability, SelfHosting, CertsInSecrets are now deprecated and can no longer be used for new clusters. Cluster updates using above feature-gates flag is not supported. (#67786, @fabriziopandini) Courtesy of SIG Cluster Lifecycle
  • 'KubeSchedulerConfiguration' which used to be under GroupVersion 'componentconfig/v1alpha1', is now under 'kubescheduler.config.k8s.io/v1alpha1'. (#66916, @dixudx) Courtesy of SIG Cluster Lifecycle, SIG Scheduling, and SIG Testing
  • The flag --skip-preflight-checks of kubeadm has been removed. Please use --ignore-preflight-errors instead. (#62727, @xiangpengzhao)
  • If Openstack LoadBalancer is not defined in cloud config, the loadbalancer will no longer beis not initialized. any more in openstack. All setups must have some setting under that section for the OpenStack provider. (#65781, @zetaab)

Deprecations and removals

  • Kubeadm: The Alpha feature-gates HighAvailability, SelfHosting, CertsInSecrets are now deprecated, and will be removed in k8s v1.13.0.
  • The cloudstack and ovirt controllers have been deprecated and will be removed in a future version. (#68199, @dims)
  • All kubectl run generators have been deprecated except for run-pod/v1. This is part of a move to make kubectl run simpler, enabling it create only pods; if additional resources are needed, you should use kubectl create instead. (#68132, @soltysh)
  • The deprecated --interactive flag has been removed from kubectl logs. (#65420, @jsoref) -The deprecated shorthand flag -c has been removed from kubectl version (--client). (#66817, @charrywanganthony)
  • The --pod flag (-p shorthand) of the kubectl exec command has been marked as deprecated, and will be removed in a future version. This flag is currently optional. (#66558, @quasoft)
  • kubectl: --use-openapi-print-columns has been deprecated in favor of --server-print, and will be removed in a future version. (#65601, @liggitt)
  • The watch API endpoints prefixed with /watch are deprecated and will be removed in a future release. These standard method for watching resources (supported since v1.0) is to use the list API endpoints with a ?watch=true parameter. All client-go clients have used the parameter method since v1.6.0. (#65147, @liggitt)
  • Using the Horizontal Pod Autoscaler with metrics from Heapster is now deprecated and will be disabled in a future version. (#68089, @DirectXMan12)
  • The watch API endpoints prefixed with /watch are deprecated and will be removed in a future release. These standard method for watching resources (supported since v1.0) is to use the list API endpoints with a ?watch=true parameter. All client-go clients have used the parameter method since v1.6.0. (#65147, @liggitt)

New Features

  • Kubernetes now registers volume topology information reported by a node-level Container Storage Interface (CSI) driver. This enables Kubernetes support of CSI topology mechanisms. (#67684, @verult) Courtesy of SIG API Machinery, SIG Node, SIG Storage, and SIG Testing
  • Addon-manager has been bumped to v8.7 (#68299, @MrHohn) Courtesy of SIG Cluster Lifecycle, and SIG Testing
  • The CSI volume plugin no longer needs an external attacher for non-attachable CSI volumes. (#67955, @jsafrane) Courtesy of SIG API Machinery, SIG Node, SIG Storage, and SIG Testing
  • KubeletPluginsWatcher feature graduated to beta. (#68200, @RenaudWasTaken) Courtesy of SIG Node, SIG Storage, and SIG Testing
  • A TTL mechanism has been added to clean up Jobs after they finish. (#66840, @janetkuo) Courtesy of SIG API Machinery, SIG Apps, SIG Architecture, and SIG Testing
  • The scheduler is now optimized to throttle computational tasks involved with node selection. (#67555, @wgliang) Courtesy of SIG API Machinery, and SIG Scheduling
  • The performance of Pod affinity/anti-affinity in the scheduler has been improved. (#67788, @ahmad-diaa) Courtesy of SIG Scalability, and SIG Scheduling
  • A kubelet parameter and config option has been added to change the CFS quota period from the default 100ms to some other value between 1µs and 1s. This was done to improve response latencies for workloads running in clusters with guaranteed and burstable QoS classes. (#63437, @szuecs) Courtesy of SIG API Machinery, SIG Apps, SIG Architecture, SIG CLI,, SIG Node, and SIG Scheduling
  • Secure serving on port 10258 to cloud-controller-manager (configurable via --secure-port) is now enabled. Delegated authentication and authorization are to be configured using the same flags as for aggregated API servers. Without configuration, the secure port will only allow access to /healthz. (#67069, @sttts) Courtesy of SIG Auth, and SIG Cloud Provider
  • The commands kubeadm alpha phases renew <cert-name> have been added. (#67910, @liztio) Courtesy of SIG API Machinery, and SIG Cluster Lifecycle
  • ProcMount has been added to SecurityContext and AllowedProcMounts has been added to PodSecurityPolicy to allow paths in the container's /proc to not be masked. (#64283, @jessfraz) Courtesy of SIG API Machinery, SIG Apps, SIG Architecture, and SIG Node
  • Secure serving on port 10257 to kube-controller-manager (configurable via --secure-port) is now enabled. Delegated authentication and authorization are to be configured using the same flags as for aggregated API servers. Without configuration, the secure port will only allow access to /healthz. (#64149, @sttts) Courtesy of SIG API Machinery, SIG Auth, SIG Cloud Provider, SIG Scheduling, and SIG Testing
  • Azure cloud provider now supports unmanaged nodes (such as on-prem) that are labeled with kubernetes.azure.com/managed=false and alpha.service-controller.kubernetes.io/exclude-balancer=true (#67984, @feiskyer) Courtesy of SIG Azure, and SIG Cloud Provider
  • SCTP is now supported as an additional protocol (alpha) alongside TCP and UDP in Pod, Service, Endpoint, and NetworkPolicy. (#64973, @janosi) Courtesy of SIG API Machinery, SIG Apps, SIG Architecture, SIG CLI, SIG Cloud Provider, SIG Cluster Lifecycle, SIG Network, SIG Node, and SIG Scheduling
  • Autoscaling/v2beta2 and custom_metrics/v1beta2 have been introduced, which implement metric selectors for Object and Pods metrics, as well as allowing AverageValue targets on Objects, similar to External metrics. (#64097, @damemi) Courtesy of SIG API Machinery, SIG Architecture, SIG Autoscaling, SIG CLI, and SIG Testing
  • kubelet: Users can now enable the alpha NodeLease feature gate to have the Kubelet create and periodically renew a Lease in the kube-node-lease namespace. The lease duration defaults to 40s, and can be configured via the kubelet.config.k8s.io/v1beta1.KubeletConfiguration's NodeLeaseDurationSeconds field. (#66257, @mtaufen) Courtesy of SIG API Machinery, SIG Apps, SIG Architecture, SIG Cluster Lifecycle, SIG Node, and SIG Testing
  • PodReadinessGate is now turned on by default. (#67406, @freehan) Courtesy of SIG Node
  • Azure cloud provider now supports cross resource group nodes that are labeled with kubernetes.azure.com/resource-group=<rg-name> and alpha.service-controller.kubernetes.io/exclude-balancer=true (#67604, @feiskyer) Courtesy of SIG Azure, SIG Cloud Provider, and SIG Storage
  • Annotations are now supported for remote admission webhooks. (#58679, @CaoShuFeng) Courtesy of SIG API Machinery, and SIG Auth
  • The scheduler now scores fewer than all nodes in every scheduling cycle. This can improve performance of the scheduler in large clusters. (#66733, @bsalamat) Courtesy of SIG Scheduling
  • Node affinity for Azure unzoned managed disks has been added. (#67229, @feiskyer) Courtesy of SIG Azure
  • The Attacher/Detacher interfaces for local storage have been refactored (#66884, @NickrenREN) Courtesy of SIG Storage
  • DynamicProvisioningScheduling and VolumeScheduling is now supported for Azure managed disks. Feature gates DynamicProvisioningScheduling and VolumeScheduling should be enabled before using this feature. (#67121, @feiskyer) Courtesy of SIG Azure, and SIG Storage
  • The audit.k8s.io api group has been upgraded from v1beta1 to v1. (#65891, @CaoShuFeng) Courtesy of SIG API Machinery
  • The quota admission configuration API graduated to v1beta1. (#66156, @vikaschoudhary16) Courtesy of SIG Node, and SIG Scheduling
  • Kube-apiserver --help flag help is now printed in sections. (#64517, @sttts)
  • Azure managed disks now support availability zones and new parameters zoned, zone and zones are added for AzureDisk storage class. (#66553, @feiskyer) Courtesy of SIG Azure
  • Kubectl create job command has been added. (#60316, @soltysh) Courtesy of SIG CLI
  • Kubelet serving certificate bootstrapping and rotation has been promoted to beta status. (#66726, @liggitt) Courtesy of SIG Auth, and SIG Node
  • Azure nodes with availability zone will now have label failure-domain.beta.kubernetes.io/zone=<region>-<zoneID>. (#66242, @feiskyer) Courtesy of SIG Azure
  • kubeadm: Default component configs are now printable via kubeadm config print-default (#66074, @rosti) Courtesy of SIG Cluster Lifecycle
  • Mount propagation has been promoted to GA. The MountPropagation feature gate is deprecated and will be removed in 1.13. (#67255, @bertinatto) Courtesy of SIG Apps, SIG Architecture, SIG Node, and SIG Storage
  • Ubuntu 18.04 (Bionic) series has been added to Juju charms (#65644, @tvansteenburgh)
  • kubeadm: The kubeadm configuration now supports the definition of more than one control plane instances with their own APIEndpoint. The APIEndpoint for the "bootstrap" control plane instance should be defined using InitConfiguration.APIEndpoint, while the APIEndpoints for additional control plane instances should be added using JoinConfiguration.APIEndpoint. (#67832, @fabriziopandini)
  • Add new --server-dry-run flag to kubectl apply so that the request will be sent to the server with the dry-run flag (alpha), which means that changes won't be persisted. (#68069, @apelisse)
  • Introduce CSI Cluster Registration mechanism to ease CSI plugin discovery and allow CSI drivers to customize Kubernetes' interaction with them. (#67803, @saad-ali)
  • The PodShareProcessNamespace feature to configure PID namespace sharing within a pod has been promoted to beta. (#66507, @verb)

API Changes

  • kubeadm now supports the phase command "alpha phase kubelet config annotate-cri". (#68449, @fabriziopandini)
  • kubeadm: --cri-socket now defaults to tcp://localhost:2375 when running on Windows. (#67447, @benmoss)
  • kubeadm now includes a new EXPERIMENTAL --rootfs, which (if specified) causes kubeadm to chroot before performing any file operations. This is expected to be useful when setting up kubernetes on a different filesystem, such as invoking kubeadm from docker. (#54935, @anguslees)
  • The command line option --cri-socket-path of the kubeadm subcommand "kubeadm config images pull" has been renamed to --cri-socket to be consistent with the rest of kubeadm subcommands.
  • kubeadm: The ControlPlaneEndpoint was moved from the API config struct to ClusterConfiguration (#67830, @fabriziopandini)
  • kubeadm: InitConfiguration now consists of two structs: InitConfiguration and ClusterConfiguration (#67441, @rosti)
  • The RuntimeClass API has been added. This feature is in alpha, and the RuntimeClass feature gate must be enabled in order to use it. The RuntimeClass API resource defines different classes of runtimes that may be used to run containers in the cluster. Pods can select a RuntimeClass to use via the RuntimeClassName field. (#67737, @tallclair)
  • To address the possibility of dry-run requests overwhelming admission webhooks that rely on side effects and a reconciliation mechanism, a new field is being added to admissionregistration.k8s.io/v1beta1.ValidatingWebhookConfiguration and admissionregistration.k8s.io/v1beta1.MutatingWebhookConfiguration so that webhooks can explicitly register as having dry-run support. If a dry-run request is made on a resource that triggers a non dry-run supporting webhook, the request will be completely rejected, with "400: Bad Request". Additionally, a new field is being added to the admission.k8s.io/v1beta1.AdmissionReview API object, exposing to webhooks whether or not the request being reviewed is a dry-run. (#66936, @jennybuckley)
  • CRI now supports a "runtime_handler" field for RunPodSandboxRequest, used for selecting the runtime configuration to run the sandbox with (alpha feature). (#67518, @tallclair)
  • More fields are allowed at the root of the CRD validation schema when the status subresource is enabled. (#65357, @nikhita)
  • The --docker-disable-shared-pid kubelet flag has been removed. PID namespace sharing can instead be enable per-pod using the ShareProcessNamespace option. (#66506, @verb)
  • Added the --dns-loop-detect option to dnsmasq, which is run by kube-dns. (#67302, @dixudx)
  • Kubernetes now supports extra --prune-whitelist resources in kube-addon-manager. (#67743, @Random-Liu)
  • Graduate Resource Quota ScopeSelectors to beta, and enable it by default. (#67077, @vikaschoudhary16)
  • The OpenAPI spec and documentation now reflect the 202 Accepted response path for delete requests. Note that this change in the openapi spec may affect some clients that depend on the error paths. (#63418, @roycaihw)
  • The alpha Initializers admission plugin is no longer enabled by default. This matches the off-by-default behavior of the alpha API which drives initializer behavior. (#66039, @liggitt)
  • Adding validation to kube-scheduler at the API level (#66799, @noqcks)
  • DisruptedPods field in PodDisruptionBudget is optional instead of required. (#63757, @nak3)

Other Notable Changes

SIG API Machinery

  • kubectl get apiservice now shows the target service and whether the service is available (#67747, @smarterclayton)
  • Apiserver panics will now be returned as 500 errors rather than terminating the apiserver process. (#68001, @sttts)
  • API paging is now enabled for custom resource definitions, custom resources and APIService objects. (#67861, @liggitt)
  • To address the possibility dry-run requests overwhelming admission webhooks that rely on side effects and a reconciliation mechanism, a new field is being added to admissionregistration.k8s.io/v1beta1.ValidatingWebhookConfiguration and admissionregistration.k8s.io/v1beta1.MutatingWebhookConfiguration so that webhooks can explicitly register as having dry-run support. If a dry-run request is made on a resource that triggers a non dry-run supporting webhook, the request will be completely rejected, with "400: Bad Request". Additionally, a new field is being added to the admission.k8s.io/v1beta1.AdmissionReview API object, exposing to webhooks whether or not the request being reviewed is a dry-run. (#66936, @jennybuckley)
  • kube-apiserver now includes all registered API groups in discovery, including registered extension API group/versions for unavailable extension API servers. (#66932, @nilebox)
  • kube-apiserver: setting a dryRun query parameter on a CONNECT request will now cause the request to be rejected, consistent with behavior of other mutating API requests. Examples of CONNECT APIs are the nodes/proxy, services/proxy, pods/proxy, pods/exec, and pods/attach subresources. Note that this prevents sending a dryRun parameter to backends via {nodes,services,pods}/proxy subresources. (#66083, @jennybuckley)
  • In clusters where the DryRun feature is enabled, dry-run requests will go through the normal admission chain. Because of this, ImagePolicyWebhook authors should especially make sure that their webhooks do not rely on side effects. (#66391, @jennybuckley)
  • Added etcd_object_count metrics for CustomResources. (#65983, @sttts)
  • The OpenAPI version field will now be properly autopopulated without needing other OpenAPI fields present in generic API server code. (#66411, @DirectXMan12)
  • TLS timeouts have been extended to work around slow arm64 math/big functions. (#66264, @joejulian)
  • Kubernetes now checks CREATE admission for create-on-update requests instead of UPDATE admission. (#65572, @yue9944882)
  • kube- and cloud-controller-manager can now listen on ports up to 65535 rather than 32768, solving problems with operating systems that request these higher ports.. (#65860, @sttts)
  • LimitRange and Endpoints resources can be created via an update API call if the object does not already exist. When this occurs, an authorization check is now made to ensure the user making the API call is authorized to create the object. In previous releases, only an update authorization check was performed. (#65150, @jennybuckley)
  • More fields are allowed at the root of the CRD validation schema when the status subresource is enabled. (#65357, @nikhita)
  • api-machinery utility functions SetTransportDefaults and DialerFor once again respect custom Dial functions set on transports (#65547, @liggitt)
  • AdvancedAuditing has been promoted to GA, replacing the previous (legacy) audit logging mechanisms. (#65862, @loburm)
  • Added --authorization-always-allow-paths to components doing delegated authorization to exclude certain HTTP paths like /healthz from authorization. (#67543, @sttts)
  • Allow ImageReview backend to return annotations to be added to the created pod. (#64597, @wteiken)
  • Upon receiving a LIST request with an expired continue token, the apiserver now returns a continue token together with the 410 "the from parameter is too old" error. If the client does not care about getting a list from a consistent snapshot, the client can use this token to continue listing from the next key, but the returned chunk will be from the latest snapshot. (#67284, @caesarxuchao)

SIG Apps

  • The service controller will now retry creating the load balancer when persistUpdate fails due to conflict. (#68087, @grayluck)
  • The latent controller caches no longer cause repeating deletion messages for deleted pods. (#67826, @deads2k)

SIG Auth

  • TokenRequest and TokenRequestProjection are now beta features. To enable these feature, the API server needs to be started with the --service-account-issuer, --service-account-signing-key-file, and --service-account-api-audiences flags. (#67349, @mikedanese)
  • The admin RBAC role now aggregates edit and view. The edit RBAC role now aggregates view. (#66684, @deads2k)
  • UserInfo derived from service account tokens created from the TokenRequest API now include the pod name and UID in the Extra field. (#61858, @mikedanese)
  • The extension API server can now dynamically discover the requestheader CA certificate when the core API server doesn't use certificate based authentication for it's clients. (#66394, @rtripat)

SIG Autoscaling

  • Horizontal Pod Autoscaler default update interval has been increased from 30s to 15s, improving HPA reaction time for metric changes. (#68021, @krzysztof-jastrzebski)
  • To avoid soft-deleted pods incorrectly affecting scale up replica count calculations, the HPA controller will stop counting soft-deleted pods for scaling purposes. (#67067, @moonek)
  • HPA reaction to metric changes has been spend up by removing the scale up forbidden window. (#66615, @jbartosik)

SIG AWS

  • AWS LoadBalancer security group ICMP rules now match the documentation of spec.loadBalancerSourceRanges (#63572, @haz-mat)
  • The aws cloud provider now reports a Hostname address type for nodes based on the local-hostname metadata key. (#67715, @liggitt)

SIG Azure

SIG CLI

  • Added a sample-cli-plugin staging repository and cli-runtime staging repository to help showcase the new kubectl plugins mechanism. (#67938, #67658, @soltysh)
  • The plugin mechanism functionality now closely follows the git plugin design (#66876, @juanvallejo)
  • kubectl patch now respects --local (#67399, @deads2k)
  • kubectl: When an object can't be updated and must be deleted by force, kubectl will now recreating resources for immutable fields.(#66602, @dixudx)
  • kubectl create {clusterrole,role}'s --resources flag now supports asterisk to specify all resources. (#62945, @nak3)
  • kubectl: the wait command now prints an error message and exits with the code 1, if there is no resources matching selectors (#66692, @m1kola)
  • Kubectl now handles newlines for command, args, env, and annotations in kubectl describe wrapping. (#66841, @smarterclayton)
  • The kubectl patch command no longer exits with exit code 1 when a redundant patch results in a no-op (#66725, @juanvallejo)
  • The output of kubectl get events has been improved to prioritize showing the message, and to move some fields to -o wide. (#66643, @smarterclayton)
  • kubectl config set-context can now set attributes of the current context, such as the current namespace, by passing --current instead of a specific context name (#66140, @liggitt)
  • "kubectl delete" no longer waits for dependent objects to be deleted when removing parent resources (#65908, @juanvallejo)
  • A new flag, --keepalive, has been introduced, for kubectl proxy to allow setting keep-alive period for long-running request. (#63793, @hzxuzhonghu)
  • kubectl: fixed a regression with --use-openapi-print-columns that would not print object contents (#65600, @liggitt)
  • The display of jobs in kubectl get and kubectl describe has been improved to emphasize progress and duration. (#65463, @smarterclayton)
  • CSI volume attributes have been added to kubectl describe pv`. (#65074, @wgliang)
  • Running kubectl describe pvc now shows which pods are mounted to the pvc being described with the Mounted By field (#65837, @clandry94)
  • kubectl create secret tls can now read certificate and key files from process substitution arguments (#67713, @liggitt)
  • kubectl rollout status now works for unlimited timeouts. (#67817, @tnozicka)

SIG Cloud Provider

  • The cloudstack cloud provider now reports a Hostname address type for nodes based on the local-hostname metadata key. (#67719, @liggitt)
  • The OpenStack cloud provider now reports a Hostname address type for nodes (#67748, @FengyunPan2)
  • The vSphere cloud provider now suppoerts zones. (#66795, @jiatongw)

SIG Cluster Lifecycle

  • External CAs can now be used for kubeadm with only a certificate, as long as all required certificates already exist. (#68296, @liztio)
  • kubeadm now works better when not connected to the Internet. In addition, common kubeadm commands will now work without an available networking interface. (#67397, @neolit123)
  • Scrape frequency of metrics-server has been increased to 30s.(#68127, @serathius)
  • Kubernetes juju charms will now use CSI for ceph. (#66523, @hyperbolic2346)
  • kubeadm uses audit policy v1 instead of v1beta1 (#67176, @charrywanganthony)
  • Kubeadm nodes will no longer be able to run with an empty or invalid hostname in /proc/sys/kernel/hostname (#64815, @dixudx)
  • kubeadm now can join the cluster with pre-existing client certificate if provided (#66482, @dixudx) (#66382, @bart0sh)
  • kubeadm will no longer hang indefinitely if there is no Internet connection and --kubernetes-version is not specified.(#65676, @dkoshkin)
  • kubeadm: kube-proxy will now run on all nodes, and not just master nodes.(#65931, @neolit123)
  • kubeadm now uses separate YAML documents for the kubelet and kube-proxy ComponentConfigs. (#65787, @luxas)
  • kubeadm will now print required flags when running kubeadm upgrade plan.(#65802, @xlgao-zju)
  • Unix support for ZFS as a valid graph driver has been added for Docker, enabling users to use Kubeadm with ZFS. (#65635, @neolit123)

SIG GCP

  • GCE: decrease cpu requests on master node, to allow more components to fit on one core machine. (#67504, @loburm)
  • Kubernetes 1.12 includes a large number of metadata agent improvements, including expanding the metadata agent's access to all API groups and removing metadata agent config maps in favor of command line flags. It also includes improvements to the logging agent, such as multiple fixes and adjustments. (#66485, @bmoyles0117)
  • cluster/gce: Kubernetes now generates consistent key sizes in config-default.sh using /dev/urandom instead of /dev/random (#67139, @yogi-sagar)

SIG Instrumentation

The etcdv3 client can now be monitored by Prometheus. (#64741, @wgliang)

SIG Network

  • The ip-masq-agent will now be scheduled in all nodes except master due to NoSchedule/NoExecute tolerations. (#66260, @tanshanshan)
  • The CoreDNS service can now be monitored by Prometheus. (#65589, @rajansandeep)
  • Traffic shaping is now supported for the CNI network driver. (#63194, @m1093782566)
  • The dockershim now sets the "bandwidth" and "ipRanges" CNI capabilities (dynamic parameters). Plugin authors and administrators can now take advantage of this by updating their CNI configuration file. For more information, see the CNI docs (#64445, @squeed)

SIG Node

  • RuntimeClass is a new API resource for defining different classes of runtimes that may be used to run containers in the cluster. Pods can select a RunitmeClass to use via the RuntimeClassName field. This feature is in alpha, and the RuntimeClass feature gate must be enabled in order to use it. (#67737, @tallclair)
  • Sped up kubelet start time by executing an immediate runtime and node status update when the Kubelet sees that it has a CIDR. (#67031, @krzysztof-jastrzebski)
  • cpumanager will now rollback state if updateContainerCPUSet failed, indicating that the container start failed. This change will prevent CPU leaks. (#67430, @choury)
  • [CRI] RunPodSandboxRequest now has a runtime_handler field for selecting the runtime configuration to run the sandbox with. This feature is in alpha for 1.12.. (#67518, @tallclair)
  • If a container's requested device plugin resource hasn't registered after Kubelet restart, the container start will now fail.(#67145, @jiayingz)
  • Upgraded TaintNodesByCondition to beta. (#62111, @k82cn)
  • The PodShareProcessNamespace feature to configure PID namespace sharing within a pod has been promoted to beta. (#66507, @verb)
  • The CPU Manager will now validate the state of the node, enabling Kubernetes to maintain the CPU topology even if resources change. (#66718, @ipuustin)
  • Added support kubelet plugin watcher in device manager, as part of the new plugin system. (#58755, @vikaschoudhary16)
  • Expose docker registry config for addons used in Juju deployments (#66092, @kwmonroe)
  • RunAsGroup which has been broken since 1.10, now works. (#65926, @Random-Liu)
  • The systemd config files are now reloaded before kubelet starts, so changes can take effect(#65702, @mborsz)
  • Hostnames are now converted to lowercase before being used for node lookups in the kubernetes-worker charm. (#65487, @dshcherb)
  • kubelets that specify --cloud-provider now only report addresses in Node status as determined by the cloud provider (unless --hostname-override is used to force reporting of the specified hostname) (#65594, @liggitt)
  • Kubelet now exposes /debug/flags/v to allow dynamically setting glog logging level. For example, to change glog level to 3, you only have to send a PUT request like curl -X PUT http://127.0.0.1:8080/debug/flags/v -d "3". (#64601, @hzxuzhonghu)

SIG OpenStack

  • Openstack now supports the node shutdown taint. The taint is added when an instance is shutdown in openstack. (#67982, @zetaab)

SIG Scheduling

  • The equivalence class cache has been redesigned to be a two level cache, resulting in a significant increase in scheduling throughput and performance. (#65714, @resouer)
  • kube-scheduler can now listen on ports up to 65535, correcting a problem with certain operating systems that request ports greater than 32768. (#65833, @sttts)
  • Performance of the anti-affinity predicate of the default scheduler has been improved. (#66948, @mohamed-mehany)
  • The unreachable taint gets applied to a node when it loses its network connection. (#67734, @Huang-Wei)
  • If TaintNodesByCondition is enabled, add node.kubernetes.io/unschedulable and node.kubernetes.io/network-unavailable automatically to DaemonSet pods. (#64954, @k82cn)

SIG Storage

  • The AllowedTopologies field inside StorageClass is now validated against set and map semantics. Specifically, there cannot be duplicate TopologySelectorTerms, MatchLabelExpressions keys, or TopologySelectorLabelRequirement Values. (#66843, @verult)
  • A PersistentVolumeClaim may not have been synced to the controller local cache in time if the PersistentVolumeis bound by an external PV binder (such as kube-scheduler), so Kubernetes will now double check if PVC is not found in order to prevent the volume from being incorrectly reclaimed. (#67062, @cofyc)
  • Filesystems will now be properly unmounted when a backend is not reachable and returns EIO. (#67097, @chakri-nelluri)
  • The logic for attaching volumes has been changed so that attachdetach controller attaches volumes immediately when a Pod's PVCs are bound, preventing a problem that caused pods to have extremely long startup times. (#66863, @cofyc)
  • Dynamic provisions that create iSCSI PVs can now ensure that multipath is used by specifying 2 or more target portals in the PV, which will cause kubelet to wait up to 10 seconds for the multipath device. PVs with just one portal continue to work as before, with kubelet not waiting for the multipath device and just using the first disk it finds. (#67140, @bswartz)
  • ScaleIO volumes can now be provisioned without having to first manually create /dev/disk/by-id path on each kubernetes node (if not already present). (#66174, @ddebroy)
  • Multi-line annotations injected via downward API files will no longer be sorted, scrambling their information. (#65992, @liggitt)
  • The constructed volume spec for the CSI plugin now includes a volume mode field. (#65456, @wenlxie)
  • Kubernetes now includes a metric that reports the number of PVCs that are in-use,with plugin and node name as dimensions, making it possible to figure out how many PVCs each node is using when troubleshooting attach/detach issues. (#64527, @gnufied)
  • Added support to restore a volume from a volume snapshot data source. (#67087, @xing-yang)
  • When attaching iSCSI volumes, kubelet now scans only the specific LUNs being attached, and also deletes them after detaching. This avoids dangling references to LUNs that no longer exist, which used to be the cause of random I/O errors/timeouts in kernel logs, slowdowns during block-device related operations, and very rare cases of data corruption. (#63176, @bswartz)
  • Both directory and block devices are now supported for local volume plugin FileSystem VolumeMode. (#63011, @NickrenREN)
  • CSI NodePublish call can optionally contain information about the pod that requested the CSI volume. (#67945, @jsafrane)
  • Added support for volume attach limits for CSI volumes. (#67731, @gnufied)

SIG VMWare

  • The vmUUID is now preserved when renewing nodeinfo in the vSphere cloud provider. (#66007, @w-leads)
  • You can now configure the vsphere cloud provider with a trusted Root-CA, enabling you to take advantage of TLS certificate rotation. (#64758, @mariantalla)

SIG Windows

  • Kubelet no longer attempts to sync iptables on non-Linux systems.. (#67690, @feiskyer)
  • Kubelet no longer applies default hard evictions of nodefs.inodesFree on non-Linux systems. (#67709, @feiskyer)
  • Windows system container "pods" now support kubelet stats. (#66427, @feiskyer)

Other Notable Changes

Bug Fixes

  • Update debian-iptables and hyperkube-base images to include CVE fixes. (#67365, @ixdy)
  • Fix for resourcepool-path configuration in the vsphere.conf file. (#66261, @divyenpatel)
  • This fix prevents a GCE PD volume from being mounted if the udev device link is stale and tries to correct the link. (#66832, @msau42)
  • Fix controller-manager crashes when flex plugin is removed from flex plugin directory (#65536, @gnufied)
  • Fix local volume directory can't be deleted because of volumeMode error (#65310, @wenlxie)
  • bugfix: Do not print feature gates in the generic apiserver code for glog level 0 (#65584, @neolit123)
  • Fix an issue that pods using hostNetwork keep increasing. (#67456, @Huang-Wei)
  • fixes an out of range panic in the NoExecuteTaintManager controller when running a non-64-bit build (#65596, @liggitt)
  • Fix kubelet to not leak goroutines/intofiy watchers on an inactive connection if it's closed (#67285, @yujuhong)
  • Fix pod launch by kubelet when --cgroups-per-qos=false and --cgroup-driver="systemd" (#66617, @pravisankar)
  • Fixed a panic in the node status update logic when existing node has nil labels. (#66307, @guoshimin)
  • Fix the bug where image garbage collection is disabled by mistake. (#66051, @jiaxuanzhou)
  • Fix a bug that preempting a pod may block forever. (#65987, @Random-Liu)
  • fixes the errors/warnings in fluentd configuration (#67947, @saravanan30erd)
  • Fixed an issue which prevented gcloud from working on GCE when metadata concealment was enabled. (#66630, @dekkagaijin)
  • Fix Stackdriver integration based on node annotation container.googleapis.com/instance_id. (#66676, @kawych)
  • GCE: Fixes loadbalancer creation and deletion issues appearing in 1.10.5. (#66400, @nicksardo)
  • Fixed exception detection in fluentd-gcp plugin. (#65361, @xperimental)
  • kubeadm: Fix panic when node annotation is nil (#67648, @xlgao-zju)
  • kubeadm: stop setting UID in the kubelet ConfigMap (#66341, @runiq)
  • bazel deb package bugfix: The kubeadm deb package now reloads the kubelet after installation (#65554, @rdodev)
  • fix cluster-info dump error (#66652, @charrywanganthony)
  • Fix kubelet startup failure when using ExecPlugin in kubeconfig (#66395, @awly)
  • kubectl: fixes a panic displaying pods with nominatedNodeName set (#66406, @liggitt)
  • prevents infinite CLI wait on delete when item is recreated (#66136, @deads2k)
  • Fix 'kubectl cp' with no arguments causes a panic (#65482, @wgliang)
  • Fixes the wrong elasticsearch node counter (#65627, @IvanovOleg)
  • Fix an issue with dropped audit logs, when truncating and batch backends enabled at the same time. (#65823, @loburm)
  • DaemonSet: Fix bug- daemonset didn't create pod after node have enough resource (#67337, @linyouchong)
  • DaemonSet controller is now using backoff algorithm to avoid hot loops fighting with kubelet on pod recreation when a particular DaemonSet is misconfigured. (#65309, @tnozicka)
  • Avoid creating new controller revisions for statefulsets when cache is stale (#67039, @mortent)
  • Fixes issue when updating a DaemonSet causes a hash collision. (#66476, @mortent)
  • fix rollout status for statefulsets (#62943, @faraazkhan)
  • fixes a validation error that could prevent updates to StatefulSet objects containing non-normalized resource requests (#66165, @liggitt)
  • Headless Services with no ports defined will now create Endpoints correctly, and appear in DNS. (#67622, @thockin)
  • Prevent resourceVersion updates for custom resources on no-op writes. (#67562, @nikhita)
  • kube-controller-manager can now start the quota controller when discovery results can only be partially determined. (#67433, @deads2k)
  • Immediately close the other side of the connection when proxying. (#67288, @MHBauer)
  • kube-apiserver: fixes error creating system priority classes when starting multiple apiservers simultaneously (#67372, @tanshanshan)
  • Forget rate limit when CRD establish controller successfully updated CRD condition (#67370, @yue9944882)
  • fixes a panic when using a mutating webhook admission plugin with a DELETE operation (#66425, @liggitt)
  • Fix creation of custom resources when the CRD contains non-conventional pluralization and subresources (#66249, @deads2k)
  • Aadjusted http/2 buffer sizes for apiservers to prevent starvation issues between concurrent streams (#67902, @liggitt)
  • Fixed a bug that was blocking extensible error handling when serializing API responses error out. Previously, serialization failures always resulted in the status code of the original response being returned. Now, the following behavior occurs: (#67041, @tristanburgess)
  • Fixes issue where pod scheduling may fail when using local PVs and pod affinity and anti-affinity without the default StatefulSet OrderedReady pod management policy (#67556, @msau42)
  • Fix panic when processing Azure HTTP response. (#68210, @feiskyer)
  • Fix volume limit for EBS on m5 and c5 instance types (#66397, @gnufied)
  • Fix a bug on GCE that /etc/crictl.yaml is not generated when crictl is preloaded. (#66877, @Random-Liu)
  • Revert #63905: Setup dns servers and search domains for Windows Pods. DNS for Windows containers will be set by CNI plugins. (#66587, @feiskyer)
  • Fix validation for HealthzBindAddress in kube-proxy when --healthz-port is set to 0 (#66138, @wsong)
  • Fixes issue #68899 where pods might schedule on an unschedulable node. (#68984, @k82cn)

Not Very Notable (that is, non-user-facing)

  • Unit tests have been added for scopes and scope selectors in the quota spec (#66351, @vikaschoudhary16) Courtesy of SIG Node, and SIG Scheduling
  • kubelet v1beta1 external ComponentConfig types are now available in the k8s.io/kubelet repo (#67263, @luxas) Courtesy of SIG Cluster Lifecycle, SIG Node, SIG Scheduling, and SIG Testing
  • Use sync.map to scale ecache better (#66862, @resouer)
  • Extender preemption should respect IsInterested() (#66291, @resouer)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63665, @xchapter7x)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63666, @xchapter7x)
  • Re-adds pkg/generated/bindata.go to the repository to allow some parts of k8s.io/kubernetes to be go-vendorable. (#65985, @ixdy)
  • If TaintNodesByCondition enabled, taint node with TaintNodeUnschedulable when initializing node to avoid race condition. (#63955, @k82cn)
  • Remove rescheduler since scheduling DS pods by default scheduler is moving to beta. (#67687, @Lion-Wei)
  • kubeadm: make sure pre-pulled kube-proxy image and the one specified in its daemon set manifest are the same (#67131, @rosti)
  • kubeadm: remove misleading error message regarding image pulling (#66658, @dixudx)
  • kubeadm: Pull sidecar and dnsmasq-nanny images when using kube-dns (#66499, @rosti)
  • kubeadm: Fix pause image to not use architecture, as it is a manifest list (#65920, @dims)
  • kubeadm: Remove usage of PersistentVolumeLabel (#65827, @xlgao-zju)
  • kubeadm: Add a v1alpha3 API. This change creates a v1alpha3 API that is initially a duplicate of v1alpha2. (#65629, @luxas)
  • Improved error message when checking the rollout status of StatefulSet with OnDelete strategy type. (#66983, @mortent)
  • Defaults for file audit logging backend in batch mode changed: (#67223, @tallclair)
  • Role, ClusterRole and their bindings for cloud-provider is put under system namespace. Their addonmanager mode switches to EnsureExists. (#67224, @grayluck)
  • Don't let aggregated apiservers fail to launch if the external-apiserver-authentication configmap is not found in the cluster. (#67836, @sttts)
  • Always create configmaps/extensions-apiserver-authentication from kube-apiserver. (#67694, @sttts)
  • Switched certificate data replacement from "REDACTED" to "DATA+OMITTED" (#66023, @ibrasho)
  • Decrease the amount of time it takes to modify kubeconfig files with large amounts of contexts (#67093, @juanvallejo)
  • Make EBS volume expansion faster (#66728, @gnufied)
  • Remove unused binary and container image for kube-aggregator. The functionality is already integrated into the kube-apiserver. (#67157, @dims)
  • kube-controller-manager now uses the informer cache instead of active pod gets in HPA controller (#68241, @krzysztof-jastrzebski)
  • Replace scale down forbidden window with scale down stabilization window. Rather than waiting a fixed period of time between scale downs HPA now scales down to the highest recommendation it during the scale down stabilization window. (#68122, @krzysztof-jastrzebski)
  • Improve CPU sample sanitization in HPA by taking metric's freshness into account. (#68068, @krzysztof-jastrzebski)
  • Replace scale up forbidden window with disregarding CPU samples collected when pod was initializing. (#67252, @jbartosik)
  • [e2e] verifying LimitRange update is effective before creating new pod (#68171, @dixudx)
  • Port 31337 will be used by fluentd (#68051, @Szetty)
  • Fix flexvolume in containarized kubelets (#65549, @gnufied)
  • The check for unsupported plugins during volume resize has been moved from the admission controller to the two controllers that handle volume resize. (#66780, @kangarlou)
  • kubeadm: remove redundant flags settings for kubelet (#64682, @dixudx)
  • Set “priorityClassName: system-node-critical” on kube-proxy manifest by default. (#60150, @MrHohn)
  • kube-proxy v1beta1 external ComponentConfig types are now available in the k8s.io/kube-proxy repo (#67688, @Lion-Wei)
  • add missing LastTransitionTime of ContainerReady condition (#64867, @dixudx)

External Dependencies

  • Default etcd server was updated to v3.2.24. (#68318)
  • Rescheduler is unchanged from v1.11: v0.4.0. (#65454)
  • The list of validated docker versions was updated to 1.11.1, 1.12.1, 1.13.1, 17.03, 17.06, 17.09, 18.06. (#68495)
  • The default Go version was updated to 1.10.4. (68802)
  • The minimum supported Go version was updated to 1.10.2 (#63412)
  • CNI is unchanged from v1.10: v0.6.0 (#51250)
  • CSI is unchanged from v1.11: 0.3.0 (#64719)
  • The dashboard add-on unchanged from v1.10: v1.8.3. (#57326)
  • Bump Heapster to v1.6.0-beta as compared to v1.5.2 in v1.11 (#67074)
  • Cluster Autoscaler has been upgraded to v1.12.0 (#s8739)
  • kube-dns was updated to v1.14.13. (#68900)
  • Influxdb is unchanged from v1.10: v1.3.3 (#53319)
  • Grafana is unchanged from v1.10: v4.4.3 (#53319)
  • Kibana is at v6.3.2. (#67582)
  • CAdvisor is unchanged from v1.11: v0.30.1 (#64987)
  • fluentd-gcp-scaler has been updated to v0.4.0, up from 0.3.0 in v1.11. (#67691)
  • fluentd in fluentd-es-image is unchanged from 1.10: v1.1.0 (#58525)
  • Fluentd in fluentd-elasticsearch is unchanged from v1.11: v1.2.4 (#67434)
  • fluentd-elasticsearch is unchanged from 1.10: v2.0.4 (#58525)
  • The fluent-plugin-kubernetes_metadata_filter plugin in fluentd-elasticsearch has been downgraded to version 2.0.0 (#67544)
  • fluentd-gcp is unchanged from 1.10: v3.0.0. (#60722)
  • Ingress glbc is unchanged from 1.10: v1.0.0 (#61302)
  • OIDC authentication is unchanged from 1.10: coreos/go-oidc v2 (#58544)
  • Calico is unchanged from 1.10: v2.6.7 (#59130)
  • hcsshim is unchanged from v1.11, at v0.11 (#64272)
  • gitRepo volumes in pods no longer require git 1.8.5 or newer; older git versions are now supported. (#62394)
  • Upgraded crictl on GCE to v1.11.1, up from 1.11.0 on v1.11. (#66152)
  • CoreDNS has been updated to v1.2.2, up from v1.1.3 in v1.11 (#68076)
  • Setup dns servers and search domains for Windows Pods in dockershim. Docker EE version >= 17.10.0 is required for propagating DNS to containers. (#63905)
  • Istio addon is unchanged from v1.11, at 0.8.0. See full Istio release notes (#64537)
  • cadvisor godeps is unchanged from v1.11, at v0.30.0 (#64800)
  • event-exporter to version v0.2.2, compared to v0.2.0 in v1.11. (#66157)
  • Rev the Azure SDK for networking to 2017-06-01 (#61955)
  • Es-image has been upgraded to Elasticsearch 6.3.2 (#67484)
  • metrics-server has been upgraded to v0.3.1. (#68746)
  • GLBC has been updated to v1.2.3 (#66793)
  • Ingress-gce has been updated to v 1.2.3 (#66793)
  • ip-masq-agen has been updated to v2.1.1 (#67916)
  • v1.12.0-rc.2
  • v1.12.0-rc.1
  • v1.12.0-beta.2
  • v1.12.0-beta.1
  • v1.12.0-alpha.1

v1.12.0-rc.2

Documentation & Examples

Downloads for v1.12.0-rc.2

filename sha256 hash
kubernetes.tar.gz 184ea437bc72d0e6a4c96b964de53181273e919a1d4785515da3406c7e982bf5
kubernetes-src.tar.gz aee82938827ef05ab0ee81bac42f4f79fff126294469868d02efb3426717d71e

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 40ed3ef9bbc4fad7787dd14eae952edf06d40e1094604bc6d10209b8778c3121
kubernetes-client-darwin-amd64.tar.gz a317fe3801ea5387ce474b9759a7e28ede8324587f79935a7a945da44c99a4b2
kubernetes-client-linux-386.tar.gz cd61b4b71d6b739582c02b5be1d87d928507bc59f64ee72629a920cc529a0941
kubernetes-client-linux-amd64.tar.gz 306af04fc18ca2588e16fd831358df50a2cb02219687b543073836f835de8583
kubernetes-client-linux-arm.tar.gz 497584f2686339cce857cff1ebf4ed10dcd63f4684a03c242b0828fcd307be4c
kubernetes-client-linux-arm64.tar.gz 1dfbb8c299f5af15239ef39135a6c8a52ee4c234764ee0437d8f707e636c9124
kubernetes-client-linux-ppc64le.tar.gz 668d6f35c5f6adcd25584d9ef74c549db13ffca9d93b4bc8d25609a8e5837640
kubernetes-client-linux-s390x.tar.gz 8a8e205c38858bd9d161115e5e2870c6cfc9c82e189d156e7062e6fa979c3fda
kubernetes-client-windows-386.tar.gz cdef48279c22cc8c764e43a4b9c2a86f02f21c80abbbcd48041fb1e89fb1eb67
kubernetes-client-windows-amd64.tar.gz 50621a3d2b1550c69325422c6dce78f5690574b35d3778dd3afcf698b57f0f54

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 87a8438887a2daa199508aae591b158025860b8381c64cbe9b1d0c06c4eebde9
kubernetes-server-linux-arm.tar.gz f65be73870a0e564ef8ce1b6bb2b75ff7021a6807de84b5750e4fa78635051b6
kubernetes-server-linux-arm64.tar.gz 171f15aa8b7c365f4fee70ce025c882a921d0075bd726a99b5534cadd09273ef
kubernetes-server-linux-ppc64le.tar.gz abc2003d58bd1aca517415c582ed1e8bb1ed596bf04197f4fc7c0c51865a9f86
kubernetes-server-linux-s390x.tar.gz e2ce834abb4d45d91fd7a8d774e47f0f8092eb4edcf556605c2ef6e2b190b8b1

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 6016c3a1e14c42dcc88caed6497de1b2c56a02bb52d836b19e2ff52098302dda
kubernetes-node-linux-arm.tar.gz e712e38c8037159ea074ad93c2f2905cf279f3f119e5fdbf9b97391037a8813f
kubernetes-node-linux-arm64.tar.gz 7f4095f12d8ad9438919fa447360113799f88bb9435369b9307a41dd9c7692a6
kubernetes-node-linux-ppc64le.tar.gz 4aeb5dbb0c68e54570542eb5a1d7506d73c81b57eba3c2080ee73bb53dbc3be0
kubernetes-node-linux-s390x.tar.gz a160599598167208286db6dc73b415952836218d967fa964fc432b213f1b9908
kubernetes-node-windows-amd64.tar.gz 174bedf62b7959d4cb1b1595666f607cd6377c7a2e2208fef5bd554603db5db3

Changelog since v1.12.0-rc.1

Other notable changes

v1.12.0-rc.1

Documentation & Examples

Downloads for v1.12.0-rc.1

filename sha256 hash
kubernetes.tar.gz ac65cf9571c3a03105f373db23c8d7f4d01fe1c9ee09b06615bb02d0b81d572c
kubernetes-src.tar.gz 28518e1d9c7fe5c54aa3b57235ac8d1a7dae02aec04177c38ca157fc2d16edb6

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 7b6f6f264464d40b7975baecdd796d4f75c5a305999b4ae1f4513646184cac7c
kubernetes-client-darwin-amd64.tar.gz 5feabe3e616125a36ce4c8021d6bdccdec0f3d82f151b80af7cac1453255b4d5
kubernetes-client-linux-386.tar.gz 40524a1a09dd24081b3494593a02a461227727f8706077542f2b8603e1cf7e06
kubernetes-client-linux-amd64.tar.gz ac2c9757d7df761bdf8ffc259fff07448c300dd110c7dbe2ae3830197eb023e9
kubernetes-client-linux-arm.tar.gz 02f27ae16e8ebb12b3cb66391fe85f64de08a99450d726e9defd2c5bcd590955
kubernetes-client-linux-arm64.tar.gz 1286af2cad3f8e2ee8e2dc18a738935779631b58e7ef3da8794bbeadca2f332e
kubernetes-client-linux-ppc64le.tar.gz 9c04419b159fb0fe501d6e0c8122d6a80b5d6961070ebc5e759f4327a1156cf4
kubernetes-client-linux-s390x.tar.gz 104d5c695826971c64cb0cec26cf791d609d3e831edb33574e9af2c4b191f049
kubernetes-client-windows-386.tar.gz 0096f8126eb04eafa9decd258f6d09977d24eee91b83781347a34ebb7d2064aa
kubernetes-client-windows-amd64.tar.gz a641a1a421795279a6213163d7becab9dc6014362e6566f13d660ef1638dc286

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 202958d3cfb774fd065ad1ec2477dc9c92ce7f0ff355807c9a2a3a61e8dad927
kubernetes-server-linux-arm.tar.gz 474de8f6a58d51eb01f6cc73b41897351528a839f818d5c4f828a484f8bc988b
kubernetes-server-linux-arm64.tar.gz dbd5affd244815bf45ac0c7a56265800864db623a6a37e7ce9ebe5e5896453f8
kubernetes-server-linux-ppc64le.tar.gz a62fefa8ad7b3fbfeb7702dac7d4d6f37823b6c3e4edae3356bf0781b48e42e1
kubernetes-server-linux-s390x.tar.gz 0f77690f87503c8ee7ccb473c9d2b9d26420292defd82249509cf50d8bb1a16c

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 2191845147d5aab08f14312867f86078b513b6aff8685bb8ce84a06b78ae9914
kubernetes-node-linux-arm.tar.gz 54de98d7d2a71b78bc7a45e70a2005144d210401663f5a9daadedd05f89291f0
kubernetes-node-linux-arm64.tar.gz a765514e0c4865bb20ceb476af83b9d9356c9b565cfe12615ecf7ad3d5a6b4f7
kubernetes-node-linux-ppc64le.tar.gz b7ae7d159602d0b933614071f11216ede4df3fc2b28a30d0018e06b3bb22cf6e
kubernetes-node-linux-s390x.tar.gz 7d4f502eda6aa70b7a18420344abfaec740d74a1edffcb9869e4305c22bba260
kubernetes-node-windows-amd64.tar.gz ed5516b1f66a39592a101bec135022b3905a66ae526b8ed3e2e9dff5ed68eda0

Changelog since v1.12.0-beta.2

Action Required

  • Service events are now added in azure-cloud-provider for easily identify the underground errors of Azure API. (#68212, @feiskyer)
    • Action required: The following clusterrole and clusterrolebinding should be applied:
         kind: List
         apiVersion: v1
         items:
         - apiVersion: rbac.authorization.k8s.io/v1
           kind: ClusterRole
           metadata:
             labels:
               kubernetes.io/cluster-service: "true"
             name: system:azure-cloud-provider
           rules:
           - apiGroups: [""]
             resources: ["events"]
             verbs:
             - create
             - patch
             - update
         - apiVersion: rbac.authorization.k8s.io/v1
           kind: ClusterRoleBinding
           metadata:
             labels:
               kubernetes.io/cluster-service: "true"
             name: system:azure-cloud-provider
           roleRef:
             apiGroup: rbac.authorization.k8s.io
             kind: ClusterRole
             name: system:azure-cloud-provider
           subjects:
           - kind: ServiceAccount
             name: azure-cloud-provider
             namespace: kube-system
    
    • If the clusterrole with same has already been provisioned (e.g. for accessing azurefile secrets), then the above yaml should be merged togather, e.g.
         kind: List
         apiVersion: v1
         items:
         - apiVersion: rbac.authorization.k8s.io/v1
           kind: ClusterRole
           metadata:
             labels:
               kubernetes.io/cluster-service: "true"
             name: system:azure-cloud-provider
           rules:
           - apiGroups: [""]
             resources: ["events"]
             verbs:
             - create
             - patch
             - update
           - apiGroups: [""]
             resources: ["secrets"]
             verbs:
             - get
             - create
         - apiVersion: rbac.authorization.k8s.io/v1
           kind: ClusterRoleBinding
           metadata:
             labels:
               kubernetes.io/cluster-service: "true"
             name: system:azure-cloud-provider
           roleRef:
             apiGroup: rbac.authorization.k8s.io
             kind: ClusterRole
             name: system:azure-cloud-provider
           subjects:
           - kind: ServiceAccount
             name: azure-cloud-provider
             namespace: kube-system
           - kind: ServiceAccount
             name: persistent-volume-binder
             namespace: kube-system
    

Other notable changes

  • Update metrics-server to v0.3.1 (#68746, @DirectXMan12)
  • Upgrade kubeadm's version of docker support (#68495, @yuansisi)
  • fix a bug that overwhelming number of prometheus metrics are generated because $NAMESPACE is not replaced by string "{namespace}" (#68530, @wenjiaswe)
  • The feature gates ReadOnlyAPIDataVolumes and ServiceProxyAllowExternalIPs, deprecated since 1.10, have been removed and any references must be removed from command-line invocations. (#67951, @liggitt)
  • Verify invalid secret/configmap/projected volumes before calling setup (#68691, @gnufied)
  • Fix bug that caused kubectl commands to sometimes fail to refresh access token when running against GKE clusters. (#66314, @jlowdermilk)
  • Use KubeDNS by default in GCE setups, as CoreDNS has significantly higher memory usage in large clusters. (#68629, @shyamjvs)
  • Fix PodAntiAffinity issues in case of multiple affinityTerms. (#68173, @Huang-Wei)
  • Make APIGroup field in TypedLocalObjectReference optional. (#68419, @xing-yang)
  • Fix potential panic when getting azure load balancer status (#68609, @feiskyer)
  • Fix kubelet panics when RuntimeClass is enabled. (#68521, @yujuhong)
    • cAdvisor: Fix NVML initialization race condition (#68431, @dashpole)
        • cAdvisor: Fix brtfs filesystem discovery
        • cAdvisor: Fix race condition with AllDockerContainers
        • cAdvisor: Don't watch .mount cgroups
        • cAdvisor: Reduce lock contention during list containers
  • Promote ScheduleDaemonSetPods by default scheduler to beta (#67899, @ravisantoshgudimetla)

v1.12.0-beta.2

Documentation & Examples

Downloads for v1.12.0-beta.2

filename sha256 hash
kubernetes.tar.gz 7163d18b9c1bd98ce804b17469ed67b399deb7b574dd12a86609fc647c5c773b
kubernetes-src.tar.gz 6225b71b2dec0f29afb713e64d2b6b82bd0e122274c31310c0de19ef023cb1d0

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz f2ec9799e47c28fce336bc90a6e9b4e47def7081fd73b8e2164940f0a6c824c7
kubernetes-client-darwin-amd64.tar.gz 0e8cfcbe5ec862423ced97da1d9740d4cc4904a0d5cd11a60616aee596bc7622
kubernetes-client-linux-386.tar.gz 1cbd6e8dd892cfc2555d37e733b66aaf85df9950466c7295875d312ac254ddfc
kubernetes-client-linux-amd64.tar.gz 47337b58a26a4953e5c061d28e3ec89b3d4354bce40f9b51fbe269598caeff03
kubernetes-client-linux-arm.tar.gz eaaed82f428fb7ddbb10b4e39a2f287817c33ae24ff16008159f437acc653d4a
kubernetes-client-linux-arm64.tar.gz 3249d1c7d5d5500793546eb144fe537d1984a01c7a79c1382eb2e26a78e532cd
kubernetes-client-linux-ppc64le.tar.gz 67afd34f2199deff901b0872a177dc448ba700dc4ced9ede6f3187a0eed2c6fb
kubernetes-client-linux-s390x.tar.gz e8faa6e45c6e2aeb67ac65737e09be87c190e3c89782ec87a9a205d4f1af9246
kubernetes-client-windows-386.tar.gz 2395051c8cbd0a995b5f3689c0f8c0447bcc1c46440d8cdeffd7c7fccf8e8ae1
kubernetes-client-windows-amd64.tar.gz c6a38ee6eda20656b391ecfcc1f24505eb8a3a5a3200d4bddede318291773619

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 795c713a91118218f5952e1bd4cf0933f36476aa3d9d60a9ee43c9bae8400fd3
kubernetes-server-linux-arm.tar.gz 1798d48a37b8f06878e0ecb8d9b67d0fb5c8ee721608412add57725eb5ce5f1e
kubernetes-server-linux-arm64.tar.gz da2459b5e811daaa2fc04a072773e81dc220400f3aeb6e29bb9594c306c7b266
kubernetes-server-linux-ppc64le.tar.gz 7fd1c2ba0c2c9da5db54f8d0aed28261f03e9953ce01fa367e4ce3d84bf01b4f
kubernetes-server-linux-s390x.tar.gz c9fafb009d7e5da74f588aaa935244c452de52b9488863b90e8b477b1bb16e52

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz ab901137b499829b20b868492d04c1f69d738620b96eb349c642d6d773c44448
kubernetes-node-linux-arm.tar.gz 116dd82721f200f3f37df0e47aebb611fdd7856f94d4c2ebb1d51db21b793a9c
kubernetes-node-linux-arm64.tar.gz 56d8316eb95f7f54c154625063617b86ffb8e2cc80b8225cce4f5c91d2d3a64f
kubernetes-node-linux-ppc64le.tar.gz 66535b16ad588ba3bfcb40728a0497c6821360ab7be9c3ced2072bfa107e5c46
kubernetes-node-linux-s390x.tar.gz 688e09becc9327e50c68b33161eac63a8ba018c02fb298cbd0de82d6ed5dba90
kubernetes-node-windows-amd64.tar.gz b72582f67d19c06f605ca9b02c08b7227796c15c639e3c09b06a8b667c4569fe

Changelog since v1.12.0-beta.1

Action Required

  • Action required: The --storage-versions flag of kube-apiserver is deprecated. Please omit this flag to ensure the default storage versions are used. Otherwise the cluster is not safe to upgrade to a version newer than 1.12. This flag will be removed in 1.13. (#68080, @caesarxuchao)

Other notable changes

  • kubeadm: add mandatory "--config" flag to "kubeadm alpha phase preflight" (#68446, @neolit123)
  • Apply user configurations for local etcd (#68334, @SataQiu)
  • kubeadm: added phase command "alpha phase kubelet config annotate-cri" (#68449, @fabriziopandini)
  • If TaintNodesByCondition is enabled, add node.kubernetes.io/unschedulable and (#64954, @k82cn)
    • node.kubernetes.io/network-unavailable automatically to DaemonSet pods.
  • Deprecate cloudstack and ovirt controllers (#68199, @dims)
  • add missing LastTransitionTime of ContainerReady condition (#64867, @dixudx)
  • kube-controller-manager: use informer cache instead of active pod gets in HPA controller (#68241, @krzysztof-jastrzebski)
  • Support NodeShutdown taint for azure (#68033, @yastij)
  • Registers volume topology information reported by a node-level Container Storage Interface (CSI) driver. This enables Kubernetes support of CSI topology mechanisms. (#67684, @verult)
  • Update default etcd server to 3.2.24 for kubernetes 1.12 (#68318, @timothysc)
  • External CAs can now be used for kubeadm with only a certificate, as long as all required certificates already exist. (#68296, @liztio)
  • Bump addon-manager to v8.7 (#68299, @MrHohn)
      • Support extra --prune-whitelist resources in kube-addon-manager.
      • Update kubectl to v1.10.7.
  • Let service controller retry creating load balancer when persistUpdate failed due to conflict. (#68087, @grayluck)
  • Kubelet now only sync iptables on Linux. (#67690, @feiskyer)
  • CSI NodePublish call can optionally contain information about the pod that requested the CSI volume. (#67945, @jsafrane)
  • [e2e] verifying LimitRange update is effective before creating new pod (#68171, @dixudx)
  • cluster/gce: generate consistent key sizes in config-default.sh using /dev/urandom instead of /dev/random (#67139, @yogi-sagar)
  • Add support for volume attach limits for CSI volumes (#67731, @gnufied)
  • CSI volume plugin does not need external attacher for non-attachable CSI volumes. (#67955, @jsafrane)
  • KubeletPluginsWatcher feature graduates to beta. (#68200, @RenaudWasTaken)
  • Update etcd client to 3.2.24 for latest release (#68147, @timothysc)
  • [fluentd-gcp-scaler addon] Bump fluentd-gcp-scaler to 0.4 to pick up security fixes. (#67691, @loburm)
    • [prometheus-to-sd addon] Bump prometheus-to-sd to 0.3.1 to pick up security fixes, bug fixes and new features.
    • [event-exporter addon] Bump event-exporter to 0.2.3 to pick up security fixes.
  • Fixes issue where pod scheduling may fail when using local PVs and pod affinity and anti-affinity without the default StatefulSet OrderedReady pod management policy (#67556, @msau42)
  • Kubelet only applies default hard evictions of nodefs.inodesFree on Linux (#67709, @feiskyer)
  • Add kubelet stats for windows system container "pods" (#66427, @feiskyer)
  • Add a TTL machenism to clean up Jobs after they finish. (#66840, @janetkuo)

v1.12.0-beta.1

Documentation & Examples

Downloads for v1.12.0-beta.1

filename sha256 hash
kubernetes.tar.gz caa332b14a6ea9d24710e3b015a91b62c04cab14bed14c49077e08bd82b8f4c1
kubernetes-src.tar.gz 821bdea3a52a348306fa8226bcfffa67b375cf1dd80e4be343ce0b38dd20a9a0

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 58323c0a81afe53dd0dda1c6eb513caa4c82514fb6c7f0a327242e573ce80490
kubernetes-client-darwin-amd64.tar.gz 28e9344ede16890ea7848c261e461ded89c3bb2dd5b08446da04b071b48f0b02
kubernetes-client-linux-386.tar.gz a9eece5e0994d2ad5e07152d88787a8b5e9efcdf78983a5bafe3699e5274a9da
kubernetes-client-linux-amd64.tar.gz 9a67750cc4243335f0c2eb89db1c4b54b0a8af08c59e2041636d0a3e946546bf
kubernetes-client-linux-arm.tar.gz bbd2644f843917a3de517a53c90b327502b577fe533a9ad3da4fe6bc437c4a02
kubernetes-client-linux-arm64.tar.gz 630946f49ef18dd43c004d99dccd9ae76390281f54740d7335c042f6f006324b
kubernetes-client-linux-ppc64le.tar.gz 1d4e5cd83faf4cae8e16667576492fcd48a72f69e8fd89d599a8b555a41e90d6
kubernetes-client-linux-s390x.tar.gz 9cefdcf21a62075b5238fda8ef2db08f81b0541ebce0e67353af1dded9e53483
kubernetes-client-windows-386.tar.gz 8b0085606ff38bded362bbe4826b5c8ee5199a33d5cbbc1b9b58f1336648ad5b
kubernetes-client-windows-amd64.tar.gz f44a3ec55dc7d926e681c33b5f7830c6d1cb165e24e349e426c1089b2d05a1df

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 1bf7364aa168fc251768bc850d66fef1d93f324f0ec85f6dce74080627599b70
kubernetes-server-linux-arm.tar.gz dadc94fc0564cfa98add5287763bbe9c33bf8ba3eebad95fb2258c33fe8c5df3
kubernetes-server-linux-arm64.tar.gz 2e6c8a7810705594f191b33476bf4c8fca8cebb364f0855dfea577b01fca7b7e
kubernetes-server-linux-ppc64le.tar.gz ced4a0a4e03639378eff0d3b8bfb832f5fb96be8df3e0befbdbd71373a323130
kubernetes-server-linux-s390x.tar.gz 7e1a3fac2115c15b5baa0db04c7f319fbaaca92aa4c4588ecf62fb19812465a8

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 81d2e2f4cd3254dd345c1e921b12bff62eb96e7551336c44fb0da5407bf5fe5f
kubernetes-node-linux-arm.tar.gz b14734a20190aca2b2af9cee59549d285be4f0c38faf89c5308c94534110edc1
kubernetes-node-linux-arm64.tar.gz ad0a81ecf6ef8346b7aa98a8d02a4f3853d0a5439d149a14b1ac2307b763b2ad
kubernetes-node-linux-ppc64le.tar.gz 8e6d72837fe19afd055786c8731bd555fe082e107195c956c6985e56a03d504f
kubernetes-node-linux-s390x.tar.gz 0fc7d55fb2750b29c0bbc36da050c8bf14508b1aa40e38e3b7f6cf311b464827
kubernetes-node-windows-amd64.tar.gz 09bf133156b9bc474d272bf16e765b143439959a1f007283c477e7999f2b4d6a

Changelog since v1.12.0-alpha.1

Action Required

  • Move volume dynamic provisioning scheduling to beta (ACTION REQUIRED: The DynamicProvisioningScheduling alpha feature gate has been removed. The VolumeScheduling beta feature gate is still required for this feature) (#67432, @lichuqiang)

Other notable changes

  • Not split nodes when searching for nodes but doing it all at once. (#67555, @wgliang)
  • Deprecate kubectl run generators, except for run-pod/v1 (#68132, @soltysh)
  • Using the Horizontal Pod Autoscaler with metrics from Heapster is now deprecated. (#68089, @DirectXMan12)
  • Support both directory and block device for local volume plugin FileSystem VolumeMode (#63011, @NickrenREN)
  • Add CSI volume attributes for kubectl describe pv. (#65074, @wgliang)
  • kubectl rollout status now works for unlimited timeouts. (#67817, @tnozicka)
  • Fix panic when processing Azure HTTP response. (#68210, @feiskyer)
  • add mixed protocol support for azure load balancer (#67986, @andyzhangx)
  • Replace scale down forbidden window with scale down stabilization window. Rather than waiting a fixed period of time between scale downs HPA now scales down to the highest recommendation it during the scale down stabilization window. (#68122, @krzysztof-jastrzebski)
  • Adding validation to kube-scheduler at the API level (#66799, @noqcks)
  • Improve performance of Pod affinity/anti-affinity in the scheduler (#67788, @ahmad-diaa)
  • kubeadm: fix air-gapped support and also allow some kubeadm commands to work without an available networking interface (#67397, @neolit123)
  • Increase Horizontal Pod Autoscaler default update interval (30s -> 15s). It will improve HPA reaction time for metric changes. (#68021, @krzysztof-jastrzebski)
  • Increase scrape frequency of metrics-server to 30s (#68127, @serathius)
  • Add new --server-dry-run flag to kubectl apply so that the request will be sent to the server with the dry-run flag (alpha), which means that changes won't be persisted. (#68069, @apelisse)
  • kubelet v1beta1 external ComponentConfig types are now available in the k8s.io/kubelet repo (#67263, @luxas)
  • Adds a kubelet parameter and config option to change CFS quota period from the default 100ms to some other value between 1µs and 1s. This was done to improve response latencies for workloads running in clusters with guaranteed and burstable QoS classes. (#63437, @szuecs)
  • Enable secure serving on port 10258 to cloud-controller-manager (configurable via --secure-port). Delegated authentication and authorization have to be configured like for aggregated API servers. (#67069, @sttts)
  • Support extra --prune-whitelist resources in kube-addon-manager. (#67743, @Random-Liu)
  • Upon receiving a LIST request with expired continue token, the apiserver now returns a continue token together with the 410 "the from parameter is too old " error. If the client does not care about getting a list from a consistent snapshot, the client can use this token to continue listing from the next key, but the returned chunk will be from the latest snapshot. (#67284, @caesarxuchao)
  • Role, ClusterRole and their bindings for cloud-provider is put under system namespace. Their addonmanager mode switches to EnsureExists. (#67224, @grayluck)
  • Mount propagation has promoted to GA. The MountPropagation feature gate is deprecated and will be removed in 1.13. (#67255, @bertinatto)
  • Introduce CSI Cluster Registration mechanism to ease CSI plugin discovery and allow CSI drivers to customize Kubernetes' interaction with them. (#67803, @saad-ali)
  • Adds the commands kubeadm alpha phases renew <cert-name> (#67910, @liztio)
  • ProcMount added to SecurityContext and AllowedProcMounts added to PodSecurityPolicy to allow paths in the container's /proc to not be masked. (#64283, @jessfraz)
  • support cross resource group for azure file (#68117, @andyzhangx)
  • Port 31337 will be used by fluentd (#68051, @Szetty)
  • Improve CPU sample sanitization in HPA by taking metric's freshness into account. (#68068, @krzysztof-jastrzebski)
  • CoreDNS is now v1.2.2 for Kubernetes 1.12 (#68076, @rajansandeep)
  • Enable secure serving on port 10257 to kube-controller-manager (configurable via --secure-port). Delegated authentication and authorization have to be configured like for aggregated API servers. (#64149, @sttts)
  • Update metrics-server to v0.3.0. (#68077, @DirectXMan12)
  • TokenRequest and TokenRequestProjection are now beta features. To enable these feature, the API server needs to be started with the following flags: (#67349, @mikedanese) * --service-account-issuer * --service-account-signing-key-file * --service-account-api-audiences
  • Don't let aggregated apiservers fail to launch if the external-apiserver-authentication configmap is not found in the cluster. (#67836, @sttts)
  • Promote AdvancedAuditing to GA, replacing the previous (legacy) audit logging mechanisms. (#65862, @loburm)
  • Azure cloud provider now supports unmanaged nodes (such as on-prem) that are labeled with kubernetes.azure.com/managed=false and alpha.service-controller.kubernetes.io/exclude-balancer=true (#67984, @feiskyer)
  • kubectl get apiservice now shows the target service and whether the service is available (#67747, @smarterclayton)
  • Openstack supports now node shutdown taint. Taint is added when instance is shutdown in openstack. (#67982, @zetaab)
  • Return apiserver panics as 500 errors instead terminating the apiserver process. (#68001, @sttts)
  • Fix VMWare VM freezing bug by reverting #51066 (#67825, @nikopen)
  • Make CoreDNS be the default DNS server in kube-up (instead of kube-dns formerly). (#67569, @fturib)
    • It is still possible to deploy kube-dns by setting CLUSTER_DNS_CORE_DNS=false.
  • Added support to restore a volume from a volume snapshot data source. (#67087, @xing-yang)
  • fixes the errors/warnings in fluentd configuration (#67947, @saravanan30erd)
  • Stop counting soft-deleted pods for scaling purposes in HPA controller to avoid soft-deleted pods incorrectly affecting scale up replica count calculation. (#67067, @moonek)
  • delegated authn/z: optionally opt-out of mandatory authn/authz kubeconfig (#67545, @sttts)
  • kubeadm: Control plane images (etcd, kube-apiserver, kube-proxy, etc.) don't use arch suffixes. Arch suffixes are kept for kube-dns only. (#66960, @rosti)
  • Adds sample-cli-plugin staging repository (#67938, @soltysh)
  • adjusted http/2 buffer sizes for apiservers to prevent starvation issues between concurrent streams (#67902, @liggitt)
  • SCTP is now supported as additional protocol (alpha) alongside TCP and UDP in Pod, Service, Endpoint, and NetworkPolicy. (#64973, @janosi)
  • Always create configmaps/extensions-apiserver-authentication from kube-apiserver. (#67694, @sttts)
  • kube-proxy v1beta1 external ComponentConfig types are now available in the k8s.io/kube-proxy repo (#67688, @Lion-Wei)
  • Apply unreachable taint to a node when it lost network connection. (#67734, @Huang-Wei)
  • Allow ImageReview backend to return annotations to be added to the created pod. (#64597, @wteiken)
  • Bump ip-masq-agent to v2.1.1 (#67916, @MrHohn)
      • Update debian-iptables image for CVEs.
      • Change chain name to IP-MASQ to be compatible with the
    • pre-injected masquerade rules.
  • AllowedTopologies field inside StorageClass is now validated against set and map semantics. Specifically, there cannot be duplicate TopologySelectorTerms, MatchLabelExpressions keys, and TopologySelectorLabelRequirement Values. (#66843, @verult)
  • Introduces autoscaling/v2beta2 and custom_metrics/v1beta2, which implement metric selectors for Object and Pods metrics, as well as allowing AverageValue targets on Objects, similar to External metrics. (#64097, @damemi)
  • The cloudstack cloud provider now reports a Hostname address type for nodes based on the local-hostname metadata key. (#67719, @liggitt)
  • kubeadm: --cri-socket now defaults to tcp://localhost:2375 when running on Windows (#67447, @benmoss)
  • kubeadm: The kubeadm configuration now support definition of more than one control plane instances with their own APIEndpoint. The APIEndpoint for the "bootstrap" control plane instance should be defined using InitConfiguration.APIEndpoint, while the APIEndpoints for additional control plane instances should be added using JoinConfiguration.APIEndpoint. (#67832, @fabriziopandini)
  • Enable dynamic azure disk volume limits (#67772, @andyzhangx)
  • kubelet: Users can now enable the alpha NodeLease feature gate to have the Kubelet create and periodically renew a Lease in the kube-node-lease namespace. The lease duration defaults to 40s, and can be configured via the kubelet.config.k8s.io/v1beta1.KubeletConfiguration's NodeLeaseDurationSeconds field. (#66257, @mtaufen)
  • latent controller caches no longer cause repeating deletion messages for deleted pods (#67826, @deads2k)
  • API paging is now enabled for custom resource definitions, custom resources and APIService objects (#67861, @liggitt)
  • kubeadm: ControlPlaneEndpoint was moved from the API config struct to ClusterConfiguration (#67830, @fabriziopandini)
  • kubeadm - feature-gates HighAvailability, SelfHosting, CertsInSecrets are now deprecated and can't be used anymore for new clusters. Update of cluster using above feature-gates flag is not supported (#67786, @fabriziopandini)
  • Replace scale up forbidden window with disregarding CPU samples collected when pod was initializing. (#67252, @jbartosik)
  • Moving KubeSchedulerConfiguration from ComponentConfig API types to staging repos (#66916, @dixudx)
  • Improved error message when checking the rollout status of StatefulSet with OnDelete strategy type (#66983, @mortent)
  • RuntimeClass is a new API resource for defining different classes of runtimes that may be used to run containers in the cluster. Pods can select a RunitmeClass to use via the RuntimeClassName field. This feature is in alpha, and the RuntimeClass feature gate must be enabled in order to use it. (#67737, @tallclair)
  • Remove rescheduler since scheduling DS pods by default scheduler is moving to beta. (#67687, @Lion-Wei)
  • Turn on PodReadinessGate by default (#67406, @freehan)
  • Speed up kubelet start time by executing an immediate runtime and node status update when the Kubelet sees that it has a CIDR. (#67031, @krzysztof-jastrzebski)
  • The OpenStack cloud provider now reports a Hostname address type for nodes (#67748, @FengyunPan2)
  • The aws cloud provider now reports a Hostname address type for nodes based on the local-hostname metadata key. (#67715, @liggitt)
  • Azure cloud provider now supports cross resource group nodes that are labeled with kubernetes.azure.com/resource-group=<rg-name> and alpha.service-controller.kubernetes.io/exclude-balancer=true (#67604, @feiskyer)
  • Reduce API calls for Azure instance metadata. (#67478, @feiskyer)
  • kubectl create secret tls can now read certificate and key files from process substitution arguments (#67713, @liggitt)
  • change default value of kind for azure disk (#67483, @andyzhangx)
  • To address the possibility dry-run requests overwhelming admission webhooks that rely on side effects and a reconciliation mechanism, a new field is being added to admissionregistration.k8s.io/v1beta1.ValidatingWebhookConfiguration and admissionregistration.k8s.io/v1beta1.MutatingWebhookConfiguration so that webhooks can explicitly register as having dry-run support. If a dry-run request is made on a resource that triggers a non dry-run supporting webhook, the request will be completely rejected, with "400: Bad Request". Additionally, a new field is being added to the admission.k8s.io/v1beta1.AdmissionReview API object, exposing to webhooks whether or not the request being reviewed is a dry-run. (#66936, @jennybuckley)
  • Kubeadm ha upgrade (#66973, @fabriziopandini)
  • kubeadm: InitConfiguration now consists of two structs: InitConfiguration and ClusterConfiguration (#67441, @rosti)
  • Updated Cluster Autoscaler version to 1.3.2-beta.2. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.2-beta.2 (#67697, @aleksandra-malinowska)
  • cpumanager: rollback state if updateContainerCPUSet failed (#67430, @choury)
  • [CRI] Adds a "runtime_handler" field to RunPodSandboxRequest, for selecting the runtime configuration to run the sandbox with (alpha feature). (#67518, @tallclair)
  • Create cli-runtime staging repository (#67658, @soltysh)
  • Headless Services with no ports defined will now create Endpoints correctly, and appear in DNS. (#67622, @thockin)
  • Kubernetes juju charms will now use CSI for ceph. (#66523, @hyperbolic2346)
  • kubeadm: Fix panic when node annotation is nil (#67648, @xlgao-zju)
  • Prevent resourceVersion updates for custom resources on no-op writes. (#67562, @nikhita)
  • Fail container start if its requested device plugin resource hasn't registered after Kubelet restart. (#67145, @jiayingz)
  • Use sync.map to scale ecache better (#66862, @resouer)
  • DaemonSet: Fix bug- daemonset didn't create pod after node have enough resource (#67337, @linyouchong)
  • updates kibana to 6.3.2 (#67582, @monotek)
  • fixes json logging in fluentd-elasticsearch image by downgrading fluent-plugin-kubernetes_metadata_filter plugin to version 2.0.0 (#67544, @monotek)
  • add --dns-loop-detect option to dnsmasq run by kube-dns (#67302, @dixudx)
  • Switched certificate data replacement from "REDACTED" to "DATA+OMITTED" (#66023, @ibrasho)
  • improve performance of anti-affinity predicate of default scheduler. (#66948, @mohamed-mehany)
  • Fixed a bug that was blocking extensible error handling when serializing API responses error out. Previously, serialization failures always resulted in the status code of the original response being returned. Now, the following behavior occurs: (#67041, @tristanburgess)
      • If the serialization type is application/vnd.kubernetes.protobuf, and protobuf marshaling is not implemented for the requested API resource type, a '406 Not Acceptable is returned'.
      • If the serialization type is 'application/json':
    •     - If serialization fails, and the original status code was an failure (e.g. 4xx or 5xx), the original status code will be returned.
      
    •     - If serialization fails, and the original status code was not a failure (e.g. 2xx), the status code of the serialization failure will be returned. By default, this is '500 Internal Server Error', because JSON serialization is our default, and not supposed to be implemented on a type-by-type basis.
      
  • Add a feature to the scheduler to score fewer than all nodes in every scheduling cycle. This can improve performance of the scheduler in large clusters. (#66733, @bsalamat)
  • kube-controller-manager can now start the quota controller when discovery results can only be partially determined. (#67433, @deads2k)
  • The plugin mechanism functionality now closely follows the git plugin design (#66876, @juanvallejo)
  • GCE: decrease cpu requests on master node, to allow more components to fit on one core machine. (#67504, @loburm)
  • PVC may not be synced to controller local cache in time if PV is bound by external PV binder (e.g. kube-scheduler), double check if PVC is not found to prevent reclaiming PV wrongly. (#67062, @cofyc)
  • add more storage account sku support for azure disk (#67528, @andyzhangx)
  • updates es-image to elasticsearch 6.3.2 (#67484, @monotek)
  • Bump GLBC version to 1.2.3 (#66793, @freehan)
  • kube-apiserver: fixes error creating system priority classes when starting multiple apiservers simultaneously (#67372, @tanshanshan)
  • kubectl patch now respects --local (#67399, @deads2k)
  • Defaults for file audit logging backend in batch mode changed: (#67223, @tallclair)
      • Logs are written 1 at a time (no batching)
      • Only a single writer process (lock contention)
  • Forget rate limit when CRD establish controller successfully updated CRD condition (#67370, @yue9944882)
  • updates fluentd in fluentd-elasticsearch to version 1.2.4 (#67434, @monotek) * also updates activesupport, fluent-plugin-elasticsearch & oj gems
  • The dockershim now sets the "bandwidth" and "ipRanges" CNI capabilities (dynamic parameters). Plugin authors and administrators can now take advantage of this by updating their CNI configuration file. For more information, see the CNI docs (#64445, @squeed)
  • Expose /debug/flags/v to allow kubelet dynamically set glog logging level. If want to change glog level to 3, you only have to send a PUT request like curl -X PUT http://127.0.0.1:8080/debug/flags/v -d "3". (#64601, @hzxuzhonghu)
  • Fix an issue that pods using hostNetwork keep increasing. (#67456, @Huang-Wei)
  • DaemonSet controller is now using backoff algorithm to avoid hot loops fighting with kubelet on pod recreation when a particular DaemonSet is misconfigured. (#65309, @tnozicka)
  • Add node affinity for Azure unzoned managed disks (#67229, @feiskyer)
  • Attacher/Detacher refactor for local storage (#66884, @NickrenREN)
  • Update debian-iptables and hyperkube-base images to include CVE fixes. (#67365, @ixdy)
  • Fix an issue where filesystems are not unmounted when a backend is not reachable and returns EIO. (#67097, @chakri-nelluri)
  • Update Cluster Autoscaler version to 1.3.2-beta.1. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.2-beta.1 (#67396, @aleksandra-malinowska)
  • Remove unused binary and container image for kube-aggregator. The functionality is already integrated into the kube-apiserver. (#67157, @dims)
  • Avoid creating new controller revisions for statefulsets when cache is stale (#67039, @mortent)
  • Revert #63905: Setup dns servers and search domains for Windows Pods. DNS for Windows containers will be set by CNI plugins. (#66587, @feiskyer)
  • attachdetach controller attaches volumes immediately when Pod's PVCs are bound (#66863, @cofyc)
  • The check for unsupported plugins during volume resize has been moved from the admission controller to the two controllers that handle volume resize. (#66780, @kangarlou)
  • Fix kubelet to not leak goroutines/intofiy watchers on an inactive connection if it's closed (#67285, @yujuhong)
  • fix azure disk create failure due to sdk upgrade (#67236, @andyzhangx)
  • Kubeadm join --control-plane main workflow (#66873, @fabriziopandini)
  • Dynamic provisions that create iSCSI PVs can ensure that multipath is used by specifying 2 or more target portals in the PV, which will cause kubelet to wait up to 10 seconds for the multipath device. PVs with just one portal continue to work as before, with kubelet not waiting for the multipath device and just using the first disk it finds. (#67140, @bswartz)
  • kubectl: recreating resources for immutable fields when force is applied (#66602, @dixudx)
  • Remove deprecated --interactive flag from kubectl logs. (#65420, @jsoref)
  • kubeadm uses audit policy v1 instead of v1beta1 (#67176, @charrywanganthony)
  • kubeadm: make sure pre-pulled kube-proxy image and the one specified in its daemon set manifest are the same (#67131, @rosti)
  • Graduate Resource Quota ScopeSelectors to beta, and enable it by default. (#67077, @vikaschoudhary16)
  • Decrease the amount of time it takes to modify kubeconfig files with large amounts of contexts (#67093, @juanvallejo)
  • Fixes issue when updating a DaemonSet causes a hash collision. (#66476, @mortent)
  • fix cluster-info dump error (#66652, @charrywanganthony)
  • The PodShareProcessNamespace feature to configure PID namespace sharing within a pod has been promoted to beta. (#66507, @verb)
  • kubectl create {clusterrole,role}'s --resources flag supports asterisk to specify all resources. (#62945, @nak3)
  • Bump up version number of debian-base, debian-hyperkube-base and debian-iptables. (#67026, @satyasm)
    • Also updates dependencies of users of debian-base.
    • debian-base version 0.3.1 is already available.
  • DynamicProvisioningScheduling and VolumeScheduling is now supported for Azure managed disks. Feature gates DynamicProvisioningScheduling and VolumeScheduling should be enabled before using this feature. (#67121, @feiskyer)
  • kube-apiserver now includes all registered API groups in discovery, including registered extension API group/versions for unavailable extension API servers. (#66932, @nilebox)
  • Allows extension API server to dynamically discover the requestheader CA certificate when the core API server doesn't use certificate based authentication for it's clients (#66394, @rtripat)
  • audit.k8s.io api group is upgraded from v1beta1 to v1. (#65891, @CaoShuFeng)
    • Deprecated element metav1.ObjectMeta and Timestamp are removed from audit Events in v1 version.
    • Default value of option --audit-webhook-version and --audit-log-version will be changed from audit.k8s.io/v1beta1 to audit.k8s.io/v1 in release 1.13
  • scope AWS LoadBalancer security group ICMP rules to spec.loadBalancerSourceRanges (#63572, @haz-mat)
  • Add NoSchedule/NoExecute tolerations to ip-masq-agent, ensuring it to be scheduled in all nodes except master. (#66260, @tanshanshan)
  • The flag --skip-preflight-checks of kubeadm has been removed. Please use --ignore-preflight-errors instead. (#62727, @xiangpengzhao)
  • The watch API endpoints prefixed with /watch are deprecated and will be removed in a future release. These standard method for watching resources (supported since v1.0) is to use the list API endpoints with a ?watch=true parameter. All client-go clients have used the parameter method since v1.6.0. (#65147, @liggitt)
  • Bump Heapster to v1.6.0-beta.1 (#67074, @kawych)
  • kube-apiserver: setting a dryRun query parameter on a CONNECT request will now cause the request to be rejected, consistent with behavior of other mutating API requests. Examples of CONNECT APIs are the nodes/proxy, services/proxy, pods/proxy, pods/exec, and pods/attach subresources. Note that this prevents sending a dryRun parameter to backends via {nodes,services,pods}/proxy subresources. (#66083, @jennybuckley)
  • In clusters where the DryRun feature is enabled, dry-run requests will go through the normal admission chain. Because of this, ImagePolicyWebhook authors should especially make sure that their webhooks do not rely on side effects. (#66391, @jennybuckley)
  • Metadata Agent Improvements (#66485, @bmoyles0117)
    • Bump metadata agent version to 0.2-0.0.21-1.
    • Expand the metadata agent's access to all API groups.
    • Remove metadata agent config maps in favor of command line flags.
    • Update the metadata agent's liveness probe to a new /healthz handler.
    • Logging Agent Improvements
    • Bump logging agent version to 0.2-1.5.33-1-k8s-1.
    • Appropriately set log severity for k8s_container.
    • Fix detect exceptions plugin to analyze message field instead of log field.
    • Fix detect exceptions plugin to analyze streams based on local resource id.
    • Disable the metadata agent for monitored resource construction in logging.
    • Disable timestamp adjustment in logs to optimize performance.
    • Reduce logging agent buffer chunk limit to 512k to optimize performance.
  • kubectl: the wait command now prints an error message and exits with the code 1, if there is no resources matching selectors (#66692, @m1kola)
  • Quota admission configuration api graduated to v1beta1 (#66156, @vikaschoudhary16)
  • Unit tests for scopes and scope selectors in the quota spec (#66351, @vikaschoudhary16)
  • Print kube-apiserver --help flag help in sections. (#64517, @sttts)
  • Azure managed disks now support availability zones and new parameters zoned, zone and zones are added for AzureDisk storage class. (#66553, @feiskyer)
  • nodes: improve handling of erroneous host names (#64815, @dixudx)
  • remove deprecated shorthand flag -c from kubectl version (--client) (#66817, @charrywanganthony)
  • Added etcd_object_count metrics for CustomResources. (#65983, @sttts)
  • Handle newlines for command, args, env, and annotations in kubectl describe wrapping (#66841, @smarterclayton)
  • Fix pod launch by kubelet when --cgroups-per-qos=false and --cgroup-driver="systemd" (#66617, @pravisankar)
  • kubelet: fix nil pointer dereference while enforce-node-allocatable flag is not config properly (#66190, @linyouchong)
  • Fix a bug on GCE that /etc/crictl.yaml is not generated when crictl is preloaded. (#66877, @Random-Liu)
  • This fix prevents a GCE PD volume from being mounted if the udev device link is stale and tries to correct the link. (#66832, @msau42)

v1.12.0-alpha.1

Documentation

Downloads for v1.12.0-alpha.1

filename sha256 hash
kubernetes.tar.gz 603345769f5e2306e5c22db928aa1cbedc6af63f387ab7a8818cb0111292133f
kubernetes-src.tar.gz f8fb4610cee20195381e54bfd163fbaeae228d68986817b685948b8957f324d0

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz e081c275601bcaa45d906a976d35902256f836bb60caa738a2fd8719ff3e1048
kubernetes-client-darwin-amd64.tar.gz 2dd222a267ac247dce4dfc52aff313f20c427b4351f7410aadebe8569ede3139
kubernetes-client-linux-386.tar.gz 46b16d6b0429163da67b06242772c3c6c5ab9da6deda5306e63d21be04b4811d
kubernetes-client-linux-amd64.tar.gz 8b8bf0a8a4568559d3762a72c1095ab37785fc8bbbb290aaff3a34341a24d7eb
kubernetes-client-linux-arm.tar.gz d71dc60e087746b2832e66170053816dc8ed42e95efe0769ed926a6e044175ef
kubernetes-client-linux-arm64.tar.gz e9091bbfb997d1603dfd17ba9f145ca7dacf304f04d10230e056f8a12ce44445
kubernetes-client-linux-ppc64le.tar.gz fc6c0985ccbd806add497f2557000f7e90f3176427250e019a40e8acf7c42282
kubernetes-client-linux-s390x.tar.gz b8c64b318d702f6e8be76330fd5da9b87e2e4e31e904ea7e00c0cd6412ab2bcf
kubernetes-client-windows-386.tar.gz cb96e353eb5d400756a93c8d16321d0fac87d6a4f8ad89fda42858f8e4d85e9d
kubernetes-client-windows-amd64.tar.gz 003284f983cafc6fd0ce1205c03d47e638a999def1ef4e1e77bfb9149e5f598b

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz d9c282cd02c8c3fdbeb2f46abd0ddd257a8449e94be3beed2514c6e30a335a87
kubernetes-server-linux-arm.tar.gz 613390ba73f4236feb10bb4f70cbf96e504cf8d598da0180efc887d316b8bc5e
kubernetes-server-linux-arm64.tar.gz 1dd417f59d17c3583c6b4a3989d24c57e4989eb7b6ab9f2aa10c4cbf9bf5c11b
kubernetes-server-linux-ppc64le.tar.gz 44e9e6424ed3a5a91f5adefa456b2b71c0c5d3b01be9f60f5c8c0f958815ffc1
kubernetes-server-linux-s390x.tar.gz 3118d9c955f9a50f86ebba324894f06dbf7c1cb8f9bc5bdf6a95caf2a6678805

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 6b4d363d190e0ce6f4e41d19a0ac350b39cad7859bc442166a1da9124d1a82bb
kubernetes-node-linux-arm.tar.gz c80ac005c228217b871bf3e9de032044659db3aa048cc95b101820e31d62264c
kubernetes-node-linux-arm64.tar.gz d8b84e7cc6ff5d0e26b045de37bdd40ca8809c303b601d8604902e5957d98621
kubernetes-node-linux-ppc64le.tar.gz b0a667c5c905e6e724fba95d44797fb52afb564aedd1c25cbd4e632e152843e9
kubernetes-node-linux-s390x.tar.gz 78e7dbb82543ea6ac70767ed63c92823726adb6257f6b70b5911843d18288df7
kubernetes-node-windows-amd64.tar.gz 1a3e11cc3f1a0297de2b894a43eb56ede5fbd5cdc43e4da7e61171f5c1f3ef60

Changelog since v1.11.0

Action Required

  • action required: the API server and client-go libraries have been fixed to support additional non-alpha-numeric characters in UserInfo "extra" data keys. Both should be updated in order to properly support extra data containing "/" characters or other characters disallowed in HTTP headers. (#65799, @dekkagaijin)
  • [action required] The NodeConfiguration kind in the kubeadm v1alpha2 API has been renamed JoinConfiguration in v1alpha3 (#65951, @luxas)
  • ACTION REQUIRED: Removes defaulting of CSI file system type to ext4. All the production drivers listed under https://kubernetes-csi.github.io/docs/Drivers.html were inspected and should not be impacted after this change. If you are using a driver not in that list, please test the drivers on an updated test cluster first. ``` (#65499, @krunaljain)
  • [action required] The MasterConfiguration kind in the kubeadm v1alpha2 API has been renamed InitConfiguration in v1alpha3 (#65945, @luxas)
  • [action required] The formerly publicly-available cAdvisor web UI that the kubelet started using --cadvisor-port is now entirely removed in 1.12. The recommended way to run cAdvisor if you still need it, is via a DaemonSet. (#65707, @dims)
  • Cluster Autoscaler version updated to 1.3.1-beta.1. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.1-beta.1 (#65857, @aleksandra-malinowska)
    • Default value for expendable pod priority cutoff in GCP deployment of Cluster Autoscaler changed from 0 to -10.
    • action required: users deploying workloads with priority lower than 0 may want to use priority lower than -10 to avoid triggering scale-up.
  • [action required] kubeadm: The v1alpha1 config API has been removed. (#65628, @luxas)
    • Please convert your v1alpha1 configuration files to v1alpha2 using the
    • kubeadm config migrate command of kubeadm v1.11.x
  • kube-apiserver: the Priority admission plugin is now enabled by default when using --enable-admission-plugins. If using --admission-control to fully specify the set of admission plugins, the Priority admission plugin should be added if using the PodPriority feature, which is enabled by default in 1.11. (#65739, @liggitt)
  • The system-node-critical and system-cluster-critical priority classes are now limited to the kube-system namespace by the PodPriority admission plugin. (#65593, @bsalamat)
  • kubernetes-worker juju charm: Added support for setting the --enable-ssl-chain-completion option on the ingress proxy. "action required": if your installation relies on supplying incomplete certificate chains and using OCSP to fill them in, you must set "ingress-ssl-chain-completion" to "true" in your juju configuration. (#63845, @paulgear)
  • In anticipation of CSI 1.0 in the next release, Kubernetes 1.12 calls the CSI NodeGetInfo RPC instead of NodeGetId RPC. Ensure your CSI Driver implements NodeGetInfo(...) before upgrading to 1.12. @saad-ali
  • Kubernetes 1.12 also enables Kubelet device plugin registration feature by default. Before upgrading to 1.12, ensure the driver-registrar CSI sidecar container for your CSI driver is configured to handle plugin registration (set the --kubelet-registration-path parameter on driver-registrar to expose a new unix domain socket to handle Kubelet Plugin Registration).

Other notable changes

  • admin RBAC role now aggregates edit and view. edit RBAC role now aggregates view. (#66684, @deads2k)
  • Speed up HPA reaction to metric changes by removing scale up forbidden window. (#66615, @jbartosik)
    • Scale up forbidden window was protecting HPA against making decision to scale up based on metrics gathered during pod initialisation (which may be invalid, for example pod may be using a lot of CPU despite not doing any "actual" work).
    • To avoid that negative effect only use per pod metrics from pods that are:
      • ready (so metrics about them should be valid), or
      • unready but creation and last readiness change timestamps are apart more than 10s (pods that have formerly been ready and so metrics are in at least some cases (pod becoming unready because of overload) very useful).
  • The kubectl patch command no longer exits with exit code 1 when a redundant patch results in a no-op (#66725, @juanvallejo)
  • Improved the output of kubectl get events to prioritize showing the message, and move some fields to -o wide. (#66643, @smarterclayton)
  • Added CPU Manager state validation in case of changed CPU topology. (#66718, @ipuustin)
  • Make EBS volume expansion faster (#66728, @gnufied)
  • Kubelet serving certificate bootstrapping and rotation has been promoted to beta status. (#66726, @liggitt)
  • Flag --pod (-p shorthand) of kubectl exec command marked as deprecated (#66558, @quasoft)
  • Fixed an issue which prevented gcloud from working on GCE when metadata concealment was enabled. (#66630, @dekkagaijin)
  • Azure Go SDK has been upgraded to v19.0.0 and VirtualMachineScaleSetVM now supports availability zones. (#66648, @feiskyer)
  • kubeadm now can join the cluster with pre-existing client certificate if provided (#66482, @dixudx)
  • If TaintNodesByCondition enabled, taint node with TaintNodeUnschedulable when (#63955, @k82cn)
    • initializing node to avoid race condition.
  • kubeadm: remove misleading error message regarding image pulling (#66658, @dixudx)
  • Fix Stackdriver integration based on node annotation container.googleapis.com/instance_id. (#66676, @kawych)
  • Fix kubelet startup failure when using ExecPlugin in kubeconfig (#66395, @awly)
  • When attaching iSCSI volumes, kubelet now scans only the specific (#63176, @bswartz)
    • LUNs being attached, and also deletes them after detaching. This avoids
    • dangling references to LUNs that no longer exist, which used to be the
    • cause of random I/O errors/timeouts in kernel logs, slowdowns during
    • block-device related operations, and very rare cases of data corruption.
  • kubeadm: Pull sidecar and dnsmasq-nanny images when using kube-dns (#66499, @rosti)
  • Extender preemption should respect IsInterested() (#66291, @resouer)
  • Properly autopopulate OpenAPI version field without needing other OpenAPI fields present in generic API server code. (#66411, @DirectXMan12)
  • renamed command line option --cri-socket-path of the kubeadm subcommand "kubeadm config images pull" to --cri-socket to be consistent with the rest of kubeadm subcommands. (#66382, @bart0sh)
  • The --docker-disable-shared-pid kubelet flag has been removed. PID namespace sharing can instead be enable per-pod using the ShareProcessNamespace option. (#66506, @verb)
  • Add support for using User Assigned MSI (https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview) with Kubernetes cluster on Azure. (#66180, @kkmsft)
  • fix acr could not be listed in sp issue (#66429, @andyzhangx)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63665, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • Fix volume limit for EBS on m5 and c5 instance types (#66397, @gnufied)
  • Extend TLS timeouts to work around slow arm64 math/big (#66264, @joejulian)
  • kubeadm: stop setting UID in the kubelet ConfigMap (#66341, @runiq)
  • kubectl: fixes a panic displaying pods with nominatedNodeName set (#66406, @liggitt)
  • Update crictl to v1.11.1. (#66152, @Random-Liu)
  • fixes a panic when using a mutating webhook admission plugin with a DELETE operation (#66425, @liggitt)
  • GCE: Fixes loadbalancer creation and deletion issues appearing in 1.10.5. (#66400, @nicksardo)
  • Azure nodes with availability zone now will have label failure-domain.beta.kubernetes.io/zone=<region>-<zoneID>. (#66242, @feiskyer)
  • Re-design equivalence class cache to two level cache (#65714, @resouer)
  • Checks CREATE admission for create-on-update requests instead of UPDATE admission (#65572, @yue9944882)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63666, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • Fixed a panic in the node status update logic when existing node has nil labels. (#66307, @guoshimin)
  • Bump Ingress-gce version to 1.2.0 (#65641, @freehan)
  • Bump event-exporter to 0.2.2 to pick up security fixes. (#66157, @loburm)
  • Allow ScaleIO volumes to be provisioned without having to first manually create /dev/disk/by-id path on each kubernetes node (if not already present) (#66174, @ddebroy)
  • fix rollout status for statefulsets (#62943, @faraazkhan)
  • Fix for resourcepool-path configuration in the vsphere.conf file. (#66261, @divyenpatel)
  • OpenAPI spec and documentation reflect 202 Accepted response path for delete request (#63418, @roycaihw)
  • fixes a validation error that could prevent updates to StatefulSet objects containing non-normalized resource requests (#66165, @liggitt)
  • Fix validation for HealthzBindAddress in kube-proxy when --healthz-port is set to 0 (#66138, @wsong)
  • kubeadm: use an HTTP request timeout when fetching the latest version of Kubernetes from dl.k8s.io (#65676, @dkoshkin)
  • Support configuring the Azure load balancer idle connection timeout for services (#66045, @cpuguy83)
  • kubectl config set-context can now set attributes of the current context, like the current namespace, by passing --current instead of a specific context name (#66140, @liggitt)
  • The alpha Initializers admission plugin is no longer enabled by default. This matches the off-by-default behavior of the alpha API which drives initializer behavior. (#66039, @liggitt)
  • kubeadm: Default component configs are printable via kubeadm config print-default (#66074, @rosti)
  • prevents infinite CLI wait on delete when item is recreated (#66136, @deads2k)
  • Preserve vmUUID when renewing nodeinfo in vSphere cloud provider (#66007, @w-leads)
  • Cluster Autoscaler version updated to 1.3.1. Release notes: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.3.1 (#66122, @aleksandra-malinowska)
  • Expose docker registry config for addons used in Juju deployments (#66092, @kwmonroe)
  • kubelets that specify --cloud-provider now only report addresses in Node status as determined by the cloud provider (#65594, @liggitt) * kubelet serving certificate rotation now reacts to changes in reported node addresses, and will request certificates for addresses set by an external cloud provider
  • Fix the bug where image garbage collection is disabled by mistake. (#66051, @jiaxuanzhou)
  • fixes an issue with multi-line annotations injected via downward API files getting scrambled (#65992, @liggitt)
  • kubeadm: run kube-proxy on non-master tainted nodes (#65931, @neolit123)
  • "kubectl delete" no longer waits for dependent objects to be deleted when removing parent resources (#65908, @juanvallejo)
  • Introduce a new flag --keepalive for kubectl proxy to allow setting keep-alive period for long-running request. (#63793, @hzxuzhonghu)
  • If Openstack LoadBalancer is not defined in cloud config, the loadbalancer is not initialized any more in openstack. All setups must have some setting under that section (#65781, @zetaab)
  • Re-adds pkg/generated/bindata.go to the repository to allow some parts of k8s.io/kubernetes to be go-vendorable. (#65985, @ixdy)
  • Fix a bug that preempting a pod may block forever. (#65987, @Random-Liu)
  • Fix flexvolume in containarized kubelets (#65549, @gnufied)
  • Add volume mode filed to constructed volume spec for CSI plugin (#65456, @wenlxie)
  • Fix an issue with dropped audit logs, when truncating and batch backends enabled at the same time. (#65823, @loburm)
  • Support traffic shaping for CNI network driver (#63194, @m1093782566)
  • kubeadm: Use separate YAML documents for the kubelet and kube-proxy ComponentConfigs (#65787, @luxas)
  • kubeadm: Fix pause image to not use architecture, as it is a manifest list (#65920, @dims)
  • kubeadm: print required flags when running kubeadm upgrade plan (#65802, @xlgao-zju)
  • Fix RunAsGroup which doesn't work since 1.10. (#65926, @Random-Liu)
  • Running kubectl describe pvc now shows which pods are mounted to the pvc being described with the Mounted By field (#65837, @clandry94)
  • fix azure storage account creation failure (#65846, @andyzhangx)
  • Allow kube- and cloud-controller-manager to listen on ports up to 65535. (#65860, @sttts)
  • Allow kube-scheduler to listen on ports up to 65535. (#65833, @sttts)
  • kubeadm: Remove usage of PersistentVolumeLabel (#65827, @xlgao-zju)
  • kubeadm: Add a v1alpha3 API. (#65629, @luxas)
  • Update to use go1.10.3 (#65726, @ixdy)
  • LimitRange and Endpoints resources can be created via an update API call if the object does not already exist. When this occurs, an authorization check is now made to ensure the user making the API call is authorized to create the object. In previous releases, only an update authorization check was performed. (#65150, @jennybuckley)
  • Fix 'kubectl cp' with no arguments causes a panic (#65482, @wgliang)
  • bazel deb package bugfix: The kubeadm deb package now reloads the kubelet after installation (#65554, @rdodev)
  • fix smb mount issue (#65751, @andyzhangx)
  • More fields are allowed at the root of the CRD validation schema when the status subresource is enabled. (#65357, @nikhita)
  • Reload systemd config files before starting kubelet. (#65702, @mborsz)
  • Unix: support ZFS as a valid graph driver for Docker (#65635, @neolit123)
  • Fix controller-manager crashes when flex plugin is removed from flex plugin directory (#65536, @gnufied)
  • Enable etcdv3 client prometheus metics (#64741, @wgliang)
  • skip nodes that have a primary NIC in a 'Failed' provisioningState (#65412, @yastij)
  • kubeadm: remove redundant flags settings for kubelet (#64682, @dixudx)
  • Fixes the wrong elasticsearch node counter (#65627, @IvanovOleg)
  • Add Ubuntu 18.04 (Bionic) series to Juju charms (#65644, @tvansteenburgh)
  • Fix local volume directory can't be deleted because of volumeMode error (#65310, @wenlxie)
  • kubectl: --use-openapi-print-columns is deprecated in favor of --server-print (#65601, @liggitt)
  • Add prometheus scrape port to CoreDNS service (#65589, @rajansandeep)
  • fixes an out of range panic in the NoExecuteTaintManager controller when running a non-64-bit build (#65596, @liggitt)
  • kubectl: fixes a regression with --use-openapi-print-columns that would not print object contents (#65600, @liggitt)
  • Hostnames are now converted to lowercase before being used for node lookups in the kubernetes-worker charm. (#65487, @dshcherb)
  • N/A (#64660, @figo)
  • bugfix: Do not print feature gates in the generic apiserver code for glog level 0 (#65584, @neolit123)
  • Add metrics for PVC in-use (#64527, @gnufied)
  • Fixed exception detection in fluentd-gcp plugin. (#65361, @xperimental)
  • api-machinery utility functions SetTransportDefaults and DialerFor once again respect custom Dial functions set on transports (#65547, @liggitt)
  • Improve the display of jobs in kubectl get and kubectl describe to emphasize progress and duration. (#65463, @smarterclayton)
  • kubectl convert previous created a list inside of a list. Now it is only wrapped once. (#65489, @deads2k)
  • fix azure disk creation issue when specifying external resource group (#65516, @andyzhangx)
  • fixes a regression in kube-scheduler to properly load client connection information from a --config file that references a kubeconfig file (#65507, @liggitt)
  • Fixed cleanup of CSI metadata files. (#65323, @jsafrane)
  • Update Rescheduler's manifest to use version 0.4.0. (#65454, @bsalamat)
  • On COS, NPD creates a node condition for frequent occurrences of unregister_netdevice (#65342, @dashpole)
  • Properly manage security groups for loadbalancer services on OpenStack. (#65373, @multi-io)
  • Add user-agent to audit-logging. (#64812, @hzxuzhonghu)
  • kubeadm: notify the user of manifest upgrade timeouts (#65164, @xlgao-zju)
  • Fixes incompatibility with custom scheduler extender configurations specifying bindVerb (#65424, @liggitt)
  • Using kubectl describe on CRDs that use underscores will be prettier. (#65391, @smarterclayton)
  • Improve scheduler's performance by eliminating sorting of nodes by their score. (#65396, @bsalamat)
  • Add more conditions to the list of predicate failures that won't be resolved by preemption. (#64995, @bsalamat)
  • Allow access to ClusterIP from the host network namespace when kube-proxy is started in IPVS mode without either masqueradeAll or clusterCIDR flags (#65388, @lbernail)
  • User can now use sudo crictl on GCE cluster. (#65389, @Random-Liu)
  • Tolerate missing watch permission when deleting a resource (#65370, @deads2k)
  • Prevents a kubectl delete hang when deleting controller managed lists (#65367, @deads2k)
  • fixes a memory leak in the kube-controller-manager observed when large numbers of pods with tolerations are created/deleted (#65339, @liggitt)
  • checkLimitsForResolvConf for the pod create and update events instead of checking period (#64860, @wgliang)
  • Fix concurrent map access panic (#65334, @dashpole)
    • Don't watch .mount cgroups to reduce number of inotify watches
    • Fix NVML initialization race condition
    • Fix brtfs disk metrics when using a subdirectory of a subvolume
  • Change Azure ARM Rate limiting error message. (#65292, @wgliang)
  • AWS now checks for validity of ecryption key when creating encrypted volumes. Dynamic provisioning of encrypted volume may get slower due to these checks. (#65223, @jsafrane)
  • Report accurate status for kubernetes-master and -worker charms. (#65187, @kwmonroe)
  • Fixed issue 63608, which is that under rare circumstances the ResourceQuota admission controller could lose track of an request in progress and time out after waiting 10 seconds for a decision to be made. (#64598, @MikeSpreitzer)
  • In the vSphere cloud provider the Global.vm-uuid configuration option is not deprecated anymore, it can be used to overwrite the VMUUID on the controller-manager (#65152, @alvaroaleman)
  • fluentd-gcp grace termination period increased to 60s. (#65084, @x13n)
  • Pass cluster_location argument to Heapster (#65176, @kawych)
  • Fix a scalability issue where high rates of event writes degraded etcd performance. (#64539, @ccding)
  • Corrected a mistake in the documentation for wait.PollImmediate(...) (#65026, @spew)
  • Split 'scheduling_latency_seconds' metric into finer steps (predicate, priority, premption) (#65306, @shyamjvs)
  • Etcd health checks by the apiserver now ensure the apiserver can connect to and exercise the etcd API (#65027, @liggitt)
  • Add e2e regression tests for the kubelet being secure (#64140, @dixudx)
  • set EnableHTTPSTrafficOnly in azure storage account creation (#64957, @andyzhangx)
  • Fixes an issue where Portworx PVCs remain in pending state when created using a StorageClass with empty parameters (#64895, @harsh-px)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63662, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63661, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63660, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.
  • Updated default image for nginx ingress in CDK to match current Kubernetes docs. (#64285, @hyperbolic2346)
  • Added block volume support to Cinder volume plugin. (#64879, @bertinatto)
  • fixed incorrect OpenAPI schema for CustomResourceDefinition objects (#65256, @liggitt)
  • ignore not found file error when watching manifests (#64880, @dixudx)
  • add port-forward examples for sevice (#64773, @MasayaAoyama)
  • Fix issues for block device not mapped to container. (#64555, @wenlxie)
  • Update crictl on GCE to v1.11.0. (#65254, @Random-Liu)
  • Fixes missing nodes lines when kubectl top nodes (#64389, @yue9944882)
  • keep pod state consistent when scheduler cache UpdatePod (#64692, @adohe)
  • add external resource group support for azure disk (#64427, @andyzhangx)
  • Increase the gRPC max message size to 16MB in the remote container runtime. (#64672, @mcluseau)
  • The new default value for the --allow-privileged parameter of the Kubernetes-worker charm has been set to true based on changes which went into the Kubernetes 1.10 release. Before this change the default value was set to false. If you're installing Canonical Kubernetes you should expect this value to now be true by default and you should now look to use PSP (pod security policies). (#64104, @CalvinHartwell)
  • The --remove-extra-subjects and --remove-extra-permissions flags have been enabled for kubectl auth reconcile (#64541, @mrogers950)
  • Fix kubectl drain --timeout option when eviction is used. (#64378, @wrdls)
  • This PR will leverage subtests on the existing table tests for the scheduler units. (#63659, @xchapter7x)
    • Some refactoring of error/status messages and functions to align with new approach.