Skip to content

Latest commit

 

History

History
272 lines (237 loc) · 38.1 KB

CHANGELOG-1.15.md

File metadata and controls

272 lines (237 loc) · 38.1 KB

v1.15.0-alpha.2

Documentation

Downloads for v1.15.0-alpha.2

filename sha512 hash
kubernetes.tar.gz 88ca590c9bc2a095492310fee73bd191398375bc7f549e66e8978c48be8a9c0f9ad26e3881b84d5f2f2e49273333b3086dd99cc8c52de68e38464729f0d2828f
kubernetes-src.tar.gz f587073d7b58903a52beeaa911c932047294be54b6f395063c65b46a61113af1aeca37c0edc536525398f0051968708cc9bb17a2173edb8c2e8f3938ad91c0b0

Client Binaries

filename sha512 hash
kubernetes-client-darwin-386.tar.gz 1b944693f3813702e64f41fc11102af59beceb5ded52aac3109ebe39eb2e9103d10b26f29519337a36c86dec5c472d2b0dd5bb0264969a587345b6bb89142520
kubernetes-client-darwin-amd64.tar.gz 233bba8324f7570e527f7ef22a01552c28dbabc6eef658311668ed554923344791c2c9314678f205424a638fefebbbf67dd32be99cb70019cc77a08dbae08f4d
kubernetes-client-linux-386.tar.gz 1203729b3180328631d4192c5f4cfb09e3fea958be544fe4ee3e86826422a6242d7eae9d3efba055ada4e65dbc7a3020305da97223d24416dd40686271fb3537
kubernetes-client-linux-amd64.tar.gz ad0613c88d4f97b2a8f35fff607bf6168724b28838587218ccece14afb52b531f723ced372de3a4014ee76ae2c738f523790178395a2b59d4b5f53fc3451fd04
kubernetes-client-linux-arm.tar.gz e9d3905d306504838d417051df43431f724ea689fd3564e575f8235fc80d771b9bc72c98eae4641e9e3c5619fc93550b93634ff33d8db3b0058e348d7258ee3d
kubernetes-client-linux-arm64.tar.gz a426b27d0851d84b76d225b9366668521441539e7582b2439e973c98c84909fc0a236478d505c6cf50598c4ecb4796f3214ee5c80d42653ddb8e30d5ce7732be
kubernetes-client-linux-ppc64le.tar.gz be717777159b6f0c472754be704d543b80168cc02d76ca936f6559a55752530e061fe311df3906660dcaf7950a7cbea102232fb54bc4056384c11018d1dfff24
kubernetes-client-linux-s390x.tar.gz 4a4a08d23be247e1543c85895c211e9fee8e8fa276e5aa31ed012804fa0921eeb0e5828f8ef152742b41dc1db08658dec01c0287b2828c3d3b91f260243c2457
kubernetes-client-windows-386.tar.gz 8d16d655d7d4213a45a583f81b31056a02dd2100d06d8072a8ec77e255630bd9acfff062d7ab46946f94d667a8d73c611818445464638f3a3ef69c29e9aafda7
kubernetes-client-windows-amd64.tar.gz d4ece03464aaa9c2416d7acf9de7f94f3e01fa17f6f7469a9aedaefa90d4b0af193a1b78fb514fd9de0a55a45244a076e3897e62f9208581523690bbe0353357

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 932557827bfcc329162fcf29510f40951bdd5da4890de62fd5c44d5290349b0942ffe07bb2b518ca0f21b4de4c27ec6cfa338ec2b40e938e3a9f6e3ab5db89c0
kubernetes-server-linux-arm.tar.gz e1c5349feab83ad458b9a5956026c48c7ce53f3becc09c537eda8984cea56bb254e7972d467e3b3349ad8e35cf70bebcb4b6a0ab98cbe43ab5f1238f0844d151
kubernetes-server-linux-arm64.tar.gz e8cfe09ff625b36b58d97440d82dbc06795d503729b45a8d077de7c73b70f350010747ad2c118ea75946e40cbf5cdfb1fdfa686c8cc714d4ec942f9bf2925664
kubernetes-server-linux-ppc64le.tar.gz 99770fe0abd0ec2d5f7e38d434a82fa323b2e25124e62aadf483dd68e763b07292e9303a2c8d96964bed91cab7050e0f5be02c76919c33dcc18b46d541677022
kubernetes-server-linux-s390x.tar.gz 3f0772f3b470d59330dd6b44a43af640a7ec42354d734a1aef491769d20a2dadaebda71cac6ad926082e03e967c6dd16ce9c440183d705c8c7c5a33f6d7b89be

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 9c879a12174a8c69124a649a8e6d51a5d4c174741d743f68f9ccec349aa671ca085e33cf63ba6047e89c9e16c2122758bbcac01eba48864cd834d18ff6c6bd36
kubernetes-node-linux-arm.tar.gz 3ac31c7f6b01896da60028037f30f8b6f331b7cd989dcfabd5623dbfbbed8a60ff5911fc175d976e831075587f2cd79c97f50b5cfa73bac203746bd2f6b75cd1
kubernetes-node-linux-arm64.tar.gz 669376d5673534d53d2546bc7768f00a3add74da452061dbc2892f59efba28dc54835e4bc556c84ef54cb761f9e65f2b54e274f39faa0d609976da76fcdd87df
kubernetes-node-linux-ppc64le.tar.gz b1c7fb9fcafc216fa2bd9551399f11a592922556dfad4c56fa273a7c54426fbb63b786ecf44d71148f5c8bd08212f9915c0b784790661302b9953d6da44934d7
kubernetes-node-linux-s390x.tar.gz b93ae8cebd79d1ce0cb2aed66ded63b3541fcca23a1f879299c422774fb757ad3c30e782ccd7314480d247a5435c434014ed8a4cc3943b3078df0ef5b5a5b8f1
kubernetes-node-windows-amd64.tar.gz e99127789e045972d0c52c61902f00297c208851bb65e01d28766b6f9439f81a56e48f3fc1a20189c59ea76d3ba4ac3dd230ad054c8a2106ae8a19d4232137ba

Changelog since v1.15.0-alpha.1

Other notable changes

  • Kubemark scripts have been fixed for IKS clusters. (#76909, @Huang-Wei)
  • fix azure disk list corruption issue (#77187, @andyzhangx)
  • kubeadm: kubeadm upgrade now renews all the certificates used by one component before upgrading the component itself, with the exception of certificates signed by external CAs. User can eventually opt-out from certificate renewal during upgrades by setting the new flag --certificate-renewal to false. (#76862, @fabriziopandini)
  • kube-proxy: os exit when CleanupAndExit is set to true (#76732, @JieJhih)
  • kubectl exec now allows using resource name (e.g., deployment/mydeployment) to select a matching pod. (#73664, @prksu)
    • kubectl exec now allows using --pod-running-timeout flag to wait till at least one pod is running.
  • kubeadm: add optional ECDSA support. (#76390, @rojkov)
    • kubeadm still generates RSA keys when deploying a node, but also accepts ECDSA
    • keys if they exist already in the directory specified in --cert-dir option.
  • kube-proxy: HealthzBindAddress and MetricsBindAddress support ipv6 address. (#76320, @JieJhih)
  • Packets considered INVALID by conntrack are now dropped. In particular, this fixes (#74840, @anfernee)
    • a problem where spurious retransmits in a long-running TCP connection to a service
    • IP could result in the connection being closed with the error "Connection reset by
    • peer"
  • Introduce the v1beta2 config format to kubeadm. (#76710, @rosti)
  • kubeadm: bump the minimum supported Docker version to 1.13.1 (#77051, @chenzhiwei)
  • Rancher credential provider has now been removed (#77099, @dims)
  • Support print volumeMode using kubectl get pv/pvc -o wide (#76646, @cwdsuzhou)
  • Upgrade go-autorest to v11.1.2 (#77070, @feiskyer)
  • Fixes a bug where dry-run is not honored for pod/eviction sub-resource. (#76969, @apelisse)
  • Reduce event spam for AttachVolume storage operation (#75986, @mucahitkurt)
  • Report cp errors consistently (#77010, @soltysh)
  • specify azure file share name in azure file plugin (#76988, @andyzhangx)
  • Migrate oom watcher not relying on cAdviosr's API any more (#74942, @WanLinghao)
  • Validating admission webhooks are now properly called for CREATE operations on the following resources: tokenreviews, subjectaccessreviews, localsubjectaccessreviews, selfsubjectaccessreviews, selfsubjectrulesreviews (#76959, @sbezverk)
  • Fix OpenID Connect (OIDC) token refresh when the client secret contains a special character. (#76914, @tsuna)
  • kubeadm: Improve resiliency when it comes to updating the kubeadm-config config map upon new control plane joins or resets. This allows for safe multiple control plane joins and/or resets. (#76821, @ereslibre)
  • Validating admission webhooks are now properly called for CREATE operations on the following resources: pods/binding, pods/eviction, bindings (#76910, @liggitt)
  • Default TTL for DNS records in kubernetes zone is changed from 5s to 30s to keep consistent with old dnsmasq based kube-dns. The TTL can be customized with command kubectl edit -n kube-system configmap/coredns. (#76238, @Dieken)
  • Fixed a kubemark panic when hollow-node is morphed as proxy. (#76848, @Huang-Wei)
  • k8s-dns-node-cache image version v1.15.1 (#76640, @george-angel)
  • GCE/Windows: add support for stackdriver logging agent (#76850, @yujuhong)
  • Admission webhooks are now properly called for scale and deployments/rollback subresources (#76849, @liggitt)
  • Switch to instance-level update APIs for Azure VMSS loadbalancer operations (#76656, @feiskyer)
  • kubeadm: kubeadm alpha cert renew now ignores certificates signed by external CAs (#76865, @fabriziopandini)
  • Update to use go 1.12.4 (#76576, @cblecker)
  • [metrics-server addon] Restore connecting to nodes via IP addresses (#76819, @serathius)
  • fix detach azure disk back off issue which has too big lock in failure retry condition (#76573, @andyzhangx)
  • Updated klog to 0.3.0 (#76474, @vincepri)
  • kube-up.sh no longer supports "centos" and "local" providers (#76711, @dims)
  • Ensure the backend pools are set correctly for Azure SLB with multiple backend pools (e.g. outbound rules) (#76691, @feiskyer)
  • Windows nodes on GCE use a known-working 1809 image rather than the latest 1809 image. (#76722, @pjh)
  • The userspace proxy now respects the IPTables proxy's minSyncInterval parameter. (#71735, @dcbw)
  • Kubeadm will now include the missing certificate key if it is unable to find an expected key during kubeadm join when used with the --experimental-control-plane flow (#76636, @mdaniel)

v1.15.0-alpha.1

Documentation

Downloads for v1.15.0-alpha.1

filename sha512 hash
kubernetes.tar.gz e07246d1811bfcaf092a3244f94e4bcbfd050756aea1b56e8af54e9c016c16c9211ddeaaa08b8b398e823895dd7a8fc757e5674e11a86f1edc6f718b837cfe0c
kubernetes-src.tar.gz ebd902a1cfdde0d9a0062f3f21732eed76eb123da04a25f9f5c7cfce8a2926dc8331e6028c3cd27aa84aaa0bf069422a0a0b0a61e6e5f48be7fe4934e1e786fc

Client Binaries

filename sha512 hash
kubernetes-client-darwin-386.tar.gz 88ce20f3c1f914aebca3439b3f4b642c9c371970945a25e623730826168ebadc53706ac6f4422ea4295de86c7c6bff14ec96ad3cc8ae52d9920ecbdc9dab1729
kubernetes-client-darwin-amd64.tar.gz a5c1a43c7e3dbb27c1a4c7e4111596331887206f768072e3fb7671075c11f2ed7c26873eef291c048415247845e86ff58aa9946a89c4aede5d847677e871ccd5
kubernetes-client-linux-386.tar.gz cf7513ab821cd0c979b1421034ce50e9bc0f347c184551cf4a9b6beab06588adda19f1b53b073525c0e73b5961beb5c1fab913c040c911acaa36496e4386a70d
kubernetes-client-linux-amd64.tar.gz 964296e9289e12bc02ec05fb5ca9e6766654f81e1885989f8185ee8b47573ae07731e8b3cb69742b58ab1e795df8e47fd110d3226057a4c56a9ebeae162f8b35
kubernetes-client-linux-arm.tar.gz 3480209c2112315d81e9ac22bc2a5961a805621b82ad80dc04c7044b7a8d63b3515f77ebdfad632555468b784bab92d018aeb92c42e8b382d0ce9f358f397514
kubernetes-client-linux-arm64.tar.gz be7d5bb5fddfbbe95d32b354b6ed26831b1afc406dc78e9188eae3d957991ea4ceb04b434d729891d017081816125c61ea67ac10ce82773e25edb9f45b39f2d3
kubernetes-client-linux-ppc64le.tar.gz bfaeb3b8b0b2e2dde8900cd2910786cb68804ad7d173b6b52c15400041d7e8db30ff601a7de6a789a8788100eda496f0ff6d5cdcabef775d4b09117e002fe758
kubernetes-client-linux-s390x.tar.gz 653c99e3171f74e52903ac9101cf8280a5e9d82969c53e9d481a72e0cb5b4a22951f88305545c0916ba958ca609c39c249200780fed3f9bf88fa0b2d2438259c
kubernetes-client-windows-386.tar.gz 9b2862996eadf4e97d890f21bd4392beca80e356c7f94abaf5968b4ea3c2485f3391c89ce331c1de69ff9380de0c0b7be8635b079c79181e046b854b4c2530e6
kubernetes-client-windows-amd64.tar.gz 97d87fcbc0cd821b3ca5ebfbda0b38fdc9c5a5ec58e521936163fead936995c6b26b0f05b711fbc3d61315848b6733778cb025a34de837321cf2bb0a1cca76d0

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz ffa2db2c39676e39535bcee3f41f4d178b239ca834c1aa6aafb75fb58cc5909ab94b712f2be6c0daa27ff249de6e31640fb4e5cdc7bdae82fc5dd2ad9f659518
kubernetes-server-linux-arm.tar.gz a526cf7009fec5cd43da693127668006d3d6c4ebfb719e8c5b9b78bd5ad34887d337f25b309693bf844eedcc77c972c5981475ed3c00537d638985c6d6af71de
kubernetes-server-linux-arm64.tar.gz 4f9c8f85eebbf9f0023c9311560b7576cb5f4d2eac491e38aa4050c82b34f6a09b3702b3d8c1d7737d0f27fd2df82e8b0db5ab4600ca51efd5bd21ac38049062
kubernetes-server-linux-ppc64le.tar.gz bf95f15c3edd9a7f6c2911eedd55655a60da288c9df3fed4c5b2b7cc11d5e1da063546a44268d6c3cb7d48c48d566a0776b2536f847507bcbcd419dcc8643f49
kubernetes-server-linux-s390x.tar.gz a2588d8b3df5f7599cd84635e5772f9ba2c665287c54a6167784bb284eb09fb0e518e9acb0e295e18a77d48cc354c8918751b63f82504177a0b1838e9e89dfd3

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz b4e9faadd0e03d3d89de496b5248547b159a7fe0c26319d898a448f3da80eb7d7d346494ca52634e89850fbb8b2db1f996bc8e7efca6cff1d26370a77b669967
kubernetes-node-linux-arm.tar.gz bf6db10d15a97ae39e2fcdf32c11c6cd8afcd254dc2fbc1fc00c5c74d6179f4ed74c973f221b0f41a29ad2e7d03e5fdebf1ab927ca2e2dea010e7519badf39a9
kubernetes-node-linux-arm64.tar.gz e89b95a23e36164b10510492841d7d140a9bd1799846f4ee1e8fbd74e8f6c512093a412edfb93bd68da10718ccdbe826f4b6ffa80e868461e7b7880c1cc44346
kubernetes-node-linux-ppc64le.tar.gz 47f47c8b7fafc7d6ed0e55308ccb2a3b289e174d763c4a6415b7f1b7d2b81e4ee090a4c361eadd7cb9dd774638d0f0ad45d271ab21cc230a1b8564f06d9edae8
kubernetes-node-linux-s390x.tar.gz 8a0af4be530008bc8f120cd82ec592d08b09a85a2a558c10d712ff44867c4ef3369b3e4e2f5a5d0c2fa375c337472b1b2e67b01ef3615eb174d36fbfd80ec2ff
kubernetes-node-windows-amd64.tar.gz f48886bf8f965572b78baf9e02417a56fab31870124240cac02809615caa0bc9be214d182e041fc142240f83500fe69c063d807cbe5566e9d8b64854ca39104b

Changelog since v1.14.0

Action Required

  • client-go: The rest.AnonymousClientConfig(*rest.Config) *rest.Config helper method no longer copies custom Transport and WrapTransport fields, because those can be used to inject user credentials. (#75771, @liggitt)
  • ACTION REQUIRED: The Node.Status.Volumes.Attached.DevicePath field is now unset for CSI volumes. Update any external controllers that depend on this field. (#75799, @msau42)

Other notable changes

  • Remove the function Parallelize, please convert to use the function ParallelizeUntil. (#76595, @danielqsj)
  • StorageObjectInUseProtection admission plugin is additionally enabled by default. (#74610, @oomichi)
    • So default enabled admission plugins are now NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,StorageObjectInUseProtection. Please note that if you previously had not set the --admission-control flag, your cluster behavior may change (to be more standard).
  • Juju provider source moved to the Charmed Kubernetes org (#76628, @kwmonroe)
  • improve kubectl auth can-i command by warning users when they try access resource out of scope (#76014, @WanLinghao)
  • Introduce API for watch bookmark events. (#74074, @wojtek-t)
    • Introduce Alpha field AllowWatchBookmarks in ListOptions for requesting watch bookmarks from apiserver. The implementation in apiserver is hidden behind feature gate WatchBookmark (currently in Alpha stage).
  • Override protocol between etcd server and kube-apiserver on master with HTTPS instead HTTP when mTLS is enabled in GCE (#74690, @wenjiaswe)
  • Fix issue in Portworx volume driver causing controller manager to crash (#76341, @harsh-px)
  • kubeadm: Fix a bug where if couple of CRIs are installed a user override of the CRI during join (via kubeadm join --cri-socket ...) is ignored and kubeadm bails out with an error (#76505, @rosti)
  • UpdateContainerResources is no longer recorded as a container_status operation. It now uses the label update_container (#75278, @Nessex)
  • Bump metrics-server to v0.3.2 (#76437, @brett-elliott)
  • The kubelet's /spec endpoint no longer provides cloud provider information (cloud_provider, instance_type, instance_id). (#76291, @dims)
  • Change kubelet probe metrics to counter type. (#76074, @danielqsj)
    • The metrics prober_probe_result is replaced by prober_probe_total.
  • Reduce GCE log rotation check from 1 hour to every 5 minutes. Rotation policy is unchanged (new day starts, log file size > 100MB). (#76352, @jpbetz)
  • Add ListPager.EachListItem utility function to client-go to enable incremental processing of chunked list responses (#75849, @jpbetz)
  • Added CNI_VERSION and CNI_SHA1 environment variables in kube-up.sh to configure CNI versions on GCE. (#76353, @Random-Liu)
  • Update cri-tools to v1.14.0 (#75658, @feiskyer)
  • 2X performance improvement on both required and preferred PodAffinity. (#76243, @Huang-Wei)
  • scheduler: add metrics to record number of pending pods in different queues (#75501, @Huang-Wei)
  • Create a new kubectl rollout restart command that does a rolling restart of a deployment. (#76062, @apelisse)
    • Added port configuration to Admission webhook configuration service reference. (#74855, @mbohlool)
        • Added port configuration to AuditSink webhook configuration service reference.
        • Added port configuration to CRD Conversion webhook configuration service reference.
        • Added port configuration to kube-aggregator service reference.
  • kubectl get -w now prints custom resource definitions with custom print columns (#76161, @liggitt)
  • Fixes bug in DaemonSetController causing it to stop processing some DaemonSets for 5 minutes after node removal. (#76060, @krzysztof-jastrzebski)
  • no (#75820, @YoubingLi)
  • Use stdlib to log stack trace when a panic occurs (#75853, @roycaihw)
  • Fixes a NPD bug on GCI, so that it disables glog writing to files for log-counter (#76211, @wangzhen127)
  • Tolerations with the same key and effect will be merged into one which has the value of the latest toleration for best effort pods. (#75985, @ravisantoshgudimetla)
  • Fix empty array expansion error in cluster/gce/util.sh (#76111, @kewu1992)
  • kube-proxy no longer automatically cleans up network rules created by running kube-proxy in other modes. If you are switching the mode that kube-proxy is in running in (EG: iptables to IPVS), you will need to run kube-proxy --cleanup, or restart the worker node (recommended) before restarting kube-proxy. (#76109, @vllry)
    • If you are not switching kube-proxy between different modes, this change should not require any action.
  • Adds a new "storage_operation_status_count" metric for kube-controller-manager and kubelet to count success and error statues. (#75750, @msau42)
  • GCE/Windows: disable stackdriver logging agent to prevent node startup failures (#76099, @yujuhong)
  • StatefulSet controllers no longer force a resync every 30 seconds when nothing has changed. (#75622, @jonsabo)
  • Ensures the conformance test image saves results before exiting when ginkgo returns non-zero value. (#76039, @johnSchnake)
  • Add --image-repository flag to "kubeadm config images". (#75866, @jmkeyes)
  • Paginate requests from the kube-apiserver watch cache to etcd in chunks. (#75389, @jpbetz)
    • Paginate reflector init and resync List calls that are not served by watch cache.
  • k8s.io/kubernetes and published components (like k8s.io/client-go and k8s.io/api) now publish go module files containing dependency version information. See http://git.k8s.io/client-go/INSTALL.md#go-modules for details on consuming k8s.io/client-go using go modules. (#74877, @liggitt)
  • give users the option to suppress detailed output in integration test (#76063, @Huang-Wei)
  • CSI alpha CRDs have been removed (#75747, @msau42)
  • Fixes a regression proxying responses from aggregated API servers which could cause watch requests to hang until the first event was received (#75887, @liggitt)
  • Support specify the Resource Group of Route Table when update Pod network route (Azure) (#75580, @suker200)
  • Support parsing more v1.Taint forms. key:effect, key=:effect- are now accepted. (#74159, @dlipovetsky)
  • Resource list requests for PartialObjectMetadata now correctly return list metadata like the resourceVersion and the continue token. (#75971, @smarterclayton)
  • StubDomains and Upstreamnameserver which contains a service name will be omitted while translating to the equivalent CoreDNS config. (#75969, @rajansandeep)
  • Count PVCs that are unbound towards attach limit (#73863, @gnufied)
  • Increased verbose level for local openapi aggregation logs to avoid flooding the log during normal operation (#75781, @roycaihw)
  • In the 'kubectl describe' output, the fields with names containing special characters are displayed as-is without any pretty formatting. (#75483, @gsadhani)
  • Support both JSON and YAML for scheduler configuration. (#75857, @danielqsj)
  • kubeadm: fix "upgrade plan" not defaulting to a "stable" version if no version argument is passed (#75900, @neolit123)
  • clean up func podTimestamp in queue (#75754, @denkensk)
  • The AWS credential provider can now obtain ECR credentials even without the AWS cloud provider or being on an EC2 instance. Additionally, AWS credential provider caching has been improved to honor the ECR credential timeout. (#75587, @tiffanyfay)
  • Add completed job status in Cronjob event. (#75712, @danielqsj)
  • kubeadm: implement deletion of multiple bootstrap tokens at once (#75646, @bart0sh)
  • GCE Windows nodes will rely solely on kubernetes and kube-proxy (and not the GCE agent) for network address management. (#75855, @pjh)
  • kubeadm: preflight checks on external etcd certificates are now skipped when joining a control-plane node with automatic copy of cluster certificates (--certificate-key) (#75847, @fabriziopandini)
  • [stackdriver addon] Bump prometheus-to-sd to v0.5.0 to pick up security fixes. (#75362, @serathius)
    • [fluentd-gcp addon] Bump fluentd-gcp-scaler to v0.5.1 to pick up security fixes.
    • [fluentd-gcp addon] Bump event-exporter to v0.2.4 to pick up security fixes.
    • [fluentd-gcp addon] Bump prometheus-to-sd to v0.5.0 to pick up security fixes.
    • [metatada-proxy addon] Bump prometheus-to-sd v0.5.0 to pick up security fixes.
  • Support describe pod with inline csi volumes (#75513, @cwdsuzhou)
  • Object count quota is now supported for namespaced custom resources using the count/. syntax. (#72384, @zhouhaibing089)
  • In case kubeadm can't access the current Kubernetes version remotely and fails to parse (#72454, @rojkov)
    • the git-based version it falls back to a static predefined value of
    • k8s.io/kubernetes/cmd/kubeadm/app/constants.CurrentKubernetesVersion.
  • Fixed a potential deadlock in resource quota controller (#74747, @liggitt) * Enabled recording partial usage info for quota objects specifying multiple resources, when only some of the resources' usage can be determined.
  • CRI API will now be available in the kubernetes/cri-api repository (#75531, @dims)
  • Support vSphere SAML token auth when using Zones (#75515, @dougm)
  • Transition service account controller clients to TokenRequest API (#72179, @WanLinghao)
  • kubeadm: reimplemented IPVS Proxy check that produced confusing warning message. (#75036, @bart0sh)
  • Allow to read OpenStack user credentials from a secret instead of a local config file. (#75062, @Fedosin)
  • watch can now be enabled for events using the flag --watch-cache-sizes on kube-apiserver (#74321, @yastij)
  • kubeadm: Support for deprecated old kubeadm v1alpha3 config is totally removed. (#75179, @rosti)
  • The Kubelet now properly requests protobuf objects where they are (#75602, @smarterclayton)
    • supported from the apiserver, reducing load in large clusters.
  • Add name validation for dynamic client methods in client-go (#75072, @lblackstone)
  • Users may now execute get-kube-binaries.sh to request a client for an OS/Arch unlike the one of the host on which the script is invoked. (#74889, @akutz)
  • Move config local to controllers in kube-controller-manager (#72800, @stewart-yu)
  • Fix some potential deadlocks and file descriptor leaking for inotify watches. (#75376, @cpuguy83)
  • [IPVS] Introduces flag ipvs-strict-arp to configure stricter ARP sysctls, defaulting to false to preserve existing behaviors. This was enabled by default in 1.13.0, which impacted a few CNI plugins. (#75295, @lbernail)
  • [IPVS] Allow for transparent kube-proxy restarts (#75283, @lbernail)
  • Replace *_admission_latencies_milliseconds_summary and *_admission_latencies_milliseconds metrics due to reporting wrong unit (was labelled milliseconds, but reported seconds), and multiple naming guideline violations (units should be in base units and "duration" is the best practice labelling to measure the time a request takes). Please convert to use *_admission_duration_seconds and *_admission_duration_seconds_summary, these now report the unit as described, and follow the instrumentation best practices. (#75279, @danielqsj)
  • Reset exponential backoff when storage operation changes (#75213, @gnufied)
  • Watch will now support converting response objects into Table or PartialObjectMetadata forms. (#71548, @smarterclayton)
  • N/A (#74974, @goodluckbot)
  • kubeadm: fix the machine readability of "kubeadm token create --print-join-command" (#75487, @displague)
  • Update Cluster Autoscaler to 1.14.0; changelog: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.14.0 (#75480, @losipiuk)