Skip to content

Files

Latest commit

 

History

History
1431 lines (1125 loc) · 134 KB

CHANGELOG-1.4.md

File metadata and controls

1431 lines (1125 loc) · 134 KB

v1.4.12

Documentation & Examples

Downloads for v1.4.12

filename sha256 hash
kubernetes.tar.gz f0d7ca7e1c92174c900d49087347d043b817eb589803eacc7727a84df9280ed2
kubernetes-src.tar.gz 251835f258d79f186d8c715b18f2ccb93312270b35c22434b4ff27bc1de50eda

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz e91c76b6281fe7b488f2f30aeaeecde58a6df1a0e23f6c431b6dc9d1adc1ff1a
kubernetes-client-darwin-amd64.tar.gz 4504bc965bd1b5bcea91d18c3a879252026796fdd251b72e3541499c65ac20e0
kubernetes-client-linux-386.tar.gz adf1f939db2da0b87bca876d9bee69e0d6bf4ca4a78e64195e9a08960e5ef010
kubernetes-client-linux-amd64.tar.gz 5419bdbba8144b55bf7bf2af1aefa531e25279f31a02d692f19b505862d0204f
kubernetes-client-linux-arm64.tar.gz 98ae30ac2e447b9e3c2768cac6861de5368d80cbd2db1983697c5436a2a2fe75
kubernetes-client-linux-arm.tar.gz ed8e9901c130aebfd295a6016cccb123ee42d826619815250a6add2d03942c69
kubernetes-client-windows-386.tar.gz bdca3096bed1a4c485942ab1d3f9351f5de00962058adefbb5297d50071461d4
kubernetes-client-windows-amd64.tar.gz a74934eca20dd2e753d385ddca912e76dafbfff2a65e3e3a1ec3c5c40fd92bc8

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz bf8aa3e2e204c1f782645f7df9338767daab7be3ab47a4670e2df08ee410ee7f
kubernetes-server-linux-arm64.tar.gz 7c5cfe06fe1fcfe11bd754921e88582d16887aacb6cee0eb82573c88debce65e
kubernetes-server-linux-arm.tar.gz 551c2bc2e3d1c0b8fa30cc0b0c8fae1acf561b5e303e9ddaf647e49239a97e6e

Node Binaries

filename sha256 hash
kubernetes-node*.tar.gz ``

Changelog since v1.4.9

Other notable changes

  • kube-apiserver now drops unneeded path information if an older version of Windows kubectl sends it. (#44586, @mml)
  • Bump gcr.io/google_containers/glbc from 0.8.0 to 0.9.2. Release notes: 0.9.0, 0.9.1, 0.9.2 (#43098, @timstclair)
  • Patch CVE-2016-8859 in alpine based images: (#42937, @timstclair)
      • gcr.io/google-containers/etcd-empty-dir-cleanup
      • gcr.io/google-containers/kube-dnsmasq-amd64
  • Check if pathExists before performing Unmount (#39311, @rkouj)
  • Unmount operation should not fail if volume is already unmounted (#38547, @rkouj)
  • Updates base image used for kube-addon-manager to latest python:2.7-slim and embedded kubectl to v1.3.10. No functionality changes expected. (#42842, @ixdy)
  • list-resources: don't fail if the grep fails to match any resources (#41933, @ixdy)
  • Update gcr.io/google-containers/rescheduler to v0.2.2, which uses busybox as a base image instead of ubuntu. (#41911, @ixdy)
  • Backporting TPR fix to 1.4 (#42380, @foxish)
  • Fix AWS device allocator to only use valid device names (#41455, @gnufied)
  • Reverts to looking up the current VM in vSphere using the machine's UUID, either obtained via sysfs or via the vm-uuid parameter in the cloud configuration file. (#40892, @robdaemon)
  • We change the default attach_detach_controller sync period to 1 minute to reduce the query frequency through cloud provider to check whether volumes are attached or not. (#41363, @jingxu97)
  • Bump GCI to gci-stable-56-9000-84-2: Fixed google-accounts-daemon breaks on GCI when network is unavailable. Fixed iptables-restore performance regression. (#41831, @freehan)
  • Update fluentd-gcp addon to 1.25.2 (#41863, @ixdy)
  • Bump GCE ContainerVM to container-vm-v20170214 to address CVE-2016-9962. (#41449, @zmerlynn)

v1.4.9

Documentation & Examples

Downloads for v1.4.9

filename sha256 hash
kubernetes.tar.gz 9d385d555073c7cf509a92ce3aa96d0414a93c21c51bcf020744c70b4b290aa2
kubernetes-src.tar.gz 6fd7d33775356f0245d06b401ac74d8227a92abd07cc5a0ef362bac16e01f011

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 16b362f3cf56dee7b0c291188767222fd65176ed9573a8b87e8acf7eb6b22ed9
kubernetes-client-darwin-amd64.tar.gz 537e5c5d8a9148cd464f5d6d0a796e214add04c185b859ea9e39a4cc7264394c
kubernetes-client-linux-386.tar.gz e9d2e55b42e002771c32d9f26e8eb0b65c257ea257e8ab19f7fd928f21caace8
kubernetes-client-linux-amd64.tar.gz 1ba81d64d1ae165b73375d61d364c642068385d6a1d68196d90e42a8d0fd6c7d
kubernetes-client-linux-arm64.tar.gz d0398d2b11ed591575adde3ce9e1ad877fe37b8b56bd2be5b2aee344a35db330
kubernetes-client-linux-arm.tar.gz 714b06319bf047084514803531edab6a0a262c5f38a0d0bfda0a8e59672595b6
kubernetes-client-windows-386.tar.gz 16a7224313889d2f98a7d072f328198790531fd0e724eaeeccffe82521ae63b8
kubernetes-client-windows-amd64.tar.gz dc19651287701ea6dcbd7b4949db2331468f730e8ebe951de1216f1105761d97

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 6a104d143f8568a8ce16c979d1cb2eb357263d96ab43bd399b05d28f8da2b961
kubernetes-server-linux-arm64.tar.gz 8137ecde19574e6aba0cd9efe127f3b3eb02c312d7691745df3a23e40b7a5d72
kubernetes-server-linux-arm.tar.gz 085195abeb9133cb43f0e6198e638ded7f15beca44d19503c2836339a7e604aa

Changelog since v1.4.8

Other notable changes

  • Bump GCE ContainerVM to container-vm-v20170201 to address CVE-2016-9962. (#40828, @zmerlynn)
  • Bump GCI to gci-beta-56-9000-80-0 (#41027, @dchen1107)
  • Fix for detach volume when node is not present/ powered off (#40118, @BaluDontu)
  • Bump GCI to gci-beta-56-9000-80-0 (#41027, @dchen1107)
  • Move b.gcr.io/k8s_authenticated_test to gcr.io/k8s-authenticated-test (#40335, @zmerlynn)
  • Prep node_e2e for GCI to COS name change (#41088, @jessfraz)
  • If ExperimentalCriticalPodAnnotation=True flag gate is set, kubelet will ensure that pods with scheduler.alpha.kubernetes.io/critical-pod annotation will be admitted even under resource pressure, will not be evicted, and are reasonably protected from system OOMs. (#41052, @vishh)
  • Fix resync goroutine leak in ListAndWatch (#35672, @tatsuhiro-t)
  • Kubelet will no longer set hairpin mode on every interface on the machine when an error occurs in setting up hairpin for a specific interface. (#36990, @bboreham)
  • Bump GCE ContainerVM to container-vm-v20170201 to address CVE-2016-9962. (#40828, @zmerlynn)
  • Adding vmdk file extension for vmDiskPath in vsphere DeleteVolume (#40538, @divyenpatel)
  • Prevent hotloops on error conditions, which could fill up the disk faster than log rotation can free space. (#40497, @lavalamp)
  • Update GCE ContainerVM deployment to container-vm-v20170117 to pick up CVE fixes in base image. (#40094, @zmerlynn)
  • Update kube-proxy image to be based off of Debian 8.6 base image. (#39695, @ixdy)
  • Update amd64 kube-proxy base image to debian-iptables-amd64:v5 (#39725, @ixdy)

v1.4.8

Documentation & Examples

Downloads for v1.4.8

filename sha256 hash
kubernetes.tar.gz 888d2e6c5136e8805805498729a1da55cf89addfd28f098e0d2cf3f28697ab5c
kubernetes-src.tar.gz 0992c3f4f4cb21011fea32187c909babc1a3806f35cec86aacfe9c3d8bef2485

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 8b1c9931544b7b42df64ea98e0d8e1430d09eea3c9f78309834e4e18b091dc18
kubernetes-client-darwin-amd64.tar.gz a306a687979013b8a27acae244d000de9a77f73714ccf96510ecf0398d677051
kubernetes-client-linux-386.tar.gz 81fc5e1b5aba4e0aead37c82c7e45891c4493c7df51da5200f83462b6f7ad98f
kubernetes-client-linux-amd64.tar.gz 704a5f8424190406821b69283f802ade95e39944efcce10bcaf4bd7b3183abc4
kubernetes-client-linux-arm64.tar.gz 7f3e5e8dadb51257afa8650bcd3db3e8f3bc60e767c1a13d946b88fa8625a326
kubernetes-client-linux-arm.tar.gz 461d359067cd90542ce2ceb46a4b2ec9d92dd8fd1e7d21a9d9f469c98f446e56
kubernetes-client-windows-386.tar.gz 894a9c8667e4c4942cb25ac32d10c4f6de8477c6bbbad94e9e6f47121151f5df
kubernetes-client-windows-amd64.tar.gz b2bd4afdd3eaea305c03b94b0864c5622abf19113c6794dedff4ad85327fda01

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz c3dc0e26c00bbe40bd19f61d2d7faeaa56384355c58a0efc4227a360b3eb2da2
kubernetes-server-linux-arm64.tar.gz 745d7ba03bb9c6b57a5a36b389f6467a0707f0a1476d7536ad47417c853eeffd
kubernetes-server-linux-arm.tar.gz dc21f9c659f1d762cad9d0cce0a32146c11cd0d41c58eb2dcbfb0c9f9707349f

Changelog since v1.4.7

Other notable changes

v1.4.7

Documentation & Examples

Downloads for v1.4.7

filename sha256 hash
kubernetes.tar.gz d193f76e70322010b3e86ac61c7a893175f9e62d37bece87cfd14ea068c8d187
kubernetes-src.tar.gz 7c7ef45e903ed2691c73bb2752805f190b4042ba233a6260f2cdeab7d0ac9bd3

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz a5a3ec9f5270156cf507b4c6bf2d08da67062a2ed9cb5f21e8891f2fd83f438a
kubernetes-client-darwin-amd64.tar.gz e5328781640b19e86b59aa8afd665dd21999c6740acbee8332cfa20745d6a5ce
kubernetes-client-linux-386.tar.gz 61082afc6aee2dc5bbd35bfda2e5991bd9f9730192f1c9396b6db500fc64e121
kubernetes-client-linux-amd64.tar.gz 36232c9e21298f5f53dbf4851520a8cc53a2d6b6d2be8810cf5258a067570314
kubernetes-client-linux-arm64.tar.gz 802d0c5e7bb55dacdd19afe73ed71d0726960ec9933c49e77051df7e2594790b
kubernetes-client-linux-arm.tar.gz f42d8d2d918b31564d12d742bce2263df0c93807619bd03194028ff2714f1a17
kubernetes-client-windows-386.tar.gz b45dcdfe0ba0177fad5419b4fd6b5b80bf9bca0e56e7fe19d2bc217c9aae1f9d
kubernetes-client-windows-amd64.tar.gz ae4666aea8fa74ef1cce746d1d90cbadc972850560b65a8eeff4417fdede6b4e

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 56e01e9788d1ef0499b1783768022cb188b5bb840d1499a62e9f0a18c2bd2bd5
kubernetes-server-linux-arm64.tar.gz 6654ef3c142694a79ec2596929ceec36a399407e1fb74b09be1a67c59b30ca42
kubernetes-server-linux-arm.tar.gz b10e78286dea804d69311e3805c35f5414b0669094edec7a2e0ba99170a5d04a

Changelog since v1.4.6

Other notable changes

v1.4.6

Documentation & Examples

Downloads for v1.4.6

filename sha256 hash
kubernetes.tar.gz 6f8242aa29493e1f824997748419e4a287c28b06ed13f17b1ba94bf07fdfa3be
kubernetes-src.tar.gz a2a2d885d246300b52adb5d7e1471b382c77d90a816618518c2a6e9941208e40

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 4db6349c976f893d0000dcb5b2ab09327824d0c38b3beab961711a0951cdfc82
kubernetes-client-darwin-amd64.tar.gz 2d31dea858569f518410effb20d3c3b9a6798d706dacbafd85f1f67f9ccbe288
kubernetes-client-linux-386.tar.gz 7980cf6132a7a6bf3816b8fd60d7bc1c9cb447d45196c31312b9d73567010909
kubernetes-client-linux-amd64.tar.gz 95b3cbd339f7d104d5b69b08d53060bfc78bd4ee7a94ede7ba4c0a76b615f8b1
kubernetes-client-linux-arm64.tar.gz 0f03cff262b0f4cc218b0f79294b4cbd8f92146c31137c75a27012d956864c79
kubernetes-client-linux-arm.tar.gz f8c76fe8c41a5084cc1a1ab3e08d7e2d815f7baedfadac0dc6f9157ed2c607c9
kubernetes-client-windows-386.tar.gz c29b3c8c8a72246852db048e922ad2221f35e1c309571f73fd9f3d9b01be5f79
kubernetes-client-windows-amd64.tar.gz 95bf20bdbe354476bbd3647adf72985698ded53a59819baa8268b5811e19f952

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz f0a60c45f3360696431288826e56df3b8c18c1dc6fc3f0ea83409f970395e38f
kubernetes-server-linux-arm64.tar.gz 8c667d4792fcfee821a2041e5d0356e1abc2b3fa6fe7b69c5479e48c858ba29c
kubernetes-server-linux-arm.tar.gz c57246d484b5f98d6aa16591f2b4c4c1a01ebbc7be05bce8690a4f3b88582844

Changelog since v1.4.5

Other notable changes

  gci-beta-55-8872-47-0:
  Date:           Nov 11, 2016
  Kernel:         ChromiumOS-4.4
  Kubernetes:     v1.4.5
  Docker:         v1.11.2
  Changelog (vs 55-8872-18-0)
    * Cherry-pick runc PR#608: Eliminate redundant parsing of mountinfo
    * Updated kubernetes to v1.4.5
    * Fixed a bug in e2fsprogs that caused mke2fs to take a very long time. Upstream fix: http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=next&id=d33e690fe7a6cbeb51349d9f2c7fb16a6ebec9c2
  • Fix fetching pids running in a cgroup, which caused problems with OOM score adjustments & setting the /system cgroup ("misc" in the summary API). (#36614, @timstclair)
  • DELETE requests can now pass in their DeleteOptions as a query parameter or a body parameter, rather than just as a body parameter. (#35806, @bdbauer)
  • rkt: Convert image name to be a valid acidentifier (#34375, @euank)
  • Remove stale volumes if endpoint/svc creation fails. (#35285, @humblec)
  • Remove Job also from .status.active for Replace strategy (#35420, @soltysh)
  • Update PodAntiAffinity to ignore calls to subresources (#35608, @soltysh)
  • Adds TCPCloseWaitTimeout option to kube-proxy for sysctl nf_conntrack_tcp_timeout_time_wait (#35919, @bowei)
  • Fix how we iterate over active jobs when removing them for Replace policy (#36161, @soltysh)
  • Bump GCI version to latest m55 version in GCE for K8s 1.4 (#36302, @mtaufen)
  • Add a check for file size if the reading content returns empty (#33976, @jingxu97)
  • Add a retry when reading a file content from a container (#35560, @jingxu97)
  • Skip CLOSE_WAIT e2e test if server is 1.4.5 (#36404, @bowei)
  • Adds etcd3 changes (#36232, @wojtek-t)
  • Adds TCPCloseWaitTimeout option to kube-proxy for sysctl nf_conntrack_tcp_timeout_time_wait (#36099, @bowei)

v1.4.5

Documentation & Examples

Downloads for v1.4.5

filename sha256 hash
kubernetes.tar.gz 339f4d1c7a374ddb32334268c4af8dae0b86d1567a9c812087d672a7defe233c
kubernetes-src.tar.gz 69b1b022400794d491200a9365ea9bf735567348d0299920462cf7167c76ba61

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 6012dab54687f7eb41ce9cd6b4676e15b774fbfbeadb7e00c806ba3f63fe10ce
kubernetes-client-darwin-amd64.tar.gz 981b321f4393fc9892c6558321e1d8ee6d8256b85f09266c8794fdcee9cb1c07
kubernetes-client-linux-386.tar.gz 75ce408ef9f4b277718701c025955cd628eeee4180d8e9e7fd8ecf008878429f
kubernetes-client-linux-amd64.tar.gz 0c0768d7646cec490ca1e47a4e2f519724fc75d984d411aa92fe17a82356532b
kubernetes-client-linux-arm64.tar.gz 910a6465b1ecbf1aae8f6cd16e35ac7ad7b0e598557941937d02d16520e2e37c
kubernetes-client-linux-arm.tar.gz 29644cca627cdce6c7aad057d9680eee87d21b1bbd6af02f7277f24eccbc95f7
kubernetes-client-windows-386.tar.gz dc249cc0f6cbb0e0705f7b43929461b6702ae91148218da070bb99e8a8f6f108
kubernetes-client-windows-amd64.tar.gz d60d275ad5f45ebe83a458912de96fd8381540d4bcf91023fe2173af6acd535b

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 25e12aaf3f93c320f6aa640bb1430d4c0e99e3b0e83bcef660d2a513bdef2c20
kubernetes-server-linux-arm64.tar.gz e768146c9476b96f092409030349b4c5bb9682287567fe2732888ad5ed1d3ede
kubernetes-server-linux-arm.tar.gz 26581dc0fc31542c831a588baad9ad391598e5b2ff299a0fc92a2c04990b3edd

Changelog since v1.4.4

Other notable changes

v1.4.4

Documentation & Examples

Downloads for v1.4.4

filename sha256 hash
kubernetes.tar.gz 2732bfc56ceabc872b6af3f460cbda68c2384c95a1c0c72eb33e5ff0e03dc9da
kubernetes-src.tar.gz 29c6cf1567e6b7f6c3ecb71acead083b7535b22ac20bd8166b29074e8a0f6441

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz e983b1837e4165e4bc8e361000468421f16dbd5ae90b0c49af6280dbcecf57b1
kubernetes-client-darwin-amd64.tar.gz 8c58231c8340e546336b70d86b6a76285b9f7a0c13b802b350b68610dfaedb35
kubernetes-client-linux-386.tar.gz 33e5d2da52325367db08bcc80791cef2e21fdae176b496b063b3a37115f3f075
kubernetes-client-linux-amd64.tar.gz 5fd6215ef0673f5a8e385660cf233d67d26dd79568c69e2328b103fbf1bd752a
kubernetes-client-linux-arm64.tar.gz 2d6d0400cd59b042e2da074cbd3b13b9dc61da1dbba04468d67119294cf72435
kubernetes-client-linux-arm.tar.gz ff99f26082a77e37caa66aa07ec56bfc7963e6ac782550be5090a8b158f7e89a
kubernetes-client-windows-386.tar.gz 82e762727a8f607180a1e339e058cc9739ad55960d3517c5170bcd5b64179f13
kubernetes-client-windows-amd64.tar.gz 4de735ba72c729589efbcd2b8fc4920786fffd96850173c13cbf469819d00808

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 6d5ff37941328df33c0efc5876bb7b82722bc584f1976fe632915db7bf3f316a
kubernetes-server-linux-arm64.tar.gz 6ec40848ea29c0982b89c746d716b0958438a6eb774aea20a5ef7885a7060aed
kubernetes-server-linux-arm.tar.gz 43d6a3260d73cfe652af2ffa7b7092444fe57429cb45e90eb99f0a70012ee033

Changelog since v1.4.3

Other notable changes

v1.4.3

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz c3dccccc005bc22eaf814ccb8e72b4f876167ab38ac594bb7e44c98f162a0f1c

Changelog since v1.4.2-beta.1

Other notable changes

  • Fix non-starting node controller in 1.4 branch (#34895, @wojtek-t)
  • Cherrypick #34851 "Only wait for cache syncs once in NodeController" (#34861, @jessfraz)
  • NodeController waits for informer sync before doing anything (#34809, @gmarek)
  • Make NodeController recognize deletion tombstones (#34786, @davidopp)
  • Fix panic in NodeController caused by receiving DeletedFinalStateUnknown object from the cache. (#34694, @gmarek)
  • Update GlusterFS provisioning readme with endpoint/service details (#31854, @humblec)
  • Add logging for enabled/disabled API Groups (#32198, @deads2k)
  • New federation deployment mechanism now allows non-GCP clusters. (#34620, @madhusudancs)
    • Writes the federation kubeconfig to the local kubeconfig file.

v1.4.2

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz 0730e207944ca96c9d9588a571a5eff0f8fdbb0e1287423513a2b2a4baca9f77

Changelog since v1.4.2-beta.1

Other notable changes

  • Cherrypick #34851 "Only wait for cache syncs once in NodeController" (#34861, @jessfraz)
  • NodeController waits for informer sync before doing anything (#34809, @gmarek)
  • Make NodeController recognize deletion tombstones (#34786, @davidopp)
  • Fix panic in NodeController caused by receiving DeletedFinalStateUnknown object from the cache. (#34694, @gmarek)
  • Update GlusterFS provisioning readme with endpoint/service details (#31854, @humblec)
  • Add logging for enabled/disabled API Groups (#32198, @deads2k)
  • New federation deployment mechanism now allows non-GCP clusters. (#34620, @madhusudancs)
    • Writes the federation kubeconfig to the local kubeconfig file.

v1.4.2-beta.1

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz b72986a0adcb7e08feb580c5d72de129ac2ecc128c154fd79785bac2d2e760f7

Changelog since v1.4.1

Other notable changes

v1.4.1

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz b51971d872426ba71bb09b9a9191bb95fc0e48390dc287a9080e3876c8e19a95

Changelog since v1.4.1-beta.2

No notable changes for this release

v1.4.1-beta.2

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz 708fbaabf17a69c69c2c9a715e152a29d47334b8c98d217ba17e9b42d6770f25

Changelog since v1.4.0

Other notable changes

  • Update GCI base image: (#34156, @adityakali)
    • Enabled VXLAN and IP_SET config options in kernel to support some networking tools (ebtools)
    • OpenSSL CVE fixes
  • ContainerVm/GCI image: try to use ifdown/ifup if available (#33595, @freehan)
  • Make the informer library available for the go client library. (#32718, @mikedanese)
  • Enforce Disk based pod eviction with GCI base image in Kubelet (#33520, @vishh)
  • Fix nil pointer issue when getting metrics from volume mounter (#34251, @jingxu97)
  • Enable kubectl describe rs to work when apiserver does not support pods (#33794, @nikhiljindal)
  • Increase timeout for federated ingress test. (#33610, @quinton-hoole)
  • Remove headers that are unnecessary for proxy target (#34076, @mbohlool)
  • Support graceful termination in kube-dns (#31894, @MrHohn)
  • Added --log-facility flag to enhance dnsmasq logging (#32422, @MrHohn)
  • Split dns healthcheck into two different urls (#32406, @MrHohn)
  • Tune down initialDelaySeconds for readinessProbe. (#33146, @MrHohn)
  • Bump up addon kube-dns to v20 for graceful termination (#33774, @MrHohn)
  • Send recycle events from pod to pv. (#27714, @jsafrane)
  • Limit the number of names per image reported in the node status (#32914, @yujuhong)
  • Fixes in HPA: consider only running pods; proper denominator in avg request calculations. (#33735, @jszczepkowski)
  • Fix audit_test regex for iso8601 timestamps (#32593, @johnbieren)
  • Limit the number of names per image reported in the node status (#32914, @yujuhong)
  • Fix the DOCKER_OPTS appending bug. (#33163, @DjangoPeng)
  • Remove cpu limits for dns pod to avoid CPU starvation (#33227, @vishh)
  • Fixes memory/goroutine leak in Federation Service controller. (#33359, @shashidharatd)
  • Use UpdateStatus, not Update, to add LoadBalancerStatus to Federated Ingress. (#33605, @quinton-hoole)
  • Initialize podsWithAffinity to avoid scheduler panic (#33967, @xiang90)
  • Heal the namespaceless ingresses in federation e2e. (#33977, @quinton-hoole)
  • Add missing argument to log message in federated ingress controller. (#34158, @quinton-hoole)
  • Fix issue in updating device path when volume is attached multiple times (#33796, @jingxu97)
  • To reduce memory usage to reasonable levels in smaller clusters, kube-apiserver now sets the deserialization cache size based on the target memory usage. (#34000, @wojtek-t)
  • Fix possible panic in PodAffinityChecker (#33086, @ivan4th)
  • Fix race condition in setting node statusUpdateNeeded flag (#32807, @jingxu97)
  • kube-proxy: Add a lower-bound for conntrack (128k default) (#33051, @thockin)
  • Use patched golang1.7.1 for cross-builds targeting darwin (#33803, @ixdy)
  • Move HighWaterMark to the top of the struct in order to fix arm (#33117, @luxas)
  • Move HighWaterMark to the top of the struct in order to fix arm, second time (#33376, @luxas)

v1.4.0

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz 6cf3d78230f7659b87fa399a56a7aaed1fde6a73be9d05e25feedacfbd8d5a16

Major Themes

  • Simplified User Experience
    • Easier to get a cluster up and running (eg: kubeadm, intra-cluster bootstrapping)
    • Easier to understand a cluster (eg: API audit logs, server-based API defaults)
  • Stateful Application Support
    • Enhanced persistence capabilities (eg: StorageClasses, new volume plugins)
    • New resources and scheduler features (eg: ScheduledJob resource, pod/node affinity/anti-affinity)
  • Cluster Federation
    • Global Multi-cluster HTTP(S) Ingress across GCE and GKE clusters.
    • Expanded support for federated hybrid-cloud resources including ReplicaSets, Secrets, Namespaces and Events.
  • Security
    • Increased pod-level security granularity (eg: Container Image Policies, AppArmor and sysctl support)
    • Increased cluster-level security granularity (eg: Access Review API)

Features

This is the first release tracked via the use of the kubernetes/features issues repo. Each Feature issue is owned by a Special Interest Group from kubernetes/community

  • API Machinery
    • [alpha] Generate audit logs for every request user performs against secured API server endpoint. (docs) (kubernetes/features#22)
    • [beta] kube-apiserver now publishes a swagger 2.0 spec in addition to a swagger 1.2 spec (kubernetes/features#53)
    • [beta] Server-side garbage collection is enabled by default. See user-guide
  • Apps
    • [alpha] Introducing 'ScheduledJobs', which allow running time based Jobs, namely once at a specified time or repeatedly at specified point in time. (docs) (kubernetes/features#19)
  • Auth
    • [alpha] Container Image Policy allows an access controller to determine whether a pod may be scheduled based on a policy (docs) (kubernetes/features#59)
    • [alpha] Access Review APIs expose authorization engine to external inquiries for delegation, inspection, and debugging (docs) (kubernetes/features#37)
  • Cluster Lifecycle
    • [alpha] Ensure critical cluster infrastructure pods (Heapster, DNS, etc.) can schedule by evicting regular pods when necessary to make the critical pods schedule. (docs) (kubernetes/features#62)
    • [alpha] Simplifies bootstrapping of TLS secured communication between the API server and kubelet. (docs) (kubernetes/features#43)
    • [alpha] The kubeadm tool makes it much easier to bootstrap Kubernetes. (docs) (kubernetes/features#11)
  • Federation
    • [alpha] Creating a Federated Ingress is as simple as submitting an Ingress creation request to the Federation API Server. The Federation control system then creates and maintains a single global virtual IP to load balance incoming HTTP(S) traffic across some or all the registered clusters, across all regions. Google's GCE L7 LoadBalancer is the first supported implementation, and is available in this release. (docs) (kubernetes/features#82)
    • [beta] Federated Replica Sets create and maintain matching Replica Sets in some or all clusters in a federation, with the desired replica count distributed equally or according to specified per-cluster weights. (docs) (kubernetes/features#46)
    • [beta] Federated Secrets are created and kept consistent across all clusters in a federation. (docs) (kubernetes/features#68)
    • [beta] Federation API server gained support for events and many federation controllers now report important events. (docs) (kubernetes/features#70)
    • [alpha] Creating a Federated Namespace causes matching Namespaces to be created and maintained in all the clusters registered with that federation. (docs) (kubernetes/features#69)
    • [alpha] ingress has alpha support for a single master multi zone cluster (docs) (kubernetes/features#52)
  • Network
  • Node
  • Scheduling
    • [alpha] Allows pods to require or prohibit (or prefer or prefer not) co-scheduling on the same node (or zone or other topology domain) as another set of pods. (docs (kubernetes/features#51)
  • Storage
  • UI
    • [stable] Kubernetes Dashboard UI - a great looking Kubernetes Dashboard UI with 90% CLI parity for at-a-glance management. docs
    • [stable] kubectl no longer applies defaults before sending objects to the server in create and update requests, allowing the server to apply the defaults. (kubernetes/features#55)

Known Issues

  • Completed pods lose logs across node upgrade (#32324)
  • Pods are deleted across node upgrade (#32323)
  • Secure master -> node communication (#11816)
  • upgrading master doesn't upgrade kubectl (#32538)
  • Specific error message on failed rolling update issued by older kubectl against 1.4 master (#32751)
  • bump master cidr range from /30 to /29 (#32886)
  • non-hostNetwork daemonsets will almost always have a pod that fails to schedule (#32900)
  • Service loadBalancerSourceRanges doesn't respect updates (#33033)
  • disallow user to update loadbalancerSourceRanges (#33346)

Notable Changes to Existing Behavior

Deployments

  • ReplicaSets of paused Deployments are now scaled while the Deployment is paused. This is retroactive to existing Deployments.
  • When scaling a Deployment during a rollout, the ReplicaSets of all Deployments are now scaled proportionally based on the number of replicas they each have instead of only scaling the newest ReplicaSet.

kubectl rolling-update: < v1.4.0 client vs >=v1.4.0 cluster

Old version kubectl's rolling-update command is compatible with Kubernetes 1.4 and higher only if you specify a new replication controller name. You will need to update to kubectl 1.4 or higher to use the rolling update command against a 1.4 cluster if you want to keep the original name, or you'll have to do two rolling updates.

If you do happen to use old version kubectl's rolling update against a 1.4 cluster, it will fail, usually with an error message that will direct you here. If you saw that error, then don't worry, the operation succeeded except for the part where the new replication controller is renamed back to the old name. You can just do another rolling update using kubectl 1.4 or higher to change the name back: look for a replication controller that has the original name plus a random suffix.

Unfortunately, there is a much rarer second possible failure mode: the replication controller gets renamed to the old name, but there is a duplicated set of pods in the cluster. kubectl will not report an error since it thinks its job is done.

If this happens to you, you can wait at most 10 minutes for the replication controller to start a resync, the extra pods will then be deleted. Or, you can manually trigger a resync by change the replicas in the spec of the replication controller.

kubectl delete: < v1.4.0 client vs >=v1.4.0 cluster

If you use an old version kubectl to delete a replication controller or replicaset, then after the delete command has returned, the replication controller or the replicaset will continue to exist in the key-value store for a short period of time (<1s). You probably will not notice any difference if you use kubectl manually, but you might notice it if you are using kubectl in a script.

DELETE operation in REST API

  • Replication controller & Replicaset: the DELETE request of a replication controller or a replicaset becomes asynchronous by default. The object will continue to exist in the key-value store for some time. The API server will set its metadata.deletionTimestamp, add the "orphan" finalizer to its metadata.finalizers. The object will be deleted from the key-value store after the garbage collector orphans its dependents. Please refer to this user-guide for more information regarding the garbage collection.

  • Other objects: no changes unless you explicitly request orphaning.

Action Required Before Upgrading

  • If you are using Kubernetes to manage docker containers, please be aware Kubernetes has been validated to work with docker 1.9.1, docker 1.11.2 (#23397), and docker 1.12.0 (#28698)
  • If you upgrade your apiserver to 1.4.x but leave your kubelets at 1.3.x, they will not report init container status, but init containers will work properly. Upgrading kubelets to 1.4.x fixes this.
  • The NamespaceExists and NamespaceAutoProvision admission controllers have been removed, use the NamespaceLifecycle admission controller instead (#31250, @derekwaynecarr)
  • If upgrading Cluster Federation components from 1.3.x, the federation-apiserver and federation-controller-manager binaries have been folded into hyperkube. Please switch to using that instead. (#29929, @madhusudancs)
  • If you are using the PodSecurityPolicy feature (eg: kubectl get podsecuritypolicy does not error, and returns one or more objects), be aware that init containers have moved from alpha to beta. If there are any pods with the key pods.beta.kubernetes.io/init-containers, then that pod may not have been filtered by the PodSecurityPolicy. You should find such pods and either delete them or audit them to ensure they do not use features that you intend to be blocked by PodSecurityPolicy. (#31026, @erictune)
  • If upgrading Cluster Federation components from 1.3.x, please ensure your cluster name is a valid DNS label (#30956, @nikhiljindal)
  • kubelet's --config flag has been deprecated, use --pod-manifest-path instead (#29999, @mtaufen)
  • If upgrading Cluster Federation components from 1.3.x, be aware the federation-controller-manager now looks for a different secret name. Run the following to migrate (#28938, @madhusudancs)
kubectl --namespace=federation get secret federation-apiserver-secret -o json | sed 's/federation-apiserver-secret/federation-apiserver-kubeconfig/g' | kubectl create -f -
# optionally, remove the old secret
kubectl delete secret --namespace=federation federation-apiserver-secret
  • Kubernetes components no longer handle panics, and instead actively crash. All Kubernetes components should be run by something that actively restarts them. This is true of the default setups, but those with custom environments may need to double-check (#28800, @lavalamp)
  • kubelet now defaults to --cloud-provider=auto-detect, use --cloud-provider='' to preserve previous default of no cloud provider (#28258, @vishh)

Previous Releases Included in v1.4.0

For a detailed list of all changes that were included in this release, please refer to the following CHANGELOG entries:

v1.4.0-beta.11

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz 993e785f501d2fa86c9035b55a875c420059b3541a32b5822acf5fefb9a61916

Changelog since v1.4.0-beta.10

No notable changes for this release

v1.4.0-beta.10

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz f3f1f0e5cf8234d640c8e9444c73343f04be8685f92b6a1ad66190f84de2e3a7

Changelog since v1.4.0-beta.8

Other notable changes

  • Remove cpu limits for dns pod to avoid CPU starvation (#33227, @vishh)
  • Resolves x509 verification issue with masters dialing nodes when started with --kubelet-certificate-authority (#33141, @liggitt)
  • Upgrading Container-VM base image for k8s on GCE. Brief changelog as follows: (#32738, @Amey-D)
    • Fixed performance regression in veth device driver
    • Docker and related binaries are statically linked
    • Fixed the issue of systemd being oom-killable
  • Update cAdvisor to v0.24.0 - see the cAdvisor changelog for the full list of changes. (#33052, @timstclair)

v1.4.0-beta.8

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz 31701c5c675c137887b58d7914e39b4c8a9c03767c0c3d89198a52f4476278ca

Changelog since v1.4.0-beta.7

No notable changes for this release

v1.4.0-beta.7

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz 51e8f3ebe55cfcfbe582dd6e5ea60ae125d89373477571c0faee70eff51bab31

Changelog since v1.4.0-beta.6

Other notable changes

  • Use a patched go1.7.1 for building linux/arm (#32517, @luxas)
  • Specific error message on failed rolling update issued by older kubectl against 1.4 master (#32751, @caesarxuchao)

v1.4.0-beta.6

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz 0b0158e4745663b48c55527247d3e64cc3649f875fa7611fc7b38fa5c3b736bd

Changelog since v1.4.0-beta.5

Other notable changes

  • Set Dashboard UI to final 1.4 version (#32666, @bryk)

v1.4.0-beta.5

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz ec6b233b0448472e05e6820b8ea1644119ae4f9fe3a1516cf978117c19bad0a9

Changelog since v1.4.0-beta.3

Other notable changes

v1.4.0-beta.3

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz 5a6802703c6b0b652e72166a4347fee7899c46205463f6797dc78f8086876465

Changelog since v1.4.0-beta.2

No notable changes for this release

Behavior changes caused by enabling the garbage collector

kubectl rolling-update

Old version kubectl's rolling-update command is compatible with Kubernetes 1.4 and higher only if you specify a new replication controller name. You will need to update to kubectl 1.4 or higher to use the rolling update command against a 1.4 cluster if you want to keep the original name, or you'll have to do two rolling updates.

If you do happen to use old version kubectl's rolling update against a 1.4 cluster, it will fail, usually with an error message that will direct you here. If you saw that error, then don't worry, the operation succeeded except for the part where the new replication controller is renamed back to the old name. You can just do another rolling update using kubectl 1.4 or higher to change the name back: look for a replication controller that has the original name plus a random suffix.

Unfortunately, there is a much rarer second possible failure mode: the replication controller gets renamed to the old name, but there is a duplicate set of pods in the cluster. kubectl will not report an error since it thinks its job is done.

If this happens to you, you can wait at most 10 minutes for the replication controller to start a resync, the extra pods will then be deleted. Or, you can manually trigger a resync by change the replicas in the spec of the replication controller.

kubectl delete

If you use an old version kubectl to delete a replication controller or a replicaset, then after the delete command has returned, the replication controller or the replicaset will continue to exist in the key-value store for a short period of time (<1s). You probably will not notice any difference if you use kubectl manually, but you might notice it if you are using kubectl in a script. To fix it, you can poll the API server to confirm the object is deleted.

DELETE operation in REST API

  • Replication controller & Replicaset: the DELETE request of a replication controller or a replicaset becomes asynchronous by default. The object will continue to exist in the key-value store for some time. The API server will set its metadata.deletionTimestamp, add the "orphan" finalizer to its metadata.finalizers. The object will be deleted from the key-value store after the garbage collector orphans its dependents. Please refer to this user-guide for more information regarding the garbage collection.

  • Other objects: no changes unless you explicitly request orphaning.

v1.4.0-beta.2

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz 0c6f54eb9059090c88f10a448ed5bcb6ef663abbd76c79281fd8dcb72faa6315

Changelog since v1.4.0-beta.1

Other notable changes

  • Fix a bug in kubelet hostport logic which flushes KUBE-MARK-MASQ iptables chain (#32413, @freehan)
  • Stick to 2.2.1 etcd (#32404, @caesarxuchao)
  • Use etcd 2.3.7 (#32359, @wojtek-t)
  • AWS: Change default networking for kube-up to kubenet (#32239, @zmerlynn)
  • Make sure finalizers prevent deletion on storage that supports graceful deletion (#32351, @caesarxuchao)
  • Some components like kube-dns and kube-proxy could fail to load the service account token when started within a pod. Properly handle empty configurations to try loading the service account config. (#31947, @smarterclayton)
  • Use federated namespace instead of the bootstrap cluster's namespace in Ingress e2e tests. (#32105, @madhusudancs)

v1.4.0-beta.1

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz 837296455933629b6792a8954f2c5b17d55c1149c12b644101f2f02549d06d25

Changelog since v1.4.0-alpha.3

Action Required

  • The NamespaceExists and NamespaceAutoProvision admission controllers have been removed. (#31250, @derekwaynecarr)
    • All cluster operators should use NamespaceLifecycle.
  • Federation binaries and their corresponding docker images - federation-apiserver and federation-controller-manager are now folded in to the hyperkube binary. If you were using one of these binaries or docker images, please switch to using the hyperkube version. Please refer to the federation manifests - federation/manifests/federation-apiserver.yaml and federation/manifests/federation-controller-manager-deployment.yaml for examples. (#29929, @madhusudancs)
  • Use upgraded container-vm by default on worker nodes for GCE k8s clusters (#31023, @vishh)

Other notable changes

  • Enable kubelet eviction whenever inodes free is < 5% on GCE (#31545, @vishh)
  • Move StorageClass to a storage group (#31886, @deads2k)
  • Some components like kube-dns and kube-proxy could fail to load the service account token when started within a pod. Properly handle empty configurations to try loading the service account config. (#31947, @smarterclayton)
  • Removed comments in json config when using kubectl edit with -o json (#31685, @jellonek)
  • fixes invalid null selector issue in sysdig example yaml (#31393, @baldwinSPC)
  • Rescheduler which ensures that critical pods are always scheduled enabled by default in GCE. (#31974, @piosz)
  • retry oauth token fetch in gce cloudprovider (#32021, @mikedanese)
  • Deprecate the old cbr0 and flannel networking modes (#31197, @freehan)
  • AWS: fix volume device assignment race condition (#31090, @justinsb)
  • The certificates API group has been renamed to certificates.k8s.io (#31887, @liggitt)
  • Increase Dashboard UI version to v1.4.0-beta2 (#31518, @bryk)
  • Fixed incomplete kubectl bash completion. (#31333, @xingzhou)
  • Added liveness probe to Heapster service. (#31878, @mksalawa)
  • Adding clusters to the list of valid resources printed by kubectl help (#31719, @nikhiljindal)
  • Kubernetes server components using kubeconfig files no longer default to http://localhost:8080. Administrators must specify a server value in their kubeconfig files. (#30808, @smarterclayton)
  • Update influxdb to 0.12 (#31519, @piosz)
  • Include security options in the container created event (#31557, @timstclair)
  • Federation can now be deployed using the federation/deploy/deploy.sh script. This script does not depend on any of the development environment shell library/scripts. This is an alternative to the current federation-up.sh/federation-down.sh scripts. Both the scripts are going to co-exist in this release, but the federation-up.sh/federation-down.sh scripts might be removed in a future release in favor of federation/deploy/deploy.sh script. (#30744, @madhusudancs)
  • Add get/delete cluster, delete context to kubectl config (#29821, @alexbrand)
  • rkt: Force rkt fetch to fetch from remote to conform the image pull policy. (#31378, @yifan-gu)
  • Allow services which use same port, different protocol to use the same nodePort for both (#30253, @AdoHe)
  • Handle overlapping deployments gracefully (#30730, @janetkuo)
  • Remove environment variables and internal Kubernetes Docker labels from cAdvisor Prometheus metric labels. (#31064, @grobie)
    • Old behavior:
      • environment variables explicitly whitelisted via --docker-env-metadata-whitelist were exported as container_env_*=*. Default is zero so by default non were exported
      • all docker labels were exported as container_label_*=*
    • New behavior:
      • Only container_name, pod_name, namespace, id, image, and name labels are exposed
      • no environment variables will be exposed ever via /metrics, even if whitelisted
  • Filter duplicate network packets in promiscuous bridge mode (with ebtables) (#28717, @freehan)
  • Refactor to simplify the hard-traveled path of the KubeletConfiguration object (#29216, @mtaufen)
  • Fix overflow issue in controller-manager rate limiter (#31396, @foxish)

v1.4.0-alpha.3

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz 8055f0373e3b6bdee865749ef9bcfc765396a40f39ec2fa3cd31b675d1bbf5d9

Changelog since v1.4.0-alpha.2

Action Required

  • Moved init-container feature from alpha to beta. (#31026, @erictune)
    • Security Action Required:
      • This only applies to you if you use the PodSecurityPolicy feature. You are using that feature if kubectl get podsecuritypolicy returns one or more objects. If it returns an error, you are not using it.
      • If there are any pods with the key pods.beta.kubernetes.io/init-containers, then that pod may not have been filtered by the PodSecurityPolicy. You should find such pods and either delete them or audit them to ensure they do not use features that you intend to be blocked by PodSecurityPolicy.
    • Explanation of Feature:
      • In 1.3, an init container is specified with this annotation key on the pod or pod template: pods.alpha.kubernetes.io/init-containers.
      • In 1.4, either that key or this key: pods.beta.kubernetes.io/init-containers,can be used.
    • When you GET an object, you will see both annotation keys with the same values. You can safely roll back from 1.4 to 1.3, and things with init-containers will still work (pods, deployments, etc).
    • If you are running 1.3, only use the alpha annotation, or it may be lost when rolling forward. The status has moved from annotation key pods.beta.kubernetes.io/init-container-statuses to pods.beta.kubernetes.io/init-container-statuses.
    • Any code that inspects this annotation should be changed to use the new key. State of Initialization will continue to be reported in both pods.alpha.kubernetes.io/initialized and in podStatus.conditions.{status: "True", type: Initialized}
  • Action required: federation-only: Please update your cluster name to be a valid DNS label. (#30956, @nikhiljindal)
    • Updating federation.v1beta1.Cluster API to disallow subdomains as valid cluster names. Only DNS labels are allowed as valid cluster names now.
  • [Kubelet] Rename --config to --pod-manifest-path. --config is deprecated. (#29999, @mtaufen)

Other notable changes

  • rkt: Improve support for privileged pod (pod whose all containers are privileged) (#31286, @yifan-gu)
  • The pod annotation security.alpha.kubernetes.io/sysctls now allows customization of namespaced and well isolated kernel parameters (sysctls), starting with kernel.shm_rmid_forced, net.ipv4.ip_local_port_range and net.ipv4.tcp_syncookies for Kubernetes 1.4. (#27180, @sttts)
    • The pod annotation security.alpha.kubernetes.io/unsafe-sysctls allows customization of namespaced sysctls where isolation is unclear. Unsafe sysctls must be enabled at-your-own-risk on the kubelet with the --experimental-allowed-unsafe-sysctls flag. Future versions will improve on resource isolation and more sysctls will be considered safe.
  • Increase request timeout based on termination grace period (#31275, @dims)
  • Fixed two issues of kubectl bash completion. (#31135, @xingzhou)
  • Reduced size of fluentd images. (#31239, @aledbf)
  • support Azure data disk volume (#29836, @rootfs)
  • fix Openstack provider to allow more than one service port for lbaas v2 (#30649, @dagnello)
  • Add kubelet --network-plugin-mtu flag for MTU selection (#30376, @justinsb)
  • Let Services preserve client IPs and not double-hop from external LBs (alpha) (#29409, @girishkalele)
  • [Kubelet] Optionally consume configuration from named config maps (#30090, @mtaufen)
  • [GarbageCollector] Allow per-resource default garbage collection behavior (#30838, @caesarxuchao)
  • Action required: If you have a running federation control plane, you will have to ensure that for all federation resources, the corresponding namespace exists in federation control plane. (#31139, @nikhiljindal)
    • federation-apiserver now supports NamespaceLifecycle admission control, which is enabled by default. Set the --admission-control flag on the server to change that.
  • Configure webhook (#30923, @Q-Lee)
  • Federated Ingress Controller (#30419, @quinton-hoole)
  • Federation replicaset controller (#29741, @jianhuiz)
  • AWS: More ELB attributes via service annotations (#30695, @krancour)
  • Impersonate user extra (#30881, @deads2k)
  • DNS, Heapster and UI are critical addons (#30995, @piosz)
  • AWS: Support HTTP->HTTP mode for ELB (#30563, @knarz)
  • kube-up: Allow IP restrictions for SSH and HTTPS API access on AWS. (#27061, @Naddiseo)
  • Add readyReplicas to replica sets (#29481, @kargakis)
  • The implicit registration of Prometheus metrics for request count and latency have been removed, and a plug-able interface was added. If you were using our client libraries in your own binaries and want these metrics, add the following to your imports in the main package: "k8s.io/pkg/client/metrics/prometheus". (#30638, @krousey)
  • Add support for --image-pull-policy to 'kubectl run' (#30614, @AdoHe)
  • x509 authenticator: get groups from subject's organization field (#30392, @ericchiang)
  • Add initial support for TokenFile to the client config file. (#29696, @brendandburns)
  • update kubectl help output for better organization (#25524, @AdoHe)
  • daemonset controller should respect taints (#31020, @mikedanese)
  • Implement TLS bootstrap for kubelet using --experimental-bootstrap-kubeconfig (2nd take) (#30922, @yifan-gu)
  • rkt: Support subPath volume mounts feature (#30934, @yifan-gu)
  • Return container command exit codes in kubectl run/exec (#26541, @sttts)
  • Fix kubectl describe to display a container's resource limit env vars as node allocatable when the limits are not set (#29849, @aveshagarwal)
  • The valueFrom.fieldRef.name field on environment variables in pods and objects with pod templates now allows two additional fields to be used: (#27880, @smarterclayton)
    • spec.nodeName will return the name of the node this pod is running on
    • spec.serviceAccountName will return the name of the service account this pod is running under
  • Adding ImagePolicyWebhook admission controller. (#30631, @ecordell)
  • Validate involvedObject.Namespace matches event.Namespace (#30533, @liggitt)
  • allow group impersonation (#30803, @deads2k)
  • Always return command output for exec probes and kubelet RunInContainer (#30731, @ncdc)
  • Enable the garbage collector by default (#30480, @caesarxuchao)
  • use valid_resources to replace kubectl.PossibleResourceTypes (#30955, @lojies)
  • oidc auth provider: don't trim issuer URL (#30944, @ericchiang)
  • Add a short -n for kubectl --namespace (#30630, @silasbw)
  • Federated secret controller (#30669, @kshafiee)
  • Add Events for operation_executor to show status of mounts, failed/successful to show in describe events (#27778, @screeley44)
  • Alpha support for OpenAPI (aka. Swagger 2.0) specification served on /swagger.json (enabled by default) (#30233, @mbohlool)
  • Disable linux/ppc64le compilation by default (#30659, @ixdy)
  • Implement dynamic provisioning (beta) of PersistentVolumes via StorageClass (#29006, @jsafrane)
  • Allow setting permission mode bits on secrets, configmaps and downwardAPI files (#28936, @rata)
  • Skip safe to detach check if node API object no longer exists (#30737, @saad-ali)
  • The Kubelet now supports the --require-kubeconfig option which reads all client config from the provided --kubeconfig file and will cause the Kubelet to exit with error code 1 on error. It also forces the Kubelet to use the server URL from the kubeconfig file rather than the --api-servers flag. Without this flag set, a failure to read the kubeconfig file would only result in a warning message. (#30798, @smarterclayton)
    • In a future release, the value of this flag will be defaulted to true.
  • Adding container image verification webhook API. (#30241, @Q-Lee)
  • Nodecontroller doesn't flip readiness on pods if kubeletVersion < 1.2.0 (#30828, @bprashanth)
  • AWS: Handle kube-down case where the LaunchConfig is dangling (#30816, @zmerlynn)
  • kubectl will no longer do client-side defaulting on create and replace. (#30250, @krousey)
  • Added warning msg for kubectl get (#28352, @vefimova)
  • Removed support for HPA in extensions client. (#30504, @piosz)
  • Implement DisruptionController. (#25921, @mml)
  • [Kubelet] Check if kubelet is running as uid 0 (#30466, @vishh)
  • Fix third party APIResource reporting (#29724, @brendandburns)
  • speed up RC scaler (#30383, @deads2k)
  • Set pod state as "unknown" when CNI plugin fails (#30137, @nhlfr)
  • Cluster Federation components can now be built and deployed using the make command. Please see federation/README.md for details. (#29515, @madhusudancs)
  • Adding events to federation control plane (#30421, @nikhiljindal)
  • [kubelet] Introduce --protect-kernel-defaults flag to make the tunable behaviour configurable (#27874, @ingvagabund)
  • Add support for kube-up.sh to deploy Calico network policy to GCI masters (#29037, @matthewdupre)
  • Added 'kubectl top' command showing the resource usage metrics. (#28844, @mksalawa)
  • Add basic audit logging (#27087, @soltysh)
  • Marked NodePhase deprecated. (#30005, @dchen1107)
  • Name the job created by scheduledjob (sj) deterministically with sj's name and a hash of job's scheduled time. (#30420, @janetkuo)
  • add metrics for workqueues (#30296, @deads2k)
  • Adding ingress resource to federation apiserver (#30112, @nikhiljindal)
  • Update Dashboard UI to version v1.1.1 (#30273, @bryk)
  • Update etcd 2.2 references to use 3.0.x (#29399, @timothysc)
  • HPA: ignore scale targets whose replica count is 0 (#29212, @sjenning)
  • Add total inodes to kubelet summary api (#30231, @derekwaynecarr)
  • Updates required for juju kubernetes to use the tls-terminated etcd charm. (#30104, @mbruzek)
  • Fix PVC.Status.Capacity and AccessModes after binding (#29982, @jsafrane)
  • allow a read-only rbd image mounted by multiple pods (#29622, @rootfs)
  • [kubelet] Auto-discover node IP if neither cloud provider exists and IP is not explicitly specified (#29907, @luxas)
  • kubectl config set-crentials: add arguments for auth providers (#30007, @ericchiang)
  • Scheduledjob controller (#29137, @janetkuo)
  • add subjectaccessreviews resource (#20573, @deads2k)
  • AWS/GCE: Rework use of master name (#30047, @zmerlynn)
  • Add density (batch pods creation latency and resource) and resource performance tests to `test-e2e-node' built for Linux only (#30026, @coufon)
  • Clean up items from moving local cluster setup guides (#30035, @pwittrock)
  • federation: Adding secret API (#29138, @kshafiee)
  • Introducing ScheduledJobs as described in the proposal as part of batch/v2alpha1 version (experimental feature). (#25816, @soltysh)
  • Node disk pressure should induce image gc (#29880, @derekwaynecarr)
  • oidc authentication plugin: don't trim issuer URLs with trailing slashes (#29860, @ericchiang)
  • Allow leading * in ingress hostname (#29204, @aledbf)
  • Rewrite service controller to apply best controller pattern (#25189, @mfanjie)
  • Fix issue with kubectl annotate when --resource-version is provided. (#29319, @juanvallejo)
  • Reverted conversion of influx-db to Pet Set, it is now a Replication Controller. (#30080, @jszczepkowski)
  • rbac validation: rules can't combine non-resource URLs and regular resources (#29930, @ericchiang)
  • VSAN support for VSphere Volume Plugin (#29172, @abrarshivani)
  • Addresses vSphere Volume Attach limits (#29881, @dagnello)
  • allow restricting subresource access (#29988, @deads2k)
  • Add density (batch pods creation latency and resource) and resource performance tests to `test-e2e-node' (#29764, @coufon)
  • Allow Secret & ConfigMap keys to contain caps, dots, and underscores (#25458, @errm)
  • allow watching old resources with kubectl (#27392, @sjenning)
  • azure: kube-up respects AZURE_RESOURCE_GROUP (#28700, @colemickens)
  • Modified influxdb petset to provision persistent volume. (#28840, @jszczepkowski)
  • Allow service names up to 63 characters (RFC 1035) (#29523, @fraenkel)
  • Change eviction logic in NodeController and make it Zone-aware (#28897, @gmarek)
    • Change eviction policies in NodeController:
      • add a "partialDisruption" mode, when more than 33% of Nodes in the zone are not Ready
      • add "fullDisruption" mode, when all Nodes in the zone are not Ready
    • Eviction behavior depends on the mode in which NodeController is operating:
      • if the new state is "partialDisruption" or "fullDisruption" we call a user defined function that returns a new QPS to use (default 1/10 of the default rate, and the default rate respectively),
      • if the new state is "normal" we resume normal operation (go back to default limiter settings),
      • if all zones in the cluster are in "fullDisruption" state we stop all evictions.
  • Add a flag for kubectl exposeto set ClusterIP and allow headless services (#28239, @ApsOps)
  • Add support to quota pvc storage requests (#28636, @derekwaynecarr)

v1.4.0-alpha.2

Documentation & Examples

Downloads

binary sha256 hash
kubernetes.tar.gz 787ce63a5149a1cb47d14c55450172e3a045d85349682d2e17ff492de9e415b9

Changelog since v1.4.0-alpha.1

Action Required

  • Federation API server kubeconfig secret consumed by federation-controller-manager has a new name. (#28938, @madhusudancs)
    • If you are upgrading your Cluster Federation components from v1.3.x, please run this command to migrate the federation-apiserver-secret to federation-apiserver-kubeconfig serect; $ kubectl --namespace=federation get secret federation-apiserver-secret -o json | sed 's/federation-apiserver-secret/federation-apiserver-kubeconfig/g' | kubectl create -f -
    • You might also want to delete the old secret using this command: $ kubectl delete secret --namespace=federation federation-apiserver-secret
  • Stop eating panics (#28800, @lavalamp)

Other notable changes

  • Add API for StorageClasses (#29694, @childsb)
  • Fix kubectl help command (#29737, @andreykurilin)
  • add shorthand cm for configmaps (#29652, @lojies)
  • Bump cadvisor dependencies to latest head. (#29492, @Random-Liu)
  • If a service of type node port declares multiple ports, quota on "services.nodeports" will charge for each port in the service. (#29457, @derekwaynecarr)
  • Add an Azure CloudProvider Implementation (#28821, @colemickens)
  • Add support for kubectl create quota command (#28351, @sttts)
  • Assume volume is detached if node doesn't exist (#29485, @saad-ali)
  • kube-up: increase download timeout for kubernetes.tar.gz (#29426, @justinsb)
  • Allow multiple APIs to register for the same API Group (#28414, @brendandburns)
  • Fix a problem with multiple APIs clobbering each other in registration. (#28431, @brendandburns)
  • Removing images with multiple tags (#29316, @ronnielai)
  • add enhanced volume and mount logging for block devices (#24797, @screeley44)
  • append an abac rule for $KUBE_USER. (#29164, @cjcullen)
  • add tokenreviews endpoint to implement webhook (#28788, @deads2k)
  • Fix "PVC Volume not detached if pod deleted via namespace deletion" issue (#29077, @saad-ali)
  • Allow mounts to run in parallel for non-attachable volumes (#28939, @saad-ali)
  • Fix working_set calculation in kubelet (#29153, @vishh)
  • Fix RBAC authorizer of ServiceAccount (#29071, @albatross0)
  • kubectl proxy changed to now allow urls to pods with "attach" or "exec" in the pod name (#28765, @nhlfr)
  • AWS: Added experimental option to skip zone check (#28417, @kevensen)
  • Ubuntu: Enable ssh compression when downloading binaries during cluster creation (#26746, @MHBauer)
  • Add extensions/replicaset to federation-apiserver (#24764, @jianhuiz)
  • federation: Adding namespaces API (#26298, @nikhiljindal)
  • Improve quota controller performance by eliminating unneeded list calls (#29134, @derekwaynecarr)
  • Make Daemonset use GeneralPredicates (#28803, @lukaszo)
  • Update docker engine-api to dea108d3aa (#29144, @ronnielai)
  • Fixing kube-up for CVM masters. (#29140, @maisem)
  • Fix logrotate config on GCI (#29139, @adityakali)
  • GCE bring-up: Differentiate NODE_TAGS from NODE_INSTANCE_PREFIX (#29141, @zmerlynn)
  • hyperkube: fix build for 3rd party registry (again) (#28489, @liyimeng)
  • Detect flakes in PR builder e2e runs (#27898, @lavalamp)
  • Remove examples moved to docs site (#23513, @erictune)
  • Do not query the metadata server to find out if running on GCE. Retry metadata server query for gcr if running on gce. (#28871, @vishh)
  • Change maxsize to size in logrotate. (#29128, @bprashanth)
  • Change setting "kubectl --record=false" to stop updating the change-cause when a previous change-cause is found. (#28234, @damemi)
  • Add "kubectl --overwrite" flag to automatically resolve conflicts between the modified and live configuration using values from the modified configuration. (#26136, @AdoHe)
  • Make discovery summarizer call servers in parallel (#26705, @nebril)
  • Don't recreate lb cloud resources on kcm restart (#29082, @bprashanth)
  • List all nodes and occupy cidr map before starting allocations (#29062, @bprashanth)
  • Fix GPU resource validation (#28743, @therc)
  • Make PD E2E Tests Wait for Detach to Prevent Kernel Errors (#29031, @saad-ali)
  • Scale kube-proxy conntrack limits by cores (new default behavior) (#28876, @thockin)
  • [Kubelet] Improving QOS in kubelet by introducing QoS level Cgroups - --cgroups-per-qos (#27853, @dubstack)
  • AWS: Add ap-south-1 to list of known AWS regions (#28428, @justinsb)
  • Add RELEASE_INFRA_PUSH related code to support pushes from kubernetes/release. (#28922, @david-mcmahon)
  • Fix watch cache filtering (#28966, @liggitt)
  • Deprecate deleting-pods-burst ControllerManager flag (#28882, @gmarek)
  • Add support for terminal resizing for exec, attach, and run. Note that for Docker, exec sessions (#25273, @ncdc)
    • inherit the environment from the primary process, so if the container was created with tty=false,that means the exec session's TERM variable will default to "dumb". Users can override this by setting TERM=xterm (or whatever is appropriate) to get the correct "smart" terminal behavior.
  • Implement alpha version of PreferAvoidPods (#20699, @jiangyaoguo)
  • Retry when apiserver fails to listen on insecure port (#28797, @aaronlevy)
  • Add SSH_OPTS to config ssh and scp port (#28872, @lojies)
  • kube-up: install new Docker pre-requisite (libltdl7) when not in image (#28745, @justinsb)
  • Separate rate limiters for Pod evictions for different zones in NodeController (#28843, @gmarek)
  • Add --quiet to hide the 'waiting for pods to be running' message in kubectl run (#28801, @janetkuo)
  • Controllers doesn't take any actions when being deleted. (#27438, @gmarek)
  • Add "deploy" abbrev for deployments to kubectl (#24087, @Frostman)
  • --no-header available now for custom-column (#26696, @gitfred)

v1.4.0-alpha.1

Documentation & Examples

Downloads

binary sha1 hash md5 hash
kubernetes.tar.gz 11a199208c5164a291c1767a1b9e64e45fdea747 334f349daf9268d8ac091d7fcc8e4626

Changelog since v1.3.0

Experimental Features

  • An alpha implementation of the TLS bootstrap API described in docs/proposals/kubelet-tls-bootstrap.md. (#25562, @gtank)

Action Required

  • [kubelet] Allow opting out of automatic cloud provider detection in kubelet. By default kubelet will auto-detect cloud providers (#28258, @vishh)
  • If you use one of the kube-dns replication controller manifest in cluster/saltbase/salt/kube-dns, i.e. cluster/saltbase/salt/kube-dns/{skydns-rc.yaml.base,skydns-rc.yaml.in}, either substitute one of __PILLAR__FEDERATIONS__DOMAIN__MAP__ or {{ pillar['federations_domain_map'] }} with the corresponding federation name to domain name value or remove them if you do not support cluster federation at this time. If you plan to substitute the parameter with its value, here is an example for {{ pillar['federations_domain_map'] }} (#28132, @madhusudancs)
    • pillar['federations_domain_map'] = "- --federations=myfederation=federation.test"
    • where myfederation is the name of the federation and federation.test is the domain name registered for the federation.
  • Proportionally scale paused and rolling deployments (#20273, @kargakis)

Other notable changes

Please see the Releases Page for older releases.

Release notes of older releases can be found in: