Kubernetes v1.31.0-rc.0 has been built and pushed using Golang version 1.22.5.
The release notes have been updated in CHANGELOG-1.31.md, with a pointer to them on GitHub:
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 21cc56e80b1bdc02005351f82cf9ac140b6785ddbb50f2bc14109f8a8dd5b1de0004c5bae660f361333f949b46f3a8e012b517a2e8d21429d2bc4952eb1aae96 |
kubernetes-src.tar.gz | b0817c03e5c060b94bfaa12c7ddcd9ed9146b468a21af71b70b1ec83ff9f20d584d3ee2c402a8324e045bf6b357b9f9846b54ab29c8a3ecade26880a8a2de193 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | 491f352be31bb3cfdbc2127c771aecd4f5959003af562fe9f413ff57535a50e27ff5240067d2bf7117ce61edcea601b2f80b4d1443533e955e874c4a188a432f |
kubernetes-client-darwin-arm64.tar.gz | 1415ebf19094ea907665d30bd5af8d3885c203c6c9c31229804762f52149ef793cb7872499cb37baced9f922e6e10167ca9bf13d5729e6adde890d1bc5039736 |
kubernetes-client-linux-386.tar.gz | ced0745e2c5c958370eb4e1f2d1dd33efae13df348f189c75c64e18499d0781df6fde8c730e68703758802c33c2f4db118a69584a2666614f1bf0e1b7634ed73 |
kubernetes-client-linux-amd64.tar.gz | d80c333b4a85c8d4975445ec6fa86ca4c1c8625dc11d807dd4b7460106931b891c05739ee31b6ccdf0648aefa12de00bffb6dc511b8f5eeef747c20d73613e82 |
kubernetes-client-linux-arm.tar.gz | a40f91682b349a488687cf80795b40db923e7e6ca35265d531e73cb17a263d20f3418b7b6214a4d2e4816f7381e35d8938ea8d55e5fb8d52e6873eb3820a56f7 |
kubernetes-client-linux-arm64.tar.gz | 746e31291d679e93d68e618dd4d371a9b9ba3492a4df545ea08eb70a05d32dbe8451f4c6ce8c35a1484fc1edeb4d19c0119c1dc0ed50326edae2247291be8a55 |
kubernetes-client-linux-ppc64le.tar.gz | 9347f378624df1f709b6390e22792b9cc743dc5e29ce9b0ef0487f58af5592b55c1c8ad92af22969feff23379712a8f3d50511fa1baccdc5826916d07ef81ffb |
kubernetes-client-linux-s390x.tar.gz | dc7b1f3c0f1f128aa503debeaaf93d692bc85a57bfc3d1cb771b786c0ea8fb3d5c56e7bed77258ce70d2763b5bc23e7564a05a031776890abf69c36de5cd2430 |
kubernetes-client-windows-386.tar.gz | b5262ed3cb3d3d645c9fc4b5040d4cd77ce2337c2a466b8ea9a76988ec35867b9059a123740df87051055b0e89ec1d91e89851f0659fd2692d840cede007b0c7 |
kubernetes-client-windows-amd64.tar.gz | 8560cdf5501d4b12ed766041c6170479b6f33c12c69fe1ade2687b65c5f02737570125286eca32fe327ff068e34b1b45d4fef7acde9e080515e62d5dad648723 |
kubernetes-client-windows-arm64.tar.gz | b821fb80d384be4f37e4d3303b364ab29243e078a6665b970723f6b1be92ba60ce8316e94a453a56b1c0229ce1ecb3f14d16ba56c2641883523645edc27b42f8 |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 782c376c100cd482adefd1cc030d4de56249c987eba951797f0a6afe70703085b67fc8e0d07c5cf895d200e35039f2c988c4b65430dcb291979e06f4310d22dc |
kubernetes-server-linux-arm64.tar.gz | 15a9805ce071e6e86987e027f8b27e94c0bbaea423bb5f690c0801403a043ca36fe62ba6e27595c5874d0fef1ebb61029e4c0279f92d8f9959f7e1243d76e726 |
kubernetes-server-linux-ppc64le.tar.gz | 2eaf285b8aff497dbff4196dc6c316d9283ebed1cc01ddae8392ee2272cfd03a1c92f25d50797eb446111e3027032ac4ee90c15ac352d48990815064114392c5 |
kubernetes-server-linux-s390x.tar.gz | a20a8e3b5bc8ea80634fa3b0df3d63b0da57254ef43eb4ac5459cd8f7d673931d7ec6664bd9359277325a1b9541e69606c611ccfa269582fb535d46810b0f540 |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 58a6fc3ab4440a9b6c9968fb789ec3cdbd450ed58676aeaa6c336ce2d3dd6c44fc9080d84f6e70de10552066efe3a89f318e6944ee3aa1a67f8673688b96274c |
kubernetes-node-linux-arm64.tar.gz | cf88294e9a6ab61ada2c7af81f9db2322312f39f4d1ab26f497a915321797a345667968d863024c997ef925de9a31ef0d3bc7be9d032283441bdc1c7c3b12d6c |
kubernetes-node-linux-ppc64le.tar.gz | e2480f1d518bcd6ebe0a3daf19148f8135bfc9d14a39b7e28e6d4104e026b7778cd3aa2fd2be103d081474437353b976d9dcbda67174dbfbd11200595e39b88e |
kubernetes-node-linux-s390x.tar.gz | 30e3a0479974413cadb7929941cb8ad14ae8b0ba280d35da16e5c115428629e60b00f5c9f515ef1de0a51323f50e61617b6cdecd5ef9c352aab18add02b89cbf |
kubernetes-node-windows-amd64.tar.gz | f163c968132b9d4301b48d09ae1751bc2b76ba56db9eb3de766674059271458a2fd04f78112f655d9fc1a64999d1dc001c3d450cbf83ef4324365cbde2746ed2 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
If you are using the RecoverVolumeExpansionFailure alpha feature, after upgrading to this release, existing PVCs with status.allocatedResourceStatus set to "ControllerResizeFailed" or "NodeResizeFailed" should have their status.allocatedResourceStatus cleared. (#126108, @gnufied) [SIG Apps, Auth, Node, Storage and Testing]
volume.beta.kubernetes.io/mount-options
(#124819, @carlory) [SIG Storage]Add Coordinated Leader Election as alpha under the CoordinatedLeaderElection feature gate. With the feature enabled, the control plane can use LeaseCandidate objects (coordination.k8s.io/v1alpha1 API group) to participate in a leader election and let the kube-apiserver select the best instance according to some strategy. (#124012, @Jefftree) [SIG API Machinery, Apps, Auth, Cloud Provider, Etcd, Node, Release, Scheduling and Testing]
Add an AllocatedResourcesStatus to each container status to indicate the health status of devices exposed by the device plugin. (#126243, @SergeyKanzhelev) [SIG API Machinery, Apps, Node and Testing]
Added Node.Status.Features.SupplementalGroupsPolicy field which is set to true when the feature is implemented in the CRI implementation (KEP-3619) (#125470, @everpeace) [SIG API Machinery, Apps, Node and Testing]
CustomResourceDefinition objects created with non-empty caBundle
fields which are invalid or do not contain any certificates will not appear in discovery or serve endpoints until a valid caBundle
is provided. Updates to CustomResourceDefinition are no longer allowed to transition a valid caBundle
field to an invalid caBundle
field. (#124061, @Jefftree) [SIG API Machinery]
DRA: The DRA driver's daemonset must be deployed with a service account that enables writing ResourceSlice and reading ResourceClaim objects. (#125163, @pohly) [SIG Auth, Node and Testing]
DRA: new API and several new features (#125488, @pohly) [SIG API Machinery, Apps, Auth, CLI, Cluster Lifecycle, Etcd, Node, Release, Scheduling, Storage and Testing]
DRA: the number of ResourceClaim objects can be limited per namespace and by the number of devices requested through a specific class via the v1.ResourceQuota mechanism. (#120611, @pohly) [SIG API Machinery, Apps, Auth, CLI, Etcd, Node, Release, Scheduling and Testing]
Fix the documentation for the default value of the procMount entry in the pod securityContext. The documentation was previously using the name of the internal variable 'DefaultProcMount' rather than the actual value 'Default'. (#125782, @aborrero) [SIG Apps and Node]
Fixed a bug in the API server where empty collections of ValidatingAdmissionPolicies did not have an items
field. (#124568, @xyz-li) [SIG API Machinery]
Graduate the Job SuccessPolicy to Beta.
The new reason label, "SuccessPolicy" and "CompletionsReached" are added to the "jobs_finished_total" metric. Additionally, If we enable the "JobSuccessPolicy" feature gate, the Job gets "CompletionsReached" reason for the "SuccessCriteriaMet" and "Complete" condition type when the number of succeeded Job Pods (".status.succeeded") reached the desired completions (".spec.completions"). (#126067, @tenzen-y) [SIG API Machinery, Apps and Testing]
Introduce a new boolean kubelet flag --fail-cgroupv1 (#126031, @harche) [SIG API Machinery and Node]
Kube-apiserver: adds an alpha AuthorizeWithSelectors feature that includes field and label selector information from requests in webhook authorization calls; adds an alpha AuthorizeNodeWithSelectors feature that makes the node authorizer limit requests from node API clients to get / list / watch its own Node API object, and to get / list / watch its own Pod API objects. Clients using kubelet credentials to read other nodes or unrelated pods must change their authentication credentials (recommended), adjust their usage, or grant broader read access independent of the node authorizer. (#125571, @liggitt) [SIG API Machinery, Auth, Node, Scheduling and Testing]
Kube-proxy Windows service control manager integration(--windows-service) is now configurable in v1alpha1 component configuration via WindowsRunAsService
field (#126072, @aroradaman) [SIG Network and Scalability]
Promote LocalStorageCapacityIsolation to beta and enable if user namespace is enabled for the pod (#126014, @PannagaRao) [SIG Apps, Autoscaling, Node, Storage and Testing]
Promote StatefulSetStartOrdinal to stable. This means --feature-gates=StatefulSetStartOrdinal=true
are not needed on kube-apiserver and kube-controller-manager binaries and they'll be removed soon following policy at https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation (#125374, @pwschuurman) [SIG API Machinery, Apps and Testing]
Promoted feature-gate VolumeAttributesClass
to beta (disabled by default). Users need to enable the feature gate and the storage v1beta1 group to use this new feature.
VolumeAttributesClass
and VolumeAttributesClassList
to storage.k8s.io/v1beta1
. (#126145, @carlory) [SIG API Machinery, Apps, CLI, Etcd, Storage and Testing]Removed feature gate CustomResourceValidationExpressions
. (#126136, @cici37) [SIG API Machinery, Cloud Provider and Testing]
Revert "Move ConsistentListFromCache feature flag to Beta and enable it by default" (#126139, @enj) [SIG API Machinery]
Revised the Pod API with alpha support for volumes derived from OCI artefacts. This feature is behind the ImageVolume
feature gate. (#125660, @saschagrunert) [SIG API Machinery, Apps and Node]
The Ingress.spec.defaultBackend is now considered an atomic struct for the purposes of server-side-apply. This means that any field-owner who sets values in that struct (they are mutually exclusive) owns the whole struct. For almost all users this change has no impact. For controllers which want to change port from number to name (or vice-versa), this makes it easier. (#126207, @thockin) [SIG API Machinery]
To enhance usability and developer experience, CRD validation rules now support direct use of (CEL) reserved keywords as field names in object validation expressions for existing expressions in storage, will fully support runtime in next release for compatibility concern. (#126188, @cici37) [SIG API Machinery and Testing]
EventsToRegister
in the EnqueueExtensions
interface gets ctx
in the parameters and error
in the return values. Please change your plugins' implementation accordingly. (#126113, @googs1025) [SIG Node, Scheduling, Storage and Testing]storage_class
and volume_attributes_class
labels to pv_collector_bound_pvc_count
and pv_collector_unbound_pvc_count
metrics. (#126166, @AndrewSirenko) [SIG Apps, Instrumentation, Storage and Testing]volumeAttributesClassName
field of PVC and PV objects. The volumeAttributesClassName
field is a reference to a VolumeAttributesClass object, which contains a set of key-value pairs that present mutable attributes of the volume. It's forbidden to change the volumeAttributesClassName
field of a PVC object until the PVC is bound to a PV object. During the binding process, if a PVC has a volumeAttributesClassName
field set, the controller will only consider volumes that have the same volumeAttributesClassName
as the PVC. If the volumeAttributesClassName
field is not set or set to an empty string, only volumes with empty volumeAttributesClassName
will be considered. (#121902, @carlory) [SIG Apps, Scheduling, Storage and Testing]event_handling_duration_seconds
metric, which is the time the scheduler takes to handle each kind of events. (#125929, @sanposhiho) [SIG Scheduling]queueing_hint_execution_duration_seconds
metric, which is the time the QueueingHint function takes. (#126227, @sanposhiho) [SIG Scheduling]UserNamespacesPodSecurityStandards
feature gate is enabled, Pod Security Admission enforcement of the baseline policy now allows procMount=Unmasked
for user namespace pods that set hostUsers=false
. (#126163, @haircommander) [SIG Auth].status.addresses
of its associated Node object. This avoids requesting DNS-only serving certificates before externally set addresses are in place. Until 1.33, the previous behavior can be opted back into by setting the deprecated AllowDNSOnlyNodeCSR feature gate to true in the kubelet. (#125813, @aojea) [SIG Auth, Cloud Provider and Node]--enable-controller-attach-detach=false
(#124884, @carlory) [SIG Storage]container_engine_t
is in the list of allowed SELinux types in the baseline Pod Security Standards profile (#126165, @haircommander) [SIG Auth]--proxy-port-range
, which was previously deprecated and non-functional, has now been removed. (#126293, @aroradaman) [SIG Network]Always
restartPolicy may not terminate gracefully if the pod hasn't initialized yet. (#125935, @gjkim42) [SIG Node and Testing]WatchList
feature gate to Beta for kube-apiserver and enables WatchListClient
for KCM. (#126191, @p0lyn0mial) [SIG API Machinery and Testing]kubernetes.io/kubelet-serving
or kubernetes.io/kube-apiserver-client-kubelet
with a CN starting with system:node:
, but where the CN is not system:node:${node-name}
. The feature gate AllowInsecureKubeletCertificateSigningRequests
defaults to false
, but can be enabled to revert to the previous behavior. This feature gate will be removed in Kubernetes v1.33 (#126441, @micahhausler) [SIG Auth]Nothing has changed.
Nothing has changed.
Contributors, the CHANGELOG-1.31.md has been bootstrapped with v1.31.0-rc.0 release notes and you may edit now as needed.
Published by your Kubernetes Release Managers.