Fwd: Kubernetes v1.27.7 is live!
31 views
Skip to first unread message
Marko Mudrinić
Oct 19, 2023, 4:37:16 AM10/19/23
to d...@kubernetes.io
---------- Forwarded message ---------
From: kubernetes-announce <mudrin...@gmail.com>
Date: Wednesday, October 18, 2023 at 6:25:18 PM UTC+2
Subject: Kubernetes v1.27.7 is live!
To: kubernetes-announce <kubernete...@googlegroups.com>, dev <d...@kubernetes.io>
From: kubernetes-announce <mudrin...@gmail.com>
Date: Wednesday, October 18, 2023 at 6:25:18 PM UTC+2
Subject: Kubernetes v1.27.7 is live!
To: kubernetes-announce <kubernete...@googlegroups.com>, dev <d...@kubernetes.io>
Kubernetes Community,
Kubernetes v1.27.7 has been built and pushed using Golang version 1.20.10.
The release notes have been updated in CHANGELOG-1.27.md, with a pointer to them on GitHub:
v1.27.7
Downloads for v1.27.7
Source Code
filename
sha512 hash
kubernetes.tar.gz
b12f023254d40f791355aeec2eb84d521035648cf3e19994eacdc6c7516373f11dad942ae97d4bc8a7f255654aa7c742c1c10f18b4f4830b64e78a0b7bb35083
kubernetes-src.tar.gz
137db7a6ddb85c7eb0676cc3cb2bfadd726073a34b1edae4e2c3cc15165a43c0f16d163930015de8a5e357e8ff099c0f8d03f036aa245704b10348c7c91483b1
Client Binaries
filename
sha512 hash
kubernetes-client-darwin-amd64.tar.gz
a2ce6205bb613454167b1e6f5c6be34516e9624f1cc0eec2b6b2aa0e0b3bfc7d266379f035a7eea08625bf97413ff4cf23c9dc65669529026ad8589a0e4f9a70
kubernetes-client-darwin-arm64.tar.gz
28b6df012e1af6a062f5815a0e8c8bd440c824e520c6954a55ea9fba917c328f23069c124bab7f5bfc4b37e3a20542b33cf41d07d715f7a54bd78bcdcabca70a
kubernetes-client-linux-386.tar.gz
7fcaa119db37f5a5212fd3a5fd08db37b1ce701d67922d1f65cc757edc02f282566ae4d001e11f7b7dab3e24b27f3745189dd7fc63c90e97e9ce6a070ba8b094
kubernetes-client-linux-amd64.tar.gz
87b7ac839cac8d96efa1c6170cf32ed2bbe14e7194971df4b4736699152e294a0aa0018f3d8ae1dcf9905c3c784a7a15c297382450c0431a0daf98f300d3ef16
kubernetes-client-linux-arm.tar.gz
1bc0420005fa0e564568aa4bcf5a61e96d4c2c42afee4d34df940c4b89f0639e90771deda40a1b30f536ce8f1bd4d04cf228af98edf48ba0fa6685babe11311a
kubernetes-client-linux-arm64.tar.gz
d4e96a6be6e15530e866399a5760f9410fe319217f7d91026d93a27e1a2ce9398380adc62f463a347f383ced253e359fba2fb291bd8a644f067ffc4ce8457d6c
kubernetes-client-linux-ppc64le.tar.gz
abcc2c651514f0b2a4cf28934078ea701d3591d318e5eac080e7958f70fa94cb4b83ca9ee0f0130749c29a20c3bf8bea545c7641cfff0b78dc78571cb8e14f22
kubernetes-client-linux-s390x.tar.gz
0fb9a5bd534a29b84be6f1a5aae59e2a05531b1ff40019896e4bbbd3bd948a96313f65140764a656e0305e6f48cdb113e6fcf1c8195d4fadfa8bf62dea18db5b
kubernetes-client-windows-386.tar.gz
36a78882ec5960a561f928e2bb4ffb1c5dc7e884ee6471441d5de6d8fe0fec6cfd5a1bcc48dd933e490b07d7f837de93eecfb9ae353dcefc5dc4f699f02b5757
kubernetes-client-windows-amd64.tar.gz
a662732fa75fb2fc9ca733239eb2e5b82e3cba0311e7ed0d89b045a8a099697889f5febff50384d845600f4142936160106f60ff233961a5e143c363a839ee45
kubernetes-client-windows-arm64.tar.gz
993f365214cd7a66284f4e6612681c2d6bf4844717c4d990ab1baf21a8d03eb94d7ab591c1eb584389fd6985867e14ed61400b74a02935da6b8b0ec34284e8e4
Server Binaries
filename
sha512 hash
kubernetes-server-linux-amd64.tar.gz
8dc92641fe27bf7dcb2688a5c48cc0ff1b91b913d1f2eeac35b5bcbabc8413f768c23955141bdf707040b5ad0de55bbb7e407b4eed3d9d26c1e1c9e3acdb409b
kubernetes-server-linux-arm64.tar.gz
a554b9319897c4cc65d8e4ca32b83103a71cf4512fb187a7f2b85898e4d10618c17b26ff0aadd8e265be009b215f100de4ab0b14a77b3b309b0786f03d479eb5
kubernetes-server-linux-ppc64le.tar.gz
001fc616801c239bddc02789ec9b9cd765a635d3f2d6cd04086b42eb81200bc9d0904e0a9e5b72756c420e36ce244169532c01cefd60f423eaaa85e236f06a49
kubernetes-server-linux-s390x.tar.gz
a44f54c8fedea4e52e205831594f72f63d5c61cde0b9fa0ad6939eddf83664385edf767591187e166178a9af6b40da40607f26e098cb24bc2e5a88f7105318d3
Node Binaries
filename
sha512 hash
kubernetes-node-linux-amd64.tar.gz
ee31a3ad00412e122aacb82070a3257d558cd52e270312af538d9e7d22ad1638b71d9e02dddebf0b853c911284e172d7a16c0927c0e2012f761219850c0950aa
kubernetes-node-linux-arm64.tar.gz
95567ed1c5b892ee47f147d6ca8faef5e7915dfe34dc17141fa01326b4d0db0a8ff2e6589f681f9df5145b91878054c2b1e5030012d43500e4d525d28d3cb97b
kubernetes-node-linux-ppc64le.tar.gz
37cef5fb54c7a2ba8f542356ada66183bf281df41c989616694c87d06156aff241c03b7005c288dafad1889a5f989bd583bdf18039df9e31a874a71d4e5d9316
kubernetes-node-linux-s390x.tar.gz
414a71046b78be9937225396bccd747d17aba14890b77da672272129dd6b7675ae3522237388436ae79026c1837741af45e3c239c50149a4f5c16bd01066e1a9
kubernetes-node-windows-amd64.tar.gz
df34997bfe6e5f2526adc73680988cf6e8670efd15efb5c60cca0c3dc8e384eb0bbf85c0a5ffa8edb93f6d129dd58531ab00830e511603e4ded87c18fb8a60d3
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
name architectures registry.k8s.io/conformance:v1.27.7 amd64, arm64, ppc64le, s390x registry.k8s.io/kube-apiserver:v1.27.7 amd64, arm64, ppc64le, s390x registry.k8s.io/kube-controller-manager:v1.27.7 amd64, arm64, ppc64le, s390x registry.k8s.io/kube-proxy:v1.27.7 amd64, arm64, ppc64le, s390x registry.k8s.io/kube-scheduler:v1.27.7 amd64, arm64, ppc64le, s390x Changelog since v1.27.6 Changes by Kind Feature Failing Test- E2e framework: retrying after intermittent apiserver failures was fixed in WaitForPodsResponding (#120559, @pohly) [SIG Testing]
- Adds an opt-in mitigation for http/2 DOS vulnerabilities for CVE-2023-44487 and CVE-2023-39325 for the API server when the client is unauthenticated. The mitigation may be enabled by setting the UnauthenticatedHTTP2DOSMitigation feature gate to true (it is disabled by default). An API server fronted by an L7 load balancer that already mitigates these http/2 attacks may choose not to enable the kube-apiserver mitigation to avoid disrupting load balancer → kube-apiserver connections if http/2 requests from multiple clients share the same backend connection. An API server on a private network may choose not to enable the kube-apiserver mitigation to prevent performance regressions for unauthenticated clients. Authenticated requests rely on the fix in golang.org/x/net v0.17.0 alone. https://issue.k8s.io/121197 tracks further mitigation of http/2 attacks by authenticated clients. (#121199, @enj) [SIG API Machinery]
- Fix a bug in cronjob controller where already created jobs may be missing from the status. (#120649, @andrewsykim) [SIG Apps]
- Fixed a 1.27.4 regression where kube-controller-manager can crash when StatefulSet with Parallel policy and PVC labels is scaled up. (#121185, @aleksandra-malinowska) [SIG Apps]
- Fixed an issue to not drain all the pods in a namespace when an empty-selector i.e. "{}" is specified in a Pod Disruption Budget (PDB) (#121132, @sairameshv) [SIG Apps]
- Fixed attaching volumes after detach errors. Now volumes that failed to detach are not treated as attached, Kubernetes will make sure they are fully attached before they can be used by pods. (#120595, @jsafrane) [SIG Apps and Storage]
- Fixes a bug where Services using finalizers may hold onto ClusterIP and/or NodePort allocated resources for longer than expected if the finalizer is removed using the status subresource (#120655, @aojea) [SIG Network and Testing]
- Fixes bug where OpenAPIV2 config was used instead of V3, and gives clear error message about OpenAPIV3 requirement (#120612, @alexzielenski) [SIG API Machinery]
- Fixes creationTimestamp: null causing unnecessary writes to etcd (#116865, @alexzielenski) [SIG API Machinery and Testing]
- Revised the logic for DaemonSet rolling update to exclude nodes if scheduling constraints are not met. This eliminates the problem of rolling updates to a DaemonSet getting stuck around tolerations. (#120786, @mochizuki875) [SIG Apps and Testing]
- Sometimes, the scheduler incorrectly placed a pod in the "unschedulable" queue instead of the "backoff" queue. This happened when some plugin previously declared the pod as "unschedulable" and then in a later attempt encounters some other error. Scheduling of that pod then got delayed by up to five minutes, after which periodic flushing moved the pod back into the "active" queue. (#120334, @pohly) [SIG Scheduling]
- Etcd: update to v3.5.9 (#118079, @nikhita) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing]
- Fixes an issue where the vsphere cloud provider will not trust a certificate if:
- The issuer of the certificate is unknown (x509.UnknownAuthorityError)
- The requested name does not match the set of authorized names (x509.HostnameError)
- The error surfaced after attempting a connection contains one of the substrings: "certificate is not trusted" or "certificate signed by unknown authority" (#120767, @MadhavJivrajani) [SIG Architecture and Cloud Provider]
- Kubernetes is now built with Go 1.20.9 (#121024, @cpanato) [SIG Release and Testing]
- Set the resolution for the job_controller_job_sync_duration_seconds metric from 4ms to 1min (#120668, @mimowo) [SIG Apps and Instrumentation]
Nothing has changed.
Changed- github.com/vmware/govmomi: v0.30.0 → v0.30.6
- golang.org/x/crypto: v0.1.0 → v0.14.0
- golang.org/x/net: v0.8.0 → v0.17.0
- golang.org/x/sys: v0.6.0 → v0.13.0
- golang.org/x/term: v0.6.0 → v0.13.0
- golang.org/x/text: v0.8.0 → v0.13.0
Nothing has changed.
Contributors, the
CHANGELOG-1.27.md has been bootstrapped with
v1.27.7 release notes and you may edit now as needed.
Published by your
Kubernetes Release
Managers.
Reply all
Reply to author
Forward
0 new messages