Kubernetes v1.30.3 is live!

145 views
Skip to first unread message

Carlos Tadeu Panato Jr

unread,
Jul 17, 2024, 7:56:44 AMJul 17
to dev, kubernetes-announce
Kubernetes Community,

Kubernetes v1.30.3 has been built and pushed using Golang version 1.22.5.

The release notes have been updated in CHANGELOG-1.30.md, with a pointer to them on GitHub:


v1.30.3

Downloads for v1.30.3

Source Code

filenamesha512 hash
kubernetes.tar.gz8909e96a0ff757f498bf3778026738bb50cb937bfcbaee5a6b97317f183a02b22282339cc107a1df6557f832d0cd4980c51a15b14124be1a9cbf61535d696574
kubernetes-src.tar.gz46ada506e05bc34269fa6cf3b98791cd33040dac21dd11a606aa34c77532a06a43c605a3cf70270bc747ffa6c31f9bb2f37c509f150d218a323fdcaecdbff7f6

Client Binaries

filenamesha512 hash
kubernetes-client-darwin-amd64.tar.gz1284533de44f47e66ebd0e142eedec2eb0f09b1dcf4da0302d3d3c4372ccda385d089bd4deca07c079f53575eaf26c121f581704cab3cc38b81e30095e44e485
kubernetes-client-darwin-arm64.tar.gz03039f131416dc6bcd26acfaaecea59a58d6b63b1b01256c38c7f5f6eb8fc6283eb18ef206e2c38b11b91e65990c9e88e462e99c7e8cbb90d6075e9985046e00
kubernetes-client-linux-386.tar.gz7bea2c715e930b046827db6d4a547be798e01cf77e650d7193dbc41d413cb4637dabde6573efeaa92237049ef9f37598160a0bf3354c102543f9cf61a01d7a1f
kubernetes-client-linux-amd64.tar.gz88ad514acfc33b49161dedbbbb6559660f7a091319806daa124098f9c3d17c760e72324e5d09167a0a8d80275195b9012596da7ee974f628414179159ad4f3de
kubernetes-client-linux-arm.tar.gz75453d1069bf1c1ec9e5ff57ebe6d3f775144d0e9123dcf6c1c05b7971e54e53a4f47683b413bd4eb1c3ed6c7df6ab22a40dd2ae79a948347485eae5408e422d
kubernetes-client-linux-arm64.tar.gz37f79009ac14f0aef4a4dc833ee0e43632d03dc6d7a58622987b667e920907e4f3dd0181381a35b4cfebd5e4f5949d32a2f5b1d757b46b4adb4dd80181f87f7a
kubernetes-client-linux-ppc64le.tar.gze20d7dde800fa10328c73b4947dc7cbf215f51b949641390c22a894bf6853010dc29ec96cf227648076e34b63204600bcc7fe1a08aec22ad47490111e17a69b4
kubernetes-client-linux-s390x.tar.gzd6206b7d4bf6c88169c663234f32851447863380f12fd04e49a24cddf3ce93d1f609e49f0bbf84a739a909067851cad76e9179e81e9a53e0a540217fde4c0220
kubernetes-client-windows-386.tar.gz7ad7410d2a82f87e41fd3e0dd8354feb3e0166ba3c5b96eacb0c54de90c6fcf6921121cfa97a00f0c7b538a7a0b84a58cc0e90fa1c5facce3d207210c15924fd
kubernetes-client-windows-amd64.tar.gzeeed8188713a73df12ddc8cb8d0ad2227778e0789b70599f89b81e06ab3d1475597730040b7a276e45740769e52652f935a16d7178c7f34edd8bdb59b5308bdd
kubernetes-client-windows-arm64.tar.gzcb804579034e0abe45835e95d9f5b57cfae0bee821bdf83c684d352b58e79b5be54b7cd52a0a107fa355f3633056fa83dd1a251fbdde83412d7d87013e784b4c

Server Binaries

filenamesha512 hash
kubernetes-server-linux-amd64.tar.gz67282a349bd203fcc8d5d1d59d5b82fc56a14ea66f5a769ef457177ac5bcfb2fb65c239503a68f06a256f8919521fc96b5aad563bfec74eec13afb79a174f96b
kubernetes-server-linux-arm64.tar.gz35fcd3748f0c526094a16c5f220f406b89e26e245c1e7f013891e96864251d371fffe3d1903df583bc1033be072a89ad56bd0df497814777b17a7090d3193229
kubernetes-server-linux-ppc64le.tar.gzd12ab8bc81752e20d118d86282c9db3d2792ffd5671c46619ecdff6cd43e2d48ce081f0cfb65e35b1c473157d7cdff1d98ff270b2a7ff53d43137168d285e038
kubernetes-server-linux-s390x.tar.gz473c70d56232f22e73b7fbb8fde3f64699ae3b695389ba61b11e64f60805241320ead1b4737a95a3bdf975da4e8e8a52ddbb14a36731ff12de80a02894ad9af6

Node Binaries

filenamesha512 hash
kubernetes-node-linux-amd64.tar.gzdc53c66ddd9a2d72d92d9142ec1a6b00b79b4456f843831356c4dc424c8e44e55d1984528b968f1b943adc531a9af19de1070bda893d112982f5405cf9eb3934
kubernetes-node-linux-arm64.tar.gz1a16ac829c4f402543170e88e792fe4cf20ebd615a42afcb67420855c42e289cf7c1c92a268fdfb581b6bf32603a1c15d5eea54fe25d3a2662cac109d673f422
kubernetes-node-linux-ppc64le.tar.gz767e9d116e01554ebe9a62f2a64d310ad0f70277c491293943cf2b540fbf2b1bf2013dfb6b93ea4c7ad6a6e1e66c795f73ca698fcb5caffac0f8ce6de510cf34
kubernetes-node-linux-s390x.tar.gza413fac81f8b6d36f4d788ddeb2ba92f9c8fbabb1beea1bf307fbc26ca7c46720074bf47906d48be613f391973bb978be674870e018efb464896721cd7f18b93
kubernetes-node-windows-amd64.tar.gz1b27368d05ccd8ef5e50d7938c04932e7c5af3611875204c15fd7296a317a43bf8631f7440c90b778089e047c500f8747cb73e18e1b01b8716281066223a3cd6

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

namearchitectures
registry.k8s.io/conformance:v1.30.3amd64arm64ppc64les390x
registry.k8s.io/kube-apiserver:v1.30.3amd64arm64ppc64les390x
registry.k8s.io/kube-controller-manager:v1.30.3amd64arm64ppc64les390x
registry.k8s.io/kube-proxy:v1.30.3amd64arm64ppc64les390x
registry.k8s.io/kube-scheduler:v1.30.3amd64arm64ppc64les390x
registry.k8s.io/kubectl:v1.30.3amd64arm64ppc64les390x

Changelog since v1.30.2

Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2024-5321: Incorrect permissions on Windows containers logs

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

Affected Versions:

  • kubelet <= 1.27.15
  • kubelet <= 1.28.11
  • kubelet <= 1.29.6
  • kubelet <= 1.30.2

Fixed Versions:

  • kubelet 1.27.16
  • kubelet 1.28.12
  • kubelet 1.29.7
  • kubelet 1.30.3

This vulnerability was reported by Paulo Gomes @pjbgf from SUSE.

CVSS Rating: Medium (6.1) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Changes by Kind

Feature

  • Kubernetes is now built with go 1.22.5 (#125895@cpanato) [SIG Release and Testing]

Bug or Regression

  • Add /sys/devices/virtual/powercap to default masked paths. It avoids the potential security risk that the ability to read these files may offer a power-based sidechannel attack against any workloads running on the same kernel. (#125970@carlory) [SIG Node]

  • Fix a bug that Pods could stuck in the unschedulable pod pool if they're rejected by PreEnqueue plugins that could change its result by a change in resources apart from Pods.

    DRA plugin is the only plugin that meets the criteria of the bug in in-tree, and hence if you have DynamicResourceAllocation feature flag enabled, your DRA Pods could be affected by this bug. (#125643@sanposhiho) [SIG Scheduling and Testing]

  • Fix endpoints status out-of-sync when the pod state changes rapidly (#125675@tnqn) [SIG Apps, Network and Testing]

  • For statically provisioned PVs, if its volume source is CSI type or it has migrated annotation, when it's deleted, the PersisentVolume controller won't changes its phase to the Failed state.

    With this patch, the external provisioner can remove the finalizer in next reconcile loop. Unfortunately if the provious existing pv has the Failed state, this patch won't take effort. It requires users to remove finalizer. (#126043@carlory) [SIG Apps and Storage]

  • Job: Fix a bug that the SuccessCriteriaMet could be added to the Job with successPolicy regardless of the featureGate enabling (#125455@tenzen-y) [SIG Apps]

  • NONE (#126129@cji) [SIG Node and Windows]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.



Contributors, the CHANGELOG-1.30.md has been bootstrapped with v1.30.3 release notes and you may edit now as needed.



Published by your Kubernetes Release Managers.

Reply all
Reply to author
Forward
0 new messages