Kubernetes v1.26.0 has been built and pushed using Golang version 1.19.4.
The release notes have been updated in CHANGELOG-1.26.md, with a pointer to them on GitHub:
filename | sha512 hash |
---|---|
kubernetes.tar.gz | 3062a427a45548bd9c5a8358c740f0a5cfea7b546dca724c71d28768bb36c628280c91263a362afd01c89ef3944f5a768ed44e75d421fe9dc1ec2e8ba26214f3 |
kubernetes-src.tar.gz | 30ef5d75282fee72e6affff34c72f76fc1d0154b3f37ad2897dec8c63ce6620d9e3237cc3c34ba3cab5d31f64ed43c4ec79c8bc40e832de6c4895a449d05682f |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | a8c7d82db6a415e7c16bc6a35ee59115e91491f842816b0128b5668821223ab9477697151ec31fb052cd893d57fc507b0a3b68f9bffd666f9d4b821c336a10c8 |
kubernetes-client-darwin-arm64.tar.gz | 5b449a69eb22902bdc5cc110b65d3103e459639c4b8eb84eed005a79efc8c9f42dd0a37f5d51b073e96f69a5de36b44c00b3bf730334d1296bd3df3a2f7c603b |
kubernetes-client-linux-386.tar.gz | 32881e912da9edf44d304bb67b4302fd271d4925928c28cd9e8d94fa677e8e8d4706eb1d9a7490f51f87cf39cf087133895a047aaf1564caa8783e3e3af190e9 |
kubernetes-client-linux-amd64.tar.gz | e4e55a2b7cfcb8a61a982b4c5630119dac74c793fad285a5753f3fad20122c266fce4f291889a03c562d6416d9f07992bf5de78298bd6801b06a8c36dc7a0acf |
kubernetes-client-linux-arm.tar.gz | 72b2899747277a8c50f2ccf8dc9293532e9d0f18fbfc5ce2bd847f46939930819a031d2ef6e6f624ea7b48d61653d14cc8869651c6155d4cada801e63e45a90f |
kubernetes-client-linux-arm64.tar.gz | 54081ebe799fd11ace1b54b66a4ad3c87f233dcc8f14ec38fd02d69daccf8a5e46e42e615582316a0930528fd108c679590813edc69aea151a1e8e384d3d5b31 |
kubernetes-client-linux-ppc64le.tar.gz | 1cb6bcae4e060cb581c89121dc623d75cd07d665876f12fc441a2cae54f194883e2f9aa02e2f61a066f7d604626c98b6baeb38ac2aea22d34eee68ce3530d12a |
kubernetes-client-linux-s390x.tar.gz | 568313713168e29b13849ff2bc3e275af54acb8048a7fe5b7569f713453523f32904f974b3e4888b60cd59ad2d00a97a170c33ee0525cfa224384c936b5bdb97 |
kubernetes-client-windows-386.tar.gz | 81aff59ef27eee27edce5222dfab420e3f9ffe090897820db07cf69bf212adcbe5fe3ce8d8551da6c2dc99c9a0ce05d9f0bad79544043c613e1bb841fe711c14 |
kubernetes-client-windows-amd64.tar.gz | ab37bc7569fef9e852944af6cc82a9763d89244749a28b8dd819e9234acccf89ca168cb485fbb8e4dc28c25ec3d4686503f3b3dfa5509283c674f7460fe84456 |
kubernetes-client-windows-arm64.tar.gz | a4373d6d3d37dcde3f86ed17e5d079c74247ee412fc062fe58472215a09cdbbefd03ba55d299fc8cbcfb70419e3400a69f84da17b078ffc149c6078df8d0ac50 |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 55de8adfe4d98826cf5f55007b8dbb63cd42fc898b399cd2c74d6c4818f2fbad1de4bd7cba2a94f8edc5a13a6297816691e62ffd0113428d23b8e7592d9d2eb6 |
kubernetes-server-linux-arm.tar.gz | 59305ba936cae7f021f41944491e53b43fce21f64491be44881b68c78b03b25591b850faf24472d10a17941e440ce9d4977e29fce46a7bb7786257311721fd61 |
kubernetes-server-linux-arm64.tar.gz | c0c0c6d1288f4b417b8b4b5960df9af081d2caf8b2abd2117e26677fc4b5b6d3bd5a0638f2559c86e77f7bb6c9acf5bd4e7f33aa4a8f0d9ba50e448c5a780ca9 |
kubernetes-server-linux-ppc64le.tar.gz | 837fc57905aa29f27c253ea392ce331c762789b69a581e2d3709c22f14af0b475d4f691fe48d05f5bac3784b84a6c59e9fbda527b4d9e169f93a10fe09f2d195 |
kubernetes-server-linux-s390x.tar.gz | edf1c11412cff5423389daa6bde79be302d2e8d9962d191247a8935189927ee89f5c24f4be2ffe2a8be0516395677d085d4367d9436bcdd46c5270c36713645f |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | 19d0941ff71a8c7fd9695e69fc03e446dab48d081985f4288a6ff6d6f5a76b1e5c2cec643a9090597760f9444f0846978ddfe6a97e2b3ab59d8530d524be75bb |
kubernetes-node-linux-arm.tar.gz | f75cca0a72a4a4cc1f89210d08b36e7d1777d6af02e74497c3f93fef3308040c278f0600d65d1ccc052f14d567590762327d67453a3a4c06a5fe529dca99f7ae |
kubernetes-node-linux-arm64.tar.gz | 94579d7a3cb146ceffc0af42b5fd886510041fec0a5d5e9c2383e91ae3f6dd663b9691193f67646f38265195757f04bcc55e17ea3fc414174c375e672249c606 |
kubernetes-node-linux-ppc64le.tar.gz | 0487d68b2598a12bc40f7012c2b68a4d2cb0dbfac59eb7d468eb23966ebbbad3cc14e061fb4cb4562366812eefa7a7df704c435522a4d6fb68fec1268b845775 |
kubernetes-node-linux-s390x.tar.gz | a4dc195f599ebe3bc0ea5d2eb9f9004d9770cad7c8333b273f6ff9af0f73528a08c4949c360647f9096cc48a4daf65ecc71b70683728ab75cf3041857b6df965 |
kubernetes-node-windows-amd64.tar.gz | 6331bffc65bea362245a0bcba2ce28521679c60e0332e329872c5a588d21cca0162c48cac4ac2fcdb303116f5f4f62596f81658cc056d34add27857ec53b22d1 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
v1.26
are no longer served. See https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-26 for more information. (#111973, @liggitt)pod-eviction-timeout
is deprecated and will be removed together with enable-taint-manager
in v1.27. (#113710, @kerthcet)--master-service-namespace
flag was deprecated and will be removed in v1.27. (#112797, @SataQiu)gcp
and azure
auth plugins have been removed from client-go
and kubectl
. See kubelogin and Kubectl Auth Changes in GKE for details about the cloud-specific replacements. (#112341, @enj)preEnqueue
extension point was added to scheduler's component config
v1beta2/v1beta3/v1
.'
(#113275, @Huang-Wei)ResourceClaim
API (in the resource.k8s.io/v1alpha1
API group and
behind the DynamicResourceAllocation
feature gate).
The new API is now more flexible than the existing Device Plugins feature of Kubernetes because it
allows Pods to request (claim) special kinds of resources, which can be available at node level, cluster
level, or following any other model you implement.' (#111023, @pohly)preStop
and postStart
lifecycle handlers using httpGet
now
honor the specified scheme
and headers
fields. This enables setting custom
headers and changing the scheme to HTTPS
, consistent with container
startup/readiness/liveness probe capabilities. Lifecycle handlers configured
with scheme: HTTPS
that encounter errors indicating the endpoint is actually
using HTTP fall back to making the request over HTTP for compatibility with
previous releases. When this happens, a LifecycleHTTPFallback
event is recorded
in the namespace of the pod and a kubelet_lifecycle_handler_http_fallbacks_total
metric in the kubelet is incremented. Cluster administrators can opt out of the
expanded lifecycle handler capabilities by setting
--feature-gates=ConsistentHTTPGetHandlers=false
in kubelet
.'
(#86139, @jasimmons)JobTrackingWithFinalizers
to stable.
Jobs created before the feature was enabled are still tracked without finalizers.
Jobs tracked with finalizers have the annotation batch.kubernetes.io/job-tracking.
If the annotation is present and the user attempts to remove it, the control plane adds it back.
The annotation batch.kubernetes.io/job-tracking
is now deprecated.
The control plane will ignore it and stop adding it for new Jobs in v1.27.' (#113510, @alculquicondor)lendablePercent
, and
borrowingLimitPercent
located under the .spec.limited
field of the designated priority level.
This change added the following metrics:
apiserver_flowcontrol_nominal_limit_seats
: Nominal number of execution seats configured for each priority levelapiserver_flowcontrol_lower_limit_seats
: Configured lower bound on number of execution seats available to each priority levelapiserver_flowcontrol_upper_limit_seats
: Configured upper bound on number of execution seats available to each priority levelapiserver_flowcontrol_demand_seats
: Observations, at the end of every nanosecond, of (the number of seats each priority level could use) / (nominal number of seats for that level)apiserver_flowcontrol_demand_seats_high_watermark
: High watermark, over last adjustment period, of demand_seatsapiserver_flowcontrol_demand_seats_average
: Time-weighted average, over last adjustment period, of demand_seatsapiserver_flowcontrol_demand_seats_stdev
: Time-weighted standard deviation, over last adjustment period, of demand_seatsapiserver_flowcontrol_demand_seats_smoothed
: Smoothed seat demandsapiserver_flowcontrol_target_seats
: Seat allocation targetsapiserver_flowcontrol_seat_fair_frac
: Fair fraction of server's concurrency to allocate to each priority level that can use itapiserver_flowcontrol_current_limit_seats
: current derived number of execution seats available to each priority level
The possibility of borrowing means that the old metric apiserver_flowcontrol_request_concurrency_limit
can no longer mean both the configured concurrency limit and the enforced concurrency limit. Henceforth it means the configured concurrency limit.' (#113485, @MikeSpreitzer)NodeInclusionPolicy
in podTopologySpread
plugin is now enabled by default.'
(#113500, @kerthcet)PodDisruptionBudget
now adds an alpha spec.unhealthyPodEvictionPolicy
field.
When the PDBUnhealthyPodEvictionPolicy
feature-gate is enabled in kube-apiserver
,
setting this field to "AlwaysAllow"
allows pods to be evicted if they do not
have a ready condition, regardless of whether the PodDisruptionBudget is currently
healthy.'
(#113375, @atiratree)metav1.LabelSelectors
specified in API objects are now validated to ensure
they do not contain invalid label values that will error at time of use. Existing
invalid objects can be updated, but new objects are required to contain valid
label selectors.'
(#113699, @liggitt)percentageOfNodesToScore
as a scheduler profile level parameter to API version v1
. When a profile percentageOfNodesToScore
is set, it will override global percentageOfNodesToScore
. (#112521, @yuanchen8911)kubectl auth whoami
. (#111333, @nabokihms) [SIG API Machinery, Auth, CLI and Testing]kubernetes_feature_enabled
metric series to track whether each active feature gate is enabled. (#112690, @logicalhan)--topology-manager-policy-options
flag to the kubelet to support fine tuning the topology manager policies. The first policy option, prefer-closest-numa-nodes
, allows these policies to favor sets of NUMA nodes with shorter distance between nodes when making admission decisions. (#112914, @PiotrProkop)StatefulSet
to start numbering replicas from an arbitrary non-negative ordinal, using the .spec.ordinals.start
field. (#112744, @pwschuurman)--iptables-localhost-nodeports
, default true) to allow disabling NodePort services on loopback addresses. Note: this only applies to iptables mode and ipv4. (#108250, @cyclinder)DataSourceRef
field in PersistentVolumeClaim
API. (#113186, @ttakahashi21)AggregatedDiscoveryEndpoint
feature flag. (#113171, @Jefftree)cpuCFSQuotaPeriod
to 1ms to match Linux kernel expectations. (#112123, @paskal)apiserver_request_slo_duration_seconds
metric for v1.27 in favor of apiserver_request_sli_duration_seconds
for naming consistency purposes with other SLI-specific metrics and to avoid any confusion between SLOs and SLIs. (#112679, @dgrisonnet)kube-controller-manager
to support '--concurrent-horizontal-pod-autoscaler-syncs' flag to set the number of horizontal pod autoscaler controller workers. (#108501, @zroubalik)field is immutable
errors validating updates to Event API objects via the events.k8s.io/v1
API. (#112183, @liggitt)ServiceInternalTrafficPolicy
feature to GA. (#113496, @avoltz)v1beta3
for Priority and Fairness with the following changes to the API spec:
v1alpha1
API for validating admission policies, enabling extensible admission control via CEL expressions (KEP 3488: CEL for Admission Control). To use, enable the ValidatingAdmissionPolicy
feature gate and the admissionregistration.k8s.io/v1alpha1
API via --runtime-config
. (#113314, @cici37)--encryption-provider-config-automatic-reload
, ensure all the KMS provider names (v1 and v2) in the encryption configuration are unique. (#113697, @aramase)v1beta1
to v1
with no API changes. (#111616, @ndixita)-v
and -vmodule
are still supported. (#112120, @pohly) [SIG Architecture, CLI, Instrumentation, Node and Testing]MixedProtocolLBService
from beta to GA. (#112895, @janosi).spec.schedulingGates
is introduced to enable users to control when to mark a Pod as scheduling ready. (#113274, @Huang-Wei)Lease
and Event
API objects) has been corrected to truncate to microsecond precision, to match the documented behavior and JSON/YAML serialization. Any existing persisted data is truncated to microsecond when read from etcd. (#111936, @haoruan)ServiceLoadBalancerClass
and ServiceLBNodePortControl
. These feature gates were enabled (and locked) since v1.24
. (#112577, @andrewsykim)client-go
latency metrics to be reported with a template URL to avoid label cardinality. (#111752, @aanm)EndpointSliceTerminatingCondition
feature gate was graduated to GA. The gate is now locked and will be removed in v1.28. (#113351, @andrewsykim)DynamicKubeletConfig
feature gate has been removed from the API server.
Dynamic kubelet reconfiguration now can't be used even when older nodes are still
attempting to rely on it. This is aligned with the Kubernetes version skew policy.
(#112643, @SergeyKanzhelev)kubectl wait
command with jsonpath
flag will wait for target path until timeout.
(#109525, @jonyhy96)HorizontalPodAutoscaler
: when multiple HPAs
select the same set of Pods, scaling now will be disabled for those HPAs with
the reason AmbiguousSelector
. This change also covers a case when multiple HPAs
point to the same deployment.'
(#112011, @pbeschetnov)warn
level will now default to
the enforce
level.'
(#113491, @tallclair)APIServerIdentity
feature to Beta. By default, each kube-apiserver
will now create a Lease in the kube-system
namespace. These lease objects can
be used to identify the number of active API servers in the cluster, and may also
be used for future features such as the Storage Version API.'
(#113629, @andrewsykim)CSIMigrationvSphere
was upgraded to GA and locked to true. Do not upgrade to K8s
1.26 if you need Windows, or XFS, or raw block support until vSphere CSI Driver
adds support for them in a version post v2.7.x.'
(#113336, @divyenpatel)DelegateFSGroupToCSIDriver
feature is GA.'
(#113225, @bertinatto)NodeOutOfServiceVolumeDetach
is now beta.'
(#113511, @xing-yang)RetroactiveDefaultStorageClass
feature is now beta.'
(#113329, @RomanBednar)registered_metric_total
will now report the number of metrics broken down by
stability level and deprecated version.'
(#112907, @logicalhan)DisableCompression
field (default = false
) has been added to kubeconfig under cluster info. When set to true
, clients using the kubeconfig opt out of response compression for all requests to the apiserver. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112309, @shyamjvs)pod_status_sync_duration_seconds
histogram is reported at alpha metrics stability that estimates how long the Kubelet takes to write a pod status change once it is detected. (#107896, @smarterclayton) [SIG Apps, Architecture, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing]KubernetesAPI
to HTTP GET
. (#112545, @dims)--disable-compression
flag to kubectl
(default = false). When true, it opts out of response compression for all requests to the apiserver
. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112580, @shyamjvs)StreamWithContext
to remotecommand.Executor
to support cancelable SPDY executor stream. (#103177, @arkbriar)CelValidatingAdmissionExtensibility
to enable expression validation for Admission Control. (#112792, @cici37) [SIG API Machinery]WindowsHostNetworking
feature. (#112961, @marosset)kubectl api-resources
command's wide output (-o wide
).
Added --categories
flag to the kubectl api-resources
command, which can be used to filter the output to show only resources belonging to one or more categories. (#111096, @brianpursley) [SIG CLI]job_controller_terminated_pods_tracking_finalizer
which can be used to monitor whether the job controller is removing Pod finalizers from terminated Pods after accounting them in Job status. (#113176, @alculquicondor)TopologyAwareHints
. (#113544, @LiorLieberman)SELinuxMountReadWriteOncePod
is now fully implemented and kubelet does not lose its cache of SELinux contexts after kubelet process restart. (#113596, @jsafrane)pod_start_sli_duration_seconds
to kubelet. (#111930, @azylinski)--container-runtime-endpoint
flag of kubelet to be non-empty. (#112542, @astraw99)KUBECTL_EXPLAIN_OPENAPIV3
(#113146, @alexzielenski) [SIG CLI]force_delete_pods_total
and force_delete_pod_errors_total
in the Pod GC Controller. (#113519, @xing-yang) [SIG Apps]preemption_victims
metric bucket from LinearBuckets
to ExponentialBuckets
. (#112939, @lengrongfu)metrics/slis
for apiserver. (#112741, @logicalhan)job_finished_total metric by new
reason` label and introduce a new job metric to count pod failures
handled by pod failure policy with respect to the action applied. (#113324, @mimowo) [SIG Apps and Testing]ServiceIPStaticSubrange
feature to GA. (#112163, @aojea)ComponentSLIs
feature gate is enabled, then /metrics/slis
becomes available on kubelet, allowing you to scrape health check metrics. (#113030, @Richabanker) [SIG Node]ComponentSLIs
feature gate is enabled, then /metrics/slis
now becomes available on cloud-controller-manager allowing you to scrape health check metrics. (#113340, @Richabanker)
SharedInformerFactory` will now support waiting for goroutines during shutdown.
(#112200, @pohly)kubeadm
, command kubeadm join phase control-plane-prepare certs
now supports to run with dry-run
mode on it's own. (#113005, @chendave)gzip
compression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. (#112299, @shyamjvs)show-join-command
as a new separate phase at the end of kubeadm init
. You can skip printing the join information by using kubeadm init --skip-phases=show-join-command
. Executing only this phase on demand will throw an error because the phase needs dependencies such as bootstrap tokens to be pre-populated. (#111512, @SataQiu)kubeadm reset
. It will cleanup the contents of /etc/kubernetes/tmp
. The flag is off by default. (#112172, @chendave)statusStack
and logging error output
fields. (#112374, @Argh4k)RetroactiveDefaultStorageClass
feature are now available. To see an attempt count for updating PVC retroactively with a default StorageClass see retroactive_storageclass_total
metric and for total numer of errors see retroactive_storageclass_errors_total
. (#113323, @RomanBednar)kubectl alpha events
to kubectl events
. (#113819, @soltysh)WindowsHostProcessContainers
to stable. (#113476, @marosset)ServiceUnavailable
and InternalError
errors, in addition to net.ConnectionRefused
error. (#111809, @Huang-Wei)github.com/russross/blackfriday/v2
(#112731, @pacoxu)LegacyServiceAccountTokenNoAutoGeneration
feature gate was promoted to GA. (#112838, @zshihang)ProxyTerminatingEndpoints
feature is now Beta and enabled by default. When enabled, kube-proxy will attempt to route traffic to terminating pods when the traffic policy is Local
and there are only terminating pods remaining on a node. (#113363, @andrewsykim)goroutines
metric is newly added in the scheduler.
It replaces scheduler_goroutines
metric and it counts the number of goroutine in more places than scheduler_goroutine
does. (#112003, @sanposhiho) [SIG Instrumentation and Scheduling]APIServerIdentity
feature to use a persistent name. (#113307, @andrewsykim)ComponentSLIs
feature gate is enabled, /metrics/slis
becomes available on kube-scheduler, allowing you to scrape health check metrics. (#113026, @Richabanker)ComponentSLIs
feature gate is enabled, then /metrics/slis
becomes available on kube-proxy
allowing you to scrape health check metrics. (#113057, @Richabanker)ComponentSLIs
feature gate is enabled, then /metrics/slis
becomes available on kube-controller-manager, allowing you to scrape health check metrics. (#112978, @logicalhan)LegacyServiceAccountTokenTracking
feature gate is enabled, secret-based service account tokens will have a kubernetes.io/legacy-token-last-used
applied to them containing the date they were last used. (#108858, @zshihang) [SIG API Machinery, Auth and Testing]CSRDuration
feature gate that graduated to GA in 1.24 and is unconditionally
enabled now removed in v1.26.
(#112386, @Shubham82)kubectl config view
now automatically redacts any secret fields marked with a datapolicy
tag. (#109189, @mpuckett159)kubectl run
command, which did not go through the required deprecation period before being removed. (#112243, @brianpursley)kubeadm
. (#112508, @SataQiu)Label
section in vSphere e2e cloud provider configuration. (#112427, @gnufied)/healthz/etcd
endpoint rate limits the number of forwarded health check requests to the etcd backends, answering with the last known state if the rate limit is exceeded. The rate limit is based on 1/2 of the timeout configured, with no burst allowed. (#112046, @aojea)search .
into containers in /etc/resolv.conf
. (#112157, @dghubble)golang.org/x/net
to v0.1.1-0.20221027164007-c63010009c80
. (#112693, @aimuz)DelegatingAuthenticationOptions
can now use DisableAnonymous
to disable Anonymous authentication. (#112181, @xueqzhan)kubectl patch
. (#112556, @ardaguclu)podTopologySpread
plugin to avoid unexpected scheduling results. (#112507, @kerthcet)DaemonSet
to update the status even if it fails to create a pod. (#112127, @gjkim42)appProtocol
for a Service did not trigger a load balancer update. (#112785, @MartinForReal) [SIG Cloud Provider and Network]kubectl exec
. (#113041, @saschagrunert)kubectl
while exec auth was in use. (#112017, @enj)winkernel
proxier that causes proxy rules to leak anytime service backends are modified. (#112837, @daschott)kubectl rollout history
where only the latest revision was displayed when a specific revision was requested and an output format was specified. (#111093, @brianpursley)kubectl label
with --dry-run
flag. (#111571, @brianpursley)NoExecute
continue to run when the PodDisruptionConditions
feature gate is enabled. (#112518, @mimowo)metadata.name
specified. (#112557, @marseel)PodDisruptionConditions
feature gate is enabled. (#113580, @mimowo)PodAndContainerStatsFromCRI
feature, instead of supplementing with stats from cAdvisor. (#113291, @mengjiao-liu)job_finished_total
metric. (#112948, @mimowo)kubectl
, --server-side
now migrates ownership of all fields used by client-side-apply to the specified --fieldmanager
. This prevents fields previously specified using kubectl from being able to live outside of server-side-apply's management and become undeleteable. (#112905, @alexzielenski)NodeStageVolume
for every single "map" (i.e. raw block "mount") operation for a volume already attached to the node. This change modified that behavior to ensure it is only called once per volume per node. (#112403, @akankshakumari393)kubectl
display of invalid request errors returned by the API server. (#112150, @liggitt),
x-kubernetes-list-type` validation is now enforced when updating status of custom resources.' (#111866, @pacoxu)kube-apiserver
, custom resources can now be specified in the --encryption-provider-config
file and can be encrypted in etcd. (#113015, @ritazh).spec.podFailurePolicy.rules[*].onExitCode
might be ignored if the Pod is deleted before it terminates. (#113856, @alculquicondor)DELETECOLLECTION API
requests are now recorded in metrics with the correct verb. (#113133, @sxllwx)--aggregator-reject-forwarding-redirect=false
to continue forwarding redirect responses. (#112193, @jindijamie) [SIG API Machinery and Testing]/apis/$group/$version
(#112772, @liggitt) [SIG API Machinery and Testing]304 Not Modified
responses from aggregated API servers as internal errors. (#112526, @liggitt)TaintToleration
plugin for PodTopologySpread
plugin. (#112357, @SataQiu)remove-etcd-member
phase are executed. (#110972, @chendave) [SIG Cluster Lifecycle]ClusterConfiguration
networking fields. (#112751, @SataQiu)pv & namespace
in a future release if the namespace is specified and allowlist is not specified. (#110907, @pacoxu)kubectl convert
did not pick the right API version (#112700, @SataQiu)--node-ip
. (In particular, this fixes the problem where people who
were unnecessarily using --node-ip
with an external cloud provider in 1.23,
and then running into problems with 1.24, could not fix the problem by just
removing the unnecessary --node-ip
from the kubelet arguments, because
that wouldn't remove the annotation that caused the problems.) (#112184, @danwinship) [SIG Network and Node]Path does not exist
. (#112650, @rphillips)Default
DNS policy. (#112414, @pacoxu) [SIG Network and Node]<resource>.<group>
instead of go
struct type. This means e.g. that *v1.Pod
becomes pods
. Additionally, resources that come from CustomResourceDefinitions
are displayed as the correct resource and group, instead of *unstructured.Unstructured
. (#111807, @ncdc)LocalStorageCapacityIsolationFSQuotaMonitoring
back to Alpha. (#112076, @rphillips)MountPoints
are now grouped correctly on all cases. (#112571, @claudiubelu)SchedulerError
rather than Unschedulable
. (#111999, @kerthcet)--timestamps
are not broken up with timestamps anymore. (#113481, @rphillips)ResourceVersion
returned in objects from delete responses is now consistent with the ResourceVersion
contained in the delete watch event. (#113369, @wojtek-t)kube-scheduler
and kube-controller-manager
now use server side apply to set conditions related to pod disruption. (#113304, @mimowo) [SIG API Machinery, Apps and Scheduling]k8s.io/apimachinery/pkg/api/meta
now support for the stdlibs
errors.Is
matching, including when wrapped. (#111808, @alvaroaleman)etcd_request_duration_seconds
and etcd_bookmark_counts
now differentiate by group resource instead of object type, allowing unique entries per CustomResourceDefinition
, instead of grouping them all under *unstructured.Unstructured
. (#112042, @ncdc)kube-proxy
to restart in case it detects that the Node assigned pod.Spec.PodCIDRs
have changed. (#111344, @aojea)LoadBalancer
services, for there to be fewer AWS security group rules in most cases. (#112267, @sjenning)golang.org/x/text`` to
v0.3.8`` to fix CVE-2022-32149 (#112989, @ameukam)kubectl
now escapes terminal special characters in output. This fixes CVE-2021-25743.
(#112553, @dgl)cronjob_job_creation_skew
metric to stable to follow the cronjob v2 controller,
the following metrics had their name updated to match metrics API guidelines:
kubelet_kubelet_credential_provider_plugin_duration
was renamed to kubelet_credential_provider_plugin_duration
and kubelet_kubelet_credential_provider_plugin_errors
was renamed to kubelet_credential_provider_plugin_errors
.'
(#113754, @logicalhan)--encryption-provider-config-automatic-reload
was added to control when the encryption config should be automatically reloaded without needing to restart the server. All KMS plugins are now merged into a single healthz check at /healthz/kms-providers
when reload is enabled, or when only KMS v2 plugins are used. (#113529, @enj)--prune-allowlist
flag that can be used with kubectl apply --prune
. This flag now replaces and functions the same as the --prune-whitelist
flag, which has been deprecated. (#113116, @brianpursley)kubernetes_feature_enabled
metric which will tell you if a feature is enabled. (#112652, @logicalhan)--cascade
, --filename
, --force
, --grace-period
, --kustomize
, --recursive
, --timeout
, --wait
. (#112261, @brianpursley)v1alpha2
, which means that container runtimes just have to implement v1
. (#110618, @saschagrunert)ginkgo.BeforeEach
, ginkgo.AfterEach
or ginkgo.DeferCleanup
directly after creating a framework instance and are guaranteed that their code is called after the framework is initialized and before it gets cleaned up. ginkgo.DeferCleanup
replaces f.AddAfterEach
and AddCleanupAction
which got removed to simplify the framework. (#111998, @pohly)ComponentSLIs
alpha feature-gate for component SLIs metrics endpoint. (#112884, @logicalhan) [SIG API Machinery]DefaultPodTopologySpread
, NonPreemptingPriority
, PodAffinityNamespaceSelector
and PreferNominatedNode
feature gates that graduated to GA in v1.24 and were unconditionally enabled have been removed in v1.26. (#112567, @SataQiu)UnversionedKubeletConfigMap
feature gate. The feature has been GA and locked to enabled since v1.25
. (#113448, @pacoxu)node-role.kubernetes.io/master
taint from the CoreDNS deployment of kubeadm
. With the 1.25 release of kubeadm the taint node-role.kubernetes.io/master
is no longer applied to control plane nodes and the toleration for it can be removed with the release of 1.26. You can also perform the same toleration removal from your own addon manifests. (#112008, @pacoxu)--container-runtime=remote
flag for the kubelet during kubeadm init/join/upgrade. The flag value remote
had been the only possible value since dockershim
was removed from the kubelet. (#112000, @pacoxu)ServerSideApply
feature gate to true with the feature already being GA. (#112748, @wojtek-t)test/e2e/framework
so that the core framework is smaller. Optional functionality like resource monitoring, log size monitoring, metrics gathering and debug information dumping must be imported by specific e2e test suites. Init packages are provided which can be imported to re-enable the functionality that traditionally was in the core framework. If you have code that no longer compiles because of this PR, you can use the script from a commit message to update that code. (#112043, @pohly)PodOverhead
feature gate as the feature is in GA since v1.24
. (#112579, @SergeyKanzhelev)ValidatingAdmissionPolicy
. (#113735, @cici37)IndexedJob
and SuspendJob
feature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26. (#112589, @SataQiu)e2e.test
binary no longer emits JSON structs to document progress. (#113212, @pohly)etcd_db_total_size_in_bytes
is renamed to apiserver_storage_db_total_size_in_bytes
. (#113310, @logicalhan) [SIG API Machinery]cri-tools
to [v1.25.0(https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.25.0) (#112058, @saschagrunert)GlusterFS
in-tree storage driver which was deprecated in kubernetes 1.25 release is now removed entirely in 1.26. (#112015, @humblec)
Contributors, the
CHANGELOG-1.26.md has been bootstrapped with
v1.26.0 release notes and you may edit now as needed.
Published by your
Kubernetes Release
Managers.