Kubernetes v1.26.0-beta.0 is live!

24 views
Skip to first unread message

Jeremy Rickard

unread,
Nov 10, 2022, 7:20:40 PM11/10/22
to kubernetes-announce, dev
Kubernetes Community,

Kubernetes v1.26.0-beta.0 has been built and pushed using Golang version 1.19.3.

The release notes have been updated in CHANGELOG-1.26.md, with a pointer to them on GitHub:

v1.26.0-beta.0

Downloads for v1.26.0-beta.0

Source Code

filename sha512 hash
kubernetes.tar.gz 9aa7ea4dac63ca19b62dbb5ff3769f96d52f17d14050bdb4832936b6732879b93544ffae4411783e57b5171e12bc7bba8dbd275fdbc0755712a0b80069d06097
kubernetes-src.tar.gz 350ee84981bdc47f1ccee421efe2102d1323195b605c79884a0a3628c49d20533bbf3f49d54a3ce94b2a5627290103a4edd14cfdd1bd732c859f88ad06ad178a

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 8333a7b382ce29c79f9d2958c90e5e34c3af205a64d7f99bf94817df92879b136ba1f40a675555368aee68a9278a03142f20b8cb1797d1eaa3ba2344e2109904
kubernetes-client-darwin-arm64.tar.gz 5f263002532b818c9dca80119f7fe78474f7fee66d13409e8fad588b1aa7edda7a333a1f0982b86582b0a202f57253a6ae7a64ecba9569e9b08f478f1cc2c2e3
kubernetes-client-linux-386.tar.gz 344a33e30a29043533810d48f42d34d25a919925f85610b232c8c2f9da04c6faa2e43bc45dc7cb2d04c4c7bc24e6d77621abdc667a4a0707082212505babe5d5
kubernetes-client-linux-amd64.tar.gz 267dd3143813d7462dc821ec2ebf22c266280420fdecbbaf73e4f03a803ef4be5e0e98bbac036e0ba96e4c56ba937cf1064ed91208dff0b91797b3243810d097
kubernetes-client-linux-arm.tar.gz c1779aa4bed88510640de2f2c964c981f188a6a15d2e468e503982ad63f20a0f282752d9e3d9e811895ccf7e8847fe9c7bbecb76d64d087e83a9677c8d6a6ad0
kubernetes-client-linux-arm64.tar.gz 82170b76010c8f54c8a40684a1226433626afabd6c585cd41035e17aa8923d1c3991cbae0d77ca79153a972d8840b92d1958e253e3a9ae5eda2b9e8d9c09d01e
kubernetes-client-linux-ppc64le.tar.gz d0e59ec798ef03c01990e184847b1bfd38805d9e95901699c5bbbdf31d2e942dab63a8fb68656dc9affd0fa483efb360751d5d0b445f9d6c1e9713c1f10d1f7f
kubernetes-client-linux-s390x.tar.gz d2ebeadcdd809f9f1ee4bd1884efd5093279cc3511c791007061ee980becdf7e1e3980f61f644b7425d1ec10c386d8c74e9296031472376bf8ea481c047920e9
kubernetes-client-windows-386.tar.gz 04d7a1387112428283081fc74bcaf83d7a7dbe59f58bad45794603e8dfa4cee723aa1b4fd1616c96dc9ff2e49a246345d4135756d9779a86916d41e4cbeae46c
kubernetes-client-windows-amd64.tar.gz db7680b960de8f2f0da782ae2e6b2e396c5b4606e7c894af5bf4e5627fb83d635b3b7f893af80252515bd0fef2accf6b598ba5042ffd5e9c8d71cff68fc4ab25
kubernetes-client-windows-arm64.tar.gz 7ff409c0c1f2ca26f42dd6199b559df390238f17c1bf868a10e8d1433bfe7305bed57f20b187a806076f2788a64ad224998ac5dfaeb20a7cef01dfc6bf025de0

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz ef82141b01f845ad0576207cf528a9d1f8be681e1fd4744d4e01f3692491a0a640de92f79ef4294d924deee29926de4b0eefc6757addc6a27557c79ca94e3c46
kubernetes-server-linux-arm.tar.gz 14f2be17866492accd69225b55ddca636aa46cd825a9092bb2bf05cd2adc04c59e0b8271adab4b345b8368337863a3884d608ca7e8de48d3598d1b144e4142dc
kubernetes-server-linux-arm64.tar.gz c7df332e9bb9c20abdd3a0e2a57509e3ef7b5ea0eadee6cffc09c6cbffb0e01fb845a1135a7d4ea3e784227022839bae8936a3d95846b5fde23bf7e096413c1c
kubernetes-server-linux-ppc64le.tar.gz a5e5b2d60a4fde3db2214a0509c677e94c205fab7350b57dca79558a999f28752fe096ee863d4c9c410079fab3a08665aec84cb1a1732d53e9ac09cffe65b389
kubernetes-server-linux-s390x.tar.gz 4d84170a3a5bcea73db3c922154724e4021dd3fd20833698428002975eec1a958f528f54d747870ace58859741eeebc7caec1074ae84ba08b35d5a1efa1ab0d1

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 2a194c2e2da4949df32806a7592716406ab3148287e6c97285155e0c7390b8cbcdbd426fb4ff40885f1db7b31355e7bcf9f590edeb77318ba5e39e92e40569f1
kubernetes-node-linux-arm.tar.gz 960ab6a725cd5b9ac59449cda00605a4f4d876541b362852cd2c915b1cf449713139c540f1a7d8e48920a67515fc3389007313cfa348e886ec7e4cb7c783e90e
kubernetes-node-linux-arm64.tar.gz ee3c62ab7174e737c372325a5bc086b61d42b957211e6fb1061aafee8f24284ceca22c0d7c2e92020327a8cf4bd1fe9a8cd685174c0c5ae03bb7ed293c1d6dc6
kubernetes-node-linux-ppc64le.tar.gz 28dc29007d319172c82b6ae675a218ce4dc484ddb81371ddccd5e5aeced90aa4033a08eb6ac3d562627b7762988d7de2f72fbfddada454009b9f3c0137d23864
kubernetes-node-linux-s390x.tar.gz ebdb47d96ae97ec6abfa9ec0863b1ead84615c49be950e79dff27a8a6a2454044854976545017947528ab104007f9010a27d68b96916219934e541bbafd23851
kubernetes-node-windows-amd64.tar.gz f2197c28414f98a77cc501a47a960be22c45a19f1023c0a4a426442aa719a7c6b66a660ad9721d817216e59ac2ce8a2d0e7db89c1e36b4938833329af40b85af

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.26.0-beta.0 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.26.0-beta.0 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.26.0-beta.0 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.26.0-beta.0 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.26.0-beta.0 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.26.0-alpha.3

Changes by Kind

Deprecation

  • CLI flag pod-eviction-timeout is deprecated and will be removed together with enable-taint-manager in v1.27. (#113710, @kerthcet) [SIG API Machinery and Apps]

API Change

  • A new enqueue extension point is added to scheduler's component config v1beta2/v1beta3/v1. (#113275, @Huang-Wei) [SIG API Machinery, Apps, Instrumentation, Scheduling and Testing]

  • Add DataSourceRef2 alpha field to PersistentVolumeClaimSpec API. (#113186, @ttakahashi21) [SIG API Machinery, Apps, Storage and Testing]

  • Add a kube-proxy flag (--iptables-localhost-nodeports, default true) to allow disabling NodePort services on loopback addresses. Note: this only applies to iptables mode and ipv4. (#108250, @cyclinder) [SIG API Machinery, Cloud Provider, Network, Node, Scalability, Storage and Testing]

  • Added a --topology-manager-policy-options flag to the kubelet to support fine tuning the topology manager policies. The first policy option, prefer-closest-numa-nodes, allows these policies to favor sets of NUMA nodes with shorter distance between nodes when making admission decisions. (#112914, @PiotrProkop) [SIG API Machinery and Node]

  • Added a feature that allows a StatefulSet to start numbering replicas from an arbitrary non-negative ordinal, using the .spec.ordinals.start field. (#112744, @pwschuurman) [SIG API Machinery and Apps]

  • Deprecate the apiserver_request_slo_duration_seconds metric for v1.27 in favor of apiserver_request_sli_duration_seconds for naming consistency purposes with other SLI-specific metrics and to avoid any confusion between SLOs and SLIs. (#112679, @dgrisonnet) [SIG API Machinery and Instrumentation]

  • Enable the "Retriable and non-retriable pod failures for jobs" feature into beta (#113360, @mimowo) [SIG Apps, Auth, Node, Scheduling and Testing]

  • Graduate JobTrackingWithFinalizers to stable. Jobs created before the feature was enabled are still tracked without finalizers. Users can choose to migrate jobs to tracking with finalizers by adding the annotation batch.kubernetes.io/job-tracking. If the annotation was already present and the user attempts to remove it, the control plane adds the annotation back. (#113510, @alculquicondor) [SIG API Machinery, Apps and Testing]

  • Graduate ServiceInternalTrafficPolicy feature to GA (#113496, @avoltz) [SIG Apps and Network]

  • If you enabled automatic reload of encryption configuration with API server flag --encryption-provider-config-automatic-reload, ensure all the KMS provider names (v1 and v2) in the encryption configuration are unique. (#113697, @aramase) [SIG API Machinery and Auth]

  • Introduce v1alpha1 API for validating admission policies, enabling extensible admission control via CEL expressions (KEP 3488: CEL for Admission Control). To use, enable the ValidatingAdmissionPolicy feature gate and the admissionregistration.k8s.io/v1alpha1 API via --runtime-config. (#113314, @cici37) [SIG API Machinery, Auth, Cloud Provider and Testing]

  • Kubelet adds the following pod failure conditions:

    • DisruptionTarget (graceful node shutdown, node pressure eviction) (#112360, @mimowo) [SIG Apps, Node and Testing]

  • Metav1.LabelSelectors specified in API objects are now validated to ensure they do not contain invalid label values that will error at time of use. Existing invalid objects can be updated, but new objects are required to contain valid label selectors. (#113699, @liggitt) [SIG API Machinery, Apps, Auth, Network and Storage]

  • Moving MixedProtocolLBService from beta to GA (#112895, @janosi) [SIG Apps, Network and Testing]

  • New Pod API field .spec.scheudlingGates is introduced to enable users to control when to mark a Pod as scheduling ready. (#113274, @Huang-Wei) [SIG Apps, Scheduling and Testing]

  • NodeInclusionPolicy in podTopologySpread plugin is enabled by default. (#113500, @kerthcet) [SIG API Machinery, Apps, Scheduling and Testing]

  • Priority and Fairness has introduced a new feature called borrowing that allows an API priority level to borrow a number of seats from other priority level(s). As a cluster operator, you can enable borrowing for a certain priority level configuration object via the two newly introduced fields lendablePercent, and borrowingLimitPercent located under the .spec.limited field of the designated priority level. This PR adds the following metrics.

    • apiserver_flowcontrol_nominal_limit_seats: Nominal number of execution seats configured for each priority level
    • apiserver_flowcontrol_lower_limit_seats: Configured lower bound on number of execution seats available to each priority level
    • apiserver_flowcontrol_upper_limit_seats: Configured upper bound on number of execution seats available to each priority level
    • apiserver_flowcontrol_demand_seats: Observations, at the end of every nanosecond, of (the number of seats each priority level could use) / (nominal number of seats for that level)
    • apiserver_flowcontrol_demand_seats_high_watermark: High watermark, over last adjustment period, of demand_seats
    • apiserver_flowcontrol_demand_seats_average: Time-weighted average, over last adjustment period, of demand_seats
    • apiserver_flowcontrol_demand_seats_stdev: Time-weighted standard deviation, over last adjustment period, of demand_seats
    • apiserver_flowcontrol_demand_seats_smoothed: Smoothed seat demands
    • apiserver_flowcontrol_target_seats: Seat allocation targets
    • apiserver_flowcontrol_seat_fair_frac: Fair fraction of server's concurrency to allocate to each priority level that can use it
    • apiserver_flowcontrol_current_limit_seats: current derived number of execution seats available to each priority level

    The possibility of borrowing means that the old metric apiserver_flowcontrol_request_concurrency_limit can no longer mean both the configured concurrency limit and the enforced concurrency limit. Henceforth it means the configured concurrency limit. (#113485, @MikeSpreitzer) [SIG API Machinery and Testing]

  • The EndpointSliceTerminatingCondition feature gate has graduated to GA. The gate is now locked and will be removed in v1.28. (#113351, @andrewsykim) [SIG API Machinery, Apps, Network and Testing]

  • Yes, aggregated discovery will be alpha and can be toggled with the AggregatedDiscoveryEndpoint feature flag (#113171, @Jefftree) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Network, Node, Release, Scalability, Scheduling, Storage and Testing]

Feature

  • API Server tracing now includes the latency of authorization, priorityandfairness, impersonation, audit, and authentication filters. (#113217, @dashpole) [SIG API Machinery and Instrumentation]
  • Add a method StreamWithContext to remotecommand.Executor to support cancelable SPDY executor stream. (#103177, @arkbriar) [SIG API Machinery, CLI, Node and Testing]
  • Add alpha support for returning container and pod metrics from CRI, instead of cAdvsior (#113609, @haircommander) [SIG Architecture, Instrumentation and Node]
  • Add support for Evented PLEG feature gate (#111384, @harche) [SIG Node and Testing]
  • Add the metric pod_start_sli_duration_seconds to kubelet (#111930, @azylinski) [SIG Instrumentation, Node and Testing]
  • Added reconstruction of SELinux mount context after kubelet restart. Feature SELinuxMountReadWriteOncePod is now fully implemented and kubelet does not lose its cache of SELinux contexts after kubelet process restart. (#113596, @jsafrane) [SIG Apps, Node, Storage and Testing]
  • Added selector validation to HorizontalPodAutoscaler: when multiple HPAs select the same set of Pods, scaling now will be disabled for those HPAs with the reason AmbiguousSelector. This change also covers a case when multiple HPAs point to the same deployment. (#112011, @pbeschetnov) [SIG Apps and Autoscaling]
  • Added: publishing events when enabling/disabling topologyAwareHints. (#113544, @LiorLieberman) [SIG Apps and Network]
  • Adding alpha support for WindowsHostNetworking feature (#112961, @marosset) [SIG Node and Windows]
  • Adds alpha --output plaintext protected by environment variable KUBECTL_EXPLAIN_OPENAPIV3 (#113146, @alexzielenski) [SIG CLI]
  • Adds metrics force_delete_pods_total and force_delete_pod_errors_total in the Pod GC Controller. (#113519, @xing-yang) [SIG Apps]
  • CSIMigrationvSphere upgraded to GA and locked to true. Do not upgrade to K8s 1.26 if you need Windows support until vSphere CSI Driver adds support for it in a version post v2.7.x. (#113336, @divyenpatel) [SIG Storage]
  • DelegateFSGroupToCSIDriver feature is GA. (#113225, @bertinatto) [SIG Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
  • Graduate Kubelet CPU Manager to GA. (#113018, @fromanirh) [SIG Node and Testing]
  • Graduate Kubelet Device Manager to GA. (#112980, @swatisehgal) [SIG Cloud Provider and Node]
  • If ComponentSLIs feature gate is enabled, then /metrics/slis becomes available on cloud-controller-manager allowing you to scrape health check metrics. (#113340, @Richabanker) [SIG Cloud Provider]
  • Kubectl config view now automatically redacts any secret fields marked with a datapolicy tag (#109189, @mpuckett159) [SIG API Machinery, Auth, CLI and Testing]
  • Kubectl shell completions for the bash shell now include descriptions. (#113636, @marckhouzam) [SIG CLI]
  • Kubernetes is now built with Go 1.19.3 (#113550, @xmudrii) [SIG Release and Testing]
  • Make Azure File CSI migration as GA in 1.26 (#113160, @andyzhangx) [SIG Cloud Provider]
  • NodeOutOfServiceVolumeDetach is now beta. (#113511, @xing-yang) [SIG Node and Storage]
  • Pod Security admission: the pod-security warn level will now default to the enforce level. (#113491, @tallclair) [SIG Auth and Security]
  • Promote kubectl alpha events to kubectl events (#113819, @soltysh) [SIG CLI and Testing]
  • Promote the APIServerIdentity feature to Beta. By default, each kube-apiserver will now create a Lease in the kube-system namespace. These lease objects can be used to identify the number of active API servers in the cluster, and may also be used for future features such as the Storage Version API. (#113629, @andrewsykim) [SIG API Machinery and Testing]
  • Promoting WindowsHostProcessContainers to stable (#113476, @marosset) [SIG Apps, Node, Testing and Windows]
  • RetroactiveDefaultStorageClass feature is now beta. (#113329, @RomanBednar) [SIG Apps, Storage and Testing]
  • The LegacyServiceAccountTokenNoAutoGeneration feature gate has been promoted to GA (#112838, @zshihang) [SIG API Machinery, Apps, Auth and Testing]
  • The ProxyTerminatingEndpoints feature is now Beta and enabled by default. When enabled, kube-proxy will attempt to route traffic to terminating pods when the traffic policy is Local and there are only terminating pods remaining on a node. (#113363, @andrewsykim) [SIG Network]
  • The iptables kube-proxy backend should process service/endpoint changes more efficiently in very large clusters. (#110268, @danwinship) [SIG Instrumentation and Network]
  • Update the Lease identity naming format for the APIServerIdentity feature to use a persistent name (#113307, @andrewsykim) [SIG API Machinery, Node and Testing]
  • Updated cAdvisor to v0.46.0 (#113769, @bobbypage) [SIG Architecture, CLI, Cloud Provider, Node and Storage]

Bug or Regression

  • Apiserver: use the correct error when logging errors updating managedFields (#113711, @andrewsykim) [SIG API Machinery]
  • Bump runc to v1.1.4 (#113719, @pacoxu) [SIG Node]
  • Do not raise an error when setting an annotation with the same value, just ignore it. (#109505, @zigarn) [SIG CLI]
  • Fix cost estimation of token creation request for service account in Priority and Fairness. (#113206, @marseel) [SIG API Machinery]
  • Fix that disruption controller changes the status of a stale disruption condition after 2 min when the PodDisruptionConditions feature gate is enabled (#113580, @mimowo) [SIG Auth]
  • Fix the PodAndContainerStatsFromCRI feature, instead of supplementing with stats from cAdvisor. (#113291, @mengjiao-liu) [SIG Instrumentation and Node]
  • Fixed DaemonSet to update the status even if it fails to create a pod. (#112127, @gjkim42) [SIG Apps and Testing]
  • For kubectl, --server-side now migrates ownership of all fields used by client-side-apply to the specified --fieldmanager. This prevents fields previously specified using kubectl from being able to live outside of server-side-apply's management and become undeleteable. (#112905, @alexzielenski) [SIG API Machinery, CLI and Testing]
  • Kubectl apply: warning that kubectl will ignore no-namespaced resource pv & namespace in a future release if the namespace is specified and allowlist is not specified (#110907, @pacoxu) [SIG CLI]
  • Kubelet: Fixes a startup crash in devicemanager (#113021, @rphillips) [SIG Node]
  • Kubelet: fix nil pointer in reflector start for standalone mode (#113501, @pacoxu) [SIG Node]
  • NOTE (#113749, @jpbetz) [SIG API Machinery]
  • Pod logs using --timestamps are not broken up with timestamps anymore. (#113481, @rphillips) [SIG Node]
  • Resolves an issue that causes winkernel proxier to treat stale VIPs as valid (#113521, @daschott) [SIG Network and Windows]
  • The resourceVersion returned in objects from delete responses is now consistent with the resourceVersion contained in the delete watch event (#113369, @wojtek-t) [SIG API Machinery]

Other (Cleanup or Flake)

  • A new API server flag --encryption-provider-config-automatic-reload has been added to control when the encryption config should be automatically reloaded without needing to restart the server. All KMS plugins are merged into a single healthz check at /healthz/kms-providers when reload is enabled, or when only KMS v2 plugins are used. (#113529, @enj) [SIG API Machinery, Auth and Testing]
  • Added a --prune-allowlist flag that can be used with kubectl apply --prune. This flag replaces and functions the same as the --prune-whitelist flag, which has been deprecated. (#113116, @brianpursley) [SIG CLI]
  • Deprecated the following kubectl run flags, which are ignored if set: --cascade, --filename, --force, --grace-period, --kustomize, --recursive, --timeout, --wait (#112261, @brianpursley) [SIG CLI]
  • Dropped support for the Container Runtime Interface (CRI) version v1alpha2, which means that container runtimes just have to implement v1. (#110618, @saschagrunert) [SIG Node and Security]
  • Promote job-related metrics to stable to follow IndexedJobs GA, the following metrics had their name updated to match metrics API guidelines:
    • job_sync_total -> job_syncs_total
    • job_finished_total -> jobs_finished_total (#113010, @soltysh) [SIG Apps and Instrumentation]
  • Promote cronjob_job_creation_skew metric to stable to follow the cronjob v2 controller, the following metrics had their name updated to match metrics API guidelines:
    • cronjob_job_creation_skew_duration_seconds -> job_creation_skew_duration_seconds (#113008, @soltysh) [SIG Apps and Instrumentation]
  • Rename the feature gate for CEL in Admission Control to ValidatingAdmissionPolicy. (#113735, @cici37) [SIG API Machinery and Testing]
  • kubelet_kubelet_credential_provider_plugin_duration is renamed kubelet_credential_provider_plugin_duration and kubelet_kubelet_credential_provider_plugin_errors is renamed kubelet_credential_provider_plugin_errors. (#113754, @logicalhan) [SIG Instrumentation and Node]

Dependencies

Added

Nothing has changed.

Changed

Removed

Nothing has changed.


Contributors, the CHANGELOG-1.26.md has been bootstrapped with v1.26.0-beta.0 release notes and you may edit now as needed.



Published by your Kubernetes Release Managers.

Reply all
Reply to author
Forward
0 new messages