Kubernetes v1.16.0-alpha.1 is live!

200 views

Skip to first unread message

Stephen Augustus

unread,

Jul 17, 2019, 1:35:20 AM7/17/19

to kubernete...@googlegroups.com, Kubernetes developer/contributor discussion

Kubernetes Community,

Kubernetes v1.16.0-alpha.1 has been built and pushed!

We also recorded portions of the release process:

Part one: https://youtu.be/VYhBqBoeAVY
Part two: https://youtu.be/aOyZGleHGf0

The release notes have been updated in CHANGELOG-1.16.md with a pointer to it on github:

v1.16.0-alpha.1

Documentation

Downloads for v1.16.0-alpha.1

filename	sha512 hash
kubernetes.tar.gz	`67d96e5cc912e9750b1173d45f949dd0183437ce50b4f31d8a2973d763f56f4e0006d8302fc9ee857a5cc5d68d26b2c8290869b3ebd3de2b230226e55bb161d3`
kubernetes-src.tar.gz	`77da51d67017216c4091cd80cbaa4d3951d9f9c5bb051bc05138c1615f6c3bc56884dde344b80460c61207fa2099b46709466dcfa569569833c30c471346c0a1`

Client Binaries

filename	sha512 hash
kubernetes-client-darwin-386.tar.gz	`0ccc26c3d4a91aa3b455b2928401f3c439f540779ca58d447dcd3de739175052da629a59203e55ebf78b258ca0ff64aae20cb45608d29cc2fd7f81fd5bcd6d97`
kubernetes-client-darwin-amd64.tar.gz	`ce204440f41995149361f48ded33f6c13fab6c23e00702e5f52a707d808285413711088da5a30a33866a1594fffec54ac1157db98281bcee3d956571ca67a8a7`
kubernetes-client-linux-386.tar.gz	`8e5242c36e9b9b0f16ab78309928d78e8356059ff3d3b0868fb47f351c0da57e3bd243cc7571a2dcace73a56dc053abfdca803b62253837b1fd55b3b14b4f722`
kubernetes-client-linux-amd64.tar.gz	`8449e1c026ac0e1678d9972a37b727c44a1a4cc8f518fbddff8b33f846c9e71b47a6aa825951dd9a0d64223ccae1e771255dacc0ee0ebd5a538400af41b9e05b`
kubernetes-client-linux-arm.tar.gz	`b121c4f4a443b4f24710289d5f24cae48439ac8c77e43749f9bddfcf5729444ae7436b44b36c9529a8dba800030e30a4e7d07b20f4abaad79478dcade1814f81`
kubernetes-client-linux-arm64.tar.gz	`8567204369362b0413ac58b17f7b4f450a5ff1cbd5a9b399860444fa98004f913edb27bb701443ef9ee9b98c0788c6e876649e1ef35ce258901c0db953911a4a`
kubernetes-client-linux-ppc64le.tar.gz	`159bf132430810016b4714eaf505e3c235f41f7733b172b436409648432b5b466d7a4e336679f42d697225f0c2207a00ae3eae141fba26b9194a111eb4cf62e4`
kubernetes-client-linux-s390x.tar.gz	`d6f46b96eff56e20fdecfff543e69e4d5d289632c36f8f1c1929b1f52a459f4183c79f24ce580a9392568fe18668bc0763a989310d31f7dd182b7806d8b237b6`
kubernetes-client-windows-386.tar.gz	`bae8f8b7fc66b2aaa0563a9bc7bb3f7b40235cafbf6a150ffed95d008c9b6cd7fe51a8bf3c2ac7d4a8309378ca3f121a19aa34d612b5c44b5b1af6dd7e6f33a6`
kubernetes-client-windows-amd64.tar.gz	`06e760391270e9c809e5e26d8f4bcbc266829ca40f518ecba92881b50c6ddfbb2f1a4f35dd91419cfb37a459ed25fe169513806596caa2390b405af873b0d6cd`

Server Binaries

filename	sha512 hash
kubernetes-server-linux-amd64.tar.gz	`e0d8357d16aa999d9012670b555128eaf4b83fd503fd61a03c3ea61fe6990faa0d49c0e7be892bd2424add66cda094827441532cd69a82aa8a4e27e01bdf5bb2`
kubernetes-server-linux-arm.tar.gz	`d0d3eafe31f5577d5b68e2cb7ae2aee294dfc6ba51342103c343e071ca7b41cbb5fe9408086bccf456138e92be2ced555524afb02a2dc71da8bfc98f347961cb`
kubernetes-server-linux-arm64.tar.gz	`954b32144787aa8db069ccda153aa85eb78212b774dec811a93cc53aacfc15e7949d5848d83ed152d787ade21c913ff73f35031da6f9e8000658994aec345446`
kubernetes-server-linux-ppc64le.tar.gz	`c61fa3b8d3a32238b0241861a23d27ab4a888463c8fa8c3400471928f8359abd9be9818dd1983425fc950a7edc37b693e14d6636bb7c826d55226634c4857b4b`
kubernetes-server-linux-s390x.tar.gz	`e750cc2ec0e8fdc6bd43a2bd6987cb834a43fb6186d379280e2be14562689d5807285f5aa188685489c7fd557cb907bdfd68db5504a2648db7fed5b2ab969101`

Node Binaries

filename	sha512 hash
kubernetes-node-linux-amd64.tar.gz	`4f04d4dfcb739c1a7a711d3130bcb1c8197013492efeb32b0a4241b216c4c1c07fef87713c415604c9f8327383cc7a166d83494f283f8073bd14a6707d534804`
kubernetes-node-linux-arm.tar.gz	`8dec0d5fa6e5a3a4a6ebde5aeeb2900a980d89c75174d8c462be44eb98bcf9c2c67dde9161cd483a16137f57b3d67afc2a56e93373b402e4159e2e708562a9b9`
kubernetes-node-linux-arm64.tar.gz	`6f55c12602df3af0b116f185340e78ad7c1d2cb88f84139db3389cf78b9f658e1ac7f83c0bbf95a7d61a6dfebbbe0a03f67fc9595f8c8684fb5840ba0d481ebd`
kubernetes-node-linux-ppc64le.tar.gz	`5e0ddc2da0f5033971f5f89229fdd4ee42d87cd03e7857a21e7da14299d1278f8dac3df6d5d48172e801334497768c94d8857a469807148f1781a94e7dbb989c`
kubernetes-node-linux-s390x.tar.gz	`7bcfa090ca90258ddc3a2b57de8496dc5ca27850761f845992b2bd56fcaf458f4476d7f9ff7365af73343cbebfe30ccc5a89540388b8eaa9b3f897a786ec8a4f`
kubernetes-node-windows-amd64.tar.gz	`1c923bc91250f7e1a9296778740cd1fbaa1b0bd2ef4a5fd1a35189d6edb16a2217ba7d30c2aed3894f51e183af5b6893973542893d1777f2893c06755329ac6c`

Changelog since v1.15.0

Action Required

Migrate scheduler to use v1beta1 Event API. action required: any tool targeting scheduler events needs to use v1beta1 Event API (#78447, @yastij)
scheduler.alpha.kubernetes.io/critical-pod annotation is removed. Pod priority (spec.priorityClassName) should be used instead to mark pods as critical. Action required! (#79554, @draveness)
hyperkube: the --make-symlinks flag, deprecated in v1.14, has been removed. (#80017, @Pothulapati)
Node labels beta.kubernetes.io/metadata-proxy-ready, beta.kubernetes.io/metadata-proxy-ready and beta.kubernetes.io/kube-proxy-ds-ready are no longer added on new nodes. (#79305, @paivagustavo)
* ip-mask-agent addon starts to use the label node.kubernetes.io/masq-agent-ds-ready instead of beta.kubernetes.io/masq-agent-ds-ready as its node selector.
* kube-proxy addon starts to use the label node.kubernetes.io/kube-proxy-ds-ready instead of beta.kubernetes.io/kube-proxy-ds-ready as its node selector.
* metadata-proxy addon starts to use the label cloud.google.com/metadata-proxy-ready instead of beta.kubernetes.io/metadata-proxy-ready as its node selector.
* Kubelet removes the ability to set kubernetes.io or k8s.io labels via --node-labels other than the specifically allowed labels/prefixes.
The following APIs are no longer served by default: (#70672, @liggitt)
* All resources under apps/v1beta1 and apps/v1beta2 - use apps/v1 instead
* daemonsets, deployments, replicasets resources under extensions/v1beta1 - use apps/v1 instead
* networkpolicies resources under extensions/v1beta1 - use networking.k8s.io/v1 instead
* podsecuritypolicies resources under extensions/v1beta1 - use policy/v1beta1 instead
- Serving these resources can be temporarily re-enabled using the --runtime-config apiserver flag.
  - apps/v1beta1=true
  - apps/v1beta2=true
  - extensions/v1beta1/daemonsets=true,extensions/v1beta1/deployments=true,extensions/v1beta1/replicasets=true,extensions/v1beta1/networkpolicies=true,extensions/v1beta1/podsecuritypolicies=true
- The ability to serve these resources will be completely removed in v1.18.
ACTION REQUIRED: Removed deprecated flag --resource-container from kube-proxy. (#78294, @vllry)
- The deprecated --resource-container flag has been removed from kube-proxy, and specifying it will now cause an error. The behavior is now as if you specified --resource-container="". If you previously specified a non-empty --resource-container, you can no longer do so as of kubernetes 1.16.

Other notable changes

When HPAScaleToZero feature gate is enabled HPA supports scaling to zero pods based on object or external metrics. HPA remains active as long as at least one metric value available. (#74526, @DXist)
- To downgrade the cluster to version that does not support scale-to-zero feature:
- 1. make sure there are no hpa objects with minReplicas=0. Here is a oneliner to update it to 1:
- $ kubectl get hpa --all-namespaces --no-headers=true | awk '{if($6==0) printf "kubectl patch hpa/%s --namespace=%s -p "{\"spec\":{\"minReplicas\":1}}"
  ", $2, $1 }' | sh
- 1. disable HPAScaleToZero feature gate
Add support for writing out of tree custom scheduler plugins. (#78162, @hex108)
Remove deprecated github.com/kardianos/osext dependency (#80142, @loqutus)
Add Bind extension point to the scheduling framework. (#79313, @chenchun)
On Windows systems, %USERPROFILE% is now preferred over %HOMEDRIVE%\%HOMEPATH% as the home folder if %HOMEDRIVE%\%HOMEPATH% does not contain a .kube* Add --kubernetes-version to "kubeadm init phase certs ca" and "kubeadm init phase kubeconfig" (#80115, @gyuho)
kubeadm ClusterConfiguration now supports featureGates: IPv6DualStack: true (#80145, @Arvinderpal)
Fix a bug that ListOptions.AllowWatchBookmarks wasn't propagating correctly in kube-apiserver. (#80157, @wojtek-t)
Bugfix: csi plugin supporting raw block that does not need attach mounted failed (#79920, @cwdsuzhou)
Increase log level for graceful termination to v=5 (#80100, @andrewsykim)
kubeadm: support fetching configuration from the original cluster for 'upgrade diff' (#80025, @SataQiu)
The sample-apiserver gains support for OpenAPI v2 spec serving at /openapi/v2. (#79843, @sttts)
- The generate-internal-groups.sh script in k8s.io/code-generator will generate OpenAPI definitions by default in pkg/generated/openapi. Additional API group dependencies can be added via OPENAPI_EXTRA_PACKAGES=<group>/<version> <group2>/<version2>....
Cinder and ScaleIO volume providers have been deprecated and will be removed in a future release. (#80099, @dims)
kubelet's --containerized flag was deprecated in 1.14. This flag is removed in 1.16. (#80043, @dims)
Optimize EC2 DescribeInstances API calls in aws cloud provider library by querying instance ID instead of EC2 filters when possible (#78140, @zhan849)
etcd migration image no longer supports etcd2 version. (#80037, @dims)
Promote WatchBookmark feature to beta and enable it by default. (#79786, @wojtek-t)
- With WatchBookmark feature, clients are able to request watch events with BOOKMARK type. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session.
update to use go 1.12.7 (#79966, @tao12345666333)
Add --shutdown-delay-duration to kube-apiserver in order to delay a graceful shutdown. /healthz will keep returning success during this time and requests are normally served, but /readyz will return faillure immediately. This delay can be used to allow the SDN to update iptables on all nodes and stop sending traffic. (#74416, @sttts)
The MutatingWebhookConfiguration and ValidatingWebhookConfiguration APIs have been promoted to admissionregistration.k8s.io/v1: (#79549, @liggitt)
* failurePolicy default changed from Ignore to Fail for v1
* matchPolicy default changed from Exact to Equivalent for v1
* timeout default changed from 30s to 10s for v1
* sideEffects default value is removed and the field made required for v1
* admissionReviewVersions default value is removed and the field made required for v1 (supported versions for AdmissionReview are v1 and v1beta1)
* The name field for specified webhooks must be unique for MutatingWebhookConfiguration and ValidatingWebhookConfiguration objects created via admissionregistration.k8s.io/v1
- The admissionregistration.k8s.io/v1beta1 versions of MutatingWebhookConfiguration and ValidatingWebhookConfiguration are deprecated and will no longer be served in v1.19.
The garbage collector and generic object quota controller have been updated to use the metadata client which improves memory (#78742, @smarterclayton)
- and CPU usage of the Kube controller manager.
SubjectAccessReview requests sent for RBAC escalation, impersonation, and pod security policy authorization checks now populate the version attribute. (#80007, @liggitt)
na (#79892, @mikebrow)
Use O_CLOEXEC to ensure file descriptors do not leak to subprocesses. (#74691, @cpuguy83)
The namespace controller has been updated to use the metadata client which improves memory (#78744, @smarterclayton)
- and CPU usage of the Kube controller manager.
NONE (#79933, @mm4tt)
add kubectl replace --raw and kubectl delete --raw to have parity with create and get (#79724, @deads2k)
E2E tests no longer add command line flags directly to the command line, test suites that want that need to be updated if they don't use HandleFlags (#75593, @pohly)
- loading a -viper-config=e2e.yaml with suffix (introduced in 1.13) works again and now has a regression test
Kubernetes now supports transparent compression of API responses. Clients that send Accept-Encoding: gzip will now receive a GZIP compressed response body if the API call was larger than 128KB. Go clients automatically request gzip-encoding by default and should see reduced transfer times for very large API requests. Clients in other languages may need to make changes to benefit from compression. (#77449, @smarterclayton)
Resolves an issue serving aggregated APIs backed by services that respond to requests to / with non-2xx HTTP responses (#79895, @deads2k)
updated fluentd to 1.5.1, elasticsearchs & kibana to 7.1.1 (#79014, @monotek)
kubeadm: implement support for concurrent add/remove of stacked etcd members (#79677, @neolit123)
Added a metric 'apiserver_watch_events_total' that can be used to understand the number of watch events in the system. (#78732, @mborsz)
KMS Providers will install a healthz check for the status of kms-pluign in kube-apiservers' encryption config. (#78540, @immutableT)
Fixes a bug in openapi published for custom resources using x-kubernetes-preserve-unknown-fields extensions, so that kubectl will allow sending unknown fields for that portion of the object. (#79636, @liggitt)
A new client k8s.io/client-go/metadata.Client has been added for accessing objects generically. This client makes it easier to retrieve only the metadata (the metadata sub-section) from resources on the cluster in an efficient manner for use cases that deal with objects generically, like the garbage collector, quota, or the namespace controller. The client asks the server to return a meta.k8s.io/v1 PartialObjectMetadata object for list, get, delete, watch, and patch operations on both normal APIs and custom resources which can be encoded in protobuf for additional work. If the server does not yet support this API the client will gracefully fall back to JSON and transform the response objects into PartialObjectMetadata. (#77819, @smarterclayton)
changes timeout value in csi plugin from 15s to 2min which fixes the timeout issue (#79529, @andyzhangx)
kubeadm: provide "--control-plane-endpoint" flag for controlPlaneEndpoint (#79270, @SataQiu)
Fixes invalid "time stamp is the future" error when kubectl cp-ing a file (#73982, @tanshanshan)
Kubelet should now more reliably report the same primary node IP even if the set of node IPs reported by the CloudProvider changes. (#79391, @danwinship)
To configure controller manager to use ipv6dual stack: (#73977, @khenidak)
- use --cluster-cidr=",".
- Notes:
- 1. Only the first two cidrs are used (soft limits for Alpha, might be lifted later on).
- 1. Only the "RangeAllocator" (default) is allowed as a value for --cidr-allocator-type . Cloud allocators are not compatible with ipv6dualstack
When using the conformance test image, a new environment variable E2E_USE_GO_RUNNER will cause the tests to be run with the new Golang-based test runner rather than the current bash wrapper. (#79284, @johnSchnake)
kubeadm: prevent PSP blocking of upgrade image prepull by using a non-root user (#77792, @neolit123)
kubelet now accepts a --cni-cache-dir option, which defaults to /var/lib/cni/cache, where CNI stores cache files. (#78908, @dcbw)
Update Azure API versions (containerregistry --> 2018-09-01, network --> 2018-08-01) (#79583, @justaugustus)
Fix possible fd leak and closing of dirs in doSafeMakeDir (#79534, @odinuge)
kubeadm: fix the bug that "--cri-socket" flag does not work for kubeadm reset (#79498, @SataQiu)
kubectl logs --selector will support --tail=-1. (#74943, @JishanXing)
Introduce a new admission controller for RuntimeClass. Initially, RuntimeClass will be used to apply the pod overhead associated with a given RuntimeClass to the Pod.Spec if a corresponding RuntimeClassName is specified. (#78484, @egernst)
- PodOverhead is an alpha feature as of Kubernetes 1.16.
Fix kubelet errors in AArch64 with huge page sizes smaller than 1MiB (#78495, @odinuge)
The alpha metadata.initializers field, deprecated in 1.13, has been removed. (#79504, @yue9944882)
Fix duplicate error messages in cli commands (#79493, @odinuge)
Default resourceGroup should be used when the value of annotation azure-load-balancer-resource-group is an empty string. (#79514, @feiskyer)
Fixes output of kubectl get --watch-only when watching a single resource (#79345, @liggitt)
RateLimiter add a context-aware method, fix client-go request goruntine backlog in async timeout scene. (#79375, @answer1991)
Fix a bug where kubelet would not retry pod sandbox creation when the restart policy of the pod is Never (#79451, @yujuhong)
Fix CRD validation error on 'items' field. (#76124, @tossmilestone)
The CRD handler now properly re-creates stale CR storage to reflect CRD update. (#79114, @roycaihw)
Integrated volume limits for in-tree and CSI volumes into one scheduler predicate. (#77595, @bertinatto)
Fix a bug in server printer that could cause kube-apiserver to panic. (#79349, @roycaihw)
Mounts /home/kubernetes/bin/nvidia/vulkan/icd.d on the host to /etc/vulkan/icd.d inside containers requesting GPU. (#78868, @chardch)
Remove CSIPersistentVolume feature gates (#79309, @draveness)
Init container resource requests now impact pod QoS class (#75223, @sjenning)
Correct the maximum allowed insecure bind port for the kube-scheduler and kube-apiserver to 65535. (#79346, @ncdc)
Fix remove the etcd member from the cluster during a kubeadm reset. (#79326, @bradbeam)
Remove KubeletPluginsWatcher feature gates (#79310, @draveness)
Remove HugePages, VolumeScheduling, CustomPodDNS and PodReadinessGates feature flags (#79307, @draveness)
The GA PodPriority feature gate is now on by default and cannot be disabled. The feature gate will be removed in v1.18. (#79262, @draveness)
Remove pids cgroup controller requirement when related feature gates are disabled (#79073, @rafatio)
Add Bind extension point of the scheduling framework (#78513, @chenchun)
if targetPort is changed that will process by service controller (#77712, @Sn0rt)
update to use go 1.12.6 (#78958, @tao12345666333)
kubeadm: fix a potential panic if kubeadm discovers an invalid, existing kubeconfig file (#79165, @neolit123)
fix kubelet fail to delete orphaned pod directory when the kubelet's pods directory (default is "/var/lib/kubelet/pods") symbolically links to another disk device's directory (#79094, @gaorong)
Addition of Overhead field to the PodSpec and RuntimeClass types as part of the Pod Overhead KEP (#76968, @egernst)
fix pod list return value of framework.WaitForPodsWithLabelRunningReady (#78687, @pohly)
The behavior of the default handler for 404 requests fro the GCE Ingress load balancer is slightly modified in the sense that it now exports metrics using prometheus. The metrics exported include: (#79106, @vbannai)
- - http_404_request_total (the number of 404 requests handled)
- - http_404_request_duration_ms (the amount of time the server took to respond in ms)
- Also includes percentile groupings. The directory for the default 404 handler includes instructions on how to enable prometheus for monitoring and setting alerts.
The kube-apiserver has improved behavior for both startup and shutdown sequences and also now exposes eadyz for readiness checking. Readyz includes all existing healthz checks but also adds a shutdown check. When a cluster admin initiates a shutdown, the kube-apiserver will try to process existing requests (for the duration of request timeout) before killing the apiserver process. (#78458, @logicalhan)
- The apiserver also now takes an optional flag "--maximum-startup-sequence-duration". This allows you to explicitly define an upper bound on the apiserver startup sequences before healthz begins to fail. By keeping the kubelet liveness initial delay short, this can enable quick kubelet recovery as soon as we have a boot sequence which has not completed in our expected time frame, despite lack of completion from longer boot sequences (like RBAC). Kube-apiserver behavior when the value of this flag is zero is backwards compatible (this is as the defaulted value of the flag).
fix: make azure disk URI as case insensitive (#79020, @andyzhangx)
Enable cadvisor ProcessMetrics collecting. (#79002, @jiayingz)
Fixes a bug where kubectl set config hangs and uses 100% CPU on some invalid property names (#79000, @pswica)
Fix a string comparison bug in IPVS graceful termination where UDP real servers are not deleted. (#78999, @andrewsykim)
Reflector watchHandler Warning log 'The resourceVersion for the provided watch is too old.' is now logged as Info. (#78991, @sallyom)
fix a bug that pods not be deleted from unmatched nodes by daemon controller (#78974, @DaiHao)
NONE (#78821, @jhedev)
Volume expansion is enabled in the default GCE storageclass (#78672, @msau42)
kubeadm: use the service-cidr flag to pass the desired service CIDR to the kube-controller-manager via its service-cluster-ip-range flag. (#78625, @Arvinderpal)
kubeadm: introduce deterministic ordering for the certificates generation in the phase command "kubeadm init phase certs" . (#78556, @neolit123)
Add Pre-filter extension point to the scheduling framework. (#78005, @ahg-g)
fix pod stuck issue due to corrupt mnt point in flexvol plugin, call Unmount if PathExists returns any error (#75234, @andyzhangx)

Leads, the CHANGELOG-1.16.md has been bootstrapped with v1.16.0-alpha.1 release notes and you may edit now as needed.