filename | sha512 hash |
---|---|
kubernetes.tar.gz |
1abe2ea09c08787dfa85450d026499a7a716bb771ff5af0aff1ac651b0059c0aac7a4e8558ef1eddffd4ccf1871daa9086d0be2e3ed8bed47f8c9930e52578ef |
kubernetes-src.tar.gz |
69a4ae4e4d227f784e241078b5667b7b7eb3cf787d237475cb311e6d417ceb2057624db6d2a5dded81e97db6250fb2e642388b564107fa86ac3c4b5e75980843 |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz |
3a98e32c6e912b0d7e8af31a1e49be20983dd6ddfbc54024cf58eab551cba5398fb04d69138c39b3bc672c962b5a038f4404ac603a6e338218f00511e0bbf41e |
kubernetes-client-darwin-arm64.tar.gz |
98fa1d19bb9250ff7c9536090a3d939fc2c7cc7253efd91e1fba4613acf44557bf5cdae9d7fd4fc5c209eeacc8bc2b584d281b92fc6e3d1ccea7cf43853d64cc |
kubernetes-client-linux-386.tar.gz |
608388b0233e08b7b68fb62721275c271356db4c95b2686821a0b6e2c002e26b5d453ea470adddc9b3c17c623d29cec0a2ff66adb75b1e74f9a2f77101e8679e |
kubernetes-client-linux-amd64.tar.gz |
7983b34128518610a63b500bc9a612b5c334180555af534940a3ec839d4e0b476c9d7742cb6cc57c9ba15de609561fafef5854b3708e48c1e9f822480f3e60b6 |
kubernetes-client-linux-arm.tar.gz |
36955e5c1637d0b1f679f2ae7e8bf780b9e70fc8a7e64c5194aa8a44035982b97bf8ca631dbc1af4c46d91ff686fdd24bd49b5076fc1617a18bc496b0aee6367 |
kubernetes-client-linux-arm64.tar.gz |
edc3cc941996235d578c59f80e88cdadbc5259a9b3505073deac8632ef3cc08f53bc70959304f4aed5ccf2f99cab02f097730cdab9e8e691f5ffe8217be497fe |
kubernetes-client-linux-ppc64le.tar.gz |
45a0119f4e5953eebe3cdf2e714d2cce376a800ca8194030880c0b3b5a5f9e462aa2e73bab97d16c9094dac290e3e55ba3df006fc7cd50f1ee1acdedc4dba7a1 |
kubernetes-client-linux-s390x.tar.gz |
6a15fe0ad5ca4fbff89ea38d0390cf9c822971a50bb18bc37c23dfe3655a7072ed60f87408a47733c7ecb64cebe6201b43140ce6978f2a3c7753ff98bb0e4156 |
kubernetes-client-windows-386.tar.gz |
aea2df663dc841a513ceb060fb7368f492ec864c75c87569594c1d1a09cae2caa6e67846517fd246214395716ec7809e5b9bd6a92adae7afed1a4b087e9a3831 |
kubernetes-client-windows-amd64.tar.gz |
5483baf908e22de9347fa965ffb1487afec12dc3c3b8642895ac91811154e2cee5de4a3218369f55929badff0466ae9437b59c0922a3699c2bec44a7c4841c47 |
kubernetes-client-windows-arm64.tar.gz |
fe922ecb57a0313ff461438db130416ad3dc4c849f243cf4f29010288351afe3a9ec786b1c820784bd51ca8f7a74f7436797565339d0d0583d93b0a91d5d50aa |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz |
320c934728b8720b08da5a2d4c95cea111e4bc2efa508a8e48393f45037b0cb3c5331e3ec1f744f83dd57644c6fdd684bdcad9c2fa01108ed2cca6b1046cb821 |
kubernetes-server-linux-arm64.tar.gz |
ddf0c4a47f1cd1ad44e9773b2cf8255c6fb11ef84fa42e73dd9479b9a8b8c94a8dd5ba6581ee3aa152354d9a2fe1ad219ba5289c64aa6b9ddd7ddbca000525d4 |
kubernetes-server-linux-ppc64le.tar.gz |
5a1e839e38f5b4329dd8d0bac38c0dade336952821c8a4dc550221290481dc8d65f8b2995fc4330c7d0ea6a68fcbe81ae4085edd80b4194761bc86dac3ed380b |
kubernetes-server-linux-s390x.tar.gz |
30fa3358a0b0e32ed7dfcaaba7d4403cdcf3a305124e7419c898db87c9ba1dc1ae5fc8f71c6caf744d35ea85d3526069596204c18f23449a759703b2ae797bbf |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz |
e3e8f443a5397029a26a30852f47a9406dc17622638a7b03d37b384283880503af85d134d2a5dfdcfd7a0a5cb11eef8312b37dec77c90062e29d7e0ea1da6026 |
kubernetes-node-linux-arm64.tar.gz |
d1299f54a2ec4343eb23be36071e3560f339d535b4c2eeb60c09cf40b3357f4371ca198aa4af0c41bde73bef1221a839c846a9f9b497f47f2fdf553238a7dab9 |
kubernetes-node-linux-ppc64le.tar.gz |
cd78d5811ac15aefb3392c9bc10ad97c69d9d87add1237ebfc8c72d12be6137d8a4933967a5294932ceff58ffadaddf541cff8d0ae3b663359ef5f6a9ad98b84 |
kubernetes-node-linux-s390x.tar.gz |
26cec1a3f76289394966f98eab1e27a6dc122ac58f1d7c1ea94eb6b96e74377c449aa282d788655a1f752ff31add47be5389543a75e52cb4de947b7c613fe1e6 |
kubernetes-node-windows-amd64.tar.gz |
b6eed059c8e9c816ca5e26d9fd8154dd904eefd5024e71af59757b801bfd9b232b63d6c74c824b59891a2689b209d1dd7622f86ec3fd8530ebeffab36e3b504c |
prune-whitelist
for apply. Please use the flag prune-allowlist
instead. (#120246,
@pacoxu)SecurityContextDeny
admission plugin, which has been deprecated since
v1.27
, has been removed. It is recommended to use the Pod Security Admission plugin instead, which has been available since v1.25. Refer to the
Kubernetes documentation for more information. (#122612,
@mtardy)managedBy
field on Jobs. Jobs with a custom value of this field - any value other than
kubernetes.io/job-controller
- were skipped by the job controller, and their reconciliation was delegated to an external controller, indicated by the value of the field. Jobs that didn't have this field at all, or where the field value was the
reserved string kubernetes.io/job-controller
, were reconciled by the built-in job controller. (#123273,
@mimowo)CEL
library for IP Addresses and CIDRs. This was made available for use starting from version
1.31
. (#121912,
@JoelSpeed)
image_id
field to the CRI Container message. (#123508,
@saschagrunert)AdmissionWebhookMatchConditions
to GA. The feature is now stable, and the feature gate is now locked to default. (#123560,
@ivelichkovich)DiscoveryURL
. If specified,
discoveryURL
overrides the URL used to fetch discovery information. This is for scenarios where the well-known and jwks endpoints are hosted at a different location than the issuer (such as locally in the cluster). (#123527,
@aramase)username.expression
used 'claims.email', then 'claims.email_verified' must have been used in
username.expression
or extra[*].valueExpression
or
claimValidationRules[*].expression
. An example claim validation rule expression that matches the validation automatically applied when
username.claim
is set to 'email' is 'claims.?email_verified.orValue(true)'. (#123737,
@enj)readOnly
volumes now support recursive read-only mounts for kernel versions >= 5.12." (#123180,
@AkihiroSuda)--authentication-config
files has been promoted to
apiserver.config.k8s.io/v1beta1
. (#123696,
@aramase)status.reservedFor
array was changed so that a strategic-merge-patch can now add individual entries. This change may break clients using strategic merge patch to update status, which rely on the previous behavior (replacing the entire array). (#122276,
@pohly)RelaxedEnvironmentVariableValidation
feature gate. When that gate is enabled, Kubernetes allows almost all printable ASCII characters to be used in the names of environment variables for containers in Pods. (#123385,
@HirazawaUi)trafficDistribution
, to the Service
spec
to express preferences for traffic distribution to endpoints. Enabled through the
ServiceTrafficDistribution
feature gate. (#123487,
@gauravkghildiyal)disable-force-detach
CLI option for kube-controller-manager
. By default, it's set to
false
. When enabled, it prevents force detaching volumes based on maximum unmount time and node status. If activated, the non-graceful node shutdown feature must be used to recover from node failure. Additionally, if a pod needs to be forcibly
terminated at the risk of corruption, the appropriate VolumeAttachment object must be deleted. (#120344,
@rohitssingh)
CustomResourceFieldSelectors
feature gate enabled, the CustomResourceDefinition API now allows specifying
selectableFields
. Listing a field there enables filtering custom resources for that CustomResourceDefinition in list or watch requests. (#122717,
@jpbetz)PodSecurityContext
and container
SecurityContext
. The beta AppArmor annotations are deprecated, and AppArmor status is no longer included in the node ready condition. (#123435,
@tallclair)containerLogMaxWorkers
setting, and adjust the monitoring interval with
containerLogMonitorInterval
. (#114301,
@harshanarayana)PodSchedulingReadiness
feature gate no longer has any effect, and the
.spec.schedulingGates
field is always available within the Pod and PodTemplate APIs. (#123575,
@Huang-Wei)minDomains
in pod topology spread constraints, to general availability. The
MinDomainsInPodTopologySpread
feature gate no longer has any effect, and the field is always available within the Pod and PodTemplate APIs. (#123481,
@sanposhiho)--authorization-config
files has been promoted to
apiserver.config.k8s.io/v1beta1
. (#123640,
@liggitt)hostAliases
are not supported on hostNetwork Pods from the PodSpec API. The feature has been supported since v1.8. (#122422,
@neolit123)…/serviceaccounts/<name>/token
resource handler. The annotation used to persist the issued credential identifier is now
authentication.kubernetes.io/issued-credential-id
. (#123098,
@munnerz) [SIG Auth]WatchListClient
feature gate to client-go
. When enabled, it allows the client to receive a stream of individual items instead of chunking from the server. (#122571,
@p0lyn0mial)apiserver_watch_cache_read_wait
metric to measure the watch cache impact on request latency. (#123190,
@padlar)io.Closer
to be gracefully closed. (#122498,
@Gekko0114)v0.49.0
. (#123599,
@bobbypage)--nodeport-addresses
behavior to default to "primary node IP(s) only" rather than "all node IPs". (#122724,
@nayihz)procMount
field to Unmasked
in a container now required setting
spec.hostUsers=false
as well. (#123520,
@haircommander)kubectl describe
a VolumeAttributesClass
. (#122640,
@carlory)CRDValidationRatcheting
feature gate to beta and made it enabled by default. (#121461,
@alexzielenski)NodeAffinity Score
plugin when it has nothing to do with a Pod. You might have noticed an increase in the metric
plugin_execution_duration_seconds
for extension_point=score
and
plugin=NodeAffinity
, because the plugin only runs when it's relevant. (#117024,
@sanposhiho)RunPreScorePlugins
and RunScorePlugins
. - PreScorePlugin: used NodeInfo in
PreScore
. - Extender: used NodeInfo in Filter
and
Prioritize
. (#121954,
@AxeZhan)ImageGCMaxAge
behavior in the kubelet to wait the MaxAge
duration after the kubelet has restarted before garbage collecting. (#123343,
@haircommander)distroless-iptables
to v0.5.0
, debian-base to bookworm-v1.0.1
, and setcap to
bookworm-v1.0.1
. (#123170,
@cpanato)NewVolumeManagerReconstruction
feature is now GA. (#123442,
@jsafrane)kubectl describe
: Added Suspend to job and Node-Selectors and Tolerations to pod template output. (#122618,
@ivanvc)kubectl get job
now displays the status for the listed jobs. (#123226,
@ivanvc)v3.5.11
. (#122233,
@mzaian)--authorization-config
file when it changes. Reloads increment the
apiserver_authorization_config_controller_automatic_reload_last_timestamp_seconds
timestamp metric, with
status="success"
for successful reloads and status="failed"
for failed reloads. Failed reloads keep using the previously loaded authorization configuration. (#121946,
@liggitt)apiserver_authorization_match_condition_evaluation_errors_total
counter metric labeled by authorizer type and name -
apiserver_authorization_match_condition_exclusions_total
counter metric labeled by authorizer type and name -
apiserver_authorization_match_condition_evaluation_seconds
histogram metric labeled by authorizer type and name. (#123611,
@ritazh)--authorization-configuration
flag. (#123641,
@liggitt)NodeUnschedulable
plugin. The scheduling hints allowed the scheduler to only retry scheduling a Pod that had been previously rejected by the
NodeSchedulable
plugin if a new Node or a Node update had set
.spec.unschedulable
to false. (#122334,
@carlory)kubeadm reset
. When failing to unmount directories under /var/run/kubelet
, kubeadm will now throw an error instead of showing a warning and continuing to clean up said directory. In such situations, it is better for you to inspect
the problem and resolve it manually. Then, you can call kubeadm reset
again to complete the cleanup. (#122530,
@neolit123)-o yaml
and -o json
to the command kubeadm certs check-expiration
. This change is introduced in a new API:
kind: CertificateExpirationInfo apiVersion: output.kubeadm.k8s.io/v1alpha3
The existing non-structured formatting is preserved. The output API version v1alpha2 is now deprecated and will be removed in a future release. Please migrate to using v1alpha3.
(#123372,
@carlory)WaitForAllControlPlaneComponents
feature gate. It could be used to tell kubeadm to wait for all control plane components to be ready when running "kubeadm init" or "kubeadm join --control-plane". Previously, kubeadm only waited for the kube-apiserver.
The "kubeadm join" workflow now includes a new experimental phase called "wait-control-plane". This phase was marked as non-experimental when WaitForAllControlPlaneComponents became GA. Accordingly, a "kubeadm init" phase "wait-control-plane" was also available
once WaitForAllControlPlaneComponents became GA. These phases could be skipped if the user preferred not to wait for the control plane components. (#123341,
@neolit123)port-forward
over websockets (tunneling SPDY) can now be enabled using an
Alpha
feature flag environment variable: KUBECTL_PORT_FORWARD_WEBSOCKETS=true. The API Server being communicated to must
also have an Alpha
feature flag enabled: PortForwardWebsockets. (#123413,
@seans3)custom
has been introduced in kubectl debug
, allowing users to customize pre-defined profiles. (#120346,
@ardaguclu)image_pull_duration_seconds
was added. The metric tracks the duration (in seconds) it takes for an image to be pulled, including the time spent in the waiting queue of image puller. The metric is broken down by bucketed image size. (#121719,
@ruiwen-zhao)lifecycle_handler_sleep_terminated_total
is added to record how many times LifecycleHandler sleep got unexpectedly terminated. (#122456,
@AxeZhan)client-go
support for upgrading subresource fields from client-side to server-side management. (#123484,
@erikgb)exec-interactive-mode
and exec-provide-cluster-info
flags in kubectl config set-credentials command. (#122023,
@ardaguclu)process_start_time_seconds
to /metrics/slis
endpoint of all components. (#122750,
@richabanker)apiserver_encryption_config_controller_automatic_reloads_total
to measure the total number of API server encryption configuration reload successes and failures. This metric now contains the
status
label with a value that is either success
or
failure
. Deprecated the metrics apiserver_encryption_config_controller_automatic_reload_success_total
and
apiserver_encryption_config_controller_automatic_reload_failure_total
. Please use
apiserver_encryption_config_controller_automatic_reloads_total
instead. (#123179,
@aramase)MutatingAdmissionPolicy
for enabling mutation policy in admission chain. (#123425,
@cici37)access_mode
label to volume_manager_selinux_*
metrics. (#123667,
@jsafrane)kubelet --node-ip
values when using a cloud provider. The feature is now GA, and the
CloudDualStackNodeIPs
feature gate is always enabled. (#123134,
@danwinship)nominalConcurrencyShares
field now accepts a zero value in both the
flowcontrol.apiserver.k8s.io/v1
and flowcontrol.apiserver.k8s.io/v1beta3
APIs. (#123001,
@tkashem)client-go
. Depending on the actual implementation, users can control features via environmental variables or command line options. (#122555,
@p0lyn0mial)SELinuxMount
, which can now be enabled to accelerate SELinux relabeling. (#123157,
@jsafrane)apiserver_authentication_jwt_authenticator_latency_seconds
metric, labeled by jwtIssuer hash and result. (#123225,
@aramase)apiserver_authorization_decisions_total
metric, labeled by authorizer type, name, and decision. (#123333,
@liggitt)NodeAffinity
plugin. The scheduling hints allowed the scheduler to only retry scheduling a Pod that had been previously rejected by the
NodeAffinity
plugin if a new Node or a Node update matched the Pod's node affinity. (#122309,
@carlory)NodeResourceFit
plugin. The scheduling hints allowed the scheduler to only retry scheduling a Pod that had been previously rejected by the
NodeResourceFit
plugin if a new Node or a Node update matched the Pod's resource requirements or if an old pod update or delete matched the Pod's resource requirements. (#119177,
@carlory)1.21.6
. (#122705,
@cpanato)1.22.1
. (#123750,
@cpanato)1.22
. (#123217,
@cpanato)1.22rc2
. (#122889,
@cpanato)
authentication.kubernetes.io/credential-id
in the user's ExtraInfo. (#123135,
@munnerz)Always
when SidecarContainers
feature is enabled. (#120718,
@gjkim42)KubeProxyDrainingTerminatingNodes
to Beta
. (#122914,
@alexanderConstantinescu)StableLoadBalancerNodeSet
to GA
. (#122961,
@alexanderConstantinescu)ImageMaximumGCAge
feature to beta. (#123424,
@haircommander)status.hostIPs
field for Pods to general availability. The PodHostIPs
feature gate no longer has any effect, and the
status.hostIPs
field is always available within the Pod API. (#122870,
@wzshiming)TranslateStreamCloseWebsocketRequests
KUBECTL_REMOTE_COMMAND_WEBSOCKETS
false
: KUBECTL_REMOTE_COMMAND_WEBSOCKETS=false
. (#123281,
@seans3)ignorable
option now handles errors for both filter and bind phases. (#122503,
@sunbinnnnn)apiserver.latency.k8s.io/decode-response-object
annotation was added to the audit log to record the decoding time. (#121512,
@HirazawaUi)hostUserns=false
and the CRI runtime does not support user namespaces. (#123216,
@giuseppe)nodevolumelimits
due to not found PVCs, only when new PVCs are added. (#121952,
@sanposhiho)kubedns
and nodelocaldns
to release version 1.22.28
. (#121908,
@mzaian)IterateOverWaitingPods
. In other words, all waitingPods in scheduler can be obtained from any profiles. Before this commit, each profile could only obtain
waitingPods
within that profile (#122946,
@NoicFank)UnschedulableAndUnresolvable
. Consequently, these nodes are excluded from the candidates for the preemption process. Additionally, this update corrects how the scheduling framework handles the Unschedulable status from PreFilter. Previously, if
PreFilter returned Unschedulable
, it could lead to an unexpected abortion in the preemption process, which shouldn't occur in the default scheduler but might occur in schedulers with custom plugins. (#119779,
@sanposhiho)RetryGenerateName
feature gate is enabled on the kube-apiserver, create requests using generateName are retried automatically by the apiserver when the generated name conflicts with an existing resource name, up to a max limit of 7 retries. This
feature is in alpha. (#122887,
@jpbetz)ValidatingAdmissionPolicy
now supports type checking policies that utilize variables. (#123083,
@jiahuif)kubelet_first_network_pod_start_sli_duration_second
in the kubelet that allowed developers to understand the source of the latency problems on node startups. (#121720,
@aojea)--pod-max-in-unschedulable-pods-duration
was initially planned to be removed in v1.26, but we had to change this plan. We found
an issue in which Pods can be stuck in the unschedulable pod pool for 5 min, and using this flag is the only workaround for this issue. This issue only could happen if you use custom plugins or if you change plugin set being used in your scheduler via the
scheduler config. (#122013,
@sanposhiho)unmanagedFatal
to enhance clarity while preserving grammatical consistency with
unmanagedWarning
. This improvement ensures a more understandable prompt for users. (#120159,
@Ithrael)imagefs.inodesfree
to default EvictionHard
settings. (#121834,
@vaibhav2107)map()
operations (e.g., .map(...).exists(...)
) to have the correct estimated cost instead of an unbounded cost. (#123562,
@jpbetz)1.27.0+
regression in kubeadm: The kubelet patch configuration will not be uploaded into the
kube-system/kubelet-config
ConfigMap anymore. (#123093,
@SataQiu)ValidatingAdmissionPolicy
that caused policies using CRD parameters to fail to synchronize. (#123003,
@alexzielenski)kube-proxy
introduced in version 1.26.0+
to make externalIPs workwith externalTrafficPolicy: Local. (#121919,
@uablrek)1.29.0
+. (#122341,
@jsafrane)1.24
in the scheduling framework when overriding MultiPoint plugins (e.g. default plugins). The incorrect loop logic might have led to a plugin being loaded multiple times, consequently preventing any Pod from being scheduled, which was unexpected.
(#122068,
@caohe)AvailableBytes
sometimes did not report correctly on WindowsNodes when the
PodAndContainerStatsFromCRI
feature was enabled. (#122846,
@marosset)NodePublishVolume
after node rebooting. (#119923,
@cvvz)EnsureAdminClusterRoleBindingImpl
. (#122893,
@danwinship)syncCronJob
. (#122493,
@mengjiao-liu)pod_scheduling_duration_seconds
that caused the metric to be hidden by default in
1.29
. (#123038,
@alculquicondor)NodeAffinity
was reverted because potential scenarios were found where events that make Pods schedulable could be missed. (#122285,
@sanposhiho)FileSystemResizeFailed
during pod creation if it uses a readonly volume and the capacity of the volume is greater than or equal to its requested storage. (#122508,
@carlory)--verify-only
function in code generation wrappers. (#123261,
@skitt)EventedPLEG
feature (beta, but disabled by default) back to alpha due to a known issue. (#122697,
@pacoxu)errors.Is()
to handle errors returned by LookPath()
. (#122600,
@lzhecheng)LoadBalancerSourceRanges
not working for nftables
mode. (#122614,
@tnqn)kubectl get hpa
. (#122804,
@sreeram-venkitesh)--authentication-config
would encounter failures in verifying tokens not signed with RS256. (#123282,
@enj)v3.5.11
. (#122393,
@mzaian)Terminating
because of GenerateUnmapVolumeFunc
missing
globalUnmapPath
when kubelet tries to clean up all volumes that failed reconstruction. (#123032,
@carlory)LookPath()
to support it flexibly. (#120291,
@lzhecheng)kubectl explain
to show enum for field types if they were defined. (#123023,
@ah8ad3)--rootfs
global flag didn't work with "kubeadm upgrade node" for control plane nodes. (#123077,
@neolit123)Always
cannot update its state from terminated to non-terminated for the pod with restartPolicy with
Never
or OnFailure
. (#123323,
@gjkim42)kubectl
drain would consider a pod as having been deleted if an error occurs while calling the API. (#122574,
@brianpursley)1.27
and later that could result in some updates getting lost (e.g., when a service gets a new endpoint, the rules for the new endpoint might not be added until much later). (#122204,
@danwinship)1.29.0
where the --attach
flag was not honored. (#122447,
@ardaguclu)configmap
, secret
, projected
, and downwardAPI
volume types didn't create user-visible files after a kubelet restart. This fix ensures data persistence and accessibility after restarts. (#122807,
@carlory)nil
by mistake. (#122874,
@fusida)PLEG
during kubelet start-up. (#122475,
@pacoxu)InPlacePodVerticalScaling
is turned on. (#122701,
@carlory)1.27
+ regression in watch stability by serving watch requests without a
resourceVersion
from the watch cache by default, as in <1.27
(disabling the change in PR 115096 by default). This mitigates the impact of an etcd watch bug (https://github.com/etcd-io/etcd/pull/17555).
If the 1.27 change in PR 115096 to serve these requests from underlying storage is still desired despite the impact on watch stability, it can be re-enabled with a
WatchFromStorageWithoutResourceVersion
feature gate. (#123935,
@serathius)kubelet-finalize
phase of kubeadm init
no longer requires the kubelet kubeconfig to have a specific authinfo. (#123171,
@vrutkovs)SeparateCacheWatchRPC
feature flag to disable this behavior. (#123532,
@serathius)QueueingHint
implementation for NodeUnschedulable
due to potential scenarios where events that make Pods schedulable could be missed. (#122288,
@sanposhiho)StorageClass
to Persistent Volume Claims (PVCs) with an empty
storageClassName
. (#122704,
@carlory)v1.33.0
to resolve CVE-2024-24786
. (#123758,
@liggitt)kubectl logs <pod-name>
and the pod is not found, the error message now includes the namespace. Previously, the message would be "Error from server (NotFound): pods "my-pod-name" not found". Now, it reflects the namespace in the message as follows:
"Error from server (NotFound): pods "my-pod-name" not found in namespace "default"". (#120111,
@newtondev)--authorization-mode
when --authorization-config
is provided (#123654,
@LiorLieberman)ValidateVolumeAttributesClassUpdate
also validates new VolumeAttributesClass object. (#122449,
@carlory)kubectl create
token duration. (#123565,
@ah8ad3)getStorageAccountName
warning messages. (#121983,
@andyzhangx)leader_election_slowpath_total
was added to allow users to monitor how many leader elections are updated non-optimistically. (#122069,
@linxiulei)ConsistentHTTPGetHandlers
to default. (#122578,
@carlory)client-go/metadata
to contextual logging. (#122225,
@ricardoapl)RemoveSelfLink
. (#122468,
@carlory)ExpandedDNSConfig
. (#122086,
@bzsuni)KubeletPodResourcesGetAllocatable
. (#122138,
@ii2day)KubeletPodResources
. (#122139,
@bzsuni)MinimizeIPTablesRestore
. (#122136,
@ty-dc)APISelfSubjectReview
has been removed, and the feature is unconditionally enabled. (#122032,
@carlory)etcd
to version 3.5.12
. (#123150,
@bzsuni)v1.29.0
. (#122271,
@saschagrunert)v0.7.0
. (#123504,
@pacoxu)kubeadm completion
error message now displayed supported shell types when an invalid shell was specified.
(#122477,
@SataQiu)/healthz
endpoints to return OK
. The kubelet and API server checks no longer ran in parallel, but one after another (in serial). (#121958,
@neolit123)APIServingWithRoutine=false
(#120902,
@linxiulei)PV
on reclaim policy when it is Recycle
. (#122339,
@carlory)azureFile
in-tree storage plugin. (#122576,
@carlory)v3.5.12
has been built. (#123069,
@bzsuni)bridge-nf-call-iptables=1
and bridge-nf-call-ip6tables=1
preflight checks are removed since not all the network implementations require this setting, network plugins are responsible for setting this correctly depending on whether or
not they connect containers to Linux bridges or use some other mechanism. (#123464,
@SataQiu)ttlSecondsAfterFinished
to automatically clean up the upgrade-health-check
Job that runs during upgrade preflighting. (#122079,
@carlory)LegacyServiceAccountTokenCleanUp
to GA and locked it to default. (#122635,
@carlory)ExperimentalHostUserNamespaceDefaultingGate
in 1.30
. (#122088,
@bzsuni)IPTablesOwnershipCleanup
in version 1.30
. (#122137,
@bzsuni)ProxyTerminatingEndpoints
. (#122134,
@ty-dc)--cidr-allocator-type
option set to CloudAllocator
for
kube-controller-manager
will be deprecated and removed in a future release. Users are advised to transition to and explore the available options provided by their external cloud provider. (#123011,
@dims)LegacyServiceAccountTokenTracking
(GA since 1.28) is now removed because the feature is unconditionally enabled. (#122409,
@Rei1010)kube-dns
to v1.22.27
. (#121736,
@ty-dc)v1.4.0
. (#122178,
@saschagrunert)v1.23.0
. (#123310,
@bzsuni)kube-proxy
nftables mode is now compatible with kernel
5.4
. (#122296,
@tnqn)storage_cluster_id
for apiserver_storage_size_bytes metric
(#124283,
dims)STABLE
(#123342,
@logicalhan)