Kubernetes v1.23.0-alpha.2 is live!

82 views
Skip to first unread message

Adolfo García Veytia

unread,
Sep 14, 2021, 6:58:12 PM9/14/21
to kubernetes-announce, kubernetes-dev
Kubernetes Community,

Kubernetes v1.23.0-alpha.2 has been built and pushed using Golang version 1.17.1.

The release notes have been updated in CHANGELOG-1.23.md, with a pointer to them on GitHub:

v1.23.0-alpha.2

Downloads for v1.23.0-alpha.2

Source Code

filename sha512 hash
kubernetes.tar.gz 121d51f42a52b28e27a4b2f914a4f80fa3fba6328e6a4a5c96dec39c5b28c05461fcc290ef35a49058e237091532b24db3cd8c61801bcb6736aee1dd7dbcffc3
kubernetes-src.tar.gz 641d47241acfadb3b13bccec57795749d2c9e3e07ffa7aa4b30df3a488643631eb8e5cd581bcfb764dff4ac5ed755f72d94e80746142123b09e1675e81421a91

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz f734cb514ee56adcb2d991a6f0550df907c72f8a61cc2a13117e61b8d5826ff942a582a2e9383deb1a61d5df2243362f1327942a3b4883490eb3296647ce3737
kubernetes-client-darwin-arm64.tar.gz 24d1f851cd5782f8f39054e37beda1554dadd8a28cb3272b00d50fc095d1fc3018768c1ea72a44eda61ff0f58f71b33dd28cbdc54467d620e87c3694ecf14cc2
kubernetes-client-linux-386.tar.gz 082ad4abea58de3b629fc2ed4560a836cdbeb1adefb0c4cf47044bf33c750d8fcd8a06e2c4ce365853e83a58d52e0129d510a698dd894bd1261f8184dd1cab42
kubernetes-client-linux-amd64.tar.gz b3b0b23479c05b57ca574cf17cdcde7e716033bc4f6a80532d1175d8e533e3202bece0dcf503731d5a60319c526ce1ce4a0bc900bf87536321208a59cf890e35
kubernetes-client-linux-arm.tar.gz f5dac2976ce04310f74bba6102080554309b851fbd966ff1220d3eb23089db8eb8da519a6bd8865c94f2f24346a4d27eb40fd0a3ff06ca9c6874e1fc6f356b67
kubernetes-client-linux-arm64.tar.gz 057b372150749b13a38e04802c7cf566765e0fbb27f1b5f7bf6d3cc3f71eb3020916ea7f8579ecc7fcc10e2db1b5c8caa31a1e8a3aac80da86e4e777f515d42f
kubernetes-client-linux-ppc64le.tar.gz 9a090d22aeba011c6d039bff59dbdc23ac4a112828db3cbba588d8b0ee1cd14d16e0eacefbb000e5a3ff26bcce4730824819f86a99b7a9826f35fa9964f9f27a
kubernetes-client-linux-s390x.tar.gz 435e20055badb619289dc7c572af300bd2f86068d0b8f326e8d9abfda5347f2449e316158c412e9b946a2541208c3e8cc6e5c823946e74ac4fc2d594d410179a
kubernetes-client-windows-386.tar.gz 55f192a4d095d494bb53af1b7133124b762a677eb46247b9dba71d10ea6830b37c30d603908e7a9c63f371baff508b19406e89b231ed5ece0497627f09753f68
kubernetes-client-windows-amd64.tar.gz 944059d1f1918a793490b95be8130d06189508ba8e79e79ca8cfd2ab98bf396ac551786514b093cc6afe4b3fd15736d728cfcdce18bb32fbee41bc0a97f5c4be

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz a76a4b86ee151ba027f7cf4a2072451ae4c829182bb14e00ce1967421744bfc1e58f141b6eaf2ab27ece67054ae307f8e0768477ab9c3c4749eaad397d495182
kubernetes-server-linux-arm.tar.gz 95aeb4eb473ab4920d81904bc89c6126732b9c6888f9e57493ee99d692042ca44f6844ac1dade1409565f4d9fbec59445402e1f7deac6cbf5b6df16ac814b58c
kubernetes-server-linux-arm64.tar.gz 3c56e906aafc2a1ac72300352a334662bec5d59e3e523c19b9d65bc52ad9075dc2631f259513efd0f654e220fe0e7d54dfa5028d7eaad81d5d87ca251653f75d
kubernetes-server-linux-ppc64le.tar.gz b74bacafe9bb6a7cf407747b03e78ae3873e50deec4eaa08758d5e1d5287ac23af59b3ef26f888fe4cd44ccb1455beafcd1384e700230eb445720e3acae5f2e3
kubernetes-server-linux-s390x.tar.gz d3f8f8d9c233b114129f615252d42782cd366978a49506393a40af3f8b5b1250ce99e9806881675e112a69270a0411fb2f00ea19b99ad7415b9e0074beb2726d

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 146e2f762c179178a57a8c7af7c26470c5d580b8ff8400615162ad1056625f87ce2b32598538d82652f88639e54afb782810529b074c36eb52cc6374414a6181
kubernetes-node-linux-arm.tar.gz 9357d1b387e1b049fb6cec06a7081afc2ce7e906484c9b061fb0449d147a6c4f9c9dc7a9219cdca5ed71df6c73784f360018d9e48d4fa2aa7eeabef60649d7a4
kubernetes-node-linux-arm64.tar.gz 8394f8f9d6ee823cb9a470ea67e15d4d0c6aca7065fe826788f50955905373fc3cdddd6db43901c07736588d8d6a3d3e2916bc8d45fd6bd06307583686137a0a
kubernetes-node-linux-ppc64le.tar.gz 7211cb426834484bff39f1ab3c9541203429039f8f5e522ca9e28c43da749e197128a3cae28db0467fc339305d2f23f85e8b4ed9ec116506c3d8076744a88d5e
kubernetes-node-linux-s390x.tar.gz a7c1a38250398171d3df5865749e9928867c4f44106ae66d44cf9f948ce4f4eed9d1f273a5d369996425b1e12482fceccde4c7652770a8c9fb3f161811323b69
kubernetes-node-windows-amd64.tar.gz 2007b3b16597cc06b486f87f35b6c637404f07c11d88b8c8e1c2c9bbea97f762bd7d4f9a31f42f78a917c595af5cb89e6885dd88f3766836dc6e4ec79cf084f2

Changelog since v1.23.0-alpha.1

Changes by Kind

Deprecation

  • Controller-manager: the following flags have no effect and would be removed in v1.24:

    In addition, please be careful that:

    • kube-scheduler MUST start with --authorization-kubeconfig and --authentication-kubeconfig correctly set to get authentication/authorization working.
    • liveness/readiness probes to kube-scheduler MUST use HTTPS now, and the default port has been changed to 10259.
    • Applications that fetch metrics from kube-scheduler should use a dedicated service account which is allowed to access nonResourceURLs /metrics. (#96345, @ingvagabund) [SIG Cloud Provider, Scheduling and Testing]

  • Removed deprecated metric scheduler_volume_scheduling_duration_seconds (#104518, @dntosas) [SIG Instrumentation, Scheduling and Storage]

API Change

  • A small regression in Service updates was fixed. The circumstances are so unlikely that probably nobody would ever hit it. (#104601, @thockin) [SIG Network]
  • Introduce v1beta2 for Priority and Fairness with no changes in API spec (#104399, @tkashem) [SIG API Machinery and Testing]
  • Kube-apiserver: Fixes handling of CRD schemas containing literal null values in enums. (#104969, @liggitt) [SIG API Machinery, Apps and Network]
  • Kubelet: turn the KubeletConfiguration v1beta1 ResolverConfig field from a string to *string. (#104624, @Haleygo) [SIG Cluster Lifecycle and Node]
  • Kubernetes is now built using go1.17 (#103692, @justaugustus) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing]
  • Removed deprecated --seccomp-profile-root/seccompProfileRoot config (#103941, @saschagrunert) [SIG Node]
  • Since golang 1.17 both net.ParseIP and net.ParseCIDR rejects leading zeros in the dot-decimal notation of IPv4 addresses. Kubernetes will keep allowing leading zeros on IPv4 address to not break the compatibility. IMPORTANT: Kubernetes interprets leading zeros on IPv4 addresses as decimal, users must not rely on parser alignment to not being impacted by the associated security advisory: CVE-2021-29923 golang standard library "net" - Improper Input Validation of octal literals in golang 1.16.2 and below standard library "net" results in indeterminate SSRF & RFI vulnerabilities. Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-29923 (#104368, @aojea) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scalability, Scheduling, Storage and Testing]
  • StatefulSet minReadySeconds is promoted to beta (#104045, @ravisantoshgudimetla) [SIG Apps and Testing]
  • The Service.spec.ipFamilyPolicy field is now required in order to create or update a Service as dual-stack. This is a breaking change from the beta behavior. Previously the server would try to infer the value of that field from either ipFamilies or clusterIPs, but that caused ambiguity on updates. Users who want a dual-stack Service MUST specify ipFamilyPolicy as either "PreferDualStack" or "RequireDualStack". (#96684, @thockin) [SIG API Machinery, Apps, Network and Testing]
  • Users of LogFormatRegistry in component-base must update their code to use the logr v1.0.0 API. The JSON log output now uses the format from go-logr/zapr (no v field for error messages, additional information for invalid calls) and has some fixes (correct source code location for warnings about invalid log calls). (#104103, @pohly) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage]
  • When creating an object with generateName, if a conflict occurs the server now returns an AlreadyExists error with a retry option. (#104699, @vincepri) [SIG API Machinery]

Feature

  • Add fish shell completion to kubectl (#92989, @WLun001) [SIG CLI]
  • Added PowerShell completion generation by running kubectl completion powershell (#103758, @zikhan) [SIG CLI]
  • Added a Processing condition for the workqueue API Changed Shutdown for the workqueue API to wait until the work queue finishes processing all in-flight items. (#101928, @alexanderConstantinescu) [SIG API Machinery and Apps]
  • Added a new flag --append-server-path to kubectl proxy that will automatically append the kube context server path to each request. (#97350, @FabianKramm) [SIG API Machinery, CLI and Testing]
  • Added support for setting controller-manager log level online (#104571, @h4ghhh) [SIG API Machinery, Apps and Cloud Provider]
  • Adding support for multiple --from-env-file flags (#104232, @lauchokyip) [SIG CLI]
  • Cloud providers can set service account names for cloud controllers. (#103178, @nckturner) [SIG API Machinery and Cloud Provider]
  • Health check of kube-controller-manager now includes each controller. (#104667, @jiahuif) [SIG API Machinery and Cloud Provider]
  • Kube-scheduler now logs node and plugin scoring even though --v<10
    • socres of the top 3 plugins in the top 3 nodes are dumped if --v=4,5
    • socres of all plugins in the top 6 nodes are dumped if --v=6,7,8,9 (#103515, @muma378) [SIG Scheduling]
  • Kubernetes is now built with Golang 1.17.1 (#104904, @cpanato) [SIG API Machinery, Cloud Provider, Instrumentation, Release and Testing]
  • The pause image list now contains Windows Server 2022 (#104438, @nick5616) [SIG Windows]
  • Updates debian-iptables to v1.6.7 to pick up CVE fixes (#104970, @PushkarJ) [SIG API Machinery, Network, Release, Security and Testing]

Documentation

  • Conformance: the test "[sig-network] EndpointSlice should have Endpoints and EndpointSlices pointing to API Server [Conformance]" only requires that there is an EndpointSlice that references the "kubernetes.default" service, it no longer requires that its named "kubernetes". (#104664, @aojea) [SIG Architecture, Network and Testing]

Bug or Regression

  • A pod that the Kubelet rejects was still considered as being accepted for a brief period of time after rejection, which might cause some pods to be rejected briefly that could fit on the node. A pod that is still terminating (but has status indicating it has failed) may also still be consuming resources and so should also be considered. (#104817, @smarterclayton) [SIG Node]
  • Changed kubectl describe to compute Age of an event using the count and lastObservedTime fields available in the event series (#104482, @harjas27) [SIG CLI]
  • Don't prematurely close reflectors in case of slow initialization in watch based manager to fix issues with inability to properly mount secrets/configmaps. (#104604, @wojtek-t) [SIG Node]
  • Fix Job tracking with finalizers for more than 500 pods, ensuring all finalizers are removed before counting the Pod. (#104666, @alculquicondor) [SIG Apps and Instrumentation]
  • Fix a regression where the Kubelet failed to exclude already completed pods from calculations about how many resources it was currently using when deciding whether to allow more pods. (#104577, @smarterclayton) [SIG Node]
  • Fix detach disk issue on deleting vmss node (#104572, @andyzhangx) [SIG Cloud Provider]
  • Fix: ensure InstanceShutdownByProviderID return false for creating Azure VMs (#104382, @feiskyer) [SIG Cloud Provider]
  • Fix: ignore the case when comparing azure tags in service annotation (#104705, @nilo19) [SIG Cloud Provider]
  • Fix: ignore the case when updating Azure tags (#104593, @nilo19) [SIG Cloud Provider]
  • Fixed bug where kubectl would emit duplicate warning messages for flag names that contain an underscore and recommend using a nonexistent flag in some cases (#103852, @brianpursley) [SIG CLI and Cluster Lifecycle]
  • Fixed client IP preservation for NodePort service with protocol SCTP in ipvs mode (#104756, @tnqn) [SIG Network]
  • Fixed occasional pod cgroup freeze when using cgroup v1 and systemd driver. (#104528, @kolyshkin) [SIG Node]
  • Fixes a regression that could cause panics in LRU caches in controller-manager, kubelet, kube-apiserver, or client-go (#104466, @stbenjam) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage]
  • Kube-apiserver: fixes an issue where an admission webhook can observe a v1 Pod object that does not have the defaultMode field set in the injected service account token volume (#104523, @liggitt) [SIG Auth]
  • Kube-proxy health check ports used to listen to : for each of the services. This is not needed and opens ports in addresses the cluster user may not have intended. The PR limits listening to all node address which are controlled by --nodeport-addresses flag. if no addresses are provided then we default to existing behavior by listening to : for each service (#104742, @khenidak) [SIG Network]
  • Kube-scheduler now doesn't print any usage message when unknown flag is specified (#104503, @sanposhiho) [SIG Scheduling]
  • Metrics changes: Fix exposed buckets of scheduler_volume_scheduling_duration_seconds_bucket metric (#100720, @dntosas) [SIG Apps, Instrumentation, Scheduling and Storage]
  • Scheduler resource metrics over fractional binary quantities (2.5Gi, 1.1Ki) were incorrectly reported as very small values. (#103751, @y-tag) [SIG API Machinery and Scheduling]

Other (Cleanup or Flake)

  • Generic ephemeral volumes: better pod events ("waiting for ephemeral volume controller to create the persistentvolumeclaim"" instead of "persistentvolumeclaim not found") (#104605, @pohly) [SIG Scheduling and Storage]
  • Kubeadm: remove the deprecated flags "--csr-only" and "--csr-dir" from "kubeadm certs renew". Please use "kubeadm certs generate-csr" instead. (#104796, @RA489) [SIG Cluster Lifecycle]
  • Migrate pkg/scheduler to structured logging (#99273, @yangjunmyfm192085) [SIG Scheduling]
  • Migrated pkg/proxy/userspace to structured logging (#104931, @shivanshu1333) [SIG Network]
  • More detailed logging has been added to the EndpointSlice controller for Topology Aware Hints. (#104741, @robscott) [SIG Apps and Network]
  • Support for Windows Server 2022 was added to the k8s.gcr.io/pause:3.6 image. (#104711, @claudiubelu) [SIG CLI, Cloud Provider, Cluster Lifecycle, Node, Release and Testing]
  • The maximum length of the CSINode id field has increased to 256 bytes to match the CSI spec (#104160, @pacoxu) [SIG Storage]
  • Update conformance image to use debian-base:buster-v1.9.0 (#104696, @PushkarJ) [SIG Architecture, Release, Security and Testing]
  • volume.kubernetes.io/storage-provisioner annotation will be added to dynamic provisioning required PVC. volume.beta.kubernetes.io/storage-provisioner annotation is deprecated. (#104590, @Jiawei0227) [SIG Apps and Storage]

Dependencies

Added

Changed

Removed


Contributors, the CHANGELOG-1.23.md has been bootstrapped with v1.23.0-alpha.2 release notes and you may edit now as needed.



Published by your Kubernetes Release Managers.

Reply all
Reply to author
Forward
0 new messages