Kubernetes v1.22.0-alpha.3 is live!

110 views

Skip to first unread message

Wilson Husin

unread,

Jun 8, 2021, 3:08:14 PM6/8/21

to kuberne...@googlegroups.com, kubernete...@googlegroups.com

Kubernetes Community,

Kubernetes v1.22.0-alpha.3 has been built and pushed using Golang version 1.16.4.

The release notes have been updated in CHANGELOG-1.22.md, with a pointer to them on GitHub:

v1.22.0-alpha.3

Downloads for v1.22.0-alpha.3

Source Code

filename	sha512 hash
kubernetes.tar.gz	d45d66834b05aa2cb0ad1b0b7e0a00a9f91b992c74fe50f7a7ad396dae07c5af4855bd6e0191b9a424192c4351ba3e269effa6bca4f7405346c2aae6950c1efa
kubernetes-src.tar.gz	0393a37d11babd35b918413e39880fbc9bcc4a3437944a741fc830c54672a5917e38298a2430cf775dacbc97f9251674a3f8f5e58de77e7e15d8b9512cefffd7

Client Binaries

filename	sha512 hash
kubernetes-client-darwin-amd64.tar.gz	a210d70e90e96f669b74a09752afe8ac118d7922296216298266ddb5413b2d00b5384545099d9fa12102932b95be82f5a21e9fc7fd0512bb974182d4a348d35e
kubernetes-client-darwin-arm64.tar.gz	da38e928622f813d83fa33048446d4f2204b96884dd6d8596889bf3d6a26ddbcd1bcb7741978233e31dd5216d1c0fa3e81908d57f7be74ad54cbae35e9d19be1
kubernetes-client-linux-386.tar.gz	7fb77598532a0f42a6e052c403933f26c387bf6cf93ce7df88de334bbe25812da52940be13ade26ec841cb80c08273eddb5a051e8eb1bfd6ec14190acad0e827
kubernetes-client-linux-amd64.tar.gz	eabba5509ae1b5f770573e5fd1cffa39a86e9b8b97c3c2e930a197600ad704ed22925246b697b1070ab826a7680a1cd4338b31fcbcb9e24fe7df56f426587465
kubernetes-client-linux-arm.tar.gz	b94023510bd349d48c6242c1fd09ef74560667ef4a1362f75c2f07f0ad10b2e6a0f2aab36346a0db77488382192ea1ba0f044a2bc9416288f7a368030b39f5f0
kubernetes-client-linux-arm64.tar.gz	3a577bf292d25450babbd1a15e1921f9068a0c7c06bd54a5d88a3a97982fb2ec55ebaeecb77a502b1179473d45bf99b553a88dd85c5df7daa973c14d6905d7a6
kubernetes-client-linux-ppc64le.tar.gz	b43e844dbd57c75616d20bafe1af8a08245644648a11b067b45048abf4da7f6f5c0ce3b2cd0dd09dd6ca81cebb881cee623d78a4dd9e963ef69e1d27e7f38471
kubernetes-client-linux-s390x.tar.gz	1c472acb904ce7980b78b3716c6d9660add5161d100e4c6dd0cee2c4fc9dd3ff43ef26c3f48d5467c9e29d2101e80d60713ac3ddd7b50018be114a799edb4600
kubernetes-client-windows-386.tar.gz	d224a9eeebbcf8fda304dd78ae491d74b513c484938a8ee7d66ef67d6821718f0665ce3a6cd44e628de7fab58e8a487ae431521857a92be8f1c07840a1b11472
kubernetes-client-windows-amd64.tar.gz	6d497e4be0a11c427d16b774c61a6b32e09e97ea085c5a961cf155440ccf6220f5be97722cbe957b14722ca32d4c3d18a66559859a3ca810dcb881c8529bf098

Server Binaries

filename	sha512 hash
kubernetes-server-linux-amd64.tar.gz	297d5b7d4161b5374a17bb1709874fdae02bb368e81a45c82dfb90508e5796e6871512f2f5f555697ea14597a26195ae6bbbc3d71ca685e6c888cb5ced689ae8
kubernetes-server-linux-arm.tar.gz	305bac3735d716432c76c7911ea618f7198de3e6e1d1ef46e574ed882a307ae2bd16e2bd489dad24e5c3c76cfeaed572513b2990d621e157857f70784ae0cf96
kubernetes-server-linux-arm64.tar.gz	88c634a4aeca7a55c9179a9f394096acece1aa2362c6354a2a7fedc4db7add7bfb7b9954010e65c430d3ada790e6e3ecf19713b1368491548b5cbdc2db2baf07
kubernetes-server-linux-ppc64le.tar.gz	e04de27a7c855ee7f0c50e37498a634ff5885e96311447ae0e136a7c8321cdb3a37897e89f03a4c0033b2112880b22787c96f21717d7c028dbebc696fc98faee
kubernetes-server-linux-s390x.tar.gz	8f0a37542dc82402a542af6cb11e2831f0dbf16a9fa0594037d5e99efa7196c772352a44f99ba9ec4a78d7bfb350e6cbcc5404756a993bc5a5f6544b17e068ca

Node Binaries

filename	sha512 hash
kubernetes-node-linux-amd64.tar.gz	cb02d70d26484d858f0bb515bcf6e24c7d36d7dfa896358c06f1b260736bff359423c867df192f407d0f1b8e5d829be11e20f729de629506b0319b9a421872c7
kubernetes-node-linux-arm.tar.gz	c6cff49b74227c035bbbcc730c1e0f165ad6c6db992f1e0a02a0a581741ca03a638a2b2012f5eba01a847dbaf26692f23f935055e5a28354bd2b13935871c262
kubernetes-node-linux-arm64.tar.gz	26d91660351ab07be1cb52ddb99087dccc8df31659d214634d81667a08eeb69b8c2552481cac0ab1a3f9c83152b6384ccaffe2d0b728cf7e2acbed272d166ac4
kubernetes-node-linux-ppc64le.tar.gz	c31c8533ff319d7d3a88207ecbc3f318cf54a810d5f3b1092534bf6e5f16e00ca635573f2f2c9cfa1d461b8e545e09821bf512f0ccae4e2c8b99232695b92766
kubernetes-node-linux-s390x.tar.gz	ae7b9726078e650527f4f861b4fff4a0d84e9fcba406944ee0ade44b4dfe803c37223bb4b8074277d82695654d2b1a4b83ac7376ecf7138b8b5718228012d162
kubernetes-node-windows-amd64.tar.gz	21cb251d63bbcda04b0c6ea74badb2c54a8a8b79824440a20543ab300631d463693255c1367eeab0afe583248ad49a43459d405d70ce04e95014a272101fedf4

Changelog since v1.22.0-alpha.2

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

CSI migration of AWS EBS volumes requires AWS EBS CSI driver ver. 1.0 that supports allowAutoIOPSPerGBIncrease parameter in StorageClass. (#101082, @jsafrane) [SIG Storage]
Conformance image is now built with Distroless. Users running Conformance testing should rely on container entrypoint instead of manual invocation to /run_e2e.sh or /gorunner, as they are now deprecated and will be removed in 1.25 release. Invoking ginkgo and e2e.test are still supported through overriding entrypoint (docker) or defining container spec.command (kubernetes) (#99178, @wilsonehusin) [SIG Release and Testing]
Default StreamingProxyRedirects to disabled. If there is a >= 2 version skew between master and nodes, and the old nodes were enabling --redirect-container-streaming, this will break them. In this case, the StreamingProxyRedirects can still be manually enabled. (#101647, @pacoxu) [SIG API Machinery and Node]
Kubeadm: remove the automatic detection and matching of cgroup drivers for Docker. For new clusters if you have not configured the cgroup driver explicitly you might get a failure in the kubelet on driver mismatch (kubeadm clusters should be using the "systemd" driver). Also remove the "IsDockerSystemdCheck" preflight check (warning) that checks if the Docker cgroup driver is set to "systemd". Ideally such detection / coordination should be on the side of CRI implementers and the kubelet (tracked here https://github.com/kubernetes/kubernetes/issues/99808). Please see the following page on how to configure cgroup drivers with kubeadm manually: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/ (#99647, @neolit123) [SIG Cluster Lifecycle]
The CSIMigrationVSphereComplete feature flag is removed. InTreePluginvSphereUnregister will be the way moving forward. (#101272, @Jiawei0227) [SIG API Machinery, Node and Storage]

Changes by Kind

Deprecation

E2e.test: removed the --viper-config flag. If you were previously using this to pass flags to e2e.test via a file, you will need to pass them directly on the command line, e.g. e2e.test --e2e-output-dir (#102598, @dims) [SIG Testing]
Remove support for the Service topologyKeys field (alpha) and the kube-proxy implementation of it. This field was deprecated several cycles ago. This functionality is replaced by the combination of automatic topology hints per-endpoint (alpha) and the Service internalTrafficPolicy field (alpha). (#102412, @andrewsykim) [SIG API Machinery, Apps and Network]

API Change

--ssh-user and --ssh-key options are removed. They only functioned on GCE, and only in-tree. Use the apiserver network proxy instead. (#102297, @deads2k) [SIG API Machinery, Cloud Provider and Testing]
Enable MaxSurge for DS by default (#101742, @ravisantoshgudimetla) [SIG Apps and Testing]
Introduce minReadySeconds api to the StatefulSets. (#100842, @ravisantoshgudimetla) [SIG API Machinery, Apps and Testing]
Kube-controller-manger: the --horizontal-pod-autoscaler-use-rest-clients flag and Heapster support in the horizontal pod autoscaler, deprecated since 1.12, is removed. (#90368, @serathius) [SIG API Machinery, Apps, Autoscaling, Cloud Provider and Instrumentation]
The deprecated flag --algorithm-provider has been removed from kube-scheduler. Use instead ComponentConfig to configure the set of enabled plugins (#102239, @Haleygo) [SIG Cloud Provider and Scheduling]

Feature

An audit log entry will be generated when a validating admission webhook is failing open. (#92739, @cnphil) [SIG API Machinery]
BoundServiceAccountTokenVolume is GA. The feature gate is going to be removed in 1.23. (#101992, @zshihang) [SIG Auth, Cloud Provider and Testing]
Graduate prefer nominated node to beta (#102201, @chendave) [SIG Scheduling]
Introduce a feature gate DisableCloudProviders allowing to disable cloud-provider initialization in KAPI, KCM and kubelet.

DisableCloudProviders FeatureGate is currently in Alpha, which means is currently disabled by default. Once the FeatureGate moves to beta, in-tree cloud providers would be disabled by default, and a user won't be able to specify --cloud-provider=<aws|openstack|azure|gcp|vsphere> anymore to any of KCM, KAPI or kubelet. Only a --cloud-provider=external would be allowed. CCM would have to run out-of-tree with CSI. (#100136, @Danil-Grigorev) [SIG API Machinery, Cloud Provider, Instrumentation and Node]
Kubeadm: add a new field "skipPhases" to v1beta3 InitConfiguration and JoinConfiguration that can contain a list of phases to skip during "kubeadm init" and "kubeadm join". The flag "--skip-phases" takes precedence over this field. (#101923, @neolit123) [SIG Cluster Lifecycle]
Kubeadm: add the RootlessControlPlane kubeadm specific feature gate (Alpha in 1.22, disabled by default). It can be used to enable an experimental feature that makes the control plane component static Pod containers for kube-apiserver, kube-controller-manager, kube-scheduler and etcd to run as a non-root users. (#102158, @vinayakankugoyal) [SIG Cluster Lifecycle]
Kubeadm: during "kubeadm init/join/upgrade", always default the "cgroupDriver" value in the KubeletConfiguration to "systemd", unless the user was explicit about the value. See https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/ for more details. (#102133, @pacoxu) [SIG Cluster Lifecycle]
Kubectl: add "LAST RESTART" column to "kubectl get pods" output (#100142, @Ethyling) [SIG CLI]
NetworkPolicy validation framework support for windows (#98077, @jayunit100) [SIG Auth, Network and Testing]
New feature gate "ExpandedDNSConfig" is now available. This feature allows Kubernetes to have expanded DNS configuration. (#100651, @gjkim42) [SIG Apps, Network and Node]
Promote CronJobControllerV2 flag to GA, with removal in 1.23 (#102529, @soltysh) [SIG Apps]
Promote Cronjobs storage version to batch/v1 (#102363, @mengjiao-liu) [SIG API Machinery and Testing]
Scheduler now registers event handlers dynamically. (#101394, @Huang-Wei) [SIG Scheduling and Testing]
Some of the in-tree storage drivers indicate support for the MetricsProvider interface, but fail to configure this for BlockMode volumes. With a recent change, Kubelet will call GetMetrics() for BlockMode volumes, and the in-tree drivers that miss the support cause a Go panic. Now the in-tree storage drivers that support BlockMode volumes, will return the Capacity of the volume in the GetMetrics() call. (#101587, @nixpanic) [SIG Instrumentation, Node, Storage and Testing]
Support FakeClientset match subresource (#100939, @wzshiming) [SIG API Machinery and Testing]
Update the Debian images to pick up CVE fixes in the base images:
- Update the debian-base image to v1.7.0
- Update the debian-iptables image to v1.6.1 (#102302, @xmudrii) [SIG API Machinery, Release and Testing]
Update the setcap image to buster-v2.0.1 (#102377, @xmudrii) [SIG Release]
Watch requests are now handled throttled by priority and fairness filter in kube-apiserver (#102171, @wojtek-t) [SIG API Machinery]
[kubectl] Enable using protocol buffers to request Metrics API (#102039, @serathius) [SIG CLI]

Bug or Regression

Aggregate errors when putting vmss (#98350, @nilo19) [SIG Cloud Provider]
Fix a bug on the endpoint slices mirroring controller where endpoint NotReadyAddresses were mirrored as Ready to the corresponding EndpointSlice (#102683, @aojea) [SIG Apps and Network]
Fix a bug that a preemptor pod may exist as a phantom in the scheduler. (#102498, @Huang-Wei) [SIG Scheduling]
Fix nulls are handles of array's and objects in json patches. (#102467, @pacoxu) [SIG API Machinery, Apps, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing]
Fix resource enforcement when using systemd cgroup driver (#102147, @kolyshkin) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Storage and Testing]
Fix runtime container status for post start hook error (#100608, @pacoxu) [SIG Node]
Fixed an issue blocking azure auth to prompt to device code authentication flow when refresh token expires. (#102063, @tdihp) [SIG API Machinery and Auth]
Fixed garbage collection of dangling VolumeAttachments for PersistentVolumes migrated to CSI on startup of kube-controller-manager. (#102176, @timebertt) [SIG Apps and Storage]
Fixed kubelet runtime panic for timed-out portforward streams. (#102489, @saschagrunert) [SIG API Machinery and Node]
Fixed very rare volume corruption when a pod is deleted while kubelet is offline. (#102059, @jsafrane) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage]
Fixes issue with websocket-based watches of Service objects not closing correctly on timeout (#102539, @liggitt) [SIG API Machinery and Testing]
Kubeadm: when using a custom image repository for CoreDNS kubeadm now will append the "coredns" image name instead of "coredns/coredns", thus restoring the behaviour existing before the v1.21 release. Users who rely on nested folder for the coredns image should set the "clusterConfiguration.dns.imageRepository" value including the nested path name (e.g using "registry.company.xyz/coredns" will force kubeadm to use "registry.company.xyz/coredns/coredns" image). No action is needed if using the default registry (k8s.gcr.io). (#102502, @ykakarap) [SIG Cluster Lifecycle]
Retry FibreChannel devices cleanup after error to ensure FC device is detached before it can be used on another node. (#101862, @jsafrane) [SIG Storage]
ServiceOwnsFrontendIP shouldn't report error when the public IP doesn't match (#102516, @nilo19) [SIG Cloud Provider]
Support correct sorting for cpu, memory, storage, ephemeral-storage, hugepages, and attachable-volumes (#100435, @lauchokyip) [SIG CLI and Testing]
Update klog v2.9.0 (#102332, @pacoxu) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage]
Update kube-proxy base image debian-iptables to v1.6.2 to pickup https://github.com/kubernetes/release/pull/2106
- debian-iptables: select nft mode if ntf lines > legacy lines, matching https://github.com/kubernetes-sigs/iptables-wrappers/ (#102590, @BenTheElder) [SIG Network and Testing]
We no longer allow the cluster operator to delete any "suggested" priority & fairness bootstrap configuration object, If a cluster operator removes a suggested configuration, it will be restored by the apiserver. (#102067, @tkashem) [SIG API Machinery]

Other (Cleanup or Flake)

Allow CSI drivers to just run offline expansion tests (#102665, @gnufied) [SIG Storage and Testing]
Changed buildmode of non static Kubernetes binaries to produce position independent executables (PIE). (#102323, @saschagrunert) [SIG Release and Security]
Clarified the description of a test in the e2e suite that mentions "SCTP" but is actually intended to be testing the behavior of network plugins that don't implement SCTP. (#102509, @danwinship) [SIG Network and Testing]
Disable log sampling when using json logging format (#102620, @serathius) [SIG API Machinery, Cluster Lifecycle and Instrumentation]
Improve func ToSelectableFields' performance for event (#102461, @goodluckbot) [SIG API Machinery and Node]
Migrate some log messages to structured logging in pkg/volume/plugins.go. (#101510, @huchengze) [SIG Storage]
Update CNI plugins to v0.9.1 (#102328, @lentzi90) [SIG Cloud Provider, Network, Node and Testing]
Updated pause image to version 3.5, which now runs per default as pseudo user and group 65535:65535. This does not have any effect on remote container runtimes like CRI-O and containerd, which setup the pod sandbox user and group on their own. (#100292, @saschagrunert) [SIG CLI, Cloud Provider, Cluster Lifecycle, Node and Testing]
Upgrade functionality of kubectl kustomize as described at https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.1.3 (#102193, @gautierdelorme) [SIG CLI]

Dependencies

Added

Changed

github.com/alecthomas/units: c3de453 → f65c72e
github.com/cilium/ebpf: v0.2.0 → v0.5.0
github.com/containerd/console: v1.0.1 → v1.0.2
github.com/coreos/go-systemd/v22: v22.1.0 → v22.3.1
github.com/evanphx/json-patch: v4.9.0+incompatible → v4.11.0+incompatible
github.com/go-logfmt/logfmt: v0.4.0 → v0.5.0
github.com/godbus/dbus/v5: v5.0.3 → v5.0.4
github.com/google/cadvisor: v0.39.0 → v0.39.2
github.com/google/go-cmp: v0.5.2 → v0.5.4
github.com/julienschmidt/httprouter: v1.2.0 → v1.3.0
github.com/kr/pretty: v0.2.0 → v0.2.1
github.com/moby/sys/mountinfo: v0.4.0 → v0.4.1
github.com/mwitkow/go-conntrack: cc309e4 → 2f06839
github.com/opencontainers/runc: v1.0.0-rc93 → v1.0.0-rc95
github.com/opencontainers/runtime-spec: e6143ca → 1c3f411
github.com/prometheus/common: v0.10.0 → v0.26.0
github.com/spf13/jwalterweatherman: v1.1.0 → v1.0.0
golang.org/x/sys: a50acf3 → d19ff85
golang.org/x/text: v0.3.4 → v0.3.6
k8s.io/klog/v2: v2.8.0 → v2.9.0
k8s.io/utils: 67b214c → da69540
sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.15 → v0.0.19
sigs.k8s.io/kustomize/api: v0.8.8 → v0.8.10
sigs.k8s.io/kustomize/cmd/config: v0.9.10 → v0.9.12
sigs.k8s.io/kustomize/kustomize/v4: v4.1.2 → v4.1.3
sigs.k8s.io/kustomize/kyaml: v0.10.17 → v0.10.20

Removed

Contributors, the CHANGELOG-1.22.md has been bootstrapped with v1.22.0-alpha.3 release notes and you may edit now as needed.