Skip to content

Latest commit

 

History

History
879 lines (519 loc) · 42.9 KB

CHANGELOG.md

File metadata and controls

879 lines (519 loc) · 42.9 KB
Raw

TODO: This document was manually maintained so might be incomplete. The automation effort is tracked in kubernetes/test-infra#5843.

Changes in k8s.io/api and k8s.io/apimachinery are mentioned here because k8s.io/client-go depends on them.

v10.0.0

Breaking Changes:

  • Action required: client-go will no longer have bootstrap (k8s.io/client-go/tools/bootstrap) related code. Any reference to it will break. Please redirect all references to k8s.io/bootstrap instead. (#67356)

  • The methods NewSelfSignedCACert and NewSignedCert now use crypto.Signer interface instead of rsa.PrivateKey for certificate creation. This is done to allow different kind of private keys (for example: ecdsa). (#69329)

  • GetScale and UpdateScale methods have been added for apps/v1 clients and with this, no-verb scale clients have been removed. (#70437)

  • k8s.io/client-go/util/cert/triple package has been removed. (#70966)

New Features:

  • unfinished_work_microseconds is added to the workqueue metrics. It can be used to detect stuck worker threads (kube-controller-manager runs many workqueues.). (#70884)

  • A method GetPorts is added to expose the ports that were forwarded. This can be used to retrieve the locally-bound port in cases where the input was port 0. (#67513)

  • Dynamic listers and informers, that work with runtime.Unstructured objects, are added. These are useful for writing generic, non-generated controllers. (68748)

  • The dynamic fake client now supports JSONPatch. (#69330)

  • The GetBinding method is added for pods in the fake client. (#69412)

Bug fixes and Improvements:

  • The apiVersion and action name values for fake evictions are now set. (#69035)

  • PEM files containing both TLS certificate and key can now be parsed in arbitrary order. Previously key was always required to be first. (#69536)

  • Go clients created from a kubeconfig that specifies a TokenFile now periodically reload the token from the specified file. (#70606)

  • It is now ensured that oversized data frames are not written to spdystreams in remotecommand.NewSPDYExecutor. (#70999)

  • A panic occuring on calling scheme.Convert is fixed by populating the fake dynamic client scheme. (#69125)

  • Add step to correctly setup permissions for the in-cluster-client-configuration example. (#69232)

  • The function Parallelize is deprecated. Use ParallelizeUntil instead. (#68403)

  • [k8s.io/apimachinery] Restrict redirect following from the apiserver to same-host redirects, and ignore redirects in some cases. (#66516)

API changes

New Features:

  • GlusterFS PersistentVolumes sources can now reference endpoints in any namespace using the spec.glusterfs.endpointsNamespace field. Ensure all kubelets are upgraded to 1.13+ before using this capability. (#60195)

  • The dynamic audit configuration API is added. (#67547)

  • A new field EnableServiceLinks is added to the PodSpec to indicate whether information about services should be injected into pod's environment variables. (#68754)

  • CSIPersistentVolume feature, i.e. PersistentVolumes with CSIPersistentVolumeSource, is GA. CSIPersistentVolume feature gate is now deprecated and will be removed according to deprecation policy. (#69929)

  • Raw block volume support is promoted to beta, and enabled by default. This is accessible via the volumeDevices container field in pod specs, and the volumeMode field in persistent volume and persistent volume claims definitions. (#71167)

Bug fixes and Improvements:

  • The default value of extensions/v1beta1 Deployment's RevisionHistoryLimit is set to MaxInt32. (#66605)

  • procMount field is no longer incorrectly marked as required in openapi schema. (#69694)

  • The caBundle and service fields in admission webhook API objects now correctly indicate they are optional. (#70138)

v9.0.0

Breaking Changes:

  • client-go now supports additional non-alpha-numeric characters in UserInfo "extra" data keys. It should be updated in order to properly support extra data containing "/" characters or other characters disallowed in HTTP headers. Old clients sending keys which were %-escaped by the user will have their values unescaped by new API servers. (#65799)

  • apimachinery/pkg/watch.Until has been moved to client-go/tools/watch.UntilWithoutRetry. While switching please consider using the new client-go/tools/watch.UntilWithSync or client-go/tools/watch.Until. (#66906)

  • [k8s.io/apimachinery] Unstructured metadata accessors now respect omitempty semantics i.e. a field having zero value will now be removed from the unstructured metadata map. (#67635)

  • [k8s.io/apimachinery] The ObjectConvertor interface is now changed such that ConvertFieldLabel func takes GroupVersionKind as an argument instead of just version and kind. (#65780)

  • [k8s.io/apimachinery] componentconfig ClientConnectionConfiguration is moved to k8s.io/apimachinery/pkg/apis/config. (#66058)

  • [k8s.io/apimachinery] Renamed KubeConfigFile to Kubeconfig in ClientConnectionConfiguration. (#67149)

  • [k8s.io/apimachinery] JSON patch no longer supports int. (#63522)

New Features:

  • Add ability to cancel leader election. This also proves useful in integration tests where the whole app is started and stopped in each test. (#57932)

  • An example showing how to use fake clients in tests is added. (#65291)

  • [k8s.io/apimachinery] Create and Update now support CreateOptions and UpdateOptions. (#65105)

Bug fixes and Improvements:

  • Decrease the amount of time it takes to modify kubeconfig files with large amounts of contexts. (#67093)

  • The leader election client now renews timeout. (#65094)

  • Switched certificate data replacement from REDACTED to DATA+OMITTED. (#66023)

  • Fix listing in the fake dynamic client. (#66078)

  • Fix discovery so that plural names are no longer ignored if a singular name is not specified. (#66249)

  • Fix kubelet startup failure when using ExecPlugin in kubeconfig. (#66395)

  • Fix panic in the fake SubjectAccessReview client when object is nil. (#66837)

  • Periodically reload InClusterConfig token. (#67359)

  • [k8s.io/apimachinery] Report parsing error in json serializer. (#63668)

  • [k8s.io/apimachinery] The metav1.ObjectMeta accessor does not deepcopy owner references anymore. In general, the accessor interface does not enforce deepcopy nor does it forbid it (e.g. for unstructured.Unstructured). (#64915)

  • [k8s.io/apimachinery] Utility functions SetTransportDefaults and DialerFor once again respect custom Dial functions set on transports. (#65547)

  • [k8s.io/apimachinery] Speed-up conversion function invocation by avoiding reflect.Call. Action required: regenerated conversion with conversion-gen. (#65771)

  • [k8s.io/apimachinery] Establish "406 Not Acceptable" response for unmarshable protobuf serialization error. (#67041)

  • [k8s.io/apimachinery] Immediately close the other side of the connection by exiting once one side closes when proxying. (#67288)

API changes

Breaking Changes:

  • Volume dynamic provisioning scheduling has been promoted to beta. ACTION REQUIRED: The DynamicProvisioningScheduling alpha feature gate has been removed. The VolumeScheduling beta feature gate is still required for this feature. (#67432)

  • The CSI file system type is no longer defaulted to ext4. All the production drivers listed under https://kubernetes-csi.github.io/docs/Drivers.html were inspected and should not be impacted after this change. If you are using a driver not in that list, please test the drivers on an updated test cluster first. (#65499)

New Features:

  • Support annotations for remote admission webhooks. (#58679)

  • Support both directory and block device for local volume plugin FileSystem VolumeMode. (#63011)

  • Introduce autoscaling/v2beta2 and custom_metrics/v1beta2, which implement metric selectors for Object and Pods metrics, as well as allowing AverageValue targets on Objects, similar to External metrics. (#64097)

  • Add Lease API in the coordination.k8s.io API group. (#64246)

  • ProcMount added to SecurityContext and AllowedProcMounts added to PodSecurityPolicy to allow paths in the container's /proc to not be masked. (#64283)

  • Add the AuditAnnotations field to ImageReviewStatus to allow the ImageReview backend to return annotations to be added to the created pod. (#64597)

  • SCTP is now supported as additional protocol (alpha) alongside TCP and UDP in Pod, Service, Endpoint, and NetworkPolicy. (#64973)

  • The PodShareProcessNamespace feature to configure PID namespace sharing within a pod has been promoted to beta. (#66507)

  • Add TTLSecondsAfterFinished to JobSpec for cleaning up Jobs after they finish. (#66840)

  • Add DataSource and TypedLocalObjectReference fields to support restoring a volume from a volume snapshot data source. (#67087)

  • RuntimeClass is a new API resource for defining different classes of runtimes that may be used to run containers in the cluster. Pods can select a RunitmeClass to use via the RuntimeClassName field. This feature is in alpha, and the RuntimeClass feature gate must be enabled in order to use it. (#67737)

  • To address the possibility dry-run requests overwhelming admission webhooks that rely on side effects and a reconciliation mechanism, a new field is being added to admissionregistration.k8s.io/v1beta1.ValidatingWebhookConfiguration and admissionregistration.k8s.io/v1beta1.MutatingWebhookConfiguration so that webhooks can explicitly register as having dry-run support. If a dry-run request is made on a resource that triggers a non dry-run supporting webhook, the request will be completely rejected, with "400: Bad Request". Additionally, a new field is being added to the admission.k8s.io/v1beta1.AdmissionReview API object, exposing to webhooks whether or not the request being reviewed is a dry-run. (#66936)

Bug fixes and Improvements:

  • The DisruptedPods field in PodDisruptionBudgetStatus is now optional. (#63757)

  • extensions/v1beta1 Deployment's ProgressDeadlineSeconds now defaults to MaxInt32. (#66581)

v8.0.0

Breaking Changes:

New Features:

  • A new easy-to-use dynamic client is added and the old dynamic client is now deprecated.

  • client-go and kubectl now detect and report an error on duplicated name for user, cluster and context, while loading the kubeconfig.

  • The informer code-generator now allows specifying a custom resync period for certain informer types and uses the default resync period if none is specified.

  • Exec authenticator plugin now supports TLS client certificates.

  • The discovery client now has a default request timeout of 32 seconds.

  • The OpenStack auth config from is now read from the client config. If the client config is not available, it falls back to reading from the environment variables.

  • The in-tree support for openstack credentials is now deprecated. Please use the client-keystone-auth from the cloud-provider-openstack repository. Details on how to use this new capability is documented here

Bug fixes and Improvements:

API changes

Breaking Changes:

  • Support for alpha.kubernetes.io/nvidia-gpu resource which was deprecated in 1.10 is removed. Please use the resource exposed by DevicePlugins instead (nvidia.com/gpu).

  • Alpha annotation for PersistentVolume node affinity has been removed. Update your PersistentVolumes to use the beta PersistentVolume.nodeAffinity field before upgrading.

  • ObjectMeta ListOptions DeleteOptions are removed from the core api group. Please use the ones in meta/v1 instead.

  • ExternalID in NodeSpec is deprecated. The externalID of the node is no longer set in the Node spec.

  • PSP-related types in the extensions/v1beta1 API group are now deprecated. It is suggested to use the policy/v1beta1 API group instead.

New Features:

  • PodSecurityPolicy now supports restricting hostPath volume mounts to be readOnly and under specific path prefixes.

  • Node.Spec.ConfigSource.ConfigMap.KubeletConfigKey must be specified when using dynamic Kubelet config to tell the Kubelet which key of the ConfigMap identifies its config file.

  • serverAddressByClientCIDRs in meta/v1 APIGroup is now optional.

  • A new field MatchFields is added to NodeSelectorTerm. Currently, it only supports metadata.name.

  • The PriorityClass API is promoted to scheduling.k8s.io/v1beta1.

  • The status of dynamic Kubelet config is now reported via Node.Status.Config, rather than the KubeletConfigOk node condition.

  • The GitRepo volume type is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.

  • The Sysctls experimental feature has been promoted to beta (enabled by default via the Sysctls feature flag). PodSecurityPolicy and Pod objects now have fields for specifying and controlling sysctls. Alpha sysctl annotations will be ignored by 1.11+ kubelets. All alpha sysctl annotations in existing deployments must be converted to API fields to be effective.

  • The annotation service.alpha.kubernetes.io/tolerate-unready-endpoints is deprecated. Users should use Service.spec.publishNotReadyAddresses instead.

  • VerticalPodAutoscaler has been added to autoscaling/v1 API group.

  • Alpha support is added for dynamic volume limits based on node type.

  • ContainersReady condition is added to the Pod status.

Bug fixes and Improvements:

  • Default mount propagation has changed from HostToContainer (rslave in Linux terminology) to None (private) to match the behavior in 1.9 and earlier releases. HostToContainer as a default caused regressions in some pods.

v7.0.0

Breaking Changes:

  • Google Cloud Service Account email addresses can now be used in RBAC Role bindings since the default scopes now include the userinfo.email scope. This is a breaking change if the numeric uniqueIDs of the Google service accounts were being used in RBAC role bindings. The behavior can be overridden by explicitly specifying the scope values as comma-separated string in the users[*].config.scopes field in the KUBECONFIG file.

  • [k8s.io/api] The ConfigOK node condition has been renamed to KubeletConfigOk.

New Features:

  • Subresource support is added to the dynamic client.

  • A watch method is added to the Fake Client.

  • ListOptions can be modified when creating a ListWatch.

  • A /token subresource for ServiceAccount is added.

  • If an informer delivery fails, the particular notification is skipped and continued the next time.

  • Certificate manager will no longer wait until the initial rotation succeeds or fails before returning from Start().

  • [k8s.io/api] VolumeScheduling and LocalPersistentVolume features are beta and enabled by default. The PersistentVolume NodeAffinity alpha annotation is deprecated and will be removed in a future release.

  • [k8s.io/api] The PodSecurityPolicy API has been moved to the policy/v1beta1 API group. The PodSecurityPolicy API in the extensions/v1beta1 API group is deprecated and will be removed in a future release.

  • [k8s.io/api] ConfigMap objects now support binary data via a new binaryData field.

  • [k8s.io/api] Service account TokenRequest API is added.

  • [k8s.io/api] FSType is added in CSI volume source to specify filesystems.

  • [k8s.io/api] v1beta1 VolumeAttachment API is added.

  • [k8s.io/api] v1.Pod now has a field ShareProcessNamespace to configure whether a single process namespace should be shared between all containers in a pod. This feature is in alpha preview.

  • [k8s.io/api] Add NominatedNodeName field to PodStatus. This field is set when a pod preempts other pods on the node.

  • [k8s.io/api] Promote CSIPersistentVolumeSource to beta.

  • [k8s.io/api] Promote DNSPolicy and DNSConfig in PodSpec to beta.

  • [k8s.io/api] External metric types are added to the HPA API.

  • [k8s.io/apimachinery] The meta.k8s.io/v1alpha1 objects for retrieving tabular responses from the server (Table) or fetching just the ObjectMeta for an object (as PartialObjectMetadata) are now beta as part of meta.k8s.io/v1beta1. Clients may request alternate representations of normal Kubernetes objects by passing an Accept header like application/json;as=Table;g=meta.k8s.io;v=v1beta1 or application/json;as=PartialObjectMetadata;g=meta.k8s.io;v1=v1beta1. Older servers will ignore this representation or return an error if it is not available. Clients may request fallback to the normal object by adding a non-qualified mime-type to their Accept header like application/json - the server will then respond with either the alternate representation if it is supported or the fallback mime-type which is the normal object response.

Bug fixes and Improvements:

v6.0.0

Breaking Changes:

New Features:

Bug fixes and Improvements:

v5.0.1

Bug fix: picked up a security fix kubernetes/kubernetes#53443 for PodSecurityPolicy.

v5.0.0

New features:

API changes:

Breaking changes:

  • Moved pkg/api and pkg/apis to k8s.io/api. Other kubernetes repositories also import types from there, so they are composable with client-go.

  • Removed helper functions in pkg/api and pkg/apis. They are planned to be exported in other repos. The issue is tracked here. During the transition, you'll have to copy the helper functions to your projects.

  • The discovery client now fetches the protobuf encoded OpenAPI schema and returns openapi_v2.Document

  • Enforced explicit references to API group client interfaces in clientsets to avoid ambiguity.

  • The generic RESTClient type (k8s.io/client-go/rest) no longer exposes LabelSelectorParam or FieldSelectorParam methods - use VersionedParams with metav1.ListOptions instead. The UintParam method has been removed. The timeout parameter will no longer cause an error when using Param().

v4.0.0

No significant changes since v4.0.0-beta.0.

v4.0.0-beta.0

New features:

Usability improvements:

  • Added several new examples and reorganized client-go/examples

API changes:

Breaking changes:

Bug fixes:

v3.0.0

Bug fixes:

  • Use OS-specific libs when computing client User-Agent in kubectl, etc. (kubernetes/kubernetes#44423)
  • kubectl commands run inside a pod using a kubeconfig file now use the namespace specified in the kubeconfig file, instead of using the pod namespace. If no kubeconfig file is used, or the kubeconfig does not specify a namespace, the pod namespace is still used as a fallback. (kubernetes/kubernetes#44570)
  • Restored the ability of kubectl running inside a pod to consume resource files specifying a different namespace than the one the pod is running in. (kubernetes/kubernetes#44862)

v3.0.0-beta.0

  • Added dependency on k8s.io/apimachinery. The impacts include changing import path of API objects like ListOptions from k8s.io/client-go/pkg/api/v1 to k8s.io/apimachinery/pkg/apis/meta/v1.
  • Added generated listers (listers/) and informers (informers/)
  • Kubernetes API changes:
    • Added client support for:
      • authentication/v1
      • authorization/v1
      • autoscaling/v2alpha1
      • rbac/v1beta1
      • settings/v1alpha1
      • storage/v1
    • Changed client support for:
      • certificates from v1alpha1 to v1beta1
      • policy from v1alpha1 to v1beta1
    • Deleted client support for:
      • extensions/v1beta1#Job
  • CHANGED: pass typed options to dynamic client (kubernetes/kubernetes#41887)

v2.0.0

  • Included bug fixes in k8s.io/kuberentes release-1.5 branch, up to commit bde8578d9675129b7a2aa08f1b825ec6cc0f3420

v2.0.0-alpha.1

  • Removed top-level version folder (e.g., 1.4 and 1.5), switching to maintaining separate versions in separate branches.
  • Clientset supported multiple versions per API group
  • Added ThirdPartyResources example
  • Kubernetes API changes
    • Apps API group graduated to v1beta1
    • Policy API group graduated to v1beta1
    • Added support for batch/v2alpha1/cronjob
    • Renamed PetSet to StatefulSet

v1.5.0