Switch branches/tags
Find file Copy path
4ca3903 Feb 6, 2018
4 contributors

Users who have contributed to this file

@thockin @liggitt @xiangpengzhao @cheyang
1328 lines (1089 sloc) 136 KB


Documentation & Examples

Downloads for v1.5.8

filename sha256 hash
kubernetes.tar.gz 6a3fad3dcc3c59f926e5c0110d16edfc323fdd5482c83102b3f8068b420702db
kubernetes-src.tar.gz 0a1fea0278f77a7ede1f64c05e8c69ba5ea2a9403d579db2247963e7869ff9e5

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 95061ccf35dfe1d9aac0dd55c542c8f1b04874892196b0b71185ba3ea61ec424
kubernetes-client-darwin-amd64.tar.gz 37b14062a8f3701efa12cb2ae9eecef2831d31881990a15bbb526689b0fd2712
kubernetes-client-linux-386.tar.gz 4c1b83462cc9c11144c957beca3479a16162ccd283462d3b6b2afcfa40550137
kubernetes-client-linux-amd64.tar.gz 0baefc8e2c01bddf550764a77d6fb345df331bbc4f2f56efb036d3dd50b64562
kubernetes-client-linux-arm64.tar.gz f0fa7369d03b330bc655f5055e8527e7211936baf3277444947e3b7c9441568e
kubernetes-client-linux-arm.tar.gz 40e1c8e89cc93ed072858afb80eac48524282f9d6a7d2510676ddb319458d0a5
kubernetes-client-windows-386.tar.gz 8ca51905157ff3e9fff9bbd0930678c6c9ef885a14ae8580a1595aa56ac66284
kubernetes-client-windows-amd64.tar.gz b4120b9691a13188cf1328d364d7878f0b8d893636b58e3388291142a000e69f

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 7e17b17e967722546541fdaeead4dc40037ddce4107aa2b2a561ea577aa62101
kubernetes-server-linux-arm64.tar.gz 2928098e581d2ffba2750222a238d4c4e93ab31efd09977d0447964d25cc14bd
kubernetes-server-linux-arm.tar.gz 65b23196a1e55e2ab3893b9e147568aaa35cbf46bc588cb0913349a93b70678c

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 4d73ccd2ecac0f2e161f88e4d77004298d10a009f9b5fa0203fa7bff70a82e30
kubernetes-node-linux-arm64.tar.gz 03244b9c4149d6153eb9459e3774a4a0257fd66d3532add5721223925b6fa26f
kubernetes-node-linux-arm.tar.gz d071b710ec898b5630c776f0f6f88f44c3c72e6494c235a7c5cd5807df8fb0cb
kubernetes-node-windows-amd64.tar.gz 59448d44c86002386450c8804757bfd63f4c943670d7cf15e9221efa53ee0ef5

Changelog since v1.5.7

Other notable changes

  • Update dnsmasq to the latest version. (#53149, @bowei)
  • On GCP platforms, e2e testing now logs which OS images the cluster was found to have. (#48310, @abgworrall)
  • Update cluster-proportional-autoscaler, etcd-empty-dir-cleanup, fluentd-gcp, and kube-addon-manager addons with refreshed base images containing fixes for CVE-2015-8271, CVE-2016-7543, CVE-2016-9841, CVE-2016-9843, CVE-2017-1000366, CVE-2017-2616, and CVE-2017-7507. (#48011, @ixdy)
  • Bump GLBC version to 0.9.5 - fixes loss of manually modified GCLB health check settings upon upgrade from pre-1.6.4 to either 1.6.4 or 1.6.5. (#47567, @nicksardo)
  • Upgrade golang version to 1.7.6 (#46408, @cblecker)


Documentation & Examples

Downloads for v1.5.7

filename sha256 hash
kubernetes.tar.gz 36bc0bcdce4060546f3fef7186f1207d30d5fd340e72113ff592966bd6684827
kubernetes-src.tar.gz b329b02e9542049b9b85f8083a466e51799691bcf06fdf172b9c0f1cb61bdb6d

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 824ea7e5987e4ac7915b11fcd86658221a5a1e942a3f5210383435953509f96f
kubernetes-client-darwin-amd64.tar.gz 251a91eff457640066dd395393b16aae81850225db29207c07321b62fd9213ab
kubernetes-client-linux-386.tar.gz 84c69d23010304308459ad520375fd017f57562f8a78b6157ef0ea093636a8b6
kubernetes-client-linux-amd64.tar.gz 991e1eab65d1817ca3600e3ba3bc63ed86cf139a4669f84899f593ff684fb36c
kubernetes-client-linux-arm64.tar.gz afe9c001a41b88da351ddf0cb3d506d3d8da7d9a94ae2d4b05062b2927c81fec
kubernetes-client-linux-arm.tar.gz a936578c04887a2e1fe0a25e05f4d9663cd673d3fbac0c522bf75710d7f39f9b
kubernetes-client-windows-386.tar.gz 529ae014f0603868c82ee89601668fac17fa55932535d5925a7b61b1f301e61f
kubernetes-client-windows-amd64.tar.gz f1f7e588dca059a4cbe97b4a28a983d346f93fc2bb0d4a1dbbb7d55a3e33caef

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz ae18d659811da316d4a8bbdce15c4396fdee0068f9d3247a72c3a23433fee44c
kubernetes-server-linux-arm64.tar.gz d56187d19b42848b7ff09e82c0452120c173ae56709cae88f96312ee7c41b0c4
kubernetes-server-linux-arm.tar.gz aaa4d9414620bb1834401a17f2b877fe1347a4f8fc37c940092ac7f112e22934

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 40c294ef5af4d548d37a599ee7fa07462f116fa5784d2b1501d95eeb04b8d34d
kubernetes-node-linux-arm64.tar.gz 37482d5933c99fca526d0d47f0cfb2b69101f2e60dd5240b490b9768c8e4171e
kubernetes-node-linux-arm.tar.gz 786ddb390a9fac6e41caa4bb8054240ddb5255b9937bb37d01d77e23857bb407
kubernetes-node-windows-amd64.tar.gz c3e89390c8026845fcf72765e84b7e3cd383de705ef46f4e3d422b343d66bd47

Changelog since v1.5.6

Other notable changes


Documentation & Examples

Downloads for v1.5.6

filename sha256 hash
kubernetes.tar.gz 14a514bb9ed331eb1854a1d66cfaa53290c382641e154c901bcb14eb2cd683b4
kubernetes-src.tar.gz cf3d85bcfd148ed6a54c64b4102a10cc4e54332907fb3d9a6c6e2658a31ca2e9

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 30b819eb1427317be38a4f534fc2c369d43e67499e5df79cdd5d4cfac14f8d36
kubernetes-client-darwin-amd64.tar.gz 3eedf919b2feff4c21edcadb493247013274a3672f6a3d46f19e13af211cea4e
kubernetes-client-linux-386.tar.gz 351bb189f6be835baadda3b87909472c4a9f522ece6e6425250ef227937f2d58
kubernetes-client-linux-amd64.tar.gz d7c3508dc5029c6fefb1bf6f381af92d8626ac5a4b7246009832c03768ae670f
kubernetes-client-linux-arm64.tar.gz 2eaf838ab853c94f05c362a8ce089f32acdb6062356399a6f5fe7cdb13a6fa0c
kubernetes-client-linux-arm.tar.gz e5212f6d9577bd090c88a7124edba86f925e08c710865623d9fb914a5b72e67f
kubernetes-client-windows-386.tar.gz 5a4fdbf0cb88f0e889d8dca1e6c073c167a8c3c7d7b1caad10dbe0dc2eb46677
kubernetes-client-windows-amd64.tar.gz b1170a33c5c6fe2c3f71e820f11cf877f0ee72b60a6546aaf989267c89598656

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 995959c43661c22b0f2ede45b62061f37c25a53388bcdd8988f928574070390a
kubernetes-server-linux-arm64.tar.gz c6b20af2f0c5e3abe20c18aac734846923c8ff3afda637ef1fbd6d3b3820e3b7
kubernetes-server-linux-arm.tar.gz 7d439b2012a0280d40441a5871b25a07b540f5e84c561d2bf8c67725ebbf115d

Changelog since v1.5.5

Other notable changes

  • kube-up (with gce/gci and gce/coreos providers) now ensures the authentication token file contains correct tokens for the control plane components, even if the file already exists (ensures upgrades and downgrades work successfully) (#43676, @liggitt)
  • Patch CVE-2016-8859 in alpine based images: (#42936, @timstclair)
    • Disable thin_ls due to excessive iops (#43113, @dashpole)
        • Ignore .mount cgroups, fixing dissappearing stats
        • Fix wc goroutine leak
        • Update aws-sdk-go dependency to 1.6.10
  • PodSecurityPolicy authorization is correctly enforced by the PodSecurityPolicy admission plugin. (#43489, @liggitt)
  • Bump from 0.9.1 to 0.9.2. Release notes: 0.9.2 (#43097, @timstclair)
  • Update to v0.2.2, which uses busybox as a base image instead of ubuntu. (#41911, @ixdy)
  • restored normalization of custom --etcd-prefix when --storage-backend is set to etcd3 (#42506, @liggitt)


This release contains a fix for a PodSecurityPolicy vulnerability which allows users to make use of any existing PodSecurityPolicy object, even ones they are not authorized to use.

Other then that, this release contains no other changes from 1.5.4.

The vulnerability is tracked in

Who is affected?

Only Kubernetes 1.5.0-1.5.4 installations that do all of the following:

  • Enable the PodSecurityPolicy API (which is not enabled by default):
    • --runtime-config=extensions/v1beta1/podsecuritypolicy=true
  • Enable the PodSecurityPolicy admission plugin (which is not enabled by default):
    • --admission-control=...,PodSecurityPolicy,...
  • Use authorization to limit users' ability to use specific PodSecurityPolicy objects

What is the impact?

A user that is authorized to create pods can make use of any existing PodSecurityPolicy, even ones they are not authorized to use.

How can I mitigate this prior to installing 1.5.5?

  1. Export existing PodSecurityPolicy objects:
  • kubectl get podsecuritypolicies -o yaml > psp.yaml
  1. Review and delete any PodSecurityPolicy objects you do not want all pod-creating users to be able to use (NOTE: Privileged users that were making use of those policies will also lose access to those policies). For example:
  • kubectl delete podsecuritypolicies/my-privileged-policy
  1. After upgrading to 1.5.5, re-create the exported PodSecurityPolicy objects:
  • kubectl create -f psp.yaml

Downloads for v1.5.5

filename sha256 hash
kubernetes.tar.gz ff171d53b6dba2aace899dbfa06044d3a54d798896f7b6dd483f20d2c05374ed
kubernetes-src.tar.gz 25207344982bcf76172c7d156106357a7113b3909ac851e19b437dbba9402af6

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 92eb19b1464674078927263642205498a9b4e496909138626de721f8ff2eb3f1
kubernetes-client-darwin-amd64.tar.gz dd2076d8a3062459b82481bf064d80a198df580f2c34efe7132a091c19d8084c
kubernetes-client-linux-386.tar.gz 8366a72910c987e4140db42244741752efac8e06f0e13f5d0cbc1cc9bec9733c
kubernetes-client-linux-amd64.tar.gz 73536e200fee9f4de19ebfd7d2e063a04f5ccb93073982032e79dc47ae92e89a
kubernetes-client-linux-arm64.tar.gz 8f679bd012ecbc58f0a916f393d3fc79de6dc2624320b04edc1b9249213a49f8
kubernetes-client-linux-arm.tar.gz 1998d6398aef02898babc5ff20484fe7c538f75f78c650631afea1a555aee8d1
kubernetes-client-windows-386.tar.gz dff6fe02a6090feb949acc5753633891bcbdb7ecfb2bff3fa132d025713cbd55
kubernetes-client-windows-amd64.tar.gz bd7c7c39122135b58da89a700580475a3cadbb31aa1b35175ff2f80067bedc0d

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 578977b62af58639548d743991cd2f71b0fd58f9caa729131824f8dde85b5c6e
kubernetes-server-linux-arm64.tar.gz 01a1104d8c5a22c26b8b0a402bf0362d749b7d13a636b31c64fb51bb61ea3a01
kubernetes-server-linux-arm.tar.gz 06c5ca1f962f368219835ed6d075ef6e3a72685f2f0988823f44dd2e602e1980

Changelog since v1.5.4

No notable changes for this release


Documentation & Examples

Downloads for v1.5.4

filename sha256 hash
kubernetes.tar.gz 2ff668c687c1bdf8351dcae102901b1d46cc50e446bde08a244c2e65739de4c3
kubernetes-src.tar.gz 172d33787ec2d11345d152becdc96982d3057ed16426910302c1b103980b634b

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 53e7c4839025ad04c1104b99e1f8b45f4fe639397c623e2e050acb53cb0a8cbd
kubernetes-client-darwin-amd64.tar.gz 6fac39282c9599566874d63c57b305798e4096a42ef83a8965f615c1d709559c
kubernetes-client-linux-386.tar.gz 80719626f7e6db6d2d04e57bb7edad3077b774a11ebccea3fcddadaa48cbf0a6
kubernetes-client-linux-amd64.tar.gz 24001bc0c7ddb32cd72ac9bed55543830424fba734587ac23b812d8d047a9091
kubernetes-client-linux-arm64.tar.gz 094ff4fe7a10e23a397803869a11a3cc508f3990d9e3b4fbccaefe44be2ad81a
kubernetes-client-linux-arm.tar.gz b12b823d12942d7fccaf791343e9c9854073de3e03cc57a7e4bd7b03fec9806b
kubernetes-client-windows-386.tar.gz e5ae9775cfe695d2d855b29c01f19b0fd0fad008071d8e95f47f70beb16291a8
kubernetes-client-windows-amd64.tar.gz 40cc26a8216e703217264194b68d6b5af28ffa1b9b48b23232027c5d63d8b28c

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz a61cb36d64c8a4111cf04f9d1aac5d8418d07a7c8a682522203b0dfa76f9c806
kubernetes-server-linux-arm64.tar.gz abaa5052f9d0daaebf6b7375c9667c9160355b8ea074daac76ba8a79a24cab37
kubernetes-server-linux-arm.tar.gz ffff55a0f5f5848fdde32a2766dc63cdf26629ca4f91db458381ffb55cf49535

Changelog since v1.5.3

Other notable changes

  • Fix AWS device allocator to only use valid device names (#41455, @gnufied)
  • The kube-apiserver basic audit log can be enabled in GCE by exporting the environment variable ENABLE_APISERVER_BASIC_AUDIT=true before running cluster/ This will log to /var/log/kube-apiserver-audit.log and use the same logrotate settings as /var/log/kube-apiserver.log. (#41211, @enisoc)
  • list-resources: don't fail if the grep fails to match any resources (#41933, @ixdy)
  • Bump GCE ContainerVM to container-vm-v20170214 to address CVE-2016-9962. (#41449, @zmerlynn)


Documentation & Examples

Downloads for v1.5.3

filename sha256 hash
kubernetes.tar.gz a4d997be9e3ac0f9838a58fb80d08c2ab02e00afb9d16d3db18d99c85b88b316
kubernetes-src.tar.gz a23636ee40a60c1bb3255a03177f522c28133f74c6d09a5437f6b56b7e1d5296

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 2f8eeb772c22c7dad5a32d6ee17e8b309503b56fbcb0abdc74e1f94e86b33520
kubernetes-client-darwin-amd64.tar.gz b044240271223aa93f8bdb8054824a48ba5571460d2e6c90688dccd0892e5c7e
kubernetes-client-linux-386.tar.gz d2649a41e4a64c2027e321254e4ef3e690371bd0c7eece12d3395e49d8171617
kubernetes-client-linux-amd64.tar.gz eaf386a46eeee324bb71349bba7d5d3f41d7d19af75537cf9e4e7045d7068f68
kubernetes-client-linux-arm64.tar.gz 2f2d45296651e5696f373838ba019e8b8bb11b2a2772a55f0a6e367ec6c18e2d
kubernetes-client-linux-arm.tar.gz 56b8b207fd914dc7c16fdb675a3917ab9bff0efbe745ee1675abbff2b5854d32
kubernetes-client-windows-386.tar.gz fe3136e3c6bd983e55396341c451f896e478e8c9d0b3d1418e1d1fccee3d7b75
kubernetes-client-windows-amd64.tar.gz 8e315cb48135a4ed26585e9d8cf88f550ac51e3658b981bb53cb0952e9b3393a

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz ad4d101bec0ef981a7e1efbe11223e502ff644368d70ad54915e15fcb3ad6735
kubernetes-server-linux-arm64.tar.gz bfd66c57d1071bdd213d4c6d124d491959ae3509994e5a23cc2720a8ad18526d
kubernetes-server-linux-arm.tar.gz 12b335637b7a4aa019cee600b0161d51e6317a87bec0500e1f9d85990f6352d5

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz 3f54e2d101b6351513ce9425a23f9a196e965326c3a7f78a98ef1dad452e5830
kubernetes-node-linux-arm.tar.gz 6508b64755dc0ff90f23921d2b8bb6c0c321c38edeaf24fd4c22282880a87a11
kubernetes-node-linux-arm64.tar.gz 578ef8a6958fb4bf2e0438cdef7707d12456186a1b8c4b18aa66f47b9221a713
kubernetes-node-windows-amd64.tar.gz aa166b275b3d0f80cbf23fbee7f42358b6176f37fd9ef66837f38910d4626079

Changelog since v1.5.2

Other notable changes

  • We change the default attach_detach_controller sync period to 1 minute to reduce the query frequency through cloud provider to check whether volumes are attached or not. (#41363, @jingxu97)
  • Added configurable etcd initial-cluster-state to kube-up script (#41320, @jszczepkowski)
  • If ExperimentalCriticalPodAnnotation=True flag gate is set, kubelet will ensure that pods with annotation will be admitted even under resource pressure, will not be evicted, and are reasonably protected from system OOMs. (#41052, @vishh)
  • Reverts to looking up the current VM in vSphere using the machine's UUID, either obtained via sysfs or via the vm-uuid parameter in the cloud configuration file. (#40892, @robdaemon)
  • Fix for detach volume when node is not present/ powered off (#40118, @BaluDontu)
  • Move to (#40335, @zmerlynn)
  • Bump up GLBC version from 0.9.0-beta to 0.9.1 (#41037, @bprashanth)
  • azure: fix Azure Container Registry integration (#40142, @colemickens)
  • azure disk: restrict name length for Azure specifications (#40030, @colemickens)
  • Bump GCI to gci-beta-56-9000-80-0 (#41027, @dchen1107)
  • Bump up glbc version to 0.9.0-beta.1 (#40565, @bprashanth)
  • Enable lazy inode table and journal initialization for ext3 and ext4 (#38865, @codablock)
  • Kubelet will no longer set hairpin mode on every interface on the machine when an error occurs in setting up hairpin for a specific interface. (#36990, @bboreham)
  • The SubjectAccessReview API passes subresource and resource name information to the authorizer to answer authorization queries. (#40935, @liggitt)
  • Bump GCE ContainerVM to container-vm-v20170201 to address CVE-2016-9962. (#40828, @zmerlynn)
  • Reduce time needed to attach Azure disks (#40066, @codablock)
  • Fixes request header authenticator by presenting the request header client CA so that the front proxy will authenticate using its client certificate. (#40301, @deads2k)
  • Fix failing load balancers in Azure (#40405, @codablock)
  • Add a KUBERNETES_NODE_* section to build kubelet/kube-proxy for windows (#38919, @brendandburns)
  • Update GCE ContainerVM deployment to container-vm-v20170117 to pick up CVE fixes in base image. (#40094, @zmerlynn)
  • Adding vmdk file extension for vmDiskPath in vsphere DeleteVolume (#40538, @divyenpatel)
  • AWS: Remove duplicate calls to DescribeInstance during volume operations (#39842, @gnufied)
  • Caching added to the OIDC client auth plugin to fix races and reduce the time kubectl commands using this plugin take by several seconds. (#38167, @ericchiang)
  • Actually fix local-cluster-up on 1.5 branch (#40501, @lavalamp)
  • Prevent hotloops on error conditions, which could fill up the disk faster than log rotation can free space. (#40497, @lavalamp)
  • Fix issue with PodDisruptionBudgets in which minAvailable specified as a percentage did not work with StatefulSet Pods. (#39454, @foxish)
  • Fix panic in vSphere cloud provider (#38423, @BaluDontu)
  • Allow missing keys in templates by default (#39486, @ncdc)
  • Fix kubectl get -f -o so it prints all items in the file (#39038, @ncdc)
  • Endpoints, that tolerate unready Pods, are now listing Pods in state Terminating as well (#37093, @simonswine)
  • Add path exist check in getPodVolumePathListFromDisk (#38909, @jingxu97)
  • Ensure the GCI metadata files do not have newline at the end (#38727, @Amey-D)
  • AWS: recognize eu-west-2 region (#38746, @justinsb)
  • Fix space issue in volumePath with vSphere Cloud Provider (#38338, @BaluDontu)
  • Fix issue when attempting to unmount a wrong vSphere volume (#37413, @BaluDontu)
  • Changed default scsi controller type in vSphere Cloud Provider (#38426, @abrarshivani)
  • Fixes API compatibility issue with empty lists incorrectly returning a null items field instead of an empty array. (#39834, @liggitt)
  • AWS: Add sequential allocator for device names. (#38818, @jsafrane)
  • Fix fsGroup to vSphere (#38655, @abrarshivani)


Documentation & Examples

Downloads for v1.5.2

filename sha256 hash
kubernetes.tar.gz 67344958325a70348db5c4e35e59f9c3552232cdc34defb8a0a799ed91c671a3
kubernetes-src.tar.gz 93241d0f7b69de71d68384699b225ed8a5439bde03dc154827a2b7a6a343791e

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 1e8a3186907fe5e00f8afcd2ca7a207703d5c499d86c80839333cd7cc4eee9ad
kubernetes-client-darwin-amd64.tar.gz 64ebd769d96aa5a12f13c4d8c4f6ddce58eae90765c55b7942872dc91447e4d7
kubernetes-client-linux-386.tar.gz a8ecb343a7baf9e01459cd903c09291dbbe72e12431e259e60e11b243b2740f7
kubernetes-client-linux-amd64.tar.gz 9d5b6edebb5ee09b20f35d821d3d233ff4d5935880fc8ea8f1fa654d5fd23e51
kubernetes-client-linux-arm64.tar.gz 03fd45f96e5d2b66c568b213d0ab6a216aad8c383d5ea4654f7ba8ef5c4d6747
kubernetes-client-linux-arm.tar.gz 527fbf42e2e4a2785ad367484a4db619b04484621006fa098cde0ffc3ad3496f
kubernetes-client-windows-386.tar.gz 3afe8d3ef470e81a4d793539c2a05fbbca9f0710ced1c132b1105469924e3cea
kubernetes-client-windows-amd64.tar.gz dbb63c5211d62512b412efcb52d0a394f19a8417f3e5cd153a7f04c619eb5b41

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 8c4be20caa87530fdd17e539abe6f2d3cfccaef9156d262d4d9859ca8b6e3a38
kubernetes-server-linux-arm64.tar.gz e0251c3209acebf55e98db521cf29aaa74076a4119b1b19780620faf81d18f44
kubernetes-server-linux-arm.tar.gz 548ad7e061263ff53b80f3ab10a3c7f9289e89a4c56b5a8f49ae513ba88ea93a

Changelog since v1.5.1

Other notable changes

  • Fixes NotAuthenticated errors that appear in the kubelet and kube-controller-manager due to never logging in to vSphere (#36169, @robdaemon)
  • Update amd64 kube-proxy base image to debian-iptables-amd64:v5 (#39725, @ixdy)
  • Update kube-proxy image to be based off of Debian 8.6 base image. (#39695, @ixdy)
  • Fixes an HPA-related panic due to division-by-zero. (#39694, @DirectXMan12)
  • Update fluentd-gcp addon to 1.28.1 (#39706, @ixdy)
  • Provide kubernetes-controller-manager flags to control volume attach/detach reconciler sync. The duration of the syncs can be controlled, and the syncs can be shut off as well. (#39551, @chrislovecnm)
  • AWS: Recognize ca-central-1 region (#38410, @justinsb)
  • fix nil dereference when doing a volume type check on persistent volumes (#39529, @sjenning)
  • Generate OpenAPI definition for inlined types (#39466, @mbohlool)
  • Admit critical pods in the kubelet (#38836, @bprashanth)
  • assign -998 as the oom_score_adj for critical pods (e.g. kube-proxy) (#39114, @dchen1107)
  • Don't evict static pods (#39059, @bprashanth)
  • Fix an issue where AWS tear-down leaks an DHCP Option Set. (#38645, @zmerlynn)
  • Give apply the versioned struct that generated from the type defined in the restmapping. (#38982, @ymqytw)
  • Add support for Azure Container Registry, update Azure dependencies (#37783, @brendandburns)
  • Fixes an issue where hack/ would fail on the API server start with (#38898, @deads2k)
  • Since kubernetes.tar.gz no longer includes client or server binaries, cluster/kube-{up,down,push}.sh now automatically download released binaries if they are missing. (#38730, @ixdy)
  • Fixed validation of multizone cluster for GCE (#38695, @jszczepkowski)
  • Fix nil pointer dereference in test framework (#37583, @mtaufen)
  • Fixed detection of master during creation of multizone nodes cluster by kube-up. (#38617, @jszczepkowski)
  • Kubelet: Add image cache. (#38375, @Random-Liu)


Documentation & Examples

Downloads for v1.5.1

filename sha256 hash
kubernetes.tar.gz adc4f6ec1fc8f97ed19f474ffcc0af2d050f92dc20ecec2799741802019205ec
kubernetes-src.tar.gz 27e5009b906b9f233a7be1efcf51140be945446d828c006c171d03fe07e43565

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 06f8155f0df381bca3b4e27bbd28834f7601e32cbe3d0c1f24be90516c5b8a3b
kubernetes-client-darwin-amd64.tar.gz 3ede7d74c5f2f918547bca4d813901e33580c8b8f19828da21a5c2296ff4b8be
kubernetes-client-linux-386.tar.gz b96c3c359146e4fc4d8ff4cf09216bbbb9dbaf3f405488d4aaa45ac741c98f99
kubernetes-client-linux-amd64.tar.gz 662fc57057290deb38ec49dd7daf4a4a5b91def2dbdb7ee7a4494dec611379a5
kubernetes-client-linux-arm64.tar.gz c33936b7a27f296c7b85bbfac1fe303573580a948dd1f3174916da9a5a954d49
kubernetes-client-linux-arm.tar.gz 31ea3e4cbcc9574a37566a2cc3c809105d56a739e9cbd387bf878acacedf9ec8
kubernetes-client-windows-386.tar.gz 95420d0d49e2875703ac09a1b6021252644ba162349c6c506b06f2677852de5d
kubernetes-client-windows-amd64.tar.gz 534a3c5bdde989c7339df05c4e7793c6c50e5ebc0a663b1a9cdd25bce43a5a74

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 871a9f35e1c73f571b7113e01a91d7bfc5bfe3501e910c921a18313774b25fd1
kubernetes-server-linux-arm64.tar.gz e13b070ef70d2cea512a839095dbf95249d2f7b5dcbfb378539548c888efe196
kubernetes-server-linux-arm.tar.gz c54cf106e919149731a23da60ad354eadc53b3bf544ab91d4d48ff0c87fdaa7e

Changelog since v1.5.0

Other notable changes

Known Issues for v1.5.1

  • hack/ script times out waiting for apiserver to answer, see #38847. To workaround this, modify the script to pass --anonymous-auth=true to sudo -E "${GO_OUT}/hyperkube" apiserver ... when starting kube-apiserver.


Documentation & Examples

Downloads for v1.5.0

filename sha256 hash
kubernetes.tar.gz 52b7df98ea05fb3ebbababf1ccb7f6d4e6f4cad00b8d09350f270aa7e3ad7e85
kubernetes-src.tar.gz fbefb2544667f96045c346cee595b0f315282dfdbd41a8f2d5ccc74054a4078e

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 27d71bb6b16a26387ee30272bd4ee5758deccafafdc91b38f3d0dc19a34e129e
kubernetes-client-darwin-amd64.tar.gz 5fa8550235919568d7d839b19de00e9bdd72a97cfde21dbdbe07fefd6d6290dc
kubernetes-client-linux-386.tar.gz 032a17701c014b8bbbb83c7da1046d8992a41031628cf7e1959a94378f5f195b
kubernetes-client-linux-amd64.tar.gz afae4fadb7bbb1532967f88fef1de6458abda17219f634cc2c41608fd83ae7f6
kubernetes-client-linux-arm64.tar.gz acca7607dae678a0165b7e10685e0eff0d418beebe7c25eaffe18c85717b5cc4
kubernetes-client-linux-arm.tar.gz fbc182b6d9ae476c7c509486d773074fd1007032886a8177735e08010c43f89d
kubernetes-client-windows-386.tar.gz a8ddea329bc8d57267294464c163d8c2f7837f6353f8c685271864ed8b8bc54d
kubernetes-client-windows-amd64.tar.gz bc3a76f1414fa1f4b2fb92732de2100d346edb7b870ed5414ea062bb401a8ebd

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz b9c122d709c0556c1e19d31d98bf26ee530f91c0119f4454fb930cef5a0c1aa7
kubernetes-server-linux-arm64.tar.gz 3bbba5c8dedc47db8f9ebdfac5468398cce2470617de9d550affef9702b724c9
kubernetes-server-linux-arm.tar.gz 3ff9ccdd641690fd1c8878408cd369beca1f9f8b212198e251862d40cf2dadc0

Major Themes

  • StatefulSets (ex-PetSets)
    • StatefulSets are beta now (fixes and stabilization)
  • Improved Federation Support
    • New command: kubefed
    • DaemonSets
    • Deployments
    • ConfigMaps
  • Simplified Cluster Deployment
    • Improvements to kubeadm
    • HA Setup for Master
  • Node Robustness and Extensibility
    • Windows Server Container support
    • CRI for pluggable container runtimes
    • kubelet API supports authentication and authorization


Features for this release were tracked via the use of the kubernetes/features issues repo. Each Feature issue is owned by a Special Interest Group from kubernetes/community

  • API Machinery
  • Apps
    • [stable] When replica sets cannot create pods, they will now report detail via the API about the underlying reason (kubernetes/features#120)
    • [stable] kubectl apply is now able to delete resources you no longer need with --prune (kubernetes/features#128)
    • [beta] Deployments that cannot make progress in rolling out the newest version will now indicate via the API they are blocked (docs) (kubernetes/features#122)
    • [beta] StatefulSets allow workloads that require persistent identity or per-instance storage to be created and managed on Kubernetes. (docs) (kubernetes/features#137)
    • [beta] In order to preserve safety guarantees the cluster no longer force deletes pods on un-responsive nodes and users are now warned if they try to force delete pods via the CLI. (docs) (kubernetes/features#119)
  • Auth
  • AWS
  • Cluster Lifecycle
  • Cluster Ops
    • [alpha] Added ability to create/remove clusters w/highly available (replicated) masters on GCE using kube-up/kube-down scripts. (docs) (kubernetes/features#48)
  • Federation
  • Network
    • [stable] Services can reference another service by DNS name, rather than being hosted in pods (kubernetes/features#33)
    • [beta] Opt in source ip preservation for Services with Type NodePort or LoadBalancer (docs) (kubernetes/features#27)
    • [stable] Enable DNS Horizontal Autoscaling with beta ConfigMap parameters support (docs)
  • Node
    • [alpha] Added ability to preserve access to host userns when userns remapping is enabled in container runtime (kubernetes/features#127)
    • [alpha] Introducing the v1alpha1 CRI API to allow pluggable container runtimes; an experimental docker-CRI integration is ready for testing and feedback. (docs) (kubernetes/features#54)
    • [alpha] Kubelet launches container in a per pod cgroup hierarchy based on quality of service tier (kubernetes/features#126)
    • [beta] Kubelet integrates with memcg notification API to detect when a hard eviction threshold is crossed (kubernetes/features#125)
    • [beta] Introducing the beta version containerized node conformance test for users to verify node setup. (docs) (kubernetes/features#84)
  • Scheduling
  • UI
  • Windows

Known Issues

Populated via v1.5.0 known issues / FAQ accumulator

  • CRI known issues and limitations
  • getDeviceNameFromMount() function doesn't return the volume path correctly when the volume path contains spaces #37712
  • Federation alpha features do not have feature gates defined and are hence enabled by default. This will be fixed in a future release. #38593
  • Federation control plane can be upgraded by updating the image fields in the Deployment specs of the control plane components. However, federation control plane upgrades were not tested in this release 38537

Notable Changes to Existing Behavior

  • Node controller no longer force-deletes pods from the api-server. (#35235, @foxish)

    • For StatefulSet (previously PetSet), this change means creation of replacement pods is blocked until old pods are definitely not running (indicated either by the kubelet returning from partitioned state, deletion of the Node object, deletion of the instance in the cloud provider, or force deletion of the pod from the api-server). This helps prevent "split brain" scenarios in clustered applications by ensuring that unreachable pods will not be presumed dead unless some "fencing" operation has provided one of the above indications.
    • For all other existing controllers except StatefulSet, this has no effect on the ability of the controller to replace pods because the controllers do not reuse pod names (they use generate-name).
    • User-written controllers that reuse names of pod objects should evaluate this change.
    • When deleting an object with kubectl delete ... --grace-period=0, the client will begin a graceful deletion and wait until the resource is fully deleted. To force deletion immediately, use the --force flag. This prevents users from accidentally allowing two Stateful Set pods to share the same persistent volume which could lead to data corruption #37263
  • Allow anonymous API server access, decorate authenticated users with system:authenticated group (#32386, @liggitt)

    • kube-apiserver learned the '--anonymous-auth' flag, which defaults to true. When enabled, requests to the secure port that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of 'system:anonymous' and a group of 'system:unauthenticated'.
    • Authenticated users are decorated with a 'system:authenticated' group.
    • IMPORTANT: See Action Required for important actions related to this change.
  • kubectl get -o jsonpath=... will now throw an error if the path is to a field not present in the json, even if the path is for a field valid for the type. This is a change from the pre-1.5 behavior, which would return the default value for some fields even if they were not present in the json. (#37991, @pwittrock)

  • The strategicmerge patchMergeKey for VolumeMounts was changed from "name" to "mountPath". This was necessary because the name field refers to the name of the Volume, and is not a unique key for the VolumeMount. Multiple VolumeMounts will have the same Volume name if mounting the same volume more than once. The "mountPath" is verified to be unique and can act as the mergekey. (#35071, @pwittrock)


  • extensions/v1beta1.Jobs is deprecated, use batch/v1.Job instead (#36355, @soltysh)
  • The kubelet --reconcile-cdir flag is deprecated because it has no function anymore. (#35523, @luxas)
  • Notice of deprecation for recycler #36760
  • The init-container ( annotations used to accept capitalized field names that could be accidentally generated by the package. Using an upper case field name will now return an error and all users should use the versioned API types from pkg/api/v1 when serializing from Golang.

Action Required Before Upgrading

  • **Important Security-related changes before upgrading
    • You MUST set --anonymous-auth=false flag on your kube-apiserver unless you are a developer testing this feature and understand it. If you do not, you risk allowing unauthorized users to access your apiserver.
    • You MUST set --anonymous-auth=false flag on your federation apiserver unless you are a developer testing this feature and understand it. If you do not, you risk allowing unauthorized users to access your federation apiserver.
    • You do not need to adjust this flag on Kubelet: there was no authorization for the Kubelet APIs in 1.4.
  • batch/v2alpha1.ScheduledJob has been renamed, use batch/v2alpha1.CronJob instead (#36021, @soltysh)
  • PetSet has been renamed to StatefulSet. If you have existing PetSets, you must perform extra migration steps both before and after upgrading to convert them to StatefulSets. (docs) (#35663, @janetkuo)
  • If you are upgrading your Cluster Federation components from v1.4.x, please update your federation-apiserver and federation-controller-manager manifests to the new version (#30601, @madhusudancs)
  • The deprecated kubelet --configure-cbr0 flag has been removed, and with that the "classic" networking mode as well. If you depend on this mode, please investigate whether the other network plugins kubenet or cni meet your needs. (#34906, @luxas)
  • New client-go structure, refer to kubernetes/client-go for versioning policy (#34989, @caesarxuchao)
  • The deprecated kube-scheduler --bind-pods-qps and --bind-pods burst flags have been removed, use --kube-api-qps and --kube-api-burst instead (#34471, @timothysc)
  • If you used the PodDisruptionBudget feature in 1.4 (i.e. created PodDisruptionBudget objects), then BEFORE upgrading from 1.4 to 1.5, you must delete all PodDisruptionBudget objects (policy/v1alpha1/PodDisruptionBudget) that you have created. It is not possible to delete these objects after you upgrade, and their presence will prevent you from using the beta PodDisruptionBudget feature in 1.5 (which uses policy/v1beta1/PodDisruptionBudget). If you have already upgraded, you will need to downgrade the master to 1.4 to delete the policy/v1alpha1/PodDisruptionBudget objects.

External Dependency Version Information

Continuous integration builds have used the following versions of external dependencies, however, this is not a strong recommendation and users should consult an appropriate installation or upgrade guide before deciding what versions of etcd, docker or rkt to use.

  • Docker versions 1.10.3 - 1.12.3
    • Docker version 1.11.2 known issues
      • Kernel crash with Aufs storage driver on Debian Jessie (#27885 which can be identified by the node problem detector
      • Leaked File descriptors (#275)
      • Additional memory overhead per container (#21737
    • Docker version 1.12.1 has been validated through the Kubernetes docker automated validation framework as has Docker version 1.12.3
  • Docker 1.10.3 contains backports provided by RedHat for known issues
  • Docker versions as old as may 1.9.1 work with known issues but this is not guaranteed
  • rkt version 1.21.0
  • etcd version 2.2.1

Changelog since v1.5.0-beta.3

Other notable changes

Previous Releases Included in v1.5.0


Documentation & Examples

Downloads for v1.5.0-beta.3

filename sha256 hash
kubernetes.tar.gz c2b29b38d29829b7b2591559d0d36495d463de0e18a2611bd1d66f2baea6352c
kubernetes-src.tar.gz 0b3327b6f0b024c989aba1e546d50d56fc89ed6df74c09fc55b9f9c4a667b771

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 82a7144ae1371c3320019c8e6a76e95242d85aae9dedccc4884b677cda544c0e
kubernetes-client-darwin-amd64.tar.gz 3aeea90acfbaf776e2c812e34df4c11a44720e4c5b86c4c0e9a8aaf221149335
kubernetes-client-linux-386.tar.gz d55fb1dfe64e62bffbf03f1a7c8bd666562014ad0d438049f0f801f5fa583914
kubernetes-client-linux-amd64.tar.gz 779b2f1c0eb3eca7dd60332972ccfc79e557e34f080c210dfb6aa6e18e71bbf4
kubernetes-client-linux-arm64.tar.gz b5f0a3b23d7082eaefe7090d7a8f9952fd8b00d44a90137200bc5a91001b6e95
kubernetes-client-linux-arm.tar.gz ccadbef7ce7c89fc48988c57585c0ccb7488d2dcc7e96f4e43c5bb64e44b9e29
kubernetes-client-windows-386.tar.gz da1428b6ed138134358c72af570a65565c5188a1c6e50cee42becb1a48441d91
kubernetes-client-windows-amd64.tar.gz 7b74aeb215b0f0ff86bae262af5bafe7083a44293e1ab2545f5de3ac42deda0b

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz c56aa39fd4e732c86a2729aa427ca2fc95130bd788053aa8e8f6a8efd9e1310e
kubernetes-server-linux-arm64.tar.gz 9f55082ca5face2db2d6d54bed2a831622e747e1aa527ee8adc61d0ed3fcfab8
kubernetes-server-linux-arm.tar.gz 4a7c037ac221531eee4e47b66a2aa12fce4044d2d4acbef0e48b09e0a8fe950b

Changelog since v1.5.0-beta.2

Other notable changes


Documentation & Examples

Downloads for v1.5.0-beta.2

filename sha256 hash
kubernetes.tar.gz 4a6cb512dee2312ffe291f4209759309576ca477cf51fb8447b30a7cb2a887ed
kubernetes-src.tar.gz fe71f19b607183da4abf5f537e7ccbe72ac3306b0933ee1f519253c78bf9252f

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 37bcd12754a28ba6b4d030c68526bc6369f1fa3b7b0e405277bb13989ed0f9da
kubernetes-client-darwin-amd64.tar.gz 760817040ca040dd4ba8929cfb714b8bf6704c6ac2ec9985b56fa77b4da03d2c
kubernetes-client-linux-386.tar.gz 87d694445a3e532748d07e0d0da05c1ae8b84b46c54ec1415c9603533747a465
kubernetes-client-linux-amd64.tar.gz b2bcd07a525428fe24da628afca22b019b8f2847d1999da8fce72b7342cf64ed
kubernetes-client-linux-arm64.tar.gz 262c4fa70039389aa5d5b73a0def325471bd24b858157d60c0389fbee5ca671e
kubernetes-client-linux-arm.tar.gz 52c9341c1e6aa923aed4497c061121c192f209c90fcf31135edc45241a684bfa
kubernetes-client-windows-386.tar.gz 7d8e3bcdfa9dc3d5fde70c60a37e543cc59d23b25e2b0a2274e672d0bae013c2
kubernetes-client-windows-amd64.tar.gz 75143c176bc817fc49a79229dfae8c7429d0a3deeaba54a397dddce3e37e8550

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 61c209048da1612796a30b880076b7f9b59038821da63bbecac4c56f24216312
kubernetes-server-linux-arm64.tar.gz 2c6952e16c0b0c153ca3d424b3deca9b43a8e421b1a59359bc10260309bf470c
kubernetes-server-linux-arm.tar.gz cf3e37a89358cae1d2d36aaad10f3e906269bc3df611279dbed9f50e81449fad

Changelog since v1.5.0-beta.1

Other notable changes

  • Modify GCI mounter to enable NFSv3 (#36610, @jingxu97)
  • Third party resources are now deleted when a namespace is deleted. (#35947, @brendandburns)
  • kube-dns (#36775, @bowei)
    • Added --config-map and --config-map-namespace command line options.
    • If --config-map is set, kube-dns will load dynamic configuration from the config map
    • referenced by --config-map-namespace, --config-map. The config-map supports
    • the following properties: "federations".
    • --federations flag is now deprecated. Prefer to set federations via the config-map.
    • Federations can be configured by settings the "federations" field to the value currently
    • set in the command line.
    • Example:
    • kind: ConfigMap
    • apiVersion: v1
    • metadata:
    • name: kube-dns
    • namespace: kube-system
    • data:
    • federations: abc=def
  • azure: support multiple ipconfigs on a NIC (#36841, @colemickens)
  • Fix issue in converting AWS volume ID from mount paths (#36840, @jingxu97)
  • fix leaking memory backed volumes of terminated pods (#36779, @sjenning)
  • Default logging subsystem's resiliency was greatly improved, fluentd memory consumption and OOM error probability was reduced. (#37021, @Crassirostris)


Documentation & Examples

Downloads for v1.5.0-beta.1

filename sha256 hash
kubernetes.tar.gz 62c51bcee460794cda30e720c65509b679b51015c62c075e6e735fe29d089e2b
kubernetes-src.tar.gz 8c950c7377eb40670d0438ccb68bbeaf1100ed2e919e012bc98479ff07ddd393

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz e71af85542837842ff3b0fb8137332f4e1ce4c453d225da292e1fa781f1c74d7
kubernetes-client-darwin-amd64.tar.gz 033d02c1382553f977057827b6a5b82f1b69aecd44b649c937781d1cccb763d1
kubernetes-client-linux-386.tar.gz 1e7a435f2f7d06e3de9bd8c8d0457b6548aa15ad5cdab4241391f290a28b804f
kubernetes-client-linux-amd64.tar.gz 3c07a89e8eb785a7b37842d4b0bc0471fcc7b4e3a4bd973e6f8936cbc6030d76
kubernetes-client-linux-arm64.tar.gz 680a2786d9782395b613e27509df2d0f671a2471a43533ccdbc6b71cfb332072
kubernetes-client-linux-arm.tar.gz 2a5b10fbd69ce9b1da0403a80d71684ee2cf4d75298a5ec19e069ae826da81ed
kubernetes-client-windows-386.tar.gz 10acbf09ffbc04f549d1cffff98a533b456562d5c09a2d0f315523b70072c35d
kubernetes-client-windows-amd64.tar.gz 3317f90da242b0fb95a3cbc669fc4941d7b56b5ff90ac528c166e915bee31fdf

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz fdb257c0bbf64304441fd377a5ee330de10696aa0b5c1b6c27fa73a6c00121ae
kubernetes-server-linux-arm64.tar.gz a174cf6c9351da786b8780f5edca158a4e021d4af597bcc66f238601fb37c2b1
kubernetes-server-linux-arm.tar.gz 1dc520b9a4428321225ba6cfa0f79b702965d7f6994357c15e0195c5af1528ff

Changelog since v1.5.0-alpha.2

Action Required

Other notable changes

  • Federation: allow specification of dns zone by ID (#36336, @justinsb)
  • K8s 1.5 keeps container-vm as the default node image on GCE for backwards compatibility reasons. Please beware that container-vm is officially deprecated (supported with security patches only) and you should replace it with GCI if at all possible. You can review the migration guide here for more detail: (#36822, @mtaufen)
  • Add a flag allowing contention profiling of the API server (#36756, @gmarek)
  • Rename --cgroups-per-qos to --experimental-cgroups-per-qos in Kubelet (#36767, @vishh)
  • Implement CanMount() for gfsMounter for linux (#36686, @rkouj)
  • Default host user namespace via experimental flag (#31169, @pweil-)
  • Use generous limits in the resource usage tracking tests (#36623, @yujuhong)
  • Update Dashboard UI version to 1.4.2 (#35895, @rf232)
  • Add support for service load balancer source ranges to Azure load balancers. (#36696, @brendandburns)
  • gci-dev-56-8977-0-0: (#36681, @mtaufen)
  • Fix strategic patch for list of primitive type with merge sementic (#35647, @ymqytw)
  • Fix issue in reconstruct volume data when kubelet restarts (#36616, @jingxu97)
  • Ensure proper serialization of updates and creates in federation test watcher (#36613, @mwielgus)
  • Add support for SourceIP preservation in Azure LBs (#36557, @brendandburns)
  • Fix fetching pids running in a cgroup, which caused problems with OOM score adjustments & setting the /system cgroup ("misc" in the summary API). (#36551, @timstclair)
  • federation: Adding support for DeleteOptions.OrphanDependents for federated replicasets and deployments. Setting it to false while deleting a federated replicaset or deployment also deletes the corresponding resource from all registered clusters. (#36476, @nikhiljindal)
  • kubectl: show node label if defined (#35901, @justinsb)
  • Migrates addons from RCs to Deployments (#36008, @MrHohn)
  • Avoid setting S_ISGID on files in volumes (#36386, @sjenning)
  • federation: Adding support for DeleteOptions.OrphanDependents for federated daemonsets and ingresses. Setting it to false while deleting a federated daemonset or ingress also deletes the corresponding resource from all registered clusters. (#36330, @nikhiljindal)
  • Add authz to psp admission (#33080, @pweil-)
  • Better messaging for missing volume binaries on host (#36280, @rkouj)
  • Add Windows support to kube-proxy (#36079, @jbhurat)
  • Support persistent volume usage for kubernetes running on Photon Controller platform (#36133, @luomiao)
  • GCI nodes use an external mounter script to mount NFS & GlusterFS storage volumes (#36267, @vishh)
  • Add retry to node scheduability marking. (#36211, @brendandburns)
  • specify custom ca file to verify the keystone server (#35488, @dixudx)
  • AWS: Support default value for ExternalHost (#33568, @justinsb)
  • HPA: Consider unready pods separately (#33593, @DirectXMan12)
  • Node Conformance Test: Containerize the node e2e test (#31093, @Random-Liu)
  • federation: Adding support for DeleteOptions.OrphanDependents for federated secrets. Setting it to false while deleting a federated secret also deletes the corresponding secrets from all registered clusters. (#36296, @nikhiljindal)
  • Deploy kube-dns with cluster-proportional-autoscaler (#33239, @MrHohn)
  • Adds support for StatefulSets in kubectl drain. (#35483, @ymqytw)
    • Switches to use the eviction sub-resource instead of deletion in kubectl drain, if server supports.
  • azure: load balancer preserves destination ip address (#36256, @colemickens)
  • LegacyHostIP will be deprecated in 1.7. (#36095, @caesarxuchao)
  • Fix LBaaS version detection in openstack cloudprovider (#36249, @sjenning)
  • Node Conformance Test: Add system verification (#32427, @Random-Liu)
  • kubelet bootstrap: start hostNetwork pods before we have PodCIDR (#35526, @justinsb)
  • Enable HPA controller based on autoscaling/v1 api group (#36215, @piosz)
  • Remove unused WaitForDetach from Detacher interface and plugins (#35629, @kiall)
  • Initial work on running windows containers on Kubernetes (#31707, @alexbrand)
  • Per Volume Inode Accounting (#35132, @dashpole)
  • [AppArmor] Hold bad AppArmor pods in pending rather than rejecting (#35342, @timstclair)
  • Federation: separate notion of zone-name & dns-suffix (#35372, @justinsb)
  • In order to bypass graceful deletion of pods (to immediately remove the pod from the API) the user must now provide the --force flag in addition to --grace-period=0. This prevents users from accidentally force deleting pods without being aware of the consequences of force deletion. Force deleting pods for resources like StatefulSets can result in multiple pods with the same name having running processes in the cluster, which may lead to data corruption or data inconsistency when using shared storage or common API endpoints. (#35484, @smarterclayton)
  • NPD: Add e2e test for NPD v0.2. (#35740, @Random-Liu)
  • DELETE requests can now pass in their DeleteOptions as a query parameter or a body parameter, rather than just as a body parameter. (#35806, @bdbauer)
  • make using service account credentials from controllers optional (#35970, @deads2k)
  • AWS: strong-typing for k8s vs aws volume ids (#35883, @justinsb)
  • Controller changes for perma failed deployments (#35691, @kargakis)
  • Proxy min sync period (#35334, @timothysc)
  • Federated ConfigMap controller (#35635, @mwielgus)
  • have basic kubectl crud agnostic of registered types (#36085, @deads2k)
  • Fix how we iterate over active jobs when removing them for Replace policy (#36161, @soltysh)
  • Adds TCPCloseWaitTimeout option to kube-proxy for sysctl nf_conntrack_tcp_timeout_time_wait (#35919, @bowei)
  • Pods that are terminating due to eviction by the nodecontroller (typically due to unresponsive kubelet, or network partition) now surface in kubectl get output (#36017, @foxish)
    • as being in state "Unknown", along with a longer description in kubectl describe output.
  • The hostname of the node (as autodetected by the kubelet, specified via --hostname-override, or determined by the cloudprovider) is now recorded as an address of type "Hostname" in the status of the Node API object. The hostname is expected to be resolveable from the apiserver. (#25532, @mkulke)
  • [Kubelet] Add alpha support for --cgroups-per-qos using the configured --cgroup-driver. Disabled by default. (#31546, @derekwaynecarr)
  • Move Statefulset (previously PetSet) to v1beta1 (#35731, @janetkuo)
  • The error handling behavior of pkg/client/restclient.Result has changed. Calls to Result.Raw() will no longer parse the body, although they will still return errors that react to pkg/api/errors.Is*() as in previous releases. Callers of Get() and Into() will continue to receive errors that are parsed from the body if the kind and apiVersion of the body match the Status object. (#36001, @smarterclayton)
    • This more closely aligns rest client as a generic RESTful client, while preserving the special Kube API extended error handling for the Get and Into methods (which most Kube clients use).
  • Making the annotation optional in PetSet pods (#35739, @foxish)
  • AWS: recognize us-east-2 region (#35013, @justinsb)
  • Eviction manager evicts based on inode consumption (#35137, @dashpole)
  • SELinux Overhaul (#33663, @pmorie)
  • Add SNI support to the apiserver (#35109, @sttts)
  • The main kubernetes repository stops hosting archived version of released clients. Please use client-go. (#35928, @caesarxuchao)
  • Correct the article in generated documents (#32557, @asalkeld)
  • Update PodAntiAffinity to ignore calls to subresources (#35608, @soltysh)
  • The apiserver can now select which type of kubelet-reported address to use for apiserver->node communications, using the --kubelet-preferred-address-types flag. (#35497, @liggitt)
  • update list of vailable resources (#32687, @jouve)
  • Remove stale volumes if endpoint/svc creation fails. (#35285, @humblec)
  • add kubectl cp (#34914, @brendandburns)
  • Remove Job also from for Replace strategy (#35420, @soltysh)
  • Let release_1_5 clientset include multiple versions of a group (#35471, @caesarxuchao)
  • support editing before creating resource (#33250, @ymqytw)
  • allow authentication through a front-proxy (#35452, @deads2k)
  • On GCI, cleanup kubelet startup (#35319, @vishh)
  • Add a retry when reading a file content from a container (#35560, @jingxu97)
  • Fix cadvisor_unsupported and the crossbuild (#35817, @luxas)
  • [PHASE 1] Opaque integer resource accounting. (#31652, @ConnorDoyle)
  • Add sync state loop in master's volume reconciler (#34859, @jingxu97)
  • Bump GCE debian image to container-vm-v20161025 (CVE-2016-5195 Dirty… (#35825, @dchen1107)
  • GC pod ips (#35572, @bprashanth)
  • Stop including arch-specific binaries in kubernetes.tar.gz (#35737, @ixdy)
  • Rename PetSet to StatefulSet (#35663, @janetkuo)
  • Enable containerized storage plugins mounter on GCI (#35350, @vishh)
  • Bump container-vm version in (#35705, @mtaufen)
  • Cadvisor root path configuration (#35136, @dashpole)
  • ssh pubkey parsing: prevent segfault (#35323, @mikkeloscar)


Documentation & Examples

Downloads for v1.5.0-alpha.2

filename sha256 hash
kubernetes.tar.gz 77f04c646657b683210a17aeca62e56bf985702b267942b41729406970c40cee
kubernetes-src.tar.gz f6090cc853e56159099bf12169f0d84e29fd2c055b0c7dbdac755ee94439a6a6

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 917adbc70156d55371c1aea62279a521e930e7ff130728aa176505f0268182e3
kubernetes-client-darwin-amd64.tar.gz 9c8084eeab05b6db0508f789cb8a05b4f864ee23ea37b43e17af0026fb67defa
kubernetes-client-linux-386.tar.gz 3498f9cd73bb947b7cd8c4e5fb3ebe0676fbc98cf346a807f1b7c252aa068d68
kubernetes-client-linux-amd64.tar.gz e9bf2e48212bb275b113d0a1f6091c4692126c8af3c4e0a986e483ec27190e82
kubernetes-client-linux-arm64.tar.gz 9c514a482d4dd44d64f3d47eb3d64b434343f10abdecf1b5176ff0078d3b7008
kubernetes-client-linux-arm.tar.gz c51a8ebc2c3ca2f914042a6017852feb315fd3ceba8b0d5186349b553da11fdb
kubernetes-client-windows-386.tar.gz 32b006e1f9e6c14fe399806bb82ec4bf8658ab9828753d1b14732bb8dbb72062
kubernetes-client-windows-amd64.tar.gz 1e142f1fe76bdd660b4f1be51eef4e51705585fccb94e674a7d891ffe8c3b4e3

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz 4a3b550a1ede8bebd14413a37e3fc10c8403a3e3fbbce096de443351d076817a
kubernetes-server-linux-arm64.tar.gz 00e58bb04bf150c554f28d8fd2f72fbdd1e7918999aaea9c88c91c8f71946ffe
kubernetes-server-linux-arm.tar.gz 6837ff73249c0f3e7ba2d7c00321274db0f97b5cd0b4dc58d5cc3a2119e1c820

Changelog since v1.5.0-alpha.1

Action Required

  • Deprecate the --reconcile-cidr kubelet flag because it has no function anymore (#35523, @luxas)
  • Removed the deprecated kubelet --configure-cbr0 flag, and with that the "classic" networking mode as well (#34906, @luxas)
  • New client-go structure (#34989, @caesarxuchao)
  • Remove scheduler flags that were marked as deprecated 2+ releases ago. (#34471, @timothysc)

Other notable changes

  • Make the fake RESTClient usable by all the API groups, not just core. (#35492, @madhusudancs)
  • Adding support for DeleteOptions.OrphanDependents for federated namespaces. Setting it to false while deleting a federated namespace also deletes the corresponding namespace from all registered clusters. (#34648, @nikhiljindal)
  • Kubelet flag '--mounter-path' renamed to '--experimental-mounter-path' (#35646, @vishh)
  • Node status updater should SetNodeStatusUpdateNeeded if it fails to update status (#34368, @jingxu97)
  • Deprecate OpenAPI spec for GroupVersion endpoints in favor of single spec /swagger.json (#35388, @mbohlool)
  • kubelet authn/authz (#34381, @liggitt)
  • Fix volume states out of sync problem after kubelet restarts (#33616, @jingxu97)
  • Added rkt binary to GCI (#35321, @vishh)
  • Fixed mutation warning in Attach/Detach controller (#35273, @jsafrane)
  • Don't count failed pods as "not-ready" (#35404, @brendandburns)
  • fixed typo in script which made setting custom cidr in gce using kube-up impossible (#35267, @tommywo)
  • The podGC controller will now always run, irrespective of the value supplied to the "terminated-pod-gc-threshold" flag supplied to the controller manager. (#35476, @foxish)
    • The specific behavior of the podGC controller to clean up terminated pods is still governed by the flag, but the podGC's responsibilities have evolved beyond just cleaning up terminated pods.
  • Update grafana version used by default in kubernetes to 3.1.1 (#35435, @Crassirostris)
  • vSphere Kube-up: resolve vm-names on all nodes (#35365, @kerneltime)
  • bootstrap: Start hostNetwork pods even if network plugin not ready (#33347, @justinsb)
  • Factor out post-init swagger and OpenAPI routes (#32590, @sttts)
  • Substitute gcloud regex with regexp (#35346, @bprashanth)
  • Remove support for multi-architecture code in kubeadm, which was released untested. (#35124, @errordeveloper)
  • vSphere kube-up: Wait for cbr0 configuration to complete before setting up routes. (#35232, @kerneltime)
  • Remove last probe time from replica sets (#35199, @kargakis)
  • Update the GCI image to gci-dev-55-8872-18-0 (#35243, @maisem)
  • Add --mounter-path flag to kubelet that will allow overriding the mount command used by kubelet (#34994, @jingxu97)
  • Fix a bug under the rkt runtime whereby image-registries with ports would not be fetched from (#34375, @euank)
  • Updated default Elasticsearch and Kibana used for elasticsearch logging destination to versions 2.4.1 and 4.6.1 respectively. (#34969, @Crassirostris)
  • Loadbalanced client src ip preservation enters beta (#33957, @bprashanth)
  • Add NodePort value in kubectl output (#34922, @zreigz)
  • kubectl drain now waits until pods have been delete from the Node before exiting (#34778, @ymqytw)
  • Don't report FS stats for system containers in the Kubelet Summary API (#34998, @timstclair)
  • Fixed flakes caused by petset tests. (#35158, @foxish)
  • Add validation that detects repeated keys in the labels and annotations maps (#34407, @brendandburns)
  • Change merge key for VolumeMount to mountPath (#35071, @thockin)
  • kubelet: storage: don't hang kubelet on unresponsive nfs (#35038, @sjenning)
  • Fix kube vsphere.kerneltime (#34997, @kerneltime)
  • Add PSP support for seccomp profiles (#28300, @pweil-)
  • Updated Go to 1.7 (#28742, @jessfraz)
  • HPA: fixed wrong count for target replicas calculations (#34821). (#34955, @jszczepkowski)
  • Improves how 'kubectl' uses the terminal size when printing help and usage. (#34502, @fabianofranz)
  • Updated Elasticsearch image from version 1.5.1 to version 2.4.1. Updated Kibana image from version 4.0.2 to version 4.6.1. (#34562, @Crassirostris)
  • libvirt-coreos: Download the coreos_production_qemu_image over SSL. (#34646, @roberthbailey)
  • Add a new global option "--request-timeout" to the kubectl client (#33958, @juanvallejo)
  • Add support for admission controller based on namespace node selectors. (#24980, @aveshagarwal)
  • Add 'kubectl set resources' (#27206, @JacobTanenbaum)
  • Support trust id as a scope in the OpenStack authentication logic (#32111, @MatMaul)
  • Only wait for cache syncs once in NodeController (#34851, @ncdc)
  • NodeController waits for informer sync before doing anything (#34809, @gmarek)
  • azure: lower log priority for skipped nic update message (#34730, @colemickens)
  • Security Group support for OpenStack Load Balancers (#31921, @grahamhayes)
  • Make NodeController recognize deletion tombstones (#34786, @davidopp)
  • Delete all firewall rules (and optionally network) on GCE/GKE cluster teardown (#34577, @ixdy)
  • Fix panic in NodeController caused by receiving DeletedFinalStateUnknown object from the cache. (#34694, @gmarek)
  • azure: add PrimaryAvailabilitySet to config, only use nodes in that set in the loadbalancer pool (#34526, @colemickens)
  • Fix leaking ingress resources in federated ingress e2e test. (#34652, @quinton-hoole)
  • pvc.Spec.Resources.Requests min and max can be enforced with a LimitRange of type "PersistentVolumeClaim" in the namespace (#30145, @markturansky)
  • Federated DaemonSet controller. Supports all the API that regular DaemonSet has. (#34319, @mwielgus)
  • New federation deployment mechanism now allows non-GCP clusters. (#34620, @madhusudancs) * Writes the federation kubeconfig to the local kubeconfig file.
  • Update the series and the README to reflect the change. (#30374, @mbruzek)
  • Replica set conditions API (#33905, @kargakis)
  • etcd3: avoid unnecessary decoding in etcd3 client (#34435, @wojtek-t)
  • Test x509 intermediates correctly (#34524, @liggitt)
  • Add cifs-utils to the hyperkube image. (#34416, @colemickens)
  • etcd3: use PrevKV to remove additional get (#34246, @hongchaodeng)
  • Fix image setup (#34468, @mtaufen)


Documentation & Examples


binary sha256 hash
kubernetes.tar.gz 86bfcfffaa210ddf18983ff066470ef9c06ee00449b2238043e2777aac2c906d

Changelog since v1.4.0-alpha.3

Experimental Features

Action Required

  • kube-apiserver learned the '--anonymous-auth' flag, which defaults to true. When enabled, requests to the secure port that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of 'system:anonymous' and a group of 'system:unauthenticated'. (#32386, @liggitt)
    • Authenticated users are decorated with a 'system:authenticated' group.
    • NOTE: anonymous access is enabled by default. If you rely on authentication alone to authorize access, change to use an authorization mode other than AlwaysAllow, or or set '--anonymous-auth=false'.
  • The NamespaceExists and NamespaceAutoProvision admission controllers have been removed. (#31250, @derekwaynecarr)
    • All cluster operators should use NamespaceLifecycle.
  • Federation binaries and their corresponding docker images - federation-apiserver and federation-controller-manager are now folded in to the hyperkube binary. If you were using one of these binaries or docker images, please switch to using the hyperkube version. Please refer to the federation manifests - federation/manifests/federation-apiserver.yaml and federation/manifests/federation-controller-manager-deployment.yaml for examples. (#29929, @madhusudancs)

Other notable changes

  • The kube-apiserver --service-account-key-file option can be specified multiple times, or can point to a file containing multiple keys, to enable rotation of signing keys. (#34029, @liggitt)
  • The apiserver now uses addresses reported by the kubelet in the Node object's status for apiserver->kubelet communications, rather than the name of the Node object. The address type used defaults to InternalIP, ExternalIP, and LegacyHostIP address types, in that order. (#33718, @justinsb)
  • Federated deployment controller that supports the same api as the regular kubernetes deployment controller. (#34109, @mwielgus)
  • Match GroupVersionKind against specific version (#34010, @soltysh)
  • fix yaml decode issue (#34297, @AdoHe)
  • kubectl annotate now supports --dry-run (#34199, @asalkeld)
  • kubectl: Add external ip information to node when '-o wide' is used (#33552, @floreks)
  • Update GCI base image: (#34156, @adityakali) * Enabled VXLAN and IP_SET config options in kernel to support some networking tools (ebtools) * OpenSSL CVE fixes
  • ContainerVm/GCI image: try to use ifdown/ifup if available (#33595, @freehan)
  • Use manifest digest (as docker-pullable://) as ImageID when available (exposes a canonical, pullable image ID for containers). (#33014, @DirectXMan12)
  • Add kubelet awareness to taint tolerant match caculator. (#26501, @resouer)
  • Fix nil pointer issue when getting metrics from volume mounter (#34251, @jingxu97)
  • Enforce Disk based pod eviction with GCI base image in Kubelet (#33520, @vishh)
  • Remove headers that are unnecessary for proxy target (#34076, @mbohlool)
  • Add missing argument to log message in federated ingress controller. (#34158, @quinton-hoole)
  • The kubelet --eviction-minimum-reclaim option can now take percentages as well as absolute values for resources quantities (#33392, @sjenning)
  • The implicit registration of Prometheus metrics for workqueue has been removed, and a plug-able interface was added. If you were using workqueue in your own binaries and want these metrics, add the following to your imports in the main package: "". (#33792, @caesarxuchao)
  • Add kubectl --node-port option for specifying the service nodeport (#33319, @juanvallejo)
  • To reduce memory usage to reasonable levels in smaller clusters, kube-apiserver now sets the deserialization cache size based on the target memory usage. (#34000, @wojtek-t)
  • use service accounts as clients for controllers (#33310, @deads2k)
  • Add a new option "--local" to the kubectl annotate (#34074, @asalkeld)
  • Add a new option "--local" to the kubectl label (#33990, @asalkeld)
  • Initialize podsWithAffinity to avoid scheduler panic (#33967, @xiang90)
  • Fix base image pinning during upgrades via cluster/gce/ (#33147, @vishh)
  • Remove the flannel experimental overlay (#33862, @luxas)
  • CRI: Remove the mount name and port name. (#33970, @yifan-gu)
  • Enable kubectl describe rs to work when apiserver does not support pods (#33794, @nikhiljindal)
  • Heal the namespaceless ingresses in federation e2e. (#33977, @quinton-hoole)
  • Fix issue in updating device path when volume is attached multiple times (#33796, @jingxu97)
  • ECDSA keys can now be used for signing and verifying service account tokens. (#33565, @liggitt)
  • OnlyLocal nodeports (#33587, @bprashanth)
  • Remove flannel because now everything here is upstreamed (#33860, @luxas)
  • Use patched golang1.7.1 for cross-builds targeting darwin (#33803, @ixdy)
  • Bump up addon kube-dns to v20 for graceful termination (#33774, @MrHohn)
  • Creating LoadBalancer Service with "None" ClusterIP is no longer possible (#33274, @nebril)
  • Increase timeout for federated ingress test. (#33610, @quinton-hoole)
  • Use UpdateStatus, not Update, to add LoadBalancerStatus to Federated Ingress. (#33605, @quinton-hoole)
  • add anytoken authenticator (#33378, @deads2k)
  • Fixes in HPA: consider only running pods; proper denominator in avg request calculations. (#33735, @jszczepkowski)
  • When CORS Handler is enabled, we now add a new HTTP header named "Access-Control-Expose-Headers" with a value of "Date". This allows the "Date" HTTP header to be accessed from XHR/JavaScript. (#33242, @dims)
  • promote contrib/mesos to incubator (#33658, @deads2k)
  • MinReadySeconds / AvailableReplicas for ReplicaSets (#32771, @kargakis)
  • Kubectl drain will now drain finished Pods (#31763, @fraenkel)
  • Adds the -deployment option to e2e.go, adds the ability to run e2e.go using a kops deployment. (#33518, @zmerlynn)
  • Tune down initialDelaySeconds for readinessProbe. (#33146, @MrHohn)
  • kube-proxy: Add a lower-bound for conntrack (128k default) (#33051, @thockin)
  • add SERVICE_CLUSTER_IP_RANGE as option (#32921, @aanm)
  • Default HTTP2 on, post fixes from #29001 (#32231, @timothysc)
  • Split dns healthcheck into two different urls (#32406, @MrHohn)
  • Remove kubectl namespace command (#33275, @maciaszczykm)
  • Automatic generation of man pages (#33277, @mkumatag)
  • Fixes memory/goroutine leak in Federation Service controller. (#33359, @shashidharatd)
  • Switch k8s on GCE to use GCI by default (#33353, @vishh)
  • Move HighWaterMark to the top of the struct in order to fix arm, second time (#33376, @luxas)
  • Fix race condition in setting node statusUpdateNeeded flag (#32807, @jingxu97)
  • Fix the DOCKER_OPTS appending bug. (#33163, @DjangoPeng)
  • Send recycle events from pod to pv. (#27714, @jsafrane)
  • Add port forwarding for rkt with kvm stage1 (#32126, @jjlakis)
  • The value of the versioned.Event object (returned by watch APIs) in the Swagger 1.2 schemas has been updated from *versioned.Event which was not expected by many client tools. The new value is consistent with other structs returned by the API. (#33007, @smarterclayton)
  • Remove cpu limits for dns pod to avoid CPU starvation (#33227, @vishh)
  • Allow secure access to apiserver from Admission Controllers (#31491, @dims)
  • Resolves x509 verification issue with masters dialing nodes when started with --kubelet-certificate-authority (#33141, @liggitt)
  • Fix possible panic in PodAffinityChecker (#33086, @ivan4th)
  • Upgrading Container-VM base image for k8s on GCE. Brief changelog as follows: (#32738, @Amey-D)
    • - Fixed performance regression in veth device driver
    • - Docker and related binaries are statically linked
    • - Fixed the issue of systemd being oom-killable
  • Move HighWaterMark to the top of the struct in order to fix arm (#33117, @luxas)
  • kubenet: SyncHostports for both running and ready to run pods. (#31388, @yifan-gu)
  • Limit the number of names per image reported in the node status (#32914, @yujuhong)
  • Support Quobyte as StorageClass (#31434, @johscheuer)
  • Use a patched go1.7.1 for building linux/arm (#32517, @luxas)
  • Add line break after events in kubectl describe (#31463, @fabianofranz)
  • Specific error message on failed rolling update issued by older kubectl against 1.4 master (#32751, @caesarxuchao)
  • Make the informer library available for the go client library. (#32718, @mikedanese)
  • Added --log-facility flag to enhance dnsmasq logging (#32422, @MrHohn)
  • Set Dashboard UI to final 1.4 version (#32666, @bryk)
  • Fix audit_test regex for iso8601 timestamps (#32593, @johnbieren)
  • Docker digest validation is too strict (#32627, @smarterclayton)
  • Bumped Heapster to v1.2.0. (#32649, @piosz)
  • add local subject access review API (#32407, @deads2k)
  • make --runtime-config=api/all=true|false work (#32582, @jlowdermilk)
  • Added new kubelet flags --cni-bin-dir and --cni-conf-dir to specify where CNI files are located. (#32151, @bboreham)
    • Fixed CNI configuration on GCI platform when using CNI.
  • Move to kubernetes/release repo (#32444, @david-mcmahon)
  • vendor: update client package (#31564, @ericchiang)
  • Fixed an issue that caused a credential error when deploying federation control plane onto a GKE cluster. (#31747, @madhusudancs)
  • Error if a contextName is provided but not found in the kubeconfig. (#31767, @asalkeld)
  • Use a Deployment for kube-dns (#32018, @MrHohn)
  • Support graceful termination in kube-dns (#31894, @MrHohn)
  • When prompting for passwords, don't echo to the terminal (#31586, @brendandburns)
  • add group prefix matching for kubectl usage (#32140, @deads2k)
  • Stick to 2.2.1 etcd (#32404, @caesarxuchao)
  • Fix a bug in kubelet hostport logic which flushes KUBE-MARK-MASQ iptables chain (#32413, @freehan)
  • Make sure finalizers prevent deletion on storage that supports graceful deletion (#32351, @caesarxuchao)
  • AWS: Change default networking for kube-up to kubenet (#32239, @zmerlynn)
  • Use etcd 2.3.7 (#32359, @wojtek-t)
  • Allow missing keys in jsonpath (#31714, @smarterclayton)
  • Changes 'kubectl rollout status' to wait until all updated replicas are available before finishing. (#31499, @areed)
  • add selfsubjectaccessreview API (#31271, @deads2k)
  • Add kubectl describe cmd support for vSphere volume (#31045, @abrarshivani)
  • Enable kubelet eviction whenever inodes free is < 5% on GCE (#31545, @vishh)
  • Use federated namespace instead of the bootstrap cluster's namespace in Ingress e2e tests. (#32105, @madhusudancs)
  • Move StorageClass to a storage group (#31886, @deads2k)
  • Some components like kube-dns and kube-proxy could fail to load the service account token when started within a pod. Properly handle empty configurations to try loading the service account config. (#31947, @smarterclayton)
  • Removed comments in json config when using kubectl edit with -o json (#31685, @jellonek)
  • fixes invalid null selector issue in sysdig example yaml (#31393, @baldwinSPC)
  • Rescheduler which ensures that critical pods are always scheduled enabled by default in GCE. (#31974, @piosz)
  • retry oauth token fetch in gce cloudprovider (#32021, @mikedanese)
  • Deprecate the old cbr0 and flannel networking modes (#31197, @freehan)
  • AWS: fix volume device assignment race condition (#31090, @justinsb)
  • The certificates API group has been renamed to (#31887, @liggitt)
  • Increase Dashboard UI version to v1.4.0-beta2 (#31518, @bryk)
  • Fixed incomplete kubectl bash completion. (#31333, @xingzhou)
  • Added liveness probe to Heapster service. (#31878, @mksalawa)
  • Adding clusters to the list of valid resources printed by kubectl help (#31719, @nikhiljindal)
  • Kubernetes server components using kubeconfig files no longer default to http://localhost:8080. Administrators must specify a server value in their kubeconfig files. (#30808, @smarterclayton)
  • Update influxdb to 0.12 (#31519, @piosz)
  • Include security options in the container created event (#31557, @timstclair)
  • Federation can now be deployed using the federation/deploy/ script. This script does not depend on any of the development environment shell library/scripts. This is an alternative to the current scripts. Both the scripts are going to co-exist in this release, but the scripts might be removed in a future release in favor of federation/deploy/ script. (#30744, @madhusudancs)
  • Add get/delete cluster, delete context to kubectl config (#29821, @alexbrand)
  • rkt: Force rkt fetch to fetch from remote to conform the image pull policy. (#31378, @yifan-gu)
  • Allow services which use same port, different protocol to use the same nodePort for both (#30253, @AdoHe)
  • Handle overlapping deployments gracefully (#30730, @janetkuo)
  • Remove environment variables and internal Kubernetes Docker labels from cAdvisor Prometheus metric labels. (#31064, @grobie)
    • Old behavior:
      • environment variables explicitly whitelisted via --docker-env-metadata-whitelist were exported as container_env_*=*. Default is zero so by default non were exported
      • all docker labels were exported as container_label_*=*
    • New behavior:
      • Only container_name, pod_name, namespace, id, image, and name labels are exposed
      • no environment variables will be exposed ever via /metrics, even if whitelisted
  • Filter duplicate network packets in promiscuous bridge mode (with ebtables) (#28717, @freehan)
  • Refactor to simplify the hard-traveled path of the KubeletConfiguration object (#29216, @mtaufen)
  • Fix overflow issue in controller-manager rate limiter (#31396, @foxish)

Please see the Releases Page for older releases.

Release notes of older releases can be found in: