Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
13 contributors

Users who have contributed to this file

@k8s-release-robot @k8s-ci-robot @xmudrii @ialidzhikov @mysunshine92 @songxiao-wang87 @serathius @saschagrunert @pacoxu @oscr @lojies @smarterclayton
4071 lines (3250 sloc) 454 KB

v1.22.17

Downloads for v1.22.17

Source Code

filename sha512 hash
kubernetes.tar.gz d8b65c72717b3a50e99df27a05ee940f61ba138d9b5d0175cbf1dba4e035f3dea71a187e1e18127da52f5bd68bd4d8574d27848339adc8bce770586997a1c116
kubernetes-src.tar.gz a7c1026e3866af548d88a113356fa0ba986868dde58e31d490df1224ed3841aa66f43dc74e66e26ca396427ac7f3601524604c060a9dff9c608f782ef4eb76c9

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz d5362f67b1e3730b00ced11be8ac5415d6a0ca7ea4211422530f71e28a2d944fd7fc76949c3fbf0babb72dce4f13be8c383acb20b2b96f63cf3c4442e0b8ec44
kubernetes-client-darwin-arm64.tar.gz e61b4344fc0d5a1e819f38bf1d9eea955639f56e628d0751e1fdd8acb8207c4e4988678105d24c77f728c33b5653608df74dd90420b7429b44fbccb98704652f
kubernetes-client-linux-386.tar.gz 2322b479a502a25711e80515dbbb8d521a789f19b29737bfe62258cb9506d350d0bdc5c62c221645ba9d7d02a30048f7b5c591635a75febcb0aff5e241f3b48d
kubernetes-client-linux-amd64.tar.gz fe9fb234653435f75f2de968914b64a1096eceb5014c45d4d1a678b781f3c00aa40420a7421f156daee50350a2b6f91e55a913854bea08d0d0f2c9e3788fe325
kubernetes-client-linux-arm.tar.gz 4019152acad48747cafd28ad22f14bcf2913c41f8becf0588de9543cdab73dd0cedef9033fb87ceea3d595ac5afeeeb969b78c5e6c4bb3cac545893f83ef1376
kubernetes-client-linux-arm64.tar.gz 01ee050d537b5e6867fdec635b874e45d5c250ed9d05174024dc4d8bb785173001b2f28fbb0534094a57c0a2bc2f2090040ef1419316963691dc69bbe82c8c37
kubernetes-client-linux-ppc64le.tar.gz 5a3380ab3f0d0e44c59c8669fefe569e6d08b1c00a51d8239d69546ffb38e00c94465320c09f0507cf3adf011c46c6350dc9eee26bccccae6f7f8a7791e12083
kubernetes-client-linux-s390x.tar.gz c03d4930d36798a50bbe33fd2109f57584396e6b46546dd2cef82d88828faf69e72ac4e2b0f3d40340f9ec725f3bfeac82741f256c1c39972e688e8fcffa1c3c
kubernetes-client-windows-386.tar.gz 28870e32ea7fd030647d60c4936d52d429d0d369e83ab5355fef86d5c2aa1cdec6e44c7f5ffacd432fb9ef55ef270f990b8962d29346866d74ac2b8cd3d82bb4
kubernetes-client-windows-amd64.tar.gz 5351c8cdf7359b2d49d99e38d5744403deb87556c3b6128ce59d0f4fe73240c857bc20173ca5f76b9a6cea7efa448b7c068369d81c6c23cb49bb6a9088db7698

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 4e096621db788c7d2532ecb8ea4979c0bd6eb2fbfd6ddf2aef95077e789a0bb1f4a4568450c0a60b69a3161efdf87862ad71b9073893c6b6ecf980a0f1c2b6f4
kubernetes-server-linux-arm.tar.gz 4c6cc83227111d99522b26a13668caee77d9b76eb248e0f237dabb82fdc0949fe8b04e77f5e35b814d1d51f5b20c65c2a2bba9308680125d38b595486aeeb059
kubernetes-server-linux-arm64.tar.gz 98b40b19bf7bb87a3a3248356dc28b1151de6ae31c360519a9e204ae4343430f2a188cc7f7a214e1e252807d9f66d783faf170e2b91720eee9abe68dcff14cb4
kubernetes-server-linux-ppc64le.tar.gz ba2bf755b1e39d5a249c4ba4bdf03852874a11f9c19fcbeb850815f2312e480575acf3e2f545a500773d36a67e9e4537b55b437a383a3a62eb35cb2403ee74d9
kubernetes-server-linux-s390x.tar.gz bfcc5f01d6d6ad59c66601b5f8773b18c5843fcc8609c065098970d8c3a8dc1d28dac4b43d36ff6f81d7183026b6bc5415ffbb6c7565a6fc5c89423d6a754cfb

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 1e3db1b374a7d7584d23190f64f41717a383ae531a67b7081b685fc9f4d081741374589b632643e7ef88b3ba2850f388b9e7dda0cee1ed8a4f8581d75905a89b
kubernetes-node-linux-arm.tar.gz 82aa4bb80fb3c256704d110d805cb147b1d865c96de02573aa322a1a6916fc1aa2d39f2a24471e4b796a15052af504cb882d0531f53b460f9a8bdfa736f58f34
kubernetes-node-linux-arm64.tar.gz 70598d30bc49fb4cd8eff770de49a44d8791fea120888c8c75bf619c48f818fc04241da997c116aacb4a9c31533d222b8dbc0232956061ba059b09b3b744d9ab
kubernetes-node-linux-ppc64le.tar.gz adab216af32481639479935b45eeb6eede154803eed760c87ad0b72aa2a5c94c1a782c9d37efedbd069bebfa86c8bfc27849e6c8084ac9eeae5dd54f6a2f464c
kubernetes-node-linux-s390x.tar.gz 7bfcda9951de49b521a0bb70a69edd641ba535c486a8b60f005bcb3e9a5b3bdb8ba4527b0a8d0e25f26f22be9add1607eace548479df3934167ed1b3f6af05e4
kubernetes-node-windows-amd64.tar.gz bcbbfd96249745c84a491fafc9daac0cce0d62b7d9962e93509416683e51c461dee27133ff3dea8e39ead1e178bebc038a76082ed7274cde6e948c320dbde15d

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
registry.k8s.io/conformance:v1.22.17 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.22.17 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.22.17 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.22.17 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.22.17 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.22.16

Changes by Kind

Feature

  • Kubeadm: use the image registry registry.k8s.io instead of k8s.gcr.io for new clusters. During upgrade, migrate users to registry.k8s.io if they were using the default of k8s.gcr.io. (#113388, @neolit123) [SIG Cluster Lifecycle]

Bug or Regression

  • Fix endpoint reconciler not being able to delete the apiserver lease on shutdown (#114154, @aojea) [SIG API Machinery]

Other (Cleanup or Flake)

  • Kubelet now defaults to pulling the pause image from registry.k8s.io (#114339, @liggitt) [SIG Node]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.22.16

Downloads for v1.22.16

Source Code

filename sha512 hash
kubernetes.tar.gz 547fd0f9a4301a34e22088c845c03bee479fe562fa4078ead544cd76672fb9c25102c39ac2c8c1deb59bc41fd3f04b46b0c11e422e34fe9789e5fa2340a43062
kubernetes-src.tar.gz d78ef6f84b101dcbc5064673d5da1d23130f0d76c35d4a5c91977a15d290e3ae93d98e9c7d18d5136716638eb1e51e13a2ddcc832ad406d7d6f40d8f1e439ee7

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz a04b511ed93a47f62a0f2446d15a97bf606433b81aaf755013940f824e38261727af27b15e5e47be921a9808eab9a0bd322f44f99cacf0c7f920f33a1175db88
kubernetes-client-darwin-arm64.tar.gz 122cf1e66207e8f7a14bd7798fef0e0ba119a8f9bdeecef7f3b89dcefe90e576687353b48521e5da5509903efc3a0e34b0d3c6d1a358f38988ee407b39fe547f
kubernetes-client-linux-386.tar.gz c46218da6bf11199156d1180ef6ef06884004df892a4dfc1c5600801f1bb3ea05e23167b48cbfa93ca75e3caf7c220e7efeb37c0e43d1c2503e0975afdf05421
kubernetes-client-linux-amd64.tar.gz 3db1b4bdfacbf7b3929deac4afe6bf2cb8ae1fbc82c8bf090e8b9e03624754b1e5094a0c62c53f9d26f129b0be105c586be22b1719a35773006a160663db259e
kubernetes-client-linux-arm.tar.gz e506e6b48567ec31254f4f8e425cc2fb369898bfb538651aef6ba7103ec4ef4854705d94929315b7c01a1a00e5dc4a21959088d245da970dcd16da74fcc4f6da
kubernetes-client-linux-arm64.tar.gz f07bfb799a91cda03749b85c1aa48e09c7ed43322602b32ae0f8bf8af35b37caab6dfd798c655d8cf33d078a97e68010a75f4905754ed0749eee7ed06e1eeeff
kubernetes-client-linux-ppc64le.tar.gz 81210234de687d9b5bb3bced57b104dbc3d4e3dd5d044b66ee8c1beb039ad31e30d982adafee645e9cef77a6386514f339bd4d5f0edec3d7cac4d9a8ac824343
kubernetes-client-linux-s390x.tar.gz 5e74b8b53bab7d9bbdbb59fffbaa2b69b71e1a64da3ce52bd968a9be03b9e7b55300a9b7b7846e23f5797fab934d91932689d5e361f938cd4271ece6de42d9e2
kubernetes-client-windows-386.tar.gz 5cc204be26b95c61d7606bc53f42ed8d9035c6ea30a154fbd6f8a2ae2dec05bf3880fa4f235c020f80028e25d53b3610409814b9189d38455af72e6dcbc39049
kubernetes-client-windows-amd64.tar.gz 50a9262336dfe60904f2034d0de2a381435cd8b1010017fb95deb903431a64ed63ffb0c946e3ab7ed372bffd455874fcfd648cf6834b09617ce469a10684767b

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 7c718fc6e0a7c39313279e13fb32a090bba88cb7556e3f584da49a44708d0b4da39b92d025f270268266e22ed8ed5547a3a68ca30b3cb4f7079b3e0b1931b4f0
kubernetes-server-linux-arm.tar.gz 40ae53a81f5cdfe173588803ae6f515dc32141602137abae849f55596f888bd5c93f444287dfafb32ae9608321531fd6aaaef7508cd5e2c95217488e7af3b391
kubernetes-server-linux-arm64.tar.gz 12ecf65d132342cc0816e9c9b7a4c3c0307246fcded98846d6271080f5feb8a38df2f5242e80e448fc5806f3b99670fe4c46abc57143003615ecd2f3d1501aa4
kubernetes-server-linux-ppc64le.tar.gz b430f7a770631da1213be3f4d374bc54327d607bce7671304037e51f8378293786e288796dc46ba4cdede2ba431f217efdc93f068ac734b1c96f6f37092456e7
kubernetes-server-linux-s390x.tar.gz 06e51e090faaa190cb50cb4e2490e31ab9dc6992964f46a2c3c0ee05da3e8198389152b0268099764b20127fe8031afaead9dbf9b82be2b1cfb0fd9243d53073

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 275c5b4e545de89162e918384ae984de494d8d902be85f42560d8456822b7ea23a02a9b1e5c291470426bf18a16087f8110a45a248539b995a5f09c25ba951be
kubernetes-node-linux-arm.tar.gz 91d2b3804d81029fee44b393312793ad6796271f74cb74414930be046b8904cdbd532343fe5ee422528cbb01a5ec11dce6613977fd51a22405028898d2513aab
kubernetes-node-linux-arm64.tar.gz 76d9b02a13cb5bd5c12517c441db7b5413568f74f745e93d8b32ae43fe9026f707fcee7826714b61d269e20985b6f7eafd1b5bc9f0accf18018ed95f675ecb9f
kubernetes-node-linux-ppc64le.tar.gz fba787d3db2696c18747b8d959bfa9023e1ee81e972fffd8f9b21e8003af48fb2ac3ba94fe52e19126b06ee6e0af500ecf13b9cc15ffebe5f91a075843634b41
kubernetes-node-linux-s390x.tar.gz 730012efc6b115451478a35cfcf0ef0e717e849259be87b5277b96cc3513a338a51e37a91e485e217eb9839b2e3bfce4c5421eb63eed8260268300bcbf8d72cc
kubernetes-node-windows-amd64.tar.gz 862ec1966eedb5f5cd4307ef16c8a84983be2b5141c753ab9e8ab96aac4c0fba1fe48def71104917ce6402c46c0a3622e7663a25a854d78312419855ed646563

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.22.16 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.22.16 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.22.16 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.22.16 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.22.16 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.22.15

Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2022-3162: Unauthorized read of Custom Resources

A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read.

Affected Versions:

  • kube-apiserver v1.25.0 - v1.25.3
  • kube-apiserver v1.24.0 - v1.24.7
  • kube-apiserver v1.23.0 - v1.23.13
  • kube-apiserver v1.22.0 - v1.22.15
  • kube-apiserver <= v1.21.?

Fixed Versions:

  • kube-apiserver v1.25.4
  • kube-apiserver v1.24.8
  • kube-apiserver v1.23.14
  • kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit

CVSS Rating: Medium (6.5) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-3294: Node address isn't always verified when proxying

A security issue was discovered in Kubernetes where users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can to modify Node objects and send requests proxying through them.

Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to be redirected to the API Server through its private network.

The merged fix enforces validation against the proxying address for a Node. In some cases, the fix can break clients that depend on the nodes/proxy subresource, specifically if a kubelet advertises a localhost or link-local address to the Kubernetes control plane. Configuring an egress proxy for egress to the cluster network can also mitigate this vulnerability.

Affected Versions:

  • kube-apiserver v1.25.0 - v1.25.3
  • kube-apiserver v1.24.0 - v1.24.7
  • kube-apiserver v1.23.0 - v1.23.13
  • kube-apiserver v1.22.0 - v1.22.15
  • kube-apiserver <= v1.21.?

Fixed Versions:

  • kube-apiserver v1.25.4
  • kube-apiserver v1.24.8
  • kube-apiserver v1.23.14
  • kube-apiserver v1.22.16

This vulnerability was reported by Yuval Avrahami of Palo Alto Networks

CVSS Rating: Medium (6.6) CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.22.15

Downloads for v1.22.15

Source Code

filename sha512 hash
kubernetes.tar.gz 6a3a4f5eae41cd830203dc3289f5067e53fdf6ce8a529d52be2aca464fc8d9f795af4cb0d87556ab4c2a373e849599ab6cd25e61c7914d151b92df14aabe3d7d
kubernetes-src.tar.gz e8977cc35063b8ce65db06392a0f7b92b852cb61edf4e1d440a175f591ad357b3e4ce227e6386f31cc13b88bec05fb7d5bc7457280126f50121416c4c095bbc0

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 6420e48445e3a79ce7b7e6b9c47dd983903c4ee65087993ab10e8ef40a0325c5e67c00b29540fc79aaf6156799852307dce3add03797a7db32724e9bb93d06ff
kubernetes-client-darwin-arm64.tar.gz a73515e5073b81d8d8593ee9056114f4f39bca1db559d3733fbf7a2b0e0d9a16c3af24e34b0d6f1fd291dbb17f038530b9ae72d76534563ec5a61d631b20529c
kubernetes-client-linux-386.tar.gz a72ad54fa5cc44ba9ec1b3f8fdd68f72e27a56f712b693357aaafd1079951485472d7e9d7d160074b0f8fc7b3da818fcabcfe5299f0fb8bfd22f958b6d2dd5ee
kubernetes-client-linux-amd64.tar.gz 05d4ab2f1c7b20c224f2a0a4c3546c72f28ef776f7b109cc178be0de0e3101cbccb377527f7f846fc6d8787dd6438e601fd9501c5f07fd0c10780302a7e915a0
kubernetes-client-linux-arm.tar.gz f148addfa830226e2358c7ae8c892a4aea2b285958a9a74f0344c94c6dc57be6856f71bbbe01a93b836803fb4bf7db6a7c7aedb2ab74356e4835fd95b390b4c8
kubernetes-client-linux-arm64.tar.gz 92d7ce5e9145abf113374f7830d68d2a0488358e9e137ae0e162581860609b7d3122ffdb8e706ac672f183e5634b0bf7b9e9440001b567e8619609bdc1f91738
kubernetes-client-linux-ppc64le.tar.gz 486b509634281cd5febf4f34ca564f47d371a9517246c773c96589aacc9621090fcb3653c379a584d35407c4aefef7f454b15cc28373eb2307ef1eb988683d38
kubernetes-client-linux-s390x.tar.gz 7b3b26c8fcafb13e73da265a7e688fb1a9c71ddb8c5e32927a66fcdf98fd5049d8354475379c2028538ee29e03035541a2870c97150728b555a7abc8c524bf7a
kubernetes-client-windows-386.tar.gz b208ab2ccc38b700d3355d7a4c057773f653ff9ec9d6bd7a7c89e9f5f673d5f767492b5f4b95f977062ed6c3e642cdce42e816c266c14ab96f2ea06c408c8ebf
kubernetes-client-windows-amd64.tar.gz cfbd18ee524f5d2c11b7efd0d70c25acc2f0def9b4149c22f0dd48970dddb8f9c6e91d2af67535d253b5220f4b1165b1ebf4d7610b38c2ce368b84785ca1f9aa

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz dfbe7e9d527e14ada7125fa2df6788fe44c6cd4aa21421e3c3685cc36be16591355b805384ee5fca81fc9118f52314b5ff657b4404870a3857fa750d4093babe
kubernetes-server-linux-arm.tar.gz f5c4a4088edbcde2990538856d363858bcbaa02ebb488a3203d54fc807553b62e093879fad5553bbbda5c1e636f8afc2f8cbc80004f9553a3ebbf9428266957b
kubernetes-server-linux-arm64.tar.gz 0c71296b76c9131a9b0ceafd69fbae87cdf9bf8aef783be1a72b23739d572675187557e16d660c559083a3aba0197731b20069f33889eb89f1f67d23b8cd281f
kubernetes-server-linux-ppc64le.tar.gz 2b879caf59864842f29d07cccea2250b58d609b35a658ebf902d40d8df61d68dc7654516c119d4d2badd06a08d7cb111123e056bfc378ffd3b7b1e014a408de7
kubernetes-server-linux-s390x.tar.gz 4cffe0c678a6c18ba107f710ce7ee4b671e96dc4aa55d35947a45f944bfd21b7732ebffeb1208c92095b2d0a4808c59d9cbc9273f95fc386c178337bd1238b01

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 951ad79c87dff146526d706ac4230926cf020718b25556b1be12de825b04dfbd196b0895989b75df1eaec6e5d52bc86c6a87836997fa2ee748ca753a469f71c7
kubernetes-node-linux-arm.tar.gz fbe71d64d76f4d1aef0b808b067d798fb5fef33f636664b856daad51ebaa856ee5b846bed9bf4021710b4237141ee19bad1f889a4445d2f4eb35e2be4555521e
kubernetes-node-linux-arm64.tar.gz 6cbb57603d54a8a6403b37158042ca6c9e14c3696e6fb966180af8d157ca8a995816d46b81aac2dc752768c47efaa4dd8fb62ef8665940baa2077ee60674bf56
kubernetes-node-linux-ppc64le.tar.gz a7766abdec34ca80e86b0ad13726a9fd2a701675db5a7ed94f927880c69590d22e981382a9e68eaaf486a16f8fa5f0189e2ce2063de4a8e70327cab60ff074a1
kubernetes-node-linux-s390x.tar.gz 4fec6468c45bace299ce8d967409cc8cee74fbbc072695eac4730dcc499edc76795ee4498ec2a91791c452ed9f3bed6efe31516467f5e61a9ab3f95f3f0a0f5b
kubernetes-node-windows-amd64.tar.gz 0caa7cd3207ed1b1f64d50d2f7e432e4ab98ae095078266d72275cadc4522e5f6eaebab445f60c9f74d07c4d54de36cc0aa8fefc2191ea0f1d78fd4479d7633a

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.22.15 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.22.15 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.22.15 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.22.15 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.22.15 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.22.14

Changes by Kind

Bug or Regression

  • Kube-apiserver: gzip compression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. (#112401, @shyamjvs) [SIG API Machinery]
  • Kube-apiserver: resolved a regression that treated 304 Not Modified responses from aggregated API servers as internal errors (#112530, @liggitt) [SIG API Machinery]
  • Kubeadm: allow RSA and ECDSA format keys in preflight check (#112537, @SataQiu) [SIG Cluster Lifecycle]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.22.14

Downloads for v1.22.14

Source Code

filename sha512 hash
kubernetes.tar.gz 6dfd9a0a66d437fc83b62c71255c771370d8d0b8459b8d01b259a27dded3607577a47e3e597d6db126ad971d64271b93fd1725fb60754055bc8690dcd956dd33
kubernetes-src.tar.gz f70e11e17991ecf3899e8524db22f165155e76cf01e969f4b4c0be0784dbd1317dface47d26975cf65b609e2d94b2693ca97e053660524d9e34b0c9e0f0cfc71

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 72d14697c7f54ea211fe3aabb353094622e75f9889eeb69e11f67727dfe98d19323fe4f65087dd89033e82b2980f394239f1ef8a630fa7ed06d7386f02f87665
kubernetes-client-darwin-arm64.tar.gz 54beaaa9c9e5eca730ed3b8aa5802b469924f0dfb8aafc5182f485aa86c1d64c08dc8330506f2b793242e0c8babd4ade63752379b86e87c5dcff20831e9142f9
kubernetes-client-linux-386.tar.gz 4d1fa56a6d4cfc1ea484176f904d81d6b685303be252d2a3fa6fd2fb3377d00b6bc1d5cbc7e1e552bc8c89992f12dfcd57fe3bc7332670a94871f75ca7d98adf
kubernetes-client-linux-amd64.tar.gz 5c4edacc9d586d8bc5ab5013de2ec74c4d003f341a1b72c90399506cc09a17b2ca243eba98e6aaad8ecfdfbb0336cf20fcfe905ec52fcb5a9e382e5c77771318
kubernetes-client-linux-arm.tar.gz 14e5208eeb4ada72c4cfd36544224c7ed6e033b5881445abadf7a6d2f19120bcbd7b30f1ceaee8f35f65d7c4daca4320301532e7a01541897b4326ba855c725c
kubernetes-client-linux-arm64.tar.gz b0d8771f2ef7897dd16d23ef1991ab49dd487b7502679c8f655304ed5021fcd7441f539bd1607022589dae898ab14bfa801c875928b69fd5de9c25302d929f19
kubernetes-client-linux-ppc64le.tar.gz 8704c66239ee1a4166aeeb408d3c0bed551c85d9394d9abe5dd5bbbb4cd59df2a8f3ded1998e0cbc06a1f41ebb7318038c254c03b2a5872674099a2b63411a01
kubernetes-client-linux-s390x.tar.gz fd79453718acef98cd8ec4b229321fa61b300a08b40939ea5328feaabb18894a26359744f2e68dd90b2181c159f467fd8422ff052a559ae9b46177fa25f29d62
kubernetes-client-windows-386.tar.gz 8b8cb8d416a147e436e9e34867bba39b78e0d543f42079c298d585a02b57b2f59b978a51c1a8cbc5223d7e18bc0514baff5bf88d242b441a7b8722b32a9f55a7
kubernetes-client-windows-amd64.tar.gz 397a074ca01ea863bd229edb1d4b76868d44ef09b4f7ed9a38de0e2592021fede7c6005ff0920dd83ebf7c6aebe9c130b3e4bbec62f984f5505ebfb410b5d886

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz ca18d9ac217381e6988e9a556919b470da755ceeeed7a2b90e02d4d6fa2ccc1d4884a67b5d4955052abe404f0d688f702acce24eba09470ad1ab940f639dced0
kubernetes-server-linux-arm.tar.gz 711d441474a0fb212082e1b8d8dd4685076a5d619054bb0fd758c35a082717759de81e5e051849f7c34e390dab7b7c630ad15c638260544638ae4e90d97a7825
kubernetes-server-linux-arm64.tar.gz 37328016e4888954e68324b5f95d8775bba597c321c6e0aac0cb8e873d3471f1dcd1bfd4ab6bf98db39dd0942ee95959e21990c218b59db219425e7f50b46bcd
kubernetes-server-linux-ppc64le.tar.gz 2347004f2fd7327a2e6af66d7a8f6f8278494c01c05cfe6cfbb1a8dc1f362203eafd5085d126d6eb1b5ede14a7a31c1c092902aaeab88d4f99b1c9e80efc0ae8
kubernetes-server-linux-s390x.tar.gz 191e3f9ef289e5ddc990bdd9def0d09b93fdcd7434b0cab927daf1c95c6fa289c9bce658e21bb9dea6ecda7a23f255f8fa76299052601d9792a305f864e5d5d0

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 92fec25d4fc656fe659ca0363dec0eb470d8545be68851bb0862e9591a3b26f7b2de9038551380523bd7a74d3ac0a13675f086f8dd4109bab8af868621adbe90
kubernetes-node-linux-arm.tar.gz bf903a20a909cfc15f3cca1d3be713cb621a6ef3d575cddd1f86c3103093644c8bfde478ba5d1c62dd9b2bc85d69a17b5c8abf64cb676110212968dc75c94be4
kubernetes-node-linux-arm64.tar.gz fa90fd8c9bc6ee0aebf56aef72349c6d9791c1b232b7e5714be31b49e5d4919a3b3467fd4783759130911261842e8fc61ac30084fb29ba72c72fb37b9b7bb511
kubernetes-node-linux-ppc64le.tar.gz aa58594b3a71d55128e2a0df50d24c493a0a3f7acd380652ea2dcae4813dc26df4d5c9a048289bb5880135017fe3755e46d4a179a23bc33ac006652f8e1a7e25
kubernetes-node-linux-s390x.tar.gz 44365e3670ca7f7f7cd55989e8b9d145e5780e2f5123432a8d126e7dce48c88b17b3b146a7075ee629add3e86b3587946698f4f7df1e021d907078380ebf71d4
kubernetes-node-windows-amd64.tar.gz 3f63e0bf706bf74e561dc34f22a098cada8cbc7672d24ac8c3359a29fc0fb4cd51f5be1d372366ac99aed05e8653db03a09e6522c3b2b1b0c1b8d6912866d0a7

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.22.14 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.22.14 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.22.14 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.22.14 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.22.14 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.22.13

Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties.

There is no mitigation from this issue. Cluster admins should take care to secure aggregated API servers and should not grant access to mutate APIServices to untrusted parties.

Affected Versions:

  • kube-apiserver v1.25.0
  • kube-apiserver v1.24.0 - v1.24.4
  • kube-apiserver v1.23.0 - v1.23.10
  • kube-apiserver v1.22.0 - v1.22.14
  • kube-apiserver <= v1.21.?

Fixed Versions:

  • kube-apiserver v1.25.1
  • kube-apiserver v1.24.5
  • kube-apiserver v1.23.11
  • kube-apiserver v1.22.14

This vulnerability was reported by Nicolas Joly & Weinong Wang from Microsoft

CVSS Rating: Medium (5.1) CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

CVE-2021-25749: runAsNonRoot logic bypass for Windows containers

A security issue was discovered in Kubernetes that could allow Windows workloads to run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true .

This issue has been rated low and assigned CVE-2021-25749

Am I vulnerable?

All Kubernetes clusters with following versions, running Windows workloads with runAsNonRoot are impacted

Affected Versions

  • kubelet v1.20 - v1.21
  • kubelet v1.22.0 - v1.22.13
  • kubelet v1.23.0 - v1.23.10
  • kubelet v1.24.0 - v1.24.4

How do I mitigate this vulnerability?

There are no known mitigations to this vulnerability.

Fixed Versions

  • kubelet v1.22.14
  • kubelet v1.23.11
  • kubelet v1.24.5
  • kubelet v1.25.0

To upgrade, refer to this documentation For core Kubernetes: https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster

Detection

Kubernetes Audit logs may indicate if the user name was misspelled to bypass the restriction placed on which user is a pod allowed to run as.

If you find evidence that this vulnerability has been exploited, please contact security@kubernetes.io

Additional Details

See the GitHub issue for more details: #112192

Acknowledgements

This vulnerability was reported and fixed by Mark Rosetti (@marosset)

CVSS Rating: Low (3.4) CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Changes by Kind

Bug or Regression

  • Fix an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectl while exec auth was in use. (#112339, @enj) [SIG API Machinery and Auth]
  • Fix problem in updating VolumeAttached in node status (#112302, @xing-yang) [SIG Apps]
  • Kube-apiserver: redirect responses are no longer returned from backends by default. Set --aggregator-reject-forwarding-redirect=false to continue forwarding redirect responses. (#112359, @enj) [SIG API Machinery]
  • UserName check for 'ContainerAdministrator' is now case-insensitive if runAsNonRoot is set to true on Windows. (#112213, @PushkarJ) [SIG Node, Testing and Windows]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.22.13

Downloads for v1.22.13

Source Code

filename sha512 hash
kubernetes.tar.gz 0b07e98ecd2b34cc5740260eb2927855a3b1b78a63c1a66a9021750972a7c993653ae09f3eca91d2ebe86343039fba2c4562fefe6b09046e8568657335f6b7ec
kubernetes-src.tar.gz edfcffc87d833d301cbd6ade5d7c7bbc376f175402d91cd17447e965e05c0e069b26515a778781577002c110f58f0e2d61bfd585c26208ca96df51183763693a

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 2b093bf15b7e3d1ea9e0d28a21035505b7544acff69541cd2b7cf76c0c952d00b58e923f8567c3a877ab177c376656269ffbbe95834b3d1e50e032ffdffa385d
kubernetes-client-darwin-arm64.tar.gz ba25d383a68ad8559e1538b402c51f7238f6a5ecf9198030eba5cac29bf10dfe92a256c32abe3996c9a5bcec25ab19338ab3d8bf0ab84ac9fdbaecefdadad50e
kubernetes-client-linux-386.tar.gz 8989891e5dea9e555707c29dd6c8eb73d7f3584ca7bc54ccb355d76347bd158f0f0821a5be107e4bdc663cd6cd6698fd6e481d9a823a4fa4b9ebc21daaf2f077
kubernetes-client-linux-amd64.tar.gz 7ac910c8cbd831070004245e0da7ee4189311d589591ac2d41e8d359a99812ac415c6e302fad39ae647ea96ff4d29a8bd6c1818f701f1d094da9871119dcd721
kubernetes-client-linux-arm.tar.gz 12866b436fed0d17938227d1eb815c12e81357755694d61a792e547a36c4ab78a53470d38316ce4129bf3852d160970d0fdc50a1b624a02aa16c4f417700b02b
kubernetes-client-linux-arm64.tar.gz 5e50041b848072a83659c9449eab6ef6ff9f7477fe5dc633141c8ac7d6ea08cc082b07d54d5ba0af47c8ef62d82edbca8945a865469635c3a629cabf89815be3
kubernetes-client-linux-ppc64le.tar.gz 4f10a0304444168c76b1afab966063eb4c45bac53dcc344ae7712afb96f75fa681661fd1d404e9fe744a6ac1844e78af9fa1b605f21b72010aedf478d545f9f3
kubernetes-client-linux-s390x.tar.gz bb92b45ec283d698b418495f1f5262ad60245f859438f717541f0e1993acb992b70de98e1e1f70f255d77dd66070dcf423456f984638d9284f955ea44c7337a7
kubernetes-client-windows-386.tar.gz d4d10621e34e60cd66721728e86c14efd0e6b9154e3a59e758cd809848ffac3e8e4251fda61a32bc16b505d036a2585900e6c4fefc939184b4bf62067b7b922f
kubernetes-client-windows-amd64.tar.gz ef57c968c5a441f8bde35de318a2f3acd27d2bfe210e9f6a0369b51e37fc7536beff1a22db7fb67a881b3f128377643686263c58849ec6ccec67e61ac16353cf

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 3eeb383530f4c6a56f5131f8cd2426c74cd61e792b8e2ae42bad67338eb0083cbaa0678e40b2386d220421e88ee0eb502728f6932859b5aadf5d2e221f5cda79
kubernetes-server-linux-arm.tar.gz e15ea5acdc7f24f29f571b0836e88ffb6a333e470eb804404f407ed86115b3794973a2f4d993966182cbe42e82ab0569e8a20eefdc0736150532e956e72440d9
kubernetes-server-linux-arm64.tar.gz 5ba0552f4941e7ffaee46539822733aac3146e8022fe69037dc92e0edce6e514b965557cbcec99bd49cea229fcec17d7b2e0b0ad8cd1c9bef85be423f675b608
kubernetes-server-linux-ppc64le.tar.gz 11b4b0a675ade677d0ec5ca2de17accfd7d0ef9a9e0454e05eb04755a6c870051213af3fecaa5abbe44f0aa478c1df8d3aa026796a562451d51b33ebaa5aeb54
kubernetes-server-linux-s390x.tar.gz efa39fcc19276d17c13eb9a3bf8e89667273192cf842874c42063305116899d6253ed46f9317883cd7e6426ffd5f7c4dea105123d2101578d64e397df203554d

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 54876a99968f2a4aa3cda34e3f65e92e6179712cce2fabbcffb5e454260f1c7f684629cd0321f0b7c1326005b739e6ec0e261ea875f96bbbe33c0ca2aac9b81b
kubernetes-node-linux-arm.tar.gz ed32d888bf44747905b1e2dc19e1d4a4672451288354969534ae3ca7fc79acac3fb1b533875b88732803f9e1c1fc6c3c25f8b8f556d3ca63693b40515c7f7f84
kubernetes-node-linux-arm64.tar.gz faf39bf806205a2c8879c4087413ce8ec827e929043dd6cf11431cdd9e056e992cb7d677a08a0a35b6a81439187c580b5cd592834eb9ab41de5dd16af158bfe8
kubernetes-node-linux-ppc64le.tar.gz 02b6eabf505b035f67b3bfe31d035b4c418484d49aa4641f5f746e6750f252f1062a1a224fcdfc3c16973e65f8473b04240dd6b8a2ef6ac4329fce230333b533
kubernetes-node-linux-s390x.tar.gz 42fd111904334792a8bb673eb4d50f5d08ebd16d7b216d165b99580a82b7758cddee5ed97b1955713ffc6f45067c13af7831c2b30b163fbb395e5c1a3f8877d7
kubernetes-node-windows-amd64.tar.gz f3a161245ceca7e4b07e255ce4e554988e81842173b8b5b95f9a0bdb334d384f8cf615ace5432d1a6352433679654d138c774b601458cdc386e5405ad1086d76

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.22.13 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.22.13 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.22.13 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.22.13 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.22.13 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.22.12

Changes by Kind

Bug or Regression

  • Fix memory leak on kube-scheduler preemption (#111805, @amewayne) [SIG Scheduling]
  • If the parent directory of the file specified in the --audit-log-path argument does not exist, Kubernetes now creates it. (#111227, @vpnachev) [SIG Auth]
  • Reduce API server memory when many CRDs are loaded by sharing a single etcd3 client logger across all clients (#111650, @negz) [SIG API Machinery]
  • Updating kubelet permissions check for Windows nodes to see if process is elevated instead of checking if process owner is in Administrators group (#111078, @marosset) [SIG Node and Windows]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.22.12

Downloads for v1.22.12

Source Code

filename sha512 hash
kubernetes.tar.gz b4b0ec83ed11dff8045a7577de34a80b270e97915e10cda18d5744e07591f372ab2f3522efeb00b6cc38b64b0cb781b8f58fa9ec5391ed295916cc8e56d2b57d
kubernetes-src.tar.gz ff20e9d1ad3c418b96a354e8db785aea1a6804b8583d3541c40e78360ac0f074b13d56ac6ffe0c4c11f8fc7d59407c1f23daa8769a9b480adbe1f8d8bccfa5dd

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 9581e9e7979e3c96bf22acad8f4e033d669f790e0f9a80cb8bd4b7e5da7915efeb8b28f7bdebf9791d9cbeec0c25c9d29c31a671929181c3b403dd8f31b9be35
kubernetes-client-darwin-arm64.tar.gz 79bc566a63e4cbc962be15f22265bcf224639635fa8ac5cfffdbdca12a263d563d8d479eaf9d364eb2cbbc382d4ec9646d7c056649858495097b70fc870f3c8f
kubernetes-client-linux-386.tar.gz 1a5387c8c8f9c59c67cccd5850647d273fc48b8c958d5d3e8fd8374fff192f5efeda897f7f0e140d6f698e69f63d62b889fa20a0071c43d9242d5fe9f5fa7d89
kubernetes-client-linux-amd64.tar.gz d6a5970e5d0f6bdb68e62f05497ae0b719fa324920d58bf1a8c0e4bbc5524f5eb496a01e7c0d80fcee3d301586ad1e5aeca7c89452e6b4ef5646f023f95414ae
kubernetes-client-linux-arm.tar.gz e978825821b49fc68430b8877eac53a68f85fe4e5671b8b7b4f56dd669d74b272e3e80132b2a777005c5623d0b862a44574727057b886af5fa1ee936fc4aad49
kubernetes-client-linux-arm64.tar.gz 99ba8fe186fe3ea8e1430fa87a40aabe6701d2c11841dfa8f965764348a1bc83e4d413ca83c96b624be4628044ea8fc490b62478b0f23773ba66a754517741e6
kubernetes-client-linux-ppc64le.tar.gz 9c2fa3a042c6c7fdb3fe59563dae14629d21da73b71363ea93ab97408efb4db3ec86af3df90bc3abecf8cef2ee921b854cbe4d19ff50a4efe8342a193964dce4
kubernetes-client-linux-s390x.tar.gz caf4e1778806f51b98e35e6ac275c1521678164ee3ff76f36073303de7b216a48f8c407d601a2b716a0cc1fa286a9f1ed1f0f6e30eea96d37fb6f3f64c7e7cad
kubernetes-client-windows-386.tar.gz 617460d52e0d6b5a70c0fb0b9a2ef76361e2205cc6e53ce98625dacb9e10ad51496b89114f5f0375b87a5ff567164c75a9019fb5f1b722861bad03dc6e89ecc7
kubernetes-client-windows-amd64.tar.gz 41c2723a7a5713ea8be2630ade5769dd0161ba77a90efe5bd34d1c7eb371f3e3df7bf729f53ecbab4a477077eab6e6187393a7f14c2ff506a2acde2e27850033

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 995aa4fb2a972077d587a7607bf878e2b604664ec0ac465fb91bedfb5cceff3c3e02455e9cb9d6986836546770833ffe4d90782b68adee4d465fea14a3500840
kubernetes-server-linux-arm.tar.gz 2b66a7c4aa8295c96a8e28ac6b2f248f2532a845a58948bcbd750f6b44d6ecd71708f5d36d9b666fdfbbbc010e499902fce103b84722fbd5a9da6e09249f3f38
kubernetes-server-linux-arm64.tar.gz baa3b7973484c5d0f80a3893375cf947a5c22f0b0679643aafe33fa834e8a0c44e25804ed21387950e206f4b341ff31266e61bcb0c2f86898bfa8939a1bd1191
kubernetes-server-linux-ppc64le.tar.gz 66406a057856431827a481475b770524d483b92532c9a791e82c936ad5d1fa0fd17e057b0c67eceffd7a001a2027dc0442d5f34ebaf7a07a5badf35ca4981a35
kubernetes-server-linux-s390x.tar.gz cc02f82d73e58f5e69a8d8380f94e7fa17f8fc5620ecc2a7debed2dc1739a348516e833cba2c91050e00fc9db348869ced0f2b12616c7a6772f12b532c9b5c2b

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz f275edd97122bde93b67fa05682126fb6069560aaf7d7cbb438eb3e65277e5f7fcb98c335b20ce4c96851e3d90e5e0d47c271fb7c52d3358a12e3bee3acf9a69
kubernetes-node-linux-arm.tar.gz c41c2b15c02925fe4122996d9605e91184f157a8a4cf519c385739a43ca90ac3ccb27e2adcbf47cb2f4e60774f9e339e5f924e328612377c15aa2fcc3ddfedeb
kubernetes-node-linux-arm64.tar.gz 4291ff3f1ebb9ab8a2be9b4192a3d8d25076bf30c8f85883ab211f1d9538615d5766e33e5d7cbf18f1f52115d52fa01cf0194290fd8422bd3dc2793dd5334c2b
kubernetes-node-linux-ppc64le.tar.gz 1cc68c9b528ab6cf12059c856d4b665cfa9adb8a735aaae2199343ca562fd8c58fc86ff700914a2df547ca7d9f16cf1f5188767d5a9ca6b8850f532a45f28c1f
kubernetes-node-linux-s390x.tar.gz 304e8653516e99fc56c9651005dec759c06bedfde7f8cb034b6711d98a001f0083b631a6148975129faa3ab235d83381fcff4b5d7153cb83ca356f2b6ff98c71
kubernetes-node-windows-amd64.tar.gz 1b1bdcb6a59657f97bc6d1cb65d13e57c62e6ad54f0c0d4849d2a051d6e6203445bafff3e957ce287b9c308e00118fa02d5dfed4ed31c403dd89360870ee1d8e

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.22.12 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.22.12 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.22.12 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.22.12 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.22.12 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.22.11

Changes by Kind

Bug or Regression

  • Fix a bug that caused the wrong result length when using --chunk-size and --selector together (#110758, @Abirdcfly) [SIG API Machinery and Testing]
  • Fix bug that prevented the job controller from enforcing activeDeadlineSeconds when set (#110543, @harshanarayana) [SIG Apps]
  • Fix image pulling failure when IMDS is unavailable in kubelet startup (#110523, @andyzhangx) [SIG Cloud Provider]
  • Fix printing resources with int64 fields (#110603, @sanchezl) [SIG API Machinery]
  • Fixed a regression introduced in 1.22.4 where Azure load balancers were not kept up to date with the state of cluster nodes. In particular, nodes that are not in the ready state and are not newly created (i.e. not having the node.cloudprovider.kubernetes.io/uninitialized taint) now get removed from Azure load balancers. (#109933, @ricky-rav) [SIG Cloud Provider]
  • Fixed potential scheduler crash when scheduling with unsatisfied nodes in PodTopologySpread. (#110984, @kerthcet) [SIG Scheduling]
  • Kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join (#111024, @SataQiu) [SIG Cluster Lifecycle]
  • Reduced time taken to sync proxy rules on Windows kube-proxy with kernelspace mode (#110701, @daschott) [SIG Network and Windows]
  • Updated cAdvisor to v0.39.4 to pick up a kubelet fix where network metrics can be missing in some cases when used with containerd (#111014, @bobbypage) [SIG Node]

Dependencies

Added

Nothing has changed.

Changed

Removed

Nothing has changed.

v1.22.11

Downloads for v1.22.11

Source Code

filename sha512 hash
kubernetes.tar.gz b42a786b4bf0e91e73bf9433041a7f0d29777cd88af5519e67849d0dc438f3df9c8baa64ab586d0c4aa07487f2e039d1c62536f89562d8afc171a98e429e72c2
kubernetes-src.tar.gz fff2416c8df0977f70aca428edbb973320fb0f4974e38324b1854c205f21a2ce436cd296b31351c3f0a4b269b708b25ed414f0d3fac827a4d0ca00421bcff4b6

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 66907f96a16c21538066159ec1b8d938c7fabc8116fc3ca109c20832950a89deead2d3b0ce1ee4fe80554d27f85e644d6a26643b2e16e9d1a080dc78f719c9ae
kubernetes-client-darwin-arm64.tar.gz f99a08b1cdc708ee8dee75aa800faa3c9b68480606b9c2ec38865d35497b148a608f43fbdc5ddc5e9f7817285df3d3c5eb819a9d6782987744080dd696370610
kubernetes-client-linux-386.tar.gz 3ce8e7529ad6ff983263ff99c27dcf66f4cb07fada997184a1e6b3d13811eb2993a6c2a7ffb7479272d73fa7c4df5a0bc466ee36fe228be2b8d0ad0b41717f6d
kubernetes-client-linux-amd64.tar.gz 15dc6d366101f8ff549d8484cfdbaaaaa8b3f49615051628cb434e082f3e4b4f86d21a48627f3a362cb08fb63fad1eba96770cbd28de51a39928e2a44ff3a1d0
kubernetes-client-linux-arm.tar.gz ee3e217e012d2104c83169e2ae1f60eb674ceaf6e2876bb608af4b118a78f1deb3907786cfe2bece370fd8cc540e70cae70019260b136e51e0edef04e5b6063d
kubernetes-client-linux-arm64.tar.gz ffdb498ac6da4141ef8c28026560e866e3a42aba86336de3f75f3b010f8004df128dade579e2a41edd4ffd1d40001653ebf17ac4e0b26c58f1066f44cadb4a8d
kubernetes-client-linux-ppc64le.tar.gz 99be3a78601b32c499173b6d5e135b9fa884a1a9758e5b81f2ceed946e6c3286b592111951596d870f95b045e9cec5700cab934845bda46b5dadffcaae7f8569
kubernetes-client-linux-s390x.tar.gz 76fbe99ece483b78c84805560a9580eb2e6512f010e7918138ec532479038382457ed5f1b9a7563241f120d92ae9debebcd823ff7c5ef382ee87c3262b706a8f
kubernetes-client-windows-386.tar.gz f6b8058c16d9fc061c50169550c6b17b4e2766e065f4b61266b80977aba369fd57cf2fa07e27aea83cb191d3414081969d1d1a78bede0a6ae54446b474a4ebbb
kubernetes-client-windows-amd64.tar.gz acfc13812d30e306a079b1059eb531a465e38d94784d12972e5d6da7af78256c8a36c35eaa0fe20e2829aec8a88ace3471c9a33ddcf640c95bcc81ec02b6491b

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 29e88ebe13ad98c6e06095f56785b05a51042cdcc76c8d9c1385486ca8b88118bdcaa1b164eccdfe80280bf9c7dfccc3c3f99ccfcb62882e3b362957f75ddf09
kubernetes-server-linux-arm.tar.gz e18ed5e53e349519aef3777c436c90aa23042196f3ca26efe2ab332c2a6e85657133b084693ac9e3db821bdac8e4f0ab851da7cf14aa1714df0f1f2682c27c4c
kubernetes-server-linux-arm64.tar.gz fe3904796ce753c0248764d4dc7ddd2623c278c6b3f320831ae1a3f6cbbc482e1c61ce7a10c0a97d42a09232922632c8b9619a61beaee9dc6c4a47bbb70c7343
kubernetes-server-linux-ppc64le.tar.gz e9fb6fe4289b90f5821940a39e9e9c114114027f6c2306d6d91815ca5435c4d30e92717e2f110bdf031c3e56895520ff46656b5880617716d6831e6be9e964c9
kubernetes-server-linux-s390x.tar.gz b4a0178db48efd807d07647fe097b2251ff9be8b22fb2837bcadc428d1c1d02bf2d0f63485e77bc08817f080f2de3749622bb53595a15ff6627607ec5be305c0

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz f818924497ebd7dcb19e821511b73d3b427e34afe7ae5810f91e32ee8fc8e1ce14415c83134b06afb6b60d5c0aa67b0eaa362c4f3c221bec1e9a608334366caf
kubernetes-node-linux-arm.tar.gz 06b66b6c4910178dc2dd439f662fd1a65db2c14e6559f3ee467b82df9993c034c4ee28dd9042af9b5df36759b62f9b533a67acc92dc32a46801fa1bbcf22789c
kubernetes-node-linux-arm64.tar.gz 10c6ad28e9da2a18e566659566a14512f78890c0486a0c6ba364054d566abb78fedba40c111dd4a8200b8607418d10dfba736919fcb7600a030d2b910c3f3755
kubernetes-node-linux-ppc64le.tar.gz 0ca32f18a74662256b3626935ef4fca02e497f8100c90dfd02f435abb0bf7a09e9867b26b320f1b05185fbbfd1f3bee682bb16c3ce023f37023f3b73d582ecf8
kubernetes-node-linux-s390x.tar.gz 9f307d5868dae0675cf8fa0928ed32110062e3971d013be47b5a1fb47d91aff2daa0e6a2d9746ee04ee5d3369836ce292d7588cd7ea1c7f927df0490815156e4
kubernetes-node-windows-amd64.tar.gz c4e41c25fdb82fdfb849a27149454b3c510b39e043c80553b3063ae71df3185313eee3dfc732480f56a9b38f6350dd70c050f50bdc64c9dd7aa1b5b9d21980c8

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.22.11 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.22.11 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.22.11 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.22.11 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.22.11 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.22.10

Changes by Kind

Bug or Regression

  • Bug Fix: Kube-proxy dropped endpointSlice's local endpoints when upgrading from 1.20 to 1.22 (#110245, @xh4n3) [SIG Network]
  • EndpointSlices marked for deletion are now ignored during reconciliation. (#110482, @aryan9600) [SIG Apps and Network]
  • Fixed a kubelet issue that could result in invalid pod status updates to be sent to the api-server where pods would be reported in a terminal phase but also report a ready condition of true in some cases. (#110481, @bobbypage) [SIG Node and Testing]
  • Pods will now post their readiness during termination. (#110418, @aojea) [SIG Network, Node and Testing]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.22.10

Downloads for v1.22.10

Source Code

filename sha512 hash
kubernetes.tar.gz fab77b29470a0bfa5828303908b50b0fd2fc389b9797649dbe06db796952cc02f473ffdd87172d395469174bf9c7c6c633ed841709069a19f4664eac6cf3294d
kubernetes-src.tar.gz b48022f9e5dd35e06a21800b47b3abc552b9157e141b835bbb1512584fba41693a8f6b52dc3d9561e685575addf5ec42068d91329dbdf9a5b5d64fe67ab2b7ae

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 589c8148ba08fde805b602b0a574e12e07e87c9b7dfbc526467a98b33b8a21968ef93e0bcf9cccdeaa93fd8b19e4eb2ae3884aa49047b5381f700bb6b15d3b55
kubernetes-client-darwin-arm64.tar.gz be4f5f28f2aee1cd4745aedafd83946595053c1f6207b7c19c8d13852351c2e0ca4fab9416bf11683188916a1825c13539b7a6cbfa3ea2ed5bc7d0d3755d8eab
kubernetes-client-linux-386.tar.gz f5041802b89cec8fca1e4213c8eaedc7fc38d66e0360037b9c1ffc89a58fc15cb4da929b743cc03233c8b4595ee1bf372c9c0bf8c4b339e531c12112f3bbf180
kubernetes-client-linux-amd64.tar.gz 9b68e1bf4c8d63f5675c8973f165d317c3291cbd796ab853e4c7b0dfa1f335a5892c20eade6033fd5de50085adef86caafbcbed049e2534e82c2acea9cac867f
kubernetes-client-linux-arm.tar.gz 0fe0431f5ac435cd78a43fe020388262b3f4f50d2cd8c8f913aee4a50d9089b4434be67e2d0a1845f2dd01aea380567a75405e41842b40d0f191f5ad89f962a2
kubernetes-client-linux-arm64.tar.gz ad6605b0388251ba958c61b3e644a89e604491703c1502a5d572844d33591e16d0049ad763a7154f2b3228f3f3bd475bd32084e4a0f8a157149660906eaae22e
kubernetes-client-linux-ppc64le.tar.gz d9a0caf5707c26422cdbc42e8097a8825a2b411f4a105a402bc476121a3e66441a04bb3d1264cdc5ffa18ec2856ca09ed851ceaf5aacd8e78fd44e3e7b8bc3a7
kubernetes-client-linux-s390x.tar.gz dcc13c793e8fe10d8fff1cc6ad5b6194cbb228169bb8cc6387f7f8605c63e6ba8b146d402c6bd1b68e3deb5a9b83741c0e3b4f3c65d0d1e1b31eaa58da761998
kubernetes-client-windows-386.tar.gz 577b242fb9314e5c84bc9418e7abf262b4b3fa9b5dd286b81602ce455ea23eda2db27e30a676c8276c6611c3deccd7f0518ecbc56c36c2031e1be1e8bf3c840d
kubernetes-client-windows-amd64.tar.gz 06419412e15c7afa466937fe836f95561cbc3bab89cc9699ed4c037121851cba4f5e5b11aeab462afd3761ed82e3a2aba07e5caafd20b788865b23efd4e6c5ae

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 86faa6ef37236dc961018a598a75fe699ac6a07651e41f7dabda6e8d11104c7bd32e0f3f1b2d1a9f75588c8fe558899c1e2b1745a19bb656573ee884e6a0faa6
kubernetes-server-linux-arm.tar.gz 66e51460a69d6572846ed0ed25f221fcd165f5593c490b8107bba93aab9c6e580161167b9b0c059d27f3610faf0051fabcd5b7d4640da1440bdb60385df7b5ef
kubernetes-server-linux-arm64.tar.gz 39b6b2b90279235951e7be4728ddac3569be93086b6f2c1e74c7f02aeebf98387a7d5af31fdffb8d68f6ff52f2040ec13c944c8299a5eb75684d1a2fef52f6d4
kubernetes-server-linux-ppc64le.tar.gz ba44f9209a099ec302b104b1d6021ce4ff747f53a09477ce5b34a1ada571b585edaf342bc9f159d9e5904624e9d1a194f6c9c23985fb58eb3c7cc38eeafa8c7c
kubernetes-server-linux-s390x.tar.gz 0515db620033f55a4d65f654f6e824e3f415ca248c24e54e0b0a6588524e3839f265f55fb5b848778feb684eaad52697f371501b3e3a3e022c2f9b687f4853ec

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz fa1cc7bc396eb800a70e6834fc6aa59c8f3b33b37ef4b88441e7ee1f4f77a000eff87a04d34cf2747a4fb355d893b72a2fb9f7449d82b94b09da28cf495b6fa1
kubernetes-node-linux-arm.tar.gz a1ce477a7d885fa8c7c90dd1b529e881d9cbf6bdb2e4c02b1aa5ee0af6b3b07d10e6b73309314dc3002b88f4ac2042547d8d4eaef4c6c9cb6b4792eb2011b69e
kubernetes-node-linux-arm64.tar.gz ee68a51b90d84c5e57f971ca6afc6f4de098db5b47cbd7c831d475124f3970a28b95f212cd7d6067c2ddb1c81986e9b9ddf8dc63e9c9d6409afbdaa7ae3e6097
kubernetes-node-linux-ppc64le.tar.gz 361568e3ab5f9279032da0c711fad6c949d345c52a323335f6c32c2d3821704f4f3d8123831e8d024d63abd4aaece446131ec8d449701913385359b47ca7303a
kubernetes-node-linux-s390x.tar.gz 902e424b44502661f4f2335ef78dc0510bc87d31b8cc75fa649441c522979a79fcd79cf1a943ddad09356ee3fd8aed6465d2998d9138eaa818e4192d752ef5dd
kubernetes-node-windows-amd64.tar.gz 2df50d891696a174902e118818c4d8faef22a66d29e687fea2f92a60b107bb8b7fff08204629f5a2b2d45c225a5891c6ac414fc2595752eb269c9d42f6488958

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.22.10 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.22.10 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.22.10 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.22.10 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.22.10 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.22.9

Changes by Kind

Bug or Regression

  • Correct event registration for multiple scheduler plugins; this fixes a potential significant delay in re-queueing unschedulable pods. (#109447, @ahg-g) [SIG Scheduling and Testing]
  • Existing InTree AzureFile PVs which don't have a secret namespace defined will now work properly after enabling CSI migration - the namespace will be obtained from ClaimRef. (#108000, @RomanBednar) [SIG Cloud Provider and Storage]
  • Failure to start a container cannot accidentally result in the pod being considered "Succeeded" in the presence of deletion. (#108883, @rphillips) [SIG Node]
  • Kubeadm: add the flag "--experimental-initial-corrupt-check" to etcd static Pod manifests to ensure etcd member data consistency (#109076, @neolit123) [SIG Cluster Lifecycle]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.22.9

Downloads for v1.22.9

Source Code

filename sha512 hash
kubernetes.tar.gz ab31fff979368d57f1883855ea4952649505ab0299bc9261f4f5b3785d41ff57eeffc15cbcaabfcf39865b6e83c729253c667eafa25628b452123e506f087281
kubernetes-src.tar.gz 8d7ae2f774484ab0d3fc26278ca3a28fd079af618cfd541c4fd157dcbf993f8842cf4b73c3c685c79239dd1dfa14c1a728bb5ea81519fc619078d864fba8ac11

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 2ba341f52668bca6b667e42266025a3b7f4276dea4b3c144efcce6de120578286ee45445530e2b7de61b2accfaa48f779b83b111da7f3deb146fdcf03f3227c6
kubernetes-client-darwin-arm64.tar.gz ede339128cbabbe2273f12a0f173b2514dc62d3d3339a1fa2eb0bac984f430028abda4115ac8f78db41f42c7a00cd38db2e8b1c82cb9ad7dcdd937d07be54039
kubernetes-client-linux-386.tar.gz 64127fee7079180ac415fcbe23deb9fde1cea0055ce43abbd479a0779cd74f8121087c3ff6b3db6c5836e121491c52cd4bed4ea82a5364f755cc4078a810cbc2
kubernetes-client-linux-amd64.tar.gz 2544416e66afbeb53a2f7f575f83eecd23fbe4548400eb422c58ee1f3bfc32a9064fe22d008248b6c3fbc55f70abead7816e442462038ca820eb82018d07e7ea
kubernetes-client-linux-arm.tar.gz a1bfbcc98462eba527e85b9f816225fce463c134d06ccd7a354d296fe292bc00b62a4079e52b1022683de76b4dc9054c2c5ba64b6b23921a0fa59c9adf0bf884
kubernetes-client-linux-arm64.tar.gz fd20d89d20df39409b075ef8f6038c74c5f46df4b0f53c711d9177c76d17f55726f51f00b485aec199ed818cee6ffd2cc3eba8fef2e039d450eb9fc42d1456c7
kubernetes-client-linux-ppc64le.tar.gz 88954b55e1980c1b5936e1fdc7bbe2d7cf4e82760e67f640377c2c0a966e15a1d1b180a3d2b977767d181120d58fe6d790a2364600900cfe0b9b1a66d5635a1d
kubernetes-client-linux-s390x.tar.gz bf5675009822774d6a06e1885ed027b5f3397a2b2671c5e9ea936ff722ee20557ab2adbfa2904a6385a4d686b63b0e07a24edde62e1bc1f5f16afafc02a267ea
kubernetes-client-windows-386.tar.gz 9f8e320e5e1ed94f6fef5126f64dc49783fa2ad327d019d1ccf4ed2531f7c69efc471fe0619d473ef74e7ff18ca87d719172b61b68089493930a47d69ae2545a
kubernetes-client-windows-amd64.tar.gz 10771d3c669d5d309c71ac921d5b911a01cd355105dbbd36180b9b7fc62e305b0323acd67f7b33989edbeea0a84489b3cc82e79ca5d3eaa5fb24602bce1c6af6

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz aad98275b9ec4613c9b639604209634d676c4a851f249d92e997f46222122d75d60e8dcad62a09f0c1949fc9cd087fda23dcf5620062cf4be3cda56cb802a98e
kubernetes-server-linux-arm.tar.gz 3a5185d483fccdecdbcb7d266ae2f0a5aff5ac4373728a14bf95428b9fa0f8b8c2fc8eea949d959a2b2a745253d76cc656a326989e70ed97facc37150f61f926
kubernetes-server-linux-arm64.tar.gz 9b5b1ae9b4cdb2feb2e74eb68efb4e4e7b5bd966c4d41dcd7df030b19c35759b10a6ccb605de3a08b560c7c2263a7e9e81cbe4cde85f238295c1cca3b3685b81
kubernetes-server-linux-ppc64le.tar.gz 3fa4ddbb72b3a30fc9275e6d3b2121d65235c38c93f6fe0de70b827965388ed30bd54ec9326d0ccc3d6e0c0d8c8bdca6470c3810fc565502ebe207b4cc7f9837
kubernetes-server-linux-s390x.tar.gz 36f13bb2c472dba2867034f22709afe919482ea971076fd97aca0515f5aca997bdcd0ed1a45fc2e72604a6c9d075a6bd71037a9a8dcdf754d25b0fc23a269cd0

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz e01588164e79d68a1643ed64de058b5d21499079e336b92d20963856290483be23deb084d10a97711c0b5eb88805504d2134a34289f46cd21bcdcbe2473c90ba
kubernetes-node-linux-arm.tar.gz 4212affd47dc9dc21f0096a37306c2170127eca17b0740b5a7c474aff22f7668a8159a7c0873c0f57bc458d858457acb6ebb29278e67237f2948e168f4504fb6
kubernetes-node-linux-arm64.tar.gz 1e598ea35b3a2316621628fe82853c6486f06030f1d16ed7df4a09186bf0f2293b48a54c2169d5f665d449e19d4d3594e029de71eed6590334e944e5bc86ea39
kubernetes-node-linux-ppc64le.tar.gz c447b1afcd73da49cabd76b1a23da6e2400413887c036e4a504765eeed4d0d0907ac11bec79b5a72c8d491923c08f10bbbd5217782a057a432867addb2714029
kubernetes-node-linux-s390x.tar.gz 6a12c10d851c017fcdb43b9d72e06f6757a79bb71addd432530718260e4c889dde9a3fc56be047a15584f927a5875fa0b8799d4d4dc911fbd282efb8779c5a72
kubernetes-node-windows-amd64.tar.gz 4c59b3d4382779197060f0ffa3317179739c94b6a80023165cdc8310a7a444cc130f08ea45c92e147e8d7e5562618eabfe3ac75f41d193d52f0192d3d090039e

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.22.9 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.22.9 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.22.9 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.22.9 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.22.9 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.22.8

Changes by Kind

Bug or Regression

  • Fixed a regression that could incorrectly reject pods with OutOfCpu errors if they were rapidly scheduled after other pods were reported as complete in the API. The Kubelet now waits to report the phase of a pod as terminal in the API until all running containers are guaranteed to have stopped and no new containers can be started. Short-lived pods may take slightly longer (~1s) to report Succeeded or Failed after this change. (#108749, @bobbypage) [SIG Apps, Node and Testing]
  • Fixes error handling in a kubectl method used in downstream packages. (#108520, @heybronson) [SIG CLI]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.22.8

Downloads for v1.22.8

Source Code

filename sha512 hash
kubernetes.tar.gz 957dbdf1b82a2a01e55f6dc79495f9676159c597d640b1c389fc836ba1c997adb11dece73e1a92e6372c6affa9fd1766505bef39a49bb4dd415d009414172d58
kubernetes-src.tar.gz 1d38716aaed1aec5818e3fa64d41675e292e73b70b4eb1841ce153ca89cbf698cf220655512a02387027f0cd4096a5b47a9fdc734075e68d1121addc22fa5e3a

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz ceeba2e914eccd2db775f18555ed848c188d4901eedc44f53353e59f91805acba20953eb77af7dd536706c7fff72fcc21a50169ea18f8646a8597073fd289f3e
kubernetes-client-darwin-arm64.tar.gz 82ec72468363cdf96097e7cab7461b0e38bb8378e862b3d058c1a20be59a0a5ea4230a1ffe60aefc0df290d7b70582a523a3e389c25e0638f6a282e30f622045
kubernetes-client-linux-386.tar.gz c92f04e782e57b7034f096c43650172c0e115bb690e062331197ee68e2ab9fe8d61e0b9986e172ad23a78891ec4588dc26b0afc663f85c3df252790614477bbe
kubernetes-client-linux-amd64.tar.gz b6bc8155d4d2ff5cdacbfd3e4de99054b58a208625766ad94f68ba077850413311fddf4cf3c443c2ca605831941efddce88e6bbcabf18a8e220d252cccf99388
kubernetes-client-linux-arm.tar.gz 1834103e4606d742993668b2c10069651c09a234d206fcff2ea0fc81830c378465b82770c44684af7903031e685c8c1c07b9c4f7b5d0a3cc7040fba6c33b5c7b
kubernetes-client-linux-arm64.tar.gz b137b2ca02b03b6744f5a0be81ed41c00ea3d5722a78cca751d724314ede6c9c47171c6a529a5c8e939f5e6af068954cfa6afb72ee3f2b9acdcc9f0467726a96
kubernetes-client-linux-ppc64le.tar.gz c20abe08693caa388da7275c2ccdcd51c77d96ccaf48769ed19235d086ca69b56045013be9c86b9ab81a674d475b2db7497b7c938700cfd0ae521eecc90d612c
kubernetes-client-linux-s390x.tar.gz 14f8a2b067d0cc98da66a55b19843b8555c067ea908883e72a21ae3be1585a081738b2373f36f585da6d428bef4b3649bb941e6e4dabfa727a01a85ad57bb790
kubernetes-client-windows-386.tar.gz 01d46ebe7964b4a908c9b3e4eec47fcc215d2cdb735a9b34e3be251ce1f44d12cb9564f2f0882724aba162732d1f225dc07090573a310d7f378732cf8b5fe044
kubernetes-client-windows-amd64.tar.gz d49e6ebaa834849cd4e25e01e867662e3031f76316a9651bda1fc40a87a27990378bb135b95f2c6f8484aa91c052ad132751dc4a3eab61bcfc86fa6f363e74f0

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz fabaffb159262677ef2f5da0ff735e811a8bf5972f40243a6b0b7ca68f00ed7d73e9a102bb15bc14c85c9e42d79382c0125cf994172061df36ffcfa529ba380a
kubernetes-server-linux-arm.tar.gz b07db17ff4f9f877a19b5e06ccd605af1f903ce65cd52ede562fee97e6b747039f3812520189eb78b5680b821fb799d2092b21ed7f4daa5868a23e9466428647
kubernetes-server-linux-arm64.tar.gz d61736dd80a98916d79753aa55cd4347d9babdd50d33ab7245136233ec464396e68852640d0e575fc1e07eb2508a881382d597f2faee17b0565cc8f445a12926
kubernetes-server-linux-ppc64le.tar.gz a68e2416d123c769b5c09d661853d5b8a9ff11ea4f1b734af9a38130f1128960e8c0dc5c59217300d7173d5d0dd999466c73dd5d9b38d1c304a02c9214cc8305
kubernetes-server-linux-s390x.tar.gz fa48eb8823f46de57fd4218020eb8f2b2e3da65c921217bf34120b8e30317b1ead53a8016ba27203752f75bc5dddb88c55afdefb2d1d03dab13758cf401d4e97

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 1fc553e4da803536153a1a8bbcd4099f95d3d3032b780547158b0a0f7635305bd80155c1e2b5345642f116a06c08b5cc2088dbb402787df8bb705c1a8cf3a0eb
kubernetes-node-linux-arm.tar.gz 736f49dd113f19caf7305c521dd70aa8eb537d773a5b6d1b607691c90384ef6e6915e724a0b1c51fc540c6712ea4a61c1074988dffa372555e9d536ea6cc8de9
kubernetes-node-linux-arm64.tar.gz a8e8c55a29a3c16a022faafb04422787c62c719cc7724f4ba9ef09f3cc1b91ad1d15a6d3cb215d307969399242a15c53b9fac408965d2f48403a91d13761e15f
kubernetes-node-linux-ppc64le.tar.gz 574f8a9093b1bbb19cd0d05ceed436006ee6bc85785a4c8477bd08201cc028b45d59de4c6aa783bd8048e9c84309fb240c379a423ea42c57d90173ba2a08903f
kubernetes-node-linux-s390x.tar.gz d09564e87bb846972e334746b5c203143864d54172b1a2d0109a6b9645104388976b4ecf8b59da20f76964ec84cc5d3e115b62af7e5e4157de2c82581f9a3630
kubernetes-node-windows-amd64.tar.gz c57f192addefd10e3d0594c3b913e86ce6df8e887b1460c062c1b097c4abeb99711ca69f5a1a1a02c4da97ea30e6b622ba74fc1a0d26d41bb8167c7057774e22

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.22.8 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.22.8 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.22.8 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.22.8 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.22.8 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.22.7

Changes by Kind

API Change

  • Fixes a regression in v1beta1 PodDisruptionBudget handling of "strategic merge patch"-type API requests for the selector field. Prior to 1.21, these requests would merge matchLabels content and replace matchExpressions content. In 1.21, patch requests touching the selector field started replacing the entire selector. This is consistent with server-side apply and the v1 PodDisruptionBudget behavior, but should not have been changed for v1beta1. (#108141, @liggitt) [SIG Auth and Testing]

Feature

  • Kubernetes is now built with Golang 1.16.15 (#108564, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]

Bug or Regression

  • Bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client to v0.0.30, fixing goroutine leaks in kube-apiserver. (#108439, @andrewsykim) [SIG API Machinery, Auth and Cloud Provider]
  • Fix static pod restarts in cases where the container is not present. (#108189, @rphillips) [SIG Node]
  • Fixes a bug where a partial EndpointSlice update could cause node name information to be dropped from endpoints that were not updated. (#108202, @robscott) [SIG Network]
  • Fixes a regression in the kubelet restarting static pods. (#108303, @rphillips) [SIG Node and Testing]
  • Increase Azure ACR credential provider timeout (#108209, @andyzhangx) [SIG Cloud Provider]

Dependencies

Added

Nothing has changed.

Changed

  • sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.27 → v0.0.30

Removed

Nothing has changed.

v1.22.7

Downloads for v1.22.7

Source Code

filename sha512 hash
kubernetes.tar.gz a8e7f6c01aaadee896a695d332d845e33cfeea9d60026c8af9ed6f43ea7c2d29905bd5d931543c75e48d2e0308dab1df3251cab58b208197381d75def54d44c1
kubernetes-src.tar.gz 48da5df874c1aa23c3faa5d11caa077f2109b4d2bcccc3bcb9a2d8591383251fafe30937f20c518f8865a55096143255135ef648ccad599876fccd3390003032

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz df1dc7e50f9011cc58d6699559d05b4f2cd7f9857eecc8eb2ad9ff0bee7fde486e50da1dcccc2bb1382e6778a6ba1edcd2ff04fbf9aa3934cdd0a1b58f13c8e7
kubernetes-client-darwin-arm64.tar.gz 930e6f4300df1b04733ac4f732544cf1fd36c24744a377e46596952c3aef17373563df8ed07d4bb2360fc3662d174acae8ad38574010c5feabfc2ef9962b0677
kubernetes-client-linux-386.tar.gz 1297de2a1ead616cbd61289a670a68abaa6694d8cdb046caa0fcaad8ef24b7f233d9c38cd555b42832309d5c1268c2461d60739bdd8ce5f8d267979b625c2b29
kubernetes-client-linux-amd64.tar.gz 2dc02edc0f41306e0eae59b6a239aa493c30155eef3c5a29fba9ef1dec5ae678fc253f053d9352276320cd1365ed92ea16a009ddfe13391655df01a6f5eefb04
kubernetes-client-linux-arm.tar.gz dcc0e560e050f5f12d108a6db039296b2b680f8086522c0fa2f83c2031b61ae2e527fcfbeece174d2554477c71bd09556b68838377ad390849890a23c8d1ddde
kubernetes-client-linux-arm64.tar.gz b1b76c7e89ab35f00edca2495cb03a636552e4a2bc1e0ed092b6863890a11ad95cda437a34c8a544018010fe56b512713af0b620cc71019d2c5ea3b444bed28c
kubernetes-client-linux-ppc64le.tar.gz d8903c72bde1a971ac9c7ddee0e2da3d5f17ccd4bcef5ddc5f9e5110829dc01fa426ce662a5a300f0efc6ff38f022ba5761846de3182acb06d733d838c5bbb17
kubernetes-client-linux-s390x.tar.gz d881fdc22860467e4ac6b56308281d543359913ff632228bb7c27c850f2a549f74df1f7672d9b10ee2291d6660eef4809ee9420b8df0c1b192bef484a7c80e10
kubernetes-client-windows-386.tar.gz 91c234e99628c68f4aa05ff6cec86c5693225478179cf099590ecb684b9d396f5370d5ada619d360df30bb989ca743e44d86e73d43b06e4343f6cedd3f60f305
kubernetes-client-windows-amd64.tar.gz 58dc5c1d26ac453491c658ec8074c09d8283e8cff2c2f6635addfb60f73130e2b90109c7690ef00fbe0a42aeb806fd47509df5e199aea2019902e0ca1a64481a

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 42ab73ec62009f5289600383754f382571ac4a3abb44b9b1d1d2ad4a982f74cfe574d1da475ab3592997d9fbf4972c2d140d51b41cee59823257f4aa521b6da7
kubernetes-server-linux-arm.tar.gz 430d98db0660ee2242d32936b44e01709cbcfd6eda0015d1176ee463b7c5cee69826b79d51690c8ef327b60c416abd7fc2d1b92eb7ff730ffc6abf2bd67c523d
kubernetes-server-linux-arm64.tar.gz 6f75a645064f40984bc79a6a9104d7e70c901dc21aa91b0b632288712c06f4d418fdcf10a6564033275164c9f4f0368e73d748b265084db167cb844b46813a96
kubernetes-server-linux-ppc64le.tar.gz 2a6733a616b66288c09413bd00ccef96b9abd55a909e8342d64c5cbc826f3306fa360df06eb90d2c0498fd96440a29b3ed7e061e1a2e86a9355a4107456dde1e
kubernetes-server-linux-s390x.tar.gz b0bab92c5ece7cd34763fbb2985168eb0d15bb3dcd617536d8d9ec5f43be5b5e19e0979373ebac48436d2f2b16de116e4c983ee55b4b2c48a577f8c62a76646d

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz b578a152d432470e8a6e44f23eba4c17bf1747dcfc0c6f36d3734e5483c06dd2bad348053bf89cd14556ea2ff7d7d9af744a489c8408b6479b3fbcb2d17d157a
kubernetes-node-linux-arm.tar.gz 253aae45799fc6c2fa84f9d87c604358853c92fe485856df9bda66edddc12e772b2f95c2b0e50e759809cafe7db5cc4e44c0f2632df54e3abbdb9575203cbf3f
kubernetes-node-linux-arm64.tar.gz 1178bbe0051c93f6a481a4f6b413cfa376ac2acab0c3b0c57e73f2ab76e6a445ddda231b705ddb7b2c600785b45865745e16d81b1f0121090e658e1116eebd88
kubernetes-node-linux-ppc64le.tar.gz 0c3b4454224d54087c7c668d17d80907296795bf68e4dc254729adea2caece85065bf6980fb71ce49fa3dd6c70c82149a6314efa6d3819529cbffa90b31c253b
kubernetes-node-linux-s390x.tar.gz 7287e6b1a8da46dc811924f46ba4148252e398d4e9898f4b08e8184f7f1180dba8086636834304a2f75f53bd742b0ee33e80064beb23bd4c2cfb50182cb0d8b5
kubernetes-node-windows-amd64.tar.gz a38da7f4c9563b477e8fa8b0898c86a7dfab4c08ee67a2b9cbfa1cdc01d9aa6f2e2aa0f23ef143c88802103067dd9a13a9434c2126bf97f301a855b6728dd924

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/kube-controller-manager:v1.22.7 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.22.7 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.22.7 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/conformance:v1.22.7 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.22.7 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.22.6

Changes by Kind

Feature

  • Kubernetes is now built with Golang 1.16.13 (#107614, @palnabarun) [SIG Cloud Provider, Instrumentation, Release and Testing]
  • Kubernetes is now built with Golang 1.16.14 (#108101, @xmudrii) [SIG Cloud Provider, Instrumentation, Release and Testing]

Bug or Regression

  • Fix Azurefile volumeid collision issue in csi migration (#107575, @andyzhangx) [SIG Cloud Provider and Storage]
  • Fix: delete non existing Azure disk issue (#107406, @andyzhangx) [SIG Cloud Provider]
  • Fix: ignore the case when comparing azure tags in service annotation (azure) (#107580, @nilo19) [SIG Cloud Provider]

Dependencies

Added

Nothing has changed.

Changed

  • k8s.io/utils: bdf08cb → 6203023

Removed

Nothing has changed.

v1.22.6

Downloads for v1.22.6

Source Code

filename sha512 hash
kubernetes.tar.gz 9de3bac1ff573451b105ff342c4180dd120101cceb991ba80acd854dbfb6f5d2463ce7be500fe5b0a40a1913b419de910ab93059100efb9de6d6656ebe3abb9c
kubernetes-src.tar.gz de3514181e2ddcce73168271a94df7cc7c6e9fa1c712159c8d0808708c37eb0fa6bedc43a38d3aafa80f3494e953db241428ba93c2c12e332634870860e11378

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 59fd0acfc585005096da52788405938c3d26cebf2f053b4183495a441ff6172edb34e77a1cb67681630104424f6b87c7eeb358b7d2415fdafe963da79ca0dfab
kubernetes-client-darwin-arm64.tar.gz b81c3683009b221d00f687cc9cea0672a5275a9fd9ab3dfb504ed0bd07c73f9119b20f490a2e4bf65bfb2393ec3fc0f6678db1d6087e7223563871717411440e
kubernetes-client-linux-386.tar.gz c5ab572a8fd1821afbccd5e9d35c7d2fa3f2d796d83980a0ee8f7c5d772a9cc20ebf9e84697e2894b024823d42577292f577961b3aa3b7ba5e985ca731a5e47e
kubernetes-client-linux-amd64.tar.gz fb4b3d0f8788a0f7d50ec1d514a25a90f7a587147c85b1c6d47f1cca2ad9b88aa557c8cd370831032416363a3c429c187c568fa2ec49df058fac9610033a249c
kubernetes-client-linux-arm.tar.gz bc40df3451c6e3ca24d4fd766e9b4c6f27d2871c3f36e2282efc090e3e7bb6a34669af3819b7dc507d161677274e77706053150b236783251fc844ff6595938f
kubernetes-client-linux-arm64.tar.gz e95a53246f3ecc829254c7a0341240432836aae9d4991a11b3827046205f8c28475538bc3e370e4945c6030ba1495c177023914b0de24978e72470eda0475c26
kubernetes-client-linux-ppc64le.tar.gz fb90b5e3b2348fbc491be984d14aede4bf14e7736ad3117e91fc35472be25d6c44851b32f714ef0ede6c99a79188d8dcd6438fe3525699d37f3dfe4d77e9e0a7
kubernetes-client-linux-s390x.tar.gz 4089c168bfcefd59dc202fd9e3cdce88c1795afb3842ad713327725033e885d9eb5ccccd974fcf29466d170797425778acc5641717c24fb91469579da6a1999a
kubernetes-client-windows-386.tar.gz 8aaab2816c0ea1061ed237671b11deb2f9d4163f41ce4a9a5efb1593ad8922bef5e6a52a9d9ae475779943148e631fa1075729cfb2520947c5c8ce42ce928d46
kubernetes-client-windows-amd64.tar.gz 80ffc938548ced2de71e28a7e60612da2444af96a0e59b3420cb665f819f1207010b907effe29528318b46b0db873f9a2582ab97c7d80b12fb600cdb054676f3

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 1cb38b9477ab9cdf4025e18d7b53a280d2a91f898f79ea0e2bbdde289c0f634f44cedf0499528bc064b104f5c58bbbfc23d9f9656bb50d7907facdc2cd5f36e0
kubernetes-server-linux-arm.tar.gz c43f6181dd124c96a1fa99741c6dcb2ad66797891a71d4e2f591aaa1031b1329f29e4b4bb3d5415882563930526e041178c3ec4a6752fa92776c81f453e8435e
kubernetes-server-linux-arm64.tar.gz c3605a4503a3c1b7325aa854b42744901cbf6e0153b9c6d88e548c532fe1c4ae07c6760db81c45ac1b04ad2a48115c1d0901dcd1d8b5767032db6ba10c0bfdb7
kubernetes-server-linux-ppc64le.tar.gz 1a3888898dd6b017bba044c382af3de91f5f9bb11f59734c9c0ac9e31cdf6b68f15f6d593cb1e8d484862de6c665c5250556a9fc9e2fe22713a1f4ef035739c6
kubernetes-server-linux-s390x.tar.gz 70b04c139f32a3879d1b8ca45a07c96eb48e074dbbd6bc1599087d2ba90c4dc97add24932f67d3f294a1ee771cbff458fe81357256f03269b78893abe723a2ce

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz f11f3fef5d6139c69da80264872dce3c00e78f8c8af70584c3beb43723ac0a796277700b3f750b04629f9f4d291c21bb0abd956bca4d31b9c6742c952e0d964d
kubernetes-node-linux-arm.tar.gz 859899e56d7af13abe515711b1ecaa3e8a2c30e118c37a2320566fe7c4a2cb20ae36320e50325b3af148b7492b64d8968e54cff4bcf668b1087875fbd0740d1c
kubernetes-node-linux-arm64.tar.gz 8d8f452467ef5f101fd2ee353b0c6fff72ffdecc95e317d1610186c364589fef0ce78f42ba76e111f2319b6b5937d3cb32eae9b3c82e9ef908d9b901c6e6d3e1
kubernetes-node-linux-ppc64le.tar.gz 9b174ad2948dd8632b3d681d74cb4f944b38b936133af486a51ffcbda7fbb5bea62311fa946033427c33772ad4910d7d23890d241ab39140ec0bb5158aff20c7
kubernetes-node-linux-s390x.tar.gz 581acbbbb7c59ff3398406853d3b3ead42a429680e681bf9cb4f8ddabd870ff0499fdadf2508edc8f51c0f13037403549dbd9787e053d943f27bdd549cf57422
kubernetes-node-windows-amd64.tar.gz 793e870d16b5d7a4fa31919571e65c1d3a811ce9159cb427416d75cf05c0d30c00839074a424a690cddabb2c35dc0ee7d516a49e2cb4aa5100eecebc6d33b189

Changelog since v1.22.5

Changes by Kind

Feature

  • Kube-apiserver: when merging lists, Server Side Apply now prefers the order of the submitted request instead of the existing persisted object (#107568, @jiahuif) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing]

Bug or Regression

  • An inefficient lock in EndpointSlice controller metrics cache has been reworked. Network programming latency may be significantly reduced in certain scenarios, especially in clusters with a large number of Services. (#107168, @robscott) [SIG Apps and Network]
  • Client-go: fix that paged list calls with ResourceVersionMatch set would fail once paging kicked in. (#107335, @fasaxc) [SIG API Machinery]
  • Fix a panic when using invalid output format in kubectl create secret command (#107346, @rikatz) [SIG CLI]
  • Fix: azuredisk parameter lowercase translation issue (#107429, @andyzhangx) [SIG Cloud Provider and Storage]
  • Fixes a rare race condition handling requests that timeout (#107459, @liggitt) [SIG API Machinery]
  • Mount-utils: Detect potential stale file handle (#107039, @andyzhangx) [SIG Storage]

Other (Cleanup or Flake)

  • Updates konnectivity-network-proxy to v0.0.27. This includes a memory leak fix for the network proxy (#107187, @rata) [SIG API Machinery, Auth and Cloud Provider]

Dependencies

Added

Nothing has changed.

Changed

  • github.com/google/cadvisor: v0.39.2 → v0.39.3
  • sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.22 → v0.0.27
  • sigs.k8s.io/structured-merge-diff/v4: v4.1.2 → v4.2.1

Removed

Nothing has changed.

v1.22.5

Downloads for v1.22.5

Source Code

filename sha512 hash
kubernetes.tar.gz 69c9877045226fda433c07bf71648b4a9eaa65cca6164d9e003162d0f35f978fb37c1b97f94280b053bba5732d99142f6c363ddce948fdb5c2b731ae2b76d434
kubernetes-src.tar.gz e458b8c6e1c8c1cee6d9769024e2d852a69c0972e56ad36a6265af8e4750d5346be7d49d63d9262d9bd2ecea558254dea58a3f01d765e80b969d62c02bd46eeb

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 728d955109e2591e447daccf77ee8a6a35b45a32bfc2d699d4b94195dfcc0f53efabab6a650c55bf07f502463f2c4cb3d24d7630496882c6832766afe39d1a9f
kubernetes-client-darwin-arm64.tar.gz 0a992bcc28aa3a19527244d48855f10b4a11f9896528eef9b50cf19162919e159220e8cd90ae9b849412d43d27f202f16231446e88d3de8143f9ed0a01b5fbf4
kubernetes-client-linux-386.tar.gz 6ada9bc632927b6b7acc9f375b3d7b5a56672dca8e92eee6963ec7c8882d615866d939319fe0a6236ce15a7f8e3575bb7f01345809d19e65f8cfc0b1a531f080
kubernetes-client-linux-amd64.tar.gz 482729754db48514565eb70b69825f2562d6ac07c60643bcff538472e5835f4beba0f1b98b96a8ef023cf83ba323c85b2e57411901ba0b13e2ccdc46eceeae35
kubernetes-client-linux-arm.tar.gz 25d69c65c2283d1e13a7a0e850cc4779541a0668734db8514bb775926215f764c957a43cd5279240b8fde9c49e87ab29ad5c2ddd314d3485a5c8817df952110e
kubernetes-client-linux-arm64.tar.gz d02077d841ec27e82433d6206584ae8e707e8680cb429ec4ecb6cfb02834d4bc575a3a15aefd08e723bcef0a08d2c07693634cee2be1cc2572c3f407fbb61015
kubernetes-client-linux-ppc64le.tar.gz 874356396aa6c98ad3f5fd6e0fb3b083cf9c3affa117ad6c9558aa0baae70adc00390c037d02582cfc8f015c90033a283a2d1e75c271f03308b5c3a5a8718faa
kubernetes-client-linux-s390x.tar.gz c040fa3fc6cfa7e52d17525a2ddb28b595082bf4a205677125b6b8c59ef1c3b1854832adfe68e1d214decebfd4642cd8fc1cfefe3b67ce23c506dfe800917c03
kubernetes-client-windows-386.tar.gz af220977a225ac5ac6d61b293e897eca57bb4dee51c4847d2abb0bcf808a936369dd6101fc366af7e51cad277859f16ad38fb7dde3d6b92e5b80b58a8af5a2d4
kubernetes-client-windows-amd64.tar.gz 0adcf8b4fa232c9e98d4cd483f074a5b60c8ea20d93694a79eed36486101da2f670fdcba0e9e57e9a8f074d2eeff4dcfecbb91bd84db8486e8596d24d914142c

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 3647fc86e0420fd8bc2a2f0253f12826b80faad1ffa9a0028b2c06e12ba128b2726d3a05452f8507206a77b7dfac6abe605566bd577b2e0f096b29622c4f3e26
kubernetes-server-linux-arm.tar.gz 56cf068dd6f5d052b8de09c11951580f179aadf64aae5a412db961b386e66470f9f43b98d0e24fdf3b9ab388392c509d7474156ea18fddc21459961c5a1a0c00
kubernetes-server-linux-arm64.tar.gz 5bf2a258b690637089f72df9f6f17e63bedfe42354c8148021611913a91edca7acab94dfa4f26290e19f938595728d64eb7a81a964ef004c52e1c2a5ab0706ca
kubernetes-server-linux-ppc64le.tar.gz 2ad728a18bddb5de6fb99b2c811b4df444a857c359d73e3beff4ec5c745706d475597a24dbfbb415859a0e36f587531b641833c4f0568649356e0dedc25ba622
kubernetes-server-linux-s390x.tar.gz e3c4b3883810298aa1b2153d9d291b22840c6b0d93a98bee5a59df97abf6da60dd38c0408c92ede592211bc97a09d950669d64d3d313a93c578d8f93cb6e33e5

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz d1e4050c3d54569b0314224bc6881c6e024062a3bd86e73c337cb9d9ec0824df7c5cca07101f0c1190cc57b88d60fda3f2053fb363be42adf2e9675a084b90c5
kubernetes-node-linux-arm.tar.gz 908d5ccbbb1d1f5a721bfa00d5cfb87df5baedc969a77871e7e54f00261e20990549f449c0fc71016a94f8502e31f613a50a89c085662bfb69c11f633e225dfc
kubernetes-node-linux-arm64.tar.gz 25771c545f46983bf808405d3f4121987250306e3c3b006062cc22899f0c8e20358a06a47711eb297ee63ef49cf0ce326f1caa635c9442f6570ebb09099f1195
kubernetes-node-linux-ppc64le.tar.gz 7149191c453244fda3e687d1afe007a488af143bbde05c1df876cccf5a72f942ed8d5e5d45ed03bca9db633244cc3cf0003d255988d6c7b78d291437d4336095
kubernetes-node-linux-s390x.tar.gz 3412558a19842daaa69f83b5a46eb133f9e5dbbefd7af350c616b14feca44eb217645d69293937d6a72b8960d7e8d36b401fdc0bd6f7a57d8eb357964a0c1b76
kubernetes-node-windows-amd64.tar.gz 72d33ad9197de9511012b066b48163211db02c57a7ac99695e93a46640da16beb80ca9041c0f59c5eaada9089df4d4139a4a0ab96105c1d61af90f5022f7e83c

Changelog since v1.22.4

Changes by Kind

Feature

  • Kubernetes is now built with Golang 1.16.11 (#106837, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]
  • Kubernetes is now built with Golang 1.16.12 (#106982, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]
  • Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63 (#106960, @cpanato) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]

Bug or Regression

  • A pod that the Kubelet rejects was still considered as being accepted for a brief period of time after rejection, which might cause some pods to be rejected briefly that could fit on the node. A pod that is still terminating (but has status indicating it has failed) may also still be consuming resources and so should also be considered. (#104918, @ehashman) [SIG Node]
  • Fix: skip instance not found when decoupling vmss from lb (#105836, @nilo19) [SIG Cloud Provider]
  • Kubeadm: allow the "certs check-expiration" command to not require the existence of the cluster CA key (ca.key file) when checking the expiration of managed certificates in kubeconfig files. (#106930, @neolit123) [SIG Cluster Lifecycle]
  • Kubeadm: during execution of the "check expiration" command, treat the etcd CA as external if there is a missing etcd CA key file (etcd/ca.key) and perform the proper validation on certificates signed by the etcd CA. Additionally, make sure that the CA for all entries in the output table is included - for both certificates on disk and in kubeconfig files. (#106925, @neolit123) [SIG Cluster Lifecycle]
  • Respect grace period when updating static pods. (#106394, @gjkim42) [SIG Node and Testing]
  • Reverts graceful node shutdown to match 1.21 behavior of setting pods that have not yet successfully completed to "Failed" phase if the GracefulNodeShutdown feature is enabled in kubelet. The GracefulNodeShutdown feature is beta and must be explicitly configured via kubelet config to be enabled in 1.21+. This changes 1.22 and 1.23 behavior on node shutdown to match 1.21. If you do not want pods to be marked terminated on node shutdown in 1.22 and 1.23, disable the GracefulNodeShutdown feature. (#106899, @bobbypage) [SIG Node]
  • Scheduler's assumed pods have 2min instead of 30s to receive nodeName pod updates (#106633, @ahg-g) [SIG Scheduling]

Dependencies

Added

Nothing has changed.

Changed

  • golang.org/x/net: 37e1c6a → 491a49a

Removed

Nothing has changed.

v1.22.4

Downloads for v1.22.4

Source Code

filename sha512 hash
kubernetes.tar.gz 5d8f53b29f14313b029d7f313b8f11b6f51577d5679a85e114579f4308488ab2a553c2eb0c8e202f1af81548311006cc6b2d2d11af5640b69bb99fe797b8db09
kubernetes-src.tar.gz 53f63c58cba8d1e9b538cae9a360fd848f750d4fcd8574fc4439572440b42da2dc8e4b00a7fddff6a0895efdee0b5e0b1c4f262edc6ec0f4316ecce74150cff0

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 3213b109eb8ce2394ca9817ef364ea7a334f4c6c84dc409b06b0f66008327eac08bbbddffaff3e546144f0bf27bb66bcdbb3c74d4cc64021927448b035b72697
kubernetes-client-darwin-arm64.tar.gz e533036f247d528198d223ff65097184952c35052db27620eec6dba8008a7a14993f31c44c941bdc1a977d08f09ed5c1bb9521cf1413613e5a3682f5c9e41dbf
kubernetes-client-linux-386.tar.gz 2d6436be76ecd070348b76293f1a1ff9c8747df9c78b930578ed1151e981875c74d0c3b7ab059cdb6ea18dd50a9c89d4831d405357ac1ec1421a46a416f39a08
kubernetes-client-linux-amd64.tar.gz a3da93d56c64a80adc5b58044ecb52204507c733350972e7448e759c040fe3f72584f20d88a46b23bed9f021fc745cdb0530619416006170392d4fb7f69b28f5
kubernetes-client-linux-arm.tar.gz d9814036686de7ae72f94f5f7e12542112bbbd4a7d989599c6d946e71d6f83c89e56f64b4cd3db862a5ed2d23c578816cf5badb9305bfa1b62b7294257361112
kubernetes-client-linux-arm64.tar.gz a3f1be1bd89504d8cfcf81c86d7245919af6ddd29785041b6f2e64a55952a806fa4660b51573bbde66848b47fd2150b3b7540e631dcfe9057d26ed688e1f6cbb
kubernetes-client-linux-ppc64le.tar.gz c4844c1e359f6176104a3c77c5197234787ac5053c23c0fbaeceaa165f56ed71b0ea564dcb440aa80615c3370c7ce94b89cea19ca414752579f1c71b375ba2f5
kubernetes-client-linux-s390x.tar.gz 9a52bd1e9c81d11b17b21bcad3f2311d91e33392eb43a63acfcdd0c278c9c4bdbe754a911a6f9b080d438a805e982683919a9bc46ca45bdf4f185c36b8622ef8
kubernetes-client-windows-386.tar.gz f5214dce1529801a7ec042d7fa2636fe1b0340518e1bfd367b6f411e035d5ab440cdd6c9e6471024873aae41f64078c9083ffe4c13bd617cfe76b51f65303635
kubernetes-client-windows-amd64.tar.gz 0c7b36a2bc721e783a6a1936b8729a1e2944c97e50377a29660485d68b0ba349e596a7366da23d23d14485e7e37eac07677d56931391764c291b21abeed30b52

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 7a2f9a358d74bdf30203ddb9315a5e733ecf8e9047a02b4a523ed347288e5e84013b30f918dff7e706413d817e3838cb79f1e3dbafe4af3a532bcfc4cdf11dac
kubernetes-server-linux-arm.tar.gz 4ed7ac4dcd15011996ed8f1634a4169dbc553155b6a63130916c87d59fcaab90fac8d8922da9a32dce0cb55c2a954b63ac3c747334adff116e53c6fbac5da1b1
kubernetes-server-linux-arm64.tar.gz 5a21cf29ec7e58087d4814f507fa4dd2e09183e4b57cb800b928b0f23437bf852a756325a8ffc6eb79269644832c000cad048a2048942cc06f1e817f750dc9c1
kubernetes-server-linux-ppc64le.tar.gz c88ddb75f185c6cf5da6abf4d389defad8249b863ab9c31174de040dc0d1388938daed90fe622dfef2235a2b6d5ae898d33d73482d40c9cb3a8b4c7f50c53b23
kubernetes-server-linux-s390x.tar.gz 72fc1f7f17792c827543fbaef965bdcba47b0abd764f1c1cb95ab08fa56ef9ed8359196f00be871c54da54c3e270d2158e68043e112a23a7621e9eb7b29b6073

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 6a12aebaf4550eb7fb42bb66d4bc67c5dcb9e628dc7db444d8e10cc279b7913e202eb98c0b7aa3f546d7055648d2ea37f50a900b1d8daf48cb65118be0e4466c
kubernetes-node-linux-arm.tar.gz d4bf028ce4bdc513498272c17eb9dd0dc8db82ce00274b07b061c1ee0b1c8f6bcee599e08414bd8049dffe5c5b942724df72dfce02f4aeaed5f704daa59a3739
kubernetes-node-linux-arm64.tar.gz 4c23fc3b3e274577f70a8c11213acc585e9c0162285e110fada3a826e9ea0fdd2b46c24a7c234fcefdbf30ce5341c7f3b0348bc0e3bc510fe1cd1935783db295
kubernetes-node-linux-ppc64le.tar.gz 0bba195a3552e3d173459299669ff1bf933b82be6b93647fdcda9681c0662273f5b1cef0d197348a23e537e3cb4e0db66e0b84edacfe07fcf028577f4dabc268
kubernetes-node-linux-s390x.tar.gz 7e30fb801a8d695615de5633aa8e9877c377cbbe7b38190052e1e2ecf85046bc2c1fa79828284cdcf229c60e12ceffabdd55c0703a1ea4d37c3b21ccdf6afa6b
kubernetes-node-windows-amd64.tar.gz eb8dd4ffed0b8a92c11583eeae7bd446e1e3211a444b7398b8c9a847da3a3b28784efb410c1cd7f3f33f46c521078528462c71f39d53e1425685bc8d5962b563

Changelog since v1.22.3

Changes by Kind

Feature

  • Kubernetes is now built with Golang 1.16.10 (#106223, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]
  • Update debian-base, debian-iptables, setcap images to pick up CVE fixes
    • Debian-base to v1.9.0
    • Debian-iptables to v1.6.7
    • setcap to v2.0.4 (#106143, @cpanato) [SIG Release and Testing]

Failing Test

  • Fixes hostpath storage e2e tests within SELinux enabled env (#105786, @Elbehery) [SIG Testing]

Bug or Regression

  • EndpointSlice Mirroring controller now cleans up managed EndpointSlices when a Service selector is added (#106132, @robscott) [SIG Apps, Network and Testing]

  • Fix a bug that --disabled-metrics doesn't function well. (#105793, @Huang-Wei) [SIG API Machinery, Cluster Lifecycle and Instrumentation]

  • Fix a panic in kubectl when creating secrets with an improper output type (#106356, @lauchokyip) [SIG CLI]

  • Fix concurrent map access causing panics when logging timed-out API calls. (#106112, @marseel) [SIG API Machinery]

  • Fix kube-proxy regression on UDP services because the logic to detect stale connections was not considering if the endpoint was ready. (#106239, @aojea) [SIG Network and Testing]

  • Fix scoring for NodeResourcesBalancedAllocation plugins when nodes have containers with no requests. (#106081, @ahmad-diaa) [SIG Scheduling]

  • Support more than 100 disk mounts on Windows (#105673, @andyzhangx) [SIG Storage and Windows]

  • The --leader-elect* CLI args are now honored correctly in scheduler. (#106130, @Huang-Wei) [SIG Scheduling]

  • The kube-proxy sync_proxy_rules_iptables_total metric now gives the correct number of rules, rather than being off by one.

    Fixed multiple iptables proxy regressions introduced in 1.22:

    • When using Services with SessionAffinity, client affinity for an endpoint now gets broken when that endpoint becomes non-ready (rather than continuing until the endpoint is fully deleted).

    • Traffic to a service IP now starts getting rejected (as opposed to merely dropped) as soon as there are no longer any usable endpoints, rather than waiting until all of the terminating endpoints have terminated even when those terminating endpoints were not being used.

    • Chains for endpoints that won't be used are no longer output to iptables, saving a bit of memory/time/cpu. (#106373, @aojea) [SIG Network]

  • Watch requests that are delegated to aggregated apiservers no longer reserve concurrency units (seats) in the API Priority and Fairness dispatcher for their entire duration. (#105827, @benluddy) [SIG API Machinery]

Dependencies

Added

Nothing has changed.

Changed

  • k8s.io/kube-openapi: 9528897 → 2043435

Removed

Nothing has changed.

v1.22.3

Downloads for v1.22.3

Source Code

filename sha512 hash
kubernetes.tar.gz 515be8024601706fa45090f98434f10e1742ce1f92964e4d4d405ea7baef62ec96b12f00c0560fde367fee514a42c1781b74235666a691f45ac2a2bd69695cc6
kubernetes-src.tar.gz 7bf0317295bb815925a6d3f6d6385e2a3f4100b4c6c62735dd0d0b8693e0687c394dccdef5f16a4210337f60343bf65f9c971558f62c890edaf6fef3309642c4

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz df3a78f4c1a5e7680271de709295e1150e9c1c817cd06cee4b11909e81bb94aabd674b575adb5c75b4ee53c9d580c47acead3176bf34b9b1e96de65e954056f5
kubernetes-client-darwin-arm64.tar.gz 78d60fd871da818d489ccd11512f3222484814a0eda17300ed4d17cda46e94c3c4ed61604e8dfe4ca1090115c1fb74322977495b0c781d6869cdad24c90baf21
kubernetes-client-linux-386.tar.gz 93e1d46781884df23223f1e918e3218bfe1d79eca62b6597c4eedd59422cbbfa21e852a97cecc0c5cb3da1938ec33a3e1a8b94fb2018d04327c14f71f9a48f05
kubernetes-client-linux-amd64.tar.gz 3f3d706163e142cf5ee8e6031b68e9a14236ce085bdfbaa5e8c1a599c15e5ee002248b7ed985a577307ceecb5cb531b9a399f1a4264e77d71597d569172a2ee6
kubernetes-client-linux-arm.tar.gz 22229218e7043c715ed5bfcb18238f93e654f4e030d458992ea7e1bf6e196a4c91d1326a72811a9853ad00ca63d5df91bc4ff2166e6357debecc6d0e8a93e294
kubernetes-client-linux-arm64.tar.gz e821caba3e8f45267b9f5eabb5ce62566e8165823b2711d2dc2b8ac5b4b44d7f4a422e9a15703619cea2c13ed75e12e30c8c8f0ea9405aa7b821cd6bff98cf66
kubernetes-client-linux-ppc64le.tar.gz 8166cc544183c0257a3e571fca0554ee50f7ea04a11a4ff9d342672ec61b626e4cdd2eef80c2f0738c75a86f50da84f45f103a9888778b2e1e9c2efba0d5deed
kubernetes-client-linux-s390x.tar.gz 11416f8164d57843104914cd02577828a99334df8bb37463a8a7ef44fa2945f6f4cda8dda88e0a9f84903e5decb781c03873fb813b98f36e1e79b9751ccea831
kubernetes-client-windows-386.tar.gz 60d74e28451f212f23efd8a9292722105377449877050417eb901f2812b5e57c8e60373a3550804a0c1e183d177b2b255290a0cd0828e02904d8dbfc1a5590cc
kubernetes-client-windows-amd64.tar.gz 232fa5f80a5841c03fa13782988f6a9ffcf065888713a2d8f95b1ca64665ae0086faed7109d20e487fb6445ef03b84ee46f8ffdd65570eeb562337e95862bcf5

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 3eea6a889b23d361356dcc2282591e23aac7e299f6c54b70c475dc92c3b51f9a91da12847b1265f2ef9fc110cb4776d6214ab7ab9bf1e49b4d10b5bf8284842d
kubernetes-server-linux-arm.tar.gz 0036b97628601ca6c65f91fe6dff2d8949b9379c6076602487acc74eaf8c75f534c53bb76ffe64b1528629b669697f15c63aa730bccd2a259f9577f284be1593
kubernetes-server-linux-arm64.tar.gz 49b3b0e0a7e36771bb104bb42cbe879b6a08a7b6d2993398a7590fd511a7cab1c8e267abb30fea0b04898a3102286ab141b2b63d6a609fb2b02b19012b6e26a1
kubernetes-server-linux-ppc64le.tar.gz 64fd35ae9b340b9bc78f84aaa66cc9bf5ed548d86af310c19fbe184e16a2077864bcec93a97f23df2e195cdfeec06e79332915f25c05ce7ce6262cdffc826451
kubernetes-server-linux-s390x.tar.gz b5f369b3b47c65f179b2c7e5463ae006199d2b8638a0be51e2820257531e59c6e39f79f0826c8f0b11408884e338acb2137d68a31f6060cf6fbe85246da0412b

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 7655e45ac74a2ab4f40ea91d6199e60c871e2e0f3a0942b3823c3e372df337de7246ad6d5368bcce4e9807b6413c7f5d928b5b9d8abb35888b54c9f2c288ca63
kubernetes-node-linux-arm.tar.gz 111ee23614e2f307a62c2554ce441df832932c16fb6cde6b240378f516f350e8e28209d169784b3fe2f6ab421a2f5dc57e5e557e7b664987c97528b81d311bb7
kubernetes-node-linux-arm64.tar.gz 6d5b25938512c32bf9e324257af306b4e6091f17af91387b5674dfd2422a877d7afbc647bfcd1d9e6eac49d6707016704ce68e82eacde83029a1745c588eb505
kubernetes-node-linux-ppc64le.tar.gz 8dae0a057658bebcaf5e586230e58cb9ddc4e2099daa5851a7d7b26131200c22c433870469471f31ef34e61ab0c85cf75bba8d0df6aba94e6a9228b4b730a426
kubernetes-node-linux-s390x.tar.gz ceec8049c3592cc280bf88ed921fe8e845b632aaa72bc206aa23ec574e1e7518b25727cfdd9a031a774247e085cd362bd0a931fb17f65894640d4d53c4b85d8a
kubernetes-node-windows-amd64.tar.gz 92902909a903f0fc354fd5c7b8e2e7915ed49a0f3ae2c19b3d119efcc8da7cd675b2930ceb483d1980e033037c4d174a28d88ef03d9f90b7a186dc365a3de100

Changelog since v1.22.2

Changes by Kind

API Change

  • Kube-apiserver: Fixes handling of CRD schemas containing literal null values in enums (#104988, @liggitt) [SIG API Machinery, Apps and Network]

Feature

  • Kubernetes is now built with Golang 1.16.9 (#105671, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]

Bug or Regression

  • Fix: consolidate logs for instance not found error (#105366, @nilo19) [SIG Cloud Provider]
  • Fix: ignore not a VMSS error for VMAS nodes in EnsureBackendPoolDeleted. (#105400, @ialidzhikov) [SIG Cloud Provider]
  • Fixes a regression on Kubelet restart and pod statuses. (#105560, @rphillips) [SIG Node and Testing]
  • Fixes kubelet memory regression in 1.22 (#105452, @liggitt) [SIG Node]
  • Fixes the kubelet's ability to restart static pods (#105075, @rphillips) [SIG Node and Testing]
  • Kube-proxy(ipvs mode) : delete stale conntrack UDP entries for loadbalancer ingress IP. (#105650, @VivekThrivikraman-est) [SIG Network]
  • Release-note Removed error message label from kubelet_started_pods_errors_total metric (#105213, @yxxhero) [SIG Instrumentation and Node]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.22.2

Downloads for v1.22.2

Source Code

filename sha512 hash
kubernetes.tar.gz 5a567e5133a04da82a656b072151fa2b8a6b680db85a4faf69f6e727d2ec9889fd2bae9c5be8562074352c67eace863c894b734650e07e7fce91dcf5986f9357
kubernetes-src.tar.gz eebf175f20ebee1ac03a067b66a680e67bc2f9a209c699ff9954d53a6f37e35ae832397ead051c993b14aa12d627b16e5d89518cf2974a1a26a8ed28277458e0

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 264ccda40e275da89d66284002ab7818880bb37056053d0d2e8d535cd835f2f56fc43e995c76ea9041e25a59f8f6b4cff8710130c285fcf383c5417926e371d1
kubernetes-client-darwin-arm64.tar.gz 04aa25b204d289e5abd704055a05adee331dac9d075791737b64033142d1c43238773ab2357b308fdde5ff1cc390a686ed5efa3be424b4324dae361418d898d9
kubernetes-client-linux-386.tar.gz c3b8f0b54fc9fcf64f87af93ca74d3e2eb87fbfdc346e09ed36406827fab29ac63e0feefe6f47612d26caacb9ed2d56189ae29c996d98c35b4984a87a51c1507
kubernetes-client-linux-amd64.tar.gz 09694e377b5104c47d291626cdb9c199519119b0ae27c1d9ed61b6dd544f462032026188a298f533494ad04ec6e0366ed3e3eac89122f658c2efee433b25090f
kubernetes-client-linux-arm.tar.gz 39b9a64d6f58ec42455985c9feb785ea6f9354612f16bc9e4c2e1ae6a74bf5e252d609907ad6c9b7ba4ba84763cc2382531115ed1c5265eb91d457ec6cb8a31d
kubernetes-client-linux-arm64.tar.gz 832a8b023f3b4f54ba21ac2e9e74aa686522441619c53f73b3cf34efe9ee4df447447526215b68f759564f3be9929436247b23250d29202eef87c7c1f58bb26b
kubernetes-client-linux-ppc64le.tar.gz b078e73d0dabb6cb4409aa2a01f4139cda82228573f6702a2890b84417750bfcf01c868d2914f7231361a0782e40082bdef9460cd59e4d04a210b7278495d495
kubernetes-client-linux-s390x.tar.gz c7f4776df0613e0c76e9e7e42d3020d2391daba0f50530df246cd65767dc394346d3acc0be91b1fc3eabcb930e73afcf4ad1068110d859b4fdd2f6a0cca4b69b
kubernetes-client-windows-386.tar.gz 27f770302a66b922b04fe810687fd1b36cfe9a96e12d67ed8e3873d2b27dc3bb2df55ba5e305c64184d38f20c8ea55627419f37cd8c1822b7716637fe09aff0b
kubernetes-client-windows-amd64.tar.gz dc504970bb4d7555e3d41a0b4762d1d94fbae4118e4399bd49bea8766b41fbcf6e25276efb7dada941d14447e51fc00372535fbf2f6045ea4eca17a8dcd2978d

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 4187b6d62c57412820394c051c14fe00be3c02ecae0f3a9d2dfd62a5e74cc89f2c94e094d3c23e9e5ec130cc2d0f68d7d2f7d6f484cbfbae4939493f44332d76
kubernetes-server-linux-arm.tar.gz 17103d3e88c7542a742fcd758ee75cbab2d54e9c1f5eb9b998b2a278a1401c819fae2234959971a4f9fe8e6f4a491b0bf7cccc3e98efc31a14704282ff74e835
kubernetes-server-linux-arm64.tar.gz c97be69e10f19862f61e898baff43475a1ef59336d9ced5f6688feebece476b6cf78a2f51ee6a3940405ce0d6162e85465515e533fff1716af5bc8266fd94f50
kubernetes-server-linux-ppc64le.tar.gz 1b8e65e010c9885ba5dd2b7b9cbcd4caaca2c9edc5af77b92276d47f3e7b5c2af49eeb1436300682596d0fca15793ada21160a8c58bdc74ef81dead8d391c246
kubernetes-server-linux-s390x.tar.gz a571c3ce7d295628dd7a979765594ba2e6dfe96f494002edd0df4e704dc002eef497655cb31a98991c2bbdd09bd432797e0c778e9bbd8168ded2867b012285d5

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 40e97ee26566af810a2881441572b798c8feb010ac5727507ec379e897dc3cfefc9e6c06f09de8ef0b52d941dbb929003590006cc8cf76403f6c64e231e6759e
kubernetes-node-linux-arm.tar.gz d852803b6cc264f83328e6ecb7d509d083cc4ed9a84dafc2d08c5fc1ef38fc2bf395d9bf5e4c87b11699c047be07a957177157396f61d7e957c7cc08881d3fb8
kubernetes-node-linux-arm64.tar.gz 9b35d16a1d2760a017564f6d09ec17b0aa2ed2b4cd62065d9aa0fe760d080fa8d64feb4ab7fb54eda1b8a1a760b4ee58ac36ad1c134b4adefe3e45872209816e
kubernetes-node-linux-ppc64le.tar.gz dfc779984b3c2859b103ffa446131befe455531b1eedc8dd796871d027d17abf2d33c1ea46f0cdb0c1a349418980e8986dcd10a8fae779966922fe543b070bd0
kubernetes-node-linux-s390x.tar.gz 508b47667233f467418d24a4b55af0d6360ab82744568b207465d035035ff8106dae0ef992cb4af60884be8c27b7370f90c1db161444a9adc90a61814133b361
kubernetes-node-windows-amd64.tar.gz 1d9472eef1be3c640d86e3299c96f55de975311ef3589473024fbcc9b9ff4d1111af993cbafe526ff45ecf7ff01146a5c65224b23f4f2ed289137bcfb6374ab9

Changelog since v1.22.1

Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

Affected Versions:

  • kubelet v1.22.0 - v1.22.1
  • kubelet v1.21.0 - v1.21.4
  • kubelet v1.20.0 - v1.20.10
  • kubelet <= v1.19.14

Fixed Versions:

  • kubelet v1.22.2
  • kubelet v1.21.5
  • kubelet v1.20.11
  • kubelet v1.19.15

This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google.

CVSS Rating: High (8.8) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Changes by Kind

Feature

  • Kubernetes is now built with Golang 1.16.8 (#104905, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]

Bug or Regression

  • Fix Job tracking with finalizers for more than 500 pods, ensuring all finalizers are removed before counting the Pod. (#104876, @alculquicondor) [SIG Apps]
  • Fix: skip case sensitivity when checking Azure NSG rules fix: ensure InstanceShutdownByProviderID return false for creating Azure VMs (#104446, @feiskyer) [SIG Cloud Provider]
  • Fixed occasional pod cgroup freeze when using cgroup v1 and systemd driver. (#104529, @kolyshkin) [SIG Node]
  • Fixes a regression that could cause panics in LRU caches in controller-manager, kubelet, kube-apiserver, or client-go EventSourceObjectSpamFilter (#104469, @liggitt) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage]
  • When using kubectl replace (or the equivalent API call) on a Service, the caller no longer needs to do a read-modify-write cycle to fetch the allocated values for .spec.clusterIP and .spec.ports[].nodePort. Instead the API server will automatically carry these forward from the original object when the new object does not specify them. (#104672, @thockin) [SIG Network]

Dependencies

Added

Nothing has changed.

Changed

  • github.com/opencontainers/runc: v1.0.1 → v1.0.2
  • k8s.io/utils: 4b05e18 → bdf08cb

Removed

Nothing has changed.

v1.22.1

Downloads for v1.22.1

Source Code

filename sha512 hash
kubernetes.tar.gz 4ba0d63665c5959cec560264a260bb1341d09a28f6651e9814982af1ec47aff144e9ad7e6c4273867c864cdf3d12f1e7cbb4bfa44301cf5b9e81f98a345acdfb
kubernetes-src.tar.gz eac27ada62bf719f8d31655fadbb74c2c13793c57fe866e768c86dfbbe90c8ca1c2c07d093f1874c198e49a125968de5951ec8f07d90f8b236a1a1bcb1640b03

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 41dcfff40498335c92d872eb6aa6215d9d84908f79bdf61777d52243a446fffb114313fb586ec6a58908684eaf86fae6b2fbaa70a2a3f06f78470a20ca4d9727
kubernetes-client-darwin-arm64.tar.gz 810b6db31fa9c277044b1b0e39a72430f3ff728722f1fd9cc85143835147314b3fd7a6374d963eeff96cf572d2a0b034e3cab4bc0294a219832d58c40f0c1302
kubernetes-client-linux-386.tar.gz d215c81c9a5274ced217fe09d2111f4073ed225c24c3daa71f91a4f75e38817dea504ff9b9558dcee7bd1a0c26d936c2e2bbe66e30736879fd0fba4aa0438f03
kubernetes-client-linux-amd64.tar.gz 064bd1eaf468c9b4a00e31bec3f9c80850c52cd1e06edfd86f307236acbdba7c89dbe663cbfefdc5ead72f1cb93ba9d21d828558508f0b29f8c814d9085846ca
kubernetes-client-linux-arm.tar.gz 07754877a5f486efb97ddb4a5d0edc8389a59bc7dba2927c73829f1aa77e36593dec6d0ba5386582221c9cf33497ebc68181d8cef4144185cf2817a5d85064c8
kubernetes-client-linux-arm64.tar.gz 0b2265f27baad42425f6d815182261542efba2e5defccdb92668a50ff0f49c831f3af4ea6c38f351004ab1eafc270871e443e673188f37463ee3012da20cfc27
kubernetes-client-linux-ppc64le.tar.gz a689eaef1c0788eb734fd5e70899f4cd0bc4ad6dd9f56827e7d55cab4acb2b1b0035226e69e1230fe74ac45accbbafbcc616c00fabe8dc55b9d8f94519cde253
kubernetes-client-linux-s390x.tar.gz a76300dbd915b232826d022e1fd5b8a336e7de2089d897aed594381ad571396619609498687eba75f2dcb7fe2fb2bfe50fe6a199eda53af8513d9b3b2967b7ec
kubernetes-client-windows-386.tar.gz 46c62a9dd3d5753bf8111a32b19f41babf7c06a10f8931fede339da1605d45f020850bc568cdc9b78300d0d7a5deb4c8602092f8b6667b73bea18eadf758a14c
kubernetes-client-windows-amd64.tar.gz 88e30aee1103ab6b4f3c2bd5570b4f739cbc01b4755bfaee915dcb717ae4d8b0b99457e2bb44cc60f47b77822ce6119fbe77bdfbaaf4afa4220b78b40b1c9b2c

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 66c596577d19c1a609b554e1e61b0bc2c8ba691b2101f481dfc616799e37347edc62956b7684370dec5b16388d48a665ba78c942de4aaf5df1f78cf0667df545
kubernetes-server-linux-arm.tar.gz b2f6d2ef240a2cf829823ef599aad5590f531c6873ace7a682d9f74954f90b9c48d3f5f33460bd050bee87736e37c331a99ed599146cebd5ade36459d41a0842
kubernetes-server-linux-arm64.tar.gz bf7d8978b72409f02c1b7ad5f44a908f31287ee715966e47726c3f9f85c349a14f457cd84160cfe78d4e39233a119afd152528ed79db5eef6558a25098825438
kubernetes-server-linux-ppc64le.tar.gz 9546df4488665af35a7289e77f8b194f12e5939199411fb8f4b2f15db5e669eef9dfba950315205d39f4d89c135fbccd37e8ad9c554a482bb09977234d7d7185
kubernetes-server-linux-s390x.tar.gz e1eb0868e613e27ea7f71df5875c5d0b107a7fc38525151dffd22826c7a47111ece7d3948badb28b1a1c9d8cabca70af54cdc1501e5aadf5c842bf09bd26f1c2

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 53b44fbf58308c18b478ced5629a82d01c67dd6ae5be9559a2d65edae339983bff4d143b1bde062f5d8202ec8241e45da3b087af1fb0aea35afb1812a26450d1
kubernetes-node-linux-arm.tar.gz c3855f27d4001dde9f89f41dc15ddab66a9bd5fa2cc058b65fc47e6c487ac12ef3e2d94ed72e9560a88696a86ef893a548eef3ef78d4528b2903f0f3d487e9df
kubernetes-node-linux-arm64.tar.gz eb6a5cb5270a662a79302472a347a5486b3e0689c0c8ea0ceb62e83f72c043dc3b15ee3d5ec40790a1754748950208d8b5818b3f1d64e44a881720a78f50cc7e
kubernetes-node-linux-ppc64le.tar.gz 45038ed6ee110d04ea7fb18e8f3c5f33aff2cc291a169d7a2f5f37ae1780b534ff5cd2895b7c2a9fb675a8490c9da7518e09f4ca9e2af4d57238557e1021d255
kubernetes-node-linux-s390x.tar.gz 14a286eb32ae450e1afb9bfcf4fd84be259613b1be4d81a4433000c507427f137ff79a6da9f457ade4b668a01c1de76488b134a895d36673531cde372f3ee884
kubernetes-node-windows-amd64.tar.gz a38016acc743eb87d4803d2d06c24fc3315a4db6eacbd3f2060f28355ca96f1b3294b30483b74ecea18fe220a9d1319509f26fe02615fbaa7f1ecd11f76b1f6b

Changelog since v1.22.0

Changes by Kind

Feature

  • Kubernetes is now built with Golang 1.16.7 (#104200, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]

Bug or Regression

  • Fix kube-apiserver metric reporting for the deprecated watch path of /api//watch/... (#104188, @wojtek-t) [SIG API Machinery and Instrumentation]
  • Kube-proxy: delete stale conntrack UDP entries for loadbalancer ingress IP. (#104009, @aojea) [SIG Network]
  • Pass additional flags to subpath mount to avoid flakes in certain conditions (#104346, @mauriciopoppe) [SIG Storage]

Other (Cleanup or Flake)

  • Kube-apiserver: sets an upper-bound on the lifetime of idle keep-alive connections and time to read the headers of incoming requests (#103958, @liggitt) [SIG API Machinery and Node]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.22.0

Documentation

Downloads for v1.22.0

Source Code

filename sha512 hash
kubernetes.tar.gz d1145ec29a8581a4c94a83cefa3658a73bfc7d8e2624d31e735d53551718c9212e477673f74cfa4e430a8367a47bba65e2573162711613e60db54563dc912f00
kubernetes-src.tar.gz 94d4430765ae8463c2509492050ea8925e7a5f1f3e58fb76e2b87602aa89d9a321110fb0c9f9003a8640c53adec12c82200cc5c126eb6e7a6a5716ecae67305b

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 83022159507b761b806551062293c4a88fc513041b758d28fef26f38911b49f6a9581e600f23329563eaf5c62965177a298f7f7919a5bee7170dd34b16348aa6
kubernetes-client-darwin-arm64.tar.gz c3e253a20e2b91a3f83c7f742e7064aa8ec9c89f3d8a37ef593d4ccad88877844074c4bfbfa5d19408e065b7a83eecbac170745561d8a5f6b10637c64d9b1c41
kubernetes-client-linux-386.tar.gz 8c9ac2f45cb475a6c5191a67d27d3bd6e287f71391eb7afcf8fb195322dcaba052bcabd36999961cf07ab38aea68e1bdda49df1bc0c4c4e4e98055bbecc82b58
kubernetes-client-linux-amd64.tar.gz 15707fc968fdb8e3d5cd80bb23fbb4e579e8642d9724ad3b179c6d0f5b7dfe425f1c878a6120101137d4cba2ad2bbd19d677dd84b5bc6f6023c82f6a06e4153e
kubernetes-client-linux-arm.tar.gz a710cff509469d3a35ecd254346b093a7c358f7118b92e52df600bfbdd1230e7340c9a09de6c9fac30996b8c46e3d7b1e2391a2b39a38d43668bd25ddb1782d8
kubernetes-client-linux-arm64.tar.gz d8088e12154654cd5da7e0225b54f0d052132774d37e14d42e31e87a8a4bc34ec1fe18e7574ed5e4fc0b08591979bf788827ac9a0a59de26d0b7ac629bfe1cd8
kubernetes-client-linux-ppc64le.tar.gz 3739185084afcb725ad7612c05fed7c3655fe57bfa06c825736b43568d3672cd1075e7e463edcfa4c3cb429f3c1d349a6127c7deaf1c0542f03ca2b8b6180411
kubernetes-client-linux-s390x.tar.gz be8cf34b3361b479622b5173ec99d5885ced493cbba9e42a1b0587a062e54076f6ea6543f08e9fb55b5a9f41ba64967a3237b1621e75f24684c924d748a5e42e
kubernetes-client-windows-386.tar.gz e8d199b2b124f6fdc9849127791279325814c5fdaeaf54443e878a3616b08ae3a3bf3181432ef64d946d96448e2a6b48f0f0dd5be3902cfbe9d14f34b255da40
kubernetes-client-windows-amd64.tar.gz 03b988b4d184f30e9956736e6fc60841f3b46f5d2017b8ed3b0f790b6f85380c85009050e65b331f76112404550f54db77e42659212623948fcfa969fe25026b

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz d54435de50214faabc49e3659625a689623508128ca9a4f97b4f2c54b40bc9e14dd17e1971c06c90aa74fc335d0038a7ac4b7b90882edb0944af99354d6c9762
kubernetes-server-linux-arm.tar.gz b7349715480fc0245e83a364f1d413831e8677d9c27569302addd4746a83f0c94430a30dddc3394dec31cd542130e4e6a09a5fe90f1dde42a0ed9f11cbf831ac
kubernetes-server-linux-arm64.tar.gz 7517349b33b1d49514276be23c3c52ba946bc3f33b98b6c9aefc8dba1cc034364ccca609f4dbb1f8880696c15e7204a9a584de7abab1184a5ad55ff662bf4f00
kubernetes-server-linux-ppc64le.tar.gz a007a714128a08e7cfa42152d63b3cb99da9e7198a0908d8baeccc56e52a4a6ce50d7a442c020ce0651067193b01cf82230b7bbfc8dd99b7ee9958eaea387645
kubernetes-server-linux-s390x.tar.gz f642555c23121ab5cbeb74f98de054138cce2a929475364794b1a60a1a64197b0d1b28ad5e78279765d389d84ca0d57759f6cdb790c63d6afc80f6cdf2751b8c

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz aa990405a1c6bd6737a8ff89fd536ba28ad62dec7de2e44ae223f4fcb42d6a9ffdfb324144def946b777ac7ba6fac085a49a7977cb79289a3256cced783bf215
kubernetes-node-linux-arm.tar.gz d99a535163c67a4e4fe5c2eca828255bc071f9f9aae0b0c71132980df772844fa493fa4c2ac2f422e76192f2318057301eb451a681eae14ba037632dd47352bf
kubernetes-node-linux-arm64.tar.gz 6cc6de072827944314b4162918ac2eead9900347669e4507f1bb4ddb119ca87c4bc2c15a7dc6305a8b6cb29dea80ea764a145fc62f5ab87fec4a7c3ef7daed66
kubernetes-node-linux-ppc64le.tar.gz dbe9e45152fce851bdfdac9443f3eca4f8f98e4d20dce3dab044ee70c87365ab44158d5fde4f82963816bcb4d4d20fa8d56bf6f6b3e378dc5da5faeec6e8fd55
kubernetes-node-linux-s390x.tar.gz 9d8674ab7590a4e2c3151d709e36c0756af38754d5835611b4f964cc3eaa46064fdaa46acd04f10a3a82cb5599574947de9812d9a7bd05e99d3b7c0dcd1acc5e
kubernetes-node-windows-amd64.tar.gz 9cc73fb1d3f9ec926fd09bc3904d62ec79da4a3c4fb9a5c4c784bc1f08c650711c21fb30874b05db4bd354e4d04b0153296180d89a53c04d9241dd6a1384510d

Changelog since v1.21.0

What's New (Major Themes)

Removal of several beta Kubernetes APIs

A number of APIs are no longer serving specific Beta versions in favour of the GA version of those APIs. All existing objects can be interacted with via general availability APIs. This removal includes beta versions of ValidatingWebhookConfiguration, MutatingWebhookConfiguration, CustomResourceDefinition, APIService, TokenReview, SubjectAccessReview, CertificateSigningRequest, Lease, Ingress, and IngressClass APIs. For the full list check out Deprecated API Migration Guide and the blog post Kubernetes API and Feature Removals In 1.22: Here’s What You Need To Know.

Kubernetes release cadence change

We all have to adapt to change in our lives, and especially so in the past year. The Kubernetes release team was also affected from the COVID-19 pandemic and has listened to its user base regarding the number of releases in a calendar year. From April 23, 2021 it was made official that Kubernetes release cadence has reduced from 4 releases per year to 3 releases per year.

You can read more in the official blog post Kubernetes Release Cadence Change: Here’s What You Need To Know.

External credential providers

Kubernetes client credential plugins have been in beta since 1.11, a few eons ago. With the release of Kubernetes 1.22, this feature set graduates to stable. The GA feature set includes improved support for plugins that provide interactive login flows. This release also contains a number of bug fixes to the feature set. Aspiring plugin authors can look at sample-exec-plugin as a way to get started.

Related to this topic, the in-tree Azure and GCP authentication plugins have been deprecated in favor of out-of-tree implementations.

Server-side Apply graduates to GA

Server-side Apply is a new object merge algorithm, as well as tracking of field ownership, running on the Kubernetes API server. Server-side Apply helps users and controllers manage their resources via declarative configurations. It allows them to create and/or modify their objects declaratively, simply by sending their fully specified intent. After being in beta for a couple releases, Server-side Apply is now generally available.

Container Storage Interface graduations

CSI support for Windows nodes moves to GA in the 1.22 release. In Kubernetes v1.22, Windows privileged containers are only an alpha feature. To allow using CSI storage on Windows nodes, CSIProxy enables CSI node plugins to be deployed as unprivileged pods, using the proxy to perform privileged storage operations on the node.

Another feature moving to GA in v1.22 is CSI Service Account Token support. This feature allows CSI drivers to use pods' bound service account tokens instead of a more privileged identity. It also provides control over to re-publishing these volumes, so that short-lived tokens can be refreshed.

SIG Windows development tools

To grow the developer community, SIG Windows released multiple tools. The new tools support multiple CNI providers (Antrea, Calico), can run on multiple platforms (any vagrant compatible provider, such as Hyper-V, VirtualBox, or vSphere). There is also a new way to run bleeding edge Windows features from scratch by compiling the windows kubelet and kube-proxy, then using them along with daily builds of other Kubernetes components.

Deploy a more secure control plane with kubeadm

A new alpha feature allows running the kubeadm control plane components as non-root users. This is a long requested security measure in kubeadm. To try it you must enable the kubeadm-specific RootlessControlPlane feature gate. When you deploy a cluster using this alpha feature, your control plane runs with lower privileges.

A new v1beta3 configuration API. It iterates over v1beta2 by adding some long requested features and deprecating some existing ones. The V1beta3 is now the preferred API version; the v1beta2 API also remains available and is not yet deprecated.

etcd moves to version 3.5.0

Kubernetes' default backend storage, etcd, has a new release 3.5.0 and the community embraced it. The new release comes with improvements to the Security, performance, monitoring and developer experience. There are numerous bug fixes to lease objects causing memory leaks, and compact operation causing deadlocks and more. A couple of new features are also introduced like the migration to structured logging and build in log rotation. The release comes with a detailed future roadmap to implement a solution to traffic overload. A full and detailed list of changes can be read in the 3.5.0 release announcement.

Kubernetes Node system swap support

Every system administrator or Kubernetes user has been in the same boat regarding setting up and using Kubernetes: disable swap space. With the release of Kubernetes 1.22, alpha support is available to run nodes with swap memory. This change lets administrators opt in to configuring swap on Linux nodes, treating a portion of block storage as additional virtual memory.

Cluster-wide seccomp defaults

A new alpha feature gate SeccompDefault has been added to the kubelet, together with a corresponding command line flag --seccomp-default and kubelet configuration. If both are enabled, then the kubelet's behavior changes for pods that don't explicitly set a seccomp profile. With cluster-wide seccomp defaults, the kubelet uses the RuntimeDefault seccomp profile by default, rather than than Unconfined. This allows enhancing the default cluster wide workload security of the Kubernetes deployment. Security administrators will now sleep better knowing there is some security by default for the workloads.

To learn more about the feature, please refer to the official seccomp tutorial.

Quality of Service for memory resources

Originally, Kubernetes used the v1 cgroups API. With that design, the QoS class for a pod only applied to CPU resources (such as cpu_shares). The Kubernetes cgroup manager uses memory.limit_in_bytes in v1 cgroups to limit the memory capacity for a container, and uses oom_scores to recommend an order for killing container processes if an out-of-memory event occurs. This implementation has shortcomings: for Guaranteed pods, memory can not be fully reserved, and the page cache is at risk of being recycled. For Burstable pods, overcommitting memory (setting request less than limit ) could increase the risk of a container being killed when the Linux kernel detects an out of memory condition.

As an alpha feature, Kubernetes v1.22 can use the cgroups v2 API to control memory allocation and isolation. This feature is designed to improve workload and node availability when there is contention for memory resources.

API changes and improvements for ephemeral containers

The API used to create Ephemeral Containers changed in 1.22. The Ephemeral Containers feature is alpha and disabled by default, and the new API does not work with clients that attempt to use the old API.

For stable features, the kubectl tool follows the Kubernetes version skew policy; however, kubectl v1.21 and older do not support the new API for ephemeral containers. Users who create ephemeral containers using kubectl debug should note that kubectl version 1.22 will attempt to fall back to the old API; older versions of kubectl will not work with cluster versions of 1.22 or later. Please update kubectl to 1.22 if you wish to use kubectl debug with a mix of cluster versions.

Known Issues

CPU and Memory manager are not working correctly for Guaranteed Pods with multiple containers

A regression bug was found where guaranteed Pods with multiple containers do not work properly with set allocations for CPU, Memory, and Device manager. The fix will be availability in coming releases.

CSIMigrationvSphere feature gate has not migrated to new CRD APIs

If CSIMigrationvSphere feature gate is enabled, user should not upgrade to Kubernetes v1.22. vSphere CSI Driver does not support Kubernetes v1.22 yet because it uses v1beta1 CRD APIs. Support for v1.22 will be added at a later release. Check the following document for supported Kubernetes releases for a given vSphere CSI Driver version.

Workloads that saturate nodes with pods may see pods that fail due to node admission

1.22 addressed a long-standing issue in the Kubelet where terminating pods were vulnerable to race conditions leading to early shutdown, resource leaks, or long delays in actually completing pod shutdown. As a consequence of this change the Kubelet now correctly takes into account the resources of running and terminating pods when deciding to accept new pods, since terminating pods are still holding on to those resources. This stricter handling may surface to end users as pod rejections when creating pods that are scheduled to mostly full nodes that have other terminating pods holding the resources the new pods need. The most likely error would be a pod set to Failed phase with reason set to OutOfCpu or OutOfMemory, but any resource on the node that has some fixed limit (including persistent volume counts on cloud nodes, exclusive CPU cores, or unique hardware devices) could trigger the failure. While this behavior is correct it reduces the throughput of pod execution and creates user-visible warnings - future versions of Kubernetes will minimize the likelihood users see pod failures due to this issue. In general, any automation that creates pods must take Kubelet rejections into account, and should be designed to retry and backoff where necessary.

Etcd v3.5.[0-2] data corruption

Data corruption issue was found in etcd v3.5.0 release that was shipped with 1.22 Kubernetes release. Please read up-to-date production recommendations for etcd.

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

  • Audit log files are now created with a mode of 0600. Existing file permissions will not be changed. If you need the audit file to be readable by a non-root user, you can pre-create the file with the desired permissions. (#95387, @JAORMX) [SIG API Machinery and Auth]
  • CSI migration of AWS EBS volumes requires AWS EBS CSI driver ver. 1.0 that supports allowAutoIOPSPerGBIncrease parameter in StorageClass. (#101082, @jsafrane)
  • Conformance image is now built with Distroless. Users running Conformance testing should rely on container entrypoint instead of manual invocation to /run_e2e.sh or /gorunner, as they are now deprecated and will be removed in 1.25 release. Invoking ginkgo and e2e.test are still supported through overriding entrypoint (docker) or defining container spec.command (kubernetes). (#99178, @wilsonehusin)
  • Default StreamingProxyRedirects to disabled. If there is a >= 2 version skew between master and nodes, and the old nodes were enabling --redirect-container-streaming, this will break them. In this case, the StreamingProxyRedirects can still be manually enabled. (#101647, @pacoxu)
  • Intree volume plugin scaleIO support has been completely removed from Kubernetes. (#101685, @Jiawei0227)
  • Kubeadm: remove the automatic detection and matching of cgroup drivers for Docker. For new clusters if you have not configured the cgroup driver explicitly you might get a failure in the kubelet on driver mismatch (kubeadm clusters should be using the systemd driver). Also remove the IsDockerSystemdCheck preflight check (warning) that checks if the Docker cgroup driver is set to systemd. Ideally such detection / coordination should be on the side of CRI implementers and the kubelet (tracked here). Please see the page on how to configure cgroup drivers with kubeadm manually (#99647, @neolit123)
  • Kubeadm: the flag --cri-socket is no longer allowed in a mixture with the flag --config. Please use the kubeadm configuration for setting the CRI socket for a node using {Init|Join}Configuration.nodeRegistration.criSocket. (#101600, @KofClubs)
  • Newly provisioned PVs by Azure disk will no longer have the beta FailureDomain label. Azure disk volume plugin will start to have GA topology label instead. (#101534, @kassarl)
  • Scheduler's CycleState now embeds internal read/write locking inside its Read() and Write() functions. Meanwhile, Lock() and Unlock() function are removed. Scheduler plugin developers are now required to remove CycleState#Lock() and CycleState#Unlock(). Just simply use Read() and Write() as they're natively thread-safe now. (#101542, @Huang-Wei)
  • The CSIMigrationVSphereComplete feature flag is removed. InTreePluginvSphereUnregister will be the way moving forward. (#101272, @Jiawei0227)
  • The flag --experimental-patches is now deprecated and will be removed in a future release. You can migrate to using the new flag --patches. Add a new field {Init|Join}Configuration.patches.directory that can be used for the same purpose. For init and join it is now recommended that you migrate to configure patches via {Init|Join}Configuration.patches.directory. For the time being, these flags can be mixed with --config, but that might change in the future. On a command line, the last *patches flag takes precedence over previous flags and the value in config. kubeadm upgrade --patches will continue to be the only available option, since upgrade does not support a configuration file yet. (#103063, @neolit123)

Changes by Kind

Deprecation

  • Controller-manager: the following flags have no effect and would be removed in v1.24:

    • --port
    • --address The insecure port flags --port may only be set to 0 now.

    In addtion, please be careful that:

    • controller-manager MUST start with --authorization-kubeconfig and --authentication-kubeconfig correctly set to get authentication/authorization working.
    • liveness/readiness probes to controller-manager MUST use HTTPS now, and the default port has been changed to 10257.
    • Applications that fetch metrics from controller-manager should use a dedicated service account which is allowed to access nonResourceURLs /metrics. (#96216, @knight42) [SIG API Machinery, Cloud Provider, Instrumentation and Testing]
  • Deprecate --record flag in kubectl. The --record flag is being replaced with the mechanism which annotates HTTP requests with kubectl command details. (#102873, @soltysh)

  • E2e.test: removed the --viper-config flag. If you were previously using this to pass flags to e2e.test via a file, you will need to pass them directly on the command line, e.g. e2e.test --e2e-output-dir. (#102598, @dims)

  • For kubeadm: remove the ClusterStatus API from v1beta3 and its management in the kube-system/kubeadm-config ConfigMap. This method of keeping track of what API endpoints exists in the cluster was replaced (in a prior release) by a method to annotate the etcd Pods that kubeadm creates in "stacked etcd" clusters. The following CLI sub-phases are deprecated and are now a NO-OP: for kubeadm join: "control-plane-join/update-status", for kubeadm reset: "update-cluster-status". Unless you are using these phases explicitly, you should not be affected. (#101915, @neolit123)

  • Kubeadm: remove the deprecated --csr-only and --csr-dir flags from kubeadm init phase certs. Deprecate the same flags under kubeadm certs renew. In both the cases the command kubeadm certs generate-csr should be used instead. (#102108, @neolit123)

  • Kubeadm: Remove the deprecated command kubeadm alpha kubeconfig. Please use kubeadm kubeconfig instead. (#101938, @knight42)

  • Kubeadm: Remove the deprecated hyperkube image support in v1beta3. This implies removal of ClusterConfiguration.UseHyperKubeImage. (#101537, @neolit123)

  • Kubeadm: Remove the field ClusterConfiguration.DNS.Type in v1beta3 since CoreDNS is the only supported DNS type. (#101547, @neolit123)

  • Kubeadm: remove the deprecated command kubeadm config view. A replacement for this command is kubectl get cm -n kube-system kubeadm-config -o=jsonpath="{.data.ClusterConfiguration}" (#102071, @neolit123)

  • Kubeadm: remove the deprecated flag '--image-pull-timeout' for 'kubeadm upgrade apply' command (#102093, @SataQiu) [SIG Cluster Lifecycle]

  • Kubeadm: remove the deprecated flag --insecure-port from the kube-apiserver manifest that kubeadm manages. The flag had no effect since 1.20, since the insecure serving of the component was disabled in the same version. (#102121, @pacoxu)

  • Kubeadm: remove the deprecated kubeadm API v1beta1. Introduce a new kubeadm API v1beta3. See kubeadm/v1beta3 for a list of changes since v1beta2. Note that v1beta2 is not yet deprecated, but will be in a future release. (#101129, @neolit123)

  • Newly provisioned PVs by vSphere in-tree plugin will no longer have the beta FailureDomain label. vSphere volume plugin will start to have GA topology label (#102414, @divyenpatel)

  • Removal of the CSI NodePublish path by the kubelet is deprecated. This must be done by the CSI plugin according to the CSI spec. (#101441, @dobsonj)

  • Remove support for the Service topologyKeys field (alpha) and the kube-proxy implementation of it. This field was deprecated several cycles ago. This functionality is replaced by the combination of automatic topology hints per-endpoint (alpha) and the Service internalTrafficPolicy field (alpha). (#102412, @andrewsykim)

  • The PodUnknown phase is now deprecated. (#95286, @SergeyKanzhelev)

  • The storageos, quobyte and flocker storage volume plugins are deprecated and will be removed in a later release. (#101773, @Jiawei0227)

  • The deprecated flag --hard-pod-affinity-symmetric-weight and --scheduler-name have been removed from kube-scheduler. Use ComponentConfig instead to configure those parameters. (#102805, @ahg-g)

  • The feature Dynamic Kubelet Configuration is deprecated and kubelet will report warning when the flag --dynamic-config-dir is used. Feature gate DynamicKubeletConfig is disabled out of the box and needs to be explicitly enabled. (#102966, @SergeyKanzhelev) [SIG Cloud Provider, Instrumentation and Node]

  • The in-tree azure and gcp auth plugins have been deprecated. The https://github.com/Azure/kubelogin and gcloud commands serve as out-of-tree replacements via the kubectl/client-go credential plugin mechanism. (#102181, @enj) [SIG API Machinery and Auth]

  • The ingress v1beta1 has been deprecated. (#102030, @aojea)

API Change

  • A new score extension for NodeResourcesFit plugin that merges the functionality of NodeResourcesLeastAllocated, NodeResourcesMostAllocated, RequestedToCapacityRatio plugins, which are marked as deprecated as of v1beta2. In v1beta1, the three plugins can still be used in v1beta1 but not at the same time with the score extension of NodeResourcesFit. (#101822, @yuzhiquan)

  • A value of Auto is now a valid for the service.kubernetes.io/topology-aware-hints annotation. (#100728, @robscott)

  • Add DataSourceRef alpha field to PVC spec, which allows contents other than PVCs and VolumeSnapshots to be data sources. (#103276, @bswartz)

  • Add PersistentVolumeClaimDeletePoilcy to StatefulSet API. (#99378, @mattcary)

  • Add a new Priority and Fairness rule that exempts all probes (/readyz, /healthz, /livez) to prevent restarting of healthy kube-apiserver instance by kubelet. (#100678, @tkashem)

  • Add alpha support for HostProcess containers on Windows (#99576, @marosset) [SIG API Machinery, Apps, Node, Testing and Windows]

  • Add distributed tracing to the kube-apiserver. It is can be enabled with the feature gate APIServerTracing (#94942, @dashpole)

  • Add three metrics to the job controller to monitor if a job works in healthy condition. IndexedJob has been promoted to Beta. (#101292, @AliceZhang2016)

  • Added field .status.uncountedTerminatedPods to the Job resource. This field is used by the job controller to keep track of finished pods before adding them to the Job status counters. Pods created by the job controller get the finalizer batch.kubernetes.io/job-tracking Jobs that are tracked using this mechanism get the annotation batch.kubernetes.io/job-tracking. This is a temporary measure. Two releases after this feature graduates to beta, the annotation won't be added to Jobs anymore. (#98817, @alculquicondor)

  • Added new kubelet alpha feature SeccompDefault. This feature enables falling back to the RuntimeDefault (former runtime/default) seccomp profile if nothing else is specified in the pod/container SecurityContext or the pod annotation level. To use the feature, enable the feature gate as well as set the kubelet configuration option SeccompDefault (--seccomp-default) to true. (#101943, @saschagrunert) [SIG Node]

  • Adds the ReadWriteOncePod access mode for PersistentVolumes and PersistentVolumeClaims. Restricts volume access to a single pod on a single node. (#102028, @chrishenzie)

  • Alpha swap support can now be enabled on Kubernetes nodes with the NodeSwapEnabled feature flag. See KEP-2400 for details. (#102823, @ehashman)

  • Because of the implementation logic of time.Format in golang, the displayed time zone is not consistent. (#102366, @cndoit18)

  • Corrected the documentation for escaping dollar signs in a container's env, command and args property. (#101916, @MartinKanters) [SIG Apps]

  • Enable MaxSurge for DaemonSet by default. (#101742, @ravisantoshgudimetla)

  • Enforce the ReadWriteOncePod PVC access mode during scheduling (#103082, @chrishenzie)

  • Ephemeral containers are now allowed to configure a securityContext that differs from that of the Pod. Cluster administrators should ensure that security policy controllers support EphemeralContainers before enabling this feature in clusters. (#99023, @verb)

  • Exec plugin authors can override default handling of standard input via new interactiveMode kubeconfig field. (#99310, @ankeesler)

  • If someone had the ProbeTerminationGracePeriod alpha feature enabled in 1.21, they should update/delete any workloads/pods with probe terminationGracePeriods < 1 before upgrading (#103245, @wzshiming)

  • Improved parsing of label selectors (#102188, @alculquicondor) [SIG API Machinery]

  • Introduce minReadySeconds api to the StatefulSets. (#100842, @ravisantoshgudimetla)

  • Introducing Memory quality of service support with cgroups v2 (Alpha). The MemoryQoS feature is now in Alpha. This allows kubelet running with cgroups v2 to set memory QoS at container, pod and QoS level to protect and guarantee better memory quality. This feature can be enabled through feature gate Memory QoS. (#102970, @borgerli)

  • Kube API server accepts Impersonate-Uid header to impersonate a user with a specific UID, in the same way that you can currently use Impersonate-User, Impersonate-Group and Impersonate-Extra. (#99961, @margocrawf)

  • Kube-apiserver: --service-account-issuer can be specified multiple times now, to enable non-disruptive change of issuer. (#101155, @zshihang) [SIG API Machinery, Auth, Node and Testing]

  • Kube-controller-manager: the --horizontal-pod-autoscaler-use-rest-clients flag and Heapster support in the horizontal pod autoscaler, deprecated since 1.12, is removed. (#90368, @serathius)

  • Kube-scheduler: a plugin enabled in a v1beta2 configuration file takes precedence over the default configuration for that plugin. This simplifies enabling default plugins with custom configuration without needing to explicitly disable those default plugins. (#99582, @chendave)

  • New node-high priority-level has been added to Suggested API Priority and Fairness configuration.(#101151, @mborsz)

  • NodeSwapEnabled feature flag was renamed to NodeSwap

    The flag was only available in the 1.22.0-beta.1 release, and the new flag should be used going forward. (#103553, @ehashman) [SIG Node]

  • Omit comparison with boolean constant (#101523, @chuntaochen) [SIG CLI and Cloud Provider]

  • Removed the feature flag for probe-level termination grace period from Kubelet. If a user wants to disable this feature on already created pods, they will have to delete and recreate the pods. (#103168, @raisaat) [SIG Apps and Node]

  • Revert addition of Add PersistentVolumeClaimDeletePoilcy to StatefulSetAPI. (#103747, @mattcary)

  • Scheduler could be configured to consider new resources beside CPU and memory, GPU for example, for the score plugin of NodeResourcesBalancedAllocation. (#101946, @chendave) [SIG Scheduling]

  • Server Side Apply now treats all Selector fields as atomic (meaning the entire selector is managed by a single writer and updated together), since they contain interrelated and inseparable fields that do not merge in intuitive ways. (#97989, @Danil-Grigorev) [SIG API Machinery]

  • Suspend Job feature graduated to beta. Added the action label to Job controller sync metrics job_sync_total and job_sync_duration_seconds. (#102022, @adtac)

  • The API documentation for the DaemonSet's spec.updateStrategy.rollingUpdate.maxUnavailable field was corrected to state that the value is rounded up. (#101296, @Miciah)

  • The CSIServiceAccountToken graduates to Ga and is unconditionally enabled. (#103001, @zshihang)

  • The CertificateSigningRequest.certificates.k8s.io API supports an optional expirationSeconds field to allow the client to request a particular duration for the issued certificate. The default signer implementations provided by the Kubernetes controller manager will honor this field as long as it does not exceed the --cluster-signing-duration flag. (#99494, @enj)

  • The EndpointSlicen Mirroring controller no longer mirrors the last-applied-configuration annotation created by kubectl to update EndpointSlices. (#102731, @sharmarajdaksh)

  • The NetworkPolicyEndPort is graduated to beta and is enabled by default. (#102834, @rikatz)

  • The PodDeletionCost feature has been promoted to beta, and enabled by default. (#101080, @ahg-g)

  • The Server Side Apply treats certain structs as atomic. Meaning the entire selector field is managed by a single writer and updated together. (#100684, @Jefftree)

  • The ServiceAppProtocol feature gate has been removed. It reached GA in Kubernetes (#103190, @robscott)

  • The TerminationGracePeriodSeconds on pod specs and container probes should not be negative. Negative values of TerminationGracePeriodSeconds will be treated as the value 1s on the delete path. Immutable field validation will be relaxed in order to update negative values. In a future release, negative values will not be permitted. (#98866, @wzshiming)

  • The kube-scheduler component config v1beta2 API available Three scheduler plugins deprecated (NodeLabel, ServiceAffinity, NodePreferAvoidPods). (#99597, @adtac)

  • The pod/eviction subresource now accepts policy/v1 eviction requests in addition to policy/v1beta1 eviction requests (#100724, @liggitt)

  • The podAffinity, NamespaceSelector and the associated CrossNamespaceAffinity quota scope features graduate to Beta and they are now enabled by default. (#101496, @ahg-g)

  • The pods/ephemeralcontainers API now returns and expects a Pod object instead of EphemeralContainers. This is incompatible with the previous alpha-level API. (#101034, @verb) [SIG Apps, Auth, CLI and Testing]

  • The v1.Node and .status.images[].names are now optional. (#102159, @roycaihw)

  • The deprecated flag --algorithm-provider has been removed from kube-scheduler. Use instead ComponentConfig to configure the set of enabled plugins. (#102239, @Haleygo)

  • The options --ssh-user and --ssh-key are removed. They only functioned on GCE, and only in-tree. Use the apiserver network proxy instead. (#102297, @deads2k)

  • Track Job completion through status and Pod finalizers, removing dependency on Pod tombstones. (#98238, @alculquicondor) [SIG API Machinery, Apps, Auth and Testing]

  • Track ownership of scale subresource for all scalable resources i.e. Deployment, ReplicaSet, StatefulSet, ReplicationController, and Custom Resources. (#98377, @nodo) [SIG API Machinery and Testing]

Feature

  • A system-cluster-critical pod should not get a low OOM Score.

    As of now both system-node-critical and system-cluster-critical pods have -997 OOM score, making them one of the last processes to be OOMKilled. By definition system-cluster-critical pods can be scheduled elsewhere if there is a resource crunch on the node where as system-node-critical pods cannot be rescheduled. This was the reason for system-node-critical to have higher priority value than system-cluster-critical. This change allows only system-node-critical priority class to have low OOMScore.

    action required If the user wants to have the pod to be OOMKilled last and the pod has system-cluster-critical priority class, it has to be changed to system-node-critical priority class to preserve the existing behavior (#99729, @ravisantoshgudimetla)

  • API Server tracing can now trace re-entrant api requests. (#103218, @dashpole) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle and Instrumentation]

  • APIServerTracing now collects spans from etcd client calls, and propagates context to etcd. (#103216, @dashpole) [SIG API Machinery, Cloud Provider and Instrumentation]

  • APIServerTracing now collects spans from outgoing requests to admission webhooks. (#103601, @dashpole) [SIG API Machinery]

  • Add a namespace label for all apiserver_admission_* metrics. Expand the histogram range to 0-10s for all apiserver_admission_*_duration_seconds metrics. (#101208, @voutcn)

  • Add unified map on CRI to support cgroup v2. Refer to https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#unified. (#102578, @payall4u)

  • Added BinaryData description to kubectl describe command. (#100568, @lauchokyip)

  • Added a new metric apiserver_flowcontrol_request_concurrency_in_use that shows the number of seats (concurrency) occupied by the currently executing requests in the API Priority and Fairness system. (#102795, @tkashem)

  • Added field-selector option for kubectl top pod (#102155, @lauchokyip) [SIG CLI]

  • Added new metrics about API Priority and Fairness. Each one has a label priority_level. The last two also have a label bound taking values min and `max.

    • apiserver_flowcontrol_current_r: R(the time of the last change in state of the queues)
    • apiserver_flowcontrol_dispatch_r: R(the time of the latest request dispatch)
    • apiserver_flowcontrol_latest_s: S(the request last dispatched) = R(when that request starts executing in the virtual world)
    • apiserver_flowcontrol_next_s_bounds: min and max next S among non-empty queues
    • apiserver_flowcontrol_next_discounted_s_bounds: min and max next S - (sum [over requests executing] width * estimatedDuration) among non-empty queues (#102859, @MikeSpreitzer) [SIG API Machinery and Instrumentation]
  • Adding --restart-kubelet flag on E2E Node test suite (#97028, @knabben) [SIG Node and Testing]

  • Adds feature gate KubeletInUserNamespace which enables support for running kubelet in a user namespace.

    The user namespace has to be created before running kubelet. All the node components such as CRI need to be running in the same user namespace.

    When the feature gate is enabled, kubelet ignores errors that happens during setting the following sysctl values: vm.overcommit_memory, vm.panic_on_oom, kernel.panic, kernel.panic_on_oops, kernel.keys.root_maxkeys, kernel.keys.root_maxbytes. (These sysctl values for the host, not for the containers)

    kubelet also ignores an error during opening /dev/kmsg. This feature gate also allows kube-proxy to ignore an error during setting RLIMIT_NOFILE.

    This feature gate is especially useful for running Kubernetes inside Rootless Docker/Podman with kind or minikube. (#92863, @AkihiroSuda) [SIG Network, Node and Testing]

  • Adds metrics for the delegated authenticator used by extension APIs that delegate authentication logic to the Kube API server. (#99364, @p0lyn0mial)

  • Adds metrics for the delegated authorizer used by extension APIs that delegate authorization logic to the Kube API server. (#100339, @p0lyn0mial)

  • Adds two kubemark flags, --max-pods and --extended-resources. (#100267, @Jeffwan)

  • An audit log entry will be generated when a ValidatingAdmissionWebhook is failing to open. (#92739, @cnphil)

  • Base images: Updated to

  • Base-images: Update to debian-base:buster-v1.7.1 (#102594, @mengjiao-liu)

  • Deprecated warning message for igonre-errors flag. (#102677, @yuzhiquan)

  • Endpoints that have more than 1000 endpoints will be truncated and the endpoints.kubernetes.io/over-capacity annotation on the Endpoints resource will be set to truncated. (#103520, @swetharepakula) [SIG Apps and Network]

  • Expose /debug/flags/v to allow dynamically setting log level for kube-proxy. (#98306, @borgerli) [SIG Network]

  • Expose container start time as container_start_time_seconds in the kubelet /metrics/resource endpoint. (#102444, @sanwishe)

  • Extended resources defined in LeastAllocated, MostAllocated and RequestedToCapacityRatio plugin argument are bypassed by the scheduler if the incoming Pod doesn't request them in the pod spec. (#103169, @Huang-Wei)

  • Feat: change parittion style to GPT on Windows (#101412, @andyzhangx) [SIG Storage and Windows]

  • Features gates EndpointSliceProxying & WindowsEndpointSliceProxying graduates to GA and are unconditionally enabled. Kube-proxy will use EndpointSlices for endpoint information. (#103451, @swetharepakula)

  • Fluentd: isolate logging resources in separate namespace logging (#68004, @saravanan30erd)

  • For kubeadm: add --validity-period flag for kubeadm kubeconfig user command. (#100907, @SataQiu)

  • Implement minReadySeconds for the StatefulSets. (#101316, @ravisantoshgudimetla)

  • Improve logging of APIService availability changes in kube-apiserver. (#101420, @sttts)

  • Introduce a feature gate DisableCloudProviders allowing to disable cloud-provider initialization in KAPI, KCM and kubelet. DisableCloudProviders FeatureGate is currently in Alpha, which means is currently disabled by default. Once the FeatureGate moves to beta, in-tree cloud providers would be disabled by default, and a user won't be able to specify --cloud-provider=<aws|openstack|azure|gcp|vsphere> anymore to any of KCM, KAPI or kubelet. Only a '--cloud-provider=external' would be allowed. CCM would have to run out-of-tree with CSI. (#100136, @Danil-Grigorev)

  • JSON logging format is no longer available by default in non-core Kubernetes Components and require owners to opt in. (#102869, @mengjiao-liu) [SIG API Machinery, Cluster Lifecycle and Instrumentation]

  • Kube-apiserver: the alpha PodSecurity feature can be enabled by passing --feature-gates=PodSecurity=true, and enables controlling allowed pods using namespace labels. See https://git.k8s.io/enhancements/keps/sig-auth/2579-psp-replacement for more details. (#103099, @liggitt) [SIG API Machinery, Auth, Instrumentation, Release, Security and Testing]

  • Kube-proxy uses V1 EndpointSlices. (#103306, @swetharepakula)

  • Kubeadm: Add the RootlessControlPlane kubeadm specific feature gate (Alpha in 1.22, disabled by default). It can be used to enable an experimental feature that makes the control plane component static Pod containers for kube-apiserver, kube-controller-manager, kube-scheduler and etcd to run as a non-root users. (#102158, @vinayakankugoyal)

  • Kubeadm: Set the seccompProfile to runtime/default in the PodSecurityContext of the control-plane components that run as static Pods. (#100234, @vinayakankugoyal)

  • Kubeadm: add a new field skipPhases to v1beta3 InitConfiguration and JoinConfiguration that can contain a list of phases to skip during "kubeadm init" and "kubeadm join". The flag "--skip-phases" takes precedence over this field. (#101923, @neolit123)

  • Kubeadm: add the --dry-run flag to the control-plane phase of "kubeadm init". (#102722, @vinayakankugoyal)

  • Kubeadm: add the imagePullPolicy field in the nodeRegistration section of InitConfiguration and JoinConfiguration in v1beta3. This allows the user to specify the image pull policy during "kubeadm init" and "kubeadm join". The value of this field must be one of Always, IfNotPresent or Never. The default behavior continues to be IfNotPresent. (#102901, @wangyysde)

  • Kubeadm: during "kubeadm init/join/upgrade", always default the cgroupDriver value in the KubeletConfiguration to systemd, unless the user was explicit about the value. See configure-cgroup-driver for more details. (#102133, @pacoxu)

  • Kubeadm: update CoreDNS to 1.8.4. Grant CoreDNS permissions to "list" and "watch" EndpointSlice objects to accommodate dual-stack support. (#102466, @pacoxu)

  • Kubectl: add LAST RESTART column to kubectl get pods output. (#100142, @Ethyling)

  • Kubemark's hollow-node will now print flags before starting. (#101181, @mm4tt)

  • Kubernetes is now built with Golang 1.16.3 (#101206, @justaugustus) [SIG Cloud Provider, Instrumentation, Release and Testing]

  • Kubernetes is now built with Golang 1.16.4 (#101809, @justaugustus) [SIG Cloud Provider, Instrumentation, Release and Testing]

  • Kubernetes is now built with Golang 1.16.5. (#102689, @cpanato)

  • Kubernetes is now built with Golang 1.16.6 (#103669, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]

  • Leader Migration for controller managers graduated to beta. (#103533, @jiahuif) [SIG API Machinery and Cloud Provider]

  • Make kubectl command headers default for beta. (#103238, @seans3) [SIG CLI]

  • Mark net.ipv4.ip_unprivileged_port_start as safe sysctl. (#103326, @pacoxu)

  • Metrics server nanny has now poll period set to 30s (previously 5 minutes) to allow faster scaling of metrics server. (#101869, @olagacek) [SIG Cloud Provider and Instrumentation]

  • NetworkPolicy validation framework support for windows. (#98077, @jayunit100)

  • New feature gate ExpandedDNSConfig is now available. This feature allows Kubernetes to have expanded DNS configuration. (#100651, @gjkim42)

  • New metrics: apiserver_kube_aggregator_x509_missing_san_total and apiserver_webhooks_x509_missing_san_total. This metric measures a number of connections to webhooks/aggregated API servers that use certificates without Subject Alternative Names. It being non-zero is a warning sign that these connections will stop functioning in the future since Golang is going to deprecate x509 certificate subject Common Names for server hostname verification. (#95396, @stlaz) [SIG API Machinery, Auth and Instrumentation]

  • Node Problem Detector is now available for GCE Windows nodes. (#101539, @jeremyje) [SIG Cloud Provider, Node and Windows]

  • Promote Cronjobs storage version to batch/v1. (#102363, @mengjiao-liu)

  • Promote CronJobControllerV2 flag to GA, with removal in 1.23. (#102529, @soltysh)

  • Promote EndpointSliceTerminatingCondition to Beta. This enables the terminating and serving conditions for EndpointSlice by default. (#103596, @andrewsykim)

  • Run etcd as non-root on GCE provider (#100635, @cindy52)

  • Scheduler nows provides an option for plugin developers to move Pods to activeQ. (#103383, @Huang-Wei)

  • Secret values are now masked by default in kubectl diff output. (#96084, @loozhengyuan)

  • Services with externalTrafficPolicy: Local now support graceful termination when using the iptables or ipvs mode of kube-proxy with EndpointSlices enabled. Specifically, if a connection for such a service arrives on a node when there are no "Ready" endpoints for the service, but there is at least one Terminating pod for that service on the node, then kube-proxy will send the traffic to the Terminating pod rather than dropping it. This patches up a race condition between when a pod is killed and when the external load balancer notices that it has been killed. (#97238, @andrewsykim)

  • Shell completion has been migrated to Cobra's go solution. kubectl is now smarter about disabling file completion when it does not apply. Furthermore, completion for the cp command does not show all files unless the user has started typing something. (#96087, @marckhouzam) [SIG CLI]

  • Some of the in-tree storage drivers indicate support for the MetricsProvider interface, but fail to configure this for BlockMode volumes. With a recent change, Kubelet will call GetMetrics() for BlockMode volumes, and the in-tree drivers that miss the support cause a Go panic. Now the in-tree storage drivers that support BlockMode volumes, will return the Capacity of the volume in the GetMetrics() call. (#101587, @nixpanic)

  • Support FakeClientset match subresource. (#100939, @wzshiming)

  • The "Leader Migration" now support a wildcard component name and the default value. (#102711, @jiahuif)

  • The CSI driver supports the NodeServiceCapability VOLUME_MOUNT_GROUP and the DelegateFSGroupToCSIDriver feature gate is enabled, kubelet will delegate applying FSGroup to the driver by passing it to NodeStageVolume and NodePublishVolume, regardless of what other FSGroup policies are set, this is an alpha feature. (#103244, @verult)

  • The Memory Manager feature graduates to Beta and it is enabled by default. (#101947, @cynepco3hahue)

  • The BoundServiceAccountTokenVolume graduates to GA and thus will be unconditionally enabled. The feature gate is going to be removed in 1.23. (#101992, @zshihang)

  • The EmptyDir memory backed volumes are sized as the minimum of pod allocatable memory on a host and an optional explicit user provided value. (#101048, @dims)

  • The HugePageStorageMediumSize feature graduates to GA and unconditionally enabled. Allowing unconditional usage of multiple sizes huge page resources on a container level. (#99144, @bart0sh)

  • The IngressClassNamespacedParams feature gate has graduated to beta and is enabled by default. This means IngressClass resource will now have two new fields - spec.paramters.namespace and spec.parameters.scope. (#101711, @hbagdi)

  • The LogarithmicScaleDown feature graduates to Beta and enabled by default. (#101767, @damemi)

  • The NamespaceDefaultLabelName is promoted to GA in this release. All Namespace API objects have a kubernetes.io/metadata.name label matching their metadata.name field to allow selecting any namespace by its name using a label selector. (#101342, @rosenhouse)

  • The ServiceInternalTrafficPolicy feature graduates to Beta and enable by default, which enables the internalTrafficPolicy field of Service by default. (#103462, @andrewsykim)

  • The ServiceLBNodePortControl graduates to Beta and is enabled by default. (#100412, @hanlins)

  • The SetHostnameAsFQDN graduates to GA and thus will be unconditionally disabled. (#101294, @javidiaz)

  • The WarningHeader feature is now GA and is unconditionally enabled. The apiserver_requested_deprecated_apis metric has graduated to stable status. The WarningHeader feature-gate is no longer operative and will be removed in v1.24. (#100754, @liggitt) [SIG API Machinery, Instrumentation and Testing]

  • The kubectl debug is able to create ephemeral containers in pre-1.22 clusters with the EphemeralContainers feature enabled. Note that versions of kubectl prior to 1.22 are unable to create ephemeral containers in clusters version 1.22 and greater due to an API change. (#103292, @verb)

  • The client-go credential plugins are now GA and are enabled by default. (#102890, @ankeesler)

  • The feature gate SSA graduated to GA in v1.22 and therefore is unconditionally enabled. (#100139, @Jefftree)

  • The job controller removes running pods when the number of completions is achieved. (#99963, @alculquicondor)

  • The kubeconfig is now exposed in the kube-scheduler framework handle. Out-of-tree plugins can leverage that to build CRD informers easily. (#100644, @Huang-Wei)

  • The new flag --chunk-size=SIZE for kubectl drain has been promoted to beta, and enabled by default. This flag may be used to alter the number of items or disable this feature when 0 is passed. (#100148, @KnVerey)

  • The new flag --chunk-size=SIZE has been added to kubectl describe. This flag may be used to alter the number of items or disable this feature when 0 is passed. (#101171, @KnVerey)

  • The pod resource API will provide memory manager metrics in the case when the memory manager feature gate is enabled, and the memory manager policy is static. (#101030, @cynepco3hahue)

  • The prefer nominated node graduates to Beta and enabld by default. (#102201, @chendave)

  • Update etcd version to 3.5.0-beta.3. (#102062, @serathius)

  • Update the Debian images to pick up CVE fixes in the base images:

    • Update the debian-base image to v1.7.0
    • Update the debian-iptables image to v1.6.1 (#102302, @xmudrii)
  • Update the setcap image to buster-v2.0.1. (#102377, @xmudrii)

  • Update the system-validators library to v1.5.0. Includes validation for seccomp and fixes a stdout/stderr problem in the Docker validator. (#103390, @ironyman)

  • Updates the following images to pick up CVE fixes:

    • debian to v1.8.0
    • debian-iptables to v1.6.5
    • setcap to v2.0.3 (#103235, @thejoycekung) [SIG API Machinery, Release and Testing]
  • Warnings for the use of deprecated and known-bad values in pod specs are now sent. (#101688, @liggitt)

  • Watch requests are now handled throttled by priority and fairness filter in kube-apiserver. (#102171, @wojtek-t)

  • You can use this Builder function to create events Field Selector (#101817, @cndoit18) [SIG API Machinery and Scalability]

  • Scheduler now registers event handlers dynamically. (#101394, @Huang-Wei)

  • kubectl: Enable using protocol buffers to request Metrics API. (#102039, @serathius)

Documentation

  • The commandkubectl debug will now print a warning message when using the --target option since many container runtimes do not support this yet. (#101074, @verb)

Failing Test

  • Fixed generic ephemeal volumes with OwnerReferencesPermissionEnforcement admission plugin enabled. (#101186, @jsafrane)
  • Fixes kubectl drain --dry-run=server. (#100206, @KnVerey)
  • Fixes an overly restrictive conformance test to accept service account tokens signed by an ECDSA key (#100680, @smira) [SIG Architecture, Auth and Testing]
  • Fixes the should receive events on concurrent watches in same order conformance test to work properly on clusters that auto-create additional configmaps in namespaces. (#101950, @liggitt)
  • Resolves an issue with the "ServiceAccountIssuerDiscovery should support OIDC discovery" conformance test failing on clusters which are configured with issuers outside the cluster (#101589, @mtaufen) [SIG Auth and Testing]

Bug or Regression

  • Added jitter factor to lease controller that better smears load on kube-apiserver over time. (#101652, @marseel) [SIG API Machinery and Scalability]

  • Added privileges for EndpointSlice to the default view & edit RBAC roles. (#101203, @mtougeron)

  • After DBus restarts, make GracefulNodeShutdown work again (#100369, @wzshiming)

  • Aggregate errors when putting vmss. (#98350, @nilo19)

  • Aggregate write permissions on events to users with edit and admin role. (#102858, @tumido)

  • Aggregated roles no longer include write access to EndpointSlices. This rolls back part of a change that was introduced earlier in the Kubernetes 1.22 cycle. (#103703, @robscott)

  • Applying fix for not deleting existing public IP when a service is deleted in Azure. (#100694, @nilo19)

  • Applying fix for not tagging static public IP. (#101752, @nilo19)

  • Applying fix so that deleting non-existing disk returns success. (#102083, @andyzhangx)

  • Applying fix: cleanup outdated routes. (#102935, @nilo19)

  • Avoid caching the Azure VMSS instances whose network profile is nil (#100948, @feiskyer) [SIG Cloud Provider]

  • Azure: Avoid setting cached Sku when updating VMSS and VMSS instances. (#102005, @feiskyer)

  • Azurefile: Normalize share name to not include the capital letters (#100731, @kassarl)

  • Chain the field manager creation calls in newDefaultFieldManager to be explicit about the order of operations. (#101076, @kevindelgado)

  • Disruption controller shouldn't error while syncing for unmanaged pods. (#103414, @ravisantoshgudimetla) [SIG Apps and Testing]

  • Ensure service is deleted when the Azure resource group has been deleted. (#100944, @feiskyer)

  • Ensures ExecProbeTimeout=false kubelet feature gate with dockershim is taken into account, when the exec probe takes longer than timeoutSeconds configuration. (#100200, @jackfrancis)

  • Expose rest_client_rate_limiter_duration_seconds metric to component-base to track client side rate limiter latency in seconds. Broken down by verb and URL. (#100311, @IonutBajescu) [SIG API Machinery, Cluster Lifecycle and Instrumentation]

  • Fire an event when failing to open NodePort. (#100599, @masap)

  • Fix Azure node public IP fetching issues from instance metadata service when the node is part of standard load balancer backend pool. (#100690, @feiskyer) [SIG Cloud Provider]

  • Fix EndpointSlice describe panic when an Endpoint doesn't have zone. (#101025, @tnqn)

  • Fix kubectl set env or resources not working for initcontainers. (#101669, @carlory)

  • Fix kubectl alpha debug node does not work on tainted(NoExecute) nodes and tolerate everything. (#98431, @wawa0210)

  • Fix a bug on the endpointslicemirroring controller where endpoint NotReadyAddresses were mirrored as Ready to the corresponding EndpointSlice. (#102683, @aojea)

  • Fix a bug that a preemptor pod may exist as a phantom in the scheduler. (#102498, @Huang-Wei)

  • Fix a number of race conditions in the kubelet when pods are starting up or shutting down that might cause pods to take a long time to shut down. (#102344, @smarterclayton) [SIG Apps, Node, Storage and Testing]

  • Fix an issue with kubectl on certain older version of Windows or when legacy console mode is enabled on Windows 8 which causes kubectl exec to crash. (#102825, @n4j)

  • Fix availability set cache in vmss cache (#100110, @CecileRobertMichon) [SIG Cloud Provider]

  • Fix how nulls are handled in array and objects in json patches. (#102467, @pacoxu)

  • Fix panic when kubectl create ingress has annotation flag and an empty value set. (#101377, @rikatz)

  • Fix performance regression for update and apply operations on large CRDs. (#103318, @jpbetz) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage]

  • Fix raw block mode CSI NodePublishVolume stage miss pod info. (#99069, @phantooom)

  • Fix resource enforcement when using systemd cgroup driver (#102147, @kolyshkin)

  • Fix rounding of volume storage requests. (#100100, @maxlaverse)

  • Fix runtime container status for PostStart hook error. (#100608, @pacoxu)

  • Fix scoring for NodeResourcesMostAllocated and NodeResourcesBalancedAllocation plugins when nodes have containers with no requests. This was leaving to under-utilization of small nodes. (#102925, @alculquicondor)

  • Fix the code is leaking the defaulting between unrelated pod instances. (#103284, @kebe7jun) [SIG CLI]

  • Fix winkernel kube-proxy to only use dual stack when host and networking supports it (#101047, @jsturtevant) [SIG Network and Windows]

  • Fix: Azure file inline volume namespace issue in CSI migration translation (#101235, @andyzhangx)

  • Fix: Bug in kube-proxy latency metrics to calculate only the latency value for the Endpoints that are created after it starts running. This is needed because all the Endpoints objects are processed on restarts, independently when they were. (#100861, @aojea)

  • Fix: avoid nil-pointer panic when checking the frontend IP configuration (#101739, @nilo19) [SIG Cloud Provider]

  • Fix: display of Job completion mode in kubectl describe. (#101160, @alculquicondor)

  • Fix: return empty VMAS name if using standalone VM (#103470, @nilo19) [SIG Cloud Provider]

  • Fix: set "host is down" as corrupted mount. When SMB server is down, there is no way to terminate pod which is using SMB mount, would get an error. (#101398, @andyzhangx)

  • Fix: using NVMe AWS EBS volumes partitions. (#100500, @jsafrane)

  • Fixed 'kubelet' runtime panic for timed-out portforward streams. (#102489, @saschagrunert)

  • Fixed SELinux relabeling of CSI volumes after CSI driver failure. (#103154, @jsafrane) [SIG Node and Storage]

  • Fixed garbage collection of dangling VolumeAttachments for PersistentVolumes migrated to CSI on startup of kube-controller-manager. (#102176, @timebertt)

  • Fixed port-forward memory leak for long-running and heavily used connections. (#99839, @saschagrunert)

  • Fixed a bug due to which the controller was not populating the lastSuccessfulTime field added to cronjob.status in batch/v1. (#102642, @alaypatel07)

  • Fixed a bug that kubectl create configmap always returns zero exit code when failed. (#101780, @nak3) [SIG CLI]

  • Fixed a bug that scheduler extenders are not called on preemptions. (#103019, @ordovicia)

  • Fixed a bug where startupProbe stopped working after a container's first restart. (#101093, @wzshiming)

  • Fixed an issue blocking azure auth to prompt to device code authentication flow when refresh token expires. (#102063, @tdihp)

  • Fixed false-positive uncertain volume attachments, which led to unexpected detachment of CSI migrated volumes (#101737, @Jiawei0227) [SIG Apps and Storage]

  • Fixed mounting of NFS volumes when IPv6 address is used as a server. (#101067, @Elbehery) [SIG Storage]

  • Fixed starting new pods after previous pod timed out unmounting its volumes. (#100183, @jsafrane)

  • Fixed very rare volume corruption when a pod is deleted while kubelet is offline. (#102059, @jsafrane)

  • Fixes a data race issue in the priority and fairness API server filter. (#100638, @tkashem)

  • Fixes issue with websocket-based watches of Service objects not closing correctly on timeout. (#102539, @liggitt)

  • For kubeadm: support for custom imagetags for etcd images which contain build metadata, when imagetags are in the form of version_metadata. For instance, if the etcd version is v3.4.13+patch.0, the supported imagetag would be v3.4.13_patch.0 (#100350, @jr0d)

  • For vSphere: fix regression during attach disk if datastore is within a storage folder or datastore cluster. (#102892, @gnufied)

  • GCE Windows clusters have their TCP/IP parameters are set to GCE's recommended values. (#103057, @jeremyje) [SIG Cloud Provider and Windows]

  • GCE Windows will no longer install Docker on containerd nodes. (#101747, @jeremyje) [SIG Cloud Provider and Windows]

  • Generated OpenAPI now correctly specifies 201 as a possible response code for PATCH operations. (#100141, @brendandburns)

  • Graceful termination will now be honored when deleting a collection of pods. (#100101, @deads2k)

  • If kube-proxy mode is userspace do not enable EndpointSlices. (#100913, @JornShen)

  • Kubeadm: allow passing the flag --log-file if --config is passed. If you wish to log to a file you must also pass --logtostderr=false or --alsologtostderr=true. Alternatively you can pipe to a file using "kubeadm ... | tee ...". (#101449, @CaoDonghui123)

  • Kubeadm: enable --experimental-patches flag for kubeadm join phase control-plane-join all command. (#101110, @SataQiu)

  • Kubeadm: fix a bug where kubeadm join for control plane nodes would download certificates and keys from the cluster, but would not write publicly readable certificates and public keys with mode 0644 and instead use mode 0600. (#103313, @neolit123)

  • Kubeadm: fix the bug that kubeadm only uses the first hash in caCertHashes to verify the root CA. (#101977, @SataQiu)

  • Kubeadm: remove the "ephemeral_storage" request from the etcd static pod that kubeadm deploys on stacked etcd control plane nodes. This request has caused sporadic failures on some setups due to a problem in the kubelet with cadvisor and the LocalStorageCapacityIsolation feature gate. See this issue for more details: #99305 (#102673, @jackfrancis) [SIG Cluster Lifecycle]

  • Kubeadm: when using a custom image repository for CoreDNS kubeadm now will append the coredns image name instead of coredns/coredns, thus restoring the behaviour existing before the v1.21 release. Users who rely on nested folder for the coredns image should set the clusterConfiguration.dns.imageRepository value including the nested path name (e.g using registry.company.xyz/coredns will force kubeadm to use registry.company.xyz/coredns/coredns image). No action is needed if using the default registry (k8s.gcr.io). (#102502, @ykakarap)

  • Kubelet: improve the performance when waiting for a synchronization of the node list with the kube-apiserver. (#99336, @neolit123)

  • Kubelet: the returned value for PodIPs is the same in the Downward API and in the pod.status.PodIPs field (#103307, @aojea)

  • Limit vSphere volume name to 63 characters long. (#100404, @gnufied)

  • Logging for GCE Windows clusters will be more accurate and complete when using Fluent bit. (#101271, @jeremyje)

  • Metrics Server will use Addon Manager 1.8.3 (#103541, @jbartosik) [SIG Cloud Provider and Instrumentation]

  • Output for kubectl describe podsecuritypolicy is now kind specific and cleaner (#101436, @KnVerey)

  • Parsing of cpuset information now properly detects more invalid input such as 1--3 or 10-6. (#100565, @lack)

  • Pods that are known to the kubelet to have previously been Running should not revert to Pending state, the kubelet will now infer a termination. (#102821, @ehashman)

  • Prevent Kubelet stuck in DiskPressure when imagefs.minReclaim is set (#99095, @maxlaverse)

  • Reduces delay initializing on non-AWS platforms docker runtime. (#93260, @nckturner) [SIG Cloud Provider]

  • Register/Deregister Targets in chunks for AWS TargetGroup (#101592, @M00nF1sh) [SIG Cloud Provider]

  • Removed /sbin/apparmor_parser requirement for the AppArmor host validation. This allows using AppArmor on distributions which ship the binary in a different path. (#97968, @saschagrunert) [SIG Node and Testing]

  • Renames the timeout field for the DelegatingAuthenticationOptions to TokenRequestTimeout and set the timeout only for the token review client. Previously the timeout was also applied to watches making them reconnecting every 10 seconds. (#100959, @p0lyn0mial)

  • Reorganized iptables rules to reduce rules in KUBE-SERVICES and KUBE-NODEPORTS. (#96959, @tssurya)

  • Respect annotation size limit for server-side apply updates to the client-side apply annotation. Also, fix opt-out of this behavior by setting the client-side apply annotation to the empty string. (#102105, @julianvmodesto) [SIG API Machinery]

  • Retry FibreChannel devices cleanup after error to ensure FibreChannel device is detached before it can be used on another node. (#101862, @jsafrane)

  • Support correct sorting for cpu, memory, storage, ephemeral-storage, hugepages, and attachable-volumes. (#100435, @lauchokyip)

  • Switch scheduler to generate the merge patch on pod status instead of the full pod (#103133, @marwanad) [SIG Scheduling]

  • The EndpointSlice IP validation now matches Endpoints IP validation. (#101084, @robscott)

  • The kube-apiserver now reports the synthetic verb when logging requests, better explaining the user intent and matching what is reported in the metrics. (#102934, @lavalamp)

  • The kube-controller-manager' sets the upper-bound timeout limit for outgoing requests to 70s. Previously (#99358, @p0lyn0mial)

  • The kube-proxy log now shows the "Skipping topology aware endpoint filtering since no hints were provided for zone" warning under the right conditions. (#101857, @dervoeti)

  • The kubectl create service now respects the namespace flag. (#101005, @zxh326)

  • The kubectl get now truncates multi-line strings to avoid breaking printing (#103514, @soltysh)

  • The kubectl wait --for=delete command now ignores the not found error correctly. (#96702, @lingsamuel)

  • The kubelet now reports distinguishes log messages about certificate rotation for its client cert and server cert separately to make debugging problems with one or the other easier. (#101252, @smarterclayton)

  • The serviceOwnsFrontendIP shouldn't report error when the public IP doesn't match. (#102516, @nilo19)

  • The system:aggregate-to-edit role no longer includes write access to the Endpoints API. For new Kubernetes 1.22 clusters, the edit and admin roles will no longer include that access in newly created Kubernetes 1.22 clusters. This will have no affect on existing clusters upgrading to Kubernetes 1.22. To retain write access to Endpoints in the aggregated edit and admin roles for newly created 1.22 clusters, refer to kubernetes/website#29025. (#103704, @robscott) [SIG Auth and Network]

  • The conformance tests:

    • Services should serve multiport endpoints from pods
    • Services should serve a basic endpoint from pods were only validating the API objects, not performing any validation on the actual Services implementation. Those tests now validate that the Services under test are able to forward traffic to the endpoints. (#101709, @aojea) [SIG Network and Testing]
  • The current behavior for Services that IPFamilyPolicy set as PreferDualstack. The current behavior when the cluster is upgraded to dual-stack is:

    • Services that have been set to IPFamilyPolicy = PreferDualstack will be upgraded when the service object is updated. e.g., when a user change a label.

    This behavior will change to:

    • Services that have been set IPFamilyPolicy = PreferDualstack will not be upgraded when the service object is updated. User can still change policy, type etc and existing behaviors remain the same. (#102898, @khenidak) [SIG Network and Testing]
  • The reason and message fields for pod status are no longer reset unless the phase also changes. (#103785, @smarterclayton) [SIG Node]

  • Treat VSphere "File (vmdk path here) was not found" errors as success during volume deletion (#92372, @breunigs) [SIG Cloud Provider and Storage]

  • Update kube-proxy base image debian-iptables to v1.6.2 to pickup documentation \n"- debian-iptables: select nft mode if ntf lines > legacy lines, matching iptables-wrappers" (#102590, @BenTheElder)

  • Update klog v2.9.0. (#102332, @pacoxu)

  • Updated the Graceful Node Shutdown Pod termination reason and message. Updated the Graceful Node Shutdown Pod rejection reason and message. (#102840, @Kissy)

  • Updates dependency sigs.k8s.io/structured-merge-diff to v4.1.1. (#100784, @kevindelgado)

  • Updates hostprocess tests to specify user. (#102965, @jsturtevant)

  • Upgrades functionality of kubectl kustomize as described at https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.2.0 (#103419, @natasha41575) [SIG CLI]

  • Upgrades functionality of kubectl kustomize as described at kustomize/v4.1.2 (#101120, @monopole)

  • Upgrading etcd: kubeadm upgrade etcd to 3.4.13-3 (#100612, @pacoxu)

  • Use default timeout of 10s for Azure ACR credential provider. (#100686, @hasheddan) [SIG Cloud Provider]

  • We no longer allow the cluster operator to delete any suggested priority & fairness bootstrap configuration object. If a cluster operator removes a suggested configuration, it will be restored by the apiserver. (#102067, @tkashem)

  • When DisableAcceleratorUsageMetrics is set, do not collect accelerator metrics using cAdvisor. (#101712, @SergeyKanzhelev) [SIG Instrumentation and Node]

  • YAML documents separators ("---") can now be followed by whitespace and comments ("# ....") on the same line. This fixes a bug where documents starting with a comment after the separator were ignored. Other types of content on the same line will result in an error. (#103457, @codearky) [SIG API Machinery]

  • oc describe quota used has the same unit format as hard (#102177, @atiratree) [SIG CLI]

Other (Cleanup or Flake)

  • After the deprecation period,now the Kubelet's --chaos-chance flag are removed. (#101057, @wangyysde) [SIG Node]
  • Allow CSI drivers to just run offline expansion tests. (#102665, @gnufied)
  • Changed buildmode of non static Kubernetes binaries to produce position independent executables (PIE). (#102323, @saschagrunert)
  • Clarified the description of a test in the e2e suite that mentions "SCTP" but is actually intended to be testing the behavior of network plugins that don't implement SCTP. (#102509, @danwinship)
  • Client-go: reduce verbosity of Starting/Stopping reflector messages to 3 again. (#102788, @pohly)
  • Disable log sampling when using json logging format. (#102620, @serathius)
  • Exposes WithCustomRoundTripper method for specifying a middleware function for custom HTTP behaviour for the delegated auth clients. (#99775, @p0lyn0mial)
  • Fake clients now implement a FakeClient interface (#100940, @markusthoemmes) [SIG API Machinery and Instrumentation]
  • Featuregate ServiceLoadBalancerClass graduates to Beta and is enables by default. (#103129, @XudongLiuHarold)
  • Improve func ToSelectableFields' performance for event. (#102461, @goodluckbot)
  • Increased CSINodeIDMaxLength from 128 bytes to 192 bytes. Prepare to increase the length limit to 256 bytes in 1.23 release. (#101256, @Jiawei0227)
  • JSON logging now supports having information about source code location in the logging format, source code information is available under the key "caller". (#102437, @MadhavJivrajani)
  • Kubeadm: move the BootstrapToken* API and related utilities from v1beta3 to a separate API group/version - bootstraptoken/v1. (#102964, @neolit123) [SIG Cluster Lifecycle]
  • Kubeadm: the CriticalAddonsOnly toleration has been removed from kube-proxy DaemonSet (#101966, @SataQiu) [SIG Cluster Lifecycle]
  • Metrics Server updated to use 0.4.4 image that doesn't depend on deprecated authorization.k8s.io/v1beta1 subjectaccessreviews API version. (#101477, @x13n)
  • Migrate proxy/ipvs/proxier.go logs to structured logging. (#97796, @JornShen)
  • Migrate staging/src/k8s.io/apiserver/pkg/registry logs to structured logging. (#98287, @lala123912)
  • Migrate some log messages to structured logging in pkg/volume/plugins.go. (#101510, @huchengze)
  • Migrate some log messages to structured logging in pkg/volume/volume_linux.go. (#99566, @huchengze)
  • Official binaries now include the golang generated build ID buildid instead of an empty string. (#101411, @saschagrunert)
  • Remove balanced attached node volumes feature. (#102443, @ravisantoshgudimetla)
  • Remove deprecated --generator flag from kubectl autoscale. (#99900, @MadhavJivrajani)
  • Remove the deprecated flag --generator from kubectl create deployment command. (#99915, @BLasan)
  • Remove the duplicate packet import. (#101187, @chuntaochen)
  • Replace go-bindata with //go:embed. (#99829, @palnabarun)
  • The DynamicFakeClient now exposes its tracker via a Tracker() function. (#100085, @markusthoemmes)
  • The VolumeSnapshotDataSource feature gate that is GA since v1.20 is unconditionally enabled, and can no longer be specified via the --feature-gates argument. (#101531, @ialidzhikov) [SIG Storage]
  • The deprecated CRIContainerLogRotation feature-gate has been removed, since the CRIContainerLogRotation feature graduated to GA in 1.21 and was unconditionally enabled. (#101578, @carlory)
  • The deprecated RootCAConfigMap feature-gate has been removed, since the RootCAConfigMap feature graduated to GA in 1.21 and is unconditionally enabled. (#101579, @carlory)
  • The deprecated runAsGroup feature-gate has been removed, since the runAsGroup feature graduated to GA in 1.21. (#101581, @carlory)
  • The etcd client has been updated to 3.5.0; github.com/golang/protobuf, google.golang.org/protobuf, and google.golang.org/grpc have been updated to current versions. (#100488, @liggitt)
  • Update Azure Go SDK to v55.0.0. (#102441, @feiskyer)
  • Update Azure Go SDK version to v53.1.0 (#101357, @feiskyer) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle and Instrumentation]
  • Update CNI plugins to v0.9.1. (#102328, @lentzi90)
  • Update Calico to v3.19.1. (#102386, @JornShen)
  • Update cri-tools dependency to v1.21.0. (#100956, @saschagrunert)
  • Update dep google/gnostic and google/go-cmp to v0.5.5 and updating transitive dependencies protobuf. (#102783, @mcbenjemaa)
  • Update golang.org/x/net to v0.0.0-20210520170846-37e1c6afe023 (#103176, @CaoDonghui123) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Node and Storage]
  • Updated command descriptions and examples for grammar and punctuation consistency. (#103524, @bergerhoffer) [SIG Auth and CLI]
  • Updated pause image to version 3.5, which now runs per default as pseudo user and group 65535:65535. This does not have any effect on remote container runtimes like CRI-O and containerd, which setup the pod sandbox user and group on their own. (#100292, @saschagrunert)
  • Upgrade functionality of kubectl kustomize as described at kustomize/v4.1.3. (#102193, @gautierdelorme)

Dependencies

Added

  • github.com/antihax/optional: v1.0.0
  • github.com/benbjohnson/clock: v1.0.3
  • github.com/bits-and-blooms/bitset: v1.2.0
  • github.com/certifi/gocertifi: 2c3bb06
  • github.com/checkpoint-restore/go-criu/v5: v5.0.0
  • github.com/cncf/udpa/go: 5459f2c
  • github.com/cockroachdb/errors: v1.2.4
  • github.com/cockroachdb/logtags: eb05cc2
  • github.com/coredns/caddy: v1.1.0
  • github.com/felixge/httpsnoop: v1.0.1
  • github.com/frankban/quicktest: v1.11.3
  • github.com/getsentry/raven-go: v0.2.0
  • github.com/go-kit/log: v0.1.0
  • github.com/gofrs/uuid: v4.0.0+incompatible
  • github.com/josharian/intern: v1.0.0
  • github.com/jpillora/backoff: v1.0.0
  • github.com/nxadm/tail: v1.4.4
  • github.com/opentracing/opentracing-go: v1.1.0
  • github.com/robfig/cron/v3: v3.0.1
  • github.com/stoewer/go-strcase: v1.2.0
  • go.etcd.io/etcd/api/v3: v3.5.0
  • go.etcd.io/etcd/client/pkg/v3: v3.5.0
  • go.etcd.io/etcd/client/v2: v2.305.0
  • go.etcd.io/etcd/client/v3: v3.5.0
  • go.etcd.io/etcd/pkg/v3: v3.5.0
  • go.etcd.io/etcd/raft/v3: v3.5.0
  • go.etcd.io/etcd/server/v3: v3.5.0
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.20.0
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.20.0
  • go.opentelemetry.io/contrib: v0.20.0
  • go.opentelemetry.io/otel/exporters/otlp: v0.20.0
  • go.opentelemetry.io/otel/metric: v0.20.0
  • go.opentelemetry.io/otel/oteltest: v0.20.0
  • go.opentelemetry.io/otel/sdk/export/metric: v0.20.0
  • go.opentelemetry.io/otel/sdk/metric: v0.20.0
  • go.opentelemetry.io/otel/sdk: v0.20.0
  • go.opentelemetry.io/otel/trace: v0.20.0
  • go.opentelemetry.io/otel: v0.20.0
  • go.opentelemetry.io/proto/otlp: v0.7.0
  • go.uber.org/goleak: v1.1.10

Changed