Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
10 contributors

Users who have contributed to this file

@k8s-release-robot @k8s-ci-robot @Huang-Wei @ttakahashi21 @Shubham82 @xmudrii @thdrnsdk @jjjungkim @yanggangtony @cici37
1980 lines (1710 sloc) 240 KB

v1.26.1

Downloads for v1.26.1

Source Code

filename sha512 hash
kubernetes.tar.gz 65d8e6456b48737e496bd7e57ed630825654a1527de52890481be5f6df89a88675b809e6cb0ffa75b71c7d723ee64145a92b859afff296c7ee6f077f66c05c48
kubernetes-src.tar.gz cb4c5b1502899144798663ace828ff705d5b727a7bbb9a71c63138a4aef91dc394bdc83e8f7634fa1762b1cd08c3203a08c06856629d22463f89ab309f6388a3

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz c70bd6ae44d1d5bbd5141fdcd69db0aa43aa3556345fec647e71f54f971ae91079b07f7e8cc3e609cb64e1a51b825f2ecbf99b040ca46b63f776f2c0d7b0ce46
kubernetes-client-darwin-arm64.tar.gz 0e913e33cd285c9e822eb8c8612b2acb301a9b28b9b59d15f120017bbd8b1d6282b8d0fc1426d4ec425a8a487232b8435cc271f9a3a45aa18b92bf1e6dc6340d
kubernetes-client-linux-386.tar.gz 21651edaecb3d17c99a9a65a8db21dbbedfc35d444d435e6f9e4b477e1f9ad4813df4a3a42e385c373560dcf97090da0862f9b0c59feda75db7a408fb1295fdc
kubernetes-client-linux-amd64.tar.gz d82f8fb12b3667c9c613092ac8c5c38c2f0db2db719f8d8b308f1146ef4ac2942b66554fc99ddc1e947492f4cec845a21feebbf804289173c42928a2d355490f
kubernetes-client-linux-arm.tar.gz dbac85e316b0a46e7bc6f2de990b916bd3605631a14fa457819fc354238dad392535d738a8f98fabd4ca76cc4e66c19be3d1a7766aaf05a4ef6d1717208d99a4
kubernetes-client-linux-arm64.tar.gz 58ebebde0f387dd9b0c314e2f20d3af875e0524d392ea97c1d3930ee07f4ad57b3acffee7894077f4e5dc40c83c04612c17fe77fa0501f1f25a90db6178b6786
kubernetes-client-linux-ppc64le.tar.gz 211c3a698f5608eb1270702bad9fc67911b7168b025e3d8979754ab6d20140ff1ba1f616604a33667cdf47693481de1668ad0b87cf53fd08199d8b356c0b96ee
kubernetes-client-linux-s390x.tar.gz 970d2d6ae7c4c7eba363c14e2d5962c17c015877d11b265764b1e56472fa7a23d54fd9a9cbe2022db7d05539c1bff8d6f1c5f78300d22102ce1079f26256a3b7
kubernetes-client-windows-386.tar.gz 3318ad3f1a28258d7bb6d40066f16ac137de9bf2542871f52ab510346e13cc9640fa17b2914faa8cfdd762b42ff8fb8dfd1443f104e779b5ff5b52aeec7301eb
kubernetes-client-windows-amd64.tar.gz 24454f8b50523329ff1fdcce92c49b9dda7fe18c8c0c20ef17fbb281e104915539a9576a36ae548a0d667e0ae6c2b96fc8247990c18e6582300e9a418aad88ac
kubernetes-client-windows-arm64.tar.gz 1b91b903be14ffb6e98a21459ac261361cef206f9e6a9902bbf3e45eb798560574d3a86b1455e8b42d4e8be7adda977f8a24e43e5f6edeecff0463b9aea9fbc9

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 46812ef66997de951da309aa8b594384d8a9fad77812bbb6cadcb684f82f0b56e4df7bfb7772b225a6f5db4096b2e681bc28d4e5044306c09528d6cac405c41c
kubernetes-server-linux-arm.tar.gz 1961fb217b3b7a2c6967e1cf07f1315930e48c11551a0d329811f4d2e5e4470cbb36dc3980cb65459912c633e9b528b66dce14a9f0c2f91b1d4b6c24018e8c4e
kubernetes-server-linux-arm64.tar.gz 9f7fc8a6ce7c15d2db56df30a1551402127745091b26231c54484855ec5acdd1813b53f4ebc979d0a85f4e7701bee11ee0ba6e84d94b146d8384b8bb4600078b
kubernetes-server-linux-ppc64le.tar.gz 5bb0c0f3ae57e403f0f710110896e2e6ab5d777cafd0b9f98f121ef442e0b2eeeee66c1a4917ab6b2f218b5d12a93efb86310a1fcc6ef342843813a5c24b22c0
kubernetes-server-linux-s390x.tar.gz 539812c41439f7851838edd98ad76c16a9efad2cadcc9f8f88aa193d8e359c06f481c5df4a58b561cc7594126c65e841387f547523c42b2ddfe56edb094865d3

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 8ab33c800a7616302e03c36e087ddb70e2d74ca1228b6f2df654a23f7adf684cc949f98bb9c639f2aa8a125f06dddc6cd7a4568eec1197b1eba1002806782c4f
kubernetes-node-linux-arm.tar.gz 65fc0444ac19ddae8b06f48f99b42d78816dcf641823ecbcb4378c2dc4a9698af764686a1b6da97fcda898243e8b08a9cef64d99d4d697d34ec95443a5995943
kubernetes-node-linux-arm64.tar.gz 7f5c045c152e3aa14da87778935b9a81052a075cfc929bd52d8ee956da78ecacb16436e7fa648bc99b886bfce56d2588346cd843b1fcae0f38fb25c722c0d59b
kubernetes-node-linux-ppc64le.tar.gz bbd574bb6dc5f4d1d5f895af6e1ebeeae806d1c2fb626061ae5d6b1eecf1d516efdc5eb8b4a80d553425427d7fd7cd7f34a68d524b89ff6194c8b2edf4b699de
kubernetes-node-linux-s390x.tar.gz 3908f0a66082846d75927c3ebd1854035996f4db405d6709e483c6fc8d80973d8afec1898ca052c33efb548e2c4d0bb63df470efc51add76d5877fd3dd4569aa
kubernetes-node-windows-amd64.tar.gz e4dac0f8df0cf97d35f2fe9498f072e384182b2c4fdfeced83960f771c638827cfa25b5003a8bfe9c4246b353a136118f8c4ea3c371f8d9e8d20b568ca68e562

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
registry.k8s.io/conformance:v1.26.1 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.26.1 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.26.1 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.26.1 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.26.1 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.26.0

Changes by Kind

API Change

  • The list-type of the alpha resourceClaims field introduced to Pods in 1.26.0 was modified from "set" to "map", resolving an incompatibility with use of this schema in CustomResourceDefinitions and with server-side apply. (#114617, @JoelSpeed) [SIG API Machinery]

Feature

  • Kubernetes is now built with Go 1.19.5 (#115014, @cpanato) [SIG Release and Testing]

Failing Test

  • Deflake a preemption test that may patch Nodes incorrectly. (#114350, @Huang-Wei) [SIG Scheduling and Testing]

Bug or Regression

  • Client-go: fixes potential data races retrying requests using a custom io.Reader body; with this fix, only requests with no body or with string / []byte / runtime.Object bodies can be retried (#113933, @liggitt) [SIG API Machinery]
  • Do not include preemptor pod metadata in the event message (#114946, @mimowo) [SIG Scheduling]
  • Do not include preemptor pod metadata in the message of DisruptionTarget condition (#114945, @mimowo) [SIG Scheduling]
  • Failed pods associated with a job with parallelism = 1 are recreated by the job controller honoring exponential backoff delay again. However, for jobs with parallelism > 1, pods might be created without exponential backoff delay. (#115027, @nikhita) [SIG Apps]
  • Fix a regression that the scheduler always goes through all Filter plugins. (#114524, @Huang-Wei) [SIG Scheduling]
  • Fix bug in CRD Validation Rules (beta) and ValidatingAdmissionPolicy (alpha) where all admission requests could result in internal error: runtime error: index out of range [3] with length 3 evaluating rule: <rule name> under certain circumstances. (#114861, @jpbetz) [SIG API Machinery, Auth and Cloud Provider]
  • Fix clearing of rate-limiter for the queue of checks for cleaning stale pod disruption conditions. The bug could result in the PDB synchronization updates firing too often or the pod disruption cleanups taking too long to happen. (#114780, @mimowo) [SIG Apps]
  • Fixed DaemonSet to update the status even if it fails to create a pod. (#114819, @gjkim42) [SIG Apps and Testing]
  • Fixes stuck apiserver if an aggregated apiservice returned 304 Not Modified for aggregated discovery information (#114459, @alexzielenski) [SIG API Machinery]
  • Fixing issue in Winkernel Proxier - Unexpected active TCP connection drops while horizontally scaling the endpoints for a LoadBalancer Service with External Traffic Policy: Local (#114038, @princepereira) [SIG Network]
  • Fixing issue with Winkernel Proxier - No ingress load balancer rules with endpoints to support load balancing when all the endpoints are terminating. (#114453, @princepereira) [SIG Network and Windows]
  • Optimizing loadbalancer creation with the help of attribute Internal Traffic Policy: Local (#114468, @princepereira) [SIG Network]

Dependencies

Added

Nothing has changed.

Changed

  • github.com/google/cel-go: v0.12.5 → v0.12.6
  • go.uber.org/goleak: v1.2.0 → v1.1.12
  • sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.33 → v0.0.35

Removed

Nothing has changed.

v1.26.0

Documentation

Downloads for v1.26.0

Source Code

filename sha512 hash
kubernetes.tar.gz 3062a427a45548bd9c5a8358c740f0a5cfea7b546dca724c71d28768bb36c628280c91263a362afd01c89ef3944f5a768ed44e75d421fe9dc1ec2e8ba26214f3
kubernetes-src.tar.gz 30ef5d75282fee72e6affff34c72f76fc1d0154b3f37ad2897dec8c63ce6620d9e3237cc3c34ba3cab5d31f64ed43c4ec79c8bc40e832de6c4895a449d05682f

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz a8c7d82db6a415e7c16bc6a35ee59115e91491f842816b0128b5668821223ab9477697151ec31fb052cd893d57fc507b0a3b68f9bffd666f9d4b821c336a10c8
kubernetes-client-darwin-arm64.tar.gz 5b449a69eb22902bdc5cc110b65d3103e459639c4b8eb84eed005a79efc8c9f42dd0a37f5d51b073e96f69a5de36b44c00b3bf730334d1296bd3df3a2f7c603b
kubernetes-client-linux-386.tar.gz 32881e912da9edf44d304bb67b4302fd271d4925928c28cd9e8d94fa677e8e8d4706eb1d9a7490f51f87cf39cf087133895a047aaf1564caa8783e3e3af190e9
kubernetes-client-linux-amd64.tar.gz e4e55a2b7cfcb8a61a982b4c5630119dac74c793fad285a5753f3fad20122c266fce4f291889a03c562d6416d9f07992bf5de78298bd6801b06a8c36dc7a0acf
kubernetes-client-linux-arm.tar.gz 72b2899747277a8c50f2ccf8dc9293532e9d0f18fbfc5ce2bd847f46939930819a031d2ef6e6f624ea7b48d61653d14cc8869651c6155d4cada801e63e45a90f
kubernetes-client-linux-arm64.tar.gz 54081ebe799fd11ace1b54b66a4ad3c87f233dcc8f14ec38fd02d69daccf8a5e46e42e615582316a0930528fd108c679590813edc69aea151a1e8e384d3d5b31
kubernetes-client-linux-ppc64le.tar.gz 1cb6bcae4e060cb581c89121dc623d75cd07d665876f12fc441a2cae54f194883e2f9aa02e2f61a066f7d604626c98b6baeb38ac2aea22d34eee68ce3530d12a
kubernetes-client-linux-s390x.tar.gz 568313713168e29b13849ff2bc3e275af54acb8048a7fe5b7569f713453523f32904f974b3e4888b60cd59ad2d00a97a170c33ee0525cfa224384c936b5bdb97
kubernetes-client-windows-386.tar.gz 81aff59ef27eee27edce5222dfab420e3f9ffe090897820db07cf69bf212adcbe5fe3ce8d8551da6c2dc99c9a0ce05d9f0bad79544043c613e1bb841fe711c14
kubernetes-client-windows-amd64.tar.gz ab37bc7569fef9e852944af6cc82a9763d89244749a28b8dd819e9234acccf89ca168cb485fbb8e4dc28c25ec3d4686503f3b3dfa5509283c674f7460fe84456
kubernetes-client-windows-arm64.tar.gz a4373d6d3d37dcde3f86ed17e5d079c74247ee412fc062fe58472215a09cdbbefd03ba55d299fc8cbcfb70419e3400a69f84da17b078ffc149c6078df8d0ac50

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 55de8adfe4d98826cf5f55007b8dbb63cd42fc898b399cd2c74d6c4818f2fbad1de4bd7cba2a94f8edc5a13a6297816691e62ffd0113428d23b8e7592d9d2eb6
kubernetes-server-linux-arm.tar.gz 59305ba936cae7f021f41944491e53b43fce21f64491be44881b68c78b03b25591b850faf24472d10a17941e440ce9d4977e29fce46a7bb7786257311721fd61
kubernetes-server-linux-arm64.tar.gz c0c0c6d1288f4b417b8b4b5960df9af081d2caf8b2abd2117e26677fc4b5b6d3bd5a0638f2559c86e77f7bb6c9acf5bd4e7f33aa4a8f0d9ba50e448c5a780ca9
kubernetes-server-linux-ppc64le.tar.gz 837fc57905aa29f27c253ea392ce331c762789b69a581e2d3709c22f14af0b475d4f691fe48d05f5bac3784b84a6c59e9fbda527b4d9e169f93a10fe09f2d195
kubernetes-server-linux-s390x.tar.gz edf1c11412cff5423389daa6bde79be302d2e8d9962d191247a8935189927ee89f5c24f4be2ffe2a8be0516395677d085d4367d9436bcdd46c5270c36713645f

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 19d0941ff71a8c7fd9695e69fc03e446dab48d081985f4288a6ff6d6f5a76b1e5c2cec643a9090597760f9444f0846978ddfe6a97e2b3ab59d8530d524be75bb
kubernetes-node-linux-arm.tar.gz f75cca0a72a4a4cc1f89210d08b36e7d1777d6af02e74497c3f93fef3308040c278f0600d65d1ccc052f14d567590762327d67453a3a4c06a5fe529dca99f7ae
kubernetes-node-linux-arm64.tar.gz 94579d7a3cb146ceffc0af42b5fd886510041fec0a5d5e9c2383e91ae3f6dd663b9691193f67646f38265195757f04bcc55e17ea3fc414174c375e672249c606
kubernetes-node-linux-ppc64le.tar.gz 0487d68b2598a12bc40f7012c2b68a4d2cb0dbfac59eb7d468eb23966ebbbad3cc14e061fb4cb4562366812eefa7a7df704c435522a4d6fb68fec1268b845775
kubernetes-node-linux-s390x.tar.gz a4dc195f599ebe3bc0ea5d2eb9f9004d9770cad7c8333b273f6ff9af0f73528a08c4949c360647f9096cc48a4daf65ecc71b70683728ab75cf3041857b6df965
kubernetes-node-windows-amd64.tar.gz 6331bffc65bea362245a0bcba2ce28521679c60e0332e329872c5a588d21cca0162c48cac4ac2fcdb303116f5f4f62596f81658cc056d34add27857ec53b22d1

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
registry.k8s.io/conformance:v1.26.0 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.26.0 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.26.0 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.26.0 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.26.0 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.25.0

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

Changes by Kind

Deprecation

  • CLI flag pod-eviction-timeout is deprecated and will be removed together with enable-taint-manager in v1.27. (#113710, @kerthcet)
  • Kube-apiserver: the unused --master-service-namespace flag was deprecated and will be removed in v1.27. (#112797, @SataQiu)
  • The gcp and azure auth plugins have been removed from client-go and kubectl. See kubelogin and Kubectl Auth Changes in GKE for details about the cloud-specific replacements. (#112341, @enj)

API Change

  • 'A new preEnqueue extension point was added to scheduler's component config v1beta2/v1beta3/v1.' (#113275, @Huang-Wei)
  • 'Added a ResourceClaim API (in the resource.k8s.io/v1alpha1 API group and behind the DynamicResourceAllocation feature gate). The new API is now more flexible than the existing Device Plugins feature of Kubernetes because it allows Pods to request (claim) special kinds of resources, which can be available at node level, cluster level, or following any other model you implement.' (#111023, @pohly)
  • 'Container preStop and postStart lifecycle handlers using httpGet now honor the specified scheme and headers fields. This enables setting custom headers and changing the scheme to HTTPS, consistent with container startup/readiness/liveness probe capabilities. Lifecycle handlers configured with scheme: HTTPS that encounter errors indicating the endpoint is actually using HTTP fall back to making the request over HTTP for compatibility with previous releases. When this happens, a LifecycleHTTPFallback event is recorded in the namespace of the pod and a kubelet_lifecycle_handler_http_fallbacks_total metric in the kubelet is incremented. Cluster administrators can opt out of the expanded lifecycle handler capabilities by setting --feature-gates=ConsistentHTTPGetHandlers=false in kubelet.' (#86139, @jasimmons)
  • 'Graduated JobTrackingWithFinalizers to stable. Jobs created before the feature was enabled are still tracked without finalizers. Jobs tracked with finalizers have the annotation batch.kubernetes.io/job-tracking. If the annotation is present and the user attempts to remove it, the control plane adds it back. The annotation batch.kubernetes.io/job-tracking is now deprecated. The control plane will ignore it and stop adding it for new Jobs in v1.27.' (#113510, @alculquicondor)
  • 'Kubelet added the following Pod failure conditions:
    • DisruptionTarget (graceful node shutdown, node pressure eviction)' (#112360, @mimowo)
  • 'Priority and Fairness has introduced a new feature called borrowing that allows an API priority level to borrow a number of seats from other priority level(s). As a cluster operator, you can enable borrowing for a certain priority level configuration object via the two newly introduced fields lendablePercent, and borrowingLimitPercent located under the .spec.limited field of the designated priority level. This change added the following metrics:
    • apiserver_flowcontrol_nominal_limit_seats: Nominal number of execution seats configured for each priority level
    • apiserver_flowcontrol_lower_limit_seats: Configured lower bound on number of execution seats available to each priority level
    • apiserver_flowcontrol_upper_limit_seats: Configured upper bound on number of execution seats available to each priority level
    • apiserver_flowcontrol_demand_seats: Observations, at the end of every nanosecond, of (the number of seats each priority level could use) / (nominal number of seats for that level)
    • apiserver_flowcontrol_demand_seats_high_watermark: High watermark, over last adjustment period, of demand_seats
    • apiserver_flowcontrol_demand_seats_average: Time-weighted average, over last adjustment period, of demand_seats
    • apiserver_flowcontrol_demand_seats_stdev: Time-weighted standard deviation, over last adjustment period, of demand_seats
    • apiserver_flowcontrol_demand_seats_smoothed: Smoothed seat demands
    • apiserver_flowcontrol_target_seats: Seat allocation targets
    • apiserver_flowcontrol_seat_fair_frac: Fair fraction of server's concurrency to allocate to each priority level that can use it
    • apiserver_flowcontrol_current_limit_seats: current derived number of execution seats available to each priority level The possibility of borrowing means that the old metric apiserver_flowcontrol_request_concurrency_limit can no longer mean both the configured concurrency limit and the enforced concurrency limit. Henceforth it means the configured concurrency limit.' (#113485, @MikeSpreitzer)
  • 'NodeInclusionPolicy in podTopologySpread plugin is now enabled by default.' (#113500, @kerthcet)
  • 'PodDisruptionBudget now adds an alpha spec.unhealthyPodEvictionPolicy field. When the PDBUnhealthyPodEvictionPolicy feature-gate is enabled in kube-apiserver, setting this field to "AlwaysAllow" allows pods to be evicted if they do not have a ready condition, regardless of whether the PodDisruptionBudget is currently healthy.' (#113375, @atiratree)
  • 'metav1.LabelSelectors specified in API objects are now validated to ensure they do not contain invalid label values that will error at time of use. Existing invalid objects can be updated, but new objects are required to contain valid label selectors.' (#113699, @liggitt)
  • Add percentageOfNodesToScore as a scheduler profile level parameter to API version v1. When a profile percentageOfNodesToScore is set, it will override global percentageOfNodesToScore. (#112521, @yuanchen8911)
  • Add auth API to get self subject attributes (new selfsubjectreviews API is added). The corresponding command for kubctl is provided - kubectl auth whoami. (#111333, @nabokihms) [SIG API Machinery, Auth, CLI and Testing]
  • Added kubernetes_feature_enabled metric series to track whether each active feature gate is enabled. (#112690, @logicalhan)
  • Added a --topology-manager-policy-options flag to the kubelet to support fine tuning the topology manager policies. The first policy option, prefer-closest-numa-nodes, allows these policies to favor sets of NUMA nodes with shorter distance between nodes when making admission decisions. (#112914, @PiotrProkop)
  • Added a feature that allows a StatefulSet to start numbering replicas from an arbitrary non-negative ordinal, using the .spec.ordinals.start field. (#112744, @pwschuurman)
  • Added a kube-proxy flag (--iptables-localhost-nodeports, default true) to allow disabling NodePort services on loopback addresses. Note: this only applies to iptables mode and ipv4. (#108250, @cyclinder)
  • Added a new namespace alpha field to DataSourceRef field in PersistentVolumeClaim API. (#113186, @ttakahashi21)
  • Aggregated discovery will be alpha and can be toggled with the AggregatedDiscoveryEndpoint feature flag. (#113171, @Jefftree)
  • Clarified the CFS quota as 100ms in the code comments and set the minimum cpuCFSQuotaPeriod to 1ms to match Linux kernel expectations. (#112123, @paskal)
  • Component-base: make the validation logic about LeaderElectionConfiguration consistent between component-base and client-go (#111758, @SataQiu) [SIG API Machinery and Scheduling]
  • Deprecated the apiserver_request_slo_duration_seconds metric for v1.27 in favor of apiserver_request_sli_duration_seconds for naming consistency purposes with other SLI-specific metrics and to avoid any confusion between SLOs and SLIs. (#112679, @dgrisonnet)
  • Enable the "Retriable and non-retriable pod failures for jobs" feature into beta. (#113360, @mimowo)
  • Enabled kube-controller-manager to support '--concurrent-horizontal-pod-autoscaler-syncs' flag to set the number of horizontal pod autoscaler controller workers. (#108501, @zroubalik)
  • Fixed spurious field is immutable errors validating updates to Event API objects via the events.k8s.io/v1 API. (#112183, @liggitt)
  • Graduated ServiceInternalTrafficPolicy feature to GA. (#113496, @avoltz)
  • In kube-proxy: The "userspace" proxy mode (deprecated for over a year) is no longer supported on either Linux or Windows. Users should use "iptables" or "ipvs" on Linux, or "kernelspace" on Windows. (#112133, @knabben)
  • Introduce v1beta3 for Priority and Fairness with the following changes to the API spec:
    • rename 'assuredConcurrencyShares' (located under `spec.limited') to 'nominalConcurrencyShares'.
    • apply strategic merge patch annotations to 'Conditions' of flowschemas and prioritylevelconfigurations. (#112306, @tkashem)
  • Introduced v1alpha1 API for validating admission policies, enabling extensible admission control via CEL expressions (KEP 3488: CEL for Admission Control). To use, enable the ValidatingAdmissionPolicy feature gate and the admissionregistration.k8s.io/v1alpha1 API via --runtime-config. (#113314, @cici37)
  • KMS: added validation for duplicate kms config name when auto reload is enabled. If you enabled automatic reload of encryption configuration with API server flag --encryption-provider-config-automatic-reload, ensure all the KMS provider names (v1 and v2) in the encryption configuration are unique. (#113697, @aramase)
  • Kubelet external Credential Provider feature is moved to GA. Credential Provider Plugin and Credential Provider Config APIs updated from v1beta1 to v1 with no API changes. (#111616, @ndixita)
  • Legacy klog flags are no longer available. Only -v and -vmodule are still supported. (#112120, @pohly) [SIG Architecture, CLI, Instrumentation, Node and Testing]
  • Moved MixedProtocolLBService from beta to GA. (#112895, @janosi)
  • New Pod API field .spec.schedulingGates is introduced to enable users to control when to mark a Pod as scheduling ready. (#113274, @Huang-Wei)
  • Protobuf serialization of metav1.MicroTime timestamps (used in Lease and Event API objects) has been corrected to truncate to microsecond precision, to match the documented behavior and JSON/YAML serialization. Any existing persisted data is truncated to microsecond when read from etcd. (#111936, @haoruan)
  • Removed feature gates ServiceLoadBalancerClass and ServiceLBNodePortControl. These feature gates were enabled (and locked) since v1.24. (#112577, @andrewsykim)
  • Reverted regression that prevented client-go latency metrics to be reported with a template URL to avoid label cardinality. (#111752, @aanm)
  • The EndpointSliceTerminatingCondition feature gate was graduated to GA. The gate is now locked and will be removed in v1.28. (#113351, @andrewsykim)
  • DynamicKubeletConfig feature gate has been removed from the API server. Dynamic kubelet reconfiguration now can't be used even when older nodes are still attempting to rely on it. This is aligned with the Kubernetes version skew policy. (#112643, @SergeyKanzhelev)
  • kubectl wait command with jsonpath flag will wait for target path until timeout. (#109525, @jonyhy96)

Feature

  • 'Added selector validation to HorizontalPodAutoscaler: when multiple HPAs select the same set of Pods, scaling now will be disabled for those HPAs with the reason AmbiguousSelector. This change also covers a case when multiple HPAs point to the same deployment.' (#112011, @pbeschetnov)
  • 'Pod Security admission: the pod-security warn level will now default to the enforce level.' (#113491, @tallclair)
  • 'Promoted the APIServerIdentity feature to Beta. By default, each kube-apiserver will now create a Lease in the kube-system namespace. These lease objects can be used to identify the number of active API servers in the cluster, and may also be used for future features such as the Storage Version API.' (#113629, @andrewsykim)
  • 'The iptables kube-proxy backend now process service/endpoint changes more efficiently in very large clusters.' (#110268, @danwinship)
  • 'CSIMigrationvSphere was upgraded to GA and locked to true. Do not upgrade to K8s 1.26 if you need Windows, or XFS, or raw block support until vSphere CSI Driver adds support for them in a version post v2.7.x.' (#113336, @divyenpatel)
  • 'DelegateFSGroupToCSIDriver feature is GA.' (#113225, @bertinatto)
  • 'NodeOutOfServiceVolumeDetach is now beta.' (#113511, @xing-yang)
  • 'RetroactiveDefaultStorageClass feature is now beta.' (#113329, @RomanBednar)
  • 'registered_metric_total will now report the number of metrics broken down by stability level and deprecated version.' (#112907, @logicalhan)
  • A new DisableCompression field (default = false) has been added to kubeconfig under cluster info. When set to true, clients using the kubeconfig opt out of response compression for all requests to the apiserver. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112309, @shyamjvs)
  • A new pod_status_sync_duration_seconds histogram is reported at alpha metrics stability that estimates how long the Kubelet takes to write a pod status change once it is detected. (#107896, @smarterclayton) [SIG Apps, Architecture, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing]
  • API Server Tracing now includes a variety of new spans and span events. (#113172, @dashpole) [SIG API Machinery, Architecture, Auth, Instrumentation, Network, Node and Scheduling]
  • API Server tracing now includes the latency of authorization, priorityandfairness, impersonation, audit, and authentication filters. (#113217, @dashpole)
  • API Server tracing root span name for opentelemetry is changed from KubernetesAPI to HTTP GET. (#112545, @dims)
  • Added --disable-compression flag to kubectl (default = false). When true, it opts out of response compression for all requests to the apiserver. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112580, @shyamjvs)
  • Added a method StreamWithContext to remotecommand.Executor to support cancelable SPDY executor stream. (#103177, @arkbriar)
  • Added a new feature gate CelValidatingAdmissionExtensibility to enable expression validation for Admission Control. (#112792, @cici37) [SIG API Machinery]
  • Added alpha support for WindowsHostNetworking feature. (#112961, @marosset)
  • Added alpha support for returning container and pod metrics from CRI, instead of cAdvsior. (#113609, @haircommander)
  • Added categories column to the kubectl api-resources command's wide output (-o wide). Added --categories flag to the kubectl api-resources command, which can be used to filter the output to show only resources belonging to one or more categories. (#111096, @brianpursley) [SIG CLI]
  • Added kubelet metrics to track the cpumanager cpu allocation and pinning (#112855, @fromanirh)
  • Added new Golang runtime-related metrics to Kubernetes components:
    • go_gc_cycles_automatic_gc_cycles_total
    • go_gc_cycles_forced_gc_cycles_total
    • go_gc_cycles_total_gc_cycles_total
    • go_gc_heap_allocs_by_size_bytes
    • go_gc_heap_allocs_bytes_total
    • go_gc_heap_allocs_objects_total
    • go_gc_heap_frees_by_size_bytes
    • go_gc_heap_frees_bytes_total
    • go_gc_heap_frees_objects_total
    • go_gc_heap_goal_bytes
    • go_gc_heap_objects_objects
    • go_gc_heap_tiny_allocs_objects_total
    • go_gc_pauses_seconds
    • go_memory_classes_heap_free_bytes
    • go_memory_classes_heap_objects_bytes
    • go_memory_classes_heap_released_bytes
    • go_memory_classes_heap_stacks_bytes
    • go_memory_classes_heap_unused_bytes
    • go_memory_classes_metadata_mcache_free_bytes
    • go_memory_classes_metadata_mcache_inuse_bytes
    • go_memory_classes_metadata_mspan_free_bytes
    • go_memory_classes_metadata_mspan_inuse_bytes
    • go_memory_classes_metadata_other_bytes
    • go_memory_classes_os_stacks_bytes
    • go_memory_classes_other_bytes
    • go_memory_classes_profiling_buckets_bytes
    • go_memory_classes_total_bytes
    • go_sched_goroutines_goroutines
    • go_sched_latencies_seconds (#111910, @tosi3k)
  • Added new metric job_controller_terminated_pods_tracking_finalizer which can be used to monitor whether the job controller is removing Pod finalizers from terminated Pods after accounting them in Job status. (#113176, @alculquicondor)
  • Added publishing events when enabling/disabling TopologyAwareHints. (#113544, @LiorLieberman)
  • Added reconstruction of SELinux mount context after kubelet restart. Feature SELinuxMountReadWriteOncePod is now fully implemented and kubelet does not lose its cache of SELinux contexts after kubelet process restart. (#113596, @jsafrane)
  • Added support for Evented PLEG feature gate. (#111384, @harche)
  • Added the metric pod_start_sli_duration_seconds to kubelet. (#111930, @azylinski)
  • Added validation for the --container-runtime-endpoint flag of kubelet to be non-empty. (#112542, @astraw99)
  • Adds alpha --output plaintext protected by environment variable KUBECTL_EXPLAIN_OPENAPIV3 (#113146, @alexzielenski) [SIG CLI]
  • Adds metrics force_delete_pods_total and force_delete_pod_errors_total in the Pod GC Controller. (#113519, @xing-yang) [SIG Apps]
  • Azure File CSI migration is now GA. (#113160, @andyzhangx)
  • Changed preemption_victims metric bucket from LinearBuckets to ExponentialBuckets. (#112939, @lengrongfu)
  • Exposed health check SLI metrics on metrics/slis for apiserver. (#112741, @logicalhan)
  • Extend the job job_finished_total metric by new reason` label and introduce a new job metric to count pod failures handled by pod failure policy with respect to the action applied. (#113324, @mimowo) [SIG Apps and Testing]
  • Graduate ServiceIPStaticSubrange feature to GA. (#112163, @aojea)
  • Graduated Kubelet CPU Manager to GA. (#113018, @fromanirh)
  • Graduated Kubelet Device Manager to GA. (#112980, @swatisehgal)
  • If ComponentSLIs feature gate is enabled, then /metrics/slis becomes available on kubelet, allowing you to scrape health check metrics. (#113030, @Richabanker) [SIG Node]
  • If ComponentSLIs feature gate is enabled, then /metrics/slis now becomes available on cloud-controller-manager allowing you to scrape health check metrics. (#113340, @Richabanker)
  • If more than one StorageClass is designated as default (via the "storageclass.kubernetes.io/is-default-class" annotation), choose the newest one instead of throwing an error. (#110559, @danishprakash)
  • In client-go SharedInformerFactory will now support waiting for goroutines during shutdown. (#112200, @pohly)
  • In kubeadm, command kubeadm join phase control-plane-prepare certs now supports to run with dry-run mode on it's own. (#113005, @chendave)
  • Kube-apiserver: gzip compression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. (#112299, @shyamjvs)
  • Kubeadm: added show-join-command as a new separate phase at the end of kubeadm init. You can skip printing the join information by using kubeadm init --skip-phases=show-join-command. Executing only this phase on demand will throw an error because the phase needs dependencies such as bootstrap tokens to be pre-populated. (#111512, @SataQiu)
  • Kubeadm: added the "--cleanup-tmp-dir" flag for kubeadm reset. It will cleanup the contents of /etc/kubernetes/tmp. The flag is off by default. (#112172, @chendave)
  • Kubeadm: now supports image repository format validation. (#112732, @SataQiu)
  • Kubeadm: sub-phases are now able to support the dry-run mode, e.g. kubeadm reset phase cleanup-node --dry-run (#112945, @chendave) [SIG Cluster Lifecycle]
  • Kubeadm: tried to load CA cert from external CertificateAuthority file when CertificateAuthorityData is empty for existing kubeconfig. (#111783, @SataQiu)
  • Kubectl shell completions for the bash shell now include descriptions. (#113636, @marckhouzam)
  • Kubernetes is now built with Go 1.19.1 (#112287, @palnabarun) [SIG Release and Testing]
  • Kubernetes is now built with Go 1.19.2 (#112900, @xmudrii) [SIG Release and Testing]
  • Kubernetes is now built with Go 1.19.3. (#113550, @xmudrii)
  • Logs of requests that were timed out by a timeout handler no longer contain a statusStack and logging error output fields. (#112374, @Argh4k)
  • Metrics for RetroactiveDefaultStorageClass feature are now available. To see an attempt count for updating PVC retroactively with a default StorageClass see retroactive_storageclass_total metric and for total numer of errors see retroactive_storageclass_errors_total. (#113323, @RomanBednar)
  • Promoted kubectl alpha events to kubectl events. (#113819, @soltysh)
  • Promoting WindowsHostProcessContainers to stable. (#113476, @marosset)
  • Scheduler now retries updating a pod's status on ServiceUnavailable and InternalError errors, in addition to net.ConnectionRefused error. (#111809, @Huang-Wei)
  • Shell completion now shows plugin names when appropriate. Furthermore, shell completion will work for plugins that provide such support. (#105867, @marckhouzam)
  • Switched kubectl to use github.com/russross/blackfriday/v2 (#112731, @pacoxu)
  • The ExpandedDNSConfig feature has graduated to beta and is enabled by default. Note that this feature requires container runtime support. (#112824, @gjkim42) [SIG Network and Testing]
  • The LegacyServiceAccountTokenNoAutoGeneration feature gate was promoted to GA. (#112838, @zshihang)
  • The ProxyTerminatingEndpoints feature is now Beta and enabled by default. When enabled, kube-proxy will attempt to route traffic to terminating pods when the traffic policy is Local and there are only terminating pods remaining on a node. (#113363, @andrewsykim)
  • The goroutines metric is newly added in the scheduler. It replaces scheduler_goroutines metric and it counts the number of goroutine in more places than scheduler_goroutine does. (#112003, @sanposhiho) [SIG Instrumentation and Scheduling]
  • Updated cAdvisor to v0.46.0. (#113769, @bobbypage)
  • Updated the Lease identity naming format for the APIServerIdentity feature to use a persistent name. (#113307, @andrewsykim)
  • When ComponentSLIs feature gate is enabled, /metrics/slis becomes available on kube-scheduler, allowing you to scrape health check metrics. (#113026, @Richabanker)
  • When ComponentSLIs feature gate is enabled, then /metrics/slis becomes available on kube-proxy allowing you to scrape health check metrics. (#113057, @Richabanker)
  • When ComponentSLIs feature gate is enabled, then /metrics/slis becomes available on kube-controller-manager, allowing you to scrape health check metrics. (#112978, @logicalhan)
  • When the alpha LegacyServiceAccountTokenTracking feature gate is enabled, secret-based service account tokens will have a kubernetes.io/legacy-token-last-used applied to them containing the date they were last used. (#108858, @zshihang) [SIG API Machinery, Auth and Testing]
  • CSRDuration feature gate that graduated to GA in 1.24 and is unconditionally enabled now removed in v1.26. (#112386, @Shubham82)
  • kubectl config view now automatically redacts any secret fields marked with a datapolicy tag. (#109189, @mpuckett159)

Documentation

  • Clarified the default CFS quota period as being 100µs and not 100ms. (#111554, @paskal) [SIG Node]

Bug or Regression

  • Added back unused flags on kubectl run command, which did not go through the required deprecation period before being removed. (#112243, @brianpursley)
  • Added support for RSA and ECDSA format keys in preflight check on kubeadm. (#112508, @SataQiu)
  • Allowed Label section in vSphere e2e cloud provider configuration. (#112427, @gnufied)
  • Apiserver /healthz/etcd endpoint rate limits the number of forwarded health check requests to the etcd backends, answering with the last known state if the rate limit is exceeded. The rate limit is based on 1/2 of the timeout configured, with no burst allowed. (#112046, @aojea)
  • Apiserver: used the correct error when logging errors updating managedFields. (#113711, @andrewsykim)
  • Avoided propagating hosts search . into containers in /etc/resolv.conf. (#112157, @dghubble)
  • Bump golang.org/x/net to v0.1.1-0.20221027164007-c63010009c80. (#112693, @aimuz)
  • Bump runc to v1.1.4. (#113719, @pacoxu)
  • Callers using DelegatingAuthenticationOptions can now use DisableAnonymous to disable Anonymous authentication. (#112181, @xueqzhan)
  • Changed error message when resource is not supported by given patch type in kubectl patch. (#112556, @ardaguclu)
  • Correct the calculating error in podTopologySpread plugin to avoid unexpected scheduling results. (#112507, @kerthcet)
  • Etcd: Updated to v3.5.5. (#112489, @dims)
  • Fixed Admission controllers that caused unnecessary significant load on `apiserver'. (#112696, @aimuz)
  • Fixed a bug where a change in the appProtocol for a Service did not trigger a load balancer update. (#112785, @MartinForReal) [SIG Cloud Provider and Network]
  • Fixed a bug where the kubelet choose the wrong container by its name when running kubectl exec. (#113041, @saschagrunert)
  • Fixed an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectl while exec auth was in use. (#112017, @enj)
  • Fixed an issue in winkernel proxier that causes proxy rules to leak anytime service backends are modified. (#112837, @daschott)
  • Fixed bug in kubectl rollout history where only the latest revision was displayed when a specific revision was requested and an output format was specified. (#111093, @brianpursley)
  • Fixed bug where dry run message was not printed when running kubectl label with --dry-run flag. (#111571, @brianpursley)
  • Fixed code to ensure that pods running on nodes tainted with NoExecute continue to run when the PodDisruptionConditions feature gate is enabled. (#112518, @mimowo)
  • Fixed cost estimation of token creation request for service account in Priority and Fairness. (#113206, @marseel)
  • Fixed issue where the APIServer would panic on startup if an egress selector without a controlplane configuration is specified when using APIServerTracing. (#112979, @dashpole)
  • Fixed list cost estimation in Priority and Fairness for list requests with metadata.name specified. (#112557, @marseel)
  • Fixed race condition in GCE between containerized mounter setup in the kubelet. (#112195, @mattcary)
  • Fixed relative CPU priority for pods where containers explicitly request zero cpu by giving the lowest priority instead of falling back to the cpu limit to avoid possible cpu starvation of other pods. (#108832, @waynepeking348)
  • Fixed that disruption controller used to change the status of a stale disruption condition after 2 min when the PodDisruptionConditions feature gate is enabled. (#113580, @mimowo)
  • Fixed the PodAndContainerStatsFromCRI feature, instead of supplementing with stats from cAdvisor. (#113291, @mengjiao-liu)
  • Fixed the occasional double-counting of the job_finished_total metric. (#112948, @mimowo)
  • For kubectl, --server-side now migrates ownership of all fields used by client-side-apply to the specified --fieldmanager. This prevents fields previously specified using kubectl from being able to live outside of server-side-apply's management and become undeleteable. (#112905, @alexzielenski)
  • For raw block CSI volumes on Kubernetes, kubelet was incorrectly calling CSI NodeStageVolume for every single "map" (i.e. raw block "mount") operation for a volume already attached to the node. This change modified that behavior to ensure it is only called once per volume per node. (#112403, @akankshakumari393)
  • Improved kubectl display of invalid request errors returned by the API server. (#112150, @liggitt)
  • In kube-apiserver,x-kubernetes-list-type validation is now enforced when updating status of custom resources. (#111866, @pacoxu)
  • In kube-apiserver, custom resources can now be specified in the --encryption-provider-config file and can be encrypted in etcd. (#113015, @ritazh)
  • Increased the maximum backoff delay of the endpointslice controller to match the expected sequence of delays when syncing Services. (#112353, @dgrisonnet)
  • Known issue: Job field .spec.podFailurePolicy.rules[*].onExitCode might be ignored if the Pod is deleted before it terminates. (#113856, @alculquicondor)
  • Kube-apiserver: DELETECOLLECTION API requests are now recorded in metrics with the correct verb. (#113133, @sxllwx)
  • Kube-apiserver: redirect responses are no longer returned from backends by default. Set --aggregator-reject-forwarding-redirect=false to continue forwarding redirect responses. (#112193, @jindijamie) [SIG API Machinery and Testing]
  • Kube-apiserver: redirects from backend API servers are no longer followed when checking availability with requests to /apis/$group/$version (#112772, @liggitt) [SIG API Machinery and Testing]
  • Kube-apiserver: resolved a regression that treated 304 Not Modified responses from aggregated API servers as internal errors. (#112526, @liggitt)
  • Kube-proxy no longer falls back from ipvs mode to iptables mode if you ask it to do ipvs but the system is not correctly configured. Instead, it will just exit with an error. (#111806, @danwinship) [SIG Network]
  • Kube-scheduler: added taints filtering logic consistent with TaintToleration plugin for PodTopologySpread plugin. (#112357, @SataQiu)
  • Kubeadm will cleanup the stale data on best effort basis. Stale data will be removed when each reset phase are executed, default etcd data directory will be cleanup when the remove-etcd-member phase are executed. (#110972, @chendave) [SIG Cluster Lifecycle]
  • Kubeadm: fixed a bug when performing validation on ClusterConfiguration networking fields. (#112751, @SataQiu)
  • Kubeadm: when a sub command is needed but not provided for a kubeadm command, print a help screen instead of showing a short message. (#111277, @chymy)
  • Kubectl apply: warning that kubectl will ignore no-namespaced resource pv & namespace in a future release if the namespace is specified and allowlist is not specified. (#110907, @pacoxu)
  • Kubectl: fixed a bug where kubectl convert did not pick the right API version (#112700, @SataQiu)
  • Kubelet now cleans up the Node's cloud node IP annotation correctly if you stop using --node-ip. (In particular, this fixes the problem where people who were unnecessarily using --node-ip with an external cloud provider in 1.23, and then running into problems with 1.24, could not fix the problem by just removing the unnecessary --node-ip from the kubelet arguments, because that wouldn't remove the annotation that caused the problems.) (#112184, @danwinship) [SIG Network and Node]
  • Kubelet: Fixed a startup crash in devicemanager. (#113021, @rphillips)
  • Kubelet: fixed log spam from kubelet_getters.go Path does not exist. (#112650, @rphillips)
  • Kubelet: fixed nil pointer in reflector start for standalone mode. (#113501, @pacoxu)
  • Kubelet: when there are multi option lines in /etc/resolv.conf, merge all options into one line in a pod with the Default DNS policy. (#112414, @pacoxu) [SIG Network and Node]
  • Log messages and metrics for the watch cache are now keyed by <resource>.<group> instead of go struct type. This means e.g. that *v1.Pod becomes pods. Additionally, resources that come from CustomResourceDefinitions are displayed as the correct resource and group, instead of *unstructured.Unstructured. (#111807, @ncdc)
  • Moved LocalStorageCapacityIsolationFSQuotaMonitoring back to Alpha. (#112076, @rphillips)
  • NOTE (#113749, @jpbetz) [SIG API Machinery]
  • Nested MountPoints are now grouped correctly on all cases. (#112571, @claudiubelu)
  • Pod failed in scheduling due to expected error will be updated with the reason of SchedulerError rather than Unschedulable. (#111999, @kerthcet)
  • Pod logs using --timestamps are not broken up with timestamps anymore. (#113481, @rphillips)
  • Removed of raising an error when setting an annotation with the same value, just ignore it. (#109505, @zigarn)
  • Resolved an issue that caused winkernel proxier to treat stale VIPs as valid. (#113521, @daschott)
  • The ResourceVersion returned in objects from delete responses is now consistent with the ResourceVersion contained in the delete watch event. (#113369, @wojtek-t)
  • The kube-scheduler and kube-controller-manager now use server side apply to set conditions related to pod disruption. (#113304, @mimowo) [SIG API Machinery, Apps and Scheduling]
  • The errors in k8s.io/apimachinery/pkg/api/meta now support for the stdlibs errors.Is matching, including when wrapped. (#111808, @alvaroaleman)
  • The metrics etcd_request_duration_seconds and etcd_bookmark_counts now differentiate by group resource instead of object type, allowing unique entries per CustomResourceDefinition, instead of grouping them all under *unstructured.Unstructured. (#112042, @ncdc)
  • The pod admission error message was improved for usability. (#112644, @vitorfhc) [SIG Node]
  • The time duration of a failed or unschedulable scheduling attempt will be longer, it now includes the time duration of the unreserve operation. (#113113, @kerthcet)
  • Updated kube-proxy to restart in case it detects that the Node assigned pod.Spec.PodCIDRs have changed. (#111344, @aojea)
  • Updated creation of LoadBalancer services, for there to be fewer AWS security group rules in most cases. (#112267, @sjenning)
  • Updated the system-validators library to v1.8.0 (#112026, @pacoxu)
  • Updates golang.org/x/text`` to v0.3.8`` to fix CVE-2022-32149 (#112989, @ameukam)
  • Volume mount cleanup now considers only plugin directory and not the entire kubelet root (#112607, @mattcary)
  • kubectl now escapes terminal special characters in output. This fixes CVE-2021-25743. (#112553, @dgl)

Other (Cleanup or Flake)

  • 'Promoted cronjob_job_creation_skew metric to stable to follow the cronjob v2 controller, the following metrics had their name updated to match metrics API guidelines:
    • cronjob_job_creation_skew_duration_seconds -> job_creation_skew_duration_seconds.' (#113008, @soltysh)
  • 'Promoted job-related metrics to stable to follow IndexedJobs GA. The following metrics have their name updated to match metrics API guidelines:
    • job_sync_total -> job_syncs_total
    • job_finished_total -> jobs_finished_total' (#113010, @soltysh)
  • 'kubelet_kubelet_credential_provider_plugin_duration was renamed to kubelet_credential_provider_plugin_duration and kubelet_kubelet_credential_provider_plugin_errors was renamed to kubelet_credential_provider_plugin_errors.' (#113754, @logicalhan)
  • A new API server flag --encryption-provider-config-automatic-reload was added to control when the encryption config should be automatically reloaded without needing to restart the server. All KMS plugins are now merged into a single healthz check at /healthz/kms-providers when reload is enabled, or when only KMS v2 plugins are used. (#113529, @enj)
  • Added a --prune-allowlist flag that can be used with kubectl apply --prune. This flag now replaces and functions the same as the --prune-whitelist flag, which has been deprecated. (#113116, @brianpursley)
  • Added a kubernetes_feature_enabled metric which will tell you if a feature is enabled. (#112652, @logicalhan)
  • Deprecated the following kubectl run flags, which are ignored if set: --cascade, --filename, --force, --grace-period, --kustomize, --recursive, --timeout, --wait. (#112261, @brianpursley)
  • Dropped support for the Container Runtime Interface (CRI) version v1alpha2, which means that container runtimes just have to implement v1. (#110618, @saschagrunert)
  • E2e: tests can now register callbacks with ginkgo.BeforeEach, ginkgo.AfterEach or ginkgo.DeferCleanup directly after creating a framework instance and are guaranteed that their code is called after the framework is initialized and before it gets cleaned up. ginkgo.DeferCleanup replaces f.AddAfterEach and AddCleanupAction which got removed to simplify the framework. (#111998, @pohly)
  • Introduce ComponentSLIs alpha feature-gate for component SLIs metrics endpoint. (#112884, @logicalhan) [SIG API Machinery]
  • Kube scheduler Component Config release version v1beta3 is deprecated in v1.26 and will be removed in v1.29, also v1beta2 will be removed in v1.28. (#112257, @kerthcet) [SIG Scheduling]
  • Kube-scheduler: the DefaultPodTopologySpread, NonPreemptingPriority, PodAffinityNamespaceSelector and PreferNominatedNode feature gates that graduated to GA in v1.24 and were unconditionally enabled have been removed in v1.26. (#112567, @SataQiu)
  • Kubeadm: removed the UnversionedKubeletConfigMap feature gate. The feature has been GA and locked to enabled since v1.25. (#113448, @pacoxu)
  • Kubeadm: removed the toleration for the node-role.kubernetes.io/master taint from the CoreDNS deployment of kubeadm. With the 1.25 release of kubeadm the taint node-role.kubernetes.io/master is no longer applied to control plane nodes and the toleration for it can be removed with the release of 1.26. You can also perform the same toleration removal from your own addon manifests. (#112008, @pacoxu)
  • Kubeadm: removed the usage of the --container-runtime=remote flag for the kubelet during kubeadm init/join/upgrade. The flag value remote had been the only possible value since dockershim was removed from the kubelet. (#112000, @pacoxu)
  • Locked ServerSideApply feature gate to true with the feature already being GA. (#112748, @wojtek-t)
  • Refactored test/e2e/framework so that the core framework is smaller. Optional functionality like resource monitoring, log size monitoring, metrics gathering and debug information dumping must be imported by specific e2e test suites. Init packages are provided which can be imported to re-enable the functionality that traditionally was in the core framework. If you have code that no longer compiles because of this PR, you can use the script from a commit message to update that code. (#112043, @pohly)
  • Release-note (#111708, @yangjunmyfm192085) [SIG Apps, Instrumentation and Network]
  • Removed PodOverhead feature gate as the feature is in GA since v1.24. (#112579, @SergeyKanzhelev)
  • Removing Windows Server, Version 20H2 flavors from various container images. (#112924, @marosset)
  • Renamed the feature gate for CEL in Admission Control to ValidatingAdmissionPolicy. (#113735, @cici37)
  • Reworded log message upon image garbage collection failure to be more clear. (#112631, @tzneal) [SIG Node]
  • Scheduler dumper now exposes a summary to indicate the number of pending pods in each internal queue. (#111726, @Huang-Wei) [SIG Scheduling and Testing]
  • Service session affinity timeout tests are no longer required for Kubernetes network plugin conformance due to variations in existing implementations. New conformance tests will be developed to better express conformance in future releases. (#112806, @dcbw) [SIG Architecture, Network and Testing]
  • The IndexedJob and SuspendJob feature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26. (#112589, @SataQiu)
  • The e2e.test binary no longer emits JSON structs to document progress. (#113212, @pohly)
  • The metric etcd_db_total_size_in_bytes is renamed to apiserver_storage_db_total_size_in_bytes. (#113310, @logicalhan) [SIG API Machinery]
  • Updated cri-tools to [v1.25.0(https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.25.0) (#112058, @saschagrunert)
  • GlusterFS in-tree storage driver which was deprecated in kubernetes 1.25 release is now removed entirely in 1.26. (#112015, @humblec)

Dependencies

Added

  • cloud.google.com/go/datastore: v1.1.0
  • cloud.google.com/go/firestore: v1.1.0
  • cloud.google.com/go/pubsub: v1.3.1
  • github.com/OneOfOne/xxhash: v1.2.2
  • github.com/alecthomas/template: fb15b89
  • github.com/alecthomas/units: f65c72e
  • github.com/armon/consul-api: eb2c6b5
  • github.com/armon/go-metrics: f0300d1
  • github.com/armon/go-radix: 7fddfc3
  • github.com/bgentry/speakeasy: v0.1.0
  • github.com/bketelsen/crypt: 5cbc8cc
  • github.com/cenkalti/backoff/v4: v4.1.3
  • github.com/cespare/xxhash: v1.1.0
  • github.com/client9/misspell: v0.3.4
  • github.com/coreos/bbolt: v1.3.2
  • github.com/coreos/etcd: v3.3.13+incompatible
  • github.com/coreos/go-systemd: 95778df
  • github.com/coreos/pkg: 399ea9e
  • github.com/dgrijalva/jwt-go: v3.2.0+incompatible
  • github.com/dgryski/go-sip13: e10d5fe
  • github.com/fatih/color: v1.7.0
  • github.com/go-gl/glfw: e6da0ac
  • github.com/go-logr/stdr: v1.2.2
  • github.com/google/martian: v2.1.0+incompatible
  • github.com/grpc-ecosystem/grpc-gateway/v2: v2.7.0
  • github.com/hashicorp/consul/api: v1.1.0
  • github.com/hashicorp/consul/sdk: v0.1.1
  • github.com/hashicorp/errwrap: v1.0.0
  • github.com/hashicorp/go-cleanhttp: v0.5.1
  • github.com/hashicorp/go-immutable-radix: v1.0.0
  • github.com/hashicorp/go-msgpack: v0.5.3
  • github.com/hashicorp/go-multierror: v1.0.0
  • github.com/hashicorp/go-rootcerts: v1.0.0
  • github.com/hashicorp/go-sockaddr: v1.0.0
  • github.com/hashicorp/go-syslog: v1.0.0
  • github.com/hashicorp/go-uuid: v1.0.1
  • github.com/hashicorp/go.net: v0.0.1
  • github.com/hashicorp/golang-lru: v0.5.1
  • github.com/hashicorp/hcl: v1.0.0
  • github.com/hashicorp/logutils: v1.0.0
  • github.com/hashicorp/mdns: v1.0.0
  • github.com/hashicorp/memberlist: v0.1.3
  • github.com/hashicorp/serf: v0.8.2
  • github.com/jpillora/backoff: v1.0.0
  • github.com/jstemmer/go-junit-report: v0.9.1
  • github.com/kr/logfmt: b84e30a
  • github.com/kr/pty: v1.1.1
  • github.com/magiconair/properties: v1.8.1
  • github.com/mattn/go-colorable: v0.0.9
  • github.com/mattn/go-isatty: v0.0.3
  • github.com/miekg/dns: v1.0.14
  • github.com/mitchellh/cli: v1.0.0
  • github.com/mitchellh/go-homedir: v1.1.0
  • github.com/mitchellh/go-testing-interface: v1.0.0
  • github.com/mitchellh/gox: v0.4.0
  • github.com/mitchellh/iochan: v1.0.0
  • github.com/oklog/ulid: v1.3.1
  • github.com/pascaldekloe/goe: 57f6aae
  • github.com/pelletier/go-toml: v1.2.0
  • github.com/posener/complete: v1.1.1
  • github.com/prometheus/tsdb: v0.7.1
  • github.com/ryanuber/columnize: 9b3edd6
  • github.com/sean-/seed: e2103e2
  • github.com/shurcooL/sanitized_anchor_name: v1.0.0
  • github.com/spaolacci/murmur3: f09979e
  • github.com/spf13/cast: v1.3.0
  • github.com/spf13/jwalterweatherman: v1.0.0
  • github.com/spf13/viper: v1.7.0
  • github.com/subosito/gotenv: v1.2.0
  • github.com/ugorji/go: v1.1.4
  • github.com/xordataexchange/crypt: b2862e3
  • go.opentelemetry.io/contrib/propagators/b3: v1.10.0
  • go.opentelemetry.io/otel/exporters/otlp/internal/retry: v1.10.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.10.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.10.0
  • gopkg.in/ini.v1: v1.51.0
  • gopkg.in/resty.v1: v1.12.0
  • rsc.io/binaryregexp: v0.2.0
  • rsc.io/quote/v3: v3.1.0
  • rsc.io/sampler: v1.3.0

Changed

  • dmitri.shuralyov.com/gpu/mtl: 28db891 → 666a987
  • github.com/antlr/antlr4/runtime/Go/antlr: f25a4f6 → v1.4.10
  • github.com/aws/aws-sdk-go: v1.38.49 → v1.44.116
  • github.com/container-storage-interface/spec: v1.6.0 → v1.7.0
  • github.com/containerd/ttrpc: v1.0.2 → v1.1.0
  • github.com/cpuguy83/go-md2man/v2: v2.0.1 → v2.0.2
  • github.com/dnaeon/go-vcr: v1.0.1 → v1.2.0
  • github.com/docker/docker: v20.10.17+incompatible → v20.10.18+incompatible
  • github.com/docker/go-units: v0.4.0 → v0.5.0
  • github.com/emicklei/go-restful/v3: v3.8.0 → v3.9.0
  • github.com/felixge/httpsnoop: v1.0.1 → v1.0.3
  • github.com/fsnotify/fsnotify: v1.4.9 → v1.6.0
  • github.com/go-kit/log: v0.1.0 → v0.2.0
  • github.com/go-logfmt/logfmt: v0.5.0 → v0.5.1
  • github.com/go-openapi/jsonreference: v0.19.5 → v0.20.0
  • github.com/google/cadvisor: v0.45.0 → v0.46.0
  • github.com/google/cel-go: v0.12.4 → v0.12.5
  • github.com/google/go-cmp: v0.5.6 → v0.5.9
  • github.com/google/pprof: 94a9f03 → 4bb14d4
  • github.com/gopherjs/gopherjs: fce0ec3 → 0766667
  • github.com/inconshreveable/mousetrap: v1.0.0 → v1.0.1
  • github.com/karrick/godirwalk: v1.16.1 → v1.17.0
  • github.com/konsorten/go-windows-terminal-sequences: v1.0.2 → v1.0.3
  • github.com/matttproud/golang_protobuf_extensions: v1.0.1 → v1.0.2
  • github.com/moby/sys/mountinfo: v0.6.0 → v0.6.2
  • github.com/moby/term: 3f7ff69 → 39b0c02
  • github.com/onsi/ginkgo/v2: v2.1.4 → v2.4.0
  • github.com/onsi/gomega: v1.19.0 → v1.23.0
  • github.com/opencontainers/runc: v1.1.3 → v1.1.4
  • github.com/prometheus/client_golang: v1.12.1 → v1.14.0
  • github.com/prometheus/client_model: v0.2.0 → v0.3.0
  • github.com/prometheus/common: v0.32.1 → v0.37.0
  • github.com/prometheus/procfs: v0.7.3 → v0.8.0
  • github.com/smartystreets/assertions: v1.1.0 → b2de0cb
  • github.com/spf13/afero: v1.6.0 → v1.2.2
  • github.com/spf13/cobra: v1.4.0 → v1.6.0
  • github.com/stretchr/objx: v0.2.0 → v0.4.0
  • github.com/stretchr/testify: v1.7.0 → v1.8.0
  • go.etcd.io/etcd/api/v3: v3.5.4 → v3.5.5
  • go.etcd.io/etcd/client/pkg/v3: v3.5.4 → v3.5.5
  • go.etcd.io/etcd/client/v2: v2.305.4 → v2.305.5
  • go.etcd.io/etcd/client/v3: v3.5.4 → v3.5.5
  • go.etcd.io/etcd/pkg/v3: v3.5.4 → v3.5.5
  • go.etcd.io/etcd/raft/v3: v3.5.4 → v3.5.5
  • go.etcd.io/etcd/server/v3: v3.5.4 → v3.5.5
  • go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful: v0.20.0 → v0.35.0
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.20.0 → v0.35.0
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.20.0 → v0.35.0
  • go.opentelemetry.io/otel/metric: v0.20.0 → v0.31.0
  • go.opentelemetry.io/otel/sdk: v0.20.0 → v1.10.0
  • go.opentelemetry.io/otel/trace: v0.20.0 → v1.10.0
  • go.opentelemetry.io/otel: v0.20.0 → v1.10.0
  • go.opentelemetry.io/proto/otlp: v0.7.0 → v0.19.0
  • go.uber.org/goleak: v1.1.10 → v1.2.0
  • golang.org/x/crypto: 3147a52 → v0.1.0
  • golang.org/x/exp: 85be41e → 6cc2880
  • golang.org/x/mobile: e6ae53a → d2bd2a2
  • golang.org/x/mod: 86c51ed → v0.6.0
  • golang.org/x/net: a158d28 → 1e63c2f
  • golang.org/x/oauth2: d3ed0bb → ee48083
  • golang.org/x/sys: 8c9f86f → v0.3.0
  • golang.org/x/term: 03fcf44 → v0.3.0
  • golang.org/x/text: v0.3.7 → v0.5.0
  • golang.org/x/tools: v0.1.12 → v0.2.0
  • google.golang.org/grpc: v1.47.0 → v1.49.0
  • google.golang.org/protobuf: v1.28.0 → v1.28.1
  • k8s.io/gengo: c02415c → c0856e2
  • k8s.io/klog/v2: v2.70.1 → v2.80.1
  • k8s.io/kube-openapi: 67bda5d → 172d655
  • k8s.io/system-validators: v1.7.0 → v1.8.0
  • k8s.io/utils: ee6ede2 → 1a15be2
  • sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.32 → v0.0.33
  • sigs.k8s.io/yaml: v1.2.0 → v1.3.0

Removed

  • github.com/ajstarks/svgo: 644b8db
  • github.com/auth0/go-jwt-middleware: v1.0.1
  • github.com/boltdb/bolt: v1.3.1
  • github.com/fogleman/gg: 0403632
  • github.com/getkin/kin-openapi: v0.76.0
  • github.com/go-ozzo/ozzo-validation: v3.5.0+incompatible
  • github.com/golang/freetype: e2365df
  • github.com/gophercloud/gophercloud: v0.1.0
  • github.com/gorilla/mux: v1.8.0
  • github.com/heketi/heketi: v10.3.0+incompatible
  • github.com/heketi/tests: f3775cb
  • github.com/jung-kurt/gofpdf: 24315ac
  • github.com/kr/fs: v0.1.0
  • github.com/lpabon/godbc: v0.1.1
  • github.com/mvdan/xurls: v1.1.0
  • github.com/pkg/sftp: v1.10.1
  • github.com/remyoudompheng/bigfft: 52369c6
  • github.com/russross/blackfriday: v1.5.2
  • github.com/urfave/negroni: v1.0.0
  • go.opentelemetry.io/contrib/propagators: v0.20.0
  • go.opentelemetry.io/contrib: v0.20.0
  • go.opentelemetry.io/otel/exporters/otlp: v0.20.0
  • go.opentelemetry.io/otel/oteltest: v0.20.0
  • go.opentelemetry.io/otel/sdk/export/metric: v0.20.0
  • go.opentelemetry.io/otel/sdk/metric: v0.20.0
  • gonum.org/v1/gonum: v0.6.2
  • gonum.org/v1/netlib: 7672324
  • gonum.org/v1/plot: e2840ee
  • modernc.org/cc: v1.0.0
  • modernc.org/golex: v1.0.0
  • modernc.org/mathutil: v1.0.0
  • modernc.org/strutil: v1.0.0
  • modernc.org/xc: v1.0.0
  • rsc.io/pdf: v0.1.1

v1.26.0-rc.1

Downloads for v1.26.0-rc.1

Source Code

filename sha512 hash
kubernetes.tar.gz 9f60096e87359e5a35f16d5ceafae855124ce252e124ec6454d8a34757f25a104a22285faed562f8c6ad8178eb79c6bcd9c7b1dde0b81c062eea776e95f50a72
kubernetes-src.tar.gz 127edcbd0e28070ea70ac57c4d0bb2989e02ef19d0f5b8ff90d23f6c09cdc1befd6a27ea53684928850669d50bc59ad25e62e5a9bade725bd69c0c5dadfe1fd3

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz c4d3aceb58ac81b4b2c0225d58bca75a527d3b686bdcc8f94abdeb84a64729ab9fafed83caee47ded141e1b3ac63cfa4ddcd5c7a249c5e30766fe3b4206f2c5e
kubernetes-client-darwin-arm64.tar.gz 3b9d7474394187d97b4b8c8aad22744425e44bca875231644d609a4086da3ef9c805d0b2205aaedc3214e4727fe322f83e1bc7de0e86de8073aad73663c6a232
kubernetes-client-linux-386.tar.gz 8034ebfe53d8197e059e5702f5fad6a78295ea170150a5deb0def6aaa833b1d28b9b58e95ad0e342f462e0cf433416802e473e2819c2f0444ce123daa3f90a94
kubernetes-client-linux-amd64.tar.gz 236a3d1b1bd39ae66187fe7b4d841d3efaf8a0d00047b4a7cf0604881f7c596b760271bc6d359664878f9687ff1b0a76be079ae98a42ceeca4bf9d19b1a31ecf
kubernetes-client-linux-arm.tar.gz 6b53cfc34b015e36579039426b1eadfd0126ccc5d8ad443226a2ccf60069133d9b753f9432ad8cc0137c70c91095ad851d8a1263967b25fb8a259c7d75ca52fd
kubernetes-client-linux-arm64.tar.gz 5792a32fa1ee641b8e73150c67e252a9c358a6f9c71954e31324241a9316e97561cbcf07244eba7f9bcaba1f93ff6a6315d8298f706ef31abcfb827d3a37d334
kubernetes-client-linux-ppc64le.tar.gz 3056e95dd631f94bd992955242520239d7d011a7fa3024581598094bd5fb9a7a85d04c1ab4e5673ba8d669133d9b97ee590c99e24e7f2d1ba115ab4930593007
kubernetes-client-linux-s390x.tar.gz f8424a03a46d2b65f7d853dd74f6ee03ce29669e878c3f2584a25d2f03f9b90c48f6cdb4667f524657eca222adf04dbc8cba31f9bef5a1c8426e97a97ffda135
kubernetes-client-windows-386.tar.gz c9218f53497e7ce05607d79c130194262f19948d5b4c1ac16093fef48bcebdbc69162677cfd2d3e1b1bf73220a331156e28460f2443ba47006d9e4aa8a21e0a5
kubernetes-client-windows-amd64.tar.gz 62e115a066335a43d504c86b6f6f8749e018ebc1271a6bc75e8e0007c29384c153349731db551996f81dd31cae01f8d74cf9abe170ddb1a134083df0fc9575e9
kubernetes-client-windows-arm64.tar.gz 15e8ee687996b69c3eae81beeefac84292adb3e2da9bd8d4103a5c9c44bde4f5bf134ec6851cc32c1b07ac73c710160c938a2f4059c40149daf665cb8800e63a

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 8c8ade7261823c05e5e9818ea3e50271ff1900fcefe53be88f82d4b22e489211411f934d798d056406b3c4d409eec6deeaa0ee66287c0f0ac5969949edb050c2
kubernetes-server-linux-arm.tar.gz a2265ce14e0638d95f2732a15fb431548d7a88ae5e24015bff638a762944791c86d2b79163485308a3dc5b8fa2239bbdb1d0963b88b55cacd138e49581fc8c6f
kubernetes-server-linux-arm64.tar.gz 445d1e73673f8dd91e3afb6e4fc63c5b470b3f882bbe3c0008763730915fce6f43ac7c21175c51c9ce4abaf4d26b09348bb8fd1fd762df27bdccc4595364ecfc
kubernetes-server-linux-ppc64le.tar.gz 2fcfc2772587c195adbdbe67a357e0c4536c0ce8cfa14a8fed63d021452fa6b75f9ddf499243a6cf99ac6f34ea5bfcffa61d7a22d7e42cbd5a7b3d040c311e54
kubernetes-server-linux-s390x.tar.gz 6e03a5fcbcc4c03137535ac70f1f2156376ec67870de9e52c06a4df1db1bae209309f9f40c4b8607ffb3319c035be279d854487edba1f77ac38173e63fe185ca

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 4d409c919817fd8b0b786e76ed7b15efa823ed779732a17945a0cd29e37511a98b54959ab89445f2f75e56f8ec243193f706cc6499434ad71e3472f50f95438e
kubernetes-node-linux-arm.tar.gz e97630f0e442db2839e8b841b2442005687e57f74f6070ab874bed2deb5f4955ee945555237c6102c306db44677dc1f3db83b734ed03d64ddc47d2278de8c1c0
kubernetes-node-linux-arm64.tar.gz 7e51982c019417b6f1ef05e07a03cc10c236908b78fec86d59d1102c707373775dbe2e6992fd818b103a86e6e2ce0c603123e346c334844e06908cb8db698b31
kubernetes-node-linux-ppc64le.tar.gz 27154ac9cf36f74ba7d42cb7cc0002673519dab9b6ab8ff6784fcc2613091f5da5828b24dd7cfcc708fd561fbfecd4f48920e159e96bf86a1712417965614490
kubernetes-node-linux-s390x.tar.gz 9e1f47c40bff72bfa9be18c4eedfd0b334c509dab2639ff9ae8e1f0273fca13ff793e27fcf2cadc8f519ba630d66d324ecbb46e32838760d0cebe3e54228eed0
kubernetes-node-windows-amd64.tar.gz d0daa931f9a1fe301a1e5875789c466acf2fef5c769c08776d11b33ba21e7f49c00aa826c5c5a8b696835df0c3132325580393ca79d45e54dfe98f759d3b1768

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
registry.k8s.io/conformance:v1.26.0-rc.1 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.26.0-rc.1 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.26.0-rc.1 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.26.0-rc.1 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.26.0-rc.1 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.26.0-rc.0

Changes by Kind

Bug or Regression

  • Fix endpoint reconciler not being able to delete the apiserver lease on shutdown (#114122, @aojea) [SIG API Machinery]

  • Fixed a bug that resulted in "grpc: the client connection is closing" errors shortly after the Kubernetes API server automatically reloaded its encryption-at-rest config due to an observed change to the file. This bug was only encountered when the --encryption-provider-config-automatic-reload flag was set to true. (#113955, @enj) [SIG API Machinery, Auth and Testing]

  • When the feature gates PodDisruptionConditions and JobPodFailurePolicy are both enabled, the Job controller now does not consider a terminating Pod (a pod that has a .metadata.deletionTimestamp) as a failure until that Pod is terminal (its .status.phase is Failed or Succeeded).

    However, the Job controller creates a replacement Pod as soon as the termination becomes apparent. Once the pod terminates, the Job controller evaluates .backoffLimit and .podFailurePolicy for the relevant Job, taking this now-terminated Pod into consideration.

    This behavior is limited to Jobs with .spec.podFailurePolicy set, and only when those two feature gates are both enabled. If either of these requirements is not satisfied, the Job controller counts a terminating Pod as an immediate failure, even if that Pod later terminates with phase: "Succeeded". (#113860, @alculquicondor) [SIG Apps]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.26.0-rc.0

Downloads for v1.26.0-rc.0

Source Code

filename sha512 hash
kubernetes.tar.gz c029cbe4bac02811164d6caf5c2474afb57ef0c8d1e5d4c3728a5ca38deff50dff354bc5b63f6a5c831a5d1944c559f5c33ebb5a6f13b2219bcc889127b74184
kubernetes-src.tar.gz 0166a2421ce2ac5a6a5eb9a47f6c3195072e2ea3c6cf042e90fa20ed9624b7f6f3c3fc7fb9403c005e25c14b668cd33aa153c18d66b3a38722d2ea22edb13d88

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 73dd4446f6f58698f5dacc771d49eea436ee7a35edbf29b0470e077325385882544a35bc6c0aa4da8a0fcb4f521d25bb394097fc7895fc8b82e70d928d610dcd
kubernetes-client-darwin-arm64.tar.gz 8b09a1ab7cd916cfe8a957b459d47dc789405232a09d17313b73ba2174ed61443460835dbdc9420731e29620954713eadc608546c16888902ef729ffa2a4207c
kubernetes-client-linux-386.tar.gz 2766bc4210815f141a1862c00c827bc6c4c1f2184d10f40884647da896855a4ae35e174daebda22b55a40ba5d18a4a4efef26ba4a57f25a0cb5b6cb5c0d52604
kubernetes-client-linux-amd64.tar.gz e9dc23e70cf54b2daddeb6c6b8dd4a7688311b9aa073ed7a6b7e49f197c4c2c4f5c08eb8289f5341bfd6da6e34f9b9d3a050d20d6e3de82af7c43387ff84abff
kubernetes-client-linux-arm.tar.gz d19a5b00fa829a541bab13150ecdfd4427c1f2ae92061c338a93ca3c36c8609fa77dfe5fc05c7f54f117e0c299a79beb5ac14921819cd5a34e3debc9818aeedc
kubernetes-client-linux-arm64.tar.gz 63a69da8a5570a08daf2fed9e55e456a761df0aba683cd3b84c6ee3dc6657d982adacf00655c485e6bfb03e9d60e0b89e1dbb568ca92e8e1c458752e24a64bbc
kubernetes-client-linux-ppc64le.tar.gz 1d63b821339b4bb2c3cc9e3eec949a33143c0fbff96d7f723dcd7aecdb2fc7c40d66b569c70f58c012070e206826d9e0070aaed0bb2c87b251a1d644915a5a2a
kubernetes-client-linux-s390x.tar.gz dda2f1cb4def6094184d24be792fb8de12cd217eda75cf5f9510191956fa01bf3d130329a3318e2b26845b3335fb1dc74e92adb4d20bc5c7842670836eefc993
kubernetes-client-windows-386.tar.gz b3a2fea1264a00f6cc1e09b76df6de9ea63988bccc1e568724a1f5a028e921c0832ef09665ea81077d2b58a8127345faa94d3570c4ccb0d4329a85c492152e34
kubernetes-client-windows-amd64.tar.gz ac2db53ec5a5421bdebe24ac0ac7a5b585c9e6883f95c2424d6041707bf6b68a8b1e8a9f2ca594fa969e9d555b375cffe684922bfd65149d0d738067bcad0aa9
kubernetes-client-windows-arm64.tar.gz 0f8c501689f44cdeee4c5917c09e57ee6e5bcac78626fc1fe839a367a80f16ac9724dcc0220e29d169aa3fa8fe379365167814883c1d8596f220b418433cdf55

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 083916605845bce97c5cb371086122ac1d985853bf565f4619c9463d70f4e0f9f538a1dde9a2c2b79ea4646ced702600b7abab166554d607a6edaec3dc6a73ef
kubernetes-server-linux-arm.tar.gz 68212f3854e33b5657f280839f3bda53bf048adf5630342070447db1b3a37004923f3388c51f9d40a54831f9709010669fa712ee937ad4bcf1c9f5c5f4f1b0f8
kubernetes-server-linux-arm64.tar.gz 8ded836f67e98240e8e5e6c9ce0a56c3466563462c75e55b5043afe4d1dea30059753fb49d00044083d50b1fda3cbc3b7ac1ba3232ea743706a38684a55131a7
kubernetes-server-linux-ppc64le.tar.gz 4bf5a296b54e805b795777f99b40054287b4a7d5857897b47e3da4f6cdbfe4b91d771c85facfaf96340d14f3764d15d3b019a53961c0b5ffd76fb1e60f2fa586
kubernetes-server-linux-s390x.tar.gz 4cf0e6a16d011fc0f2a6801b5b0c09e70caffe949f0ef1b5230379ef6f79a9a874b7c6a1c7a49ed8080324c0bf12d43e8181aca9ab2251df7d508dc9e050d6a3

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz b60d6ecaa093b912478c3402a0bb4b01a553fbf8220ce0ed587c5181df2473b7b85750d47e6e30bf935cf616aa1912a5c034fe2e425e5b51bf9a71af634f76ea
kubernetes-node-linux-arm.tar.gz f8120e276b91fbb88e2458e14b067c2f3517d09d8250cfbdf0306d51fff8355c7dc3e83f66216c803a34b521c40f3ad5b62d79a7f4f86f1a25e2057f098ac024
kubernetes-node-linux-arm64.tar.gz 09ca76f6a681a489cc6c291358eeca10666ffee7a82382e87714684f24e67ea97bffdafb0b83a01641893db5cabe480b83f9afc77fabb850eeb0a173a2349526
kubernetes-node-linux-ppc64le.tar.gz a09d28611f73193f33f07da4e2fff5987a4332893381f8322fc7a48a2884856c75cce306fced1cb0cd18119e9f801c95307128567400749792a67cd797b5ba01
kubernetes-node-linux-s390x.tar.gz 665b856bb641960a654829ef532dab84768e59a6653b07d7d8fd613364e07eff79f102b05799ca718b7ad5f0bd01128b3aa3498ea5afea70992c4cbcb3154065
kubernetes-node-windows-amd64.tar.gz f1d1d38db0a22e68f8c872bcb0569452ade58d5d3d4bb93233a0bea45c70bd8264eaa5cd03cc92e463f7f4c29ee3114a8696748f8f925da5033144e0e9298376

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
registry.k8s.io/conformance:v1.26.0-rc.0 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.26.0-rc.0 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.26.0-rc.0 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.26.0-rc.0 amd64, arm, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.26.0-rc.0 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.26.0-beta.0

Changes by Kind

API Change

  • Add a ResourceClaim API (in the resource.k8s.io/v1alpha1 API group and behind the DynamicResourceAllocation feature gate). The new API is more flexible than the existing Device Plugins feature of Kubernetes because it allows Pods to request (claim) special kinds of resources, which can be available at node level, cluster level, or following any other model you implement. (#111023, @pohly) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release, Scheduling, Storage and Testing]
  • PodDisruptionBudget adds an alpha spec.unhealthyPodEvictionPolicy field. When the PDBUnhealthyPodEvictionPolicy feature-gate is enabled in kube-apiserver, setting this field to "AlwaysAllow" allows pods to be evicted if they do not have a ready condition, regardless of whether the PodDisruptionBudget is currently healthy. (#113375, @atiratree) [SIG API Machinery, Apps, Auth and Testing]

Feature

  • Promote kubectl alpha events to kubectl events (#113819, @soltysh) [SIG CLI and Testing]

Bug or Regression

  • Known issue: Job field .spec.podFailurePolicy.rules[*].onExitCode might be ignored if the Pod is deleted before it terminates. (#113856, @alculquicondor) [SIG Apps]

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.26.0-beta.0

Downloads for v1.26.0-beta.0

Source Code

filename sha512 hash
kubernetes.tar.gz 9aa7ea4dac63ca19b62dbb5ff3769f96d52f17d14050bdb4832936b6732879b93544ffae4411783e57b5171e12bc7bba8dbd275fdbc0755712a0b80069d06097
kubernetes-src.tar.gz 350ee84981bdc47f1ccee421efe2102d1323195b605c79884a0a3628c49d20533bbf3f49d54a3ce94b2a5627290103a4edd14cfdd1bd732c859f88ad06ad178a

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 8333a7b382ce29c79f9d2958c90e5e34c3af205a64d7f99bf94817df92879b136ba1f40a675555368aee68a9278a03142f20b8cb1797d1eaa3ba2344e2109904
kubernetes-client-darwin-arm64.tar.gz 5f263002532b818c9dca80119f7fe78474f7fee66d13409e8fad588b1aa7edda7a333a1f0982b86582b0a202f57253a6ae7a64ecba9569e9b08f478f1cc2c2e3
kubernetes-client-linux-386.tar.gz 344a33e30a29043533810d48f42d34d25a919925f85610b232c8c2f9da04c6faa2e43bc45dc7cb2d04c4c7bc24e6d77621abdc667a4a0707082212505babe5d5
kubernetes-client-linux-amd64.tar.gz 267dd3143813d7462dc821ec2ebf22c266280420fdecbbaf73e4f03a803ef4be5e0e98bbac036e0ba96e4c56ba937cf1064ed91208dff0b91797b3243810d097
kubernetes-client-linux-arm.tar.gz c1779aa4bed88510640de2f2c964c981f188a6a15d2e468e503982ad63f20a0f282752d9e3d9e811895ccf7e8847fe9c7bbecb76d64d087e83a9677c8d6a6ad0
kubernetes-client-linux-arm64.tar.gz 82170b76010c8f54c8a40684a1226433626afabd6c585cd41035e17aa8923d1c3991cbae0d77ca79153a972d8840b92d1958e253e3a9ae5eda2b9e8d9c09d01e
kubernetes-client-linux-ppc64le.tar.gz d0e59ec798ef03c01990e184847b1bfd38805d9e95901699c5bbbdf31d2e942dab63a8fb68656dc9affd0fa483efb360751d5d0b445f9d6c1e9713c1f10d1f7f
kubernetes-client-linux-s390x.tar.gz d2ebeadcdd809f9f1ee4bd1884efd5093279cc3511c791007061ee980becdf7e1e3980f61f644b7425d1ec10c386d8c74e9296031472376bf8ea481c047920e9
kubernetes-client-windows-386.tar.gz 04d7a1387112428283081fc74bcaf83d7a7dbe59f58bad45794603e8dfa4cee723aa1b4fd1616c96dc9ff2e49a246345d4135756d9779a86916d41e4cbeae46c
kubernetes-client-windows-amd64.tar.gz db7680b960de8f2f0da782ae2e6b2e396c5b4606e7c894af5bf4e5627fb83d635b3b7f893af80252515bd0fef2accf6b598ba5042ffd5e9c8d71cff68fc4ab25
kubernetes-client-windows-arm64.tar.gz 7ff409c0c1f2ca26f42dd6199b559df390238f17c1bf868a10e8d1433bfe7305bed57f20b187a806076f2788a64ad224998ac5dfaeb20a7cef01dfc6bf025de0

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz ef82141b01f845ad0576207cf528a9d1f8be681e1fd4744d4e01f3692491a0a640de92f79ef4294d924deee29926de4b0eefc6757addc6a27557c79ca94e3c46
kubernetes-server-linux-arm.tar.gz 14f2be17866492accd69225b55ddca636aa46cd825a9092bb2bf05cd2adc04c59e0b8271adab4b345b8368337863a3884d608ca7e8de48d3598d1b144e4142dc
kubernetes-server-linux-arm64.tar.gz c7df332e9bb9c20abdd3a0e2a57509e3ef7b5ea0eadee6cffc09c6cbffb0e01fb845a1135a7d4ea3e784227022839bae8936a3d95846b5fde23bf7e096413c1c
kubernetes-server-linux-ppc64le.tar.gz a5e5b2d60a4fde3db2214a0509c677e94c205fab7350b57dca79558a999f28752fe096ee863d4c9c410079fab3a08665aec84cb1a1732d53e9ac09cffe65b389
kubernetes-server-linux-s390x.tar.gz 4d84170a3a5bcea73db3c922154724e4021dd3fd20833698428002975eec1a958f528f54d747870ace58859741eeebc7caec1074ae84ba08b35d5a1efa1ab0d1

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 2a194c2e2da4949df32806a7592716406ab3148287e6c97285155e0c7390b8cbcdbd426fb4ff40885f1db7b31355e7bcf9f590edeb77318ba5e39e92e40569f1
kubernetes-node-linux-arm.tar.gz 960ab6a725cd5b9ac59449cda00605a4f4d876541b362852cd2c915b1cf449713139c540f1a7d8e48920a67515fc3389007313cfa348e886ec7e4cb7c783e90e
kubernetes-node-linux-arm64.tar.gz ee3c62ab7174e737c372325a5bc086b61d42b957211e6fb1061aafee8f24284ceca22c0d7c2e92020327a8cf4bd1fe9a8cd685174c0c5ae03bb7ed293c1d6dc6
kubernetes-node-linux-ppc64le.tar.gz 28dc29007d319172c82b6ae675a218ce4dc484ddb81371ddccd5e5aeced90aa4033a08eb6ac3d562627b7762988d7de2f72fbfddada454009b9f3c0137d23864
kubernetes-node-linux-s390x.tar.gz ebdb47d96ae97ec6abfa9ec0863b1ead84615c49be950e79dff27a8a6a2454044854976545017947528ab104007f9010a27d68b96916219934e541bbafd23851
kubernetes-node-windows-amd64.tar.gz f2197c28414f98a77cc501a47a960be22c45a19f1023c0a4a426442aa719a7c6b66a660ad9721d817216e59ac2ce8a2d0e7db89c1e36b4938833329af40b85af

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.26.0-beta.0 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.26.0-beta.0 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.26.0-beta.0 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.26.0-beta.0 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.26.0-beta.0 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.26.0-alpha.3

Changes by Kind

Deprecation

  • CLI flag pod-eviction-timeout is deprecated and will be removed together with enable-taint-manager in v1.27. (#113710, @kerthcet) [SIG API Machinery and Apps]

API Change

  • A new preEnqueue extension point is added to scheduler's component config v1beta2/v1beta3/v1. (#113275, @Huang-Wei) [SIG API Machinery, Apps, Instrumentation, Scheduling and Testing]

  • Add a new namespace alpha field to dataSourceRef field in PersistentVolumeClaim API. (#113186, @ttakahashi21) [SIG API Machinery, Apps, Storage and Testing]

  • Add a kube-proxy flag (--iptables-localhost-nodeports, default true) to allow disabling NodePort services on loopback addresses. Note: this only applies to iptables mode and ipv4. (#108250, @cyclinder) [SIG API Machinery, Cloud Provider, Network, Node, Scalability, Storage and Testing]

  • Added a --topology-manager-policy-options flag to the kubelet to support fine tuning the topology manager policies. The first policy option, prefer-closest-numa-nodes, allows these policies to favor sets of NUMA nodes with shorter distance between nodes when making admission decisions. (#112914, @PiotrProkop) [SIG API Machinery and Node]

  • Added a feature that allows a StatefulSet to start numbering replicas from an arbitrary non-negative ordinal, using the .spec.ordinals.start field. (#112744, @pwschuurman) [SIG API Machinery and Apps]

  • Deprecate the apiserver_request_slo_duration_seconds metric for v1.27 in favor of apiserver_request_sli_duration_seconds for naming consistency purposes with other SLI-specific metrics and to avoid any confusion between SLOs and SLIs. (#112679, @dgrisonnet) [SIG API Machinery and Instrumentation]

  • Enable the "Retriable and non-retriable pod failures for jobs" feature into beta (#113360, @mimowo) [SIG Apps, Auth, Node, Scheduling and Testing]

  • Graduate JobTrackingWithFinalizers to stable. Jobs created before the feature was enabled are still tracked without finalizers. Users can choose to migrate jobs to tracking with finalizers by adding the annotation batch.kubernetes.io/job-tracking. If the annotation was already present and the user attempts to remove it, the control plane adds the annotation back. (#113510, @alculquicondor) [SIG API Machinery, Apps and Testing]

  • Graduate ServiceInternalTrafficPolicy feature to GA (#113496, @avoltz) [SIG Apps and Network]

  • If you enabled automatic reload of encryption configuration with API server flag --encryption-provider-config-automatic-reload, ensure all the KMS provider names (v1 and v2) in the encryption configuration are unique. (#113697, @aramase) [SIG API Machinery and Auth]

  • Introduce v1alpha1 API for validating admission policies, enabling extensible admission control via CEL expressions (KEP 3488: CEL for Admission Control). To use, enable the ValidatingAdmissionPolicy feature gate and the admissionregistration.k8s.io/v1alpha1 API via --runtime-config. (#113314, @cici37) [SIG API Machinery, Auth, Cloud Provider and Testing]

  • Kubelet adds the following pod failure conditions:

    • DisruptionTarget (graceful node shutdown, node pressure eviction) (#112360, @mimowo) [SIG Apps, Node and Testing]
  • Metav1.LabelSelectors specified in API objects are now validated to ensure they do not contain invalid label values that will error at time of use. Existing invalid objects can be updated, but new objects are required to contain valid label selectors. (#113699, @liggitt) [SIG API Machinery, Apps, Auth, Network and Storage]

  • Moving MixedProtocolLBService from beta to GA (#112895, @janosi) [SIG Apps, Network and Testing]

  • New Pod API field .spec.schedulingGates is introduced to enable users to control when to mark a Pod as scheduling ready. (#113274, @Huang-Wei) [SIG Apps, Scheduling and Testing]

  • NodeInclusionPolicy in podTopologySpread plugin is enabled by default. (#113500, @kerthcet) [SIG API Machinery, Apps, Scheduling and Testing]

  • Priority and Fairness has introduced a new feature called borrowing that allows an API priority level to borrow a number of seats from other priority level(s). As a cluster operator, you can enable borrowing for a certain priority level configuration object via the two newly introduced fields lendablePercent, and borrowingLimitPercent located under the .spec.limited field of the designated priority level. This PR adds the following metrics.

    • apiserver_flowcontrol_nominal_limit_seats: Nominal number of execution seats configured for each priority level
    • apiserver_flowcontrol_lower_limit_seats: Configured lower bound on number of execution seats available to each priority level
    • apiserver_flowcontrol_upper_limit_seats: Configured upper bound on number of execution seats available to each priority level
    • apiserver_flowcontrol_demand_seats: Observations, at the end of every nanosecond, of (the number of seats each priority level could use) / (nominal number of seats for that level)
    • apiserver_flowcontrol_demand_seats_high_watermark: High watermark, over last adjustment period, of demand_seats
    • apiserver_flowcontrol_demand_seats_average: Time-weighted average, over last adjustment period, of demand_seats
    • apiserver_flowcontrol_demand_seats_stdev: Time-weighted standard deviation, over last adjustment period, of demand_seats
    • apiserver_flowcontrol_demand_seats_smoothed: Smoothed seat demands
    • apiserver_flowcontrol_target_seats: Seat allocation targets
    • apiserver_flowcontrol_seat_fair_frac: Fair fraction of server's concurrency to allocate to each priority level that can use it
    • apiserver_flowcontrol_current_limit_seats: current derived number of execution seats available to each priority level

    The possibility of borrowing means that the old metric apiserver_flowcontrol_request_concurrency_limit can no longer mean both the configured concurrency limit and the enforced concurrency limit. Henceforth it means the configured concurrency limit. (#113485, @MikeSpreitzer) [SIG API Machinery and Testing]

  • The EndpointSliceTerminatingCondition feature gate has graduated to GA. The gate is now locked and will be removed in v1.28. (#113351, @andrewsykim) [SIG API Machinery, Apps, Network and Testing]

  • Yes, aggregated discovery will be alpha and can be toggled with the AggregatedDiscoveryEndpoint feature flag (#113171, @Jefftree) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Network, Node, Release, Scalability, Scheduling, Storage and Testing]

Feature

  • API Server tracing now includes the latency of authorization, priorityandfairness, impersonation, audit, and authentication filters. (#113217, @dashpole) [SIG API Machinery and Instrumentation]
  • Add a method StreamWithContext to remotecommand.Executor to support cancelable SPDY executor stream. (#103177, @arkbriar) [SIG API Machinery, CLI, Node and Testing]
  • Add alpha support for returning container and pod metrics from CRI, instead of cAdvsior (#113609, @haircommander) [SIG Architecture, Instrumentation and Node]
  • Add support for Evented PLEG feature gate (#111384, @harche) [SIG Node and Testing]
  • Add the metric pod_start_sli_duration_seconds to kubelet (#111930, @azylinski) [SIG Instrumentation, Node and Testing]
  • Added reconstruction of SELinux mount context after kubelet restart. Feature SELinuxMountReadWriteOncePod is now fully implemented and kubelet does not lose its cache of SELinux contexts after kubelet process restart. (#113596, @jsafrane) [SIG Apps, Node, Storage and Testing]
  • Added selector validation to HorizontalPodAutoscaler: when multiple HPAs select the same set of Pods, scaling now will be disabled for those HPAs with the reason AmbiguousSelector. This change also covers a case when multiple HPAs point to the same deployment. (#112011, @pbeschetnov) [SIG Apps and Autoscaling]
  • Added: publishing events when enabling/disabling topologyAwareHints. (#113544, @LiorLieberman) [SIG Apps and Network]
  • Adding alpha support for WindowsHostNetworking feature (#112961, @marosset) [SIG Node and Windows]
  • Adds alpha --output plaintext protected by environment variable KUBECTL_EXPLAIN_OPENAPIV3 (#113146, @alexzielenski) [SIG CLI]
  • Adds metrics force_delete_pods_total and force_delete_pod_errors_total in the Pod GC Controller. (#113519, @xing-yang) [SIG Apps]
  • CSIMigrationvSphere upgraded to GA and locked to true. Do not upgrade to K8s 1.26 if you need Windows support until vSphere CSI Driver adds support for it in a version post v2.7.x. (#113336, @divyenpatel) [SIG Storage]
  • DelegateFSGroupToCSIDriver feature is GA. (#113225, @bertinatto) [SIG Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
  • Graduate Kubelet CPU Manager to GA. (#113018, @fromanirh) [SIG Node and Testing]
  • Graduate Kubelet Device Manager to GA. (#112980, @swatisehgal) [SIG Cloud Provider and Node]
  • If ComponentSLIs feature gate is enabled, then /metrics/slis becomes available on cloud-controller-manager allowing you to scrape health check metrics. (#113340, @Richabanker) [SIG Cloud Provider]
  • Kubectl config view now automatically redacts any secret fields marked with a datapolicy tag (#109189, @mpuckett159) [SIG API Machinery, Auth, CLI and Testing]
  • Kubectl shell completions for the bash shell now include descriptions. (#113636, @marckhouzam) [SIG CLI]
  • Kubernetes is now built with Go 1.19.3 (#113550, @xmudrii) [SIG Release and Testing]
  • Make Azure File CSI migration as GA in 1.26 (#113160, @andyzhangx) [SIG Cloud Provider]
  • NodeOutOfServiceVolumeDetach is now beta. (#113511, @xing-yang) [SIG Node and Storage]
  • Pod Security admission: the pod-security warn level will now default to the enforce level. (#113491, @tallclair) [SIG Auth and Security]
  • Promote kubectl alpha events to kubectl events (#113819, @soltysh) [SIG CLI and Testing]
  • Promote the APIServerIdentity feature to Beta. By default, each kube-apiserver will now create a Lease in the kube-system namespace. These lease objects can be used to identify the number of active API servers in the cluster, and may also be used for future features such as the Storage Version API. (#113629, @andrewsykim) [SIG API Machinery and Testing]
  • Promoting WindowsHostProcessContainers to stable (#113476, @marosset) [SIG Apps, Node, Testing and Windows]
  • RetroactiveDefaultStorageClass feature is now beta. (#113329, @RomanBednar) [SIG Apps, Storage and Testing]
  • The LegacyServiceAccountTokenNoAutoGeneration feature gate has been promoted to GA (#112838, @zshihang) [SIG API Machinery, Apps, Auth and Testing]
  • The ProxyTerminatingEndpoints feature is now Beta and enabled by default. When enabled, kube-proxy will attempt to route traffic to terminating pods when the traffic policy is Local and there are only terminating pods remaining on a node. (#113363, @andrewsykim) [SIG Network]
  • The iptables kube-proxy backend should process service/endpoint changes more efficiently in very large clusters. (#110268, @danwinship) [SIG Instrumentation and Network]
  • Update the Lease identity naming format for the APIServerIdentity feature to use a persistent name (#113307, @andrewsykim) [SIG API Machinery, Node and Testing]
  • Updated cAdvisor to v0.46.0 (#113769, @bobbypage) [SIG Architecture, CLI, Cloud Provider, Node and Storage]

Bug or Regression

  • Apiserver: use the correct error when logging errors updating managedFields (#113711, @andrewsykim) [SIG API Machinery]
  • Bump runc to v1.1.4 (#113719, @pacoxu) [SIG Node]
  • Do not raise an error when setting an annotation with the same value, just ignore it. (#109505, @zigarn) [SIG CLI]
  • Fix cost estimation of token creation request for service account in Priority and Fairness. (#113206, @marseel) [SIG API Machinery]
  • Fix that disruption controller changes the status of a stale disruption condition after 2 min when the PodDisruptionConditions feature gate is enabled (#113580, @mimowo) [SIG Auth]
  • Fix the PodAndContainerStatsFromCRI feature, instead of supplementing with stats from cAdvisor. (#113291, @mengjiao-liu) [SIG Instrumentation and Node]
  • For kubectl, --server-side now migrates ownership of all fields used by client-side-apply to the specified --fieldmanager. This prevents fields previously specified using kubectl from being able to live outside of server-side-apply's management and become undeleteable. (#112905, @alexzielenski) [SIG API Machinery, CLI and Testing]
  • Kubectl apply: warning that kubectl will ignore no-namespaced resource pv & namespace in a future release if the namespace is specified and allowlist is not specified (#110907, @pacoxu) [SIG CLI]
  • Kubelet: Fixes a startup crash in devicemanager (#113021, @rphillips) [SIG Node]
  • Kubelet: fix nil pointer in reflector start for standalone mode (#113501, @pacoxu) [SIG Node]
  • NOTE (#113749, @jpbetz) [SIG API Machinery]
  • Pod logs using --timestamps are not broken up with timestamps anymore. (#113481, @rphillips) [SIG Node]
  • Resolves an issue that causes winkernel proxier to treat stale VIPs as valid (#113521, @daschott) [SIG Network and Windows]
  • The resourceVersion returned in objects from delete responses is now consistent with the resourceVersion contained in the delete watch event (#113369, @wojtek-t) [SIG API Machinery]

Other (Cleanup or Flake)

  • A new API server flag --encryption-provider-config-automatic-reload has been added to control when the encryption config should be automatically reloaded without needing to restart the server. All KMS plugins are merged into a single healthz check at /healthz/kms-providers when reload is enabled, or when only KMS v2 plugins are used. (#113529, @enj) [SIG API Machinery, Auth and Testing]
  • Added a --prune-allowlist flag that can be used with kubectl apply --prune. This flag replaces and functions the same as the --prune-whitelist flag, which has been deprecated. (#113116, @brianpursley) [SIG CLI]
  • Deprecated the following kubectl run flags, which are ignored if set: --cascade, --filename, --force, --grace-period, --kustomize, --recursive, --timeout, --wait (#112261, @brianpursley) [SIG CLI]
  • Dropped support for the Container Runtime Interface (CRI) version v1alpha2, which means that container runtimes just have to implement v1. (#110618, @saschagrunert) [SIG Node and Security]
  • Promote job-related metrics to stable to follow IndexedJobs GA, the following metrics had their name updated to match metrics API guidelines:
    • job_sync_total -> job_syncs_total
    • job_finished_total -> jobs_finished_total (#113010, @soltysh) [SIG Apps and Instrumentation]
  • Promote cronjob_job_creation_skew metric to stable to follow the cronjob v2 controller, the following metrics had their name updated to match metrics API guidelines:
    • cronjob_job_creation_skew_duration_seconds -> job_creation_skew_duration_seconds (#113008, @soltysh) [SIG Apps and Instrumentation]
  • Rename the feature gate for CEL in Admission Control to ValidatingAdmissionPolicy. (#113735, @cici37) [SIG API Machinery and Testing]
  • kubelet_kubelet_credential_provider_plugin_duration is renamed kubelet_credential_provider_plugin_duration and kubelet_kubelet_credential_provider_plugin_errors is renamed kubelet_credential_provider_plugin_errors. (#113754, @logicalhan) [SIG Instrumentation and Node]

Dependencies

Added

Nothing has changed.

Changed

Removed

Nothing has changed.

v1.26.0-alpha.3

Downloads for v1.26.0-alpha.3

Source Code

filename sha512 hash
kubernetes.tar.gz e38caad0331adb21176e326bbcf1b4f55385b00011fd476c12a7872a2cfa1d25d2d961f2986cc336549be71bc8f3513578317a852d39c0ad6c62bd3bd4ce17d1
kubernetes-src.tar.gz f5931854054f3d739636fccc78c29a9cb579e3885143dae7d89c72d9e41857acf91ee0166ef92766e414355258409ca209ce7c2cf512322cc0f2b17bb9670098

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz fbfa2b4af54b8765465a8892ad7ceb56f019132805d7c1f0d63e9e569a33a722862234c1184f395c865bf1e8393951b8ea50bf972766d8283281bd2fc0ada86a
kubernetes-client-darwin-arm64.tar.gz 5b9af35b9284a7f4813031f913e3aa014d3a1b1fa7823564409c8c6ce7a8a2272b2fb306bcbb777736d241b7997fcf4fed97388614ccdb25463f8f41f3398204
kubernetes-client-linux-386.tar.gz 0fe3a80e9dfa85798f1da7b24c94c83328d4a00e4032b6dbe03c674fe39bd35a8a53c7b005fc9d81f0992920d4b66d25dc3a50c87df9884cdc4df9a61cca82f8
kubernetes-client-linux-amd64.tar.gz 36ef2a886f871bbf674aa740de4c2f61be4f80b8dd68c38b784af4a92a03af659ffab8de6a06cb400fbeea6bcb6f2eef9e809c5959a9050de5e0dd63521fcefa
kubernetes-client-linux-arm.tar.gz ae8a4f8e568843ea6f4321b0b7e2779ef1177e86ea979355509cf5788a05d1b08eaae54d400296b41ef5463d7e576df9d5943104ac830cf17f7e9e879460dc43
kubernetes-client-linux-arm64.tar.gz c8f10f35b38509b9c02af2946dfa96e86a8dca69c587754cdfe0cda0cfee8fbcf118fd8fa92543a04571d370c3a9942f40d19e0740efa301a2f9e542be4c0051
kubernetes-client-linux-ppc64le.tar.gz c416055c92483ec93d0ecfd4c1738ed1c9aafd9d68f806dc0e9b3fbe994c60fbb41baaa9a64fd1a5725ae16d6e22e93c40f8be5af4e122d1eb1d095d2f7a6c26
kubernetes-client-linux-s390x.tar.gz 88155930c24f784d6f73864af07518d0cdde486e32857d1d057d0ed0bfce7c8c7501f1fc29275747d7b50d812e910b1fb2fa14f7ef91aeedeaf530cdbe9094f7
kubernetes-client-windows-386.tar.gz 3c89c5044ca402bb022af618404839eb0cadb3e89552c4002386503911b1e4622a16a4452c26310ee2ead49058faa17711136435f3303271be903dabce93ae0d
kubernetes-client-windows-amd64.tar.gz 8d053b7eb02e850d2d70492d0cbd76e6b68ff43b3373539563c67ab2dc66895a387f4e7dfb31dffde85a32086beb8db3a12a55dd5e9f4261bd768c853be3e6fa
kubernetes-client-windows-arm64.tar.gz 0034b8b34b66cf72f9a77ffe0ab441517f12ba7bafbcf8abea7b6650f8936da0a4e90f56a315dc2d16392684167850401de6c1dbf386bce2e28aeab9e3b4963d

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 1b7c60428a326c337c59080923766d46c7b4a9c0ffc7125d6000f410a1cbd488403a00d36ea22a7fbddf70aa78c53e06c4d0cb434f254b7e883481393a99dec7
kubernetes-server-linux-arm.tar.gz 4eec57f333e4d5cc99929465e6bf01f057351925d5b38c92751c1b30a2f1f61d81db14d95100c5ea01950eee4ef172772e91dc38000ec50bfa1e01f8a62e0d54
kubernetes-server-linux-arm64.tar.gz a6a11db5f669e0705083269df9813c8da9e7d61f76c78ac0cb55ea9cfffad865e0de7b129727192cec03ecae89d7e51f1097b010290106a5ac8a563294fb69b2
kubernetes-server-linux-ppc64le.tar.gz 3b66310e6adad44b38a02eb315281e15e3f6f4fd6490ea279a3f962ca27b6537f4210a2db8e0648816614e2a9d73a622fdf0bac2ea0dc2c462543ce44acc3a45
kubernetes-server-linux-s390x.tar.gz 4dd94f22f4a309aa3fc0f92d1708a31660b291270107baf8ed80bbb49677136cce17345edf21e1a132584702218192e85876d36211884880629a8a38b98e6680

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 1c8b21a36d18a9a6c3ebf92cd61d9b36ef06b5e415f4bbf86518d3a740cb132a767c1b806e0b65e3a52eb8a2fc6452d0e897aaeea4505ad5206b0b304f784e0e
kubernetes-node-linux-arm.tar.gz 23797df2c5eb2fe473d06edb3fe032f2c55bb68eaa2074d1ce3f0455545076be5859288bc835d194da2291dc488da375ecbf21511f9876ca80da978f5ff3491c
kubernetes-node-linux-arm64.tar.gz 5f2ce6867228dc4cdb4a418421ac28d7f3a4e4e2f5ba7470cd141dc3b45978537d19ba81f0bd3751ba0ba31a3f67b41d7fac7932623cfd719b526fe3a879e42c
kubernetes-node-linux-ppc64le.tar.gz 9acdaf23e8e8a8bc5afac8fbccd1325f45a0bcf7ac1e02beaf2e54e54dfc95e5d90b5efeb9dfbfa9ebfd83331f7daeb928f2ad579ba02d234e0294a9df1e1d6e
kubernetes-node-linux-s390x.tar.gz d971dc06b94a02b23d384c366946a0304f53513717180351c70eef989841a33940fa56698d4f30161cd15ac47f2577569ff2cf63775d5c191ba798695d48f252
kubernetes-node-windows-amd64.tar.gz a2db5de15c72c6bc9bcd29dca31f6abf5c6cd3dd60c448bf4c4d93ad13f2864cd0904feaa5f0d3954c0199dcd64191dc97128863275e69705a3208c91f7f8b73

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.26.0-alpha.3 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.26.0-alpha.3 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.26.0-alpha.3 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.26.0-alpha.3 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.26.0-alpha.3 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.26.0-alpha.2

Changes by Kind

API Change

  • Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

    ([#86139](#86139), [@jasimmons](https://github.com/jasimmons)) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Contributor Experience, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing]
  • Add percentageOfNodesToScore as a scheduler profile level parameter to API version v1. If a profile percentageOfNodesToScore is set, it will override global percentageOfNodesToScore. (#112521, @yuanchen8911) [SIG API Machinery, Scheduling and Testing]

  • Kube-controller-manager supports '--concurrent-horizontal-pod-autoscaler-syncs' flag to set the number of horizontal pod autoscaler controller workers. (#108501, @zroubalik) [SIG API Machinery, Apps and Autoscaling]

  • Kube-proxy: The "userspace" proxy mode (deprecated for over a year) is no longer supported on either Linux or Windows. Users should use "iptables" or "ipvs" on Linux, or "kernelspace" on Windows. (#112133, @knabben) [SIG API Machinery, Network, Scalability, Testing and Windows]

  • Kubectl wait command with jsonpath flag will wait for target path appear until timeout. (#109525, @jonyhy96) [SIG CLI and Testing]

  • Kubelet external Credential Provider feature is moved to GA. Credential Provider Plugin and Credential Provider Config APIs updated from v1beta1 to v1 with no API changes. (#111616, @ndixita) [SIG API Machinery, Node, Scheduling and Testing]

  • The DynamicKubeletConfig feature gate has been removed from the API server. Dynamic kubelet reconfiguration now cannot be used even when older nodes are still attempting to rely on it. This is aligned with the Kubernetes version skew policy. (#112643, @SergeyKanzhelev) [SIG API Machinery, Apps, Auth, Node and Testing]

Feature

  • API Server Tracing now includes a variety of new spans and span events. (#113172, @dashpole) [SIG API Machinery, Architecture, Auth, Instrumentation, Network, Node and Scheduling]
  • Add kubelet metrics to track the cpumanager cpu allocation and pinning (#112855, @fromanirh) [SIG Instrumentation, Node and Testing]
  • Added categories column to the kubectl api-resources command's wide output (-o wide). Added --categories flag to the kubectl api-resources command, which can be used to filter the output to show only resources belonging to one or more categories. (#111096, @brianpursley) [SIG CLI]
  • Admission control plugin "DefaultStorageClass": If more than one StorageClass is designated as default (via the "storageclass.kubernetes.io/is-default-class" annotation), choose the newest one instead of throwing an error. (#110559, @danishprakash) [SIG Apps and Storage]
  • Change preemption_victims metric bucket from LinearBuckets to ExponentialBuckets. (#112939, @lengrongfu) [SIG Instrumentation and Scheduling]
  • Extend the job job_finished_total metric by new reason` label and introduce a new job metric to count pod failures handled by pod failure policy with respect to the action applied. (#113324, @mimowo) [SIG Apps and Testing]
  • Graduate ServiceIPStaticSubrange feature to GA (#112163, @aojea) [SIG Network]
  • If ComponentSLIs feature gate is enabled, then /metrics/slis becomes available on kube-controller-manager, allowing you to scrape health check metrics. (#112978, @logicalhan) [SIG API Machinery and Cloud Provider]
  • If ComponentSLIs feature gate is enabled, then /metrics/slis becomes available on kube-proxy allowing you to scrape health check metrics. (#113057, @Richabanker) [SIG Network]
  • If ComponentSLIs feature gate is enabled, then /metrics/slis becomes available on kube-scheduler, allowing you to scrape health check metrics. (#113026, @Richabanker) [SIG Scheduling]
  • If ComponentSLIs feature gate is enabled, then /metrics/slis becomes available on kubelet, allowing you to scrape health check metrics. (#113030, @Richabanker) [SIG Node]
  • Kubeadm: command kubeadm join phase control-plane-prepare certs is now supporting to run with dry-run mode on it's own (#113005, @chendave) [SIG Cluster Lifecycle]
  • Logs of requests that were timed out by a timeout handler will no longer contain a "statusStack" and "logging error output" fields (#112374, @Argh4k) [SIG API Machinery]
  • Metrics for RetroactiveDefaultStorageClass feature are now available. To see an attempt count for updating PVC retroactively with a default StorageClass see retroactive_storageclass_total metric and for total numer of errors see retroactive_storageclass_errors_total. (#113323, @RomanBednar) [SIG Apps]
  • New metric job_controller_terminated_pods_tracking_finalizer can be used to monitor whether the job controller is removing Pod finalizers from terminated Pods after accounting them in Job status. (#113176, @alculquicondor) [SIG Apps, Instrumentation and Testing]
  • Shell completion will now show plugin names when appropriate. Furthermore, shell completion will work for plugins that provide such support. (#105867, @marckhouzam) [SIG CLI]
  • The ExpandedDNSConfig feature has graduated to beta and is enabled by default. Note that this feature requires container runtime support. (#112824, @gjkim42) [SIG Network and Testing]
  • When the alpha LegacyServiceAccountTokenTracking feature gate is enabled, secret-based service account tokens will have a kubernetes.io/legacy-token-last-used applied to them containing the date they were last used. (#108858, @zshihang) [SIG API Machinery, Auth and Testing]

Bug or Regression

  • Bump golang.org/x/net to v0.1.1-0.20221027164007-c63010009c80 (#112693, @aimuz) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Security and Storage]
  • Fix the occasional double-counting of the job_finished_total metric (#112948, @mimowo) [SIG Apps, Architecture, Instrumentation and Testing]
  • Fixed a bug where a change in the appProtocol for a Service did not trigger a load balancer update. (#112785, @MartinForReal) [SIG Cloud Provider and Network]
  • Fixed a bug where the kubelet chooses the wrong container by its name when running kubectl exec. (#113041, @saschagrunert) [SIG Node]
  • Fixed an issue where the APIServer would panic on startup if an egress selector without a controlplane configuration is specified when using APIServerTracing (#112979, @dashpole) [SIG API Machinery, Instrumentation and Testing]
  • Fixed: #22422 Admission controllers can cause unnecessary significant load on apiserver (#112696, @aimuz) [SIG Scalability]
  • Kube-apiserver: DELETECOLLECTION API requests are now recorded in metrics with the correct verb. (#113133, @sxllwx) [SIG API Machinery]
  • Kube-apiserver: custom resources can now be specified in the --encryption-provider-config file and can be encrypted in etcd (#113015, @ritazh) [SIG API Machinery, Auth and Testing]
  • Kube-proxy, will restart in case it detects that the Node assigned pod.Spec.PodCIDRs have changed (#111344, @aojea) [SIG Network]
  • Kubectl now escapes terminal special characters in output. This fixes CVE-2021-25743. (#112553, @dgl) [SIG CLI and Security]
  • Kubectl: fixed a bug where kubectl convert did not pick the right API version (#112700, @SataQiu) [SIG CLI]
  • Kubelet: Fixes a startup crash in devicemanager (#113021, @rphillips) [SIG Node]
  • Nested mountpoints are now group correctly on all cases. (#112571, @claudiubelu) [SIG Storage and Windows]
  • The metrics(time duration) of a failed or unschedulable scheduling attempt will be longer for it will include the duration time of the unreserve operation now. (#113113, @kerthcet) [SIG Scheduling]
  • Updates golang.org/x/text to v0.3.8 to fix CVE-2022-32149 (#112989, @ameukam) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
  • Use SSA to add pod disruption conditions by scheduler and controller-manager (#113304, @mimowo) [SIG API Machinery, Apps and Scheduling]

Other (Cleanup or Flake)

  • Kubeadm: remove the UnversionedKubeletConfigMap feature gate. The feature has been GA and locked to enabled since 1.25. (#113448, @pacoxu) [SIG Cluster Lifecycle]
  • Removing Windows Server, Version 20H2 flavors from various container images (#112924, @marosset) [SIG Testing and Windows]
  • Service session affinity timeout tests are no longer required for Kubernetes network plugin conformance due to variations in existing implementations. New conformance tests will be developed to better express conformance in future releases. (#112806, @dcbw) [SIG Architecture, Network and Testing]
  • The e2e.test binary no longer emits JSON structs to document progress. (#113212, @pohly) [SIG Testing]
  • The metric etcd_db_total_size_in_bytes is renamed to apiserver_storage_db_total_size_in_bytes. (#113310, @logicalhan) [SIG API Machinery]

Dependencies

Added

  • cloud.google.com/go/datastore: v1.1.0
  • cloud.google.com/go/firestore: v1.1.0
  • cloud.google.com/go/pubsub: v1.3.1
  • dmitri.shuralyov.com/gpu/mtl: 666a987
  • github.com/BurntSushi/xgb: 27f1227
  • github.com/OneOfOne/xxhash: v1.2.2
  • github.com/alecthomas/template: fb15b89
  • github.com/alecthomas/units: f65c72e
  • github.com/armon/consul-api: eb2c6b5
  • github.com/armon/go-metrics: f0300d1
  • github.com/armon/go-radix: 7fddfc3
  • github.com/bgentry/speakeasy: v0.1.0
  • github.com/bketelsen/crypt: 5cbc8cc
  • github.com/cespare/xxhash: v1.1.0
  • github.com/client9/misspell: v0.3.4
  • github.com/coreos/bbolt: v1.3.2
  • github.com/coreos/etcd: v3.3.13+incompatible
  • github.com/coreos/go-systemd: 95778df
  • github.com/coreos/pkg: 399ea9e
  • github.com/dgrijalva/jwt-go: v3.2.0+incompatible
  • github.com/dgryski/go-sip13: e10d5fe
  • github.com/fatih/color: v1.7.0
  • github.com/go-gl/glfw/v3.3/glfw: 6f7a984
  • github.com/go-gl/glfw: e6da0ac
  • github.com/google/martian: v2.1.0+incompatible
  • github.com/gopherjs/gopherjs: 0766667
  • github.com/hashicorp/consul/api: v1.1.0
  • github.com/hashicorp/consul/sdk: v0.1.1
  • github.com/hashicorp/errwrap: v1.0.0
  • github.com/hashicorp/go-cleanhttp: v0.5.1
  • github.com/hashicorp/go-immutable-radix: v1.0.0
  • github.com/hashicorp/go-msgpack: v0.5.3
  • github.com/hashicorp/go-multierror: v1.0.0
  • github.com/hashicorp/go-rootcerts: v1.0.0
  • github.com/hashicorp/go-sockaddr: v1.0.0
  • github.com/hashicorp/go-syslog: v1.0.0
  • github.com/hashicorp/go-uuid: v1.0.1
  • github.com/hashicorp/go.net: v0.0.1
  • github.com/hashicorp/golang-lru: v0.5.1
  • github.com/hashicorp/hcl: v1.0.0
  • github.com/hashicorp/logutils: v1.0.0
  • github.com/hashicorp/mdns: v1.0.0
  • github.com/hashicorp/memberlist: v0.1.3
  • github.com/hashicorp/serf: v0.8.2
  • github.com/jstemmer/go-junit-report: v0.9.1
  • github.com/jtolds/gls: v4.20.0+incompatible
  • github.com/kr/logfmt: b84e30a
  • github.com/kr/pty: v1.1.1
  • github.com/magiconair/properties: v1.8.1
  • github.com/mattn/go-colorable: v0.0.9
  • github.com/mattn/go-isatty: v0.0.3
  • github.com/miekg/dns: v1.0.14
  • github.com/mitchellh/cli: v1.0.0
  • github.com/mitchellh/go-homedir: v1.1.0
  • github.com/mitchellh/go-testing-interface: v1.0.0
  • github.com/mitchellh/gox: v0.4.0
  • github.com/mitchellh/iochan: v1.0.0
  • github.com/oklog/ulid: v1.3.1
  • github.com/pascaldekloe/goe: 57f6aae
  • github.com/pelletier/go-toml: v1.2.0
  • github.com/posener/complete: v1.1.1
  • github.com/prometheus/tsdb: v0.7.1
  • github.com/ryanuber/columnize: 9b3edd6
  • github.com/sean-/seed: e2103e2
  • github.com/shurcooL/sanitized_anchor_name: v1.0.0
  • github.com/smartystreets/assertions: b2de0cb
  • github.com/smartystreets/goconvey: v1.6.4
  • github.com/spaolacci/murmur3: f09979e
  • github.com/spf13/afero: v1.2.2
  • github.com/spf13/cast: v1.3.0
  • github.com/spf13/jwalterweatherman: v1.0.0
  • github.com/spf13/viper: v1.7.0
  • github.com/subosito/gotenv: v1.2.0
  • github.com/ugorji/go: v1.1.4
  • github.com/xordataexchange/crypt: b2862e3
  • golang.org/x/exp: 6cc2880
  • golang.org/x/image: cff245a
  • golang.org/x/mobile: d2bd2a2
  • gopkg.in/ini.v1: v1.51.0
  • gopkg.in/resty.v1: v1.12.0
  • rsc.io/binaryregexp: v0.2.0
  • rsc.io/quote/v3: v3.1.0
  • rsc.io/sampler: v1.3.0

Changed

Removed

  • github.com/getkin/kin-openapi: v0.76.0

v1.26.0-alpha.2

Downloads for v1.26.0-alpha.2

Source Code

filename sha512 hash
kubernetes.tar.gz ed5a0f1b0d45e3b6ea0f3d05f5aa4e924e8205a45b0238080e02a6ad60004f106f3f5442a302a44ae5b848ba7426e63e22a42806ddc1977214d964874165b6ca
kubernetes-src.tar.gz 7db2dcb528ead7a879aa12a525e488d1175ab55f5a710833bf80e3380a8db53fa5d35020b02d39a653465b7686fd4f6520a41218c7c55358d3de6ef54fa0b61a

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz c024438cb9ab879e6489413a969e891e2ba3216940e4ff6c8d5a79a6956312d9e6143a4b469b0decfd94358b60844c845f15426574673ea54460dc8f5ee7053f
kubernetes-client-darwin-arm64.tar.gz ba9c72d75ae09c0fac0c29ff9034e3a94882f3bbcb1de1f8bcf7c65453048a4588980694b4d33af4ccd0458dfb9549fd8fd07a594dcc995743a8d154066ec09e
kubernetes-client-linux-386.tar.gz 550a6348ee1d2ca9f2395855e740e4ef7efbba5b223088dae718fd6f9d5ae1cb6194a1e9cf123fee78414074eddda9ce534151a7e7ed4eaffa2d3f74830da623
kubernetes-client-linux-amd64.tar.gz 9ace57236b3581ebbb517cc1d730ffa0120fc5049c430dbf5b566786414e3a846a0db7edc9c6b7956fcc39267c3ef0dae3868f13fefafe971cd8fd6a8af946fa
kubernetes-client-linux-arm.tar.gz 6473fed98b9e55b50b600ea522d0a8b701ae483c1ae237014ccf2afbd7a6d85c3b2271d541eb1a3e897264ad455eedb6794c7cf48c07e62fa1778609794c293f
kubernetes-client-linux-arm64.tar.gz 0ea3085811cd374473afb2cf7448ea018bbb3140c7f97e0d9b26f6fcf31c38734d0a08988b2d20427f476b69406f9835c0afa5196c95328941b56e51166405a9
kubernetes-client-linux-ppc64le.tar.gz 6ca4a7bca557732e1f5b9cba044457e76c8d660b5ef6f29bb029f072edcd8f359600c4334ecbb2aa6a84c6c206188f51d1c3736a6ae36f1c860627ce0414bc5e
kubernetes-client-linux-s390x.tar.gz 39004468389c84931ca2a9c76e69949eb1d1f0a752293bb430568f5779852e1e889ecd920629b8358a651f787a770f6dff4839d4c4e02ae3b561e4ae8a68d7fa
kubernetes-client-windows-386.tar.gz ee407cd43b50ab75bf0b5fe2b270b357f5797a9e0af31b198262e72c0dd5ca978ccfe0848ea05841ef006334e645b32a52992d30219ccf8df4c8123083a10ddc
kubernetes-client-windows-amd64.tar.gz af44e5848f5290db7138cfeafdf42c72a34b9eca3bdbff7058c02f88fd0a242cd5ecf19c392b6ea4145bc2df8c194967d22164a739c8d17160b6d6d7a6a5f738
kubernetes-client-windows-arm64.tar.gz 2a2b664e7f98f02a81f6845e05e2ed1159381f3fb68fffd8edcbd2c36e942962260da980887b44e1cf150b25abb5e69b9519be7c9cb9e5b3a5e7ef8af7523654

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 7700f4f8c2bd7944698c455b4bb3e40d7e877d194fb20baea4956fb76a97b21dc10731c7280c4b5ec8824fde4dad19e6845f8abb1c5f651d736bdb045bac0a90
kubernetes-server-linux-arm.tar.gz ae796dde4c3316a6b8c429107fd782a6a3c038d7d99770c8060f2aa350f44f9805d1d2e567885106840f8ac684258b3247271ca6e807cd72a65299b1c697677a
kubernetes-server-linux-arm64.tar.gz 5e32de6a1a768b8e9b56bdf6af8462bb0a70c5a8dd3c1dc4c1f8e19023b59dc33375b3166db66690468631202e781f2b9b995a76e98f6a14fb481e330c9fb5f2
kubernetes-server-linux-ppc64le.tar.gz feb17b943812dc4f3aca7d7c0853d9e86509a5896952146abc210f07b832b8de0eaebb833e62f5ca9cc2673e77c28f76af7dd9d822b1504ec4753347aa912c91
kubernetes-server-linux-s390x.tar.gz ce497964a7aad6b9bc0a95f1214c706e83c01c5d828818cef685c0df4eb3187018bcbb47b57a62cbc7da7c4d8c32f9c423eb7d07dd68e5f55afa09345ebaf9ce

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 545617a9b0c3e410a4c98547e1c9a208f41c0217b542fcc12103a0e077d56888d20e36d1b4a86ecd1bea8765b1f71ed08b1210e6fca688101b087a6bc42a8203
kubernetes-node-linux-arm.tar.gz 13fc8a993cc6ad5c5d260f559dbe613b8aa853f216caf56357610b77500c8a4946586e0c283021dc46e3b7f1272779a913d9ef050a7c7f8273c04abcae009c5c
kubernetes-node-linux-arm64.tar.gz 66a7911433f57cdf1d28115f0067dad2ed7987d4ea611110b52d1af055df5f589542601481586de8c7f5f807e9ffe5326048cd9f21c131cea7a7960e34203d32
kubernetes-node-linux-ppc64le.tar.gz 06967565fed29fcc299c88392666256edb6f4e5783bda8d7f798a501d53a56001bc3ec05d79b09d2e0dae2281374a853cf883bccbb37c34a7a48ec650c3626bb
kubernetes-node-linux-s390x.tar.gz cf69a140ac23ad5af38b49b3125edc2f8102420ac2183a8a4bd3be855cbafdae48e25c1103d24fe8e0d7e01eb9b6d98b47383440ec7f5dde7b9e38580c1af1df
kubernetes-node-windows-amd64.tar.gz 3454248b6393437372a44b2ce2dbe71eaae61d2b2ecec056bce49fec4670a9ce45255a4139afef32e73a84f7c9383e77b6d68883474bf169ed914d7282803547

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.26.0-alpha.2 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.26.0-alpha.2 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.26.0-alpha.2 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.26.0-alpha.2 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.26.0-alpha.2 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.26.0-alpha.1

Changes by Kind

Deprecation

  • Kube-apiserver: the unused '--master-service-namespace' flag is deprecated and will be removed in v1.27. (#112797, @SataQiu) [SIG API Machinery]

API Change

  • Add kubernetes_feature_enabled metric series to track whether each active feature gate is enabled. (#112690, @logicalhan) [SIG API Machinery, Architecture, Cluster Lifecycle, Instrumentation, Network, Node and Scheduling]
  • Introduce v1beta3 for Priority and Fairness with the following changes to the API spec:
    • rename 'assuredConcurrencyShares' (located under spec.limited') to 'nominalConcurrencyShares'
    • apply strategic merge patch annotations to 'Conditions' of flowschemas and prioritylevelconfigurations (#112306, @tkashem) [SIG API Machinery and Testing]
  • Legacy klog flags are no longer available. Only -v and -vmodule are still supported. (#112120, @pohly) [SIG Architecture, CLI, Instrumentation, Node and Testing]
  • The feature gates ServiceLoadBalancerClass and ServiceLBNodePortControl have been removed. These feature gates were enabled (and locked) since v1.24. (#112577, @andrewsykim) [SIG Apps]

Feature

  • A new --disable-compression flag has been added to kubectl (default = false). When true, it opts out of response compression for all requests to the apiserver. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112580, @shyamjvs) [SIG CLI and Testing]
  • A new pod_status_sync_duration_seconds histogram is reported at alpha metrics stability that estimates how long the Kubelet takes to write a pod status change once it is detected. (#107896, @smarterclayton) [SIG Apps, Architecture, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing]
  • Added a new feature gate CELValidatingAdmission to enable expression validation for Admission Control. (#112792, @cici37) [SIG API Machinery]
  • Added validation for the --container-runtime-endpoint flag of kubelet to be non-empty. (#112542, @astraw99) [SIG Node]
  • Expose health check SLI metrics on "metrics/slis" for apiserver (#112741, @logicalhan) [SIG API Machinery, Architecture, Auth and Instrumentation]
  • Kubeadm: sub-phases are now able to support the dry-run mode, e.g. kubeadm reset phase cleanup-node --dry-run (#112945, @chendave) [SIG Cluster Lifecycle]
  • Kubeadm: support image repository format validation (#112732, @SataQiu) [SIG Cluster Lifecycle]
  • Kubernetes is now built with Go 1.19.2 (#112900, @xmudrii) [SIG Release and Testing]
  • Switch kubectl to use github.com/russross/blackfriday/v2 (#112731, @pacoxu) [SIG CLI]
  • registered_metric_total now reports the number of metrics broken down by stability level and deprecated version (#112907, @logicalhan) [SIG Architecture and Instrumentation]

Bug or Regression

  • Consider only plugin directory and not entire kubelet root when cleaning up mounts (#112607, @mattcary) [SIG Storage]
  • Fix that pods running on nodes tainted with NoExecute continue to run when the PodDisruptionConditions feature gate is enabled (#112518, @mimowo) [SIG Apps and Auth]
  • Fixes an issue in winkernel proxier that causes proxy rules to leak anytime service backends are modified. (#112837, @daschott) [SIG Network and Windows]
  • Kube-apiserver: redirects from backend API servers are no longer followed when checking availability with requests to /apis/$group/$version (#112772, @liggitt) [SIG API Machinery and Testing]
  • Kubeadm: fix a bug when performing validation on ClusterConfiguration networking fields (#112751, @SataQiu) [SIG Cluster Lifecycle]
  • Kubelet now cleans up the Node's cloud node IP annotation correctly if you stop using --node-ip. (In particular, this fixes the problem where people who were unnecessarily using --node-ip with an external cloud provider in 1.23, and then running into problems with 1.24, could not fix the problem by just removing the unnecessary --node-ip from the kubelet arguments, because that wouldn't remove the annotation that caused the problems.) (#112184, @danwinship) [SIG Network and Node]
  • Kubelet: Fix log spam from kubelet_getters.go "Path does not exist" (#112650, @rphillips) [SIG Node]
  • Kubelet: when there are multi option lines in /etc/resolv.conf, merge all options into one line in a pod with the Default DNS policy. (#112414, @pacoxu) [SIG Network and Node]
  • The pod admission error message was improved for usability. (#112644, @vitorfhc) [SIG Node]

Other (Cleanup or Flake)

  • Adds a kubernetes_feature_enabled metric which will tell you if a feature is enabled. (#112652, @logicalhan) [SIG Architecture and Instrumentation]
  • Introduce ComponentSLIs alpha feature-gate for component SLIs metrics endpoint. (#112884, @logicalhan) [SIG API Machinery]
  • Lock ServerSideApply feature gate to true with the feature already being GA. (#112748, @wojtek-t) [SIG API Machinery, Apps, Instrumentation and Testing]
  • PodOverhead feature gate was removed as the feature is in GA since 1.24 (#112579, @SergeyKanzhelev) [SIG Node and Scheduling]
  • Reworded log message upon image garbage collection failure to be more clear. (#112631, @tzneal) [SIG Node]
  • The IndexedJob and SuspendJob feature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26 (#112589, @SataQiu) [SIG Apps]
  • The test/e2e/framework was refactored so that the core framework is smaller. Optional functionality like resource monitoring, log size monitoring, metrics gathering and debug information dumping must be imported by specific e2e test suites. Init packages are provided which can be imported to re-enable the functionality that traditionally was in the core framework. If you have code that no longer compiles because of this PR, you can use the script from a commit message to update that code. (#112043, @pohly) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage, Testing and Windows]
  • Updated cri-tools to [v1.25.0(https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.25.0) (#112058, @saschagrunert) [SIG Cloud Provider and Release]

Dependencies

Added

Nothing has changed.

Changed

  • github.com/fsnotify/fsnotify: v1.4.9 → v1.5.4
  • github.com/go-openapi/jsonreference: v0.19.5 → v0.20.0
  • github.com/matttproud/golang_protobuf_extensions: v1.0.1 → v1.0.2
  • go.uber.org/goleak: v1.1.12 → v1.2.0
  • k8s.io/utils: ee6ede2 → 665eaae
  • sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.32 → v0.0.33
  • sigs.k8s.io/yaml: v1.2.0 → v1.3.0

Removed

  • dmitri.shuralyov.com/gpu/mtl: 28db891
  • github.com/BurntSushi/xgb: 27f1227
  • github.com/ajstarks/svgo: 644b8db
  • github.com/fogleman/gg: 0403632
  • github.com/go-gl/glfw/v3.3/glfw: 6f7a984
  • github.com/golang/freetype: e2365df
  • github.com/jung-kurt/gofpdf: 24315ac
  • github.com/kr/fs: v0.1.0
  • github.com/mvdan/xurls: v1.1.0
  • github.com/pkg/sftp: v1.10.1
  • github.com/remyoudompheng/bigfft: 52369c6
  • github.com/russross/blackfriday: v1.5.2
  • github.com/spf13/afero: v1.6.0
  • golang.org/x/exp: 85be41e
  • golang.org/x/image: cff245a
  • golang.org/x/mobile: e6ae53a
  • gonum.org/v1/gonum: v0.6.2
  • gonum.org/v1/netlib: 7672324
  • gonum.org/v1/plot: e2840ee
  • modernc.org/cc: v1.0.0
  • modernc.org/golex: v1.0.0
  • modernc.org/mathutil: v1.0.0
  • modernc.org/strutil: v1.0.0
  • modernc.org/xc: v1.0.0
  • rsc.io/pdf: v0.1.1

v1.26.0-alpha.1

Downloads for v1.26.0-alpha.1

Source Code

filename sha512 hash
kubernetes.tar.gz dfcda26750af76145c47aebe4d5e9f49569273da3545338814c99ce0657bea48e552c4ded5539ef484cd54f40800ef2c096c5bb556e4ae57f6027661a36c366b
kubernetes-src.tar.gz c87d326a23cb5bf1e276259d89d66eaadbc5402dfe74c47c83490ea987d3fa74dafa96ef7730bfe0300662587076a75af9eb308c18ee1ae860b786256bcfe546

Client Binaries

filename sha512 hash
kubernetes-client-darwin-amd64.tar.gz 2573e0f0cb8dcb9332056353b077305d33ed172fbd2872ba7c086da7187f19c3192ab1ca11c08747e27598f325d4ec55447b4329f1b2bd1dafd968f803714e99
kubernetes-client-darwin-arm64.tar.gz 1e47e1944ea5abc71f66588e87ea37a46026e8ba3f0ccf429c3db03e97524642dc32064854bffc46657e7144b4ed35ae83e59b35239c633851018b7613ec00a7
kubernetes-client-linux-386.tar.gz 6006d4b9ac6044139b157ebe8d4744c88864630bf8970d0e4df452bc14d31ae4d27ab1048b044a1e90001efa8645e4a75f1c4870a2715a25395a27a5ab16e9e8
kubernetes-client-linux-amd64.tar.gz bb756cc5dd5264d2fe4e58782ea8e6b37e14188dbdd18ca0bb359a4b484a194890dbd2450bff5e2f7605379b3f421c86d22d4d5920c2074e7353bbd4cb0e1221
kubernetes-client-linux-arm.tar.gz 0d6c565474d0929a770d0ab08d85c89f80706f11325063d346fce4519bb9fbdf6fdda6a34691fc94a645e55833b50ef5f3f3f2d318abbcc3b12280d3e30386c8
kubernetes-client-linux-arm64.tar.gz 0465e93a8d50370cae1840f2d098647e4d8648b0aa9e3a37ebd00749e86cf2d12e97600e4ba1f11f74f87f3dc088b929e7aca082ef27a181154e5e1aa204e4ec
kubernetes-client-linux-ppc64le.tar.gz f4885fedf19c43fcb609bf86c1c01a13843004fe87cb843b60623509c031ae44bffd1357c61b83609c3ecb6294a96047d8d9d2148a66626a1e3765d6a09a6400
kubernetes-client-linux-s390x.tar.gz 3992a39912ec45ef06f287fab11101d5397933984ca80867f787704108865b6a312fc70e95721ddb352e87c47724fbfc8767e97985c74b65aa9e275cf26d23ec
kubernetes-client-windows-386.tar.gz 65fc586f14f0cc1765eae377f3a3eba4bfafcb574d5d255627aed65128a0b56d5ea5ec913d29e7431333ef51a7d917a9703ea0f974feb98e9f2543a3612440a8
kubernetes-client-windows-amd64.tar.gz 239fc7c6a6ef6fe3c1b20cff5d9793d1ac21225a289320ec6615c1305336ef40676096d4a9ebe60947d8b162b4e9a9df44e12c52581003ee0a3a0733c98edac0
kubernetes-client-windows-arm64.tar.gz c54b0a367e655842af4785a181dc366b3872fc8322495cfcb309518a854f87ed1064ed1c0a72fc663c31c8de7801fd041f0f05f7b788663c5e6941fc1313bcae

Server Binaries

filename sha512 hash
kubernetes-server-linux-amd64.tar.gz 736b911f58e4cf532726acba525a884827a627a95ed35be3ea9b444521183af6c4fb183afb3f82ceb715f0407fafb2e928f0e22fbc45ab62829721dd9f7c0811
kubernetes-server-linux-arm.tar.gz a78bbd06e8581e4132abf7ddbb62f0d95bff61bf9c706c651f8d4d085372c9c787919a4f7d75a49a256f8f58f78e396cf7effa64f84405be03feb63c1e2d1474
kubernetes-server-linux-arm64.tar.gz 5994ab21f9c7b85566de977a0cf4067c020aeadb3007edad4072edd7692b0fb903a57de732e694d9f5777358c12ee650aca7b58985b11243e0d1b2c565b7d03d
kubernetes-server-linux-ppc64le.tar.gz bd605e9b0e511805c7dbff4dbac8b111bc738343eacaeba1b234b4518da0f7bf33e64f26c231cdfb89532e57211b7dec10eb4d86969997dfc6a6cdbce0a6ccc9
kubernetes-server-linux-s390x.tar.gz 39a8008ff250656bb6eeb3645ad3260e560c1565ef71e93e2908a73c88462906f776ed55623f8595f9e2a6a452ed75babd872df9e6506a8ed93828dbe4a5dc57

Node Binaries

filename sha512 hash
kubernetes-node-linux-amd64.tar.gz 26965fb576f6adf0c894e30619b89c1d72048809e61cbfd45bf1da1a159f21d4920a894acdcf8c9cfc2d22e21a623f81c9a099150e9769419c3f91f1dd058de6
kubernetes-node-linux-arm.tar.gz cfa1033c9caec034018503887e59013110725cde423b43a6f774900316888442d060cf9d9bb7d84286eea4f53b1bea409390540438bc363207dc962b083008b0
kubernetes-node-linux-arm64.tar.gz ac4f903a2aba9f98ca7ca221456f6e846a6cc5b71a8b58fa5e948a7c39057a35d2bf26b0e901abb9ae66e0916bb5ae71f0cea99aae33f254a9584a907047b8b2
kubernetes-node-linux-ppc64le.tar.gz 8bc8aa34cec00241a3dbda0721af30f77401bc999020104d291c20b484e7ec4735395fc4c7859b58745046783a75f07590ae2b61ecd6a0eec734f44d682f2cb2
kubernetes-node-linux-s390x.tar.gz 91373c07bf2a1b381f4c410c38b3f70d6914bacbe38090799878a45c3caf7d6acf0777225562ffc059d09f9f8fbe8fff5c3598f9c9403b0102bbf68911d84eea
kubernetes-node-windows-amd64.tar.gz 91ca1e2cfe2d3e998af00bc443c12eaaf9a4061579c271de8dc409f1a61a746bb894743406ecb8c549900893ec30409eac0fd181eaa9bc2f283d00d108c7d606

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name architectures
k8s.gcr.io/conformance:v1.26.0-alpha.1 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-apiserver:v1.26.0-alpha.1 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-controller-manager:v1.26.0-alpha.1 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-proxy:v1.26.0-alpha.1 amd64, arm, arm64, ppc64le, s390x
k8s.gcr.io/kube-scheduler:v1.26.0-alpha.1 amd64, arm, arm64, ppc64le, s390x

Changelog since v1.25.0

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

Changes by Kind

Deprecation

API Change

  • Add auth API to get self subject attributes (new selfsubjectreviews API is added). The corresponding command for kubctl is provided - kubectl auth whoami. (#111333, @nabokihms) [SIG API Machinery, Auth, CLI and Testing]
  • Clarified the CFS quota as 100ms in the code comments and set the minimum cpuCFSQuotaPeriod to 1ms to match Linux kernel expectations. (#112123, @paskal) [SIG API Machinery and Node]
  • Component-base: make the validation logic about LeaderElectionConfiguration consistent between component-base and client-go (#111758, @SataQiu) [SIG API Machinery and Scheduling]
  • Fixes spurious field is immutable errors validating updates to Event API objects via the events.k8s.io/v1 API (#112183, @liggitt) [SIG Apps]
  • Protobuf serialization of metav1.MicroTime timestamps (used in Lease and Event API objects) has been corrected to truncate to microsecond precision, to match the documented behavior and JSON/YAML serialization. Any existing persisted data is truncated to microsecond when read from etcd. (#111936, @haoruan) [SIG API Machinery]
  • Revert regression that prevented client-go latency metrics to be reported with a template URL to avoid label cardinality. (#111752, @aanm) [SIG API Machinery]
  • [kubelet] Change default cpuCFSQuotaPeriod value with enabled cpuCFSQuotaPeriod flag from 100ms to 100µs to match the Linux CFS and k8s defaults. cpuCFSQuotaPeriod of 100ms now requires customCPUCFSQuotaPeriod flag to be set to work. (#111520, @paskal) [SIG API Machinery and Node]

Feature

  • A new "DisableCompression" field (default = false) has been added to kubeconfig under cluster info. When set to true, clients using the kubeconfig opt out of response compression for all requests to the apiserver. This can help improve list call latencies significantly when client-server network bandwidth is ample (>30MB/s) or if the server is CPU-constrained. (#112309, @shyamjvs) [SIG API Machinery and Auth]
  • API Server tracing root span name for opentelemetry is changed from "KubernetesAPI" to "HTTP GET" (#112545, @dims) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Storage and Testing]
  • Add new Golang runtime-related metrics to Kubernetes components:
    • go_gc_cycles_automatic_gc_cycles_total
    • go_gc_cycles_forced_gc_cycles_total
    • go_gc_cycles_total_gc_cycles_total
    • go_gc_heap_allocs_by_size_bytes
    • go_gc_heap_allocs_bytes_total
    • go_gc_heap_allocs_objects_total
    • go_gc_heap_frees_by_size_bytes
    • go_gc_heap_frees_bytes_total
    • go_gc_heap_frees_objects_total
    • go_gc_heap_goal_bytes
    • go_gc_heap_objects_objects
    • go_gc_heap_tiny_allocs_objects_total
    • go_gc_pauses_seconds
    • go_memory_classes_heap_free_bytes
    • go_memory_classes_heap_objects_bytes
    • go_memory_classes_heap_released_bytes
    • go_memory_classes_heap_stacks_bytes
    • go_memory_classes_heap_unused_bytes
    • go_memory_classes_metadata_mcache_free_bytes
    • go_memory_classes_metadata_mcache_inuse_bytes
    • go_memory_classes_metadata_mspan_free_bytes
    • go_memory_classes_metadata_mspan_inuse_bytes
    • go_memory_classes_metadata_other_bytes
    • go_memory_classes_os_stacks_bytes
    • go_memory_classes_other_bytes
    • go_memory_classes_profiling_buckets_bytes
    • go_memory_classes_total_bytes
    • go_sched_goroutines_goroutines
    • go_sched_latencies_seconds (#111910, @tosi3k) [SIG API Machinery, Architecture, Auth, Cloud Provider and Instrumentation]
  • CSRDuration feature gate that graduated to GA in 1.24 and was unconditionally enabled has been removed in v1.26 (#112386, @Shubham82) [SIG Auth]
  • Client-go: SharedInformerFactory supports waiting for goroutines during shutdown (#112200, @pohly) [SIG API Machinery]
  • Kube-apiserver: gzip compression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. (#112299, @shyamjvs) [SIG API Machinery]
  • Kubeadm: "show-join-command" has been added as a new separate phase at the end of "kubeadm init". You can skip printing the join information by using "kubeadm init --skip-phases=show-join-command". Executing only this phase on demand will throw an error because the phase needs dependencies such as bootstrap tokens to be pre-populated. (#111512, @SataQiu) [SIG Cluster Lifecycle]
  • Kubeadm: add the flag "--cleanup-tmp-dir" for "kubeadm reset". It will cleanup the contents of "/etc/kubernetes/tmp". The flag is off by default. (#112172, @chendave) [SIG Cluster Lifecycle]
  • Kubeadm: try to load CA cert from external CertificateAuthority file when CertificateAuthorityData is empty for existing kubeconfig (#111783, @SataQiu) [SIG Cluster Lifecycle]
  • Kubernetes is now built with Go 1.19.1 (#112287, @palnabarun) [SIG Release and Testing]
  • Scheduler now retries updating a pod's status on ServiceUnavailable and InternalError errors, in addition to net ConnectionRefused error. (#111809, @Huang-Wei) [SIG Scheduling]
  • The goroutines metric is newly added in the scheduler. It replaces scheduler_goroutines metric and it counts the number of goroutine in more places than scheduler_goroutine does. (#112003, @sanposhiho) [SIG Instrumentation and Scheduling]

Documentation

  • Clarified the default CFS quota period as being 100µs and not 100ms. (#111554, @paskal) [SIG Node]

Bug or Regression

  • Adds back in unused flags on kubectl run command, which did not go through the required deprecation period before being removed. (#112243, @brianpursley) [SIG CLI]
  • Allow Label section in vsphere e2e cloudprovider configuration (#112427, @gnufied) [SIG Storage and Testing]
  • Apiserver /healthz/etcd endpoint rate limits the number of forwarded health check requests to the etcd backends, answering with the last known state if the rate limit is exceeded. The rate limit is based on 1/2 of the timeout configured, with no burst allowed. (#112046, @aojea) [SIG API Machinery]
  • Avoid propagating hosts' search . into containers' /etc/resolv.conf (#112157, @dghubble) [SIG Network and Node]
  • Callers using DelegatingAuthenticationOptions can use DisableAnonymous to disable Anonymous authentication. (#112181, @xueqzhan) [SIG API Machinery and Auth]
  • Change error message when resource is not supported by given patch type in kubectl patch (#112556, @ardaguclu) [SIG CLI]
  • Correct the calculating error in podTopologySpread plugin to avoid unexpected scheduling results. (#112507, @kerthcet) [SIG Scheduling]
  • Etcd: Update to v3.5.5 (#112489, @dims) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing]
  • Fix an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectl while exec auth was in use. (#112017, @enj) [SIG API Machinery and Auth]
  • Fix list cost estimation in Priority and Fairness for list requests with metadata.name specified. (#112557, @marseel) [SIG API Machinery]
  • Fix race condition in GCE between containerized mounter setup in the kubelet and node startup. (#112195, @mattcary) [SIG Cloud Provider and Storage]
  • Fix relative cpu priority for pods where containers explicitly request zero cpu by giving the lowest priority instead of falling back to the cpu limit to avoid possible cpu starvation of other pods (#108832, @waynepeking348) [SIG Node]
  • Fixed bug in kubectl rollout history where only the latest revision was displayed when a specific revision was requested and an output format was specified (#111093, @brianpursley) [SIG CLI and Testing]
  • Fixed bug where dry run message was not printed when running kubectl label with --dry-run flag. (#111571, @brianpursley) [SIG CLI]
  • For raw block CSI volumes on Kubernetes, kubelet was incorrectly calling CSI NodeStageVolume for every single "map" (i.e. raw block "mount") operation for a volume already attached to the node. This PR ensures it is only called once per volume per node. (#112403, @akankshakumari393) [SIG Storage]
  • Improves kubectl display of invalid request errors returned by the API server (#112150, @liggitt) [SIG CLI]
  • Increase the maximum backoff delay of the endpointslice controller to match the expected sequence of delays when syncing Services. (#112353, @dgrisonnet) [SIG Apps and Network]
  • Kube-apiserver: redirect responses are no longer returned from backends by default. Set --aggregator-reject-forwarding-redirect=false to continue forwarding redirect responses. (#112193, @jindijamie) [SIG API Machinery and Testing]
  • Kube-apiserver: resolved a regression that treated 304 Not Modified responses from aggregated API servers as internal errors (#112526, @liggitt) [SIG API Machinery]
  • Kube-apiserver: x-kubernetes-list-type validation is now enforced when updating status of custom resources (#111866, @pacoxu) [SIG API Machinery]
  • Kube-proxy no longer falls back from ipvs mode to iptables mode if you ask it to do ipvs but the system is not correctly configured. Instead, it will just exit with an error. (#111806, @danwinship) [SIG Network]
  • Kube-scheduler: add taints filtering logic consistent with TaintToleration plugin for PodTopologySpread plugin (#112357, @SataQiu) [SIG Scheduling and Testing]
  • Kubeadm will cleanup the stale data on best effort basis. Stale data will be removed when each reset phase are executed, default etcd data directory will be cleanup when the remove-etcd-member phase are executed. (#110972, @chendave) [SIG Cluster Lifecycle]
  • Kubeadm: allow RSA and ECDSA format keys in preflight check (#112508, @SataQiu) [SIG Cluster Lifecycle]
  • Kubeadm: when a subcommand is needed but not provided for a kubeadm command, print a help screen instead of showing a short message. (#111277, @chymy) [SIG Cluster Lifecycle]
  • Log messages and metrics for the watch cache are now keyed by <resource>.<group> instead of go struct type. This means e.g. that *v1.Pod becomes pods. Additionally, resources that come from CustomResourceDefinitions are now displayed as the correct resource and group, instead of *unstructured.Unstructured. (#111807, @ncdc) [SIG API Machinery and Instrumentation]
  • Move LocalStorageCapacityIsolationFSQuotaMonitoring back to Alpha. (#112076, @rphillips) [SIG Node and Testing]
  • Pod failed in scheduling due to expected error will be updated with the reason of "SchedulerError" rather than "Unschedulable" (#111999, @kerthcet) [SIG Scheduling and Testing]
  • Services of type LoadBalancer create fewer AWS security group rules in most cases (#112267, @sjenning) [SIG Cloud Provider]
  • The errors in k8s.io/apimachinery/pkg/api/meta gained support for the stdlibs errors.Is matching, including when wrapped (#111808, @alvaroaleman) [SIG API Machinery]
  • The metrics etcd_request_duration_seconds and etcd_bookmark_counts now differentiate by group resource instead of object type, allowing unique entries per CustomResourceDefinition, instead of grouping them all under *unstructured.Unstructured. (#112042, @ncdc) [SIG API Machinery]
  • Update the system-validators library to v1.8.0 (#112026, @pacoxu) [SIG Cluster Lifecycle]

Other (Cleanup or Flake)

  • E2e: tests can now register callbacks with ginkgo.BeforeEach/AfterEach/DeferCleanup directly after creating a framework instance and are guaranteed that their code is called after the framework is initialized and before it gets cleaned up. ginkgo.DeferCleanup replaces f.AddAfterEach and AddCleanupAction which got removed to simplify the framework. (#111998, @pohly) [SIG Storage and Testing]
  • GlusterFS in-tree storage driver which was deprecated at kubernetes 1.25 release has been removed entirely in 1.26. (#112015, @humblec) [SIG API Machinery, Cloud Provider, Instrumentation, Node, Scalability, Storage and Testing]
  • Kube scheduler Component Config release version v1beta3 is deprecated in v1.26 and will be removed in v1.29, also v1beta2 will be removed in v1.28. (#112257, @kerthcet) [SIG Scheduling]
  • Kube-scheduler: the DefaultPodTopologySpread, NonPreemptingPriority, PodAffinityNamespaceSelector, PreferNominatedNode feature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26 (#112567, @SataQiu) [SIG Scheduling]
  • Kubeadm: remove the toleration for the "node-role.kubernetes.io/master" taint from the CoreDNS deployment of kubeadm. With the 1.25 release of kubeadm the taint "node-role.kubernetes.io/master" is no longer applied to control plane nodes and the toleration for it can be removed with the release of 1.26. You can also perform the same toleration removal from your own addon manifests. (#112008, @pacoxu) [SIG Cluster Lifecycle]
  • Kubeadm: remove the usage of the --container-runtime=remote flag for the kubelet during kubeadm init/join/upgrade. The flag value "remote" has been the only possible value since dockershim was removed from the kubelet. (#112000, @pacoxu) [SIG Cluster Lifecycle]
  • NoneNone (#111533, @zhoumingcheng) [SIG CLI]
  • Release-note (#111708, @yangjunmyfm192085) [SIG Apps, Instrumentation and Network]
  • Scheduler dumper now exposes a summary to indicate the number of pending pods in each internal queue. (#111726, @Huang-Wei) [SIG Scheduling and Testing]
  • The IndexedJob and SuspendJob feature gates that graduated to GA in 1.24 and were unconditionally enabled have been removed in v1.26 (#112589, @SataQiu) [SIG Apps]

Dependencies

Added

  • github.com/cenkalti/backoff/v4: v4.1.3
  • github.com/go-logr/stdr: v1.2.2
  • github.com/grpc-ecosystem/grpc-gateway/v2: v2.7.0
  • github.com/jpillora/backoff: v1.0.0
  • go.opentelemetry.io/contrib/propagators/b3: v1.10.0
  • go.opentelemetry.io/otel/exporters/otlp/internal/retry: v1.10.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.10.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.10.0

Changed

  • github.com/antlr/antlr4/runtime/Go/antlr: f25a4f6 → v1.4.10
  • github.com/cpuguy83/go-md2man/v2: v2.0.1 → v2.0.2
  • github.com/emicklei/go-restful/v3: v3.8.0 → v3.9.0
  • github.com/felixge/httpsnoop: v1.0.1 → v1.0.3
  • github.com/go-kit/log: v0.1.0 → v0.2.0
  • github.com/go-logfmt/logfmt: v0.5.0 → v0.5.1
  • github.com/google/cel-go: v0.12.4 → v0.12.5
  • github.com/google/go-cmp: v0.5.6 → v0.5.9
  • github.com/onsi/ginkgo/v2: v2.1.4 → v2.2.0
  • github.com/onsi/gomega: v1.19.0 → v1.20.1
  • github.com/prometheus/client_golang: v1.12.1 → v1.13.0
  • github.com/prometheus/common: v0.32.1 → v0.37.0
  • github.com/prometheus/procfs: v0.7.3 → v0.8.0
  • github.com/spf13/cobra: v1.4.0 → v1.5.0
  • github.com/stretchr/objx: v0.2.0 → v0.4.0
  • github.com/stretchr/testify: v1.7.0 → v1.8.0
  • go.etcd.io/etcd/api/v3: v3.5.4 → v3.5.5
  • go.etcd.io/etcd/client/pkg/v3: v3.5.4 → v3.5.5
  • go.etcd.io/etcd/client/v2: v2.305.4 → v2.305.5
  • go.etcd.io/etcd/client/v3: v3.5.4 → v3.5.5
  • go.etcd.io/etcd/pkg/v3: v3.5.4 → v3.5.5
  • go.etcd.io/etcd/raft/v3: v3.5.4 → v3.5.5
  • go.etcd.io/etcd/server/v3: v3.5.4 → v3.5.5
  • go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful: v0.20.0 → v0.35.0
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.20.0 → v0.35.0
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.20.0 → v0.35.0
  • go.opentelemetry.io/otel/metric: v0.20.0 → v0.31.0
  • go.opentelemetry.io/otel/sdk: v0.20.0 → v1.10.0
  • go.opentelemetry.io/otel/trace: v0.20.0 → v1.10.0
  • go.opentelemetry.io/otel: v0.20.0 → v1.10.0
  • go.opentelemetry.io/proto/otlp: v0.7.0 → v0.19.0
  • go.uber.org/goleak: v1.1.10 → v1.1.12
  • golang.org/x/crypto: 3147a52 → 7b82a4e
  • golang.org/x/lint: 6edffad → 1621716
  • golang.org/x/oauth2: d3ed0bb → ee48083
  • google.golang.org/grpc: v1.47.0 → v1.49.0
  • google.golang.org/protobuf: v1.28.0 → v1.28.1
  • k8s.io/gengo: c02415c → c0856e2
  • k8s.io/klog/v2: v2.70.1 → v2.80.1
  • k8s.io/system-validators: v1.7.0 → v1.8.0

Removed

  • github.com/auth0/go-jwt-middleware: v1.0.1
  • github.com/boltdb/bolt: v1.3.1
  • github.com/go-ozzo/ozzo-validation: v3.5.0+incompatible
  • github.com/gophercloud/gophercloud: v0.1.0
  • github.com/gopherjs/gopherjs: fce0ec3
  • github.com/gorilla/mux: v1.8.0
  • github.com/heketi/heketi: v10.3.0+incompatible
  • github.com/heketi/tests: f3775cb
  • github.com/jtolds/gls: v4.20.0+incompatible
  • github.com/lpabon/godbc: v0.1.1
  • github.com/smartystreets/assertions: v1.1.0
  • github.com/smartystreets/goconvey: v1.6.4
  • github.com/urfave/negroni: v1.0.0
  • go.opentelemetry.io/contrib/propagators: v0.20.0
  • go.opentelemetry.io/contrib: v0.20.0
  • go.opentelemetry.io/otel/exporters/otlp: v0.20.0
  • go.opentelemetry.io/otel/oteltest: v0.20.0
  • go.opentelemetry.io/otel/sdk/export/metric: v0.20.0
  • go.opentelemetry.io/otel/sdk/metric: v0.20.0