1. v1.18.0 版本 CHANGELOG

1.1. Changelog since v1.17.0

A complete changelog for the release notes is now hosted in a customizable format at https://relnotes.k8s.io. Check it out and please give us your feedback!

1.2. 主要更新

  • Kubernetes 拓扑管理器(Topology Manager) 升级到 Beta 版 !

拓扑管理器功能是 1.18 版中 Kubernetes 的 beta 功能,它使 CPU 和 设备(例如 SR-IOV VFs)的 NUMA 对齐方式能够使您的工作负载在针对低延迟而优化的环境中运行。在引入拓扑管理器之前,CPU 和设备管理器将做出彼此独立的资源分配决策。这可能会导致在多套接字( multi-socket )系统上分配不良,从而导致关键型应用程序的性能下降。

  • Serverside Apply 引入 Beta 2 版本

Serverside Apply 在 1.16 中升级为 Beta,但现在在 1.18 中引入了第二个 Beta。这个新版本将跟踪和管理所有新Kubernetes 对象的字段更改,从而使你知道更改了什么资源以及何时更改的。

  • 使用 IngressClass 扩展 Ingress 并用 IngressClass 替换不推荐使用的注释

在 Kubernetes 1.18 中,Ingress 有两个重要的补充:一个新 pathType 字段和一个新 IngressClass 资源。该pathType 字段允许指定路径应如何匹配。除了默认 ImplementationSpecific 类型外,还有 new Exact 和 Prefixpath 类型。

该 IngressClass 资源用于描述 Kubernetes 集群中的 Ingress 类型。入口可以通过 ingressClassName 在入口上使用新字段来指定与它们关联的类。此新资源和字段替换了不建议使用的 kubernetes.io/ingress.class 注释。

  • SIG-CLI 引入 kubectl debug 命令

SIG CLI 已经讨论了调试实用程序的需求已经有一段时间。随着临时容器的发展,我们可以通过在 kubectl exec 。该 kubectl debug 命令的添加(它是 Alpha,但欢迎您提供反馈),使开发人员可以轻松地在集群中调试其 Pod。我们认为这种增加是无价的。此命令允许创建一个临时容器,该容器在要检查的 Pod 旁边运行,并且还附加到控制台以进行交互式故障排除。

  • 为 Kubernetes 引入 Windows CSI 支持 Alpha 版本

随着 Kubernetes 1.18 的发布,用于 Windows 的 CSI 代理的 Alpha 版本也已发布。CSI 代理使非特权(预先批准)的容器能够在 Windows 上执行特权存储操作。现在,可以利用CSI代理在Windows中支持CSI驱动程序。SIG存储在1.18版本中取得了很大进步。

1.3. Urgent Upgrade Notes

1.3.1. (No, really, you MUST read this before you upgrade)

kube-apiserver:

  • in an --encryption-provider-config config file, an explicit cacheSize: 0 parameter previously silently defaulted to caching 1000 keys. In Kubernetes 1.18, this now returns a config validation error. To disable caching, you can specify a negative cacheSize value in Kubernetes 1.18+.
  • consumers of the 'certificatesigningrequests/approval' API must now have permission to 'approve' CSRs for the specific signer requested by the CSR. More information on the new signerName field and the required authorization can be found at https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests#authorization (#88246, @munnerz) [SIG API Machinery, Apps, Auth, CLI, Node and Testing]
  • The following features are unconditionally enabled and the corresponding --feature-gates flags have been removed: PodPriority, TaintNodesByCondition, ResourceQuotaScopeSelectors and ScheduleDaemonSetPods (#86210, @draveness) [SIG Apps and Scheduling]

kubelet:

  • --enable-cadvisor-json-endpoints is now disabled by default. If you need access to the cAdvisor v1 Json API please enable it explicitly in the kubelet command line. Please note that this flag was deprecated in 1.15 and will be removed in 1.19. (#87440, @dims) [SIG Instrumentation, Node and Testing]
  • Promote CSIMigrationOpenStack to Beta (off by default since it requires installation of the OpenStack Cinder CSI Driver. The in-tree AWS OpenStack Cinder driver "kubernetes.io/cinder" was deprecated in 1.16 and will be removed in 1.20. Users should enable CSIMigration + CSIMigrationOpenStack features and install the OpenStack Cinder CSI Driver (https://github.com/kubernetes/cloud-provider-openstack) to avoid disruption to existing Pod and PVC objects at that time. Users should start using the OpenStack Cinder CSI Driver directly for any new volumes. (#85637, @dims) [SIG Cloud Provider]

kubectl:

  • kubectl and k8s.io/client-go no longer default to a server address of http://localhost:8080. If you own one of these legacy clusters, you are strongly encouraged to secure your server. If you cannot secure your server, you can set the $KUBERNETES_MASTER environment variable to http://localhost:8080 to continue defaulting the server address. kubectl users can also set the server address using the --server flag, or in a kubeconfig file specified via --kubeconfig or $KUBECONFIG. (#86173, @soltysh) [SIG API Machinery, CLI and Testing]
  • kubectl run has removed the previously deprecated generators, along with flags unrelated to creating pods. kubectl run now only creates pods. See specific kubectl create subcommands to create objects other than pods. (#87077, @soltysh) [SIG Architecture, CLI and Testing]
  • The deprecated command kubectl rolling-update has been removed (#88057, @julianvmodesto) [SIG Architecture, CLI and Testing]

client-go:

  • Signatures on methods in generated clientsets, dynamic, metadata, and scale clients have been modified to accept context.Context as a first argument. Signatures of Create, Update, and Patch methods have been updated to accept CreateOptions, UpdateOptions and PatchOptions respectively. Signatures of Delete and DeleteCollection methods now accept DeleteOptions by value instead of by reference. Generated clientsets with the previous interface have been added in new "deprecated" packages to allow incremental migration to the new APIs. The deprecated packages will be removed in the 1.21 release. A tool is available at http://sigs.k8s.io/clientgofix to rewrite method invocations to the new signatures.

  • The following deprecated metrics are removed, please convert to the corresponding metrics:

    • The following replacement metrics are available from v1.14.0:

      • rest_client_request_latency_seconds -> rest_client_request_duration_seconds
      • scheduler_scheduling_latency_seconds -> scheduler_scheduling_duration_seconds
      • docker_operations -> docker_operations_total
      • docker_operations_latency_microseconds -> docker_operations_duration_seconds
      • docker_operations_errors -> docker_operations_errors_total
      • docker_operations_timeout -> docker_operations_timeout_total
      • network_plugin_operations_latency_microseconds -> network_plugin_operations_duration_seconds
      • kubelet_pod_worker_latency_microseconds -> kubelet_pod_worker_duration_seconds
      • kubelet_pod_start_latency_microseconds -> kubelet_pod_start_duration_seconds
      • kubelet_cgroup_manager_latency_microseconds -> kubelet_cgroup_manager_duration_seconds
      • kubelet_pod_worker_start_latency_microseconds -> kubelet_pod_worker_start_duration_seconds
      • kubelet_pleg_relist_latency_microseconds -> kubelet_pleg_relist_duration_seconds
      • kubelet_pleg_relist_interval_microseconds -> kubelet_pleg_relist_interval_seconds
      • kubelet_eviction_stats_age_microseconds -> kubelet_eviction_stats_age_seconds
      • kubelet_runtime_operations -> kubelet_runtime_operations_total
      • kubelet_runtime_operations_latency_microseconds -> kubelet_runtime_operations_duration_seconds
      • kubelet_runtime_operations_errors -> kubelet_runtime_operations_errors_total
      • kubelet_device_plugin_registration_count -> kubelet_device_plugin_registration_total
      • kubelet_device_plugin_alloc_latency_microseconds -> kubelet_device_plugin_alloc_duration_seconds
      • scheduler_e2e_scheduling_latency_microseconds -> scheduler_e2e_scheduling_duration_seconds
      • scheduler_scheduling_algorithm_latency_microseconds -> scheduler_scheduling_algorithm_duration_seconds
      • scheduler_scheduling_algorithm_predicate_evaluation -> scheduler_scheduling_algorithm_predicate_evaluation_seconds
      • scheduler_scheduling_algorithm_priority_evaluation -> scheduler_scheduling_algorithm_priority_evaluation_seconds
      • scheduler_scheduling_algorithm_preemption_evaluation -> scheduler_scheduling_algorithm_preemption_evaluation_seconds
      • scheduler_binding_latency_microseconds -> scheduler_binding_duration_seconds
      • kubeproxy_sync_proxy_rules_latency_microseconds -> kubeproxy_sync_proxy_rules_duration_seconds
      • apiserver_request_latencies -> apiserver_request_duration_seconds
      • apiserver_dropped_requests -> apiserver_dropped_requests_total
      • etcd_request_latencies_summary -> etcd_request_duration_seconds
      • apiserver_storage_transformation_latencies_microseconds -> apiserver_storage_transformation_duration_seconds
      • apiserver_storage_data_key_generation_latencies_microseconds -> apiserver_storage_data_key_generation_duration_seconds
      • apiserver_request_count -> apiserver_request_total
      • apiserver_request_latencies_summary
    • The following replacement metrics are available from v1.15.0:

      • apiserver_storage_transformation_failures_total -> apiserver_storage_transformation_operations_total (#76496, @danielqsj) [SIG API Machinery, Cluster Lifecycle, Instrumentation, Network, Node and Scheduling]

1.4. Changes by Kind

1.4.1. Deprecation

kube-apiserver:

  • 所有资源的 API apps/v1beta1apps/v1beta2 都将弃用,请改用 apps/v1 替代。
  • daemonsets, deployments, replicasets 资源的 API extensions/v1beta1 将被弃用,请改用 apps/v1 替代。
  • networkpolicies 资源的 API extensions/v1beta1 将被弃用,请改用 networking.k8s.io/v1 替代。
  • podsecuritypolicies 资源的 API extensions/v1beta1 将被弃用,请使用 policy/v1beta1 替代。

kube-controller-manager:

  • Azure service annotation service.beta.kubernetes.io/azure-load-balancer-disable-tcp-reset has been deprecated. Its support would be removed in a future release. (#88462, @feiskyer) [SIG Cloud Provider]

kubelet:

  • The StreamingProxyRedirects feature and --redirect-container-streaming flag are deprecated, and will be removed in a future release. The default behavior (proxy streaming requests through the kubelet) will be the only supported option. If you are setting --redirect-container-streaming=true, then you must migrate off this configuration. The flag will no longer be able to be enabled starting in v1.20. If you are not setting the flag, no action is necessary. (#88290, @tallclair) [SIG API Machinery and Node]
  • resource metrics endpoint /metrics/resource/v1alpha1 as well as all metrics under this endpoint have been deprecated. Please convert to the following metrics emitted by endpoint /metrics/resource:

    • scrape_error --> scrape_error
    • node_cpu_usage_seconds_total --> node_cpu_usage_seconds
    • node_memory_working_set_bytes --> node_memory_working_set_bytes
    • container_cpu_usage_seconds_total --> container_cpu_usage_seconds
    • container_memory_working_set_bytes --> container_memory_working_set_bytes
    • scrape_error --> scrape_error (#86282, @RainbowMango) [SIG Node]
  • In a future release, kubelet will no longer create the CSI NodePublishVolume target directory, in accordance with the CSI specification. CSI drivers may need to be updated accordingly to properly create and process the target path. (#75535) [SIG Storage]

kube-proxy:

  • --healthz-port and --metrics-port flags are deprecated, please use --healthz-bind-address and --metrics-bind-address instead (#88512, @SataQiu) [SIG Network]
  • a new EndpointSliceProxying feature gate has been added to control the use of EndpointSlices in kube-proxy. The EndpointSlice feature gate that used to control this behavior no longer affects kube-proxy. This feature has been disabled by default. (#86137, @robscott)

kubeadm:

  • command line option "kubelet-version" for kubeadm upgrade node has been deprecated and will be removed in a future release. (#87942, @SataQiu) [SIG Cluster Lifecycle]
  • deprecate the usage of the experimental flag '--use-api' under the 'kubeadm alpha certs renew' command. (#88827, @neolit123) [SIG Cluster Lifecycle]
  • kube-dns is deprecated and will not be supported in a future version (#86574, @SataQiu) [SIG Cluster Lifecycle]
  • the ClusterStatus struct present in the kubeadm-config ConfigMap is deprecated and will be removed in a future version. It is going to be maintained by kubeadm until it gets removed. The same information can be found on etcd and kube-apiserver pod annotations, kubeadm.kubernetes.io/etcd.advertise-client-urls and kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint respectively. (#87656, @ereslibre) [SIG Cluster Lifecycle]

kubectl:

  • the boolean and unset values for the --dry-run flag are deprecated and a value --dry-run=server|client|none will be required in a future version. (#87580, @julianvmodesto) [SIG CLI]
  • kubectl apply --server-dry-run is deprecated and replaced with --dry-run=server (#87580, @julianvmodesto) [SIG CLI]

add-ons:

  • Remove cluster-monitoring addon (#85512, @serathius) [SIG Cluster Lifecycle, Instrumentation, Scalability and Testing]

kube-scheduler:

  • The scheduling_duration_seconds summary metric is deprecated (#86586, @xiaoanyunfei) [SIG Scheduling]
  • The scheduling_algorithm_predicate_evaluation_seconds and scheduling_algorithm_priority_evaluation_seconds metrics are deprecated, replaced by framework_extension_point_duration_seconds[extension_point="Filter"] and framework_extension_point_duration_seconds[extension_point="Score"]. (#86584, @xiaoanyunfei) [SIG Scheduling]
  • AlwaysCheckAllPredicates is deprecated in scheduler Policy API. (#86369, @Huang-Wei) [SIG Scheduling]

Other deprecations:

  • The k8s.io/node-api component is no longer updated. Instead, use the RuntimeClass types located within k8s.io/api, and the generated clients located within k8s.io/client-go (#87503, @liggitt) [SIG Node and Release]
  • Removed the 'client' label from apiserver_request_total. (#87669, @logicalhan) [SIG API Machinery and Instrumentation]

1.4.2. API Change

New API types/versions:

  • A new IngressClass resource has been added to enable better Ingress configuration. (#88509, @robscott) [SIG API Machinery, Apps, CLI, Network, Node and Testing]
  • The CSIDriver API has graduated to storage.k8s.io/v1, and is now available for use. (#84814, @huffmanca) [SIG Storage]

New API fields:

  • autoscaling/v2beta2 HorizontalPodAutoscaler added a spec.behavior field that allows scale behavior to be configured. Behaviors are specified separately for scaling up and down. In each direction a stabilization window can be specified as well as a list of policies and how to select amongst them. Policies can limit the absolute number of pods added or removed, or the percentage of pods added or removed. (#74525, @gliush) [SIG API Machinery, Apps, Autoscaling and CLI]
  • Ingress:

    • spec.ingressClassName replaces the deprecated kubernetes.io/ingress.class annotation, and allows associating an Ingress object with a particular controller.
    • path definitions added a pathType field to allow indicating how the specified path should be matched against incoming requests. Valid values are Exact, Prefix, and ImplementationSpecific (#88587, @cmluciano) [SIG Apps, Cluster Lifecycle and Network]
  • The alpha feature AnyVolumeDataSource enables PersistentVolumeClaim objects to use the spec.dataSource field to reference a custom type as a data source (#88636, @bswartz) [SIG Apps and Storage]

  • The alpha feature ConfigurableFSGroupPolicy enables v1 Pods to specify a spec.securityContext.fsGroupChangePolicy policy to control how file permissions are applied to volumes mounted into the pod. (#88488, @gnufied) [SIG Storage]
  • The alpha feature ServiceAppProtocol enables setting an appProtocol field in ServicePort and EndpointPort definitions. (#88503, @robscott) [SIG Apps and Network]
  • The alpha feature ImmutableEphemeralVolumes enables an immutable field in both Secret and ConfigMap objects to mark their contents as immutable. (#86377, @wojtek-t) [SIG Apps, CLI and Testing]

Other API changes:

  • The beta feature ServerSideApply enables tracking and managing changed fields for all new objects, which means there will be managedFields in metadata with the list of managers and their owned fields.
  • The alpha feature ServiceAccountIssuerDiscovery enables publishing OIDC discovery information and service account token verification keys at /.well-known/openid-configuration and /openid/v1/jwks endpoints by API servers configured to issue service account tokens. (#80724, @cceckman) [SIG API Machinery, Auth, Cluster Lifecycle and Testing]
  • CustomResourceDefinition schemas that use x-kubernetes-list-map-keys to specify properties that uniquely identify list items must make those properties required or have a default value, to ensure those properties are present for all list items. See https://kubernetes.io/docs/reference/using-api/api-concepts/#merge-strategy for details. (#88076, @eloyekunle) [SIG API Machinery and Testing]
  • CustomResourceDefinition schemas that use x-kubernetes-list-type: map or x-kubernetes-list-type: set now enable validation that the list items in the corresponding custom resources are unique. (#84920, @sttts) [SIG API Machinery]

kube-apiserver:

  • The --egress-selector-config-file configuration file now accepts an apiserver.k8s.io/v1beta1 EgressSelectorConfiguration configuration object, and has been updated to allow specifying HTTP or GRPC connections to the network proxy (#87179, @Jefftree) [SIG API Machinery, Cloud Provider and Cluster Lifecycle]

kube-scheduler:

  • A kubescheduler.config.k8s.io/v1alpha2 configuration file version is now accepted, with support for multiple scheduling profiles (#87628, @alculquicondor) [SIG Scheduling]
    • HardPodAffinityWeight moved from a top level ComponentConfig parameter to a PluginConfig parameter of InterPodAffinity Plugin in kubescheduler.config.k8s.io/v1alpha2 (#88002, @alculquicondor) [SIG Scheduling and Testing]
    • Kube-scheduler can run more than one scheduling profile. Given a pod, the profile is selected by using its .spec.schedulerName. (#88285, @alculquicondor) [SIG Apps, Scheduling and Testing]
    • Scheduler Extenders can now be configured in the v1alpha2 component config (#88768, @damemi) [SIG Release, Scheduling and Testing]
    • The PostFilter of scheduler framework is renamed to PreScore in kubescheduler.config.k8s.io/v1alpha2. (#87751, @skilxn-go) [SIG Scheduling and Testing]

kube-proxy:

  • Added kube-proxy flags --ipvs-tcp-timeout, --ipvs-tcpfin-timeout, --ipvs-udp-timeout to configure IPVS connection timeouts. (#85517, @andrewsykim) [SIG Cluster Lifecycle and Network]
  • Added optional --detect-local-mode flag to kube-proxy. Valid values are "ClusterCIDR" (default matching previous behavior) and "NodeCIDR" (#87748, @satyasm) [SIG Cluster Lifecycle, Network and Scheduling]
  • Kube-controller-manager and kube-scheduler expose profiling by default to match the kube-apiserver. Use --profiling=false to disable. (#88663, @deads2k) [SIG API Machinery, Cloud Provider and Scheduling]
  • Kubelet pod resources API now provides the information about active pods only. (#79409, @takmatsu) [SIG Node]
  • New flag --endpointslice-updates-batch-period in kube-controller-manager can be used to reduce the number of endpointslice updates generated by pod changes. (#88745, @mborsz) [SIG API Machinery, Apps and Network]
  • New flag --show-hidden-metrics-for-version in kube-proxy, kubelet, kube-controller-manager, and kube-scheduler can be used to show all hidden metrics that are deprecated in the previous minor release. (#85279, @RainbowMango) [SIG Cluster Lifecycle and Network]

Features graduated to beta:

Features graduated to GA:

  • VolumePVCDataSource (#88686, @j-griffith) [SIG Storage]
  • TaintBasedEvictions (#87487, @skilxn-go) [SIG API Machinery, Apps, Node, Scheduling and Testing]
  • BlockVolume and CSIBlockVolume (#88673, @jsafrane) [SIG Storage]
  • Windows RunAsUserName (#87790, @marosset) [SIG Apps and Windows]
    • The following feature gates are removed, because the associated features were unconditionally enabled in previous releases: CustomResourceValidation, CustomResourceSubresources, CustomResourceWebhookConversion, CustomResourcePublishOpenAPI, CustomResourceDefaulting (#87475, @liggitt) [SIG API Machinery]

1.4.3. Feature

  • API request throttling (due to a high rate of requests) is now reported in client-go logs at log level 2. The messages are of the form:Throttling request took 1.50705208s, request: GET:<URL> The presence of these messages may indicate to the administrator the need to tune the cluster accordingly. (#87740, @jennybuckley) [SIG API Machinery]
  • Add support for mount options to the FC volume plugin (#87499, @ejweber) [SIG Storage]
  • Added a config-mode flag in azure auth module to enable getting AAD token without spn: prefix in audience claim. When it's not specified, the default behavior doesn't change. (#87630, @weinong) [SIG API Machinery, Auth, CLI and Cloud Provider]
  • Allow for configuration of CoreDNS replica count (#85837, @pickledrick) [SIG Cluster Lifecycle]
  • Allow user to specify resource using --filename flag when invoking kubectl exec (#88460, @soltysh) [SIG CLI and Testing]
  • Apiserver added a new flag --goaway-chance which is the fraction of requests that will be closed gracefully(GOAWAY) to prevent HTTP/2 clients from getting stuck on a single apiserver. (#88567, @answer1991) [SIG API Machinery]
  • Azure Cloud Provider now supports using Azure network resources (Virtual Network, Load Balancer, Public IP, Route Table, Network Security Group, etc.) in different AAD Tenant and Subscription than those for the Kubernetes cluster. To use the feature, please reference https://kubernetes-sigs.github.io/cloud-provider-azure/install/configs/#host-network-resources-in-different-aad-tenant-and-subscription. (#88384, @bowen5) [SIG Cloud Provider]
  • Azure VMSS/VMSSVM clients now suppress requests on throttling (#86740, @feiskyer) [SIG Cloud Provider]
  • Azure cloud provider cache TTL is configurable, list of the azure cloud provider is as following:

    • "availabilitySetNodesCacheTTLInSeconds"
    • "vmssCacheTTLInSeconds"
    • "vmssVirtualMachinesCacheTTLInSeconds"
    • "vmCacheTTLInSeconds"
    • "loadBalancerCacheTTLInSeconds"
    • "nsgCacheTTLInSeconds"
    • "routeTableCacheTTLInSeconds" (#86266, @zqingqing1) [SIG Cloud Provider]
  • Azure global rate limit is switched to per-client. A set of new rate limit configure options are introduced, including routeRateLimit, SubnetsRateLimit, InterfaceRateLimit, RouteTableRateLimit, LoadBalancerRateLimit, PublicIPAddressRateLimit, SecurityGroupRateLimit, VirtualMachineRateLimit, StorageAccountRateLimit, DiskRateLimit, SnapshotRateLimit, VirtualMachineScaleSetRateLimit and VirtualMachineSizeRateLimit. The original rate limit options would be default values for those new client's rate limiter. (#86515, @feiskyer) [SIG Cloud Provider]

  • Azure network and VM clients now suppress requests on throttling (#87122, @feiskyer) [SIG Cloud Provider]
  • Azure storage clients now suppress requests on throttling (#87306, @feiskyer) [SIG Cloud Provider]
  • Azure: add support for single stack IPv6 (#88448, @aramase) [SIG Cloud Provider]
  • DefaultConstraints can be specified for PodTopologySpread Plugin in the scheduler’s ComponentConfig (#88671, @alculquicondor) [SIG Scheduling]
  • DisableAvailabilitySetNodes is added to avoid VM list for VMSS clusters. It should only be used when vmType is "vmss" and all the nodes (including control plane nodes) are VMSS virtual machines. (#87685, @feiskyer) [SIG Cloud Provider]
  • Elasticsearch supports automatically setting the advertise address (#85944, @SataQiu) [SIG Cluster Lifecycle and Instrumentation]
  • EndpointSlices will now be enabled by default. A new EndpointSliceProxying feature gate determines if kube-proxy will use EndpointSlices, this is disabled by default. (#86137, @robscott) [SIG Network]
  • Kube-proxy: Added dual-stack IPv4/IPv6 support to the iptables proxier. (#82462, @vllry) [SIG Network]
  • Kubeadm now supports automatic calculations of dual-stack node cidr masks to kube-controller-manager. (#85609, @Arvinderpal) [SIG Cluster Lifecycle]
  • Kubeadm: add a upgrade health check that deploys a Job (#81319, @neolit123) [SIG Cluster Lifecycle]
  • Kubeadm: add the experimental feature gate PublicKeysECDSA that can be used to create a cluster with ECDSA certificates from "kubeadm init". Renewal of existing ECDSA certificates is also supported using "kubeadm alpha certs renew", but not switching between the RSA and ECDSA algorithms on the fly or during upgrades. (#86953, @rojkov) [SIG API Machinery, Auth and Cluster Lifecycle]
  • Kubeadm: implemented structured output of 'kubeadm config images list' command in JSON, YAML, Go template and JsonPath formats (#86810, @bart0sh) [SIG Cluster Lifecycle]
  • Kubeadm: on kubeconfig certificate renewal, keep the embedded CA in sync with the one on disk (#88052, @neolit123) [SIG Cluster Lifecycle]
  • Kubeadm: reject a node joining the cluster if a node with the same name already exists (#81056, @neolit123) [SIG Cluster Lifecycle]
  • Kubeadm: support Windows specific kubelet flags in kubeadm-flags.env (#88287, @gab-satchi) [SIG Cluster Lifecycle and Windows]
  • Kubeadm: support automatic retry after failing to pull image (#86899, @SataQiu) [SIG Cluster Lifecycle]
  • Kubeadm: upgrade supports fallback to the nearest known etcd version if an unknown k8s version is passed (#88373, @SataQiu) [SIG Cluster Lifecycle]
  • Kubectl/drain: add disable-eviction option.Force drain to use delete, even if eviction is supported. This will bypass checking PodDisruptionBudgets, and should be used with caution. (#85571, @michaelgugino) [SIG CLI]
  • Kubectl/drain: add skip-wait-for-delete-timeout option. If a pod’s DeletionTimestamp is older than N seconds, skip waiting for the pod. Seconds must be greater than 0 to skip. (#85577, @michaelgugino) [SIG CLI]
  • Option preConfiguredBackendPoolLoadBalancerTypes is added to azure cloud provider for the pre-configured load balancers, possible values: "", "internal", "external","all" (#86338, @gossion) [SIG Cloud Provider]
  • PodTopologySpread plugin now excludes terminatingPods when making scheduling decisions. (#87845, @Huang-Wei) [SIG Scheduling]
  • Provider/azure: Network security groups can now be in a separate resource group. (#87035, @CecileRobertMichon) [SIG Cloud Provider]
  • SafeSysctlWhitelist: add net.ipv4.ping_group_range (#85463, @AkihiroSuda) [SIG Auth]
  • Scheduler framework permit plugins now run at the end of the scheduling cycle, after reserve plugins. Waiting on permit will remain in the beginning of the binding cycle. (#88199, @mateuszlitwin) [SIG Scheduling]
  • Scheduler: Add DefaultBinder plugin (#87430, @alculquicondor) [SIG Scheduling and Testing]
  • Skip default spreading scoring plugin for pods that define TopologySpreadConstraints (#87566, @skilxn-go) [SIG Scheduling]
  • The kubectl --dry-run flag now accepts the values 'client', 'server', and 'none', to support client-side and server-side dry-run strategies. The boolean and unset values for the --dry-run flag are deprecated and a value will be required in a future version. (#87580, @julianvmodesto) [SIG CLI]
  • Support server-side dry-run in kubectl with --dry-run=server for commands including apply, patch, create, run, annotate, label, set, autoscale, drain, rollout undo, and expose. (#87714, @julianvmodesto) [SIG API Machinery, CLI and Testing]
  • Add --dry-run=server|client to kubectl delete, taint, replace (#88292, @julianvmodesto) [SIG CLI and Testing]
  • The feature PodTopologySpread (feature gate EvenPodsSpread) has been enabled by default in 1.18. (#88105, @Huang-Wei) [SIG Scheduling and Testing]
  • The kubelet and the default docker runtime now support running ephemeral containers in the Linux process namespace of a target container. Other container runtimes must implement support for this feature before it will be available for that runtime. (#84731, @verb) [SIG Node]
  • The underlying format of the CPUManager state file has changed. Upgrades should be seamless, but any third-party tools that rely on reading the previous format need to be updated. (#84462, @klueska) [SIG Node and Testing]
  • Update CNI version to v0.8.5 (#78819, @justaugustus) [SIG API Machinery, Cluster Lifecycle, Network, Release and Testing]
  • Webhooks have alpha support for network proxy (#85870, @Jefftree) [SIG API Machinery, Auth and Testing]
  • When client certificate files are provided, reload files for new connections, and close connections when a certificate changes. (#79083, @jackkleeman) [SIG API Machinery, Auth, Node and Testing]
  • When deleting objects using kubectl with the --force flag, you are no longer required to also specify --grace-period=0. (#87776, @brianpursley) [SIG CLI]
  • Windows nodes on GCE can use virtual TPM-based authentication to the control plane. (#85466, @pjh) [SIG Cluster Lifecycle]
  • You can now pass "--node-ip ::" to kubelet to indicate that it should autodetect an IPv6 address to use as the node's primary address. (#85850, @danwinship) [SIG Cloud Provider, Network and Node]
  • kubectl now contains a kubectl alpha debug command. This command allows attaching an ephemeral container to a running pod for the purposes of debugging. (#88004, @verb) [SIG CLI]
  • TLS Server Name overrides can now be specified in a kubeconfig file and via --tls-server-name in kubectl (#88769, @deads2k) [SIG API Machinery, Auth and CLI]

Metrics:

  • Add rest_client_rate_limiter_duration_seconds metric to component-base to track client side rate limiter latency in seconds. Broken down by verb and URL. (#88134, @jennybuckley) [SIG API Machinery, Cluster Lifecycle and Instrumentation]
  • Added two client certificate metrics for exec auth:

    • rest_client_certificate_expiration_seconds a gauge reporting the lifetime of the current client certificate. Reports the time of expiry in seconds since January 1, 1970 UTC.
    • rest_client_certificate_rotation_age a histogram reporting the age of a just rotated client certificate in seconds. (#84382, @sambdavidson) [SIG API Machinery, Auth, Cluster Lifecycle and Instrumentation]
  • Controller manager serve workqueue metrics (#87967, @zhan849) [SIG API Machinery]

  • Following metrics have been turned off:

    • kubelet_pod_worker_latency_microseconds
    • kubelet_pod_start_latency_microseconds
    • kubelet_cgroup_manager_latency_microseconds
    • kubelet_pod_worker_start_latency_microseconds
    • kubelet_pleg_relist_latency_microseconds
    • kubelet_pleg_relist_interval_microseconds
    • kubelet_eviction_stats_age_microseconds
    • kubelet_runtime_operations
    • kubelet_runtime_operations_latency_microseconds
    • kubelet_runtime_operations_errors
    • kubelet_device_plugin_registration_count
    • kubelet_device_plugin_alloc_latency_microseconds
    • kubelet_docker_operations
    • kubelet_docker_operations_latency_microseconds
    • kubelet_docker_operations_errors
    • kubelet_docker_operations_timeout
    • network_plugin_operations_latency_microseconds (#83841, @RainbowMango) [SIG Network and Node]
  • Kube-apiserver metrics will now include request counts, latencies, and response sizes for /healthz, /livez, and /readyz requests. (#83598, @jktomer) [SIG API Machinery]

  • Kubelet now exports a server_expiration_renew_failure and client_expiration_renew_failure metric counter if the certificate rotations cannot be performed. (#84614, @rphillips) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Release]
  • Kubelet: the metric process_start_time_seconds be marked as with the ALPHA stability level. (#85446, @RainbowMango) [SIG API Machinery, Cluster Lifecycle, Instrumentation and Node]
  • New metric kubelet_pleg_last_seen_seconds to aid diagnosis of PLEG not healthy issues. (#86251, @bboreham) [SIG Node]

1.5. Dependencies

  • Update Calico to v3.8.4 (#84163, @david-tigera)[SIG Cluster Lifecycle]
  • Update aws-sdk-go dependency to v1.28.2 (#87253, @SaranBalaji90)[SIG API Machinery and Cloud Provider]
  • Update CNI version to v0.8.5 (#78819, @justaugustus)[SIG Release, Testing, Network, Cluster Lifecycle and API Machinery]
  • Update cri-tools to v1.17.0 (#86305, @saschagrunert)[SIG Release and Cluster Lifecycle]
  • Pause image upgraded to 3.2 in kubelet and kubeadm (#88173, @BenTheElder)[SIG CLI, Node, Testing and Cluster Lifecycle]
  • Update CoreDNS version to 1.6.7 in kubeadm (#86260, @rajansandeep)[SIG Cluster Lifecycle]
  • Update golang.org/x/crypto to fix CVE-2020-9283 (#8838, @BenTheElder)[SIG CLI, Instrumentation, API Machinery, CLuster Lifecycle and Cloud Provider]
  • Update Go to 1.13.8 (#87648, @ialidzhikov)[SIG Release and Testing]
  • Update Cluster-Autoscaler to 1.18.0 (#89095, @losipiuk)[SIG Autoscaling and Cluster Lifecycle]
Copyright © 温玉 2021 | 浙ICP备2020032454号 all right reserved,powered by Gitbook该文件修订时间: 2022-03-15 06:39:38

results matching ""

    No results matching ""