CHANGELOG.md

v19.15.0

• feat: Kubernetes API Version: v1.19.15

API Change

• We have added a new Priority & Fairness rule that exempts all probes (/readyz, /healthz, /livez) to prevent restarting of "healthy" kube-apiserver instance(s) by kubelet. (kubernetes/kubernetes#101113, @tkashem) [SIG API Machinery]
• Fixes using server-side apply with APIService resources (kubernetes/kubernetes#100713, @kevindelgado) [SIG API Machinery, Apps, Scheduling and Testing]
• Regenerate protobuf code to fix CVE-2021-3121 (kubernetes/kubernetes#100515, @joelsmith) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
• Kubernetes is now built using go1.15.8 (kubernetes/kubernetes#99093, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]
• Fix conversions for custom metrics. (kubernetes/kubernetes#94654, @wojtek-t) [SIG Instrumentation]
• A new alpha-level field, SupportsFsGroup, has been introduced for CSIDrivers to allow them to specify whether they support volume ownership and permission modifications. The CSIVolumeSupportFSGroup feature gate must be enabled to allow this field to be used. (kubernetes/kubernetes#92001, @huffmanca) [SIG API Machinery, CLI and Storage]
• Added pod version skew strategy for seccomp profile to synchronize the deprecated annotations with the new API Server fields. Please see the corresponding section in the KEP for more detailed explanations. (kubernetes/kubernetes#91408, @saschagrunert) [SIG Apps, Auth, CLI and Node]
• Adds the ability to disable Accelerator/GPU metrics collected by Kubelet (kubernetes/kubernetes#91930, @RenaudWasTaken) [SIG Node]
• Admission webhooks can now return warning messages that are surfaced to API clients, using the .response.warnings field in the admission review response. (kubernetes/kubernetes#92667, @liggitt) [SIG API Machinery and Testing]
• CertificateSigningRequest API conditions were updated:
  • a status field was added; this field defaults to True, and may only be set to True for Approved, Denied, and Failed conditions
  • a lastTransitionTime field was added
  • a Failed condition type was added to allow signers to indicate permanent failure; this condition can be added via the certificatesigningrequests/status subresource.
  • Approved and Denied conditions are mutually exclusive
  • Approved, Denied, and Failed conditions can no longer be removed from a CSR (kubernetes/kubernetes#90191, @liggitt) [SIG API Machinery, Apps, Auth, CLI and Node]
• Cluster admins can now turn off /logs endpoint in kubelet by setting enableSystemLogHandler to false in their kubelet configuration file. enableSystemLogHandler can be set to true only when enableDebuggingHandlers is also set to true. (kubernetes/kubernetes#87273, @SaranBalaji90) [SIG Node]
• Custom Endpoints are now mirrored to EndpointSlices by a new EndpointSliceMirroring controller. (kubernetes/kubernetes#91637, @robscott) [SIG API Machinery, Apps, Auth, Cloud Provider, Instrumentation, Network and Testing]
• CustomResourceDefinitions added support for marking versions as deprecated by setting spec.versions[*].deprecated to true, and for optionally overriding the default deprecation warning with a spec.versions[*].deprecationWarning field. (kubernetes/kubernetes#92329, @liggitt) [SIG API Machinery]
• EnvVarSource api doc bug fixes (kubernetes/kubernetes#91194, @wawa0210) [SIG Apps]
• Fix bug in reflector that couldn't recover from "Too large resource version" errors (kubernetes/kubernetes#92537, @wojtek-t) [SIG API Machinery]
• Fixed: log timestamps now include trailing zeros to maintain a fixed width (kubernetes/kubernetes#91207, @iamchuckss) [SIG Apps and Node]
• Generic ephemeral volumes, a new alpha feature under the GenericEphemeralVolume feature gate, provide a more flexible alternative to EmptyDir volumes: as with EmptyDir, volumes are created and deleted for each pod automatically by Kubernetes. But because the normal provisioning process is used (PersistentVolumeClaim), storage can be provided by third-party storage vendors and all of the usual volume features work. Volumes don't need to be empt; for example, restoring from snapshot is supported. (kubernetes/kubernetes#92784, @pohly) [SIG API Machinery, Apps, Auth, CLI, Instrumentation, Node, Scheduling, Storage and Testing]
• Go1.14.4 is now the minimum version required for building Kubernetes (kubernetes/kubernetes#92438, @liggitt) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Storage and Testing]
• Hide managedFields from kubectl edit command (kubernetes/kubernetes#91946, @soltysh) [SIG CLI]
• K8s.io/apimachinery - scheme.Convert() now uses only explicitly registered conversions - default reflection based conversion is no longer available. +k8s:conversion-gen tags can be used with the k8s.io/code-generator component to generate conversions. (kubernetes/kubernetes#90018, @wojtek-t) [SIG API Machinery, Apps and Testing]
• Kube-proxy: add --bind-address-hard-fail flag to treat failure to bind to a port as fatal (kubernetes/kubernetes#89350, @SataQiu) [SIG Cluster Lifecycle and Network]
• Kubebuilder validation tags are set on metav1.Condition for CRD generation (kubernetes/kubernetes#92660, @damemi) [SIG API Machinery]
• Kubelet's --runonce option is now also available in Kubelet's config file as runOnce. (kubernetes/kubernetes#89128, @vincent178) [SIG Node]
• Kubelet: add '--logging-format' flag to support structured logging (kubernetes/kubernetes#91532, @afrouzMashaykhi) [SIG API Machinery, Cluster Lifecycle, Instrumentation and Node]
• Kubernetes is now built with golang 1.15.0-rc.1.
  • The deprecated, legacy behavior of treating the CommonName field on X.509 serving certificates as a host name when no Subject Alternative Names are present is now disabled by default. It can be temporarily re-enabled by adding the value x509ignoreCN=0 to the GODEBUG environment variable. (kubernetes/kubernetes#93264, @justaugustus) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scalability, Storage and Testing]
• Promote Immutable Secrets/ConfigMaps feature to Beta and enable the feature by default. This allows to set Immutable field in Secrets or ConfigMap object to mark their contents as immutable. (kubernetes/kubernetes#89594, @wojtek-t) [SIG Apps and Testing]
• Remove BindTimeoutSeconds from schedule configuration KubeSchedulerConfiguration (kubernetes/kubernetes#91580, @cofyc) [SIG Scheduling and Testing]
• Remove kubescheduler.config.k8s.io/v1alpha1 (kubernetes/kubernetes#89298, @gavinfish) [SIG Scheduling]
• Reserve plugins that fail to reserve will trigger the unreserve extension point (kubernetes/kubernetes#92391, @adtac) [SIG Scheduling and Testing]
• Resolve regression in metadata.managedFields handling in update/patch requests submitted by older API clients (kubernetes/kubernetes#91748, @apelisse)
• Scheduler: optionally check for available storage capacity before scheduling pods which have unbound volumes (alpha feature with the new CSIStorageCapacity feature gate, only works for CSI drivers and depends on support for the feature in a CSI driver deployment) (kubernetes/kubernetes#92387, @pohly) [SIG API Machinery, Apps, Auth, Scheduling, Storage and Testing]
• Seccomp support has graduated to GA. A new seccompProfile field is added to pod and container securityContext objects. Support for seccomp.security.alpha.kubernetes.io/pod and container.seccomp.security.alpha.kubernetes.io/... annotations is deprecated, and will be removed in v1.22. (kubernetes/kubernetes#91381, @pjbgf) [SIG Apps, Auth, Node, Release, Scheduling and Testing]
• ServiceAppProtocol feature gate is now beta and enabled by default, adding new AppProtocol field to Services and Endpoints. (kubernetes/kubernetes#90023, @robscott) [SIG Apps and Network]
• SetHostnameAsFQDN is a new field in PodSpec. When set to true, the fully qualified domain name (FQDN) of a Pod is set as hostname of its containers. In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect. (kubernetes/kubernetes#91699, @javidiaz) [SIG Apps, Network, Node and Testing]
• The CertificateSigningRequest API is promoted to certificates.k8s.io/v1 with the following changes:
  • spec.signerName is now required, and requests for kubernetes.io/legacy-unknown are not allowed to be created via the certificates.k8s.io/v1 API
  • spec.usages is now required, may not contain duplicate values, and must only contain known usages
  • status.conditions may not contain duplicate types
  • status.conditions[*].status is now required
  • status.certificate must be PEM-encoded, and contain only CERTIFICATE blocks (kubernetes/kubernetes#91685, @liggitt) [SIG API Machinery, Architecture, Auth, CLI and Testing]
• The HugePageStorageMediumSize feature gate is now on by default allowing usage of multiple sizes huge page resources on a container level. (kubernetes/kubernetes#90592, @bart0sh) [SIG Node]
• The Kubelet's --node-status-max-images option is now available via the Kubelet config file field nodeStatusMaxImage (kubernetes/kubernetes#91275, @knabben) [SIG Node]
• The Kubelet's --seccomp-profile-root option is now marked as deprecated. (kubernetes/kubernetes#91182, @knabben) [SIG Node]
• The Kubelet's --bootstrap-checkpoint-path option is now removed. (kubernetes/kubernetes#91577, @knabben) [SIG Apps and Node]
• The Kubelet's --cloud-provider and --cloud-config options are now marked as deprecated. (kubernetes/kubernetes#90408, @knabben) [SIG Cloud Provider and Node]
• The Kubelet's --enable-server and --provider-id option is now available via the Kubelet config file field enableServer and providerID respectively. (kubernetes/kubernetes#90494, @knabben) [SIG Node]
• The Kubelet's --kernel-memcg-notification option is now available via the Kubelet config file field kernelMemcgNotification (kubernetes/kubernetes#91863, @knabben) [SIG Cloud Provider, Node and Testing]
• The Kubelet's --really-crash-for-testing and --chaos-chance options are now marked as deprecated. (kubernetes/kubernetes#90499, @knabben) [SIG Node]
• The Kubelet's --volume-plugin-dir option is now available via the Kubelet config file field VolumePluginDir. (kubernetes/kubernetes#88480, @savitharaghunathan) [SIG Node]
• The DefaultIngressClass feature is now GA. The --feature-gate parameter will be removed in 1.20. (kubernetes/kubernetes#91957, @cmluciano) [SIG API Machinery, Apps, Network and Testing]
• The alpha DynamicAuditing feature gate and auditregistration.k8s.io/v1alpha1 API have been removed and are no longer supported. (kubernetes/kubernetes#91502, @deads2k) [SIG API Machinery, Auth and Testing]
• The kube-controller-manager managed signers can now have distinct signing certificates and keys. See the help about --cluster-signing-[signer-name]-{cert,key}-file. --cluster-signing-{cert,key}-file is still the default. (kubernetes/kubernetes#90822, @deads2k) [SIG API Machinery, Apps and Auth]
• The unused series.state field, deprecated since v1.14, is removed from the events.k8s.io/v1beta1 and v1 Event types. (kubernetes/kubernetes#90449, @wojtek-t) [SIG Apps]
• Unreserve extension point for scheduler plugins is merged into Reserve extension point (kubernetes/kubernetes#92200, @adtac) [SIG Scheduling and Testing]
• Update Golang to v1.14.4 (kubernetes/kubernetes#88638, @justaugustus) [SIG API Machinery, Cloud Provider, Release and Testing]
• Updated the API documentation for Service.Spec.IPFamily to warn that its exact semantics will probably change before the dual-stack feature goes GA, and users should look at ClusterIP or Endpoints, not IPFamily, to figure out if an existing Service is IPv4, IPv6, or dual-stack. (kubernetes/kubernetes#91527, @danwinship) [SIG Apps and Network]
• Users can configure a resource prefix to ignore a group of resources. (kubernetes/kubernetes#88842, @angao) [SIG Node and Scheduling]
• Ingress and IngressClass resources have graduated to networking.k8s.io/v1. Ingress and IngressClass types in the extensions/v1beta1 and networking.k8s.io/v1beta1 API versions are deprecated and will no longer be served in 1.22+. Persisted objects can be accessed via the networking.k8s.io/v1 API. Notable changes in v1 Ingress objects (v1beta1 field names are unchanged):
  • spec.backend -> spec.defaultBackend
  • serviceName -> service.name
  • servicePort -> service.port.name (for string values)
  • servicePort -> service.port.number (for numeric values)
  • pathType no longer has a default value in v1; "Exact", "Prefix", or "ImplementationSpecific" must be specified Other Ingress API updates:
  • backends can now be resource or service backends
  • path is no longer required to be a valid regular expression (kubernetes/kubernetes#89778, @cmluciano) [SIG API Machinery, Apps, CLI, Network and Testing]
• NodeResourcesLeastAllocated and NodeResourcesMostAllocated plugins now support customized weight on the CPU and memory. (kubernetes/kubernetes#90544, @chendave) [SIG Scheduling]
• PostFilter type is added to scheduler component config API on version v1beta1. (kubernetes/kubernetes#91547, @Huang-Wei) [SIG Scheduling]
• RequestedToCapacityRatioArgs encoding is now strict (kubernetes/kubernetes#91603, @pancernik) [SIG Scheduling]
• v1beta1 Scheduler Extender encoding is case-sensitive (v1alpha1/v1alpha2 was case-insensitive), its httpTimeout field uses duration encoding (for example, one second is specified as "1s"), and the enableHttps field in v1alpha1/v1alpha2 was renamed to enableHTTPS. (kubernetes/kubernetes#91625, @pancernik) [SIG Scheduling]
• Adds the ability to disable Accelerator/GPU metrics collected by Kubelet (kubernetes/kubernetes#91930, @RenaudWasTaken) [SIG Node]
• Kubernetes is now built with golang 1.15.0-rc.1.
  • The deprecated, legacy behavior of treating the CommonName field on X.509 serving certificates as a host name when no Subject Alternative Names are present is now disabled by default. It can be temporarily re-enabled by adding the value x509ignoreCN=0 to the GODEBUG environment variable. (kubernetes/kubernetes#93264, @justaugustus) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scalability, Storage and Testing]
• A new alpha-level field, SupportsFsGroup, has been introduced for CSIDrivers to allow them to specify whether they support volume ownership and permission modifications. The CSIVolumeSupportFSGroup feature gate must be enabled to allow this field to be used. (kubernetes/kubernetes#92001, @huffmanca) [SIG API Machinery, CLI and Storage]
• The kube-controller-manager managed signers can now have distinct signing certificates and keys. See the help about --cluster-signing-[signer-name]-{cert,key}-file. --cluster-signing-{cert,key}-file is still the default. (kubernetes/kubernetes#90822, @deads2k) [SIG API Machinery, Apps and Auth]
• Added pod version skew strategy for seccomp profile to synchronize the deprecated annotations with the new API Server fields. Please see the corresponding section in the KEP for more detailed explanations. (kubernetes/kubernetes#91408, @saschagrunert) [SIG Apps, Auth, CLI and Node]
• Custom Endpoints are now mirrored to EndpointSlices by a new EndpointSliceMirroring controller. (kubernetes/kubernetes#91637, @robscott) [SIG API Machinery, Apps, Auth, Cloud Provider, Instrumentation, Network and Testing]
• Generic ephemeral volumes, a new alpha feature under the GenericEphemeralVolume feature gate, provide a more flexible alternative to EmptyDir volumes: as with EmptyDir, volumes are created and deleted for each pod automatically by Kubernetes. But because the normal provisioning process is used (PersistentVolumeClaim), storage can be provided by third-party storage vendors and all of the usual volume features work. Volumes don't need to be empt; for example, restoring from snapshot is supported. (kubernetes/kubernetes#92784, @pohly) [SIG API Machinery, Apps, Auth, CLI, Instrumentation, Node, Scheduling, Storage and Testing]
• Remove BindTimeoutSeconds from schedule configuration KubeSchedulerConfiguration (kubernetes/kubernetes#91580, @cofyc) [SIG Scheduling and Testing]
• Resolve regression in metadata.managedFields handling in update/patch requests submitted by older API clients (kubernetes/kubernetes#91748, @apelisse) [SIG API Machinery and Testing]
• The CertificateSigningRequest API is promoted to certificates.k8s.io/v1 with the following changes:
  • spec.signerName is now required, and requests for kubernetes.io/legacy-unknown are not allowed to be created via the certificates.k8s.io/v1 API
  • spec.usages is now required, may not contain duplicate values, and must only contain known usages
  • status.conditions may not contain duplicate types
  • status.conditions[*].status is now required
  • status.certificate must be PEM-encoded, and contain only CERTIFICATE blocks (kubernetes/kubernetes#91685, @liggitt) [SIG API Machinery, Architecture, Auth, CLI and Testing]
• The Kubelet's --cloud-provider and --cloud-config options are now marked as deprecated. (kubernetes/kubernetes#90408, @knabben) [SIG Cloud Provider and Node]
• CertificateSigningRequest API conditions were updated:
  • a status field was added; this field defaults to True, and may only be set to True for Approved, Denied, and Failed conditions
  • a lastTransitionTime field was added
  • a Failed condition type was added to allow signers to indicate permanent failure; this condition can be added via the certificatesigningrequests/status subresource.
  • Approved and Denied conditions are mutually exclusive
  • Approved, Denied, and Failed conditions can no longer be removed from a CSR (kubernetes/kubernetes#90191, @liggitt) [SIG API Machinery, Apps, Auth, CLI and Node]
• EnvVarSource api doc bug fixes (kubernetes/kubernetes#91194, @wawa0210) [SIG Apps]
• Fixed: log timestamps now include trailing zeros to maintain a fixed width (kubernetes/kubernetes#91207, @iamchuckss) [SIG Apps and Node]
• The Kubelet's --node-status-max-images option is now available via the Kubelet config file field nodeStatusMaxImage (kubernetes/kubernetes#91275, @knabben) [SIG Node]
• The Kubelet's --seccomp-profile-root option is now available via the Kubelet config file field seccompProfileRoot. (kubernetes/kubernetes#91182, @knabben) [SIG Node]
• The Kubelet's --enable-server and --provider-id option is now available via the Kubelet config file field enableServer and providerID respectively. (kubernetes/kubernetes#90494, @knabben) [SIG Node]
• The Kubelet's --really-crash-for-testing and --chaos-chance options are now marked as deprecated. (kubernetes/kubernetes#90499, @knabben) [SIG Node]
• The alpha DynamicAuditing feature gate and auditregistration.k8s.io/v1alpha1 API have been removed and are no longer supported. (kubernetes/kubernetes#91502, @deads2k) [SIG API Machinery, Auth and Testing]
• NodeResourcesLeastAllocated and NodeResourcesMostAllocated plugins now support customized weight on the CPU and memory. (kubernetes/kubernetes#90544, @chendave) [SIG Scheduling]
• PostFilter type is added to scheduler component config API on version v1beta1. (kubernetes/kubernetes#91547, @Huang-Wei) [SIG Scheduling]
• kubescheduler.config.k8s.io is now beta (kubernetes/kubernetes#91420, @pancernik) [SIG Scheduling]
• EnvVarSource api doc bug fixes (kubernetes/kubernetes#91194, @wawa0210) [SIG Apps]
• The Kubelet's --really-crash-for-testing and --chaos-chance options are now marked as deprecated. (kubernetes/kubernetes#90499, @knabben) [SIG Node]
• NodeResourcesLeastAllocated and NodeResourcesMostAllocated plugins now support customized weight on the CPU and memory. (kubernetes/kubernetes#90544, @chendave) [SIG Scheduling]
• K8s.io/apimachinery - scheme.Convert() now uses only explicitly registered conversions - default reflection based conversion is no longer available. +k8s:conversion-gen tags can be used with the k8s.io/code-generator component to generate conversions. (kubernetes/kubernetes#90018, @wojtek-t) [SIG API Machinery, Apps and Testing]
• Kubelet's --runonce option is now also available in Kubelet's config file as runOnce. (kubernetes/kubernetes#89128, @vincent178) [SIG Node]
• Promote Immutable Secrets/ConfigMaps feature to Beta and enable the feature by default. This allows to set Immutable field in Secrets or ConfigMap object to mark their contents as immutable. (kubernetes/kubernetes#89594, @wojtek-t) [SIG Apps and Testing]
• The unused series.state field, deprecated since v1.14, is removed from the events.k8s.io/v1beta1 and v1 Event types. (kubernetes/kubernetes#90449, @wojtek-t) [SIG Apps]
• Kube-proxy: add --bind-address-hard-fail flag to treat failure to bind to a port as fatal (kubernetes/kubernetes#89350, @SataQiu) [SIG Cluster Lifecycle and Network]
• Remove kubescheduler.config.k8s.io/v1alpha1 (kubernetes/kubernetes#89298, @gavinfish) [SIG Scheduling]
• ServiceAppProtocol feature gate is now beta and enabled by default, adding new AppProtocol field to Services and Endpoints. (kubernetes/kubernetes#90023, @robscott) [SIG Apps and Network]
• The Kubelet's --volume-plugin-dir option is now available via the Kubelet config file field VolumePluginDir. (kubernetes/kubernetes#88480, @savitharaghunathan) [SIG Node]
• A new IngressClass resource has been added to enable better Ingress configuration. (kubernetes/kubernetes#88509, @robscott) [SIG API Machinery, Apps, CLI, Network, Node and Testing]
• API additions to apiserver types (kubernetes/kubernetes#87179, @Jefftree) [SIG API Machinery, Cloud Provider and Cluster Lifecycle]
• Add Scheduling Profiles to kubescheduler.config.k8s.io/v1alpha2 (kubernetes/kubernetes#88087, @alculquicondor) [SIG Scheduling and Testing]
• Added GenericPVCDataSource feature gate to enable using arbitrary custom resources as the data source for a PVC. (kubernetes/kubernetes#88636, @bswartz) [SIG Apps and Storage]
• Added support for multiple sizes huge pages on a container level (kubernetes/kubernetes#84051, @bart0sh) [SIG Apps, Node and Storage]
• Allow user to specify fsgroup permission change policy for pods (kubernetes/kubernetes#88488, @gnufied) [SIG Apps and Storage]
• AppProtocol is a new field on Service and Endpoints resources, enabled with the ServiceAppProtocol feature gate. (kubernetes/kubernetes#88503, @robscott) [SIG Apps and Network]
• BlockVolume and CSIBlockVolume features are now GA. (kubernetes/kubernetes#88673, @jsafrane) [SIG Apps, Node and Storage]
• Consumers of the 'certificatesigningrequests/approval' API must now grant permission to 'approve' CSRs for the 'signerName' specified on the CSR. More information on the new signerName field can be found at https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1513-certificate-signing-request/README.md/#signers (kubernetes/kubernetes#88246, @munnerz) [SIG API Machinery, Apps, Auth, CLI, Node and Testing]
• CustomResourceDefinition schemas that use x-kubernetes-list-map-keys to specify properties that uniquely identify list items must make those properties required or have a default value, to ensure those properties are present for all list items. See https://kubernetes.io/docs/reference/using-api/api-concepts/#merge-strategy for details. (kubernetes/kubernetes#88076, @eloyekunle) [SIG API Machinery and Testing]
• Fixed missing validation of uniqueness of list items in lists with x-kubernetes-list-type: map or x-kubernetes-list-type: set in CustomResources. (kubernetes/kubernetes#84920, @sttts) [SIG API Machinery]
• Fixes a regression with clients prior to 1.15 not being able to update podIP in pod status, or podCIDR in node spec, against >= 1.16 API servers (kubernetes/kubernetes#88505, @liggitt) [SIG Apps and Network]
• Ingress: Add Exact and Prefix maching to Ingress PathTypes (kubernetes/kubernetes#88587, @cmluciano) [SIG Apps, Cluster Lifecycle and Network]
• Ingress: Add alternate backends via TypedLocalObjectReference (kubernetes/kubernetes#88775, @cmluciano) [SIG Apps and Network]
• Ingress: allow wildcard hosts in IngressRule (kubernetes/kubernetes#88858, @cmluciano) [SIG Network]
• Introduces optional --detect-local flag to kube-proxy. Currently the only supported value is "cluster-cidr", which is the default if not specified. (kubernetes/kubernetes#87748, @satyasm) [SIG Cluster Lifecycle, Network and Scheduling]
• Kube-controller-manager and kube-scheduler expose profiling by default to match the kube-apiserver. Use --profiling=false to disable. (kubernetes/kubernetes#88663, @deads2k) [SIG API Machinery, Cloud Provider and Scheduling]
• Kube-scheduler can run more than one scheduling profile. Given a pod, the profile is selected by using its .spec.SchedulerName. (kubernetes/kubernetes#88285, @alculquicondor) [SIG Apps, Scheduling and Testing]
• Move TaintBasedEvictions feature gates to GA (kubernetes/kubernetes#87487, @skilxn-go) [SIG API Machinery, Apps, Node, Scheduling and Testing]
• Moving Windows RunAsUserName feature to GA (kubernetes/kubernetes#87790, @marosset) [SIG Apps and Windows]
• New flag --endpointslice-updates-batch-period in kube-controller-manager can be used to reduce number of endpointslice updates generated by pod changes. (kubernetes/kubernetes#88745, @mborsz) [SIG API Machinery, Apps and Network]
• New flag --show-hidden-metrics-for-version in kubelet can be used to show all hidden metrics that deprecated in the previous minor release. (kubernetes/kubernetes#85282, @serathius) [SIG Node]
• Removes ConfigMap as suggestion for IngressClass parameters (kubernetes/kubernetes#89093, @robscott) [SIG Network]
• Scheduler Extenders can now be configured in the v1alpha2 component config (kubernetes/kubernetes#88768, @damemi) [SIG Release, Scheduling and Testing]
• The apiserver/v1alph1 #EgressSelectorConfiguration API is now beta. (kubernetes/kubernetes#88502, @caesarxuchao) [SIG API Machinery]
• The storage.k8s.io/CSIDriver has moved to GA, and is now available for use. (kubernetes/kubernetes#84814, @huffmanca) [SIG API Machinery, Apps, Auth, Node, Scheduling, Storage and Testing]
• VolumePVCDataSource moves to GA in 1.18 release (kubernetes/kubernetes#88686, @j-griffith) [SIG Apps, CLI and Cluster Lifecycle]

v18.20.1

• feat: load kubeconfig from dict (#169, @tomplus)

v18.20.0

Important Information:

The library versioning scheme has been changed. Starting from this release, the library uses a version format vY.Z.P where Y and Z are respectively from the Kubernetes version v1.Y.Z and P would incremented due to changes on the library side itself. Ref: kubernetes-client/python#1244

API Deprecations:

• The following deprecated APIs can no longer be served:
• All resources under apps/v1beta1 and apps/v1beta2 - use apps/v1 instead
• daemonsets, deployments, replicasets resources under extensions/v1beta1 - use apps/v1 instead
• networkpolicies resources under extensions/v1beta1 - use networking.k8s.io/v1 instead
• podsecuritypolicies resources under extensions/v1beta1 - use policy/v1beta1 instead (#85903, @liggitt) [SIG API Machinery, Apps, Cluster Lifecycle, Instrumentation and Testing]

API Change:

• Fix bug in reflector that couldn't recover from "Too large resource version" errors (#92537, @wojtek-t) [SIG API Machinery]
• Fixed: log timestamps now include trailing zeros to maintain a fixed width (#91207, @iamchuckss) [SIG Apps and Node]
• Fixed: log timestamps now include trailing zeros to maintain a fixed width (#91207, @iamchuckss) [SIG Apps and Node]
• Resolve regression in metadata.managedFields handling in update/patch requests submitted by older API clients (#92007, @apelisse) [SIG API Machinery and Testing]
• A new IngressClass resource has been added to enable better Ingress configuration. (#88509, @robscott) [SIG API Machinery, Apps, CLI, Network, Node and Testing]
• The CSIDriver API has graduated to storage.k8s.io/v1, and is now available for use. (#84814, @huffmanca) [SIG Storage]
• autoscaling/v2beta2 HorizontalPodAutoscaler added a spec.behavior field that allows scale behavior to be configured. Behaviors are specified separately for scaling up and down. In each direction a stabilization window can be specified as well as a list of policies and how to select amongst them. Policies can limit the absolute number of pods added or removed, or the percentage of pods added or removed. (#74525, @gliush) [SIG API Machinery, Apps, Autoscaling and CLI]
• Ingress:
  • spec.ingressClassName replaces the deprecated kubernetes.io/ingress.class annotation, and allows associating an Ingress object with a particular controller.
  • path definitions added a pathType field to allow indicating how the specified path should be matched against incoming requests. Valid values are Exact, Prefix, and ImplementationSpecific (#88587, @cmluciano) [SIG Apps, Cluster Lifecycle and Network]
• The alpha feature AnyVolumeDataSource enables PersistentVolumeClaim objects to use the spec.dataSource field to reference a custom type as a data source (#88636, @bswartz) [SIG Apps and Storage]
• The alpha feature ConfigurableFSGroupPolicy enables v1 Pods to specify a spec.securityContext.fsGroupChangePolicy policy to control how file permissions are applied to volumes mounted into the pod. (#88488, @gnufied) [SIG Storage]
• The alpha feature ServiceAppProtocol enables setting an appProtocol field in ServicePort and EndpointPort definitions. (#88503, @robscott) [SIG Apps and Network]
• The alpha feature ImmutableEphemeralVolumes enables an immutable field in both Secret and ConfigMap objects to mark their contents as immutable. (#86377, @wojtek-t) [SIG Apps, CLI and Testing]
• The beta feature ServerSideApply enables tracking and managing changed fields for all new objects, which means there will be managedFields in metadata with the list of managers and their owned fields.
• The alpha feature ServiceAccountIssuerDiscovery enables publishing OIDC discovery information and service account token verification keys at /.well-known/openid-configuration and /openid/v1/jwks endpoints by API servers configured to issue service account tokens. (#80724, @cceckman) [SIG API Machinery, Auth, Cluster Lifecycle and Testing]
• CustomResourceDefinition schemas that use x-kubernetes-list-map-keys to specify properties that uniquely identify list items must make those properties required or have a default value, to ensure those properties are present for all list items. See https://kubernetes.io/docs/reference/using-api/api-concepts/#merge-strategy for details. (#88076, @eloyekunle) [SIG API Machinery and Testing]
• CustomResourceDefinition schemas that use x-kubernetes-list-type: map or x-kubernetes-list-type: set now enable validation that the list items in the corresponding custom resources are unique. (#84920, @sttts) [SIG API Machinery]

To read the full CHANGELOG visit here.

v12.1.2

• fix: Wfix: handle 401 returned by GKE (#154, @tomplus)

v12.1.1

• fix: Watch() raises exceptions for received errors (#151, @tomplus)

v12.1.0

• feat: add function to create objects from dict (#143, @tomplus)
• feat: Increase aiohttp read buffer to 2MiB (#138, @acobHenner)
• fix: Missing create_from_yaml_single_item import (#133, @VideoSystemsTech)
• fix: show warning if config not loaded #127 (#127, @tomplus)

v12.0.1

• fix: remove checking headers if not preloaded content is returned from rest api (#123, @tomplus)

v12.0.0

• feat: regenerate client for Kubernetes API Version: 1.16.14 using OpenAPI 4.3.1
• fix: Removed shlex args mangling (#110, @WoLpH)
• fix: remove redundant close() in Watch class (#119, @tomplus)

API Change:

• Resolve regression in metadata.managedFields handling in update/patch requests submitted by older API clients (#91748, @apelisse) [SIG API Machinery and Testing]
• Fix bug where sending a status update completely wipes managedFields for some types. (#90033, @apelisse) [SIG API Machinery and Testing]
• The MutatingWebhookConfiguration and ValidatingWebhookConfiguration APIs have been promoted to admissionregistration.k8s.io/v1:
  • failurePolicy default changed from Ignore to Fail for v1
  • matchPolicy default changed from Exact to Equivalent for v1
  • timeout default changed from 30s to 10s for v1
  • sideEffects default value is removed, and the field made required, and only None and NoneOnDryRun are permitted for v1
  • admissionReviewVersions default value is removed and the field made required for v1 (supported versions for AdmissionReview are v1 and v1beta1)
  • The name field for specified webhooks must be unique for MutatingWebhookConfiguration and ValidatingWebhookConfiguration objects created via admissionregistration.k8s.io/v1
• The AdmissionReview API sent to and received from admission webhooks has been promoted to admission.k8s.io/v1. Webhooks can specify a preference for receiving v1 AdmissionReview objects with admissionReviewVersions: ["v1","v1beta1"], and must respond with an API object in the same apiVersion they are sent. When webhooks use admission.k8s.io/v1, the following additional validation is performed on their responses:
  • response.patch and response.patchType are not permitted from validating admission webhooks
  • apiVersion: "admission.k8s.io/v1" is required
  • kind: "AdmissionReview" is required
  • response.uid: "<value of request.uid>" is required
  • response.patchType: "JSONPatch" is required (if response.patch is set) (#80231, @liggitt)
• The CustomResourceDefinition API type is promoted to apiextensions.k8s.io/v1 with the following changes:
  • Use of the new default feature in validation schemas is limited to v1
  • spec.scope is no longer defaulted to Namespaced and must be explicitly specified
  • spec.version is removed in v1; use spec.versions instead
  • spec.validation is removed in v1; use spec.versions[*].schema instead
  • spec.subresources is removed in v1; use spec.versions[*].subresources instead
  • spec.additionalPrinterColumns is removed in v1; use spec.versions[*].additionalPrinterColumns instead
  • spec.conversion.webhookClientConfig is moved to spec.conversion.webhook.clientConfig in v1
  • spec.conversion.conversionReviewVersions is moved to spec.conversion.webhook.conversionReviewVersions in v1
  • spec.versions[*].schema.openAPIV3Schema is now required when creating v1 CustomResourceDefinitions
  • spec.preserveUnknownFields: true is disallowed when creating v1 CustomResourceDefinitions; it must be specified within schema definitions as x-kubernetes-preserve-unknown-fields: true
  • In additionalPrinterColumns items, the JSONPath field was renamed to jsonPath in v1 (fixes kubernetes/kubernetes#66531) The apiextensions.k8s.io/v1beta1 version of CustomResourceDefinition is deprecated and will no longer be served in v1.19. (#79604, @liggitt)
• The ConversionReview API sent to and received from custom resource CustomResourceDefinition conversion webhooks has been promoted to apiextensions.k8s.io/v1. CustomResourceDefinition conversion webhooks can now indicate they support receiving and responding with ConversionReview API objects in the apiextensions.k8s.io/v1 version by including v1 in the conversionReviewVersions list in their CustomResourceDefinition. Conversion webhooks must respond with a ConversionReview object in the same apiVersion they receive. apiextensions.k8s.io/v1 ConversionReview responses must specify a response.uid that matches the request.uid of the object they were sent. (#81476, @liggitt)
• Add scheduling support for RuntimeClasses. RuntimeClasses can now specify nodeSelector constraints & tolerations, which are merged into the PodSpec for pods using that RuntimeClass. (#80825, @tallclair)
• Kubelet should now more reliably report the same primary node IP even if the set of node IPs reported by the CloudProvider changes. (#79391, @danwinship)
• Omit nil or empty field when calculating container hash value to avoid hash changed. For a new field with a non-nil default value in the container spec, the hash would still get changed. (#57741, @dixudx)
• Property conditions in apiextensions.v1beta1.CustomResourceDefinitionStatus and apiextensions.v1.CustomResourceDefinitionStatus is now optional instead of required. (#64996, @roycaihw)
• When the status of a CustomResourceDefinition condition changes, its corresponding lastTransitionTime is now updated. (#69655, @CaoShuFeng)

v11.3.0

• fix: watch closes http session (#104, @tomplus)

v11.2.0

• feat: regenerate client against openapi-generator v4.3.0 (context-manager and close function for http client instead of using __del__ method) (#99, @jnschaeffer)

v11.1.0

• feat: add compatability for follow methods (#98, @playground-julia)

v11.0.0

• feat: regenerate library using the latest version of openapi-generator (4.3.x) (gen/#146, @tomplus)
• test: add tests for Python 3.8. (#86, @tomplus)
• fix: prevent installing aiohttp 4.0 and up for now (#88, @sepulworld)
• fix: watch.stream stores resource_version for the next call (#89, @tomplus)
• chore: remove unused path import (#92, @aK0nshin)

API Change:

• Introduce ExtensionsV1beta1RuntimeClassStrategyOptions and PolicyV1beta1RuntimeClassStrategyOptions. Add RuntimeClass restrictions & defaulting to PodSecurityPolicy kubernetes/kubernetes#73795
• Introduce V1WindowsSecurityContextOptions. Add Windows specific options in Pod Security Context and Container Security Context kubernetes/kubernetes#77147
• Split V1beta1Webhook into V1beta1MutatingWebhook and V1beta1ValidatingWebhook kubernetes/kubernetes#78491
• Introduce parameter allow_watch_bookmarks in list options for requesting watch bookmarks from apiserver. The implementation in apiserver is hidden behind feature gate WatchBookmark (currently in Alpha stage) kubernetes/kubernetes#74074
• Add V1DeleteOptions parameters (dry_run, grace_period_seconds, orphan_dependents, propagation_policy) to delete collection APIs kubernetes/kubernetes#77843
• Add ListMeta.RemainingItemCount. When responding a LIST request, if the server has more data available, and if the request does not contain label selectors or field selectors, the server sets the ListOptions.RemainingItemCount to the number of remaining objects kubernetes/kubernetes#75993
• Add controller_expand_secret_ref in V1SecretReference to store CSI volume expansion secrets kubernetes/kubernetes#77516
• Introduce preemption_policy field to V1PriorityClass kubernetes/kubernetes#74614
• Add port configuration to service reference in Admission webhook configuration, AuditSink webhook configuration, CRD Conversion webhook configuration and kube-aggregator kubernetes/kubernetes#74855
• Introduce inline_volume_spec to V1PersistentVolumeSpec kubernetes/kubernetes#77703
• Add fields x_kubernetes_embedded_resource, x_kubernetes_int_or_string, x_kubernetes_preserve_unknown_fields to V1beta1JSONSchemaProps kubernetes/kubernetes#77207

v10.0.1

• fix: when _preload_content=False Websocket Stream returns 401 error (#84, @kexirong)
• fix: e2e tests use apps/v1 api instead of removed extensions/v1beta1 (#85, @tomplus)

v10.0.0

• feat: add create_form_yaml() functionality (#76, @PidgeyBE)
• feat: custom objects can be merged by json-patch (gen/#119, @tomplus)
• fix: parse microseconds in data-time fields (#80, @tomplus)
• feat: upgrade to API spec from Kubernetes 1.14 (#83, @tomplus)

API Change:

• Remove the AdmissionregistrationV1alpha1 API group, containing only the InitializationConfiguration type kubernetes/kubernetes#72972
• Promote Lease API to v1 kubernetes/kubernetes#72239
• The Ingress API is now available via NetworkingV1beta1Api. ExtensionsV1beta1Api Ingress objects are deprecated and will no longer be served in Kubernetes v1.18 kubernetes/kubernetes#74057
• Introduce RuntimeClass to NodeV1alpha1Api and NodeV1beta1Api kubernetes/kubernetes#74433
• Graduate PriorityClass API to GA SchedulingV1Api kubernetes/kubernetes#73555
• Introduce CSINodeInfo and CSIDriver to StorageV1beta1Api kubernetes/kubernetes#74283
• The alpha Initializers feature, admissionregistration.k8s.io/v1alpha1 API version, Initializers admission plugin, and use of the metadata.initializers API field have been removed. Discontinue use of the alpha feature and delete any existing InitializerConfiguration API objects before upgrading. The metadata.initializers field will be removed in a future release. The parameter include_uninitialized has been removed. kubernetes/kubernetes#72972

v9.1.0

• feat: check whether an object key is present on watch (#71, @mickours)
• feat: merging kubeconfig files (#69, @tomplus)

v9.0.0

• feat: switch to openapi-generator (#58, @tomplus)
• feat: add fieldSelector parameter to list/watch methods in custom objects spec (gen/#106)
• feat: upgrade to API spec from Kubernetes 1.13 (#58, @tomplus)

Breaking Changes:

• Model v1beta1WebhookClientConfig is renamed to AdmissionregistrationV1beta1WebhookClientConfig, to avoid naming conflict with ApiextensionsV1beta1WebhookClientConfig introduced in: kubernetes/kubernetes#67006
• Delete request's body parameter is optional kubernetes/kubernetes#70032

v8.1.0

• feat: watch improvement (context manager, close method) (#61, @hubo1016)

v8.0.3

• fix: use yaml.safe_load, yaml.safe_dump for security reasons (#57, @tomplus)

v8.0.2

• feat: remove dependency to urllib3 from kube_config, pin urlllib>=1.23 due to CVE-2018-20060 (#56, @tomplus)

v8.0.1

• fix: kubeconfig loading failure when server uri contains trailing slash (#53, @tomplus)
• feat: regenerate client with thread-pool optimization (#54, @tomplus)

v8.0.0

• feat: upgrade to API spec from Kubernetes 1.12 (#50, @tomplus)

v7.0.0

• first stable release 7.0.0

v1.0.0-beta9

• fix: option verify-ssl impacts on server certs only (#46, @tomplus)

v1.0.0-beta8

• feat: add debug logs to KubeConfigLoader (#45, @tomplus)
• feat: exec-plugins support in kubeconfig (#44, @tomplus)
• fix: read config data with bytes (python3) (#41, @tomplus)

v1.0.0-beta7

• feat: add OIDC auth support (#36, @bpicolo)

v1.0.0-beta6

• feat: regenerate with latest client gen to get custom object status scale api (#37, @juliantaylor)
• fix: handling timeout by watch loop (#39, @tomplus)

v1.0.0-beta5

• feat: upgrade to spec from Kuberentes 1.11 (#34, @tomplus)

v1.0.0-beta4

• fix: aiohttp with verify_ssl=False (#33, @bpicolo)

v1.0.0-beta3

• feat: watch work forever if timeout is not specified (#30, @tomplus)

v1.0.0-beta2

• feat: support Python 3.7 (#28, @tomplus)

v1.0.0-beta1

• feat: make function load_kube_config asynchronous
• feat: function to auto-refresh gke token
• feat: remove synchronous libraries from dependencies

v1.0.0-alpha4

• feat: watch stops the iterator for empty responses and do not process ERROR responses (#22, @olitheolix)
• feat: replace urllib3 by http.client in e2e initializer (#20, @tomplus)
• feat: new example - tail.py (#19, @tomplus)
• feat: new example - simultaneously watch multiple event streams without threads (#13, @olitheolix)
• fix: fix few typos in setup.py (#18, @evemorgen)
• fix: requirement for requests and urllib3 version (#16, @tomplus)

v1.0.0-alpha3

• fix e2e and unit tests
• fix Watch, Stream

v1.0.0-alpha2

• fix requirements.txt

v1.0.0-alpha1

• first release