Kubernetes - v1.28.0-alpha.2

Changelog since v1.28.0-alpha.1

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• CephFS volume plugin ( kubernetes.io/cephfs) has been deprecated in this release and will be removed in a subsequent release. Alternative is to use CephFS CSI driver (https://github.com/ceph/ceph-csi/) in your Kubernetes Cluster. (#118143, @humblec) [SIG Storage]

Changes by Kind

Feature

• Introduce support for CEL optionals (see CEL spec proposal 246).
  This feature will not be fully enabled until a future Kubernetes release (likely to be v1.29), but is added in v1.28 to enable
  safe rollback on downgrade. (#118339, @jpbetz) [SIG API Machinery, Auth, Cloud Provider and Testing]
• Kubernetes is now built with Go 1.20.5 (#118507, @jeremyrickard) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Storage and Testing]
• Promote ServiceNodePortStaticSubrange to beta and it will be enabled by default (#117877, @xuzhenglun) [SIG Network]
• The ExpandedDNSConfig feature has graduated to GA. 'ExpandedDNSConfig' feature was locked to default value and will be removed in v1.30. If you were setting this feature gate explicitly, please remove it now. (#116741, @gjkim42) [SIG Apps, Network and Node]
• The helping message of commands which have sub-commands is now clearer and more instructive. It will show the full command instead of 'kubectl --help ...'

Changed 'kubectl create secret --help' description. There will be a short introduction to the three secret types and clearer guidance on how to use the command. (#117930, @LronDC) [SIG CLI and Testing]
- Updated distroless I-tables to use registry.k8s.io/build-image/distroless-iptables:v0.2.5 (#118541, @jeremyrickard) [SIG Testing]

Bug or Regression

• Compute the backoff delay more accurately for deleted pods (#118413, @mimowo) [SIG Apps]
• Ensure Job status updates are batched by 1s. This fixes an unlikely scenario when a sequence of immediately
  completing pods could trigger a sequence of non-batched Job status updates. (#118470, @mimowo) [SIG Apps]
• Fix a race condition in kube-proxy when using LocalModeNodeCIDR to avoid dropping Services traffic if the object node is recreated when kube-proxy is starting (#118499, @aojea) [SIG Network]
• Fixed a race condition between Run() and SetTransform() and SetWatchErrorHandler() in shared informers. (#117870, @howardjohn) [SIG API Machinery]
• Fixes bug where explain was not properly respecting jsonpaths (#115694, @mpuckett159) [SIG CLI]
• Kubelet: print sorted volumes message in events (#117079, @qingwave) [SIG Node]

Other (Cleanup or Flake)

• E2e framework: the node-role.kubernetes.io/master taint has been removed from the default value of --non-blocking-taints flag. You may need to set --non-blocking-taints explicitly if the cluster to be tested has nodes with the deprecated node-role.kubernetes.io/master taint. (#118510, @SataQiu) [SIG Testing]
• Kube-apiserver adds two new alpha metrics conversion_webhook_request_total and conversion_webhook_duration_seconds that allow users to monitor requests to CRD conversion webhooks, split by result, and failure_type (In case of failure). (#118292, @cchapla) [SIG API Machinery, Architecture and Instrumentation]
• Moved k8s.io/kubernetes/pkg/kubelet/cri/streaming package to k8s.io/kubelet/pkg/cri/streaming. (#118253, @saschagrunert) [SIG Node, Release and Security]
• OpenAPI proto deserializations should use gnostic-models instead of the gnostic library (#118384, @Jefftree) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Instrumentation, Node, Storage and Testing]
• [KCCM] drop filtering nodes for the providerID when syncing load balancers, but have changes to the field trigger a re-sync of load balancers. This should ensure that cloud providers which don't specify providerID, can still use the service controller implementation to provision load balancers. (#117602, @alexanderConstantinescu) [SIG Cloud Provider and Network]

Dependencies

Added

• github.com/antlr/antlr4/runtime/Go/antlr/v4: 8188dc5
• github.com/google/gnostic-models: v0.6.8

Changed

• github.com/dustin/go-humanize: v1.0.0 → v1.0.1
• github.com/evanphx/json-patch: v4.12.0+incompatible → v5.6.0+incompatible
• github.com/go-openapi/jsonreference: v0.20.1 → v0.20.2
• github.com/google/cel-go: v0.12.6 → v0.16.0
• github.com/mitchellh/mapstructure: v1.4.1 → v1.1.2
• go.starlark.net: 8dd3e2e → a134d8f
• golang.org/x/exp: 6cc2880 → a9213ee
• golang.org/x/sys: v0.7.0 → v0.8.0
• k8s.io/kube-openapi: 7828149 → 7562a10
• sigs.k8s.io/kustomize/api: v0.13.2 → 6ce0bf3
• sigs.k8s.io/kustomize/cmd/config: v0.11.1 → v0.11.2
• sigs.k8s.io/kustomize/kustomize/v5: v5.0.1 → 6ce0bf3
• sigs.k8s.io/kustomize/kyaml: v0.14.1 → 6ce0bf3

Removed

• github.com/antlr/antlr4/runtime/Go/antlr: v1.4.10
• github.com/docopt/docopt-go: ee0de3b
• github.com/google/gnostic: v0.5.7-v3refs