Kubernetes - v1.30.0-alpha.2
Changelog since v1.30.0-alpha.1
Changes by Kind
Deprecation
- Removed the
SecurityContextDeny
admission plugin, deprecated since v1.27. The Pod Security Admission plugin, available since v1.25, is recommended instead. See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#securitycontextdeny for more information. (#122612, @mtardy) [SIG Auth, Security and Testing]
API Change
- Updated an audit annotation key used by the
…/serviceaccounts/<name>/token
resource handler.
The annotation used to persist the issued credential identifier is nowauthentication.kubernetes.io/issued-credential-id
. (#123098, @munnerz) [SIG Auth]
Feature
- Add apiserver.latency.k8s.io/decode-response-object annotation to the audit log to record the decoding time (#121512, @HirazawaUi) [SIG API Machinery]
- Added apiserver_encryption_config_controller_automatic_reloads_total to measure total number of reload successes and failures of encryption configuration. This metric contains the
status
label with enum value ofsuccess
andfailure
. - Allow a zero value for the 'nominalConcurrencyShares' field of the PriorityLevelConfiguration object
either using the flowcontrol.apiserver.k8s.io/v1 or flowcontrol.apiserver.k8s.io/v1beta3 API (#123001, @tkashem) [SIG API Machinery] - Graduated support for passing dual-stack
kubelet --node-ip
values when using
a cloud provider. The feature is now GA and theCloudDualStackNodeIPs
feature
gate is always enabled. (#123134, @danwinship) [SIG API Machinery, Cloud Provider and Node] - Kubernetes is now built with go 1.22 (#123217, @cpanato) [SIG Release and Testing]
- The scheduler retries Pods, which are failed by nodevolumelimits due to not found PVCs, only when new PVCs are added. (#121952, @sanposhiho) [SIG Scheduling and Storage]
- Update distroless-iptables to v0.5.0 debian-base to bookworm-v1.0.1 and setcap to bookworm-v1.0.1 (#123170, @cpanato) [SIG API Machinery, Architecture, Cloud Provider, Release, Storage and Testing]
- Users can traverse all the pods that are in the scheduler and waiting in the permit stage through method
IterateOverWaitingPods
. In other words, all waitingPods in scheduler can be obtained from any profiles. Before this commit, each profile could only obtain waitingPods within that profile. (#122946, @NoicFank) [SIG Scheduling] - ValidatingAdmissionPolicy now supports type checking policies that make use of
variables
. (#123083, @jiahuif) [SIG API Machinery]
Bug or Regression
- Fix Pod stuck in Terminating because of GenerateUnmapVolumeFunc missing globalUnmapPath when kubelet tries to clean up all volumes that failed reconstruction. (#123032, @carlory) [SIG Storage]
- Fix deprecated version for pod_scheduling_duration_seconds that caused the metric to be hidden by default in 1.29. (#123038, @alculquicondor) [SIG Instrumentation and Scheduling]
- Fix error when trying to expand a volume that does not require node expansion (#123055, @gnufied) [SIG Node and Storage]
- Fix the following volume plugins may not create user visible files after kubelet was restarted.
- configmap
- secret
- projected
- downwardapi (#122807, @carlory) [SIG Storage]
- Fixed cleanup of Pod volume mounts when a file was used as a subpath. (#123052, @jsafrane) [SIG Node]
- Fixes an issue calculating total CPU usage reported for Windows nodes (#122999, @marosset) [SIG Node and Windows]
- Fixing issue where AvailableBytes sometimes does not report correctly on WindowsNodes when PodAndContainerStatsFromCRI feature is enabled. (#122846, @marosset) [SIG Node and Windows]
- Kubeadm: do not upload kubelet patch configuration into
kube-system/kubelet-config
ConfigMap (#123093, @SataQiu) [SIG Cluster Lifecycle] - Kubeadm: fix a bug where the --rootfs global flag does not work with "kubeadm upgrade node" for control plane nodes. (#123077, @neolit123) [SIG Cluster Lifecycle]
- Kubeadm: kubelet-finalize phase of "kubeadm init" no longer requires kubelet kubeconfig to have a specific authinfo (#123171, @vrutkovs) [SIG Cluster Lifecycle]
- Show enum values in kubectl explain if they were defined (#123023, @ah8ad3) [SIG CLI]
Other (Cleanup or Flake)
- Build etcd image v3.5.12 (#123069, @bzsuni) [SIG API Machinery and Etcd]
- Fix registered wildcard clusterEvents doesn't work in scheduler requeueing. (#123117, @kerthcet) [SIG Scheduling]
- Promote feature-gate LegacyServiceAccountTokenCleanUp to GA and lock to default (#122635, @carlory) [SIG API Machinery, Auth and Testing]
- Update etcd to version 3.5.12 (#123150, @bzsuni) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing]
Dependencies
Added
Changed
- github.com/opencontainers/runc: v1.1.11 → v1.1.12
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.28.0 → v0.29.0
Removed
Nothing has changed.
Details
date
Feb. 14, 2024, 5:11 a.m.
name
Kubernetes v1.30.0-alpha.2
type
Pre-release
👇
Register or login to:
- 🔍View and search all Kubernetes releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!