Kubernetes - v1.30.0-alpha.2

Changelog since v1.30.0-alpha.1

Changes by Kind

Deprecation

  • Removed the SecurityContextDeny admission plugin, deprecated since v1.27. The Pod Security Admission plugin, available since v1.25, is recommended instead. See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#securitycontextdeny for more information. (#122612, @mtardy) [SIG Auth, Security and Testing]

API Change

  • Updated an audit annotation key used by the …/serviceaccounts/<name>/token resource handler.
    The annotation used to persist the issued credential identifier is now authentication.kubernetes.io/issued-credential-id. (#123098, @munnerz) [SIG Auth]

Feature

  • Add apiserver.latency.k8s.io/decode-response-object annotation to the audit log to record the decoding time (#121512, @HirazawaUi) [SIG API Machinery]
  • Added apiserver_encryption_config_controller_automatic_reloads_total to measure total number of reload successes and failures of encryption configuration. This metric contains the status label with enum value of success and failure.
    • Deprecated apiserver_encryption_config_controller_automatic_reload_success_total and apiserver_encryption_config_controller_automatic_reload_failure_total metrics. Use apiserver_encryption_config_controller_automatic_reloads_total instead. (#123179, @aramase) [SIG API Machinery, Auth and Testing]
  • Allow a zero value for the 'nominalConcurrencyShares' field of the PriorityLevelConfiguration object
    either using the flowcontrol.apiserver.k8s.io/v1 or flowcontrol.apiserver.k8s.io/v1beta3 API (#123001, @tkashem) [SIG API Machinery]
  • Graduated support for passing dual-stack kubelet --node-ip values when using
    a cloud provider. The feature is now GA and the CloudDualStackNodeIPs feature
    gate is always enabled. (#123134, @danwinship) [SIG API Machinery, Cloud Provider and Node]
  • Kubernetes is now built with go 1.22 (#123217, @cpanato) [SIG Release and Testing]
  • The scheduler retries Pods, which are failed by nodevolumelimits due to not found PVCs, only when new PVCs are added. (#121952, @sanposhiho) [SIG Scheduling and Storage]
  • Update distroless-iptables to v0.5.0 debian-base to bookworm-v1.0.1 and setcap to bookworm-v1.0.1 (#123170, @cpanato) [SIG API Machinery, Architecture, Cloud Provider, Release, Storage and Testing]
  • Users can traverse all the pods that are in the scheduler and waiting in the permit stage through method IterateOverWaitingPods. In other words, all waitingPods in scheduler can be obtained from any profiles. Before this commit, each profile could only obtain waitingPods within that profile. (#122946, @NoicFank) [SIG Scheduling]
  • ValidatingAdmissionPolicy now supports type checking policies that make use of variables. (#123083, @jiahuif) [SIG API Machinery]

Bug or Regression

  • Fix Pod stuck in Terminating because of GenerateUnmapVolumeFunc missing globalUnmapPath when kubelet tries to clean up all volumes that failed reconstruction. (#123032, @carlory) [SIG Storage]
  • Fix deprecated version for pod_scheduling_duration_seconds that caused the metric to be hidden by default in 1.29. (#123038, @alculquicondor) [SIG Instrumentation and Scheduling]
  • Fix error when trying to expand a volume that does not require node expansion (#123055, @gnufied) [SIG Node and Storage]
  • Fix the following volume plugins may not create user visible files after kubelet was restarted.
  • configmap
  • secret
  • projected
  • downwardapi (#122807, @carlory) [SIG Storage]
  • Fixed cleanup of Pod volume mounts when a file was used as a subpath. (#123052, @jsafrane) [SIG Node]
  • Fixes an issue calculating total CPU usage reported for Windows nodes (#122999, @marosset) [SIG Node and Windows]
  • Fixing issue where AvailableBytes sometimes does not report correctly on WindowsNodes when PodAndContainerStatsFromCRI feature is enabled. (#122846, @marosset) [SIG Node and Windows]
  • Kubeadm: do not upload kubelet patch configuration into kube-system/kubelet-config ConfigMap (#123093, @SataQiu) [SIG Cluster Lifecycle]
  • Kubeadm: fix a bug where the --rootfs global flag does not work with "kubeadm upgrade node" for control plane nodes. (#123077, @neolit123) [SIG Cluster Lifecycle]
  • Kubeadm: kubelet-finalize phase of "kubeadm init" no longer requires kubelet kubeconfig to have a specific authinfo (#123171, @vrutkovs) [SIG Cluster Lifecycle]
  • Show enum values in kubectl explain if they were defined (#123023, @ah8ad3) [SIG CLI]

Other (Cleanup or Flake)

  • Build etcd image v3.5.12 (#123069, @bzsuni) [SIG API Machinery and Etcd]
  • Fix registered wildcard clusterEvents doesn't work in scheduler requeueing. (#123117, @kerthcet) [SIG Scheduling]
  • Promote feature-gate LegacyServiceAccountTokenCleanUp to GA and lock to default (#122635, @carlory) [SIG API Machinery, Auth and Testing]
  • Update etcd to version 3.5.12 (#123150, @bzsuni) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing]

Dependencies

Added

  • github.com/fxamacker/cbor/v2: v2.5.0
  • github.com/x448/float16: v0.8.4

Changed

  • github.com/opencontainers/runc: v1.1.11 → v1.1.12
  • sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.28.0 → v0.29.0

Removed

Nothing has changed.

Details

date
Feb. 14, 2024, 5:11 a.m.
name
Kubernetes v1.30.0-alpha.2
type
Pre-release
official page
https://github.com/kubernetes/kubernetes/releases/tag/v1.30.0-alpha.2
👇
Register or login to:
  • 🔍View and search all Kubernetes releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or