k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/CHANGELOG/CHANGELOG-1.25.md (about) 1 <!-- BEGIN MUNGE: GENERATED_TOC --> 2 3 - [v1.25.16](#v12516) 4 - [Downloads for v1.25.16](#downloads-for-v12516) 5 - [Source Code](#source-code) 6 - [Client Binaries](#client-binaries) 7 - [Server Binaries](#server-binaries) 8 - [Node Binaries](#node-binaries) 9 - [Container Images](#container-images) 10 - [Changelog since v1.25.15](#changelog-since-v12515) 11 - [Important Security Information](#important-security-information) 12 - [CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes](#cve-2023-5528-insufficient-input-sanitization-in-in-tree-storage-plugin-leads-to-privilege-escalation-on-windows-nodes) 13 - [Dependencies](#dependencies) 14 - [Added](#added) 15 - [Changed](#changed) 16 - [Removed](#removed) 17 - [v1.25.15](#v12515) 18 - [Downloads for v1.25.15](#downloads-for-v12515) 19 - [Source Code](#source-code-1) 20 - [Client Binaries](#client-binaries-1) 21 - [Server Binaries](#server-binaries-1) 22 - [Node Binaries](#node-binaries-1) 23 - [Container Images](#container-images-1) 24 - [Changelog since v1.25.14](#changelog-since-v12514) 25 - [Changes by Kind](#changes-by-kind) 26 - [Feature](#feature) 27 - [Bug or Regression](#bug-or-regression) 28 - [Other (Cleanup or Flake)](#other-cleanup-or-flake) 29 - [Dependencies](#dependencies-1) 30 - [Added](#added-1) 31 - [Changed](#changed-1) 32 - [Removed](#removed-1) 33 - [v1.25.14](#v12514) 34 - [Downloads for v1.25.14](#downloads-for-v12514) 35 - [Source Code](#source-code-2) 36 - [Client Binaries](#client-binaries-2) 37 - [Server Binaries](#server-binaries-2) 38 - [Node Binaries](#node-binaries-2) 39 - [Container Images](#container-images-2) 40 - [Changelog since v1.25.13](#changelog-since-v12513) 41 - [Changes by Kind](#changes-by-kind-1) 42 - [API Change](#api-change) 43 - [Feature](#feature-1) 44 - [Bug or Regression](#bug-or-regression-1) 45 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) 46 - [Dependencies](#dependencies-2) 47 - [Added](#added-2) 48 - [Changed](#changed-2) 49 - [Removed](#removed-2) 50 - [v1.25.13](#v12513) 51 - [Downloads for v1.25.13](#downloads-for-v12513) 52 - [Source Code](#source-code-3) 53 - [Client Binaries](#client-binaries-3) 54 - [Server Binaries](#server-binaries-3) 55 - [Node Binaries](#node-binaries-3) 56 - [Container Images](#container-images-3) 57 - [Changelog since v1.25.12](#changelog-since-v12512) 58 - [Important Security Information](#important-security-information-1) 59 - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation) 60 - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation) 61 - [Changes by Kind](#changes-by-kind-2) 62 - [Feature](#feature-2) 63 - [Bug or Regression](#bug-or-regression-2) 64 - [Dependencies](#dependencies-3) 65 - [Added](#added-3) 66 - [Changed](#changed-3) 67 - [Removed](#removed-3) 68 - [v1.25.12](#v12512) 69 - [Downloads for v1.25.12](#downloads-for-v12512) 70 - [Source Code](#source-code-4) 71 - [Client Binaries](#client-binaries-4) 72 - [Server Binaries](#server-binaries-4) 73 - [Node Binaries](#node-binaries-4) 74 - [Container Images](#container-images-4) 75 - [Changelog since v1.25.11](#changelog-since-v12511) 76 - [Changes by Kind](#changes-by-kind-3) 77 - [Feature](#feature-3) 78 - [Bug or Regression](#bug-or-regression-3) 79 - [Dependencies](#dependencies-4) 80 - [Added](#added-4) 81 - [Changed](#changed-4) 82 - [Removed](#removed-4) 83 - [v1.25.11](#v12511) 84 - [Downloads for v1.25.11](#downloads-for-v12511) 85 - [Source Code](#source-code-5) 86 - [Client Binaries](#client-binaries-5) 87 - [Server Binaries](#server-binaries-5) 88 - [Node Binaries](#node-binaries-5) 89 - [Container Images](#container-images-5) 90 - [Changelog since v1.25.10](#changelog-since-v12510) 91 - [Important Security Information](#important-security-information-2) 92 - [CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2023-2728-bypassing-enforce-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin) 93 - [Changes by Kind](#changes-by-kind-4) 94 - [Feature](#feature-4) 95 - [Bug or Regression](#bug-or-regression-4) 96 - [Dependencies](#dependencies-5) 97 - [Added](#added-5) 98 - [Changed](#changed-5) 99 - [Removed](#removed-5) 100 - [v1.25.10](#v12510) 101 - [Downloads for v1.25.10](#downloads-for-v12510) 102 - [Source Code](#source-code-6) 103 - [Client Binaries](#client-binaries-6) 104 - [Server Binaries](#server-binaries-6) 105 - [Node Binaries](#node-binaries-6) 106 - [Container Images](#container-images-6) 107 - [Changelog since v1.25.9](#changelog-since-v1259) 108 - [Changes by Kind](#changes-by-kind-5) 109 - [API Change](#api-change-1) 110 - [Feature](#feature-5) 111 - [Bug or Regression](#bug-or-regression-5) 112 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) 113 - [Dependencies](#dependencies-6) 114 - [Added](#added-6) 115 - [Changed](#changed-6) 116 - [Removed](#removed-6) 117 - [v1.25.9](#v1259) 118 - [Downloads for v1.25.9](#downloads-for-v1259) 119 - [Source Code](#source-code-7) 120 - [Client Binaries](#client-binaries-7) 121 - [Server Binaries](#server-binaries-7) 122 - [Node Binaries](#node-binaries-7) 123 - [Container Images](#container-images-7) 124 - [Changelog since v1.25.8](#changelog-since-v1258) 125 - [Changes by Kind](#changes-by-kind-6) 126 - [Feature](#feature-6) 127 - [Bug or Regression](#bug-or-regression-6) 128 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) 129 - [Dependencies](#dependencies-7) 130 - [Added](#added-7) 131 - [Changed](#changed-7) 132 - [Removed](#removed-7) 133 - [v1.25.8](#v1258) 134 - [Downloads for v1.25.8](#downloads-for-v1258) 135 - [Source Code](#source-code-8) 136 - [Client Binaries](#client-binaries-8) 137 - [Server Binaries](#server-binaries-8) 138 - [Node Binaries](#node-binaries-8) 139 - [Container Images](#container-images-8) 140 - [Changelog since v1.25.7](#changelog-since-v1257) 141 - [Changes by Kind](#changes-by-kind-7) 142 - [Feature](#feature-7) 143 - [Bug or Regression](#bug-or-regression-7) 144 - [Dependencies](#dependencies-8) 145 - [Added](#added-8) 146 - [Changed](#changed-8) 147 - [Removed](#removed-8) 148 - [v1.25.7](#v1257) 149 - [Downloads for v1.25.7](#downloads-for-v1257) 150 - [Source Code](#source-code-9) 151 - [Client Binaries](#client-binaries-9) 152 - [Server Binaries](#server-binaries-9) 153 - [Node Binaries](#node-binaries-9) 154 - [Container Images](#container-images-9) 155 - [Changelog since v1.25.6](#changelog-since-v1256) 156 - [Changes by Kind](#changes-by-kind-8) 157 - [Feature](#feature-8) 158 - [Bug or Regression](#bug-or-regression-8) 159 - [Dependencies](#dependencies-9) 160 - [Added](#added-9) 161 - [Changed](#changed-9) 162 - [Removed](#removed-9) 163 - [v1.25.6](#v1256) 164 - [Downloads for v1.25.6](#downloads-for-v1256) 165 - [Source Code](#source-code-10) 166 - [Client Binaries](#client-binaries-10) 167 - [Server Binaries](#server-binaries-10) 168 - [Node Binaries](#node-binaries-10) 169 - [Container Images](#container-images-10) 170 - [Changelog since v1.25.5](#changelog-since-v1255) 171 - [Changes by Kind](#changes-by-kind-9) 172 - [Feature](#feature-9) 173 - [Bug or Regression](#bug-or-regression-9) 174 - [Dependencies](#dependencies-10) 175 - [Added](#added-10) 176 - [Changed](#changed-10) 177 - [Removed](#removed-10) 178 - [v1.25.5](#v1255) 179 - [Downloads for v1.25.5](#downloads-for-v1255) 180 - [Source Code](#source-code-11) 181 - [Client Binaries](#client-binaries-11) 182 - [Server Binaries](#server-binaries-11) 183 - [Node Binaries](#node-binaries-11) 184 - [Container Images](#container-images-11) 185 - [Changelog since v1.25.4](#changelog-since-v1254) 186 - [Changes by Kind](#changes-by-kind-10) 187 - [Feature](#feature-10) 188 - [Bug or Regression](#bug-or-regression-10) 189 - [Dependencies](#dependencies-11) 190 - [Added](#added-11) 191 - [Changed](#changed-11) 192 - [Removed](#removed-11) 193 - [v1.25.4](#v1254) 194 - [Downloads for v1.25.4](#downloads-for-v1254) 195 - [Source Code](#source-code-12) 196 - [Client Binaries](#client-binaries-12) 197 - [Server Binaries](#server-binaries-12) 198 - [Node Binaries](#node-binaries-12) 199 - [Container Images](#container-images-12) 200 - [Changelog since v1.25.3](#changelog-since-v1253) 201 - [Important Security Information](#important-security-information-3) 202 - [CVE-2022-3162: Unauthorized read of Custom Resources](#cve-2022-3162-unauthorized-read-of-custom-resources) 203 - [CVE-2022-3294: Node address isn't always verified when proxying](#cve-2022-3294-node-address-isnt-always-verified-when-proxying) 204 - [Changes by Kind](#changes-by-kind-11) 205 - [API Change](#api-change-2) 206 - [Feature](#feature-11) 207 - [Bug or Regression](#bug-or-regression-11) 208 - [Dependencies](#dependencies-12) 209 - [Added](#added-12) 210 - [Changed](#changed-12) 211 - [Removed](#removed-12) 212 - [v1.25.3](#v1253) 213 - [Downloads for v1.25.3](#downloads-for-v1253) 214 - [Source Code](#source-code-13) 215 - [Client Binaries](#client-binaries-13) 216 - [Server Binaries](#server-binaries-13) 217 - [Node Binaries](#node-binaries-13) 218 - [Container Images](#container-images-13) 219 - [Changelog since v1.25.2](#changelog-since-v1252) 220 - [Changes by Kind](#changes-by-kind-12) 221 - [Feature](#feature-12) 222 - [Bug or Regression](#bug-or-regression-12) 223 - [Dependencies](#dependencies-13) 224 - [Added](#added-13) 225 - [Changed](#changed-13) 226 - [Removed](#removed-13) 227 - [v1.25.2](#v1252) 228 - [Downloads for v1.25.2](#downloads-for-v1252) 229 - [Source Code](#source-code-14) 230 - [Client Binaries](#client-binaries-14) 231 - [Server Binaries](#server-binaries-14) 232 - [Node Binaries](#node-binaries-14) 233 - [Container Images](#container-images-14) 234 - [Changelog since v1.25.1](#changelog-since-v1251) 235 - [Changes by Kind](#changes-by-kind-13) 236 - [Bug or Regression](#bug-or-regression-13) 237 - [Dependencies](#dependencies-14) 238 - [Added](#added-14) 239 - [Changed](#changed-14) 240 - [Removed](#removed-14) 241 - [v1.25.1](#v1251) 242 - [Downloads for v1.25.1](#downloads-for-v1251) 243 - [Source Code](#source-code-15) 244 - [Client Binaries](#client-binaries-15) 245 - [Server Binaries](#server-binaries-15) 246 - [Node Binaries](#node-binaries-15) 247 - [Container Images](#container-images-15) 248 - [Changelog since v1.25.0](#changelog-since-v1250) 249 - [Important Security Information](#important-security-information-4) 250 - [CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)](#cve-2022-3172-aggregated-api-server-can-cause-clients-to-be-redirected-ssrf) 251 - [Changes by Kind](#changes-by-kind-14) 252 - [API Change](#api-change-3) 253 - [Feature](#feature-13) 254 - [Bug or Regression](#bug-or-regression-14) 255 - [Dependencies](#dependencies-15) 256 - [Added](#added-15) 257 - [Changed](#changed-15) 258 - [Removed](#removed-15) 259 - [v1.25.0](#v1250) 260 - [Downloads for v1.25.0](#downloads-for-v1250) 261 - [Source Code](#source-code-16) 262 - [Client Binaries](#client-binaries-16) 263 - [Server Binaries](#server-binaries-16) 264 - [Node Binaries](#node-binaries-16) 265 - [Container Images](#container-images-16) 266 - [Changelog since v1.24.0](#changelog-since-v1240) 267 - [What's New (Major Themes)](#whats-new-major-themes) 268 - [PodSecurityPolicy is Removed, Pod Security Admission graduates to Stable](#podsecuritypolicy-is-removed-pod-security-admission-graduates-to-stable) 269 - [Ephemeral Containers Graduate to Stable](#ephemeral-containers-graduate-to-stable) 270 - [Support for cgroups v2 Graduates to Stable](#support-for-cgroups-v2-graduates-to-stable) 271 - [Windows support improved](#windows-support-improved) 272 - [Moved container registry service from k8s.gcr.io to registry.k8s.io](#moved-container-registry-service-from-k8sgcrio-to-registryk8sio) 273 - [Promoted SeccompDefault to Beta](#promoted-seccompdefault-to-beta) 274 - [Promoted endPort in Network Policy to Stable](#promoted-endport-in-network-policy-to-stable) 275 - [Promoted Local Ephemeral Storage Capacity Isolation to Stable](#promoted-local-ephemeral-storage-capacity-isolation-to-stable) 276 - [Promoted core CSI Migration to Stable](#promoted-core-csi-migration-to-stable) 277 - [Promoted CSI Ephemeral Volume to Stable](#promoted-csi-ephemeral-volume-to-stable) 278 - [Promoted CRD Validation Expression Language to Beta](#promoted-crd-validation-expression-language-to-beta) 279 - [Promoted Server Side Unknown Field Validation to Beta](#promoted-server-side-unknown-field-validation-to-beta) 280 - [Introduced KMS v2](#introduced-kms-v2) 281 - [Kube-proxy images are now based on distroless images](#kube-proxy-images-are-now-based-on-distroless-images) 282 - [Known Issues](#known-issues) 283 - [LocalStorageCapacityIsolationFSQuotaMonitoring ConfigMap rendering failure](#localstoragecapacityisolationfsquotamonitoring-configmap-rendering-failure) 284 - [Urgent Upgrade Notes](#urgent-upgrade-notes) 285 - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) 286 - [Changes by Kind](#changes-by-kind-15) 287 - [Deprecation](#deprecation) 288 - [API Change](#api-change-4) 289 - [Feature](#feature-14) 290 - [Documentation](#documentation) 291 - [Failing Test](#failing-test) 292 - [Bug or Regression](#bug-or-regression-15) 293 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) 294 - [Dependencies](#dependencies-16) 295 - [Added](#added-16) 296 - [Changed](#changed-16) 297 - [Removed](#removed-16) 298 - [v1.25.0-rc.1](#v1250-rc1) 299 - [Downloads for v1.25.0-rc.1](#downloads-for-v1250-rc1) 300 - [Source Code](#source-code-17) 301 - [Client Binaries](#client-binaries-17) 302 - [Server Binaries](#server-binaries-17) 303 - [Node Binaries](#node-binaries-17) 304 - [Container Images](#container-images-17) 305 - [Changelog since v1.25.0-rc.0](#changelog-since-v1250-rc0) 306 - [Changes by Kind](#changes-by-kind-16) 307 - [Documentation](#documentation-1) 308 - [Bug or Regression](#bug-or-regression-16) 309 - [Dependencies](#dependencies-17) 310 - [Added](#added-17) 311 - [Changed](#changed-17) 312 - [Removed](#removed-17) 313 - [v1.25.0-rc.0](#v1250-rc0) 314 - [Downloads for v1.25.0-rc.0](#downloads-for-v1250-rc0) 315 - [Source Code](#source-code-18) 316 - [Client Binaries](#client-binaries-18) 317 - [Server Binaries](#server-binaries-18) 318 - [Node Binaries](#node-binaries-18) 319 - [Container Images](#container-images-18) 320 - [Changelog since v1.25.0-beta.0](#changelog-since-v1250-beta0) 321 - [Changes by Kind](#changes-by-kind-17) 322 - [API Change](#api-change-5) 323 - [Bug or Regression](#bug-or-regression-17) 324 - [Dependencies](#dependencies-18) 325 - [Added](#added-18) 326 - [Changed](#changed-18) 327 - [Removed](#removed-18) 328 - [v1.25.0-beta.0](#v1250-beta0) 329 - [Downloads for v1.25.0-beta.0](#downloads-for-v1250-beta0) 330 - [Source Code](#source-code-19) 331 - [Client Binaries](#client-binaries-19) 332 - [Server Binaries](#server-binaries-19) 333 - [Node Binaries](#node-binaries-19) 334 - [Container Images](#container-images-19) 335 - [Changelog since v1.25.0-alpha.3](#changelog-since-v1250-alpha3) 336 - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) 337 - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) 338 - [Changes by Kind](#changes-by-kind-18) 339 - [Deprecation](#deprecation-1) 340 - [API Change](#api-change-6) 341 - [Feature](#feature-15) 342 - [Bug or Regression](#bug-or-regression-18) 343 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) 344 - [Dependencies](#dependencies-19) 345 - [Added](#added-19) 346 - [Changed](#changed-19) 347 - [Removed](#removed-19) 348 - [v1.25.0-alpha.3](#v1250-alpha3) 349 - [Downloads for v1.25.0-alpha.3](#downloads-for-v1250-alpha3) 350 - [Source Code](#source-code-20) 351 - [Client Binaries](#client-binaries-20) 352 - [Server Binaries](#server-binaries-20) 353 - [Node Binaries](#node-binaries-20) 354 - [Container Images](#container-images-20) 355 - [Changelog since v1.25.0-alpha.2](#changelog-since-v1250-alpha2) 356 - [Urgent Upgrade Notes](#urgent-upgrade-notes-2) 357 - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-2) 358 - [Changes by Kind](#changes-by-kind-19) 359 - [Deprecation](#deprecation-2) 360 - [API Change](#api-change-7) 361 - [Feature](#feature-16) 362 - [Documentation](#documentation-2) 363 - [Bug or Regression](#bug-or-regression-19) 364 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) 365 - [Dependencies](#dependencies-20) 366 - [Added](#added-20) 367 - [Changed](#changed-20) 368 - [Removed](#removed-20) 369 - [v1.25.0-alpha.2](#v1250-alpha2) 370 - [Downloads for v1.25.0-alpha.2](#downloads-for-v1250-alpha2) 371 - [Source Code](#source-code-21) 372 - [Client Binaries](#client-binaries-21) 373 - [Server Binaries](#server-binaries-21) 374 - [Node Binaries](#node-binaries-21) 375 - [Container Images](#container-images-21) 376 - [Changelog since v1.25.0-alpha.1](#changelog-since-v1250-alpha1) 377 - [Changes by Kind](#changes-by-kind-20) 378 - [API Change](#api-change-8) 379 - [Feature](#feature-17) 380 - [Documentation](#documentation-3) 381 - [Bug or Regression](#bug-or-regression-20) 382 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) 383 - [Dependencies](#dependencies-21) 384 - [Added](#added-21) 385 - [Changed](#changed-21) 386 - [Removed](#removed-21) 387 - [v1.25.0-alpha.1](#v1250-alpha1) 388 - [Downloads for v1.25.0-alpha.1](#downloads-for-v1250-alpha1) 389 - [Source Code](#source-code-22) 390 - [Client Binaries](#client-binaries-22) 391 - [Server Binaries](#server-binaries-22) 392 - [Node Binaries](#node-binaries-22) 393 - [Container Images](#container-images-22) 394 - [Changelog since v1.24.0](#changelog-since-v1240-1) 395 - [Urgent Upgrade Notes](#urgent-upgrade-notes-3) 396 - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-3) 397 - [Changes by Kind](#changes-by-kind-21) 398 - [Deprecation](#deprecation-3) 399 - [API Change](#api-change-9) 400 - [Feature](#feature-18) 401 - [Failing Test](#failing-test-1) 402 - [Bug or Regression](#bug-or-regression-21) 403 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-8) 404 - [Dependencies](#dependencies-22) 405 - [Added](#added-22) 406 - [Changed](#changed-22) 407 - [Removed](#removed-22) 408 409 <!-- END MUNGE: GENERATED_TOC --> 410 411 # v1.25.16 412 413 414 ## Downloads for v1.25.16 415 416 417 418 ### Source Code 419 420 filename | sha512 hash 421 -------- | ----------- 422 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes.tar.gz) | 4778dada85b833e9d3a12627fc7641343a1e83391f2e5d525adf7d1dd65d3a6b63945ad11741ea79b2f5a8bf867de49a91c80a0b96fe0cfecd011bb134e6088c 423 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-src.tar.gz) | 0eeec83adc0fd24bf1cf92de3c93b97b3458d3e91b01147c5218adec3185a70bcd534708de6cd418cc2d05b81263fd933de119a115b304fd3cd1fddf8bfea718 424 425 ### Client Binaries 426 427 filename | sha512 hash 428 -------- | ----------- 429 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-darwin-amd64.tar.gz) | 3ed350e314cc287afa5f985b2f350948c6a2b38250d6cda78d5638833f3d2c20ed434a6eef014d1ce8bed9b3fe6f5be1e6a3f0d9b1fb20ba195f5b686b6610a3 430 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-darwin-arm64.tar.gz) | 92023e473bd756b5a42e8fcab5609ea81d05c3e0111b70824e1be24cc6f1d712a41dd0ec760afed961c7d2cda41bed1c9cff1c8a30bb5a9b838cd8c01dcf7253 431 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-linux-386.tar.gz) | c5430be9d5a50f72c035b727685ff26226f84ea17d99686b874704f356250b10dbd1b74a008b26b75c106a2cb557fb21843cfad8549025840c30798bbde81f51 432 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-linux-amd64.tar.gz) | 887be87d9565ccabde80b92988318ee940d3732e07ebc028a57dda61289fa576760806bc8796fa7a8c41509f8379d3491c30dd2c5a13dca7a56d1fc4ece2aa1e 433 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-linux-arm.tar.gz) | be9a74664784021c31d5e582b454434219d643ea5311d200f33afec9638ccafb777954ebbb0a04ee472a7f09cbdb4ba151848ec8f9748fc8c00d2fe21b98bccd 434 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-linux-arm64.tar.gz) | 3ca77c574061bf0fb6fef2f27ce1e17dfbc6aab22d3929e329922528e1d81775be39fc98de9593535d97475168eff6a6cfc886daa257ece7d3b59180a0a9e58f 435 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-linux-ppc64le.tar.gz) | 85114b7fda1598c55fd3c5a8b280915f50963531b85501fac310189059105c014a35e9f5a7c82585f15be91ec4b6151ddc50dffa068ae78879efbf693fcfeeff 436 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-linux-s390x.tar.gz) | 9f0cf98f2c20348486d187e8666651f9d7f1947f2ddaddf979ef945cba511ce9d94f37f7aed3e55c8ff22cb48f9b19e01bfbcd5eb1f8ea72f1bbcf67b4f5af32 437 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-windows-386.tar.gz) | a77aa92e531f7e0a0e827397fb36d20352abfd9ee35ec3b9f46e8513c40fc06c08f00d0b1ee20b1000d28f1e8467cd93a2578e4239878e491f642a00f5cb6cac 438 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-windows-amd64.tar.gz) | 1bc9ca7307f980e7174a09b2d3a3f3c184d620a3e5676456f122335f9b289142668e203b4f079af963f6e8db1cc068d3c1a824709fa4bc62e42c30c191584e4f 439 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-windows-arm64.tar.gz) | 233599accd34db6e98ad3b44a258e8f70b97ce41e453f49d97cff6923ab4f38f5c94757108a77d7830e798475594f2be8478c692beceb9cfd45e4783e3deacf6 440 441 ### Server Binaries 442 443 filename | sha512 hash 444 -------- | ----------- 445 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-server-linux-amd64.tar.gz) | 5ca1d195fe4b938b9decae99c842911bc2ea902e55e281eeb986b5da59e64eabfa8de8a443a2dfdea03aed1f8378ab00d33a00babb3034fb879a98c41ad948dd 446 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-server-linux-arm.tar.gz) | e02da00d2fbd0f661fd1f664a6d28a8674023febf44ffdd8344f4eae063812dae07b663cb5a5e53f75a980fc60672498174ad544d236f9b45adfaf83d7cd373c 447 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-server-linux-arm64.tar.gz) | 30bf96c20c8a28e980d04d8c0868ac9c3253bf868a7b2383df4e5e27694c2570adbccc8562a9dac8e07e42f946179b9e0f6bf83b4c12acab285a441e407e9341 448 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-server-linux-ppc64le.tar.gz) | 88f166d5b8e94813761a1763b02e76c4b7c7fa163be2cdaf1b86ad6b64556f29a2e2313516960ae7a133c55642e8f7ffb024bf0fa72344845c56049543c5539c 449 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-server-linux-s390x.tar.gz) | bffa33638f9fe975d2467733b07a8e19543c890d3ed8c5c3a4b2d8a60c9d46caf0a00a5654463b25a90edde0249ace1450e962b58f9d969e99e1df66b21219ab 450 451 ### Node Binaries 452 453 filename | sha512 hash 454 -------- | ----------- 455 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-node-linux-amd64.tar.gz) | f120b00facb8a03b1e6b2a675878a673ba6faf278c5d8df5ec907b7674ed56cf6489a2d374d2d0603e4f31eccc5d9a452e965fa17ac410f48831264bc8195612 456 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-node-linux-arm.tar.gz) | d2a299e40184fd5d6c6de4a1a8a8345cd461330300b8b0f7eda634e2546988929b4318da68a1cc07fcdbc22f599136a37496db559ea49cdd4b98ea143cbef478 457 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-node-linux-arm64.tar.gz) | 46e7b6326b1b2f6da2de9048aea4cc42424e02d7f09086691eb0453d2ce36a45252c0576b19861611d78262c13812281c3e2279862b77274865a405808004750 458 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-node-linux-ppc64le.tar.gz) | 08c4edb1c1b732388dd7d2808129c339bd8652635ffc85a40fc633ee4a5385b3e9e4c4a1a1215b21569341000ac51784167c4cd5b5d6acf91586331388b8f23a 459 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-node-linux-s390x.tar.gz) | f8f24eaa0aa643e49dc6131b61b677d0e672072c38a932cdac04cd07795ef82bf6834ac83381f1c8bd1123746aec2fae86bc5442ad0c21d90d87470f9b7c781b 460 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-node-windows-amd64.tar.gz) | 6a4847456e31e9ecfe33c98b9873e2a81e5eacf5f0dbd4debd25fd6f866cac17d2f163434aa96a50c7dfecb0f68f356654aa76268e0fd56707a0a73ac89d1ee8 461 462 ### Container Images 463 464 All container images are available as manifest lists and support the described 465 architectures. It is also possible to pull a specific architecture directly by 466 adding the "-$ARCH" suffix to the container image name. 467 468 name | architectures 469 ---- | ------------- 470 [registry.k8s.io/conformance:v1.25.16](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 471 [registry.k8s.io/kube-apiserver:v1.25.16](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 472 [registry.k8s.io/kube-controller-manager:v1.25.16](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 473 [registry.k8s.io/kube-proxy:v1.25.16](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 474 [registry.k8s.io/kube-scheduler:v1.25.16](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 475 476 ## Changelog since v1.25.15 477 478 ## Important Security Information 479 480 This release contains changes that address the following vulnerabilities: 481 482 ### CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes 483 484 A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. 485 486 **Affected Versions**: 487 - kubelet >= v1.8.0 488 489 **Fixed Versions**: 490 - kubelet v1.28.4 491 - kubelet v1.27.8 492 - kubelet v1.26.11 493 - kubelet v1.25.16 494 495 This vulnerability was reported by Tomer Peled @tomerpeled92" 496 497 498 **CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) 499 500 ## Dependencies 501 502 ### Added 503 _Nothing has changed._ 504 505 ### Changed 506 _Nothing has changed._ 507 508 ### Removed 509 _Nothing has changed._ 510 511 512 513 # v1.25.15 514 515 516 ## Downloads for v1.25.15 517 518 519 520 ### Source Code 521 522 filename | sha512 hash 523 -------- | ----------- 524 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes.tar.gz) | 6871520678c03cdab86e4a2daa2eb3a75af8dc9b8054e2ce786efa6debeb98bb46681e3a096996a8832516686bcf1ec13d48b5b666ef7f1b0811712cc5a3210a 525 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-src.tar.gz) | 42fcdbc7fde65dfd97c0606cf0dba2854f4795d69127bec93cc9d6c7e7258353117358fc88742ac11a87a43184a537d354f864c7aef4b191cc0a0df158663a82 526 527 ### Client Binaries 528 529 filename | sha512 hash 530 -------- | ----------- 531 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-darwin-amd64.tar.gz) | 1ba3de7dffed3fb374350b8aeb83687cfe4543cc37b3c3c2c78d318c042186e50c72d457d303fc950fa05803a4260f758de8a3834a8bb5d3d3f04df7ecae070c 532 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-darwin-arm64.tar.gz) | f26afb76ebc5fb7fb1bac81f15f0c7e4c382c7f9f1438e63ca327c1bfcaa01addc4807cbd067f1753ce82ecf8b0335e24b49bbbf2a03ca7bc7edcb6bcf307d06 533 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-linux-386.tar.gz) | 6a752cc7db963a0c515111a3ee83ef229a79478f4130613def4aa4bb76fd9017f090909b92a392583a6a53cb6bef5bb52f749ba0fbf87665cf16cdef359802b9 534 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-linux-amd64.tar.gz) | b5b098e3060014738f687fe063bf3842cb06c7594048acb40b33325c86441f2bf5a0373f0b7ca721f4e0c9e70a3201540747d83bbe6f8b98e180b44629a94443 535 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-linux-arm.tar.gz) | bada4d45443277f4378ede281e85f13c19c40b95e1d2787ce9cfcc387014c36da7e8be2a6c552ca907472aafb27641fa04d16fa9cec98ad4250def7a6e83b1e7 536 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-linux-arm64.tar.gz) | 76de56fcfc29b57e29265a6217e5a958208d8967c65517f17aceab0fc2b77a99f779f96b7e5651b932782e42c95d2346d6bc5768f68bd85294347fce9e0f07ee 537 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-linux-ppc64le.tar.gz) | 18364a4901843228a8627d137768217830c6e5ce4cb4af5dde34df24b1cd7b1007f48dda7977323d75422c66741a1e6df46f4aaa30da75a8c1d538957722a453 538 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-linux-s390x.tar.gz) | fc6c20bb932e24fc79fda41be2eed12915c510ace17bf6378378b9a994daf38461f694ac6894af0390720e3130d1fc9fc57dc29fda92ac367e294105d74c4d13 539 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-windows-386.tar.gz) | 1ee87cdeb421a86e50d14428309425bf45324b00c54ee336ad419a597e82efab21959f32b46c55716d6b2cb20a652b00df3c5902fea3f30d492859659dc405a7 540 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-windows-amd64.tar.gz) | a68f9ce70385225be174df2ffe8ef744af5de817e1b965d042e00a51c9a1d683208c4841302f2239cf0fad9f5b3dc75a43bab4ca2dd06888cc0d990d59313022 541 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-windows-arm64.tar.gz) | 0c9af476790947f715a4179952a0c03bb4c7e37ab7b13d0927d87b295a185fffbb997def5a3f0dd159b32b714ed1700425c64c8ce60ce65b8691a9bd7469076c 542 543 ### Server Binaries 544 545 filename | sha512 hash 546 -------- | ----------- 547 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-server-linux-amd64.tar.gz) | 7531e4516efbfd3f217a34860a737606d3f098b186736de8de864aae7037a67416905c585ae3df56b167f7c7fa38a82f05cc6268e37afa9a7335a7e4126f381e 548 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-server-linux-arm.tar.gz) | b1c89432094435666611577177a4900eaf7e7f7fd0cad0327b642cf040a33b53218ec92977bcca8530f3cea40fb54d7fd87371811924c2f735c9f0046541e625 549 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-server-linux-arm64.tar.gz) | 0f1cb1cf7e6c1be6a08de042a0677429b83114e0bf8686b017b428978d48e7f7c9f90482744430abb0b5919d3470aadd670592324259ce9a16a362646f1680b7 550 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-server-linux-ppc64le.tar.gz) | 3acbc9635350484ad938bc8926ae294cff5fb2911c16fb59426a4a97c22bd157485aeb5d8bcf51f8543b0067f1893e4edf225d56a4854a09656af06bf9404c5c 551 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-server-linux-s390x.tar.gz) | 5a2dc4d99627d1b6836bdd340144766674865fcedcc1d994aa3f96db9dc19ec3b01eea2eb0eead6ee9fbfa9161d52a81afe1e803910a9f3aad321d4a90f7223a 552 553 ### Node Binaries 554 555 filename | sha512 hash 556 -------- | ----------- 557 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-node-linux-amd64.tar.gz) | 09cf4cc4dce2eb753a52579379a851446ccd2604e73cfb8168d235d554e952bfa4ea1d2c3de96b7f286b3cff63e673de1354ea158ce69b52521efddd051268e7 558 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-node-linux-arm.tar.gz) | 1a6014e521c7691621fb10b2eb2697c671b76652b702cb8c8cabccce6d37fe5f39c8faf7284779f2f06096c543e1d880b704b0181bd1ff9969d67e1b95b383b7 559 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-node-linux-arm64.tar.gz) | 4c4176cb9a6401764d771b6b01d8f601163942fdb46e16e062ec0c1cea9e9318ebc9635d5755848ef03b67a6c4f72d4ca199bd6a7f0a531d0d421ecc8ab1951a 560 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-node-linux-ppc64le.tar.gz) | e0c77fb0f0a4097a95b72a7dbf579b6a519fe6b0ad04083d3ecdaa327f4c0479d259eb37b09a489aa3d3777bc9f39d19fe924d9d8fef883c431874a4bc160687 561 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-node-linux-s390x.tar.gz) | f37c39adab7bbd1935cfb912da9036d0769a561a3d5937fdc67e064a1f85dbeb19824b31309f2493a1d37a4b9d9b5caf6e19a873901a8ea05e0da19493525bf2 562 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-node-windows-amd64.tar.gz) | ed3553437414b71cb2e4044555837266bd356a9015a95100817b30082fd3c98d904d1c065f0288238b80e58b5f29feb07a1a9d25203fbe9f83f38d0af06c3831 563 564 ### Container Images 565 566 All container images are available as manifest lists and support the described 567 architectures. It is also possible to pull a specific architecture directly by 568 adding the "-$ARCH" suffix to the container image name. 569 570 name | architectures 571 ---- | ------------- 572 [registry.k8s.io/conformance:v1.25.15](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 573 [registry.k8s.io/kube-apiserver:v1.25.15](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 574 [registry.k8s.io/kube-controller-manager:v1.25.15](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 575 [registry.k8s.io/kube-proxy:v1.25.15](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 576 [registry.k8s.io/kube-scheduler:v1.25.15](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 577 578 ## Changelog since v1.25.14 579 580 ## Changes by Kind 581 582 ### Feature 583 584 - Kubernetes is now built with Go 1.20.10 ([#121150](https://github.com/kubernetes/kubernetes/pull/121150), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 585 - Kubernetes is now built with Go 1.20.9 ([#121022](https://github.com/kubernetes/kubernetes/pull/121022), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 586 587 ### Bug or Regression 588 589 - Adds an opt-in mitigation for http/2 DOS vulnerabilities for CVE-2023-44487 and CVE-2023-39325 for the API server when the client is unauthenticated. The mitigation may be enabled by setting the `UnauthenticatedHTTP2DOSMitigation` feature gate to `true` (it is disabled by default). An API server fronted by an L7 load balancer that already mitigates these http/2 attacks may choose not to enable the kube-apiserver mitigation to avoid disrupting load balancer → kube-apiserver connections if http/2 requests from multiple clients share the same backend connection. An API server on a private network may choose not to enable the kube-apiserver mitigation to prevent performance regressions for unauthenticated clients. Authenticated requests rely on the fix in golang.org/x/net v0.17.0 alone. https://issue.k8s.io/121197 tracks further mitigation of http/2 attacks by authenticated clients. ([#121201](https://github.com/kubernetes/kubernetes/pull/121201), [@enj](https://github.com/enj)) [SIG API Machinery] 590 - Fix a bug in cronjob controller where already created jobs may be missing from the status. ([#120649](https://github.com/kubernetes/kubernetes/pull/120649), [@andrewsykim](https://github.com/andrewsykim)) [SIG Apps] 591 - Fixed a 1.25.12 regression where kube-controller-manager can crash when StatefulSet with Parallel policy and PVC labels is scaled up. ([#121187](https://github.com/kubernetes/kubernetes/pull/121187), [@aleksandra-malinowska](https://github.com/aleksandra-malinowska)) [SIG Apps] 592 - Fixes a bug where Services using finalizers may hold onto ClusterIP and/or NodePort allocated resources for longer than expected if the finalizer is removed using the status subresource ([#120657](https://github.com/kubernetes/kubernetes/pull/120657), [@aojea](https://github.com/aojea)) [SIG Network and Testing] 593 - Fixes creationTimestamp: null causing unnecessary writes to etcd ([#116865](https://github.com/kubernetes/kubernetes/pull/116865), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery and Testing] 594 - Revised the logic for DaemonSet rolling update to exclude nodes if scheduling constraints are not met. 595 This eliminates the problem of rolling updates to a DaemonSet getting stuck around tolerations. ([#120792](https://github.com/kubernetes/kubernetes/pull/120792), [@mochizuki875](https://github.com/mochizuki875)) [SIG Apps and Testing] 596 - Sometimes, the scheduler incorrectly placed a pod in the "unschedulable" queue instead of the "backoff" queue. This happened when some plugin previously declared the pod as "unschedulable" and then in a later attempt encounters some other error. Scheduling of that pod then got delayed by up to five minutes, after which periodic flushing moved the pod back into the "active" queue. ([#120334](https://github.com/kubernetes/kubernetes/pull/120334), [@pohly](https://github.com/pohly)) [SIG Scheduling] 597 598 ### Other (Cleanup or Flake) 599 600 - Etcd: update to v3.5.9 ([#118077](https://github.com/kubernetes/kubernetes/pull/118077), [@nikhita](https://github.com/nikhita)) [SIG Cloud Provider, Cluster Lifecycle and Testing] 601 - Fixes an issue where the vsphere cloud provider will not trust a certificate if: 602 - The issuer of the certificate is unknown (x509.UnknownAuthorityError) 603 - The requested name does not match the set of authorized names (x509.HostnameError) 604 - The error surfaced after attempting a connection contains one of the substrings: "certificate is not trusted" or "certificate signed by unknown authority" ([#120765](https://github.com/kubernetes/kubernetes/pull/120765), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) [SIG Architecture and Cloud Provider] 605 - Set the resolution for the job_controller_job_sync_duration_seconds metric from 4ms to 1min ([#120670](https://github.com/kubernetes/kubernetes/pull/120670), [@mimowo](https://github.com/mimowo)) [SIG Apps and Instrumentation] 606 607 ## Dependencies 608 609 ### Added 610 _Nothing has changed._ 611 612 ### Changed 613 - github.com/vmware/govmomi: [v0.30.0 → v0.30.6](https://github.com/vmware/govmomi/compare/v0.30.0...v0.30.6) 614 - golang.org/x/crypto: 3147a52 → v0.14.0 615 - golang.org/x/net: v0.8.0 → v0.17.0 616 - golang.org/x/sys: v0.6.0 → v0.13.0 617 - golang.org/x/term: v0.6.0 → v0.13.0 618 - golang.org/x/text: v0.8.0 → v0.13.0 619 620 ### Removed 621 _Nothing has changed._ 622 623 624 625 # v1.25.14 626 627 628 ## Downloads for v1.25.14 629 630 631 632 ### Source Code 633 634 filename | sha512 hash 635 -------- | ----------- 636 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes.tar.gz) | bd7cee7ac797ea79f9799e85ea82cdfa3f1c813e1aa3b10d0862f21b5c2eaba6640516157fdfba5d3640f8f480c3dc929cc1e7c751b77bb0325bcfbc15660962 637 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-src.tar.gz) | b7479a8d5b13810129c9018c51ff3ee5a4a5581aa81f169f74021c3e3da4182d0c7a97cc068f5bfae51aeef3a57d6f6bbb4a8629f7f9851e8143acd3718a6e2a 638 639 ### Client Binaries 640 641 filename | sha512 hash 642 -------- | ----------- 643 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-darwin-amd64.tar.gz) | f870f01b48ec33c86c9343f731ae53cb4aba1e98e470199d632768f159053c7fdb881e382d7b55adf41bb46156b57c53d7a493261fdb12391578efd8a9b93214 644 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-darwin-arm64.tar.gz) | 696c5ec6b7dd127d4cf5093eac29255e258000d8794b87b2b9270cf85a39eb09b455982141f75923cd2195bde004a5d574aa575a4c234e4e062551d1e0b320e7 645 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-linux-386.tar.gz) | 69bfc6e412a4f891e47be1cdb7ed7ffc403f3cf1a28834967676ebf9dd845f2f9d6881ced81897cc20ef70a0e300fff18812bcca41b8ac911988ab9a22b1b678 646 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-linux-amd64.tar.gz) | a545ff1486658255f24a65c067277b2341a0f0414671eee2b1e6b14561b74273a19ea367228eb1b95b8881b953a42c346655b7cb249e7062ab5a7bd91f89f2bd 647 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-linux-arm.tar.gz) | f9aebfccbc5dea0eb5fb0bb422d73f05f2cc49a385c54c5a0cf893dcb4f4284f2deb0c60ac6f016a4a670ad4efd79a4962ba59273849d472e39eec18fd1cfa4c 648 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-linux-arm64.tar.gz) | f7c50de7a9fd25e8045dc9bdefb3a51809a0bfb7a8fa71f90fd9ba4783a133bd8faa3bf11af80178b2cdf537d0640c118f934634eecea1b8cc6d73f0b6c6515d 649 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-linux-ppc64le.tar.gz) | dff3f42e1c8b04fdbafcc0cee7b14e05f56a35ec175b528ff12d2c7f838716017d6f9dca554bb46a7de831d2066ea3bc8702ec2b68fa8afe3579bcd41ed9f95a 650 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-linux-s390x.tar.gz) | ad5900e2355a5c6dbd7b4ae09b3f6e2443fc3b3178e8e8b6a1d0c5de62bf1ed58cffb8cb714d06a80dd8aeabb1f967ee540daa3de47c8245a9884175fb709d5f 651 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-windows-386.tar.gz) | 4e2a159b65708c4063d6acce8ba07546bd8f45a14315ed7885d9f20dd281c45987be97eec95c7d5d4523b6337eeca4a74a7598fb2c351ca52f52bf5755b20cee 652 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-windows-amd64.tar.gz) | e428049515f5700a4d6b9edc2b35ffc295a753ec1f6ba04700c68cef2c5f34ee43bd165fab6fa1d15b8ccda2bdec676b9b70fb57d55a8a1d4c48e07aca058186 653 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-windows-arm64.tar.gz) | fc718e8b96dfec640e3b84ff9d2ab35a812060b4804e32435230139f1915789d493ebfdc18fd0b5c4426d28ac4c6cb9e4e27100c064f6cc3e652b67807a1f19c 654 655 ### Server Binaries 656 657 filename | sha512 hash 658 -------- | ----------- 659 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-server-linux-amd64.tar.gz) | d9bb3eefe2868b60d73064b3d2feaf3405e11276507a59bf1a8ee5b656a048e945b46fe4c2a652764e2540928b6457530e0c78f389afe13b2cc981d068aeb3ef 660 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-server-linux-arm.tar.gz) | 67b2a97f491294004cf7151e3d6e5298b31b71e53a80f0503cad4d02fafaaf250a8ef53ff9733a96e629caacfc0c4a2177c883334b554ba970969348c7868987 661 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-server-linux-arm64.tar.gz) | 7e9229b1b94a97d47cfd8b9968743120c347d0e4b433e9bd535bc10108baf7e2a6f29d7b5c370aea1430799404b70d467258e350cfd771054f22ccf7f7811199 662 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-server-linux-ppc64le.tar.gz) | 4bf3ad8558a68048a78ad1a6ec7f52a6af8fa6a929233e76debbf1b0bfb883b72d5fd4d2528c20745c31ee72b78c897a884fb3de9cd01acc64218efd4eaec417 663 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-server-linux-s390x.tar.gz) | c7a0c14265a82d0ed6c00f1cac427d4e6ba0afaf045149c212e62fa7f177482ce2bd74d364420192d6d12014cda8913c68318bfe53cbefb640952d52f665d6cb 664 665 ### Node Binaries 666 667 filename | sha512 hash 668 -------- | ----------- 669 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-node-linux-amd64.tar.gz) | 878478d29f4c7dbe3bef15c483f81cad829facc8b640e96a224f849f7437bb154b9700f130a76fac22a764ecea6060d629ea0f8749b32920412080e165237126 670 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-node-linux-arm.tar.gz) | bae57eddf98d3d7f0efd187238a538fd79c184c9ec6d66c0ffa406af4773284c892ffabd7f4f29b7d56ed5f543c21732d8cb76cc004847a2a7c8f1c2760766c6 671 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-node-linux-arm64.tar.gz) | 900ad33636733498dfac78e2e6d052eed974cd4d68cd07f563b902d093ba9bf87b5921d8e0658d19e4ff8c4eb1d5629aaee3b2f8a80fe08d0efab3cffd707d2d 672 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-node-linux-ppc64le.tar.gz) | 08f7d1341899073546065e40d7ec406fd74cf5f1558e0c455f46c05c88da2d86b28be7f107b215dd8faa083dea412bfd5a8dc34d2f62814054fe53e33e1e9b4d 673 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-node-linux-s390x.tar.gz) | de4962563b9bef393e519eb4ea2c84e4cfb1c17c551a61647446f513c5cecda19c15c1514b4109fdb9c1b33afb48785ae8ccbd5445aa04fb74556fd9b301e4e2 674 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-node-windows-amd64.tar.gz) | f48f4bda057f0c0745145c27358134c072a4fa269e03da6e5dfe861f6b59bed2a956f5e39a1c5f68cb6c36e7ef38af6153a5c4769be5ddc1f9acbda012c17b3e 675 676 ### Container Images 677 678 All container images are available as manifest lists and support the described 679 architectures. It is also possible to pull a specific architecture directly by 680 adding the "-$ARCH" suffix to the container image name. 681 682 name | architectures 683 ---- | ------------- 684 [registry.k8s.io/conformance:v1.25.14](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 685 [registry.k8s.io/kube-apiserver:v1.25.14](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 686 [registry.k8s.io/kube-controller-manager:v1.25.14](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 687 [registry.k8s.io/kube-proxy:v1.25.14](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 688 [registry.k8s.io/kube-scheduler:v1.25.14](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 689 690 ## Changelog since v1.25.13 691 692 ## Changes by Kind 693 694 ### API Change 695 696 - Mark Job onPodConditions as optional in pod failure policy ([#120211](https://github.com/kubernetes/kubernetes/pull/120211), [@mimowo](https://github.com/mimowo)) [SIG API Machinery and Apps] 697 698 ### Feature 699 700 - Kubernetes is now built with Go 1.20.8 ([#120497](https://github.com/kubernetes/kubernetes/pull/120497), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 701 702 ### Bug or Regression 703 704 - Cherry-pick #115769: Fix the problem Pod terminating stuck because of trying to umount not actual mounted dir. ([#119832](https://github.com/kubernetes/kubernetes/pull/119832), [@cartermckinnon](https://github.com/cartermckinnon)) [SIG Node and Storage] 705 - Fixes a bug where images pinned by the container runtime can be garbage collected by kubelet. ([#120056](https://github.com/kubernetes/kubernetes/pull/120056), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG Node] 706 - Fixes regression in 1.25.10 causing running pods with devices to be terminated if kubelet is restarted ([#119707](https://github.com/kubernetes/kubernetes/pull/119707), [@ffromani](https://github.com/ffromani)) [SIG Node and Testing] 707 - Ignore context canceled from validate and mutate webhook ([#120017](https://github.com/kubernetes/kubernetes/pull/120017), [@divyasri537](https://github.com/divyasri537)) [SIG API Machinery] 708 - Kubeadm: fix nil pointer when etcd member is already removed ([#120013](https://github.com/kubernetes/kubernetes/pull/120013), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] 709 710 ### Other (Cleanup or Flake) 711 712 - When retrieving event resources, the reportingController and reportingInstance fields in the event will contain values. ([#120065](https://github.com/kubernetes/kubernetes/pull/120065), [@HirazawaUi](https://github.com/HirazawaUi)) [SIG Instrumentation] 713 714 ## Dependencies 715 716 ### Added 717 _Nothing has changed._ 718 719 ### Changed 720 _Nothing has changed._ 721 722 ### Removed 723 _Nothing has changed._ 724 725 726 727 # v1.25.13 728 729 730 ## Downloads for v1.25.13 731 732 733 734 ### Source Code 735 736 filename | sha512 hash 737 -------- | ----------- 738 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes.tar.gz) | 950e8389ce4113297aa7c2b9fb4fc47988be1a270bef7f3f3e9b1fff8b09d11dd1cb01434a387bba7405f9934942719997c44690e8fa7ecd491e88f29d835924 739 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-src.tar.gz) | 841ca8a138aa949052f7c1a854ecf82d83007ec4c08b878f6e3dec5f36862a2fbf00245518dfe41cc5288a2fbc0f7899fb0b8c673bbabdc915971239b82cd3d0 740 741 ### Client Binaries 742 743 filename | sha512 hash 744 -------- | ----------- 745 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-darwin-amd64.tar.gz) | f897f826335abfa46ae4f6db338bccd3fd7defc41a983cddd8e09f5cbe84497c254466092b42b6d19b6792567d9dda57638595ed9c19b892ea9195685f5acdbb 746 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-darwin-arm64.tar.gz) | 2a8b6c79ca2414fb711ede8d4a1ecba2501106d9c28d4ad2b3ceb16b02b8310a38c957942a893f4ce8a59fa5935127974e9eb42c11471b8a5b375d5e8f955d8c 747 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-linux-386.tar.gz) | 3a3b0491a6c975b3e0f727b6529c40a36bcc61699fc3e964e39d595749c52ed38c8c5199b2b53f12aa7dfe5570b4fda8b86c2dd826c791d75d41b928dbc87a76 748 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-linux-amd64.tar.gz) | 621b0e8c737a54d84aebfa516ac0b5b175c91eea1af2792b83dd6870b2569032980e447a51798467c2b8b4fbf61c974aa640e457b297319e98184da358abd2a6 749 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-linux-arm.tar.gz) | 0527a2c97878fbc9db3a7014fefd75a391544a3552cc8eb13c7a6f68c0ea7bf2cd9db13a900114f4afbb950affce3e28aea43cb82a714f2b6695bf709a22c4b0 750 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-linux-arm64.tar.gz) | 8bfae3a7c6a77fc861bb9180c19325c062d52f4db350791396eaeab496f7cadc4634c37f37850ce254b151156ddfc4aab40fcbf1bd5ca19c2c1d58cc33d70e94 751 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-linux-ppc64le.tar.gz) | ab0e8cf03cbb144ae359c697263ed1788939ed09953685eb3b11d08462347cdbcf1586a79a0fd7c1926ec1c15782767d4568ba3d7fbd9d0ced3b9366e93bbfdd 752 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-linux-s390x.tar.gz) | 56ea73b7634f0ad4ed94ef05897d1a9ce40fc4fb1e9f563ece87f16b9357bbc797cb4f1cac6c56da87833e5f53b76a2bb53bb0420e4c7a0c24943fa3d85b716a 753 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-windows-386.tar.gz) | 03fec1783464e20bbae04d31c65ec3ac1b1455fa0924b8c6e84333ba141ed99ab0e24611382b68908dfd5e90cc925551ae880aef982837224e967002a08063f1 754 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-windows-amd64.tar.gz) | 9a11606a417206bca2d777c65e9f51e1ff38a6960c074a4c22f702ec08f29b564dea19ad9733a9ef2238df332f39dd74941af3ec19d551739ae5d82c7c06c740 755 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-windows-arm64.tar.gz) | a09ae6253ffd5227408117bcec5e2b922c60f57b1db2ee37d79d175a33f85e671fe960f69ed280c871ae8ff1bcf5707e04f63507d85b8ae5f1f8f532d5df8365 756 757 ### Server Binaries 758 759 filename | sha512 hash 760 -------- | ----------- 761 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-server-linux-amd64.tar.gz) | ad25eb2aa2e0df40876c5ee4f27d8fb422b138a0a6ad6d867bfcd54038229a91f63ab5d8c0edbd5ba9a85734796c72f97d5d400c8a2f825d0c8ab63d9136e883 762 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-server-linux-arm.tar.gz) | 36b47746359653282ca02780dd25ee3858e19a0a0e9d7b45dc2638b05e4d063fad9a1c46ee50470e19756971205858a8fef661c5c93933c137ffc905d3a8f0b1 763 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-server-linux-arm64.tar.gz) | 03dcdc966d7d5255d2f1fdb166f69fd3cd2a3285150f40c63bd7b6498ccf969572b7117aaf1951395c4f397bbc0d1b0148881a3950388bcd82e315bcfc9ef97c 764 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-server-linux-ppc64le.tar.gz) | c78062f340900921d24034b324776a35d6f9fba4b19ef9b4a5f4b7e2ecbf9c6e2b52ec84926b99550ea87da6cf9318b6af9d4c0f19ec5a76f053703f8acb4b54 765 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-server-linux-s390x.tar.gz) | 71f7bd24b99f703486977a50238b5ae1d925ce92ddc5a29d7301a590d267db70191f1f8449b5e14122496e204d090c875bc1ab298178acf2f6b288bd40dc941d 766 767 ### Node Binaries 768 769 filename | sha512 hash 770 -------- | ----------- 771 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-node-linux-amd64.tar.gz) | 4c24d74ba435ccd9079da19476fcf3fb3771915603e187a6791d8e32a2736946d400816ac5b1e174187c77ba20889acc11acf4b9187c3c8bb2e27cf89b9ebe97 772 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-node-linux-arm.tar.gz) | 96eb22ab7957952552a45a28aaa5901ecc2b7deea1832bcc877e2e88e787a7ca06daaee870307a3ade02e2d764388216d47fbadc9fe5a1fac95c2a1cd4d38c42 773 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-node-linux-arm64.tar.gz) | 91d80f10b04e7d8734e9f508f2e5935d9d000ae5503f36ef26a832a254a8c092000b0cc04b8f1126939b78c1f1761b243cbb7818be4990ad9cfec8b9c6e925fb 774 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-node-linux-ppc64le.tar.gz) | 6449652501588f86d500dc2d53a0d89435003db74466b851aacb500e3a07ddbd2c4f61ea8064240cdbdee83faedccae38ada66ff083cc9701503fe40ad65eec5 775 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-node-linux-s390x.tar.gz) | 59929f0520afd8824a8fbbf7587466d55a8d1202978b6a555cc5ccfc74c49e1969d6eecaa7dbd17f14b7cc778083bfe0eae14ef8798f66c80ee5e000eac9de01 776 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-node-windows-amd64.tar.gz) | 39510d6da1bec049f0021f5854c62256105da903555c90961d8bb3c43e019c68691a7d79209afb6c66811eb19448be7f76b0dd570ad6a65b192a83569083a099 777 778 ### Container Images 779 780 All container images are available as manifest lists and support the described 781 architectures. It is also possible to pull a specific architecture directly by 782 adding the "-$ARCH" suffix to the container image name. 783 784 name | architectures 785 ---- | ------------- 786 [registry.k8s.io/conformance:v1.25.13](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 787 [registry.k8s.io/kube-apiserver:v1.25.13](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 788 [registry.k8s.io/kube-controller-manager:v1.25.13](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 789 [registry.k8s.io/kube-proxy:v1.25.13](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 790 [registry.k8s.io/kube-scheduler:v1.25.13](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 791 792 ## Changelog since v1.25.12 793 794 ## Important Security Information 795 796 This release contains changes that address the following vulnerabilities: 797 798 ### CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation 799 800 A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. 801 802 **Affected Versions**: 803 - kubelet <= v1.28.0 804 - kubelet <= v1.27.4 805 - kubelet <= v1.26.7 806 - kubelet <= v1.25.12 807 - kubelet <= v1.24.16 808 809 **Fixed Versions**: 810 - kubelet v1.28.1 811 - kubelet v1.27.5 812 - kubelet v1.26.8 813 - kubelet v1.25.13 814 - kubelet v1.24.17 815 816 This vulnerability was discovered by James Sturtevant @jsturtevant and Mark Rossetti @marosset during the process of fixing CVE-2023-3676 (that original CVE was reported by Tomer Peled @tomerpeled92) 817 818 819 **CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 820 821 822 ### CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation 823 824 A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. 825 826 **Affected Versions**: 827 - kubelet <= v1.28.0 828 - kubelet <= v1.27.4 829 - kubelet <= v1.26.7 830 - kubelet <= v1.25.12 831 - kubelet <= v1.24.16 832 833 **Fixed Versions**: 834 - kubelet v1.28.1 835 - kubelet v1.27.5 836 - kubelet v1.26.8 837 - kubelet v1.25.13 838 - kubelet v1.24.17 839 840 This vulnerability was reported by Tomer Peled @tomerpeled92 841 842 843 **CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 844 845 ## Changes by Kind 846 847 ### Feature 848 849 - Kubeadm: generate CA certificates with a start time that is offset 5 minutes in the past relative to the current system time to workaround cases of clock desync. 850 client-go: allow to set NotBefore in NewSelfSignedCACert() ([#119115](https://github.com/kubernetes/kubernetes/pull/119115), [@champtar](https://github.com/champtar)) [SIG API Machinery, Auth and Cluster Lifecycle] 851 - Kubernetes is now built with Go 1.20.7 ([#119836](https://github.com/kubernetes/kubernetes/pull/119836), [@jeremyrickard](https://github.com/jeremyrickard)) [SIG Release and Testing] 852 853 ### Bug or Regression 854 855 - Fix Topology Aware Hints not working when the `topology.kubernetes.io/zone` label is added after Node creation 856 - Fix a data race in TopologyCache when `AddHints` and `SetNodes` are called concurrently ([#117267](https://github.com/kubernetes/kubernetes/pull/117267), [@tnqn](https://github.com/tnqn)) [SIG Apps and Network] 857 - Revert kubelet prober metrics `pod` tag to include actual pod name ([#118549](https://github.com/kubernetes/kubernetes/pull/118549), [@a7i](https://github.com/a7i)) [SIG Node] 858 - Update kube-apiserver's priority & fairness work estimator such that 'max seats' is MIN(0.15 x nominalCL, nominalCL / handSize) 859 860 This fixes a bug where clients with requests using hand size x max seats greater than the nominal concurrency limit can starve other requests in the same priority level. ([#118601](https://github.com/kubernetes/kubernetes/pull/118601), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery] 861 - Update the Event series starting count when emitting isomorphic events from 1 to 2. ([#119376](https://github.com/kubernetes/kubernetes/pull/119376), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG API Machinery and Testing] 862 863 ## Dependencies 864 865 ### Added 866 _Nothing has changed._ 867 868 ### Changed 869 _Nothing has changed._ 870 871 ### Removed 872 _Nothing has changed._ 873 874 875 876 # v1.25.12 877 878 879 ## Downloads for v1.25.12 880 881 882 883 ### Source Code 884 885 filename | sha512 hash 886 -------- | ----------- 887 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes.tar.gz) | 2f9ca81fc45ac2c3b3dfbe922e295f4d85aa8e7e2fdc87dd9814e96d9646b275024cbdadc54f7498d4b46cf157faa70b0d62e3ce04f6d25aa1affcff115c8ded 888 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-src.tar.gz) | 9ecaa0446b4f1d22b20c50dde823ac67cdfaf437b8e49b0ac44c55e3c5b0bf4127bb2e9c7e23528cce015eed66cb0842e1aece2a2bcadfef3a77085f7f5e1610 889 890 ### Client Binaries 891 892 filename | sha512 hash 893 -------- | ----------- 894 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-darwin-amd64.tar.gz) | 06b2e81277adc945a54351f8fc7f49109edf144d4ef5138311690c4f7dc8c55c7d153bb9fba66bdb03d9b47b187a613e13e587c4adb490df245b7ec8a6f786fe 895 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-darwin-arm64.tar.gz) | 47c5d17e83dc2cc990bc98c5f402d1cf5a8afea15eb419189defffb77d1a93e7cffe1eb846619904e5f51fc69bd0ddef13cede7edee821cc96bec7d4c57a98b6 896 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-linux-386.tar.gz) | ddc6c1ccb6e03b126a512f5ef0e2c17c92fc3ca6baeff37300ea1505b7991af9fff7bcfe2e3046b286dca1e3472f0c975f1dffd22be70120a4b6a160652ef80d 897 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-linux-amd64.tar.gz) | 7e86060e701a1c8d69518143b49d03ad49decacb89291df83f0b5d9a541f5d6a1d8a8c8c0f7988815ed8092c54165edfe750bd37a219717bf60b782efaf52b30 898 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-linux-arm.tar.gz) | 254dc773082612d4dc01a013db3e6053f9272b3616b3dc4a2146fdea9b75b71e2cf174b1c374d5975f3ea67e94704f526c82b09de5ca1ec689d1632c782b2ca5 899 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-linux-arm64.tar.gz) | 1c4c52f418029fc0209e53bba7279d6cceaec44d8b16bc11a990b7e83776cd255a3b70255950a128123ba0ce98e836a75069325ec8f8b516f6fe9a94ab615d56 900 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-linux-ppc64le.tar.gz) | 172131eac50f93d2dc1d2adacbb1e0f3a227bdaf7828f426cc759f1452be17c195fc590858997c8c2ad336c9f6e2a83ae0fa3c36200417f2098534fa76239294 901 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-linux-s390x.tar.gz) | d09cc7e23326e9f5161f9b33a88ba31467b97a4bfef0ffca2efa691f5967de653b56bf4921fa034e6d045ef85ec43dfeda898125eeef112904030f477b3208b9 902 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-windows-386.tar.gz) | b5060c5213dc8a893bc6bf95b8632c5aa643ee423032403cadd14f3fced1764cdf8c964d32d2d7e6dcfc0837a7774051a93ce583955e8870ce6b7ff580bc4b13 903 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-windows-amd64.tar.gz) | ee91f87e8e53dadb13a9d598d68166929b97e161752314d1c6e0d3c3f61bf62b5e371d1c206045af93a1c287892b9a3d7bec1ed56b96e1ff5cc65f3840d1fa9d 904 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-windows-arm64.tar.gz) | 64b4a89bdd44bf7352aefb407183bd8fe2af83c1a89338ce15faad3e2d766a4dba77a0c5ec04cf188f4c6c07ed7ddfaa643d1e4d8e1eb12cfe2af003d3c9c21e 905 906 ### Server Binaries 907 908 filename | sha512 hash 909 -------- | ----------- 910 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-server-linux-amd64.tar.gz) | f93c5f61fdf79260c7374c6dbcafe3db5e1d025428df59b7449e194f3a0da9095a5a152394301d80c8c9bfeffbbaf825dd6b191d83d1f2be8d23f11e614675b4 911 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-server-linux-arm.tar.gz) | 1d327aa2da53310001cf30965d2355a4d3d7dbf348ddd7b9fee701b858052c1575bd5576a4aa02ae8855140d2c4b27668db6a647edca482148ad3962323ebe66 912 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-server-linux-arm64.tar.gz) | e173e0e6d1d6dec15e49e014290c95b8d87cce1143ae2f628f0b874dbed1eaea1c06f0d060a945869d37df1532c114a5a068a6e072112a6e9f74de658822f483 913 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-server-linux-ppc64le.tar.gz) | d1f4a0414430cc056bb15df9dcd78a1b88e18597a3f58feebcc6de73316643a2173603238f4223a24ee013430cd8bd412682359f103c4cf33007145f1ba55076 914 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-server-linux-s390x.tar.gz) | 40aa735dce3dff96d615db06927ef52d506da62c1f257d26af91a0f8634f5770690dd54e9d4aa846bb51f8a30d756dd3442190d189a876d000be168e8c71498b 915 916 ### Node Binaries 917 918 filename | sha512 hash 919 -------- | ----------- 920 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-node-linux-amd64.tar.gz) | 178ab16d39f1ed7a1d342a6ad800eb98de365d75c39a7fd9f4621abc49e40560be3c428a0a2e499308fbc3cef859648a001863bb028ee8e702d56486f3409971 921 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-node-linux-arm.tar.gz) | 5cf2b85e7da7c8866b4f77ae7e229a32575810ee0379bc73832afd6ab3f9e878abce2b884e968efc07508dbb1505f6f4543efc8332169c1aae8e182a8266aa45 922 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-node-linux-arm64.tar.gz) | 19b731c92ef559d9f5b6f1403cb8da6339810fce89e0b79401d415b0ee0abc353b2a413c14ee33483baf9a1535aeb4848f114af5b1015ce6894c4bf1e87b1ee7 923 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-node-linux-ppc64le.tar.gz) | 6427158757354dda589c439354e51a089765ab9760211462cfb905f612e4cb6ac92d928e6523096a7320a3619dae4b6c8e031dd6f407ff0cea58b98d6cdb07d6 924 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-node-linux-s390x.tar.gz) | dcf22cff0895c321ea1430cde750a52174eb97adbf3ada4ff6bd1ecd7b631d395ddc14f91bfc1a704bdd31b8e3083f4bf292c068b77ea1afcd4fc633070b6d92 925 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-node-windows-amd64.tar.gz) | 09fb6bd18d2c8a14ebae1aed0eab55cb78038de8970b2c943106bc57bc42014e46ec7abe0a49562f4863b8aa8975782f55b3cc3ad4fc01437886ef1b7cb980dc 926 927 ### Container Images 928 929 All container images are available as manifest lists and support the described 930 architectures. It is also possible to pull a specific architecture directly by 931 adding the "-$ARCH" suffix to the container image name. 932 933 name | architectures 934 ---- | ------------- 935 [registry.k8s.io/conformance:v1.25.12](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 936 [registry.k8s.io/kube-apiserver:v1.25.12](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 937 [registry.k8s.io/kube-controller-manager:v1.25.12](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 938 [registry.k8s.io/kube-proxy:v1.25.12](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 939 [registry.k8s.io/kube-scheduler:v1.25.12](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 940 941 ## Changelog since v1.25.11 942 943 ## Changes by Kind 944 945 ### Feature 946 947 - Kubernetes 1.25.x is now built with Go 1.20.5 ([#119202](https://github.com/kubernetes/kubernetes/pull/119202), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 948 - Kubernetes is now built with Go 1.20.6 ([#119368](https://github.com/kubernetes/kubernetes/pull/119368), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing] 949 950 ### Bug or Regression 951 952 - Fix component status calling etcd health endpoint over http which exposed kubernetes to the risk of complete watch starvation and is inconsistent with other etcd probing done by kube-apiserver. ([#119039](https://github.com/kubernetes/kubernetes/pull/119039), [@serathius](https://github.com/serathius)) [SIG API Machinery] 953 - Fix cronjob controller handling of complex schedules, like "30 6-16/4 * * 1-5", for example ([#119137](https://github.com/kubernetes/kubernetes/pull/119137), [@kmala](https://github.com/kmala)) [SIG Apps] 954 - Fixed a performance issue where pods weren't created/deleted in parallel for a StatefulSet with podManagementPolicy: Parallel. ([#119224](https://github.com/kubernetes/kubernetes/pull/119224), [@aleksandra-malinowska](https://github.com/aleksandra-malinowska)) [SIG Apps] 955 - Fixed vSphere cloud provider not to skip detach volumes from nodes at kube-controller-startup. ([#117243](https://github.com/kubernetes/kubernetes/pull/117243), [@jsafrane](https://github.com/jsafrane)) [SIG Cloud Provider] 956 - Kubeadm: explicitly set `priority` for static pods with `priorityClassName: system-node-critical` ([#119118](https://github.com/kubernetes/kubernetes/pull/119118), [@champtar](https://github.com/champtar)) [SIG Cluster Lifecycle] 957 - Only declare Job as finished after removing all Pod finalizers to avoid orphan Pods ([#119164](https://github.com/kubernetes/kubernetes/pull/119164), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing] 958 - This PR adds additional validation for endpoint ip configuration while iterating through queried endpoint list. ([#117224](https://github.com/kubernetes/kubernetes/pull/117224), [@princepereira](https://github.com/princepereira)) [SIG Network and Windows] 959 - Updated cAdvisor to v0.45.1 - Fix metrics in cri-o when a container restarts ([#118799](https://github.com/kubernetes/kubernetes/pull/118799), [@harche](https://github.com/harche)) [SIG Node] 960 961 ## Dependencies 962 963 ### Added 964 _Nothing has changed._ 965 966 ### Changed 967 - github.com/google/cadvisor: [v0.45.0 → v0.45.1](https://github.com/google/cadvisor/compare/v0.45.0...v0.45.1) 968 969 ### Removed 970 _Nothing has changed._ 971 972 973 974 # v1.25.11 975 976 977 ## Downloads for v1.25.11 978 979 980 981 ### Source Code 982 983 filename | sha512 hash 984 -------- | ----------- 985 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes.tar.gz) | bc2d54cbc60e7949c74f760855a0d7b0016c081f4c4c44650a3b51694cd85958298ce43e5f530b1cd99ddf6ca5f04d7d0091acf69f78449bc176129828a587b8 986 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-src.tar.gz) | 4678925f8404d98d9ee4492d25304517016ae6838927b769e49b185bf7123f578a8a441a501f0c79e19d39317cbdaee0eda84f4660010777a7d67b74a2312578 987 988 ### Client Binaries 989 990 filename | sha512 hash 991 -------- | ----------- 992 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-darwin-amd64.tar.gz) | 2f205fcd994b982814cb8c993705676b0c51f0ebff7472d0afe4baa140c6aae6bb6df60f64811906467fab5fd524812364f75fe9ebfbba172e49c95dd31929a2 993 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-darwin-arm64.tar.gz) | b21325813663c04a581bbde8bbe81a14839f62292cf0e09f193058c0c80e79329be37832efbb58642d424dfa89e25ae60b704782ac7db2f45573e95beb760830 994 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-linux-386.tar.gz) | f23369f8099f10238319e9f12c357b55256e05024992a48e1c697116e8d51a456af868c2daf3d4ae32f8312f55b15c4ed6df5d722416dbc810542b8acdcb8813 995 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-linux-amd64.tar.gz) | be2746215971df5eec6b41a515b0f3931ed74bd38607b7554162573c40a51109c3e3a477f0c7e501e3cbb0d15b0ced655280c21d39d41971b7496e17e38bac48 996 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-linux-arm.tar.gz) | 5b146503bc134b08b9f30070fa07dd396d0c2fafdce0a739ec9b1c66015dda5645c14b13822ea20e2e5444bef7e6efe04e083b40215d22133faf21c07d1fd739 997 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-linux-arm64.tar.gz) | e5e725b1e0e1429a7ab54715d368d8659fd0367f8c907f335fb0ea426f74c5fd338a5ad37ee98fb8cf8b03c73df6fec89ddf70fef4243e3ad85d2661d5ea7bd3 998 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-linux-ppc64le.tar.gz) | dfd66ad9b132a5bc411365833d5e49a4290f32685403732e6368c0b44a17a78ed3b66102b2fd90df21568b562aa2ce9a4256a5ea6c0649e53917340ea47b2803 999 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-linux-s390x.tar.gz) | 0159d370f2a148a06e333496a41dca6336b19676148f60a74776e9ad9841a0ea764a745286c8d167fba2cceac99a3a3bd3654144815878f43dd0bb53392a07a0 1000 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-windows-386.tar.gz) | edd4e9863774629e1e3279f17aca162fc517d27d6a60c59977ce5ed2b443f9c376cb37eb71587bb52369aff10a210c848d52e99787bab3fd27960fd61c05a758 1001 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-windows-amd64.tar.gz) | 79f8cf6413a5cb2e0cbdfc4cd208006b698676645cb7f27fba02fae93a1b37c3a2efee8773540f456ed128cabc33905179f7b75274a6c718e54682ec44f05acf 1002 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-windows-arm64.tar.gz) | 9f48872a5ddfc190355cee1f68a48c3dd794fd614415549e7d436f595a33de552f8923b6576b5e8db6758876e2f9ab7dce598166282ecb2a7f15211b34073f49 1003 1004 ### Server Binaries 1005 1006 filename | sha512 hash 1007 -------- | ----------- 1008 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-server-linux-amd64.tar.gz) | 745017cd5431e8b7f3b2eae79c44551aad8f6a0007cbe9546f7bc79ed0eedcb8deec0644e2627ea2bd36f1b00e3405a333b8a2508c5dd7595857968731f7e159 1009 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-server-linux-arm.tar.gz) | e142be854b47d4681b34a0bba83705938b7370d04232a8cdcfed26a2ccb3fe68024cc85683eae149a7120d5e38d8c0bd552ba46a550faabd416ecf966f230c95 1010 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-server-linux-arm64.tar.gz) | 97a479e1147fd0cd04966ea6d04478af21ce41456363aa5b85374995bf00e5eedaaf0c2ed214ff5b6e94a34e5675ec9b25b1e9079f5a216b2e12adfb74a2f0c8 1011 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-server-linux-ppc64le.tar.gz) | bf48509f89d62c363b552fa9366528dc0c1b461addd23616dae503532d4ef23eb48f3c6a4af768ace493da385770054ecfbd1a38f9d454c269907c0330d35be2 1012 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-server-linux-s390x.tar.gz) | 66a7e0f22200c73b3c9f88f97fb6955c44578ed5d7d79dfc982c73398fdd8af27a49dafc8e3770c9f1d93fb4a3b549495c22491e5aee6178e27dd994f6b338d6 1013 1014 ### Node Binaries 1015 1016 filename | sha512 hash 1017 -------- | ----------- 1018 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-node-linux-amd64.tar.gz) | 0a7f042ab6530d0e0f3d0885c939eb65218975758c4924c2c78a3b27f668190f06a05c4702dfda1ad133d49e0e64f43624449572e57d74de0c02727756a935eb 1019 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-node-linux-arm.tar.gz) | 65801b38f38626bdc1efa7c769bcb8a7fb280e7189f5fbab2e103cafdb28c74b89b9973a979379af2c615ec7593be7157fcfc464d5702926b9bb5432374646ae 1020 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-node-linux-arm64.tar.gz) | 8f476465906ff9e69e27ec3de68c34c9d95d31ecff3c1674bc8a573211984952f668ca8be6f5640a712cb4229c0a14a54f6437fee71c82ddc30d290b4b72619f 1021 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-node-linux-ppc64le.tar.gz) | 1898476026dfbcc8d021cbdd77efa3c752368994cf1069eefa9045f75bd9d64a9a7a53afbaf0abd5b054ea18285ce8acefba13c9d5dbe970dd2578742d1c0d1f 1022 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-node-linux-s390x.tar.gz) | 2fe23205b97170bc597cc1ceac06a8b0727c9e7ac5585b32ca3e2f9836bcdf4bc0ea614bd5110f1e8f57640e70d84b898ff43cfa72d4e96d6e19db0017236429 1023 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-node-windows-amd64.tar.gz) | 85bc5f7d07622a0e655c55226c1e131add28d7b4ed997534b68ca7a34c5ab48d999ee637b23c9591487c4283ae5c03f0989dbfb07696f55e3f0fe675676ef138 1024 1025 ### Container Images 1026 1027 All container images are available as manifest lists and support the described 1028 architectures. It is also possible to pull a specific architecture directly by 1029 adding the "-$ARCH" suffix to the container image name. 1030 1031 name | architectures 1032 ---- | ------------- 1033 [registry.k8s.io/conformance:v1.25.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1034 [registry.k8s.io/kube-apiserver:v1.25.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1035 [registry.k8s.io/kube-controller-manager:v1.25.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1036 [registry.k8s.io/kube-proxy:v1.25.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1037 [registry.k8s.io/kube-scheduler:v1.25.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1038 1039 ## Changelog since v1.25.10 1040 1041 ## Important Security Information 1042 1043 This release contains changes that address the following vulnerabilities: 1044 1045 ### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin 1046 1047 A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account's secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. 1048 1049 **Note**: This only impacts the cluster if the ServiceAccount admission plugin is used (most cluster should have this on by default as recommended in https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#serviceaccount), the `kubernetes.io/enforce-mountable-secrets` annotation is used by a service account (this annotation is not added by default), and Pods are using ephemeral containers. 1050 1051 **Affected Versions**: 1052 - kube-apiserver v1.27.0 - v1.27.2 1053 - kube-apiserver v1.26.0 - v1.26.5 1054 - kube-apiserver v1.25.0 - v1.25.10 1055 - kube-apiserver <= v1.24.14 1056 1057 **Fixed Versions**: 1058 - kube-apiserver v1.27.3 1059 - kube-apiserver v1.26.6 1060 - kube-apiserver v1.25.11 1061 - kube-apiserver v1.24.15 1062 1063 1064 **CVSS Rating:** Medium (6.5) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) 1065 1066 ## Changes by Kind 1067 1068 ### Feature 1069 1070 - Kubernetes 1.25.x is now built with Go 1.19.10 ([#118556](https://github.com/kubernetes/kubernetes/pull/118556), [@puerco](https://github.com/puerco)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release, Storage and Testing] 1071 1072 ### Bug or Regression 1073 1074 - Fixes a bug at kube-apiserver start where APIService objects for custom resources could be deleted and recreated. ([#118104](https://github.com/kubernetes/kubernetes/pull/118104), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing] 1075 - If `kubeadm reset` finds no etcd member ID for the peer it removes during the `remove-etcd-member` phase, it continues immediately to other phases, instead of retrying the phase for up to 3 minutes before continuing. ([#118057](https://github.com/kubernetes/kubernetes/pull/118057), [@dlipovetsky](https://github.com/dlipovetsky)) [SIG Cluster Lifecycle] 1076 - Kubeadm: fix a bug where the static pod changes detection logic is inconsistent with kubelet ([#118069](https://github.com/kubernetes/kubernetes/pull/118069), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 1077 1078 ## Dependencies 1079 1080 ### Added 1081 - github.com/a8m/tree: [10a5fd5](https://github.com/a8m/tree/tree/10a5fd5) 1082 - github.com/dougm/pretty: [2ee9d74](https://github.com/dougm/pretty/tree/2ee9d74) 1083 - github.com/rasky/go-xdr: [4930550](https://github.com/rasky/go-xdr/tree/4930550) 1084 - github.com/vmware/vmw-guestinfo: [25eff15](https://github.com/vmware/vmw-guestinfo/tree/25eff15) 1085 1086 ### Changed 1087 - github.com/google/uuid: [v1.1.2 → v1.3.0](https://github.com/google/uuid/compare/v1.1.2...v1.3.0) 1088 - github.com/kr/pretty: [v0.2.1 → v0.3.0](https://github.com/kr/pretty/compare/v0.2.1...v0.3.0) 1089 - github.com/rogpeppe/go-internal: [v1.3.0 → v1.6.1](https://github.com/rogpeppe/go-internal/compare/v1.3.0...v1.6.1) 1090 - github.com/vmware/govmomi: [v0.20.3 → v0.30.0](https://github.com/vmware/govmomi/compare/v0.20.3...v0.30.0) 1091 1092 ### Removed 1093 _Nothing has changed._ 1094 1095 1096 1097 # v1.25.10 1098 1099 1100 ## Downloads for v1.25.10 1101 1102 1103 1104 ### Source Code 1105 1106 filename | sha512 hash 1107 -------- | ----------- 1108 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes.tar.gz) | 50c72104e6206dd6e684b4cf3dfd251c7ac52a36160153d342a54bddf9fa6f37a53e0b8982297aef5d65f8b41634e5668252a28838b4325b7560af918720a808 1109 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-src.tar.gz) | e1bfdbe0a076bbe1ab30de2a6e34887a34be202cf92ad9425d39172b95b20dbc849af5a9a0d28c8a762d74d3250a5524990708e1cb15efcd101382216992867f 1110 1111 ### Client Binaries 1112 1113 filename | sha512 hash 1114 -------- | ----------- 1115 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-darwin-amd64.tar.gz) | 98edeac9ca673874963d4d0bce471c3b8dd1fd8391bab948bd3818b725aff98947b6563a144b743f6b253e0421785dae2c2c256e86204d8ef24c4ad3871fc68d 1116 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-darwin-arm64.tar.gz) | 9ef7de4bc90f864b29721261827cf4d1d6e83ee27ff77a96044d7098b3592e05d74f3aa92b04767ac0774abcbdc5d5f3f293aada0cef13c7680cb77def1d020f 1117 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-linux-386.tar.gz) | bd227aca11c4fea783fc415b12f3b03eb2b7c44d31dce066ebcc7ef84e106bf0f241efd7f3f1b692370c52a0dd7f88278596a821df671367856457efa6456c1d 1118 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-linux-amd64.tar.gz) | ce5b8609142476dd02ef5792bbec53c0e4d8d70c7102b4f616233aba0bc91e8c47396599fa79fb103daa66d32a2bd335b6e2bf337ed248b361adc8c3037a3497 1119 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-linux-arm.tar.gz) | 98261336d307ca7a987cd6fc1c6d642922faab622e0a6bf321edf0d7d9d4b60d9f6c024d6d61ee1ad239c200e582473efb0e21d47ee7be495837f3e461fb3f9e 1120 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-linux-arm64.tar.gz) | f0d35b6d23503410204b264377f783d34e96d610676fda2f3fb01e392e94f1875071e64c059650c85dd99762baec376e32ffa0fd9ff086a602d036155922fc48 1121 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-linux-ppc64le.tar.gz) | a189ed43170c4f1e1b2aa2df2e37b2771926a50d222aa2181fee13c8275d5b7f7f72e44a50572fd3e5440f8bc9c555f2d2e8a9e560180ddb2c8b681643b37817 1122 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-linux-s390x.tar.gz) | f0ab39c0c9c57abc45072fbfdfbeea0fc9b89fb44946f805f272a5409786af56a726f2ce0f45d78ae6d1f7fed8bda0cf7a24ef9d34e4bf65a31433e4a1b50a45 1123 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-windows-386.tar.gz) | fcb1a2068e305614d4d8f7b4f541a71ffa8ba103919dc8bf8cb6628e5805eefd44e28f1700119aad4236fb19db6b512b996050314eec5a638705a91220e45303 1124 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-windows-amd64.tar.gz) | 0f681d0db9ca77424e7d14f6160c4acc88fc040e1e233305b0cfc21a2cce68ff5cac7eff77b59714adab6b01e80a1318f49b7322d12ee72607331c3a4ba34b06 1125 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-windows-arm64.tar.gz) | a5b38cb4a9ef1fc431783ed1e0098105ab302afa9cdb8c4f619baaf72484c48c0bc7801bc9937170d99d0e1ca78f21f609a9feac1b10356ffd8cc18b6bffbe40 1126 1127 ### Server Binaries 1128 1129 filename | sha512 hash 1130 -------- | ----------- 1131 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-server-linux-amd64.tar.gz) | 8384c105b2214c1bec250714ffc4af9495e96e5a12617f02f87d2e7d392d05c94f360cca0d7fd8662efe28f6a4bd03089985f44bf212adff28c993b220bfd1ac 1132 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-server-linux-arm.tar.gz) | 731ab080b9e1447e36c5652fe0cbcbe7f286459dcf76a440f2d9af514e3d7defec7f97a9869d347bf1975e97efba0ed60719394b7f14adf9b45e20c946951092 1133 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-server-linux-arm64.tar.gz) | 97a02efcebcc3e5e41cd10358385f5340660a5786c8ca04791a3a1853df3fdb5188458cf7249c98a562578f83d0bb9878aee2040c03837189f61b6e64d5a9613 1134 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-server-linux-ppc64le.tar.gz) | 9574a9f6b22dae0aad68b7dfa4591034e37740f445c07c7fbe9e08ab0ea744001fbcc31333c7ca60f7b5b039d8de812e3580acc145c6fe289802e343600b5b82 1135 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-server-linux-s390x.tar.gz) | a53f577d1a619245d3dcf48837e0e3ca53904143281a6eeb1509410cc417cf3b63310fc18587c98b171d5a4e629ab34db9c32992572f2a77ba1ba06b01776abe 1136 1137 ### Node Binaries 1138 1139 filename | sha512 hash 1140 -------- | ----------- 1141 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-node-linux-amd64.tar.gz) | 2990576d5323c1ab7a5d559696e75b365b8f3a4d22317e18901c94e9f29ad740d2e4e0ddab63f1a5eaf86822e29b3c6be40da9ce9965149492f22472a55528f8 1142 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-node-linux-arm.tar.gz) | 8dc38e834ac9255d00a44702def50237cdf64815726f829ae47f22e187354fd4cefd65b426be05ef79fda91ff2b0169086b06ea7d5f177cb47d9eae0f8918764 1143 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-node-linux-arm64.tar.gz) | c0474b809a9793f193f6d5f3bcfa3e4d0f1e1b3eea774059fa052e81e9b04a9c736b1659076618e1942471e5a12e072bc2606dd260ad9e2a4add122d37c5547a 1144 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-node-linux-ppc64le.tar.gz) | 12e2565045514009ed13aa3d81788b97ac526001f8681a8021cfc300f07a4a28ff19daea958f5181188e121955ee6eace9842a05fea146b66f9132eb6f66c911 1145 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-node-linux-s390x.tar.gz) | a370f34f84ca6bf89cc72c783a88c6759458535315b648b19742a9e008326706f0ac5cc1fcc251b9c43d28fdd3605f2710a17359c6a5bc4420ee5333946d2693 1146 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-node-windows-amd64.tar.gz) | 4122652f37d53ae59635c5f74c238cc0ea1236ff6acb4f3682ffd4f9f0818073810b8ca2c3cf2035f25f0b18db20c1d6dc631603207314e9253114fe8fd088d5 1147 1148 ### Container Images 1149 1150 All container images are available as manifest lists and support the described 1151 architectures. It is also possible to pull a specific architecture directly by 1152 adding the "-$ARCH" suffix to the container image name. 1153 1154 name | architectures 1155 ---- | ------------- 1156 [registry.k8s.io/conformance:v1.25.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1157 [registry.k8s.io/kube-apiserver:v1.25.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1158 [registry.k8s.io/kube-controller-manager:v1.25.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1159 [registry.k8s.io/kube-proxy:v1.25.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1160 [registry.k8s.io/kube-scheduler:v1.25.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1161 1162 ## Changelog since v1.25.9 1163 1164 ## Changes by Kind 1165 1166 ### API Change 1167 1168 - Added error handling for seccomp localhost configurations that do not properly set a localhostProfile ([#117020](https://github.com/kubernetes/kubernetes/pull/117020), [@cji](https://github.com/cji)) [SIG API Machinery and Node] 1169 - Fixed an issue where kubelet does not set case-insensitive headers for http probes. (#117182, @dddddai) ([#117333](https://github.com/kubernetes/kubernetes/pull/117333), [@dddddai](https://github.com/dddddai)) [SIG API Machinery, Apps and Node] 1170 1171 ### Feature 1172 1173 - Kubernetes is now built with Go 1.19.9 ([#117775](https://github.com/kubernetes/kubernetes/pull/117775), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing] 1174 1175 ### Bug or Regression 1176 1177 - CVE-2023-27561 CVE-2023-25809 CVE-2023-28642: Bump fix runc v1.1.4 -> v1.1.5 1178 - Fixes a problem of cgroup removal when using runc binary >= 1.1.6 (#117647) ([#117682](https://github.com/kubernetes/kubernetes/pull/117682), [@kolyshkin](https://github.com/kolyshkin)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] 1179 - During device plugin allocation, resources requested by the pod can only be allocated if the device plugin has registered itself to kubelet AND healthy devices are present on the node to be allocated. If these conditions are not sattsfied, the pod would fail with `UnexpectedAdmissionError` error. ([#117738](https://github.com/kubernetes/kubernetes/pull/117738), [@swatisehgal](https://github.com/swatisehgal)) [SIG Node and Testing] 1180 - Fix incorrect calculation for ResourceQuota with PriorityClass as its scope. ([#117828](https://github.com/kubernetes/kubernetes/pull/117828), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG API Machinery] 1181 - Fix: the volume is not detached after the pod and PVC objects are deleted ([#117339](https://github.com/kubernetes/kubernetes/pull/117339), [@cvvz](https://github.com/cvvz)) [SIG Storage] 1182 - Number of errors reported to the metric `storage_operation_duration_seconds_count` for emptyDir decreased significantly because previously one error was reported for each projected volume created. ([#117022](https://github.com/kubernetes/kubernetes/pull/117022), [@mpatlasov](https://github.com/mpatlasov)) [SIG Storage] 1183 - Setting a mirror pod's phase to Succeeded or Failed can prevent the corresponding static pod from restarting due mutation of a Kubelet cache. ([#116482](https://github.com/kubernetes/kubernetes/pull/116482), [@smarterclayton](https://github.com/smarterclayton)) [SIG Node] 1184 1185 ### Other (Cleanup or Flake) 1186 1187 - A v2-level info log will be added, which will output the details of the pod being preempted, including victim and preemptor ([#117214](https://github.com/kubernetes/kubernetes/pull/117214), [@HirazawaUi](https://github.com/HirazawaUi)) [SIG Scheduling] 1188 1189 ## Dependencies 1190 1191 ### Added 1192 - github.com/shurcooL/sanitized_anchor_name: [v1.0.0](https://github.com/shurcooL/sanitized_anchor_name/tree/v1.0.0) 1193 1194 ### Changed 1195 - github.com/opencontainers/runc: [v1.1.3 → v1.1.6](https://github.com/opencontainers/runc/compare/v1.1.3...v1.1.6) 1196 - golang.org/x/mod: 86c51ed → v0.8.0 1197 - golang.org/x/net: v0.7.0 → v0.8.0 1198 - golang.org/x/sync: 886fb93 → v0.1.0 1199 - golang.org/x/sys: v0.5.0 → v0.6.0 1200 - golang.org/x/term: v0.5.0 → v0.6.0 1201 - golang.org/x/text: v0.7.0 → v0.8.0 1202 - golang.org/x/tools: v0.1.12 → v0.6.0 1203 - sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.36 → v0.0.37 1204 1205 ### Removed 1206 _Nothing has changed._ 1207 1208 1209 1210 # v1.25.9 1211 1212 1213 ## Downloads for v1.25.9 1214 1215 1216 1217 ### Source Code 1218 1219 filename | sha512 hash 1220 -------- | ----------- 1221 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes.tar.gz) | 73f57718a6a2e26cd779e364c4ebb51539678b30554f3c9c2a266e860dbda2e7e17c5b0290573a61f97265be2614793074cb3d50b00ca4dbea8722f68b305304 1222 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-src.tar.gz) | 279946d2f5fbdc93019b2667953434930cb2d2a89b35af8e1610f0cd43bff87cf74104be6752ba29634b4f6880eb640ba96635406467f3f034b71c10786aaf5e 1223 1224 ### Client Binaries 1225 1226 filename | sha512 hash 1227 -------- | ----------- 1228 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-darwin-amd64.tar.gz) | aa08d4e8faace74c31cdf2787f2d816cc83f2a05613b04d0a613bff6be75c2a8ff4bf3a2d836f197f9c07d1de8e3e947b9cab14da1dbc36688d034a338b89bed 1229 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-darwin-arm64.tar.gz) | f99a3cb80ab20a2a4ea5bc11bb33d6d2a66dd1af0f99f5b856f6f8c4a1589c0291da52ac645f7d7accafb2b1dbfc020f87f711b6a54dac56ac915dd01e02a16e 1230 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-linux-386.tar.gz) | 9b50bbb563f524f9fcb6eb487b4d15a6ca108223b1fce04b786ac2df44cd65a5362cbf1818cd6d1fdda6474d2e9100b97d16f9abf1ab2027440d49264a7bd2c1 1231 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-linux-amd64.tar.gz) | 081b4ddb723a0a54b99f699cab84c3742203b0ac45629543b92707d404fe724f69b9ae8e5826f2429fc13dc9dac0001340cdd0e8600976dbd902172b787ad8b2 1232 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-linux-arm.tar.gz) | 940b61a1d364aa886393da749844992eb2072dade0dd17087d76ded5483f202b0f0fe30cb5319fe548596e1ef82ab3c8c2d2abed2d6040c42308b897d84e6b0a 1233 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-linux-arm64.tar.gz) | 6036a4d96e6f0ac3362c96c74888fe85e4db6132178d052346e34e407d3cd8123914ae5edad7f5a64e25dbff10a3d1576ffdb1ccd77717a9033e691a00a82af2 1234 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-linux-ppc64le.tar.gz) | 4fc53a4258df7bf3768e8ff73021c2899a9ba30e167c8122feaa35b907c78036f7a67fc64ae5f27fae2eb646cbd32567f022881bfb4b8aa44d0640ddd5b5ef26 1235 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-linux-s390x.tar.gz) | c67e0106b83bbe5e872cf898aa0dbb716e78b89e27c054dc28ea7dc89261b7dd647ff0169fcc80f1df8d5bde658e7c28ec84bac7144f1e872b59b5ac00f6021f 1236 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-windows-386.tar.gz) | a97de58d4f3592324c60e7c41a3b6469049b87156e46d1558a4ee7c31d20c328fca3e5cd614ce4516baa3bd3379005ecea618708a1fc154b7e8c83c710ce92bc 1237 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-windows-amd64.tar.gz) | 466b6fa72b512b132b7403e09ac27cc9499613df1d2cf7731e94ee100a24964c2bf48abd21b0c86e82f52302508c054200bec98ae4bc46e8c324c4c96873bc96 1238 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-windows-arm64.tar.gz) | 6b4853f92cfde49f062a3976db4d497dc48093a17e2549d1fa4cdf07fa9328dfc924e03148cd6fcc2487da322484351c170adc501960edd036a87b2bcba8bc18 1239 1240 ### Server Binaries 1241 1242 filename | sha512 hash 1243 -------- | ----------- 1244 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-server-linux-amd64.tar.gz) | c0acd0de04880b0af7998a0e3b0bc1b1775f8d88e8d083dc54a64a5f94e12abdd231e2a5adcd344cc719067baa9a11887ee4c8c9acdbc1a84d9c6bd2a43dc3e5 1245 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-server-linux-arm.tar.gz) | 10c849ed11139557fc2c2d7c76684f9a3e5f26563db69f40a5ce59d5a38c124a51b93f53ed20843da7e83e38deec29eb149c60a2b2ca0f47b2cd1c23a5cf83ae 1246 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-server-linux-arm64.tar.gz) | 222a204ddf480101357f30f0491374aa8d0203557d87771715c749aeab2e84b37e7cbf1e60e1beb7f1fe3ff52b294c2f79070a645c9afbbdea0b6390f56d98e3 1247 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-server-linux-ppc64le.tar.gz) | 828c6ec5b54a83cfb559a9e4a6767b42145763409b5e9b6a67d110e64b000bf64615fb1a1699c4b2e9324860a0a5a1260edda3541ec1c9ad8d3d6d6c8bb9ebf7 1248 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-server-linux-s390x.tar.gz) | 08ad3e68a38132e0727da315df73e2a0ac736e04ab1184c1c3806591d0b2d7f4981d3b6b722b908fb1fdfb8a70f9f8748e815deb0b2bc58b72c3ac9122569d3c 1249 1250 ### Node Binaries 1251 1252 filename | sha512 hash 1253 -------- | ----------- 1254 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-node-linux-amd64.tar.gz) | d4fa36122d31c55346788cdd796e2e10f31b9f490f036c03af8a6e6a87be8c3170e845bfa03940efbd58af6e15b11dc8ca5d5679421245bd27893a0749f6f462 1255 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-node-linux-arm.tar.gz) | 9860a65b60dd08a7f4b1b7d044847edbd6c0e5addcfabec3e99ebdc3644cf9e110d77edcb710f0b778b97669f35e453dd817431b12909419f0272d517c8be6ff 1256 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-node-linux-arm64.tar.gz) | 0261f82d361654247d2d63c0f4566c43e303399c79ebff0ee5d7ab9fbcf8fb5c01c8bd2667891dcb9bb7211077bbd9ba9c8be98402471d26ac15d0adfbbc78b6 1257 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-node-linux-ppc64le.tar.gz) | a570bcb26e1ec8a90488724e8a1c9a8e0477903ecf1752383e3649572c8bd9d6e81bf204e13b364118a79b6e94e4dc2958c6771f9e64c8e427d418adafb451b7 1258 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-node-linux-s390x.tar.gz) | a252f616a9968f69ff0d935a203e686265b7da8d47af5755150153b070aa34a3f43164f16aa8b7a63341afca28cc5f4295b1bf05bda260b45468adefad0d709b 1259 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-node-windows-amd64.tar.gz) | 8fcf91d6c0fabe26dcd4fcee4ee43fa4e2d698c47f50ec00049f7d97ade891fd07c1e35b383a9a0544dd8212f776135284cfdc71fd9d26c256512dfdc1ae2f49 1260 1261 ### Container Images 1262 1263 All container images are available as manifest lists and support the described 1264 architectures. It is also possible to pull a specific architecture directly by 1265 adding the "-$ARCH" suffix to the container image name. 1266 1267 name | architectures 1268 ---- | ------------- 1269 [registry.k8s.io/conformance:v1.25.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1270 [registry.k8s.io/kube-apiserver:v1.25.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1271 [registry.k8s.io/kube-controller-manager:v1.25.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1272 [registry.k8s.io/kube-proxy:v1.25.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1273 [registry.k8s.io/kube-scheduler:v1.25.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1274 1275 ## Changelog since v1.25.8 1276 1277 ## Changes by Kind 1278 1279 ### Feature 1280 1281 - Kubernetes is now built with Go 1.19.8 ([#117131](https://github.com/kubernetes/kubernetes/pull/117131), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing] 1282 1283 ### Bug or Regression 1284 1285 - Fix missing delete events on informer re-lists to ensure all delete events are correctly emitted and using the latest known object state, so that all event handlers and stores always reflect the actual apiserver state as best as possible ([#115900](https://github.com/kubernetes/kubernetes/pull/115900), [@odinuge](https://github.com/odinuge)) [SIG API Machinery] 1286 - Fix: Route controller should update routes with NodeIP changed ([#116361](https://github.com/kubernetes/kubernetes/pull/116361), [@lzhecheng](https://github.com/lzhecheng)) [SIG Cloud Provider] 1287 - Fixes a regression in the pod binding subresource to honor the `metadata.uid` precondition. 1288 This allows kube-scheduler to ensure it is assigns node names to the same instances of pods it made scheduling decisions for. ([#116776](https://github.com/kubernetes/kubernetes/pull/116776), [@alculquicondor](https://github.com/alculquicondor)) [SIG API Machinery and Testing] 1289 - Kubelet: Fix fs quota monitoring on volumes ([#116794](https://github.com/kubernetes/kubernetes/pull/116794), [@pacoxu](https://github.com/pacoxu)) [SIG Storage] 1290 1291 ### Other (Cleanup or Flake) 1292 1293 - Service session affinity timeout tests are no longer required for Kubernetes network plugin conformance due to variations in existing implementations. New conformance tests will be developed to better express conformance in future releases. ([#112806](https://github.com/kubernetes/kubernetes/pull/112806), [@dcbw](https://github.com/dcbw)) [SIG Architecture, Network and Testing] 1294 1295 ## Dependencies 1296 1297 ### Added 1298 _Nothing has changed._ 1299 1300 ### Changed 1301 - sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.35 → v0.0.36 1302 1303 ### Removed 1304 _Nothing has changed._ 1305 1306 1307 1308 # v1.25.8 1309 1310 1311 ## Downloads for v1.25.8 1312 1313 1314 1315 ### Source Code 1316 1317 filename | sha512 hash 1318 -------- | ----------- 1319 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes.tar.gz) | 1373cdd6ba5a89ad01172e09a59afb86466913b837a9b4926a528cc5681509d752804fb6cbb58c0dffb7cb2858eab67b1dacf4f4a0d6cd13a5ed449e67d54277 1320 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-src.tar.gz) | 29f964b70673c1e66a548e11530a9643c7d0c24f90a6b9f1a3b3487923bf0b1627a21e23c35cbed713d04125807dd24f1efffccf93ccce91a83b0a05b08266a9 1321 1322 ### Client Binaries 1323 1324 filename | sha512 hash 1325 -------- | ----------- 1326 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-darwin-amd64.tar.gz) | 01a9f05a78c53c57ce61a24de3d76e40bce14630faaa1dac6b498da2572ee7713b702d40204ba6d0b5b145e5f35cfc274c0fcee15004fcfee42ab9e88bae5fff 1327 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-darwin-arm64.tar.gz) | 05316e43aed229d9ea407fcf6cd6e1280b6055770c7c018b94309edc4cd5cce60991d755136447985bc11cc3d17d63d9787510c70bc4a4828850da33772f448a 1328 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-linux-386.tar.gz) | ebfdf3fa9d0d1b1c3f6d375f9b77be21dcfdf6dc403a8e572bee00983eb1edd257b197d3baef178e0d44d0a447791121d2057a54869ed36cc2bce43de61678ce 1329 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-linux-amd64.tar.gz) | e2179fba92c3692ef44377276e109f87c12a7166b1fd93ca826527406a6698f551afbf702d67d9469e2512ef5137a71c5ad809fc0f384dfbf7db53ca83dc3033 1330 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-linux-arm.tar.gz) | cb8ea52dee6d98465e599a9a4d4475abde3046dbc5d034a472b80003ff6565894eb63b52027f6def4378d066556799a3b0ef05b811ba3c69ea3a487f74f21d24 1331 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-linux-arm64.tar.gz) | c9efb676f995734f7e6eef346d03bb451ad6991265c0046467fa842ad9d0b60f4d4ae3a766cc1bb4dc22f1e8f0507f7184db3aa0973828225cdccb51c9fa4933 1332 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-linux-ppc64le.tar.gz) | 2fabcf5581bdaf225763781af5e7781f11cf43e698787f619d01a0d8f9b2999342424f1d255b57ebac8646c6b111a3d84aadd7b30bf2848929fdd7034c2ccf4c 1333 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-linux-s390x.tar.gz) | 50cc96108fd0a3f6ef52d633a22662ee798395a1926f1fe392018f530c7a0cf67df278d2286c12c72fb5c1d774e85cc6abc9368e2c56d59b6a47bc7b379e6d3b 1334 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-windows-386.tar.gz) | b203fde667d8df98ae82bbaa3cc4a9447815fb4792e98e0c0bf96361e58a1223928d51eb0613cf8c4b9b8a4799f0b2fa1a92454c239ea8a205eace97eb227f85 1335 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-windows-amd64.tar.gz) | 3da3744b18ea034650cfcd4e54f8b9a0ffce89dff7a128234fe48e846885ad97eafec9223551b97615942e73e7af72ae64152165bcd710669f1b874b194c75ae 1336 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-windows-arm64.tar.gz) | 70464a404bf702257e52fec0eb815a14e8b86fc6db107b9d510fd0eefd18bbdad4fb8ab95cd03e09512ba67d30c00e8fe31c9a1ab39816947baeeef37fb5486b 1337 1338 ### Server Binaries 1339 1340 filename | sha512 hash 1341 -------- | ----------- 1342 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-server-linux-amd64.tar.gz) | 6786d2f0e4e4407609291887b88be0ea952a16e67f5f762f32aeb219b109632e38c25bf34f0cb82a1854584531689cf8cf778c69dc96a1245a8fb723f532fdd5 1343 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-server-linux-arm.tar.gz) | 77ceb0d8d84aa24cfc5a60ea3c29d4760c15ca327e720b1a941bfd71399715d0671333fb3083c6560f47f3b69e1051008d5b1d0ce6e9a538876b1dff309e7326 1344 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-server-linux-arm64.tar.gz) | fe1e043fcd93657d464b0d6c3a064bc56c76301c1f82c7d43dcf4dbc5c77ae1574b2afb342ff268d054e59fa2ecc22f948dfe7e11f21a65998270f2a8ee2c80d 1345 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-server-linux-ppc64le.tar.gz) | 6e4c32de8393a4788bb7ffd49b992cb9aab17d3e2d195af0354985891ae3154f3208b5bd1e08b2729081da475679f2862f07b490b150ea8a454b2c86f7821123 1346 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-server-linux-s390x.tar.gz) | 5d535088e92bf6f844b91f85ee19eb24b715f8db2e553f1f19d2a30c4ff89079b6dd5aa311eb933f22388032ec91e56478823d6ce7cb4acd67b81d68c8b784a1 1347 1348 ### Node Binaries 1349 1350 filename | sha512 hash 1351 -------- | ----------- 1352 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-node-linux-amd64.tar.gz) | 667e065d0d105177e6ae0f3e6382584d457b694cbe8aad9cbe236ffd29b386ba4ac0756a3fe793293602aa8b9c2256b3dcc27d860ded5ae6b8849fd6304bfbcd 1353 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-node-linux-arm.tar.gz) | b0f84c9616effcd2e384eb3d0ee580b2ee085fb313942db4fe7ad206a00c63d63bd6262c104fc6817deb5ab0c774073a80c1e53581f30893d37ed5ff601c0f99 1354 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-node-linux-arm64.tar.gz) | 8e4145102131493be24d8e17f2bd50794379826989652631cdadcfa38a608c3c2f0c7bc2178403c4822ae0dfbfeff3fae734c13e8aceac3d4cb5f4eb769dfb1a 1355 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-node-linux-ppc64le.tar.gz) | eeb8821c86017605ba6ea5729ef90d154a2e3200da5e10b3295469f769c3e9e8ef2d1419399f9c3b5b3854b4481452bc1bdbe03c2c8533445429811cacb57e04 1356 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-node-linux-s390x.tar.gz) | e93ea0c4ccdc0d4ba3c4aa670258fa377f7f410c874276867064dad19f9f1a91d9058078b5cbcff21e9e33eca45eb4b8bcd9f965b0a6d11972cb630cfd8a81f5 1357 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-node-windows-amd64.tar.gz) | aca9b2d88c0de8e679883580d26801491f6fd5760899ff886a85334ba2e4ae4b87bb2a5af93b50850517d17c043d5c94991bb53887ec3ddd4e02d35aeee787ff 1358 1359 ### Container Images 1360 1361 All container images are available as manifest lists and support the described 1362 architectures. It is also possible to pull a specific architecture directly by 1363 adding the "-$ARCH" suffix to the container image name. 1364 1365 name | architectures 1366 ---- | ------------- 1367 [registry.k8s.io/conformance:v1.25.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1368 [registry.k8s.io/kube-apiserver:v1.25.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1369 [registry.k8s.io/kube-controller-manager:v1.25.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1370 [registry.k8s.io/kube-proxy:v1.25.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1371 [registry.k8s.io/kube-scheduler:v1.25.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1372 1373 ## Changelog since v1.25.7 1374 1375 ## Changes by Kind 1376 1377 ### Feature 1378 1379 - Kubernetes is now built with Go 1.19.7 ([#116406](https://github.com/kubernetes/kubernetes/pull/116406), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 1380 - The go version defined in `.go-version` is now fetched when invoking test, build, and code generation targets if the current go version does not match it. Set $FORCE_HOST_GO=y while testing or building to skip this behavior, or set $GO_VERSION to override the selected go version. ([#115497](https://github.com/kubernetes/kubernetes/pull/115497), [@liggitt](https://github.com/liggitt)) [SIG Release and Testing] 1381 1382 ### Bug or Regression 1383 1384 - Fix data race in kube-scheduler when preemption races with a Pod update. ([#116439](https://github.com/kubernetes/kubernetes/pull/116439), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling] 1385 - Fix log line in scheduler that inaccurately implies that volume binding has finalized ([#116049](https://github.com/kubernetes/kubernetes/pull/116049), [@TommyStarK](https://github.com/TommyStarK)) [SIG Scheduling and Storage] 1386 - Fixed a bug where Kubernetes would apply a default StorageClass to a PersistentVolumeClaim, 1387 even when the deprecated annotation `volume.beta.kubernetes.io/storage-class` was set. ([#116089](https://github.com/kubernetes/kubernetes/pull/116089), [@cvvz](https://github.com/cvvz)) [SIG Apps and Storage] 1388 - Fixing issue with Winkernel Proxier - ClusterIP Loadbalancers are missing if the ExternalTrafficPolicy is set to Local and the available endpoints are all remoteEndpoints. ([#116000](https://github.com/kubernetes/kubernetes/pull/116000), [@princepereira](https://github.com/princepereira)) [SIG Network] 1389 - Fixing issue with Winkernel Proxier - IPV6 load balancer policies are missing when service is configured with ipFamilyPolicy: RequireDualStack ([#115615](https://github.com/kubernetes/kubernetes/pull/115615), [@princepereira](https://github.com/princepereira)) [SIG Network] 1390 - Make kubectl diff --prune behave correctly with the --selector/-l flag ([#116147](https://github.com/kubernetes/kubernetes/pull/116147), [@nathanmartins](https://github.com/nathanmartins)) [SIG CLI and Testing] 1391 - Remove check for CSI driver running on node for CSI migration ([#115773](https://github.com/kubernetes/kubernetes/pull/115773), [@sunnylovestiramisu](https://github.com/sunnylovestiramisu)) [SIG Apps and Storage] 1392 1393 ## Dependencies 1394 1395 ### Added 1396 _Nothing has changed._ 1397 1398 ### Changed 1399 _Nothing has changed._ 1400 1401 ### Removed 1402 _Nothing has changed._ 1403 1404 1405 1406 # v1.25.7 1407 1408 1409 ## Downloads for v1.25.7 1410 1411 1412 1413 ### Source Code 1414 1415 filename | sha512 hash 1416 -------- | ----------- 1417 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes.tar.gz) | 63fc1351093298670a893ecb3628167464a7cf6bf4b1d424846e9d8bd24850f637363826246c08af7ed93887de041d51ae64c139f6d04225c11119a2f32acfc3 1418 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-src.tar.gz) | 4ebf928e7190531ff7954788d5ece5161e9a99e8b9e6ed260cd798bc4c220f358f2508dc0e5785b23d115d6841e101d9ca29a0910580f18c44bc0cde2e3b7e03 1419 1420 ### Client Binaries 1421 1422 filename | sha512 hash 1423 -------- | ----------- 1424 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-darwin-amd64.tar.gz) | 611ebb2ba4495eaffa5773ca6edf2f1f41f429ce04537abd5b4a01db9eb51e73279386c1c3ddd1626896fc950caf253a173432db33a61aff0c1b6c6e1141b2fa 1425 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-darwin-arm64.tar.gz) | 3577ebdb7267c7ae7721b049019b437899bde0dbf708e6a42a28e2b895566636580070404e589cbb09053aec1d93a33bbb2fde79a257da04c16e475f0c84637c 1426 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-linux-386.tar.gz) | e7742a1fae70e3facae67fcd02e46fdce749dbc5f08fcbddc515937d01a729228add9fffeac97471647df7e052394ced035d67867f02a1f0af1dafa9a762ba71 1427 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-linux-amd64.tar.gz) | 3f625652e6dc629548b788c425da941c19217c7be95dbb2c63f2a3d726db78ba50bf60d49d483ba73a040ac1d560a0a220cc3f4cead2354a7887bf29854710ec 1428 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-linux-arm.tar.gz) | c1210193b445c51f9a24d297d3f102a4e110ef35fef1b6f8b3961be2a61a8fa21f6b86a650f13e6ca82e9707b7511512a542dfc6c4f344c5384bdf3d31d5f040 1429 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-linux-arm64.tar.gz) | 56c70a655b74b54395a3e4b6cf139fa13398051f8afa2948a5991cbfc5d7f27aefbcd4146c6f837497b8c780fad2770e0b6ed9cc66cf97daef0a0b0b40c3181e 1430 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-linux-ppc64le.tar.gz) | 17ed2ffa4daa6bb329bd164a292abdd4f34fc6effb9d5da0ddb8f2db076cbc5d3b713b7508c84eb8a60cff0083d3e3b160325175a057336b655b1f963f0a7afc 1431 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-linux-s390x.tar.gz) | 97086b5a405f45381b849fb009e7929b2c6a63b8a1bb19df00deb60f27e4ec46cb5425e6fea7f5323a7e21c1d164f607c10792dcc97a001d47d562d3f7234d6d 1432 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-windows-386.tar.gz) | 7b3f86b24caeaf4b5ee7c5807ea49fbcd86171aca7b37d663ff2c9ce2b521820a179469a88be50e083c148e08de0a6625aeb6c369b5520211a3c1b2efe8437e8 1433 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-windows-amd64.tar.gz) | b075cc667305e99c25399dea5e63aaf03832995e5142c3cc93c81b3bcd5b5214f067bdbbd72f33899f3b3eeeea13525b599c144d6379904105831f13317bb098 1434 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-windows-arm64.tar.gz) | 1dbd7e37a0838c3131f1847ab0c61f2408b286c4822cb67108e188175e3f5669c73012045eac79b02fefda58f46a77d3d586a2d15150114da3a7edb7079a1672 1435 1436 ### Server Binaries 1437 1438 filename | sha512 hash 1439 -------- | ----------- 1440 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-server-linux-amd64.tar.gz) | defc7764cc2563786bcbc5cef5c94ff29d4a0cc147c67c71d3ad9c2f6a3c25a3290c405e24212ff0ef653c38a340087a783ae0812931d4b50f90bc3d1fbf34ce 1441 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-server-linux-arm.tar.gz) | c3b844ddb786fafc51cbd4763ff03cc7778628369730f064ba88f267535f93e4dbb305a12f9a704c9307db0cc7988434b5227989673b5a7ab6edbd1e4d0b7a34 1442 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-server-linux-arm64.tar.gz) | c7f0951c1da9b19df72e5a4ad762ec50bef764805760533b31f0fc0e1ce6757409e4ba6c14f58c706c12562a66ac5251918e86d44fbe4dce3eed6b8e8dd0679d 1443 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-server-linux-ppc64le.tar.gz) | b0e1c8d38d33a4318f7364321dcb1837f6b22617c23f6df1a25bfac767789992cf87dd2ee1fe5c2b918c1511514a0b92a40f3da0b82f44478a7e35d8d5b5a746 1444 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-server-linux-s390x.tar.gz) | 6f4f92c94ce0ea1e1d608d524329754f7975e566ca2f213fbc054cd30e303563bb564ba746809a0e58d564bcb83b1cd99a5339e07ae289dd459411912345fd6c 1445 1446 ### Node Binaries 1447 1448 filename | sha512 hash 1449 -------- | ----------- 1450 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-node-linux-amd64.tar.gz) | 419e5a0e755e73632fda4754090e39cf08f3a92f8d39b2c6f2a311cc246ddead3c3445343774aa035341ef4cc1223068f7ecc70b3da052011ad6f4a03784db1a 1451 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-node-linux-arm.tar.gz) | 1c308120dd8d1b73d4f71ba4f9beb7cefbeaee8656c582332cfb5fa2712b323d96d2205060d8218be11dea5c46235cc88b85d10f90cdc9560e0c648f16fe80fd 1452 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-node-linux-arm64.tar.gz) | a4897c6bb23fefdde8ff9f9e37b1f5ef8ec08c61b92288275fc9ed95593693503e0f2b086ac3905e6c6f75cf55318de778c9f91eab6159177d2201ca0f019b4d 1453 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-node-linux-ppc64le.tar.gz) | 072d504fb26cafe6eb1cb87ea58c33b82e49109692848f571cc7d8a1cc2255b9b324345d32acf164c938bbba3bb37dfd39b50bf7cbb88b49dbb3325080474a22 1454 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-node-linux-s390x.tar.gz) | aad43cc7eb379ad13f2c0b4b9c63aac822acf54a2dcd88d2651d985e5bec5d70edb13aeae7a140c4ccc0ec0a8e0375ee2c30b75b0098f25b93e5d13ad4d75374 1455 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-node-windows-amd64.tar.gz) | 6fc0f7541c600fcc4a359e298f073b78f89aaa14875c5fc71f9037a57308f9391606fdf52b688a34788be9e46abb27585263b3d941c8ab983316a531bef9a81a 1456 1457 ### Container Images 1458 1459 All container images are available as manifest lists and support the described 1460 architectures. It is also possible to pull a specific architecture directly by 1461 adding the "-$ARCH" suffix to the container image name. 1462 1463 name | architectures 1464 ---- | ------------- 1465 [registry.k8s.io/conformance:v1.25.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1466 [registry.k8s.io/kube-apiserver:v1.25.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1467 [registry.k8s.io/kube-controller-manager:v1.25.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1468 [registry.k8s.io/kube-proxy:v1.25.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1469 [registry.k8s.io/kube-scheduler:v1.25.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1470 1471 ## Changelog since v1.25.6 1472 1473 ## Changes by Kind 1474 1475 ### Feature 1476 1477 - Kubelet TCP and HTTP probes are more effective using networking resources: conntrack entries, sockets, ... 1478 This is achieved by reducing the TIME-WAIT state of the connection to 1 second, instead of the defaults 60 seconds. This allows kubelet to free the socket, and free conntrack entry and ephemeral port associated. ([#115143](https://github.com/kubernetes/kubernetes/pull/115143), [@aojea](https://github.com/aojea)) [SIG Network and Node] 1479 - Kubernetes is now built with Go 1.19.6 ([#115832](https://github.com/kubernetes/kubernetes/pull/115832), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 1480 1481 ### Bug or Regression 1482 1483 - Fix a bug that caused to panic the apiserver when trying to allocate a Service with a dynamic ClusterIP and it has been configured with Service CIDRs with a /28 mask for IPv4 and a /124 mask for IPv6 ([#115334](https://github.com/kubernetes/kubernetes/pull/115334), [@aojea](https://github.com/aojea)) [SIG Network and Testing] 1484 - Fix nil pointer error in nodevolumelimits csi logging ([#115348](https://github.com/kubernetes/kubernetes/pull/115348), [@sunnylovestiramisu](https://github.com/sunnylovestiramisu)) [SIG Scheduling] 1485 - Fix the regression that introduced 34s timeout for DELETECOLLECTION calls ([#115481](https://github.com/kubernetes/kubernetes/pull/115481), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] 1486 - Fixed bug which caused the status of Indexed Jobs to only be updated when there are newly completed indexes. The completed indexes are now updated if the .status.completedIndexes has values outside of the [0, .spec.completions> range ([#115460](https://github.com/kubernetes/kubernetes/pull/115460), [@danielvegamyhre](https://github.com/danielvegamyhre)) [SIG Apps] 1487 - Golang.org/x/net updates to v0.7.0 to fix CVE-2022-41723 ([#115788](https://github.com/kubernetes/kubernetes/pull/115788), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Security and Storage] 1488 - The Kubernetes API server now correctly detects and closes existing TLS connections when its client certificate file for kubelet authentication has been rotated. ([#115567](https://github.com/kubernetes/kubernetes/pull/115567), [@enj](https://github.com/enj)) [SIG API Machinery, Node and Testing] 1489 1490 ## Dependencies 1491 1492 ### Added 1493 _Nothing has changed._ 1494 1495 ### Changed 1496 - golang.org/x/net: 1e63c2f → v0.7.0 1497 - golang.org/x/sys: v0.3.0 → v0.5.0 1498 - golang.org/x/term: v0.3.0 → v0.5.0 1499 - golang.org/x/text: v0.5.0 → v0.7.0 1500 1501 ### Removed 1502 _Nothing has changed._ 1503 1504 1505 1506 # v1.25.6 1507 1508 1509 ## Downloads for v1.25.6 1510 1511 1512 1513 ### Source Code 1514 1515 filename | sha512 hash 1516 -------- | ----------- 1517 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes.tar.gz) | aa7976f8951214da9ce10fcf627f0d5630cb368ccaaab60d0b1001cf00fb3666e591a0b220df989685221116cffb48996d47ad5feb254310c194e2054e8590ff 1518 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-src.tar.gz) | 6786e37e22fdbdc4585823d7dad4642af268118fd62d52926a0770de623bd3a70a3c6a5689878872423591c594ac7317f8660ffca860726214de0bdb9a029c14 1519 1520 ### Client Binaries 1521 1522 filename | sha512 hash 1523 -------- | ----------- 1524 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-darwin-amd64.tar.gz) | 4ab0bc1dab5e7ba0a4db532325323df3a21a31e58f3db68696c97e27233303fb6d8d699716f2dfe91c1ce57962718f1fcec3c62998a6d4de20cc9a7f04b172a2 1525 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-darwin-arm64.tar.gz) | eb7471f7a56b1b678956ff1c4c9a57384f4a501600679ea5377ec915af885d1269eaf114301a11754329e836f0b14262d9a246940a906cb7890a2771f08b98fa 1526 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-linux-386.tar.gz) | b5a773b1333cf9167dda2fd99cae31e7e70ec39288636d52e43a72df6a805928082b3fb488589ce74e91a64c06194c67efe189ee04b984e53190859f315b64f3 1527 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-linux-amd64.tar.gz) | 726663ce8db804bea425c17c971ceee4b8401210a9f21d77ed5b525656634bf90c30f514e55648ae062ebd0fe3d805176ccea1ac301e8e732714df5b3b20e2e2 1528 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-linux-arm.tar.gz) | 738b9b363ab8c94d955477e38c9f3413c13b43e9731332d6c7d6248ed657fadc9680c788a1b9c137767c8d255f89835415575d9c226c93787a3752f8e6b4773a 1529 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-linux-arm64.tar.gz) | e085fddea88e6110dbaa5df1c9c1a4ffc79c98297a0316e7f5de805f28705e8c35fcc62335e8e432a0097d7fc93e5e074598b8080cc73e20b0bd149c8adb4912 1530 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-linux-ppc64le.tar.gz) | 631e2791b014e6ebfc017c3825fba2c29b8438220e3610ca03ff08f2f21c4a6f0ee5fda84612ddaa9e7ce3862f59f44c2cb9f9509b743bb7cd78b0446e04a88f 1531 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-linux-s390x.tar.gz) | cc21c815a190860a1be3a00e8a4477f2dc073152e47260d804cd442205a109e5eafa4be00301c270bd22a6c631316299daa9e881e2bd900b4327fc3f0e764070 1532 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-windows-386.tar.gz) | d0bff822214e8c27f62ac61a92f4a55a0b4498192e153d97f7e0fe82f0c7fcb38a6d7c54fea54f1ec3a92883f1fa55a18954fbcbeb25c618a326f0d54310fc06 1533 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-windows-amd64.tar.gz) | 56b92e4be195374b28670329d0e3fd97a1b0354d948b434c8f3b4a81aa85d7f59eca427aab6e97dde17d4958a18bc6fa195b2175380a0c2edb76f501679b2cce 1534 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-windows-arm64.tar.gz) | 0ea7b043993c8488002e199f709232dd95d1a3b9c3617fd2367a1eb0e011553bf0ebf45337581448f55319da9a7d605f41bb6177fcb5e0f6efe3b8ca08ea7525 1535 1536 ### Server Binaries 1537 1538 filename | sha512 hash 1539 -------- | ----------- 1540 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-server-linux-amd64.tar.gz) | 5beb120332738268f39d91df98d7d642590ae688db3e330d98804d25940afac799850dc470d900ba54ec385012ab256d477ad7552c37a4be060605e55115f939 1541 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-server-linux-arm.tar.gz) | 25d9e1ab99acb6a81cdd511a145568a81ad5b3dece3fd8a3197a91d0ae1141db2871540584e09422c372ec057b1a01952d23845c6b131799194cc0c5feac9eae 1542 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-server-linux-arm64.tar.gz) | 97d306a4ddfe0d121192129c9283efa40d5b35882c13d9fb1e917951ca6fe2406102e8b5e6f6bd8af9043e39ce1232fe119bd57d858ef7b8160cb7b0572ad631 1543 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-server-linux-ppc64le.tar.gz) | e0759a4d66ad655022041ded6613cc753dfcaa5d56afff5ce2fd3eb6bd96148fbb1e20e2ba8c13d50aabb45cb856a4248a222c1e992112ac6b890ca0424375cb 1544 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-server-linux-s390x.tar.gz) | f45f8dd642788f6c85e660593bc809fca5c373f79badc5b042dcc3a7ce1315dfd5beb90409a6f23bbd6a2f500be814b61a0465e88b1505c3c158613e296ce6c3 1545 1546 ### Node Binaries 1547 1548 filename | sha512 hash 1549 -------- | ----------- 1550 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-node-linux-amd64.tar.gz) | 03d954a8d52c15f09d3d66da2b3459a706eef36b88d47a29f35b61f4264da9186ced5ae20b7075a52fab1f828e1b479d0d7faeaba53d072a376286bc1bd8344c 1551 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-node-linux-arm.tar.gz) | 5699354fc5c78b23693f751c14b3b6e0354c0095b72354ffe99391ae28330841b022dce4b6a188dfc01b8dcc40ebfaabec199c07a00175e4ff4ebe4e486a6432 1552 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-node-linux-arm64.tar.gz) | b611a6cde4fd00ed72951227fada6f5ab682dab33c382c24798bd9ba061a7cb2234988ca1b2839c9169bd504452f865bfe3215434348452b266bd55725856197 1553 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-node-linux-ppc64le.tar.gz) | d1b595e78f9eb16543d167143fef061fc32d8cbbb10e551dbbf696c5dcbde3409895f1328ffed6ef74a743d7b2ca2b4495719d45e497b8bab651cad2e20f08a6 1554 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-node-linux-s390x.tar.gz) | 101e544649af737626f8e3a44b29cdc4fba9fe36c072342cf2e6b84ba2a23b31498b4755da37995042da01a3d05b2948e307b2570f2cae6597736601751cdbab 1555 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-node-windows-amd64.tar.gz) | 5d0ff44491218e0f5509897344cc049bd234fae240e4b5cf0256700a0d3a7c71aba87e4f833a83b932f5fb51fb826e18c0f0310948b96cd1bc9a1fc9b3e8a90b 1556 1557 ### Container Images 1558 1559 All container images are available as manifest lists and support the described 1560 architectures. It is also possible to pull a specific architecture directly by 1561 adding the "-$ARCH" suffix to the container image name. 1562 1563 name | architectures 1564 ---- | ------------- 1565 [registry.k8s.io/conformance:v1.25.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1566 [registry.k8s.io/kube-apiserver:v1.25.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1567 [registry.k8s.io/kube-controller-manager:v1.25.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1568 [registry.k8s.io/kube-proxy:v1.25.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1569 [registry.k8s.io/kube-scheduler:v1.25.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1570 1571 ## Changelog since v1.25.5 1572 1573 ## Changes by Kind 1574 1575 ### Feature 1576 1577 - Kubernetes is now built with Go 1.19.5 ([#115013](https://github.com/kubernetes/kubernetes/pull/115013), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 1578 1579 ### Bug or Regression 1580 1581 - Client-go: fixes potential data races retrying requests using a custom io.Reader body; with this fix, only requests with no body or with string / []byte / runtime.Object bodies can be retried ([#113933](https://github.com/kubernetes/kubernetes/pull/113933), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] 1582 - Do not include preemptor pod metadata in the event message ([#115023](https://github.com/kubernetes/kubernetes/pull/115023), [@mimowo](https://github.com/mimowo)) [SIG Scheduling] 1583 - Failed pods associated with a job with `parallelism = 1` are recreated by the job controller honoring exponential backoff delay again. However, for jobs with `parallelism > 1`, pods might be created without exponential backoff delay. ([#115022](https://github.com/kubernetes/kubernetes/pull/115022), [@nikhita](https://github.com/nikhita)) [SIG Apps] 1584 - Fix a regression that the scheduler always goes through all Filter plugins. ([#114525](https://github.com/kubernetes/kubernetes/pull/114525), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling] 1585 - Fix bug in CRD Validation Rules (beta) and ValidatingAdmissionPolicy (alpha) where all admission requests could result in `internal error: runtime error: index out of range [3] with length 3 evaluating rule: <rule name>` under certain circumstances. ([#114864](https://github.com/kubernetes/kubernetes/pull/114864), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery] 1586 - Fixed DaemonSet to update the status even if it fails to create a pod. ([#114818](https://github.com/kubernetes/kubernetes/pull/114818), [@gjkim42](https://github.com/gjkim42)) [SIG Apps and Testing] 1587 - Fixing issue in Winkernel Proxier - Unexpected active TCP connection drops while horizontally scaling the endpoints for a LoadBalancer Service with External Traffic Policy: Local ([#114039](https://github.com/kubernetes/kubernetes/pull/114039), [@princepereira](https://github.com/princepereira)) [SIG Network] 1588 - Fixing issue with Winkernel Proxier - No ingress load balancer rules with endpoints to support load balancing when all the endpoints are terminating. ([#114452](https://github.com/kubernetes/kubernetes/pull/114452), [@princepereira](https://github.com/princepereira)) [SIG Network] 1589 - Kubelet: make the image pull time more accurate in event ([#114271](https://github.com/kubernetes/kubernetes/pull/114271), [@pacoxu](https://github.com/pacoxu)) [SIG Node] 1590 - Optimizing loadbalancer creation with the help of attribute Internal Traffic Policy: Local ([#114467](https://github.com/kubernetes/kubernetes/pull/114467), [@princepereira](https://github.com/princepereira)) [SIG Network] 1591 - Update the system-validators library to v1.8.0 ([#114059](https://github.com/kubernetes/kubernetes/pull/114059), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] 1592 1593 ## Dependencies 1594 1595 ### Added 1596 _Nothing has changed._ 1597 1598 ### Changed 1599 - github.com/google/cel-go: [v0.12.5 → v0.12.6](https://github.com/google/cel-go/compare/v0.12.5...v0.12.6) 1600 - k8s.io/system-validators: v1.7.0 → v1.8.0 1601 - sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.33 → v0.0.35 1602 1603 ### Removed 1604 _Nothing has changed._ 1605 1606 1607 1608 # v1.25.5 1609 1610 1611 ## Downloads for v1.25.5 1612 1613 1614 1615 ### Source Code 1616 1617 filename | sha512 hash 1618 -------- | ----------- 1619 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes.tar.gz) | 4c4b59217468c3d26ced175b1eb3133382276941c74422b970a0a8bcd6c2b41fb3571fb4950594fee945feda810689812843491a39fcfe9deefa70f7d4a8460b 1620 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-src.tar.gz) | fd04beb3eb8c18446bfa4613dc90957f7d9bdc264b36608b8f31a365d78f42726c73db12bb42b4c60fdaa0822ee0f89a97ef7f624348d14211fa1f35c3be1ec5 1621 1622 ### Client Binaries 1623 1624 filename | sha512 hash 1625 -------- | ----------- 1626 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-darwin-amd64.tar.gz) | b1f6c04b641b2ebcf246065a7a7cee326786dc1ab3f8c7599b4a6cf80f4cd6464234bfb56e967565896d9b71cbdba45928376074c7116c38b02f004216886efe 1627 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-darwin-arm64.tar.gz) | a0ef7ad78aa0b9b31f2ebf0a39bb6647ed6d5e116875bce276adb0cd3c002ffeca99c7b0a3148529e27f45c02fba1a07909db91657ae6cea355052856706ac11 1628 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-linux-386.tar.gz) | a4fba73c94f0d233156f15abfc96be42b83f3cdd2787b3d9a6efe306c8dd925252e92cb2ebaefead47b62cd4aa03a7645e91a449296f277797c2f9de02c8f39c 1629 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-linux-amd64.tar.gz) | c229b5700944f86f8312cb76d44248de813b8bae58026ec137b3e19bf422e91ed9848115bd549c5d5915b43acd639db71c2e9ece756c1b1c4f706672e11151b6 1630 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-linux-arm.tar.gz) | 37e967e95208964f6981aeadd7ec72f770b862e0d86537ffb031f6c0561dafe5176dc8e9c6e78cfd87372a2b2d741e9e9d117be7f3a8404d669b35b7b2a873a8 1631 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-linux-arm64.tar.gz) | 40da990dbd86de5cd7d9d7cfd222fceb80162bdf77aa28feda8ed21f6f09cdb35130a77ede5150bd4beddd9d5e77a9f82926db9750589e059dadd97f0142ff39 1632 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-linux-ppc64le.tar.gz) | cff79bc66adb1ba3aa11221091ef799f5ac3b3f0979d5c4376bd87ce8b5181a74cbb3d4449f776775e2c6b15df802421ee21015a7a53df77c6ac1edc9b55daad 1633 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-linux-s390x.tar.gz) | 4939d05b922bdd33ad50d3bdd84917d0614b7ac32d021e475bd3e656212fc4c8c44af214603fa60d60f0d904941edb180bab3f61180f4e0a704506c5a08bd5a0 1634 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-windows-386.tar.gz) | a644679e2958f4577ccd5f9b284a91cd0d54a9b5b76ef1fdfcef5051fc9d6c2c84640970453de3f1ef21403350e4007a76718deddbfd3b2277792631593de736 1635 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-windows-amd64.tar.gz) | 5cdee95add22a542f78dde5aa223a3f7f2f87ae5e52213460b8280475103482f0ecea68fb4c4164aa7fa6bd54963b4c2225f477f1156af0cbaa85417d1ef5219 1636 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-windows-arm64.tar.gz) | f6a87418be93cc147c299bcd538dcd769563a10ec76eb941e8723cd8962b11f1a068eae9344cff613786b4f482693922e94344e3efb3349a34177e04936a8cac 1637 1638 ### Server Binaries 1639 1640 filename | sha512 hash 1641 -------- | ----------- 1642 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-server-linux-amd64.tar.gz) | 715d717779fec615a2c5742c6c7371fa6edea85344acb33003c84151d0c0135a892475552b4427cda339ebda2d640cf85a7fa0f844111370e86a4290f0e11376 1643 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-server-linux-arm.tar.gz) | 4402a7e8cbab87cbc7d991d79971c45b12855ac954ff1fef1262d15da38230739612b322b86b35105ae72c51bcd1be7c108ce60f6d7e72a1e8f0d1101eec5eb0 1644 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-server-linux-arm64.tar.gz) | 53953f0c33aae7210dba696905af22eda54d3fdbdae87bc8a26b233c4e913279eae7349f83d546cc8c5fdf21ffd1f2463406edf11c44b5707f0f9fd22a394f62 1645 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-server-linux-ppc64le.tar.gz) | 30eeeb624a79dbfdfc0cd328faca327d8437158058004ff76e2deeb069cb86154e37e7e24a8d3760d7a03af80768b12ec5ef9ae82852e63c28cb31e6b7166894 1646 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-server-linux-s390x.tar.gz) | 4c13abed9a8a71f7fea14c2bc3859e5f3d32818afbab26aef4c80452db81f9afe907577610515298dd784ac1c418f3bcb38cf9c62192cb005e75e1c66ef80797 1647 1648 ### Node Binaries 1649 1650 filename | sha512 hash 1651 -------- | ----------- 1652 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-node-linux-amd64.tar.gz) | c30b85bcd0ec56c94b6d55364ffdb881393f2e84c1b7dd2aa85b7e03dc18fcf3ecffcf98ee77af98af2eecfdffcefdd26ec4a3c9522e5f3f6e5fa5b7efde6d37 1653 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-node-linux-arm.tar.gz) | 5541b8550b794256e079f1c27f38bc58bea0878f658fda86f609c390f1d8fc5edfe5c1f26c009e0944cd42a3e08d5cd4f17db70077f1e19fddbae7a838a3ee25 1654 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-node-linux-arm64.tar.gz) | 965249a3a896a8d278e4092935d68cc7aa5778f57940303d71db13b34f7e1fc32642f1d394e812f172bcdf26eff12e1ac44ddf5395557c02850bfc5824a63c6f 1655 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-node-linux-ppc64le.tar.gz) | d4f54d7faf2eed28f0f24d121209b4496760065b975f3f616a1e68083b226f851e0bebc2b99f7ecf84df359b18fb51ec922d518aa63a53d8b3570274b8111a2b 1656 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-node-linux-s390x.tar.gz) | 7f69ac1961cb24fe228408fac0509cf663988f0e5bea0a06fae0172b57ba595896af364b15560130110ba026a08f46c72738b0c8c271a84c280a45c84a58aca5 1657 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-node-windows-amd64.tar.gz) | 301011c5743c8e915c24594d26bf13597065435a0dd82c97711e05ae21b2decaa7013772f770970ab9c6a109fd1b6f79e6a9df449556925b6459fac99f9bded3 1658 1659 ### Container Images 1660 1661 All container images are available as manifest lists and support the described 1662 architectures. It is also possible to pull a specific architecture directly by 1663 adding the "-$ARCH" suffix to the container image name. 1664 1665 name | architectures 1666 ---- | ------------- 1667 [registry.k8s.io/conformance:v1.25.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1668 [registry.k8s.io/kube-apiserver:v1.25.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1669 [registry.k8s.io/kube-controller-manager:v1.25.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1670 [registry.k8s.io/kube-proxy:v1.25.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1671 [registry.k8s.io/kube-scheduler:v1.25.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1672 1673 ## Changelog since v1.25.4 1674 1675 ## Changes by Kind 1676 1677 ### Feature 1678 1679 - Kubernetes is now built with Go 1.19.4 ([#114286](https://github.com/kubernetes/kubernetes/pull/114286), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing] 1680 1681 ### Bug or Regression 1682 1683 - Bump golang.org/x/net to v0.1.1-0.20221027164007-c63010009c80 ([#112693](https://github.com/kubernetes/kubernetes/pull/112693), [@aimuz](https://github.com/aimuz)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Security and Storage] 1684 - Fix endpoint reconciler not being able to delete the apiserver lease on shutdown ([#114137](https://github.com/kubernetes/kubernetes/pull/114137), [@aojea](https://github.com/aojea)) [SIG API Machinery] 1685 - Resolves an issue that causes winkernel proxier to treat stale VIPs as valid ([#113558](https://github.com/kubernetes/kubernetes/pull/113558), [@daschott](https://github.com/daschott)) [SIG Network and Windows] 1686 - Updates golang.org/x/net to fix CVE-2022-41717 ([#114320](https://github.com/kubernetes/kubernetes/pull/114320), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] 1687 1688 ## Dependencies 1689 1690 ### Added 1691 _Nothing has changed._ 1692 1693 ### Changed 1694 - golang.org/x/net: a158d28 → 1e63c2f 1695 - golang.org/x/sys: 8c9f86f → v0.3.0 1696 - golang.org/x/term: 03fcf44 → v0.3.0 1697 - golang.org/x/text: v0.3.7 → v0.5.0 1698 1699 ### Removed 1700 _Nothing has changed._ 1701 1702 1703 1704 # v1.25.4 1705 1706 1707 ## Downloads for v1.25.4 1708 1709 1710 1711 ### Source Code 1712 1713 filename | sha512 hash 1714 -------- | ----------- 1715 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes.tar.gz) | f227a66d5595caf33d6ad39c0e50af83f425255bea16aa62747e89fa779c0b525708ed0cb2a61c058a0375a206a567210e5a8a7ceb5ca7f494a51e9a37a21cb4 1716 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-src.tar.gz) | 7a1d64990d122e46c8f6af9fb925e787e9752962749410f8ea67eaad50179feeba35b03bc7b763112b99856f310020682d42913313c0016ac9a6c3c47898e097 1717 1718 ### Client Binaries 1719 1720 filename | sha512 hash 1721 -------- | ----------- 1722 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-darwin-amd64.tar.gz) | 4085e167f35ebc37f416c7605918301dd332d1e5ad08b38ae81612ff9640bb65b0b6a19cc38bbacef7916c03e373022336e8952574711254c14db15edd5b8ce1 1723 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-darwin-arm64.tar.gz) | 267f6015bd4e35ad34cbd6af393dd89b70e636755a4d5620729396e6f822528b9a0b25758347e6ac35bca3ea55e6d51b6555e55b4851f27283c19bb1e6811bd7 1724 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-linux-386.tar.gz) | b8c49112050e0a40bfa36a2484dc1d6df260e6fd093599585ba332b69250738fd8440ad2126011958afaf17030d52cd7babaa2deb1aca4b6545347252be98116 1725 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-linux-amd64.tar.gz) | 192985a27178078cf7413cfa15aaf69c94420a0bc316f2a7b84bbd190ad66ebe1276ff4604b38aee673f40a1726226428d15a0a5c392c36b47137cb48bfb09d2 1726 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-linux-arm.tar.gz) | bb0f6a50bfecda86dcdeecbd972cb494e18741d9dafc6abf2b3f556fe042854ae7d1a1043679eefa4c8be2bbb65b36e477b37b8d424f20d88a52b0ba17097252 1727 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-linux-arm64.tar.gz) | 399541835239922d1280b401fdaa4c7779eceed34f18810992958c3a4176c5f5bef148697e569c5ca9b2d68500003cc8911bdc542ce1e106f10bab552a362a7c 1728 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-linux-ppc64le.tar.gz) | 18d0b65c34cb1ae7010ee5f32d47cd21952bde5f35d4e1e0ebf4cc747ecd14593b39181ea8b384bf3c302d54768b5f0a9573d1a0d8fe397d7fb7ce4770fecb1e 1729 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-linux-s390x.tar.gz) | f025a5bad0fcee7aea37c213fed3545cbfae79589b28e68ea8504b83269d19eec4c888cfcffc47cd2d85cff6d62b81e8856453a6295a4e151fc31850d013c901 1730 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-windows-386.tar.gz) | 8a96b44b04f24d6cec5876857c56e15dd41020de4448e7aa882574e47e42fca2ba7337e9b60aa997284999a8f9039aa164c50053fe1acd31349babf2055dbca2 1731 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-windows-amd64.tar.gz) | 22ed2223a5e6ec6f17f357dc0e76691a01396444811f57b905a311a0eeaa785c3026408fbf142bc2a6f3dd318814448feb431485d380b0851dcb2378eff1a34d 1732 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-windows-arm64.tar.gz) | b4a3d3f1d0f564db3588abddf8548ec22a9fbc3c1811e8fb0112090bfcefb5120d3a88424f2be2b5dcae5e69482ac2b32734a77253b165c625a5326bf561b745 1733 1734 ### Server Binaries 1735 1736 filename | sha512 hash 1737 -------- | ----------- 1738 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-server-linux-amd64.tar.gz) | fc469119a0ddfc20150ae7956d2c4e63fdb9f1e3478c57339e24cf6c4d1b529c2396a667df7439fa41001d68a1cb8bbca160ee215944d690ad24c6a7d1f2780b 1739 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-server-linux-arm.tar.gz) | 50b6ba72184f3f13c98063ab41c4dbf208e25279be28aacc5a75d956074f03a08508c6098b77f8d9483c480b5e0104ad791ff25889bde7c47049c21842332671 1740 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-server-linux-arm64.tar.gz) | 058feaf8c3af683ca1ae3ba978cb938c254bfc831452fe345cdddb7d684939e695d6d871a9363f961be85b6f4fc7379ca559edc1175e50bf48baeb0b7df7e7ed 1741 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-server-linux-ppc64le.tar.gz) | a75b2780eb21c8ffae6f374bed0108b626d317b5e66a714b57e7284cd0eefbd3808d76d54e631a18fa7d70cbd9e7e698fa43b9715c31b952372c03737c0279ed 1742 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-server-linux-s390x.tar.gz) | 1ea2eacdb1c65ffcee5c262c97973ae5de5b5fb1fb1a17e458ad4df0412bbe5bd43a872014178ee0d6642f66f67e276984df4dabb4eac311d3fbee94b1727465 1743 1744 ### Node Binaries 1745 1746 filename | sha512 hash 1747 -------- | ----------- 1748 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-node-linux-amd64.tar.gz) | afc91c699aab2e7bf8b6e04dfc2eebbb4daef03855796b47e7540f32b379a61866c22c97511bfefdf34cd271cde10f016bf8985971c207598edeb5b6af1fb7ae 1749 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-node-linux-arm.tar.gz) | 4a8d369d6c049dd8252566f7c92baba93afca8bd2208506132f2e976c3db6dccb8f3df84d23aae5cf7a66dde247b52a96f20bb2c0d2baa9d469dd4ff3f21fdbc 1750 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-node-linux-arm64.tar.gz) | 4bd590fca3f4325f0d4dd535366d5790da7190697f8a5d1ca0e356ceccbc0e77ed315a992260845dc260958358fae41210bf1ba3d5685c5b46096c27d8190311 1751 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-node-linux-ppc64le.tar.gz) | eeae4448a382ff48884a1c86a7369c028edf6425ab299e0b6f13129f62496d4d50083e5c49e8fae6cf774ca1fe7e73dca554007596757f422e80c666ea629bf5 1752 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-node-linux-s390x.tar.gz) | f15b0b5b2ec8db89eb3a1d542ac3270ff74e9a9f1343925588b10a3724cd24e207f5541a8c2a31dfb7a8b18d5875ff1ba56fc0e2b6db3b35f4548ce6ac6dd486 1753 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-node-windows-amd64.tar.gz) | 824257130899bcc1151218fe4ca58b972f270a19900e773da0f28e77f78261bc3995d2416c41ceaf26e4af1a4d8a28c6cee673fdc3f0e165220e23978118d2f6 1754 1755 ### Container Images 1756 1757 All container images are available as manifest lists and support the described 1758 architectures. It is also possible to pull a specific architecture directly by 1759 adding the "-$ARCH" suffix to the container image name. 1760 1761 name | architectures 1762 ---- | ------------- 1763 [k8s.gcr.io/conformance:v1.25.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1764 [k8s.gcr.io/kube-apiserver:v1.25.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1765 [k8s.gcr.io/kube-controller-manager:v1.25.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1766 [k8s.gcr.io/kube-proxy:v1.25.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1767 [k8s.gcr.io/kube-scheduler:v1.25.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1768 1769 ## Changelog since v1.25.3 1770 1771 ## Important Security Information 1772 1773 This release contains changes that address the following vulnerabilities: 1774 1775 ### CVE-2022-3162: Unauthorized read of Custom Resources 1776 1777 A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read. 1778 1779 **Affected Versions**: 1780 - kube-apiserver v1.25.0 - v1.25.3 1781 - kube-apiserver v1.24.0 - v1.24.7 1782 - kube-apiserver v1.23.0 - v1.23.13 1783 - kube-apiserver v1.22.0 - v1.22.15 1784 - kube-apiserver <= v1.21.? 1785 1786 **Fixed Versions**: 1787 - kube-apiserver v1.25.4 1788 - kube-apiserver v1.24.8 1789 - kube-apiserver v1.23.14 1790 - kube-apiserver v1.22.16 1791 1792 This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit 1793 1794 1795 **CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 1796 1797 ### CVE-2022-3294: Node address isn't always verified when proxying 1798 1799 A security issue was discovered in Kubernetes where users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can to modify Node objects and send requests proxying through them. 1800 1801 Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to be redirected to the API Server through its private network. 1802 1803 The merged fix enforces validation against the proxying address for a Node. In some cases, the fix can break clients that depend on the `nodes/proxy` subresource, specifically if a kubelet advertises a localhost or link-local address to the Kubernetes control plane. Configuring an egress proxy for egress to the cluster network can also mitigate this vulnerability. 1804 1805 **Affected Versions**: 1806 - kube-apiserver v1.25.0 - v1.25.3 1807 - kube-apiserver v1.24.0 - v1.24.7 1808 - kube-apiserver v1.23.0 - v1.23.13 1809 - kube-apiserver v1.22.0 - v1.22.15 1810 - kube-apiserver <= v1.21.? 1811 1812 **Fixed Versions**: 1813 - kube-apiserver v1.25.4 1814 - kube-apiserver v1.24.8 1815 - kube-apiserver v1.23.14 1816 - kube-apiserver v1.22.16 1817 1818 This vulnerability was reported by Yuval Avrahami of Palo Alto Networks 1819 1820 1821 **CVSS Rating:** Medium (6.6) [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) 1822 1823 ## Changes by Kind 1824 1825 ### API Change 1826 1827 - Protobuf serialization of metav1.MicroTime timestamps (used in `Lease` and `Event` API objects) has been corrected to truncate to microsecond precision, to match the documented behavior and JSON/YAML serialization. Any existing persisted data is truncated to microsecond when read from etcd. ([#111936](https://github.com/kubernetes/kubernetes/pull/111936), [@haoruan](https://github.com/haoruan)) [SIG API Machinery] 1828 1829 ### Feature 1830 1831 - Kubernetes is now built with Go 1.19.3 ([#113592](https://github.com/kubernetes/kubernetes/pull/113592), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing] 1832 1833 ### Bug or Regression 1834 1835 - Consider only plugin directory and not entire kubelet root when cleaning up mounts ([#112887](https://github.com/kubernetes/kubernetes/pull/112887), [@mattcary](https://github.com/mattcary)) [SIG Storage] 1836 - Etcd: Update to v3.5.5 ([#112489](https://github.com/kubernetes/kubernetes/pull/112489), [@dims](https://github.com/dims)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing] 1837 - Fixed a bug where a change in the `appProtocol` for a Service did not trigger a load balancer update. ([#113031](https://github.com/kubernetes/kubernetes/pull/113031), [@MartinForReal](https://github.com/MartinForReal)) [SIG Cloud Provider and Network] 1838 - Kube-apiserver: DELETECOLLECTION API requests are now recorded in metrics with the correct verb. ([#113133](https://github.com/kubernetes/kubernetes/pull/113133), [@sxllwx](https://github.com/sxllwx)) [SIG API Machinery] 1839 - Kube-apiserver: bugfix DeleteCollection API fails if request body is non-empty ([#113286](https://github.com/kubernetes/kubernetes/pull/113286), [@sxllwx](https://github.com/sxllwx)) [SIG API Machinery] 1840 - Kube-proxy, will restart in case it detects that the Node assigned pod.Spec.PodCIDRs have changed ([#113247](https://github.com/kubernetes/kubernetes/pull/113247), [@code-elinka](https://github.com/code-elinka)) [SIG Cloud Provider, Network and Storage] 1841 - Kubelet: fix GetAllocatableCPUs method in cpumanager ([#113420](https://github.com/kubernetes/kubernetes/pull/113420), [@Garrybest](https://github.com/Garrybest)) [SIG Node] 1842 - Pod logs using --timestamps are not broken up with timestamps anymore. ([#113515](https://github.com/kubernetes/kubernetes/pull/113515), [@rphillips](https://github.com/rphillips)) [SIG Node] 1843 1844 ## Dependencies 1845 1846 ### Added 1847 _Nothing has changed._ 1848 1849 ### Changed 1850 _Nothing has changed._ 1851 1852 ### Removed 1853 _Nothing has changed._ 1854 1855 1856 1857 # v1.25.3 1858 1859 1860 ## Downloads for v1.25.3 1861 1862 1863 1864 ### Source Code 1865 1866 filename | sha512 hash 1867 -------- | ----------- 1868 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes.tar.gz) | 401fa061d339f5e9d03e06a5c3145cd805bc9fe16d8f1cab112e6f7c3f80e2bcc9116b7ca018afae9e77f1c5b84b388d65cd3e996a43c3546c55483dd3ef698e 1869 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-src.tar.gz) | fda2f97fab7c355faae616350cdfabc0578e3ddb33bf031545b13cc5304deb970ea7c11eec61ea15db8dd400601569d972ac70751b52c5bde95eaf1faf13208c 1870 1871 ### Client Binaries 1872 1873 filename | sha512 hash 1874 -------- | ----------- 1875 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-darwin-amd64.tar.gz) | 1c2d5b026a6b7f2412bba578c3a8e764a0a26cf9a5c68bf3835eafd8cd3d6f3d1a341b2e2bfba024d628ebad0130df54e96327ac61cadbca4de009f5960242f8 1876 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-darwin-arm64.tar.gz) | 814a37d1a501f4d9eff5ce3df706aef948fab401e1113cc2ad66b3416f31b3824246e24324b5d18d506bff6751899e8c0013d23a750a2745306d1646d37ddf5a 1877 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-linux-386.tar.gz) | a8fa5167a998f756e16248bf70f4552f52910bcfa247d6f2092d5e49b83de0166404ed274f3cf3c0efece9f9a2c9a5102fc609dd841bb5288b99e190a1ad41df 1878 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-linux-amd64.tar.gz) | 115b22f31f1ff203234e61f4c4ff0bad68ded3cb17f8a3eed40ab1ec7d27f320a503da25b37316795b8193ff3017950bf49d105e6471eaa2e057544e792d922c 1879 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-linux-arm.tar.gz) | afc158ee2b22e1464dc28741307b41f229846bf95dfb2d213830b70d7f05872dd712d582b85d46b2f12dbee25fb7af49c97d7951eafa358a7f546986d8637c0c 1880 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-linux-arm64.tar.gz) | 22858844d4c71e6dd1365018819ca65b64752a5f3f9e75cdc9bc20d70bb503cf8792df75c06b11a616cf0fc13c11c3d5d9a5083b5a327eeeb4be956d31835c11 1881 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-linux-ppc64le.tar.gz) | 9b7c6899d01a32e01ee10053c37a49d6103d9860b27f58ffc9a2c8a0e85b4dc7b78364ab95d1dedea84aff5ee39ba80c54301996e9e7d98cf21ea3438a0a45b2 1882 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-linux-s390x.tar.gz) | 1e67f68703be8d17a3fa83f9a07a7c7c60d002873e95b0483cde8b216d7950e485495556c81098858a0f810b8df64e2b6cee5423aa8345c28b772e35514cc3a6 1883 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-windows-386.tar.gz) | fe5aaacb6c876b23da4146774801e1e10f76fe71ce4a5f505bcd6288fd5fa2e83dd9ad8297169d7d930556ca0b1db7efa78bc3dcf57e63c29ac8d00d3d60d8f2 1884 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-windows-amd64.tar.gz) | bc00edf2794b346d7257c916aa011463793ebebd22cbfbd5380d9e055bb6d6f20074083c5365a9706f2d780798807bdb22daac86ca5a64d5eda52f2ffd8036d3 1885 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-windows-arm64.tar.gz) | 903966c84af1d1e11a83794463a4778709e4e75a939b2f68302eb30a2dfa2d595532079b4f2ca3ff3a11ed676ee145394e60c8becb0473f3513f48e8b37767b7 1886 1887 ### Server Binaries 1888 1889 filename | sha512 hash 1890 -------- | ----------- 1891 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-server-linux-amd64.tar.gz) | 4c683e75f014a1d935abbc82bc9b83209e46f9a945b3ecb19e280d12996d8e5cfe459513534f2ac08590e6ccf58d31b02cdab037205ddb45e02bea08094eef0f 1892 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-server-linux-arm.tar.gz) | 6abf8ad637a82fa2e2edcb1842e102fa7e8a7a5b036c2c42180e115c178eda6fd776f593992cf0054de74569a6649674b6edc311c885d888f7378997aa142ff1 1893 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-server-linux-arm64.tar.gz) | 2e76d48a7148c1a88fad2e98c4fe5c6de732d81ebc5f8f615395ffceebc4663068fbf727db52788c174f82fa03be1b7c243c10e55907cfc3242c803d3da580b8 1894 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-server-linux-ppc64le.tar.gz) | 15f19436806e7d6e5eb8cd2cd1c4755d643d6f40ff5590cebe8b9a5c60aaa40707cd9369e8692bc089458a3f64920e3fbef7ab9d39f896be61d3957c86ea1503 1895 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-server-linux-s390x.tar.gz) | 16be913d2841e648a775daadc510d7f656f8563464f8df52eb3b314c60572e83d4114eb5793ec10035a2c9352aa97fbb7531293b5dbca386b59b85226ad0854e 1896 1897 ### Node Binaries 1898 1899 filename | sha512 hash 1900 -------- | ----------- 1901 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-node-linux-amd64.tar.gz) | 067acfc69f7286ad705d744b4bbd422035f60142e0c9d00a8fc844c59ddf7bf87f2bb1bf88ef563030f1a53e39716fae24c12a46038c448c73ab2186d128da9d 1902 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-node-linux-arm.tar.gz) | 97e249f338ee8e0c97c37c5b182e7dac057eccc9878c4c5cbd96098d875371f8833f0e8762d2be6dcff95d1503929ca00c9416b63acee3ff8edb17ad714eb604 1903 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-node-linux-arm64.tar.gz) | 645643f35c2efcd2db1c596dd3e916b4362b4b892f797dd9c8693d96c8e40de9fb00c2e83967e945e4271303ec2c3b5d8d2e183744bcadb2e430f916fd043d16 1904 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-node-linux-ppc64le.tar.gz) | a01bd81216ac60d6ec52f778a3139c8270be47c5c17145df925f6062013c19ad2489d5229167ab74d44aa23814a4522c86725c38e5b345f184c6646e71c6cfe5 1905 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-node-linux-s390x.tar.gz) | e34d36b17082f27a03efba0a47303f50482ac839188e1bcc4363d059106e78ab0b136234b5da04610967302291a8d5ae3f3ae185f2359c4ed0a83d8d78211f76 1906 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-node-windows-amd64.tar.gz) | dbe4d61e6872d13f42fa75e633ca379ff796fdbc4708734686989669caeb69e16f23f892f7b2a17c0b154186678785ebe3852aea3251aee2dd2c969d7183330a 1907 1908 ### Container Images 1909 1910 All container images are available as manifest lists and support the described 1911 architectures. It is also possible to pull a specific architecture directly by 1912 adding the "-$ARCH" suffix to the container image name. 1913 1914 name | architectures 1915 ---- | ------------- 1916 [k8s.gcr.io/conformance:v1.25.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1917 [k8s.gcr.io/kube-apiserver:v1.25.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1918 [k8s.gcr.io/kube-controller-manager:v1.25.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1919 [k8s.gcr.io/kube-proxy:v1.25.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1920 [k8s.gcr.io/kube-scheduler:v1.25.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1921 1922 ## Changelog since v1.25.2 1923 1924 ## Changes by Kind 1925 1926 ### Feature 1927 1928 - Kubernetes is now built with Go 1.19.2 ([#112902](https://github.com/kubernetes/kubernetes/pull/112902), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing] 1929 1930 ### Bug or Regression 1931 1932 - Fix list cost estimation in Priority and Fairness for list requests with metadata.name specified. ([#112557](https://github.com/kubernetes/kubernetes/pull/112557), [@marseel](https://github.com/marseel)) [SIG API Machinery] 1933 - Fixes an issue in winkernel proxier that causes proxy rules to leak anytime service backends are modified. ([#112840](https://github.com/kubernetes/kubernetes/pull/112840), [@daschott](https://github.com/daschott)) [SIG Network and Windows] 1934 - For raw block CSI volumes on Kubernetes, kubelet was incorrectly calling CSI NodeStageVolume for every single "map" (i.e. raw block "mount") operation for a volume already attached to the node. This PR ensures it is only called once per volume per node. ([#112403](https://github.com/kubernetes/kubernetes/pull/112403), [@akankshakumari393](https://github.com/akankshakumari393)) [SIG Storage] 1935 - Kube-scheduler: add taints filtering logic consistent with TaintToleration plugin for PodTopologySpread plugin ([#112357](https://github.com/kubernetes/kubernetes/pull/112357), [@SataQiu](https://github.com/SataQiu)) [SIG Scheduling and Testing] 1936 - This reverts https://github.com/kubernetes/kubernetes/pull/109706 and https://github.com/kubernetes/kubernetes/pull/111691 which caused https://github.com/kubernetes/kubernetes/issues/112793. I.e: the service controller to incorrectly sync load balancers for ExternalTrafficPolicy=Local under certain conditions ([#112807](https://github.com/kubernetes/kubernetes/pull/112807), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG Cloud Provider and Network] 1937 1938 ## Dependencies 1939 1940 ### Added 1941 _Nothing has changed._ 1942 1943 ### Changed 1944 - github.com/stretchr/objx: [v0.2.0 → v0.4.0](https://github.com/stretchr/objx/compare/v0.2.0...v0.4.0) 1945 - github.com/stretchr/testify: [v1.7.0 → v1.8.0](https://github.com/stretchr/testify/compare/v1.7.0...v1.8.0) 1946 - go.uber.org/goleak: v1.1.10 → v1.2.0 1947 - golang.org/x/lint: 6edffad → 1621716 1948 - sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.32 → v0.0.33 1949 1950 ### Removed 1951 _Nothing has changed._ 1952 1953 1954 1955 # v1.25.2 1956 1957 1958 ## Downloads for v1.25.2 1959 1960 1961 1962 ### Source Code 1963 1964 filename | sha512 hash 1965 -------- | ----------- 1966 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes.tar.gz) | 1357721e779d39cd57e60391ff33a6ee852fd39dcf65c6db3a408926b2197c37e68069e18eb109cef5310442302a9a331068fef4f6a6dc49c7f2fe9f74eae645 1967 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-src.tar.gz) | 3b43409f5e9f1d54915d8f1b1f2f35da1f9d05c5c6bab7e6aa8ccd5b25823d5c74ef4a35be6577b97e4949d76f3f7a0862407a4eda03d5bc77b2a9bc9ab8f784 1968 1969 ### Client Binaries 1970 1971 filename | sha512 hash 1972 -------- | ----------- 1973 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-darwin-amd64.tar.gz) | a01cfb2af622c309c3b314b45796d871457623f42c377ee75c9078d7ce22fd4b7fc9c0f5e5a75159e37c4d28964b424c931a2845d16be98cb2b7aef7844afdad 1974 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-darwin-arm64.tar.gz) | d45fe2a594abe102c6dcbe2d9dd6f1cc15b8c547bba29edc0b2861646a261c53995e1e8ce80aa67b89c20642d3b3d3a5266514b0b21f52a5117baa6e2f4dd433 1975 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-linux-386.tar.gz) | 1dcd78d1bbf143c8f25d9d7d8512d2f74f20ad1323addafeaa7e52cfda3b1ba124526091093590aef0d74cb0571e3af6ae584314b02e32d68e0882723643f364 1976 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-linux-amd64.tar.gz) | 0eb301d4cc2228091e87be7fff058ca25fbc1668a8819a8903f1022c42029ae622a01d08959312dffb28f57969ab3b15766cf29e3b9e1fc9095b8bfcee03b1c5 1977 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-linux-arm.tar.gz) | 981201ba86fa5cade101c3c6b401867b203aa243ac2e02f1e469bcf35400ebcab931d47e64c4ea8c9e244e3146bf6ef095159d9e8ccaa9cd6c6367b7edcf46ea 1978 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-linux-arm64.tar.gz) | a1f0ae04a92ab2568fb5ead6f62d86af0a30834f733d52e841acc146b7cf25e18638ee537f5f6383efa7a10015382ecaa10014b2a7f287cd31020cba97ebb656 1979 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-linux-ppc64le.tar.gz) | 242cf97458991a303a0256f3916644a4d4559fab2b2f9f9bf10757135ab7a61ad095d68323632881d038ba5810f77b5f9436fd4fb34500e70d3c46bed637ed74 1980 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-linux-s390x.tar.gz) | 07d33af60ef593bf27fa1517b05bd7e1ec25b65e80d0f37bfb1c4cdadeb3d0bc7d65b27fb5747a9b1835d9dc611c8416441110e81a046927fa1f59e6f1137c13 1981 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-windows-386.tar.gz) | b8385f1f9265c1b57badce83c7b0982972961e25ddd03edbbb1a719a98d717715f16e03ccde915f7f606fa3a84d09127e13b06b8fe99c5cbf16a8e6f2aa00637 1982 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-windows-amd64.tar.gz) | af86d5e2efd698441e2ecf78438f0b3a262608799213a80d800bbb68dd115fa588b32328c4d7848d93325f74e498f6d9b295bbda7408648180fb7fb919795fa0 1983 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-windows-arm64.tar.gz) | d775a3c182a8c067ce4859922629921c8ca43ffd81729dada347f48820abd1ecc09e04cd6fc707e757a0071d72e3a056769d11e5440939eb9de7ff7019a3af07 1984 1985 ### Server Binaries 1986 1987 filename | sha512 hash 1988 -------- | ----------- 1989 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-server-linux-amd64.tar.gz) | a8731e6890bb68143e883e00de2e7886aebc9d924db07e7524ab54d96969ab0071a3b0863180b5eb88e7ac94cac08eca6eb3656ab3835833e202f3fb15040aec 1990 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-server-linux-arm.tar.gz) | 7df84891ae5aba3514dbba29d4056547d1bf751e7d41564d3f79595a41b7bad3f3502ce14500732c6335a7665beaf95367fb03bcd8dd5282cbe00544f2bbffeb 1991 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-server-linux-arm64.tar.gz) | 7526b11a01f6ae04ece2ea720dfbbf0aaf6536dc545ccd1fd8e64d9f4409879e13c9bed435819381ee0ae4e7738e184c10b0659de2fdf81d4b82cec41f4547e9 1992 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-server-linux-ppc64le.tar.gz) | ce39f1187b6d9c81a826f2e427650e0cc01d5bc168ba9061dbdf473327e432ea0aa980aae791569039fb580e0933a6cfd2c52e1be944dd436ae957573d60b9f4 1993 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-server-linux-s390x.tar.gz) | 62462352e5b5c69b169add5d3c2ec307cd17aa75d2c411ff8092b3bb2a3a029b6a015cbff016327c93fa8406d72f65bb6cb2616072ddcb49beafb976245caadf 1994 1995 ### Node Binaries 1996 1997 filename | sha512 hash 1998 -------- | ----------- 1999 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-node-linux-amd64.tar.gz) | 0dd9b9a6477d53ce52fd5fe3ebb49af6a0f898cc412bf46fb2e9f5bdb93cca23274a3c959c23730eaabf7c771a0e78e670c92b67a95a69982ea1488ccff4f281 2000 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-node-linux-arm.tar.gz) | 22f2522739509a030e46b478616d78373091b6456abb77a6436db18737f8b0c7e1be199381b8e516bea0592bda4b7fcfb77662f068be38a290a0ebe8858aa493 2001 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-node-linux-arm64.tar.gz) | 665785ebe116c7766e37570081a6b0a566cc062cb0a4d46d1b8a8717637c1ed42bf8ba7bfc139c9796413bb698c9b9fa7c5d7600ae6aa74e3c4428ef954e783a 2002 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-node-linux-ppc64le.tar.gz) | 848821505fe65f79e6acf003c5e12d3aaf2a16fc7abab2ea2d4850b85b00c158a81030ff26b4dfcf316488411c536cecf27b551b5f4d3606f5b56a9bef30f9bd 2003 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-node-linux-s390x.tar.gz) | ce5f88617dee79d2816cf3417aa3ee40334920fca0682311f4346237929771c60203ce0b823011cdb363583631c37a7c101731109698c36597d3c70f61a44ec9 2004 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-node-windows-amd64.tar.gz) | aca53967a0141ce1474bc715f57bec90dab08a03a2ff8fe5eb71e3489a372684fa86694d37ccfcdc49c93dbd5d6972ed8c06d5f78b75c7457b4b446e6c5be9e0 2005 2006 ### Container Images 2007 2008 All container images are available as manifest lists and support the described 2009 architectures. It is also possible to pull a specific architecture directly by 2010 adding the "-$ARCH" suffix to the container image name. 2011 2012 name | architectures 2013 ---- | ------------- 2014 [k8s.gcr.io/conformance:v1.25.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 2015 [k8s.gcr.io/kube-apiserver:v1.25.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 2016 [k8s.gcr.io/kube-controller-manager:v1.25.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 2017 [k8s.gcr.io/kube-proxy:v1.25.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 2018 [k8s.gcr.io/kube-scheduler:v1.25.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 2019 2020 ## Changelog since v1.25.1 2021 2022 ## Changes by Kind 2023 2024 ### Bug or Regression 2025 2026 - Allow Label section in vsphere e2e cloudprovider configuration ([#112478](https://github.com/kubernetes/kubernetes/pull/112478), [@gnufied](https://github.com/gnufied)) [SIG Storage and Testing] 2027 - Correct the calculating error in podTopologySpread plugin to avoid unexpected scheduling results. ([#112531](https://github.com/kubernetes/kubernetes/pull/112531), [@kerthcet](https://github.com/kerthcet)) [SIG Scheduling] 2028 - Kube-apiserver: gzip compression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. ([#112398](https://github.com/kubernetes/kubernetes/pull/112398), [@shyamjvs](https://github.com/shyamjvs)) [SIG API Machinery] 2029 - Kube-apiserver: resolved a regression that treated `304 Not Modified` responses from aggregated API servers as internal errors ([#112527](https://github.com/kubernetes/kubernetes/pull/112527), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] 2030 - Kubeadm: allow RSA and ECDSA format keys in preflight check ([#112534](https://github.com/kubernetes/kubernetes/pull/112534), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 2031 2032 ## Dependencies 2033 2034 ### Added 2035 _Nothing has changed._ 2036 2037 ### Changed 2038 _Nothing has changed._ 2039 2040 ### Removed 2041 _Nothing has changed._ 2042 2043 2044 2045 # v1.25.1 2046 2047 2048 ## Downloads for v1.25.1 2049 2050 2051 2052 ### Source Code 2053 2054 filename | sha512 hash 2055 -------- | ----------- 2056 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes.tar.gz) | 570fd9b51a413a0a8f26834c8b0d49126cf1675800cf617a8532aa0270174a2b2b0a73600c4e1b3ab9303eb439d23d139bed82104f8d8a661a106c15496b5fd5 2057 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-src.tar.gz) | 1e0160c1606d4ee4f88b72417cc85aaef92635c2fabe3d0fd316c90e1b7455dae8e99aa71badd916c105ce0986ccf283043242d34c805d191c1793fa83af7f19 2058 2059 ### Client Binaries 2060 2061 filename | sha512 hash 2062 -------- | ----------- 2063 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-darwin-amd64.tar.gz) | fbe8ecb58d7c50d2f9e8e80a6418b67aed0525a5915344fed0d61ff092b79c0eaa47e78058a6300041b8faf6c4ab62610575f241eb7a779c9eb3c49ecdffd96b 2064 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-darwin-arm64.tar.gz) | 0d4cb3a2d5c18006dd530c1a1c14e0f04dd8cd3adcf6002c350b57f74d7b8e142a47c3e6771763d6aab06f4b34feb51ff71f80abc68b05708fd5718ea0979c38 2065 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-linux-386.tar.gz) | d15a7d60362050887e83e98d98bb3807fb07801a5b967b0e701e3bce3c5c5500c6db79fd665d066c71f29e07d49bf51ebf89c3d9d5209c986cdcb08a9928a2d5 2066 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-linux-amd64.tar.gz) | 2f57545db6edbdb1e7f162814e73c831dfe1f1023771a4ef4547e41eaa1eaf374cb556be6e0db1417f3eb36c2613cc088c6c64881610b3d4f8df1a0200206b87 2067 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-linux-arm.tar.gz) | f6a66a41fcea5a60dbb65d5a87a642040f07b073a3315c33853d9417aecd27389995b72fbdeee1c4dd755adbc26ad9211f7fd5247a867c99e0f6131d6f6839e8 2068 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-linux-arm64.tar.gz) | 921a044d01641361a36174b60b2c3ce17e04d11268ed1e4acebc6b38ea37b2d1ca3de38b8c9e0a0efacde63aa4f91b12af03a76b67576e26cae8d8bba4b9baec 2069 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-linux-ppc64le.tar.gz) | 23da2eadd9973dc8392c100cf7631b802bd83fa731bd3e8514748119107814dcad58fa12fea702bc4d922c783abf73488d9ca5a7bfdcb07999f96a2b312eae84 2070 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-linux-s390x.tar.gz) | 706e83b85072ffb515b2015bea3e7260dc276f3b51236ed44df8f2a6eaf35aeedc76ef545cb8b665a715636cae7cc471b78ea50149f6e3f6f2714d957a1a9a8e 2071 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-windows-386.tar.gz) | 7aeb767610f288545ee810ffed91c7d6edd5e1eb2798a89894db07179a8fefc428794f684e4d4e9e65f88822fcc2476c74bb7b227075debb637eabea1578d940 2072 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-windows-amd64.tar.gz) | fc734bbce708303a038ece4c9c4b96e9d4e020ee2e435a29d4e622af46e13e20ab90c8e81a99755f2c0e1aab076f9cc38c9c61a8b81bfcbbe321d56f3348fa3f 2073 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-windows-arm64.tar.gz) | 787a62cd64de87d96d861fbf3a636d7014a50ae53c9465b3dda675232bd2a62814db52a47621a04c1e62788e345853c327bad127693af6d005d35cd2f845641e 2074 2075 ### Server Binaries 2076 2077 filename | sha512 hash 2078 -------- | ----------- 2079 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-server-linux-amd64.tar.gz) | 7f8e9df0a408c7ae25d7c4af171ff62b256bba2ca3ce53e4fe1eaa241e33eedfcd027b84237d62cff2b399d5822140a2f0241c5102eb145be5e62cd4ad40783f 2080 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-server-linux-arm.tar.gz) | 62a52ecaed1bc41479f6ab732faddcecc0f380731968be25aee3fbcff051d87691df4542f97403838ccb34a2d93e163f319ed9683def8236746d11d40eadfb1b 2081 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-server-linux-arm64.tar.gz) | 0df095874536bdd01bbb1dadb1c71ce7d8e46f3e86bc8490654ef9bb163023d04b3ab6078561d058c38adeae904d24aade9c7021b02c0af4947892ff1e544ec5 2082 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-server-linux-ppc64le.tar.gz) | 4bf9d1c87fa8b120c8302838f0085b9c09b449686f371e3002d9744ed0d3df93af36cc8e1c49d2d11bc5f5a9d71f83c909a4eb8aaa4991e56d18ef231ea970b9 2083 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-server-linux-s390x.tar.gz) | 78e836804355c7132d48f5ad96e6d9253d0267bae91185d271932cdccae6d712b99efdf44c573c7c871c10a7f48d90784615d454a2858017e34f33876cb4dcca 2084 2085 ### Node Binaries 2086 2087 filename | sha512 hash 2088 -------- | ----------- 2089 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-node-linux-amd64.tar.gz) | eea845092b6eb0329590beda0f40d88613d8b809a61fcb78452004eb1f0851d69d52a7b71fd921f97af66cdd80636704fe144d6ad1be798c74e32304b42f2ac4 2090 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-node-linux-arm.tar.gz) | a36d8f52074c720100d84e69b47d7e4975791d36730587a62d6fe41690ee9dae8bd61c483ac6e870b8b6a14b65a1b35b5c3b0a8305c7313013764e585db72433 2091 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-node-linux-arm64.tar.gz) | ade8144c6ee4ef397d18fd92338485835d83cb0f2b7d0e55c4422f9037aeb4ae7af71e861b1d2ccbd3f808d54437f11c143f00db9799d2f3662cd38f0c6cdf38 2092 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-node-linux-ppc64le.tar.gz) | d51dedb6f081b7512739776c60be7d3d52899e022c14e2c920fe236aca53f2c02cde8d2e23ced10d098ced238e2186eca833fb0b82972b00334bfefcc1c037c4 2093 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-node-linux-s390x.tar.gz) | fb2949bb815be69aa34503afce8b63ecaf4f8f1a7195e8a962887f223dda95f95b359f0c473e5c3bc40b12d49ff58b406003f4aa4f2ee5712e700fd6c479b829 2094 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-node-windows-amd64.tar.gz) | dfdb051ebd867f775b2cc7f4cc6fd3828fa11c94a90201056451b2c281e53fd70e40664874d7fe2344b17056246cc439ded7703fe22e1e1f736d78d5818a4a09 2095 2096 ### Container Images 2097 2098 All container images are available as manifest lists and support the described 2099 architectures. It is also possible to pull a specific architecture directly by 2100 adding the "-$ARCH" suffix to the container image name. 2101 2102 name | architectures 2103 ---- | ------------- 2104 [k8s.gcr.io/conformance:v1.25.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 2105 [k8s.gcr.io/kube-apiserver:v1.25.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 2106 [k8s.gcr.io/kube-controller-manager:v1.25.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 2107 [k8s.gcr.io/kube-proxy:v1.25.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 2108 [k8s.gcr.io/kube-scheduler:v1.25.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 2109 2110 ## Changelog since v1.25.0 2111 2112 ## Important Security Information 2113 2114 This release contains changes that address the following vulnerabilities: 2115 2116 ### CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF) 2117 2118 A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties. 2119 2120 There is no mitigation from this issue. Cluster admins should take care to secure aggregated API servers and should not grant access to mutate `APIService`s to untrusted parties. 2121 2122 **Affected Versions**: 2123 - kube-apiserver v1.25.0 2124 - kube-apiserver v1.24.0 - v1.24.4 2125 - kube-apiserver v1.23.0 - v1.23.10 2126 - kube-apiserver v1.22.0 - v1.22.14 2127 - kube-apiserver <= v1.21.? 2128 2129 **Fixed Versions**: 2130 - kube-apiserver v1.25.1 2131 - kube-apiserver v1.24.5 2132 - kube-apiserver v1.23.11 2133 - kube-apiserver v1.22.14 2134 2135 This vulnerability was reported by Nicolas Joly & Weinong Wang from Microsoft 2136 2137 2138 **CVSS Rating:** Medium (5.1) [CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L) 2139 2140 ## Changes by Kind 2141 2142 ### API Change 2143 2144 - Revert regression that prevented client-go latency metrics to be reported with a template URL to avoid label cardinality. ([#112055](https://github.com/kubernetes/kubernetes/pull/112055), [@aanm](https://github.com/aanm)) [SIG API Machinery] 2145 2146 ### Feature 2147 2148 - Kubernetes is now built with Go 1.19.1 ([#112320](https://github.com/kubernetes/kubernetes/pull/112320), [@palnabarun](https://github.com/palnabarun)) [SIG Release and Testing] 2149 2150 ### Bug or Regression 2151 2152 - Adds back in unused flags on kubectl run command, which did not go through the required deprecation period before being removed. ([#112249](https://github.com/kubernetes/kubernetes/pull/112249), [@brianpursley](https://github.com/brianpursley)) [SIG CLI] 2153 - Avoid propagating hosts' `search .` into containers' `/etc/resolv.conf` ([#112204](https://github.com/kubernetes/kubernetes/pull/112204), [@lucab](https://github.com/lucab)) [SIG Network and Node] 2154 - Fix an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectl while exec auth was in use. ([#112336](https://github.com/kubernetes/kubernetes/pull/112336), [@enj](https://github.com/enj)) [SIG API Machinery and Auth] 2155 - Fix problem in updating VolumeAttached in node status ([#112305](https://github.com/kubernetes/kubernetes/pull/112305), [@xing-yang](https://github.com/xing-yang)) [SIG Apps] 2156 - Kube-apiserver: redirect responses are no longer returned from backends by default. Set `--aggregator-reject-forwarding-redirect=false` to continue forwarding redirect responses. ([#112330](https://github.com/kubernetes/kubernetes/pull/112330), [@enj](https://github.com/enj)) [SIG API Machinery] 2157 2158 ## Dependencies 2159 2160 ### Added 2161 _Nothing has changed._ 2162 2163 ### Changed 2164 - github.com/golang/glog: [v1.0.0 → 23def4e](https://github.com/golang/glog/compare/v1.0.0...23def4e) 2165 - github.com/google/cel-go: [v0.12.4 → v0.12.5](https://github.com/google/cel-go/compare/v0.12.4...v0.12.5) 2166 - github.com/google/go-cmp: [v0.5.6 → v0.5.8](https://github.com/google/go-cmp/compare/v0.5.6...v0.5.8) 2167 - github.com/onsi/ginkgo/v2: [v2.1.4 → v2.1.6](https://github.com/onsi/ginkgo/v2/compare/v2.1.4...v2.1.6) 2168 - github.com/onsi/gomega: [v1.19.0 → v1.20.1](https://github.com/onsi/gomega/compare/v1.19.0...v1.20.1) 2169 2170 ### Removed 2171 _Nothing has changed._ 2172 2173 2174 2175 # v1.25.0 2176 2177 [Documentation](https://docs.k8s.io) 2178 2179 ## Downloads for v1.25.0 2180 2181 ### Source Code 2182 2183 filename | sha512 hash 2184 -------- | ----------- 2185 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes.tar.gz) | `2bff2da02f6197fbde3e3a378dd8a95415edcef2e5f95a9e1399ec8369a592dac461dbb7402cded1ba93ace22c87ee050ea02a7c1c2cabaa97609352302d5d0c` 2186 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-src.tar.gz) | `20810dbbc1ee7ec06348b09b1d0dcef456eab600b3c6fe594d426a9c7b6fbab69712594d6f97c63db371a41a509f17bb7c4675b8e28a25dd84abb9bea35fc8ad` 2187 2188 ### Client Binaries 2189 2190 filename | sha512 hash 2191 -------- | ----------- 2192 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-darwin-amd64.tar.gz) | `4960a153e5cda0b30e7e437895fc8c08f80978d9f3189f6408e04446fa9777dafacb3cddbac5b09c8de0a19459893150a691b28f95cfa9f5c87b2926fe442df5` 2193 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-darwin-arm64.tar.gz) | `17972e1f0ad64113b9adf5f8e9c6231463048c0f04fde35fb614f59281127630ae475a7ec91e31cb03ebe444828e47e6d32ed05f000b6514bad646d6b9f5469c` 2194 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-linux-386.tar.gz) | `8d5a35a0a8e71ec59be0b720ff6fd80c172bcacae5f9a5f58bfc1ac66b4e877640d8626f23852ba2459dc1ec783347ae3300017e0919d59b16ae1011ac50c5d1` 2195 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-linux-amd64.tar.gz) | `34a7e9a496fff31a3afa6f5f7245212d051de3c2966e42a662040bde8a733c1cf55ce2e50227813fd29c6db758687a453a7df66b6c32f7f2c93959280c4e130a` 2196 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-linux-arm.tar.gz) | `f5defcd92f99562c455f44bf62b478d88d00ed3cce662bdd8bed8b880bae31e6e534fb044844b4664c543bed713332fd1734415e6da320f752984157e3fa32c9` 2197 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-linux-arm64.tar.gz) | `a01731aa3e7e8e560c92cf0b3d7ed9ce9964bfed88fcd055c881a0513c10be33e11b2c0539d4f52c17bfd605d540be5c6824a2f9f182d97a7a255a9a25b64607` 2198 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-linux-ppc64le.tar.gz) | `b022a28c25b0fefb1abbcaaa71d12f9edd14cf76d291ef3f8d13a8fc5cdec2edef3aee96c851e0dde7b8c7c1f5f38c3cc631e0bce15ccbc6f30bac45895ac7f4` 2199 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-linux-s390x.tar.gz) | `b4781d09fd1360097104fb6cd33e3f4de9ce571a13e329f26ce55505e9ddbbd2ca20794bb80a58eaa23ae63860376ae51187de76c99db9cbce984773ddf03c34` 2200 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-windows-386.tar.gz) | `5f6f71b7cb88dc18930d1864df21061f5b73a6969425701e945239323a0d7e5eb182c1607d3ddc26cbaf4dab0dc4bc59c7fbffe8bd66f5fd1edae075220d1c15` 2201 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-windows-amd64.tar.gz) | `cfcbdc13cfd17e8b38baa29d7638ae086b97d5784352d0e8bc92c6f6f34ce2e885ef1371d255d4b48c9a73cfdea8168d1d6cc7ac0b1b3bdc18a09970066d59ca` 2202 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-windows-arm64.tar.gz) | `55cc2d36764d8f496ca973d82fd1c60e93d227a8107fd0649c228f479b70dc05cbe23708fd8e4b820fd3b191786bbe054446d31f7d1b9fecff173d0f554d5a69` 2203 2204 ### Server Binaries 2205 2206 filename | sha512 hash 2207 -------- | ----------- 2208 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-server-linux-amd64.tar.gz) | `21614040cd3cc5a8ee0668bd91383427427e7796ee3de0f9fe6b4b5d9becb830141bb1ed3ba5376815385baa2675595e97765209f14bf68653bcf6fdfb070f3d` 2209 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-server-linux-arm.tar.gz) | `44ada6a0a6ba77aebdad52680c973f98bed495bdf7ac7cc6abbcb7e5b3fd5476961e0db6b8384b128c81ffd0b70d3a020f248062acfcd8b8b85fa295b1f8cf69` 2210 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-server-linux-arm64.tar.gz) | `c76ca3dc152a51c08d147a9ad9594a70071e548638d5065bf1aaaad63c3553c8af8d8dcb885e6e4ed724d944a5283fd000315d2622b7ef7a2df4b0b783ab0256` 2211 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-server-linux-ppc64le.tar.gz) | `491084954f951a3f3f61642e9006195f5dac84b4ccc29e407f85a3bb7aba8ea79c2b4deda69507bd516c1feff47ba9887309c26d6e6c4d2270cf5e0a8f0d5cac` 2212 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-server-linux-s390x.tar.gz) | `0e89499c004e5faaf69deb917c1df2eb3c2da36024ff3dcd10e5c3f7e7ef7c2393c109bb8ee8bd30756bc4024cacc05ea5f0131a5bc630a3513aada182a69949` 2213 2214 ### Node Binaries 2215 2216 filename | sha512 hash 2217 -------- | ----------- 2218 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-node-linux-amd64.tar.gz) | `46b4fd437824b1178dd570bc3a1a12aa5549482793f329d194b72a45daaa0bb8b990d7ee98f2a3d9a643ae113973f1f303cdcb6fdf8c56f439bf13acc7460728` 2219 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-node-linux-arm.tar.gz) | `f4338883d811369be6d7a2b658e3b46c06ddef0b584293c3e44bb5f961805d6659d2a73e62c470b80029938f8793f1b11c093e4b99431e419bd61b0e9ed5c133` 2220 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-node-linux-arm64.tar.gz) | `c2b174bb22485c0efb6a812ed78d84afa161d635f365d913ea08b3db8daae50ae15087a6d5fefce95c5363d90414079d8c5ff476bbfab9547c87befdf23bbcce` 2221 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-node-linux-ppc64le.tar.gz) | `7985f22fb43d3af183e94581dd7547b8817ad27b2c8b6304de60d28ce165341ab5dcd576f6c61b999c73ebf6a35d5cd5e328253160959f5112b94e4d17f41364` 2222 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-node-linux-s390x.tar.gz) | `7d6622e3128c3ad46ab286bdbb445f158b697f7624ff03f1905d4b62a91601d0f33880b4b0cfa93b435a9c786070f20ef86da877690c100bfa7460a8e8ca3cd5` 2223 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-node-windows-amd64.tar.gz) | `213954569d1e0b682805342964597a03d3b16a98756c9123d18dd8ceda9d4cddeeac500d5bdcf8cb27c136b2bfa5947fb5c75fdec7533a153199a855162d742e` 2224 2225 ### Container Images 2226 2227 All container images are available as manifest lists and support the described 2228 architectures. It is also possible to pull a specific architecture directly by 2229 adding the "-$ARCH" suffix to the container image name. 2230 name | architectures 2231 ---- | ------------- 2232 [k8s.gcr.io/conformance:v1.25.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 2233 [k8s.gcr.io/kube-apiserver:v1.25.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 2234 [k8s.gcr.io/kube-controller-manager:v1.25.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 2235 [k8s.gcr.io/kube-proxy:v1.25.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 2236 [k8s.gcr.io/kube-scheduler:v1.25.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 2237 2238 ## Changelog since v1.24.0 2239 2240 ## What's New (Major Themes) 2241 2242 ### PodSecurityPolicy is Removed, Pod Security Admission graduates to Stable 2243 2244 PodSecurityPolicy was initially [deprecated in v1.21](https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/), and with the release of v1.25, it has been removed. The updates required to improve its usability would have introduced breaking changes, so it became necessary to remove it in favor of a more friendly replacement. That replacement is [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/), which graduates to Stable with this release. If you are currently relying on PodSecurityPolicy, please follow the instructions for [migration to Pod Security Admission](https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/). 2245 2246 ### Ephemeral Containers Graduate to Stable 2247 2248 [Ephemeral Containers](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/) are containers that exist for only a limited time within an existing pod. This is particularly useful for troubleshooting when you need to examine another container but cannot use `kubectl exec` because that container has crashed or its image lacks debugging utilities. Ephemeral containers graduated to Beta in Kubernetes v1.23, and with this release, the feature graduates to Stable. 2249 2250 ### Support for cgroups v2 Graduates to Stable 2251 2252 It has been more than two years since the Linux kernel cgroups v2 API was declared stable. With some distributions now defaulting to this API, Kubernetes must support it to continue operating on those distributions. cgroups v2 offers several improvements over cgroups v1, for more information see the [cgroups v2](https://kubernetes.io/docs/concepts/architecture/cgroups/) documentation. While cgroups v1 will continue to be supported, this enhancement puts Kubernetes to be ready for eventual deprecation and replacement in favor of v2. 2253 2254 2255 ### Windows support improved 2256 2257 - [Performance dashboards](http://perf-dash.k8s.io/#/?jobname=soak-tests-capz-windows-2019) added support for Windows 2258 - [Unit tests](https://github.com/kubernetes/kubernetes/issues/51540) added support for Windows 2259 - [Conformance tests](https://github.com/kubernetes/kubernetes/pull/108592) added support for Windows 2260 - New repository created for [Windows Operational Readiness](https://github.com/kubernetes-sigs/windows-operational-readiness) 2261 2262 ### Moved container registry service from k8s.gcr.io to registry.k8s.io 2263 2264 [Moving container registry from k8s.gcr.io to registry.k8s.io](https://github.com/kubernetes/kubernetes/pull/109938) got merged. For more details, see the [wiki page](https://github.com/kubernetes/k8s.io/wiki/New-Registry-url-for-Kubernetes-\(registry.k8s.io\)), [announcement](https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c/m/oD9_Q8Q9AAAJ) was sent to the kubernetes development mailing list. 2265 2266 ### Promoted SeccompDefault to Beta 2267 2268 SeccompDefault promoted to beta, see the tutorial [Restrict a Container's Syscalls with seccomp](https://kubernetes.io/docs/tutorials/security/seccomp/#enable-the-use-of-runtimedefault-as-the-default-seccomp-profile-for-all-workloads) for more details. 2269 2270 ### Promoted endPort in Network Policy to Stable 2271 2272 Promoted `endPort` in [Network Policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/#targeting-a-range-of-ports) to GA. Network Policy providers that support `endPort` field now can use it to specify a range of ports to apply a Network Policy. Previously, each Network Policy could only target a single port. 2273 2274 Please be aware that `endPort` field **MUST BE SUPPORTED** by the Network Policy provider. If your provider does not support `endPort`, and this field is specified in a Network Policy, the Network Policy will be created covering only the port field (single port). 2275 2276 ### Promoted Local Ephemeral Storage Capacity Isolation to Stable 2277 The [Local Ephemeral Storage Capacity Isolation](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/361-local-ephemeral-storage-isolation) feature moved to GA. This was introduced as alpha in 1.8, moved to beta in 1.10, and it is now a stable feature. It provides support for capacity isolation of local ephemeral storage between pods, such as `EmptyDir`, so that a pod can be hard limited in its consumption of shared resources by evicting Pods if its consumption of local ephemeral storage exceeds that limit. 2278 2279 ### Promoted core CSI Migration to Stable 2280 2281 [CSI Migration](https://kubernetes.io/blog/2021/12/10/storage-in-tree-to-csi-migration-status-update/#quick-recap-what-is-csi-migration-and-why-migrate) is an ongoing effort that SIG Storage has been working on for a few releases. The goal is to move in-tree volume plugins to out-of-tree CSI drivers and eventually remove the in-tree volume plugins. The [core CSI Migration](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/625-csi-migration) feature moved to GA. CSI Migration for GCE PD and AWS EBS also moved to GA. CSI Migration for vSphere remains in beta (but is on by default). CSI Migration for Portworx moved to Beta (but is off-by-default). 2282 2283 2284 ### Promoted CSI Ephemeral Volume to Stable 2285 2286 The [CSI Ephemeral Volume](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/596-csi-inline-volumes) feature allows CSI volumes to be specified directly in the pod specification for ephemeral use cases. They can be used to inject arbitrary states, such as configuration, secrets, identity, variables or similar information, directly inside pods using a mounted volume. This was initially introduced in 1.15 as an alpha feature, and it moved to GA. This feature is used by some CSI drivers such as the [secret-store CSI driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver). 2287 2288 ### Promoted CRD Validation Expression Language to Beta 2289 2290 [CRD Validation Expression Language](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/2876-crd-validation-expression-language/README.mdv) is promoted to beta, which makes it possible to declare how custom resources are validated using the [Common Expression Language (CEL)](https://github.com/google/cel-spec). Please see the [validation rules](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules) guide. 2291 2292 ### Promoted Server Side Unknown Field Validation to Beta 2293 2294 Promoted the `ServerSideFieldValidation` feature gate to beta (on by default). This allows optionally triggering schema validation on the API server that errors when unknown fields are detected. This allows the removal of client-side validation from kubectl while maintaining the same core functionality of erroring out on requests that contain unknown or invalid fields. 2295 2296 2297 ### Introduced KMS v2 2298 2299 Introduce KMS v2alpha1 API to add performance, rotation, and observability improvements. Encrypt data at rest (ie Kubernetes `Secrets`) with DEK using AES-GCM instead of AES-CBC for kms data encryption. No user action is required. Reads with AES-GCM and AES-CBC will continue to be allowed. See the guide [Using a KMS provider for data encryption](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) for more information. 2300 2301 ### Kube-proxy images are now based on distroless images 2302 2303 In previous releases, kube-proxy container images were built using Debian as the base image. Starting with this release, the images are now built using [distroless](https://github.com/GoogleContainerTools/distroless). This change reduced image size by almost 50% and decreased the number of installed packages and files to only those strictly required for kube-proxy to do its job. 2304 2305 ## Known Issues 2306 2307 ### LocalStorageCapacityIsolationFSQuotaMonitoring ConfigMap rendering failure 2308 ConfigMap rendering [issue](https://github.com/kubernetes/kubernetes/issues/112081) was found in the 1.25.0 release. When ConfigMaps get updated within the API, they do not get rendered to the resulting pod's filesystem by the Kubelet. The feature has been [reverted to alpha](https://github.com/kubernetes/kubernetes/pull/112078) in the 1.25.1 release. 2309 2310 ## Urgent Upgrade Notes 2311 2312 ### (No, really, you MUST read this before you upgrade) 2313 2314 - Deprecated beta APIs scheduled for removal in 1.25 are no longer served. See https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-25 for more information. ([#108797](https://github.com/kubernetes/kubernetes/pull/108797), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Instrumentation and Testing] 2315 - Encrypted data with DEK using AES-GCM instead of AES-CBC for kms data encryption. No user action required. Reads with AES-GCM and AES-CBC will continue to be allowed. ([#111119](https://github.com/kubernetes/kubernetes/pull/111119), [@aramase](https://github.com/aramase)) 2316 - End-to-end testing has been migrated from Ginkgo v1 to v2. 2317 2318 When running test/e2e via the Ginkgo CLI, the v2 CLI must be used and `-timeout=24h` (or some other, suitable value) must be passed because the default timeout was reduced from 24h to 1h. When running it via `go test`, the corresponding `-args` parameter is `-ginkgo.timeout=24h`. To build the CLI in the Kubernetes repo, use `make all WHAT=github.com/onsi/ginkgo/v2/ginkgo`. 2319 Ginkgo V2 doesn't accept go test's `-parallel` flags to parallelize Ginkgo specs, please switch to use `ginkgo -p` or `ginkgo -procs=N` instead. ([#109111](https://github.com/kubernetes/kubernetes/pull/109111), [@chendave](https://github.com/chendave)) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage, Testing and Windows] 2320 - No action required; No API/CLI changed; Add new Windows Image Support ([#110333](https://github.com/kubernetes/kubernetes/pull/110333), [@liurupeng](https://github.com/liurupeng)) [SIG Cloud Provider and Windows] 2321 - The intree volume plugin flocker support was completely removed from Kubernetes. ([#111618](https://github.com/kubernetes/kubernetes/pull/111618), [@Jiawei0227](https://github.com/Jiawei0227)) 2322 - The intree volume plugin quobyte support has been completely removed from Kubernetes. ([#111619](https://github.com/kubernetes/kubernetes/pull/111619), [@Jiawei0227](https://github.com/Jiawei0227)) 2323 - The intree volume plugin storageos support has been completely removed from Kubernetes. ([#111620](https://github.com/kubernetes/kubernetes/pull/111620), [@Jiawei0227](https://github.com/Jiawei0227)) 2324 - There is a new OCI image registry (`registry.k8s.io`) that can be used to pull Kubernetes images. The old registry (`k8s.gcr.io`) will continue to be supported for the foreseeable future, but the new name should perform better because it frontends equivalent mirrors in other clouds. Please point your clusters to the new registry going forward. \n\nAdmission/Policy integrations that have an allowlist of registries need to include `registry.k8s.io` alongside `k8s.gcr.io`.\nAir-gapped environments and image garbage-collection configurations will need to update to pre-pull and preserve required images under `registry.k8s.io` as well as `k8s.gcr.io`. ([#109938](https://github.com/kubernetes/kubernetes/pull/109938), [@dims](https://github.com/dims)) 2325 2326 ## Changes by Kind 2327 2328 ### Deprecation 2329 2330 - API server's deprecated `--service-account-api-audiences` flag was removed. Use `--api-audiences` instead. ([#108624](https://github.com/kubernetes/kubernetes/pull/108624), [@ialidzhikov](https://github.com/ialidzhikov)) 2331 - Ginkgo.Measure has been deprecated in Ginkgo V2, switch to use gomega/gmeasure instead ([#111065](https://github.com/kubernetes/kubernetes/pull/111065), [@chendave](https://github.com/chendave)) [SIG Autoscaling and Testing] 2332 - Kube-controller-manager: Removed flags `deleting-pods-qps`, `deleting-pods-burst`, and `register-retry-count`. ([#109612](https://github.com/kubernetes/kubernetes/pull/109612), [@pandaamanda](https://github.com/pandaamanda)) 2333 - Kubeadm: during "upgrade apply/diff/node", in case the `ClusterConfiguration.imageRepository` stored in the "kubeadm-config" `ConfigMap` contains the legacy "k8s.gcr.io" repository, modify it to the new default "registry.k8s.io". Reflect the change in the in-cluster `ConfigMap` only during "upgrade apply". ([#110343](https://github.com/kubernetes/kubernetes/pull/110343), [@neolit123](https://github.com/neolit123)) 2334 - Kubeadm: graduated the kubeadm specific feature gate `UnversionedKubeletConfigMap` to GA and locked it to `true` by default. The kubelet related ConfigMap and RBAC rules are now locked to have a simplified naming `*kubelet-config` instead of the legacy naming `*kubelet-config-x.yy`, where `x.yy` was the version of the control plane. If you have previously used the old naming format with `UnversionedKubeletConfigMap=false`, you must manually copy the config map from `kube-system/kubelet-config-x.yy` to `kube-system/kubelet-config` before upgrading to `v1.25`. ([#110327](https://github.com/kubernetes/kubernetes/pull/110327), [@neolit123](https://github.com/neolit123)) 2335 - Kubeadm: stop applying the `node-role.kubernetes.io/master:NoSchedule` taint to control plane nodes for new clusters. Remove the taint from existing control plane nodes during "kubeadm upgrade apply" ([#110095](https://github.com/kubernetes/kubernetes/pull/110095), [@neolit123](https://github.com/neolit123)) 2336 - Support for the alpha seccomp annotations `seccomp.security.alpha.kubernetes.io/pod` and `container.seccomp.security.alpha.kubernetes.io`, deprecated since v1.19, was partially removed. Kubelets no longer support the annotations, use of the annotations in static pods is no longer supported, and the seccomp annotations are no longer auto-populated when pods with seccomp fields are created. Auto-population of the seccomp fields from the annotations is planned to be removed in 1.27. Pods should use the corresponding pod or container `securityContext.seccompProfile` field instead. ([#109819](https://github.com/kubernetes/kubernetes/pull/109819), [@saschagrunert](https://github.com/saschagrunert)) 2337 - The `gcp` and `azure` auth plugins have been removed from client-go and kubectl. See https://github.com/Azure/kubelogin and https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke ([#110013](https://github.com/kubernetes/kubernetes/pull/110013), [@enj](https://github.com/enj)) 2338 - The beta `PodSecurityPolicy` admission plugin, deprecated since 1.21, is removed. Follow the instructions at https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/ to migrate to the built-in PodSecurity admission plugin (or to another third-party policy webhook) prior to upgrading to v1.25. ([#109798](https://github.com/kubernetes/kubernetes/pull/109798), [@liggitt](https://github.com/liggitt)) 2339 - VSphere releases less than 7.0u2 are not supported for in-tree vSphere volume as of Kubernetes v1.25. Please consider upgrading vSphere (both ESXi and vCenter) to 7.0u2 or above. ([#111255](https://github.com/kubernetes/kubernetes/pull/111255), [@divyenpatel](https://github.com/divyenpatel)) 2340 - Windows winkernel kube-proxy no longer supports Windows HNS v1 APIs. ([#110957](https://github.com/kubernetes/kubernetes/pull/110957), [@papagalu](https://github.com/papagalu)) 2341 - GlusterFS provisioner (`kubernetes.io/glusterfs`) has been deprecated in this release. ([#111485](https://github.com/kubernetes/kubernetes/pull/111485), [@humblec](https://github.com/humblec)) 2342 2343 ### API Change 2344 2345 - Add `NodeInclusionPolicy` to `TopologySpreadConstraints` in PodSpec. ([#108492](https://github.com/kubernetes/kubernetes/pull/108492), [@kerthcet](https://github.com/kerthcet)) 2346 - Added KMS v2alpha1 support. ([#111126](https://github.com/kubernetes/kubernetes/pull/111126), [@aramase](https://github.com/aramase)) 2347 - Added a deprecated warning for node beta label usage in PV/SC/RC and CSI Storage Capacity. ([#108554](https://github.com/kubernetes/kubernetes/pull/108554), [@pacoxu](https://github.com/pacoxu)) 2348 - Added a new feature gate `CheckpointRestore` to enable support to checkpoint containers. If enabled it is possible to checkpoint a container using the newly kubelet API (/checkpoint/{podNamespace}/{podName}/{containerName}). ([#104907](https://github.com/kubernetes/kubernetes/pull/104907), [@adrianreber](https://github.com/adrianreber)) [SIG Node and Testing] 2349 - Added alpha support for user namespaces in pods phase 1 (KEP 127, feature gate: UserNamespacesStatelessPodsSupport) ([#111090](https://github.com/kubernetes/kubernetes/pull/111090), [@rata](https://github.com/rata)) 2350 - As of v1.25, the PodSecurity `restricted` level no longer requires pods that set .spec.os.name="windows" to also set Linux-specific securityContext fields. If a 1.25+ cluster has unsupported [out-of-skew](https://kubernetes.io/releases/version-skew-policy/#kubelet) nodes prior to v1.23 and wants to ensure namespaces enforcing the `restricted` policy continue to require Linux-specific securityContext fields on all pods, ensure a version of the `restricted` prior to v1.25 is selected by labeling the namespace (for example, `pod-security.kubernetes.io/enforce-version: v1.24`) ([#105919](https://github.com/kubernetes/kubernetes/pull/105919), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) 2351 - Changed ownership semantics of PersistentVolume's spec.claimRef from `atomic` to `granular`. ([#110495](https://github.com/kubernetes/kubernetes/pull/110495), [@alexzielenski](https://github.com/alexzielenski)) 2352 - Extended ContainerStatus CRI API to allow runtime response with container resource requests and limits that are in effect. 2353 - UpdateContainerResources CRI API now supports both Linux and Windows. ([#111645](https://github.com/kubernetes/kubernetes/pull/111645), [@vinaykul](https://github.com/vinaykul)) 2354 - For v1.25, Kubernetes will be using Golang 1.19, In this PR the version is updated to 1.19rc2 as GA is not yet available. ([#111254](https://github.com/kubernetes/kubernetes/pull/111254), [@dims](https://github.com/dims)) 2355 - Introduced NodeIPAM support for multiple ClusterCIDRs ([#2593](https://github.com/kubernetes/enhancements/issues/2593)) as an alpha feature. 2356 Set feature gate `MultiCIDRRangeAllocator=true`, determines whether the `MultiCIDRRangeAllocator` controller can be used, while the kube-controller-manager flag below will pick the active controller. 2357 Enabled the `MultiCIDRRangeAllocator` by setting `--cidr-allocator-type=MultiCIDRRangeAllocator` flag in kube-controller-manager. ([#109090](https://github.com/kubernetes/kubernetes/pull/109090), [@sarveshr7](https://github.com/sarveshr7)) 2358 - Introduced PodHasNetwork condition for pods. ([#111358](https://github.com/kubernetes/kubernetes/pull/111358), [@ddebroy](https://github.com/ddebroy)) 2359 - Introduced support for handling pod failures with respect to the configured pod failure policy rules. ([#111113](https://github.com/kubernetes/kubernetes/pull/111113), [@mimowo](https://github.com/mimowo)) 2360 - Introduction of the `DisruptionTarget` pod condition type. Its `reason` field indicates the reason for pod termination: 2361 - PreemptionByKubeScheduler (Pod preempted by kube-scheduler) 2362 - DeletionByTaintManager (Pod deleted by taint manager due to NoExecute taint) 2363 - EvictionByEvictionAPI (Pod evicted by Eviction API) 2364 - DeletionByPodGC (an orphaned Pod deleted by PodGC) ([#110959](https://github.com/kubernetes/kubernetes/pull/110959), [@mimowo](https://github.com/mimowo)) 2365 - Kube-Scheduler ComponentConfig is graduated to GA, `kubescheduler.config.k8s.io/v1` is available now. 2366 Plugin `SelectorSpread` is removed in v1. ([#110534](https://github.com/kubernetes/kubernetes/pull/110534), [@kerthcet](https://github.com/kerthcet)) 2367 - Local Storage Capacity Isolation feature is GA in 1.25 release. For systems (rootless) that cannot check root file system, please use kubelet config --local-storage-capacity-isolation=false to disable this feature. Once disabled, pod cannot set local ephemeral storage request/limit, and emptyDir sizeLimit niether. ([#111513](https://github.com/kubernetes/kubernetes/pull/111513), [@jingxu97](https://github.com/jingxu97)) 2368 - Make PodSpec.Ports' description clearer on how this information is only informational and how it can be incorrect. ([#110564](https://github.com/kubernetes/kubernetes/pull/110564), [@j4m3s-s](https://github.com/j4m3s-s)) [SIG API Machinery, Network and Node] 2369 - On compatible systems, a mounter's Unmount implementation is changed to not return an error when the specified target can be detected as not a mount point. On Linux, the behavior of detecting a mount point depends on `umount` command is validated when the mounter is created. Additionally, mount point checks will be skipped in CleanupMountPoint/CleanupMountWithForce if the mounter's Unmount having the changed behavior of not returning error when target is not a mount point. ([#109676](https://github.com/kubernetes/kubernetes/pull/109676), [@cartermckinnon](https://github.com/cartermckinnon)) [SIG Storage] 2370 - PersistentVolumeClaim objects are no longer left with storage class set to `nil` forever, but will be updated retroactively once any StorageClass is set or created as default. ([#111467](https://github.com/kubernetes/kubernetes/pull/111467), [@RomanBednar](https://github.com/RomanBednar)) 2371 - Promote StatefulSet minReadySeconds to GA. This means `--feature-gates=StatefulSetMinReadySeconds=true` are not needed on kube-apiserver and kube-controller-manager binaries and they'll be removed soon following policy at https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation ([#110896](https://github.com/kubernetes/kubernetes/pull/110896), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG API Machinery, Apps and Testing] 2372 - Promoted CronJob's TimeZone support to beta. ([#111435](https://github.com/kubernetes/kubernetes/pull/111435), [@soltysh](https://github.com/soltysh)) 2373 - Promoted DaemonSet MaxSurge to GA. This means `--feature-gates=DaemonSetUpdateSurge=true` are not needed on kube-apiserver and kube-controller-manager binaries and they'll be removed soon following policy at https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation . ([#111194](https://github.com/kubernetes/kubernetes/pull/111194), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) 2374 - Scheduler: included supported ScoringStrategyType list in error message for NodeResourcesFit plugin ([#111206](https://github.com/kubernetes/kubernetes/pull/111206), [@SataQiu](https://github.com/SataQiu)) 2375 - The Go API for logging configuration in `k8s.io/component-base` was moved to `k8s.io/component-base/logs/api/v1`. The configuration file format and command line flags are the same as before. ([#105797](https://github.com/kubernetes/kubernetes/pull/105797), [@pohly](https://github.com/pohly)) 2376 - The Pod `spec.podOS` field is promoted to GA. The `IdentifyPodOS` feature gate unconditionally enabled, and will no longer be accepted as a `--feature-gates` parameter in 1.27. ([#111229](https://github.com/kubernetes/kubernetes/pull/111229), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) 2377 - The PodTopologySpread is respected after rolling upgrades. ([#111441](https://github.com/kubernetes/kubernetes/pull/111441), [@denkensk](https://github.com/denkensk)) 2378 - The `CSIInlineVolume` feature has moved from beta to GA. ([#111258](https://github.com/kubernetes/kubernetes/pull/111258), [@dobsonj](https://github.com/dobsonj)) 2379 - The `PodSecurity` admission plugin has graduated to GA and is enabled by default. The admission configuration version has been promoted to `pod-security.admission.config.k8s.io/v1`. ([#110459](https://github.com/kubernetes/kubernetes/pull/110459), [@wangyysde](https://github.com/wangyysde)) 2380 - The `endPort` field in Network Policy is now promoted to GA 2381 2382 Network Policy providers that support `endPort` field now can use it to specify a range of ports to apply a Network Policy. 2383 2384 Previously, each Network Policy could only target a single port. 2385 2386 Please be aware that `endPort` field MUST BE SUPPORTED by the Network Policy provider. In case your provider does not support `endPort` and this field is specified in a Network Policy, the Network Policy will be created covering only the port field (single port). ([#110868](https://github.com/kubernetes/kubernetes/pull/110868), [@rikatz](https://github.com/rikatz)) 2387 - The `metadata.clusterName` field is completely removed. This should not have any user-visible impact. ([#109602](https://github.com/kubernetes/kubernetes/pull/109602), [@lavalamp](https://github.com/lavalamp)) 2388 - The `minDomains` field in Pod Topology Spread is graduated to beta ([#110388](https://github.com/kubernetes/kubernetes/pull/110388), [@sanposhiho](https://github.com/sanposhiho)) [SIG API Machinery and Apps] 2389 - The command line flag `enable-taint-manager` for kube-controller-manager is deprecated and will be removed in 1.26. The feature that it supports, taint based eviction, is enabled by default and will continue to be implicitly enabled when the flag is removed. ([#111411](https://github.com/kubernetes/kubernetes/pull/111411), [@alculquicondor](https://github.com/alculquicondor)) 2390 - This release added support for `NodeExpandSecret` for CSI driver client which enables the CSI drivers to make use of this secret while performing node expansion operation based on the user request. Previously there was no secret provided as part of the `nodeexpansion` call, thus CSI drivers did not make use of the same while expanding the volume at the node side. ([#105963](https://github.com/kubernetes/kubernetes/pull/105963), [@zhucan](https://github.com/zhucan)) 2391 - [Ephemeral Containers](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/) are now generally available (GA). The `EphemeralContainers` feature gate is always enabled and should be removed from `--feature-gates` flag on the kube-apiserver and the kubelet command lines. The `EphemeralContainers` feature gate is [deprecated and scheduled for removal](https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation) in a future release. ([#111402](https://github.com/kubernetes/kubernetes/pull/111402), [@verb](https://github.com/verb)) 2392 2393 ### Feature 2394 2395 - Added KMS `v2alpha1` API. ([#110201](https://github.com/kubernetes/kubernetes/pull/110201), [@aramase](https://github.com/aramase)) 2396 - Added Service Account field in the output of `kubectl describe pod` command. ([#111192](https://github.com/kubernetes/kubernetes/pull/111192), [@aufarg](https://github.com/aufarg)) 2397 - Added a new `align-by-socket` policy option to cpu manager `static` policy. When enabled CPU's to be aligned at socket boundary rather than NUMA boundary. ([#111278](https://github.com/kubernetes/kubernetes/pull/111278), [@arpitsardhana](https://github.com/arpitsardhana)) 2398 - Added container probe duration metrics. ([#104484](https://github.com/kubernetes/kubernetes/pull/104484), [@jackfrancis](https://github.com/jackfrancis)) 2399 - Added new flags into alpha events such as --output, --types, --no-headers. ([#110007](https://github.com/kubernetes/kubernetes/pull/110007), [@ardaguclu](https://github.com/ardaguclu)) 2400 - Added sum feature to `kubectl top pod` ([#105100](https://github.com/kubernetes/kubernetes/pull/105100), [@lauchokyip](https://github.com/lauchokyip)) 2401 - Added the `Apply` and `ApplyStatus` methods to the dynamic `ResourceInterface` ([#109443](https://github.com/kubernetes/kubernetes/pull/109443), [@kevindelgado](https://github.com/kevindelgado)) 2402 - Feature gate `CSIMigration` was locked to enabled. `CSIMigration` is GA now. The feature gate will be removed in `v1.27`. ([#110410](https://github.com/kubernetes/kubernetes/pull/110410), [@Jiawei0227](https://github.com/Jiawei0227)) 2403 - Feature gate `ProbeTerminationGracePeriod` is enabled by default. ([#108541](https://github.com/kubernetes/kubernetes/pull/108541), [@kerthcet](https://github.com/kerthcet)) 2404 - Ginkgo: when e2e tests are invoked through ginkgo-e2e.sh, the default now is to use color escape sequences only when connected to a terminal. `GINKGO_NO_COLOR=y/n` can be used to override that default. ([#111633](https://github.com/kubernetes/kubernetes/pull/111633), [@pohly](https://github.com/pohly)) 2405 - Graduated SeccompDefault to `beta`. The Kubelet feature gate is now enabled by default and the configuration/CLI flag still defaults to `false`. ([#110805](https://github.com/kubernetes/kubernetes/pull/110805), [@saschagrunert](https://github.com/saschagrunert)) [SIG Node and Testing] 2406 - Graduated ServerSideFieldValidation to `beta`. Schema validation is performed server-side and requests will receive warnings for any invalid/unknown fields by default. ([#110178](https://github.com/kubernetes/kubernetes/pull/110178), [@kevindelgado](https://github.com/kevindelgado)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing] 2407 - Graduated `CustomResourceValidationExpressions` to `beta`. The `CustomResourceValidationExpressions` feature gate is now enabled by default. ([#111524](https://github.com/kubernetes/kubernetes/pull/111524), [@cici37](https://github.com/cici37)) 2408 - Graduated `ServiceIPStaticSubrange` feature to Beta (disabled by default). ([#110419](https://github.com/kubernetes/kubernetes/pull/110419), [@aojea](https://github.com/aojea)) 2409 - If a Pod has a DisruptionTarget condition with status=True for more than 2 minutes without getting a DeletionTimestamp, the control plane resets it to status=False. ([#111475](https://github.com/kubernetes/kubernetes/pull/111475), [@alculquicondor](https://github.com/alculquicondor)) 2410 - In "large" clusters, kube-proxy in iptables mode will now sometimes 2411 leave unused rules in iptables for a while (up to `--iptables-sync-period`) 2412 before deleting them. This improves performance by not requiring it to 2413 check for stale rules on every sync. (In smaller clusters, it will still 2414 remove unused rules immediately once they are no longer used.) 2415 2416 (The threshold for "large" used here is currently "1000 endpoints" but 2417 this is subject to change.) ([#110334](https://github.com/kubernetes/kubernetes/pull/110334), [@danwinship](https://github.com/danwinship)) 2418 - Kube-up now includes CoreDNS version v1.9.3. ([#110488](https://github.com/kubernetes/kubernetes/pull/110488), [@mzaian](https://github.com/mzaian)) 2419 - Kubeadm: Added support for additional authentication strategies in `kubeadm join` with discovery/kubeconfig file: client-go authentication plugins (`exec`), `tokenFile`, and `authProvider.` ([#110553](https://github.com/kubernetes/kubernetes/pull/110553), [@tallaxes](https://github.com/tallaxes)) 2420 - Kubeadm: Update CoreDNS to v1.9.3. ([#110489](https://github.com/kubernetes/kubernetes/pull/110489), [@pacoxu](https://github.com/pacoxu)) 2421 - Kubeadm: added support for the flag `--print-manifest` to the addon phases `kube-proxy` and `coredns` of `kubeadm init phase addon`. If this flag is `usedkubeadm` will not apply a given addon and instead print to the terminal the API objects that will be applied. ([#109995](https://github.com/kubernetes/kubernetes/pull/109995), [@wangyysde](https://github.com/wangyysde)) 2422 - Kubeadm: enhanced the "patches" functionality to be able to patch kubelet config files containing `v1beta1.KubeletConfiguration`. The new patch target is called `kubeletconfiguration` (e.g. patch file `kubeletconfiguration+json.json`).This makes it possible to apply node specific KubeletConfiguration options during `init`, `join` and `upgrade`, while the main `KubeletConfiguration` that is passed to `init` as part of the `--config` file can still act as the global stored in the cluster `KubeletConfiguration`. ([#110405](https://github.com/kubernetes/kubernetes/pull/110405), [@neolit123](https://github.com/neolit123)) 2423 - Kubeadm: make sure the etcd static pod startup probe uses /health?serializable=false while the liveness probe uses /health?serializable=true&exclude=NOSPACE. The NOSPACE exclusion would allow administrators to address space issues one member at a time. ([#110744](https://github.com/kubernetes/kubernetes/pull/110744), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] 2424 - Kubeadm: modified the etcd static Pod `liveness` and `readiness` probes to use a new etcd `v3.5.3+` HTTP(s) health check endpoint `/health?serializable=true` that allows to track the health of individual etcd members and not fail all members if a single member is not healthy in the etcd cluster. ([#110072](https://github.com/kubernetes/kubernetes/pull/110072), [@neolit123](https://github.com/neolit123)) 2425 - Kubeadm: support experimental JSON/YAML output for `kubeadm upgrade plan` with the `--output` flag. ([#108447](https://github.com/kubernetes/kubernetes/pull/108447), [@pacoxu](https://github.com/pacoxu)) 2426 - Kubeadm: the preferred pod anti-affinity for CoreDNS is now enabled by default. ([#110593](https://github.com/kubernetes/kubernetes/pull/110593), [@SataQiu](https://github.com/SataQiu)) 2427 - Kubectl: support multiple resources for kubectl rollout status. ([#108777](https://github.com/kubernetes/kubernetes/pull/108777), [@pjo256](https://github.com/pjo256)) 2428 - Kubernetes is now built with Golang 1.18.2. ([#110043](https://github.com/kubernetes/kubernetes/pull/110043), [@cpanato](https://github.com/cpanato)) 2429 - Kubernetes is now built with Golang 1.18.3 ([#110421](https://github.com/kubernetes/kubernetes/pull/110421), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 2430 - Kubernetes is now built with Golang 1.19.0. ([#111679](https://github.com/kubernetes/kubernetes/pull/111679), [@puerco](https://github.com/puerco)) 2431 - Lock CSIMigrationAzureDisk feature gate to default. ([#110491](https://github.com/kubernetes/kubernetes/pull/110491), [@andyzhangx](https://github.com/andyzhangx)) 2432 - Metric `running_managed_controllers` is enabled for Cloud Node Lifecycle controller. ([#111033](https://github.com/kubernetes/kubernetes/pull/111033), [@jprzychodzen](https://github.com/jprzychodzen)) 2433 - Metric `running_managed_controllers` is enabled for Node IPAM controller in KCM. ([#111466](https://github.com/kubernetes/kubernetes/pull/111466), [@jprzychodzen](https://github.com/jprzychodzen)) 2434 - Metric `running_managed_controllers` is enabled for Route,Service and Cloud Node controllers in KCM and CCM. ([#111462](https://github.com/kubernetes/kubernetes/pull/111462), [@jprzychodzen](https://github.com/jprzychodzen)) 2435 - New `KUBECACHEDIR` environment variable was introduced to override default discovery cache directory which is `$HOME/.kube/cache`. ([#109479](https://github.com/kubernetes/kubernetes/pull/109479), [@ardaguclu](https://github.com/ardaguclu)) 2436 - Pod SecurityContext and PodSecurityPolicy supports slash as sysctl separator. ([#106834](https://github.com/kubernetes/kubernetes/pull/106834), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG Apps, Architecture, Auth, Node, Security and Testing] 2437 - Promoted LocalStorageCapacityIsolationFSQuotaMonitoring to beta. ([#107329](https://github.com/kubernetes/kubernetes/pull/107329), [@pacoxu](https://github.com/pacoxu)) 2438 - Promoted the `CSIMigrationPortworx` feature gate to Beta. ([#110411](https://github.com/kubernetes/kubernetes/pull/110411), [@trierra](https://github.com/trierra)) 2439 - Return a warning when applying a `pod-security.kubernetes.io` label to a PodSecurity-exempted namespace. 2440 Stop including the `pod-security.kubernetes.io/exempt=namespace` audit annotation on namespace requests. ([#109680](https://github.com/kubernetes/kubernetes/pull/109680), [@tallclair](https://github.com/tallclair)) 2441 - The new flag `etcd-ready-timeout` has been added. It configures a timeout of an additional etcd check performed as part of readyz check. ([#111399](https://github.com/kubernetes/kubernetes/pull/111399), [@Argh4k](https://github.com/Argh4k)) 2442 - The TopologySpreadConstraints will be shown in describe command for pods, deployments, daemonsets, etc. ([#109563](https://github.com/kubernetes/kubernetes/pull/109563), [@ardaguclu](https://github.com/ardaguclu)) 2443 - The `kubectl diff` changed to ignore managed fields by default, and a new --show-managed-fields flag has been added to allow you to include managed fields in the diff. ([#111319](https://github.com/kubernetes/kubernetes/pull/111319), [@brianpursley](https://github.com/brianpursley)) 2444 - The beta feature `ServiceIPStaticSubrange` is now enabled by default. ([#110703](https://github.com/kubernetes/kubernetes/pull/110703), [@aojea](https://github.com/aojea)) 2445 - Updated base image for Windows pause container images to one built on Windows machines to address limitations of building Windows container images on Linux machines. ([#110379](https://github.com/kubernetes/kubernetes/pull/110379), [@marosset](https://github.com/marosset)) 2446 - Updated cAdvisor to v0.45.0. ([#111647](https://github.com/kubernetes/kubernetes/pull/111647), [@bobbypage](https://github.com/bobbypage)) 2447 - Updated debian-base, debian-iptables, and setcap images: 2448 - debian-base:bullseye-v1.3.0 2449 - debian-iptables:bullseye-v1.4.0 2450 - setcap:bullseye-v1.3.0 ([#110558](https://github.com/kubernetes/kubernetes/pull/110558), [@wespanther](https://github.com/wespanther)) 2451 - When using the OpenStack legacy cloud provider, kubelet and KCM will ignore unknown configuration directives rather than failing to start. ([#109709](https://github.com/kubernetes/kubernetes/pull/109709), [@mdbooth](https://github.com/mdbooth)) 2452 - ` JobTrackingWithFinalizers` enabled by default. This feature allows to keep track of the Job progress without relying on Pods staying in the apiserver. 2453 ([#110948](https://github.com/kubernetes/kubernetes/pull/110948), [@alculquicondor](https://github.com/alculquicondor)) 2454 - `CSIMigrationAWS` upgraded to GA and locked to true. 2455 ([#111479](https://github.com/kubernetes/kubernetes/pull/111479), [@wongma7](https://github.com/wongma7)) 2456 - `CSIMigrationGCE` upgraded to GA and locked to true. 2457 ([#111301](https://github.com/kubernetes/kubernetes/pull/111301), [@mattcary](https://github.com/mattcary)) 2458 - `CSIMigrationvSphere` feature is now enabled by default. 2459 ([#103523](https://github.com/kubernetes/kubernetes/pull/103523), [@divyenpatel](https://github.com/divyenpatel)) 2460 - `MaxUnavailable` for `StatefulSets`, allows faster `RollingUpdate` by taking down more than 1 pod at a time. 2461 The number of pods you want to take down during a `RollingUpdate` is configurable using `maxUnavailable` parameter. 2462 ([#109251](https://github.com/kubernetes/kubernetes/pull/109251), [@krmayankk](https://github.com/krmayankk)) 2463 - The `gcp` and `azure` auth plugins have been restored to client-go and kubectl until https://issue.k8s.io/111911 is resolved in supported kubectl minor versions. ([#111918](https://github.com/kubernetes/kubernetes/pull/111918), [@liggitt](https://github.com/liggitt)) 2464 2465 ### Documentation 2466 2467 - EndpointSlices with Pod referencing Nodes that don't exist couldn't be created or updated. The behavior on the EndpointSlice controller has been modified to update the EndpointSlice without the Pods that reference non-existing Nodes and keep retrying until all Pods reference existing Nodes. However, if `service.Spec.PublishNotReadyAddresses` is set, all the Pods are published without retrying. Fixed EndpointSlices metrics to reflect correctly the number of desired EndpointSlices when no endpoints are present. ([#110639](https://github.com/kubernetes/kubernetes/pull/110639), [@aojea](https://github.com/aojea)) 2468 - Optimization of kubectl Chinese translation ([#110538](https://github.com/kubernetes/kubernetes/pull/110538), [@hwdef](https://github.com/hwdef)) [SIG CLI] 2469 2470 ### Failing Test 2471 2472 - E2e tests: fixed bug in the e2e image `agnhost:2.38` which hangs instead of exiting if a `SIGTERM` signal is received and the `shutdown-delay` option is `0`. ([#110214](https://github.com/kubernetes/kubernetes/pull/110214), [@aojea](https://github.com/aojea)) 2473 - In-tree GCE PD test cases no longer run in Kubernetes testing harness anymore (side effect of switching on CSI migration in 1.22). Please switch on the environment variable `ENABLE_STORAGE_GCE_PD_DRIVER` to `yes` if you need to run these tests. ([#109541](https://github.com/kubernetes/kubernetes/pull/109541), [@dims](https://github.com/dims)) 2474 2475 ### Bug or Regression 2476 2477 - A bug was fixed where a job sync was not retried in case of a transient ResourceQuota conflict. ([#111026](https://github.com/kubernetes/kubernetes/pull/111026), [@alculquicondor](https://github.com/alculquicondor)) 2478 - A change of a failed job condition status to `False` does not result in duplicate conditions. ([#110292](https://github.com/kubernetes/kubernetes/pull/110292), [@mimowo](https://github.com/mimowo)) 2479 - Added error message "dry-run can not be used when --force is set" when dry-run and force flags are set in replace command. ([#110326](https://github.com/kubernetes/kubernetes/pull/110326), [@ardaguclu](https://github.com/ardaguclu)) 2480 - Added the latest GCE pinhole firewall feature, which introduces `destination-ranges` in the ingress `firewall-rules`. It restricts access to the backend IPs by allowing traffic through `ILB` or `NetLB` only. This change does **NOT** change the existing `ILB` or `NetLB` behavior. ([#109510](https://github.com/kubernetes/kubernetes/pull/109510), [@sugangli](https://github.com/sugangli)) 2481 - Allow expansion of ephemeral volumes ([#109987](https://github.com/kubernetes/kubernetes/pull/109987), [@gnufied](https://github.com/gnufied)) [SIG Node and Storage] 2482 - Apiserver: fixed audit of loading more than one webhooks. ([#110145](https://github.com/kubernetes/kubernetes/pull/110145), [@sxllwx](https://github.com/sxllwx)) 2483 - Bug fix in test/e2e/framework Framework.RecordFlakeIfError ([#111048](https://github.com/kubernetes/kubernetes/pull/111048), [@alingse](https://github.com/alingse)) [SIG Testing] 2484 - Client-go: fixed an error in the fake client when creating API requests are submitted to subresources like `pods/eviction`. ([#110425](https://github.com/kubernetes/kubernetes/pull/110425), [@LY-today](https://github.com/LY-today)) 2485 - Do not raise an error when setting a label with the same value, ignore it. ([#105936](https://github.com/kubernetes/kubernetes/pull/105936), [@zigarn](https://github.com/zigarn)) 2486 - Do not report terminated container metrics ([#110950](https://github.com/kubernetes/kubernetes/pull/110950), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Node] 2487 - EndpointSlices marked for deletion are now ignored during reconciliation. ([#109624](https://github.com/kubernetes/kubernetes/pull/109624), [@aryan9600](https://github.com/aryan9600)) 2488 - Etcd: Update to v3.5.4 ([#110033](https://github.com/kubernetes/kubernetes/pull/110033), [@mk46](https://github.com/mk46)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing] 2489 - Faster mount detection for linux kernel 5.10+ using openat2 speeding up pod churn rates. On Kernel versions less 5.10, it will fallback to using the original way of detecting mount points i.e by parsing /proc/mounts. ([#109217](https://github.com/kubernetes/kubernetes/pull/109217), [@manugupt1](https://github.com/manugupt1)) 2490 - FibreChannel volume plugin may match the wrong device and wrong associated devicemapper parent. This may cause a disaster that pods attach wrong disks. ([#110719](https://github.com/kubernetes/kubernetes/pull/110719), [@xakdwch](https://github.com/xakdwch)) 2491 - Fix a bug where CRI implementations that use cAdvisor stats provider (CRI-O) don't evict pods when their logs exceed ephemeral storage limit. ([#108115](https://github.com/kubernetes/kubernetes/pull/108115), [@haircommander](https://github.com/haircommander)) [SIG Node] 2492 - Fix a bug where metrics are not recorded during Preemption(PostFilter). ([#108727](https://github.com/kubernetes/kubernetes/pull/108727), [@sanposhiho](https://github.com/sanposhiho)) [SIG Scheduling] 2493 - Fix a data race in authentication between AuthenticatedGroupAdder and cached token authenticator. ([#109969](https://github.com/kubernetes/kubernetes/pull/109969), [@sttts](https://github.com/sttts)) [SIG API Machinery and Auth] 2494 - Fix bug that prevented the job controller from enforcing activeDeadlineSeconds when set. ([#110294](https://github.com/kubernetes/kubernetes/pull/110294), [@harshanarayana](https://github.com/harshanarayana)) 2495 - Fix for volume reconstruction of CSI ephemeral volumes ([#108997](https://github.com/kubernetes/kubernetes/pull/108997), [@dobsonj](https://github.com/dobsonj)) [SIG Node, Storage and Testing] 2496 - Fix incorrectly report scope for request_duration_seconds and request_slo_duration_seconds metrics for POST custom resources API calls. ([#110009](https://github.com/kubernetes/kubernetes/pull/110009), [@azylinski](https://github.com/azylinski)) [SIG Instrumentation] 2497 - Fix printing resources with int64 fields ([#110408](https://github.com/kubernetes/kubernetes/pull/110408), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] 2498 - Fix spurious kube-apiserver log warnings related to openapi v3 merging when creating or modifying CustomResourceDefinition objects ([#109880](https://github.com/kubernetes/kubernetes/pull/109880), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery and Testing] 2499 - Fix the bug that reported incorrect metrics for the cluster IP allocator. ([#110027](https://github.com/kubernetes/kubernetes/pull/110027), [@tksm](https://github.com/tksm)) 2500 - Fixed JobTrackingWithFinalizers when a pod succeeds after the job is considered failed, which led to API conflicts that blocked finishing the job. ([#111646](https://github.com/kubernetes/kubernetes/pull/111646), [@alculquicondor](https://github.com/alculquicondor)) 2501 - Fixed `JobTrackingWithFinalizers` that: 2502 - was declaring a job finished before counting all the created pods in the status 2503 - was leaving pods with finalizers, blocking pod and job deletions 2504 `JobTrackingWithFinalizers` is still disabled by default. ([#109486](https://github.com/kubernetes/kubernetes/pull/109486), [@alculquicondor](https://github.com/alculquicondor)) 2505 - Fixed `NeedResize` build failure on Windows. ([#109721](https://github.com/kubernetes/kubernetes/pull/109721), [@andyzhangx](https://github.com/andyzhangx)) 2506 - Fixed a bug in `kubectl` that caused the wrong result length when using `--chunk-size` and `--selector` together. ([#110652](https://github.com/kubernetes/kubernetes/pull/110652), [@Abirdcfly](https://github.com/Abirdcfly)) 2507 - Fixed a bug involving Services of type `LoadBalancer` with multiple IPs and a `LoadBalancerSourceRanges` that overlaps the node IP. ([#109826](https://github.com/kubernetes/kubernetes/pull/109826), [@danwinship](https://github.com/danwinship)) 2508 - Fixed a bug which could have allowed an improperly annotated LoadBalancer service to become active. ([#109601](https://github.com/kubernetes/kubernetes/pull/109601), [@mdbooth](https://github.com/mdbooth)) 2509 - Fixed a kubelet issue that could result in invalid pod status updates to be sent to the api-server where pods would be reported in a terminal phase but also report a ready condition of true in some cases. ([#110256](https://github.com/kubernetes/kubernetes/pull/110256), [@bobbypage](https://github.com/bobbypage)) 2510 - Fixed an issue on Windows nodes where `HostProcess` containers may not be created as expected. ([#110140](https://github.com/kubernetes/kubernetes/pull/110140), [@marosset](https://github.com/marosset)) 2511 - Fixed bug where CSI migration doesn't count inline volumes for attach limit. ([#107787](https://github.com/kubernetes/kubernetes/pull/107787), [@Jiawei0227](https://github.com/Jiawei0227)) 2512 - Fixed error "dbus: connection closed by user" after dbus daemon restarts. ([#110496](https://github.com/kubernetes/kubernetes/pull/110496), [@kolyshkin](https://github.com/kolyshkin)) 2513 - Fixed image pull failure when `IMDS` is unavailable in kubelet startup. ([#110523](https://github.com/kubernetes/kubernetes/pull/110523), [@andyzhangx](https://github.com/andyzhangx)) 2514 - Fixed memory leak in the job controller related to `JobTrackingWithFinalizers`. ([#111721](https://github.com/kubernetes/kubernetes/pull/111721), [@alculquicondor](https://github.com/alculquicondor)) 2515 - Fixed mounting of iSCSI volumes over IPv6 networks. ([#110688](https://github.com/kubernetes/kubernetes/pull/110688), [@jsafrane](https://github.com/jsafrane)) 2516 - Fixed performance issue when creating large objects using SSA with fully unspecified schemas ( preserveUnknownFields ). ([#111557](https://github.com/kubernetes/kubernetes/pull/111557), [@alexzielenski](https://github.com/alexzielenski)) 2517 - Fixed s.RuntimeCgroups error condition and Fixed possible wrong log print. ([#110648](https://github.com/kubernetes/kubernetes/pull/110648), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) 2518 - Fixed scheduling of **CronJob** with `@every X` schedules. ([#109250](https://github.com/kubernetes/kubernetes/pull/109250), [@d-honeybadger](https://github.com/d-honeybadger)) 2519 - Fixed strict server-side field validation treating `metadata` fields as unknown fields. ([#109268](https://github.com/kubernetes/kubernetes/pull/109268), [@liggitt](https://github.com/liggitt)) 2520 - Fixed the GCE firewall update when the destination IPs are changing so that firewalls reflect the IP updates of the LBs. ([#111186](https://github.com/kubernetes/kubernetes/pull/111186), [@sugangli](https://github.com/sugangli)) 2521 - Fixed the bug that a `ServiceIPStaticSubrange` enabled cluster assigns duplicate IP addresses when the dynamic block is exhausted. ([#109928](https://github.com/kubernetes/kubernetes/pull/109928), [@tksm](https://github.com/tksm)) 2522 - For scheduler plugin developers: the scheduler framework's shared PodInformer is now initialized with empty indexers. This enables scheduler plugins to add their extra indexers. Note that only non-conflict indexers are allowed to be added. ([#110663](https://github.com/kubernetes/kubernetes/pull/110663), [@fromanirh](https://github.com/fromanirh)) [SIG Scheduling] 2523 - If the parent directory of the file specified in the `--audit-log-path` argument does not exist, Kubernetes now creates it. ([#110813](https://github.com/kubernetes/kubernetes/pull/110813), [@vpnachev](https://github.com/vpnachev)) [SIG Auth] 2524 - Informer/reflector callers can now catch and unwrap specific API errors by type. ([#110076](https://github.com/kubernetes/kubernetes/pull/110076), [@karlkfi](https://github.com/karlkfi)) 2525 - Kube-apiserver: Get, GetList and Watch requests that should be served by the apiserver cacher during shutdown will be rejected to avoid a deadlock situation leaving requests hanging. ([#108414](https://github.com/kubernetes/kubernetes/pull/108414), [@aojea](https://github.com/aojea)) 2526 - Kubeadm: Fixed duplicate `unix://` prefix in node annotation. ([#110656](https://github.com/kubernetes/kubernetes/pull/110656), [@pacoxu](https://github.com/pacoxu)) 2527 - Kubeadm: a bug was fixed due to which configurable `KubernetesVersion` was not being respected during kubeadm join. ([#110791](https://github.com/kubernetes/kubernetes/pull/110791), [@SataQiu](https://github.com/SataQiu)) 2528 - Kubeadm: enabled the --experimental-watch-progress-notify-interval flag for etcd and set it to 5s. The flag specifies an interval at which etcd sends watch data to the kube-apiserver. ([#111383](https://github.com/kubernetes/kubernetes/pull/111383), [@p0lyn0mial](https://github.com/p0lyn0mial)) 2529 - Kubeadm: now sets the host `OS` environment variables when executing `crictl` during image pulls. This fixed a bug where `*PROXY` environment variables did not affect `crictl` internet connectivity. ([#110134](https://github.com/kubernetes/kubernetes/pull/110134), [@mk46](https://github.com/mk46)) 2530 - Kubeadm: only taint control plane nodes when the legacy "master" taint is present. This avoids the bug where "kubeadm upgrade" will re-taint a control plane node with the new "control plane" taint even if the user explicitly untainted the node. ([#109840](https://github.com/kubernetes/kubernetes/pull/109840), [@neolit123](https://github.com/neolit123)) 2531 - Kubeadm: respect user specified image repository when using Kubernetes ci version ([#111017](https://github.com/kubernetes/kubernetes/pull/111017), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 2532 - Kubeadm: support retry mechanism for removing container in reset phase ([#110837](https://github.com/kubernetes/kubernetes/pull/110837), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 2533 - Kubelet: added log for volume metric collection taking too long ([#107490](https://github.com/kubernetes/kubernetes/pull/107490), [@pacoxu](https://github.com/pacoxu)) 2534 - Kubelet: added retry of checking Unix domain sockets on Windows nodes for the plugin registration mechanism. ([#110075](https://github.com/kubernetes/kubernetes/pull/110075), [@luckerby](https://github.com/luckerby)) 2535 - Kubelet: added validation for labels provided with --node-labels. Malformed labels will result in errors. ([#109263](https://github.com/kubernetes/kubernetes/pull/109263), [@FeLvi-zzz](https://github.com/FeLvi-zzz)) 2536 - Kubelet: wait for node allocatable ephemeral-storage data. ([#101882](https://github.com/kubernetes/kubernetes/pull/101882), [@jackfrancis](https://github.com/jackfrancis)) 2537 - Kubernetes now correctly handles "search ." in the host's resolv.conf file by preserving the "." entry in the "resolv.conf" that the kubelet writes to pods. ([#109441](https://github.com/kubernetes/kubernetes/pull/109441), [@Miciah](https://github.com/Miciah)) [SIG Network and Node] 2538 - Made usage of key encipherment optional in API validation. ([#111061](https://github.com/kubernetes/kubernetes/pull/111061), [@pacoxu](https://github.com/pacoxu)) 2539 - ManagedFields time is correctly updated when the value of a managed field is modified. ([#110058](https://github.com/kubernetes/kubernetes/pull/110058), [@glebiller](https://github.com/glebiller)) 2540 - OpenAPI will no longer duplicate these schemas: 2541 - `io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions_v2` 2542 - `io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2` 2543 - `io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference_v2` 2544 - `io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails_v2` 2545 - `io.k8s.apimachinery.pkg.apis.meta.v1.Status_v2` ([#110179](https://github.com/kubernetes/kubernetes/pull/110179), [@Jefftree](https://github.com/Jefftree)) 2546 - Panics while calling validating admission webhook are caught and honor the fail open or fail closed setting. ([#108746](https://github.com/kubernetes/kubernetes/pull/108746), [@deads2k](https://github.com/deads2k)) [SIG API Machinery] 2547 - Pods now post their `readiness` during termination. ([#110191](https://github.com/kubernetes/kubernetes/pull/110191), [@rphillips](https://github.com/rphillips)) 2548 - Reduced duration to sync proxy rules on Windows `kube-proxy` when using `kernelspace` mode. ([#109124](https://github.com/kubernetes/kubernetes/pull/109124), [@daschott](https://github.com/daschott)) 2549 - Reduced the number of cloud API calls and service downtime caused by excessive re-configurations of cluster LBs with externalTrafficPolicy=Local when node readiness changes (https://github.com/kubernetes/kubernetes/issues/111539). The service controller (in cloud-controller-manager) will avoid resyncing nodes which are transitioning between `Ready` / `NotReady` (only for ETP=Local Services). The LBs used for these services will solely rely on the health check probe defined by the `healthCheckNodePort` to determine if a particular node is to be used for traffic load balancing. ([#109706](https://github.com/kubernetes/kubernetes/pull/109706), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) 2550 - Removed the recently re-introduced schedulability predicate ([#109706](https://github.com/kubernetes/kubernetes/pull/109706)) as to not have unschedulable nodes removed from load balancers back-end pools. ([#111691](https://github.com/kubernetes/kubernetes/pull/111691), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) 2551 - Removed unused flags from `kubectl run` command. ([#110668](https://github.com/kubernetes/kubernetes/pull/110668), [@brianpursley](https://github.com/brianpursley)) 2552 - Run kubelet, when there is an error exit, print the error log. ([#110691](https://github.com/kubernetes/kubernetes/pull/110691), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) 2553 - The `priority_level_request_utilization` metric histogram is adjusted so that for the cases where `phase=waiting` the denominator is the cumulative capacity of all of the priority level's queues. 2554 The `read_vs_write_current_requests` metric histogram is adjusted, in the case of using API Priority and Fairness instead of max-in-flight, to divide by the relevant limit: sum of queue capacities for waiting requests, sum of seat limits for executing requests. ([#110164](https://github.com/kubernetes/kubernetes/pull/110164), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) 2555 - The commands `kubeadm certs renew` and `kubeadm certs check-expiration` now honor the `cert-dir` flag on a running Kubernetes cluster. ([#110709](https://github.com/kubernetes/kubernetes/pull/110709), [@chendave](https://github.com/chendave)) 2556 - The kube-proxy `sync_proxy_rules_no_endpoints_total` metric now only counts local-traffic-policy services which have remote endpoints but not local endpoints. ([#109782](https://github.com/kubernetes/kubernetes/pull/109782), [@danwinship](https://github.com/danwinship)) 2557 - The namespace editors and admins can now create leases.coordination.k8s.io and should use this type for leaderelection instead of configmaps. ([#111472](https://github.com/kubernetes/kubernetes/pull/111472), [@deads2k](https://github.com/deads2k)) 2558 - The node annotation alpha.kubernetes.io/provided-node-ip is no longer set ONLY when `--cloud-provider=external`. Now, it is set on kubelet startup if the `--cloud-provider` flag is set at all, including the deprecated in-tree providers. ([#109794](https://github.com/kubernetes/kubernetes/pull/109794), [@mdbooth](https://github.com/mdbooth)) [SIG Network and Node] 2559 - The pod phase lifecycle guarantees that terminal Pods, those whose states are `Unready` or `Succeeded`, can not regress and will have all container stopped. Hence, terminal Pods will never be reachable and should not publish their IP addresses on the `Endpoints` or `EndpointSlices`, independently of the Service `TolerateUnready` option. ([#110255](https://github.com/kubernetes/kubernetes/pull/110255), [@robscott](https://github.com/robscott)) 2560 - Unmounted volumes correctly for reconstructed volumes even if mount operation fails after kubelet restart. ([#110670](https://github.com/kubernetes/kubernetes/pull/110670), [@gnufied](https://github.com/gnufied)) 2561 - Updated max azure data disk count map with new VM types. ([#111406](https://github.com/kubernetes/kubernetes/pull/111406), [@bennerv](https://github.com/bennerv)) 2562 - Updated to cAdvisor v0.44.1 to fix an issue where metrics generated by kubelet for pod network stats were empty in some cases. ([#109658](https://github.com/kubernetes/kubernetes/pull/109658), [@bobbypage](https://github.com/bobbypage)) 2563 - Upgraded Azure/go-autorest/autorest to v0.11.27. ([#110371](https://github.com/kubernetes/kubernetes/pull/110371), [@andyzhangx](https://github.com/andyzhangx)) 2564 - Upgraded functionality of `kubectl kustomize` as described at 2565 https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.5.7. ([#111606](https://github.com/kubernetes/kubernetes/pull/111606), [@natasha41575](https://github.com/natasha41575)) 2566 - Use checksums instead of fsyncs to ensure discovery cache integrity ([#110851](https://github.com/kubernetes/kubernetes/pull/110851), [@negz](https://github.com/negz)) [SIG API Machinery] 2567 - UserName check for 'ContainerAdministrator' is now case-insensitive if runAsNonRoot is set to true on Windows. ([#111009](https://github.com/kubernetes/kubernetes/pull/111009), [@marosset](https://github.com/marosset)) 2568 - Volumes are no longer detached from healthy nodes after 6 minutes timeout. 6 minute force-detach timeout is used only for unhealthy nodes (`node.status.conditions["Ready"]!= true`). ([#110721](https://github.com/kubernetes/kubernetes/pull/110721), [@jsafrane](https://github.com/jsafrane)) 2569 - When metrics are counted, discard the wrong container StartTime metrics ([#110880](https://github.com/kubernetes/kubernetes/pull/110880), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Instrumentation and Node] 2570 - Windows kubelet plugin Watcher now working as intended. ([#111439](https://github.com/kubernetes/kubernetes/pull/111439), [@claudiubelu](https://github.com/claudiubelu)) 2571 - [aws] Fixed a bug which reduces the number of unnecessary calls to STS in the event of assume role failures in the legacy cloud provider ([#110706](https://github.com/kubernetes/kubernetes/pull/110706), [@prateekgogia](https://github.com/prateekgogia)) [SIG Cloud Provider] 2572 - `pod.Spec.RuntimeClassName` field is now available in kubectl describe command. ([#110914](https://github.com/kubernetes/kubernetes/pull/110914), [@yeahdongcn](https://github.com/yeahdongcn)) 2573 2574 ### Other (Cleanup or Flake) 2575 2576 - Add missing powershell option to kubectl completion command short description. ([#109773](https://github.com/kubernetes/kubernetes/pull/109773), [@danielhelfand](https://github.com/danielhelfand)) 2577 - Added e2e test flag to specify which volume drivers should be installed. This deprecated the ENABLE_STORAGE_GCE_PD_DRIVER environment variable. ([#111481](https://github.com/kubernetes/kubernetes/pull/111481), [@mattcary](https://github.com/mattcary)) 2578 - Changed PV framework delete timeout to 5 minutes as documented. ([#109764](https://github.com/kubernetes/kubernetes/pull/109764), [@saikat-royc](https://github.com/saikat-royc)) 2579 - Default burst limit for the discovery client set to 300. ([#109141](https://github.com/kubernetes/kubernetes/pull/109141), [@ulucinar](https://github.com/ulucinar)) 2580 - Deleted the `apimachinery/clock` package. Please use `k8s.io/utils/clock` package instead. ([#109752](https://github.com/kubernetes/kubernetes/pull/109752), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) 2581 - Feature gates that graduated to GA in 1.23 or earlier and were unconditionally enabled have been removed: CSIServiceAccountToken, ConfigurableFSGroupPolicy, EndpointSlice, EndpointSliceNodeName, EndpointSliceProxying, GenericEphemeralVolume, IPv6DualStack, IngressClassNamespacedParams, StorageObjectInUseProtection, TTLAfterFinished, VolumeSubpath, WindowsEndpointSliceProxying. ([#109435](https://github.com/kubernetes/kubernetes/pull/109435), [@pohly](https://github.com/pohly)) 2582 - For Linux, `kube-proxy` uses a new “distroless” container image, instead of an image based on Debian. ([#111060](https://github.com/kubernetes/kubernetes/pull/111060), [@aojea](https://github.com/aojea)) 2583 - For resources built into an apiserver, the server now logs at `-v=3` whether it is using watch caching. ([#109175](https://github.com/kubernetes/kubernetes/pull/109175), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery] 2584 - Improved `kubectl run` and `kubectl debug` error messages upon attaching failures. ([#110764](https://github.com/kubernetes/kubernetes/pull/110764), [@soltysh](https://github.com/soltysh)) 2585 - In the event that more than one IngressClass is designated "default", the DefaultIngressClass admission controller will choose one rather than fail. ([#110974](https://github.com/kubernetes/kubernetes/pull/110974), [@kidddddddddddddddddddddd](https://github.com/kidddddddddddddddddddddd)) [SIG Network] 2586 - Kube-proxy: The "userspace" proxy-mode is deprecated on Linux and Windows, despite being the default on Windows. As of v1.26, the default mode for Windows will change to 'kernelspace'. ([#110762](https://github.com/kubernetes/kubernetes/pull/110762), [@pandaamanda](https://github.com/pandaamanda)) [SIG Network] 2587 - Kubeadm: perform additional dockershim cleanup. Treat all container runtimes as remote by using the flag "--container-runtime=remote", given dockershim was removed in 1.24 and given kubeadm 1.25 supports a kubelet version of 1.24 and 1.25. The flag "--network-plugin" will no longer be used for new clusters. Stop cleaning up the following dockershim related directories on "kubeadm reset": "/var/lib/dockershim", "/var/runkubernetes", "/var/lib/cni" ([#110022](https://github.com/kubernetes/kubernetes/pull/110022), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] 2588 - Kubelet's deprecated `--experimental-kernel-memcg-notification` flag is now removed. Use `--kernel-memcg-notification` instead. ([#109388](https://github.com/kubernetes/kubernetes/pull/109388), [@ialidzhikov](https://github.com/ialidzhikov)) 2589 - Kubelet: Silenced flag output on errors. ([#110728](https://github.com/kubernetes/kubernetes/pull/110728), [@howardjohn](https://github.com/howardjohn)) 2590 - Kubernetes binaries are now built-in `module` mode instead of `GOPATH` mode. ([#109464](https://github.com/kubernetes/kubernetes/pull/109464), [@liggitt](https://github.com/liggitt)) 2591 - Removed branch `release-1.20` from prom bot due to EOL. ([#110748](https://github.com/kubernetes/kubernetes/pull/110748), [@cpanato](https://github.com/cpanato)) 2592 - Removed deprecated kubectl.kubernetes.io/default-logs-container support ([#109254](https://github.com/kubernetes/kubernetes/pull/109254), [@pacoxu](https://github.com/pacoxu)) 2593 - Renamed `apiserver_watch_cache_watch_cache_initializations_total` to `apiserver_watch_cache_initializations_total` ([#109579](https://github.com/kubernetes/kubernetes/pull/109579), [@logicalhan](https://github.com/logicalhan)) 2594 - Shell completion is now provided for the "--subresource" flag. ([#109070](https://github.com/kubernetes/kubernetes/pull/109070), [@marckhouzam](https://github.com/marckhouzam)) 2595 - Some apiserver metrics were changed, as follows. 2596 - `priority_level_seat_count_samples` is replaced with `priority_level_seat_utilization`, which samples every nanosecond rather than every millisecond; the old metric conveyed utilization despite its name. 2597 - `priority_level_seat_count_watermarks` is removed. 2598 - `priority_level_request_count_samples` is replaced with `priority_level_request_utilization`, which samples every nanosecond rather than every millisecond; the old metric conveyed utilization despite its name. 2599 - `priority_level_request_count_watermarks` is removed. 2600 - `read_vs_write_request_count_samples` is replaced with `read_vs_write_current_requests`, which samples every nanosecond rather than every second; the new metric, like the old one, measures utilization when the max-in-flight filter is used and number of requests when the API Priority and Fairness filter is used. 2601 - `read_vs_write_request_count_watermarks` is removed. ([#110104](https://github.com/kubernetes/kubernetes/pull/110104), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery, Instrumentation and Testing] 2602 - The kube-controller-manager's deprecated `--experimental-cluster-signing-duration` flag is now removed. Adapt your machinery to use the `--cluster-signing-duration` flag that is available since v1.19. ([#108476](https://github.com/kubernetes/kubernetes/pull/108476), [@ialidzhikov](https://github.com/ialidzhikov)) 2603 - The kube-scheduler ComponentConfig v1beta2 is deprecated in v1.25. ([#111547](https://github.com/kubernetes/kubernetes/pull/111547), [@kerthcet](https://github.com/kerthcet)) 2604 - The kubelet no longer supports collecting accelerator metrics through cAdvisor. The feature gate `DisableAcceleratorUsageMetrics` is now GA and cannot be disabled. ([#110940](https://github.com/kubernetes/kubernetes/pull/110940), [@pacoxu](https://github.com/pacoxu)) 2605 - Updated cri-tools to [v1.24.2(https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2). ([#109813](https://github.com/kubernetes/kubernetes/pull/109813), [@saschagrunert](https://github.com/saschagrunert)) 2606 - `apiserver_dropped_requests` is dropped from this release since `apiserver_request_total` can now be used to track dropped requests. `etcd_object_counts` is also removed in favor of `apiserver_storage_objects`. `apiserver_registered_watchers` is also removed in favor of `apiserver_longrunning_requests`. ([#110337](https://github.com/kubernetes/kubernetes/pull/110337), [@logicalhan](https://github.com/logicalhan)) 2607 - `apiserver_longrunning_gauge` was removed from the codebase. Please use `apiserver_longrunning_requests` 2608 instead. 2609 ([#110310](https://github.com/kubernetes/kubernetes/pull/110310), [@logicalhan](https://github.com/logicalhan)) 2610 2611 2612 ## Dependencies 2613 2614 ### Added 2615 - github.com/emicklei/go-restful/v3: [v3.8.0](https://github.com/emicklei/go-restful/v3/tree/v3.8.0) 2616 - github.com/go-task/slim-sprig: [348f09d](https://github.com/go-task/slim-sprig/tree/348f09d) 2617 - github.com/gogo/googleapis: [v1.4.1](https://github.com/gogo/googleapis/tree/v1.4.1) 2618 - github.com/golang-jwt/jwt/v4: [v4.2.0](https://github.com/golang-jwt/jwt/v4/tree/v4.2.0) 2619 - github.com/golang/snappy: [v0.0.3](https://github.com/golang/snappy/tree/v0.0.3) 2620 - github.com/golangplus/bytes: [v1.0.0](https://github.com/golangplus/bytes/tree/v1.0.0) 2621 - github.com/golangplus/fmt: [v1.0.0](https://github.com/golangplus/fmt/tree/v1.0.0) 2622 - github.com/onsi/ginkgo/v2: [v2.1.4](https://github.com/onsi/ginkgo/v2/tree/v2.1.4) 2623 - go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful: v0.20.0 2624 - go.opentelemetry.io/contrib/propagators: v0.20.0 2625 - google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.1.0 2626 2627 ### Changed 2628 - bitbucket.org/bertimus9/systemstat: 0eeff89 → v0.5.0 2629 - cloud.google.com/go: v0.81.0 → v0.97.0 2630 - github.com/Azure/go-autorest/autorest/adal: [v0.9.13 → v0.9.20](https://github.com/Azure/go-autorest/autorest/adal/compare/v0.9.13...v0.9.20) 2631 - github.com/Azure/go-autorest/autorest/mocks: [v0.4.1 → v0.4.2](https://github.com/Azure/go-autorest/autorest/mocks/compare/v0.4.1...v0.4.2) 2632 - github.com/Azure/go-autorest/autorest: [v0.11.18 → v0.11.27](https://github.com/Azure/go-autorest/autorest/compare/v0.11.18...v0.11.27) 2633 - github.com/GoogleCloudPlatform/k8s-cloud-provider: [ea6160c → f118173](https://github.com/GoogleCloudPlatform/k8s-cloud-provider/compare/ea6160c...f118173) 2634 - github.com/MakeNowJust/heredoc: [bb23615 → v1.0.0](https://github.com/MakeNowJust/heredoc/compare/bb23615...v1.0.0) 2635 - github.com/antlr/antlr4/runtime/Go/antlr: [b48c857 → f25a4f6](https://github.com/antlr/antlr4/runtime/Go/antlr/compare/b48c857...f25a4f6) 2636 - github.com/chai2010/gettext-go: [c6fed77 → v1.0.2](https://github.com/chai2010/gettext-go/compare/c6fed77...v1.0.2) 2637 - github.com/cncf/udpa/go: [5459f2c → 04548b0](https://github.com/cncf/udpa/go/compare/5459f2c...04548b0) 2638 - github.com/cncf/xds/go: [fbca930 → cb28da3](https://github.com/cncf/xds/go/compare/fbca930...cb28da3) 2639 - github.com/container-storage-interface/spec: [v1.5.0 → v1.6.0](https://github.com/container-storage-interface/spec/compare/v1.5.0...v1.6.0) 2640 - github.com/containerd/containerd: [v1.4.12 → v1.4.9](https://github.com/containerd/containerd/compare/v1.4.12...v1.4.9) 2641 - github.com/coredns/corefile-migration: [v1.0.14 → v1.0.17](https://github.com/coredns/corefile-migration/compare/v1.0.14...v1.0.17) 2642 - github.com/daviddengcn/go-colortext: [511bcaf → v1.0.0](https://github.com/daviddengcn/go-colortext/compare/511bcaf...v1.0.0) 2643 - github.com/docker/docker: [v20.10.12+incompatible → v20.10.17+incompatible](https://github.com/docker/docker/compare/v20.10.12...v20.10.17) 2644 - github.com/envoyproxy/go-control-plane: [63b5d3c → 49ff273](https://github.com/envoyproxy/go-control-plane/compare/63b5d3c...49ff273) 2645 - github.com/go-logr/logr: [v1.2.0 → v1.2.3](https://github.com/go-logr/logr/compare/v1.2.0...v1.2.3) 2646 - github.com/go-logr/zapr: [v1.2.0 → v1.2.3](https://github.com/go-logr/zapr/compare/v1.2.0...v1.2.3) 2647 - github.com/golangplus/testing: [af21d9c → v1.0.0](https://github.com/golangplus/testing/compare/af21d9c...v1.0.0) 2648 - github.com/google/cadvisor: [v0.44.1 → v0.45.0](https://github.com/google/cadvisor/compare/v0.44.1...v0.45.0) 2649 - github.com/google/cel-go: [v0.10.1 → v0.12.4](https://github.com/google/cel-go/compare/v0.10.1...v0.12.4) 2650 - github.com/google/go-cmp: [v0.5.5 → v0.5.6](https://github.com/google/go-cmp/compare/v0.5.5...v0.5.6) 2651 - github.com/google/martian/v3: [v3.1.0 → v3.2.1](https://github.com/google/martian/v3/compare/v3.1.0...v3.2.1) 2652 - github.com/google/pprof: [cbba55b → 94a9f03](https://github.com/google/pprof/compare/cbba55b...94a9f03) 2653 - github.com/googleapis/gax-go/v2: [v2.0.5 → v2.1.1](https://github.com/googleapis/gax-go/v2/compare/v2.0.5...v2.1.1) 2654 - github.com/imdario/mergo: [v0.3.5 → v0.3.6](https://github.com/imdario/mergo/compare/v0.3.5...v0.3.6) 2655 - github.com/matttproud/golang_protobuf_extensions: [c182aff → v1.0.1](https://github.com/matttproud/golang_protobuf_extensions/compare/c182aff...v1.0.1) 2656 - github.com/onsi/gomega: [v1.10.1 → v1.19.0](https://github.com/onsi/gomega/compare/v1.10.1...v1.19.0) 2657 - github.com/opencontainers/runc: [v1.1.1 → v1.1.3](https://github.com/opencontainers/runc/compare/v1.1.1...v1.1.3) 2658 - github.com/pquerna/cachecontrol: [0dec1b3 → v0.1.0](https://github.com/pquerna/cachecontrol/compare/0dec1b3...v0.1.0) 2659 - github.com/seccomp/libseccomp-golang: [3879420 → f33da4d](https://github.com/seccomp/libseccomp-golang/compare/3879420...f33da4d) 2660 - github.com/xlab/treeprint: [a009c39 → v1.1.0](https://github.com/xlab/treeprint/compare/a009c39...v1.1.0) 2661 - github.com/yuin/goldmark: [v1.4.1 → v1.4.13](https://github.com/yuin/goldmark/compare/v1.4.1...v1.4.13) 2662 - go.etcd.io/etcd/api/v3: v3.5.1 → v3.5.4 2663 - go.etcd.io/etcd/client/pkg/v3: v3.5.1 → v3.5.4 2664 - go.etcd.io/etcd/client/v2: v2.305.0 → v2.305.4 2665 - go.etcd.io/etcd/client/v3: v3.5.1 → v3.5.4 2666 - go.etcd.io/etcd/pkg/v3: v3.5.0 → v3.5.4 2667 - go.etcd.io/etcd/raft/v3: v3.5.0 → v3.5.4 2668 - go.etcd.io/etcd/server/v3: v3.5.0 → v3.5.4 2669 - golang.org/x/crypto: 8634188 → 3147a52 2670 - golang.org/x/mod: 9b9b3d8 → 86c51ed 2671 - golang.org/x/net: cd36cc0 → a158d28 2672 - golang.org/x/sync: 036812b → 886fb93 2673 - golang.org/x/sys: 3681064 → 8c9f86f 2674 - golang.org/x/tools: 897bd77 → v0.1.12 2675 - google.golang.org/api: v0.46.0 → v0.60.0 2676 - google.golang.org/genproto: 42d7afd → c8bf987 2677 - google.golang.org/grpc: v1.40.0 → v1.47.0 2678 - google.golang.org/protobuf: v1.27.1 → v1.28.0 2679 - gopkg.in/yaml.v3: 496545a → v3.0.1 2680 - k8s.io/klog/v2: v2.60.1 → v2.70.1 2681 - k8s.io/kube-openapi: 3ee0da9 → 67bda5d 2682 - k8s.io/utils: 3a6ce19 → ee6ede2 2683 - sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.30 → v0.0.32 2684 - sigs.k8s.io/json: 9f7c6b3 → f223a00 2685 - sigs.k8s.io/kustomize/api: v0.11.4 → v0.12.1 2686 - sigs.k8s.io/kustomize/cmd/config: v0.10.6 → v0.10.9 2687 - sigs.k8s.io/kustomize/kustomize/v4: v4.5.4 → v4.5.7 2688 - sigs.k8s.io/kustomize/kyaml: v0.13.6 → v0.13.9 2689 - sigs.k8s.io/structured-merge-diff/v4: v4.2.1 → v4.2.3 2690 2691 ### Removed 2692 - github.com/OneOfOne/xxhash: [v1.2.2](https://github.com/OneOfOne/xxhash/tree/v1.2.2) 2693 - github.com/cespare/xxhash: [v1.1.0](https://github.com/cespare/xxhash/tree/v1.1.0) 2694 - github.com/clusterhq/flocker-go: [2b8b725](https://github.com/clusterhq/flocker-go/tree/2b8b725) 2695 - github.com/emicklei/go-restful: [v2.9.5+incompatible](https://github.com/emicklei/go-restful/tree/v2.9.5) 2696 - github.com/google/cel-spec: [v0.6.0](https://github.com/google/cel-spec/tree/v0.6.0) 2697 - github.com/jstemmer/go-junit-report: [v0.9.1](https://github.com/jstemmer/go-junit-report/tree/v0.9.1) 2698 - github.com/nxadm/tail: [v1.4.4](https://github.com/nxadm/tail/tree/v1.4.4) 2699 - github.com/onsi/ginkgo: [v1.14.0](https://github.com/onsi/ginkgo/tree/v1.14.0) 2700 - github.com/quobyte/api: [v0.1.8](https://github.com/quobyte/api/tree/v0.1.8) 2701 - github.com/spaolacci/murmur3: [f09979e](https://github.com/spaolacci/murmur3/tree/f09979e) 2702 - github.com/storageos/go-api: [v2.2.0+incompatible](https://github.com/storageos/go-api/tree/v2.2.0) 2703 - gopkg.in/tomb.v1: dd63297 2704 2705 2706 2707 # v1.25.0-rc.1 2708 2709 2710 ## Downloads for v1.25.0-rc.1 2711 2712 2713 2714 ### Source Code 2715 2716 filename | sha512 hash 2717 -------- | ----------- 2718 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes.tar.gz) | e14dae73addde178b3cfe2d282a261e4ff09ba0015094911a33a5c0657ac7480bb1eeb96e6c48b773a4acbe4379c20372c8dec5e41840b4f886a143aef24fb44 2719 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-src.tar.gz) | f1e9237aa0c169a3763a33ec17cb2c52adc7401c413c157aff34ca37168612e7be7adc6d181d81081b0d5577e3036c91e211273c2b13799306d20e4ae1df9427 2720 2721 ### Client Binaries 2722 2723 filename | sha512 hash 2724 -------- | ----------- 2725 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-darwin-amd64.tar.gz) | a2b1b1eabbd3cc9edd8965d99b018906e1b9228eef8af502c985237598d34705c1e85b36c7c79eb7084a4269a22d08b8d38d05126a41e4aeed4e4cd023e7f630 2726 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-darwin-arm64.tar.gz) | acf9af8669789858160a479273a820b6e28b2f245d5d5904b1b2ab48c62984b1c4c1ebec5ac728878406443daf66a82a1a29d30916a5aaea2d3b0a7fdd2b40cc 2727 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-linux-386.tar.gz) | 225898328977467b8158af2bca4335efe74e00416eb2f4003361086c37a0bc8d2490642afd9a2e374ea462ad6bf9a760340975fe84d0daed81b4fb8faf280b81 2728 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-linux-amd64.tar.gz) | 6148209b0088f8491f17d31375420bb5c027e115dfae5e4366a6bb5d7ce1416e36b58f23723e75c91ff311891d132fde11bf387766825ad1ecc5186007a1c0cf 2729 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-linux-arm.tar.gz) | 630308287cdd40f53ce809807cfb60daa657ebe898426db47e7641f608621786ae4af6bae5505dda717bc9a7bdda4950d6a95c1100393183a8bb07bc8fe12383 2730 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-linux-arm64.tar.gz) | 8bc549474541955bd4da1acea34908b4ea958e002aa135251e97868b759e0aa29e9494bd07375eb38cfa07c973f54f884c711c19f96eaa490a4aceb0065ab3c1 2731 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-linux-ppc64le.tar.gz) | b46310a3a224db894dfe93d85ac7107a2ab66f80a57860d3615df6a6af8fca6728549c0aaafe2b7b07f22c3bf7187f72b630527687e4d1a5fae79b51fe653a24 2732 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-linux-s390x.tar.gz) | c0d1ec17577e9dd0c45b28f89a49af8cd17f3618d5ef5428c28ac96e842e7eacc84828bbac4209f4e3bec463cdc963b11f7f1f016e5032c94d85f98a64630d30 2733 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-windows-386.tar.gz) | 99f85b4d5bd693fa8fe52471d2e970adb5ed7236c9793fa91d9b39739f2062d3dd9bd370fa3e810eb13a690df7314d1c31dd501585499251ab169323569115f9 2734 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-windows-amd64.tar.gz) | 2ea4a4cf1c17006f7bd2309fca52dbe219d0e73f1c103dcd2ac0dfdefc650b80d2bb12ce0a6375f6894d6bfca44ef2718ac72244e5b6e4c432db0f198b4e34ad 2735 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-windows-arm64.tar.gz) | c27593a4d834e3ecf3fd5ddb5aebad152af5c2bd30fd4c09b946e258498330745114963221ee98ae2b32953c5c50898f1328e38c64ca442a4c3fc07f1668220b 2736 2737 ### Server Binaries 2738 2739 filename | sha512 hash 2740 -------- | ----------- 2741 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-server-linux-amd64.tar.gz) | 46ad89bff41efcc9a6f98a16b268ef467037c4a735eddefe98794c5c652b417efe0087d84d1461809a75f443721412bbea8a0191d7bc542a0762a8bc6ef67190 2742 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-server-linux-arm.tar.gz) | c79ee0a2de9b9558baf631f7b1918f46e07fb0c5dd21861700c151666013a4a9ded300d0b552de5efe9cd977abec0dda4514b903092ad376ecd5fb2a8ea1173f 2743 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-server-linux-arm64.tar.gz) | 4cc9f720cc391c6bbb20d6de7f5c47e457c7d7ea42672bf27080ed2e673b52fd5c2266f766318d6e2bb08b1f733c03e983ef2a440bd481d741c9ab07029860f8 2744 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-server-linux-ppc64le.tar.gz) | 50889dac23696d2f8242aa1059d5bbcfbe440fade700c7f2fac1148b19a0754d48f76672bd0c0e7030fe88e29aa06de4c22f36d00f8fca9989d45d24337db82f 2745 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-server-linux-s390x.tar.gz) | a9493cfa2ba2fe482eba8e83d524cd0b3218ae438157163daf740dc100dd7a32249ff19fd87ae753f133b1858412938739c108b4d34279d46e53268e63713694 2746 2747 ### Node Binaries 2748 2749 filename | sha512 hash 2750 -------- | ----------- 2751 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-node-linux-amd64.tar.gz) | 590a658c556b7269efbcc802e3495b3e9e3216d3ad22c113131d46c4680e8fdda8b6eb56fce088fda18947861d89889019d101c4d27246a30608a27f05a32fa6 2752 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-node-linux-arm.tar.gz) | e09c753808a87f772d418d750489c0fd2c53cedf0f874d5672fcebba0cd3e549f2f14ed463ba9c398b41e46525f513c883c825880356a670679cf05a383c01a7 2753 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-node-linux-arm64.tar.gz) | 3db05d3150fcf061dbcfdb3ddeca69a2fd905660ad85446ccf8e68210592cda0c64b4324251058354e99f4b7747ae212bf3b5b0db1943310dba0d7bbe6c5f034 2754 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-node-linux-ppc64le.tar.gz) | dd05bc3a5c2209489af484c799e7a731bbbe1104574f186ab8a9be58fd74c70cad8c1ca097d00e2348ad62610061713ae42f2cfdd356f2c1f83b50161385c0fc 2755 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-node-linux-s390x.tar.gz) | c4d461cc4e442d8a033df8916ee20b58323b20e2a25f04d50ea2a7c3586b9737eac63317cc9175b5dc8308299e42e3b3d86d3aa1ab755d17515bdb44612453c3 2756 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-node-windows-amd64.tar.gz) | a9b75fd62986abce44a5ad888e35ff7353cdaf91c28092c6c117c599ede0c6c43bbaf720b1a6f189e9f85c1dfa6371d88f6c9930fd46ff5d9547a764b5854cde 2757 2758 ### Container Images 2759 2760 All container images are available as manifest lists and support the described 2761 architectures. It is also possible to pull a specific architecture directly by 2762 adding the "-$ARCH" suffix to the container image name. 2763 2764 name | architectures 2765 ---- | ------------- 2766 [k8s.gcr.io/conformance:v1.25.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 2767 [k8s.gcr.io/kube-apiserver:v1.25.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 2768 [k8s.gcr.io/kube-controller-manager:v1.25.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 2769 [k8s.gcr.io/kube-proxy:v1.25.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 2770 [k8s.gcr.io/kube-scheduler:v1.25.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 2771 2772 ## Changelog since v1.25.0-rc.0 2773 2774 ## Changes by Kind 2775 2776 ### Documentation 2777 2778 - Clarify that the node-port range (kube-apiserver config) must not overlap the nodes' ephemeral range. ([#111697](https://github.com/kubernetes/kubernetes/pull/111697), [@thockin](https://github.com/thockin)) [SIG Network] 2779 2780 ### Bug or Regression 2781 2782 - Fix memory leak on kube-scheduler preemption ([#111773](https://github.com/kubernetes/kubernetes/pull/111773), [@amewayne](https://github.com/amewayne)) [SIG Scheduling] 2783 2784 ## Dependencies 2785 2786 ### Added 2787 _Nothing has changed._ 2788 2789 ### Changed 2790 _Nothing has changed._ 2791 2792 ### Removed 2793 _Nothing has changed._ 2794 2795 2796 2797 # v1.25.0-rc.0 2798 2799 2800 ## Downloads for v1.25.0-rc.0 2801 2802 2803 2804 ### Source Code 2805 2806 filename | sha512 hash 2807 -------- | ----------- 2808 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes.tar.gz) | 88f1261569ccde08beb4f7d5d79a9750168fc32b6bf4975ebf9a225ea1d57d6de21f5321944de0d83f572af93fa11265584a09049b6fa594866daa8f99102a6a 2809 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-src.tar.gz) | bed0ce425fff0ff75608a043ed3a9a9b89ab640d08620b96976c733df84be6c161d8c586b9021e0cbd7ce88fba749e417befe7cc4042dcc7a4a4d6a9d6c40d26 2810 2811 ### Client Binaries 2812 2813 filename | sha512 hash 2814 -------- | ----------- 2815 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-darwin-amd64.tar.gz) | c937bb03c08b081f1889e50a0a2eb4631ab7e1ceca44ed244d221959468dfbdb60c0169624aa6d04e1775cc91ea2f448a213d2e0addd6525548a88735a970379 2816 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-darwin-arm64.tar.gz) | c32a0de11f0ccf44dd495d01d4d174d361124fe527ab9dc13b210994ecfa19d1f23e61053d920ee1d60bf80c7d4bb197c5dcbb03e1aed2231d53fca7aa9e876a 2817 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-linux-386.tar.gz) | 32f64a3d8b7547e94b934e58d83ac566f36232822458e84cd07de0f6aeb15b0169d74413fdf2456a0b0fe17d0a600e203e4fffdfd8869e9d6ca3b704c0e41e48 2818 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-linux-amd64.tar.gz) | a76fb8e22ca249914e47a8b523a9eb201b17014b52a7ae335386087f510a00899ea76d4f7cd4f3ce1cfbee8f8b9c9a23862fdcd6da71c6a6269f663e5e813182 2819 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-linux-arm.tar.gz) | f8f96ebd7727a99a923542f1f212615beb83556de93784f641e56021cf1ccac3bbe8a656389111cc95a55d9fa85b711e5a8ac50d1c169c41ae32f72c28c801d7 2820 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-linux-arm64.tar.gz) | 4de505812c10612f3cf420e87c6e712f46a208f2a64ce778c6f33291b390f7a4e4754913f402196456c8fef17f67ba44fa1bd14171e820d2e1a47d086c86e0bc 2821 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-linux-ppc64le.tar.gz) | 10d2a289d54ba75788ba15cd1de5ebc3dea89a0a1066003526b635c7260da9aab22b7b46794f341bca80c5e42bfe4681211513be0c02d8f42fb9db5a36f8ff90 2822 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-linux-s390x.tar.gz) | 1254fa747d2f0a92f21136a64b2efcd634c549a66f0fecf4a7f4bf5be2ee1986c5cfea4b1cbe6ff04970891e4a2e0f9abb2462cdaf0eb275397977a1e4d06877 2823 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-windows-386.tar.gz) | 85467d33b8d1a628e1b1db44e0e87116d82d3d00b06b51a0754475fe7f03ffc9dd1dba1bbbc4dea62a28d6d762ca557c88a29926015c2109f30655710d5fc746 2824 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-windows-amd64.tar.gz) | fa51f5e14ac2d4582be4eedb1e68c8e6ceeac57ac0bf25fadc0276c7b6584cde6f41bf1495944606b5493debd1fb787d511d342f02ab5f5fe1ffce2d40f488ff 2825 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-windows-arm64.tar.gz) | 8f3f81a7ceaa1f6167f85046dbcb3091a09dbfa3b49fc82e8d5ca08283b077fd5031203929b4a212ec62c02a72409e0b947fcc3b21e7430b3b14407654a97c90 2826 2827 ### Server Binaries 2828 2829 filename | sha512 hash 2830 -------- | ----------- 2831 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-server-linux-amd64.tar.gz) | 8e9695a09dfeca990afc5401e89e89722ba0dbf8c4c9aef40552596b9c5d6dd45bf53d4c1ecea821c44b48db9110668049034f462c38e4b0a48dbeb5cfdecff9 2832 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-server-linux-arm.tar.gz) | b05066b5004d7a827f27bb2f38a111babef9f43f8d4b6b112a793c373b175085f3053756ae548c51d42b0d32f7fce463010d14bb9a652b326843406538f8e2aa 2833 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-server-linux-arm64.tar.gz) | 49e39c509dd49566eb14d52f9047743f3bb96d86fb9747fa465f2ece3311fdfa70e601fbe9015b103be8748db3474216bcd7a33cc82a4dd984094aedccfde02e 2834 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-server-linux-ppc64le.tar.gz) | cf9b707cdb69bd45eff015b67379d42a7049884c484a740e36e533ada1f22f0f28128605a6149f33933b8b8b68754da01545b4c2c55d5d6956d5cf993ecbf615 2835 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-server-linux-s390x.tar.gz) | bbbd35f8b436aed6b76b9d60a5efec2865af776b331db67b45a96eb4c898fab51713952a5339242514e80f26b5581961f5cd4d1829f5c7022074716577031589 2836 2837 ### Node Binaries 2838 2839 filename | sha512 hash 2840 -------- | ----------- 2841 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-node-linux-amd64.tar.gz) | 0a25201b921171661a084c5aa51c61b1922f7e90593d747760588bf7104fb52f4fa796b75aac86ea9ec91c1cb2c379f9dd5b343bfdff6c5f2bb4fe8b099be02e 2842 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-node-linux-arm.tar.gz) | 66a15466074a0813a3d04bf3cb1d4e44209b6a90b258fc3b4ef84ced4d7b030036dd03ce19273ae67aa8903775431b85bdae32710b1a11d8651c2f6191d9e864 2843 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-node-linux-arm64.tar.gz) | a7a80e0958b6620c052f65e0e491396ceb0c3ad121499a76fa0b76e0df43b5a7a29a1fc31b1aabb7d856efc2c7df4c746a79e0e6ed1019a3e42cde877a19f2fb 2844 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-node-linux-ppc64le.tar.gz) | be06991362911c1c08d7ab5e138fd7d05a80b481c9f7fb9dbc68ad85b205e44811f37a3d6ea5cf3368b95b2a878b8b13096bb76491d20afa03216a7ca7e2f42d 2845 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-node-linux-s390x.tar.gz) | 261c4ab9cde5e3b1f51db396ad1c737fc2cc165437df7c19afeae4548f57822a82326a039767dbe36582ec1bedc08bf9d0f3d58726d7d81df04834d46aac239f 2846 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-node-windows-amd64.tar.gz) | 114e3630bb6f5140a3097c6c81a6d62280a7892fdc792f22ad9417d80a19932ed0b719ad56718e8e9f08c80c6149e9cf21fe20ba65db4f460b1d63db0abc2e24 2847 2848 ### Container Images 2849 2850 All container images are available as manifest lists and support the described 2851 architectures. It is also possible to pull a specific architecture directly by 2852 adding the "-$ARCH" suffix to the container image name. 2853 2854 name | architectures 2855 ---- | ------------- 2856 [k8s.gcr.io/conformance:v1.25.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 2857 [k8s.gcr.io/kube-apiserver:v1.25.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 2858 [k8s.gcr.io/kube-controller-manager:v1.25.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 2859 [k8s.gcr.io/kube-proxy:v1.25.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 2860 [k8s.gcr.io/kube-scheduler:v1.25.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 2861 2862 ## Changelog since v1.25.0-beta.0 2863 2864 ## Changes by Kind 2865 2866 ### API Change 2867 2868 - Introduces support for handling pod failures with respect to the configured pod failure policy rules ([#111113](https://github.com/kubernetes/kubernetes/pull/111113), [@mimowo](https://github.com/mimowo)) [SIG API Machinery, Apps, Auth, Scheduling and Testing] 2869 - NodeIPAM support for multiple ClusterCIDRs (https://github.com/kubernetes/enhancements/issues/2593) introduced as an alpha feature. 2870 2871 Setting feature gate MultiCIDRRangeAllocator=true, determines whether the MultiCIDRRangeAllocator controller can be used, while the kube-controller-manager flag below will pick the active controller. 2872 2873 Enable the MultiCIDRRangeAllocator by setting --cidr-allocator-type=MultiCIDRRangeAllocator flag in kube-controller-manager. ([#109090](https://github.com/kubernetes/kubernetes/pull/109090), [@sarveshr7](https://github.com/sarveshr7)) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Instrumentation, Network and Testing] 2874 - The CSIInlineVolume feature has moved from beta to GA. ([#111258](https://github.com/kubernetes/kubernetes/pull/111258), [@dobsonj](https://github.com/dobsonj)) [SIG API Machinery, Apps, Auth, Instrumentation, Storage and Testing] 2875 2876 ### Bug or Regression 2877 2878 - Fix memory leak in the job controller related to JobTrackingWithFinalizers ([#111721](https://github.com/kubernetes/kubernetes/pull/111721), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps] 2879 - Remove the recently re-introduced schedulability predicate (by PR: https://github.com/kubernetes/kubernetes/pull/109706) as to not have unschedulable nodes removed from load balancers back-end pools. ([#111691](https://github.com/kubernetes/kubernetes/pull/111691), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG Cloud Provider and Network] 2880 2881 ## Dependencies 2882 2883 ### Added 2884 _Nothing has changed._ 2885 2886 ### Changed 2887 _Nothing has changed._ 2888 2889 ### Removed 2890 _Nothing has changed._ 2891 2892 2893 2894 # v1.25.0-beta.0 2895 2896 2897 ## Downloads for v1.25.0-beta.0 2898 2899 2900 2901 ### Source Code 2902 2903 filename | sha512 hash 2904 -------- | ----------- 2905 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes.tar.gz) | f1f8548098b679784aeda6e2453d34a3b2e1670a066b9984acce6790d61bd8733f5c5a7875e48c379f4b4a6a28130a807f93a847d8ac776b3fb3d1dec167be9a 2906 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-src.tar.gz) | c338733b41387cce6dd40ebef9ff3bd35e796cd2635e75ea51b8e1d944672d4abdbf6ed14c0bfab070fc19259c66f7ba426858b79c51c9bc74a23a31076def6b 2907 2908 ### Client Binaries 2909 2910 filename | sha512 hash 2911 -------- | ----------- 2912 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-darwin-amd64.tar.gz) | 11723387623bbae84f76fc01f2a9fa1612b13238576b205073fd38512ce9aa5c8356a1c072a7fd8f27b271f3fe6441f8b7a2ea19e02f9d15503b3e76a1c65f6a 2913 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-darwin-arm64.tar.gz) | 9600383719091ab9a18fd871a8b7349db7b3b1162e54c202fb725d8e21365e9ff9f109f4eed68db87d28482768af325ad17996382a537b3988527278756997a9 2914 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-linux-386.tar.gz) | b04908a39ef653e913e090bc8c46eac528272598f4e173a5898355caf027e38614a1fe7ad9c3f307a28e1e7718bb38274f463cc09d8020fc01594df2186bc9b3 2915 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-linux-amd64.tar.gz) | 7dfbb41cd1cd43db8b63cefa0aed33754a3274f350037bdf484593365942dcad3112436cfd7a83fb760b7e81c98dfcc66a7a7d2c36de59b4a80a9049775bae81 2916 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-linux-arm.tar.gz) | 4e4ded957a7dd17f3b19544eb564cdbd7ea0018a77d1c7106403607f93e41896e90abb3caedb2c7d4372326c370490034380af741948fb86e5ea6a1a71648008 2917 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-linux-arm64.tar.gz) | de312ef5789512f27bcaf78e201e69f239caeb897b57183e237d34f90a886f2ad11bd143658f5a0a0e6866cea05fb099808a5498d529bb609ec2247b3165d849 2918 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-linux-ppc64le.tar.gz) | a1cfae2dd27aa42646d5f21ddea50749d41bac4575b2003bae08e22567a90fb091d76660148aa0354feb6e49764c5995a1f6c2f967d73c5504ed9cc9188f44fd 2919 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-linux-s390x.tar.gz) | 15aa3ac2ce68e5485b066b458f5cde48d09326683c85c19459ecdf3d0d135b5f44818db7c359f69ec2bd7da0049871fadd70ab2216314c433bf46a015370f5f5 2920 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-windows-386.tar.gz) | 7ce798115a4c405682d98d7482af08a6c22f20121187745883c5209d91bad7a4faac044c3e4c1501cdff112a1342867f4b6d2186a89eb9465a6ec7359983a6d4 2921 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-windows-amd64.tar.gz) | 68e3675cbedb69c69b9fb2bced9ad453d4cc11ed465cd0a193d7bbb0c8ea9448ca981ec47b971d2d4de5ce0245b1d0e4f9f1ac2ace2647b1ef7bce35edf525a3 2922 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-windows-arm64.tar.gz) | 5e655248bdefe4b37010df99abe80c76fddf6e299cdb88c5cb93d5f1d8f55d2cfa0fbeba3d419929e7ecbef5a7b22d096c737f3493fe2ec748d228257ac63880 2923 2924 ### Server Binaries 2925 2926 filename | sha512 hash 2927 -------- | ----------- 2928 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-server-linux-amd64.tar.gz) | 509d38d4c7a8b513f414c1e64889f8ea1573fcd9a0920bd955b870b234c794fb8d2a8347447b7940323d4a43b1691a05f22178c80401975d0cf1fc1b31d71086 2929 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-server-linux-arm.tar.gz) | 3d7896f8cde58d63243f3a704a291cc9135e01147448b93165d8c826d3429fc799a3e497614091545b87a8389a658b4dc2cc4e2b91f38166ef35d52a8139f17c 2930 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-server-linux-arm64.tar.gz) | 4ce21bc8b68eebc9d7d52d63af7e4cfb641f0912417c601f5bbef1957c6aee70c729bde33cd3d9a4d12dd804f2f3fd45a6fee88c7e45d7eed23cbb6ac2aa1839 2931 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-server-linux-ppc64le.tar.gz) | 4438d15cc91c606e0c66a4d49ade0ee98ae9b3a4440a007dc017542ab52da2dbe73ff9fd4ccb7fe97cf9d44219b237e4f2887f6ae333d431170f2dcd51409879 2932 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-server-linux-s390x.tar.gz) | ebad4c0aeacd63763b5ca7b059b373e909283bde5464b2727283e6b76edda7ebfd0de56a93c9c1543fd7206a0b12b0a8c1ef7e121188d7201118db85074b919c 2933 2934 ### Node Binaries 2935 2936 filename | sha512 hash 2937 -------- | ----------- 2938 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-node-linux-amd64.tar.gz) | 9e7fe60d78e2a9df8dcd091c1f8bee1ebd59dee19714224b851895964bc1e3d47efff3d38ff3bf3e0077ca3af263d9adca0c5cbb8fa2d968090bac2e7097f745 2939 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-node-linux-arm.tar.gz) | 56727507022103d2d4bfdb1043a7d340227346b641390dd9c288f796553733716a148ea41c5cb4ec5c52e45e210acf30f2be60e73ceedabeb97f09f280653e80 2940 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-node-linux-arm64.tar.gz) | 3731fc563fcb6d7bd7a998b5e0a538effaf4843ae6d8a3b1fde666e564aa6961e3664791e5615ba831c7adcd10bb64ab9455bff57577f96b42e6470ca16ff8d9 2941 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-node-linux-ppc64le.tar.gz) | 6e4bfaa2e5c599928930ca85981a27b338ef4366d34a089d3a807d51cb83c9be5d3af54be16efacce102b7d9b9e146e5d6f0b0c0987dea35f374f2f1b8e0c68c 2942 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-node-linux-s390x.tar.gz) | efe12a8e4c15e3688afd9f13e1824f6bcf1fc3ffbc05da0321a5eb82534085d90832ade189c41ea44b8b8ae8c3d8eb85ac450f21287a7e1b91090780fe1f3bbc 2943 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-node-windows-amd64.tar.gz) | 0f494940e778ca8f043b7a917097a3fa719d7a3cdd555e23d722c329b0a0d7293eafc54833868d56db3cb6e5ed8a73462af6a2c00e61fff77fcfbdb14217c7aa 2944 2945 ### Container Images 2946 2947 All container images are available as manifest lists and support the described 2948 architectures. It is also possible to pull a specific architecture directly by 2949 adding the "-$ARCH" suffix to the container image name. 2950 2951 name | architectures 2952 ---- | ------------- 2953 [k8s.gcr.io/conformance:v1.25.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 2954 [k8s.gcr.io/kube-apiserver:v1.25.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 2955 [k8s.gcr.io/kube-controller-manager:v1.25.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 2956 [k8s.gcr.io/kube-proxy:v1.25.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 2957 [k8s.gcr.io/kube-scheduler:v1.25.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 2958 2959 ## Changelog since v1.25.0-alpha.3 2960 2961 ## Urgent Upgrade Notes 2962 2963 ### (No, really, you MUST read this before you upgrade) 2964 2965 - Encrypt data with DEK using AES-GCM instead of AES-CBC for kms data encryption. No user action required. Reads with AES-GCM and AES-CBC will continue to be allowed. ([#111119](https://github.com/kubernetes/kubernetes/pull/111119), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth and Testing] 2966 - Intree volume plugin flocker support is been completely removed from Kubernetes. ([#111618](https://github.com/kubernetes/kubernetes/pull/111618), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG API Machinery, Node, Scalability and Storage] 2967 - Intree volume plugin quobyte support is been completely removed from Kubernetes. ([#111619](https://github.com/kubernetes/kubernetes/pull/111619), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG API Machinery, Node, Scalability and Storage] 2968 - Intree volume plugin storageos support is been completely removed from Kubernetes. ([#111620](https://github.com/kubernetes/kubernetes/pull/111620), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG API Machinery, Node, Scalability and Storage] 2969 2970 ## Changes by Kind 2971 2972 ### Deprecation 2973 2974 - API server's deprecated `--service-account-api-audiences` flag is now removed. Use `--api-audiences` instead. ([#108624](https://github.com/kubernetes/kubernetes/pull/108624), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Auth] 2975 - Support for the alpha seccomp annotations `seccomp.security.alpha.kubernetes.io/pod` and `container.seccomp.security.alpha.kubernetes.io`, deprecated since v1.19, has been partially removed. Kubelets no longer support the annotations, use of the annotations in static pods is no longer supported, and the seccomp annotations are no longer auto-populated when pods with seccomp fields are created. Auto-population of the seccomp fields from the annotations is planned to be removed in 1.27. Pods should use the corresponding pod or container `securityContext.seccompProfile` field instead. ([#109819](https://github.com/kubernetes/kubernetes/pull/109819), [@saschagrunert](https://github.com/saschagrunert)) [SIG Apps, Auth, Node and Testing] 2976 - VSphere releases less than 7.0u2 are not supported for in-tree vSphere volume as of Kubernetes v1.25. Please consider upgrading vSphere (both ESXi and vCenter) to 7.0u2 or above. ([#111255](https://github.com/kubernetes/kubernetes/pull/111255), [@divyenpatel](https://github.com/divyenpatel)) [SIG Cloud Provider] 2977 - Windows winkernel Kube-proxy no longer supports Windows HNS v1 APIs ([#110957](https://github.com/kubernetes/kubernetes/pull/110957), [@papagalu](https://github.com/papagalu)) [SIG Network and Windows] 2978 - GlusterFS provisioner (`kubernetes.io/glusterfs`) has been deprecated in this release. ([#111485](https://github.com/kubernetes/kubernetes/pull/111485), [@humblec](https://github.com/humblec)) 2979 2980 ### API Change 2981 2982 - Added alpha support for user namespaces in pods phase 1 (KEP 127, feature gate: UserNamespacesSupport) ([#111090](https://github.com/kubernetes/kubernetes/pull/111090), [@rata](https://github.com/rata)) [SIG Apps, Auth, Network, Node, Storage and Testing] 2983 - Adds KMS v2alpha1 support ([#111126](https://github.com/kubernetes/kubernetes/pull/111126), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth, Instrumentation and Testing] 2984 - As of v1.25, the PodSecurity `restricted` level no longer requires pods that set .spec.os.name="windows" to also set Linux-specific securityContext fields. If a 1.25+ cluster has unsupported [out-of-skew](https://kubernetes.io/releases/version-skew-policy/#kubelet) nodes prior to v1.23 and wants to ensure namespaces enforcing the `restricted` policy continue to require Linux-specific securityContext fields on all pods, ensure a version of the `restricted` prior to v1.25 is selected by labeling the namespace (for example, `pod-security.kubernetes.io/enforce-version: v1.24`) ([#105919](https://github.com/kubernetes/kubernetes/pull/105919), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG API Machinery, Apps, Auth, Testing and Windows] 2985 - Changes ownership semantics of PersistentVolume's spec.claimRef from `atomic` to `granular`. ([#110495](https://github.com/kubernetes/kubernetes/pull/110495), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Instrumentation and Testing] 2986 - Extends ContainerStatus CRI API to allow runtime response with container resource requests and limits that are in effect. 2987 - UpdateContainerResources CRI API now supports both Linux and Windows. 2988 2989 For details, see KEPs below. ([#111645](https://github.com/kubernetes/kubernetes/pull/111645), [@vinaykul](https://github.com/vinaykul)) [SIG Node] 2990 - For v1.25, Kubernetes will be using golang 1.19, In this PR we update to 1.19rc2 as GA is not yet available. ([#111254](https://github.com/kubernetes/kubernetes/pull/111254), [@dims](https://github.com/dims)) [SIG Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] 2991 - Introduce PodHasNetwork condition for pods ([#111358](https://github.com/kubernetes/kubernetes/pull/111358), [@ddebroy](https://github.com/ddebroy)) [SIG Apps, Node and Testing] 2992 - Introduction of the `DisruptionTarget` pod condition type. Its `reason` field indicates the reason for pod termination: 2993 - PreemptionByKubeScheduler (Pod preempted by kube-scheduler) 2994 - DeletionByTaintManager (Pod deleted by taint manager due to NoExecute taint) 2995 - EvictionByEvictionAPI (Pod evicted by Eviction API) 2996 - DeletionByPodGC (an orphaned Pod deleted by PodGC) ([#110959](https://github.com/kubernetes/kubernetes/pull/110959), [@mimowo](https://github.com/mimowo)) [SIG Apps, Auth, Node, Scheduling and Testing] 2997 - Kube-Scheduler ComponentConfig is graduated to GA, `kubescheduler.config.k8s.io/v1` is available now. 2998 Plugin `SelectorSpread` is removed in v1. ([#110534](https://github.com/kubernetes/kubernetes/pull/110534), [@kerthcet](https://github.com/kerthcet)) [SIG API Machinery, Scheduling and Testing] 2999 - Local Storage Capacity Isolation feature is GA in 1.25 release. For systems (rootless) that cannot check root file system, please use kubelet config --local-storage-capacity-isolation=false to disable this feature. Once disabled, pod cannot set local ephemeral storage request/limit, and emptyDir sizeLimit niether. ([#111513](https://github.com/kubernetes/kubernetes/pull/111513), [@jingxu97](https://github.com/jingxu97)) [SIG API Machinery, Node, Scalability and Scheduling] 3000 - PersistentVolumeClaim objects are no longer left with storage class set to `nil` forever, but will be updated retroactively once any StorageClass is set or created as default. ([#111467](https://github.com/kubernetes/kubernetes/pull/111467), [@RomanBednar](https://github.com/RomanBednar)) [SIG Apps, Storage and Testing] 3001 - Promote CronJob's TimeZone support to beta ([#111435](https://github.com/kubernetes/kubernetes/pull/111435), [@soltysh](https://github.com/soltysh)) [SIG API Machinery, Apps and Testing] 3002 - Promote DaemonSet MaxSurge to GA. This means `--feature-gates=DaemonSetUpdateSurge=true` are not needed on kube-apiserver and kube-controller-manager binaries and they'll be removed soon following policy at https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation ([#111194](https://github.com/kubernetes/kubernetes/pull/111194), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Apps] 3003 - Respect PodTopologySpread after rolling upgrades ([#111441](https://github.com/kubernetes/kubernetes/pull/111441), [@denkensk](https://github.com/denkensk)) [SIG API Machinery, Apps, Scheduling and Testing] 3004 - Scheduler: include supported ScoringStrategyType list in error message for NodeResourcesFit plugin ([#111206](https://github.com/kubernetes/kubernetes/pull/111206), [@SataQiu](https://github.com/SataQiu)) [SIG Scheduling] 3005 - The Pod `spec.podOS` field is promoted to GA. The `IdentifyPodOS` feature gate unconditionally enabled, and will no longer be accepted as a `--feature-gates` parameter in 1.27. ([#111229](https://github.com/kubernetes/kubernetes/pull/111229), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG API Machinery, Apps and Windows] 3006 - The command line flag `enable-taint-manager` for kube-controller-manager is deprecated and will be removed in 1.26. 3007 The feature that it supports, taint based eviction, is enabled by default and will continue to be implicitly enabled when the flag is removed. ([#111411](https://github.com/kubernetes/kubernetes/pull/111411), [@alculquicondor](https://github.com/alculquicondor)) [SIG API Machinery] 3008 - [Ephemeral Containers](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/) are now generally available. The `EphemeralContainers` feature gate is always enabled and should be removed from `--feature-gates` flag on the kube-apiserver and the kubelet command lines. The `EphemeralContainers` feature gate is [deprecated and scheduled for removal](https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation) in a future release. ([#111402](https://github.com/kubernetes/kubernetes/pull/111402), [@verb](https://github.com/verb)) [SIG API Machinery, Apps, Node, Storage and Testing] 3009 3010 ### Feature 3011 3012 - A new flag `etcd-ready-timeout` has been added. It configures a timeout of an additional etcd check performed as part of readyz check. ([#111399](https://github.com/kubernetes/kubernetes/pull/111399), [@Argh4k](https://github.com/Argh4k)) [SIG API Machinery] 3013 - Add a new `align-by-socket` policy option to cpu manager `static` policy. When enabled CPU's to be aligned at socket boundary rather than NUMA boundary. ([#111278](https://github.com/kubernetes/kubernetes/pull/111278), [@arpitsardhana](https://github.com/arpitsardhana)) [SIG Node] 3014 - Add container probe duration metrics ([#104484](https://github.com/kubernetes/kubernetes/pull/104484), [@jackfrancis](https://github.com/jackfrancis)) [SIG Instrumentation and Node] 3015 - Added Service Account field in the output of `kubectl describe pod` command. ([#111192](https://github.com/kubernetes/kubernetes/pull/111192), [@aufarg](https://github.com/aufarg)) [SIG CLI] 3016 - Adds new flags into alpha events such as --output, --types, --no-headers ([#110007](https://github.com/kubernetes/kubernetes/pull/110007), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI and Testing] 3017 - CSIMigrationAWS upgraded to GA and locked to true. ([#111479](https://github.com/kubernetes/kubernetes/pull/111479), [@wongma7](https://github.com/wongma7)) [SIG Apps, Scheduling and Storage] 3018 - CSIMigrationGCE upgraded to GA and locked to true. ([#111301](https://github.com/kubernetes/kubernetes/pull/111301), [@mattcary](https://github.com/mattcary)) [SIG Apps, Node, Scheduling and Storage] 3019 - Feature gate `ProbeTerminationGracePeriod` is enabled by default. ([#108541](https://github.com/kubernetes/kubernetes/pull/108541), [@kerthcet](https://github.com/kerthcet)) [SIG Node] 3020 - Ginkgo: when e2e tests are invoked through ginkgo-e2e.sh, the default now is to use color escape sequences only when connected to a terminal. `GINKGO_NO_COLOR=y/n` can be used to override that default. ([#111633](https://github.com/kubernetes/kubernetes/pull/111633), [@pohly](https://github.com/pohly)) [SIG Testing] 3021 - Graduated `CustomResourceValidationExpressions` to `beta`. The `CustomResourceValidationExpressions` feature gate is now enabled by default. ([#111524](https://github.com/kubernetes/kubernetes/pull/111524), [@cici37](https://github.com/cici37)) [SIG API Machinery] 3022 - If a Pod has a DisruptionTarget condition with status=True for more than 2 minutes without getting a DeletionTimestamp, the control plane resets it to status=False ([#111475](https://github.com/kubernetes/kubernetes/pull/111475), [@alculquicondor](https://github.com/alculquicondor)) [SIG API Machinery, Apps, Node and Testing] 3023 - Kubectl diff changed to ignore managed fields by default, and a new --show-managed-fields flag has been added to allow you to include managed fields in the diff ([#111319](https://github.com/kubernetes/kubernetes/pull/111319), [@brianpursley](https://github.com/brianpursley)) [SIG CLI] 3024 - Kubernetes is now built with go 1.19.0 ([#111679](https://github.com/kubernetes/kubernetes/pull/111679), [@puerco](https://github.com/puerco)) [SIG Release and Testing] 3025 - Metric `running_managed_controllers` is enabled for Cloud Node Lifecycle controller ([#111033](https://github.com/kubernetes/kubernetes/pull/111033), [@jprzychodzen](https://github.com/jprzychodzen)) [SIG Apps, Cloud Provider and Network] 3026 - Metric `running_managed_controllers` is enabled for Node IPAM controller in KCM ([#111466](https://github.com/kubernetes/kubernetes/pull/111466), [@jprzychodzen](https://github.com/jprzychodzen)) [SIG API Machinery, Apps, Cloud Provider and Network] 3027 - Metric `running_managed_controllers` is enabled for Route,Service and Cloud Node controllers in KCM and CCM ([#111462](https://github.com/kubernetes/kubernetes/pull/111462), [@jprzychodzen](https://github.com/jprzychodzen)) [SIG Cloud Provider, Network and Testing] 3028 - New flag `--disable-compression-for-client-ips` can be used to control client address ranges for which traffic shouldn't be compressed. ([#111507](https://github.com/kubernetes/kubernetes/pull/111507), [@mborsz](https://github.com/mborsz)) [SIG API Machinery] 3029 - Promote LocalStorageCapacityIsolationFSQuotaMonitoring to beta ([#107329](https://github.com/kubernetes/kubernetes/pull/107329), [@pacoxu](https://github.com/pacoxu)) [SIG Node and Testing] 3030 - Update cAdvisor to v0.45.0 ([#111647](https://github.com/kubernetes/kubernetes/pull/111647), [@bobbypage](https://github.com/bobbypage)) [SIG Node] 3031 3032 ### Bug or Regression 3033 3034 - Faster mount detection for linux kernel 5.10+ using openat2 speeding up pod churn rates. On Kernel versions less 5.10, it will fallback to using the original way of detecting mount points i.e by parsing /proc/mounts. ([#109217](https://github.com/kubernetes/kubernetes/pull/109217), [@manugupt1](https://github.com/manugupt1)) [SIG Cloud Provider and Storage] 3035 - Fix JobTrackingWithFinalizers when a pod succeeds after the job is considered failed, which led to API conflicts that blocked finishing the job. ([#111646](https://github.com/kubernetes/kubernetes/pull/111646), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing] 3036 - Fix performance issue when creating large objects using SSA with fully unspecified schemas (preserveUnknownFields). ([#111557](https://github.com/kubernetes/kubernetes/pull/111557), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage] 3037 - Fix s.RuntimeCgroups error condition and Fix possible wrong log print ([#110648](https://github.com/kubernetes/kubernetes/pull/110648), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Node] 3038 - Fixed mounting of iSCSI volumes over IPv6 networks. ([#110688](https://github.com/kubernetes/kubernetes/pull/110688), [@jsafrane](https://github.com/jsafrane)) [SIG Storage] 3039 - Fixes a bug which could have allowed an improperly annotated LoadBalancer service to become active. ([#109601](https://github.com/kubernetes/kubernetes/pull/109601), [@mdbooth](https://github.com/mdbooth)) [SIG Cloud Provider and Network] 3040 - Kubeadm: enable the --experimental-watch-progress-notify-interval flag for etcd and set it to 5s. The flag specifies an interval at which etcd sends watch data to the kube-apiserver. ([#111383](https://github.com/kubernetes/kubernetes/pull/111383), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG Cluster Lifecycle] 3041 - Kubelet: add log for volume metric collection taking too long ([#107490](https://github.com/kubernetes/kubernetes/pull/107490), [@pacoxu](https://github.com/pacoxu)) [SIG Node and Storage] 3042 - Kubelet: add validation for labels provided with --node-labels. Malformed labels will result in errors. ([#109263](https://github.com/kubernetes/kubernetes/pull/109263), [@FeLvi-zzz](https://github.com/FeLvi-zzz)) [SIG Node] 3043 - Make usage of key encipherment optional in API validation ([#111061](https://github.com/kubernetes/kubernetes/pull/111061), [@pacoxu](https://github.com/pacoxu)) [SIG Apps, Auth and Node] 3044 - Namespace editors and admins can now create leases.coordination.k8s.io and should use this type for leaderelection instead of configmaps. ([#111472](https://github.com/kubernetes/kubernetes/pull/111472), [@deads2k](https://github.com/deads2k)) [SIG API Machinery and Auth] 3045 - Print pod.Spec.RuntimeClassName in kubectl describe ([#110914](https://github.com/kubernetes/kubernetes/pull/110914), [@yeahdongcn](https://github.com/yeahdongcn)) [SIG CLI] 3046 - Reduce the number of cloud API calls and service downtime caused by excessive re-configurations of cluster LBs with externalTrafficPolicy=Local when node readiness changes (https://github.com/kubernetes/kubernetes/issues/111539). The service controller (in cloud-controller-manager) will avoid resyncing nodes which are transitioning between `Ready` / `NotReady` (only for for ETP=Local Services). The LBs used for these services will solely rely on the health check probe defined by the `healthCheckNodePort` to determine if a particular node is to be used for traffic load balancing. ([#109706](https://github.com/kubernetes/kubernetes/pull/109706), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG API Machinery, Cloud Provider, Network and Testing] 3047 - Remove the recently re-introduced schedulability predicate (by PR: https://github.com/kubernetes/kubernetes/pull/109706) as to not have unschedulable nodes removed from load balancers back-end pools. ([#111691](https://github.com/kubernetes/kubernetes/pull/111691), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG Cloud Provider and Network] 3048 - The `priority_level_request_utilization` metric histogram is adjusted so that for the cases where `phase=waiting` the denominator is the cumulative capacity of all of the priority level's queues. 3049 The `read_vs_write_current_requests` metric histogram is adjusted, in the case of using API Priority and Fairness instead of max-in-flight, to divide by the relevant limit: sum of queue capacities for waiting requests, sum of seat limits for executing requests. ([#110164](https://github.com/kubernetes/kubernetes/pull/110164), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery, Instrumentation and Testing] 3050 - This change fixes the gce firewall update when the destination IPs are changing so that firewalls reflect the IP updates of the LBs. ([#111186](https://github.com/kubernetes/kubernetes/pull/111186), [@sugangli](https://github.com/sugangli)) [SIG Cloud Provider] 3051 - Unmount volumes correctly for reconstructed volumes even if mount operation fails after kubelet restart ([#110670](https://github.com/kubernetes/kubernetes/pull/110670), [@gnufied](https://github.com/gnufied)) [SIG Node and Storage] 3052 - Update max azure data disk count map with new VM types ([#111406](https://github.com/kubernetes/kubernetes/pull/111406), [@bennerv](https://github.com/bennerv)) [SIG Cloud Provider and Storage] 3053 - Upgrades functionality of `kubectl kustomize` as described at 3054 https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.5.7 ([#111606](https://github.com/kubernetes/kubernetes/pull/111606), [@natasha41575](https://github.com/natasha41575)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider and Instrumentation] 3055 - UserName check for 'ContainerAdministrator' is now case-insensitive if runAsNonRoot is set to true on Windows. ([#111009](https://github.com/kubernetes/kubernetes/pull/111009), [@marosset](https://github.com/marosset)) [SIG Node, Testing and Windows] 3056 - Windows kubelet plugin Watcher now working as intended. ([#111439](https://github.com/kubernetes/kubernetes/pull/111439), [@claudiubelu](https://github.com/claudiubelu)) [SIG Node, Testing and Windows] 3057 3058 ### Other (Cleanup or Flake) 3059 3060 - Add e2e test flag to specify which volume drivers should be installed. This deprecates the ENABLE_STORAGE_GCE_PD_DRIVER environment variable. ([#111481](https://github.com/kubernetes/kubernetes/pull/111481), [@mattcary](https://github.com/mattcary)) [SIG Storage and Testing] 3061 - Default burst limit for the discovery client is now 300. ([#109141](https://github.com/kubernetes/kubernetes/pull/109141), [@ulucinar](https://github.com/ulucinar)) [SIG API Machinery and CLI] 3062 - For Linux, `kube-proxy` uses a new “distroless” container image, instead of an image based on Debian. ([#111060](https://github.com/kubernetes/kubernetes/pull/111060), [@aojea](https://github.com/aojea)) [SIG Network, Release and Testing] 3063 - Kube-scheduler ComponentConfig v1beta2 is deprecated in v1.25. ([#111547](https://github.com/kubernetes/kubernetes/pull/111547), [@kerthcet](https://github.com/kerthcet)) [SIG Scheduling] 3064 - Shell completion is now provided for the "--subresource" flag. ([#109070](https://github.com/kubernetes/kubernetes/pull/109070), [@marckhouzam](https://github.com/marckhouzam)) [SIG CLI] 3065 - The kubelet no longer supports collecting accelerator metrics through cAdvisor. The feature gate `DisableAcceleratorUsageMetrics` is now GA and cannot be disabled. ([#110940](https://github.com/kubernetes/kubernetes/pull/110940), [@pacoxu](https://github.com/pacoxu)) [SIG Node] 3066 3067 ## Dependencies 3068 3069 ### Added 3070 - github.com/gogo/googleapis: [v1.4.1](https://github.com/gogo/googleapis/tree/v1.4.1) 3071 - go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful: v0.20.0 3072 - go.opentelemetry.io/contrib/propagators: v0.20.0 3073 3074 ### Changed 3075 - github.com/containerd/containerd: [v1.4.12 → v1.4.9](https://github.com/containerd/containerd/compare/v1.4.12...v1.4.9) 3076 - github.com/docker/docker: [v20.10.12+incompatible → v20.10.17+incompatible](https://github.com/docker/docker/compare/v20.10.12...v20.10.17) 3077 - github.com/google/cadvisor: [v0.44.1 → v0.45.0](https://github.com/google/cadvisor/compare/v0.44.1...v0.45.0) 3078 - github.com/google/cel-go: [v0.12.3 → v0.12.4](https://github.com/google/cel-go/compare/v0.12.3...v0.12.4) 3079 - github.com/imdario/mergo: [v0.3.5 → v0.3.6](https://github.com/imdario/mergo/compare/v0.3.5...v0.3.6) 3080 - github.com/matttproud/golang_protobuf_extensions: [c182aff → v1.0.1](https://github.com/matttproud/golang_protobuf_extensions/compare/c182aff...v1.0.1) 3081 - github.com/xlab/treeprint: [a009c39 → v1.1.0](https://github.com/xlab/treeprint/compare/a009c39...v1.1.0) 3082 - github.com/yuin/goldmark: [v1.4.1 → v1.4.13](https://github.com/yuin/goldmark/compare/v1.4.1...v1.4.13) 3083 - golang.org/x/mod: 9b9b3d8 → 86c51ed 3084 - golang.org/x/net: 27dd868 → a158d28 3085 - golang.org/x/sync: 036812b → 886fb93 3086 - golang.org/x/sys: a9b59b0 → 8c9f86f 3087 - golang.org/x/tools: v0.1.10 → v0.1.12 3088 - k8s.io/kube-openapi: 011e075 → 67bda5d 3089 - k8s.io/utils: 3a6ce19 → ee6ede2 3090 - sigs.k8s.io/kustomize/api: v0.11.4 → v0.12.1 3091 - sigs.k8s.io/kustomize/cmd/config: v0.10.6 → v0.10.9 3092 - sigs.k8s.io/kustomize/kustomize/v4: v4.5.4 → v4.5.7 3093 - sigs.k8s.io/kustomize/kyaml: v0.13.6 → v0.13.9 3094 - sigs.k8s.io/structured-merge-diff/v4: v4.2.1 → v4.2.3 3095 3096 ### Removed 3097 - github.com/clusterhq/flocker-go: [2b8b725](https://github.com/clusterhq/flocker-go/tree/2b8b725) 3098 - github.com/quobyte/api: [v0.1.8](https://github.com/quobyte/api/tree/v0.1.8) 3099 - github.com/storageos/go-api: [v2.2.0+incompatible](https://github.com/storageos/go-api/tree/v2.2.0) 3100 3101 3102 3103 # v1.25.0-alpha.3 3104 3105 3106 ## Downloads for v1.25.0-alpha.3 3107 3108 3109 3110 ### Source Code 3111 3112 filename | sha512 hash 3113 -------- | ----------- 3114 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes.tar.gz) | 7f4c79b7ed811df512afca3b8cd9cac2e7119b8ea3f2a03c858d9482e9b788e85fa0f78e60e913e3fc6ba30c5c398730461f5d9753839cf7acc8108089c7c9d7 3115 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-src.tar.gz) | b6ccd63be2677633774f98d182a3acd4828135dd43bb8cd532f722373f8271d00295b401a0344c6b263c9c44fcdd1f815263e0ac31e60f0e55b38435a8cde7bc 3116 3117 ### Client Binaries 3118 3119 filename | sha512 hash 3120 -------- | ----------- 3121 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-darwin-amd64.tar.gz) | c1cc390b4aa00bcb367a746af4ea6dd884662559254367868fd57afd79c45b51dc3cf62861e980b91059a998bf13a8deba247b068ab7df179cc3206af4e731fa 3122 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-darwin-arm64.tar.gz) | b5fbc71abe517ab45486708081b66938f6643c2d85b3630a13008338ba65f0be56d3304e00d013ed49c67edd39a60cae1b045bd9165c8c1bd562e1bc6df09803 3123 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-linux-386.tar.gz) | f981b4421493d3588c4f8fcb4dc95821d7218cc10a62fc68264dad2d640e8e2ece4a4647f5cf96bf9337719c9a803c72255b6d5fbbc5533c719e9e59ccb50de6 3124 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-linux-amd64.tar.gz) | ec2d0dda384702d5c826f08a71d6527d79565a4f81dbd56f5482ffde889e6d5d9a6cd26824212af1e91f2ba84f062b6926cf795edc3dac1174e085a14be4ced5 3125 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-linux-arm.tar.gz) | 7125fa0b199de63d1ffe56d5749e8a37cf4d61e993a6fa3c6cc47f1e3d120b949eec3c2901df0875a579f3b4fa142925918169a6a1dfa098932c57b91d5cf53b 3126 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-linux-arm64.tar.gz) | ee24154a7f95cb9c73c1eb53ccd3dc297492afd319b3581682a5050d825cf52c01753ae1fc18cb8bc6c5fa22ba019642edafaccf87b7077320ac8976a0b66655 3127 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-linux-ppc64le.tar.gz) | b1218f27c5f3183622d7ec909c416df2bdf7a178005dccf4c84f24340140f9221fe6c284e7947ff4d59cc652d3489758f406fc27e60593f3aaa1c5ac692556d9 3128 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-linux-s390x.tar.gz) | 4aa77ffe79235a5c3dfffd797a567535c2b23a47fd10840bed5db8f3ad623bc1977045fd13e14875f8cddc59b9d146babe5904ed4e2a9e4d2920894dca6e7d15 3129 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-windows-386.tar.gz) | 5c3c42e37f8d6cb53d8abd8a8af7b8da8dad8151f8182428714acc0809e1a0d478488f9d106f5c6acc1ec0489ee22c63230f65f0677796605c3e0bde352440c9 3130 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-windows-amd64.tar.gz) | 1c55a3c1a73d519a4958e2ec79a56bbe28b27bada3af605efcd60a3a643244b24d7eaf2932046a811c11aa98a32de460613b012bbb7adfe0d13aa8a9a9113acc 3131 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-windows-arm64.tar.gz) | 855779f6a7b5d75c60ba21401b2c9a94672dd9a99250bb95103a871e59232e4b409e3330d0ef946899b077f6c43f2bc3eb32c22f3fcc731b6db34247d3278fee 3132 3133 ### Server Binaries 3134 3135 filename | sha512 hash 3136 -------- | ----------- 3137 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-server-linux-amd64.tar.gz) | 1a25a5475380658ad56bd49e7db241cec648179df8627a1975d996c0656629a272427f944a587a817b28e2690a5723fcf00127084ef84505d13cb64d7a4ccc61 3138 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-server-linux-arm.tar.gz) | ad9e57e6d46d2b0840df0e67c9162524175667c05abc30338c0fec06ecc130ca616346c1c54195c08732950d428c51f5b0898eb4f09f64d94407dfb432daf028 3139 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-server-linux-arm64.tar.gz) | ba04737cf996a2ada5db399df37b736f4511670e4d2537effab97f8f5b774b624ecce3fdcffa42d4edb5e084f62ba0fe526dfabc42b137c29570bc6516d6053a 3140 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-server-linux-ppc64le.tar.gz) | d5f6ab04e5017132e3f76251b6a91791b5b62b8a897ffddada6e4bb7172ad771c72472e63bdfb296240ef8794d57d5c7382dc13af4d6d49a4e716b6215f693e8 3141 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-server-linux-s390x.tar.gz) | 9878847bcff5c4154eb2fc85f6962a0be8c37a126b23a1351eb2bc65bb22ddabce3f32473f35e91463e464a1189f5caaa764c1019e4217bfd86223b878f4ae69 3142 3143 ### Node Binaries 3144 3145 filename | sha512 hash 3146 -------- | ----------- 3147 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-node-linux-amd64.tar.gz) | e6f58c79b02d4a6a6d65be9d890cd6cdfeb61a200439f4640f7c3529c38524bf19ba5769514ebeee95a3fc1da2c67049ce563f8cc39635bf025930e74319c944 3148 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-node-linux-arm.tar.gz) | ead6acf178ea4e74dfc64a06f1c2deb88bf940af44e50117706a0b11ba86cf9fce66346bc5a22f857c10994d3e7145eb89d74f5e8c35133a03cc6f18630c9439 3149 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-node-linux-arm64.tar.gz) | a253334f379c9df9cb81bc9ce68c1034b091c765e29c80e34d7c0eb7cd8bf743f66e004f45853ecc9de9a5aa5c757736bc6baa09fcd571297edd32a44e719baf 3150 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-node-linux-ppc64le.tar.gz) | 44d54ce977e3e97abf5020de3957903a1c06caa4f034ce9c6af3b975bb6ea2559f33bce870e684712815f27f70c5cad793c965ae645689a9ca0bad6360a93f9b 3151 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-node-linux-s390x.tar.gz) | 02739821cc67e7146e89646f357475a362ca75a42e266c8c430582743126ee78db22dbfde9a3a51e92a28ca1d35dcdb79dd5a89383a68918b489a8feaf3d01e8 3152 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-node-windows-amd64.tar.gz) | 0a2c21b73203531d4772d178a6b1a642147a02171d0563fadc8041e2f8972f6fa2d475e44105b8f17d58f04fffd7eecb3e1f2d0cc5dd8c9ebe581e1b539c0912 3153 3154 ### Container Images 3155 3156 All container images are available as manifest lists and support the described 3157 architectures. It is also possible to pull a specific architecture directly by 3158 adding the "-$ARCH" suffix to the container image name. 3159 3160 name | architectures 3161 ---- | ------------- 3162 [k8s.gcr.io/conformance:v1.25.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 3163 [k8s.gcr.io/kube-apiserver:v1.25.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 3164 [k8s.gcr.io/kube-controller-manager:v1.25.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 3165 [k8s.gcr.io/kube-proxy:v1.25.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 3166 [k8s.gcr.io/kube-scheduler:v1.25.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 3167 3168 ## Changelog since v1.25.0-alpha.2 3169 3170 ## Urgent Upgrade Notes 3171 3172 ### (No, really, you MUST read this before you upgrade) 3173 3174 - End-to-end testing has been migrated from Ginkgo v1 to v2. 3175 3176 When running test/e2e via the Ginkgo CLI, the v2 CLI must be used and `-timeout=24h` (or some other, suitable value) must be passed because the default timeout was reduced from 24h to 1h. When running it via `go test`, the corresponding `-args` parameter is `-ginkgo.timeout=24h`. To build the CLI in the Kubernetes repo, use `make all WHAT=github.com/onsi/ginkgo/v2/ginkgo`. 3177 Ginkgo V2 doesn't accept go test's `-parallel` flags to parallelize Ginkgo specs, please switch to use `ginkgo -p` or `ginkgo -procs=N` instead. ([#109111](https://github.com/kubernetes/kubernetes/pull/109111), [@chendave](https://github.com/chendave)) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage, Testing and Windows] 3178 3179 ## Changes by Kind 3180 3181 ### Deprecation 3182 3183 - Ginkgo.Measure has been deprecated in Ginkgo V2, switch to use gomega/gmeasure instead ([#111065](https://github.com/kubernetes/kubernetes/pull/111065), [@chendave](https://github.com/chendave)) [SIG Autoscaling and Testing] 3184 3185 ### API Change 3186 3187 - Added a new feature gate `CheckpointRestore` to enable support to checkpoint containers. If enabled it is possible to checkpoint a container using the newly kubelet API (/checkpoint/{podNamespace}/{podName}/{containerName}). ([#104907](https://github.com/kubernetes/kubernetes/pull/104907), [@adrianreber](https://github.com/adrianreber)) [SIG Node and Testing] 3188 - EndPort field in Network Policy is now promoted to GA 3189 3190 Network Policy providers that support endPort field now can use it to specify a range of ports to apply a Network Policy. 3191 3192 Previously, each Network Policy could only target a single port. 3193 3194 Please be aware that endPort field MUST BE SUPPORTED by the Network Policy provider. In case your provider does not support endPort and this field is specified in a Network Policy, the Network Policy will be created covering only the port field (single port). ([#110868](https://github.com/kubernetes/kubernetes/pull/110868), [@rikatz](https://github.com/rikatz)) [SIG API Machinery, Network and Testing] 3195 - Make PodSpec.Ports' description clearer on how this information is only informational and how it can be incorrect. ([#110564](https://github.com/kubernetes/kubernetes/pull/110564), [@j4m3s-s](https://github.com/j4m3s-s)) [SIG API Machinery, Network and Node] 3196 - On compatible systems, a mounter's Unmount implementation is changed to not return an error when the specified target can be detected as not a mount point. On Linux, the behavior of detecting a mount point depends on `umount` command is validated when the mounter is created. Additionally, mount point checks will be skipped in CleanupMountPoint/CleanupMountWithForce if the mounter's Unmount having the changed behavior of not returning error when target is not a mount point. ([#109676](https://github.com/kubernetes/kubernetes/pull/109676), [@cartermckinnon](https://github.com/cartermckinnon)) [SIG Storage] 3197 - Promote StatefulSet minReadySeconds to GA. This means `--feature-gates=StatefulSetMinReadySeconds=true` are not needed on kube-apiserver and kube-controller-manager binaries and they'll be removed soon following policy at https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation ([#110896](https://github.com/kubernetes/kubernetes/pull/110896), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG API Machinery, Apps and Testing] 3198 - The Pod `spec.podOS` field is promoted to GA. The `IdentifyPodOS` feature gate unconditionally enabled, and will no longer be accepted as a `--feature-gates` parameter in 1.27. ([#111229](https://github.com/kubernetes/kubernetes/pull/111229), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG API Machinery, Apps and Windows] 3199 - The `minDomains` field in Pod Topology Spread is graduated to beta ([#110388](https://github.com/kubernetes/kubernetes/pull/110388), [@sanposhiho](https://github.com/sanposhiho)) [SIG API Machinery and Apps] 3200 3201 ### Feature 3202 3203 - Enable the beta feature ServiceIPStaticSubrange by default ([#110703](https://github.com/kubernetes/kubernetes/pull/110703), [@aojea](https://github.com/aojea)) [SIG Network] 3204 - Enabling CSIMigrationvSphere feature by default. ([#103523](https://github.com/kubernetes/kubernetes/pull/103523), [@divyenpatel](https://github.com/divyenpatel)) [SIG Cloud Provider and Storage] 3205 - Graduated SeccompDefault to `beta`. The Kubelet feature gate is now enabled by default and the configuration/CLI flag still defaults to `false`. ([#110805](https://github.com/kubernetes/kubernetes/pull/110805), [@saschagrunert](https://github.com/saschagrunert)) [SIG Node and Testing] 3206 - Graduated ServerSideFieldValidation to `beta`. Schema validation is performed server-side and requests will receive warnings for any invalid/unknown fields by default. ([#110178](https://github.com/kubernetes/kubernetes/pull/110178), [@kevindelgado](https://github.com/kevindelgado)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing] 3207 - In "large" clusters, kube-proxy in iptables mode will now sometimes 3208 leave unused rules in iptables for a while (up to `--iptables-sync-period`) 3209 before deleting them. This improves performance by not requiring it to 3210 check for stale rules on every sync. (In smaller clusters, it will still 3211 remove unused rules immediately once they are no longer used.) 3212 3213 (The threshold for "large" used here is currently "1000 endpoints" but 3214 this is subject to change.) ([#110334](https://github.com/kubernetes/kubernetes/pull/110334), [@danwinship](https://github.com/danwinship)) [SIG Network] 3215 - Introduce new KUBECACHEDIR environment variable to override default discovery cache directory which is $HOME/.kube/cache ([#109479](https://github.com/kubernetes/kubernetes/pull/109479), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI] 3216 - JobTrackingWithFinalizers enabled by default. This feature allows to keep track of the Job progress without relying on Pods staying in the apiserver. ([#110948](https://github.com/kubernetes/kubernetes/pull/110948), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps] 3217 - Kubeadm: make sure the etcd static pod startup probe uses /health?serializable=false while the liveness probe uses /health?serializable=true&exclude=NOSPACE. The NOSPACE exclusion would allow administrators to address space issues one member at a time. ([#110744](https://github.com/kubernetes/kubernetes/pull/110744), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] 3218 - Pod SecurityContext and PodSecurityPolicy supports slash as sysctl separator. ([#106834](https://github.com/kubernetes/kubernetes/pull/106834), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG Apps, Architecture, Auth, Node, Security and Testing] 3219 3220 ### Documentation 3221 3222 - Optimization of kubectl Chinese translation ([#110538](https://github.com/kubernetes/kubernetes/pull/110538), [@hwdef](https://github.com/hwdef)) [SIG CLI] 3223 3224 ### Bug or Regression 3225 3226 - Adds error message "dry-run can not be used when --force is set" when dry-run and force flags are set in replace command. ([#110326](https://github.com/kubernetes/kubernetes/pull/110326), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI] 3227 - Bug fix in test/e2e/framework Framework.RecordFlakeIfError ([#111048](https://github.com/kubernetes/kubernetes/pull/111048), [@alingse](https://github.com/alingse)) [SIG Testing] 3228 - Do not report terminated container metrics ([#110950](https://github.com/kubernetes/kubernetes/pull/110950), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Node] 3229 - Fix bug where a job sync is not retried when there is a transient ResourceQuota conflict ([#111026](https://github.com/kubernetes/kubernetes/pull/111026), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps] 3230 - Fixes scheduling of cronjobs with @every X schedules. ([#109250](https://github.com/kubernetes/kubernetes/pull/109250), [@d-honeybadger](https://github.com/d-honeybadger)) [SIG Apps] 3231 - For scheduler plugin developers: the scheduler framework's shared PodInformer is now initialized with empty indexers. This enables scheduler plugins to add their extra indexers. Note that only non-conflict indexers are allowed to be added. ([#110663](https://github.com/kubernetes/kubernetes/pull/110663), [@fromanirh](https://github.com/fromanirh)) [SIG Scheduling] 3232 - If the parent directory of the file specified in the `--audit-log-path` argument does not exist, Kubernetes now creates it. ([#110813](https://github.com/kubernetes/kubernetes/pull/110813), [@vpnachev](https://github.com/vpnachev)) [SIG Auth] 3233 - Kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join ([#110791](https://github.com/kubernetes/kubernetes/pull/110791), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 3234 - Kubeadm: respect user specified image repository when using Kubernetes ci version ([#111017](https://github.com/kubernetes/kubernetes/pull/111017), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 3235 - Kubeadm: support retry mechanism for removing container in reset phase ([#110837](https://github.com/kubernetes/kubernetes/pull/110837), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 3236 - Run kubelet, when there is an error exit, print the error log ([#110691](https://github.com/kubernetes/kubernetes/pull/110691), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Node] 3237 - The node annotation alpha.kubernetes.io/provided-node-ip is no longer set ONLY when `--cloud-provider=external`. Now, it is set on kubelet startup if the `--cloud-provider` flag is set at all, including the deprecated in-tree providers. ([#109794](https://github.com/kubernetes/kubernetes/pull/109794), [@mdbooth](https://github.com/mdbooth)) [SIG Network and Node] 3238 - When metrics are counted, discard the wrong container StartTime metrics ([#110880](https://github.com/kubernetes/kubernetes/pull/110880), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Instrumentation and Node] 3239 - [aws] Fixed a bug which reduces the number of unnecessary calls to STS in the event of assume role failures in the legacy cloud provider ([#110706](https://github.com/kubernetes/kubernetes/pull/110706), [@prateekgogia](https://github.com/prateekgogia)) [SIG Cloud Provider] 3240 3241 ### Other (Cleanup or Flake) 3242 3243 - In the event that more than one IngressClass is designated "default", the DefaultIngressClass admission controller will choose one rather than fail. ([#110974](https://github.com/kubernetes/kubernetes/pull/110974), [@kidddddddddddddddddddddd](https://github.com/kidddddddddddddddddddddd)) [SIG Network] 3244 - Kube-proxy: The "userspace" proxy-mode is deprecated on Linux and Windows, despite being the default on Windows. As of v1.26, the default mode for Windows will change to 'kernelspace'. ([#110762](https://github.com/kubernetes/kubernetes/pull/110762), [@pandaamanda](https://github.com/pandaamanda)) [SIG Network] 3245 - Some apiserver metrics were changed, as follows. 3246 - `priority_level_seat_count_samples` is replaced with `priority_level_seat_utilization`, which samples every nanosecond rather than every millisecond; the old metric conveyed utilization despite its name. 3247 - `priority_level_seat_count_watermarks` is removed. 3248 - `priority_level_request_count_samples` is replaced with `priority_level_request_utilization`, which samples every nanosecond rather than every millisecond; the old metric conveyed utilization despite its name. 3249 - `priority_level_request_count_watermarks` is removed. 3250 - `read_vs_write_request_count_samples` is replaced with `read_vs_write_current_requests`, which samples every nanosecond rather than every second; the new metric, like the old one, measures utilization when the max-in-flight filter is used and number of requests when the API Priority and Fairness filter is used. 3251 - `read_vs_write_request_count_watermarks` is removed. ([#110104](https://github.com/kubernetes/kubernetes/pull/110104), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery, Instrumentation and Testing] 3252 3253 ## Dependencies 3254 3255 ### Added 3256 - github.com/go-task/slim-sprig: [348f09d](https://github.com/go-task/slim-sprig/tree/348f09d) 3257 - github.com/google/pprof: [94a9f03](https://github.com/google/pprof/tree/94a9f03) 3258 - github.com/ianlancetaylor/demangle: [28f6c0f](https://github.com/ianlancetaylor/demangle/tree/28f6c0f) 3259 - github.com/onsi/ginkgo/v2: [v2.1.4](https://github.com/onsi/ginkgo/v2/tree/v2.1.4) 3260 3261 ### Changed 3262 - github.com/antlr/antlr4/runtime/Go/antlr: [ad29539 → f25a4f6](https://github.com/antlr/antlr4/runtime/Go/antlr/compare/ad29539...f25a4f6) 3263 - github.com/google/cel-go: [v0.11.2 → v0.12.3](https://github.com/google/cel-go/compare/v0.11.2...v0.12.3) 3264 - github.com/onsi/gomega: [v1.10.1 → v1.19.0](https://github.com/onsi/gomega/compare/v1.10.1...v1.19.0) 3265 - golang.org/x/net: cd36cc0 → 27dd868 3266 - golang.org/x/sys: 3681064 → a9b59b0 3267 - golang.org/x/tools: 897bd77 → v0.1.10 3268 - google.golang.org/genproto: 1973136 → c8bf987 3269 - google.golang.org/protobuf: v1.27.1 → v1.28.0 3270 - k8s.io/klog/v2: v2.70.0 → v2.70.1 3271 - k8s.io/kube-openapi: 31174f5 → 011e075 3272 - sigs.k8s.io/json: 9f7c6b3 → f223a00 3273 3274 ### Removed 3275 - github.com/nxadm/tail: [v1.4.4](https://github.com/nxadm/tail/tree/v1.4.4) 3276 - github.com/onsi/ginkgo: [v1.14.0](https://github.com/onsi/ginkgo/tree/v1.14.0) 3277 - gopkg.in/tomb.v1: dd63297 3278 3279 3280 3281 # v1.25.0-alpha.2 3282 3283 3284 ## Downloads for v1.25.0-alpha.2 3285 3286 3287 3288 ### Source Code 3289 3290 filename | sha512 hash 3291 -------- | ----------- 3292 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes.tar.gz) | 72eb69d6fa1af801e98f207711ff30a2f77c95e71174386976d43e4704f8ff4a88e6e04c1a15d4b9806fc9ada321e39c74bed751049bb45a31f6fdbd85acde42 3293 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-src.tar.gz) | 94dfca305c9bae36ff6984b06f335720db5dc6df41852012c8284424fbf021814461de0b376c3eed850f65e353b544ca66b0fc2d86c3b46dd6701c5380600e5b 3294 3295 ### Client Binaries 3296 3297 filename | sha512 hash 3298 -------- | ----------- 3299 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-darwin-amd64.tar.gz) | d71f74e1d9d3fbc59e25df8c43b6af360bcdf3ac3597411092e22359ecf6fc7f1091f01996865603ca0d65bfe1764bbc2cfa1aa94b5f9fad4b457986a880d42d 3300 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-darwin-arm64.tar.gz) | 824a641a183a6a88a71a5d1cffe1c4db40a59e455dae0586bb379d71095fb9011c0a6c4a1338189c3c7615cec8b71c355d3ef18ff15bb72c82ba08027403b0be 3301 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-linux-386.tar.gz) | b6bfb3d57f5842bb30cdf6b00442a43cb555dff741575a7b0ee43ffa8661b23db8e540a8cf2fd47c9ccf9454e0be593a4a06bc0a308d1861cc58cf3604739626 3302 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-linux-amd64.tar.gz) | a71cd1bdf181a0a8fe0484aee393761b4fc50dbf6b71a589e2f3322fe9452302675a2d8deb3b087e9cc7e7495e5c7c3b7f2f70e065c65c83cf23561b8d32d97f 3303 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-linux-arm.tar.gz) | 6cec180b1b623277b7ff9a680714f005ec4a606ab3297ac8159ed463cf268aa5668a4a8c5cddd63512869c46258193b9d0bedd7bae8a1e355c6ea84affbd9a7d 3304 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-linux-arm64.tar.gz) | 9a6d51a396a96f5beb49327fae9aaec5e391fbbb44db4698f9b25fce1882b3d921b8b65e10b10f4b840f14e5e6c210f4a318c52c627e327adc9742dc5d909d6c 3305 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-linux-ppc64le.tar.gz) | 533b2aedea645803cb282f84fbd8c38ee3146edaf33ff86dad85e9b9602a33f4ec19eceaf60cc3d4c02ef811a4a35c1c8cedad4d702c8c57f1a8c64b3d1c2674 3306 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-linux-s390x.tar.gz) | fa83bc04fb0802638929fd4174342ec8ac567b996d5b44f6e2ce309d7084bc496de448b8f62479e4b1630890e7851afd3cecdce9926ce1c7e931fef5c1dfc063 3307 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-windows-386.tar.gz) | 70c7cbcc0337eeb0e31eabf9b2309a82240e17858637c01e24af24830b971ac58aa3b8d6e2628b9eee29a075131c4037b3a18e33cf214ae8ca10b0341e782b2d 3308 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-windows-amd64.tar.gz) | e04d4e605536a1a2aef33e699e22c49649e3bcf1330aae57c511914cbdf6ca5c1c7056a4a2aa7109900b58ef836ccf91572adbeddd274a75d8136cf8300a4e5a 3309 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-windows-arm64.tar.gz) | cbc2075880daae0aed15d665e3bab50311a23616ab6b562bf5873754a83623ae01c8886c588fa36982eca4bc1d6d25f5e9bcaa9384b67dfbe376ed24bf1ba887 3310 3311 ### Server Binaries 3312 3313 filename | sha512 hash 3314 -------- | ----------- 3315 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-server-linux-amd64.tar.gz) | 0feb8e90c5defdb639154f4e5e87e4ec1ad2e3fdd2eb9f667df5e6ea4112fe0ab64d4c194ccb6bba812bdce0b41aed2f04e72b3fd34b08fbca9e92feec26015f 3316 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-server-linux-arm.tar.gz) | e1104e286e710367e3254cd546f31f639c8ce2e1539e6d08a1b41e3af051535bca990922af29e2a9d63f6328bb19630ed7eb945176ff0e9d8c6dea4c1a540f13 3317 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-server-linux-arm64.tar.gz) | d08a78a9791b6797cabd415c7b9a996e1dba5e0eef9e7eab9b09110018091fdec6e5ee7cb692960f5ef0805d3e4181f49507f09ba1ef3dfeb18adb58e09e1820 3318 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-server-linux-ppc64le.tar.gz) | 23116faf8df942c1d7da7ebf02dcc78740a7ede7d9ec72473e0390ab7203cfc3fd4cd5bc65ff818825b924782c7cd9df742e1fad177f862e32b15a1a4d7d0e0c 3319 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-server-linux-s390x.tar.gz) | 4853481452158658c3eecc3107f9c95df408b6ec99d655c6167f66374939d4dc030883376d1777b4420024473ffb7365d3a9c6f652032fb908377aa9648d61d5 3320 3321 ### Node Binaries 3322 3323 filename | sha512 hash 3324 -------- | ----------- 3325 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-node-linux-amd64.tar.gz) | 710ac7c343259319329a63accb4295f81d7ae63a104412c0d909449492c6091038d2ffc677169100da678759db02a9d79c57b340753e8e30fb3e2b5675d21ebb 3326 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-node-linux-arm.tar.gz) | 372ca94ece9ac5ff862abb7fdb6732f23d7f665e1208e38e7aac642bcbeeb95801230872f48012502d1bbe9d7b0e0a22ff7b019a54c0a7e34b0deb153ca3f9ce 3327 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-node-linux-arm64.tar.gz) | de75500809eb3ad7ee2772d0315e3e7aa697c8a1888c6eb57479770f8c92e9778088e0c970127462cc8e7bdd22016c38344cff0854100707e942128c47fa30cf 3328 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-node-linux-ppc64le.tar.gz) | 1b4f54ec0037859a8410bbfecabbbc8de656576d121af35450182e7ec9708bc57cbaaa4fd36d79ddf368ebf74935e6f368365d1a9d0d93ec60982977c9900dca 3329 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-node-linux-s390x.tar.gz) | efbfae7e592c9edb6830dbfafb0e1c4feadaee1d2c7211946789b4aac0f3fd56c3b1abb4f7c30617e8d0e51cef1f1df2b3cc582ecc543351c0918efc8e3fe6e9 3330 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-node-windows-amd64.tar.gz) | 290649bd96432aa9e2042fae7a8412ef7e0b6c16dae9551b9320ced7c5a1c805cf112df1a5ede327e5474cd32ff04f9841eb2e84dec992c24882d5d71c178064 3331 3332 ### Container Images 3333 3334 All container images are available as manifest lists and support the described 3335 architectures. It is also possible to pull a specific architecture directly by 3336 adding the "-$ARCH" suffix to the container image name. 3337 3338 name | architectures 3339 ---- | ------------- 3340 [k8s.gcr.io/conformance:v1.25.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 3341 [k8s.gcr.io/kube-apiserver:v1.25.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 3342 [k8s.gcr.io/kube-controller-manager:v1.25.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 3343 [k8s.gcr.io/kube-proxy:v1.25.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 3344 [k8s.gcr.io/kube-scheduler:v1.25.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 3345 3346 ## Changelog since v1.25.0-alpha.1 3347 3348 ## Changes by Kind 3349 3350 ### API Change 3351 3352 - The Go API for logging configuration in k8s.io/component-base was moved to k8s.io/component-base/logs/api/v1. The configuration file format and command line flags are the same as before. ([#105797](https://github.com/kubernetes/kubernetes/pull/105797), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture, Cluster Lifecycle, Instrumentation, Node, Scheduling and Testing] 3353 - The PodSecurity admission plugin has graduated to GA and is enabled by default. The admission configuration version has been promoted to `pod-security.admission.config.k8s.io/v1`. ([#110459](https://github.com/kubernetes/kubernetes/pull/110459), [@wangyysde](https://github.com/wangyysde)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Storage and Testing] 3354 3355 ### Feature 3356 3357 - Adds KMS v2alpha1 API ([#110201](https://github.com/kubernetes/kubernetes/pull/110201), [@aramase](https://github.com/aramase)) [SIG API Machinery and Auth] 3358 - Feature gate `CSIMigration` is locked to enabled. CSIMigration is GA now. The feature gate will be removed in 1.27 ([#110410](https://github.com/kubernetes/kubernetes/pull/110410), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Apps, Auth, Scheduling, Storage and Testing] 3359 - Kubeadm: the preferred pod anti-affinity for CoreDNS is now enabled by default ([#110593](https://github.com/kubernetes/kubernetes/pull/110593), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 3360 - These changes promote the CSIMigrationPortworx feature gate to Beta ([#110411](https://github.com/kubernetes/kubernetes/pull/110411), [@trierra](https://github.com/trierra)) [SIG Storage] 3361 - Updating base image for Windows pause container images to one built on Windows machines to address limitations of building Windows container images on Linux machines. ([#110379](https://github.com/kubernetes/kubernetes/pull/110379), [@marosset](https://github.com/marosset)) [SIG Windows] 3362 3363 ### Documentation 3364 3365 - EndpointSlices with Pod referencing Nodes that doesn't exist couldn't be created or updated. 3366 The behavior on the EndpointSlice controller has been modified to update the EndpointSlice without the Pods that reference non-existing Nodes, and keep retrying until all Pods reference existing Nodes. 3367 However, if service.Spec.PublishNotReadyAddresses is set, all the Pods are published without retrying. 3368 Fixed EndpointSlices metrics to reflect correctly the number of desired EndpointSlices when no endpoints are present. ([#110639](https://github.com/kubernetes/kubernetes/pull/110639), [@aojea](https://github.com/aojea)) [SIG Apps and Network] 3369 3370 ### Bug or Regression 3371 3372 - Client-go: fixed an error in the fake client when submitting create API requests to subresources like pods/eviction ([#110425](https://github.com/kubernetes/kubernetes/pull/110425), [@LY-today](https://github.com/LY-today)) [SIG API Machinery] 3373 - FibreChannel volume plugin may match the wrong device and wrong associated devicemapper parent.This may cause a disater that pods attach wrong disks. ([#110719](https://github.com/kubernetes/kubernetes/pull/110719), [@xakdwch](https://github.com/xakdwch)) [SIG Storage] 3374 - Fix "dbus: connection closed by user" error after dbus daemon restart. ([#110496](https://github.com/kubernetes/kubernetes/pull/110496), [@kolyshkin](https://github.com/kolyshkin)) [SIG Node] 3375 - Fix a bug that caused the wrong result length when using --chunk-size and --selector together ([#110652](https://github.com/kubernetes/kubernetes/pull/110652), [@Abirdcfly](https://github.com/Abirdcfly)) [SIG API Machinery and Testing] 3376 - Fixes scheduling of cronjobs with @every X schedules. ([#109250](https://github.com/kubernetes/kubernetes/pull/109250), [@d-honeybadger](https://github.com/d-honeybadger)) [SIG Apps] 3377 - Fixing issue on Windows nodes where HostProcess containers may not be created as expected. ([#110140](https://github.com/kubernetes/kubernetes/pull/110140), [@marosset](https://github.com/marosset)) [SIG Node and Windows] 3378 - Kubeadm: handle dup `unix://` prefix in node annotation ([#110656](https://github.com/kubernetes/kubernetes/pull/110656), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] 3379 - Kubelet: add retry of checking Unix domain sockets on Windows nodes for the plugin registration mechanism ([#110075](https://github.com/kubernetes/kubernetes/pull/110075), [@luckerby](https://github.com/luckerby)) [SIG Node and Windows] 3380 - Removed unused flags from kubectl run command ([#110668](https://github.com/kubernetes/kubernetes/pull/110668), [@brianpursley](https://github.com/brianpursley)) [SIG CLI] 3381 - This change picks up the latest GCE pinhole firewall feature, which introduces destination-ranges in the ingress firewall-rules. It restricts the access to the backend IPs via allowing traffic via allowing traffic through ILB or NetLB IP only. This change does NOT change the existing ILB or NetLB behavior. ([#109510](https://github.com/kubernetes/kubernetes/pull/109510), [@sugangli](https://github.com/sugangli)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] 3382 - Volumes are no longer detached from healthy nodes after 6 minutes timeout. 6 minute force-detach timeout is used only for unhealthy nodes (`node.status.conditions["Ready"] != true`). ([#110721](https://github.com/kubernetes/kubernetes/pull/110721), [@jsafrane](https://github.com/jsafrane)) [SIG Apps] 3383 - `kubeadm certs renew` and `kubeadm certs check-expiration` now honor the `cert-dir` on a working kubernetes cluster. ([#110709](https://github.com/kubernetes/kubernetes/pull/110709), [@chendave](https://github.com/chendave)) [SIG Cluster Lifecycle] 3384 3385 ### Other (Cleanup or Flake) 3386 3387 - Improve kubectl run and debug attach problems error ([#110764](https://github.com/kubernetes/kubernetes/pull/110764), [@soltysh](https://github.com/soltysh)) [SIG CLI] 3388 - Kubelet: silence flag output on errors ([#110728](https://github.com/kubernetes/kubernetes/pull/110728), [@howardjohn](https://github.com/howardjohn)) [SIG Node] 3389 - Remove release-1.20 from prom bot due to eol ([#110748](https://github.com/kubernetes/kubernetes/pull/110748), [@cpanato](https://github.com/cpanato)) [SIG Release] 3390 3391 ## Dependencies 3392 3393 ### Added 3394 - github.com/golang/snappy: [v0.0.3](https://github.com/golang/snappy/tree/v0.0.3) 3395 - google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.1.0 3396 3397 ### Changed 3398 - cloud.google.com/go: v0.81.0 → v0.97.0 3399 - github.com/GoogleCloudPlatform/k8s-cloud-provider: [ea6160c → f118173](https://github.com/GoogleCloudPlatform/k8s-cloud-provider/compare/ea6160c...f118173) 3400 - github.com/google/martian/v3: [v3.1.0 → v3.2.1](https://github.com/google/martian/v3/compare/v3.1.0...v3.2.1) 3401 - github.com/googleapis/gax-go/v2: [v2.0.5 → v2.1.1](https://github.com/googleapis/gax-go/v2/compare/v2.0.5...v2.1.1) 3402 - github.com/opencontainers/runc: [v1.1.1 → v1.1.3](https://github.com/opencontainers/runc/compare/v1.1.1...v1.1.3) 3403 - github.com/seccomp/libseccomp-golang: [3879420 → f33da4d](https://github.com/seccomp/libseccomp-golang/compare/3879420...f33da4d) 3404 - google.golang.org/api: v0.46.0 → v0.60.0 3405 - k8s.io/klog/v2: v2.60.1 → v2.70.0 3406 - sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.30 → v0.0.32 3407 3408 ### Removed 3409 - github.com/google/pprof: [cbba55b](https://github.com/google/pprof/tree/cbba55b) 3410 - github.com/ianlancetaylor/demangle: [28f6c0f](https://github.com/ianlancetaylor/demangle/tree/28f6c0f) 3411 - github.com/jstemmer/go-junit-report: [v0.9.1](https://github.com/jstemmer/go-junit-report/tree/v0.9.1) 3412 3413 3414 3415 # v1.25.0-alpha.1 3416 3417 3418 ## Downloads for v1.25.0-alpha.1 3419 3420 3421 3422 ### Source Code 3423 3424 filename | sha512 hash 3425 -------- | ----------- 3426 [kubernetes.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes.tar.gz) | 01aa5755e4d58e2f5e449af62342155e784973f504f831b52aed13fa941075ea06e8fbcadca2445ac570318e7dd9f1042e0447bb74d6042e447dc87dd472b3fc 3427 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-src.tar.gz) | e62170247fb7c50f52274a6e86fde244766cf1cf86bab2913905e9063d03ce5a3882042c755291c766f66b4f4ab630e126d1a9446e31392f77c90a398af57570 3428 3429 ### Client Binaries 3430 3431 filename | sha512 hash 3432 -------- | ----------- 3433 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-darwin-amd64.tar.gz) | bb9408704de0f2adac81031d347cfa229a6aef413102a116193f50bf690eac8443bb97cfe59044a1857f7859b462f98fef5c9b7db52f9895d70d399e0d381f19 3434 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-darwin-arm64.tar.gz) | 0d8aafe99969241019685348bd40c9a5e252110121a9c19c6008874c54c4e6c62eb9470cc55e2eab300bebbaa78696539989a8a23d1e958a222aeabadad9e740 3435 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-linux-386.tar.gz) | 67db15a269e252c8945b40e049137a8e7575128f9890ffb121f8dd72b1a79f55aa92aa9e66d5299ef05dcd30bdf1856878f0373ba8c33c46a161cad696dd1c0a 3436 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-linux-amd64.tar.gz) | 58079330c0ebb41806782a7675bf37e8e6466d37ec50d75466b6a2633918d36326863c55a258f0cec8134f3a3abaaf66ab51be70cdb981499ed6f411d58d04fd 3437 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-linux-arm.tar.gz) | afc3b8b30ee5a4baef2b8bf69603884dc488ecd16ab790cdb94859abcbfee0103aff858f7e5778856a7265c54d1eef9df392b0f10ecd26c929a2fe89dcb292e5 3438 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-linux-arm64.tar.gz) | ef1417a70c0a3a428d966e7711f244a2553d85a330898c461a826082533358e0f4a220fd3ccf9295554a6e284fd89d2ebfc37b30cc69d323bf16ce4b9f5e02a4 3439 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-linux-ppc64le.tar.gz) | 5aec975459b3141f7dbb38c86c86fb89ee75470b77095280d2c4e6f5e9f8a4c3b5ef323cd6e4a4403c90d725276621c2d85e749090ce93648f238f289de83ceb 3440 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-linux-s390x.tar.gz) | 91dbe24885b0fad1bef4c0d60ac4c36ba78669e912ec51f7cfb9d4cc33e6f1ece4ee832a96eedb4d117d7defeaffa539e50b42433caf5145543463deb26146fb 3441 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-windows-386.tar.gz) | b9afed1db794c6df8a325c2831643965a7f4c0633b1a8e73432a08bc21a63f57d98a67115c5d8ede46e8b3ea002c1c2ef7d16d62e53530eb9cff92471f06e840 3442 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-windows-amd64.tar.gz) | 95f80902ecae4fac9aa2ef863c63bef752b2554a2e0b07cebd49db37d0ce06b5aafcad779793852634f92e1f0d6a3da4dec48387a361a4ede3f9bd77ee2b70ff 3443 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-windows-arm64.tar.gz) | dee0a8658117f90c138e4bcc5dcba7bc201dcac3a993806eaeacc4ed1ba4a4b2aed0eed395169f372010bcde1966b5ba60734729247f7dc7610421ebf70746ba 3444 3445 ### Server Binaries 3446 3447 filename | sha512 hash 3448 -------- | ----------- 3449 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-server-linux-amd64.tar.gz) | 144c23ff1718b3635cb227c5bda29e7f57a63dc80b9aa5120046deb8cff44946a7ca1844303f6fcaebe3d9b9c91f41f57ec96cb407862322fb783068819ab917 3450 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-server-linux-arm.tar.gz) | b989cacd95bce88d70a2f17200f5d50e06c66e184bb1ab72ee94e65174a1cb8acbbbfb29dc22e85a0893cae31b903ef93ecc62aa7425d8fcbb35c365b588e72c 3451 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-server-linux-arm64.tar.gz) | 0a2ce7c6f016e52149cbe5df5f35db47fcd0c4de5dd04e8054305e3f6ad4554719d658af7cf6ddb40e8e3420bfbc32bbfc87d9f209a9e59813a17f51c4b0581d 3452 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-server-linux-ppc64le.tar.gz) | 63bb9ec0e88a6560cb9a415ee8d5656e5bfd9f63a8388f7abd960b72b6d58e0ba664f7aef7aaa6d436aafcc595a19766b85b1af9d076cf3985786888bdd8a258 3453 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-server-linux-s390x.tar.gz) | 8f99b8c0133771d0326b7c11ba65009c245f40fe71b1d7737343860e022d4be3c032df8dedf728184d017014c17df93df971622ced800788045fd234b50f36b4 3454 3455 ### Node Binaries 3456 3457 filename | sha512 hash 3458 -------- | ----------- 3459 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-node-linux-amd64.tar.gz) | 02f764c2f83992f0820d0186898da449616c4f6ce8a771990ac1f17e277ae369bfeadd24aa0ce2405c6386ff308556437e4f968401b2ef4fb6f344a0a6e60ebd 3460 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-node-linux-arm.tar.gz) | 6d87f6554d8051be21c268c9d847c1b66cf7785a9cb781b44494f013b9f1afb1018ad2ce54cedb62b33e93517cd630f3168ab63a6b03e7badde70e300bab9a9a 3461 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-node-linux-arm64.tar.gz) | 9d8d34cb09a73db6c3dabd04975fddbf7387db0f0a241c285fb7995c7256fc5ca37285b680f0f978438e5ca92451f163e1e4c90642c82101d415aa40b06afa2f 3462 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-node-linux-ppc64le.tar.gz) | 6c5d27306f65ab4eab19f0b39cadd5adb33a3dc3ef602cf4c1e7afd51ac250dea8fef58f748bdbd651d0d77806442b214d098b8a40910627b8a359e482a2706a 3463 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-node-linux-s390x.tar.gz) | c8d45846d19e8179969f339bfb4cd13c6d952990b30d301bbb345ac17c4ddaab38c22f798986af6ded6aad96e8415c92c86f2f8fb7fe1bda8b0aba6216758112 3464 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-node-windows-amd64.tar.gz) | dd1607634a718d790662420cbaa30af6d7c89b6f9ae64cef5ee224e42c32fe318bf6e1b2180894723fc890c315c4943004dd16c59f94e6daaa09e4435aed1e07 3465 3466 ### Container Images 3467 3468 All container images are available as manifest lists and support the described 3469 architectures. It is also possible to pull a specific architecture directly by 3470 adding the "-$ARCH" suffix to the container image name. 3471 3472 name | architectures 3473 ---- | ------------- 3474 [k8s.gcr.io/conformance:v1.25.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 3475 [k8s.gcr.io/kube-apiserver:v1.25.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 3476 [k8s.gcr.io/kube-controller-manager:v1.25.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 3477 [k8s.gcr.io/kube-proxy:v1.25.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 3478 [k8s.gcr.io/kube-scheduler:v1.25.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 3479 3480 ## Changelog since v1.24.0 3481 3482 ## Urgent Upgrade Notes 3483 3484 ### (No, really, you MUST read this before you upgrade) 3485 3486 - Deprecated beta APIs scheduled for removal in 1.25 are no longer served. See https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-25 for more information. ([#108797](https://github.com/kubernetes/kubernetes/pull/108797), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Instrumentation and Testing] 3487 - No action required; No API/CLI changed; Add new Windows Image Support ([#110333](https://github.com/kubernetes/kubernetes/pull/110333), [@liurupeng](https://github.com/liurupeng)) [SIG Cloud Provider and Windows] 3488 - There is a new OCI image registry (registry.k8s.io) that can be used to pull kubernetes images. The old registry (k8s.gcr.io) will continue to be supported for the foreseeable future, but the new name should perform better because it frontends equivalent mirrors in other clouds. Please point your clusters to the new registry going forward. 3489 3490 Admission/Policy integrations that have an allowlist of registries need to include "registry.k8s.io" alongside "k8s.gcr.io". 3491 Air-gapped environments and image garbage-collection configurations will need to update to pre-pull and preserve required images under "registry.k8s.io" as well as "k8s.gcr.io". ([#109938](https://github.com/kubernetes/kubernetes/pull/109938), [@dims](https://github.com/dims)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, K8s Infra, Node, Release, Scalability, Storage and Testing] 3492 3493 ## Changes by Kind 3494 3495 ### Deprecation 3496 3497 - Kube-controller-manager: 'deleting-pods-qps' 'deleting-pods-burst' 'register-retry-count' flags are removed. ([#109612](https://github.com/kubernetes/kubernetes/pull/109612), [@pandaamanda](https://github.com/pandaamanda)) [SIG API Machinery] 3498 - Kubeadm: during "upgrade apply/diff/node", in case the "ClusterConfiguration.imageRepository" stored in the "kubeadm-config" ConfigMap contains the legacy "k8s.gcr.io" repository, modify it to the new default "registry.k8s.io". Reflect the change in the in-cluster ConfigMap only during "upgrade apply". ([#110343](https://github.com/kubernetes/kubernetes/pull/110343), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] 3499 - Kubeadm: graduate the kubeadm specific feature gate UnversionedKubeletConfigMap to GA and lock it to "true" by default. The kubelet related ConfigMap and RBAC rules are now locked to have a simplified naming "*kubelet-config" instead of the legacy naming "*kubelet-config-x.yy", where "x.yy" was the version of the control plane. If you have previously used the old naming format with UnversionedKubeletConfigMap=false, you must manually copy the config map from kube-system/kubelet-config-x.yy to kube-system/kubelet-config before upgrading to 1.25. ([#110327](https://github.com/kubernetes/kubernetes/pull/110327), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Testing] 3500 - Kubeadm: stop applying the "node-role.kubernetes.io/master:NoSchedule" taint to control plane nodes for new clusters. Remove the taint from existing control plane nodes during "kubeadm upgrade apply" ([#110095](https://github.com/kubernetes/kubernetes/pull/110095), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Testing] 3501 - The `gcp` and `azure` auth plugins have been removed from client-go and kubectl. See https://github.com/Azure/kubelogin and https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke for details about the cloud-specific replacements. ([#110013](https://github.com/kubernetes/kubernetes/pull/110013), [@enj](https://github.com/enj)) [SIG API Machinery and Auth] 3502 - The beta `PodSecurityPolicy` admission plugin, deprecated since 1.21, is removed. Follow the instructions at https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/ to migrate to the built-in PodSecurity admission plugin (or to another third-party policy webhook) prior to upgrading to v1.25. ([#109798](https://github.com/kubernetes/kubernetes/pull/109798), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Apps, Auth, Cloud Provider, Instrumentation, Node, Security, Storage and Testing] 3503 3504 ### API Change 3505 3506 - Introduce NodeInclusionPolicies to specify nodeAffinity/nodeTaint strategy when calculating pod topology spread skew. ([#108492](https://github.com/kubernetes/kubernetes/pull/108492), [@kerthcet](https://github.com/kerthcet)) [SIG API Machinery, Apps, Scheduling and Testing] 3507 - The `metadata.clusterName` field is completely removed. This should not have any user-visible impact. ([#109602](https://github.com/kubernetes/kubernetes/pull/109602), [@lavalamp](https://github.com/lavalamp)) [SIG API Machinery, Apps, Auth and Testing] 3508 - This release add support for NodeExpandSecret for CSI driver client which enables the CSI drivers to make use of this secret while performing node expansion operation based on the user request. Previously there was no secret provided as part of the nodeexpansion call, thus CSI drivers were not make use of the same while expanding the volume at node side. ([#105963](https://github.com/kubernetes/kubernetes/pull/105963), [@zhucan](https://github.com/zhucan)) [SIG API Machinery, Apps and Storage] 3509 3510 ### Feature 3511 3512 - Added sum feature to `kubectl top pod` ([#105100](https://github.com/kubernetes/kubernetes/pull/105100), [@lauchokyip](https://github.com/lauchokyip)) [SIG CLI] 3513 - Adds the `Apply` and `ApplyStatus` methods to the dynamic `ResourceInterface` ([#109443](https://github.com/kubernetes/kubernetes/pull/109443), [@kevindelgado](https://github.com/kevindelgado)) [SIG API Machinery and Testing] 3514 - Graduate ServiceIPStaticSubrange feature to beta (disabled by default) ([#110419](https://github.com/kubernetes/kubernetes/pull/110419), [@aojea](https://github.com/aojea)) [SIG Network] 3515 - Kube-up now includes CoreDNS version v1.9.3 ([#110488](https://github.com/kubernetes/kubernetes/pull/110488), [@mzaian](https://github.com/mzaian)) [SIG Cloud Provider] 3516 - Kubeadm: Added support for additional authentication strategies in `kubeadm join` with discovery/kubeconfig file: client-go authentication plugins (`exec`), `tokenFile`, and `authProvider` ([#110553](https://github.com/kubernetes/kubernetes/pull/110553), [@tallaxes](https://github.com/tallaxes)) [SIG Cluster Lifecycle] 3517 - Kubeadm: add support for the flag "--print-manifest" to the addon phases "kube-proxy" and "coredns" of "kubeadm init phase addon". If this flag is used kubeadm will not apply a given addon and instead print to the terminal the API objects that will be applied. ([#109995](https://github.com/kubernetes/kubernetes/pull/109995), [@wangyysde](https://github.com/wangyysde)) [SIG Cluster Lifecycle] 3518 - Kubeadm: enhance the "patches" functionality to be able to patch kubelet config files containing v1beta1.KubeletConfiguration. The new patch target is called "kubeletconfiguration" (e.g. patch file "kubeletconfiguration+json.json"). This makes it possible to apply node specific KubeletConfiguration options during "init", "join" and "upgrade", while the main KubeletConfiguration that is passed to "init" as part of the "--config" file can still act as the global / stored in the cluster KubeletConfiguration. ([#110405](https://github.com/kubernetes/kubernetes/pull/110405), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Testing] 3519 - Kubeadm: modify the etcd static Pod liveness and readyness probes to use a new etcd 3.5.3+ HTTP(s) health check endpoint "/health?serializable=true" that allows to track the health of individual etcd members and not fail all members if a single member is not healthy in the etcd cluster. ([#110072](https://github.com/kubernetes/kubernetes/pull/110072), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] 3520 - Kubeadm: support experimental JSON/YAML output for "kubeadm upgrade plan" with the "--output" flag ([#108447](https://github.com/kubernetes/kubernetes/pull/108447), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] 3521 - Kubeadm: update CoreDNS to v1.9.3. ([#110489](https://github.com/kubernetes/kubernetes/pull/110489), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] 3522 - Kubectl: support multiple resources for kubectl rollout status ([#108777](https://github.com/kubernetes/kubernetes/pull/108777), [@pjo256](https://github.com/pjo256)) [SIG CLI and Testing] 3523 - Kubernetes is now built with Golang 1.18.2 ([#110043](https://github.com/kubernetes/kubernetes/pull/110043), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 3524 - Kubernetes is now built with Golang 1.18.3 ([#110421](https://github.com/kubernetes/kubernetes/pull/110421), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 3525 - Lock CSIMigrationAzureDisk feature gate to default ([#110491](https://github.com/kubernetes/kubernetes/pull/110491), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] 3526 - MaxUnavailable for StatefulSets, allows faster RollingUpdate by taking down more than 1 pod at a time. The number of pods you want to take down during a RollingUpdate is configurable using maxUnavailable parameter. ([#109251](https://github.com/kubernetes/kubernetes/pull/109251), [@krmayankk](https://github.com/krmayankk)) [SIG Apps and CLI] 3527 - Return a warning when applying a pod-security.kubernetes.io label to a PodSecurity-exempted namespace. 3528 Stop including the pod-security.kubernetes.io/exempt=namespace audit annotation on namespace requests. ([#109680](https://github.com/kubernetes/kubernetes/pull/109680), [@tallclair](https://github.com/tallclair)) [SIG Auth] 3529 - TopologySpreadConstraints will be shown in describe command for pods, deployments, daemonsets, etc. ([#109563](https://github.com/kubernetes/kubernetes/pull/109563), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI] 3530 - Updat debian-base, debian-iptables, and setcap images: 3531 - debian-base:bullseye-v1.3.0 3532 - debian-iptables:bullseye-v1.4.0 3533 - setcap:bullseye-v1.3.0 ([#110558](https://github.com/kubernetes/kubernetes/pull/110558), [@wespanther](https://github.com/wespanther)) [SIG Architecture, Release and Testing] 3534 - When using the OpenStack legacy cloud provider, kubelet and KCM will ignore unknown configuration directives rather than failing to start. ([#109709](https://github.com/kubernetes/kubernetes/pull/109709), [@mdbooth](https://github.com/mdbooth)) [SIG Cloud Provider] 3535 3536 ### Failing Test 3537 3538 - E2e tests: the e2e image, agnhost:2.38, has a bug and it hangs instead of exiting if a SIGTERM signal is received and the shutdown-delay option is 0` ([#110214](https://github.com/kubernetes/kubernetes/pull/110214), [@aojea](https://github.com/aojea)) [SIG Testing] 3539 3540 ### Bug or Regression 3541 3542 - Allow expansion of ephemeral volumes ([#109987](https://github.com/kubernetes/kubernetes/pull/109987), [@gnufied](https://github.com/gnufied)) [SIG Node and Storage] 3543 - Apiserver: fix audit of loading more than one webhooks ([#110145](https://github.com/kubernetes/kubernetes/pull/110145), [@sxllwx](https://github.com/sxllwx)) [SIG API Machinery and Auth] 3544 - Do not raise an error when setting a label with the same value, just ignore it. ([#105936](https://github.com/kubernetes/kubernetes/pull/105936), [@zigarn](https://github.com/zigarn)) [SIG CLI] 3545 - EndpointSlices marked for deletion are now ignored during reconciliation. ([#109624](https://github.com/kubernetes/kubernetes/pull/109624), [@aryan9600](https://github.com/aryan9600)) [SIG Apps and Network] 3546 - Etcd: Update to v3.5.4 ([#110033](https://github.com/kubernetes/kubernetes/pull/110033), [@mk46](https://github.com/mk46)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing] 3547 - Fix JobTrackingWithFinalizers that: 3548 - was declaring a job finished before counting all the created pods in the status 3549 - was leaving pods with finalizers, blocking pod and job deletions 3550 3551 JobTrackingWithFinalizers is still disabled by default. ([#109486](https://github.com/kubernetes/kubernetes/pull/109486), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing] 3552 - Fix a bug where CRI implementations that use cAdvisor stats provider (CRI-O) don't evict pods when their logs exceed ephemeral storage limit. ([#108115](https://github.com/kubernetes/kubernetes/pull/108115), [@haircommander](https://github.com/haircommander)) [SIG Node] 3553 - Fix a bug where CSI migration doesn't count inline volumes for attach limit. ([#107787](https://github.com/kubernetes/kubernetes/pull/107787), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Scheduling and Storage] 3554 - Fix a bug where metrics are not recorded during Preemption(PostFilter). ([#108727](https://github.com/kubernetes/kubernetes/pull/108727), [@sanposhiho](https://github.com/sanposhiho)) [SIG Scheduling] 3555 - Fix a data race in authentication between AuthenticatedGroupAdder and cached token authenticator. ([#109969](https://github.com/kubernetes/kubernetes/pull/109969), [@sttts](https://github.com/sttts)) [SIG API Machinery and Auth] 3556 - Fix bug that prevented informer/reflector callers from unwrapping and catching specific API errors by type. ([#110076](https://github.com/kubernetes/kubernetes/pull/110076), [@karlkfi](https://github.com/karlkfi)) [SIG API Machinery] 3557 - Fix bug that prevented the job controller from enforcing activeDeadlineSeconds when set ([#110294](https://github.com/kubernetes/kubernetes/pull/110294), [@harshanarayana](https://github.com/harshanarayana)) [SIG Apps and Scheduling] 3558 - Fix for volume reconstruction of CSI ephemeral volumes ([#108997](https://github.com/kubernetes/kubernetes/pull/108997), [@dobsonj](https://github.com/dobsonj)) [SIG Node, Storage and Testing] 3559 - Fix image pulling failure when IMDS is unavailable in kubelet startup ([#110523](https://github.com/kubernetes/kubernetes/pull/110523), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] 3560 - Fix incorrectly report scope for request_duration_seconds and request_slo_duration_seconds metrics for POST custom resources API calls. ([#110009](https://github.com/kubernetes/kubernetes/pull/110009), [@azylinski](https://github.com/azylinski)) [SIG Instrumentation] 3561 - Fix printing resources with int64 fields ([#110408](https://github.com/kubernetes/kubernetes/pull/110408), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] 3562 - Fix spurious kube-apiserver log warnings related to openapi v3 merging when creating or modifying CustomResourceDefinition objects ([#109880](https://github.com/kubernetes/kubernetes/pull/109880), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery and Testing] 3563 - Fix the bug that a ServiceIPStaticSubrange enabled cluster assigns duplicate IP addresses when the dynamic block is exhausted. ([#109928](https://github.com/kubernetes/kubernetes/pull/109928), [@tksm](https://github.com/tksm)) [SIG Network] 3564 - Fix the bug that the metrics for the cluster IP allocator are incorrectly reported. ([#110027](https://github.com/kubernetes/kubernetes/pull/110027), [@tksm](https://github.com/tksm)) [SIG Instrumentation] 3565 - Fixed a kubelet issue that could result in invalid pod status updates to be sent to the api-server where pods would be reported in a terminal phase but also report a ready condition of true in some cases. ([#110256](https://github.com/kubernetes/kubernetes/pull/110256), [@bobbypage](https://github.com/bobbypage)) [SIG Node and Testing] 3566 - Fixed a long-standing but very obscure bug involving Services of type LoadBalancer with multiple IPs and a LoadBalancerSourceRanges that overlaps the node IP. ([#109826](https://github.com/kubernetes/kubernetes/pull/109826), [@danwinship](https://github.com/danwinship)) [SIG Network] 3567 - Fixes strict server-side field validation treating metadata fields as unknown fields ([#109268](https://github.com/kubernetes/kubernetes/pull/109268), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing] 3568 - Kube-apiserver: Get, GetList and Watch requests that should be served by the apiserver cacher during shutdown will be rejected to avoid a deadlock situation leaving requests hanging. ([#108414](https://github.com/kubernetes/kubernetes/pull/108414), [@aojea](https://github.com/aojea)) [SIG API Machinery] 3569 - Kubeadm: only taint control plane nodes when the legacy "master" taint is present. This avoids a bug where "kubeadm upgrade" will re-taint a control plane node with the new "control plane" taint even if the user explicitly untainted the node. ([#109840](https://github.com/kubernetes/kubernetes/pull/109840), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] 3570 - Kubeadm: pass the host OS environment variables when executing "crictl" during image pulls. This fixes a bug where *PROXY environment variables did not affect crictl's internet connectivity. ([#110134](https://github.com/kubernetes/kubernetes/pull/110134), [@mk46](https://github.com/mk46)) [SIG Cluster Lifecycle] 3571 - Kubelet: wait for node allocatable ephemeral-storage data ([#101882](https://github.com/kubernetes/kubernetes/pull/101882), [@jackfrancis](https://github.com/jackfrancis)) [SIG Node and Storage] 3572 - Kubernetes now correctly handles "search ." in the host's resolv.conf file by preserving the "." entry in the "resolv.conf" that the kubelet writes to pods. ([#109441](https://github.com/kubernetes/kubernetes/pull/109441), [@Miciah](https://github.com/Miciah)) [SIG Network and Node] 3573 - ManagedFields time is correctly updated when the value of a managed field is modified. ([#110058](https://github.com/kubernetes/kubernetes/pull/110058), [@glebiller](https://github.com/glebiller)) [SIG API Machinery] 3574 - Manual change of a failed job condition status to False does not result in duplicate conditions ([#110292](https://github.com/kubernetes/kubernetes/pull/110292), [@mimowo](https://github.com/mimowo)) [SIG Apps] 3575 - OpenAPI will no longer duplicate these schemas: 3576 - io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions_v2 3577 - io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2 3578 - io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference_v2 3579 - io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails_v2 3580 - io.k8s.apimachinery.pkg.apis.meta.v1.Status_v2 ([#110179](https://github.com/kubernetes/kubernetes/pull/110179), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery and Testing] 3581 - Panics while calling validating admission webhook are caught and honor the fail open or fail closed setting. ([#108746](https://github.com/kubernetes/kubernetes/pull/108746), [@deads2k](https://github.com/deads2k)) [SIG API Machinery] 3582 - Pods will now post their readiness during termination. ([#110191](https://github.com/kubernetes/kubernetes/pull/110191), [@rphillips](https://github.com/rphillips)) [SIG Network, Node and Testing] 3583 - Reduced time taken to sync proxy rules on Windows kube-proxy with kernelspace mode ([#109124](https://github.com/kubernetes/kubernetes/pull/109124), [@daschott](https://github.com/daschott)) [SIG Network, Release and Windows] 3584 - The kube-proxy `sync_proxy_rules_no_endpoints_total` metric now only counts local-traffic-policy services which have remote endpoints but not local endpoints. ([#109782](https://github.com/kubernetes/kubernetes/pull/109782), [@danwinship](https://github.com/danwinship)) [SIG Network] 3585 - The pod phase lifecycle guarantees that terminal Pods, those whose states are Unready or Succeeded, can not regress and will have all container stopped. Hence, terminal Pods will never be reachable and should not publish their IP addresses on the Endpoints or EndpointSlices, independently of the Service TolerateUnready option. ([#110255](https://github.com/kubernetes/kubernetes/pull/110255), [@robscott](https://github.com/robscott)) [SIG Apps, Network, Node and Testing] 3586 - Upgrade Azure/go-autorest/autorest to v0.11.27 ([#110371](https://github.com/kubernetes/kubernetes/pull/110371), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider] 3587 3588 ### Other (Cleanup or Flake) 3589 3590 - Add missing powershell option to kubectl completion command short description ([#109773](https://github.com/kubernetes/kubernetes/pull/109773), [@danielhelfand](https://github.com/danielhelfand)) [SIG CLI] 3591 - Apimachinery/clock: This deletes the apimachinery/clock package. Please use k8s.io/utils/clock instead. ([#109752](https://github.com/kubernetes/kubernetes/pull/109752), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) [SIG API Machinery] 3592 - Apiserver_longrunning_gauge is removed from the codebase. Please use apiserver_longrunning_requests instead. ([#110310](https://github.com/kubernetes/kubernetes/pull/110310), [@logicalhan](https://github.com/logicalhan)) [SIG API Machinery and Instrumentation] 3593 - Feature gates that graduated to GA in 1.23 or earlier and were unconditionally enabled have been removed: CSIServiceAccountToken, ConfigurableFSGroupPolicy, EndpointSlice, EndpointSliceNodeName, EndpointSliceProxying, GenericEphemeralVolume, IPv6DualStack, IngressClassNamespacedParams, StorageObjectInUseProtection, TTLAfterFinished, VolumeSubpath, WindowsEndpointSliceProxying ([#109435](https://github.com/kubernetes/kubernetes/pull/109435), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture and Cloud Provider] 3594 - For resources built into an apiserver, the server now logs at `-v=3` whether it is using watch caching. ([#109175](https://github.com/kubernetes/kubernetes/pull/109175), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery] 3595 - Honor the framework delete timeout for pv ([#109764](https://github.com/kubernetes/kubernetes/pull/109764), [@saikat-royc](https://github.com/saikat-royc)) [SIG Storage and Testing] 3596 - Kube-controller-manager's deprecated `--experimental-cluster-signing-duration` flag is now removed. Adapt your machinery to use the `--cluster-signing-duration` flag that is available since v1.19. ([#108476](https://github.com/kubernetes/kubernetes/pull/108476), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Auth] 3597 - Kubeadm: perform additional dockershim cleanup. Treat all container runtimes as remote by using the flag "--container-runtime=remote", given dockershim was removed in 1.24 and given kubeadm 1.25 supports a kubelet version of 1.24 and 1.25. The flag "--network-plugin" will no longer be used for new clusters. Stop cleaning up the following dockershim related directories on "kubeadm reset": "/var/lib/dockershim", "/var/runkubernetes", "/var/lib/cni" ([#110022](https://github.com/kubernetes/kubernetes/pull/110022), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] 3598 - Kubelet's deprecated `--experimental-kernel-memcg-notification` flag is now removed. Use `--kernel-memcg-notification` instead. ([#109388](https://github.com/kubernetes/kubernetes/pull/109388), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Node] 3599 - Kubernetes binaries are now built in module mode instead of GOPATH mode ([#109464](https://github.com/kubernetes/kubernetes/pull/109464), [@liggitt](https://github.com/liggitt)) [SIG Architecture, Node and Testing] 3600 - Remove deprecated kubectl.kubernetes.io/default-logs-container support ([#109254](https://github.com/kubernetes/kubernetes/pull/109254), [@pacoxu](https://github.com/pacoxu)) [SIG CLI] 3601 - Rename apiserver_watch_cache_watch_cache_initializations_total to apiserver_watch_cache_initializations_total ([#109579](https://github.com/kubernetes/kubernetes/pull/109579), [@logicalhan](https://github.com/logicalhan)) [SIG API Machinery and Instrumentation] 3602 - TBD ([#109277](https://github.com/kubernetes/kubernetes/pull/109277), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG Architecture and Instrumentation] 3603 - Updated cri-tools to [v1.24.2(https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2) ([#109813](https://github.com/kubernetes/kubernetes/pull/109813), [@saschagrunert](https://github.com/saschagrunert)) [SIG Cloud Provider, Node and Release] 3604 - `apiserver_dropped_requests` is dropped from this release since `apiserver_request_total` can now be used to track dropped requests. `etcd_object_counts` is also removed in favor of `apiserver_storage_objects`. `apiserver_registered_watchers` is also removed in favor of `apiserver_longrunning_requests`. ([#110337](https://github.com/kubernetes/kubernetes/pull/110337), [@logicalhan](https://github.com/logicalhan)) [SIG API Machinery and Instrumentation] 3605 3606 ## Dependencies 3607 3608 ### Added 3609 - github.com/emicklei/go-restful/v3: [v3.8.0](https://github.com/emicklei/go-restful/v3/tree/v3.8.0) 3610 - github.com/golang-jwt/jwt/v4: [v4.2.0](https://github.com/golang-jwt/jwt/v4/tree/v4.2.0) 3611 - github.com/golangplus/bytes: [v1.0.0](https://github.com/golangplus/bytes/tree/v1.0.0) 3612 - github.com/golangplus/fmt: [v1.0.0](https://github.com/golangplus/fmt/tree/v1.0.0) 3613 3614 ### Changed 3615 - bitbucket.org/bertimus9/systemstat: 0eeff89 → v0.5.0 3616 - github.com/Azure/go-autorest/autorest/adal: [v0.9.13 → v0.9.20](https://github.com/Azure/go-autorest/autorest/adal/compare/v0.9.13...v0.9.20) 3617 - github.com/Azure/go-autorest/autorest/mocks: [v0.4.1 → v0.4.2](https://github.com/Azure/go-autorest/autorest/mocks/compare/v0.4.1...v0.4.2) 3618 - github.com/Azure/go-autorest/autorest: [v0.11.18 → v0.11.27](https://github.com/Azure/go-autorest/autorest/compare/v0.11.18...v0.11.27) 3619 - github.com/MakeNowJust/heredoc: [bb23615 → v1.0.0](https://github.com/MakeNowJust/heredoc/compare/bb23615...v1.0.0) 3620 - github.com/antlr/antlr4/runtime/Go/antlr: [b48c857 → ad29539](https://github.com/antlr/antlr4/runtime/Go/antlr/compare/b48c857...ad29539) 3621 - github.com/chai2010/gettext-go: [c6fed77 → v1.0.2](https://github.com/chai2010/gettext-go/compare/c6fed77...v1.0.2) 3622 - github.com/cncf/udpa/go: [5459f2c → 04548b0](https://github.com/cncf/udpa/go/compare/5459f2c...04548b0) 3623 - github.com/cncf/xds/go: [fbca930 → cb28da3](https://github.com/cncf/xds/go/compare/fbca930...cb28da3) 3624 - github.com/container-storage-interface/spec: [v1.5.0 → v1.6.0](https://github.com/container-storage-interface/spec/compare/v1.5.0...v1.6.0) 3625 - github.com/coredns/corefile-migration: [v1.0.14 → v1.0.17](https://github.com/coredns/corefile-migration/compare/v1.0.14...v1.0.17) 3626 - github.com/daviddengcn/go-colortext: [511bcaf → v1.0.0](https://github.com/daviddengcn/go-colortext/compare/511bcaf...v1.0.0) 3627 - github.com/envoyproxy/go-control-plane: [63b5d3c → 49ff273](https://github.com/envoyproxy/go-control-plane/compare/63b5d3c...49ff273) 3628 - github.com/go-logr/logr: [v1.2.0 → v1.2.3](https://github.com/go-logr/logr/compare/v1.2.0...v1.2.3) 3629 - github.com/go-logr/zapr: [v1.2.0 → v1.2.3](https://github.com/go-logr/zapr/compare/v1.2.0...v1.2.3) 3630 - github.com/golangplus/testing: [af21d9c → v1.0.0](https://github.com/golangplus/testing/compare/af21d9c...v1.0.0) 3631 - github.com/google/cel-go: [v0.10.1 → v0.11.2](https://github.com/google/cel-go/compare/v0.10.1...v0.11.2) 3632 - github.com/google/go-cmp: [v0.5.5 → v0.5.6](https://github.com/google/go-cmp/compare/v0.5.5...v0.5.6) 3633 - github.com/pquerna/cachecontrol: [0dec1b3 → v0.1.0](https://github.com/pquerna/cachecontrol/compare/0dec1b3...v0.1.0) 3634 - go.etcd.io/etcd/api/v3: v3.5.1 → v3.5.4 3635 - go.etcd.io/etcd/client/pkg/v3: v3.5.1 → v3.5.4 3636 - go.etcd.io/etcd/client/v2: v2.305.0 → v2.305.4 3637 - go.etcd.io/etcd/client/v3: v3.5.1 → v3.5.4 3638 - go.etcd.io/etcd/pkg/v3: v3.5.0 → v3.5.4 3639 - go.etcd.io/etcd/raft/v3: v3.5.0 → v3.5.4 3640 - go.etcd.io/etcd/server/v3: v3.5.0 → v3.5.4 3641 - golang.org/x/crypto: 8634188 → 3147a52 3642 - google.golang.org/genproto: 42d7afd → 1973136 3643 - google.golang.org/grpc: v1.40.0 → v1.47.0 3644 - gopkg.in/yaml.v3: 496545a → v3.0.1 3645 - k8s.io/kube-openapi: 3ee0da9 → 31174f5 3646 3647 ### Removed 3648 - github.com/OneOfOne/xxhash: [v1.2.2](https://github.com/OneOfOne/xxhash/tree/v1.2.2) 3649 - github.com/cespare/xxhash: [v1.1.0](https://github.com/cespare/xxhash/tree/v1.1.0) 3650 - github.com/emicklei/go-restful: [v2.9.5+incompatible](https://github.com/emicklei/go-restful/tree/v2.9.5) 3651 - github.com/google/cel-spec: [v0.6.0](https://github.com/google/cel-spec/tree/v0.6.0) 3652 - github.com/spaolacci/murmur3: [f09979e](https://github.com/spaolacci/murmur3/tree/f09979e)