k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/CHANGELOG/CHANGELOG-1.27.md (about) 1 <!-- BEGIN MUNGE: GENERATED_TOC --> 2 3 - [v1.27.14](#v12714) 4 - [Downloads for v1.27.14](#downloads-for-v12714) 5 - [Source Code](#source-code) 6 - [Client Binaries](#client-binaries) 7 - [Server Binaries](#server-binaries) 8 - [Node Binaries](#node-binaries) 9 - [Container Images](#container-images) 10 - [Changelog since v1.27.13](#changelog-since-v12713) 11 - [Changes by Kind](#changes-by-kind) 12 - [Bug or Regression](#bug-or-regression) 13 - [Dependencies](#dependencies) 14 - [Added](#added) 15 - [Changed](#changed) 16 - [Removed](#removed) 17 - [v1.27.13](#v12713) 18 - [Downloads for v1.27.13](#downloads-for-v12713) 19 - [Source Code](#source-code-1) 20 - [Client Binaries](#client-binaries-1) 21 - [Server Binaries](#server-binaries-1) 22 - [Node Binaries](#node-binaries-1) 23 - [Container Images](#container-images-1) 24 - [Changelog since v1.27.12](#changelog-since-v12712) 25 - [Important Security Information](#important-security-information) 26 - [CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2024-3177-bypassing-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin) 27 - [Changes by Kind](#changes-by-kind-1) 28 - [Feature](#feature) 29 - [Bug or Regression](#bug-or-regression-1) 30 - [Dependencies](#dependencies-1) 31 - [Added](#added-1) 32 - [Changed](#changed-1) 33 - [Removed](#removed-1) 34 - [v1.27.12](#v12712) 35 - [Downloads for v1.27.12](#downloads-for-v12712) 36 - [Source Code](#source-code-2) 37 - [Client Binaries](#client-binaries-2) 38 - [Server Binaries](#server-binaries-2) 39 - [Node Binaries](#node-binaries-2) 40 - [Container Images](#container-images-2) 41 - [Changelog since v1.27.11](#changelog-since-v12711) 42 - [Changes by Kind](#changes-by-kind-2) 43 - [Feature](#feature-1) 44 - [Bug or Regression](#bug-or-regression-2) 45 - [Other (Cleanup or Flake)](#other-cleanup-or-flake) 46 - [Dependencies](#dependencies-2) 47 - [Added](#added-2) 48 - [Changed](#changed-2) 49 - [Removed](#removed-2) 50 - [v1.27.11](#v12711) 51 - [Downloads for v1.27.11](#downloads-for-v12711) 52 - [Source Code](#source-code-3) 53 - [Client Binaries](#client-binaries-3) 54 - [Server Binaries](#server-binaries-3) 55 - [Node Binaries](#node-binaries-3) 56 - [Container Images](#container-images-3) 57 - [Changelog since v1.27.10](#changelog-since-v12710) 58 - [Changes by Kind](#changes-by-kind-3) 59 - [Feature](#feature-2) 60 - [Bug or Regression](#bug-or-regression-3) 61 - [Dependencies](#dependencies-3) 62 - [Added](#added-3) 63 - [Changed](#changed-3) 64 - [Removed](#removed-3) 65 - [v1.27.10](#v12710) 66 - [Downloads for v1.27.10](#downloads-for-v12710) 67 - [Source Code](#source-code-4) 68 - [Client Binaries](#client-binaries-4) 69 - [Server Binaries](#server-binaries-4) 70 - [Node Binaries](#node-binaries-4) 71 - [Container Images](#container-images-4) 72 - [Changelog since v1.27.9](#changelog-since-v1279) 73 - [Changes by Kind](#changes-by-kind-4) 74 - [Feature](#feature-3) 75 - [Bug or Regression](#bug-or-regression-4) 76 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1) 77 - [Dependencies](#dependencies-4) 78 - [Added](#added-4) 79 - [Changed](#changed-4) 80 - [Removed](#removed-4) 81 - [v1.27.9](#v1279) 82 - [Downloads for v1.27.9](#downloads-for-v1279) 83 - [Source Code](#source-code-5) 84 - [Client Binaries](#client-binaries-5) 85 - [Server Binaries](#server-binaries-5) 86 - [Node Binaries](#node-binaries-5) 87 - [Container Images](#container-images-5) 88 - [Changelog since v1.27.8](#changelog-since-v1278) 89 - [Changes by Kind](#changes-by-kind-5) 90 - [Feature](#feature-4) 91 - [Bug or Regression](#bug-or-regression-5) 92 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2) 93 - [Dependencies](#dependencies-5) 94 - [Added](#added-5) 95 - [Changed](#changed-5) 96 - [Removed](#removed-5) 97 - [v1.27.8](#v1278) 98 - [Downloads for v1.27.8](#downloads-for-v1278) 99 - [Source Code](#source-code-6) 100 - [Client Binaries](#client-binaries-6) 101 - [Server Binaries](#server-binaries-6) 102 - [Node Binaries](#node-binaries-6) 103 - [Container Images](#container-images-6) 104 - [Changelog since v1.27.7](#changelog-since-v1277) 105 - [Important Security Information](#important-security-information-1) 106 - [CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes](#cve-2023-5528-insufficient-input-sanitization-in-in-tree-storage-plugin-leads-to-privilege-escalation-on-windows-nodes) 107 - [Changes by Kind](#changes-by-kind-6) 108 - [API Change](#api-change) 109 - [Feature](#feature-5) 110 - [Bug or Regression](#bug-or-regression-6) 111 - [Dependencies](#dependencies-6) 112 - [Added](#added-6) 113 - [Changed](#changed-6) 114 - [Removed](#removed-6) 115 - [v1.27.7](#v1277) 116 - [Downloads for v1.27.7](#downloads-for-v1277) 117 - [Source Code](#source-code-7) 118 - [Client Binaries](#client-binaries-7) 119 - [Server Binaries](#server-binaries-7) 120 - [Node Binaries](#node-binaries-7) 121 - [Container Images](#container-images-7) 122 - [Changelog since v1.27.6](#changelog-since-v1276) 123 - [Changes by Kind](#changes-by-kind-7) 124 - [Feature](#feature-6) 125 - [Failing Test](#failing-test) 126 - [Bug or Regression](#bug-or-regression-7) 127 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3) 128 - [Dependencies](#dependencies-7) 129 - [Added](#added-7) 130 - [Changed](#changed-7) 131 - [Removed](#removed-7) 132 - [v1.27.6](#v1276) 133 - [Downloads for v1.27.6](#downloads-for-v1276) 134 - [Source Code](#source-code-8) 135 - [Client Binaries](#client-binaries-8) 136 - [Server Binaries](#server-binaries-8) 137 - [Node Binaries](#node-binaries-8) 138 - [Container Images](#container-images-8) 139 - [Changelog since v1.27.5](#changelog-since-v1275) 140 - [Changes by Kind](#changes-by-kind-8) 141 - [API Change](#api-change-1) 142 - [Feature](#feature-7) 143 - [Bug or Regression](#bug-or-regression-8) 144 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4) 145 - [Dependencies](#dependencies-8) 146 - [Added](#added-8) 147 - [Changed](#changed-8) 148 - [Removed](#removed-8) 149 - [v1.27.5](#v1275) 150 - [Downloads for v1.27.5](#downloads-for-v1275) 151 - [Source Code](#source-code-9) 152 - [Client Binaries](#client-binaries-9) 153 - [Server Binaries](#server-binaries-9) 154 - [Node Binaries](#node-binaries-9) 155 - [Container Images](#container-images-9) 156 - [Changelog since v1.27.4](#changelog-since-v1274) 157 - [Important Security Information](#important-security-information-2) 158 - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation) 159 - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation) 160 - [Changes by Kind](#changes-by-kind-9) 161 - [API Change](#api-change-2) 162 - [Feature](#feature-8) 163 - [Bug or Regression](#bug-or-regression-9) 164 - [Dependencies](#dependencies-9) 165 - [Added](#added-9) 166 - [Changed](#changed-9) 167 - [Removed](#removed-9) 168 - [v1.27.4](#v1274) 169 - [Downloads for v1.27.4](#downloads-for-v1274) 170 - [Source Code](#source-code-10) 171 - [Client Binaries](#client-binaries-10) 172 - [Server Binaries](#server-binaries-10) 173 - [Node Binaries](#node-binaries-10) 174 - [Container Images](#container-images-10) 175 - [Changelog since v1.27.3](#changelog-since-v1273) 176 - [Changes by Kind](#changes-by-kind-10) 177 - [Feature](#feature-9) 178 - [Bug or Regression](#bug-or-regression-10) 179 - [Dependencies](#dependencies-10) 180 - [Added](#added-10) 181 - [Changed](#changed-10) 182 - [Removed](#removed-10) 183 - [v1.27.3](#v1273) 184 - [Downloads for v1.27.3](#downloads-for-v1273) 185 - [Source Code](#source-code-11) 186 - [Client Binaries](#client-binaries-11) 187 - [Server Binaries](#server-binaries-11) 188 - [Node Binaries](#node-binaries-11) 189 - [Container Images](#container-images-11) 190 - [Changelog since v1.27.2](#changelog-since-v1272) 191 - [Important Security Information](#important-security-information-3) 192 - [CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2023-2728-bypassing-enforce-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin) 193 - [Changes by Kind](#changes-by-kind-11) 194 - [Feature](#feature-10) 195 - [Bug or Regression](#bug-or-regression-11) 196 - [Dependencies](#dependencies-11) 197 - [Added](#added-11) 198 - [Changed](#changed-11) 199 - [Removed](#removed-11) 200 - [v1.27.2](#v1272) 201 - [Downloads for v1.27.2](#downloads-for-v1272) 202 - [Source Code](#source-code-12) 203 - [Client Binaries](#client-binaries-12) 204 - [Server Binaries](#server-binaries-12) 205 - [Node Binaries](#node-binaries-12) 206 - [Container Images](#container-images-12) 207 - [Changelog since v1.27.1](#changelog-since-v1271) 208 - [Changes by Kind](#changes-by-kind-12) 209 - [API Change](#api-change-3) 210 - [Feature](#feature-11) 211 - [Failing Test](#failing-test-1) 212 - [Bug or Regression](#bug-or-regression-12) 213 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5) 214 - [Dependencies](#dependencies-12) 215 - [Added](#added-12) 216 - [Changed](#changed-12) 217 - [Removed](#removed-12) 218 - [v1.27.1](#v1271) 219 - [Downloads for v1.27.1](#downloads-for-v1271) 220 - [Source Code](#source-code-13) 221 - [Client Binaries](#client-binaries-13) 222 - [Server Binaries](#server-binaries-13) 223 - [Node Binaries](#node-binaries-13) 224 - [Container Images](#container-images-13) 225 - [Changelog since v1.27.0](#changelog-since-v1270) 226 - [Changes by Kind](#changes-by-kind-13) 227 - [Bug or Regression](#bug-or-regression-13) 228 - [Dependencies](#dependencies-13) 229 - [Added](#added-13) 230 - [Changed](#changed-13) 231 - [Removed](#removed-13) 232 - [v1.27.0](#v1270) 233 - [Downloads for v1.27.0](#downloads-for-v1270) 234 - [Source Code](#source-code-14) 235 - [Client Binaries](#client-binaries-14) 236 - [Server Binaries](#server-binaries-14) 237 - [Node Binaries](#node-binaries-14) 238 - [Container Images](#container-images-14) 239 - [Changelog since v1.26.0](#changelog-since-v1260) 240 - [Known Issues](#known-issues) 241 - [The PreEnqueue extension point doesn't work for Pods going to activeQ through backoffQ](#the-preenqueue-extension-point-doesnt-work-for-pods-going-to-activeq-through-backoffq) 242 - [Urgent Upgrade Notes](#urgent-upgrade-notes) 243 - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade) 244 - [Changes by Kind](#changes-by-kind-14) 245 - [Deprecation](#deprecation) 246 - [API Change](#api-change-4) 247 - [Feature](#feature-12) 248 - [Documentation](#documentation) 249 - [Failing Test](#failing-test-2) 250 - [Bug or Regression](#bug-or-regression-14) 251 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6) 252 - [Dependencies](#dependencies-14) 253 - [Added](#added-14) 254 - [Changed](#changed-14) 255 - [Removed](#removed-14) 256 - [v1.27.0-rc.1](#v1270-rc1) 257 - [Downloads for v1.27.0-rc.1](#downloads-for-v1270-rc1) 258 - [Source Code](#source-code-15) 259 - [Client Binaries](#client-binaries-15) 260 - [Server Binaries](#server-binaries-15) 261 - [Node Binaries](#node-binaries-15) 262 - [Container Images](#container-images-15) 263 - [Changelog since v1.27.0-rc.0](#changelog-since-v1270-rc0) 264 - [Changes by Kind](#changes-by-kind-15) 265 - [Feature](#feature-13) 266 - [Bug or Regression](#bug-or-regression-15) 267 - [Dependencies](#dependencies-15) 268 - [Added](#added-15) 269 - [Changed](#changed-15) 270 - [Removed](#removed-15) 271 - [v1.27.0-rc.0](#v1270-rc0) 272 - [Downloads for v1.27.0-rc.0](#downloads-for-v1270-rc0) 273 - [Source Code](#source-code-16) 274 - [Client Binaries](#client-binaries-16) 275 - [Server Binaries](#server-binaries-16) 276 - [Node Binaries](#node-binaries-16) 277 - [Container Images](#container-images-16) 278 - [Changelog since v1.27.0-beta.0](#changelog-since-v1270-beta0) 279 - [Changes by Kind](#changes-by-kind-16) 280 - [API Change](#api-change-5) 281 - [Feature](#feature-14) 282 - [Bug or Regression](#bug-or-regression-16) 283 - [Dependencies](#dependencies-16) 284 - [Added](#added-16) 285 - [Changed](#changed-16) 286 - [Removed](#removed-16) 287 - [v1.27.0-beta.0](#v1270-beta0) 288 - [Downloads for v1.27.0-beta.0](#downloads-for-v1270-beta0) 289 - [Source Code](#source-code-17) 290 - [Client Binaries](#client-binaries-17) 291 - [Server Binaries](#server-binaries-17) 292 - [Node Binaries](#node-binaries-17) 293 - [Container Images](#container-images-17) 294 - [Changelog since v1.27.0-alpha.3](#changelog-since-v1270-alpha3) 295 - [Urgent Upgrade Notes](#urgent-upgrade-notes-1) 296 - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1) 297 - [Changes by Kind](#changes-by-kind-17) 298 - [Deprecation](#deprecation-1) 299 - [API Change](#api-change-6) 300 - [Feature](#feature-15) 301 - [Documentation](#documentation-1) 302 - [Failing Test](#failing-test-3) 303 - [Bug or Regression](#bug-or-regression-17) 304 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7) 305 - [Dependencies](#dependencies-17) 306 - [Added](#added-17) 307 - [Changed](#changed-17) 308 - [Removed](#removed-17) 309 - [v1.27.0-alpha.3](#v1270-alpha3) 310 - [Downloads for v1.27.0-alpha.3](#downloads-for-v1270-alpha3) 311 - [Source Code](#source-code-18) 312 - [Client Binaries](#client-binaries-18) 313 - [Server Binaries](#server-binaries-18) 314 - [Node Binaries](#node-binaries-18) 315 - [Container Images](#container-images-18) 316 - [Changelog since v1.27.0-alpha.2](#changelog-since-v1270-alpha2) 317 - [Changes by Kind](#changes-by-kind-18) 318 - [Deprecation](#deprecation-2) 319 - [API Change](#api-change-7) 320 - [Feature](#feature-16) 321 - [Documentation](#documentation-2) 322 - [Failing Test](#failing-test-4) 323 - [Bug or Regression](#bug-or-regression-18) 324 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-8) 325 - [Dependencies](#dependencies-18) 326 - [Added](#added-18) 327 - [Changed](#changed-18) 328 - [Removed](#removed-18) 329 - [v1.27.0-alpha.2](#v1270-alpha2) 330 - [Downloads for v1.27.0-alpha.2](#downloads-for-v1270-alpha2) 331 - [Source Code](#source-code-19) 332 - [Client Binaries](#client-binaries-19) 333 - [Server Binaries](#server-binaries-19) 334 - [Node Binaries](#node-binaries-19) 335 - [Container Images](#container-images-19) 336 - [Changelog since v1.27.0-alpha.1](#changelog-since-v1270-alpha1) 337 - [Changes by Kind](#changes-by-kind-19) 338 - [API Change](#api-change-8) 339 - [Feature](#feature-17) 340 - [Bug or Regression](#bug-or-regression-19) 341 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-9) 342 - [Dependencies](#dependencies-19) 343 - [Added](#added-19) 344 - [Changed](#changed-19) 345 - [Removed](#removed-19) 346 - [v1.27.0-alpha.1](#v1270-alpha1) 347 - [Downloads for v1.27.0-alpha.1](#downloads-for-v1270-alpha1) 348 - [Source Code](#source-code-20) 349 - [Client Binaries](#client-binaries-20) 350 - [Server Binaries](#server-binaries-20) 351 - [Node Binaries](#node-binaries-20) 352 - [Container Images](#container-images-20) 353 - [Changelog since v1.26.0](#changelog-since-v1260-1) 354 - [Changes by Kind](#changes-by-kind-20) 355 - [Deprecation](#deprecation-3) 356 - [API Change](#api-change-9) 357 - [Feature](#feature-18) 358 - [Documentation](#documentation-3) 359 - [Failing Test](#failing-test-5) 360 - [Bug or Regression](#bug-or-regression-20) 361 - [Other (Cleanup or Flake)](#other-cleanup-or-flake-10) 362 - [Dependencies](#dependencies-20) 363 - [Added](#added-20) 364 - [Changed](#changed-20) 365 - [Removed](#removed-20) 366 367 <!-- END MUNGE: GENERATED_TOC --> 368 369 # v1.27.14 370 371 372 ## Downloads for v1.27.14 373 374 375 376 ### Source Code 377 378 filename | sha512 hash 379 -------- | ----------- 380 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes.tar.gz) | d7f966e5b73963337323a6d95b28d198c2115bb60eb3b7a5eae749ae3875523694d91503e4031705a672682b06129c324f97ed9306888adb6a2a0ff67047c69f 381 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-src.tar.gz) | 28646ba71b4ddad212624fb7806bb3d667f367de9c908462fa581d6a48a5d041bb5ed34db5a4a529617150b7b1e5f242f1076ea0f3ce9aaf12aa11a40e828d1d 382 383 ### Client Binaries 384 385 filename | sha512 hash 386 -------- | ----------- 387 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-client-darwin-amd64.tar.gz) | fc48ef433cad64c2ed6ee7c74d55577327da461cac8381e072030b424be1249efd72f91b1d5558b6c8b27949fdd3ea14f721af497e47c327515d88de75230253 388 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-client-darwin-arm64.tar.gz) | 5b59eca28d9f8fcc3039d549db91713e724c21eebbc81e8ea15a424d61e8638d918d02ab67bf7e279fb4e9980f46bdd0b8ddd1dc34c166d5c00b141e39664cab 389 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-client-linux-386.tar.gz) | 97b82d3671a07a754fd1ce82eeec0b1e81e8ff76cb73c4b79f24cdaa73d63d0039bb979773147bd38bf19bbe8802692a91e27d33c1a7544cc244bb5ff2e7493c 390 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-client-linux-amd64.tar.gz) | 9f4715aad258134b1ec3eee0e7245aa40dc8846e74cba5f68c9cb4496ecfebbb342c8f20e9552516a8f4903292cbd92f365c04886e374420f1153065ac8b93b4 391 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-client-linux-arm.tar.gz) | 4b67e6236108b5428a5158c699e5c1dc73e5a467c427e235965ee0ced13e22d22d96e7f242ff333cdc9aa3e137044f20cecf331fd49fd0801359d23bf7be5e88 392 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-client-linux-arm64.tar.gz) | cc80e23ec1d332da2264055078295ad9bd4c5a59ea43af57865d82c8e27ae5766837bdcab896e9fc9b6ff8ec82cf0840ed30d58440f99d5ec9de9eb3ef52d449 393 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-client-linux-ppc64le.tar.gz) | b14b9141fb1fc3ee0f7fd65628322353a092633cadefb46f31e8d4ae720422b47134d3476f5a2ae42f0ab08e4d7e3246316dea6c2372cb118d6fef016ca5af40 394 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-client-linux-s390x.tar.gz) | 80443a6837c25748b770aa52412e293c04cacf0ae58d7986ccce9d318c095828ef3d0f9c6b1267b85c8c0ea636159d2df711ef2b2a9d9dc0886ff8244269aef1 395 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-client-windows-386.tar.gz) | b4320130c044505ed6cf0544cf8d6b243a9b4a9387f05341bf1e8b8de889b810fcc5578f82d20e512c9cc1e048d2015e512ec3a90011a90cacb14910d7ad7cf4 396 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-client-windows-amd64.tar.gz) | 04c1ec7e4d98d253aad38ec7f2c6a15d40ef5077a1a7fe0f388cec3ba4ea13074cbe61ab0894b0a498cd223db2e8c71bc4e4e53df5f6e1cebf93f43cf2810663 397 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-client-windows-arm64.tar.gz) | 2b156588703b2aa5ef34186a1fb8ee866af28daf157b2450bfb94102ac89dc729dcc6f8f987229dcff0547aadaeff22073acb2ee4f93abb44433059b41a40ae6 398 399 ### Server Binaries 400 401 filename | sha512 hash 402 -------- | ----------- 403 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-server-linux-amd64.tar.gz) | 771e4d275897979d14798ca9c838fea0c0ba585be03e0b42b0fd7e3792366a8ea2af10a6fee5c8786d4cd7353b3199de0d64120988dc5da03d7e5f2ed8603173 404 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-server-linux-arm64.tar.gz) | 70cf9e3201e592f9aab6b47add3a113e95af2c20690ff46669dbcaf7ca0a08defb569b50435367e61b10f70dac1f3897607a99f65aedc39da4b15471f058277f 405 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-server-linux-ppc64le.tar.gz) | cef3e6859a394cfd6de1ebf19c3fd4c9ad3c71c28c1d21d1f591f79c07018d28e0194662dcf1d2a4b876838bb81bf4184706923a2a0b5d410442c2b2d97dc735 406 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-server-linux-s390x.tar.gz) | 35b663347df39669773cf1df25f3269d448b72fcc8242b4d89aca84f32005bd6bb0b98368679ba79295c43f3d1075c2c4ebeb3b6a02217ffc78f88225c478d62 407 408 ### Node Binaries 409 410 filename | sha512 hash 411 -------- | ----------- 412 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-node-linux-amd64.tar.gz) | 425fb236673983a72945997a209949151b5654a3fe21c2dcd20fe8bfa1fa31cf29f500ba094d308de2b0bc6ce8dd7a01369a4a0878959e743e2129ff6c7893c1 413 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-node-linux-arm64.tar.gz) | 4d1e3419dc375fd91a0d25d5f875a8013a33d517ffb3cb37f6dbfa57902fbf4314025ed3f1d687e6d6bc13359990e7cf6a606873bcc1897fb65adcbbc05c1c7a 414 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-node-linux-ppc64le.tar.gz) | 3b360f8da45eef36100945476a895598a3b9375f32443c9674569807f3b85d78528354d11643b8cad89ee51caed063d513ce19a34967058da12df0ca2958ce3a 415 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-node-linux-s390x.tar.gz) | a7f45b60c9dc3b5941e7134ae1ae56972f5c630682811bce3b2e8273d3b85cb1ac1e891045b84ad448af01e67ee7f9695f2cea017593c93786971b8929d5a2f6 416 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.14/kubernetes-node-windows-amd64.tar.gz) | 96833cebd6a50fba194d6e1fcdd1cc6ca77dc325ba5a80e135fd8332f44bcb9e61c97951765980f56f887e92ca529bd8fd53ce6098b23a777429807f49a0556d 417 418 ### Container Images 419 420 All container images are available as manifest lists and support the described 421 architectures. It is also possible to pull a specific architecture directly by 422 adding the "-$ARCH" suffix to the container image name. 423 424 name | architectures 425 ---- | ------------- 426 [registry.k8s.io/conformance:v1.27.14](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-s390x) 427 [registry.k8s.io/kube-apiserver:v1.27.14](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-s390x) 428 [registry.k8s.io/kube-controller-manager:v1.27.14](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-s390x) 429 [registry.k8s.io/kube-proxy:v1.27.14](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-s390x) 430 [registry.k8s.io/kube-scheduler:v1.27.14](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-s390x) 431 432 ## Changelog since v1.27.13 433 434 ## Changes by Kind 435 436 ### Bug or Regression 437 438 - Fixed PersistentolumeLabel providing wrong topology labels to Azure Disk PersistentVolumes when the external Azure cloud provider is used. ([#124528](https://github.com/kubernetes/kubernetes/pull/124528), [@jsafrane](https://github.com/jsafrane)) [SIG Cloud Provider] 439 - Fixed a bug that a pod may remain unscheduled if any PreFilter plugin returns nodes that do not exist. ([#124765](https://github.com/kubernetes/kubernetes/pull/124765), [@chengjoey](https://github.com/chengjoey)) [SIG Scheduling and Testing] 440 441 ## Dependencies 442 443 ### Added 444 _Nothing has changed._ 445 446 ### Changed 447 _Nothing has changed._ 448 449 ### Removed 450 _Nothing has changed._ 451 452 453 454 # v1.27.13 455 456 457 ## Downloads for v1.27.13 458 459 460 461 ### Source Code 462 463 filename | sha512 hash 464 -------- | ----------- 465 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes.tar.gz) | d3fe54bd77a722b0d46b89aba321a5ab16c93f4f1b32646643a9d780f466149fd35d205cd18838a5a46abfb0f6ff29185e0c93d627a9b4dfe3f2ca3710c67f75 466 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-src.tar.gz) | 65dfd50d6a1cdd5cbcbe1cf346949d1e0e99fbe747a7f95e66db52bf3a318afcfb514232e856f4fccaef4935d85fc71cd27dc77544711189c059e45587aa6067 467 468 ### Client Binaries 469 470 filename | sha512 hash 471 -------- | ----------- 472 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-client-darwin-amd64.tar.gz) | 7ddf02f44ee8d119b2876f1864da1cde5e1c3b2b10dc14a535b9b30799e08064bfb7285ae9df55a1a4dec73f83fe2b0631cc17eb3b607152cd6ab6879dd5f987 473 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-client-darwin-arm64.tar.gz) | 3a0fd8050e3cfe36bcbd905b199139589a7dcacb5be4f218b5e0f2bfef692c082ee007b8415e91cbb6566648f4dd5ff7566d24834764a75e879b7e6a64bcd658 474 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-client-linux-386.tar.gz) | e95d44a3859d86fadf35a0727c628e0c12aea3cc4d98a0ca06d9aaa68800155dc355eb1fdc54711be7a630c98263e155f82f1557196895f307ee85b45db6f5fb 475 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-client-linux-amd64.tar.gz) | 6480d87386b766f379f6cd2356e87be089c8e1656e71ee8e4cb6878b71b724c0b8461ba40b2b416f6e43b9525ccffaa1df7d528b891fe57da97bfbde7c51352c 476 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-client-linux-arm.tar.gz) | b13502a952b8bbc481ea08657ec86c2520e2e9b563017fc706e902f437e14532bd71f5805d611dc5c013754566d555230a561692e86c0f4b8171db0bcc80422c 477 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-client-linux-arm64.tar.gz) | 38b59a701b21d2ce4473579556354d1beeec71d69e31a0138a4c036af163281aed3677e641827226b9ee6aedf56c0f96bb7c7f0dcce23b7242be138282ca42eb 478 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-client-linux-ppc64le.tar.gz) | 37b34738df126e7812b4609fed507bc01914d40acba0db5e9b23082a000df37eb9d3e867a6dc79c48057ecfd0c5d3c25259fcd3acc7e1d9ea98be9dfecaf8ccb 479 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-client-linux-s390x.tar.gz) | 20e62246595d9605e8611cd6972da3be57fffa14da62c502f3cb3267266eb7c891cb4af66677a872bf638a27a7c822fa4628a428e39f08a9e3c9ae00277f4e73 480 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-client-windows-386.tar.gz) | 9ba18d9a959f17c2ff5caf99f31d3e0e0e84927d7c1be408518d99b7bc669e1393ff3b5f3c1368f27e4dae303ad70c2dc79bdcea42f7853170398f885d77bbe9 481 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-client-windows-amd64.tar.gz) | f009f13428119ce9239ab1444bcd7c20796382c108c2e44adfc7cdb8874cf7acaf65bf3ce723dd2b395154196b1bcc1fec79625409226b31b563aae86741903d 482 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-client-windows-arm64.tar.gz) | 12a1716be5aa0bbd863ac330ae0beb59a0aea5f74be704bfd2e2849b9ecdb5ce10e2a86e71558ee3a40d839993ae21692f9cf6e8350c2969f528b6406e8f243c 483 484 ### Server Binaries 485 486 filename | sha512 hash 487 -------- | ----------- 488 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-server-linux-amd64.tar.gz) | 6d5a3313e5e336c3877ca4202a94c4d8320f53d3c1fe29d81aff2ca8b2d3ae3cce035c84b5322821fa78f4e2cdc51321dc33b95f9baf00942d6d4d56cfd19e69 489 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-server-linux-arm64.tar.gz) | a14658d0147077d2c0a63d84ebb321666537e6be55e9dccf86eb391e10a65d917b02ea5b3ccf7b8ee14af32e4f7a9b71dd631b691cc18f53ceda19e61e6b2e7b 490 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-server-linux-ppc64le.tar.gz) | e51c928c658457b32ff1c7cbf716fdf9519342f0da54dd32f198c4c0edbf5c62b1379c06e872ec07780672b2e1b203d84e1cd103f40e3de2a30ae4dc25c060ae 491 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-server-linux-s390x.tar.gz) | fa89cb300e4b9ac75c0439b32fc1a4f77904b3f2b47184530345d00d45b2cfe8555244f62be562c47aef50c6c9132e1c7f109de198ca07d6d4ca75801a87659e 492 493 ### Node Binaries 494 495 filename | sha512 hash 496 -------- | ----------- 497 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-node-linux-amd64.tar.gz) | b6fc891bda8f29f214723cf9ccd08ac282e4aed0ba76981008be40088a7d8132ed74d8ddd4aa23cd09e438a9801b51aebc582d52f06526114b19aa164c9725f1 498 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-node-linux-arm64.tar.gz) | 751ac5bf9d06b3ca521a3c17b5f4265c76dade6759af543ca57e5395c63baf6db4a91d67df09b604aaec128b312e92a7faff43d8a7ae3218df5481201445a7ae 499 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-node-linux-ppc64le.tar.gz) | 5ef40c6c887c8a8a91612bbd751d4e7c63582c74e3475c9444ad36415577653ee01f4a72a987f20e0faee5dc35bc2c91b4de737caf0e10336b3828cecaa18378 500 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-node-linux-s390x.tar.gz) | d418dee6b26d781d13b6e3d6b7baaf6cda994474042651385e56891c4823421cb4a868f7f2d4824afcdbfaa9e314ef40791db6afa5354163180083475406dc2c 501 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.13/kubernetes-node-windows-amd64.tar.gz) | a87a4f1e64026ba8dab92f64b6fdd02bba095be6098ab79e647082b2312d9a4442e9926f09e8a07f12d8003b712a15fbe109626ae2e796f961cf1c42b439925c 502 503 ### Container Images 504 505 All container images are available as manifest lists and support the described 506 architectures. It is also possible to pull a specific architecture directly by 507 adding the "-$ARCH" suffix to the container image name. 508 509 name | architectures 510 ---- | ------------- 511 [registry.k8s.io/conformance:v1.27.13](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-s390x) 512 [registry.k8s.io/kube-apiserver:v1.27.13](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-s390x) 513 [registry.k8s.io/kube-controller-manager:v1.27.13](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-s390x) 514 [registry.k8s.io/kube-proxy:v1.27.13](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-s390x) 515 [registry.k8s.io/kube-scheduler:v1.27.13](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-s390x) 516 517 ## Changelog since v1.27.12 518 519 ## Important Security Information 520 521 This release contains changes that address the following vulnerabilities: 522 523 ### CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin 524 525 A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. 526 527 **Affected Versions**: 528 - kube-apiserver v1.29.0 - v1.29.3 529 - kube-apiserver v1.28.0 - v1.28.8 530 - kube-apiserver <= v1.27.12 531 532 **Fixed Versions**: 533 - kube-apiserver v1.29.4 534 - kube-apiserver v1.28.9 535 - kube-apiserver v1.27.13 536 537 This vulnerability was reported by tha3e1vl. 538 539 540 **CVSS Rating:** Low (2.7) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) 541 542 ## Changes by Kind 543 544 ### Feature 545 546 - Kubernetes is now built with go 1.21.9 ([#124199](https://github.com/kubernetes/kubernetes/pull/124199), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 547 548 ### Bug or Regression 549 550 - Fix pod restart after node reboot when NewVolumeManagerReconstruction feature gate is enabled and SELinuxMountReadWriteOncePod disabled ([#124142](https://github.com/kubernetes/kubernetes/pull/124142), [@bertinatto](https://github.com/bertinatto)) [SIG Node] 551 - Golang.org/x/net is bumped to v0.23.0 to address CVE-2023-45288 ([#124178](https://github.com/kubernetes/kubernetes/pull/124178), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] 552 - Kube-apiserver: fixes a 1.27+ regression in watch stability by serving watch requests without a resourceVersion from the watch cache by default, as in <1.27 (disabling the change in #115096 by default). This mitigates the impact of an etcd watch bug (https://github.com/etcd-io/etcd/pull/17555). If the 1.27 change in #115096 to serve these requests from underlying storage is still desired despite the impact on watch stability, it can be re-enabled with a `WatchFromStorageWithoutResourceVersion` feature gate. ([#124007](https://github.com/kubernetes/kubernetes/pull/124007), [@serathius](https://github.com/serathius)) [SIG API Machinery] 553 - Kubeadm: fix panic in the command "kubeadm certs check-expiration" when "/etc/kubernetes/pki" exists but cannot be read. ([#124124](https://github.com/kubernetes/kubernetes/pull/124124), [@carlory](https://github.com/carlory)) [SIG Cluster Lifecycle] 554 - NONE ([#124325](https://github.com/kubernetes/kubernetes/pull/124325), [@ritazh](https://github.com/ritazh)) [SIG Auth] 555 556 ## Dependencies 557 558 ### Added 559 _Nothing has changed._ 560 561 ### Changed 562 - golang.org/x/crypto: v0.16.0 → v0.21.0 563 - golang.org/x/net: v0.19.0 → v0.23.0 564 - golang.org/x/sys: v0.15.0 → v0.18.0 565 - golang.org/x/term: v0.15.0 → v0.18.0 566 567 ### Removed 568 _Nothing has changed._ 569 570 571 572 # v1.27.12 573 574 575 ## Downloads for v1.27.12 576 577 578 579 ### Source Code 580 581 filename | sha512 hash 582 -------- | ----------- 583 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes.tar.gz) | 2d36d018d6626b843e68204792d41d62fd839c0356179ef786c7f5b8cc00564172f9749bdd73b52778e587ad1448f534e9f418fd13013f1dda5974b0787fe5e6 584 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-src.tar.gz) | f177e1a45a9d273955d9dffeb801f2e964bb1f88bd1e494bf0cf5c9bbf5112480338ec27d8b5eab407cd87ac461f6df499b1a1ba5f94fae3a4121318cd99b4dc 585 586 ### Client Binaries 587 588 filename | sha512 hash 589 -------- | ----------- 590 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-client-darwin-amd64.tar.gz) | 22786d81da77a4cae3e213c6f73173d0109fb5406a63f6a9949fbffe32bd9b93c21aa48eb7146c184d60cf61fa95d4eb6f7837cf59d7cf69e5dba37ffe2e6bb9 591 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-client-darwin-arm64.tar.gz) | f1498ae12c619e94455f72efafc1d08766737f438d9f52489637159940bf71b7e241a07069be1b7aade6423eb53e4e3e95eb62e46325777c7d3ade326263249c 592 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-client-linux-386.tar.gz) | acdb9a1254f09950411831d364c7f60482651d96122df35af400f27808b9c5f41c791ce56b4954529f5b15f48f95a3b4393c5c2f0803fa26f7e9079ac5572033 593 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-client-linux-amd64.tar.gz) | fb0feb0ff69808741a12ed0d498c7e7be292e96e90ba7da954a9c24c9c02a7fef82b432ab8c0afd098eced66779b36426ea86d46be320cf598147dcef5322bd2 594 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-client-linux-arm.tar.gz) | 06f928e8e83b93c0fbee7e023b7e6bd8ce976022b8bc2681e78393e597b73744a06ac0e23b9ea1cb227f01385d15a1fb6d791fbeb0a26c8fc38dab284ac94534 595 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-client-linux-arm64.tar.gz) | 0e453c4e68b254b6dc1d9e42388962e6c9952e8a7080a5ffefae7de56b52bf46027d0cc12393471017bca34d5ef36196f1d00fc4b8cbca29ae714253376ffa8d 596 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-client-linux-ppc64le.tar.gz) | 1438d4793fef13348508117bb5de9711fcc32886ea680cf64edf6898f73da5202465a7ed130303a670af3128a11464ca7a54d8d6f1af08bca574429dd5b56978 597 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-client-linux-s390x.tar.gz) | 513aa091b4cbfd3e7f5f6baf23909d2edae166255a09d876a14120dec80d87749c6b9e1b5e66f6b54b8018f7a6a015dad53bdb38028c697c4543942e87b8888e 598 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-client-windows-386.tar.gz) | 60412665e2e9764c9bae2f38162ed137b7f4147077b4a18a7312ed942c8145b3ea2ad4ea63181d5c344c5e7964c6d101e483291edf7d2e8e7c1ef2e9e1e86b59 599 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-client-windows-amd64.tar.gz) | 4175ebb2454eb30865082a44d5e58273710ca252abdd31c3b60348a742782a4c3b9c2f8923a9e96b638566bde893bc3a7467c644444473fcb56d45f74e726e5c 600 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-client-windows-arm64.tar.gz) | 6d91beee31d1a512b256ca5743b2db6b5ebe574d68bfbe18d0a65aa9e1002eae2974bcb9ebb793de841f366f5aa583549b588f91692ee6d73f1062e9a8ac2de7 601 602 ### Server Binaries 603 604 filename | sha512 hash 605 -------- | ----------- 606 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-server-linux-amd64.tar.gz) | 78c816adec98739bcadd1a5c66a2a95e1deaa486b2b5edda5b84ece158eeaf63d54e91cac4dc2277efd5ab1c9049d6d4ee6566219766011991c608db77cda067 607 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-server-linux-arm64.tar.gz) | 5c6130c76fc627887b003e4fa2fb36760bc2a88bd9cc390bc2157e584e5c85c5d48b00dd6b2ec9b7ec901b1207bb5ed6ee7374f8298c77d06dec36669e311005 608 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-server-linux-ppc64le.tar.gz) | 2e6c36e89533798c0cb80aaef5cefc6dcd9c5bcc58ec0bee30ba592524672d9ee33f61880c9ac2093971eed69695e8b0e642bfb5918168cb3fb52538c2e6147b 609 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-server-linux-s390x.tar.gz) | 42f3814f16eadb0b7173d71186f0cac8e874528ac91ecd2a4b042ce906ecf23b31409bef3f0230691c2ec751056c9ea288642d9510b8feb75ba37f1f5c2787ee 610 611 ### Node Binaries 612 613 filename | sha512 hash 614 -------- | ----------- 615 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-node-linux-amd64.tar.gz) | e8183e5666fb3950f7e7c4ffcf1fffc21901f14ce369a427cf6b8c90a1c3d354c62b8312eb14af2f9ac0debbf67b60fad5c52f6fe34efe4575f29d6b3dad227a 616 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-node-linux-arm64.tar.gz) | c1737bf7bff67ec514a6a3e085419afc740833e896529e119e3e5e7b19b3f72806c6d164d0aa35dfd88964515673071af155fa2993487ce5a48d8d9e4f50ed4d 617 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-node-linux-ppc64le.tar.gz) | 91f423959b5384682cece3ba89d94b0d028a76339e2dbd7f0696248498dbf5f8cbeea54d3c9838d598cb5ed4acb20d91fbed83a3ed45ed2ba862c7176ab40b27 618 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-node-linux-s390x.tar.gz) | 6d723542905889d2600eb4b557228d15299b53b7941628c4486149b9e30ec72ff64cd2a781839e8b7bcb4966d849d2a11d2dabe3a76c4077feb9136e86464dc1 619 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.12/kubernetes-node-windows-amd64.tar.gz) | c19cad0359c86a55296b222b1f0cac7895fb7c55337ab6b7984e4c32338f9401f66194be53c19b4ab3ff1cada291a3d7a2a3f2865bd7c6184cdbb9a529cab9c2 620 621 ### Container Images 622 623 All container images are available as manifest lists and support the described 624 architectures. It is also possible to pull a specific architecture directly by 625 adding the "-$ARCH" suffix to the container image name. 626 627 name | architectures 628 ---- | ------------- 629 [registry.k8s.io/conformance:v1.27.12](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/conformance-s390x) 630 [registry.k8s.io/kube-apiserver:v1.27.12](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-apiserver-s390x) 631 [registry.k8s.io/kube-controller-manager:v1.27.12](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-controller-manager-s390x) 632 [registry.k8s.io/kube-proxy:v1.27.12](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-proxy-s390x) 633 [registry.k8s.io/kube-scheduler:v1.27.12](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler) | [amd64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/artifacts/docker/k8s-artifacts-prod/southamerica-east1/images/kube-scheduler-s390x) 634 635 ## Changelog since v1.27.11 636 637 ## Changes by Kind 638 639 ### Feature 640 641 - Kubernetes is now built with go 1.21.8 642 - update distroless-iptables to v0.4.6 ([#123771](https://github.com/kubernetes/kubernetes/pull/123771), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 643 644 ### Bug or Regression 645 646 - Fixed cleanup of Pod volume mounts when a file was used as a subpath. ([#123052](https://github.com/kubernetes/kubernetes/pull/123052), [@jsafrane](https://github.com/jsafrane)) [SIG Node] 647 - Fixed the disruption controller's PDB status synchronization to maintain all PDB conditions during an update. ([#122056](https://github.com/kubernetes/kubernetes/pull/122056), [@dhenkel92](https://github.com/dhenkel92)) [SIG Apps] 648 - Fixes an issue calculating total CPU usage reported for Windows nodes ([#122999](https://github.com/kubernetes/kubernetes/pull/122999), [@marosset](https://github.com/marosset)) [SIG Node and Windows] 649 - Updates google.golang.org/protobuf to v1.33.0 to resolve CVE-2024-24786 ([#123765](https://github.com/kubernetes/kubernetes/pull/123765), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] 650 651 ### Other (Cleanup or Flake) 652 653 - Build etcd image v3.5.12 ([#123069](https://github.com/kubernetes/kubernetes/pull/123069), [@bzsuni](https://github.com/bzsuni)) [SIG API Machinery and Etcd] 654 655 ## Dependencies 656 657 ### Added 658 _Nothing has changed._ 659 660 ### Changed 661 - github.com/golang/protobuf: [v1.5.3 → v1.5.4](https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4) 662 - google.golang.org/protobuf: v1.31.0 → v1.33.0 663 664 ### Removed 665 _Nothing has changed._ 666 667 668 669 # v1.27.11 670 671 672 ## Downloads for v1.27.11 673 674 675 676 ### Source Code 677 678 filename | sha512 hash 679 -------- | ----------- 680 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes.tar.gz) | 9a31c35d35d7b28a25b0bafdb95a960c8855db4c0736e5a6e434a52683deb0cf366ffcdb7e673c4d1e77891667c509368fba29bf3f3254802b7d0557d76b591a 681 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-src.tar.gz) | de20cf5725b5b67418c55636c92682f186f4881ab0d6239570ac2c080bf661e759f22d2b194f9f152580906a06303df5b7a631fecd2d101e4b51c790ecfacb08 682 683 ### Client Binaries 684 685 filename | sha512 hash 686 -------- | ----------- 687 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-client-darwin-amd64.tar.gz) | a37750a02efaf5809353bb65cccf3dded569dfac601ddfa2f9212f1714f1e419a5c9dcd81e64d80077f52f723a27744146f9f6d0aaa0c2b8216eb95317a65e20 688 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-client-darwin-arm64.tar.gz) | 95b734b6ce492a4936d4cce1807cc6246da774f54af73de59ca24dd59304d899422b904e236b55410ffac188fc331ab5591b9d2a51a636ab4419a626871eee16 689 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-client-linux-386.tar.gz) | c6e689e642d994147632f8ce2ba2833d873517f5b0d3dc22fa39437e1e8fbca7a5bd9aaa057699370d293c7b65e11a032fda274926bfd07f9485e4f6b5085f5c 690 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-client-linux-amd64.tar.gz) | 00af83d099771ae5cdca9e81cb372f0581675b229ab453493ec5452962cae590ca39931dbfb33350acee19b567a40b2cda3f4c881b554a9c1480b66dddcaea18 691 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-client-linux-arm.tar.gz) | 752e329575e6264b3063053605059ca08c55e5fd54bf0981b74e24dacb4081876b4af6487e1eb9b55eb611355756017625e354e0d7b5d8677b4c7cf2b6d17811 692 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-client-linux-arm64.tar.gz) | e0eeb4bdd249af17127b94bad5c2e6d72d088a0c017df2368a06c3997a910946f7109f1d1a04787effb2e6f14450b66f0a469aadbd46e0c5ab316b92584756da 693 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-client-linux-ppc64le.tar.gz) | e499df039a3efa659b8e49a4e268f5803bdb5514b5c5c37f4e08a05a0319176fcfdaf1f7fcf21aba13c27c09148052ce6fe4ada763ce0f3ea64bc74f922461cf 694 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-client-linux-s390x.tar.gz) | f59fe77e0f9a867d25595f9ef357b9bf499b481f198b739796db6152dd5e1389e7e240088e70b52e94f9122efe40c82cc6ef3b518a75d111ac2abfdf306dcb7f 695 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-client-windows-386.tar.gz) | 69a6e4c7e99deb397910eb72996a373f6cb67e075ea0f0002024b5057cd75d7f4645ffebeef1d07f578e95737cc6e302cccb7b7964ab42cd9bf56466423d2562 696 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-client-windows-amd64.tar.gz) | c1ed87946c8fe6870c57216043c7014133d5b1418a4815d89a338a3e6ac0bda6dc458ef3230cde92019251b918d875175c351bea490aabadaa876dd4e6acf61e 697 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-client-windows-arm64.tar.gz) | 95e834054b7ea6b461326dce7a8dda5a36dc6abdd362e9bf340607b6ce4072c13e9f9c628a86589807b055f5dd3c78f4bc6b4e227f893f945e44431ce43e869d 698 699 ### Server Binaries 700 701 filename | sha512 hash 702 -------- | ----------- 703 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-server-linux-amd64.tar.gz) | f1e029b409b284a7ecb9e7dc09a66e2d0cf7807e1f69612078126c8c531d0195768a2ce03d43f632f7e72aa919755ed42c27a17b9d50ef0d2c0aeac075b59463 704 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-server-linux-arm64.tar.gz) | 6326edc5e2c7155665f4bb38fa402f56379b0d5d11294a07bac9e02e7490ff8e2f11d6fa6894e2356a283b567c339a6ec36ffc0d5094dfe5f1b0551e4f6c7d0a 705 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-server-linux-ppc64le.tar.gz) | b949861fd497fe305e27d02bcd7e7a8220d14d55cd8b0d0448c3da7dbd14191f4cc85cb05dd3c7202ee553ecd2b43fb220b193d3273c94c2a7215e137606c784 706 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-server-linux-s390x.tar.gz) | e081129da8bb8a7b279b7e0630c9e826ac5191b67c2afcd148b403b63604689ba7c48b223e37749596e9de7005edfad9683d49baae50a1bf6c3b6c52f80b7b88 707 708 ### Node Binaries 709 710 filename | sha512 hash 711 -------- | ----------- 712 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-node-linux-amd64.tar.gz) | cd92496fc7449cefdc2fb27dc1f734695a3d9e7b637089859a29e317ddf3991ed3dd79f6c583a7207192f2ad6568ed1cef8c4a499edc031183e23103160c76a0 713 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-node-linux-arm64.tar.gz) | fac3175d89cbf5f912e00e20905ea14ff14649263a6a090ee679152883900f2db1bf73bb7d39c6e63d40b3ff108d64d2ea78963c79471f4a9e511509887c1863 714 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-node-linux-ppc64le.tar.gz) | 76d3f9cfb44ff1d825fdb1ab47eb747c98a55f9b56413d798605e3b953b424409d3b722d28605964fa76d86751e52adc933efe5981964cdf0e8041308863a55c 715 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-node-linux-s390x.tar.gz) | 93b250bdea1993ef480aa4b30664602415d85166b0ebced21edc52b49cc8a4643158d39292a1b0e0375d89ea2da277b41ea7a0b3924f8b09a229b23d8b9839cc 716 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.11/kubernetes-node-windows-amd64.tar.gz) | 443578690e8f363de3cd53a5f0a944b9a0d9b3eec13748cb922d9ff45b352ac237ba9b58285ff6b35472fa18bdc3e3ed48d558b4d918b6b315cafa649a42ae74 717 718 ### Container Images 719 720 All container images are available as manifest lists and support the described 721 architectures. It is also possible to pull a specific architecture directly by 722 adding the "-$ARCH" suffix to the container image name. 723 724 name | architectures 725 ---- | ------------- 726 [registry.k8s.io/conformance:v1.27.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 727 [registry.k8s.io/kube-apiserver:v1.27.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 728 [registry.k8s.io/kube-controller-manager:v1.27.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 729 [registry.k8s.io/kube-proxy:v1.27.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 730 [registry.k8s.io/kube-scheduler:v1.27.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 731 732 ## Changelog since v1.27.10 733 734 ## Changes by Kind 735 736 ### Feature 737 738 - Add process_start_time_seconds to /metrics/slis endpoint of all components ([#122750](https://github.com/kubernetes/kubernetes/pull/122750), [@richabanker](https://github.com/richabanker)) [SIG Architecture, Instrumentation and Testing] 739 - Kubernetes is now built with go 1.21.7 740 - update distroless-iptables to v0.4.5 ([#123229](https://github.com/kubernetes/kubernetes/pull/123229), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 741 742 ### Bug or Regression 743 744 - Fixes a race condition in the iptables mode of kube-proxy in 1.27 and later 745 that could result in some updates getting lost (e.g., when a service gets a 746 new endpoint, the rules for the new endpoint might not be added until 747 much later). ([#122815](https://github.com/kubernetes/kubernetes/pull/122815), [@wedaly](https://github.com/wedaly)) [SIG Network] 748 - If a pvc has an empty storageClassName, persistentvolume controller won't try to assign a default StorageClass ([#122704](https://github.com/kubernetes/kubernetes/pull/122704), [@carlory](https://github.com/carlory)) [SIG Apps and Storage] 749 - Kubeadm: do not upload kubelet patch configuration into `kube-system/kubelet-config` ConfigMap ([#123106](https://github.com/kubernetes/kubernetes/pull/123106), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 750 751 ## Dependencies 752 753 ### Added 754 _Nothing has changed._ 755 756 ### Changed 757 _Nothing has changed._ 758 759 ### Removed 760 _Nothing has changed._ 761 762 763 764 # v1.27.10 765 766 767 ## Downloads for v1.27.10 768 769 770 771 ### Source Code 772 773 filename | sha512 hash 774 -------- | ----------- 775 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes.tar.gz) | e2c2bd6339607fbe2da31b62e6ad3987c3789830a89c76db2edb0744d863a65ace41a2da33ad71489de51a2d950fc34c3700746a12439cbb3fc1d290d9df6b94 776 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-src.tar.gz) | 7a939d7ed2dec0b3b8b5ea2935a85cebdf56e6a9a91ff5404245ddb14ef267701284ed4cb04498ef73e58d50dd0f3d6ab5840c7271e6e0178f78492eb41d82d7 777 778 ### Client Binaries 779 780 filename | sha512 hash 781 -------- | ----------- 782 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-client-darwin-amd64.tar.gz) | 9e1364ea78d65d8ec318ec7db963714f2796bd2837e85447bc23095102cdfb0ca3093bb91c414fc957237bfeec0ce4cc304cb9710c248bb26493947b38869b45 783 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-client-darwin-arm64.tar.gz) | c63e41d5b34968cf0eff8e5315d04623d0aa311555b5d2b78bba58d9de938919ccaa4b7b698c123c79bbdf2bc0a35ce4c92bfdad7cc120b98d4bf6429cab1460 784 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-client-linux-386.tar.gz) | 93e545e1111bb8fd99843d96eb3ab0a5eb5323448b07e4b31d97f158756f95a75bad432ffc6df8f6be1ffa64c0b6529cb95f48a5710debb8ebf2d0a8f2ef11a4 785 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-client-linux-amd64.tar.gz) | da988a720d1eccdfc3be41a18b4cbb5c95bd81b465720afb2e8250d4b336196efe390b0944ef8ff456bb557fe4ee570e793f612959cae190c0dc32ffbc4c84ec 786 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-client-linux-arm.tar.gz) | c94631388be496dcd529da8b6b703e8980ecb00681e17bb67192ad8a8893aaaba1972a1f45d84281e68f75c04b4559385101826b84fbbd3502eef66231fc7b4f 787 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-client-linux-arm64.tar.gz) | f32cd2498b5b527b63505530ac55aba3e1a6626d132e730c9699d59fc909d8e24fa0898991a07007e57811ce2c049b8d0c645d6a0ec7e3d264f1b9d2aab7cb53 788 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-client-linux-ppc64le.tar.gz) | b9f914adf2aa5432cc9379cf7e4e8a1e5c5d5a4e099fded65bde39e35dfcf7540b33e003e89e3f291c13c2a97cb9c14b598f62574da1afa7af9834f87faeea24 789 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-client-linux-s390x.tar.gz) | 845e951aeceef72af7b057a77627b9ed42bbbf616b3a315dc82d9064d5d89abb306119543411ba1f68ec07f274530ed798cce4b35748de80e8fd4cccdcc88599 790 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-client-windows-386.tar.gz) | aabd7f420a0e75a9aa5f2918a2ed9abab6322c6ed96128625886212e9271f1c3efb79df349a358f83c5f60e51d18700c0dad8f1b635f17cf6e679324b6b4bd63 791 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-client-windows-amd64.tar.gz) | 372143250084888a54e535f10298efb49b3d9a74580100676a25d055150c93eafb58fa263de3253563b011613911726f3eb57349dcb1f9a0d462a962c17ce1e4 792 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-client-windows-arm64.tar.gz) | ef18c6aafe213f648403a65173bd6b540563d9469b2056816307a891d8a47c7eacb219efd9efb73bef9192a275f3387e8c34da022797f0c2f55cd8f4c3fb0981 793 794 ### Server Binaries 795 796 filename | sha512 hash 797 -------- | ----------- 798 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-server-linux-amd64.tar.gz) | 82ba4e852298f8ecb1b0b1d80d686d49b1fddbaad7352ad74c1530f3bccd1d088e11ea354224dd1c2caad9f0575a8cda9ae089429a0748b30c16fb4ca16f455a 799 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-server-linux-arm64.tar.gz) | 3ce89c7b4c6ef3ae262213d86d335336e3181c184306c48ed591aec9b8955e4d2c54f8f953395394d947761162d15818f9cc7a30a8a132c9e6a5fbd1753e10a5 800 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-server-linux-ppc64le.tar.gz) | 43cb867c6ddccaaaedc6254e7432301039521af8459531e1d6d398cd5672da153bc57a89832600b7a6d6e59be424ba37f4a316af869116b5ad14ac8b6104d27e 801 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-server-linux-s390x.tar.gz) | bfdd574d39acc9a1c465296a25b692cbc038c959b131688ac8a7355c4e9b3c687a654e6bfaa7e34330640e7cbba5dd7131e4592a20f9f62db368356bda49b234 802 803 ### Node Binaries 804 805 filename | sha512 hash 806 -------- | ----------- 807 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-node-linux-amd64.tar.gz) | f53d3d2f708fe6aa5fcc042469db85fa54655b324831c75b7edb6f692ec3c04691b95bd45338a8f481694d883e3aa3e9d22a70aabba4b5551fd13f1023fc0a47 808 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-node-linux-arm64.tar.gz) | b1734a6bdf7520d7c47230c75d29b29443c8140ce06b9d1f4c9ee06b84b8573df5617aa7e6eba893f5be64fc4bc64d15cb70a57d1a9c1657a9d87456a1ef8ef9 809 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-node-linux-ppc64le.tar.gz) | 7d458c310e3caed614762dabb495c90a65d9efd6924141becd361f820cccb4e1b33f314b4f3cfa0222c2e6a57e968ca63adf79d9aa6c9180b4a5d40b7ae4114e 810 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-node-linux-s390x.tar.gz) | 24524b5ed886fd818c8e389b3bdb6e4a3273ebb762e29961a5d3457aff8c22c702e1b58547e1864d4bd6e8339af68155a31f9da793c552f34c373ad3050a81ec 811 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.10/kubernetes-node-windows-amd64.tar.gz) | e82471d53325f6171003bfe2c641c4a8bfff8b4a5737de00b4ab6fb65099b157b97cd1408d46c99a5f151b548472af95bc3ec3e6955d4b78886aa2799b82e60a 812 813 ### Container Images 814 815 All container images are available as manifest lists and support the described 816 architectures. It is also possible to pull a specific architecture directly by 817 adding the "-$ARCH" suffix to the container image name. 818 819 name | architectures 820 ---- | ------------- 821 [registry.k8s.io/conformance:v1.27.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 822 [registry.k8s.io/kube-apiserver:v1.27.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 823 [registry.k8s.io/kube-controller-manager:v1.27.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 824 [registry.k8s.io/kube-proxy:v1.27.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 825 [registry.k8s.io/kube-scheduler:v1.27.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 826 827 ## Changelog since v1.27.9 828 829 ## Changes by Kind 830 831 ### Feature 832 833 - Kubernetes is now built with Go 1.20.13 ([#122713](https://github.com/kubernetes/kubernetes/pull/122713), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 834 835 ### Bug or Regression 836 837 - Allow deletion of pods that use raw block volumes on node reboot ([#122211](https://github.com/kubernetes/kubernetes/pull/122211), [@gnufied](https://github.com/gnufied)) [SIG Node and Storage] 838 - Etcd: Update to version 3.5.10 ([#121804](https://github.com/kubernetes/kubernetes/pull/121804), [@mzaian](https://github.com/mzaian)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle, Etcd and Testing] 839 - Fix: Mount point may become local without calling NodePublishVolume after node rebooting. ([#119923](https://github.com/kubernetes/kubernetes/pull/119923), [@cvvz](https://github.com/cvvz)) [SIG Node and Storage] 840 - Fix: statle smb mount issue when smb file share is deleted and then unmount ([#121851](https://github.com/kubernetes/kubernetes/pull/121851), [@andyzhangx](https://github.com/andyzhangx)) [SIG Storage] 841 - Fixed a regression since 1.24 in the scheduling framework when overriding MultiPoint plugins (e.g. default plugins). 842 The incorrect loop logic might lead to a plugin being loaded multiple times, consequently preventing any Pod from being scheduled, which is unexpected. ([#122370](https://github.com/kubernetes/kubernetes/pull/122370), [@caohe](https://github.com/caohe)) [SIG Scheduling] 843 844 ### Other (Cleanup or Flake) 845 846 - Reverts the EventedPLEG feature (beta, but disabled by default) back to alpha for a known issue ([#122720](https://github.com/kubernetes/kubernetes/pull/122720), [@pacoxu](https://github.com/pacoxu)) [SIG Node] 847 848 ## Dependencies 849 850 ### Added 851 _Nothing has changed._ 852 853 ### Changed 854 - golang.org/x/crypto: v0.14.0 → v0.16.0 855 - golang.org/x/mod: v0.12.0 → v0.14.0 856 - golang.org/x/net: v0.17.0 → v0.19.0 857 - golang.org/x/sync: v0.3.0 → v0.5.0 858 - golang.org/x/sys: v0.13.0 → v0.15.0 859 - golang.org/x/term: v0.13.0 → v0.15.0 860 - golang.org/x/text: v0.13.0 → v0.14.0 861 - golang.org/x/tools: v0.12.0 → v0.16.1 862 863 ### Removed 864 _Nothing has changed._ 865 866 867 868 # v1.27.9 869 870 871 ## Downloads for v1.27.9 872 873 874 875 ### Source Code 876 877 filename | sha512 hash 878 -------- | ----------- 879 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes.tar.gz) | c45eb288ebcb3e44abd6dea94b82ca691051950a38e7d419d0628af8afe9d03b06005d22ef2045d535788165ad75b1798fdf79920bc84a26ec1b232764ce3097 880 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-src.tar.gz) | 17b25d4e773d56356109ea964b9aa19c50a506f166133049b95f7c77a55479d76099ddfc66f5de9612b4a316bd02c544cfcbbb6ebec89e4f8727e8f60005a78d 881 882 ### Client Binaries 883 884 filename | sha512 hash 885 -------- | ----------- 886 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-client-darwin-amd64.tar.gz) | 9f0c69acc969fc169c344eb14b3909fc29609d4e7386bd77f9e660d0f0523b77feef12e575972c57b51eb0ea5bf29d4e91cb0191d05c6cdc9fb75dcc3b4fb9b2 887 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-client-darwin-arm64.tar.gz) | 84b9d7af34861e3dc09b7937ee40dc4c75c1e417314605706ff039d44afad973ecbf802354d7543bd6c926eafbdf09bf4ae9b9f69298374ff7d51c14e24e830e 888 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-client-linux-386.tar.gz) | 5920b386634463f9c66dd0c2e1c7a08b11f32cb40e6a937b9412db345fe106c9428d121e7400f16627a66e4301e16dd0147d5ff87a69ce5509c68d833530ad97 889 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-client-linux-amd64.tar.gz) | 3297ca12174a071158ebd4bcb8c2a3624e08d5a3bef5f5cd74acdb30c03183005592cf4190ed4f4ff95430e21b2520b95a4481db60982eb4e30934cc568023f0 890 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-client-linux-arm.tar.gz) | e864f921b04e27a7e8547c517a4a72b71ac32f5af60904a66f6dbec5145ec5baf05b934f0ed1e3622fdacb2436472bb65d0f1f6dc9de217bd7f5dae694510814 891 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-client-linux-arm64.tar.gz) | 9c0323c6f8400d2dd6a1512ac0d0f03f24d50aa1bf5d6da1ff8b012d5efc8ffbb23d7249edb451976d48610414bcabfdaa9494d73505e21dd9d5bd054dd9a31d 892 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-client-linux-ppc64le.tar.gz) | 7227dbc25ef30593781b99696b32db60dd9d961e6d0d5649db539fcdc573f700affe49411300572628e27d1dbb15089dc8f96a6f4a52239d75ccbcbbcd3dd016 893 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-client-linux-s390x.tar.gz) | 4d78042bba3156ab609e0abbe2eb64798955d35fe825683019448e6ea1822860349653431b8d28b731ffbd07ef315e2badd58e2362681c1b69b4db3071cf9d22 894 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-client-windows-386.tar.gz) | ac1484f912ef46897356aa23db889dd6e4da97fc7c3022e3587ddaa5fee96bd7cfe9f839f8762e94992eec71869161818457cef4614d860dfbdcb4a12571fc97 895 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-client-windows-amd64.tar.gz) | 973b0588f481dc4bcf8f6bd10834ed1eb668898729718611a6f0e2302f9aabd8f22712883a103031f85a9a6ce9f574b08c0c4457c53b38f836ccb83e707f5897 896 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-client-windows-arm64.tar.gz) | 013c2586baecd615b3108802ada0670ffdfcb62766afdefde65ccb5d84b7d2d10797335e2c78f0561c752aa0e88ab0adcf874c340b960039548b49f97120b973 897 898 ### Server Binaries 899 900 filename | sha512 hash 901 -------- | ----------- 902 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-server-linux-amd64.tar.gz) | cf4e15a89a6166162de4fb3ca6ed2d82a7f5756135efea8a57bfee8b49753424280d48d39cb49d5195d15efe08b0b0f0a5dad8ea60bf2b03b2ce044dcece98c6 903 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-server-linux-arm64.tar.gz) | 069b4c33c74766a6842aa3086c459cbc5958feaf238422778ad89d26bf6f82d0ffc02f0a40df1bc38f46aefa101190e8d6c2e2e341d1ffc60002aa51d9c1c19e 904 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-server-linux-ppc64le.tar.gz) | 067653d632d6204e605ed2c908d9ede87bd715dca45e4ee7cbef54563d23c9abc140481fca44ea337b58f60ca380b159970724e158bf1cd5a031a85c4610ace5 905 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-server-linux-s390x.tar.gz) | ad0aa5398f4832e06ead0e7e3c56821bf99a9e23c4390db98ff250791da961ff568c74a5b7358d3a14bd011fcd176995f5e403ab477c0d34184f38252aa8bce9 906 907 ### Node Binaries 908 909 filename | sha512 hash 910 -------- | ----------- 911 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-node-linux-amd64.tar.gz) | 4e3a347367a0e3acc9ba53dd2bb6460ca615a626ccd39f573155cf7256942731a66df74eccce571a55e19603b4626057fc5ca619a7b5c990ec422a0e16bc0823 912 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-node-linux-arm64.tar.gz) | dc61d17cd12ddf93d2a7db731ddbcd4c8d1fc809f6228b5c409723a0c4c343e0654b40cf3a4ff464f2f802822b806e4848c5203bda28832a4df2ec5e6e896ae9 913 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-node-linux-ppc64le.tar.gz) | b3f81b10e0ab7b7f779e5374611a2f8f0483a595a1d7daa2037c261da5c04ba6e19ccafab77c624a20f41654f3d2c047a0224c462dee2f35d90b67a132c72f63 914 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-node-linux-s390x.tar.gz) | 2bd20281feef3c2d0305302c2d18f334744fd2e9b90e479bbcd9b05ee55bebcac485ec755cea84dd433f3b93caf05c47d17dc0084680de7998c67d63cc745622 915 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.9/kubernetes-node-windows-amd64.tar.gz) | eda9bf9e5543be317d932ae859a509cb7ba34f047c59e7b3fa7017be3233b8f426b11bf33e4e97dbdf6e43d6939f196850476078f0096d395d9b6a9f659ac9c7 916 917 ### Container Images 918 919 All container images are available as manifest lists and support the described 920 architectures. It is also possible to pull a specific architecture directly by 921 adding the "-$ARCH" suffix to the container image name. 922 923 name | architectures 924 ---- | ------------- 925 [registry.k8s.io/conformance:v1.27.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 926 [registry.k8s.io/kube-apiserver:v1.27.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 927 [registry.k8s.io/kube-controller-manager:v1.27.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 928 [registry.k8s.io/kube-proxy:v1.27.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 929 [registry.k8s.io/kube-scheduler:v1.27.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 930 931 ## Changelog since v1.27.8 932 933 ## Changes by Kind 934 935 ### Feature 936 937 - Kubernetes is now built with Go 1.20.12 ([#122217](https://github.com/kubernetes/kubernetes/pull/122217), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing] 938 939 ### Bug or Regression 940 941 - Fixed a regression since 1.27.0 in scheduler framework when running score plugins. 942 The `skippedScorePlugins` number might be greater than `enabledScorePlugins`, 943 so when initializing a slice the cap(len(skippedScorePlugins) - len(enabledScorePlugins)) is negative, 944 which is not allowed. ([#121666](https://github.com/kubernetes/kubernetes/pull/121666), [@kerthcet](https://github.com/kerthcet)) [SIG Scheduling] 945 - Fixes a kube-apiserver log volume regression bug in default 1.27 configurations (introduced in 1.26, activated by the AggregatedDiscoveryEndpoint feature enablement in 1.27) ([#122074](https://github.com/kubernetes/kubernetes/pull/122074), [@ritazh](https://github.com/ritazh)) [SIG API Machinery] 946 - Fixes an issue where StatefulSet might not restart a pod after eviction or node failure. ([#121389](https://github.com/kubernetes/kubernetes/pull/121389), [@aleksandra-malinowska](https://github.com/aleksandra-malinowska)) [SIG Apps and Testing] 947 - The scheduling queue didn't notice any extenders' failures, it could miss some cluster events, 948 and it could end up Pods rejected by Extenders stuck in unschedulable pod pool in 5min in the worst-case scenario. 949 Now, the scheduling queue notices extenders' failures and requeue Pods rejected by Extenders appropriately. ([#122044](https://github.com/kubernetes/kubernetes/pull/122044), [@sanposhiho](https://github.com/sanposhiho)) [SIG Scheduling] 950 951 ### Other (Cleanup or Flake) 952 953 - Bump distroless-iptables to 0.2.8 based on Go 1.20.11 ([#121975](https://github.com/kubernetes/kubernetes/pull/121975), [@cpanato](https://github.com/cpanato)) [SIG Testing] 954 - Makefile and scripts now respect GOTOOLCHAIN and otherwise ensure ./.go-version is used ([#122076](https://github.com/kubernetes/kubernetes/pull/122076), [@BenTheElder](https://github.com/BenTheElder)) [SIG Release and Testing] 955 956 ## Dependencies 957 958 ### Added 959 _Nothing has changed._ 960 961 ### Changed 962 - github.com/cyphar/filepath-securejoin: [v0.2.3 → v0.2.4](https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4) 963 - github.com/rogpeppe/go-internal: [v1.11.0 → v1.12.0](https://github.com/rogpeppe/go-internal/compare/v1.11.0...v1.12.0) 964 965 ### Removed 966 _Nothing has changed._ 967 968 969 970 # v1.27.8 971 972 973 ## Downloads for v1.27.8 974 975 976 977 ### Source Code 978 979 filename | sha512 hash 980 -------- | ----------- 981 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes.tar.gz) | f3d0a8d8b2c84d3d03ac49bc819cb4cc7e175feb9445c159e8271e045af64bb7fbf7023e1b11ca3bcbe502ec6e7d15d9ee84c165ad8d13716f58e5db1d345b21 982 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-src.tar.gz) | 119afe357398239dd00ac065a57327be75bd4f562a94ad800e472bd2068c58dadbd50970b6876e7cccaa66b4f34ccb2023c14173dbab0f44cfa41dfa6adafa37 983 984 ### Client Binaries 985 986 filename | sha512 hash 987 -------- | ----------- 988 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-client-darwin-amd64.tar.gz) | 54d48ff1afc5b33c0ec026f882f111098f096ffa9afb35e3b757bf9c106b82e4ecc35ad57448276d4419d069ad1d3cdaacc1d62a98c3c16de590840d9911557b 989 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-client-darwin-arm64.tar.gz) | 13d19a302ca82a80477c1a20ded6835221cff8302ec5c7203ea687f8cf683acbb347dbe7aeae5095461f5ed1f6431887825895aa8f91bb71bda0a4b0d1b55bc8 990 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-client-linux-386.tar.gz) | 9f79954501acc553cff3cffca7f5a77e51ab7171b013cb76a801b56343459df3adb202b7e21421dafd09fb87aae43a480514103da9a8000bf9f8b7e1f79c4571 991 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-client-linux-amd64.tar.gz) | d52faf06b8b5499564ddb06836f76e3a330f8f21e0fe7ffee8e6f36a95c40bbed7ef8db8aefd48f867b4d63fe02f1f562a146b71f669e960f1c6ed18820f36dd 992 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-client-linux-arm.tar.gz) | be14007563bf5d09556bb81608de1d63f1ec1ece3f8774e81bda1e05ecf6ef387a733483f96822c924611220b1edea926ade163cbfb5d610b6404cfb62e4890e 993 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-client-linux-arm64.tar.gz) | e0d3f3b9d6f003f5e51d9c995b6b73a4f1e0b8247b387923aca2a8bce2ffa79120e956d5041a9a7431c7b8f8fdc455d55b2d3270f7ca71228ef52bf06e887b6f 994 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-client-linux-ppc64le.tar.gz) | a53e0fb2395834dc40cf5647ec754d109e17e2dfc90c83b73867b770e01d7fa78c505602354a707df2212255e73a038af4452f233b50532cff6fbb089fa69176 995 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-client-linux-s390x.tar.gz) | ce097bc724f5ab8558174a8acbac92cbdb41a92a4297cddc69c875055f7c8dbbf12a8e7918adf1365524b57950f886ea6d81278f242c862870b51a802925085d 996 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-client-windows-386.tar.gz) | febefb0c8dbe92bae9280c027387942d131b2ec89853fa675645f9f881dee4a773a2fba42fd39e845fc05496539a02faf47eb2d90db93e4d9d25866fdeb1cc7c 997 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-client-windows-amd64.tar.gz) | 1ff515f3d7e68c7c87636c282ee61c02951e5f633840cddfcd01de4af34d75baa10d417f7f24bac141601aff893773e5e995d0bea2914431f38ff9daa7ea576f 998 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-client-windows-arm64.tar.gz) | 5a93472bdbb42d51c7d044890b2f97427feb44427cbfb05fcb5dc689be37723b19fbb85f1262ac69f396357c0db06bd9d8a65919c518f9daa4d2ed5d8033d598 999 1000 ### Server Binaries 1001 1002 filename | sha512 hash 1003 -------- | ----------- 1004 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-server-linux-amd64.tar.gz) | 663358df01ee06bd9a261aa22237d0b91dcccc9cacdf39fa65409d54e16efe91dbe3d246cc30011c123f2d4803583ea88eed8bd537e82ca894f11cb31559538f 1005 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-server-linux-arm64.tar.gz) | 080acd75eff58f72dee89f49c34cf772f11214f4eb9857287f604d9b20e2d4d7e954039010cb6a510ea5f3c360ab71cad853bf4cdbdbd821c0bfe82e5bcb5df8 1006 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-server-linux-ppc64le.tar.gz) | fb04b0f5d06156aed6c0d76ad4d9844d8274f295daa85920fb3befa9a7d57e2b4d9ff78b1cfdccedfe48e11ef5b4d24b703656b71bd497be1b078551b13921ed 1007 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-server-linux-s390x.tar.gz) | 3929f0f31861ce6db6a2b00a6e798c8015a7da33a7f4b4e0e8caa732766201baa8d8e4e60bf12d51302d8896a19ed82266b0199ef1305d3d0861ca7cb1838476 1008 1009 ### Node Binaries 1010 1011 filename | sha512 hash 1012 -------- | ----------- 1013 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-node-linux-amd64.tar.gz) | b07e49275501535f21c69794e938741408a891fb5f1305f430c9d2fa679fe63263edf238afccc9e41b76dae7340244a1798583de6a0504a513b6986e376f24f7 1014 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-node-linux-arm64.tar.gz) | f7b6e63945edeaa582c47f8407900a10fbe0739a16d974f413a57e0723639989af092f7a92571acc69d2c97666b79ad00175cef581bbc01966647353c676c5e9 1015 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-node-linux-ppc64le.tar.gz) | 3b5ad668e8fa85fdde6d0225f2ededd7ddd1f59aa1e14cb50a06171585d373e077e050ebfe879ea7603223e26c69555f40ea15c4f89637bd00bbc124681f2ea3 1016 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-node-linux-s390x.tar.gz) | 64145434328efd21189bf21c9a36bc709cb6e0166a0351a157392129ce22ac040adbaf51c265b3fb8c8ff8329c7cc7ce8d1af08a0b5500a595fe816435ebe22b 1017 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.8/kubernetes-node-windows-amd64.tar.gz) | 914e840bd1375e42258121c6ea5fb1394b5cc8321e5fe4520c2ebb5b979fea881a2af262599742f751673bb1d557e6fab08281e5c9da4687614bf4dc0f3d6064 1018 1019 ### Container Images 1020 1021 All container images are available as manifest lists and support the described 1022 architectures. It is also possible to pull a specific architecture directly by 1023 adding the "-$ARCH" suffix to the container image name. 1024 1025 name | architectures 1026 ---- | ------------- 1027 [registry.k8s.io/conformance:v1.27.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1028 [registry.k8s.io/kube-apiserver:v1.27.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1029 [registry.k8s.io/kube-controller-manager:v1.27.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1030 [registry.k8s.io/kube-proxy:v1.27.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1031 [registry.k8s.io/kube-scheduler:v1.27.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1032 1033 ## Changelog since v1.27.7 1034 1035 ## Important Security Information 1036 1037 This release contains changes that address the following vulnerabilities: 1038 1039 ### CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes 1040 1041 A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. 1042 1043 **Affected Versions**: 1044 - kubelet >= v1.8.0 1045 1046 **Fixed Versions**: 1047 - kubelet v1.28.4 1048 - kubelet v1.27.8 1049 - kubelet v1.26.11 1050 - kubelet v1.25.16 1051 1052 This vulnerability was reported by Tomer Peled @tomerpeled92" 1053 1054 1055 **CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) 1056 1057 ## Changes by Kind 1058 1059 ### API Change 1060 1061 - Retry NodeStageVolume calls if CSI node driver is not running ([#120330](https://github.com/kubernetes/kubernetes/pull/120330), [@rohitssingh](https://github.com/rohitssingh)) [SIG Apps, Storage and Testing] 1062 1063 ### Feature 1064 1065 - Kubernetes is now built with Go 1.20.11 ([#121811](https://github.com/kubernetes/kubernetes/pull/121811), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 1066 1067 ### Bug or Regression 1068 1069 - Fix 121094 by re-introducing the readiness predicate for externalTrafficPolicy: Local services. ([#121116](https://github.com/kubernetes/kubernetes/pull/121116), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG Cloud Provider and Network] 1070 - Fixed a regression in default configurations, which enabled PodDisruptionConditions by default, 1071 that prevented the control plane's pod garbage collector from deleting pods that contained duplicated field keys (env. variables with repeated keys or container ports). ([#121380](https://github.com/kubernetes/kubernetes/pull/121380), [@mimowo](https://github.com/mimowo)) [SIG Apps, Auth, Scheduling and Testing] 1072 - Fixed the issue where pod with ordinal number lower than the rolling partitioning number was being deleted it was coming up with updated image. ([#120731](https://github.com/kubernetes/kubernetes/pull/120731), [@adilGhaffarDev](https://github.com/adilGhaffarDev)) [SIG Apps and Testing] 1073 - Fixes calculating the requeue time in the cronjob controller, which results in properly handling failed/stuck jobs ([#121327](https://github.com/kubernetes/kubernetes/pull/121327), [@soltysh](https://github.com/soltysh)) [SIG Apps] 1074 - Service Controller: update load balancer hosts after node's ProviderID is updated ([#121138](https://github.com/kubernetes/kubernetes/pull/121138), [@code-elinka](https://github.com/code-elinka)) [SIG Cloud Provider, Network, Release and Testing] 1075 1076 ## Dependencies 1077 1078 ### Added 1079 - cloud.google.com/go/accessapproval: v1.6.0 1080 - cloud.google.com/go/accesscontextmanager: v1.7.0 1081 - cloud.google.com/go/aiplatform: v1.37.0 1082 - cloud.google.com/go/analytics: v0.19.0 1083 - cloud.google.com/go/apigateway: v1.5.0 1084 - cloud.google.com/go/apigeeconnect: v1.5.0 1085 - cloud.google.com/go/apigeeregistry: v0.6.0 1086 - cloud.google.com/go/appengine: v1.7.1 1087 - cloud.google.com/go/area120: v0.7.1 1088 - cloud.google.com/go/artifactregistry: v1.13.0 1089 - cloud.google.com/go/asset: v1.13.0 1090 - cloud.google.com/go/assuredworkloads: v1.10.0 1091 - cloud.google.com/go/automl: v1.12.0 1092 - cloud.google.com/go/baremetalsolution: v0.5.0 1093 - cloud.google.com/go/batch: v0.7.0 1094 - cloud.google.com/go/beyondcorp: v0.5.0 1095 - cloud.google.com/go/billing: v1.13.0 1096 - cloud.google.com/go/binaryauthorization: v1.5.0 1097 - cloud.google.com/go/certificatemanager: v1.6.0 1098 - cloud.google.com/go/channel: v1.12.0 1099 - cloud.google.com/go/cloudbuild: v1.9.0 1100 - cloud.google.com/go/clouddms: v1.5.0 1101 - cloud.google.com/go/cloudtasks: v1.10.0 1102 - cloud.google.com/go/compute/metadata: v0.2.3 1103 - cloud.google.com/go/compute: v1.19.1 1104 - cloud.google.com/go/contactcenterinsights: v1.6.0 1105 - cloud.google.com/go/container: v1.15.0 1106 - cloud.google.com/go/containeranalysis: v0.9.0 1107 - cloud.google.com/go/datacatalog: v1.13.0 1108 - cloud.google.com/go/dataflow: v0.8.0 1109 - cloud.google.com/go/dataform: v0.7.0 1110 - cloud.google.com/go/datafusion: v1.6.0 1111 - cloud.google.com/go/datalabeling: v0.7.0 1112 - cloud.google.com/go/dataplex: v1.6.0 1113 - cloud.google.com/go/dataproc: v1.12.0 1114 - cloud.google.com/go/dataqna: v0.7.0 1115 - cloud.google.com/go/datastream: v1.7.0 1116 - cloud.google.com/go/deploy: v1.8.0 1117 - cloud.google.com/go/dialogflow: v1.32.0 1118 - cloud.google.com/go/dlp: v1.9.0 1119 - cloud.google.com/go/documentai: v1.18.0 1120 - cloud.google.com/go/domains: v0.8.0 1121 - cloud.google.com/go/edgecontainer: v1.0.0 1122 - cloud.google.com/go/errorreporting: v0.3.0 1123 - cloud.google.com/go/essentialcontacts: v1.5.0 1124 - cloud.google.com/go/eventarc: v1.11.0 1125 - cloud.google.com/go/filestore: v1.6.0 1126 - cloud.google.com/go/functions: v1.13.0 1127 - cloud.google.com/go/gaming: v1.9.0 1128 - cloud.google.com/go/gkebackup: v0.4.0 1129 - cloud.google.com/go/gkeconnect: v0.7.0 1130 - cloud.google.com/go/gkehub: v0.12.0 1131 - cloud.google.com/go/gkemulticloud: v0.5.0 1132 - cloud.google.com/go/gsuiteaddons: v1.5.0 1133 - cloud.google.com/go/iam: v0.13.0 1134 - cloud.google.com/go/iap: v1.7.1 1135 - cloud.google.com/go/ids: v1.3.0 1136 - cloud.google.com/go/iot: v1.6.0 1137 - cloud.google.com/go/kms: v1.10.1 1138 - cloud.google.com/go/language: v1.9.0 1139 - cloud.google.com/go/lifesciences: v0.8.0 1140 - cloud.google.com/go/logging: v1.7.0 1141 - cloud.google.com/go/longrunning: v0.4.1 1142 - cloud.google.com/go/managedidentities: v1.5.0 1143 - cloud.google.com/go/maps: v0.7.0 1144 - cloud.google.com/go/mediatranslation: v0.7.0 1145 - cloud.google.com/go/memcache: v1.9.0 1146 - cloud.google.com/go/metastore: v1.10.0 1147 - cloud.google.com/go/monitoring: v1.13.0 1148 - cloud.google.com/go/networkconnectivity: v1.11.0 1149 - cloud.google.com/go/networkmanagement: v1.6.0 1150 - cloud.google.com/go/networksecurity: v0.8.0 1151 - cloud.google.com/go/notebooks: v1.8.0 1152 - cloud.google.com/go/optimization: v1.3.1 1153 - cloud.google.com/go/orchestration: v1.6.0 1154 - cloud.google.com/go/orgpolicy: v1.10.0 1155 - cloud.google.com/go/osconfig: v1.11.0 1156 - cloud.google.com/go/oslogin: v1.9.0 1157 - cloud.google.com/go/phishingprotection: v0.7.0 1158 - cloud.google.com/go/policytroubleshooter: v1.6.0 1159 - cloud.google.com/go/privatecatalog: v0.8.0 1160 - cloud.google.com/go/pubsublite: v1.7.0 1161 - cloud.google.com/go/recaptchaenterprise/v2: v2.7.0 1162 - cloud.google.com/go/recommendationengine: v0.7.0 1163 - cloud.google.com/go/recommender: v1.9.0 1164 - cloud.google.com/go/redis: v1.11.0 1165 - cloud.google.com/go/resourcemanager: v1.7.0 1166 - cloud.google.com/go/resourcesettings: v1.5.0 1167 - cloud.google.com/go/retail: v1.12.0 1168 - cloud.google.com/go/run: v0.9.0 1169 - cloud.google.com/go/scheduler: v1.9.0 1170 - cloud.google.com/go/secretmanager: v1.10.0 1171 - cloud.google.com/go/security: v1.13.0 1172 - cloud.google.com/go/securitycenter: v1.19.0 1173 - cloud.google.com/go/servicedirectory: v1.9.0 1174 - cloud.google.com/go/shell: v1.6.0 1175 - cloud.google.com/go/spanner: v1.45.0 1176 - cloud.google.com/go/speech: v1.15.0 1177 - cloud.google.com/go/storagetransfer: v1.8.0 1178 - cloud.google.com/go/talent: v1.5.0 1179 - cloud.google.com/go/texttospeech: v1.6.0 1180 - cloud.google.com/go/tpu: v1.5.0 1181 - cloud.google.com/go/trace: v1.9.0 1182 - cloud.google.com/go/translate: v1.7.0 1183 - cloud.google.com/go/video: v1.15.0 1184 - cloud.google.com/go/videointelligence: v1.10.0 1185 - cloud.google.com/go/vision/v2: v2.7.0 1186 - cloud.google.com/go/vmmigration: v1.6.0 1187 - cloud.google.com/go/vmwareengine: v0.3.0 1188 - cloud.google.com/go/vpcaccess: v1.6.0 1189 - cloud.google.com/go/webrisk: v1.8.0 1190 - cloud.google.com/go/websecurityscanner: v1.5.0 1191 - cloud.google.com/go/workflows: v1.10.0 1192 - github.com/googleapis/enterprise-certificate-proxy: [v0.2.3](https://github.com/googleapis/enterprise-certificate-proxy/tree/v0.2.3) 1193 - google.golang.org/genproto/googleapis/api: 1aefcd6 1194 - google.golang.org/genproto/googleapis/rpc: 28d5490 1195 1196 ### Changed 1197 - cloud.google.com/go/bigquery: v1.8.0 → v1.50.0 1198 - cloud.google.com/go/datastore: v1.1.0 → v1.11.0 1199 - cloud.google.com/go/firestore: v1.1.0 → v1.9.0 1200 - cloud.google.com/go/pubsub: v1.3.1 → v1.30.0 1201 - cloud.google.com/go: v0.97.0 → v0.110.0 1202 - github.com/census-instrumentation/opencensus-proto: [v0.2.1 → v0.4.1](https://github.com/census-instrumentation/opencensus-proto/compare/v0.2.1...v0.4.1) 1203 - github.com/cespare/xxhash/v2: [v2.1.2 → v2.2.0](https://github.com/cespare/xxhash/v2/compare/v2.1.2...v2.2.0) 1204 - github.com/cncf/udpa/go: [04548b0 → c52dc94](https://github.com/cncf/udpa/go/compare/04548b0...c52dc94) 1205 - github.com/cncf/xds/go: [cb28da3 → e9ce688](https://github.com/cncf/xds/go/compare/cb28da3...e9ce688) 1206 - github.com/envoyproxy/go-control-plane: [49ff273 → 9239064](https://github.com/envoyproxy/go-control-plane/compare/49ff273...9239064) 1207 - github.com/envoyproxy/protoc-gen-validate: [v0.1.0 → v0.10.1](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.1.0...v0.10.1) 1208 - github.com/golang/glog: [v1.0.0 → v1.1.0](https://github.com/golang/glog/compare/v1.0.0...v1.1.0) 1209 - github.com/googleapis/gax-go/v2: [v2.1.1 → v2.7.1](https://github.com/googleapis/gax-go/v2/compare/v2.1.1...v2.7.1) 1210 - go.opencensus.io: v0.23.0 → v0.24.0 1211 - golang.org/x/mod: v0.9.0 → v0.12.0 1212 - golang.org/x/oauth2: ee48083 → v0.7.0 1213 - golang.org/x/sync: v0.1.0 → v0.3.0 1214 - golang.org/x/time: 90d013b → v0.3.0 1215 - golang.org/x/tools: v0.7.0 → v0.12.0 1216 - google.golang.org/api: v0.60.0 → v0.114.0 1217 - google.golang.org/genproto: c8bf987 → 438c736 1218 - google.golang.org/grpc: v1.51.0 → v1.56.3 1219 - google.golang.org/protobuf: v1.28.1 → v1.31.0 1220 - gopkg.in/gcfg.v1: v1.2.0 → v1.2.3 1221 1222 ### Removed 1223 _Nothing has changed._ 1224 1225 1226 1227 # v1.27.7 1228 1229 1230 ## Downloads for v1.27.7 1231 1232 1233 1234 ### Source Code 1235 1236 filename | sha512 hash 1237 -------- | ----------- 1238 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes.tar.gz) | b12f023254d40f791355aeec2eb84d521035648cf3e19994eacdc6c7516373f11dad942ae97d4bc8a7f255654aa7c742c1c10f18b4f4830b64e78a0b7bb35083 1239 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-src.tar.gz) | 137db7a6ddb85c7eb0676cc3cb2bfadd726073a34b1edae4e2c3cc15165a43c0f16d163930015de8a5e357e8ff099c0f8d03f036aa245704b10348c7c91483b1 1240 1241 ### Client Binaries 1242 1243 filename | sha512 hash 1244 -------- | ----------- 1245 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-client-darwin-amd64.tar.gz) | a2ce6205bb613454167b1e6f5c6be34516e9624f1cc0eec2b6b2aa0e0b3bfc7d266379f035a7eea08625bf97413ff4cf23c9dc65669529026ad8589a0e4f9a70 1246 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-client-darwin-arm64.tar.gz) | 28b6df012e1af6a062f5815a0e8c8bd440c824e520c6954a55ea9fba917c328f23069c124bab7f5bfc4b37e3a20542b33cf41d07d715f7a54bd78bcdcabca70a 1247 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-client-linux-386.tar.gz) | 7fcaa119db37f5a5212fd3a5fd08db37b1ce701d67922d1f65cc757edc02f282566ae4d001e11f7b7dab3e24b27f3745189dd7fc63c90e97e9ce6a070ba8b094 1248 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-client-linux-amd64.tar.gz) | 87b7ac839cac8d96efa1c6170cf32ed2bbe14e7194971df4b4736699152e294a0aa0018f3d8ae1dcf9905c3c784a7a15c297382450c0431a0daf98f300d3ef16 1249 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-client-linux-arm.tar.gz) | 1bc0420005fa0e564568aa4bcf5a61e96d4c2c42afee4d34df940c4b89f0639e90771deda40a1b30f536ce8f1bd4d04cf228af98edf48ba0fa6685babe11311a 1250 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-client-linux-arm64.tar.gz) | d4e96a6be6e15530e866399a5760f9410fe319217f7d91026d93a27e1a2ce9398380adc62f463a347f383ced253e359fba2fb291bd8a644f067ffc4ce8457d6c 1251 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-client-linux-ppc64le.tar.gz) | abcc2c651514f0b2a4cf28934078ea701d3591d318e5eac080e7958f70fa94cb4b83ca9ee0f0130749c29a20c3bf8bea545c7641cfff0b78dc78571cb8e14f22 1252 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-client-linux-s390x.tar.gz) | 0fb9a5bd534a29b84be6f1a5aae59e2a05531b1ff40019896e4bbbd3bd948a96313f65140764a656e0305e6f48cdb113e6fcf1c8195d4fadfa8bf62dea18db5b 1253 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-client-windows-386.tar.gz) | 36a78882ec5960a561f928e2bb4ffb1c5dc7e884ee6471441d5de6d8fe0fec6cfd5a1bcc48dd933e490b07d7f837de93eecfb9ae353dcefc5dc4f699f02b5757 1254 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-client-windows-amd64.tar.gz) | a662732fa75fb2fc9ca733239eb2e5b82e3cba0311e7ed0d89b045a8a099697889f5febff50384d845600f4142936160106f60ff233961a5e143c363a839ee45 1255 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-client-windows-arm64.tar.gz) | 993f365214cd7a66284f4e6612681c2d6bf4844717c4d990ab1baf21a8d03eb94d7ab591c1eb584389fd6985867e14ed61400b74a02935da6b8b0ec34284e8e4 1256 1257 ### Server Binaries 1258 1259 filename | sha512 hash 1260 -------- | ----------- 1261 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-server-linux-amd64.tar.gz) | 8dc92641fe27bf7dcb2688a5c48cc0ff1b91b913d1f2eeac35b5bcbabc8413f768c23955141bdf707040b5ad0de55bbb7e407b4eed3d9d26c1e1c9e3acdb409b 1262 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-server-linux-arm64.tar.gz) | a554b9319897c4cc65d8e4ca32b83103a71cf4512fb187a7f2b85898e4d10618c17b26ff0aadd8e265be009b215f100de4ab0b14a77b3b309b0786f03d479eb5 1263 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-server-linux-ppc64le.tar.gz) | 001fc616801c239bddc02789ec9b9cd765a635d3f2d6cd04086b42eb81200bc9d0904e0a9e5b72756c420e36ce244169532c01cefd60f423eaaa85e236f06a49 1264 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-server-linux-s390x.tar.gz) | a44f54c8fedea4e52e205831594f72f63d5c61cde0b9fa0ad6939eddf83664385edf767591187e166178a9af6b40da40607f26e098cb24bc2e5a88f7105318d3 1265 1266 ### Node Binaries 1267 1268 filename | sha512 hash 1269 -------- | ----------- 1270 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-node-linux-amd64.tar.gz) | ee31a3ad00412e122aacb82070a3257d558cd52e270312af538d9e7d22ad1638b71d9e02dddebf0b853c911284e172d7a16c0927c0e2012f761219850c0950aa 1271 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-node-linux-arm64.tar.gz) | 95567ed1c5b892ee47f147d6ca8faef5e7915dfe34dc17141fa01326b4d0db0a8ff2e6589f681f9df5145b91878054c2b1e5030012d43500e4d525d28d3cb97b 1272 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-node-linux-ppc64le.tar.gz) | 37cef5fb54c7a2ba8f542356ada66183bf281df41c989616694c87d06156aff241c03b7005c288dafad1889a5f989bd583bdf18039df9e31a874a71d4e5d9316 1273 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-node-linux-s390x.tar.gz) | 414a71046b78be9937225396bccd747d17aba14890b77da672272129dd6b7675ae3522237388436ae79026c1837741af45e3c239c50149a4f5c16bd01066e1a9 1274 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.7/kubernetes-node-windows-amd64.tar.gz) | df34997bfe6e5f2526adc73680988cf6e8670efd15efb5c60cca0c3dc8e384eb0bbf85c0a5ffa8edb93f6d129dd58531ab00830e511603e4ded87c18fb8a60d3 1275 1276 ### Container Images 1277 1278 All container images are available as manifest lists and support the described 1279 architectures. It is also possible to pull a specific architecture directly by 1280 adding the "-$ARCH" suffix to the container image name. 1281 1282 name | architectures 1283 ---- | ------------- 1284 [registry.k8s.io/conformance:v1.27.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1285 [registry.k8s.io/kube-apiserver:v1.27.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1286 [registry.k8s.io/kube-controller-manager:v1.27.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1287 [registry.k8s.io/kube-proxy:v1.27.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1288 [registry.k8s.io/kube-scheduler:v1.27.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1289 1290 ## Changelog since v1.27.6 1291 1292 ## Changes by Kind 1293 1294 ### Feature 1295 1296 - Kubernetes is now built with Go 1.20.10 ([#121152](https://github.com/kubernetes/kubernetes/pull/121152), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 1297 1298 ### Failing Test 1299 1300 - E2e framework: retrying after intermittent apiserver failures was fixed in WaitForPodsResponding ([#120559](https://github.com/kubernetes/kubernetes/pull/120559), [@pohly](https://github.com/pohly)) [SIG Testing] 1301 1302 ### Bug or Regression 1303 1304 - Adds an opt-in mitigation for http/2 DOS vulnerabilities for CVE-2023-44487 and CVE-2023-39325 for the API server when the client is unauthenticated. The mitigation may be enabled by setting the `UnauthenticatedHTTP2DOSMitigation` feature gate to `true` (it is disabled by default). An API server fronted by an L7 load balancer that already mitigates these http/2 attacks may choose not to enable the kube-apiserver mitigation to avoid disrupting load balancer → kube-apiserver connections if http/2 requests from multiple clients share the same backend connection. An API server on a private network may choose not to enable the kube-apiserver mitigation to prevent performance regressions for unauthenticated clients. Authenticated requests rely on the fix in golang.org/x/net v0.17.0 alone. https://issue.k8s.io/121197 tracks further mitigation of http/2 attacks by authenticated clients. ([#121199](https://github.com/kubernetes/kubernetes/pull/121199), [@enj](https://github.com/enj)) [SIG API Machinery] 1305 - Fix a bug in cronjob controller where already created jobs may be missing from the status. ([#120649](https://github.com/kubernetes/kubernetes/pull/120649), [@andrewsykim](https://github.com/andrewsykim)) [SIG Apps] 1306 - Fixed a 1.27.4 regression where kube-controller-manager can crash when StatefulSet with Parallel policy and PVC labels is scaled up. ([#121185](https://github.com/kubernetes/kubernetes/pull/121185), [@aleksandra-malinowska](https://github.com/aleksandra-malinowska)) [SIG Apps] 1307 - Fixed an issue to not drain all the pods in a namespace when an empty-selector i.e. "{}" is specified in a Pod Disruption Budget (PDB) ([#121132](https://github.com/kubernetes/kubernetes/pull/121132), [@sairameshv](https://github.com/sairameshv)) [SIG Apps] 1308 - Fixed attaching volumes after detach errors. Now volumes that failed to detach are not treated as attached, Kubernetes will make sure they are fully attached before they can be used by pods. ([#120595](https://github.com/kubernetes/kubernetes/pull/120595), [@jsafrane](https://github.com/jsafrane)) [SIG Apps and Storage] 1309 - Fixes a bug where Services using finalizers may hold onto ClusterIP and/or NodePort allocated resources for longer than expected if the finalizer is removed using the status subresource ([#120655](https://github.com/kubernetes/kubernetes/pull/120655), [@aojea](https://github.com/aojea)) [SIG Network and Testing] 1310 - Fixes bug where OpenAPIV2 config was used instead of V3, and gives clear error message about OpenAPIV3 requirement ([#120612](https://github.com/kubernetes/kubernetes/pull/120612), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery] 1311 - Fixes creationTimestamp: null causing unnecessary writes to etcd ([#116865](https://github.com/kubernetes/kubernetes/pull/116865), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery and Testing] 1312 - Revised the logic for DaemonSet rolling update to exclude nodes if scheduling constraints are not met. 1313 This eliminates the problem of rolling updates to a DaemonSet getting stuck around tolerations. ([#120786](https://github.com/kubernetes/kubernetes/pull/120786), [@mochizuki875](https://github.com/mochizuki875)) [SIG Apps and Testing] 1314 - Sometimes, the scheduler incorrectly placed a pod in the "unschedulable" queue instead of the "backoff" queue. This happened when some plugin previously declared the pod as "unschedulable" and then in a later attempt encounters some other error. Scheduling of that pod then got delayed by up to five minutes, after which periodic flushing moved the pod back into the "active" queue. ([#120334](https://github.com/kubernetes/kubernetes/pull/120334), [@pohly](https://github.com/pohly)) [SIG Scheduling] 1315 1316 ### Other (Cleanup or Flake) 1317 1318 - Etcd: update to v3.5.9 ([#118079](https://github.com/kubernetes/kubernetes/pull/118079), [@nikhita](https://github.com/nikhita)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing] 1319 - Fixes an issue where the vsphere cloud provider will not trust a certificate if: 1320 - The issuer of the certificate is unknown (x509.UnknownAuthorityError) 1321 - The requested name does not match the set of authorized names (x509.HostnameError) 1322 - The error surfaced after attempting a connection contains one of the substrings: "certificate is not trusted" or "certificate signed by unknown authority" ([#120767](https://github.com/kubernetes/kubernetes/pull/120767), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) [SIG Architecture and Cloud Provider] 1323 - Kubernetes is now built with Go 1.20.9 ([#121024](https://github.com/kubernetes/kubernetes/pull/121024), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 1324 - Set the resolution for the job_controller_job_sync_duration_seconds metric from 4ms to 1min ([#120668](https://github.com/kubernetes/kubernetes/pull/120668), [@mimowo](https://github.com/mimowo)) [SIG Apps and Instrumentation] 1325 1326 ## Dependencies 1327 1328 ### Added 1329 _Nothing has changed._ 1330 1331 ### Changed 1332 - github.com/vmware/govmomi: [v0.30.0 → v0.30.6](https://github.com/vmware/govmomi/compare/v0.30.0...v0.30.6) 1333 - golang.org/x/crypto: v0.1.0 → v0.14.0 1334 - golang.org/x/net: v0.8.0 → v0.17.0 1335 - golang.org/x/sys: v0.6.0 → v0.13.0 1336 - golang.org/x/term: v0.6.0 → v0.13.0 1337 - golang.org/x/text: v0.8.0 → v0.13.0 1338 1339 ### Removed 1340 _Nothing has changed._ 1341 1342 1343 1344 # v1.27.6 1345 1346 1347 ## Downloads for v1.27.6 1348 1349 1350 1351 ### Source Code 1352 1353 filename | sha512 hash 1354 -------- | ----------- 1355 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes.tar.gz) | cbd2427412bbd229439afcf7d7b1712536515f93657c9971b66a430d9858a54383db33046eade4ce2891f26f264cccee5ad34ca6e03e874af8557c840b7c627d 1356 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-src.tar.gz) | 006c3d901f3bf417ef5472708aaa47fc857bef6c7e4fe9e89693ec5b9040f06c5b44be3b74130b12a5bd17650855cb101263033100e0d46275eafd489924987b 1357 1358 ### Client Binaries 1359 1360 filename | sha512 hash 1361 -------- | ----------- 1362 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-client-darwin-amd64.tar.gz) | b47b6213859d1397b55a0000d1c8daa1f630dd8a5ca553fcb541f4645fb01409f2ae2dd85a8c5274f5ec99cd5082de366e036cae72f8716861f83f8e38652fd2 1363 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-client-darwin-arm64.tar.gz) | 4e1c6db712de967f6d9dc1c21b2fedf99aae3671242a8559c2bad43dc45e22e399e51bf606d2f6b4a943098fb61cf588324b6c9ba5615d18733d319183ed2c10 1364 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-client-linux-386.tar.gz) | 992074087f3df0681ead508b8f35b173caac235813fe6db778b2e1367ae64cca9ff6a0d47bfae0c90612ac83361385ba82a45d01fc7b86f94752e7df32d006f7 1365 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-client-linux-amd64.tar.gz) | 01e57c5d2c92094df17ce079a8944df73a2834362f3e9b051b1e3923b51b9f02bba7f4aab8ffd3183a0f99cfc102bc61e3dde77142e36f428612cced55d33892 1366 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-client-linux-arm.tar.gz) | 08a51b07f14aaf4f7e9c6a3fa287c70b34195fcf7ca38968ef97cf6f70e9ab7ea17c5724fb94734a8a11ef8254122d8d246a8b777f95c1c753d430d4b64bb0ea 1367 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-client-linux-arm64.tar.gz) | fb0cbe29113ba495c45843bb98e644570bf6284c2b689327d1a07aa5cd8d336f997a3f80ce0fd6df16c3a706b511922b13610b86632f07506032e51f0161479e 1368 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-client-linux-ppc64le.tar.gz) | 81670992dcd1944881c54c24ef936c8fbbb7f01e7abd2c253f1894137cb114b60845e5a5181ad826c08074196f8c8bd9077322b43b26b72b0b06cee4c296dd45 1369 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-client-linux-s390x.tar.gz) | e6e094117f04341bb704fae663eb95efe7273a6752acad1f82ed4dbf830d70eb204b9516dc5cfaea69dc31f979342123eaf7ec64dd88998479d8b06ab9851af5 1370 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-client-windows-386.tar.gz) | bf869d6c20f1ea94dcfb0240b7d20a9ef5a021eab1f6ab6a840869af6ef420f9fe0cbf38f79a5d9055d27b8dc595cfb6587fad56259bbfb11f5b07a321a6ba9b 1371 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-client-windows-amd64.tar.gz) | e503aaade44f3b6edfa532399640dc921e38ff5f0b3b6a71c347dd447065fa74d2d9d683de5325febf1de39737e3d1a8ed07781870d072d85f0223635729bcab 1372 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-client-windows-arm64.tar.gz) | bfc41e7401ab7ad300a305603130ae7dbcf200c4370bea886d069d2ff4694fcb6cd6772849015c2259b693d90f85f575f7d3ecca54d31cf3a9b53569abac498e 1373 1374 ### Server Binaries 1375 1376 filename | sha512 hash 1377 -------- | ----------- 1378 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-server-linux-amd64.tar.gz) | 27d62d0bc05d2f117427004a19e5d319337169c0219cc2055f519af4c356001dd5a37253708e835d4a88f14823adb555c4e2753347d739fece47e76337210ef8 1379 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-server-linux-arm64.tar.gz) | a5dc93ca776751a54d4d2fc33b4ad2e3f4cd15610e0e38592a08e82bd3eb3e99852e17a94c002665b60ddd5433cbd1d04eb25d0763117d907595ab620ab9f885 1380 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-server-linux-ppc64le.tar.gz) | 3f6aeb89e8455675ba638014a4625ca9a491b557c1b23e59af3c2b917ec4b671960b1180e2318e44d4aa01e9c28bb3394853edd6e41dd4f83d2bff9cb84de676 1381 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-server-linux-s390x.tar.gz) | 517ac5b1ad72abf3043e3841aca7ff5b3b26206f3c7c37401a25fa0c74437dcfb0b6cb053bd64a58b7d062821c82156f66190defe5775d2eab7d9b2912f70b99 1382 1383 ### Node Binaries 1384 1385 filename | sha512 hash 1386 -------- | ----------- 1387 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-node-linux-amd64.tar.gz) | d93e9d2995fb9ff0a850c6217c8d47dc55163cc36a87e4820cd1303ae05f8f0be49fedb1a6f193812a5da49e26b0e9fed4c8f3f8856eda6164dfe11ca339b796 1388 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-node-linux-arm64.tar.gz) | d634fb1eb577b999179212055fdef04a270e74ed3f5b765ad94dadc6349dc091f69d66b99f12a119b576171a21d2cd7bb4ca4e00c006e782b987764e854e80b3 1389 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-node-linux-ppc64le.tar.gz) | d81c05c511c0d1a0e23e9e31e7ca7d5cf2ae854d6e78360cbeb8a7af929796b4f446199c0bad095bf52b31b9541aa8159694e983a757a6a5416b3eb4e75e8404 1390 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-node-linux-s390x.tar.gz) | 22a0e8689d26c6b5fd9778930f430f7633a17e4956bc23de33b7fe22afaac1b24aa4422c59c549a285c9e4ca17f3ee12bc8d221eaaf98627816bad815ff3bd1d 1391 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.6/kubernetes-node-windows-amd64.tar.gz) | 566c0848f94e30ee2ef287a83a4d82f6fe93f582e4a6db9de884fdfe33c941a4731c905206d251d9b3e096175198fd18dd211fee34f151e3c651443ecce09b3d 1392 1393 ### Container Images 1394 1395 All container images are available as manifest lists and support the described 1396 architectures. It is also possible to pull a specific architecture directly by 1397 adding the "-$ARCH" suffix to the container image name. 1398 1399 name | architectures 1400 ---- | ------------- 1401 [registry.k8s.io/conformance:v1.27.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1402 [registry.k8s.io/kube-apiserver:v1.27.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1403 [registry.k8s.io/kube-controller-manager:v1.27.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1404 [registry.k8s.io/kube-proxy:v1.27.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1405 [registry.k8s.io/kube-scheduler:v1.27.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1406 1407 ## Changelog since v1.27.5 1408 1409 ## Changes by Kind 1410 1411 ### API Change 1412 1413 - Fixed a bug where CEL expressions in CRD validation rules would incorrectly compute a high estimated cost for functions that return strings, lists or maps. 1414 The incorrect cost was evident when the result of a function was used in subsequent operations. ([#119809](https://github.com/kubernetes/kubernetes/pull/119809), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery, Auth and Cloud Provider] 1415 - Mark Job onPodConditions as optional in pod failure policy ([#120209](https://github.com/kubernetes/kubernetes/pull/120209), [@mimowo](https://github.com/mimowo)) [SIG API Machinery and Apps] 1416 1417 ### Feature 1418 1419 - Kubernetes is now built with Go 1.20.8 ([#120494](https://github.com/kubernetes/kubernetes/pull/120494), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 1420 1421 ### Bug or Regression 1422 1423 - Fix OpenAPI v3 not being cleaned up after deleting APIServices ([#120108](https://github.com/kubernetes/kubernetes/pull/120108), [@tnqn](https://github.com/tnqn)) [SIG API Machinery and Testing] 1424 - Fix a concurrent map access in TopologyCache's `HasPopulatedHints` method. ([#120323](https://github.com/kubernetes/kubernetes/pull/120323), [@Miciah](https://github.com/Miciah)) [SIG Apps and Network] 1425 - Fixed a 1.26 regression scheduling bug by ensuring that preemption is skipped when a PreFilter plugin returns `UnschedulableAndUnresolvable` ([#119952](https://github.com/kubernetes/kubernetes/pull/119952), [@sanposhiho](https://github.com/sanposhiho)) [SIG Scheduling] 1426 - Fixed a 1.27 scheduling regression that PostFilter plugin may not function if previous PreFilter plugins return Skip ([#119943](https://github.com/kubernetes/kubernetes/pull/119943), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling and Testing] 1427 - Fixed a regression in default 1.27 configurations in kube-apiserver: fixed the AggregatedDiscoveryEndpoint feature (beta in 1.27+) to successfully fetch discovery information from aggregated API servers that do not check `Accept` headers when serving the `/apis` endpoint ([#120360](https://github.com/kubernetes/kubernetes/pull/120360), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery] 1428 - Fixes a bug where images pinned by the container runtime can be garbage collected by kubelet. ([#120054](https://github.com/kubernetes/kubernetes/pull/120054), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG Node] 1429 - Fixes a regression exposed in 1.27 by kubectl switching to openapi v3 by making apiregistration.k8s.io discoverable in openapi/v3 ([#119841](https://github.com/kubernetes/kubernetes/pull/119841), [@atiratree](https://github.com/atiratree)) [SIG API Machinery] 1430 - Fixes a regression exposed in 1.27 by kubectl switching to openapi v3 by resolving a flake in openapi v3 aggregation ([#119839](https://github.com/kubernetes/kubernetes/pull/119839), [@atiratree](https://github.com/atiratree)) [SIG API Machinery] 1431 - Fixes issue https://github.com/kubernetes-sigs/cloud-provider-azure/issues/4230 and removes the additional filtering on `NotReady` nodes by the azure cloud provider code ([#119128](https://github.com/kubernetes/kubernetes/pull/119128), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG Cloud Provider] 1432 - Fixes regression in 1.27.2 causing running pods with devices to be terminated if kubelet is restarted ([#119432](https://github.com/kubernetes/kubernetes/pull/119432), [@ffromani](https://github.com/ffromani)) [SIG Node and Testing] 1433 - Ignore context canceled from validate and mutate webhook ([#120020](https://github.com/kubernetes/kubernetes/pull/120020), [@divyasri537](https://github.com/divyasri537)) [SIG API Machinery] 1434 - Kubeadm: fix nil pointer when etcd member is already removed ([#120011](https://github.com/kubernetes/kubernetes/pull/120011), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle] 1435 1436 ### Other (Cleanup or Flake) 1437 1438 - When retrieving event resources, the reportingController and reportingInstance fields in the event will contain values. ([#120067](https://github.com/kubernetes/kubernetes/pull/120067), [@HirazawaUi](https://github.com/HirazawaUi)) [SIG Instrumentation] 1439 1440 ## Dependencies 1441 1442 ### Added 1443 _Nothing has changed._ 1444 1445 ### Changed 1446 - github.com/google/cel-go: [v0.12.6 → v0.12.7](https://github.com/google/cel-go/compare/v0.12.6...v0.12.7) 1447 1448 ### Removed 1449 _Nothing has changed._ 1450 1451 1452 1453 # v1.27.5 1454 1455 1456 ## Downloads for v1.27.5 1457 1458 1459 1460 ### Source Code 1461 1462 filename | sha512 hash 1463 -------- | ----------- 1464 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes.tar.gz) | c38254c54938b816edbbbfb104846e5802500b09029719cda914cde334d4372f56a9ad70d01cdcb2983c06b3386cb6af01c04b26dec5e9b51bee772989826fd9 1465 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-src.tar.gz) | 1e06ed46e530a8fa4cfd928e22008cfdc804473867fcf55c5304277fd36c1265069473a4a4d36ca1f53d1db4c742a7e3823f0910dab82ab82518c4e4d1bc7932 1466 1467 ### Client Binaries 1468 1469 filename | sha512 hash 1470 -------- | ----------- 1471 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-client-darwin-amd64.tar.gz) | 62dfc1d11fca2a2cc5b39d72233c94846af57a476984c7cac725f74dd6e3f3a5483de4b910d5c1becacf9ae33aef06de70f78f727c1b5114cd3a92ab120595b0 1472 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-client-darwin-arm64.tar.gz) | a209d4533602b7fb49d9f850976de26d71b4936b1669726052c22842842e96a402a36ec85dd189bdb367b780f761a41c6272652907b1e7df128fb6bbcb7ea1ca 1473 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-client-linux-386.tar.gz) | 71e5a5f26ca4b005582189ec9b6711a3e59197e9df268c6cd85c146ae042d97da82a41254df21bfcee2187939dc7a2a413db9ebd228e2a9d1e91f3a244c69d8b 1474 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-client-linux-amd64.tar.gz) | 82ed21532b842d2da029eb7d2cbf0630619051d278034493c48b98b1149175f78d80cc8fcba79658384cdc6ed4b236aed1fc8dbe69fd47a0c7811a2f4e54369e 1475 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-client-linux-arm.tar.gz) | a368c4275045b6a5a7efaa3adf18a8488ca728c689d5d4d0e0d562dd9046fdd3eceb1104b1f2a3f27b9fe1bf7006d5dd11294ee8d3c2468a51fe0c30bac1f0d3 1476 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-client-linux-arm64.tar.gz) | 3631bea44d8e745035b044bddb3cb9a22002a61045365ea5485070e90501371ccf249ab6b83a2bc5188cc05a9b5c2adb35da2651ddf024a295fe7f584c56dd70 1477 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-client-linux-ppc64le.tar.gz) | 9ca26442c15406e15813ff76a293afbc01b051ee2f5db29a415ff0a6daf9ec4186e0044f8a6cb410d22998167b393b8b65bc3a47a2ac57da44dbb25b4dec6d31 1478 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-client-linux-s390x.tar.gz) | 1d39dbaae47cb7b8677010a905896461068ac408d17bfe401114ef08d39fd73affb115d5a86b0ec2fb98d0e6ee3a499460a0f874bc8c998b29346cf46c217712 1479 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-client-windows-386.tar.gz) | a75f574826b613b71de6b4057ef7e7f2fd7c08053c7f973680c0b96e0659d75baeb34b491c9a0d877477688021b77719d270afe480b590b5c0cb60f834633586 1480 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-client-windows-amd64.tar.gz) | fef167cba4f3f6793ca2a70ac33d24e0fae859fdf7eb78cffcd7ea1693bc4ba400c7f7244d1b4d124ddc67b5439bd3ac46b3a887703d6db7be28b553cb028222 1481 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-client-windows-arm64.tar.gz) | 19583b45d2affba34ac1b3bf7c40fee86591d4f0a06710ea88da5a6345ad32b4ca283e16a06b88af37ecceed78b58b3cc716e70967a35c2a16a018a31848e9c7 1482 1483 ### Server Binaries 1484 1485 filename | sha512 hash 1486 -------- | ----------- 1487 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-server-linux-amd64.tar.gz) | d135dcd85ee02b2e39f5b08e97bc335c1a79f3c98ad17848de258d842c476c9f779c00b32763e99191e7a45eb2c4be02d87efa2ed38c304a49d91fabebb0eb6a 1488 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-server-linux-arm64.tar.gz) | 2040380ddaac3039c15b10ae8474f677ecda83fd5489c7d52772038b8b377026f20ecf48998c2b33b355ff541702a896ef71154d935fd4f11f5a6d0c0177881b 1489 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-server-linux-ppc64le.tar.gz) | d08827a2ade5407735177b245bb4660f5db3efd44bec14b7613e042aa8d011065548a626cd6af50090c5380384e6bcfb6d1fd21fcd1d2b3039480be634027754 1490 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-server-linux-s390x.tar.gz) | a3a01b9aa6d7b826eb0dc6de519d881bbf0273e3fbc62857a328fd23be37cb0749b812ac3a40a739e03ea02ef60808599832237a803770f773bfe277946060b9 1491 1492 ### Node Binaries 1493 1494 filename | sha512 hash 1495 -------- | ----------- 1496 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-node-linux-amd64.tar.gz) | 4560cd0ad15195e6752df67a1a079d49e2254aeef1713459549f13e9b922602e364a22208e9b3a1168a976648583c476c601d88e08dcc8dfeca7bf3955325879 1497 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-node-linux-arm64.tar.gz) | 83ec9e500d6a63c646fc488eee0cd5381d295616e0b49ad8e702d0bede8cc163184a77a50817b0b29b949aa25da99ef702d285b39844a92534f513599d1beb86 1498 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-node-linux-ppc64le.tar.gz) | 0610be236df7fb50ec4fea5eda50d9d491f174ad9c0d4eff1968501258f69a8059b6d165eed0be8637d86649a5e23a24084916366c95d5b2f27c8c7c13fd24eb 1499 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-node-linux-s390x.tar.gz) | 6bf0a266eb9a73800455380c1692e2b630042762a619514e257d1c672f3b6146f3aaf3711e3392802ed0565139819924ccd998c054720a305d8c65c70bd5595b 1500 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.5/kubernetes-node-windows-amd64.tar.gz) | d0476c2cc08472aa73ca921167ed5849b072933553b5e076d6eae86b9a6c0e10816321cba0a5ca0cb51159b2958213c26a2a5c7a518474968ec21d06f425d640 1501 1502 ### Container Images 1503 1504 All container images are available as manifest lists and support the described 1505 architectures. It is also possible to pull a specific architecture directly by 1506 adding the "-$ARCH" suffix to the container image name. 1507 1508 name | architectures 1509 ---- | ------------- 1510 [registry.k8s.io/conformance:v1.27.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1511 [registry.k8s.io/kube-apiserver:v1.27.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1512 [registry.k8s.io/kube-controller-manager:v1.27.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1513 [registry.k8s.io/kube-proxy:v1.27.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1514 [registry.k8s.io/kube-scheduler:v1.27.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1515 1516 ## Changelog since v1.27.4 1517 1518 ## Important Security Information 1519 1520 This release contains changes that address the following vulnerabilities: 1521 1522 ### CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation 1523 1524 A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. 1525 1526 **Affected Versions**: 1527 - kubelet <= v1.28.0 1528 - kubelet <= v1.27.4 1529 - kubelet <= v1.26.7 1530 - kubelet <= v1.25.12 1531 - kubelet <= v1.24.16 1532 1533 **Fixed Versions**: 1534 - kubelet v1.28.1 1535 - kubelet v1.27.5 1536 - kubelet v1.26.8 1537 - kubelet v1.25.13 1538 - kubelet v1.24.17 1539 1540 This vulnerability was discovered by James Sturtevant @jsturtevant and Mark Rossetti @marosset during the process of fixing CVE-2023-3676 (that original CVE was reported by Tomer Peled @tomerpeled92) 1541 1542 1543 **CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 1544 1545 1546 ### CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation 1547 1548 A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. 1549 1550 **Affected Versions**: 1551 - kubelet <= v1.28.0 1552 - kubelet <= v1.27.4 1553 - kubelet <= v1.26.7 1554 - kubelet <= v1.25.12 1555 - kubelet <= v1.24.16 1556 1557 **Fixed Versions**: 1558 - kubelet v1.28.1 1559 - kubelet v1.27.5 1560 - kubelet v1.26.8 1561 - kubelet v1.25.13 1562 - kubelet v1.24.17 1563 1564 This vulnerability was reported by Tomer Peled @tomerpeled92 1565 1566 1567 **CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 1568 1569 ## Changes by Kind 1570 1571 ### API Change 1572 1573 - Aggregated discovery now returns `responseKind: {}` for resources which are missing group/version/kind information, to ensure compatibility with v0.26.0-v0.26.3 clients. ([#119835](https://github.com/kubernetes/kubernetes/pull/119835), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing] 1574 1575 ### Feature 1576 1577 - Kubeadm: generate CA certificates with a start time that is offset 5 minutes in the past relative to the current system time to workaround cases of clock desync. 1578 client-go: allow to set NotBefore in NewSelfSignedCACert() ([#119113](https://github.com/kubernetes/kubernetes/pull/119113), [@champtar](https://github.com/champtar)) [SIG API Machinery, Auth and Cluster Lifecycle] 1579 - Kubernetes is now built with Go 1.20.7 ([#119828](https://github.com/kubernetes/kubernetes/pull/119828), [@jeremyrickard](https://github.com/jeremyrickard)) [SIG Release and Testing] 1580 1581 ### Bug or Regression 1582 1583 - Fix Topology Aware Hints not working when the `topology.kubernetes.io/zone` label is added after Node creation 1584 - Fix a data race in TopologyCache when `AddHints` and `SetNodes` are called concurrently ([#117269](https://github.com/kubernetes/kubernetes/pull/117269), [@tnqn](https://github.com/tnqn)) [SIG Apps and Network] 1585 - Fix computing backoff delay when using Job pod failure policy, by including in the backoff delay calculation pod failures ignored from the backoffLimit counter. 1586 1587 Also, compute the backoff delay more accurately for deleted pods. ([#119466](https://github.com/kubernetes/kubernetes/pull/119466), [@mimowo](https://github.com/mimowo)) [SIG Apps] 1588 - Fix: After a Node is down and take some time to get back to up again, the mount point of the evicted Pods cannot be cleaned up successfully. (#111933) Meanwhile Kubelet will print the log `Orphaned pod "xxx" found, but error not a directory occurred when trying to remove the volumes dir` every 2 seconds. (#105536) ([#116134](https://github.com/kubernetes/kubernetes/pull/116134), [@cvvz](https://github.com/cvvz)) [SIG Node and Storage] 1589 - Fixed kubelet startup getting stuck with `NewVolumeManagerReconstruction` feature enabled and a CSI volume present in /var/lib/kubelet/pods. ([#117804](https://github.com/kubernetes/kubernetes/pull/117804), [@jsafrane](https://github.com/jsafrane)) [SIG Node and Storage] 1590 - Revert kubelet prober metrics `pod` tag to include actual pod name ([#118549](https://github.com/kubernetes/kubernetes/pull/118549), [@a7i](https://github.com/a7i)) [SIG Node] 1591 - Update kube-apiserver's priority & fairness work estimator such that 'max seats' is MIN(0.15 x nominalCL, nominalCL / handSize) 1592 1593 This fixes a bug where clients with requests using hand size x max seats greater than the nominal concurrency limit can starve other requests in the same priority level. ([#118601](https://github.com/kubernetes/kubernetes/pull/118601), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery] 1594 1595 ## Dependencies 1596 1597 ### Added 1598 _Nothing has changed._ 1599 1600 ### Changed 1601 _Nothing has changed._ 1602 1603 ### Removed 1604 _Nothing has changed._ 1605 1606 1607 1608 # v1.27.4 1609 1610 1611 ## Downloads for v1.27.4 1612 1613 1614 1615 ### Source Code 1616 1617 filename | sha512 hash 1618 -------- | ----------- 1619 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes.tar.gz) | 9469a8dae4ac11764119c1a8f71b010ff431f92e80fbddf98b9c0c84f009ba85e0a4d5d0dfcb292a0815b707fd1ed21550f76b7dc79b1058cd7ed224e2b4f4cc 1620 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-src.tar.gz) | e908723662d8a7c5dc26865420c2a41e27d68be4018e3a2d02987128930bc027692b37d3a8ea59e03948b4649bd24c21fe37e50bc73fe490af26752d221bfd4c 1621 1622 ### Client Binaries 1623 1624 filename | sha512 hash 1625 -------- | ----------- 1626 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-client-darwin-amd64.tar.gz) | e83130d975116ad8274a0638b86f11917bc2b47dae84fca3a79f93384387de3e55dad846a4b357df0df3d8004cb4f948a2fdc7434bd6d6b40dc64922acc27734 1627 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-client-darwin-arm64.tar.gz) | 323206960a0faec4382b5031f5c92ac24e8ff1276282fed57fd7d3c60b88a188e16e6dc99a4afbd41e671fe0bb56044e8d99a59ff962390b900fed33c4de832a 1628 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-client-linux-386.tar.gz) | d282fbddf9e95f2d06aa1a6efa0e898c50abe2944c415848c47fd024672f6e0b704ff6df0bcef49df9fdbf940726ab8de10466211ca9476237cd565a24be25f0 1629 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-client-linux-amd64.tar.gz) | 42ac0cdfb1d961cb14fbdf09370b0798a1cd687d576ded4c85a2574a2adc48e514c7df9c905f1e851fab2f69246efee73971fd39838351d3b194881cfa3b5409 1630 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-client-linux-arm.tar.gz) | 935c9296d2d2c85862b357f94406876648ceca247e92acb99ba3fb2b98608687cc1ff88d201b4f1cddaa526ad026e96c7af1fccb6e52b7e5ba9307c913e31ed1 1631 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-client-linux-arm64.tar.gz) | b9f1a90cb7011d872ab4773afeef752d5d726f33628acc7592978a7ec37b2afb085fc4ebdabd4f8cb25a990eb73289ffda3442d41e6393eadc90c696b7a80be9 1632 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-client-linux-ppc64le.tar.gz) | e5cb8236308bb04287564285750673353dfed6d806f4266c36ad3b640bc0959e36bb9b5d65fa75937b73970abcc5571a1ac9af203093d978bc2331bcfa0969e8 1633 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-client-linux-s390x.tar.gz) | 586c4c5e31762c9d52303ed86476d6b6e3df0aa590bc3676d50069502a4f3de0808eadb1e20cd18abaf148cb87d73aaa85ad92902f927b29e650d1f6534dc78b 1634 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-client-windows-386.tar.gz) | e74259bcc5980ac370cbbcd91590cb36982c1af638fe6da7175c4ca3ab7d2686df1ca0d540fda6ef1d4c4978ac1f9c46a1a998852cf9a903ddc0be3852a82dbc 1635 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-client-windows-amd64.tar.gz) | d5fc29cf85eceed250f366dafb182c516934008c99212a8f417eef414fbfc3bac715450e4e497a01a3c378e2bfe795ca34601e7684166b2cfcfab1422f911754 1636 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-client-windows-arm64.tar.gz) | 0fc5de119e6d43958e24dec587b5253edcc9a38aa27478d220b1b231b1bd847fb59a18f27b0fb7305872d2a7ecbde11ff07058094d8f267c67c24ced0ea4af52 1637 1638 ### Server Binaries 1639 1640 filename | sha512 hash 1641 -------- | ----------- 1642 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-server-linux-amd64.tar.gz) | a200bb097870297c6fd8f60329958e5e21c45df277778812e6217b0130753cdedd1f03589ade6b944d9fabf0da19921c8a4e02d0f19a731d2fc7df9489f0d28e 1643 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-server-linux-arm64.tar.gz) | 5584594ae1a221fb50eb372ca9d8d7f1a1fa8c89a1e946660d232aa0c2fe646d5bcf8c123e874b76111768efff6192ac943143a547669ccc85579b32edf0a08f 1644 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-server-linux-ppc64le.tar.gz) | d9285e3e483d0fd4a1ff5acbe86a7a2ccc206dc005ee09120c8eea16c5311b97fcf26bd40b2ff4b30bc924f284cec59e44fd733cf0b33ac83fe2c017bc9025c3 1645 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-server-linux-s390x.tar.gz) | e36e5ab5e6b98ec84a96f1846e84784012c53b166bad7fc4fc61f5f4d030d384f2d25d007929cb5373474bae38f4ad35491600fc5a71f498801870603d9f9a1d 1646 1647 ### Node Binaries 1648 1649 filename | sha512 hash 1650 -------- | ----------- 1651 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-node-linux-amd64.tar.gz) | 271633c9411066295941201cb861e2ea4759a212059786d5120e75bb7221f84b443afc631bd49f0957c1ec67e0a16f0308ddee061187afc75c1a1910968a59cc 1652 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-node-linux-arm64.tar.gz) | 69ddbbbbb0c23ad7b86bbdbaaf5748e259978436730de1902ce047999b9c456a735ee92c63ba4616e0411ca99565efe4da727a6356485bbe2d66f0ef2b2516ea 1653 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-node-linux-ppc64le.tar.gz) | c0758d63ade901e1fe6258cac4e5e951c7f8101a4a31ceb91f77ec0b2317f89fb2b4df64f672085dd03bc83fad27af4de9b886bc3de85f06e329e27d6e4f57bd 1654 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-node-linux-s390x.tar.gz) | f3a2af663abd1e06f7ad828351fabe370f26ef8f1224b8a5738bbfd311df71d13ec72260e00e1e38bfe3dd1302ec7b5e9df13d8c8e874262f2b0607096deee75 1655 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.4/kubernetes-node-windows-amd64.tar.gz) | bb05e9426d02f1a6593a14fef0671803a374dc6e98a4ff1de837b93559a1164275d5e313b08806ce09baa36d3177e59038de9487d6ee1d7a8ae898342e82ae89 1656 1657 ### Container Images 1658 1659 All container images are available as manifest lists and support the described 1660 architectures. It is also possible to pull a specific architecture directly by 1661 adding the "-$ARCH" suffix to the container image name. 1662 1663 name | architectures 1664 ---- | ------------- 1665 [registry.k8s.io/conformance:v1.27.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1666 [registry.k8s.io/kube-apiserver:v1.27.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1667 [registry.k8s.io/kube-controller-manager:v1.27.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1668 [registry.k8s.io/kube-proxy:v1.27.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1669 [registry.k8s.io/kube-scheduler:v1.27.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1670 1671 ## Changelog since v1.27.3 1672 1673 ## Changes by Kind 1674 1675 ### Feature 1676 1677 - Fixes the alpha `CloudDualStackNodeIPs` feature. ([#118329](https://github.com/kubernetes/kubernetes/pull/118329), [@danwinship](https://github.com/danwinship)) [SIG Network and Node] 1678 - Kubernetes is now built with Go 1.20.6 ([#119366](https://github.com/kubernetes/kubernetes/pull/119366), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing] 1679 1680 ### Bug or Regression 1681 1682 - Fix component status calling etcd health endpoint over http which exposed kubernetes to the risk of complete watch starvation and is inconsistent with other etcd probing done by kube-apiserver. ([#118683](https://github.com/kubernetes/kubernetes/pull/118683), [@serathius](https://github.com/serathius)) [SIG API Machinery] 1683 - Fix cronjob controller handling of complex schedules, like "30 6-16/4 * * 1-5", for example ([#119139](https://github.com/kubernetes/kubernetes/pull/119139), [@kmala](https://github.com/kmala)) [SIG Apps] 1684 - Fix deletion of non-admissible pods that are deleted during Kubelet restart ([#118841](https://github.com/kubernetes/kubernetes/pull/118841), [@bobbypage](https://github.com/bobbypage)) [SIG Node and Testing] 1685 - Fixed #118052: nodeAffinity on pods can change prior to scheduling gates being removed even when podSpec.affinity is nil in the initial spec, this matches the 1.28 behavior to allow consistent integrators to be written. ([#118199](https://github.com/kubernetes/kubernetes/pull/118199), [@aleskandro](https://github.com/aleskandro)) [SIG Apps, Scheduling and Testing] 1686 - Fixed a performance issue where pods weren't created/deleted in parallel for a StatefulSet with podManagementPolicy: Parallel. ([#119096](https://github.com/kubernetes/kubernetes/pull/119096), [@aleksandra-malinowska](https://github.com/aleksandra-malinowska)) [SIG Apps] 1687 - Fixed vSphere cloud provider not to skip detach volumes from nodes at kube-controller-startup. ([#117243](https://github.com/kubernetes/kubernetes/pull/117243), [@jsafrane](https://github.com/jsafrane)) [SIG Cloud Provider] 1688 - Kubectl explain should correctly work for all resources ([#118876](https://github.com/kubernetes/kubernetes/pull/118876), [@atiratree](https://github.com/atiratree)) [SIG CLI] 1689 - Only declare Job as finished after removing all Pod finalizers to avoid orphan Pods ([#119160](https://github.com/kubernetes/kubernetes/pull/119160), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing] 1690 - The Daemonset controller creates replacements for terminal Pods, which can appear during VM preemptions or when using Pod finalizers ([#118911](https://github.com/kubernetes/kubernetes/pull/118911), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing] 1691 - The `pod_scheduling_duration_seconds` metrics won't consider the time when a Pod fails PreEnqueue (like being gated). ([#118821](https://github.com/kubernetes/kubernetes/pull/118821), [@helayoty](https://github.com/helayoty)) [SIG Scheduling] 1692 - This PR adds additional validation for endpoint ip configuration while iterating through queried endpoint list. ([#117226](https://github.com/kubernetes/kubernetes/pull/117226), [@princepereira](https://github.com/princepereira)) [SIG Network and Windows] 1693 - Updated cAdvisor to v0.47.2 - Fix metrics in cri-o when a container restarts ([#118797](https://github.com/kubernetes/kubernetes/pull/118797), [@harche](https://github.com/harche)) [SIG Node] 1694 1695 ## Dependencies 1696 1697 ### Added 1698 _Nothing has changed._ 1699 1700 ### Changed 1701 - github.com/google/cadvisor: [v0.47.1 → v0.47.2](https://github.com/google/cadvisor/compare/v0.47.1...v0.47.2) 1702 - github.com/rogpeppe/go-internal: [v1.10.0 → v1.11.0](https://github.com/rogpeppe/go-internal/compare/v1.10.0...v1.11.0) 1703 1704 ### Removed 1705 _Nothing has changed._ 1706 1707 1708 1709 # v1.27.3 1710 1711 1712 ## Downloads for v1.27.3 1713 1714 1715 1716 ### Source Code 1717 1718 filename | sha512 hash 1719 -------- | ----------- 1720 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes.tar.gz) | dd9174340ea3773db4c8a19d0a958fa22046863f270e31add0b7fad07ec285c6f2d09d335121697f6cd879c91589204b73b6631100c95c027bddbdef391fe5e0 1721 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-src.tar.gz) | b3ecffc433df2dcaea9287e45da74f23c784f18bf22a33b65a196563077b01ba61b73f5761c16ae723ae821f27644f98c22be69ea16b8b14deb8b6e35d35b018 1722 1723 ### Client Binaries 1724 1725 filename | sha512 hash 1726 -------- | ----------- 1727 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-client-darwin-amd64.tar.gz) | fb8f708135406f1ba9116d2fecd6fadcc2e5be7e56c78e0620840352e236178835e4e162b76c8b545faf02700347f01792c2b9c83c6e3819a020e3ba0aef7afe 1728 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-client-darwin-arm64.tar.gz) | 1c5b9ba8d9e41b61d519ede27c7d65320ababa7ac922f4b425553922cb319d825e0ca8a4bb38440408c8f99395c981f682887e7a0d8e20217feafafc2cbfa75c 1729 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-client-linux-386.tar.gz) | 6ccc8cce4c26eacd27499b20a0017b4059aa133438b26f0576828d57c1810095f5fae67ca023047d44cdc9535605cf95a084af509138087616cd8d56a7e5c2fd 1730 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-client-linux-amd64.tar.gz) | 14339c478f3c2d169d2e9fc387a62b32ba86be6cc9d9fc73f50bfe3a2225bbefd5463a09f665155ec36b04e52676831e7b010a1fcb9158e7f10a55dde393502d 1731 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-client-linux-arm.tar.gz) | d40738d863188768089cf14fe31c060f578182283f8d4070e279cdabd9eccaf5a8e33f20025281e394de95a76ddc4a9835a6d1eac2b131d64f137a8a5d4cd667 1732 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-client-linux-arm64.tar.gz) | 79aa1ea8d763c5258d43499a55ed4c88cf9aec36353246c5de797bc399023ffcb110c4b69da419b085a259b8b7253de2956480e6734a9ce1edd674821756cb54 1733 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-client-linux-ppc64le.tar.gz) | c9e89f6032853874dce84df467c9f8ade7800af2c7b29fb070628e16350ba49b086520903508c711f6970b3fe37a3e88065be705d8950c024c006929abec6459 1734 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-client-linux-s390x.tar.gz) | 927f54417e2e177ba811b08db45677a7a5693c99da4eaa268fc2026d68769d49bb036c1b4dc2d376a2080f17f207399d9a1e83bcf17c747647bd86aa3e1bab77 1735 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-client-windows-386.tar.gz) | 78e6a307237f66386856a217ed82a63e2d1f9a1b674fe1f5fd26d6169193490d0aaeb8597f2ac9ea876ff984ca51e4f6810cb6587aff3d6af4eaf1a4b8590330 1736 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-client-windows-amd64.tar.gz) | 83252ef0c7491a637fc45b696c35cdafd3bd168608c1cb6fa0cc380b20dd68e456a63615d5b42074c3a8a5e1f8cc988e746793b598b5e658f1d598f8da29b2d4 1737 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-client-windows-arm64.tar.gz) | c4f364d16a3fdf3885d2176beb058b85f8f1f603d25c0e87b2c97c122543c7f1f0f6c1d7377a145a3cf893ae3af864779f555f0bdfddfa8d6cf2a5d442a57e1f 1738 1739 ### Server Binaries 1740 1741 filename | sha512 hash 1742 -------- | ----------- 1743 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-server-linux-amd64.tar.gz) | 4493a9c8e64579f0904c5dddb5967397f7ad9f8ec1d16d34eaa9692a716170f8392d414ee8d2adce0effdfc875bce5e70567df51d538d520eb4d284ff538ed3c 1744 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-server-linux-arm64.tar.gz) | 06f0440bf4fdfe19a27d4ee5e2ae71df9d8697b37422133a487b15ddb3861fde4e705367374daa1b726adea432d4e23cab3477741583dd5f9fdc7ddc4633081b 1745 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-server-linux-ppc64le.tar.gz) | 6886265f0839ecd83988dbe535d0c15613f828697b2a2948c79fcb5eabc7f4177b08d9e58a93c80d6f8fb2f463688ab043a4d0bf354f4bc410785d2d2e5b94a4 1746 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-server-linux-s390x.tar.gz) | a7a595f914393f776809555f22831d7c5ca91d2de117b69f392ae6f7f3611199074abd373a973b5d4d5aaddfcce60c17ba9ecb8eeeeabfe0a4ccbc7c6f0735c7 1747 1748 ### Node Binaries 1749 1750 filename | sha512 hash 1751 -------- | ----------- 1752 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-node-linux-amd64.tar.gz) | 5950f42effc3b48697142cc6012de0921a575252e1eb860eb89941be7f22ef9005d590fd825f0b2e9025583a7912ecae10f3a848932d16981afc9a36dac4d337 1753 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-node-linux-arm64.tar.gz) | 9dedf1d677a9a57d8ec28d09ae70ea9bf5deb4869a33e15391978347e7f1e9d51ac4fcd82e0411803670d84d161104575fd84e4ea90458c877b9247c748d12b4 1754 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-node-linux-ppc64le.tar.gz) | 54c1018641d2ffb075fa6c3674a0c69a8509332f13db569c937c649c4c678db418512266d6373aca9892776fc090e060a51c1f6e54e4ab8018f44c3a6bfad4d4 1755 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-node-linux-s390x.tar.gz) | 3d0e771b812c8aff468cced3bb29619cc15ee2f2bd5980c8bb5880391e0076eab54bfea6bdd77953ed929462024349ba5fc07edad85126ae5a6e81c399e8b333 1756 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.3/kubernetes-node-windows-amd64.tar.gz) | 3614c4df2074714a74ce392f3f14ff91b15d97a7759cc33755c0c1f0b96e728cef04d8e55068911a64611a46cc40f0d25bee2ac974e4cc78b7428b2f1e1f5ecc 1757 1758 ### Container Images 1759 1760 All container images are available as manifest lists and support the described 1761 architectures. It is also possible to pull a specific architecture directly by 1762 adding the "-$ARCH" suffix to the container image name. 1763 1764 name | architectures 1765 ---- | ------------- 1766 [registry.k8s.io/conformance:v1.27.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1767 [registry.k8s.io/kube-apiserver:v1.27.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1768 [registry.k8s.io/kube-controller-manager:v1.27.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1769 [registry.k8s.io/kube-proxy:v1.27.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1770 [registry.k8s.io/kube-scheduler:v1.27.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1771 1772 ## Changelog since v1.27.2 1773 1774 ## Important Security Information 1775 1776 This release contains changes that address the following vulnerabilities: 1777 1778 ### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin 1779 1780 A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account's secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. 1781 1782 **Note**: This only impacts the cluster if the ServiceAccount admission plugin is used (most cluster should have this on by default as recommended in https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#serviceaccount), the `kubernetes.io/enforce-mountable-secrets` annotation is used by a service account (this annotation is not added by default), and Pods are using ephemeral containers. 1783 1784 **Affected Versions**: 1785 - kube-apiserver v1.27.0 - v1.27.2 1786 - kube-apiserver v1.26.0 - v1.26.5 1787 - kube-apiserver v1.25.0 - v1.25.10 1788 - kube-apiserver <= v1.24.14 1789 1790 **Fixed Versions**: 1791 - kube-apiserver v1.27.3 1792 - kube-apiserver v1.26.6 1793 - kube-apiserver v1.25.11 1794 - kube-apiserver v1.24.15 1795 1796 1797 **CVSS Rating:** Medium (6.5) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) 1798 1799 ## Changes by Kind 1800 1801 ### Feature 1802 1803 - Kubernetes is now built with Go 1.20.5 ([#118553](https://github.com/kubernetes/kubernetes/pull/118553), [@puerco](https://github.com/puerco)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release, Storage and Testing] 1804 1805 ### Bug or Regression 1806 1807 - Add DisruptionTarget condition to the pod preempted by Kubelet to make room for a critical pod ([#118219](https://github.com/kubernetes/kubernetes/pull/118219), [@mimowo](https://github.com/mimowo)) [SIG Node and Testing] 1808 - Fixes a bug at kube-apiserver start where APIService objects for custom resources could be deleted and recreated. ([#118104](https://github.com/kubernetes/kubernetes/pull/118104), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing] 1809 - If `kubeadm reset` finds no etcd member ID for the peer it removes during the `remove-etcd-member` phase, it continues immediately to other phases, instead of retrying the phase for up to 3 minutes before continuing. ([#117948](https://github.com/kubernetes/kubernetes/pull/117948), [@dlipovetsky](https://github.com/dlipovetsky)) [SIG Cluster Lifecycle] 1810 - Kubeadm: fix a bug where the static pod changes detection logic is inconsistent with kubelet ([#118069](https://github.com/kubernetes/kubernetes/pull/118069), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 1811 - Kubeadm: fix etc version support for Kubernetes v1.27 ([#118307](https://github.com/kubernetes/kubernetes/pull/118307), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 1812 1813 ## Dependencies 1814 1815 ### Added 1816 _Nothing has changed._ 1817 1818 ### Changed 1819 _Nothing has changed._ 1820 1821 ### Removed 1822 _Nothing has changed._ 1823 1824 1825 1826 # v1.27.2 1827 1828 1829 ## Downloads for v1.27.2 1830 1831 1832 1833 ### Source Code 1834 1835 filename | sha512 hash 1836 -------- | ----------- 1837 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes.tar.gz) | c46c9c1c4cdb0b1532630ce0e01295c7185f725e494d4fd190bae0540283c679b1c8b0a1ad1f0f5d320ddbf439e5fdd6f925700080cdf810158e1f41b8c5d9c9 1838 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-src.tar.gz) | b9be38a5506071a362864661b369c71b0a02e66df0a77a2afc68040fa9634751a189e3c6c94771aee3e17b50a73228ad992a08f31cf4b322ebd7003e7676d381 1839 1840 ### Client Binaries 1841 1842 filename | sha512 hash 1843 -------- | ----------- 1844 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-client-darwin-amd64.tar.gz) | 7e4c0a207e505f6966999e0efb293c0e885d5975ad02f8e534b60ab1a94e0fdbcefd72c18fd536bb23e9356735098dd3fb85c6034e3ec07879f9511deb254f1b 1845 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-client-darwin-arm64.tar.gz) | 41a51f588a9c19d0377921b66c21d7b406244aca4fbd32c0d7dcdd9b1cf80712c8f26a1134c2ae1d57612025b943e87a7bb55ee01c22838c0deb2754cf4a43cd 1846 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-client-linux-386.tar.gz) | 729310d48d34fd21805869f849492227d3a74d1feafa4969d2aa5e0336c85d51f379865eda7b20c92b2f5122094884de5947a715f2fc9b6cb32e8a4e79dcd16c 1847 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-client-linux-amd64.tar.gz) | cc34cffb3ec65a1b29dc3998341c8317dd1bf34d45b230a2379b1676d4d9a600cb662cde7caa7c8253e4cf2320d40b9581f97c0a04ac81037643b4fd105c6103 1848 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-client-linux-arm.tar.gz) | b85927b9ff2f5871dac6814800c0fda43c4e69c27dd5c9d5cb3c73551c147ad2501675ffc5775cb70af4b643e88e784d034c3eec714de66c7ddf163a2ae4f500 1849 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-client-linux-arm64.tar.gz) | cdf09ad3150c702e84c22158e95f164cffcbfa5e06af65e33dafada0d0d00fd6c160f41eb72d7966b0659e49705f7197d92dc3dc7153cf907fcdf318071138bc 1850 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-client-linux-ppc64le.tar.gz) | 7219c79d43cc57a0866c854183dbed2629866e4ce081b62eef6c3034094bf0d3143e9e2eb7cf819a2f49bd98566cf4ac56cc9f2989f4c49906a71e2df68767e4 1851 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-client-linux-s390x.tar.gz) | 9a5c0d13732ebf2d69f714ee953cc57f1c7ca2a27cb26333336a0da225414a96976f6a383cbe89aee80bcdd47a59dc17784acce377f656a6f959ed65f638a82d 1852 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-client-windows-386.tar.gz) | 7bad7610f5a000cf40f68451d4cf94395d43907271aa98132cb6a52eae541e25cce7f40b5dfb1b45c79da5bbf54ce49cfbcd04f819635e16d91e03c63b48b8f4 1853 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-client-windows-amd64.tar.gz) | 3d1c4f023867e8289d19dba43d702d40f3a8d8583e2c436e447af43127da9b0e90b5ca4ac055c3256c92d8fcaaa3734f0a83039480b35a012aed86ecd377da59 1854 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-client-windows-arm64.tar.gz) | 0b08b36d4869b6b1de0314bb365ae45f85719297088f12b723a535a61f7b2c648969c12a4e1ecbd29a6deb804551815ed21c3b8ae9ed6813aa26d625723a273e 1855 1856 ### Server Binaries 1857 1858 filename | sha512 hash 1859 -------- | ----------- 1860 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-server-linux-amd64.tar.gz) | 53f1533aa8f493ebbdfb07ba59eaf971cf865c60d1ac9a5ad9f61e6d5f670e9d86e0dc70c6d3057953da2968d100de8d8bf50d5863ad2decb69c397aa6f185b9 1861 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-server-linux-arm64.tar.gz) | 66466de2b1b5ad7ce09fba95da00d3451ae13b28b89755a64cc4e18e1254c5dfed290df5f8509f312396679bcc90eec98eb84e333ea9bd206ecb8bf00eeeba71 1862 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-server-linux-ppc64le.tar.gz) | 283dd8c6391d62b1f11102ce3a252d78b1dd3268dd2b8c5f08276c9c764ced6f0f8e8056b5d302045c464efc063a81d815e6fc3f804b997770b40bc1b2a89f8c 1863 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-server-linux-s390x.tar.gz) | ea30de775e794eb738a3c10c730c0e291ae1460fdaba984d4eb00bf52b552f192608e8213b382ac8161f1f13486ddf13b7f20e4f5838a1e38f08da9288c01a3c 1864 1865 ### Node Binaries 1866 1867 filename | sha512 hash 1868 -------- | ----------- 1869 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-node-linux-amd64.tar.gz) | 2a05c3ebcec8bce9ca2a7c835617f0b85dbf11a07d39c5b002b5389a45465807c437dd22d975c60e680ee34f3bc00e460d848927a8fa2c1543ec97fb66f50477 1870 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-node-linux-arm64.tar.gz) | 9d6c45fb54c01ac9a106d356d8c9ed1c6564f4b86bb1ba55ced628bbbf5c4fb1f78d68a15c3055680c6dff6c85a32726300d09b7a85bdcb7ba263a434b148826 1871 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-node-linux-ppc64le.tar.gz) | b029fe744619f9649e42c80ca2f0bb14ae72c934d4687100ee7f041cbcd72cc5567ae01acef9e2c7b5c579228b2af9a419bdbf2af64420754a5f6049cdd391bb 1872 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-node-linux-s390x.tar.gz) | d3319d9a4a205cd1fa9da590407fe2be3b149c50e77422ff2b2f1e803c24e0d496fdc89d16c658fbef7a0bc59d1b0e295dfa5354ce3c3c5d9a6749e60e1580ee 1873 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.2/kubernetes-node-windows-amd64.tar.gz) | a745fe1b46ec6c3bd27e72c2774a01fd53c27361de6ad7281c2adeaf88ab59ec725d60dc99a4de5f3579428ef4e923860a85143f14b51590ce43bfdee7a36a10 1874 1875 ### Container Images 1876 1877 All container images are available as manifest lists and support the described 1878 architectures. It is also possible to pull a specific architecture directly by 1879 adding the "-$ARCH" suffix to the container image name. 1880 1881 name | architectures 1882 ---- | ------------- 1883 [registry.k8s.io/conformance:v1.27.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 1884 [registry.k8s.io/kube-apiserver:v1.27.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 1885 [registry.k8s.io/kube-controller-manager:v1.27.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 1886 [registry.k8s.io/kube-proxy:v1.27.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 1887 [registry.k8s.io/kube-scheduler:v1.27.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 1888 1889 ## Changelog since v1.27.1 1890 1891 ## Changes by Kind 1892 1893 ### API Change 1894 1895 - Added error handling for seccomp localhost configurations that do not properly set a localhostProfile ([#117020](https://github.com/kubernetes/kubernetes/pull/117020), [@cji](https://github.com/cji)) [SIG API Machinery and Node] 1896 - Fixed an issue where kubelet does not set case-insensitive headers for http probes. (#117182, @dddddai) ([#117324](https://github.com/kubernetes/kubernetes/pull/117324), [@dddddai](https://github.com/dddddai)) [SIG API Machinery, Apps and Node] 1897 - Revised the comment about the feature-gate level for PodFailurePolicy from alpha to beta ([#117815](https://github.com/kubernetes/kubernetes/pull/117815), [@kerthcet](https://github.com/kerthcet)) [SIG Apps] 1898 1899 ### Feature 1900 1901 - Kubernetes is now built with Go 1.20.4 ([#117773](https://github.com/kubernetes/kubernetes/pull/117773), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing] 1902 1903 ### Failing Test 1904 1905 - Allow Azure Disk e2es to use newer topology labels if available from nodes ([#117216](https://github.com/kubernetes/kubernetes/pull/117216), [@gnufied](https://github.com/gnufied)) [SIG Storage and Testing] 1906 1907 ### Bug or Regression 1908 1909 - CVE-2023-27561 CVE-2023-25809 CVE-2023-28642: Bump fix runc v1.1.4 -> v1.1.5 ([#117242](https://github.com/kubernetes/kubernetes/pull/117242), [@haircommander](https://github.com/haircommander)) [SIG Node] 1910 - During device plugin allocation, resources requested by the pod can only be allocated if the device plugin has registered itself to kubelet AND healthy devices are present on the node to be allocated. If these conditions are not sattsfied, the pod would fail with `UnexpectedAdmissionError` error. ([#117719](https://github.com/kubernetes/kubernetes/pull/117719), [@swatisehgal](https://github.com/swatisehgal)) [SIG Node and Testing] 1911 - Fallback from OpenAPI V3 to V2 when the OpenAPI V3 document is invalid or incomplete. ([#117980](https://github.com/kubernetes/kubernetes/pull/117980), [@seans3](https://github.com/seans3)) [SIG CLI] 1912 - Fix bug where `listOfStrings.join()` in CEL expressions resulted in an unexpected internal error. ([#117596](https://github.com/kubernetes/kubernetes/pull/117596), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery] 1913 - Fix incorrect calculation for ResourceQuota with PriorityClass as its scope. ([#117825](https://github.com/kubernetes/kubernetes/pull/117825), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG API Machinery] 1914 - Fix performance regression in scheduler caused by frequent metric lookup on critical code path. ([#117617](https://github.com/kubernetes/kubernetes/pull/117617), [@tosi3k](https://github.com/tosi3k)) [SIG Scheduling] 1915 - Fix: the volume is not detached after the pod and PVC objects are deleted ([#117236](https://github.com/kubernetes/kubernetes/pull/117236), [@cvvz](https://github.com/cvvz)) [SIG Storage] 1916 - Fixed a memory leak in the Kubernetes API server that occurs during APIService processing. ([#117310](https://github.com/kubernetes/kubernetes/pull/117310), [@enj](https://github.com/enj)) [SIG API Machinery] 1917 - Fixes a race condition serving OpenAPI content ([#117708](https://github.com/kubernetes/kubernetes/pull/117708), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Instrumentation and Node] 1918 - Fixes a regression in kubectl and client-go discovery when configured with a server URL other than the root of a server. ([#117685](https://github.com/kubernetes/kubernetes/pull/117685), [@ardaguclu](https://github.com/ardaguclu)) [SIG API Machinery] 1919 - Fixes bug where an incomplete OpenAPI V3 document can cause a nil-pointer crash. 1920 Ensures fallback to OpenAPI V2 endpoint for errors retrieving OpenAPI V3 document. ([#117918](https://github.com/kubernetes/kubernetes/pull/117918), [@seans3](https://github.com/seans3)) [SIG CLI] 1921 - Kubeadm: fix a bug where file copy(backup) could not be executed correctly on Windows platform during upgrade ([#117861](https://github.com/kubernetes/kubernetes/pull/117861), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 1922 - Kubelet terminates pods correctly upon restart, fixing an issue where pods may have not been fully terminated if the kubelet was restarted during pod termination. ([#117433](https://github.com/kubernetes/kubernetes/pull/117433), [@bobbypage](https://github.com/bobbypage)) [SIG Node and Testing] 1923 - Number of errors reported to the metric `storage_operation_duration_seconds_count` for emptyDir decreased significantly because previously one error was reported for each projected volume created. ([#117022](https://github.com/kubernetes/kubernetes/pull/117022), [@mpatlasov](https://github.com/mpatlasov)) [SIG Storage] 1924 - Resolves a spurious "Unknown discovery response content-type" error in client-go discovery requests by tolerating extra content-type parameters in API responses ([#117637](https://github.com/kubernetes/kubernetes/pull/117637), [@seans3](https://github.com/seans3)) [SIG API Machinery] 1925 - Reverted NewVolumeManagerReconstruction and SELinuxMountReadWriteOncePod feature gates to disabled by default to resolve a regression of volume reconstruction on kubelet/node restart ([#117752](https://github.com/kubernetes/kubernetes/pull/117752), [@liggitt](https://github.com/liggitt)) [SIG Storage] 1926 - Static pods were taking extra time to be restarted after being updated. Static pods that are waiting to restart were not correctly counted in `kubelet_working_pods`. ([#116995](https://github.com/kubernetes/kubernetes/pull/116995), [@smarterclayton](https://github.com/smarterclayton)) [SIG Node] 1927 - [KCCM] service controller: change the cloud controller manager to make `providerID` a predicate when synchronizing nodes. This change allows load balancer integrations to ensure that the `providerID` is set when configuring 1928 load balancers and targets. ([#117450](https://github.com/kubernetes/kubernetes/pull/117450), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG Cloud Provider and Network] 1929 1930 ### Other (Cleanup or Flake) 1931 1932 - A v2-level info log will be added, which will output the details of the pod being preempted, including victim and preemptor ([#117214](https://github.com/kubernetes/kubernetes/pull/117214), [@HirazawaUi](https://github.com/HirazawaUi)) [SIG Scheduling] 1933 - Structured logging of NamespacedName was inconsistent with klog.KObj. Now both use lower case field names and namespace is optional. ([#117238](https://github.com/kubernetes/kubernetes/pull/117238), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture and Instrumentation] 1934 1935 ## Dependencies 1936 1937 ### Added 1938 _Nothing has changed._ 1939 1940 ### Changed 1941 - github.com/opencontainers/runc: [v1.1.4 → v1.1.6](https://github.com/opencontainers/runc/compare/v1.1.4...v1.1.6) 1942 - k8s.io/kube-openapi: 15aac26 → 8b0f38b 1943 - sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.1.1 → v0.1.2 1944 1945 ### Removed 1946 _Nothing has changed._ 1947 1948 1949 1950 # v1.27.1 1951 1952 1953 ## Downloads for v1.27.1 1954 1955 1956 1957 ### Source Code 1958 1959 filename | sha512 hash 1960 -------- | ----------- 1961 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes.tar.gz) | 01e0cc312fa04847174bf63eb888b0247ee92788801b77d642480226b112be6e3989169b9a51209187878ac6dd9c7475fd6550f16dc34b8bc52ae2f0d82a8830 1962 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-src.tar.gz) | e5b55fe1e6262c60cf14229ac6dabc12b6108c7c75a454aa53919fa779bd9566412bcb31122405faa7326a19b3506a2e21904225bae1d63b23c0479ef909324d 1963 1964 ### Client Binaries 1965 1966 filename | sha512 hash 1967 -------- | ----------- 1968 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-client-darwin-amd64.tar.gz) | a85b973c88f5684d6ea73753b8c6b99b3e64e0cd2507db24b2bd7c25e22b55cf725c6e7ee80795884a34135434bb19b676e3572d587a13d2400ba7ddc5ae4935 1969 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-client-darwin-arm64.tar.gz) | 83aa7154c08bbe92c6850e1c9669f6a074019ec42253b45cf0a29d58526ce7f3c3845f9504266c01cceef5013f3977eed6bd5c7a4926ee3433194c8ea8984e6f 1970 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-client-linux-386.tar.gz) | 0723e0b8a1fdc6aea6028bc2f4e25addd20dca83060c12b8b7869dbd49e9eb852264957383dcf6069b542d4db7a2e3a5c5408091d58709d676afa899df25bce2 1971 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-client-linux-amd64.tar.gz) | 98caa662a63d7f9ba36761caaf997be4d214ea2b921a4387965a67d168b52ea29ae9185de20192f7b4b9169a887beb19d22e5776ff0bb0b68907e177b11a8043 1972 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-client-linux-arm.tar.gz) | 773171a17712112850332effaf64c901b9eace6b52c003eed79032178bbbbc2b9f7ed6725bf95533e574511c70e75cd03ff1b3a1e22bcc3871d50887f04b7121 1973 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-client-linux-arm64.tar.gz) | 9dd09ca0738b1b7e287271cf16f5527d3a1abc7878e4259dc4208f74e82e3db16e5fed07a3dca75550ca531be0c504f6942841ab65e67687a94648e1b0e382a5 1974 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-client-linux-ppc64le.tar.gz) | 976499635c9b7507350edeebff6d997bbff8c9f66aecea55d549eeab51b89bc3e415a703fc49a37f284f8180055d1d36d0722932d7d19729aabb6ed39c08b8ff 1975 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-client-linux-s390x.tar.gz) | ad642b631eab5a68d8c88670f7880d6cafa2fdfb04e6e69e50a7c264b309ed2b04ff63b045f5133db9c3aecd99e7ac556577a74d57a64b705f3c6367d998c323 1976 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-client-windows-386.tar.gz) | bc3a685dd07085119672a6ccabc2dd832a990cf50304eea8396771006ef0bcb1fc8e08b6db9d2f455dc64c5f3e9c48fdb2ff19ec7802f35257742465fbc083a7 1977 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-client-windows-amd64.tar.gz) | 55d2a9e5ca066166592d778697d657eb04d828ffd6e15b177a399b44574dcae972d109e83bc2e33f0effe679e61538d5b1b4fea66ec1d812e678a9b1c50494fc 1978 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-client-windows-arm64.tar.gz) | adc10b48334f2a4fae6d7ace0e1485b8a874f98187b3b5491ca056b25f9096b58a0e3e37f096c4e9045bd7c56aa7efb4d2544570153864288095ddf6d0515172 1979 1980 ### Server Binaries 1981 1982 filename | sha512 hash 1983 -------- | ----------- 1984 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-server-linux-amd64.tar.gz) | 0752a63510a6d0ae06d8e24e42faa1641e093c25061f60b4c8355f735788ddd4bd25ae2a47a796064b6eb2ea15f0d451852fddc3c1b82b0e1afd279df700cea2 1985 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-server-linux-arm64.tar.gz) | 63d086447a7abcd37a7d4e8d36609dc1a8217e6a7d2f45efd6bf35444321bf96f181d621d7a12224e55034fae1ece62a6c3109204dfd3b40577afb7c61a3ead7 1986 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-server-linux-ppc64le.tar.gz) | 0b477fb3af66976f7aafba0b97c089e5dda8c21fc314ba3fb2d54ed1ff453389af8d3aba6bbe14fdd8db02f1a309bff2291abbdbdd64b2174878bec6997a889b 1987 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-server-linux-s390x.tar.gz) | bf198f3099663ead089c42221f60d4dee53c6ac0cefab37e316d2b6449a46a1708426782aff946f6cb735ab7141f61df1e33144115845aa277c45b1ea8741a6c 1988 1989 ### Node Binaries 1990 1991 filename | sha512 hash 1992 -------- | ----------- 1993 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-node-linux-amd64.tar.gz) | 484993a2478aa7d734fe711789f661b74152a96eff540b883e8603a92d91b89d870c4bfd0b482e72fd0ab2a95b7766725a0e8627676e99d051db0bf7c97d5791 1994 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-node-linux-arm64.tar.gz) | 1d0d9a393b513f32e35fd609fbdd61179402421674a51ceb25b6516f2d5a5d596a451a285a038e4fe31e175727b75e30ff2e9bb368a7aa82b363018634b55a6d 1995 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-node-linux-ppc64le.tar.gz) | 00c40568cc8e255b557f9a69f704f393d9ad8cfce75aaadc4df5485551106064d62fa58a6bb8a2bacd4cc363c09424eeb0acc156fe7172df057df46f4cc57109 1996 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-node-linux-s390x.tar.gz) | 0615a6be0ea7ca1c90418690633013872f5f56404a6eecfedb677276b2653e22f600ad3863c80b592ff7ff2107fc4ce407ab526793464abcb0f93b65d671f6dc 1997 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.1/kubernetes-node-windows-amd64.tar.gz) | 87ab85b2d784124c945c4b92ff037ecdc12800176c22d7c06d38285386d32b3fc4fea0b00d6dcdd3db77f4b67123aaeb1dc62cca6c9ff381c0d2155ee4c1ec4e 1998 1999 ### Container Images 2000 2001 All container images are available as manifest lists and support the described 2002 architectures. It is also possible to pull a specific architecture directly by 2003 adding the "-$ARCH" suffix to the container image name. 2004 2005 name | architectures 2006 ---- | ------------- 2007 [registry.k8s.io/conformance:v1.27.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 2008 [registry.k8s.io/kube-apiserver:v1.27.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 2009 [registry.k8s.io/kube-controller-manager:v1.27.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 2010 [registry.k8s.io/kube-proxy:v1.27.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 2011 [registry.k8s.io/kube-scheduler:v1.27.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 2012 2013 ## Changelog since v1.27.0 2014 2015 ## Changes by Kind 2016 2017 ### Bug or Regression 2018 2019 - Fixes a regression in 1.27.0 that resulted in "missing metadata in converted object" errors when modifying objects for multi-version custom resource definitions with a conversion strategy of `None`. ([#117305](https://github.com/kubernetes/kubernetes/pull/117305), [@ncdc](https://github.com/ncdc)) [SIG API Machinery] 2020 - Known issue: fixed that the PreEnqueue plugins aren't executed for Pods proceeding to activeQ through backoffQ. ([#117194](https://github.com/kubernetes/kubernetes/pull/117194), [@sanposhiho](https://github.com/sanposhiho)) [SIG Release and Scheduling] 2021 - Setting a mirror pod's phase to Succeeded or Failed can prevent the corresponding static pod from restarting due mutation of a Kubelet cache. ([#116482](https://github.com/kubernetes/kubernetes/pull/116482), [@smarterclayton](https://github.com/smarterclayton)) [SIG Node] 2022 2023 ## Dependencies 2024 2025 ### Added 2026 _Nothing has changed._ 2027 2028 ### Changed 2029 _Nothing has changed._ 2030 2031 ### Removed 2032 _Nothing has changed._ 2033 2034 2035 2036 # v1.27.0 2037 2038 [Documentation](https://docs.k8s.io) 2039 2040 ## Downloads for v1.27.0 2041 2042 ### Source Code 2043 2044 filename | sha512 hash 2045 -------- | ----------- 2046 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes.tar.gz) | `78dbb72f270ab70d0ad70d2da6727eed64bdc54a11892fd6c2157882865f93ab41fedf5fced2f3e71dc0eda5679d06884c262a7960277face4510eed30a3678e` 2047 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-src.tar.gz) | `4080d2452ff4fd316a823c1c495e7e9a39d364e24225020a91bf0bc0289c3ef90ade746ef5a05172d6e355af9014cbddf144ca71839ec65fc57f3eaf553fb7ab` 2048 2049 ### Client Binaries 2050 2051 filename | sha512 hash 2052 -------- | ----------- 2053 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-client-darwin-amd64.tar.gz) | `faa0e340f1829ba694326c6ff71f8527249af03d8d78f784289be4122b6ceb0829fa70ee1eab25f64bbb9f5972ae30f3cfdfefe617ce3360b2897d4f6259bd81` 2054 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-client-darwin-arm64.tar.gz) | `9c4fe911e41ab9c355d39b21d77372bd2a070cc376fdfceac362eb6cc3e8f616754cc61593ea140030a81961b40fa6344b7628d7a4edf7e6dcdef29711bbd064` 2055 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-client-linux-386.tar.gz) | `ba522302624ac7b3a9e5c1a5c80857bdde4c47b44394dbfa8da597ee07b2e1975409e8eac514516329826f593fa82d143a03185ef3c30a97cb1f8011ffb96060` 2056 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-client-linux-amd64.tar.gz) | `3ea3b4a866815cc08f1897771d63bf4e4f75b481e1d70417e34581d079a58b647b077382a264224acb52e6a76474d6e92efd22a0d4f7fdfde0c244006beef76a` 2057 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-client-linux-arm.tar.gz) | `5fd69b567ab835b35b8156c66eec02ee109f731acf7d68250b05a1f43a56458be68654f95107cd28859b4b8e73d5f64c78aca2f4b1dc74fff3ca8d942c60d2db` 2058 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-client-linux-arm64.tar.gz) | `f20e579ab71b1cdace22bec0a11314ec44534f0e7040a436c63eb18a47d839e070e5134917ef2b531fe7b8bfee12133fa14de4dac7c0ac7798b4d9fa5679f193` 2059 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-client-linux-ppc64le.tar.gz) | `c56a2d021b1a99fde0871bbe8e71427b8c4f03847e2bf6cbf526a71f6d7d1060481bd0f00d7dce2bd8afa1c969e02422ac1a2283ab58facd3db43f0713c10212` 2060 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-client-linux-s390x.tar.gz) | `4ad879e2ab2b952cc0fdfcd738b6264db60b72174057947737ab07f40dd0c4c727fb042c24323be3accaf8fbc320973821c915fd1bb3c4ea8a22eb16c03ce4a3` 2061 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-client-windows-386.tar.gz) | `befab85193ce017c647b391606d45d3626e71bf7ea6bbca7f955985e0f505a9c8ca27898ee41c4f3124b7a3788b4a4eab602994415b24b8b0bfc154b938c547e` 2062 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-client-windows-amd64.tar.gz) | `0fbba06f00713c32c74d9b62733dfb83a597e3a33ee62bfb3a93de7cd883c460a0c56f25cd1577dd7923ef73312788d9b805020297fcf784722783ac1890253f` 2063 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-client-windows-arm64.tar.gz) | `b7edbb25dbbf5b0bd9839f93d43f08262cf5f6e138599c034da0ff402c763a0cff18c1e9b42631d250389ff6b865dec4aa35b577fac75a51e65c825ec8efe234` 2064 2065 ### Server Binaries 2066 2067 filename | sha512 hash 2068 -------- | ----------- 2069 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-server-linux-amd64.tar.gz) | `9726ba173084adade1c1b0de014ccedc5dc5317a80076cbf20d15fdcd6296dd1e9efcf1b1349456757a5c186fa52293f60411397cb6c79765adff335391add9e` 2070 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-server-linux-arm64.tar.gz) | `657726cd4ae93a9696371717a280689af76c488586c49273086bef4e712228025c6e179c2a5c93b8a33640ac42347dd821053485659f9383dbb1b3e2a17f022c` 2071 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-server-linux-ppc64le.tar.gz) | `2ff2464453ca8ca2e9e4a024ad730c12fa506379b4a7bd749431fe64ddb13c2dccea05c37dba119799940eac2dc57635e9d70b908d1786a3cdc031a5b70504a5` 2072 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-server-linux-s390x.tar.gz) | `44ce8faa8710832593b656e3b053207e05def556ad821b8e08e0c2f33b73f280a455fbef933ea70e9efbe8a085ef7deb47139d4e9af43417d8242029a2b60c35` 2073 2074 ### Node Binaries 2075 2076 filename | sha512 hash 2077 -------- | ----------- 2078 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-node-linux-amd64.tar.gz) | `812f5adfafe778200558678af6510f9f315f75b46f7bb4482e92b57d1bed08c4b7f236850bf8e4dcac7018879736d614fc482e3641da06c6f8d0554af4f4ef45` 2079 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-node-linux-arm64.tar.gz) | `a5e353205a93ebaade50dfd652ee5623b28ee4f6fd8ca949fb2303d708468026ba66c10b70f1761f4099706baad8959993a9ec0053259b94b5f4793aeda27adb` 2080 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-node-linux-ppc64le.tar.gz) | `b5dbcf8131bad7ef897c64ac482599ac3bedc99e5c211d189e0566543a13c89d0812d7a7b1e4e9655d8d884ee24dc553616c96cf74df19f4d2cce0ea552015ce` 2081 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-node-linux-s390x.tar.gz) | `81662d6e14a7500bf2714ae3c0b9070031ea5ef2628c84aaf2a8fe96fed07a52c3677babc74247160cb71ce1fc77b728f549f2c18dfc7dc6a65dfadb7ec17cd7` 2082 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0/kubernetes-node-windows-amd64.tar.gz) | `a8b1a53ba6ee416fb9939961d8290ae1f5e0c21117f1cd6cebbc9ba01cafa235730a2887fd91b92552d07eec78aeb65aefac92899eaf9b2f4f195c61f20d05d7` 2083 2084 ### Container Images 2085 2086 All container images are available as manifest lists and support the described 2087 architectures. It is also possible to pull a specific architecture directly by 2088 adding the "-$ARCH" suffix to the container image name. 2089 name | architectures 2090 ---- | ------------- 2091 [registry.k8s.io/conformance:v1.27.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 2092 [registry.k8s.io/kube-apiserver:v1.27.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 2093 [registry.k8s.io/kube-controller-manager:v1.27.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 2094 [registry.k8s.io/kube-proxy:v1.27.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 2095 [registry.k8s.io/kube-scheduler:v1.27.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 2096 2097 ## Changelog since v1.26.0 2098 2099 ## Known Issues 2100 2101 ### The PreEnqueue extension point doesn't work for Pods going to activeQ through backoffQ 2102 2103 In v1.26.0, we've found the bug that the PreEnqueue extension point doesn't work for Pods going to activeQ through backoffQ. 2104 It doesn't affect any of the vanilla Kubernetes behavior, but, may break custom PreEnqueue plugins. 2105 2106 The cause PR is [reverted](https://github.com/kubernetes/kubernetes/pull/117194) by v1.26.1. 2107 2108 ## Urgent Upgrade Notes 2109 2110 ### (No, really, you MUST read this before you upgrade) 2111 2112 - 'The `IPv6DualStack` feature gate for external cloud providers was removed. 2113 (The feature became GA in 1.23 and the gate was removed for all other 2114 components several releases ago.) If you were still manually 2115 enabling it you must stop now.' ([#116255](https://github.com/kubernetes/kubernetes/pull/116255), [@danwinship](https://github.com/danwinship)) 2116 - Give terminal phase correctly to all pods that will not be restarted. 2117 2118 In particular, assign Failed phase to pods which are deleted while pending. Also, assign a terminal 2119 phase (Succeeded or Failed, depending on the exit statuses of the pod containers) to pods which 2120 are deleted while running. 2121 2122 This fixes the issue for jobs using pod failure policy (with JobPodFailurePolicy and PodDisruptionConditions 2123 feature gates enabled) that their pods could get stuck in the pending phase when deleted. 2124 2125 Users who maintain controllers which relied on the fact that pods with RestartPolicy=Always 2126 never enter the Succeeded phase may need to adapt their controllers. This is because as a consequence of 2127 the change pods which use RestartPolicy=Always may end up in the Succeeded phase in two scenarios: pod 2128 deletion and graceful node shutdown. ([#115331](https://github.com/kubernetes/kubernetes/pull/115331), [@mimowo](https://github.com/mimowo)) [SIG Cloud Provider, Node and Testing] 2129 - The in-tree cloud provider for AWS (and the EBS storage plugin) has now been removed. Please use the external cloud provider and CSI driver from https://github.com/kubernetes/cloud-provider-aws instead. ([#115838](https://github.com/kubernetes/kubernetes/pull/115838), [@torredil](https://github.com/torredil)) [SIG API Machinery, Apps, Architecture, Auth, CLI , Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release, Scheduling, Storage, and Testing] 2130 2131 ## Changes by Kind 2132 2133 ### Deprecation 2134 2135 - Added a [warning](https://k8s.io/blog/2020/09/03/warnings/) response when handling requests that set the deprecated `spec.externalID` field for a Node. ([#115944](https://github.com/kubernetes/kubernetes/pull/115944), [@SataQiu](https://github.com/SataQiu)) [SIG Node] 2136 - Added warnings to the Services API. Kubernetes now warns for Services in the case of: 2137 - IPv4 addresses with leading zeros 2138 - IPv6 address in non-canonical format (RFC 5952) ([#114505](https://github.com/kubernetes/kubernetes/pull/114505), [@aojea](https://github.com/aojea)) 2139 - Support for the alpha seccomp annotations `seccomp.security.alpha.kubernetes.io/pod` and `container.seccomp.security.alpha.kubernetes.io` were deprecated since v1.19, now have been completely removed. The seccomp fields are no longer auto-populated when pods with seccomp annotations are created. Pods should use the corresponding pod or container `securityContext.seccompProfile` field instead. ([#114947](https://github.com/kubernetes/kubernetes/pull/114947), [@saschagrunert](https://github.com/saschagrunert)) 2140 - The `SecurityContextDeny` admission plugin is going deprecated and will be removed in future versions. ([#115879](https://github.com/kubernetes/kubernetes/pull/115879), [@mtardy](https://github.com/mtardy)) 2141 2142 ### API Change 2143 2144 - A fix in the `resource.k8s.io/v1alpha1/ResourceClaim` API avoids harmless (?) ".status.reservedFor: element 0: associative list without keys has an element that's a map type" errors in the apiserver. Validation now rejects the incorrect reuse of the same UID in different entries. ([#115354](https://github.com/kubernetes/kubernetes/pull/115354), [@pohly](https://github.com/pohly)) 2145 - A terminating pod on a node that is not caused by preemption no longer prevents `kube-scheduler` from preempting pods on that node 2146 - Rename `PreemptionByKubeScheduler` to `PreemptionByScheduler` ([#114623](https://github.com/kubernetes/kubernetes/pull/114623), [@Huang-Wei](https://github.com/Huang-Wei)) 2147 - API: resource.k8s.io/v1alpha1.PodScheduling was renamed to resource.k8s.io/v1alpha2.PodSchedulingContext. ([#116556](https://github.com/kubernetes/kubernetes/pull/116556), [@pohly](https://github.com/pohly)) [SIG API Machinery, Apps, Auth, CLI, Node, Scheduling and Testing] 2148 - Added CEL runtime cost calculation into ValidatingAdmissionPolicy, matching the evaluation cost 2149 restrictions that already apply to CustomResourceDefinition. 2150 If rule evaluation uses more compute than the limit, the API server aborts the evaluation and the 2151 admission check that was being performed is aborted; the `failurePolicy` for the ValidatingAdmissionPolicy 2152 determines the outcome. ([#115747](https://github.com/kubernetes/kubernetes/pull/115747), [@cici37](https://github.com/cici37)) 2153 - Added `auditAnnotations` to `ValidatingAdmissionPolicy`, enabling CEL to be used to add audit annotations to request audit events. 2154 Added `validationActions` to `ValidatingAdmissionPolicyBinding`, enabling validation failures to be handled by any combination of the warn, audit and deny enforcement actions. ([#115973](https://github.com/kubernetes/kubernetes/pull/115973), [@jpbetz](https://github.com/jpbetz)) 2155 - Added `messageExpression` field to `ValidationRule`. ([#115969](https://github.com/kubernetes/kubernetes/pull/115969), [@DangerOnTheRanger](https://github.com/DangerOnTheRanger)) 2156 - Added `messageExpression` to `ValidatingAdmissionPolicy`, to set custom failure message via CEL expression. ([#116397](https://github.com/kubernetes/kubernetes/pull/116397), [@jiahuif](https://github.com/jiahuif)) [SIG API Machinery] 2157 - Added a new IPAddress object kind 2158 - Added a new ClusterIP allocator. The new allocator removes previous Service CIDR block size limitations for IPv4, and limits IPv6 size to a /64 ([#115075](https://github.com/kubernetes/kubernetes/pull/115075), [@aojea](https://github.com/aojea)) [SIG API Machinery, Apps, Auth, CLI, Cluster Lifecycle, Network and Testing] 2159 - Added a new alpha API: ClusterTrustBundle (`certificates.k8s.io/v1alpha1`). 2160 A ClusterTrustBundle may be used to distribute [X.509](https://www.itu.int/rec/T-REC-X.509) trust anchors to workloads within the cluster. ([#113218](https://github.com/kubernetes/kubernetes/pull/113218), [@ahmedtd](https://github.com/ahmedtd)) [SIG API Machinery, Auth and Testing] 2161 - Added authorization check support to the CEL expressions of ValidatingAdmissionPolicy via a `authorizer` 2162 variable with expressions. The new variable provides a builder that allows expressions such `authorizer.group('').resource('pods').check('create').allowed()`. ([#116054](https://github.com/kubernetes/kubernetes/pull/116054), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery and Testing] 2163 - Added matchConditions field to ValidatingAdmissionPolicy and enabled support for CEL based custom match criteria. ([#116350](https://github.com/kubernetes/kubernetes/pull/116350), [@maxsmythe](https://github.com/maxsmythe)) 2164 - Added new option to the `InterPodAffinity` scheduler plugin to ignore existing 2165 pods` preferred inter-pod affinities if the incoming pod has no preferred inter-pod 2166 affinities. This option can be used as an optimization for higher scheduling throughput 2167 (at the cost of an occasional pod being scheduled non-optimally/violating existing 2168 pods preferred inter-pod affinities). To enable this scheduler option, set the 2169 `InterPodAffinity` scheduler plugin arg `ignorePreferredTermsOfExistingPods: true` ([#114393](https://github.com/kubernetes/kubernetes/pull/114393), [@danielvegamyhre](https://github.com/danielvegamyhre)) 2170 - Added the `MatchConditions` field to `ValidatingWebhookConfiguration` and `MutatingWebhookConfiguration` for the v1beta and v1 apis. 2171 2172 The `AdmissionWebhookMatchConditions` featuregate is now in Alpha ([#116261](https://github.com/kubernetes/kubernetes/pull/116261), [@ivelichkovich](https://github.com/ivelichkovich)) [SIG API Machinery and Testing] 2173 - Added validation to ensure that if `service.kubernetes.io/topology-aware-hints` and `service.kubernetes.io/topology-mode` annotations are both set, they are set to the same value.Also Added deprecation warning if `service.kubernetes.io/topology-aware-hints` annotation is used. ([#116612](https://github.com/kubernetes/kubernetes/pull/116612), [@robscott](https://github.com/robscott)) 2174 - Added warnings about workload resources (Pods, ReplicaSets, Deployments, Jobs, CronJobs, or ReplicationControllers) whose names are not valid DNS labels. ([#114412](https://github.com/kubernetes/kubernetes/pull/114412), [@thockin](https://github.com/thockin)) 2175 - Adds feature gate `NodeLogQuery` which provides cluster administrators with a streaming view of logs using kubectl without them having to implement a client side reader or logging into the node. ([#96120](https://github.com/kubernetes/kubernetes/pull/96120), [@LorbusChris](https://github.com/LorbusChris)) 2176 - Api: validation of a `PodSpec` now rejects invalid `ResourceClaim` and `ResourceClaimTemplate` names. For a pod, the name generated for the `ResourceClaim` when using a template also must be valid. ([#116576](https://github.com/kubernetes/kubernetes/pull/116576), [@pohly](https://github.com/pohly)) 2177 - Bump default API QPS limits for Kubelet. ([#116121](https://github.com/kubernetes/kubernetes/pull/116121), [@wojtek-t](https://github.com/wojtek-t)) 2178 - Enabled the `StatefulSetStartOrdinal` feature gate in beta ([#115260](https://github.com/kubernetes/kubernetes/pull/115260), [@pwschuurman](https://github.com/pwschuurman)) 2179 - Enabled usage of `kube-proxy`, `kube-scheduler` and `kubelet` HTTP APIs for changing the logging 2180 verbosity at runtime for JSON output. ([#114609](https://github.com/kubernetes/kubernetes/pull/114609), [@pohly](https://github.com/pohly)) 2181 - Encryption of API Server at rest configuration now allows the use of wildcards in the list of resources. For example, *.* can be used to encrypt all resources, including all current and future custom resources. ([#115149](https://github.com/kubernetes/kubernetes/pull/115149), [@nilekhc](https://github.com/nilekhc)) 2182 - Extended the kubelet's PodResources API to include resources allocated in `ResourceClaims` via `DynamicResourceAllocation`. Additionally, added a new `Get()` method to query a specific pod for its resources. ([#115847](https://github.com/kubernetes/kubernetes/pull/115847), [@moshe010](https://github.com/moshe010)) [SIG Node] 2183 - Forbid to set matchLabelKeys when labelSelector is not set in topologySpreadConstraints ([#116535](https://github.com/kubernetes/kubernetes/pull/116535), [@denkensk](https://github.com/denkensk)) 2184 - GCE does not support LoadBalancer Services with ports with different protocols (TCP and UDP) ([#115966](https://github.com/kubernetes/kubernetes/pull/115966), [@aojea](https://github.com/aojea)) [SIG Apps and Cloud Provider] 2185 - GRPC probes are now a GA feature. `GRPCContainerProbe` feature gate was locked to default value and will be removed in v1.29. If you were setting this feature gate explicitly, please remove it now. ([#116233](https://github.com/kubernetes/kubernetes/pull/116233), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) 2186 - Graduated `Kubelet Topology Manager` to GA. ([#116093](https://github.com/kubernetes/kubernetes/pull/116093), [@swatisehgal](https://github.com/swatisehgal)) 2187 - Graduated `KubeletTracing` to beta, which means that the feature gate is now enabled by default. ([#115750](https://github.com/kubernetes/kubernetes/pull/115750), [@saschagrunert](https://github.com/saschagrunert)) 2188 - Graduated seccomp profile defaulting to GA. 2189 2190 Set the kubelet `--seccomp-default` flag or `seccompDefault` kubelet configuration field to `true` to make pods on that node default to using the `RuntimeDefault` seccomp profile. 2191 2192 Enabling seccomp for your workload can have a negative performance impact depending on the kernel and container runtime version in use. 2193 2194 Guidance for identifying and mitigating those issues is outlined in the Kubernetes [seccomp tutorial](https://k8s.io/docs/tutorials/security/seccomp). ([#115719](https://github.com/kubernetes/kubernetes/pull/115719), [@saschagrunert](https://github.com/saschagrunert)) [SIG API Machinery, Node, Storage and Testing] 2195 - Graduated the container resource metrics feature on `HPA` to beta. ([#116046](https://github.com/kubernetes/kubernetes/pull/116046), [@sanposhiho](https://github.com/sanposhiho)) 2196 - Implemented API streaming for the `watch-cache` 2197 2198 When `sendInitialEvents` `ListOption` is set together with `watch=true`, it begins the watch stream with synthetic init events followed by a synthetic "Bookmark" after which the server continues streaming events. ([#110960](https://github.com/kubernetes/kubernetes/pull/110960), [@p0lyn0mial](https://github.com/p0lyn0mial)) 2199 - Introduced API for streaming. 2200 2201 Added `SendInitialEvents` field to the `ListOptions`. When the new option is set together with `watch=true`, it begins the watch stream with synthetic init events followed by a synthetic "Bookmark" after which the server continues streaming events. ([#115402](https://github.com/kubernetes/kubernetes/pull/115402), [@p0lyn0mial](https://github.com/p0lyn0mial)) 2202 - Introduced a breaking change to the `resource.k8s.io` API in its `AllocationResult` struct. This change allows a kubelet plugin for the `DynamicResourceAllocation` feature to service allocations from multiple resource driver controllers. ([#116332](https://github.com/kubernetes/kubernetes/pull/116332), [@klueska](https://github.com/klueska)) 2203 - Introduces new alpha functionality to the reflector, allowing user to enable API streaming. 2204 2205 To activate this feature, users can set the `ENABLE_CLIENT_GO_WATCH_LIST_ALPHA` environmental variable. 2206 It is important to note that the server must support streaming for this feature to function properly. 2207 If streaming is not supported by the server, the reflector will revert to the previous method 2208 of obtaining data through LIST/WATCH semantics. ([#110772](https://github.com/kubernetes/kubernetes/pull/110772), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery] 2209 - K8s.io/client-go/tools/record.EventBroadcaster: after Shutdown() is called, the broadcaster now gives up immediately after a failure to write an event to a sink. Previously it tried multiple times for 12 seconds in a goroutine. ([#115514](https://github.com/kubernetes/kubernetes/pull/115514), [@pohly](https://github.com/pohly)) [SIG API Machinery] 2210 - K8s.io/component-base/logs: usage of the pflag values in a normal Go flag set led to panics when printing the help message ([#114680](https://github.com/kubernetes/kubernetes/pull/114680), [@pohly](https://github.com/pohly)) [SIG Instrumentation] 2211 - Kubeadm: explicitly set `priority` for static pods with `priorityClassName: system-node-critical` ([#114338](https://github.com/kubernetes/kubernetes/pull/114338), [@champtar](https://github.com/champtar)) [SIG Cluster Lifecycle] 2212 - Kubelet: a "maxParallelImagePulls" field can now be specified in the kubelet configuration file to control how many image pulls the kubelet can perform in parallel. ([#115220](https://github.com/kubernetes/kubernetes/pull/115220), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG API Machinery, Node and Scalability] 2213 - Kubelet: changed `MemoryThrottlingFactor` default value to `0.9` and formulas to calculate `memory.high` ([#115371](https://github.com/kubernetes/kubernetes/pull/115371), [@pacoxu](https://github.com/pacoxu)) 2214 - Kubernetes components that perform leader election now only support using `Leases` for this. ([#114055](https://github.com/kubernetes/kubernetes/pull/114055), [@aimuz](https://github.com/aimuz)) 2215 - Migrated the `DaemonSet` controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging) ([#113622](https://github.com/kubernetes/kubernetes/pull/113622), [@249043822](https://github.com/249043822)) 2216 - New `service.kubernetes.io/topology-mode` annotation has been introduced as a replacement for the `service.kubernetes.io/topology-aware-hints` annotation. 2217 - `service.kubernetes.io/topology-aware-hints` annotation has been deprecated. 2218 - kube-proxy now accepts any value that is not "disabled" for these annotations, enabling custom implementation-specific and/or future built-in heuristics to be used. ([#116522](https://github.com/kubernetes/kubernetes/pull/116522), [@robscott](https://github.com/robscott)) [SIG Apps, Network and Testing] 2219 - Pods owned by a Job now uses the labels `batch.kubernetes.io/job-name` and `batch.kubernetes.io/controller-uid`. 2220 The legacy labels `job-name` and `controller-uid` are still added for compatibility. ([#114930](https://github.com/kubernetes/kubernetes/pull/114930), [@kannon92](https://github.com/kannon92)) 2221 - Promoted `CronJobTimeZone` feature to GA ([#115904](https://github.com/kubernetes/kubernetes/pull/115904), [@soltysh](https://github.com/soltysh)) 2222 - Promoted `SelfSubjectReview` to Beta ([#116274](https://github.com/kubernetes/kubernetes/pull/116274), [@nabokihms](https://github.com/nabokihms)) [SIG API Machinery, Auth, CLI and Testing] 2223 - Relaxed API validation to allow pod node selector to be mutable for gated pods (additions only, no deletions or mutations). ([#116161](https://github.com/kubernetes/kubernetes/pull/116161), [@danielvegamyhre](https://github.com/danielvegamyhre)) 2224 - Remove `kubernetes.io/grpc` standard appProtocol ([#116866](https://github.com/kubernetes/kubernetes/pull/116866), [@LiorLieberman](https://github.com/LiorLieberman)) [SIG API Machinery and Apps] 2225 - Remove deprecated `--enable-taint-manager` and `--pod-eviction-timeout` CLI ([#115840](https://github.com/kubernetes/kubernetes/pull/115840), [@atosatto](https://github.com/atosatto)) 2226 - Removed support for the `v1alpha1` kubeletplugin API of `DynamicResourceManagement`. All plugins must be updated to `v1alpha2` in order to function properly. ([#116558](https://github.com/kubernetes/kubernetes/pull/116558), [@klueska](https://github.com/klueska)) 2227 - The API server now re-uses data encryption keys while the kms v2 plugin key ID is stable. Data encryption keys are still randomly generated on server start but an atomic counter is used to prevent nonce collisions. ([#116155](https://github.com/kubernetes/kubernetes/pull/116155), [@enj](https://github.com/enj)) 2228 - The PodDisruptionBudget `spec.unhealthyPodEvictionPolicy` field has graduated to beta and is enabled by default. On servers with the feature enabled, this field may be set to `AlwaysAllow` to always allow unhealthy pods covered by the PodDisruptionBudget to be evicted. ([#115363](https://github.com/kubernetes/kubernetes/pull/115363), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Apps, Auth and Node] 2229 - The `DownwardAPIHugePages` kubelet feature graduated to stable / GA. ([#115721](https://github.com/kubernetes/kubernetes/pull/115721), [@saschagrunert](https://github.com/saschagrunert)) [SIG Apps and Node] 2230 - The following feature gates for volume expansion GA features have now been removed and must no longer be referenced in `--feature-gates` flags: `ExpandCSIVolumes`, `ExpandInUsePersistentVolumes`, `ExpandPersistentVolumes` ([#113942](https://github.com/kubernetes/kubernetes/pull/113942), [@mengjiao-liu](https://github.com/mengjiao-liu)) 2231 - The list-type of the alpha `resourceClaims` field introduced to `Pods` in `1.26.0` was modified from `set` to `map`, resolving an incompatibility with use of this schema in `CustomResourceDefinitions` and with server-side apply. ([#114585](https://github.com/kubernetes/kubernetes/pull/114585), [@JoelSpeed](https://github.com/JoelSpeed)) 2232 - Updated API reference for Requests, specifying they must not exceed limits ([#115434](https://github.com/kubernetes/kubernetes/pull/115434), [@ehashman](https://github.com/ehashman)) 2233 - Updated `KMSv2` to beta ([#115123](https://github.com/kubernetes/kubernetes/pull/115123), [@aramase](https://github.com/aramase)) 2234 - Updated: Redefine AppProtocol field description and add new standard values ([#115433](https://github.com/kubernetes/kubernetes/pull/115433), [@LiorLieberman](https://github.com/LiorLieberman)) [SIG API Machinery, Apps and Network] 2235 - `/metrics/slis` is now available for control plane components allowing you to scrape health check metrics. ([#114997](https://github.com/kubernetes/kubernetes/pull/114997), [@Richabanker](https://github.com/Richabanker)) 2236 - `APIServerTracing` feature gate is now enabled by default. Tracing in the API 2237 Server is still disabled by default, and requires a config file to enable. ([#116144](https://github.com/kubernetes/kubernetes/pull/116144), [@dashpole](https://github.com/dashpole)) 2238 - `NodeResourceFit` and `NodeResourcesBalancedAllocation` implement the `PreScore` 2239 extension point for a more performant calculation. ([#115655](https://github.com/kubernetes/kubernetes/pull/115655), [@tangwz](https://github.com/tangwz)) 2240 - `PodSchedulingReadiness` is graduated to beta. ([#115815](https://github.com/kubernetes/kubernetes/pull/115815), [@Huang-Wei](https://github.com/Huang-Wei)) 2241 - `PodSpec.Container.Resources` became mutable for CPU and memory resource types. 2242 - `PodSpec.Container.ResizePolicy` (new object) gives users control over how their containers are resized. 2243 - `PodStatus.Resize` status describes the state of a requested Pod resize. 2244 - `PodStatus.ResourcesAllocated` describes node resources allocated to Pod. 2245 - `PodStatus.Resources` describes node resources applied to running containers by CRI. 2246 - `UpdateContainerResources` CRI API now supports both Linux and Windows. ([#102884](https://github.com/kubernetes/kubernetes/pull/102884), [@vinaykul](https://github.com/vinaykul)) 2247 - `SELinuxMountReadWriteOncePod` graduated to Beta. ([#116425](https://github.com/kubernetes/kubernetes/pull/116425), [@jsafrane](https://github.com/jsafrane)) 2248 - `StatefulSetAutoDeletePVC` feature gate promoted to beta. ([#116501](https://github.com/kubernetes/kubernetes/pull/116501), [@mattcary](https://github.com/mattcary)) 2249 - `StatefulSet` names must be DNS labels, rather than subdomains. Any `StatefulSet` 2250 which took advantage of subdomain validation (by having dots in the name) can't 2251 possibly have worked, because we eventually set `pod.spec.hostname` from the `StatefulSetName`, 2252 and that is validated as a DNS label. ([#114172](https://github.com/kubernetes/kubernetes/pull/114172), [@thockin](https://github.com/thockin)) 2253 - `ValidatingAdmissionPolicy` now provides a status field that contains results of type checking the validation expression. 2254 The type checking is fully informational, and the behavior of the policy is unchanged. ([#115668](https://github.com/kubernetes/kubernetes/pull/115668), [@jiahuif](https://github.com/jiahuif)) 2255 - `cacheSize` field in `EncryptionConfiguration` is not supported for KMSv2 provider ([#113121](https://github.com/kubernetes/kubernetes/pull/113121), [@aramase](https://github.com/aramase)) 2256 - `k8s.io/component-base/logs` now also supports adding command line flags to a `flag.FlagSet`. ([#114731](https://github.com/kubernetes/kubernetes/pull/114731), [@pohly](https://github.com/pohly)) 2257 - `kubelet`: migrated `--container-runtime-endpoint` and `--image-service-endpoint` 2258 to kubelet config ([#112136](https://github.com/kubernetes/kubernetes/pull/112136), [@pacoxu](https://github.com/pacoxu)) 2259 - `resource.k8s.io/v1alpha1` was replaced with `resource.k8s.io/v1alpha2`. Before 2260 upgrading a cluster, all objects in resource.k8s.io/v1alpha1 (ResourceClaim, ResourceClaimTemplate, 2261 ResourceClass, PodScheduling) must be deleted. The changes are internal, so 2262 YAML files which create pods and resource claims don't need changes except for 2263 the newer `apiVersion`. ([#116299](https://github.com/kubernetes/kubernetes/pull/116299), [@pohly](https://github.com/pohly)) 2264 - `volumes`: `resource.claims` is now cleared for PVC specs during create or update of a pod spec with inline PVC template or of a PVC because it has no effect. ([#115928](https://github.com/kubernetes/kubernetes/pull/115928), [@pohly](https://github.com/pohly)) 2265 2266 ### Feature 2267 2268 - A new client side metric `rest_client_request_retries_total` has been added that tracks the number of retries sent to the server, partitioned by status code, verb and host ([#108396](https://github.com/kubernetes/kubernetes/pull/108396), [@tkashem](https://github.com/tkashem)) 2269 - A new feature was enabled to improve the performance of the iptables mode of `kube-proxy` in large clusters. No action was required, however: 2270 2271 1. If you experienced problems with Services not syncing to iptables correctly, you can disable the feature by passing `--feature-gates=MinimizeIPTablesRestore=false` to kube-proxy (and file a bug if this fixes it). (This might also be detected by seeing the value of kube-proxy's `sync_proxy_rules_iptables_partial_restore_failures_total` metric rising.) 2272 2. If you were previously overriding the kube-proxy configuration for performance reasons, this may no longer be necessary. See https://kubernetes.io/docs/reference/networking/virtual-ips/#optimizing-iptables-mode-performance. ([#115138](https://github.com/kubernetes/kubernetes/pull/115138), [@danwinship](https://github.com/danwinship)) 2273 - API validation relaxed allowing Indexed Jobs to be scaled up/down by changing parallelism and completions in tandem, such that parallelism == completions. ([#115236](https://github.com/kubernetes/kubernetes/pull/115236), [@danielvegamyhre](https://github.com/danielvegamyhre)) [SIG Apps and Testing] 2274 - Added "general", "baseline", and "restricted" debugging profiles for kubectl debug. ([#114280](https://github.com/kubernetes/kubernetes/pull/114280), [@sding3](https://github.com/sding3)) [SIG CLI] 2275 - Added "netadmin" debugging profiles for kubectl debug. ([#115712](https://github.com/kubernetes/kubernetes/pull/115712), [@wedaly](https://github.com/wedaly)) [SIG CLI] 2276 - Added `--output plaintext-openapiv2` argument to kubectl explain to use old openapiv2 `explain` implementation. ([#115480](https://github.com/kubernetes/kubernetes/pull/115480), [@alexzielenski](https://github.com/alexzielenski)) 2277 - Added `NewVolumeManagerReconstruction` feature gate and enabled it by default to enable updated discovery of mounted volumes during kubelet startup. Please watch for kubelet getting stuck at startup and / or not unmounting volumes from deleted Pods and report any issues in this area. ([#115268](https://github.com/kubernetes/kubernetes/pull/115268), [@jsafrane](https://github.com/jsafrane)) 2278 - Added `kubelet` Topology Manager metrics to track admission requests processed and occured admission errors. ([#115137](https://github.com/kubernetes/kubernetes/pull/115137), [@swatisehgal](https://github.com/swatisehgal)) 2279 - Added apiserver_envelope_encryption_invalid_key_id_from_status_total to measure number of times an invalid keyID is returned by the Status RPC call. ([#115846](https://github.com/kubernetes/kubernetes/pull/115846), [@ritazh](https://github.com/ritazh)) [SIG API Machinery and Auth] 2280 - Added apiserver_envelope_encryption_kms_operations_latency_seconds metric to measure the KMSv2 grpc calls latency. ([#115649](https://github.com/kubernetes/kubernetes/pull/115649), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth and Testing] 2281 - Added e2e test to node expand volume with secret ([#115451](https://github.com/kubernetes/kubernetes/pull/115451), [@zhucan](https://github.com/zhucan)) 2282 - Added e2e tests for kubectl `--subresource` for beta graduation ([#116590](https://github.com/kubernetes/kubernetes/pull/116590), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) 2283 - Added kubelet Topology Manager metric to measure topology manager admission latency. ([#115590](https://github.com/kubernetes/kubernetes/pull/115590), [@swatisehgal](https://github.com/swatisehgal)) 2284 - Added logging-format option to CCMs based on `k8s.io/cloud-provider` ([#108984](https://github.com/kubernetes/kubernetes/pull/108984), [@LittleFox94](https://github.com/LittleFox94)) 2285 - Added metrics for volume reconstruction during kubelet startup. ([#115965](https://github.com/kubernetes/kubernetes/pull/115965), [@jsafrane](https://github.com/jsafrane)) [SIG Node and Storage] 2286 - Added new -f flag into debug command to be used passing pod or node files instead explicit names. ([#111453](https://github.com/kubernetes/kubernetes/pull/111453), [@ardaguclu](https://github.com/ardaguclu)) 2287 - Added new feature gate `ServiceNodePortStaticSubrange`, to enable the new strategy in the `NodePort` Service port allocators, so the node port range is subdivided and dynamic allocated `NodePort` port for Services are allocated preferentially from the upper range. ([#114418](https://github.com/kubernetes/kubernetes/pull/114418), [@xuzhenglun](https://github.com/xuzhenglun)) 2288 - Added scheduler preemption support for pods using `ReadWriteOncePod` PVCs ([#114051](https://github.com/kubernetes/kubernetes/pull/114051), [@chrishenzie](https://github.com/chrishenzie)) 2289 - Added the `applyconfiguration` generator to the code-generator script that generates server-side apply configuration and client APIs ([#114987](https://github.com/kubernetes/kubernetes/pull/114987), [@astefanutti](https://github.com/astefanutti)) 2290 - Added the ability to host webhooks in the cloud controller manager. ([#108838](https://github.com/kubernetes/kubernetes/pull/108838), [@nckturner](https://github.com/nckturner)) 2291 - Apiserver_storage_transformation_operations_total metric has been updated to include labels transformer_prefix and status. ([#115394](https://github.com/kubernetes/kubernetes/pull/115394), [@ritazh](https://github.com/ritazh)) [SIG API Machinery, Auth, Instrumentation and Testing] 2292 - By enabling the `UserNamespacesStatelessPodsSupport` feature gate in kubelet, you can now run a stateless pod in a separate user namespace ([#116377](https://github.com/kubernetes/kubernetes/pull/116377), [@giuseppe](https://github.com/giuseppe)) [SIG Apps, Node and Storage] 2293 - By enabling the alpha `CloudNodeIPs` feature gate in kubelet and the cloud 2294 provider, you can now specify a dual-stack `--node-ip` value (when using an 2295 external cloud provider that supports that functionality). ([#116305](https://github.com/kubernetes/kubernetes/pull/116305), [@danwinship](https://github.com/danwinship)) [SIG API Machinery, Cloud Provider, Network and Node] 2296 - Changed kubectl `--subresource` flag to beta ([#116595](https://github.com/kubernetes/kubernetes/pull/116595), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) 2297 - Changed metrics for aggregated discovery to publish new time series (alpha). ([#115630](https://github.com/kubernetes/kubernetes/pull/115630), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery and Testing] 2298 - Dynamic Resource Allocation framework can be used for network devices ([#114364](https://github.com/kubernetes/kubernetes/pull/114364), [@bart0sh](https://github.com/bart0sh)) [SIG Node] 2299 - Enable external plugins can be used as subcommands for kubectl create command if subcommand does not exist as builtin only when KUBECTL_ENABLE_CMD_SHADOW environment variable is exported. ([#116293](https://github.com/kubernetes/kubernetes/pull/116293), [@ardaguclu](https://github.com/ardaguclu)) 2300 - GRPC probes now set a linger option of 1s to improve the TIME-WAIT state. ([#115321](https://github.com/kubernetes/kubernetes/pull/115321), [@rphillips](https://github.com/rphillips)) [SIG Network and Node] 2301 - Graduated CRI Events driven Pod LifeCycle Event Generator (Evented PLEG) to Beta ([#115967](https://github.com/kubernetes/kubernetes/pull/115967), [@harche](https://github.com/harche)) 2302 - Graduated `matchLabelKeys` in `podTopologySpread` to Beta ([#116291](https://github.com/kubernetes/kubernetes/pull/116291), [@denkensk](https://github.com/denkensk)) 2303 - Graduated the `CSINodeExpandSecret` feature to Beta. This feature facilitates passing secrets to CSI driver as part of Node Expansion CSI operation. ([#115621](https://github.com/kubernetes/kubernetes/pull/115621), [@humblec](https://github.com/humblec)) 2304 - Graduated the `LegacyServiceAccountTokenTracking` feature gate to Beta. The usage of auto-generated secret-based service account token now produces warnings by default, and relevant Secrets are labeled with a last-used timestamp (label key `kubernetes.io/legacy-token-last-used`). ([#114523](https://github.com/kubernetes/kubernetes/pull/114523), [@zshihang](https://github.com/zshihang)) [SIG API Machinery and Auth] 2305 - HPA controller exposes the following metrics from the kube-controller-manager. 2306 - `metric_computation_duration_seconds`: The time(seconds) that the HPA controller takes to calculate one metric. 2307 - `metric_computation_total`: Number of metric computations. ([#116326](https://github.com/kubernetes/kubernetes/pull/116326), [@sanposhiho](https://github.com/sanposhiho)) [SIG Apps, Autoscaling and Instrumentation] 2308 - HPA controller starts to expose metrics from the kube-controller-manager.\n- `reconciliations_total`: Number of reconciliation of HPA controller. \n- `reconciliation_duration_seconds`: The time(seconds) that the HPA controller takes to reconcile once. ([#116010](https://github.com/kubernetes/kubernetes/pull/116010), [@sanposhiho](https://github.com/sanposhiho)) 2309 - Kube-up now includes `CoreDNS` version `v1.9.3` ([#114279](https://github.com/kubernetes/kubernetes/pull/114279), [@pacoxu](https://github.com/pacoxu)) 2310 - Kubeadm: added the experimental (alpha) feature gate `EtcdLearnerMode` that allows etcd members to be joined as learner and only then promoted as voting members ([#113318](https://github.com/kubernetes/kubernetes/pull/113318), [@pacoxu](https://github.com/pacoxu)) 2311 - Kubectl will now display `SeccompProfile` for pods, containers and ephemeral containers, if values were set. ([#113284](https://github.com/kubernetes/kubernetes/pull/113284), [@williamyeh](https://github.com/williamyeh)) 2312 - Kubectl: added e2e test for default container annotation ([#115046](https://github.com/kubernetes/kubernetes/pull/115046), [@pacoxu](https://github.com/pacoxu)) 2313 - Kubelet TCP and HTTP probes are now more effective using networking resources: 2314 conntrack entries, sockets. This is achieved by reducing the `TIME-WAIT` state 2315 of the connection to 1 second, instead of the defaults 60 seconds. This allows 2316 kubelet to free the socket, and free conntrack entry and ephemeral port associated. ([#115143](https://github.com/kubernetes/kubernetes/pull/115143), [@aojea](https://github.com/aojea)) 2317 - Kubelet allows pods to use the `net.ipv4.ip_local_reserved_ports` sysctl by default and the minimal kernel version is 3.16; Pod Security admission allows this sysctl in v1.27+ versions of the baseline and restricted policies. ([#115374](https://github.com/kubernetes/kubernetes/pull/115374), [@pacoxu](https://github.com/pacoxu)) [SIG Auth, Network and Node] 2318 - Kubelet config file will be backed up to `/etc/kubernetes/tmp/` folder with `kubeadm-kubelet-config` append with a random suffix as the filename ([#114695](https://github.com/kubernetes/kubernetes/pull/114695), [@chendave](https://github.com/chendave)) [SIG Cluster Lifecycle] 2319 - Kubernetes is now built with Go `1.19.5` ([#115010](https://github.com/kubernetes/kubernetes/pull/115010), [@cpanato](https://github.com/cpanato)) 2320 - Kubernetes is now built with go 1.20 ([#114502](https://github.com/kubernetes/kubernetes/pull/114502), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 2321 - Kubernetes is now built with go 1.20.1 ([#115828](https://github.com/kubernetes/kubernetes/pull/115828), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 2322 - Kubernetes is now built with go 1.20.2 ([#116404](https://github.com/kubernetes/kubernetes/pull/116404), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 2323 - Locked `CSIMigrationvSphere` feature gate. ([#116610](https://github.com/kubernetes/kubernetes/pull/116610), [@xing-yang](https://github.com/xing-yang)) 2324 - Made `apiextensions-apiserver` binary linking static (also affects the deb and rpm packages). ([#114226](https://github.com/kubernetes/kubernetes/pull/114226), [@saschagrunert](https://github.com/saschagrunert)) 2325 - Made `kube-aggregator` binary linking static (also affects the deb and rpm packages). ([#114227](https://github.com/kubernetes/kubernetes/pull/114227), [@saschagrunert](https://github.com/saschagrunert)) 2326 - Made `kubectl-convert` binary linking static (also affects the deb and rpm packages). ([#114228](https://github.com/kubernetes/kubernetes/pull/114228), [@saschagrunert](https://github.com/saschagrunert)) 2327 - Migrated controller helper functions to use contextual logging. ([#115049](https://github.com/kubernetes/kubernetes/pull/115049), [@fatsheep9146](https://github.com/fatsheep9146)) 2328 - Migrated the ResourceQuota controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113315](https://github.com/kubernetes/kubernetes/pull/113315), [@ncdc](https://github.com/ncdc)) [SIG API Machinery, Apps and Testing] 2329 - Migrated the StatefulSet controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging) ([#113840](https://github.com/kubernetes/kubernetes/pull/113840), [@249043822](https://github.com/249043822)) 2330 - Migrated the `ClusterRole` aggregation controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113910](https://github.com/kubernetes/kubernetes/pull/113910), [@mengjiao-liu](https://github.com/mengjiao-liu)) 2331 - Migrated the `Deployment` controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging) ([#113525](https://github.com/kubernetes/kubernetes/pull/113525), [@249043822](https://github.com/249043822)) 2332 - Migrated the `ReplicaSet` controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#114871](https://github.com/kubernetes/kubernetes/pull/114871), [@Namanl2001](https://github.com/Namanl2001)) 2333 - Migrated the bootstrap signer controller and the token cleaner controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113464](https://github.com/kubernetes/kubernetes/pull/113464), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG API Machinery, Apps and Instrumentation] 2334 - Migrated the defaultbinder scheduler plugin to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#116571](https://github.com/kubernetes/kubernetes/pull/116571), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG Instrumentation and Scheduling] 2335 - Migrated the main kube-controller-manager binary to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#116529](https://github.com/kubernetes/kubernetes/pull/116529), [@pohly](https://github.com/pohly)) 2336 - Migrated the namespace controller (within `kube-controller-manager`) to support [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113443](https://github.com/kubernetes/kubernetes/pull/113443), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) 2337 - Migrated the service-account controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#114918](https://github.com/kubernetes/kubernetes/pull/114918), [@Namanl2001](https://github.com/Namanl2001)) [SIG API Machinery, Apps, Auth, Instrumentation and Testing] 2338 - Migrated the volume attach/detach controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). 2339 Migrated the `PersistentVolumeClaim` protection controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). 2340 Migrated the `PersistentVolume` protection controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113584](https://github.com/kubernetes/kubernetes/pull/113584), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) 2341 - Migrated the “TTL after finished” controller (within `kube-controller-manager`)to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113916](https://github.com/kubernetes/kubernetes/pull/113916), [@songxiao-wang87](https://github.com/songxiao-wang87)) 2342 - Migrated the `cronjob` controller (within `kube-controller-manager`)to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging) ([#113428](https://github.com/kubernetes/kubernetes/pull/113428), [@mengjiao-liu](https://github.com/mengjiao-liu)) 2343 - New plugin_evaluation_total is added to the scheduler.This metric counts how many times the specific plugin affects the scheduling result. The metric does not get incremented when the plugin has nothing to do with an incoming Pod. ([#115082](https://github.com/kubernetes/kubernetes/pull/115082), [@sanposhiho](https://github.com/sanposhiho)) 2344 - Node `ipam` controller now exposes metrics `cidrset_cidrs_max_total` and `multicidrset_cidrs_max_total` with information about the max number of CIDRs that can be allocated. ([#112260](https://github.com/kubernetes/kubernetes/pull/112260), [@aryan9600](https://github.com/aryan9600)) 2345 - Performance improvements in `klog` ([#115277](https://github.com/kubernetes/kubernetes/pull/115277), [@pohly](https://github.com/pohly)) 2346 - Pod template `schedulingGates` are now mutable for Jobs that are suspended and have never been started ([#115940](https://github.com/kubernetes/kubernetes/pull/115940), [@ahg-g](https://github.com/ahg-g)) [SIG Apps] 2347 - Pods which have an invalid negative `spec.terminationGracePeriodSeconds` value will now be treated as having a `terminationGracePeriodSeconds` of `1` ([#115606](https://github.com/kubernetes/kubernetes/pull/115606), [@wzshiming](https://github.com/wzshiming)) 2348 - Profiling can now be served on a unix-domain socket by using the `--profiling-path` option (when profiling is enabled) for security purposes. ([#114191](https://github.com/kubernetes/kubernetes/pull/114191), [@apelisse](https://github.com/apelisse)) [SIG API Machinery] 2349 - Promote aggregated discovery endpoint to beta and it will be enabled by default ([#116108](https://github.com/kubernetes/kubernetes/pull/116108), [@Jefftree](https://github.com/Jefftree)) 2350 - Promoted `OpenAPIV3` to GA ([#116235](https://github.com/kubernetes/kubernetes/pull/116235), [@Jefftree](https://github.com/Jefftree)) 2351 - Promoted `whoami` kubectl command. ([#116510](https://github.com/kubernetes/kubernetes/pull/116510), [@nabokihms](https://github.com/nabokihms)) 2352 - Scheduler no longer runs the plugin's `Filter` method when its `PreFilter` method returned a Skip status. 2353 In other words, your `PreFilter`/`Filter` plugin can return a Skip status in `PreFilter` if the plugin does nothing in Filter for that Pod. 2354 Scheduler skips `NodeAffinity` Filter plugin when `NodeAffinity` Filter plugin has nothing to do with a Pod. 2355 It may affect some metrics values related to the `NodeAffinity` Filter plugin. ([#114125](https://github.com/kubernetes/kubernetes/pull/114125), [@sanposhiho](https://github.com/sanposhiho)) 2356 - Scheduler now skips `InterPodAffinity` Filter plugin when `InterPodAffinity` Filter plugin has nothing to do with a Pod. 2357 It may affect some metrics values related to the `InterPodAffinity` Filter plugin. ([#114889](https://github.com/kubernetes/kubernetes/pull/114889), [@sanposhiho](https://github.com/sanposhiho)) 2358 - Scheduler volumebinding: leveraged `PreFilterResult` to reduce down to only 2359 eligible node(s) for pod with bound claim(s) to local `PersistentVolume(s)` ([#109877](https://github.com/kubernetes/kubernetes/pull/109877), [@yibozhuang](https://github.com/yibozhuang)) 2360 - Scheduling cycle now terminates immediately when any scheduler plugin returns an 2361 `unschedulableAndUnresolvable` status in `PostFilter`. ([#114699](https://github.com/kubernetes/kubernetes/pull/114699), [@kerthcet](https://github.com/kerthcet)) 2362 - Since Kubernetes v1.5, `kubectl apply` has had an alpha-stage `--prune` flag to support deleting previously applied objects that have been removed from the input manifest. This feature has remained in alpha ever since due to performance and correctness issues inherent in its design. This PR exposes a second, independent pruning alpha powered by a new standard named `ApplySets`. An `ApplySet` is a server-side object (by default, a Secret; ConfigMaps are also allowed) that kubectl can use to accurately and efficiently track set membership across `apply` operations. The format used for `ApplySet` is set out in [KEP 3659](https://github.com/kubernetes/enhancements/issues/3659) as a low-level specification. Other tools in the ecosystem can also build on this specification for improved interoperability. To try the ApplySet-based pruning alpha, set `KUBECTL_APPLYSET=true` and use the flags `--prune --applyset=secret-name` with `kubectl apply`. ([#116205](https://github.com/kubernetes/kubernetes/pull/116205), [@justinsb](https://github.com/justinsb)) 2363 - Switched kubectl explain to use OpenAPIV3 information published by the server. OpenAPIV2 backend can still be used with the `--output plaintext-openapiv2` argument ([#116390](https://github.com/kubernetes/kubernetes/pull/116390), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery, CLI and Testing] 2364 - The Pod API field `.spec.schedulingGates[*].name` now requires qualified names (like `example.com/mygate`), matching validation for names of `.spec.readinessGates[*].name`. Any uses of the alpha scheduling gate feature prior to 1.27 that do not match that validation must be renamed or deleted before upgrading to 1.27. ([#115821](https://github.com/kubernetes/kubernetes/pull/115821), [@lianghao208](https://github.com/lianghao208)) [SIG Apps and Scheduling] 2365 - The Scheduler did not run the plugin Score method when its PreScore method returned a Skip status. In other words, the PreScore/Score plugin could return a Skip status in PreScore if the plugin did nothing in Score for that Pod. ([#115652](https://github.com/kubernetes/kubernetes/pull/115652), [@AxeZhan](https://github.com/AxeZhan)) 2366 - The `AdvancedAuditing` feature gate was locked to _true_ in v1.27, and will be removed completely in v1.28 ([#115163](https://github.com/kubernetes/kubernetes/pull/115163), [@SataQiu](https://github.com/SataQiu)) [SIG API Machinery] 2367 - The `JobMutableNodeSchedulingDirectives` feature gate has graduated to GA. ([#116116](https://github.com/kubernetes/kubernetes/pull/116116), [@ahg-g](https://github.com/ahg-g)) [SIG Apps, Scheduling and Testing] 2368 - The `ReadWriteOncePod` feature gate has been graduated to beta. ([#114494](https://github.com/kubernetes/kubernetes/pull/114494), [@chrishenzie](https://github.com/chrishenzie)) 2369 - The bug which caused the status of Indexed Jobs to only update when new indexes were completed was fixed. Now, completed indexes are updated even if the `.status.completedIndexes` values are outside the `[0, .spec.completions> range`. ([#115349](https://github.com/kubernetes/kubernetes/pull/115349), [@danielvegamyhre](https://github.com/danielvegamyhre)) 2370 - The go version defined in `.go-version` is now fetched when invoking test, build, and code generation targets if the current go version does not match it. Set $FORCE_HOST_GO=y while testing or building to skip this behavior, or set $GO_VERSION to override the selected go version. ([#115377](https://github.com/kubernetes/kubernetes/pull/115377), [@liggitt](https://github.com/liggitt)) [SIG Testing] 2371 - The job controller back-off logic is now decoupled from workqueue. In case of parallelism > 1, if there are multiple new failures in a reconciliation cycle, all the failures are taken into account to compute the back-off. Previously, the back-off kicked in for all types of failures; with this change, only pod failures are taken into account. If the back-off limits exceeds, the job is marked as failed immediately; before this change, the job is marked as failed in the next back-off. ([#114768](https://github.com/kubernetes/kubernetes/pull/114768), [@sathyanarays](https://github.com/sathyanarays)) [SIG Apps and Testing] 2372 - The mount-utils mounter now provides an option to limit the number of concurrent format operations. ([#115379](https://github.com/kubernetes/kubernetes/pull/115379), [@artemvmin](https://github.com/artemvmin)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node and Storage] 2373 - The scheduler's metric `plugin_execution_duration_seconds` now records `PreEnqueue` plugins execution seconds. ([#116201](https://github.com/kubernetes/kubernetes/pull/116201), [@sanposhiho](https://github.com/sanposhiho)) 2374 - Two changes to the `/debug/api_priority_and_fairness/dump_priority_levels` endpoint of API Priority and Fairness: added total number of dispatched, timed-out, rejected and cancelled requests; output now sorted by `PriorityLevelName`. ([#112393](https://github.com/kubernetes/kubernetes/pull/112393), [@borgerli](https://github.com/borgerli)) 2375 - Unlocked the `CSIMigrationvSphere` feature gate. 2376 The change allow users to continue using the in-tree vSphere driver,pending a vSphere 2377 CSI driver release that has with GA support for Windows, XFS, and raw block access. ([#116342](https://github.com/kubernetes/kubernetes/pull/116342), [@msau42](https://github.com/msau42)) [SIG Storage] 2378 - Updated `cAdvisor` to `v0.47.0` ([#114883](https://github.com/kubernetes/kubernetes/pull/114883), [@bobbypage](https://github.com/bobbypage)) 2379 - Updated `kube-apiserver` SLO/SLI latency metrics to exclude priority & fairness queue wait times ([#116420](https://github.com/kubernetes/kubernetes/pull/116420), [@andrewsykim](https://github.com/andrewsykim)) 2380 - Updated distroless iptables to use released image `registry.k8s.io/build-image/distroless-iptables:v0.2.2` 2381 - Updated setcap to use released image `registry.k8s.io/build-image/setcap:bullseye-v1.4.2` ([#116509](https://github.com/kubernetes/kubernetes/pull/116509), [@cpanato](https://github.com/cpanato)) [SIG Testing] 2382 - Updated distroless iptables to use released image `registry.k8s.io/distroless-iptables:v0.2.1` ([#115905](https://github.com/kubernetes/kubernetes/pull/115905), [@cpanato](https://github.com/cpanato)) [SIG Testing] 2383 - Upgrades functionality of `kubectl kustomize` as described at 2384 https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.0.0 and https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.0.1. 2385 2386 This is a new major release of kustomize, so there are a few backwards-incompatible changes, most of which are rare use cases, bug fixes with side effects, or things that have been deprecated for multiple releases already: 2387 2388 - https://github.com/kubernetes-sigs/kustomize/pull/4911: Drop support for a very old, legacy style of patches. patches used to be allowed to be used as an alias for patchesStrategicMerge in kustomize v3. You now have to use patchesStrategicMerge explicitly, or update to the new syntax supported by patches. See examples in the PR description of https://github.com/kubernetes-sigs/kustomize/pull/4911. 2389 - https://github.com/kubernetes-sigs/kustomize/issues/4731: Remove a potential build-time side-effect in ConfigMapGenerator and SecretGenerator, which loaded values from the local environment under some circumstances, breaking kustomize build's side-effect-free promise. While this behavior was never intended, we deprecated it and are announcing it as a breaking change since it existed for a long time. See also the Eschewed Features documentation. 2390 - https://github.com/kubernetes-sigs/kustomize/pull/4985: If you previously included .git in an AWS or Azure URL, we will no longer automatically remove that suffix. You may need to add an extra / to replace the .git for the URL to properly resolve. 2391 - https://github.com/kubernetes-sigs/kustomize/pull/4954: Drop support for using gh: as a host (e.g. gh:kubernetes-sigs/kustomize). We were unable to find any usage of or basis for this and believe it may have been targeting a custom gitconfig shorthand syntax. ([#116598](https://github.com/kubernetes/kubernetes/pull/116598), [@natasha41575](https://github.com/natasha41575)) [SIG CLI] 2392 - When an unsupported PodDisruptionBudget configuration is found, an event and log will be emitted to inform users of the misconfiguration. ([#115861](https://github.com/kubernetes/kubernetes/pull/115861), [@JayKayy](https://github.com/JayKayy)) [SIG Apps] 2393 - [E2E] Pods spawned by E2E tests can now pull images from the private registry using the new --e2e-docker-config-file flag ([#114625](https://github.com/kubernetes/kubernetes/pull/114625), [@Divya063](https://github.com/Divya063)) [SIG Node and Testing] 2394 - [alpha: kubectl apply --prune --applyset] Enabled certain custom resources (CRs) to be used as `ApplySet` parent objects. To enable this for a given CR, apply the label `applyset.kubernetes.io/is-parent-type: true` to the CustomResourceDefinition (CRD) that defines it. ([#116353](https://github.com/kubernetes/kubernetes/pull/116353), [@KnVerey](https://github.com/KnVerey)) 2395 - `Kubelet` no longer creates certain legacy iptables rules by default. 2396 It is possible that this will cause problems with some third-party components 2397 that improperly depended on those rules. If this affects you, you can run 2398 `kubelet` with `--feature-gates=IPTablesOwnershipCleanup=false`, but a bug should also be filed against the third-party component. ([#114472](https://github.com/kubernetes/kubernetes/pull/114472), [@danwinship](https://github.com/danwinship)) 2399 - `MinDomainsInPodTopologySpread` feature gate is enabled by default as a 2400 Beta feature in 1.27. ([#114445](https://github.com/kubernetes/kubernetes/pull/114445), [@mengjiao-liu](https://github.com/mengjiao-liu)) 2401 - `Secret` of `kubernetes.io/tls` type now verifies that the private key matches the cert ([#113581](https://github.com/kubernetes/kubernetes/pull/113581), [@aimuz](https://github.com/aimuz)) 2402 - `StorageVersionGC` (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113986](https://github.com/kubernetes/kubernetes/pull/113986), [@songxiao-wang87](https://github.com/songxiao-wang87)) 2403 - `client-go`: `sharedInformerFactory` now waits for goroutines during shutdown for metadatainformer and dynamicinformer. ([#114434](https://github.com/kubernetes/kubernetes/pull/114434), [@howardjohn](https://github.com/howardjohn)) 2404 - `kube-proxy` now accepts the `ContextualLogging`, `LoggingAlphaOptions`, 2405 `LoggingBetaOptions` ([#115233](https://github.com/kubernetes/kubernetes/pull/115233), [@pohly](https://github.com/pohly)) 2406 - `kube-scheduler`: Optimized implementation of null `labelSelector` in topology spreading. ([#116607](https://github.com/kubernetes/kubernetes/pull/116607), [@alculquicondor](https://github.com/alculquicondor)) 2407 - `kubeadm`: now shows a warning message when detecting that the sandbox image of the container runtime is inconsistent with that used by kubeadm ([#115610](https://github.com/kubernetes/kubernetes/pull/115610), [@SataQiu](https://github.com/SataQiu)) 2408 - `kubectl` now uses `HorizontalPodAutoscaler` `v2` by default. ([#114886](https://github.com/kubernetes/kubernetes/pull/114886), [@a7i](https://github.com/a7i)) 2409 - Kubernetes is now built with Go 1.20.3 ([#117125](https://github.com/kubernetes/kubernetes/pull/117125), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing] 2410 - Updated distroless iptables to use released image `registry.k8s.io/build-image/distroless-iptables:v0.2.3` ([#117126](https://github.com/kubernetes/kubernetes/pull/117126), [@xmudrii](https://github.com/xmudrii)) [SIG Testing] 2411 2412 ### Documentation 2413 2414 - Documented the reason field in CRI API to ensure it equals `OOMKilled` for the containers terminated by OOM killer ([#112977](https://github.com/kubernetes/kubernetes/pull/112977), [@mimowo](https://github.com/mimowo)) 2415 - Error message for Pods with requests exceeding limits will have a limit value printed. ([#112925](https://github.com/kubernetes/kubernetes/pull/112925), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) 2416 - The change affects the following CLI command: 2417 2418 kubectl create rolebinding -h ([#107124](https://github.com/kubernetes/kubernetes/pull/107124), [@ptux](https://github.com/ptux)) [SIG CLI] 2419 2420 ### Failing Test 2421 2422 - Deflaked a preemption test that may patch Nodes incorrectly. ([#114350](https://github.com/kubernetes/kubernetes/pull/114350), [@Huang-Wei](https://github.com/Huang-Wei)) 2423 - Fixed panic in vSphere e2e tests. ([#115863](https://github.com/kubernetes/kubernetes/pull/115863), [@jsafrane](https://github.com/jsafrane)) [SIG Storage and Testing] 2424 - Setting the Kubelet config option `--resolv-conf=Host` on Windows will now result in Kubelet applying the Pod DNS Policies as intended. ([#110566](https://github.com/kubernetes/kubernetes/pull/110566), [@claudiubelu](https://github.com/claudiubelu)) 2425 2426 ### Bug or Regression 2427 2428 - Added (dry run) and (server dry run) suffixes to `kubectl scale` command when `dry-run` is passed ([#114252](https://github.com/kubernetes/kubernetes/pull/114252), [@ardaguclu](https://github.com/ardaguclu)) 2429 - Applied configurations can be generated for types with `non-builtin` map fields ([#114920](https://github.com/kubernetes/kubernetes/pull/114920), [@astefanutti](https://github.com/astefanutti)) 2430 - Changed the error message of `kubectl rollout restart` when subsequent `kubectl rollout restart` commands are executed within a second ([#113040](https://github.com/kubernetes/kubernetes/pull/113040), [@ardaguclu](https://github.com/ardaguclu)) 2431 - Changed the error message to `cannot exec into multiple objects at a time` when file passed to `kubectl exec` contains multiple resources ([#114249](https://github.com/kubernetes/kubernetes/pull/114249), [@ardaguclu](https://github.com/ardaguclu)) 2432 - Client-go: fixed potential data races retrying requests using a custom `io.Reader` body; with this fix, only requests with no body or with `string` / `[]byte` / `runtime.Object` bodies can be retried ([#113933](https://github.com/kubernetes/kubernetes/pull/113933), [@liggitt](https://github.com/liggitt)) 2433 - Describing the CRs will now hide `.metadata.managedFields` ([#114584](https://github.com/kubernetes/kubernetes/pull/114584), [@soltysh](https://github.com/soltysh)) 2434 - Discovery document will correctly return the resources for aggregated apiservers that do not implement aggregated disovery ([#115770](https://github.com/kubernetes/kubernetes/pull/115770), [@Jefftree](https://github.com/Jefftree)) 2435 - Excluded preemptor pod metadata in the event message ([#114923](https://github.com/kubernetes/kubernetes/pull/114923), [@mimowo](https://github.com/mimowo)) 2436 - Expanded the partial fix for https://github.com/kubernetes/kubernetes/issues/111539 2437 which was already started in https://github.com/kubernetes/kubernetes/pull/109706 2438 Specifically, we will now reduce the amount of syncs for `ETP=local` services even 2439 further in the CCM and avoid re-configuring LBs to an even greater extent. ([#111658](https://github.com/kubernetes/kubernetes/pull/111658), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) 2440 - File content check for IPV4 is now enabled by default, and the check of IPV4 or IPV6 is done for `kubeadm init` or `kubeadm join` only in case the user intends to create a cluster to support that kind of IP address family ([#115420](https://github.com/kubernetes/kubernetes/pull/115420), [@chendave](https://github.com/chendave)) 2441 - Fixed CSI `PersistentVolumes` to allow Secrets names longer than 63 characters. ([#114776](https://github.com/kubernetes/kubernetes/pull/114776), [@jsafrane](https://github.com/jsafrane)) 2442 - Fixed Route controller to update routes when NodeIP changes ([#108095](https://github.com/kubernetes/kubernetes/pull/108095), [@lzhecheng](https://github.com/lzhecheng)) 2443 - Fixed `DaemonSet` to update the status even if it fails to create a pod. ([#113787](https://github.com/kubernetes/kubernetes/pull/113787), [@gjkim42](https://github.com/gjkim42)) 2444 - Fixed `SELinux` label for host path volumes created by host path provisioner ([#112021](https://github.com/kubernetes/kubernetes/pull/112021), [@mrunalp](https://github.com/mrunalp)) 2445 - Fixed `StatefulSetAutoDeletePVC` feature when `OwnerReferencesPermissionEnforcement` admission plugin is enabled. ([#114116](https://github.com/kubernetes/kubernetes/pull/114116), [@jsafrane](https://github.com/jsafrane)) 2446 - Fixed a bug on the `EndpointSlice` mirroring controller that generated multiple slices in some cases for custom endpoints in non canonical format. ([#114155](https://github.com/kubernetes/kubernetes/pull/114155), [@aojea](https://github.com/aojea)) 2447 - Fixed a bug that caused the `apiserver` to panic when trying to allocate a Service with a dynamic `ClusterIP` and was configured with Service CIDRs with a /28 mask for IPv4 and a /124 mask for IPv6 ([#115322](https://github.com/kubernetes/kubernetes/pull/115322), [@aojea](https://github.com/aojea)) 2448 - Fixed a bug where Kubernetes would apply a default StorageClass to a PersistentVolumeClaim, 2449 even when the deprecated annotation `volume.beta.kubernetes.io/storage-class` was set. ([#116089](https://github.com/kubernetes/kubernetes/pull/116089), [@cvvz](https://github.com/cvvz)) [SIG Apps and Storage] 2450 - Fixed a bug where `events/v1` `Events` with similar event type and reporting instance were not aggregated by `client-go`. ([#112365](https://github.com/kubernetes/kubernetes/pull/112365), [@dgrisonnet](https://github.com/dgrisonnet)) 2451 - Fixed a bug where when emitting similar Events consecutively, some were rejected by the apiserver. ([#114237](https://github.com/kubernetes/kubernetes/pull/114237), [@dgrisonnet](https://github.com/dgrisonnet)) 2452 - Fixed a data race when emitting similar Events consecutively ([#114236](https://github.com/kubernetes/kubernetes/pull/114236), [@dgrisonnet](https://github.com/dgrisonnet)) 2453 - Fixed a log line in scheduler that inaccurately implies that volume binding has finalized ([#116018](https://github.com/kubernetes/kubernetes/pull/116018), [@TommyStarK](https://github.com/TommyStarK)) 2454 - Fixed a rare race condition in `kube-apiserver` that could lead to missing events when a watch API request was created at the same time `kube-apiserver` was re-initializing its internal watch. ([#116172](https://github.com/kubernetes/kubernetes/pull/116172), [@wojtek-t](https://github.com/wojtek-t)) 2455 - Fixed a regression in the pod binding subresource to honor the `metadata.uid` precondition. 2456 This allows kube-scheduler to ensure it is assigns node names to the same instances of pods it made scheduling decisions for. ([#116550](https://github.com/kubernetes/kubernetes/pull/116550), [@alculquicondor](https://github.com/alculquicondor)) 2457 - Fixed a regression that the scheduler always goes through all Filter plugins. ([#114518](https://github.com/kubernetes/kubernetes/pull/114518), [@Huang-Wei](https://github.com/Huang-Wei)) 2458 - Fixed an EndpointSlice Controller hashing bug that could cause EndpointSlices to incorrectly handle Pods with duplicate IP addresses. For example this could happen when a new Pod reused an IP that was also assigned to a Pod in a completed state. ([#115907](https://github.com/kubernetes/kubernetes/pull/115907), [@qinqon](https://github.com/qinqon)) [SIG Apps and Network] 2459 - Fixed an issue where a CSI migrated volume may be prematurely detached when the CSI driver is not running on the node. 2460 If CSI migration is enabled on the node, even the csi-driver is not up and ready, we will still add this volume to DSW. ([#115464](https://github.com/kubernetes/kubernetes/pull/115464), [@sunnylovestiramisu](https://github.com/sunnylovestiramisu)) 2461 - Fixed an issue where failed pods associated with a job with `parallelism = 1` are recreated by the job controller honoring exponential backoff delay again. However, for jobs with `parallelism > 1`, pods might be created without exponential backoff delay. ([#114516](https://github.com/kubernetes/kubernetes/pull/114516), [@nikhita](https://github.com/nikhita)) 2462 - Fixed an issue with Winkernel Proxier - ClusterIP Loadbalancers missing if the `ExternalTrafficPolicy` is set to Local and the available endpoints are all `remoteEndpoints`. ([#115919](https://github.com/kubernetes/kubernetes/pull/115919), [@princepereira](https://github.com/princepereira)) 2463 - Fixed bug in CRD Validation Rules (beta) and `ValidatingAdmissionPolicy` (alpha) where all admission requests could result in `internal error: runtime error: index out of range [3] with length 3 evaluating rule: <rule name>` under certain circumstances. ([#114857](https://github.com/kubernetes/kubernetes/pull/114857), [@jpbetz](https://github.com/jpbetz)) 2464 - Fixed bug in beta aggregated discovery endpoint which caused CRD discovery information to be temporarily missing when an Aggregated APIService with the same GroupVersion is deleted (and vice versa). ([#116770](https://github.com/kubernetes/kubernetes/pull/116770), [@alexzielenski](https://github.com/alexzielenski)) 2465 - Fixed bug in reflector that couldn't recover from `Too large resource version` errors with API servers before 1.17.0. ([#115093](https://github.com/kubernetes/kubernetes/pull/115093), [@xuzhenglun](https://github.com/xuzhenglun)) 2466 - Fixed clearing of rate-limiter for the queue of checks for cleaning stale pod disruption conditions. The bug could result in the PDB synchronization updates firing too often or the pod disruption cleanups taking too long to happen. ([#114770](https://github.com/kubernetes/kubernetes/pull/114770), [@mimowo](https://github.com/mimowo)) 2467 - Fixed data race in `kube-scheduler` when preemption races with a Pod update. ([#116395](https://github.com/kubernetes/kubernetes/pull/116395), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling] 2468 - Fixed file permission issues that happened during update of `Secret`/`ConfigMap`/`projected volume` when `fsGroup` is used. The problem caused a race condition where application gets intermittent permission denied error when reading files that were just updated, before the correct permissions were applied. ([#114464](https://github.com/kubernetes/kubernetes/pull/114464), [@tsaarni](https://github.com/tsaarni)) 2469 - Fixed incorrect watch events when a watch is initialized simultanously with a reinitializing watchcache. ([#116436](https://github.com/kubernetes/kubernetes/pull/116436), [@wojtek-t](https://github.com/wojtek-t)) 2470 - Fixed issue in `Winkernel` Proxier - Unexpected active TCP connection drops while horizontally scaling the endpoints for a LoadBalancer Service with Internal Traffic Policy: `Local` ([#113742](https://github.com/kubernetes/kubernetes/pull/113742), [@princepereira](https://github.com/princepereira)) 2471 - Fixed issue on Windows when calculating cpu limits on nodes with more than 64 logical processors ([#114231](https://github.com/kubernetes/kubernetes/pull/114231), [@mweibel](https://github.com/mweibel)) 2472 - Fixed issue with Winkernel Proxier - IPV6 load balancer policies were missing when service was configured with `ipFamilyPolicy`: `RequireDualStack` ([#115503](https://github.com/kubernetes/kubernetes/pull/115503), [@princepereira](https://github.com/princepereira)) 2473 - Fixed issue with Winkernel Proxier - IPV6 load balancer policies were missing when service was configured with `ipFamilyPolicy`: `RequireDualStack` ([#115577](https://github.com/kubernetes/kubernetes/pull/115577), [@princepereira](https://github.com/princepereira)) 2474 - Fixed issue with `Winkernel Proxier` - No ingress load balancer rules with endpoints to support load balancing when all the endpoints are terminating. ([#113776](https://github.com/kubernetes/kubernetes/pull/113776), [@princepereira](https://github.com/princepereira)) 2475 - Fixed missing delete events on informer re-lists to ensure all delete events were correctly emitted and using the latest known object state, so that all event handlers and stores always reflect the actual apiserver state as best as possible ([#115620](https://github.com/kubernetes/kubernetes/pull/115620), [@odinuge](https://github.com/odinuge)) 2476 - Fixed nil pointer error in `NodeVolumeLimits` csi logging ([#115179](https://github.com/kubernetes/kubernetes/pull/115179), [@sunnylovestiramisu](https://github.com/sunnylovestiramisu)) 2477 - Fixed panic validating custom resource definition schemas that set `multipleOf` to 0 ([#114869](https://github.com/kubernetes/kubernetes/pull/114869), [@liggitt](https://github.com/liggitt)) 2478 - Fixed performance regression in scheduler caused by frequent metric lookup on critical code path. ([#116428](https://github.com/kubernetes/kubernetes/pull/116428), [@mborsz](https://github.com/mborsz)) [SIG Scheduling] 2479 - Fixed stuck apiserver if an aggregated apiservice returned `304 Not Modified` for aggregated discovery information ([#114459](https://github.com/kubernetes/kubernetes/pull/114459), [@alexzielenski](https://github.com/alexzielenski)) 2480 - Fixed the problem Pod terminating stuck because of trying to umount not actual mounted dir. ([#115769](https://github.com/kubernetes/kubernetes/pull/115769), [@mochizuki875](https://github.com/mochizuki875)) 2481 - Fixed the regression that introduced 34s timeout for DELETECOLLECTION calls ([#115341](https://github.com/kubernetes/kubernetes/pull/115341), [@tkashem](https://github.com/tkashem)) 2482 - Fixed two regressions introduced by the `PodDisruptionConditions` feature (on by default in 1.26): 2483 - pod eviction API calls returned spurious precondition errors and required a second evict API call to succeed 2484 - dry-run eviction API calls persisted a DisruptionTarget condition into the pod being evicted ([#116554](https://github.com/kubernetes/kubernetes/pull/116554), [@atiratree](https://github.com/atiratree)) 2485 - Fixes #115825. Kube-proxy will now include the `healthz` state in its response to the LB HC as to avoid indicating to the LB that it should use the node in question when Kube-proxy is not healthy. ([#111661](https://github.com/kubernetes/kubernetes/pull/111661), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG Network] 2486 - Flag `--concurrent-node-syncs` has been added to cloud node controller which defines how many workers in parallel will be initialising and synchronising nodes. ([#113104](https://github.com/kubernetes/kubernetes/pull/113104), [@pawbana](https://github.com/pawbana)) [SIG API Machinery, Cloud Provider and Scalability] 2487 - Force deleted pods may fail to terminate until the kubelet is restarted when the container runtime returns an error during termination. We have strengthened testing for runtime failures and now perform a more rigorous reconciliation to ensure static pods (especially those that use fixed UIDs) are restarted. As a side effect of these changes static pods will be restarted with lower latency than before (2s vs 4s, on average) and rapid updates to pod configuration should take effect sooner. 2488 2489 A new metric `kubelet_known_pods` has been added at ALPHA stability to report the number of pods a Kubelet is tracking in a number of internal states. Operators may use the metrics to track an excess of pods in the orphaned state that may not be completing. ([#113145](https://github.com/kubernetes/kubernetes/pull/113145), [@smarterclayton](https://github.com/smarterclayton)) [SIG API Machinery, Auth, Cloud Provider, Node and Testing] 2490 - From now on, the HPA controller will return an error for the container resource metrics when the feature gate `HPAContainerMetrics` is disabled. As a result, HPA with a container resource metric performs no scale-down and performs only. ([#116043](https://github.com/kubernetes/kubernetes/pull/116043), [@sanposhiho](https://github.com/sanposhiho)) 2491 - IPVS: Any ipvs scheduler can now be configured. If a un-usable scheduler is configured `kube-proxy` will re-start and the logs must be checked (same as before but different log printouts). ([#114878](https://github.com/kubernetes/kubernetes/pull/114878), [@uablrek](https://github.com/uablrek)) 2492 - If a user attempts to add an ephemeral container to a static pod, they will now get a visible validation error. ([#114086](https://github.com/kubernetes/kubernetes/pull/114086), [@xmcqueen](https://github.com/xmcqueen)) 2493 - Ingress with `ingressClass` annotation and `IngressClassName` both set can be created now. ([#115447](https://github.com/kubernetes/kubernetes/pull/115447), [@AxeZhan](https://github.com/AxeZhan)) 2494 - Kube-apiserver: errors decoding objects in etcd are now recorded in an `apiserver_storage_decode_errors_total` counter metric ([#114376](https://github.com/kubernetes/kubernetes/pull/114376), [@baomingwang](https://github.com/baomingwang)) [SIG API Machinery and Instrumentation] 2495 - Kube-apiserver: regular expressions specified with the `--cors-allowed-origins` option are now validated to match the entire `hostname` inside the `Origin` header of the request and 2496 must contain '^' or the '//' prefix to anchor to the start, and '$' or the port separator ':' to anchor to 2497 the end. ([#112809](https://github.com/kubernetes/kubernetes/pull/112809), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] 2498 - Kube-apiserver: removed N^2 behavior loading webhook configurations. ([#114794](https://github.com/kubernetes/kubernetes/pull/114794), [@lavalamp](https://github.com/lavalamp)) [SIG API Machinery, Architecture, CLI, Cloud Provider and Node] 2499 - Kubeadm: fixed an etcd learner-mode bug by preparing an etcd static pod manifest before promoting ([#115038](https://github.com/kubernetes/kubernetes/pull/115038), [@tobiasgiese](https://github.com/tobiasgiese)) 2500 - Kubeadm: fixed the bug where `kubeadm` always does CRI detection even if it is not required by a phase subcommand ([#114455](https://github.com/kubernetes/kubernetes/pull/114455), [@SataQiu](https://github.com/SataQiu)) 2501 - Kubeadm: improved retries when updating node information, in case `kube-apiserver` is temporarily unavailable ([#114176](https://github.com/kubernetes/kubernetes/pull/114176), [@QuantumEnergyE](https://github.com/QuantumEnergyE)) 2502 - Kubeadm`: modified `--config` flag from required to optional for `kubeadm kubeconfig user` command ([#116074](https://github.com/kubernetes/kubernetes/pull/116074), [@SataQiu](https://github.com/SataQiu)) 2503 - Kubectl: enabled usage of label selector for filtering out resources when pruning for kubectl diff ([#114863](https://github.com/kubernetes/kubernetes/pull/114863), [@danlenar](https://github.com/danlenar)) 2504 - Kubelet startup now fails CRI connection if service or image endpoint is throwing any error ([#115102](https://github.com/kubernetes/kubernetes/pull/115102), [@saschagrunert](https://github.com/saschagrunert)) 2505 - Kubelet: fix recording issue when pulling image did finish ([#114904](https://github.com/kubernetes/kubernetes/pull/114904), [@TommyStarK](https://github.com/TommyStarK)) [SIG Node] 2506 - Kubelet`: fixed a bug in `kubelet` that stopped rendering the `ConfigMaps` when `fsquota` monitoring is enabled ([#112624](https://github.com/kubernetes/kubernetes/pull/112624), [@pacoxu](https://github.com/pacoxu)) 2507 - Messages of `DisruptionTarget` condition now excludes preemptor pod metadata ([#114914](https://github.com/kubernetes/kubernetes/pull/114914), [@mimowo](https://github.com/mimowo)) 2508 - Optimized `LoadBalancer` creation with the help of attribute Internal Traffic Policy: `Local` ([#114407](https://github.com/kubernetes/kubernetes/pull/114407), [@princepereira](https://github.com/princepereira)) 2509 - PVCs will automatically be recreated if they are missing for a pending Pod. ([#113270](https://github.com/kubernetes/kubernetes/pull/113270), [@rrangith](https://github.com/rrangith)) [SIG Apps and Testing] 2510 - PersistentVolume API objects which set NodeAffinities using beta Kubernetes labels for OS, architecture, zone, region, and instance type may now be modified to use the stable Kubernetes labels. ([#115391](https://github.com/kubernetes/kubernetes/pull/115391), [@haoruan](https://github.com/haoruan)) 2511 - Potentially breaking change - Updating the polling interval for Windows stats collection from 1 second to 10 seconds ([#116546](https://github.com/kubernetes/kubernetes/pull/116546), [@marosset](https://github.com/marosset)) [SIG Node and Windows] 2512 - Relaxed API validation for usage `key encipherment` and `kubelet` uses requested usages accordingly ([#111660](https://github.com/kubernetes/kubernetes/pull/111660), [@pacoxu](https://github.com/pacoxu)) 2513 - Removed scheduler names from preemption event messages. ([#114980](https://github.com/kubernetes/kubernetes/pull/114980), [@mimowo](https://github.com/mimowo)) 2514 - Shared informers now correctly propagate whether they are synced or not. Individual informer handlers may now check if they are synced or not (new `HasSynced` method). Library support is added to assist controllers in tracking whether their own work is completed for items in the initial list (`AsyncTracker`). ([#113985](https://github.com/kubernetes/kubernetes/pull/113985), [@lavalamp](https://github.com/lavalamp)) 2515 - The Kubernetes API server now correctly detects and closes existing TLS connections when its client certificate file for kubelet authentication has been rotated. ([#115315](https://github.com/kubernetes/kubernetes/pull/115315), [@enj](https://github.com/enj)) [SIG API Machinery, Auth, Node and Testing] 2516 - Total test spec is now available by `ProgressReporter`, it will be reported before test suite got executed. ([#114417](https://github.com/kubernetes/kubernetes/pull/114417), [@chendave](https://github.com/chendave)) 2517 - Updated the Event series starting count when emitting isomorphic events from 1 to 2. ([#112334](https://github.com/kubernetes/kubernetes/pull/112334), [@dgrisonnet](https://github.com/dgrisonnet)) 2518 - When GCing pods, `kube-controller-manager` will delete Evicted pods first. ([#116167](https://github.com/kubernetes/kubernetes/pull/116167), [@borgerli](https://github.com/borgerli)) 2519 - When describing deployments, `OldReplicaSets` now always shows all replicasets controlled the deployment, not just those that still have replicas available. ([#113083](https://github.com/kubernetes/kubernetes/pull/113083), [@llorllale](https://github.com/llorllale)) [SIG CLI] 2520 - Windows CPU usage node stats are now correctly calculated for nodes with multiple Processor Groups. ([#110864](https://github.com/kubernetes/kubernetes/pull/110864), [@claudiubelu](https://github.com/claudiubelu)) [SIG Node, Testing and Windows] 2521 - `LabelSelectors` specified in `topologySpreadConstraints` were validated to ensure that pods are scheduled as expected. Existing pods with invalid `LabelSelectors` could be updated, but new pods were required to specify valid `LabelSelectors`. ([#111802](https://github.com/kubernetes/kubernetes/pull/111802), [@maaoBit](https://github.com/maaoBit)) 2522 - `PodGC` for pods which are in terminal phase now do not add the `DisruptionTarget` condition. ([#115056](https://github.com/kubernetes/kubernetes/pull/115056), [@mimowo](https://github.com/mimowo)) 2523 - `Service` of type `ExternalName` do not create an `Endpoint` anymore. ([#114814](https://github.com/kubernetes/kubernetes/pull/114814), [@panslava](https://github.com/panslava)) 2524 - `cacher`: If `ResourceVersion` is unset, the watch is now served from the underlying storage as documented. ([#115096](https://github.com/kubernetes/kubernetes/pull/115096), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) 2525 - `client-go`: fixed the wait time for trying to acquire the leader lease ([#114872](https://github.com/kubernetes/kubernetes/pull/114872), [@Iceber](https://github.com/Iceber)) 2526 - `etcd`: Updated to `v3.5.7` ([#115310](https://github.com/kubernetes/kubernetes/pull/115310), [@mzaian](https://github.com/mzaian)) 2527 - `golang.org/x/net` updated to `v0.7.0` to fix CVE-2022-41723 ([#115786](https://github.com/kubernetes/kubernetes/pull/115786), [@liggitt](https://github.com/liggitt)) 2528 - `kube-controller-manager` will not run nodeipam controller when allocator type 2529 is `CloudAllocator` and the cloud provider is not enabled. ([#114596](https://github.com/kubernetes/kubernetes/pull/114596), [@andrewsykim](https://github.com/andrewsykim)) 2530 - `kube-controller-manager`: fixed a bug that the `kubeconfig` field of `kubecontrollermanager.config.k8s.io` configuration is not populated correctly ([#116219](https://github.com/kubernetes/kubernetes/pull/116219), [@SataQiu](https://github.com/SataQiu)) 2531 - `kube-proxy` with `--proxy-mode=ipvs` can be used with statically linked kernels. 2532 The reseved IPv4 range `TEST-NET-2` in `rfc5737` MUST NOT be used for `ClusterIP` or `loadBalancerIP` since address `198.51.100.0` is used for probing. ([#114669](https://github.com/kubernetes/kubernetes/pull/114669), [@uablrek](https://github.com/uablrek)) 2533 - `kubeadm`: fixed a bug where the uploaded kubelet configuration in `kube-system/kubelet-config` `ConfigMap` does not respect user patch ([#115575](https://github.com/kubernetes/kubernetes/pull/115575), [@SataQiu](https://github.com/SataQiu)) 2534 - `kubeadm`: now respects user provided `kubeconfig` during discovery process ([#113998](https://github.com/kubernetes/kubernetes/pull/113998), [@SataQiu](https://github.com/SataQiu)) 2535 - `kubectl port-forward` now exits with exit code 1 when remote connection is 2536 lost ([#114460](https://github.com/kubernetes/kubernetes/pull/114460), [@brianpursley](https://github.com/brianpursley)) 2537 - `nodeName` being set along with non-empty `schedulingGates` is now enforced. ([#115569](https://github.com/kubernetes/kubernetes/pull/115569), [@Huang-Wei](https://github.com/Huang-Wei)) 2538 - `node_stage_path` is now set whenever available for expansion during mount ([#115346](https://github.com/kubernetes/kubernetes/pull/115346), [@gnufied](https://github.com/gnufied)) 2539 - `statefulset` status will now be consistent on API errors ([#113834](https://github.com/kubernetes/kubernetes/pull/113834), [@atiratree](https://github.com/atiratree)) 2540 - `tryUnmount` now respects `mounter.withSafeNotMountedBehavior` ([#114736](https://github.com/kubernetes/kubernetes/pull/114736), [@andyzhangx](https://github.com/andyzhangx)) 2541 - The encryption response from KMS v2 plugins is now validated earlier at DEK generation time instead of waiting until an encryption is performed. ([#116877](https://github.com/kubernetes/kubernetes/pull/116877), [@enj](https://github.com/enj)) [SIG API Machinery and Auth] 2542 - Recreate DaemonSet pods completed with Succeeded phase ([#117073](https://github.com/kubernetes/kubernetes/pull/117073), [@mimowo](https://github.com/mimowo)) [SIG Apps and Testing] 2543 2544 2545 ### Other (Cleanup or Flake) 2546 2547 - Added basic Denial Of Service prevention for the the node-local kubelet `podresource` API ([#116459](https://github.com/kubernetes/kubernetes/pull/116459), [@ffromani](https://github.com/ffromani)) [SIG Node and Testing] 2548 - Callers of `wait.ExponentialBackoffWithContext` now must pass a `ConditionWithContextFunc` to be consistent with the signature and avoid creating a duplicate context. If your condition does not need a context you can use the `ConditionFunc.WithContext()` helper to ignore the context, or use `ExponentialBackoff` directly. ([#115113](https://github.com/kubernetes/kubernetes/pull/115113), [@smarterclayton](https://github.com/smarterclayton)) 2549 - Changed docs for `--contention-profiling` flag to reflect it performed block profiling ([#114490](https://github.com/kubernetes/kubernetes/pull/114490), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) 2550 - E2e framework: added `--report-complete-ginkgo` and `--report-complete-junit` parameters. They work like `ginkgo --json-report <report dir>/ginkgo/report.json --junit-report <report dir>/ginkgo/report.xml`. ([#115678](https://github.com/kubernetes/kubernetes/pull/115678), [@pohly](https://github.com/pohly)) [SIG Testing] 2551 - Fixed incorrect log information in the `iptables` utility. ([#110723](https://github.com/kubernetes/kubernetes/pull/110723), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) 2552 - Improved FormatMap: Improves performance by about 4x, or nearly 2x in the worst case ([#112661](https://github.com/kubernetes/kubernetes/pull/112661), [@aimuz](https://github.com/aimuz)) [SIG Node] 2553 - Improved misleading message, in case of no metrics received for the `HPA` controlled pods. ([#114740](https://github.com/kubernetes/kubernetes/pull/114740), [@kushagra98](https://github.com/kushagra98)) 2554 - Introduced new metrics removing the redundant subsystem in kube-apiserver pod logs metrics and deprecate the original ones: 2555 - kube_apiserver_pod_logs_pods_logs_backend_tls_failure_total becomes kube_apiserver_pod_logs_backend_tls_failure_total 2556 - kube_apiserver_pod_logs_pods_logs_insecure_backend_total becomes kube_apiserver_pod_logs_insecure_backend_total ([#114497](https://github.com/kubernetes/kubernetes/pull/114497), [@dgrisonnet](https://github.com/dgrisonnet)) 2557 - Kubeadm: removed the deprecated `v1beta2` API. kubeadm 1.26's `config migrate` 2558 command can be used to migrate a `v1beta2` configuration file to `v1beta3` ([#114540](https://github.com/kubernetes/kubernetes/pull/114540), [@pacoxu](https://github.com/pacoxu)) 2559 - Kubelet: remove deprecated flag `--container-runtime` ([#114017](https://github.com/kubernetes/kubernetes/pull/114017), [@calvin0327](https://github.com/calvin0327)) [SIG Cloud Provider and Node] 2560 - Kubelet: the deprecated `--master-service-namespace` flag is removed in v1.27 ([#116015](https://github.com/kubernetes/kubernetes/pull/116015), [@SataQiu](https://github.com/SataQiu)) 2561 - Linux/arm will not ship in Kubernetes 1.27 as we are running into issues with building artifacts using golang 1.20.2 (please see issue #116492) ([#115742](https://github.com/kubernetes/kubernetes/pull/115742), [@dims](https://github.com/dims)) [SIG Architecture, Release and Testing] 2562 - Migrated `pkg/controller/nodeipam/ipam/cloud_cidr_allocator.go, pkg/controller/nodeipam/ipam/multi_cidr_range_allocator.go pkg/controller/nodeipam/ipam/range_allocator.go pkg/controller/nodelifecycle/node_lifecycle_controller.go` to structured logging ([#112670](https://github.com/kubernetes/kubernetes/pull/112670), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) 2563 - Migrated the Kubernetes object garbage collector (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113471](https://github.com/kubernetes/kubernetes/pull/113471), [@ncdc](https://github.com/ncdc)) 2564 - Migrated the ttlafterfinished controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#115332](https://github.com/kubernetes/kubernetes/pull/115332), [@obaranov1](https://github.com/obaranov1)) [SIG Apps] 2565 - Migrated the “sample-controller” controller to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113879](https://github.com/kubernetes/kubernetes/pull/113879), [@pchan](https://github.com/pchan)) [SIG API Machinery and Instrumentation] 2566 - Promoted pod resource `limit/request` metrics to stable. ([#115454](https://github.com/kubernetes/kubernetes/pull/115454), [@dgrisonnet](https://github.com/dgrisonnet)) 2567 - Removed AWS kubelet credential provider. Please use the external kubelet credential provider binary named `ecr-credential-provider` instead. ([#116329](https://github.com/kubernetes/kubernetes/pull/116329), [@dims](https://github.com/dims)) [SIG Node, Storage and Testing] 2568 - Removed Azure disk in-tree storage plugin ([#116301](https://github.com/kubernetes/kubernetes/pull/116301), [@andyzhangx](https://github.com/andyzhangx)) 2569 - Removed flag `master-service-namespace` from `api-server` arguments ([#114446](https://github.com/kubernetes/kubernetes/pull/114446), [@lengrongfu](https://github.com/lengrongfu)) 2570 - Removed the following deprecated metrics: 2571 - node_collector_evictions_number replaced by node_collector_evictions_total 2572 - scheduler_e2e_scheduling_duration_seconds replaced by scheduler_scheduling_attempt_duration_seconds ([#115209](https://github.com/kubernetes/kubernetes/pull/115209), [@dgrisonnet](https://github.com/dgrisonnet)) 2573 - Removed unused rule for `nodes/spec` from `ClusterRole` `system:kubelet-api-admin` ([#113267](https://github.com/kubernetes/kubernetes/pull/113267), [@hoskeri](https://github.com/hoskeri)) 2574 - Renamed API server identity Lease labels to use the key `apiserver.kubernetes.io/identity` ([#114586](https://github.com/kubernetes/kubernetes/pull/114586), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery, Apps, Cloud Provider and Testing] 2575 - Storage.k8s.io/v1beta1 API version of CSIStorageCapacity will no longer be served ([#116523](https://github.com/kubernetes/kubernetes/pull/116523), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery] 2576 - The `CSIMigrationAzureFile` feature gate (for the feature which graduated to GA in v1.26) is now unconditionally enabled and will be removed in v1.28. ([#114953](https://github.com/kubernetes/kubernetes/pull/114953), [@enj](https://github.com/enj)) 2577 - The `ControllerManagerLeaderMigration` feature, GA since `1.24`, is now unconditionally enabled and the feature gate option has been removed. ([#113534](https://github.com/kubernetes/kubernetes/pull/113534), [@pacoxu](https://github.com/pacoxu)) 2578 - The `WaitFor` and `WaitForWithContext` functions in the wait package have now been marked private. Callers should use the equivalent `Poll*` method with a zero duration interval. ([#115116](https://github.com/kubernetes/kubernetes/pull/115116), [@smarterclayton](https://github.com/smarterclayton)) 2579 - The `wait.Poll*` and `wait.ExponentialBackoff*` functions have been deprecated and will be removed in a future release. Callers should switch to using `wait.PollUntilContextCancel`, `wait.PollUntilContextTimeout`, or `wait.ExponentialBackoffWithContext` as appropriate. 2580 2581 `PollWithContext(Cancel|Deadline)` will no longer return `ErrWaitTimeout` - use the `Interrupted(error) bool` helper to replace checks for `err == ErrWaitTimeout`, or compare specifically to context errors as needed. A future release will make the `ErrWaitTimeout` error private and callers must use `Interrupted()` instead. If you are returning `ErrWaitTimeout` from your own methods, switch to creating a location specific `cause err` and pass it to the new method `wait.ErrorInterrupted(cause) error` which will ensure `Interrupted()` returns true for your loop. 2582 2583 The `wait.NewExponentialBackoffManager` and `wait.NewJitteringBackoffManager` functions have been marked as deprecated. Callers should switch to using the `Backoff{...}.DelayWithReset(clock, resetInterval)` method and must set the `Steps` field when using `Factor`. As a short term change, callers may use the `Timer()` method on the `BackoffManager` until the backoff managers are deprecated and removed. Please see the godoc of the deprecated functions for examples of how to replace usage of this function. ([#107826](https://github.com/kubernetes/kubernetes/pull/107826), [@smarterclayton](https://github.com/smarterclayton)) [SIG API Machinery, Auth, Cloud Provider, Storage and Testing] 2584 - The feature gates `CSIInlineVolume`, `CSIMigration`, `DaemonSetUpdateSurge`, `EphemeralContainers`, `IdentifyPodOS`, `LocalStorageCapacityIsolation`, `NetworkPolicyEndPort` and `StatefulSetMinReadySeconds` that graduated to GA in v1.25 and were unconditionally enabled have been removed in v1.27 ([#114410](https://github.com/kubernetes/kubernetes/pull/114410), [@SataQiu](https://github.com/SataQiu)) [SIG Node] 2585 - Upgraded `coredns` to `v1.10.1` ([#115603](https://github.com/kubernetes/kubernetes/pull/115603), [@pacoxu](https://github.com/pacoxu)) 2586 - Upgraded `go-jose` to `v2.6.0` ([#115893](https://github.com/kubernetes/kubernetes/pull/115893), [@mgoltzsche](https://github.com/mgoltzsche)) 2587 - [KCCM - service controller]: enabled connection draining for terminating pods upon node downscale by the cluster autoscaler. This is done by not reacting to the taint used by the cluster autoscaler to indicate that the node is going away soon, thus keeping the node referenced by the load balancer until the VM has been completely deleted. ([#115204](https://github.com/kubernetes/kubernetes/pull/115204), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) 2588 - `apiserver_admission_webhook_admission_duration_seconds` buckets have been expanded, 25s is now the largest bucket size to match the webhook default timeout. ([#115802](https://github.com/kubernetes/kubernetes/pull/115802), [@logicalhan](https://github.com/logicalhan)) [SIG API Machinery and Instrumentation] 2589 - `wait.ContextForChannel()` now implements the context.Context interface and 2590 does not return a cancellation function. ([#115140](https://github.com/kubernetes/kubernetes/pull/115140), [@smarterclayton](https://github.com/smarterclayton)) 2591 2592 ## Dependencies 2593 2594 ### Added 2595 - github.com/a8m/tree: [10a5fd5](https://github.com/a8m/tree/tree/10a5fd5) 2596 - github.com/dougm/pretty: [2ee9d74](https://github.com/dougm/pretty/tree/2ee9d74) 2597 - github.com/rasky/go-xdr: [4930550](https://github.com/rasky/go-xdr/tree/4930550) 2598 - github.com/vmware/vmw-guestinfo: [25eff15](https://github.com/vmware/vmw-guestinfo/tree/25eff15) 2599 - sigs.k8s.io/kustomize/kustomize/v5: v5.0.1 2600 2601 ### Changed 2602 - github.com/Microsoft/hcsshim: [v0.8.22 → v0.8.25](https://github.com/Microsoft/hcsshim/compare/v0.8.22...v0.8.25) 2603 - github.com/aws/aws-sdk-go: [v1.44.116 → v1.35.24](https://github.com/aws/aws-sdk-go/compare/v1.44.116...v1.35.24) 2604 - github.com/coredns/corefile-migration: [v1.0.17 → v1.0.20](https://github.com/coredns/corefile-migration/compare/v1.0.17...v1.0.20) 2605 - github.com/coreos/go-systemd/v22: [v22.3.2 → v22.4.0](https://github.com/coreos/go-systemd/v22/compare/v22.3.2...v22.4.0) 2606 - github.com/creack/pty: [v1.1.11 → v1.1.18](https://github.com/creack/pty/compare/v1.1.11...v1.1.18) 2607 - github.com/docker/docker: [v20.10.18+incompatible → v20.10.21+incompatible](https://github.com/docker/docker/compare/v20.10.18...v20.10.21) 2608 - github.com/go-errors/errors: [v1.0.1 → v1.4.2](https://github.com/go-errors/errors/compare/v1.0.1...v1.4.2) 2609 - github.com/go-openapi/jsonpointer: [v0.19.5 → v0.19.6](https://github.com/go-openapi/jsonpointer/compare/v0.19.5...v0.19.6) 2610 - github.com/go-openapi/jsonreference: [v0.20.0 → v0.20.1](https://github.com/go-openapi/jsonreference/compare/v0.20.0...v0.20.1) 2611 - github.com/go-openapi/swag: [v0.19.14 → v0.22.3](https://github.com/go-openapi/swag/compare/v0.19.14...v0.22.3) 2612 - github.com/golang-jwt/jwt/v4: [v4.2.0 → v4.4.2](https://github.com/golang-jwt/jwt/v4/compare/v4.2.0...v4.4.2) 2613 - github.com/golang/protobuf: [v1.5.2 → v1.5.3](https://github.com/golang/protobuf/compare/v1.5.2...v1.5.3) 2614 - github.com/google/cadvisor: [v0.46.0 → v0.47.1](https://github.com/google/cadvisor/compare/v0.46.0...v0.47.1) 2615 - github.com/google/cel-go: [v0.12.5 → v0.12.6](https://github.com/google/cel-go/compare/v0.12.5...v0.12.6) 2616 - github.com/google/uuid: [v1.1.2 → v1.3.0](https://github.com/google/uuid/compare/v1.1.2...v1.3.0) 2617 - github.com/kr/pretty: [v0.2.1 → v0.3.0](https://github.com/kr/pretty/compare/v0.2.1...v0.3.0) 2618 - github.com/mailru/easyjson: [v0.7.6 → v0.7.7](https://github.com/mailru/easyjson/compare/v0.7.6...v0.7.7) 2619 - github.com/moby/ipvs: [v1.0.1 → v1.1.0](https://github.com/moby/ipvs/compare/v1.0.1...v1.1.0) 2620 - github.com/moby/term: [39b0c02 → 1aeaba8](https://github.com/moby/term/compare/39b0c02...1aeaba8) 2621 - github.com/onsi/ginkgo/v2: [v2.4.0 → v2.9.1](https://github.com/onsi/ginkgo/v2/compare/v2.4.0...v2.9.1) 2622 - github.com/onsi/gomega: [v1.23.0 → v1.27.4](https://github.com/onsi/gomega/compare/v1.23.0...v1.27.4) 2623 - github.com/opencontainers/runtime-spec: [1c3f411 → 494a5a6](https://github.com/opencontainers/runtime-spec/compare/1c3f411...494a5a6) 2624 - github.com/rogpeppe/go-internal: [v1.3.0 → v1.10.0](https://github.com/rogpeppe/go-internal/compare/v1.3.0...v1.10.0) 2625 - github.com/sirupsen/logrus: [v1.8.1 → v1.9.0](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0) 2626 - github.com/stretchr/objx: [v0.4.0 → v0.5.0](https://github.com/stretchr/objx/compare/v0.4.0...v0.5.0) 2627 - github.com/stretchr/testify: [v1.8.0 → v1.8.1](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1) 2628 - github.com/tmc/grpc-websocket-proxy: [e5319fd → 673ab2c](https://github.com/tmc/grpc-websocket-proxy/compare/e5319fd...673ab2c) 2629 - github.com/vishvananda/netns: [db3c7e5 → v0.0.2](https://github.com/vishvananda/netns/compare/db3c7e5...v0.0.2) 2630 - github.com/vmware/govmomi: [v0.20.3 → v0.30.0](https://github.com/vmware/govmomi/compare/v0.20.3...v0.30.0) 2631 - go.etcd.io/etcd/api/v3: v3.5.5 → v3.5.7 2632 - go.etcd.io/etcd/client/pkg/v3: v3.5.5 → v3.5.7 2633 - go.etcd.io/etcd/client/v2: v2.305.5 → v2.305.7 2634 - go.etcd.io/etcd/client/v3: v3.5.5 → v3.5.7 2635 - go.etcd.io/etcd/pkg/v3: v3.5.5 → v3.5.7 2636 - go.etcd.io/etcd/raft/v3: v3.5.5 → v3.5.7 2637 - go.etcd.io/etcd/server/v3: v3.5.5 → v3.5.7 2638 - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.35.0 → v0.35.1 2639 - go.uber.org/goleak: v1.2.0 → v1.2.1 2640 - golang.org/x/mod: v0.6.0 → v0.9.0 2641 - golang.org/x/net: 1e63c2f → v0.8.0 2642 - golang.org/x/sync: 886fb93 → v0.1.0 2643 - golang.org/x/sys: v0.3.0 → v0.6.0 2644 - golang.org/x/term: v0.3.0 → v0.6.0 2645 - golang.org/x/text: v0.5.0 → v0.8.0 2646 - golang.org/x/tools: v0.2.0 → v0.7.0 2647 - golang.org/x/xerrors: 5ec99f8 → 04be3eb 2648 - google.golang.org/grpc: v1.49.0 → v1.51.0 2649 - gopkg.in/check.v1: 8fa4692 → 10cb982 2650 - gopkg.in/square/go-jose.v2: v2.2.2 → v2.6.0 2651 - k8s.io/klog/v2: v2.80.1 → v2.90.1 2652 - k8s.io/kube-openapi: 172d655 → 15aac26 2653 - k8s.io/utils: 1a15be2 → a36077c 2654 - sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.33 → v0.1.1 2655 - sigs.k8s.io/json: f223a00 → bc3834c 2656 - sigs.k8s.io/kustomize/api: v0.12.1 → v0.13.2 2657 - sigs.k8s.io/kustomize/cmd/config: v0.10.9 → v0.11.1 2658 - sigs.k8s.io/kustomize/kyaml: v0.13.9 → v0.14.1 2659 2660 ### Removed 2661 - github.com/PuerkitoBio/purell: [v1.1.1](https://github.com/PuerkitoBio/purell/tree/v1.1.1) 2662 - github.com/PuerkitoBio/urlesc: [de5bf2a](https://github.com/PuerkitoBio/urlesc/tree/de5bf2a) 2663 - github.com/elazarl/goproxy: [947c36d](https://github.com/elazarl/goproxy/tree/947c36d) 2664 - github.com/form3tech-oss/jwt-go: [v3.2.3+incompatible](https://github.com/form3tech-oss/jwt-go/tree/v3.2.3) 2665 - github.com/mattn/go-runewidth: [v0.0.7](https://github.com/mattn/go-runewidth/tree/v0.0.7) 2666 - github.com/mindprince/gonvml: [9ebdce4](https://github.com/mindprince/gonvml/tree/9ebdce4) 2667 - github.com/niemeyer/pretty: [a10e7ca](https://github.com/niemeyer/pretty/tree/a10e7ca) 2668 - github.com/olekukonko/tablewriter: [v0.0.4](https://github.com/olekukonko/tablewriter/tree/v0.0.4) 2669 - sigs.k8s.io/kustomize/kustomize/v4: v4.5.7 2670 2671 2672 2673 # v1.27.0-rc.1 2674 2675 2676 ## Downloads for v1.27.0-rc.1 2677 2678 2679 2680 ### Source Code 2681 2682 filename | sha512 hash 2683 -------- | ----------- 2684 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes.tar.gz) | f6a57401347cb6c6329f4334d0f5b9408125784c13cac8c69288e49fac9fcf057ba9b38340e170c9ee24840bfd9c6e63df5706760837e321efc2ce4da795d6cb 2685 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-src.tar.gz) | 62cca03a925930f58083070e3877df2d3de0fc5a2a96ce4079931fab77c77f10cdd739d1ac9f64c16c3dac107f075c6f112d8ed063e3f466d662e55271487e10 2686 2687 ### Client Binaries 2688 2689 filename | sha512 hash 2690 -------- | ----------- 2691 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-client-darwin-amd64.tar.gz) | 3cf168843bd207f0c277465560c900e09487a3ff5eca6877afc5ca947bf164b7fc20f33c5379783ddf55380ca8370a44e400b37216229496a89309242a6f9bbf 2692 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-client-darwin-arm64.tar.gz) | 1b6c7eab5bb7cfe437400049c1d5bb7320828f975c63f3ac07d9e0ef943799f5fc7e0cd283aa6486da5ada075367447963b1346c96ebdb49632535e2f90dd664 2693 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-client-linux-386.tar.gz) | 7d4e84fd2fa4a06890c9a5a8fc2af2e01c1f3516eb8d164ef4c97a554536f845993f096828469e845392d39576baa7ba5fa125dabeb17c049f8556ff07d941e6 2694 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-client-linux-amd64.tar.gz) | f300c80e465f32b3c365e9c036c02aaaa3e713fa9e7318ce9e426406e07be6f3e6166664d9d940e2c3f073c3044f2d677f32a14e87a1e40acd973625634baf59 2695 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-client-linux-arm.tar.gz) | 5152fddf3a01b83c89070403d37c43b46daad2ccf566f484f9f9eaa776b3d022672d902dbef1edd7b8f4241c035208f83d7049c2cf6b76ef1da8d7ffb41d86b3 2696 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-client-linux-arm64.tar.gz) | 955c4019d6e52475bb6cf1df7d3db70ea6dbe226b54e145260f4470c53a0c12128e747ac0fae9843b2ed9d598eb3fbe964df2999a999f89726abd63feadb7ccf 2697 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-client-linux-ppc64le.tar.gz) | feed26863b79c6a67c3ab7842e11663fa4861982666b451ff13d89c7659482ed08c174b2d70517ef542ba17423e5aff172e30806e17e473815c05d5f6d1c431e 2698 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-client-linux-s390x.tar.gz) | 6d3704b1edc07ff244b85e9a387f283524cc9975a527a23c567af0554ebe61f564d10068fe6af5635d71ed2d9e01ca1dc79716177c449493cbbd32903b4c11fd 2699 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-client-windows-386.tar.gz) | 4abff8190b3e843b603fae1b6236815c7f15510735ed25f24ffe2ed31a0e904495431b9314366a042eadd1312a3c2e7d97ab4748ac0b67bdb0d0c3b0322a4b36 2700 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-client-windows-amd64.tar.gz) | f903c4b8397954a11c10463e1fde15c95805fc048988e66c5d59cba5155e244c12cea98e0502365705c3cae138d251a1a87c2bb29da0e1762e84d08ff225ccc4 2701 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-client-windows-arm64.tar.gz) | 4ac1bcba49774c9eba9a562ebc007bbe5963575c9e55917128171b955cc95bc2447352668fe768130b3013fbc425dfc86ed17e6767d59441e3566a456d6356c7 2702 2703 ### Server Binaries 2704 2705 filename | sha512 hash 2706 -------- | ----------- 2707 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-server-linux-amd64.tar.gz) | 3c726e0583497813ba93953e17ec93805d18129401ad3e851e44c74d4a2ecb45c2340bf82b53e28c4e480222e7cf85fa4270506103233fbad7f38ac751b16c2d 2708 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-server-linux-arm64.tar.gz) | 17ef3d22f86328c2faea3df3b476f5b949e0bab2964f878e2b7b61965381ce3dfe43702aea2cfb9ed191e4e3d41ebbe780eccaa57b943d019cabb2adddafe458 2709 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-server-linux-ppc64le.tar.gz) | d35ba5854c853d095f7588372677f1da2a5b3ef5fde846b8cce2925e7ff4fca21b9f3c9afc8eb82a973027a35918887f2d838cf5c3ec29fb2c7af576a2493efb 2710 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-server-linux-s390x.tar.gz) | 79568358644e993126aaaf14a4126de5abae4ba2cbf59f264de57045189b53c1ead4ce8bdc75592164537ed6b836261feab1f2f5aca07f218ba5c2db1c80318c 2711 2712 ### Node Binaries 2713 2714 filename | sha512 hash 2715 -------- | ----------- 2716 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-node-linux-amd64.tar.gz) | dd1feed73c4d0ea7be79338500ae413dc5f55a69da0e2a27cf8e44d14f49a514b262c69b6069d1cd709564fac6e030cef581204b3d48e5208b9967a9d42b69af 2717 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-node-linux-arm64.tar.gz) | 23421b4f6c4b21168302fa22ddf193f9d2db6a582edfded4cbf88dfa646b1f5f65817165f49bf251cb5c32aaf51a92e425cd92051745f890bfd314a82e292573 2718 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-node-linux-ppc64le.tar.gz) | 9149c0bd4765484351e703d074e1554ca0735bed13bc7da3ba511ba8b6e547337f2c2c904e6db8256306b8089018ac66857a212bcb555034487111c07170c5b6 2719 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-node-linux-s390x.tar.gz) | 1fc2f78314fc7781f5296ebe82cce905eb841bb551919261571f549f3d39f53dd8b9546f060f31209e129ff9a4dafbb50ebfc68741525b01d82639ef8a48e12c 2720 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0-rc.1/kubernetes-node-windows-amd64.tar.gz) | 3ab964ee2fa017e96adf606ce8e8540bc3b79323141548247415e5865dd7447dca4146706cf21a1e36512d6f7950ed866351f9e6427e27c20b27118f81bf5d6c 2721 2722 ### Container Images 2723 2724 All container images are available as manifest lists and support the described 2725 architectures. It is also possible to pull a specific architecture directly by 2726 adding the "-$ARCH" suffix to the container image name. 2727 2728 name | architectures 2729 ---- | ------------- 2730 [registry.k8s.io/conformance:v1.27.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 2731 [registry.k8s.io/kube-apiserver:v1.27.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 2732 [registry.k8s.io/kube-controller-manager:v1.27.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 2733 [registry.k8s.io/kube-proxy:v1.27.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 2734 [registry.k8s.io/kube-scheduler:v1.27.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 2735 2736 ## Changelog since v1.27.0-rc.0 2737 2738 ## Changes by Kind 2739 2740 ### Feature 2741 2742 - Kubernetes is now built with Go 1.20.3 ([#117125](https://github.com/kubernetes/kubernetes/pull/117125), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing] 2743 - Updated distroless iptables to use released image `registry.k8s.io/build-image/distroless-iptables:v0.2.3` ([#117126](https://github.com/kubernetes/kubernetes/pull/117126), [@xmudrii](https://github.com/xmudrii)) [SIG Testing] 2744 2745 ### Bug or Regression 2746 2747 - Recreate DaemonSet pods completed with Succeeded phase ([#117073](https://github.com/kubernetes/kubernetes/pull/117073), [@mimowo](https://github.com/mimowo)) [SIG Apps and Testing] 2748 - The encryption response from KMS v2 plugins is now validated earlier at DEK generation time instead of waiting until an encryption is performed. ([#116877](https://github.com/kubernetes/kubernetes/pull/116877), [@enj](https://github.com/enj)) [SIG API Machinery and Auth] 2749 2750 ## Dependencies 2751 2752 ### Added 2753 _Nothing has changed._ 2754 2755 ### Changed 2756 - github.com/rogpeppe/go-internal: [v1.9.0 → v1.10.0](https://github.com/rogpeppe/go-internal/compare/v1.9.0...v1.10.0) 2757 2758 ### Removed 2759 _Nothing has changed._ 2760 2761 2762 2763 # v1.27.0-rc.0 2764 2765 2766 ## Downloads for v1.27.0-rc.0 2767 2768 2769 2770 ### Source Code 2771 2772 filename | sha512 hash 2773 -------- | ----------- 2774 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes.tar.gz) | 00c1377aacf2540f9dd92538e95e4d676bb77839edf59645dec6be96d4988d64b79f0a2f4a3e604a42a8c06710a88efc86d7c4bdab8d11269aadbbeaa8f02cc0 2775 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-src.tar.gz) | e39d9fe4d1426ad35db1593c75d9bcc1e64178fac46a4c759aeb24cf37e061e1e559ab2fe8d3c4f7f66e813a11aa730aefc06649ba5ff3e8a7ac5b4db79db278 2776 2777 ### Client Binaries 2778 2779 filename | sha512 hash 2780 -------- | ----------- 2781 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-client-darwin-amd64.tar.gz) | 811e5f52ee5f000bbac5ef5f45a7266da96ec56054056e793fab1b39dfcea2c872b6c464d163f9ff445e928750ac7fe04539b38751646c06ec204c10968d3114 2782 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-client-darwin-arm64.tar.gz) | 4a1b6ee903132f23d153369bdf97b40eeb7d111c67f60fa6367909c0bb6dd82ec7ad017ced4cb381bdbe272db514f5e6f12576b8f4b5f384a4cbd544a39268f5 2783 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-client-linux-386.tar.gz) | a422191ad2118c8f1debd73834d5a963d1992441c4c0a917ebfd64818f59038d1971589b9a6f8ba7252949b5bfde62dbfab60da8783502733550c5f65cfae592 2784 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-client-linux-amd64.tar.gz) | aca2b4ff673b381da5a979266395b4eea61c48ba59b6ae81555da21394fd535bb4b408ba584586a1336c02bf0706a90ed53ee9b6d0712519612d60b1c1f7b59c 2785 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-client-linux-arm.tar.gz) | dd5d9d5adc928e114a9a35d1f845fa98b2b236a3937f056adce5c7280f91d7024f013329e3a9a17329f1247c42a1af7c011d37bfb7830937af2cf14babec3dc4 2786 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-client-linux-arm64.tar.gz) | 0dff54bcb39c82a7142dea53ccec384c12637b9b3f261d67338d7ab1508a32897baa29657ffeeaf9bf8e65d11feb25b83349749671c7fb2a38e1a44491f50716 2787 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-client-linux-ppc64le.tar.gz) | 28538ade0567bfd90f3b3975ba4e1e5c986fc2a0e7e02d4cd5f93b22a9f7ec9a0b82226938a0512a1b95149e5d801c16b46c9181aff33cf4b02ec958fefdcd73 2788 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-client-linux-s390x.tar.gz) | 39cbbed42e2e53955e0b76306046f7ad06a88a800902c76584fe9a8a2741349c1cd74ebf4e9d0c7711e5721dd2b028df3f882eeee7242596c747b39f7ddadf87 2789 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-client-windows-386.tar.gz) | 6f5947e9d4760bb00393d9bd8a2a5d389306cb51e0cc46012becaaa2ebbc4f6d0b63d239a7b99f24136ec6ce50ea51032659a68daedd79b8a494acc2cc966e09 2790 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-client-windows-amd64.tar.gz) | 5436de39bcb3edbc7db16e8628e161a0c1fea9cf501ec6969622f3980c2b009f62137f9a60bff77b33751d3188f24812b13bafe4b397e341cd3e8979459f9972 2791 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-client-windows-arm64.tar.gz) | 9390bc41779539e2475e992969a6f41eb68f82082d75abb793a8c9b832b86f4de42be6e313fb963b9e50ec9fd3265d9b8c8b223f7999d823a74062baaf536406 2792 2793 ### Server Binaries 2794 2795 filename | sha512 hash 2796 -------- | ----------- 2797 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-server-linux-amd64.tar.gz) | 652e12dd953d3dbd0fc11c02d145cfe608c41639077a056cc8ecef8d427a73c937d5fc341b8d7e4adb9a68bb6babc3165315106fe554a7ea961f1e1a45cf9566 2798 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-server-linux-arm64.tar.gz) | c2d93520b9a7e6554207477527f408698d1b086c9ee6c6c5716f42e007367b15d1d137c723768d0d8b55cc4f1b32e5f2c57bb05b589c3a2ffe71af9c5626e303 2799 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-server-linux-ppc64le.tar.gz) | f388a0b93b722814e51c0de14dd332fbe4517549a717237fa3d2d75503d5f0db7d73db154e07bc958e40ca4bea11f88312b5c8b334b77d9494637b0da4046b2e 2800 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-server-linux-s390x.tar.gz) | 2ff2af56a4306b807e6792524489c4e2e04b2e9b661b767fe9efa34ede151ff6281b30d2a86332ea9ad69ef3031d96aa072bd099a893ad8db0be81c5c1215d98 2801 2802 ### Node Binaries 2803 2804 filename | sha512 hash 2805 -------- | ----------- 2806 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-node-linux-amd64.tar.gz) | 2fbe286b501a1d84bad54c035fd5daecff6268b21adec003ad90b5c6c813964d00853e8014ea8d4fc9e748586801f3231ad5fa405f213c1fc15b5b0e1819eda8 2807 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-node-linux-arm64.tar.gz) | 1531ac12836e354269f2c0df254593d37f5860352a408c931594735212aa3504fd0ba21bee6ac8df0081d9502d307f093d6932536bd6a48124884e8925a2a76d 2808 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-node-linux-ppc64le.tar.gz) | 87e3599e471a33e922235d6c54eb76c477100c04b185d897896b2942396b609492e851f5537de46b08973732e7518ccdbf5fe88c015b1479bf899e6e8c2549b4 2809 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-node-linux-s390x.tar.gz) | 4c67645f9658809cf4357f94c0a8363a9ef4535ee07e7212565443f5e35a3037d87293a57e4b5fdc7cdca4ef946f8f0e1db09f4db87d747230da21df5f59bd8b 2810 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0-rc.0/kubernetes-node-windows-amd64.tar.gz) | e5bd3034027e38bfe9ffd81f85a3d4c5f5a3e07542d5d718aa4e89d4d4662530316ac7c3b17bbaeb514ecdcc553117688c58899d067b89ffc0e8f3a282e119c2 2811 2812 ### Container Images 2813 2814 All container images are available as manifest lists and support the described 2815 architectures. It is also possible to pull a specific architecture directly by 2816 adding the "-$ARCH" suffix to the container image name. 2817 2818 name | architectures 2819 ---- | ------------- 2820 [registry.k8s.io/conformance:v1.27.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 2821 [registry.k8s.io/kube-apiserver:v1.27.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 2822 [registry.k8s.io/kube-controller-manager:v1.27.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 2823 [registry.k8s.io/kube-proxy:v1.27.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 2824 [registry.k8s.io/kube-scheduler:v1.27.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 2825 2826 ## Changelog since v1.27.0-beta.0 2827 2828 ## Changes by Kind 2829 2830 ### API Change 2831 2832 - Added a new alpha API: ClusterTrustBundle (`certificates.k8s.io/v1alpha1`). 2833 A ClusterTrustBundle may be used to distribute [X.509](https://www.itu.int/rec/T-REC-X.509) trust anchors to workloads within the cluster. ([#113218](https://github.com/kubernetes/kubernetes/pull/113218), [@ahmedtd](https://github.com/ahmedtd)) [SIG API Machinery, Auth and Testing] 2834 - Remove `kubernetes.io/grpc` standard appProtocol ([#116866](https://github.com/kubernetes/kubernetes/pull/116866), [@LiorLieberman](https://github.com/LiorLieberman)) [SIG API Machinery and Apps] 2835 2836 ### Feature 2837 2838 - Give terminal phase correctly to all pods that will not be restarted. 2839 2840 In particular, assign Failed phase to pods which are deleted while pending. Also, assign a terminal 2841 phase (Succeeded or Failed, depending on the exit statuses of the pod containers) to pods which 2842 are deleted while running. 2843 2844 This fixes the issue for jobs using pod failure policy (with JobPodFailurePolicy and PodDisruptionConditions 2845 feature gates enabled) that their pods could get stuck in the pending phase when deleted. ([#115331](https://github.com/kubernetes/kubernetes/pull/115331), [@mimowo](https://github.com/mimowo)) [SIG Cloud Provider, Node and Testing] 2846 2847 ### Bug or Regression 2848 2849 - Fixed two regressions introduced by the PodDisruptionConditions feature (on by default in 1.26): 2850 - pod eviction API calls returned spurious precondition errors and required a second evict API call to succeed 2851 - dry-run eviction API calls persisted a DisruptionTarget condition into the pod being evicted ([#116554](https://github.com/kubernetes/kubernetes/pull/116554), [@atiratree](https://github.com/atiratree)) [SIG API Machinery and Testing] 2852 - Fixes a regression in the pod binding subresource to honor the `metadata.uid` precondition. 2853 This allows kube-scheduler to ensure it is assigns node names to the same instances of pods it made scheduling decisions for. ([#116550](https://github.com/kubernetes/kubernetes/pull/116550), [@alculquicondor](https://github.com/alculquicondor)) [SIG API Machinery and Testing] 2854 - Fixes bug in beta aggregated discovery endpoint which caused CRD discovery information to be temporarily missing when an Aggregated APIService with the same GroupVersion is deleted (and vice versa). ([#116770](https://github.com/kubernetes/kubernetes/pull/116770), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery and Testing] 2855 2856 ## Dependencies 2857 2858 ### Added 2859 _Nothing has changed._ 2860 2861 ### Changed 2862 _Nothing has changed._ 2863 2864 ### Removed 2865 _Nothing has changed._ 2866 2867 2868 2869 # v1.27.0-beta.0 2870 2871 2872 ## Downloads for v1.27.0-beta.0 2873 2874 2875 2876 ### Source Code 2877 2878 filename | sha512 hash 2879 -------- | ----------- 2880 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes.tar.gz) | a648cbc81d762e1b37f673871906ebe7f3b871f0a3c527d0dcfb5d20a9f4eff519354155d6a2cec8deabc2f0e9db8bb4b6ac2215597a11caad396e9d31461944 2881 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-src.tar.gz) | 2cb02e63a58590dc65962f42a6be484b804595adbecb1bcbfaf94186004bb3f9e0000aa8be9e1fb270de89733ea3baa0853211673e8c2f76d6be436782bba5dd 2882 2883 ### Client Binaries 2884 2885 filename | sha512 hash 2886 -------- | ----------- 2887 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-client-darwin-amd64.tar.gz) | 957d1abe4282ae6bba75732b83f858b5c3a61de4148c947862bbc90f0ecf290a3cd94eb267da2127bb2ff28237a50c0b913c261c014e06580a766f69e4b45d5b 2888 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-client-darwin-arm64.tar.gz) | 5827723ec6bc6f0d96cd20046bd736a3045f168cbf78a9064645f0e94653f3e751bcca6d18836aa038cb726ab991a48b1451fcc00bd0e751eb0af30d7bf002aa 2889 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-client-linux-386.tar.gz) | bdacf9b42269238e97b6301a975c4accd7363a05a63a35305d0d74916c138c70985491ac9d13a152d0b10609f265aede4a910ebed61bdf1b8a37264773dffd3b 2890 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-client-linux-amd64.tar.gz) | e139daa8df28d13ad8625c819ba94e6e4dd7805c89dd2a0bba6ce478a2bc7d9b52a3fccc18de08c13dca1b98c693d50d37599e8a3b34b7a1f39401098dea2df5 2891 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-client-linux-arm.tar.gz) | 3f669851c6317d67bbcae591056ee9cfda6e9bca3eeac02cc41eae35db3448e745e123ab75da8b9dbb546172b07d625bf821da3b0a1b6420d41140eb7b96b474 2892 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-client-linux-arm64.tar.gz) | c8f394650db292a117e1db5a76775541087ab0da9b3d43041d50f3126ef47a0dcb65ebbe61d8be9bdb67adce1c43d5f7a695ff0b9909c8c9461d6937ebe9160f 2893 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-client-linux-ppc64le.tar.gz) | 83b51c787f57b698584c3c585a772470819260008808a2102a9e765ef1458d9bb536aeb3e2587d391c6efb06d56326f1c8b47f12ab98069d1605ef210ecd6e8c 2894 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-client-linux-s390x.tar.gz) | d79766f56263a78549d7e2bc8f93977d8730435beeb7fe9413686d09ac6a6edc8a868621023623656782272e518fa7955275ab0d4aecb8a71cb4ba544dd5f77d 2895 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-client-windows-386.tar.gz) | 399741ba92a59c0c3640f4d4d0c961b63bd24ba8a5ce036f4a82dcd040a0d2873e7e3237af10da1b2982af5ca6ae8edb2a4d023db3af87dfae6c90528a487de3 2896 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-client-windows-amd64.tar.gz) | 3eba7adbb6c7c386d04bdddcd6d66ca7f5799789680c7fbb9216a0520884264dc5fdb35a0417d03d77955097c6341a30e3e07d077266c2ed2f96d1765f344e39 2897 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-client-windows-arm64.tar.gz) | 158475196f75764dd115e187a5fb27894367a8a2ddad755e3d542e5f225fe9bad476f592c0b7fad2a3dded4638ccec2a1f717eec4d04c8e510334a3a410e0541 2898 2899 ### Server Binaries 2900 2901 filename | sha512 hash 2902 -------- | ----------- 2903 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-server-linux-amd64.tar.gz) | fb9caa627e77d1bd39b11106dd95c9dd008c5d418234636a0beddd48e59c980d4924ed3006133e20d2ac0715a4353d14a90f7ebc5345804f24160a13efb7a2b5 2904 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-server-linux-arm64.tar.gz) | 34f61cfeba8adf7fd3dd83599e34ed36d5942a41904f0430a7b8a5078d306283a4dd7eec40716c8aa6f4ff87dea1faa588fff66a2c388aac8c7b461a64366c33 2905 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-server-linux-ppc64le.tar.gz) | c37a226fa7b6d35b32420c13e67482820f4b23cd9dc9c23820d8f3024bf969d2acc96dd31267a964a73e3a4a61a046c778ab3443598b111eccbf20a682b93f40 2906 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-server-linux-s390x.tar.gz) | b2f29641f5756bb77b048cd336997e89ae50236fb32a7b425c348fab1f077534facce6c90ad9650dd2db5b708bff1ddabb478e29fc69f32b59e5ded247665840 2907 2908 ### Node Binaries 2909 2910 filename | sha512 hash 2911 -------- | ----------- 2912 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-node-linux-amd64.tar.gz) | 305ee41682bb222e040134e75aefeda6cad1f81f4af761c514bb5d66fe83d42dd993c0a118c178a9e8abd6d2ae3fdb7b70c0509f1134f032c2ef2ef2bc103d81 2913 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-node-linux-arm64.tar.gz) | 6bc84fb35f278742734ac0c6265d6f2d654a7d57d65e98d597ba4c438b7ea20033e0431515f120fbcbf2fb6e99d3f50d4b4ecfc88e3705d08fc949b7f42c3776 2914 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-node-linux-ppc64le.tar.gz) | 638ad423ddbc52179320fe497f775d50c210745044aca9cea00c674dc1e710e979b7fca564811ccae99b801582e075194b09a00548f789740e0e6c4791309bdc 2915 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-node-linux-s390x.tar.gz) | 4874d3e34145c19973aa130c3f2c4eb5b01991142eb9bbf7391378bb6f83179a163659c80b3e45526cf334f7c63868502381afce18205ab92c521f4c911e3179 2916 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0-beta.0/kubernetes-node-windows-amd64.tar.gz) | 5d3e9e88577e5be11d56e65d76cec6ab931811f106fd1683551d9b2514ec8edf21f39c6512adc3ce901862f015b28237fc1774b0ccfaf771f106237a2ed599c6 2917 2918 ### Container Images 2919 2920 All container images are available as manifest lists and support the described 2921 architectures. It is also possible to pull a specific architecture directly by 2922 adding the "-$ARCH" suffix to the container image name. 2923 2924 name | architectures 2925 ---- | ------------- 2926 [registry.k8s.io/conformance:v1.27.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 2927 [registry.k8s.io/kube-apiserver:v1.27.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 2928 [registry.k8s.io/kube-controller-manager:v1.27.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 2929 [registry.k8s.io/kube-proxy:v1.27.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 2930 [registry.k8s.io/kube-scheduler:v1.27.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 2931 2932 ## Changelog since v1.27.0-alpha.3 2933 2934 ## Urgent Upgrade Notes 2935 2936 ### (No, really, you MUST read this before you upgrade) 2937 2938 - The `IPv6DualStack` feature gate for external cloud providers was removed. 2939 (The feature became GA in 1.23 and the gate was removed for all other 2940 components several releases ago.) If you were still manually 2941 enabling it you must stop now. ([#116255](https://github.com/kubernetes/kubernetes/pull/116255), [@danwinship](https://github.com/danwinship)) [SIG API Machinery, Cloud Provider and Network] 2942 2943 ## Changes by Kind 2944 2945 ### Deprecation 2946 2947 - The alpha SecurityContextDeny admission plugin is deprecated and now requires enabling the alpha `SecurityContextDeny` feature gate to use. It will be removed in a future version. ([#115879](https://github.com/kubernetes/kubernetes/pull/115879), [@mtardy](https://github.com/mtardy)) [SIG Auth] 2948 2949 ### API Change 2950 2951 - API: resource.k8s.io/v1alpha1.PodScheduling was renamed to resource.k8s.io/v1alpha2.PodSchedulingContext. ([#116556](https://github.com/kubernetes/kubernetes/pull/116556), [@pohly](https://github.com/pohly)) [SIG API Machinery, Apps, Auth, CLI, Node, Scheduling and Testing] 2952 - APIServerTracing feature gate is now enabled by default. Tracing in the API Server is still disabled by default, and requires a config file to enable. ([#116144](https://github.com/kubernetes/kubernetes/pull/116144), [@dashpole](https://github.com/dashpole)) [SIG API Machinery and Testing] 2953 - Added CEL runtime cost calculation into ValidatingAdmissionPolicy, matching the evaluation cost 2954 restrictions that already apply to CustomResourceDefinition. 2955 If rule evaluation uses more compute than the limit, the API server aborts the evaluation and the 2956 admission check that was being performed is aborted; the `failurePolicy` for the ValidatingAdmissionPolicy 2957 determines the outcome. ([#115747](https://github.com/kubernetes/kubernetes/pull/115747), [@cici37](https://github.com/cici37)) [SIG API Machinery] 2958 - Added `messageExpression` to `ValidatingAdmissionPolicy`, to set custom failure message via CEL expression. ([#116397](https://github.com/kubernetes/kubernetes/pull/116397), [@jiahuif](https://github.com/jiahuif)) [SIG API Machinery] 2959 - Added a new IPAddress object kind 2960 - Added a new ClusterIP allocator. The new allocator removes previous Service CIDR block size limitations for IPv4, and limits IPv6 size to a /64 ([#115075](https://github.com/kubernetes/kubernetes/pull/115075), [@aojea](https://github.com/aojea)) [SIG API Machinery, Apps, Auth, CLI, Cluster Lifecycle, Network and Testing] 2961 - Added a new alpha API: ClusterTrustBundle (`certificates.k8s.io/v1alpha1`). 2962 A ClusterTrustBundle may be used to distribute [X.509](https://www.itu.int/rec/T-REC-X.509) trust anchors to workloads within the cluster. ([#113218](https://github.com/kubernetes/kubernetes/pull/113218), [@ahmedtd](https://github.com/ahmedtd)) [SIG API Machinery, Auth and Testing] 2963 - Added authorization check support to the CEL expressions of ValidatingAdmissionPolicy via a `authorizer` 2964 variable with expressions. The new variable provides a builder that allows expressions such `authorizer.group('').resource('pods').check('create').allowed()`. ([#116054](https://github.com/kubernetes/kubernetes/pull/116054), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery and Testing] 2965 - Added matchConditions field to ValidatingAdmissionPolicy, enabled support for CEL based custom match criteria. ([#116350](https://github.com/kubernetes/kubernetes/pull/116350), [@maxsmythe](https://github.com/maxsmythe)) [SIG API Machinery and Testing] 2966 - Added messageExpression field to ValidationRule. (#115969, @DangerOnTheRanger) ([#115969](https://github.com/kubernetes/kubernetes/pull/115969), [@DangerOnTheRanger](https://github.com/DangerOnTheRanger)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Instrumentation, Node and Testing] 2967 - Added the `MatchConditions` field to `ValidatingWebhookConfiguration` and `MutatingWebhookConfiguration` for the v1beta and v1 apis. 2968 2969 The `AdmissionWebhookMatchConditions` featuregate is now in Alpha ([#116261](https://github.com/kubernetes/kubernetes/pull/116261), [@ivelichkovich](https://github.com/ivelichkovich)) [SIG API Machinery and Testing] 2970 - Added validation to ensure that if `service.kubernetes.io/topology-aware-hints` and `service.kubernetes.io/topology-mode` annotations are both set, they are set to the same value. 2971 - Added deprecation warning if `service.kubernetes.io/topology-aware-hints` annotation is used. ([#116612](https://github.com/kubernetes/kubernetes/pull/116612), [@robscott](https://github.com/robscott)) [SIG Apps, Network and Testing] 2972 - Adds auditAnnotations to ValidatingAdmissionPolicy, enabling CEL to be used to add audit annotations to request audit events. 2973 Adds validationActions to ValidatingAdmissionPolicyBinding, enabling validation failures to be handled by any combination of the warn, audit and deny enforcement actions. ([#115973](https://github.com/kubernetes/kubernetes/pull/115973), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery and Testing] 2974 - Adds feature gate `NodeLogQuery` which provides cluster administrators with a streaming view of logs using kubectl without them having to implement a client side reader or logging into the node. ([#96120](https://github.com/kubernetes/kubernetes/pull/96120), [@LorbusChris](https://github.com/LorbusChris)) [SIG API Machinery, Apps, CLI, Node, Testing and Windows] 2975 - Api: validation of a PodSpec now rejects invalid ResourceClaim and ResourceClaimTemplate names. For a pod, the name generated for the ResourceClaim when using a template also must be valid. ([#116576](https://github.com/kubernetes/kubernetes/pull/116576), [@pohly](https://github.com/pohly)) [SIG Apps] 2976 - Bump default API QPS limits for Kubelet. ([#116121](https://github.com/kubernetes/kubernetes/pull/116121), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery and Node] 2977 - Enable the "StatefulSetStartOrdinal" feature gate in beta ([#115260](https://github.com/kubernetes/kubernetes/pull/115260), [@pwschuurman](https://github.com/pwschuurman)) [SIG API Machinery and Apps] 2978 - Extended the kubelet's PodResources API to include resources allocated in `ResourceClaims` via `DynamicResourceAllocation`. Additionally, added a new `Get()` method to query a specific pod for its resources. ([#115847](https://github.com/kubernetes/kubernetes/pull/115847), [@moshe010](https://github.com/moshe010)) [SIG Node] 2979 - Forbid to set matchLabelKeys when labelSelector isn’t set in topologySpreadConstraints ([#116535](https://github.com/kubernetes/kubernetes/pull/116535), [@denkensk](https://github.com/denkensk)) [SIG API Machinery, Apps and Scheduling] 2980 - GCE does not support LoadBalancer Services with ports with different protocols (TCP and UDP) ([#115966](https://github.com/kubernetes/kubernetes/pull/115966), [@aojea](https://github.com/aojea)) [SIG Apps and Cloud Provider] 2981 - GRPC probes are now a GA feature. GRPCContainerProbe feature gate was locked to default value and will be removed in v1.29. If you were setting this feature gate explicitly, please remove it now. ([#116233](https://github.com/kubernetes/kubernetes/pull/116233), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) [SIG API Machinery, Apps and Node] 2982 - Graduate Kubelet Topology Manager to GA. ([#116093](https://github.com/kubernetes/kubernetes/pull/116093), [@swatisehgal](https://github.com/swatisehgal)) [SIG API Machinery, Node and Testing] 2983 - Graduate `KubeletTracing` to beta, which means that the feature gate is now enabled by default. ([#115750](https://github.com/kubernetes/kubernetes/pull/115750), [@saschagrunert](https://github.com/saschagrunert)) [SIG Instrumentation and Node] 2984 - Graduate the container resource metrics feature on HPA to beta. ([#116046](https://github.com/kubernetes/kubernetes/pull/116046), [@sanposhiho](https://github.com/sanposhiho)) [SIG Autoscaling] 2985 - Introduced a breaking change to the `resource.k8s.io` API in its `AllocationResult` struct. This change allows a kubelet plugin for the `DynamicResourceAllocation` feature to service allocations from multiple resource driver controllers. ([#116332](https://github.com/kubernetes/kubernetes/pull/116332), [@klueska](https://github.com/klueska)) [SIG API Machinery, Apps, CLI, Node, Scheduling and Testing] 2986 - Introduces new alpha functionality to the reflector, allowing user to enable API streaming. 2987 2988 To activate this feature, users can set the `ENABLE_CLIENT_GO_WATCH_LIST_ALPHA` environmental variable. 2989 It is important to note that the server must support streaming for this feature to function properly. 2990 If streaming is not supported by the server, the reflector will revert to the previous method 2991 of obtaining data through LIST/WATCH semantics. ([#110772](https://github.com/kubernetes/kubernetes/pull/110772), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery] 2992 - Kubelet: change MemoryThrottlingFactor default value to 0.9 and formulas to calculate memory.high ([#115371](https://github.com/kubernetes/kubernetes/pull/115371), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery, Apps and Node] 2993 - Migrated the DaemonSet controller (within `kube-controller-manager) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging) ([#113622](https://github.com/kubernetes/kubernetes/pull/113622), [@249043822](https://github.com/249043822)) [SIG API Machinery, Apps, Instrumentation and Testing] 2994 - New `service.kubernetes.io/topology-mode` annotation has been introduced as a replacement for the `service.kubernetes.io/topology-aware-hints` annotation. 2995 - `service.kubernetes.io/topology-aware-hints` annotation has been deprecated. 2996 - kube-proxy now accepts any value that is not "disabled" for these annotations, enabling custom implementation-specific and/or future built-in heuristics to be used. ([#116522](https://github.com/kubernetes/kubernetes/pull/116522), [@robscott](https://github.com/robscott)) [SIG Apps, Network and Testing] 2997 - NodeResourceFit and NodeResourcesBalancedAllocation implement the PreScore extension point for a more performant calculation. ([#115655](https://github.com/kubernetes/kubernetes/pull/115655), [@tangwz](https://github.com/tangwz)) [SIG Scheduling] 2998 - Pods owned by a Job will now use the labels `batch.kubernetes.io/job-name` and `batch.kubernetes.io/controller-uid`. 2999 The legacy labels `job-name` and `controller-uid` are still added for compatibility. ([#114930](https://github.com/kubernetes/kubernetes/pull/114930), [@kannon92](https://github.com/kannon92)) [SIG Apps] 3000 - Promote CronJobTimeZone feature to GA ([#115904](https://github.com/kubernetes/kubernetes/pull/115904), [@soltysh](https://github.com/soltysh)) [SIG API Machinery and Apps] 3001 - Promoted `SelfSubjectReview` to Beta ([#116274](https://github.com/kubernetes/kubernetes/pull/116274), [@nabokihms](https://github.com/nabokihms)) [SIG API Machinery, Auth, CLI and Testing] 3002 - Relax API validation to allow pod node selector to be mutable for gated pods (additions only, no deletions or mutations). ([#116161](https://github.com/kubernetes/kubernetes/pull/116161), [@danielvegamyhre](https://github.com/danielvegamyhre)) [SIG Apps, Scheduling and Testing] 3003 - Remove deprecated `--enable-taint-manager` and `--pod-eviction-timeout` CLI flags ([#115840](https://github.com/kubernetes/kubernetes/pull/115840), [@atosatto](https://github.com/atosatto)) [SIG API Machinery, Apps, Node and Testing] 3004 - Resource.k8s.io/v1alpha1 was replaced with resource.k8s.io/v1alpha2. Before upgrading a cluster, all objects in resource.k8s.io/v1alpha1 (ResourceClaim, ResourceClaimTemplate, ResourceClass, PodScheduling) must be deleted. The changes will be internal, so YAML files which create pods and resource claims don't need changes except for the newer `apiVersion`. ([#116299](https://github.com/kubernetes/kubernetes/pull/116299), [@pohly](https://github.com/pohly)) [SIG API Machinery, Apps, CLI, Node, Scheduling and Testing] 3005 - SELinuxMountReadWriteOncePod graduated to Beta. ([#116425](https://github.com/kubernetes/kubernetes/pull/116425), [@jsafrane](https://github.com/jsafrane)) [SIG Storage and Testing] 3006 - StatefulSetAutoDeletePVC feature gate promoted to beta. ([#116501](https://github.com/kubernetes/kubernetes/pull/116501), [@mattcary](https://github.com/mattcary)) [SIG Apps, Auth and Testing] 3007 - The API server now re-uses data encryption keys while the kms v2 plugin's key ID is stable. Data encryption keys are still randomly generated on server start but an atomic counter is used to prevent nonce collisions. ([#116155](https://github.com/kubernetes/kubernetes/pull/116155), [@enj](https://github.com/enj)) [SIG API Machinery, Auth and Testing] 3008 - The API server's encryption at rest configuration now allows the use of wildcards in the list of resources. For example, '*.*' can be used to encrypt all resources, including all current and future custom resources. ([#115149](https://github.com/kubernetes/kubernetes/pull/115149), [@nilekhc](https://github.com/nilekhc)) [SIG API Machinery, Auth and Testing] 3009 - Update KMSv2 to beta ([#115123](https://github.com/kubernetes/kubernetes/pull/115123), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth and Testing] 3010 - Updated: Redefine AppProtocol field description and add new standard values ([#115433](https://github.com/kubernetes/kubernetes/pull/115433), [@LiorLieberman](https://github.com/LiorLieberman)) [SIG API Machinery, Apps and Network] 3011 - ValidatingAdmissionPolicy now provides a status field that contains results of type checking the validation expression. 3012 The type checking is fully informational, and the behavior of the policy is unchanged. ([#115668](https://github.com/kubernetes/kubernetes/pull/115668), [@jiahuif](https://github.com/jiahuif)) [SIG API Machinery, Auth, Cloud Provider and Testing] 3013 - We have removed support for the v1alpha1 kubeletplugin API of DynamicResourceManagement. All plugins must update to v1alpha2 in order to function properly going forward. ([#116558](https://github.com/kubernetes/kubernetes/pull/116558), [@klueska](https://github.com/klueska)) [SIG API Machinery, Apps, CLI, Node, Scheduling and Testing] 3014 3015 ### Feature 3016 3017 - #### Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: 3018 3019 <!-- 3020 This section can be blank if this pull request does not require a release note. 3021 3022 When adding links which point to resources within git repositories, like 3023 KEPs or supporting documentation, please reference a specific commit and avoid 3024 linking directly to the master branch. This ensures that links reference a 3025 specific point in time, rather than a document that may change over time. 3026 3027 See here for guidance on getting permanent links to files: https://help.github.com/en/articles/getting-permanent-links-to-files 3028 3029 Please use the following format for linking documentation: 3030 - [KEP]: <link> 3031 - [Usage]: <link> 3032 - [Other doc]: <link> 3033 --> ([#113428](https://github.com/kubernetes/kubernetes/pull/113428), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG API Machinery, Apps, Instrumentation and Testing] 3034 - Add e2e test to node expand volume with secret ([#115451](https://github.com/kubernetes/kubernetes/pull/115451), [@zhucan](https://github.com/zhucan)) [SIG Storage and Testing] 3035 - Added NewVolumeManagerReconstruction feature gate and enable it by default to enable updated discovery of mounted volumes during kubelet startup. Please watch for kubelet getting stuck at startup and / or not unmounting volumes from deleted Pods and report any issues in this area. ([#115268](https://github.com/kubernetes/kubernetes/pull/115268), [@jsafrane](https://github.com/jsafrane)) [SIG Node and Storage] 3036 - Added metrics for volume reconstruction during kubelet startup. ([#115965](https://github.com/kubernetes/kubernetes/pull/115965), [@jsafrane](https://github.com/jsafrane)) [SIG Node and Storage] 3037 - Added the ability to host webhooks in the cloud controller manager. ([#108838](https://github.com/kubernetes/kubernetes/pull/108838), [@nckturner](https://github.com/nckturner)) [SIG API Machinery, Cloud Provider and Testing] 3038 - Adding e2e tests for kubectl --subresource for beta graduation ([#116590](https://github.com/kubernetes/kubernetes/pull/116590), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) [SIG CLI and Testing] 3039 - Adds --output plaintext-openapiv2 argument to kubectl explain to use old openapiv2 `explain` implementation. ([#115480](https://github.com/kubernetes/kubernetes/pull/115480), [@alexzielenski](https://github.com/alexzielenski)) [SIG Architecture, Auth, CLI, Cloud Provider and Node] 3040 - By enabling the `UserNamespacesStatelessPodsSupport` feature gate in kubelet, you can now run a stateless pod in a separate user namespace ([#116377](https://github.com/kubernetes/kubernetes/pull/116377), [@giuseppe](https://github.com/giuseppe)) [SIG Apps, Node and Storage] 3041 - By enabling the alpha `CloudNodeIPs` feature gate in kubelet and the cloud 3042 provider, you can now specify a dual-stack `--node-ip` value (when using an 3043 external cloud provider that supports that functionality). ([#116305](https://github.com/kubernetes/kubernetes/pull/116305), [@danwinship](https://github.com/danwinship)) [SIG API Machinery, Cloud Provider, Network and Node] 3044 - Change kubectl --subresource flag to beta ([#116595](https://github.com/kubernetes/kubernetes/pull/116595), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) [SIG CLI] 3045 - Changed metrics for aggregated discovery to publish new time series (alpha). ([#115630](https://github.com/kubernetes/kubernetes/pull/115630), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery and Testing] 3046 - Graduate CRI Events driven Pod LifeCycle Event Generator (Evented PLEG) to Beta ([#115967](https://github.com/kubernetes/kubernetes/pull/115967), [@harche](https://github.com/harche)) [SIG Node] 3047 - Graduated `matchLabelKeys` in `podTopologySpread` to Beta ([#116291](https://github.com/kubernetes/kubernetes/pull/116291), [@denkensk](https://github.com/denkensk)) [SIG Scheduling] 3048 - Graduates the CSINodeExpandSecret feature to Beta. This feature facilitates passing secrets to CSI driver as part of Node Expansion CSI operation. ([#115621](https://github.com/kubernetes/kubernetes/pull/115621), [@humblec](https://github.com/humblec)) [SIG Storage] 3049 - HPA controller exposes the following metrics from the kube-controller-manager. 3050 - `metric_computation_duration_seconds`: Number of metric computations. 3051 - `metric_computation_total`: The time(seconds) that the HPA controller takes to calculate one metric. ([#116326](https://github.com/kubernetes/kubernetes/pull/116326), [@sanposhiho](https://github.com/sanposhiho)) [SIG Apps, Autoscaling and Instrumentation] 3052 - HPA controller starts to expose metrics from the kube-controller-manager. 3053 - `reconciliations_total`: Number of reconciliation of HPA controller. 3054 - `reconciliation_duration_seconds`: The time(seconds) that the HPA controller takes to reconcile once. ([#116010](https://github.com/kubernetes/kubernetes/pull/116010), [@sanposhiho](https://github.com/sanposhiho)) [SIG Apps, Autoscaling and Instrumentation] 3055 - Kube-scheduler: Optimized implementation of null labelSelector in topology spreading. ([#116607](https://github.com/kubernetes/kubernetes/pull/116607), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling] 3056 - Kubelet allows pods to use the `net.ipv4.ip_local_reserved_ports` sysctl by default and the minimal kernel version is 3.16; Pod Security admission allows this sysctl in v1.27+ versions of the baseline and restricted policies. ([#115374](https://github.com/kubernetes/kubernetes/pull/115374), [@pacoxu](https://github.com/pacoxu)) [SIG Auth, Network and Node] 3057 - Kubernetes is now built with go 1.20.2 ([#116404](https://github.com/kubernetes/kubernetes/pull/116404), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 3058 - Locks CSIMigrationvSphere feature gate. ([#116610](https://github.com/kubernetes/kubernetes/pull/116610), [@xing-yang](https://github.com/xing-yang)) [SIG Storage] 3059 - Make `apiextensions-apiserver` binary linking static (also affects the deb and rpm packages). ([#114226](https://github.com/kubernetes/kubernetes/pull/114226), [@saschagrunert](https://github.com/saschagrunert)) [SIG API Machinery and Release] 3060 - Make `kube-aggregator` binary linking static (also affects the deb and rpm packages). ([#114227](https://github.com/kubernetes/kubernetes/pull/114227), [@saschagrunert](https://github.com/saschagrunert)) [SIG API Machinery and Release] 3061 - Migrated controller helper functions to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#115049](https://github.com/kubernetes/kubernetes/pull/115049), [@fatsheep9146](https://github.com/fatsheep9146)) [SIG Apps] 3062 - Migrated the ClusterRole aggregation controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113910](https://github.com/kubernetes/kubernetes/pull/113910), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG API Machinery, Apps and Instrumentation] 3063 - Migrated the Deployment controller (within `kube-controller-manager) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging) ([#113525](https://github.com/kubernetes/kubernetes/pull/113525), [@249043822](https://github.com/249043822)) [SIG API Machinery, Apps, Instrumentation and Testing] 3064 - Migrated the StatefulSet controller (within `kube-controller-manager) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging) ([#113840](https://github.com/kubernetes/kubernetes/pull/113840), [@249043822](https://github.com/249043822)) [SIG API Machinery, Apps, Instrumentation and Testing] 3065 - Migrated the bootstrap signer controller and the token cleaner controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113464](https://github.com/kubernetes/kubernetes/pull/113464), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG API Machinery, Apps and Instrumentation] 3066 - Migrated the defaultbinder scheduler plugin to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#116571](https://github.com/kubernetes/kubernetes/pull/116571), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG Instrumentation and Scheduling] 3067 - Migrated the main kube-controller-manager binary to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#116529](https://github.com/kubernetes/kubernetes/pull/116529), [@pohly](https://github.com/pohly)) [SIG API Machinery, Apps, Auth and Node] 3068 - Migrated the replicaset controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#114871](https://github.com/kubernetes/kubernetes/pull/114871), [@Namanl2001](https://github.com/Namanl2001)) [SIG API Machinery, Apps, Instrumentation and Testing] 3069 - Migrated the service-account controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#114918](https://github.com/kubernetes/kubernetes/pull/114918), [@Namanl2001](https://github.com/Namanl2001)) [SIG API Machinery, Apps, Auth, Instrumentation and Testing] 3070 - Migrated the volume attach/detach controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). 3071 Migrated the PersistentVolumeClaim protection controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). 3072 Migrated the PersistentVolume protection controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113584](https://github.com/kubernetes/kubernetes/pull/113584), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG API Machinery, Apps, Instrumentation, Node, Scheduling, Storage and Testing] 3073 - Migrated the “TTL after finished” controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113916](https://github.com/kubernetes/kubernetes/pull/113916), [@songxiao-wang87](https://github.com/songxiao-wang87)) [SIG API Machinery, Apps, Instrumentation and Testing] 3074 - New "plugin_evaluation_total" is added to the scheduler. 3075 This metric counts how many times the specific plugin affects the scheduling result. The metric doesn't get incremented when the plugin has nothing to do with an incoming Pod. ([#115082](https://github.com/kubernetes/kubernetes/pull/115082), [@sanposhiho](https://github.com/sanposhiho)) [SIG Instrumentation and Scheduling] 3076 - Promote `whoami` kubectl command. ([#116510](https://github.com/kubernetes/kubernetes/pull/116510), [@nabokihms](https://github.com/nabokihms)) [SIG Auth and CLI] 3077 - Promote aggregated discovery endpoint to beta and it will be enabled by default ([#116108](https://github.com/kubernetes/kubernetes/pull/116108), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery] 3078 - Promoted `OpenAPIV3` to GA ([#116235](https://github.com/kubernetes/kubernetes/pull/116235), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery] 3079 - StorageVersionGC (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113986](https://github.com/kubernetes/kubernetes/pull/113986), [@songxiao-wang87](https://github.com/songxiao-wang87)) [SIG API Machinery, Apps and Testing] 3080 - Switched kubectl explain to use OpenAPIV3 information published by the server. OpenAPIV2 backend can still be used with the `--output plaintext-openapiv2` argument ([#116390](https://github.com/kubernetes/kubernetes/pull/116390), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery, CLI and Testing] 3081 - The job controller back-off logic is now decoupled from workqueue. In case of parallelism > 1, if there are multiple new failures in a reconciliation cycle, all the failures are taken into account to compute the back-off. Previously, the back-off kicked in for all types of failures; with this change, only pod failures are taken into account. If the back-off limits exceeds, the job is marked as failed immediately; before this change, the job is marked as failed in the next back-off. ([#114768](https://github.com/kubernetes/kubernetes/pull/114768), [@sathyanarays](https://github.com/sathyanarays)) [SIG Apps and Testing] 3082 - The scheduler's metric "plugin_execution_duration_seconds" now records PreEnqueue plugins execution seconds. ([#116201](https://github.com/kubernetes/kubernetes/pull/116201), [@sanposhiho](https://github.com/sanposhiho)) [SIG Scheduling] 3083 - Unlocked the `CSIMigrationvSphere` feature gate. 3084 The change allow users to continue using the in-tree vSphere driver,pending a vSphere 3085 CSI driver release that has with GA support for Windows, XFS, and raw block access. ([#116342](https://github.com/kubernetes/kubernetes/pull/116342), [@msau42](https://github.com/msau42)) [SIG Storage] 3086 - Update kube-apiserver SLO/SLI latency metrics to exclude priority & fairness queue wait times ([#116420](https://github.com/kubernetes/kubernetes/pull/116420), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery] 3087 - Updated distroless iptables to use released image `registry.k8s.io/build-image/distroless-iptables:v0.2.2` 3088 - Updated setcap to use released image `registry.k8s.io/build-image/setcap:bullseye-v1.4.2` ([#116509](https://github.com/kubernetes/kubernetes/pull/116509), [@cpanato](https://github.com/cpanato)) [SIG Testing] 3089 - Upgrades functionality of `kubectl kustomize` as described at 3090 https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.0.0 and https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.0.1. 3091 3092 This is a new major release of kustomize, so there are a few backwards-incompatible changes, most of which are rare use cases, bug fixes with side effects, or things that have been deprecated for multiple releases already: 3093 3094 - https://github.com/kubernetes-sigs/kustomize/pull/4911: Drop support for a very old, legacy style of patches. patches used to be allowed to be used as an alias for patchesStrategicMerge in kustomize v3. You now have to use patchesStrategicMerge explicitly, or update to the new syntax supported by patches. See examples in the PR description of https://github.com/kubernetes-sigs/kustomize/pull/4911. 3095 - https://github.com/kubernetes-sigs/kustomize/issues/4731: Remove a potential build-time side-effect in ConfigMapGenerator and SecretGenerator, which loaded values from the local environment under some circumstances, breaking kustomize build's side-effect-free promise. While this behavior was never intended, we deprecated it and are announcing it as a breaking change since it existed for a long time. See also the Eschewed Features documentation. 3096 - https://github.com/kubernetes-sigs/kustomize/pull/4985: If you previously included .git in an AWS or Azure URL, we will no longer automatically remove that suffix. You may need to add an extra / to replace the .git for the URL to properly resolve. 3097 - https://github.com/kubernetes-sigs/kustomize/pull/4954: Drop support for using gh: as a host (e.g. gh:kubernetes-sigs/kustomize). We were unable to find any usage of or basis for this and believe it may have been targeting a custom gitconfig shorthand syntax. ([#116598](https://github.com/kubernetes/kubernetes/pull/116598), [@natasha41575](https://github.com/natasha41575)) [SIG CLI] 3098 - When an unsupported PodDisruptionBudget configuration is found, an event and log will be emitted to inform users of the misconfiguration. ([#115861](https://github.com/kubernetes/kubernetes/pull/115861), [@JayKayy](https://github.com/JayKayy)) [SIG Apps] 3099 - [alpha: kubectl apply --prune --applyset] Enables certain custom resources (CRs) to be used as ApplySet parent objects. To enable this for a given CR, apply the label `applyset.k8s.io/is-parent-type: true` to the CustomResourceDefinition (CRD) that defines it . ([#116353](https://github.com/kubernetes/kubernetes/pull/116353), [@KnVerey](https://github.com/KnVerey)) [SIG CLI] 3100 3101 ### Documentation 3102 3103 - The change affects the following CLI command: 3104 3105 kubectl create rolebinding -h ([#107124](https://github.com/kubernetes/kubernetes/pull/107124), [@ptux](https://github.com/ptux)) [SIG CLI] 3106 3107 ### Failing Test 3108 3109 - Setting the Kubelet config option ``--resolv-conf=Host`` on Windows will now result in Kubelet applying the Pod DNS Policies as intended. ([#110566](https://github.com/kubernetes/kubernetes/pull/110566), [@claudiubelu](https://github.com/claudiubelu)) [SIG Network, Node, Testing and Windows] 3110 3111 ### Bug or Regression 3112 3113 - Expands the partial fix for https://github.com/kubernetes/kubernetes/issues/111539 which was already started in https://github.com/kubernetes/kubernetes/pull/109706 Specifically, we will now reduce the amount of syncs for ETP=local services even further in the CCM and avoid re-configuring LBs to an even greater extent. ([#111658](https://github.com/kubernetes/kubernetes/pull/111658), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG Cloud Provider and Network] 3114 - Fix the problem Pod terminating stuck because of trying to umount not actual mounted dir. ([#115769](https://github.com/kubernetes/kubernetes/pull/115769), [@mochizuki875](https://github.com/mochizuki875)) [SIG Node and Storage] 3115 - Fixed a rare race condition in kube-apiserver that could lead to missing events when a watch API request was created at the same time kube-apiserver was re-initializing its internal watch. ([#116172](https://github.com/kubernetes/kubernetes/pull/116172), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery] 3116 - Fixed data race in `kube-scheduler` when preemption races with a Pod update. ([#116395](https://github.com/kubernetes/kubernetes/pull/116395), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling] 3117 - Fixed incorrect watch events when a watch is initialized simultanously with a reinitializing watchcache. ([#116436](https://github.com/kubernetes/kubernetes/pull/116436), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery] 3118 - Fixed performance regression in scheduler caused by frequent metric lookup on critical code path. ([#116428](https://github.com/kubernetes/kubernetes/pull/116428), [@mborsz](https://github.com/mborsz)) [SIG Scheduling] 3119 - Fixes #115825. Kube-proxy will now include the `healthz` state in its response to the LB HC as to avoid indicating to the LB that it should use the node in question when Kube-proxy is not healthy. ([#111661](https://github.com/kubernetes/kubernetes/pull/111661), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG Network] 3120 - Force deleted pods may fail to terminate until the kubelet is restarted when the container runtime returns an error during termination. We have strengthened testing for runtime failures and now perform a more rigorous reconciliation to ensure static pods (especially those that use fixed UIDs) are restarted. As a side effect of these changes static pods will be restarted with lower latency than before (2s vs 4s, on average) and rapid updates to pod configuration should take effect sooner. 3121 3122 A new metric `kubelet_known_pods` has been added at ALPHA stability to report the number of pods a Kubelet is tracking in a number of internal states. Operators may use the metrics to track an excess of pods in the orphaned state that may not be completing. ([#113145](https://github.com/kubernetes/kubernetes/pull/113145), [@smarterclayton](https://github.com/smarterclayton)) [SIG API Machinery, Auth, Cloud Provider, Node and Testing] 3123 - From now on, the HPA controller will return an error for the container resource metrics when the feature gate "HPAContainerMetrics" is disabled. As a result, HPA with a container resource metric performs no scale-down and performs only scale-up based on other metrics. ([#116043](https://github.com/kubernetes/kubernetes/pull/116043), [@sanposhiho](https://github.com/sanposhiho)) [SIG API Machinery, Apps and Autoscaling] 3124 - Ingress with ingressClass annotation and IngressClassName both set can be created now. ([#115447](https://github.com/kubernetes/kubernetes/pull/115447), [@kidddddddddddddddddddddd](https://github.com/kidddddddddddddddddddddd)) [SIG Network] 3125 - Kube-controller-manager: fix a bug that the "kubeconfig" field of "kubecontrollermanager.config.k8s.io" configuration is not populated correctly ([#116219](https://github.com/kubernetes/kubernetes/pull/116219), [@SataQiu](https://github.com/SataQiu)) [SIG API Machinery and Cloud Provider] 3126 - Kubelet: fix recording issue when pulling image did finish ([#114904](https://github.com/kubernetes/kubernetes/pull/114904), [@TommyStarK](https://github.com/TommyStarK)) [SIG Node] 3127 - PVCs will automatically be recreated if they are missing for a pending Pod. ([#113270](https://github.com/kubernetes/kubernetes/pull/113270), [@rrangith](https://github.com/rrangith)) [SIG Apps and Testing] 3128 - PersistentVolume API objects which set NodeAffinities using beta Kubernetes labels for OS, architecture, zone, region, and instance type may now be modified to use the stable Kubernetes labels. ([#115391](https://github.com/kubernetes/kubernetes/pull/115391), [@haoruan](https://github.com/haoruan)) [SIG Apps and Storage] 3129 - Potentially breaking change - Updating the polling interval for Windows stats collection from 1 second to 10 seconds ([#116546](https://github.com/kubernetes/kubernetes/pull/116546), [@marosset](https://github.com/marosset)) [SIG Node and Windows] 3130 - Update the Event series starting count when emitting isomorphic events from 1 to 2. ([#112334](https://github.com/kubernetes/kubernetes/pull/112334), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG API Machinery and Testing] 3131 - When GCing pods, kube-controller-manager will delete Evicted pods first. ([#116167](https://github.com/kubernetes/kubernetes/pull/116167), [@borgerli](https://github.com/borgerli)) [SIG Apps] 3132 - Windows CPU usage node stats are now correctly calculated for nodes with multiple Processor Groups. ([#110864](https://github.com/kubernetes/kubernetes/pull/110864), [@claudiubelu](https://github.com/claudiubelu)) [SIG Node, Testing and Windows] 3133 - In-Place Update of Pod Resources (alpha feature) - resizing of pod may race with other pod updates. ([#116826](https://github.com/kubernetes/kubernetes/issues/116826) [SIG Node]) 3134 3135 ### Other (Cleanup or Flake) 3136 3137 - Added basic Denial Of Service prevention for the the node-local kubelet `podresource` API ([#116459](https://github.com/kubernetes/kubernetes/pull/116459), [@ffromani](https://github.com/ffromani)) [SIG Node and Testing] 3138 - Introduce new metrics removing the redundant subsystem in kube-apiserver pod logs metrics and deprecate the original ones: 3139 - kube_apiserver_pod_logs_pods_logs_backend_tls_failure_total becomes kube_apiserver_pod_logs_backend_tls_failure_total 3140 - kube_apiserver_pod_logs_pods_logs_insecure_backend_total becomes kube_apiserver_pod_logs_insecure_backend_total ([#114497](https://github.com/kubernetes/kubernetes/pull/114497), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG API Machinery] 3141 - Kubelet: remove deprecated flag `--container-runtime` ([#114017](https://github.com/kubernetes/kubernetes/pull/114017), [@calvin0327](https://github.com/calvin0327)) [SIG Cloud Provider and Node] 3142 - Kubelet: the deprecated `--master-service-namespace` flag is removed in v1.27 ([#116015](https://github.com/kubernetes/kubernetes/pull/116015), [@SataQiu](https://github.com/SataQiu)) [SIG Node] 3143 - Linux/arm will not ship in Kubernetes 1.27 as we are running into issues with building artifacts using golang 1.20.2 (please see issue #116492) ([#115742](https://github.com/kubernetes/kubernetes/pull/115742), [@dims](https://github.com/dims)) [SIG Architecture, Release and Testing] 3144 - Migrate `pkg/controller/nodeipam/ipam/cloud_cidr_allocator.go, pkg/controller/nodeipam/ipam/multi_cidr_range_allocator.go pkg/controller/nodeipam/ipam/range_allocator.go pkg/controller/nodelifecycle/node_lifecycle_controller.go` to structured logging ([#112670](https://github.com/kubernetes/kubernetes/pull/112670), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG API Machinery, Apps, Architecture, Cloud Provider, Instrumentation, Network and Testing] 3145 - Migrated the Kubernetes object garbage collector (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113471](https://github.com/kubernetes/kubernetes/pull/113471), [@ncdc](https://github.com/ncdc)) [SIG API Machinery, Apps and Testing] 3146 - Migrated the ttlafterfinished controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#115332](https://github.com/kubernetes/kubernetes/pull/115332), [@obaranov1](https://github.com/obaranov1)) [SIG Apps] 3147 - Migrated the “sample-controller” controller to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113879](https://github.com/kubernetes/kubernetes/pull/113879), [@pchan](https://github.com/pchan)) [SIG API Machinery and Instrumentation] 3148 - Remove Azure disk in-tree storage plugin ([#116301](https://github.com/kubernetes/kubernetes/pull/116301), [@andyzhangx](https://github.com/andyzhangx)) [SIG API Machinery, Cloud Provider, Node, Scheduling, Storage and Testing] 3149 - Remove the following deprecated metrics: 3150 - node_collector_evictions_number replaced by node_collector_evictions_total 3151 - scheduler_e2e_scheduling_duration_seconds replaced by scheduler_scheduling_attempt_duration_seconds ([#115209](https://github.com/kubernetes/kubernetes/pull/115209), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG Apps and Scheduling] 3152 - Removed AWS kubelet credential provider. Please use the external kubelet credential provider binary named `ecr-credential-provider` instead. ([#116329](https://github.com/kubernetes/kubernetes/pull/116329), [@dims](https://github.com/dims)) [SIG Node, Storage and Testing] 3153 - Storage.k8s.io/v1beta1 API version of CSIStorageCapacity will no longer be served ([#116523](https://github.com/kubernetes/kubernetes/pull/116523), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery] 3154 - The `wait.Poll*` and `wait.ExponentialBackoff*` functions have been deprecated and will be removed in a future release. Callers should switch to using `wait.PollUntilContextCancel`, `wait.PollUntilContextTimeout`, or `wait.ExponentialBackoffWithContext` as appropriate. 3155 3156 `PollWithContext(Cancel|Deadline)` will no longer return `ErrWaitTimeout` - use the `Interrupted(error) bool` helper to replace checks for `err == ErrWaitTimeout`, or compare specifically to context errors as needed. A future release will make the `ErrWaitTimeout` error private and callers must use `Interrupted()` instead. If you are returning `ErrWaitTimeout` from your own methods, switch to creating a location specific `cause err` and pass it to the new method `wait.ErrorInterrupted(cause) error` which will ensure `Interrupted()` returns true for your loop. 3157 3158 The `wait.NewExponentialBackoffManager` and `wait.NewJitteringBackoffManager` functions have been marked as deprecated. Callers should switch to using the `Backoff{...}.DelayWithReset(clock, resetInterval)` method and must set the `Steps` field when using `Factor`. As a short term change, callers may use the `Timer()` method on the `BackoffManager` until the backoff managers are deprecated and removed. Please see the godoc of the deprecated functions for examples of how to replace usage of this function. ([#107826](https://github.com/kubernetes/kubernetes/pull/107826), [@smarterclayton](https://github.com/smarterclayton)) [SIG API Machinery, Auth, Cloud Provider, Storage and Testing] 3159 - Upgrade coredns to v1.10.1 ([#115603](https://github.com/kubernetes/kubernetes/pull/115603), [@pacoxu](https://github.com/pacoxu)) [SIG Cloud Provider and Cluster Lifecycle] 3160 - [KCCM - service controller]: enable connection draining for terminating pods upon node downscale by the cluster autoscaler. This is done by not reacting to the taint used by the cluster autoscaler to indicate that the node is going away soon, thus keeping the node referenced by the load balancer until the VM has been completely deleted. ([#115204](https://github.com/kubernetes/kubernetes/pull/115204), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG API Machinery, Cloud Provider, Instrumentation and Network] 3161 3162 ## Dependencies 3163 3164 ### Added 3165 - sigs.k8s.io/kustomize/kustomize/v5: v5.0.1 3166 3167 ### Changed 3168 - github.com/aws/aws-sdk-go: [v1.44.147 → v1.35.24](https://github.com/aws/aws-sdk-go/compare/v1.44.147...v1.35.24) 3169 - github.com/coreos/go-systemd/v22: [v22.3.2 → v22.4.0](https://github.com/coreos/go-systemd/v22/compare/v22.3.2...v22.4.0) 3170 - github.com/go-errors/errors: [v1.0.1 → v1.4.2](https://github.com/go-errors/errors/compare/v1.0.1...v1.4.2) 3171 - github.com/golang/protobuf: [v1.5.2 → v1.5.3](https://github.com/golang/protobuf/compare/v1.5.2...v1.5.3) 3172 - github.com/onsi/ginkgo/v2: [v2.7.0 → v2.9.1](https://github.com/onsi/ginkgo/v2/compare/v2.7.0...v2.9.1) 3173 - github.com/onsi/gomega: [v1.26.0 → v1.27.4](https://github.com/onsi/gomega/compare/v1.26.0...v1.27.4) 3174 - golang.org/x/mod: v0.7.0 → v0.9.0 3175 - golang.org/x/net: v0.7.0 → v0.8.0 3176 - golang.org/x/sys: v0.5.0 → v0.6.0 3177 - golang.org/x/term: v0.5.0 → v0.6.0 3178 - golang.org/x/text: v0.7.0 → v0.8.0 3179 - golang.org/x/tools: v0.4.0 → v0.7.0 3180 - k8s.io/kube-openapi: 1cb3ae2 → 15aac26 3181 - sigs.k8s.io/json: f223a00 → bc3834c 3182 - sigs.k8s.io/kustomize/api: v0.12.1 → v0.13.2 3183 - sigs.k8s.io/kustomize/cmd/config: v0.10.9 → v0.11.1 3184 - sigs.k8s.io/kustomize/kyaml: v0.13.9 → v0.14.1 3185 3186 ### Removed 3187 - github.com/PuerkitoBio/purell: [v1.1.1](https://github.com/PuerkitoBio/purell/tree/v1.1.1) 3188 - github.com/PuerkitoBio/urlesc: [de5bf2a](https://github.com/PuerkitoBio/urlesc/tree/de5bf2a) 3189 - github.com/mattn/go-runewidth: [v0.0.7](https://github.com/mattn/go-runewidth/tree/v0.0.7) 3190 - github.com/niemeyer/pretty: [a10e7ca](https://github.com/niemeyer/pretty/tree/a10e7ca) 3191 - github.com/olekukonko/tablewriter: [v0.0.4](https://github.com/olekukonko/tablewriter/tree/v0.0.4) 3192 - sigs.k8s.io/kustomize/kustomize/v4: v4.5.7 3193 3194 3195 3196 # v1.27.0-alpha.3 3197 3198 3199 ## Downloads for v1.27.0-alpha.3 3200 3201 3202 3203 ### Source Code 3204 3205 filename | sha512 hash 3206 -------- | ----------- 3207 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes.tar.gz) | 86bdc8dfcb5ce47ef6f57917a9deed3dbd800669411e494f565bcb0fc6caf2982026d995205cac614e608be2cf240804668fc9f90579bef0872ee5e5ef33f4d8 3208 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-src.tar.gz) | c8395e5693aa148b0b326477b78d1067ff4368f34c755c003938fd88a777ae2303b102d2da240e762cf40cf171cc7a70746a4ddee4c6a35a16bd0eb9265877af 3209 3210 ### Client Binaries 3211 3212 filename | sha512 hash 3213 -------- | ----------- 3214 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-client-darwin-amd64.tar.gz) | 677ee66b49d137335a16ec3acc7fef33bcf1cee094edc0370487ac8060d728ed009c92b3438dbeb675c113320991ea9bf703579dbaf929883a82874222534760 3215 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-client-darwin-arm64.tar.gz) | d1dbdc0d3f9ad5772aa33276a097f0848f445072c4a3cad1902c3fa015952aa0b78656d144a792beccbfe1bf7b78c0257b4507edcda00fb960fd2249b2cab5fd 3216 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-client-linux-386.tar.gz) | 8f85dfe2f157921b6b3250c744549c2ed4ccd491279b16eb0eb45402ad8f72e73a368eeaa46a4cc309fc5079c333b6f810d5904f87bb282b07b1d0abb0e22586 3217 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-client-linux-amd64.tar.gz) | a058c582c63da65fd9a4b95ea80e67367d0a98e5181c8733f6fe1023c356a85c87594c1ade300eb00f3ef3ef6a32f13c44eb8394f862f512217b4d437b6dbb63 3218 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-client-linux-arm.tar.gz) | 403e8083abc8ee509e636d0b58a013b35c7b36f10fb5e75cccbefbd6bc9a2760dfbd1ad40845b7dc0f5d78d6c93d4a6527e119a4e5f74f5dfa71281bda6a64bb 3219 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-client-linux-arm64.tar.gz) | a4defcf0bb8684cfe49352016abf1c720c36cc2cec8a599f987b164669ce67f581b23134a4194f4a2fb58ac489fd5b7c99ad5539efffa5a7ac5aaa2a31c79f65 3220 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-client-linux-ppc64le.tar.gz) | fdf33f56239537311b1839f22de6db9a60f515bdcfadd5e470f5c459ab1a1d1fcdd67e27abdd4d6fcc5b356a8188794e7605d9633dd9364a4cccc01bce027357 3221 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-client-linux-s390x.tar.gz) | 8475beee121129cb7bf68763ba2cba816f9ad0daec055b564074d9364674b254dc5b368f5acf648ae32b00f0f925b7d8c0403c9ca15754fabf635c272e26a64a 3222 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-client-windows-386.tar.gz) | 7a03a2918722fb94e4a2cee827f6abf13184479274e9c246573cc5515bd9eb4cae46c62988bf9072ae0572086d4689986b78ee5349fcefa60a62e20f17c28d45 3223 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-client-windows-amd64.tar.gz) | 52e8d2da2ec5e3f51f79a2f946c49f57ab0c22321d721914a91656100a721f7278baf419d6aa629c9e8247be60177cc8cb077499b692159a6496506b56e8e17a 3224 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-client-windows-arm64.tar.gz) | efa2d76d57b6e3d9eb897a6e8d9812d67d4d57b9368754e22efeaa4a031d34e1ba4e8db0272b5f2ae9ee6d5615ab078201bc35fa4762f1e32c6b67c8fb7b6c8d 3225 3226 ### Server Binaries 3227 3228 filename | sha512 hash 3229 -------- | ----------- 3230 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-server-linux-amd64.tar.gz) | a1602f5be2abcbc67c763533c7352ac067fe9f2e778b3b2eeb72ee39c885e299edb53f01889420199111cd53465b463290097b8a4f8879c91b912ffbf1aa7dde 3231 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-server-linux-arm.tar.gz) | e129be174e855f48a5de6cf07731c9897edb360c9df1f842915323a8abf2bf704be1c275df04c93a878edbb51ea3316eeb37779ba3ebf3dc19887c97c4b5bc23 3232 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-server-linux-arm64.tar.gz) | f890256c2e5b4096ee944c095df2ff5fd38056ed09deabcbe7501f6b9b5665267e775d1db081f94735dba4e9423f0bebca4b275a2b38389119513bbe2d2b53c2 3233 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-server-linux-ppc64le.tar.gz) | 878ebfa012b184c93505f62e30ada071420bd199ef22d4690c28dff6cbc48de6048978d41d7a6f518d26564261c9da4b7fefce8f0da1e5d274ac871696bb7b93 3234 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-server-linux-s390x.tar.gz) | 217bcec3012f3aefa612178e9842779825cf8d50dc7e1d6a84239206f70976d939c1089d177851f3657a1f7f763ebe6a31b3ff3d99c1120105036cf37650900c 3235 3236 ### Node Binaries 3237 3238 filename | sha512 hash 3239 -------- | ----------- 3240 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-node-linux-amd64.tar.gz) | c15b9a152ceed976aff0b64c2d601985db4e58785b1a756fac6e4c83be27c70e96a277692448d75fccc69b82a5d2a872fa2ab3b5fe4b4145eacbab3d0fa03086 3241 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-node-linux-arm.tar.gz) | 6c0f7d3b97532aacd7aaba931bf4fb858cf49559bf51ea0e154efc4ee26de8d01f7f39f017462e136afe5faaa8d86ee49e954c3a9051751ce8dfa8312cd95f06 3242 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-node-linux-arm64.tar.gz) | fb2934282018539abb5ba0fde67225d5131d08c5798ed54dc93081739a803210c9aaf73412c56af7aa9999b497aac073be42ec3a7677255e5d4e39783330bd86 3243 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-node-linux-ppc64le.tar.gz) | 84078c93f7661c5aedf276964cc5866e1eba9b8cbc9e1c40b9e5bfe76ad115a632f4f591b177dc5fa926cb65a66c6847fb243b82ad1f880796d1d7cfe061b498 3244 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-node-linux-s390x.tar.gz) | dff5a35a352e5a17abad8eaa51b9447ca0a8a52df4b22e325ac7acf70efe3d0fe9bef958e8bb5a1e90d43c4586551d456e2dcf42cd01074605c07d69a52fc5b7 3245 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.3/kubernetes-node-windows-amd64.tar.gz) | a2da87f8a7bd25d6efc8c3b7af79e268809e743ce36c187cdc0af3ff423d54f95a5bd03b50494aea8b0c394ca716e5c4225e7e2d49f40f08db6cd302d894eb3b 3246 3247 ### Container Images 3248 3249 All container images are available as manifest lists and support the described 3250 architectures. It is also possible to pull a specific architecture directly by 3251 adding the "-$ARCH" suffix to the container image name. 3252 3253 name | architectures 3254 ---- | ------------- 3255 [registry.k8s.io/conformance:v1.27.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 3256 [registry.k8s.io/kube-apiserver:v1.27.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 3257 [registry.k8s.io/kube-controller-manager:v1.27.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 3258 [registry.k8s.io/kube-proxy:v1.27.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 3259 [registry.k8s.io/kube-scheduler:v1.27.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 3260 3261 ## Changelog since v1.27.0-alpha.2 3262 3263 ## Changes by Kind 3264 3265 ### Deprecation 3266 3267 - Added a [warning](https://k8s.io/blog/2020/09/03/warnings/) response when handling requests that set the deprecated `spec.externalID` field for a Node. ([#115944](https://github.com/kubernetes/kubernetes/pull/115944), [@SataQiu](https://github.com/SataQiu)) [SIG Node] 3268 3269 ### API Change 3270 3271 - Graduated seccomp profile defaulting to GA. 3272 3273 Set the kubelet `--seccomp-default` flag or `seccompDefault` kubelet configuration field to `true` to make pods on that node default to using the `RuntimeDefault` seccomp profile. 3274 3275 Enabling seccomp for your workload can have a negative performance impact depending on the kernel and container runtime version in use. 3276 3277 Guidance for identifying and mitigating those issues is outlined in the Kubernetes [seccomp tutorial](https://k8s.io/docs/tutorials/security/seccomp). ([#115719](https://github.com/kubernetes/kubernetes/pull/115719), [@saschagrunert](https://github.com/saschagrunert)) [SIG API Machinery, Node, Storage and Testing] 3278 - Implements API for streaming for the watch-cache 3279 3280 When sendInitialEvents ListOption is set together with watch=true, it begins the watch stream with synthetic init events followed by a synthetic "Bookmark" after which the server continues streaming events. ([#110960](https://github.com/kubernetes/kubernetes/pull/110960), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery] 3281 - Introduce API for streaming. 3282 3283 Add SendInitialEvents field to the ListOptions. When the new option is set together with watch=true, it begins the watch stream with synthetic init events followed by a synthetic "Bookmark" after which the server continues streaming events. ([#115402](https://github.com/kubernetes/kubernetes/pull/115402), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery] 3284 - Kubelet: a "maxParallelImagePulls" field can now be specified in the kubelet configuration file to control how many image pulls the kubelet can perform in parallel. ([#115220](https://github.com/kubernetes/kubernetes/pull/115220), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG API Machinery, Node and Scalability] 3285 - PodSchedulingReadiness is graduated to beta. ([#115815](https://github.com/kubernetes/kubernetes/pull/115815), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG API Machinery, Apps, Scheduling and Testing] 3286 - In-place resize feature for Kubernetes Pods 3287 - Changed the Pod API so that the `resources` defined for containers are mutable for `cpu` and `memory` resource types. 3288 - Added `resizePolicy` for containers in a pod to allow users control over how their containers are resized. 3289 - Added `allocatedResources` field to container status in pod status that describes the node resources allocated to a pod. 3290 - Added `resources` field to container status that reports actual resources applied to running containers. 3291 - Added `resize` field to pod status that describes the state of a requested pod resize. 3292 3293 For details, see KEPs below. ([#102884](https://github.com/kubernetes/kubernetes/pull/102884), [@vinaykul](https://github.com/vinaykul)) [SIG API Machinery, Apps, Instrumentation, Node, Scheduling and Testing] 3294 - The PodDisruptionBudget `spec.unhealthyPodEvictionPolicy` field has graduated to beta and is enabled by default. On servers with the feature enabled, this field may be set to `AlwaysAllow` to always allow unhealthy pods covered by the PodDisruptionBudget to be evicted. ([#115363](https://github.com/kubernetes/kubernetes/pull/115363), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Apps, Auth and Node] 3295 - The `DownwardAPIHugePages` kubelet feature graduated to stable / GA. ([#115721](https://github.com/kubernetes/kubernetes/pull/115721), [@saschagrunert](https://github.com/saschagrunert)) [SIG Apps and Node] 3296 - Volumes: `resource.claims` gets cleared for PVC specs during create or update of a pod spec with inline PVC template or of a PVC because it has no effect. ([#115928](https://github.com/kubernetes/kubernetes/pull/115928), [@pohly](https://github.com/pohly)) [SIG API Machinery, Apps and Storage] 3297 3298 ### Feature 3299 3300 - API validation relaxed allowing Indexed Jobs to be scaled up/down by changing parallelism and completions in tandem, such that parallelism == completions. ([#115236](https://github.com/kubernetes/kubernetes/pull/115236), [@danielvegamyhre](https://github.com/danielvegamyhre)) [SIG Apps and Testing] 3301 - Add kubelet Topology Manager metric to measure topology manager admission latency. ([#115590](https://github.com/kubernetes/kubernetes/pull/115590), [@swatisehgal](https://github.com/swatisehgal)) [SIG Node and Testing] 3302 - Added "netadmin" debugging profiles for kubectl debug. ([#115712](https://github.com/kubernetes/kubernetes/pull/115712), [@wedaly](https://github.com/wedaly)) [SIG CLI] 3303 - Added apiserver_envelope_encryption_invalid_key_id_from_status_total to measure number of times an invalid keyID is returned by the Status RPC call. ([#115846](https://github.com/kubernetes/kubernetes/pull/115846), [@ritazh](https://github.com/ritazh)) [SIG API Machinery and Auth] 3304 - Apiserver_storage_transformation_operations_total metric has been updated to include labels transformer_prefix and status. ([#115394](https://github.com/kubernetes/kubernetes/pull/115394), [@ritazh](https://github.com/ritazh)) [SIG API Machinery, Auth, Instrumentation and Testing] 3305 - Client-go: metadatainformer and dynamicinformer `SharedInformerFactory`s now supports waiting for goroutines during shutdown ([#114434](https://github.com/kubernetes/kubernetes/pull/114434), [@howardjohn](https://github.com/howardjohn)) [SIG API Machinery] 3306 - Graduate the `ReadWriteOncePod` feature gate to beta ([#114494](https://github.com/kubernetes/kubernetes/pull/114494), [@chrishenzie](https://github.com/chrishenzie)) [SIG Scheduling, Storage and Testing] 3307 - Kubeadm: show a warning message when detecting that the sandbox image of the container runtime is inconsistent with that used by kubeadm ([#115610](https://github.com/kubernetes/kubernetes/pull/115610), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 3308 - Kubernetes is now built with go 1.20.1 ([#115828](https://github.com/kubernetes/kubernetes/pull/115828), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 3309 - Performance improvements in klog ([#115277](https://github.com/kubernetes/kubernetes/pull/115277), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Storage and Testing] 3310 - Pod template `schedulingGates` are now mutable for Jobs that are suspended and have never been started ([#115940](https://github.com/kubernetes/kubernetes/pull/115940), [@ahg-g](https://github.com/ahg-g)) [SIG Apps] 3311 - Pods which have an invalid negative `spec.terminationGracePeriodSeconds` value will be treated as having terminationGracePeriodSeconds of 1 ([#115606](https://github.com/kubernetes/kubernetes/pull/115606), [@wzshiming](https://github.com/wzshiming)) [SIG Apps, Node and Testing] 3312 - The Pod API field `.spec.schedulingGates[*].name` now requires qualified names (like `example.com/mygate`), matching validation for names of `.spec.readinessGates[*].name`. Any uses of the alpha scheduling gate feature prior to 1.27 that do not match that validation must be renamed or deleted before upgrading to 1.27. ([#115821](https://github.com/kubernetes/kubernetes/pull/115821), [@lianghao208](https://github.com/lianghao208)) [SIG Apps and Scheduling] 3313 - The `JobMutableNodeSchedulingDirectives` feature gate has graduated to GA. ([#116116](https://github.com/kubernetes/kubernetes/pull/116116), [@ahg-g](https://github.com/ahg-g)) [SIG Apps, Scheduling and Testing] 3314 - Two changes to the /debug/api_priority_and_fairness/dump_priority_levels endpoint of API Priority and Fairness: add total number of dispatched, timed-out, rejected and cancelled requests; output now sorted by PriorityLevelName. ([#112393](https://github.com/kubernetes/kubernetes/pull/112393), [@borgerli](https://github.com/borgerli)) [SIG API Machinery] 3315 - Updated distroless iptables to use released image `registry.k8s.io/distroless-iptables:v0.2.1` ([#115905](https://github.com/kubernetes/kubernetes/pull/115905), [@cpanato](https://github.com/cpanato)) [SIG Testing] 3316 - [E2E] Pods spawned by E2E tests can now pull images from the private registry using the new --e2e-docker-config-file flag ([#114625](https://github.com/kubernetes/kubernetes/pull/114625), [@Divya063](https://github.com/Divya063)) [SIG Node and Testing] 3317 3318 ### Documentation 3319 3320 - Document the reason field in CRI API to ensure it equals OOMKilled for the containers terminated by OOM killer ([#112977](https://github.com/kubernetes/kubernetes/pull/112977), [@mimowo](https://github.com/mimowo)) [SIG Node] 3321 3322 ### Failing Test 3323 3324 - Fixed panic in vSphere e2e tests. ([#115863](https://github.com/kubernetes/kubernetes/pull/115863), [@jsafrane](https://github.com/jsafrane)) [SIG Storage and Testing] 3325 3326 ### Bug or Regression 3327 3328 - Cacher: If RV is unset, the watch is now served from the underlying storage as documented. ([#115096](https://github.com/kubernetes/kubernetes/pull/115096), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) [SIG API Machinery] 3329 - Client-go: fix the wait time for trying to acquire the leader lease ([#114872](https://github.com/kubernetes/kubernetes/pull/114872), [@Iceber](https://github.com/Iceber)) [SIG API Machinery] 3330 - File content check for IPV4 is not enabled by default, and the check of IPV4 or IPV6 is done for `kubeadm init` or `kubeadm join` only in case the user intends to create a cluster to support that kind of IP address family ([#115420](https://github.com/kubernetes/kubernetes/pull/115420), [@chendave](https://github.com/chendave)) [SIG Cluster Lifecycle and Network] 3331 - Fix log line in scheduler that inaccurately implies that volume binding has finalized ([#116018](https://github.com/kubernetes/kubernetes/pull/116018), [@TommyStarK](https://github.com/TommyStarK)) [SIG Scheduling and Storage] 3332 - Fix missing delete events on informer re-lists to ensure all delete events are correctly emitted and using the latest known object state, so that all event handlers and stores always reflect the actual apiserver state as best as possible ([#115620](https://github.com/kubernetes/kubernetes/pull/115620), [@odinuge](https://github.com/odinuge)) [SIG API Machinery] 3333 - Fixed a bug where Kubernetes would apply a default StorageClass to a PersistentVolumeClaim, 3334 even when the deprecated annotation `volume.beta.kubernetes.io/storage-class` was set. ([#116089](https://github.com/kubernetes/kubernetes/pull/116089), [@cvvz](https://github.com/cvvz)) [SIG Apps and Storage] 3335 - Fixed an EndpointSlice Controller hashing bug that could cause EndpointSlices to incorrectly handle Pods with duplicate IP addresses. For example this could happen when a new Pod reused an IP that was also assigned to a Pod in a completed state. ([#115907](https://github.com/kubernetes/kubernetes/pull/115907), [@qinqon](https://github.com/qinqon)) [SIG Apps and Network] 3336 - Fixing issue with Winkernel Proxier - ClusterIP Loadbalancers are missing if the ExternalTrafficPolicy is set to Local and the available endpoints are all remoteEndpoints. ([#115919](https://github.com/kubernetes/kubernetes/pull/115919), [@princepereira](https://github.com/princepereira)) [SIG Network and Windows] 3337 - Golang.org/x/net updates to v0.7.0 to fix CVE-2022-41723 ([#115786](https://github.com/kubernetes/kubernetes/pull/115786), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] 3338 - Kubeadm: fix a bug where the uploaded kubelet configuration in `kube-system/kubelet-config` ConfigMap does not respect user patch ([#115575](https://github.com/kubernetes/kubernetes/pull/115575), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 3339 - Kubeadm: modify '--config' flag from required to optional for 'kubeadm kubeconfig user' command ([#116074](https://github.com/kubernetes/kubernetes/pull/116074), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 3340 - Yes, discovery document will correctly return the resources for aggregated apiservers that do not implement aggregated disovery ([#115770](https://github.com/kubernetes/kubernetes/pull/115770), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery] 3341 3342 ### Other (Cleanup or Flake) 3343 3344 - Improved FormatMap: Improves performance by about 4x, or nearly 2x in the worst case ([#112661](https://github.com/kubernetes/kubernetes/pull/112661), [@aimuz](https://github.com/aimuz)) [SIG Node] 3345 - Upgrade go-jose to v2.6.0 ([#115893](https://github.com/kubernetes/kubernetes/pull/115893), [@mgoltzsche](https://github.com/mgoltzsche)) [SIG API Machinery, Auth, Cluster Lifecycle and Testing] 3346 - `apiserver_admission_webhook_admission_duration_seconds` buckets have been expanded, 25s is now the largest bucket size to match the webhook default timeout. ([#115802](https://github.com/kubernetes/kubernetes/pull/115802), [@logicalhan](https://github.com/logicalhan)) [SIG API Machinery and Instrumentation] 3347 3348 ## Dependencies 3349 3350 ### Added 3351 _Nothing has changed._ 3352 3353 ### Changed 3354 - github.com/coredns/corefile-migration: [v1.0.18 → v1.0.20](https://github.com/coredns/corefile-migration/compare/v1.0.18...v1.0.20) 3355 - github.com/golang-jwt/jwt/v4: [v4.2.0 → v4.4.2](https://github.com/golang-jwt/jwt/v4/compare/v4.2.0...v4.4.2) 3356 - go.etcd.io/etcd/api/v3: v3.5.5 → v3.5.7 3357 - go.etcd.io/etcd/client/pkg/v3: v3.5.5 → v3.5.7 3358 - go.etcd.io/etcd/client/v2: v2.305.5 → v2.305.7 3359 - go.etcd.io/etcd/client/v3: v3.5.5 → v3.5.7 3360 - go.etcd.io/etcd/pkg/v3: v3.5.5 → v3.5.7 3361 - go.etcd.io/etcd/raft/v3: v3.5.5 → v3.5.7 3362 - go.etcd.io/etcd/server/v3: v3.5.5 → v3.5.7 3363 - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.35.0 → v0.35.1 3364 - golang.org/x/net: v0.5.0 → v0.7.0 3365 - golang.org/x/sys: v0.4.0 → v0.5.0 3366 - golang.org/x/term: v0.4.0 → v0.5.0 3367 - golang.org/x/text: v0.6.0 → v0.7.0 3368 - gopkg.in/square/go-jose.v2: v2.2.2 → v2.6.0 3369 - k8s.io/klog/v2: v2.80.1 → v2.90.1 3370 3371 ### Removed 3372 - github.com/form3tech-oss/jwt-go: [v3.2.3+incompatible](https://github.com/form3tech-oss/jwt-go/tree/v3.2.3) 3373 3374 3375 3376 # v1.27.0-alpha.2 3377 3378 3379 ## Downloads for v1.27.0-alpha.2 3380 3381 3382 3383 ### Source Code 3384 3385 filename | sha512 hash 3386 -------- | ----------- 3387 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes.tar.gz) | 5420d881db6412c1c1e55044aea61f310ef42d7809d4d90113b2a80ae0d1446f3e7988a8205100c476a313182a0c8b2d1605ad3000eee3b45fec4034d17f2ac2 3388 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-src.tar.gz) | 3b9693bd03ed7f5aee3257a167e431b9de4c576f8843f1441f81cbcdfc6be607c84ca703bd2e7ca4bb5f3b9dee9fbb8645cdf49c1921d796e1a3f027c8f23162 3389 3390 ### Client Binaries 3391 3392 filename | sha512 hash 3393 -------- | ----------- 3394 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-client-darwin-amd64.tar.gz) | ce9875156a7c80452dc3303177b0a137cfc6ae398b66a32b1436768ab77771b000287dba0702510da239c056a697e624416f6126a6205c3c65e78ff6d7d4635b 3395 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-client-darwin-arm64.tar.gz) | bc0791295f926f285f18163bef7faf893162918d75e8de0aa46704d2ac665bbff641a7332d5a3d112d93dd5e14087f8e7333e39b4cc44ab71330e059b0abe4bb 3396 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-client-linux-386.tar.gz) | 76abdb1dbb8886c554628ba634449c42f0c61eb47e168d1cb7bb1eabb0354b37474738879955805165e52a4cbbe39c57cabe63a2b8dbbaed00e14a0da5a7419f 3397 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-client-linux-amd64.tar.gz) | 5ced29d3f8411f34ba9dbd115aab7e45d542b34f7feebba6bfe8dcd394abd9fe127daa6c36460c2d8b35ca6386729a3e644b23b5631fe4d81ae3ae0cf1297e67 3398 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-client-linux-arm.tar.gz) | fff2ce7f24f9fa6c5240d69d81a0c363742b17963265ce744e3366d05d149bce005cfe96fb1dd20b7c5faceed481225da0715dee8b2743ee3ff21391c742a1a0 3399 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-client-linux-arm64.tar.gz) | 54da883e07f1a6e6bb9ca29ca4b5bedb2d24485cd07c8ba03da90b063a07e01271d0ad3b58d20fc3370a40486134b7b6144ad2d18049d7e3a38600ad14d84f8f 3400 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-client-linux-ppc64le.tar.gz) | 50be6728b20612ea3d422e3346150c4cece1cd42356446cf8fd2f9164a40ac997188d840536dc45deab5acf12143233d36b76d9ef12165bb0884024f1725f28c 3401 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-client-linux-s390x.tar.gz) | fa76f8655266fb9b64c450185c175f6854ac1d569140f6d62c383d829111091b79a2f266929ca10f642a989e9ada066988845666621fe13c75cbcfa971f5aa0d 3402 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-client-windows-386.tar.gz) | 67c36d790cd5de91e0241cee3800fcdb49db3f3a9e91e087937686367149d7b06c489e62919ef6fdcb8ec29974ead4a64bab0eb3278f404188cf8fffe89baba9 3403 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-client-windows-amd64.tar.gz) | 49e73490b58576237627cc8015f84eda36aa3af02b8e80b251b07d294fe161e90815ee4149f3b8605fad7c43b278f7b0f631ae3d51fa344ad326abcd480d781d 3404 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-client-windows-arm64.tar.gz) | 27ac0573663d5e45585b205c84cb0e5a7f16282654e30445ad4115a148c20b548d0c3520e45327a4443768c83b68c96e8754cdfb34f17fa0ebf875e4eec2eb48 3405 3406 ### Server Binaries 3407 3408 filename | sha512 hash 3409 -------- | ----------- 3410 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-server-linux-amd64.tar.gz) | 0a2fa2de60af23f722a27479ee0721551561a6bf947ec66c9548b0d14410745de2db3f69c6536768768ffeec4f6afe3af3bd336aeccef67391c4cdaca4a427a6 3411 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-server-linux-arm.tar.gz) | c5ab1da7a7e19acebdba7107c27954e522d33c245ea04556347b601e2cc0f40595b9ca5159661b134a090d5505a76d967da3161b3a409b2a4d9c0f36e1b4d7b1 3412 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-server-linux-arm64.tar.gz) | 3a5cad9ae0f4a1086a238e2fb44f59733361d9dea206390c73825daf25dc8b333fce166f5c5e6c0e1ca3be80b303afb1b6b6c8e9dc13666446c2a70b5b7bc1cb 3413 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-server-linux-ppc64le.tar.gz) | 411be709cde53aa27bca30e7d5ab7523f4dea192c85a1aa810985b23a41cdd00c6969e9b9614a193618be94d346900c2f8e9211c95927a12398142268db4ce5e 3414 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-server-linux-s390x.tar.gz) | 0ac65f78a5cad3506649ca40912f328b2af747ae6367f0ca16ba741af20aeecd73c27ea216921ab7a28da8a61b58f0760e9211c65953e70304fec4b940a39440 3415 3416 ### Node Binaries 3417 3418 filename | sha512 hash 3419 -------- | ----------- 3420 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-node-linux-amd64.tar.gz) | 3a0559b2305136a15cd43104ce728f7651b4fcde13db69f565d66e117ad7f8f30a017d3ea6be92811e4ab880273033c089688675559912bfb6d2aa2c92d60225 3421 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-node-linux-arm.tar.gz) | ac7597cfab9eb93dd9c0f1cd088dd08d120991bc94a718fa89ddd9b8fa12a9f6b9987eaaee66b8aafbb055c836c289ca7ca415b57f61bd8f9159045025026100 3422 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-node-linux-arm64.tar.gz) | 395d65f26b4f482cd1d8be49b846ce80f536ca825ae8ce25d10fe746d95e4297c31512247d22caefe632d2236a33616e2650ed385811ced24c3e6338a5eda36d 3423 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-node-linux-ppc64le.tar.gz) | 7f92e5fdfba981ac80b71fdc00e84b4eb661604861f5602e5fa489f13a10ac699e6e5795cc3654ff95e1b5f7fd51df7773bd5ae511ace9b861a87b6fb1465cc7 3424 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-node-linux-s390x.tar.gz) | 75ec78e900a4df4819c899893fe98fe32b6fa8ae000318dcfed8972d356cc1c5e0a3875885681375c080b0770c377164c03c100a6c45b7d025363e174a00af00 3425 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.2/kubernetes-node-windows-amd64.tar.gz) | d7630730d547414bdb2b245e1b444a5949cecead751d6c243db72e8f20782ba85e1c06dfab499c13e1b529a74a5d4acef4a9b1a6ca571faf41d3253b1bf74773 3426 3427 ### Container Images 3428 3429 All container images are available as manifest lists and support the described 3430 architectures. It is also possible to pull a specific architecture directly by 3431 adding the "-$ARCH" suffix to the container image name. 3432 3433 name | architectures 3434 ---- | ------------- 3435 [registry.k8s.io/conformance:v1.27.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 3436 [registry.k8s.io/kube-apiserver:v1.27.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 3437 [registry.k8s.io/kube-controller-manager:v1.27.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 3438 [registry.k8s.io/kube-proxy:v1.27.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 3439 [registry.k8s.io/kube-scheduler:v1.27.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 3440 3441 ## Changelog since v1.27.0-alpha.1 3442 3443 ## Changes by Kind 3444 3445 ### API Change 3446 3447 - A fix in the resource.k8s.io/v1alpha1/ResourceClaim API avoids harmless (?) ".status.reservedFor: element 0: associative list without keys has an element that's a map type" errors in the apiserver. Validation now rejects the incorrect reuse of the same UID in different entries. ([#115354](https://github.com/kubernetes/kubernetes/pull/115354), [@pohly](https://github.com/pohly)) [SIG API Machinery] 3448 - CacheSize field in EncryptionConfiguration is not supported for KMSv2 provider ([#113121](https://github.com/kubernetes/kubernetes/pull/113121), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth and Testing] 3449 - K8s.io/client-go/tools/record.EventBroadcaster: after Shutdown() is called, the broadcaster now gives up immediately after a failure to write an event to a sink. Previously it tried multiple times for 12 seconds in a goroutine. ([#115514](https://github.com/kubernetes/kubernetes/pull/115514), [@pohly](https://github.com/pohly)) [SIG API Machinery] 3450 - K8s.io/component-base/logs now also supports adding command line flags to a flag.FlagSet. ([#114731](https://github.com/kubernetes/kubernetes/pull/114731), [@pohly](https://github.com/pohly)) [SIG Architecture] 3451 - Update API reference for Requests, specifying they must not exceed limits ([#115434](https://github.com/kubernetes/kubernetes/pull/115434), [@ehashman](https://github.com/ehashman)) [SIG Architecture, Docs and Node] 3452 - `/metrics/slis` is made available for control plane components allowing you to scrape health check metrics. ([#114997](https://github.com/kubernetes/kubernetes/pull/114997), [@Richabanker](https://github.com/Richabanker)) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing] 3453 3454 ### Feature 3455 3456 - A new client side metric `rest_client_request_retries_total` has been added that tracks 3457 the number of retries sent to the server, partitioned by status code, verb, and host ([#108396](https://github.com/kubernetes/kubernetes/pull/108396), [@tkashem](https://github.com/tkashem)) [SIG API Machinery, Architecture and Instrumentation] 3458 - A new feature has been enabled to improve the performance of the iptables mode of kube-proxy in large clusters. You do not need to take any action, however: 3459 3460 1. If you experience problems with Services not syncing to iptables correctly, you can disable the feature by passing `--feature-gates=MinimizeIPTablesRestore=false` to kube-proxy (and file a bug if this fixes it). (This might also be detected by seeing the value of kube-proxy's `sync_proxy_rules_iptables_partial_restore_failures_total` metric rising.) 3461 2. If you were previously overriding the kube-proxy configuration for performance reasons, this may no longer be necessary. See https://kubernetes.io/docs/reference/networking/virtual-ips/#optimizing-iptables-mode-performance. ([#115138](https://github.com/kubernetes/kubernetes/pull/115138), [@danwinship](https://github.com/danwinship)) [SIG Network] 3462 - Add kubelet Topology Manager metrics to track admission requests processed by it and occured admission errors. ([#115137](https://github.com/kubernetes/kubernetes/pull/115137), [@swatisehgal](https://github.com/swatisehgal)) [SIG Node and Testing] 3463 - Add logging-format option to CCMs based on k8s.io/cloud-provider ([#108984](https://github.com/kubernetes/kubernetes/pull/108984), [@LittleFox94](https://github.com/LittleFox94)) [SIG Cloud Provider and Instrumentation] 3464 - Add new -f flag into debug command to be used passing pod or node files instead explicit names. ([#111453](https://github.com/kubernetes/kubernetes/pull/111453), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI and Testing] 3465 - Added "general", "baseline", and "restricted" debugging profiles for kubectl debug. ([#114280](https://github.com/kubernetes/kubernetes/pull/114280), [@sding3](https://github.com/sding3)) [SIG CLI] 3466 - Added apiserver_envelope_encryption_kms_operations_latency_seconds metric to measure the KMSv2 grpc calls latency. ([#115649](https://github.com/kubernetes/kubernetes/pull/115649), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth and Testing] 3467 - Adds scheduler preemption support for pods using `ReadWriteOncePod` PVCs ([#114051](https://github.com/kubernetes/kubernetes/pull/114051), [@chrishenzie](https://github.com/chrishenzie)) [SIG Scheduling, Storage and Testing] 3468 - Adds the applyconfiguration generator to the code-generator script that generates server-side apply configuration and client APIs ([#114987](https://github.com/kubernetes/kubernetes/pull/114987), [@astefanutti](https://github.com/astefanutti)) [SIG API Machinery] 3469 - Dynamic Resource Allocation framework can be used for network devices ([#114364](https://github.com/kubernetes/kubernetes/pull/114364), [@bart0sh](https://github.com/bart0sh)) [SIG Node] 3470 - Fixed bug which caused the status of Indexed Jobs to only be updated when there are newly completed indexes. The completed indexes are now updated if the .status.completedIndexes has values outside of the [0, .spec.completions> range ([#115349](https://github.com/kubernetes/kubernetes/pull/115349), [@danielvegamyhre](https://github.com/danielvegamyhre)) [SIG Apps] 3471 - GRPC probes now set a linger option of 1s to improve the TIME-WAIT state. ([#115321](https://github.com/kubernetes/kubernetes/pull/115321), [@rphillips](https://github.com/rphillips)) [SIG Network and Node] 3472 - Kubelet config file will be backed up to `/etc/kubernetes/tmp/` folder with `kubeadm-kubelet-config` append with a random suffix as the filename ([#114695](https://github.com/kubernetes/kubernetes/pull/114695), [@chendave](https://github.com/chendave)) [SIG Cluster Lifecycle] 3473 - Kubelet no longer creates certain legacy iptables rules by default. 3474 It is possible that this will cause problems with some third-party components 3475 that improperly depended on those rules. If this affects you, you can run 3476 kubelet with `--feature-gates=IPTablesOwnershipCleanup=false`, but you should 3477 also file a bug against the third-party component. ([#114472](https://github.com/kubernetes/kubernetes/pull/114472), [@danwinship](https://github.com/danwinship)) [SIG Network] 3478 - Kubernetes is now built with go 1.20 ([#114502](https://github.com/kubernetes/kubernetes/pull/114502), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 3479 - Migrated the ResourceQuota controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113315](https://github.com/kubernetes/kubernetes/pull/113315), [@ncdc](https://github.com/ncdc)) [SIG API Machinery, Apps and Testing] 3480 - New feature gate, ServiceNodePortStaticSubrange, to enable the new strategy in the NodePort Service port allocators, so the node port range is subdivided and dynamic allocated NodePort port for Services are allocated preferentially from the upper range. ([#114418](https://github.com/kubernetes/kubernetes/pull/114418), [@xuzhenglun](https://github.com/xuzhenglun)) [SIG Network] 3481 - Scheduler doesn't run plugin's Score method when its PreScore method returned a Skip status. In other words, your PreScore/Score plugin can return a Skip status in PreScore if the plugin does nothing in Score for that Pod. ([#115652](https://github.com/kubernetes/kubernetes/pull/115652), [@kidddddddddddddddddddddd](https://github.com/kidddddddddddddddddddddd)) [SIG Scheduling] 3482 - The go version defined in `.go-version` is now fetched when invoking test, build, and code generation targets if the current go version does not match it. Set $FORCE_HOST_GO=y while testing or building to skip this behavior, or set $GO_VERSION to override the selected go version. ([#115377](https://github.com/kubernetes/kubernetes/pull/115377), [@liggitt](https://github.com/liggitt)) [SIG Testing] 3483 - The mount-utils mounter now provides an option to limit the number of concurrent format operations. ([#115379](https://github.com/kubernetes/kubernetes/pull/115379), [@artemvmin](https://github.com/artemvmin)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node and Storage] 3484 3485 ### Bug or Regression 3486 3487 - Apply configurations can be generated for types with non-builtin map fields ([#114920](https://github.com/kubernetes/kubernetes/pull/114920), [@astefanutti](https://github.com/astefanutti)) [SIG API Machinery] 3488 - Enforce nodeName cannot be set along with non-empty schedulingGates ([#115569](https://github.com/kubernetes/kubernetes/pull/115569), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Apps and Scheduling] 3489 - Etcd: Update to v3.5.7 ([#115310](https://github.com/kubernetes/kubernetes/pull/115310), [@mzaian](https://github.com/mzaian)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing] 3490 - Fix a bug that caused to panic the apiserver when trying to allocate a Service with a dynamic ClusterIP and it has been configured with Service CIDRs with a /28 mask for IPv4 and a /124 mask for IPv6 ([#115322](https://github.com/kubernetes/kubernetes/pull/115322), [@aojea](https://github.com/aojea)) [SIG Testing] 3491 - Fix an issue where a CSI migrated volume may be prematurely detached when the CSI driver is not running on the node. 3492 If CSI migration is enabled on the node, even the csi-driver is not up and ready, we will still add this volume to DSW. ([#115464](https://github.com/kubernetes/kubernetes/pull/115464), [@sunnylovestiramisu](https://github.com/sunnylovestiramisu)) [SIG Apps and Storage] 3493 - Fix nil pointer error in nodevolumelimits csi logging ([#115179](https://github.com/kubernetes/kubernetes/pull/115179), [@sunnylovestiramisu](https://github.com/sunnylovestiramisu)) [SIG Scheduling] 3494 - Fix the regression that introduced 34s timeout for DELETECOLLECTION calls ([#115341](https://github.com/kubernetes/kubernetes/pull/115341), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] 3495 - Fixing issue with Winkernel Proxier - IPV6 load balancer policies are missing when service is configured with ipFamilyPolicy: RequireDualStack ([#115503](https://github.com/kubernetes/kubernetes/pull/115503), [@princepereira](https://github.com/princepereira)) [SIG Network and Windows] 3496 - Fixing issue with Winkernel Proxier - IPV6 load balancer policies are missing when service is configured with ipFamilyPolicy: RequireDualStack ([#115577](https://github.com/kubernetes/kubernetes/pull/115577), [@princepereira](https://github.com/princepereira)) [SIG Network and Windows] 3497 - Flag `workerCount` has been added to cloud node controller which defines how many workers will be synchronizing nodes. ([#113104](https://github.com/kubernetes/kubernetes/pull/113104), [@pawbana](https://github.com/pawbana)) [SIG API Machinery, Cloud Provider and Scalability] 3498 - Kube-apiserver: errors decoding objects in etcd are now recorded in an `apiserver_storage_decode_errors_total` counter metric ([#114376](https://github.com/kubernetes/kubernetes/pull/114376), [@baomingwang](https://github.com/baomingwang)) [SIG API Machinery and Instrumentation] 3499 - Kube-apiserver: regular expressions specified with the `--cors-allowed-origins` option are now validated to match the entire `hostname` inside the `Origin` header of the request and 3500 must contain '^' or the '//' prefix to anchor to the start, and '$' or the port separator ':' to anchor to 3501 the end. ([#112809](https://github.com/kubernetes/kubernetes/pull/112809), [@tkashem](https://github.com/tkashem)) [SIG API Machinery] 3502 - Kubeadm: fix an etcd learner-mode bug by preparing an etcd static pod manifest before promoting ([#115038](https://github.com/kubernetes/kubernetes/pull/115038), [@tobiasgiese](https://github.com/tobiasgiese)) [SIG Cluster Lifecycle] 3503 - Kubelet: fix a bug of stoping rendering configmap when enabling fsquota monitoring ([#112624](https://github.com/kubernetes/kubernetes/pull/112624), [@pacoxu](https://github.com/pacoxu)) [SIG Node and Storage] 3504 - Set device stage path whenever available for expansion during mount ([#115346](https://github.com/kubernetes/kubernetes/pull/115346), [@gnufied](https://github.com/gnufied)) [SIG Storage and Testing] 3505 - The Kubernetes API server now correctly detects and closes existing TLS connections when its client certificate file for kubelet authentication has been rotated. ([#115315](https://github.com/kubernetes/kubernetes/pull/115315), [@enj](https://github.com/enj)) [SIG API Machinery, Auth, Node and Testing] 3506 3507 ### Other (Cleanup or Flake) 3508 3509 - Changes docs for --contention-profiling flag to reflect it performs block profiling ([#114490](https://github.com/kubernetes/kubernetes/pull/114490), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) [SIG API Machinery, Cloud Provider, Docs, Node and Scheduling] 3510 - E2e framework: added `--report-complete-ginkgo` and `--report-complete-junit` parameters. They work like `ginkgo --json-report <report dir>/ginkgo/report.json --junit-report <report dir>/ginkgo/report.xml`. ([#115678](https://github.com/kubernetes/kubernetes/pull/115678), [@pohly](https://github.com/pohly)) [SIG Testing] 3511 - Promote pod resource limit/request metrics to stable. ([#115454](https://github.com/kubernetes/kubernetes/pull/115454), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG Instrumentation and Scheduling] 3512 - The `ControllerManagerLeaderMigration ` feature, GA since 1.24, is unconditionally enabled and the feature gate option has been removed. ([#113534](https://github.com/kubernetes/kubernetes/pull/113534), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery and Cloud Provider] 3513 3514 ## Dependencies 3515 3516 ### Added 3517 _Nothing has changed._ 3518 3519 ### Changed 3520 - github.com/onsi/gomega: [v1.24.2 → v1.26.0](https://github.com/onsi/gomega/compare/v1.24.2...v1.26.0) 3521 - go.uber.org/goleak: v1.2.0 → v1.2.1 3522 - golang.org/x/net: v0.4.0 → v0.5.0 3523 - golang.org/x/sys: v0.3.0 → v0.4.0 3524 - golang.org/x/term: v0.3.0 → v0.4.0 3525 - golang.org/x/text: v0.5.0 → v0.6.0 3526 - k8s.io/kube-openapi: 3758b55 → 1cb3ae2 3527 - k8s.io/utils: 1a15be2 → a36077c 3528 3529 ### Removed 3530 _Nothing has changed._ 3531 3532 3533 3534 # v1.27.0-alpha.1 3535 3536 3537 ## Downloads for v1.27.0-alpha.1 3538 3539 3540 3541 ### Source Code 3542 3543 filename | sha512 hash 3544 -------- | ----------- 3545 [kubernetes.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes.tar.gz) | 36ddbb7f1cdf386cd6857d891029b7244dd13aa346a78ba2fa2146b866751802989fc5c5c8a8675f80b72b12816ae94b2b00fdeb01421ef15aad8ae87c06c512 3546 [kubernetes-src.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-src.tar.gz) | d5be5bdf5734c89338b2fd52942b70f8d57d831659235a0ea91c6fb10d74637c2a2aeed602bdafb4da01071764f754ddec9d37abf8aeb8eaa11636e405e93b04 3547 3548 ### Client Binaries 3549 3550 filename | sha512 hash 3551 -------- | ----------- 3552 [kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-client-darwin-amd64.tar.gz) | d9b5f7ec09b64a6e0d270c077fdcd4835b6e16f39373fbf1a2e2526f80aa4df25f41a7e1dab1c33c4ec3f3c430b1cd42b08944d4c39d8ac78c4b23db83d6411b 3553 [kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-client-darwin-arm64.tar.gz) | e1a0f33d0610dbac940db0cad930bf4530f90a9c1702e534bb8c5524077af82d6da2f63befd3ba331ddfe84710ece101b9dd93f308ef727605646cc0d0847292 3554 [kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-client-linux-386.tar.gz) | 1e49e5f94a3bd14c6c5681ea8ad003948f7824566dc4d8ff299aed0a3e650a2b0674ade00fc951131fe34c210b8b7832c1a1fd5c290ee8c9e42bac89efdc8f26 3555 [kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-client-linux-amd64.tar.gz) | ddb000a6a1604a5cb95bbe296366eebd9e0b9b4be250b0d22302c697294840c216641f287dc7212b49f9f121549172590a1f1e285b3d87cee32bcbd95a7d19b1 3556 [kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-client-linux-arm.tar.gz) | 40c242c7bae26da4948fe97daf256dc48d99edc91a535ff9f4516e214ff50cfbbbc985be8e4361a97bfd54dc8b406e6f4a68b1054396b01a157d54a6bd82c7e3 3557 [kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-client-linux-arm64.tar.gz) | 54954248f4aa1d2977fe92a552cf7e0298c94adac8bf0720c697cfce654a1fbdf01cd56219e0dd064bab7b07a4cd125c257b61cd4d69af03ec550aec31cb26ac 3558 [kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-client-linux-ppc64le.tar.gz) | d58709ea83b2a82ea44ae402a574ddc97177494bac90b9c6de30caf3fbcc79697addd0bb8245a62bbaf2fd35483415293659703cbed573bbe11a86a57814f8a3 3559 [kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-client-linux-s390x.tar.gz) | 08ab82af97bb2ccf0b90d5de23960ce2634a42eaafcc50725ce345e3df61e082acc2e733c3aae159463645cbad28a8536371850899403eaeb7a040ed221ba861 3560 [kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-client-windows-386.tar.gz) | 047fdddf4c1095240eb1296a1d79e9dbb90325d13e9ed94b3532ecfa843dbd089b4b5aa3d6a51e4265c1ecdb2f08b73cd05f309b8bf4c585b213fa605a0bc74d 3561 [kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-client-windows-amd64.tar.gz) | 1bd72cfd091f452b4d32496a1f1b0c78231ae6cf9696ca029a340761aaeba08e27003d9fcb5942a63b2feddb2562b287b0d8c49fb0d92f2e50b65a947591b105 3562 [kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-client-windows-arm64.tar.gz) | 07daf9e21a7741908e358f0a9ae30164229344c1653c435fb1c6029932431e5bb985842ebcc97330a6ca5aff57584488a17fe01b234de6286f6753faaa4d31f3 3563 3564 ### Server Binaries 3565 3566 filename | sha512 hash 3567 -------- | ----------- 3568 [kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-server-linux-amd64.tar.gz) | d426504774023346a994ca709ae48daf47baf0e2f680a2237cc1b8b5b2ba7d4a41be9d0f80af4f1c097348b01a3e1a968b3bbea5cb5937d17e0ef23db6a36b27 3569 [kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-server-linux-arm.tar.gz) | d4b4eaa2012b9ce5f3fa111cd1a61ef98aec238905f134636470bab2661d4c14464dfc8223bd74456a8848e3c7fe879d14e1eba6c4f2376f9042893077fcb068 3570 [kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-server-linux-arm64.tar.gz) | bc9b1388a93c65f6b603271e8a1a1d622698fd54ce26d3743e888efd5f61cd538229161006a2ab5afcbda8782f87646c9da02a5e7cc93ff52e48616a7d56cb33 3571 [kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-server-linux-ppc64le.tar.gz) | 69972b9c95b50b7566660b44547d974133e6f2f18737a93c2f4a6ca5833400473c0917c0c44b1a27336990214c1f188c75e39701d91c567b8ff7d8ccd3496243 3572 [kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-server-linux-s390x.tar.gz) | 1867d483df955260b9cf13bfe43451c2f906c1854399a396e0d9e2fac33fc4343d3c79039891c1b943cf4707312cedcffb4d0cedf7a69271020f88c50d230d5d 3573 3574 ### Node Binaries 3575 3576 filename | sha512 hash 3577 -------- | ----------- 3578 [kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-node-linux-amd64.tar.gz) | 132c74737e8fd525c8a4bcedbf7ad783917a42a485e740586933dceef76177c6043682654f76f88670933fea0a3066adfcfdd08a9b6e07b3a6ad23e903c1b4a5 3579 [kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-node-linux-arm.tar.gz) | 7d7716457ff136344e8338ad52e819346de13495d79a5c615a8bfc9d45a00fa659d60630aa2025d8bc4570080d77d1e298e47a8934d47c0c3fb5b70b043ef2dd 3580 [kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-node-linux-arm64.tar.gz) | df5b9d5ae99d8001b25448bf6148b9cf3a47ce8b4d1f7b1f52ab3dd8ad0ee6958045a382a561d3a617991a2255712f2e6ed0c8d6fb843edbdd0284054a238d74 3581 [kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-node-linux-ppc64le.tar.gz) | 9c0fc5952d8dcf07cb0225c252112fead50a4920d978f174a17a881d92c8b34ed162ec3a806bb451a990b81e8294f39755c93acbfd6147748c5dea9bb8ad38f2 3582 [kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-node-linux-s390x.tar.gz) | 0b203edad11a1350d3f3b6f16391450f2ca7bb19424a9eb398f69f8ef2195c821d3c72105248889cfb6efd317a3012d94c9564cb6b5794ba050fcc0902364eaa 3583 [kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.27.0-alpha.1/kubernetes-node-windows-amd64.tar.gz) | 68b2d73b7bf98445498e46188d39fde06acfee946ac9075f064f39bc7ea658cfcb82498ffe06bc2a2272ad5c105cac21d4929de47038e0ce95e07e3cd9d519ad 3584 3585 ### Container Images 3586 3587 All container images are available as manifest lists and support the described 3588 architectures. It is also possible to pull a specific architecture directly by 3589 adding the "-$ARCH" suffix to the container image name. 3590 3591 name | architectures 3592 ---- | ------------- 3593 [registry.k8s.io/conformance:v1.27.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x) 3594 [registry.k8s.io/kube-apiserver:v1.27.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x) 3595 [registry.k8s.io/kube-controller-manager:v1.27.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x) 3596 [registry.k8s.io/kube-proxy:v1.27.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x) 3597 [registry.k8s.io/kube-scheduler:v1.27.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x) 3598 3599 ## Changelog since v1.26.0 3600 3601 ## Changes by Kind 3602 3603 ### Deprecation 3604 3605 - Add warnings to the Services API. Kubernetes now warns for Services in the case of: 3606 - IPv4 addresses with leading zeros 3607 - IPv6 address in non-canonical format (RFC 5952) ([#114505](https://github.com/kubernetes/kubernetes/pull/114505), [@aojea](https://github.com/aojea)) [SIG Network] 3608 - Support for the alpha seccomp annotations `seccomp.security.alpha.kubernetes.io/pod` and `container.seccomp.security.alpha.kubernetes.io`, deprecated since v1.19, has been completely removed. The seccomp fields are no longer auto-populated when pods with seccomp annotations are created. Pods should use the corresponding pod or container `securityContext.seccompProfile` field instead. ([#114947](https://github.com/kubernetes/kubernetes/pull/114947), [@saschagrunert](https://github.com/saschagrunert)) 3609 3610 ### API Change 3611 3612 - A terminating pod on a node that is not caused by preemption won't prevent kube-scheduler from preempting pods on that node 3613 - Rename 'PreemptionByKubeScheduler' to 'PreemptionByScheduler' ([#114623](https://github.com/kubernetes/kubernetes/pull/114623), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling] 3614 - Added new option to the InterPodAffinity scheduler plugin to ignore existing pods` preferred inter-pod affinities if the incoming pod has no preferred inter-pod affinities. This option can be used as an optimization for higher scheduling throughput (at the cost of an occasional pod being scheduled non-optimally/violating existing pods' preferred inter-pod affinities). To enable this scheduler option, set the InterPodAffinity scheduler plugin arg "ignorePreferredTermsOfExistingPods: true". ([#114393](https://github.com/kubernetes/kubernetes/pull/114393), [@danielvegamyhre](https://github.com/danielvegamyhre)) [SIG API Machinery and Scheduling] 3615 - Added warnings about workload resources (Pods, ReplicaSets, Deployments, Jobs, CronJobs, or ReplicationControllers) whose names are not valid DNS labels. ([#114412](https://github.com/kubernetes/kubernetes/pull/114412), [@thockin](https://github.com/thockin)) [SIG API Machinery and Apps] 3616 - K8s.io/component-base/logs: usage of the pflag values in a normal Go flag set led to panics when printing the help message ([#114680](https://github.com/kubernetes/kubernetes/pull/114680), [@pohly](https://github.com/pohly)) [SIG Instrumentation] 3617 - Kube-proxy, kube-scheduler and kubelet have HTTP APIs for changing the logging verbosity at runtime. This now also works for JSON output. ([#114609](https://github.com/kubernetes/kubernetes/pull/114609), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture, Cloud Provider, Instrumentation and Testing] 3618 - Kubeadm: explicitly set `priority` for static pods with `priorityClassName: system-node-critical` ([#114338](https://github.com/kubernetes/kubernetes/pull/114338), [@champtar](https://github.com/champtar)) [SIG Cluster Lifecycle] 3619 - Kubelet: migrate "--container-runtime-endpoint" and "--image-service-endpoint" to kubelet config ([#112136](https://github.com/kubernetes/kubernetes/pull/112136), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery, Node and Scalability] 3620 - Kubernetes components that perform leader election now only support using Leases for this. ([#114055](https://github.com/kubernetes/kubernetes/pull/114055), [@aimuz](https://github.com/aimuz)) [SIG API Machinery, Cloud Provider and Scheduling] 3621 - StatefulSet names must be DNS labels, rather than subdomains. Any StatefulSet which took advantage of subdomain validation (by having dots in the name) can't possibly have worked, because we eventually set `pod.spec.hostname` from the StatefulSetName, and that is validated as a DNS label. ([#114172](https://github.com/kubernetes/kubernetes/pull/114172), [@thockin](https://github.com/thockin)) [SIG Apps] 3622 - The following feature gates for volume expansion GA features have been removed and must no longer be referenced in `--feature-gates` flags: ExpandCSIVolumes, ExpandInUsePersistentVolumes, ExpandPersistentVolumes ([#113942](https://github.com/kubernetes/kubernetes/pull/113942), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG API Machinery, Apps and Testing] 3623 - The list-type of the alpha resourceClaims field introduced to Pods in 1.26.0 was modified from "set" to "map", resolving an incompatibility with use of this schema in CustomResourceDefinitions and with server-side apply. ([#114585](https://github.com/kubernetes/kubernetes/pull/114585), [@JoelSpeed](https://github.com/JoelSpeed)) [SIG API Machinery] 3624 3625 ### Feature 3626 3627 - Graduated the `LegacyServiceAccountTokenTracking` feature gate to Beta. The usage of auto-generated secret-based service account token now produces warnings by default, and relevant Secrets are labeled with a last-used timestamp (label key `kubernetes.io/legacy-token-last-used`). ([#114523](https://github.com/kubernetes/kubernetes/pull/114523), [@zshihang](https://github.com/zshihang)) [SIG API Machinery and Auth] 3628 - Kube-proxy accepts the ContextualLogging, LoggingAlphaOptions, LoggingBetaOptions feature gates. ([#115233](https://github.com/kubernetes/kubernetes/pull/115233), [@pohly](https://github.com/pohly)) [SIG Instrumentation and Network] 3629 - Kube-up now includes CoreDNS version v1.9.3 ([#114279](https://github.com/kubernetes/kubernetes/pull/114279), [@pacoxu](https://github.com/pacoxu)) [SIG Cloud Provider and Cluster Lifecycle] 3630 - Kubeadm: add the experimental (alpha) feature gate EtcdLearnerMode that allows etcd members to be joined as learner and only then promoted as voting members ([#113318](https://github.com/kubernetes/kubernetes/pull/113318), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] 3631 - Kubectl will display SeccompProfile for pods, containers and ephemeral containers, if values were set. ([#113284](https://github.com/kubernetes/kubernetes/pull/113284), [@williamyeh](https://github.com/williamyeh)) [SIG CLI and Security] 3632 - Kubectl: add e2e test for default container annotation ([#115046](https://github.com/kubernetes/kubernetes/pull/115046), [@pacoxu](https://github.com/pacoxu)) [SIG Architecture, CLI and Testing] 3633 - Kubelet TCP and HTTP probes are more effective using networking resources: conntrack entries, sockets, ... 3634 This is achieved by reducing the TIME-WAIT state of the connection to 1 second, instead of the defaults 60 seconds. This allows kubelet to free the socket, and free conntrack entry and ephemeral port associated. ([#115143](https://github.com/kubernetes/kubernetes/pull/115143), [@aojea](https://github.com/aojea)) [SIG Network and Node] 3635 - Kubernetes is now built with Go 1.19.5 ([#115010](https://github.com/kubernetes/kubernetes/pull/115010), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing] 3636 - Make `kubectl-convert` binary linking static (also affects the deb and rpm packages). ([#114228](https://github.com/kubernetes/kubernetes/pull/114228), [@saschagrunert](https://github.com/saschagrunert)) [SIG Release] 3637 - New metrics `cidrset_cidrs_max_total` and `multicidrset_cidrs_max_total` expose the max number of CIDRs that can be allocated. ([#112260](https://github.com/kubernetes/kubernetes/pull/112260), [@aryan9600](https://github.com/aryan9600)) [SIG Apps, Instrumentation and Network] 3638 - Profiling can now be served on a unix-domain socket by using the `--profiling-path` option (when profiling is enabled) for security purposes. ([#114191](https://github.com/kubernetes/kubernetes/pull/114191), [@apelisse](https://github.com/apelisse)) [SIG API Machinery] 3639 - Scheduler doesn't run plugin's Filter method when its PreFilter method returned a Skip status. 3640 In other words, your PreFilter/Filter plugin can return a Skip status in PreFilter if the plugin does nothing in Filter for that Pod. 3641 Scheduler skips NodeAffinity Filter plugin when NodeAffinity Filter plugin has nothing to do with a Pod. 3642 It may affect some metrics values related to the NodeAffinity Filter plugin. ([#114125](https://github.com/kubernetes/kubernetes/pull/114125), [@sanposhiho](https://github.com/sanposhiho)) [SIG Scheduling, Storage and Testing] 3643 - Scheduler skips InterPodAffinity Filter plugin when InterPodAffinity Filter plugin has nothing to do with a Pod. 3644 It may affect some metrics values related to the InterPodAffinity Filter plugin. ([#114889](https://github.com/kubernetes/kubernetes/pull/114889), [@sanposhiho](https://github.com/sanposhiho)) [SIG Scheduling and Testing] 3645 - Scheduler volumebinding: leverage PreFilterResult to reduce down to only eligible node(s) for pod with bound claim(s) to local PersistentVolume(s) ([#109877](https://github.com/kubernetes/kubernetes/pull/109877), [@yibozhuang](https://github.com/yibozhuang)) [SIG Scheduling, Storage and Testing] 3646 - The MinDomainsInPodTopologySpread feature gate is enabled by default as a Beta feature in 1.27. ([#114445](https://github.com/kubernetes/kubernetes/pull/114445), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG Scheduling] 3647 - The `AdvancedAuditing` feature gate was locked to _true_ in v1.27, and will be removed completely in v1.28 ([#115163](https://github.com/kubernetes/kubernetes/pull/115163), [@SataQiu](https://github.com/SataQiu)) [SIG API Machinery] 3648 - Updated cAdvisor to v0.47.0 ([#114883](https://github.com/kubernetes/kubernetes/pull/114883), [@bobbypage](https://github.com/bobbypage)) [SIG Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] 3649 - Use HorizontalPodAutoscaler v2 for kubectl ([#114886](https://github.com/kubernetes/kubernetes/pull/114886), [@a7i](https://github.com/a7i)) [SIG CLI] 3650 - Verify that the key matches the cert ([#113581](https://github.com/kubernetes/kubernetes/pull/113581), [@aimuz](https://github.com/aimuz)) [SIG Apps] 3651 - When any scheduler plugin returns an `unschedulableAndUnresolvable` status 3652 in `PostFilter`, the scheduling cycle terminates immediately for that Pod. ([#114699](https://github.com/kubernetes/kubernetes/pull/114699), [@kerthcet](https://github.com/kerthcet)) [SIG Scheduling and Testing] 3653 3654 ### Documentation 3655 3656 - Error message for Pods with requests exceeding limits will have a limit value printed. ([#112925](https://github.com/kubernetes/kubernetes/pull/112925), [@SergeyKanzhelev](https://github.com/SergeyKanzhelev)) [SIG Apps and Node] 3657 3658 ### Failing Test 3659 3660 - Deflake a preemption test that may patch Nodes incorrectly. ([#114350](https://github.com/kubernetes/kubernetes/pull/114350), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling and Testing] 3661 3662 ### Bug or Regression 3663 3664 - Adding (dry run) and (server dry run) suffixes to kubectl scale command when dry-run is passed ([#114252](https://github.com/kubernetes/kubernetes/pull/114252), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI and Testing] 3665 - Change the error message to "cannot exec into multiple objects at a time" when file passed to kubectl exec contains multiple resources ([#114249](https://github.com/kubernetes/kubernetes/pull/114249), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI and Testing] 3666 - Changing the error message of kubectl rollout restart when subsequent kubectl rollout restart commands are executed within a second ([#113040](https://github.com/kubernetes/kubernetes/pull/113040), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI] 3667 - Client-go: fixes potential data races retrying requests using a custom io.Reader body; with this fix, only requests with no body or with string / []byte / runtime.Object bodies can be retried ([#113933](https://github.com/kubernetes/kubernetes/pull/113933), [@liggitt](https://github.com/liggitt)) [SIG API Machinery] 3668 - Do not add DisruptionTarget condition by PodGC for pods which are in terminal phase ([#115056](https://github.com/kubernetes/kubernetes/pull/115056), [@mimowo](https://github.com/mimowo)) [SIG Apps and Testing] 3669 - Do not include preemptor pod metadata in the event message ([#114923](https://github.com/kubernetes/kubernetes/pull/114923), [@mimowo](https://github.com/mimowo)) [SIG Scheduling] 3670 - Do not include preemptor pod metadata in the message of DisruptionTarget condition ([#114914](https://github.com/kubernetes/kubernetes/pull/114914), [@mimowo](https://github.com/mimowo)) [SIG Scheduling] 3671 - Do not include scheduler name in the preemption event message ([#114980](https://github.com/kubernetes/kubernetes/pull/114980), [@mimowo](https://github.com/mimowo)) [SIG Scheduling] 3672 - Don't create endpoints for Service of type ExternalName. ([#114814](https://github.com/kubernetes/kubernetes/pull/114814), [@panslava](https://github.com/panslava)) [SIG Apps, Network and Testing] 3673 - Fail CRI connection if service or image endpoint is throwing any error on kubelet startup. ([#115102](https://github.com/kubernetes/kubernetes/pull/115102), [@saschagrunert](https://github.com/saschagrunert)) [SIG Node] 3674 - Failed pods associated with a job with `parallelism = 1` are recreated by the job controller honoring exponential backoff delay again. However, for jobs with `parallelism > 1`, pods might be created without exponential backoff delay. ([#114516](https://github.com/kubernetes/kubernetes/pull/114516), [@nikhita](https://github.com/nikhita)) [SIG Apps and Testing] 3675 - Fix SELinux label for host path volumes created by host path provisioner ([#112021](https://github.com/kubernetes/kubernetes/pull/112021), [@mrunalp](https://github.com/mrunalp)) [SIG Node and Storage] 3676 - Fix a bug on the endpointslice mirroring controller that generated multiple slices in some cases for custom endpoints in non canonical format ([#114155](https://github.com/kubernetes/kubernetes/pull/114155), [@aojea](https://github.com/aojea)) [SIG Apps, Network and Testing] 3677 - Fix a bug where events/v1 Events with similar event type and reporting instance were not aggregated by client-go. ([#112365](https://github.com/kubernetes/kubernetes/pull/112365), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG API Machinery and Instrumentation] 3678 - Fix a bug where when emitting similar Events consecutively, some were rejected by the apiserver. ([#114237](https://github.com/kubernetes/kubernetes/pull/114237), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG API Machinery] 3679 - Fix a data race when emitting similar Events consecutively ([#114236](https://github.com/kubernetes/kubernetes/pull/114236), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG API Machinery] 3680 - Fix a regression that the scheduler always goes through all Filter plugins. ([#114518](https://github.com/kubernetes/kubernetes/pull/114518), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling] 3681 - Fix bug in CRD Validation Rules (beta) and ValidatingAdmissionPolicy (alpha) where all admission requests could result in `internal error: runtime error: index out of range [3] with length 3 evaluating rule: <rule name>` under certain circumstances. ([#114857](https://github.com/kubernetes/kubernetes/pull/114857), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery, Auth and Cloud Provider] 3682 - Fix clearing of rate-limiter for the queue of checks for cleaning stale pod disruption conditions. 3683 The bug could result in the PDB synchronization updates firing too often or the pod disruption cleanups taking too long to happen. ([#114770](https://github.com/kubernetes/kubernetes/pull/114770), [@mimowo](https://github.com/mimowo)) [SIG Apps] 3684 - Fix: Route controller should update routes with NodeIP changed ([#108095](https://github.com/kubernetes/kubernetes/pull/108095), [@lzhecheng](https://github.com/lzhecheng)) [SIG Cloud Provider and Network] 3685 - Fixed CSI PersistentVolumes to allow Secrets names longer than 63 characters. ([#114776](https://github.com/kubernetes/kubernetes/pull/114776), [@jsafrane](https://github.com/jsafrane)) [SIG Apps] 3686 - Fixed DaemonSet to update the status even if it fails to create a pod. ([#113787](https://github.com/kubernetes/kubernetes/pull/113787), [@gjkim42](https://github.com/gjkim42)) [SIG Apps and Testing] 3687 - Fixed StatefulSetAutoDeletePVC feature when OwnerReferencesPermissionEnforcement admission plugin is enabled. ([#114116](https://github.com/kubernetes/kubernetes/pull/114116), [@jsafrane](https://github.com/jsafrane)) [SIG Apps, Auth and Storage] 3688 - Fixed bug in reflector that couldn't recover from "Too large resource version" errors with API servers before 1.17.0 ([#115093](https://github.com/kubernetes/kubernetes/pull/115093), [@xuzhenglun](https://github.com/xuzhenglun)) [SIG API Machinery] 3689 - Fixed file permission issues that happened during update of Secret/ConfigMap/projected volume when fsGroup is used. The problem caused a race condition where application gets intermittent permission denied error when reading files that were just updated, before the correct permissions were applied. ([#114464](https://github.com/kubernetes/kubernetes/pull/114464), [@tsaarni](https://github.com/tsaarni)) [SIG Storage] 3690 - Fixes panic validating custom resource definition schemas that set `multipleOf` to 0 ([#114869](https://github.com/kubernetes/kubernetes/pull/114869), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage] 3691 - Fixes stuck apiserver if an aggregated apiservice returned 304 Not Modified for aggregated discovery information ([#114459](https://github.com/kubernetes/kubernetes/pull/114459), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery] 3692 - Fixing issue in Winkernel Proxier - Unexpected active TCP connection drops while horizontally scaling the endpoints for a LoadBalancer Service with Internal Traffic Policy: Local ([#113742](https://github.com/kubernetes/kubernetes/pull/113742), [@princepereira](https://github.com/princepereira)) [SIG Network and Windows] 3693 - Fixing issue on Windows when calculating cpu limits on nodes with more than 64 logical processors ([#114231](https://github.com/kubernetes/kubernetes/pull/114231), [@mweibel](https://github.com/mweibel)) [SIG Node and Windows] 3694 - Fixing issue with Winkernel Proxier - No ingress load balancer rules with endpoints to support load balancing when all the endpoints are terminating. ([#113776](https://github.com/kubernetes/kubernetes/pull/113776), [@princepereira](https://github.com/princepereira)) [SIG Network, Testing and Windows] 3695 - Hide .metadata.managedFields when describing CRs ([#114584](https://github.com/kubernetes/kubernetes/pull/114584), [@soltysh](https://github.com/soltysh)) [SIG CLI] 3696 - IPVS: Any ipvs scheduler can now be configured. If a un-usable scheduler is configured `kube-proxy` will re-start and the logs must be checked (same as before but different log printouts). ([#114878](https://github.com/kubernetes/kubernetes/pull/114878), [@uablrek](https://github.com/uablrek)) [SIG Network] 3697 - If a user attempts to add an ephemeral container to a static pod, they will get a visible validation error. ([#114086](https://github.com/kubernetes/kubernetes/pull/114086), [@xmcqueen](https://github.com/xmcqueen)) [SIG Apps and Node] 3698 - Kube-apiserver: removed N^2 behavior loading webhook configurations. ([#114794](https://github.com/kubernetes/kubernetes/pull/114794), [@lavalamp](https://github.com/lavalamp)) [SIG API Machinery, Architecture, CLI, Cloud Provider and Node] 3699 - Kube-controller-manager will not run nodeipam controller when allocator type is CloudAllocator and the cloud provider is not enabled. ([#114596](https://github.com/kubernetes/kubernetes/pull/114596), [@andrewsykim](https://github.com/andrewsykim)) [SIG Cloud Provider] 3700 - Kube-proxy with proxy-mode=ipvs can be used with statically linked kernels. 3701 The reseved IPv4 range TEST-NET-2 in rfc5737 MUST NOT be used for ClusterIP or loadBalancerIP since address 198.51.100.0 is used for probing. ([#114669](https://github.com/kubernetes/kubernetes/pull/114669), [@uablrek](https://github.com/uablrek)) [SIG Network] 3702 - Kubeadm: fix the bug that kubeadm always do CRI detection even if it is not required by a phase subcommand ([#114455](https://github.com/kubernetes/kubernetes/pull/114455), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 3703 - Kubeadm: improve retries when updating node information, in case kube-apiserver is temporarily unavailable ([#114176](https://github.com/kubernetes/kubernetes/pull/114176), [@QuantumEnergyE](https://github.com/QuantumEnergyE)) [SIG Cluster Lifecycle] 3704 - Kubeadm: respect user provided kubeconfig during discovery process ([#113998](https://github.com/kubernetes/kubernetes/pull/113998), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle] 3705 - Kubectl port-forward now exits with exit code 1 when remote connection is lost ([#114460](https://github.com/kubernetes/kubernetes/pull/114460), [@brianpursley](https://github.com/brianpursley)) [SIG API Machinery] 3706 - Kubectl: use label selector for filtering out resources when pruning for kubectl diff ([#114863](https://github.com/kubernetes/kubernetes/pull/114863), [@danlenar](https://github.com/danlenar)) [SIG CLI and Testing] 3707 - LabelSelectors specified in topologySpreadConstraints are now validated to ensure that pod is scheduled as expected. Existing pods with invalid LabelSelectors can be updated, but new pods are required to specify valid LabelSelectors. ([#111802](https://github.com/kubernetes/kubernetes/pull/111802), [@maaoBit](https://github.com/maaoBit)) [SIG Apps] 3708 - Optimizing loadbalancer creation with the help of attribute Internal Traffic Policy: Local ([#114407](https://github.com/kubernetes/kubernetes/pull/114407), [@princepereira](https://github.com/princepereira)) [SIG Network] 3709 - Relax API validation for usage key encipherment and kubelet uses requested usages accordingly ([#111660](https://github.com/kubernetes/kubernetes/pull/111660), [@pacoxu](https://github.com/pacoxu)) [SIG API Machinery, Apps, Auth and Node] 3710 - Shared informers now correctly propagate whether they are synced or not. Individual informer handlers may now check if they are synced or not (new HasSynced method). Library support is added to assist controllers in tracking whether their own work is completed for items in the initial list (AsyncTracker). ([#113985](https://github.com/kubernetes/kubernetes/pull/113985), [@lavalamp](https://github.com/lavalamp)) [SIG API Machinery, Apps, Auth, Network, Node and Testing] 3711 - Statefulset status will be consistent on API errors ([#113834](https://github.com/kubernetes/kubernetes/pull/113834), [@atiratree](https://github.com/atiratree)) [SIG Apps] 3712 - Total test spec is now available by `ProgressReporter`, it will be reported before test suite got executed. ([#114417](https://github.com/kubernetes/kubernetes/pull/114417), [@chendave](https://github.com/chendave)) [SIG Architecture, Auth, CLI, Cloud Provider, Instrumentation, Node and Testing] 3713 - TryUnmount should respect `mounter.withSafeNotMountedBehavior` ([#114736](https://github.com/kubernetes/kubernetes/pull/114736), [@andyzhangx](https://github.com/andyzhangx)) [SIG Storage] 3714 - When describing deployments, `OldReplicaSets` now always shows all replicasets controlled the deployment, not just those that still have replicas available. ([#113083](https://github.com/kubernetes/kubernetes/pull/113083), [@llorllale](https://github.com/llorllale)) [SIG CLI] 3715 3716 ### Other (Cleanup or Flake) 3717 3718 - Callers of wait.ExponentialBackoffWithContext must pass a ConditionWithContextFunc to be consistent with the signature and avoid creating a duplicate context. If your condition does not need a context you can use the `ConditionFunc.WithContext()` helper to ignore the context, or use ExponentialBackoff directly. ([#115113](https://github.com/kubernetes/kubernetes/pull/115113), [@smarterclayton](https://github.com/smarterclayton)) [SIG API Machinery, Storage and Testing] 3719 - Fix incorrect log information ([#110723](https://github.com/kubernetes/kubernetes/pull/110723), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Network] 3720 - Improved misleading message, in case of no metrics received for the HPA controlled pods. ([#114740](https://github.com/kubernetes/kubernetes/pull/114740), [@kushagra98](https://github.com/kushagra98)) [SIG Apps and Autoscaling] 3721 - Kubeadm: remove the deprecated v1beta2 API. kubeadm 1.26's "config migrate" command can be used to migrate a v1beta2 configuration file to v1beta3. ([#114540](https://github.com/kubernetes/kubernetes/pull/114540), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle] 3722 - Remove unused rule for `nodes/spec` from `ClusterRole system:kubelet-api-admin` ([#113267](https://github.com/kubernetes/kubernetes/pull/113267), [@hoskeri](https://github.com/hoskeri)) [SIG Auth and Cloud Provider] 3723 - Renamed API server identity Lease labels to use the key `apiserver.kubernetes.io/identity` ([#114586](https://github.com/kubernetes/kubernetes/pull/114586), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery, Apps, Cloud Provider and Testing] 3724 - The CSIMigrationAzureFile feature gate (for the feature which graduated to GA in v1.26) is now unconditionally enabled and will be removed in v1.28. ([#114953](https://github.com/kubernetes/kubernetes/pull/114953), [@enj](https://github.com/enj)) [SIG Storage] 3725 - The WaitFor and WaitForWithContext functions in the wait package have been marked private. Callers should use the equivalent Poll* method with a zero duration interval. ([#115116](https://github.com/kubernetes/kubernetes/pull/115116), [@smarterclayton](https://github.com/smarterclayton)) [SIG API Machinery] 3726 - The feature gates `CSIInlineVolume`, `CSIMigration`, `DaemonSetUpdateSurge`, `EphemeralContainers`, `IdentifyPodOS`, `LocalStorageCapacityIsolation`, `NetworkPolicyEndPort` and `StatefulSetMinReadySeconds` that graduated to GA in v1.25 and were unconditionally enabled have been removed in v1.27 ([#114410](https://github.com/kubernetes/kubernetes/pull/114410), [@SataQiu](https://github.com/SataQiu)) [SIG Node] 3727 - This flag `master-service-namespace` will be removed in v1.27. ([#114446](https://github.com/kubernetes/kubernetes/pull/114446), [@lengrongfu](https://github.com/lengrongfu)) [SIG API Machinery] 3728 - Wait.ContextForChannel() now implements the context.Context interface and does not return a cancellation function. ([#115140](https://github.com/kubernetes/kubernetes/pull/115140), [@smarterclayton](https://github.com/smarterclayton)) [SIG API Machinery and Cloud Provider] 3729 3730 ## Dependencies 3731 3732 ### Added 3733 - github.com/a8m/tree: [10a5fd5](https://github.com/a8m/tree/tree/10a5fd5) 3734 - github.com/dougm/pretty: [2ee9d74](https://github.com/dougm/pretty/tree/2ee9d74) 3735 - github.com/rasky/go-xdr: [4930550](https://github.com/rasky/go-xdr/tree/4930550) 3736 - github.com/vmware/vmw-guestinfo: [25eff15](https://github.com/vmware/vmw-guestinfo/tree/25eff15) 3737 3738 ### Changed 3739 - github.com/Microsoft/hcsshim: [v0.8.22 → v0.8.25](https://github.com/Microsoft/hcsshim/compare/v0.8.22...v0.8.25) 3740 - github.com/aws/aws-sdk-go: [v1.44.116 → v1.44.147](https://github.com/aws/aws-sdk-go/compare/v1.44.116...v1.44.147) 3741 - github.com/coredns/corefile-migration: [v1.0.17 → v1.0.18](https://github.com/coredns/corefile-migration/compare/v1.0.17...v1.0.18) 3742 - github.com/creack/pty: [v1.1.11 → v1.1.18](https://github.com/creack/pty/compare/v1.1.11...v1.1.18) 3743 - github.com/docker/docker: [v20.10.18+incompatible → v20.10.21+incompatible](https://github.com/docker/docker/compare/v20.10.18...v20.10.21) 3744 - github.com/go-openapi/jsonpointer: [v0.19.5 → v0.19.6](https://github.com/go-openapi/jsonpointer/compare/v0.19.5...v0.19.6) 3745 - github.com/go-openapi/jsonreference: [v0.20.0 → v0.20.1](https://github.com/go-openapi/jsonreference/compare/v0.20.0...v0.20.1) 3746 - github.com/go-openapi/swag: [v0.19.14 → v0.22.3](https://github.com/go-openapi/swag/compare/v0.19.14...v0.22.3) 3747 - github.com/google/cadvisor: [v0.46.0 → v0.47.1](https://github.com/google/cadvisor/compare/v0.46.0...v0.47.1) 3748 - github.com/google/cel-go: [v0.12.5 → v0.12.6](https://github.com/google/cel-go/compare/v0.12.5...v0.12.6) 3749 - github.com/google/uuid: [v1.1.2 → v1.3.0](https://github.com/google/uuid/compare/v1.1.2...v1.3.0) 3750 - github.com/kr/pretty: [v0.2.1 → v0.3.0](https://github.com/kr/pretty/compare/v0.2.1...v0.3.0) 3751 - github.com/mailru/easyjson: [v0.7.6 → v0.7.7](https://github.com/mailru/easyjson/compare/v0.7.6...v0.7.7) 3752 - github.com/moby/ipvs: [v1.0.1 → v1.1.0](https://github.com/moby/ipvs/compare/v1.0.1...v1.1.0) 3753 - github.com/moby/term: [39b0c02 → 1aeaba8](https://github.com/moby/term/compare/39b0c02...1aeaba8) 3754 - github.com/onsi/ginkgo/v2: [v2.4.0 → v2.7.0](https://github.com/onsi/ginkgo/v2/compare/v2.4.0...v2.7.0) 3755 - github.com/onsi/gomega: [v1.23.0 → v1.24.2](https://github.com/onsi/gomega/compare/v1.23.0...v1.24.2) 3756 - github.com/opencontainers/runtime-spec: [1c3f411 → 494a5a6](https://github.com/opencontainers/runtime-spec/compare/1c3f411...494a5a6) 3757 - github.com/rogpeppe/go-internal: [v1.3.0 → v1.9.0](https://github.com/rogpeppe/go-internal/compare/v1.3.0...v1.9.0) 3758 - github.com/sirupsen/logrus: [v1.8.1 → v1.9.0](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0) 3759 - github.com/stretchr/objx: [v0.4.0 → v0.5.0](https://github.com/stretchr/objx/compare/v0.4.0...v0.5.0) 3760 - github.com/stretchr/testify: [v1.8.0 → v1.8.1](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1) 3761 - github.com/tmc/grpc-websocket-proxy: [e5319fd → 673ab2c](https://github.com/tmc/grpc-websocket-proxy/compare/e5319fd...673ab2c) 3762 - github.com/vishvananda/netns: [db3c7e5 → v0.0.2](https://github.com/vishvananda/netns/compare/db3c7e5...v0.0.2) 3763 - github.com/vmware/govmomi: [v0.20.3 → v0.30.0](https://github.com/vmware/govmomi/compare/v0.20.3...v0.30.0) 3764 - golang.org/x/mod: v0.6.0 → v0.7.0 3765 - golang.org/x/net: 1e63c2f → v0.4.0 3766 - golang.org/x/sync: 886fb93 → v0.1.0 3767 - golang.org/x/tools: v0.2.0 → v0.4.0 3768 - golang.org/x/xerrors: 5ec99f8 → 04be3eb 3769 - google.golang.org/grpc: v1.49.0 → v1.51.0 3770 - gopkg.in/check.v1: 8fa4692 → 10cb982 3771 - k8s.io/kube-openapi: 172d655 → 3758b55 3772 - sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.33 → v0.1.1 3773 3774 ### Removed 3775 - github.com/elazarl/goproxy: [947c36d](https://github.com/elazarl/goproxy/tree/947c36d) 3776 - github.com/mindprince/gonvml: [9ebdce4](https://github.com/mindprince/gonvml/tree/9ebdce4)