- Update to version 1.21.14:
* Release commit for Kubernetes v1.21.14
* Reject proxy requests to 0.0.0.0 as well
* etcd-client starts retrying transient errors from the etcd cluster
* authn: fix cache mutation by AuthenticatedGroupAdder
* Fix OpenAPI loading error caused by empty APIService
* Correct event registration for multiple scheduler plugins.
* Fix: abort nominating a pod that was already scheduled to a node
* cpu manager policy set to none, no one remove container id from container map, lead memory leak
* kube-up: use registry.k8s.io for containerd-related jobs
* Skip updating Endpoints and EndpointSlice if no relevant fields change
* ipvs: remove port opener
* iptables: remove port opener
* Extract containerID from systemd-style cgroupPath in cri_stats_provider And fix test to generate UUID without dash
* update go.mod for golang.org/x/crypto to v0.0.0-20211202192323-5770296d904e
* azure_file: try to get secret namespace from ClaimRef
* azure_file: add namespace tests for InTree to CSI conversion
* Update Go to 1.16.15
* cluster/gce: update konnectivity image tags to v0.0.30
* bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.0.30
* fix dryrun when ca file exists
* fix regression introduced by PR 100320
* bump k8s.io/utils for inotify fix
* cronjob_controllerv2: do not filter jobs to be reconciled by labels
* fix: remove outdated ipv4 route when the corresponding node is deleted
* Updating EndpointSlice strategy to retain node name in topology until field is set
* Add PDB selector patch integration test
* Revert v1beta1 PodDisruptionBudget select patchStrategy
* kubeadm: fix the bug that 'kubeadm init --dry-run --upload-certs' command failed with 'secret not found' error
* Mark device as uncertain if unmount device succeeds
OBS-URL: https://build.opensuse.org/request/show/1070424
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/kubernetes1.21?expand=0&rev=34
- Update to version 1.21.7:
* parameter 'disabled-metrics' is invalid
* defer close the rotated log open
* Fixed nil pointer dereference
* Add tests for checking bind mounts
* Check subpath file
* Add check for subpaths
* Manual cherry pick of kube-openapi changes for release-1.21 Bump kube-openapi against kube-openapi/release-1.21 branch
* Fixed unit test SELinux support
* Add shortcut for SELinux detection
* Don't guess SELinux support on error
* Use separate pathSpec for local and remote to properly handle cleaning paths
* [go1.16] Update to go1.16.10
* Automated cherry pick of #105122: added keys for structured logging (#105138)
* Update debian, debian-iptables, setcap images to pick up CVEs fixes
* Fixing how EndpointSlice Mirroring handles Service selector transitions
* Fix race condition in logging when request times out
* Remove nodes with Cluster Autoscaler taint from LB backends.
* Retry detaching FibreChannel volume few times
* Regenerate vendor/
* Move error reporting to volume plugins
* Retry reading /proc/mounts indifinetly in FC and iSCSI volume reconstruction
* ConsistentRead tries 10 times
* Bump k8s.io/utils
* Fix issue in node status updating VolumeAttached list
* Support cgroupv2 in node problem detector test
* Update CHANGELOG/CHANGELOG-1.21.md for v1.21.6
* Fix log spam for du failure on pod etc-hosts metrics
* Run storage hostpath e2e test client pod as privileged
* support more than 100 disk mounts on Windows
OBS-URL: https://build.opensuse.org/request/show/936733
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kubernetes1.21?expand=0&rev=10
* parameter 'disabled-metrics' is invalid
* defer close the rotated log open
* Fixed nil pointer dereference
* Add tests for checking bind mounts
* Check subpath file
* Add check for subpaths
* Manual cherry pick of kube-openapi changes for release-1.21 Bump kube-openapi against kube-openapi/release-1.21 branch
* Fixed unit test SELinux support
* Add shortcut for SELinux detection
* Don't guess SELinux support on error
* Use separate pathSpec for local and remote to properly handle cleaning paths
* [go1.16] Update to go1.16.10
* Automated cherry pick of #105122: added keys for structured logging (#105138)
* Update debian, debian-iptables, setcap images to pick up CVEs fixes
* Fixing how EndpointSlice Mirroring handles Service selector transitions
* Fix race condition in logging when request times out
* Remove nodes with Cluster Autoscaler taint from LB backends.
* Retry detaching FibreChannel volume few times
* Regenerate vendor/
* Move error reporting to volume plugins
* Retry reading /proc/mounts indifinetly in FC and iSCSI volume reconstruction
* ConsistentRead tries 10 times
* Bump k8s.io/utils
* Fix issue in node status updating VolumeAttached list
* Support cgroupv2 in node problem detector test
* Update CHANGELOG/CHANGELOG-1.21.md for v1.21.6
* Fix log spam for du failure on pod etc-hosts metrics
* Run storage hostpath e2e test client pod as privileged
* support more than 100 disk mounts on Windows
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/kubernetes1.21?expand=0&rev=31
- Update to version 1.21.5:
* Update to go1.16.8
* legacy-cloud-providers: aws: Add support for consuming web identity credentials
* e2e iperf2 change threshold to 10MBps = 80 Mbps
* Fix NodeAuthenticator tests in dual stack
* Fix the key missing issue for structured log
* Fix a small regression in Service updates
* Service: Fix semantics for Update wrt allocations
* Don't prematurely close reflectors in case of slow initialization in watch based manager
* Fix storage class setup in regional_pd.go
* backport 104410 to release-1.21
* pkg/kubelet/cm: use SkipFreezeOnSet
* vendor: bump runc to 1.0.2
* Switch to non-deprecated timestamppb.Now()
* Fix buckets initialization
* fix: ensure InstanceShutdownByProviderID return false for creating Azure VMs
* fix: skip case sensitivity when checking Azure NSG rules
* Keep MakeMountArgSensitive and add a new signature that receives flags
* Update the unit tests to handle mountFlags
* Add missing interface method in mount_unsupported.go
* Pass additional flags to subpath mount to avoid flakes in certain conditions
* Update CHANGELOG/CHANGELOG-1.21.md for v1.21.4
* Copy golang license to staging copies
* delete stale UDP conntrack entries for loadbalancer IPs
* Set idle and readheader timeouts
OBS-URL: https://build.opensuse.org/request/show/919511
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kubernetes1.21?expand=0&rev=8
* Update to go1.16.8
* legacy-cloud-providers: aws: Add support for consuming web identity credentials
* e2e iperf2 change threshold to 10MBps = 80 Mbps
* Fix NodeAuthenticator tests in dual stack
* Fix the key missing issue for structured log
* Fix a small regression in Service updates
* Service: Fix semantics for Update wrt allocations
* Don't prematurely close reflectors in case of slow initialization in watch based manager
* Fix storage class setup in regional_pd.go
* backport 104410 to release-1.21
* pkg/kubelet/cm: use SkipFreezeOnSet
* vendor: bump runc to 1.0.2
* Switch to non-deprecated timestamppb.Now()
* Fix buckets initialization
* fix: ensure InstanceShutdownByProviderID return false for creating Azure VMs
* fix: skip case sensitivity when checking Azure NSG rules
* Keep MakeMountArgSensitive and add a new signature that receives flags
* Update the unit tests to handle mountFlags
* Add missing interface method in mount_unsupported.go
* Pass additional flags to subpath mount to avoid flakes in certain conditions
* Update CHANGELOG/CHANGELOG-1.21.md for v1.21.4
* Copy golang license to staging copies
* delete stale UDP conntrack entries for loadbalancer IPs
* Set idle and readheader timeouts
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/kubernetes1.21?expand=0&rev=28
- Update to version 1.21.4:
* Avoid spurious calls to update/delete validation
* Update to go1.16.7
* Fix metrics reporting for the deprecated watch path
* Update configure-helper.sh
* Update configure-helper.sh
* Update configure-helper.sh
* Fix disruptive subPath test failures
* Fix: ignore not a VMSS error for VMAS nodes in reconcileBackendPools
* feat: Provide IPv6 support for internal load balancer
* Update to using apiserver-network-proxy v1.22
* Make CSR cleaner tolerate objects with invalid status.certificate
* disable aufs module
* Update pd csi driver images to use v1 images (CSINode, CSIDriver, etc)
* storage e2e: patch in RBAC rules for secrets
* storage e2e: downgrade hostpath driver
* storage e2e: disable health check containers
* storage e2e: automate hostpath YAML updates, hostpath v1.6.2
* update comments and owners file for pkg/util/removeall
* kubelet: do not call RemoveAll on volumes directory for orphaned pods
* Fix panic in master upgrade tests
* Update CHANGELOG/CHANGELOG-1.21.md for v1.21.3
* Updated to use konnectivity client v0.0.21, and implemented placeholder context
* Fix the code is leaking the defaulting between unrelated pod instances
* Simplify use of the fake dynamic client
* fix: return empty VMAS name if using standalone VM
* wait for endpoints to be available
* Remove extra zone test
* Fix frameworkImpl.extenders being not set
* fix: Refresh VM cache when node is not found
OBS-URL: https://build.opensuse.org/request/show/914239
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kubernetes1.21?expand=0&rev=7
- Introduce revert-coredns-image-renaming.patch to correct new
upstream behaviour
- Drop kubeadm-opensuse-corednsimage.patch: fixed upstream.
- Update to version 1.21.3:
* move upgrade test frameworks closer to Describe
* Update setcap image to buster-v2.0.3
* Update debian-iptables image to buster-v1.6.5
* Update debian-base image to buster-v1.8.0
* Update to go1.16.6
* Bump SMD to v4.1.2 to pick up #102749 fix
* generate scheduler merge patches on the pod status instead of the full pod
* Loadbalancer IngressIP policy should be configured as non-DSR to enable routing mesh by default
* Fix race in attachdetach tests
* Fix Node Resources plugins score when there are pods with no requests
* Do not throw error when we can't get canonical path
* Update CHANGELOG/CHANGELOG-1.21.md for v1.21.2
* Remove error wrap from logs
* client-go: reduce log level of reflector again
* Update to go1.16.5
* feat: remove ephemeral-storage etcd requirement
* endpointslicemirroring controller mirror address status
* sched: fix a bug that a preemptor pod exists as a phantom
* Revert "Cleanup portforward streams after their usage"
* serviceOwnsFrontendIP shouldn't report error when the public IP doesn't match
* Return UnschedulableAndUnresolvable when looking up volume-related resources returns NotFound error
* Return UnschedulableAndUnresolvable instead of Error when failing to lookup pvc or storageclass in VolumeZone plugin
* use subpath for coredns only for default repository
* (scheduler e2e) Create balanced pods in parallel
OBS-URL: https://build.opensuse.org/request/show/907299
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kubernetes1.21?expand=0&rev=6
* move upgrade test frameworks closer to Describe
* Update setcap image to buster-v2.0.3
* Update debian-iptables image to buster-v1.6.5
* Update debian-base image to buster-v1.8.0
* Update to go1.16.6
* Bump SMD to v4.1.2 to pick up #102749 fix
* generate scheduler merge patches on the pod status instead of the full pod
* Loadbalancer IngressIP policy should be configured as non-DSR to enable routing mesh by default
* Fix race in attachdetach tests
* Fix Node Resources plugins score when there are pods with no requests
* Do not throw error when we can't get canonical path
* Update CHANGELOG/CHANGELOG-1.21.md for v1.21.2
* Remove error wrap from logs
* client-go: reduce log level of reflector again
* Update to go1.16.5
* feat: remove ephemeral-storage etcd requirement
* endpointslicemirroring controller mirror address status
* sched: fix a bug that a preemptor pod exists as a phantom
* Revert "Cleanup portforward streams after their usage"
* serviceOwnsFrontendIP shouldn't report error when the public IP doesn't match
* Return UnschedulableAndUnresolvable when looking up volume-related resources returns NotFound error
* Return UnschedulableAndUnresolvable instead of Error when failing to lookup pvc or storageclass in VolumeZone plugin
* use subpath for coredns only for default repository
* (scheduler e2e) Create balanced pods in parallel
* Fix VolumeAttachment garbage collection for migrated PVs
* fix error of setting negative value for containerLogMaxSize
* Update setcap to buster-v2.0.1 and add setcap to dependencies.yaml
* kubeadm: remove e2e test for ClusterStatus
* Update etcd image revision
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/kubernetes1.21?expand=0&rev=19
- Restore 90-kubeadm.conf, still needed [boo#1186125]
- Stop setting sysctls on kubelet start with `sysctl -a --system`.
Instead use more specific sysctl calls in kubelet service start.
[boo#1186125]
- Update to version 1.21.1:
* [go1.16] Update to go1.16.4
* Automated cherry pick of #101377: Fix validation in kubectl create ingress (#101426)
* Update tests to use agnhost 2.32
* Fix EndpointSlice describe panic when an Endpoint doesn't have zone
* Add test create service with ns
* Set namespace when using kubectl create service
* Update pkg/volume/azure_file/azure_provision.go
* Normalize share name to not include capital letters
* Extend pod start timeout to 5min for storage subpath configmap test
* Fix cleanupMountpoint issue for Windows
* fix: set "host is down" as corrupted mount
* no watch endpointslice in userpace mode
* Ensure service deleted when the Azure resource group has been deleted
* Update Makefile
* Update dependencies.yaml
* update debian-base to buster-v1.5.0 for CVEs
* fix TestMutatingWebhookResetsInvalidManagedFields flakes
* Updating EndpointSlice validation to match Endpoints validation
* fix: azure file namespace issue in csi translation
* pkg/kubelet: improve the node informer sync check
* Remove Limits from scheduling e2e balanced pod resources
* Additional CVE-2021-3121 fix
* Fix RBAC of generic ephemeral volumes controller
OBS-URL: https://build.opensuse.org/request/show/894631
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kubernetes1.21?expand=0&rev=4
* [go1.16] Update to go1.16.4
* Automated cherry pick of #101377: Fix validation in kubectl create ingress (#101426)
* Update tests to use agnhost 2.32
* Fix EndpointSlice describe panic when an Endpoint doesn't have zone
* Add test create service with ns
* Set namespace when using kubectl create service
* Update pkg/volume/azure_file/azure_provision.go
* Normalize share name to not include capital letters
* Extend pod start timeout to 5min for storage subpath configmap test
* Fix cleanupMountpoint issue for Windows
* fix: set "host is down" as corrupted mount
* no watch endpointslice in userpace mode
* Ensure service deleted when the Azure resource group has been deleted
* Update Makefile
* Update dependencies.yaml
* update debian-base to buster-v1.5.0 for CVEs
* fix TestMutatingWebhookResetsInvalidManagedFields flakes
* Updating EndpointSlice validation to match Endpoints validation
* fix: azure file namespace issue in csi translation
* pkg/kubelet: improve the node informer sync check
* Remove Limits from scheduling e2e balanced pod resources
* Additional CVE-2021-3121 fix
* Fix RBAC of generic ephemeral volumes controller
* move filesystem resize code to kubernetes/mount-utils and add need resize function
* Fix panic when killing container fails
* Fix startupProbe behaviour changed
* Fix test
* [go1.16] Update to go1.16.3
* Fix Job describe for completion mode
OBS-URL: https://build.opensuse.org/package/show/devel:kubic/kubernetes1.21?expand=0&rev=12
