------------------------------------------------------------------- Wed Mar 1 06:45:10 UTC 2023 - Priyanka Saggu - update patch files to reflect upstream registry changes from k8s.gcr.io to registry.k8s.io * kubeadm-opensuse-registry.patch * revert-coredns-image-renaming.patch ------------------------------------------------------------------- Thu Feb 23 08:57:30 UTC 2023 - priyanka.saggu@suse.com - Update to version 1.22.17: * Release commit for Kubernetes v1.22.17 * backport change all k8s.gcr.io to registry.k8s.io on release-1.22 * Fix endpoint reconciler failing to delete masterlease * use etcd 3.5.6-0 after promotion * changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14 * hack/scripts: use registry.k8s.io * kubeadm: mutate ClusterConfiguration.imageRepository to "registry.k8s.io" * kubeadm: use registry.k8s.io instead of k8s.gcr.io * kubeadm: allow RSA and ECDSA format keys in preflight check * Limit redirect proxy handling to redirected responses * Reduce default gzip compression level from 4 to 1 in apiserver * client-go: make retry in Request thread safe * exec auth: support TLS config caching * client-go exec: make sure round tripper can be unwrapped * Automated cherry pick of #111009: Windows: ensure runAsNonRoot does case-insensitive comparison (#112213) * Fix problem in updating VolumeAttached in node status * Add etcd initialization in openapi tests * Tolerate sub-microsecond eventTime changes on update * fix a memory leak problem when calling DryRunPreemption * Fix kubelet panic when accessing metrics/resource endpoint * Fixing logic for kubelet permissions check on windows * kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join * Bump cAdvisor to v0.39.4 * Fix: filter out unsatisfied nodes when calling AddPod in PodTopologySpread * kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join * GIT-110239: fix activeDeadlineSeconds enforcement bug * fix: --chunk-size with selector returns missing result * Fixed winkernel proxy failing to query v1 endpoints created by dockershim CNIs * Winkernel proxier cache HNS data to improve syncProxyRules performance * apiserver: printers should use int64 * Revert "Automated cherry pick of #109124: Winkernel proxier cache HNS data to improve syncProxyRules" * Prune defaults for CRD serving * fix image pulling failure when IMDS is unavailalbe in kubelet startup * test: update graceful node shutdown e2e with watch * Ignore EndpointSlices that are already marked for deletion * kubelet: Mark ready condition as false explicitly for terminal pods * agnhost: bump version 2.39 * kubelet: add e2e test to verify probe readiness * kubelet: only shutdown probes for pods that are terminated * kubelet: Pod probes should be handled by pod worker * Reject proxy requests to 0.0.0.0 as well * etcd-client starts retrying transient errors from the etcd cluster * ipvs: fix prevent concurrent map read and map write * restore endpoints topology fallback in kube-proxy, fix issue 110208 * fix audit union loop variables in closures * Updating e2e test to check EndpointSlices and Endpoints as well * e2e: services with evicted pods doesn't have endpoints * e2e test for evicted pods * endpoints controller: don't consider terminal endpoints * endpointslices: terminal pods doesn't receive enpoints * add pod util to verify pod is terminal * untangled HNS caching fix with healthCheck feature * Fix requests scope classification * authn: fix cache mutation by AuthenticatedGroupAdder * Winkernel proxier cache HNS data to improve syncProxyRules performance * fix: exclude non-ready nodes and deleted nodes from azure load balancers * Fix OpenAPI loading error caused by empty APIService * tests: Updates the should delete a collection of pods test * component-base: replace url in rest client metrics * Fix name for Pods of NonIndexed Jobs * Correct event registration for multiple scheduler plugins. * Avoid updating Services with stale specs Fix the bug that service specs in servicesToUpdate may have been updated by clients. * Fix: abort nominating a pod that was already scheduled to a node * cpu manager policy set to none, no one remove container id from container map, lead memory leak * kubeadm: add etcd flag for member data consistency * Copy request in timeout handler * kube-up: use registry.k8s.io for containerd-related jobs * Skip updating Endpoints and EndpointSlice if no relevant fields change * ipvs: remove port opener * iptables: remove port opener * kubelet: If the container status is created, we are waiting * rootcacertpublisher: drop the namespace label from metrics to reduce its cardinality * Include pod UID in secret/configmap cache key * Move kubelet secret and configmap manager calls to sync_Pod functions * Extract containerID from systemd-style cgroupPath in cri_stats_provider And fix test to generate UUID without dash * test: Add E2E for job completions with cpu reservation * test: Add E2E for init container pod deletion * kubelet: Delay writing a terminal phase until the pod is terminated * azure_file: try to get secret namespace from ClaimRef * azure_file: add namespace tests for InTree to CSI conversion * Update Go to 1.16.15 * cluster/gce: update konnectivity image tags to v0.0.30 * wrap error from RunCordonOrUncordon * bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.0.30 * fix dryrun when ca file exists * fix regression introduced by PR 100320 * Fix nodes volumesAttached status not updated * remove InitFlags for pod_workers test * cronjob_controllerv2: do not filter jobs to be reconciled by labels * kubelet: Clean up a static pod that has been terminated before starting * Add an e2e test for updating a static pod while it restarts * kubelet: fix podstatus not containing pod full name * increase Azure ACR credential provider timeout * Updating EndpointSlice strategy to retain node name in topology until field is set * Ignore container notfound error while getPodstatuses * fix: do not return early in the node informer when there is no change of the topology label. * Add PDB selector patch integration test * Revert v1beta1 PodDisruptionBudget select patchStrategy * kubeadm: fix the bug that 'kubeadm init --dry-run --upload-certs' command failed with 'secret not found' error * tests: Wait for pod collection to enter a Running state ------------------------------------------------------------------- Wed Mar 16 12:35:07 UTC 2022 - rbrown@suse.com - Update to version 1.22.7: * Update Go to 1.16.14 * add namespace in azurefile volumeid * fix: azurefile volumeid conflict in csi migration * Execute sync before taking the snapshot * Mark device as uncertain if unmount device succeeds * Set max results if its not set * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.6 * Update k/utils to v0.0.0-20211116205334-6203023598ed * [go] update to Go 1.16.13 * Enabling kube-proxy metrics on windows kernel mode * fix: ignore the case when comparing azure tags in service annotation * fix: remove outdated ipv4 route when the corresponding node is deleted * fix: delete non existing disk issue * fix containers order after applying * generated: ./hack/update-vendor.sh * upgrade sigs.k8s.io/structured-merge-diff/v4 to v4.2.1 * fix: azuredisk parameter lowercase translation issue * fix: do not delete the lb that does not exist * removed unnecessary log line * Fix header mutation race in timeout filter * use node informer to check volumes attachment status before backoff * When volume is not marked in-use, do not backoff * kubeadm: remove the restriction that the ca.crt can only contain one certificate * flake fix: remove the error handler for cronjob integration test * vendor: bump cAdvisor to v0.39.3 * Fix the leak of vSphere client sessions * fix nil pointer in create secret commands * client-go: Clear the ResourceVersionMatch on paged list calls * Update GCE manifest to use konnectivity 0.0.27 * Update to apiserver-network-proxy v0.0.27 * add gce loadbalancer no-op finalizer and existingFwdRule tests * disable gce service handling if has rbs forwarding rule * add ELBRbsFinalizer * add gce elb rbs opt-in annotation * Improving performance of EndpointSlice controller metrics cache * fix the error when cleaning up jobs for cronjob * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.5 * Add test to confirm containers won't start * Check for failed sandbox and failed workload containers * mount-utils: Detect potential stale file handle * [go1.16] Update to go1.16.12 * Skip creating HNS loadbalancer with empty endpoints * dependencies: Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63 * kubeadm: avoid requiring a CA key during kubeconfig expiration checks * kubeadm: print the CA of kubeconfig files in "check expiration" * kubeadm: validate local etcd certficates during expiration checks * kubelet: set failed phase during graceful shutdown * [go1.16] Update to go1.16.11 * fix: ignore the case when updating tags * Ensure deletion of pods in queues and cache * kubelet: Rejected pods should be filtered from admission * kube-scheduler: Increase the duration to expire an assumed pod * Skip check for all topology labels when using system default spreading * workqueue: fix leak in queue preventing objects from being GCed * Fix workqueue memory leak * Ignore 'wait: no child processes' error when calling mount/umount * Reduce calls to docker from dockershim for stats * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.4 * Add warning about using unsupported CRON_TZ * Fix flake caused by sampling signal counter too early. * Ensure there is one running static pod with the same full name * NodeConformance: Respect grace period when updating static pod * Fix concurrent map writes error in kube-apiserver * e2e: node: release-1.22: backport findKubeletServiceName * node: e2e: add test for the checkpoint recovery * devicemanager: checkpoint: support pre-1.20 data * fix: remove VMSS and VMSS instances from SLB backend pool only when necessary * fix: leave the probe path empty for TCP probes * fix: skip instance not found when decoupling vmss from lb ------------------------------------------------------------------- Mon Feb 7 16:21:21 UTC 2022 - Dirk Müller - avoid bashism in client-common postinstall script (bsc#1195391) ------------------------------------------------------------------- Fri Dec 17 10:02:26 UTC 2021 - Richard Brown - Tidy up merge marker ------------------------------------------------------------------- Wed Dec 08 15:23:39 UTC 2021 - rbrown@suse.com - Update to version 1.22.4: * defer close the rotated log open * proxy/iptables: fix all-vs-ready endpoints a bit * proxy/iptables: Remove a no-op check * proxy/iptables: Add more stuff to the unit test * proxy/iptables: Fix TestOnlyLocalNodePortsNoClusterCIDR * proxy/iptables: test that we create a consistent set of iptables rules * proxy/iptables: Misc improvements to unit test * proxy/iptables: Improve the sorting logic in TestOverallIPTablesRulesWithMultipleServices * proxy/iptables: Fix sync_proxy_rules_iptables_total metric * Fixed nil pointer dereference * Add tests for checking bind mounts * Check subpath file * Add check for subpaths * Fixed unit test SELinux support * Add shortcut for SELinux detection * Don't guess SELinux support on error * Manual cherry pick of kube-openapi changes for release-1.22 Bump kube-openapi against kube-openapi/release-1.22 branch * kube-proxy: fix stale detection logic * Use separate pathSpec for local and remote to properly handle cleaning paths * [go1.16] Update to go1.16.10 * Automated cherry pick of #105122: added keys for structured logging (#105137) * Update debian, debian-iptables, setcap images to pick up CVE-2021-33910 fixes * Fixing how EndpointSlice Mirroring handles Service selector transitions * Add unit tests to cover scheduler's setup * sched: ensure feature gate is honored when instantiating scheduler * Fix race condition in logging when request times out * use original requests in NodeResourcesBalancedAllocation instead of NonZero * Remove nodes with Cluster Autoscaler taint from LB backends. * Fix issue in node status updating VolumeAttached list * Support cgroupv2 in node problem detector test * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.3 * Free APF seats for watches handled by an aggregated apiserver. * parameter 'disabled-metrics' is invalid * Run storage hostpath e2e test client pod as privileged * support more than 100 disk mounts on Windows * [go1.16] Update to go1.16.9 * Clear initial UDP conntrack entries for loadBalancerIPs * Verifying the auth headers are set for upgraded aggregated API requests * apiserver aggregator upgrade unit test * Aggregator uses the regular transport even if the request requires upgrades * Fix PreferNominatedNode test * Remove Error Message Check Dynamic PV Tests * go fmt * Add e2e test to verify kubelet restart behaviour * kubelet: set terminated podWorker status for terminated pods * Fix quota controller hotloop in integration tests * remove StartedPodsErrorsTotal metrice message * Copy VolumeSnapshotContent annotations in snapshottable.go test * Fix bugs in e2e pod test * Ensure terminal pods maintain terminal status * Do not sync Waiting statuses for Terminated pods * Adds CancelRequest function to CommandHeadersRoundTripper * Fixes kubectl command headers which hangs on kubectl run * Revert "Build non-static binaries with PIE buildmode" * Ignore VMs in vmss delete backend pools * Fix CSR test to accept certs shorter than the requested duration * fix: skip not found nodes when reconciling LB backend address pools * fix: consolidate logs for instance not found error * Remove a duplicate StorageClass creation call * Update Containerd version - GCE Windows * e2e scheduling priorities: do not reference control loop variable * storege e2etest: Delete restored PVC/Pod in snapshottable * pkg/kubelet/cm/memorymanager: Fix ErrorS key/value pair * v1.22: Fix test flake in old svc registry * 'New' Event namespace validate failed * kubelet: Handle UID reuse in pod worker * Add test for recreating a static pod * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.2 * Refine locking in API Priority and Fairness config controller * kube-controller-manager: properly check generic ephemeral volume feature * Fix null JSON round tripping * Propagate conversion errors * integration test * fix 104329: check for headless before trying to release the ClusterIPs * fix detach disk issue on deleting node * kubelet: fix sandbox creation error suppression when pods are quickly deleted * remove listx from OWNERS_ALIASES ------------------------------------------------------------------- Thu Sep 16 11:22:40 UTC 2021 - rbrown@suse.com - Update to version 1.22.2: * [go1.16] Update to go1.16.8 * Fix Job tracking with finalizers for more than 500 pods * e2e iperf2 change threshold to 10MBps = 80 Mbps * legacy-cloud-providers: aws: Add support for consuming web identity credentials * Fix the key missing issue for structured log * add a test for jsonpath template parsing to prevent regressions * revert "fix wrong output when using jsonpath" * Fix a small regression in Service updates * kubelet: Admission must exclude completed pods and avoid races * Don't prematurely close reflectors in case of slow initialization in watch based manager * backport 104410 to release-1.22 * Fix storage class setup in regional_pd.go * pkg/kubelet/cm: use SkipFreezeOnSet * vendor: bump runc to 1.0.2 * vendor: bump k8s.io/util to get fix for LRU cache * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.1 * fix: ensure InstanceShutdownByProviderID return false for creating Azure VMs * fix: skip case sensitivity when checking Azure NSG rules * Copy golang license to staging copies ------------------------------------------------------------------- Wed Sep 1 13:51:37 UTC 2021 - Richard Brown - Tiding up old sources (remove kubernetes-1.22.0.obscpio) ------------------------------------------------------------------- Wed Aug 25 11:31:23 UTC 2021 - rbrown@suse.com - Update to version 1.22.1: * Keep MakeMountArgSensitive and add a new signature that receives flags * Update the unit tests to handle mountFlags * Add missing interface method in mount_unsupported.go * Pass additional flags to subpath mount to avoid flakes in certain conditions * device manager: do not clean admitted pods from the state * memory manager: do not clean admitted pods from the state * cpu manager: do not clean admitted pods from the state * Avoid spurious calls to update/delete validation * Update to go1.16.7 * Pass unknown labels in allowedTopologies during CSI translation * Fix metrics reporting for the deprecated watch path * Update configure-helper.sh * Update configure-helper.sh * Update configure-helper.sh * Remove duplicate dependencies from 1.22 changelog * replace e2e WaitForPodsReady by WaitTimeoutForPodReadyInNamespace * delete stale UDP conntrack entries for loadbalancer IPs * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.0 * Set idle and readheader timeouts ------------------------------------------------------------------- Fri Aug 6 11:11:31 UTC 2021 - Alexandre Vicenzi - Initial Package