File kubernetes1.23.changes of Package kubernetes1.23.29114
-------------------------------------------------------------------
Thu May 25 09:19:39 UTC 2023 - Priyanka Saggu <priyanka.saggu@suse.com>
- Security Patch Fix for CVE-2023-2727 (bsc#1211630) and CVE-2023-2728 (bsc#1211631)
* added patch: kube-apiserver-admission-plugin-policy.patch
* this new kube-apiserver component patch prevents ephemeral containers:
** from using an image that is restricted by ImagePolicyWebhook (CVE-2023-2727)
** from bypassing the mountable secrets policy enforced by the ServiceAccount admission plugin (CVE-2023-2728)
-------------------------------------------------------------------
Wed Apr 12 12:34:43 UTC 2023 - Priyanka Saggu <priyanka.saggu@suse.com>
- add kubernetes1.18-client-common as conflicts with kubernetes-client-bash-completion
-------------------------------------------------------------------
Mon Mar 27 09:24:52 UTC 2023 - Robert Munteanu <rombert@apache.org>
- Stronger conflicts for completion packages
-------------------------------------------------------------------
Mon Mar 27 08:53:20 UTC 2023 - Robert Munteanu <rombert@apache.org>
- Split individual completions into separate packages
-------------------------------------------------------------------
Thu Mar 2 12:48:04 UTC 2023 - Priyanka Saggu <priyanka.saggu@suse.com>
- update patch files to reflect upstream registry changes from k8s.gcr.io to registry.k8s.io
* kubeadm-opensuse-registry.patch
* revert-coredns-image-renaming.patch
-------------------------------------------------------------------
Thu Mar 02 12:35:00 UTC 2023 - priyanka.saggu@suse.com
- Update to version 1.23.17:
* Release commit for Kubernetes v1.23.17
* releng: Update images, dependencies and version to Go 1.19.6
* Update golang.org/x/net to v0.7.0
* Pin golang.org/x/net to v0.4.0
* add scale test for probes
* use custom dialer for http probes
* use custom dialer for tcp probes
* add custom dialer optimized for probes
* egress_selector: prevent goroutines leak on connect() step.
* tls.Dial() validates hostname, no need to do that manually
* Fix issue that Audit Server could not correctly encode DeleteOption
* Do not include scheduler name in the preemption event message
* Do not leak cross namespace pod metadata in preemption events
* pkg/controller/job: re-honor exponential backoff
* releng: Update images, dependencies and version to Go 1.19.5
* Bump Konnectivity to v0.0.35
* Improve vendor verification works for each staging repo
* Update to go1.19
* Adjust for os/exec changes in 1.19
* Update golangci-lint to 1.46.2 and fix errors
* Match go1.17 defaults for SHA-1 and GC
* update golangci-lint to 1.45.0
* kubelet: make the image pull time more accurate in event
* change k8s.gcr.io/pause to registry.k8s.io/pause
* use etcd 3.5.6-0 after promotion
* changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14
* Add CVE-2021-25749 to CHANGELOG-1.23.md
* Add CVE-2022-3294 to CHANGELOG-1.23.md
* kubeadm: use registry.k8s.io instead of k8s.gcr.io
* etcd: Updated to v3.5.5
* Bump konnectivity network proxy to v0.0.33. Includes a couple bug fixes for better handling of dial failures. [Agent & Server](https://github.com/kubernetes-sigs/apiserver-network-proxy/commits/v0.0.33) include numerous other fixes.
* kubeadm: allow RSA and ECDSA format keys in preflight check
* Fixes kubelet log compression on Windows
* Reduce default gzip compression level from 4 to 1 in apiserver
* exec auth: support TLS config caching
* Marshal MicroTime to json and proto at the same precision
* Windows: ensure runAsNonRoot does case-insensitive comparison on user name
* update structured-merge-diff to 4.2.3
* Add rate limiting when calling STS assume role API
* Fixing issue in generatePodSandboxWindowsConfig for hostProcess containers by where pod sandbox won't have HostProcess bit set if pod does not have a security context but containers specify HostProcess.
-------------------------------------------------------------------
Tue Jul 19 05:05:54 UTC 2022 - jkowalczyk@suse.com
- Update to version 1.23.9:
* Do not skip job requeue in conflict error
* kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join
* Bump cAdvisor to v0.43.1
* Fix: filter out unsatisfied nodes when calling AddPod in PodTopologySpread
* kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join
* GIT-110239: fix activeDeadlineSeconds enforcement bug
* fix: --chunk-size with selector returns missing result
* Fixed winkernel proxy failing to query v1 endpoints created by dockershim CNIs
* Winkernel proxier cache HNS data to improve syncProxyRules performance
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.8
* apiserver: printers should use int64
* add missing error handling steps
* add missing error handling steps
* fix image pulling failure when IMDS is unavailalbe in kubelet startup
* fix: exclude non-ready nodes and deleted nodes from azure load balancers
* Avoid updating Services with stale specs Fix the bug that service specs in servicesToUpdate may have been updated by clients.
- Require only BuildRequires: golang(API) = 1.17 pinned Go major version.
Remove potentially conflicting BuildRequires: go >= x.y.z.
The plan for future updates is BuildRequires: golang(API) >= 1.17
minimum Go major version.
-------------------------------------------------------------------
Tue Jul 19 04:39:46 UTC 2022 - jkowalczyk@suse.com
- Update to version 1.23.8:
* Revert "Automated cherry pick of #109124: Winkernel proxier cache HNS data to improve syncProxyRules"
* test: update graceful node shutdown e2e with watch
* move the ignore logic higher up to the reconciler
* Ignore EndpointSlices that are already marked for deletion
* kubelet: Mark ready condition as false explicitly for terminal pods
* agnhost: bump version 2.39
* Update Go to 1.17.11
* add service e2e tests
* kubelet: add e2e test to verify probe readiness
* kubelet: only shutdown probes for pods that are terminated
* kubelet: Pod probes should be handled by pod worker
* Enable resize feature
* Reject proxy requests to 0.0.0.0 as well
* ipvs: fix prevent concurrent map read and map write for 1.23
* cpu manager policy set to none, no one remove container id from container map, lead memory leak
* fix audit union loop variables in closures
* Updating e2e test to check EndpointSlices and Endpoints as well
* e2e: services with evicted pods doesn't have endpoints
* e2e test for evicted pods
* endpoints controller: don't consider terminal endpoints
* endpointslices: terminal pods doesn't receive enpoints
* add pod util to verify pod is terminal
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.7
* Add test for checking ephemeral volume expansion
* Fix resizing of ephemeral volumes
* untangle fix with healthCheck feature
* Winkernel proxier cache HNS data to improve syncProxyRules performance
* Skip updating Endpoints and EndpointSlice if no relevant fields change
-------------------------------------------------------------------
Tue Jul 19 03:51:42 UTC 2022 - jkowalczyk@suse.com
- Update to version 1.23.7:
* Fix requests scope classification
* Update Go to 1.17.10
* authn: fix cache mutation by AuthenticatedGroupAdder
* GCE: skip updating and deleting external loadbalancers if service is managed outside of service controller
* Wait for cache to sync in job's TestWatchOrphanPods
* Fix OpenAPI loading error caused by empty APIService
* Test Foreground deletion in job integration
* Fix removing finalizer from finished jobs
* Don't mark job as failed until expectations are satisfied
* Integration test for backoff limit and finalizers
* component-base: replace url in rest client metrics
* fix broken find command
* Allow KUBE_TEST_REPO_LIST to be a remote url as well
* Disable JobTrackingWithFinalizers due to unresolved bug
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.6
* Correct event registration for multiple scheduler plugins.
* kubelet: rename closeAllConns to onHeartbeatFailure
* kubelet apiserver: be gentle closing connections on heartbeat failures
* fix: race detected in TestErrConnKilled
* Replace hardcoded kubectl with kubectl.Name()
* kubectl: fix hard-coded value in zsh completion
* kubeadm: add etcd flag for member data consistency
* Fix a bug that out-of-tree plugin is misplaced when using scheduler v1beta3 config
* ipvs: remove port opener
* iptables: remove port opener
* azure_file: try to get secret namespace from ClaimRef
* azure_file: add namespace tests for InTree to CSI conversion
-------------------------------------------------------------------
Tue Jul 19 02:20:39 UTC 2022 - jkowalczyk@suse.com
- Update to version 1.23.6:
* Update Go to 1.17.9
* Fix: abort nominating a pod that was already scheduled to a node
* Fix the overestimated cost of deletaged API requests in P&F
* omit enums from static openapi snapshots used to generate clients
* Drop enum tag from certificate request condition
* Addresses the issue which caused #109115
* Add test for indexer with multiple values
* Reduce number of pods in Job+GC tests
* Adjust validation checks to pass for both client-side and server-side validation
* Remove finalizer when orphaned
* Fix: Clean job tracking finalizer from orphan pods
* Add test for Background delete propagation
* Add integration test for orphan pods when there is GC
* Copy request in timeout handler
* kube-up: use registry.k8s.io for containerd-related jobs
* kubelet: If the container status is created, we are waiting
* e2e: Wait only for the service account
* e2e: Wait for kube-root-ca.crt to be created
* client-go: update generated
* default kubernetes agent for generated clients
* Include pod UID in secret/configmap cache key
* Move kubelet secret and configmap manager calls to sync_Pod functions
* test: Verify that nodes do not transition to Failed while ready
* test: Add E2E for job completions with cpu reservation
* test: Add E2E for init container pod deletion
* kubelet: Delay writing a terminal phase until the pod is terminated
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.5
* generated: make update
* polish comments of non-enum values.
* unmark non-validated types as enums.
-------------------------------------------------------------------
Tue Jul 19 01:41:18 UTC 2022 - jkowalczyk@suse.com
- Update to version 1.23.5:
* Remove apf_fd from httplog
* Update Go to 1.17.8
* cluster/gce: update konnectivity image tags to v0.0.30
* bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.0.30
* fix dryrun when ca file exists
* fix regression introduced by PR 100320
* Add unit tests
* Fix nodes volumesAttached status not updated
* Fix default config flags
* test/e2e/framework: include the new control plane taint
* kubelet: Clean up a static pod that has been terminated before starting
* Add an e2e test for updating a static pod while it restarts
* cronjob_controllerv2: do not filter jobs to be reconciled by labels
* kube-proxy: fix duplicate port opening
* increase Azure ACR credential provider timeout
* Updating EndpointSlice strategy to retain node name in topology until field is set
* fix: do not return early in the node informer when there is no change of the topology label.
* /test/e2e_kubeadm: adjust label checks for 1.23
* Ignore container notfound error while getPodstatuses
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.4
* Add PDB selector patch integration test
* Revert v1beta1 PodDisruptionBudget select patchStrategy
* test/e2e_kubeadm: fix matching UnversionedKubeletConfigMap defaults
* kubeadm: fix the bug that 'kubeadm init --dry-run --upload-certs' command failed with 'secret not found' error
* wrap error from RunCordonOrUncordon
-------------------------------------------------------------------
Wed Mar 16 12:29:58 UTC 2022 - rbrown@suse.com
- Update to version 1.23.4:
* Update Go to 1.17.7
* Use serializable struct for x-kubernetes-validations in openapi
* Make JSON schema round tripping test more strict
* ignore CRI PodSandboxNetworkStatus for host network pods
* set secondary address on host-network pods
* Deeply copy JSONSchemaProps.XValidations.
* Ensure the execHostnameTest() compares hostnames
* Revert "Fix comparison between FQDN and hostname"
* service REST: Call Decorator(old) on update path
* add namespace in azurefile volumeid
* fix: azurefile volumeid conflict in csi migration
* Mark device as uncertain if unmount device succeeds
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.3
* kubelet: fix podstatus not containing pod full name
* Fix bug with node restriction blocking pvc.status.resizestatus change
* Fix regression pruning array fields with x-kubernetes-preserve-unknown-fields: true
* Set max results if its not set
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.2
* Update k/utils to v0.0.0-20211116205334-6203023598ed
* [go] update to Go 1.17.6
* fix: remove outdated ipv4 route when the corresponding node is deleted
* fix: delete non existing disk issue
* Revert "Automated cherry pick of #107554: Correct the feature gate string for RBD migration."
* fix containers order after applying
* generated: ./hack/update-vendor.sh
* upgrade sigs.k8s.io/structured-merge-diff/v4 to v4.2.1
* Execute sync before taking the snapshot
* Correct the feature gate string for RBD migration.
* fix: azuredisk parameter lowercase translation issue
* removed unnecessary log line
* kubectl: add integration test for result reporting
* cli: let kubectl handle error printing
* cli: avoid logging command line errors in more cases
* Fix header mutation race in timeout filter
* clear pod's .status.nominatedNodeName when necessary
* use node informer to check volumes attachment status before backoff
* When volume is not marked in-use, do not backoff
* kubeadm: remove the restriction that the ca.crt can only contain one certificate
* flake fix: remove the error handler for cronjob integration test
* Fix the leak of vSphere client sessions
* fix nil pointer in create secret commands
* Fix order of commands in the snapshot tests for persistent volumes
* client-go: Clear the ResourceVersionMatch on paged list calls
* Improving performance of EndpointSlice controller metrics cache
* fix the error when cleaning up jobs for cronjob
* Update CHANGELOG to add missing release notes.
* apf: ensure exempt request notes the classification
* Enabling kube-proxy metrics on windows kernel mode
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.1
* add gce loadbalancer no-op finalizer and existingFwdRule tests
* disable gce service handling if has rbs forwarding rule
* add ELBRbsFinalizer
* add gce elb rbs opt-in annotation
* cherry pick of knp 0.0.27
* Remove JSON logging performance regression
* Re-introduce removed kubectl --dry-run values.
* Point flowcontrol users at v1beta2
* [go1.17] Update to go1.17.5
* dependencies: Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63
* mount-utils: Detect potential stale file handle
* Skip creating HNS loadbalancer with empty endpoints
* Add regression test for CPUManager distribute NUMA algorithm
* Add unit test for CPUManager distribute NUMA algorithm verifying fixes
* Fix accounting bug in CPUManager distribute NUMA policy
* Fix error handling in CPUManager distribute NUMA tests
* Add a sum() helper to the CPUManager cpuassignment logic
* Allow the map.Values() function in the CPUManager to take a set of keys
* Fix CPUManager algo to calculate min NUMA nodes needed for distribution
* Fix unit tests following bug fix in CPUManager for map functions (2/2)
* Fix unit tests following bug fix in CPUManager for map functions (1/2)
* Fix bug in CPUManager map.Keys() and map.Values() implementations
* Ensure we balance across *all* NUMA nodes in NUMA distribution algo
* Short-circuit CPUManager distribute NUMA algo for unusable cpuGroupSize
* Round the CPUManager mean and stddev calculations to the nearest 1000th
* updated deprecation messages from 1.23 to 1.24
* kubelet: set failed phase during graceful shutdown
* kubeadm: avoid requiring a CA key during kubeconfig expiration checks
* kubeadm: print the CA of kubeconfig files in "check expiration"
* kubeadm: validate local etcd certficates during expiration checks
* publishing-bot/doc: add component-helpers to the readme
* publishing-bot/rules: remove non existing component-helpers branch 1.19 from the rules
* Changelog: mention kube-scheduler bits deprication
* rbd: initialize ceph monitors slice with an empty value.
* Direct v2betaX users to migrate to HPA v2
* DelegateFSGroupToCSIDriver e2e: skip tests with chgrp
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.0
* [go1.17] Update to go1.17.4
-------------------------------------------------------------------
Mon Feb 7 16:21:21 UTC 2022 - Dirk Müller <dmueller@suse.com>
- avoid bashism in client-common postinstall script (bsc#1195391)
-------------------------------------------------------------------
Thu Jan 13 12:26:35 UTC 2022 - Richard Brown <rbrown@suse.com>
- Increase _constraints to 13GB
-------------------------------------------------------------------
Thu Dec 16 09:10:32 UTC 2021 - Richard Brown <rbrown@suse.com>
- Restore & rebase revert-coredns-image-renaming.patch from
kubernetes1.22. Looks like it's still needed until all supported
k8s versions allow us to change how we publish coredns containers
-------------------------------------------------------------------
Wed Dec 8 14:51:07 UTC 2021 - Richard Brown <rbrown@suse.com>
- Initial Package
