saschagrunert

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• Renamed FeatureGate RequestManagement to APIPriorityAndFairness. This feature gate is an alpha and has not yet been associated with any actual functionality. change references to feature gate RequestManagement into references to APIPriorityAndFairness (#85260, @MikeSpreitzer) [SIG API Machinery]

• kubeadm: add a new "kubelet-finalize" phase as part of the "init" workflow and an experimental sub-phase to enable automatic kubelet client certificate rotation on primary control-plane nodes.

Prior to 1.17 and for existing nodes created by "kubeadm init" where kubelet client certificate rotation is desired, you must modify "/etc/kubernetes/kubelet.conf" to point to the PEM symlink for rotation:

saschagrunert

Changes by Kind

Deprecation

• Marked scheduler's metrics scheduling_algorithm_predicate_evaluation_seconds and scheduling_algorithm_priority_evaluation_seconds as deprecated. Those are replaced by framework_extension_point_duration_seconds[extenstion_point="Filter"] and framework_extension_point_duration_seconds[extenstion_point="Score"] respectively. (#86584, @xiaoanyunfei) [SIG Scheduling]
• Marked scheduler's scheduling_duration_seconds Summary metric as deprecated (#86586, @xiaoanyunfei) [SIG Scheduling]
• Remove cluster-monitoring addon (#85512, @serathius) [SIG Cluster Lifecycle, SIG Instrumentation, SIG Scalability, and SIG Testing]
• AlwaysCheckAllPredicates is deprecated in scheduler Policy API. ([#86369](https://github.com/k

saschagrunert

Changes by Kind

API Change

• Deprecate the beta labels for zones ("failure-domain.beta.kubernetes.io/zone") and regions ("failure-domain.beta.kubernetes.io/region") in favor of their GA equivalents: "topology.kubernetes.io/zone" and "topology.kubernetes.io/region".

  The beta labels "failure-domain.beta.kubernetes.io/zone" and "failure-domain.beta.kubernetes.io/region" will be removed in v1.21 (#81431, @andrewsykim) [SIG Apps, SIG Auth, SIG Cloud Provider, SIG Network, SIG Node, SIG Scheduling, SIG Storage, and SIG Testing]

• A new kubelet command line option, --reserved-cpus, is introduced to explicitly define the the CPU list that will be reserved for system. For example, if --reserved-cpus=0,1,2,3 is specified, then cpu 0,1,2,3 will be reserved for the system. On a system with 24 CPUs, the user may specify isolcpus=4-23 for the kernel option and use CPU 4-23 for the user containers. ([#83592](https:/

saschagrunert

Changes by Kind

API Change

• action required

  1. Currently, if users were to explicitly specify CacheSize of 0 for KMS provider, they would end-up with a provider that caches up to 1000 keys. This PR changes this behavior. Post this PR, when users supply 0 for CacheSize this will result in a validation error.

  2. CacheSize type was changed from int32 to *int32. This allows defaulting logic to differentiate between cases where users explicitly supplied 0 vs. not supplied any value.

3. KMS Provider's endpoint (path to Unix socket) is now validated when the EncryptionConfiguration files is loaded. This used to be handled by the GRPCService. (#85363, @immutableT) [SIG API Machinery, SIG Auth, and SIG Instrumentation]

saschagrunert

• v1.16.3
  • Downloads for v1.16.3
    • Client Binaries
    • Server Binaries
    • Node Binaries
  • Changelog since v1.16.2
    • Notes from Multiple SIGs
• SIG API Machinery, and SIG Testing

saschagrunert

New Features

• Windows nodes on GCE can use TPM-based authentication to the master. (#85466, @pjh) [SIG Cluster Lifecycle]
• kubectl/drain: add disable-eviction option. Force drain to use delete, even if eviction is supported. This will bypass checking PodDisruptionBudgets, and should be used with caution. (#85571, @michaelgugino) [SIG CLI]
• kubelet now exports a "server_expiration_renew_failure" and "client_expiration_renew_failure" metric counter if the certificate rotations cannot be performed. (#84614, @rphillips) [SIG API Machinery, SIG Auth, SIG CLI, SIG Cloud Provider, SIG Cluster Lifecycle, SIG Instrumentation, SIG Node, and SIG Release]
• kubeadm: add a upgrade health check that deploys a Job ([#81319](https://github.com/kubernetes/kuberne

saschagrunert

New Features

• Following metrics have been turned off:
  • apiserver_request_count
  • apiserver_request_latencies
  • apiserver_request_latencies_summary
  • apiserver_dropped_requests
  • etcd_request_latencies_summary
  • apiserver_storage_transformation_latencies_microseconds
• apiserver_storage_data_key_generation_latencies_microseconds

saschagrunert

v1.16.1

Documentation

Downloads for v1.16.1

filename	sha512 hash
kubernetes.tar.gz	cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
kubernetes-src.tar.gz	cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

saschagrunert

New Features

• Fixed binding of block PersistentVolumes / PersistentVolumeClaims when BlockVolume feature is off. (#84049, @jsafrane)

  Courtesy of SIG Apps, and SIG Storage

Notes From Multiple SIGs

SIG API Machinery, and SIG Testing

saschagrunert

New Features

• Profiling is enabled by default in the scheduler (#84835, @denkensk), SIG Scheduling
• Adding initial EndpointSlice metrics. (#83257, @robscott), SIG Apps, and SIG Network
• add azure disk encryption(SSE+CMK) support (#84605, @andyzhangx), SIG Cloud Provider, and SIG Storage
• Reduce default NodeStatusReportFrequency to 5 minutes. With this change, periodic node status updates will be send every 5m if node status doesn't change (otherwise they are still send with 10s).

Bump NodeProblemDetector version to v0.8.0 to reduce forced NodeStatus updates frequency to 5 minutes. (#84007, @wojtek-t), SIG Cluster Lifecycle, SIG Node, SIG Scalability, and SI