Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:Update
kubernetes1.23.29114
kubernetes1.23.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File kubernetes1.23.changes of Package kubernetes1.23.29114
------------------------------------------------------------------- Thu May 25 09:19:39 UTC 2023 - Priyanka Saggu <priyanka.saggu@suse.com> - Security Patch Fix for CVE-2023-2727 (bsc#1211630) and CVE-2023-2728 (bsc#1211631) * added patch: kube-apiserver-admission-plugin-policy.patch * this new kube-apiserver component patch prevents ephemeral containers: ** from using an image that is restricted by ImagePolicyWebhook (CVE-2023-2727) ** from bypassing the mountable secrets policy enforced by the ServiceAccount admission plugin (CVE-2023-2728) ------------------------------------------------------------------- Wed Apr 12 12:34:43 UTC 2023 - Priyanka Saggu <priyanka.saggu@suse.com> - add kubernetes1.18-client-common as conflicts with kubernetes-client-bash-completion ------------------------------------------------------------------- Mon Mar 27 09:24:52 UTC 2023 - Robert Munteanu <rombert@apache.org> - Stronger conflicts for completion packages ------------------------------------------------------------------- Mon Mar 27 08:53:20 UTC 2023 - Robert Munteanu <rombert@apache.org> - Split individual completions into separate packages ------------------------------------------------------------------- Thu Mar 2 12:48:04 UTC 2023 - Priyanka Saggu <priyanka.saggu@suse.com> - update patch files to reflect upstream registry changes from k8s.gcr.io to registry.k8s.io * kubeadm-opensuse-registry.patch * revert-coredns-image-renaming.patch ------------------------------------------------------------------- Thu Mar 02 12:35:00 UTC 2023 - priyanka.saggu@suse.com - Update to version 1.23.17: * Release commit for Kubernetes v1.23.17 * releng: Update images, dependencies and version to Go 1.19.6 * Update golang.org/x/net to v0.7.0 * Pin golang.org/x/net to v0.4.0 * add scale test for probes * use custom dialer for http probes * use custom dialer for tcp probes * add custom dialer optimized for probes * egress_selector: prevent goroutines leak on connect() step. * tls.Dial() validates hostname, no need to do that manually * Fix issue that Audit Server could not correctly encode DeleteOption * Do not include scheduler name in the preemption event message * Do not leak cross namespace pod metadata in preemption events * pkg/controller/job: re-honor exponential backoff * releng: Update images, dependencies and version to Go 1.19.5 * Bump Konnectivity to v0.0.35 * Improve vendor verification works for each staging repo * Update to go1.19 * Adjust for os/exec changes in 1.19 * Update golangci-lint to 1.46.2 and fix errors * Match go1.17 defaults for SHA-1 and GC * update golangci-lint to 1.45.0 * kubelet: make the image pull time more accurate in event * change k8s.gcr.io/pause to registry.k8s.io/pause * use etcd 3.5.6-0 after promotion * changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14 * Add CVE-2021-25749 to CHANGELOG-1.23.md * Add CVE-2022-3294 to CHANGELOG-1.23.md * kubeadm: use registry.k8s.io instead of k8s.gcr.io * etcd: Updated to v3.5.5 * Bump konnectivity network proxy to v0.0.33. Includes a couple bug fixes for better handling of dial failures. [Agent & Server](https://github.com/kubernetes-sigs/apiserver-network-proxy/commits/v0.0.33) include numerous other fixes. * kubeadm: allow RSA and ECDSA format keys in preflight check * Fixes kubelet log compression on Windows * Reduce default gzip compression level from 4 to 1 in apiserver * exec auth: support TLS config caching * Marshal MicroTime to json and proto at the same precision * Windows: ensure runAsNonRoot does case-insensitive comparison on user name * update structured-merge-diff to 4.2.3 * Add rate limiting when calling STS assume role API * Fixing issue in generatePodSandboxWindowsConfig for hostProcess containers by where pod sandbox won't have HostProcess bit set if pod does not have a security context but containers specify HostProcess. ------------------------------------------------------------------- Tue Jul 19 05:05:54 UTC 2022 - jkowalczyk@suse.com - Update to version 1.23.9: * Do not skip job requeue in conflict error * kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join * Bump cAdvisor to v0.43.1 * Fix: filter out unsatisfied nodes when calling AddPod in PodTopologySpread * kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join * GIT-110239: fix activeDeadlineSeconds enforcement bug * fix: --chunk-size with selector returns missing result * Fixed winkernel proxy failing to query v1 endpoints created by dockershim CNIs * Winkernel proxier cache HNS data to improve syncProxyRules performance * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.8 * apiserver: printers should use int64 * add missing error handling steps * add missing error handling steps * fix image pulling failure when IMDS is unavailalbe in kubelet startup * fix: exclude non-ready nodes and deleted nodes from azure load balancers * Avoid updating Services with stale specs Fix the bug that service specs in servicesToUpdate may have been updated by clients. - Require only BuildRequires: golang(API) = 1.17 pinned Go major version. Remove potentially conflicting BuildRequires: go >= x.y.z. The plan for future updates is BuildRequires: golang(API) >= 1.17 minimum Go major version. ------------------------------------------------------------------- Tue Jul 19 04:39:46 UTC 2022 - jkowalczyk@suse.com - Update to version 1.23.8: * Revert "Automated cherry pick of #109124: Winkernel proxier cache HNS data to improve syncProxyRules" * test: update graceful node shutdown e2e with watch * move the ignore logic higher up to the reconciler * Ignore EndpointSlices that are already marked for deletion * kubelet: Mark ready condition as false explicitly for terminal pods * agnhost: bump version 2.39 * Update Go to 1.17.11 * add service e2e tests * kubelet: add e2e test to verify probe readiness * kubelet: only shutdown probes for pods that are terminated * kubelet: Pod probes should be handled by pod worker * Enable resize feature * Reject proxy requests to 0.0.0.0 as well * ipvs: fix prevent concurrent map read and map write for 1.23 * cpu manager policy set to none, no one remove container id from container map, lead memory leak * fix audit union loop variables in closures * Updating e2e test to check EndpointSlices and Endpoints as well * e2e: services with evicted pods doesn't have endpoints * e2e test for evicted pods * endpoints controller: don't consider terminal endpoints * endpointslices: terminal pods doesn't receive enpoints * add pod util to verify pod is terminal * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.7 * Add test for checking ephemeral volume expansion * Fix resizing of ephemeral volumes * untangle fix with healthCheck feature * Winkernel proxier cache HNS data to improve syncProxyRules performance * Skip updating Endpoints and EndpointSlice if no relevant fields change ------------------------------------------------------------------- Tue Jul 19 03:51:42 UTC 2022 - jkowalczyk@suse.com - Update to version 1.23.7: * Fix requests scope classification * Update Go to 1.17.10 * authn: fix cache mutation by AuthenticatedGroupAdder * GCE: skip updating and deleting external loadbalancers if service is managed outside of service controller * Wait for cache to sync in job's TestWatchOrphanPods * Fix OpenAPI loading error caused by empty APIService * Test Foreground deletion in job integration * Fix removing finalizer from finished jobs * Don't mark job as failed until expectations are satisfied * Integration test for backoff limit and finalizers * component-base: replace url in rest client metrics * fix broken find command * Allow KUBE_TEST_REPO_LIST to be a remote url as well * Disable JobTrackingWithFinalizers due to unresolved bug * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.6 * Correct event registration for multiple scheduler plugins. * kubelet: rename closeAllConns to onHeartbeatFailure * kubelet apiserver: be gentle closing connections on heartbeat failures * fix: race detected in TestErrConnKilled * Replace hardcoded kubectl with kubectl.Name() * kubectl: fix hard-coded value in zsh completion * kubeadm: add etcd flag for member data consistency * Fix a bug that out-of-tree plugin is misplaced when using scheduler v1beta3 config * ipvs: remove port opener * iptables: remove port opener * azure_file: try to get secret namespace from ClaimRef * azure_file: add namespace tests for InTree to CSI conversion ------------------------------------------------------------------- Tue Jul 19 02:20:39 UTC 2022 - jkowalczyk@suse.com - Update to version 1.23.6: * Update Go to 1.17.9 * Fix: abort nominating a pod that was already scheduled to a node * Fix the overestimated cost of deletaged API requests in P&F * omit enums from static openapi snapshots used to generate clients * Drop enum tag from certificate request condition * Addresses the issue which caused #109115 * Add test for indexer with multiple values * Reduce number of pods in Job+GC tests * Adjust validation checks to pass for both client-side and server-side validation * Remove finalizer when orphaned * Fix: Clean job tracking finalizer from orphan pods * Add test for Background delete propagation * Add integration test for orphan pods when there is GC * Copy request in timeout handler * kube-up: use registry.k8s.io for containerd-related jobs * kubelet: If the container status is created, we are waiting * e2e: Wait only for the service account * e2e: Wait for kube-root-ca.crt to be created * client-go: update generated * default kubernetes agent for generated clients * Include pod UID in secret/configmap cache key * Move kubelet secret and configmap manager calls to sync_Pod functions * test: Verify that nodes do not transition to Failed while ready * test: Add E2E for job completions with cpu reservation * test: Add E2E for init container pod deletion * kubelet: Delay writing a terminal phase until the pod is terminated * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.5 * generated: make update * polish comments of non-enum values. * unmark non-validated types as enums. ------------------------------------------------------------------- Tue Jul 19 01:41:18 UTC 2022 - jkowalczyk@suse.com - Update to version 1.23.5: * Remove apf_fd from httplog * Update Go to 1.17.8 * cluster/gce: update konnectivity image tags to v0.0.30 * bump sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.0.30 * fix dryrun when ca file exists * fix regression introduced by PR 100320 * Add unit tests * Fix nodes volumesAttached status not updated * Fix default config flags * test/e2e/framework: include the new control plane taint * kubelet: Clean up a static pod that has been terminated before starting * Add an e2e test for updating a static pod while it restarts * cronjob_controllerv2: do not filter jobs to be reconciled by labels * kube-proxy: fix duplicate port opening * increase Azure ACR credential provider timeout * Updating EndpointSlice strategy to retain node name in topology until field is set * fix: do not return early in the node informer when there is no change of the topology label. * /test/e2e_kubeadm: adjust label checks for 1.23 * Ignore container notfound error while getPodstatuses * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.4 * Add PDB selector patch integration test * Revert v1beta1 PodDisruptionBudget select patchStrategy * test/e2e_kubeadm: fix matching UnversionedKubeletConfigMap defaults * kubeadm: fix the bug that 'kubeadm init --dry-run --upload-certs' command failed with 'secret not found' error * wrap error from RunCordonOrUncordon ------------------------------------------------------------------- Wed Mar 16 12:29:58 UTC 2022 - rbrown@suse.com - Update to version 1.23.4: * Update Go to 1.17.7 * Use serializable struct for x-kubernetes-validations in openapi * Make JSON schema round tripping test more strict * ignore CRI PodSandboxNetworkStatus for host network pods * set secondary address on host-network pods * Deeply copy JSONSchemaProps.XValidations. * Ensure the execHostnameTest() compares hostnames * Revert "Fix comparison between FQDN and hostname" * service REST: Call Decorator(old) on update path * add namespace in azurefile volumeid * fix: azurefile volumeid conflict in csi migration * Mark device as uncertain if unmount device succeeds * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.3 * kubelet: fix podstatus not containing pod full name * Fix bug with node restriction blocking pvc.status.resizestatus change * Fix regression pruning array fields with x-kubernetes-preserve-unknown-fields: true * Set max results if its not set * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.2 * Update k/utils to v0.0.0-20211116205334-6203023598ed * [go] update to Go 1.17.6 * fix: remove outdated ipv4 route when the corresponding node is deleted * fix: delete non existing disk issue * Revert "Automated cherry pick of #107554: Correct the feature gate string for RBD migration." * fix containers order after applying * generated: ./hack/update-vendor.sh * upgrade sigs.k8s.io/structured-merge-diff/v4 to v4.2.1 * Execute sync before taking the snapshot * Correct the feature gate string for RBD migration. * fix: azuredisk parameter lowercase translation issue * removed unnecessary log line * kubectl: add integration test for result reporting * cli: let kubectl handle error printing * cli: avoid logging command line errors in more cases * Fix header mutation race in timeout filter * clear pod's .status.nominatedNodeName when necessary * use node informer to check volumes attachment status before backoff * When volume is not marked in-use, do not backoff * kubeadm: remove the restriction that the ca.crt can only contain one certificate * flake fix: remove the error handler for cronjob integration test * Fix the leak of vSphere client sessions * fix nil pointer in create secret commands * Fix order of commands in the snapshot tests for persistent volumes * client-go: Clear the ResourceVersionMatch on paged list calls * Improving performance of EndpointSlice controller metrics cache * fix the error when cleaning up jobs for cronjob * Update CHANGELOG to add missing release notes. * apf: ensure exempt request notes the classification * Enabling kube-proxy metrics on windows kernel mode * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.1 * add gce loadbalancer no-op finalizer and existingFwdRule tests * disable gce service handling if has rbs forwarding rule * add ELBRbsFinalizer * add gce elb rbs opt-in annotation * cherry pick of knp 0.0.27 * Remove JSON logging performance regression * Re-introduce removed kubectl --dry-run values. * Point flowcontrol users at v1beta2 * [go1.17] Update to go1.17.5 * dependencies: Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63 * mount-utils: Detect potential stale file handle * Skip creating HNS loadbalancer with empty endpoints * Add regression test for CPUManager distribute NUMA algorithm * Add unit test for CPUManager distribute NUMA algorithm verifying fixes * Fix accounting bug in CPUManager distribute NUMA policy * Fix error handling in CPUManager distribute NUMA tests * Add a sum() helper to the CPUManager cpuassignment logic * Allow the map.Values() function in the CPUManager to take a set of keys * Fix CPUManager algo to calculate min NUMA nodes needed for distribution * Fix unit tests following bug fix in CPUManager for map functions (2/2) * Fix unit tests following bug fix in CPUManager for map functions (1/2) * Fix bug in CPUManager map.Keys() and map.Values() implementations * Ensure we balance across *all* NUMA nodes in NUMA distribution algo * Short-circuit CPUManager distribute NUMA algo for unusable cpuGroupSize * Round the CPUManager mean and stddev calculations to the nearest 1000th * updated deprecation messages from 1.23 to 1.24 * kubelet: set failed phase during graceful shutdown * kubeadm: avoid requiring a CA key during kubeconfig expiration checks * kubeadm: print the CA of kubeconfig files in "check expiration" * kubeadm: validate local etcd certficates during expiration checks * publishing-bot/doc: add component-helpers to the readme * publishing-bot/rules: remove non existing component-helpers branch 1.19 from the rules * Changelog: mention kube-scheduler bits deprication * rbd: initialize ceph monitors slice with an empty value. * Direct v2betaX users to migrate to HPA v2 * DelegateFSGroupToCSIDriver e2e: skip tests with chgrp * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.0 * [go1.17] Update to go1.17.4 ------------------------------------------------------------------- Mon Feb 7 16:21:21 UTC 2022 - Dirk Müller <dmueller@suse.com> - avoid bashism in client-common postinstall script (bsc#1195391) ------------------------------------------------------------------- Thu Jan 13 12:26:35 UTC 2022 - Richard Brown <rbrown@suse.com> - Increase _constraints to 13GB ------------------------------------------------------------------- Thu Dec 16 09:10:32 UTC 2021 - Richard Brown <rbrown@suse.com> - Restore & rebase revert-coredns-image-renaming.patch from kubernetes1.22. Looks like it's still needed until all supported k8s versions allow us to change how we publish coredns containers ------------------------------------------------------------------- Wed Dec 8 14:51:07 UTC 2021 - Richard Brown <rbrown@suse.com> - Initial Package
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor