v1.32.0-rc.0
v1.32.0-beta.0
v1.32.0-alpha.3
v1.32.0-alpha.2
v1.32.0-alpha.1

v1.32.0-rc.0

Downloads for v1.32.0-rc.0

Source Code

filename	sha512 hash
kubernetes.tar.gz	eaa85d26d9315bfe43b2d0e25c317c6a756b031f9c63b14ab1c06a1970b9e2498ecde4dc6c431b926f1b700c02f232e8b63a4e1e02cd3af8cba45a140feba002
kubernetes-src.tar.gz	c7589b72811610703d7ac405f6cbfc20d319015f09a0dc9809bc88db706c95eca2b1329be45f370b185e346393aef823f50dc79a5a7151ba6ca168e7ffbd3b09

Client Binaries

filename	sha512 hash
kubernetes-client-darwin-amd64.tar.gz	6294ea5125483ae5c9273a29cff85cdd2322f1ca240f6f3eb03455314d01c55b1869a4d6ff496522b5b76823760cad28c786ca528883bc54b3cdb4e85c5063c8
kubernetes-client-darwin-arm64.tar.gz	4ba6e849650b19a3bf98ff978b26bb6ff2c5539aeb6766048b2fb36c5fce98d84f482607230df43553263d7def611e467dfdaac64282b99d59d585eb54878d33
kubernetes-client-linux-386.tar.gz	fe2aa6e4b8aa963b37b19fbe4c235e5e19c1c374da6b33723d36081bc5e13348a9ba4c2ceb01b4729a514995e9f3ff8dbe8c34576b3620634dfc15e7031dcda6
kubernetes-client-linux-amd64.tar.gz	38a9c36075c1f75cf9dc36dedd1d4d7c37dc5f7d012d427ebaebee2b7a54a816aac73d6054e936f4168b272156975b4addec2224902bd15bf64b74885b6d3a86
kubernetes-client-linux-arm.tar.gz	05f76c05874aee0b1c76c0be855efd1e56241b3cd8b1ae371856052a85de2fed69705438cefd616e85e7d2af512882a7de7fb5cb065f1b14b1877bb4bc5552db
kubernetes-client-linux-arm64.tar.gz	2021324d205a091d1c06cf913dc7207d322e9a6fb4b5befa453ecaf740e6438ed1ed7f81c8140e78ac1d5e69f657af13fe0c1334f3adafebf7fcec9996d6bbe2
kubernetes-client-linux-ppc64le.tar.gz	87bee10e358781a63345d67f86184a2702ee9fa9cd81b6647fc852b56160a28faf3c008c7a43ca78cc5d675b23d4952f4ca64382fe16930313eec2d381ddc636
kubernetes-client-linux-s390x.tar.gz	734d62b86165aeda36a994b7493a8514565d3ad12fea67fff231d161021fbeddbf1e694c18f597a4f873b00fc2d0d2c2d6e1a60f74714fb9959d4989e5e94f31
kubernetes-client-windows-386.tar.gz	80faf17e8aebbf682f577cac4968dd472108ce6f9f16ecc8167fa13d6a31928fb4f87ba51fe2becabea73296dbd2b7a551dded4d4f172066576533c3eda46d78
kubernetes-client-windows-amd64.tar.gz	f97ca8359f4c466d43bbc824f508ea8668f00a73f348abaf4b08743d7c7ac05624b927f1a572f7f11f28861c9bf4f7d4c37c052e57c360062b529791603e820f
kubernetes-client-windows-arm64.tar.gz	a26953011fbd955fd9a8faeaa350a44b42e7adb99daf4ba0eaa7f738c2c4ddbb1d43f8f09b80926e1239466d81340978dd70f8a4657847059e074cc801bf9267

Server Binaries

filename	sha512 hash
kubernetes-server-linux-amd64.tar.gz	9e9a615e67971410ca4094e3521908cc929f40a38a7939cec09411f80e6b6d34273af3f5a9e18b3cc3e4b9a94cea4ffb414581c25a9d61d905e9dc1d98bd0e15
kubernetes-server-linux-arm64.tar.gz	352d53b50b0931cf8f9e447de26aa00cbdb4883104ef769264bf1068b65fc7997f8fce19b97145c0288894791f724f7048c220dd08589393d713c527cc23ed75
kubernetes-server-linux-ppc64le.tar.gz	3b675db6bc25b36e1be5f753d7e37c44062ed04d06303461919fa42ea1ac1a5b65ee90f081db2095086e5f7a5bc5ba875feca76da5bbf1a7d0de56e351de07e9
kubernetes-server-linux-s390x.tar.gz	9871b11b070edbe28d9aee8ee75079a748ac0b82f7f8e65cfcbdc078730585111eb437762d152c7a2d7be883e4c89edcbc9e036559316fd32361571be082df9e

Node Binaries

filename	sha512 hash
kubernetes-node-linux-amd64.tar.gz	daa150e2b95822f9444fd278c2561f14b55ae69bf34c442c7aee52a48979dbb61a14da476a9d0aaa17ab557a46b75eea43342b173f001c1d04a520bae9ea2c2b
kubernetes-node-linux-arm64.tar.gz	57166c47374c28b7c3ad0214edc98a252f1f3b5390cd2d4ad9a043bc5ed7a5819d1e5503607277492b7a1d405ace3a06d9803464018790a3a761368184230241
kubernetes-node-linux-ppc64le.tar.gz	a077fcf0579f4631fca7a07f7a972971bdf29f46faca2a96de84c036a237b1523306c9aa46e395d11c1fc18bde8d9700c87ca658c4e3abd4be75ec231ad72c42
kubernetes-node-linux-s390x.tar.gz	452721c3c39d6800d335a5f4cbd672f8cf52555c97850497530951e979a742fcb045963e7d7b88ad436f258bda1ee42b8fbc3cad57dc9f5ff92f55be4edc0ae6
kubernetes-node-windows-amd64.tar.gz	f09db4e3c81b8dea49d05efa7de6f5ac2c783c93b22f939707811a3f295c770a8b900cd83d91a3fda37c01b22d2c39e6c7710d3f8fad3d4ffc8d1117dd7b09e1

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name	architectures
registry.k8s.io/conformance:v1.32.0-rc.0	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.32.0-rc.0	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.32.0-rc.0	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.32.0-rc.0	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.32.0-rc.0	amd64, arm64, ppc64le, s390x
registry.k8s.io/kubectl:v1.32.0-rc.0	amd64, arm64, ppc64le, s390x

Changelog since v1.32.0-beta.0

Changes by Kind

API Change

A new /resize subresource was added to request pod resource resizing. Update your k8s client code to utilize the /resize subresource for Pod resizing operations. (#128266, @AnishShah) [SIG API Machinery, Apps, Node and Testing]
A new feature that allows unsafe deletion of corrupt resources has been added, it is disabled by default, and it can be enabled by setting the option --feature-gates=AllowUnsafeMalformedObjectDeletion=true. It comes with an API change, a new delete option ignoreStoreReadErrorWithClusterBreakingPotential has been introduced, it is not set by default, this maintains backward compatibility. In order to perform an unsafe deletion of a corrupt resource, the user must enable the option for the delete request. A resource is considered corrupt if it can not be successfully retrieved from the storage due to a) transformation error e.g. decryption failure, or b) the object failed to decode. Normal deletion flow is attempted first, and if it fails with a corrupt resource error then it triggers unsafe delete. In addition, when this feature is enabled, the 'details' field of 'Status' from the LIST response includes information that identifies the corrupt object(s). NOTE: unsafe deletion ignores finalizer constraints, and skips precondition checks. WARNING: this may break the workload associated with the resource being unsafe-deleted, if it relies on the normal deletion flow, so cluster breaking consequences apply. (#127513, @tkashem) [SIG API Machinery, Etcd, Node and Testing]
Add a Stream field to PodLogOptions, which allows clients to request certain log stream(stdout or stderr) of the container. Please also note that the combination of a specific Stream and TailLines is not supported. (#127360, @knight42) [SIG API Machinery, Apps, Architecture, Node, Release and Testing]
Add driver-owned fields in ResourceClaim.Status to report device status data for each allocated device. (#128240, @LionelJouin) [SIG API Machinery, Network, Node and Testing]
Added singleProcessOOMKill flag to the kubelet configuration. Setting that to true enable single process OOM killing in cgroups v2. In this mode, if a single process is OOM killed within a container, the remaining processes will not be OOM killed. (#126096, @utam0k) [SIG API Machinery, Node, Testing and Windows]
Added alpha support for asynchronous Pod preemption. When the SchedulerAsyncPreemption feature gate is enabled, the scheduler now runs API calls to trigger preemptions asynchronously for better performance. (#128170, @sanposhiho) [SIG Scheduling and Testing]
Added the ability to change the maximum backoff delay accrued between container restarts for a node for containers in CrashLoopBackOff. To set this for a node, turn on the feature gate KubeletCrashLoopBackoffMax and set the CrashLoopBackOff.MaxContainerRestartPeriod field between "1s" and "300s" in your kubelet config file. (#128374, @lauralorenz) [SIG API Machinery and Node]
Adds a /flagz endpoint for kube-apiserver endpoint (#127581, @richabanker) [SIG API Machinery, Architecture, Auth and Instrumentation]
Changed the Pod API to support resources at spec level for pod-level resources. (#128407, @ndixita) [SIG API Machinery, Apps, CLI, Cluster Lifecycle, Node, Release, Scheduling and Testing]
ContainerStatus.AllocatedResources is now guarded by a separate feature gate, InPlacePodVerticalSaclingAllocatedStatus (#128377, @tallclair) [SIG API Machinery, CLI, Node, Scheduling and Testing]
Coordination.v1alpha1 API is dropped and replaced with coordination.v1alpha2. Old coordination.v1alpha1 types must be deleted before upgrade (#127857, @Jefftree) [SIG API Machinery, Etcd, Scheduling and Testing]
DRA: Restricted the length of opaque device configuration parameters. At admission time, Kubernetes enforces a 10KiB size limit. (#128601, @pohly) [SIG API Machinery, Apps, Auth, Etcd, Node, Scheduling and Testing]
Introduce v1alpha1 API for mutating admission policies, enabling extensible admission control via CEL expressions (KEP 3962: Mutating Admission Policies). To use, enable the MutatingAdmissionPolicy feature gate and the admissionregistration.k8s.io/v1alpha1 API via --runtime-config. (#127134, @jpbetz) [SIG API Machinery, Auth, Etcd and Testing]
NodeRestriction admission now validates the audience value that kubelet is requesting a service account token for is part of the pod spec volume. This change is introduced with a new kube-apiserver featuregate ServiceAccountNodeAudienceRestriction that's enabled by default. (#128077, @aramase) [SIG Auth, Storage and Testing]
Promoted feature gate StatefulSetAutoDeletePVC from beta to stable. (#128247, @mattcary) [SIG API Machinery, Apps, Auth and Testing]
Removed restrictions on subresource flag in kubectl commands (#128296, @AnishShah) [SIG CLI]
The core functionality of Dynamic Resource Allocation (DRA) got promoted to beta. No action is required when upgrading, the previous v1alpha3 API is still supported, so existing deployments and DRA drivers based on v1alpha3 continue to work. Downgrading from 1.32 to 1.31 with DRA resources in the cluster (resourceclaims, resourceclaimtemplates, deviceclasses, resourceslices) is not supported because the new v1beta1 is used as storage version and not readable by 1.31. (#127511, @pohly) [SIG API Machinery, Apps, Auth, Etcd, Node, Scheduling and Testing]

Feature

Add a one-time random duration of up to 50% of kubelet's nodeStatusReportFrequency to help spread the node status update load evenly over time. (#128640, @mengqiy) [SIG Node]
Added Windows support for the node memory manager. (#128560, @marosset) [SIG Node and Windows]
Added a health check for the device plugin gRPC registration server. When the registration server is down, kubelet is marked as unhealthy. If systemd watchdog is configured, this will result in a kubelet restart. (#128432, @zhifei92) [SIG Node]
Added a new controller, volumeattributesclass-protection-controller, into the kube-controller-manager. The new controller manages a protective finalizer on VolumeAttributesClass objects. (#123549, @carlory) [SIG API Machinery, Apps, Auth and Storage]
Added the feature gate CBORServingAndStorage to allow CBOR as the encoding for API request and response bodies, and as the storage encoding for custom resources. Clients must opt in; programs built with client-go can do this using the client-go feature gates ClientsAllowCBOR and ClientsPreferCBOR. (#128539, @benluddy) [SIG API Machinery, Etcd and Testing]
Adds a /statusz endpoint for kube-apiserver endpoint (#125577, @richabanker) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Instrumentation, Network, Node and Testing]
Adopted a new implementation of watch caches for list verbs, using a btree data structure. The new implementation is active by default; you can opt out by disabling the BtreeWatchCache feature gate. (#128415, @serathius) [SIG API Machinery, Auth and Cloud Provider]
Considering sidecar container restart counts when removing pods by job controller (#124952, @AxeZhan) [SIG Apps and CLI]
Enabled graceful shutdown feature for Windows node (#127404, @zylxjtu) [SIG Node, Testing and Windows]
Ensure resizing for Guaranteed pods with integer CPU requests on nodes with static CPU & Memory policy configured is not allowed for the beta release of in-place resize. The feature gate InPlacePodVerticalScalingExclusiveCPUs defaults to false, but can be enabled to unblock development on (#127262, @tallclair) [SIG Node]. (#128287, @esotsal) [SIG Node, Release and Testing]
Graduated SchedulerQueueingHints to beta; the feature gate is now enabled by default. (#128472, @sanposhiho) [SIG Scheduling]
Introduce a new metric kubelet_admission_rejections_total to track the number of pods rejected during admission (#128556, @AnishShah) [SIG Node]
Kube-apiserver adds support for an alpha feature enabling external signing of service account tokens and fetching of public verifying keys, by enabling the alpha ExternalServiceAccountTokenSigner feature gate and specifying --service-account-signing-endpoint. The flag value can either be the location of a Unix domain socket on a filesystem, or be prefixed with an @ symbol and name a Unix domain socket in the abstract socket namespace. (#128190, @HarshalNeelkamal) [SIG API Machinery, Apps, Auth, Etcd, Instrumentation, Node, Release and Testing]
Kubeadm: added the feature gate NodeLocalCRISocket. When the feature gate is enabled, kubeadm will generate the /var/lib/kubelet/instance-config.yaml file to customize the containerRuntimeEndpoint field in the kubelet configuration for each node and will not write the same CRI socket on the Node object as an annotation. (#128031, @HirazawaUi) [SIG Cluster Lifecycle]
Kubernetes is now built with go 1.23.3 (#128852, @cpanato) [SIG Release and Testing]
Updated the control plane's trust anchor publisher to create and manage a new ClusterTrustBundle object, associated with the kubernetes.io/kube-apiserver-serving X.509 certificate signer. This ClusterTrustBundle contains a PEM bundle in its payload that you can use to verify kube-apiserver serving certificates. (#127326, @stlaz) [SIG API Machinery, Apps, Auth, Cluster Lifecycle and Testing]
Version skew strategy update for InPlacePodVerticalScaling for beta graduation. (#128186, @sreeram-venkitesh) [SIG Apps]

Bug or Regression

1. When the kubelet constructs the cri mounts for the container which references an image volume source type, It passes the missing mount attributes to the CRI implementation, including readOnly, propagation, and recursiveReadOnly. When the readOnly field of the containerMount is explicitly set to false, the kubelet will take the readOnlyas true to the CRI implementation because the image volume plugin requires the mount to be read-only.
2. Fix a bug where the pod is unexpectedly running when the image volume source type is used and mounted to /etc/hosts in the container. (#126806, @carlory) [SIG Node and Storage]
Add warnings for overlap paths in ConfigMap, Secret, DownwardAPI, Projected
- Add warning for cases when ProjectedVolume with sources is provided. (#121968, @Peac36) [SIG Auth]
DRA: labels in node selectors now are validated. Invalid labels already caused runtime errors before and are unlikely to occur in practice. (#128932, @pohly) [SIG Apps]
DRA: renamed the new "v1beta1" kubelet gPRC so that the protobuf package name is unique. (#128764, @pohly) [SIG Node and Testing]
Fixed a bug where the pod(with regular init containers)'s phase was not pending when the regular init container had not finished running after a node restart. (#126653, @zhifei92) [SIG Node and Testing]
Fixed the incorrect help message of a metric "graceful_shutdown_end_time_seconds". Fixed incorrect value set for metrics "graceful_shutdown_start_time_seconds" and "graceful_shutdown_end_time_seconds" in certain cases during graceful node shutdown. (#128189, @zylxjtu) [SIG Node]
Fixes a race condition that could result in erroneous volume unmounts for flex volume plugins on kubelet restart (#128495, @olyazavr) [SIG Storage]
StartupProbe is stopped explicity when successThrethold is reached. This eliminates the problem that StartupProbe is executed more than successThrethold. (#121206, @mochizuki875) [SIG Node]

Other (Cleanup or Flake)

CBOR-encoded watch responses now set the Content-Type header to "application/cbor-seq" instead of the nonconformant "application/cbor". (#128501, @benluddy) [SIG API Machinery, Etcd and Testing]
DRA: DRA driver authors should update their DRA drivers to use the v1beta1 gRPC API. The older alpha API still works, but might get removed eventually. (#128646, @pohly) [SIG Node and Testing]
Drop support for InPlacePodVerticalScaling feature in Windows. (#128623, @AnishShah) [SIG Apps and Node]
Fake clientsets use a common, generic implementation. The corresponding structs are now private, callers must use the corresponding constructors. (#126503, @skitt) [SIG API Machinery, Architecture, Auth and Instrumentation]
Removed support for removing requests and limits during a pod resize. (#128683, @AnishShah) [SIG Apps, Node and Testing]
Removed support for the kubelet --runonce mode. If you specify the kubelet command line flag --runonce, this is an error. Setting runOnce in a kubelet configuration file is also an error, and specifying any value for that configuration option is now deprecated. (#126336, @HirazawaUi) [SIG Node and Scalability]
Revised error handling for port forwards to Pods. Added stream stream resets preventing port-forward from blockage. (#128681, @soltysh) [SIG API Machinery, CLI and Testing]
The feature-gate "PodHostIPs" has been removed. It is GA and its value has been locked since Kubernetes v1.30. (#128634, @thockin) [SIG Apps, Architecture, Node and Testing]
With the CBORServingAndStorage feature gate enabled, built-in APIs can be served in CBOR format for clients that request it. (#128503, @benluddy) [SIG API Machinery, Etcd and Testing]

Dependencies

Added

Nothing has changed.

Changed

cel.dev/expr: v0.15.0 → v0.18.0
github.com/Microsoft/hnslib: v0.0.7 → v0.0.8
github.com/google/cel-go: v0.21.0 → v0.22.0
github.com/opencontainers/selinux: v1.11.0 → v1.11.1
google.golang.org/genproto/googleapis/api: 5315273 → f6391c0
google.golang.org/genproto/googleapis/rpc: f6361c8 → f6391c0
k8s.io/kube-openapi: f7e401e → 32ad38e

Removed

go.opencensus.io: v0.24.0

v1.32.0-beta.0

Downloads for v1.32.0-beta.0

Source Code

filename	sha512 hash
kubernetes.tar.gz	bb901478a959462a53748044c13fc4bd724ee8ac778c2c474446ce4229c925664e45744f37f16d278926348528076051ecd5b52035fe4deddd87a6dc7399a691
kubernetes-src.tar.gz	9c3d0ab91df95d62801501de594d988e296061ba8eb48172aa11c54a851915e7090b8beeb54890fa1dbc4068f9f255c5daa5f0f58b399b065ab40b13397956d1

Client Binaries

filename	sha512 hash
kubernetes-client-darwin-amd64.tar.gz	b3241c51e8dd477e4fea33bfbf6fb4703d7496751af3694908477134401a42f10c6fb94335821b0a8ee674e33ef61cbe34e095561d479ba9178470e6b07fbec7
kubernetes-client-darwin-arm64.tar.gz	a8cf6c966a74e17d94ba237b305abe7731429c5cb1b937a7aaa97b28e3e65ce5b4dc386095fbc6929a61f04159c72857dce937f737630e7f9f9acbcf3e7d4621
kubernetes-client-linux-386.tar.gz	e95240b371c4bc1076fc1fce8b09e1997068b7dd238a037b4940b3b970024b83146f528d562b9d9522acdd24a16bfacae45079c92eaafe8fa052b380c4e46d68
kubernetes-client-linux-amd64.tar.gz	9dd52cd0e433ee9d4045495288da615281980fbf22c2a889494e7811bacc9fe5269aa475c34421671090fec3a14e16c41a254e2047b4363731dc7e390e0c747c
kubernetes-client-linux-arm.tar.gz	c31a8d7046cf87b7b10100dc185d793cb46ea6c15822feb05b0203bd463714627c4722f048cff6d1128e323847df167aaa8659c37a2c897576feadb74898ca8e
kubernetes-client-linux-arm64.tar.gz	cce0c249dd0ea45b7a39ca3c3a45b2779a105c6422f0c6b90d5085b3a2f3f926180735efdcabc1f17076d7f3858429bc69f2c2c623047e9bfc96d3aebc9d7b65
kubernetes-client-linux-ppc64le.tar.gz	12e41f7b22ad3303b97a05988e2fe53d783ca76df6c2c01d6045c0d3503e5abe62dc5dafe2f04fd1b9f83467b5b31e94da15b4034f1efdfb8a24f61d71f5fb7a
kubernetes-client-linux-s390x.tar.gz	6c6987962d7b4919f560a0242eaf948b739fc5dc0a992dfc410e39cb75da6ca869a08c51e6b3fab0b341cb00da3a6eb36842421b16f3f1b6119334282cf56043
kubernetes-client-windows-386.tar.gz	0f2adfe62d917d405bf7d238adfbf945b6aa898c7d9d536afd457f7b71727dd99853b42cc8ecd61435f6e1816689afed359bed88492906f4607a2cfac1bd8076
kubernetes-client-windows-amd64.tar.gz	d26970c2331a18ededd36b4bbf3ccd1b4b9d27dec4bce5ef5b84a78c55a698ea2a898deaa2d12f8093bcca9c5f4e9d53cedd3eebed81be44e40ff4a88a9b2751
kubernetes-client-windows-arm64.tar.gz	e80c1a02d23c156c9c448e33e405f5b7d9a8919236219efb9bfac34a4d0bf3935063d5e0570359bf3260f167ab443e49b46bbcfcee61ac160d2f513fff56e7e2

Server Binaries

filename	sha512 hash
kubernetes-server-linux-amd64.tar.gz	0f7150b39e607e8543296b46b32c7b90a8afe4980051f3d15a447091d6019db501a6de37ecd94e24cfc943b6edb3e555f09ed5098dae070f38fbf439720a69c7
kubernetes-server-linux-arm64.tar.gz	925964b3dbbb96cb4f8e78a983d49926304a63b216a0163d6602c564614f090fe0db55da31b808643ed77e238c03775e91664c614f4a05fb6309119106585f22
kubernetes-server-linux-ppc64le.tar.gz	8b1c42c01db9687b948082aa93ef3ce9ea33aa36c4c55de471c12e06f71a2f4af4c1942f8a8f7744fc5cb28fefdf77d8784ff33d9af8d401c3bed2fa835142ae
kubernetes-server-linux-s390x.tar.gz	8833ad6e984ffa427cb125cdc15759d1f03cebecd4f723209481d7ffcc1abc259851d7e8ffbf531af2bbd9166c1594e9730197edff157b8719b93e62af71bbcb

Node Binaries

filename	sha512 hash
kubernetes-node-linux-amd64.tar.gz	40d539f90ec3c3d9a8bc9df533dc6185a8313a0fb83045b77294e5896c6d9517941ceb5aa58012364136490b5c2ad73df59deb1f5e5a526177137cd08bacf360
kubernetes-node-linux-arm64.tar.gz	d2edaba95fda9f658b16dfc127451ad3f2d89a2ddc832caa1bf8d97c69931820675264593803042584dd7bcb1ea881c6b53e588e50a414d32fb9f643c36c5c90
kubernetes-node-linux-ppc64le.tar.gz	32bbf383c9d3f1386313f57096c51e5cb21fdd7842758abd99cf7e3275f78da70208534ec417d1ad2af1b54dc976416d1a007eb4e501db5b8a4757fc0cd7ccac
kubernetes-node-linux-s390x.tar.gz	cfc11d4d2d26df6c4504f620691e01a47250cf3b23a7337ffa63d36da91fca89b191f59e7f0d77395c91fa687829ff8bf228ee1cfb0c939f1b810756f0ae2ded
kubernetes-node-windows-amd64.tar.gz	b635f0e8a033ef48d519e1da6803a328aaacc0ddd8ae59e7b6b9b8908143c470e4a553a6723f13e795ba1d71ec3803bb976ec0a30896d4df0cc85178463b66a9

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name	architectures
registry.k8s.io/conformance:v1.32.0-beta.0	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.32.0-beta.0	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.32.0-beta.0	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.32.0-beta.0	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.32.0-beta.0	amd64, arm64, ppc64le, s390x
registry.k8s.io/kubectl:v1.32.0-beta.0	amd64, arm64, ppc64le, s390x

Changelog since v1.32.0-alpha.3

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

Fix the bug of InPlacePodVerticalScaling state un-marshalling. State stored in /var/lib/kubelet/pod_status_manager_state is now can always be read back after kubelet restart.

Since the checkpoint format was changed to fix the issue, if you are using the feature InPlacePodVerticalScaling, please clean up the state file /var/lib/kubelet/pod_status_manager_state when upgrading the kubelet as failrue to do it will lead to incompatible state formats and kubelet's failure to start. (#126620, @yunwang0911) [SIG Node]

Changes by Kind

Deprecation

ServiceAccount metadata.annotations[kubernetes.io/enforce-mountable-secrets]: deprecated since v1.32; no removal deadline. Prefer separate namespaces to isolate access to mounted secrets. (#128396, @ritazh) [SIG API Machinery, Apps, Auth, CLI and Testing]

API Change

DRA: scheduling pods is up to 16x faster, depending on the scenario. Scheduling throughput depends a lot on cluster utilization. It is higher for lightly loaded clusters with free resources and gets lower when the cluster utilization increases. (#127277, @pohly) [SIG API Machinery, Apps, Architecture, Auth, Etcd, Instrumentation, Node, Scheduling and Testing]
DRA: the DeviceRequestAllocationResult struct now has an "AdminAccess" field which should be used instead of the corresponding field in the DeviceRequest field when dealing with an allocation. If a device is only allocated for admin access, allocating it again for normal usage is now supported, as originally intended. To allow admin access, starting with 1.32 the DRAAdminAccess feature gate must be enabled. (#127266, @pohly) [SIG API Machinery, Apps, Auth, Etcd, Network, Node, Scheduling and Testing]
Implemented a new, alpha seLinuxChangePolicy field within a Pod-level securityContext, under SELinuxChangePolicy feature gate. This field allows for opting out from mounting Pod volumes with SELinux label when SELinuxMount feature is enabled (it is alpha and disabled by default now). Please see the KEP how we expect to warn users before any SELinux behavior changes and how they can opt-out before. Note that this field and feature gate is useful only with clusters that run with SELinux enabled. No action is required on clusters without SELinux. (#127981, @jsafrane) [SIG API Machinery, Apps, Architecture, Node, Storage and Testing]
Introduce v1alpha1 API for mutating admission policies, enabling extensible admission control via CEL expressions (KEP 3962: Mutating Admission Policies). To use, enable the MutatingAdmissionPolicy feature gate and the admissionregistration.k8s.io/v1alpha1 API via --runtime-config. (#127134, @jpbetz) [SIG API Machinery, Auth, Etcd and Testing]
Kube-proxy now reconciles Service/Endpoint changes with conntrack table and cleans up only stale UDP flow entries (#127318, @aroradaman) [SIG Network and Windows]
Removed generally available feature gate HPAContainerMetrics (#126862, @carlory) [SIG API Machinery, Apps and Autoscaling]

Feature

Add --concurrent-daemonset-syncs command line flag to kube-controller-manager. The value sets the number of workers for the daemonset controller. (#128444, @tosi3k) [SIG API Machinery]
Added a kubelet metrics to report informations about the cpu pools managed by cpumanager when the static policy is in use. (#127506, @ffromani) [SIG Node and Testing]
Added a new option strict-cpu-reservation for CPU Manager static policy. When this option is enabled, CPU cores in reservedSystemCPUs will be strictly used for system daemons and interrupt processing no longer available for any workload. (#127483, @jingczhang) [SIG Node]
Added metrics to measure latency of DRA Node operations and DRA GRPC calls (#127146, @bart0sh) [SIG Instrumentation, Network, Node and Testing]
Adopted a new implementation of watch caches for list verbs, using a btree data structure. The new implementation is active by default; you can opt out by disabling the BtreeWatchCache feature gate. (#128415, @serathius) [SIG API Machinery, Auth and Cloud Provider]
Allows PreStop lifecycle handler's sleep action to have a zero value (#127094, @sreeram-venkitesh) [SIG Apps, Node and Testing]
Fix: Avoid overwriting in-pod vertical scaling updates on systemd daemon reloads when using systemd (#124216, @iholder101) [SIG Node]
Graduate Kubelet Memory Manager to GA. (#128517, @Tal-or) [SIG Node]
Kubeadm: consider --bind-address or --advertise-address and --secure-port for control plane components when the feature gate WaitForAllControlPlaneComponents is enabled. Use /livez for kube-apiserver and kube-scheduler, but continue using /healthz for kube-controller-manager until it supports /livez. (#128474, @neolit123) [SIG Cluster Lifecycle]
Label apps.kubernetes.io/pod-index added to Pod from StatefulSets is promoted to stable Label batch.kubernetes.io/job-completion-index added to Pods from Indexed Jobs is promoted to stable (#128387, @alaypatel07) [SIG Apps]
PodLifecycleSleepAction is graduated to GA (#128046, @AxeZhan) [SIG Architecture, Node and Testing]
Promoted RecoverVolumeExpansionFailure feature gate to beta. (#128342, @gnufied) [SIG Apps and Storage]
Realign line breaks from kubectl explain descriptions. (#126533, @ah8ad3) [SIG CLI]
Vendor: update system-validators to v1.9.1 (#128533, @neolit123) [SIG Node]
Windows: Support CPU and Topology manager on Windows (#125296, @jsturtevant) [SIG Node and Windows]

Bug or Regression

Fix an issue where eviction manager was not deleting unused images or containers when it detected containerfs signal. (#127874, @AnishShah) [SIG Node]
Fixed a suboptimal scheduler preemption behavior where potential preemption victims were violating Pod Disruption Budgets. (#128307, @NoicFank) [SIG Scheduling]
Fixed an issue in the kubelet that showed when writeable layers and read-only layers were at different paths within the same mount. Kubernetes was previously detecting that the image filesystem was split, even when that was not really the case (#128344, @kannon92) [SIG Node]
Fixes a race condition that could result in erroneous volume unmounts for flex volume plugins on kubelet restart (#127669, @olyazavr) [SIG Storage]
Fixes the reporting of elapsed times during evaluation of ValidatingAdmissionPolicy decisions and annotations. The apiserver_validating_admission_policy_check_duration metrics will now show elapsed times and no longer be zero. (#128463, @knrc) [SIG API Machinery]
Kubeadm: added "disable success" and "disable denial" as parameters of the "cache" plugin in the Corefile managed by kubeadm. This is to prevent conflicting responses during CoreDNS cache updates. (#128359, @matteriben) [SIG Cluster Lifecycle]
Kubelet: Fix the volume manager didn't check the device mount state in the actual state of the world before marking the volume as detached. It may cause a pod to be stuck in the Terminating state due to the above issue when it was deleted. (#128219, @carlory) [SIG Node]
Makes kubelet's /metrics/slis endpoint always available (#128430, @richabanker) [SIG Architecture, Instrumentation and Node]
Tighten validation on the qosClass field of pod status. This field is immutable but it would be populated with the old status by kube-apiserver if it is unset in the new status when updating this field via the status subsource. (#127744, @carlory) [SIG Apps, Instrumentation, Node, Storage and Testing]

Other (Cleanup or Flake)

Removed generally available feature-gate ZeroLimitedNominalConcurrencyShares (#126894, @carlory) [SIG API Machinery]
The dynamicResources has been refactored to DynamicResources, now users can introduce the DynamicResources struct outside the dynamicresources package. (#128399, @JesseStutler) [SIG Node and Scheduling]

Dependencies

Added

github.com/checkpoint-restore/go-criu/v6: v6.3.0
github.com/moby/sys/user: v0.3.0

Changed

github.com/cilium/ebpf: v0.11.0 → v0.16.0
github.com/cyphar/filepath-securejoin: v0.2.4 → v0.3.4
github.com/google/cadvisor: v0.50.0 → v0.51.0
github.com/google/pprof: 813a5fb → d1b30fe
github.com/onsi/ginkgo/v2: v2.19.0 → v2.21.0
github.com/onsi/gomega: v1.33.1 → v1.35.1
github.com/opencontainers/runc: v1.1.15 → v1.2.1
github.com/urfave/cli: v1.22.1 → v1.22.14
google.golang.org/protobuf: v1.34.2 → v1.35.1
k8s.io/system-validators: v1.8.0 → v1.9.1
k8s.io/utils: 18e509b → 3ea5e8c
sigs.k8s.io/structured-merge-diff/v4: v4.4.1 → v4.4.2

Removed

github.com/checkpoint-restore/go-criu/v5: v5.3.0
github.com/containerd/cgroups: v1.1.0
github.com/daviddengcn/go-colortext: v1.0.0
github.com/frankban/quicktest: v1.14.5
github.com/golangplus/bytes: v1.0.0
github.com/golangplus/fmt: v1.0.0
github.com/golangplus/testing: v1.0.0
github.com/shurcooL/sanitized_anchor_name: v1.0.0

v1.32.0-alpha.3

Downloads for v1.32.0-alpha.3

Source Code

filename	sha512 hash
kubernetes.tar.gz	8e63fb26192ea5fcb01e678aefad000b24e4a3dd0c22786e799f32cb247b356acff608112e8da82265475a743ad6f261f412b0b6efbfeb2919a4cfa00ba9410d
kubernetes-src.tar.gz	ee32a2c0404876082b4bbc254692428cb149a14a1c2525053ce1ea95ea5de25513d694f035efe7c38902e0982fd92d130a3164e9e53b8439b3dc74b72a8faed0

Client Binaries

filename	sha512 hash
kubernetes-client-darwin-amd64.tar.gz	bd0f891706174cf4a6b4c201e24861d5e200c86e188eeb7fb61708164c64814826f362a425c01e687fc92124ed25b145cb5fc9b9ffa7e495d43c91247832f042
kubernetes-client-darwin-arm64.tar.gz	315c8b6cf7e8e2c677139bc89d717fc2c60e3ac44cc51dc90716c06f45ba534269fbdbe624781f20e3d785b24c6d9d4ef399b4ffc7b6392610c4d0531c24f707
kubernetes-client-linux-386.tar.gz	5128751b6e2be1cb2e84e326ffe4f356c05256b7afdb46c3d8378750b005be368364b6cc588f9d91fcc8ae30c1085f0cdd88889f48cdafa13dbb2c833d0f340d
kubernetes-client-linux-amd64.tar.gz	f73f8e6039b483f3427b379b109f574f06c075d6c1c9f7494d379f4408cc64445b7af3f7b269b693f0c55d3fb9c9239b7bb9b0040d71cf300123503178778544
kubernetes-client-linux-arm.tar.gz	21648d86c8b1862ab3ce4fbe4fbe051a918b86cbfab226c0643748d1fe67fea9827aa009a1d37e832fd7ca6d8744f5a3531cd478ab51b7ef7a52e08cda5e26a1
kubernetes-client-linux-arm64.tar.gz	07d884142a8626db828422b85d6f4518a5852b76f4e598fdc23ad3fae589c8ab4d5e47bc9d8b05f02892519ab08710a38f65743020200e6f58ba2201b6885f4c
kubernetes-client-linux-ppc64le.tar.gz	b952e4c58c168136e5d9458c5ea7888bfe46a963077d0319ef8588018b9d64ec6a06916e70091352d516223313e00a4e5e6480da7c6ef332bb8d2a6c04874b35
kubernetes-client-linux-s390x.tar.gz	e672faf92802a0f62c5e47209d756e3832541720cf4992516b41ae4eab3b992b8d650ba104304e3109dfe2a10e4af923fdc56bac86da7ef485c24cf0b6948e19
kubernetes-client-windows-386.tar.gz	faea07933885a63737853aed53878a4abd0a3582254122c847fc63b1e728e6d3fe6d2785aaa3b467c6aa98271bb2785cb94e4b216fff60f66c052331e0e3e70f
kubernetes-client-windows-amd64.tar.gz	f6e202365fd3fa33f28526dae6c750c15d4784bfb4c4a011e3cb07a8bb817ed29a43d76b258e0be31075f82f2f8a030f364b2b91612d54d3508fffd8d0e2fd3d
kubernetes-client-windows-arm64.tar.gz	048c9deff34a349409d08b0e6889b82c1dfb49af09f00c0b77f88a5ea459348d5206f9a12a869cc8264ca328b58095adaf2ac508f08bfda2d6dc1b8735987fd6

Server Binaries

filename	sha512 hash
kubernetes-server-linux-amd64.tar.gz	9c7dea0269e894f6ca9410667720d6d1d1bc9e690b9da5d34e7c775a0f6fbcf22c51b6bd2805ea6fb0e61eca815aea2fb675c4827d1bc14cbecb604220d18ed6
kubernetes-server-linux-arm64.tar.gz	b871099bd869adcf4180bbddf1258e088172d1e90da7ade3d8af58866fef73d0bd928b4643bdf6f061042859d123ed86b1177b84aaef5f81b1eee302d7b8e1ff
kubernetes-server-linux-ppc64le.tar.gz	da51792904eb2f06e5f84ef20e91e6f5e1f128af6f61f0492054739780178d1ab56e84a344dac9f6b3ba82bf4553a1ffa8c9028db08ecc9657125671b28c68e3
kubernetes-server-linux-s390x.tar.gz	20f3c235d2218c4f8251458de153535fbf529a3583ab687abc48f48df72ab423fdca7b8961fc5dbf25877e695ff6572bd7564931dc444c98081f4ff02f724ef9

Node Binaries

filename	sha512 hash
kubernetes-node-linux-amd64.tar.gz	0188737cde5aebc4332a6fc78959c47a0db187b6ed5b28f749a9f7a20111e507539399290aff1cb88a257a72d337dd4e60f19dfcb029995cdadb4d1370ad2ac5
kubernetes-node-linux-arm64.tar.gz	28d59f3a211ffac196ae94864a8c5d547a34a5f89777d3c4a0d964d43a5cc352945af68e09e780d4e6ec230f64e91c52faeb3019553bea24a14c18e284746166
kubernetes-node-linux-ppc64le.tar.gz	c055f42aa3345a01e73df4131ed9409cc99e1828ea1c98307d394b7eddc6f913c13a24f4e101c67eb8551d2cfb4d69464e6d10670657ce39aca0aed52559b38a
kubernetes-node-linux-s390x.tar.gz	559789272cb8ddb77e2600034b330f588dd3d0054c7da07b9e7f37c0cc6175f63aec987c8cf7d309145394687422c1a5a635e7a82727af8713928d76e4b03ee9
kubernetes-node-windows-amd64.tar.gz	9c53bf29311542c814524413f4839c07aa87159be5a166883bdabf4a8cb98b648812384be20d93cc63b20b3357822a84f85aa7d47350ff7d36c7930980b27c97

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name	architectures
registry.k8s.io/conformance:v1.32.0-alpha.3	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.32.0-alpha.3	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.32.0-alpha.3	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.32.0-alpha.3	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.32.0-alpha.3	amd64, arm64, ppc64le, s390x
registry.k8s.io/kubectl:v1.32.0-alpha.3	amd64, arm64, ppc64le, s390x

Changelog since v1.32.0-alpha.2

Changes by Kind

API Change

Added enforcement of an upper cost bound for DRA evaluations of CEL. The API server and scheduler now enforce an upper bound on the cost and runtime steps required for evaluating a CEL expression. (#128101, @pohly) [SIG API Machinery and Node]
Annotation batch.kubernetes.io/cronjob-scheduled-timestamp added to Job objects scheduled from CronJobs is promoted to stable (#128336, @soltysh) [SIG Apps]
Apply fsGroup policy for ReadWriteOncePod volumes (#128244, @gnufied) [SIG Storage and Testing]
Graduate Job's ManagedBy field to Beta (#127402, @mimowo) [SIG API Machinery, Apps and Testing]
Kube-apiserver: Promoted the StructuredAuthorizationConfiguration feature gate to GA. The --authorization-config flag now accepts AuthorizationConfiguration in version apiserver.config.k8s.io/v1 (with no changes from apiserver.config.k8s.io/v1beta1). (#128172, @liggitt) [SIG API Machinery, Auth and Testing]
Removed all support for classic dynamic resource allocation (DRA). The DRAControlPlaneController feature gate, formerly alpha, is no longer available. Kubernetes now only uses the structured parameters model (also alpha) for allocating dynamic resources to Pods.

if and only if classic DRA was enabled in a cluster, remove all workloads (pods, app deployments, etc. ) which depend on classic DRA and make sure that all PodSchedulingContext resources are gone before upgrading. PodSchedulingContext resources cannot be removed through the apiserver after an upgrade and workloads would not work properly. (#128003, @pohly) [SIG API Machinery, Apps, Auth, Etcd, Node, Scheduling and Testing]
Revised the Kubelet API Authorization with new subresources, that allow finer-grained authorization checks and access control for kubelet endpoints. Provided you enable the KubeletFineGrainedAuthz feature gate, you can access kubelet's /healthz endpoint by granting the caller nodes/helathz permission in RBAC. Similarly you can also access kubelet's /pods endpoint to fetch a list of Pods bound to that node by granting the caller nodes/pods permission in RBAC. Similarly you can also access kubelet's /configz endpoint to fetch kubelet's configuration by granting the caller nodes/configz permission in RBAC. You can still access kubelet's /healthz, /pods and /configz by granting the caller nodes/proxy permission in RBAC but that also grants the caller permissions to exec, run and attach to containers on the nodes and doing so does not follow the least privilege principle. Granting callers more permissions than they need can give attackers an opportunity to escalate privileges. (#126347, @vinayakankugoyal) [SIG API Machinery, Auth, Cluster Lifecycle and Node]

Feature

Added a kubelet metric container_aligned_compute_resources_count to report the count of containers getting aligned compute resources (#127155, @ffromani) [SIG Node and Testing]
Added kubelet support for systemd watchdog integration. With this enabled, systemd can automatically recover a hung kubelet. (#127566, @zhifei92) [SIG Cloud Provider, Node and Testing]
CRI: Add field to support CPU affinity on Windows (#124285, @kiashok) [SIG Node and Windows]
Change OOM score adjustment calculation for sidecar container : the OOM adjustment for these containers will match or fall below the OOM score adjustment of regular containers in the Pod. (#128029, @bouaouda-achraf) [SIG Node]
DRA: the resource claim controller now maintains metrics about the total number of ResourceClaims and the number of allocated ResourceClaims. (#127661, @pohly) [SIG Apps, Instrumentation and Node]
Kube-apiserver: Promoted AuthorizeWithSelectors feature to beta, which includes field and label selector information from requests in webhook authorization calls. Promoted AuthorizeNodeWithSelectors feature to beta, which changes node authorizer behavior to limit requests from node API clients, so that each Node can only get / list / watch its own Node API object, and can also only get / list / watch Pod API objects bound to that node. Clients using kubelet credentials to read other nodes or unrelated pods must change their authentication credentials (recommended), adjust their usage, or obtain broader read access independent of the node authorizer. (#128168, @liggitt) [SIG API Machinery, Auth and Testing]
Locking the feature custom profiling in kubectl debug to true. (#127187, @ardaguclu) [SIG CLI and Testing]
New implementation of watch cache using btree data structure. Implementation is not enabled yet. (#126754, @serathius) [SIG API Machinery, Auth, Cloud Provider and Etcd]
Promote SizeMemoryBackedVolumes to stable (#126981, @kannon92) [SIG Node, Storage and Testing]
Promoted the RelaxedEnvironmentVariableValidation feature gate to beta and is enabled by default. (#126897, @HirazawaUi) [SIG Node]
Promotes the ServiceAccountTokenJTI feature to GA, which adds a jti claim to issued service account tokens and embeds the jti claim as a authentication.kubernetes.io/credential-id=["JTI=..."] value in user extra info
- Promotes the ServiceAccountTokenPodNodeInfo feature to GA, which adds the node name and uid as claims into service account tokens mounted into running pods, and embeds that information as authentication.kubernetes.io/node-name and authentication.kubernetes.io/node-uid user extra info when the token is used
- Promotes the ServiceAccountTokenNodeBindingValidation feature to GA, which validates service account tokens bound directly to nodes. (#128169, @liggitt) [SIG API Machinery, Auth and Testing]
TopologyManagerPolicyOptions feature-flag is promoted to GA (#128124, @PiotrProkop) [SIG Node]

Documentation

Fixed documentation for the apiserver_admission_webhook_fail_open_count and apiserver_admission_webhook_request_total metrics. The type label can have a value of "admit", not "mutating". (#127898, @modulitos) [SIG API Machinery]
The kubelet, when using --cloud-provider=external can use the --node-ip flag with one of the unspecified addresses 0.0.0.0 or ::, to create the Node with the IP of the default gateway of the corresponding IP family and then delegating the responsibility to the external cloud provider. This solve the bootstrap problems of out of tree cloud providers that are deployed as Pods within the cluster. (#125337, @aojea) [SIG Cloud Provider, Network, Node and Testing]

Bug or Regression

DRA: fixed several issues related to "allocationMode: all" (#127565, @pohly) [SIG Node]
Fix bug where PodCIDR was released before node was deleted (#128305, @adrianmoisey) [SIG Apps and Network]
Fixed an issue in the kubelet that showed when writeable layers and read-only layers were at different paths within the same mount. Kubernetes was previously detecting that the image filesystem was split, even when that was not really the case. (#126562, @kannon92) [SIG Node]
Fixes 1.31 regression that can crash kube-controller-manager's service-lb-controller loop (#128182, @carlory) [SIG API Machinery, Cloud Provider and Network]
Kubelet: fix a bug where kubelet wrongly drops the QOSClass field of the Pod's s status when it rejects a Pod (#128083, @carlory) [SIG Node and Testing]
Reset streams when an error happens during port-forward allowing kubectl to maintain port-forward connection open (#128318, @soltysh) [SIG API Machinery, CLI and Node]
The build-tag flag is reintroduced to conversion-gen and defaulter-gen which allow users to inject custom build tag during code generation process. (#128259, @dinhxuanvu) [SIG API Machinery]
Unallowed label values will show up as "unexpected" in all system components metrics (#128100, @yongruilin) [SIG Architecture and Instrumentation]

Other (Cleanup or Flake)

Added: Log Line for Debugging possible merge errors for Kubelet related Config requests. (#124389, @holgerson97) [SIG Node]
Append the image pull error for the pods status.containerStatuses[*].state.waiting.message when in image pull back-off (reason is ImagePullBackOff) instead of the generic Back-off pulling image… message. (#127918, @saschagrunert) [SIG Node and Testing]
Clarified an API validation error for toleration if operator is Exists and value is not empty. (#128119, @saschagrunert) [SIG API Machinery and Apps]
Feature AllowServiceLBStatusOnNonLB remains deprecated and is now locked to false to support compatibility versions (#128139, @Jefftree) [SIG Apps]
Fixes a bug in the k8s.io/cloud-provider/service controller, it may panic when a service is updated because the event recorder was used before it was initialized. All cloud providers should using the v1.31.0 cloud provider service controller must ensure that the controllers is initialized before the informer start to process events or update it to the version 1.32.0. (#128179, @carlory) [SIG API Machinery, Cloud Provider, Network and Testing]
Fully remove PostStartHookContext.StopCh (#127341, @mjudeikis) [SIG API Machinery]
Kube-apiserver --admission-control-config-file files are now validated strictly (EnableStrict). Duplicate and unknown fields in the configuration will now cause an error. (#128013, @seans3) [SIG API Machinery]
Kubeadm: removed preflight check for existence of the conntrack binary, as conntrack is no longer a kube-proxy dependency in version 1.32 and newer. (#126953, @aroradaman) [SIG Cluster Lifecycle]
Output a log as v4-level when probe is triggered and shift the periodic timer of ReadinessProbe after manual run. (#119089, @mochizuki875) [SIG Node]
Removed legacy cloud provider integration code and the "service-lb-controller", "cloud-node-lifecycle-controller" and the "node-route-controller" from kube-controller-manager. You can now either set the --cloud-provider command line argument to "external", or to the empty string. All other values are invalid. (#128197, @aojea) [SIG API Machinery, Apps and Cloud Provider]
Updated cni-plugins to v1.6.0. (#128091, @saschagrunert) [SIG Cloud Provider, Node and Testing]
ComponentSLIs feature is marked as GA and locked (#128317, @Jefftree) [SIG Architecture and Instrumentation]

Dependencies

Added

github.com/moby/sys/userns: v0.1.0

Changed

github.com/vishvananda/netlink: v1.3.0 → b1ce50c
k8s.io/system-validators: v1.9.0 → v1.8.0
sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.30.3 → v0.31.0

Removed

Nothing has changed.

v1.32.0-alpha.2

Downloads for v1.32.0-alpha.2

Source Code

filename	sha512 hash
kubernetes.tar.gz	12fa6fbea15ce6c682f35d6a1942248a6e3d02112b5d4cd8ad4cb71c05234469a61e0a0a24cd7c0f31d03dbbfdba0c1f824b3c813ffade22c1df880d71961808
kubernetes-src.tar.gz	41a87e299da2e0793859bf2ce61356313215f23036b1c15a56040089d0a6a049a38374cc4d55c25f1167f7b111c0b23745ebd271194392f67d57784f6b310079

Client Binaries

filename	sha512 hash
kubernetes-client-darwin-amd64.tar.gz	5eaef34ed732b964eea1c695634c0a2310fc7383df59b10ee5ae620eea6df86ac089c77e5ea49e0a48ef3b4bbeeee5f98917cc1d82550f8ffd915829aa182c2d
kubernetes-client-darwin-arm64.tar.gz	2d25f8d105a2bb1cf5087e63689703a9bcaf89c98cd92bf9b95204c5544c7459ffcc62998cbb5118b26591ee56c75610b2407fa14e28af575c55d7f67e3f005f
kubernetes-client-linux-386.tar.gz	a6626f989b0045d8c12cda459596766ba591dd4586a1d2ab2de25433f9195015b46b4cf1cc9db75945e0ca8e5453fd86b4f6dd49df8ec2ac0c40edcb4d7f21c9
kubernetes-client-linux-amd64.tar.gz	d80eebb21798b8c5043c7b08b15d634c8c9e9179b44ef1cd9601fa05223c7ba696e5fe833f34778c457ae6e20b603156501122602697a159f790edb90659fa49
kubernetes-client-linux-arm.tar.gz	d3a90dd1e38f379a5433023f2d10620a96a8b667baf51bc893b8ebb622ea675e7f965b13e5f94d0c0346f426ba7912ae80e31e36982bb30c3efd0f9e2dbd44c3
kubernetes-client-linux-arm64.tar.gz	ab7f0dca923cfbca492cf02c4625e946d4d9013d00ceee91c8adbb66cd0c42c305b2a0912fee65fba6f93d4ac7180729afbe65e02a98453334489fbddcfa81dd
kubernetes-client-linux-ppc64le.tar.gz	f669e9d18a6d36462a13c5b1e3f71fd812554671b27070445275852788ad927d5f5a95964a6e2f035fc7cdcaeab68f130c97b256a1a3101877883f50b89d4a56
kubernetes-client-linux-s390x.tar.gz	870a52113f5c678271db4adbfd86c42710b9299d2d6f94581288ee5bce619723f3317bb0f36fa964d972c22d0a4539caee9a7caeb342fe1595f845de1b222812
kubernetes-client-windows-386.tar.gz	caed3c909f1edb95d26e8ba1fd4a4dba8a2b377c22e9646cb85d208e4eb15dedf829b1a9f4b3c2afde85177b891d0482e3213668f8db0dcb549b40d209ec7ae5
kubernetes-client-windows-amd64.tar.gz	f020c3de77e4a6b34d3fc529932daec3bfafcf718e229fa111903a79635cae1012fc62225e5513c28fb173a0c52927ad152419fba6ff4c8afb148ea1a6ceba6f
kubernetes-client-windows-arm64.tar.gz	a0e1c0f0dbe19ff8dcffd3713b828088b30c9f0ede4f7e65e083e3714e15da26bb361f2924a5edc7cf4f97c23cf9eab806cd11d8a616cb77df097a5ca1812e0f

Server Binaries

filename	sha512 hash
kubernetes-server-linux-amd64.tar.gz	d40f6a3dc056b68eb78788bb91e6f1d07f81b8b58ae0bda787be99c0f41c0ec87d2f652eb15aba0df5ab41f5c96144980415856155a7011d3f6195aba8030ff3
kubernetes-server-linux-arm64.tar.gz	7a56e4537b3d61875e8d61645383b82c4609b26b0eef17a1d6967cb52d990ad64a2f0c39910b0a2188930dc28ce1cec44f6aec86eba0dc4bdfc7329553d5b3d9
kubernetes-server-linux-ppc64le.tar.gz	afdd9540cee13f8196fdaf5edbaf5f2ae5c792b94dbfaab461345a62d709591f13a06a037d3dd9374775fb1a3db82bf337a873391c989ed864790089f332f3a8
kubernetes-server-linux-s390x.tar.gz	f5d8998bc1be3a31bf510af6dd5aa43d165d4424faa5157dd9fc6640f34e75c967379f3ea51f2049675843f8f3222d42cdb8ad61da0ccc5b35b21925f7318d02

Node Binaries

filename	sha512 hash
kubernetes-node-linux-amd64.tar.gz	0414c3d74019d5f932b3effba27580bd86ae6d8a6ae9f4c2a8967f70f15167f8c2805451fb4f18aaab8b9e1c0e47eaf627e4ea5844311ba095ddcfa2383ba4ff
kubernetes-node-linux-arm64.tar.gz	96a13271ab2cd2a3c5fe556de71f3b862b6263abe793a87ed123ac4bb928dc22ff9ad0219a0dc21669cc5fc333000091185fbc4bd8415f370870b56491f0fed4
kubernetes-node-linux-ppc64le.tar.gz	2c92a70ca1285b3146b743dc812323db3eb1f52e0978ab4c42af9d4218260a4eb445928453298d264166768eb87f4b0db997e3cfd370112685e9836e890562bb
kubernetes-node-linux-s390x.tar.gz	65a84611fe4805c7937b0406a3818be923036402339a61cf1f0ce580229186bd520c65e083af8f9c9fce5dba15c4786c146d4d5254c878bc3d989bfc9b21db49
kubernetes-node-windows-amd64.tar.gz	f29148bf2230b726d57120cb62ebaf2f0d47b46fc4e5ad5d5a332c79a93e310bfacb471e7e95a79ba850933c47471bd934415fa1aec3cb655433fc034ed54296

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name	architectures
registry.k8s.io/conformance:v1.32.0-alpha.2	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.32.0-alpha.2	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.32.0-alpha.2	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.32.0-alpha.2	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.32.0-alpha.2	amd64, arm64, ppc64le, s390x
registry.k8s.io/kubectl:v1.32.0-alpha.2	amd64, arm64, ppc64le, s390x

Changelog since v1.32.0-alpha.1

Changes by Kind

API Change

Fixed a bug in the NestedNumberAsFloat64 Unstructured field accessor that could cause it to return rounded float64 values instead of errors when accessing very large int64 values. (#128099, @benluddy) [SIG API Machinery]
Introduce compressible resource setting on system reserved and kube reserved slices (#125982, @harche) [SIG Node]
Kubelet: the --image-credential-provider-config file is now loaded with strict deserialization, which fails if the config file contains duplicate or unknown fields. This protects against accidentally running with config files that are malformed, mis-indented, or have typos in field names, and getting unexpected behavior. (#128062, @aramase) [SIG Auth and Node]
Promoted CustomResourceFieldSelectors to stable; the feature is enabled by default. --feature-gates=CustomResourceFieldSelectors=true not needed on kube-apiserver binaries and will be removed in a future release. (#127673, @jpbetz) [SIG API Machinery and Testing]

Feature

Add option to enable leader election in local-up-cluster.sh via the LEADER_ELECT cli flag. (#127786, @Jefftree) [SIG API Machinery]
Added status for extended Pod resources within the status.containerStatuses[].resources field. (#124227, @iholder101) [SIG Node and Testing]
Allow pods to use the net.ipv4.tcp_rmem and net.ipv4.tcp_wmem sysctl by default when the kernel version is 4.15 or higher. With the kernel 4.15 the sysctl became namespaced. Pod Security admission allows these sysctl in v1.32+ versions of the baseline and restricted policies. (#127489, @pacoxu) [SIG Auth, Network and Node]
Graduates the WatchList feature gate to Beta for kube-apiserver and enables WatchListClient for KCM. (#128053, @p0lyn0mial) [SIG API Machinery and Testing]
Kubernetes is now built with go 1.23.1 (#127611, @haitch) [SIG Release and Testing]
Kubernetes is now built with go 1.23.2 (#128110, @haitch) [SIG Release and Testing]
LoadBalancerIPMode feature is now marked as GA. (#127348, @RyanAoh) [SIG Apps, Network and Testing]
Output for the ScalingReplicaSet event has changed from: Scaled <up|down> replica set to from to: Scaled <up|down> replica set from to (#125118, @jsoref) [SIG Apps and CLI]
Promote the feature gates StrictCostEnforcementForVAP and StrictCostEnforcementForWebhooks to GA. (#127302, @cici37) [SIG API Machinery and Testing]
Removed attachable volume limits from the capacity of the node for the following volume type when the kubelet is started, affecting the following volume types when the corresponding csi driver is installed:
- awsElasticBlockStore for ebs.csi.aws.com
- azureDisk for disk.csi.azure.com
- gcePersistentDisk for pd.csi.storage.googleapis.com
- cinder for cinder.csi.openstack.org
- csi But it's still enforced using a limit in CSINode objects. (#126924, @carlory) [SIG Storage]
Revert Go version used to build Kubernetes to 1.23.0 (#127861, @xmudrii) [SIG Release and Testing]
The scheduler implements QueueingHint in VolumeBinding plugin's CSIDriver event, which enhances the throughput of scheduling. (#125171, @YamasouA) [SIG Scheduling and Storage]
Vendor: updated system-validators to v1.9.0 (#128149, @neolit123) [SIG Cluster Lifecycle and Node]

Documentation

Kubeadm: fixed a misleading output (typo) when executing the "kubeadm init" command. (#128118, @amaddio) [SIG Cluster Lifecycle]

Bug or Regression

Fix a bug where the kubelet ephemerally fails with failed to initialize top level QOS containers: root container [kubepods] doesn't exist, due to the cpuset cgroup being deleted on v2 with systemd cgroup manager. (#125923, @haircommander) [SIG Node and Testing]
Fix data race in kubelet/volumemanager (#127919, @carlory) [SIG Apps, Node and Storage]
Fixes a race condition that could result in erroneous volume unmounts for flex volume plugins on kubelet restart (#127669, @olyazavr) [SIG Storage]
Fixes a regression introduced in 1.29 where conntrack entries for UDP connections to deleted pods did not get cleaned up correctly, which could (among other things) cause DNS problems when DNS pods were restarted. (#127780, @danwinship) [SIG Network]
Node shutdown controller now makes a best effort to wait for CSI Drivers to complete the volume teardown process according to the pod priority groups. (#125070, @torredil) [SIG Node, Storage and Testing]
Reduce memory usage/allocations during wait for volume attachment (#126575, @Lucaber) [SIG Node and Storage]
Scheduler will start considering the resource requests of existing sidecar containers during the scoring process. (#127878, @AxeZhan) [SIG Scheduling and Testing]
The name port of the sidecar will also be allowed to be used (#127976, @chengjoey) [SIG Network]
Unallowed label values will show up as "unexpected" in all system components metrics (#128100, @yongruilin) [SIG Architecture and Instrumentation]

Other (Cleanup or Flake)

CRI client: use default timeout for ImageFsInfo RPC (#128052, @saschagrunert) [SIG Node]
Fix spacing in --validate flag description in kubectl. (#128081, @soltysh) [SIG CLI]
Kube-apiserver ResourceQuotaConfiguration admission plugin subsection within --admission-control-config-file files are now validated strictly (EnableStrict). Duplicate and unknown fields in the configuration will now cause an error. (#128038, @seans3) [SIG API Machinery]
Kube-apiserver --egress-selector-config-file files are now validated strictly (EnableStrict). Duplicate and unknown fields in the configuration will now cause an error. (#128011, @seans3) [SIG API Machinery and Testing]
Kube-apiserver --tracing-config-file file is now validated strictly (EnableStrict). Duplicate and unknown fields in the configuration will now cause an error. (#128073, @seans3) [SIG API Machinery]
Kube-controller-manager --leader-migration-config files are now validated strictly (EnableStrict). Duplicate and unknown fields in the configuration will now cause an error. (#128009, @seans3) [SIG API Machinery and Cloud Provider]
Kubeadm: increased the verbosity of API client dry-run actions during the subcommands "init", "join", "upgrade" and "reset". Allowed dry-run on 'kubeadm join' even if there is no existing cluster by utilizing a faked, in-memory cluster-info ConfigMap. (#126776, @neolit123) [SIG Cluster Lifecycle]
Kubectl: -o can now be used as a shortcut for --output in kubectl explain <resource> --output plaintext-openapiv2 (#127869, @ak20102763) [SIG CLI]
Removes the feature gate ComponentSLIs, which has been promoted to stable since 1.29. (#127787, @Jefftree) [SIG Architecture and Instrumentation]
The getters for the field name and typeDescription of the Reflector struct were renamed. (#128035, @alexanderstephan) [SIG API Machinery]
The kube-proxy command line flags --healthz-port and --metrics-port, which were previously deprecated, have now been removed. (#127930, @aroradaman) [SIG Network and Windows]
The members name and typeDescription of the Reflector struct are now exported to allow for better user extensibility. (#127663, @alexanderstephan) [SIG API Machinery]
Upgrades functionality of kubectl kustomize as described at https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.4.2 and https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.5.0 (#127965, @koba1t) [SIG CLI]
kubectl apply --server-side now supports --subresource congruent to kubelctl patch (#127634, @deads2k) [SIG CLI and Testing]

Dependencies

Added

github.com/Microsoft/hnslib: v0.0.7

Changed

github.com/armon/circbuf: bbbad09 → 5111143
github.com/docker/docker: v27.1.1+incompatible → v26.1.4+incompatible
github.com/exponent-io/jsonpath: d6023ce → 1de76d7
github.com/google/cel-go: v0.20.1 → v0.21.0
github.com/gregjones/httpcache: 9cad4c3 → 901d907
github.com/jonboulle/clockwork: v0.2.2 → v0.4.0
github.com/moby/spdystream: v0.4.0 → v0.5.0
github.com/moby/sys/mountinfo: v0.7.1 → v0.7.2
github.com/mohae/deepcopy: 491d360 → c48cc78
github.com/opencontainers/runc: v1.1.14 → v1.1.15
github.com/stoewer/go-strcase: v1.2.0 → v1.3.0
github.com/urfave/cli: v1.22.15 → v1.22.1
github.com/xiang90/probing: 43a291a → a49e3df
golang.org/x/crypto: v0.26.0 → v0.28.0
golang.org/x/mod: v0.20.0 → v0.21.0
golang.org/x/net: v0.28.0 → v0.30.0
golang.org/x/oauth2: v0.21.0 → v0.23.0
golang.org/x/sys: v0.23.0 → v0.26.0
golang.org/x/term: v0.23.0 → v0.25.0
golang.org/x/text: v0.17.0 → v0.19.0
golang.org/x/time: v0.3.0 → v0.7.0
golang.org/x/tools: v0.24.0 → v0.26.0
k8s.io/system-validators: v1.8.0 → v1.9.0
sigs.k8s.io/json: bc3834c → 9aa6b5e
sigs.k8s.io/kustomize/api: v0.17.2 → v0.18.0
sigs.k8s.io/kustomize/cmd/config: v0.14.1 → v0.15.0
sigs.k8s.io/kustomize/kustomize/v5: v5.4.2 → v5.5.0
sigs.k8s.io/kustomize/kyaml: v0.17.1 → v0.18.1

Removed

github.com/Microsoft/cosesign1go: v1.1.0
github.com/Microsoft/didx509go: v0.0.3
github.com/Microsoft/hcsshim: v0.12.6
github.com/OneOfOne/xxhash: v1.2.8
github.com/agnivade/levenshtein: v1.1.1
github.com/akavel/rsrc: v0.10.2
github.com/chzyer/logex: v1.1.10
github.com/chzyer/test: a1ea475
github.com/containerd/cgroups/v3: v3.0.3
github.com/containerd/containerd: v1.7.20
github.com/containerd/continuity: v0.4.2
github.com/containerd/fifo: v1.1.0
github.com/containerd/go-runc: v1.0.0
github.com/containerd/protobuild: v0.3.0
github.com/containerd/stargz-snapshotter/estargz: v0.14.3
github.com/decred/dcrd/dcrec/secp256k1/v4: v4.2.0
github.com/docker/cli: v24.0.0+incompatible
github.com/docker/distribution: v2.8.2+incompatible
github.com/docker/docker-credential-helpers: v0.7.0
github.com/docker/go-events: e31b211
github.com/go-ini/ini: v1.67.0
github.com/gobwas/glob: v0.2.3
github.com/goccy/go-json: v0.10.2
github.com/google/go-containerregistry: v0.20.1
github.com/gorilla/mux: v1.8.1
github.com/josephspurrier/goversioninfo: v1.4.0
github.com/klauspost/compress: v1.17.0
github.com/lestrrat-go/backoff/v2: v2.0.8
github.com/lestrrat-go/blackmagic: v1.0.2
github.com/lestrrat-go/httpcc: v1.0.1
github.com/lestrrat-go/iter: v1.0.2
github.com/lestrrat-go/jwx: v1.2.28
github.com/lestrrat-go/option: v1.0.1
github.com/linuxkit/virtsock: f8cee7d
github.com/mattn/go-shellwords: v1.0.12
github.com/mitchellh/go-homedir: v1.1.0
github.com/moby/sys/sequential: v0.5.0
github.com/open-policy-agent/opa: v0.67.1
github.com/pelletier/go-toml: v1.9.5
github.com/rcrowley/go-metrics: 10cdbea
github.com/tchap/go-patricia/v2: v2.3.1
github.com/vbatts/tar-split: v0.11.3
github.com/veraison/go-cose: v1.2.0
github.com/xeipuuv/gojsonpointer: 02993c4
github.com/xeipuuv/gojsonreference: bd5ef7b
github.com/yashtewari/glob-intersection: v0.2.0
go.starlark.net: a134d8f
go.uber.org/mock: v0.4.0
google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.5.1

v1.32.0-alpha.1

Downloads for v1.32.0-alpha.1

Source Code

filename	sha512 hash
kubernetes.tar.gz	86532c5440a87a6f6f0581cdddfdc68ea3f3f13a6478093518d8445c5ade8c448248de3f2102f29dc327f2055805a573cb60c36d7cce93605ed58b8b2ab23a5c
kubernetes-src.tar.gz	9cdce49ad47d92b14d88fbe0acdf67cce94dfd57f21d2a048ed46b370ff32f3b852ebbd1dfc646126cf30d20927d8e707500128c2ff193810ba7d7b68f612e94

Client Binaries

filename	sha512 hash
kubernetes-client-darwin-amd64.tar.gz	742727920beab9ac9285ea98238be4e7a9099205ca95a52c930f2ebff2ded5617b13d5c861c4579c2316b3cb8398959ecb66c72f061724df6079d491c0f4fa5a
kubernetes-client-darwin-arm64.tar.gz	7bd4af634ccbf510d83a3468f288a3d91abf20146fd54e558324cb0dcaaa722a9e07f544699c2c73f033a5cf812cdfd9b8b36e3c612c0148792e1f8370a5d33e
kubernetes-client-linux-386.tar.gz	39d34eca859b53fda63bda7df3ed45ba5e7e6cf406895d454da0291c6dd403139b4bfc46584595ddabaee890511df76d71252ebc1e1dda42f0ba941cec296cd9
kubernetes-client-linux-amd64.tar.gz	f71a38447431dc7289caed55fd4846a4990247e4996c22b7c98aa9304959a5e25bf5aeb117d443481c411e6cc497051d8c75bde1ef3a7cb4ab8ff6f2abe43a39
kubernetes-client-linux-arm.tar.gz	21b75e8d69e98842704b2d1e468bbdaa62031d8570d35398095e6b7c96825af0276f668064722d6043788e7f2b8b0d093bbaed8fa93126f3e2d8720bc3fecf9b
kubernetes-client-linux-arm64.tar.gz	498fc9962c02c60823832207f85ce919bb0c405b73feb931a7186babd644c928cee377c4ae0286f3e981328995d96586e4ae4783e38b879eb3caab8f9c9d0a5b
kubernetes-client-linux-ppc64le.tar.gz	9bed5cf8bb05dc529f9ac7a637a657e1312065a2ee39c1d809f926b542547b8ddc674addae84cb523569a8a5a7f183a598b2d0566d9e58317bccd61558ca7192
kubernetes-client-linux-s390x.tar.gz	6c5aa276aa65d969826ad49d901bc95fb7290cd00778c03f681ccdc12f3dc7cd77752e2895400250875a3c0a7548e20fe6f958bace1482f9a9b88c8581c10d95
kubernetes-client-windows-386.tar.gz	5d45f1c1e0e984fa85ed99ac58dda6c475c3a2120a911425272187fde03b8017cdb14d71b2d6d9a23c946166fd2c374c42ffa32186c74546d7ea0146271cd50f
kubernetes-client-windows-amd64.tar.gz	f0e3b6e845053c753640a46c3258eec96b04e7c95f044e8b980300ad32dadab2f0fef735213ba3de9b98dca2d7106a7f51e0f08c28a75cbe89f5a9f36f7e29a4
kubernetes-client-windows-arm64.tar.gz	1a86995fc7284db06c23af66d82d836be36a6efcba7e2ef296c14bff56d39392a444cb399ce1f999181ec1ff7ac3edfdff84c3ccb63b0c6564550a8c0c948cef

Server Binaries

filename	sha512 hash
kubernetes-server-linux-amd64.tar.gz	dd0cfd5d57ad9c82ea52c98c80df8fe63a349bfbb16e42b30b1fe4c3b765327250397438e75e49014e6afffbaa7514daf830b8f7c781362241fb527196d8dc86
kubernetes-server-linux-arm64.tar.gz	dbd29ab7bdfe97b8f9261cf3e727065f301bced78c866ead01d932de92e26476d3824c8f1023a8ebc63a63a3a79001dd2493c0f70118580841922b59ab1632c1
kubernetes-server-linux-ppc64le.tar.gz	f37b92ed3ef9eeb3c40973068ef6131441abd6f4eabf1f1b4845f5774f116efbdf7d73f870f5268137d0ff4f406f443522f8adf63a043aaedcb67672246f0b55
kubernetes-server-linux-s390x.tar.gz	58531d380dc3ddbff5b8e6e3cef8cc58f6c47aea0b4a3c907805836e35f571dc1e231e4dbbf635115bb70357408cf23ad68a86dd725a5abbe5025b2945cf1ddf

Node Binaries

filename	sha512 hash
kubernetes-node-linux-amd64.tar.gz	4273a6fc9fec18f408c0e559d3680270572250fc3d4c997439dfe844dca138a1a7277852882184601c4960a52525a6594b274f251bcca78df02104d296302e12
kubernetes-node-linux-arm64.tar.gz	931eea6e9e6809a13a28519b03022bda056ac6215cd2b1bcd4186efa8204bc1b9245c3893292ad0ba823dc9cf008afd82dc4988cee2ea09eef3d5bb073945b1d
kubernetes-node-linux-ppc64le.tar.gz	a35ed30cafb4aebb541d6a7a8d1995e773877cdda3e8b413a81eddc1eeb989b086765c6396df3d1d1dde86fb62ae7684401aa6dcedfcbe6940ada470549fe6e6
kubernetes-node-linux-s390x.tar.gz	cc9b57d9fa7561d015288789cf7949dc7a68d4e6f006aa5b354941e736490b92480bd65f36090c53ddacde00f5a6a34b7a7a2b8c4912dfed3ec36e4c37759e9f
kubernetes-node-windows-amd64.tar.gz	be118da99917ca00cff3f5ba9bb1a747c112c26522c4cc695d6cd2b2badfdf2ebcf79cb8885dbcf9986fc392510ec8a6c746cdf4ea7c984ed86a49f206ba68c2

Container Images

All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.

name	architectures
registry.k8s.io/conformance:v1.32.0-alpha.1	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-apiserver:v1.32.0-alpha.1	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-controller-manager:v1.32.0-alpha.1	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-proxy:v1.32.0-alpha.1	amd64, arm64, ppc64le, s390x
registry.k8s.io/kube-scheduler:v1.32.0-alpha.1	amd64, arm64, ppc64le, s390x
registry.k8s.io/kubectl:v1.32.0-alpha.1	amd64, arm64, ppc64le, s390x

Changelog since v1.31.0

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

ACTION REQUIRED for custom scheduler plugin developers: PodEligibleToPreemptOthers in the preemption interface gets ctx in the parameters. Please change your plugins' implementation accordingly. (#126465, @googs1025) [SIG Scheduling]
Changed NodeToStatusMap from map to struct and exposed methods to access the entries. Added absentNodesStatus, which inform what is the status of nodes that are absent in the map.

For developers of out-of-tree PostFilter plugins, make sure to update usage of NodeToStatusMap. Additionally, NodeToStatusMap should be eventually renamed to NodeToStatusReader. (#126022, @macsko) [SIG Node, Scheduling and Testing]

Changes by Kind

Deprecation

Reverted the DisableNodeKubeProxyVersion feature gate to default-off to give a full year from deprecation announcement in 1.29 to clearing the field by default, per the Kubernetes deprecation policy. (#126720, @liggitt) [SIG Architecture and Node]

API Change

Allow for Pod search domains to be a single dot "." or contain an underscore "_" (#127167, @adrianmoisey) [SIG Apps, Network and Testing]
Disallow k8s.io and kubernetes.io namespaced extra key in structured authentication configuration. (#126553, @aramase) [SIG Auth]
Fix the bug where spec.terminationGracePeriodSeconds of the pod will always be overwritten by the MaxPodGracePeriodSeconds of the soft eviction, you can enable the AllowOverwriteTerminationGracePeriodSeconds feature gate, which will restore the previous behavior. If you do need to set this, please file an issue with the Kubernetes project to help contributors understand why you need it. (#122890, @HirazawaUi) [SIG API Machinery, Architecture, Node and Testing]
Kube-scheduler removed the following plugins:
- AzureDiskLimits
- CinderLimits
- EBSLimits
- GCEPDLimits Because the corresponding CSI driver reports how many volumes a node can handle in NodeGetInfoResponse, the kubelet stores this limit in CSINode and the scheduler then knows the driver's limit on the node. Remove plugins AzureDiskLimits, CinderLimits, EBSLimits and GCEPDLimits if you explicitly enabled them in the scheduler config. (#124003, @carlory) [SIG Scheduling, Storage and Testing]
Promoted CustomResourceFieldSelectors to stable; the feature is enabled by default. --feature-gates=CustomResourceFieldSelectors=true not needed on kube-apiserver binaries and will be removed in a future release. (#127673, @jpbetz) [SIG API Machinery and Testing]
The default value for node-monitor-grace-period has been increased to 50s (earlier 40s) (Ref - kubernetes#121793) (#126287, @devppratik) [SIG API Machinery, Apps and Node]
The resource/v1alpha3.ResourceSliceList filed which should have been named "metadata" but was instead named "listMeta" is now properly "metadata". (#126749, @thockin) [SIG API Machinery]
The synthetic "Bookmark" event for the watch stream requests will now include a new annotation: kubernetes.io/initial-events-list-blueprint. THe annotation contains an empty, versioned list that is encoded in the requested format (such as protobuf, JSON, or CBOR), then base64-encoded and stored as a string. (#127587, @p0lyn0mial) [SIG API Machinery]
To enhance usability and developer experience, CRD validation rules now support direct use of (CEL) reserved keywords as field names in object validation expressions. Name format CEL library is supported in new expressions. (#126977, @aaron-prindle) [SIG API Machinery, Architecture, Auth, Etcd, Instrumentation, Release, Scheduling and Testing]
Updated incorrect description of persistentVolumeClaimRetentionPolicy (#126545, @yangjunmyfm192085) [SIG API Machinery, Apps and CLI]
X.509 client certificate authentication to kube-apiserver now produces credential IDs (derived from the certificate's signature) for use by audit logging. (#125634, @ahmedtd) [SIG API Machinery, Auth and Testing]

Feature

Added new functionality into the Go client code (client-go) library. The List() method for the metadata client allows enabling API streaming when fetching collections; this improves performance when listing many objects. To request this behaviour, your client software must enable the WatchListClient client-go feature gate. Additionally, streaming is only available if supported by the cluster; the API server that you connect to must also support streaming. If the API server does not support or allow streaming, then client-go falls back to fetching the collection using the list API verb. (#127388, @p0lyn0mial) [SIG API Machinery and Testing]
Added preemptionPolicy field when using kubectl get PriorityClass -owide (#126529, @googs1025) [SIG CLI]
Client-go/rest: contextual logging of request/response with accurate source code location of the caller (#126999, @pohly) [SIG API Machinery and Instrumentation]
Enabled kube-controller-manager '--concurrent-job-syncs' flag works on orphan Pod processors (#126567, @fusida) [SIG Apps]
Extend discovery GroupManager with Group lister interface (#127524, @mjudeikis) [SIG API Machinery]
Fix kubectl doesn't print image volume when kubectl describe a pod with that volume (#126706, @carlory) [SIG CLI]
Graduate the AnonymousAuthConfigurableEndpoints feature gate to beta and enable by default to allow configurable endpoints for anonymous authentication. (#127009, @vinayakankugoyal) [SIG Auth]
Implement a queueing hint for PersistentVolumeClaim/Add event in CSILimit plugin. (#124703, @utam0k) [SIG Scheduling and Storage]
Implement new cluster events UpdatePodSchedulingGatesEliminated and UpdatePodTolerations for scheduler plugins. (#127083, @sanposhiho) [SIG Scheduling]
Improve Node QueueHint in the NodeAffinty plugin by ignoring unrelated changes that keep pods unschedulable. (#127444, @dom4ha) [SIG Scheduling and Testing]
Improve Node QueueHint in the NodeResource Fit plugin by ignoring unrelated changes that keep pods unschedulable. (#127473, @dom4ha) [SIG Scheduling and Testing]
Improve performance of the job controller when handling job delete events. (#127378, @hakuna-matatah) [SIG Apps]
Improve performance of the job controller when handling job update events. (#127228, @hakuna-matatah) [SIG Apps]
JWT authenticators now set the jti claim (if present and is a string value) as credential id for use by audit logging. (#127010, @aramase) [SIG API Machinery, Auth and Testing]
Kube-apiserver: a new --requestheader-uid-headers flag allows configuring request header authentication to obtain the authenticating user's UID from the specified headers. The suggested value for the new option is X-Remote-Uid. When specified, the kube-system/extension-apiserver-authentication configmap will include the value in its .data[requestheader-uid-headers] field. (#115834, @stlaz) [SIG API Machinery, Auth, Cloud Provider and Testing]
Kube-proxy uses field-selector clusterIP!=None on Services to avoid watching for Headless Services, reduce unnecessary network bandwidth (#126769, @Sakuralbj) [SIG Network]
Kubeadm: kubeadm upgrade apply now supports phase sub-command, user can use kubeadm upgrade apply phase <phase-name> to execute the specified phase, or use kubeadm upgrade apply --skip-phases <phase-names> to skip some phases during cluster upgrade. (#126032, @SataQiu) [SIG Cluster Lifecycle]
Kubeadm: kubeadm upgrade node now supports addon and post-upgrade phases. User can use kubeadm upgrade node phase addon to execute the addon upgrade, or use kubeadm upgrade node --skip-phases addon to skip the addon upgrade. Currently, the post-upgrade phase is no-op, and it is mainly used to handle some release specific post-upgrade tasks. (#127242, @SataQiu) [SIG Cluster Lifecycle]
Kubeadm: add a validation warning when the certificateValidityPeriod is more than the caCertificateValidityPeriod (#126538, @SataQiu) [SIG Cluster Lifecycle]
Kubeadm: allow mixing the flag --config with the special flag --print-manifest of the subphases of 'kubeadm init phase addon'. (#126740, @neolit123) [SIG Cluster Lifecycle]
Kubeadm: if an unknown command name is passed to any parent command such as 'kubeadm init phase' return an error. If 'kubeadm init phase' or another command that has subcommands is called without subcommand name, print the available commands and also return an error. (#127096, @neolit123) [SIG Cluster Lifecycle]
Kubeadm: promoted feature gate EtcdLearnerMode to GA. Learner mode in etcd deployed by kubeadm is now locked to enabled by default. (#126374, @pacoxu) [SIG Cluster Lifecycle]
Kubelet: add log and event for cgroup v2 with kernel older than 5.8. (#126595, @pacoxu) [SIG Node]
Kubernetes is now built with go 1.23.0 (#127076, @cpanato) [SIG Release and Testing]
Promoted RetryGenerateName to stable; the feature is enabled by default. --feature-gates=RetryGenerateName=true not needed on kube-apiserver binaries and will be removed in a future release. (#127093, @jpbetz) [SIG API Machinery]
Support inflight_events metric in the scheduler for QueueingHint (alpha feature). (#127052, @sanposhiho) [SIG Scheduling]
Support specifying a custom network parameter when running e2e-node-tests with the remote option. (#127574, @bouaouda-achraf) [SIG Node and Testing]
The scheduler retries gated Pods more appropriately, giving them a backoff penalty too. (#126029, @sanposhiho) [SIG Scheduling]
Transformation_operations_total metric will have additional resource label which can be used for resource specific validations for example handling of encryption config by the apiserver. (#126512, @kmala) [SIG API Machinery, Auth, Etcd and Testing]
Unallowed label values will show up as "unexpected" in scheduler metrics (#126762, @richabanker) [SIG Instrumentation and Scheduling]
When SchedulerQueueingHint is enabled, the scheduler's in-tree plugins now subscribe to specific node events to decide whether to requeue Pods. This allows the scheduler to handle cluster events faster with less memory.

Specific node events include updates to taints, tolerations or allocatable. In-tree plugins now ignore node updates that don't modify any of these fields. (#127220, @sanposhiho) [SIG Node, Scheduling and Storage]
When SchedulerQueueingHints is enabled, clear events cached in the scheduling queue as soon as possible so that the scheduler consumes less memory. (#120586, @sanposhiho) [SIG Scheduling]

Documentation

Clarified the kube-controller-manager documentation for --allocate-node-cidrs, --cluster-cidr, and --service-cluster-ip-range flags to accurately reflect their dependencies and usage conditions. (#126784, @eminwux) [SIG API Machinery, Cloud Provider and Docs]
Documented the --for=create option to kubectl wait (#127327, @ryanwinter) [SIG CLI]

Failing Test

Kubelet Plugins are now re-registered properly on Windows if the re-registration period is < 15ms. (#114136, @claudiubelu) [SIG Node, Storage, Testing and Windows]

Bug or Regression

API emulation versioning honors cohabitating resources (#127239, @xuzhenglun) [SIG API Machinery]
Apiserver repair controller is resilient to etcd errors during bootstrap and retries during 30 seconds before failing. (#126671, @fusida) [SIG Network]
Applyconfiguration-gen no longer generates duplicate methods and ambiguous member accesses when types end up with multiple members of the same name (through embedded structs). (#127001, @skitt) [SIG API Machinery]
DRA: when a DRA driver was started after creating pods which need resources from that driver, no additional attempt was made to schedule such unschedulable pods again. Only affected DRA with structured parameters. (#126807, @pohly) [SIG Node, Scheduling and Testing]
DRA: when enabling the scheduler queuing hint feature, pods got stuck as unschedulable for a while unnecessarily because recording the name of the generated ResourceClaim did not trigger scheduling. (#127497, @pohly) [SIG Auth, Node, Scheduling and Testing]
Discarded the output streams of destination path check in kubectl cp when copying from local to pod and added a 3 seconds timeout to this check (#126652, @ardaguclu) [SIG CLI]
Fix CEL estimated cost of expressions that perform equality checks of IPs, CIDRs, Quantities, Formats and URLs. (#126359, @jpbetz) [SIG API Machinery]
Fix a bug on the endpoints controller that does not reconcile the Endpoint object after this is truncated (it gets more than 1000 endpoints addresses) (#127417, @aojea) [SIG Apps, Network and Testing]
Fix a bug when the hostname label of a node does not match the node name, pods bound to a PV with nodeAffinity using the hostname may be scheduled to the wrong node or experience scheduling failures. (#125398, @AxeZhan) [SIG Scheduling and Storage]
Fix a bug with dual stack clusters using the beta feature MultiCIDRServiceAllocator can not create dual stack Services or Services with IPs on the secondary range. User that want to use this feature in 1.30 with dual stack clusters can workaround the issue by setting the feature gate DisableAllocatorDualWrite to true (#127598, @aojea) [SIG Network and Testing]
Fix a potential memory leak in QueueingHint (alpha feature) (#127016, @sanposhiho) [SIG Scheduling]
Fix a scheduler preemption issue where the victim pod was not deleted due to incorrect status patching. This issue occurred when the preemptor and victim pods had different QoS classes in their status, causing the preemption to fail entirely. (#126644, @Huang-Wei) [SIG Scheduling]
Fix fake client to accept request without metadata.name to better emulate behavior of actual client. (#126727, @jpbetz) [SIG API Machinery]
Fix race condition in kube-proxy initialization that could blackhole UDP traffic to service VIP. (#126532, @wedaly) [SIG Network]
Fix the wrong hierarchical structure for the child span and the parent span (i.e. SerializeObject and List). In the past, some children's spans appeared parallel to their parents. (#127551, @carlory) [SIG API Machinery and Instrumentation]
Fixed a bug where init containers may fail to start due to a temporary container runtime failure. (#126543, @gjkim42) [SIG Node]
Fixed a bug which the scheduler didn't correctly tell plugins Node deletion. This bug could impact all scheduler plugins subscribing to Node/Delete event, making the queue keep the Pods rejected by those plugins incorrectly at Node deletion. Among the in-tree plugins, PodTopologySpread is the only victim. (#127464, @sanposhiho) [SIG Scheduling and Testing]
Fixed a possible memory leak for QueueingHint (alpha feature) (#126962, @sanposhiho) [SIG Scheduling]
Fixed a regression in 1.29+ default configurations, where regular init containers may fail to start due to a temporary container runtime failure. (#127162, @gjkim42) [SIG Node]
Fixed an issue where requests sent by the KMSv2 service would be rejected due to having an invalid authority header. (#126930, @Ruddickmg) [SIG API Machinery and Auth]
Fixed: dynamic client-go can now handle subresources with an UnstructuredList response (#126809, @ryantxu) [SIG API Machinery]
Fixes a bug in the garbage collector controller which could block indefinitely on a cache sync failure. This fix allows the garbage collector to eventually continue garbage collecting other resources if a given resource cannot be listed or watched. Any objects in the unsynced resource type with owner references with blockOwnerDeletion: true will not be known to the garbage collector. Use of blockOwnerDeletion has always been best-effort and racy on startup and object creation, with this fix, it continues to be best-effort for resources that cannot be synced by the garbage collector controller. (#125796, @haorenfsa) [SIG API Machinery, Apps and Testing]
Fixes a bug where restartable and non-restartable init containers were not accounted for in the message and annotations of eviction event. (#124947, @toVersus) [SIG Node]
Fixes the ability to set the resolvConf option in drop-in kubelet configuration files, validates that drop-in kubelet configuration files are in a supported version. (#127421, @liggitt) [SIG Node]
Fixes the bug in NodeUnschedulable that only happens with QHint enabled, which the scheduler might miss some updates for the Pods rejected by NodeUnschedulable plugin and put the Pods in the queue for a longer time than needed. (#127427, @sanposhiho) [SIG Scheduling]
Fixes the bug in PodTopologySpread that only happens with QHint enabled, which the scheduler might miss some updates for the Pods rejected by PodTopologySpread plugin and put the Pods in the queue for a longer time than needed. (#127447, @sanposhiho) [SIG Scheduling]
HostNetwork pods no longer depend on the PodIPs to be assigned to configure the defined hostAliases on the Pod (#126460, @aojea) [SIG Network, Node and Testing]
If a client makes an API streaming requests and specifies an application/json;as=Table content type, the API server now responds with a 406 (Not Acceptable) error. This change helps to ensure that unsupported formats, such as Table representations are correctly rejected. (#126996, @p0lyn0mial) [SIG API Machinery and Testing]
If an old pod spec has used image volume source, we must allow it when updating the resource even if the feature-gate ImageVolume is disabled. (#126733, @carlory) [SIG API Machinery, Apps and Node]
Improve PVC Protection Controller's scalability by batch-processing PVCs by namespace with lazy live pod listing. (#125372, @hungnguyen243) [SIG Apps, Node, Storage and Testing]
Improve PVC Protection Controller's scalability by batch-processing PVCs by namespace with lazy live pod listing. (#126745, @hungnguyen243) [SIG Apps, Storage and Testing]
Kube-apiserver: Fixes a 1.31 regression that stopped honoring build ID overrides with the --version flag (#126665, @liggitt) [SIG API Machinery]
Kubeadm: ensure that Pods from the upgrade preflight check CreateJob are properly terminated after a timeout. (#127333, @yuyabee) [SIG Cluster Lifecycle]
Kubeadm: when adding new control plane nodes with "kubeadm join", ensure that the etcd member addition is performed only if a given member URL does not already exist in the list of members. Similarly, on "kubeadm reset" only remove an etcd member if its ID exists. (#127491, @SataQiu) [SIG Cluster Lifecycle]
Kubelet now attempts to get an existing node if the request to create it fails with StatusForbidden. (#126318, @hoskeri) [SIG Node]
Kubelet: use the CRI stats provider if PodAndContainerStatsFromCRI feature is enabled (#126488, @haircommander) [SIG Node]
Removed unneeded permissions for system:controller:persistent-volume-binder and system:controller:expand-controller clusterroles (#125995, @carlory) [SIG Auth and Storage]
Revert "fix: handle socket file detection on Windows" (#126976, @jsturtevant) [SIG Node]
Send an error on ResultChan and close the RetryWatcher when the client is forbidden or unauthorized from watching the resource. (#126038, @mprahl) [SIG API Machinery]
Send bookmark right now after sending all items in watchCache store (#127012, @Chaunceyctx) [SIG API Machinery]
Terminated Pods on a node will not be re-admitted on kubelet restart. This fixes the problem of Completed Pods awaiting for the finalizer marked as Failed after the kubelet restart. (#126343, @SergeyKanzhelev) [SIG Node and Testing]
The CSI volume plugin stopped watching the VolumeAttachment object if the object is not found or the volume is not attached when kubelet waits for a volume attached. In the past, it would fail due to missing permission. (#126961, @carlory) [SIG Storage]
The Usage and VolumeCondition are both optional in the response and if CSIVolumeHealth feature gate is enabled kubelet needs to consider returning metrics if either one is set. (#127021, @Madhu-1) [SIG Storage]
Upgrade coreDNS to v1.11.3 (#126449, @BenTheElder) [SIG Cloud Provider and Cluster Lifecycle]
Use allocatedResources on PVC for node expansion in kubelet (#126600, @gnufied) [SIG Node, Storage and Testing]
When entering a value other than "external" to the "--cloud-provider" flag for the kubelet, kube-controller-manager, and kube-apiserver, the user will now receive a warning in the logs about the disablement of internal cloud providers, this is in contrast to the previous warnings about deprecation. (#127711, @elmiko) [SIG API Machinery, Cloud Provider and Node]

Other (Cleanup or Flake)

Added an example for kubectl delete with the --interactive flag. (#127512, @bergerhoffer) [SIG CLI]
Aggregated Discovery v2beta1 fixture is removed in ./api/discovery. Please use v2 (#127008, @Jefftree) [SIG API Machinery]
Device manager: stop using annotations to pass CDI device info to runtimes. Containerd versions older than v1.7.2 don't support passing CDI info through CRI and need to be upgraded. (#126435, @bart0sh) [SIG Node]
Feature gate "AllowServiceLBStatusOnNonLB" has been removed. This gate has been stable and unchanged for over a year. (#126786, @thockin) [SIG Apps]
Fix a warning message about the gce in-tree cloud provider state (#126773, @carlory) [SIG Cloud Provider]
Kube-proxy initialization waits for all pre-sync events from node and serviceCIDR informers to be delivered. (#126561, @wedaly) [SIG Network]
Kube-proxy will no longer depend on conntrack binary for stale UDP connections cleanup (#126847, @aroradaman) [SIG Cluster Lifecycle, Network and Testing]
Kubeadm: don't warn if crictl binary does not exist since kubeadm does not rely on crictl since v1.31. (#126596, @saschagrunert) [SIG Cluster Lifecycle]
Kubeadm: make sure the extra environment variables written to a kubeadm managed PodSpec are sorted alpha-numerically by the environment variable name. (#126743, @neolit123) [SIG Cluster Lifecycle]
Kubeadm: remove the deprecated sub-phase of 'init kubelet-finilize' called experimental-cert-rotation, and use 'enable-client-cert-rotation' instead. (#126913, @pacoxu) [SIG Cluster Lifecycle]
Kubeadm: removed socat and ebtables from kubeadm preflight checks (#127151, @saschagrunert) [SIG Cluster Lifecycle]
Kubeadm: removed the deprecated and NO-OP flags --features-gates for kubeadm upgrde apply and --api-server-manfiest, --controller-manager-manfiest and --scheduler-manifest for kubeadm upgrade diff. (#127123, @neolit123) [SIG Cluster Lifecycle]
Kubeadm: removed the deprecated flag '--experimental-output', please use the flag '--output' instead that serves the same purpose. Affected commands are - "kubeadm config images list", "kubeadm token list", "kubeadm upgade plan", "kubeadm certs check-expiration". (#126914, @carlory) [SIG Cluster Lifecycle]
Kubeadm: switched the kube-scheduler static Pod to use the endpoints /livez (for startup and liveness probes) and /readyz (for the readiness probe). Previously /healthz was used for all probes, which is deprecated behavior in the scope of this component. (#126945, @liangyuanpeng) [SIG Cluster Lifecycle]
Optimize code, filter podUID is empty string when call this getPodAndContainerForDevice method. (#126997, @lengrongfu) [SIG Node]
Remove GAed feature gates ServerSideApply/ServerSideFieldValidation (#127058, @carlory) [SIG API Machinery]
Removed feature gate ValiatingAdmissionPolicy. (#126645, @cici37) [SIG API Machinery, Auth and Testing]
Removed generally available feature gate CloudDualStackNodeIPs. (#126840, @carlory) [SIG API Machinery and Cloud Provider]
Removed generally available feature gate LegacyServiceAccountTokenCleanUp. (#126839, @carlory) [SIG Auth]
Removed generally available feature gate MinDomainsInPodTopologySpread (#126863, @carlory) [SIG Scheduling]
Removed generally available feature gate NewVolumeManagerReconstruction. (#126775, @carlory) [SIG Node and Storage]
Removed generally available feature gate NodeOutOfServiceVolumeDetach (#127019, @carlory) [SIG Apps and Testing]
Removed generally available feature gate StableLoadBalancerNodeSet. (#126841, @carlory) [SIG API Machinery, Cloud Provider and Network]
Removed the KMSv2 and KMSv2KDF feature gates. The associated features graduated to stable in the Kubernetes v1.29 release. (#126698, @enj) [SIG API Machinery, Auth and Testing]
Short circuit if the compaction request from apiserver is disabled. (#126627, @fusida) [SIG Etcd]
Show a warning message to inform users that the legacy profile is planned to be deprecated. (#127230, @mochizuki875) [SIG CLI]
The flowcontrol.apiserver.k8s.io/v1beta3 API version of FlowSchema and PriorityLevelConfiguration is no longer served in v1.32. Migrate manifests and API clients to use the flowcontrol.apiserver.k8s.io/v1 API version, available since v1.29. More information is at https://kubernetes.io/docs/reference/using-api/deprecation-guide/#flowcontrol-resources-v132 (#127017, @carlory) [SIG API Machinery and Testing]
The kube-proxy command line flags --healthz-port and --metrics-port, which were previously deprecated, have now been removed. (#126889, @aroradaman) [SIG Network and Windows]
The percentage display in kubectl top node is changed from % -> (%) (#126995, @googs1025) [SIG CLI]
Update github.com/coredns/corefile-migration to v1.0.24 (#126851, @BenTheElder) [SIG Architecture and Cluster Lifecycle]
Updated cni-plugins to v1.5.1. (#126966, @saschagrunert) [SIG Cloud Provider, Node and Testing]
Updated cri-tools to v1.31.0. (#126590, @saschagrunert) [SIG Cloud Provider and Node]
Upgrade etcd client to v3.5.16 (#127279, @serathius) [SIG API Machinery, Auth, Cloud Provider and Node]

Dependencies

Added

github.com/Microsoft/cosesign1go: v1.1.0
github.com/Microsoft/didx509go: v0.0.3
github.com/agnivade/levenshtein: v1.1.1
github.com/akavel/rsrc: v0.10.2
github.com/aws/aws-sdk-go-v2/config: v1.27.24
github.com/aws/aws-sdk-go-v2/credentials: v1.17.24
github.com/aws/aws-sdk-go-v2/feature/ec2/imds: v1.16.9
github.com/aws/aws-sdk-go-v2/internal/configsources: v1.3.13
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2: v2.6.13
github.com/aws/aws-sdk-go-v2/internal/ini: v1.8.0
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding: v1.11.3
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url: v1.11.15
github.com/aws/aws-sdk-go-v2/service/sso: v1.22.1
github.com/aws/aws-sdk-go-v2/service/ssooidc: v1.26.2
github.com/aws/aws-sdk-go-v2/service/sts: v1.30.1
github.com/aws/aws-sdk-go-v2: v1.30.1
github.com/aws/smithy-go: v1.20.3
github.com/containerd/cgroups/v3: v3.0.3
github.com/containerd/containerd/api: v1.7.19
github.com/containerd/errdefs: v0.1.0
github.com/containerd/log: v0.1.0
github.com/containerd/protobuild: v0.3.0
github.com/containerd/stargz-snapshotter/estargz: v0.14.3
github.com/containerd/typeurl/v2: v2.2.0
github.com/decred/dcrd/dcrec/secp256k1/v4: v4.2.0
github.com/docker/cli: v24.0.0+incompatible
github.com/docker/docker-credential-helpers: v0.7.0
github.com/docker/go-events: e31b211
github.com/go-ini/ini: v1.67.0
github.com/gobwas/glob: v0.2.3
github.com/goccy/go-json: v0.10.2
github.com/google/go-containerregistry: v0.20.1
github.com/gorilla/mux: v1.8.1
github.com/josephspurrier/goversioninfo: v1.4.0
github.com/klauspost/compress: v1.17.0
github.com/lestrrat-go/backoff/v2: v2.0.8
github.com/lestrrat-go/blackmagic: v1.0.2
github.com/lestrrat-go/httpcc: v1.0.1
github.com/lestrrat-go/iter: v1.0.2
github.com/lestrrat-go/jwx: v1.2.28
github.com/lestrrat-go/option: v1.0.1
github.com/linuxkit/virtsock: f8cee7d
github.com/mattn/go-shellwords: v1.0.12
github.com/moby/docker-image-spec: v1.3.1
github.com/moby/sys/sequential: v0.5.0
github.com/open-policy-agent/opa: v0.67.1
github.com/rcrowley/go-metrics: 10cdbea
github.com/tchap/go-patricia/v2: v2.3.1
github.com/vbatts/tar-split: v0.11.3
github.com/veraison/go-cose: v1.2.0
github.com/xeipuuv/gojsonpointer: 02993c4
github.com/xeipuuv/gojsonreference: bd5ef7b
github.com/yashtewari/glob-intersection: v0.2.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: v1.27.0
go.uber.org/mock: v0.4.0
google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.5.1

Changed

cloud.google.com/go/accessapproval: v1.7.1 → v1.7.4
cloud.google.com/go/accesscontextmanager: v1.8.1 → v1.8.4
cloud.google.com/go/aiplatform: v1.48.0 → v1.58.0
cloud.google.com/go/analytics: v0.21.3 → v0.22.0
cloud.google.com/go/apigateway: v1.6.1 → v1.6.4
cloud.google.com/go/apigeeconnect: v1.6.1 → v1.6.4
cloud.google.com/go/apigeeregistry: v0.7.1 → v0.8.2
cloud.google.com/go/appengine: v1.8.1 → v1.8.4
cloud.google.com/go/area120: v0.8.1 → v0.8.4
cloud.google.com/go/artifactregistry: v1.14.1 → v1.14.6
cloud.google.com/go/asset: v1.14.1 → v1.17.0
cloud.google.com/go/assuredworkloads: v1.11.1 → v1.11.4
cloud.google.com/go/automl: v1.13.1 → v1.13.4
cloud.google.com/go/baremetalsolution: v1.1.1 → v1.2.3
cloud.google.com/go/batch: v1.3.1 → v1.7.0
cloud.google.com/go/beyondcorp: v1.0.0 → v1.0.3
cloud.google.com/go/bigquery: v1.53.0 → v1.58.0
cloud.google.com/go/billing: v1.16.0 → v1.18.0
cloud.google.com/go/binaryauthorization: v1.6.1 → v1.8.0
cloud.google.com/go/certificatemanager: v1.7.1 → v1.7.4
cloud.google.com/go/channel: v1.16.0 → v1.17.4
cloud.google.com/go/cloudbuild: v1.13.0 → v1.15.0
cloud.google.com/go/clouddms: v1.6.1 → v1.7.3
cloud.google.com/go/cloudtasks: v1.12.1 → v1.12.4
cloud.google.com/go/compute: v1.23.0 → v1.25.1
cloud.google.com/go/contactcenterinsights: v1.10.0 → v1.12.1
cloud.google.com/go/container: v1.24.0 → v1.29.0
cloud.google.com/go/containeranalysis: v0.10.1 → v0.11.3
cloud.google.com/go/datacatalog: v1.16.0 → v1.19.2
cloud.google.com/go/dataflow: v0.9.1 → v0.9.4
cloud.google.com/go/dataform: v0.8.1 → v0.9.1
cloud.google.com/go/datafusion: v1.7.1 → v1.7.4
cloud.google.com/go/datalabeling: v0.8.1 → v0.8.4
cloud.google.com/go/dataplex: v1.9.0 → v1.14.0
cloud.google.com/go/dataproc/v2: v2.0.1 → v2.3.0
cloud.google.com/go/dataqna: v0.8.1 → v0.8.4
cloud.google.com/go/datastore: v1.13.0 → v1.15.0
cloud.google.com/go/datastream: v1.10.0 → v1.10.3
cloud.google.com/go/deploy: v1.13.0 → v1.17.0
cloud.google.com/go/dialogflow: v1.40.0 → v1.48.1
cloud.google.com/go/dlp: v1.10.1 → v1.11.1
cloud.google.com/go/documentai: v1.22.0 → v1.23.7
cloud.google.com/go/domains: v0.9.1 → v0.9.4
cloud.google.com/go/edgecontainer: v1.1.1 → v1.1.4
cloud.google.com/go/essentialcontacts: v1.6.2 → v1.6.5
cloud.google.com/go/eventarc: v1.13.0 → v1.13.3
cloud.google.com/go/filestore: v1.7.1 → v1.8.0
cloud.google.com/go/firestore: v1.12.0 → v1.14.0
cloud.google.com/go/functions: v1.15.1 → v1.15.4
cloud.google.com/go/gkebackup: v1.3.0 → v1.3.4
cloud.google.com/go/gkeconnect: v0.8.1 → v0.8.4
cloud.google.com/go/gkehub: v0.14.1 → v0.14.4
cloud.google.com/go/gkemulticloud: v1.0.0 → v1.1.0
cloud.google.com/go/gsuiteaddons: v1.6.1 → v1.6.4
cloud.google.com/go/iam: v1.1.1 → v1.1.5
cloud.google.com/go/iap: v1.8.1 → v1.9.3
cloud.google.com/go/ids: v1.4.1 → v1.4.4
cloud.google.com/go/iot: v1.7.1 → v1.7.4
cloud.google.com/go/kms: v1.15.0 → v1.15.5
cloud.google.com/go/language: v1.10.1 → v1.12.2
cloud.google.com/go/lifesciences: v0.9.1 → v0.9.4
cloud.google.com/go/logging: v1.7.0 → v1.9.0
cloud.google.com/go/longrunning: v0.5.1 → v0.5.4
cloud.google.com/go/managedidentities: v1.6.1 → v1.6.4
cloud.google.com/go/maps: v1.4.0 → v1.6.3
cloud.google.com/go/mediatranslation: v0.8.1 → v0.8.4
cloud.google.com/go/memcache: v1.10.1 → v1.10.4
cloud.google.com/go/metastore: v1.12.0 → v1.13.3
cloud.google.com/go/monitoring: v1.15.1 → v1.17.0
cloud.google.com/go/networkconnectivity: v1.12.1 → v1.14.3
cloud.google.com/go/networkmanagement: v1.8.0 → v1.9.3
cloud.google.com/go/networksecurity: v0.9.1 → v0.9.4
cloud.google.com/go/notebooks: v1.9.1 → v1.11.2
cloud.google.com/go/optimization: v1.4.1 → v1.6.2
cloud.google.com/go/orchestration: v1.8.1 → v1.8.4
cloud.google.com/go/orgpolicy: v1.11.1 → v1.12.0
cloud.google.com/go/osconfig: v1.12.1 → v1.12.4
cloud.google.com/go/oslogin: v1.10.1 → v1.13.0
cloud.google.com/go/phishingprotection: v0.8.1 → v0.8.4
cloud.google.com/go/policytroubleshooter: v1.8.0 → v1.10.2
cloud.google.com/go/privatecatalog: v0.9.1 → v0.9.4
cloud.google.com/go/pubsub: v1.33.0 → v1.34.0
cloud.google.com/go/recaptchaenterprise/v2: v2.7.2 → v2.9.0
cloud.google.com/go/recommendationengine: v0.8.1 → v0.8.4
cloud.google.com/go/recommender: v1.10.1 → v1.12.0
cloud.google.com/go/redis: v1.13.1 → v1.14.1
cloud.google.com/go/resourcemanager: v1.9.1 → v1.9.4
cloud.google.com/go/resourcesettings: v1.6.1 → v1.6.4
cloud.google.com/go/retail: v1.14.1 → v1.14.4
cloud.google.com/go/run: v1.2.0 → v1.3.3
cloud.google.com/go/scheduler: v1.10.1 → v1.10.5
cloud.google.com/go/secretmanager: v1.11.1 → v1.11.4
cloud.google.com/go/security: v1.15.1 → v1.15.4
cloud.google.com/go/securitycenter: v1.23.0 → v1.24.3
cloud.google.com/go/servicedirectory: v1.11.0 → v1.11.3
cloud.google.com/go/shell: v1.7.1 → v1.7.4
cloud.google.com/go/spanner: v1.47.0 → v1.55.0
cloud.google.com/go/speech: v1.19.0 → v1.21.0
cloud.google.com/go/storagetransfer: v1.10.0 → v1.10.3
cloud.google.com/go/talent: v1.6.2 → v1.6.5
cloud.google.com/go/texttospeech: v1.7.1 → v1.7.4
cloud.google.com/go/tpu: v1.6.1 → v1.6.4
cloud.google.com/go/trace: v1.10.1 → v1.10.4
cloud.google.com/go/translate: v1.8.2 → v1.10.0
cloud.google.com/go/video: v1.19.0 → v1.20.3
cloud.google.com/go/videointelligence: v1.11.1 → v1.11.4
cloud.google.com/go/vision/v2: v2.7.2 → v2.7.5
cloud.google.com/go/vmmigration: v1.7.1 → v1.7.4
cloud.google.com/go/vmwareengine: v1.0.0 → v1.0.3
cloud.google.com/go/vpcaccess: v1.7.1 → v1.7.4
cloud.google.com/go/webrisk: v1.9.1 → v1.9.4
cloud.google.com/go/websecurityscanner: v1.6.1 → v1.6.4
cloud.google.com/go/workflows: v1.11.1 → v1.12.3
cloud.google.com/go: v0.110.7 → v0.112.0
github.com/Azure/go-ansiterm: d185dfc → 306776e
github.com/Microsoft/go-winio: v0.6.0 → v0.6.2
github.com/Microsoft/hcsshim: v0.8.26 → v0.12.6
github.com/OneOfOne/xxhash: v1.2.2 → v1.2.8
github.com/cilium/ebpf: v0.9.1 → v0.11.0
github.com/containerd/console: v1.0.3 → v1.0.4
github.com/containerd/containerd: v1.4.9 → v1.7.20
github.com/containerd/continuity: v0.1.0 → v0.4.2
github.com/containerd/fifo: v1.0.0 → v1.1.0
github.com/containerd/ttrpc: v1.2.2 → v1.2.5
github.com/coredns/corefile-migration: v1.0.21 → v1.0.24
github.com/distribution/reference: v0.5.0 → v0.6.0
github.com/docker/docker: v20.10.27+incompatible → v27.1.1+incompatible
github.com/docker/go-connections: v0.4.0 → v0.5.0
github.com/frankban/quicktest: v1.14.0 → v1.14.5
github.com/go-openapi/jsonpointer: v0.19.6 → v0.21.0
github.com/go-openapi/swag: v0.22.4 → v0.23.0
github.com/golang/mock: v1.3.1 → v1.1.1
github.com/google/cadvisor: v0.49.0 → v0.50.0
github.com/google/pprof: 4bfdf5a → 813a5fb
github.com/opencontainers/image-spec: v1.0.2 → v1.1.0
github.com/opencontainers/runc: v1.1.13 → v1.1.14
github.com/opencontainers/runtime-spec: 494a5a6 → v1.2.0
github.com/pelletier/go-toml: v1.2.0 → v1.9.5
github.com/urfave/cli: v1.22.2 → v1.22.15
github.com/vishvananda/netlink: v1.1.0 → v1.3.0
go.etcd.io/bbolt: v1.3.9 → v1.3.11
go.etcd.io/etcd/api/v3: v3.5.14 → v3.5.16
go.etcd.io/etcd/client/pkg/v3: v3.5.14 → v3.5.16
go.etcd.io/etcd/client/v2: v2.305.13 → v2.305.16
go.etcd.io/etcd/client/v3: v3.5.14 → v3.5.16
go.etcd.io/etcd/pkg/v3: v3.5.13 → v3.5.16
go.etcd.io/etcd/raft/v3: v3.5.13 → v3.5.16
go.etcd.io/etcd/server/v3: v3.5.13 → v3.5.16
go.uber.org/zap: v1.26.0 → v1.27.0
golang.org/x/crypto: v0.24.0 → v0.26.0
golang.org/x/exp: f3d0a9c → 8a7402a
golang.org/x/lint: 1621716 → d0100b6
golang.org/x/mod: v0.17.0 → v0.20.0
golang.org/x/net: v0.26.0 → v0.28.0
golang.org/x/sync: v0.7.0 → v0.8.0
golang.org/x/sys: v0.21.0 → v0.23.0
golang.org/x/telemetry: f48c80b → bda5523
golang.org/x/term: v0.21.0 → v0.23.0
golang.org/x/text: v0.16.0 → v0.17.0
golang.org/x/tools: e35e4cc → v0.24.0
golang.org/x/xerrors: 04be3eb → 5ec99f8
google.golang.org/genproto: b8732ec → ef43131
gotest.tools/v3: v3.0.3 → v3.0.2
honnef.co/go/tools: v0.0.1-2019.2.3 → ea95bdf
k8s.io/gengo/v2: 51d4e06 → 2b36238
k8s.io/kube-openapi: 70dd376 → f7e401e

Removed

bazil.org/fuse: 371fbbd
cloud.google.com/go/storage: v1.0.0
dmitri.shuralyov.com/gpu/mtl: 666a987
github.com/BurntSushi/xgb: 27f1227
github.com/alecthomas/template: a0175ee
github.com/armon/consul-api: eb2c6b5
github.com/armon/go-metrics: f0300d1
github.com/armon/go-radix: 7fddfc3
github.com/aws/aws-sdk-go: v1.35.24
github.com/bgentry/speakeasy: v0.1.0
github.com/bketelsen/crypt: 5cbc8cc
github.com/cespare/xxhash: v1.1.0
github.com/containerd/typeurl: v1.0.2
github.com/coreos/bbolt: v1.3.2
github.com/coreos/etcd: v3.3.13+incompatible
github.com/coreos/go-systemd: 95778df
github.com/coreos/pkg: 399ea9e
github.com/dgrijalva/jwt-go: v3.2.0+incompatible
github.com/dgryski/go-sip13: e10d5fe
github.com/fatih/color: v1.7.0
github.com/go-gl/glfw: e6da0ac
github.com/gogo/googleapis: v1.4.1
github.com/google/martian: v2.1.0+incompatible
github.com/google/renameio: v0.1.0
github.com/googleapis/gax-go/v2: v2.0.5
github.com/gopherjs/gopherjs: 0766667
github.com/hashicorp/consul/api: v1.1.0
github.com/hashicorp/consul/sdk: v0.1.1
github.com/hashicorp/errwrap: v1.0.0
github.com/hashicorp/go-cleanhttp: v0.5.1
github.com/hashicorp/go-immutable-radix: v1.0.0
github.com/hashicorp/go-msgpack: v0.5.3
github.com/hashicorp/go-multierror: v1.0.0
github.com/hashicorp/go-rootcerts: v1.0.0
github.com/hashicorp/go-sockaddr: v1.0.0
github.com/hashicorp/go-syslog: v1.0.0
github.com/hashicorp/go-uuid: v1.0.1
github.com/hashicorp/go.net: v0.0.1
github.com/hashicorp/golang-lru: v0.5.1
github.com/hashicorp/hcl: v1.0.0
github.com/hashicorp/logutils: v1.0.0
github.com/hashicorp/mdns: v1.0.0
github.com/hashicorp/memberlist: v0.1.3
github.com/hashicorp/serf: v0.8.2
github.com/imdario/mergo: v0.3.6
github.com/jmespath/go-jmespath: v0.4.0
github.com/jstemmer/go-junit-report: af01ea7
github.com/jtolds/gls: v4.20.0+incompatible
github.com/magiconair/properties: v1.8.1
github.com/mattn/go-colorable: v0.0.9
github.com/mattn/go-isatty: v0.0.3
github.com/miekg/dns: v1.0.14
github.com/mitchellh/cli: v1.0.0
github.com/mitchellh/go-testing-interface: v1.0.0
github.com/mitchellh/gox: v0.4.0
github.com/mitchellh/iochan: v1.0.0
github.com/mitchellh/mapstructure: v1.1.2
github.com/oklog/ulid: v1.3.1
github.com/pascaldekloe/goe: 57f6aae
github.com/posener/complete: v1.1.1
github.com/prometheus/tsdb: v0.7.1
github.com/ryanuber/columnize: 9b3edd6
github.com/sean-/seed: e2103e2
github.com/smartystreets/assertions: b2de0cb
github.com/smartystreets/goconvey: v1.6.4
github.com/spaolacci/murmur3: f09979e
github.com/spf13/afero: v1.1.2
github.com/spf13/cast: v1.3.0
github.com/spf13/jwalterweatherman: v1.0.0
github.com/spf13/viper: v1.7.0
github.com/subosito/gotenv: v1.2.0
github.com/ugorji/go: v1.1.4
github.com/xordataexchange/crypt: b2862e3
golang.org/x/image: cff245a
golang.org/x/mobile: d2bd2a2
google.golang.org/api: v0.13.0
gopkg.in/alecthomas/kingpin.v2: v2.2.6
gopkg.in/errgo.v2: v2.1.0
gopkg.in/ini.v1: v1.51.0
gopkg.in/resty.v1: v1.12.0
rsc.io/binaryregexp: v0.2.0

Files

CHANGELOG-1.32.md

Latest commit

History

CHANGELOG-1.32.md

File metadata and controls

v1.32.0-rc.0

Downloads for v1.32.0-rc.0

Source Code

Client Binaries

Server Binaries

Node Binaries

Container Images

Changelog since v1.32.0-beta.0

Changes by Kind

API Change

Feature

Bug or Regression

Other (Cleanup or Flake)

Dependencies

Added

Changed

Removed

v1.32.0-beta.0

Downloads for v1.32.0-beta.0

Source Code

Client Binaries

Server Binaries

Node Binaries

Container Images

Changelog since v1.32.0-alpha.3

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

Changes by Kind

Deprecation

API Change

Feature

Bug or Regression

Other (Cleanup or Flake)

Dependencies

Added

Changed

Removed

v1.32.0-alpha.3

Downloads for v1.32.0-alpha.3

Source Code

Client Binaries

Server Binaries

Node Binaries

Container Images

Changelog since v1.32.0-alpha.2

Changes by Kind

API Change

Feature

Documentation

Bug or Regression

Other (Cleanup or Flake)

Dependencies

Added

Changed

Removed

v1.32.0-alpha.2

Downloads for v1.32.0-alpha.2

Source Code

Client Binaries

Server Binaries

Node Binaries

Container Images

Changelog since v1.32.0-alpha.1

Changes by Kind

API Change

Feature

Documentation

Bug or Regression

Other (Cleanup or Flake)

Dependencies

Added

Changed

Removed

v1.32.0-alpha.1