Releases: evilmartians/chef-kubernetes
Releases · evilmartians/chef-kubernetes
v1.20.4: Kubernetes 1.20!
- Kubernetes: 1.20.4
- Kubelet: moved deprecated
--logging-formatflag to kubeletconfig - Kubelet: removed deprecated
--experimental-check-node-capabilities-before-mountflag - ApiServer: added support for compressing rotated audit log files with
--audit-log-compress - ApiServer: added
--etcd-healthcheck-timeoutflag - KubeletConfig: topologyManagerScope
- Service Account Token Volume Projection
- FeatureGates: added CustomCPUCFSQuotaPeriod for
cpuCFSQuotaPeriodto work - FeatureGates: added APIServerIdentity
- FeatureGates: added CronJobControllerV2
- FeatureGates: added GracefulNodeShutdown
- FeatureGates: removed ConfigurableFSGroupPolicy
- FeatureGates: removed EndpointSliceProxying
v1.19.8
v1.19.7
- Kubernetes: 1.19.7
- Node Problem Detector: 0.8.6
- Weave Net: 2.8.1
- etcd: 3.4.14
- CNI/plugins: 0.9.1
- Node-problem-detector: change docker image url
v1.19.3
v1.19.1: kubernetes-1.19
- Kubernetes: 1.19.1
- Docker: 19.03.12
- FeatureGates: add GenericEphemeralVolume
- FeatureGates: add CSIStorageCapacity
- FeatureGates: add EphemeralContainers
- ControllerManager: add
--cluster-signing-durationflag - Cgroups: default cgroup driver set to
systemd - Logging: add
logging_formatto all components - ControllerManager: use separate flags for different CSR signers
- ControllerManager: garbagecollector controller flags
- ControllerManager: horizontalpodautoscaling controller flags
- Kubelet: set the maximum number of images to report in
Node.Status.Images - Kubelet: integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling
- Kubelet: check the underlying node for required components (binaries, etc.) before performing the mount
- KubeProxy: add
--bind-address-hard-failflag to treat failure to bind to a port as fatal - KubeletConfig: Add support for disabling /logs endpoint in kubelet.
- Node Problem Detector: 0.8.4
- CNI/plugins: 0.8.7
- etcd: 3.4.13
v1.18.8: reserved edition
- Kubernetes: 1.18.8
- kubelet: added
systemReservedandkubeReservedconfiguration options (only for cpu and memory now) - Weave Net: 2.7.0
- etcd: 3.4.12
- BUG: Fix etcd initial_cluster_string
- Weave: define weave metrics port in DaemonSet to use it in Pod/ServiceMonitors
- Weave: define npd metrics port in DaemonSet to use it in Pod/ServiceMonitors
v1.18.6: CVE edition
Cookbook updates
- Kubernetes: 1.18.6
- etcd: 3.4.10
- Update etcd cookbook to 6.0.0 version
CVEs fixed in this release
- CVE-2020-8557: Node disk DOS by writing to container /etc/hostsAREA/KUBELET
- CVE-2020-8559: Privilege escalation from compromised node to clusterAREA/APISERVER
v1.18.5
v1.18.4: cpuCFSQuotaPeriod
- Kubernetes: 1.18.4
- Kubelet config: set default
cpuCFSQuotaPeriodto 10ms. See kubernetes#67577 for details - Security: Bump rack from 2.1.2 to 2.2.3
- Kubernetes: addon_manager v9.1.1
- Node Problem Detector: 0.8.2
- Weave Net: 2.6.5
- CoreDNS: 1.7.0
v1.18.3
- Kubernetes: 1.18.3
- etcd: 3.4.9
- Weave Net: 2.6.4
- Added new variable:
default['etcd']['interface']. This feature allows to separate k8s and etcd listen interfaces