TKE Kubernetes 1.18.4 Revisions

Date	Version	Updates
2020-08-12	v1.18.4-tke.2	Merged pr93403, which removed the printed error information of pod condition irrelevant to the kubelet during kubelet update (kubelet).
2020-08-04	v1.18.4-tke.1	revert pr63066 Fixed the LB health check and IPVS issues (kube-proxy). Merged pr72914, which fixed the issue where mounting might fail if you deleted a pod, created a new one, and scheduled it to the same node (kube-controller-manager). Fixed the issue where creating containers in CentOS resulted in cgroup leakage (kubelet). Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit (kubelet). Added cache and timeout to metadata. cloud-provider now supports using node names as hostnames (kubelet). Added local cache (kubelet) to metadata. Merged CBS and relevant fix code (kubelet). Merged pr90260, which fixed the issue of missing monitoring records for containerd cluster networks (kubelet). TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default (kube-scheduler). Fixed the issue where CBS intree continued to unmount a non-existent disk, causing a large number of invalid requests (kubelet). Merged pr2359, which fixed the issue with missing monitoring records when the system was unable to obtain docker root (kubelet). kube-scheduler now supports dynamic logging level configuration (kube-scheduler). Produced a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevented some users from accessing CBS properly (kubelet). TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The kubelet side will not patch nodes (kubelet). Merged pr89296, so that the log will not record whether the iptables random-fully parameter is enabled (kube-proxy). Fixed the AWS issue pr92162(kubelet). Merged pr91277, which fixed the issue of large numbers of TLS handshake error logs generated by kube-apiserver as a result of CLB health checks (kube-apiserver). Merged pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet). Merged 92537, which fixed the issue where client-go reflector could not recover from the error "Too large resource version" (kube-apiserver, kube-controller-manager, kube-scheduler, kubelet, and kube-proxy). Merged pr92969, which fixed the issue where CVE-2020-8559 privilege escalation from an invaded node resulted in invasion into other nodes (kube-apiserver). Merged pr92921, which fixed the DOS attack issue where CVE-2020-8557 exhausted the disk space by writing into “/etc/hosts” (kubelet).

TKE Kubernetes 1.16.3 Revisions

Date	Version	Updates
2020-07-28	v1.16.3-tke.10	Merged pr91277, which fixed the issue where large numbers of TLS handshake error logs are generated by kube-apiserver as a result of CLB health checks (kube-apiserver). Merged pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet).
2020-06-17	v1.16.3-tke.9	Temporarily fixed the AWS issuepr92162. AWS Credential Provider is no longer registered to prevent this issue from causing slow node launches.
2020-06-11	v1.16.3-tke.8	Merges pr85993, which allows you to use CNI results to set kubenet gateway addresses.
2020-06-10	v1.16.3-tke.7	Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks. Merges pr89515, which fixes the issue where HPA miscalculates the number of pods during rolling updates. Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling. Merges pr89794, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
2020-05-18	v1.16.3-tke.6	TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The max value cannot be dynamically obtained.
2020-04-20	v1.16.3-tke.5	Merges pr69047, which fixes the node.Spec.Unschedulable backward compatibility issue. (This fix is overwritten when the in-tree cbs code is incorporated).
2020-04-14	v1.16.3-tke.4	Merges pr87913, which fixes the CVE-2020-8551: Kubelet DoS attack issue. Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue. TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default). Merges pr87467, which fixes the issue of excessive CPU consumption by kubectl in parsing YAML files when an authorized user sends a malicious YAML file.
2020-03-11	v1.16.3-tke.3	Fixed the issue where CBS intree continued to unmount a non-existent disk, which caused a large number of invalid requests. Added a local metadata cache.
2020-02-14	v1.16.3-tke.2	Merges pr2359, which fixes the issue of missing monitoring records when the system is unable to obtain docker root. Merges pr86583, which increases the logging level to reduce the amount of logs caused by the lack of support for random-fully in earlier versions of iptables. kube-scheduler now supports dynamic logging level configuration. Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly. Merges pr86230, which skips assumed pod updates when pods are scheduled.
2020-01-06	v1.16.3-tke.1	Incorporates pr79036, which fixes the issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed. Incorporates pr84167, which fixes the issue where an incorrect Etcd key prefix causes an apiserver health check failure. Reverts pr63066, which fixes the CLB health check and IPVS issues. Incorporates pr72914, which fixes the issue where mounting may fail if you delete a pod, create a new one, and schedule it to the same node. Fixes the issue where creating containers in CentOS results in cgroup leakage. Fixes the issue where upgrading lxcfs in Ubuntu 16 causes pods to exit. Adds metadata cache and timeout. cloud-provider now supports using node names as hostnames. Reverts pr79036, which fixes the issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed. Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly.

TKE Kubernetes 1.14.3 revisions

Date	Version	Updates
2020-08-04	v1.14.3-tke.16	Merged pr78883, which fixed the bug where the default value for pod.spec.container.SecurityContext.ProcMount was added by default.
2020-07-28	v1.14.3-tke.15	Merged pr76518 and pr82514, which limited the return size of http and exec probe to prevent occupation of large amounts of node memory (kubelet). Merged pr91277, which fixed the issue where large numbers of TLS handshake error logs were generated by kube-apiserver as a result of CLB health checks (kube-apiserver). Merged pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet). Merged pr77475, which fixed the issue of Cronjob scheduling failures when the number of jobs exceeded 500 (kube-controller-manager).
2020-06-10	v1.14.3-tke.14	Merges pr85027, which fixes the issue where HPA miscalculates of the number of pods during rolling updates. Merges pr79708, which uses spec.replicas to calculate the current number of replicas of HPA. Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling. Merges pr89794, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
2020-06-04	v1.14.3-tke.13	Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks. Merges pr79451, which fixes the issue where if restartPolicy is set to Never, kubelet does not try to create SandBox again after the first attempt fails.
2020-05-18	v1.14.3-tke.12	TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The max value cannot be dynamically obtained.
2020-04-14	v1.14.3-tke.11	Merges pr75442, which changes the bandwidth unit from Kb to b. Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue. TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default).
2020-04-14	v1.14.3-tke.10	Fixes the issue where CBS intree continues to unmount a non-existent disk, which causes a large number of invalid requests.
2020-01-13	v1.14.3-tke.9	Merges pr2359, which fixes the issue of missing monitoring records when the system is unable to obtain docker root. Merges pr86583, which increases the logging level to reduce the amount of logs caused by the lack of support for random-fully in earlier versions of iptables. kube-scheduler now supports dynamic logging level configuration. Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly. Merges pr86230, which skips assumed pod updates when pods are scheduled.
2019-12-23	v1.14.3-tke.8	Reverted pr79036, which fixed the issue where the enabled CPU Manager disabled `cpu quota` if `QoS` of a pod was set to `Guaranteed`.
2019-12-17	v1.14.3-tke.7	Added metadata cache and timeout. Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit. Avoided the readiness state of “pod not ready” when kubelet was restarted.
2019-11-28	v1.14.3-tke.6	cloud-provider supports using node names as hostnames.
2019-11-18	v1.14.3-tke.5	Merges pr83435, which fixes an issue that allows DoS attacks that use malicious YAML or JSON files to exhaust kube-apiserver CPU or memory resources, resulting in a loss of service. Merges pr84167, which fixes an issue where an incorrect ETCD prefix causes apiserver health checks to fail. Merges pr75622, which fixes an issue where, when there is a high sts (>2000) workload in a cluster, it takes too long to sync sts changes to pod (about 20s).
2019-10-23	v1.14.3-tke.4	Merges pr79036, which fixes an issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed.
2019-09-10	v1.14.3-tke.3	Incorporated pr63066, which fixed the issue where CLB health checks failed in IPVS mode.
2019-09-06	v1.14.3-tke.2	Fixes the cve-2019-9512&cve-2019-9514 HTTP/2 DDoS security issue. Merges pr72914, which fixes an issue where deleting a Pod and then creating a new one and scheduling it to the same node could cause mounting a volume to fail. Resolves the issue where creating containers in CentOS results in cgroup leakage.

TKE Kubernetes 1.12.4 revisions

Date	Version	Updates
2020-08-04	v1.12.4-tke.23	Merged pr78883, which fixed the bug where the default value for pod.spec.container.SecurityContext.ProcMount was added by default.
2020-07-28	v1.12.4-tke.22	Merged pr91277, which fixed the issue where large numbers of TLS handshake error logs were generated by kube-apiserver as a result of CLB health checks (kube-apiserver). Merged pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet).
2020-06-10	v1.12.4-tke.21	Merges pr73915, which prevents the watcher from receiving events before the watch is started. Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling. Merges pr89794, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
2020-06-04	v1.12.4-tke.20	Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks. Merges pr79451, which fixes the issue where if restartPolicy is set to Never, kubelet does not try to create SandBox again after the first attempt fails.
2020-05-18	v1.12.4-tke.19	Merges pr77802, which disables graceful termination for UDP traffic. Merges pr68741, which fixes the issue of when the soft link /var/lib/kubelet and subpath are used, the host fails to unmount after pod deletion, resulting in mount target leakage and the pod being stuck in terminating. TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The max value cannot be dynamically obtained.
2020-04-14	v1.12.4-tke.18	Merges pr73401, pr73606, and pr76060, which deletes DaemonSet pods allocated to non-existent nodes. Merges pr68619, which fixes the CPU Manager dirty data issue. Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue. TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default).
2020-02-14	v1.12.4-tke.17	Upgrades the CBS V2 interface to V3. Fixes the issue where CBS intree continues to unmount a non-existent disk, which causes a large number of invalid requests.
2020-01-13	v1.12.4-tke.16	Merges pr2359, which fixes the issue of missing monitoring records when docker root fails to be obtained. Merges pr86583, which increases the logging level to prevent excessive logs from being generated when iptables does not support random-fully. kube-scheduler supports dynamic logging level configuration. Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly. Merges pr86230, which skips assumed pod updates when pods are scheduled.
2019-12-23	v1.12.4-tke.15	Reverted pr79036, which fixed the issue where the enabled CPU Manager disabled `cpu quota` if `QoS` of a pod was set to `Guaranteed`.
2019-12-17	v1.12.4-tke.14	Added metadata cache and timeout. Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit. Avoided the readiness state of “pod not ready” when kubelet was restarted.
2019-11-28	v1.12.4-tke.13	cloud-provider supports using node names as hostnames.
2019-11-18	v1.12.4-tke.12	Merges pr75622, which fixes an issue where, when there is a high sts (>2000) workload, it takes too long to sync sts changes to pod (about 20s).
2019-10-23	v1.12.4-tke.11	Merges pr79036, which fixes an issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed. Merges pr72868, which adds a new parameter--metrics-port to kube-proxy and addresses the issue where --metrics-bind-address does not recognize port numbers.
2019-09-06	v1.12.4-tke.10	Fixes the cve-2019-9512&cve-2019-9514 HTTP/2 DDoS security issue. Merges pr72914, which fixes an issue where deleting a Pod and then creating a new one and scheduling it to the same node could cause mounting a volume to fail. Merges pr71834, which fixes an issue with IPVS load balancing where, if sessionAffinity is set to ClientIP, traffic is routed to an invalid real server.
2019-08-09	v1.12.4-tke.9	Fixed the issue where creating containers in CentOS resulted in cgroup leakage.
2019-08-08	v1.12.4-tke.8	Incorporated pr72118, which fixed the issue where mounting failed if a CBS StatefulSet was rescheduled to the same node.
2019-07-17	v1.12.4-tke.7	Incorporated pr75037, which resolved the security risks of the cp command in kubectl.
2019-07-16	v1.12.4-tke.6	Fixed the compatibility issue between the TLinux kernel and IPVS and fixed CLB health check failures in IPVS mode.
2019-07-09	v1.12.4-tke.5	Incorporated pr72361, which fixed the kube-proxy deadlock issue.
2019-06-25	v1.12.4-tke.4	Fixed the compatibility issue between the TLinux kernel and IPVS.
2019-06-17	v1.12.4-tke.3	Incorporated pr71114, which fixed the IPVS throughput issue.
2019-06-04	v1.12.4-tke.2	Merges pr74755, which fixes a hang/timeout issue when running large numbers of pods with unique configmap/secret references. Merges pr69047, which fixes a backward compatibility issue with node.Spec.Unschedulable.

TKE Kubernetes 1.10.5 Revisions

Date	Version	Updates
2020-06-10	v1.10.5-tke.19	Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks. Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling. Merges pr89794, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
2020-05-18	v1.12.4-tke.19	Merges pr61549, which adds volumeSpec data for mountedPods cache and fixes the issue of deletion failure when multiple pods use the same volume.
2020-04-29	v1.10.5-tke.17	Mergespr75622, which fixes the issue where, when a large number (>2000) of sts workloads exist in a cluster, it takes too long (about 20s) to synchronize sts changes to a pod.
2020-04-14	v1.10.5-tke.16	Merges pr68619, which fixes the CPU Manager dirty data issue. Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue. TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default).
2020-02-14	v1.10.5-tke.15	Upgrades the CBS V2 interface to V3. Fixes the issue where CBS intree continues to unmount a non-existent disk, which causes a large number of invalid requests.
2020-01-13	v1.10.5-tke.14	Merges pr2359, which fixes the issue of missing monitoring records when docker root fails to be obtained. Merges pr86583, which increases the logging level to prevent excessive logs from being generated when iptables does not support random-fully. kube-scheduler supports dynamic logging level configuration. Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly. Merges pr86230, which skips assumed pod updates when pods are scheduled.
2019-12-23	v1.10.5-tke.13	Reverted pr79036, which fixed the issue where the enabled CPU Manager disabled `cpu quota` if `QoS` of a pod was set to `Guaranteed`.
2019-12-13	v1.10.5-tke.12	kubelet does not delete nodes when checking externalID. Added metadata cache and timeout. Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit. Avoided the readiness state of “pod not ready” when kubelet was restarted.
2019-11-18	v1.10.5-tke.11	Removes the kube-controller-manager probe that sends heartbeats to kubelet.
2019-10-23	v1.10.5-tke.10	Merges pr79036, which fixes an issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed. Merges pr72868, which adds a new parameter--metrics-port to kube-proxy and addresses the issue where --metrics-bind-address does not recognize port numbers.
2019-09-06	v1.10.5-tke.9	Fixes the cve-2019-9512&cve-2019-9514 HTTP/2 DDoS security issue. Merges pr72914, which fixes an issue where deleting a Pod and then creating a new one and scheduling it to the same node could cause mounting a volume to fail. Merges 67430 to rollback the state if updateContainerCPUSet fails.
2019-08-08	v1.10.5-tke.8	Merges pr72118, which fixes an issue where, if kubelet mounts a device immediately after unmounting it, an error occurs with the message `resource name may not be empty`.
2019-07-17	v1.10.5-tke.7	Incorporated pr75037, which resolved the security risks of the cp command in kubectl.
2019-06-25	v1.10.5-tke.6	Fixed the compatibility issue between the TLinux kernel and IPVS.
2019-06-17	v1.10.5-tke.5	Incorporated pr71114, which fixed the IPVS throughput issue.
2019-03-19	v1.10.5-tke.4	Incorporated pr65092, which fixed the issue where apiserver would panic when handling specific requests.
2019-02-19	v1.10.5-tke.3	Incorporated pr67288, which fixed the issue where apiserver did not close the other side of the connection immediately when proxying.
2018-09-28	v1.10.5-tke.2	Moved the CLB creation logic from controller-manager to an independent service controller.
2018-09-27	v1.10.5-tke.1	Backports pr63321, which fixes an issue where termination takes too long when there are multiple service containers in a pod.
2018-09-21	v1.10.5-qcloud-rev1	If a kubelet status update times out, controller-manager probes the kubelet port.

TKE Kubernetes 1.8.13 revisions

Date	Version	Updates
2020-01-13	v1.8.13-tke.7	Merges pr2359, which fixes the issue of missing monitoring records when the system is unable to obtain docker root. Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly.
2019-12-13	v1.8.13-tke.6	kubelet does not delete nodes when checking externalID. Added metadata cache and timeout. Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit. Avoided the readiness state of “pod not ready” when kubelet was restarted.
2019-11-18	v1.8.13-tke.5	Removes the kube-controller-manager probe that sends heartbeats to kubelet. Adds metrics to CBS PVC.
2018-09-28	v1.8.13-tke.2	Moved the CLB creation logic from controller-manager to an independent service controller.
2018-09-27	v1.8.13-tke.1	Disables kmem statistics to prevent cgroup numbers from leaking. Reduces resourcequota conflicts caused by creating pods.
2018-09-21	v1.8.13-qcloud-rev1	If a kubelet status update times out, controller-manager probes the kubelet port.

TKE Kubernetes 1.7.8 revisions

Date	Version	Updates
2019-12-17	v1.7.8-tke.4	kubelet does not delete nodes when checking externalID. Added metadata cache and timeout. Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit. Avoided the readiness state of “pod not ready” when kubelet was restarted.
2018-09-28	v1.7.8-tke.2	Fixes a conflict between controller-manager and an external service controller.
2018-09-27	v1.7.8-tke.1	Moved the CLB creation logic from controller-manager to an independent service controller.
2018-09-21	v1.7.8-qcloud-rev1	If a kubelet status update times out, controller-manager probes the kubelet port.