TKE kubernetes 1.18.4 revisions

Date	Version	Updates
2021-05-14	v1.18.4-tke.9	Ported pr93370 to support CronJobControllerV2. (kube-controller-manager) Merged pr100376 to enable HTTP/2 health check, which prevented the issue that the underlying layer connection is closed but can still be used incorrectly. (kube-apiserver, kube-controller-manager, kube-scheduler, kubelet, kube-proxy, kubectl) Merged pr100317, which fixed the issue where CVE-2021-25735 node updates might bypass the Validating Admission Webhook. (kube-apiserver) When TKE cluster adds the virtual node, ComputeResource, EKS ClusterIP, and HPA are supported. (kube-controller-manager, kube-scheduler)
2021-04-02	v1.18.4-tke.8	Merged pr97752, which fixed the issue where NewReplicaSet is displayed as &dxlt;none&dxgt; when describing deployment (kubectl). Merged pr93808, which fixed the issue where unnecessary information is returned when kube-scheduler --version is executed (kube-scheduler). Merged pr91590, which fixed the issue of warning that the port has been allocated when using the multiprotocol service of NodePort type (kube-apiserver). Merged pr98262, which allows kube-controller-manager to dynamically adjust the log level (kube-controller-manager). Merged pr95154, which fixed the issue where kube-scheduler snapshot contains the nodes being deleted (kube-scheduler). Merged pr95711, which fixed the issue where kubectl drain command occupies too much CPU (kubectl). Merged pr96602, which fixed the issue where apiserver memory leaks before or after the time gaps (kube-apiserver). Merged pr97023, which deletes the related metadata directory when unmounting an emptyDir type volume (kubelet). Merged pr97527, which fixed the issue where map access operations are not synchronized in cpumanager (kubelet). Merged pr100190, which automatically deletes the volume directory left by orphaned Pod (kubelet). Merged pr92614, when all containers of the Pod whose restart policy is RestartPolicyOnFailure exit successfully, no new sandbox will be created (kubelet). Merged pr94833, which fixed the issue where the image tag does not match in status when Pod image has multiple tags (kubelet).
2020-12-28	v1.18.4-tke.6 (ARM clusters are supported starting from this version)	Added metrics to QcloudCbs (kube-controller-manager). Fixed the issue where extra space exists in the value of serial when mounting CBS disk (Kubelet).
2020-12-21	v1.18.4-tke.5	Merged pr94712, which fixed CVE-2020-8564 - fixed the issue when the file format was incorrect and logLevel >= 4, Docker configuration leaked (kubelet). Merged pr95316, which fixed CVE-2020-8565 - fixed the issue where incomplete fix for CVE-2019-11250 resulting in log token leak (logLevel >= 9) (kube-apiserver, kubectl). Merged pr95245, which fixed CVE-2020-8566 - fixed the issue where Ceph RBD adminSecrets was exposed in the log when loglevel >= 4 (kube-controller-manager). Fixed the issue where restarting kubelet caused Pod readiness check failed (kubelet). Merged pr90825, which fixed the issue where the pop operation of the fifo queue in client-go might be stuck due to race condition, which caused the pod to remain in the pending state (kubelet). The scheduler supports virtual nodes (kube-scheduler). kube-controller-manager supports virtual nodes (kube-controller-manager). Set the instance-type label based on the actual model of the node, instead of being fixed as QCLOUD (kubelet). Added the CBS to OpenAPI (kube-apiserver). Merged pr91126, which fixed the issue where the scheduler cache was inconsistent when Pod had the same name but different UID (kube-scheduler). Merged pr93387, which fixed the issue where the daemonset pod could not be scheduled to nodes due to the disorder of node cache information in the scheduler (kube-scheduler). Merged pr89465, which fixed the issue where the HPA based on Pod metrics incorrectly calculated the number of instances during rolling updates (kube-controller-manager).
2020-10-13	v1.18.4-tke.3	Merged pr89629, which fixed the issue where the container that mounted the subpath would fail to restart after the configmap is changed (kubelet). QcloudCbs supports BulkVolumeVerification (kube-controller-manager). Merged pr94430, which fixed the issue where the client-go reflector could not detect the "Too large resource version" error (kubelet).
2020-08-12	v1.18.4-tke.2	Merged pr93403, which removed the printed error information of pod condition irrelevant to the kubelet during kubelet update (kubelet).
2020-08-04	v1.18.4-tke.1	revert pr63066 Fixed the LB health check and IPVS issues (kube-proxy). Merged pr72914, which fixed the issue where mounting might fail if you deleted a pod, created a new one, and scheduled it to the same node (kube-controller-manager). Fixed the issue where creating containers in CentOS resulted in cgroup leakage (kubelet). Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit (kubelet). metadata added cache and timeout. cloud-provider now supports using node names as hostnames (kubelet). metadata added local cache (kubelet). Incorporated CBS and relevant fixing code (kubelet). Merged pr90260, which fixed the issue of missing monitoring records for containerd cluster networks (kubelet). TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default (kube-scheduler). Fixed the issue where CBS intree continued to unmount a non-existent disk, causing a large number of invalid requests (kubelet). Merged pr2359, which fixed the issue with missing monitoring records when the system was unable to obtain docker root (kubelet). kube-scheduler now supports dynamic logging level configuration (kube-scheduler). Produced a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly (kubelet). TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The kubelet side will not patch node (kubelet). Merged pr89296, so that the log will not record whether the iptables random-fully parameter is enabled (kube-proxy). Fixed the aws issue pr92162(kubelet). Merged pr91277, which prevents the issue of large numbers of TLS handshake error logs generated by kube-apiserver as a result of CLB health checks (kube-apiserver). Merged pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet). Merged 92537, which fixed the issue where client-go reflector could not recover from the error "Too large resource version" (kube-apiserver, kube-controller-manager, kube-scheduler, kubelet, and kube-proxy). Merged pr92969, which fixed the issue where CVE-2020-8559 privilege escalation from an invaded node resulted in invasion into other nodes (kube-apiserver). Merged pr92921, which fixed the DOS attack issue where CVE-2020-8557 exhausted the disk space by writing into “/etc/hosts” (kubelet).

TKE kubernetes 1.16.3 revisions

Date	Version	Updates
2021-05-24	v1.16.3-tke.17	Ported pr93370 to support CronJobControllerV2. (kube-controller-manager) When the TKE cluster adds the virtual node, the local replicas can be retained. (kube-scheduler)
2021-05-06	v1.16.3-tke.16	Updated the launch method of running kube-proxy as an image, and automatically adapted to the iptables running mode of the node to support the operating system that uses the NF_TABLES mode to run iptables by default.
2021-04-14	v1.16.3-tke.15	Merged pr97752, which fixed the issue where NewReplicaSet is displayed as &dxlt;none&dxgt; when describing deployment (kubectl). Merged pr92614, when all containers of the Pod whose restart policy is RestartPolicyOnFailure exit successfully, no new sandbox will be created (kubelet). Merged pr91590, which fixed the issue of warning that the port has been allocated when using the multiprotocol service of NodePort type (kube-apiserver). Merged pr98262, which allows you to use kube-controller-manager to dynamically adjust the log level (kube-controller-manager). Merged pr95301, which automatically deletes the volume directory left by orphaned Pod (kubelet).
2020-12-28	v1.16.3-tke.14	Added metrics to QcloudCbs (kube-controller-manager). Fixed the issue where extra space exists in the value of serial when mounting CBS disk (Kubelet).
2020-12-21	v1.16.3-tke.13	Merged pr94712, which fixed CVE-2020-8564 - fixed the issue when the file format was incorrect and logLevel >= 4, Docker configuration leaked (kubelet). Merged pr95316, which fixed CVE-2020-8565 - fixed the issue where incomplete fix for CVE-2019-11250 resulting in log token leak (logLevel >= 9) (kube-apiserver, kubectl). Merged pr95245, which fixed CVE-2020-8566 - fixed the issue where Ceph RBD adminSecrets was exposed in the log when loglevel >= 4 (kube-controller-manager). Merged pr86191, which fixed the issue where Pod might be in the wrong state when the node was restarted (kubelet). Merged pr86140, which fixed the issue where the Controller Manager did not handle the timeout error correctly, so that the expanded pod could not be created (kube-controller-manager). Merged pr90825, which fixed the issue where the pop operation of the fifo queue in client-go might be stuck due to race condition, which caused the Pod to remain in the pending state (kubelet). The scheduler supports virtual nodes (kube-scheduler). kube-controller-manager supports virtual nodes (kube-controller-manager). Set the instance-type label based on the actual model of the node, instead of being fixed as QCLOUD (kubelet). Added the CBS to OpenAPI (kube-apiserver). Merged pr81344, which fixed the issue where the CPU Manager did not support SourcesReady (kubelet). Merged pr91126, which fixed the issue where the scheduler cache was inconsistent when Pod had the same name but different UID (kube-scheduler). Merged pr89224, which fixed the issue where kube-scheduler restarted abnormally because NodeInfo did not check (kube-scheduler). Merged pr89465, which fixed the issue where the HPA based on Pod metrics incorrectly calculated the number of instances during rolling updates (kube-controller-manager).
2020-10-13	v1.16.3-tke.11	Merged pr92971, which fixed the issue where CVE-2020-8559 privilege escalation from an invaded node resulted in invasion into other nodes (kube-apiserver). Merged pr92924, which fixed the DOS attack issue where CVE-2020-8557 exhausted the disk space by writing into /etc/hosts (kubelet). Merged pr93403, which removed the printed error information of pod condition irrelevant to the kubelet during kubelet update (kubelet). Merged pr89629, which fixed the issue where the container that mounted the subpath would fail to restart after the configmap is changed (kubelet). QcloudCbs supports BulkVolumeVerification (kube-controller-manager). Merged pr84998, which resolved the issue where the corresponding node lease object might be rebuilt after the node was deleted and caused junk data (kubelet).
2020-07-28	v1.16.3-tke.10	Incorporated pr91277, which prevents the issue of large numbers of TLS handshake error logs generated by kube-apiserver as a result of CLB health checks (kube-apiserver). Incorporated pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet).
2020-06-17	v1.16.3-tke.9	Temporarily fixes the AWS issuepr92162. AWS Credential Provider is no longer registered to prevent this issue from causing slow node launches.
2020-06-11	v1.16.3-tke.8	Merges pr85993, which allows you to use CNI results to set kubenet gateway addresses.
2020-06-10	v1.16.3-tke.7	Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks. Merges pr89515, which fixes the issue where HPA miscalculates the number of pods during rolling updates. Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling. Merges pr89794, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
2020-05-18	v1.16.3-tke.6	TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The max value cannot be dynamically obtained.
2020-04-20	v1.16.3-tke.5	Merges pr69047, which fixes the node.Spec.Unschedulable backward compatibility issue. (This fix is overwritten when the in-tree cbs code is incorporated).
2020-04-14	v1.16.3-tke.4	Merges pr87913, which fixes the CVE-2020-8551: Kubelet DoS attack issue. Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue. TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default). Merges pr87467, which fixes the issue of excessive CPU consumption by kubectl in parsing YAML files when an authorized user sends a malicious YAML file.
2020-03-11	v1.16.3-tke.3	Fixed the issue where CBS intree continued to unmount a non-existent disk, which caused a large number of invalid requests. Added a local metadata cache.
2020-02-14	v1.16.3-tke.2	Merges pr2359, which fixes the issue of missing monitoring records when the system is unable to obtain docker root. Merges pr86583, which increases the logging level to reduce the amount of logs caused by the lack of support for random-fully in earlier versions of iptables. kube-scheduler now supports dynamic logging level configuration. Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly. Merges pr86230, which skips assumed pod updates when pods are scheduled.
2020-01-06	v1.16.3-tke.1	Incorporates pr79036, which fixes the issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed. Incorporates pr84167, which fixes the issue where an incorrect Etcd key prefix causes an apiserver health check failure. Reverts pr63066, which fixes the CLB health check and IPVS issues. Incorporates pr72914, which fixes the issue where mounting may fail if you delete a pod, create a new one, and schedule it to the same node. Fixes the issue where creating containers in CentOS results in cgroup leakage. Fixes the issue where upgrading lxcfs in Ubuntu 16 causes pods to exit. Adds metadata cache and timeout. cloud-provider now supports using node names as hostnames. Reverts pr79036, which fixes the issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed. Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly.

TKE kubernetes 1.14.3 revisions

Date	Version	Revisions
2021-05-06	v1.14.3-tke.22	Updated the launch method of running kube-proxy as an image, and automatically adapted to the iptables running mode of the node to support the operating system that uses the NF_TABLES mode to run iptables by default.
2021-04-14	v1.14.3-tke.21	Merged pr97752, which fixed the issue where NewReplicaSet is displayed as &dxlt;none&dxgt; when describing deployment (kubectl). Merged pr78999, which fixed the issue of judging the case of the protocol during graceful close (kube-proxy). Merged pr91590, which fixed the issue of warning that the port has been allocated when using the multiprotocol service of NodePort type (kube-apiserver). Merged pr98262, which allows kube-controller-manager to dynamically adjust the log level (kube-controller-manager). Merged pr95301, which automatically deletes the volume directory left by orphaned Pod (kubelet).
2020-12-28	v1.14.3-tke.19	Added metrics to QcloudCbs (kube-controller-manager). Fixed the issue where extra space exists in the value of serial when mounting CBS disk (Kubelet).
2020-12-21	v1.14.3-tke.18	Merged pr94712, which fixed CVE-2020-8564 - fixed the issue when the file format was incorrect and logLevel >= 4, Docker configuration leaked (kubelet). Merged pr95316, which fixed CVE-2020-8565 - fixed the issue where incomplete fix for CVE-2019-11250 resulting in log token leak (logLevel >= 9) (kube-apiserver, kubectl). Merged pr95245, which fixed CVE-2020-8566 - fixed the issue where Ceph RBD adminSecrets was exposed in the log when loglevel >= 4 (kube-controller-manager). Merged pr86140, which fixed the issue where the Controller Manager did not handle the timeout error correctly, so that the expanded Pod could not be created (kube-controller-manager). The scheduler supports virtual nodes (kube-scheduler). kube-controller-manager supports virtual nodes (kube-controller-manager). Set the instance-type label based on the actual model of the node, instead of being fixed as QCLOUD (kubelet). Merged pr79338, when both SupportPodPidsLimit and SupportNodePidsLimit are not enabled, the pids cgroup subsystem will not be enabled (kubelet). Merged pr89224, which fixed the issue where kube-scheduler restarted abnormally because NodeInfo is not checked (kube-scheduler). Merged pr89465, which fixed the issue where the HPA based on Pod metrics incorrectly calculated the number of instances during rolling updates (kube-controller-manager).
2020-10-13	v1.14.3-tke.17	Merged pr74781, which changed the default update strategy of ConfigMap and Secret from Cache to Watch (kubelet). Merged pr93403, which removed the printed error information of pod condition irrelevant to the kubelet during kubelet update (kubelet). Merged pr89629, which fixed the issue where the container that mounted the subpath would fail to restart after the configmap is changed (kubelet). Merged pr80942, which fixed the issue where rules were not deleted after the service was deleted in ipvs mode (kube-proxy). QcloudCbs supports BulkVolumeVerification (kube-controller-manager).
2020-08-04	v1.14.3-tke.16	Merged pr78883, which fixed the bug where the default value for pod.spec.container.SecurityContext.ProcMount was added by default.
2020-07-28	v1.14.3-tke.15	Incorporated pr76518 and pr82514, which limits the return size of http and exec probe to prevent occupation of large amounts of node memory (kubelet). Incorporated pr91277, which prevents the issue of large numbers of TLS handshake error logs generated by kube-apiserver as a result of CLB health checks (kube-apiserver). Incorporated pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet). Incorporated pr77475, which fixed the issue of Cronjob scheduling failure when the number of jobs exceeded 500 (kube-controller-manager).
2020-06-10	v1.14.3-tke.14	Merges pr85027, which fixes the issue where HPA miscalculates of the number of pods during rolling updates. Merges pr79708, which uses spec.replicas to calculate the current number of replicas of HPA. Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling. Merges pr89794, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
2020-06-04	v1.14.3-tke.13	Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks. Merges pr79451, which fixes the issue where if restartPolicy is set to Never, kubelet does not try to create SandBox again after the first attempt fails.
2020-05-18	v1.14.3-tke.12	TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The max value cannot be dynamically obtained.
2020-04-14	v1.14.3-tke.11	Merges pr75442, which changes the bandwidth unit from Kb to b. Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue. TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default).
2020-04-14	v1.14.3-tke.10	Fixes the issue where CBS intree continues to unmount a non-existent disk, which causes a large number of invalid requests.
2020-01-13	v1.14.3-tke.9	Merges pr2359, which fixes the issue of missing monitoring records when the system is unable to obtain docker root. Merges pr86583, which increases the logging level to reduce the amount of logs caused by the lack of support for random-fully in earlier versions of iptables. kube-scheduler now supports dynamic logging level configuration. Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly. Merges pr86230, which skips assumed pod updates when pods are scheduled.
2019-12-23	v1.14.3-tke.8	Reverts pr79036, which fixes an issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed.
2019-12-17	v1.14.3-tke.7	Added metadata cache and timeout. Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit. Avoided the readiness state of “pod not ready” when kubelet was restarted.
2019-11-28	v1.14.3-tke.6	cloud-provider supports using node names as hostnames.
2019-11-18	v1.14.3-tke.5	Merges pr83435, which fixes an issue that allows DoS attacks that use malicious YAML or JSON files to exhaust kube-apiserver CPU or memory resources, resulting in a loss of service. Merges pr84167, which fixes an issue where an incorrect ETCD prefix causes apiserver health checks to fail. Merges pr75622, which fixes an issue where, when there is a high sts (&dxgt;2000) workload in a cluster, it takes too long to sync sts changes to pod (about 20s).
2019-10-23	v1.14.3-tke.4	Merges pr79036, which fixes an issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed.
2019-09-10	v1.14.3-tke.3	Incorporated pr63066, which fixed the issue where CLB health checks failed in IPVS mode.
2019-09-06	v1.14.3-tke.2	Fixes the cve-2019-9512&cve-2019-9514 HTTP/2 DDoS security issue. Merges pr72914, which fixes an issue where deleting a Pod and then creating a new one and scheduling it to the same node could cause mounting a volume to fail. Resolves the issue where creating containers in CentOS results in cgroup leakage.

TKE kubernetes 1.12.4 revisions

Date	Version	Revisions
2021-05-06	v1.12.4-tke.28	Updated the launch method of running kube-proxy as an image, and automatically adapted to the iptables running mode of the node to support the operating system that uses the NF_TABLES mode to run iptables by default.
2020-12-28	v1.12.4-tke.27	Added metrics to QcloudCbs (kube-controller-manager). Fixed the issue where extra space exists in the value of serial when mounting CBS disk (Kubelet).
2020-12-15	v1.12.4-tke.26	QcloudCbs supports BulkVolumeVerification (kube-controller-manager).
2020-11-17	v1.12.4-tke.25	Merged pr79495, which fixed the issue where the webhook call failed when there were multiple versions of CRD (kube-apiserver).
2020-10-13	v1.12.4-tke.24	Merged pr93403, which removed the printed error information of pod condition irrelevant to the kubelet during kubelet update (kubelet).
2020-08-04	v1.12.4-tke.23	Merged pr78881, which fixed the bug where the default value for pod.spec.container.SecurityContext.ProcMount was added by default.
2020-07-28	v1.12.4-tke.22	Incorporated pr91277, which prevents the issue of large numbers of TLS handshake error logs generated by kube-apiserver as a result of CLB health checks (kube-apiserver). Incorporated pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet).
2020-06-10	v1.12.4-tke.21	Merges pr73915, which prevents the watcher from receiving events before the watch is started. Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling. Merges pr73915, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
2020-06-04	v1.12.4-tke.20	Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks. Merges pr79451, which fixes the issue where if restartPolicy is set to Never, kubelet does not try to create SandBox again after the first attempt fails.
2020-05-18	v1.12.4-tke.19	Merges pr77802, which disables graceful termination for UDP traffic. Merges pr68741, which fixes the issue of when the soft link /var/lib/kubelet and subpath are used, the host fails to unmount after pod deletion, resulting in mount target leakage and the pod being stuck in terminating. TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The max value cannot be dynamically obtained.
2020-04-14	v1.12.4-tke.18	Merges pr73401, pr73606, and pr76060, which deletes DaemonSet pods allocated to non-existent nodes. Merges pr68619, which fixes the CPU Manager dirty data issue. Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue. TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default).
2020-02-14	v1.12.4-tke.17	Upgrades the CBS V2 interface to V3. Fixes the issue where CBS intree continues to unmount a non-existent disk, which causes a large number of invalid requests.
2020-01-13	v1.12.4-tke.16	Merges pr2359 , which fixes the issue of missing monitoring records when docker root fails to be obtained. Merges pr86583 , which increases the logging level to prevent excessive logs from being generated when iptables does not support random-fully. kube-scheduler supports dynamic logging level configuration. Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly. Merges pr86230, which skips assumed pod updates when pods are scheduled.
2019-12-23	v1.12.4-tke.15	Reverted pr79036, which fixed the issue where the enabled CPU Manager disabled `cpu quota` if `QoS` of a pod was set to `Guaranteed`.
2019-12-17	v1.12.4-tke.14	Added metadata cache and timeout. Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit. Avoided the readiness state of “pod not ready” when kubelet was restarted.
2019-11-28	v1.12.4-tke.13	cloud-provider supports using node names as hostnames.
2019-11-18	v1.12.4-tke.12	Merges pr75622, which fixes an issue where, when there is a high sts (&dxgt;2000) workload, it takes too long to sync sts changes to pod (about 20s).
2019-10-23	v1.12.4-tke.11	Merges pr79036, which fixes an issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed. Merges pr72868, which adds a new parameter--metrics-port to kube-proxy and addresses the issue where --metrics-bind-address does not recognize port numbers.
2019-09-06	v1.12.4-tke.10	Fixes the cve-2019-9512&cve-2019-9514 HTTP/2 DDoS security issue. Merges pr72914, which fixes an issue where deleting a Pod and then creating a new one and scheduling it to the same node could cause mounting a volume to fail. Merges pr71834, which fixes an issue with IPVS load balancing where, if sessionAffinity is set to ClientIP, traffic is routed to an invalid real server.
2019-08-09	v1.12.4-tke.9	Fixed the issue where creating containers in CentOS resulted in cgroup leakage.
2019-08-08	v1.12.4-tke.8	Incorporated pr72118, which fixed the issue where mounting failed if a CBS StatefulSet was rescheduled to the same node.
2019-07-17	v1.12.4-tke.7	Incorporated pr75037, which resolved the security risks of the cp command in kubectl.
2019-07-16	v1.12.4-tke.6	Fixed the compatibility issue between the TLinux kernel and IPVS and fixed CLB health check failures in IPVS mode.
2019-07-09	v1.12.4-tke.5	Incorporated pr72361, which fixed the kube-proxy deadlock issue.
2019-06-25	v1.12.4-tke.4	Fixes the compatibility issue between the TLinux kernel and IPVS.
2019-06-17	v1.12.4-tke.3	Incorporated pr71114, which fixed the IPVS throughput issue.
2019-06-04	v1.12.4-tke.2	Merges pr74755, which fixes a hang/timeout issue when running large numbers of pods with unique configmap/secret references. Merges pr69047, which fixes a backward compatibility issue with node.Spec.Unschedulable.

TKE kubernetes 1.10.5 revisions

Date	Version	Revisions
2021-05-06	v1.10.5-tke.20	Updated the launch method of running kube-proxy as an image, and automatically adapted to the iptables running mode of the node to support the operating system that uses the NF_TABLES mode to run iptables by default.
2020-06-10	v1.10.5-tke.19	Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks. Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling. Merges pr89794, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
2020-05-18	v1.12.4-tke.19	Merges pr61549, which adds volumeSpec data for mountedPods cache and fixes the issue of deletion failure when multiple pods use the same volume.
2020-04-29	v1.10.5-tke.17	Mergespr75622, which fixes the issue where, when a large number (>2000) of sts workloads exist in a cluster, it takes too long (about 20s) to synchronize sts changes to a pod.
2020-04-14	v1.10.5-tke.16	Merges pr68619, which fixes the CPU Manager dirty data issue. Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue. TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default).
2020-02-14	v1.10.5-tke.15	Upgrades the CBS V2 interface to V3. Fixes the issue where CBS intree continues to unmount a non-existent disk, which causes a large number of invalid requests.
2020-01-13	v1.10.5-tke.14	Merges pr2359, which fixes the issue of missing monitoring records when docker root fails to be obtained. Merges pr86583, which increases the logging level to prevent excessive logs from being generated when iptables does not support random-fully. kube-scheduler supports dynamic logging level configuration. Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly. Merges pr86230, which skips assumed pod updates when pods are scheduled.
2019-12-23	v1.10.5-tke.13	Reverted pr79036, which fixes an issue where cpumanager disables cpu quota when it opens if the QoS setting of a pod is Guaranteed.
2019-12-13	v1.10.5-tke.12	kubelet does not delete nodes when checking externalID. Added metadata cache and timeout. Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit. Avoided the readiness state of “pod not ready” when kubelet was restarted.
2019-11-18	v1.10.5-tke.11	Removes the kube-controller-manager probe that sends heartbeats to kubelet.
2019-10-23	v1.10.5-tke.10	Merges pr79036, which fixes an issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed. Merges pr72868, which adds a new parameter--metrics-port to kube-proxy and addresses the issue where --metrics-bind-address does not recognize port numbers.
2019-09-06	v1.10.5-tke.9	Fixes the cve-2019-9512&cve-2019-9514 HTTP/2 DDoS security issue. Merges pr72914, which fixes an issue where deleting a Pod and then creating a new one and scheduling it to the same node could cause mounting a volume to fail. Merges 67430 to rollback the state if updateContainerCPUSet fails.
2019-08-08	v1.10.5-tke.8	Merges pr72118, which fixes an issue where, if kubelet mounts a device immediately after unmounting it, an error occurs with the message `resource name may not be empty`.
2019-07-17	v1.10.5-tke.7	Merges pr75037, which fixes a security issue affecting the cp command in kubectl.
2019-06-25	v1.10.5-tke.6	Fixed a Linux kernel and IPVS load balancing issue.
2019-06-17	v1.10.5-tke.5	Merges pr71114, which fixes an issue with IPVS throughput.
2019-03-19	v1.10.5-tke.4	Incorporated pr65092, which fixed the issue where apiserver would panic when handling specific requests.
2019-02-19	v1.10.5-tke.3	Incorporated pr67288, which fixed the issue where apiserver did not close the other side of the connection immediately when proxying.
2018-09-28	v1.10.5-tke.2	Moves the CLB creation logic from controller-manager to an independent service controller.
2018-09-27	v1.10.5-tke.1	Backports pr63321, which fixes an issue where termination takes too long when there are multiple service containers in a pod.
2018-09-21	v1.10.5-qcloud-rev1	If a kubelet status update times out, controller-manager probes the kubelet port.

TKE kubernetes 1.8.13 revisions

Date	Version	Revisions
2020-01-13	v1.8.13-tke.7	Merges pr2359, which fixes the issue of missing monitoring records when the system is unable to obtain docker root. Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly.
2019-12-13	v1.8.13-tke.6	kubelet does not delete nodes when checking externalID. Adds metadata cache and timeout. Fixes an issue where upgrading lxcfs in Ubuntu 16 causes pods to exit. Adds the ability to reboot kubelet to avoid pod not ready.
2019-11-18	v1.8.13-tke.5	Removes the kube-controller-manager probe that sends heartbeats to kubelet. Adds metrics to CBS PVC.
2018-09-28	v1.8.13-tke.2	Moved load balancing logic from controller-manager to independent service controllers.
2018-09-27	v1.8.13-tke.1	Disables kmem statistics to prevent cgroup numbers from leaking. Reduces resourcequota conflicts caused by creating pods.
2018-09-21	v1.8.13-qcloud-rev1	If a kubelet state update times out, controller-manager probes kubelet port.

TKE kubernetes 1.7.8 revisions

Date	Version	Revisions
2019-12-17	v1.7.8-tke.4	kubelet does not delete nodes when checking externalID. Added metadata cache and timeout. Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit. Avoided the readiness state of “pod not ready” when kubelet was restarted.
2018-09-28	v1.7.8-tke.2	Fixes a conflict between controller-manager and an external service controller.
2018-09-27	v1.7.8-tke.1	Moves load balancing logic from controller-manager to an independent service controllers.
2018-09-21	v1.7.8-qcloud-rev1	If a kubelet status update times out, controller-manager probes the kubelet port.