TKE Kubernetes Revision Version History

Last updated: 2020-09-18 10:02:31

    TKE Kubernetes 1.18.4 Revisions

    DateVersionUpdates
    2020-08-12 v1.18.4-tke.2
    • Merged pr93403, which removed the printed error information of pod condition irrelevant to the kubelet during kubelet update (kubelet).
    2020-08-04 v1.18.4-tke.1
    • revert pr63066 Fixed the LB health check and IPVS issues (kube-proxy).
    • Merged pr72914, which fixed the issue where mounting might fail if you deleted a pod, created a new one, and scheduled it to the same node (kube-controller-manager).
    • Fixed the issue where creating containers in CentOS resulted in cgroup leakage (kubelet).
    • Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit (kubelet).
    • Added cache and timeout to metadata. cloud-provider now supports using node names as hostnames (kubelet).
    • Added local cache (kubelet) to metadata.
    • Merged CBS and relevant fix code (kubelet).
    • Merged pr90260, which fixed the issue of missing monitoring records for containerd cluster networks (kubelet).
    • TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default (kube-scheduler).
    • Fixed the issue where CBS intree continued to unmount a non-existent disk, causing a large number of invalid requests (kubelet).
    • Merged pr2359, which fixed the issue with missing monitoring records when the system was unable to obtain docker root (kubelet).
    • kube-scheduler now supports dynamic logging level configuration (kube-scheduler).
    • Produced a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevented some users from accessing CBS properly (kubelet).
    • TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The kubelet side will not patch nodes (kubelet).
    • Merged pr89296, so that the log will not record whether the iptables random-fully parameter is enabled (kube-proxy).
    • Fixed the AWS issue pr92162(kubelet).
    • Merged pr91277, which fixed the issue of large numbers of TLS handshake error logs generated by kube-apiserver as a result of CLB health checks (kube-apiserver).
    • Merged pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet).
    • Merged 92537, which fixed the issue where client-go reflector could not recover from the error "Too large resource version" (kube-apiserver, kube-controller-manager, kube-scheduler, kubelet, and kube-proxy).
    • Merged pr92969, which fixed the issue where CVE-2020-8559 privilege escalation from an invaded node resulted in invasion into other nodes (kube-apiserver).
    • Merged pr92921, which fixed the DOS attack issue where CVE-2020-8557 exhausted the disk space by writing into “/etc/hosts” (kubelet).

    TKE Kubernetes 1.16.3 Revisions

    DateVersionUpdates
    2020-07-28 v1.16.3-tke.10
    • Merged pr91277, which fixed the issue where large numbers of TLS handshake error logs are generated by kube-apiserver as a result of CLB health checks (kube-apiserver).
    • Merged pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet).
    2020-06-17 v1.16.3-tke.9 Temporarily fixed the AWS issuepr92162. AWS Credential Provider is no longer registered to prevent this issue from causing slow node launches.
    2020-06-11 v1.16.3-tke.8 Merges pr85993, which allows you to use CNI results to set kubenet gateway addresses.
    2020-06-10 v1.16.3-tke.7
    • Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks.
    • Merges pr89515, which fixes the issue where HPA miscalculates the number of pods during rolling updates.
    • Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling.
    • Merges pr89794, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
    2020-05-18 v1.16.3-tke.6 TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The max value cannot be dynamically obtained.
    2020-04-20 v1.16.3-tke.5 Merges pr69047, which fixes the node.Spec.Unschedulable backward compatibility issue. (This fix is overwritten when the in-tree cbs code is incorporated).
    2020-04-14 v1.16.3-tke.4
    • Merges pr87913, which fixes the CVE-2020-8551: Kubelet DoS attack issue.
    • Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue.
    • TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default).
    • Merges pr87467, which fixes the issue of excessive CPU consumption by kubectl in parsing YAML files when an authorized user sends a malicious YAML file.
    2020-03-11 v1.16.3-tke.3
    • Fixed the issue where CBS intree continued to unmount a non-existent disk, which caused a large number of invalid requests.
    • Added a local metadata cache.
    2020-02-14 v1.16.3-tke.2
    • Merges pr2359, which fixes the issue of missing monitoring records when the system is unable to obtain docker root.
    • Merges pr86583, which increases the logging level to reduce the amount of logs caused by the lack of support for random-fully in earlier versions of iptables.
    • kube-scheduler now supports dynamic logging level configuration.
    • Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly.
    • Merges pr86230, which skips assumed pod updates when pods are scheduled.
    2020-01-06 v1.16.3-tke.1
    • Incorporates pr79036, which fixes the issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed.
    • Incorporates pr84167, which fixes the issue where an incorrect Etcd key prefix causes an apiserver health check failure.
    • Reverts pr63066, which fixes the CLB health check and IPVS issues.
    • Incorporates pr72914, which fixes the issue where mounting may fail if you delete a pod, create a new one, and schedule it to the same node.
    • Fixes the issue where creating containers in CentOS results in cgroup leakage.
    • Fixes the issue where upgrading lxcfs in Ubuntu 16 causes pods to exit.
    • Adds metadata cache and timeout. cloud-provider now supports using node names as hostnames.
    • Reverts pr79036, which fixes the issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed.
    • Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly.

    TKE Kubernetes 1.14.3 revisions

    DateVersionUpdates
    2020-08-04 v1.14.3-tke.16 Merged pr78883, which fixed the bug where the default value for pod.spec.container.SecurityContext.ProcMount was added by default.
    2020-07-28 v1.14.3-tke.15
    • Merged pr76518 and pr82514, which limited the return size of http and exec probe to prevent occupation of large amounts of node memory (kubelet).
    • Merged pr91277, which fixed the issue where large numbers of TLS handshake error logs were generated by kube-apiserver as a result of CLB health checks (kube-apiserver).
    • Merged pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet).
    • Merged pr77475, which fixed the issue of Cronjob scheduling failures when the number of jobs exceeded 500 (kube-controller-manager).
    2020-06-10 v1.14.3-tke.14
    • Merges pr85027, which fixes the issue where HPA miscalculates of the number of pods during rolling updates.
    • Merges pr79708, which uses spec.replicas to calculate the current number of replicas of HPA.
    • Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling.
    • Merges pr89794, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
    2020-06-04 v1.14.3-tke.13
    • Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks.
    • Merges pr79451, which fixes the issue where if restartPolicy is set to Never, kubelet does not try to create SandBox again after the first attempt fails.
    2020-05-18 v1.14.3-tke.12 TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The max value cannot be dynamically obtained.
    2020-04-14 v1.14.3-tke.11
    • Merges pr75442, which changes the bandwidth unit from Kb to b.
    • Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue.
    • TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default).
    2020-04-14 v1.14.3-tke.10 Fixes the issue where CBS intree continues to unmount a non-existent disk, which causes a large number of invalid requests.
    2020-01-13 v1.14.3-tke.9
    • Merges pr2359, which fixes the issue of missing monitoring records when the system is unable to obtain docker root.
    • Merges pr86583, which increases the logging level to reduce the amount of logs caused by the lack of support for random-fully in earlier versions of iptables.
    • kube-scheduler now supports dynamic logging level configuration.
    • Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly.
    • Merges pr86230, which skips assumed pod updates when pods are scheduled.
    2019-12-23 v1.14.3-tke.8 Reverted pr79036, which fixed the issue where the enabled CPU Manager disabled `cpu quota` if `QoS` of a pod was set to `Guaranteed`.
    2019-12-17 v1.14.3-tke.7
    • Added metadata cache and timeout.
    • Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit.
    • Avoided the readiness state of “pod not ready” when kubelet was restarted.
    2019-11-28 v1.14.3-tke.6 cloud-provider supports using node names as hostnames.
    2019-11-18 v1.14.3-tke.5
    • Merges pr83435, which fixes an issue that allows DoS attacks that use malicious YAML or JSON files to exhaust kube-apiserver CPU or memory resources, resulting in a loss of service.
    • Merges pr84167, which fixes an issue where an incorrect ETCD prefix causes apiserver health checks to fail.
    • Merges pr75622, which fixes an issue where, when there is a high sts (>2000) workload in a cluster, it takes too long to sync sts changes to pod (about 20s).
    2019-10-23 v1.14.3-tke.4 Merges pr79036, which fixes an issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed.
    2019-09-10 v1.14.3-tke.3 Incorporated pr63066, which fixed the issue where CLB health checks failed in IPVS mode.
    2019-09-06 v1.14.3-tke.2
    • Fixes the cve-2019-9512&cve-2019-9514 HTTP/2 DDoS security issue.
    • Merges pr72914, which fixes an issue where deleting a Pod and then creating a new one and scheduling it to the same node could cause mounting a volume to fail.
    • Resolves the issue where creating containers in CentOS results in cgroup leakage.

    TKE Kubernetes 1.12.4 revisions

    DateVersionUpdates
    2020-08-04 v1.12.4-tke.23 Merged pr78883, which fixed the bug where the default value for pod.spec.container.SecurityContext.ProcMount was added by default.
    2020-07-28 v1.12.4-tke.22
    • Merged pr91277, which fixed the issue where large numbers of TLS handshake error logs were generated by kube-apiserver as a result of CLB health checks (kube-apiserver).
    • Merged pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet).
    2020-06-10 v1.12.4-tke.21
    • Merges pr73915, which prevents the watcher from receiving events before the watch is started.
    • Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling.
    • Merges pr89794, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
    2020-06-04 v1.12.4-tke.20
    • Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks.
    • Merges pr79451, which fixes the issue where if restartPolicy is set to Never, kubelet does not try to create SandBox again after the first attempt fails.
    2020-05-18 v1.12.4-tke.19
    • Merges pr77802, which disables graceful termination for UDP traffic.
    • Merges pr68741, which fixes the issue of when the soft link /var/lib/kubelet and subpath are used, the host fails to unmount after pod deletion, resulting in mount target leakage and the pod being stuck in terminating.
    • TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The max value cannot be dynamically obtained.
    2020-04-14 v1.12.4-tke.18
    • Merges pr73401, pr73606, and pr76060, which deletes DaemonSet pods allocated to non-existent nodes.
    • Merges pr68619, which fixes the CPU Manager dirty data issue.
    • Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue.
    • TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default).
    2020-02-14 v1.12.4-tke.17
    • Upgrades the CBS V2 interface to V3.
    • Fixes the issue where CBS intree continues to unmount a non-existent disk, which causes a large number of invalid requests.
    2020-01-13 v1.12.4-tke.16
    • Merges pr2359, which fixes the issue of missing monitoring records when docker root fails to be obtained.
    • Merges pr86583, which increases the logging level to prevent excessive logs from being generated when iptables does not support random-fully.
    • kube-scheduler supports dynamic logging level configuration.
    • Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly.
    • Merges pr86230, which skips assumed pod updates when pods are scheduled.
    2019-12-23 v1.12.4-tke.15 Reverted pr79036, which fixed the issue where the enabled CPU Manager disabled `cpu quota` if `QoS` of a pod was set to `Guaranteed`.
    2019-12-17 v1.12.4-tke.14
    • Added metadata cache and timeout.
    • Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit.
    • Avoided the readiness state of “pod not ready” when kubelet was restarted.
    2019-11-28 v1.12.4-tke.13 cloud-provider supports using node names as hostnames.
    2019-11-18 v1.12.4-tke.12 Merges pr75622, which fixes an issue where, when there is a high sts (>2000) workload, it takes too long to sync sts changes to pod (about 20s).
    2019-10-23 v1.12.4-tke.11
    • Merges pr79036, which fixes an issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed.
    • Merges pr72868, which adds a new parameter--metrics-port to kube-proxy and addresses the issue where --metrics-bind-address does not recognize port numbers.
    2019-09-06 v1.12.4-tke.10
    • Fixes the cve-2019-9512&cve-2019-9514 HTTP/2 DDoS security issue.
    • Merges pr72914, which fixes an issue where deleting a Pod and then creating a new one and scheduling it to the same node could cause mounting a volume to fail.
    • Merges pr71834, which fixes an issue with IPVS load balancing where, if sessionAffinity is set to ClientIP, traffic is routed to an invalid real server.
    2019-08-09 v1.12.4-tke.9 Fixed the issue where creating containers in CentOS resulted in cgroup leakage.
    2019-08-08 v1.12.4-tke.8 Incorporated pr72118, which fixed the issue where mounting failed if a CBS StatefulSet was rescheduled to the same node.
    2019-07-17 v1.12.4-tke.7 Incorporated pr75037, which resolved the security risks of the cp command in kubectl.
    2019-07-16 v1.12.4-tke.6 Fixed the compatibility issue between the TLinux kernel and IPVS and fixed CLB health check failures in IPVS mode.
    2019-07-09 v1.12.4-tke.5 Incorporated pr72361, which fixed the kube-proxy deadlock issue.
    2019-06-25 v1.12.4-tke.4 Fixed the compatibility issue between the TLinux kernel and IPVS.
    2019-06-17 v1.12.4-tke.3 Incorporated pr71114, which fixed the IPVS throughput issue.
    2019-06-04 v1.12.4-tke.2
    • Merges pr74755, which fixes a hang/timeout issue when running large numbers of pods with unique configmap/secret references.
    • Merges pr69047, which fixes a backward compatibility issue with node.Spec.Unschedulable.

    TKE Kubernetes 1.10.5 Revisions

    DateVersionUpdates
    2020-06-10 v1.10.5-tke.19
    • Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks.
    • Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling.
    • Merges pr89794, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
    2020-05-18 v1.12.4-tke.19 Merges pr61549, which adds volumeSpec data for mountedPods cache and fixes the issue of deletion failure when multiple pods use the same volume.
    2020-04-29 v1.10.5-tke.17 Mergespr75622, which fixes the issue where, when a large number (>2000) of sts workloads exist in a cluster, it takes too long (about 20s) to synchronize sts changes to a pod.
    2020-04-14 v1.10.5-tke.16
    • Merges pr68619, which fixes the CPU Manager dirty data issue.
    • Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue.
    • TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default).
    2020-02-14 v1.10.5-tke.15
    • Upgrades the CBS V2 interface to V3.
    • Fixes the issue where CBS intree continues to unmount a non-existent disk, which causes a large number of invalid requests.
    2020-01-13 v1.10.5-tke.14
    • Merges pr2359, which fixes the issue of missing monitoring records when docker root fails to be obtained.
    • Merges pr86583, which increases the logging level to prevent excessive logs from being generated when iptables does not support random-fully.
    • kube-scheduler supports dynamic logging level configuration.
    • Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly.
    • Merges pr86230, which skips assumed pod updates when pods are scheduled.
    2019-12-23 v1.10.5-tke.13 Reverted pr79036, which fixed the issue where the enabled CPU Manager disabled `cpu quota` if `QoS` of a pod was set to `Guaranteed`.
    2019-12-13 v1.10.5-tke.12
    • kubelet does not delete nodes when checking externalID.
    • Added metadata cache and timeout.
    • Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit.
    • Avoided the readiness state of “pod not ready” when kubelet was restarted.
    2019-11-18 v1.10.5-tke.11 Removes the kube-controller-manager probe that sends heartbeats to kubelet.
    2019-10-23 v1.10.5-tke.10
    • Merges pr79036, which fixes an issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed.
    • Merges pr72868, which adds a new parameter--metrics-port to kube-proxy and addresses the issue where --metrics-bind-address does not recognize port numbers.
    2019-09-06 v1.10.5-tke.9
    • Fixes the cve-2019-9512&cve-2019-9514 HTTP/2 DDoS security issue.
    • Merges pr72914, which fixes an issue where deleting a Pod and then creating a new one and scheduling it to the same node could cause mounting a volume to fail.
    • Merges 67430 to rollback the state if updateContainerCPUSet fails.
    2019-08-08 v1.10.5-tke.8 Merges pr72118, which fixes an issue where, if kubelet mounts a device immediately after unmounting it, an error occurs with the message `resource name may not be empty`.
    2019-07-17 v1.10.5-tke.7 Incorporated pr75037, which resolved the security risks of the cp command in kubectl.
    2019-06-25 v1.10.5-tke.6 Fixed the compatibility issue between the TLinux kernel and IPVS.
    2019-06-17 v1.10.5-tke.5 Incorporated pr71114, which fixed the IPVS throughput issue.
    2019-03-19 v1.10.5-tke.4 Incorporated pr65092, which fixed the issue where apiserver would panic when handling specific requests.
    2019-02-19 v1.10.5-tke.3 Incorporated pr67288, which fixed the issue where apiserver did not close the other side of the connection immediately when proxying.
    2018-09-28 v1.10.5-tke.2 Moved the CLB creation logic from controller-manager to an independent service controller.
    2018-09-27 v1.10.5-tke.1 Backports pr63321, which fixes an issue where termination takes too long when there are multiple service containers in a pod.
    2018-09-21 v1.10.5-qcloud-rev1 If a kubelet status update times out, controller-manager probes the kubelet port.

    TKE Kubernetes 1.8.13 revisions

    DateVersionUpdates
    2020-01-13 v1.8.13-tke.7
    • Merges pr2359, which fixes the issue of missing monitoring records when the system is unable to obtain docker root.
    • Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly.
    2019-12-13 v1.8.13-tke.6
    • kubelet does not delete nodes when checking externalID.
    • Added metadata cache and timeout.
    • Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit.
    • Avoided the readiness state of “pod not ready” when kubelet was restarted.
    2019-11-18 v1.8.13-tke.5
    • Removes the kube-controller-manager probe that sends heartbeats to kubelet.
    • Adds metrics to CBS PVC.
    2018-09-28 v1.8.13-tke.2 Moved the CLB creation logic from controller-manager to an independent service controller.
    2018-09-27 v1.8.13-tke.1
    • Disables kmem statistics to prevent cgroup numbers from leaking.
    • Reduces resourcequota conflicts caused by creating pods.
    2018-09-21 v1.8.13-qcloud-rev1 If a kubelet status update times out, controller-manager probes the kubelet port.

    TKE Kubernetes 1.7.8 revisions

    DateVersionUpdates
    2019-12-17 v1.7.8-tke.4
    • kubelet does not delete nodes when checking externalID.
    • Added metadata cache and timeout.
    • Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit.
    • Avoided the readiness state of “pod not ready” when kubelet was restarted.
    2018-09-28 v1.7.8-tke.2 Fixes a conflict between controller-manager and an external service controller.
    2018-09-27 v1.7.8-tke.1 Moved the CLB creation logic from controller-manager to an independent service controller.
    2018-09-21 v1.7.8-qcloud-rev1 If a kubelet status update times out, controller-manager probes the kubelet port.

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help