||Updated the launch method of running kube-proxy as an image, and automatically adapted to the iptables running mode of the node to support the operating system that uses the NF_TABLES mode to run iptables by default.
- Added metrics to QcloudCbs (kube-controller-manager).
- Fixed the issue where extra space exists in the value of serial when mounting CBS disk (Kubelet).
||QcloudCbs supports BulkVolumeVerification (kube-controller-manager).
||Merged pr79495, which fixed the issue where the webhook call failed when there were multiple versions of CRD (kube-apiserver).
||Merged pr93403, which removed the printed error information of pod condition irrelevant to the kubelet during kubelet update (kubelet).
||Merged pr78881, which fixed the bug where the default value for pod.spec.container.SecurityContext.ProcMount was added by default.
- Incorporated pr91277, which prevents the issue of large numbers of TLS handshake error logs generated by kube-apiserver as a result of CLB health checks (kube-apiserver).
- Incorporated pr91500, which fixed the issue of missing environmental variables of KUBERNETES_SERVICE_HOST (kubelet).
- Merges pr73915, which prevents the watcher from receiving events before the watch is started.
- Merges pr91252, which ignores Pod Condition updates generated by other components to avoid unnecessary scheduling.
- Merges pr73915, which clears kube-controller-manager error logs to avoid CVE-2020-8555 Half-Blind SSRF attacks.
- Merges pr90260, which fixes the issue of missing monitoring records for containerd cluster networks.
- Merges pr79451, which fixes the issue where if restartPolicy is set to Never, kubelet does not try to create SandBox again after the first attempt fails.
- Merges pr77802, which disables graceful termination for UDP traffic.
- Merges pr68741, which fixes the issue of when the soft link /var/lib/kubelet and subpath are used, the host fails to unmount after pod deletion, resulting in mount target leakage and the pod being stuck in terminating.
- TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. The max value cannot be dynamically obtained.
- Merges pr73401, pr73606, and pr76060, which deletes DaemonSet pods allocated to non-existent nodes.
- Merges pr68619, which fixes the CPU Manager dirty data issue.
- Merges pr87669, which fixes the CVE-2020-8552: apiserver DoS attack issue.
- TKE can perceive the maximum number of qcloudcbs that can be mounted to a single node. (In 1.12 and later versions, the value is maxAttachCount-2. In version 1.10, the value is 18 by default).
- Upgrades the CBS V2 interface to V3.
- Fixes the issue where CBS intree continues to unmount a non-existent disk, which causes a large number of invalid requests.
- Merges pr2359 , which fixes the issue of missing monitoring records when docker root fails to be obtained.
- Merges pr86583 , which increases the logging level to prevent excessive logs from being generated when iptables does not support random-fully.
- kube-scheduler supports dynamic logging level configuration.
- Produces a workaround for the missing CBS device path (/dev/disk/by-id/virtio-xxx/...) issue that prevents some users from accessing CBS properly.
- Merges pr86230, which skips assumed pod updates when pods are scheduled.
||Reverted pr79036, which fixed the issue where the enabled CPU Manager disabled `cpu quota` if `QoS` of a pod was set to `Guaranteed`.
- Added metadata cache and timeout.
- Fixed the issue where upgrading lxcfs in Ubuntu 16 caused pods to exit.
- Avoided the readiness state of “pod not ready” when kubelet was restarted.
||cloud-provider supports using node names as hostnames.
||Merges pr75622, which fixes an issue where, when there is a high sts (&dxgt;2000) workload, it takes too long to sync sts changes to pod (about 20s).
- Merges pr79036, which fixes an issue where upon being opened, the CPU Manager disables the CPU quota if the QoS setting of a pod is Guaranteed.
- Merges pr72868, which adds a new parameter
--metrics-port to kube-proxy and addresses the issue where
--metrics-bind-address does not recognize port numbers.
- Fixes the cve-2019-9512&cve-2019-9514 HTTP/2 DDoS security issue.
- Merges pr72914, which fixes an issue where deleting a Pod and then creating a new one and scheduling it to the same node could cause mounting a volume to fail.
- Merges pr71834, which fixes an issue with IPVS load balancing where, if sessionAffinity is set to ClientIP, traffic is routed to an invalid real server.
||Fixed the issue where creating containers in CentOS resulted in cgroup leakage.
||Incorporated pr72118, which fixed the issue where mounting failed if a CBS StatefulSet was rescheduled to the same node.
||Incorporated pr75037, which resolved the security risks of the cp command in kubectl.
||Fixed the compatibility issue between the TLinux kernel and IPVS and fixed CLB health check failures in IPVS mode.
||Incorporated pr72361, which fixed the kube-proxy deadlock issue.
||Fixes the compatibility issue between the TLinux kernel and IPVS.
||Incorporated pr71114, which fixed the IPVS throughput issue.
- Merges pr74755, which fixes a hang/timeout issue when running large numbers of pods with unique configmap/secret references.
- Merges pr69047, which fixes a backward compatibility issue with