openSUSE Recommended Update: Recommended update for kubernetes, kubernetes1.17, kubernetes1.18 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2020:0973-1 Rating: moderate References: #1146372 #1163328 #1168390 #1171770 #1172744 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for kubernetes, kubernetes1.17, kubernetes1.18 fixes the following issues: - kubernetes 1.18 was updated to 1.18.4 and kubernetes 1.17 to 1.17.7 Changes in kubernetes1.18: Update to version 1.18.4: * enable floating IP for IPv6 * Extend AWS azToRegion method to support Local Zones and other partitions * kubelet: block non-forwarded packets from crossing the localhost boundary * Deflake port-forward e2e test * Fix fieldType being dropped by older go-clients * FieldManager: Reset if we receive nil or a list with one empty item * set dest prefix and port for IPv6 sg rule * fieldManager: Ignore and log all errors when updating managedFields * Make kubectl tolerate other versions of the CSR API * Changes to ManagedFields is not mutation for GC * fix a number of unbounded dimensions in request metrics * build: Use debian-hyperkube-base@v1.0.0 image * Check for GCE finalizer in GetLoadBalancer. * Fix csi-provisioner image for pd csi driver * hyperkube: Build v1.0.0 image * build: Add dependency entries for debian-hyperkube-base * Update CNI to v0.8.6 * Fix public IP not shown issues after assigning public IP to Azure VMs * Skip Pod Conditions from scheduling queue updates * add test for finalizers * skip unnecessary scheduling attempt when pod's finalizers change * Update CHANGELOG/CHANGELOG-1.18.md for v1.18.3 * Add back anti-affinity to kube-dns pods. * Check for empty zone string * Azure - do not use 0 zone or empty string for zone when creating PVs * Fix client-ca dynamic reload in apiserver * Fix exclusive CPU allocations being deleted at container restart * Update strategy used to reuse CPUs from init containers in CPUManager Update to version 1.18.3: * Move nfs-provisioner from quay.io/kubernetes_incubator to staging-csi * Use staging-csi to work around quay.io availability * Azure: support non-VMSS instances removal * deps: Use debian-base:v2.1.0 and debian-iptables:v12.1.0 * build: Add build-image OWNERS to debian-{base,iptables} and pause dirs * count no nodes scheduling failure as unschedulable instead of error * kubeadm: fix flakes when performing etcd MemberAdd on slower setups * base-images: Update to kube-cross:v1.13.9-5 * build: Alpha-sort dependencies.yaml * fix: azure disk dangling attach issue * kube-proxy: increase the session affinity timeout to ensure that the test passes in ipvs mode * cluster: ipvs conntrack module vs kernel version * allow k8s.io/kubernetes/third_party/forked/ipvs in e2e test framework import restrictions (transitive dep from pkg/kubemark) * add license headers for third_party/forked/ipvs * third_party/forked/ipvs: check the address family if the netlink address family attribute is not set * run hack/update-vendor.sh to remove github.com/docker/libnetwork * remove github.com/docker/libnetwork from go.mod * update pkg/util/ipvs to use third_party/forked/ipvs * move github.com/docker/libnetwork/ipvs to third_party/forked * fix backoff manager timer initialization race * fix: ACR auth fails in private azure clouds * Restore cache-control header filter * kube-scheduler: compatibility with ServerSideApply * bugfix: initcontainer wasn't considered when calculate resource request * fix: azure file csi migration failure * Fix flaws in Azure CSI translation * Revert "stop defaulting kubeconfig to http://localhost:8080" * Update CHANGELOG/CHANGELOG-1.18.md for v1.18.2 * Fix Node initialization for GCP cloud provider * Simplify unregistration of csiplugin * Unregister csiplugin even if socket path is gone * Move PSP tests behind a feature tag * kube-openapi bump to release-1.18 * Preserve int/float distinction when decoding raw values * Check Annotations map against nil for ConfigMapLock#Update() * Fix CSINodeInfo startup * Wait for APIServer 'ok' forever during CSINode initialization during Kubelet init - Add ConditionPathExists=/var/lib/kubelet/config.yaml to kubelet.service [boo#1146372] - Run sysctl -a --system before kubelet to ensure sysctl parameters are correctly loaded [boo#1171770] Update to version 1.18.2: * Fix GCE ILB for large clusters * Restore the ability to `kubectl apply --prune` without -n flag * Fix client watch reestablishment handling of client-side timeouts * Fix priorityClass typo, add numeric priority to static pods * Update CHANGELOG/CHANGELOG-1.18.md for v1.18.1 * Test dropped round-trip annotations in HPA conversion * Drop round-trip annotations in HPA conversion * Skip updating cache on pod update if the node was deleted - kubelet-common: conflict with other instances of kubelet-common and require kubernetes-kubelet%{baseversion} Update to version 1.18.1: * Ensure Azure availability zone is always in lower cases * Even with build error, kubectl apply should apply all valid resources * fix: update max azure disk max count * Ensure diff doesn't persist patches * Fix permissions for endpointslice controller * Clean up event messages for errors. * Allow list-resources.sh to continue if a resource fails to list * fix a bug where spn: prefix is unexpectedly added to kubeconfig apiserver-id setting * Adds integration test for apply failures when applying multiple resources * Fixes problem where kubectl apply stops after first error * fix cpu resource metric type by changing to counter * fix concurreny issue in lb creation * Kubeadm: fix Ready condition check * kubeadm: add missing RBAC for getting nodes on "upgrade apply" * Check that ImageInspect pointer is not nil * Fix bug about unintentional scale out during updating deployment. * Update CHANGELOG/CHANGELOG-1.18.md for v1.18.0 * build/dependencies: Remove bazel WORKSPACE go_version check * deps: Update to Golang 1.13.9 * build: Remove kube-cross image building * Label Windows test as Serial. Changes in kubernetes1.17: Update to version 1.17.7: * Fix fieldType being dropped by older go-clients * FieldManager: Reset if we receive nil or a list with one empty item * enable floating IP for IPv6 * Extend AWS azToRegion method to support Local Zones and other partitions * kubelet: block non-forwarded packets from crossing the localhost boundary * Deflake port-forward e2e test * Skip Pod Conditions from scheduling queue updates * add test for finalizers * skip unnecessary scheduling attempt when pod's finalizers change * set dest prefix and port for IPv6 sg rule * Create class to call function at most every given period * fieldManager: Ignore and log all errors when updating managedFields * Make kubectl tolerate other versions of the CSR API * Changes to ManagedFields is not mutation for GC * fix a number of unbounded dimensions in request metrics * build: Use debian-hyperkube-base@v1.0.0 image * Source CNI plugins from gs://k8s-artifacts-cni/release * Update CNI to v0.8.6 * releng: Remove debian-hyperkube-base image building from this branch * Fix public IP not shown issues after assigning public IP to Azure VMs * fix: formating and typo * fix: address test failure and review comments * fix: add unit tests for truncate long subnet name on lb ip configuration * fix: should truncate long subnet name on lb rules * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.6 * kubeadm: fix flakes when performing etcd MemberAdd on slower setups * Add back anti-affinity to kube-dns pods. * Check for empty zone string * Azure - do not use 0 zone or empty string for zone when creating PVs * Fix client-ca dynamic reload in apiserver * Make updateAllocatedDevices() as a public method and call it in podresources api Update to version 1.17.6: * Azure: support non-VMSS instances removal * deps: Use debian-base:v2.1.0 and debian-iptables:v12.1.0 * build: Add build-image OWNERS to debian-{base,iptables} and pause dirs * count no nodes scheduling failure as unschedulable instead of error * base-images: Update to kube-cross:v1.13.9-5 * build: Alpha-sort dependencies.yaml * Work-around for missing metrics on CRI-O exited containers * fix: azure disk dangling attach issue * fix: ACR auth fails in private azure clouds * Restore cache-control header filter * bugfix: initcontainer wasn't considered when calculate resource request * fix: azure file csi migration failure * Fix flaws in Azure CSI translation * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.5 * Move PSP tests behind a feature tag * Fix code for 1.17 * kube-openapi bump to release-1.17 * Do not reset managedFields in status update strategy * Use discovery to test apply all status * Preserve int/float distinction when decoding raw values * All check for instanceID * Fix AWS eventual consistency of AttachDisk * fix: update max azure disk max count * Fix cherry-pick errors * Fix CSINodeInfo startup * Wait for APIServer 'ok' forever during CSINode initialization during Kubelet init - Add ConditionPathExists=/var/lib/kubelet/config.yaml to kubelet.service [boo#1146372] - Run sysctl -a --system before kubelet to ensure sysctl parameters are correctly loaded [boo#1171770] Update to version 1.17.5: * Fix GCE ILB for large clusters * gce-addons: Make sure default/limit-range doesn't get overridden * Restore the ability to `kubectl apply --prune` without -n flag * Fix client watch reestablishment handling of client-side timeouts * Fix priorityClass typo, add numeric priority to static pods * Test dropped round-trip annotations in HPA conversion * Drop round-trip annotations in HPA conversion * Ensure Azure availability zone is always in lower cases * Clean up event messages for errors. * Fix permissions for endpointslice controller * Allow list-resources.sh to continue if a resource fails to list * Check that ImageInspect pointer is not nil * Fix bug about unintentional scale out during updating deployment. * kubeadm: increase timeouts in the etcd client * kubeadm: handle multiple members without names during concurrent join * build/dependencies: Remove bazel WORKSPACE go_version check * deps: Update to Golang 1.13.9 * build: Remove kube-cross image building * Fix the VMSS name and resource group name when updating VMSS for LoadBalancer backendPools. * Remove wait.Until for running Kubelet Bootstrap * Parallelize attach operations across different nodes for volumes that allow multi-attach * Add nil nodeinfo check in podFitsOnNode * fix: check disk status before disk azure disk * Update kube-openapi to release-1.17 * Update tag for structured-merge-diff to v2.0.1 * EndpointSlice and Endpoints should treat terminating pods the same * EndpointSliceTracker should track updated resource version * Ensuring EndpointSlices are not used for Windows kube-proxy implementations * Ensuring kube-proxy does not mutate shared EndpointSlices * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.4 * let image cache do sort on write instead of on read to avoid data * Removing kubectl get output e2e test * Fix VMSS cache content * Preserve target apiVersion when decoding into unstructured lists * Adding a temporary fix for kubectl get output e2e test * /readyz should start returning failure on shutdown initiation * test: don't use hardcoded pod count for memory limit test * Fixed in the GCE/PD in-tree volume logic to expose the max number of persistent-disks for each instance type correctly. * Honor status.podIP over status.podIPs, node.spec.podCIDR over node.spec.podCIDRs * fix: corrupted mount point in csi driver * fix: azure file mount timeout issue * fix behaviour of aws-load-balancer-security-groups annotation * fix: add remediation in azure disk attach/detach * Update to golang@1.13.8 * build: Enable kube-cross push/pull from K8s Infra GCR * build: Add justaugustus as reviewer * build: Add OWNERS on build-image/ * rename to sharedLimitWriter * address review feedback * Fix docker/journald logging conformance * fix get-kube authorization headers * Calling hcsshim instead of docker api to get stats for windows to greatly reduce latency * adding e2e test to ensure it takes less than 10 seconds to query kubelet stats for windows nodes * update golang.org/x/crypto * kube-proxy filter Load Balancer Status ingress * kube-proxy unit test FilterIncorrectIPVersion * add delays between goroutines for vm instance update * Updated test cos image to include runc-1.0.0-rc10 * Fix gce-cos-master-reboot test * Fix route conflicted operations when updating multiple routes together * fix: get azure disk lun timeout issue * Set up connection onClose prior to adding to connection map * fix: add azure disk migration support for CSINode * Add annotation annealing for migration for PVs and PVCs during syncVolume and syncClaim. This allows external-provisioners to pick up and delete volumes when they have been rolled up from previous kubernetes versions. * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.3 * Limit number of instances in single update to GCE target pool * Add code to fix kubelet/metrics memory issue. * Remove Error log for nil StartTime * CHANGELOG: Move changelogs into a subdir to delegate releng approvals * Enable selinux tags in make targets * Fix pending_pods, schedule_attempts_total was not recorded * Fixing Potential Race Condition in EndpointSlice Controller. * Restore statefulset conversion that populates apiVersion/kind in volume templates * Use standard default storage media type in local-up-cluster * changelog: clarify 1.17 upgrade requirements * Fix back off when scheduling cycle is delayed * blank out value for unbounded client label * update gopkg.in/yaml.v2 to v2.2.8 * set nil cache entry based on old cache * Revert "It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc." * Fix issue with GCE scripts assuming Python2. * Add/Update CHANGELOG-1.17.md for v1.17.2. * [1.17] No-op whitespace fix to CHANGELOG-1.17 to trigger a new 1.17 build * Update to golang@1.13.6 * Fix the bug PIP's DNS is deleted if no DNS label service annotation is set. * kubenet: replace gateway with cni result * Add/Update CHANGELOG-1.17.md for v1.17.1. * Fixes unnecessary creation of default SG and trying to delete non-provisioned SG by k8s system when annotation [service.beta.kubernetes.io/aws-load-balancer-security-groups] is present * Ensure a provider ID is set on a node if expected * Bind metrics-server containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes * Drop version from static openapi json file * Update to golang@1.13.5 * Revert reflector changes from PR #83520 from 1.17 * Fix IPv6 addresses lost issue in pure ipv6 vsphere environment * Fix unit test to run in non-gce environments * fix: azure disk could not mounted on Standard_DC4s/DC2s instances * Use legacyscheme's types rather than testapi ones * Fix nil pointer dereference in the azure provider * Add unit test for extended ipv4 service IP range * Revert "remove ipallocator in favor of k/utils net package" * It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc. * Allocate map when out points to nil map * fix: azure data disk should use same key as os disk by default * Check FileInfo against nil during walk of container dir path * Add UID precondition to kubelet pod status patch updates * Add cache for VMSS. * Fix build break - Hyperkube image needs kubelet/kubectl * Include cloud/gcp in e2e.test * Do not swallow timeout in manageReplicas * Sync the status of static Pods * Increase Burst limit for discovery client * Update v1.17.0 CHANGELOG to match final draft * Fix LoadBalancer rule checking so that no unexpected LoadBalancer updates are made * Fix broken SELinux detection * Add/Update CHANGELOG-1.17.md for v1.17.0. * Kubernetes version v1.17.1-beta.0 openapi-spec file updates * Deflake kubectl custom printing test * Refactor parsing logic for service IP and ranges, add tests * Fix bug in apiserver service cluster cidr split * Switch addon resizer to 1.8.7 * Deflake pod readiness e2e * Add/Update CHANGELOG-1.17.md for v1.17.0-rc.2. * Move hostdns.conf out of cni directory. * Fix iscsi refcounter in the case of no Block iscsi volumes * Ensure webhook backend requests are not artificially rate-limited * Retain objects for a limited lifetime in the mutation cache detector by default * Enable mutation detection * Make cluster auto scaler use leases * Bump Cluster Autoscaler version to 1.17.0 * fix: padded base64 encoded docker auth field * apiextensions: filter required nullable to workaround kubectl validation * update cadvisor dependency to v0.35.0 * Bumped the number of times a node tries to lookup itself * Wait for PV to be available before creating PVCs in volume binding test * increase pv controller resync period to try to deflake api update conflicts * Fix GKE upgrade test. * Use plugin name for filtering metrics * Provided a mechanism to re-register hidden metrics. * Deep copying EndpointSlices in reconciler before modifying them. * Set node cidr mask size ipv4/ipv6 config * Revert "kube-proxy: check KUBE-MARK-DROP" * Add/Update CHANGELOG-1.17.md for v1.17.0-rc.1. * Add/Update CHANGELOG-1.17.md for v1.17.0-beta.2. * Add/Update CHANGELOG-1.17.md for v1.17.0-beta.1. * Results of running update scripts: update-openapi-spec * Delete extraneous CHANGELOG-*.md files on branch. kubernetes1.17 was updated to version 1.17.7: * Fix fieldType being dropped by older go-clients * FieldManager: Reset if we receive nil or a list with one empty item * enable floating IP for IPv6 * Extend AWS azToRegion method to support Local Zones and other partitions * kubelet: block non-forwarded packets from crossing the localhost boundary * Deflake port-forward e2e test * Skip Pod Conditions from scheduling queue updates * add test for finalizers * skip unnecessary scheduling attempt when pod's finalizers change * set dest prefix and port for IPv6 sg rule * Create class to call function at most every given period * fieldManager: Ignore and log all errors when updating managedFields * Make kubectl tolerate other versions of the CSR API * Changes to ManagedFields is not mutation for GC * fix a number of unbounded dimensions in request metrics * build: Use debian-hyperkube-base@v1.0.0 image * Source CNI plugins from gs://k8s-artifacts-cni/release * Update CNI to v0.8.6 * releng: Remove debian-hyperkube-base image building from this branch * Fix public IP not shown issues after assigning public IP to Azure VMs * fix: formating and typo * fix: address test failure and review comments * fix: add unit tests for truncate long subnet name on lb ip configuration * fix: should truncate long subnet name on lb rules * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.6 * kubeadm: fix flakes when performing etcd MemberAdd on slower setups * Add back anti-affinity to kube-dns pods. * Check for empty zone string * Azure - do not use 0 zone or empty string for zone when creating PVs * Fix client-ca dynamic reload in apiserver * Make updateAllocatedDevices() as a public method and call it in podresources api Update to version 1.17.6: * Azure: support non-VMSS instances removal * deps: Use debian-base:v2.1.0 and debian-iptables:v12.1.0 * build: Add build-image OWNERS to debian-{base,iptables} and pause dirs * count no nodes scheduling failure as unschedulable instead of error * base-images: Update to kube-cross:v1.13.9-5 * build: Alpha-sort dependencies.yaml * Work-around for missing metrics on CRI-O exited containers * fix: azure disk dangling attach issue * fix: ACR auth fails in private azure clouds * Restore cache-control header filter * bugfix: initcontainer wasn't considered when calculate resource request * fix: azure file csi migration failure * Fix flaws in Azure CSI translation * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.5 * Move PSP tests behind a feature tag * Fix code for 1.17 * kube-openapi bump to release-1.17 * Do not reset managedFields in status update strategy * Use discovery to test apply all status * Preserve int/float distinction when decoding raw values * All check for instanceID * Fix AWS eventual consistency of AttachDisk * fix: update max azure disk max count * Fix cherry-pick errors * Fix CSINodeInfo startup * Wait for APIServer 'ok' forever during CSINode initialization during Kubelet init - Add ConditionPathExists=/var/lib/kubelet/config.yaml to kubelet.service [boo#1146372] - Run sysctl -a --system before kubelet to ensure sysctl parameters are correctly loaded [boo#1171770] Update to version 1.17.5: * Fix GCE ILB for large clusters * gce-addons: Make sure default/limit-range doesn't get overridden * Restore the ability to `kubectl apply --prune` without -n flag * Fix client watch reestablishment handling of client-side timeouts * Fix priorityClass typo, add numeric priority to static pods * Test dropped round-trip annotations in HPA conversion * Drop round-trip annotations in HPA conversion * Ensure Azure availability zone is always in lower cases * Clean up event messages for errors. * Fix permissions for endpointslice controller * Allow list-resources.sh to continue if a resource fails to list * Check that ImageInspect pointer is not nil * Fix bug about unintentional scale out during updating deployment. * kubeadm: increase timeouts in the etcd client * kubeadm: handle multiple members without names during concurrent join * build/dependencies: Remove bazel WORKSPACE go_version check * deps: Update to Golang 1.13.9 * build: Remove kube-cross image building * Fix the VMSS name and resource group name when updating VMSS for LoadBalancer backendPools. * Remove wait.Until for running Kubelet Bootstrap * Parallelize attach operations across different nodes for volumes that allow multi-attach * Add nil nodeinfo check in podFitsOnNode * fix: check disk status before disk azure disk * Update kube-openapi to release-1.17 * Update tag for structured-merge-diff to v2.0.1 * EndpointSlice and Endpoints should treat terminating pods the same * EndpointSliceTracker should track updated resource version * Ensuring EndpointSlices are not used for Windows kube-proxy implementations * Ensuring kube-proxy does not mutate shared EndpointSlices * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.4 * let image cache do sort on write instead of on read to avoid data * Removing kubectl get output e2e test * Fix VMSS cache content * Preserve target apiVersion when decoding into unstructured lists * Adding a temporary fix for kubectl get output e2e test * /readyz should start returning failure on shutdown initiation * test: don't use hardcoded pod count for memory limit test * Fixed in the GCE/PD in-tree volume logic to expose the max number of persistent-disks for each instance type correctly. * Honor status.podIP over status.podIPs, node.spec.podCIDR over node.spec.podCIDRs * fix: corrupted mount point in csi driver * fix: azure file mount timeout issue * fix behaviour of aws-load-balancer-security-groups annotation * fix: add remediation in azure disk attach/detach * Update to golang@1.13.8 * build: Enable kube-cross push/pull from K8s Infra GCR * build: Add justaugustus as reviewer * build: Add OWNERS on build-image/ * rename to sharedLimitWriter * address review feedback * Fix docker/journald logging conformance * fix get-kube authorization headers * Calling hcsshim instead of docker api to get stats for windows to greatly reduce latency * adding e2e test to ensure it takes less than 10 seconds to query kubelet stats for windows nodes * update golang.org/x/crypto * kube-proxy filter Load Balancer Status ingress * kube-proxy unit test FilterIncorrectIPVersion * add delays between goroutines for vm instance update * Updated test cos image to include runc-1.0.0-rc10 * Fix gce-cos-master-reboot test * Fix route conflicted operations when updating multiple routes together * fix: get azure disk lun timeout issue * Set up connection onClose prior to adding to connection map * fix: add azure disk migration support for CSINode * Add annotation annealing for migration for PVs and PVCs during syncVolume and syncClaim. This allows external-provisioners to pick up and delete volumes when they have been rolled up from previous kubernetes versions. * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.3 * Limit number of instances in single update to GCE target pool * Add code to fix kubelet/metrics memory issue. * Remove Error log for nil StartTime * CHANGELOG: Move changelogs into a subdir to delegate releng approvals * Enable selinux tags in make targets * Fix pending_pods, schedule_attempts_total was not recorded * Fixing Potential Race Condition in EndpointSlice Controller. * Restore statefulset conversion that populates apiVersion/kind in volume templates * Use standard default storage media type in local-up-cluster * changelog: clarify 1.17 upgrade requirements * Fix back off when scheduling cycle is delayed * blank out value for unbounded client label * update gopkg.in/yaml.v2 to v2.2.8 * set nil cache entry based on old cache * Revert "It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc." * Fix issue with GCE scripts assuming Python2. * Add/Update CHANGELOG-1.17.md for v1.17.2. * [1.17] No-op whitespace fix to CHANGELOG-1.17 to trigger a new 1.17 build * Update to golang@1.13.6 * Fix the bug PIP's DNS is deleted if no DNS label service annotation is set. * kubenet: replace gateway with cni result * Add/Update CHANGELOG-1.17.md for v1.17.1. * Fixes unnecessary creation of default SG and trying to delete non-provisioned SG by k8s system when annotation [service.beta.kubernetes.io/aws-load-balancer-security-groups] is present * Ensure a provider ID is set on a node if expected * Bind metrics-server containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes * Drop version from static openapi json file * Update to golang@1.13.5 * Revert reflector changes from PR #83520 from 1.17 * Fix IPv6 addresses lost issue in pure ipv6 vsphere environment * Fix unit test to run in non-gce environments * fix: azure disk could not mounted on Standard_DC4s/DC2s instances * Use legacyscheme's types rather than testapi ones * Fix nil pointer dereference in the azure provider * Add unit test for extended ipv4 service IP range * Revert "remove ipallocator in favor of k/utils net package" * It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc. * Allocate map when out points to nil map * fix: azure data disk should use same key as os disk by default * Check FileInfo against nil during walk of container dir path * Add UID precondition to kubelet pod status patch updates * Add cache for VMSS. * Fix build break - Hyperkube image needs kubelet/kubectl * Include cloud/gcp in e2e.test * Do not swallow timeout in manageReplicas * Sync the status of static Pods * Increase Burst limit for discovery client * Update v1.17.0 CHANGELOG to match final draft * Fix LoadBalancer rule checking so that no unexpected LoadBalancer updates are made * Fix broken SELinux detection * Add/Update CHANGELOG-1.17.md for v1.17.0. * Kubernetes version v1.17.1-beta.0 openapi-spec file updates * Deflake kubectl custom printing test * Refactor parsing logic for service IP and ranges, add tests * Fix bug in apiserver service cluster cidr split * Switch addon resizer to 1.8.7 * Deflake pod readiness e2e * Add/Update CHANGELOG-1.17.md for v1.17.0-rc.2. * Move hostdns.conf out of cni directory. * Fix iscsi refcounter in the case of no Block iscsi volumes * Ensure webhook backend requests are not artificially rate-limited * Retain objects for a limited lifetime in the mutation cache detector by default * Enable mutation detection * Make cluster auto scaler use leases * Bump Cluster Autoscaler version to 1.17.0 * fix: padded base64 encoded docker auth field * apiextensions: filter required nullable to workaround kubectl validation * update cadvisor dependency to v0.35.0 * Bumped the number of times a node tries to lookup itself * Wait for PV to be available before creating PVCs in volume binding test * increase pv controller resync period to try to deflake api update conflicts * Fix GKE upgrade test. * Use plugin name for filtering metrics * Provided a mechanism to re-register hidden metrics. * Deep copying EndpointSlices in reconciler before modifying them. * Set node cidr mask size ipv4/ipv6 config * Revert "kube-proxy: check KUBE-MARK-DROP" * Add/Update CHANGELOG-1.17.md for v1.17.0-rc.1. * Add/Update CHANGELOG-1.17.md for v1.17.0-beta.2. * Add/Update CHANGELOG-1.17.md for v1.17.0-beta.1. * Results of running update scripts: update-openapi-spec * Delete extraneous CHANGELOG-*.md files on branch. - kubelet-common: conflict with other instances of kubelet-common and require kubernetes-kubelet%{baseversion} Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-973=1 Package List: - openSUSE Leap 15.2 (x86_64): kubernetes-apiserver-1.18.4-lp152.2.3.1 kubernetes-apiserver-minus1-1.17.7-lp152.2.3.1 kubernetes-client-1.18.4-lp152.2.3.1 kubernetes-controller-manager-1.18.4-lp152.2.3.1 kubernetes-controller-manager-minus1-1.17.7-lp152.2.3.1 kubernetes-kubeadm-1.18.4-lp152.2.3.1 kubernetes-kubelet-1.18.4-lp152.2.3.1 kubernetes-proxy-1.18.4-lp152.2.3.1 kubernetes-proxy-minus1-1.17.7-lp152.2.3.1 kubernetes-scheduler-1.18.4-lp152.2.3.1 kubernetes-scheduler-minus1-1.17.7-lp152.2.3.1 kubernetes1.17-apiserver-1.17.7-lp152.5.1 kubernetes1.17-client-1.17.7-lp152.5.1 kubernetes1.17-controller-manager-1.17.7-lp152.5.1 kubernetes1.17-kubeadm-1.17.7-lp152.5.1 kubernetes1.17-kubelet-1.17.7-lp152.5.1 kubernetes1.17-kubelet-common-1.17.7-lp152.5.1 kubernetes1.17-proxy-1.17.7-lp152.5.1 kubernetes1.17-scheduler-1.17.7-lp152.5.1 kubernetes1.18-apiserver-1.18.4-lp152.5.1 kubernetes1.18-client-1.18.4-lp152.5.1 kubernetes1.18-controller-manager-1.18.4-lp152.5.1 kubernetes1.18-kubeadm-1.18.4-lp152.5.1 kubernetes1.18-kubelet-1.18.4-lp152.5.1 kubernetes1.18-kubelet-common-1.18.4-lp152.5.1 kubernetes1.18-proxy-1.18.4-lp152.5.1 kubernetes1.18-scheduler-1.18.4-lp152.5.1 References: https://bugzilla.suse.com/1146372 https://bugzilla.suse.com/1163328 https://bugzilla.suse.com/1168390 https://bugzilla.suse.com/1171770 https://bugzilla.suse.com/1172744