Packages changed: kubernetes (1.21.1 -> 1.21.3) kubernetes1.20 (1.20.7 -> 1.20.9) kubernetes1.21 (1.21.1 -> 1.21.3) runc (1.0.0 -> 1.0.1) === Details === ==== kubernetes ==== Version update (1.21.1 -> 1.21.3) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Bump kubernetes-* to 1.21.3 and kubernetes-*-minus1 to 1.20.9 ==== kubernetes1.20 ==== Version update (1.20.7 -> 1.20.9) - Update to version 1.20.9: * Bump to golang 1.15.14 in build/** * Bump to golang 1.15.14 in cluster/** and staging/** * Bump to golang 1.15.14 in test/** * Update debian-iptables image to buster-v1.6.5 * Update debian-base image to buster-v1.8.0 * Bump SMD to v4.1.2 to pick up #102749 fix * generate scheduler merge patches on the pod status instead of the full pod * p&f e2e test: log response header for better troubleshooting * Loadbalancer IngressIP policy should be configured as non-DSR to enable routing mesh by default * Do not throw error when we can't get canonical path * Fix Node Resources plugins score when there are pods with no requests * Update CHANGELOG/CHANGELOG-1.20.md for v1.20.8 * Remove error wrap from logs * staging/publishing: Set default go version to go1.15.13 * build: Update to k/repo-infra@v0.1.8 (supports go1.15.13) * Use go-runner:v2.3.1-go1.15.13-buster.0 image (built on go1.15.13) * Update to go1.15.13 * feat: remove ephemeral-storage etcd requirement * endpointslicemirroring controller mirror address status * sched: fix a bug that a preemptor pod exists as a phantom * Revert "Cleanup portforward streams after their usage" * Remove unnecessary snapshot ability check * serviceOwnsFrontendIP shouldn't report error when the public IP doesn't match * Fix VolumeAttachment garbage collection for migrated PVs * Return UnschedulableAndUnresolvable when looking up volume-related resources returns NotFound error * Return UnschedulableAndUnresolvable instead of Error when failing to lookup pvc or storageclass in VolumeZone plugin * Ignore transient errors when gather stats * Speed up PV provisioning for vsphere driver * fix error of setting negative value for containerLogMaxSize * Upgrade konnectivity-client for GRPC connection fixes * Update etcd image revision * Update debian-base to buster-v1.7.0 * Update debian-iptables to buster-v1.6.1 * Respect annotation size limit for SSA last-applied. * Remove unnecessary quotes from get-kube scripts * Fix expired unit test certs * fix: delete non existing disk issue * Azure: avoid setting cached Sku when updating VMSS and VMSS instances * Update cos-gpu-installer image * Ref counting is only applicable to Remote endpoints * Make watch order conformance test reliable * Update CHANGELOG/CHANGELOG-1.20.md for v1.20.7 * fix removing pods from podTopologyHints mapping * fix: avoid nil-pointer panic when checking the frontend IP configuration * Use CSI driver to determine unique name for migrated in-tree plugins * Add jitter to lease controller * Avoid caching the VMSS instances whose network profile is nil * chunk target operatation for aws targetGroup * Fix watchForLockfileContention memory leak * Fix cleanupMountpoint issue for Windows * Fixed the Dockerfile for the build-image to build from KUBE_BASE_IMAGE_REGISTRY ==== kubernetes1.21 ==== Version update (1.21.1 -> 1.21.3) Subpackages: kubernetes1.21-client kubernetes1.21-client-common kubernetes1.21-kubeadm kubernetes1.21-kubelet kubernetes1.21-kubelet-common - Introduce revert-coredns-image-renaming.patch to correct new upstream behaviour - Drop kubeadm-opensuse-corednsimage.patch: fixed upstream. - Update to version 1.21.3: * move upgrade test frameworks closer to Describe * Update setcap image to buster-v2.0.3 * Update debian-iptables image to buster-v1.6.5 * Update debian-base image to buster-v1.8.0 * Update to go1.16.6 * Bump SMD to v4.1.2 to pick up #102749 fix * generate scheduler merge patches on the pod status instead of the full pod * Loadbalancer IngressIP policy should be configured as non-DSR to enable routing mesh by default * Fix race in attachdetach tests * Fix Node Resources plugins score when there are pods with no requests * Do not throw error when we can't get canonical path * Update CHANGELOG/CHANGELOG-1.21.md for v1.21.2 * Remove error wrap from logs * client-go: reduce log level of reflector again * Update to go1.16.5 * feat: remove ephemeral-storage etcd requirement * endpointslicemirroring controller mirror address status * sched: fix a bug that a preemptor pod exists as a phantom * Revert "Cleanup portforward streams after their usage" * serviceOwnsFrontendIP shouldn't report error when the public IP doesn't match * Return UnschedulableAndUnresolvable when looking up volume-related resources returns NotFound error * Return UnschedulableAndUnresolvable instead of Error when failing to lookup pvc or storageclass in VolumeZone plugin * use subpath for coredns only for default repository * (scheduler e2e) Create balanced pods in parallel * Fix VolumeAttachment garbage collection for migrated PVs * fix error of setting negative value for containerLogMaxSize * Update setcap to buster-v2.0.1 and add setcap to dependencies.yaml * kubeadm: remove e2e test for ClusterStatus * Update etcd image revision * Update debian-base to buster-v1.7.0 * Update debian-iptables to buster-v1.6.1 * Upgrade konnectivity-client for GRPC connection fixes * Respect annotation size limit for SSA last-applied. * Remove unnecessary quotes from get-kube scripts * Fix expired unit test certs * Set cgroups via opencontainer * vendor: bump runc to rc95 * pkg/kubelet/nodeshutdown/systemd: fix for dbus 5.0.4 * kubelet: reuse manager * Azure: avoid setting cached Sku when updating VMSS and VMSS instances * Ref counting is only applicable to Remote endpoints * Make watch order conformance test reliable * Add missing clientset to EBS storage e2e test * Update CHANGELOG/CHANGELOG-1.21.md for v1.21.1 * fixed wrong warning in kube-proxy regarding topology aware hints * fix removing pods from podTopologyHints mapping * Update cos-gpu-installer image * fix: avoid nil-pointer panic when checking the frontend IP configuration * Add jitter to lease controller * Avoid caching the VMSS instances whose network profile is nil * fix: not tagging static public IP * Use CSI driver to determine unique name for migrated in-tree plugins * chunk target operatation for aws targetGroup * Fix watchForLockfileContention memory leak ==== runc ==== Version update (1.0.0 -> 1.0.1) - Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ("interrupted system call") on an Azure volume. * Fixed "unable to find groups ... token too long" error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - Remove upstreamed patches: + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch