TODO: This document was manually maintained so might be incomplete. The automation effort is tracked in https://github.com/kubernetes/test-infra/issues/5843.
Changes in k8s.io/api and k8s.io/apimachinery are mentioned here because k8s.io/client-go depends on them.
Breaking Changes:
Action required: client-go will no longer have bootstrap (k8s.io/client-go/tools/bootstrap) related code. Any reference to it will break. Please redirect all references to k8s.io/bootstrap instead. (#67356)
The methods NewSelfSignedCACert and NewSignedCert now use crypto.Signer interface instead of rsa.PrivateKey for certificate creation. This is done to allow different kind of private keys (for example: ecdsa). (#69329)
GetScale and UpdateScale methods have been added for apps/v1 clients and with this, no-verb scale clients have been removed. (#70437)
k8s.io/client-go/util/cert/triple package has been removed. (#70966)
New Features:
unfinished_work_microseconds is added to the workqueue metrics. It can be used to detect stuck worker threads (kube-controller-manager runs many workqueues.). (#70884)
A method GetPorts is added to expose the ports that were forwarded. This can be used to retrieve the locally-bound port in cases where the input was port 0. (#67513)
Dynamic listers and informers, that work with runtime.Unstructured objects, are added. These are useful for writing generic, non-generated controllers. (68748)
The dynamic fake client now supports JSONPatch. (#69330)
The GetBinding method is added for pods in the fake client. (#69412)
Bug fixes and Improvements:
The apiVersion and action name values for fake evictions are now set. (#69035)
PEM files containing both TLS certificate and key can now be parsed in arbitrary order. Previously key was always required to be first. (#69536)
Go clients created from a kubeconfig that specifies a TokenFile now periodically reload the token from the specified file. (#70606)
It is now ensured that oversized data frames are not written to spdystreams in remotecommand.NewSPDYExecutor. (#70999)
A panic occuring on calling scheme.Convert is fixed by populating the fake dynamic client scheme. (#69125)
Add step to correctly setup permissions for the in-cluster-client-configuration example. (#69232)
The function Parallelize is deprecated. Use ParallelizeUntil instead. (#68403)
[k8s.io/apimachinery] Restrict redirect following from the apiserver to same-host redirects, and ignore redirects in some cases. (#66516)
New Features:
GlusterFS PersistentVolumes sources can now reference endpoints in any namespace using the spec.glusterfs.endpointsNamespace field. Ensure all kubelets are upgraded to 1.13+ before using this capability. (#60195)
The dynamic audit configuration API is added. (#67547)
A new field EnableServiceLinks is added to the PodSpec to indicate whether information about services should be injected into pod's environment variables. (#68754)
CSIPersistentVolume feature, i.e. PersistentVolumes with CSIPersistentVolumeSource, is GA. CSIPersistentVolume feature gate is now deprecated and will be removed according to deprecation policy. (#69929)
Raw block volume support is promoted to beta, and enabled by default. This is accessible via the volumeDevices container field in pod specs, and the volumeMode field in persistent volume and persistent volume claims definitions. (#71167)
Bug fixes and Improvements:
The default value of extensions/v1beta1 Deployment's RevisionHistoryLimit is set to MaxInt32. (#66605)
procMount field is no longer incorrectly marked as required in openapi schema. (#69694)
The caBundle and service fields in admission webhook API objects now correctly indicate they are optional. (#70138)
Breaking Changes:
client-go now supports additional non-alpha-numeric characters in UserInfo “extra” data keys. It should be updated in order to properly support extra data containing “/” characters or other characters disallowed in HTTP headers. Old clients sending keys which were %-escaped by the user will have their values unescaped by new API servers. (#65799)
apimachinery/pkg/watch.Until has been moved to client-go/tools/watch.UntilWithoutRetry. While switching please consider using the new client-go/tools/watch.UntilWithSync or client-go/tools/watch.Until. (#66906)
[k8s.io/apimachinery] Unstructured metadata accessors now respect omitempty semantics i.e. a field having zero value will now be removed from the unstructured metadata map. (#67635)
[k8s.io/apimachinery] The ObjectConvertor interface is now changed such that ConvertFieldLabel func takes GroupVersionKind as an argument instead of just version and kind. (#65780)
[k8s.io/apimachinery] componentconfig ClientConnectionConfiguration is moved to k8s.io/apimachinery/pkg/apis/config. (#66058)
[k8s.io/apimachinery] Renamed KubeConfigFile to Kubeconfig in ClientConnectionConfiguration. (#67149)
[k8s.io/apimachinery] JSON patch no longer supports int. (#63522)
New Features:
Add ability to cancel leader election. This also proves useful in integration tests where the whole app is started and stopped in each test. (#57932)
An example showing how to use fake clients in tests is added. (#65291)
[k8s.io/apimachinery] Create and Update now support CreateOptions and UpdateOptions. (#65105)
Bug fixes and Improvements:
Decrease the amount of time it takes to modify kubeconfig files with large amounts of contexts. (#67093)
The leader election client now renews timeout. (#65094)
Switched certificate data replacement from REDACTED to DATA+OMITTED. (#66023)
Fix listing in the fake dynamic client. (#66078)
Fix discovery so that plural names are no longer ignored if a singular name is not specified. (#66249)
Fix kubelet startup failure when using ExecPlugin in kubeconfig. (#66395)
Fix panic in the fake SubjectAccessReview client when object is nil. (#66837)
Periodically reload InClusterConfig token. (#67359)
[k8s.io/apimachinery] Report parsing error in json serializer. (#63668)
[k8s.io/apimachinery] The metav1.ObjectMeta accessor does not deepcopy owner references anymore. In general, the accessor interface does not enforce deepcopy nor does it forbid it (e.g. for unstructured.Unstructured). (#64915)
[k8s.io/apimachinery] Utility functions SetTransportDefaults and DialerFor once again respect custom Dial functions set on transports. (#65547)
[k8s.io/apimachinery] Speed-up conversion function invocation by avoiding reflect.Call. Action required: regenerated conversion with conversion-gen. (#65771)
[k8s.io/apimachinery] Establish “406 Not Acceptable” response for unmarshable protobuf serialization error. (#67041)
[k8s.io/apimachinery] Immediately close the other side of the connection by exiting once one side closes when proxying. (#67288)
Breaking Changes:
Volume dynamic provisioning scheduling has been promoted to beta. ACTION REQUIRED: The DynamicProvisioningScheduling alpha feature gate has been removed. The VolumeScheduling beta feature gate is still required for this feature. (#67432)
The CSI file system type is no longer defaulted to ext4. All the production drivers listed under https://kubernetes-csi.github.io/docs/drivers.html were inspected and should not be impacted after this change. If you are using a driver not in that list, please test the drivers on an updated test cluster first. (#65499)
New Features:
Support annotations for remote admission webhooks. (#58679)
Support both directory and block device for local volume plugin FileSystem VolumeMode. (#63011)
Introduce autoscaling/v2beta2 and custom_metrics/v1beta2, which implement metric selectors for Object and Pods metrics, as well as allowing AverageValue targets on Objects, similar to External metrics. (#64097)
Add Lease API in the coordination.k8s.io API group. (#64246)
ProcMount added to SecurityContext and AllowedProcMounts added to PodSecurityPolicy to allow paths in the container's /proc to not be masked. (#64283)
Add the AuditAnnotations field to ImageReviewStatus to allow the ImageReview backend to return annotations to be added to the created pod. (#64597)
SCTP is now supported as additional protocol (alpha) alongside TCP and UDP in Pod, Service, Endpoint, and NetworkPolicy. (#64973)
The PodShareProcessNamespace feature to configure PID namespace sharing within a pod has been promoted to beta. (#66507)
Add TTLSecondsAfterFinished to JobSpec for cleaning up Jobs after they finish. (#66840)
Add DataSource and TypedLocalObjectReference fields to support restoring a volume from a volume snapshot data source. (#67087)
RuntimeClass is a new API resource for defining different classes of runtimes that may be used to run containers in the cluster. Pods can select a RunitmeClass to use via the RuntimeClassName field. This feature is in alpha, and the RuntimeClass feature gate must be enabled in order to use it. (#67737)
To address the possibility dry-run requests overwhelming admission webhooks that rely on side effects and a reconciliation mechanism, a new field is being added to admissionregistration.k8s.io/v1beta1.ValidatingWebhookConfiguration and admissionregistration.k8s.io/v1beta1.MutatingWebhookConfiguration so that webhooks can explicitly register as having dry-run support. If a dry-run request is made on a resource that triggers a non dry-run supporting webhook, the request will be completely rejected, with “400: Bad Request”. Additionally, a new field is being added to the admission.k8s.io/v1beta1.AdmissionReview API object, exposing to webhooks whether or not the request being reviewed is a dry-run. (#66936)
Bug fixes and Improvements:
The DisruptedPods field in PodDisruptionBudgetStatus is now optional. (#63757)
extensions/v1beta1 Deployment's ProgressDeadlineSeconds now defaults to MaxInt32. (#66581)
Breaking Changes:
KUBE_API_VERSIONS has been removed.
The client-go/discovery RESTMapper has been moved to client-go/restmapper.
CachedDiscoveryClient has been moved from kubectl to client-go.
The EventRecorder interface is changed to include an AnnotatedEventf method, which can add annotations to an event.
[k8s.io/apimachinery] The deprecated RepairMalformedUpdates flag has been removed.
New Features:
A new easy-to-use dynamic client is added and the old dynamic client is now deprecated.
client-go and kubectl now detect and report an error on duplicated name for user, cluster and context, while loading the kubeconfig.
The informer code-generator now allows specifying a custom resync period for certain informer types and uses the default resync period if none is specified.
Exec authenticator plugin now supports TLS client certificates.
The discovery client now has a default request timeout of 32 seconds.
The OpenStack auth config from is now read from the client config. If the client config is not available, it falls back to reading from the environment variables.
The in-tree support for openstack credentials is now deprecated. Please use the client-keystone-auth from the cloud-provider-openstack repository. Details on how to use this new capability is documented here
Bug fixes and Improvements:
406 mime-type errors are now tolerated while attempting to load new openapi schema. This improves compatibility with older servers when creating/updating API objects.
Removes the generated DeleteCollection() method for Services since the API does not support it.
Event object references with apiversion now report an apiversion, instead of just the group.
[k8s.io/apimachinery] runtime.Unstructured.UnstructuredContent() no longer mutates the source while returning the contents.
[k8s.io/apimachinery] Incomplete support for uint64 is now removed. This fixes a panic encountered while using DeepCopyJSON with uint64.
[k8s.io/apimachinery] API server can now parse propagationPolicy when it sent as a query parameter sent with a delete request.
[k8s.io/apimachinery] APIServices with kube-like versions (e.g. v1, v2beta1, etc.) will be sorted appropriately within each group.
[k8s.io/apimachinery] int64 is the only allowed integer for printers.
Breaking Changes:
Support for alpha.kubernetes.io/nvidia-gpu resource which was deprecated in 1.10 is removed. Please use the resource exposed by DevicePlugins instead (nvidia.com/gpu).
Alpha annotation for PersistentVolume node affinity has been removed. Update your PersistentVolumes to use the beta PersistentVolume.nodeAffinity field before upgrading.
ObjectMeta ListOptions DeleteOptions are removed from the core api group. Please use the ones in meta/v1 instead.
ExternalID in NodeSpec is deprecated. The externalID of the node is no longer set in the Node spec.
PSP-related types in the extensions/v1beta1 API group are now deprecated. It is suggested to use the policy/v1beta1 API group instead.
New Features:
PodSecurityPolicy now supports restricting hostPath volume mounts to be readOnly and under specific path prefixes.
Node.Spec.ConfigSource.ConfigMap.KubeletConfigKey must be specified when using dynamic Kubelet config to tell the Kubelet which key of the ConfigMap identifies its config file.
serverAddressByClientCIDRs in meta/v1 APIGroup is now optional.
A new field MatchFields is added to NodeSelectorTerm. Currently, it only supports metadata.name.
The PriorityClass API is promoted to scheduling.k8s.io/v1beta1.
The status of dynamic Kubelet config is now reported via Node.Status.Config, rather than the KubeletConfigOk node condition.
The GitRepo volume type is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
The Sysctls experimental feature has been promoted to beta (enabled by default via the Sysctls feature flag). PodSecurityPolicy and Pod objects now have fields for specifying and controlling sysctls. Alpha sysctl annotations will be ignored by 1.11+ kubelets. All alpha sysctl annotations in existing deployments must be converted to API fields to be effective.
The annotation service.alpha.kubernetes.io/tolerate-unready-endpoints is deprecated. Users should use Service.spec.publishNotReadyAddresses instead.
VerticalPodAutoscaler has been added to autoscaling/v1 API group.
Alpha support is added for dynamic volume limits based on node type.
ContainersReady condition is added to the Pod status.
Bug fixes and Improvements:
Default mount propagation has changed from HostToContainer (rslave in Linux terminology) to None (private) to match the behavior in 1.9 and earlier releases. HostToContainer as a default caused regressions in some pods.
Breaking Changes:
Google Cloud Service Account email addresses can now be used in RBAC Role bindings since the default scopes now include the userinfo.email scope. This is a breaking change if the numeric uniqueIDs of the Google service accounts were being used in RBAC role bindings. The behavior can be overridden by explicitly specifying the scope values as comma-separated string in the users[*].config.scopes field in the KUBECONFIG file.
[k8s.io/api] The ConfigOK node condition has been renamed to KubeletConfigOk.
New Features:
Subresource support is added to the dynamic client.
A watch method is added to the Fake Client.
ListOptions can be modified when creating a ListWatch.
A /token subresource for ServiceAccount is added.
If an informer delivery fails, the particular notification is skipped and continued the next time.
Certificate manager will no longer wait until the initial rotation succeeds or fails before returning from Start().
[k8s.io/api] VolumeScheduling and LocalPersistentVolume features are beta and enabled by default. The PersistentVolume NodeAffinity alpha annotation is deprecated and will be removed in a future release.
[k8s.io/api] The PodSecurityPolicy API has been moved to the policy/v1beta1 API group. The PodSecurityPolicy API in the extensions/v1beta1 API group is deprecated and will be removed in a future release.
[k8s.io/api] ConfigMap objects now support binary data via a new binaryData field.
[k8s.io/api] Service account TokenRequest API is added.
[k8s.io/api] FSType is added in CSI volume source to specify filesystems.
[k8s.io/api] v1beta1 VolumeAttachment API is added.
[k8s.io/api] v1.Pod now has a field ShareProcessNamespace to configure whether a single process namespace should be shared between all containers in a pod. This feature is in alpha preview.
[k8s.io/api] Add NominatedNodeName field to PodStatus. This field is set when a pod preempts other pods on the node.
[k8s.io/api] Promote CSIPersistentVolumeSource to beta.
[k8s.io/api] Promote DNSPolicy and DNSConfig in PodSpec to beta.
[k8s.io/api] External metric types are added to the HPA API.
[k8s.io/apimachinery] The meta.k8s.io/v1alpha1 objects for retrieving tabular responses from the server (Table) or fetching just the ObjectMeta for an object (as PartialObjectMetadata) are now beta as part of meta.k8s.io/v1beta1. Clients may request alternate representations of normal Kubernetes objects by passing an Accept header like application/json;as=Table;g=meta.k8s.io;v=v1beta1 or application/json;as=PartialObjectMetadata;g=meta.k8s.io;v1=v1beta1. Older servers will ignore this representation or return an error if it is not available. Clients may request fallback to the normal object by adding a non-qualified mime-type to their Accept header like application/json - the server will then respond with either the alternate representation if it is supported or the fallback mime-type which is the normal object response.
Bug fixes and Improvements:
Port-forwarding of TCP6 ports is fixed.
A race condition in SharedInformer that could violate the sequential delivery guarantee and cause panics on shutdown is fixed.
[k8s.io/api] PersistentVolume flexVolume sources can now reference secrets in a namespace other than the PersistentVolumeClaim's namespace.
[k8s.io/apimachinery] YAMLDecoder Read can now return the number of bytes read.
[k8s.io/apimachinery] YAMLDecoder Read now tracks rest of buffer on io.ErrShortBuffer.
[k8s.io/apimachinery] Prompt required merge key in the error message while applying a strategic merge patch.
Breaking Changes:
If you upgrade your client-go libs and use the AppsV1() or Apps() interface, please note that the default garbage collection behavior is changed.
Swagger 1.2 retriever DiscoveryClient.SwaggerSchema was removed from the discovery client
Informers got a NewFilteredSharedInformerFactory to e.g. filter by namespace
[k8s.io/api] The dynamic admission webhook is split into two kinds, mutating and validating. The kinds have changed completely and old code must be ported to admissionregistration.k8s.io/v1beta1 - MutatingWebhookConfiguration and ValidatingWebhookConfiguration
[k8s.io/api] Renamed core/v1.ScaleIOVolumeSource to ScaleIOPersistentVolumeSource
[k8s.io/api] Renamed core/v1.RBDVolumeSource to RBDPersistentVolumeSource
[k8s.io/api] Removed core/v1.CreatedByAnnotation
[k8s.io/api] Renamed core/v1.StorageMediumHugepages to StorageMediumHugePages
[k8s.io/api] core/v1.Taint.TimeAdded became a pointer
[k8s.io/api] core/v1.DefaultHardPodAffinitySymmetricWeight type changed from int to int32
[k8s.io/apimachinery] ObjectCopier interface was removed (requires switch to new generators with DeepCopy methods)
New Features:
Certificate manager was moved from kubelet to k8s.io/client-go/util/certificates
[k8s.io/api] Workloads api types are promoted to apps/v1 version
[k8s.io/api] Added storage.k8s.io/v1alpha1 API group
[k8s.io/api] Added support for conditions in StatefulSet status
[k8s.io/api] Added support for conditions in DaemonSet status
[k8s.io/apimachinery] Added polymorphic scale client in k8s.io/client-go/scale, which supports scaling of resources in arbitrary API groups
[k8s.io/apimachinery] meta.MetadataAccessor got API chunking support
[k8s.io/apimachinery] unstructured.Unstructured got getters and setters
Bug fixes and Improvements:
The body in glog output is not truncated with log level 10
[k8s.io/api] Unset creationTimestamp field is output as null if encoded from an unstructured object
[k8s.io/apimachinery] Redirect behavior is restored for proxy subresources
[k8s.io/apimachinery] Random string generation functions are optimized
Bug fix: picked up a security fix kubernetes/kubernetes#53443 for PodSecurityPolicy.
New features:
Added paging support
Added support for client-side spam filtering of events
Added support for http etag and caching
Added priority queue support to informer cache
Added openstack auth provider
Added metrics for checking reflector health
Client-go now includes the leaderelection package
API changes:
Promoted Autoscaling v2alpha1 to v2beta1
Promoted CronJobs to batch/v1beta1
Promoted rbac.authorization.k8s.io/v1beta1 to rbac.authorization.k8s.io/v1
Added a new API version apps/v1beta2
Added a new API version scheduling/v1alpha1
Breaking changes:
Moved pkg/api and pkg/apis to k8s.io/api. Other kubernetes repositories also import types from there, so they are composable with client-go.
Removed helper functions in pkg/api and pkg/apis. They are planned to be exported in other repos. The issue is tracked here. During the transition, you'll have to copy the helper functions to your projects.
The discovery client now fetches the protobuf encoded OpenAPI schema and returns openapi_v2.Document
Enforced explicit references to API group client interfaces in clientsets to avoid ambiguity.
The generic RESTClient type (k8s.io/client-go/rest) no longer exposes LabelSelectorParam or FieldSelectorParam methods - use VersionedParams with metav1.ListOptions instead. The UintParam method has been removed. The timeout parameter will no longer cause an error when using Param().
No significant changes since v4.0.0-beta.0.
New features:
Added OpenAPISchema support in the discovery client
Added mutation cache filter: MutationCache is able to take the result of update operations and stores them in an LRU that can be used to provide a more current view of a requested object.
Moved the remotecommand package (used by kubectl exec/attach) to client-go
Added support for following redirects to the SpdyRoundTripper
Added Azure Active Directory plugin
Usability improvements:
Added several new examples and reorganized client-go/examples
API changes:
Added networking.k8s.io/v1 API
ControllerRevision type added for StatefulSet and DaemonSet history.
Added support for initializers
Added admissionregistration.k8s.io/v1alpha1 API
Breaking changes:
Moved client-go/util/clock to apimachinery/pkg/util/clock
Some API helpers were removed.
Dynamic client takes GetOptions as an input parameter
Bug fixes:
PortForwarder: don't log an error if net.Listen fails. https://github.com/kubernetes/kubernetes/pull/44636
oidc auth plugin not to override the Auth header if it's already exits. https://github.com/kubernetes/kubernetes/pull/45529
The --namespace flag is now honored for in-cluster clients that have an empty configuration. https://github.com/kubernetes/kubernetes/pull/46299
GCP auth plugin no longer overwrites existing Authorization headers. https://github.com/kubernetes/kubernetes/pull/45575
Bug fixes:
ListOptions from k8s.io/client-go/pkg/api/v1 to k8s.io/apimachinery/pkg/apis/meta/v1.