Skip to content

Releases: kubernetes/release

v0.16.2

09 Oct 07:50
edaa217
Compare
Choose a tag to compare

Please note that you can also download the artifacts for this release from our Google Cloud Bucket: https://console.cloud.google.com/storage/browser/k8s-artifacts-sig-release/kubernetes/release/v0.16.2

Changes by Kind

Feature

  • Added --wait flag for krel obs stage to wait for OBS build results. (#3304, @saschagrunert) [SIG Release]
  • Build Go 1.21.2 and 1.20.9 images (#3305, @cpanato) [SIG Release]
  • Update distroless-iptables to use Go 1.21.2 (#3306, @cpanato) [SIG Release]

Bug or Regression

  • Fixed binary archive duplicates. (#3302, @cpanato) [SIG Release]

Dependencies

Added

Nothing has changed.

Changed

  • golang.org/x/crypto: v0.13.0 → v0.14.0
  • golang.org/x/net: v0.15.0 → v0.16.0
  • golang.org/x/oauth2: v0.12.0 → v0.13.0
  • golang.org/x/sys: v0.12.0 → v0.13.0
  • golang.org/x/term: v0.12.0 → v0.13.0

Removed

Nothing has changed.

v0.16.1

05 Oct 11:17
f2226c0
Compare
Choose a tag to compare

Please note that you can also download the artifacts for this release from our Google Cloud Bucket: https://console.cloud.google.com/storage/browser/k8s-artifacts-sig-release/kubernetes/release/v0.16.1

Changes by Kind

Bug or Regression

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v0.16.0

05 Oct 09:42
6d0cb46
Compare
Choose a tag to compare

Changes by Kind

Deprecation

  • Deprecate --create-website-pr on krel release-notes as there is no need to update the repo with latest release notes. They are now fetched automatically from GCS. (#3277, @ashnehete) [SIG Release]

Feature

  • Add osc (OpenBuildService CLI) to k8s-cloud-builder image (#3084, @xmudrii) [SIG Release]
  • Add configs for 1.29 and 1.28 for k8s-cloudbuilder and drop 1.24 (#3250, @cpanato) [SIG Release]
  • Added CRI-O package to krel obs (#3229, @saschagrunert) [SIG Release]
  • Added rpmlint to releng-ci image gcr.io/k8s-staging-releng/releng-ci:latest-go1.20-bookworm. (#3167, @saschagrunert) [SIG Release]
  • Allow setting OBS_USERNAME for a specific krel obs user (#3273, @saschagrunert) [SIG Release]
  • Allow string slices (architectures and packages) as krel obs arguments. (#3267, @saschagrunert) [SIG Release]
  • Build Go 1.19.10 and Go 1.20.5 based images (#3105, @jeremyrickard) [SIG Release]
  • Build Go 1.20.4 and 1.19.9 based images (#3029, @rayandas) [SIG Release]
  • Build Go 1.20.6 based images and remove references to Go 1.19 (#3154, @xmudrii) [SIG Release]
  • Build Go 1.20.7 images (#3189, @xmudrii) [SIG Release]
  • Build Go 1.21.1 and 1.20.8 images (#3253, @cpanato) [SIG Release]
  • Bump cosign image to v2.2.0 (#3241, @cpanato) [SIG Release]
  • Bump k8s-cloud-builder and k8s-ci-builder to Go 1.19.10 (#3116, @jeremyrickard) [SIG Release]
  • Bump k8s-cloud-builder and k8s-ci-builder to Go 1.19.9 (#3034, @xmudrii) [SIG Release]
  • Bump k8s-cloud-builder and k8s-ci-builder to Go 1.20.5 (#3145, @cpanato) [SIG Release]
  • Debian-iptables and distroless-iptables are now built with Go 1.20.5 (#3107, @jeremyrickard) [SIG Release]
  • Golang: Build 1.21 images (#3212, @cpanato) [SIG Release]
  • Golang: Build 1.21rc2 images (#3132, @cpanato) [SIG Release]
  • Golang: Build 1.21rc3 images (#3155, @cpanato) [SIG Release]
  • Golang: build 1.21rc4 images (#3190, @ameukam) [SIG Release]
  • Implement OBS release workflow via krel obs release command (#3098, @xmudrii) [SIG Release]
  • Implement OBS staging workflow via krel obs stage command (#3088, @xmudrii) [SIG Release]
  • Kubernetes 1.28+ packages hosted on pkgs.k8s.io require kubernetes-cni 1.2.0 and cri-tools 1.28.0 (#3192, @xmudrii) [SIG Release]
  • Make --workspace configurable in obs stage/release (#3271, @saschagrunert) [SIG Release]
  • The SBOM format can now be controlled in publish release github and JSON is now the default. (#3020, @puerco) [SIG Release]
  • Update distroless-iptables to use Go 1.20.6 (#3156, @xmudrii) [SIG Release]
  • Update distroless-iptables to use Go 1.20.7 (#3197, @jeremyrickard) [SIG Release]
  • Update distroless-iptables to use Go 1.21.1 (#3258, @cpanato) [SIG Release]
  • Update go images for 1.29 and 1.28 release branches and drop 1.24 config (#3234, @cpanato) [SIG Release]
  • Update k8s-cloud-builder to Go 1.20.6 (#3157, @xmudrii) [SIG Release]
  • Update k8s-cloud-builder to Go 1.20.7 (#3199, @jeremyrickard) [SIG Release]
  • Update k8s-cloud-builder/k8s-ci-builder to Go 1.20.8 (#3259, @cpanato) [SIG Release]
  • Update k8s-cloud-builder/k8s-ci-builder to Go 1.21.1 (#3257, @cpanato) [SIG Release]
  • Update to set go1.20 in go.mod and upgrade golangci-lint (#3073, @cpanato) [SIG Release]
  • Updated debian-iptables to switch to debian-bookworm. (#3136, @saschagrunert) [SIG Release]
  • Updated kube-cross protobuf version to v23.4. (#3147, @saschagrunert) [SIG Release]
  • Updated releng-ci image to use debian bookworm. (#3150, @saschagrunert) [SIG Release]
  • Updated setcap image to use debian bookworm. (#3139, @saschagrunert) [SIG Release]
  • Updated the kube-cross v1.28 image to use debian bookworm. (#3146, @saschagrunert) [SIG Release]
  • Upgrade code to be compatible with cosign v2 (#3078, @cpanato) [SIG Release]
  • Use debian 12 for go-runner 1.21 image. (#3233, @saschagrunert) [SIG Release]
  • Using debian 12 (bookworm) for all images. (#3127, @saschagrunert) [SIG Release]
  • krel obs specs command is refactored to better support OpenBuildService (OBS) workflow (#3079, @xmudrii) [SIG Release]

Bug or Regression

  • EnvironmentFile is changed from /etc/sysconfig/kubelet to /etc/default/kubelet for kubeadm Debian packages published to pkgs.k8s.io (#3279, @xmudrii) [SIG Release]
  • Fix version comparison in VerifyLatestUpdate (#3223, @xmudrii) [SIG Release]
  • Fixed --template-dir for krel obs release (#3272, @saschagrunert) [SIG Release]
  • Fixed grep usage in distroless-iptables, which is now on version v0.3.1. (#3237, @saschagrunert) [SIG Release]
  • Removed arm architecture from kubepkg command. (#3106, @saschagrunert) [SIG Release]
  • Removed workdir prefix from SHA*SUMS files. (#3227, @saschagrunert) [SIG Release]
  • Replace PROJECT and PROJECT_TAG GCB substitutions with OBS_PROJECT and OBS_PROJECT_TAG (#3174, @xmudrii) [SIG Release]

Other (Cleanup or Flake)

  • Add go boilerplate when running go generate (#3075, @cpanato) [SIG Release]
  • Publishing-bot issue will now be created in kubernetes/sig-release instead of k8s-release-robot/sig-release (#3198, @akhilerm) [SIG Release]
  • Remove "Kubernetes Source Code" artifact from being published on GitHub Releases (#2780, @xmudrii) [SIG Release]
  • Removed debian-iptables image. (#3153, @saschagrunert) [SIG Release]
  • Update k8s-ci-builder for go1.21 to use bullseye for 1.29 and default for next config keep on bookworm (#3251, @cpanato) [SIG Release]
  • Update release-utils to 243952c
    • Replace - with ~ in package version for OBS packages to support prereleases (#3094, @xmudrii) [SIG Release]
  • Upgrade osc binary in k8s-cloud-builder image. (#3278, @saschagrunert) [SIG Release]
  • krel obs specs: use default --channel release, --output . and --template-dir cmd/krel/templates/latest. (#3231, @saschagrunert) [SIG Release]

Dependencies

Added

  • chainguard.dev/go-grpc-kit: v0.16.0
  • dario.cat/mergo: v1.0.0
  • github.com/AdamKorcz/go-fuzz-headers-1: e936619
  • github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.6.1
  • github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.3.0
  • github.com/Azure/azure-sdk-for-go/sdk/internal: v1.3.0
  • github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys: v0.10.0
  • github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal: v0.7.1
  • github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys: v0.12.0
  • github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal: v0.8.0
  • github.com/AzureAD/microsoft-authentication-library-for-go: v1.0.0
  • github.com/DataDog/appsec-internal-go: v1.0.0
  • github.com/DataDog/datadog-agent/pkg/obfuscate: v0.45.0-rc.1
  • github.com/DataDog/datadog-agent/pkg/remoteconfig/state: v0.45.0-rc.1
  • github.com/DataDog/datadog-go/v5: v5.3.0
  • github.com/DataDog/go-libddwaf: v1.2.0
  • github.com/DataDog/go-tuf: fork
  • github.com/DataDog/sketches-go: v1.2.1
  • github.com/alessio/shellescape: v1.4.1
  • github.com/bazelbuild/bazelisk: v1.13.2
  • github.com/bazelbuild/rules_go: v0.34.0
  • github.com/beevik/ntp: v1.0.0
  • github.com/blendle/zapdriver: v1.3.1
  • github.com/brunoscheufler/aws-ecs-metadata-go: b6b31c6
  • github.com/buildkite/agent/v3: v3.49.0
  • github.com/buildkite/bintest/v3: v3.1.1
  • github.com/buildkite/interpolate: 07f35b4
  • github.com/buildkite/roko: v1.1.0
  • github.com/buildkite/shellwords: c3f497d
  • github.com/bytecodealliance/wasmtime-go/v3: v3.0.2
  • github.com/denisbrodbeck/machineid: v1.0.1
  • github.com/digitorus/pkcs7: 001c36b
  • github.com/digitorus/timestamp: ef3b63b
  • github.com/elazarl/goproxy: 2592e75
  • github.com/gabriel-vasile/mimetype: v1.4.2
  • github.com/go-chi/chi/v5: v5.0.8
  • github.com/go-redis/redismock/v9: v9.0.3
  • github.com/google/go-github/v53: [v53.2.0](https://github.com/google/go-github/v53/tree/v53....
Read more

v0.15.1

14 Apr 07:12
8f4f176
Compare
Choose a tag to compare

Changes by Kind

Deprecation

  • Changed patch release process to stop building rc.0 versions together with the official. (#2765, @saschagrunert) [SIG Release]

Feature

  • Add goreleaser and ko to the releng-ci image (#2957, @cpanato) [SIG Release]
  • Build Go 1.20.1 and 1.19.6 based images (#2914, @cpanato) [SIG Release]
  • Build Go 1.20.2 and 1.19.7 based images (#2949, @cpanato) [SIG Release]
  • Build Go 1.20.3 and 1.19.8 based images (#3000, @xmudrii) [SIG Release]
  • Bump k8s-cloud-builder and k8s-ci-builder to Go 1.19.8 (#3006, @xmudrii) [SIG Release]
  • Bump k8s-cloud-builder and k8s-ci-builder to Go 1.20 (#2895, @cpanato) [SIG Release]
  • Bump k8s-cloud-builder and k8s-ci-builder to Go 1.20.1 and 1.19.6 (#2921, @cpanato) [SIG Release]
  • Bump k8s-cloud-builder and k8s-ci-builder to Go 1.20.2 and 1.19.7 (#2955, @cpanato) [SIG Release]
  • Golang: Build 1.20 images (#2887, @cpanato) [SIG Release]
  • Introduce krel obs specs command to generate specs and archives for Open Build Service (#2946, @xmudrii) [SIG Release]
  • Updated CNI plugins to v1.2.0 (#2863, @saschagrunert) [SIG Release]

Documentation

  • Added Golang command in the documentation for the krel tool installation (#2871, @yrs147) [SIG Release]

Failing Test

  • Fixed version regex to allow tags like v1.25.8-1+3a14fe1af239a0 (#2976, @saschagrunert) [SIG Release]
  • K8s-ci-builder: install ifconfig through net-tools (#2897, @palnabarun) [SIG Release]

Bug or Regression

  • Revert increasing the minimum kubernetes-cni and cri-tools versions (#2875, @xmudrii) [SIG Release]

Other (Cleanup or Flake)

  • Drop 1.23 configs and update debian/distroless iptable images (#2956, @cpanato) [SIG Release]
  • Drop go1.17 builds
    • update debian iptables to use latest gorunner with go1.19.5
    • cleanup and organize a bit better kube-cross and gorunner deps (#2906, @cpanato) [SIG Release]
  • Stopped building packages for 32 bit ARM platforms for Kubernetes >= v1.27.0. (#2960, @saschagrunert) [SIG Release]
  • Updated qemu to v7.2.0-1 for distroless-iptables image (#2941, @saschagrunert) [SIG Release]

Dependencies

Added

  • cloud.google.com/go/apigeeregistry: v0.6.0
  • cloud.google.com/go/apikeys: v0.6.0
  • cloud.google.com/go/maps: v0.7.0
  • cloud.google.com/go/vmwareengine: v0.3.0
  • github.com/AdamKorcz/go-118-fuzz-build: 5330a85
  • github.com/container-orchestrated-devices/container-device-interface: v0.5.4
  • github.com/containerd/btrfs/v2: v2.0.0
  • github.com/containerd/cgroups/v3: v3.0.1
  • github.com/containerd/typeurl/v2: v2.1.0
  • github.com/go-jose/go-jose/v3: v3.0.0
  • github.com/google/go-github/v50: v50.2.0
  • github.com/klauspost/cpuid/v2: v2.0.4
  • github.com/minio/sha256-simd: v1.0.0
  • github.com/mmcloughlin/avo: v0.5.0
  • github.com/moby/sys/sequential: v0.5.0
  • github.com/opencontainers/runtime-tools: 2e043c6
  • github.com/shoenig/go-m1cpu: v0.1.4
  • github.com/shoenig/test: v0.6.3
  • github.com/syndtr/gocapability: 42c35b4
  • go.etcd.io/gofail: v0.1.0
  • golang.org/x/arch: v0.1.0
  • rsc.io/pdf: v0.1.1

Changed

  • cloud.google.com/go/accessapproval: v1.5.0 → v1.6.0
  • cloud.google.com/go/accesscontextmanager: v1.4.0 → v1.7.0
  • cloud.google.com/go/aiplatform: v1.27.0 → v1.36.1
  • cloud.google.com/go/analytics: v0.12.0 → v0.19.0
  • cloud.google.com/go/apigateway: v1.4.0 → v1.5.0
  • cloud.google.com/go/apigeeconnect: v1.4.0 → v1.5.0
  • cloud.google.com/go/appengine: v1.5.0 → v1.7.0
  • cloud.google.com/go/area120: v0.6.0 → v0.7.1
  • cloud.google.com/go/artifactregistry: v1.9.0 → v1.12.0
  • cloud.google.com/go/asset: v1.10.0 → v1.12.0
  • cloud.google.com/go/assuredworkloads: v1.9.0 → v1.10.0
  • cloud.google.com/go/automl: v1.8.0 → v1.12.0
  • cloud.google.com/go/baremetalsolution: v0.4.0 → v0.5.0
  • cloud.google.com/go/batch: v0.4.0 → v0.7.0
  • cloud.google.com/go/beyondcorp: v0.3.0 → v0.5.0
  • cloud.google.com/go/bigquery: v1.44.0 → v1.49.0
  • cloud.google.com/go/billing: v1.7.0 → v1.13.0
  • cloud.google.com/go/binaryauthorization: v1.4.0 → v1.5.0
  • cloud.google.com/go/certificatemanager: v1.4.0 → v1.6.0
  • cloud.google.com/go/channel: v1.9.0 → v1.12.0
  • cloud.google.com/go/cloudbuild: v1.4.0 → v1.9.0
  • cloud.google.com/go/clouddms: v1.4.0 → v1.5.0
  • cloud.google.com/go/cloudtasks: v1.8.0 → v1.10.0
  • cloud.google.com/go/compute/metadata: v0.2.2 → v0.2.3
  • cloud.google.com/go/compute: v1.13.0 → v1.19.0
  • cloud.google.com/go/contactcenterinsights: v1.4.0 → v1.6.0
  • cloud.google.com/go/container: v1.7.0 → v1.14.0
  • cloud.google.com/go/containeranalysis: v0.6.0 → v0.9.0
  • cloud.google.com/go/datacatalog: v1.8.0 → v1.13.0
  • cloud.google.com/go/dataflow: v0.7.0 → v0.8.0
  • cloud.google.com/go/dataform: v0.5.0 → v0.7.0
  • cloud.google.com/go/datafusion: v1.5.0 → v1.6.0
  • cloud.google.com/go/datalabeling: v0.6.0 → v0.7.0
  • cloud.google.com/go/dataplex: v1.4.0 → v1.6.0
  • cloud.google.com/go/dataproc: v1.8.0 → v1.12.0
  • cloud.google.com/go/dataqna: v0.6.0 → v0.7.0
  • cloud.google.com/go/datastream: v1.5.0 → v1.7.0
  • cloud.google.com/go/deploy: v1.5.0 → v1.8.0
  • cloud.google.com/go/dialogflow: v1.19.0 → v1.32.0
  • cloud.google.com/go/dlp: v1.7.0 → v1.9.0
  • cloud.google.com/go/documentai: v1.10.0 → v1.18.0
  • cloud.google.com/go/domains: v0.7.0 → v0.8.0
  • cloud.google.com/go/edgecontainer: v0.2.0 → v1.0.0
  • cloud.google.com/go/essentialcontacts: v1.4.0 → v1.5.0
  • cloud.google.com/go/eventarc: v1.8.0 → v1.11.0
  • cloud.google.com/go/filestore: v1.4.0 → v1.6.0
  • cloud.google.com/go/functions: v1.9.0 → v1.12.0
  • cloud.google.com/go/gaming: v1.8.0 → v1.9.0
  • cloud.google.com/go/gkebackup: v0.3.0 → v0.4.0
  • cloud.google.com/go/gkeconnect: v0.6.0 → v0.7.0
  • cloud.google.com/go/gkehub: v0.10.0 → v0.12.0
  • cloud.google.com/go/gkemulticloud: v0.4.0 → v0.5.0
  • cloud.google.com/go/gsuiteaddons: v1.4.0 → v1.5.0
  • cloud.google.com/go/iam: v0.8.0 → v1.0.0
  • cloud.google.com/go/iap: v1.5.0 → v1.7.0
  • cloud.google.com/go/ids: v1.2.0 → v1.3.0
  • cloud.google.com/go/iot: v1.4.0 → v1.6.0
  • cloud.google.com/go/kms: v1.7.0 → v1.10.0
  • cloud.google.com/go/language: v1.8.0 → v1.9.0
  • cloud.google.com/go/lifesciences: v0.6.0 → v0.8.0
  • cloud.google.com/go/logging: v1.6.1 → v1.7.0
  • cloud.google.com/go/longrunning: v0.3.0 → v0.4.1
  • cloud.google.com/go/managedidentities: v1.4.0 → v1.5.0
  • cloud.google.com/go/mediatranslation: v0.6.0 → v0.7.0
  • cloud.google.com/go/memcache: v1.7.0 → v1.9.0
  • cloud.google.com/go/metastore: v1.8.0 → v1.10.0
  • cloud.google.com/go/monitoring: v1.8.0 → v1.13.0
  • cloud.google.com/go/networkconnectivity: v1.7.0 → v1.11.0
  • cloud.google.com/go/networkmanagement: v1.5.0 → v1.6.0
  • cloud.google.com/go/networksecurity: v0.6.0 → v0.8.0
  • cloud.google.com/go/notebooks: v1.5.0 → v1.8.0
  • cloud.google.com/go/optimization: v1.2.0 → v1.3.1
  • cloud.google.com/go/orchestration: v1.4.0 → v1.6.0
  • cloud.google.com/go/orgpolicy: v1.5.0 → v1.10.0
  • cloud.google.com/go/osconfig: v1.10.0 → v1.11.0
  • cloud.google.com/go/oslogin: v1.7.0 → v1.9.0
  • cloud.google.com/go/phishingprotection: v0.6.0 → v0.7.0
  • cloud.google.com/go/policytroubleshooter: v1.4.0 → v1.6.0
  • cloud.google.com/go/privatecatalog: v0.6.0 → v0.8.0
  • cloud.google.com/go/pubsub: v1.27.1 → v1.30.0
  • cloud.google.com/go/pubsublite: v1.5.0 → v1.7.0
  • cloud.google.com/go/recaptchaenterprise/v2: v2.5.0 → v2.7.0
  • cloud.google.com/go/recommendationengine: v0.6.0 → v0.7.0
  • cloud.google.com/go/recommender: v1.8.0 → v1.9.0
  • cloud.google.com/go/redis: v1.10.0 → v1.11.0
  • cloud.google.com/go/resourcemanager: v1.4.0 → v1.6.0
  • cloud.google.com/go/resourcesettings: v1.4.0 → v1.5.0
  • cloud.google.com/go/retail: v1.11.0 → v1.12.0
  • cloud.google.com/go/run: v0.3.0 → v0.9.0
  • cloud.google.com/go/scheduler: v1.7.0 → v1.9.0
  • cloud.google.com/go/secretmanager: v1.9.0 → v1.10.0
  • cloud.google.com/go/security: v1.10.0 → v1.13.0
  • cloud.google.com/go/securitycenter: v1.16.0 → v1.19.0
  • cloud.google.com/go/servicecontrol: v1.5.0 → v1.11.1
  • cloud.google.com/go/servicedirectory: v1.7.0 → v1.9.0
  • cloud.google.com/go/servicemanagement: v1.5.0 → v1.8.0
  • cloud.google.com/go/serviceusage: v1.4.0 → v1.6.0
  • cloud.google.com/go/shell: v1.4.0 → v1.6.0
  • cloud.google.com/go/spanner: v1.41.0 → v1.44.0
  • cloud.google.com/go/speech: v1.9.0 → v1.15.0
  • cloud.google.com/go/storage: v1.28.1 → v1.30.1
  • cloud.google.com/go/storagetransfer: v1.6.0 → v1.8.0
  • cloud.google.com/go/talent: v1.4.0 → v1.5.0
  • cloud.google.com/go/texttospeech: v1.5.0 → v1.6.0
  • cloud.google.com/go/tpu: v1.4.0 → v1.5.0
  • cloud.google.com/go/trace: v1.4.0 → v1.9.0
  • cloud.google.com/go/translate: v1.4.0 → v1.7.0
  • cloud.google.com/go/video: v1.9.0 → v1.14.0
  • cloud.google.com/go/videointelligence: v1.9.0 → v1.10.0
  • cloud.google.com/go/vision/v2: v2.5.0 → v2.7.0
  • cloud.google.com/go/vmmigration: v1.3.0 → v1.6.0
  • cloud.google.com/go/vpcaccess: v1.5.0 → v1.6.0
  • cloud.google.com/go/webrisk: v1.7.0 → v1.8.0
  • cloud.google.com/go/websecurityscanner: v1.4.0 → v1.5.0
  • cloud.google.com/go/workflows: v1.9.0 → v1.10.0
  • cloud.google.com/go: v0.105.0 → v0.110.0
  • github.com/Ad...
Read more

v0.15.0

19 Jan 15:11
e10a44f
Compare
Choose a tag to compare

Changes by Kind

Feature

  • Add krel sign blobs and images commands (#2742, @cpanato) [SIG Release]
  • Added command line parameter verification for krel stage. (#2774, @saschagrunert) [SIG Release]
  • Added package build and release to krel (#2744, @saschagrunert) [SIG Release]
  • BUILDER_IMAGE can now be overridden when building the go-runner image. Additionally a new variable DISTROLESS_REGISTRY can be used to specify a different registry and repository, to more completely override the DISTROLESS_IMAGE build arg to support custom images. (#2709, @jeremyrickard) [SIG Release]
  • Build Go 1.18.4 and 1.17.12 images
    • drop images for 1.21 k8s due to EOL (#2621, @cpanato) [SIG Release]
  • Build Go 1.18.5 and 1.17.13 images (#2626, @cpanato) [SIG Release]
  • Build Go 1.19.1 and 1.18.6 based images (#2659, @palnabarun) [SIG Release]
  • Build Go 1.19.2 and 1.18.7 based images (#2696, @xmudrii) [SIG Release]
  • Build Go 1.19.3 and 1.18.8 based images (#2732, @xmudrii) [SIG Release]
  • Build Go 1.19.4 and 1.18.9 based images (#2794, @xmudrii) [SIG Release]
  • Build Go 1.19.5 and 1.18.10 based images (#2853, @cpanato) [SIG Release]
  • Build cross for go1.19 for 1.23 and 1.24 release branches (#2825, @cpanato) [SIG Release]
  • Build k8s-cloud-builder and k8s-ci-builder using Go 1.19.1
    • Build k8s-cloud-builder and k8s-ci-builder using Go 1.18.6 (#2660, @palnabarun) [SIG Release]
  • Build k8s-cloud-builder and k8s-ci-builder using Go 1.19.2
    • Build k8s-cloud-builder and k8s-ci-builder using Go 1.18.7 (#2699, @xmudrii) [SIG Release]
  • Build k8s-cloud-builder and k8s-ci-builder using Go 1.19.3
    • Build k8s-cloud-builder and k8s-ci-builder using Go 1.18.8 (#2740, @xmudrii) [SIG Release]
  • Build k8s-cloud-builder and k8s-ci-builder using Go 1.19.4
    • Build k8s-cloud-builder and k8s-ci-builder using Go 1.18.9
    • Build k8s-cloud-builder image based on kube-cross v1.26.0 (v1.26-cross1.19-bullseye) (#2795, @xmudrii) [SIG Release]
  • Bump k8s-cloud-builder and k8s-ci-builder to Go 1.19.5 (#2856, @cpanato) [SIG Release]
  • Changed krel fast-forward to not run when the release cut issue is open. (#2814, @saschagrunert) [SIG Release]
  • Debian-base: Build bullseye-v1.4.0 images (#2590, @wespanther) [SIG Release]
  • Debian-base: Build bullseye-v1.4.1 images (#2609, @wespanther) [SIG Release]
  • Debian-base: Build bullseye-v1.4.2 images (#2641, @wespanther) [SIG Release]
  • Debian-base: Update dependents to use bullseye-v1.4.0
    • debian-iptables: Build bullseye-v1.5.0 image
    • setcap: Build bullseye-v1.4.0 image (#2597, @wespanther) [SIG Release]
  • Debian-base: Update dependents to use bullseye-v1.4.2
    • debian-iptables: Build bullseye-v1.5.1 image
    • setcap: Build bullseye-v1.4.1 image (#2643, @wespanther) [SIG Release]
  • Drop 1.22 and go 1.16 build variants
    • update cosign image
    • golang: Build 1.20rc1 images (#2816, @cpanato) [SIG Release]
  • Golang: Build 1.19rc1 images (#2601, @cpanato) [SIG Release]
  • Golang: Build 1.20rc2 images (#2846, @cpanato) [SIG Release]
  • Golang: Build 1.20rc3 images (#2857, @cpanato) [SIG Release]
  • Golang: build 1.19 images (#2628, @cpanato) [SIG Release]
  • Golang: build 1.19rc2 images (#2610, @palnabarun) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.4
    • k8s-cloud-builder/k8s-ci-builder: build using Go 1.17.12
    • drop configs for v1.21 due to EOL (#2622, @cpanato) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.5
    • k8s-cloud-builder/k8s-ci-builder: build using Go 1.17.13 (#2630, @cpanato) [SIG Release]
  • K8s-cloud-builder: build using Go 1.19 (#2631, @cpanato) [SIG Release]
  • Release-1.23 builders and CI updated to go1.19.4 (#2832, @liggitt) [SIG Release]
  • Release-1.24 builders and CI updated to go1.19.4 (#2830, @liggitt) [SIG Release]
  • Remove old and not used dependency for 1.20
    • add dependencies for v1.24 release
    • drop v1.24-go1.17-bullseye config for kube-cross
    • golang: Build 1.19beta1 images (#2576, @cpanato) [SIG Release]
  • Remove version package in favor of sigs.k8s.io/release-utils/version (#2569, @cpanato) [SIG Release]
  • Tools that fail when no GitHub token is set now fail with a message asking the user to set GITHUB_TOKEN as an environment variable. (#2632, @knowshan) [SIG Release]
  • Update cosign image to use release v1.10.0 (#2615, @cpanato) [SIG Release]
  • Update to go1.19 (#2649, @cpanato) [SIG Release]
  • Updated CNI plugins to v1.1.1 (#2650, @saschagrunert) [SIG Release]
  • Updated CNI plugins to v1.2.0 (#2863, @saschagrunert) [SIG Release]
  • Updated cri-tools to v1.25.0 (#2647, @saschagrunert) [SIG Release]
  • Updated cri-tools to v1.26.0 (#2821, @saschagrunert) [SIG Release]
  • Use distroless image in debian-iptables generation (#2502, @rikatz) [SIG Release]
  • Warn on krel stage if ELF binaries are dynamically linked (we do not fail on that case). (#2797, @saschagrunert) [SIG Release]
  • krel cve now supports ingesting CVE information data with a temporal vector metric. (#2664, @puerco) [SIG Release]
  • publish-release can now upload artifacts to GitHub from Cloud Storage buckets (#2707, @puerco) [SIG Release]

Bug or Regression

  • Distroless-iptables image will no longer contain repeated contents in /var/lib/dpkg/status.d/$package files (#2831, @BenTheElder) [SIG Release]
  • Fix the len should be of the number of files and not in the arguments passed (#2781, @cpanato) [SIG Release]
  • Fixed bug in deduplication of release notes if multiple CVE's have the same official release notes text (NONE). (#2758, @saschagrunert) [SIG Release]
  • Fixed bug to not record the GitHub API in parallel. (#2769, @saschagrunert) [SIG Release]
  • Fixed unbound variable if no version is specified in hack/rapture/build-packages.sh (#2736, @saschagrunert) [SIG Release]
  • Get the correct path to upload to github release page (#2720, @cpanato) [SIG Release]
  • When downloading copy o local using the same directory structure (#2782, @cpanato) [SIG Release]
  • krel sign blob will not sync down existing signatures and certs when signing files in a gcs bucket to work around a bug causing file verification to fail
    • Fixed a bug where krel sign blob would not sync new signatures to a bucket that already signed files. (#2785, @puerco) [SIG Release]

Other (Cleanup or Flake)

  • Ensure it's possible to build rpms generated by kubepkg (#2712, @xmudrii) [SIG Release]
  • Our mailing list announcements now uses the new registry. (#2746, @upodroid) [SIG Release]
  • Removes darwin/386 from KUBE_CROSSPLATFORMS which is used to prebuild the standard library with target arch is amd64 (#2760, @jeremyrickard) [SIG Release]
  • Retry docker manifest push on network failure. (#2817, @saschagrunert) [SIG Release]
  • Switched to golang native error wrapping. (#2581, @saschagrunert) [SIG Release]
  • Update GORUNNER_VERSION base image for debian-iptables (#2682, @cpanato) [SIG Release]
  • Use the latest CNI plugins version for for deb packages. (#2673, @saschagrunert) [SIG Release]

Dependencies

Added

  • cloud.google.com/go/accessapproval: v1.5.0
  • cloud.google.com/go/accesscontextmanager: v1.4.0
  • cloud.google.com/go/aiplatform: v1.27.0
  • cloud.google.com/go/analytics: v0.12.0
  • cloud.google.com/go/apigateway: v1.4.0
  • cloud.google.com/go/apigeeconnect: v1.4.0
  • cloud.google.com/go/appengine: v1.5.0
  • cloud.google.com/go/area120: v0.6.0
  • cloud.google.com/go/artifactregistry: v1.9.0
  • cloud.google.com/go/asset: v1.10.0
  • cloud.google.com/go/assuredworkloads: v1.9.0
  • cloud.google.com/go/automl: v1.8.0
  • cloud.google.com/go/baremetalsolution: v0.4.0
  • cloud.google.com/go/batch: v0.4.0
  • cloud.google.com/go/beyondcorp: v0.3.0
  • cloud.google.com/go/billing: v1.7.0
  • cloud.google.com/go/binaryauthorization: v1.4.0
  • cloud.google.com/go/certificatemanager: v1.4.0
  • cloud.google.com/go/channel: v1.9.0
  • cloud.google.com/go/cloudbuild: v1.4.0
  • cloud.google.com/go/clouddms: v1.4.0
  • cloud.google.com/go/cloudtasks: v1.8.0
  • cloud.google.com/go/compute/metadata: v0.2.2
  • cloud.google.com/go/contactcenterinsights: v1.4.0
  • cloud.google.com/go/container: v1.7.0
  • cloud.google.com/go/datacatalog: v1.8.0
  • cloud.google.com/go/dataflow: v0.7.0
  • cloud.google.com/go/dataform: v0.5.0
  • cloud.google.com/go/datafusion: v1.5.0
  • cloud.google.com/go/datalabeling: v0.6.0
  • cloud.google.com/go/dataplex: v1.4.0
  • cloud.google.com/go/dataproc: v1.8.0
  • cloud.google.com/go/dataqna: v0.6.0
  • cloud.google.com/go/datastream: v1.5.0
  • cloud.google.com/go/deploy: v1.5.0
  • cloud.google.com/go/dialogflow: v1.19.0
  • cloud.google.com/go/dlp: v1.7.0
  • cloud.google.com/go/documentai: v1.10.0
  • cloud.google.com/go/domains: v0.7.0
  • cloud.google.com/go/edgecontainer: v0.2.0
  • cloud.google.com/go/essentialcontacts: v1.4.0
  • cloud.google.com/go/eventarc: v1.8.0
  • cloud.google.com/go/filestore: v1.4.0
  • cloud.google.com/go/functions: v1.9.0
  • cloud.google.com/go/gaming: v1.8.0
  • cloud.google.com/go/gkebackup: v0.3.0
  • cloud.google.com/go/gkeconnect: v0.6.0
  • cloud.google.com/go/gkehub: v0.10.0
  • cloud.google.com/go/gkemulticloud: v0.4.0
  • cloud.google.com/go/gsuiteaddons: v1.4.0
  • cloud.google.com/go/iap: v1.5.0
  • cloud.google.com/go/ids: v1.2.0
  • cloud.google.com/go/iot: v1.4.0
  • cloud.google.com/go/language: v1.8.0
  • cloud.google.com/go/lifesciences: v0.6.0
  • cloud.google.com/go/longrunning: v0.3.0
  • cloud.google.com/go/managedidentities: v1.4.0
  • cloud.google.com/go/mediatranslation: v0.6.0
  • cloud.google.com/go/memcache: v1.7.0
  • cloud.google.com/go/metastore: v1.8.0
  • cloud.google.com/go/networkconnectivity: v1.7.0
  • cloud.google.com/go/networkmanagement: v1.5.0
  • cloud.google.com/go/networksecurity: v0.6.0
  • cloud.google.com/go/notebooks: v1.5.0
  • cloud.google.com/go/optimization: v1.2.0
  • cloud.google.com/go/orchestration: v1.4.0
  • cloud.google.com/go/orgpolicy: v1.5.0
  • cloud.google.com/go/osconfig: v1.10.0
  • clou...
Read more

v0.14.0

13 Jun 12:41
6cf8797
Compare
Choose a tag to compare

Changes by Kind

Feature

  • .github: Initial config for CodeQL & Scorecard (#2441, @justaugustus) [SIG Release]
  • Added container image signing for intermediate container images produced by krel stage (#2397, @saschagrunert) [SIG Release]
  • Build Go 1.17.8 and 1.16.15 images (#2451, @cpanato) [SIG Release]
  • Build Go 1.18.1 and 1.17.9 images (#2500, @cpanato) [SIG Release]
  • Build Go 1.18.2 and 1.17.10 images (#2521, @cpanato) [SIG Release]
  • Build Go 1.18.3 and 1.17.11 images (#2542, @cpanato) [SIG Release]
  • Build go1.18 official images (#2464, @justaugustus) [SIG Release]
  • Build/update kube-cross images using latest stable protobuf (v3.19.4) (#2431, @vitt-bagal) [SIG Release]
  • Debian-base: Update dependents to use bullseye-v1.3.0
    • debian-iptables: Build bullseye-v1.4.0 image
    • setcap: Build bullseye-v1.3.0 image (#2543, @wespanther) [SIG Release]
  • Golang: Build 1.18rc1 images (#2433, @cpanato) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: build using Go 1.17.8 / 1.16.15 (#2463, @cpanato) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: build using Go 1.18 (#2472, @cpanato) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.1
    • k8s-cloud-builder/k8s-ci-builder: build using Go 1.17.9 (#2501, @cpanato) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.2
    • k8s-cloud-builder/k8s-ci-builder: build using Go 1.17.10 (#2526, @cpanato) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.3
    • k8s-cloud-builder/k8s-ci-builder: build using Go 1.17.11 (#2547, @cpanato) [SIG Release]
  • K8s-cloud-builder: Build go1.18rc1 variant (#2437, @justaugustus) [SIG Release]
  • Link the container images within the changelog to their corresponding location in GCR. (#2439, @saschagrunert) [SIG Release]
  • The CI Signal Report CLI now uses the new Project board to generate the GitHub part of the report https://github.com/orgs/kubernetes/projects/68 (#2454, @leonardpahlke) [SIG Release]
  • Update cosign image to use release v1.7.2 (#2495, @cpanato) [SIG Release]
  • Update cosign image to v1.7.1 (#2489, @cpanato) [SIG Release]
  • Update cosign to 1.9.0 release (#2544, @cpanato) [SIG Release]
  • Update release-sdk/utils (#2545, @cpanato) [SIG Release]
  • Updated cri-tools to v1.23.0. (#2457, @saschagrunert) [SIG Release]
  • Updated cri-tools to v1.24.0 (#2517, @saschagrunert) [SIG Release]
  • Updated cri-tools to v1.24.2 (#2535, @saschagrunert) [SIG Release]

Documentation

  • Corrected small mistake in the krel docs. Users were instructed to set author.email to the email they used to sign the CNCF CLA, it now reads user.email. (#2492, @AuraSinis) [SIG Release]

Bug or Regression

  • Added NonInteractive flag to gcb options to allow asking no questions when running in nomock mode. (#2516, @saschagrunert) [SIG Release]
  • Fix a hardcoded path when writing the SBOM, now we scratch it in the go reported directory (#2481, @puerco) [SIG Release]
  • Fixed krel stage for using custom Kubernetes refs via K8S_ORG, K8S_REF or K8S_REPO. (#2522, @saschagrunert) [SIG Release]
  • Fixed bug in changelog generation when using custom Kubernetes forks via K8S_ORG, K8S_REF or K8S_REPO. (#2524, @saschagrunert) [SIG Release]
  • Fixed git configuration in krel fast-forward. (#2503, @saschagrunert) [SIG Release]
  • Reverted 0eb9589 as some error checking was returning invalid errors.
    • Bump of bom libraries to latest version (#2483, @puerco) [SIG Release]

Other (Cleanup or Flake)

  • Deps: Update to cosign v1.5.2 (#2434, @justaugustus) [SIG Release]
  • Fixed broken GitHub authentication for release-notes tool and changelog generation. (#2562, @saschagrunert) [SIG Release]
  • Remove check for outdated dependencies (#2531, @cpanato) [SIG Release]
  • Update cosign to use release v1.6.0 (#2452, @cpanato) [SIG Release]

Dependencies

Added

  • 4d63.com/gochecknoglobals: v0.1.0
  • bitbucket.org/creachadair/shell: v0.0.6
  • bou.ke/monkey: v1.0.2
  • cloud.google.com/go/compute: v1.6.1
  • cloud.google.com/go/iam: v0.3.0
  • cloud.google.com/go/kms: v1.4.0
  • cloud.google.com/go/monitoring: v1.1.0
  • cloud.google.com/go/secretmanager: v1.0.0
  • cloud.google.com/go/security: v1.1.1
  • cloud.google.com/go/spanner: v1.25.0
  • cloud.google.com/go/trace: v1.0.0
  • code.gitea.io/sdk/gitea: v0.11.3
  • contrib.go.opencensus.io/exporter/aws: c478e41
  • contrib.go.opencensus.io/exporter/ocagent: 05415f1
  • contrib.go.opencensus.io/exporter/prometheus: v0.4.0
  • contrib.go.opencensus.io/exporter/stackdriver: v0.13.10
  • contrib.go.opencensus.io/exporter/zipkin: v0.1.2
  • contrib.go.opencensus.io/integrations/ocsql: v0.1.7
  • contrib.go.opencensus.io/resource: v0.1.1
  • cuelang.org/go: v0.4.3
  • filippo.io/edwards25519: v1.0.0-rc.1
  • github.com/AdaLogics/go-fuzz-headers: f7be0cb
  • github.com/Antonboom/errname: v0.1.5
  • github.com/Antonboom/nilnil: v0.1.0
  • github.com/Azure/azure-amqp-common-go/v2: v2.1.0
  • github.com/Azure/azure-amqp-common-go/v3: v3.2.2
  • github.com/Azure/azure-pipeline-go: v0.2.3
  • github.com/Azure/azure-service-bus-go: v0.11.5
  • github.com/Azure/azure-storage-blob-go: v0.14.0
  • github.com/Azure/go-amqp: v0.16.4
  • github.com/Azure/go-autorest/autorest/azure/auth: v0.5.11
  • github.com/Azure/go-autorest/autorest/azure/cli: v0.4.5
  • github.com/Azure/go-autorest/autorest/to: v0.4.0
  • github.com/Azure/go-autorest/autorest/validation: v0.3.1
  • github.com/Djarvur/go-err113: aea10b5
  • github.com/GoogleCloudPlatform/cloudsql-proxy: v1.27.0
  • github.com/Knetic/govaluate: 9aa4983
  • github.com/Masterminds/goutils: v1.1.1
  • github.com/Masterminds/semver/v3: v3.1.1
  • github.com/Masterminds/semver: v1.5.0
  • github.com/Masterminds/sprig/v3: v3.2.2
  • github.com/Mastermin...
Read more

v0.13.0

15 Feb 23:43
v0.13.0
30c6f38
Compare
Choose a tag to compare

What's Changed

Deprecation

  • Krel: Move promote-images subcommand to sigs.k8s.io/promo-tools
    This functionality has been moved to kpromo pr
  • krel: Replace fork functions with sigs.k8s.io/release-sdk analogs
  • pkg/release: Replace image funcs with sigs.k8s.io/promo-tools analogs (#2326, @justaugustus) [SIG Release]
  • Migrate bom utility to sigs.k8s.io/bom (#2330, @justaugustus) [SIG Release]
  • Removed krel changelog subcommand. (#2401, @saschagrunert) [SIG Release]

Feature

  • Add kube-cross variant for k8s 1.24 next release (#2344, @cpanato) [SIG Release]
  • Added --non-interactive flag to krel ff,
  • Automatically determine the krel ff --branch if not provided.
    If the branch is found, krel ff will check if a fast forward is required or not by
    testing the availability of the latest final tag (like v1.23.0). (#2390, @saschagrunert) [SIG Release]
  • Added container images to changelog (#2400, @saschagrunert) [SIG Release]
  • Added support to run krel fast-forward (former krel ff) in GCB via its new --submit flag. (#2391, @saschagrunert) [SIG Release]
  • Debian-base: Update dependents to use bullseye-v1.1.0 / buster-v1.10.0
  • debian-iptables: Build bullseye-v1.2.0 / buster-v1.8.0 images
  • setcap: Build bullseye-v1.1.0 / buster-v2.1.0 images (#2373, @justaugustus) [SIG Release]
  • Golang: Set next candidate to go1.18beta2
  • golang: Build 1.18beta2 images (#2411, @cpanato) [SIG Release]
  • Images: k8s-cloud-builder go1.18 and CVE updates for debian-base
  • [go1.18] Build k8s-cloud-builder:v1.24.0-go1.18beta1-bullseye.0
  • debian-base: Build bullseye-v1.1.0 and buster-v1.10.0 (#2371, @justaugustus) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.11 (#2350, @cpanato) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.12 (#2356, @cpanato) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.4
  • add k8s-ci-builder config for 1.24 (#2347, @cpanato) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.5 (#2353, @cpanato) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: build using Go 1.16.13 (#2395, @palnabarun) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: build using Go 1.17.6 (#2393, @palnabarun) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: build using Go 1.17.7 (#2428, @xmudrii) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: build using Go 1.17.7 / 1.16.14 (#2429, @xmudrii) [SIG Release]
  • Krel/announce: ask for confirmation before sending the email (#2321, @palnabarun) [SIG Release]
  • Krel/ff: add an option to define a gcp project to use instead of the default one (#2414, @cpanato) [SIG Release]
  • Our utility to manage release publishing publish-release, now automatically generates an SBOM describing the source code repository and all artifacts uploaded as assets to the GitHub release page. (#2372, @puerco) [SIG Release]
  • Set next release version to v1.24.0
  • golang: Set next candidate to go1.18beta1
  • golang: Build 1.18beta1 images and drop temp buster variants (#2370, @justaugustus) [SIG Release]
  • Update cosign to release v1.4.1 (#2352, @cpanato) [SIG Release]
  • Update cosign to v1.4.0 release (#2346, @cpanato) [SIG Release]
  • [go] Build Go 1.17.6 and 1.16.13 images (#2381, @palnabarun) [SIG Release]
  • [go] Build Go 1.17.7 and 1.16.14 images (#2426, @xmudrii) [SIG Release]
  • [go] Build go1.17.4 and go1.16.11 images (#2342, @cpanato) [SIG Release]
  • [go] Build go1.17.5 and go1.16.12 images (#2351, @cpanato) [SIG Release]
  • publish-release now supports a new --release-notes-file flag. When defined it will read a file and include its contents in a new section on the release page.
  • The default template for the GitHub page no longer lists the release assets. The information was redundant as it already listed in the SBOM. (#2403, @puerco) [SIG Release]

Documentation

Failing Test

  • The release notes gatherer will now sleep for a minute+random secs when hitting the GitHub API secondary rate limit. (#2324, @puerco) [SIG Release]

Bug or Regression

  • Clone tool repo on krel fast-forward if required. (#2413, @saschagrunert) [SIG Release]
  • Debian packaging: remove dependency on dh-systemd, which is now part of debhelper, update debhelper requirements to minimum version with dh-systemd included (>= 9.20160709) (#2325, @BenTheElder) [SIG Release]
  • Fixed a bug when splitting asset arguments strings that caused publish-release to crash. (#2410, @puerco) [SIG Release]
  • Fixed a changelog bug that prevented the links to authors and pull requests to render correctly in the Kubernetes changelog (#2335, @puerco) [SIG Release]
  • Fixed krel release-notes git ssh fatal error when using single flag --create-website-pr (#2421, @csantanapr) [SIG Release]
  • Krel: fix layout used to parse GCB time (#2366, @xmudrii) [SIG Release]

Other (Cleanup or Flake)

  • Debian: Default to bullseye variants

  • images: Stop attempting to build outdated variants

    Drops variants that:

    • have outdated versions of golang
    • are building for EOL release branches (#2323, @justaugustus)
  • Krel/announce: update kubernetes-dev email distribution (#2374, @cpanato) [SIG Release]

  • Rebase the main (master) branch instead of merging when syncing with upstream on release (#2348, @xmudrii) [SIG Release]

  • The provenance attestations written while during the Kubernetes release process now conform to the SLSA v0.2 specification. (#2375, @puerco) [SIG Release]

  • Update cosign image to use release v1.5.1 (#2406, @cpanato) [SIG Release]

Dependencies

Added

  • github.com/DataDog/datadog-go: v3.2.0+incompatible
  • github.com/bits-and-blooms/bitset: v1.2.0
  • github.com/checkpoint-restore/go-criu/v5: v5.0.0
  • github.com/circonus-labs/circonus-gometrics: v2.3.1+incompatible
  • github.com/circonus-labs/circonusllhist: v0.1.3
  • github.com/common-nighthawk/go-figure: 734e95f
  • github.com/danieljoos/wincred: v1.1.0
  • github.com/iancoleman/strcase: v0.2.0
  • github.com/lyft/protoc-gen-star: v0.5.3
  • github.com/power-devops/perfstat: 5aafc22
  • github.com/sagikazarmark/crypt: v0.3.0
  • github.com/secure-systems-lab/go-securesystemslib: v0.3.0
  • github.com/tj/go-spin: v1.1.0
  • github.com/tv42/httpunix: b75d861
  • github.com/vbatts/tar-split: v0.11.2
  • github.com/yusufpapurcu/wmi: v1.2.2
  • sigs.k8s.io/bom: 5dc6709

Changed

Read more

v0.12.0

16 Nov 16:11
v0.12.0
dd825e6
Compare
Choose a tag to compare

Changes by Kind

Deprecation

  • Remove vulndash
    I'm not a fan of doing this (because it was an intern's work), but
    vulndash is undeployed and unmaintained.

    Given the scope of the work, it creates an attack surface for the
    project in an unmaintained state, so we need to remove it. (#2322, @justaugustus)

Feature

  • The stage phase of the Kubernetes release process is now SLSA compliant! 🎉
    • The anago state object now registers the time the release process starts.
    • We now make the GCB BUILD_ID identifier available to krel as an env var to include it in the provenance metadata.
    • New go pkg: provenance. This new package allows projects to generate provenance metadata in in-toto attestations with SLSA compliant predicates. The new package features a scanner to easily add files as subjects in the statement.
    • The provenance package now has tests and mocks
    • The staging phase of anago which krel runs now has a new step: GenerateProvenance(). This step writes a provenance attestation file to make stage SLSA1 compliant. The file describes the building environment and adds the artifacts that will be consumed from release as subjects in the statement.
    • The deletion of the Kubernetes source in the staging workspace is now decoupled from the StageLocalSourceTree() function
    • PushReleaseArtifacts() in the build package now supports uploading single files to the release bucket. Previously only directories could be uploaded with this function.
    • Optimized the artifact publishing logic to only create the Kubernetes source tarball once. Previously we tarred, compressed and uploaded the whole source tree once for each tag in the release. This is not needed as all releases share the same source. (#2273, @puerco)
  • Add a new ci-reporter tool to generate weekly CI Signal Reports (#2309, @palnabarun)
  • Added K8S_ORG, K8S_REPO and K8S_REF environment variable support to stage custom k/k forks. (#2074, @saschagrunert)
  • Artifacts are now verified against the in-toto attestation produced during the staging phase of a release. If validation fails, for now only a warning is reported in the logs. Future builds will abort execution right after validation.
    • New ProvenanceChecker object in the release package to enable release runs to verify provenance metadata.
    • The provenance.Statement object which abstracts in-toto attestations can now read attestations from JSON files and clone predicates from other attestations. (#2283, @puerco)
  • Config: Add configs for copying GitHub releases to GCS buckets (#2281, @justaugustus)
  • Cosign: update cosign to 1.3.1 (#2315, @cpanato)
  • Cross: build variants for each k8s release branch (main branch, 1.22, 1.21) (#2253, @cpanato)
  • Debian-iptables image now contains /go-runner binary (#2301, @BenTheElder)
  • Debian-iptables: Build bullseye-v1.0.0 images
  • images: Build go1.17-bullseye variants
  • Debian-iptables:bullseye image now contains /go-runner binary (#2310, @pohly)
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.10 (#2311, @cpanato)
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.8 (#2252, @cpanato)
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.9 (#2290, @cpanato)
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.1 (#2246, @cpanato)
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.2 (#2289, @cpanato)
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.3 (#2306, @cpanato)
  • Krel: make promote-images work for other k8s and k8s sigs projects (#2280, @CecileRobertMichon)
  • New SPDX parser to read and interpret SPDX SBoMs in tag/value format.
    • New subcommand bom document outline reads an SBOM and prints to the screen a tree-like structure detailing the elements (files/packages) described in the SBoM and the relationships among them. (#2298, @puerco)
  • Release notes: Remove author and PR links from Markdown (#2274, @CecileRobertMichon)
  • Releases now publish a provenance attestation with a SLSA 0.1 predicate describing all artifacts in the release bucket. (#2300, @puerco)
  • Setcap: Build bullseye-v1.0.0 images
  • images: Build go1.17-bullseye variants (part two)
  • Update cosign to v1.2.0 (#2251, @cpanato)
  • Update cosign to v1.2.1 (#2259, @cpanato)
  • [go] Build go1.17.2 and go1.16.9 images (#2285, @mengjiao-liu)
  • [go] Build go1.17.3 and go1.16.10 images (#2305, @cpanato)

Documentation

  • Go.mod: Update sigs.k8s.io/promo-tools/v3 to v3.2.1
    ...which fixes import issues following the repo rename. (#2255, @justaugustus)
  • Issue-template: update dep-golang template to remove bazel updates (#2291, @cpanato)
  • Krel/promote-images: make error when GitHub token is not provided more verbose
    krel/promote-images: update promotion PR body to have the command (#2320, @palnabarun)

Bug or Regression

  • Cross: install ip looks like it is not there for bullseye (#2260, @cpanato)
  • Fixed table of contents header links containing source code in changelog and release notes generation. (#2277, @saschagrunert)
  • New release.ProvenanceReade object handles the generation of provenance subjects during staging. Written in response to a bug found in the intoto subjects included in the attestation, this new object is now more testable. (#2296, @puerco)
  • Packages: Update minimum Kubernetes version to v1.19.0 (#2295, @justaugustus)

Other (Cleanup or Flake)

  • During anago.release, krel will now download and perform the staged artifact verification in a dedicated directory in the Cloud Build workspace. (#2297, @puerco)
  • FIxed the help text for krel cve -f. It now reads "update vulnerability data from a local map file" (#2257, @puerco)
  • Go.mod: Update sigs.k8s.io/k8s-container-image-promoter to v3.2.0 (#2247, @justaugustus)

Dependencies

Added

  • github.com/codahale/rfc6979: 6a90f24
  • github.com/google/go-github/v34: v34.0.0
  • github.com/google/go-github/v39: v39.2.0
  • github.com/in-toto/in-toto-golang: v0.3.3
  • github.com/lufia/plan9stats: 39d0f17
  • github.com/shibumi/go-pathspec: v1.2.0
  • sigs.k8s.io/promo-tools/v3: v3.2.1

Changed

Removed

  • sigs.k8s.io/k8s-container-image-promoter: v1.339.0

v0.11.0

13 Sep 22:16
5f2f2cc
Compare
Choose a tag to compare

Changes by Kind

API Change

  • Removed --dependencies flag from krel release-notes, because they will be added during release cut. (#2193, @saschagrunert) [SIG Release]

Feature

  • Cosign: Add a public key for testing
    Preliminary steps to sign/verify artifacts via cosign.
    The process or needs will evolve over time, so we've opted to generate
    a "test" key to start. (#2226, @justaugustus) [SIG Release]
  • Debian-base: Build bullseye-v1.0.0 images (#2209, @justaugustus) [SIG Release]
  • Debian-iptables: Build buster-v1.6.7 image (#2237, @wespanther) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.15.15 (#2200, @cpanato) [SIG Release]
  • K8s-cloud-builder: Update to v1.23.0-go1.17-buster.0 (#2222, @justaugustus) [SIG Release]
  • Kpromo: Initial image building configuration (#2231, @justaugustus) [SIG Release]
  • Kube-cross: Drop non-legacy go1.15 variant
    • kube-cross: Remove etcd from non-legacy builds

    • images: Enforce Debian codenames for Golang-based images
      When there are multiple image builds in flight both upstream and downstream,
      we can run into situations where a new Debian version becomes the default for
      image builds, which can have unintended side-effects across release branches.

      Here we use explicit pairings of Golang/Debian versions to retrieve images

      Example: FROM golang:1.16.7-buster

    • kube-cross: Use OS codenames to construct clearer versions for images

      Uses the following nomenclature:
      v<kubernetes-major>-go<go-major>-<os-codename>.<revision>

      Example: v1.23.0-go1.17-buster.0

    • [go1.17] Build images for go1.17

      • kube-cross:v1.23.0-go1.17-buster.0
      • go-runner:v2.3.1-go1.17-buster.0 (#2211, @justaugustus) [SIG Release]
  • SPDX: Fixed a bug where the VARIANT_OF relationship in multiarch container images was expressed backwards
    • New -l | --license flag to define the project's license from the command line (#2242, @puerco) [SIG Release]
  • Update cosign to v1.1.0 (#2229, @justaugustus) [SIG Release]
  • [go1.17] Default to go1.17
    • dependencies.yaml: Default to go1.17 for image builds
    • vulndash: Build v0.4.3-8 image
    • dependencies.yaml: Add entry for go.mod
    • packages/deb: Update module to go1.17
    • images/build/go-runner: Update module to go1.17
    • go.mod: Update module to go1.17 (#2223, @justaugustus) [SIG Release]
  • [go] Build go1.17.1 and go1.16.8 images (#2239, @cpanato) [SIG Release]

Design

  • Migrate gh2gcs to the promotion tooling repo
    • Migrate pkg/{git,github,release/regex} to sigs.k8s.io/release-sdk (#2245, @justaugustus) [SIG Release]

Documentation

Bug or Regression

  • Bom: fix panic when LICENSE file is not found (#2213, @hectorj2f) [SIG Release]
  • Fixed a bug in the SPDX package where layer references in single image manifests were not correctly formed (#2206, @puerco) [SIG Release]
  • When cutting the packages, we no longer upload .deb files to scratch bucket (#2216, @puerco) [SIG Release]

Other (Cleanup or Flake)

  • Images: Update gcb-docker-cloud image to v20210722-085d930 (#2230, @justaugustus) [SIG Release]
  • Migrate pkg/object and pkg/gcp/gcp.go to sigs.k8s.io/release-sdk (#2232, @justaugustus) [SIG Release]
  • When generating the packages for a release, we no longer update the /debian/latest marker in k8s-release-dev (#2217, @puerco) [SIG Release]

Dependencies

Added

  • cloud.google.com/go/containeranalysis: v0.1.0
  • cloud.google.com/go/errorreporting: v0.1.0
  • cloud.google.com/go/grafeas: 71387f0
  • github.com/google/go-github/v37: v37.0.0
  • sigs.k8s.io/release-sdk: v0.2.0

Changed

  • cloud.google.com/go/logging: v1.1.2 → v1.4.2
  • cloud.google.com/go/storage: v1.12.0 → v1.16.1
  • cloud.google.com/go: v0.90.0 → v0.93.3
  • github.com/cenkalti/backoff/v4: v4.1.0 → v4.1.1
  • github.com/go-logr/logr: v0.4.0 → v0.2.0
  • github.com/google/pprof: 4bb14d4 → f964ff6
  • github.com/googleapis/gax-go/v2: v2.0.5 → v2.1.0
  • github.com/kevinburke/ssh_config: 4977a11 → v1.1.0
  • github.com/mattn/go-isatty: v0.0.13 → v0.0.14
  • github.com/sergi/go-diff: v1.1.0 → v1.2.0
  • github.com/shirou/gopsutil/v3: v3.21.7 → v3.21.8
  • github.com/tklauser/go-sysconf: v0.3.7 → v0.3.9
  • github.com/tklauser/numcpus: v0.2.3 → v0.3.0
  • github.com/yuin/goldmark: v1.4.0 → v1.4.1
  • golang.org/x/crypto: 83a5a9b → 5ff15b2
  • golang.org/x/mod: v0.4.2 → v0.5.0
  • golang.org/x/oauth2: a41e5a7 → 2bc19b1
  • golang.org/x/sys: 0f9fa26 → 63515b4
  • google.golang.org/api: v0.51.0 → v0.56.0
  • google.golang.org/genproto: 7823e68 → 66f60bf
  • google.golang.org/grpc: v1.39.0 → v1.40.0
  • k8s.io/gengo: 83324d8 → 3a45101
  • k8s.io/klog/v2: v2.9.0 → v2.4.0
  • sigs.k8s.io/k8s-container-image-promoter: v1.337.0 → v1.339.0

Removed

  • github.com/joefitzgerald/rainbow-reporter: v0.1.0
  • k8s.io/code-generator: v0.19.7

v0.10.0

09 Aug 14:15
v0.10.0
82b23b9
Compare
Choose a tag to compare

Changes by Kind

Feature

  • Allows more options to be passed to the SPDX document builder
    • File analysis is now done in parallel speeding the kubernetes bom generation significally
    • When generating a SPDX package from a directory, file paths will now be relative to the dir root
    • Golang packages that have local replacements will be honored saving a considerable amount of downloads
    • Fixed a bug where we would erase the local golang package install
    • Fixed a bug where license data would be saved in the download cache directory, resulting in the license classifier having a lower accuracy
    • Golang packages will now include all license text in the SBOM as well as the SPDX license identifier
    • New function license.ReadTopLicense() will scan and return only the most significant license in a directory, potentially avoiding thousands of operations in the classifier code. (#2096, @puerco) [SIG Release]
  • Apache-2.0 is now defined as the default and expressed license in packages
    • The SPDX package now supports ExternalDocRef making it possible to define external documents related to an SBOM
    • Added functions to the release package to get the produced artifacts (ListBuildImages, ListBuildTarballs, ListBuildBinaries)
    • Added release tarballs (client, server, node) to artifacts SBOM
    • Binaries are now listed with their correct relative paths in the artifacts SBOM
    • FIxed a bug where SPDX Ids would clash when two packages shared the same base image
    • The source code SBOM is now referenced by the artifacts sbom packages as GENERATED_FROM
    • Added tests to ensure SPDX Relationships render correctly (#2156, @puerco) [SIG Release]
  • Changed archived Kubernetes release sources to be compressed as tarball (#2130, @saschagrunert) [SIG Release]
  • Debian-base: Build buster-v1.8.0 image (#2135, @jindijamie) [SIG Release]
  • Debian-base: Build buster-v1.9.0 image (#2189, @justaugustus) [SIG Release]
  • Debian-iptables: Build buster-v1.6.5 image
  • Debian-iptables: Build buster-v1.6.6 image
  • Fixed a bug that was causing errors downloading go packages, except for a few specific deps, we now have licensing data for all packages.
    • Correct a bug where HTML entities were being introduced into the spdx licenses and output. The code was wrongly using html/template instead of text/template.
    • There is now a new Relationship type and a better way to relate objects among themselves via a new spdx.Object interface
    • New SPDX object interface. This is important as we will start having functions that can take either packages or files, hence we create the interface to address them both
    • Changes the way image references are treated when generating an SBOM from an image reference. Now, The spdx package will now fetch all images for all architectures found
    • New function to generates a valid SPDX ID string, optionally it can take strings as seeds to generate a more intuitive ID for packages and files.
    • Fixes a bug where month and day were in the wrong order in the SPDX document date. (#2147, @puerco) [SIG Release]
  • K8s-ci-builder: Add 1.22 variant, drop 1.18 variant
    • k8s-ci-builder: Add 1.23 variant
    • k8s-ci-builder: Build go1.16.6 images
    • k8s-cloud-builder: Build v1.17.0-rc.1-1 image (#2168, @justaugustus) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.15.15 (#2200, @cpanato) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.7 (#2198, @cpanato) [SIG Release]
  • K8s-cloud-builder: Build image using go1.16.6 (#2163, @puerco) [SIG Release]
  • K8s-cloud-builder: Build v1.17.0-rc.2-1 image (#2190, @justaugustus) [SIG Release]
  • Schedule-builder: add new field (#2173, @cpanato) [SIG Release]
  • Stage now runs completely without setting the github token in the k/k clone remote configuration
    • krel now resets the git origin remote in the staged clone of kubernetes/kubernetes to pickup a new GITHUB_TOKEN if we change it.
    • before archiving the release, we now delete the git remote config (#2127, @puerco) [SIG Release]
  • The binary.Binary object has a new method ContainsString() that allows for searching inside the binary for one or more strings.
    • The release process now has a new step during staging: VerifyArtifacts. Where during which we will perform checks of the artifacts we produce.
    • Binaries are now checked to ensure they are of the expected platform/arch
    • The version tag in binaries is now checked to ensure they match each release version tag
    • Fixed a bug in release.ListBuildBinaries where server and client tarballs were wrongly included in the output. (#2160, @puerco) [SIG Release]
  • Update dependencies.yaml 1.15 to use Go 1.15.14
    • k8s-cloud-builder: Build v1.15.14-legacy-1/v1.15.14-1 image
    • k8s-ci-builder: Build 1.15 image variants using Go 1.15.14 (#2171, @puerco) [SIG Release]
  • When running release from a non-main branch, krel will now merge any commits before pushing the branch back to github, avoiding conflicts due to divergent branches. (#2128, @puerco) [SIG Release]
  • When staging a new kubernetes build, krel will now prewarm the license cache to have the classifier data ready when generating the bill of materials.
    • The release process staging phase now has a GenerateBillOfMaterials() step that builds the SPDX documents.
    • We now create an SPDX SBOM describing the Kubernetes source during staging
    • Each version in a release now features an SPDX bill of materials listing its binaries and images
    • stage.GenerateBillOfMaterials() now has an integration test (#2095, @puerco) [SIG Release]
  • [go1.15] Update kubernetes/kubernetes dependents to use Go 1.15.13
    • k8s-cloud-builder: Build v1.15.13-legacy-1/v1.15.13-1 image
    • k8s-ci-builder: Build image variants using Go 1.15.13 (#2122, @thejoycekung) [SIG Release]
  • [go1.16] Update kubernetes/kubernetes dependents to use go1.16.5
    • k8s-cloud-builder: Build v1.16.5-1 image
    • k8s-ci-builder: Build image variants using go1.16.5 (#2116, @cpanato) [SIG Release]
  • [go1.17] Build images for go1.17rc1 (#2117, @justaugustus) [SIG Release]
  • [go1.17] Build images for go1.17rc2 (#2188, @justaugustus) [SIG Release]
  • [go] go1.16.5 and go1.15.13 updates
    • kube-cross: Build v1.16.5-1 and v1.15.13-1 images
    • go-runner: Build v2.3.1-go1.16.5-buster.0 and v2.3.1-go1.15.13-buster.0
    • releng-ci: build iamge for go1.16.5 and go1.15.13
    • kubepkg/packages-deb: update base image to go1.16.5 (#2111, @cpanato) [SIG Release]
  • [go] go1.16.6 and go1.15.14 updates
    • kube-cross: Build v1.16.6-1 and v1.15.14-1 images
    • go-runner: Build v2.3.1-go1.16.6-buster.0 and v2.3.1-go1.15.14-buster.0
    • releng-ci: build iamge for go1.16.6 and go1.15.14
    • kubepkg/packages-deb: update base image to go1.16.6 (#2162, @mengjiao-liu) [SIG Release]
  • [go] go1.16.7 and go1.15.15 updates
    • go-runner: Build v2.3.1-go1.16.7-buster.0 and v2.3.1-go1.15.15-buster.0
    • releng-ci: build image for go1.16.6 and go1.15.15
    • kube-cross: Build v1.16.7-1 and v1.15.15-1 images
    • kubepkg/packages-deb: update base image to go1.16.7
    • k8s-cloud-builder: Build v1.16.7-1 / v1.15.15-1 / v1.15.15-legacy-1 images (#2197, @cpanato) [SIG Release]
  • PrerequisitesChecker nos has options, currently the only one is CheckGitHubToken. This bool allows us to run without setting the GITHUB_TOKEN variable when not needed (#2138, @puerco) [SIG Release]

Documentation

  • Add documentation for the bom utility
    • In-depth HOWTO guide to generating an SPDX Bill of ...
Read more