Releases: kubernetes/release
v0.16.2
Please note that you can also download the artifacts for this release from our Google Cloud Bucket: https://console.cloud.google.com/storage/browser/k8s-artifacts-sig-release/kubernetes/release/v0.16.2
Changes by Kind
Feature
- Added
--wait
flag forkrel obs stage
to wait for OBS build results. (#3304, @saschagrunert) [SIG Release] - Build Go 1.21.2 and 1.20.9 images (#3305, @cpanato) [SIG Release]
- Update distroless-iptables to use Go 1.21.2 (#3306, @cpanato) [SIG Release]
Bug or Regression
Dependencies
Added
Nothing has changed.
Changed
- golang.org/x/crypto: v0.13.0 → v0.14.0
- golang.org/x/net: v0.15.0 → v0.16.0
- golang.org/x/oauth2: v0.12.0 → v0.13.0
- golang.org/x/sys: v0.12.0 → v0.13.0
- golang.org/x/term: v0.12.0 → v0.13.0
Removed
Nothing has changed.
v0.16.1
Please note that you can also download the artifacts for this release from our Google Cloud Bucket: https://console.cloud.google.com/storage/browser/k8s-artifacts-sig-release/kubernetes/release/v0.16.1
Changes by Kind
Bug or Regression
- Fixed binary archive duplicates. (#3302, @cpanato) [SIG Release]
- Fixed wrong binary path for release-notes tool. (#3301, @saschagrunert) [SIG Release]
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
v0.16.0
Changes by Kind
Deprecation
- Deprecate --create-website-pr on krel release-notes as there is no need to update the repo with latest release notes. They are now fetched automatically from GCS. (#3277, @ashnehete) [SIG Release]
Feature
- Add
osc
(OpenBuildService CLI) to k8s-cloud-builder image (#3084, @xmudrii) [SIG Release] - Add configs for 1.29 and 1.28 for k8s-cloudbuilder and drop 1.24 (#3250, @cpanato) [SIG Release]
- Added CRI-O package to
krel obs
(#3229, @saschagrunert) [SIG Release] - Added
rpmlint
to releng-ci imagegcr.io/k8s-staging-releng/releng-ci:latest-go1.20-bookworm
. (#3167, @saschagrunert) [SIG Release] - Allow setting
OBS_USERNAME
for a specifickrel obs
user (#3273, @saschagrunert) [SIG Release] - Allow string slices (
architectures
andpackages
) askrel obs
arguments. (#3267, @saschagrunert) [SIG Release] - Build Go 1.19.10 and Go 1.20.5 based images (#3105, @jeremyrickard) [SIG Release]
- Build Go 1.20.4 and 1.19.9 based images (#3029, @rayandas) [SIG Release]
- Build Go 1.20.6 based images and remove references to Go 1.19 (#3154, @xmudrii) [SIG Release]
- Build Go 1.20.7 images (#3189, @xmudrii) [SIG Release]
- Build Go 1.21.1 and 1.20.8 images (#3253, @cpanato) [SIG Release]
- Bump cosign image to v2.2.0 (#3241, @cpanato) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.19.10 (#3116, @jeremyrickard) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.19.9 (#3034, @xmudrii) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.20.5 (#3145, @cpanato) [SIG Release]
- Debian-iptables and distroless-iptables are now built with Go 1.20.5 (#3107, @jeremyrickard) [SIG Release]
- Golang: Build 1.21 images (#3212, @cpanato) [SIG Release]
- Golang: Build 1.21rc2 images (#3132, @cpanato) [SIG Release]
- Golang: Build 1.21rc3 images (#3155, @cpanato) [SIG Release]
- Golang: build 1.21rc4 images (#3190, @ameukam) [SIG Release]
- Implement OBS release workflow via
krel obs release
command (#3098, @xmudrii) [SIG Release] - Implement OBS staging workflow via
krel obs stage
command (#3088, @xmudrii) [SIG Release] - Kubernetes 1.28+ packages hosted on
pkgs.k8s.io
require kubernetes-cni 1.2.0 and cri-tools 1.28.0 (#3192, @xmudrii) [SIG Release] - Make
--workspace
configurable inobs stage/release
(#3271, @saschagrunert) [SIG Release] - The SBOM format can now be controlled in
publish release github
and JSON is now the default. (#3020, @puerco) [SIG Release] - Update distroless-iptables to use Go 1.20.6 (#3156, @xmudrii) [SIG Release]
- Update distroless-iptables to use Go 1.20.7 (#3197, @jeremyrickard) [SIG Release]
- Update distroless-iptables to use Go 1.21.1 (#3258, @cpanato) [SIG Release]
- Update go images for 1.29 and 1.28 release branches and drop 1.24 config (#3234, @cpanato) [SIG Release]
- Update k8s-cloud-builder to Go 1.20.6 (#3157, @xmudrii) [SIG Release]
- Update k8s-cloud-builder to Go 1.20.7 (#3199, @jeremyrickard) [SIG Release]
- Update k8s-cloud-builder/k8s-ci-builder to Go 1.20.8 (#3259, @cpanato) [SIG Release]
- Update k8s-cloud-builder/k8s-ci-builder to Go 1.21.1 (#3257, @cpanato) [SIG Release]
- Update to set go1.20 in go.mod and upgrade golangci-lint (#3073, @cpanato) [SIG Release]
- Updated debian-iptables to switch to debian-bookworm. (#3136, @saschagrunert) [SIG Release]
- Updated kube-cross protobuf version to v23.4. (#3147, @saschagrunert) [SIG Release]
- Updated releng-ci image to use debian bookworm. (#3150, @saschagrunert) [SIG Release]
- Updated setcap image to use debian bookworm. (#3139, @saschagrunert) [SIG Release]
- Updated the kube-cross v1.28 image to use debian bookworm. (#3146, @saschagrunert) [SIG Release]
- Upgrade code to be compatible with cosign v2 (#3078, @cpanato) [SIG Release]
- Use debian 12 for go-runner 1.21 image. (#3233, @saschagrunert) [SIG Release]
- Using debian 12 (bookworm) for all images. (#3127, @saschagrunert) [SIG Release]
krel obs specs
command is refactored to better support OpenBuildService (OBS) workflow (#3079, @xmudrii) [SIG Release]
Bug or Regression
- EnvironmentFile is changed from
/etc/sysconfig/kubelet
to/etc/default/kubelet
forkubeadm
Debian packages published topkgs.k8s.io
(#3279, @xmudrii) [SIG Release] - Fix version comparison in VerifyLatestUpdate (#3223, @xmudrii) [SIG Release]
- Fixed
--template-dir
forkrel obs release
(#3272, @saschagrunert) [SIG Release] - Fixed
grep
usage in distroless-iptables, which is now on version v0.3.1. (#3237, @saschagrunert) [SIG Release] - Removed
arm
architecture fromkubepkg
command. (#3106, @saschagrunert) [SIG Release] - Removed workdir prefix from SHA*SUMS files. (#3227, @saschagrunert) [SIG Release]
- Replace
PROJECT
andPROJECT_TAG
GCB substitutions withOBS_PROJECT
andOBS_PROJECT_TAG
(#3174, @xmudrii) [SIG Release]
Other (Cleanup or Flake)
- Add go boilerplate when running go generate (#3075, @cpanato) [SIG Release]
- Publishing-bot issue will now be created in kubernetes/sig-release instead of k8s-release-robot/sig-release (#3198, @akhilerm) [SIG Release]
- Remove "Kubernetes Source Code" artifact from being published on GitHub Releases (#2780, @xmudrii) [SIG Release]
- Removed debian-iptables image. (#3153, @saschagrunert) [SIG Release]
- Update k8s-ci-builder for go1.21 to use bullseye for 1.29 and default for next config keep on bookworm (#3251, @cpanato) [SIG Release]
- Update release-utils to
243952c
- Upgrade
osc
binary in k8s-cloud-builder image. (#3278, @saschagrunert) [SIG Release] krel obs specs
: use default--channel release
,--output .
and--template-dir cmd/krel/templates/latest
. (#3231, @saschagrunert) [SIG Release]
Dependencies
Added
- chainguard.dev/go-grpc-kit: v0.16.0
- dario.cat/mergo: v1.0.0
- github.com/AdamKorcz/go-fuzz-headers-1: e936619
- github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.6.1
- github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.3.0
- github.com/Azure/azure-sdk-for-go/sdk/internal: v1.3.0
- github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys: v0.10.0
- github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal: v0.7.1
- github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys: v0.12.0
- github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal: v0.8.0
- github.com/AzureAD/microsoft-authentication-library-for-go: v1.0.0
- github.com/DataDog/appsec-internal-go: v1.0.0
- github.com/DataDog/datadog-agent/pkg/obfuscate: v0.45.0-rc.1
- github.com/DataDog/datadog-agent/pkg/remoteconfig/state: v0.45.0-rc.1
- github.com/DataDog/datadog-go/v5: v5.3.0
- github.com/DataDog/go-libddwaf: v1.2.0
- github.com/DataDog/go-tuf: fork
- github.com/DataDog/sketches-go: v1.2.1
- github.com/alessio/shellescape: v1.4.1
- github.com/bazelbuild/bazelisk: v1.13.2
- github.com/bazelbuild/rules_go: v0.34.0
- github.com/beevik/ntp: v1.0.0
- github.com/blendle/zapdriver: v1.3.1
- github.com/brunoscheufler/aws-ecs-metadata-go: b6b31c6
- github.com/buildkite/agent/v3: v3.49.0
- github.com/buildkite/bintest/v3: v3.1.1
- github.com/buildkite/interpolate: 07f35b4
- github.com/buildkite/roko: v1.1.0
- github.com/buildkite/shellwords: c3f497d
- github.com/bytecodealliance/wasmtime-go/v3: v3.0.2
- github.com/denisbrodbeck/machineid: v1.0.1
- github.com/digitorus/pkcs7: 001c36b
- github.com/digitorus/timestamp: ef3b63b
- github.com/elazarl/goproxy: 2592e75
- github.com/gabriel-vasile/mimetype: v1.4.2
- github.com/go-chi/chi/v5: v5.0.8
- github.com/go-redis/redismock/v9: v9.0.3
- github.com/google/go-github/v53: [v53.2.0](https://github.com/google/go-github/v53/tree/v53....
v0.15.1
Changes by Kind
Deprecation
- Changed patch release process to stop building rc.0 versions together with the official. (#2765, @saschagrunert) [SIG Release]
Feature
- Add goreleaser and ko to the releng-ci image (#2957, @cpanato) [SIG Release]
- Build Go 1.20.1 and 1.19.6 based images (#2914, @cpanato) [SIG Release]
- Build Go 1.20.2 and 1.19.7 based images (#2949, @cpanato) [SIG Release]
- Build Go 1.20.3 and 1.19.8 based images (#3000, @xmudrii) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.19.8 (#3006, @xmudrii) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.20 (#2895, @cpanato) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.20.1 and 1.19.6 (#2921, @cpanato) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.20.2 and 1.19.7 (#2955, @cpanato) [SIG Release]
- Golang: Build 1.20 images (#2887, @cpanato) [SIG Release]
- Introduce
krel obs specs
command to generate specs and archives for Open Build Service (#2946, @xmudrii) [SIG Release] - Updated CNI plugins to v1.2.0 (#2863, @saschagrunert) [SIG Release]
Documentation
- Added Golang command in the documentation for the krel tool installation (#2871, @yrs147) [SIG Release]
Failing Test
- Fixed version regex to allow tags like
v1.25.8-1+3a14fe1af239a0
(#2976, @saschagrunert) [SIG Release] - K8s-ci-builder: install ifconfig through net-tools (#2897, @palnabarun) [SIG Release]
Bug or Regression
Other (Cleanup or Flake)
- Drop 1.23 configs and update debian/distroless iptable images (#2956, @cpanato) [SIG Release]
- Drop go1.17 builds
- Stopped building packages for 32 bit ARM platforms for Kubernetes >= v1.27.0. (#2960, @saschagrunert) [SIG Release]
- Updated qemu to v7.2.0-1 for distroless-iptables image (#2941, @saschagrunert) [SIG Release]
Dependencies
Added
- cloud.google.com/go/apigeeregistry: v0.6.0
- cloud.google.com/go/apikeys: v0.6.0
- cloud.google.com/go/maps: v0.7.0
- cloud.google.com/go/vmwareengine: v0.3.0
- github.com/AdamKorcz/go-118-fuzz-build: 5330a85
- github.com/container-orchestrated-devices/container-device-interface: v0.5.4
- github.com/containerd/btrfs/v2: v2.0.0
- github.com/containerd/cgroups/v3: v3.0.1
- github.com/containerd/typeurl/v2: v2.1.0
- github.com/go-jose/go-jose/v3: v3.0.0
- github.com/google/go-github/v50: v50.2.0
- github.com/klauspost/cpuid/v2: v2.0.4
- github.com/minio/sha256-simd: v1.0.0
- github.com/mmcloughlin/avo: v0.5.0
- github.com/moby/sys/sequential: v0.5.0
- github.com/opencontainers/runtime-tools: 2e043c6
- github.com/shoenig/go-m1cpu: v0.1.4
- github.com/shoenig/test: v0.6.3
- github.com/syndtr/gocapability: 42c35b4
- go.etcd.io/gofail: v0.1.0
- golang.org/x/arch: v0.1.0
- rsc.io/pdf: v0.1.1
Changed
- cloud.google.com/go/accessapproval: v1.5.0 → v1.6.0
- cloud.google.com/go/accesscontextmanager: v1.4.0 → v1.7.0
- cloud.google.com/go/aiplatform: v1.27.0 → v1.36.1
- cloud.google.com/go/analytics: v0.12.0 → v0.19.0
- cloud.google.com/go/apigateway: v1.4.0 → v1.5.0
- cloud.google.com/go/apigeeconnect: v1.4.0 → v1.5.0
- cloud.google.com/go/appengine: v1.5.0 → v1.7.0
- cloud.google.com/go/area120: v0.6.0 → v0.7.1
- cloud.google.com/go/artifactregistry: v1.9.0 → v1.12.0
- cloud.google.com/go/asset: v1.10.0 → v1.12.0
- cloud.google.com/go/assuredworkloads: v1.9.0 → v1.10.0
- cloud.google.com/go/automl: v1.8.0 → v1.12.0
- cloud.google.com/go/baremetalsolution: v0.4.0 → v0.5.0
- cloud.google.com/go/batch: v0.4.0 → v0.7.0
- cloud.google.com/go/beyondcorp: v0.3.0 → v0.5.0
- cloud.google.com/go/bigquery: v1.44.0 → v1.49.0
- cloud.google.com/go/billing: v1.7.0 → v1.13.0
- cloud.google.com/go/binaryauthorization: v1.4.0 → v1.5.0
- cloud.google.com/go/certificatemanager: v1.4.0 → v1.6.0
- cloud.google.com/go/channel: v1.9.0 → v1.12.0
- cloud.google.com/go/cloudbuild: v1.4.0 → v1.9.0
- cloud.google.com/go/clouddms: v1.4.0 → v1.5.0
- cloud.google.com/go/cloudtasks: v1.8.0 → v1.10.0
- cloud.google.com/go/compute/metadata: v0.2.2 → v0.2.3
- cloud.google.com/go/compute: v1.13.0 → v1.19.0
- cloud.google.com/go/contactcenterinsights: v1.4.0 → v1.6.0
- cloud.google.com/go/container: v1.7.0 → v1.14.0
- cloud.google.com/go/containeranalysis: v0.6.0 → v0.9.0
- cloud.google.com/go/datacatalog: v1.8.0 → v1.13.0
- cloud.google.com/go/dataflow: v0.7.0 → v0.8.0
- cloud.google.com/go/dataform: v0.5.0 → v0.7.0
- cloud.google.com/go/datafusion: v1.5.0 → v1.6.0
- cloud.google.com/go/datalabeling: v0.6.0 → v0.7.0
- cloud.google.com/go/dataplex: v1.4.0 → v1.6.0
- cloud.google.com/go/dataproc: v1.8.0 → v1.12.0
- cloud.google.com/go/dataqna: v0.6.0 → v0.7.0
- cloud.google.com/go/datastream: v1.5.0 → v1.7.0
- cloud.google.com/go/deploy: v1.5.0 → v1.8.0
- cloud.google.com/go/dialogflow: v1.19.0 → v1.32.0
- cloud.google.com/go/dlp: v1.7.0 → v1.9.0
- cloud.google.com/go/documentai: v1.10.0 → v1.18.0
- cloud.google.com/go/domains: v0.7.0 → v0.8.0
- cloud.google.com/go/edgecontainer: v0.2.0 → v1.0.0
- cloud.google.com/go/essentialcontacts: v1.4.0 → v1.5.0
- cloud.google.com/go/eventarc: v1.8.0 → v1.11.0
- cloud.google.com/go/filestore: v1.4.0 → v1.6.0
- cloud.google.com/go/functions: v1.9.0 → v1.12.0
- cloud.google.com/go/gaming: v1.8.0 → v1.9.0
- cloud.google.com/go/gkebackup: v0.3.0 → v0.4.0
- cloud.google.com/go/gkeconnect: v0.6.0 → v0.7.0
- cloud.google.com/go/gkehub: v0.10.0 → v0.12.0
- cloud.google.com/go/gkemulticloud: v0.4.0 → v0.5.0
- cloud.google.com/go/gsuiteaddons: v1.4.0 → v1.5.0
- cloud.google.com/go/iam: v0.8.0 → v1.0.0
- cloud.google.com/go/iap: v1.5.0 → v1.7.0
- cloud.google.com/go/ids: v1.2.0 → v1.3.0
- cloud.google.com/go/iot: v1.4.0 → v1.6.0
- cloud.google.com/go/kms: v1.7.0 → v1.10.0
- cloud.google.com/go/language: v1.8.0 → v1.9.0
- cloud.google.com/go/lifesciences: v0.6.0 → v0.8.0
- cloud.google.com/go/logging: v1.6.1 → v1.7.0
- cloud.google.com/go/longrunning: v0.3.0 → v0.4.1
- cloud.google.com/go/managedidentities: v1.4.0 → v1.5.0
- cloud.google.com/go/mediatranslation: v0.6.0 → v0.7.0
- cloud.google.com/go/memcache: v1.7.0 → v1.9.0
- cloud.google.com/go/metastore: v1.8.0 → v1.10.0
- cloud.google.com/go/monitoring: v1.8.0 → v1.13.0
- cloud.google.com/go/networkconnectivity: v1.7.0 → v1.11.0
- cloud.google.com/go/networkmanagement: v1.5.0 → v1.6.0
- cloud.google.com/go/networksecurity: v0.6.0 → v0.8.0
- cloud.google.com/go/notebooks: v1.5.0 → v1.8.0
- cloud.google.com/go/optimization: v1.2.0 → v1.3.1
- cloud.google.com/go/orchestration: v1.4.0 → v1.6.0
- cloud.google.com/go/orgpolicy: v1.5.0 → v1.10.0
- cloud.google.com/go/osconfig: v1.10.0 → v1.11.0
- cloud.google.com/go/oslogin: v1.7.0 → v1.9.0
- cloud.google.com/go/phishingprotection: v0.6.0 → v0.7.0
- cloud.google.com/go/policytroubleshooter: v1.4.0 → v1.6.0
- cloud.google.com/go/privatecatalog: v0.6.0 → v0.8.0
- cloud.google.com/go/pubsub: v1.27.1 → v1.30.0
- cloud.google.com/go/pubsublite: v1.5.0 → v1.7.0
- cloud.google.com/go/recaptchaenterprise/v2: v2.5.0 → v2.7.0
- cloud.google.com/go/recommendationengine: v0.6.0 → v0.7.0
- cloud.google.com/go/recommender: v1.8.0 → v1.9.0
- cloud.google.com/go/redis: v1.10.0 → v1.11.0
- cloud.google.com/go/resourcemanager: v1.4.0 → v1.6.0
- cloud.google.com/go/resourcesettings: v1.4.0 → v1.5.0
- cloud.google.com/go/retail: v1.11.0 → v1.12.0
- cloud.google.com/go/run: v0.3.0 → v0.9.0
- cloud.google.com/go/scheduler: v1.7.0 → v1.9.0
- cloud.google.com/go/secretmanager: v1.9.0 → v1.10.0
- cloud.google.com/go/security: v1.10.0 → v1.13.0
- cloud.google.com/go/securitycenter: v1.16.0 → v1.19.0
- cloud.google.com/go/servicecontrol: v1.5.0 → v1.11.1
- cloud.google.com/go/servicedirectory: v1.7.0 → v1.9.0
- cloud.google.com/go/servicemanagement: v1.5.0 → v1.8.0
- cloud.google.com/go/serviceusage: v1.4.0 → v1.6.0
- cloud.google.com/go/shell: v1.4.0 → v1.6.0
- cloud.google.com/go/spanner: v1.41.0 → v1.44.0
- cloud.google.com/go/speech: v1.9.0 → v1.15.0
- cloud.google.com/go/storage: v1.28.1 → v1.30.1
- cloud.google.com/go/storagetransfer: v1.6.0 → v1.8.0
- cloud.google.com/go/talent: v1.4.0 → v1.5.0
- cloud.google.com/go/texttospeech: v1.5.0 → v1.6.0
- cloud.google.com/go/tpu: v1.4.0 → v1.5.0
- cloud.google.com/go/trace: v1.4.0 → v1.9.0
- cloud.google.com/go/translate: v1.4.0 → v1.7.0
- cloud.google.com/go/video: v1.9.0 → v1.14.0
- cloud.google.com/go/videointelligence: v1.9.0 → v1.10.0
- cloud.google.com/go/vision/v2: v2.5.0 → v2.7.0
- cloud.google.com/go/vmmigration: v1.3.0 → v1.6.0
- cloud.google.com/go/vpcaccess: v1.5.0 → v1.6.0
- cloud.google.com/go/webrisk: v1.7.0 → v1.8.0
- cloud.google.com/go/websecurityscanner: v1.4.0 → v1.5.0
- cloud.google.com/go/workflows: v1.9.0 → v1.10.0
- cloud.google.com/go: v0.105.0 → v0.110.0
- github.com/Ad...
v0.15.0
Changes by Kind
Feature
- Add krel sign blobs and images commands (#2742, @cpanato) [SIG Release]
- Added command line parameter verification for
krel stage
. (#2774, @saschagrunert) [SIG Release] - Added package build and release to
krel
(#2744, @saschagrunert) [SIG Release] - BUILDER_IMAGE can now be overridden when building the go-runner image. Additionally a new variable DISTROLESS_REGISTRY can be used to specify a different registry and repository, to more completely override the DISTROLESS_IMAGE build arg to support custom images. (#2709, @jeremyrickard) [SIG Release]
- Build Go 1.18.4 and 1.17.12 images
- Build Go 1.18.5 and 1.17.13 images (#2626, @cpanato) [SIG Release]
- Build Go 1.19.1 and 1.18.6 based images (#2659, @palnabarun) [SIG Release]
- Build Go 1.19.2 and 1.18.7 based images (#2696, @xmudrii) [SIG Release]
- Build Go 1.19.3 and 1.18.8 based images (#2732, @xmudrii) [SIG Release]
- Build Go 1.19.4 and 1.18.9 based images (#2794, @xmudrii) [SIG Release]
- Build Go 1.19.5 and 1.18.10 based images (#2853, @cpanato) [SIG Release]
- Build cross for go1.19 for 1.23 and 1.24 release branches (#2825, @cpanato) [SIG Release]
- Build k8s-cloud-builder and k8s-ci-builder using Go 1.19.1
- Build k8s-cloud-builder and k8s-ci-builder using Go 1.18.6 (#2660, @palnabarun) [SIG Release]
- Build k8s-cloud-builder and k8s-ci-builder using Go 1.19.2
- Build k8s-cloud-builder and k8s-ci-builder using Go 1.19.3
- Build k8s-cloud-builder and k8s-ci-builder using Go 1.19.4
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.19.5 (#2856, @cpanato) [SIG Release]
- Changed krel fast-forward to not run when the release cut issue is open. (#2814, @saschagrunert) [SIG Release]
- Debian-base: Build bullseye-v1.4.0 images (#2590, @wespanther) [SIG Release]
- Debian-base: Build bullseye-v1.4.1 images (#2609, @wespanther) [SIG Release]
- Debian-base: Build bullseye-v1.4.2 images (#2641, @wespanther) [SIG Release]
- Debian-base: Update dependents to use bullseye-v1.4.0
- debian-iptables: Build bullseye-v1.5.0 image
- setcap: Build bullseye-v1.4.0 image (#2597, @wespanther) [SIG Release]
- Debian-base: Update dependents to use bullseye-v1.4.2
- debian-iptables: Build bullseye-v1.5.1 image
- setcap: Build bullseye-v1.4.1 image (#2643, @wespanther) [SIG Release]
- Drop 1.22 and go 1.16 build variants
- Golang: Build 1.19rc1 images (#2601, @cpanato) [SIG Release]
- Golang: Build 1.20rc2 images (#2846, @cpanato) [SIG Release]
- Golang: Build 1.20rc3 images (#2857, @cpanato) [SIG Release]
- Golang: build 1.19 images (#2628, @cpanato) [SIG Release]
- Golang: build 1.19rc2 images (#2610, @palnabarun) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.4
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.5
- K8s-cloud-builder: build using Go 1.19 (#2631, @cpanato) [SIG Release]
- Release-1.23 builders and CI updated to go1.19.4 (#2832, @liggitt) [SIG Release]
- Release-1.24 builders and CI updated to go1.19.4 (#2830, @liggitt) [SIG Release]
- Remove old and not used dependency for 1.20
- Remove version package in favor of sigs.k8s.io/release-utils/version (#2569, @cpanato) [SIG Release]
- Tools that fail when no GitHub token is set now fail with a message asking the user to set GITHUB_TOKEN as an environment variable. (#2632, @knowshan) [SIG Release]
- Update cosign image to use release v1.10.0 (#2615, @cpanato) [SIG Release]
- Update to go1.19 (#2649, @cpanato) [SIG Release]
- Updated CNI plugins to v1.1.1 (#2650, @saschagrunert) [SIG Release]
- Updated CNI plugins to v1.2.0 (#2863, @saschagrunert) [SIG Release]
- Updated cri-tools to v1.25.0 (#2647, @saschagrunert) [SIG Release]
- Updated cri-tools to v1.26.0 (#2821, @saschagrunert) [SIG Release]
- Use distroless image in debian-iptables generation (#2502, @rikatz) [SIG Release]
- Warn on
krel stage
if ELF binaries are dynamically linked (we do not fail on that case). (#2797, @saschagrunert) [SIG Release] krel cve
now supports ingesting CVE information data with a temporal vector metric. (#2664, @puerco) [SIG Release]publish-release
can now upload artifacts to GitHub from Cloud Storage buckets (#2707, @puerco) [SIG Release]
Bug or Regression
- Distroless-iptables image will no longer contain repeated contents in
/var/lib/dpkg/status.d/$package
files (#2831, @BenTheElder) [SIG Release] - Fix the len should be of the number of files and not in the arguments passed (#2781, @cpanato) [SIG Release]
- Fixed bug in deduplication of release notes if multiple CVE's have the same official release notes text (
NONE
). (#2758, @saschagrunert) [SIG Release] - Fixed bug to not record the GitHub API in parallel. (#2769, @saschagrunert) [SIG Release]
- Fixed unbound variable if no version is specified in
hack/rapture/build-packages.sh
(#2736, @saschagrunert) [SIG Release] - Get the correct path to upload to github release page (#2720, @cpanato) [SIG Release]
- When downloading copy o local using the same directory structure (#2782, @cpanato) [SIG Release]
krel sign blob
will not sync down existing signatures and certs when signing files in a gcs bucket to work around a bug causing file verification to fail
Other (Cleanup or Flake)
- Ensure it's possible to build rpms generated by kubepkg (#2712, @xmudrii) [SIG Release]
- Our mailing list announcements now uses the new registry. (#2746, @upodroid) [SIG Release]
- Removes darwin/386 from KUBE_CROSSPLATFORMS which is used to prebuild the standard library with target arch is amd64 (#2760, @jeremyrickard) [SIG Release]
- Retry
docker manifest push
on network failure. (#2817, @saschagrunert) [SIG Release] - Switched to golang native error wrapping. (#2581, @saschagrunert) [SIG Release]
- Update GORUNNER_VERSION base image for debian-iptables (#2682, @cpanato) [SIG Release]
- Use the latest CNI plugins version for for deb packages. (#2673, @saschagrunert) [SIG Release]
Dependencies
Added
- cloud.google.com/go/accessapproval: v1.5.0
- cloud.google.com/go/accesscontextmanager: v1.4.0
- cloud.google.com/go/aiplatform: v1.27.0
- cloud.google.com/go/analytics: v0.12.0
- cloud.google.com/go/apigateway: v1.4.0
- cloud.google.com/go/apigeeconnect: v1.4.0
- cloud.google.com/go/appengine: v1.5.0
- cloud.google.com/go/area120: v0.6.0
- cloud.google.com/go/artifactregistry: v1.9.0
- cloud.google.com/go/asset: v1.10.0
- cloud.google.com/go/assuredworkloads: v1.9.0
- cloud.google.com/go/automl: v1.8.0
- cloud.google.com/go/baremetalsolution: v0.4.0
- cloud.google.com/go/batch: v0.4.0
- cloud.google.com/go/beyondcorp: v0.3.0
- cloud.google.com/go/billing: v1.7.0
- cloud.google.com/go/binaryauthorization: v1.4.0
- cloud.google.com/go/certificatemanager: v1.4.0
- cloud.google.com/go/channel: v1.9.0
- cloud.google.com/go/cloudbuild: v1.4.0
- cloud.google.com/go/clouddms: v1.4.0
- cloud.google.com/go/cloudtasks: v1.8.0
- cloud.google.com/go/compute/metadata: v0.2.2
- cloud.google.com/go/contactcenterinsights: v1.4.0
- cloud.google.com/go/container: v1.7.0
- cloud.google.com/go/datacatalog: v1.8.0
- cloud.google.com/go/dataflow: v0.7.0
- cloud.google.com/go/dataform: v0.5.0
- cloud.google.com/go/datafusion: v1.5.0
- cloud.google.com/go/datalabeling: v0.6.0
- cloud.google.com/go/dataplex: v1.4.0
- cloud.google.com/go/dataproc: v1.8.0
- cloud.google.com/go/dataqna: v0.6.0
- cloud.google.com/go/datastream: v1.5.0
- cloud.google.com/go/deploy: v1.5.0
- cloud.google.com/go/dialogflow: v1.19.0
- cloud.google.com/go/dlp: v1.7.0
- cloud.google.com/go/documentai: v1.10.0
- cloud.google.com/go/domains: v0.7.0
- cloud.google.com/go/edgecontainer: v0.2.0
- cloud.google.com/go/essentialcontacts: v1.4.0
- cloud.google.com/go/eventarc: v1.8.0
- cloud.google.com/go/filestore: v1.4.0
- cloud.google.com/go/functions: v1.9.0
- cloud.google.com/go/gaming: v1.8.0
- cloud.google.com/go/gkebackup: v0.3.0
- cloud.google.com/go/gkeconnect: v0.6.0
- cloud.google.com/go/gkehub: v0.10.0
- cloud.google.com/go/gkemulticloud: v0.4.0
- cloud.google.com/go/gsuiteaddons: v1.4.0
- cloud.google.com/go/iap: v1.5.0
- cloud.google.com/go/ids: v1.2.0
- cloud.google.com/go/iot: v1.4.0
- cloud.google.com/go/language: v1.8.0
- cloud.google.com/go/lifesciences: v0.6.0
- cloud.google.com/go/longrunning: v0.3.0
- cloud.google.com/go/managedidentities: v1.4.0
- cloud.google.com/go/mediatranslation: v0.6.0
- cloud.google.com/go/memcache: v1.7.0
- cloud.google.com/go/metastore: v1.8.0
- cloud.google.com/go/networkconnectivity: v1.7.0
- cloud.google.com/go/networkmanagement: v1.5.0
- cloud.google.com/go/networksecurity: v0.6.0
- cloud.google.com/go/notebooks: v1.5.0
- cloud.google.com/go/optimization: v1.2.0
- cloud.google.com/go/orchestration: v1.4.0
- cloud.google.com/go/orgpolicy: v1.5.0
- cloud.google.com/go/osconfig: v1.10.0
- clou...
v0.14.0
Changes by Kind
Feature
- .github: Initial config for CodeQL & Scorecard (#2441, @justaugustus) [SIG Release]
- Added container image signing for intermediate container images produced by
krel stage
(#2397, @saschagrunert) [SIG Release] - Build Go 1.17.8 and 1.16.15 images (#2451, @cpanato) [SIG Release]
- Build Go 1.18.1 and 1.17.9 images (#2500, @cpanato) [SIG Release]
- Build Go 1.18.2 and 1.17.10 images (#2521, @cpanato) [SIG Release]
- Build Go 1.18.3 and 1.17.11 images (#2542, @cpanato) [SIG Release]
- Build go1.18 official images (#2464, @justaugustus) [SIG Release]
- Build/update kube-cross images using latest stable protobuf (v3.19.4) (#2431, @vitt-bagal) [SIG Release]
- Debian-base: Update dependents to use bullseye-v1.3.0
- debian-iptables: Build bullseye-v1.4.0 image
- setcap: Build bullseye-v1.3.0 image (#2543, @wespanther) [SIG Release]
- Golang: Build 1.18rc1 images (#2433, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.17.8 / 1.16.15 (#2463, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.18 (#2472, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.1
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.2
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.3
- K8s-cloud-builder: Build go1.18rc1 variant (#2437, @justaugustus) [SIG Release]
- Link the container images within the changelog to their corresponding location in GCR. (#2439, @saschagrunert) [SIG Release]
- The CI Signal Report CLI now uses the new Project board to generate the GitHub part of the report https://github.com/orgs/kubernetes/projects/68 (#2454, @leonardpahlke) [SIG Release]
- Update cosign image to use release v1.7.2 (#2495, @cpanato) [SIG Release]
- Update cosign image to v1.7.1 (#2489, @cpanato) [SIG Release]
- Update cosign to 1.9.0 release (#2544, @cpanato) [SIG Release]
- Update release-sdk/utils (#2545, @cpanato) [SIG Release]
- Updated cri-tools to v1.23.0. (#2457, @saschagrunert) [SIG Release]
- Updated cri-tools to v1.24.0 (#2517, @saschagrunert) [SIG Release]
- Updated cri-tools to v1.24.2 (#2535, @saschagrunert) [SIG Release]
Documentation
- Corrected small mistake in the
krel
docs. Users were instructed to setauthor.email
to the email they used to sign the CNCF CLA, it now readsuser.email
. (#2492, @AuraSinis) [SIG Release]
Bug or Regression
- Added
NonInteractive
flag to gcb options to allow asking no questions when running in nomock mode. (#2516, @saschagrunert) [SIG Release] - Fix a hardcoded path when writing the SBOM, now we scratch it in the go reported directory (#2481, @puerco) [SIG Release]
- Fixed
krel stage
for using custom Kubernetes refs viaK8S_ORG
,K8S_REF
orK8S_REPO
. (#2522, @saschagrunert) [SIG Release] - Fixed bug in changelog generation when using custom Kubernetes forks via
K8S_ORG
,K8S_REF
orK8S_REPO
. (#2524, @saschagrunert) [SIG Release] - Fixed git configuration in
krel fast-forward
. (#2503, @saschagrunert) [SIG Release] - Reverted 0eb9589 as some error checking was returning invalid errors.
Other (Cleanup or Flake)
- Deps: Update to cosign v1.5.2 (#2434, @justaugustus) [SIG Release]
- Fixed broken GitHub authentication for release-notes tool and changelog generation. (#2562, @saschagrunert) [SIG Release]
- Remove check for outdated dependencies (#2531, @cpanato) [SIG Release]
- Update cosign to use release v1.6.0 (#2452, @cpanato) [SIG Release]
Dependencies
Added
- 4d63.com/gochecknoglobals: v0.1.0
- bitbucket.org/creachadair/shell: v0.0.6
- bou.ke/monkey: v1.0.2
- cloud.google.com/go/compute: v1.6.1
- cloud.google.com/go/iam: v0.3.0
- cloud.google.com/go/kms: v1.4.0
- cloud.google.com/go/monitoring: v1.1.0
- cloud.google.com/go/secretmanager: v1.0.0
- cloud.google.com/go/security: v1.1.1
- cloud.google.com/go/spanner: v1.25.0
- cloud.google.com/go/trace: v1.0.0
- code.gitea.io/sdk/gitea: v0.11.3
- contrib.go.opencensus.io/exporter/aws: c478e41
- contrib.go.opencensus.io/exporter/ocagent: 05415f1
- contrib.go.opencensus.io/exporter/prometheus: v0.4.0
- contrib.go.opencensus.io/exporter/stackdriver: v0.13.10
- contrib.go.opencensus.io/exporter/zipkin: v0.1.2
- contrib.go.opencensus.io/integrations/ocsql: v0.1.7
- contrib.go.opencensus.io/resource: v0.1.1
- cuelang.org/go: v0.4.3
- filippo.io/edwards25519: v1.0.0-rc.1
- github.com/AdaLogics/go-fuzz-headers: f7be0cb
- github.com/Antonboom/errname: v0.1.5
- github.com/Antonboom/nilnil: v0.1.0
- github.com/Azure/azure-amqp-common-go/v2: v2.1.0
- github.com/Azure/azure-amqp-common-go/v3: v3.2.2
- github.com/Azure/azure-pipeline-go: v0.2.3
- github.com/Azure/azure-service-bus-go: v0.11.5
- github.com/Azure/azure-storage-blob-go: v0.14.0
- github.com/Azure/go-amqp: v0.16.4
- github.com/Azure/go-autorest/autorest/azure/auth: v0.5.11
- github.com/Azure/go-autorest/autorest/azure/cli: v0.4.5
- github.com/Azure/go-autorest/autorest/to: v0.4.0
- github.com/Azure/go-autorest/autorest/validation: v0.3.1
- github.com/Djarvur/go-err113: aea10b5
- github.com/GoogleCloudPlatform/cloudsql-proxy: v1.27.0
- github.com/Knetic/govaluate: 9aa4983
- github.com/Masterminds/goutils: v1.1.1
- github.com/Masterminds/semver/v3: v3.1.1
- github.com/Masterminds/semver: v1.5.0
- github.com/Masterminds/sprig/v3: v3.2.2
- github.com/Mastermin...
v0.13.0
What's Changed
Deprecation
- Krel: Move
promote-images
subcommand to sigs.k8s.io/promo-tools
This functionality has been moved tokpromo pr
- krel: Replace fork functions with sigs.k8s.io/release-sdk analogs
- pkg/release: Replace image funcs with sigs.k8s.io/promo-tools analogs (#2326, @justaugustus) [SIG Release]
- Migrate
bom
utility to sigs.k8s.io/bom (#2330, @justaugustus) [SIG Release] - Removed
krel changelog
subcommand. (#2401, @saschagrunert) [SIG Release]
Feature
- Add kube-cross variant for k8s 1.24 next release (#2344, @cpanato) [SIG Release]
- Added
--non-interactive
flag tokrel ff
, - Automatically determine the
krel ff --branch
if not provided.
If the branch is found,krel ff
will check if a fast forward is required or not by
testing the availability of the latest final tag (like v1.23.0). (#2390, @saschagrunert) [SIG Release] - Added container images to changelog (#2400, @saschagrunert) [SIG Release]
- Added support to run
krel fast-forward
(formerkrel ff
) in GCB via its new--submit
flag. (#2391, @saschagrunert) [SIG Release] - Debian-base: Update dependents to use bullseye-v1.1.0 / buster-v1.10.0
- debian-iptables: Build bullseye-v1.2.0 / buster-v1.8.0 images
- setcap: Build bullseye-v1.1.0 / buster-v2.1.0 images (#2373, @justaugustus) [SIG Release]
- Golang: Set next candidate to go1.18beta2
- golang: Build 1.18beta2 images (#2411, @cpanato) [SIG Release]
- Images: k8s-cloud-builder go1.18 and CVE updates for debian-base
- [go1.18] Build k8s-cloud-builder:v1.24.0-go1.18beta1-bullseye.0
- debian-base: Build bullseye-v1.1.0 and buster-v1.10.0 (#2371, @justaugustus) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.11 (#2350, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.12 (#2356, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.4
- add k8s-ci-builder config for 1.24 (#2347, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.5 (#2353, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.16.13 (#2395, @palnabarun) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.17.6 (#2393, @palnabarun) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.17.7 (#2428, @xmudrii) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.17.7 / 1.16.14 (#2429, @xmudrii) [SIG Release]
- Krel/announce: ask for confirmation before sending the email (#2321, @palnabarun) [SIG Release]
- Krel/ff: add an option to define a gcp project to use instead of the default one (#2414, @cpanato) [SIG Release]
- Our utility to manage release publishing
publish-release
, now automatically generates an SBOM describing the source code repository and all artifacts uploaded as assets to the GitHub release page. (#2372, @puerco) [SIG Release] - Set next release version to v1.24.0
- golang: Set next candidate to go1.18beta1
- golang: Build 1.18beta1 images and drop temp
buster
variants (#2370, @justaugustus) [SIG Release] - Update cosign to release v1.4.1 (#2352, @cpanato) [SIG Release]
- Update cosign to v1.4.0 release (#2346, @cpanato) [SIG Release]
- [go] Build Go 1.17.6 and 1.16.13 images (#2381, @palnabarun) [SIG Release]
- [go] Build Go 1.17.7 and 1.16.14 images (#2426, @xmudrii) [SIG Release]
- [go] Build go1.17.4 and go1.16.11 images (#2342, @cpanato) [SIG Release]
- [go] Build go1.17.5 and go1.16.12 images (#2351, @cpanato) [SIG Release]
publish-release
now supports a new--release-notes-file
flag. When defined it will read a file and include its contents in a new section on the release page.- The default template for the GitHub page no longer lists the release assets. The information was redundant as it already listed in the SBOM. (#2403, @puerco) [SIG Release]
Documentation
- Issue/template: remove not needed item and general updates (#2343, @cpanato) [SIG Release]
- Removed
cip-mm
andgh2gcs
reference from README.md, they're now part of kpromo (#2392, @saschagrunert) [SIG Release]
Failing Test
- The release notes gatherer will now sleep for a minute+random secs when hitting the GitHub API secondary rate limit. (#2324, @puerco) [SIG Release]
Bug or Regression
- Clone tool repo on krel fast-forward if required. (#2413, @saschagrunert) [SIG Release]
- Debian packaging: remove dependency on dh-systemd, which is now part of debhelper, update debhelper requirements to minimum version with dh-systemd included (>= 9.20160709) (#2325, @BenTheElder) [SIG Release]
- Fixed a bug when splitting asset arguments strings that caused publish-release to crash. (#2410, @puerco) [SIG Release]
- Fixed a changelog bug that prevented the links to authors and pull requests to render correctly in the Kubernetes changelog (#2335, @puerco) [SIG Release]
- Fixed krel release-notes git ssh fatal error when using single flag
--create-website-pr
(#2421, @csantanapr) [SIG Release] - Krel: fix layout used to parse GCB time (#2366, @xmudrii) [SIG Release]
Other (Cleanup or Flake)
-
Debian: Default to
bullseye
variants -
images: Stop attempting to build outdated variants
Drops variants that:
- have outdated versions of golang
- are building for EOL release branches (#2323, @justaugustus)
-
Krel/announce: update kubernetes-dev email distribution (#2374, @cpanato) [SIG Release]
-
Rebase the main (master) branch instead of merging when syncing with upstream on release (#2348, @xmudrii) [SIG Release]
-
The provenance attestations written while during the Kubernetes release process now conform to the SLSA v0.2 specification. (#2375, @puerco) [SIG Release]
-
Update cosign image to use release v1.5.1 (#2406, @cpanato) [SIG Release]
Dependencies
Added
- github.com/DataDog/datadog-go: v3.2.0+incompatible
- github.com/bits-and-blooms/bitset: v1.2.0
- github.com/checkpoint-restore/go-criu/v5: v5.0.0
- github.com/circonus-labs/circonus-gometrics: v2.3.1+incompatible
- github.com/circonus-labs/circonusllhist: v0.1.3
- github.com/common-nighthawk/go-figure: 734e95f
- github.com/danieljoos/wincred: v1.1.0
- github.com/iancoleman/strcase: v0.2.0
- github.com/lyft/protoc-gen-star: v0.5.3
- github.com/power-devops/perfstat: 5aafc22
- github.com/sagikazarmark/crypt: v0.3.0
- github.com/secure-systems-lab/go-securesystemslib: v0.3.0
- github.com/tj/go-spin: v1.1.0
- github.com/tv42/httpunix: b75d861
- github.com/vbatts/tar-split: v0.11.2
- github.com/yusufpapurcu/wmi: v1.2.2
- sigs.k8s.io/bom: 5dc6709
Changed
- cloud.google.com/go/firestore: v1.1.0 → v1.6.1
- cloud.google.com/go/storage: v1.16.1 → v1.18.2
- cloud.google.com/go: v0.93.3 → v0.99.0
- github.com/Azure/go-ansiterm: d6e3b33 → d185dfc
- github.com/Microsoft/go-winio: v0.5.0 → v0.5.1
- github.com/Microsoft/hcsshim: v0.8.16 → v0.8.23
- github.com/StackExchange/wmi: v1.2.1 → 5d04971
- github.com/armon/go-metrics: f0300d1 → v0.3.10
- github.com/armon/go-radix: 7fddfc3 → v1.0.0
- github.com/cenkalti/backoff/v4: v4.1.1 → v4.1.2
- github.com/census-instrumentation/opencensus-proto: v0.2.1 → v0.3.0
- github.com/cespare/xxhash/v2: v2.1.1 → v2.1.2
- github.com/cilium/ebpf: v0.4.0 → v0.6.2
- github.com/cncf/udpa/go: 5459f2c → 04548b0
- github.com/cncf/xds/go: fbca930 → a8f9461
- github.com/containerd/containerd: v1.5.2 → v1.5.8
- github.com/containerd/stargz-snapshotter/estargz: v0.7.0 → v0.10.1
- github.com/containerd/ttrpc: v1.0.2 → v1.1.0
- github.com/cpuguy83/go-md2man/v2: v2.0.0 → v2.0.1
- github.com/docker/cli: v20.10.7+incompatible → v20.10.12+incompatible
- github.com/docker/docker-credential-helpers: [v0.6.3 → v0.6.4](https://github.com/docker/docker-credential-helpers/compare/v0.6.3......
v0.12.0
Changes by Kind
Deprecation
-
Remove vulndash
I'm not a fan of doing this (because it was an intern's work), but
vulndash is undeployed and unmaintained.Given the scope of the work, it creates an attack surface for the
project in an unmaintained state, so we need to remove it. (#2322, @justaugustus)
Feature
- The stage phase of the Kubernetes release process is now SLSA compliant! 🎉
- The anago state object now registers the time the release process starts.
- We now make the GCB BUILD_ID identifier available to krel as an env var to include it in the provenance metadata.
- New go pkg:
provenance
. This new package allows projects to generate provenance metadata in in-toto attestations with SLSA compliant predicates. The new package features a scanner to easily add files as subjects in the statement. - The
provenance
package now has tests and mocks - The staging phase of anago which krel runs now has a new step:
GenerateProvenance()
. This step writes a provenance attestation file to makestage
SLSA1 compliant. The file describes the building environment and adds the artifacts that will be consumed fromrelease
as subjects in the statement. - The deletion of the Kubernetes source in the staging workspace is now decoupled from the
StageLocalSourceTree()
function PushReleaseArtifacts()
in the build package now supports uploading single files to the release bucket. Previously only directories could be uploaded with this function.- Optimized the artifact publishing logic to only create the Kubernetes source tarball once. Previously we tarred, compressed and uploaded the whole source tree once for each tag in the release. This is not needed as all releases share the same source. (#2273, @puerco)
- Add a new ci-reporter tool to generate weekly CI Signal Reports (#2309, @palnabarun)
- Added
K8S_ORG
,K8S_REPO
andK8S_REF
environment variable support to stage custom k/k forks. (#2074, @saschagrunert) - Artifacts are now verified against the in-toto attestation produced during the staging phase of a release. If validation fails, for now only a warning is reported in the logs. Future builds will abort execution right after validation.
- Config: Add configs for copying GitHub releases to GCS buckets (#2281, @justaugustus)
- Cosign: update cosign to 1.3.1 (#2315, @cpanato)
- Cross: build variants for each k8s release branch (main branch, 1.22, 1.21) (#2253, @cpanato)
- Debian-iptables image now contains /go-runner binary (#2301, @BenTheElder)
- Debian-iptables: Build bullseye-v1.0.0 images
- images: Build go1.17-bullseye variants
- go-runner:v2.3.1-go1.17.1-bullseye.0
- releng-ci (#2210, @justaugustus)
- Debian-iptables:bullseye image now contains /go-runner binary (#2310, @pohly)
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.10 (#2311, @cpanato)
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.8 (#2252, @cpanato)
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.9 (#2290, @cpanato)
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.1 (#2246, @cpanato)
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.2 (#2289, @cpanato)
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.3 (#2306, @cpanato)
- Krel: make promote-images work for other k8s and k8s sigs projects (#2280, @CecileRobertMichon)
- New SPDX parser to read and interpret SPDX SBoMs in tag/value format.
- Release notes: Remove author and PR links from Markdown (#2274, @CecileRobertMichon)
- Releases now publish a provenance attestation with a SLSA 0.1 predicate describing all artifacts in the release bucket. (#2300, @puerco)
- Setcap: Build bullseye-v1.0.0 images
- images: Build go1.17-bullseye variants (part two)
- kube-cross:v1.23.0-go1.17.1-bullseye.0
- k8s-ci-builder (#2249, @justaugustus)
- Update
cosign
to v1.2.0 (#2251, @cpanato) - Update
cosign
to v1.2.1 (#2259, @cpanato) - [go] Build go1.17.2 and go1.16.9 images (#2285, @mengjiao-liu)
- [go] Build go1.17.3 and go1.16.10 images (#2305, @cpanato)
Documentation
- Go.mod: Update sigs.k8s.io/promo-tools/v3 to v3.2.1
...which fixes import issues following the repo rename. (#2255, @justaugustus) - Issue-template: update dep-golang template to remove bazel updates (#2291, @cpanato)
- Krel/promote-images: make error when GitHub token is not provided more verbose
krel/promote-images: update promotion PR body to have the command (#2320, @palnabarun)
Bug or Regression
- Cross: install ip looks like it is not there for bullseye (#2260, @cpanato)
- Fixed table of contents header links containing source code in changelog and release notes generation. (#2277, @saschagrunert)
- New
release.ProvenanceReade
object handles the generation of provenance subjects during staging. Written in response to a bug found in the intoto subjects included in the attestation, this new object is now more testable. (#2296, @puerco) - Packages: Update minimum Kubernetes version to v1.19.0 (#2295, @justaugustus)
Other (Cleanup or Flake)
- During
anago.release
, krel will now download and perform the staged artifact verification in a dedicated directory in the Cloud Build workspace. (#2297, @puerco) - FIxed the help text for
krel cve -f
. It now reads "update vulnerability data from a local map file" (#2257, @puerco) - Go.mod: Update sigs.k8s.io/k8s-container-image-promoter to v3.2.0 (#2247, @justaugustus)
Dependencies
Added
- github.com/codahale/rfc6979: 6a90f24
- github.com/google/go-github/v34: v34.0.0
- github.com/google/go-github/v39: v39.2.0
- github.com/in-toto/in-toto-golang: v0.3.3
- github.com/lufia/plan9stats: 39d0f17
- github.com/shibumi/go-pathspec: v1.2.0
- sigs.k8s.io/promo-tools/v3: v3.2.1
Changed
- github.com/go-ole/go-ole: v1.2.5 → v1.2.6
- github.com/gomarkdown/markdown: 8c8b381 → 3b9f472
- github.com/google/go-querystring: v1.0.0 → v1.1.0
- github.com/mitchellh/mapstructure: v1.4.1 → v1.4.2
- github.com/sendgrid/rest: v2.6.4+incompatible → v2.6.5+incompatible
- github.com/sendgrid/sendgrid-go: v3.10.0+incompatible → v3.10.3+incompatible
- github.com/shirou/gopsutil/v3: v3.21.8 → v3.21.10
- github.com/yuin/goldmark: v1.4.1 → v1.4.4
- golang.org/x/crypto: 5ff15b2 → 32db794
- golang.org/x/mod: v0.5.0 → v0.5.1
- golang.org/x/net: abc4532 → aaa1db6
- golang.org/x/sys: 63515b4 → 97ac67d
- golang.org/x/tools: v0.1.5 → v0.1.7
- sigs.k8s.io/mdtoc: v1.0.1 → v1.1.0
- sigs.k8s.io/release-sdk: v0.2.0 → f50f511
- sigs.k8s.io/yaml: v1.2.0 → v1.3.0
Removed
- sigs.k8s.io/k8s-container-image-promoter: v1.339.0
v0.11.0
Changes by Kind
API Change
- Removed
--dependencies
flag fromkrel release-notes
, because they will be added during release cut. (#2193, @saschagrunert) [SIG Release]
Feature
- Cosign: Add a public key for testing
Preliminary steps to sign/verify artifacts viacosign
.
The process or needs will evolve over time, so we've opted to generate
a "test" key to start. (#2226, @justaugustus) [SIG Release] - Debian-base: Build bullseye-v1.0.0 images (#2209, @justaugustus) [SIG Release]
- Debian-iptables: Build buster-v1.6.7 image (#2237, @wespanther) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.15.15 (#2200, @cpanato) [SIG Release]
- K8s-cloud-builder: Update to v1.23.0-go1.17-buster.0 (#2222, @justaugustus) [SIG Release]
- Kpromo: Initial image building configuration (#2231, @justaugustus) [SIG Release]
- Kube-cross: Drop non-legacy go1.15 variant
-
kube-cross: Remove etcd from non-legacy builds
-
images: Enforce Debian codenames for Golang-based images
When there are multiple image builds in flight both upstream and downstream,
we can run into situations where a new Debian version becomes the default for
image builds, which can have unintended side-effects across release branches.Here we use explicit pairings of Golang/Debian versions to retrieve images
Example:
FROM golang:1.16.7-buster
-
kube-cross: Use OS codenames to construct clearer versions for images
Uses the following nomenclature:
v<kubernetes-major>-go<go-major>-<os-codename>.<revision>
Example:
v1.23.0-go1.17-buster.0
-
[go1.17] Build images for go1.17
- kube-cross:v1.23.0-go1.17-buster.0
- go-runner:v2.3.1-go1.17-buster.0 (#2211, @justaugustus) [SIG Release]
-
- SPDX: Fixed a bug where the
VARIANT_OF
relationship in multiarch container images was expressed backwards - Update
cosign
to v1.1.0 (#2229, @justaugustus) [SIG Release] - [go1.17] Default to go1.17
- dependencies.yaml: Default to go1.17 for image builds
- vulndash: Build v0.4.3-8 image
- dependencies.yaml: Add entry for go.mod
- packages/deb: Update module to go1.17
- images/build/go-runner: Update module to go1.17
- go.mod: Update module to go1.17 (#2223, @justaugustus) [SIG Release]
- [go] Build go1.17.1 and go1.16.8 images (#2239, @cpanato) [SIG Release]
Design
- Migrate
gh2gcs
to the promotion tooling repo- Migrate pkg/{git,github,release/regex} to sigs.k8s.io/release-sdk (#2245, @justaugustus) [SIG Release]
Documentation
- Migrate promotion tooling back to CIP repo (#2240, @justaugustus) [SIG Release]
Bug or Regression
- Bom: fix panic when LICENSE file is not found (#2213, @hectorj2f) [SIG Release]
- Fixed a bug in the SPDX package where layer references in single image manifests were not correctly formed (#2206, @puerco) [SIG Release]
- When cutting the packages, we no longer upload .deb files to scratch bucket (#2216, @puerco) [SIG Release]
Other (Cleanup or Flake)
- Images: Update gcb-docker-cloud image to v20210722-085d930 (#2230, @justaugustus) [SIG Release]
- Migrate
pkg/object
andpkg/gcp/gcp.go
to sigs.k8s.io/release-sdk (#2232, @justaugustus) [SIG Release] - When generating the packages for a release, we no longer update the /debian/latest marker in k8s-release-dev (#2217, @puerco) [SIG Release]
Dependencies
Added
- cloud.google.com/go/containeranalysis: v0.1.0
- cloud.google.com/go/errorreporting: v0.1.0
- cloud.google.com/go/grafeas: 71387f0
- github.com/google/go-github/v37: v37.0.0
- sigs.k8s.io/release-sdk: v0.2.0
Changed
- cloud.google.com/go/logging: v1.1.2 → v1.4.2
- cloud.google.com/go/storage: v1.12.0 → v1.16.1
- cloud.google.com/go: v0.90.0 → v0.93.3
- github.com/cenkalti/backoff/v4: v4.1.0 → v4.1.1
- github.com/go-logr/logr: v0.4.0 → v0.2.0
- github.com/google/pprof: 4bb14d4 → f964ff6
- github.com/googleapis/gax-go/v2: v2.0.5 → v2.1.0
- github.com/kevinburke/ssh_config: 4977a11 → v1.1.0
- github.com/mattn/go-isatty: v0.0.13 → v0.0.14
- github.com/sergi/go-diff: v1.1.0 → v1.2.0
- github.com/shirou/gopsutil/v3: v3.21.7 → v3.21.8
- github.com/tklauser/go-sysconf: v0.3.7 → v0.3.9
- github.com/tklauser/numcpus: v0.2.3 → v0.3.0
- github.com/yuin/goldmark: v1.4.0 → v1.4.1
- golang.org/x/crypto: 83a5a9b → 5ff15b2
- golang.org/x/mod: v0.4.2 → v0.5.0
- golang.org/x/oauth2: a41e5a7 → 2bc19b1
- golang.org/x/sys: 0f9fa26 → 63515b4
- google.golang.org/api: v0.51.0 → v0.56.0
- google.golang.org/genproto: 7823e68 → 66f60bf
- google.golang.org/grpc: v1.39.0 → v1.40.0
- k8s.io/gengo: 83324d8 → 3a45101
- k8s.io/klog/v2: v2.9.0 → v2.4.0
- sigs.k8s.io/k8s-container-image-promoter: v1.337.0 → v1.339.0
Removed
- github.com/joefitzgerald/rainbow-reporter: v0.1.0
- k8s.io/code-generator: v0.19.7
v0.10.0
Changes by Kind
Feature
- Allows more options to be passed to the SPDX document builder
- File analysis is now done in parallel speeding the kubernetes bom generation significally
- When generating a SPDX package from a directory, file paths will now be relative to the dir root
- Golang packages that have local replacements will be honored saving a considerable amount of downloads
- Fixed a bug where we would erase the local golang package install
- Fixed a bug where license data would be saved in the download cache directory, resulting in the license classifier having a lower accuracy
- Golang packages will now include all license text in the SBOM as well as the SPDX license identifier
- New function
license.ReadTopLicense()
will scan and return only the most significant license in a directory, potentially avoiding thousands of operations in the classifier code. (#2096, @puerco) [SIG Release]
- Apache-2.0 is now defined as the default and expressed license in packages
- The SPDX package now supports ExternalDocRef making it possible to define external documents related to an SBOM
- Added functions to the
release
package to get the produced artifacts (ListBuildImages, ListBuildTarballs, ListBuildBinaries) - Added release tarballs (client, server, node) to artifacts SBOM
- Binaries are now listed with their correct relative paths in the artifacts SBOM
- FIxed a bug where SPDX Ids would clash when two packages shared the same base image
- The source code SBOM is now referenced by the artifacts sbom packages as GENERATED_FROM
- Added tests to ensure SPDX Relationships render correctly (#2156, @puerco) [SIG Release]
- Changed archived Kubernetes release sources to be compressed as tarball (#2130, @saschagrunert) [SIG Release]
- Debian-base: Build buster-v1.8.0 image (#2135, @jindijamie) [SIG Release]
- Debian-base: Build buster-v1.9.0 image (#2189, @justaugustus) [SIG Release]
- Debian-iptables: Build buster-v1.6.5 image
- setcap: Build buster-v2.0.3 image (#2142, @justaugustus) [SIG Release]
- Debian-iptables: Build buster-v1.6.6 image
- setcap: Build buster-v2.0.4 image (#2192, @justaugustus) [SIG Release]
- Fixed a bug that was causing errors downloading go packages, except for a few specific deps, we now have licensing data for all packages.
- Correct a bug where HTML entities were being introduced into the spdx licenses and output. The code was wrongly using html/template instead of text/template.
- There is now a new Relationship type and a better way to relate objects among themselves via a new
spdx.Object
interface - New SPDX object interface. This is important as we will start having functions that can take either packages or files, hence we create the interface to address them both
- Changes the way image references are treated when generating an SBOM from an image reference. Now, The spdx package will now fetch all images for all architectures found
- New function to generates a valid SPDX ID string, optionally it can take strings as seeds to generate a more intuitive ID for packages and files.
- Fixes a bug where month and day were in the wrong order in the SPDX document date. (#2147, @puerco) [SIG Release]
- K8s-ci-builder: Add 1.22 variant, drop 1.18 variant
- k8s-ci-builder: Add 1.23 variant
- k8s-ci-builder: Build go1.16.6 images
- k8s-cloud-builder: Build v1.17.0-rc.1-1 image (#2168, @justaugustus) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.15.15 (#2200, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.7 (#2198, @cpanato) [SIG Release]
- K8s-cloud-builder: Build image using go1.16.6 (#2163, @puerco) [SIG Release]
- K8s-cloud-builder: Build v1.17.0-rc.2-1 image (#2190, @justaugustus) [SIG Release]
- Schedule-builder: add new field (#2173, @cpanato) [SIG Release]
- Stage now runs completely without setting the github token in the k/k clone remote configuration
- The
binary.Binary
object has a new methodContainsString()
that allows for searching inside the binary for one or more strings.- The release process now has a new step during staging:
VerifyArtifacts
. Where during which we will perform checks of the artifacts we produce. - Binaries are now checked to ensure they are of the expected platform/arch
- The version tag in binaries is now checked to ensure they match each release version tag
- Fixed a bug in
release.ListBuildBinaries
where server and client tarballs were wrongly included in the output. (#2160, @puerco) [SIG Release]
- The release process now has a new step during staging:
- Update
dependencies.yaml
1.15 to use Go 1.15.14 - When running release from a non-main branch, krel will now merge any commits before pushing the branch back to github, avoiding conflicts due to divergent branches. (#2128, @puerco) [SIG Release]
- When staging a new kubernetes build,
krel
will now prewarm the license cache to have the classifier data ready when generating the bill of materials.- The release process staging phase now has a
GenerateBillOfMaterials()
step that builds the SPDX documents. - We now create an SPDX SBOM describing the Kubernetes source during staging
- Each version in a release now features an SPDX bill of materials listing its binaries and images
- stage.GenerateBillOfMaterials() now has an integration test (#2095, @puerco) [SIG Release]
- The release process staging phase now has a
- [go1.15] Update kubernetes/kubernetes dependents to use Go 1.15.13
- k8s-cloud-builder: Build v1.15.13-legacy-1/v1.15.13-1 image
- k8s-ci-builder: Build image variants using Go 1.15.13 (#2122, @thejoycekung) [SIG Release]
- [go1.16] Update kubernetes/kubernetes dependents to use go1.16.5
- [go1.17] Build images for go1.17rc1 (#2117, @justaugustus) [SIG Release]
- [go1.17] Build images for go1.17rc2 (#2188, @justaugustus) [SIG Release]
- [go] go1.16.5 and go1.15.13 updates
- [go] go1.16.6 and go1.15.14 updates
- kube-cross: Build v1.16.6-1 and v1.15.14-1 images
- go-runner: Build v2.3.1-go1.16.6-buster.0 and v2.3.1-go1.15.14-buster.0
- releng-ci: build iamge for go1.16.6 and go1.15.14
- kubepkg/packages-deb: update base image to go1.16.6 (#2162, @mengjiao-liu) [SIG Release]
- [go] go1.16.7 and go1.15.15 updates
- go-runner: Build v2.3.1-go1.16.7-buster.0 and v2.3.1-go1.15.15-buster.0
- releng-ci: build image for go1.16.6 and go1.15.15
- kube-cross: Build v1.16.7-1 and v1.15.15-1 images
- kubepkg/packages-deb: update base image to go1.16.7
- k8s-cloud-builder: Build v1.16.7-1 / v1.15.15-1 / v1.15.15-legacy-1 images (#2197, @cpanato) [SIG Release]
PrerequisitesChecker
nos has options, currently the only one isCheckGitHubToken
. This bool allows us to run without setting the GITHUB_TOKEN variable when not needed (#2138, @puerco) [SIG Release]
Documentation
- Add documentation for the
bom
utility- In-depth HOWTO guide to generating an SPDX Bill of ...