Kubernetes 1.13 is the fourth and final major release of 2018. 1.13 is also the fastest release to date, coming in just 10 weeks. This release continues to focus on the stability and scalability of Kubernetes, where the three main features in the storage and cluster life cycle areas are universally available (GA). Kubeadm simplifies cluster management, container Storage Interface (CSI), and CoreDNS as default DNS.
Simplify Kubernetes cluster management with Kubeadm (GA)
Most engineers working with Kubernetes should be able to use Kubeadm. It is an important tool for managing the life cycle of a cluster, from creation to configuration to upgrade; Now Kubeadm is officially GA. Kubeadm handles the boot of production clusters on existing hardware and best practices the configuration of core Kubernetes components to provide a secure and simple connection flow for new nodes and support easy upgrades. This GA version is notable for the advanced features that have now been graduated, especially pluggability and configurability. The scope of Kubeadm is the toolkit for administrators and automation, higher level systems, and this release is an important step in that direction.
The container storage interface (CSI) enters the GA
The Container Storage Interface (CSI) is now GA, introduced as alpha in V1.9 and beta in V1.10. With CSI, the Kubernetes volume layer becomes truly extensible. This gives third-party storage providers the opportunity to write plug-ins that can interoperate with Kubernetes without touching the core code. The specification itself has reached 1.0 status.
CoreDNS is now the default DNS server for Kubernetes
In 1.11, we announced that CoreDNS had reached the general availability of DNS-BASED service discovery. In 1.13, CoreDNS now replaces Kube-DNS with Kubernetes’ default DNS server. CoreDNS is a generic, authoritative DNS server that provides backward compatible but extensible integration with Kubernetes. CoreDNS has fewer moving parts than previous DNS servers because it is a single executable and a single process, and supports flexible use cases by creating custom DNS entries. It is also written in Go to make it memory safe.
CoreDNS is now a DNS solution recommended by Kubernetes 1.13+. This project has switched the common test infrastructure to CoreDNS by default, and we recommend users do the same. KubeDNS will still support at least one version, but it’s time to start planning for the migration. Many OSS installation tools have been switched, including Kubeadm in 1.11. If you use a hosted solution, work with your provider to understand how this will affect you.
Content security
Cve-2018-1002105 is a key security issue in Kubernetes API Server that was resolved in V1.13.0 (as well as v1.10.11, v1.11.5, and v1.12.3). We recommend that all clusters running previous versions be updated to one of them immediately. For more information, see Question # 71411
(https://github.com/kubernetes/kubernetes/issues/71411).
Upgrade instructions
Before upgrading to Kubernetes 1.13, note the following:
kube-apiserver
- The deprecated Etcd2 back-end storage has been removed. Before upgrading Kube-apiserver using -storage-backend = etcd2, you must migrate etCD V2 data to the V3 storage backend and change the kube-apiserver invocation to use -storage-backend = etcd3. A pre-upgrade backup is always a very sensible approach, but since the migration from ETCD2 to ETCD3 is irreversible, a pre-migration ETCD backup is critical.
- The deprecated — etcd-quorum-read flag has been removed.
kube-controller-manager
The discarded – Usecure-experimental-approve-all- Kubelet -csrs-for-group flag has been deleted.
kubelet
The deprecated – Google-json-key flag is deleted. Remove the – Google-Json-key flag from the Kubelet call before upgrading. (# 69354, @yujuhong)
https://github.com/kubernetes/kubernetes/pull/69354
With DaemonSet Pod, you now need Kubelet scheduling functionality for 1.11 or higher. Before upgrading kube-Controller-Manager to 1.13, make sure that all Kubelets in the cluster are 1.11 or higher.
Alpha CSINodeInfo patterns of CRD has been broken down into the spec and the status field, and add the new field status. The available and status volumePluginMechanism. Clusters using the previous alpha mode must be removed and the CRD recreated using the new mode. (# 70515, @davidz627)
https://github.com/kubernetes/kubernetes/pull/70515
Kube-scheduler removes support for configuration files using apiVersion ComponentConfig/v1alpha1. Before upgrading to 1.13, make sure to use the command line or with apiVersion kubescheduler. Config. K8s. IO/v1alpha1 kube – the scheduler configuration file configuration.
Kubectl
The deprecated run-container command is deleted. Kubectl run (# 70728, @pingan2017)
https://github.com/kubernetes/kubernetes/pull/70728
Client-go distributions will no longer have bootstrap (K8s. IO /client-go/tools/bootstrap) code. Any reference to it is invalidated. Please redirect all references to k8s.io/bootstrap. (# 67356, @iyliaog)
https://github.com/kubernetes/kubernetes/pull/67356
Kubernetes cannot distinguish between GCE Zonal PDs or Regional PDs with the same name. To resolve this issue, pre-create PD with a unique name. PD with dynamic configuration is not affected. (# 70716, @msau42)
https://github.com/kubernetes/kubernetes/pull/70716
Deprecated features in the new version
kube-apiserver
— Service-accounting-apI-Audiences flag has been deprecated in favor of — apI-Audiences. Continued use of the old flag is accepted with a warning and will be removed in future versions. (# 70105, @Mikedanese)
https://github.com/kubernetes/kubernetes/pull/70105
The -experimental-encryption-provider-config flag is not recommended in favor of the -encryption-provider-config flag. The old flag is also accepted with a warning, but will be removed in 1.14. (# 71206, @stlaz)
As part of moving etCD encryption into beta, configuration files referenced by — encryption-provider-config now use kind: EncryptionConfiguration and apiVersion: Apiserver. Config. K8s. IO/v1. Support for types: EncryptionConfig and apiVersion: v1 are deprecated and will be removed in a later release. (# 67383, @stlaz)
https://github.com/kubernetes/kubernetes/pull/67383
-deserialization-cache-size The flag is deprecated and will be deleted in a later version. The flag is inactive because the ETCD2 storage back end was removed. (# 69842, @Liggitt)
https://github.com/kubernetes/kubernetes/pull/69842
Node authorization mode no longer allows Kubelet to delete its Node API objects (prior to 1.11, kubelet would try to delete/recreate its Node objects on startup in rare cases related to cloudProvider Node ID changes) (# 71021, @Liggitt)
https://github.com/kubernetes/kubernetes/pull/71021
Built-in systems: CSI-external-Provisioner and System: CSI-external-attacher Cluster roles are deprecated and will not be created automatically in future releases. CSI deployments should provide their own RBAC role definitions with the required permissions. (# 69868, @pohly)
https://github.com/kubernetes/kubernetes/pull/69868
Kubelet
It is not recommended to use the beta plugin registration directory {kubelet_root_dir} / plugins/to register external drivers through the Kubelet plugin registration protocol and use {kubelet_root_dir} / plugins_registry/instead. Plans to remove support for legacy directories in V1.15. Device plug-ins and CSI storage drivers should be switched to the new directory prior to V1.15. Only CSI storage drivers that support the 0.x version of the CSI API are allowed in the old directory. (@renaudWastaken # 70494 and @saad-Ali # 71314)
https://github.com/kubernetes/kubernetes/pull/70494
https://github.com/kubernetes/kubernetes/pull/71314
With the release of CSI 1.0 APIS, CSI driver support with 0.3 and earlier CSI APIS is not recommended and is planned to be removed in Kubernetes V1.15. The CSI driver should be updated to support the CSI 1.0 API. (#71020 and #71314, both by @saad-ali)
https://github.com/kubernetes/kubernetes/pull/71020
https://github.com/kubernetes/kubernetes/pull/71314
Using the — Node-labels flag to set labels under kubernetes. IO/and k8s. IO/will be restricted by the NodeRestriction admission plugin in future versions. Refer to the access plug-in documentation for the allowed labels. (# 68267, @Liggitt)
https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction
https://github.com/kubernetes/kubernetes/pull/68267
kube-scheduler
Do not recommend using alpha critical pod annotations (scheduler. Alpha. Kubernetes. IO/critical – pod). (# 70298, @bsalamat)
https://github.com/kubernetes/kubernetes/pull/70298
Kubeadm
DynamicKubeletConfig is not recommended. Of course, this function can still be accessed using the kubeadm alpha kubelet enable-dynamic command.
Kubeadm config print-defaults is deprecated. (# 69617, @rrosti)
https://github.com/kubernetes/kubernetes/pull/69617
Support for v1alpha3 configuration file formats is not recommended and will be removed in 1.14. Migrate v1alpha3 configuration files to V1beta1 using Kubeadm config Migrate to improve mirror repository management, plug-in configuration, and other aspects. V1beta1
https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1
Kubectl
The kubectl convert command is deprecated and will be removed in future versions (# 70820, @seans3)
https://github.com/kubernetes/kubernetes/pull/70820
Kubernetes 1.13下载
https://github.com/kubernetes/kubernetes/releases/tag/v1.13.0
The original:
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md#v1130
https://kubernetes.io/blog/2018/12/03/kubernetes-1-13-release-announcement/