Releases: kubernetes/release
Releases · kubernetes/release
v0.16.0
Changes by Kind
Deprecation
- Deprecate --create-website-pr on krel release-notes as there is no need to update the repo with latest release notes. They are now fetched automatically from GCS. (#3277, @ashnehete) [SIG Release]
Feature
- Add
osc(OpenBuildService CLI) to k8s-cloud-builder image (#3084, @xmudrii) [SIG Release] - Add configs for 1.29 and 1.28 for k8s-cloudbuilder and drop 1.24 (#3250, @cpanato) [SIG Release]
- Added CRI-O package to
krel obs(#3229, @saschagrunert) [SIG Release] - Added
rpmlintto releng-ci imagegcr.io/k8s-staging-releng/releng-ci:latest-go1.20-bookworm. (#3167, @saschagrunert) [SIG Release] - Allow setting
OBS_USERNAMEfor a specifickrel obsuser (#3273, @saschagrunert) [SIG Release] - Allow string slices (
architecturesandpackages) askrel obsarguments. (#3267, @saschagrunert) [SIG Release] - Build Go 1.19.10 and Go 1.20.5 based images (#3105, @jeremyrickard) [SIG Release]
- Build Go 1.20.4 and 1.19.9 based images (#3029, @rayandas) [SIG Release]
- Build Go 1.20.6 based images and remove references to Go 1.19 (#3154, @xmudrii) [SIG Release]
- Build Go 1.20.7 images (#3189, @xmudrii) [SIG Release]
- Build Go 1.21.1 and 1.20.8 images (#3253, @cpanato) [SIG Release]
- Bump cosign image to v2.2.0 (#3241, @cpanato) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.19.10 (#3116, @jeremyrickard) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.19.9 (#3034, @xmudrii) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.20.5 (#3145, @cpanato) [SIG Release]
- Debian-iptables and distroless-iptables are now built with Go 1.20.5 (#3107, @jeremyrickard) [SIG Release]
- Golang: Build 1.21 images (#3212, @cpanato) [SIG Release]
- Golang: Build 1.21rc2 images (#3132, @cpanato) [SIG Release]
- Golang: Build 1.21rc3 images (#3155, @cpanato) [SIG Release]
- Golang: build 1.21rc4 images (#3190, @ameukam) [SIG Release]
- Implement OBS release workflow via
krel obs releasecommand (#3098, @xmudrii) [SIG Release] - Implement OBS staging workflow via
krel obs stagecommand (#3088, @xmudrii) [SIG Release] - Kubernetes 1.28+ packages hosted on
pkgs.k8s.iorequire kubernetes-cni 1.2.0 and cri-tools 1.28.0 (#3192, @xmudrii) [SIG Release] - Make
--workspaceconfigurable inobs stage/release(#3271, @saschagrunert) [SIG Release] - The SBOM format can now be controlled in
publish release githuband JSON is now the default. (#3020, @puerco) [SIG Release] - Update distroless-iptables to use Go 1.20.6 (#3156, @xmudrii) [SIG Release]
- Update distroless-iptables to use Go 1.20.7 (#3197, @jeremyrickard) [SIG Release]
- Update distroless-iptables to use Go 1.21.1 (#3258, @cpanato) [SIG Release]
- Update go images for 1.29 and 1.28 release branches and drop 1.24 config (#3234, @cpanato) [SIG Release]
- Update k8s-cloud-builder to Go 1.20.6 (#3157, @xmudrii) [SIG Release]
- Update k8s-cloud-builder to Go 1.20.7 (#3199, @jeremyrickard) [SIG Release]
- Update k8s-cloud-builder/k8s-ci-builder to Go 1.20.8 (#3259, @cpanato) [SIG Release]
- Update k8s-cloud-builder/k8s-ci-builder to Go 1.21.1 (#3257, @cpanato) [SIG Release]
- Update to set go1.20 in go.mod and upgrade golangci-lint (#3073, @cpanato) [SIG Release]
- Updated debian-iptables to switch to debian-bookworm. (#3136, @saschagrunert) [SIG Release]
- Updated kube-cross protobuf version to v23.4. (#3147, @saschagrunert) [SIG Release]
- Updated releng-ci image to use debian bookworm. (#3150, @saschagrunert) [SIG Release]
- Updated setcap image to use debian bookworm. (#3139, @saschagrunert) [SIG Release]
- Updated the kube-cross v1.28 image to use debian bookworm. (#3146, @saschagrunert) [SIG Release]
- Upgrade code to be compatible with cosign v2 (#3078, @cpanato) [SIG Release]
- Use debian 12 for go-runner 1.21 image. (#3233, @saschagrunert) [SIG Release]
- Using debian 12 (bookworm) for all images. (#3127, @saschagrunert) [SIG Release]
krel obs specscommand is refactored to better support OpenBuildService (OBS) workflow (#3079, @xmudrii) [SIG Release]
Bug or Regression
- EnvironmentFile is changed from
/etc/sysconfig/kubeletto/etc/default/kubeletforkubeadmDebian packages published topkgs.k8s.io(#3279, @xmudrii) [SIG Release] - Fix version comparison in VerifyLatestUpdate (#3223, @xmudrii) [SIG Release]
- Fixed
--template-dirforkrel obs release(#3272, @saschagrunert) [SIG Release] - Fixed
grepusage in distroless-iptables, which is now on version v0.3.1. (#3237, @saschagrunert) [SIG Release] - Removed
armarchitecture fromkubepkgcommand. (#3106, @saschagrunert) [SIG Release] - Removed workdir prefix from SHA*SUMS files. (#3227, @saschagrunert) [SIG Release]
- Replace
PROJECTandPROJECT_TAGGCB substitutions withOBS_PROJECTandOBS_PROJECT_TAG(#3174, @xmudrii) [SIG Release]
Other (Cleanup or Flake)
- Add go boilerplate when running go generate (#3075, @cpanato) [SIG Release]
- Publishing-bot issue will now be created in kubernetes/sig-release instead of k8s-release-robot/sig-release (#3198, @akhilerm) [SIG Release]
- Remove "Kubernetes Source Code" artifact from being published on GitHub Releases (#2780, @xmudrii) [SIG Release]
- Removed debian-iptables image. (#3153, @saschagrunert) [SIG Release]
- Update k8s-ci-builder for go1.21 to use bullseye for 1.29 and default for next config keep on bookworm (#3251, @cpanato) [SIG Release]
- Update release-utils to
243952c - Upgrade
oscbinary in k8s-cloud-builder image. (#3278, @saschagrunert) [SIG Release] krel obs specs: use default--channel release,--output .and--template-dir cmd/krel/templates/latest. (#3231, @saschagrunert) [SIG Release]
Dependencies
Added
- chainguard.dev/go-grpc-kit: v0.16.0
- dario.cat/mergo: v1.0.0
- github.com/AdamKorcz/go-fuzz-headers-1: e936619
- github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.6.1
- github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.3.0
- github.com/Azure/azure-sdk-for-go/sdk/internal: v1.3.0
- github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys: v0.10.0
- github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal: v0.7.1
- github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys: v0.12.0
- github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal: v0.8.0
- github.com/AzureAD/microsoft-authentication-library-for-go: v1.0.0
- github.com/DataDog/appsec-internal-go: v1.0.0
- github.com/DataDog/datadog-agent/pkg/obfuscate: v0.45.0-rc.1
- github.com/DataDog/datadog-agent/pkg/remoteconfig/state: v0.45.0-rc.1
- github.com/DataDog/datadog-go/v5: v5.3.0
- github.com/DataDog/go-libddwaf: v1.2.0
- github.com/DataDog/go-tuf: fork
- github.com/DataDog/sketches-go: v1.2.1
- github.com/alessio/shellescape: v1.4.1
- github.com/bazelbuild/bazelisk: v1.13.2
- github.com/bazelbuild/rules_go: v0.34.0
- github.com/beevik/ntp: v1.0.0
- github.com/blendle/zapdriver: v1.3.1
- github.com/brunoscheufler/aws-ecs-metadata-go: b6b31c6
- github.com/buildkite/agent/v3: v3.49.0
- github.com/buildkite/bintest/v3: v3.1.1
- github.com/buildkite/interpolate: 07f35b4
- github.com/buildkite/roko: v1.1.0
- github.com/buildkite/shellwords: c3f497d
- github.com/bytecodealliance/wasmtime-go/v3: v3.0.2
- github.com/denisbrodbeck/machineid: v1.0.1
- github.com/digitorus/pkcs7: 001c36b
- github.com/digitorus/timestamp: ef3b63b
- github.com/elazarl/goproxy: 2592e75
- github.com/gabriel-vasile/mimetype: v1.4.2
- github.com/go-chi/chi/v5: v5.0.8
- github.com/go-redis/redismock/v9: v9.0.3
- github.com/google/go-github/v53: [v53.2.0](https://github.com/google/go-github/v53/tree/v53....
Contributors
saschagrunert, ameukam, and 7 other contributors
Assets 2
v0.15.1
Changes by Kind
Deprecation
- Changed patch release process to stop building rc.0 versions together with the official. (#2765, @saschagrunert) [SIG Release]
Feature
- Add goreleaser and ko to the releng-ci image (#2957, @cpanato) [SIG Release]
- Build Go 1.20.1 and 1.19.6 based images (#2914, @cpanato) [SIG Release]
- Build Go 1.20.2 and 1.19.7 based images (#2949, @cpanato) [SIG Release]
- Build Go 1.20.3 and 1.19.8 based images (#3000, @xmudrii) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.19.8 (#3006, @xmudrii) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.20 (#2895, @cpanato) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.20.1 and 1.19.6 (#2921, @cpanato) [SIG Release]
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.20.2 and 1.19.7 (#2955, @cpanato) [SIG Release]
- Golang: Build 1.20 images (#2887, @cpanato) [SIG Release]
- Introduce
krel obs specscommand to generate specs and archives for Open Build Service (#2946, @xmudrii) [SIG Release] - Updated CNI plugins to v1.2.0 (#2863, @saschagrunert) [SIG Release]
Documentation
- Added Golang command in the documentation for the krel tool installation (#2871, @yrs147) [SIG Release]
Failing Test
- Fixed version regex to allow tags like
v1.25.8-1+3a14fe1af239a0(#2976, @saschagrunert) [SIG Release] - K8s-ci-builder: install ifconfig through net-tools (#2897, @palnabarun) [SIG Release]
Bug or Regression
Other (Cleanup or Flake)
- Drop 1.23 configs and update debian/distroless iptable images (#2956, @cpanato) [SIG Release]
- Drop go1.17 builds
- Stopped building packages for 32 bit ARM platforms for Kubernetes >= v1.27.0. (#2960, @saschagrunert) [SIG Release]
- Updated qemu to v7.2.0-1 for distroless-iptables image (#2941, @saschagrunert) [SIG Release]
Dependencies
Added
- cloud.google.com/go/apigeeregistry: v0.6.0
- cloud.google.com/go/apikeys: v0.6.0
- cloud.google.com/go/maps: v0.7.0
- cloud.google.com/go/vmwareengine: v0.3.0
- github.com/AdamKorcz/go-118-fuzz-build: 5330a85
- github.com/container-orchestrated-devices/container-device-interface: v0.5.4
- github.com/containerd/btrfs/v2: v2.0.0
- github.com/containerd/cgroups/v3: v3.0.1
- github.com/containerd/typeurl/v2: v2.1.0
- github.com/go-jose/go-jose/v3: v3.0.0
- github.com/google/go-github/v50: v50.2.0
- github.com/klauspost/cpuid/v2: v2.0.4
- github.com/minio/sha256-simd: v1.0.0
- github.com/mmcloughlin/avo: v0.5.0
- github.com/moby/sys/sequential: v0.5.0
- github.com/opencontainers/runtime-tools: 2e043c6
- github.com/shoenig/go-m1cpu: v0.1.4
- github.com/shoenig/test: v0.6.3
- github.com/syndtr/gocapability: 42c35b4
- go.etcd.io/gofail: v0.1.0
- golang.org/x/arch: v0.1.0
- rsc.io/pdf: v0.1.1
Changed
- cloud.google.com/go/accessapproval: v1.5.0 → v1.6.0
- cloud.google.com/go/accesscontextmanager: v1.4.0 → v1.7.0
- cloud.google.com/go/aiplatform: v1.27.0 → v1.36.1
- cloud.google.com/go/analytics: v0.12.0 → v0.19.0
- cloud.google.com/go/apigateway: v1.4.0 → v1.5.0
- cloud.google.com/go/apigeeconnect: v1.4.0 → v1.5.0
- cloud.google.com/go/appengine: v1.5.0 → v1.7.0
- cloud.google.com/go/area120: v0.6.0 → v0.7.1
- cloud.google.com/go/artifactregistry: v1.9.0 → v1.12.0
- cloud.google.com/go/asset: v1.10.0 → v1.12.0
- cloud.google.com/go/assuredworkloads: v1.9.0 → v1.10.0
- cloud.google.com/go/automl: v1.8.0 → v1.12.0
- cloud.google.com/go/baremetalsolution: v0.4.0 → v0.5.0
- cloud.google.com/go/batch: v0.4.0 → v0.7.0
- cloud.google.com/go/beyondcorp: v0.3.0 → v0.5.0
- cloud.google.com/go/bigquery: v1.44.0 → v1.49.0
- cloud.google.com/go/billing: v1.7.0 → v1.13.0
- cloud.google.com/go/binaryauthorization: v1.4.0 → v1.5.0
- cloud.google.com/go/certificatemanager: v1.4.0 → v1.6.0
- cloud.google.com/go/channel: v1.9.0 → v1.12.0
- cloud.google.com/go/cloudbuild: v1.4.0 → v1.9.0
- cloud.google.com/go/clouddms: v1.4.0 → v1.5.0
- cloud.google.com/go/cloudtasks: v1.8.0 → v1.10.0
- cloud.google.com/go/compute/metadata: v0.2.2 → v0.2.3
- cloud.google.com/go/compute: v1.13.0 → v1.19.0
- cloud.google.com/go/contactcenterinsights: v1.4.0 → v1.6.0
- cloud.google.com/go/container: v1.7.0 → v1.14.0
- cloud.google.com/go/containeranalysis: v0.6.0 → v0.9.0
- cloud.google.com/go/datacatalog: v1.8.0 → v1.13.0
- cloud.google.com/go/dataflow: v0.7.0 → v0.8.0
- cloud.google.com/go/dataform: v0.5.0 → v0.7.0
- cloud.google.com/go/datafusion: v1.5.0 → v1.6.0
- cloud.google.com/go/datalabeling: v0.6.0 → v0.7.0
- cloud.google.com/go/dataplex: v1.4.0 → v1.6.0
- cloud.google.com/go/dataproc: v1.8.0 → v1.12.0
- cloud.google.com/go/dataqna: v0.6.0 → v0.7.0
- cloud.google.com/go/datastream: v1.5.0 → v1.7.0
- cloud.google.com/go/deploy: v1.5.0 → v1.8.0
- cloud.google.com/go/dialogflow: v1.19.0 → v1.32.0
- cloud.google.com/go/dlp: v1.7.0 → v1.9.0
- cloud.google.com/go/documentai: v1.10.0 → v1.18.0
- cloud.google.com/go/domains: v0.7.0 → v0.8.0
- cloud.google.com/go/edgecontainer: v0.2.0 → v1.0.0
- cloud.google.com/go/essentialcontacts: v1.4.0 → v1.5.0
- cloud.google.com/go/eventarc: v1.8.0 → v1.11.0
- cloud.google.com/go/filestore: v1.4.0 → v1.6.0
- cloud.google.com/go/functions: v1.9.0 → v1.12.0
- cloud.google.com/go/gaming: v1.8.0 → v1.9.0
- cloud.google.com/go/gkebackup: v0.3.0 → v0.4.0
- cloud.google.com/go/gkeconnect: v0.6.0 → v0.7.0
- cloud.google.com/go/gkehub: v0.10.0 → v0.12.0
- cloud.google.com/go/gkemulticloud: v0.4.0 → v0.5.0
- cloud.google.com/go/gsuiteaddons: v1.4.0 → v1.5.0
- cloud.google.com/go/iam: v0.8.0 → v1.0.0
- cloud.google.com/go/iap: v1.5.0 → v1.7.0
- cloud.google.com/go/ids: v1.2.0 → v1.3.0
- cloud.google.com/go/iot: v1.4.0 → v1.6.0
- cloud.google.com/go/kms: v1.7.0 → v1.10.0
- cloud.google.com/go/language: v1.8.0 → v1.9.0
- cloud.google.com/go/lifesciences: v0.6.0 → v0.8.0
- cloud.google.com/go/logging: v1.6.1 → v1.7.0
- cloud.google.com/go/longrunning: v0.3.0 → v0.4.1
- cloud.google.com/go/managedidentities: v1.4.0 → v1.5.0
- cloud.google.com/go/mediatranslation: v0.6.0 → v0.7.0
- cloud.google.com/go/memcache: v1.7.0 → v1.9.0
- cloud.google.com/go/metastore: v1.8.0 → v1.10.0
- cloud.google.com/go/monitoring: v1.8.0 → v1.13.0
- cloud.google.com/go/networkconnectivity: v1.7.0 → v1.11.0
- cloud.google.com/go/networkmanagement: v1.5.0 → v1.6.0
- cloud.google.com/go/networksecurity: v0.6.0 → v0.8.0
- cloud.google.com/go/notebooks: v1.5.0 → v1.8.0
- cloud.google.com/go/optimization: v1.2.0 → v1.3.1
- cloud.google.com/go/orchestration: v1.4.0 → v1.6.0
- cloud.google.com/go/orgpolicy: v1.5.0 → v1.10.0
- cloud.google.com/go/osconfig: v1.10.0 → v1.11.0
- cloud.google.com/go/oslogin: v1.7.0 → v1.9.0
- cloud.google.com/go/phishingprotection: v0.6.0 → v0.7.0
- cloud.google.com/go/policytroubleshooter: v1.4.0 → v1.6.0
- cloud.google.com/go/privatecatalog: v0.6.0 → v0.8.0
- cloud.google.com/go/pubsub: v1.27.1 → v1.30.0
- cloud.google.com/go/pubsublite: v1.5.0 → v1.7.0
- cloud.google.com/go/recaptchaenterprise/v2: v2.5.0 → v2.7.0
- cloud.google.com/go/recommendationengine: v0.6.0 → v0.7.0
- cloud.google.com/go/recommender: v1.8.0 → v1.9.0
- cloud.google.com/go/redis: v1.10.0 → v1.11.0
- cloud.google.com/go/resourcemanager: v1.4.0 → v1.6.0
- cloud.google.com/go/resourcesettings: v1.4.0 → v1.5.0
- cloud.google.com/go/retail: v1.11.0 → v1.12.0
- cloud.google.com/go/run: v0.3.0 → v0.9.0
- cloud.google.com/go/scheduler: v1.7.0 → v1.9.0
- cloud.google.com/go/secretmanager: v1.9.0 → v1.10.0
- cloud.google.com/go/security: v1.10.0 → v1.13.0
- cloud.google.com/go/securitycenter: v1.16.0 → v1.19.0
- cloud.google.com/go/servicecontrol: v1.5.0 → v1.11.1
- cloud.google.com/go/servicedirectory: v1.7.0 → v1.9.0
- cloud.google.com/go/servicemanagement: v1.5.0 → v1.8.0
- cloud.google.com/go/serviceusage: v1.4.0 → v1.6.0
- cloud.google.com/go/shell: v1.4.0 → v1.6.0
- cloud.google.com/go/spanner: v1.41.0 → v1.44.0
- cloud.google.com/go/speech: v1.9.0 → v1.15.0
- cloud.google.com/go/storage: v1.28.1 → v1.30.1
- cloud.google.com/go/storagetransfer: v1.6.0 → v1.8.0
- cloud.google.com/go/talent: v1.4.0 → v1.5.0
- cloud.google.com/go/texttospeech: v1.5.0 → v1.6.0
- cloud.google.com/go/tpu: v1.4.0 → v1.5.0
- cloud.google.com/go/trace: v1.4.0 → v1.9.0
- cloud.google.com/go/translate: v1.4.0 → v1.7.0
- cloud.google.com/go/video: v1.9.0 → v1.14.0
- cloud.google.com/go/videointelligence: v1.9.0 → v1.10.0
- cloud.google.com/go/vision/v2: v2.5.0 → v2.7.0
- cloud.google.com/go/vmmigration: v1.3.0 → v1.6.0
- cloud.google.com/go/vpcaccess: v1.5.0 → v1.6.0
- cloud.google.com/go/webrisk: v1.7.0 → v1.8.0
- cloud.google.com/go/websecurityscanner: v1.4.0 → v1.5.0
- cloud.google.com/go/workflows: v1.9.0 → v1.10.0
- cloud.google.com/go: v0.105.0 → v0.110.0
- github.com/Ad...
Contributors
saschagrunert, cpanato, and 3 other contributors
Assets 3
v0.15.0
Changes by Kind
Feature
- Add krel sign blobs and images commands (#2742, @cpanato) [SIG Release]
- Added command line parameter verification for
krel stage. (#2774, @saschagrunert) [SIG Release] - Added package build and release to
krel(#2744, @saschagrunert) [SIG Release] - BUILDER_IMAGE can now be overridden when building the go-runner image. Additionally a new variable DISTROLESS_REGISTRY can be used to specify a different registry and repository, to more completely override the DISTROLESS_IMAGE build arg to support custom images. (#2709, @jeremyrickard) [SIG Release]
- Build Go 1.18.4 and 1.17.12 images
- Build Go 1.18.5 and 1.17.13 images (#2626, @cpanato) [SIG Release]
- Build Go 1.19.1 and 1.18.6 based images (#2659, @palnabarun) [SIG Release]
- Build Go 1.19.2 and 1.18.7 based images (#2696, @xmudrii) [SIG Release]
- Build Go 1.19.3 and 1.18.8 based images (#2732, @xmudrii) [SIG Release]
- Build Go 1.19.4 and 1.18.9 based images (#2794, @xmudrii) [SIG Release]
- Build Go 1.19.5 and 1.18.10 based images (#2853, @cpanato) [SIG Release]
- Build cross for go1.19 for 1.23 and 1.24 release branches (#2825, @cpanato) [SIG Release]
- Build k8s-cloud-builder and k8s-ci-builder using Go 1.19.1
- Build k8s-cloud-builder and k8s-ci-builder using Go 1.18.6 (#2660, @palnabarun) [SIG Release]
- Build k8s-cloud-builder and k8s-ci-builder using Go 1.19.2
- Build k8s-cloud-builder and k8s-ci-builder using Go 1.19.3
- Build k8s-cloud-builder and k8s-ci-builder using Go 1.19.4
- Bump k8s-cloud-builder and k8s-ci-builder to Go 1.19.5 (#2856, @cpanato) [SIG Release]
- Changed krel fast-forward to not run when the release cut issue is open. (#2814, @saschagrunert) [SIG Release]
- Debian-base: Build bullseye-v1.4.0 images (#2590, @wespanther) [SIG Release]
- Debian-base: Build bullseye-v1.4.1 images (#2609, @wespanther) [SIG Release]
- Debian-base: Build bullseye-v1.4.2 images (#2641, @wespanther) [SIG Release]
- Debian-base: Update dependents to use bullseye-v1.4.0
- debian-iptables: Build bullseye-v1.5.0 image
- setcap: Build bullseye-v1.4.0 image (#2597, @wespanther) [SIG Release]
- Debian-base: Update dependents to use bullseye-v1.4.2
- debian-iptables: Build bullseye-v1.5.1 image
- setcap: Build bullseye-v1.4.1 image (#2643, @wespanther) [SIG Release]
- Drop 1.22 and go 1.16 build variants
- Golang: Build 1.19rc1 images (#2601, @cpanato) [SIG Release]
- Golang: Build 1.20rc2 images (#2846, @cpanato) [SIG Release]
- Golang: Build 1.20rc3 images (#2857, @cpanato) [SIG Release]
- Golang: build 1.19 images (#2628, @cpanato) [SIG Release]
- Golang: build 1.19rc2 images (#2610, @palnabarun) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.4
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.5
- K8s-cloud-builder: build using Go 1.19 (#2631, @cpanato) [SIG Release]
- Release-1.23 builders and CI updated to go1.19.4 (#2832, @liggitt) [SIG Release]
- Release-1.24 builders and CI updated to go1.19.4 (#2830, @liggitt) [SIG Release]
- Remove old and not used dependency for 1.20
- Remove version package in favor of sigs.k8s.io/release-utils/version (#2569, @cpanato) [SIG Release]
- Tools that fail when no GitHub token is set now fail with a message asking the user to set GITHUB_TOKEN as an environment variable. (#2632, @knowshan) [SIG Release]
- Update cosign image to use release v1.10.0 (#2615, @cpanato) [SIG Release]
- Update to go1.19 (#2649, @cpanato) [SIG Release]
- Updated CNI plugins to v1.1.1 (#2650, @saschagrunert) [SIG Release]
- Updated CNI plugins to v1.2.0 (#2863, @saschagrunert) [SIG Release]
- Updated cri-tools to v1.25.0 (#2647, @saschagrunert) [SIG Release]
- Updated cri-tools to v1.26.0 (#2821, @saschagrunert) [SIG Release]
- Use distroless image in debian-iptables generation (#2502, @rikatz) [SIG Release]
- Warn on
krel stageif ELF binaries are dynamically linked (we do not fail on that case). (#2797, @saschagrunert) [SIG Release] krel cvenow supports ingesting CVE information data with a temporal vector metric. (#2664, @puerco) [SIG Release]publish-releasecan now upload artifacts to GitHub from Cloud Storage buckets (#2707, @puerco) [SIG Release]
Bug or Regression
- Distroless-iptables image will no longer contain repeated contents in
/var/lib/dpkg/status.d/$packagefiles (#2831, @BenTheElder) [SIG Release] - Fix the len should be of the number of files and not in the arguments passed (#2781, @cpanato) [SIG Release]
- Fixed bug in deduplication of release notes if multiple CVE's have the same official release notes text (
NONE). (#2758, @saschagrunert) [SIG Release] - Fixed bug to not record the GitHub API in parallel. (#2769, @saschagrunert) [SIG Release]
- Fixed unbound variable if no version is specified in
hack/rapture/build-packages.sh(#2736, @saschagrunert) [SIG Release] - Get the correct path to upload to github release page (#2720, @cpanato) [SIG Release]
- When downloading copy o local using the same directory structure (#2782, @cpanato) [SIG Release]
krel sign blobwill not sync down existing signatures and certs when signing files in a gcs bucket to work around a bug causing file verification to fail
Other (Cleanup or Flake)
- Ensure it's possible to build rpms generated by kubepkg (#2712, @xmudrii) [SIG Release]
- Our mailing list announcements now uses the new registry. (#2746, @upodroid) [SIG Release]
- Removes darwin/386 from KUBE_CROSSPLATFORMS which is used to prebuild the standard library with target arch is amd64 (#2760, @jeremyrickard) [SIG Release]
- Retry
docker manifest pushon network failure. (#2817, @saschagrunert) [SIG Release] - Switched to golang native error wrapping. (#2581, @saschagrunert) [SIG Release]
- Update GORUNNER_VERSION base image for debian-iptables (#2682, @cpanato) [SIG Release]
- Use the latest CNI plugins version for for deb packages. (#2673, @saschagrunert) [SIG Release]
Dependencies
Added
- cloud.google.com/go/accessapproval: v1.5.0
- cloud.google.com/go/accesscontextmanager: v1.4.0
- cloud.google.com/go/aiplatform: v1.27.0
- cloud.google.com/go/analytics: v0.12.0
- cloud.google.com/go/apigateway: v1.4.0
- cloud.google.com/go/apigeeconnect: v1.4.0
- cloud.google.com/go/appengine: v1.5.0
- cloud.google.com/go/area120: v0.6.0
- cloud.google.com/go/artifactregistry: v1.9.0
- cloud.google.com/go/asset: v1.10.0
- cloud.google.com/go/assuredworkloads: v1.9.0
- cloud.google.com/go/automl: v1.8.0
- cloud.google.com/go/baremetalsolution: v0.4.0
- cloud.google.com/go/batch: v0.4.0
- cloud.google.com/go/beyondcorp: v0.3.0
- cloud.google.com/go/billing: v1.7.0
- cloud.google.com/go/binaryauthorization: v1.4.0
- cloud.google.com/go/certificatemanager: v1.4.0
- cloud.google.com/go/channel: v1.9.0
- cloud.google.com/go/cloudbuild: v1.4.0
- cloud.google.com/go/clouddms: v1.4.0
- cloud.google.com/go/cloudtasks: v1.8.0
- cloud.google.com/go/compute/metadata: v0.2.2
- cloud.google.com/go/contactcenterinsights: v1.4.0
- cloud.google.com/go/container: v1.7.0
- cloud.google.com/go/datacatalog: v1.8.0
- cloud.google.com/go/dataflow: v0.7.0
- cloud.google.com/go/dataform: v0.5.0
- cloud.google.com/go/datafusion: v1.5.0
- cloud.google.com/go/datalabeling: v0.6.0
- cloud.google.com/go/dataplex: v1.4.0
- cloud.google.com/go/dataproc: v1.8.0
- cloud.google.com/go/dataqna: v0.6.0
- cloud.google.com/go/datastream: v1.5.0
- cloud.google.com/go/deploy: v1.5.0
- cloud.google.com/go/dialogflow: v1.19.0
- cloud.google.com/go/dlp: v1.7.0
- cloud.google.com/go/documentai: v1.10.0
- cloud.google.com/go/domains: v0.7.0
- cloud.google.com/go/edgecontainer: v0.2.0
- cloud.google.com/go/essentialcontacts: v1.4.0
- cloud.google.com/go/eventarc: v1.8.0
- cloud.google.com/go/filestore: v1.4.0
- cloud.google.com/go/functions: v1.9.0
- cloud.google.com/go/gaming: v1.8.0
- cloud.google.com/go/gkebackup: v0.3.0
- cloud.google.com/go/gkeconnect: v0.6.0
- cloud.google.com/go/gkehub: v0.10.0
- cloud.google.com/go/gkemulticloud: v0.4.0
- cloud.google.com/go/gsuiteaddons: v1.4.0
- cloud.google.com/go/iap: v1.5.0
- cloud.google.com/go/ids: v1.2.0
- cloud.google.com/go/iot: v1.4.0
- cloud.google.com/go/language: v1.8.0
- cloud.google.com/go/lifesciences: v0.6.0
- cloud.google.com/go/longrunning: v0.3.0
- cloud.google.com/go/managedidentities: v1.4.0
- cloud.google.com/go/mediatranslation: v0.6.0
- cloud.google.com/go/memcache: v1.7.0
- cloud.google.com/go/metastore: v1.8.0
- cloud.google.com/go/networkconnectivity: v1.7.0
- cloud.google.com/go/networkmanagement: v1.5.0
- cloud.google.com/go/networksecurity: v0.6.0
- cloud.google.com/go/notebooks: v1.5.0
- cloud.google.com/go/optimization: v1.2.0
- cloud.google.com/go/orchestration: v1.4.0
- cloud.google.com/go/orgpolicy: v1.5.0
- cloud.google.com/go/osconfig: v1.10.0
- clou...
Contributors
saschagrunert, BenTheElder, and 10 other contributors
Assets 2
v0.14.0
Changes by Kind
Feature
- .github: Initial config for CodeQL & Scorecard (#2441, @justaugustus) [SIG Release]
- Added container image signing for intermediate container images produced by
krel stage(#2397, @saschagrunert) [SIG Release] - Build Go 1.17.8 and 1.16.15 images (#2451, @cpanato) [SIG Release]
- Build Go 1.18.1 and 1.17.9 images (#2500, @cpanato) [SIG Release]
- Build Go 1.18.2 and 1.17.10 images (#2521, @cpanato) [SIG Release]
- Build Go 1.18.3 and 1.17.11 images (#2542, @cpanato) [SIG Release]
- Build go1.18 official images (#2464, @justaugustus) [SIG Release]
- Build/update kube-cross images using latest stable protobuf (v3.19.4) (#2431, @vitt-bagal) [SIG Release]
- Debian-base: Update dependents to use bullseye-v1.3.0
- debian-iptables: Build bullseye-v1.4.0 image
- setcap: Build bullseye-v1.3.0 image (#2543, @wespanther) [SIG Release]
- Golang: Build 1.18rc1 images (#2433, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.17.8 / 1.16.15 (#2463, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.18 (#2472, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.1
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.2
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.18.3
- K8s-cloud-builder: Build go1.18rc1 variant (#2437, @justaugustus) [SIG Release]
- Link the container images within the changelog to their corresponding location in GCR. (#2439, @saschagrunert) [SIG Release]
- The CI Signal Report CLI now uses the new Project board to generate the GitHub part of the report https://github.com/orgs/kubernetes/projects/68 (#2454, @leonardpahlke) [SIG Release]
- Update cosign image to use release v1.7.2 (#2495, @cpanato) [SIG Release]
- Update cosign image to v1.7.1 (#2489, @cpanato) [SIG Release]
- Update cosign to 1.9.0 release (#2544, @cpanato) [SIG Release]
- Update release-sdk/utils (#2545, @cpanato) [SIG Release]
- Updated cri-tools to v1.23.0. (#2457, @saschagrunert) [SIG Release]
- Updated cri-tools to v1.24.0 (#2517, @saschagrunert) [SIG Release]
- Updated cri-tools to v1.24.2 (#2535, @saschagrunert) [SIG Release]
Documentation
- Corrected small mistake in the
kreldocs. Users were instructed to setauthor.emailto the email they used to sign the CNCF CLA, it now readsuser.email. (#2492, @AuraSinis) [SIG Release]
Bug or Regression
- Added
NonInteractiveflag to gcb options to allow asking no questions when running in nomock mode. (#2516, @saschagrunert) [SIG Release] - Fix a hardcoded path when writing the SBOM, now we scratch it in the go reported directory (#2481, @puerco) [SIG Release]
- Fixed
krel stagefor using custom Kubernetes refs viaK8S_ORG,K8S_REForK8S_REPO. (#2522, @saschagrunert) [SIG Release] - Fixed bug in changelog generation when using custom Kubernetes forks via
K8S_ORG,K8S_REForK8S_REPO. (#2524, @saschagrunert) [SIG Release] - Fixed git configuration in
krel fast-forward. (#2503, @saschagrunert) [SIG Release] - Reverted 0eb9589 as some error checking was returning invalid errors.
Other (Cleanup or Flake)
- Deps: Update to cosign v1.5.2 (#2434, @justaugustus) [SIG Release]
- Fixed broken GitHub authentication for release-notes tool and changelog generation. (#2562, @saschagrunert) [SIG Release]
- Remove check for outdated dependencies (#2531, @cpanato) [SIG Release]
- Update cosign to use release v1.6.0 (#2452, @cpanato) [SIG Release]
Dependencies
Added
- 4d63.com/gochecknoglobals: v0.1.0
- bitbucket.org/creachadair/shell: v0.0.6
- bou.ke/monkey: v1.0.2
- cloud.google.com/go/compute: v1.6.1
- cloud.google.com/go/iam: v0.3.0
- cloud.google.com/go/kms: v1.4.0
- cloud.google.com/go/monitoring: v1.1.0
- cloud.google.com/go/secretmanager: v1.0.0
- cloud.google.com/go/security: v1.1.1
- cloud.google.com/go/spanner: v1.25.0
- cloud.google.com/go/trace: v1.0.0
- code.gitea.io/sdk/gitea: v0.11.3
- contrib.go.opencensus.io/exporter/aws: c478e41
- contrib.go.opencensus.io/exporter/ocagent: 05415f1
- contrib.go.opencensus.io/exporter/prometheus: v0.4.0
- contrib.go.opencensus.io/exporter/stackdriver: v0.13.10
- contrib.go.opencensus.io/exporter/zipkin: v0.1.2
- contrib.go.opencensus.io/integrations/ocsql: v0.1.7
- contrib.go.opencensus.io/resource: v0.1.1
- cuelang.org/go: v0.4.3
- filippo.io/edwards25519: v1.0.0-rc.1
- github.com/AdaLogics/go-fuzz-headers: f7be0cb
- github.com/Antonboom/errname: v0.1.5
- github.com/Antonboom/nilnil: v0.1.0
- github.com/Azure/azure-amqp-common-go/v2: v2.1.0
- github.com/Azure/azure-amqp-common-go/v3: v3.2.2
- github.com/Azure/azure-pipeline-go: v0.2.3
- github.com/Azure/azure-service-bus-go: v0.11.5
- github.com/Azure/azure-storage-blob-go: v0.14.0
- github.com/Azure/go-amqp: v0.16.4
- github.com/Azure/go-autorest/autorest/azure/auth: v0.5.11
- github.com/Azure/go-autorest/autorest/azure/cli: v0.4.5
- github.com/Azure/go-autorest/autorest/to: v0.4.0
- github.com/Azure/go-autorest/autorest/validation: v0.3.1
- github.com/Djarvur/go-err113: aea10b5
- github.com/GoogleCloudPlatform/cloudsql-proxy: v1.27.0
- github.com/Knetic/govaluate: 9aa4983
- github.com/Masterminds/goutils: v1.1.1
- github.com/Masterminds/semver/v3: v3.1.1
- github.com/Masterminds/semver: v1.5.0
- github.com/Masterminds/sprig/v3: v3.2.2
- github.com/Mastermin...
v0.13.0
v0.13.0
This tag was signed with the committer’s verified signature.
justaugustus
Stephen Augustus
What's Changed
Deprecation
- Krel: Move
promote-imagessubcommand to sigs.k8s.io/promo-tools
This functionality has been moved tokpromo pr - krel: Replace fork functions with sigs.k8s.io/release-sdk analogs
- pkg/release: Replace image funcs with sigs.k8s.io/promo-tools analogs (#2326, @justaugustus) [SIG Release]
- Migrate
bomutility to sigs.k8s.io/bom (#2330, @justaugustus) [SIG Release] - Removed
krel changelogsubcommand. (#2401, @saschagrunert) [SIG Release]
Feature
- Add kube-cross variant for k8s 1.24 next release (#2344, @cpanato) [SIG Release]
- Added
--non-interactiveflag tokrel ff, - Automatically determine the
krel ff --branchif not provided.
If the branch is found,krel ffwill check if a fast forward is required or not by
testing the availability of the latest final tag (like v1.23.0). (#2390, @saschagrunert) [SIG Release] - Added container images to changelog (#2400, @saschagrunert) [SIG Release]
- Added support to run
krel fast-forward(formerkrel ff) in GCB via its new--submitflag. (#2391, @saschagrunert) [SIG Release] - Debian-base: Update dependents to use bullseye-v1.1.0 / buster-v1.10.0
- debian-iptables: Build bullseye-v1.2.0 / buster-v1.8.0 images
- setcap: Build bullseye-v1.1.0 / buster-v2.1.0 images (#2373, @justaugustus) [SIG Release]
- Golang: Set next candidate to go1.18beta2
- golang: Build 1.18beta2 images (#2411, @cpanato) [SIG Release]
- Images: k8s-cloud-builder go1.18 and CVE updates for debian-base
- [go1.18] Build k8s-cloud-builder:v1.24.0-go1.18beta1-bullseye.0
- debian-base: Build bullseye-v1.1.0 and buster-v1.10.0 (#2371, @justaugustus) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.11 (#2350, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.12 (#2356, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.4
- add k8s-ci-builder config for 1.24 (#2347, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.5 (#2353, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.16.13 (#2395, @palnabarun) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.17.6 (#2393, @palnabarun) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.17.7 (#2428, @xmudrii) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: build using Go 1.17.7 / 1.16.14 (#2429, @xmudrii) [SIG Release]
- Krel/announce: ask for confirmation before sending the email (#2321, @palnabarun) [SIG Release]
- Krel/ff: add an option to define a gcp project to use instead of the default one (#2414, @cpanato) [SIG Release]
- Our utility to manage release publishing
publish-release, now automatically generates an SBOM describing the source code repository and all artifacts uploaded as assets to the GitHub release page. (#2372, @puerco) [SIG Release] - Set next release version to v1.24.0
- golang: Set next candidate to go1.18beta1
- golang: Build 1.18beta1 images and drop temp
bustervariants (#2370, @justaugustus) [SIG Release] - Update cosign to release v1.4.1 (#2352, @cpanato) [SIG Release]
- Update cosign to v1.4.0 release (#2346, @cpanato) [SIG Release]
- [go] Build Go 1.17.6 and 1.16.13 images (#2381, @palnabarun) [SIG Release]
- [go] Build Go 1.17.7 and 1.16.14 images (#2426, @xmudrii) [SIG Release]
- [go] Build go1.17.4 and go1.16.11 images (#2342, @cpanato) [SIG Release]
- [go] Build go1.17.5 and go1.16.12 images (#2351, @cpanato) [SIG Release]
publish-releasenow supports a new--release-notes-fileflag. When defined it will read a file and include its contents in a new section on the release page.- The default template for the GitHub page no longer lists the release assets. The information was redundant as it already listed in the SBOM. (#2403, @puerco) [SIG Release]
Documentation
- Issue/template: remove not needed item and general updates (#2343, @cpanato) [SIG Release]
- Removed
cip-mmandgh2gcsreference from README.md, they're now part of kpromo (#2392, @saschagrunert) [SIG Release]
Failing Test
- The release notes gatherer will now sleep for a minute+random secs when hitting the GitHub API secondary rate limit. (#2324, @puerco) [SIG Release]
Bug or Regression
- Clone tool repo on krel fast-forward if required. (#2413, @saschagrunert) [SIG Release]
- Debian packaging: remove dependency on dh-systemd, which is now part of debhelper, update debhelper requirements to minimum version with dh-systemd included (>= 9.20160709) (#2325, @BenTheElder) [SIG Release]
- Fixed a bug when splitting asset arguments strings that caused publish-release to crash. (#2410, @puerco) [SIG Release]
- Fixed a changelog bug that prevented the links to authors and pull requests to render correctly in the Kubernetes changelog (#2335, @puerco) [SIG Release]
- Fixed krel release-notes git ssh fatal error when using single flag
--create-website-pr(#2421, @csantanapr) [SIG Release] - Krel: fix layout used to parse GCB time (#2366, @xmudrii) [SIG Release]
Other (Cleanup or Flake)
-
Debian: Default to
bullseyevariants -
images: Stop attempting to build outdated variants
Drops variants that:
- have outdated versions of golang
- are building for EOL release branches (#2323, @justaugustus)
-
Krel/announce: update kubernetes-dev email distribution (#2374, @cpanato) [SIG Release]
-
Rebase the main (master) branch instead of merging when syncing with upstream on release (#2348, @xmudrii) [SIG Release]
-
The provenance attestations written while during the Kubernetes release process now conform to the SLSA v0.2 specification. (#2375, @puerco) [SIG Release]
-
Update cosign image to use release v1.5.1 (#2406, @cpanato) [SIG Release]
Dependencies
Added
- github.com/DataDog/datadog-go: v3.2.0+incompatible
- github.com/bits-and-blooms/bitset: v1.2.0
- github.com/checkpoint-restore/go-criu/v5: v5.0.0
- github.com/circonus-labs/circonus-gometrics: v2.3.1+incompatible
- github.com/circonus-labs/circonusllhist: v0.1.3
- github.com/common-nighthawk/go-figure: 734e95f
- github.com/danieljoos/wincred: v1.1.0
- github.com/iancoleman/strcase: v0.2.0
- github.com/lyft/protoc-gen-star: v0.5.3
- github.com/power-devops/perfstat: 5aafc22
- github.com/sagikazarmark/crypt: v0.3.0
- github.com/secure-systems-lab/go-securesystemslib: v0.3.0
- github.com/tj/go-spin: v1.1.0
- github.com/tv42/httpunix: b75d861
- github.com/vbatts/tar-split: v0.11.2
- github.com/yusufpapurcu/wmi: v1.2.2
- sigs.k8s.io/bom: 5dc6709
Changed
- cloud.google.com/go/firestore: v1.1.0 → v1.6.1
- cloud.google.com/go/storage: v1.16.1 → v1.18.2
- cloud.google.com/go: v0.93.3 → v0.99.0
- github.com/Azure/go-ansiterm: d6e3b33 → d185dfc
- github.com/Microsoft/go-winio: v0.5.0 → v0.5.1
- github.com/Microsoft/hcsshim: v0.8.16 → v0.8.23
- github.com/StackExchange/wmi: v1.2.1 → 5d04971
- github.com/armon/go-metrics: f0300d1 → v0.3.10
- github.com/armon/go-radix: 7fddfc3 → v1.0.0
- github.com/cenkalti/backoff/v4: v4.1.1 → v4.1.2
- github.com/census-instrumentation/opencensus-proto: v0.2.1 → v0.3.0
- github.com/cespare/xxhash/v2: v2.1.1 → v2.1.2
- github.com/cilium/ebpf: v0.4.0 → v0.6.2
- github.com/cncf/udpa/go: 5459f2c → 04548b0
- github.com/cncf/xds/go: fbca930 → a8f9461
- github.com/containerd/containerd: v1.5.2 → v1.5.8
- github.com/containerd/stargz-snapshotter/estargz: v0.7.0 → v0.10.1
- github.com/containerd/ttrpc: v1.0.2 → v1.1.0
- github.com/cpuguy83/go-md2man/v2: v2.0.0 → v2.0.1
- github.com/docker/cli: v20.10.7+incompatible → v20.10.12+incompatible
- github.com/docker/docker-credential-helpers: [v0.6.3 → v0.6.4](https://github.com/docker/docker-credential-helpers/compare/v0.6.3......
Contributors
justaugustus, jsturtevant, and 9 other contributors
Assets 2
v0.12.0
v0.12.0
This tag was signed with the committer’s verified signature.
The key has expired.
justaugustus
Stephen Augustus
Changes by Kind
Deprecation
-
Remove vulndash
I'm not a fan of doing this (because it was an intern's work), but
vulndash is undeployed and unmaintained.Given the scope of the work, it creates an attack surface for the
project in an unmaintained state, so we need to remove it. (#2322, @justaugustus)
Feature
- The stage phase of the Kubernetes release process is now SLSA compliant! 🎉
- The anago state object now registers the time the release process starts.
- We now make the GCB BUILD_ID identifier available to krel as an env var to include it in the provenance metadata.
- New go pkg:
provenance. This new package allows projects to generate provenance metadata in in-toto attestations with SLSA compliant predicates. The new package features a scanner to easily add files as subjects in the statement. - The
provenancepackage now has tests and mocks - The staging phase of anago which krel runs now has a new step:
GenerateProvenance(). This step writes a provenance attestation file to makestageSLSA1 compliant. The file describes the building environment and adds the artifacts that will be consumed fromreleaseas subjects in the statement. - The deletion of the Kubernetes source in the staging workspace is now decoupled from the
StageLocalSourceTree()function PushReleaseArtifacts()in the build package now supports uploading single files to the release bucket. Previously only directories could be uploaded with this function.- Optimized the artifact publishing logic to only create the Kubernetes source tarball once. Previously we tarred, compressed and uploaded the whole source tree once for each tag in the release. This is not needed as all releases share the same source. (#2273, @puerco)
- Add a new ci-reporter tool to generate weekly CI Signal Reports (#2309, @palnabarun)
- Added
K8S_ORG,K8S_REPOandK8S_REFenvironment variable support to stage custom k/k forks. (#2074, @saschagrunert) - Artifacts are now verified against the in-toto attestation produced during the staging phase of a release. If validation fails, for now only a warning is reported in the logs. Future builds will abort execution right after validation.
- Config: Add configs for copying GitHub releases to GCS buckets (#2281, @justaugustus)
- Cosign: update cosign to 1.3.1 (#2315, @cpanato)
- Cross: build variants for each k8s release branch (main branch, 1.22, 1.21) (#2253, @cpanato)
- Debian-iptables image now contains /go-runner binary (#2301, @BenTheElder)
- Debian-iptables: Build bullseye-v1.0.0 images
- images: Build go1.17-bullseye variants
- go-runner:v2.3.1-go1.17.1-bullseye.0
- releng-ci (#2210, @justaugustus)
- Debian-iptables:bullseye image now contains /go-runner binary (#2310, @pohly)
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.10 (#2311, @cpanato)
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.8 (#2252, @cpanato)
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.9 (#2290, @cpanato)
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.1 (#2246, @cpanato)
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.2 (#2289, @cpanato)
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.17.3 (#2306, @cpanato)
- Krel: make promote-images work for other k8s and k8s sigs projects (#2280, @CecileRobertMichon)
- New SPDX parser to read and interpret SPDX SBoMs in tag/value format.
- Release notes: Remove author and PR links from Markdown (#2274, @CecileRobertMichon)
- Releases now publish a provenance attestation with a SLSA 0.1 predicate describing all artifacts in the release bucket. (#2300, @puerco)
- Setcap: Build bullseye-v1.0.0 images
- images: Build go1.17-bullseye variants (part two)
- kube-cross:v1.23.0-go1.17.1-bullseye.0
- k8s-ci-builder (#2249, @justaugustus)
- Update
cosignto v1.2.0 (#2251, @cpanato) - Update
cosignto v1.2.1 (#2259, @cpanato) - [go] Build go1.17.2 and go1.16.9 images (#2285, @mengjiao-liu)
- [go] Build go1.17.3 and go1.16.10 images (#2305, @cpanato)
Documentation
- Go.mod: Update sigs.k8s.io/promo-tools/v3 to v3.2.1
...which fixes import issues following the repo rename. (#2255, @justaugustus) - Issue-template: update dep-golang template to remove bazel updates (#2291, @cpanato)
- Krel/promote-images: make error when GitHub token is not provided more verbose
krel/promote-images: update promotion PR body to have the command (#2320, @palnabarun)
Bug or Regression
- Cross: install ip looks like it is not there for bullseye (#2260, @cpanato)
- Fixed table of contents header links containing source code in changelog and release notes generation. (#2277, @saschagrunert)
- New
release.ProvenanceReadeobject handles the generation of provenance subjects during staging. Written in response to a bug found in the intoto subjects included in the attestation, this new object is now more testable. (#2296, @puerco) - Packages: Update minimum Kubernetes version to v1.19.0 (#2295, @justaugustus)
Other (Cleanup or Flake)
- During
anago.release, krel will now download and perform the staged artifact verification in a dedicated directory in the Cloud Build workspace. (#2297, @puerco) - FIxed the help text for
krel cve -f. It now reads "update vulnerability data from a local map file" (#2257, @puerco) - Go.mod: Update sigs.k8s.io/k8s-container-image-promoter to v3.2.0 (#2247, @justaugustus)
Dependencies
Added
- github.com/codahale/rfc6979: 6a90f24
- github.com/google/go-github/v34: v34.0.0
- github.com/google/go-github/v39: v39.2.0
- github.com/in-toto/in-toto-golang: v0.3.3
- github.com/lufia/plan9stats: 39d0f17
- github.com/shibumi/go-pathspec: v1.2.0
- sigs.k8s.io/promo-tools/v3: v3.2.1
Changed
- github.com/go-ole/go-ole: v1.2.5 → v1.2.6
- github.com/gomarkdown/markdown: 8c8b381 → 3b9f472
- github.com/google/go-querystring: v1.0.0 → v1.1.0
- github.com/mitchellh/mapstructure: v1.4.1 → v1.4.2
- github.com/sendgrid/rest: v2.6.4+incompatible → v2.6.5+incompatible
- github.com/sendgrid/sendgrid-go: v3.10.0+incompatible → v3.10.3+incompatible
- github.com/shirou/gopsutil/v3: v3.21.8 → v3.21.10
- github.com/yuin/goldmark: v1.4.1 → v1.4.4
- golang.org/x/crypto: 5ff15b2 → 32db794
- golang.org/x/mod: v0.5.0 → v0.5.1
- golang.org/x/net: abc4532 → aaa1db6
- golang.org/x/sys: 63515b4 → 97ac67d
- golang.org/x/tools: v0.1.5 → v0.1.7
- sigs.k8s.io/mdtoc: v1.0.1 → v1.1.0
- sigs.k8s.io/release-sdk: v0.2.0 → f50f511
- sigs.k8s.io/yaml: v1.2.0 → v1.3.0
Removed
- sigs.k8s.io/k8s-container-image-promoter: v1.339.0
Contributors
pohly, justaugustus, and 7 other contributors
Assets 2
v0.11.0
Changes by Kind
API Change
- Removed
--dependenciesflag fromkrel release-notes, because they will be added during release cut. (#2193, @saschagrunert) [SIG Release]
Feature
- Cosign: Add a public key for testing
Preliminary steps to sign/verify artifacts viacosign.
The process or needs will evolve over time, so we've opted to generate
a "test" key to start. (#2226, @justaugustus) [SIG Release] - Debian-base: Build bullseye-v1.0.0 images (#2209, @justaugustus) [SIG Release]
- Debian-iptables: Build buster-v1.6.7 image (#2237, @wespanther) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.15.15 (#2200, @cpanato) [SIG Release]
- K8s-cloud-builder: Update to v1.23.0-go1.17-buster.0 (#2222, @justaugustus) [SIG Release]
- Kpromo: Initial image building configuration (#2231, @justaugustus) [SIG Release]
- Kube-cross: Drop non-legacy go1.15 variant
-
kube-cross: Remove etcd from non-legacy builds
-
images: Enforce Debian codenames for Golang-based images
When there are multiple image builds in flight both upstream and downstream,
we can run into situations where a new Debian version becomes the default for
image builds, which can have unintended side-effects across release branches.Here we use explicit pairings of Golang/Debian versions to retrieve images
Example:
FROM golang:1.16.7-buster -
kube-cross: Use OS codenames to construct clearer versions for images
Uses the following nomenclature:
v<kubernetes-major>-go<go-major>-<os-codename>.<revision>Example:
v1.23.0-go1.17-buster.0 -
[go1.17] Build images for go1.17
- kube-cross:v1.23.0-go1.17-buster.0
- go-runner:v2.3.1-go1.17-buster.0 (#2211, @justaugustus) [SIG Release]
-
- SPDX: Fixed a bug where the
VARIANT_OFrelationship in multiarch container images was expressed backwards - Update
cosignto v1.1.0 (#2229, @justaugustus) [SIG Release] - [go1.17] Default to go1.17
- dependencies.yaml: Default to go1.17 for image builds
- vulndash: Build v0.4.3-8 image
- dependencies.yaml: Add entry for go.mod
- packages/deb: Update module to go1.17
- images/build/go-runner: Update module to go1.17
- go.mod: Update module to go1.17 (#2223, @justaugustus) [SIG Release]
- [go] Build go1.17.1 and go1.16.8 images (#2239, @cpanato) [SIG Release]
Design
- Migrate
gh2gcsto the promotion tooling repo- Migrate pkg/{git,github,release/regex} to sigs.k8s.io/release-sdk (#2245, @justaugustus) [SIG Release]
Documentation
- Migrate promotion tooling back to CIP repo (#2240, @justaugustus) [SIG Release]
Bug or Regression
- Bom: fix panic when LICENSE file is not found (#2213, @hectorj2f) [SIG Release]
- Fixed a bug in the SPDX package where layer references in single image manifests were not correctly formed (#2206, @puerco) [SIG Release]
- When cutting the packages, we no longer upload .deb files to scratch bucket (#2216, @puerco) [SIG Release]
Other (Cleanup or Flake)
- Images: Update gcb-docker-cloud image to v20210722-085d930 (#2230, @justaugustus) [SIG Release]
- Migrate
pkg/objectandpkg/gcp/gcp.goto sigs.k8s.io/release-sdk (#2232, @justaugustus) [SIG Release] - When generating the packages for a release, we no longer update the /debian/latest marker in k8s-release-dev (#2217, @puerco) [SIG Release]
Dependencies
Added
- cloud.google.com/go/containeranalysis: v0.1.0
- cloud.google.com/go/errorreporting: v0.1.0
- cloud.google.com/go/grafeas: 71387f0
- github.com/google/go-github/v37: v37.0.0
- sigs.k8s.io/release-sdk: v0.2.0
Changed
- cloud.google.com/go/logging: v1.1.2 → v1.4.2
- cloud.google.com/go/storage: v1.12.0 → v1.16.1
- cloud.google.com/go: v0.90.0 → v0.93.3
- github.com/cenkalti/backoff/v4: v4.1.0 → v4.1.1
- github.com/go-logr/logr: v0.4.0 → v0.2.0
- github.com/google/pprof: 4bb14d4 → f964ff6
- github.com/googleapis/gax-go/v2: v2.0.5 → v2.1.0
- github.com/kevinburke/ssh_config: 4977a11 → v1.1.0
- github.com/mattn/go-isatty: v0.0.13 → v0.0.14
- github.com/sergi/go-diff: v1.1.0 → v1.2.0
- github.com/shirou/gopsutil/v3: v3.21.7 → v3.21.8
- github.com/tklauser/go-sysconf: v0.3.7 → v0.3.9
- github.com/tklauser/numcpus: v0.2.3 → v0.3.0
- github.com/yuin/goldmark: v1.4.0 → v1.4.1
- golang.org/x/crypto: 83a5a9b → 5ff15b2
- golang.org/x/mod: v0.4.2 → v0.5.0
- golang.org/x/oauth2: a41e5a7 → 2bc19b1
- golang.org/x/sys: 0f9fa26 → 63515b4
- google.golang.org/api: v0.51.0 → v0.56.0
- google.golang.org/genproto: 7823e68 → 66f60bf
- google.golang.org/grpc: v1.39.0 → v1.40.0
- k8s.io/gengo: 83324d8 → 3a45101
- k8s.io/klog/v2: v2.9.0 → v2.4.0
- sigs.k8s.io/k8s-container-image-promoter: v1.337.0 → v1.339.0
Removed
- github.com/joefitzgerald/rainbow-reporter: v0.1.0
- k8s.io/code-generator: v0.19.7
v0.10.0
v0.10.0
This tag was signed with the committer’s verified signature.
The key has expired.
cpanato
Carlos Tadeu Panato Junior
Changes by Kind
Feature
- Allows more options to be passed to the SPDX document builder
- File analysis is now done in parallel speeding the kubernetes bom generation significally
- When generating a SPDX package from a directory, file paths will now be relative to the dir root
- Golang packages that have local replacements will be honored saving a considerable amount of downloads
- Fixed a bug where we would erase the local golang package install
- Fixed a bug where license data would be saved in the download cache directory, resulting in the license classifier having a lower accuracy
- Golang packages will now include all license text in the SBOM as well as the SPDX license identifier
- New function
license.ReadTopLicense()will scan and return only the most significant license in a directory, potentially avoiding thousands of operations in the classifier code. (#2096, @puerco) [SIG Release]
- Apache-2.0 is now defined as the default and expressed license in packages
- The SPDX package now supports ExternalDocRef making it possible to define external documents related to an SBOM
- Added functions to the
releasepackage to get the produced artifacts (ListBuildImages, ListBuildTarballs, ListBuildBinaries) - Added release tarballs (client, server, node) to artifacts SBOM
- Binaries are now listed with their correct relative paths in the artifacts SBOM
- FIxed a bug where SPDX Ids would clash when two packages shared the same base image
- The source code SBOM is now referenced by the artifacts sbom packages as GENERATED_FROM
- Added tests to ensure SPDX Relationships render correctly (#2156, @puerco) [SIG Release]
- Changed archived Kubernetes release sources to be compressed as tarball (#2130, @saschagrunert) [SIG Release]
- Debian-base: Build buster-v1.8.0 image (#2135, @jindijamie) [SIG Release]
- Debian-base: Build buster-v1.9.0 image (#2189, @justaugustus) [SIG Release]
- Debian-iptables: Build buster-v1.6.5 image
- setcap: Build buster-v2.0.3 image (#2142, @justaugustus) [SIG Release]
- Debian-iptables: Build buster-v1.6.6 image
- setcap: Build buster-v2.0.4 image (#2192, @justaugustus) [SIG Release]
- Fixed a bug that was causing errors downloading go packages, except for a few specific deps, we now have licensing data for all packages.
- Correct a bug where HTML entities were being introduced into the spdx licenses and output. The code was wrongly using html/template instead of text/template.
- There is now a new Relationship type and a better way to relate objects among themselves via a new
spdx.Objectinterface - New SPDX object interface. This is important as we will start having functions that can take either packages or files, hence we create the interface to address them both
- Changes the way image references are treated when generating an SBOM from an image reference. Now, The spdx package will now fetch all images for all architectures found
- New function to generates a valid SPDX ID string, optionally it can take strings as seeds to generate a more intuitive ID for packages and files.
- Fixes a bug where month and day were in the wrong order in the SPDX document date. (#2147, @puerco) [SIG Release]
- K8s-ci-builder: Add 1.22 variant, drop 1.18 variant
- k8s-ci-builder: Add 1.23 variant
- k8s-ci-builder: Build go1.16.6 images
- k8s-cloud-builder: Build v1.17.0-rc.1-1 image (#2168, @justaugustus) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.15.15 (#2200, @cpanato) [SIG Release]
- K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.7 (#2198, @cpanato) [SIG Release]
- K8s-cloud-builder: Build image using go1.16.6 (#2163, @puerco) [SIG Release]
- K8s-cloud-builder: Build v1.17.0-rc.2-1 image (#2190, @justaugustus) [SIG Release]
- Schedule-builder: add new field (#2173, @cpanato) [SIG Release]
- Stage now runs completely without setting the github token in the k/k clone remote configuration
- The
binary.Binaryobject has a new methodContainsString()that allows for searching inside the binary for one or more strings.- The release process now has a new step during staging:
VerifyArtifacts. Where during which we will perform checks of the artifacts we produce. - Binaries are now checked to ensure they are of the expected platform/arch
- The version tag in binaries is now checked to ensure they match each release version tag
- Fixed a bug in
release.ListBuildBinarieswhere server and client tarballs were wrongly included in the output. (#2160, @puerco) [SIG Release]
- The release process now has a new step during staging:
- Update
dependencies.yaml1.15 to use Go 1.15.14 - When running release from a non-main branch, krel will now merge any commits before pushing the branch back to github, avoiding conflicts due to divergent branches. (#2128, @puerco) [SIG Release]
- When staging a new kubernetes build,
krelwill now prewarm the license cache to have the classifier data ready when generating the bill of materials.- The release process staging phase now has a
GenerateBillOfMaterials()step that builds the SPDX documents. - We now create an SPDX SBOM describing the Kubernetes source during staging
- Each version in a release now features an SPDX bill of materials listing its binaries and images
- stage.GenerateBillOfMaterials() now has an integration test (#2095, @puerco) [SIG Release]
- The release process staging phase now has a
- [go1.15] Update kubernetes/kubernetes dependents to use Go 1.15.13
- k8s-cloud-builder: Build v1.15.13-legacy-1/v1.15.13-1 image
- k8s-ci-builder: Build image variants using Go 1.15.13 (#2122, @thejoycekung) [SIG Release]
- [go1.16] Update kubernetes/kubernetes dependents to use go1.16.5
- [go1.17] Build images for go1.17rc1 (#2117, @justaugustus) [SIG Release]
- [go1.17] Build images for go1.17rc2 (#2188, @justaugustus) [SIG Release]
- [go] go1.16.5 and go1.15.13 updates
- [go] go1.16.6 and go1.15.14 updates
- kube-cross: Build v1.16.6-1 and v1.15.14-1 images
- go-runner: Build v2.3.1-go1.16.6-buster.0 and v2.3.1-go1.15.14-buster.0
- releng-ci: build iamge for go1.16.6 and go1.15.14
- kubepkg/packages-deb: update base image to go1.16.6 (#2162, @mengjiao-liu) [SIG Release]
- [go] go1.16.7 and go1.15.15 updates
- go-runner: Build v2.3.1-go1.16.7-buster.0 and v2.3.1-go1.15.15-buster.0
- releng-ci: build image for go1.16.6 and go1.15.15
- kube-cross: Build v1.16.7-1 and v1.15.15-1 images
- kubepkg/packages-deb: update base image to go1.16.7
- k8s-cloud-builder: Build v1.16.7-1 / v1.15.15-1 / v1.15.15-legacy-1 images (#2197, @cpanato) [SIG Release]
PrerequisitesCheckernos has options, currently the only one isCheckGitHubToken. This bool allows us to run without setting the GITHUB_TOKEN variable when not needed (#2138, @puerco) [SIG Release]
Documentation
- Add documentation for the
bomutility- In-depth HOWTO guide to generating an SPDX Bill of ...
v0.9.0
v0.9.0
This tag was signed with the committer’s verified signature.
The key has expired.
justaugustus
Stephen Augustus
Changes by Kind
Deprecation
- Remove hyperkube references (#2018, @justaugustus) [SIG Release]
Feature
-
Added i386 crossbuild toolchain to kube-cross. (#2086, @saschagrunert) [SIG Release]
-
Bump
k8s-cloud-builderto version v1.16.4-2 (#2093, @puerco) [SIG Release] -
Debian-base: Build buster-v1.6.0 image (#1991, @justaugustus) [SIG Release]
-
Debian-base: Build buster-v1.7.0 image (#2080, @justaugustus) [SIG Release]
-
Debian-iptables: Build buster-v1.6.0 image (#1983, @wespanther) [SIG Release]
-
Debian-iptables: Build buster-v1.6.1 image
- setcap: Build buster-v2.0.1 image (#2082, @justaugustus) [SIG Release]
-
Dependency updates:
- github.com/spf13/cobra from 1.1.1 to 1.1.3
- github.com/go-git/go-git/v5 from 5.2.0 to 5.3.0
- github.com/google/uuid from 1.1.4 to 1.2.0
- github.com/sendgrid/rest from from 2.6.2 to 2.6.3
- github.com/cheggaaa/pb/v3 from 3.0.5 to 3.0.8 (#2042, @justaugustus) [SIG Release]
-
Deps: Update sigs.k8s.io/release-utils to v0.2.1 (#2052, @justaugustus) [SIG Release]
-
Hack: Allow verify-dependencies to succeed when GOBIN is missing
- [go] go1.16.4 and go1.15.12 updates
- kube-cross: Build v1.16.4-1 and v1.15.12-1 images
- go-runner: Build v2.3.1-go1.16.4-buster.0 and v2.3.1-go1.15.12-buster.0
- releng-ci: Build v0.5.2 image using go1.16.4 (#2059, @justaugustus) [SIG Release]
-
K8s-cloud-builder: Build v1.15.12-legacy-1/v1.15.12-1 image
-
Kube-cross: Adds mingw-w64 for Windows binary compilation
- kube-cross: Build v1.16.1-2 image (#1978, @claudiubelu) [SIG Release and Windows]
-
Kube-cross: Build v1.15.11-1 / v1.15.11-legacy-1 image
-
New
SPDXpackage for generating SPDX compliant manifests of artifacts.- The
licensepackage now includes a newCatalogobject to interact with spdx license data - First set of image analyzers to enrich the BOM generated for the go-runner and distroless base images
- Corrects a bug with the license downloader where license data was not available when first downloaded. (#2064, @puerco) [SIG Release]
- The
-
New
bomutility allows software authors to generate spdx manifests for projects. Allows adding files and images to the manifest. (#2066, @puerco) [SIG Release] -
New
krel cvesubcommand to handle CVE data information in the release bucket. Allow a release manager to upload, delete and edit CVE data files that publish vulnerability information in the changelog. (#1995, @puerco) [SIG Release] -
Releng-ci: Enable building multiple image variants (#2089, @justaugustus) [SIG Release]
-
Setcap: Build buster-v2.0.0 image
Uses debian-base:buster-v1.6.0.
Note: the image major version is arbitrarily bumped here to dissuade any
inferences that it must match the debian-base image tag (#1992, @justaugustus) [SIG Release] -
The SPDX package can now index the contents of a directory and produce a Package listing all contents. Directories can be specified by
-d/--directory- go.mod support: We now recognize directories that are golang modules. If a
go.modfile is found, the spdx object will now download, scan them for licensing data and create packages which are then linked to the directory package as dependencies - Full support for
.gitignoreexclusions: WHen indexing a directory, the spdx object will detect a.gitignorefile and honor the files excluded by patterns in it. - The last two features can be turned on and of by passing
--no-gomodand--no-gitignorerespectively tobom generate --ignoreflag inbom: In addition to the gitignore exclusions, a user can add more patterns with--ignorebomwill now take directories as arguments to make simple use more intuitive:bom -n namespace .(#2077, @puerco) [SIG Release]
- go.mod support: We now recognize directories that are golang modules. If a
-
The SPDX package now has unit and integration tests (#2069, @puerco) [SIG Release]
-
Verify cosign signatures of distroless base images
- go-runner: Build v2.3.1-go1.16.3-buster.1 image
- go-runner: Build v2.3.1-go1.15.11-buster.1 image (#2016, @justaugustus) [SIG Release]
-
Vulndash: Build v0.4.3-7
- kube-cross: Build v1.16.3-1 image
- go-runner: Build v2.3.1-go1.16.3-buster.0 image
- packages: Update debs build image to use go1.16.3
- releng-ci: Build v0.5.1 image (#2006, @justaugustus) [SIG Release]
-
When cutting a patch release, anago/stage will now read CVE information from a bucket, the CVE information read from the cloned data will be added to the changelog when it is generated. (#1996, @puerco) [SIG Release]
-
[go1.15] Update kubernetes/kubernetes dependents to use go1.15.11
-
[go1.16] Update kubernetes/kubernetes dependents to use go1.16.3
- k8s-cloud-builder: Build v1.16.3-1 image (#2008, @justaugustus) [SIG Release]
-
[go1.16] Update kubernetes/kubernetes dependents to use go1.16.4
- k8s-cloud-builder: Build v1.16.4-1 image
- k8s-ci-builder: Build image variants using go1.16.4 (#2061, @justaugustus) [SIG Release]
-
bom generatewill now perform go package downloads in parallel- When generating an sbom from a go module directory,
bomwill now list all transient dependencies by default. A new flag--no-transientcan be used to only include direct dependencies in the document. - Reduced the output of the license package by moving some of the output to Debug.
- FIxed a bug where the license package would sometimes crash due to a division by zero. (#2085, @puerco) [SIG Release]
- When generating an sbom from a go module directory,
-
krel releasewill now check its inputs locally before submitting a GCB job.
Failing Test
- Dependencies: Add Golang entries for previous release branches (#2001, @justaugustus) [SIG Release]
- K8s-ci-builder: Add 1.21 branch variant
-
k8s-ci-builder: Match go version of the builder image with k/k@dev
This builder image is responsible for running compile-release-tools and
copying in tooling likekrelinto the final image.AFAIK, the compiled RelEng tools have no requirement to exactly match
the Golang version of all active kubernetes/kubernetes release branches.In instances where we make changes to releng tooling which are
backwards-incompatible, we have the possibility to cause image build
failures for other branch variants (as is currently happening). (#2003, @justaugustus) [SIG Release]
-
- K8s-ci-builder: Fix
CONFIGsubstitution for1.21variant (#2004, @justaugustus) [SIG Release]
Bug or Regression
- Fix a bug in
gcs.PathExists()where nonexisting paths would always return an error (instead of false). Now the function can actually be used to check for the non existence of a file. (#2030, @puerco) [SIG Release] - Fixed release notes list manipulation (
*→-) which falsely replaced bold markdown text. ([#2056](https://github.com/kube...
v0.8.0
Changes by Kind
Feature
- Added
hashpackage to unify file based hash creation (#1875, @saschagrunert) [SIG Release] - Added
kubecrosspackage to retrieve kube-cross image versions (latest or for a branch). (#1969, @saschagrunert) [SIG Release] - Added a new flag to
release-notes:--list-v2. When defined, it enables the new release notes list code which looks up release notes from merge PRs. (#1925, @puerco) [SIG Release] - Added a new setcap image, that can be used to apply capabilities to the k8s binaries when we build the server-images. (#1684, @vinayakankugoyal) [SIG Release]
- Cross: create new variant with protobuf version 3.0.2 (#1915, @cpanato)
- Downgrade logs on attempting to lookup PRs by commit to Debug as they are filling up console noisily, obstructing the progress log.
- Introducing
--list-v2feature flag tokrel release-notes. Behind a feature gate:- Looks up for the commit history from the local copy of k/k instead of GitHub API call.
- The new approach traverses Git history by left parents, only looking for PR information from the merge commits and thus reducing the API calls to GitHub, which should decrease the amount of rate limit errors users are receiving.
- Incidentally, this fixes a "bug" in previous implementation of including a "merged in the future" PR. (#1888, @wilsonehusin) [SIG Release]
- Introducing
- Go-runner: Build v2.3.1-go1.16rc1-buster.0 image
- vulndash: Build v0.4.3-4 image (using go1.16rc1)
- releng-ci: Build v0.3.0 image (using go1.16rc1)
- kube-cross: Build v1.16.0-rc.1-2 image (using go1.16rc1) (#1917, @justaugustus) [SIG Release]
- Golang bump to 1.15.8 resulting in the following new images:
- Images: Build debian-base:buster-v1.5.0 (#1957, @wespanther) [SIG Release]
- K8s-cloud-builder: Build v1.16.1-1 image
- k8s-ci-builder: Build default variant using go1.16.1
- k8s-ci-builder: Update 1.20 and 1.19 variants to go1.15.8 (#1941, @justaugustus) [SIG Release]
- Krel will now log into docker hub using a release engineering account to allow for more image pulls (#1979, @puerco) [SIG Release]
- Kube-cross: Build v1.15.10-1 / v1.15.10-legacy-1 image
- Kube-cross: Build v1.15.9-1 / v1.15.9-legacy-1 image
- Kube-cross: Build v1.16.0-1 image
- go-runner: Build v2.3.1-go1.16-buster.0 image
- releng-ci: Build v0.4.0 image
- vulndash: Build v0.4.3-5 image (#1920, @justaugustus) [SIG Release]
- Kube-cross: Build v1.16.0-rc.1-2 image (using go1.16rc1) (#1918, @justaugustus) [SIG Release]
- Kube-cross: Build v1.16.1-1 image
- go-runner: Build v2.3.1-go1.16.1-buster.0 image
- releng-ci: Build v0.5.0 image
- vulndash: Build v0.4.3-6 image (#1937, @justaugustus) [SIG Release]
- New
licensepackage adds the capability to scan source directories, locate license files and classify them to match OSS licenses in the SPDX catalog. (#1874, @puerco) [SIG Release] - New function
github.CreateIssueto file new issues in a GitHub repository (#1964, @puerco) [SIG Release] - New function
github.GetMilestone()that queries the GitHub API to find a given milestone in a repository from its title string (#1965, @puerco) [SIG Release] - Support custom BASEIMAGE for kube-cross (#1967, @chewong)
- Update Golang-based images to go1.16rc1
- kube-cross: Build v1.16.0-rc.1-1 image
- go-runner: Build buster-v2.3.0 image
- releng-ci: Build v0.2.0 image
- vulndash: Build v0.4.3-2 image (#1882, @justaugustus) [SIG Release]
- Update debian-hyperkube-base to v1.4.0 which is now a sane multi-architecture image. (#1878, @saschagrunert) [SIG Release]
- Update debian-iptables to v1.5.0 which is now a sane multi-architecture image. (#1877, @saschagrunert) [SIG Release]
krelwill now create the publishing bot issue ink8s-release-robot/sig-releasewhen creating the release branch (#1966, @puerco) [SIG Release]
Design
- Release notes libraries will now recognize CVE information in the
datafieldssection of the release notes map files.
Failing Test
hack/packages/verify-published.shwill skip v1.20.3 when checking packages as none were produced (#1928, @puerco) [SIG Release]
Bug or Regression
- Fix bug where returned errors from certain functions un in
krel release-noteswere overwritten by deferred function calls (#1894, @puerco) [SIG Release] - Fixed use of --create-website-pr flag to krel release-notes (#1690, @JamesLaverack) [SIG Release]
- Go.mod: Update github.com/containers/image/v5 to v5.10.4 (#1931, @justaugustus) [SIG Release]
- Image promotion pull requests are now created against
maininkubernetes/k8s.ioas the default branch has been renamed, (#1901, @puerco) [SIG Release] - Jobs in GCB now fall back to latest version of kubecross when the release branch does not exist (#1974, @puerco) [SIG Release]
- K8s-rapture will now check if debs and RPMs exist before calling
rapture addpkg(#1923, @puerco) [SIG Release] - The GitHub package now has a basic options struct to control how it behaves
Other (Cleanup or Flake)
- Enable parallel Kubernetes build on
krel stage(#1795, @saschagrunert) [SIG Release] - Move references from TOOL_BRANCH to be TOOL_REF (#1906, @cpanato) [SIG Release]
- Prettify / indent JSON output of krel release-notes (#1879, @wilsonehusin) [SIG Release]
- Removed
stage-ciMakefile target since it is not used. (#1981, @saschagrunert) [SIG Release] - Switch to hardcoded releng-ci:v0.5.0 image to build
krelin GCB release jobs (#1961, @puerco) [SIG Release] - Switch to hardcoded releng-ci:v0.5.0 image to build
krelin GCB jobs (#1959, @puerco) [SIG Release] - The following packages have been migrated to sigs.k8s.io/release-utils:
- pkg/command
- pkg/editor
- pkg/hash
- pkg/http
- pkg/log
- pkg/tar
- pkg/util (#1934, @justaugustus) [SIG Release]
- To avoid having commits merged between BuildVersion and the tag,
stage.TagRepository()will now check out ...