Kubernetes release 1.27.0
- The
IPv6DualStack feature gate for external cloud providers was removed. - Pods with RestartPolicy=Always may enter the Succeeded phase due to pod deletion and graceful node shutdown.
- In-tree cloud provider for AWS and the EBS storage plugin has been removed. Use the external cloud provider and CSI driver instead.
- Deprecated
spec.externalID field for a Node now shows warnings. - Warnings added for Services with IPv4 addresses with leading zeros and non-canonical IPv6 addresses.
- Removed alpha seccomp annotations; use
securityContext.seccompProfile instead. - The
SecurityContextDeny admission plugin is deprecated.
- Fixed error in
resource.k8s.io/v1alpha1/ResourceClaim API validation. - Renamed
resource.k8s.io/v1alpha1/PodScheduling to resource.k8s.io/v1alpha2/PodSchedulingContext. - Added CEL runtime cost calculation to ValidatingAdmissionPolicy.
- Added
auditAnnotations to ValidatingAdmissionPolicy. - New IPAddress object kind and ClusterIP allocator introduced.
- New alpha API: ClusterTrustBundle (
certificates.k8s.io/v1alpha1). - Various improvements to ValidatingAdmissionPolicy and its bindings.
- New client side metric
rest_client_request_retries_total added. - Performance improvements for
kube-proxy in iptables mode. - New scheduler preemption support for pods using
ReadWriteOncePod PVCs. - Promoted
PodSchedulingReadiness to beta. - Kubernetes is now built with Go 1.20.3.
- API for streaming added with
SendInitialEvents field to ListOptions.
- Fixed potential data races retrying requests with custom
io.Reader body in client-go. - Fixed incorrect watch events when watch is initialized with reinitializing watchcache.
- Fixed bug in reflector that couldn't recover from
Too large resource version errors. - Fixed various issues with
Winkernel Proxier in IPV6 and LoadBalancer policies. - Corrected issue with CSI migrated volume detachment when CSI driver is not running.
- Addressed issue with file permissions during update of
Secret/ConfigMap/projected volume when fsGroup is used.