Skip to content

v0.9.0

Choose a tag to compare

View all tags
@justaugustus justaugustus released this 01 Jun 00:39
· 3619 commits to master since this release
v0.9.0
This tag was signed with the committer’s verified signature. The key has expired.
justaugustus Stephen Augustus
GPG key ID: 5C9566007B24BDA9
Expired
Verified
Learn about vigilant mode.
b713f2d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Changes by Kind

Deprecation

Feature

  • Added i386 crossbuild toolchain to kube-cross. (#2086, @saschagrunert) [SIG Release]

  • Bump k8s-cloud-builder to version v1.16.4-2 (#2093, @puerco) [SIG Release]

  • Debian-base: Build buster-v1.6.0 image (#1991, @justaugustus) [SIG Release]

  • Debian-base: Build buster-v1.7.0 image (#2080, @justaugustus) [SIG Release]

  • Debian-iptables: Build buster-v1.6.0 image (#1983, @wespanther) [SIG Release]

  • Debian-iptables: Build buster-v1.6.1 image

  • Dependency updates:

    • github.com/spf13/cobra from 1.1.1 to 1.1.3
    • github.com/go-git/go-git/v5 from 5.2.0 to 5.3.0
    • github.com/google/uuid from 1.1.4 to 1.2.0
    • github.com/sendgrid/rest from from 2.6.2 to 2.6.3
    • github.com/cheggaaa/pb/v3 from 3.0.5 to 3.0.8 (#2042, @justaugustus) [SIG Release]

  • Deps: Update sigs.k8s.io/release-utils to v0.2.1 (#2052, @justaugustus) [SIG Release]

  • Hack: Allow verify-dependencies to succeed when GOBIN is missing

    • [go] go1.16.4 and go1.15.12 updates
    • kube-cross: Build v1.16.4-1 and v1.15.12-1 images
    • go-runner: Build v2.3.1-go1.16.4-buster.0 and v2.3.1-go1.15.12-buster.0
    • releng-ci: Build v0.5.2 image using go1.16.4 (#2059, @justaugustus) [SIG Release]

  • K8s-cloud-builder: Build v1.15.12-legacy-1/v1.15.12-1 image

    • k8s-ci-builder: Build image variants using go1.15.12 (#2063, @cpanato) [SIG Release]

  • Kube-cross: Adds mingw-w64 for Windows binary compilation

  • Kube-cross: Build v1.15.11-1 / v1.15.11-legacy-1 image

    • go-runner: Build v2.3.1-go1.15.11-buster.0 image (#1985, @cpanato)

  • New SPDX package for generating SPDX compliant manifests of artifacts.

    • The license package now includes a new Catalog object to interact with spdx license data
    • First set of image analyzers to enrich the BOM generated for the go-runner and distroless base images
    • Corrects a bug with the license downloader where license data was not available when first downloaded. (#2064, @puerco) [SIG Release]

  • New bom utility allows software authors to generate spdx manifests for projects. Allows adding files and images to the manifest. (#2066, @puerco) [SIG Release]

  • New krel cve subcommand to handle CVE data information in the release bucket. Allow a release manager to upload, delete and edit CVE data files that publish vulnerability information in the changelog. (#1995, @puerco) [SIG Release]

  • Releng-ci: Enable building multiple image variants (#2089, @justaugustus) [SIG Release]

  • Setcap: Build buster-v2.0.0 image

    Uses debian-base:buster-v1.6.0.

    Note: the image major version is arbitrarily bumped here to dissuade any
    inferences that it must match the debian-base image tag (#1992, @justaugustus) [SIG Release]

  • The SPDX package can now index the contents of a directory and produce a Package listing all contents. Directories can be specified by -d/--directory

    • go.mod support: We now recognize directories that are golang modules. If a go.mod file is found, the spdx object will now download, scan them for licensing data and create packages which are then linked to the directory package as dependencies
    • Full support for .gitignore exclusions: WHen indexing a directory, the spdx object will detect a .gitignore file and honor the files excluded by patterns in it.
    • The last two features can be turned on and of by passing --no-gomod and --no-gitignore respectively to bom generate
    • --ignore flag in bom: In addition to the gitignore exclusions, a user can add more patterns with --ignore
    • bom will now take directories as arguments to make simple use more intuitive: bom -n namespace . (#2077, @puerco) [SIG Release]

  • The SPDX package now has unit and integration tests (#2069, @puerco) [SIG Release]

  • Verify cosign signatures of distroless base images

    • go-runner: Build v2.3.1-go1.16.3-buster.1 image
    • go-runner: Build v2.3.1-go1.15.11-buster.1 image (#2016, @justaugustus) [SIG Release]

  • Vulndash: Build v0.4.3-7

    • kube-cross: Build v1.16.3-1 image
    • go-runner: Build v2.3.1-go1.16.3-buster.0 image
    • packages: Update debs build image to use go1.16.3
    • releng-ci: Build v0.5.1 image (#2006, @justaugustus) [SIG Release]

  • When cutting a patch release, anago/stage will now read CVE information from a bucket, the CVE information read from the cloned data will be added to the changelog when it is generated. (#1996, @puerco) [SIG Release]

  • [go1.15] Update kubernetes/kubernetes dependents to use go1.15.11

    • k8s-cloud-builder: Build v1.15.11-1 / v1.15.11-legacy-1 image (#2009, @cpanato) [SIG Release]

  • [go1.16] Update kubernetes/kubernetes dependents to use go1.16.3

  • [go1.16] Update kubernetes/kubernetes dependents to use go1.16.4

    • k8s-cloud-builder: Build v1.16.4-1 image
    • k8s-ci-builder: Build image variants using go1.16.4 (#2061, @justaugustus) [SIG Release]

  • bom generate will now perform go package downloads in parallel

    • When generating an sbom from a go module directory, bom will now list all transient dependencies by default. A new flag --no-transient can be used to only include direct dependencies in the document.
    • Reduced the output of the license package by moving some of the output to Debug.
    • FIxed a bug where the license package would sometimes crash due to a division by zero. (#2085, @puerco) [SIG Release]

  • krel release will now check its inputs locally before submitting a GCB job.

    • The release.IsValidReleaseBuild() function will now do a better validation of the BuildVersion option.
    • Options in krel now perform a better check of the BuildVersion string in addition to parsing it as SemVer (#2024, @puerco) [SIG Release]

Failing Test

  • Dependencies: Add Golang entries for previous release branches (#2001, @justaugustus) [SIG Release]
  • K8s-ci-builder: Add 1.21 branch variant

    • k8s-ci-builder: Match go version of the builder image with k/k@dev

      This builder image is responsible for running compile-release-tools and
      copying in tooling like krel into the final image.

      AFAIK, the compiled RelEng tools have no requirement to exactly match
      the Golang version of all active kubernetes/kubernetes release branches.

      In instances where we make changes to releng tooling which are
      backwards-incompatible, we have the possibility to cause image build
      failures for other branch variants (as is currently happening). (#2003, @justaugustus) [SIG Release]

  • K8s-ci-builder: Fix CONFIG substitution for 1.21 variant (#2004, @justaugustus) [SIG Release]

Bug or Regression

  • Fix a bug in gcs.PathExists() where nonexisting paths would always return an error (instead of false). Now the function can actually be used to check for the non existence of a file. (#2030, @puerco) [SIG Release]

  • Fixed release notes list manipulation (*-) which falsely replaced bold markdown text. (#2056, @saschagrunert) [SIG Release]

  • Fixed tag sorting in git.TagsForBranch() for recent versions of git (#2025, @saschagrunert) [SIG Release]

  • Kube-cross: Build v1.16.3-canary-2 image (#2007, @justaugustus)

  • Pkg/changelog: Add missing "Source Code" heading, fix upper-case consistency in headings, and remove duplicates (#2020, @jihoon-seo) [SIG Release]

  • Pkg/cip: Revert os/io go1.16 changes

    sigs.k8s.io/k8s-container-image-promoter is currently stuck on go1.15
    due to a variety of bazel dependency updates that are not straightforward
    to untangle.

    Due to the incompatibility of the updated os/io packages with go1.15, we're
    no longer able to update k/release in k-sigs/cip.

    This commit reverts the go1.16 os/io usage to the go1.15-compatible ioutil
    methods. (#2097, @justaugustus) [SIG Release]

Other (Cleanup or Flake)

  • Added info log notice if a release note got excluded because of required author mismatch (#2010, @saschagrunert) [SIG Release]

  • Dependencies.yaml: Update zeitgeist to v0.3.0 (#1933, @justaugustus) [SIG Release]

  • Gcb: Remove build prototype job

    This GCB config was initially created to mock the kubernetes_build
    bootstrap scenario in preparation for moving Kubernetes builds to
    community infra.

    Given we've since:

    • created krel
    • removed anago and other shell-based utilities
    • begun moving kubernetes build jobs to krel ci-build

    this build config is no longer required. (#2019, @justaugustus) [SIG Release]

  • Krel release-notes publishes release-notes-draft{.md,.json} under release-notes/ directory (#1922, @wilsonehusin) [SIG Release]

  • Pkg/cip: Migrate packages back to k-sigs/cip (#2101, @justaugustus) [SIG Release]

  • Pkg/release: Remove dependency on skopeo binary (#2062, @justaugustus) [SIG Release]

  • krel cve write has been eliminated, its functionality now lives in krel cve edit (#2028, @puerco) [SIG Release]

Dependencies

Added

  • github.com/ProtonMail/go-crypto: 04723f9
  • github.com/acomagu/bufpipe: v1.0.3
  • github.com/andybalholm/brotli: v1.0.0
  • github.com/docopt/docopt-go: ee0de3b
  • github.com/dsnet/compress: v0.0.1
  • github.com/dsnet/golib: 1ea1667
  • github.com/golang/snappy: v0.0.1
  • github.com/hashicorp/go-hclog: v0.9.2
  • github.com/hashicorp/go-retryablehttp: v0.6.4
  • github.com/jmespath/go-jmespath/internal/testify: v1.5.1
  • github.com/matryer/is: v1.2.0
  • github.com/mholt/archiver/v3: v3.5.0
  • github.com/nwaples/rardecode: v1.1.0
  • github.com/pierrec/lz4/v4: v4.0.3
  • github.com/rivo/uniseg: v0.2.0
  • github.com/tklauser/go-sysconf: v0.3.4
  • github.com/tklauser/numcpus: v0.2.1
  • github.com/xanzy/go-gitlab: v0.43.0
  • github.com/xi2/xz: 48954b6
  • sigs.k8s.io/k8s-container-image-promoter: v1.337.0
  • sigs.k8s.io/structured-merge-diff/v4: v4.0.1
  • sigs.k8s.io/zeitgeist: v0.3.0

Changed

Removed

  • github.com/14rcole/gopopulate: b175b21
  • github.com/Azure/azure-sdk-for-go: v42.3.0+incompatible
  • github.com/Azure/go-autorest/autorest/adal: v0.9.5
  • github.com/Azure/go-autorest/autorest/date: v0.3.0
  • github.com/Azure/go-autorest/autorest/mocks: v0.4.1
  • github.com/Azure/go-autorest/autorest/to: v0.3.0
  • github.com/Azure/go-autorest/autorest/validation: v0.2.0
  • github.com/Azure/go-autorest/autorest: v0.10.2
  • github.com/Azure/go-autorest/logger: v0.1.0
  • github.com/Azure/go-autorest/tracing: v0.6.0
  • github.com/Azure/go-autorest: v14.2.0+incompatible
  • github.com/GoogleCloudPlatform/k8s-cloud-provider: 27a4ced
  • github.com/Microsoft/hcsshim: v0.8.14
  • github.com/acarl005/stripansi: 5a71ef0
  • github.com/checkpoint-restore/go-criu/v4: v4.0.2
  • github.com/cilium/ebpf: a9f01ed
  • github.com/cockroachdb/datadriven: 80d97fb
  • github.com/containerd/cgroups: 0dbf7f0
  • github.com/containerd/console: v1.0.0
  • github.com/containerd/continuity: aaeac12
  • github.com/containerd/fifo: a9fb20d
  • github.com/containerd/go-runc: 5a6d9f3
  • github.com/containerd/ttrpc: 0e0f228
  • github.com/containerd/typeurl: a93fcdb
  • github.com/containers/image/v5: v5.10.4
  • github.com/containers/libtrust: 14b9617
  • github.com/containers/ocicrypt: v1.0.3
  • github.com/containers/storage: v1.24.8
  • github.com/coreos/go-oidc: v2.1.0+incompatible
  • github.com/coreos/go-systemd/v22: v22.0.0
  • github.com/cyphar/filepath-securejoin: v0.2.2
  • github.com/dnaeon/go-vcr: v1.0.1
  • github.com/docker/go-metrics: v0.0.1
  • github.com/docker/libtrust: aabc10e
  • github.com/docker/spdystream: 449fdfc
  • github.com/dustin/go-humanize: v1.0.0
  • github.com/elazarl/goproxy: 947c36d
  • github.com/evanphx/json-patch: 162e562
  • github.com/form3tech-oss/jwt-go: v3.2.2+incompatible
  • github.com/godbus/dbus/v5: v5.0.3
  • github.com/gophercloud/gophercloud: v0.1.0
  • github.com/gregjones/httpcache: 9cad4c3
  • github.com/juju/ansiterm: 720a095
  • github.com/lunixbochs/vtclean: 2d01aac
  • github.com/manifoldco/promptui: v0.8.0
  • github.com/mattn/go-shellwords: v1.0.10
  • github.com/mistifyio/go-zfs: v2.1.1+incompatible
  • github.com/moby/sys/mountinfo: v0.4.0
  • github.com/mrunalp/fileutils: 7d4729f
  • github.com/mtrmac/gpgme: v0.1.2
  • github.com/mxk/go-flowrate: cca7078
  • github.com/opencontainers/runc: v1.0.0-rc91
  • github.com/opencontainers/runtime-spec: 237cc4f
  • github.com/opencontainers/selinux: v1.8.0
  • github.com/ostreedev/ostree-go: 759a8c1
  • github.com/peterbourgon/diskv: v2.0.1+incompatible
  • github.com/pquerna/cachecontrol: 0dec1b3
  • github.com/pquerna/ffjson: dac163c
  • github.com/remyoudompheng/bigfft: 52369c6
  • github.com/rubiojr/go-vhd: 0bfd3b3
  • github.com/satori/go.uuid: v1.2.0
  • github.com/seccomp/libseccomp-golang: v0.9.1
  • github.com/syndtr/gocapability: d983527
  • github.com/tchap/go-patricia: v2.3.0+incompatible
  • github.com/urfave/cli: v1.22.2
  • github.com/vbatts/tar-split: v0.11.1
  • github.com/vbauerster/mpb/v5: v5.4.0
  • github.com/vdemeester/k8s-pkg-credentialprovider: f1d1696
  • github.com/vishvananda/netlink: v1.1.0
  • github.com/vishvananda/netns: 0a2b9b5
  • github.com/vmware/govmomi: v0.20.3
  • github.com/willf/bitset: v1.1.11
  • github.com/xeipuuv/gojsonpointer: df4f5c8
  • github.com/xeipuuv/gojsonreference: bd5ef7b
  • github.com/xeipuuv/gojsonschema: v1.2.0
  • go.etcd.io/etcd: 3cf2f69
  • go.mozilla.org/pkcs7: 432b235
  • gonum.org/v1/gonum: 3d26580
  • gonum.org/v1/netlib: 7672324
  • gopkg.in/cheggaaa/pb.v1: v1.0.25
  • gopkg.in/gcfg.v1: v1.2.0
  • gopkg.in/inf.v0: v0.9.1
  • gopkg.in/natefinch/lumberjack.v2: v2.0.0
  • gopkg.in/square/go-jose.v2: v2.3.1
  • k8s.io/api: v0.18.8
  • k8s.io/apimachinery: v0.18.8
  • k8s.io/apiserver: v0.18.8
  • k8s.io/client-go: v0.18.8
  • k8s.io/cloud-provider: v0.18.8
  • k8s.io/component-base: v0.18.8
  • k8s.io/csi-translation-lib: v0.18.8
  • k8s.io/klog: v1.0.0
  • k8s.io/legacy-cloud-providers: v0.18.8
  • modernc.org/cc: v1.0.0
  • modernc.org/golex: v1.0.0
  • modernc.org/mathutil: v1.0.0
  • modernc.org/strutil: v1.0.0
  • modernc.org/xc: v1.0.0
  • sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.7
  • sigs.k8s.io/structured-merge-diff/v3: v3.0.0
  • sigs.k8s.io/structured-merge-diff: 15d366b
Assets 2
Loading