Edit This Page

v1.11 Release Notes

Documentation & Examples

Downloads for v1.11.0

filename sha256 hash
kubernetes.tar.gz 3c779492574a5d8ce702d89915184f5dd52280da909abf134232e5ab00b4a885
kubernetes-src.tar.gz f0b2d8e61860acaf50a9bae0dc36b8bfdb4bb41b8d0a1bb5a9bc3d87aad3b794

Client Binaries

filename sha256 hash
kubernetes-client-darwin-386.tar.gz 196738ef058510438b3129f0a72544544b7d52a8732948b4f9358781f87dab59
kubernetes-client-darwin-amd64.tar.gz 9ec8357b10b79f8fd87f3a836879d0a4bb46fb70adbb82f1e34dc7e91d74999f
kubernetes-client-linux-386.tar.gz e8ee8a965d3ea241d9768b9ac868ecbbee112ef45038ff219e4006fa7f4ab4e2
kubernetes-client-linux-amd64.tar.gz d31377c92b4cc9b3da086bc1974cbf57b0d2c2b22ae789ba84cf1b7554ea7067
kubernetes-client-linux-arm.tar.gz 9e9da909293a4682a5d6270a39894b056b3e901532b15eb8fdc0814a8d628d65
kubernetes-client-linux-arm64.tar.gz 149df9daac3e596042f5759977f9f9299a397130d9dddc2d4a2b513dd64f1092
kubernetes-client-linux-ppc64le.tar.gz ff3d3e4714406d92e9a2b7ef2887519800b89f6592a756524f7a37dc48057f44
kubernetes-client-linux-s390x.tar.gz e5a39bdc1e474d9d00974a81101e043aaff37c30c1418fb85a0c2561465e14c7
kubernetes-client-windows-386.tar.gz 4ba1102a33c6d4df650c4864a118f99a9882021fea6f250a35f4b4f4a2d68eaa
kubernetes-client-windows-amd64.tar.gz 0bb74af7358f9a2f4139ed1c10716a2f5f0c1c13ab3af71a0621a1983233c8d7

Server Binaries

filename sha256 hash
kubernetes-server-linux-amd64.tar.gz b8a8a88afd8a40871749b2362dbb21295c6a9c0a85b6fc87e7febea1688eb99e
kubernetes-server-linux-arm.tar.gz 88b9168013bb07a7e17ddc0638e7d36bcd2984d049a50a96f54cb4218647d8da
kubernetes-server-linux-arm64.tar.gz 12fab9e9f0e032f278c0e114c72ea01899a0430fc772401f23e26de306e0f59f
kubernetes-server-linux-ppc64le.tar.gz 6616d726a651e733cfd4cccd78bfdc1d421c4a446edf4b617b8fd8f5e21f073e
kubernetes-server-linux-s390x.tar.gz 291838980929c8073ac592219d9576c84a9bdf233585966c81a380c3d753316e

Node Binaries

filename sha256 hash
kubernetes-node-linux-amd64.tar.gz b23e905efb828fdffc4efc208f7343236b22c964e408fe889f529502aed4a335
kubernetes-node-linux-arm.tar.gz 44bf8973581887a2edd33eb637407e76dc0dc3a5abcc2ff04aec8338b533156d
kubernetes-node-linux-arm64.tar.gz 51e481c782233b46ee21e9635c7d8c2a84450cbe30d7b1cbe5c5982b33f40b13
kubernetes-node-linux-ppc64le.tar.gz d1a3feda31a954d3a83193a51a117873b6ef9f8acc3e10b3f1504fece91f2eb8
kubernetes-node-linux-s390x.tar.gz 0ad76c6e6aef670c215256803b3b0d19f4730a0843429951c6421564c73d4932
kubernetes-node-windows-amd64.tar.gz 8ad26200ed40d40a1b78d7a5dbe56220f0813d31194f40f267b476499fe2c5c3

Urgent Upgrade Notes

Caution: You MUST do this before you upgrade!

Before upgrading to Kubernetes 1.11, you must keep the following in mind:

Major Themes

SIG API Machinery

This release SIG API Machinery focused mainly on CustomResources. For example, subresources for CustomResources are now beta and enabled by default. With this, updates to the /status subresource will disallow updates to all fields other than .status (not just .spec and .metadata as before). Also, required and description can be used at the root of the CRD OpenAPI validation schema when the /status subresource is enabled.

In addition, users can now create multiple versions of CustomResourceDefinitions, but without any kind of automatic conversion, and CustomResourceDefinitions now allow specification of additional columns for kubectl get output via the spec.additionalPrinterColumns field.

SIG Auth

Work this cycle focused on graduating existing functions, and on making security functions more understandable for users.

RBAC cluster role aggregation, introduced in 1.9, graduated to stable status with no changes in 1.11, and client-go credential plugins graduated to beta status, while also adding support for obtaining TLS credentials from an external plugin.

Kubernetes 1.11 also makes it easier to see what’s happening, as audit events can now be annotated with information about how an API request was handled: * Authorization sets authorization.k8s.io/decision and authorization.k8s.io/reason annotations with the authorization decision (“allow” or “forbid”) and a human-readable description of why the decision was made (for example, RBAC includes the name of the role/binding/subject which allowed a request). * PodSecurityPolicy admission sets podsecuritypolicy.admission.k8s.io/admit-policy and podsecuritypolicy.admission.k8s.io/validate-policy annotations containing the name of the policy that allowed a pod to be admitted. (PodSecurityPolicy also gained the ability to limit hostPath volume mounts to be read-only.)

In addition, the NodeRestriction admission plugin now prevents kubelets from modifying taints on their Node API objects, making it easier to keep track of which nodes should be in use.

SIG CLI

SIG CLI’s main focus this release was on refactoring kubectl internals to improve composability, readability and testability of kubectl commands. Those refactors will allow the team to extract a mechanism for extensibility of kubectl – that is, plugins – in the next releases.

SIG Cluster Lifecycle

SIG Cluster Lifecycle focused on improving kubeadm’s user experience by including a set of new commands related to maintaining the kubeadm configuration file, the API version of which has now has been incremented to v1alpha2. These commands can handle the migration of the configuration to a newer version, printing the default configuration, and listing and pulling the required container images for bootstrapping a cluster.

Other notable changes include: * CoreDNS replaces kube-dns as the default DNS provider * Improved user experience for environments without a public internet connection and users using other CRI runtimes than Docker * Support for structured configuration for the kubelet, which avoids the need to modify the systemd drop-in file * Many improvements to the upgrade process and other bug fixes

SIG Instrumentation

As far as Sig Instrumentation, the major change in Kubernetes 1.11 is the deprecation of Heapster as part of ongoing efforts to move to the new Kubernetes monitoring model. Clusters still using Heapster for autoscaling should be migrated over to metrics-server and the custom metrics API. See the deprecation section for more information.

SIG Network

The main milestones for SIG Network this release are the graduation of IPVS-based load balancing and CoreDNS to general availability.

IPVS is an alternative approach to in-cluster load balancing that uses in-kernel hash tables rather than the previous iptables approach, while CoreDNS is a replacement for kube-dns for service discovery.

SIG Node

SIG-Node advanced several features and made incremental improvements in a few key topic areas this release.

The dynamic kubelet config feature graduated to beta, so it is enabled by default, simplifying management of the node object itself. Kubelets that are configured to work with the CRI may take advantage of the log rotation feature, which is graduating to beta this release.

The cri-tools project, which aims to provide consistent tooling for operators to debug and introspect their nodes in production independent of their chosen container runtime, graduated to GA.

As far as platforms, working with SIG-Windows, enhancements were made to the kubelet to improve platform support on Windows operating systems, and improvements to resource management were also made. In particular, support for sysctls on Linux graduated to beta.

SIG OpenStack

SIG-OpenStack continued to build out testing, with eleven acceptance tests covering a wide-range of scenarios and use-cases. During the 1.11 cycle our reporting back to test-grid has qualified the OpenStack cloud provider as a gating job for the Kubernetes release.

New features include improved integration between the Keystone service and Kubernetes RBAC, and a number of stability and compatibility improvements across the entire provider code-base.

SIG Scheduling

Pod Priority and Preemption has graduated to Beta, so it is enabled by default. Note that this involves significant and important changes for operators. The team also worked on improved performance and reliability of the scheduler.

SIG Storage

Sig Storage graduated two features that had been introduced in previous versions and introduced three new features in an alpha state.

The StorageProtection feature, which prevents deletion of PVCs while Pods are still using them and of PVs while still bound to a PVC, is now generally available, and volume resizing, which lets you increase size of a volume after a Pod restarts is now beta, which means it is on by default.

New alpha features include: * Online volume resizing will increase the filesystem size of a resized volume without requiring a Pod restart. * AWS EBS and GCE PD volumes support increased limits on the maximum number of attached volumes per node. * Subpath volume directories can be created using DownwardAPI environment variables.

SIG Windows

This release supports more of Kubernetes API for pods and containers on Windows, including:

Improvements in Windows Server version 1803 also bring new storage functionality to Kubernetes v1.11, including:

Known Issues

Before Upgrading

New Deprecations

Removed Deprecations

Graduated to Stable/GA

Graduated to Beta

New alpha features

Other Notable Changes

SIG API Machinery

SIG Apps

SIG Auth

SIG Autoscaling

SIG Azure

SIG CLI

SIG Cluster Lifecycle

SIG GCP

SIG Instrumentation

SIG Network

SIG Node

SIG OpenStack

SIG Scheduling

SIG Storage

SIG vSphere

SIG Windows

Additional changes

External Dependencies

Bug Fixes

General Fixes and Reliability

Non-user-facing changes