Codebase Browser
kubernetes
Go to App

kubernetes/CHANGELOG/CHANGELOG-1.25.md 

<!-- BEGIN MUNGE: GENERATED_TOC -->

- [v1.25.16](#v12516)
  - [Downloads for v1.25.16](#downloads-for-v12516)
    - [Source Code](#source-code)
    - [Client Binaries](#client-binaries)
    - [Server Binaries](#server-binaries)
    - [Node Binaries](#node-binaries)
    - [Container Images](#container-images)
  - [Changelog since v1.25.15](#changelog-since-v12515)
  - [Important Security Information](#important-security-information)
    - [CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes](#cve-2023-5528-insufficient-input-sanitization-in-in-tree-storage-plugin-leads-to-privilege-escalation-on-windows-nodes)
  - [Dependencies](#dependencies)
    - [Added](#added)
    - [Changed](#changed)
    - [Removed](#removed)
- [v1.25.15](#v12515)
  - [Downloads for v1.25.15](#downloads-for-v12515)
    - [Source Code](#source-code-1)
    - [Client Binaries](#client-binaries-1)
    - [Server Binaries](#server-binaries-1)
    - [Node Binaries](#node-binaries-1)
    - [Container Images](#container-images-1)
  - [Changelog since v1.25.14](#changelog-since-v12514)
  - [Changes by Kind](#changes-by-kind)
    - [Feature](#feature)
    - [Bug or Regression](#bug-or-regression)
    - [Other (Cleanup or Flake)](#other-cleanup-or-flake)
  - [Dependencies](#dependencies-1)
    - [Added](#added-1)
    - [Changed](#changed-1)
    - [Removed](#removed-1)
- [v1.25.14](#v12514)
  - [Downloads for v1.25.14](#downloads-for-v12514)
    - [Source Code](#source-code-2)
    - [Client Binaries](#client-binaries-2)
    - [Server Binaries](#server-binaries-2)
    - [Node Binaries](#node-binaries-2)
    - [Container Images](#container-images-2)
  - [Changelog since v1.25.13](#changelog-since-v12513)
  - [Changes by Kind](#changes-by-kind-1)
    - [API Change](#api-change)
    - [Feature](#feature-1)
    - [Bug or Regression](#bug-or-regression-1)
    - [Other (Cleanup or Flake)](#other-cleanup-or-flake-1)
  - [Dependencies](#dependencies-2)
    - [Added](#added-2)
    - [Changed](#changed-2)
    - [Removed](#removed-2)
- [v1.25.13](#v12513)
  - [Downloads for v1.25.13](#downloads-for-v12513)
    - [Source Code](#source-code-3)
    - [Client Binaries](#client-binaries-3)
    - [Server Binaries](#server-binaries-3)
    - [Node Binaries](#node-binaries-3)
    - [Container Images](#container-images-3)
  - [Changelog since v1.25.12](#changelog-since-v12512)
  - [Important Security Information](#important-security-information-1)
    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind-2)
    - [Feature](#feature-2)
    - [Bug or Regression](#bug-or-regression-2)
  - [Dependencies](#dependencies-3)
    - [Added](#added-3)
    - [Changed](#changed-3)
    - [Removed](#removed-3)
- [v1.25.12](#v12512)
  - [Downloads for v1.25.12](#downloads-for-v12512)
    - [Source Code](#source-code-4)
    - [Client Binaries](#client-binaries-4)
    - [Server Binaries](#server-binaries-4)
    - [Node Binaries](#node-binaries-4)
    - [Container Images](#container-images-4)
  - [Changelog since v1.25.11](#changelog-since-v12511)
  - [Changes by Kind](#changes-by-kind-3)
    - [Feature](#feature-3)
    - [Bug or Regression](#bug-or-regression-3)
  - [Dependencies](#dependencies-4)
    - [Added](#added-4)
    - [Changed](#changed-4)
    - [Removed](#removed-4)
- [v1.25.11](#v12511)
  - [Downloads for v1.25.11](#downloads-for-v12511)
    - [Source Code](#source-code-5)
    - [Client Binaries](#client-binaries-5)
    - [Server Binaries](#server-binaries-5)
    - [Node Binaries](#node-binaries-5)
    - [Container Images](#container-images-5)
  - [Changelog since v1.25.10](#changelog-since-v12510)
  - [Important Security Information](#important-security-information-2)
    - [CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin](#cve-2023-2728-bypassing-enforce-mountable-secrets-policy-imposed-by-the-serviceaccount-admission-plugin)
  - [Changes by Kind](#changes-by-kind-4)
    - [Feature](#feature-4)
    - [Bug or Regression](#bug-or-regression-4)
  - [Dependencies](#dependencies-5)
    - [Added](#added-5)
    - [Changed](#changed-5)
    - [Removed](#removed-5)
- [v1.25.10](#v12510)
  - [Downloads for v1.25.10](#downloads-for-v12510)
    - [Source Code](#source-code-6)
    - [Client Binaries](#client-binaries-6)
    - [Server Binaries](#server-binaries-6)
    - [Node Binaries](#node-binaries-6)
    - [Container Images](#container-images-6)
  - [Changelog since v1.25.9](#changelog-since-v1259)
  - [Changes by Kind](#changes-by-kind-5)
    - [API Change](#api-change-1)
    - [Feature](#feature-5)
    - [Bug or Regression](#bug-or-regression-5)
    - [Other (Cleanup or Flake)](#other-cleanup-or-flake-2)
  - [Dependencies](#dependencies-6)
    - [Added](#added-6)
    - [Changed](#changed-6)
    - [Removed](#removed-6)
- [v1.25.9](#v1259)
  - [Downloads for v1.25.9](#downloads-for-v1259)
    - [Source Code](#source-code-7)
    - [Client Binaries](#client-binaries-7)
    - [Server Binaries](#server-binaries-7)
    - [Node Binaries](#node-binaries-7)
    - [Container Images](#container-images-7)
  - [Changelog since v1.25.8](#changelog-since-v1258)
  - [Changes by Kind](#changes-by-kind-6)
    - [Feature](#feature-6)
    - [Bug or Regression](#bug-or-regression-6)
    - [Other (Cleanup or Flake)](#other-cleanup-or-flake-3)
  - [Dependencies](#dependencies-7)
    - [Added](#added-7)
    - [Changed](#changed-7)
    - [Removed](#removed-7)
- [v1.25.8](#v1258)
  - [Downloads for v1.25.8](#downloads-for-v1258)
    - [Source Code](#source-code-8)
    - [Client Binaries](#client-binaries-8)
    - [Server Binaries](#server-binaries-8)
    - [Node Binaries](#node-binaries-8)
    - [Container Images](#container-images-8)
  - [Changelog since v1.25.7](#changelog-since-v1257)
  - [Changes by Kind](#changes-by-kind-7)
    - [Feature](#feature-7)
    - [Bug or Regression](#bug-or-regression-7)
  - [Dependencies](#dependencies-8)
    - [Added](#added-8)
    - [Changed](#changed-8)
    - [Removed](#removed-8)
- [v1.25.7](#v1257)
  - [Downloads for v1.25.7](#downloads-for-v1257)
    - [Source Code](#source-code-9)
    - [Client Binaries](#client-binaries-9)
    - [Server Binaries](#server-binaries-9)
    - [Node Binaries](#node-binaries-9)
    - [Container Images](#container-images-9)
  - [Changelog since v1.25.6](#changelog-since-v1256)
  - [Changes by Kind](#changes-by-kind-8)
    - [Feature](#feature-8)
    - [Bug or Regression](#bug-or-regression-8)
  - [Dependencies](#dependencies-9)
    - [Added](#added-9)
    - [Changed](#changed-9)
    - [Removed](#removed-9)
- [v1.25.6](#v1256)
  - [Downloads for v1.25.6](#downloads-for-v1256)
    - [Source Code](#source-code-10)
    - [Client Binaries](#client-binaries-10)
    - [Server Binaries](#server-binaries-10)
    - [Node Binaries](#node-binaries-10)
    - [Container Images](#container-images-10)
  - [Changelog since v1.25.5](#changelog-since-v1255)
  - [Changes by Kind](#changes-by-kind-9)
    - [Feature](#feature-9)
    - [Bug or Regression](#bug-or-regression-9)
  - [Dependencies](#dependencies-10)
    - [Added](#added-10)
    - [Changed](#changed-10)
    - [Removed](#removed-10)
- [v1.25.5](#v1255)
  - [Downloads for v1.25.5](#downloads-for-v1255)
    - [Source Code](#source-code-11)
    - [Client Binaries](#client-binaries-11)
    - [Server Binaries](#server-binaries-11)
    - [Node Binaries](#node-binaries-11)
    - [Container Images](#container-images-11)
  - [Changelog since v1.25.4](#changelog-since-v1254)
  - [Changes by Kind](#changes-by-kind-10)
    - [Feature](#feature-10)
    - [Bug or Regression](#bug-or-regression-10)
  - [Dependencies](#dependencies-11)
    - [Added](#added-11)
    - [Changed](#changed-11)
    - [Removed](#removed-11)
- [v1.25.4](#v1254)
  - [Downloads for v1.25.4](#downloads-for-v1254)
    - [Source Code](#source-code-12)
    - [Client Binaries](#client-binaries-12)
    - [Server Binaries](#server-binaries-12)
    - [Node Binaries](#node-binaries-12)
    - [Container Images](#container-images-12)
  - [Changelog since v1.25.3](#changelog-since-v1253)
  - [Important Security Information](#important-security-information-3)
    - [CVE-2022-3162: Unauthorized read of Custom Resources](#cve-2022-3162-unauthorized-read-of-custom-resources)
    - [CVE-2022-3294: Node address isn't always verified when proxying](#cve-2022-3294-node-address-isnt-always-verified-when-proxying)
  - [Changes by Kind](#changes-by-kind-11)
    - [API Change](#api-change-2)
    - [Feature](#feature-11)
    - [Bug or Regression](#bug-or-regression-11)
  - [Dependencies](#dependencies-12)
    - [Added](#added-12)
    - [Changed](#changed-12)
    - [Removed](#removed-12)
- [v1.25.3](#v1253)
  - [Downloads for v1.25.3](#downloads-for-v1253)
    - [Source Code](#source-code-13)
    - [Client Binaries](#client-binaries-13)
    - [Server Binaries](#server-binaries-13)
    - [Node Binaries](#node-binaries-13)
    - [Container Images](#container-images-13)
  - [Changelog since v1.25.2](#changelog-since-v1252)
  - [Changes by Kind](#changes-by-kind-12)
    - [Feature](#feature-12)
    - [Bug or Regression](#bug-or-regression-12)
  - [Dependencies](#dependencies-13)
    - [Added](#added-13)
    - [Changed](#changed-13)
    - [Removed](#removed-13)
- [v1.25.2](#v1252)
  - [Downloads for v1.25.2](#downloads-for-v1252)
    - [Source Code](#source-code-14)
    - [Client Binaries](#client-binaries-14)
    - [Server Binaries](#server-binaries-14)
    - [Node Binaries](#node-binaries-14)
    - [Container Images](#container-images-14)
  - [Changelog since v1.25.1](#changelog-since-v1251)
  - [Changes by Kind](#changes-by-kind-13)
    - [Bug or Regression](#bug-or-regression-13)
  - [Dependencies](#dependencies-14)
    - [Added](#added-14)
    - [Changed](#changed-14)
    - [Removed](#removed-14)
- [v1.25.1](#v1251)
  - [Downloads for v1.25.1](#downloads-for-v1251)
    - [Source Code](#source-code-15)
    - [Client Binaries](#client-binaries-15)
    - [Server Binaries](#server-binaries-15)
    - [Node Binaries](#node-binaries-15)
    - [Container Images](#container-images-15)
  - [Changelog since v1.25.0](#changelog-since-v1250)
  - [Important Security Information](#important-security-information-4)
    - [CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)](#cve-2022-3172-aggregated-api-server-can-cause-clients-to-be-redirected-ssrf)
  - [Changes by Kind](#changes-by-kind-14)
    - [API Change](#api-change-3)
    - [Feature](#feature-13)
    - [Bug or Regression](#bug-or-regression-14)
  - [Dependencies](#dependencies-15)
    - [Added](#added-15)
    - [Changed](#changed-15)
    - [Removed](#removed-15)
- [v1.25.0](#v1250)
  - [Downloads for v1.25.0](#downloads-for-v1250)
    - [Source Code](#source-code-16)
    - [Client Binaries](#client-binaries-16)
    - [Server Binaries](#server-binaries-16)
    - [Node Binaries](#node-binaries-16)
    - [Container Images](#container-images-16)
  - [Changelog since v1.24.0](#changelog-since-v1240)
  - [What's New (Major Themes)](#whats-new-major-themes)
    - [PodSecurityPolicy is Removed, Pod Security Admission graduates to Stable](#podsecuritypolicy-is-removed-pod-security-admission-graduates-to-stable)
    - [Ephemeral Containers Graduate to Stable](#ephemeral-containers-graduate-to-stable)
    - [Support for cgroups v2 Graduates to Stable](#support-for-cgroups-v2-graduates-to-stable)
    - [Windows support improved](#windows-support-improved)
    - [Moved container registry service from k8s.gcr.io to registry.k8s.io](#moved-container-registry-service-from-k8sgcrio-to-registryk8sio)
    - [Promoted SeccompDefault to Beta](#promoted-seccompdefault-to-beta)
    - [Promoted endPort in Network Policy to Stable](#promoted-endport-in-network-policy-to-stable)
    - [Promoted Local Ephemeral Storage Capacity Isolation to Stable](#promoted-local-ephemeral-storage-capacity-isolation-to-stable)
    - [Promoted core CSI Migration to Stable](#promoted-core-csi-migration-to-stable)
    - [Promoted CSI Ephemeral Volume to Stable](#promoted-csi-ephemeral-volume-to-stable)
    - [Promoted CRD Validation Expression Language to Beta](#promoted-crd-validation-expression-language-to-beta)
    - [Promoted Server Side Unknown Field Validation to Beta](#promoted-server-side-unknown-field-validation-to-beta)
    - [Introduced KMS v2](#introduced-kms-v2)
    - [Kube-proxy images are now based on distroless images](#kube-proxy-images-are-now-based-on-distroless-images)
  - [Known Issues](#known-issues)
    - [LocalStorageCapacityIsolationFSQuotaMonitoring ConfigMap rendering failure](#localstoragecapacityisolationfsquotamonitoring-configmap-rendering-failure)
  - [Urgent Upgrade Notes](#urgent-upgrade-notes)
    - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade)
  - [Changes by Kind](#changes-by-kind-15)
    - [Deprecation](#deprecation)
    - [API Change](#api-change-4)
    - [Feature](#feature-14)
    - [Documentation](#documentation)
    - [Failing Test](#failing-test)
    - [Bug or Regression](#bug-or-regression-15)
    - [Other (Cleanup or Flake)](#other-cleanup-or-flake-4)
  - [Dependencies](#dependencies-16)
    - [Added](#added-16)
    - [Changed](#changed-16)
    - [Removed](#removed-16)
- [v1.25.0-rc.1](#v1250-rc1)
  - [Downloads for v1.25.0-rc.1](#downloads-for-v1250-rc1)
    - [Source Code](#source-code-17)
    - [Client Binaries](#client-binaries-17)
    - [Server Binaries](#server-binaries-17)
    - [Node Binaries](#node-binaries-17)
    - [Container Images](#container-images-17)
  - [Changelog since v1.25.0-rc.0](#changelog-since-v1250-rc0)
  - [Changes by Kind](#changes-by-kind-16)
    - [Documentation](#documentation-1)
    - [Bug or Regression](#bug-or-regression-16)
  - [Dependencies](#dependencies-17)
    - [Added](#added-17)
    - [Changed](#changed-17)
    - [Removed](#removed-17)
- [v1.25.0-rc.0](#v1250-rc0)
  - [Downloads for v1.25.0-rc.0](#downloads-for-v1250-rc0)
    - [Source Code](#source-code-18)
    - [Client Binaries](#client-binaries-18)
    - [Server Binaries](#server-binaries-18)
    - [Node Binaries](#node-binaries-18)
    - [Container Images](#container-images-18)
  - [Changelog since v1.25.0-beta.0](#changelog-since-v1250-beta0)
  - [Changes by Kind](#changes-by-kind-17)
    - [API Change](#api-change-5)
    - [Bug or Regression](#bug-or-regression-17)
  - [Dependencies](#dependencies-18)
    - [Added](#added-18)
    - [Changed](#changed-18)
    - [Removed](#removed-18)
- [v1.25.0-beta.0](#v1250-beta0)
  - [Downloads for v1.25.0-beta.0](#downloads-for-v1250-beta0)
    - [Source Code](#source-code-19)
    - [Client Binaries](#client-binaries-19)
    - [Server Binaries](#server-binaries-19)
    - [Node Binaries](#node-binaries-19)
    - [Container Images](#container-images-19)
  - [Changelog since v1.25.0-alpha.3](#changelog-since-v1250-alpha3)
  - [Urgent Upgrade Notes](#urgent-upgrade-notes-1)
    - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-1)
  - [Changes by Kind](#changes-by-kind-18)
    - [Deprecation](#deprecation-1)
    - [API Change](#api-change-6)
    - [Feature](#feature-15)
    - [Bug or Regression](#bug-or-regression-18)
    - [Other (Cleanup or Flake)](#other-cleanup-or-flake-5)
  - [Dependencies](#dependencies-19)
    - [Added](#added-19)
    - [Changed](#changed-19)
    - [Removed](#removed-19)
- [v1.25.0-alpha.3](#v1250-alpha3)
  - [Downloads for v1.25.0-alpha.3](#downloads-for-v1250-alpha3)
    - [Source Code](#source-code-20)
    - [Client Binaries](#client-binaries-20)
    - [Server Binaries](#server-binaries-20)
    - [Node Binaries](#node-binaries-20)
    - [Container Images](#container-images-20)
  - [Changelog since v1.25.0-alpha.2](#changelog-since-v1250-alpha2)
  - [Urgent Upgrade Notes](#urgent-upgrade-notes-2)
    - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-2)
  - [Changes by Kind](#changes-by-kind-19)
    - [Deprecation](#deprecation-2)
    - [API Change](#api-change-7)
    - [Feature](#feature-16)
    - [Documentation](#documentation-2)
    - [Bug or Regression](#bug-or-regression-19)
    - [Other (Cleanup or Flake)](#other-cleanup-or-flake-6)
  - [Dependencies](#dependencies-20)
    - [Added](#added-20)
    - [Changed](#changed-20)
    - [Removed](#removed-20)
- [v1.25.0-alpha.2](#v1250-alpha2)
  - [Downloads for v1.25.0-alpha.2](#downloads-for-v1250-alpha2)
    - [Source Code](#source-code-21)
    - [Client Binaries](#client-binaries-21)
    - [Server Binaries](#server-binaries-21)
    - [Node Binaries](#node-binaries-21)
    - [Container Images](#container-images-21)
  - [Changelog since v1.25.0-alpha.1](#changelog-since-v1250-alpha1)
  - [Changes by Kind](#changes-by-kind-20)
    - [API Change](#api-change-8)
    - [Feature](#feature-17)
    - [Documentation](#documentation-3)
    - [Bug or Regression](#bug-or-regression-20)
    - [Other (Cleanup or Flake)](#other-cleanup-or-flake-7)
  - [Dependencies](#dependencies-21)
    - [Added](#added-21)
    - [Changed](#changed-21)
    - [Removed](#removed-21)
- [v1.25.0-alpha.1](#v1250-alpha1)
  - [Downloads for v1.25.0-alpha.1](#downloads-for-v1250-alpha1)
    - [Source Code](#source-code-22)
    - [Client Binaries](#client-binaries-22)
    - [Server Binaries](#server-binaries-22)
    - [Node Binaries](#node-binaries-22)
    - [Container Images](#container-images-22)
  - [Changelog since v1.24.0](#changelog-since-v1240-1)
  - [Urgent Upgrade Notes](#urgent-upgrade-notes-3)
    - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade-3)
  - [Changes by Kind](#changes-by-kind-21)
    - [Deprecation](#deprecation-3)
    - [API Change](#api-change-9)
    - [Feature](#feature-18)
    - [Failing Test](#failing-test-1)
    - [Bug or Regression](#bug-or-regression-21)
    - [Other (Cleanup or Flake)](#other-cleanup-or-flake-8)
  - [Dependencies](#dependencies-22)
    - [Added](#added-22)
    - [Changed](#changed-22)
    - [Removed](#removed-22)

<!-- END MUNGE: GENERATED_TOC -->

# v1.25.16


## Downloads for v1.25.16



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes.tar.gz) | 4778dada85b833e9d3a12627fc7641343a1e83391f2e5d525adf7d1dd65d3a6b63945ad11741ea79b2f5a8bf867de49a91c80a0b96fe0cfecd011bb134e6088c
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-src.tar.gz) | 0eeec83adc0fd24bf1cf92de3c93b97b3458d3e91b01147c5218adec3185a70bcd534708de6cd418cc2d05b81263fd933de119a115b304fd3cd1fddf8bfea718

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-darwin-amd64.tar.gz) | 3ed350e314cc287afa5f985b2f350948c6a2b38250d6cda78d5638833f3d2c20ed434a6eef014d1ce8bed9b3fe6f5be1e6a3f0d9b1fb20ba195f5b686b6610a3
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-darwin-arm64.tar.gz) | 92023e473bd756b5a42e8fcab5609ea81d05c3e0111b70824e1be24cc6f1d712a41dd0ec760afed961c7d2cda41bed1c9cff1c8a30bb5a9b838cd8c01dcf7253
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-linux-386.tar.gz) | c5430be9d5a50f72c035b727685ff26226f84ea17d99686b874704f356250b10dbd1b74a008b26b75c106a2cb557fb21843cfad8549025840c30798bbde81f51
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-linux-amd64.tar.gz) | 887be87d9565ccabde80b92988318ee940d3732e07ebc028a57dda61289fa576760806bc8796fa7a8c41509f8379d3491c30dd2c5a13dca7a56d1fc4ece2aa1e
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-linux-arm.tar.gz) | be9a74664784021c31d5e582b454434219d643ea5311d200f33afec9638ccafb777954ebbb0a04ee472a7f09cbdb4ba151848ec8f9748fc8c00d2fe21b98bccd
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-linux-arm64.tar.gz) | 3ca77c574061bf0fb6fef2f27ce1e17dfbc6aab22d3929e329922528e1d81775be39fc98de9593535d97475168eff6a6cfc886daa257ece7d3b59180a0a9e58f
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-linux-ppc64le.tar.gz) | 85114b7fda1598c55fd3c5a8b280915f50963531b85501fac310189059105c014a35e9f5a7c82585f15be91ec4b6151ddc50dffa068ae78879efbf693fcfeeff
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-linux-s390x.tar.gz) | 9f0cf98f2c20348486d187e8666651f9d7f1947f2ddaddf979ef945cba511ce9d94f37f7aed3e55c8ff22cb48f9b19e01bfbcd5eb1f8ea72f1bbcf67b4f5af32
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-windows-386.tar.gz) | a77aa92e531f7e0a0e827397fb36d20352abfd9ee35ec3b9f46e8513c40fc06c08f00d0b1ee20b1000d28f1e8467cd93a2578e4239878e491f642a00f5cb6cac
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-windows-amd64.tar.gz) | 1bc9ca7307f980e7174a09b2d3a3f3c184d620a3e5676456f122335f9b289142668e203b4f079af963f6e8db1cc068d3c1a824709fa4bc62e42c30c191584e4f
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-client-windows-arm64.tar.gz) | 233599accd34db6e98ad3b44a258e8f70b97ce41e453f49d97cff6923ab4f38f5c94757108a77d7830e798475594f2be8478c692beceb9cfd45e4783e3deacf6

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-server-linux-amd64.tar.gz) | 5ca1d195fe4b938b9decae99c842911bc2ea902e55e281eeb986b5da59e64eabfa8de8a443a2dfdea03aed1f8378ab00d33a00babb3034fb879a98c41ad948dd
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-server-linux-arm.tar.gz) | e02da00d2fbd0f661fd1f664a6d28a8674023febf44ffdd8344f4eae063812dae07b663cb5a5e53f75a980fc60672498174ad544d236f9b45adfaf83d7cd373c
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-server-linux-arm64.tar.gz) | 30bf96c20c8a28e980d04d8c0868ac9c3253bf868a7b2383df4e5e27694c2570adbccc8562a9dac8e07e42f946179b9e0f6bf83b4c12acab285a441e407e9341
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-server-linux-ppc64le.tar.gz) | 88f166d5b8e94813761a1763b02e76c4b7c7fa163be2cdaf1b86ad6b64556f29a2e2313516960ae7a133c55642e8f7ffb024bf0fa72344845c56049543c5539c
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-server-linux-s390x.tar.gz) | bffa33638f9fe975d2467733b07a8e19543c890d3ed8c5c3a4b2d8a60c9d46caf0a00a5654463b25a90edde0249ace1450e962b58f9d969e99e1df66b21219ab

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-node-linux-amd64.tar.gz) | f120b00facb8a03b1e6b2a675878a673ba6faf278c5d8df5ec907b7674ed56cf6489a2d374d2d0603e4f31eccc5d9a452e965fa17ac410f48831264bc8195612
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-node-linux-arm.tar.gz) | d2a299e40184fd5d6c6de4a1a8a8345cd461330300b8b0f7eda634e2546988929b4318da68a1cc07fcdbc22f599136a37496db559ea49cdd4b98ea143cbef478
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-node-linux-arm64.tar.gz) | 46e7b6326b1b2f6da2de9048aea4cc42424e02d7f09086691eb0453d2ce36a45252c0576b19861611d78262c13812281c3e2279862b77274865a405808004750
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-node-linux-ppc64le.tar.gz) | 08c4edb1c1b732388dd7d2808129c339bd8652635ffc85a40fc633ee4a5385b3e9e4c4a1a1215b21569341000ac51784167c4cd5b5d6acf91586331388b8f23a
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-node-linux-s390x.tar.gz) | f8f24eaa0aa643e49dc6131b61b677d0e672072c38a932cdac04cd07795ef82bf6834ac83381f1c8bd1123746aec2fae86bc5442ad0c21d90d87470f9b7c781b
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.16/kubernetes-node-windows-amd64.tar.gz) | 6a4847456e31e9ecfe33c98b9873e2a81e5eacf5f0dbd4debd25fd6f866cac17d2f163434aa96a50c7dfecb0f68f356654aa76268e0fd56707a0a73ac89d1ee8

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[registry.k8s.io/conformance:v1.25.16](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[registry.k8s.io/kube-apiserver:v1.25.16](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[registry.k8s.io/kube-controller-manager:v1.25.16](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[registry.k8s.io/kube-proxy:v1.25.16](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[registry.k8s.io/kube-scheduler:v1.25.16](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.15

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

**Affected Versions**:
  - kubelet >= v1.8.0

**Fixed Versions**:
  - kubelet v1.28.4
  - kubelet v1.27.8
  - kubelet v1.26.11
  - kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"


**CVSS Rating:** High (7.2) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

## Dependencies

### Added
_Nothing has changed._

### Changed
_Nothing has changed._

### Removed
_Nothing has changed._



# v1.25.15


## Downloads for v1.25.15



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes.tar.gz) | 6871520678c03cdab86e4a2daa2eb3a75af8dc9b8054e2ce786efa6debeb98bb46681e3a096996a8832516686bcf1ec13d48b5b666ef7f1b0811712cc5a3210a
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-src.tar.gz) | 42fcdbc7fde65dfd97c0606cf0dba2854f4795d69127bec93cc9d6c7e7258353117358fc88742ac11a87a43184a537d354f864c7aef4b191cc0a0df158663a82

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-darwin-amd64.tar.gz) | 1ba3de7dffed3fb374350b8aeb83687cfe4543cc37b3c3c2c78d318c042186e50c72d457d303fc950fa05803a4260f758de8a3834a8bb5d3d3f04df7ecae070c
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-darwin-arm64.tar.gz) | f26afb76ebc5fb7fb1bac81f15f0c7e4c382c7f9f1438e63ca327c1bfcaa01addc4807cbd067f1753ce82ecf8b0335e24b49bbbf2a03ca7bc7edcb6bcf307d06
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-linux-386.tar.gz) | 6a752cc7db963a0c515111a3ee83ef229a79478f4130613def4aa4bb76fd9017f090909b92a392583a6a53cb6bef5bb52f749ba0fbf87665cf16cdef359802b9
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-linux-amd64.tar.gz) | b5b098e3060014738f687fe063bf3842cb06c7594048acb40b33325c86441f2bf5a0373f0b7ca721f4e0c9e70a3201540747d83bbe6f8b98e180b44629a94443
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-linux-arm.tar.gz) | bada4d45443277f4378ede281e85f13c19c40b95e1d2787ce9cfcc387014c36da7e8be2a6c552ca907472aafb27641fa04d16fa9cec98ad4250def7a6e83b1e7
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-linux-arm64.tar.gz) | 76de56fcfc29b57e29265a6217e5a958208d8967c65517f17aceab0fc2b77a99f779f96b7e5651b932782e42c95d2346d6bc5768f68bd85294347fce9e0f07ee
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-linux-ppc64le.tar.gz) | 18364a4901843228a8627d137768217830c6e5ce4cb4af5dde34df24b1cd7b1007f48dda7977323d75422c66741a1e6df46f4aaa30da75a8c1d538957722a453
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-linux-s390x.tar.gz) | fc6c20bb932e24fc79fda41be2eed12915c510ace17bf6378378b9a994daf38461f694ac6894af0390720e3130d1fc9fc57dc29fda92ac367e294105d74c4d13
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-windows-386.tar.gz) | 1ee87cdeb421a86e50d14428309425bf45324b00c54ee336ad419a597e82efab21959f32b46c55716d6b2cb20a652b00df3c5902fea3f30d492859659dc405a7
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-windows-amd64.tar.gz) | a68f9ce70385225be174df2ffe8ef744af5de817e1b965d042e00a51c9a1d683208c4841302f2239cf0fad9f5b3dc75a43bab4ca2dd06888cc0d990d59313022
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-client-windows-arm64.tar.gz) | 0c9af476790947f715a4179952a0c03bb4c7e37ab7b13d0927d87b295a185fffbb997def5a3f0dd159b32b714ed1700425c64c8ce60ce65b8691a9bd7469076c

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-server-linux-amd64.tar.gz) | 7531e4516efbfd3f217a34860a737606d3f098b186736de8de864aae7037a67416905c585ae3df56b167f7c7fa38a82f05cc6268e37afa9a7335a7e4126f381e
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-server-linux-arm.tar.gz) | b1c89432094435666611577177a4900eaf7e7f7fd0cad0327b642cf040a33b53218ec92977bcca8530f3cea40fb54d7fd87371811924c2f735c9f0046541e625
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-server-linux-arm64.tar.gz) | 0f1cb1cf7e6c1be6a08de042a0677429b83114e0bf8686b017b428978d48e7f7c9f90482744430abb0b5919d3470aadd670592324259ce9a16a362646f1680b7
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-server-linux-ppc64le.tar.gz) | 3acbc9635350484ad938bc8926ae294cff5fb2911c16fb59426a4a97c22bd157485aeb5d8bcf51f8543b0067f1893e4edf225d56a4854a09656af06bf9404c5c
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-server-linux-s390x.tar.gz) | 5a2dc4d99627d1b6836bdd340144766674865fcedcc1d994aa3f96db9dc19ec3b01eea2eb0eead6ee9fbfa9161d52a81afe1e803910a9f3aad321d4a90f7223a

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-node-linux-amd64.tar.gz) | 09cf4cc4dce2eb753a52579379a851446ccd2604e73cfb8168d235d554e952bfa4ea1d2c3de96b7f286b3cff63e673de1354ea158ce69b52521efddd051268e7
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-node-linux-arm.tar.gz) | 1a6014e521c7691621fb10b2eb2697c671b76652b702cb8c8cabccce6d37fe5f39c8faf7284779f2f06096c543e1d880b704b0181bd1ff9969d67e1b95b383b7
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-node-linux-arm64.tar.gz) | 4c4176cb9a6401764d771b6b01d8f601163942fdb46e16e062ec0c1cea9e9318ebc9635d5755848ef03b67a6c4f72d4ca199bd6a7f0a531d0d421ecc8ab1951a
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-node-linux-ppc64le.tar.gz) | e0c77fb0f0a4097a95b72a7dbf579b6a519fe6b0ad04083d3ecdaa327f4c0479d259eb37b09a489aa3d3777bc9f39d19fe924d9d8fef883c431874a4bc160687
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-node-linux-s390x.tar.gz) | f37c39adab7bbd1935cfb912da9036d0769a561a3d5937fdc67e064a1f85dbeb19824b31309f2493a1d37a4b9d9b5caf6e19a873901a8ea05e0da19493525bf2
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.15/kubernetes-node-windows-amd64.tar.gz) | ed3553437414b71cb2e4044555837266bd356a9015a95100817b30082fd3c98d904d1c065f0288238b80e58b5f29feb07a1a9d25203fbe9f83f38d0af06c3831

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[registry.k8s.io/conformance:v1.25.15](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[registry.k8s.io/kube-apiserver:v1.25.15](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[registry.k8s.io/kube-controller-manager:v1.25.15](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[registry.k8s.io/kube-proxy:v1.25.15](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[registry.k8s.io/kube-scheduler:v1.25.15](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.14

## Changes by Kind

### Feature

- Kubernetes is now built with Go 1.20.10 ([#121150](https://github.com/kubernetes/kubernetes/pull/121150), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]
- Kubernetes is now built with Go 1.20.9 ([#121022](https://github.com/kubernetes/kubernetes/pull/121022), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]

### Bug or Regression

- Adds an opt-in mitigation for http/2 DOS vulnerabilities for CVE-2023-44487 and CVE-2023-39325 for the API server when the client is unauthenticated. The mitigation may be enabled by setting the `UnauthenticatedHTTP2DOSMitigation` feature gate to `true` (it is disabled by default). An API server fronted by an L7 load balancer that already mitigates these http/2 attacks may choose not to enable the kube-apiserver mitigation to avoid disrupting load balancer → kube-apiserver connections if http/2 requests from multiple clients share the same backend connection. An API server on a private network may choose not to enable the kube-apiserver mitigation to prevent performance regressions for unauthenticated clients. Authenticated requests rely on the fix in golang.org/x/net v0.17.0 alone. https://issue.k8s.io/121197 tracks further mitigation of http/2 attacks by authenticated clients. ([#121201](https://github.com/kubernetes/kubernetes/pull/121201), [@enj](https://github.com/enj)) [SIG API Machinery]
- Fix a bug in cronjob controller where already created jobs may be missing from the status. ([#120649](https://github.com/kubernetes/kubernetes/pull/120649), [@andrewsykim](https://github.com/andrewsykim)) [SIG Apps]
- Fixed a 1.25.12 regression where kube-controller-manager can crash when StatefulSet with Parallel policy and PVC labels is scaled up. ([#121187](https://github.com/kubernetes/kubernetes/pull/121187), [@aleksandra-malinowska](https://github.com/aleksandra-malinowska)) [SIG Apps]
- Fixes a bug where Services using finalizers may hold onto ClusterIP and/or NodePort allocated resources for longer than expected if the finalizer is removed using the status subresource ([#120657](https://github.com/kubernetes/kubernetes/pull/120657), [@aojea](https://github.com/aojea)) [SIG Network and Testing]
- Fixes creationTimestamp: null causing unnecessary writes to etcd ([#116865](https://github.com/kubernetes/kubernetes/pull/116865), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery and Testing]
- Revised the logic for DaemonSet rolling update to exclude nodes if scheduling constraints are not met.
  This eliminates the problem of rolling updates to a DaemonSet getting stuck around tolerations. ([#120792](https://github.com/kubernetes/kubernetes/pull/120792), [@mochizuki875](https://github.com/mochizuki875)) [SIG Apps and Testing]
- Sometimes, the scheduler incorrectly placed a pod in the "unschedulable" queue instead of the "backoff" queue. This happened when some plugin previously declared the pod as "unschedulable" and then in a later attempt encounters some other error. Scheduling of that pod then got delayed by up to five minutes, after which periodic flushing moved the pod back into the "active" queue. ([#120334](https://github.com/kubernetes/kubernetes/pull/120334), [@pohly](https://github.com/pohly)) [SIG Scheduling]

### Other (Cleanup or Flake)

- Etcd: update to v3.5.9 ([#118077](https://github.com/kubernetes/kubernetes/pull/118077), [@nikhita](https://github.com/nikhita)) [SIG Cloud Provider, Cluster Lifecycle and Testing]
- Fixes an issue where the vsphere cloud provider will not trust a certificate if:
  - The issuer of the certificate is unknown (x509.UnknownAuthorityError)
  - The requested name does not match the set of authorized names (x509.HostnameError)
  - The error surfaced after attempting a connection contains one of the substrings: "certificate is not trusted" or "certificate signed by unknown authority" ([#120765](https://github.com/kubernetes/kubernetes/pull/120765), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) [SIG Architecture and Cloud Provider]
- Set the resolution for the job_controller_job_sync_duration_seconds metric from 4ms to 1min ([#120670](https://github.com/kubernetes/kubernetes/pull/120670), [@mimowo](https://github.com/mimowo)) [SIG Apps and Instrumentation]

## Dependencies

### Added
_Nothing has changed._

### Changed
- github.com/vmware/govmomi: [v0.30.0 → v0.30.6](https://github.com/vmware/govmomi/compare/v0.30.0...v0.30.6)
- golang.org/x/crypto: 3147a52 → v0.14.0
- golang.org/x/net: v0.8.0 → v0.17.0
- golang.org/x/sys: v0.6.0 → v0.13.0
- golang.org/x/term: v0.6.0 → v0.13.0
- golang.org/x/text: v0.8.0 → v0.13.0

### Removed
_Nothing has changed._



# v1.25.14


## Downloads for v1.25.14



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes.tar.gz) | bd7cee7ac797ea79f9799e85ea82cdfa3f1c813e1aa3b10d0862f21b5c2eaba6640516157fdfba5d3640f8f480c3dc929cc1e7c751b77bb0325bcfbc15660962
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-src.tar.gz) | b7479a8d5b13810129c9018c51ff3ee5a4a5581aa81f169f74021c3e3da4182d0c7a97cc068f5bfae51aeef3a57d6f6bbb4a8629f7f9851e8143acd3718a6e2a

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-darwin-amd64.tar.gz) | f870f01b48ec33c86c9343f731ae53cb4aba1e98e470199d632768f159053c7fdb881e382d7b55adf41bb46156b57c53d7a493261fdb12391578efd8a9b93214
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-darwin-arm64.tar.gz) | 696c5ec6b7dd127d4cf5093eac29255e258000d8794b87b2b9270cf85a39eb09b455982141f75923cd2195bde004a5d574aa575a4c234e4e062551d1e0b320e7
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-linux-386.tar.gz) | 69bfc6e412a4f891e47be1cdb7ed7ffc403f3cf1a28834967676ebf9dd845f2f9d6881ced81897cc20ef70a0e300fff18812bcca41b8ac911988ab9a22b1b678
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-linux-amd64.tar.gz) | a545ff1486658255f24a65c067277b2341a0f0414671eee2b1e6b14561b74273a19ea367228eb1b95b8881b953a42c346655b7cb249e7062ab5a7bd91f89f2bd
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-linux-arm.tar.gz) | f9aebfccbc5dea0eb5fb0bb422d73f05f2cc49a385c54c5a0cf893dcb4f4284f2deb0c60ac6f016a4a670ad4efd79a4962ba59273849d472e39eec18fd1cfa4c
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-linux-arm64.tar.gz) | f7c50de7a9fd25e8045dc9bdefb3a51809a0bfb7a8fa71f90fd9ba4783a133bd8faa3bf11af80178b2cdf537d0640c118f934634eecea1b8cc6d73f0b6c6515d
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-linux-ppc64le.tar.gz) | dff3f42e1c8b04fdbafcc0cee7b14e05f56a35ec175b528ff12d2c7f838716017d6f9dca554bb46a7de831d2066ea3bc8702ec2b68fa8afe3579bcd41ed9f95a
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-linux-s390x.tar.gz) | ad5900e2355a5c6dbd7b4ae09b3f6e2443fc3b3178e8e8b6a1d0c5de62bf1ed58cffb8cb714d06a80dd8aeabb1f967ee540daa3de47c8245a9884175fb709d5f
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-windows-386.tar.gz) | 4e2a159b65708c4063d6acce8ba07546bd8f45a14315ed7885d9f20dd281c45987be97eec95c7d5d4523b6337eeca4a74a7598fb2c351ca52f52bf5755b20cee
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-windows-amd64.tar.gz) | e428049515f5700a4d6b9edc2b35ffc295a753ec1f6ba04700c68cef2c5f34ee43bd165fab6fa1d15b8ccda2bdec676b9b70fb57d55a8a1d4c48e07aca058186
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-client-windows-arm64.tar.gz) | fc718e8b96dfec640e3b84ff9d2ab35a812060b4804e32435230139f1915789d493ebfdc18fd0b5c4426d28ac4c6cb9e4e27100c064f6cc3e652b67807a1f19c

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-server-linux-amd64.tar.gz) | d9bb3eefe2868b60d73064b3d2feaf3405e11276507a59bf1a8ee5b656a048e945b46fe4c2a652764e2540928b6457530e0c78f389afe13b2cc981d068aeb3ef
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-server-linux-arm.tar.gz) | 67b2a97f491294004cf7151e3d6e5298b31b71e53a80f0503cad4d02fafaaf250a8ef53ff9733a96e629caacfc0c4a2177c883334b554ba970969348c7868987
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-server-linux-arm64.tar.gz) | 7e9229b1b94a97d47cfd8b9968743120c347d0e4b433e9bd535bc10108baf7e2a6f29d7b5c370aea1430799404b70d467258e350cfd771054f22ccf7f7811199
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-server-linux-ppc64le.tar.gz) | 4bf3ad8558a68048a78ad1a6ec7f52a6af8fa6a929233e76debbf1b0bfb883b72d5fd4d2528c20745c31ee72b78c897a884fb3de9cd01acc64218efd4eaec417
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-server-linux-s390x.tar.gz) | c7a0c14265a82d0ed6c00f1cac427d4e6ba0afaf045149c212e62fa7f177482ce2bd74d364420192d6d12014cda8913c68318bfe53cbefb640952d52f665d6cb

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-node-linux-amd64.tar.gz) | 878478d29f4c7dbe3bef15c483f81cad829facc8b640e96a224f849f7437bb154b9700f130a76fac22a764ecea6060d629ea0f8749b32920412080e165237126
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-node-linux-arm.tar.gz) | bae57eddf98d3d7f0efd187238a538fd79c184c9ec6d66c0ffa406af4773284c892ffabd7f4f29b7d56ed5f543c21732d8cb76cc004847a2a7c8f1c2760766c6
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-node-linux-arm64.tar.gz) | 900ad33636733498dfac78e2e6d052eed974cd4d68cd07f563b902d093ba9bf87b5921d8e0658d19e4ff8c4eb1d5629aaee3b2f8a80fe08d0efab3cffd707d2d
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-node-linux-ppc64le.tar.gz) | 08f7d1341899073546065e40d7ec406fd74cf5f1558e0c455f46c05c88da2d86b28be7f107b215dd8faa083dea412bfd5a8dc34d2f62814054fe53e33e1e9b4d
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-node-linux-s390x.tar.gz) | de4962563b9bef393e519eb4ea2c84e4cfb1c17c551a61647446f513c5cecda19c15c1514b4109fdb9c1b33afb48785ae8ccbd5445aa04fb74556fd9b301e4e2
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.14/kubernetes-node-windows-amd64.tar.gz) | f48f4bda057f0c0745145c27358134c072a4fa269e03da6e5dfe861f6b59bed2a956f5e39a1c5f68cb6c36e7ef38af6153a5c4769be5ddc1f9acbda012c17b3e

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[registry.k8s.io/conformance:v1.25.14](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[registry.k8s.io/kube-apiserver:v1.25.14](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[registry.k8s.io/kube-controller-manager:v1.25.14](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[registry.k8s.io/kube-proxy:v1.25.14](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[registry.k8s.io/kube-scheduler:v1.25.14](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.13

## Changes by Kind

### API Change

- Mark Job onPodConditions as optional in pod failure policy ([#120211](https://github.com/kubernetes/kubernetes/pull/120211), [@mimowo](https://github.com/mimowo)) [SIG API Machinery and Apps]

### Feature

- Kubernetes is now built with Go 1.20.8 ([#120497](https://github.com/kubernetes/kubernetes/pull/120497), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]

### Bug or Regression

- Cherry-pick #115769: Fix the problem Pod terminating stuck because of trying to umount not actual mounted dir. ([#119832](https://github.com/kubernetes/kubernetes/pull/119832), [@cartermckinnon](https://github.com/cartermckinnon)) [SIG Node and Storage]
- Fixes a bug where images pinned by the container runtime can be garbage collected by kubelet. ([#120056](https://github.com/kubernetes/kubernetes/pull/120056), [@ruiwen-zhao](https://github.com/ruiwen-zhao)) [SIG Node]
- Fixes regression in 1.25.10 causing running pods with devices to be terminated if kubelet is restarted ([#119707](https://github.com/kubernetes/kubernetes/pull/119707), [@ffromani](https://github.com/ffromani)) [SIG Node and Testing]
- Ignore context canceled from validate and mutate webhook ([#120017](https://github.com/kubernetes/kubernetes/pull/120017), [@divyasri537](https://github.com/divyasri537)) [SIG API Machinery]
- Kubeadm: fix nil pointer when etcd member is already removed ([#120013](https://github.com/kubernetes/kubernetes/pull/120013), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]

### Other (Cleanup or Flake)

- When retrieving event resources, the reportingController and reportingInstance fields in the event will contain values. ([#120065](https://github.com/kubernetes/kubernetes/pull/120065), [@HirazawaUi](https://github.com/HirazawaUi)) [SIG Instrumentation]

## Dependencies

### Added
_Nothing has changed._

### Changed
_Nothing has changed._

### Removed
_Nothing has changed._



# v1.25.13


## Downloads for v1.25.13



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes.tar.gz) | 950e8389ce4113297aa7c2b9fb4fc47988be1a270bef7f3f3e9b1fff8b09d11dd1cb01434a387bba7405f9934942719997c44690e8fa7ecd491e88f29d835924
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-src.tar.gz) | 841ca8a138aa949052f7c1a854ecf82d83007ec4c08b878f6e3dec5f36862a2fbf00245518dfe41cc5288a2fbc0f7899fb0b8c673bbabdc915971239b82cd3d0

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-darwin-amd64.tar.gz) | f897f826335abfa46ae4f6db338bccd3fd7defc41a983cddd8e09f5cbe84497c254466092b42b6d19b6792567d9dda57638595ed9c19b892ea9195685f5acdbb
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-darwin-arm64.tar.gz) | 2a8b6c79ca2414fb711ede8d4a1ecba2501106d9c28d4ad2b3ceb16b02b8310a38c957942a893f4ce8a59fa5935127974e9eb42c11471b8a5b375d5e8f955d8c
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-linux-386.tar.gz) | 3a3b0491a6c975b3e0f727b6529c40a36bcc61699fc3e964e39d595749c52ed38c8c5199b2b53f12aa7dfe5570b4fda8b86c2dd826c791d75d41b928dbc87a76
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-linux-amd64.tar.gz) | 621b0e8c737a54d84aebfa516ac0b5b175c91eea1af2792b83dd6870b2569032980e447a51798467c2b8b4fbf61c974aa640e457b297319e98184da358abd2a6
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-linux-arm.tar.gz) | 0527a2c97878fbc9db3a7014fefd75a391544a3552cc8eb13c7a6f68c0ea7bf2cd9db13a900114f4afbb950affce3e28aea43cb82a714f2b6695bf709a22c4b0
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-linux-arm64.tar.gz) | 8bfae3a7c6a77fc861bb9180c19325c062d52f4db350791396eaeab496f7cadc4634c37f37850ce254b151156ddfc4aab40fcbf1bd5ca19c2c1d58cc33d70e94
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-linux-ppc64le.tar.gz) | ab0e8cf03cbb144ae359c697263ed1788939ed09953685eb3b11d08462347cdbcf1586a79a0fd7c1926ec1c15782767d4568ba3d7fbd9d0ced3b9366e93bbfdd
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-linux-s390x.tar.gz) | 56ea73b7634f0ad4ed94ef05897d1a9ce40fc4fb1e9f563ece87f16b9357bbc797cb4f1cac6c56da87833e5f53b76a2bb53bb0420e4c7a0c24943fa3d85b716a
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-windows-386.tar.gz) | 03fec1783464e20bbae04d31c65ec3ac1b1455fa0924b8c6e84333ba141ed99ab0e24611382b68908dfd5e90cc925551ae880aef982837224e967002a08063f1
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-windows-amd64.tar.gz) | 9a11606a417206bca2d777c65e9f51e1ff38a6960c074a4c22f702ec08f29b564dea19ad9733a9ef2238df332f39dd74941af3ec19d551739ae5d82c7c06c740
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-client-windows-arm64.tar.gz) | a09ae6253ffd5227408117bcec5e2b922c60f57b1db2ee37d79d175a33f85e671fe960f69ed280c871ae8ff1bcf5707e04f63507d85b8ae5f1f8f532d5df8365

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-server-linux-amd64.tar.gz) | ad25eb2aa2e0df40876c5ee4f27d8fb422b138a0a6ad6d867bfcd54038229a91f63ab5d8c0edbd5ba9a85734796c72f97d5d400c8a2f825d0c8ab63d9136e883
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-server-linux-arm.tar.gz) | 36b47746359653282ca02780dd25ee3858e19a0a0e9d7b45dc2638b05e4d063fad9a1c46ee50470e19756971205858a8fef661c5c93933c137ffc905d3a8f0b1
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-server-linux-arm64.tar.gz) | 03dcdc966d7d5255d2f1fdb166f69fd3cd2a3285150f40c63bd7b6498ccf969572b7117aaf1951395c4f397bbc0d1b0148881a3950388bcd82e315bcfc9ef97c
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-server-linux-ppc64le.tar.gz) | c78062f340900921d24034b324776a35d6f9fba4b19ef9b4a5f4b7e2ecbf9c6e2b52ec84926b99550ea87da6cf9318b6af9d4c0f19ec5a76f053703f8acb4b54
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-server-linux-s390x.tar.gz) | 71f7bd24b99f703486977a50238b5ae1d925ce92ddc5a29d7301a590d267db70191f1f8449b5e14122496e204d090c875bc1ab298178acf2f6b288bd40dc941d

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-node-linux-amd64.tar.gz) | 4c24d74ba435ccd9079da19476fcf3fb3771915603e187a6791d8e32a2736946d400816ac5b1e174187c77ba20889acc11acf4b9187c3c8bb2e27cf89b9ebe97
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-node-linux-arm.tar.gz) | 96eb22ab7957952552a45a28aaa5901ecc2b7deea1832bcc877e2e88e787a7ca06daaee870307a3ade02e2d764388216d47fbadc9fe5a1fac95c2a1cd4d38c42
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-node-linux-arm64.tar.gz) | 91d80f10b04e7d8734e9f508f2e5935d9d000ae5503f36ef26a832a254a8c092000b0cc04b8f1126939b78c1f1761b243cbb7818be4990ad9cfec8b9c6e925fb
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-node-linux-ppc64le.tar.gz) | 6449652501588f86d500dc2d53a0d89435003db74466b851aacb500e3a07ddbd2c4f61ea8064240cdbdee83faedccae38ada66ff083cc9701503fe40ad65eec5
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-node-linux-s390x.tar.gz) | 59929f0520afd8824a8fbbf7587466d55a8d1202978b6a555cc5ccfc74c49e1969d6eecaa7dbd17f14b7cc778083bfe0eae14ef8798f66c80ee5e000eac9de01
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.13/kubernetes-node-windows-amd64.tar.gz) | 39510d6da1bec049f0021f5854c62256105da903555c90961d8bb3c43e019c68691a7d79209afb6c66811eb19448be7f76b0dd570ad6a65b192a83569083a099

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[registry.k8s.io/conformance:v1.25.13](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[registry.k8s.io/kube-apiserver:v1.25.13](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[registry.k8s.io/kube-controller-manager:v1.25.13](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[registry.k8s.io/kube-proxy:v1.25.13](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[registry.k8s.io/kube-scheduler:v1.25.13](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.12

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

**Affected Versions**:
  - kubelet <= v1.28.0
  - kubelet <= v1.27.4
  - kubelet <= v1.26.7
  - kubelet <= v1.25.12
  - kubelet <= v1.24.16

**Fixed Versions**:
  - kubelet v1.28.1
  - kubelet v1.27.5
  - kubelet v1.26.8
  - kubelet v1.25.13
  - kubelet v1.24.17

This vulnerability was discovered by James Sturtevant @jsturtevant and Mark Rossetti @marosset during the process of fixing CVE-2023-3676 (that original CVE was reported by Tomer Peled @tomerpeled92)


**CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)


### CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

**Affected Versions**:
  - kubelet <= v1.28.0
  - kubelet <= v1.27.4
  - kubelet <= v1.26.7
  - kubelet <= v1.25.12
  - kubelet <= v1.24.16

**Fixed Versions**:
  - kubelet v1.28.1
  - kubelet v1.27.5
  - kubelet v1.26.8
  - kubelet v1.25.13
  - kubelet v1.24.17

This vulnerability was reported by Tomer Peled @tomerpeled92


**CVSS Rating:** High (8.8) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### Feature

- Kubeadm: generate CA certificates with a start time that is offset 5 minutes in the past relative to the current system time to workaround cases of clock desync.
  client-go: allow to set NotBefore in NewSelfSignedCACert() ([#119115](https://github.com/kubernetes/kubernetes/pull/119115), [@champtar](https://github.com/champtar)) [SIG API Machinery, Auth and Cluster Lifecycle]
- Kubernetes is now built with Go 1.20.7 ([#119836](https://github.com/kubernetes/kubernetes/pull/119836), [@jeremyrickard](https://github.com/jeremyrickard)) [SIG Release and Testing]

### Bug or Regression

- Fix Topology Aware Hints not working when the `topology.kubernetes.io/zone` label is added after Node creation
  - Fix a data race in TopologyCache when `AddHints` and `SetNodes` are called concurrently ([#117267](https://github.com/kubernetes/kubernetes/pull/117267), [@tnqn](https://github.com/tnqn)) [SIG Apps and Network]
- Revert kubelet prober metrics `pod` tag to include actual pod name ([#118549](https://github.com/kubernetes/kubernetes/pull/118549), [@a7i](https://github.com/a7i)) [SIG Node]
- Update kube-apiserver's priority & fairness work estimator such that 'max seats' is MIN(0.15 x nominalCL, nominalCL / handSize)
  
  This fixes a bug where clients with requests using hand size x max seats greater than the nominal concurrency limit can starve other requests in the same priority level. ([#118601](https://github.com/kubernetes/kubernetes/pull/118601), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery]
- Update the Event series starting count when emitting isomorphic events from 1 to 2. ([#119376](https://github.com/kubernetes/kubernetes/pull/119376), [@dgrisonnet](https://github.com/dgrisonnet)) [SIG API Machinery and Testing]

## Dependencies

### Added
_Nothing has changed._

### Changed
_Nothing has changed._

### Removed
_Nothing has changed._



# v1.25.12


## Downloads for v1.25.12



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes.tar.gz) | 2f9ca81fc45ac2c3b3dfbe922e295f4d85aa8e7e2fdc87dd9814e96d9646b275024cbdadc54f7498d4b46cf157faa70b0d62e3ce04f6d25aa1affcff115c8ded
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-src.tar.gz) | 9ecaa0446b4f1d22b20c50dde823ac67cdfaf437b8e49b0ac44c55e3c5b0bf4127bb2e9c7e23528cce015eed66cb0842e1aece2a2bcadfef3a77085f7f5e1610

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-darwin-amd64.tar.gz) | 06b2e81277adc945a54351f8fc7f49109edf144d4ef5138311690c4f7dc8c55c7d153bb9fba66bdb03d9b47b187a613e13e587c4adb490df245b7ec8a6f786fe
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-darwin-arm64.tar.gz) | 47c5d17e83dc2cc990bc98c5f402d1cf5a8afea15eb419189defffb77d1a93e7cffe1eb846619904e5f51fc69bd0ddef13cede7edee821cc96bec7d4c57a98b6
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-linux-386.tar.gz) | ddc6c1ccb6e03b126a512f5ef0e2c17c92fc3ca6baeff37300ea1505b7991af9fff7bcfe2e3046b286dca1e3472f0c975f1dffd22be70120a4b6a160652ef80d
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-linux-amd64.tar.gz) | 7e86060e701a1c8d69518143b49d03ad49decacb89291df83f0b5d9a541f5d6a1d8a8c8c0f7988815ed8092c54165edfe750bd37a219717bf60b782efaf52b30
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-linux-arm.tar.gz) | 254dc773082612d4dc01a013db3e6053f9272b3616b3dc4a2146fdea9b75b71e2cf174b1c374d5975f3ea67e94704f526c82b09de5ca1ec689d1632c782b2ca5
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-linux-arm64.tar.gz) | 1c4c52f418029fc0209e53bba7279d6cceaec44d8b16bc11a990b7e83776cd255a3b70255950a128123ba0ce98e836a75069325ec8f8b516f6fe9a94ab615d56
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-linux-ppc64le.tar.gz) | 172131eac50f93d2dc1d2adacbb1e0f3a227bdaf7828f426cc759f1452be17c195fc590858997c8c2ad336c9f6e2a83ae0fa3c36200417f2098534fa76239294
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-linux-s390x.tar.gz) | d09cc7e23326e9f5161f9b33a88ba31467b97a4bfef0ffca2efa691f5967de653b56bf4921fa034e6d045ef85ec43dfeda898125eeef112904030f477b3208b9
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-windows-386.tar.gz) | b5060c5213dc8a893bc6bf95b8632c5aa643ee423032403cadd14f3fced1764cdf8c964d32d2d7e6dcfc0837a7774051a93ce583955e8870ce6b7ff580bc4b13
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-windows-amd64.tar.gz) | ee91f87e8e53dadb13a9d598d68166929b97e161752314d1c6e0d3c3f61bf62b5e371d1c206045af93a1c287892b9a3d7bec1ed56b96e1ff5cc65f3840d1fa9d
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-client-windows-arm64.tar.gz) | 64b4a89bdd44bf7352aefb407183bd8fe2af83c1a89338ce15faad3e2d766a4dba77a0c5ec04cf188f4c6c07ed7ddfaa643d1e4d8e1eb12cfe2af003d3c9c21e

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-server-linux-amd64.tar.gz) | f93c5f61fdf79260c7374c6dbcafe3db5e1d025428df59b7449e194f3a0da9095a5a152394301d80c8c9bfeffbbaf825dd6b191d83d1f2be8d23f11e614675b4
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-server-linux-arm.tar.gz) | 1d327aa2da53310001cf30965d2355a4d3d7dbf348ddd7b9fee701b858052c1575bd5576a4aa02ae8855140d2c4b27668db6a647edca482148ad3962323ebe66
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-server-linux-arm64.tar.gz) | e173e0e6d1d6dec15e49e014290c95b8d87cce1143ae2f628f0b874dbed1eaea1c06f0d060a945869d37df1532c114a5a068a6e072112a6e9f74de658822f483
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-server-linux-ppc64le.tar.gz) | d1f4a0414430cc056bb15df9dcd78a1b88e18597a3f58feebcc6de73316643a2173603238f4223a24ee013430cd8bd412682359f103c4cf33007145f1ba55076
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-server-linux-s390x.tar.gz) | 40aa735dce3dff96d615db06927ef52d506da62c1f257d26af91a0f8634f5770690dd54e9d4aa846bb51f8a30d756dd3442190d189a876d000be168e8c71498b

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-node-linux-amd64.tar.gz) | 178ab16d39f1ed7a1d342a6ad800eb98de365d75c39a7fd9f4621abc49e40560be3c428a0a2e499308fbc3cef859648a001863bb028ee8e702d56486f3409971
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-node-linux-arm.tar.gz) | 5cf2b85e7da7c8866b4f77ae7e229a32575810ee0379bc73832afd6ab3f9e878abce2b884e968efc07508dbb1505f6f4543efc8332169c1aae8e182a8266aa45
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-node-linux-arm64.tar.gz) | 19b731c92ef559d9f5b6f1403cb8da6339810fce89e0b79401d415b0ee0abc353b2a413c14ee33483baf9a1535aeb4848f114af5b1015ce6894c4bf1e87b1ee7
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-node-linux-ppc64le.tar.gz) | 6427158757354dda589c439354e51a089765ab9760211462cfb905f612e4cb6ac92d928e6523096a7320a3619dae4b6c8e031dd6f407ff0cea58b98d6cdb07d6
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-node-linux-s390x.tar.gz) | dcf22cff0895c321ea1430cde750a52174eb97adbf3ada4ff6bd1ecd7b631d395ddc14f91bfc1a704bdd31b8e3083f4bf292c068b77ea1afcd4fc633070b6d92
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.12/kubernetes-node-windows-amd64.tar.gz) | 09fb6bd18d2c8a14ebae1aed0eab55cb78038de8970b2c943106bc57bc42014e46ec7abe0a49562f4863b8aa8975782f55b3cc3ad4fc01437886ef1b7cb980dc

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[registry.k8s.io/conformance:v1.25.12](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[registry.k8s.io/kube-apiserver:v1.25.12](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[registry.k8s.io/kube-controller-manager:v1.25.12](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[registry.k8s.io/kube-proxy:v1.25.12](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[registry.k8s.io/kube-scheduler:v1.25.12](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.11

## Changes by Kind

### Feature

- Kubernetes 1.25.x is now built with Go 1.20.5 ([#119202](https://github.com/kubernetes/kubernetes/pull/119202), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]
- Kubernetes is now built with Go 1.20.6 ([#119368](https://github.com/kubernetes/kubernetes/pull/119368), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing]

### Bug or Regression

- Fix component status calling etcd health endpoint over http which exposed kubernetes to the risk of complete watch starvation and is inconsistent with other etcd probing done by kube-apiserver. ([#119039](https://github.com/kubernetes/kubernetes/pull/119039), [@serathius](https://github.com/serathius)) [SIG API Machinery]
- Fix cronjob controller handling of complex schedules, like "30 6-16/4 * * 1-5", for example ([#119137](https://github.com/kubernetes/kubernetes/pull/119137), [@kmala](https://github.com/kmala)) [SIG Apps]
- Fixed a performance issue where pods weren't created/deleted in parallel for a StatefulSet with podManagementPolicy: Parallel. ([#119224](https://github.com/kubernetes/kubernetes/pull/119224), [@aleksandra-malinowska](https://github.com/aleksandra-malinowska)) [SIG Apps]
- Fixed vSphere cloud provider not to skip detach volumes from nodes at kube-controller-startup. ([#117243](https://github.com/kubernetes/kubernetes/pull/117243), [@jsafrane](https://github.com/jsafrane)) [SIG Cloud Provider]
- Kubeadm: explicitly set `priority` for static pods with `priorityClassName: system-node-critical` ([#119118](https://github.com/kubernetes/kubernetes/pull/119118), [@champtar](https://github.com/champtar)) [SIG Cluster Lifecycle]
- Only declare Job as finished after removing all Pod finalizers to avoid orphan Pods ([#119164](https://github.com/kubernetes/kubernetes/pull/119164), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing]
- This PR adds additional validation for endpoint ip configuration while iterating through queried endpoint list. ([#117224](https://github.com/kubernetes/kubernetes/pull/117224), [@princepereira](https://github.com/princepereira)) [SIG Network and Windows]
- Updated cAdvisor to v0.45.1 - Fix metrics in cri-o when a container restarts ([#118799](https://github.com/kubernetes/kubernetes/pull/118799), [@harche](https://github.com/harche)) [SIG Node]

## Dependencies

### Added
_Nothing has changed._

### Changed
- github.com/google/cadvisor: [v0.45.0 → v0.45.1](https://github.com/google/cadvisor/compare/v0.45.0...v0.45.1)

### Removed
_Nothing has changed._



# v1.25.11


## Downloads for v1.25.11



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes.tar.gz) | bc2d54cbc60e7949c74f760855a0d7b0016c081f4c4c44650a3b51694cd85958298ce43e5f530b1cd99ddf6ca5f04d7d0091acf69f78449bc176129828a587b8
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-src.tar.gz) | 4678925f8404d98d9ee4492d25304517016ae6838927b769e49b185bf7123f578a8a441a501f0c79e19d39317cbdaee0eda84f4660010777a7d67b74a2312578

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-darwin-amd64.tar.gz) | 2f205fcd994b982814cb8c993705676b0c51f0ebff7472d0afe4baa140c6aae6bb6df60f64811906467fab5fd524812364f75fe9ebfbba172e49c95dd31929a2
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-darwin-arm64.tar.gz) | b21325813663c04a581bbde8bbe81a14839f62292cf0e09f193058c0c80e79329be37832efbb58642d424dfa89e25ae60b704782ac7db2f45573e95beb760830
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-linux-386.tar.gz) | f23369f8099f10238319e9f12c357b55256e05024992a48e1c697116e8d51a456af868c2daf3d4ae32f8312f55b15c4ed6df5d722416dbc810542b8acdcb8813
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-linux-amd64.tar.gz) | be2746215971df5eec6b41a515b0f3931ed74bd38607b7554162573c40a51109c3e3a477f0c7e501e3cbb0d15b0ced655280c21d39d41971b7496e17e38bac48
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-linux-arm.tar.gz) | 5b146503bc134b08b9f30070fa07dd396d0c2fafdce0a739ec9b1c66015dda5645c14b13822ea20e2e5444bef7e6efe04e083b40215d22133faf21c07d1fd739
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-linux-arm64.tar.gz) | e5e725b1e0e1429a7ab54715d368d8659fd0367f8c907f335fb0ea426f74c5fd338a5ad37ee98fb8cf8b03c73df6fec89ddf70fef4243e3ad85d2661d5ea7bd3
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-linux-ppc64le.tar.gz) | dfd66ad9b132a5bc411365833d5e49a4290f32685403732e6368c0b44a17a78ed3b66102b2fd90df21568b562aa2ce9a4256a5ea6c0649e53917340ea47b2803
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-linux-s390x.tar.gz) | 0159d370f2a148a06e333496a41dca6336b19676148f60a74776e9ad9841a0ea764a745286c8d167fba2cceac99a3a3bd3654144815878f43dd0bb53392a07a0
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-windows-386.tar.gz) | edd4e9863774629e1e3279f17aca162fc517d27d6a60c59977ce5ed2b443f9c376cb37eb71587bb52369aff10a210c848d52e99787bab3fd27960fd61c05a758
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-windows-amd64.tar.gz) | 79f8cf6413a5cb2e0cbdfc4cd208006b698676645cb7f27fba02fae93a1b37c3a2efee8773540f456ed128cabc33905179f7b75274a6c718e54682ec44f05acf
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-client-windows-arm64.tar.gz) | 9f48872a5ddfc190355cee1f68a48c3dd794fd614415549e7d436f595a33de552f8923b6576b5e8db6758876e2f9ab7dce598166282ecb2a7f15211b34073f49

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-server-linux-amd64.tar.gz) | 745017cd5431e8b7f3b2eae79c44551aad8f6a0007cbe9546f7bc79ed0eedcb8deec0644e2627ea2bd36f1b00e3405a333b8a2508c5dd7595857968731f7e159
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-server-linux-arm.tar.gz) | e142be854b47d4681b34a0bba83705938b7370d04232a8cdcfed26a2ccb3fe68024cc85683eae149a7120d5e38d8c0bd552ba46a550faabd416ecf966f230c95
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-server-linux-arm64.tar.gz) | 97a479e1147fd0cd04966ea6d04478af21ce41456363aa5b85374995bf00e5eedaaf0c2ed214ff5b6e94a34e5675ec9b25b1e9079f5a216b2e12adfb74a2f0c8
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-server-linux-ppc64le.tar.gz) | bf48509f89d62c363b552fa9366528dc0c1b461addd23616dae503532d4ef23eb48f3c6a4af768ace493da385770054ecfbd1a38f9d454c269907c0330d35be2
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-server-linux-s390x.tar.gz) | 66a7e0f22200c73b3c9f88f97fb6955c44578ed5d7d79dfc982c73398fdd8af27a49dafc8e3770c9f1d93fb4a3b549495c22491e5aee6178e27dd994f6b338d6

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-node-linux-amd64.tar.gz) | 0a7f042ab6530d0e0f3d0885c939eb65218975758c4924c2c78a3b27f668190f06a05c4702dfda1ad133d49e0e64f43624449572e57d74de0c02727756a935eb
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-node-linux-arm.tar.gz) | 65801b38f38626bdc1efa7c769bcb8a7fb280e7189f5fbab2e103cafdb28c74b89b9973a979379af2c615ec7593be7157fcfc464d5702926b9bb5432374646ae
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-node-linux-arm64.tar.gz) | 8f476465906ff9e69e27ec3de68c34c9d95d31ecff3c1674bc8a573211984952f668ca8be6f5640a712cb4229c0a14a54f6437fee71c82ddc30d290b4b72619f
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-node-linux-ppc64le.tar.gz) | 1898476026dfbcc8d021cbdd77efa3c752368994cf1069eefa9045f75bd9d64a9a7a53afbaf0abd5b054ea18285ce8acefba13c9d5dbe970dd2578742d1c0d1f
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-node-linux-s390x.tar.gz) | 2fe23205b97170bc597cc1ceac06a8b0727c9e7ac5585b32ca3e2f9836bcdf4bc0ea614bd5110f1e8f57640e70d84b898ff43cfa72d4e96d6e19db0017236429
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.11/kubernetes-node-windows-amd64.tar.gz) | 85bc5f7d07622a0e655c55226c1e131add28d7b4ed997534b68ca7a34c5ab48d999ee637b23c9591487c4283ae5c03f0989dbfb07696f55e3f0fe675676ef138

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[registry.k8s.io/conformance:v1.25.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[registry.k8s.io/kube-apiserver:v1.25.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[registry.k8s.io/kube-controller-manager:v1.25.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[registry.k8s.io/kube-proxy:v1.25.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[registry.k8s.io/kube-scheduler:v1.25.11](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.10

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account's secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.

**Note**: This only impacts the cluster if the ServiceAccount admission plugin is used (most cluster should have this on by default as recommended in https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#serviceaccount), the `kubernetes.io/enforce-mountable-secrets` annotation is used by a service account (this annotation is not added by default), and Pods are using ephemeral containers.

**Affected Versions**:
  - kube-apiserver v1.27.0 - v1.27.2
  - kube-apiserver v1.26.0 - v1.26.5
  - kube-apiserver v1.25.0 - v1.25.10
  - kube-apiserver <= v1.24.14

**Fixed Versions**:
  - kube-apiserver v1.27.3
  - kube-apiserver v1.26.6
  - kube-apiserver v1.25.11
  - kube-apiserver v1.24.15


**CVSS Rating:** Medium (6.5) [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

## Changes by Kind

### Feature

- Kubernetes 1.25.x is now built with Go 1.19.10 ([#118556](https://github.com/kubernetes/kubernetes/pull/118556), [@puerco](https://github.com/puerco)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Release, Storage and Testing]

### Bug or Regression

- Fixes a bug at kube-apiserver start where APIService objects for custom resources could be deleted and recreated. ([#118104](https://github.com/kubernetes/kubernetes/pull/118104), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing]
- If `kubeadm reset` finds no etcd member ID for the peer it removes during the `remove-etcd-member` phase, it continues immediately to other phases, instead of retrying the phase for up to 3 minutes before continuing. ([#118057](https://github.com/kubernetes/kubernetes/pull/118057), [@dlipovetsky](https://github.com/dlipovetsky)) [SIG Cluster Lifecycle]
- Kubeadm: fix a bug where the static pod changes detection logic is inconsistent with kubelet ([#118069](https://github.com/kubernetes/kubernetes/pull/118069), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]

## Dependencies

### Added
- github.com/a8m/tree: [10a5fd5](https://github.com/a8m/tree/tree/10a5fd5)
- github.com/dougm/pretty: [2ee9d74](https://github.com/dougm/pretty/tree/2ee9d74)
- github.com/rasky/go-xdr: [4930550](https://github.com/rasky/go-xdr/tree/4930550)
- github.com/vmware/vmw-guestinfo: [25eff15](https://github.com/vmware/vmw-guestinfo/tree/25eff15)

### Changed
- github.com/google/uuid: [v1.1.2 → v1.3.0](https://github.com/google/uuid/compare/v1.1.2...v1.3.0)
- github.com/kr/pretty: [v0.2.1 → v0.3.0](https://github.com/kr/pretty/compare/v0.2.1...v0.3.0)
- github.com/rogpeppe/go-internal: [v1.3.0 → v1.6.1](https://github.com/rogpeppe/go-internal/compare/v1.3.0...v1.6.1)
- github.com/vmware/govmomi: [v0.20.3 → v0.30.0](https://github.com/vmware/govmomi/compare/v0.20.3...v0.30.0)

### Removed
_Nothing has changed._



# v1.25.10


## Downloads for v1.25.10



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes.tar.gz) | 50c72104e6206dd6e684b4cf3dfd251c7ac52a36160153d342a54bddf9fa6f37a53e0b8982297aef5d65f8b41634e5668252a28838b4325b7560af918720a808
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-src.tar.gz) | e1bfdbe0a076bbe1ab30de2a6e34887a34be202cf92ad9425d39172b95b20dbc849af5a9a0d28c8a762d74d3250a5524990708e1cb15efcd101382216992867f

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-darwin-amd64.tar.gz) | 98edeac9ca673874963d4d0bce471c3b8dd1fd8391bab948bd3818b725aff98947b6563a144b743f6b253e0421785dae2c2c256e86204d8ef24c4ad3871fc68d
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-darwin-arm64.tar.gz) | 9ef7de4bc90f864b29721261827cf4d1d6e83ee27ff77a96044d7098b3592e05d74f3aa92b04767ac0774abcbdc5d5f3f293aada0cef13c7680cb77def1d020f
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-linux-386.tar.gz) | bd227aca11c4fea783fc415b12f3b03eb2b7c44d31dce066ebcc7ef84e106bf0f241efd7f3f1b692370c52a0dd7f88278596a821df671367856457efa6456c1d
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-linux-amd64.tar.gz) | ce5b8609142476dd02ef5792bbec53c0e4d8d70c7102b4f616233aba0bc91e8c47396599fa79fb103daa66d32a2bd335b6e2bf337ed248b361adc8c3037a3497
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-linux-arm.tar.gz) | 98261336d307ca7a987cd6fc1c6d642922faab622e0a6bf321edf0d7d9d4b60d9f6c024d6d61ee1ad239c200e582473efb0e21d47ee7be495837f3e461fb3f9e
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-linux-arm64.tar.gz) | f0d35b6d23503410204b264377f783d34e96d610676fda2f3fb01e392e94f1875071e64c059650c85dd99762baec376e32ffa0fd9ff086a602d036155922fc48
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-linux-ppc64le.tar.gz) | a189ed43170c4f1e1b2aa2df2e37b2771926a50d222aa2181fee13c8275d5b7f7f72e44a50572fd3e5440f8bc9c555f2d2e8a9e560180ddb2c8b681643b37817
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-linux-s390x.tar.gz) | f0ab39c0c9c57abc45072fbfdfbeea0fc9b89fb44946f805f272a5409786af56a726f2ce0f45d78ae6d1f7fed8bda0cf7a24ef9d34e4bf65a31433e4a1b50a45
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-windows-386.tar.gz) | fcb1a2068e305614d4d8f7b4f541a71ffa8ba103919dc8bf8cb6628e5805eefd44e28f1700119aad4236fb19db6b512b996050314eec5a638705a91220e45303
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-windows-amd64.tar.gz) | 0f681d0db9ca77424e7d14f6160c4acc88fc040e1e233305b0cfc21a2cce68ff5cac7eff77b59714adab6b01e80a1318f49b7322d12ee72607331c3a4ba34b06
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-client-windows-arm64.tar.gz) | a5b38cb4a9ef1fc431783ed1e0098105ab302afa9cdb8c4f619baaf72484c48c0bc7801bc9937170d99d0e1ca78f21f609a9feac1b10356ffd8cc18b6bffbe40

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-server-linux-amd64.tar.gz) | 8384c105b2214c1bec250714ffc4af9495e96e5a12617f02f87d2e7d392d05c94f360cca0d7fd8662efe28f6a4bd03089985f44bf212adff28c993b220bfd1ac
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-server-linux-arm.tar.gz) | 731ab080b9e1447e36c5652fe0cbcbe7f286459dcf76a440f2d9af514e3d7defec7f97a9869d347bf1975e97efba0ed60719394b7f14adf9b45e20c946951092
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-server-linux-arm64.tar.gz) | 97a02efcebcc3e5e41cd10358385f5340660a5786c8ca04791a3a1853df3fdb5188458cf7249c98a562578f83d0bb9878aee2040c03837189f61b6e64d5a9613
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-server-linux-ppc64le.tar.gz) | 9574a9f6b22dae0aad68b7dfa4591034e37740f445c07c7fbe9e08ab0ea744001fbcc31333c7ca60f7b5b039d8de812e3580acc145c6fe289802e343600b5b82
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-server-linux-s390x.tar.gz) | a53f577d1a619245d3dcf48837e0e3ca53904143281a6eeb1509410cc417cf3b63310fc18587c98b171d5a4e629ab34db9c32992572f2a77ba1ba06b01776abe

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-node-linux-amd64.tar.gz) | 2990576d5323c1ab7a5d559696e75b365b8f3a4d22317e18901c94e9f29ad740d2e4e0ddab63f1a5eaf86822e29b3c6be40da9ce9965149492f22472a55528f8
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-node-linux-arm.tar.gz) | 8dc38e834ac9255d00a44702def50237cdf64815726f829ae47f22e187354fd4cefd65b426be05ef79fda91ff2b0169086b06ea7d5f177cb47d9eae0f8918764
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-node-linux-arm64.tar.gz) | c0474b809a9793f193f6d5f3bcfa3e4d0f1e1b3eea774059fa052e81e9b04a9c736b1659076618e1942471e5a12e072bc2606dd260ad9e2a4add122d37c5547a
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-node-linux-ppc64le.tar.gz) | 12e2565045514009ed13aa3d81788b97ac526001f8681a8021cfc300f07a4a28ff19daea958f5181188e121955ee6eace9842a05fea146b66f9132eb6f66c911
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-node-linux-s390x.tar.gz) | a370f34f84ca6bf89cc72c783a88c6759458535315b648b19742a9e008326706f0ac5cc1fcc251b9c43d28fdd3605f2710a17359c6a5bc4420ee5333946d2693
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.10/kubernetes-node-windows-amd64.tar.gz) | 4122652f37d53ae59635c5f74c238cc0ea1236ff6acb4f3682ffd4f9f0818073810b8ca2c3cf2035f25f0b18db20c1d6dc631603207314e9253114fe8fd088d5

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[registry.k8s.io/conformance:v1.25.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[registry.k8s.io/kube-apiserver:v1.25.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[registry.k8s.io/kube-controller-manager:v1.25.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[registry.k8s.io/kube-proxy:v1.25.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[registry.k8s.io/kube-scheduler:v1.25.10](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.9

## Changes by Kind

### API Change

- Added error handling for seccomp localhost configurations that do not properly set a localhostProfile ([#117020](https://github.com/kubernetes/kubernetes/pull/117020), [@cji](https://github.com/cji)) [SIG API Machinery and Node]
- Fixed an issue where kubelet does not set case-insensitive headers for http probes. (#117182, @dddddai) ([#117333](https://github.com/kubernetes/kubernetes/pull/117333), [@dddddai](https://github.com/dddddai)) [SIG API Machinery, Apps and Node]

### Feature

- Kubernetes is now built with Go 1.19.9 ([#117775](https://github.com/kubernetes/kubernetes/pull/117775), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing]

### Bug or Regression

- CVE-2023-27561 CVE-2023-25809 CVE-2023-28642: Bump fix runc v1.1.4 -> v1.1.5
  - Fixes a problem of cgroup removal when using runc binary >= 1.1.6 (#117647) ([#117682](https://github.com/kubernetes/kubernetes/pull/117682), [@kolyshkin](https://github.com/kolyshkin)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
- During device plugin allocation, resources requested by the pod can only be allocated if the device plugin has registered itself to kubelet AND healthy devices are present on the node to be allocated. If these conditions are not sattsfied, the pod would fail with `UnexpectedAdmissionError` error. ([#117738](https://github.com/kubernetes/kubernetes/pull/117738), [@swatisehgal](https://github.com/swatisehgal)) [SIG Node and Testing]
- Fix incorrect calculation for ResourceQuota with PriorityClass as its scope. ([#117828](https://github.com/kubernetes/kubernetes/pull/117828), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG API Machinery]
- Fix: the volume is not detached after the pod and PVC objects are deleted ([#117339](https://github.com/kubernetes/kubernetes/pull/117339), [@cvvz](https://github.com/cvvz)) [SIG Storage]
- Number of errors reported to the metric `storage_operation_duration_seconds_count` for emptyDir decreased significantly because previously one error was reported for each projected volume created. ([#117022](https://github.com/kubernetes/kubernetes/pull/117022), [@mpatlasov](https://github.com/mpatlasov)) [SIG Storage]
- Setting a mirror pod's phase to Succeeded or Failed can prevent the corresponding static pod from restarting due mutation of a Kubelet cache. ([#116482](https://github.com/kubernetes/kubernetes/pull/116482), [@smarterclayton](https://github.com/smarterclayton)) [SIG Node]

### Other (Cleanup or Flake)

- A v2-level info log will be added, which will output the details of the pod being preempted, including victim and preemptor ([#117214](https://github.com/kubernetes/kubernetes/pull/117214), [@HirazawaUi](https://github.com/HirazawaUi)) [SIG Scheduling]

## Dependencies

### Added
- github.com/shurcooL/sanitized_anchor_name: [v1.0.0](https://github.com/shurcooL/sanitized_anchor_name/tree/v1.0.0)

### Changed
- github.com/opencontainers/runc: [v1.1.3 → v1.1.6](https://github.com/opencontainers/runc/compare/v1.1.3...v1.1.6)
- golang.org/x/mod: 86c51ed → v0.8.0
- golang.org/x/net: v0.7.0 → v0.8.0
- golang.org/x/sync: 886fb93 → v0.1.0
- golang.org/x/sys: v0.5.0 → v0.6.0
- golang.org/x/term: v0.5.0 → v0.6.0
- golang.org/x/text: v0.7.0 → v0.8.0
- golang.org/x/tools: v0.1.12 → v0.6.0
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.36 → v0.0.37

### Removed
_Nothing has changed._



# v1.25.9


## Downloads for v1.25.9



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes.tar.gz) | 73f57718a6a2e26cd779e364c4ebb51539678b30554f3c9c2a266e860dbda2e7e17c5b0290573a61f97265be2614793074cb3d50b00ca4dbea8722f68b305304
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-src.tar.gz) | 279946d2f5fbdc93019b2667953434930cb2d2a89b35af8e1610f0cd43bff87cf74104be6752ba29634b4f6880eb640ba96635406467f3f034b71c10786aaf5e

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-darwin-amd64.tar.gz) | aa08d4e8faace74c31cdf2787f2d816cc83f2a05613b04d0a613bff6be75c2a8ff4bf3a2d836f197f9c07d1de8e3e947b9cab14da1dbc36688d034a338b89bed
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-darwin-arm64.tar.gz) | f99a3cb80ab20a2a4ea5bc11bb33d6d2a66dd1af0f99f5b856f6f8c4a1589c0291da52ac645f7d7accafb2b1dbfc020f87f711b6a54dac56ac915dd01e02a16e
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-linux-386.tar.gz) | 9b50bbb563f524f9fcb6eb487b4d15a6ca108223b1fce04b786ac2df44cd65a5362cbf1818cd6d1fdda6474d2e9100b97d16f9abf1ab2027440d49264a7bd2c1
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-linux-amd64.tar.gz) | 081b4ddb723a0a54b99f699cab84c3742203b0ac45629543b92707d404fe724f69b9ae8e5826f2429fc13dc9dac0001340cdd0e8600976dbd902172b787ad8b2
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-linux-arm.tar.gz) | 940b61a1d364aa886393da749844992eb2072dade0dd17087d76ded5483f202b0f0fe30cb5319fe548596e1ef82ab3c8c2d2abed2d6040c42308b897d84e6b0a
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-linux-arm64.tar.gz) | 6036a4d96e6f0ac3362c96c74888fe85e4db6132178d052346e34e407d3cd8123914ae5edad7f5a64e25dbff10a3d1576ffdb1ccd77717a9033e691a00a82af2
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-linux-ppc64le.tar.gz) | 4fc53a4258df7bf3768e8ff73021c2899a9ba30e167c8122feaa35b907c78036f7a67fc64ae5f27fae2eb646cbd32567f022881bfb4b8aa44d0640ddd5b5ef26
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-linux-s390x.tar.gz) | c67e0106b83bbe5e872cf898aa0dbb716e78b89e27c054dc28ea7dc89261b7dd647ff0169fcc80f1df8d5bde658e7c28ec84bac7144f1e872b59b5ac00f6021f
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-windows-386.tar.gz) | a97de58d4f3592324c60e7c41a3b6469049b87156e46d1558a4ee7c31d20c328fca3e5cd614ce4516baa3bd3379005ecea618708a1fc154b7e8c83c710ce92bc
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-windows-amd64.tar.gz) | 466b6fa72b512b132b7403e09ac27cc9499613df1d2cf7731e94ee100a24964c2bf48abd21b0c86e82f52302508c054200bec98ae4bc46e8c324c4c96873bc96
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-client-windows-arm64.tar.gz) | 6b4853f92cfde49f062a3976db4d497dc48093a17e2549d1fa4cdf07fa9328dfc924e03148cd6fcc2487da322484351c170adc501960edd036a87b2bcba8bc18

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-server-linux-amd64.tar.gz) | c0acd0de04880b0af7998a0e3b0bc1b1775f8d88e8d083dc54a64a5f94e12abdd231e2a5adcd344cc719067baa9a11887ee4c8c9acdbc1a84d9c6bd2a43dc3e5
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-server-linux-arm.tar.gz) | 10c849ed11139557fc2c2d7c76684f9a3e5f26563db69f40a5ce59d5a38c124a51b93f53ed20843da7e83e38deec29eb149c60a2b2ca0f47b2cd1c23a5cf83ae
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-server-linux-arm64.tar.gz) | 222a204ddf480101357f30f0491374aa8d0203557d87771715c749aeab2e84b37e7cbf1e60e1beb7f1fe3ff52b294c2f79070a645c9afbbdea0b6390f56d98e3
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-server-linux-ppc64le.tar.gz) | 828c6ec5b54a83cfb559a9e4a6767b42145763409b5e9b6a67d110e64b000bf64615fb1a1699c4b2e9324860a0a5a1260edda3541ec1c9ad8d3d6d6c8bb9ebf7
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-server-linux-s390x.tar.gz) | 08ad3e68a38132e0727da315df73e2a0ac736e04ab1184c1c3806591d0b2d7f4981d3b6b722b908fb1fdfb8a70f9f8748e815deb0b2bc58b72c3ac9122569d3c

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-node-linux-amd64.tar.gz) | d4fa36122d31c55346788cdd796e2e10f31b9f490f036c03af8a6e6a87be8c3170e845bfa03940efbd58af6e15b11dc8ca5d5679421245bd27893a0749f6f462
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-node-linux-arm.tar.gz) | 9860a65b60dd08a7f4b1b7d044847edbd6c0e5addcfabec3e99ebdc3644cf9e110d77edcb710f0b778b97669f35e453dd817431b12909419f0272d517c8be6ff
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-node-linux-arm64.tar.gz) | 0261f82d361654247d2d63c0f4566c43e303399c79ebff0ee5d7ab9fbcf8fb5c01c8bd2667891dcb9bb7211077bbd9ba9c8be98402471d26ac15d0adfbbc78b6
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-node-linux-ppc64le.tar.gz) | a570bcb26e1ec8a90488724e8a1c9a8e0477903ecf1752383e3649572c8bd9d6e81bf204e13b364118a79b6e94e4dc2958c6771f9e64c8e427d418adafb451b7
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-node-linux-s390x.tar.gz) | a252f616a9968f69ff0d935a203e686265b7da8d47af5755150153b070aa34a3f43164f16aa8b7a63341afca28cc5f4295b1bf05bda260b45468adefad0d709b
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.9/kubernetes-node-windows-amd64.tar.gz) | 8fcf91d6c0fabe26dcd4fcee4ee43fa4e2d698c47f50ec00049f7d97ade891fd07c1e35b383a9a0544dd8212f776135284cfdc71fd9d26c256512dfdc1ae2f49

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[registry.k8s.io/conformance:v1.25.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[registry.k8s.io/kube-apiserver:v1.25.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[registry.k8s.io/kube-controller-manager:v1.25.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[registry.k8s.io/kube-proxy:v1.25.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[registry.k8s.io/kube-scheduler:v1.25.9](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.8

## Changes by Kind

### Feature

- Kubernetes is now built with Go 1.19.8 ([#117131](https://github.com/kubernetes/kubernetes/pull/117131), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing]

### Bug or Regression

- Fix missing delete events on informer re-lists to ensure all delete events are correctly emitted and using the latest known object state, so that all event handlers and stores always reflect the actual apiserver state as best as possible ([#115900](https://github.com/kubernetes/kubernetes/pull/115900), [@odinuge](https://github.com/odinuge)) [SIG API Machinery]
- Fix: Route controller should update routes with NodeIP changed ([#116361](https://github.com/kubernetes/kubernetes/pull/116361), [@lzhecheng](https://github.com/lzhecheng)) [SIG Cloud Provider]
- Fixes a regression in the pod binding subresource to honor the `metadata.uid` precondition.
  This allows kube-scheduler to ensure it is assigns node names to the same instances of pods it made scheduling decisions for. ([#116776](https://github.com/kubernetes/kubernetes/pull/116776), [@alculquicondor](https://github.com/alculquicondor)) [SIG API Machinery and Testing]
- Kubelet: Fix fs quota monitoring on volumes ([#116794](https://github.com/kubernetes/kubernetes/pull/116794), [@pacoxu](https://github.com/pacoxu)) [SIG Storage]

### Other (Cleanup or Flake)

- Service session affinity timeout tests are no longer required for Kubernetes network plugin conformance due to variations in existing implementations. New conformance tests will be developed to better express conformance in future releases. ([#112806](https://github.com/kubernetes/kubernetes/pull/112806), [@dcbw](https://github.com/dcbw)) [SIG Architecture, Network and Testing]

## Dependencies

### Added
_Nothing has changed._

### Changed
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.35 → v0.0.36

### Removed
_Nothing has changed._



# v1.25.8


## Downloads for v1.25.8



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes.tar.gz) | 1373cdd6ba5a89ad01172e09a59afb86466913b837a9b4926a528cc5681509d752804fb6cbb58c0dffb7cb2858eab67b1dacf4f4a0d6cd13a5ed449e67d54277
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-src.tar.gz) | 29f964b70673c1e66a548e11530a9643c7d0c24f90a6b9f1a3b3487923bf0b1627a21e23c35cbed713d04125807dd24f1efffccf93ccce91a83b0a05b08266a9

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-darwin-amd64.tar.gz) | 01a9f05a78c53c57ce61a24de3d76e40bce14630faaa1dac6b498da2572ee7713b702d40204ba6d0b5b145e5f35cfc274c0fcee15004fcfee42ab9e88bae5fff
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-darwin-arm64.tar.gz) | 05316e43aed229d9ea407fcf6cd6e1280b6055770c7c018b94309edc4cd5cce60991d755136447985bc11cc3d17d63d9787510c70bc4a4828850da33772f448a
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-linux-386.tar.gz) | ebfdf3fa9d0d1b1c3f6d375f9b77be21dcfdf6dc403a8e572bee00983eb1edd257b197d3baef178e0d44d0a447791121d2057a54869ed36cc2bce43de61678ce
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-linux-amd64.tar.gz) | e2179fba92c3692ef44377276e109f87c12a7166b1fd93ca826527406a6698f551afbf702d67d9469e2512ef5137a71c5ad809fc0f384dfbf7db53ca83dc3033
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-linux-arm.tar.gz) | cb8ea52dee6d98465e599a9a4d4475abde3046dbc5d034a472b80003ff6565894eb63b52027f6def4378d066556799a3b0ef05b811ba3c69ea3a487f74f21d24
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-linux-arm64.tar.gz) | c9efb676f995734f7e6eef346d03bb451ad6991265c0046467fa842ad9d0b60f4d4ae3a766cc1bb4dc22f1e8f0507f7184db3aa0973828225cdccb51c9fa4933
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-linux-ppc64le.tar.gz) | 2fabcf5581bdaf225763781af5e7781f11cf43e698787f619d01a0d8f9b2999342424f1d255b57ebac8646c6b111a3d84aadd7b30bf2848929fdd7034c2ccf4c
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-linux-s390x.tar.gz) | 50cc96108fd0a3f6ef52d633a22662ee798395a1926f1fe392018f530c7a0cf67df278d2286c12c72fb5c1d774e85cc6abc9368e2c56d59b6a47bc7b379e6d3b
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-windows-386.tar.gz) | b203fde667d8df98ae82bbaa3cc4a9447815fb4792e98e0c0bf96361e58a1223928d51eb0613cf8c4b9b8a4799f0b2fa1a92454c239ea8a205eace97eb227f85
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-windows-amd64.tar.gz) | 3da3744b18ea034650cfcd4e54f8b9a0ffce89dff7a128234fe48e846885ad97eafec9223551b97615942e73e7af72ae64152165bcd710669f1b874b194c75ae
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-client-windows-arm64.tar.gz) | 70464a404bf702257e52fec0eb815a14e8b86fc6db107b9d510fd0eefd18bbdad4fb8ab95cd03e09512ba67d30c00e8fe31c9a1ab39816947baeeef37fb5486b

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-server-linux-amd64.tar.gz) | 6786d2f0e4e4407609291887b88be0ea952a16e67f5f762f32aeb219b109632e38c25bf34f0cb82a1854584531689cf8cf778c69dc96a1245a8fb723f532fdd5
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-server-linux-arm.tar.gz) | 77ceb0d8d84aa24cfc5a60ea3c29d4760c15ca327e720b1a941bfd71399715d0671333fb3083c6560f47f3b69e1051008d5b1d0ce6e9a538876b1dff309e7326
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-server-linux-arm64.tar.gz) | fe1e043fcd93657d464b0d6c3a064bc56c76301c1f82c7d43dcf4dbc5c77ae1574b2afb342ff268d054e59fa2ecc22f948dfe7e11f21a65998270f2a8ee2c80d
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-server-linux-ppc64le.tar.gz) | 6e4c32de8393a4788bb7ffd49b992cb9aab17d3e2d195af0354985891ae3154f3208b5bd1e08b2729081da475679f2862f07b490b150ea8a454b2c86f7821123
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-server-linux-s390x.tar.gz) | 5d535088e92bf6f844b91f85ee19eb24b715f8db2e553f1f19d2a30c4ff89079b6dd5aa311eb933f22388032ec91e56478823d6ce7cb4acd67b81d68c8b784a1

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-node-linux-amd64.tar.gz) | 667e065d0d105177e6ae0f3e6382584d457b694cbe8aad9cbe236ffd29b386ba4ac0756a3fe793293602aa8b9c2256b3dcc27d860ded5ae6b8849fd6304bfbcd
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-node-linux-arm.tar.gz) | b0f84c9616effcd2e384eb3d0ee580b2ee085fb313942db4fe7ad206a00c63d63bd6262c104fc6817deb5ab0c774073a80c1e53581f30893d37ed5ff601c0f99
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-node-linux-arm64.tar.gz) | 8e4145102131493be24d8e17f2bd50794379826989652631cdadcfa38a608c3c2f0c7bc2178403c4822ae0dfbfeff3fae734c13e8aceac3d4cb5f4eb769dfb1a
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-node-linux-ppc64le.tar.gz) | eeb8821c86017605ba6ea5729ef90d154a2e3200da5e10b3295469f769c3e9e8ef2d1419399f9c3b5b3854b4481452bc1bdbe03c2c8533445429811cacb57e04
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-node-linux-s390x.tar.gz) | e93ea0c4ccdc0d4ba3c4aa670258fa377f7f410c874276867064dad19f9f1a91d9058078b5cbcff21e9e33eca45eb4b8bcd9f965b0a6d11972cb630cfd8a81f5
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.8/kubernetes-node-windows-amd64.tar.gz) | aca9b2d88c0de8e679883580d26801491f6fd5760899ff886a85334ba2e4ae4b87bb2a5af93b50850517d17c043d5c94991bb53887ec3ddd4e02d35aeee787ff

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[registry.k8s.io/conformance:v1.25.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[registry.k8s.io/kube-apiserver:v1.25.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[registry.k8s.io/kube-controller-manager:v1.25.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[registry.k8s.io/kube-proxy:v1.25.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[registry.k8s.io/kube-scheduler:v1.25.8](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.7

## Changes by Kind

### Feature

- Kubernetes is now built with Go 1.19.7 ([#116406](https://github.com/kubernetes/kubernetes/pull/116406), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]
- The go version defined in `.go-version` is now fetched when invoking test, build, and code generation targets if the current go version does not match it. Set $FORCE_HOST_GO=y while testing or building to skip this behavior, or set $GO_VERSION to override the selected go version. ([#115497](https://github.com/kubernetes/kubernetes/pull/115497), [@liggitt](https://github.com/liggitt)) [SIG Release and Testing]

### Bug or Regression

- Fix data race in kube-scheduler when preemption races with a Pod update. ([#116439](https://github.com/kubernetes/kubernetes/pull/116439), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]
- Fix log line in scheduler that inaccurately implies that volume binding has finalized ([#116049](https://github.com/kubernetes/kubernetes/pull/116049), [@TommyStarK](https://github.com/TommyStarK)) [SIG Scheduling and Storage]
- Fixed a bug where Kubernetes would apply a default StorageClass to a PersistentVolumeClaim,
  even when the deprecated annotation `volume.beta.kubernetes.io/storage-class` was set. ([#116089](https://github.com/kubernetes/kubernetes/pull/116089), [@cvvz](https://github.com/cvvz)) [SIG Apps and Storage]
- Fixing issue with Winkernel Proxier - ClusterIP Loadbalancers are missing if the ExternalTrafficPolicy is set to Local and the available endpoints are all remoteEndpoints. ([#116000](https://github.com/kubernetes/kubernetes/pull/116000), [@princepereira](https://github.com/princepereira)) [SIG Network]
- Fixing issue with Winkernel Proxier - IPV6 load balancer policies are missing when service is configured with ipFamilyPolicy: RequireDualStack ([#115615](https://github.com/kubernetes/kubernetes/pull/115615), [@princepereira](https://github.com/princepereira)) [SIG Network]
- Make kubectl diff --prune behave correctly with the --selector/-l flag ([#116147](https://github.com/kubernetes/kubernetes/pull/116147), [@nathanmartins](https://github.com/nathanmartins)) [SIG CLI and Testing]
- Remove check for CSI driver running on node for CSI migration ([#115773](https://github.com/kubernetes/kubernetes/pull/115773), [@sunnylovestiramisu](https://github.com/sunnylovestiramisu)) [SIG Apps and Storage]

## Dependencies

### Added
_Nothing has changed._

### Changed
_Nothing has changed._

### Removed
_Nothing has changed._



# v1.25.7


## Downloads for v1.25.7



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes.tar.gz) | 63fc1351093298670a893ecb3628167464a7cf6bf4b1d424846e9d8bd24850f637363826246c08af7ed93887de041d51ae64c139f6d04225c11119a2f32acfc3
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-src.tar.gz) | 4ebf928e7190531ff7954788d5ece5161e9a99e8b9e6ed260cd798bc4c220f358f2508dc0e5785b23d115d6841e101d9ca29a0910580f18c44bc0cde2e3b7e03

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-darwin-amd64.tar.gz) | 611ebb2ba4495eaffa5773ca6edf2f1f41f429ce04537abd5b4a01db9eb51e73279386c1c3ddd1626896fc950caf253a173432db33a61aff0c1b6c6e1141b2fa
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-darwin-arm64.tar.gz) | 3577ebdb7267c7ae7721b049019b437899bde0dbf708e6a42a28e2b895566636580070404e589cbb09053aec1d93a33bbb2fde79a257da04c16e475f0c84637c
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-linux-386.tar.gz) | e7742a1fae70e3facae67fcd02e46fdce749dbc5f08fcbddc515937d01a729228add9fffeac97471647df7e052394ced035d67867f02a1f0af1dafa9a762ba71
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-linux-amd64.tar.gz) | 3f625652e6dc629548b788c425da941c19217c7be95dbb2c63f2a3d726db78ba50bf60d49d483ba73a040ac1d560a0a220cc3f4cead2354a7887bf29854710ec
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-linux-arm.tar.gz) | c1210193b445c51f9a24d297d3f102a4e110ef35fef1b6f8b3961be2a61a8fa21f6b86a650f13e6ca82e9707b7511512a542dfc6c4f344c5384bdf3d31d5f040
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-linux-arm64.tar.gz) | 56c70a655b74b54395a3e4b6cf139fa13398051f8afa2948a5991cbfc5d7f27aefbcd4146c6f837497b8c780fad2770e0b6ed9cc66cf97daef0a0b0b40c3181e
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-linux-ppc64le.tar.gz) | 17ed2ffa4daa6bb329bd164a292abdd4f34fc6effb9d5da0ddb8f2db076cbc5d3b713b7508c84eb8a60cff0083d3e3b160325175a057336b655b1f963f0a7afc
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-linux-s390x.tar.gz) | 97086b5a405f45381b849fb009e7929b2c6a63b8a1bb19df00deb60f27e4ec46cb5425e6fea7f5323a7e21c1d164f607c10792dcc97a001d47d562d3f7234d6d
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-windows-386.tar.gz) | 7b3f86b24caeaf4b5ee7c5807ea49fbcd86171aca7b37d663ff2c9ce2b521820a179469a88be50e083c148e08de0a6625aeb6c369b5520211a3c1b2efe8437e8
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-windows-amd64.tar.gz) | b075cc667305e99c25399dea5e63aaf03832995e5142c3cc93c81b3bcd5b5214f067bdbbd72f33899f3b3eeeea13525b599c144d6379904105831f13317bb098
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-client-windows-arm64.tar.gz) | 1dbd7e37a0838c3131f1847ab0c61f2408b286c4822cb67108e188175e3f5669c73012045eac79b02fefda58f46a77d3d586a2d15150114da3a7edb7079a1672

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-server-linux-amd64.tar.gz) | defc7764cc2563786bcbc5cef5c94ff29d4a0cc147c67c71d3ad9c2f6a3c25a3290c405e24212ff0ef653c38a340087a783ae0812931d4b50f90bc3d1fbf34ce
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-server-linux-arm.tar.gz) | c3b844ddb786fafc51cbd4763ff03cc7778628369730f064ba88f267535f93e4dbb305a12f9a704c9307db0cc7988434b5227989673b5a7ab6edbd1e4d0b7a34
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-server-linux-arm64.tar.gz) | c7f0951c1da9b19df72e5a4ad762ec50bef764805760533b31f0fc0e1ce6757409e4ba6c14f58c706c12562a66ac5251918e86d44fbe4dce3eed6b8e8dd0679d
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-server-linux-ppc64le.tar.gz) | b0e1c8d38d33a4318f7364321dcb1837f6b22617c23f6df1a25bfac767789992cf87dd2ee1fe5c2b918c1511514a0b92a40f3da0b82f44478a7e35d8d5b5a746
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-server-linux-s390x.tar.gz) | 6f4f92c94ce0ea1e1d608d524329754f7975e566ca2f213fbc054cd30e303563bb564ba746809a0e58d564bcb83b1cd99a5339e07ae289dd459411912345fd6c

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-node-linux-amd64.tar.gz) | 419e5a0e755e73632fda4754090e39cf08f3a92f8d39b2c6f2a311cc246ddead3c3445343774aa035341ef4cc1223068f7ecc70b3da052011ad6f4a03784db1a
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-node-linux-arm.tar.gz) | 1c308120dd8d1b73d4f71ba4f9beb7cefbeaee8656c582332cfb5fa2712b323d96d2205060d8218be11dea5c46235cc88b85d10f90cdc9560e0c648f16fe80fd
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-node-linux-arm64.tar.gz) | a4897c6bb23fefdde8ff9f9e37b1f5ef8ec08c61b92288275fc9ed95593693503e0f2b086ac3905e6c6f75cf55318de778c9f91eab6159177d2201ca0f019b4d
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-node-linux-ppc64le.tar.gz) | 072d504fb26cafe6eb1cb87ea58c33b82e49109692848f571cc7d8a1cc2255b9b324345d32acf164c938bbba3bb37dfd39b50bf7cbb88b49dbb3325080474a22
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-node-linux-s390x.tar.gz) | aad43cc7eb379ad13f2c0b4b9c63aac822acf54a2dcd88d2651d985e5bec5d70edb13aeae7a140c4ccc0ec0a8e0375ee2c30b75b0098f25b93e5d13ad4d75374
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.7/kubernetes-node-windows-amd64.tar.gz) | 6fc0f7541c600fcc4a359e298f073b78f89aaa14875c5fc71f9037a57308f9391606fdf52b688a34788be9e46abb27585263b3d941c8ab983316a531bef9a81a

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[registry.k8s.io/conformance:v1.25.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[registry.k8s.io/kube-apiserver:v1.25.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[registry.k8s.io/kube-controller-manager:v1.25.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[registry.k8s.io/kube-proxy:v1.25.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[registry.k8s.io/kube-scheduler:v1.25.7](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.6

## Changes by Kind

### Feature

- Kubelet TCP and HTTP probes are more effective using networking resources: conntrack entries, sockets, ... 
  This is achieved by reducing the TIME-WAIT state of the connection to 1 second, instead of the defaults 60 seconds. This allows kubelet to free the socket, and free conntrack entry and ephemeral port associated. ([#115143](https://github.com/kubernetes/kubernetes/pull/115143), [@aojea](https://github.com/aojea)) [SIG Network and Node]
- Kubernetes is now built with Go 1.19.6 ([#115832](https://github.com/kubernetes/kubernetes/pull/115832), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]

### Bug or Regression

- Fix a bug that caused to panic the apiserver when trying to allocate a Service with a dynamic ClusterIP and it has been configured with Service CIDRs with a /28 mask for IPv4 and a /124 mask for IPv6 ([#115334](https://github.com/kubernetes/kubernetes/pull/115334), [@aojea](https://github.com/aojea)) [SIG Network and Testing]
- Fix nil pointer error in nodevolumelimits csi logging ([#115348](https://github.com/kubernetes/kubernetes/pull/115348), [@sunnylovestiramisu](https://github.com/sunnylovestiramisu)) [SIG Scheduling]
- Fix the regression that introduced 34s timeout for DELETECOLLECTION calls ([#115481](https://github.com/kubernetes/kubernetes/pull/115481), [@tkashem](https://github.com/tkashem)) [SIG API Machinery]
- Fixed bug which caused the status of Indexed Jobs to only be updated when there are newly completed indexes. The completed indexes are now updated if the .status.completedIndexes has values outside of the [0, .spec.completions> range ([#115460](https://github.com/kubernetes/kubernetes/pull/115460), [@danielvegamyhre](https://github.com/danielvegamyhre)) [SIG Apps]
- Golang.org/x/net updates to v0.7.0 to fix CVE-2022-41723 ([#115788](https://github.com/kubernetes/kubernetes/pull/115788), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Security and Storage]
- The Kubernetes API server now correctly detects and closes existing TLS connections when its client certificate file for kubelet authentication has been rotated. ([#115567](https://github.com/kubernetes/kubernetes/pull/115567), [@enj](https://github.com/enj)) [SIG API Machinery, Node and Testing]

## Dependencies

### Added
_Nothing has changed._

### Changed
- golang.org/x/net: 1e63c2f → v0.7.0
- golang.org/x/sys: v0.3.0 → v0.5.0
- golang.org/x/term: v0.3.0 → v0.5.0
- golang.org/x/text: v0.5.0 → v0.7.0

### Removed
_Nothing has changed._



# v1.25.6


## Downloads for v1.25.6



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes.tar.gz) | aa7976f8951214da9ce10fcf627f0d5630cb368ccaaab60d0b1001cf00fb3666e591a0b220df989685221116cffb48996d47ad5feb254310c194e2054e8590ff
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-src.tar.gz) | 6786e37e22fdbdc4585823d7dad4642af268118fd62d52926a0770de623bd3a70a3c6a5689878872423591c594ac7317f8660ffca860726214de0bdb9a029c14

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-darwin-amd64.tar.gz) | 4ab0bc1dab5e7ba0a4db532325323df3a21a31e58f3db68696c97e27233303fb6d8d699716f2dfe91c1ce57962718f1fcec3c62998a6d4de20cc9a7f04b172a2
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-darwin-arm64.tar.gz) | eb7471f7a56b1b678956ff1c4c9a57384f4a501600679ea5377ec915af885d1269eaf114301a11754329e836f0b14262d9a246940a906cb7890a2771f08b98fa
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-linux-386.tar.gz) | b5a773b1333cf9167dda2fd99cae31e7e70ec39288636d52e43a72df6a805928082b3fb488589ce74e91a64c06194c67efe189ee04b984e53190859f315b64f3
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-linux-amd64.tar.gz) | 726663ce8db804bea425c17c971ceee4b8401210a9f21d77ed5b525656634bf90c30f514e55648ae062ebd0fe3d805176ccea1ac301e8e732714df5b3b20e2e2
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-linux-arm.tar.gz) | 738b9b363ab8c94d955477e38c9f3413c13b43e9731332d6c7d6248ed657fadc9680c788a1b9c137767c8d255f89835415575d9c226c93787a3752f8e6b4773a
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-linux-arm64.tar.gz) | e085fddea88e6110dbaa5df1c9c1a4ffc79c98297a0316e7f5de805f28705e8c35fcc62335e8e432a0097d7fc93e5e074598b8080cc73e20b0bd149c8adb4912
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-linux-ppc64le.tar.gz) | 631e2791b014e6ebfc017c3825fba2c29b8438220e3610ca03ff08f2f21c4a6f0ee5fda84612ddaa9e7ce3862f59f44c2cb9f9509b743bb7cd78b0446e04a88f
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-linux-s390x.tar.gz) | cc21c815a190860a1be3a00e8a4477f2dc073152e47260d804cd442205a109e5eafa4be00301c270bd22a6c631316299daa9e881e2bd900b4327fc3f0e764070
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-windows-386.tar.gz) | d0bff822214e8c27f62ac61a92f4a55a0b4498192e153d97f7e0fe82f0c7fcb38a6d7c54fea54f1ec3a92883f1fa55a18954fbcbeb25c618a326f0d54310fc06
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-windows-amd64.tar.gz) | 56b92e4be195374b28670329d0e3fd97a1b0354d948b434c8f3b4a81aa85d7f59eca427aab6e97dde17d4958a18bc6fa195b2175380a0c2edb76f501679b2cce
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-client-windows-arm64.tar.gz) | 0ea7b043993c8488002e199f709232dd95d1a3b9c3617fd2367a1eb0e011553bf0ebf45337581448f55319da9a7d605f41bb6177fcb5e0f6efe3b8ca08ea7525

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-server-linux-amd64.tar.gz) | 5beb120332738268f39d91df98d7d642590ae688db3e330d98804d25940afac799850dc470d900ba54ec385012ab256d477ad7552c37a4be060605e55115f939
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-server-linux-arm.tar.gz) | 25d9e1ab99acb6a81cdd511a145568a81ad5b3dece3fd8a3197a91d0ae1141db2871540584e09422c372ec057b1a01952d23845c6b131799194cc0c5feac9eae
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-server-linux-arm64.tar.gz) | 97d306a4ddfe0d121192129c9283efa40d5b35882c13d9fb1e917951ca6fe2406102e8b5e6f6bd8af9043e39ce1232fe119bd57d858ef7b8160cb7b0572ad631
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-server-linux-ppc64le.tar.gz) | e0759a4d66ad655022041ded6613cc753dfcaa5d56afff5ce2fd3eb6bd96148fbb1e20e2ba8c13d50aabb45cb856a4248a222c1e992112ac6b890ca0424375cb
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-server-linux-s390x.tar.gz) | f45f8dd642788f6c85e660593bc809fca5c373f79badc5b042dcc3a7ce1315dfd5beb90409a6f23bbd6a2f500be814b61a0465e88b1505c3c158613e296ce6c3

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-node-linux-amd64.tar.gz) | 03d954a8d52c15f09d3d66da2b3459a706eef36b88d47a29f35b61f4264da9186ced5ae20b7075a52fab1f828e1b479d0d7faeaba53d072a376286bc1bd8344c
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-node-linux-arm.tar.gz) | 5699354fc5c78b23693f751c14b3b6e0354c0095b72354ffe99391ae28330841b022dce4b6a188dfc01b8dcc40ebfaabec199c07a00175e4ff4ebe4e486a6432
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-node-linux-arm64.tar.gz) | b611a6cde4fd00ed72951227fada6f5ab682dab33c382c24798bd9ba061a7cb2234988ca1b2839c9169bd504452f865bfe3215434348452b266bd55725856197
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-node-linux-ppc64le.tar.gz) | d1b595e78f9eb16543d167143fef061fc32d8cbbb10e551dbbf696c5dcbde3409895f1328ffed6ef74a743d7b2ca2b4495719d45e497b8bab651cad2e20f08a6
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-node-linux-s390x.tar.gz) | 101e544649af737626f8e3a44b29cdc4fba9fe36c072342cf2e6b84ba2a23b31498b4755da37995042da01a3d05b2948e307b2570f2cae6597736601751cdbab
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.6/kubernetes-node-windows-amd64.tar.gz) | 5d0ff44491218e0f5509897344cc049bd234fae240e4b5cf0256700a0d3a7c71aba87e4f833a83b932f5fb51fb826e18c0f0310948b96cd1bc9a1fc9b3e8a90b

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[registry.k8s.io/conformance:v1.25.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[registry.k8s.io/kube-apiserver:v1.25.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[registry.k8s.io/kube-controller-manager:v1.25.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[registry.k8s.io/kube-proxy:v1.25.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[registry.k8s.io/kube-scheduler:v1.25.6](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.5

## Changes by Kind

### Feature

- Kubernetes is now built with Go 1.19.5 ([#115013](https://github.com/kubernetes/kubernetes/pull/115013), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]

### Bug or Regression

- Client-go: fixes potential data races retrying requests using a custom io.Reader body; with this fix, only requests with no body or with string / []byte / runtime.Object bodies can be retried ([#113933](https://github.com/kubernetes/kubernetes/pull/113933), [@liggitt](https://github.com/liggitt)) [SIG API Machinery]
- Do not include preemptor pod metadata in the event message ([#115023](https://github.com/kubernetes/kubernetes/pull/115023), [@mimowo](https://github.com/mimowo)) [SIG Scheduling]
- Failed pods associated with a job with `parallelism = 1` are recreated by the job controller honoring exponential backoff delay again. However, for jobs with `parallelism > 1`, pods might be created without exponential backoff delay. ([#115022](https://github.com/kubernetes/kubernetes/pull/115022), [@nikhita](https://github.com/nikhita)) [SIG Apps]
- Fix a regression that the scheduler always goes through all Filter plugins. ([#114525](https://github.com/kubernetes/kubernetes/pull/114525), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling]
- Fix bug in CRD Validation Rules (beta) and ValidatingAdmissionPolicy (alpha) where all admission requests could result in `internal error: runtime error: index out of range [3] with length 3 evaluating rule: <rule name>` under certain circumstances. ([#114864](https://github.com/kubernetes/kubernetes/pull/114864), [@jpbetz](https://github.com/jpbetz)) [SIG API Machinery]
- Fixed DaemonSet to update the status even if it fails to create a pod. ([#114818](https://github.com/kubernetes/kubernetes/pull/114818), [@gjkim42](https://github.com/gjkim42)) [SIG Apps and Testing]
- Fixing issue in Winkernel Proxier - Unexpected active TCP connection drops while horizontally scaling the endpoints for a LoadBalancer Service with External Traffic Policy: Local ([#114039](https://github.com/kubernetes/kubernetes/pull/114039), [@princepereira](https://github.com/princepereira)) [SIG Network]
- Fixing issue with Winkernel Proxier - No ingress load balancer rules with endpoints to support load balancing when all the endpoints are terminating. ([#114452](https://github.com/kubernetes/kubernetes/pull/114452), [@princepereira](https://github.com/princepereira)) [SIG Network]
- Kubelet: make the image pull time more accurate in event ([#114271](https://github.com/kubernetes/kubernetes/pull/114271), [@pacoxu](https://github.com/pacoxu)) [SIG Node]
- Optimizing loadbalancer creation with the help of attribute Internal Traffic Policy: Local ([#114467](https://github.com/kubernetes/kubernetes/pull/114467), [@princepereira](https://github.com/princepereira)) [SIG Network]
- Update the system-validators library to v1.8.0 ([#114059](https://github.com/kubernetes/kubernetes/pull/114059), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle]

## Dependencies

### Added
_Nothing has changed._

### Changed
- github.com/google/cel-go: [v0.12.5 → v0.12.6](https://github.com/google/cel-go/compare/v0.12.5...v0.12.6)
- k8s.io/system-validators: v1.7.0 → v1.8.0
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.33 → v0.0.35

### Removed
_Nothing has changed._



# v1.25.5


## Downloads for v1.25.5



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes.tar.gz) | 4c4b59217468c3d26ced175b1eb3133382276941c74422b970a0a8bcd6c2b41fb3571fb4950594fee945feda810689812843491a39fcfe9deefa70f7d4a8460b
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-src.tar.gz) | fd04beb3eb8c18446bfa4613dc90957f7d9bdc264b36608b8f31a365d78f42726c73db12bb42b4c60fdaa0822ee0f89a97ef7f624348d14211fa1f35c3be1ec5

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-darwin-amd64.tar.gz) | b1f6c04b641b2ebcf246065a7a7cee326786dc1ab3f8c7599b4a6cf80f4cd6464234bfb56e967565896d9b71cbdba45928376074c7116c38b02f004216886efe
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-darwin-arm64.tar.gz) | a0ef7ad78aa0b9b31f2ebf0a39bb6647ed6d5e116875bce276adb0cd3c002ffeca99c7b0a3148529e27f45c02fba1a07909db91657ae6cea355052856706ac11
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-linux-386.tar.gz) | a4fba73c94f0d233156f15abfc96be42b83f3cdd2787b3d9a6efe306c8dd925252e92cb2ebaefead47b62cd4aa03a7645e91a449296f277797c2f9de02c8f39c
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-linux-amd64.tar.gz) | c229b5700944f86f8312cb76d44248de813b8bae58026ec137b3e19bf422e91ed9848115bd549c5d5915b43acd639db71c2e9ece756c1b1c4f706672e11151b6
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-linux-arm.tar.gz) | 37e967e95208964f6981aeadd7ec72f770b862e0d86537ffb031f6c0561dafe5176dc8e9c6e78cfd87372a2b2d741e9e9d117be7f3a8404d669b35b7b2a873a8
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-linux-arm64.tar.gz) | 40da990dbd86de5cd7d9d7cfd222fceb80162bdf77aa28feda8ed21f6f09cdb35130a77ede5150bd4beddd9d5e77a9f82926db9750589e059dadd97f0142ff39
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-linux-ppc64le.tar.gz) | cff79bc66adb1ba3aa11221091ef799f5ac3b3f0979d5c4376bd87ce8b5181a74cbb3d4449f776775e2c6b15df802421ee21015a7a53df77c6ac1edc9b55daad
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-linux-s390x.tar.gz) | 4939d05b922bdd33ad50d3bdd84917d0614b7ac32d021e475bd3e656212fc4c8c44af214603fa60d60f0d904941edb180bab3f61180f4e0a704506c5a08bd5a0
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-windows-386.tar.gz) | a644679e2958f4577ccd5f9b284a91cd0d54a9b5b76ef1fdfcef5051fc9d6c2c84640970453de3f1ef21403350e4007a76718deddbfd3b2277792631593de736
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-windows-amd64.tar.gz) | 5cdee95add22a542f78dde5aa223a3f7f2f87ae5e52213460b8280475103482f0ecea68fb4c4164aa7fa6bd54963b4c2225f477f1156af0cbaa85417d1ef5219
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-client-windows-arm64.tar.gz) | f6a87418be93cc147c299bcd538dcd769563a10ec76eb941e8723cd8962b11f1a068eae9344cff613786b4f482693922e94344e3efb3349a34177e04936a8cac

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-server-linux-amd64.tar.gz) | 715d717779fec615a2c5742c6c7371fa6edea85344acb33003c84151d0c0135a892475552b4427cda339ebda2d640cf85a7fa0f844111370e86a4290f0e11376
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-server-linux-arm.tar.gz) | 4402a7e8cbab87cbc7d991d79971c45b12855ac954ff1fef1262d15da38230739612b322b86b35105ae72c51bcd1be7c108ce60f6d7e72a1e8f0d1101eec5eb0
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-server-linux-arm64.tar.gz) | 53953f0c33aae7210dba696905af22eda54d3fdbdae87bc8a26b233c4e913279eae7349f83d546cc8c5fdf21ffd1f2463406edf11c44b5707f0f9fd22a394f62
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-server-linux-ppc64le.tar.gz) | 30eeeb624a79dbfdfc0cd328faca327d8437158058004ff76e2deeb069cb86154e37e7e24a8d3760d7a03af80768b12ec5ef9ae82852e63c28cb31e6b7166894
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-server-linux-s390x.tar.gz) | 4c13abed9a8a71f7fea14c2bc3859e5f3d32818afbab26aef4c80452db81f9afe907577610515298dd784ac1c418f3bcb38cf9c62192cb005e75e1c66ef80797

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-node-linux-amd64.tar.gz) | c30b85bcd0ec56c94b6d55364ffdb881393f2e84c1b7dd2aa85b7e03dc18fcf3ecffcf98ee77af98af2eecfdffcefdd26ec4a3c9522e5f3f6e5fa5b7efde6d37
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-node-linux-arm.tar.gz) | 5541b8550b794256e079f1c27f38bc58bea0878f658fda86f609c390f1d8fc5edfe5c1f26c009e0944cd42a3e08d5cd4f17db70077f1e19fddbae7a838a3ee25
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-node-linux-arm64.tar.gz) | 965249a3a896a8d278e4092935d68cc7aa5778f57940303d71db13b34f7e1fc32642f1d394e812f172bcdf26eff12e1ac44ddf5395557c02850bfc5824a63c6f
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-node-linux-ppc64le.tar.gz) | d4f54d7faf2eed28f0f24d121209b4496760065b975f3f616a1e68083b226f851e0bebc2b99f7ecf84df359b18fb51ec922d518aa63a53d8b3570274b8111a2b
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-node-linux-s390x.tar.gz) | 7f69ac1961cb24fe228408fac0509cf663988f0e5bea0a06fae0172b57ba595896af364b15560130110ba026a08f46c72738b0c8c271a84c280a45c84a58aca5
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.5/kubernetes-node-windows-amd64.tar.gz) | 301011c5743c8e915c24594d26bf13597065435a0dd82c97711e05ae21b2decaa7013772f770970ab9c6a109fd1b6f79e6a9df449556925b6459fac99f9bded3

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[registry.k8s.io/conformance:v1.25.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[registry.k8s.io/kube-apiserver:v1.25.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[registry.k8s.io/kube-controller-manager:v1.25.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[registry.k8s.io/kube-proxy:v1.25.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[registry.k8s.io/kube-scheduler:v1.25.5](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.4

## Changes by Kind

### Feature

- Kubernetes is now built with Go 1.19.4 ([#114286](https://github.com/kubernetes/kubernetes/pull/114286), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing]

### Bug or Regression

- Bump golang.org/x/net to v0.1.1-0.20221027164007-c63010009c80 ([#112693](https://github.com/kubernetes/kubernetes/pull/112693), [@aimuz](https://github.com/aimuz)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Security and Storage]
- Fix endpoint reconciler not being able to delete the apiserver lease on shutdown ([#114137](https://github.com/kubernetes/kubernetes/pull/114137), [@aojea](https://github.com/aojea)) [SIG API Machinery]
- Resolves an issue that causes winkernel proxier to treat stale VIPs as valid ([#113558](https://github.com/kubernetes/kubernetes/pull/113558), [@daschott](https://github.com/daschott)) [SIG Network and Windows]
- Updates golang.org/x/net to fix CVE-2022-41717 ([#114320](https://github.com/kubernetes/kubernetes/pull/114320), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]

## Dependencies

### Added
_Nothing has changed._

### Changed
- golang.org/x/net: a158d28 → 1e63c2f
- golang.org/x/sys: 8c9f86f → v0.3.0
- golang.org/x/term: 03fcf44 → v0.3.0
- golang.org/x/text: v0.3.7 → v0.5.0

### Removed
_Nothing has changed._



# v1.25.4


## Downloads for v1.25.4



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes.tar.gz) | f227a66d5595caf33d6ad39c0e50af83f425255bea16aa62747e89fa779c0b525708ed0cb2a61c058a0375a206a567210e5a8a7ceb5ca7f494a51e9a37a21cb4
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-src.tar.gz) | 7a1d64990d122e46c8f6af9fb925e787e9752962749410f8ea67eaad50179feeba35b03bc7b763112b99856f310020682d42913313c0016ac9a6c3c47898e097

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-darwin-amd64.tar.gz) | 4085e167f35ebc37f416c7605918301dd332d1e5ad08b38ae81612ff9640bb65b0b6a19cc38bbacef7916c03e373022336e8952574711254c14db15edd5b8ce1
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-darwin-arm64.tar.gz) | 267f6015bd4e35ad34cbd6af393dd89b70e636755a4d5620729396e6f822528b9a0b25758347e6ac35bca3ea55e6d51b6555e55b4851f27283c19bb1e6811bd7
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-linux-386.tar.gz) | b8c49112050e0a40bfa36a2484dc1d6df260e6fd093599585ba332b69250738fd8440ad2126011958afaf17030d52cd7babaa2deb1aca4b6545347252be98116
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-linux-amd64.tar.gz) | 192985a27178078cf7413cfa15aaf69c94420a0bc316f2a7b84bbd190ad66ebe1276ff4604b38aee673f40a1726226428d15a0a5c392c36b47137cb48bfb09d2
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-linux-arm.tar.gz) | bb0f6a50bfecda86dcdeecbd972cb494e18741d9dafc6abf2b3f556fe042854ae7d1a1043679eefa4c8be2bbb65b36e477b37b8d424f20d88a52b0ba17097252
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-linux-arm64.tar.gz) | 399541835239922d1280b401fdaa4c7779eceed34f18810992958c3a4176c5f5bef148697e569c5ca9b2d68500003cc8911bdc542ce1e106f10bab552a362a7c
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-linux-ppc64le.tar.gz) | 18d0b65c34cb1ae7010ee5f32d47cd21952bde5f35d4e1e0ebf4cc747ecd14593b39181ea8b384bf3c302d54768b5f0a9573d1a0d8fe397d7fb7ce4770fecb1e
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-linux-s390x.tar.gz) | f025a5bad0fcee7aea37c213fed3545cbfae79589b28e68ea8504b83269d19eec4c888cfcffc47cd2d85cff6d62b81e8856453a6295a4e151fc31850d013c901
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-windows-386.tar.gz) | 8a96b44b04f24d6cec5876857c56e15dd41020de4448e7aa882574e47e42fca2ba7337e9b60aa997284999a8f9039aa164c50053fe1acd31349babf2055dbca2
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-windows-amd64.tar.gz) | 22ed2223a5e6ec6f17f357dc0e76691a01396444811f57b905a311a0eeaa785c3026408fbf142bc2a6f3dd318814448feb431485d380b0851dcb2378eff1a34d
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-client-windows-arm64.tar.gz) | b4a3d3f1d0f564db3588abddf8548ec22a9fbc3c1811e8fb0112090bfcefb5120d3a88424f2be2b5dcae5e69482ac2b32734a77253b165c625a5326bf561b745

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-server-linux-amd64.tar.gz) | fc469119a0ddfc20150ae7956d2c4e63fdb9f1e3478c57339e24cf6c4d1b529c2396a667df7439fa41001d68a1cb8bbca160ee215944d690ad24c6a7d1f2780b
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-server-linux-arm.tar.gz) | 50b6ba72184f3f13c98063ab41c4dbf208e25279be28aacc5a75d956074f03a08508c6098b77f8d9483c480b5e0104ad791ff25889bde7c47049c21842332671
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-server-linux-arm64.tar.gz) | 058feaf8c3af683ca1ae3ba978cb938c254bfc831452fe345cdddb7d684939e695d6d871a9363f961be85b6f4fc7379ca559edc1175e50bf48baeb0b7df7e7ed
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-server-linux-ppc64le.tar.gz) | a75b2780eb21c8ffae6f374bed0108b626d317b5e66a714b57e7284cd0eefbd3808d76d54e631a18fa7d70cbd9e7e698fa43b9715c31b952372c03737c0279ed
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-server-linux-s390x.tar.gz) | 1ea2eacdb1c65ffcee5c262c97973ae5de5b5fb1fb1a17e458ad4df0412bbe5bd43a872014178ee0d6642f66f67e276984df4dabb4eac311d3fbee94b1727465

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-node-linux-amd64.tar.gz) | afc91c699aab2e7bf8b6e04dfc2eebbb4daef03855796b47e7540f32b379a61866c22c97511bfefdf34cd271cde10f016bf8985971c207598edeb5b6af1fb7ae
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-node-linux-arm.tar.gz) | 4a8d369d6c049dd8252566f7c92baba93afca8bd2208506132f2e976c3db6dccb8f3df84d23aae5cf7a66dde247b52a96f20bb2c0d2baa9d469dd4ff3f21fdbc
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-node-linux-arm64.tar.gz) | 4bd590fca3f4325f0d4dd535366d5790da7190697f8a5d1ca0e356ceccbc0e77ed315a992260845dc260958358fae41210bf1ba3d5685c5b46096c27d8190311
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-node-linux-ppc64le.tar.gz) | eeae4448a382ff48884a1c86a7369c028edf6425ab299e0b6f13129f62496d4d50083e5c49e8fae6cf774ca1fe7e73dca554007596757f422e80c666ea629bf5
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-node-linux-s390x.tar.gz) | f15b0b5b2ec8db89eb3a1d542ac3270ff74e9a9f1343925588b10a3724cd24e207f5541a8c2a31dfb7a8b18d5875ff1ba56fc0e2b6db3b35f4548ce6ac6dd486
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.4/kubernetes-node-windows-amd64.tar.gz) | 824257130899bcc1151218fe4ca58b972f270a19900e773da0f28e77f78261bc3995d2416c41ceaf26e4af1a4d8a28c6cee673fdc3f0e165220e23978118d2f6

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[k8s.gcr.io/conformance:v1.25.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[k8s.gcr.io/kube-apiserver:v1.25.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[k8s.gcr.io/kube-controller-manager:v1.25.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[k8s.gcr.io/kube-proxy:v1.25.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[k8s.gcr.io/kube-scheduler:v1.25.4](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.3

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2022-3162: Unauthorized read of Custom Resources

A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read.

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3
  - kube-apiserver v1.24.0 - v1.24.7
  - kube-apiserver v1.23.0 - v1.23.13
  - kube-apiserver v1.22.0 - v1.22.15
  - kube-apiserver <= v1.21.?

**Fixed Versions**:
  - kube-apiserver v1.25.4
  - kube-apiserver v1.24.8
  - kube-apiserver v1.23.14
  - kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit


**CVSS Rating:** Medium (6.5) [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

### CVE-2022-3294: Node address isn't always verified when proxying

A security issue was discovered in Kubernetes where users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can to modify Node objects and send requests proxying through them.

Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to be redirected to the API Server through its private network.

The merged fix enforces validation against the proxying address for a Node. In some cases, the fix can break clients that depend on the `nodes/proxy` subresource, specifically if a kubelet advertises a localhost or link-local address to the Kubernetes control plane. Configuring an egress proxy for egress to the cluster network can also mitigate this vulnerability.

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3
  - kube-apiserver v1.24.0 - v1.24.7
  - kube-apiserver v1.23.0 - v1.23.13
  - kube-apiserver v1.22.0 - v1.22.15
  - kube-apiserver <= v1.21.?

**Fixed Versions**:
  - kube-apiserver v1.25.4
  - kube-apiserver v1.24.8
  - kube-apiserver v1.23.14
  - kube-apiserver v1.22.16

This vulnerability was reported by Yuval Avrahami of Palo Alto Networks


**CVSS Rating:** Medium (6.6) [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

## Changes by Kind

### API Change

- Protobuf serialization of metav1.MicroTime timestamps (used in `Lease` and `Event` API objects) has been corrected to truncate to microsecond precision, to match the documented behavior and JSON/YAML serialization. Any existing persisted data is truncated to microsecond when read from etcd. ([#111936](https://github.com/kubernetes/kubernetes/pull/111936), [@haoruan](https://github.com/haoruan)) [SIG API Machinery]

### Feature

- Kubernetes is now built with Go 1.19.3 ([#113592](https://github.com/kubernetes/kubernetes/pull/113592), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing]

### Bug or Regression

- Consider only plugin directory and not entire kubelet root when cleaning up mounts ([#112887](https://github.com/kubernetes/kubernetes/pull/112887), [@mattcary](https://github.com/mattcary)) [SIG Storage]
- Etcd: Update to v3.5.5 ([#112489](https://github.com/kubernetes/kubernetes/pull/112489), [@dims](https://github.com/dims)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing]
- Fixed a bug where a change in the `appProtocol` for a Service did not trigger a load balancer update. ([#113031](https://github.com/kubernetes/kubernetes/pull/113031), [@MartinForReal](https://github.com/MartinForReal)) [SIG Cloud Provider and Network]
- Kube-apiserver: DELETECOLLECTION API requests are now recorded in metrics with the correct verb. ([#113133](https://github.com/kubernetes/kubernetes/pull/113133), [@sxllwx](https://github.com/sxllwx)) [SIG API Machinery]
- Kube-apiserver: bugfix DeleteCollection API fails if request body is non-empty ([#113286](https://github.com/kubernetes/kubernetes/pull/113286), [@sxllwx](https://github.com/sxllwx)) [SIG API Machinery]
- Kube-proxy, will restart in case it detects that the Node assigned pod.Spec.PodCIDRs have changed ([#113247](https://github.com/kubernetes/kubernetes/pull/113247), [@code-elinka](https://github.com/code-elinka)) [SIG Cloud Provider, Network and Storage]
- Kubelet: fix GetAllocatableCPUs method in cpumanager ([#113420](https://github.com/kubernetes/kubernetes/pull/113420), [@Garrybest](https://github.com/Garrybest)) [SIG Node]
- Pod logs using --timestamps are not broken up with timestamps anymore. ([#113515](https://github.com/kubernetes/kubernetes/pull/113515), [@rphillips](https://github.com/rphillips)) [SIG Node]

## Dependencies

### Added
_Nothing has changed._

### Changed
_Nothing has changed._

### Removed
_Nothing has changed._



# v1.25.3


## Downloads for v1.25.3



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes.tar.gz) | 401fa061d339f5e9d03e06a5c3145cd805bc9fe16d8f1cab112e6f7c3f80e2bcc9116b7ca018afae9e77f1c5b84b388d65cd3e996a43c3546c55483dd3ef698e
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-src.tar.gz) | fda2f97fab7c355faae616350cdfabc0578e3ddb33bf031545b13cc5304deb970ea7c11eec61ea15db8dd400601569d972ac70751b52c5bde95eaf1faf13208c

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-darwin-amd64.tar.gz) | 1c2d5b026a6b7f2412bba578c3a8e764a0a26cf9a5c68bf3835eafd8cd3d6f3d1a341b2e2bfba024d628ebad0130df54e96327ac61cadbca4de009f5960242f8
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-darwin-arm64.tar.gz) | 814a37d1a501f4d9eff5ce3df706aef948fab401e1113cc2ad66b3416f31b3824246e24324b5d18d506bff6751899e8c0013d23a750a2745306d1646d37ddf5a
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-linux-386.tar.gz) | a8fa5167a998f756e16248bf70f4552f52910bcfa247d6f2092d5e49b83de0166404ed274f3cf3c0efece9f9a2c9a5102fc609dd841bb5288b99e190a1ad41df
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-linux-amd64.tar.gz) | 115b22f31f1ff203234e61f4c4ff0bad68ded3cb17f8a3eed40ab1ec7d27f320a503da25b37316795b8193ff3017950bf49d105e6471eaa2e057544e792d922c
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-linux-arm.tar.gz) | afc158ee2b22e1464dc28741307b41f229846bf95dfb2d213830b70d7f05872dd712d582b85d46b2f12dbee25fb7af49c97d7951eafa358a7f546986d8637c0c
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-linux-arm64.tar.gz) | 22858844d4c71e6dd1365018819ca65b64752a5f3f9e75cdc9bc20d70bb503cf8792df75c06b11a616cf0fc13c11c3d5d9a5083b5a327eeeb4be956d31835c11
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-linux-ppc64le.tar.gz) | 9b7c6899d01a32e01ee10053c37a49d6103d9860b27f58ffc9a2c8a0e85b4dc7b78364ab95d1dedea84aff5ee39ba80c54301996e9e7d98cf21ea3438a0a45b2
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-linux-s390x.tar.gz) | 1e67f68703be8d17a3fa83f9a07a7c7c60d002873e95b0483cde8b216d7950e485495556c81098858a0f810b8df64e2b6cee5423aa8345c28b772e35514cc3a6
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-windows-386.tar.gz) | fe5aaacb6c876b23da4146774801e1e10f76fe71ce4a5f505bcd6288fd5fa2e83dd9ad8297169d7d930556ca0b1db7efa78bc3dcf57e63c29ac8d00d3d60d8f2
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-windows-amd64.tar.gz) | bc00edf2794b346d7257c916aa011463793ebebd22cbfbd5380d9e055bb6d6f20074083c5365a9706f2d780798807bdb22daac86ca5a64d5eda52f2ffd8036d3
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-client-windows-arm64.tar.gz) | 903966c84af1d1e11a83794463a4778709e4e75a939b2f68302eb30a2dfa2d595532079b4f2ca3ff3a11ed676ee145394e60c8becb0473f3513f48e8b37767b7

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-server-linux-amd64.tar.gz) | 4c683e75f014a1d935abbc82bc9b83209e46f9a945b3ecb19e280d12996d8e5cfe459513534f2ac08590e6ccf58d31b02cdab037205ddb45e02bea08094eef0f
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-server-linux-arm.tar.gz) | 6abf8ad637a82fa2e2edcb1842e102fa7e8a7a5b036c2c42180e115c178eda6fd776f593992cf0054de74569a6649674b6edc311c885d888f7378997aa142ff1
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-server-linux-arm64.tar.gz) | 2e76d48a7148c1a88fad2e98c4fe5c6de732d81ebc5f8f615395ffceebc4663068fbf727db52788c174f82fa03be1b7c243c10e55907cfc3242c803d3da580b8
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-server-linux-ppc64le.tar.gz) | 15f19436806e7d6e5eb8cd2cd1c4755d643d6f40ff5590cebe8b9a5c60aaa40707cd9369e8692bc089458a3f64920e3fbef7ab9d39f896be61d3957c86ea1503
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-server-linux-s390x.tar.gz) | 16be913d2841e648a775daadc510d7f656f8563464f8df52eb3b314c60572e83d4114eb5793ec10035a2c9352aa97fbb7531293b5dbca386b59b85226ad0854e

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-node-linux-amd64.tar.gz) | 067acfc69f7286ad705d744b4bbd422035f60142e0c9d00a8fc844c59ddf7bf87f2bb1bf88ef563030f1a53e39716fae24c12a46038c448c73ab2186d128da9d
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-node-linux-arm.tar.gz) | 97e249f338ee8e0c97c37c5b182e7dac057eccc9878c4c5cbd96098d875371f8833f0e8762d2be6dcff95d1503929ca00c9416b63acee3ff8edb17ad714eb604
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-node-linux-arm64.tar.gz) | 645643f35c2efcd2db1c596dd3e916b4362b4b892f797dd9c8693d96c8e40de9fb00c2e83967e945e4271303ec2c3b5d8d2e183744bcadb2e430f916fd043d16
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-node-linux-ppc64le.tar.gz) | a01bd81216ac60d6ec52f778a3139c8270be47c5c17145df925f6062013c19ad2489d5229167ab74d44aa23814a4522c86725c38e5b345f184c6646e71c6cfe5
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-node-linux-s390x.tar.gz) | e34d36b17082f27a03efba0a47303f50482ac839188e1bcc4363d059106e78ab0b136234b5da04610967302291a8d5ae3f3ae185f2359c4ed0a83d8d78211f76
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.3/kubernetes-node-windows-amd64.tar.gz) | dbe4d61e6872d13f42fa75e633ca379ff796fdbc4708734686989669caeb69e16f23f892f7b2a17c0b154186678785ebe3852aea3251aee2dd2c969d7183330a

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[k8s.gcr.io/conformance:v1.25.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[k8s.gcr.io/kube-apiserver:v1.25.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[k8s.gcr.io/kube-controller-manager:v1.25.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[k8s.gcr.io/kube-proxy:v1.25.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[k8s.gcr.io/kube-scheduler:v1.25.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.2

## Changes by Kind

### Feature

- Kubernetes is now built with Go 1.19.2 ([#112902](https://github.com/kubernetes/kubernetes/pull/112902), [@xmudrii](https://github.com/xmudrii)) [SIG Release and Testing]

### Bug or Regression

- Fix list cost estimation in Priority and Fairness for list requests with metadata.name specified. ([#112557](https://github.com/kubernetes/kubernetes/pull/112557), [@marseel](https://github.com/marseel)) [SIG API Machinery]
- Fixes an issue in winkernel proxier that causes proxy rules to leak anytime service backends are modified. ([#112840](https://github.com/kubernetes/kubernetes/pull/112840), [@daschott](https://github.com/daschott)) [SIG Network and Windows]
- For raw block CSI volumes on Kubernetes, kubelet was incorrectly calling CSI NodeStageVolume for every single "map" (i.e. raw block "mount") operation for a volume already attached to the node. This PR ensures it is only called once per volume per node. ([#112403](https://github.com/kubernetes/kubernetes/pull/112403), [@akankshakumari393](https://github.com/akankshakumari393)) [SIG Storage]
- Kube-scheduler: add taints filtering logic consistent with TaintToleration plugin for PodTopologySpread plugin ([#112357](https://github.com/kubernetes/kubernetes/pull/112357), [@SataQiu](https://github.com/SataQiu)) [SIG Scheduling and Testing]
- This reverts https://github.com/kubernetes/kubernetes/pull/109706 and https://github.com/kubernetes/kubernetes/pull/111691 which caused https://github.com/kubernetes/kubernetes/issues/112793. I.e: the service controller to incorrectly sync load balancers for ExternalTrafficPolicy=Local under certain conditions ([#112807](https://github.com/kubernetes/kubernetes/pull/112807), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG Cloud Provider and Network]

## Dependencies

### Added
_Nothing has changed._

### Changed
- github.com/stretchr/objx: [v0.2.0 → v0.4.0](https://github.com/stretchr/objx/compare/v0.2.0...v0.4.0)
- github.com/stretchr/testify: [v1.7.0 → v1.8.0](https://github.com/stretchr/testify/compare/v1.7.0...v1.8.0)
- go.uber.org/goleak: v1.1.10 → v1.2.0
- golang.org/x/lint: 6edffad → 1621716
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.32 → v0.0.33

### Removed
_Nothing has changed._



# v1.25.2


## Downloads for v1.25.2



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes.tar.gz) | 1357721e779d39cd57e60391ff33a6ee852fd39dcf65c6db3a408926b2197c37e68069e18eb109cef5310442302a9a331068fef4f6a6dc49c7f2fe9f74eae645
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-src.tar.gz) | 3b43409f5e9f1d54915d8f1b1f2f35da1f9d05c5c6bab7e6aa8ccd5b25823d5c74ef4a35be6577b97e4949d76f3f7a0862407a4eda03d5bc77b2a9bc9ab8f784

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-darwin-amd64.tar.gz) | a01cfb2af622c309c3b314b45796d871457623f42c377ee75c9078d7ce22fd4b7fc9c0f5e5a75159e37c4d28964b424c931a2845d16be98cb2b7aef7844afdad
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-darwin-arm64.tar.gz) | d45fe2a594abe102c6dcbe2d9dd6f1cc15b8c547bba29edc0b2861646a261c53995e1e8ce80aa67b89c20642d3b3d3a5266514b0b21f52a5117baa6e2f4dd433
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-linux-386.tar.gz) | 1dcd78d1bbf143c8f25d9d7d8512d2f74f20ad1323addafeaa7e52cfda3b1ba124526091093590aef0d74cb0571e3af6ae584314b02e32d68e0882723643f364
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-linux-amd64.tar.gz) | 0eb301d4cc2228091e87be7fff058ca25fbc1668a8819a8903f1022c42029ae622a01d08959312dffb28f57969ab3b15766cf29e3b9e1fc9095b8bfcee03b1c5
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-linux-arm.tar.gz) | 981201ba86fa5cade101c3c6b401867b203aa243ac2e02f1e469bcf35400ebcab931d47e64c4ea8c9e244e3146bf6ef095159d9e8ccaa9cd6c6367b7edcf46ea
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-linux-arm64.tar.gz) | a1f0ae04a92ab2568fb5ead6f62d86af0a30834f733d52e841acc146b7cf25e18638ee537f5f6383efa7a10015382ecaa10014b2a7f287cd31020cba97ebb656
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-linux-ppc64le.tar.gz) | 242cf97458991a303a0256f3916644a4d4559fab2b2f9f9bf10757135ab7a61ad095d68323632881d038ba5810f77b5f9436fd4fb34500e70d3c46bed637ed74
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-linux-s390x.tar.gz) | 07d33af60ef593bf27fa1517b05bd7e1ec25b65e80d0f37bfb1c4cdadeb3d0bc7d65b27fb5747a9b1835d9dc611c8416441110e81a046927fa1f59e6f1137c13
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-windows-386.tar.gz) | b8385f1f9265c1b57badce83c7b0982972961e25ddd03edbbb1a719a98d717715f16e03ccde915f7f606fa3a84d09127e13b06b8fe99c5cbf16a8e6f2aa00637
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-windows-amd64.tar.gz) | af86d5e2efd698441e2ecf78438f0b3a262608799213a80d800bbb68dd115fa588b32328c4d7848d93325f74e498f6d9b295bbda7408648180fb7fb919795fa0
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-client-windows-arm64.tar.gz) | d775a3c182a8c067ce4859922629921c8ca43ffd81729dada347f48820abd1ecc09e04cd6fc707e757a0071d72e3a056769d11e5440939eb9de7ff7019a3af07

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-server-linux-amd64.tar.gz) | a8731e6890bb68143e883e00de2e7886aebc9d924db07e7524ab54d96969ab0071a3b0863180b5eb88e7ac94cac08eca6eb3656ab3835833e202f3fb15040aec
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-server-linux-arm.tar.gz) | 7df84891ae5aba3514dbba29d4056547d1bf751e7d41564d3f79595a41b7bad3f3502ce14500732c6335a7665beaf95367fb03bcd8dd5282cbe00544f2bbffeb
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-server-linux-arm64.tar.gz) | 7526b11a01f6ae04ece2ea720dfbbf0aaf6536dc545ccd1fd8e64d9f4409879e13c9bed435819381ee0ae4e7738e184c10b0659de2fdf81d4b82cec41f4547e9
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-server-linux-ppc64le.tar.gz) | ce39f1187b6d9c81a826f2e427650e0cc01d5bc168ba9061dbdf473327e432ea0aa980aae791569039fb580e0933a6cfd2c52e1be944dd436ae957573d60b9f4
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-server-linux-s390x.tar.gz) | 62462352e5b5c69b169add5d3c2ec307cd17aa75d2c411ff8092b3bb2a3a029b6a015cbff016327c93fa8406d72f65bb6cb2616072ddcb49beafb976245caadf

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-node-linux-amd64.tar.gz) | 0dd9b9a6477d53ce52fd5fe3ebb49af6a0f898cc412bf46fb2e9f5bdb93cca23274a3c959c23730eaabf7c771a0e78e670c92b67a95a69982ea1488ccff4f281
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-node-linux-arm.tar.gz) | 22f2522739509a030e46b478616d78373091b6456abb77a6436db18737f8b0c7e1be199381b8e516bea0592bda4b7fcfb77662f068be38a290a0ebe8858aa493
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-node-linux-arm64.tar.gz) | 665785ebe116c7766e37570081a6b0a566cc062cb0a4d46d1b8a8717637c1ed42bf8ba7bfc139c9796413bb698c9b9fa7c5d7600ae6aa74e3c4428ef954e783a
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-node-linux-ppc64le.tar.gz) | 848821505fe65f79e6acf003c5e12d3aaf2a16fc7abab2ea2d4850b85b00c158a81030ff26b4dfcf316488411c536cecf27b551b5f4d3606f5b56a9bef30f9bd
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-node-linux-s390x.tar.gz) | ce5f88617dee79d2816cf3417aa3ee40334920fca0682311f4346237929771c60203ce0b823011cdb363583631c37a7c101731109698c36597d3c70f61a44ec9
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.2/kubernetes-node-windows-amd64.tar.gz) | aca53967a0141ce1474bc715f57bec90dab08a03a2ff8fe5eb71e3489a372684fa86694d37ccfcdc49c93dbd5d6972ed8c06d5f78b75c7457b4b446e6c5be9e0

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[k8s.gcr.io/conformance:v1.25.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[k8s.gcr.io/kube-apiserver:v1.25.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[k8s.gcr.io/kube-controller-manager:v1.25.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[k8s.gcr.io/kube-proxy:v1.25.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[k8s.gcr.io/kube-scheduler:v1.25.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.1

## Changes by Kind

### Bug or Regression

- Allow Label section in vsphere e2e cloudprovider configuration ([#112478](https://github.com/kubernetes/kubernetes/pull/112478), [@gnufied](https://github.com/gnufied)) [SIG Storage and Testing]
- Correct the calculating error in podTopologySpread plugin to avoid unexpected scheduling results. ([#112531](https://github.com/kubernetes/kubernetes/pull/112531), [@kerthcet](https://github.com/kerthcet)) [SIG Scheduling]
- Kube-apiserver: gzip compression switched from level 4 to level 1 to improve large list call latencies in exchange for higher network bandwidth usage (10-50% higher). This increases the headroom before very large unpaged list calls exceed request timeout limits. ([#112398](https://github.com/kubernetes/kubernetes/pull/112398), [@shyamjvs](https://github.com/shyamjvs)) [SIG API Machinery]
- Kube-apiserver: resolved a regression that treated `304 Not Modified` responses from aggregated API servers as internal errors ([#112527](https://github.com/kubernetes/kubernetes/pull/112527), [@liggitt](https://github.com/liggitt)) [SIG API Machinery]
- Kubeadm: allow RSA and ECDSA format keys in preflight check ([#112534](https://github.com/kubernetes/kubernetes/pull/112534), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]

## Dependencies

### Added
_Nothing has changed._

### Changed
_Nothing has changed._

### Removed
_Nothing has changed._



# v1.25.1


## Downloads for v1.25.1



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes.tar.gz) | 570fd9b51a413a0a8f26834c8b0d49126cf1675800cf617a8532aa0270174a2b2b0a73600c4e1b3ab9303eb439d23d139bed82104f8d8a661a106c15496b5fd5
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-src.tar.gz) | 1e0160c1606d4ee4f88b72417cc85aaef92635c2fabe3d0fd316c90e1b7455dae8e99aa71badd916c105ce0986ccf283043242d34c805d191c1793fa83af7f19

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-darwin-amd64.tar.gz) | fbe8ecb58d7c50d2f9e8e80a6418b67aed0525a5915344fed0d61ff092b79c0eaa47e78058a6300041b8faf6c4ab62610575f241eb7a779c9eb3c49ecdffd96b
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-darwin-arm64.tar.gz) | 0d4cb3a2d5c18006dd530c1a1c14e0f04dd8cd3adcf6002c350b57f74d7b8e142a47c3e6771763d6aab06f4b34feb51ff71f80abc68b05708fd5718ea0979c38
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-linux-386.tar.gz) | d15a7d60362050887e83e98d98bb3807fb07801a5b967b0e701e3bce3c5c5500c6db79fd665d066c71f29e07d49bf51ebf89c3d9d5209c986cdcb08a9928a2d5
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-linux-amd64.tar.gz) | 2f57545db6edbdb1e7f162814e73c831dfe1f1023771a4ef4547e41eaa1eaf374cb556be6e0db1417f3eb36c2613cc088c6c64881610b3d4f8df1a0200206b87
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-linux-arm.tar.gz) | f6a66a41fcea5a60dbb65d5a87a642040f07b073a3315c33853d9417aecd27389995b72fbdeee1c4dd755adbc26ad9211f7fd5247a867c99e0f6131d6f6839e8
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-linux-arm64.tar.gz) | 921a044d01641361a36174b60b2c3ce17e04d11268ed1e4acebc6b38ea37b2d1ca3de38b8c9e0a0efacde63aa4f91b12af03a76b67576e26cae8d8bba4b9baec
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-linux-ppc64le.tar.gz) | 23da2eadd9973dc8392c100cf7631b802bd83fa731bd3e8514748119107814dcad58fa12fea702bc4d922c783abf73488d9ca5a7bfdcb07999f96a2b312eae84
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-linux-s390x.tar.gz) | 706e83b85072ffb515b2015bea3e7260dc276f3b51236ed44df8f2a6eaf35aeedc76ef545cb8b665a715636cae7cc471b78ea50149f6e3f6f2714d957a1a9a8e
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-windows-386.tar.gz) | 7aeb767610f288545ee810ffed91c7d6edd5e1eb2798a89894db07179a8fefc428794f684e4d4e9e65f88822fcc2476c74bb7b227075debb637eabea1578d940
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-windows-amd64.tar.gz) | fc734bbce708303a038ece4c9c4b96e9d4e020ee2e435a29d4e622af46e13e20ab90c8e81a99755f2c0e1aab076f9cc38c9c61a8b81bfcbbe321d56f3348fa3f
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-client-windows-arm64.tar.gz) | 787a62cd64de87d96d861fbf3a636d7014a50ae53c9465b3dda675232bd2a62814db52a47621a04c1e62788e345853c327bad127693af6d005d35cd2f845641e

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-server-linux-amd64.tar.gz) | 7f8e9df0a408c7ae25d7c4af171ff62b256bba2ca3ce53e4fe1eaa241e33eedfcd027b84237d62cff2b399d5822140a2f0241c5102eb145be5e62cd4ad40783f
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-server-linux-arm.tar.gz) | 62a52ecaed1bc41479f6ab732faddcecc0f380731968be25aee3fbcff051d87691df4542f97403838ccb34a2d93e163f319ed9683def8236746d11d40eadfb1b
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-server-linux-arm64.tar.gz) | 0df095874536bdd01bbb1dadb1c71ce7d8e46f3e86bc8490654ef9bb163023d04b3ab6078561d058c38adeae904d24aade9c7021b02c0af4947892ff1e544ec5
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-server-linux-ppc64le.tar.gz) | 4bf9d1c87fa8b120c8302838f0085b9c09b449686f371e3002d9744ed0d3df93af36cc8e1c49d2d11bc5f5a9d71f83c909a4eb8aaa4991e56d18ef231ea970b9
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-server-linux-s390x.tar.gz) | 78e836804355c7132d48f5ad96e6d9253d0267bae91185d271932cdccae6d712b99efdf44c573c7c871c10a7f48d90784615d454a2858017e34f33876cb4dcca

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-node-linux-amd64.tar.gz) | eea845092b6eb0329590beda0f40d88613d8b809a61fcb78452004eb1f0851d69d52a7b71fd921f97af66cdd80636704fe144d6ad1be798c74e32304b42f2ac4
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-node-linux-arm.tar.gz) | a36d8f52074c720100d84e69b47d7e4975791d36730587a62d6fe41690ee9dae8bd61c483ac6e870b8b6a14b65a1b35b5c3b0a8305c7313013764e585db72433
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-node-linux-arm64.tar.gz) | ade8144c6ee4ef397d18fd92338485835d83cb0f2b7d0e55c4422f9037aeb4ae7af71e861b1d2ccbd3f808d54437f11c143f00db9799d2f3662cd38f0c6cdf38
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-node-linux-ppc64le.tar.gz) | d51dedb6f081b7512739776c60be7d3d52899e022c14e2c920fe236aca53f2c02cde8d2e23ced10d098ced238e2186eca833fb0b82972b00334bfefcc1c037c4
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-node-linux-s390x.tar.gz) | fb2949bb815be69aa34503afce8b63ecaf4f8f1a7195e8a962887f223dda95f95b359f0c473e5c3bc40b12d49ff58b406003f4aa4f2ee5712e700fd6c479b829
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.1/kubernetes-node-windows-amd64.tar.gz) | dfdb051ebd867f775b2cc7f4cc6fd3828fa11c94a90201056451b2c281e53fd70e40664874d7fe2344b17056246cc439ded7703fe22e1e1f736d78d5818a4a09

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[k8s.gcr.io/conformance:v1.25.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[k8s.gcr.io/kube-apiserver:v1.25.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[k8s.gcr.io/kube-controller-manager:v1.25.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[k8s.gcr.io/kube-proxy:v1.25.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[k8s.gcr.io/kube-scheduler:v1.25.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.0

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL.  This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties. 

There is no mitigation from this issue.  Cluster admins should take care to secure aggregated API servers and should not grant access to mutate `APIService`s to untrusted parties.

**Affected Versions**:
  - kube-apiserver v1.25.0
  - kube-apiserver v1.24.0 - v1.24.4
  - kube-apiserver v1.23.0 - v1.23.10
  - kube-apiserver v1.22.0 - v1.22.14
  - kube-apiserver <= v1.21.?

**Fixed Versions**:
  - kube-apiserver v1.25.1
  - kube-apiserver v1.24.5
  - kube-apiserver v1.23.11
  - kube-apiserver v1.22.14

This vulnerability was reported by Nicolas Joly & Weinong Wang from Microsoft


**CVSS Rating:** Medium (5.1) [CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L)

## Changes by Kind

### API Change

- Revert regression that prevented client-go latency metrics to be reported with a template URL to avoid label cardinality. ([#112055](https://github.com/kubernetes/kubernetes/pull/112055), [@aanm](https://github.com/aanm)) [SIG API Machinery]

### Feature

- Kubernetes is now built with Go 1.19.1 ([#112320](https://github.com/kubernetes/kubernetes/pull/112320), [@palnabarun](https://github.com/palnabarun)) [SIG Release and Testing]

### Bug or Regression

- Adds back in unused flags on kubectl run command, which did not go through the required deprecation period before being removed. ([#112249](https://github.com/kubernetes/kubernetes/pull/112249), [@brianpursley](https://github.com/brianpursley)) [SIG CLI]
- Avoid propagating hosts' `search .` into containers' `/etc/resolv.conf` ([#112204](https://github.com/kubernetes/kubernetes/pull/112204), [@lucab](https://github.com/lucab)) [SIG Network and Node]
- Fix an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectl while exec auth was in use. ([#112336](https://github.com/kubernetes/kubernetes/pull/112336), [@enj](https://github.com/enj)) [SIG API Machinery and Auth]
- Fix problem in updating VolumeAttached in node status ([#112305](https://github.com/kubernetes/kubernetes/pull/112305), [@xing-yang](https://github.com/xing-yang)) [SIG Apps]
- Kube-apiserver: redirect responses are no longer returned from backends by default. Set `--aggregator-reject-forwarding-redirect=false` to continue forwarding redirect responses. ([#112330](https://github.com/kubernetes/kubernetes/pull/112330), [@enj](https://github.com/enj)) [SIG API Machinery]

## Dependencies

### Added
_Nothing has changed._

### Changed
- github.com/golang/glog: [v1.0.0 → 23def4e](https://github.com/golang/glog/compare/v1.0.0...23def4e)
- github.com/google/cel-go: [v0.12.4 → v0.12.5](https://github.com/google/cel-go/compare/v0.12.4...v0.12.5)
- github.com/google/go-cmp: [v0.5.6 → v0.5.8](https://github.com/google/go-cmp/compare/v0.5.6...v0.5.8)
- github.com/onsi/ginkgo/v2: [v2.1.4 → v2.1.6](https://github.com/onsi/ginkgo/v2/compare/v2.1.4...v2.1.6)
- github.com/onsi/gomega: [v1.19.0 → v1.20.1](https://github.com/onsi/gomega/compare/v1.19.0...v1.20.1)

### Removed
_Nothing has changed._



# v1.25.0

[Documentation](https://docs.k8s.io)

## Downloads for v1.25.0

### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes.tar.gz) | `2bff2da02f6197fbde3e3a378dd8a95415edcef2e5f95a9e1399ec8369a592dac461dbb7402cded1ba93ace22c87ee050ea02a7c1c2cabaa97609352302d5d0c`
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-src.tar.gz) | `20810dbbc1ee7ec06348b09b1d0dcef456eab600b3c6fe594d426a9c7b6fbab69712594d6f97c63db371a41a509f17bb7c4675b8e28a25dd84abb9bea35fc8ad`

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-darwin-amd64.tar.gz) | `4960a153e5cda0b30e7e437895fc8c08f80978d9f3189f6408e04446fa9777dafacb3cddbac5b09c8de0a19459893150a691b28f95cfa9f5c87b2926fe442df5`
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-darwin-arm64.tar.gz) | `17972e1f0ad64113b9adf5f8e9c6231463048c0f04fde35fb614f59281127630ae475a7ec91e31cb03ebe444828e47e6d32ed05f000b6514bad646d6b9f5469c`
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-linux-386.tar.gz) | `8d5a35a0a8e71ec59be0b720ff6fd80c172bcacae5f9a5f58bfc1ac66b4e877640d8626f23852ba2459dc1ec783347ae3300017e0919d59b16ae1011ac50c5d1`
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-linux-amd64.tar.gz) | `34a7e9a496fff31a3afa6f5f7245212d051de3c2966e42a662040bde8a733c1cf55ce2e50227813fd29c6db758687a453a7df66b6c32f7f2c93959280c4e130a`
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-linux-arm.tar.gz) | `f5defcd92f99562c455f44bf62b478d88d00ed3cce662bdd8bed8b880bae31e6e534fb044844b4664c543bed713332fd1734415e6da320f752984157e3fa32c9`
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-linux-arm64.tar.gz) | `a01731aa3e7e8e560c92cf0b3d7ed9ce9964bfed88fcd055c881a0513c10be33e11b2c0539d4f52c17bfd605d540be5c6824a2f9f182d97a7a255a9a25b64607`
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-linux-ppc64le.tar.gz) | `b022a28c25b0fefb1abbcaaa71d12f9edd14cf76d291ef3f8d13a8fc5cdec2edef3aee96c851e0dde7b8c7c1f5f38c3cc631e0bce15ccbc6f30bac45895ac7f4`
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-linux-s390x.tar.gz) | `b4781d09fd1360097104fb6cd33e3f4de9ce571a13e329f26ce55505e9ddbbd2ca20794bb80a58eaa23ae63860376ae51187de76c99db9cbce984773ddf03c34`
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-windows-386.tar.gz) | `5f6f71b7cb88dc18930d1864df21061f5b73a6969425701e945239323a0d7e5eb182c1607d3ddc26cbaf4dab0dc4bc59c7fbffe8bd66f5fd1edae075220d1c15`
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-windows-amd64.tar.gz) | `cfcbdc13cfd17e8b38baa29d7638ae086b97d5784352d0e8bc92c6f6f34ce2e885ef1371d255d4b48c9a73cfdea8168d1d6cc7ac0b1b3bdc18a09970066d59ca`
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-client-windows-arm64.tar.gz) | `55cc2d36764d8f496ca973d82fd1c60e93d227a8107fd0649c228f479b70dc05cbe23708fd8e4b820fd3b191786bbe054446d31f7d1b9fecff173d0f554d5a69`

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-server-linux-amd64.tar.gz) | `21614040cd3cc5a8ee0668bd91383427427e7796ee3de0f9fe6b4b5d9becb830141bb1ed3ba5376815385baa2675595e97765209f14bf68653bcf6fdfb070f3d`
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-server-linux-arm.tar.gz) | `44ada6a0a6ba77aebdad52680c973f98bed495bdf7ac7cc6abbcb7e5b3fd5476961e0db6b8384b128c81ffd0b70d3a020f248062acfcd8b8b85fa295b1f8cf69`
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-server-linux-arm64.tar.gz) | `c76ca3dc152a51c08d147a9ad9594a70071e548638d5065bf1aaaad63c3553c8af8d8dcb885e6e4ed724d944a5283fd000315d2622b7ef7a2df4b0b783ab0256`
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-server-linux-ppc64le.tar.gz) | `491084954f951a3f3f61642e9006195f5dac84b4ccc29e407f85a3bb7aba8ea79c2b4deda69507bd516c1feff47ba9887309c26d6e6c4d2270cf5e0a8f0d5cac`
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-server-linux-s390x.tar.gz) | `0e89499c004e5faaf69deb917c1df2eb3c2da36024ff3dcd10e5c3f7e7ef7c2393c109bb8ee8bd30756bc4024cacc05ea5f0131a5bc630a3513aada182a69949`

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-node-linux-amd64.tar.gz) | `46b4fd437824b1178dd570bc3a1a12aa5549482793f329d194b72a45daaa0bb8b990d7ee98f2a3d9a643ae113973f1f303cdcb6fdf8c56f439bf13acc7460728`
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-node-linux-arm.tar.gz) | `f4338883d811369be6d7a2b658e3b46c06ddef0b584293c3e44bb5f961805d6659d2a73e62c470b80029938f8793f1b11c093e4b99431e419bd61b0e9ed5c133`
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-node-linux-arm64.tar.gz) | `c2b174bb22485c0efb6a812ed78d84afa161d635f365d913ea08b3db8daae50ae15087a6d5fefce95c5363d90414079d8c5ff476bbfab9547c87befdf23bbcce`
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-node-linux-ppc64le.tar.gz) | `7985f22fb43d3af183e94581dd7547b8817ad27b2c8b6304de60d28ce165341ab5dcd576f6c61b999c73ebf6a35d5cd5e328253160959f5112b94e4d17f41364`
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-node-linux-s390x.tar.gz) | `7d6622e3128c3ad46ab286bdbb445f158b697f7624ff03f1905d4b62a91601d0f33880b4b0cfa93b435a9c786070f20ef86da877690c100bfa7460a8e8ca3cd5`
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0/kubernetes-node-windows-amd64.tar.gz) | `213954569d1e0b682805342964597a03d3b16a98756c9123d18dd8ceda9d4cddeeac500d5bdcf8cb27c136b2bfa5947fb5c75fdec7533a153199a855162d742e`

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.
name | architectures
---- | -------------
[k8s.gcr.io/conformance:v1.25.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[k8s.gcr.io/kube-apiserver:v1.25.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[k8s.gcr.io/kube-controller-manager:v1.25.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[k8s.gcr.io/kube-proxy:v1.25.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[k8s.gcr.io/kube-scheduler:v1.25.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.24.0

## What's New (Major Themes)

### PodSecurityPolicy is Removed, Pod Security Admission graduates to Stable

PodSecurityPolicy was initially [deprecated in v1.21](https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/), and with the release of v1.25, it has been removed. The updates required to improve its usability would have introduced breaking changes, so it became necessary to remove it in favor of a more friendly replacement. That replacement is [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/), which graduates to Stable with this release. If you are currently relying on PodSecurityPolicy, please follow the instructions for [migration to Pod Security Admission](https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/).

### Ephemeral Containers Graduate to Stable

[Ephemeral Containers](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/) are containers that exist for only a limited time within an existing pod. This is particularly useful for troubleshooting when you need to examine another container but cannot use `kubectl exec` because that container has crashed or its image lacks debugging utilities. Ephemeral containers graduated to Beta in Kubernetes v1.23, and with this release, the feature graduates to Stable.

### Support for cgroups v2 Graduates to Stable

It has been more than two years since the Linux kernel cgroups v2 API was declared stable. With some distributions now defaulting to this API, Kubernetes must support it to continue operating on those distributions. cgroups v2 offers several improvements over cgroups v1, for more information see the [cgroups v2](https://kubernetes.io/docs/concepts/architecture/cgroups/) documentation. While cgroups v1 will continue to be supported, this enhancement puts Kubernetes to be ready for eventual deprecation and replacement in favor of v2.


### Windows support improved

- [Performance dashboards](http://perf-dash.k8s.io/#/?jobname=soak-tests-capz-windows-2019) added support for Windows
- [Unit tests](https://github.com/kubernetes/kubernetes/issues/51540) added support for Windows
- [Conformance tests](https://github.com/kubernetes/kubernetes/pull/108592) added support for Windows
- New repository created for [Windows Operational Readiness](https://github.com/kubernetes-sigs/windows-operational-readiness)

### Moved container registry service from k8s.gcr.io to registry.k8s.io

[Moving container registry from k8s.gcr.io to registry.k8s.io](https://github.com/kubernetes/kubernetes/pull/109938) got merged. For more details, see the [wiki page](https://github.com/kubernetes/k8s.io/wiki/New-Registry-url-for-Kubernetes-\(registry.k8s.io\)), [announcement](https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c/m/oD9_Q8Q9AAAJ) was sent to the kubernetes development mailing list.

### Promoted SeccompDefault to Beta

SeccompDefault promoted to beta, see the tutorial [Restrict a Container's Syscalls with seccomp](https://kubernetes.io/docs/tutorials/security/seccomp/#enable-the-use-of-runtimedefault-as-the-default-seccomp-profile-for-all-workloads) for more details.

### Promoted endPort in Network Policy to Stable

Promoted `endPort` in [Network Policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/#targeting-a-range-of-ports) to GA. Network Policy providers that support `endPort` field now can use it to specify a range of ports to apply a Network Policy. Previously, each Network Policy could only target a single port.

Please be aware that `endPort` field **MUST BE SUPPORTED** by the Network Policy provider. If your provider does not support `endPort`, and this field is specified in a Network Policy, the Network Policy will be created covering only the port field (single port).

### Promoted Local Ephemeral Storage Capacity Isolation to Stable
The [Local Ephemeral Storage Capacity Isolation](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/361-local-ephemeral-storage-isolation) feature moved to GA. This was introduced as alpha in 1.8, moved to beta in 1.10, and it is now a stable feature. It provides support for capacity isolation of local ephemeral storage between pods, such as `EmptyDir`, so that a pod can be hard limited in its consumption of shared resources by evicting Pods if its consumption of local ephemeral storage exceeds that limit.

### Promoted core CSI Migration to Stable

[CSI Migration](https://kubernetes.io/blog/2021/12/10/storage-in-tree-to-csi-migration-status-update/#quick-recap-what-is-csi-migration-and-why-migrate) is an ongoing effort that SIG Storage has been working on for a few releases. The goal is to move in-tree volume plugins to out-of-tree CSI drivers and eventually remove the in-tree volume plugins. The [core CSI Migration](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/625-csi-migration) feature moved to GA. CSI Migration for GCE PD and AWS EBS also moved to GA. CSI Migration for vSphere remains in beta (but is on by default). CSI Migration for Portworx moved to Beta (but is off-by-default).


### Promoted CSI Ephemeral Volume to Stable

The [CSI Ephemeral Volume](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/596-csi-inline-volumes) feature allows CSI volumes to be specified directly in the pod specification for ephemeral use cases. They can be used to inject arbitrary states, such as configuration, secrets, identity, variables or similar information, directly inside pods using a mounted volume. This was initially introduced in 1.15 as an alpha feature, and it moved to GA. This feature is used by some CSI drivers such as the [secret-store CSI driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver).

### Promoted CRD Validation Expression Language to Beta

[CRD Validation Expression Language](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/2876-crd-validation-expression-language/README.mdv) is promoted to beta, which makes it possible to declare how custom resources are validated using the [Common Expression Language (CEL)](https://github.com/google/cel-spec). Please see the [validation rules](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules) guide.

### Promoted Server Side Unknown Field Validation to Beta

Promoted the `ServerSideFieldValidation` feature gate to beta (on by default). This allows optionally triggering schema validation on the API server that errors when unknown fields are detected. This allows the removal of client-side validation from kubectl while maintaining the same core functionality of erroring out on requests that contain unknown or invalid fields.


###  Introduced KMS v2

Introduce KMS v2alpha1 API to add performance, rotation, and observability improvements. Encrypt data at rest (ie Kubernetes `Secrets`) with DEK using AES-GCM instead of AES-CBC for kms data encryption. No user action is required. Reads with AES-GCM and AES-CBC will continue to be allowed. See the guide [Using a KMS provider for data encryption](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) for more information.

### Kube-proxy images are now based on distroless images

In previous releases, kube-proxy container images were built using Debian as the base image. Starting with this release, the images are now built using [distroless](https://github.com/GoogleContainerTools/distroless). This change reduced image size by almost 50% and decreased the number of installed packages and files to only those strictly required for kube-proxy to do its job.

## Known Issues

### LocalStorageCapacityIsolationFSQuotaMonitoring ConfigMap rendering failure
ConfigMap rendering [issue](https://github.com/kubernetes/kubernetes/issues/112081) was found in the 1.25.0 release. When ConfigMaps get updated within the API, they do not get rendered to the resulting pod's filesystem by the Kubelet. The feature has been [reverted to alpha](https://github.com/kubernetes/kubernetes/pull/112078) in the 1.25.1 release.

## Urgent Upgrade Notes

### (No, really, you MUST read this before you upgrade)

- Deprecated beta APIs scheduled for removal in 1.25 are no longer served. See https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-25 for more information. ([#108797](https://github.com/kubernetes/kubernetes/pull/108797), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Instrumentation and Testing]
 - Encrypted data with DEK using AES-GCM instead of AES-CBC for kms data encryption. No user action required. Reads with AES-GCM and AES-CBC will continue to be allowed. ([#111119](https://github.com/kubernetes/kubernetes/pull/111119), [@aramase](https://github.com/aramase))
 - End-to-end testing has been migrated from Ginkgo v1 to v2.

  When running test/e2e via the Ginkgo CLI, the v2 CLI must be used and `-timeout=24h` (or some other, suitable value) must be passed because the default timeout was reduced from 24h to 1h. When running it via `go test`, the corresponding `-args` parameter is `-ginkgo.timeout=24h`. To build the CLI in the Kubernetes repo, use `make all WHAT=github.com/onsi/ginkgo/v2/ginkgo`.
  Ginkgo V2 doesn't accept go test's `-parallel` flags to parallelize Ginkgo specs, please switch to use `ginkgo -p` or `ginkgo -procs=N` instead. ([#109111](https://github.com/kubernetes/kubernetes/pull/109111), [@chendave](https://github.com/chendave)) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage, Testing and Windows]
 - No action required; No API/CLI changed; Add new Windows Image Support ([#110333](https://github.com/kubernetes/kubernetes/pull/110333), [@liurupeng](https://github.com/liurupeng)) [SIG Cloud Provider and Windows]
 - The intree volume plugin flocker support was completely removed from Kubernetes. ([#111618](https://github.com/kubernetes/kubernetes/pull/111618), [@Jiawei0227](https://github.com/Jiawei0227))
 - The intree volume plugin quobyte support has been completely removed from Kubernetes. ([#111619](https://github.com/kubernetes/kubernetes/pull/111619), [@Jiawei0227](https://github.com/Jiawei0227))
 - The intree volume plugin storageos support has been completely removed from Kubernetes. ([#111620](https://github.com/kubernetes/kubernetes/pull/111620), [@Jiawei0227](https://github.com/Jiawei0227))
 - There is a new OCI image registry (`registry.k8s.io`) that can be used to pull Kubernetes images. The old registry (`k8s.gcr.io`) will continue to be supported for the foreseeable future, but the new name should perform better because it frontends equivalent mirrors in other clouds.  Please point your clusters to the new registry going forward. \n\nAdmission/Policy integrations that have an allowlist of registries need to include `registry.k8s.io` alongside `k8s.gcr.io`.\nAir-gapped environments and image garbage-collection configurations will need to update to pre-pull and preserve required images under `registry.k8s.io` as well as `k8s.gcr.io`. ([#109938](https://github.com/kubernetes/kubernetes/pull/109938), [@dims](https://github.com/dims))

## Changes by Kind

### Deprecation

- API server's deprecated `--service-account-api-audiences` flag was removed.  Use `--api-audiences` instead. ([#108624](https://github.com/kubernetes/kubernetes/pull/108624), [@ialidzhikov](https://github.com/ialidzhikov))
- Ginkgo.Measure has been deprecated in Ginkgo V2, switch to use gomega/gmeasure instead ([#111065](https://github.com/kubernetes/kubernetes/pull/111065), [@chendave](https://github.com/chendave)) [SIG Autoscaling and Testing]
- Kube-controller-manager: Removed flags  `deleting-pods-qps`, `deleting-pods-burst`, and `register-retry-count`. ([#109612](https://github.com/kubernetes/kubernetes/pull/109612), [@pandaamanda](https://github.com/pandaamanda))
- Kubeadm: during "upgrade apply/diff/node", in case the `ClusterConfiguration.imageRepository` stored in the "kubeadm-config" `ConfigMap` contains the legacy "k8s.gcr.io" repository, modify it to the new default "registry.k8s.io". Reflect the change in the in-cluster `ConfigMap` only during "upgrade apply". ([#110343](https://github.com/kubernetes/kubernetes/pull/110343), [@neolit123](https://github.com/neolit123))
- Kubeadm: graduated the kubeadm specific feature gate `UnversionedKubeletConfigMap` to GA and locked it to `true` by default. The kubelet related ConfigMap and RBAC rules are now locked to have a simplified naming `*kubelet-config` instead of the legacy naming `*kubelet-config-x.yy`, where `x.yy` was the version of the control plane. If you have previously used the old naming format with `UnversionedKubeletConfigMap=false`, you must manually copy the config map from `kube-system/kubelet-config-x.yy` to `kube-system/kubelet-config` before upgrading to `v1.25`. ([#110327](https://github.com/kubernetes/kubernetes/pull/110327), [@neolit123](https://github.com/neolit123))
- Kubeadm: stop applying the `node-role.kubernetes.io/master:NoSchedule` taint to control plane nodes for new clusters. Remove the taint from existing control plane nodes during "kubeadm upgrade apply" ([#110095](https://github.com/kubernetes/kubernetes/pull/110095), [@neolit123](https://github.com/neolit123))
- Support for the alpha seccomp annotations `seccomp.security.alpha.kubernetes.io/pod` and `container.seccomp.security.alpha.kubernetes.io`, deprecated since v1.19, was partially removed. Kubelets no longer support the annotations, use of the annotations in static pods is no longer supported, and the seccomp annotations are no longer auto-populated when pods with seccomp fields are created. Auto-population of the seccomp fields from the annotations is planned to be removed in 1.27. Pods  should use the corresponding pod or container `securityContext.seccompProfile` field instead. ([#109819](https://github.com/kubernetes/kubernetes/pull/109819), [@saschagrunert](https://github.com/saschagrunert))
- The `gcp` and `azure` auth plugins have been removed from client-go and kubectl. See https://github.com/Azure/kubelogin and https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke ([#110013](https://github.com/kubernetes/kubernetes/pull/110013), [@enj](https://github.com/enj))
- The beta `PodSecurityPolicy` admission plugin, deprecated since 1.21, is removed. Follow the instructions at https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/ to migrate to the built-in PodSecurity admission plugin (or to another third-party  policy webhook) prior to upgrading to v1.25. ([#109798](https://github.com/kubernetes/kubernetes/pull/109798), [@liggitt](https://github.com/liggitt))
- VSphere releases less than 7.0u2 are not supported for in-tree vSphere volume  as of Kubernetes v1.25. Please consider upgrading vSphere (both ESXi and vCenter)  to 7.0u2 or above. ([#111255](https://github.com/kubernetes/kubernetes/pull/111255), [@divyenpatel](https://github.com/divyenpatel))
- Windows winkernel kube-proxy no longer supports Windows HNS v1 APIs. ([#110957](https://github.com/kubernetes/kubernetes/pull/110957), [@papagalu](https://github.com/papagalu))
- GlusterFS provisioner (`kubernetes.io/glusterfs`) has been deprecated in this release. ([#111485](https://github.com/kubernetes/kubernetes/pull/111485), [@humblec](https://github.com/humblec))

### API Change

- Add `NodeInclusionPolicy` to `TopologySpreadConstraints` in PodSpec. ([#108492](https://github.com/kubernetes/kubernetes/pull/108492), [@kerthcet](https://github.com/kerthcet))
- Added KMS v2alpha1 support. ([#111126](https://github.com/kubernetes/kubernetes/pull/111126), [@aramase](https://github.com/aramase))
- Added a deprecated warning for node beta label usage in PV/SC/RC and CSI Storage Capacity. ([#108554](https://github.com/kubernetes/kubernetes/pull/108554), [@pacoxu](https://github.com/pacoxu))
- Added a new feature gate `CheckpointRestore` to enable support to checkpoint containers. If enabled it is possible to checkpoint a container using the newly kubelet API (/checkpoint/{podNamespace}/{podName}/{containerName}). ([#104907](https://github.com/kubernetes/kubernetes/pull/104907), [@adrianreber](https://github.com/adrianreber)) [SIG Node and Testing]
- Added alpha support for user namespaces in pods phase 1 (KEP 127, feature gate: UserNamespacesStatelessPodsSupport) ([#111090](https://github.com/kubernetes/kubernetes/pull/111090), [@rata](https://github.com/rata))
- As of v1.25, the PodSecurity `restricted` level no longer requires pods that set .spec.os.name="windows" to also set Linux-specific securityContext fields. If a 1.25+ cluster has unsupported [out-of-skew](https://kubernetes.io/releases/version-skew-policy/#kubelet) nodes prior to v1.23 and wants to ensure namespaces enforcing the `restricted` policy continue to require Linux-specific securityContext fields on all pods, ensure a version of the `restricted` prior to v1.25 is selected by labeling the namespace (for example, `pod-security.kubernetes.io/enforce-version: v1.24`) ([#105919](https://github.com/kubernetes/kubernetes/pull/105919), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla))
- Changed ownership semantics of PersistentVolume's spec.claimRef from `atomic` to `granular`. ([#110495](https://github.com/kubernetes/kubernetes/pull/110495), [@alexzielenski](https://github.com/alexzielenski))
- Extended ContainerStatus CRI API to allow runtime response with container resource requests and limits that are in effect.
  - UpdateContainerResources CRI API now supports both Linux and Windows. ([#111645](https://github.com/kubernetes/kubernetes/pull/111645), [@vinaykul](https://github.com/vinaykul))
- For v1.25, Kubernetes will be using Golang 1.19, In this PR the version is updated to 1.19rc2 as GA is not yet available. ([#111254](https://github.com/kubernetes/kubernetes/pull/111254), [@dims](https://github.com/dims))
- Introduced NodeIPAM support for multiple ClusterCIDRs ([#2593](https://github.com/kubernetes/enhancements/issues/2593)) as an alpha feature.
  Set feature gate `MultiCIDRRangeAllocator=true`, determines whether the `MultiCIDRRangeAllocator` controller can be used, while the kube-controller-manager flag below will pick the active controller.
  Enabled the `MultiCIDRRangeAllocator` by setting `--cidr-allocator-type=MultiCIDRRangeAllocator` flag in kube-controller-manager. ([#109090](https://github.com/kubernetes/kubernetes/pull/109090), [@sarveshr7](https://github.com/sarveshr7))
- Introduced PodHasNetwork condition for pods. ([#111358](https://github.com/kubernetes/kubernetes/pull/111358), [@ddebroy](https://github.com/ddebroy))
- Introduced support for handling pod failures with respect to the configured pod failure policy rules. ([#111113](https://github.com/kubernetes/kubernetes/pull/111113), [@mimowo](https://github.com/mimowo))
- Introduction of the `DisruptionTarget` pod condition type. Its `reason` field indicates the reason for pod termination:
  - PreemptionByKubeScheduler (Pod preempted by kube-scheduler)
  - DeletionByTaintManager (Pod deleted by taint manager due to NoExecute taint)
  - EvictionByEvictionAPI (Pod evicted by Eviction API)
  - DeletionByPodGC (an orphaned Pod deleted by PodGC) ([#110959](https://github.com/kubernetes/kubernetes/pull/110959), [@mimowo](https://github.com/mimowo))
- Kube-Scheduler ComponentConfig is graduated to GA, `kubescheduler.config.k8s.io/v1` is available now.
  Plugin `SelectorSpread` is removed in v1. ([#110534](https://github.com/kubernetes/kubernetes/pull/110534), [@kerthcet](https://github.com/kerthcet))
- Local Storage Capacity Isolation feature is GA in 1.25 release. For systems (rootless) that cannot check root file system, please use kubelet config --local-storage-capacity-isolation=false to disable this feature. Once disabled, pod cannot set local ephemeral storage request/limit, and emptyDir sizeLimit niether. ([#111513](https://github.com/kubernetes/kubernetes/pull/111513), [@jingxu97](https://github.com/jingxu97))
- Make PodSpec.Ports' description clearer on how this information is only informational and how it can be incorrect. ([#110564](https://github.com/kubernetes/kubernetes/pull/110564), [@j4m3s-s](https://github.com/j4m3s-s)) [SIG API Machinery, Network and Node]
- On compatible systems, a mounter's Unmount implementation is changed to not return an error when the specified target can be detected as not a mount point. On Linux, the behavior of detecting a mount point depends on `umount` command is validated when the mounter is created. Additionally, mount point checks will be skipped in CleanupMountPoint/CleanupMountWithForce if the mounter's Unmount having the changed behavior of not returning error when target is not a mount point. ([#109676](https://github.com/kubernetes/kubernetes/pull/109676), [@cartermckinnon](https://github.com/cartermckinnon)) [SIG Storage]
- PersistentVolumeClaim objects are no longer left with storage class set to `nil` forever, but will be updated retroactively once any StorageClass is set or created as default. ([#111467](https://github.com/kubernetes/kubernetes/pull/111467), [@RomanBednar](https://github.com/RomanBednar))
- Promote StatefulSet minReadySeconds to GA. This means `--feature-gates=StatefulSetMinReadySeconds=true` are not needed on kube-apiserver and kube-controller-manager binaries and they'll be removed soon following policy at https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation ([#110896](https://github.com/kubernetes/kubernetes/pull/110896), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG API Machinery, Apps and Testing]
- Promoted CronJob's TimeZone support to beta. ([#111435](https://github.com/kubernetes/kubernetes/pull/111435), [@soltysh](https://github.com/soltysh))
- Promoted DaemonSet MaxSurge to GA. This means `--feature-gates=DaemonSetUpdateSurge=true` are not needed on kube-apiserver and kube-controller-manager binaries and they'll be removed soon following policy at https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation . ([#111194](https://github.com/kubernetes/kubernetes/pull/111194), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla))
- Scheduler: included supported ScoringStrategyType list in error message for NodeResourcesFit plugin ([#111206](https://github.com/kubernetes/kubernetes/pull/111206), [@SataQiu](https://github.com/SataQiu))
- The Go API for logging configuration in `k8s.io/component-base` was moved to `k8s.io/component-base/logs/api/v1`. The configuration file format and command line flags are the same as before. ([#105797](https://github.com/kubernetes/kubernetes/pull/105797), [@pohly](https://github.com/pohly))
- The Pod `spec.podOS` field is promoted to GA. The `IdentifyPodOS` feature gate unconditionally enabled, and will no longer be accepted as a `--feature-gates` parameter in 1.27. ([#111229](https://github.com/kubernetes/kubernetes/pull/111229), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla))
- The PodTopologySpread is respected after rolling upgrades. ([#111441](https://github.com/kubernetes/kubernetes/pull/111441), [@denkensk](https://github.com/denkensk))
- The `CSIInlineVolume` feature has moved from beta to GA. ([#111258](https://github.com/kubernetes/kubernetes/pull/111258), [@dobsonj](https://github.com/dobsonj))
- The `PodSecurity` admission plugin has graduated to GA and is enabled by default. The admission configuration version has been promoted to `pod-security.admission.config.k8s.io/v1`. ([#110459](https://github.com/kubernetes/kubernetes/pull/110459), [@wangyysde](https://github.com/wangyysde))
- The `endPort` field in Network Policy is now promoted to GA

  Network Policy providers that support `endPort` field now can use it to specify a range of ports to apply a Network Policy.

  Previously, each Network Policy could only target a single port.

  Please be aware that `endPort` field MUST BE SUPPORTED by the Network Policy provider. In case your provider does not support `endPort` and this field is specified in a Network Policy, the Network Policy will be created covering only the port field (single port). ([#110868](https://github.com/kubernetes/kubernetes/pull/110868), [@rikatz](https://github.com/rikatz))
- The `metadata.clusterName` field is completely removed. This should not have any user-visible impact. ([#109602](https://github.com/kubernetes/kubernetes/pull/109602), [@lavalamp](https://github.com/lavalamp))
- The `minDomains` field in Pod Topology Spread is graduated to beta ([#110388](https://github.com/kubernetes/kubernetes/pull/110388), [@sanposhiho](https://github.com/sanposhiho)) [SIG API Machinery and Apps]
- The command line flag `enable-taint-manager` for kube-controller-manager is deprecated and will be removed in 1.26. The feature that it supports, taint based eviction, is enabled by default and will continue to be implicitly enabled when the flag is removed. ([#111411](https://github.com/kubernetes/kubernetes/pull/111411), [@alculquicondor](https://github.com/alculquicondor))
- This release added support for `NodeExpandSecret` for CSI driver client which enables the CSI drivers to make use of this secret while performing node expansion operation based on the user request. Previously there was no secret  provided as part of the `nodeexpansion` call, thus CSI drivers did not make use of the same while expanding the volume at the node side. ([#105963](https://github.com/kubernetes/kubernetes/pull/105963), [@zhucan](https://github.com/zhucan))
- [Ephemeral Containers](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/) are now generally available (GA). The `EphemeralContainers` feature gate is always enabled and should be removed from `--feature-gates` flag on the kube-apiserver and the kubelet command lines. The `EphemeralContainers` feature gate is [deprecated and scheduled for removal](https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation)  in a future release. ([#111402](https://github.com/kubernetes/kubernetes/pull/111402), [@verb](https://github.com/verb))

### Feature

- Added KMS `v2alpha1` API. ([#110201](https://github.com/kubernetes/kubernetes/pull/110201), [@aramase](https://github.com/aramase))
- Added Service Account field in the output of `kubectl describe pod` command. ([#111192](https://github.com/kubernetes/kubernetes/pull/111192), [@aufarg](https://github.com/aufarg))
- Added a new `align-by-socket` policy option to cpu manager `static` policy.  When enabled CPU's to be aligned at socket boundary rather than NUMA boundary. ([#111278](https://github.com/kubernetes/kubernetes/pull/111278), [@arpitsardhana](https://github.com/arpitsardhana))
- Added container probe duration metrics. ([#104484](https://github.com/kubernetes/kubernetes/pull/104484), [@jackfrancis](https://github.com/jackfrancis))
- Added new flags into alpha events such as --output, --types, --no-headers. ([#110007](https://github.com/kubernetes/kubernetes/pull/110007), [@ardaguclu](https://github.com/ardaguclu))
- Added sum feature to `kubectl top pod` ([#105100](https://github.com/kubernetes/kubernetes/pull/105100), [@lauchokyip](https://github.com/lauchokyip))
- Added the `Apply` and `ApplyStatus` methods to the dynamic `ResourceInterface` ([#109443](https://github.com/kubernetes/kubernetes/pull/109443), [@kevindelgado](https://github.com/kevindelgado))
- Feature gate `CSIMigration` was locked to enabled. `CSIMigration` is GA now. The feature gate will be removed in `v1.27`. ([#110410](https://github.com/kubernetes/kubernetes/pull/110410), [@Jiawei0227](https://github.com/Jiawei0227))
- Feature gate `ProbeTerminationGracePeriod` is enabled by default. ([#108541](https://github.com/kubernetes/kubernetes/pull/108541), [@kerthcet](https://github.com/kerthcet))
- Ginkgo: when e2e tests are invoked through ginkgo-e2e.sh, the default now is to use color escape sequences only when connected to a terminal. `GINKGO_NO_COLOR=y/n` can be used to override that default. ([#111633](https://github.com/kubernetes/kubernetes/pull/111633), [@pohly](https://github.com/pohly))
- Graduated SeccompDefault to `beta`. The Kubelet feature gate is now enabled by default and the configuration/CLI flag still defaults to `false`. ([#110805](https://github.com/kubernetes/kubernetes/pull/110805), [@saschagrunert](https://github.com/saschagrunert)) [SIG Node and Testing]
- Graduated ServerSideFieldValidation to `beta`. Schema validation is performed server-side and requests will receive warnings for any invalid/unknown fields by default. ([#110178](https://github.com/kubernetes/kubernetes/pull/110178), [@kevindelgado](https://github.com/kevindelgado)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing]
- Graduated `CustomResourceValidationExpressions` to `beta`. The `CustomResourceValidationExpressions` feature gate is now enabled by default. ([#111524](https://github.com/kubernetes/kubernetes/pull/111524), [@cici37](https://github.com/cici37))
- Graduated `ServiceIPStaticSubrange` feature to Beta (disabled by default). ([#110419](https://github.com/kubernetes/kubernetes/pull/110419), [@aojea](https://github.com/aojea))
- If a Pod has a DisruptionTarget condition with status=True for more than 2 minutes without getting a DeletionTimestamp, the control plane resets it to status=False. ([#111475](https://github.com/kubernetes/kubernetes/pull/111475), [@alculquicondor](https://github.com/alculquicondor))
- In "large" clusters, kube-proxy in iptables mode will now sometimes
  leave unused rules in iptables for a while (up to `--iptables-sync-period`)
  before deleting them. This improves performance by not requiring it to
  check for stale rules on every sync. (In smaller clusters, it will still
  remove unused rules immediately once they are no longer used.)

  (The threshold for "large" used here is currently "1000 endpoints" but
  this is subject to change.) ([#110334](https://github.com/kubernetes/kubernetes/pull/110334), [@danwinship](https://github.com/danwinship))
- Kube-up now includes CoreDNS version v1.9.3. ([#110488](https://github.com/kubernetes/kubernetes/pull/110488), [@mzaian](https://github.com/mzaian))
- Kubeadm: Added support for additional authentication strategies in `kubeadm join` with discovery/kubeconfig file: client-go authentication plugins (`exec`), `tokenFile`, and `authProvider.` ([#110553](https://github.com/kubernetes/kubernetes/pull/110553), [@tallaxes](https://github.com/tallaxes))
- Kubeadm: Update CoreDNS to v1.9.3. ([#110489](https://github.com/kubernetes/kubernetes/pull/110489), [@pacoxu](https://github.com/pacoxu))
- Kubeadm: added support for the flag `--print-manifest` to the addon phases `kube-proxy` and `coredns` of `kubeadm init phase addon`. If this flag is `usedkubeadm` will not apply a given addon and instead print to the terminal the API objects that will be applied. ([#109995](https://github.com/kubernetes/kubernetes/pull/109995), [@wangyysde](https://github.com/wangyysde))
- Kubeadm: enhanced the "patches" functionality to be able to patch kubelet config files containing `v1beta1.KubeletConfiguration`. The new patch target is called `kubeletconfiguration` (e.g. patch file `kubeletconfiguration+json.json`).This makes it possible to apply node specific KubeletConfiguration options during `init`, `join` and `upgrade`, while the main `KubeletConfiguration` that is passed to `init` as part of the `--config` file can still act as the global stored in the cluster `KubeletConfiguration`. ([#110405](https://github.com/kubernetes/kubernetes/pull/110405), [@neolit123](https://github.com/neolit123))
- Kubeadm: make sure the etcd static pod startup probe uses /health?serializable=false while the liveness probe uses /health?serializable=true&exclude=NOSPACE. The NOSPACE exclusion would allow administrators to address space issues one member at a time. ([#110744](https://github.com/kubernetes/kubernetes/pull/110744), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
- Kubeadm: modified the etcd static Pod `liveness` and `readiness` probes to use a new etcd `v3.5.3+` HTTP(s) health check endpoint `/health?serializable=true` that allows to track the health of individual etcd members and not fail all members if a single member is not healthy in the etcd cluster. ([#110072](https://github.com/kubernetes/kubernetes/pull/110072), [@neolit123](https://github.com/neolit123))
- Kubeadm: support experimental JSON/YAML output for `kubeadm upgrade plan` with the `--output` flag. ([#108447](https://github.com/kubernetes/kubernetes/pull/108447), [@pacoxu](https://github.com/pacoxu))
- Kubeadm: the preferred pod anti-affinity for CoreDNS is now enabled by default. ([#110593](https://github.com/kubernetes/kubernetes/pull/110593), [@SataQiu](https://github.com/SataQiu))
- Kubectl: support multiple resources for kubectl rollout status. ([#108777](https://github.com/kubernetes/kubernetes/pull/108777), [@pjo256](https://github.com/pjo256))
- Kubernetes is now built with Golang 1.18.2. ([#110043](https://github.com/kubernetes/kubernetes/pull/110043), [@cpanato](https://github.com/cpanato))
- Kubernetes is now built with Golang 1.18.3 ([#110421](https://github.com/kubernetes/kubernetes/pull/110421), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]
- Kubernetes is now built with Golang 1.19.0. ([#111679](https://github.com/kubernetes/kubernetes/pull/111679), [@puerco](https://github.com/puerco))
- Lock CSIMigrationAzureDisk feature gate to default. ([#110491](https://github.com/kubernetes/kubernetes/pull/110491), [@andyzhangx](https://github.com/andyzhangx))
- Metric `running_managed_controllers` is enabled for Cloud Node Lifecycle controller. ([#111033](https://github.com/kubernetes/kubernetes/pull/111033), [@jprzychodzen](https://github.com/jprzychodzen))
- Metric `running_managed_controllers` is enabled for Node IPAM controller in KCM. ([#111466](https://github.com/kubernetes/kubernetes/pull/111466), [@jprzychodzen](https://github.com/jprzychodzen))
- Metric `running_managed_controllers` is enabled for Route,Service and Cloud Node controllers in KCM and CCM. ([#111462](https://github.com/kubernetes/kubernetes/pull/111462), [@jprzychodzen](https://github.com/jprzychodzen))
- New `KUBECACHEDIR` environment variable was introduced to override default discovery cache directory which is `$HOME/.kube/cache`. ([#109479](https://github.com/kubernetes/kubernetes/pull/109479), [@ardaguclu](https://github.com/ardaguclu))
- Pod SecurityContext and PodSecurityPolicy supports slash as sysctl separator. ([#106834](https://github.com/kubernetes/kubernetes/pull/106834), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG Apps, Architecture, Auth, Node, Security and Testing]
- Promoted LocalStorageCapacityIsolationFSQuotaMonitoring to beta. ([#107329](https://github.com/kubernetes/kubernetes/pull/107329), [@pacoxu](https://github.com/pacoxu))
- Promoted the `CSIMigrationPortworx` feature gate to Beta. ([#110411](https://github.com/kubernetes/kubernetes/pull/110411), [@trierra](https://github.com/trierra))
- Return a warning when applying a `pod-security.kubernetes.io` label to a PodSecurity-exempted namespace.
  Stop including the `pod-security.kubernetes.io/exempt=namespace` audit annotation on namespace requests. ([#109680](https://github.com/kubernetes/kubernetes/pull/109680), [@tallclair](https://github.com/tallclair))
- The  new flag `etcd-ready-timeout` has been added. It configures a timeout of an additional etcd check performed as part of readyz check. ([#111399](https://github.com/kubernetes/kubernetes/pull/111399), [@Argh4k](https://github.com/Argh4k))
- The TopologySpreadConstraints will be shown in describe command for pods, deployments, daemonsets, etc. ([#109563](https://github.com/kubernetes/kubernetes/pull/109563), [@ardaguclu](https://github.com/ardaguclu))
- The `kubectl diff` changed to ignore managed fields by default, and a new --show-managed-fields flag has been added to allow you to include managed fields in the diff. ([#111319](https://github.com/kubernetes/kubernetes/pull/111319), [@brianpursley](https://github.com/brianpursley))
- The beta feature `ServiceIPStaticSubrange` is now enabled by default. ([#110703](https://github.com/kubernetes/kubernetes/pull/110703), [@aojea](https://github.com/aojea))
- Updated base image for Windows pause container images to one built on Windows machines to address limitations of building Windows container images on Linux machines. ([#110379](https://github.com/kubernetes/kubernetes/pull/110379), [@marosset](https://github.com/marosset))
- Updated cAdvisor to v0.45.0. ([#111647](https://github.com/kubernetes/kubernetes/pull/111647), [@bobbypage](https://github.com/bobbypage))
- Updated debian-base, debian-iptables, and setcap images:
  - debian-base:bullseye-v1.3.0
  - debian-iptables:bullseye-v1.4.0
  - setcap:bullseye-v1.3.0 ([#110558](https://github.com/kubernetes/kubernetes/pull/110558), [@wespanther](https://github.com/wespanther))
- When using the OpenStack legacy cloud provider, kubelet and KCM will ignore unknown configuration directives rather than failing to start. ([#109709](https://github.com/kubernetes/kubernetes/pull/109709), [@mdbooth](https://github.com/mdbooth))
- ` JobTrackingWithFinalizers` enabled by default. This feature allows to keep track of the Job progress without relying on Pods staying in the apiserver.
   ([#110948](https://github.com/kubernetes/kubernetes/pull/110948), [@alculquicondor](https://github.com/alculquicondor))
- `CSIMigrationAWS` upgraded to GA and locked to true.
   ([#111479](https://github.com/kubernetes/kubernetes/pull/111479), [@wongma7](https://github.com/wongma7))
- `CSIMigrationGCE` upgraded to GA and locked to true.
   ([#111301](https://github.com/kubernetes/kubernetes/pull/111301), [@mattcary](https://github.com/mattcary))
- `CSIMigrationvSphere` feature is now enabled by default.
   ([#103523](https://github.com/kubernetes/kubernetes/pull/103523), [@divyenpatel](https://github.com/divyenpatel))
- `MaxUnavailable` for `StatefulSets`, allows faster `RollingUpdate` by taking down more than 1 pod at a time.
  The number of pods you want to take down during a `RollingUpdate` is configurable using `maxUnavailable` parameter.
   ([#109251](https://github.com/kubernetes/kubernetes/pull/109251), [@krmayankk](https://github.com/krmayankk))
- The `gcp` and `azure` auth plugins have been restored to client-go and kubectl until https://issue.k8s.io/111911 is resolved in supported kubectl minor versions. ([#111918](https://github.com/kubernetes/kubernetes/pull/111918), [@liggitt](https://github.com/liggitt))

### Documentation

- EndpointSlices with Pod referencing Nodes that don't exist couldn't be created or updated. The behavior on the EndpointSlice controller has been modified to update the EndpointSlice without the Pods that reference non-existing Nodes and keep retrying until all Pods reference existing Nodes. However, if `service.Spec.PublishNotReadyAddresses` is set, all the Pods are published without retrying. Fixed EndpointSlices metrics to reflect correctly the number of desired EndpointSlices when no endpoints are present. ([#110639](https://github.com/kubernetes/kubernetes/pull/110639), [@aojea](https://github.com/aojea))
- Optimization of kubectl Chinese translation ([#110538](https://github.com/kubernetes/kubernetes/pull/110538), [@hwdef](https://github.com/hwdef)) [SIG CLI]

### Failing Test

- E2e tests: fixed bug in the e2e image `agnhost:2.38` which hangs instead of exiting if a `SIGTERM` signal is received and the `shutdown-delay` option is `0`. ([#110214](https://github.com/kubernetes/kubernetes/pull/110214), [@aojea](https://github.com/aojea))
- In-tree GCE PD test cases no longer run in Kubernetes testing harness anymore (side effect of switching on CSI migration in 1.22). Please switch on the environment variable `ENABLE_STORAGE_GCE_PD_DRIVER` to `yes` if you need to run these tests. ([#109541](https://github.com/kubernetes/kubernetes/pull/109541), [@dims](https://github.com/dims))

### Bug or Regression

- A bug was fixed where a job sync was not retried in case of a transient ResourceQuota conflict. ([#111026](https://github.com/kubernetes/kubernetes/pull/111026), [@alculquicondor](https://github.com/alculquicondor))
- A change of a failed job condition status to `False` does not result in duplicate  conditions. ([#110292](https://github.com/kubernetes/kubernetes/pull/110292), [@mimowo](https://github.com/mimowo))
- Added error message "dry-run can not be used when --force is set" when dry-run and force flags are set in replace command. ([#110326](https://github.com/kubernetes/kubernetes/pull/110326), [@ardaguclu](https://github.com/ardaguclu))
- Added the latest GCE pinhole firewall feature, which introduces `destination-ranges` in the ingress `firewall-rules`. It restricts access to the backend IPs by allowing traffic through `ILB` or `NetLB` only. This change does **NOT** change the existing `ILB` or `NetLB` behavior. ([#109510](https://github.com/kubernetes/kubernetes/pull/109510), [@sugangli](https://github.com/sugangli))
- Allow expansion of ephemeral volumes ([#109987](https://github.com/kubernetes/kubernetes/pull/109987), [@gnufied](https://github.com/gnufied)) [SIG Node and Storage]
- Apiserver: fixed audit of loading more than one webhooks. ([#110145](https://github.com/kubernetes/kubernetes/pull/110145), [@sxllwx](https://github.com/sxllwx))
- Bug fix in test/e2e/framework  Framework.RecordFlakeIfError ([#111048](https://github.com/kubernetes/kubernetes/pull/111048), [@alingse](https://github.com/alingse)) [SIG Testing]
- Client-go: fixed an error in the fake client when creating API requests are submitted to subresources like `pods/eviction`. ([#110425](https://github.com/kubernetes/kubernetes/pull/110425), [@LY-today](https://github.com/LY-today))
- Do not raise an error when setting a label with the same value, ignore it. ([#105936](https://github.com/kubernetes/kubernetes/pull/105936), [@zigarn](https://github.com/zigarn))
- Do not report terminated container metrics ([#110950](https://github.com/kubernetes/kubernetes/pull/110950), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Node]
- EndpointSlices marked for deletion are now ignored during reconciliation. ([#109624](https://github.com/kubernetes/kubernetes/pull/109624), [@aryan9600](https://github.com/aryan9600))
- Etcd: Update to v3.5.4 ([#110033](https://github.com/kubernetes/kubernetes/pull/110033), [@mk46](https://github.com/mk46)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing]
- Faster mount detection for linux kernel 5.10+ using openat2 speeding up pod churn rates. On Kernel versions less 5.10, it will fallback to using the original way of detecting mount points i.e by parsing /proc/mounts. ([#109217](https://github.com/kubernetes/kubernetes/pull/109217), [@manugupt1](https://github.com/manugupt1))
- FibreChannel volume plugin may match the wrong device and wrong associated devicemapper parent. This may cause a disaster that pods attach wrong disks. ([#110719](https://github.com/kubernetes/kubernetes/pull/110719), [@xakdwch](https://github.com/xakdwch))
- Fix a bug where CRI implementations that use cAdvisor stats provider (CRI-O) don't evict pods when their logs exceed ephemeral storage limit. ([#108115](https://github.com/kubernetes/kubernetes/pull/108115), [@haircommander](https://github.com/haircommander)) [SIG Node]
- Fix a bug where metrics are not recorded during Preemption(PostFilter). ([#108727](https://github.com/kubernetes/kubernetes/pull/108727), [@sanposhiho](https://github.com/sanposhiho)) [SIG Scheduling]
- Fix a data race in authentication between AuthenticatedGroupAdder and cached token authenticator. ([#109969](https://github.com/kubernetes/kubernetes/pull/109969), [@sttts](https://github.com/sttts)) [SIG API Machinery and Auth]
- Fix bug that prevented the job controller from enforcing activeDeadlineSeconds when set. ([#110294](https://github.com/kubernetes/kubernetes/pull/110294), [@harshanarayana](https://github.com/harshanarayana))
- Fix for volume reconstruction of CSI ephemeral volumes ([#108997](https://github.com/kubernetes/kubernetes/pull/108997), [@dobsonj](https://github.com/dobsonj)) [SIG Node, Storage and Testing]
- Fix incorrectly report scope for request_duration_seconds and request_slo_duration_seconds metrics for POST custom resources API calls. ([#110009](https://github.com/kubernetes/kubernetes/pull/110009), [@azylinski](https://github.com/azylinski)) [SIG Instrumentation]
- Fix printing resources with int64 fields ([#110408](https://github.com/kubernetes/kubernetes/pull/110408), [@tkashem](https://github.com/tkashem)) [SIG API Machinery]
- Fix spurious kube-apiserver log warnings related to openapi v3 merging when creating or modifying CustomResourceDefinition objects ([#109880](https://github.com/kubernetes/kubernetes/pull/109880), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery and Testing]
- Fix the bug that reported incorrect metrics for the cluster IP allocator. ([#110027](https://github.com/kubernetes/kubernetes/pull/110027), [@tksm](https://github.com/tksm))
- Fixed JobTrackingWithFinalizers when a pod succeeds after the job is considered failed, which led to API conflicts that blocked finishing the job. ([#111646](https://github.com/kubernetes/kubernetes/pull/111646), [@alculquicondor](https://github.com/alculquicondor))
- Fixed `JobTrackingWithFinalizers` that:
  - was declaring a job finished before counting all the created pods in the status
  - was leaving pods with finalizers, blocking pod and job deletions
   `JobTrackingWithFinalizers` is still disabled by default. ([#109486](https://github.com/kubernetes/kubernetes/pull/109486), [@alculquicondor](https://github.com/alculquicondor))
- Fixed `NeedResize` build failure on Windows. ([#109721](https://github.com/kubernetes/kubernetes/pull/109721), [@andyzhangx](https://github.com/andyzhangx))
- Fixed a bug in `kubectl` that caused the wrong result length when using `--chunk-size` and `--selector` together. ([#110652](https://github.com/kubernetes/kubernetes/pull/110652), [@Abirdcfly](https://github.com/Abirdcfly))
- Fixed a bug involving Services of type `LoadBalancer` with multiple IPs and a `LoadBalancerSourceRanges` that overlaps the node IP. ([#109826](https://github.com/kubernetes/kubernetes/pull/109826), [@danwinship](https://github.com/danwinship))
- Fixed a bug which could have allowed an improperly annotated LoadBalancer service to become active. ([#109601](https://github.com/kubernetes/kubernetes/pull/109601), [@mdbooth](https://github.com/mdbooth))
- Fixed a kubelet issue that could result in invalid pod status updates to be sent to the api-server where pods would be reported in a terminal phase but also report a ready condition of true in some cases. ([#110256](https://github.com/kubernetes/kubernetes/pull/110256), [@bobbypage](https://github.com/bobbypage))
- Fixed an issue on Windows nodes where `HostProcess` containers may not be created as expected. ([#110140](https://github.com/kubernetes/kubernetes/pull/110140), [@marosset](https://github.com/marosset))
- Fixed bug where CSI migration doesn't count inline volumes for attach limit. ([#107787](https://github.com/kubernetes/kubernetes/pull/107787), [@Jiawei0227](https://github.com/Jiawei0227))
- Fixed error "dbus: connection closed by user" after dbus daemon restarts. ([#110496](https://github.com/kubernetes/kubernetes/pull/110496), [@kolyshkin](https://github.com/kolyshkin))
- Fixed image pull failure when `IMDS` is unavailable in kubelet startup. ([#110523](https://github.com/kubernetes/kubernetes/pull/110523), [@andyzhangx](https://github.com/andyzhangx))
- Fixed memory leak in the job controller related to `JobTrackingWithFinalizers`. ([#111721](https://github.com/kubernetes/kubernetes/pull/111721), [@alculquicondor](https://github.com/alculquicondor))
- Fixed mounting of iSCSI volumes over IPv6 networks. ([#110688](https://github.com/kubernetes/kubernetes/pull/110688), [@jsafrane](https://github.com/jsafrane))
- Fixed performance issue when creating large objects using SSA with fully unspecified schemas ( preserveUnknownFields ). ([#111557](https://github.com/kubernetes/kubernetes/pull/111557), [@alexzielenski](https://github.com/alexzielenski))
- Fixed s.RuntimeCgroups error condition and Fixed possible wrong log print. ([#110648](https://github.com/kubernetes/kubernetes/pull/110648), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085))
- Fixed scheduling of **CronJob** with `@every X` schedules. ([#109250](https://github.com/kubernetes/kubernetes/pull/109250), [@d-honeybadger](https://github.com/d-honeybadger))
- Fixed strict server-side field validation treating `metadata` fields as unknown fields. ([#109268](https://github.com/kubernetes/kubernetes/pull/109268), [@liggitt](https://github.com/liggitt))
- Fixed the GCE firewall update when the destination IPs are changing so that firewalls reflect the IP updates of the LBs. ([#111186](https://github.com/kubernetes/kubernetes/pull/111186), [@sugangli](https://github.com/sugangli))
- Fixed the bug that a `ServiceIPStaticSubrange` enabled cluster assigns duplicate IP addresses when the dynamic block is exhausted. ([#109928](https://github.com/kubernetes/kubernetes/pull/109928), [@tksm](https://github.com/tksm))
- For scheduler plugin developers: the scheduler framework's shared PodInformer is now initialized with empty indexers. This enables scheduler plugins to add their extra indexers. Note that only non-conflict indexers are allowed to be added. ([#110663](https://github.com/kubernetes/kubernetes/pull/110663), [@fromanirh](https://github.com/fromanirh)) [SIG Scheduling]
- If the parent directory of the file specified in the `--audit-log-path` argument does not exist, Kubernetes now creates it. ([#110813](https://github.com/kubernetes/kubernetes/pull/110813), [@vpnachev](https://github.com/vpnachev)) [SIG Auth]
- Informer/reflector callers can now catch and unwrap specific API errors by type. ([#110076](https://github.com/kubernetes/kubernetes/pull/110076), [@karlkfi](https://github.com/karlkfi))
- Kube-apiserver: Get, GetList and Watch requests that should be served by the apiserver cacher during shutdown will be rejected to avoid a deadlock situation leaving requests hanging. ([#108414](https://github.com/kubernetes/kubernetes/pull/108414), [@aojea](https://github.com/aojea))
- Kubeadm: Fixed duplicate `unix://` prefix in node annotation. ([#110656](https://github.com/kubernetes/kubernetes/pull/110656), [@pacoxu](https://github.com/pacoxu))
- Kubeadm: a bug was fixed due to which configurable `KubernetesVersion` was not being respected during kubeadm join. ([#110791](https://github.com/kubernetes/kubernetes/pull/110791), [@SataQiu](https://github.com/SataQiu))
- Kubeadm: enabled the --experimental-watch-progress-notify-interval flag for etcd and set it to 5s. The flag specifies an interval at which etcd sends watch data to the kube-apiserver. ([#111383](https://github.com/kubernetes/kubernetes/pull/111383), [@p0lyn0mial](https://github.com/p0lyn0mial))
- Kubeadm: now sets the host `OS` environment variables when executing `crictl` during image pulls. This fixed a bug where `*PROXY` environment variables did not affect `crictl` internet connectivity. ([#110134](https://github.com/kubernetes/kubernetes/pull/110134), [@mk46](https://github.com/mk46))
- Kubeadm: only taint control plane nodes when the legacy "master" taint is present. This avoids the bug where "kubeadm upgrade" will re-taint a control plane  node with the new "control plane" taint even if the user explicitly untainted the node. ([#109840](https://github.com/kubernetes/kubernetes/pull/109840), [@neolit123](https://github.com/neolit123))
- Kubeadm: respect user specified image repository when using Kubernetes ci version ([#111017](https://github.com/kubernetes/kubernetes/pull/111017), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
- Kubeadm: support retry mechanism for removing container in reset phase ([#110837](https://github.com/kubernetes/kubernetes/pull/110837), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
- Kubelet: added log for volume metric collection taking too long ([#107490](https://github.com/kubernetes/kubernetes/pull/107490), [@pacoxu](https://github.com/pacoxu))
- Kubelet: added retry of checking Unix domain sockets on Windows nodes for the plugin registration mechanism. ([#110075](https://github.com/kubernetes/kubernetes/pull/110075), [@luckerby](https://github.com/luckerby))
- Kubelet: added validation for labels provided with --node-labels. Malformed labels will result in errors. ([#109263](https://github.com/kubernetes/kubernetes/pull/109263), [@FeLvi-zzz](https://github.com/FeLvi-zzz))
- Kubelet: wait for node allocatable ephemeral-storage data. ([#101882](https://github.com/kubernetes/kubernetes/pull/101882), [@jackfrancis](https://github.com/jackfrancis))
- Kubernetes now correctly handles "search ." in the host's resolv.conf file by preserving the "." entry in the "resolv.conf" that the kubelet writes to pods. ([#109441](https://github.com/kubernetes/kubernetes/pull/109441), [@Miciah](https://github.com/Miciah)) [SIG Network and Node]
- Made usage of key encipherment optional in API validation. ([#111061](https://github.com/kubernetes/kubernetes/pull/111061), [@pacoxu](https://github.com/pacoxu))
- ManagedFields time is correctly updated when the value of a managed field is modified. ([#110058](https://github.com/kubernetes/kubernetes/pull/110058), [@glebiller](https://github.com/glebiller))
- OpenAPI will no longer duplicate these schemas:
  - `io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions_v2`
  - `io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2`
  - `io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference_v2`
  - `io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails_v2`
  - `io.k8s.apimachinery.pkg.apis.meta.v1.Status_v2` ([#110179](https://github.com/kubernetes/kubernetes/pull/110179), [@Jefftree](https://github.com/Jefftree))
- Panics while calling validating admission webhook are caught and honor the fail open or fail closed setting. ([#108746](https://github.com/kubernetes/kubernetes/pull/108746), [@deads2k](https://github.com/deads2k)) [SIG API Machinery]
- Pods now post their `readiness` during termination. ([#110191](https://github.com/kubernetes/kubernetes/pull/110191), [@rphillips](https://github.com/rphillips))
- Reduced duration to sync proxy rules on Windows `kube-proxy` when using `kernelspace` mode. ([#109124](https://github.com/kubernetes/kubernetes/pull/109124), [@daschott](https://github.com/daschott))
- Reduced the number of cloud API calls and service downtime caused by excessive re-configurations of cluster LBs with externalTrafficPolicy=Local when node readiness changes (https://github.com/kubernetes/kubernetes/issues/111539). The service controller (in cloud-controller-manager) will avoid resyncing nodes which are transitioning between `Ready` / `NotReady` (only for ETP=Local Services).  The LBs used for these services will solely rely on the health check probe defined by the `healthCheckNodePort` to determine if a particular node is to be used for traffic load balancing. ([#109706](https://github.com/kubernetes/kubernetes/pull/109706), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu))
- Removed the recently re-introduced schedulability predicate ([#109706](https://github.com/kubernetes/kubernetes/pull/109706)) as to not have unschedulable nodes removed from load balancers back-end pools. ([#111691](https://github.com/kubernetes/kubernetes/pull/111691), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu))
- Removed unused flags from `kubectl run` command. ([#110668](https://github.com/kubernetes/kubernetes/pull/110668), [@brianpursley](https://github.com/brianpursley))
- Run kubelet, when there is an error exit, print the error log. ([#110691](https://github.com/kubernetes/kubernetes/pull/110691), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085))
- The `priority_level_request_utilization` metric histogram is adjusted so that for the cases where `phase=waiting` the denominator is the cumulative capacity of all of the priority level's queues.
   The `read_vs_write_current_requests` metric histogram is adjusted, in the case of using API Priority and Fairness instead of max-in-flight, to divide by the relevant limit: sum of queue capacities for waiting requests, sum of seat limits for executing requests. ([#110164](https://github.com/kubernetes/kubernetes/pull/110164), [@MikeSpreitzer](https://github.com/MikeSpreitzer))
- The commands `kubeadm certs renew` and `kubeadm certs check-expiration` now honor the `cert-dir` flag on a running Kubernetes cluster. ([#110709](https://github.com/kubernetes/kubernetes/pull/110709), [@chendave](https://github.com/chendave))
- The kube-proxy `sync_proxy_rules_no_endpoints_total` metric now only counts local-traffic-policy services which have remote endpoints but not local endpoints. ([#109782](https://github.com/kubernetes/kubernetes/pull/109782), [@danwinship](https://github.com/danwinship))
- The namespace editors and admins can now create leases.coordination.k8s.io and should use this type for leaderelection instead of configmaps. ([#111472](https://github.com/kubernetes/kubernetes/pull/111472), [@deads2k](https://github.com/deads2k))
- The node annotation alpha.kubernetes.io/provided-node-ip is no longer set ONLY when `--cloud-provider=external`.  Now, it is set on kubelet startup if the `--cloud-provider` flag is set at all, including the deprecated in-tree providers. ([#109794](https://github.com/kubernetes/kubernetes/pull/109794), [@mdbooth](https://github.com/mdbooth)) [SIG Network and Node]
- The pod phase lifecycle guarantees that terminal Pods, those whose states are `Unready` or `Succeeded`, can not regress and will have all container stopped. Hence, terminal Pods will never be reachable and should not publish their IP addresses on the `Endpoints` or `EndpointSlices`, independently of the Service `TolerateUnready` option. ([#110255](https://github.com/kubernetes/kubernetes/pull/110255), [@robscott](https://github.com/robscott))
- Unmounted volumes correctly for reconstructed volumes even if mount operation fails after kubelet restart. ([#110670](https://github.com/kubernetes/kubernetes/pull/110670), [@gnufied](https://github.com/gnufied))
- Updated max azure data disk count map with new VM types. ([#111406](https://github.com/kubernetes/kubernetes/pull/111406), [@bennerv](https://github.com/bennerv))
- Updated to cAdvisor v0.44.1 to fix an issue where metrics generated by kubelet for pod network stats were empty in some cases. ([#109658](https://github.com/kubernetes/kubernetes/pull/109658), [@bobbypage](https://github.com/bobbypage))
- Upgraded Azure/go-autorest/autorest to v0.11.27. ([#110371](https://github.com/kubernetes/kubernetes/pull/110371), [@andyzhangx](https://github.com/andyzhangx))
- Upgraded functionality of `kubectl kustomize` as described at
  https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.5.7. ([#111606](https://github.com/kubernetes/kubernetes/pull/111606), [@natasha41575](https://github.com/natasha41575))
- Use checksums instead of fsyncs to ensure discovery cache integrity ([#110851](https://github.com/kubernetes/kubernetes/pull/110851), [@negz](https://github.com/negz)) [SIG API Machinery]
- UserName check for 'ContainerAdministrator' is now case-insensitive if runAsNonRoot is set to true on Windows. ([#111009](https://github.com/kubernetes/kubernetes/pull/111009), [@marosset](https://github.com/marosset))
- Volumes are no longer detached from healthy nodes after 6 minutes timeout. 6 minute force-detach timeout is used only for unhealthy nodes (`node.status.conditions["Ready"]!= true`). ([#110721](https://github.com/kubernetes/kubernetes/pull/110721), [@jsafrane](https://github.com/jsafrane))
- When metrics are counted, discard the wrong container StartTime metrics ([#110880](https://github.com/kubernetes/kubernetes/pull/110880), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Instrumentation and Node]
- Windows kubelet plugin Watcher now working as intended. ([#111439](https://github.com/kubernetes/kubernetes/pull/111439), [@claudiubelu](https://github.com/claudiubelu))
- [aws] Fixed a bug which reduces the number of unnecessary calls to STS in the event of assume role failures in the legacy cloud provider ([#110706](https://github.com/kubernetes/kubernetes/pull/110706), [@prateekgogia](https://github.com/prateekgogia)) [SIG Cloud Provider]
- `pod.Spec.RuntimeClassName` field is now available in kubectl describe command. ([#110914](https://github.com/kubernetes/kubernetes/pull/110914), [@yeahdongcn](https://github.com/yeahdongcn))

### Other (Cleanup or Flake)

- Add missing powershell option to kubectl completion command short description. ([#109773](https://github.com/kubernetes/kubernetes/pull/109773), [@danielhelfand](https://github.com/danielhelfand))
- Added e2e test flag to specify which volume drivers should be installed. This  deprecated the ENABLE_STORAGE_GCE_PD_DRIVER environment variable. ([#111481](https://github.com/kubernetes/kubernetes/pull/111481), [@mattcary](https://github.com/mattcary))
- Changed PV framework delete timeout to 5 minutes as documented. ([#109764](https://github.com/kubernetes/kubernetes/pull/109764), [@saikat-royc](https://github.com/saikat-royc))
- Default burst limit for the discovery client set to 300. ([#109141](https://github.com/kubernetes/kubernetes/pull/109141), [@ulucinar](https://github.com/ulucinar))
- Deleted the `apimachinery/clock` package. Please use `k8s.io/utils/clock` package instead. ([#109752](https://github.com/kubernetes/kubernetes/pull/109752), [@MadhavJivrajani](https://github.com/MadhavJivrajani))
- Feature gates that graduated to GA in 1.23 or earlier and were unconditionally enabled have been removed: CSIServiceAccountToken, ConfigurableFSGroupPolicy, EndpointSlice, EndpointSliceNodeName, EndpointSliceProxying, GenericEphemeralVolume, IPv6DualStack, IngressClassNamespacedParams, StorageObjectInUseProtection, TTLAfterFinished, VolumeSubpath, WindowsEndpointSliceProxying. ([#109435](https://github.com/kubernetes/kubernetes/pull/109435), [@pohly](https://github.com/pohly))
- For Linux, `kube-proxy` uses a new “distroless” container image, instead of an image based on Debian. ([#111060](https://github.com/kubernetes/kubernetes/pull/111060), [@aojea](https://github.com/aojea))
- For resources built into an apiserver, the server now logs at `-v=3` whether it is using watch caching. ([#109175](https://github.com/kubernetes/kubernetes/pull/109175), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery]
- Improved `kubectl run` and `kubectl debug` error messages upon attaching failures. ([#110764](https://github.com/kubernetes/kubernetes/pull/110764), [@soltysh](https://github.com/soltysh))
- In the event that more than one IngressClass is designated "default", the DefaultIngressClass admission controller will choose one rather than fail. ([#110974](https://github.com/kubernetes/kubernetes/pull/110974), [@kidddddddddddddddddddddd](https://github.com/kidddddddddddddddddddddd)) [SIG Network]
- Kube-proxy: The "userspace" proxy-mode is deprecated on Linux and Windows, despite being the default on Windows.  As of v1.26, the default mode for Windows will change to 'kernelspace'. ([#110762](https://github.com/kubernetes/kubernetes/pull/110762), [@pandaamanda](https://github.com/pandaamanda)) [SIG Network]
- Kubeadm: perform additional dockershim cleanup. Treat all container runtimes as remote by using the flag "--container-runtime=remote", given dockershim was removed in 1.24 and given kubeadm 1.25 supports a kubelet version of 1.24 and 1.25. The flag "--network-plugin" will no longer be used for new clusters. Stop cleaning up the following dockershim related directories on "kubeadm reset": "/var/lib/dockershim", "/var/runkubernetes", "/var/lib/cni" ([#110022](https://github.com/kubernetes/kubernetes/pull/110022), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
- Kubelet's deprecated `--experimental-kernel-memcg-notification` flag is now removed.  Use `--kernel-memcg-notification` instead. ([#109388](https://github.com/kubernetes/kubernetes/pull/109388), [@ialidzhikov](https://github.com/ialidzhikov))
- Kubelet: Silenced flag output on errors. ([#110728](https://github.com/kubernetes/kubernetes/pull/110728), [@howardjohn](https://github.com/howardjohn))
- Kubernetes binaries are now built-in `module` mode instead of `GOPATH` mode. ([#109464](https://github.com/kubernetes/kubernetes/pull/109464), [@liggitt](https://github.com/liggitt))
- Removed branch `release-1.20` from prom bot due to EOL. ([#110748](https://github.com/kubernetes/kubernetes/pull/110748), [@cpanato](https://github.com/cpanato))
- Removed deprecated kubectl.kubernetes.io/default-logs-container support ([#109254](https://github.com/kubernetes/kubernetes/pull/109254), [@pacoxu](https://github.com/pacoxu))
- Renamed `apiserver_watch_cache_watch_cache_initializations_total` to `apiserver_watch_cache_initializations_total` ([#109579](https://github.com/kubernetes/kubernetes/pull/109579), [@logicalhan](https://github.com/logicalhan))
- Shell completion is now provided for the "--subresource" flag. ([#109070](https://github.com/kubernetes/kubernetes/pull/109070), [@marckhouzam](https://github.com/marckhouzam))
- Some apiserver metrics were changed, as follows.
  - `priority_level_seat_count_samples` is replaced with `priority_level_seat_utilization`, which samples every nanosecond rather than every millisecond; the old metric conveyed utilization despite its name.
  - `priority_level_seat_count_watermarks` is removed.
  - `priority_level_request_count_samples` is replaced with `priority_level_request_utilization`, which samples every nanosecond rather than every millisecond; the old metric conveyed utilization despite its name.
  - `priority_level_request_count_watermarks` is removed.
  - `read_vs_write_request_count_samples` is replaced with `read_vs_write_current_requests`, which samples every nanosecond rather than every second; the new metric, like the old one, measures utilization when the max-in-flight filter is used and number of requests when the API Priority and Fairness filter is used.
  - `read_vs_write_request_count_watermarks` is removed. ([#110104](https://github.com/kubernetes/kubernetes/pull/110104), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery, Instrumentation and Testing]
- The kube-controller-manager's deprecated `--experimental-cluster-signing-duration` flag is now removed. Adapt your machinery to use the `--cluster-signing-duration` flag that is available since v1.19. ([#108476](https://github.com/kubernetes/kubernetes/pull/108476), [@ialidzhikov](https://github.com/ialidzhikov))
- The kube-scheduler ComponentConfig v1beta2 is deprecated in v1.25. ([#111547](https://github.com/kubernetes/kubernetes/pull/111547), [@kerthcet](https://github.com/kerthcet))
- The kubelet no longer supports collecting accelerator metrics through cAdvisor. The feature gate `DisableAcceleratorUsageMetrics` is now GA and cannot be disabled. ([#110940](https://github.com/kubernetes/kubernetes/pull/110940), [@pacoxu](https://github.com/pacoxu))
- Updated cri-tools to [v1.24.2(https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2). ([#109813](https://github.com/kubernetes/kubernetes/pull/109813), [@saschagrunert](https://github.com/saschagrunert))
- `apiserver_dropped_requests` is dropped from this release since `apiserver_request_total` can now be used to track dropped requests. `etcd_object_counts` is also removed in favor of `apiserver_storage_objects`. `apiserver_registered_watchers` is also removed in favor of `apiserver_longrunning_requests`. ([#110337](https://github.com/kubernetes/kubernetes/pull/110337), [@logicalhan](https://github.com/logicalhan))
- `apiserver_longrunning_gauge` was removed from the codebase. Please use `apiserver_longrunning_requests`
  instead.
   ([#110310](https://github.com/kubernetes/kubernetes/pull/110310), [@logicalhan](https://github.com/logicalhan))


## Dependencies

### Added
- github.com/emicklei/go-restful/v3: [v3.8.0](https://github.com/emicklei/go-restful/v3/tree/v3.8.0)
- github.com/go-task/slim-sprig: [348f09d](https://github.com/go-task/slim-sprig/tree/348f09d)
- github.com/gogo/googleapis: [v1.4.1](https://github.com/gogo/googleapis/tree/v1.4.1)
- github.com/golang-jwt/jwt/v4: [v4.2.0](https://github.com/golang-jwt/jwt/v4/tree/v4.2.0)
- github.com/golang/snappy: [v0.0.3](https://github.com/golang/snappy/tree/v0.0.3)
- github.com/golangplus/bytes: [v1.0.0](https://github.com/golangplus/bytes/tree/v1.0.0)
- github.com/golangplus/fmt: [v1.0.0](https://github.com/golangplus/fmt/tree/v1.0.0)
- github.com/onsi/ginkgo/v2: [v2.1.4](https://github.com/onsi/ginkgo/v2/tree/v2.1.4)
- go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful: v0.20.0
- go.opentelemetry.io/contrib/propagators: v0.20.0
- google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.1.0

### Changed
- bitbucket.org/bertimus9/systemstat: 0eeff89 → v0.5.0
- cloud.google.com/go: v0.81.0 → v0.97.0
- github.com/Azure/go-autorest/autorest/adal: [v0.9.13 → v0.9.20](https://github.com/Azure/go-autorest/autorest/adal/compare/v0.9.13...v0.9.20)
- github.com/Azure/go-autorest/autorest/mocks: [v0.4.1 → v0.4.2](https://github.com/Azure/go-autorest/autorest/mocks/compare/v0.4.1...v0.4.2)
- github.com/Azure/go-autorest/autorest: [v0.11.18 → v0.11.27](https://github.com/Azure/go-autorest/autorest/compare/v0.11.18...v0.11.27)
- github.com/GoogleCloudPlatform/k8s-cloud-provider: [ea6160c → f118173](https://github.com/GoogleCloudPlatform/k8s-cloud-provider/compare/ea6160c...f118173)
- github.com/MakeNowJust/heredoc: [bb23615 → v1.0.0](https://github.com/MakeNowJust/heredoc/compare/bb23615...v1.0.0)
- github.com/antlr/antlr4/runtime/Go/antlr: [b48c857 → f25a4f6](https://github.com/antlr/antlr4/runtime/Go/antlr/compare/b48c857...f25a4f6)
- github.com/chai2010/gettext-go: [c6fed77 → v1.0.2](https://github.com/chai2010/gettext-go/compare/c6fed77...v1.0.2)
- github.com/cncf/udpa/go: [5459f2c → 04548b0](https://github.com/cncf/udpa/go/compare/5459f2c...04548b0)
- github.com/cncf/xds/go: [fbca930 → cb28da3](https://github.com/cncf/xds/go/compare/fbca930...cb28da3)
- github.com/container-storage-interface/spec: [v1.5.0 → v1.6.0](https://github.com/container-storage-interface/spec/compare/v1.5.0...v1.6.0)
- github.com/containerd/containerd: [v1.4.12 → v1.4.9](https://github.com/containerd/containerd/compare/v1.4.12...v1.4.9)
- github.com/coredns/corefile-migration: [v1.0.14 → v1.0.17](https://github.com/coredns/corefile-migration/compare/v1.0.14...v1.0.17)
- github.com/daviddengcn/go-colortext: [511bcaf → v1.0.0](https://github.com/daviddengcn/go-colortext/compare/511bcaf...v1.0.0)
- github.com/docker/docker: [v20.10.12+incompatible → v20.10.17+incompatible](https://github.com/docker/docker/compare/v20.10.12...v20.10.17)
- github.com/envoyproxy/go-control-plane: [63b5d3c → 49ff273](https://github.com/envoyproxy/go-control-plane/compare/63b5d3c...49ff273)
- github.com/go-logr/logr: [v1.2.0 → v1.2.3](https://github.com/go-logr/logr/compare/v1.2.0...v1.2.3)
- github.com/go-logr/zapr: [v1.2.0 → v1.2.3](https://github.com/go-logr/zapr/compare/v1.2.0...v1.2.3)
- github.com/golangplus/testing: [af21d9c → v1.0.0](https://github.com/golangplus/testing/compare/af21d9c...v1.0.0)
- github.com/google/cadvisor: [v0.44.1 → v0.45.0](https://github.com/google/cadvisor/compare/v0.44.1...v0.45.0)
- github.com/google/cel-go: [v0.10.1 → v0.12.4](https://github.com/google/cel-go/compare/v0.10.1...v0.12.4)
- github.com/google/go-cmp: [v0.5.5 → v0.5.6](https://github.com/google/go-cmp/compare/v0.5.5...v0.5.6)
- github.com/google/martian/v3: [v3.1.0 → v3.2.1](https://github.com/google/martian/v3/compare/v3.1.0...v3.2.1)
- github.com/google/pprof: [cbba55b → 94a9f03](https://github.com/google/pprof/compare/cbba55b...94a9f03)
- github.com/googleapis/gax-go/v2: [v2.0.5 → v2.1.1](https://github.com/googleapis/gax-go/v2/compare/v2.0.5...v2.1.1)
- github.com/imdario/mergo: [v0.3.5 → v0.3.6](https://github.com/imdario/mergo/compare/v0.3.5...v0.3.6)
- github.com/matttproud/golang_protobuf_extensions: [c182aff → v1.0.1](https://github.com/matttproud/golang_protobuf_extensions/compare/c182aff...v1.0.1)
- github.com/onsi/gomega: [v1.10.1 → v1.19.0](https://github.com/onsi/gomega/compare/v1.10.1...v1.19.0)
- github.com/opencontainers/runc: [v1.1.1 → v1.1.3](https://github.com/opencontainers/runc/compare/v1.1.1...v1.1.3)
- github.com/pquerna/cachecontrol: [0dec1b3 → v0.1.0](https://github.com/pquerna/cachecontrol/compare/0dec1b3...v0.1.0)
- github.com/seccomp/libseccomp-golang: [3879420 → f33da4d](https://github.com/seccomp/libseccomp-golang/compare/3879420...f33da4d)
- github.com/xlab/treeprint: [a009c39 → v1.1.0](https://github.com/xlab/treeprint/compare/a009c39...v1.1.0)
- github.com/yuin/goldmark: [v1.4.1 → v1.4.13](https://github.com/yuin/goldmark/compare/v1.4.1...v1.4.13)
- go.etcd.io/etcd/api/v3: v3.5.1 → v3.5.4
- go.etcd.io/etcd/client/pkg/v3: v3.5.1 → v3.5.4
- go.etcd.io/etcd/client/v2: v2.305.0 → v2.305.4
- go.etcd.io/etcd/client/v3: v3.5.1 → v3.5.4
- go.etcd.io/etcd/pkg/v3: v3.5.0 → v3.5.4
- go.etcd.io/etcd/raft/v3: v3.5.0 → v3.5.4
- go.etcd.io/etcd/server/v3: v3.5.0 → v3.5.4
- golang.org/x/crypto: 8634188 → 3147a52
- golang.org/x/mod: 9b9b3d8 → 86c51ed
- golang.org/x/net: cd36cc0 → a158d28
- golang.org/x/sync: 036812b → 886fb93
- golang.org/x/sys: 3681064 → 8c9f86f
- golang.org/x/tools: 897bd77 → v0.1.12
- google.golang.org/api: v0.46.0 → v0.60.0
- google.golang.org/genproto: 42d7afd → c8bf987
- google.golang.org/grpc: v1.40.0 → v1.47.0
- google.golang.org/protobuf: v1.27.1 → v1.28.0
- gopkg.in/yaml.v3: 496545a → v3.0.1
- k8s.io/klog/v2: v2.60.1 → v2.70.1
- k8s.io/kube-openapi: 3ee0da9 → 67bda5d
- k8s.io/utils: 3a6ce19 → ee6ede2
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.30 → v0.0.32
- sigs.k8s.io/json: 9f7c6b3 → f223a00
- sigs.k8s.io/kustomize/api: v0.11.4 → v0.12.1
- sigs.k8s.io/kustomize/cmd/config: v0.10.6 → v0.10.9
- sigs.k8s.io/kustomize/kustomize/v4: v4.5.4 → v4.5.7
- sigs.k8s.io/kustomize/kyaml: v0.13.6 → v0.13.9
- sigs.k8s.io/structured-merge-diff/v4: v4.2.1 → v4.2.3

### Removed
- github.com/OneOfOne/xxhash: [v1.2.2](https://github.com/OneOfOne/xxhash/tree/v1.2.2)
- github.com/cespare/xxhash: [v1.1.0](https://github.com/cespare/xxhash/tree/v1.1.0)
- github.com/clusterhq/flocker-go: [2b8b725](https://github.com/clusterhq/flocker-go/tree/2b8b725)
- github.com/emicklei/go-restful: [v2.9.5+incompatible](https://github.com/emicklei/go-restful/tree/v2.9.5)
- github.com/google/cel-spec: [v0.6.0](https://github.com/google/cel-spec/tree/v0.6.0)
- github.com/jstemmer/go-junit-report: [v0.9.1](https://github.com/jstemmer/go-junit-report/tree/v0.9.1)
- github.com/nxadm/tail: [v1.4.4](https://github.com/nxadm/tail/tree/v1.4.4)
- github.com/onsi/ginkgo: [v1.14.0](https://github.com/onsi/ginkgo/tree/v1.14.0)
- github.com/quobyte/api: [v0.1.8](https://github.com/quobyte/api/tree/v0.1.8)
- github.com/spaolacci/murmur3: [f09979e](https://github.com/spaolacci/murmur3/tree/f09979e)
- github.com/storageos/go-api: [v2.2.0+incompatible](https://github.com/storageos/go-api/tree/v2.2.0)
- gopkg.in/tomb.v1: dd63297



# v1.25.0-rc.1


## Downloads for v1.25.0-rc.1



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes.tar.gz) | e14dae73addde178b3cfe2d282a261e4ff09ba0015094911a33a5c0657ac7480bb1eeb96e6c48b773a4acbe4379c20372c8dec5e41840b4f886a143aef24fb44
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-src.tar.gz) | f1e9237aa0c169a3763a33ec17cb2c52adc7401c413c157aff34ca37168612e7be7adc6d181d81081b0d5577e3036c91e211273c2b13799306d20e4ae1df9427

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-darwin-amd64.tar.gz) | a2b1b1eabbd3cc9edd8965d99b018906e1b9228eef8af502c985237598d34705c1e85b36c7c79eb7084a4269a22d08b8d38d05126a41e4aeed4e4cd023e7f630
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-darwin-arm64.tar.gz) | acf9af8669789858160a479273a820b6e28b2f245d5d5904b1b2ab48c62984b1c4c1ebec5ac728878406443daf66a82a1a29d30916a5aaea2d3b0a7fdd2b40cc
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-linux-386.tar.gz) | 225898328977467b8158af2bca4335efe74e00416eb2f4003361086c37a0bc8d2490642afd9a2e374ea462ad6bf9a760340975fe84d0daed81b4fb8faf280b81
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-linux-amd64.tar.gz) | 6148209b0088f8491f17d31375420bb5c027e115dfae5e4366a6bb5d7ce1416e36b58f23723e75c91ff311891d132fde11bf387766825ad1ecc5186007a1c0cf
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-linux-arm.tar.gz) | 630308287cdd40f53ce809807cfb60daa657ebe898426db47e7641f608621786ae4af6bae5505dda717bc9a7bdda4950d6a95c1100393183a8bb07bc8fe12383
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-linux-arm64.tar.gz) | 8bc549474541955bd4da1acea34908b4ea958e002aa135251e97868b759e0aa29e9494bd07375eb38cfa07c973f54f884c711c19f96eaa490a4aceb0065ab3c1
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-linux-ppc64le.tar.gz) | b46310a3a224db894dfe93d85ac7107a2ab66f80a57860d3615df6a6af8fca6728549c0aaafe2b7b07f22c3bf7187f72b630527687e4d1a5fae79b51fe653a24
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-linux-s390x.tar.gz) | c0d1ec17577e9dd0c45b28f89a49af8cd17f3618d5ef5428c28ac96e842e7eacc84828bbac4209f4e3bec463cdc963b11f7f1f016e5032c94d85f98a64630d30
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-windows-386.tar.gz) | 99f85b4d5bd693fa8fe52471d2e970adb5ed7236c9793fa91d9b39739f2062d3dd9bd370fa3e810eb13a690df7314d1c31dd501585499251ab169323569115f9
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-windows-amd64.tar.gz) | 2ea4a4cf1c17006f7bd2309fca52dbe219d0e73f1c103dcd2ac0dfdefc650b80d2bb12ce0a6375f6894d6bfca44ef2718ac72244e5b6e4c432db0f198b4e34ad
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-client-windows-arm64.tar.gz) | c27593a4d834e3ecf3fd5ddb5aebad152af5c2bd30fd4c09b946e258498330745114963221ee98ae2b32953c5c50898f1328e38c64ca442a4c3fc07f1668220b

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-server-linux-amd64.tar.gz) | 46ad89bff41efcc9a6f98a16b268ef467037c4a735eddefe98794c5c652b417efe0087d84d1461809a75f443721412bbea8a0191d7bc542a0762a8bc6ef67190
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-server-linux-arm.tar.gz) | c79ee0a2de9b9558baf631f7b1918f46e07fb0c5dd21861700c151666013a4a9ded300d0b552de5efe9cd977abec0dda4514b903092ad376ecd5fb2a8ea1173f
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-server-linux-arm64.tar.gz) | 4cc9f720cc391c6bbb20d6de7f5c47e457c7d7ea42672bf27080ed2e673b52fd5c2266f766318d6e2bb08b1f733c03e983ef2a440bd481d741c9ab07029860f8
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-server-linux-ppc64le.tar.gz) | 50889dac23696d2f8242aa1059d5bbcfbe440fade700c7f2fac1148b19a0754d48f76672bd0c0e7030fe88e29aa06de4c22f36d00f8fca9989d45d24337db82f
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-server-linux-s390x.tar.gz) | a9493cfa2ba2fe482eba8e83d524cd0b3218ae438157163daf740dc100dd7a32249ff19fd87ae753f133b1858412938739c108b4d34279d46e53268e63713694

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-node-linux-amd64.tar.gz) | 590a658c556b7269efbcc802e3495b3e9e3216d3ad22c113131d46c4680e8fdda8b6eb56fce088fda18947861d89889019d101c4d27246a30608a27f05a32fa6
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-node-linux-arm.tar.gz) | e09c753808a87f772d418d750489c0fd2c53cedf0f874d5672fcebba0cd3e549f2f14ed463ba9c398b41e46525f513c883c825880356a670679cf05a383c01a7
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-node-linux-arm64.tar.gz) | 3db05d3150fcf061dbcfdb3ddeca69a2fd905660ad85446ccf8e68210592cda0c64b4324251058354e99f4b7747ae212bf3b5b0db1943310dba0d7bbe6c5f034
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-node-linux-ppc64le.tar.gz) | dd05bc3a5c2209489af484c799e7a731bbbe1104574f186ab8a9be58fd74c70cad8c1ca097d00e2348ad62610061713ae42f2cfdd356f2c1f83b50161385c0fc
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-node-linux-s390x.tar.gz) | c4d461cc4e442d8a033df8916ee20b58323b20e2a25f04d50ea2a7c3586b9737eac63317cc9175b5dc8308299e42e3b3d86d3aa1ab755d17515bdb44612453c3
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.1/kubernetes-node-windows-amd64.tar.gz) | a9b75fd62986abce44a5ad888e35ff7353cdaf91c28092c6c117c599ede0c6c43bbaf720b1a6f189e9f85c1dfa6371d88f6c9930fd46ff5d9547a764b5854cde

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[k8s.gcr.io/conformance:v1.25.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[k8s.gcr.io/kube-apiserver:v1.25.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[k8s.gcr.io/kube-controller-manager:v1.25.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[k8s.gcr.io/kube-proxy:v1.25.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[k8s.gcr.io/kube-scheduler:v1.25.0-rc.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.0-rc.0

## Changes by Kind

### Documentation

- Clarify that the node-port range (kube-apiserver config) must not overlap the nodes' ephemeral range. ([#111697](https://github.com/kubernetes/kubernetes/pull/111697), [@thockin](https://github.com/thockin)) [SIG Network]

### Bug or Regression

- Fix memory leak on kube-scheduler preemption ([#111773](https://github.com/kubernetes/kubernetes/pull/111773), [@amewayne](https://github.com/amewayne)) [SIG Scheduling]

## Dependencies

### Added
_Nothing has changed._

### Changed
_Nothing has changed._

### Removed
_Nothing has changed._



# v1.25.0-rc.0


## Downloads for v1.25.0-rc.0



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes.tar.gz) | 88f1261569ccde08beb4f7d5d79a9750168fc32b6bf4975ebf9a225ea1d57d6de21f5321944de0d83f572af93fa11265584a09049b6fa594866daa8f99102a6a
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-src.tar.gz) | bed0ce425fff0ff75608a043ed3a9a9b89ab640d08620b96976c733df84be6c161d8c586b9021e0cbd7ce88fba749e417befe7cc4042dcc7a4a4d6a9d6c40d26

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-darwin-amd64.tar.gz) | c937bb03c08b081f1889e50a0a2eb4631ab7e1ceca44ed244d221959468dfbdb60c0169624aa6d04e1775cc91ea2f448a213d2e0addd6525548a88735a970379
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-darwin-arm64.tar.gz) | c32a0de11f0ccf44dd495d01d4d174d361124fe527ab9dc13b210994ecfa19d1f23e61053d920ee1d60bf80c7d4bb197c5dcbb03e1aed2231d53fca7aa9e876a
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-linux-386.tar.gz) | 32f64a3d8b7547e94b934e58d83ac566f36232822458e84cd07de0f6aeb15b0169d74413fdf2456a0b0fe17d0a600e203e4fffdfd8869e9d6ca3b704c0e41e48
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-linux-amd64.tar.gz) | a76fb8e22ca249914e47a8b523a9eb201b17014b52a7ae335386087f510a00899ea76d4f7cd4f3ce1cfbee8f8b9c9a23862fdcd6da71c6a6269f663e5e813182
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-linux-arm.tar.gz) | f8f96ebd7727a99a923542f1f212615beb83556de93784f641e56021cf1ccac3bbe8a656389111cc95a55d9fa85b711e5a8ac50d1c169c41ae32f72c28c801d7
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-linux-arm64.tar.gz) | 4de505812c10612f3cf420e87c6e712f46a208f2a64ce778c6f33291b390f7a4e4754913f402196456c8fef17f67ba44fa1bd14171e820d2e1a47d086c86e0bc
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-linux-ppc64le.tar.gz) | 10d2a289d54ba75788ba15cd1de5ebc3dea89a0a1066003526b635c7260da9aab22b7b46794f341bca80c5e42bfe4681211513be0c02d8f42fb9db5a36f8ff90
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-linux-s390x.tar.gz) | 1254fa747d2f0a92f21136a64b2efcd634c549a66f0fecf4a7f4bf5be2ee1986c5cfea4b1cbe6ff04970891e4a2e0f9abb2462cdaf0eb275397977a1e4d06877
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-windows-386.tar.gz) | 85467d33b8d1a628e1b1db44e0e87116d82d3d00b06b51a0754475fe7f03ffc9dd1dba1bbbc4dea62a28d6d762ca557c88a29926015c2109f30655710d5fc746
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-windows-amd64.tar.gz) | fa51f5e14ac2d4582be4eedb1e68c8e6ceeac57ac0bf25fadc0276c7b6584cde6f41bf1495944606b5493debd1fb787d511d342f02ab5f5fe1ffce2d40f488ff
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-client-windows-arm64.tar.gz) | 8f3f81a7ceaa1f6167f85046dbcb3091a09dbfa3b49fc82e8d5ca08283b077fd5031203929b4a212ec62c02a72409e0b947fcc3b21e7430b3b14407654a97c90

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-server-linux-amd64.tar.gz) | 8e9695a09dfeca990afc5401e89e89722ba0dbf8c4c9aef40552596b9c5d6dd45bf53d4c1ecea821c44b48db9110668049034f462c38e4b0a48dbeb5cfdecff9
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-server-linux-arm.tar.gz) | b05066b5004d7a827f27bb2f38a111babef9f43f8d4b6b112a793c373b175085f3053756ae548c51d42b0d32f7fce463010d14bb9a652b326843406538f8e2aa
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-server-linux-arm64.tar.gz) | 49e39c509dd49566eb14d52f9047743f3bb96d86fb9747fa465f2ece3311fdfa70e601fbe9015b103be8748db3474216bcd7a33cc82a4dd984094aedccfde02e
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-server-linux-ppc64le.tar.gz) | cf9b707cdb69bd45eff015b67379d42a7049884c484a740e36e533ada1f22f0f28128605a6149f33933b8b8b68754da01545b4c2c55d5d6956d5cf993ecbf615
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-server-linux-s390x.tar.gz) | bbbd35f8b436aed6b76b9d60a5efec2865af776b331db67b45a96eb4c898fab51713952a5339242514e80f26b5581961f5cd4d1829f5c7022074716577031589

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-node-linux-amd64.tar.gz) | 0a25201b921171661a084c5aa51c61b1922f7e90593d747760588bf7104fb52f4fa796b75aac86ea9ec91c1cb2c379f9dd5b343bfdff6c5f2bb4fe8b099be02e
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-node-linux-arm.tar.gz) | 66a15466074a0813a3d04bf3cb1d4e44209b6a90b258fc3b4ef84ced4d7b030036dd03ce19273ae67aa8903775431b85bdae32710b1a11d8651c2f6191d9e864
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-node-linux-arm64.tar.gz) | a7a80e0958b6620c052f65e0e491396ceb0c3ad121499a76fa0b76e0df43b5a7a29a1fc31b1aabb7d856efc2c7df4c746a79e0e6ed1019a3e42cde877a19f2fb
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-node-linux-ppc64le.tar.gz) | be06991362911c1c08d7ab5e138fd7d05a80b481c9f7fb9dbc68ad85b205e44811f37a3d6ea5cf3368b95b2a878b8b13096bb76491d20afa03216a7ca7e2f42d
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-node-linux-s390x.tar.gz) | 261c4ab9cde5e3b1f51db396ad1c737fc2cc165437df7c19afeae4548f57822a82326a039767dbe36582ec1bedc08bf9d0f3d58726d7d81df04834d46aac239f
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-rc.0/kubernetes-node-windows-amd64.tar.gz) | 114e3630bb6f5140a3097c6c81a6d62280a7892fdc792f22ad9417d80a19932ed0b719ad56718e8e9f08c80c6149e9cf21fe20ba65db4f460b1d63db0abc2e24

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[k8s.gcr.io/conformance:v1.25.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[k8s.gcr.io/kube-apiserver:v1.25.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[k8s.gcr.io/kube-controller-manager:v1.25.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[k8s.gcr.io/kube-proxy:v1.25.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[k8s.gcr.io/kube-scheduler:v1.25.0-rc.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.0-beta.0

## Changes by Kind

### API Change

- Introduces support for handling pod failures with respect to the configured pod failure policy rules ([#111113](https://github.com/kubernetes/kubernetes/pull/111113), [@mimowo](https://github.com/mimowo)) [SIG API Machinery, Apps, Auth, Scheduling and Testing]
- NodeIPAM support for multiple ClusterCIDRs (https://github.com/kubernetes/enhancements/issues/2593) introduced as an alpha feature.

  Setting feature gate MultiCIDRRangeAllocator=true, determines whether the MultiCIDRRangeAllocator controller can be used, while the kube-controller-manager flag below will pick the active controller.

  Enable the MultiCIDRRangeAllocator by setting --cidr-allocator-type=MultiCIDRRangeAllocator flag in kube-controller-manager. ([#109090](https://github.com/kubernetes/kubernetes/pull/109090), [@sarveshr7](https://github.com/sarveshr7)) [SIG API Machinery, Apps, Auth, CLI, Cloud Provider, Instrumentation, Network and Testing]
- The CSIInlineVolume feature has moved from beta to GA. ([#111258](https://github.com/kubernetes/kubernetes/pull/111258), [@dobsonj](https://github.com/dobsonj)) [SIG API Machinery, Apps, Auth, Instrumentation, Storage and Testing]

### Bug or Regression

- Fix memory leak in the job controller related to JobTrackingWithFinalizers ([#111721](https://github.com/kubernetes/kubernetes/pull/111721), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps]
- Remove the recently re-introduced schedulability predicate (by PR: https://github.com/kubernetes/kubernetes/pull/109706) as to not have unschedulable nodes removed from load balancers back-end pools. ([#111691](https://github.com/kubernetes/kubernetes/pull/111691), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG Cloud Provider and Network]

## Dependencies

### Added
_Nothing has changed._

### Changed
_Nothing has changed._

### Removed
_Nothing has changed._



# v1.25.0-beta.0


## Downloads for v1.25.0-beta.0



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes.tar.gz) | f1f8548098b679784aeda6e2453d34a3b2e1670a066b9984acce6790d61bd8733f5c5a7875e48c379f4b4a6a28130a807f93a847d8ac776b3fb3d1dec167be9a
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-src.tar.gz) | c338733b41387cce6dd40ebef9ff3bd35e796cd2635e75ea51b8e1d944672d4abdbf6ed14c0bfab070fc19259c66f7ba426858b79c51c9bc74a23a31076def6b

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-darwin-amd64.tar.gz) | 11723387623bbae84f76fc01f2a9fa1612b13238576b205073fd38512ce9aa5c8356a1c072a7fd8f27b271f3fe6441f8b7a2ea19e02f9d15503b3e76a1c65f6a
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-darwin-arm64.tar.gz) | 9600383719091ab9a18fd871a8b7349db7b3b1162e54c202fb725d8e21365e9ff9f109f4eed68db87d28482768af325ad17996382a537b3988527278756997a9
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-linux-386.tar.gz) | b04908a39ef653e913e090bc8c46eac528272598f4e173a5898355caf027e38614a1fe7ad9c3f307a28e1e7718bb38274f463cc09d8020fc01594df2186bc9b3
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-linux-amd64.tar.gz) | 7dfbb41cd1cd43db8b63cefa0aed33754a3274f350037bdf484593365942dcad3112436cfd7a83fb760b7e81c98dfcc66a7a7d2c36de59b4a80a9049775bae81
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-linux-arm.tar.gz) | 4e4ded957a7dd17f3b19544eb564cdbd7ea0018a77d1c7106403607f93e41896e90abb3caedb2c7d4372326c370490034380af741948fb86e5ea6a1a71648008
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-linux-arm64.tar.gz) | de312ef5789512f27bcaf78e201e69f239caeb897b57183e237d34f90a886f2ad11bd143658f5a0a0e6866cea05fb099808a5498d529bb609ec2247b3165d849
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-linux-ppc64le.tar.gz) | a1cfae2dd27aa42646d5f21ddea50749d41bac4575b2003bae08e22567a90fb091d76660148aa0354feb6e49764c5995a1f6c2f967d73c5504ed9cc9188f44fd
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-linux-s390x.tar.gz) | 15aa3ac2ce68e5485b066b458f5cde48d09326683c85c19459ecdf3d0d135b5f44818db7c359f69ec2bd7da0049871fadd70ab2216314c433bf46a015370f5f5
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-windows-386.tar.gz) | 7ce798115a4c405682d98d7482af08a6c22f20121187745883c5209d91bad7a4faac044c3e4c1501cdff112a1342867f4b6d2186a89eb9465a6ec7359983a6d4
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-windows-amd64.tar.gz) | 68e3675cbedb69c69b9fb2bced9ad453d4cc11ed465cd0a193d7bbb0c8ea9448ca981ec47b971d2d4de5ce0245b1d0e4f9f1ac2ace2647b1ef7bce35edf525a3
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-client-windows-arm64.tar.gz) | 5e655248bdefe4b37010df99abe80c76fddf6e299cdb88c5cb93d5f1d8f55d2cfa0fbeba3d419929e7ecbef5a7b22d096c737f3493fe2ec748d228257ac63880

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-server-linux-amd64.tar.gz) | 509d38d4c7a8b513f414c1e64889f8ea1573fcd9a0920bd955b870b234c794fb8d2a8347447b7940323d4a43b1691a05f22178c80401975d0cf1fc1b31d71086
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-server-linux-arm.tar.gz) | 3d7896f8cde58d63243f3a704a291cc9135e01147448b93165d8c826d3429fc799a3e497614091545b87a8389a658b4dc2cc4e2b91f38166ef35d52a8139f17c
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-server-linux-arm64.tar.gz) | 4ce21bc8b68eebc9d7d52d63af7e4cfb641f0912417c601f5bbef1957c6aee70c729bde33cd3d9a4d12dd804f2f3fd45a6fee88c7e45d7eed23cbb6ac2aa1839
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-server-linux-ppc64le.tar.gz) | 4438d15cc91c606e0c66a4d49ade0ee98ae9b3a4440a007dc017542ab52da2dbe73ff9fd4ccb7fe97cf9d44219b237e4f2887f6ae333d431170f2dcd51409879
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-server-linux-s390x.tar.gz) | ebad4c0aeacd63763b5ca7b059b373e909283bde5464b2727283e6b76edda7ebfd0de56a93c9c1543fd7206a0b12b0a8c1ef7e121188d7201118db85074b919c

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-node-linux-amd64.tar.gz) | 9e7fe60d78e2a9df8dcd091c1f8bee1ebd59dee19714224b851895964bc1e3d47efff3d38ff3bf3e0077ca3af263d9adca0c5cbb8fa2d968090bac2e7097f745
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-node-linux-arm.tar.gz) | 56727507022103d2d4bfdb1043a7d340227346b641390dd9c288f796553733716a148ea41c5cb4ec5c52e45e210acf30f2be60e73ceedabeb97f09f280653e80
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-node-linux-arm64.tar.gz) | 3731fc563fcb6d7bd7a998b5e0a538effaf4843ae6d8a3b1fde666e564aa6961e3664791e5615ba831c7adcd10bb64ab9455bff57577f96b42e6470ca16ff8d9
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-node-linux-ppc64le.tar.gz) | 6e4bfaa2e5c599928930ca85981a27b338ef4366d34a089d3a807d51cb83c9be5d3af54be16efacce102b7d9b9e146e5d6f0b0c0987dea35f374f2f1b8e0c68c
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-node-linux-s390x.tar.gz) | efe12a8e4c15e3688afd9f13e1824f6bcf1fc3ffbc05da0321a5eb82534085d90832ade189c41ea44b8b8ae8c3d8eb85ac450f21287a7e1b91090780fe1f3bbc
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-beta.0/kubernetes-node-windows-amd64.tar.gz) | 0f494940e778ca8f043b7a917097a3fa719d7a3cdd555e23d722c329b0a0d7293eafc54833868d56db3cb6e5ed8a73462af6a2c00e61fff77fcfbdb14217c7aa

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[k8s.gcr.io/conformance:v1.25.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[k8s.gcr.io/kube-apiserver:v1.25.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[k8s.gcr.io/kube-controller-manager:v1.25.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[k8s.gcr.io/kube-proxy:v1.25.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[k8s.gcr.io/kube-scheduler:v1.25.0-beta.0](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.0-alpha.3

## Urgent Upgrade Notes

### (No, really, you MUST read this before you upgrade)

 - Encrypt data with DEK using AES-GCM instead of AES-CBC for kms data encryption. No user action required. Reads with AES-GCM and AES-CBC will continue to be allowed. ([#111119](https://github.com/kubernetes/kubernetes/pull/111119), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth and Testing]
  - Intree volume plugin flocker support is been completely removed from Kubernetes. ([#111618](https://github.com/kubernetes/kubernetes/pull/111618), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG API Machinery, Node, Scalability and Storage]
  - Intree volume plugin quobyte support is been completely removed from Kubernetes. ([#111619](https://github.com/kubernetes/kubernetes/pull/111619), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG API Machinery, Node, Scalability and Storage]
  - Intree volume plugin storageos support is been completely removed from Kubernetes. ([#111620](https://github.com/kubernetes/kubernetes/pull/111620), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG API Machinery, Node, Scalability and Storage]

## Changes by Kind

### Deprecation

- API server's deprecated `--service-account-api-audiences` flag is now removed.  Use `--api-audiences` instead. ([#108624](https://github.com/kubernetes/kubernetes/pull/108624), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Auth]
- Support for the alpha seccomp annotations `seccomp.security.alpha.kubernetes.io/pod` and `container.seccomp.security.alpha.kubernetes.io`, deprecated since v1.19, has been partially removed. Kubelets no longer support the annotations, use of the annotations in static pods is no longer supported, and the seccomp annotations are no longer auto-populated when pods with seccomp fields are created. Auto-population of the seccomp fields from the annotations is planned to be removed in 1.27. Pods should use the corresponding pod or container `securityContext.seccompProfile` field instead. ([#109819](https://github.com/kubernetes/kubernetes/pull/109819), [@saschagrunert](https://github.com/saschagrunert)) [SIG Apps, Auth, Node and Testing]
- VSphere releases less than 7.0u2 are not supported for in-tree vSphere volume as of Kubernetes v1.25. Please consider upgrading vSphere (both ESXi and vCenter)  to 7.0u2 or above. ([#111255](https://github.com/kubernetes/kubernetes/pull/111255), [@divyenpatel](https://github.com/divyenpatel)) [SIG Cloud Provider]
- Windows winkernel Kube-proxy no longer supports Windows HNS v1 APIs ([#110957](https://github.com/kubernetes/kubernetes/pull/110957), [@papagalu](https://github.com/papagalu)) [SIG Network and Windows]
- GlusterFS provisioner (`kubernetes.io/glusterfs`) has been deprecated in this release. ([#111485](https://github.com/kubernetes/kubernetes/pull/111485), [@humblec](https://github.com/humblec))

### API Change

- Added alpha support for user namespaces in pods phase 1 (KEP 127, feature gate: UserNamespacesSupport) ([#111090](https://github.com/kubernetes/kubernetes/pull/111090), [@rata](https://github.com/rata)) [SIG Apps, Auth, Network, Node, Storage and Testing]
- Adds KMS v2alpha1 support ([#111126](https://github.com/kubernetes/kubernetes/pull/111126), [@aramase](https://github.com/aramase)) [SIG API Machinery, Auth, Instrumentation and Testing]
- As of v1.25, the PodSecurity `restricted` level no longer requires pods that set .spec.os.name="windows" to also set Linux-specific securityContext fields. If a 1.25+ cluster has unsupported [out-of-skew](https://kubernetes.io/releases/version-skew-policy/#kubelet) nodes prior to v1.23 and wants to ensure namespaces enforcing the `restricted` policy continue to require Linux-specific securityContext fields on all pods, ensure a version of the `restricted` prior to v1.25 is selected by labeling the namespace (for example, `pod-security.kubernetes.io/enforce-version: v1.24`) ([#105919](https://github.com/kubernetes/kubernetes/pull/105919), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG API Machinery, Apps, Auth, Testing and Windows]
- Changes ownership semantics of PersistentVolume's spec.claimRef from `atomic` to `granular`. ([#110495](https://github.com/kubernetes/kubernetes/pull/110495), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Instrumentation and Testing]
- Extends ContainerStatus CRI API to allow runtime response with container resource requests and limits that are in effect.
  - UpdateContainerResources CRI API now supports both Linux and Windows.

  For details, see KEPs below. ([#111645](https://github.com/kubernetes/kubernetes/pull/111645), [@vinaykul](https://github.com/vinaykul)) [SIG Node]
- For v1.25, Kubernetes will be using golang 1.19, In this PR we update to 1.19rc2 as GA is not yet available. ([#111254](https://github.com/kubernetes/kubernetes/pull/111254), [@dims](https://github.com/dims)) [SIG Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage and Testing]
- Introduce PodHasNetwork condition for pods ([#111358](https://github.com/kubernetes/kubernetes/pull/111358), [@ddebroy](https://github.com/ddebroy)) [SIG Apps, Node and Testing]
- Introduction of the `DisruptionTarget` pod condition type. Its `reason` field indicates the reason for pod termination:
  - PreemptionByKubeScheduler (Pod preempted by kube-scheduler)
  - DeletionByTaintManager (Pod deleted by taint manager due to NoExecute taint)
  - EvictionByEvictionAPI (Pod evicted by Eviction API)
  - DeletionByPodGC (an orphaned Pod deleted by PodGC) ([#110959](https://github.com/kubernetes/kubernetes/pull/110959), [@mimowo](https://github.com/mimowo)) [SIG Apps, Auth, Node, Scheduling and Testing]
- Kube-Scheduler ComponentConfig is graduated to GA, `kubescheduler.config.k8s.io/v1` is available now.
  Plugin `SelectorSpread` is removed in v1. ([#110534](https://github.com/kubernetes/kubernetes/pull/110534), [@kerthcet](https://github.com/kerthcet)) [SIG API Machinery, Scheduling and Testing]
- Local Storage Capacity Isolation feature is GA in 1.25 release. For systems (rootless) that cannot check root file system, please use kubelet config --local-storage-capacity-isolation=false to disable this feature. Once disabled, pod cannot set local ephemeral storage request/limit, and emptyDir sizeLimit niether. ([#111513](https://github.com/kubernetes/kubernetes/pull/111513), [@jingxu97](https://github.com/jingxu97)) [SIG API Machinery, Node, Scalability and Scheduling]
- PersistentVolumeClaim objects are no longer left with storage class set to `nil` forever, but will be updated retroactively once any StorageClass is set or created as default. ([#111467](https://github.com/kubernetes/kubernetes/pull/111467), [@RomanBednar](https://github.com/RomanBednar)) [SIG Apps, Storage and Testing]
- Promote CronJob's TimeZone support to beta ([#111435](https://github.com/kubernetes/kubernetes/pull/111435), [@soltysh](https://github.com/soltysh)) [SIG API Machinery, Apps and Testing]
- Promote DaemonSet MaxSurge to GA. This means `--feature-gates=DaemonSetUpdateSurge=true` are not needed on kube-apiserver and kube-controller-manager binaries and they'll be removed soon following policy at https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation ([#111194](https://github.com/kubernetes/kubernetes/pull/111194), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG Apps]
- Respect PodTopologySpread after rolling upgrades ([#111441](https://github.com/kubernetes/kubernetes/pull/111441), [@denkensk](https://github.com/denkensk)) [SIG API Machinery, Apps, Scheduling and Testing]
- Scheduler: include supported ScoringStrategyType list in error message for NodeResourcesFit plugin ([#111206](https://github.com/kubernetes/kubernetes/pull/111206), [@SataQiu](https://github.com/SataQiu)) [SIG Scheduling]
- The Pod `spec.podOS` field is promoted to GA. The `IdentifyPodOS` feature gate unconditionally enabled, and will no longer be accepted as a `--feature-gates` parameter in 1.27. ([#111229](https://github.com/kubernetes/kubernetes/pull/111229), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG API Machinery, Apps and Windows]
- The command line flag `enable-taint-manager` for kube-controller-manager is deprecated and will be removed in 1.26.
  The feature that it supports, taint based eviction, is enabled by default and will continue to be implicitly enabled when the flag is removed. ([#111411](https://github.com/kubernetes/kubernetes/pull/111411), [@alculquicondor](https://github.com/alculquicondor)) [SIG API Machinery]
- [Ephemeral Containers](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/) are now generally available. The `EphemeralContainers` feature gate is always enabled and should be removed from `--feature-gates` flag on the kube-apiserver and the kubelet command lines. The `EphemeralContainers` feature gate is [deprecated and scheduled for removal](https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation) in a future release. ([#111402](https://github.com/kubernetes/kubernetes/pull/111402), [@verb](https://github.com/verb)) [SIG API Machinery, Apps, Node, Storage and Testing]

### Feature

- A new flag `etcd-ready-timeout` has been added. It configures a timeout of an additional etcd check performed as part of readyz check. ([#111399](https://github.com/kubernetes/kubernetes/pull/111399), [@Argh4k](https://github.com/Argh4k)) [SIG API Machinery]
- Add a new `align-by-socket` policy option to cpu manager `static` policy. When enabled CPU's to be aligned at socket boundary rather than NUMA boundary. ([#111278](https://github.com/kubernetes/kubernetes/pull/111278), [@arpitsardhana](https://github.com/arpitsardhana)) [SIG Node]
- Add container probe duration metrics ([#104484](https://github.com/kubernetes/kubernetes/pull/104484), [@jackfrancis](https://github.com/jackfrancis)) [SIG Instrumentation and Node]
- Added Service Account field in the output of `kubectl describe pod` command. ([#111192](https://github.com/kubernetes/kubernetes/pull/111192), [@aufarg](https://github.com/aufarg)) [SIG CLI]
- Adds new flags into alpha events such as --output, --types, --no-headers ([#110007](https://github.com/kubernetes/kubernetes/pull/110007), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI and Testing]
- CSIMigrationAWS upgraded to GA and locked to true. ([#111479](https://github.com/kubernetes/kubernetes/pull/111479), [@wongma7](https://github.com/wongma7)) [SIG Apps, Scheduling and Storage]
- CSIMigrationGCE upgraded to GA and locked to true. ([#111301](https://github.com/kubernetes/kubernetes/pull/111301), [@mattcary](https://github.com/mattcary)) [SIG Apps, Node, Scheduling and Storage]
- Feature gate `ProbeTerminationGracePeriod` is enabled by default. ([#108541](https://github.com/kubernetes/kubernetes/pull/108541), [@kerthcet](https://github.com/kerthcet)) [SIG Node]
- Ginkgo: when e2e tests are invoked through ginkgo-e2e.sh, the default now is to use color escape sequences only when connected to a terminal. `GINKGO_NO_COLOR=y/n` can be used to override that default. ([#111633](https://github.com/kubernetes/kubernetes/pull/111633), [@pohly](https://github.com/pohly)) [SIG Testing]
- Graduated `CustomResourceValidationExpressions` to `beta`. The `CustomResourceValidationExpressions` feature gate is now enabled by default. ([#111524](https://github.com/kubernetes/kubernetes/pull/111524), [@cici37](https://github.com/cici37)) [SIG API Machinery]
- If a Pod has a DisruptionTarget condition with status=True for more than 2 minutes without getting a DeletionTimestamp, the control plane resets it to status=False ([#111475](https://github.com/kubernetes/kubernetes/pull/111475), [@alculquicondor](https://github.com/alculquicondor)) [SIG API Machinery, Apps, Node and Testing]
- Kubectl diff changed to ignore managed fields by default, and a new --show-managed-fields flag has been added to allow you to include managed fields in the diff ([#111319](https://github.com/kubernetes/kubernetes/pull/111319), [@brianpursley](https://github.com/brianpursley)) [SIG CLI]
- Kubernetes is now built with go 1.19.0 ([#111679](https://github.com/kubernetes/kubernetes/pull/111679), [@puerco](https://github.com/puerco)) [SIG Release and Testing]
- Metric `running_managed_controllers` is enabled for Cloud Node Lifecycle controller ([#111033](https://github.com/kubernetes/kubernetes/pull/111033), [@jprzychodzen](https://github.com/jprzychodzen)) [SIG Apps, Cloud Provider and Network]
- Metric `running_managed_controllers` is enabled for Node IPAM controller in KCM ([#111466](https://github.com/kubernetes/kubernetes/pull/111466), [@jprzychodzen](https://github.com/jprzychodzen)) [SIG API Machinery, Apps, Cloud Provider and Network]
- Metric `running_managed_controllers` is enabled for Route,Service and Cloud Node controllers in KCM and CCM ([#111462](https://github.com/kubernetes/kubernetes/pull/111462), [@jprzychodzen](https://github.com/jprzychodzen)) [SIG Cloud Provider, Network and Testing]
- New flag `--disable-compression-for-client-ips` can be used to control client address ranges for which traffic shouldn't be compressed. ([#111507](https://github.com/kubernetes/kubernetes/pull/111507), [@mborsz](https://github.com/mborsz)) [SIG API Machinery]
- Promote LocalStorageCapacityIsolationFSQuotaMonitoring to beta ([#107329](https://github.com/kubernetes/kubernetes/pull/107329), [@pacoxu](https://github.com/pacoxu)) [SIG Node and Testing]
- Update cAdvisor to v0.45.0 ([#111647](https://github.com/kubernetes/kubernetes/pull/111647), [@bobbypage](https://github.com/bobbypage)) [SIG Node]

### Bug or Regression

- Faster mount detection for linux kernel 5.10+ using openat2 speeding up pod churn rates. On Kernel versions less 5.10, it will fallback to using the original way of detecting mount points i.e by parsing /proc/mounts. ([#109217](https://github.com/kubernetes/kubernetes/pull/109217), [@manugupt1](https://github.com/manugupt1)) [SIG Cloud Provider and Storage]
- Fix JobTrackingWithFinalizers when a pod succeeds after the job is considered failed, which led to API conflicts that blocked finishing the job. ([#111646](https://github.com/kubernetes/kubernetes/pull/111646), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing]
- Fix performance issue when creating large objects using SSA with fully unspecified schemas (preserveUnknownFields). ([#111557](https://github.com/kubernetes/kubernetes/pull/111557), [@alexzielenski](https://github.com/alexzielenski)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage]
- Fix s.RuntimeCgroups error condition and Fix possible wrong log print ([#110648](https://github.com/kubernetes/kubernetes/pull/110648), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Node]
- Fixed mounting of iSCSI volumes over IPv6 networks. ([#110688](https://github.com/kubernetes/kubernetes/pull/110688), [@jsafrane](https://github.com/jsafrane)) [SIG Storage]
- Fixes a bug which could have allowed an improperly annotated LoadBalancer service to become active. ([#109601](https://github.com/kubernetes/kubernetes/pull/109601), [@mdbooth](https://github.com/mdbooth)) [SIG Cloud Provider and Network]
- Kubeadm: enable the --experimental-watch-progress-notify-interval flag for etcd and set it to 5s. The flag specifies an interval at which etcd sends watch data to the kube-apiserver. ([#111383](https://github.com/kubernetes/kubernetes/pull/111383), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG Cluster Lifecycle]
- Kubelet: add log for volume metric collection taking too long ([#107490](https://github.com/kubernetes/kubernetes/pull/107490), [@pacoxu](https://github.com/pacoxu)) [SIG Node and Storage]
- Kubelet: add validation for labels provided with --node-labels. Malformed labels will result in errors. ([#109263](https://github.com/kubernetes/kubernetes/pull/109263), [@FeLvi-zzz](https://github.com/FeLvi-zzz)) [SIG Node]
- Make usage of key encipherment optional in API validation ([#111061](https://github.com/kubernetes/kubernetes/pull/111061), [@pacoxu](https://github.com/pacoxu)) [SIG Apps, Auth and Node]
- Namespace editors and admins can now create leases.coordination.k8s.io and should use this type for leaderelection instead of configmaps. ([#111472](https://github.com/kubernetes/kubernetes/pull/111472), [@deads2k](https://github.com/deads2k)) [SIG API Machinery and Auth]
- Print pod.Spec.RuntimeClassName in kubectl describe ([#110914](https://github.com/kubernetes/kubernetes/pull/110914), [@yeahdongcn](https://github.com/yeahdongcn)) [SIG CLI]
- Reduce the number of cloud API calls and service downtime caused by excessive re-configurations of cluster LBs with externalTrafficPolicy=Local when node readiness changes (https://github.com/kubernetes/kubernetes/issues/111539). The service controller (in cloud-controller-manager) will avoid resyncing nodes which are transitioning between `Ready` / `NotReady` (only for for ETP=Local Services). The LBs used for these services will solely rely on the health check probe defined by the `healthCheckNodePort` to determine if a particular node is to be used for traffic load balancing. ([#109706](https://github.com/kubernetes/kubernetes/pull/109706), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG API Machinery, Cloud Provider, Network and Testing]
- Remove the recently re-introduced schedulability predicate (by PR: https://github.com/kubernetes/kubernetes/pull/109706) as to not have unschedulable nodes removed from load balancers back-end pools. ([#111691](https://github.com/kubernetes/kubernetes/pull/111691), [@alexanderConstantinescu](https://github.com/alexanderConstantinescu)) [SIG Cloud Provider and Network]
- The `priority_level_request_utilization` metric histogram is adjusted so that for the cases where `phase=waiting` the denominator is the cumulative capacity of all of the priority level's queues.
  The `read_vs_write_current_requests` metric histogram is adjusted, in the case of using API Priority and Fairness instead of max-in-flight, to divide by the relevant limit: sum of queue capacities for waiting requests, sum of seat limits for executing requests. ([#110164](https://github.com/kubernetes/kubernetes/pull/110164), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery, Instrumentation and Testing]
- This change fixes the gce firewall update when the destination IPs are changing so that firewalls reflect the IP updates of the LBs. ([#111186](https://github.com/kubernetes/kubernetes/pull/111186), [@sugangli](https://github.com/sugangli)) [SIG Cloud Provider]
- Unmount volumes correctly for reconstructed volumes even if mount operation fails after kubelet restart ([#110670](https://github.com/kubernetes/kubernetes/pull/110670), [@gnufied](https://github.com/gnufied)) [SIG Node and Storage]
- Update max azure data disk count map with new VM types ([#111406](https://github.com/kubernetes/kubernetes/pull/111406), [@bennerv](https://github.com/bennerv)) [SIG Cloud Provider and Storage]
- Upgrades functionality of `kubectl kustomize` as described at
  https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.5.7 ([#111606](https://github.com/kubernetes/kubernetes/pull/111606), [@natasha41575](https://github.com/natasha41575)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider and Instrumentation]
- UserName check for 'ContainerAdministrator' is now case-insensitive if runAsNonRoot is set to true on Windows. ([#111009](https://github.com/kubernetes/kubernetes/pull/111009), [@marosset](https://github.com/marosset)) [SIG Node, Testing and Windows]
- Windows kubelet plugin Watcher now working as intended. ([#111439](https://github.com/kubernetes/kubernetes/pull/111439), [@claudiubelu](https://github.com/claudiubelu)) [SIG Node, Testing and Windows]

### Other (Cleanup or Flake)

- Add e2e test flag to specify which volume drivers should be installed. This deprecates the ENABLE_STORAGE_GCE_PD_DRIVER environment variable. ([#111481](https://github.com/kubernetes/kubernetes/pull/111481), [@mattcary](https://github.com/mattcary)) [SIG Storage and Testing]
- Default burst limit for the discovery client is now 300. ([#109141](https://github.com/kubernetes/kubernetes/pull/109141), [@ulucinar](https://github.com/ulucinar)) [SIG API Machinery and CLI]
- For Linux, `kube-proxy` uses a new “distroless” container image, instead of an image based on Debian. ([#111060](https://github.com/kubernetes/kubernetes/pull/111060), [@aojea](https://github.com/aojea)) [SIG Network, Release and Testing]
- Kube-scheduler ComponentConfig v1beta2 is deprecated in v1.25. ([#111547](https://github.com/kubernetes/kubernetes/pull/111547), [@kerthcet](https://github.com/kerthcet)) [SIG Scheduling]
- Shell completion is now provided for the "--subresource" flag. ([#109070](https://github.com/kubernetes/kubernetes/pull/109070), [@marckhouzam](https://github.com/marckhouzam)) [SIG CLI]
- The kubelet no longer supports collecting accelerator metrics through cAdvisor. The feature gate `DisableAcceleratorUsageMetrics` is now GA and cannot be disabled. ([#110940](https://github.com/kubernetes/kubernetes/pull/110940), [@pacoxu](https://github.com/pacoxu)) [SIG Node]

## Dependencies

### Added
- github.com/gogo/googleapis: [v1.4.1](https://github.com/gogo/googleapis/tree/v1.4.1)
- go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful: v0.20.0
- go.opentelemetry.io/contrib/propagators: v0.20.0

### Changed
- github.com/containerd/containerd: [v1.4.12 → v1.4.9](https://github.com/containerd/containerd/compare/v1.4.12...v1.4.9)
- github.com/docker/docker: [v20.10.12+incompatible → v20.10.17+incompatible](https://github.com/docker/docker/compare/v20.10.12...v20.10.17)
- github.com/google/cadvisor: [v0.44.1 → v0.45.0](https://github.com/google/cadvisor/compare/v0.44.1...v0.45.0)
- github.com/google/cel-go: [v0.12.3 → v0.12.4](https://github.com/google/cel-go/compare/v0.12.3...v0.12.4)
- github.com/imdario/mergo: [v0.3.5 → v0.3.6](https://github.com/imdario/mergo/compare/v0.3.5...v0.3.6)
- github.com/matttproud/golang_protobuf_extensions: [c182aff → v1.0.1](https://github.com/matttproud/golang_protobuf_extensions/compare/c182aff...v1.0.1)
- github.com/xlab/treeprint: [a009c39 → v1.1.0](https://github.com/xlab/treeprint/compare/a009c39...v1.1.0)
- github.com/yuin/goldmark: [v1.4.1 → v1.4.13](https://github.com/yuin/goldmark/compare/v1.4.1...v1.4.13)
- golang.org/x/mod: 9b9b3d8 → 86c51ed
- golang.org/x/net: 27dd868 → a158d28
- golang.org/x/sync: 036812b → 886fb93
- golang.org/x/sys: a9b59b0 → 8c9f86f
- golang.org/x/tools: v0.1.10 → v0.1.12
- k8s.io/kube-openapi: 011e075 → 67bda5d
- k8s.io/utils: 3a6ce19 → ee6ede2
- sigs.k8s.io/kustomize/api: v0.11.4 → v0.12.1
- sigs.k8s.io/kustomize/cmd/config: v0.10.6 → v0.10.9
- sigs.k8s.io/kustomize/kustomize/v4: v4.5.4 → v4.5.7
- sigs.k8s.io/kustomize/kyaml: v0.13.6 → v0.13.9
- sigs.k8s.io/structured-merge-diff/v4: v4.2.1 → v4.2.3

### Removed
- github.com/clusterhq/flocker-go: [2b8b725](https://github.com/clusterhq/flocker-go/tree/2b8b725)
- github.com/quobyte/api: [v0.1.8](https://github.com/quobyte/api/tree/v0.1.8)
- github.com/storageos/go-api: [v2.2.0+incompatible](https://github.com/storageos/go-api/tree/v2.2.0)



# v1.25.0-alpha.3


## Downloads for v1.25.0-alpha.3



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes.tar.gz) | 7f4c79b7ed811df512afca3b8cd9cac2e7119b8ea3f2a03c858d9482e9b788e85fa0f78e60e913e3fc6ba30c5c398730461f5d9753839cf7acc8108089c7c9d7
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-src.tar.gz) | b6ccd63be2677633774f98d182a3acd4828135dd43bb8cd532f722373f8271d00295b401a0344c6b263c9c44fcdd1f815263e0ac31e60f0e55b38435a8cde7bc

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-darwin-amd64.tar.gz) | c1cc390b4aa00bcb367a746af4ea6dd884662559254367868fd57afd79c45b51dc3cf62861e980b91059a998bf13a8deba247b068ab7df179cc3206af4e731fa
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-darwin-arm64.tar.gz) | b5fbc71abe517ab45486708081b66938f6643c2d85b3630a13008338ba65f0be56d3304e00d013ed49c67edd39a60cae1b045bd9165c8c1bd562e1bc6df09803
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-linux-386.tar.gz) | f981b4421493d3588c4f8fcb4dc95821d7218cc10a62fc68264dad2d640e8e2ece4a4647f5cf96bf9337719c9a803c72255b6d5fbbc5533c719e9e59ccb50de6
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-linux-amd64.tar.gz) | ec2d0dda384702d5c826f08a71d6527d79565a4f81dbd56f5482ffde889e6d5d9a6cd26824212af1e91f2ba84f062b6926cf795edc3dac1174e085a14be4ced5
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-linux-arm.tar.gz) | 7125fa0b199de63d1ffe56d5749e8a37cf4d61e993a6fa3c6cc47f1e3d120b949eec3c2901df0875a579f3b4fa142925918169a6a1dfa098932c57b91d5cf53b
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-linux-arm64.tar.gz) | ee24154a7f95cb9c73c1eb53ccd3dc297492afd319b3581682a5050d825cf52c01753ae1fc18cb8bc6c5fa22ba019642edafaccf87b7077320ac8976a0b66655
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-linux-ppc64le.tar.gz) | b1218f27c5f3183622d7ec909c416df2bdf7a178005dccf4c84f24340140f9221fe6c284e7947ff4d59cc652d3489758f406fc27e60593f3aaa1c5ac692556d9
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-linux-s390x.tar.gz) | 4aa77ffe79235a5c3dfffd797a567535c2b23a47fd10840bed5db8f3ad623bc1977045fd13e14875f8cddc59b9d146babe5904ed4e2a9e4d2920894dca6e7d15
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-windows-386.tar.gz) | 5c3c42e37f8d6cb53d8abd8a8af7b8da8dad8151f8182428714acc0809e1a0d478488f9d106f5c6acc1ec0489ee22c63230f65f0677796605c3e0bde352440c9
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-windows-amd64.tar.gz) | 1c55a3c1a73d519a4958e2ec79a56bbe28b27bada3af605efcd60a3a643244b24d7eaf2932046a811c11aa98a32de460613b012bbb7adfe0d13aa8a9a9113acc
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-client-windows-arm64.tar.gz) | 855779f6a7b5d75c60ba21401b2c9a94672dd9a99250bb95103a871e59232e4b409e3330d0ef946899b077f6c43f2bc3eb32c22f3fcc731b6db34247d3278fee

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-server-linux-amd64.tar.gz) | 1a25a5475380658ad56bd49e7db241cec648179df8627a1975d996c0656629a272427f944a587a817b28e2690a5723fcf00127084ef84505d13cb64d7a4ccc61
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-server-linux-arm.tar.gz) | ad9e57e6d46d2b0840df0e67c9162524175667c05abc30338c0fec06ecc130ca616346c1c54195c08732950d428c51f5b0898eb4f09f64d94407dfb432daf028
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-server-linux-arm64.tar.gz) | ba04737cf996a2ada5db399df37b736f4511670e4d2537effab97f8f5b774b624ecce3fdcffa42d4edb5e084f62ba0fe526dfabc42b137c29570bc6516d6053a
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-server-linux-ppc64le.tar.gz) | d5f6ab04e5017132e3f76251b6a91791b5b62b8a897ffddada6e4bb7172ad771c72472e63bdfb296240ef8794d57d5c7382dc13af4d6d49a4e716b6215f693e8
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-server-linux-s390x.tar.gz) | 9878847bcff5c4154eb2fc85f6962a0be8c37a126b23a1351eb2bc65bb22ddabce3f32473f35e91463e464a1189f5caaa764c1019e4217bfd86223b878f4ae69

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-node-linux-amd64.tar.gz) | e6f58c79b02d4a6a6d65be9d890cd6cdfeb61a200439f4640f7c3529c38524bf19ba5769514ebeee95a3fc1da2c67049ce563f8cc39635bf025930e74319c944
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-node-linux-arm.tar.gz) | ead6acf178ea4e74dfc64a06f1c2deb88bf940af44e50117706a0b11ba86cf9fce66346bc5a22f857c10994d3e7145eb89d74f5e8c35133a03cc6f18630c9439
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-node-linux-arm64.tar.gz) | a253334f379c9df9cb81bc9ce68c1034b091c765e29c80e34d7c0eb7cd8bf743f66e004f45853ecc9de9a5aa5c757736bc6baa09fcd571297edd32a44e719baf
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-node-linux-ppc64le.tar.gz) | 44d54ce977e3e97abf5020de3957903a1c06caa4f034ce9c6af3b975bb6ea2559f33bce870e684712815f27f70c5cad793c965ae645689a9ca0bad6360a93f9b
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-node-linux-s390x.tar.gz) | 02739821cc67e7146e89646f357475a362ca75a42e266c8c430582743126ee78db22dbfde9a3a51e92a28ca1d35dcdb79dd5a89383a68918b489a8feaf3d01e8
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.3/kubernetes-node-windows-amd64.tar.gz) | 0a2c21b73203531d4772d178a6b1a642147a02171d0563fadc8041e2f8972f6fa2d475e44105b8f17d58f04fffd7eecb3e1f2d0cc5dd8c9ebe581e1b539c0912

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[k8s.gcr.io/conformance:v1.25.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[k8s.gcr.io/kube-apiserver:v1.25.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[k8s.gcr.io/kube-controller-manager:v1.25.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[k8s.gcr.io/kube-proxy:v1.25.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[k8s.gcr.io/kube-scheduler:v1.25.0-alpha.3](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.0-alpha.2

## Urgent Upgrade Notes

### (No, really, you MUST read this before you upgrade)

 - End-to-end testing has been migrated from Ginkgo v1 to v2.

  When running test/e2e via the Ginkgo CLI, the v2 CLI must be used and `-timeout=24h` (or some other, suitable value) must be passed because the default timeout was reduced from 24h to 1h. When running it via `go test`, the corresponding `-args` parameter is `-ginkgo.timeout=24h`. To build the CLI in the Kubernetes repo, use `make all WHAT=github.com/onsi/ginkgo/v2/ginkgo`.
  Ginkgo V2 doesn't accept go test's `-parallel` flags to parallelize Ginkgo specs, please switch to use `ginkgo -p` or `ginkgo -procs=N` instead. ([#109111](https://github.com/kubernetes/kubernetes/pull/109111), [@chendave](https://github.com/chendave)) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Scheduling, Storage, Testing and Windows]

## Changes by Kind

### Deprecation

- Ginkgo.Measure has been deprecated in Ginkgo V2, switch to use gomega/gmeasure instead ([#111065](https://github.com/kubernetes/kubernetes/pull/111065), [@chendave](https://github.com/chendave)) [SIG Autoscaling and Testing]

### API Change

- Added a new feature gate `CheckpointRestore` to enable support to checkpoint containers. If enabled it is possible to checkpoint a container using the newly kubelet API (/checkpoint/{podNamespace}/{podName}/{containerName}). ([#104907](https://github.com/kubernetes/kubernetes/pull/104907), [@adrianreber](https://github.com/adrianreber)) [SIG Node and Testing]
- EndPort field in Network Policy is now promoted to GA

  Network Policy providers that support endPort field now can use it to specify a range of ports to apply a Network Policy.

  Previously, each Network Policy could only target a single port.

  Please be aware that endPort field MUST BE SUPPORTED by the Network Policy provider. In case your provider does not support endPort and this field is specified in a Network Policy, the Network Policy will be created covering only the port field (single port). ([#110868](https://github.com/kubernetes/kubernetes/pull/110868), [@rikatz](https://github.com/rikatz)) [SIG API Machinery, Network and Testing]
- Make PodSpec.Ports' description clearer on how this information is only informational and how it can be incorrect. ([#110564](https://github.com/kubernetes/kubernetes/pull/110564), [@j4m3s-s](https://github.com/j4m3s-s)) [SIG API Machinery, Network and Node]
- On compatible systems, a mounter's Unmount implementation is changed to not return an error when the specified target can be detected as not a mount point. On Linux, the behavior of detecting a mount point depends on `umount` command is validated when the mounter is created. Additionally, mount point checks will be skipped in CleanupMountPoint/CleanupMountWithForce if the mounter's Unmount having the changed behavior of not returning error when target is not a mount point. ([#109676](https://github.com/kubernetes/kubernetes/pull/109676), [@cartermckinnon](https://github.com/cartermckinnon)) [SIG Storage]
- Promote StatefulSet minReadySeconds to GA. This means `--feature-gates=StatefulSetMinReadySeconds=true` are not needed on kube-apiserver and kube-controller-manager binaries and they'll be removed soon following policy at https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecation ([#110896](https://github.com/kubernetes/kubernetes/pull/110896), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG API Machinery, Apps and Testing]
- The Pod `spec.podOS` field is promoted to GA. The `IdentifyPodOS` feature gate unconditionally enabled, and will no longer be accepted as a `--feature-gates` parameter in 1.27. ([#111229](https://github.com/kubernetes/kubernetes/pull/111229), [@ravisantoshgudimetla](https://github.com/ravisantoshgudimetla)) [SIG API Machinery, Apps and Windows]
- The `minDomains` field in Pod Topology Spread is graduated to beta ([#110388](https://github.com/kubernetes/kubernetes/pull/110388), [@sanposhiho](https://github.com/sanposhiho)) [SIG API Machinery and Apps]

### Feature

- Enable the beta feature ServiceIPStaticSubrange by default ([#110703](https://github.com/kubernetes/kubernetes/pull/110703), [@aojea](https://github.com/aojea)) [SIG Network]
- Enabling CSIMigrationvSphere feature by default. ([#103523](https://github.com/kubernetes/kubernetes/pull/103523), [@divyenpatel](https://github.com/divyenpatel)) [SIG Cloud Provider and Storage]
- Graduated SeccompDefault to `beta`. The Kubelet feature gate is now enabled by default and the configuration/CLI flag still defaults to `false`. ([#110805](https://github.com/kubernetes/kubernetes/pull/110805), [@saschagrunert](https://github.com/saschagrunert)) [SIG Node and Testing]
- Graduated ServerSideFieldValidation to `beta`. Schema validation is performed server-side and requests will receive warnings for any invalid/unknown fields by default. ([#110178](https://github.com/kubernetes/kubernetes/pull/110178), [@kevindelgado](https://github.com/kevindelgado)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Storage and Testing]
- In "large" clusters, kube-proxy in iptables mode will now sometimes
  leave unused rules in iptables for a while (up to `--iptables-sync-period`)
  before deleting them. This improves performance by not requiring it to
  check for stale rules on every sync. (In smaller clusters, it will still
  remove unused rules immediately once they are no longer used.)

  (The threshold for "large" used here is currently "1000 endpoints" but
  this is subject to change.) ([#110334](https://github.com/kubernetes/kubernetes/pull/110334), [@danwinship](https://github.com/danwinship)) [SIG Network]
- Introduce new KUBECACHEDIR environment variable to override default discovery cache directory which is $HOME/.kube/cache ([#109479](https://github.com/kubernetes/kubernetes/pull/109479), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI]
- JobTrackingWithFinalizers enabled by default. This feature allows to keep track of the Job progress without relying on Pods staying in the apiserver. ([#110948](https://github.com/kubernetes/kubernetes/pull/110948), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps]
- Kubeadm: make sure the etcd static pod startup probe uses /health?serializable=false while the liveness probe uses /health?serializable=true&exclude=NOSPACE. The NOSPACE exclusion would allow administrators to address space issues one member at a time. ([#110744](https://github.com/kubernetes/kubernetes/pull/110744), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
- Pod SecurityContext and PodSecurityPolicy supports slash as sysctl separator. ([#106834](https://github.com/kubernetes/kubernetes/pull/106834), [@mengjiao-liu](https://github.com/mengjiao-liu)) [SIG Apps, Architecture, Auth, Node, Security and Testing]

### Documentation

- Optimization of kubectl Chinese translation ([#110538](https://github.com/kubernetes/kubernetes/pull/110538), [@hwdef](https://github.com/hwdef)) [SIG CLI]

### Bug or Regression

- Adds error message "dry-run can not be used when --force is set" when dry-run and force flags are set in replace command. ([#110326](https://github.com/kubernetes/kubernetes/pull/110326), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI]
- Bug fix in test/e2e/framework  Framework.RecordFlakeIfError ([#111048](https://github.com/kubernetes/kubernetes/pull/111048), [@alingse](https://github.com/alingse)) [SIG Testing]
- Do not report terminated container metrics ([#110950](https://github.com/kubernetes/kubernetes/pull/110950), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Node]
- Fix bug where a job sync is not retried when there is a transient ResourceQuota conflict ([#111026](https://github.com/kubernetes/kubernetes/pull/111026), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps]
- Fixes scheduling of cronjobs with @every X schedules. ([#109250](https://github.com/kubernetes/kubernetes/pull/109250), [@d-honeybadger](https://github.com/d-honeybadger)) [SIG Apps]
- For scheduler plugin developers: the scheduler framework's shared PodInformer is now initialized with empty indexers. This enables scheduler plugins to add their extra indexers. Note that only non-conflict indexers are allowed to be added. ([#110663](https://github.com/kubernetes/kubernetes/pull/110663), [@fromanirh](https://github.com/fromanirh)) [SIG Scheduling]
- If the parent directory of the file specified in the `--audit-log-path` argument does not exist, Kubernetes now creates it. ([#110813](https://github.com/kubernetes/kubernetes/pull/110813), [@vpnachev](https://github.com/vpnachev)) [SIG Auth]
- Kubeadm: fix the bug that configurable KubernetesVersion not respected during kubeadm join ([#110791](https://github.com/kubernetes/kubernetes/pull/110791), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
- Kubeadm: respect user specified image repository when using Kubernetes ci version ([#111017](https://github.com/kubernetes/kubernetes/pull/111017), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
- Kubeadm: support retry mechanism for removing container in reset phase ([#110837](https://github.com/kubernetes/kubernetes/pull/110837), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
- Run kubelet, when there is an error exit, print the error log ([#110691](https://github.com/kubernetes/kubernetes/pull/110691), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Node]
- The node annotation alpha.kubernetes.io/provided-node-ip is no longer set ONLY when `--cloud-provider=external`.  Now, it is set on kubelet startup if the `--cloud-provider` flag is set at all, including the deprecated in-tree providers. ([#109794](https://github.com/kubernetes/kubernetes/pull/109794), [@mdbooth](https://github.com/mdbooth)) [SIG Network and Node]
- When metrics are counted, discard the wrong container StartTime metrics ([#110880](https://github.com/kubernetes/kubernetes/pull/110880), [@yangjunmyfm192085](https://github.com/yangjunmyfm192085)) [SIG Instrumentation and Node]
- [aws] Fixed a bug which reduces the number of unnecessary calls to STS in the event of assume role failures in the legacy cloud provider ([#110706](https://github.com/kubernetes/kubernetes/pull/110706), [@prateekgogia](https://github.com/prateekgogia)) [SIG Cloud Provider]

### Other (Cleanup or Flake)

- In the event that more than one IngressClass is designated "default", the DefaultIngressClass admission controller will choose one rather than fail. ([#110974](https://github.com/kubernetes/kubernetes/pull/110974), [@kidddddddddddddddddddddd](https://github.com/kidddddddddddddddddddddd)) [SIG Network]
- Kube-proxy: The "userspace" proxy-mode is deprecated on Linux and Windows, despite being the default on Windows.  As of v1.26, the default mode for Windows will change to 'kernelspace'. ([#110762](https://github.com/kubernetes/kubernetes/pull/110762), [@pandaamanda](https://github.com/pandaamanda)) [SIG Network]
- Some apiserver metrics were changed, as follows.
  - `priority_level_seat_count_samples` is replaced with `priority_level_seat_utilization`, which samples every nanosecond rather than every millisecond; the old metric conveyed utilization despite its name.
  - `priority_level_seat_count_watermarks` is removed.
  - `priority_level_request_count_samples` is replaced with `priority_level_request_utilization`, which samples every nanosecond rather than every millisecond; the old metric conveyed utilization despite its name.
  - `priority_level_request_count_watermarks` is removed.
  - `read_vs_write_request_count_samples` is replaced with `read_vs_write_current_requests`, which samples every nanosecond rather than every second; the new metric, like the old one, measures utilization when the max-in-flight filter is used and number of requests when the API Priority and Fairness filter is used.
  - `read_vs_write_request_count_watermarks` is removed. ([#110104](https://github.com/kubernetes/kubernetes/pull/110104), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery, Instrumentation and Testing]

## Dependencies

### Added
- github.com/go-task/slim-sprig: [348f09d](https://github.com/go-task/slim-sprig/tree/348f09d)
- github.com/google/pprof: [94a9f03](https://github.com/google/pprof/tree/94a9f03)
- github.com/ianlancetaylor/demangle: [28f6c0f](https://github.com/ianlancetaylor/demangle/tree/28f6c0f)
- github.com/onsi/ginkgo/v2: [v2.1.4](https://github.com/onsi/ginkgo/v2/tree/v2.1.4)

### Changed
- github.com/antlr/antlr4/runtime/Go/antlr: [ad29539 → f25a4f6](https://github.com/antlr/antlr4/runtime/Go/antlr/compare/ad29539...f25a4f6)
- github.com/google/cel-go: [v0.11.2 → v0.12.3](https://github.com/google/cel-go/compare/v0.11.2...v0.12.3)
- github.com/onsi/gomega: [v1.10.1 → v1.19.0](https://github.com/onsi/gomega/compare/v1.10.1...v1.19.0)
- golang.org/x/net: cd36cc0 → 27dd868
- golang.org/x/sys: 3681064 → a9b59b0
- golang.org/x/tools: 897bd77 → v0.1.10
- google.golang.org/genproto: 1973136 → c8bf987
- google.golang.org/protobuf: v1.27.1 → v1.28.0
- k8s.io/klog/v2: v2.70.0 → v2.70.1
- k8s.io/kube-openapi: 31174f5 → 011e075
- sigs.k8s.io/json: 9f7c6b3 → f223a00

### Removed
- github.com/nxadm/tail: [v1.4.4](https://github.com/nxadm/tail/tree/v1.4.4)
- github.com/onsi/ginkgo: [v1.14.0](https://github.com/onsi/ginkgo/tree/v1.14.0)
- gopkg.in/tomb.v1: dd63297



# v1.25.0-alpha.2


## Downloads for v1.25.0-alpha.2



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes.tar.gz) | 72eb69d6fa1af801e98f207711ff30a2f77c95e71174386976d43e4704f8ff4a88e6e04c1a15d4b9806fc9ada321e39c74bed751049bb45a31f6fdbd85acde42
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-src.tar.gz) | 94dfca305c9bae36ff6984b06f335720db5dc6df41852012c8284424fbf021814461de0b376c3eed850f65e353b544ca66b0fc2d86c3b46dd6701c5380600e5b

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-darwin-amd64.tar.gz) | d71f74e1d9d3fbc59e25df8c43b6af360bcdf3ac3597411092e22359ecf6fc7f1091f01996865603ca0d65bfe1764bbc2cfa1aa94b5f9fad4b457986a880d42d
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-darwin-arm64.tar.gz) | 824a641a183a6a88a71a5d1cffe1c4db40a59e455dae0586bb379d71095fb9011c0a6c4a1338189c3c7615cec8b71c355d3ef18ff15bb72c82ba08027403b0be
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-linux-386.tar.gz) | b6bfb3d57f5842bb30cdf6b00442a43cb555dff741575a7b0ee43ffa8661b23db8e540a8cf2fd47c9ccf9454e0be593a4a06bc0a308d1861cc58cf3604739626
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-linux-amd64.tar.gz) | a71cd1bdf181a0a8fe0484aee393761b4fc50dbf6b71a589e2f3322fe9452302675a2d8deb3b087e9cc7e7495e5c7c3b7f2f70e065c65c83cf23561b8d32d97f
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-linux-arm.tar.gz) | 6cec180b1b623277b7ff9a680714f005ec4a606ab3297ac8159ed463cf268aa5668a4a8c5cddd63512869c46258193b9d0bedd7bae8a1e355c6ea84affbd9a7d
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-linux-arm64.tar.gz) | 9a6d51a396a96f5beb49327fae9aaec5e391fbbb44db4698f9b25fce1882b3d921b8b65e10b10f4b840f14e5e6c210f4a318c52c627e327adc9742dc5d909d6c
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-linux-ppc64le.tar.gz) | 533b2aedea645803cb282f84fbd8c38ee3146edaf33ff86dad85e9b9602a33f4ec19eceaf60cc3d4c02ef811a4a35c1c8cedad4d702c8c57f1a8c64b3d1c2674
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-linux-s390x.tar.gz) | fa83bc04fb0802638929fd4174342ec8ac567b996d5b44f6e2ce309d7084bc496de448b8f62479e4b1630890e7851afd3cecdce9926ce1c7e931fef5c1dfc063
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-windows-386.tar.gz) | 70c7cbcc0337eeb0e31eabf9b2309a82240e17858637c01e24af24830b971ac58aa3b8d6e2628b9eee29a075131c4037b3a18e33cf214ae8ca10b0341e782b2d
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-windows-amd64.tar.gz) | e04d4e605536a1a2aef33e699e22c49649e3bcf1330aae57c511914cbdf6ca5c1c7056a4a2aa7109900b58ef836ccf91572adbeddd274a75d8136cf8300a4e5a
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-client-windows-arm64.tar.gz) | cbc2075880daae0aed15d665e3bab50311a23616ab6b562bf5873754a83623ae01c8886c588fa36982eca4bc1d6d25f5e9bcaa9384b67dfbe376ed24bf1ba887

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-server-linux-amd64.tar.gz) | 0feb8e90c5defdb639154f4e5e87e4ec1ad2e3fdd2eb9f667df5e6ea4112fe0ab64d4c194ccb6bba812bdce0b41aed2f04e72b3fd34b08fbca9e92feec26015f
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-server-linux-arm.tar.gz) | e1104e286e710367e3254cd546f31f639c8ce2e1539e6d08a1b41e3af051535bca990922af29e2a9d63f6328bb19630ed7eb945176ff0e9d8c6dea4c1a540f13
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-server-linux-arm64.tar.gz) | d08a78a9791b6797cabd415c7b9a996e1dba5e0eef9e7eab9b09110018091fdec6e5ee7cb692960f5ef0805d3e4181f49507f09ba1ef3dfeb18adb58e09e1820
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-server-linux-ppc64le.tar.gz) | 23116faf8df942c1d7da7ebf02dcc78740a7ede7d9ec72473e0390ab7203cfc3fd4cd5bc65ff818825b924782c7cd9df742e1fad177f862e32b15a1a4d7d0e0c
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-server-linux-s390x.tar.gz) | 4853481452158658c3eecc3107f9c95df408b6ec99d655c6167f66374939d4dc030883376d1777b4420024473ffb7365d3a9c6f652032fb908377aa9648d61d5

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-node-linux-amd64.tar.gz) | 710ac7c343259319329a63accb4295f81d7ae63a104412c0d909449492c6091038d2ffc677169100da678759db02a9d79c57b340753e8e30fb3e2b5675d21ebb
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-node-linux-arm.tar.gz) | 372ca94ece9ac5ff862abb7fdb6732f23d7f665e1208e38e7aac642bcbeeb95801230872f48012502d1bbe9d7b0e0a22ff7b019a54c0a7e34b0deb153ca3f9ce
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-node-linux-arm64.tar.gz) | de75500809eb3ad7ee2772d0315e3e7aa697c8a1888c6eb57479770f8c92e9778088e0c970127462cc8e7bdd22016c38344cff0854100707e942128c47fa30cf
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-node-linux-ppc64le.tar.gz) | 1b4f54ec0037859a8410bbfecabbbc8de656576d121af35450182e7ec9708bc57cbaaa4fd36d79ddf368ebf74935e6f368365d1a9d0d93ec60982977c9900dca
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-node-linux-s390x.tar.gz) | efbfae7e592c9edb6830dbfafb0e1c4feadaee1d2c7211946789b4aac0f3fd56c3b1abb4f7c30617e8d0e51cef1f1df2b3cc582ecc543351c0918efc8e3fe6e9
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.2/kubernetes-node-windows-amd64.tar.gz) | 290649bd96432aa9e2042fae7a8412ef7e0b6c16dae9551b9320ced7c5a1c805cf112df1a5ede327e5474cd32ff04f9841eb2e84dec992c24882d5d71c178064

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[k8s.gcr.io/conformance:v1.25.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[k8s.gcr.io/kube-apiserver:v1.25.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[k8s.gcr.io/kube-controller-manager:v1.25.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[k8s.gcr.io/kube-proxy:v1.25.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[k8s.gcr.io/kube-scheduler:v1.25.0-alpha.2](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.25.0-alpha.1

## Changes by Kind

### API Change

- The Go API for logging configuration in k8s.io/component-base was moved to k8s.io/component-base/logs/api/v1. The configuration file format and command line flags are the same as before. ([#105797](https://github.com/kubernetes/kubernetes/pull/105797), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture, Cluster Lifecycle, Instrumentation, Node, Scheduling and Testing]
- The PodSecurity admission plugin has graduated to GA and is enabled by default. The admission configuration version has been promoted to `pod-security.admission.config.k8s.io/v1`. ([#110459](https://github.com/kubernetes/kubernetes/pull/110459), [@wangyysde](https://github.com/wangyysde)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node, Storage and Testing]

### Feature

- Adds KMS v2alpha1 API ([#110201](https://github.com/kubernetes/kubernetes/pull/110201), [@aramase](https://github.com/aramase)) [SIG API Machinery and Auth]
- Feature gate `CSIMigration` is locked to enabled. CSIMigration is GA now. The feature gate will be removed in 1.27 ([#110410](https://github.com/kubernetes/kubernetes/pull/110410), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Apps, Auth, Scheduling, Storage and Testing]
- Kubeadm: the preferred pod anti-affinity for CoreDNS is now enabled by default ([#110593](https://github.com/kubernetes/kubernetes/pull/110593), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
- These changes promote the CSIMigrationPortworx feature gate to Beta ([#110411](https://github.com/kubernetes/kubernetes/pull/110411), [@trierra](https://github.com/trierra)) [SIG Storage]
- Updating base image for Windows pause container images to one built on Windows machines to address limitations of building Windows container images on Linux machines. ([#110379](https://github.com/kubernetes/kubernetes/pull/110379), [@marosset](https://github.com/marosset)) [SIG Windows]

### Documentation

- EndpointSlices with Pod referencing Nodes that doesn't exist couldn't be created or updated.
  The behavior on the EndpointSlice controller has been modified to update the EndpointSlice without the Pods that reference non-existing Nodes, and keep retrying until all Pods reference existing Nodes.
  However, if service.Spec.PublishNotReadyAddresses is set, all the Pods are published without retrying.
  Fixed EndpointSlices metrics to reflect correctly the number of desired EndpointSlices when no endpoints are present. ([#110639](https://github.com/kubernetes/kubernetes/pull/110639), [@aojea](https://github.com/aojea)) [SIG Apps and Network]

### Bug or Regression

- Client-go: fixed an error in the fake client when submitting create API requests to subresources like pods/eviction ([#110425](https://github.com/kubernetes/kubernetes/pull/110425), [@LY-today](https://github.com/LY-today)) [SIG API Machinery]
- FibreChannel volume plugin may match the wrong device and wrong associated devicemapper parent.This may cause a disater that pods attach wrong disks. ([#110719](https://github.com/kubernetes/kubernetes/pull/110719), [@xakdwch](https://github.com/xakdwch)) [SIG Storage]
- Fix "dbus: connection closed by user" error after dbus daemon restart. ([#110496](https://github.com/kubernetes/kubernetes/pull/110496), [@kolyshkin](https://github.com/kolyshkin)) [SIG Node]
- Fix a bug that caused the wrong result length when using --chunk-size and --selector together ([#110652](https://github.com/kubernetes/kubernetes/pull/110652), [@Abirdcfly](https://github.com/Abirdcfly)) [SIG API Machinery and Testing]
- Fixes scheduling of cronjobs with @every X schedules. ([#109250](https://github.com/kubernetes/kubernetes/pull/109250), [@d-honeybadger](https://github.com/d-honeybadger)) [SIG Apps]
- Fixing issue on Windows nodes where HostProcess containers may not be created as expected. ([#110140](https://github.com/kubernetes/kubernetes/pull/110140), [@marosset](https://github.com/marosset)) [SIG Node and Windows]
- Kubeadm: handle dup `unix://` prefix in node annotation ([#110656](https://github.com/kubernetes/kubernetes/pull/110656), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle]
- Kubelet: add retry of checking Unix domain sockets on Windows nodes for the plugin registration mechanism ([#110075](https://github.com/kubernetes/kubernetes/pull/110075), [@luckerby](https://github.com/luckerby)) [SIG Node and Windows]
- Removed unused flags from kubectl run command ([#110668](https://github.com/kubernetes/kubernetes/pull/110668), [@brianpursley](https://github.com/brianpursley)) [SIG CLI]
- This change picks up the latest GCE pinhole firewall feature, which introduces destination-ranges in the ingress firewall-rules. It restricts the access to the backend IPs via allowing traffic via allowing traffic through ILB or NetLB IP only. This change does NOT change the existing ILB or NetLB behavior. ([#109510](https://github.com/kubernetes/kubernetes/pull/109510), [@sugangli](https://github.com/sugangli)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Storage]
- Volumes are no longer detached from healthy nodes after 6 minutes timeout. 6 minute force-detach timeout is used only for unhealthy nodes (`node.status.conditions["Ready"] != true`). ([#110721](https://github.com/kubernetes/kubernetes/pull/110721), [@jsafrane](https://github.com/jsafrane)) [SIG Apps]
- `kubeadm certs renew` and   `kubeadm certs check-expiration`  now honor the `cert-dir` on a working kubernetes cluster. ([#110709](https://github.com/kubernetes/kubernetes/pull/110709), [@chendave](https://github.com/chendave)) [SIG Cluster Lifecycle]

### Other (Cleanup or Flake)

- Improve kubectl run and debug attach problems error ([#110764](https://github.com/kubernetes/kubernetes/pull/110764), [@soltysh](https://github.com/soltysh)) [SIG CLI]
- Kubelet: silence flag output on errors ([#110728](https://github.com/kubernetes/kubernetes/pull/110728), [@howardjohn](https://github.com/howardjohn)) [SIG Node]
- Remove release-1.20 from prom bot due to eol ([#110748](https://github.com/kubernetes/kubernetes/pull/110748), [@cpanato](https://github.com/cpanato)) [SIG Release]

## Dependencies

### Added
- github.com/golang/snappy: [v0.0.3](https://github.com/golang/snappy/tree/v0.0.3)
- google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.1.0

### Changed
- cloud.google.com/go: v0.81.0 → v0.97.0
- github.com/GoogleCloudPlatform/k8s-cloud-provider: [ea6160c → f118173](https://github.com/GoogleCloudPlatform/k8s-cloud-provider/compare/ea6160c...f118173)
- github.com/google/martian/v3: [v3.1.0 → v3.2.1](https://github.com/google/martian/v3/compare/v3.1.0...v3.2.1)
- github.com/googleapis/gax-go/v2: [v2.0.5 → v2.1.1](https://github.com/googleapis/gax-go/v2/compare/v2.0.5...v2.1.1)
- github.com/opencontainers/runc: [v1.1.1 → v1.1.3](https://github.com/opencontainers/runc/compare/v1.1.1...v1.1.3)
- github.com/seccomp/libseccomp-golang: [3879420 → f33da4d](https://github.com/seccomp/libseccomp-golang/compare/3879420...f33da4d)
- google.golang.org/api: v0.46.0 → v0.60.0
- k8s.io/klog/v2: v2.60.1 → v2.70.0
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.30 → v0.0.32

### Removed
- github.com/google/pprof: [cbba55b](https://github.com/google/pprof/tree/cbba55b)
- github.com/ianlancetaylor/demangle: [28f6c0f](https://github.com/ianlancetaylor/demangle/tree/28f6c0f)
- github.com/jstemmer/go-junit-report: [v0.9.1](https://github.com/jstemmer/go-junit-report/tree/v0.9.1)



# v1.25.0-alpha.1


## Downloads for v1.25.0-alpha.1



### Source Code

filename | sha512 hash
-------- | -----------
[kubernetes.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes.tar.gz) | 01aa5755e4d58e2f5e449af62342155e784973f504f831b52aed13fa941075ea06e8fbcadca2445ac570318e7dd9f1042e0447bb74d6042e447dc87dd472b3fc
[kubernetes-src.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-src.tar.gz) | e62170247fb7c50f52274a6e86fde244766cf1cf86bab2913905e9063d03ce5a3882042c755291c766f66b4f4ab630e126d1a9446e31392f77c90a398af57570

### Client Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-darwin-amd64.tar.gz) | bb9408704de0f2adac81031d347cfa229a6aef413102a116193f50bf690eac8443bb97cfe59044a1857f7859b462f98fef5c9b7db52f9895d70d399e0d381f19
[kubernetes-client-darwin-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-darwin-arm64.tar.gz) | 0d8aafe99969241019685348bd40c9a5e252110121a9c19c6008874c54c4e6c62eb9470cc55e2eab300bebbaa78696539989a8a23d1e958a222aeabadad9e740
[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-linux-386.tar.gz) | 67db15a269e252c8945b40e049137a8e7575128f9890ffb121f8dd72b1a79f55aa92aa9e66d5299ef05dcd30bdf1856878f0373ba8c33c46a161cad696dd1c0a
[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-linux-amd64.tar.gz) | 58079330c0ebb41806782a7675bf37e8e6466d37ec50d75466b6a2633918d36326863c55a258f0cec8134f3a3abaaf66ab51be70cdb981499ed6f411d58d04fd
[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-linux-arm.tar.gz) | afc3b8b30ee5a4baef2b8bf69603884dc488ecd16ab790cdb94859abcbfee0103aff858f7e5778856a7265c54d1eef9df392b0f10ecd26c929a2fe89dcb292e5
[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-linux-arm64.tar.gz) | ef1417a70c0a3a428d966e7711f244a2553d85a330898c461a826082533358e0f4a220fd3ccf9295554a6e284fd89d2ebfc37b30cc69d323bf16ce4b9f5e02a4
[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-linux-ppc64le.tar.gz) | 5aec975459b3141f7dbb38c86c86fb89ee75470b77095280d2c4e6f5e9f8a4c3b5ef323cd6e4a4403c90d725276621c2d85e749090ce93648f238f289de83ceb
[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-linux-s390x.tar.gz) | 91dbe24885b0fad1bef4c0d60ac4c36ba78669e912ec51f7cfb9d4cc33e6f1ece4ee832a96eedb4d117d7defeaffa539e50b42433caf5145543463deb26146fb
[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-windows-386.tar.gz) | b9afed1db794c6df8a325c2831643965a7f4c0633b1a8e73432a08bc21a63f57d98a67115c5d8ede46e8b3ea002c1c2ef7d16d62e53530eb9cff92471f06e840
[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-windows-amd64.tar.gz) | 95f80902ecae4fac9aa2ef863c63bef752b2554a2e0b07cebd49db37d0ce06b5aafcad779793852634f92e1f0d6a3da4dec48387a361a4ede3f9bd77ee2b70ff
[kubernetes-client-windows-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-client-windows-arm64.tar.gz) | dee0a8658117f90c138e4bcc5dcba7bc201dcac3a993806eaeacc4ed1ba4a4b2aed0eed395169f372010bcde1966b5ba60734729247f7dc7610421ebf70746ba

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-server-linux-amd64.tar.gz) | 144c23ff1718b3635cb227c5bda29e7f57a63dc80b9aa5120046deb8cff44946a7ca1844303f6fcaebe3d9b9c91f41f57ec96cb407862322fb783068819ab917
[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-server-linux-arm.tar.gz) | b989cacd95bce88d70a2f17200f5d50e06c66e184bb1ab72ee94e65174a1cb8acbbbfb29dc22e85a0893cae31b903ef93ecc62aa7425d8fcbb35c365b588e72c
[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-server-linux-arm64.tar.gz) | 0a2ce7c6f016e52149cbe5df5f35db47fcd0c4de5dd04e8054305e3f6ad4554719d658af7cf6ddb40e8e3420bfbc32bbfc87d9f209a9e59813a17f51c4b0581d
[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-server-linux-ppc64le.tar.gz) | 63bb9ec0e88a6560cb9a415ee8d5656e5bfd9f63a8388f7abd960b72b6d58e0ba664f7aef7aaa6d436aafcc595a19766b85b1af9d076cf3985786888bdd8a258
[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-server-linux-s390x.tar.gz) | 8f99b8c0133771d0326b7c11ba65009c245f40fe71b1d7737343860e022d4be3c032df8dedf728184d017014c17df93df971622ced800788045fd234b50f36b4

### Node Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-node-linux-amd64.tar.gz) | 02f764c2f83992f0820d0186898da449616c4f6ce8a771990ac1f17e277ae369bfeadd24aa0ce2405c6386ff308556437e4f968401b2ef4fb6f344a0a6e60ebd
[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-node-linux-arm.tar.gz) | 6d87f6554d8051be21c268c9d847c1b66cf7785a9cb781b44494f013b9f1afb1018ad2ce54cedb62b33e93517cd630f3168ab63a6b03e7badde70e300bab9a9a
[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-node-linux-arm64.tar.gz) | 9d8d34cb09a73db6c3dabd04975fddbf7387db0f0a241c285fb7995c7256fc5ca37285b680f0f978438e5ca92451f163e1e4c90642c82101d415aa40b06afa2f
[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-node-linux-ppc64le.tar.gz) | 6c5d27306f65ab4eab19f0b39cadd5adb33a3dc3ef602cf4c1e7afd51ac250dea8fef58f748bdbd651d0d77806442b214d098b8a40910627b8a359e482a2706a
[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-node-linux-s390x.tar.gz) | c8d45846d19e8179969f339bfb4cd13c6d952990b30d301bbb345ac17c4ddaab38c22f798986af6ded6aad96e8415c92c86f2f8fb7fe1bda8b0aba6216758112
[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.25.0-alpha.1/kubernetes-node-windows-amd64.tar.gz) | dd1607634a718d790662420cbaa30af6d7c89b6f9ae64cef5ee224e42c32fe318bf6e1b2180894723fc890c315c4943004dd16c59f94e6daaa09e4435aed1e07

### Container Images

All container images are available as manifest lists and support the described
architectures. It is also possible to pull a specific architecture directly by
adding the "-$ARCH" suffix  to the container image name.

name | architectures
---- | -------------
[k8s.gcr.io/conformance:v1.25.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/conformance-s390x)
[k8s.gcr.io/kube-apiserver:v1.25.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-apiserver-s390x)
[k8s.gcr.io/kube-controller-manager:v1.25.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-controller-manager-s390x)
[k8s.gcr.io/kube-proxy:v1.25.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-proxy-s390x)
[k8s.gcr.io/kube-scheduler:v1.25.0-alpha.1](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler) | [amd64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-amd64), [arm](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm), [arm64](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-arm64), [ppc64le](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-ppc64le), [s390x](https://console.cloud.google.com/gcr/images/k8s-artifacts-prod/us/kube-scheduler-s390x)

## Changelog since v1.24.0

## Urgent Upgrade Notes

### (No, really, you MUST read this before you upgrade)

 - Deprecated beta APIs scheduled for removal in 1.25 are no longer served. See https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-25 for more information. ([#108797](https://github.com/kubernetes/kubernetes/pull/108797), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Instrumentation and Testing]
  - No action required; No API/CLI changed; Add new Windows Image Support ([#110333](https://github.com/kubernetes/kubernetes/pull/110333), [@liurupeng](https://github.com/liurupeng)) [SIG Cloud Provider and Windows]
  - There is a new OCI image registry (registry.k8s.io) that can be used to pull kubernetes images. The old registry (k8s.gcr.io) will continue to be supported for the foreseeable future, but the new name should perform better because it frontends equivalent mirrors in other clouds.  Please point your clusters to the new registry going forward.

  Admission/Policy integrations that have an allowlist of registries need to include "registry.k8s.io" alongside "k8s.gcr.io".
  Air-gapped environments and image garbage-collection configurations will need to update to pre-pull and preserve required images under "registry.k8s.io" as well as "k8s.gcr.io". ([#109938](https://github.com/kubernetes/kubernetes/pull/109938), [@dims](https://github.com/dims)) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, K8s Infra, Node, Release, Scalability, Storage and Testing]

## Changes by Kind

### Deprecation

- Kube-controller-manager:  'deleting-pods-qps'  'deleting-pods-burst'  'register-retry-count' flags are removed. ([#109612](https://github.com/kubernetes/kubernetes/pull/109612), [@pandaamanda](https://github.com/pandaamanda)) [SIG API Machinery]
- Kubeadm: during "upgrade apply/diff/node", in case the "ClusterConfiguration.imageRepository" stored in the "kubeadm-config" ConfigMap contains the legacy "k8s.gcr.io" repository, modify it to the new default "registry.k8s.io". Reflect the change in the in-cluster ConfigMap only during "upgrade apply". ([#110343](https://github.com/kubernetes/kubernetes/pull/110343), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
- Kubeadm: graduate the kubeadm specific feature gate UnversionedKubeletConfigMap to GA and lock it to "true" by default. The kubelet related ConfigMap and RBAC rules are now locked to have a simplified naming "*kubelet-config" instead of the legacy naming "*kubelet-config-x.yy", where "x.yy" was the version of the control plane. If you have previously used the old naming format with UnversionedKubeletConfigMap=false, you must manually copy the config map from kube-system/kubelet-config-x.yy to kube-system/kubelet-config before upgrading to 1.25. ([#110327](https://github.com/kubernetes/kubernetes/pull/110327), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Testing]
- Kubeadm: stop applying the "node-role.kubernetes.io/master:NoSchedule" taint to control plane nodes for new clusters. Remove the taint from existing control plane nodes during "kubeadm upgrade apply" ([#110095](https://github.com/kubernetes/kubernetes/pull/110095), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Testing]
- The `gcp` and `azure` auth plugins have been removed from client-go and kubectl. See https://github.com/Azure/kubelogin and https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke for details about the cloud-specific replacements. ([#110013](https://github.com/kubernetes/kubernetes/pull/110013), [@enj](https://github.com/enj)) [SIG API Machinery and Auth]
- The beta `PodSecurityPolicy` admission plugin, deprecated since 1.21, is removed. Follow the instructions at https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/ to migrate to the built-in PodSecurity admission plugin (or to another third-party policy webhook) prior to upgrading to v1.25. ([#109798](https://github.com/kubernetes/kubernetes/pull/109798), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Apps, Auth, Cloud Provider, Instrumentation, Node, Security, Storage and Testing]

### API Change

- Introduce NodeInclusionPolicies to specify nodeAffinity/nodeTaint strategy when calculating pod topology spread skew. ([#108492](https://github.com/kubernetes/kubernetes/pull/108492), [@kerthcet](https://github.com/kerthcet)) [SIG API Machinery, Apps, Scheduling and Testing]
- The `metadata.clusterName` field is completely removed. This should not have any user-visible impact. ([#109602](https://github.com/kubernetes/kubernetes/pull/109602), [@lavalamp](https://github.com/lavalamp)) [SIG API Machinery, Apps, Auth and Testing]
- This release add support for NodeExpandSecret for CSI driver client which enables the CSI drivers to make use of this secret while performing node expansion operation based on the user request. Previously there was no secret  provided as part of the nodeexpansion call, thus CSI drivers were not make use of the same while expanding the volume at node side. ([#105963](https://github.com/kubernetes/kubernetes/pull/105963), [@zhucan](https://github.com/zhucan)) [SIG API Machinery, Apps and Storage]

### Feature

- Added sum feature to `kubectl top pod` ([#105100](https://github.com/kubernetes/kubernetes/pull/105100), [@lauchokyip](https://github.com/lauchokyip)) [SIG CLI]
- Adds the `Apply` and `ApplyStatus` methods to the dynamic `ResourceInterface` ([#109443](https://github.com/kubernetes/kubernetes/pull/109443), [@kevindelgado](https://github.com/kevindelgado)) [SIG API Machinery and Testing]
- Graduate ServiceIPStaticSubrange feature to beta (disabled by default) ([#110419](https://github.com/kubernetes/kubernetes/pull/110419), [@aojea](https://github.com/aojea)) [SIG Network]
- Kube-up now includes CoreDNS version v1.9.3 ([#110488](https://github.com/kubernetes/kubernetes/pull/110488), [@mzaian](https://github.com/mzaian)) [SIG Cloud Provider]
- Kubeadm: Added support for additional authentication strategies in `kubeadm join` with discovery/kubeconfig file: client-go authentication plugins (`exec`), `tokenFile`, and `authProvider` ([#110553](https://github.com/kubernetes/kubernetes/pull/110553), [@tallaxes](https://github.com/tallaxes)) [SIG Cluster Lifecycle]
- Kubeadm: add support for the flag "--print-manifest" to the addon phases "kube-proxy" and "coredns" of "kubeadm init phase addon". If this flag is used kubeadm will not apply a given addon and instead print to the terminal the API objects that will be applied. ([#109995](https://github.com/kubernetes/kubernetes/pull/109995), [@wangyysde](https://github.com/wangyysde)) [SIG Cluster Lifecycle]
- Kubeadm: enhance the "patches" functionality to be able to patch kubelet config files containing v1beta1.KubeletConfiguration. The new patch target is called "kubeletconfiguration" (e.g. patch file "kubeletconfiguration+json.json"). This makes it possible to apply node specific KubeletConfiguration options during "init", "join" and "upgrade", while the main KubeletConfiguration that is passed to "init" as part of the "--config" file can still act as the global / stored in the cluster KubeletConfiguration. ([#110405](https://github.com/kubernetes/kubernetes/pull/110405), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle and Testing]
- Kubeadm: modify the etcd static Pod liveness and readyness probes to use a new etcd 3.5.3+ HTTP(s) health check endpoint "/health?serializable=true" that allows to track the health of individual etcd members and not fail all members if a single member is not healthy in the etcd cluster. ([#110072](https://github.com/kubernetes/kubernetes/pull/110072), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
- Kubeadm: support experimental JSON/YAML output for "kubeadm upgrade plan" with the "--output" flag ([#108447](https://github.com/kubernetes/kubernetes/pull/108447), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle]
- Kubeadm: update CoreDNS to v1.9.3. ([#110489](https://github.com/kubernetes/kubernetes/pull/110489), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle]
- Kubectl: support multiple resources for kubectl rollout status ([#108777](https://github.com/kubernetes/kubernetes/pull/108777), [@pjo256](https://github.com/pjo256)) [SIG CLI and Testing]
- Kubernetes is now built with Golang 1.18.2 ([#110043](https://github.com/kubernetes/kubernetes/pull/110043), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]
- Kubernetes is now built with Golang 1.18.3 ([#110421](https://github.com/kubernetes/kubernetes/pull/110421), [@cpanato](https://github.com/cpanato)) [SIG Release and Testing]
- Lock CSIMigrationAzureDisk feature gate to default ([#110491](https://github.com/kubernetes/kubernetes/pull/110491), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider]
- MaxUnavailable for StatefulSets, allows faster RollingUpdate by taking down more than 1 pod at a time. The number of pods you want to take down during a RollingUpdate is configurable using maxUnavailable parameter. ([#109251](https://github.com/kubernetes/kubernetes/pull/109251), [@krmayankk](https://github.com/krmayankk)) [SIG Apps and CLI]
- Return a warning when applying a pod-security.kubernetes.io label to a PodSecurity-exempted namespace.
  Stop including the pod-security.kubernetes.io/exempt=namespace audit annotation on namespace requests. ([#109680](https://github.com/kubernetes/kubernetes/pull/109680), [@tallclair](https://github.com/tallclair)) [SIG Auth]
- TopologySpreadConstraints will be shown in describe command for pods, deployments, daemonsets, etc. ([#109563](https://github.com/kubernetes/kubernetes/pull/109563), [@ardaguclu](https://github.com/ardaguclu)) [SIG CLI]
- Updat debian-base, debian-iptables, and setcap images:
  - debian-base:bullseye-v1.3.0
  - debian-iptables:bullseye-v1.4.0
  - setcap:bullseye-v1.3.0 ([#110558](https://github.com/kubernetes/kubernetes/pull/110558), [@wespanther](https://github.com/wespanther)) [SIG Architecture, Release and Testing]
- When using the OpenStack legacy cloud provider, kubelet and KCM will ignore unknown configuration directives rather than failing to start. ([#109709](https://github.com/kubernetes/kubernetes/pull/109709), [@mdbooth](https://github.com/mdbooth)) [SIG Cloud Provider]

### Failing Test

- E2e tests: the e2e image, agnhost:2.38, has a bug and it hangs instead of exiting if a SIGTERM signal is received and the shutdown-delay option is 0` ([#110214](https://github.com/kubernetes/kubernetes/pull/110214), [@aojea](https://github.com/aojea)) [SIG Testing]

### Bug or Regression

- Allow expansion of ephemeral volumes ([#109987](https://github.com/kubernetes/kubernetes/pull/109987), [@gnufied](https://github.com/gnufied)) [SIG Node and Storage]
- Apiserver: fix audit of loading more than one webhooks ([#110145](https://github.com/kubernetes/kubernetes/pull/110145), [@sxllwx](https://github.com/sxllwx)) [SIG API Machinery and Auth]
- Do not raise an error when setting a label with the same value, just ignore it. ([#105936](https://github.com/kubernetes/kubernetes/pull/105936), [@zigarn](https://github.com/zigarn)) [SIG CLI]
- EndpointSlices marked for deletion are now ignored during reconciliation. ([#109624](https://github.com/kubernetes/kubernetes/pull/109624), [@aryan9600](https://github.com/aryan9600)) [SIG Apps and Network]
- Etcd: Update to v3.5.4 ([#110033](https://github.com/kubernetes/kubernetes/pull/110033), [@mk46](https://github.com/mk46)) [SIG API Machinery, Cloud Provider, Cluster Lifecycle and Testing]
- Fix JobTrackingWithFinalizers that:
  - was declaring a job finished before counting all the created pods in the status
  - was leaving pods with finalizers, blocking pod and job deletions

  JobTrackingWithFinalizers is still disabled by default. ([#109486](https://github.com/kubernetes/kubernetes/pull/109486), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps and Testing]
- Fix a bug where CRI implementations that use cAdvisor stats provider (CRI-O) don't evict pods when their logs exceed ephemeral storage limit. ([#108115](https://github.com/kubernetes/kubernetes/pull/108115), [@haircommander](https://github.com/haircommander)) [SIG Node]
- Fix a bug where CSI migration doesn't count inline volumes for attach limit. ([#107787](https://github.com/kubernetes/kubernetes/pull/107787), [@Jiawei0227](https://github.com/Jiawei0227)) [SIG Scheduling and Storage]
- Fix a bug where metrics are not recorded during Preemption(PostFilter). ([#108727](https://github.com/kubernetes/kubernetes/pull/108727), [@sanposhiho](https://github.com/sanposhiho)) [SIG Scheduling]
- Fix a data race in authentication between AuthenticatedGroupAdder and cached token authenticator. ([#109969](https://github.com/kubernetes/kubernetes/pull/109969), [@sttts](https://github.com/sttts)) [SIG API Machinery and Auth]
- Fix bug that prevented informer/reflector callers from unwrapping and catching specific API errors by type. ([#110076](https://github.com/kubernetes/kubernetes/pull/110076), [@karlkfi](https://github.com/karlkfi)) [SIG API Machinery]
- Fix bug that prevented the job controller from enforcing activeDeadlineSeconds when set ([#110294](https://github.com/kubernetes/kubernetes/pull/110294), [@harshanarayana](https://github.com/harshanarayana)) [SIG Apps and Scheduling]
- Fix for volume reconstruction of CSI ephemeral volumes ([#108997](https://github.com/kubernetes/kubernetes/pull/108997), [@dobsonj](https://github.com/dobsonj)) [SIG Node, Storage and Testing]
- Fix image pulling failure when IMDS is unavailable in kubelet startup ([#110523](https://github.com/kubernetes/kubernetes/pull/110523), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider]
- Fix incorrectly report scope for request_duration_seconds and request_slo_duration_seconds metrics for POST custom resources API calls. ([#110009](https://github.com/kubernetes/kubernetes/pull/110009), [@azylinski](https://github.com/azylinski)) [SIG Instrumentation]
- Fix printing resources with int64 fields ([#110408](https://github.com/kubernetes/kubernetes/pull/110408), [@tkashem](https://github.com/tkashem)) [SIG API Machinery]
- Fix spurious kube-apiserver log warnings related to openapi v3 merging when creating or modifying CustomResourceDefinition objects ([#109880](https://github.com/kubernetes/kubernetes/pull/109880), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery and Testing]
- Fix the bug that a ServiceIPStaticSubrange enabled cluster assigns duplicate IP addresses when the dynamic block is exhausted. ([#109928](https://github.com/kubernetes/kubernetes/pull/109928), [@tksm](https://github.com/tksm)) [SIG Network]
- Fix the bug that the metrics for the cluster IP allocator are incorrectly reported. ([#110027](https://github.com/kubernetes/kubernetes/pull/110027), [@tksm](https://github.com/tksm)) [SIG Instrumentation]
- Fixed a kubelet issue that could result in invalid pod status updates to be sent to the api-server where pods would be reported in a terminal phase but also report a ready condition of true in some cases. ([#110256](https://github.com/kubernetes/kubernetes/pull/110256), [@bobbypage](https://github.com/bobbypage)) [SIG Node and Testing]
- Fixed a long-standing but very obscure bug involving Services of type LoadBalancer with multiple IPs and a LoadBalancerSourceRanges that overlaps the node IP. ([#109826](https://github.com/kubernetes/kubernetes/pull/109826), [@danwinship](https://github.com/danwinship)) [SIG Network]
- Fixes strict server-side field validation treating metadata fields as unknown fields ([#109268](https://github.com/kubernetes/kubernetes/pull/109268), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing]
- Kube-apiserver: Get, GetList and Watch requests that should be served by the apiserver cacher during shutdown will be rejected to avoid a deadlock situation leaving requests hanging. ([#108414](https://github.com/kubernetes/kubernetes/pull/108414), [@aojea](https://github.com/aojea)) [SIG API Machinery]
- Kubeadm: only taint control plane nodes when the legacy "master" taint is present. This avoids a bug where "kubeadm upgrade" will re-taint a control plane node with the new "control plane" taint even if the user explicitly untainted the node. ([#109840](https://github.com/kubernetes/kubernetes/pull/109840), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
- Kubeadm: pass the host OS environment variables when executing "crictl" during image pulls. This fixes a bug where *PROXY environment variables did not affect crictl's internet connectivity. ([#110134](https://github.com/kubernetes/kubernetes/pull/110134), [@mk46](https://github.com/mk46)) [SIG Cluster Lifecycle]
- Kubelet: wait for node allocatable ephemeral-storage data ([#101882](https://github.com/kubernetes/kubernetes/pull/101882), [@jackfrancis](https://github.com/jackfrancis)) [SIG Node and Storage]
- Kubernetes now correctly handles "search ." in the host's resolv.conf file by preserving the "." entry in the "resolv.conf" that the kubelet writes to pods. ([#109441](https://github.com/kubernetes/kubernetes/pull/109441), [@Miciah](https://github.com/Miciah)) [SIG Network and Node]
- ManagedFields time is correctly updated when the value of a managed field is modified. ([#110058](https://github.com/kubernetes/kubernetes/pull/110058), [@glebiller](https://github.com/glebiller)) [SIG API Machinery]
- Manual change of a failed job condition status to False does not result in duplicate conditions ([#110292](https://github.com/kubernetes/kubernetes/pull/110292), [@mimowo](https://github.com/mimowo)) [SIG Apps]
- OpenAPI will no longer duplicate these schemas:
  - io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions_v2
  - io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v2
  - io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference_v2
  - io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails_v2
  - io.k8s.apimachinery.pkg.apis.meta.v1.Status_v2 ([#110179](https://github.com/kubernetes/kubernetes/pull/110179), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery and Testing]
- Panics while calling validating admission webhook are caught and honor the fail open or fail closed setting. ([#108746](https://github.com/kubernetes/kubernetes/pull/108746), [@deads2k](https://github.com/deads2k)) [SIG API Machinery]
- Pods will now post their readiness during termination. ([#110191](https://github.com/kubernetes/kubernetes/pull/110191), [@rphillips](https://github.com/rphillips)) [SIG Network, Node and Testing]
- Reduced time taken to sync proxy rules on Windows kube-proxy with kernelspace mode ([#109124](https://github.com/kubernetes/kubernetes/pull/109124), [@daschott](https://github.com/daschott)) [SIG Network, Release and Windows]
- The kube-proxy `sync_proxy_rules_no_endpoints_total` metric now only counts local-traffic-policy services which have remote endpoints but not local endpoints. ([#109782](https://github.com/kubernetes/kubernetes/pull/109782), [@danwinship](https://github.com/danwinship)) [SIG Network]
- The pod phase lifecycle guarantees that terminal Pods, those whose states are Unready or Succeeded, can not regress and will have all container stopped. Hence, terminal Pods will never be reachable and should not publish their IP addresses on the Endpoints or EndpointSlices, independently of the Service TolerateUnready option. ([#110255](https://github.com/kubernetes/kubernetes/pull/110255), [@robscott](https://github.com/robscott)) [SIG Apps, Network, Node and Testing]
- Upgrade Azure/go-autorest/autorest to v0.11.27 ([#110371](https://github.com/kubernetes/kubernetes/pull/110371), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider]

### Other (Cleanup or Flake)

- Add missing powershell option to kubectl completion command short description ([#109773](https://github.com/kubernetes/kubernetes/pull/109773), [@danielhelfand](https://github.com/danielhelfand)) [SIG CLI]
- Apimachinery/clock: This deletes the apimachinery/clock package. Please use k8s.io/utils/clock instead. ([#109752](https://github.com/kubernetes/kubernetes/pull/109752), [@MadhavJivrajani](https://github.com/MadhavJivrajani)) [SIG API Machinery]
- Apiserver_longrunning_gauge is removed from the codebase. Please use apiserver_longrunning_requests instead. ([#110310](https://github.com/kubernetes/kubernetes/pull/110310), [@logicalhan](https://github.com/logicalhan)) [SIG API Machinery and Instrumentation]
- Feature gates that graduated to GA in 1.23 or earlier and were unconditionally enabled have been removed: CSIServiceAccountToken, ConfigurableFSGroupPolicy, EndpointSlice, EndpointSliceNodeName, EndpointSliceProxying, GenericEphemeralVolume, IPv6DualStack, IngressClassNamespacedParams, StorageObjectInUseProtection, TTLAfterFinished, VolumeSubpath, WindowsEndpointSliceProxying ([#109435](https://github.com/kubernetes/kubernetes/pull/109435), [@pohly](https://github.com/pohly)) [SIG API Machinery, Architecture and Cloud Provider]
- For resources built into an apiserver, the server now logs at `-v=3` whether it is using watch caching. ([#109175](https://github.com/kubernetes/kubernetes/pull/109175), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG API Machinery]
- Honor the framework delete timeout for pv ([#109764](https://github.com/kubernetes/kubernetes/pull/109764), [@saikat-royc](https://github.com/saikat-royc)) [SIG Storage and Testing]
- Kube-controller-manager's deprecated `--experimental-cluster-signing-duration` flag is now removed. Adapt your machinery to use the `--cluster-signing-duration` flag that is available since v1.19. ([#108476](https://github.com/kubernetes/kubernetes/pull/108476), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Auth]
- Kubeadm: perform additional dockershim cleanup. Treat all container runtimes as remote by using the flag "--container-runtime=remote", given dockershim was removed in 1.24 and given kubeadm 1.25 supports a kubelet version of 1.24 and 1.25. The flag "--network-plugin" will no longer be used for new clusters. Stop cleaning up the following dockershim related directories on "kubeadm reset": "/var/lib/dockershim", "/var/runkubernetes", "/var/lib/cni" ([#110022](https://github.com/kubernetes/kubernetes/pull/110022), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
- Kubelet's deprecated `--experimental-kernel-memcg-notification` flag is now removed.  Use `--kernel-memcg-notification` instead. ([#109388](https://github.com/kubernetes/kubernetes/pull/109388), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Node]
- Kubernetes binaries are now built in module mode instead of GOPATH mode ([#109464](https://github.com/kubernetes/kubernetes/pull/109464), [@liggitt](https://github.com/liggitt)) [SIG Architecture, Node and Testing]
- Remove deprecated kubectl.kubernetes.io/default-logs-container support ([#109254](https://github.com/kubernetes/kubernetes/pull/109254), [@pacoxu](https://github.com/pacoxu)) [SIG CLI]
- Rename apiserver_watch_cache_watch_cache_initializations_total to apiserver_watch_cache_initializations_total ([#109579](https://github.com/kubernetes/kubernetes/pull/109579), [@logicalhan](https://github.com/logicalhan)) [SIG API Machinery and Instrumentation]
- TBD ([#109277](https://github.com/kubernetes/kubernetes/pull/109277), [@MikeSpreitzer](https://github.com/MikeSpreitzer)) [SIG Architecture and Instrumentation]
- Updated cri-tools to [v1.24.2(https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.24.2) ([#109813](https://github.com/kubernetes/kubernetes/pull/109813), [@saschagrunert](https://github.com/saschagrunert)) [SIG Cloud Provider, Node and Release]
- `apiserver_dropped_requests` is dropped from this release since `apiserver_request_total` can now be used to track dropped requests. `etcd_object_counts` is also removed in favor of `apiserver_storage_objects`. `apiserver_registered_watchers` is also removed in favor of `apiserver_longrunning_requests`. ([#110337](https://github.com/kubernetes/kubernetes/pull/110337), [@logicalhan](https://github.com/logicalhan)) [SIG API Machinery and Instrumentation]

## Dependencies

### Added
- github.com/emicklei/go-restful/v3: [v3.8.0](https://github.com/emicklei/go-restful/v3/tree/v3.8.0)
- github.com/golang-jwt/jwt/v4: [v4.2.0](https://github.com/golang-jwt/jwt/v4/tree/v4.2.0)
- github.com/golangplus/bytes: [v1.0.0](https://github.com/golangplus/bytes/tree/v1.0.0)
- github.com/golangplus/fmt: [v1.0.0](https://github.com/golangplus/fmt/tree/v1.0.0)

### Changed
- bitbucket.org/bertimus9/systemstat: 0eeff89 → v0.5.0
- github.com/Azure/go-autorest/autorest/adal: [v0.9.13 → v0.9.20](https://github.com/Azure/go-autorest/autorest/adal/compare/v0.9.13...v0.9.20)
- github.com/Azure/go-autorest/autorest/mocks: [v0.4.1 → v0.4.2](https://github.com/Azure/go-autorest/autorest/mocks/compare/v0.4.1...v0.4.2)
- github.com/Azure/go-autorest/autorest: [v0.11.18 → v0.11.27](https://github.com/Azure/go-autorest/autorest/compare/v0.11.18...v0.11.27)
- github.com/MakeNowJust/heredoc: [bb23615 → v1.0.0](https://github.com/MakeNowJust/heredoc/compare/bb23615...v1.0.0)
- github.com/antlr/antlr4/runtime/Go/antlr: [b48c857 → ad29539](https://github.com/antlr/antlr4/runtime/Go/antlr/compare/b48c857...ad29539)
- github.com/chai2010/gettext-go: [c6fed77 → v1.0.2](https://github.com/chai2010/gettext-go/compare/c6fed77...v1.0.2)
- github.com/cncf/udpa/go: [5459f2c → 04548b0](https://github.com/cncf/udpa/go/compare/5459f2c...04548b0)
- github.com/cncf/xds/go: [fbca930 → cb28da3](https://github.com/cncf/xds/go/compare/fbca930...cb28da3)
- github.com/container-storage-interface/spec: [v1.5.0 → v1.6.0](https://github.com/container-storage-interface/spec/compare/v1.5.0...v1.6.0)
- github.com/coredns/corefile-migration: [v1.0.14 → v1.0.17](https://github.com/coredns/corefile-migration/compare/v1.0.14...v1.0.17)
- github.com/daviddengcn/go-colortext: [511bcaf → v1.0.0](https://github.com/daviddengcn/go-colortext/compare/511bcaf...v1.0.0)
- github.com/envoyproxy/go-control-plane: [63b5d3c → 49ff273](https://github.com/envoyproxy/go-control-plane/compare/63b5d3c...49ff273)
- github.com/go-logr/logr: [v1.2.0 → v1.2.3](https://github.com/go-logr/logr/compare/v1.2.0...v1.2.3)
- github.com/go-logr/zapr: [v1.2.0 → v1.2.3](https://github.com/go-logr/zapr/compare/v1.2.0...v1.2.3)
- github.com/golangplus/testing: [af21d9c → v1.0.0](https://github.com/golangplus/testing/compare/af21d9c...v1.0.0)
- github.com/google/cel-go: [v0.10.1 → v0.11.2](https://github.com/google/cel-go/compare/v0.10.1...v0.11.2)
- github.com/google/go-cmp: [v0.5.5 → v0.5.6](https://github.com/google/go-cmp/compare/v0.5.5...v0.5.6)
- github.com/pquerna/cachecontrol: [0dec1b3 → v0.1.0](https://github.com/pquerna/cachecontrol/compare/0dec1b3...v0.1.0)
- go.etcd.io/etcd/api/v3: v3.5.1 → v3.5.4
- go.etcd.io/etcd/client/pkg/v3: v3.5.1 → v3.5.4
- go.etcd.io/etcd/client/v2: v2.305.0 → v2.305.4
- go.etcd.io/etcd/client/v3: v3.5.1 → v3.5.4
- go.etcd.io/etcd/pkg/v3: v3.5.0 → v3.5.4
- go.etcd.io/etcd/raft/v3: v3.5.0 → v3.5.4
- go.etcd.io/etcd/server/v3: v3.5.0 → v3.5.4
- golang.org/x/crypto: 8634188 → 3147a52
- google.golang.org/genproto: 42d7afd → 1973136
- google.golang.org/grpc: v1.40.0 → v1.47.0
- gopkg.in/yaml.v3: 496545a → v3.0.1
- k8s.io/kube-openapi: 3ee0da9 → 31174f5

### Removed
- github.com/OneOfOne/xxhash: [v1.2.2](https://github.com/OneOfOne/xxhash/tree/v1.2.2)
- github.com/cespare/xxhash: [v1.1.0](https://github.com/cespare/xxhash/tree/v1.1.0)
- github.com/emicklei/go-restful: [v2.9.5+incompatible](https://github.com/emicklei/go-restful/tree/v2.9.5)
- github.com/google/cel-spec: [v0.6.0](https://github.com/google/cel-spec/tree/v0.6.0)
- github.com/spaolacci/murmur3: [f09979e](https://github.com/spaolacci/murmur3/tree/f09979e)