Changelogs » Kubernetes



**Bug Fix:**
- Fix base64 padding for kube config [kubernetes-client/python-base79](
- Fix websocket client decoding binary message. Replace non-utf8 data instead of failing [kubernetes-client/python-base104](
- Add email scope to GCP provided credential refresh [kubernetes-client/python-base110](
- Fix broken urllib3 dependencies [kubernetes-client/python816](

**New Feature:**
- Add method to dynamically set namespace in yaml utility [kubernetes-client/python782](


**Bug Fix:**
- Make watch work with read_namespaced_pod_log [kubernetes-client/python-base93](
- Add Rbac support for creating from YAML [kubernetes-client/python767](

**New Feature:**
- Config loader supports loading from multiple kubeconfig files [kubernetes-client/python-base94](
- Add a script to fix setup on Windows [kubernetes-client/python766](
- Extend YAML load functionality to \*LIST and multi-resources [kubernetes-client/python673](

**API Change:**
- Remove the AdmissionregistrationV1alpha1 API group, containing only the InitializationConfiguration type [kubernetes/kubernetes72972](
- Promote Lease API to v1 [kubernetes/kubernetes72239](
- The Ingress API is now available via `NetworkingV1beta1Api`. `ExtensionsV1beta1Api` Ingress objects are deprecated and will no longer be served in Kubernetes v1.18 [kubernetes/kubernetes74057](
- Introduce RuntimeClass to NodeV1alpha1Api and NodeV1beta1Api [kubernetes/kubernetes74433](
- Graduate PriorityClass API to GA SchedulingV1Api [kubernetes/kubernetes73555](
- Introduce CSINodeInfo and CSIDriver to StorageV1beta1Api [kubernetes/kubernetes74283](
- The alpha Initializers feature, `` API version, `Initializers` admission plugin, and use of the `metadata.initializers` API field have been removed. Discontinue use of the alpha feature and delete any existing `InitializerConfiguration` API objects before upgrading. The `metadata.initializers` field will be removed in a future release. The parameter `include_uninitialized` has been removed. [kubernetes/kubernetes72972](


**Bug Fix:**
- Add fieldSelector parameter to list/watch methods in custom objects spec [kubernetes-client/gen106](


**Breaking Change:**
- Move dependancy adal under extra require [kubernetes-client/python-base108](

**Bug Fix:**
- Honor the specified resource version in stream request when watch restarts [kubernetes-client/python-base109](

**API Change:**
- Add timeoutSeconds parameter to CustomObjectsApi list/watch calls [kubernetes-client/gen94](

**New Feature:**
- Avoid creating unused ThreadPools [kubernetes-client/gen91](


**Bug Fix:**
- Refresh GCP auth tokens on API retrieval [kubernetes-client/python-base92](
- Fix kubeconfig loading failure when server uri contains trailing slash [kubernetes-client/python-base45](

**Security Fix:**
- Bump urllib3 version to pick up security fix for CVE-2018-20060 [kubernetes-client/python707](

**API Change:**
- Add dynamic audit configuration api: AuditregistrationV1alpha1Api [kubernetes/kubernetes67547](
- CSIPersistentVolume feature, i.e. PersistentVolumes with CSIPersistentVolumeSource, is GA. CSIPersistentVolume feature gate is now deprecated and will be removed according to deprecation policy. [kubernetes/kubernetes69929](
- Add support for CRD conversion webhook [kubernetes/kubernetes67006](
- CRD supports multi-version Schema, Subresources and AdditionalPrintColumns (NOTE that CRDs created prior to 1.13 populated the top-level additionalPrinterColumns field by default. To apply an update that changes to per-version additionalPrinterColumns, the top-level additionalPrinterColumns field must be explicitly set to null). [kubernetes/kubernetes70211](
- Add ability to control primary GID of containers through Pod Spec and PodSecurityPolicy [kubernetes/kubernetes67802](
- Refactor GlusterFS PV spec. This patch introduces glusterfsPersistentVolumeSource addition to glusterfsVolumeSource. All fields remains same as glusterfsVolumeSource with an addition of a new field called `EndpointsNamespace` to define namespace of endpoint in the spec. [kubernetes/kubernetes60195](
- Delete request's body parameter is optional [kubernetes/kubernetes70032](
- Make service environment variables optional [kubernetes/kubernetes68754](
- TokenReview now supports audience validation of tokens with audiences other than the kube-apiserver. [kubernetes/kubernetes62692](

**Breaking Change:**
- Model v1beta1WebhookClientConfig is renamed to AdmissionregistrationV1beta1WebhookClientConfig, to avoid naming conflict with ApiextensionsV1beta1WebhookClientConfig introduced in: [kubernetes/kubernetes67006](
- Delete request's body parameter is optional [kubernetes/kubernetes70032](


**Bug Fix:**
- Refresh GCP auth tokens on API retrieval [kubernetes-client/python-base92](
- Fix kubeconfig loading failure when server uri contains trailing slash [kubernetes-client/python-base45](

**Security Fix:**
- Bump urllib3 version to pick up security fix for CVE-2018-20060 [kubernetes-client/python707](


**New Feature:**
- Add utility to create API resource from yaml file [kubernetes-client/python655](


**Bug Fix:**
- Update ExecProvider to use safe\_get() to tolerate kube-config file that sets
`args: null` and `env: null` [kubernetes-client/python-base91](
- Properly deserialize API server's response when posting a deployment rollback [kubernetes/kubernetes68909](

**API Change:**
- dry-run: CREATE/UPDATE/PATCH methods now support dryRun parameter [kubernetes/kubernetes69359](


**New Feature:**
- Add exec-plugins support in kubeconfig [kubernetes-client/python-base75](

**Bug Fix:**
- Fix reading kubeconfig data with bytes in Python 3

**API Change:**
- Upon receiving a LIST request with expired continue token, the apiserver now returns a continue token together with the 410 "the from parameter is too old " error. If the client does not care about getting a list from a consistent snapshot, the client can use this token to continue listing from the next key, but the returned chunk will be from the latest snapshot [kubernetes/kubernetes67284](
- Introduces autoscaling/v2beta2 and custom\_metrics/v1beta2, which implement metric selectors for Object and Pods metrics, as well as allowing AverageValue targets on Objects, similar to External metrics [kubernetes/kubernetes64097](
- Create "" api group with "Lease" api in it [kubernetes/kubernetes64246](
- Added support to restore a volume from a volume snapshot data source: adds TypedLocalObjectReference in the core API and adds DataSource in PersistentVolumeClaimSpec [kubernetes/kubernetes67087](
- ProcMount added to SecurityContext and AllowedProcMounts added to
PodSecurityPolicy to allow paths in the container's /proc to not be masked [kubernetes/kubernetes64283](
- Support both directory and block device for local volume plugin FileSystem
VolumeMode [kubernetes/kubernetes63011](
- SCTP is now supported as additional protocol (alpha) alongside TCP and UDP in
Pod, Service, Endpoint, and NetworkPolicy [kubernetes/kubernetes64973](
- RuntimeClass is a new API resource for defining different classes of runtimes
that may be used to run containers in the cluster. Pods can select a
RunitmeClass to use via the RuntimeClassName field. This feature is in alpha,
and the RuntimeClass feature gate must be enabled in order to use it [kubernetes/kubernetes67737](
- The PodShareProcessNamespace feature to configure PID namespace sharing within
a pod has been promoted to beta [kubernetes/kubernetes66507](
- To address the possibility dry-run requests overwhelming admission webhooks that rely on side effects and a reconciliation mechanism, a new field is being added to and so that webhooks can explicitly register as having dry-run support. If a dry-run request is made on a resource that triggers a non dry-run supporting webhook, the request will be completely rejected, with "400: Bad Request". Additionally, a new field is being added to the API object, exposing to webhooks whether or not the request being reviewed is a dry-run [kubernetes/kubernetes66936](
- Add custom object status and scale api [kubernetes-client/gen72](
- dry-run: DELETE operations now support dryRun parameter [kubernetes/kubernetes65105](
- Default extensions/v1beta1 Deployment's ProgressDeadlineSeconds to MaxInt32


**Security Fix:**
- Bump urllib3 version to pick up security fix for CVE-2018-20060 [kubernetes-client/python707](

7.0.0 insecure

**New Features:**
- Add support for refreshing Azure tokens [kubernetes-client/python-base77](

7.0.0b1 insecure

**New Features:**
- Add Azure support to authentication loading [kubernetes-client/python-base74](

7.0.0a1 insecure

**Breaking Change:**
- **ACTION REQUIRED** Rename the currently being-used `async` parameter to `async_req` to support Python 3.7 because it's a reserved keyword in Python 3.7 [kubernetes-client/gen67](

**Bug Fix:**
- Watch now properly deserializes custom resource objects and updates resource version [kubernetes-client/python-base64](
- `idp-certificate-authority-data` in kubeconfig is now optional instead of required for OIDC token refresh [kubernetes-client/python-base69](

**API Change:**
- ApiextensionsV1beta1Api: Add PATCH and GET to custom_resource_definition_status [kubernetes/kubernetes63619](
- ApiregistrationV1Api and ApiregistrationV1beta1Api: Add PATCH and GET to api_service_status [kubernetes/kubernetes64063](
- CertificatesV1beta1Api: Add PATCH and GET to certificate_signing_request_status [kubernetes/kubernetes64063](
- SchedulingV1beta1Api: Promote priority_class to beta [kubernetes/kubernetes63100](
- PodSecurityPolicy now supports restricting hostPath volume mounts to be readOnly and under specific path prefixes [kubernetes/kubernetes58647](
- The Sysctls experimental feature has been promoted to beta (enabled by default via the `Sysctls` feature flag). PodSecurityPolicy and Pod objects now have fields for specifying and controlling sysctls. Alpha sysctl annotations will be ignored by 1.11+ kubelets. All alpha sysctl annotations in existing deployments must be converted to API fields to be effective. [kubernetes/kubernetes63717](
- Add CRD Versioning with NOP converter [kubernetes/kubernetes63830](
- Volume topology aware dynamic provisioning [kubernetes/kubernetes63233](
- Fixed incorrect OpenAPI schema for CustomResourceDefinition objects with a validation schema [kubernetes/kubernetes65256](

6.1.0 insecure

- Python 3.7 support
- Update to Kubernetes 1.10.10 API

**Breaking Change:**
- **ACTION REQUIRED** Rename the currently being-used `async` parameter to `async_req` to support Python 3.7 because `async` is a reserved keyword in Python 3.7 [kubernetes-client/gen67](
- **NOTE** Python 3.7 was released after v6.0.0 release. It's not necessary to upgrade your client to v6.1.0 if you do not use Python 3.7+.

**API change:**
- Add custom object status and scale api kubernetes-client/gen72

6.0.0 insecure

- Config loader now supports OIDC auth [kubernetes-client/python-base48](
- Bug fix: fix expiry time checking in API token refresh [kubernetes-client/python-base55](

6.0.0b1 insecure

- Update to Kubernetes 1.10 cluster
- Config loader now raises exception on duplicated name in kubeconfig [kubernetes-client/python-base47](

**API change:**
- CustomObjectsApi: Add PATCH to CustomObjectsApi [kubernetes-client/gen53](
- Promoting the (aggregation) to GA (ApiregistrationV1Api) [kubernetes/kubernetes58393](
- CoreV1Api: remove /proxy legacy API (deprecated since kubernetes v1.2). Use the /proxy subresources on objects that support HTTP proxying [kubernetes/kubernetes59884](
- The `PodSecurityPolicy` API has been moved to the `policy/v1beta1` API group. The `PodSecurityPolicy` API in the `extensions/v1beta1` API group is deprecated and will be removed in a future release. Authorizations for using pod security policy resources should change to reference the `policy` API group after upgrading to 1.11 [kubernetes/kubernetes54933](
- StorageV1beta1Api: Introduce new `VolumeAttachment` API Object [kubernetes/kubernetes54463](
- V1FlexPersistentVolumeSource: PersistentVolume flexVolume sources can now reference secrets in a namespace other than the PersistentVolumeClaim's namespace [kubernetes/kubernetes56460](
- ACTION REQUIRED: VolumeScheduling and LocalPersistentVolume features are beta and enabled by default.  The PersistentVolume NodeAffinity alpha annotation is deprecated and will be removed in a future release [kubernetes/kubernetes59391](
- Allows HorizontalPodAutoscaler to use global metrics not associated with any Kubernetes object (for example metrics from a hoster service running outside of Kubernetes cluster) [kubernetes/kubernetes60096](
- v1.Pod now has a field to configure whether a single process namespace should be shared between all containers in a pod. This feature is in alpha preview. [kubernetes/kubernetes58716](
- delete_namespaced_service() now takes an required body (delete option) parameter. Refactor service storage to remove registry wrapper [kubernetes/kubernetes59510](

**Documentation update:**
- Never let cluster-scoped resources skip webhooks [kubernetes/kubernetes58185](
- Clarify that ListOptions.Timeout is not conditional on inactivity [kubernetes/kubernetes58562](
- Indicate endpoint subsets are an optional field [kubernetes/kubernetes59434](

5.0.0 insecure

- No changes. The same as `v5.0.0b1`.

5.0.0b1 insecure

- Update to Kubernetes 1.9 cluster
- Label selector for pods is now required and must match the pod template's labels for v1beta2 StatefulSetSpec, ReplicaSetSpec, DaemonSetSpec and DeploymentSpec kubernetes/kubernetes55357
- The dynamic admission webhook is split into two kinds, mutating and validating. The kinds have changed completely and old code must be ported to - MutatingWebhookConfiguration and ValidatingWebhookConfiguration kubernetes/kubernetes55282
- DaemonSet, Deployment, ReplicaSet, and StatefulSet have been promoted to GA and are available in the apps/v1 group version kubernetes/kubernetes53679
- Introduce new VolumeAttachment object kubernetes/kubernetes54463
- Introduce core/v1 RBDPersistentVolumeSource kubernetes/kubernetes54302
- StatefulSet status now has support for conditions kubernetes/kubernetes55268
- DaemonSet status now has support for conditions kubernetes/kubernetes55272

4.0.0 insecure

- api change V1PersistentVolumeSpec to V1ScaleIOPersistentVolumeSource 397.

4.0.0b1 insecure

- Make sure PyPI source distribution is complete with all files from the root directory

4.0.0a1 insecure

- Update to Kubernetes 1.8 cluster
- IntOrString is now object thus it can be int or string. 18 359
- Adding stream package to support calls like exec. The old way of calling them is deprecated. See [Troubleshooting](README.mdwhy-execattach-calls-doesnt-work)).
- config.http_proxy_url is deprecated. use configuration.proxy instead.
- Configuration is not a singleton object anymore. Please use Configuraion.set_default to change default configuration.
- Configuration class does not support `ws_streaming_protocol` anymore. In ApiClient.set_default_header set `sec-websocket-protocol` to the preferred websocket protocol.

3.0.0 insecure

- Fix Operation names for subresources kubernetes/kubernetes49357

3.0.0b1 insecure

- Add proper GCP config loader and refresher kubernetes-client/python-base22
- Add ws_streaming_protocol and use v4 by default kubernetes-client/python-base20
- Respect the KUBECONFIG environment variable if set kubernetes-client/python-base19
- Allow setting maxsize for PoolManager kubernetes-client/python-base18
- Restricting the websocket-client to <=0.40 299

3.0.0a1 insecure

- Update client to kubernetes 1.7
- Support ThirdPartyResources (TPR) and CustomResourceDefinitions (CRD). Note that TPR is deprecated in kubernetes 251 201
- Better dependency management 136
- Add support for python3.6 244

2.0.0 insecure

- No changes. The same as `v2.0.0b1`.


- Bugfix: support RFC6902 'json-patch' operations 187

2.0.0b1 insecure

- Add support for attach API calls 180
- Bugfix: token file should not be decoded 182
- Inline primitive models (e.g. v1.Time and resource.Quantity) 179
- Bugfix: urllib3 1.21 fails tests, Excluding version 1.21 from dependencies 197

2.0.0a1 insecure

- Update to kubernetes 1.6 spec 169

1.0.2 insecure

- Bugfix: support RFC6902 'json-patch' operations 187

1.0.1 insecure

- Bugfix: urllib3 1.21 fails tests, Excluding version 1.21 from dependencies 197

1.0.0 insecure

- Bugfix: blocking exec call should remove channel metadata 140
- Add close method to websocket api of interactive exec 145

1.0.0b3 insecure

- Bugfix: Missing websocket-client dependency 131

1.0.0b2 insecure

- Support exec calls in both interactive and non-interactive mode 58

1.0.0b1 insecure

- Support insecure-skip-tls-verify config flag 99
- Added example for using yaml files as models 63
- Added end to end tests 41, 94
- Bugfix: Fix ValueError in list_namespaced_config_map 104
- Bugfix: Export missing models 101
- Bugfix: Patch operations 93

1.0.0a5 insecure

- Bugfix: Missing fields in some models 85, kubernetes/kubernetes39465

1.0.0a4 insecure

- Bugfix: Fixed broken config loader 77

1.0.0a3 insecure

- Add context switch to kube config loader 46
- Add default kube config location 64
- Add suport for accessing multiple clusters 7
- Bugfix: Python client does not resolve relative paths in kubeconfig 68
- Bugfix: `read_namespaced_pod_log` get None response 57
- Improved test coverage 54
- Improved client generator 49


- auto-generated client from K8s OpenAPI spec
- kube-config support
- in-cluster config support: Run scripts inside kubernetes cluster
- watch support


Skipped because of a failed initial release.

Release Process

The Kubernetes Python client is released on an as-needed basis. The process is as follows:

1. An issue is proposing a new release with a changelog since the last release
1. Update the support matrix in removing the oldest version and adding the
proposed release.
1. All [OWNERS](OWNERS) must LGTM this release
1. An OWNER runs `git tag -s $VERSION` and inserts the changelog and pushes
the tag with `git push $VERSION`
1. The release issue is closed
1. An announcement email is sent to ``
with the subject `[ANNOUNCE] kubernetes-python-client $VERSION is released`