Changelogs » Kubernetes



**Bug Fix:**
- Fix a bug in kubeconfig loader where NoneType gets iterated [kubernetes-client/python-base158](
- Fix a bug in kubeconfig loader that False value gets treated as absence [kubernetes-client/python-base161](
- Fix a bug in kubeconfig loader where merging valid configs fails if fields are missing [kubernetes-client/python-base163](
- Fix azure refresh token apiserver id [kubernetes-client/python-base170](
- Support chunked listing to custom object API [kubernetes-client/gen130](

**New Feature:**
- Add returncode method to WSClient [kubernetes-client/python-base160](
- Add proxy support to WSClient [kubernetes-client/python-base157](
- Add util function to parse canonical quantities [kubernetes-client/python855](


**New Feature:**
- Add dynamic client [kubernetes-client/python-base56](
- `create_from_yaml` supports creation from dict and namespace option [kubernetes-client/python795](

**Breaking Change:**
- The Python client will be generated by openapi-generator, with the following breaking changes [kubernetes-client/gen97](
- `kubernetes.client.apis` package is renamed to `kubernetes.client.api`
- `kubernetes` package code now uses absolute import instead of relative import
- The `swagger_types` attribute in all models is renamed to `openapi_types`
- Python3.4 is no longer supported [kubernetes-client/python807](

**API Change:**
- Introduce `ExtensionsV1beta1RuntimeClassStrategyOptions` and `PolicyV1beta1RuntimeClassStrategyOptions`. Add RuntimeClass restrictions & defaulting to PodSecurityPolicy [kubernetes/kubernetes73795](
- Introduce `V1WindowsSecurityContextOptions`. Add Windows specific options in Pod Security Context and Container Security Context [kubernetes/kubernetes77147](
- Split `V1beta1Webhook` into `V1beta1MutatingWebhook` and `V1beta1ValidatingWebhook` [kubernetes/kubernetes78491](
- Introduce parameter `allow_watch_bookmarks` in list options for requesting watch bookmarks from apiserver. The implementation in apiserver is hidden behind feature gate `WatchBookmark` (currently in Alpha stage) [kubernetes/kubernetes74074](
- Add `V1DeleteOptions` parameters (`dry_run`, `grace_period_seconds`, `orphan_dependents`, `propagation_policy`) to delete collection APIs [kubernetes/kubernetes77843](
- Add ListMeta.RemainingItemCount. When responding a LIST request, if the server has more data available, and if the request does not contain label selectors or field selectors, the server sets the ListOptions.RemainingItemCount to the number of remaining objects [kubernetes/kubernetes75993](
- Add `controller_expand_secret_ref` in `V1SecretReference` to store CSI volume expansion secrets [kubernetes/kubernetes77516](
- Introduce `preemption_policy` field to V1PriorityClass [kubernetes/kubernetes74614](
- Add `port` configuration to service reference in Admission webhook configuration, AuditSink webhook configuration, CRD Conversion webhook configuration and kube-aggregator [kubernetes/kubernetes74855](
- Introduce `inline_volume_spec` to `V1PersistentVolumeSpec` [kubernetes/kubernetes77703](
- Add fields `x_kubernetes_embedded_resource`, `x_kubernetes_int_or_string`, `x_kubernetes_preserve_unknown_fields` to V1beta1JSONSchemaProps [kubernetes/kubernetes77207](

**Bug Fix:**
- Update `_load_azure_token` to handle str and int [kubernetes-client/python-base141](
- Correct regex to properly parse rfc3339 microseconds [kubernetes-client/python-base150](


**Bug Fix:**
- Fix base64 padding for kube config [kubernetes-client/python-base79](
- Fix websocket client decoding binary message. Replace non-utf8 data instead of failing [kubernetes-client/python-base104](
- Add email scope to GCP provided credential refresh [kubernetes-client/python-base110](
- Fix broken urllib3 dependencies [kubernetes-client/python816](

**New Feature:**
- Add method to dynamically set namespace in yaml utility [kubernetes-client/python782](


**Bug Fix:**
- Make watch work with read_namespaced_pod_log [kubernetes-client/python-base93](
- Add Rbac support for creating from YAML [kubernetes-client/python767](

**New Feature:**
- Config loader supports loading from multiple kubeconfig files [kubernetes-client/python-base94](
- Add a script to fix setup on Windows [kubernetes-client/python766](
- Extend YAML load functionality to \*LIST and multi-resources [kubernetes-client/python673](

**API Change:**
- Remove the AdmissionregistrationV1alpha1 API group, containing only the InitializationConfiguration type [kubernetes/kubernetes72972](
- Promote Lease API to v1 [kubernetes/kubernetes72239](
- The Ingress API is now available via `NetworkingV1beta1Api`. `ExtensionsV1beta1Api` Ingress objects are deprecated and will no longer be served in Kubernetes v1.18 [kubernetes/kubernetes74057](
- Introduce RuntimeClass to NodeV1alpha1Api and NodeV1beta1Api [kubernetes/kubernetes74433](
- Graduate PriorityClass API to GA SchedulingV1Api [kubernetes/kubernetes73555](
- Introduce CSINodeInfo and CSIDriver to StorageV1beta1Api [kubernetes/kubernetes74283](
- The alpha Initializers feature, `` API version, `Initializers` admission plugin, and use of the `metadata.initializers` API field have been removed. Discontinue use of the alpha feature and delete any existing `InitializerConfiguration` API objects before upgrading. The `metadata.initializers` field will be removed in a future release. The parameter `include_uninitialized` has been removed. [kubernetes/kubernetes72972](


**Bug Fix:**
- Add fieldSelector parameter to list/watch methods in custom objects spec [kubernetes-client/gen106](


**Breaking Change:**
- Move dependancy adal under extra require [kubernetes-client/python-base108](

**Bug Fix:**
- Honor the specified resource version in stream request when watch restarts [kubernetes-client/python-base109](

**API Change:**
- Add timeoutSeconds parameter to CustomObjectsApi list/watch calls [kubernetes-client/gen94](

**New Feature:**
- Avoid creating unused ThreadPools [kubernetes-client/gen91](


**Bug Fix:**
- Refresh GCP auth tokens on API retrieval [kubernetes-client/python-base92](
- Fix kubeconfig loading failure when server uri contains trailing slash [kubernetes-client/python-base45](

**Security Fix:**
- Bump urllib3 version to pick up security fix for CVE-2018-20060 [kubernetes-client/python707](

**API Change:**
- Add dynamic audit configuration api: AuditregistrationV1alpha1Api [kubernetes/kubernetes67547](
- CSIPersistentVolume feature, i.e. PersistentVolumes with CSIPersistentVolumeSource, is GA. CSIPersistentVolume feature gate is now deprecated and will be removed according to deprecation policy. [kubernetes/kubernetes69929](
- Add support for CRD conversion webhook [kubernetes/kubernetes67006](
- CRD supports multi-version Schema, Subresources and AdditionalPrintColumns (NOTE that CRDs created prior to 1.13 populated the top-level additionalPrinterColumns field by default. To apply an update that changes to per-version additionalPrinterColumns, the top-level additionalPrinterColumns field must be explicitly set to null). [kubernetes/kubernetes70211](
- Add ability to control primary GID of containers through Pod Spec and PodSecurityPolicy [kubernetes/kubernetes67802](
- Refactor GlusterFS PV spec. This patch introduces glusterfsPersistentVolumeSource addition to glusterfsVolumeSource. All fields remains same as glusterfsVolumeSource with an addition of a new field called `EndpointsNamespace` to define namespace of endpoint in the spec. [kubernetes/kubernetes60195](
- Delete request's body parameter is optional [kubernetes/kubernetes70032](
- Make service environment variables optional [kubernetes/kubernetes68754](
- TokenReview now supports audience validation of tokens with audiences other than the kube-apiserver. [kubernetes/kubernetes62692](

**Breaking Change:**
- Model v1beta1WebhookClientConfig is renamed to AdmissionregistrationV1beta1WebhookClientConfig, to avoid naming conflict with ApiextensionsV1beta1WebhookClientConfig introduced in: [kubernetes/kubernetes67006](
- Delete request's body parameter is optional [kubernetes/kubernetes70032](


**Bug Fix:**
- Refresh GCP auth tokens on API retrieval [kubernetes-client/python-base92](
- Fix kubeconfig loading failure when server uri contains trailing slash [kubernetes-client/python-base45](

**Security Fix:**
- Bump urllib3 version to pick up security fix for CVE-2018-20060 [kubernetes-client/python707](


**New Feature:**
- Add utility to create API resource from yaml file [kubernetes-client/python655](


**Bug Fix:**
- Update ExecProvider to use safe\_get() to tolerate kube-config file that sets
`args: null` and `env: null` [kubernetes-client/python-base91](
- Properly deserialize API server's response when posting a deployment rollback [kubernetes/kubernetes68909](

**API Change:**
- dry-run: CREATE/UPDATE/PATCH methods now support dryRun parameter [kubernetes/kubernetes69359](


**New Feature:**
- Add exec-plugins support in kubeconfig [kubernetes-client/python-base75](

**Bug Fix:**
- Fix reading kubeconfig data with bytes in Python 3

**API Change:**
- Upon receiving a LIST request with expired continue token, the apiserver now returns a continue token together with the 410 "the from parameter is too old " error. If the client does not care about getting a list from a consistent snapshot, the client can use this token to continue listing from the next key, but the returned chunk will be from the latest snapshot [kubernetes/kubernetes67284](
- Introduces autoscaling/v2beta2 and custom\_metrics/v1beta2, which implement metric selectors for Object and Pods metrics, as well as allowing AverageValue targets on Objects, similar to External metrics [kubernetes/kubernetes64097](
- Create "" api group with "Lease" api in it [kubernetes/kubernetes64246](
- Added support to restore a volume from a volume snapshot data source: adds TypedLocalObjectReference in the core API and adds DataSource in PersistentVolumeClaimSpec [kubernetes/kubernetes67087](
- ProcMount added to SecurityContext and AllowedProcMounts added to
PodSecurityPolicy to allow paths in the container's /proc to not be masked [kubernetes/kubernetes64283](
- Support both directory and block device for local volume plugin FileSystem
VolumeMode [kubernetes/kubernetes63011](
- SCTP is now supported as additional protocol (alpha) alongside TCP and UDP in
Pod, Service, Endpoint, and NetworkPolicy [kubernetes/kubernetes64973](
- RuntimeClass is a new API resource for defining different classes of runtimes
that may be used to run containers in the cluster. Pods can select a
RunitmeClass to use via the RuntimeClassName field. This feature is in alpha,
and the RuntimeClass feature gate must be enabled in order to use it [kubernetes/kubernetes67737](
- The PodShareProcessNamespace feature to configure PID namespace sharing within
a pod has been promoted to beta [kubernetes/kubernetes66507](
- To address the possibility dry-run requests overwhelming admission webhooks that rely on side effects and a reconciliation mechanism, a new field is being added to and so that webhooks can explicitly register as having dry-run support. If a dry-run request is made on a resource that triggers a non dry-run supporting webhook, the request will be completely rejected, with "400: Bad Request". Additionally, a new field is being added to the API object, exposing to webhooks whether or not the request being reviewed is a dry-run [kubernetes/kubernetes66936](
- Add custom object status and scale api [kubernetes-client/gen72](
- dry-run: DELETE operations now support dryRun parameter [kubernetes/kubernetes65105](
- Default extensions/v1beta1 Deployment's ProgressDeadlineSeconds to MaxInt32


**Security Fix:**
- Bump urllib3 version to pick up security fix for CVE-2018-20060 [kubernetes-client/python707](

7.0.0 insecure

**New Features:**
- Add support for refreshing Azure tokens [kubernetes-client/python-base77](

7.0.0b1 insecure

**New Features:**
- Add Azure support to authentication loading [kubernetes-client/python-base74](

7.0.0a1 insecure

**Breaking Change:**
- **ACTION REQUIRED** Rename the currently being-used `async` parameter to `async_req` to support Python 3.7 because it's a reserved keyword in Python 3.7 [kubernetes-client/gen67](

**Bug Fix:**
- Watch now properly deserializes custom resource objects and updates resource version [kubernetes-client/python-base64](
- `idp-certificate-authority-data` in kubeconfig is now optional instead of required for OIDC token refresh [kubernetes-client/python-base69](

**API Change:**
- ApiextensionsV1beta1Api: Add PATCH and GET to custom_resource_definition_status [kubernetes/kubernetes63619](
- ApiregistrationV1Api and ApiregistrationV1beta1Api: Add PATCH and GET to api_service_status [kubernetes/kubernetes64063](
- CertificatesV1beta1Api: Add PATCH and GET to certificate_signing_request_status [kubernetes/kubernetes64063](
- SchedulingV1beta1Api: Promote priority_class to beta [kubernetes/kubernetes63100](
- PodSecurityPolicy now supports restricting hostPath volume mounts to be readOnly and under specific path prefixes [kubernetes/kubernetes58647](
- The Sysctls experimental feature has been promoted to beta (enabled by default via the `Sysctls` feature flag). PodSecurityPolicy and Pod objects now have fields for specifying and controlling sysctls. Alpha sysctl annotations will be ignored by 1.11+ kubelets. All alpha sysctl annotations in existing deployments must be converted to API fields to be effective. [kubernetes/kubernetes63717](
- Add CRD Versioning with NOP converter [kubernetes/kubernetes63830](
- Volume topology aware dynamic provisioning [kubernetes/kubernetes63233](
- Fixed incorrect OpenAPI schema for CustomResourceDefinition objects with a validation schema [kubernetes/kubernetes65256](

6.1.0 insecure

- Python 3.7 support
- Update to Kubernetes 1.10.10 API

**Breaking Change:**
- **ACTION REQUIRED** Rename the currently being-used `async` parameter to `async_req` to support Python 3.7 because `async` is a reserved keyword in Python 3.7 [kubernetes-client/gen67](
- **NOTE** Python 3.7 was released after v6.0.0 release. It's not necessary to upgrade your client to v6.1.0 if you do not use Python 3.7+.

**API change:**
- Add custom object status and scale api kubernetes-client/gen72

6.0.0 insecure

- Config loader now supports OIDC auth [kubernetes-client/python-base48](
- Bug fix: fix expiry time checking in API token refresh [kubernetes-client/python-base55](

6.0.0b1 insecure

- Update to Kubernetes 1.10 cluster
- Config loader now raises exception on duplicated name in kubeconfig [kubernetes-client/python-base47](

**API change:**
- CustomObjectsApi: Add PATCH to CustomObjectsApi [kubernetes-client/gen53](
- Promoting the (aggregation) to GA (ApiregistrationV1Api) [kubernetes/kubernetes58393](
- CoreV1Api: remove /proxy legacy API (deprecated since kubernetes v1.2). Use the /proxy subresources on objects that support HTTP proxying [kubernetes/kubernetes59884](
- The `PodSecurityPolicy` API has been moved to the `policy/v1beta1` API group. The `PodSecurityPolicy` API in the `extensions/v1beta1` API group is deprecated and will be removed in a future release. Authorizations for using pod security policy resources should change to reference the `policy` API group after upgrading to 1.11 [kubernetes/kubernetes54933](
- StorageV1beta1Api: Introduce new `VolumeAttachment` API Object [kubernetes/kubernetes54463](
- V1FlexPersistentVolumeSource: PersistentVolume flexVolume sources can now reference secrets in a namespace other than the PersistentVolumeClaim's namespace [kubernetes/kubernetes56460](
- ACTION REQUIRED: VolumeScheduling and LocalPersistentVolume features are beta and enabled by default.  The PersistentVolume NodeAffinity alpha annotation is deprecated and will be removed in a future release [kubernetes/kubernetes59391](
- Allows HorizontalPodAutoscaler to use global metrics not associated with any Kubernetes object (for example metrics from a hoster service running outside of Kubernetes cluster) [kubernetes/kubernetes60096](
- v1.Pod now has a field to configure whether a single process namespace should be shared between all containers in a pod. This feature is in alpha preview. [kubernetes/kubernetes58716](
- delete_namespaced_service() now takes an required body (delete option) parameter. Refactor service storage to remove registry wrapper [kubernetes/kubernetes59510](

**Documentation update:**
- Never let cluster-scoped resources skip webhooks [kubernetes/kubernetes58185](
- Clarify that ListOptions.Timeout is not conditional on inactivity [kubernetes/kubernetes58562](
- Indicate endpoint subsets are an optional field [kubernetes/kubernetes59434](

5.0.0 insecure

- No changes. The same as `v5.0.0b1`.

5.0.0b1 insecure

- Update to Kubernetes 1.9 cluster
- Label selector for pods is now required and must match the pod template's labels for v1beta2 StatefulSetSpec, ReplicaSetSpec, DaemonSetSpec and DeploymentSpec kubernetes/kubernetes55357
- The dynamic admission webhook is split into two kinds, mutating and validating. The kinds have changed completely and old code must be ported to - MutatingWebhookConfiguration and ValidatingWebhookConfiguration kubernetes/kubernetes55282
- DaemonSet, Deployment, ReplicaSet, and StatefulSet have been promoted to GA and are available in the apps/v1 group version kubernetes/kubernetes53679
- Introduce new VolumeAttachment object kubernetes/kubernetes54463
- Introduce core/v1 RBDPersistentVolumeSource kubernetes/kubernetes54302
- StatefulSet status now has support for conditions kubernetes/kubernetes55268
- DaemonSet status now has support for conditions kubernetes/kubernetes55272

4.0.0 insecure

- api change V1PersistentVolumeSpec to V1ScaleIOPersistentVolumeSource 397.

4.0.0b1 insecure

- Make sure PyPI source distribution is complete with all files from the root directory

4.0.0a1 insecure

- Update to Kubernetes 1.8 cluster
- IntOrString is now object thus it can be int or string. 18 359
- Adding stream package to support calls like exec. The old way of calling them is deprecated. See [Troubleshooting](README.mdwhy-execattach-calls-doesnt-work)).
- config.http_proxy_url is deprecated. use configuration.proxy instead.
- Configuration is not a singleton object anymore. Please use Configuraion.set_default to change default configuration.
- Configuration class does not support `ws_streaming_protocol` anymore. In ApiClient.set_default_header set `sec-websocket-protocol` to the preferred websocket protocol.

3.0.0 insecure

- Fix Operation names for subresources kubernetes/kubernetes49357

3.0.0b1 insecure

- Add proper GCP config loader and refresher kubernetes-client/python-base22
- Add ws_streaming_protocol and use v4 by default kubernetes-client/python-base20
- Respect the KUBECONFIG environment variable if set kubernetes-client/python-base19
- Allow setting maxsize for PoolManager kubernetes-client/python-base18
- Restricting the websocket-client to <=0.40 299

3.0.0a1 insecure

- Update client to kubernetes 1.7
- Support ThirdPartyResources (TPR) and CustomResourceDefinitions (CRD). Note that TPR is deprecated in kubernetes 251 201
- Better dependency management 136
- Add support for python3.6 244

2.0.0 insecure

- No changes. The same as `v2.0.0b1`.


- Bugfix: support RFC6902 'json-patch' operations 187

2.0.0b1 insecure

- Add support for attach API calls 180
- Bugfix: token file should not be decoded 182
- Inline primitive models (e.g. v1.Time and resource.Quantity) 179
- Bugfix: urllib3 1.21 fails tests, Excluding version 1.21 from dependencies 197

2.0.0a1 insecure

- Update to kubernetes 1.6 spec 169

1.0.2 insecure

- Bugfix: support RFC6902 'json-patch' operations 187

1.0.1 insecure

- Bugfix: urllib3 1.21 fails tests, Excluding version 1.21 from dependencies 197

1.0.0 insecure

- Bugfix: blocking exec call should remove channel metadata 140
- Add close method to websocket api of interactive exec 145

1.0.0b3 insecure

- Bugfix: Missing websocket-client dependency 131

1.0.0b2 insecure

- Support exec calls in both interactive and non-interactive mode 58

1.0.0b1 insecure

- Support insecure-skip-tls-verify config flag 99
- Added example for using yaml files as models 63
- Added end to end tests 41, 94
- Bugfix: Fix ValueError in list_namespaced_config_map 104
- Bugfix: Export missing models 101
- Bugfix: Patch operations 93

1.0.0a5 insecure

- Bugfix: Missing fields in some models 85, kubernetes/kubernetes39465

1.0.0a4 insecure

- Bugfix: Fixed broken config loader 77

1.0.0a3 insecure

- Add context switch to kube config loader 46
- Add default kube config location 64
- Add suport for accessing multiple clusters 7
- Bugfix: Python client does not resolve relative paths in kubeconfig 68
- Bugfix: `read_namespaced_pod_log` get None response 57
- Improved test coverage 54
- Improved client generator 49


- auto-generated client from K8s OpenAPI spec
- kube-config support
- in-cluster config support: Run scripts inside kubernetes cluster
- watch support


Skipped because of a failed initial release.

Release Process

The Kubernetes Python client is released on an as-needed basis. The process is as follows:

1. An issue is proposing a new release with a changelog since the last release
1. Update the support matrix in removing the oldest version and adding the
proposed release.
1. All [OWNERS](OWNERS) must LGTM this release
1. An OWNER runs `git tag -s $VERSION` and inserts the changelog and pushes
the tag with `git push $VERSION`
1. The release issue is closed
1. An announcement email is sent to ``
with the subject `[ANNOUNCE] kubernetes-python-client $VERSION is released`