cs_versions_changelog.md

copyright	lastupdated
years 2014, 2018	2018-09-25

{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:pre: .pre} {:table: .aria-labeledby="caption"} {:codeblock: .codeblock} {:tip: .tip} {:download: .download}

Version changelog

{: #changelog}

View information of version changes for major, minor, and patch updates that are available for your {{site.data.keyword.containerlong}} Kubernetes clusters. Changes include updates to Kubernetes and {{site.data.keyword.Bluemix_notm}} Provider components. {:shortdesc}

IBM applies patch-level updates to your master automatically, but you must update your worker nodes patch. For both master and worker nodes, you must apply major and minor updates. Check monthly for available updates. As updates become available, you are notified when you view information about the master and worker nodes in the GUI or CLI, such as with the following commands: ibmcloud ks clusters, cluster-get, workers, or worker-get.

For a summary of migration actions, see Kubernetes versions. {: tip}

For information about changes since the previous version, see the following changelogs.

• Version 1.11 changelog.
• Version 1.10 changelog.
• Version 1.9 changelog.
• Archive of changelogs for deprecated or unsupported versions.

Version 1.11 changelog

{: #111_changelog}

Review the following changes.

Changelog for 1.11.3_1521, released 20 September 2018

{: #1113_1521}

Changes since version 1.11.2_1516

Component	Previous	Current	Description
{{site.data.keyword.Bluemix_notm}} Provider	v1.11.2-71	v1.11.3-91	Updated to support Kubernetes 1.11.3 release.
IBM file storage classes	N/A	N/A	Removed `mountOptions` in the IBM file storage classes to use the default that is provided by the worker node. Also, now when you update the cluster master, the default IBM file storage class remains `ibmc-file-bronze`. If you want to change the default storage class, run `kubectl patch storageclass -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'` and replace `` with the name of the storage class.
Kubernetes	v1.11.2	v1.11.3	See the [Kubernetes release notes ](https://github.com/kubernetes/kubernetes/releases/tag/v1.11.3).
Kubernetes DNS autoscaler	1.1.2-r2	1.2.0	See the [Kubernetes DNS autoscaler release notes ](https://github.com/kubernetes-incubator/cluster-proportional-autoscaler/releases/tag/1.2.0).
Log rotate	N/A	N/A	Switched to use `systemd` timers instead of `cronjobs` to prevent `logrotate` from failing on worker nodes that are not reloaded or updated within 90 days. **Note**: In all earlier versions for this minor release, the primary disk fills up after the cron job fails because the logs are not rotated. The cron job fails after the worker node is active for 90 days without being updated or reloaded. If the logs fill up the entire primary disk, the worker node enters a failed state. The worker node can be fixed by using the `ibmcloud ks worker-reload` [command](cs_cli_reference.html#cs_worker_reload) or the `ibmcloud ks worker-update` [command](cs_cli_reference.html#cs_worker_update).
Root password expiration	N/A	N/A	Root passwords for the worker nodes expire after 90 days for compliance reasons. If your automation tooling needs to log in to the worker node as root or relies on cron jobs that run as root, you can disable the password expiration by logging into the worker node and running `chage -M -1 root`. **Note**: If you have security compliance requirements that prevent running as root or removing password expiration, do not disable the expiration. Instead, you can [update](cs_cli_reference.html#cs_worker_update) or [reload](cs_cli_reference.html#cs_worker_reload) your worker nodes at least every 90 days.
Worker node runtime components (`kubelet`, `kube-proxy`, `containerd`)	N/A	N/A	Removed dependencies of runtime components on the primary disk. This enhancement prevents worker nodes from failing when the primary disk is filled up.
Systemd	N/A	N/A	Periodically clean transient mount units to prevent them from becoming unbounded. This action addresses [Kubernetes issue 57345 ](kubernetes/kubernetes#57345).

Changelog for 1.11.2_1516, released 04 September 2018

{: #1112_1516}

Changes since version 1.11.2_1514

Component	Previous	Current	Description
Calico	v3.1.3	v3.2.1	See the [Calico release notes ](https://docs.projectcalico.org/v3.2/releases/#v321).
containerd	1.1.2	1.1.3	See the [`containerd` release notes ](https://github.com/containerd/containerd/releases/tag/v1.1.3).
{{site.data.keyword.Bluemix_notm}} Provider	v1.11.2-60	v1.11.2-71	Changed the cloud provider configuration to better handle updates for load balancer services with `externalTrafficPolicy` set to `local`.
IBM file storage plug-in configuration	N/A	N/A	Removed the default NFS version from the mount options in the IBM-provided file storage classes. The host's operating system now negotiates the NFS version with the IBM Cloud infrastructure (SoftLayer) NFS server. To manually set a specific NFS version, or to change the NFS version of your PV that was negotiated by the host's operating system, see [Changing the default NFS version](cs_storage_file.html#nfs_version_class).

Changelog for worker node fix pack 1.11.2_1514, released 23 August 2018

{: #1112_1514}

Changes since version 1.11.2_1513

Component	Previous	Current	Description
`systemd`	229	230	Updated `systemd` to fix `cgroup` leak.
Kernel	4.4.0-127	4.4.0-133	Updated worker node images with kernel update for [CVE-2018-3620,CVE-2018-3646 ](https://usn.ubuntu.com/3741-1/).

Changelog for 1.11.2_1513, released 14 August 2018

{: #1112_1513}

Changes since version 1.10.5_1518

Component	Previous	Current	Description
containerd	N/A	1.1.2	`containerd` replaces Docker as the new container runtime for Kubernetes. See the [`containerd` release notes ](https://github.com/containerd/containerd/releases/tag/v1.1.2). For actions that you must take, see [Migrating to `containerd` as the container runtime](cs_versions.html#containerd).
Docker	N/A	N/A	`containerd` replaces Docker as the new container runtime for Kubernetes, to enhance performance. For actions that you must take, see [Migrating to `containerd` as the container runtime](cs_versions.html#containerd).
etcd	v3.2.14	v3.2.18	See the [etcd release notes ](https://github.com/coreos/etcd/releases/v3.2.18).
{{site.data.keyword.Bluemix_notm}} Provider	v1.10.5-118	v1.11.2-60	Updated to support Kubernetes 1.11 release. In addition, load balancer pods now use the new `ibm-app-cluster-critical` pod priority class.
IBM file storage plug-in	334	338	Updated `incubator` version to 1.8. File storage is provisioned to the specific zone that you select. You cannot update an existing (static) PV instance labels, unless you are using a multizone cluster and need to [add the region the zone labels](cs_storage_basics.html#multizone).
Kubernetes	v1.10.5	v1.11.2	See the [Kubernetes release notes ](https://github.com/kubernetes/kubernetes/releases/tag/v1.11.2).
Kubernetes configuration	N/A	N/A	Updated the OpenID Connect configuration for the cluster's Kubernetes API server to support {{site.data.keyword.Bluemix_notm}} Identity Access and Management (IAM) access groups. Added `Priority` to the `--enable-admission-plugins` option for the cluster's Kubernetes API server and configured the cluster to support pod priority. For more information, see: [IAM access groups](cs_users.html#rbac) [Configuring pod priority](cs_pod_priority.html#pod_priority)
Kubernetes Heapster	v1.5.2	v.1.5.4	Increased resource limits for the `heapster-nanny` container. See the [Kubernetes Heapster release notes ](https://github.com/kubernetes/heapster/releases/tag/v1.5.4).
Logging configuration	N/A	N/A	The container log directory is now `/var/log/pods/` instead of the previous `/var/lib/docker/containers/`.

Version 1.10 changelog

{: #110_changelog}

Review the following changes.

Changelog for worker node fix pack 1.10.7_1521, released 20 September 2018

{: #1107_1521}

Changes since version 1.10.7_1520

Component	Previous	Current	Description
Log rotate	N/A	N/A	Switched to use `systemd` timers instead of `cronjobs` to prevent `logrotate` from failing on worker nodes that are not reloaded or updated within 90 days. **Note**: In all earlier versions for this minor release, the primary disk fills up after the cron job fails because the logs are not rotated. The cron job fails after the worker node is active for 90 days without being updated or reloaded. If the logs fill up the entire primary disk, the worker node enters a failed state. The worker node can be fixed by using the `ibmcloud ks worker-reload` [command](cs_cli_reference.html#cs_worker_reload) or the `ibmcloud ks worker-update` [command](cs_cli_reference.html#cs_worker_update).
Worker node runtime components (`kubelet`, `kube-proxy`, `docker`)	N/A	N/A	Removed dependencies of runtime components on the primary disk. This enhancement prevents worker nodes from failing when the primary disk is filled up.
Root password expiration	N/A	N/A	Root passwords for the worker nodes expire after 90 days for compliance reasons. If your automation tooling needs to log in to the worker node as root or relies on cron jobs that run as root, you can disable the password expiration by logging into the worker node and running `chage -M -1 root`. **Note**: If you have security compliance requirements that prevent running as root or removing password expiration, do not disable the expiration. Instead, you can [update](cs_cli_reference.html#cs_worker_update) or [reload](cs_cli_reference.html#cs_worker_reload) your worker nodes at least every 90 days.
Systemd	N/A	N/A	Periodically clean transient mount units to prevent them from becoming unbounded. This action addresses [Kubernetes issue 57345 ](kubernetes/kubernetes#57345).

Changelog for 1.10.7_1520, released 04 September 2018

{: #1107_1520}

Changes since version 1.10.5_1519

Calico	v3.1.3	v3.2.1	See the Calico [release notes ](https://docs.projectcalico.org/v3.2/releases/#v321).
{{site.data.keyword.Bluemix_notm}} Provider	v1.10.5-118	v1.10.7-146	Updated to support Kubernetes 1.10.7 release. In addition, changed the cloud provider configuration to better handle updates for load balancer services with `externalTrafficPolicy` set to `local`.
IBM file storage plug-in	334	338	Updated incubator version to 1.8. File storage is provisioned to the specific zone that you select. You cannot update an existing (static) PV instance's labels, unless you are using a multizone cluster and need to add the region and zone labels. Removed the default NFS version from the mount options in the IBM-provided file storage classes. The host's operating system now negotiates the NFS version with the IBM Cloud infrastructure (SoftLayer) NFS server. To manually set a specific NFS version, or to change the NFS version of your PV that was negotiated by the host's operating system, see [Changing the default NFS version](cs_storage_file.html#nfs_version_class).
Kubernetes	v1.10.5	v1.10.7	See the Kubernetes [release notes ](https://github.com/kubernetes/kubernetes/releases/tag/v1.10.7).
Kubernetes Heapster configuration	N/A	N/A	Increased resource limits for the `heapster-nanny` container.

Changelog for worker node fix pack 1.10.5_1519, released 23 August 2018

{: #1105_1519}

Changes since version 1.10.5_1518

Component	Previous	Current	Description
`systemd`	229	230	Updated `systemd` to fix `cgroup` leak.
Kernel	4.4.0-127	4.4.0-133	Updated worker node images with kernel update for [CVE-2018-3620,CVE-2018-3646 ](https://usn.ubuntu.com/3741-1/).

Changelog for worker node fix pack 1.10.5_1518, released 13 August 2018

{: #1105_1518}

Changes since version 1.10.5_1517

Component	Previous	Current	Description
Ubuntu packages	N/A	N/A	Updates to installed Ubuntu packages.

Changelog for 1.10.5_1517, released 27 July 2018

{: #1105_1517}

Changes since version 1.10.3_1514

Component	Previous	Current	Description
Calico	v3.1.1	v3.1.3	See the Calico [release notes ](https://docs.projectcalico.org/v3.1/releases/#v313).
{{site.data.keyword.Bluemix_notm}} Provider	v1.10.3-85	v1.10.5-118	Updated to support Kubernetes 1.10.5 release. In addition, LoadBalancer service `create failure` events now include any portable subnet errors.
IBM file storage plug-in	320	334	Increased the timeout for persistent volume creation from 15 to 30 minutes. Changed the default billing type to `hourly`. Added mount options to the pre-defined storage classes. In the NFS file storage instance in your IBM Cloud infrastructure (SoftLayer) account, changed the **Notes** field to JSON format and added the Kubernetes namespace that the PV is deployed to. To support multizone clusters, added zone and region labels to persistent volumes.
Kubernetes	v1.10.3	v1.10.5	See the Kubernetes [release notes ](https://github.com/kubernetes/kubernetes/releases/tag/v1.10.5).
Kernel	N/A	N/A	Minor improvements to worker node network settings for high performance networking workloads.
OpenVPN client	N/A	N/A	The OpenVPN client `vpn` deployment that runs in the `kube-system` namespace is now managed by the Kubernetes `addon-manager`.

Changelog for worker node fix pack 1.10.3_1514, released 3 July 2018

{: #1103_1514}

Changes since version 1.10.3_1513

Component	Previous	Current	Description
Kernel	N/A	N/A	Optimized `sysctl` for high performance networking workloads.

Changelog for worker node fix pack 1.10.3_1513, released 21 June 2018

{: #1103_1513}

Changes since version 1.10.3_1512

Component	Previous	Current	Description
Docker	N/A	N/A	For non-encrypted machine types, the secondary disk is cleaned by getting a fresh file system when you reload or update the worker node.

Changelog for 1.10.3_1512, released 12 June 2018

{: #1103_1512}

Changes since version 1.10.1_1510

Component	Previous	Current	Description
Kubernetes	v1.10.1	v1.10.3	See the Kubernetes [release notes ](https://github.com/kubernetes/kubernetes/releases/tag/v1.10.3).
Kubernetes Configuration	N/A	N/A	Added `PodSecurityPolicy` to the `--enable-admission-plugins` option for the cluster's Kubernetes API server and configured the cluster to support pod security policies. For more information, see [Configuring pod security policies](cs_psp.html).
Kubelet Configuration	N/A	N/A	Enabled the `--authentication-token-webhook` option to support API bearer and service account tokens for authenticating to the `kubelet` HTTPS endpoint.
{{site.data.keyword.Bluemix_notm}} Provider	v1.10.1-52	v1.10.3-85	Updated to support Kubernetes 1.10.3 release.
OpenVPN client	N/A	N/A	Added `livenessProbe` to the OpenVPN client `vpn` deployment that runs in the `kube-system` namespace.
Kernel update	4.4.0-116	4.4.0-127	New worker node images with kernel update for [CVE-2018-3639 ](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639).

Changelog for worker node fix pack 1.10.1_1510, released 18 May 2018

{: #1101_1510}

Changes since version 1.10.1_1509

Component	Previous	Current	Description
Kubelet	N/A	N/A	Fix to address a bug that occurred if you used the block storage plug-in.

Changelog for worker node fix pack 1.10.1_1509, released 16 May 2018

{: #1101_1509}

Changes since version 1.10.1_1508

Component	Previous	Current	Description
Kubelet	N/A	N/A	The data that you store in the `kubelet` root directory is now saved on the larger, secondary disk of your worker node machine.

Changelog for 1.10.1_1508, released 01 May 2018

{: #1101_1508}

Changes since version 1.9.7_1510

Component	Previous	Current	Description
Calico	v2.6.5	v3.1.1	See the Calico [release notes ](https://docs.projectcalico.org/v3.1/releases/#v311).
Kubernetes Heapster	v1.5.0	v1.5.2	See the Kubernetes Heapster [release notes ](https://github.com/kubernetes/heapster/releases/tag/v1.5.2).
Kubernetes	v1.9.7	v1.10.1	See the Kubernetes [release notes ](https://github.com/kubernetes/kubernetes/releases/tag/v1.10.1).
Kubernetes Configuration	N/A	N/A	Added StorageObjectInUseProtection to the --enable-admission-plugins option for the cluster's Kubernetes API server.
Kubernetes DNS	1.14.8	1.14.10	See the Kubernetes DNS [release notes ](https://github.com/kubernetes/dns/releases/tag/1.14.10).
{{site.data.keyword.Bluemix_notm}} Provider	v1.9.7-102	v1.10.1-52	Updated to support Kubernetes 1.10 release.
GPU support	N/A	N/A	Support for [graphics processing unit (GPU) container workloads](cs_app.html#gpu_app) is now available for scheduling and execution. For a list of available GPU machine types, see [Hardware for worker nodes](cs_clusters_planning.html#shared_dedicated_node). For more information, see the Kubernetes documentation to [Schedule GPUs ](https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/).

Version 1.9 changelog

{: #19_changelog}

Review the following changes.

Changelog for worker node fix pack 1.9.10_1524, released 20 September 2018

{: #1910_1524}

Changes since version 1.9.10_1523

Component	Previous	Current	Description
Log rotate	N/A	N/A	Switched to use `systemd` timers instead of `cronjobs` to prevent `logrotate` from failing on worker nodes that are not reloaded or updated within 90 days. **Note**: In all earlier versions for this minor release, the primary disk fills up after the cron job fails because the logs are not rotated. The cron job fails after the worker node is active for 90 days without being updated or reloaded. If the logs fill up the entire primary disk, the worker node enters a failed state. The worker node can be fixed by using the `ibmcloud ks worker-reload` [command](cs_cli_reference.html#cs_worker_reload) or the `ibmcloud ks worker-update` [command](cs_cli_reference.html#cs_worker_update).
Worker node runtime components (`kubelet`, `kube-proxy`, `docker`)	N/A	N/A	Removed dependencies of runtime components on the primary disk. This enhancement prevents worker nodes from failing when the primary disk is filled up.
Root password expiration	N/A	N/A	Root passwords for the worker nodes expire after 90 days for compliance reasons. If your automation tooling needs to log in to the worker node as root or relies on cron jobs that run as root, you can disable the password expiration by logging into the worker node and running `chage -M -1 root`. **Note**: If you have security compliance requirements that prevent running as root or removing password expiration, do not disable the expiration. Instead, you can [update](cs_cli_reference.html#cs_worker_update) or [reload](cs_cli_reference.html#cs_worker_reload) your worker nodes at least every 90 days.
Systemd	N/A	N/A	Periodically clean transient mount units to prevent them from becoming unbounded. This action addresses [Kubernetes issue 57345 ](kubernetes/kubernetes#57345).

Changelog for 1.9.10_1523, released 04 September 2018

{: #1910_1523}

Changes since version 1.9.9_1522

{{site.data.keyword.Bluemix_notm}} Provider	v1.9.9-167	v1.9.10-192	Updated to support Kubernetes 1.9.10 release. In addition, changed the cloud provider configuration to better handle updates for load balancer services with `externalTrafficPolicy` set to `local`.
IBM file storage plug-in	334	338	Updated incubator version to 1.8. File storage is provisioned to the specific zone that you select. You cannot update an existing (static) PV instance's labels, unless you are using a multizone cluster and need to add the region and zone labels. Removed the default NFS version from the mount options in the IBM-provided file storage classes. The host's operating system now negotiates the NFS version with the IBM Cloud infrastructure (SoftLayer) NFS server. To manually set a specific NFS version, or to change the NFS version of your PV that was negotiated by the host's operating system, see [Changing the default NFS version](cs_storage_file.html#nfs_version_class).
Kubernetes	v1.9.9	v1.9.10	See the Kubernetes [release notes ](https://github.com/kubernetes/kubernetes/releases/tag/v1.9.10).
Kubernetes Heapster configuration	N/A	N/A	Increased resource limits for the `heapster-nanny` container.

Changelog for worker node fix pack 1.9.9_1522, released 23 August 2018

{: #199_1522}

Changes since version 1.9.9_1521

Component	Previous	Current	Description
`systemd`	229	230	Updated `systemd` to fix `cgroup` leak.
Kernel	4.4.0-127	4.4.0-133	Updated worker node images with kernel update for [CVE-2018-3620,CVE-2018-3646 ](https://usn.ubuntu.com/3741-1/).

Changelog for worker node fix pack 1.9.9_1521, released 13 August 2018

{: #199_1521}

Changes since version 1.9.9_1520

Component	Previous	Current	Description
Ubuntu packages	N/A	N/A	Updates to installed Ubuntu packages.

Changelog for 1.9.9_1520, released 27 July 2018

{: #199_1520}

Changes since version 1.9.8_1517

Component	Previous	Current	Description
{{site.data.keyword.Bluemix_notm}} Provider	v1.9.8-141	v1.9.9-167	Updated to support Kubernetes 1.9.9 release. In addition, LoadBalancer service `create failure` events now include any portable subnet errors.
IBM file storage plug-in	320	334	Increased the timeout for persistent volume creation from 15 to 30 minutes. Changed the default billing type to `hourly`. Added mount options to the pre-defined storage classes. In the NFS file storage instance in your IBM Cloud infrastructure (SoftLayer) account, changed the **Notes** field to JSON format and added the Kubernetes namespace that the PV is deployed to. To support multizone clusters, added zone and region labels to persistent volumes.
Kubernetes	v1.9.8	v1.9.9	See the Kubernetes [release notes ](https://github.com/kubernetes/kubernetes/releases/tag/v1.9.9).
Kernel	N/A	N/A	Minor improvements to worker node network settings for high performance networking workloads.
OpenVPN client	N/A	N/A	The OpenVPN client `vpn` deployment that runs in the `kube-system` namespace is now managed by the Kubernetes `addon-manager`.

Changelog for worker node fix pack 1.9.8_1517, released 3 July 2018

{: #198_1517}

Changes since version 1.9.8_1516

Component	Previous	Current	Description
Kernel	N/A	N/A	Optimized `sysctl` for high performance networking workloads.

Changelog for worker node fix pack 1.9.8_1516, released 21 June 2018

{: #198_1516}

Changes since version 1.9.8_1515

Component	Previous	Current	Description
Docker	N/A	N/A	For non-encrypted machine types, the secondary disk is cleaned by getting a fresh file system when you reload or update the worker node.

Changelog for 1.9.8_1515, released 19 June 2018

{: #198_1515}

Changes since version 1.9.7_1513

Component	Previous	Current	Description
Kubernetes	v1.9.7	v1.9.8	See the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/releases/tag/v1.9.8).
Kubernetes Configuration	N/A	N/A	Added PodSecurityPolicy to the --admission-control option for the cluster's Kubernetes API server and configured the cluster to support pod security policies. For more information, see [Configuring pod security policies](cs_psp.html).
IBM Cloud Provider	v1.9.7-102	v1.9.8-141	Updated to support Kubernetes 1.9.8 release.
OpenVPN client	N/A	N/A	Added livenessProbe to the OpenVPN client vpn deployment that runs in the kube-system namespace.

Changelog for worker node fix pack 1.9.7_1513, released 11 June 2018

{: #197_1513}

Changes since version 1.9.7_1512

Component	Previous	Current	Description
Kernel update	4.4.0-116	4.4.0-127	New worker node images with kernel update for [CVE-2018-3639 ](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639).

Changelog for worker node fix pack 1.9.7_1512, released 18 May 2018

{: #197_1512}

Changes since version 1.9.7_1511

Component	Previous	Current	Description
Kubelet	N/A	N/A	Fix to address a bug that occurred if you used the block storage plug-in.

Changelog for worker node fix pack 1.9.7_1511, released 16 May 2018

{: #197_1511}

Changes since version 1.9.7_1510

Component	Previous	Current	Description
Kubelet	N/A	N/A	The data that you store in the `kubelet` root directory is now saved on the larger, secondary disk of your worker node machine.

Changelog for 1.9.7_1510, released 30 April 2018

{: #197_1510}

Changes since version 1.9.3_1506

Component	Previous	Current	Description
Kubernetes	v1.9.3	v1.9.7	See the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/releases/tag/v1.9.7). This release addresses [CVE-2017-1002101 ](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002101) and [CVE-2017-1002102 ](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002102) vulnerabilities. Note: Now `secret`, `configMap`, `downwardAPI`, and projected volumes are mounted as read-only. Previously, apps could write data to these volumes, but the system could automatically revert the data. If your apps rely on the previous insecure behavior, modify them accordingly.
Kubernetes configuration	N/A	N/A	Added `admissionregistration.k8s.io/v1alpha1=true` to the `--runtime-config` option for the cluster's Kubernetes API server.
{{site.data.keyword.Bluemix_notm}} Provider	v1.9.3-71	v1.9.7-102	`NodePort` and `LoadBalancer` services now support [preserving the client source IP](cs_loadbalancer.html#node_affinity_tolerations) by setting `service.spec.externalTrafficPolicy` to `Local`.
			Fix [edge node](cs_edge.html#edge) toleration setup for older clusters.

Archive

{: #changelog_archive}

Unsupported Kubernetes versions:

• Version 1.8
• Version 1.7

Version 1.8 changelog (Unsupported)

{: #18_changelog}

Review the following changes.

Changelog for worker node fix pack 1.8.15_1521, released 20 September 2018

{: #1815_1521}

Changes since version 1.8.15_1520

Component	Previous	Current	Description
Log rotate	N/A	N/A	Switched to use `systemd` timers instead of `cronjobs` to prevent `logrotate` from failing on worker nodes that are not reloaded or updated within 90 days. **Note**: In all earlier versions for this minor release, the primary disk fills up after the cron job fails because the logs are not rotated. The cron job fails after the worker node is active for 90 days without being updated or reloaded. If the logs fill up the entire primary disk, the worker node enters a failed state. The worker node can be fixed by using the `ibmcloud ks worker-reload` [command](cs_cli_reference.html#cs_worker_reload) or the `ibmcloud ks worker-update` [command](cs_cli_reference.html#cs_worker_update).
Worker node runtime components (`kubelet`, `kube-proxy`, `docker`)	N/A	N/A	Removed dependencies of runtime components on the primary disk. This enhancement prevents worker nodes from failing when the primary disk is filled up.
Root password expiration	N/A	N/A	Root passwords for the worker nodes expire after 90 days for compliance reasons. If your automation tooling needs to log in to the worker node as root or relies on cron jobs that run as root, you can disable the password expiration by logging into the worker node and running `chage -M -1 root`. **Note**: If you have security compliance requirements that prevent running as root or removing password expiration, do not disable the expiration. Instead, you can [update](cs_cli_reference.html#cs_worker_update) or [reload](cs_cli_reference.html#cs_worker_reload) your worker nodes at least every 90 days.
Systemd	N/A	N/A	Periodically clean transient mount units to prevent them from becoming unbounded. This action addresses [Kubernetes issue 57345 ](kubernetes/kubernetes#57345).

Changelog for worker node fix pack 1.8.15_1520, released 23 August 2018

{: #1815_1520}

Changes since version 1.8.15_1519

Component	Previous	Current	Description
`systemd`	229	230	Updated `systemd` to fix `cgroup` leak.
Kernel	4.4.0-127	4.4.0-133	Updated worker node images with kernel update for [CVE-2018-3620,CVE-2018-3646 ](https://usn.ubuntu.com/3741-1/).

Changelog for worker node fix pack 1.8.15_1519, released 13 August 2018

{: #1815_1519}

Changes since version 1.8.15_1518

Component	Previous	Current	Description
Ubuntu packages	N/A	N/A	Updates to installed Ubuntu packages.

Changelog for 1.8.15_1518, released 27 July 2018

{: #1815_1518}

Changes since version 1.8.13_1516

Component	Previous	Current	Description
{{site.data.keyword.Bluemix_notm}} Provider	v1.8.13-176	v1.8.15-204	Updated to support Kubernetes 1.8.15 release. In addition, LoadBalancer service `create failure` events now include any portable subnet errors.
IBM file storage plug-in	320	334	Increased the timeout for persistent volume creation from 15 to 30 minutes. Changed the default billing type to `hourly`. Added mount options to the pre-defined storage classes. In the NFS file storage instance in your IBM Cloud infrastructure (SoftLayer) account, changed the **Notes** field to JSON format and added the Kubernetes namespace that the PV is deployed to. To support multizone clusters, added zone and region labels to persistent volumes.
Kubernetes	v1.8.13	v1.8.15	See the Kubernetes [release notes ](https://github.com/kubernetes/kubernetes/releases/tag/v1.8.15).
Kernel	N/A	N/A	Minor improvements to worker node network settings for high performance networking workloads.
OpenVPN client	N/A	N/A	The OpenVPN client `vpn` deployment that runs in the `kube-system` namespace is now managed by the Kubernetes `addon-manager`.

Changelog for worker node fix pack 1.8.13_1516, released 3 July 2018

{: #1813_1516}

Changes since version 1.8.13_1515

Component	Previous	Current	Description
Kernel	N/A	N/A	Optimized `sysctl` for high performance networking workloads.

Changelog for worker node fix pack 1.8.13_1515, released 21 June 2018

{: #1813_1515}

Changes since version 1.8.13_1514

Component	Previous	Current	Description
Docker	N/A	N/A	For non-encrypted machine types, the secondary disk is cleaned by getting a fresh file system when you reload or update the worker node.

Changelog 1.8.13_1514, released 19 June 2018

{: #1813_1514}

Changes since version 1.8.11_1512

Component	Previous	Current	Description
Kubernetes	v1.8.11	v1.8.13	See the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/releases/tag/v1.8.13).
Kubernetes Configuration	N/A	N/A	Added PodSecurityPolicy to the --admission-control option for the cluster's Kubernetes API server and configured the cluster to support pod security policies. For more information, see [Configuring pod security policies](cs_psp.html).
IBM Cloud Provider	v1.8.11-126	v1.8.13-176	Updated to support Kubernetes 1.8.13 release.
OpenVPN client	N/A	N/A	Added livenessProbe to the OpenVPN client vpn deployment that runs in the kube-system namespace.

Changelog for worker node fix pack 1.8.11_1512, released 11 June 2018

{: #1811_1512}

Changes since version 1.8.11_1511

Component	Previous	Current	Description
Kernel update	4.4.0-116	4.4.0-127	New worker node images with kernel update for [CVE-2018-3639 ](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639).

Changelog for worker node fix pack 1.8.11_1511, released 18 May 2018

{: #1811_1511}

Changes since version 1.8.11_1510

Component	Previous	Current	Description
Kubelet	N/A	N/A	Fix to address a bug that occurred if you used the block storage plug-in.

Changelog for worker node fix pack 1.8.11_1510, released 16 May 2018

{: #1811_1510}

Changes since version 1.8.11_1509

Component	Previous	Current	Description
Kubelet	N/A	N/A	The data that you store in the `kubelet` root directory is now saved on the larger, secondary disk of your worker node machine.

Changelog for 1.8.11_1509, released 19 April 2018

{: #1811_1509}

Changes since version 1.8.8_1507

Component	Previous	Current	Description
Kubernetes	v1.8.8	v1.8.11	See the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/releases/tag/v1.8.11). This release addresses [CVE-2017-1002101 ](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002101) and [CVE-2017-1002102 ](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002102) vulnerabilities. Note: Now `secret`, `configMap`, `downwardAPI`, and projected volumes are mounted as read-only. Previously, apps could write data to these volumes, but the system could automatically revert the data. If your apps rely on the previous insecure behavior, modify them accordingly.
Pause container image	3.0	3.1	Removes inherited orphaned zombie processes.
{{site.data.keyword.Bluemix_notm}} Provider	v1.8.8-86	v1.8.11-126	`NodePort` and `LoadBalancer` services now support [preserving the client source IP](cs_loadbalancer.html#node_affinity_tolerations) by setting `service.spec.externalTrafficPolicy` to `Local`.
			Fix [edge node](cs_edge.html#edge) toleration setup for older clusters.

Version 1.7 changelog (Unsupported)

{: #17_changelog}

Review the following changes.

Changelog for worker node fix pack 1.7.16_1514, released 11 June 2018

{: #1716_1514}

Changes since version 1.7.16_1513

Component	Previous	Current	Description
Kernel update	4.4.0-116	4.4.0-127	New worker node images with kernel update for [CVE-2018-3639 ](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639).

Changelog for worker node fix pack 1.7.16_1513, released 18 May 2018

{: #1716_1513}

Changes since version 1.7.16_1512

Component	Previous	Current	Description
Kubelet	N/A	N/A	Fix to address a bug that occurred if you used the block storage plug-in.

Changelog for worker node fix pack 1.7.16_1512, released 16 May 2018

{: #1716_1512}

Changes since version 1.7.16_1511

Component	Previous	Current	Description
Kubelet	N/A	N/A	The data that you store in the `kubelet` root directory is now saved on the larger, secondary disk of your worker node machine.

Changelog for 1.7.16_1511, released 19 April 2018

{: #1716_1511}

Changes since version 1.7.4_1509

Component	Previous	Current	Description
Kubernetes	v1.7.4	v1.7.16	See the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/releases/tag/v1.7.16). This release addresses [CVE-2017-1002101 ](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002101) and [CVE-2017-1002102 ](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002102) vulnerabilities. Note: Now `secret`, `configMap`, `downwardAPI`, and projected volumes are mounted as read-only. Previously, apps could write data to these volumes, but the system could automatically revert the data. If your apps rely on the previous insecure behavior, modify them accordingly.
{{site.data.keyword.Bluemix_notm}} Provider	v1.7.4-133	v1.7.16-17	`NodePort` and `LoadBalancer` services now support [preserving the client source IP](cs_loadbalancer.html#node_affinity_tolerations) by setting `service.spec.externalTrafficPolicy` to `Local`.
			Fix [edge node](cs_edge.html#edge) toleration setup for older clusters.