LWKD: Week Ending April 17, 2022
Developer News
The April Community Meeting is this Thursday (1700UTC / 10am PDT). We plan to discuss topics around running SIGs, including chair term limits, annual reports, and dividing Tech Leads from Chairs. We'll probably also hash out how to handle non-expiring critical bugs.
Dims issued a call for action on our panoply of flaky test jobs and tests. Please see what you can do to make our tests more reliable, and see SIG-Testing for guidance on how to get started.
All Kubernetes developers should update their dev environments to go 1.18.1
Registration for the Kubecon EU Contributor Summit, including a social event, is open.
Release Schedule
Next Deadline: Release Candidate and Branch, April 19th
We are officially in overtime for 1.24, which has been delayed until May 3rd due to waiting for Go 1.18.1 (see below). Please use this time to clean up flaky and failing tests, including a failing test in master-blocking which could delay release further. Let's see if we can get 1.24 out with a clean testgrid.
April patch releases were also delayed for the same reason, and should come out this Tuesday.
Release Team Shadow Applications are open. Please read about the shadow training system and decide if being part of the 1.25 Release Team might be for you.
Featured PRs
#109471: etcd: Update to v3.5.3
The recommended etcd version was has been updated to 3.5.3. This release includes a fix for the previously reported data corruption bug during node failures or crashes. In some situations, a crash at the wrong moment would result in a committed transaction not being applied across all replicas. If you are still using etcd 3.4, there is a 3.5 upgrade guide, otherwise this should be a drop-in upgrade.
#109461: Go: Update Go to 1.18.1
Last month, Go 1.18 was published and Kubernetes was upgraded to use it for official builds. A big change in 1.18 is that it now rejects SHA-1 TLS certificates as they are not secure anymore, unfortunately this change also broke all other uses of SHA-1 in TLS. While the internet TLS/PKI community (and CA/BF, the organization that oversees public Certificate Authorities) have disallowed SHA-1 for certificates for almost a decade, it is still sometimes used in other places such as short-lived CSRs, CRLs, and OCSP responses. The latter two are especially troublesome as they are not likely under the control of the cluster operator. As such this was deemed a 1.24 release blocker and we would wait for 1.18.1, which correctly limits the restriction to only certificates. With 1.18.1 now released, we have now upgraded to it so go update your local development environments and we should be back on track shortly.
Other Merges
- Register scheduler plugin events correctly and avoid queuing delays
Reversions
- ClusterCIDRConfig has been reverted and the API removed from 1.24 as not all work was completed within the freeze window
- JobTrackingWithFinalizers has been disabled by default due to an unresolved issue
Version Updates
- go to 1.18.1 in 1.24 and 1.25, and to 1.17.9 in 1.23.