May 3, 2023

LWKD: Week Ending April 30, 2023

Developer News

In Memoriam: Carolyn Van Slyck, Kubernetes, CNCF, and Porter contributor.

Last week we held the Kubernetes Contributor Summit, which included many discussion sessions(Notes). Big takeaways from this include the revival of the LTS Working Group, as well as discussions on using golangci-lint and how we deal with having many repositories.

Release Schedule

Next Deadline: 1.28 Cycle Begins, May 15th

A new release cycle is starting, with its associated deadlines and plans. The first one coming up is Production Readiness freeze on June 8th. In the meantime, happy hacking!

Shortly before Kubecon we released Patch versions 1.27.1(yes, already), 1.26.4, 1.25.9, 1.24.13. These include Golang updates, runc updates to fix several CVEs, and other fixes listed below.

With the changes to the E2E testing framework, you need to update how you write your tests. Good news, the updates make testing easier and more consistent.

Featured PRs

#115843: Remove/Withdraw NetworkPolicy Status

Originally added in 1.24, the alpha Status field on NetworkPolicy objects is being withdrawn. This was created as a place for network policy plugins to communicate status data, especially errors in policy configuration that were specific to that one provider, out to users. While this was a good goal, the project never really gained much steam and in the interim there have been other options added/popularized such as admission webhooks which cover a lot of the same use cases. SIG-Network may revisit this idea in the future if a more concrete use case with buy-in from the providers is found. But for now if you’ve been using this field either as a policy provider or a user tool consuming it, you can remove that code.

#117558: Remove support for EndpointsLeases and ConfigMapsLeases lock from leader election

We have reached the final phase of the migration of leader elections from the older style to the new Leases system. Originally added way back in Kubernetes 1.12, the Leases API is a high-performance system for managing presence signals, originally for kubelet heartbeats and later extended to other areas. This was later added to the suite of backend supported by client-go’s leader election library as the same performance benefits that made it useful for node heartbeats also reduced the overhead of leader elections while also making them less likely to jam. Over the past few years, the client-go team has worked to migrate toward this being the only option, to reduce the maintenance burden and generally encourage people to use the obviously better thing. This took the form of adding dual-system migration plugins to allow upgrading from the older systems to Leases, and then a gradual removal of the old plugins, starting with the original single-mode ones and now the migration plugins as well.

In concrete terms, this means that all services using the leader election library, such as almost all Operators, that compile against future releases of client-go will only be able to use Leases mode. If you maintain an Operator, now would be a good time to review your upgrade documentation to show people how to handle those upgrades safely, and to make sure you’re switched over to Leases!

Other Merges

• “Registry Unavailable” errors get reported to the user
• kubeadm improved upgrades: coreDNS and kube-proxy, added the UpgradeAddonsBeforeControlPlane feature gate
• Terminate pods with missing volumes faster
• Compare ProviderIDs when syncing nodes in the Cloud Controller Manager
• New metrics: Etcd request and requesterror
• Log the details of pod preemptions
• Job sync concurrency is configurable
• kubectl events --for takes fully-qualified names
• Warn users who leave required PodAffinity fields blank
• Terminate any hanging pods on kubelet restart
• Count pending static pods accurately
• Pass “*” rather than “” to authz when there is no resourceVersion
• Windows: Validate EndpointIP configurations, create podResources
• New kubectl container image on all arch
• Pods will fail if both the DevicePlugin and the actual device aren’t loaded
• More skipping PreFilter for Pods where it doesn’t apply
• Allow filtering on pod hostNetwork
• Custom retry periods for CloudProvider LB

ContextualLogging Migrations: NodeResources, PodTopologySpread, Preemption, and write NamespacedName consistently, pod-security-admission

Bug Fixes in the following areas, most of which are included in the recent patch releases: kube-openapi, scheduler performance, discovery-content-type, strategic merge, CRD conversion, APIservice, TopologyCache, TopologyAwareHints, PreEnqueue plugin execution, http header probes, kubectl-convert, APIserver shutdown, UID authentication, kubelet pod cache, pod resource checks, volume detach, mount points

Deprecated

• The limited-functionality CephFS Intree Driver is now deprecated, and will be removed in 1.29 or 1.30; it’s been superseded by the CSI driver for quite a while
• The Kubefed v1 Repo, long deprecated, has been archived
• client-go will no longer support leader elections via EndpointLeases and ConfigMapLeases; use Leases directly instead
• The unsuccessful NetworkPolicyStatus feature is being removed from Kubernetes
• Remove scheduler_scheduler_goroutines metric
• Cleanup API so that nobody re-enables eventv1beta1, discoveryv1beta1, autoscalingv1beta1, or batchapiv1beta1
• Remove obsolete feature gates WindowsHostProcessContainers, ExperimentalHostUserNamespaceDefaulting
• Remove feature gates for GA’d features MixedProtocolLBService, ServiceInternalTrafficPolicy, ServiceIPStaticSubrange, and EndpointSliceTerminatingCondition, as well as DisableAcceleratorUsageMetrics and PodSecurity
• genericiooptions.IOStreams is the new genericclioptions.IOStreams

Version Updates

• runc go module to 1.1.5 fixing multiple security holes
• Minikube 1.30.0, which fixes two security vulnerabilities
• node-feature-discovery v0.13.1
• cri-tools to 1.27.0
• metrics-server to 0.6.3, including chaging to 15sec resolution