LWKD: Week Ending December 12, 2021
Developer News
Lots of news for you this week, starting with the 1.23 release(release notes). SLSA compliance, Dual Stack, FlexVolume deprecation, PodSecurity API and more. Note that the new version of cri-tools is not yet available, which means that some people should wait to upgrade.
Second, this will be the last LWKD in 2021. Publication will resume in January.
The Contributor Celebration is this week.
The kubernetes-dev
mailing list will be moving to an @kubernetes.io address over the next few weeks, partly in order to fix the community calendar. You should not need to do anything immediately except change your personal address book entry. In 2022, we will be asking document owners to switch document sharing to the new list.
Aldo Culquicondor wants to create a Batch Working Group. SIG-Release will be closing discussion on the SLSA KEP and signing KEP on Dec. 17th, so get your questions in now.
Release Schedule
Next Deadline: 1.24 cycle begins, January 10, 2022
The final patch releases of 2021 are expected out Wednesday December 15th.
Featured PRs
#97252: Completely remove in-tree dockershim from kubelet
Hopefully the removal of Dockershim is not, in general, news to anyone reading this but the day has come. Some will celebrate, a few might mourn for the pain of upgrading, but regardless Dockershim is no more. If you haven’t already responded to the SIG-Node survey maybe give that a look, otherwise just get all your Containerds ready and look forward to a cleaner future. Big congratulations to everyone who helped get this done over the years.
#106852: Remove support for Endpoints and ConfigMaps lock from leader election
client-go
has long had a helper library for managing leader/primary elections, used mostly in controller managers so several replicas can be running for redundancy but most controllers are disabled for secondary instances. Originally this supported two modes, endpoints
and configmaps
, each using their respective API types to create a singleton lock. Back in 1.14, we added a Leases API to more specifically address things like node heartbeats and leader locks. Along with the new API, a leases
lock mode was added. The goal was to move everyone towards the Leases API as it has substantially better performance for both the client and server. While this relatively minor project got a bit lost between other tasks, the day has finally come to force everyone onto bigger and better things.
For migration purposes you can use endpointsleases
and configmapsleases
and do a rolling upgrade to the new API, and those lock modes are still present.
Other Merges
- Revert to prior graceful shutdown behavior of setting pods to “failed because user app breakage; the new behavior will be rolled out with feature gates instead
- Kubeadm: don’t require CA key for checking, but do validate etcd certs
- Metrics: Windows has kube-proxy metrics,new APF metric
apiserver_flowcontrol_work_estimate_seats_samples
,evictions_total
is the newevictions_number
- Kubelet config validation tests got overhauled
kubectl diff
gets a prune command to mirror whatkubectl apply --prune
does
Deprecated
- SIG-Instrumentation proposes to remove the alpha Dynamic Log Sanitization feature in 1.24
--address
and--port
deprecated and insecure options will be removed from the controller-manager and the apiserver in 1.24- client-go’s leader elections won’t let you use an Endpoint or ConfigMap-based lock
k8s.io/apimachinery/util/clock
is being replaced withk8s.io/utils/clock
NamespaceDefaultLabelName
feature gate is removed since it’s GAReallyCrashForTesting
is finally, blessedly, gone
Version Updates
- Golang updated: 1.16.12 in 1.21 & 1.22, 1.17.5 in 1.23, and update golang.org/x/net to match
- Metrics Server to v0.5.2