December 19, 2024

LWKD: Week Ending December 15, 2024

Week Ending December 15, 2024

Developer News

This will be the last LWKD issue of the year. Publication will resume in 2025 with the January 5th edition.

Submissions for the maintainer summit at Kubecon London are due January 12th. The CfP for the main tracks in Kubecon China, Kubecon India, and Kubecon Japan are now open.

Release Schedule

Next Deadline: 1.33 Cycle Begins, January ??

The 1.33 development cycle will begin in early January, but a specific schedule has not been set.

Featured PRs

128718 FG:InPlacePodVerticalScaling- Enable resizing containers without limits

This PR fixes critical bugs in the pod resize code, specifically addressing cases where containers lack resource limits. It ensures proper handling of these scenarios, enabling in-place vertical scaling for such containers. Also, the PR enhances test coverage to prevent regressions, marking a step forward for reliable container resizing in Kubernetes.

KEP of the Week

KEP-3221: Structured Authorization Configuration

Currently, kube-apiserver configures its authorization chain using --authorization-* flags, limiting admins to a single webhook via --authorization-modes. This restricts creating ordered authorization chains with multiple webhooks. This proposal suggests a structured configuration for defining the authorization chain, supporting multiple webhooks with fine-grained controls, including an explicit Deny authorizer.

This KEP is tracked for alpha release in the ongoing v1.32 cycle.

Other Merges

• kubectl apply now coerces null values for labels and annotations in manifests to empty string values

• Configure watch cache history window based on request timeout

• kubectl: improved test coverage for cordon command

• Removed the limitation on exposing port 10250 externally in service

• kube-proxy extends the schema of metrics/ endpoints to incorporate info about corresponding IP family

• Fix for data race in CBOR serializer’s custom marshaler type cache

• kubelet: Improvements to reboot event reporting

• kubeadm: removed preflight check for ip, iptables, ethtool and tc on Linux nodes

• docs: example added for set-based requirement for -l/–selector flag

• Drop use of winreadlinkvolume godebug option

• kubelet: fix for issue mounting CSI volumes on Windows nodes in 1.32.0 release candidates

• Added validation to versioned feature specs

• Added kubelet validation for containerLogMaxFiles

• scheduler: Renamed UpdatePodTolerations for code style consistency

• kubeadm: Fix to not read kubeconfig from disk repeatedly in the init phase

• Added a /flagz endpoint for kube-proxy

• Adjustments to throughput threshold for new tests based on historical times to avoid flakiness.

• Record dataTimestamp from external signers at float granularity

• Use autoscalingv2 in kubectl autoscale

• DRA: validations for labels in node selectors

• Fix for memory leak in kube-proxy EndpointSliceCache

• FG:InPlacePodVerticalScaling Remove ResizePolicy defaulting

• Use generic sets rather than deprecated sets.String

• Test EndpointSlice in dual-stack e2e tests

• Fix for linting issue in TestNodeDeletionReleaseCIDR

• Cleanup for ServiceChangeTracker and EndpointsChangeTracker

• Improvements to validation for missing storedVersion

• Documententation added for the existence of nftables as a kube-proxy mode

• Fixed kubectl wait –for=create behavior with label selectors

• Added non graceful shutdown integration test

• Added validation for NodeSelectorRequirement’s values

• Fix to prevent unnecessary resolving of iscsi/fc devices

• Optionally set the User.UID from an x509 client cert

• Fine-grained QHints for interpodaffinity plugin

• Allow ContainerResource calculations to continue with missing metrics like Resource calculations

• Added warning for duplicate port name definition

Deprecated

• Removed support for v1alpha1 version of ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding API kinds.

• kube-apiserver: inactive serving code is removed for authentication.k8s.io/v1alpha1 APIs

• Deprecated pod_scheduling_duration_seconds metric is removed

Version Updates

• Bump kubedns and nodelocaldns to 1.24.0

• Bump kube-openapi

• x/crypto/ssh dependency to v0.31.0

• cri-tools to v1.32.0

• Update publishing-bot rules to Go 1.22.9

• hnslib to v0.0.8

Shoutouts

• Big 1.32 Shoutout from Federico Muñoz: With Kubernetes v1.32 out, I want to acknowledge those that made it possible: my Release Lead shadows @Nina Polshakova @Sreeram Venkitesh @Mohammad Reza Saleh @Vyom Yadav, Enhancements Lead @tjons and shadows @Jenny Shu @Sepideh @Dipesh, Release Signal lead @Drew Hagen, and shadows @Amim Knabben @ChengHao Yang (tico88612) @Wendy Ha @sbaumer, Docs lead @dchan, and shadows @anshuman @Rod @James Spurin @Shedrack Akintayo @Michelle Nguyen, Release Notes lead @satyampsoni, and shadows @Augustin Tsang @jefftrojan @Lavish Pal @Melony Q. (aka.cloudmelon ) @rayandas @Sneha, Comms lead @Matteo, and shadows @Edith @Rashan @Ryota @Will-I-Am, Release Managers @jimangel and @Mickey and our EA @Kat Cosgrove (plus @Grace Nguyen from SIG Release). The success of this is much more the result of all your tireless work than anything else.