LWKD: Week Ending February 26, 2023
Developer News
Image Registry Migration: the old signing key, on packages.cloud.google.com, has stopped working. You need to use the new key on dl.k8s.io. The community-images krew plugin will help you identify any remaining references to the old registry on your cluster. It's not just users who need to update; 60 of our project's own repositories still refer to the old registry. Please check those resources and update as soon as you can.
Registration is open for the Amsterdam contributor summit. If you are eligible and attending, please register as soon as you can, so that the summit team can get a headcount and you can get a hoodie.
Aravindh Puthiyaparambil has been nominated as co-chair of SIG-Windows. Casey Davenport is stepping down from SIG-Network, and has nominated Shane Utt to take his place.
Release Schedule
Next Deadline: Enhancement Exceptions Due, March 6th
It's still feature work time, until Code Freeze on March 15th, so keep working on finishing up those 1.27 enhancements. It's also time to think about your tests passing, so please check the new SIG-Release gating test policy.
Patch releases 1.26.2, 1.25.7, 1.24.11, and 1.23.17, are out, together with some changes to patch releases. First, we're no longer building an rc0 for patch releases. Second, we are building patch releases signed using Cosign, but due to technical reasons were unable to sign all objects this patch release. The problem will get fixed next month.
Featured PRs
#102884: In-place Pod Vertical Scaling feature
After 4 years of planning and at least two of development, we finally have a first pass on in-place resource scaling for Pods. This PR implements the core resizing features and some related API handling. The main feature is pretty straightforward, you can now edit the resources:
map on an existing container and rather than an API error, Something™ will happen. Upon seeing a resize request, the Kubelet will spring into action and check if the node has sufficient resources to meet the new request. If so, it will set the Status.Resize
field to InProgress
and get on with the CRI calls and other internal bookkeeping updates. If the new sizes don't fit, other status flows are started but all with the same overall goal to try and provide the requested change if possible. There is also a new per-resource resize policy field which can be set to RestartNotRequired
(the default) to say that a restart isn't needed (however some runtimes may still have to do one anyway) or Restart
to force the container down and back up (for example with a Java app where the -Xmx
heap size flag needs to be recalculated).
One feature notably absent for now is resize-driven eviction. The Kubelet won't handle it automatically for now, but if an external system does the Pod removals it will react appropriately. This is planned for future discussion along with more workflow improvements and integration with Pod-scoped resources as that feature develops.
#115979: Introduce CLI for ApplySet-based pruning
The --prune
mode was added to Kubectl way back in 1.15. Back in 2019 it was hoped that the feature could be implemented in a simple and minimalist fashion. Sadly as with so many things, the simple approach turned out to be full of difficult edge cases and stumbling blocks for users. To help get things back on track, a new tracking mechanism has been added to power it called Applysets. An applyset tracks which objects are part of which named set so that a future kubectl apply
of that set can efficiently and correctly handling pruning. Each applyset is tracked as an API object (a Secret by default) with all the metadata needed for doing the prune-tracking without killing performance. This is similar essence to Helm manifest objects, though with a very different, substantially streamlined implementation. This new applyset format is also laid out as a community standard so that other tools such as Helm or KPT can interoperate with them.
For now this feature is behind an alpha flag, export KUBECTL_APPLYSET=true
to play with it. You'll need to provide a unique applyset name as well as enabling pruning mode if desired.
Other Merges
- Allow indexed Jobs to be scaled up and down
- KMS2 Updates: local KEK generation, add a latency metric and invalid key metric, add a mock reference implementation, log metadata
- Add a rate-limited requests API group
- Implement an OpenAPIv3 Root interface
- POC for partitioned watchers feature
--config
flag is optional for kubeadm- Add another way to cancel watchers, and catch unset RVs, and even terminate watch with rate limiting
- You can modify schedulingGates for suspended jobs
- Clear
resource.claims
in PVC specs as N/A - Fix bug with Window proxy, ClusterIP, and ExternalTrafficPolicy
- Handle pods with duplicate addresses
- Fix fallback for legacy aggregated apiservers
- terminationGracePeriodSeconds starts at 1
- IPVS uses generic sets
- Rationalize lease wait time in client-go
Tons of Test Cleanup: implement private registry test images, fix Int types, fix and lint gomega usage, remove deprecated device test, remove vSphere variable, kubectl debug unit tests, drop TestListDeprecated, use OpenApi fake client, revise import restrictions, OOM-killed test
Promotions
- JobMutableNodeSchedulingDirectives to GA
- PodSchedulingReadiness to beta
- DownwardAPIHugePages to GA
- SeccompDefault to GA