February 7, 2024

LWKD: Week Ending February 4, 2024

Last Week In Kubernetes Development

Week ending 2024-02-04

Developer News

Just thought of a topic for the Contributor Summit but missed the CfP for planned sessions? Add your idea to the Unconference voting issue. Planned session confirmations will be sent out later this month.

Prow is moving out of it's parents basement (i.e. k/test-infra) into its own repo.

Reminder: inactive org member cleanup

Release Schedule

Next Deadline: Enhancements Freeze, February 8th

Kubernetes v1.30.0-alpha.1 is live!

Enhancements freeze is now just a few days away. This is a final reminder is out! Prepare your KEPs for the Production Readiness Review. If you plan to implement any features, deprecations, or removals during the 1.30 release cycle, make sure to opt-in your KEP(s) before the Enhancements Freeze on February 8th.

Patch release cherry-pick deadline is February 9.

KEP of the Week

KEP-4192: Move Storage Version Migrator in-tree

Kubernetes heavily relies on consistently updating stored resource data for various maintenance tasks related to storage. This includes scenarios like transitioning from one storage schema version to another (for instance, moving from v1beta1 to v1) and updating encryption methods for data at rest. Currently, the common method for rewriting data involves issuing no-op update requests via kubectl get <resource> | kubectl replace -. However, this approach poses challenges, especially for resource-heavy entities like Kubernetes secrets, and requires automation due to the constantly growing number of resources needing migration.

During storage migration processes, conflicts during update requests can be safely ignored, and inconsistent continue tokens during paginated list operations are also deemed safe since the primary concern is rewriting data rather than how it's rewritten. This proposal seeks to simplify storage migrations for users by abstracting away these complexities.

This KEP was first released in v1.29 and is currently tracked for beta in the upcoming v1.30 release.

Other Merges

• --node-labels has been around for 28 releases, maybe it's not alpha anymore
• Code can traverse all waiting Pods in the scheduler, regardless of which profile they're waiting in
• Prevent race condition between kubelet and CSI external resizer
• No more pods that can't terminate because their volumes won't unmap
• Only try to reschedule failed storage pods if new PVs are available.
• Clean up orphan subpaths, even if they're not directories
• nominalConcurrencyShares can be zero
• Kubeadm: add more key encryption options, apply patches correctly to ConfigMap, check if node is control plane during upgrade
• Relocated the ServiceAccount token audit annotation
• Better CPU usage calculation on Windows
• APIserver audit log records decode time
• Make sure that ConfigMap and Secrets files get created despite a kubelet restart
• Testing: NodeLogQuery for Windows

Promotions

• CloudDualStackNodeIP is GA
• LegacyServiceAccountTokenCleanUp is GA

Version Updates

• Kernel Module Management to v2.0.1

Subprojects and Dependency Updates

• containerd to v1.7.13 update runc to v1.1.12 addressing CVE-2024-21626
• nerdctl to v1.7.3 update runc to v1.1.12 addressing CVE-2024-21626
• etcd to v3.5.12 Add livez/readyz HTTP endpoints and v3.4.30
• gRPC to v1.61.0fix aggregate cluster design and Add set min/max TLS version APIs to TLS credentials APIs for v1.59.4, v1.56.4, v1.49.4
• kops to v1.28.4 update containerd to v1.7.13 & runc to v1.1.12 addressing CVE-2024-21626 and v1.27.3
• kind to v0.21.0 patch CVE-2024-21626 and fix an issue with kind build node-image and docker 25.0.0+
• kubebuilder to v3.14.0 Support k8s 1.29