LWKD: Week Ending February 5, 2023
Developer News
The old image registry, k8s.gcr.io, will stop taking updates on April 3. As a contributor, you need to make sure that you’re pushing builds to registry.k8s.io and that any components that you call are pulling from the new registry. Users should also check any of their CI that pulls images.
The Kubernetes Java client is affected by CVE-2022-1471, a remote code execution. Update your Java client ASAP.
Release Schedule
Next Deadline: Enhancements Freeze, Thursday Feb. 9th
We’re in PRR soft freeze, so if your KEP is not yet ready for review, you’re at the end of the queue. You only have a couple days before Enhancements Freeze anyway, so get those KEPs in reviewable shape and opt in.
Cherry-picks for the next set of patch releases are due Friday the 10th.
Featured PR
#115377: Fetch go version using gimme if needed
Environment setup is always a complicated topic. This PR automates installing the correct version of Go using Travis’ gimme tool. They will get unpacked into .gimme in your build output folder, so this should be safe and do the correct thing in almost all situations. However if you want to make sure your system-level Go environment is used, export FORCE_HOST_GO=y. You may also want to check on your CI configuration, on one hand this will simplify CI setups but it will also potentially increase build times.
Other Merges
- Cloud provider node controller updates faster via the magic of parallel execution
- Cloud providers support log format options
- Dual Stack loadbalancers work on Windows again
- CEL admission controller code is more reusable
- Plug memory leak in SchemaHas
- Always update Indexed job status
- Make sure that node_stage_path gets set for devices
- New metrics: topology manager admission behavior, client-go request retries
- You can build TypeConverter directly from kube OpenAPI
- Quota monitoring survives restarts
Test Cleanup: StatefulSetOrdinal, MultiCIDRRangeAllocator, APIService lifecycle, encryption config reload
Promotions
- MinimizeIPTablesRestore to beta; some users will want to disable any iptables/proxy performance hacks they wrote themselves now
- ControllerManagerLeaderMigration is GA