LWKD: Week Ending January 22, 2023
Developer News
The new usage metrics project is launched, and already has a testgrid
SIG Security wants to know if you’re interested in a Threat Modeling Workshop at either Contributor Summit this year.
The future of the monthly Community Meeting is unclear; please provide your insight.
If you’re a SIG Lead, remember that Maintainer Session proposals for Kubecon Amsterdam are due this Friday. If you’re not a lead, but have an idea, tell your SIG lead about it!
Release Schedule
Next Deadline: Begin PRR reviews, February 2nd
It’s still heavy development time.
Patch releases 1.26.1, 1.25.6, 1.24.10, and 1.23.16, are out and include updates to Golang, which fix known security holes came out last week. These fix multiple important bugs, and critically upgrade old versions to Go 1.19 to close security holes. Note that 1.22 is now EOL, so it does not have those security fixes; either upgrade now or get them from distro.
Featured PRs
Code Generation Overhaul
Tim Hockin has merged a whole series of PRs to upgrade and improve our automated code generation. This includes swagger code/data fixing the go_package in protobuf files, disabling clientset generation for “example” APIs used in tests, and removing orphaned generated code which was produced by long-since removed tools and thus hadn’t been updated in a long time. There’s even more PRs still pending so look forward to another wave of improvements in the coming days. All together this should both speed up codegen and future-proof our build tooling.
Other Merges
- IPVS can use any available scheduler
- Have the kubelet probe network connections hang around only for 1 second, leading to fewer ephemeral ports sitting around in TIME_WAIT
- Kube-proxy’s nodeport management refactored, and it accepts the logging feature gates
- Give the policy API a serialization version priority
- Clayton’s Wait function overhaul: Don’t return a cancellation object from
wait.ContextForChannel(), make internal functions private, and make BackoffWithContext actually context-aware - Take out the garbage in the pkg directory, and then move the validation files into
pkg/validation - Fix “too large resource version” API error
- Don’t run the InterPodAffinity Filter plugin for irrelevant pods
- Stop creating endpoints for ExternalNames
- SecretNames can be longer than 63 chars
- Kubelet and kube-proxy runtime log verbosity changes apply to JSON, too
- Identity lease labels are now
apiserver.kubernetes.io/identity - KMS2 checks data staleness
- The policy admission Validator is lock-free
- We can count more than 64 CPUs on Windows
- Refactor the CronJob controller to remove duplicate code
- If the NodeIP changes, Route controller will reroute
Test Cleanup: e2e tests can check “remains pending”, SELinux mount duplication test, use stdlib for roundtrip tests
Promotions
Deprecated
- AdvancedAuditing feature gate is forced on and will be removed next release