LWKD: Week Ending January 30, 2022
Developer News
The main cert-manager repo will be migrating to cert-manager/cert-manager on Feb. 2. The standard GitHub redirects will be in place but if you import from cert-manager in third-party code, you should update the repo path in your code when you get a chance. Container images and helm charts will not move.
Jordan Liggit updated the Kubernetes deprecation policy to reflect actual practice. The new policy makes it clear that Kubernetes does not deprecate Stable APIs within a major version.
Release Schedule
Next Deadline: Enhancements Freeze, Feb. 3
Enhancements Freeze is only a few days away. If you're planning a significant feature for 1.24, it should be on the tracking spreadsheet. The CI Signal Report documents a few flakes.
Release Engineering published an emergency extra update to 1.23 (1.23.3) last week to fix a regression. Users who use CRDs that rely on x-kubernetes-preserve-unknown-fields: true
should avoid 1.23.0-2, or update to 1.23.3 immediately.
Featured PRs
#107507: Add configuration point to SharedInformer to transform objects before storing
SharedInformers sit at the heart of most controllers, in-tree and community operators alike. This caching design has been hugely beneficial for performance but "keep all objects in memory" has some sharp resource-usage downsides. This has been compounded lately as more and more things switch to using Server Side Apply and the managedFields
data on many objects grows substantially. A new transformer system has been added to tweak objects between being received from the API watch and being added to in-memory cache. The primary use case is nulling out unused fields however it was built generically as other uses may arise over time. As support drifts down into the various controller helper libraries, this stands to substantially reduce the memory usage of many controllers.
#107470: Optimize cronjob controller status updates
This PR is a great example of minimizing writes from a controller. API writes are limited and valuable resource at scale and this change both batches multiple previous requests into one and ensures it only happens at all if an update is needed. This is a good reminder to check through the requests your controllers and controller-a-likes make and try to do similar optimizations if you can.
Other Merges
- If unmount stalls, mark device "uncertain"
- Describe the event when preemption fails
- Make sure that static pods restart correctly
netexec
in our test framework can retrieve arbitrary header values for your enhanced testing- E2E tests should wait for the root CA to be created
- Updates to Services stop throwing a bogus clusterIP error
- Auto-renewal for bound ServiceAccount tokens will only happen for apiserver-facing tokens
Deprecated
- As planned, DynamicKubeletConfig is removed from 1.24