LWKD: Week Ending January 7, 2024
Last Week in Kubernetes Development
Week Ending January 7, 2024
Developer News
Kubernetes Contributor Summit Paris will happen on March 19, 2024. The CfP for planned sessions is open; submit to schedule your presentation, discussion, or SIG meeting now.
SIG-Release has shared their 2024 Roadmap.
Release Schedule
Next Deadline: Production Readiness, Feb 1st
The 1.30 release cycle has begun. Release lead Kat Cosgrove announced a few changes this release including consolidating some roles. Here's the key dates for 1.30:
- Start of Release Cycle: 08 January 2024
- Enhancements Freeze: 09 February 2024
- Code Freeze: 06 March 2024
- Docs Freeze: 26 March 2024
- Release Day: 17th April 2024
The cherry-pick deadline for the next set of patch releases is January 12.
Reminder: the old repositories for official packages have been retired and new patched versions are available only from pkgs.k8s.io. Please update your config management.
Featured PRs
#122558: Use http/2 for localhost webhook
Back in 2019, some issues were brought up with allow HTTP/2 for webhook connections. Because HTTP/2 uses persistent, multiplexed connections, once the connection is up all requests will be sent to the same server. This interacted very poorly with load-balancers, leading to highly asymmetric traffic patterns. To fix this, admission webhooks were limited to HTTP/1.1, but this unfortunately removed the performance benefits of persistent connections. This PR reverts things for the specific case of sending requests to localhost. Anything set up that way isn't getting load-balanced regardless, so it's safe to allow HTTP/2 again. This follows the usual connection upgrade process so it will only affect servers which want to offer it, but if you've left support in any DaemonSet-style admission webhook services then be sure to test them out!
#119968: Replace stat syscall with statx
The statx() syscall was added in Linux 4.11 as an upgrade for the venerable stat(). It provides a similar function, give it a path and get back information about whatever that points to. While plain stat() is still fit for most purposes, this PR shows a case where the upgrade was warranted. If working with remote file systems which are non-responsive or otherwise unavailable, a stat()`` check can hang indefinitely.statx(), on the other hand, offers a flag (AT_STATX_DONT_SYNC`) to request the kernel not do that and just return as quickly as possible. A nice upgrade for those using NFS and a good lesson for us all in using newer technology when appropriate.
KEP of the Week
KEP 3157: Allow informers for getting a stream of data instead of chunking
This KEP aims to address a critical issue in kube-apiserver, where uncontrolled memory consumption during LIST requests leads to potential disruption in larger clusters. The primary problem arises from the unpredictable memory usage of LIST requests, causing memory explosions and, in extreme cases, server failure. The proposal suggests a solution to protect kube-apiserver and its node from list-based Out-of-Memory (OOM) attacks. This approach aims to make memory consumption more predictable and constant. The plan involves changing informers to establish a WATCH request with a new query parameter, computing the Resource Version (RV) to ensure consistency, and sending a stream of individual objects. The proposal also emphasizes the importance of beta metrics, implementation in kube-apiserver and kube-controller-manager, and ensuring backward compatibility.
This KEP was created in 2022, and is planned to reach it's beta milestone in v1.30 release.
Other Merges
- Add an interactive mode for kubectl config set-credentials
- Dims created a list of all images used by our E2E tests
- Use HTTP2 for localhost webhooks
- Make PreFilter node rejection and Preemption play nice together
- Kubeadm will handle unmount errors better
- Prevent startup crash with EventedPLEG enabled
- Validate Volume Attribute objects as well as classes
- Use correct build tags for kube-proxy
- Move the EncryptionConfiguration code
- Fix kubelet tracing, broken since 1.28
- Windows credential provider finds its executable again
Deprecated
- Remove obsolete script
hack/verify-govet-levee - ConsistentHTTPGetHandlers is set to default and will be removed in 1.31
- Remove the AzureFile in-tree storage plugin in favor of CSI
- GA Feature Gates being removed: RemoveSelfLink, LegacyServiceAccountTokenTracking, KubeletPodResourcesGetAllocatable, ExpandedDNSConfig
- Warn users about the "Recycle" reclaim policy, deprecated since 2018 but somehow still around
Version Updates
Subprojects and Dependency Updates
- python-client to v0.29.0 Fix UTF-8 failures in Watch and fix upper version boundary of urllib3
- csi-driver-host-path to v1.12.1 Fix missing published target paths when republish the ephemeral volume