LWKD: Week Ending July 28, 2024
Week: 2024-07-28
Developer News
The legacy cluster jobs is dwindling, but not empty. Thanks to everyone who migrated their jobs, but please look at the remaining few; they will be deactivated this week to make way for the CI control plane post 1.31 release.
Registration for Kubernetes Contributor Summit (KCSNA 24) is live.
Release Schedule
Next Deadline: Tests Freeze, 31 July
We are in week 12 of the v1.31 release cycle and are two weeks away from the scheduled release date. Code freeze was last week and we are currently tracking 44 enhancements after code freeze. We received a total of 10 exception requests after code freeze, 9 out of which were approved.
We have a bunch of important deadlines this week, the docs freeze (30th July) and test freeze (31st July). Please make sure your PRs are ready in time for the deadlines! v1.31.0-rc.0 is also scheduled to be cut on 30th July. Read more about the state of the release and important upcoming dates here.
Featured PRs
#125663: # [KEP-4639] Add ImageVolumeSource API
While the API types were added a few weeks ago, this PR adds the implementation for the new image volume type. While this feature has existed in Docker for many years, and through CSI plugins for nearly as long, this will bring into Kubernetes core and make it much more accessible to users. The general idea is simple, mounting a container image into a path so they can be updated independently of the running container image. For example a machine learning service can load its model files from an image updated nightly without having to recertify the code, or a CI system can load tools from an arbitrary image without having to worry about specifics.
This uses the same image management systems as everything else in the Kubelet, so images will be cached and reused if desired, and pull credentials are used automatically:
volumes:
- name: tools
image:
reference: mytools:1.2.3
pullPolicy: Always # or IfNotPresent (optional)
#124012: # Coordinated Leader Election
The lease-based leader election framework built into Kubernetes has proven to be robust and powerful even in high-churn environments. What it isn't, however, is predictable. This can increase the stress of running control plane upgrades, especially during version changes in extremely-low-downtime situations. This PR extends the existing leader election system with a new mode, strategy: OldestEmulationVersion, which provides for a default-case behavior where leaders are selected based on "simple" criteria (specifically a cascading choice list based on the declared API emulation version, actual version of the server, and creation timestamp of a new LeaseCandidate object) so that during upgrade we minimize leader swaps and they can also be generally predictable. This is built on top of all the existing machinery, so if something does go very wrong, we'll still have that same robust safety we're all accustomed to, but with a much easier happy path.
KEP of the Week
KEP 2644: Honor Persistent Volume Reclaim Policy
This KEP introduces an enhancement to Kubernetes by ensuring that the PV reclaim policy is honored even if the PV is deleted before the PVC. For a bound PV-Persistent Volume Claim (PVC) pair, if the PVC is deleted before the PV, the reclaim policy is honored. However, if the PV is deleted before the PVC, the reclaim policy is not exercised, leaving the storage asset not removed.
This KEP is tracked for beta release in the upcoming v1.31.
Other Merges
- The
DisableKubeletCSRAdmissionValidationfeature gate renamed to AllowInsecureKubeletCertificateSigningRequests - Fix for kubelet cadvisor stats runtime panic
- Fixes to coordinated leader election controller unit tests
- LocalStorageCapacityIsolationFSQuotaMonitoring is false by default
- Go version reverted to v1.22.5
- ProcMountType to be disabled by default
- Resource health implemented in Pod status
- CRD validation rules support direct use of CEL reserved keywords
- RetryWatcher.Stop is idempotent to avoid causing panic when calling Stop multiple times
- partialSync implemented for kube-proxy nftables mode
- Bug fix for init containers with Always restartPolicy not terminating gracefully
- Fix for nodeNotReady in first sync period after kubelet restart
- Fix for kubelet not calculating process usage of pods correctly
- Validation for CABundle when writing CRDs
- New cluster events UpdatePodScaleDown and UpdatePodLabel for Pods implemented
- DRA resource quotas implemented
Promotions
- KubeletSeparateDiskGC to beta
- VolumeAttributesClass to beta
- JobSuccessPolicy to beta
- AppArmor to GA
- LocalStorageCapacityIsolation to beta
Deprecated
- kube-proxy's deprecated flag
--proxy-port-rangeremoved
Subprojects and Dependency Updates
- kops v1.29.2 support kube-controller-manager
- libcni v1.2.3 correct a divergence between the specification and libcni
- kubebuilder v4.1.1 new CLI option and allow access to underlying CLI command
- grpc v1.65.2