LWKD: Week Ending July 9, 2023
Last Week in Kubernetes Development
Week Ending July 9, 2023
Developer News
LWKD is looking for new/additional writers. We would love to have more folks who can help us produce LWKD, and add important coverage for Kubernetes developers, such as current KEPs or Kubernetes subprojects; volunteer on those issues.
Release Schedule
Next Deadline: Feature Blog Freeze, July 10
Monday was the deadline for Exception Requests; hope you didn't miss it. You also need your blurbs for the Feature Blog prepared this week, and next week begins Code Freeze.
Patch releases for all supported versions are expected out this Wednesday. This will be the last patch set for 1.24; if you are still using 1.24, plan your upgrade now.
Featured PRs
#116429: Add SidecarContainers feature
There have been many feature proposals under the banner of "official support for sidecar containers" but one has finally landed. As so often happens with contentious design areas, this proposal and PR takes a more minimalist stance on things. The core of the new feature is that if you add restartPolicy: Always to an init container, rather than the usual behavior of running to completion before the next init container launches it will just be left running until the pod is terminated. The KEP describes the future goals, to hopefully be merged as the feature progresses through our usual cycle, with the next big thing being support for lifecycle hooks and probes as with normal (non-init) containers.
The main obvious use case for this feature is tools like service meshes where a proxy daemon should be up before anything else and stay up until all related processes are gone. This has always been a bit dicey with the proxy running as a normal secondary container, as there wasn't an easy way to ensure it would start first and PostStart lifecycle hooks could get fairly complex and situational. Another predicted use case is parallelizing complex initialization steps, running the steps until completion and then signaling the main container to start and sleeping forever.
If you've got anything in your stack you would call a "sidecar", it's definitely worth a look to see if this new feature can help streamline thing. And if you interact with the Pod state machine at all, get ready to consider some new edge cases!
#116720: Remove long/golang version information making short the default
A relatively standard post-deprecation cleanup but potentially one that may still catch folks unawares. Back in 2022, we deprecated the "long" kubectl version output. You know the one, the raw version.Info{...} struct output that made sense to Ge developers but no one else. It has now been fully removed in favor of the (until now) --short output which is much more user friendly. If you've been parsing out the Go struct data in some bash regexes for a funky script somewhere in a corner, now is a good time to dust it off and switch to kubectl version --output=json | jq ... instead.
Other Merges
- User namespaces support stateful pods and volumes
- Allow parallel creation of StatefulSet Pods
- kubectl: parallelize diffs, allow waits on valueless JSONpaths, clean up flag code
- Metrics: force detach controller includes a reason, add
apiserver_flowcontrol_current_executing_seats, increase bucket size for request_filter and request_wait, add plugin_evaluation_total, client DNS latency - Remove all pod finalizers before declaring the Job done (backported)
- Storage: add ServedVersions to API, refactor REST storage IP range code
- Scheduler: register plugin Permit failures, and Reserver failures, make sure handlers sync before scheduling
- kube-proxy: validate IP family, add number of endpoints to header
- APF: quesets handle limit exemptions
- DRA: Deallocate unused ResourceClaims, both for pods that didn't run and delated allocation pods that have stopped
- Improve kubectl's ability to display localized messages
- Better API discoverability for
apiservices.apiregistration.k8s.io - kubeadm: custom environments for the control plane
- Skip podTopologySpread scoring when not touching the pod
- Jobs: add creation timestamp annotation
- Paginate large collections for DeleteCollection
- Warn if ImagePullSecrets doesn't exist
- Don't re-apply log configurations multiple times
- Contextual Logging Migration: miscellaneous controllers, endpoint controllers
- AuditEvents get context
Testing Cleanup: PSa labels in all tests, remove unused GCP test, verify-master fix, kubeadm migration, watch storage, delete NetworkPolicy tests, kubeadm DNS, TestPerPodSchedulingMetrics, storage cache test, scheduler performance, add levelrestricted test, OIDC integration
Promotions
Deprecated
- Scheduler CLI flags around locking have been deprecated, in favor of "leader election" flags
- KMSv1 is deprecated, move to KMSv2
- Stop checking for kubeproxy versions before 1.7 in gcp-cloud-provider
- CSI-migration feature gate is removed and the feature is enabled
Version Updates
- go to 1.20.5 in 1.24, 1.25, and 1.16
- KubeVirt is 1.0