June 13, 2023

LWKD: Week Ending June 11, 2023

Developer News

Please migrate your test jobs off the old Prow Default Cluster as soon as you can, please.

The Kustomize Project is looking to train new maintainers; apply if you love Kustomize and you can spend some serious time on it.

The Kubernetes Contributor Summit Chicago is looking for event volunteers to help run the Summit. Note that you must be a Kubernetes contributor to be eligible.

Release Schedule

Next Deadline: Enhancements Due, June 16th (01:00 UTC)

Hopefully you opted in your Enhancements for Production Readiness Review, so by this Thursday you’ll have a completed, or at least in-progress, PRR. If not, you’re going to need to seek an Exception.

Patch releases, including a go version bump are expected out this Wednesday.

Featured PRs

#114394: Document versioning of CRI API

SIG-Node has added some documentation to k/k to clarify how CRI as a library and standard will be versioned over time, and how Kubernetes should interact with it. This solidifies the use of SemVer in a similar way as Kubernetes itself and a similar N-3 version skew compatibility rule. It also includes a changelog back through CRI v1 being introduced in Kubernetes 1.20. For both developers and CRI admins, this document is well worth a read to better understand the goals for how CRI will evolve over time.

#117793: use the cgroup aware OOM killer if available

Support for cgroups v2 went GA back in 1.25 but one new feature we haven’t previously made use of is the cgroup-aware OOM support added in kernel 4.19. In short, this mode means that if any task in a cgroup is selected for OOM termination, the whole group is terminated. This avoids common issues with things like forking web servers where a subprocess inside the container OOMs but Kubernetes is unaware of this because PID 1 keeps running. Some tools handle this internally but most don’t and either blindly retry the failing operation or, in the worst cases, corrupt some internal state.

Other Merges

• The number of concurrent Cronjob workers is admin-configurable
• CRI-streaming is now part of the Kubelet staging repo
• Job status updates are batched every 1s to prevent update storms
• PodReadyToStartContainers is the new PodHasNetwork
• SelectHost highest-scoring node using heap, so that we can report the selection details
• kube-proxy: Don’t drop packets when enabling LocalModeNodeCIDR, and more network detection cleanup
• Overhaul how the EtcdOptions config and kube-apiserver as well
• Set the CloudDualStackNodeIPs annotations correctly
• New metrics: webhook conversion
• rest.DefaultServerUrlFor is reusable now for easy URL generation
• If we’re gonna list a ton of volumes in an error message, sort them
• Contextual logging migration: inter-pod affinity

Testing Cleanup: changed behavior of master taint, cleanup cacher testing, DRA node tests

Promotions

• podFailurePolicy is beta

Deprecated

• --azure-container-registry-config is deprecated; use Credential Providers instead
• In-tree CephFS Driver is deprecated
• Unused function getSeccompProfilePath is gone
• Kubelet’s --provider-id flag has been un-deprecated; we need it after all

Version Updates

• New Go versions: 1.19.10 in 1.24, 1.25, and 1.26; verson 1.20.5 in 1.27 and 1.28
• distroless-iptables image to v0.2.5
• Kernel Management Module is v1.1.0
• Python client is 27.2.0