LWKD: Week Ending June 23, 2024
Last Week In Kubernetes Development
Week of 2024-06-23
Developer News
Reminder: all jobs on the old test cluster must migrate or die by August 1. Here’s a table of unmigrated jobs. While you’re at it, start working on using --label-filter
to revise how Prow runs your tests.
Release Schedule
Next Deadline: Docs Deadline for placeholder PRs, June 27th
The code freeze deadline has been extended from July 10th to July 24th, adding 2 weeks of time in lieu of the US holidays.
Featured PRs
#125560 Add field management support to fake client-go typed client
This PR introduces a new feature by adding field management support to the fake client-go typed client. This enhancement allows developers to use fake.NewClientset()
instead of fake.NewSimpleClientset()
to create a clientset with managed field support. This improvement addresses issue where Server-Side Apply (and fieldmanagement) was missing in client-go/fake and is crucial for more accurate testing and simulation of Kubernetes API server behaviors in client-go. It ensures that the fake client mimics real client behaviors more closely, benefiting developers who rely on it for unit testing. For more details, refer to kubernetes/client-go#1184 and #99953.
KEP of the Week
KEP 4193: Bound service account token improvements
This (KEP) aims to bind Pod’s associated Node information into Kubernetes service account tokens, enhancing their security and traceability. By embedding the Node’s name and UID into the JWT tokens and including unique identifiers (JTIs), the KEP ensures robust identity verification and improves auditability. This includes extending the TokenRequest API to bind tokens to Node objects and modifying the TokenReview API to validate these tokens. These changes support mitigating replay attacks and improving the overall security posture of Kubernetes clusters by providing a clear, traceable link between tokens and their originating Node objects.
This KEP is tracked for beta release in the upcoming v1.31.
Other Merges
KUBE_EMULATED_VERSION env added to set emulated version of apiserver
Publishing rules to use go1.22.4 for all branches
Add Extra.DisableAvailableConditionController for Generic Control Plane setup in kube-aggregator
kubeadm adds the ControlPlaneKubeletLocalMode feature gate for running kubeadm with local kube-apiserver
Skip updating Pods which are in the scheduling cycle when SchedulingQueueHint is enabled
kubeadm allows usage of –yes flag with the –config flag
The .status.ready field is tracked faster when active Pods are deleted, specifically when a Job is failed
kubectl describe service now shows internal traffic policy and IP mode of a load balancer serivce
Improve memory usage of kube-apiserver by dropping the .metadata.managedFields field
Fix null lastTransitionTime in Pod condition when setting scheduling gate
Promotions
ConsistentListFromCache to beta
HonorPVReclaimPolicy to beta
LogarithmicScaleDown to GA
RecursiveReadOnlyMounts to beta
Deprecated
Deprecated kubectl exec command execution without dash removed
Version Updates
Subprojects and Dependency Updates
Kernel Module Management v2.1.1: normalize kernel versions, stop no-op controllers
cni v1.2.1: fix faulty json marshal behavior for embeds types
csi-driver-host-path v1.14.0 replace socat image with hostpathplugin image
prometheus v2.53.0: change GOGC threshold from 100 to 75; also v2.45.6