March 29, 2022

LWKD: Week Ending March 27, 2022

Developer News

Now that Pod Security is a thing, E2E tests will be run under the restricted pod security level. If this breaks your tests, you may need to request a different level.

You also might need to rebase to master to pick up changes introduced for golang 1.18.

Etcd needs more reviewers/maintainers. If you have experience with the Etcd code, but have moved on to other things, consider coming back to help out the project.

Release Schedule

Next Deadline: Code Freeze, March 29th/30th

Code Freeze is coming. You should have everything approved/LGTMed by tomorrow (6pm Pacific/1am UTC), or punt it to 1.25. Exceptions are possible, but are not always granted.

Master Blocking is definitely better than last week, with just four flaky jobs -- kudos to Jordan Liggit and Eddie Zane for diagnosing the skew test failure.

Featured PRs

#99556: kubectl: support --subresource flag

The get, patch, edit, and replace Kubectl commands are all getting a --subresource flag to access things like /scale and /status. The latter especially is very helpful to operator developers who need to manually adjust a broken status value and previously had to use --raw mode.

#108073: Support CEL CRD validation expressions that reference existing object state.

Continuing the train of awesome CEL features, this week's is the ability to use oldSelf in Update validations to allow checking values on both the old and new data. As a simple example, checking oldSelf == self on a field allows for replicating partial immutability like we have in man core types. This opens up many options for out-of-core development!

#108717: Remove ClusterName

ObjectMeta has long had an unused ClusterName field. This was added long ago for some federation experiments and never cleaned up. Despite existing forever, it has been unwritable and thus always "" for the whole time. To move things forward on getting rid of it, the Go struct member (but not the JSON field name) has been change. This will make anything using that field fail to compile. If you find any such code and it actually depends on this field somehow, please contact SIG-APIMachinery as soon as possible.

Other Merges

• Much better & more configurable detection of local network traffic
• Check if you have certs signed with obsolete SHA-1 signatures
• kubectl -f works well with globs
• Create a KUBE-IPTABLES-HINT chain in iptables so that tools & users know which iptables mode is in use, as the first part of the general iptables cleanup; also straighten out user of internalTraffic vs. externalTraffic
• kubeadm checks for Etcd cluster inconsistency
• kubectl cp --retries accepts a negative value
• kubectl version will now display the version of the embedded Kustomize

Promotions

• CSIStorageCapacity.storage.k8s.io v1 to GA, along with the related CSIStorageCapacity feature flag
• ServerSideFieldValidation to beta and on by default
• OpenAPI Enums to beta, will be served by kube-apiserver by default

Deprecated

• apiserver_dropped_requests_total metric is deprecated