LWKD: Week Ending March 27, 2022
Developer News
Now that Pod Security is a thing, E2E tests will be run under the restricted pod security level. If this breaks your tests, you may need to request a different level.
You also might need to rebase to master to pick up changes introduced for golang 1.18.
Etcd needs more reviewers/maintainers. If you have experience with the Etcd code, but have moved on to other things, consider coming back to help out the project.
Release Schedule
Next Deadline: Code Freeze, March 29th/30th
Code Freeze is coming. You should have everything approved/LGTMed by tomorrow (6pm Pacific/1am UTC), or punt it to 1.25. Exceptions are possible, but are not always granted.
Master Blocking is definitely better than last week, with just four flaky jobs -- kudos to Jordan Liggit and Eddie Zane for diagnosing the skew test failure.
Featured PRs
#99556: kubectl: support --subresource flag
The get
, patch
, edit
, and replace
Kubectl commands are all getting a --subresource
flag to access things like /scale
and /status
. The latter especially is very helpful to operator developers who need to manually adjust a broken status value and previously had to use --raw
mode.
#108073: Support CEL CRD validation expressions that reference existing object state.
Continuing the train of awesome CEL features, this week's is the ability to use oldSelf
in Update validations to allow checking values on both the old and new data. As a simple example, checking oldSelf == self
on a field allows for replicating partial immutability like we have in man core types. This opens up many options for out-of-core development!
#108717: Remove ClusterName
ObjectMeta has long had an unused ClusterName
field. This was added long ago for some federation experiments and never cleaned up. Despite existing forever, it has been unwritable and thus always ""
for the whole time. To move things forward on getting rid of it, the Go struct member (but not the JSON field name) has been change. This will make anything using that field fail to compile. If you find any such code and it actually depends on this field somehow, please contact SIG-APIMachinery as soon as possible.
Other Merges
- Much better & more configurable detection of local network traffic
- Check if you have certs signed with obsolete SHA-1 signatures
kubectl -f
works well with globs- Create a KUBE-IPTABLES-HINT chain in iptables so that tools & users know which iptables mode is in use, as the first part of the general iptables cleanup; also straighten out user of
internalTraffic vs. externalTraffic
- kubeadm checks for Etcd cluster inconsistency
kubectl cp --retries
accepts a negative valuekubectl version
will now display the version of the embedded Kustomize
Promotions
- CSIStorageCapacity.storage.k8s.io v1 to GA, along with the related CSIStorageCapacity feature flag
- ServerSideFieldValidation to beta and on by default
- OpenAPI Enums to beta, will be served by kube-apiserver by default
Deprecated
apiserver_dropped_requests_total
metric is deprecated