LWKD: Week Ending March 3, 2024
Last Week in Kubernetes Development
Week ending 2024-03-03
Developer News
All CI jobs must be on K8s community infra as of yesterday. While the infra team will migrate ones that are simple, other jobs that you don't help them move may be deleted. Update your jobs now.
Monitoring dashboards for the GKE and EKS build clusters are live. Also, there was an outage in EKS jobs last week.
After a year of work led by Tim Hockin, Go Workspaces support for hacking on Kubernetes is now available, eliminating a lot of GOPATH pain.
It's time to start working on your SIG Annual Reports, which you should find a lot shorter and easier than previous years. Note that you don't have to be the SIG Chair to do these, they just have to review them.
Release Schedule
Next Deadline: Test Freeze, March 27th
Code Freeze is now in effect. If your KEP did not get tracked and you want to get your KEP shipped in the 1.30 release, please file an exception as soon as possible.
March Cherry Pick deadline for patch releases is the 8th.
Featured PRs
#122717: KEP-4358: Custom Resource Field Selectors
Selectors in Kubernetes have long been a way to limit large API calls like List and Watch, requesting things with only specific labels or similar. In operators this can be very important to reduce memory usage of shared informer caches, as well as generally keeping apiserver load down. Some core objects extended selectors beyond labels, allowing filtering on other fields such as listing Pods based on spec.nodeName
. But this set of fields was limited and could feel random if you didn't know the specific history of the API (e.g. Pods need a node name filter because it's the main request made by the kubelet). And it wasn't available at all to custom type. This PR expands the system, allowing each custom type to declare selector-able fields which will be checked and indexed automatically. The declaration uses JSONPath in a very similar way to the additionalPrinterColumns
feature:
selectableFields:
- jsonPath: .spec.color
- jsonPath: .spec.size
These can then be used in the API just like any other field selector:
c.List(context.Background(), &redThings, client.MatchingFields{
"spec.color": "red",
})
As an alpha feature, this is behind the CustomResourceFieldSelectors
feature gate.
KEP of the Week
KEP-1610: Container Resource based Autoscaling
For scaling pods based on resource usage, the HPA currently calculates the sum of all the individual container's resource usage. This is not suitable for workloads where the containers are not related to each other. This KEP proposes that the HPA also provide an option to scale pods based on the resource usages of individual containers in a Pod. The KEP proposes adding a new ContainerResourceMetricSource
metric source, with a new Container
field, which will be used to identify the container for which the resources should be tracked. When there are multiple containers in a Pod, the individual resource usages of each container can change at different rates. Adding a way to specify the target gives more fine grained control over the scaling.
This KEP is in beta since v1.27 and is planned to graduate to stable in v1.30.
Other Merges
- Tunnel kubectl port-forwarding through websockets
- Enhanced conflict detection for Service Account and JWT
- Create token duration can be zero
- Reject empty usernames in OIDC authentication
- OpenAPI V2 won't publish non-matching group-version
- New metrics: authorization webhook match conditions, jwt auth latency, watch cache latency
- Kubeadm: list nodes needing upgrades, don't pass duplicate default flags, better upgrade plans, WaitForAllControlPlaneComponents, upgradeConfiguration timeouts, upgradeConfiguration API
- Implement strict JWT compact serialization enforcement
- Don't leak discovery documents via the Spec.Service field
- Let the container runtime garbage-collect images by tagging them
- Client-Go can upgrade subresource fields, and handles cache deletions
- Wait for the ProviderID to be available before initializing a node
- Don't panic if nodecondition is nil
- Broadcaster logging is now logging level 3
- Access mode label for SELinux mounts
- AuthorizationConfiguration v1alpha1 is also v1beta1
- Kubelet user mapping IDs are configurable
- Filter group versions in aggregated API requests
- Match condition e2e tests are conformance
- Kubelet gets constants from cadvisor
Promotions
- PodSchedulingReadiness to GA
- ImageMaximumGCAge to Beta
- StructuredAuthorizationConfiguration to beta
- MinDomainsInPodTopologySpread to beta
- RemoteCommand Over Websockets to beta
- ContainerCheckpoint to beta
- ServiceAccountToken Info to beta
- AggregatedDiscovery v2 to GA
- PodHostIPs to GA
Version Updates
Subprojects and Dependency Updates
- kubespray to v2.24.1 Set Kubernetes v1.28.6 as the default Kubernetes version.
- prometheus to v2.50.1 Fix for broken /metadata API endpoint