LWKD: Week Ending March 6, 2022
Release Schedule
Next Deadline: Exceptions due, March 21st
While folks are working on features, CI signal has gotten worse. Currently there are 14 flaky jobs between master-informing and master-blocking, and there's even one failing master-blocking job. This is not a good trend. Please have a look at the problem tests and see if you can help.
The cherry-pick deadline for the next patch releases is March 11th.
Featured PRs
#108309: no auto-generation of secret-based service account token
As discussed a few weeks ago, the efforts to remove Secret-based storage of ServiceAccount tokens is continuing. Now ServiceAccount objects will not get a token generated an crammed into a Secret by default. This won't affect usage by Pods, which generate a bound token and store it only in-memory on the Kubelet/host-system, but if you are using service account tokens for things like remote access, you will need to make sure you set up your Secrets appropriately, by adding a "kubernetes.io/service-account.name"
annotation.
#108092: remove audit.k8s.io/v1[alpha|beta]1 versions
The older alpha and beta object versions of the audit log data format have been removed. This applies to both the file logging and audit webhooks. If you are still using them, upgrading to v1 should be relatively straightforward. Check for any usage of the removed ObjectMeta
or Timestamp
fields, switching to StageTimestamp
or RequestReceivedTimestamp
respectively.
Other Merges
- Add more CRD expression language functions, and prevent invalid self-references
- Select better hints for TopologyManager
- Don't update Endpoints if nothing has changed
- kubeadm dry run works with certificate files already present
kubectl version
won't take extra arguments- Better error message for missing CRDs
- Kubectl DiscoveryCache TTL defaults changed from 10 minutes to 6 hours
- HPA external metrics can bootstrap via the metrics API
- Fix CPU shares handling for Pods requesting more than 256 cores
Deprecated
- The apiserver's deprecated
--target-ram-mb
flag and the [--experimental-encryption-provider-config
flag] are removed - Deprecated ValidateProxyRedirects and StreamingProxyRedirects feature gates are removed
Version Updates
- konnectivity-client to v0.0.30; backported
- python-client v23.3.0 final is released
- CEL to v0.10.0