LWKD: Week Ending May 14, 2023
Developer News
The Registry team found and fixed a security issue. Thank you Nicolas Chatelain for reporting it.
Reminder that you should be using registry.k8s.io for all community container images.
Release Schedule
Next Deadline: Production Readiness Freeze, June 8th
We are now officially in the 1.28 cycle, and Release Lead Grace Nguyen has a "sneak peek" for you. That also means that the Enhancements deadlines are coming soon (PRR: June 8, Enhancements: June 16); if you've forgotten how this all works, Atharva Shinde has a primer. Short Version: decide what you'll finish for 1.28 in the next 3 weeks.
Patch releases for all supported versions are expected out this Wednesday.
Featured PR
#117547: Return dynamic RetryAfter header from APF
The API Priority and Fairness system, APF for short, exists to help ensure we maintain quality-of-service for kube-apiserver clients. There's a lot of very complex rules and configurations for this but in the end it boils down to rejecting some API requests when the server is overloaded, ensuring there's available capacity for important clients. These rejected requests include a Retry-After response header to guide the clients, indicating how many seconds to wait for before trying the request again. Previously this was a hard-coded 1 second, technically something but not the most helpful things could be. This PR upgrades things so the delay is tracked over time, based on the current volume of requests at that priority level. So it will start at 1 second and increase along with the server load. If you aren't already respecting this header in your Kubernetes API client code, now is a great time to start!
Other Merges
- Only set hostPorts when a pod is actually being created; optional feature gate if you need to revert the behavior (and please report it)
- Allow setting prerelease versions at runtime to skip unnecessary rebuilds
- Revert the new shortnames pending a review of potential collisions and other API issues
- Fall back to OpenAPIv2 if the v3 doc is broken (backported)
- New Metric: client-go cache size
- If you try to roll out a zero-resource deployment, kubectl will let you know
- Skip InterPodAffinity scoring when unneeded
- Kubeadm makes etcd node removal idempotent, and adds some etcd client unit tests
- Fix tracing race condition in utils
- Scheduler runtime uses contextual logging
- cpuset is now in utils so that it can be vendored
- Make sure that deprecated event reporting fields in the API still have values
- Don't start informers if no scheduler leader is elected
Test Cleanup: image builds for Mac, remove v1 pod dep, deflake TestFormat. log format registry, scheduler performance
Deprecated
- Deprecate the group generation scripts in code-generator, thanks to Tim Hockin refactoring; use
kube_codegen.shinstead - Remove deprecated node/v1beta1 API