LWKD: Week Ending November 12, 2023
Last Week in Kubernetes Development
Week ending Nov. 12, 2023
Developer News
The Kubernetes Contributor Summit in Chicago is concluded! Contributors lucky enough to make it had a great time, including more than 2 dozen sessions, a social, and best of all contributor awards.
Contributor Summit Europe is looking for volunteers.
Etcd is now officially a SIG, rejoining Kubernetes after four years apart. Tim Hockin and Patrick Ohly have proposed a DRA Working Group.
The four prior leads for ContribEx have retired, being replaced with new leads Nabarun Pal, Kaslin Fields, Priyanka Saggu, and Madhav Jivrajani. Dan Winship has joined SIG-Network as a Tech Lead.
Following up on the WG-LTS session at KCS, the LTS Survey is still open.
Release Schedule
Next Deadline: Draft Doc PRs and Major Themes due, Nov. 14
We are more than halfway to the release, with 46 tracked enhancements. Your SIG should be working on any feature blogs, and discussing what "themes" to feature in the Release Notes.
Featured PRs
#121837: kubeadm: change SystemPrivilegedGroup in apiserve-kubelet-client.crt
This PR fixes a bug where the "system:masters" group was being used in the apiserve-kubelet-client certificate specification. This group is too privileged and should be used less frequently. It also changes the group to "kubeadm:cluster-admins" which is a less privileged group. This group is still able to perform all of the necessary tasks, but it does not have the same level of access as the "system:masters" group.
Furthermore, It also adds a test to ensure that the "kubeadm:cluster-admins" group is always present when the certificate is updated or regenerated. This will help to prevent the problem of the certificate being updated to use the "system:masters" group if the "kubeadm:cluster-admins" group is not present.
KEP of the Week
KEP 2400: Node system swap support
This KEP adds support for Kubernetes nodes to use swap memory on Linux. Kubernetes didn't support swap memory before this KEP since accounting for pod memory utilization becomes difficult when swap is involved. This KEP proposes to add support to swap so that kubelet can run with swap on, when running on Linux systems with swap memory provisioned. By default the swap would be set to 0 for all Kubernetes workloads. The KEP also proposes configurations options to set swap utilization for entire nodes. The authors also recommend using encrypted swap for security, since there is a chance for Kubernetes secrets to get swapped out to the disk. Enabling encryption for swap needs to be done from OS configuration and is outside the scope of the kubelet.
This KEP is currently in alpha state and was first released in v1.22. Getting it to Beta has been slow because of multiple performance issues and bugs; if you know Linux memory management, consider helping out.
Other Merges
- Allow SchedulingGates and EnqueueExtensions to be empty, preventing a performance regression
Version Updates
- Golang to 1.21.4 in 1.29, and 1.20.11 in older versions