LWKD: Week Ending November 21, 2021
Developer News
Registration is open for the Contributor Celebration. Join us for end-of-year fun with your peers.
Since Tim Pepper was elected to Steering, he has stepped down from the Code of Conduct Committee and Carlos Panato has taken his place. Steering Liaisons for SIGs are also changing. Steering and CoCC have also jointly made it clear that nobody is above the Code of Conduct.
Release Schedule
Next Deadline: Docs PRs, release blog ready for review, Nov 23
It's Code Freeze! So a ton of things are happening this Tuesday, just before the Americans all vanish into food comas. Both the Doc PRs and the Release Blog draft should be ready to review. Release candidate 0 will be released. Test jobs will fork, and the Release team will start watching the Release-1.23 jobs instead of Main. If you are on Family Time this week, don't forget that any Feature Blog articles are due next Tuesday.
Also, 1.23 beta 0 was released last week.
Patch Releases: 1.20.13, 1.21.7, and 1.22.4 are out, including fixes for EndpointSlice mirroring, API panics, iptables regressions, and too many disk mounts on Windows.
Featured PRs
#106448: Use golangci-lint for staticcheck
We're fully switched over to golangci-lint for our staticcheck
plumbing, instead of our very funky shell script wrapper. This means slightly different code annotations for skips and some upgrades for an improved version of the linter. Please do make sure you clean up any pending PRs for the new rules! This also adds a config file structure to make it easier to slowly roll out additional linters. If you're interested in that, please reach out to SIG-Testing (though maybe wait until after 1.23 is a bit more stable).
#106501: Make CRI v1 the default and allow a fallback to v1alpha2
CRI v1 was first released with Kubernetes 1.20 and is now the default for talking to plugins, though the kubelet will automatically try the previous alpha version (there was never a beta release of CRI) automatically to allow for a smooth transition. CRI v1 is supported by CRI-O 1.21+ and is already merged for the upcoming Containerd 1.6. This is not expected to be a compat-impacting change however as with any major codepath alteration, test things to be sure.
#106051: Feature implementation: Validation rules for Custom Resource Definitions using the CEL expression language
We highlighted this one back when discussing KEPs but it's now actual code! To summarize the feature: you can define CEL expressions on any schema node in a Custom Resource Definition using x-kubernetes-validations
. These expressions will be run on create/update like other validations. Each rule expression can access only the data in or below the node it is defined on, as well as a limited set of global values (apiVersion
, kind
, metadata.name
, metadata.generateName
). CEL does support simply loops and branching however overall runtime is constrained to avoid runaway complexity explosions (will return an HTTP 408 response).
As an example for the fairly common case of requiring one and only one mode sub-struct to be configured:
x-kubernetes-validations:
- rule: "[has(self.mode1), has(self.mode2)].exists_one(m, m)"
message: You must configure mode1 or mode2
This will potentially simplify and speed up many operators which previous used webhooks for these kinds of validations. It won't cover every use case but give them a try!
CSI Migration Updates
And finally we have some forward progress on CSI migrations! Both AWS and GCE have flipped the migration switch by default so those in-tree drivers will be disabled now (but you can re-enable them for a short time longer if needed). Portworx and Ceph RBD are both set up for transition, with the in-tree plugins still enabled for now, and you can disable them once you've migrated to avoid conflicts.
Other Merges
- The API server can enable OpenAPI v3 for discovery
- PVCs created for StatefulSets can be auto-deleted
- Graceful Node Shutdown allows configuring Pod shutdown timeouts based on priority values
- Server-side schema validation has
strict
andwarn
modes - Readiness and liveness probes support gRPC checks using the gRPC Health Checking Protocol
kubectl wait
can wait on any arbitrary JSON pathkubectl describe namespace
prints Conditions- Recover from volume expansion failure
- Scheduler config has a MultiPoint field for global plugins
- kubelet logs are all migrated to structured mode
- Don't count unready endpoints for the topology cache
- An API warning about CRON_TZ/TZ, per issue reported last week
--register-with-taints
is now a KubeletConfig option- If
kubectl port-forward
errors, disconnect and exit - If an init container gets OOM-Killed, don't start the pod
- Kubelet garbage collection won't remove pinned images as indicated by the CRI plugin
Promotions
Deprecated
- Deprecated kubectl flags show as "DEPRECATED" in help
- "ignore errors" is the default for drain, so the flag is deprecated
Version Updates
- CRI v1 is now Kubernetes default, with fallback to v1alpha2 if your runtime doesn't support it
- etcd to v3.5.1