LWKD: Week Ending November 7, 2021
Developer News
The new Steering Committee members have been elected. Re-elected SC members Paris Pittman and Christoph Blecker will be joined by newly elected members Stephen Augustus and Tim Pepper. They will serve with the three continuing members for the 2021-2022 term. Thank you to Derek Carr and Nikhita Raghunath for their service to our community!
SIG-CLI is looking for feedback on the newly-merged kubectl alpha events
command. SIG Scalability co-chair Matt Matejczyk will be replaced by Marcel Zięba.
Release Schedule
Next Deadline: Code Freeze Nov. 16
1.23 is about to enter code freeze on the 16th. This means you want your PRs, particularly enhancement PRs, merged before then. Then you’ll need to immediately (by Nov. 18th) create a documentation stub PR for any docs required for your enhancement. So, maybe try to clear your calendar next week.
Cherry-picks for November’s patch release are due Friday.
Featured PRs
With code freeze looming, we’ve got a number of backwards-incompatible changes finally getting approved and merged. Many of these are relatively small or easy to understand but require action from the community so we’ll cover them quickly.
#106146: component-base: use stderr as default output stream for JSON
While text log output has always defaulted to stderr, until now the default for JSON-formatted structured output has been stdout. This has been corrected so everything matches, using stderr. If you do any output processing, especially on kubectl in scripts, you may need to update either your redirection code or your logging config.
#105648: GET should be transformed to watch in kube-Apiserver
Mostly this affects kube-apiserver metrics which include the request verb as a label. If you’ve got any alerts or dashboards that cared about GET requests they will no longer include GET-as-WATCH hits.
#105525: Wire contexts to Core controllers
This on affects internal APIs however if you’ve got a PR that touches a core controller, it may require a rebase. And if you make any future outbound calls from a core controller, make sure to pass through the context so it those can be cleaned up smoothly when the context is cancelled. If you’ve got any questions about how to work with Go’s context
system, please reach out to SIG-APIMachinery.
#94986: drop managed fields from audit entries
And finally a change that is backwards compatible but worth knowing about. There is now an omitManagedFields
boolean on both audit policies and individual rules (which overrides the policy-level setting). This defaults to false, meaning managedFields
is included however depending on your use case you may want to enable this. The managed fields tracking data gets very big and often makes logs and other traces difficult to read so if not using this data, maybe flip the switch once it’s available to you.
Other Merges
- kube-proxy should detect stale UDP connections better
- Make sure that pods get deleted from the scheduler cache
- Log verbosity & flushing can be configured in the kubelet config file
- Eliminate
sync_proxy_rules_iptables_total
off-by-one error - Clean up managed EndpointSlices when the Service changes
- Stop assuming SELinux is disabled
- You can use JSON or SMP patches for
--overrides
onkubectl run
andkubectl expose
Promotions
- Following on last week’s flurry of PRs, PodSecurity is beta and enabled by default
- CSIVolumeFSGroupPolicy is GA
- Admission duration metrics are GA, as are some scheduler metrics
Deprecated
- old cronjob controller, long deprecated, removed
- kubemark deprecates
--log-file
and makes it a no-op on 1.23
Version Updates
- go to 1.17.3 in 1.23
- Debian updates on default Kubernetes images: base to 1.9.0, iptables to 1.6.7, and setcap to 2.0.4; backported
- CoreDNS to 1.8.6
- structured-merge-diff to v4.2.0