October 11, 2023

LWKD: Week Ending October 08, 2023

Developer News

The EKS Prow build cluster has been successfully upgraded from Kubernetes 1.25 to 1.28.

The schedule for Contributor Summit Chicago is live. Please register.

Release Schedule

Next Deadline: Exception Requests Due, October 23rd

We are in Enhancements Freeze with 72 Enhancements on the tracking board. Any KEPs that wish to join the v1.29 release must now have an approved Exception.

October Patch Release cherry-picks are due this Friday (October 13th).

KEP of the Week

KEP 2305 - Metric Cardinality Enforcement

This KEP proposes to dynamically configure allowlists for metric label values at runtime. Metrics with unbounded dimensions can cause memory issues in the components they instrument. The dynamic configuration of allowlist proposed by this KEP would solve this. The KEP proposes to configure an allowlist at the runtime, during the boot sequence for a Kubernetes component, rather than during the build/compile step. Historically this issue has been approached in various ways. This implementation makes use of the existing constaint in prometheus clients that metrics can be uniquely identified by their metric descriptor.

This KEP was in beta in v1.28 and is tracked to graduate to stable in the upcoming v1.29 release.

Other Merges

• Kubelet's --node-ip flag initializes temporary IP addresses; this is aojea's workaround for cloud provider backwards compatibility
• Volumes that have detach errors will be listed as uncertain-attached so that they aren't available to pods, but can still be force detached
• Add an allow-list of metric labels for cardinality enforcement
• client-go recorder supports specifying context
• Don't crash kube-proxy if IPv4 config is missing in dual-stack
• Normalize the level at which the Authorizer name is available in the config struct/YAML
• Prevent aggregated API panic introduced in 1.28.0
• Cluster bootstrap is more secure
• UnsuitableNodes can mix allocated and unallocated claims
• If the storage location already exists, kubelet will delegate mounting to CSI and not fail the PVC on restart
• Clarify and error-check the --duration option to kubectl create token
• Avoid leaked goroutines on unexpected WebSocket disconnects

Test Cleanup: remove old kubeup test, watch reflector integration test, test name space padding, kubectl rollout undo

Version Updates

• Golang to v1.20.9 in production versions, and 1.21 in v1.29
• distroless-iptables image to v0.3.3