LWKD: Week Ending October 08, 2023


            
                            October 11, 2023
                        
                
                LWKD: Week Ending October 08, 2023
                

                        Developer News
The EKS Prow build cluster has been successfully upgraded from Kubernetes 1.25 to 1.28.
The schedule for Contributor Summit Chicago is live. Please register.
Release Schedule
Next Deadline: Exception Requests Due, October 23rd
We are in Enhancements Freeze with 72 Enhancements on the tracking board. Any KEPs that wish to join the v1.29 release must now have an approved Exception.
October Patch Release cherry-picks are due this Friday (October 13th).
KEP of the Week
KEP 2305 - Metric Cardinality Enforcement
This KEP proposes to dynamically configure allowlists for metric label values at runtime. Metrics with unbounded dimensions can cause memory issues in the components they instrument. The dynamic configuration of allowlist proposed by this KEP would solve this. The KEP proposes to configure an allowlist at the runtime, during the boot sequence for a Kubernetes component, rather than during the build/compile step. Historically this issue has been approached in various ways. This implementation makes use of the existing constaint in prometheus clients that metrics can be uniquely identified by their metric descriptor.
This KEP was in beta in v1.28 and is tracked to graduate to stable in the upcoming v1.29 release.
Other Merges

Kubelet's --node-ip flag initializes temporary IP addresses; this is aojea's workaround for cloud provider backwards compatibility
Volumes that have detach errors will be listed as uncertain-attached so that they aren't available to pods, but can still be force detached
Add an allow-list of metric labels for cardinality enforcement
client-go recorder supports specifying context
Don't crash kube-proxy if IPv4 config is missing in dual-stack
Normalize the level at which the Authorizer name is available in the config struct/YAML
Prevent aggregated API panic introduced in 1.28.0
Cluster bootstrap is more secure
UnsuitableNodes can mix allocated and unallocated claims
If the storage location already exists, kubelet will delegate mounting to CSI and not fail the PVC on restart
Clarify and error-check the --duration option to kubectl create token
Avoid leaked goroutines on unexpected WebSocket disconnects

Test Cleanup: remove old kubeup test, watch reflector integration test, test name space padding, kubectl rollout undo
Version Updates

Golang to v1.20.9 in production versions, and 1.21 in v1.29
distroless-iptables image to v0.3.3

                    
                            Don't miss what's next. Subscribe to Last Week In Kubernetes Development: