LWKD: Week Ending October 30, 2022
Developer News
Oct. 24 was the Contributor Summit. We started the day with a call to action from Paris & Tabitha, a review of how Japan has hosted their own contributor training, and GitHub staff showing how CodeSpaces for Kubernetes contributors will help people get started.
Here’s some session summaries (links require k8s.io/dev membership):
- Discussed the state of statefulness including the status of features like Taints, PDB, QoS, and slices
- Went over the limitations of
kubectl applyand how we might solve them - SIG-Network wants to run kubemark tests on networking components at large scale
- Apparently Kubernetes API user experience is a mess
- Most people don’t understand the real Pod Lifecycle, and who can blame them?
- Now that Dockershim is gone, it’s time to completely overhaul how CRI works
Release Schedule
Next Deadline: Feature Blog Freeze, November 2nd
Today is the time to get in your SIG’s blog paragraphs for 1.26. What exciting features did you merge? Share it. And then get ready for Code Freeze, which comes in just over a week: November 9th. CI Signal is green.
November’s patch releases have been rescheduled to November 9th to dodge the US holiday, which means that the cherry-pick deadline is this Friday.
Featured PRs
#105867: Shell completion for plugins
While kubectl itself has supported shell completion hooks forever, this has not previously been extended to external plugins. Plugins can now include a kubectl_complete-<pluginName> executable while will be called during the normal shell completion processing if required. If you already have kubectl completions installed in your shell, this means as plugins start using this feature, you’ll get support for them automatically as well. If you maintain any kubectl plugins, definitely check out this feature.
#113015: Custom resource encryption
At-rest encryption has been an important feature of Kubernetes for many compliance-sensitive and multi-tenant environments. So far this had been limited to core resources, usually Secrets but sometimes all resources depending on the kube-apiserver configuration. Now this will be available to custom resources as well. This uses the same EncryptionConfiguration configuration file, but now with non-core resources groups supported as well. While it may be some time before broad support can be assumed for community projects, this
#112377: refactor sets use generic
The future is now! With Go 1.18, we have support for generics. This PR adds a generics-powered replacement for the old sets.NewByte(), sets.NewInt(), and sets.NewString(): sets.New[type](). For example for strings, sets.New[string]() will get you a set just like before. But with less duplicated code. The old APIs are still present to smooth the transition but definitely check out the new tech for new code.
Other Merges
- Cleaned up the doc generator
- Measure JSON CPU usage
- Metrics: two new fields for existing metrics, count default StorageClass errors, rename etcd metrics to be generic, Admission Control CEL gets metrics, as does cpumanager pinning
- Change where in the code we mount new volumes
- Pod Disruption Conditions get added via Server Side Apply to avoid race conditions
- kube-proxy should restart if the CIDR changes
- Priority & Fairness adds “seat borrowing”
- APIServer tracing has new spans and events
- Get the Controller-Managers to stop fighting
- Terminal special chars are escaped by kubectl
- Start the Audit Logging cleanup
- kubectl should wait for the jsonpath to appear
- Check when legacy ServiceAccount tokens get used
Test Cleanup: watch errors, Win usergroup containers, more Windows tests and a truly massive refactor of the storage tests by Wojciech. This testing cleanup effort has accomplished a ton to keep Kubernetes green and well-tested.
Deprecated
- GA’d UnversionedKubeletConfigMap feature gate is gone
- Nobody’s using
pkg/util/ipconfig, so bye - Remove deprecated
certificates/v1beta1