LWKD: Week Ending October 31, 2021
Developer News
The Steering Committee election closes at 23:59 UTC on November 4th. Cast your ballot as soon as you can.
WG-Reliability has a second draft of their proposal around improving Kubernetes reliability by blocking new features if testgrid is flaky. Please review!
Release Schedule
Next Deadline: Feature Blogs, Nov. 2 (Code Freeze, Nov. 16)
Tuesday is the final pre-Code Freeze deadline: it's time to get your Feature Blog items in. We're starting the countdown to Code Freeze on the 16th -- the Release team has already started semi-weekly burndown meetings.
1.19.16, 1.20.12, 1.21.6, and 1.22.3 are out, including another Golang update.
Featured PRs
#105979: De-share the Handler struct in core API
Up until now, we had two systems sharing a configuration struct: probes and lifecycle hooks. This has lead to some confusing mis-features like HTTP calls for lifecycle hooks. These have now been split from a single Handler
to ProbeHandler
for probes and LifecycleHandler
for hooks. In keeping with our compatibility guarantees both new structs are currently identical but it opens the door for future improvements, adding features only where it makes sense. If you're building a PodSpec in Go code anywhere and it includes probes or hooks, make sure you update your struct names to match the new API.
#99557: 'kubectl events' command
While the venerable kubectl get events
has long served for basic debugging and shell scripting, there was always a lot of room for improvement. As a new alpha-level command, we have kubectl alpha events
to build this future on. The biggest new feature is a --for
CLI option which takes an object reference and filters the output. Check out the KEP for ideas on future features which I'm sure SIG-CLI would love help with!
PodSecurity Party
PodSecurity has seen a huge burst of activity, so let's just go through all of them!
- #105314 - Output formatting improvements for pod rejection errors
- #105857 - The
restricted
policy will reject/warnrunAsUser=0
- #105889 - Deduplicate identical messages within the same namespace
- #105898 - Make all metrics match the KEP spec
- #105908 - Pods which are exempted from PodSecurity will get an annotation explaining how/why
- #105922 - Output formatting improvements for namespace validation
- #105923 - Build and deploy glue for the webhook server
- #105959 - Use standard ErrorList return for namespace validation errors
Other Merges
- Change labels and annotations on suspended jobs and provide a count of read pods in a job
kubectl -o
has autocomplete, and autocomplete makes more helpful suggestions- Fix NodeResource scoring for containers with no request
- If APIServices aren't available yet, return 503, not 404
- PodSpec gets an OS field and validation of OS-specific fields
- Kubectl will consider initContainers when showing the QoS of a Pod
Structured Logging migrations: several scheduler files, plus several more
Promotions
Deprecated
- kubeadm removes update-cluster-status phase, deprecated and disabled in 1.22