September 26, 2023

LWKD: Week Ending September 24, 2023

Developer News

The Steering Committee Election is still open for voting through Wednesday! Cast your ballot now.

Registration for Kubernetes Contributor Summit Chicago is open.

Release Schedule

Next Deadline: Production Readiness Review Freeze, September 28th (this Thursday)

Kubernetes v1.29.0-alpha.1 is live!

Get your KEPs ready for Production Readiness Review. If you're going to work towards any features, deprecations, or removals during the 1.29 release cycle, please opt-in your KEP(s) before the Enhancements Freeze (October 6th).

KEP of the Week

KEP 3107: NodeExpandSecret for CSI Driver

This KEP proposes adding NodeExpandSecret to the CSI Persistent Volume source so that it can be sent by the CSI client as part of the nodeExpandVolume request to the CSI drivers. CSI spec v1.5 had added an optional secret field to NodeExpandVolumeRequest. The NodeExpandSecret added by this KEP would support that change. The CSI drivers did not have a method to make use of secretRef at the time of Node operations such as Node expansion. This is because the subjected CSI request does not carry a secret or credentials in the request. The Kubernetes CSI have implemented a similar mechanism for Controller operations however. secretRef field is available in the CSI PV source and is making use of it during controllerExpand request. This KEP adds the same field to the nodeExpandVolume request.

This KEP was in alpha in the v1.25 release, graduated to beta in v1.27 and is now targeting to graduate to stable in the upcoming v1.29 release. It has been authored by Humble Chirammal.

Other Merges

• The API streams to etcd for more immediate watch cache updates
• You can exclude nodes from a daemonset rolling update if taints/tolerations won't let them participate
• APIserver tracing shows group, version, namespace, and name
• Requeue pods that get a scheduler queuing error
• Release ServiceAPI network resources even if the finalizer is removed
• kubectl --show-events=false works with PVCs
• Ensure that all running cronjobs are on the active list
• No attestation required for no-op trust bundle updates
• Put resourcequota.NewMonitor back where it was; removing it broke stuff
• The nodevolumelimits Scheduler plugin does contextual logging

Testing updates: RunWatchSemantics, kubeproxy mock framework, WatchSemantics storage

Deprecated

• kubepkg and rapture, build tools for the legacy image repos are being removed along with all related tests and infra

Version Updates

• govmomi to v0.30.6 for all versions using go 1.20