Last Week in Kubernetes Development

Stay up-to-date on Kubernetes development in 15 minutes a week.


View LWKD on GitHub

Week Ending July 29, 2018

Community Meeting Summary

Last week’s community meeting kicked off with a demo of Amazon EKS by Bryce Carman. This is set up with the control plane hosted by AWS and worker nodes under the control of the user. Carman spent some time on how network segregation and VPC works for EKS through a CNI plugin. Using the Heptio authenticator, you can log in from your desktop with your AWS IAM credentials.

Jordan Liggitt presented KEP 17. This KEP proposes a major restructuring of how component configuration works, both by moving configs from flags to a structured configuration file (as has been done with Kubelet), and by moving the config API types to their own repos, making it possible to include them in external code. Among other things, this will make interactive validation of configs possible. This change will affect everyone who works on Kubernetes or a plugin or client for it.

Liggitt continued with the update from SIG-Auth. They’re making it much easier to have multiple authorizors by cleaning up permissions and error messages. They plan to add Kubelet cert improvements to 1.12, as well as scoped service account tokens (not yet time-limited) and audit improvements. Frederic Brancyzk explained SIG-Instrumentaion’s current priorities, the biggest of which is the deprecation of Heapster. Other work includes adding new Node metrics, refactoring the Metrics Server, and enhanced configuration for the Prometheus adapter.

Release Schedule

Next Deadline: Feature Freeze, July 31st.

SIGs should be listing features they expect to complete for 1.12 in the Features repo and the spreadsheet. After July 31st, features added to the release will need to go through the exception process.

#66518: add missing OrDie variant for dynamic client construction

A small change, but nice to have for a lot of common cases, this adds a NewForConfigOrDie for the Go client library. This has already resulted in some code cleanup and will probably allow similar changes in other test scripts and other management tools.

#66296: Add flake-reporting utility to testing framework

In an effort to track, and eventually fix, inconsistent e2e tests there is now an API (RecordFlakeIfError) for writing a flake-specific log entry if an e2e test failed unexpectedly.

#58755: Use probe based plugin watcher mechanism in Device Manager

In development for a long time and finally merged, this means the kubelet will scan for plugins in a given folder. This (hopefully) moves towards unifying the plugin management layers between device plugins, CNI plugins, etc.

#66506: Remove kubelet docker shared pid flag

The deprecated --docker-disable-shared-pid kubelet flag has been removed in favor of the ShareProcessNamespace pod API. If you’re using shared PID namespaces for any testing, make sure you update to the new system.

#63955: Taint node when initializing node

This fixes a small race condition when booting a new, tainted node. Fortunately an easy fix this time around, but a great reminder to be vigilant about concurrent operations whenever possible.

Other Merges


Version Updates

Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.