Last Week in Kubernetes Development
Stay up-to-date on Kubernetes development in 15 minutes a week.
Week Ending July 29, 2018
Community Meeting Summary
Last week’s community meeting kicked off with a demo of Amazon EKS by Bryce Carman. This is set up with the control plane hosted by AWS and worker nodes under the control of the user. Carman spent some time on how network segregation and VPC works for EKS through a CNI plugin. Using the Heptio authenticator, you can log in from your desktop with your AWS IAM credentials.
Jordan Liggitt presented KEP 17. This KEP proposes a major restructuring of how component configuration works, both by moving configs from flags to a structured configuration file (as has been done with Kubelet), and by moving the config API types to their own repos, making it possible to include them in external code. Among other things, this will make interactive validation of configs possible. This change will affect everyone who works on Kubernetes or a plugin or client for it.
Liggitt continued with the update from SIG-Auth. They’re making it much easier to have multiple authorizors by cleaning up permissions and error messages. They plan to add Kubelet cert improvements to 1.12, as well as scoped service account tokens (not yet time-limited) and audit improvements. Frederic Brancyzk explained SIG-Instrumentaion’s current priorities, the biggest of which is the deprecation of Heapster. Other work includes adding new Node metrics, refactoring the Metrics Server, and enhanced configuration for the Prometheus adapter.
Release Schedule
Next Deadline: Feature Freeze, July 31st.
SIGs should be listing features they expect to complete for 1.12 in the Features repo and the spreadsheet. After July 31st, features added to the release will need to go through the exception process.
Featured PRs
#66518: add missing OrDie variant for dynamic client construction
A small change, but nice to have for a lot of common cases, this adds a
NewForConfigOrDie for the Go client library. This has already resulted in some
code cleanup and will
probably allow similar changes in other test scripts and other management tools.
#66296: Add flake-reporting utility to testing framework
In an effort to track, and eventually fix, inconsistent e2e tests there is now
an API (RecordFlakeIfError) for writing a flake-specific log entry if an e2e
test failed unexpectedly.
#58755: Use probe based plugin watcher mechanism in Device Manager
In development for a long time and finally merged, this means the kubelet will scan for plugins in a given folder. This (hopefully) moves towards unifying the plugin management layers between device plugins, CNI plugins, etc.
#66506: Remove kubelet docker shared pid flag
The deprecated --docker-disable-shared-pid kubelet flag has been removed in
favor of the ShareProcessNamespace pod API. If you’re using shared PID namespaces
for any testing, make sure you update to the new system.
#63955: Taint node when initializing node
This fixes a small race condition when booting a new, tainted node. Fortunately an easy fix this time around, but a great reminder to be vigilant about concurrent operations whenever possible.
Other Merges
- Cleanup discovery and deletion of iSCSI block devices used as PVs
- Sidecar and dnsmasq-nanny images are now required by Kube-DNS, which is a good reason to upgrade to CoreDNS if you ask me
- Allow kubeadm to join a cluster using an existing cert
- Generate OpenAPI info without requiring a SecurityDefinition
- “Unbreak” ExecPlugin in kubelet config
Promoted
- Kubelet serving certificate management is now beta
Deprecated
- Heapster is being deprecated in 1.12, as scheduled
--pod/-pflag forkubectl execis now hidden, prior to removal- kubeadm’s
--cri-socket-pathoption has been renamed simply--cri-socket
Version Updates
- Heapster to v1.5.4(ironically)
- Azure Go SDK to v19.0.0
- GCR metadata proxy to v0.1.10
- Cluster Autoscaler to 1.1.3
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.