Last week’s community meeting kicked off with a demo of Amazon EKS by Bryce Carman. This is set up with the control plane hosted by AWS and worker nodes under the control of the user. Carman spent some time on how network segregation and VPC works for EKS through a CNI plugin. Using the Heptio authenticator, you can log in from your desktop with your AWS IAM credentials.
Jordan Liggitt presented KEP 17. This KEP proposes a major restructuring of how component configuration works, both by moving configs from flags to a structured configuration file (as has been done with Kubelet), and by moving the config API types to their own repos, making it possible to include them in external code. Among other things, this will make interactive validation of configs possible. This change will affect everyone who works on Kubernetes or a plugin or client for it.
Liggitt continued with the update from SIG-Auth. They’re making it much easier to have multiple authorizors by cleaning up permissions and error messages. They plan to add Kubelet cert improvements to 1.12, as well as scoped service account tokens (not yet time-limited) and audit improvements. Frederic Brancyzk explained SIG-Instrumentaion’s current priorities, the biggest of which is the deprecation of Heapster. Other work includes adding new Node metrics, refactoring the Metrics Server, and enhanced configuration for the Prometheus adapter.
Next Deadline: Feature Freeze, July 31st.
SIGs should be listing features they expect to complete for 1.12 in the Features repo and the spreadsheet. After July 31st, features added to the release will need to go through the exception process.
A small change, but nice to have for a lot of common cases, this adds a
NewForConfigOrDie for the Go client library. This has already resulted in some
code cleanup and will
probably allow similar changes in other test scripts and other management tools.
In an effort to track, and eventually fix, inconsistent e2e tests there is now
an API (
RecordFlakeIfError) for writing a flake-specific log entry if an e2e
test failed unexpectedly.
In development for a long time and finally merged, this means the kubelet will scan for plugins in a given folder. This (hopefully) moves towards unifying the plugin management layers between device plugins, CNI plugins, etc.
--docker-disable-shared-pid kubelet flag has been removed in
favor of the
ShareProcessNamespace pod API. If you’re using shared PID namespaces
for any testing, make sure you update to the new system.
This fixes a small race condition when booting a new, tainted node. Fortunately an easy fix this time around, but a great reminder to be vigilant about concurrent operations whenever possible.
kubectl execis now hidden, prior to removal
--cri-socket-pathoption has been renamed simply
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.