LWKD logo

Last Week in Kubernetes Development

Stay up-to-date on Kubernetes development in 15 minutes a week.


View LWKD on GitHub

Week Ending August 12, 2018

Apologies for skipping a week. And this week isn’t going to be normal, either … it’s Steering Committee Update Week.

Steering Committee Summary

Steering Committee Elections will be in October. The project will be deciding on who’s eligible to vote as a “Member of Standing” this month; for main project code & docs contributors, that’s anyone who has 60 or more contributions showing in Devstats. There will be an exception process for other types of contributors to claim voting rights.

Having all SIGs adopt charters is being slow, with lots of discussion but few finalized. Accordingly, the SC is codifying having SIG liaisons partly to move this along. The SC also plans to allow non-SC members into meetings on an invitation basis, generally in response to a specific proposal to the SC.

The Code of Conduct Committee has been selected. They will start closed meetings and taking up their duties soon.

The SC will host another “Meet Our Contributors Steering Committee Edition” on September 5th.

Community Meeting Summary

The community meeting this week had no demo, but instead packed in the densest set of updates we’ve seen on a Thursday morning yet. Buckle your seatbelts, Kubeistas!

Shyam Jeedigunta presented for SIG Scalability, including some new work for scale testing: a ClusterLoader rewrite in perf-test, and the perf-dash dashboard. For 1.12, kubelet will be watching for Secrets instead of polling, and they will be changing how heartbeat works, including the API, to reduce overhead. They’re also trying to reduce test flakes – help wanted!

SIG Architecture’s Brian Grant mentioned that their meeting time has changed to 11am Pacific Thursdays. They’re also changing how they track things, including API Reviews and KEP Tracking. Basically, if you need SIG-Arch attention, get on a tracking board and post to the mailing list (no GH notifications or Slack).

Sean Sullivan talked about work in SIG-CLI on kubectl, including work to move more of its logic server-side, and a plugin manager called KREW. They also launched kustomize, an on-the-fly Kube-YAML patcher. SIG-CLI’s charter is up for feedback.

SIG-AWS finally had an update, thanks to Nishi Davidson of AWS, who gave a tour of subprojects. AWS-IAM-authenticator, renamed from Heptio-authenticator, allows users to log into kubectl using IAM. AWS-ALB-ingress-controller, contributed by CoreOS & Tickemaster, automatically creates ALBs from Ingress. Alpha project AWS-encryption-provider provides envelope encryption for Etcd, and AWS-CSI-driver-EBS, a Red Hat collab, provides a CSI driver for EBS, with which they hope to replace the existing driver in 1.13 or 1.14. In early development are Pod-identity-access (injecting IAM credentials into the pod), and Cloud-Provider-AWS (making AWS use the API). Kris Nova also reported on the Cluster API development.

Kubernetes Office Hours will be at 1300 and 2000 UTC this Wednesday.

The Github Management Team has been officially formed, which means that people with “owner” perms who are not on the team will find them gone. If you need GH changes, file an issue. Futher, Kubernetes SIG service accounts are going away. If you own some of these moribund mailing lists, please delete them.

Release Schedule

Next Deadline: 1.12.0-beta0, August 14th

CI Signal needs to be green for Beta; please make sure your blocking and upgrade tests are passing.

The 1.12 cycle is halfway through, which means development is 2/3 done; Code Freeze is in 22 days. The Release Team is validating a new build/push mechanism with a feature branch for 1.12, created for the beta. This branch will aregularly fast-forward from master.

The 1.11.2 update was released Wednesday, and 1.9.10 the prior week.

#66391: Support dry run in admission plugins

If DryRun requests are enabled, they will now go through the usual admission controller chain. This ensures that dry-run results are closer to reality, but could catch some controllers unawares if they have external side effects and don’t check the request type. There was also a small follow-up PR to disable webhook controllers during dry-run.

#67178: Vendor cfssl/cfssljson utilities

We’ve had a few issues with mismatched versions of the cfssl utilities in the past so to ensure everyone stays on the same cycle, we’ve vendored them. This should be entirely transparent unless you’ve made local modifications to one of the tools.

#66512: Skip building openapi for ignored paths

A potential small speed up for local development, if ignoring some paths you don’t have to generate the OpenAPI for then.

A (very) short PR but a good reminder to always attribute the Kubernetes logo when using it in other projects or presentations.

#65147: Document /watch prefix deprecation

While the /watch API has been deprecated for a while now, we’ve never updated the documentation to reflect this fact. A good prompt to double check any third-party client libraries or scripts to ensure you’ve switched over to ?watch=true.

Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.