Last Week in Kubernetes Development
Stay up-to-date on Kubernetes development in 15 minutes a week.
Week Ending November 4, 2018
Community Meeting Summary
The community meeting started with a demo of Automation Broker by Michael Hrivnak. This is really a set of Ansible-based tools for building Service Catalog services, including the broker itself, the Ansible Playbook Bundle, and the Ansible Operator. You can even use it to run Helm.
Nishi Davidson updated us on SIG-AWS. Subprojects aws-alb-ingress-controller, aws-ebs-csi-driver, and out-of-tree-ccm will be going in as alpha in 1.13. The in-tree cloud provider will soon have e2e tests, and will be maintained until the plugin is GA, sometime in late 2019. They’ve added the aws-tester plugin which creates an EKS cluster for testing.
The SIG-Scheduling updates for 1.12, per Bobby Salamat, included scheduler performance improvement, TaintNodesByCondition, ImageLocality (track which nodes have which images), and finalizing the design of the Scheduler plugin architecture. For 1.13, they’re working on gang scheduling, pod scheduling policies, implementing extension/plugin points, and improving the equivalence cache.
Paris presented about SIG-ContribEx. Last cycle, they completed the contributor survey (result graphs coming soon), overhauled how the various project media are moderated, and launched discuss.kubernetes.io. Now, they’re revamping the developer guide, building a new contributor site, and improving SIG Chair processes. For the last please reach out to #sig-contribex if you have ideas.
KEPs are moving repos, per discussion, with plans to eventually become the mandatory new feature process. The Seattle Contributor Summit is waitlisted.
Release Schedule
Next Deadline: Code Slush, November 9
We will also be releasing the beta and creating a branch on Nov. 6th. Code freeze is just 2 weeks away, so try to finish up your work for 1.13. Once code slush starts, PRs must be labeled completely.
We have also finalized the criteria for blocking tests and will be re-shuffling the test boards in accord with them.
Updates 1.11.4 and 1.12.2 were released last week.
Featured PRs
#67851: Flexvolume resize implementation
Flex-plugin-based persistent volumes now have a ExpandVolumeDevice hook to resize the underlying volume size, and ExpandFS to grow the filesystem to match. Together these allow live resizing of volumes in the same way as the in-tree plugins like AWS-EBS and GCE-PD.
#67795: CRD Conversion API Changes
Up until now, custom resources have had to use the nopConversion, making it very difficult to use the normal alpha, beta, GA progression that in-tree resources follow. A KEP to improve this has been approved, and this PR adds in the API skeleton. The overall idea is to add a webhook between kube-apiserver and the CRD controller to handle the data translation. Eventually this will allow smooth upgrades for existing custom objects.
#70039: Switch kubectl rollout to directly rolling back deployments
Somewhat burying the lede, this PR switching the kubectl rollout commands from extensions/v1beta1 to apps/v1, which is one step closer to being able to remove the old beta Deployment APIs. A good reminder to check any custom Deployment tooling to ensure you’re on the apps/v1 API.
#69916: Create audience unaware authenticator wrappers
A follow up to last week’s featured PR, this adds a set of token authentication wrappers for pre-audience tokens. Anything using token authentication may want to use these wrappers to match the new requirements.
Other Merges
- MountPropagation is now unconditionally enabled in 1.13.
- Components can now generate self-signed certs in memory if no cert is provided
- CSI drivers get mount options
- Kubeadm ControlPlane timeout is now configurable, and HostPathMount now uses ReadOnly instead of Writeable
- The Azure provider supports UltraSSD disks, and no longer orphans public IPs
--audit-webhook-versionand--audit-log-versionnow default to v1- The Openstack Provider stops trying to handle non-Openstack volumes
kubectl plugin listnow shows plugins in PATH order- Switch from rollout to recreate in kubectl without clearing all the rollout fields
- Only activate unscheduleable pods if a node’s scheduling properties change, and use a fake client for scheduler tests.
- Named pipe mounts,
--system-reservedand--kube-reservednow work on Windows nodes
Deprecated
- SIG-Scheduling is deprecating the “critical pod” annotation as of 1.13. Please replace it with Tainting and/or Priorities.
- Kubeadm no longer supports multiple API endpoints on join
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.