Last Week in Kubernetes Development
Stay up-to-date on Kubernetes development in 15 minutes a week.
Week Ending March 3, 2019
Developer News
This week, Jordan Liggitt talked about the API Review Process. SIG-Architecture has adopted a new, simplified, written process, including what needs to a review, how to get one, and review tracking.
Steering Committee Meeting
Last week’s open SC meeting started with discussing who can make requests of the CNCF. The SC decided that we can set reasonable thresholds for non-SC leaders to ask the CNCF for resources, and started drafting those. Paris Pittman submitted a PR for rationalizing governance across SIGs. WGs and UGs will get reviewed later. There was also an update on SIG Charters; some still need to be approved, and others now need revision.
The rest of the meeting was a discussion of Slack moderation, where we are in a bit of a bind. Everyone wants to keep Slack open for the whole community, but nobody believes that we can get enough moderators (25+) to make that safe. The SC plans to create a group to work on this, and in the meantime new Slack registrations remain closed.
Release Schedule
Next Deadline: CODE FREEZE, March 7th
Last week was week 8 of 1.14. As mentioned, there is no Code Slush for 1.14. If you have an enhancement, make sure it is ready to land, including tests and docs. Speaking of tests, all fails and flakes are about to become priority/critical-urgent.
To improve the release notes, Jeffrey Sica made a release notes website. Try to make relase notes about the release.
There were no minor release last week.
Featured PRs
#74422: Remove deprecated versionless client interface methods
For a long time client-go has offered unversioned clients like clientset.Apps() and clientset.Core(). They were always risky to use as they would simply default to the latest version of the relevant API, meaning if you upgraded your libraries it could silently break compatibility. Versioned interfaces like clientset.AppsV1() solve this, and have been recommended since they were added. Out with the old and in with the new, the unsafe, unversioned interfaces have now been removed. If you’ve been putting off that particular code cleanup, now is the time.
#73807: harden the default RBAC discovery clusterrolebindings
Previously any user, including unauthenticated connections, were allowed access to the discovery and access review APIs. This would allow anyone to run tools like kubectl auth can-i even without credentials. Given the relatively minimal benefits of this, moving forward these permissions will not be included by default in new clusters. It is recommended that existing clusters be hardened by removing system:unauthenticated from the system:discovery and system:basic-user cluster role bindings.
#67573: Allows to combine the -f and -l flags in kubectl logs
Rejoice multi-tailers, kubectl logs will now be able to natively follow logs from multiple pods using -l to provide a label selector and -f to enable follow mode. There’s been lots of great tools to provide this feature over the years but it’s good to get a version of it included by default to improve the out of box experience.
Example:
kubectl logs -l app=logging_test --all-containers -f
#74140: add -k flag in cli-runtime and kubectl to process kustomization directories
A follow up to #73033 from a few weeks ago, several kubectl commands now support direct Kustomize integration. Rather than kubectl kustomize build . | kubectl apply -f -, you can do kubectl apply -k .. As mentioned last time, this is a great step towards having workflow tools available out of the box.
Other Merges
- many metrics names are being converted from “latency” to “duration”, as a breaking change, for better Prometheus integration
- our OpenAPI supports nullable values now
- make short cert expiration cycles more granular for monitoring
- stop creating kubeapi endpoints before the APIserver is ready
- admission webhook timeouts are shorter and default to 30s
- support automatically provisioning CSI storage drivers so that we can migrate from in-tree to CSI storage
- change handling of kubeadm flag settings to distinguish between user-supplied and default config paths
- PodPreset now affects init containers
Promotions
- local PV is now GA
- RunAsGroup to beta
Deprecated
- alpha reflector metrics were just removed because of a memory leak
- the mount propogation feature gate is gone
kubeadm alpha kubeconfighas been removedio.k8s.kubernetes.pkgis gone
Version Updates
- golang is 1.12 in master, backports to earlier Kubernetes versions pending tests
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.