Last Week in Kubernetes Development

Stay up-to-date on Kubernetes development in 15 minutes a week.

Subscribe
Twitter
RSS

View LWKD on GitHub

Week Ending March 3, 2019

Developer News

This week, Jordan Liggitt talked about the API Review Process. SIG-Architecture has adopted a new, simplified, written process, including what needs to a review, how to get one, and review tracking.

Steering Committee Meeting

Last week’s open SC meeting started with discussing who can make requests of the CNCF. The SC decided that we can set reasonable thresholds for non-SC leaders to ask the CNCF for resources, and started drafting those. Paris Pittman submitted a PR for rationalizing governance across SIGs. WGs and UGs will get reviewed later. There was also an update on SIG Charters; some still need to be approved, and others now need revision.

The rest of the meeting was a discussion of Slack moderation, where we are in a bit of a bind. Everyone wants to keep Slack open for the whole community, but nobody believes that we can get enough moderators (25+) to make that safe. The SC plans to create a group to work on this, and in the meantime new Slack registrations remain closed.

Release Schedule

Next Deadline: CODE FREEZE, March 7th

Last week was week 8 of 1.14. As mentioned, there is no Code Slush for 1.14. If you have an enhancement, make sure it is ready to land, including tests and docs. Speaking of tests, all fails and flakes are about to become priority/critical-urgent.

To improve the release notes, Jeffrey Sica made a release notes website. Try to make relase notes about the release.

There were no minor release last week.

#74422: Remove deprecated versionless client interface methods

For a long time client-go has offered unversioned clients like clientset.Apps() and clientset.Core(). They were always risky to use as they would simply default to the latest version of the relevant API, meaning if you upgraded your libraries it could silently break compatibility. Versioned interfaces like clientset.AppsV1() solve this, and have been recommended since they were added. Out with the old and in with the new, the unsafe, unversioned interfaces have now been removed. If you’ve been putting off that particular code cleanup, now is the time.

#73807: harden the default RBAC discovery clusterrolebindings

Previously any user, including unauthenticated connections, were allowed access to the discovery and access review APIs. This would allow anyone to run tools like kubectl auth can-i even without credentials. Given the relatively minimal benefits of this, moving forward these permissions will not be included by default in new clusters. It is recommended that existing clusters be hardened by removing system:unauthenticated from the system:discovery and system:basic-user cluster role bindings.

#67573: Allows to combine the -f and -l flags in kubectl logs

Rejoice multi-tailers, kubectl logs will now be able to natively follow logs from multiple pods using -l to provide a label selector and -f to enable follow mode. There’s been lots of great tools to provide this feature over the years but it’s good to get a version of it included by default to improve the out of box experience.

Example:

kubectl logs -l app=logging_test --all-containers -f

#74140: add -k flag in cli-runtime and kubectl to process kustomization directories

A follow up to #73033 from a few weeks ago, several kubectl commands now support direct Kustomize integration. Rather than kubectl kustomize build . | kubectl apply -f -, you can do kubectl apply -k .. As mentioned last time, this is a great step towards having workflow tools available out of the box.

Other Merges

Promotions

Deprecated

Version Updates

Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.