Last week’s open SC meeting started with discussing who can make requests of the CNCF. The SC decided that we can set reasonable thresholds for non-SC leaders to ask the CNCF for resources, and started drafting those. Paris Pittman submitted a PR for rationalizing governance across SIGs. WGs and UGs will get reviewed later. There was also an update on SIG Charters; some still need to be approved, and others now need revision.
The rest of the meeting was a discussion of Slack moderation, where we are in a bit of a bind. Everyone wants to keep Slack open for the whole community, but nobody believes that we can get enough moderators (25+) to make that safe. The SC plans to create a group to work on this, and in the meantime new Slack registrations remain closed.
Next Deadline: CODE FREEZE, March 7th
Last week was week 8 of 1.14. As mentioned, there is no Code Slush for 1.14. If you have an enhancement, make sure it is ready to land, including tests and docs. Speaking of tests, all fails and flakes are about to become priority/critical-urgent.
To improve the release notes, Jeffrey Sica made a release notes website. Try to make relase notes about the release.
There were no minor release last week.
For a long time client-go has offered unversioned clients like
clientset.Core(). They were always risky to use as they would simply default to the latest version of the relevant API, meaning if you upgraded your libraries it could silently break compatibility. Versioned interfaces like
clientset.AppsV1() solve this, and have been recommended since they were added. Out with the old and in with the new, the unsafe, unversioned interfaces have now been removed. If you’ve been putting off that particular code cleanup, now is the time.
Previously any user, including unauthenticated connections, were allowed access to the discovery and access review APIs. This would allow anyone to run tools like
kubectl auth can-i even without credentials. Given the relatively minimal benefits of this, moving forward these permissions will not be included by default in new clusters. It is recommended that existing clusters be hardened by removing
system:unauthenticated from the
system:basic-user cluster role bindings.
Rejoice multi-tailers, kubectl logs will now be able to natively follow logs from multiple pods using
-l to provide a label selector and
-f to enable follow mode. There’s been lots of great tools to provide this feature over the years but it’s good to get a version of it included by default to improve the out of box experience.
kubectl logs -l app=logging_test --all-containers -f
A follow up to #73033 from a few weeks ago, several kubectl commands now support direct Kustomize integration. Rather than
kubectl kustomize build . | kubectl apply -f -, you can do
kubectl apply -k .. As mentioned last time, this is a great step towards having workflow tools available out of the box.
kubeadm alpha kubeconfighas been removed
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.