Stay up-to-date on Kubernetes development in 15 minutes a week.
Steering Committee elections are coming up! First, contributors should make sure they are listed as a voter. If you want to nominate yourself or others, you need to do so by Sept. 11th.
Because of security holes, Kubernetes developers are currently discussing removing the kubectl cp
command. This resulted in one fix and is likely to become a KEP soon; in the meantime it provides an illustration of how we decide on security vs. functionality.
If you identify as part of an under-represented minority contributor, you can request priority access registration for the Contributor Summit in San Diego.
Next Deadline: Draft Docs Sept. 3; final, complete docs Sept. 9th
We are currently in Code Freeze until Sept. 10th, or however long it takes to get a clear CI signal (so fix those test failures as fast as you can).
This PR implements the slow startup KEP, adding a new health check probe specifically for just the startup phase of containers. This is intended to allow for setting a different liveness probe timeout (or totally different check) to be used only during startup. If you have a container that takes a lot of time to initialize, this can help improve stability.
Server-side apply moves the logic about merging the desired and current states of an object from kubectl
to apiserver
. Part of this has been an effort to improve that merge behavior when there is more than one applier that wants to own certain fields in an object. This PR improves the merge logic by using the new structural schema validation data to tell when a field should have special keyed-array-like behavior or other similar common cases in our APIs.
The next phase of implementing the new endpoint management API, EndpointSlices now has a controller. The overall idea of EndpointSlices is to split up large Endpoint objects (i.e. those with a ton of Target pods) into multiple Endpoints referenced from an EndpointSlice. This two-layer API substantially multiplies the maximum number of targets for a single service without blowing up Etcd performance. Along with a controller, we also got API discovery, kubectl support, and support for reading from the new API in kube-proxy. The new system is still an experiment, but it looks promising for operating at ludicrous scale. If you have any code that reads from endpoints, for example an Ingress controller, you might want to start working out the changes you’ll have to make for the new API.
With a bunch of IPv6 code going into 1.16, Code Freeze prompted a blast of PRs:
kubectl cp
won’t copy symbolic links due to exploits and issueskubectl get --ignore-not-found
continues after errorkubectl wait
honors --all-namespaces
EnableAggregatedDiscoveryTimeout=false
to disableUnschedulableAndUnresolvable
status code for the Scheduler Framework, otherwise known as the “workload DOA” code/livez
endpoint to compliment existing readyz
endpoint; next, jayz
endpointkubectl log
, deprecated 4 years ago (!); use logs
insteadLast Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.