Because of security holes, Kubernetes developers are currently discussing removing the
kubectl cp command. This resulted in one fix and is likely to become a KEP soon; in the meantime it provides an illustration of how we decide on security vs. functionality.
If you identify as part of an under-represented minority contributor, you can request priority access registration for the Contributor Summit in San Diego.
Next Deadline: Draft Docs Sept. 3; final, complete docs Sept. 9th
We are currently in Code Freeze until Sept. 10th, or however long it takes to get a clear CI signal (so fix those test failures as fast as you can).
This PR implements the slow startup KEP, adding a new health check probe specifically for just the startup phase of containers. This is intended to allow for setting a different liveness probe timeout (or totally different check) to be used only during startup. If you have a container that takes a lot of time to initialize, this can help improve stability.
Server-side apply moves the logic about merging the desired and current states of an object from
apiserver. Part of this has been an effort to improve that merge behavior when there is more than one applier that wants to own certain fields in an object. This PR improves the merge logic by using the new structural schema validation data to tell when a field should have special keyed-array-like behavior or other similar common cases in our APIs.
The next phase of implementing the new endpoint management API, EndpointSlices now has a controller. The overall idea of EndpointSlices is to split up large Endpoint objects (i.e. those with a ton of Target pods) into multiple Endpoints referenced from an EndpointSlice. This two-layer API substantially multiplies the maximum number of targets for a single service without blowing up Etcd performance. Along with a controller, we also got API discovery, kubectl support, and support for reading from the new API in kube-proxy. The new system is still an experiment, but it looks promising for operating at ludicrous scale. If you have any code that reads from endpoints, for example an Ingress controller, you might want to start working out the changes you’ll have to make for the new API.
With a bunch of IPv6 code going into 1.16, Code Freeze prompted a blast of PRs:
kubectl cpwon’t copy symbolic links due to exploits and issues
kubectl get --ignore-not-foundcontinues after error
UnschedulableAndUnresolvablestatus code for the Scheduler Framework, otherwise known as the “workload DOA” code
/livezendpoint to compliment existing
kubectl log, deprecated 4 years ago (!); use
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.