CSI’s external-provisioner, external-snapshotter, and external-resizer sidecars have all been found to have a security issue with dereferencing PVCs, and have been patched. If you use any of these, update right away, or disable the features until you can.
We are now in Code Thaw.
Test-infra has added a kind/deprecation label so that PRs that deprecate or remove a feature or API will be tagged in a way that makes them easy to find (and summarize). Please start using it.
Next Deadline: Cherry Pick Deadline Dec. 2nd
We are now in Code Thaw since 1.17rc1 is released. This means your feature docs should already be complete, and you have until Monday to cherry-pick in any last-minute fixes. Fortunately, TestGrid is mostly green.
The next set of patch releases is due December 6th.
EndpointSlices have been promoted to beta but the feature gate has been disabled by default in v1.17, because the feature still has a lot of bugs and code churn, such as:
The first major pass on service topology support has been merged! In short this means that a service can be configured so that when a pod connects to the service IP, rather than getting a random endpoint it will instead get a “local” backend, where “local” can be defined in terms of matching node labels. For example, a common usage might be:
kind: Service spec: topologyKeys: [kubernetes.io/hostname", "topology.kubernetes.io/zone", "*"]
Meaning the service proxy will first look for a backend on the same node, then the same availability zone, then anywhere in the cluster as it would currently. Unfortunately this new feature does depend on enabling the EndpointSlices system mentioned above, so it may not be immediately available for everyone. But still, this is a great feature to help make more resilient and performant infrastructures for everyone!
A strong first step towards improving the overload behavior of kube-apiserver, this PR adds a robust queuing management system. This will be further expanded to manage requests coming in so that we can get better prioritization of requests.
kind/deprecationand associated code block for deprecation note to the PR template.
kubectl --resource-versionrace condition
pkg/util/mountwas removed from k/k; use
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.