At February’s monthly meeting we heard from SIGs Windows, Auth, and Multicluster.
SIG Windows is graduating Active Directory and runAsUserName support. Kubeadm on Windows will soon be beta. The SIG wants to move from Docker to CRI-ContainerD, and is also working on CSI support. However, the main work for v1.18 will be on scaling since there are issues with both HPA and CPU limits. SIG-Windows could use some help fixing the Windows jobs on Testgrid.
SIG Auth recently adopted the “secrets store” CSI driver from Storage, and are trying to improve the Certs API and auth performance. They’d like to overhaul PodSecurityPolicy, and the new GA ServiceTokenSupport is causing issues with legacy tokens and needs to be retrofitted. Auth could use help testing the various features with different auth clients.
SIG Multicluster just needs more contributor involvement, period. Kubefed needs some new maintainers, so if you depend on it consider stepping up. There’s also a new Multicluster API proposal they’re looking for feedback on.
Next Deadline: Code Freeze, March 5th
Yes, Code Freeze is coming! Please finish up your v1.18 PRs and get started on documentation, since first draft docs are due March 9th.
Next patch releases are planned for March 12th, making the cherry-pick deadline March 9th (yes, the same day docs are due), so next week is gonna be busy.
This new field, part of the AppProtocol KEP, will allow application builders to meaningfully specify the exact protocol used by their services. While Service protocol allows specifying TCP, UDP or SCTP, this will allow things like “postgresql://”
Julian Modesto has been adding the option for server-side dry runs to every command that supports a dry run, which is very helpful for testing anything that involves a CRD.
SIG API Machinery is working on moving from the hackish approach of SSH Tunnels for container proxies to a full-blown network proxy delegation setup. Jeffrey Ying’s PR builds the USD and GRPC support into this.
PR makes the PID namespaces feature useful by having ephemeral containers run in the same PID namespace as the pod’s main containers. At least, for docker; other container runtimes need to implement this.
kubeadm upgradework again in single-node clusters
kubectl rolling-update, deprecated since 2018
ClusterStatusdependency in Kubeadm, but without any plans for removal
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.