Stay up-to-date on Kubernetes development in 15 minutes a week.
At February’s monthly meeting we heard from SIGs Windows, Auth, and Multicluster.
SIG Windows is graduating Active Directory and runAsUserName support. Kubeadm on Windows will soon be beta. The SIG wants to move from Docker to CRI-ContainerD, and is also working on CSI support. However, the main work for v1.18 will be on scaling since there are issues with both HPA and CPU limits. SIG-Windows could use some help fixing the Windows jobs on Testgrid.
SIG Auth recently adopted the “secrets store” CSI driver from Storage, and are trying to improve the Certs API and auth performance. They’d like to overhaul PodSecurityPolicy, and the new GA ServiceTokenSupport is causing issues with legacy tokens and needs to be retrofitted. Auth could use help testing the various features with different auth clients.
SIG Multicluster just needs more contributor involvement, period. Kubefed needs some new maintainers, so if you depend on it consider stepping up. There’s also a new Multicluster API proposal they’re looking for feedback on.
Next Deadline: Code Freeze, March 5th
Yes, Code Freeze is coming! Please finish up your v1.18 PRs and get started on documentation, since first draft docs are due March 9th.
Next patch releases are planned for March 12th, making the cherry-pick deadline March 9th (yes, the same day docs are due), so next week is gonna be busy.
This new field, part of the AppProtocol KEP, will allow application builders to meaningfully specify the exact protocol used by their services. While Service protocol allows specifying TCP, UDP or SCTP, this will allow things like “postgresql://”
Julian Modesto has been adding the option for server-side dry runs to every command that supports a dry run, which is very helpful for testing anything that involves a CRD.
Together with 88285, this PR implements a major feature of the alpha Scheduling Framework: Scheduling Profiles. These allow users to create multiple workload-specific profiles.
SIG API Machinery is working on moving from the hackish approach of SSH Tunnels for container proxies to a full-blown network proxy delegation setup. Jeffrey Ying’s PR builds the USD and GRPC support into this.
PR makes the PID namespaces feature useful by having ephemeral containers run in the same PID namespace as the pod’s main containers. At least, for docker; other container runtimes need to implement this.
kubeadm upgrade
work again in single-node clusters--detect-local
flagazure-load-balancer-disable-tcp-reset
kubectl rolling-update
, deprecated since 2018ClusterStatus
dependency in Kubeadm, but without any plans for removalLast Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.