LWKD logo

Last Week in Kubernetes Development

Stay up-to-date on Kubernetes development in 15 minutes a week.


View LWKD on GitHub

Week Ending September 13, 2020

Developer News

All community Zoom meetings now require a passcode.

Steering Committee election voting has started. Contributors will receive their ballots over the 14th and 15th. If you do not receive your ballot by the 17th, file a request for a replacement.

Wojciech Tyczynski has proposed the creation of WG-Reliability, in order to make “reliability” part of our testing and release criteria.

The September Community Meeting is this Thursday; SIGs Windows, Auth, and Multicluster are speaking. Right now, you can check out the results of the SIG-CL survey.

Release Schedule

Next Deadline: Enhancements Freeze, Oct. 6

The 1.20 release cycle has started with Lead Jeremy Rickard. Sections leads have been selected, and shadows are being picked. Expect the call for Enhancement tracking soon.

1.19.1 was released Sept. 9, fixing a go-runner issue in 1.19.0 and other urgent bugs. Minor releases 1.17.12, 1.18.9, and 1.19.2 are all expected out Wednesday. 1.16 is no longer being patched, so you should be upgrading to at least 1.17 right away.

#92064: Serve storage-versions API in kube-apiserver

The next step in the storage-version consensus tooling, this PR adds the API components. This API is mostly designed for use by kube-storage-version-migrator but any other system implementing a similar object upgrade process may find it useful. The overall goal of the API is have a one-stop-shop for which storage versions are available for the currently active API servers. Previously this was handled in a mode ad-hoc fashion, which could result in storage corruption during unusual upgrade situations where not all API servers were on the same version in such a way that they disagreed about which storage versions to use. This new API will ensure that these edge cases are closed.

#88337: kubectl/drain add support for custom pod filters

Previously the only two filter conditions you could use when draining pods was to ignore pods from daemonsets and to include pods with emptyDir volumes. This PR adds a hook to apply arbitrary filter conditions when use kubectl/drain as a library from other Go code. This is not yet exposed to the drain command line, but it sets the stage for that in the future.

#91921: Graduate ServiceAccountIssuerDiscovery to beta

This PR holds a lot of promise for simplifying service-to-service authentication in Kubernetes. Right now the usual approach is to send a Service Account JWT token from one service to another, and the receiving service will use the TokenReview API to confirm it is valid. This works but it is both relatively slow and puts more load on the API server. This new system uses some standard API patterns from the OIDC world to expose the public key used for signing the JWTs. This means that anything can grab that key and validate the JWT itself. As a beta feature, this will start becoming more broadly available starting with 1.20.

Other Merges




Version Updates

Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.