All community Zoom meetings now require a passcode.
Wojciech Tyczynski has proposed the creation of WG-Reliability, in order to make “reliability” part of our testing and release criteria.
Next Deadline: Enhancements Freeze, Oct. 6
The 1.20 release cycle has started with Lead Jeremy Rickard. Sections leads have been selected, and shadows are being picked. Expect the call for Enhancement tracking soon.
1.19.1 was released Sept. 9, fixing a go-runner issue in 1.19.0 and other urgent bugs. Minor releases 1.17.12, 1.18.9, and 1.19.2 are all expected out Wednesday. 1.16 is no longer being patched, so you should be upgrading to at least 1.17 right away.
The next step in the storage-version consensus tooling, this PR adds the API components. This API is mostly designed for use by kube-storage-version-migrator but any other system implementing a similar object upgrade process may find it useful. The overall goal of the API is have a one-stop-shop for which storage versions are available for the currently active API servers. Previously this was handled in a mode ad-hoc fashion, which could result in storage corruption during unusual upgrade situations where not all API servers were on the same version in such a way that they disagreed about which storage versions to use. This new API will ensure that these edge cases are closed.
Previously the only two filter conditions you could use when draining pods was to ignore pods from daemonsets and to include pods with emptyDir volumes. This PR adds a hook to apply arbitrary filter conditions when use
kubectl/drain as a library from other Go code. This is not yet exposed to the
drain command line, but it sets the stage for that in the future.
This PR holds a lot of promise for simplifying service-to-service authentication in Kubernetes. Right now the usual approach is to send a Service Account JWT token from one service to another, and the receiving service will use the TokenReview API to confirm it is valid. This works but it is both relatively slow and puts more load on the API server. This new system uses some standard API patterns from the OIDC world to expose the public key used for signing the JWTs. This means that anything can grab that key and validate the JWT itself. As a beta feature, this will start becoming more broadly available starting with 1.20.
kubectl alpha debugfrom crashing on complex pods
/proc/swapsisn’t there, kubelet won’t look for it
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.