LWKD logo

Last Week in Kubernetes Development

Stay up-to-date on Kubernetes development in 15 minutes a week.

Subscribe
Twitter
RSS

View LWKD on GitHub

Week Ending April 25, 2021

Developer News

We had our first community meeting in the new format last week, led by Laura Santamaria. SIG-Release discussed the 3-releases KEP, and SIG-CLI explained the overhaul for the coming kubectl exit codes. Future community meetings will also focus on topics of interest to our whole contributor community, so join us next month!

The Production Readiness WG would like you to take a survey.

Release Schedule

Next Deadline: Enhancements Tracking starts today

The 1.22 release has a schedule now, and Enhancements lead James Laverack has started collecting your enhancments; please note per his message that there is a new (as of 2021) system for tracking them. As part of the new 3/year release schedule, 1.22 will be 15 weeks. Important dates:

Our next set of patch releases closes to cherry-picks on May 7th and is expected out May 12th. Importantly, 1.18 has been extended with one more patch, so the last 1.18 will be 1.18.19, which not incidentally includes a security fix. After this month, though, you’d better start working on upgrading to a supported version.

#101034: Switch alpha Pod ephemeralcontainers API to use Pod kind

The pods/ephemeralcontainers subresource API has been overhauled. Previously it used a dedicated EphemeralContainers type, but now it expects a complete Pod object. This works similarly to the /status subresource, accepting a full object but only updating selectively in the underlying data. This change streamlines admission control, making sure the full object is available for those even if only the ephemeral containers will be used in the end. This is a full API break, any older tools using this API will need to be updated. If you’ve been using the “debug container” system behind the feature flag, be ready for a multi-sided upgrade in the future.

#101093: Fix startupProbe behaviour changed

While we always do our best to avoid it, it looks like 1.21.0 included a minor breakage in the probes system. During one of the overhauls of that subsystem, startup probe behavior was changed such that they would only be used on the initial startup of the pod/container. Previously, and now again, every time the container is restarted it will run through the same state machine of startup probe to readiness/liveness probe. While not yet merged at time of writing, backports for this are expected shortly. If you make use of a critical startup probe, consider holding off on 1.21.0 or upgrading once a 1.21.1 is available.

#95387: Ensure audit log permissions are restricted

A fairly small change but potentially requiring matching changes; the file backend for audit logs will now make sure the file is created with 0600 permissions. If the file already exists at startup, permissions won’t be changed. This means if you use some kind of create-a-new-server style of upgrades or some other immutable infrastructure, you may see this new file mode on your 1.22 upgrade. Double check any scripts or log ingestion tools to make sure they will work or touch/chmod the log file before starting kube-apiserver.

Other Merges

Promotions

Deprecated

Version Updates

Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.