Last Week in Kubernetes Development
Stay up-to-date on Kubernetes development in 15 minutes a week.
Week Ending March 6, 2022
Release Schedule
Next Deadline: Exceptions due, March 21st
While folks are working on features, CI signal has gotten worse. Currently there are 14 flaky jobs between master-informing and master-blocking, and there’s even one failing master-blocking job. This is not a good trend. Please have a look at the problem tests and see if you can help.
The cherry-pick deadline for the next patch releases is March 11th.
Featured PRs
#108309: no auto-generation of secret-based service account token
As discussed a few weeks ago, the efforts to remove Secret-based storage of ServiceAccount tokens is continuing. Now ServiceAccount objects will not get a token generated an crammed into a Secret by default. This won’t affect usage by Pods, which generate a bound token and store it only in-memory on the Kubelet/host-system, but if you are using service account tokens for things like remote access, you will need to make sure you set up your Secrets appropriately, by adding a "kubernetes.io/service-account.name" annotation.
#108092: remove audit.k8s.io/v1[alpha|beta]1 versions
The older alpha and beta object versions of the audit log data format have been removed. This applies to both the file logging and audit webhooks. If you are still using them, upgrading to v1 should be relatively straightforward. Check for any usage of the removed ObjectMeta or Timestamp fields, switching to StageTimestamp or RequestReceivedTimestamp respectively.
Other Merges
- Add more CRD expression language functions, and prevent invalid self-references
- Select better hints for TopologyManager
- Don’t update Endpoints if nothing has changed
- kubeadm dry run works with certificate files already present
kubectl versionwon’t take extra arguments- Better error message for missing CRDs
- Kubectl DiscoveryCache TTL defaults changed from 10 minutes to 6 hours
- HPA external metrics can bootstrap via the metrics API
- Fix CPU shares handling for Pods requesting more than 256 cores
Deprecated
- The apiserver’s deprecated
--target-ram-mbflag and the [--experimental-encryption-provider-configflag] are removed - Deprecated ValidateProxyRedirects and StreamingProxyRedirects feature gates are removed
Version Updates
- konnectivity-client to v0.0.30; backported
- python-client v23.3.0 final is released
- CEL to v0.10.0
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.