Week Ending January 22, 2023

Developer News

The new usage metrics project is launched, and already has a testgrid

SIG Security wants to know if you’re interested in a Threat Modeling Workshop at either Contributor Summit this year.

The future of the monthly Community Meeting is unclear; please provide your insight.

If you’re a SIG Lead, remember that Maintainer Session proposals for Kubecon Amsterdam are due this Friday. If you’re not a lead, but have an idea, tell your SIG lead about it!

Release Schedule

Next Deadline: Begin PRR reviews, February 2nd

It’s still heavy development time.

Patch releases 1.26.1, 1.25.6, 1.24.10, and 1.23.16, are out and include updates to Golang, which fix known security holes came out last week. These fix multiple important bugs, and critically upgrade old versions to Go 1.19 to close security holes. Note that 1.22 is now EOL, so it does not have those security fixes; either upgrade now or get them from distro.

Featured PRs

Code Generation Overhaul

Tim Hockin has merged a whole series of PRs to upgrade and improve our automated code generation. This includes swagger code/data fixing the go_package in protobuf files, disabling clientset generation for “example” APIs used in tests, and removing orphaned generated code which was produced by long-since removed tools and thus hadn’t been updated in a long time. There’s even more PRs still pending so look forward to another wave of improvements in the coming days. All together this should both speed up codegen and future-proof our build tooling.

Other Merges

• IPVS can use any available scheduler
• Have the kubelet probe network connections hang around only for 1 second, leading to fewer ephemeral ports sitting around in TIME_WAIT
• Kube-proxy’s nodeport management refactored, and it accepts the logging feature gates
• Give the policy API a serialization version priority
• Clayton’s Wait function overhaul: Don’t return a cancellation object from wait.ContextForChannel(), make internal functions private, and make BackoffWithContext actually context-aware
• Take out the garbage in the pkg directory, and then move the validation files into pkg/validation
• Fix “too large resource version” API error
• Don’t run the InterPodAffinity Filter plugin for irrelevant pods
• Stop creating endpoints for ExternalNames
• SecretNames can be longer than 63 chars
• Kubelet and kube-proxy runtime log verbosity changes apply to JSON, too
• Identity lease labels are now apiserver.kubernetes.io/identity
• KMS2 checks data staleness
• The policy admission Validator is lock-free
• We can count more than 64 CPUs on Windows
• Refactor the CronJob controller to remove duplicate code
• If the NodeIP changes, Route controller will reroute

Test Cleanup: e2e tests can check “remains pending”, SELinux mount duplication test, use stdlib for roundtrip tests

Promotions

• LegacyServiceAccountTokenTracing to beta
• kubectl to use autoscaling v2

Deprecated

• AdvancedAuditing feature gate is forced on and will be removed next release

Version Updates

• logtools to v0.4.1
• konnectivity-client to v0.1.1
• honnef.co/go/tools to v0.4.0-0.dev.0.20221209223220-58c4d7e4b720 to support Go 1.20
• moby/ipvs to v1.1.0
• hack/ Python scripts upgraded to Python 3

Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.