Last Week in Kubernetes Development
Stay up-to-date on Kubernetes development in 15 minutes a week.
Week Ending October 15, 2023
Developer News
Ben, Arnaud, and Mahamed are replacing Aaron and Tim Hockin as SIG-K8s-Infra leadership.
Release Schedule
Next Deadline: Exception Requests Due, October 23rd
Patch releases, including a go version bump are expected out this Wednesday (October 18th). As a reminder, these will not be posted to the legacy package repos; you need to download from pkgs.k8s.io.
KEP of the Week
KEP 4191 - Kubelet support for image filesystem being split
This KEP proposes to make the kubelet aware of whether or not a container runtime splits the image filesystem. Typically when users deploy Kubernetes, the node and image filesystems are on the same disk. We can split the writeable layer where the container information is stored from the readable layer, where the images are stored. This can be useful since the images occupy a lot more disk space. In the current implementation, containers and images must be stored on the same disk. Garbage collection would only collect images/containers on the image filesystem. Currently if the container runtime separates the writable layers (containers) from the readable layers (images), the garbage collection doesn’t account for this separation.
This KEP has been authored by Kevin Hannon and is tracked to be in alpha stage in the upcomign v1.29 release.
Other Merges
-
Mitigate http2 denial-of-service attack (CVE-2023-44487 and CVE-2023-39325) by unauthenticated clients; backported
- Prevent 1.28 race condition crash with concurrent StatefulSet PVC creation
- ValidatingAdmissionPolicy gets typed variables
- DRA: avoid creating a scheduling deadlock between selected and potential nodes, drivers should work on both 1.27 and 1.28, and UnsuitableNodes should check unallocated claims
- You can multiply in Resource requests now; can quadratic equations be far behind?
- Add a sleep for your PreStop hook and your containers will pause before shutting down
- Containers are allowed to use tcp_keepalive_time syscall
- UDP conntrack timeouts are configurable
- Use cached pod QOSClass if set, instead of querying the system every lookup
- Habeas Corpus: OpenAPI v3 requires a RequestBody, and rename the metric while we’re at it
container_start_time_secondsactually shows seconds- Kubeadm: remove alpha disclaimer for certs, adjust skew policy, stop accepting component config during upgrade plan, turn on CLI/config merging by default
- Kube-proxy reports healthz for dual-stack
- Don’t use a UID for IPaddress objects, since they have to be unique
- Clean up some chronic logging errors
Promotions
Deprecated
- The removal of kubepkg and rapture is complete
- The alpha ClusterCIDR API has been removed since the related KEP isn’t going ahead
- Remove GA’d feature gates: RetroactiveDefaultStorageClass, DownwardAPIHugePages, GPRCContainerProbe, JobTrackingWithFinalizers, and a whole bunch more
Version Updates
- golang to 1.20.10 in supported versions, and to 1.21.3 in 1.29
- distroless-iptables image to v0.4.1
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.