Week Ending January 7, 2024

Developer News

Kubernetes Contributor Summit Paris will happen on March 19, 2024. The CfP for planned sessions is open; submit to schedule your presentation, discussion, or SIG meeting now.

SIG-Release has shared their 2024 Roadmap.

Release Schedule

Next Deadline: Production Readiness, Feb 1st

The 1.30 release cycle has begun. Release lead Kat Cosgrove announced a few changes this release including consolidating some roles. Here’s the key dates for 1.30:

• Start of Release Cycle: 08 January 2024
• Enhancements Freeze: 09 February 2024
• Code Freeze: 06 March 2024
• Docs Freeze: 26 March 2024
• Release Day: 17th April 2024

The cherry-pick deadline for the next set of patch releases is January 12.

Reminder: the old repositories for official packages have been retired and new patched versions are available only from pkgs.k8s.io. Please update your config management.

Featured PRs

#122558: Use http/2 for localhost webhook

Back in 2019, some issues were brought up with allow HTTP/2 for webhook connections. Because HTTP/2 uses persistent, multiplexed connections, once the connection is up all requests will be sent to the same server. This interacted very poorly with load-balancers, leading to highly asymmetric traffic patterns. To fix this, admission webhooks were limited to HTTP/1.1, but this unfortunately removed the performance benefits of persistent connections. This PR reverts things for the specific case of sending requests to localhost. Anything set up that way isn’t getting load-balanced regardless, so it’s safe to allow HTTP/2 again. This follows the usual connection upgrade process so it will only affect servers which want to offer it, but if you’ve left support in any DaemonSet-style admission webhook services then be sure to test them out!

#119968: Replace stat syscall with statx

The statx() syscall was added in Linux 4.11 as an upgrade for the venerable stat(). It provides a similar function, give it a path and get back information about whatever that points to. While plain stat() is still fit for most purposes, this PR shows a case where the upgrade was warranted. If working with remote file systems which are non-responsive or otherwise unavailable, a stat() check can hang indefinitely. statx(), on the other hand, offers a flag (AT_STATX_DONT_SYNC`) to request the kernel not do that and just return as quickly as possible. A nice upgrade for those using NFS and a good lesson for us all in using newer technology when appropriate.

KEP of the Week

KEP 3157: Allow informers for getting a stream of data instead of chunking

This KEP aims to address a critical issue in kube-apiserver, where uncontrolled memory consumption during LIST requests leads to potential disruption in larger clusters. The primary problem arises from the unpredictable memory usage of LIST requests, causing memory explosions and, in extreme cases, server failure. The proposal suggests a solution to protect kube-apiserver and its node from list-based Out-of-Memory (OOM) attacks. This approach aims to make memory consumption more predictable and constant. The plan involves changing informers to establish a WATCH request with a new query parameter, computing the Resource Version (RV) to ensure consistency, and sending a stream of individual objects. The proposal also emphasizes the importance of beta metrics, implementation in kube-apiserver and kube-controller-manager, and ensuring backward compatibility.

This KEP was created in 2022, and is planned to reach it’s beta milestone in v1.30 release.

Other Merges

• Add an interactive mode for kubectl config set-credentials
• Dims created a list of all images used by our E2E tests
• Use HTTP2 for localhost webhooks
• Make PreFilter node rejection and Preemption play nice together
• Kubeadm will handle unmount errors better
• Prevent startup crash with EventedPLEG enabled
• Validate Volume Attribute objects as well as classes
• Use correct build tags for kube-proxy
• Move the EncryptionConfiguration code
• Fix kubelet tracing, broken since 1.28
• Windows credential provider finds its executable again

Deprecated

• Remove obsolete script hack/verify-govet-levee
• ConsistentHTTPGetHandlers is set to default and will be removed in 1.31
• Remove the AzureFile in-tree storage plugin in favor of CSI
• GA Feature Gates being removed: RemoveSelfLink, LegacyServiceAccountTokenTracking, KubeletPodResourcesGetAllocatable, ExpandedDNSConfig
• Warn users about the “Recycle” reclaim policy, deprecated since 2018 but somehow still around

Version Updates

• cri-tools to 1.29.0
• cni-plugins to 1.4.0
• node-feature-discovery to 0.15.0

Subprojects and Dependency Updates

• python-client to v0.29.0 Fix UTF-8 failures in Watch and fix upper version boundary of urllib3
• csi-driver-host-path to v1.12.1 Fix missing published target paths when republish the ephemeral volume

Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.