SIG-Release has shared their 2024 Roadmap.
Next Deadline: Production Readiness, Feb 1st
The cherry-pick deadline for the next set of patch releases is January 12.
Reminder: the old repositories for official packages have been retired and new patched versions are available only from
pkgs.k8s.io. Please update your config management.
Back in 2019, some issues were brought up with allow HTTP/2 for webhook connections. Because HTTP/2 uses persistent, multiplexed connections, once the connection is up all requests will be sent to the same server. This interacted very poorly with load-balancers, leading to highly asymmetric traffic patterns. To fix this, admission webhooks were limited to HTTP/1.1, but this unfortunately removed the performance benefits of persistent connections. This PR reverts things for the specific case of sending requests to localhost. Anything set up that way isn’t getting load-balanced regardless, so it’s safe to allow HTTP/2 again. This follows the usual connection upgrade process so it will only affect servers which want to offer it, but if you’ve left support in any DaemonSet-style admission webhook services then be sure to test them out!
statx() syscall was added in Linux 4.11 as an upgrade for the venerable
stat(). It provides a similar function, give it a path and get back information about whatever that points to. While plain
stat() is still fit for most purposes, this PR shows a case where the upgrade was warranted. If working with remote file systems which are non-responsive or otherwise unavailable, a
check can hang indefinitely. statx()
, on the other hand, offers a flag (AT_STATX_DONT_SYNC`) to request the kernel not do that and just return as quickly as possible. A nice upgrade for those using NFS and a good lesson for us all in using newer technology when appropriate.
This KEP aims to address a critical issue in kube-apiserver, where uncontrolled memory consumption during LIST requests leads to potential disruption in larger clusters. The primary problem arises from the unpredictable memory usage of LIST requests, causing memory explosions and, in extreme cases, server failure. The proposal suggests a solution to protect kube-apiserver and its node from list-based Out-of-Memory (OOM) attacks. This approach aims to make memory consumption more predictable and constant. The plan involves changing informers to establish a WATCH request with a new query parameter, computing the Resource Version (RV) to ensure consistency, and sending a stream of individual objects. The proposal also emphasizes the importance of beta metrics, implementation in kube-apiserver and kube-controller-manager, and ensuring backward compatibility.
This KEP was created in 2022, and is planned to reach it’s beta milestone in v1.30 release.
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.