Last Week in Kubernetes Development
Stay up-to-date on Kubernetes development in 15 minutes a week.
Week Ending June 23, 2024
Developer News
Reminder: all jobs on the old test cluster must migrate or die by August 1. Here’s a table of unmigrated jobs. While you’re at it, start working on using --label-filter to revise how Prow runs your tests.
Release Schedule
Next Deadline: Docs Deadline for placeholder PRs, June 27th
The code freeze deadline has been extended from July 10th to July 24th, adding 2 weeks of time in lieu of the US holidays.
Featured PRs
#125560 Add field management support to fake client-go typed client
This PR introduces a new feature by adding field management support to the fake client-go typed client. This enhancement allows developers to use fake.NewClientset() instead of fake.NewSimpleClientset() to create a clientset with managed field support. This improvement addresses issue where Server-Side Apply (and fieldmanagement) was missing in client-go/fake and is crucial for more accurate testing and simulation of Kubernetes API server behaviors in client-go. It ensures that the fake client mimics real client behaviors more closely, benefiting developers who rely on it for unit testing. For more details, refer to kubernetes/client-go#1184 and #99953.
KEP of the Week
KEP 4193: Bound service account token improvements
This (KEP) aims to bind Pod’s associated Node information into Kubernetes service account tokens, enhancing their security and traceability. By embedding the Node’s name and UID into the JWT tokens and including unique identifiers (JTIs), the KEP ensures robust identity verification and improves auditability. This includes extending the TokenRequest API to bind tokens to Node objects and modifying the TokenReview API to validate these tokens. These changes support mitigating replay attacks and improving the overall security posture of Kubernetes clusters by providing a clear, traceable link between tokens and their originating Node objects.
This KEP is tracked for beta release in the upcoming v1.31.
Other Merges
- KUBE_EMULATED_VERSION env added to set emulated version of apiserver
- Publishing rules to use go1.22.4 for all branches
- Add Extra.DisableAvailableConditionController for Generic Control Plane setup in kube-aggregator
- Switch PollWithContext to PollUntilContextTimeout
- kubeadm adds the ControlPlaneKubeletLocalMode feature gate for running kubeadm with local kube-apiserver
- Skip updating Pods which are in the scheduling cycle when SchedulingQueueHint is enabled
- kubeadm allows usage of –yes flag with the –config flag
- The .status.ready field is tracked faster when active Pods are deleted, specifically when a Job is failed
- kubectl describe service now shows internal traffic policy and IP mode of a load balancer serivce
- Improve memory usage of kube-apiserver by dropping the .metadata.managedFields field
- Fix null lastTransitionTime in Pod condition when setting scheduling gate
Promotions
- PDBUnhealthyPodEvictionPolicy to GA
- ConsistentListFromCache to beta
- HonorPVReclaimPolicy to beta
- KubeProxyDrainingTerminatingNodes to GA
- LogarithmicScaleDown to GA
- RecursiveReadOnlyMounts to beta
Deprecated
- Deprecated kubectl exec command execution without dash removed
Version Updates
Subprojects and Dependency Updates
- Kernel Module Management v2.1.1: normalize kernel versions, stop no-op controllers
- cni v1.2.1: fix faulty json marshal behavior for embeds types
- csi-driver-host-path v1.14.0 replace socat image with hostpathplugin image
- prometheus v2.53.0: change GOGC threshold from 100 to 75; also v2.45.6
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.