LWKD logo

Last Week in Kubernetes Development

Stay up-to-date on Kubernetes development in 15 minutes a week.

Subscribe
Twitter
RSS

View LWKD on GitHub

Week Ending July 31, 2022

Developer News

Per KEP-2853, the publication branch of the kubernetes/kubernetes repository will switch to “main” at Code Freeze for 1.26, which is currently planned for mid-November.

We would like to update Golang to 1.19rc2 for 1.25, but (per thread) it’s breaking things in Kubernetes, so continue using 1.18 for the time being.

Code of Conduct Committee nominations are open through Thursday; nominate someone of excellent judgement and community engagement.

Gluster support, including all Heketi code, is being removed from Kubernetes 1.25 due to lack of a viable CSI driver and lack of Heketi maintenance. If you are using Kubernetes with Gluster in production, please contact Humble Chirammal before August 26th with your feedback on this removal.

Release Schedule

Next Deadline: Code Freeze, August 2

Code Freeze starts 6PM PDT tomorrow (or today, depending on your time zone). So if you have an open KEP, you have a day to finish up. After this 1.25 becomes a march of other deadlines, including docs, blog, and test.

#106388: Ignore non-semantic changes to objects

Server-side Apply is getting used in more and more places, both for in-tree controllers and third-party operators, however it has had some lingering bugs with functionally no-op applies still triggering a write (and all the ensuing logic like API watch listeners). This PR hopefully closes that gap permanently, doing a deep check if the pre and post PATCH object are semantically identical before kicking off the full database write adventure. Please do test this out and let SIG-API Machinery know if you can find any remaining unexpected resourceVersion bumps.

#105919: PodSecurity: OS based updates to restricted standard

If you previously had issues with the Pod Security admission controller and Windows pods, worry no more! The restricted profile now checks the os field and allows Windows containers to not set the otherwise-required security settings such as dropping all capabilities (a difficult thing to do on an OS with no such subsystem). If you are using pinned Pod Security versions, make sure you check out the upgrade notes as you will have to move your ping to at least 1.25 to get the new behavior.

#111441: Respect PodTopologySpread after rolling upgrades

An old limitation of the PodTopologySpread system was that during a Deployment’s rolling update phase, if using “surge” mode then the new ReplicaSet will be scaled up before the old one is scaled down. As the max topology skew settings are only enforced during scheduling, after the scale down this could result in an above-limit skew. To counteract this, a new field has been added to the topology settings, matchLabelKeys. This takes a list of labels to use for skew group selection above and beyond the normal label selector on the Deployment. For most folks, this would mean matchLabelKeys: [pod-template-hash] (meaning each ReplicaSet’s Pods will only check skew against that RS) to create the expected behavior of max skew being respected no matter the state of the rolling update.

Other Merges

Promotions

Deprecated

Aldo Culquicondor is proposing to remove the ``–enable-taint-manager` flag in 1.26. If you have some reason why you need to disable taints in your controller, make sure to comment on that PR before it merges.

Version Updates

Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.