Week Ending November 5, 2023

Developer News

After a bit of a hiatus, WG-LTS has been restarted and is running a survey about the upgrade experience to gather information from the community as they decide what the needs of an LTS version of Kubernetes would be in the current environment.

Release Schedule

Next Deadline: Test Freeze, November 15th

Code freeze continues, with much of the release team at KubeCon NA updates have been low. Please continue to assist with any requests to clear broken or flaky tests so we can keep things on schedule.

Featured PR

#113374: Implement ClusterTrustBundlePEM projected volume

Previously called PEMTrustAnchors, this feature adds a dedicated way to manage TLS certificate bundles and distribute them to workloads. It comes in two parts, a ClusterTrustBundle resource type and a clusterTrustBundle projected volume source. The ClusterTrustBundle allows creating a cluster-scoped (i.e. non-namespaced) home for a certificate or chain of certificates, with a signer name and the usual metadata labels. These can then be referenced in a projected volume mount, either directly by name or via label selector if you want to automate the handling of multiple trust roots or root rotations.

Projected volumes are a type of virtual volume source that can map multiple types of metadata into a single mount folder inside a pod. Currently they support the downwardApi to get information about the Pod itself, serviceAccountToken for accessing specialized bound tokens, as well as configMap and secret with their usual support. The new clusterTrustBundle type collects one or more ClusterTrustBundle objects, combines their PEM data, and exposes it into the requested path.

While not included in this PR, discussions have already started around how to extend this concept to a namespaced TrustBundle type in the future.

KEP of the Week

KEP 727 - Kubelet Resource Metrics Endpoint

This KEP adds a new metrics endpoint to the kubelet, which serves metrics required by the cluster-level Resource Metrics API. This KEP proposes adding a /metrics/resource endpoint in the kubelet which exposes metrics in the Prometheus text exposition format. This would provide the minimum set of metrics required to serve the Resource Metrics API.

This KEP is targeting the stable milestone in the upcoming v1.29 release.

Other Merges

• kube-proxy gains an nftables backend
• Ratcheting CEL validation can opt-in to running at create in addition to update
• A new ServiceCIDR type to dynamically reconfigure the IP ranges used for services
• Support new CRI APIs for per-plugin image cleanup
• Fix VPA jamming when used with non-standard resources

Promotions

• CSINodeExpandSecret to GA
• PodHostIPs to Beta

Version Updates

• structured-merge-diff to v4.4.0
• etcd to v3.5.10
• klog to v2.110.1

Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.