You may also browse or subscribe to LWKD on its website.
Kubernetes 1.11 is out, in case you somehow missed it (really?). As such, this issue of LWKD is going to cover the many PRs for future Kubernetes that were held up during code freeze and you may be able to look forward to in 1.12.
Community Meeting Summary
Last week’s community meeting consisted of a containerd demo followed by the public 1.11 Release Retrospective. The demo talked about containerd integration plans, and showed off deploying some pods on it.
The 1.11 retrospective let the release team and contributors hash out some of what went well and badly in this release cycle, to improve the next release.
- shorter Code Freeze
- earlier docs deadlines
- getting stability on tests earlier
- more calendar jiggering, including a longer Code Thaw, and Test Freeze, Cherrypick Freeze dates.
- flaky tests need to be fixed or go away
- the feature freeze process needs a revamp
- request earlier drafts on docs
- need new release note tooling
Next Deadline: publish schedule, week of July 10th.
The 1.12 Release Cycle has started. If you wanted a spot on the release team, you’ll have to wait for someone to drop out; they’re full up. Or maybe volunteer for 1.13.
- etcd healthchecks now test for full etcd functionality
- apiserver logs will be quieter
- the legacy printer table adapter has been cleaned up, making it easier to migrate client-side printing code to server-side
- new Lease API as part of node heartbeat work
- add ability to cancel leader elections in the controller
- eliminate node sorting when searching for nodes, for faster node lookup
- kubeadm notifies the user of how long manifest upgrade timeouts will take
- block support for cinder volumes
- audit logs can now include user-agent
- trusted root CA support on vSphere
- add client-side etcd3 metrics for prometheus
- gRPC max message size is now 16MB, backported
- new metrics for number of PVCs in use on each node
kubectl top nodeswill show nodes even if they have no metrics
--use-openapi-print-columnsis deprecated in favor of
- we now have e2e testing for kubelet security
- that pesky DaemonSet delete hack is finally being removed by janetkuo
- avoid having the node authorizer escalate pod privileges, and make sure RBAC is using the curent authorizer
- etcd is now re-using leases instead of polling, which should reduce overhead for most users. Possible backport
- prevent kubectl delete hang
- make sure scheduler cache is consistent when updating pods
kubectl --draintimeout now works as advertised
- juju charms force node names to lowercase, but have reset allow-privileged to true
- the scheduler’s unit tests use subtest