Last Week in Kubernetes Development: July 29th, 2018



Find more at

Community Meeting Summary

Last week’s community meeting kicked off with a demo of Amazon EKS by Bryce Carman. This is set up with the control plane hosted by AWS and worker nodes under the control of the user. Carman spent some time on how network segregation and VPC works for EKS through a CNI plugin. Using the Heptio authenticator, you can log in from your desktop with your AWS IAM credentials.

Jordan Liggitt presented KEP 17. This KEP proposes a major restructuring of how component configuration works, both by moving configs from flags to a structured configuration file (as has been done with Kubelet), and by moving the config API types to their own repos, making it possible to include them in extrenal code. Among other things, this will make interactive validation of configs possible. This change will affect everyone who works on Kubernetes or a plugin or client for it.

Liggitt continued with the update from SIG-Auth. They’re making it much easier to have multiple authorizors by cleaning up permissions and error messages. They plan to add Kubelet cert improvements to 1.12, as well as scoped service account tokens (not yet time-limited) and audit improvements. Frederic Brancyzk explained SIG-Instrumentaion’s current priorities, the biggest of which is the deprecation of Heapster. Other work includes adding new Node metrics, refactoring the Metrics Server, and enhanced configuration for the Prometheus adapter.

Release Schedule

Next Deadline: Feature Freeze, July 31st.

SIGs should be listing features they expect to complete for 1.12 in the Features repo and the spreadsheet. After July 31st, features added to the release will need to go through the exception process.

Featured PRs

#66518: add missing OrDie variant for dynamic client construction

A small change, but nice to have for a lot of common cases, this adds a
NewForConfigOrDie for the Go client library. This has already resulted in some

code cleanup and will
probably allow similar changes in other test scripts and other management tools.

#66296: Add flake-reporting utility to testing framework

In an effort to track, and eventually fix, inconsistent e2e tests there is now
an API (RecordFlakeIfError) for writing a flake-specific log entry if an e2e
test failed unexpectedly.

#58755: Use probe based plugin watcher mechanism in Device Manager

In development for a long time and finally merged, this means the kubelet will
scan for plugins in a given folder. This (hopefully) moves towards unifying the
plugin management layers between device plugins, CNI plugins, etc.

#66506: Remove kubelet docker shared pid flag

The deprecated --docker-disable-shared-pid kubelet flag has been removed in
favor of the ShareProcessNamespace pod API. If you’re using shared PID namespaces
for any testing, make sure you update to the new system.

#63955: Taint node when initializing node

This fixes a small race condition when booting a new, tainted node. Fortunately
an easy fix this time around, but a great reminder to be vigilant about
concurrent operations whenever possible.

Other Merges



Version Updates