Last Week in Kubernetes Development: Week Ending February 23, 2020

Meeting Summary

At February’s monthly meeting we heard from SIGs Windows, Auth, and Multicluster.

SIG Windows is graduating Active Directory and runAsUserName support. Kubeadm on Windows will soon be beta. The SIG wants to move from Docker to CRI-ContainerD, and is also working on CSI support. However, the main work for v1.18 will be on scaling since there are issues with both HPA and CPU limits. SIG-Windows could use some help fixing the Windows jobs on Testgrid.

SIG Auth recently adopted the “secrets store” CSI driver from Storage, and are trying to improve the Certs API and auth performance. They’d like to overhaul PodSecurityPolicy, and the new GA ServiceTokenSupport is causing issues with legacy tokens and needs to be retrofitted. Auth could use help testing the various features with different auth clients.

SIG Multicluster just needs more contributor involvement, period. Kubefed needs some new maintainers, so if you depend on it consider stepping up. There’s also a new Multicluster API proposal they’re looking for feedback on.

Release Schedule

Next Deadline: Code Freeze, March 5th

Yes, Code Freeze is coming! Please finish up your v1.18 PRs and get started on documentation, since first draft docs are due March 9th.

Next patch releases are planned for March 12th, making the cherry-pick deadline March 9th (yes, the same day docs are due), so next week is gonna be busy.

Featured Merges

Adding AppProtocol to Service and Endpoints Ports

This new field, part of the AppProtocol KEP, will allow application builders to meaningfully specify the exact protocol used by their services. While Service protocol allows specifying TCP, UDP or SCTP, this will allow things like “postgresql://”

Add –dry-run=server|client|none to more kubectl commands

Julian Modesto has been adding the option for server-side dry runs to every command that supports a dry run, which is very helpful for testing anything that involves a CRD.

Add Schedulings Profiles to kubescheduler.config.k8s.io/v1alpha2

Together with 88285, this PR implements a major feature of the alpha Scheduling Framework: Scheduling Profiles. These allow users to create multiple workload-specific profiles.

UDS + GRPC Support for Network Proxy

SIG API Machinery is working on moving from the hackish approach of SSH Tunnels for container proxies to a full-blown network proxy delegation setup. Jeffrey Ying’s PR builds the USD and GRPC support into this.

Add namespace targeting mode to CRI and kubelet

PR makes the PID namespaces feature useful by having ephemeral containers run in the same PID namespace as the pod’s main containers. At least, for docker; other container runtimes need to implement this.

Other Merges

Promotions

Deprecated

Version Updates

Original Source: http://lwkd.info/2020/20200226