Last Week in Kubernetes Development: Week Ending January 31, 2021

Developer News

The default branch for kubernetes/org repo is now “main” instead of “master”. Other kubernetes repos are likely to follow … eventually.

The Server Side Apply team would like your feedback; follow their instructions and take the survey if you write CRDs or other client go code.

The KIND project has two new maintainers, and testing-commons subproject, sans maintainers, is now “best effort”. Particularly, if you have testing questions, bring them to the main sig-testing meeting.

Release Schedule

Next Deadline: Enhancements Freeze, Feb 9

You need to have your enhancement tracked by next Tuesday using the new process to ensure that related PRs will be included in 1.21. Currently the release has 24 enhancements tracked, but only from 5 SIGs, which says that the rest of y’all aren’t paying attention.

1.21 Alpha 2 is out, and cherrypick deadline for the next patch releases is Feb 12.

Merges

• Checks on healthz, readyz, and livez are unauthenticated by default for system:masters
• client-go adds debuggingRoundTripper plus related settings to enable client-side debug tools
• Add denyserviceexternalips admission controller to allow locking down a cluster against ExternalIP-related security holes, particularly CVE-2020-8554
• Network Policy now handles ports and port ranges
• Scheduler will prefer Nominated Nodes for pod scheduling even when pods are preempted
• Prevent local loopback on volume hosts to block CVE-2020-8555
• Server Side Apply works with APIService resources
• Deflake Ingress e2e tests by retrying async updates
• Cinder storage works through CSI
• Don’t panic when we evict pods with ephemeral storage
• Limit leases to no more than 10K objects to fix etcd performance
• Node drain can ignore-errors, and we won’t start new pods on a node that’s shutting down
• Cleanup on how Topologies are handled when migrating drivers to/from CSI
• PodTopologyHints gets a write lock
• Scheduler Extender tracks and reports failed nodes

Structured Log Migration Beat: APIserver admissions, generic_scheduler.go and types.go

Promotions

• ServiceAccountIssuerDiscovery to GA

Deprecated

• DenyEscalatingExec and DenyExecOnPrivileged deprecated admission plugins are gone
• Remove obsolete feature gates WindowsGMSA and WindowsRunAsUserName

Version Updates

• go to 1.15.7 in v1.21
• debian-base to v1.4.0 and debian-iptables to v1.5.0 in official Kube images, including some CVE fixes

Original Source: Week Ending January 31, 2021 | Last Week in Kubernetes Development