Last Week in Kubernetes Development: Week Ending March 7, 2021

Developer News

Code freeze is Tuesday, see below.

It’s RFC time! Jim Ramsay wants to know what giving kubelet and container runtime different namespaces would break for you. Elana Hashman set up a project board for tracking all the structured logging requirements.

Adnan Abdulhussein is stepping down as co-chair of SIG-Apps and ceding that spot to Maciej Szulik, who is also co-chair of SIG-CLI. Which just points to the need for more people to work their way up to chair status. You?

Kubernetes is using golang 1.16, which has been breaking tests for a lot of folks. If that’s you, please join in the troubleshooting.

We could use some Outreachy Mentors; contact SIG-Contribex co-chair Alison Dowdney if you or someone from your SIG can mentor. And yes, you can double-list projects in both Outreachy and GSOC.

The contributor survey is still open.

Release Schedule

Next Deadline: Code Freeze, March 9th

Yes, it’s that time in the release cycle where we start making people file exception requests if they want to keep working on features. The release team needs to focus on stability, especially now with all the go 1.16-related breakage. So get your feature PRs and tracked enhancements in by tommorrow!

The cherry-pick deadline for the next batch of update releases is this Friday.

Featured PRs

#99012: Apply Builders for client-go’s typed client

While not completely merged at time of writing, this PR and #99214 move us much closer towards typed server-side-apply support for client-go. All together these features solve a subtle but persistent issue with server-side-apply where using the normal API structs would make it impossible to know which non-pointer fields were or were not set. Similarly any omitempty field set to its zero value wouldn’t be included in the serialized output at all. Both of these could be worked around by using Unstructured objects, however those have no type checks of any kind and are more than a little awkward to work with outside of simple template parsing. The new builder API keeps the type safety of the normal structs while still being able to record if a given field has been specified so that only those fields will end up in the final JSON.

A small example to add a label to the pods of a deployment:

deploymentPatch := appsv1ac.Deployment("myapp", "default").
	WithSpec(appsv1ac.DeploymentSpec().
		WithTemplate(corev1ac.PodTemplateSpec().
			WithLabels(map[string]string{"app": "myapp"})
client := client.AppsV1().Deployments(“default”)

client.Apply(context.Background(), deploymentPatch, metav1.ApplyOptions{

FieldManager: “mycontroller”,

Force: true,

})

Hopefully the rest of the PRs will land shortly.

#96600: Service Internal Traffic Policy

Fine-grained control over node-level routing has been a big ask from the community since the early days of Kubernetes. While there have been complex workarounds involving host-network mode and Downward API usage this will now be a simpler first-class feature. Setting internalTrafficPolicy: Local will only route to endpoints on that node. Combined with a DaemonSet, you can now quickly configure node local caching, metrics shipping, or anything else where inter-node latency is best avoided.

#98812: Indexed job implementation

The Jobs system has long supported several modes of operation through the completions and parallelism fields. This new mode allows providing each underlying pod with an index number and running until each index has succeeded. This is a natural fit for things like hash-sharded CI tests, DAG tasks, or database management tasks mapped against StatefulSet replicas.

#98277: Add LoadBalancerClass field in service

A smaller but potentially useful feature, LoadBalancer type Services now support a “class” field in the same way as Ingresses. This will allow for more experimentation with LoadBalancers as well as having multiple implementations running in parallel for different use cases.

Other Merges

• Cross-namespace inter-pod affinities can use a namespace selector.
• Add support for IngressClass parameter objects to be namespaced.
• Respect the MaxSurge value when updating a DaemonSet.
• Allow Jobs to be suspended.
• PodDisruptionBudgets will report why they cannot proceed via status conditions.
• Kubectl and other client binaries will be compiled for M1 Macs.
• btrfs PV resizing suppport.
• Kubeadm is changing the kubelet cgroup driver
• Ephemeral volumes got some tests, some metrics, and a pod security policy
• Cronjob controller uses batch/v1 API, adds job creation metrics, and can suspend jobs
• Kubectl adds command headers to requests, and the ability to use protobufs for top
• Add-on manager uses leader election
• Pick your nodes based on volume capacity

Structured logging migrations: eviction logs, deployment controller, proxier

Promotions

• EndpointSlice subsystems to GA.
• apiserver_request_duration_seconds metric to Stable.
• Graceful node shutdown to Beta.
• AllowInsecureBackendProxy to GA
• Storage capacity tracking to Beta
• CRIContainerLogRotation to GA

Deprecated

• Kube-DNS support removed from kubeadm (long live CoreDNS).
• kubectl run deprecates and drops a whole bunch of flags
• cadvisor v1 json metrics are deprecated
• Early audit API versions are deprecated

Version Updates

• Go to v1.16.0.
• Zeitgeist to v0.2.0.
• Shellcheck to v0.7.1.
• CoreDNS to v1.8.0.
• system-validators to v1.4.0.
• addon-manager to v9.1.4.
• dns-node-cache to v1.17.0.

Original Source: Week Ending March 7, 2021 | Last Week in Kubernetes Development