You may also browse or subscribe to LWKD on its website.
Community Meeting Summary
- Doug Davis reported for SIG Service Catalog. They recently released the
svcatcommand line tool, and are working on moving from a dedicated APIserver to using CRDs. Other items for a GA release include async bindings, generic brokers, and resolving some issues around namespaces and instance names. The svcat effort was a mentorship project led by Carol Van Slyck and others.
- Tim Allclair explained what SIG Auth is working on, including improving the TokenRequest API for 1.11, client-go support for x509 credentials, a scheduling policy design for 1.12, and better metatdata for audit logging. They have an open KEP on security conformance.
- SIG Storage, per Brad Childs, was fresh back from a face-to-face meeting. They are moving all storage out of tree to use CSI instead, and will be adding CSI features to 1.11. Storage has a multi-release plan to expand storage testing, and will be adding more metrics to CSI for SRE monitoring. They are also reorganizing their 20+ external projects and making sure they all have owners, and will be consolidating the set of storage operators for easy location by users.
Next Deadline: Draft Docs PRs for all features due June 4th
Last week was week 8 of the 1.11 release cycle. Code Slush begins May 29th. The release is in excellent shape for tests, with only 3 failing tests currently unresolved. Thank you to all the contributors whose hard work keeps the tests passing.
- CRDs now support versioning for upgrades and install targets.
- RotateCertificates is now controlled from the Kubelet Configuration file.
- Add metrics to go with Kubelet dynamic configuration.
kubectl auth reconcilenow has a
- The Openstack provider now exclusively uses IP addresses for node names.
- Azure provider now logs detailed error messages when it can’t find something.
- APIserver OpenAPI doc now uses actual document types.
- Stop creating reserved blocks in Ext3/4 volumes.
kubectl waitcan now wait for deletion before proceeding.
- Stop using reapers to remove objects.
- RBAC auth reconcile now requires v1 and external types.
- Azure supports block devices now.
- Kubelets can probe to discover what plugins they have.
- There’s some basic plumbing for topology-aware volumes now.
- CRD printing can have additional columns.
Since we’re into Code Slush, SIG Testing has been fixing many tests.
- Several E2E tests are being “upgraded” to Conformance tests, including pod cgroup test.
- Fix preemption tests.
- Enable full ENV configuration for local testing.
The following features have been moved to beta for 1.11:
Still lots of Kubeadm changes:
- kubeadm now writes kubelet configs to disk for crash recovery, as well as creating matching ConfigMaps.
- Fix teardown when using kubeadm+CRI-O.
kubednssubcommand renamed to
- kubeadm now downloads containers before starting init.
kubeadm config migratecommand added, letting you follow API changes automatically.
Deprecations and Breakage
- kubeadm won’t take the --admission-control argument anymore.
- kubectl now uses apps/v1 for deployments, which means that 1.11’s kubectl will not work with server versions older than 1.9 anymore.
- DeleteOptions.OrphanDependents is now DeleteOptions.PropagationPolicy.