The Production Readiness WG wants to add some production-ready questions to the KEP format, so that new features have to think about lifecycle and maturation, as well as things like monitoring and scalability.
SIG-Storage has added the Drivers Announce list so that storage driver authors can keep up on changes to the API and list of available drivers.
The May 4th Steering Committee meeting started with a discussion about Paris’s SIG/WG health check proposal. After a lot of discussion around SIG lead workload, the SC decided to try this with the Working Groups first, and let SIGs do it if they want to. This led to a discussion of the need to assign new SC liaisons for each SIG, and what the liaisons are supposed to do.
The SC asked the CNCF for help establising an account with DigitalOcean for e2e testing. They discussed trying to finalize the definition of “project member,” confusing because the requirements for submitting a PR and for voting in elections are different. The CNCF let the SC know they have a formal process for travel funding scholarship evaluation now, although that’s rather academic in the current environment.
Next Deadline: Enhancement Freeze, May 19th
Enhancements need to be in soon, which means getting your KEPs in order. Remember the 1.19 release will have an extended schedule, so what do you think you can get done by June 25?
Patch releases for all supported versions are currently planned for May 20th, with a cherry-pick deadline of May 15th. Note that “supported versions” no longer includes 1.15, so if you’re on that maybe time to upgrade.
A nice security fix, this PR improves the default volume mount created for service account credentials to have file permissions matching the configured
runAsUser. This will allow for increased security while running non-root containers. The specific algorithm is:
fsGroupis set for the pod, the normal behavior for that flag will kick in and result in all files being mode
0640and owned by the requested group.
- If all containers in the pod use the same
runAsUser, then the file will be
0600and owned by that user.
- Otherwise it will be set to
The recently beta’d PodTopologySpread feature allows for simple definitions of complex pod layouts. This PR addresses an issue where when multiple topology constraints were configured, the one matching more nodes could muscle out smaller constraints. To address this, all the topologies are now automatically weighted so that we get more balanced results.
- Init containers are now included when calculating resource requests (backported to all versions)
- kubectl will output JSONPATH results in JSON format instead of go format
- Liggitt overhauled podIP validation, among other things detecting mangled values
- Drop conformance tests that rely on direct access to the Kubelet API; srsly, stop doing that
- Wojtek replaced his reverted watch bookmarks PR with one that still sends bookmarks each minute
- externalPolicyForExternalIP is enabled by default
- Pods than never started because of preemption don’t produce logs (backported)
- No need to specify the full resource name for
Many old beta versions of APIs are going to be deprecated in 1.19, with planned removal in 1.22. This will make 1.22 a breaking release for lots of folks, so you’ve been warned now.
Original Source: http://lwkd.info/2020/20200504