Last Week in Kubernetes Development: Week Ending May 3, 2020

Developer News

The Production Readiness WG wants to add some production-ready questions to the KEP format, so that new features have to think about lifecycle and maturation, as well as things like monitoring and scalability.

SIG-Storage has added the Drivers Announce list so that storage driver authors can keep up on changes to the API and list of available drivers.

Meeting Summary

The May 4th Steering Committee meeting started with a discussion about Paris’s SIG/WG health check proposal. After a lot of discussion around SIG lead workload, the SC decided to try this with the Working Groups first, and let SIGs do it if they want to. This led to a discussion of the need to assign new SC liaisons for each SIG, and what the liaisons are supposed to do.

The SC asked the CNCF for help establising an account with DigitalOcean for e2e testing. They discussed trying to finalize the definition of “project member,” confusing because the requirements for submitting a PR and for voting in elections are different. The CNCF let the SC know they have a formal process for travel funding scholarship evaluation now, although that’s rather academic in the current environment.

Release Schedule

Next Deadline: Enhancement Freeze, May 19th

Enhancements need to be in soon, which means getting your KEPs in order. Remember the 1.19 release will have an extended schedule, so what do you think you can get done by June 25?

Patch releases for all supported versions are currently planned for May 20th, with a cherry-pick deadline of May 15th. Note that “supported versions” no longer includes 1.15, so if you’re on that maybe time to upgrade.

Featured PRs

#89193: set proper file permission for projected service account volume

A nice security fix, this PR improves the default volume mount created for service account credentials to have file permissions matching the configured fsGroup or runAsUser. This will allow for increased security while running non-root containers. The specific algorithm is:

  1. If fsGroup is set for the pod, the normal behavior for that flag will kick in and result in all files being mode 0640 and owned by the requested group.
  2. If all containers in the pod use the same runAsUser, then the file will be 0600 and owned by that user.
  3. Otherwise it will be set to 644.

#90475: Topology spreading scoring with automatically weighted topologies

The recently beta’d PodTopologySpread feature allows for simple definitions of complex pod layouts. This PR addresses an issue where when multiple topology constraints were configured, the one matching more nodes could muscle out smaller constraints. To address this, all the topologies are now automatically weighted so that we get more balanced results.

Other Merges

Deprecated

Many old beta versions of APIs are going to be deprecated in 1.19, with planned removal in 1.22. This will make 1.22 a breaking release for lots of folks, so you’ve been warned now.

Version Updates

Original Source: http://lwkd.info/2020/20200504