1.17 Code Freeze is this week, see below.
Do you run multiple Kubernetes clusters? If so, SIG-MC wants to survey you.
Next week is Kubecon San Diego. Noah and Josh will both be there, sporting our new LWKD shirts, which means we will not be writing LWKD. If we can wedge it in, we’ll add a writeup of the Contributor Summit; otherwise, no LWKD next week.
Next Deadline: CODE FREEZE Nov. 14th
That’s right, you have a couple days to get your 1.17 changes in shape to be shipped, or pull them. After Thursday, you’ll need cherry-pick approval to add anything to 1.17. Also, you should already have your docs PR (as of Nov 8th).
The following patch releases are expected Nov. 13th:
Node Instance Type, Zone, and Region Promoted
This is split into two PRs, #82049 for instance type and #81431 for zone/region. Put together, three of the utility labels automatically applied to nodes have been promoted to GA and with that have new identities:
beta.kubernetes.io/instance-type -> node.kubernetes.io/instance-type failure-domain.beta.kubernetes.io/zone -> topology.kubernetes.io/zone failure-domain.beta.kubernetes.io/region -> topology.kubernetes.io/region
In keeping with normal promotion, the beta labels will also be set during the deprecation period, likely until 1.18. Given the risk of silent bad behavior if you use these labels in things like node affinity settings, do keep a careful eye on things and make sure to upgrade everything mentioning the old labels before 1.19 rolls around.
If you somehow were depending on CFSSL in any of your Kubernetes-related patches, now would be a good time to either rethink that or update your dependencies. The specific fixes here are mostly to lock down signing management, but the removal of CFSSL overall is a nice simplification of the codebase.
Hyperkube is being pulled out of the main kubernetes/kubernetes repo, and currently has some shims to allow it to continue to build. Projects like kubeadm are dropping support for it. So, if you make use of Hyperkube, now’s the time to either rip it out of your dependency tree or volunteer to maintain it.
- Kubelet can reserve specific CPUs for system components
- EndpointSlices gets metrics, now uses PublishNotReadyAddresses and gets a service selector cache, and has consistent behavior for hostnames
- Handle encoding errors properly in APIserver watches, so that we don’t leak (backpatched)
- Scheduler enables profiling by default to help with debugging
- Read-only inline volumes are read-only
- Azure gets disk encryption, and UDP services get health probes, and allowing unsafe reads is backpatched
- Last month’s double-counting metrics patch got backpatched to all versions
- Advertise IPv6 addresses for IPv6 services
- Let the client negotiate formats for watch events and return an actual error if it can’t get them
- Mirror pods have an ownerReference to their parent node
- e2e tests now print progress
- Scheduler ComponentConfig fields are now pointers, mostly to check for nil
- Go reflectors have had their Tardises taken away
- The extension-apiserver-authentication configmap will be continuously updated
The kubeadm team did their usual large merge of planned features this week, including:
- Skip missing certificate files
- Removed the deprecated
- Use secure ports for scheduler/manager health checks
- Make sure to upgrade all etcd nodes while moving to 1.17
- Shorten the timeout creating clientsets
- Offer a
--for-masterswitch for cluster token creation; not only is this Sylvia van Os’s first Kubernetes PR, it’s her first Go PR period, so congratulate her!
- Deprecate the hyperkube image, as discussed above.
- CRD Defaulting is GA, and its feature gate will go away in 1.18
- NodeLease is GA
- Node Instance Type is GA
- Node Zone/Region Topology is GA
Original Source: http://lwkd.info/2019/20191111