Last Week in Kubernetes Development: Week Ending October 4, 2020

Developer News

Just a few hours left to vote in then Steering Committee election, so do it now.

kubernetes-incubator is finally gone. RIP, incubator. You were there when we needed you.

Jorge Castro reminded folks about some housekeeping for mailing lists. Rodrigo Campos wants to collect all sidecar container use-cases, so add yours.

Hacktoberfest caused some noise on a few repositories, but Digital Ocean has tried to improve things going forward. This does now mean that for PRs to be counted towards Hacktoberfest, your repository must opt-in by tagging itself with the hacktoberfest topic. For a repository under Kubernetes’ administration, you will need to reach out to the github-admin team to request they add it. For your own repos, you can click the gear icon next to the About section in the right-hand sidebar of the main repository overview page.

Release Schedule

Next Deadline: Enhancements Freeze, Oct. 6

Your Enhancement specs for 1.20 are due Tuesday. While there is an exception process, it helps everyone if you can get them in on time.

Fixes for the next patch releases need to be cherry-picked and merged by October 9.

Featured PRs

As it’s been a quiet week in feature development, we’re going to shake things up and feature a trio of interesting KEPs accepted this week. As always, a KEP is not a guarantee the feature will be implemented or ever reach GA.

enhancements#1899: KEP: hardened exec requests

One of the lessons learned during the ToB security audit was we have a number of internal APIs potentially vulnerable to server-side request forgery (SSRF). While the immediately dangerous have already been dealt with, the exec API in the Kubelet itself could use some improvements. This KEP lays out a plan to simplify the underlying exec APIs, remove options and endpoints never used by kube-apiserver, and generally lock things down to only the expected usage. Put together, this should dramatically reduce the risk of future exploits involving these APIs.

enhancements#1928: Create KEP for built-in Defaulting

This KEP seeks to unify the declarative defaulting behavior between in-tree types and custom resources. More specifically all tools will use // +default=someYAMLvalue to generate the defaulting, either in code or in OpenAPI specifications. This brings us one step closer to CRDs being on equal footing with in-tree types and controllers, which in turn will make it easier to migrate niche or deprecated functionality out of k/k.

enhancements#: Add node shutdown KEP

Anyone running Kubernetes in the cloud has experienced a “cloud oops” where a machine shuts down unexpectedly, usually due to unplanned hardware maintenance or other adverse events. One side effect of unexpected shutdowns is that pods never get to run their PreStop handlers or otherwise gracefully terminate the container processes. This KEP proposes using the systemd “Inhibitor Lock” API to let the kubelet be notified of an impending shutdown so it can stop all pods cleanly before the shutdown continues. This may not cover ever case, espcially anyone not using systemd, but it’s a great start and will address the vast majority of users.

Other Merges

Deprecated

Original Source: http://lwkd.info/2020/20201005