First, make sure you patch all of your nodes against the runc vulnerability announced today. No matter which container runtime you’re using, you need to update it.
Also, due to a vandalism attack on our most popular Slack channels, admins had to temporarily close Kubernetes Slack to new user registrations last Sunday. We will announce a way to sign up for Slack accounts once there is a more juvenile-delinquent-resistant one. In the meantime, please use Discuss or Stack Overflow to ask questions.
Community Meeting Summary
We kicked off the community meeting with a demo of the recently released CodeReady Workspaces by Mario Loriedo and Stevan Le Meur. They showed off modifying and sharing a container image of a development environment to allow collaborative work.
SIG-Instrumentation’s recent work included a revamp of kube-state-metrics and a complete overhaul of metrics in general, which will cause a deprecation of old metrics in 1.14 and removing them in 1.15. After this, the goal is to have a stable API for metrics.
Speaking of KEPs, SIG-PM has been hard at work making KEPs into an integral part of the Kubernetes development process. This includes a beta spec, new template, new labels, and the requirement to use them for 1.14 enhancements. They’ll continue to iterate on that, including introducing a CLI tool and trying to dump the Enhancements tracking spreadsheet.
SIG-Cluster-Lifecycle has prepared a nice grooming document for how they prioritize their work for each release, and are sharing it as a potential template for other SIGs.
Next Deadline: create 1.14 branch and release beta, Feb. 12th
Last week was week 5 of 1.14, putting us more than halfway to code freeze (reminder: no code slush this time). All of the enhancements have been filed, 20 alpha features, 13 beta and 6 stable promotions.
There were no patch releases last week, or scheduled for this week.
Server-side apply has finally (mostly) landed! Up until now, all the logic for
kubectl apply has lived in Kubectl itself, making it very difficult to use from other places like custom controllers or CLI tools. By moving the logic to the API server,
apply functionality is now easily available to all clients. This also dramatically improves the behavior of
apply when working with multiple competing controllers, such as the case of an object uploaded via
kubectl apply but also being updated by Horizontal Pod Autoscaler.
The LWKD team would like to extend our personal congratulations to the whole SSA team and SIG-APIMachinery, it was a long road but you all made it happen!
Did you know that SIG-Testing publishes outage reports for Prow and Tide? Fortunately issues are infrequent and this outage only impacted a few PRs, but it’s a great post-mortem report and worth a read if nothing else to have a better idea of how it all works.
Zoom is used by many SIGs and WGs for their weekly meetings, as well as for other video chats. This week sees a nice revamp of the documentation for working with Zoom for Kubernetes teams. As always, if you have any questions about our usage of Zoom, please contact the Zoom admins or anyone in SIG-ContribEx.
- kubelet now sets oom_score_adj for pods marked as critical priority
kubectl deletein order to support purging CRD objects.
- Don’t let the event watcher go back in time, since that might cause a dangerous paradox
- Kubeadm now has a preflight check for cgroup drivers.
kubelet_node_nameis now a metric, helping join stats from multiple sources, and
usageNanoCoresis a kubelet stat too
- Fix execute permissions for fsGroups
- Docker metrics have been made compliant, as part of the general metrics standardization
set envon a local resource won’t trigger a panic