You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The 1.20 release cycle has started with Lead Jeremy Rickard. Sections leads have been selected, and shadows are being picked. Expect the call for Enhancement tracking soon.
The next step in the storage-version consensus tooling, this PR adds the API components. This API is mostly designed for use by kube-storage-version-migrator but any other system implementing a similar object upgrade process may find it useful. The overall goal of the API is have a one-stop-shop for which storage versions are available for the currently active API servers. Previously this was handled in a mode ad-hoc fashion, which could result in storage corruption during unusual upgrade situations where not all API servers were on the same version in such a way that they disagreed about which storage versions to use. This new API will ensure that these edge cases are closed.
Previously the only two filter conditions you could use when draining pods was to ignore pods from daemonsets and to include pods with emptyDir volumes. This PR adds a hook to apply arbitrary filter conditions when use kubectl/drain as a library from other Go code. This is not yet exposed to the drain command line, but it sets the stage for that in the future.
This PR holds a lot of promise for simplifying service-to-service authentication in Kubernetes. Right now the usual approach is to send a Service Account JWT token from one service to another, and the receiving service will use the TokenReview API to confirm it is valid. This works but it is both relatively slow and puts more load on the API server. This new system uses some standard API patterns from the OIDC world to expose the public key used for signing the JWTs. This means that anything can grab that key and validate the JWT itself. As a beta feature, this will start becoming more broadly available starting with 1.20.
Other Merges
Scheduler, controller-manager, and cloud-controller use LeaseLock for leader elections to improve performance and reliability
Add a sandbox deleter to make sure that sandboxes get removed when pods do
Dockershim is deprecated and will be removed in 1.22 or so. Shift to using Docker via CRI when you can.
Removals
PodPresets alpha API has been removed entirely. It never got beyond alpha status, similar functionality can be reimplment out-of-tree using webhooks now.
Developer News
All community Zoom meetings now require a passcode.
Steering Committee election voting has started. Contributors will receive their ballots over the 14th and 15th. If you do not receive your ballot by the 17th, file a request for a replacement.
Wojciech Tyczynski has proposed the creation of WG-Reliability, in order to make “reliability” part of our testing and release criteria.
The September Community Meeting is this Thursday; SIGs Windows, Auth, and Multicluster are speaking. Right now, you can check out the results of the SIG-CL survey.
Release Schedule
Next Deadline: Enhancements Freeze, Oct. 6
The 1.20 release cycle has started with Lead Jeremy Rickard. Sections leads have been selected, and shadows are being picked. Expect the call for Enhancement tracking soon.
1.19.1 was released Sept. 9, fixing a go-runner issue in 1.19.0 and other urgent bugs. Minor releases 1.17.12, 1.18.9, and 1.19.2 are all expected out Wednesday. 1.16 is no longer being patched, so you should be upgrading to at least 1.17 right away.
Featured PRs
#92064: Serve storage-versions API in kube-apiserver
The next step in the storage-version consensus tooling, this PR adds the API components. This API is mostly designed for use by kube-storage-version-migrator but any other system implementing a similar object upgrade process may find it useful. The overall goal of the API is have a one-stop-shop for which storage versions are available for the currently active API servers. Previously this was handled in a mode ad-hoc fashion, which could result in storage corruption during unusual upgrade situations where not all API servers were on the same version in such a way that they disagreed about which storage versions to use. This new API will ensure that these edge cases are closed.
#88337: kubectl/drain add support for custom pod filters
Previously the only two filter conditions you could use when draining pods was to ignore pods from daemonsets and to include pods with emptyDir volumes. This PR adds a hook to apply arbitrary filter conditions when use
kubectl/drain
as a library from other Go code. This is not yet exposed to thedrain
command line, but it sets the stage for that in the future.#91921: Graduate ServiceAccountIssuerDiscovery to beta
This PR holds a lot of promise for simplifying service-to-service authentication in Kubernetes. Right now the usual approach is to send a Service Account JWT token from one service to another, and the receiving service will use the TokenReview API to confirm it is valid. This works but it is both relatively slow and puts more load on the API server. This new system uses some standard API patterns from the OIDC world to expose the public key used for signing the JWTs. This means that anything can grab that key and validate the JWT itself. As a beta feature, this will start becoming more broadly available starting with 1.20.
Other Merges
cpuCFSQuotaPeriod
kubectl alpha debug
from crashing on complex pods/proc/swaps
isn’t there, kubelet won’t look for itPromotions
Deprecations
Removals
service.beta.kubernetes.io/azure-load-balancer-disable-tcp-reset
Version Updates
The text was updated successfully, but these errors were encountered: