Week Ending April 25, 2021 #361
Labels
liens/Kubernetes
Liens à propos de l'aktu
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Developer News
We had our first community meeting in the new format last week, led by Laura Santamaria. SIG-Release discussed the 3-releases KEP, and SIG-CLI explained the overhaul for the coming kubectl exit codes. Future community meetings will also focus on topics of interest to our whole contributor community, so join us next month!
The Production Readiness WG would like you to take a survey.
Release Schedule
Next Deadline: Enhancements Tracking starts today
The 1.22 release has a schedule now, and Enhancements lead James Laverack has started collecting your enhancments; please note per his message that there is a new (as of 2021) system for tracking them. As part of the new 3/year release schedule, 1.22 will be 15 weeks. Important dates:
Our next set of patch releases closes to cherry-picks on May 7th and is expected out May 12th. Importantly, 1.18 has been extended with one more patch, so the last 1.18 will be 1.18.19, which not incidentally includes a security fix. After this month, though, you’d better start working on upgrading to a supported version.
Featured PRs
#101034: Switch alpha Pod ephemeralcontainers API to use Pod kind
The
pods/ephemeralcontainerssubresource API has been overhauled. Previously it used a dedicated EphemeralContainers type, but now it expects a complete Pod object. This works similarly to the/statussubresource, accepting a full object but only updating selectively in the underlying data. This change streamlines admission control, making sure the full object is available for those even if only the ephemeral containers will be used in the end. This is a full API break, any older tools using this API will need to be updated. If you’ve been using the “debug container” system behind the feature flag, be ready for a multi-sided upgrade in the future.#101093: Fix startupProbe behaviour changed
While we always do our best to avoid it, it looks like 1.21.0 included a minor breakage in the probes system. During one of the overhauls of that subsystem, startup probe behavior was changed such that they would only be used on the initial startup of the pod/container. Previously, and now again, every time the container is restarted it will run through the same state machine of startup probe to readiness/liveness probe. While not yet merged at time of writing, backports for this are expected shortly. If you make use of a critical startup probe, consider holding off on 1.21.0 or upgrading once a 1.21.1 is available.
#95387: Ensure audit log permissions are restricted
A fairly small change but potentially requiring matching changes; the file backend for audit logs will now make sure the file is created with
0600permissions. If the file already exists at startup, permissions won’t be changed. This means if you use some kind of create-a-new-server style of upgrades or some other immutable infrastructure, you may see this new file mode on your 1.22 upgrade. Double check any scripts or log ingestion tools to make sure they will work or touch/chmod the log file before starting kube-apiserver.Other Merges
kubectl describenow has a--chunk-sizeparameter to keep large resource lists from overwhelming the client; this does mean that all object code will need to support chunkingkubectl create ingressPromotions
Deprecated
chaos-chancehas been removed--generatoris gone, both from deployment and autoscaleVersion Updates
The text was updated successfully, but these errors were encountered: