Etcd 3.5.X has a significant data corruption issue, and is not recommended for production use. If you have not yet upgraded to Etcd 3.5, please wait for 3.5.3. If you have upgraded, you need to restart etcd with the
--experimental-initial-corrupt-check flag. Kubeadm supports this flag.
The Steering Committee is considering archiving SIG Service Catalog due to inactivity. If you use minibroker, service-catalog, or go-open-service-broker projects, please speak up on the linked issues about what you think should be done with that project.
Kubernetes Contributor Summit EU will be held on May 16th at the Fira in Valencia. Registration and additional details coming soon.
Next Deadline: Doc PRs ready for review, April 5th
The first release candidate for 1.24 has been postponed to next week due to a certificate validation error we need to wait for go 1.18.1 to be fixed. As such, RC 0 will be released next Monday.
There’s plenty to do this week while you wait for RC 0, though. First, your draft documentation on your enhancements is due Tuesday. At the same time, the Release Notes team will be drafting the notes, and asking you questions. And the Release Blog will be finalized Wednesday.
The following test jobs are still flaky, and could easily cause the final release to be delayed, so look into them if you can: skew-cluster-latest, gce-ingress, kind-master-parallel, and ci-kubernetes-unit. Check the CI work board to collaborate.
The cherry pick deadline for the next set of patch releases is April 8th.
This PR paves the way for using AES-GCM instead of AES-CBC for our at-rest encryption. CBC mode, while overall very safe, is vulnerable to certain types of padding oracle attacks (leaking information through the data padding required by the algorithm). GCM represents a substantial upgrade and will help test the way forward to newer, non-AES options. For 1.24 only the read half of things is implemented. For now this will do nothing but will allow for smooth upgrades and downgrades once 1.25 comes out later this year. If you have any management tools that assume CBC is the default mode, now is a good time to start preparing for the future.
Building on the bones of our structured logging, we now have the core of a contextual logging framework. The general idea is that rather than a single global logger instance that’s initialized once at program startup, we can generate many sub-loggers and bind them to the
Context structs already flowing through the code. These bound loggers can embed default structured logging key-value data which allows a more natural flow of those around a codebase. The feature is flagged off in Kubernetes as a whole but you can enable it for specific daemons with
klog.EnableContextualLogging(true). Give it a try and give feedback to WG Structured Logging or SIG Instrumentation.
Since this is CodeFreeze week, we have quite a few new feature pushes:
Of course, not all features made it into 1.24:
status.hostIPsfield for Pods was merged and then reverted due to CPU usage issues in scalability tests
And the fixes never stop:
deployment-controller-sync-periodoption goes away for kube-controller-manager
kubectl exposedrops generator and container-port flags