Lots of news for you this week, starting with the 1.23 release(release notes). SLSA compliance, Dual Stack, FlexVolume deprecation, PodSecurity API and more. Note that the new version of cri-tools is not yet available, which means that some people should wait to upgrade.
Second, this will be the last LWKD in 2021. Publication will resume in January.
The Contributor Celebration is this week.
kubernetes-dev mailing list will be moving to an @kubernetes.io address over the next few weeks, partly in order to fix the community calendar. You should not need to do anything immediately except change your personal address book entry. In 2022, we will be asking document owners to switch document sharing to the new list.
Next Deadline: 1.24 cycle begins, January 10, 2022
The final patch releases of 2021 are expected out Wednesday December 15th.
Hopefully the removal of Dockershim is not, in general, news to anyone reading this but the day has come. Some will celebrate, a few might mourn for the pain of upgrading, but regardless Dockershim is no more. If you haven’t already responded to the SIG-Node survey maybe give that a look, otherwise just get all your Containerds ready and look forward to a cleaner future. Big congratulations to everyone who helped get this done over the years.
client-go has long had a helper library for managing leader/primary elections, used mostly in controller managers so several replicas can be running for redundancy but most controllers are disabled for secondary instances. Originally this supported two modes,
configmaps, each using their respective API types to create a singleton lock. Back in 1.14, we added a Leases API to more specifically address things like node heartbeats and leader locks. Along with the new API, a
leases lock mode was added. The goal was to move everyone towards the Leases API as it has substantially better performance for both the client and server. While this relatively minor project got a bit lost between other tasks, the day has finally come to force everyone onto bigger and better things.
For migration purposes you can use
configmapsleases and do a rolling upgrade to the new API, and those lock modes are still present.
evictions_totalis the new
kubectl diffgets a prune command to mirror what
kubectl apply --prunedoes
--portdeprecated and insecure options will be removed from the controller-manager and the apiserver in 1.24
k8s.io/apimachinery/util/clockis being replaced with
NamespaceDefaultLabelNamefeature gate is removed since it’s GA
ReallyCrashForTestingis finally, blessedly, gone