Last Week In Kubernetes Development

Week Ending 2023-01-15

Developer News

Basic information for the Europe Contributor Summit is up. CfP for sessions opening soon. Travel assistance for Kubernetes leads without a current corporate sponsor may be available; contact Contributor Experience.

Release Schedule

Next Deadline: Begin PRR reviews, Feb 2

In a couple of weeks it’ll be time to contact the PRR team for your Production Readiness Review, with Enhancements freeze a week later.

Patch releases are due out this Wednesday, including a backported update to Go 1.19.5, plus many other backpatches this month.

Featured PRs

#114923: Adjust preemption event message to do not include preemptor pod metadata

Administrator debugging and cluster security are always slightly at odds. Making information available more easily, the identity of who caused a given pod to be preempted in this case, speeds up development cycles and aids admins in tracking down unusual or rare errors. But at the same time, it can leak data where we don’t expect it. This PR (and a few follow ups) are a great reminder to always keep the namespace boundaries in mind. For many of us, using namespaces for single applications or maybe development teams this presented no problem, the information about what else is running in the cluster isn’t sensitive. However some teams use namespaces for more in-depth tenant isolation and that use case must always be respected.

#114393: Option to ignore existing pods’ preferred inter-pod affinities if the incoming pod has no preferred inter-pod affinities

A, for lack of a better word, cheeky performance improvement. The scheduler team noticed that in almost all cases, inter-pod affinities are set up in reciprocal pairs. A likes B and B likes A. So this allows for a shortcut, if a new pod being scheduled has no inter-pod affinities on it then we can skip the somewhat time-consuming step of checking every existing pod for matching stuff on that side. This is behind a ignorePreferredTermsOfExistingPods: true configuration argument as there’s no rule that affinities need to be paired like that, but if you are in the majority who uses them that way, this PR could give you a nice scheduler performance boost for free!

Other Merges

• Don’t let anyone add a container to a static pod
• Concurrently mark pods on an offline node NotReady
• Pods that are terminating don’t get disrupted; backported
• Actually do backoff on failed Job pods when we say we are; backported
• CSIMigrationAzureFile is permanently on
• Backport CEL-go updates, add unterminated pod to dsw, StatefulSet status and DaemonSet status
• Hold off processing webhook notifications on startup, preventing resource wasting
• Use a label selector when filtering resources to prune for kubectl diff
• Cleanup Job code that was testing non-finalizer information
• Flowcontrol API has serialization version priority
• Refactor the kubelet plugin watcher into OS-specific files
• Cleanup documentation of types.go
• Make sure that aggregatable Events get aggregated

Test Overhaul: simplify test package API, consolidate e2e timeouts, bring back total test spec, default container annotation e2e test, better output for apps e2e tests

Deprecated

• Add warning that FQDN is deprecated
• The alpha seccomp annotation API has been removed; use securityContext.seccompProfile instead
• Remove deprecated client-side OpenAPI column-printing
• Erase the penultimate PodSecurityPolicy code

Version Updates

• Upgrade to golang 1.19.5 for all supported versions, even 1.23
• cAdvisor to v0.47.1
• bumb kube-openapi
• smd to 4.2.3 in 1.24