LWKD: Week Ending January 30, 2022
The main cert-manager repo will be migrating to cert-manager/cert-manager on Feb. 2. The standard GitHub redirects will be in place but if you import from cert-manager in third-party code, you should update the repo path in your code when you get a chance. Container images and helm charts will not move.
Next Deadline: Enhancements Freeze, Feb. 3
Release Engineering published an emergency extra update to 1.23 (1.23.3) last week to fix a regression. Users who use CRDs that rely on
x-kubernetes-preserve-unknown-fields: true should avoid 1.23.0-2, or update to 1.23.3 immediately.
SharedInformers sit at the heart of most controllers, in-tree and community operators alike. This caching design has been hugely beneficial for performance but "keep all objects in memory" has some sharp resource-usage downsides. This has been compounded lately as more and more things switch to using Server Side Apply and the
managedFields data on many objects grows substantially. A new transformer system has been added to tweak objects between being received from the API watch and being added to in-memory cache. The primary use case is nulling out unused fields however it was built generically as other uses may arise over time. As support drifts down into the various controller helper libraries, this stands to substantially reduce the memory usage of many controllers.
This PR is a great example of minimizing writes from a controller. API writes are limited and valuable resource at scale and this change both batches multiple previous requests into one and ensures it only happens at all if an update is needed. This is a good reminder to check through the requests your controllers and controller-a-likes make and try to do similar optimizations if you can.
- If unmount stalls, mark device "uncertain"
- Describe the event when preemption fails
- Make sure that static pods restart correctly
netexecin our test framework can retrieve arbitrary header values for your enhanced testing
- E2E tests should wait for the root CA to be created
- Updates to Services stop throwing a bogus clusterIP error
- Auto-renewal for bound ServiceAccount tokens will only happen for apiserver-facing tokens
- As planned, DynamicKubeletConfig is removed from 1.24