The main cert-manager repo will be migrating to cert-manager/cert-manager on Feb. 2. The standard GitHub redirects will be in place but if you import from cert-manager in third-party code, you should update the repo path in your code when you get a chance. Container images and helm charts will not move.
Jordan Liggit updated the Kubernetes deprecation policy to reflect actual practice. The new policy makes it clear that Kubernetes does not deprecate Stable APIs within a major version.
Next Deadline: Enhancements Freeze, Feb. 3
Enhancements Freeze is only a few days away. If you’re planning a significant feature for 1.24, it should be on the tracking spreadsheet. The CI Signal Report documents a few flakes.
Release Engineering published an emergency extra update to 1.23 (1.23.3) last week to fix a regression. Users who use CRDs that rely on x-kubernetes-preserve-unknown-fields: true should avoid 1.23.0-2, or update to 1.23.3 immediately.
SharedInformers sit at the heart of most controllers, in-tree and community operators alike. This caching design has been hugely beneficial for performance but “keep all objects in memory” has some sharp resource-usage downsides. This has been compounded lately as more and more things switch to using Server Side Apply and the managedFields data on many objects grows substantially. A new transformer system has been added to tweak objects between being received from the API watch and being added to in-memory cache. The primary use case is nulling out unused fields however it was built generically as other uses may arise over time. As support drifts down into the various controller helper libraries, this stands to substantially reduce the memory usage of many controllers.
This PR is a great example of minimizing writes from a controller. API writes are limited and valuable resource at scale and this change both batches multiple previous requests into one and ensures it only happens at all if an update is needed. This is a good reminder to check through the requests your controllers and controller-a-likes make and try to do similar optimizations if you can.
netexec in our test framework can retrieve arbitrary header values for your enhanced testing