The Registry team found and fixed a security issue. Thank you Nicolas Chatelain for reporting it.
Reminder that you should be using registry.k8s.io for all community container images.
Next Deadline: Production Readiness Freeze, June 8th
We are now officially in the 1.28 cycle, and Release Lead Grace Nguyen has a “sneak peek” for you. That also means that the Enhancements deadlines are coming soon (PRR: June 8, Enhancements: June 16); if you’ve forgotten how this all works, Atharva Shinde has a primer. Short Version: decide what you’ll finish for 1.28 in the next 3 weeks.
Patch releases for all supported versions are expected out this Wednesday.
The API Priority and Fairness system, APF for short, exists to help ensure we maintain quality-of-service for kube-apiserver clients. There’s a lot of very complex rules and configurations for this but in the end it boils down to rejecting some API requests when the server is overloaded, ensuring there’s available capacity for important clients. These rejected requests include a
Retry-After response header to guide the clients, indicating how many seconds to wait for before trying the request again. Previously this was a hard-coded 1 second, technically something but not the most helpful things could be. This PR upgrades things so the delay is tracked over time, based on the current volume of requests at that priority level. So it will start at 1 second and increase along with the server load. If you aren’t already respecting this header in your Kubernetes API client code, now is a great time to start!
Test Cleanup: image builds for Mac, remove v1 pod dep, deflake TestFormat. log format registry, scheduler performance