Since Tim Pepper was elected to Steering, he has stepped down from the Code of Conduct Committee and Carlos Panato has taken his place. Steering Liaisons for SIGs are also changing. Steering and CoCC have also jointly made it clear that nobody is above the Code of Conduct.
Next Deadline: Docs PRs, release blog ready for review, Nov 23
It's Code Freeze! So a ton of things are happening this Tuesday, just before the Americans all vanish into food comas. Both the Doc PRs and the Release Blog draft should be ready to review. Release candidate 0 will be released. Test jobs will fork, and the Release team will start watching the Release-1.23 jobs instead of Main. If you are on Family Time this week, don't forget that any Feature Blog articles are due next Tuesday.
Also, 1.23 beta 0 was released last week.
We're fully switched over to golangci-lint for our
staticcheck plumbing, instead of our very funky shell script wrapper. This means slightly different code annotations for skips and some upgrades for an improved version of the linter. Please do make sure you clean up any pending PRs for the new rules! This also adds a config file structure to make it easier to slowly roll out additional linters. If you're interested in that, please reach out to SIG-Testing (though maybe wait until after 1.23 is a bit more stable).
CRI v1 was first released with Kubernetes 1.20 and is now the default for talking to plugins, though the kubelet will automatically try the previous alpha version (there was never a beta release of CRI) automatically to allow for a smooth transition. CRI v1 is supported by CRI-O 1.21+ and is already merged for the upcoming Containerd 1.6. This is not expected to be a compat-impacting change however as with any major codepath alteration, test things to be sure.
We highlighted this one back when discussing KEPs but it's now actual code! To summarize the feature: you can define CEL expressions on any schema node in a Custom Resource Definition using
x-kubernetes-validations. These expressions will be run on create/update like other validations. Each rule expression can access only the data in or below the node it is defined on, as well as a limited set of global values (
metadata.generateName). CEL does support simply loops and branching however overall runtime is constrained to avoid runaway complexity explosions (will return an HTTP 408 response).
As an example for the fairly common case of requiring one and only one mode sub-struct to be configured:
x-kubernetes-validations: - rule: "[has(self.mode1), has(self.mode2)].exists_one(m, m)" message: You must configure mode1 or mode2
This will potentially simplify and speed up many operators which previous used webhooks for these kinds of validations. It won't cover every use case but give them a try!
And finally we have some forward progress on CSI migrations! Both AWS and GCE have flipped the migration switch by default so those in-tree drivers will be disabled now (but you can re-enable them for a short time longer if needed). Portworx and Ceph RBD are both set up for transition, with the in-tree plugins still enabled for now, and you can disable them once you've migrated to avoid conflicts.
kubectl waitcan wait on any arbitrary JSON path
kubectl describe namespaceprints Conditions
--register-with-taintsis now a KubeletConfig option
kubectl port-forwarderrors, disconnect and exit