Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #325 from kubernetes-sigs/20240303
publish 3/3
- Loading branch information
Showing
1 changed file
with
99 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| --- | ||
| layout: post | ||
| title: Week Ending March 3, 2024 | ||
| date: 2024-03-07 22:00:00 -0000 | ||
| slug: 2024-03-03-update | ||
| --- | ||
|
|
||
| ## Developer News | ||
|
|
||
| All CI jobs [must be on K8s community infra](https://groups.google.com/a/kubernetes.io/g/dev/c/p6PAML90ZOU) as of yesterday. While the infra team will migrate ones that are simple, other jobs that you don't help them move may be deleted. Update your jobs now. | ||
|
|
||
| [Monitoring dashboards](https://groups.google.com/a/kubernetes.io/g/dev/c/KCo5xHQRLSE) for the [GKE](https://monitoring-gke.prow.k8s.io/?orgId=1) and [EKS](https://monitoring-eks.prow.k8s.io/) build clusters are live. Also, there was an [outage in EKS jobs](https://docs.google.com/document/d/1PMgbClhYwIls8NdEw2jE80OqHmnD-Ty7TermtUe4MTE/edit#heading=h.614q085kkezh) last week. | ||
|
|
||
| After a year of work led by Tim Hockin, Go Workspaces support for hacking on Kubernetes [is now available](https://groups.google.com/a/kubernetes.io/g/dev/c/HjYciF1AJgI), eliminating a lot of GOPATH pain. | ||
|
|
||
| It's time to start working on your [SIG Annual Reports](https://groups.google.com/a/kubernetes.io/g/dev/c/kAdMGywyFMs), which you should find a lot shorter and easier than previous years. Note that you don't have to be the SIG Chair to do these, they just have to review them. | ||
|
|
||
| ## Release Schedule | ||
|
|
||
| **Next Deadline: Test Freeze, March 27th** | ||
|
|
||
| Code Freeze is [now in effect](https://groups.google.com/a/kubernetes.io/g/dev/c/Y1EJ1HGBPJk/m/mSMClkn4AwAJ?utm_medium=email&utm_source=footer). If your KEP did not get tracked and you want to get your KEP shipped in the 1.30 release, please [file an exception](https://github.com/kubernetes/sig-release/blob/master/releases/EXCEPTIONS.md) as soon as possible. | ||
|
|
||
| March Cherry Pick deadline for patch releases is the 8th. | ||
|
|
||
| ## Featured PRs | ||
|
|
||
| ### [#122717: KEP-4358: Custom Resource Field Selectors](https://github.com/kubernetes/kubernetes/pull/122717) | ||
|
|
||
| Selectors in Kubernetes have long been a way to limit large API calls like List and Watch, requesting things with only specific labels or similar. In operators this can be very important to reduce memory usage of shared informer caches, as well as generally keeping apiserver load down. Some core objects extended selectors beyond labels, allowing filtering on other fields such as listing Pods based on `spec.nodeName`. But this set of fields was limited and could feel random if you didn't know the specific history of the API (e.g. Pods need a node name filter because it's the main request made by the kubelet). And it wasn't available at all to custom type. This PR expands the system, allowing each custom type to declare selector-able fields which will be checked and indexed automatically. The declaration uses JSONPath in a very similar way to the `additionalPrinterColumns` feature: | ||
|
|
||
| ```yaml | ||
| selectableFields: | ||
| - jsonPath: .spec.color | ||
| - jsonPath: .spec.size | ||
| ``` | ||
|
|
||
| These can then be used in the API just like any other field selector: | ||
|
|
||
| ```go | ||
| c.List(context.Background(), &redThings, client.MatchingFields{ | ||
| "spec.color": "red", | ||
| }) | ||
| ``` | ||
|
|
||
| As an alpha feature, this is behind the `CustomResourceFieldSelectors` feature gate. | ||
|
|
||
| ## KEP of the Week | ||
|
|
||
| ### [KEP-1610: Container Resource based Autoscaling](https://github.com/kubernetes/enhancements/blob/master/keps/sig-autoscaling/1610-container-resource-autoscaling/README.md) | ||
|
|
||
| For scaling pods based on resource usage, the HPA currently calculates the sum of all the individual container's resource usage. This is not suitable for workloads where the containers are not related to each other. This KEP proposes that the HPA also provide an option to scale pods based on the resource usages of individual containers in a Pod. The KEP proposes adding a new `ContainerResourceMetricSource` metric source, with a new `Container` field, which will be used to identify the container for which the resources should be tracked. When there are multiple containers in a Pod, the individual resource usages of each container can change at different rates. Adding a way to specify the target gives more fine grained control over the scaling. | ||
|
|
||
| This KEP is in beta since v1.27 and is planned to graduate to stable in v1.30. | ||
|
|
||
| ## Other Merges | ||
|
|
||
| * Tunnel kubectl port-forwarding [through websockets](https://github.com/kubernetes/kubernetes/pull/123413) | ||
| * Enhanced [conflict detection](https://github.com/kubernetes/kubernetes/pull/123561]) for Service Account and JWT | ||
| * Create token duration [can be zero](https://github.com/kubernetes/kubernetes/pull/123565) | ||
| * [Reject empty usernames](https://github.com/kubernetes/kubernetes/pull/123568) in OIDC authentication | ||
| * OpenAPI V2 won't publish [non-matching group-version](https://github.com/kubernetes/kubernetes/pull/123570) | ||
| * New metrics: [authorization webhook match conditions](https://github.com/kubernetes/kubernetes/pull/123611), [jwt auth latency](https://github.com/kubernetes/kubernetes/pull/123225), [watch cache latency](https://github.com/kubernetes/kubernetes/pull/123190) | ||
| * Kubeadm: [list nodes needing upgrades](https://github.com/kubernetes/kubernetes/pull/123578), [don't pass duplicate default flags](https://github.com/kubernetes/kubernetes/pull/123555), [better upgrade plans](https://github.com/kubernetes/kubernetes/pull/123492), [WaitForAllControlPlaneComponents](https://github.com/kubernetes/kubernetes/pull/123341), [upgradeConfiguration timeouts](https://github.com/kubernetes/kubernetes/pull/123595), [upgradeConfiguration API](https://github.com/kubernetes/kubernetes/pull/123068) | ||
| * Implement [strict JWT compact serialization enforcement](https://github.com/kubernetes/kubernetes/pull/123540) | ||
| * Don't [leak discovery documents](https://github.com/kubernetes/kubernetes/pull/123517) via the Spec.Service field | ||
| * Let the container runtime [garbage-collect images](https://github.com/kubernetes/kubernetes/pull/123508) by tagging them | ||
| * Client-Go can [upgrade subresource fields](https://github.com/kubernetes/kubernetes/pull/123484), and [handles cache deletions](https://github.com/kubernetes/kubernetes/pull/122998) | ||
| * Wait for the [ProviderID to be available](https://github.com/kubernetes/kubernetes/pull/123331) before initializing a node | ||
| * Don't panic if [nodecondition is nil](https://github.com/kubernetes/kubernetes/pull/122874) | ||
| * Broadcaster logging is now [logging level 3](https://github.com/kubernetes/kubernetes/pull/122293) | ||
| * [Access mode label](https://github.com/kubernetes/kubernetes/pull/123667) for SELinux mounts | ||
| * AuthorizationConfiguration v1alpha1 is [also v1beta1](https://github.com/kubernetes/kubernetes/pull/123640) | ||
| * Kubelet user mapping IDs [are configurable](https://github.com/kubernetes/kubernetes/pull/123593) | ||
| * [Filter group versions](https://github.com/kubernetes/kubernetes/pull/123570) in aggregated API requests | ||
| * Match condition e2e tests [are conformance](https://github.com/kubernetes/kubernetes/pull/123564) | ||
| * Kubelet gets constants [from cadvisor](https://github.com/kubernetes/kubernetes/pull/122438) | ||
|
|
||
| ## Promotions | ||
|
|
||
| * [PodSchedulingReadiness to GA](https://github.com/kubernetes/kubernetes/pull/123575) | ||
| * [ImageMaximumGCAge to Beta](https://github.com/kubernetes/kubernetes/pull/123424) | ||
| * [StructuredAuthorizationConfiguration to beta](https://github.com/kubernetes/kubernetes/pull/123641) | ||
| * [MinDomainsInPodTopologySpread to beta](https://github.com/kubernetes/kubernetes/pull/123481) | ||
| * [RemoteCommand Over Websockets to beta](https://github.com/kubernetes/kubernetes/pull/123281) | ||
| * [ContainerCheckpoint to beta](https://github.com/kubernetes/kubernetes/pull/123215) | ||
| * [ServiceAccountToken Info to beta](https://github.com/kubernetes/kubernetes/pull/123135) | ||
| * [AggregatedDiscovery v2 to GA](https://github.com/kubernetes/kubernetes/pull/122882) | ||
| * [PodHostIPs to GA](https://github.com/kubernetes/kubernetes/pull/122870) | ||
|
|
||
| ## Version Updates | ||
|
|
||
| * [cadvisor to v0.49.0](https://github.com/kubernetes/kubernetes/pull/123599) | ||
| * [kubedns to 1.23.0](https://github.com/kubernetes/kubernetes/pull/123310) | ||
|
|
||
| ## Subprojects and Dependency Updates | ||
|
|
||
| * [kubespray to v2.24.1](https://github.com/kubernetes-sigs/kubespray/releases/tag/v2.24.1) Set Kubernetes v1.28.6 as the default Kubernetes version. | ||
| * [prometheus to v2.50.1](https://github.com/prometheus/prometheus/releases/tag/v2.50.1) Fix for broken /metadata API endpoint |