Week Ending June 7, 2020

[github-actions]

Developer News

Many SIGs and other parts of the community shut down last week in honor of the Black Lives Matter protests. So, it’s a quiet week for LWKD.

The Infrastructure working group is getting ready to retry the swap of the k8s.gcr.io facade name to point at the community-managed gcr.io/k8s-artifacts-prod project. This was tried once before in April, however some internal issues within Google forced a rollback. The plan is to run the swap again on June 22nd, after the next round of patch releases. No user-visible impact is expected, but if anything is missed please contact the #wg-k8s-infra Slack channel or the wg-k8s-infra mailing list.

One of last week’s posted security vulnerabilities was discovered by Brice Augras and Christophe Hauquiert and reported through the Bug Bounty program. Didn’t know we had one? Well we do, and this is what it’s for. Go forth and find bugs.

Release Schedule

Next Deadline: Begin docs PRs, June 12th

You have until the end of this week to get draft/outline documentation for your new features submitted to SIG-docs. Also, Code Freeze Is Coming on June 25th.

1.19.0-beta.1 is out for testing.

Cherry-pick PRs for all supported versions are due June 12th for a June 17th update release.

Featured PRs

#91685: CertificateSigningRequest v1 API

The CSR API saw two big updates this week. First the final v1beta1 features were completed, adding better error signaling and general status management improvements. Then the v1 version was added with some backwards-incompatible improvements. The main user-facing changes are that signerName and usages are both required in v1 and better validated. V1 also solidifies a lot of status management improvements into the schema itself. Together these lay a great foundation for the future of the CSR API.

#91883: Remove ResourceLimitsPriorityFunction feature gate in the scheduler

A long-time alpha feature, ResourceLimitsPriorityFunction never really found a champion to push towards GA and so has been removed. If this was somehow critical to your scheduler plans, consider writing a plugin or extender instead.

Other Merges

• SessionAffinity works on Windows
• Metric kubeBuildInfo is now kube_build_info across several components
• get-kube.sh downloads binaries from the right stream
• kubectl create deployment --replicas is a thing, to replace kubectl run generators
• local-up-cluster.sh includes the CSI snapshotter
• PVC binding delays emit a WaitingForPodScheduled event
• Dan Winship makes a re-attempt at fixing IPFamily validation, now with 10,000% percent less extraneous discussion!
• Scheduler PostFilter has an API definition
• kubelet --node-status-max-images and --cloud-provider and --cloud-config become configuration file options
• kubeadm supports startup probes for pods that have trouble getting out of bed in the morning
• kubeadm can now automatically upgrade kubeadm-generated configs, but you’re still on your own for ones you wrote
• kubelet can remove huge page sizes that have changed on the machine

Deprecated

• ResourceLimitsPriorityFunction feature gate is gone
• KubeSchedulerConfiguration.BindTimeoutSeconds is gone as planned; configure bind time using Volume plugins instead
• Kubelet’s --experimental-mounter-path and --experimental-check-node-capabilities-before-mount flags are deprecated
• kube-controller-manager --experimental-cluster-signing-duration is deprecated, replaced with cluster-signing-duration
• kubeadm alpha certs renew --use-api flag is no more