You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Kubernetes is replacing the SIG quarterly reports in the Community Meeting with Annual Reports which will be more formal, but less frequent. This is an acknowledgement of the real schedule, and the fact that we have 37 SIGs/WGs/UGs now.
Third Time’s The Charm: we will be once again trying to move the official image repo from google-containers to k8s-artifacts-prod starting next Monday, July 20th.
And finally a reminder to be very careful copy-pasting code from StackOverflow. By default, StackOverflow code samples are licensed under Creative Commons Share-Alike, which is not compatible with our licensing due to the viral nature of the “Share-Alike” restrictions.
A new ephemeral volume type has been added for pod templates. This works similarly to the volumeClaimTemplates field in StatefulSets, every pod will use the template to construct a unique PVC object which can provision arbitrary storage or anything else hooked in to a CSI plugin. When the pod is deleted, so is the PVC and the PV with it unless you change the reclaim policy. This pairs well with the existing ephemeral volume support in CSI, but it could also be used for more complex things in the future like a CSI-backed implementation of the emptyDir volume type, exposing non-traditional storage like network-attached memdisks, or “userspace” implementations of API volumes like downward or configMap.
Another step towards making the EndpointSlice transition seamless, handling manually-curated services. This is most common with operators, such as prometheus-operator’s kubelet service used for metrics discovery. With this new controller, any such endpoints will be automatically copied into a matching slice so they will work transparently without having the specifically support both systems. If you have any existing code that does already handle updating both Endponints and EndpointSlices in parallel, be sure to apply the endpointslice.kubernetes.io/skip-mirror label to prevent the automatic mirroring.
The kubectl alpha debug command will now support node-level debugging by running a pod in the host OS namespaces. It will also automatically bind mount the host filesystem to /host/ for interactive use. This can hopefully replace most remaining uses of SSH for node debugging and maintenance as well as simplify those tasks on newer minimialist OSes like CoreOS and Bottlerocket which ship few debugging tools in the OS and already expect most interactive sessions to happen in a container anyway.
This is also joined by #90094 which adds a copy mode to the debug command, to copy an existing pod and then attach to the copy. This can help avoid production disruptions while trying to understand a failure.
Developer News
Kubernetes is replacing the SIG quarterly reports in the Community Meeting with Annual Reports which will be more formal, but less frequent. This is an acknowledgement of the real schedule, and the fact that we have 37 SIGs/WGs/UGs now.
CVE-2020-8558 affects kube-proxy 1.18.3 and below, allowing users to reach localhost services across the local network. Please update your servers to the latest patch release to resolve the issue, or see the mailing list announcement for mitigations.
Third Time’s The Charm: we will be once again trying to move the official image repo from
google-containers
tok8s-artifacts-prod
starting next Monday, July 20th.And finally a reminder to be very careful copy-pasting code from StackOverflow. By default, StackOverflow code samples are licensed under Creative Commons Share-Alike, which is not compatible with our licensing due to the viral nature of the “Share-Alike” restrictions.
Release Schedule
Next Deadline: Complete Docs, July 16th
We are now in Code Freeze, and v1.19 release branch has been cut.
1.18.6, 1.17.9, and 1.16.13 are expected out this Wednesday.
Featured PRs
#92784: generic ephemeral inline volumes
A new
ephemeral
volume type has been added for pod templates. This works similarly to thevolumeClaimTemplates
field in StatefulSets, every pod will use the template to construct a unique PVC object which can provision arbitrary storage or anything else hooked in to a CSI plugin. When the pod is deleted, so is the PVC and the PV with it unless you change the reclaim policy. This pairs well with the existing ephemeral volume support in CSI, but it could also be used for more complex things in the future like a CSI-backed implementation of theemptyDir
volume type, exposing non-traditional storage like network-attached memdisks, or “userspace” implementations of API volumes likedownward
orconfigMap
.#91637: Adding new EndpointSlice Mirroring Controller
Another step towards making the EndpointSlice transition seamless, handling manually-curated services. This is most common with operators, such as prometheus-operator’s kubelet service used for metrics discovery. With this new controller, any such endpoints will be automatically copied into a matching slice so they will work transparently without having the specifically support both systems. If you have any existing code that does already handle updating both Endponints and EndpointSlices in parallel, be sure to apply the
endpointslice.kubernetes.io/skip-mirror
label to prevent the automatic mirroring.#92310: kubectl debug: support debugging nodes
The
kubectl alpha debug
command will now support node-level debugging by running a pod in the host OS namespaces. It will also automatically bind mount the host filesystem to/host/
for interactive use. This can hopefully replace most remaining uses of SSH for node debugging and maintenance as well as simplify those tasks on newer minimialist OSes like CoreOS and Bottlerocket which ship few debugging tools in the OS and already expect most interactive sessions to happen in a container anyway.This is also joined by #90094 which adds a copy mode to the debug command, to copy an existing pod and then attach to the copy. This can help avoid production disruptions while trying to understand a failure.
Other Merges
terminationGracePeriodSeconds
before terminating mirror podskubectl edit
kubectl --timeout
works together withscale
andautoscale
/logs
API can be completely disabled, even for adminsPromotions
Deprecated
kubeadm alpha kubelet config enable-dynamic
is both deprecatedand hard to say five times fast
kubeadm alpha certs generate-csr
replaces--csr-only
and--csr-dir
kubeadm --bootstrap-checkpoint-path
goes poofVersion Updates
Diagram of the Week
Walter Fender created this diagram of Kubernetes module-level dependencies for the docs.
The text was updated successfully, but these errors were encountered: