Kubernetes v1.32 sneak peek

https://kubernetes.io/blog/2024/11/08/kubernetes-1-32-upcoming-changes/

As we get closer to the release date for Kubernetes v1.32, the project develops and matures. Features may be deprecated, removed, or replaced with better ones for the project's overall health.

This blog outlines some of the planned changes for the Kubernetes v1.32 release, that the release team feels you should be aware of, for the continued maintenance of your Kubernetes environment and keeping up to date with the latest changes. Information listed below is based on the current status of the v1.32 release and may change before the actual release date.

The Kubernetes API removal and deprecation process

The Kubernetes project has a well-documented deprecation policy for features. This policy states that stable APIs may only be deprecated when a newer, stable version of that API is available and that APIs have a minimum lifetime for each stability level. A deprecated API has been marked for removal in a future Kubernetes release will continue to function until removal (at least one year from the deprecation). Its usage will result in a warning being displayed. Removed APIs are no longer available in the current version, so you must migrate to use the replacement instead.

Generally available (GA) or stable API versions may be marked as deprecated but must not be removed within a major version of Kubernetes.

Beta or pre-release API versions must be supported for 3 releases after the deprecation.

Alpha or experimental API versions may be removed in any release without prior deprecation notice; this process can become a withdrawal in cases where a different implementation for the same feature is already in place.

Whether an API is removed due to a feature graduating from beta to stable or because that API did not succeed, all removals comply with this deprecation policy. Whenever an API is removed, migration options are communicated in the deprecation guide.

Note on the withdrawal of the old DRA implementation

The enhancement #3063 introduced Dynamic Resource Allocation (DRA) in Kubernetes 1.26.

However, in Kubernetes v1.32, this approach to DRA will be significantly changed. Code related to the original implementation will be removed, leaving KEP #4381 as the "new" base functionality.

The decision to change the existing approach originated from its incompatibility with cluster autoscaling as resource availability was non-transparent, complicating decision-making for both Cluster Autoscaler and controllers. The newly added Structured Parameter model substitutes the functionality.

This removal will allow Kubernetes to handle new hardware requirements and resource claims more predictably, bypassing the complexities of back and forth API calls to the kube-apiserver.

Please also see the enhancement issue #3063 to find out more.

API removal

There is only a single API removal planned for Kubernetes v1.32:

The flowcontrol.apiserver.k8s.io/v1beta3 API version of FlowSchema and PriorityLevelConfiguration has been removed. To prepare for this, you can edit your existing manifests and rewrite client software to use the flowcontrol.apiserver.k8s.io/v1 API version, available since v1.29. All existing persisted objects are accessible via the new API. Notable changes in flowcontrol.apiserver.k8s.io/v1beta3 include that the PriorityLevelConfiguration spec.limited.nominalConcurrencyShares field only defaults to 30 when unspecified, and an explicit value of 0 is not changed to 30.

For more information, please refer to the API deprecation guide.

Sneak peek of Kubernetes v1.32

The following list of enhancements is likely to be included in the v1.32 release. This is not a commitment and the release content is subject to change.

Even more DRA enhancements!

In this release, like the previous one, the Kubernetes project continues proposing a number of enhancements to the Dynamic Resource Allocation (DRA), a key component of the Kubernetes resource management system. These enhancements aim to improve the flexibility and efficiency of resource allocation for workloads that require specialized hardware, such as GPUs, FPGAs and network adapters. This release introduces improvements, including the addition of resource health status in the Pod status, as outlined in KEP #4680.

Add resource health status to the Pod status

It isn't easy to know when a Pod uses a device that has failed or is temporarily unhealthy. KEP #4680 proposes exposing device health via Pod status, making troubleshooting of Pod crashes easier.

Windows strikes back!

KEP #4802 adds support for graceful shutdowns of Windows nodes in Kubernetes clusters. Before this release, Kubernetes provided graceful node shutdown functionality for Linux nodes but lacked equivalent support for Windows. This enhancement enables the kubelet on Windows nodes to handle system shutdown events properly. Doing so, it ensures that Pods running on Windows nodes are gracefully terminated, allowing workloads to be rescheduled without disruption. This improvement enhances the reliability and stability of clusters that include Windows nodes, especially during a planned maintenance or any system updates.

Allow special characters in environment variables

With the graduation of this enhancement to beta, Kubernetes now allows almost all printable ASCII characters (excluding "=") to be used as environment variable names. This change addresses the limitations previously imposed on variable naming, facilitating a broader adoption of Kubernetes by accommodating various application needs. The relaxed validation will be enabled by default via the RelaxedEnvironmentVariableValidation feature gate, ensuring that users can easily utilize environment variables without strict constraints, enhancing flexibility for developers working with applications like .NET Core that require special characters in their configurations.

Make Kubernetes aware of the LoadBalancer behavior

KEP #1860 graduates to GA, introducing the ipMode field for a Service of type: LoadBalancer, which can be set to either "VIP" or "Proxy". This enhancement is aimed at improving how cloud providers load balancers interact with kube-proxy and it is a change transparent to the end user. The existing behavior of kube-proxy is preserved when using "VIP", where kube-proxy handles the load balancing. Using "Proxy" results in traffic sent directly to the load balancer, providing cloud providers greater control over relying on kube-proxy; this means that you could see an improvement in the performance of your load balancer for some cloud providers.

Retry generate name for resources

This enhancement improves how name conflicts are handled for Kubernetes resources created with the generateName field. Previously, if a name conflict occurred, the API server returned a 409 HTTP Conflict error and clients had to manually retry the request. With this update, the API server automatically retries generating a new name up to seven times in case of a conflict. This significantly reduces the chances of collision, ensuring smooth generation of up to 1 million names with less than a 0.1% probability of a conflict, providing more resilience for large-scale workloads.

Want to know more?

New features and deprecations are also announced in the Kubernetes release notes. We will formally announce what's new in Kubernetes v1.32 as part of the CHANGELOG for this release.

You can see the announcements of changes in the release notes for:

Kubernetes v1.31

Kubernetes v1.30

Kubernetes v1.29

Kubernetes v1.28

via Kubernetes Blog https://kubernetes.io/

November 07, 2024 at 07:00PM

Valkey: What’s New and What’s Next?

TNS SUBSCRIBE Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and…

November 7, 2024 at 03:22PM

via Instapaper

Amazon to Save Millions Moving From Apache Spark to Ray

November 7, 2024 at 09:31AM

via Instapaper

Detroit Is Turning Lampposts Into Internet-Connected EV Chargers

Nov 05, at 3:25am ET Share 12 Comments / 12 New AT&T and Voltpost will bring internet-connected lamppost EV chargers to Michigan and the Metro-Detroit area.…

November 7, 2024 at 09:22AM

via Instapaper

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years…

November 7, 2024 at 09:17AM

via Instapaper

Week Ending November 3, 2024

https://lwkd.info/2024/20241106

Developer News

Registration for the Salt Lake City Contributor Summit closes Thursday, so don’t forget to register; check your email to make sure that you did. Also make sure to add any Unconference topic you have soon.

Release Schedule

Next Deadline: Code Freeze, November 8th

Code Freeze Is Coming, and this cycle (because of Kubecon) we’ll have test freeze at the same time. So make sure to get you work on 1.32 features and their tests done this week. The removals and deprecations blog post has been postponed to this Friday.

And, just to pile it on: patch release cherry-picks are also due Friday.

Merges

Update scheduler_perf tests to run with QueueingHints both enabled and disabled

Tests for getReplicaSetFraction in the deployment controller

Improve validation for ReplicaSet annotations in the deployment controller

JSON request encoding fallback added for CBOR HTTP 415 errors

kubeadm: ensure proper parsing of SSR username

kubeadm: use actual addresses/ports for WaitForAllControlPlaneComponents

Improved test coverage for kubectl autoscale

Fixes to reporting of elapsed times for validating admission policy

KCM volume plugin probe refactored

--concurrent-daemonset-syncs command line flag added to kube-controller-manager

kubelet’s /metrics/slis endpoint made always available

New utility function ResetLabelValueAllowLists to reset allow lists for label values

New optional ResetFieldsFilterStrategy interface for storage

dynamicResources struct refactored to DynamicResources

Container filesystem and image filesystem now allowed to be on the same drive but in a different partition

New alpha seLinuxChangePolicy field within Pod level securityContext

Fix for eviction manager not deleting unused images or containers when it detected containerfs signal

Stricter validations for the qosClass field of Pod status

DRA: scheduling pods is up to 16x faster now thanks to some performance optimization

v1alpha1 API for mutating admission policies added

PodLifecycle’s Sleep Action now supports a sleep duration of zero with a feature gate

Bug fix for an issue with state un-marshalling in InPlacePodVerticalScaling

Line breaks from kubectl explain descriptions now realinged

Windows now supports CPU and memory affinity

Promotions

MemoryManager to GA

PodIndexLabel for StatefulSet and IndexedJob to GA

RecoverVolumeExpansionFailure to beta

PodLifecycleSleepAction to GA

Deprecated

Dropped last remaining reference to github.com/golang/groupcache/lru

EnforceMountableSecretsAnnotation deprecated in v1.32

ZeroLimitedNominalConcurrencyShares feature gate removed after graduation to GA in v1.30

HPAContainerMetrics feature gate removed after graduation to GA in v1.30

Version Updates

vendor: system-validators to v1.9.1

via Last Week in Kubernetes Development https://lwkd.info/

November 06, 2024 at 06:00PM

casey/just: 🤖 Just a command runner

Table of Contents↗️ just just is a handy way to save and run project-specific commands. This readme is also available as a book. (中文文档在 这里, 快看过来!) Commands,…

November 5, 2024 at 09:51AM

via Instapaper

Kubernetes webhooks explained and Aspect Oriented Programming, with Gordon Myers

https://kube.fm/webhooks-aop-gordon

This episode explores Admission Controllers and Webhooks with Gordon Myers, who shares his experience implementing webhook solutions in production. Gordon explains the lifecycle of Kubernetes API requests and how webhooks can intercept and modify resources before they are stored in etcd.

You will learn:

How the Kubernetes API processes requests through authentication, authorization, and Admission Controllers.

The difference between Validating and Mutating webhooks and how to implement them using JSON Patch.

Best practices for testing webhooks and avoiding common pitfalls that can break cluster deployments.

Real-world examples of webhook implementations, including injecting secrets from HashiCorp Vault into containers.

Sponsor

This episode is sponsored by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training.

More info

Find all the links and info for this episode here: https://kube.fm/webhooks-aop-gordon

Interested in sponsoring an episode? Learn more.

via KubeFM https://kube.fm

November 05, 2024 at 05:00AM

From Docker to Kubernetes: Running Backstage in Production!

In this video, we dive into packaging and running Backstage in Kubernetes. We'll start by building OCI images, then run Backstage with Docker, and finally, deploy it in Kubernetes using Helm charts. Learn how to automate builds, package and publish images, and set up CI workflows.

Backstage #Kubernetes #Helm #Docker

Consider joining the channel: https://www.youtube.com/c/devopstoolkit/join

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ ➡ Transcript and commands: https://devopstoolkit.live/internal-developer-platforms/from-docker-to-kubernetes-running-backstage-in-production 🔗 Backstage: https://backstage.io 🎬 Getting Started with Backstage: From Zero to Operational Dev Portal: https://youtu.be/A-3Ai--Z-Gs 🎬 Should We Run Databases In Kubernetes? CloudNativePG (CNPG) PostgreSQL: https://youtu.be/Ny9RxM6H6Hg 🎬 Manage Kubernetes Secrets With External Secrets Operator (ESO): https://youtu.be/SyRZe5YVCVk

▬▬▬▬▬▬ 💰 Sponsorships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please visit https://devopstoolkit.live/sponsor for more information. Alternatively, feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ Twitter: https://twitter.com/vfarcic ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬ 00:00 Backstage in Docker and Kubernetes 02:43 Build, Push, and Run Backstage with Docker 11:19 Run Backstage in Kubernetes 16:27 Build, Package, and Push Backstage Automatically 19:43 All Together

via YouTube https://www.youtube.com/watch?v=fLAVFQAhzM4

AWS Game Builder Challenge

November 4, 2024 at 10:25AM

via Instapaper

Cedar Language Playground

Author: Micah Hausler, Principal Engineer, AWS October 30, 2024 Today we are excited to announce a new open source project, Cedar access controls for…

November 4, 2024 at 10:24AM

via Instapaper

hypermodeinc/modus: Modus: an open source, serverless framework for building intelligent functions and APIs, powered by WebAssembly

November 4, 2024 at 09:23AM

via Instapaper

Misc - Feat. Kepler, Inspektor Gadget, k8sgpt, Perses, and Pixie (You Choose!, Ch. 04, Ep. 09)

Miscelaneous - Choose Your Own Adventure: The Observability Odyssey

In this episode, we'll go through the tools in the observability space that are not part of any of the previous sub-categories. The contestants are Kepler, Inspektor Gadget, k8sgpt, Perses, and Pixie.

Vote for your choice of a tool for signing artifacts at https://cloud-native.slack.com/archives/C05M2NFNVRN. If you have not already joined CNCF Slack, you can do so from https://slack.cncf.io.

This and all other episodes are available at https://www.youtube.com/playlist?list=PLyicRj904Z9-FzCPvGpVHgRQVYJpVmx3Z.

More information about the "Choose Your Own Adventure" project including the source code and links to all the videos can be found at https://github.com/vfarcic/cncf-demo.

٩( ᐛ )و Whitney's YouTube Channel → https://www.youtube.com/@wiggitywhitney

kepler #IInspektorGadget #k8sgpt #perses #pixie.

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ 🔗 Miscalaneous: https://github.com/vfarcic/cncf-demo/tree/main/manuscript/observability-misc/README.md

via YouTube https://www.youtube.com/watch?v=OZE1hoT9-gs

Please just stop saying "just"

Do you work in Software Engineering, and have you seen messages or sentences like these before? “Can’t we just set up a redirect to this other domain?” “Why…

November 1, 2024 at 12:38PM

via Instapaper