Week Ending September 8, 2024
https://lwkd.info/2024/20240911
Developer News
SIG-ContribEx is hosting the first monthly New Contributor Orientation. Held on the first Tuesday of each month, this 1-hour video session will help new contributors figure out “where do I get started?” The first one is at 8:30UTC and again at 15:30UTC on September 17th.
You have one more week to propose sessions for the Contributor Summit, including presentations, discussions, and SIG/Team meetings. The Unconference Topics issue is ready for your discussion ideas.
SIG-Node is thinking about dynamic batch workloads.
Tim Hockins wants your answers to silly Kubernetes questions.
Release Schedule
Next Deadline: Production Readiness Freeze, October 3
As of this Monday, the 1.32 release cycle is underway. The team and schedule will be final this Friday, and Release Lead Frederico Muñoz has shared what to expect. Major deadlines include:
Enhancements freeze: Friday 11th October 2024
Code & Test freeze: Friday 8th November 2024
Docs freeze: Tuesday 26th November 2024
Release day: Wednesday 11th December 2024
Patch releases for all supported versions are expected out this week.
KEP of the Week
KEP 4601: Authorize with Field and Label Selectors
This KEP extends Kubernetes authorization attributes to include field and label selectors for List, Watch, and DeleteCollection verbs, allowing authorizers to make more granular security decisions. This enables out-of-tree authorizers to experiment with restrictions based on selectors, improving per-node workload security. Additionally, field and label selectors will be added to webhook authorization types, Subject Access Reviews (SSAR, SAR, Local SAR), and the node authorizer (restricting by nodeName), and will be integrated into the CEL authorizer for more advanced policy evaluations.
This KEP is tracked for alpha release in v1.32.
Other Merges
Accelerate responses for false negative access requests, speeding up workload startup
Use FormatOnly in gengo, which also involved making hundreds of API names unique; if you haven’t refreshed your repo copy after this merge, better do so
Regular init containers do not use the Sidecar code path, preventing startup failures
APIServer can offer UID headers
kubeadm upgrade apply and kubeadm upgrade node can upgrade just the addons or other specific elements, or skip them
Prevent InFlightPods from having more than one element
Remove conntrack binary from kube-proxy
Dynamic client-go won’t panic when it sees an UnstructuredList
Auto-restart init containers stuck in “created”
tryRegisterWithAPIServer continues whether or not it can create a node
New metrics: inflight_events for QueueingHints (but check for memory overflow)
Test improvements: NodeAffinity integration, image volume sharing
Promotions
AnonymousAuthConfigurableEndpoints to Beta
Subprojects and Dependency Updates
minikube v1.34: Kubernetes 1.31 support, ARM 64 qemu, Volcano addon
csi-driver-nfs v4.9.0: fix CVE-2024-5321
csi-driver-host-path v1.15.0: external-resizer to v1.11.2
csi-driver-smb v1.16.0: fix CVE-2024-5321
cri-o v1.30.5: update of checks for internal repair feature & add a new crio check sub-command; also v1.29.8v1.28.10
cloud-provider-openstack v1.31.0: occm add dnsPolicy feature
kubespray v2.26.0: Make kubernetes v1.30.4 default
python-client v31.0.0b1: DRA changes, leader elections, UserNamespaces
via Last Week in Kubernetes Development https://lwkd.info/
September 11, 2024 at 05:00PM