A guide to modern Kubernetes network policies

Scott Rigby Aug 21, 2024 Blog > 101 In the world of Kubernetes, network policies are essential for controlling traffic within your cluster. But what are they…

September 5, 2024 at 03:15PM

via Instapaper

Week Ending September 1, 2024

https://lwkd.info/2024/20240905

Developer News

The New Contributor Guide put together by the folks at SIG Contribex is now available!

SIG ContribEx is also starting a new meeting for new contributor orientation. Starting on September 17th 2024, monthly meetings on the 3rd Tuesday of every month (this may shift). These meetings are intended to help new contributors to orient with the community. The meeting will be held at 2 times to accommodate different timezones: EMEA/APAC-friendly: 1:30 PT / 8:30 UTC / 10:30 CET / 14:00 IST AMER-friendly: 8:30 PT / 15:30 UTC / 17:30 CET / 21:00 IST

Release Schedule

Next Deadline: 1.32 cycle begins, September 9

Last Chance to Apply for Shadow Applications!

The window for shadow applications for the v1.32 release team is closing this week! If you’re interested in gaining valuable experience and contributing to our upcoming release, now is the time to act.

Application Deadline: September 6, 2024

Tentative Release Cycle: September 9, 2024 - December 11, 2024

KEP of the Week

KEP 4569: Move cgroup v1 support into maintenance mode

This (KEP) aims to move cgroup v1 support in Kubernetes to maintenance mode, aligning with the industry’s transition to cgroup v2 as the default for Linux kernel resource management. With cgroup v2 offering better functionality, consistency, and scalability, and major Linux distributions and projects like systemd phasing out cgroup v1, Kubernetes must adapt to maintain compatibility and leverage these improvements. This shift reflects the broader ecosystem’s move away from cgroup v1, making it necessary for Kubernetes to follow suit. Removing cgroup v1 support. Deprecation and removal will be addressed in a future KEP.

This KEP is tracked for stable release in v1.31.

Other Merges

trafficDistribution feature’s API docs updated to reflect beta status

Reverted flaky tests in apf tests

New cluster events UpdatePodSchedulingGatesEliminated and UpdatePodTolerations for scheduler plugins implemented

Fix for etcd failures in ci-kubernetes-e2e-cos-gce-disruptive-canary

Support inflight_events metric in the scheduler for QueueingHint

TypedNewDelayingQueue renamed to NewTypedDelayingQueue

Fix for DaemonRestart tests

Kubelet to consider returning metrics if Usage or VolumeCondition is set

Speed up update-codegen.sh by switching to FormatOnly in gengo

JWT authenticators now set the jti claim as credential id for use by audit logging

Clarification that new usages of generic *ObjectReference structs are discouraged

applyconfiguration-gen no longer generates duplicate methods and ambiguous member accesses

kubectl top command’s percentage display modified for readability

Refactor to watch cache storage

kubeadm switches the kube-scheduler static Pod to use the endpoints /livez and /readyz instead of /healthz

Documentation fix for flags in kube-controller-manager and cloud-provider

kubeadm increases unit test coverage for util/dryrun

PodEligibleToPreemptOthers in the preemption interface gets ctx in the parameters

Promotions

AnonymousAuthConfigurableEndpoints to beta

Deprecated

Feature gates ServerSideApply/ServerSideFieldValidation removed after graduating to GA

The flowcontrol.apiserver.k8s.io/v1beta3 API version of FlowSchema and PriorityLevelConfiguration is no longer served in v1.32

Aggregated Discovery v2beta1 fixture is removed in ./api/discovery

Feature gate AllowServiceLBStatusOnNonLB removed

Version Updates

Kubernetes is now built with Go 1.23.0!

Updated publishing-bot rules to Go 1.22.6

etcd to 3.5.15

Subprojects and Dependency Updates

containerd v1.7.21 regenerate introspection UUID if state is empty

grpc v1.66.1 enable EDS dualstack support by default

prometheus v2.54.1 allow multiple samples on same series, with explicit timestamps

via Last Week in Kubernetes Development https://lwkd.info/

September 05, 2024 at 12:12PM

‘Right to Repair for Your Body’: The Rise of DIY, Pirated Medicine

created and open sourced is the Microlab

September 5, 2024 at 11:33AM

via Instapaper

FourThievesVinegar/solderless-microlab

Microlab The MicroLab is an open-source, DIY, automated controlled lab reactor (CLR) that people can assemble with parts available online. We hope this will do…

September 5, 2024 at 11:26AM

via Instapaper

The basics of observing Kubernetes: a bird-watcher's perspective, with Miguel Luna

https://kube.fm/observability-kubernetes-miguel

In this KubeFM episode, Miguel Luna discusses the intricacies of Observability in Kubernetes, including its components, tools, and future trends.

You will learn:

The fundamental components of Observability: metrics, logs, and traces, and their roles in understanding system performance and health.

Key tools and projects: insights into Keptn and OpenTelemetry and their significance in the Observability ecosystem.

The integration of AI technologies: how AI is shaping the future of Observability in Kubernetes.

Practical steps for implementing Observability: starting points, what to monitor, and how to manage alerts effectively.

Sponsor

This episode is sponsored by Learnk8s — estimate the perfect cluster node with the Kubernetes Instance Calculator

More info

Find all the links and info for this episode here: https://kube.fm/observability-kubernetes-miguel

Interested in sponsoring an episode? Learn more.

via KubeFM https://kube.fm

September 03, 2024 at 06:00AM

Master Terminal Multiplexing with Zellij in Minutes!

Discover the power of Zellij, a terminal workspace that boosts productivity! In this video, we'll explore how to set up and use Zellij. We'll learn how to create sessions, split terminal into tabs and panes, and automate tasks using layouts. Watch as we demonstrate running commands, managing resources, and switching between tasks—all without touching the mouse. Perfect for developers looking to streamline their workflow. Don't miss out on mastering terminal multiplexing with Zellij!

Zellij #TerminalProductivity #DeveloperTools #TerminalMultiplexing

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ ➡ Transcript and commands: https://devopstoolkit.live/terminal/master-terminal-multiplexing-with-zellij-in-minutes 🔗 https://zellij.dev

▬▬▬▬▬▬ 💰 Sponsorships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please use https://calendar.app.google/Q9eaDUHN8ibWBaA7A to book a timeslot that suits you, and we'll go over the details. Or feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ Twitter: https://twitter.com/vfarcic ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬ 00:00 Terminal Multiplexing 01:25 What is Zellij? 02:17 Terminal Multiplexing With Zellij

via YouTube https://www.youtube.com/watch?v=ZndhImXIGlg

Dashboards - Feat. Kubernetes Dashboard, Headlamp, Meshery (You Choose!, Ch. 4, Ep. 01)

Dashboards - Choose Your Own Adventure: The Observability Odyssey

In this episode, we'll go through dashboards. The contestants are Kubernetes Dashboard, Headlamp, and Meshery.

Vote for your choice of a tool for signing artifacts at https://cloud-native.slack.com/archives/C05M2NFNVRN. If you have not already joined CNCF Slack, you can do so from https://slack.cncf.io.

This and all other episodes are available at https://www.youtube.com/playlist?list=PLyicRj904Z9-FzCPvGpVHgRQVYJpVmx3Z.

More information about the "Choose Your Own Adventure" project including the source code and links to all the videos can be found at https://github.com/vfarcic/cncf-demo.

٩( ᐛ )و Whitney's YouTube Channel → https://www.youtube.com/@wiggitywhitney

ContainerSSH #ConfidentialContainers

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ 🔗 Dashboards: https://github.com/vfarcic/cncf-demo/tree/main/manuscript/dashboards/README.md

via YouTube https://www.youtube.com/watch?v=GhfRu3l4F8U

These Are Apple's Oldest Products Still Sold Today

For over two decades, the MacRumors Buyer's Guide has served as a valuable resource for keeping track of when Apple products were last updated. Below, we have…

August 29, 2024 at 04:15PM

via Instapaper

The Observability Odyssey (You Choose! Ch. 4, Ep. 0)

Chapter 4 of "Choose Your Own Adventure" is about to begin! In this one, we'll explore observability tools among CNCF projects.

More information about the "Choose Your Own Adventure" project including the source code and links to all the videos can be found at https://github.com/vfarcic/cncf-demo.

This and all other episodes are available at https://www.youtube.com/playlist?list=PLyicRj904Z9-FzCPvGpVHgRQVYJpVmx3Z.

observability #CNCF #cloud

٩( ᐛ )و Whitney's YouTube Channel → https://www.youtube.com/@wiggitywhitney

Consider joining the channel: https://www.youtube.com/c/devopstoolkit/join

▬▬▬▬▬▬ 💰 Sponsoships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please use https://calendar.app.google/Q9eaDUHN8ibWBaA7A to book a timeslot that suits you, and we'll go over the details. Or feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ Twitter: https://twitter.com/vfarcic ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

via YouTube https://www.youtube.com/watch?v=_sVIxEksR1M

Introduction | Dalec

Dalec is a project aimed at providing a declarative format for building system packages and containers from those packages. Our goal is to provide a secure and…

August 29, 2024 at 10:55AM

via Instapaper

will-moss/isaiah: Self-hostable clone of lazydocker for the web. Manage your Docker fleet with ease

August 29, 2024 at 10:55AM

via Instapaper

Week Ending August 25, 2024

https://lwkd.info/2024/20240828

Developer News

KubeCon + CloudNativeCon + Open Source Summit China 2024 happened last week in Hong Kong. The event had various talks on AI, running AI workloads on Kubernetes and the CNCF ecosystem, and updates from various maintainers of different CNCF projects. There was also a keynote by Linus Torvalds. Videos will be posted in the CNCF YouTube channel soon.

Release Schedule

Next Deadline: 1.32 cycle begins, September 9

We’re in the period between releases. Shadow applications for the v1.32 release team are open until September 6. The tentative dates for the v1.32 cycle are from September 9th to December 11th, 2024.

Featured PRs

126745: Improve PVC protection controller’s scalability by batch-processing PVCs by namespace & caching live pod list results [fixed dead loop issue with idle work queue]

This PR significantly enhances the scalability of the PVC Protection Controller by implementing batch processing of PVCs by namespace and caching live pod list results. It resolves a critical dead loop issue in the idle work queue and addresses performance bottlenecks in large clusters by reducing the number of API calls required for PVC deletion. As a result, the kube-controller-manager’s CPU usage is optimized, ensuring more efficient and reliable operation, especially in environments with high pod and PVC churn.

KEP of the Week

KEP 3998: Job success/completion policy

This (KEP) aims to enhance Indexed Jobs by allowing custom success criteria, so a job can be marked as succeeded based on specific pod indexes, such as leader pods, rather than requiring all pods to succeed. It supports distributed computing frameworks like MPI and PyTorch, where only certain pods determine job success. The proposal does not alter the default behavior for jobs without a SuccessPolicy or extend this feature to NonIndexed Jobs in its first iteration.

This KEP is tracked for beta release in v1.31.

Other Merges

kubeadm now sorts the result of MergeKubeadmEnvVars, and allows mixing of flags `–print-manifest and –config

Printer unit tests added for DRA resources

transformation_operations_total metric gets additional resource label

pkg/kubelet/cm/dra migrated to contextual logging

Fix for estimated cost for Kubernetes defined CEL types for equals

Common apiserver for all testcases in CEL tests

kube-scheduler removes non-csi volumelimit plugins

Scheduling throughput thresholds set in scheduler_perf tests

Fix to DRA with structured params to make unschedulable pods schedulable again after ResourceSlice cluster events

kube-proxy now uses field-selector clusterIP!=None on Services to avoid watching for Headless Services

NominatedPodsForNode moved to scheduling queue to make the invocations more direct

Events cached in the scheduling queue are cleared as soon as possible when SchedulerQueueingHints is enabled so that scheduler consumes less memory.

New e2e tests for Node endpoints

Deprecated

Graduated feature gates being removed: ValiatingAdmissionPolicy, StableLoadBalancerNodeSet, CloudDualStackNodeIPs, LegacyServiceAccountTokenCleanUp

kubeadm removes the deprecated flag ‘–experimental-output’

kubeadm removes the deprecated sub-phase of ‘init kubelet-finilize’ called experimental-cert-rotation

Version Updates

corefile-migration to v1.0.24

Subprojects and Dependency Updates

prometheus v2.54.1 allow multiple samples on same series, with explicit timestamps

containerd v1.7.21 regenerate introspection UUID if state is empty

grpc v1.66.1 enable EDS dualstack support by default; also v1.66.0

via Last Week in Kubernetes Development https://lwkd.info/

August 28, 2024 at 07:00PM