Week Ending May 5, 2024

https://lwkd.info/2024/20240506

Developer News

WG Device Management has its own mailing list now.

Release Schedule

Next Deadline: v1.31 cycle starts, May 13th, 2024

The shadow application for the v1.31 release is open till May 15th. Don’t forget to apply if you’re interested in being a part of the upcoming Kubernetes release team!

Featured PRs

124519: Remove gcp in-tree cloud provider and credential providers

This PR removes the last remaining in-tree cloud provider and credential provider for GCP. This work is part of the overarching KEPs for moving in-tree cloud provider code and credential providers from k/k. This particular PR alone removes 1,071,842 lines of code from k/k.

Other Merges

Improvements to kubeadm IsPrivilegedUser preflight check to not fail on Windows.

kubectl describe for service and ingress objects to use endpointSlices instead of endpoints.

Completion for kubectl set image.

Bugfix for resourceclaim controller forgetting to wait for podSchedulingSynced and templatesSynced.

Added support for scheduler_plugin_execution_duration_seconds in scheduler_perf, which visualizes which plugin is how much slower.

Fix for gitRepo volume privilege escalation flaw.

QueueingHint implemented for TaintToleration plugin to improve throughput of scheduler.

Fix to protobuf read bug in the protoc-gen-gogo tool overriding parameters.

Tracing to kube-aggregator proxyHandler.

kubernetes/cri-client staging repository added.

Deduplicate set expression values in metav1.LabelSelector fuzzer.

Promotions

RetryGenerateName to beta.

Deprecated

Generally available feature gate ConsistentHTTPGetHandlers removed.

kube-scheduler deprecated all non-csi volumelimit plugins

Subprojects and Dependency Updates

cri-o to v1.30.0 Add configurable container minimum memory limit

prometheus to v2.45.5 Remote write: Avoid a race condition when applying configuration

coredns to v1.11.3 The rewrite plugin can now rewrite response codes

via Last Week in Kubernetes Development https://lwkd.info/

May 06, 2024 at 06:45AM

OmniBOR: A System for Automatic, Verifiable Artifact Resolution across Software Supply Chains

May 6, 2024 at 04:27PM

via Instapaper

Single Pane of Glass for Kubernetes Clusters with Clusterpedia

Discover how to achieve a simplified and unified view across all your Kubernetes clusters with Clusterpedia!

In this video, we dive into the powerful capabilities of Clusterpedia, the innovative tool that consolidates information from multiple Kubernetes clusters into a single pane of glass. Whether you're managing a handful or dozens of clusters, you'll learn how Clusterpedia can streamline your Kubernetes operations, enhance visibility, and expedite troubleshooting.

Clusterpedia #KubernetesManagement #DevOpsTools

Consider joining the channel: https://www.youtube.com/c/devopstoolkit/join

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ ➡ Gist with the commands: https://gist.github.com/vfarcic/c6f369426c5149e3d05132d5e1cda62c 🔗 Clusterpedia: https://clusterpedia.io

▬▬▬▬▬▬ 💰 Sponsorships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please use https://calendar.app.google/Q9eaDUHN8ibWBaA7A to book a timeslot that suits you, and we'll go over the details. Or feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ Twitter: https://twitter.com/vfarcic ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬ 00:00 Introduction to Clusterpedia 03:43 Clusterpedia Setup 09:44 Clusterpedia Search, Filtering, and Sorting 17:05 Clusterpedia Architecture 19:00 Clusterpedia Pros and Cons

via YouTube https://www.youtube.com/watch?v=Ca1qxZoxBkg

Comment on 'Snitch Line' Launched by the Utah State Auditor

NEW RELEASE FAQ ON HB 257 We've released our on HB 257, a concerning law impacting Transgender and Nonbinary people in Utah, it's crucial to equip ourselves…

May 6, 2024 at 10:42AM

via Instapaper

Organizations patch CISA KEV list bugs 3.5 times faster than others, researchers find

Researchers have found that a catalog of exploited vulnerabilities maintained by the federal government is having a tangibly positive effect on organizations…

May 3, 2024 at 03:58PM

via Instapaper

Five Key Requirements for a Successful OSPO - Nithya Ruff, Amazon

Five Key Requirements for a Successful OSPO - Nithya Ruff, Amazon In the past 2 years we have seen some major OSPOs shrink and some have even gone away. We are…

May 3, 2024 at 02:45PM

via Instapaper

What's a CNCF Ambassador? - Containerized Adventures

This post is written based on my own experiences and opinions as a CNCF Ambassador. The CNCF Ambassador program application is open now (January 25, 2024 –…

May 3, 2024 at 11:39AM

via Instapaper

zakirullin/cognitive-load: 🧠 Cognitive Load In Software Development

🧠 Cognitive Load In Software Development

May 3, 2024 at 09:46AM

via Instapaper

Orange-OpenSource/hurl: Hurl, run and test HTTP requests with plain text.

What's Hurl? Hurl is a command line tool that runs HTTP requests defined in a simple plain text format. It can chain requests, capture values and evaluate…

May 3, 2024 at 09:42AM

via Instapaper

Dokploy/dokploy: Open Source Alternative to Vercel, Netlify and Heroku.

Create list Beta Lists are currently in beta. Share feedback and report bugs. dokploy Public Unwatch Stop ignoring Watch 8 Notifications Fork 76 Fork your own…

May 3, 2024 at 09:41AM

via Instapaper

Releases Distribution Changes - OpenSSL Blog

I’d like to give you a heads-up about some changes we’re making at OpenSSL. We’re simplifying how you can get our software, and that means we’re phasing out…

May 2, 2024 at 06:57AM

via Instapaper

Week Ending April 28, 2024

https://lwkd.info/2024/20240429

Developer News

We have two new Working Groups, built around the needs of new workloads like AI/ML:

WG Device Management will develop tooling and infrastructure to help users add accelerators and other specialized hardware to their Kubernetes clusters

WG Serving will enable AI/ML inference workloads that are not batch-oriented (as a complement to WG Batch)

SIG-Docs is having almost total leadership turnover with old leaders stepping down, new ones stepping up, and some folks swapping roles.

SIG-Architecture has published new guidance for when a feature can skip Alpha release.

Reminder: SIG Annual Reports are due by May 1. It’s mostly automated now, so please get it done. Any contributor to the SIG can work on the report, not just the Leads.

Release Schedule

Next Deadline: v1.31 cycle starts, May 13th, 2024

We’re in the period between releases. Shadow applications for the v1.31 release team are open until May 15. The tentative dates for the v1.31 cycle are from May 13th to August 15th, 2024.

KEP of the Week

4138: Pod Conditions for Starting and Completion of Sandbox Creation

The KEP adds a pod condition called PodReadyToStartContainers. It shows pod readiness to start containers immediately after pod sandbox creation. It provides a clear indication to cluster administrators when the initialization phase of successfully scheduled pods is completed. Existing conditions such as PodScheduled and Initialized do not adequately convey this specific phase of pod lifecycle. With this Enhancement, users can monitor and analyze pod sandbox creation latency metrics. This can assist in setting Service Level Objectives (SLOs) and can be used by custom controllers and operators to optimize reconciliation strategies for sandbox creation failures.

This KEP is tracked to promote to beta in the v1.30 release.

Other Merges

Validate common name formats in CEL

client-go’s REST client gets WatchList access

Prevent a race condition in the transforming informer, including resync; backported

--hostname-override works correctly with external cloud providers

Add a function to check etcd supported features

Reorganize kube-proxy metrics (“and stuff”), giving nftables mode its own metrics

kubeadm: remember to download the config during upgrade, use output/v1alpha3 for printing

Remove cloudprovider code from volume managers

Kubemark supports burst and qps tests

New metrics: not-really-invalid packets

Contextual logging: component-helpers

Test Cleanup: TrafficDistribution, watch cache

Deprecated

remove deprecated output.kubeadm.k8s.io/v1alpha2 API

enable-client-cert-rotation is the new experimental-cert-rotation

remove deprecated DefaultHostNetworkHostPortsInPodTemplates feature gate

Remove pre-1.20 checkpoint support from DeviceManager

Version Updates

sigs.k8s.io/yaml to 1.4.0

cri-tools to 1.30.0

cel-go to 0.20.1, changes optional to optional_type

Subprojects and Dependency Updates

Kernel Module Management 2.1.0: GC delay, reorder kmod loading.

kubernetes-sig/kubebuilder v3.14.1: Upgrades to controller runtime, bug fixes.

kubernetes/kompose v1.33.0: Ability to select stage in multistage dockerfile, labels for initContainers, networkmode service.

kubernetes/cloud-provider-openstack openstack-cinder-csi-2.29.1.

etcd-io/etcd v3.4.32: Fix to LeaseTimeToLive returning error, updates to compaction log.

containerd/containerd v1.7.16: HPC port forwarding, updates to HTTP fallback to better account for TLS timeout.

cri-o/crio-o: Update pinned images list on config reload, keep track of exec calls for container.

grpc/grpc v1.63.0: API to inject connected endpoints into servers, upgrades to Protobuf.

via Last Week in Kubernetes Development https://lwkd.info/

April 29, 2024 at 11:48AM