There was no LWKD issue last week due to 1.10 release prep. Which means you missed nothing, because we’re in code freeze, which means all of the merges are for 1.10 features and bug fixes. We’ll detail those from the last 2 weeks, below.
The Community Meeting demo this week was Kuberhealthy, a tool by Comcast to monitor the “health” of Kubernetes clusters using both passive monitoring and active probing, which is unfortunately not yet generally available. SIG Auth delivered an update covering their features for 1.10, specifically Pod Security Policies, Advanced Auditing, the TokenRequest API, and client-go authentication providers. As Auth is the security SIG, they are considering creating a bug bounty to find security issues in Kube. SIG Instrumentation introduced the External Metrics API for integrating 3rd party services, and plans to graduate the Metrics API and Custom Metrics API to beta and eventually GA, deprecating Heapster in the process. They are working on instrumentation API security with SIG-Auth, and thinking about a historical metrics API and Kubelet metrics.
Version 1.10 release is delayed, due to the prior week’s security release and difficult scalability and downgrade compatibility issues. As such, Code Freeze will end later today (Monday), and the actual release is now planned for March 26th. We are looking for a new release lead (and other team members) for 1.11.
Merges for the last 2 weeks are all to finish features and fix bugs in 1.10. Only the most significant are included below. Excluded are the many fixes to tests in order to get the boards green, and the many cherry-picks to backport fixes.
Versions of Kubernetes prior to 1.9.4/1.8.9/1.7.14 allowed hostile users to hack subpath volume mounts to access any file on the host system. Users on older versions should upgrade as soon as possible. However, upgrading users may need to manually disable hostPath volumes on their clusters. This has been followed by other tweaks to subpath volume permissions, so if you use subpaths, look out for additional required upgrades.
Zach Corleissen shared a graph of documentation pull request response times. Seeing this graph in DevStats helped alleviate SIG-Docs anxiety about their response times, but showing that it was still less than 4 days. Prow automation had helped a lot with this.
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.