LWKD logo

Last Week in Kubernetes Development

Stay up-to-date on Kubernetes development in 15 minutes a week.


View LWKD on GitHub

Week Ending August 4, 2019

Developer News

Are you a Kubernetes Contributor? Are you going to Kubecon San Diego? Consider submitting a session proposal for the 2019 Contributor Summit. Also for SIG Leads: SIG Session proposals are due August 16th.

Garden lets you build and test Kubernetes applications locally, but without Kubernetes running on your laptop.

LWKD now has a logo thanks to the talented designer at GraphArtgency. Don’t expect any branded swag from us, though.

Release Schedule

Next Deadline: 1.16.0-alpha.3, August 6th

There are currently 39 enhancements for 1.16, including 12 beta promotions and 10 GA promotions.

We are currently in the “lull” between Enhancements Freeze and Code Freeze, where folks are supposed to be working on finishing up their features (adding testing, etc.), and filing Exceptions for late-entry features. The 1.16 branch will be created August 13th, along with the release-1.16 test jobs. On the same date, the 1.12 test jobs will be shut down, completing the EOL of version 1.12.

The next patch updates for stable versions will be released sometime in mid-August (exact date TBD).

#80231: Promote admissionreview to v1

Big congrats to SIG-ApiMachinery and all the other groups that have worked on getting the admission webhook system to GA status! There have been no schema changes as part of the promotion, but all parts of the system will now accept v1 objects and data. When sending back a v1 response, there is tighter response validation than beta, so check the PR before upgrading your code.

#80383: Add NormalizeScore extension point for scheduler framework.

This PR implements another extension point in the default scheduler to allow for plugins to change the final scores just before ranking. This is generally used for things like dynamic min or max scores, or other global-ish value modifications. This joins other scheduler extension points like “prebind”, “reserve”, and “post-filter” to tweak the scheduling process for large or complex clusters.

#80750: apiextensions: check request scope against CRD scope correctly

A fix for CVE-2019-11247, previously it was possible to access a cluster-scope resource through a namespace, assuming the user had permissions at the namespace level. This could allow unexpected access if the user had valid permissions in the namespace, but not in a ClusterRoleBinding as would generally be expected for cluster-scope resources. This fix has been cherry-picked and released as v1.13.9, v1.14.5, and v1.15.2. Upgrading is recommended for all users.

Other Merges

The Kubeadm team also dropped a bunch of fixes and changes this week, including discovering certificate-authority files, securing kube-scheduler, generating certs for etcd, not aborting reset on error, adding a timeout to discovery, and otherwise making `–discovery-file work as intended.

Version Updates

Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.