Are you a Kubernetes Contributor? Are you going to Kubecon San Diego? Consider submitting a session proposal for the 2019 Contributor Summit. Also for SIG Leads: SIG Session proposals are due August 16th.
Garden lets you build and test Kubernetes applications locally, but without Kubernetes running on your laptop.
Next Deadline: 1.16.0-alpha.3, August 6th
There are currently 39 enhancements for 1.16, including 12 beta promotions and 10 GA promotions.
We are currently in the “lull” between Enhancements Freeze and Code Freeze, where folks are supposed to be working on finishing up their features (adding testing, etc.), and filing Exceptions for late-entry features. The 1.16 branch will be created August 13th, along with the release-1.16 test jobs. On the same date, the 1.12 test jobs will be shut down, completing the EOL of version 1.12.
The next patch updates for stable versions will be released sometime in mid-August (exact date TBD).
Big congrats to SIG-ApiMachinery and all the other groups that have worked on getting the admission webhook system to GA status! There have been no schema changes as part of the promotion, but all parts of the system will now accept
v1 objects and data. When sending back a
v1 response, there is tighter response validation than beta, so check the PR before upgrading your code.
This PR implements another extension point in the default scheduler to allow for plugins to change the final scores just before ranking. This is generally used for things like dynamic min or max scores, or other global-ish value modifications. This joins other scheduler extension points like “prebind”, “reserve”, and “post-filter” to tweak the scheduling process for large or complex clusters.
A fix for CVE-2019-11247, previously it was possible to access a cluster-scope resource through a namespace, assuming the user had permissions at the namespace level. This could allow unexpected access if the user had valid permissions in the namespace, but not in a ClusterRoleBinding as would generally be expected for cluster-scope resources. This fix has been cherry-picked and released as v1.13.9, v1.14.5, and v1.15.2. Upgrading is recommended for all users.
kubectl cpcommand works in order to partly patch security vulnerabilities CVE-2019-1002101 and CVE-2019-11246, preventing malicious directory browsing; backpatched to all active stable versions
kubectl get configmapcounts binary keys correctly
The Kubeadm team also dropped a bunch of fixes and changes this week, including discovering certificate-authority files, securing kube-scheduler, generating certs for etcd, not aborting reset on error, adding a timeout to discovery, and otherwise making `–discovery-file work as intended.
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.