Last Week in Kubernetes Development
Stay up-to-date on Kubernetes development in 15 minutes a week.
Week Ending October 6, 2019
Developer News
Kubernetes is participating in Outreachy, with spots for three interns thanks to sponsorships from Red Hat and the CNCF. If you know a talented, diverse, beginning programmer who wants to get paid to learn to hack Kubernetes and its tools, take a look at the projects available.
Meeting Summary
During last Wednesday’s Steering Committee meeting, docs lead Zach Corliessen announced that SIG-Docs would be removing and prohibiting most 3rd party content in the Kubernetes docs. The change intends to prevent duplication of external docs, as well as proliferation of “configuring Kubernetes with Tool X” pages.
This was also the last SC meeting for the current members. There is now a new committee thanks to the election of four new members announced last Thursday:
- Nikhita Raghunath
- Paris Pittman
- Christoph Blecker
- Derek Carr
Release Schedule
Next Deadline: 1.17 Enhancements Freeze, October 15th
We are still in the gulf between releases so not much activity from the release team. Make sure any enhancements you are targeting at 1.17 will comply with the release plan.
Featured PRs
#83261: limit yaml/json decode size
This PR fixes CVE-2019-11253, a “billion laughs” attack against kube-apiserver which would allow an attacker to crash the API server by sending a functionally huge YAML document, leading to memory exhaustion. The decoded document is now limited to 3MB to prevent both this problem and similar future issues. Fortunately it is fairly hard to exploit this issue as the attack does have to authenticate and have permissions for an API operation that takes a request body. Security releases will be available shortly.
#83454: Remove hyperkube from release artifacts
Forward progress on moving Hyperkube into its own project. Hyperkube is composite binary that contains every Kubernetes daemon in one file. This has been very useful for testing and deployment systems, but unfortunately it has been causing some problems lately. Especially as we have been moving cloud providers out of tree, the lack of a maintainer for Hyperkube has become noticeable. The goal is to continue Hyperkube, but to demote it to a SIG project or similar. If you’re interested in helping out, please jump in on #81760.
website#15892: Style Guide: Clarify Adding Third-Party Content
As mentioned above, the Docs team has set out new rules for what can be included or linked to from the main Kubernetes docs. The overall policy is that the main docs will only include documentation for SIG projects that don’t have their own documentation system (yet) and will only link to SIG projects or other active CNCF projects.
Other Merges
- Scheduler PluginContext struct renamed to CycleState
- Cache serialization across multiple watchers for improved performance
- Limit the number of managers in Server Side Apply to 10
- Passing
--certificate-authoritywill correctly override other TLS settings from the config file - Decoder code is much cleaner with the removal of runtime.VersionedObject
Version Updates
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.