Kubernetes is participating in Outreachy, with spots for three interns thanks to sponsorships from Red Hat and the CNCF. If you know a talented, diverse, beginning programmer who wants to get paid to learn to hack Kubernetes and its tools, take a look at the projects available.
During last Wednesday’s Steering Committee meeting, docs lead Zach Corliessen announced that SIG-Docs would be removing and prohibiting most 3rd party content in the Kubernetes docs. The change intends to prevent duplication of external docs, as well as proliferation of “configuring Kubernetes with Tool X” pages.
This was also the last SC meeting for the current members. There is now a new committee thanks to the election of four new members announced last Thursday:
Next Deadline: 1.17 Enhancements Freeze, October 15th
We are still in the gulf between releases so not much activity from the release team. Make sure any enhancements you are targeting at 1.17 will comply with the release plan.
This PR fixes CVE-2019-11253, a “billion laughs” attack against kube-apiserver which would allow an attacker to crash the API server by sending a functionally huge YAML document, leading to memory exhaustion. The decoded document is now limited to 3MB to prevent both this problem and similar future issues. Fortunately it is fairly hard to exploit this issue as the attack does have to authenticate and have permissions for an API operation that takes a request body. Security releases will be available shortly.
Forward progress on moving Hyperkube into its own project. Hyperkube is composite binary that contains every Kubernetes daemon in one file. This has been very useful for testing and deployment systems, but unfortunately it has been causing some problems lately. Especially as we have been moving cloud providers out of tree, the lack of a maintainer for Hyperkube has become noticeable. The goal is to continue Hyperkube, but to demote it to a SIG project or similar. If you’re interested in helping out, please jump in on #81760.
As mentioned above, the Docs team has set out new rules for what can be included or linked to from the main Kubernetes docs. The overall policy is that the main docs will only include documentation for SIG projects that don’t have their own documentation system (yet) and will only link to SIG projects or other active CNCF projects.
--certificate-authoritywill correctly override other TLS settings from the config file
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.