Last Week in Kubernetes Development
Stay up-to-date on Kubernetes development in 15 minutes a week.
Week Ending April 5, 2020
Developer News
CJ Cullen reported CVE-2019-11254 a denial-of-service vulnerability in Kubernetes. Maliciously crafted YAML can cause the Kube-APIserver to lock up. Upgrade to the latest patch release of 1.15-1.17 to fix this – but maybe make sure that only authorized users can send API requests, regardless?
Kevin Weismueller has proposed creating an API Expression Working Group, with the goal of codifying the structure of our API objects. In the meantime, WG Resource Management is shutting down.
Kubernetes is no longer permitting merges of PRs that themselves contain merge commits on the main repos. We’ve also added a kind/regression label to all Kubernetes namespace repos, in order to distiguish regression issues from other kinds of bugs.
Release Schedule
Next Deadline: Release schedule published, this week
Patch Releases: v1.17.3, v1.16.7, and v1.15.10 were released last week to patch a security hole. Since that’s now public, update as soon as you can.
Merges
- New etcd database size metric
kubectl applywill build everything it can instead of halting on any error- Parse X-Stream-Protocol header right when there are multiple protocols
- Stop flooding the event queue with volume error messages
- kubeadm waits for TLS bootstrapping
- Service Account names with dots can mount volumes
kubectl describegets some tests for CSI info- make Service clusterIP pick the right stack in Dual-Stack
Deprecated
beta.kubernetes.io/osendpoint, deprecated in 1.14 and scheduled for removal in 1.18, will actually get removed in 1.19- The first draft version of the scheduler config API,
kubescheduler.config.k8s.io/v1alpha1, was removed in prep for scheduler config going beta
Version Updates
- etcd to v3.4.7 in 1.19
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.