The Amsterdam Contributor Summit has been cancelled, and will not be held as a virtual version either in order to limit “virtual conference fatigue.” The next contributor summit will be in Boston. The New Contributor Workshop is moving to an online-only version that should be ready sometime in July.
Kubernetes is looking to move to distroless containers for many components. This may break many Flexvolume drivers, which can rely on Linux utilities to work. Please participate in the SIG-Storage discussion if that includes your driver.
Next Deadline: Enhancement Freeze, May 19th
Version 1.15.12, released last week, is the final patch for v1.15. If you’re still on 1.15, it’s time to upgrade or get support from a vendor. v1.16 will likely have extended support, but v1.15 does not.
Also, v1.19alpha3 is ready for your testing.
Another big step towards treating Docker like all other runtime plugins, there is now a
dockerless build flag which can make a
docker/docker-free Kubelet. The KEP goes into greater detail about the rationale, but the short of it is a desire to have a more unified flow within the Kubelet code to reduce the risks of differences in behavior, as well as generally having less code to maintain.
Minimal images! Or at least much more minimal. This week introduced a new go-runner tool which takes the place of the older bash scripts for log file management, and container images based on the Distroless project and
go-runner. This reduces both container size and security surface area by a lot, and hopefully will improve logging performance too! Hopefully this experiment will be a success and the rest of the images will join them soon. As mentioned above, please join the SIG discussions if this change will impact you.
And finally a small but mighty change, adding support for several TLS 1.3 ciphers for clients which can use them. This was identified by the Trail of Bits security audit as part of a larger request to improve our TLS by only supporting safe ciphers.
kubeadm upgradepulls images during preflight checks instead of using a DaemonSet
cloud.google.com/network-tierannotation is available by default
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.