Kubernetes is replacing the SIG quarterly reports in the Community Meeting with Annual Reports which will be more formal, but less frequent. This is an acknowledgement of the real schedule, and the fact that we have 37 SIGs/WGs/UGs now.
CVE-2020-8558 affects kube-proxy 1.18.3 and below, allowing users to reach localhost services across the local network. Please update your servers to the latest patch release to resolve the issue, or see the mailing list announcement for mitigations.
Third Time’s The Charm: we will be once again trying to move the official image repo from
k8s-artifacts-prod starting next Monday, July 20th.
And finally a reminder to be very careful copy-pasting code from StackOverflow. By default, StackOverflow code samples are licensed under Creative Commons Share-Alike, which is not compatible with our licensing due to the viral nature of the “Share-Alike” restrictions.
Next Deadline: Complete Docs, July 16th
We are now in Code Freeze, and v1.19 release branch has been cut.
1.18.6, 1.17.9, and 1.16.13 are expected out this Wednesday.
ephemeral volume type has been added for pod templates. This works similarly to the
volumeClaimTemplates field in StatefulSets, every pod will use the template to construct a unique PVC object which can provision arbitrary storage or anything else hooked in to a CSI plugin. When the pod is deleted, so is the PVC and the PV with it unless you change the reclaim policy. This pairs well with the existing ephemeral volume support in CSI, but it could also be used for more complex things in the future like a CSI-backed implementation of the
emptyDir volume type, exposing non-traditional storage like network-attached memdisks, or “userspace” implementations of API volumes like
Another step towards making the EndpointSlice transition seamless, handling manually-curated services. This is most common with operators, such as prometheus-operator’s kubelet service used for metrics discovery. With this new controller, any such endpoints will be automatically copied into a matching slice so they will work transparently without having the specifically support both systems. If you have any existing code that does already handle updating both Endponints and EndpointSlices in parallel, be sure to apply the
endpointslice.kubernetes.io/skip-mirror label to prevent the automatic mirroring.
kubectl alpha debug command will now support node-level debugging by running a pod in the host OS namespaces. It will also automatically bind mount the host filesystem to
/host/ for interactive use. This can hopefully replace most remaining uses of SSH for node debugging and maintenance as well as simplify those tasks on newer minimialist OSes like CoreOS and Bottlerocket which ship few debugging tools in the OS and already expect most interactive sessions to happen in a container anyway.
This is also joined by #90094 which adds a copy mode to the debug command, to copy an existing pod and then attach to the copy. This can help avoid production disruptions while trying to understand a failure.
terminationGracePeriodSecondsbefore terminating mirror pods
kubectl --timeoutworks together with
/logsAPI can be completely disabled, even for admins
kubeadm alpha kubelet config enable-dynamicis both deprecated and hard to say five times fast
kubeadm alpha certs generate-csrreplaces
kubeadm --bootstrap-checkpoint-pathgoes poof
Walter Fender created this diagram of Kubernetes module-level dependencies for the docs.
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.