Security hole CVE-2021-25740 allows an attacker who can create Endpoints to trick Ingress/LB into exposing network addresses that they aren’t supposed to have access too. ExternalName Services may have the same vulnerability, and are being blocked in several popular routing pod templates. While Low in risk/severity, user workaround require blanket role permissions changes(download) that may break some applications. Devs are working on a more elegant fix.
We are in Code Freeze.
Next Deadline: Documentation ready for review, July 20th
Have your docs ready, the Kubernetes docs team has their red pencils out and are going to start reviewing tomorrow for a final merge July 27th. Tuesday and Wednesday this week, 1.22 will branch, the release notes final drafting starts, and the Communications team will wind up the Release Blog. So 1.22 is becoming a thing! Except for test failures.
Test status is … worrisome. While 6 flakes in Blocking and 4 failures in Informing is an improvement on last week, it’s not good enough for release. Particularly, one Storage issue has been unclaimed for 7 days, and a GCP Cloud Provider flake has been open, without apparent action, since March 14th. Please, if a test flake or failure is in your area, these need to be resolved in the next two weeks, if not sooner.
Last Week In Kubernetes Development (LWKD) is a product of some members of the Kubernetes project, but is not an official publication of the Kubernetes project or the CNCF. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.