Ben, Arnaud, and Mahamed are replacing Aaron and Tim Hockin as SIG-K8s-Infra leadership.
Next Deadline: Exception Requests Due, October 23rd
This KEP proposes to make the kubelet aware of whether or not a container runtime splits the image filesystem. Typically when users deploy Kubernetes, the node and image filesystems are on the same disk. We can split the writeable layer where the container information is stored from the readable layer, where the images are stored. This can be useful since the images occupy a lot more disk space. In the current implementation, containers and images must be stored on the same disk. Garbage collection would only collect images/containers on the image filesystem. Currently if the container runtime separates the writable layers (containers) from the readable layers (images), the garbage collection doesn’t account for this separation.
This KEP has been authored by Kevin Hannon and is tracked to be in alpha stage in the upcomign v1.29 release.
Mitigate http2 denial-of-service attack (CVE-2023-44487 and CVE-2023-39325) by unauthenticated clients; backported
container_start_time_secondsactually shows seconds
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.