LWKD logo

Last Week in Kubernetes Development

Stay up-to-date on Kubernetes development in 15 minutes a week.

Subscribe
Mastodon
Twitter
RSS

View LWKD on GitHub

Week Ending April 24, 2022

Developer News

Our contributors have spent a lot of time discussing improving general Kubernetes stability and reliability lately. Project leaders are implementing several changes in how new enhancements will be handled:

Also, the triage-bot will stop closing high Priority, accepted bugs that become stale, so that we don’t lose track of them.

The Contributor Summit has a rough schedule now. This will include a Steering Committee AMA, three hours of Unconference sessions, a full day Documentation Sprint, and several SIG/team meetings (sign up here). The Contributor Social that evening will include board games (bring yours!) and a Kubernetes trivia contest. Register now. Masks and COVID immunization will be required.

Release Schedule

Next Deadline: Release, May 3rd

1.24 RC 1 is available for your testing pleasure.

We are currently in Test Freeze and Code Freeze as the Release Team works with all contributors to get 1.24 stabilized for final release after the incorporation of golang 1.18.1. If you get a reminder from the team to look at/fix something, please respond ASAP as any delay can result in a release delay.

On TestGrid, the following blocking test jobs continue to be flaky: gce-cos-k8sbeta-default, gce-cos-k8s-beta-ingress, gce-cos-k8sbeta-reboot, kind-1.24-parallel, kind-ipv6-1.24-parallel, and ci-kubernetes-unit-1.24. Flaky jobs mean that we can’t easily tell whether something is broken or not, so won’t you pick a test job and dive in? See the CI Project Board for ongoing work.

ingress-nginx#8456: Implement object deep inspector

Ingress-nginx released v1.2.0 this week, fixing two security issues: CVE-2021-25745 and CVE-2021-25746. Both are variants on using a malicious Ingress object to exfiltrate sensitive data from inside the Ingress Controller Pod, such as the Service Account credentials. This PR introduces both a fix for the two specific issues as well as a general framework for improved object validation within ingress-nginx. If upgrading isn’t an option, you can also use the annotation-value-word-blocklist configuration option to block the malicious Ingresses. If you permit low-privilege users to create arbitrary Ingresses, you should patch or mitigate these vulnerabilities as soon as possible.

Other Merges

Version Updates

Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.