LWKD logo

Last Week in Kubernetes Development

Stay up-to-date on Kubernetes development in 15 minutes a week.

Subscribe
Twitter
RSS

View LWKD on GitHub

Week Ending September 18, 2022

Developer News

Two security reports this week: CVE-2022-3172, which allows aggregated API servers to misdirect traffic and steal credentials, and CVE-2021-25749, which can let users deploy Windows container workloads as Administrator. Both issues are fixed in the latest patch releases. Note that the patch for CVE-2022-3172 blocks all 300ish responses, so test after upgrading and be prepared to set --aggregator-reject-forwarding-redirect if your API server uses redirects.

Votes for the 2022 Steering Election are due September 29th. Please vote now!

The Contributor Summit CfP is still open.

Release Schedule

Next Deadline: Production Readiness Review, September 29th

Have your draft KEPs ready for the PRR team by next Thursday, and final versions opted-in by October 6th. Current CI signal is green.

Patch releases for 1.25.1, 1.24.5, 1.23.11, and 1.22.14 came out last week. In addition to the above security issues, these patches fix a large number of bugs discovered during 1.25 Code Freeze and backported, as well as updating Go for all versions.

#111333: Add auth API to get self subject attributes

For a long time, the TokenReview API under authentication/v1 has allowed getting the user details from a cluster JWT, such as a ServiceAccount token. This allowed checking the source of credentials from another party but not for yourself. The newly added SelfSubjectReview provides this capability. This allows any user to confirm what user information kube-apiserver sees for them, both for debugging user configurations with the new kubectl auth whoami or server-side plugin configuration issues. Check it out if you have any automated troubleshooting tools or self-diagnostic systems.

Other Merges

Testing cleanup: P&F concurrency test, add more HPA tests, node lifecycle manager integration, client-go transport generation, skip etcd test cleanup on Windows/ARM

Deprecated

Version Updates

Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.