Stay up-to-date on Kubernetes development in 15 minutes a week.
Please take the Production Readiness Survey if you are a cluster operator.
Security Vuln: If you are using secrets-store-CSI-driver with Token Requests enabled, you are exposed to CVE-2023-2878. Please disable them and/or upgrade to v1.3.3 soon.
SIG-Testing has disabled Gubernator, the old test log viewer, after discovering a security issue. Please use Prow View instead.
Sean Sullivan has stepped down from SIG-CLI, and Natasha Sarkar and Eddie Zaneski are stepping up to leadership. Brady Pratt has been nominated as SIG-Testing chair, and Steve Kuznetsov is retiring. Finally, WG-Reliability is dissolving, having done a great job of getting Kubernetes more stable.
Next Deadline: PRR Freeze, June 8th
Please opt-in your enhancements before June 8th to get PRReview. Final enhancement freeze is a week later.
Bound service account tokens went GA in 1.22, and are the current and more secure way to allocate service tokens. However, automated generation of the older secret-based tokens is still enabled, and production clusters will have a lot of old tokens still stored. KEP 2799 cleans this up, ending auto-generation of old tokens. This PR implements a purge of of the old tokens if enabled using the LegacyServiceAccountTokenCleanUp
feature gate. By 1.30 or so, expect it to be on by default.
kubectl --help
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.