LWKD logo

Last Week in Kubernetes Development

Stay up-to-date on Kubernetes development in 15 minutes a week.

Subscribe
Mastodon
BlueSky
RSS

View LWKD on GitHub

Week Ending July 14, 2024

Developer News

Maintainer session proposals for Kubecon are due this Sunday. Write one for your SIG now. Don’t miss the deadline!

The Contributor Summit is looking for contributors to design the swag and the award. Also, proposals for the Summit are still open.

Subprojects kpng and etcdadm are being archived. If you still use etcd-manager, it’s in a new repo owned by SIG-Etcd.

CVE-2024-5321 has been reported against Kubernetes clusters running Windows. This vulnerability lets users with incorrect permissions read and modify container logs.

Release Schedule

Next Deadline: Code Freeze, July 24th

Code freeze is happening in a week! If your KEP is opted in for the v1.31 release, make sure to get your PRs merged in time before the deadline.

Kubernetes v1.27.16, v1.28.12, v1.29.7 and v1.30.3 patch releases are now live!

#125868: Add –for=create option to kubectl wait

After a few false starts, we are trying again to support a “wait for create” mechanism for kubectl wait. The new --for option will allow pluggable wait conditions beyond the original “wait for delete” and new “wait for create” (or really “wait for exists”). This can already help streamline shell scripts, and talk to SIG-CLI if you’re interested in proposing additional modes!

KEP of the Week

4633: Only allow Anonymous Auth for configured endpoints

Allowing anonymous authentication against all or most Kubernetes endpoints can be a huge security hole if you make simple mistakes with RBAC. This KEP implements a way to disable anonymous auth for all endpoints except a specificed list (usually healthz, readyz, and livez). This will close a lot of runtime security holes.

4633 was introduced by Vinayak Goyal in May, and is expected to be Alpha in 1.31.

Other Merges

Promotions

Subprojects and Dependency Updates

Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.