LWKD logo

Last Week in Kubernetes Development

Stay up-to-date on Kubernetes development in 15 minutes a week.

Subscribe
Mastodon
BlueSky
RSS

View LWKD on GitHub

Week Ending July 21, 2024

Developer News

CVE-2024-5321 allows unauthorized users on Windows to read container logs. Fixed in the latest patch releases.

You have one week to migrate the remaining jobs on the old cluster before they get deactivated. Notable bundles of unmigrated jobs belong to SIG-Storage (CSI driver tests), SIG-Cloud Provider (Azure), and the ClusterAPI subproject.

Test-Infra is eliminating last bits of Google-owned notification systems in favor of community-owned ones. This means you should use community Slack channels #testing-ops to raise issues with prow.k8s.i and CI infrastructure, and #sig-scalability for scale test issues. You can discuss CI failures not clearly related to issues with prow or the infra in #sig-testing and #release-ci-signal.

Release Schedule

Next Deadline: Code Freeze, July 24th

Code freeze is happening this week, at 02:00 UTC Wednesday 24th July 2024 / 19:00 PDT Tuesday 23rd July 2024. Out of the 54 enhancements tracked after enhancements freeze, we have 32 KEPs tracked for code freeze as of this writing. If your KEP missed the code freeze deadline, you can file an exception request.

Patch releases 1.27.16, 1.28.12, 1.29.7 and 1.30.3, which were delayed to incorporate the fix for CVE-2024-5321 and a golang update. Update as soon as you can, particularly if you run Windows.

#126165: PSA: allow container_engine_t selinux type

This PR updates the Pod Security Standards to include the container_engine_t SELinux type, starting with version 1.31. This type is designed for running container engines like Podman and Docker within a container. The change enables running nested containers while still securing activity using SELinux.

KEP of the Week

KEP 4033: Discover cgroup Driver from CRI

This KEP introduces the ability for the container runtime to instruct Kubelet on which cgroup driver to use. Currently, both the Kubelet and the container runtime have configuration settings for selecting the cgroup driver (cgroupfs or systemd). With this enhancement, synchronization between the Kubelet and runtime settings is ensured, eliminating the possibility of misaligned cgroup driver configurations and promoting a single source of truth for the cgroup driver.

This KEP is tracked for beta release in the upcoming v1.31.

Other Merges

Promotions

Deprecated

Version Updates

Subprojects and Dependency Updates

Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.

You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.