Stay up-to-date on Kubernetes development in 15 minutes a week.
Five security vulnerabilities, one critical, in Ingress-Nginx that can result in arbitrary code execution(CVE-2025-24513, CVE-2025-24514,CVE-2025-1097, CVE-2025-1098,CVE-2025-1974) were reported to the SRC. In a default installation, this can compromise all Secrets on the cluster. Upgrade Ingress-Nginx to the latest version (v1.11.5 or v1.12.1) immediately. If unable to upgrade, some exploits will be disabled if you disable Validating Admission Controllers.
There is also a new low risk vulnerability in Kubernetes network policy enforcement: CVE-2024-7598; a long-term solution is being discussed in a KEP.
Siyuan Zhang has begun a discussion on Emulation Version changes coming over the next few releases.
Registration for the Kubecon London Maintainer Summit closes Thursday, don’t miss it! Also, remember to sign up with your SIG for the Meet & Greet on April 3.
There will not be an LWKD issue next week because of KubeCon + CloudNativeCon EU. Happy KubeCon week to everyone attending!
Next Deadline: Docs PRs ready for review, March 25
Code freeze is in effect for Kubernetes v1.33. Folks who have got their KEPs tracked (all 58) for the release, make sure to get your docs PRs ready for review soon!
This PR adds the initial implementation for the alpha release of custom container stop signals. A new container Lifecycle, StopSignal has been added with which users are able to define custom stop signals for their containers, overriding the default signal set in the image/container runtime. This PR adds StopSignal to container Lifecycle and also adds a StopSignal field to both ContainerConfig and ContainerStatus in the CRI API. Once the logic for using the custom stop signal has been added to the different container runtimes, the runtimes would also report the effective stop signal used by containers in their respective container statuses.
This KEP proposes allowing users to reduce a PersistentVolumeClaim (PVC) size after a failed expansion due to storage provider limitations. To prevent quota abuse, a new field, pvc.Status.AllocatedResources
, ensures accurate tracking. Users can retry expansion with a smaller size, and quota calculations will use the maximum of pvc.Spec.Capacity
and pvc.Status.AllocatedResources
.
This KEP is tracked for beta in the ongoing release cycle.
Last Week In Kubernetes Development (LWKD) is a product of multiple contributors participating in Kubernetes SIG Contributor Experience. All original content is licensed Creative Commons Share-Alike, although linked content and images may be differently licensed. LWKD does collect some information on readers, see our privacy notice for details.
You may contribute to LWKD by submitting pull requests or issues on the LWKD github repo.