The Java client for Kubernetes contains a security flaw which allows overwriting unauthorized files when using Copy on pods. Upgrade to client versions 11.0.0/10.0.1/9.0.2 to fix this issue in your own Java applications.
The Production Readiness team plans to make PRR approval required for KEPs in 1.21 and later. Discussion will ensue, partly because there are only 3 people on the PRR and it could become a bottleneck.
SIG-Node will tackle adding swap support to Kubernetes for 1.22.
Jeremy Rickard will become a Technical Lead for SIG-Release.
Next Deadline: Enhancements Freeze, Feb. 9
Kubernetes 1.21, led by Nabarun Pal, now has a release schedule, including Enhancements Freeze on Feb 9ths, Code Freeze on March 9th, and final release on April 8th. Start working on those KEPS!
SIG-Release will be updating kubernetes-dev with monthly (or more frequent) status reports.
1.20.2, 1.19.7, 1.18.15, and 1.17.17 patch releases are expected out on Wednesday. Note that this is likely to be the next-to-last patch release for 1.17, so if you’re running it, start thinking about upgrades.
The LWKD authors would like to thank aledbf for his tireless work on ingress-nginx. As part of him moving on to new projects, ingress-nginx is looking for new maintainers and contributors. If you’re interested in getting involved, please contact SIG-Network or respond on the ticket.
The WG-Naming team has finalized a recommendation for replacing “whitelist”/”blacklist” terminology with “allowlist”/”denylist”. Check out the document for a detailed summary of the reasoning and alternatives, but as a tl;dr, please start updating terms as you are working on new features or updating existing subsystems.
- Only use a single tracker per authenticator
- Fix performance regression on ARM
- Correct NodePort quota counting error, backport to all versions
- OpenID Authenticator won’t pause 10 seconds
just to annoy youto verify tokens
- Proxy logs are now using structured logging
- More lease count metrics
- “aPIVersion” is not anyone’s idea of proper capitalization
- Make sure we remove block devices even if kubelet is a symlink
- docker-machine is gone from our build, since the project is EOL; you can still build Kubernetes using Docker locally if you want
Original Source: Week Ending January 10, 2021 | Last Week in Kubernetes Development