The Amsterdam Contributor Summit has been cancelled, and will not be held as a virtual version either in order to limit “virtual conference fatigue.” The next contributor summit will be in Boston. The New Contributor Workshop is moving to an online-only version that should be ready sometime in July.
Kubernetes is looking to move to distroless containers for many components. This may break many Flexvolume drivers, which can rely on Linux utilities to work. Please participate in the SIG-Storage discussion if that includes your driver.
Next Deadline: Enhancement Freeze, May 19th
Version 1.15.12, released last week, is the final patch for v1.15. If you’re still on 1.15, it’s time to upgrade or get support from a vendor. v1.16 will likely have extended support, but v1.15 does not.
Also, v1.19alpha3 is ready for your testing.
Another big step towards treating Docker like all other runtime plugins, there is now a
dockerless build flag which can make a
docker/docker-free Kubelet. The KEP goes into greater detail about the rationale, but the short of it is a desire to have a more unified flow within the Kubelet code to reduce the risks of differences in behavior, as well as generally having less code to maintain.
Minimal images! Or at least much more minimal. This week introduced a new go-runner tool which takes the place of the older bash scripts for log file management, and container images based on the Distroless project and
go-runner. This reduces both container size and security surface area by a lot, and hopefully will improve logging performance too! Hopefully this experiment will be a success and the rest of the images will join them soon. As mentioned above, please join the SIG discussions if this change will impact you.
And finally a small but mighty change, adding support for several TLS 1.3 ciphers for clients which can use them. This was identified by the Trail of Bits security audit as part of a larger request to improve our TLS by only supporting safe ciphers.
- Fork IPVS in order to fix an old kernel compatibility issue and yet have IPVS+docker still work
- Topology spreading has a maxSkew score config to better randomize node selection among desirable nodes
- Only resync load balancing pools if relevant fields change
- client-go’s rest.Config can override proxy configuration for multicluster managers
- “No nodes available” will count as unschedulable, not errors
kubeadm upgradepulls images during preflight checks instead of using a DaemonSet
- Fix chronic Azure disk attach issue
- If a cloud node doesn’t exist, don’t check shutdown status
- cloud-controller-manager is moving to staging, which requires limiting imports from the k/k tree
- Make CSI migration actually work on Azure, backported
cloud.google.com/network-tierannotation is available by default
- debian base images to use debian-base:v2.1.0 and debian-iptables:v12.1.0, at least those not switched to distroless
- kube-cross to v1.12.17-2
- kube-dns to 1.15.10
Original Source: http://lwkd.info/2020/20200512