Last Week in Kubernetes Development: Week Ending May 10, 2020

Developer News

The Amsterdam Contributor Summit has been cancelled, and will not be held as a virtual version either in order to limit “virtual conference fatigue.” The next contributor summit will be in Boston. The New Contributor Workshop is moving to an online-only version that should be ready sometime in July.

Kubernetes is looking to move to distroless containers for many components. This may break many Flexvolume drivers, which can rely on Linux utilities to work. Please participate in the SIG-Storage discussion if that includes your driver.

Release Schedule

Next Deadline: Enhancement Freeze, May 19th

Version 1.15.12, released last week, is the final patch for v1.15. If you’re still on 1.15, it’s time to upgrade or get support from a vendor. v1.16 will likely have extended support, but v1.15 does not.

Also, v1.19alpha3 is ready for your testing.

Featured PRs

#87746: Support compiling Kubelet w/o docker/docker

Another big step towards treating Docker like all other runtime plugins, there is now a dockerless build flag which can make a docker/docker-free Kubelet. The KEP goes into greater detail about the rationale, but the short of it is a desire to have a more unified flow within the Kubelet code to reduce the risks of differences in behavior, as well as generally having less code to maintain.

#90674: Switch core master base images (kube-apiserver, kube-scheduler) from debian to distroless

Minimal images! Or at least much more minimal. This week introduced a new go-runner tool which takes the place of the older bash scripts for log file management, and container images based on the Distroless project and go-runner. This reduces both container size and security surface area by a lot, and hopefully will improve logging performance too! Hopefully this experiment will be a success and the rest of the images will join them soon. As mentioned above, please join the SIG discussions if this change will impact you.

#90843: Add support for TLS 1.3 ciphers

And finally a small but mighty change, adding support for several TLS 1.3 ciphers for clients which can use them. This was identified by the Trail of Bits security audit as part of a larger request to improve our TLS by only supporting safe ciphers.

Other Merges

Version Updates

Original Source: http://lwkd.info/2020/20200512