There are two new security vulnerabilities in Kubernetes components, one in kube-controller-manager, and one in a popular CNI component used in several overlay networks. Both issues have been patched in the most recent releases.
The Protocol Buffers library we use, GoGoProtobuf, is looking for some new maintainers to take over the project. There was some additonal discussion on the SIG API-Machinery list as to if reverting to the mainline protobuf library is a viable backup plan. So far it appears it would be a big hit on serialization performance, though recent work upstream might improve that. If your company has been looking for a place to dive in and help both Kubernetes and the broader Go community, please do contact the GoGo team on their issue to discuss options.
The public Steering Committee meeting was yesterday. They discussed preparing for the 2020 SC election and a number of financial matters. This included AWS credits for Minikube, Digital Ocean credits for test-infra, and paying for the Kubernetes security audit.
Next Deadline: Docs PRs Started, June 12
Today, the Release Team started Burndown meetings, and called for exceptions to Enhancements Freeze. v1.19.0-beta.1 should be released tommorrow for your testing pleasure.
The next set of patch releases (1.18.4, 1.17.7, 1.16.11) are due on June 17th, with a cherry-pick deadline of June 12th.
The dynamic audit webhook subsystem has been removed. It had been in alpha since 1.13 and while there was broad support for the feature, there was no consensus on how to bring out of an alpha state. The best path forward for now is for interested parties to build on the existing (statically-configured) audit webhook system, some kind of dynamic repeater or fanout system. If anyone would like to rebuild the old API in that manner, please contact the SIG-Auth team.
Another simple removal, though this time of a long-deprecated feature.
kubectl run can now only be used to create single pods. Anyone wanting a CLI for creating ad-hoc deployments, jobs, or cronjobs should look at the
kubectl create commands instead. If this isn’t suffcient, you can write a script to output the YAML and use
myscript | kubectl apply -f - or similar. The
create commands are also being improved for some of the common use cases previously addressed by
run, such as adding a container port to a Deployment spec via
If you were previously using
kubetl run from scripts, consider instead storing the YAML manifests somewhere versioned and applying those instead.
Some now-defunct CLI options to
kubectl run have been deprecated for future removal:
- Metric types bounded to a known list
- Our CLI will now error out on “false flags” that use non-ASCII dashes
--provider-idmoved to config file; will get removed in a couple of versions
- Prevent etcd-removal catch-22 in
- Take the number of images into account for node topology
- Target specific AWS Loadbalancer nodes using annotations
- Azure Disk migration to beta
kubectl rungenerator flags
- No more
kubectl apply --server-dry-runbecause Dry Run is now GA and doesn’t require an extra flag
Original Source: http://lwkd.info/2020/20200601