Last Week in Kubernetes Development: Week Ending May 31, 2020

Developer News

There are two new security vulnerabilities in Kubernetes components, one in kube-controller-manager, and one in a popular CNI component used in several overlay networks. Both issues have been patched in the most recent releases.

The Annual Patch Support discussion continues; currently folks are debating the impact of dependency support, particularly Golang and etcd. Also, node feature discovery has advanced this week.

The Protocol Buffers library we use, GoGoProtobuf, is looking for some new maintainers to take over the project. There was some additonal discussion on the SIG API-Machinery list as to if reverting to the mainline protobuf library is a viable backup plan. So far it appears it would be a big hit on serialization performance, though recent work upstream might improve that. If your company has been looking for a place to dive in and help both Kubernetes and the broader Go community, please do contact the GoGo team on their issue to discuss options.

Meeting Summary

The public Steering Committee meeting was yesterday. They discussed preparing for the 2020 SC election and a number of financial matters. This included AWS credits for Minikube, Digital Ocean credits for test-infra, and paying for the Kubernetes security audit.

Release Schedule

Next Deadline: Docs PRs Started, June 12

Today, the Release Team started Burndown meetings, and called for exceptions to Enhancements Freeze. v1.19.0-beta.1 should be released tommorrow for your testing pleasure.

The next set of patch releases (1.18.4, 1.17.7, 1.16.11) are due on June 17th, with a cherry-pick deadline of June 12th.

Featured PRs

#91502: remove –feature-gates=DynamicAuditing

The dynamic audit webhook subsystem has been removed. It had been in alpha since 1.13 and while there was broad support for the feature, there was no consensus on how to bring out of an alpha state. The best path forward for now is for interested parties to build on the existing (statically-configured) audit webhook system, some kind of dynamic repeater or fanout system. If anyone would like to rebuild the old API in that manner, please contact the SIG-Auth team.

#87077: Remove kubectl run generators

Another simple removal, though this time of a long-deprecated feature. kubectl run can now only be used to create single pods. Anyone wanting a CLI for creating ad-hoc deployments, jobs, or cronjobs should look at the kubectl create commands instead. If this isn’t suffcient, you can write a script to output the YAML and use myscript | kubectl apply -f - or similar. The create commands are also being improved for some of the common use cases previously addressed by run, such as adding a container port to a Deployment spec via --port.

If you were previously using kubetl run from scripts, consider instead storing the YAML manifests somewhere versioned and applying those instead.

Some now-defunct CLI options to kubectl run have been deprecated for future removal:

  • --generator
  • --replicas
  • --service-generator
  • --service-overrides
  • --schedule

Other Merges

Promotions

Deprecated

Version Updates

Original Source: http://lwkd.info/2020/20200601