LWKD: Week Ending April 6, 2025
Developer News
KubeCon + CloudNativeCon EU took place last week in London, along with the CNCF Maintainer Summit. The recordings of the talks would be uploaded to the CNCF YouTube channel soon.
Photographs from the Maintainer Summit can be found in this Flickr album. Photographs from KubeCon + CloudNativeCon are being uploaded here.
If you haven't done it already, do submit your feedback for the Maintainer Summit before April 18th!
Release Schedule
Next Deadline: Release day, April 23
Kubernetes v1.33.0-rc.0 is now available for your testing pleasure.
We are less than two weeks away from the scheduled release date for Kubernetes v1.33!
KEP of the Week
KEP 3619: Fine-grained SupplementalGroups control
This KEP adds a new way to choose correct behaviour with how container runtimes are applying SupplementalGroups to the first container process. Previous to this KEP, supplemental groups attached to containers were defined at two levels in Kubernetes - the OCI image level as well as the Kubernetes API level. The Kubernetes API level PodSecurityContext.{RunAsUser, RunAsGroup, SupplementalGroups} was designed to override the config.User configuration of OCI images. But in the current implementation, even if supplemental groups are defined at the Kubernetes API level, the group memberships defined in the container image for the UID are attached to the container process. This KEP proposes changes to both the Kubernets API and the CRI API to fix this issue.
This KEP is driven by @everpeace and is tracked to graduate to beta in the v1.33 cycle.
Shoutouts
No shoutouts this week. Want to thank someone for special efforts to improve Kubernetes? Tag them in the #shoutouts channel.