LWKD: Week ending January 19, 2025
Week Ending January 19, 2025
Developer News
CVE-2024-9042 is a security vulnerability on Windows nodes that could let some users issue arbitrary commands via the /logs endpoint. Patched in the latest update; all Windows users should update immediately.
Reminder to SIG and WG Chairs: Annual Reports are due soon. This year's AR is really short, so don't procrastinate on it, just do it.
Start using Feature, not NodeFeature for SIG-Node test labels.
Release Schedule
Next Deadline: Production Readiness Freeze, February 6
We're still in Enhancements development, and Nina has shared the first release newsletter with final dates for all release milestones. This includes:
- Enhancements Freeze: Friday, February 14th at 02:00 UTC
- Code and Test Freeze: Friday, March 20th at 02:00 UTC
- Release Day: Wednesday 23rd April 2025
On the 15th the project released patch updates 1.29.13, 1.30.9, 1.31.5. This update mainly patches the Windows security hole (above).
Featured PRs
129661: DRA CEL: Add Missing Size Estimator
This PR addresses a bug in the cost estimation of CEL expressions used in Device Resource Allocation (DRA).
Previously, attribute strings were treated as "unknown size", leading to overly high cost estimates and validation
errors for even basic expressions. The PR implements a proper size estimator, ensuring accurate cost calculations
by accounting for string lengths, map element limits, and avoiding misdefined pre-defined types like apiservercel.StringType.
This fix improves validation consistency and aligns with stored expression assumptions,
ensuring compatibility across version upgrades.
Other Merges
- Credential provider config to validate duplicate names early and preserve provider order
- kubeadm improved the kubeadm reset message for manual cleanups
- Portworx plugin's CSI translation fixed to copy secret name & namespace
- e2e test added for HonorPVReclaimPolicy
- Documentation added for EvictionPressureTransitionPeriod silently defaulting 0s to 5m
- JSONPatch unit tests added to the admission CEL type resolver for mutation
- Unit test helpers added to validate CEL and patterns in CustomResourceDefinitions
- util.NewIOHandler() replaced with fakeIOHandler to make unit tests pass on different host envs
- e2e tests added for SElinuxChangePolicy
- Documentation updated for EnvFromSource.Prefix to mention that it works for both ConfigMap and Secret
- Dependency on k8s.io/util/nsenter removed since kubelet --containerized flag is deprecated
Promotions
- CSIMigrationPortworx to GA
Deprecated
- KubeProxyDrainingTerminatingNodes feature gate removed after GA graduation