LWKD: Week Ending June 12, 2022
Developer News
Ingress-nginx has a security issue which allows accessing cluster secrets. Upgrade to 1.2.1 or above as soon as possible.
The blog subproject is looking for contributors help them publish new posts. Folks can review upcoming blog posts on the kubernetes/website repository with the label area/blog. Before joining the effort, make sure to read through the blog guide and the style guide. Reach out to #sig-docs-blog to collaborate or ask any questions.
SIG-Release is updating their roadmap, watch the presentation. Josh Berkus has been nominated to chair SIG-Contributor Experience.
Release Schedule
Next Deadline: Enhancements Freeze June 23rd (PRR June 16th)
The Enhancements Freeze has been pushed back to June 23rd to accommodate the many SIGs with a backlog of KEPs to review. Please get your draft KEPs to Production Readiness by this Thursday (the 16th).
New patch releases for all supported versions are planned for this Wednesday.
Featured PRs
enhancements#2813: [Bucket API] KEP updates for API review
The Container Object Storage Interface (COSI) team has merged a PR targeting a revamped COSI API to be alpha in 1.25. COSI is a plugin framework similar to CSI but for object storage systems rather than block storage. The end goal is to provide a basic abstraction layer and self-service toolkit for object storage just as we do for block storage. This includes provisioning and deprovisioning the buckets themselves, a simplified access policy abstraction, and being able to provide a workload with credentials or other access information to use the storage bucket.
enhancements#3179: KEP-3178: Cleaning up IPTables Chain Ownership
Both kube-proxy and kubelet create/manage IPTables firewall rules at various points in the codebase. This KEP aims to clarify and streamline things so we can converge on kube-proxy owning all the rules it needs to operate. This will both improve code clarity and streamline things for users of alternate service proxy implementations.
enhancements#3289: KEP 3288: Split stdout and stderr log stream
A common UNIX convention (at least as applied to containers) is to write basic log data to stdout and errors or other exceptional issues to stderr. While we expose container logs via kubectl logs and the matching APIs, it only returns the combined stream of both types of output. This KEP seeks to add a Stream field to PodLogOptions to allow retrieving just one of the two when desirable.
Other Merges
- Service strategy stops depending on IP families
- Azure CSI disk migrations are on by default
- OpenAPI handles defaults the same way as CRD spec and doesn't duplicate schema items
- Audit won't panic over int64 values in the logs, or fail to encode "Delete Namespace"
- Jobs should only say they failed once
- Terminal-phase pods will never report "ready"
- Replace backwards compatibility for endpoints with blank NodeNames
- kubeadm can print manifests for kube-proxy and CoreDNS
- EndpointSlice controller will ignore Slices being deleted
- Refactor IngressClassName API docs
- Add some tests to contextual logging
- Improve test stability by shutting down auth tests cleanly
Also, lots of backports of fixes from the last month.