LWKD: Week Ending June 18, 2023
Developer News
Rita Zhang of SIG-Security has found and patched two security vulnerabilities in Kubernetes in ImagePolicy webhooks and ServiceAccount. Tim Allclair also found a vulnerability in seccomp. Might wanna apply those patch updates as soon as you can.
Michael Morris has stepped down as co-lead of Gateway API GAMMA.
The community is brainstorming designs for a new contributor badge for registered Kubernetes contributors; design help wanted.
Reminder: please migrate your Prow jobs to the new cluster.
Release Schedule
Next Deadline: Exception Requests Due, July 10th
We are in Enhancements Freeze with 67 Enhancements on the tracking board. That hasn't stopped the call for exceptions, though, with four already submitted.
Patch releases 1.27.3(yes, already), 1.26.6, 1.25.11, 1.24.15 came out last week. These include important security updates (see above). Note that next month's patch release will be the last for version 1.24, so maybe start thinking about upgrading.
Merges
- Add parameters to tests to enable ARM64 builds, and image credential providers for ARM and Windows
- Backoff, already: Pod failures won't increase the backoff, and Job controller backoff got refactored
- Etcd component health probes will use the etcd client, not http
- Certificates on installation will do a little time-travel and be valid for 1 hour into the past to allow for out-of-sync clocks
- ConversionWebhooks are the new WebhookConversions
- CronJob lastSuccessfulTime gets updated by manual Jobs
- Add warning that Kubernetes can't guarantee tracking of more than 10,000 parallel Jobs due to Etcd size limits
- Read system mount information faster with less overhead
- preStop hook won't block termination grace period
- Stop logging event errors for terminating Namespaces
- Contextual logging migrations: Job controller
Deprecated
- Deprecate the RBD in-tree driver; use CSI instead
- Deprecate two volume-host options in controller-manager