LWKD: Week Ending November 24, 2024
Week Ending November 24, 2024
Developer News
If you attended the Kubernetes Contributor Summit in Salt Lake City, please complete the post-event survey.
SIG-Security shared CVE-2024-10220, which allowed attackers to use a gitRepo volume for unauthorized file access. This vulnerability was patched in versions 1.31.0, 1.30.3, 1.29.7, and 1.28.12; if you are running older versions, please upgrade.
Release Schedule
Next Deadline: Release Highlights completion, December 3rd
Docs freeze is in effect as of Tuesday 26th November. We are now in the final phases of the v1.32 release cycle with the scheduled release date just two weeks away.
Kubernetes v1.32.0-rc.0 is live!. v1.32.0-rc.1 is scheduled to be cut on Monday, December 3rd.
KEP of the Week
KEP-3157: Allow informers for getting a stream of data instead of chunking
This KEP addresses the kube-apiserver's vulnerability to excessive memory consumption caused by LIST requests in large clusters, which can lead to server crashes, node pressure, and workload disruption. To solve this, it proposes reducing temporary memory usage from an exponential scale to a manageable constant, leveraging the watch cache to reduce etcd load, ensuring consistent and fresh LIST responses, and maintaining backward compatibility—all while protecting the server and its node from OOM scenarios
This KEP is tracked for beta release in the ongoing v1.32 cycle.
Other Merges
- Validate DRA Node Selector Labels even on upgraded objects; while this is a backwards-incompatible change, it's not expected to break anything
Version Updates
- golang to 1.23.3 in 1.32, and to 1.22.9 in older releases