You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are two new security vulnerabilities in Kubernetes components, one in kube-controller-manager, and one in a popular CNI component used in several overlay networks. Both issues have been patched in the most recent releases.
The Protocol Buffers library we use, GoGoProtobuf, is looking for some new maintainers to take over the project. There was some additonal discussion on the SIG API-Machinery list as to if reverting to the mainline protobuf library is a viable backup plan. So far it appears it would be a big hit on serialization performance, though recent work upstream might improve that. If your company has been looking for a place to dive in and help both Kubernetes and the broader Go community, please do contact the GoGo team on their issue to discuss options.
Meeting Summary
The public Steering Committee meeting was yesterday. They discussed preparing for the 2020 SC election and a number of financial matters. This included AWS credits for Minikube, Digital Ocean credits for test-infra, and paying for the Kubernetes security audit.
Release Schedule
Next Deadline: Docs PRs Started, June 12
Today, the Release Team started Burndown meetings, and called for exceptions to Enhancements Freeze. v1.19.0-beta.1 should be released tommorrow for your testing pleasure.
The next set of patch releases (1.18.4, 1.17.7, 1.16.11) are due on June 17th, with a cherry-pick deadline of June 12th.
The dynamic audit webhook subsystem has been removed. It had been in alpha since 1.13 and while there was broad support for the feature, there was no consensus on how to bring out of an alpha state. The best path forward for now is for interested parties to build on the existing (statically-configured) audit webhook system, some kind of dynamic repeater or fanout system. If anyone would like to rebuild the old API in that manner, please contact the SIG-Auth team.
Another simple removal, though this time of a long-deprecated feature. kubectl run can now only be used to create single pods. Anyone wanting a CLI for creating ad-hoc deployments, jobs, or cronjobs should look at the kubectl create commands instead. If this isn’t suffcient, you can write a script to output the YAML and use myscript \| kubectl apply -f - or similar. The create commands are also being improved for some of the common use cases previously addressed by run, such as adding a container port to a Deployment spec via --port.
If you were previously using kubetl run from scripts, consider instead storing the YAML manifests somewhere versioned and applying those instead.
Some now-defunct CLI options to kubectl run have been deprecated for future removal:
Developer News
There are two new security vulnerabilities in Kubernetes components, one in kube-controller-manager, and one in a popular CNI component used in several overlay networks. Both issues have been patched in the most recent releases.
The Annual Patch Support discussion continues; currently folks are debating the impact of dependency support, particularly Golang and etcd. Also, node feature discovery has advanced this week.
The Protocol Buffers library we use, GoGoProtobuf, is looking for some new maintainers to take over the project. There was some additonal discussion on the SIG API-Machinery list as to if reverting to the mainline protobuf library is a viable backup plan. So far it appears it would be a big hit on serialization performance, though recent work upstream might improve that. If your company has been looking for a place to dive in and help both Kubernetes and the broader Go community, please do contact the GoGo team on their issue to discuss options.
Meeting Summary
The public Steering Committee meeting was yesterday. They discussed preparing for the 2020 SC election and a number of financial matters. This included AWS credits for Minikube, Digital Ocean credits for test-infra, and paying for the Kubernetes security audit.
Release Schedule
Next Deadline: Docs PRs Started, June 12
Today, the Release Team started Burndown meetings, and called for exceptions to Enhancements Freeze. v1.19.0-beta.1 should be released tommorrow for your testing pleasure.
The next set of patch releases (1.18.4, 1.17.7, 1.16.11) are due on June 17th, with a cherry-pick deadline of June 12th.
Featured PRs
#91502: remove –feature-gates=DynamicAuditing
The dynamic audit webhook subsystem has been removed. It had been in alpha since 1.13 and while there was broad support for the feature, there was no consensus on how to bring out of an alpha state. The best path forward for now is for interested parties to build on the existing (statically-configured) audit webhook system, some kind of dynamic repeater or fanout system. If anyone would like to rebuild the old API in that manner, please contact the SIG-Auth team.
#87077: Remove kubectl run generators
Another simple removal, though this time of a long-deprecated feature.
kubectl run
can now only be used to create single pods. Anyone wanting a CLI for creating ad-hoc deployments, jobs, or cronjobs should look at thekubectl create
commands instead. If this isn’t suffcient, you can write a script to output the YAML and usemyscript \| kubectl apply -f -
or similar. Thecreate
commands are also being improved for some of the common use cases previously addressed byrun
, such as adding a container port to a Deployment spec via--port
.If you were previously using
kubetl run
from scripts, consider instead storing the YAML manifests somewhere versioned and applying those instead.Some now-defunct CLI options to
kubectl run
have been deprecated for future removal:--generator
--replicas
--service-generator
--service-overrides
--schedule
Other Merges
scheduler\_total\_preemption\_attempts
renamed toscheduler\_preemption\_attempts\_total
for consistency--seccomp-profile-root
,--enable-server
and--provider-id
moved to config file; will get removed in a couple of versionskubeadm reset
Promotions
Azure Disk migration to beta
Deprecated
kubectl run
generator flagskubectl apply --server-dry-run
because Dry Run is now GA and doesn’t require an extra flagVersion Updates
The text was updated successfully, but these errors were encountered: