Merge pull request #431 from kubernetes-sigs/20240908

Publish 9/8 edition

_posts/2024-09-08-update.md

@@ -0,0 +1,67 @@
+---
+layout: post
+title: Week Ending September 8, 2024
+date: 2024-09-11 21:00:00 -0000
+slug: 2024-09-08-update
+---
+
+## Developer News
+
+SIG-ContribEx is hosting the first monthly [New Contributor Orientation](https://groups.google.com/a/kubernetes.io/g/dev/c/s1hvKqRYhP4).  Held on the first Tuesday of each month, this 1-hour video session will help new contributors figure out "where do I get started?" The first one is at 8:30UTC and again at 15:30UTC on September 17th.
+
+You have one more week to [propose sessions for the Contributor Summit](https://docs.google.com/forms/d/e/1FAIpQLSfqdvHnS4HVZQXdBmZHClgUbAodxEGH18t365qqdgtn0hhx-Q/viewform), including presentations, discussions, and SIG/Team meetings. The [Unconference Topics](https://github.com/kubernetes/community/issues/7993) issue is ready for your discussion ideas.
+
+SIG-Node is [thinking about dynamic batch workloads](https://docs.google.com/document/d/1J8Aq0XzN8BiNdWHXSEGA1Xw2nXcZRSKTMoi-tNh7FTc/edit).
+
+Tim Hockins wants [your answers to silly Kubernetes questions](https://docs.google.com/forms/d/e/1FAIpQLSezZYoY19Z-kp_sWE5IrXyJmyOIGiUgi7SvkZhhs688UCPwww/viewform).
+
+## Release Schedule
+
+**Next Deadline: Production Readiness Freeze, October 3**
+
+As of this Monday, the 1.32 release cycle is underway.  The team and [schedule](https://github.com/kubernetes/sig-release/tree/master/releases/release-1.32) will be final this Friday, and Release Lead Frederico Muñoz has [shared what to expect](https://groups.google.com/a/kubernetes.io/g/dev/c/FEOjzuqMEv8).  Major deadlines include:
+
+- Enhancements freeze: Friday 11th October 2024
+- Code & Test freeze: Friday 8th November 2024
+- Docs freeze: Tuesday 26th November 2024
+- Release day: Wednesday 11th December 2024
+
+Patch releases for all supported versions are expected out this week.
+
+## KEP of the Week
+
+### [KEP 4601: Authorize with Field and Label Selectors](https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/4601-authorize-with-selectors)
+
+This KEP extends Kubernetes authorization attributes to include field and label selectors for `List`, `Watch`, and `DeleteCollection` verbs, allowing authorizers to make more granular security decisions. This enables out-of-tree authorizers to experiment with restrictions based on selectors, improving per-node workload security. Additionally, field and label selectors will be added to webhook authorization types, Subject Access Reviews (SSAR, SAR, Local SAR), and the node authorizer (restricting by `nodeName`), and will be integrated into the CEL authorizer for more advanced policy evaluations.
+
+This KEP is tracked for alpha release in v1.32.
+
+## Other Merges
+
+* Accelerate responses for [false negative access requests](https://github.com/kubernetes/kubernetes/pull/127098), speeding up workload startup
+* Use [FormatOnly in gengo](https://github.com/kubernetes/kubernetes/pull/127011), which also involved making hundreds of API names unique; if you haven't refreshed your repo copy after this merge, better do so
+* Regular init containers [do not use the Sidecar code path](https://github.com/kubernetes/kubernetes/pull/127162), [preventing startup failures](https://github.com/kubernetes/kubernetes/pull/126543)
+* APIServer [can offer UID headers](https://github.com/kubernetes/kubernetes/pull/115834)
+* [`kubeadm upgrade apply`](https://github.com/kubernetes/kubernetes/pull/126032) and [`kubeadm upgrade node`](https://github.com/kubernetes/kubernetes/pull/127242) can upgrade just the addons or other specific elements, or skip them
+* Prevent InFlightPods [from having more than one element](https://github.com/kubernetes/kubernetes/pull/127016)
+* Remove [conntrack binary](https://github.com/kubernetes/kubernetes/pull/126847) from kube-proxy
+* Dynamic client-go [won't panic](https://github.com/kubernetes/kubernetes/pull/126809) when it sees an UnstructuredList
+* Auto-restart init containers [stuck in "created"](https://github.com/kubernetes/kubernetes/pull/126543)
+* tryRegisterWithAPIServer [continues](https://github.com/kubernetes/kubernetes/pull/126318) whether or not it can create a node
+* New metrics: [inflight_events](https://github.com/kubernetes/kubernetes/pull/127052) for QueueingHints (but [check for memory overflow](https://github.com/kubernetes/kubernetes/pull/127154))
+* Test improvements: [NodeAffinity integration](https://github.com/kubernetes/kubernetes/pull/127139), [image volume sharing](https://github.com/kubernetes/kubernetes/pull/126991)
+
+## Promotions
+
+* [AnonymousAuthConfigurableEndpoints to Beta](https://github.com/kubernetes/kubernetes/pull/127009)
+
+## Subprojects and Dependency Updates
+
+* [minikube v1.34](https://github.com/kubernetes/minikube/releases/tag/v1.34.0): Kubernetes 1.31 support, ARM 64 qemu, Volcano addon
+* [csi-driver-nfs v4.9.0](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.9.0): fix CVE-2024-5321
+* [csi-driver-host-path v1.15.0](https://github.com/kubernetes-csi/csi-driver-host-path/releases/tag/v1.15.0): external-resizer to v1.11.2
+* [csi-driver-smb v1.16.0](https://github.com/kubernetes-csi/csi-driver-smb/releases/tag/v1.16.0): fix CVE-2024-5321
+* [cri-o v1.30.5](https://github.com/cri-o/cri-o/releases/tag/v1.30.5): update of checks for internal repair feature & add a new `crio check` sub-command; also [v1.29.8](https://github.com/cri-o/cri-o/releases/tag/v1.29.8)[v1.28.10](https://github.com/cri-o/cri-o/releases/tag/v1.28.10)
+* [cloud-provider-openstack v1.31.0](https://github.com/kubernetes/cloud-provider-openstack/releases/tag/v1.31.0): occm add dnsPolicy feature
+* [kubespray v2.26.0](https://github.com/kubernetes-sigs/kubespray/releases/tag/v2.26.0): Make kubernetes v1.30.4 default
+* [python-client v31.0.0b1](https://github.com/kubernetes-client/python/blob/release-31.0/CHANGELOG.md): DRA changes, leader elections, UserNamespaces