From f2f15465cf8db7ada3f2e208c5dfa5a411e5412a Mon Sep 17 00:00:00 2001 From: Josh Berkus Date: Tue, 10 Sep 2024 10:02:29 -0500 Subject: [PATCH 1/7] Blank 9/8 issue Signed-off-by: Josh Berkus --- _posts/2024-09-08-update.md | 40 +++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 _posts/2024-09-08-update.md diff --git a/_posts/2024-09-08-update.md b/_posts/2024-09-08-update.md new file mode 100644 index 00000000..ecde751a --- /dev/null +++ b/_posts/2024-09-08-update.md @@ -0,0 +1,40 @@ +--- +layout: post +title: Week Ending September 8, 2024 +date: 2024-09-11 22:00:00 -0000 +slug: 2024-09-08-update +--- + +## Developer News + + +## Release Schedule + +**Next Deadline:** + + +## Featured PRs + + +## KEP of the Week + + +## Other Merges + +* + +## Promotions + +* + +## Deprecated + +* + +## Version Updates + +* + +## Subprojects and Dependency Updates + +* From a026abd02c9c202f3fc3f050fb513d15c49975f4 Mon Sep 17 00:00:00 2001 From: Josh Berkus Date: Tue, 10 Sep 2024 10:40:21 -0500 Subject: [PATCH 2/7] Add partial misc merges, developer news for 9/8 From training session with Aakansha. Signed-off-by: Josh Berkus --- _posts/2024-09-08-update.md | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/_posts/2024-09-08-update.md b/_posts/2024-09-08-update.md index ecde751a..c88d452c 100644 --- a/_posts/2024-09-08-update.md +++ b/_posts/2024-09-08-update.md @@ -21,19 +21,13 @@ slug: 2024-09-08-update ## Other Merges -* +* Regular init containers [do not use the Sidecar code path](https://github.com/kubernetes/kubernetes/pull/127162), [preventing startup failures](https://github.com/kubernetes/kubernetes/pull/126543) +* [`kubeadm upgrade apply`](https://github.com/kubernetes/kubernetes/pull/126032) and [`kubeadm upgrade node`](https://github.com/kubernetes/kubernetes/pull/127242) can upgrade just the addons or other specific elements, or skip them +* New metrics: [inflight_events](https://github.com/kubernetes/kubernetes/pull/127052) for QueueingHints ## Promotions -* - -## Deprecated - -* - -## Version Updates - -* +* [AnonymousAuthConfigurableEndpoints to Beta](https://github.com/kubernetes/kubernetes/pull/127009) ## Subprojects and Dependency Updates From 9d910c23302b5c54a923704380d3fd2fbbf8ebd4 Mon Sep 17 00:00:00 2001 From: Josh Berkus Date: Tue, 10 Sep 2024 10:41:30 -0500 Subject: [PATCH 3/7] More additions from training session for 9/8. Signed-off-by: Josh Berkus --- _posts/2024-09-08-update.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/_posts/2024-09-08-update.md b/_posts/2024-09-08-update.md index c88d452c..3272a588 100644 --- a/_posts/2024-09-08-update.md +++ b/_posts/2024-09-08-update.md @@ -7,6 +7,11 @@ slug: 2024-09-08-update ## Developer News +You have one more week to [propose sessions for the Contributor Summit](https://docs.google.com/forms/d/e/1FAIpQLSfqdvHnS4HVZQXdBmZHClgUbAodxEGH18t365qqdgtn0hhx-Q/viewform), including presentations, discussions, and SIG/Team meetings. The [Unconference Topics](https://github.com/kubernetes/community/issues/7993) issue is ready for your discussion ideas. + +SIG-Node is [thinking about dynamic batch workloads](https://docs.google.com/document/d/1J8Aq0XzN8BiNdWHXSEGA1Xw2nXcZRSKTMoi-tNh7FTc/edit). + +Tim Hockins wants [your answers to silly Kubernetes questions](https://docs.google.com/forms/d/e/1FAIpQLSezZYoY19Z-kp_sWE5IrXyJmyOIGiUgi7SvkZhhs688UCPwww/viewform). ## Release Schedule From 5807072b2ea41713162149015aaf7353f354ff17 Mon Sep 17 00:00:00 2001 From: scarolan Date: Tue, 10 Sep 2024 14:50:09 -0400 Subject: [PATCH 4/7] Added minikube release --- _posts/2024-09-08-update.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/_posts/2024-09-08-update.md b/_posts/2024-09-08-update.md index 3272a588..e27e4732 100644 --- a/_posts/2024-09-08-update.md +++ b/_posts/2024-09-08-update.md @@ -15,6 +15,13 @@ Tim Hockins wants [your answers to silly Kubernetes questions](https://docs.goog ## Release Schedule +* [minikube v1.34. is out](https://github.com/kubernetes/minikube/releases/tag/v1.34.0) + * support for Kubernetes v1.31.0 + * a brand new driver for macOS: “vfkit” + * new addon: Volcano + * support for x86 qemu emulation on arm64 + * a new short hand -c for --container-runtime and -d for --driver + * bring back support for parallels driver **Next Deadline:** From f65789f7a54b4b3f325217442ce88a09faf79a58 Mon Sep 17 00:00:00 2001 From: Mario Fahlandt Date: Wed, 11 Sep 2024 00:18:30 +0200 Subject: [PATCH 5/7] Add Subprojects and Dependency Updates for 0908 --- _posts/2024-09-08-update.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/_posts/2024-09-08-update.md b/_posts/2024-09-08-update.md index 3272a588..0903137f 100644 --- a/_posts/2024-09-08-update.md +++ b/_posts/2024-09-08-update.md @@ -36,4 +36,10 @@ Tim Hockins wants [your answers to silly Kubernetes questions](https://docs.goog ## Subprojects and Dependency Updates -* +* [csi-driver-nfs v4.9.0](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.9.0) fix CVE-2024-5321 +* [csi-driver-host-path v1.15.0](https://github.com/kubernetes-csi/csi-driver-host-path/releases/tag/v1.15.0) external-resizer to v1.11.2 +* [csi-driver-smb v1.16.0](https://github.com/kubernetes-csi/csi-driver-smb/releases/tag/v1.16.0) fix CVE-2024-5321 +* [cri-o v1.30.5](https://github.com/cri-o/cri-o/releases/tag/v1.30.5) update of checks for internal repair feature & add a new `crio check` sub-command; also [v1.29.8](https://github.com/cri-o/cri-o/releases/tag/v1.29.8)[v1.28.10](https://github.com/cri-o/cri-o/releases/tag/v1.28.10) +* [cloud-provider-openstack v1.31.0](https://github.com/kubernetes/cloud-provider-openstack/releases/tag/v1.31.0) occm add dnsPolicy feature +* [kubespray v2.26.0](https://github.com/kubernetes-sigs/kubespray/releases/tag/v2.26.0) Make kubernetes v1.30.4 default +* [minikube to v1.34.0](https://github.com/kubernetes/minikube/releases/tag/v1.34.0) support for x86 qemu emulation on arm64 From 187828799187df32bd90737837c5ebfbd08fa57c Mon Sep 17 00:00:00 2001 From: Aakansha Priya <66666593+priyaaakansha@users.noreply.github.com> Date: Wed, 11 Sep 2024 20:16:10 +0530 Subject: [PATCH 6/7] Added KEP of the Week --- _posts/2024-09-08-update.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/_posts/2024-09-08-update.md b/_posts/2024-09-08-update.md index 0903137f..dd71e5f9 100644 --- a/_posts/2024-09-08-update.md +++ b/_posts/2024-09-08-update.md @@ -23,6 +23,12 @@ Tim Hockins wants [your answers to silly Kubernetes questions](https://docs.goog ## KEP of the Week +### [KEP 4601: Authorize with Field and Label Selectors](https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/4601-authorize-with-selectors) + +This KEP enhancement extends Kubernetes authorization attributes to include field and label selectors for `List`, `Watch`, and `DeleteCollection` verbs, allowing authorizers to make more granular security decisions. This enables out-of-tree authorizers to experiment with restrictions based on selectors, improving per-node workload security. Additionally, field and label selectors will be added to webhook authorization types, Subject Access Reviews (SSAR, SAR, Local SAR), and the node authorizer (restricting by `nodeName`), and will be integrated into the CEL authorizer for more advanced policy evaluations. + +This KEP is tracked for alpha release in v1.32. + ## Other Merges From 83a11f06d2ea54e02d5a27f83aa22a7fe28415a0 Mon Sep 17 00:00:00 2001 From: Josh Berkus Date: Wed, 11 Sep 2024 14:44:21 -0700 Subject: [PATCH 7/7] Finish 9/8 edition. Signed-off-by: Josh Berkus --- _posts/2024-09-08-update.md | 49 ++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 20 deletions(-) diff --git a/_posts/2024-09-08-update.md b/_posts/2024-09-08-update.md index ad803da6..2e0b07d6 100644 --- a/_posts/2024-09-08-update.md +++ b/_posts/2024-09-08-update.md @@ -1,12 +1,14 @@ --- layout: post title: Week Ending September 8, 2024 -date: 2024-09-11 22:00:00 -0000 +date: 2024-09-11 21:00:00 -0000 slug: 2024-09-08-update --- ## Developer News +SIG-ContribEx is hosting the first monthly [New Contributor Orientation](https://groups.google.com/a/kubernetes.io/g/dev/c/s1hvKqRYhP4). Held on the first Tuesday of each month, this 1-hour video session will help new contributors figure out "where do I get started?" The first one is at 8:30UTC and again at 15:30UTC on September 17th. + You have one more week to [propose sessions for the Contributor Summit](https://docs.google.com/forms/d/e/1FAIpQLSfqdvHnS4HVZQXdBmZHClgUbAodxEGH18t365qqdgtn0hhx-Q/viewform), including presentations, discussions, and SIG/Team meetings. The [Unconference Topics](https://github.com/kubernetes/community/issues/7993) issue is ready for your discussion ideas. SIG-Node is [thinking about dynamic batch workloads](https://docs.google.com/document/d/1J8Aq0XzN8BiNdWHXSEGA1Xw2nXcZRSKTMoi-tNh7FTc/edit). @@ -15,33 +17,39 @@ Tim Hockins wants [your answers to silly Kubernetes questions](https://docs.goog ## Release Schedule -* [minikube v1.34. is out](https://github.com/kubernetes/minikube/releases/tag/v1.34.0) - * support for Kubernetes v1.31.0 - * a brand new driver for macOS: “vfkit” - * new addon: Volcano - * support for x86 qemu emulation on arm64 - * a new short hand -c for --container-runtime and -d for --driver - * bring back support for parallels driver -**Next Deadline:** +**Next Deadline: Production Readiness Freeze, October 3** +As of this Monday, the 1.32 release cycle is underway. The team and [schedule](https://github.com/kubernetes/sig-release/tree/master/releases/release-1.32) will be final this Friday, and Release Lead Frederico Muñoz has [shared what to expect](https://groups.google.com/a/kubernetes.io/g/dev/c/FEOjzuqMEv8). Major deadlines include: -## Featured PRs +- Enhancements freeze: Friday 11th October 2024 +- Code & Test freeze: Friday 8th November 2024 +- Docs freeze: Tuesday 26th November 2024 +- Release day: Wednesday 11th December 2024 +Patch releases for all supported versions are expected out this week. ## KEP of the Week ### [KEP 4601: Authorize with Field and Label Selectors](https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/4601-authorize-with-selectors) -This KEP enhancement extends Kubernetes authorization attributes to include field and label selectors for `List`, `Watch`, and `DeleteCollection` verbs, allowing authorizers to make more granular security decisions. This enables out-of-tree authorizers to experiment with restrictions based on selectors, improving per-node workload security. Additionally, field and label selectors will be added to webhook authorization types, Subject Access Reviews (SSAR, SAR, Local SAR), and the node authorizer (restricting by `nodeName`), and will be integrated into the CEL authorizer for more advanced policy evaluations. +This KEP extends Kubernetes authorization attributes to include field and label selectors for `List`, `Watch`, and `DeleteCollection` verbs, allowing authorizers to make more granular security decisions. This enables out-of-tree authorizers to experiment with restrictions based on selectors, improving per-node workload security. Additionally, field and label selectors will be added to webhook authorization types, Subject Access Reviews (SSAR, SAR, Local SAR), and the node authorizer (restricting by `nodeName`), and will be integrated into the CEL authorizer for more advanced policy evaluations. This KEP is tracked for alpha release in v1.32. - ## Other Merges +* Accelerate responses for [false negative access requests](https://github.com/kubernetes/kubernetes/pull/127098), speeding up workload startup +* Use [FormatOnly in gengo](https://github.com/kubernetes/kubernetes/pull/127011), which also involved making hundreds of API names unique; if you haven't refreshed your repo copy after this merge, better do so * Regular init containers [do not use the Sidecar code path](https://github.com/kubernetes/kubernetes/pull/127162), [preventing startup failures](https://github.com/kubernetes/kubernetes/pull/126543) +* APIServer [can offer UID headers](https://github.com/kubernetes/kubernetes/pull/115834) * [`kubeadm upgrade apply`](https://github.com/kubernetes/kubernetes/pull/126032) and [`kubeadm upgrade node`](https://github.com/kubernetes/kubernetes/pull/127242) can upgrade just the addons or other specific elements, or skip them -* New metrics: [inflight_events](https://github.com/kubernetes/kubernetes/pull/127052) for QueueingHints +* Prevent InFlightPods [from having more than one element](https://github.com/kubernetes/kubernetes/pull/127016) +* Remove [conntrack binary](https://github.com/kubernetes/kubernetes/pull/126847) from kube-proxy +* Dynamic client-go [won't panic](https://github.com/kubernetes/kubernetes/pull/126809) when it sees an UnstructuredList +* Auto-restart init containers [stuck in "created"](https://github.com/kubernetes/kubernetes/pull/126543) +* tryRegisterWithAPIServer [continues](https://github.com/kubernetes/kubernetes/pull/126318) whether or not it can create a node +* New metrics: [inflight_events](https://github.com/kubernetes/kubernetes/pull/127052) for QueueingHints (but [check for memory overflow](https://github.com/kubernetes/kubernetes/pull/127154)) +* Test improvements: [NodeAffinity integration](https://github.com/kubernetes/kubernetes/pull/127139), [image volume sharing](https://github.com/kubernetes/kubernetes/pull/126991) ## Promotions @@ -49,10 +57,11 @@ This KEP is tracked for alpha release in v1.32. ## Subprojects and Dependency Updates -* [csi-driver-nfs v4.9.0](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.9.0) fix CVE-2024-5321 -* [csi-driver-host-path v1.15.0](https://github.com/kubernetes-csi/csi-driver-host-path/releases/tag/v1.15.0) external-resizer to v1.11.2 -* [csi-driver-smb v1.16.0](https://github.com/kubernetes-csi/csi-driver-smb/releases/tag/v1.16.0) fix CVE-2024-5321 -* [cri-o v1.30.5](https://github.com/cri-o/cri-o/releases/tag/v1.30.5) update of checks for internal repair feature & add a new `crio check` sub-command; also [v1.29.8](https://github.com/cri-o/cri-o/releases/tag/v1.29.8)[v1.28.10](https://github.com/cri-o/cri-o/releases/tag/v1.28.10) -* [cloud-provider-openstack v1.31.0](https://github.com/kubernetes/cloud-provider-openstack/releases/tag/v1.31.0) occm add dnsPolicy feature -* [kubespray v2.26.0](https://github.com/kubernetes-sigs/kubespray/releases/tag/v2.26.0) Make kubernetes v1.30.4 default -* [minikube to v1.34.0](https://github.com/kubernetes/minikube/releases/tag/v1.34.0) support for x86 qemu emulation on arm64 +* [minikube v1.34](https://github.com/kubernetes/minikube/releases/tag/v1.34.0): Kubernetes 1.31 support, ARM 64 qemu, Volcano addon +* [csi-driver-nfs v4.9.0](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.9.0): fix CVE-2024-5321 +* [csi-driver-host-path v1.15.0](https://github.com/kubernetes-csi/csi-driver-host-path/releases/tag/v1.15.0): external-resizer to v1.11.2 +* [csi-driver-smb v1.16.0](https://github.com/kubernetes-csi/csi-driver-smb/releases/tag/v1.16.0): fix CVE-2024-5321 +* [cri-o v1.30.5](https://github.com/cri-o/cri-o/releases/tag/v1.30.5): update of checks for internal repair feature & add a new `crio check` sub-command; also [v1.29.8](https://github.com/cri-o/cri-o/releases/tag/v1.29.8)[v1.28.10](https://github.com/cri-o/cri-o/releases/tag/v1.28.10) +* [cloud-provider-openstack v1.31.0](https://github.com/kubernetes/cloud-provider-openstack/releases/tag/v1.31.0): occm add dnsPolicy feature +* [kubespray v2.26.0](https://github.com/kubernetes-sigs/kubespray/releases/tag/v2.26.0): Make kubernetes v1.30.4 default +* [python-client v31.0.0b1](https://github.com/kubernetes-client/python/blob/release-31.0/CHANGELOG.md): DRA changes, leader elections, UserNamespaces