“This is the first day of my participation in the Gwen Challenge in November. See details of the event: The last Gwen Challenge in 2021”.
“K8S Ecology Weekly” mainly contains some recommended weekly information related to K8S ecology that I have come into contact with. Welcome to subscribe zhihu column “K8S Ecology”.
Docker v20.10.10 release
This is the 10th minor version of Docker v20.10. There are no particular common issues in this version, but due to the change in the net/ HTTP package behavior to $HTTP_PROXY in Go 1.16, So when you set up proxy for Docker daemon, make sure you set $HTTP_PROXY and $HTTPS_PROXY correctly.
For other changes to this release, refer to its Release enote. As for Docker V21.x, it won’t be released for a while, but it does add some noteworthy features, so I’ll share them with you soon.
The Helm V3.7 is released
Helm V3.7 is a feature release, so let’s take a look at some notable changes.
Changes related to OCI Chart support
helm chart exportdeletedhelm chart listdeletedhelm chart pull由helm pullInstead ofhelm chart push由helm pushInstead ofhelm chart removedeletedhelm chart save由helm packageInstead of
In addition, if the OCI Chart is created through the old version, it needs to be repackaged and uploaded using Helm V3.7.
Some new features
- new
helm uninstall --wait - new
helm show crds helm dependency listnew--max-col-widthSet the column widthhelm repo addnew--password-stdinUsed to enter a password from stdinhelm repo updateYou can now specify the REPO name to update- Helm added to the template engine
{{ .Chart.IsRoot }}
More information about changes to this release can be found in its ReleaseNote
Notary V2 Alpha1 released
Noker V1, also known as Docker Content Trust(DCT), was primarily released for Docker Hub at the time. Much has changed since then, and some design choices around the first use of TOFU, key management, and lack of Content promotion within and across registries have become limiting factors for Docker Content Trust and Notary V1.
Friend of Notary do not understand, can see two years ago I write an article from K8S ecological review | TUF officially graduated from CNCF “in this article introduces the TUF and Notary, etc. I’m not going to expand it here.
Notary V2 supports the signing of all artifacts (container images, software bill of materials, scan results) stored in the REGISTRY for OCI-based distribution and enhances the ORAS artifact specification. A key tenet of Notary V2 is that it enables the promotion of signed artifacts within and across registries, including private network environments.
Its working process is shown in the figure below:
The most notable change in Notary V2 is the ease of use improvements, including the release of a CLI tool called Notation. You can create certificates, sign, verify, etc.
(MoeLove) ➜ ~ notation NAME: notation-notation-notary V2 USAGE: notation [global options]command [command options] [arguments...]
VERSION:
0.7.0-alpha.1
AUTHOR:
CNCF Notary Project
COMMANDS:
sign Signs artifacts
verify Verifies OCI Artifacts
push Push signature to remote
pull Pull signatures from remote
list, ls List signatures from remote
certificate, cert Manage certificates used for verification
key Manage keys used for signing
cache Manage signature cache
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help (default: false)
--version, -v print the version (default: false)
Copy the codeThe most notable features in this release are offline signature creation and support for the OCI distribution specification. Certificate revocation, policy support, and more will be supported in future releases. See ReleaseNote for more information
The Docker Hub Registry announces support for IPv6
With the gradual popularity of IPv6, more and more users around the world are using IPv6 networks, but Docker Hub does not support IPv6 networks. After listening to community feedback, Docker Hub IPv6 network support was officially added.
The IPv6 address of the released test version is registry.ipv6.docker.com. If you are a pure IPv6 or dual-stack user, you can use the following command to log in.
docker login registry.ipv6.docker.com
Copy the codeYou can also use the following command to pull the mirror:
docker pull registry.ipv6.docker.com/library/debian:latest
Copy the codeThe default Docker Hub Registry addresses will also support IPv6 after IPv6 support stabilizes. The biggest challenge for Docker Inc. is the logic related to its traffic limiting, but it has been basically handled.
Progress in the upstream
-
Kubectl events: kubernetes/ Kubernetes: kubectl events: kubectl events: Kubectl events: Kubectl events: Kubectl Events: Kubectl Events
This command is added mainly because there are some restrictions on viewing events without modifying kubectl get. Therefore, it is more convenient to add kubectl events command to obtain the required information. In particular, event is a piece of information that you often need to look at in Kubernetes. Some typical problems of Kubectl get Events, such as sorting (although it can be solved by adding parameters), watch, and unable to view events according to the timeline, etc.
Of course, these problems can also be solved by referring to my previous article, a more elegant Kubernetes Cluster event measurement Solution.
The –for option, which can be filtered directly by object, will be introduced in the next version, V1.23.
-
· Kubernetes/Kubernetes as a replacement for the PSP (Pod Security Policy) that was deprecated in V1.21, Pod Security Admission Control implements a lot in this release. This PR adds annotations for pods that are exempt from Pod Security to explain how/why.
-
#104909 · Kubernetes /kubernetes fixed the logic when getting Pod QoS. The original logic only contained the parts of pod.spec. Containers and did not deal with the parts of InitContainer such as pod.spec.initcontainers, which are added in this modification.
-
Kubernetes/Kubernetes has added OS fields to the PodSpec based on KEP-2808, as well as some validation, mainly to distinguish between Windows nodes, etc.
Please feel free to subscribe to my official account [MoeLove]
