“K8S Ecology Weekly” mainly contains some recommended weekly information related to K8S ecology that I have come into contact with. Welcome to subscribe zhihu column “K8S Ecology”.
Kubernetes Ingress – Nginx V1.1.2
Just today, the Kubernetes Ingress-Nginx project released v1.1.2. I’m the Release Manager for this release.
It’s been nearly two months since the last release, so let’s take a look at some notable changes in this release.
In #8221, we have made some adjustments to the ingress-Nginx Admission Controller logic, mainly for use since v1.0. If multiple Ingress-nginx resources are running in the Kubernetes cluster at the same time, there may be a problem that each Ingress-nginx Admission will check when creating the ingress resource. The biggest impact of this problem is that if the Ingress is created with the same configuration, it will be rejected.
In #8253, we added an SSL_CERTIFicate_info metric for ingress-nginx that directly exposes information about the currently loaded certificate. The biggest benefit of this feature is to avoid the problem of Ingress Controller Pod loading an old certificate and causing the client to fail to connect.
In addition # 8256 is for the sake of correction in nginx. Ingress. Kubernetes. IO/auth – invalid url passed in the url, suggest to upgrade.
There are also some minor bugfixes and optimizations, see ReleaseNote for more details.
The other interesting thing about this release was that it took a week from the time I started the process to the time I finished it, and it was done asynchronously by several people. This is quite different from the usual, where we might make an appointment at a certain time and do it online at the same time. For various reasons this time, I am also busy, so maybe I will keep this mode in the future (more friendly to multi-time area cooperation).
Istio 1.13.1 release
In the previous K8S ecological weekly | Istio upcoming major security updates, multiple versions affected “, I have introduced Istio v1.13 main functions, as well as Istio will repair a major security breach in v1.13.1 CVE – 2022-23635.
Versions containing this vulnerability patch have now been released, including V1.11.7, V1.12.3, and v1.13.1. This vulnerability mainly affects Istio that run in multiple clusters or Istio that are exposed on the public network. An attacker can send a specific request by accessing an unauthenticated interface, causing isTIod denial of service.
Please refer to Istio/ISTIO-Security-2022-003 for more details
Knative into CNCF
Last week, THE CNCF Technology Oversight Committee (TOC) voted to accept Knative as a CNCF incubator project.
This happened back in November 2021, when both Google1 and Knative2 projects published articles that they had applied to become CNCF incubation projects.
Now it has successfully become the INCUBATOR project of CNCF, which is very good for Knative, CNCF and the community.
As I mentioned in my previous post, Knative was originally created and open-source by Google in 2018 and later developed in partnership with IBM, Red Hat, VMware, and others.
Today Knative is arguably the most widely installed Serverless project in the cloud native space (data from CNCF reports), and it has reached v1.0. In addition, Google also launched Knative based Cloud Run and Cloud Run For Anthos and other products, which played a great role in the popularity of Knative.
In the future, Knative will cultivate its community under CNCF and move to a fully open governance model under the Foundation, which is likely to become the de facto standard in the open source Serverless space in the cloud native era.
Please refer to Knative Accepted as a CNCF Incubating project for more information
Progress in the upstream
- # 107638 kubernetes/kubernetesUpdated the
k8s.io/utilsThe kubelet inotify dependency is mainly to solve the problem of inotify leakage in KubeletKubelet uses 120GB memory after 20,000 jobs created and retains 80GB memory after jobs completed and deleted · Issue # 100241 kubernetes/kubernetes
other
- Containerd released V1.6.1 to fix CVE-2022-23648;
- Rook has released V1.8.6, which supports OSD raw mode for Ceph V16.2.7 and newer versions.
Please feel free to subscribe to my official account [MoeLove]
