Forked Communities: Whose Property Is It Anyway?

provided excellent observations

July 29, 2024 at 10:06AM

via Instapaper

CrowdStrike offers a $10 apology gift card to say sorry for outage | TechCrunch

Security 8:41 AM PDT • July 24, 2024 Image Credits: David L. Ryan/The Boston Globe / Getty Images CrowdStrike, the cybersecurity firm that crashed millions of…

July 24, 2024 at 01:50PM

via Instapaper

Home

Role Our role is to support projects under the Mission, and engage with our communities with a primary focus on commercial communities. Comprehensive Solutions…

July 24, 2024 at 09:36AM

via Instapaper

Foundation

The Foundation is a non-profit corporation that plays a key role in delivering the OpenSSL Mission. We work closely with our sister organisation the OpenSSL…

July 24, 2024 at 09:36AM

via Instapaper

Google’s $23 Billion Plan to Buy Cybersecurity Start-Up Wiz Falls Apart

Google’s $23 Billion Plan to Buy Cybersecurity Start-Up Wiz Falls Apart Wiz’s chief executive said the company walked away from a “humbling offer” and would…

July 24, 2024 at 09:33AM

via Instapaper

Google's Exclusive Reddit Access

Google is now the only search engine that can surface results from Reddit, making one of the web’s most valuable repositories of user generated content…

July 24, 2024 at 09:31AM

via Instapaper

Why Michigan’s overnight storms packed lightning 10x more powerful than normal

Last night, thunderstorms raced across Southern Michigan, producing heavy rain and prolific lightning as they did so. One thing in particular that was unique…

July 24, 2024 at 09:26AM

via Instapaper

Intent to End OCSP Service - Let's Encrypt

Today we are announcing our intent to end Online Certificate Status Protocol (OCSP) support in favor of Certificate Revocation Lists (CRLs) as soon as possible.…

July 24, 2024 at 09:22AM

via Instapaper

Switzerland now requires all government software to be open source

Bojanikus/Getty Images Several European countries are betting on open-source software. In the United States, eh, not so much. In the latest news from across the…

July 24, 2024 at 09:20AM

via Instapaper

Week Ending July 21, 2024

https://lwkd.info/2024/20240723

Developer News

CVE-2024-5321 allows unauthorized users on Windows to read container logs. Fixed in the latest patch releases.

You have one week to migrate the remaining jobs on the old cluster before they get deactivated. Notable bundles of unmigrated jobs belong to SIG-Storage (CSI driver tests), SIG-Cloud Provider (Azure), and the ClusterAPI subproject.

Test-Infra is eliminating last bits of Google-owned notification systems in favor of community-owned ones. This means you should use community Slack channels #testing-ops to raise issues with prow.k8s.i and CI infrastructure, and #sig-scalability for scale test issues. You can discuss CI failures not clearly related to issues with prow or the infra in #sig-testing and #release-ci-signal.

Release Schedule

Next Deadline: Code Freeze, July 24th

Code freeze is happening this week, at 02:00 UTC Wednesday 24th July 2024 / 19:00 PDT Tuesday 23rd July 2024. Out of the 54 enhancements tracked after enhancements freeze, we have 32 KEPs tracked for code freeze as of this writing. If your KEP missed the code freeze deadline, you can file an exception request.

Patch releases 1.27.16, 1.28.12, 1.29.7 and 1.30.3, which were delayed to incorporate the fix for CVE-2024-5321 and a golang update. Update as soon as you can, particularly if you run Windows.

Featured PRs

126165: PSA: allow container_engine_t selinux type

This PR updates the Pod Security Standards to include the container_engine_t SELinux type, starting with version 1.31. This type is designed for running container engines like Podman and Docker within a container. The change enables running nested containers while still securing activity using SELinux.

KEP of the Week

KEP 4033: Discover cgroup Driver from CRI

This KEP introduces the ability for the container runtime to instruct Kubelet on which cgroup driver to use. Currently, both the Kubelet and the container runtime have configuration settings for selecting the cgroup driver (cgroupfs or systemd). With this enhancement, synchronization between the Kubelet and runtime settings is ensured, eliminating the possibility of misaligned cgroup driver configurations and promoting a single source of truth for the cgroup driver.

This KEP is tracked for beta release in the upcoming v1.31.

Other Merges

queueing_hint_execution_duration_seconds and event_handling_duration_seconds metrics implemented to improve observability of scheduler throughput

Ingress.spec.defaultBackend is now considered an atomic struct for server-side-apply

Unit tests added to validate that kube-proxy handles bad IPs and CIDRs correctly

New stream_tunnel_requests_total metric added to PortForward tunneling through WebSockets

syscall.ENODEV is now treated as a corrupted mount

Fix for kube-apiserver crashing due to CEL validation issues for CRDs

Improvements to ValidatingAdmissionPolicy metrics to count and time all validations

Fix for storage-version-migrator-controller to prevent failing migrations when resources are deleted when migration is in progress

Documentation fix for default value of procMount entry in Pod SecurityContext

–emulated-version flag added to kube-controller-manager to set emulation version

kubelet/stats: set INFO log level for stats not found in cadvisor memory cache error to reduce noise

AuthorizeWithSelectors feature added to include field and label selector information from requests in webhook authorization calls

kubelet implementation of ImageVolumeSource added

Access to swap for containers in high priority Pods restricted

DRA: kubelet made independent of the resource.k8s.io API version

kube-scheduler implements scheduling hints for the VolumeBinding plugin

Promotions

ValidatingAdmissionPolicy metrics to beta

JobSuccessPolicy to beta

StatefulSetStartOrdinal to GA

Deprecated

Deprecated context.StopCh cleaned up

CustomResourceValidationExpressions feature gate removed

Version Updates

knftables to v0.0.17

Subprojects and Dependency Updates

etcd to v3.5.15 support multiple values for allowed client and peer TLS identities

csi-driver-smb v1.15.0 make image.*.repository variables relative by default

containerd v1.7.20 support for dropping inheritable capabilities; also v1.6.34

kops v1.28.7 support definition of kube-controller-manager

kustomize v5.4.3 kustomize localize subcommand verifies the success of kustomize build when executed

kubespray v2.24.2 possibility to modify Service type with “ingress_nginx_service_type” property in addons

grpc v1.65.1 add signal handler to python interop client

via Last Week in Kubernetes Development https://lwkd.info/

July 23, 2024 at 07:00PM

awslabs/open-data-registry: A registry of publicly available datasets on AWS

Registry of Open Data on AWS A repository of publicly available datasets that are available for access from AWS resources. Note that datasets in this registry…

July 23, 2024 at 02:48PM

via Instapaper

7 Urgent Lessons From the CrowdStrike Disaster

Sitting here on my Linux desktop, with my Linux servers humming away in the background, the CrowdStrike crash didn’t affect me directly. Like pretty much…

July 23, 2024 at 01:02PM

via Instapaper