1_r/devopsish

Workload Identity - Feat. SPIFFE, SPIRE, and Athenz (You Choose!, Ch. 3, Ep. 7)

Generating Workload Identity - Choose Your Own Adventure: The Treacherous Trek to Security In this episode, we'll figure out ...

via YouTube https://www.youtube.com/watch?v=gYq591U8Dac

Week Ending February 11, 2024

http://lwkd.info/2024/20240211

Developer News

The Contributor Summit is looking for volunteers and a few more pre-planned sessions; remember that KCS sessions need to target contributors.

Need a technical summer intern? We can still accept project proposals for the CNCF Google Summer of Code application if you get them in soon.

Release Schedule

Next Deadline: Docs Deadline for placeholder PRs, February 22nd

We are in Enhancements Freeze now, and currently have 84 opted-in, 56 tracked, and 28 removed features. If your feature missed the deadline, you need to file an Exception.

Patch releases, including a Go update, are due out this week for Valentine’s Day! This is likely to be the last patch release for Kubernetes 1.26. Tell your partner you love them by updating all their clusters.

Roses are red Violets are blue Golang’s outdated 1.26 is EOL too

KEP of the Week

KEP-3962: Mutating Admission Policies

This KEP introduces mutating admission policies, declared using CEL expressions, improving on mutating admission webhooks. It leverages the power of CEL object construction and Server Side Apply’s merge algorithms to allow in-process mutations.

Mutations are specified within a MutatingAdmissionPolicy resource, referencing parameter resources for configuration. Reinvocation will support it as well. Metrics and safety checks are being developed to ensure idempotence and deterministic final states. While limitations exist (e.g., no deletion), this feature offers a declarative and efficient way to perform common mutations, reducing complexity and improving performance.

This KEP was created in 2023, and is planned to reach its alpha milestone in v1.30 release.

Other Merges

ValidatingAdmissionPolicy supports variables in type checks

kubectl explain shows enum values if available

Wildcard events will get requeued

kubeadm: finalize phase uses auth context

Priority and Fairness allows ConcurrencyShares to be zero

Add porto support for vanity imports of the Kubernetes code

Promotions

CloudDualStackNodeIPs is GA

Deprecated

SecurityContextDeny admission plugin is removed; use PodSecurity instead

Version Updates

go to 1.21.7 in 1.26 through 1.29, and to 1.22 in 1.30

debian-base for images to bookworm 1.0.1

etcd to 3.5.12

Subprojects and Dependency Updates

kubespray to v2.22.2 Make kubernetes 1.26.13 the default version

via Last Week in Kubernetes Development http://lwkd.info/

February 11, 2024 at 05:00PM