Week Ending January 19, 2025

https://lwkd.info/2025/20250123

Developer News

CVE-2024-9042 is a security vulnerability on Windows nodes that could let some users issue arbitrary commands via the /logs endpoint. Patched in the latest update; all Windows users should update immediately.

Reminder to SIG and WG Chairs: Annual Reports are due soon. This year’s AR is really short, so don’t procrastinate on it, just do it.

Start using Feature, not NodeFeature for SIG-Node test labels.

Release Schedule

Next Deadline: Production Readiness Freeze, February 6

We’re still in Enhancements development, and Nina has shared the first release newsletter with final dates for all release milestones. This includes:

Enhancements Freeze: Friday, February 14th at 02:00 UTC

Code and Test Freeze: Friday, March 20th at 02:00 UTC

Release Day: Wednesday 23rd April 2025

On the 15th the project released patch updates 1.29.13, 1.30.9, 1.31.5. This update mainly patches the Windows security hole (above).

Featured PRs

129661: DRA CEL: Add Missing Size Estimator

This PR addresses a bug in the cost estimation of CEL expressions used in Device Resource Allocation (DRA). Previously, attribute strings were treated as “unknown size”, leading to overly high cost estimates and validation errors for even basic expressions. The PR implements a proper size estimator, ensuring accurate cost calculations by accounting for string lengths, map element limits, and avoiding misdefined pre-defined types like apiservercel.StringType. This fix improves validation consistency and aligns with stored expression assumptions, ensuring compatibility across version upgrades.

Other Merges

Credential provider config to validate duplicate names early and preserve provider order

kubeadm improved the kubeadm reset message for manual cleanups

Portworx plugin’s CSI translation fixed to copy secret name & namespace

e2e test added for HonorPVReclaimPolicy

Documentation added for EvictionPressureTransitionPeriod silently defaulting 0s to 5m

JSONPatch unit tests added to the admission CEL type resolver for mutation

Unit test helpers added to validate CEL and patterns in CustomResourceDefinitions

util.NewIOHandler() replaced with fakeIOHandler to make unit tests pass on different host envs

e2e tests added for SElinuxChangePolicy

Documentation updated for EnvFromSource.Prefix to mention that it works for both ConfigMap and Secret

Dependency on k8s.io/util/nsenter removed since kubelet –containerized flag is deprecated

Promotions

CSIMigrationPortworx to GA

Deprecated

KubeProxyDrainingTerminatingNodes feature gate removed after GA graduation

via Last Week in Kubernetes Development https://lwkd.info/

January 23, 2025 at 04:00PM

Internal Developer Platforms Intro (You Choose! Ch. 5, Ep. 0)

Chapter 5 of "Choose Your Own Adventure" is about to begin! In this one, we'll explore tools among CNCF projects that can be used to assemble an Internal Developer Platform (IDP).

More information about the "Choose Your Own Adventure" project including the source code and links to all the videos can be found at https://github.com/vfarcic/cncf-demo.

This and all other episodes are available at https://www.youtube.com/playlist?list=PLyicRj904Z9-FzCPvGpVHgRQVYJpVmx3Z.

internaldeveloperplatform #CNCF #cloud

٩( ᐛ )و Whitney's YouTube Channel → https://www.youtube.com/@wiggitywhitney

Consider joining the channel: https://www.youtube.com/c/devopstoolkit/join

▬▬▬▬▬▬ 💰 Sponsoships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please use https://calendar.app.google/Q9eaDUHN8ibWBaA7A to book a timeslot that suits you, and we'll go over the details. Or feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ Twitter: https://twitter.com/vfarcic ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

via YouTube https://www.youtube.com/watch?v=j2edgNGdM1o

Ep08 - Ask Me Anything About DevOps, Cloud, Kubernetes, Platform Engineering,... w/Scott Rosenberg

There are no restrictions in this AMA session. You can ask anything about DevOps, Cloud, Kubernetes, Platform Engineering, containers, or anything else. We'll have a special guest Scott Rosenberg to help us out.

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ BlueSky: https://vfarcic.bsky.social ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

via YouTube https://www.youtube.com/watch?v=ziJLYvmS1MA

Topology-aware routing: balancing cost savings and reliability, with William Morgan

https://ku.bz/CBwn51pl-

In this episode, William Morgan, CEO of Buoyant, explores the complex trade-offs between cost optimization and reliability in Kubernetes networking. The discussion focuses on Topology-aware routing and why its implementation might not be the silver bullet for managing cross-zone traffic costs.

William shares practical insights from real-world implementations and explains why understanding these trade-offs is crucial for platform teams managing multi-zone Kubernetes clusters.

You will learn:

How Topology-aware routing attempts to reduce cross-zone traffic costs but can compromise reliability by limiting inter-zone communication

Why Layer 7 load balancing offers better traffic management through protocol awareness compared to topology-aware routing's Layer 4 approach

How HAZL (High Availability Zonal Load Balancing) provides a more nuanced solution by balancing cost savings with reliability guarantees through intelligent traffic routing

Sponsor

This episode is sponsored by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training.

More info

Find all the links and info for this episode here: https://ku.bz/CBwn51pl-

Interested in sponsoring an episode? Learn more.

via KubeFM https://kube.fm

January 21, 2025 at 05:00AM