Intent to End OCSP Service - Let's Encrypt

Today we are announcing our intent to end Online Certificate Status Protocol (OCSP) support in favor of Certificate Revocation Lists (CRLs) as soon as possible.…

July 24, 2024 at 09:22AM

via Instapaper

Switzerland now requires all government software to be open source

Bojanikus/Getty Images Several European countries are betting on open-source software. In the United States, eh, not so much. In the latest news from across the…

July 24, 2024 at 09:20AM

via Instapaper

'It’s phenomenal': Massive Detroit Lions corn maze created on Webberville farm

WEBBERVILLE, Mich. (WXYZ) — The Detroit Lions hype this season is going to be unreal. In fact, it's already started with a massive corn maze in Webberville. Loretta Benjamin is the co-owner of Choice Farm Market, where the maze has been created.

Tags:

via Pocket https://www.wxyz.com/news/its-phenomenal-massive-detroit-lions-corn-maze-created-on-webberville-farm

July 24, 2024 at 07:09AM

Week Ending July 21, 2024

https://lwkd.info/2024/20240723

Developer News

CVE-2024-5321 allows unauthorized users on Windows to read container logs. Fixed in the latest patch releases.

You have one week to migrate the remaining jobs on the old cluster before they get deactivated. Notable bundles of unmigrated jobs belong to SIG-Storage (CSI driver tests), SIG-Cloud Provider (Azure), and the ClusterAPI subproject.

Test-Infra is eliminating last bits of Google-owned notification systems in favor of community-owned ones. This means you should use community Slack channels #testing-ops to raise issues with prow.k8s.i and CI infrastructure, and #sig-scalability for scale test issues. You can discuss CI failures not clearly related to issues with prow or the infra in #sig-testing and #release-ci-signal.

Release Schedule

Next Deadline: Code Freeze, July 24th

Code freeze is happening this week, at 02:00 UTC Wednesday 24th July 2024 / 19:00 PDT Tuesday 23rd July 2024. Out of the 54 enhancements tracked after enhancements freeze, we have 32 KEPs tracked for code freeze as of this writing. If your KEP missed the code freeze deadline, you can file an exception request.

Patch releases 1.27.16, 1.28.12, 1.29.7 and 1.30.3, which were delayed to incorporate the fix for CVE-2024-5321 and a golang update. Update as soon as you can, particularly if you run Windows.

Featured PRs

126165: PSA: allow container_engine_t selinux type

This PR updates the Pod Security Standards to include the container_engine_t SELinux type, starting with version 1.31. This type is designed for running container engines like Podman and Docker within a container. The change enables running nested containers while still securing activity using SELinux.

KEP of the Week

KEP 4033: Discover cgroup Driver from CRI

This KEP introduces the ability for the container runtime to instruct Kubelet on which cgroup driver to use. Currently, both the Kubelet and the container runtime have configuration settings for selecting the cgroup driver (cgroupfs or systemd). With this enhancement, synchronization between the Kubelet and runtime settings is ensured, eliminating the possibility of misaligned cgroup driver configurations and promoting a single source of truth for the cgroup driver.

This KEP is tracked for beta release in the upcoming v1.31.

Other Merges

queueing_hint_execution_duration_seconds and event_handling_duration_seconds metrics implemented to improve observability of scheduler throughput

Ingress.spec.defaultBackend is now considered an atomic struct for server-side-apply

Unit tests added to validate that kube-proxy handles bad IPs and CIDRs correctly

New stream_tunnel_requests_total metric added to PortForward tunneling through WebSockets

syscall.ENODEV is now treated as a corrupted mount

Fix for kube-apiserver crashing due to CEL validation issues for CRDs

Improvements to ValidatingAdmissionPolicy metrics to count and time all validations

Fix for storage-version-migrator-controller to prevent failing migrations when resources are deleted when migration is in progress

Documentation fix for default value of procMount entry in Pod SecurityContext

–emulated-version flag added to kube-controller-manager to set emulation version

kubelet/stats: set INFO log level for stats not found in cadvisor memory cache error to reduce noise

AuthorizeWithSelectors feature added to include field and label selector information from requests in webhook authorization calls

kubelet implementation of ImageVolumeSource added

Access to swap for containers in high priority Pods restricted

DRA: kubelet made independent of the resource.k8s.io API version

kube-scheduler implements scheduling hints for the VolumeBinding plugin

Promotions

ValidatingAdmissionPolicy metrics to beta

JobSuccessPolicy to beta

StatefulSetStartOrdinal to GA

Deprecated

Deprecated context.StopCh cleaned up

CustomResourceValidationExpressions feature gate removed

Version Updates

knftables to v0.0.17

Subprojects and Dependency Updates

etcd to v3.5.15 support multiple values for allowed client and peer TLS identities

csi-driver-smb v1.15.0 make image.*.repository variables relative by default

containerd v1.7.20 support for dropping inheritable capabilities; also v1.6.34

kops v1.28.7 support definition of kube-controller-manager

kustomize v5.4.3 kustomize localize subcommand verifies the success of kustomize build when executed

kubespray v2.24.2 possibility to modify Service type with “ingress_nginx_service_type” property in addons

grpc v1.65.1 add signal handler to python interop client

via Last Week in Kubernetes Development https://lwkd.info/

July 23, 2024 at 07:00PM

awslabs/open-data-registry: A registry of publicly available datasets on AWS

Registry of Open Data on AWS A repository of publicly available datasets that are available for access from AWS resources. Note that datasets in this registry…

July 23, 2024 at 02:48PM

via Instapaper

7 Urgent Lessons From the CrowdStrike Disaster

Sitting here on my Linux desktop, with my Linux servers humming away in the background, the CrowdStrike crash didn’t affect me directly. Like pretty much…

July 23, 2024 at 01:02PM

via Instapaper

The workers have spoken: They're staying home.

I used to work out of a Manhattan office, but I lived in New Carrollton, Maryland. How did I do it? I took Amtrak to work on Monday and returned home on Friday. I’d joke that I walked to work — first to my local train station and then from Penn Station to the office.

Tags:

via Pocket https://www.computerworld.com/article/2520794/the-workers-have-spoken-theyre-staying-home.html

July 23, 2024 at 12:55PM

Data Deception: OSI's Open Source AI Fallacy

https://chrisshort.net/data-deception-osis-open-source-ai-fallacy/

The OSI's draft Open Source AI Definition could harm open source by allowing non-reproducible data, enabling openwashing and threatening transparency.

via ChrisShort.net https://chrisshort.net/

July 23, 2024 at 03:00AM