Week Ending April 24, 2022
Our contributors have spent a lot of time discussing improving general Kubernetes stability and reliability lately. Project leaders are implementing several changes in how new enhancements will be handled:
Also, the triage-bot will stop closing high Priority, accepted bugs that become stale, so that we don't lose track of them.
The Contributor Summit has a rough schedule now. This will include a Steering Committee AMA, three hours of Unconference sessions, a full day Documentation Sprint, and several SIG/team meetings (sign up here). The Contributor Social that evening will include board games (bring yours!) and a Kubernetes trivia contest. Register now. Masks and COVID immunization will be required.
Next Deadline: Release, May 3rd
1.24 RC 1 is available for your testing pleasure.
We are currently in Test Freeze and Code Freeze as the Release Team works with all contributors to get 1.24 stabilized for final release after the incorporation of golang 1.18.1. If you get a reminder from the team to look at/fix something, please respond ASAP as any delay can result in a release delay.
On TestGrid, the following blocking test jobs continue to be flaky: gce-cos-k8sbeta-default, gce-cos-k8s-beta-ingress, gce-cos-k8sbeta-reboot, kind-1.24-parallel, kind-ipv6-1.24-parallel, and ci-kubernetes-unit-1.24. Flaky jobs mean that we can't easily tell whether something is broken or not, so won't you pick a test job and dive in? See the CI Project Board for ongoing work.
Ingress-nginx released v1.2.0 this week, fixing two security issues: CVE-2021-25745 and CVE-2021-25746. Both are variants on using a malicious Ingress object to exfiltrate sensitive data from inside the Ingress Controller Pod, such as the Service Account credentials. This PR introduces both a fix for the two specific issues as well as a general framework for improved object validation within ingress-nginx. If upgrading isn't an option, you can also use the
annotation-value-word-blocklist configuration option to block the malicious Ingresses. If you permit low-privilege users to create arbitrary Ingresses, you should patch or mitigate these vulnerabilities as soon as possible.