The content of "K8S Ecological Weekly" mainly contains some recommended weekly information about the K8S ecology that I came into contact with. Welcome to subscribe to the column "k8s ecology" .
Docker v20.10.10 released
This version is the first of 10 small version v20.10 Docker's, nothing too special common problems this version does not, but because Go 1.16 in net/http
package for $HTTP_PROXY
changes in behavior , so when you set up a proxy for Docker daemon when , Please make sure you have correctly set $HTTP_PROXY
and $HTTPS_PROXY
etc.
For other changes of this version, please refer to its ReleaseNote . As for Docker v21.x, it will not be released in a short period of time, but it does add some features worth mentioning, and I will share with you soon before the new version is released.
Helm v3.7 officially released
Helm v3.7 is a feature version, let's take a look at the changes worthy of attention.
Changes related to OCI Chart support
helm chart export
deletedhelm chart list
deletedhelm chart pull
replaced byhelm pull
helm chart push
is replacedhelm push
helm chart remove
deletedhelm chart save
replaced byhelm package
In addition, is an OCI chart created with an old version, it needs to be repackaged and uploaded with Helm v3.7 before it can be used.
Some new features
- Added
helm uninstall --wait
- Added
helm show crds
helm dependency list
added--max-col-width
to set the column widthhelm repo add
Add--password-stdin
to input password from stdinhelm repo update
can specify the repo name to update{{ .Chart.IsRoot }}
added to Helm template engine
For more information about the changes of this version, please refer to its ReleaseNote
Notary v2 alpha1 released
Notary v1, also known as Docker Content Trust (DCT), was mainly released for the Docker Hub at the time. A lot of changes have taken place since then, and some design choices around first use trust (TOFU), key management, and lack of content promotion within and across registries have become limiting factors for Docker Content Trust and Notary v1.
For those who do not know Notary, you can read the article "K8S Ecological Weekly | TUF Officially Graduated from CNCF" which I wrote two years ago. In this article, I introduced TUF and Notary. It will not be expanded here.
Notary v2 supports signing all artifacts (container images, software bill of materials, scan results) stored in the registry distributed based on OCI, and enhances the ORAS artifact specification. A key principle of Notary v2 is that it supports the promotion of signed artifacts within and across registries, including private network environments.
Its working process is shown in the figure below:
The most significant change in Notary v2 is the improvement in ease of use, including its release of a CLI tool notation
You can create certificates, signatures, verifications, etc.
(MoeLove) ➜ ~ notation
NAME:
notation - Notation - Notary V2
USAGE:
notation [global options] command [command options] [arguments...]
VERSION:
0.7.0-alpha.1
AUTHOR:
CNCF Notary Project
COMMANDS:
sign Signs artifacts
verify Verifies OCI Artifacts
push Push signature to remote
pull Pull signatures from remote
list, ls List signatures from remote
certificate, cert Manage certificates used for verification
key Manage keys used for signing
cache Manage signature cache
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help (default: false)
--version, -v print the version (default: false)
The most notable feature in this version is offline signature creation and support for OCI distribution specifications. Future versions will support certificate revocation, policy support and other capabilities. Interested friends can refer to its ReleaseNote
Docker Hub Registry announces support for IPv6
With the gradual popularity of IPv6, more and more users around the world are beginning to use IPv6 networks, but Docker Hub did not support IPv6 networks before. After listening to community feedback, officially joined the support for Docker Hub's IPv6 network.
The IPv6 address of the currently published test version is registry.ipv6.docker.com
. If you are a pure IPv6 or dual-stack user, you can use the following command to log in.
docker login registry.ipv6.docker.com
You can also use the following command to pull the image:
docker pull registry.ipv6.docker.com/library/debian:latest
After the subsequent support for IPv6 reaches stability, the default Docker Hub Registry address will also support IPv6. For Docker Inc., the bigger challenge for Docker Inc. is to deal with the logic related to its current and speed limits, but it has basically been handled.
Upstream progress
#99557 · kubernetes/kubernetes added an experimental
kubectl events
command. This PR contains only the most basic implementation, and subsequent versions will follow KEP #1440 .The main reason for adding this command is that
event
kubectl get
. Therefore, directly adding thekubectl events
command can make it more convenient to obtain the required information, especially event is an information that is often viewed in Kubernetes.kubectl get events
more typical of some problems, such as sorting (although it can be solved by adding parameters), watch, and the inability to view events in a timeline manner.Of course, these problems can also be solved by referring to my previous article "A More Elegant Kubernetes Cluster Event Measurement Scheme" .
Now it is mainly to increase the
--for
option, you can directly filter according to the object, and I will officially meet you in the next version v1.23.- #105908 · kubernetes/kubernetes is an alternative to the PSP (Pod Security Policy) that was deprecated in v1.21. Pod Security Admission Control implements a lot of content in this version. In this PR, annotations have been added for Pods that are exempt from Pod Security to explain how/why.
- #104909 · kubernetes/kubernetes amended the logic when obtaining Pod QoS. The original logic contains only a
pod.Spec.Containers
part, without processingpod.Spec.InitContainers
these parts InitContainer of this revision will they all add up. - #104693 · kubernetes/kubernetes
OS
field inPodSpec
according to KEP-2808, and some checks, mainly to distinguish whether it is a Windows node or not.
Welcome to subscribe to my article public account【MoeLove】
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用
。你还可以使用@
来通知其他用户。