The content of "K8S Ecological Weekly" mainly contains some recommended weekly information about the K8S ecology that I came into contact with. Welcome to subscribe to the column "k8s ecology" .

Docker v20.10.10 released

This version is the first of 10 small version v20.10 Docker's, nothing too special common problems this version does not, but because Go 1.16 in net/http package for $HTTP_PROXY changes in behavior , so when you set up a proxy for Docker daemon when , Please make sure you have correctly set $HTTP_PROXY and $HTTPS_PROXY etc.

For other changes of this version, please refer to its ReleaseNote . As for Docker v21.x, it will not be released in a short period of time, but it does add some features worth mentioning, and I will share with you soon before the new version is released.

Helm v3.7 officially released

Helm v3.7 is a feature version, let's take a look at the changes worthy of attention.

Changes related to OCI Chart support

  • helm chart export deleted
  • helm chart list deleted
  • helm chart pull replaced by helm pull
  • helm chart push is replaced helm push
  • helm chart remove deleted
  • helm chart save replaced by helm package

In addition, is an OCI chart created with an old version, it needs to be repackaged and uploaded with Helm v3.7 before it can be used.

Some new features

  • Added helm uninstall --wait
  • Added helm show crds
  • helm dependency list added --max-col-width to set the column width
  • helm repo add Add --password-stdin to input password from stdin
  • helm repo update can specify the repo name to update
  • {{ .Chart.IsRoot }} added to Helm template engine

For more information about the changes of this version, please refer to its ReleaseNote

Notary v2 alpha1 released

Notary v1, also known as Docker Content Trust (DCT), was mainly released for the Docker Hub at the time. A lot of changes have taken place since then, and some design choices around first use trust (TOFU), key management, and lack of content promotion within and across registries have become limiting factors for Docker Content Trust and Notary v1.

For those who do not know Notary, you can read the article "K8S Ecological Weekly | TUF Officially Graduated from CNCF" which I wrote two years ago. In this article, I introduced TUF and Notary. It will not be expanded here.

Notary v2 supports signing all artifacts (container images, software bill of materials, scan results) stored in the registry distributed based on OCI, and enhances the ORAS artifact specification. A key principle of Notary v2 is that it supports the promotion of signed artifacts within and across registries, including private network environments.

Its working process is shown in the figure below:

Notary v2

The most significant change in Notary v2 is the improvement in ease of use, including its release of a CLI tool notation You can create certificates, signatures, verifications, etc.

(MoeLove) ➜  ~ notation
NAME:
   notation - Notation - Notary V2

USAGE:
   notation [global options] command [command options] [arguments...]

VERSION:
   0.7.0-alpha.1

AUTHOR:
   CNCF Notary Project

COMMANDS:
   sign               Signs artifacts
   verify             Verifies OCI Artifacts
   push               Push signature to remote
   pull               Pull signatures from remote
   list, ls           List signatures from remote
   certificate, cert  Manage certificates used for verification
   key                Manage keys used for signing
   cache              Manage signature cache
   help, h            Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h     show help (default: false)
   --version, -v  print the version (default: false)

The most notable feature in this version is offline signature creation and support for OCI distribution specifications. Future versions will support certificate revocation, policy support and other capabilities. Interested friends can refer to its ReleaseNote

Docker Hub Registry announces support for IPv6

With the gradual popularity of IPv6, more and more users around the world are beginning to use IPv6 networks, but Docker Hub did not support IPv6 networks before. After listening to community feedback, officially joined the support for Docker Hub's IPv6 network.

Google IPv6 statistic

The IPv6 address of the currently published test version is registry.ipv6.docker.com . If you are a pure IPv6 or dual-stack user, you can use the following command to log in.

docker login registry.ipv6.docker.com

You can also use the following command to pull the image:

docker pull registry.ipv6.docker.com/library/debian:latest

After the subsequent support for IPv6 reaches stability, the default Docker Hub Registry address will also support IPv6. For Docker Inc., the bigger challenge for Docker Inc. is to deal with the logic related to its current and speed limits, but it has basically been handled.

Upstream progress

  • #99557 · kubernetes/kubernetes added an experimental kubectl events command. This PR contains only the most basic implementation, and subsequent versions will follow KEP #1440 .

    The main reason for adding this command is that event kubectl get . Therefore, directly adding the kubectl events command can make it more convenient to obtain the required information, especially event is an information that is often viewed in Kubernetes. kubectl get events more typical of some problems, such as sorting (although it can be solved by adding parameters), watch, and the inability to view events in a timeline manner.

    Of course, these problems can also be solved by referring to my previous article "A More Elegant Kubernetes Cluster Event Measurement Scheme" .

    Now it is mainly to increase the --for option, you can directly filter according to the object, and I will officially meet you in the next version v1.23.

  • #105908 · kubernetes/kubernetes is an alternative to the PSP (Pod Security Policy) that was deprecated in v1.21. Pod Security Admission Control implements a lot of content in this version. In this PR, annotations have been added for Pods that are exempt from Pod Security to explain how/why.
  • #104909 · kubernetes/kubernetes amended the logic when obtaining Pod QoS. The original logic contains only a pod.Spec.Containers part, without processing pod.Spec.InitContainers these parts InitContainer of this revision will they all add up.
  • #104693 · kubernetes/kubernetes OS field in PodSpec according to KEP-2808, and some checks, mainly to distinguish whether it is a Windows node or not.

Welcome to subscribe to my article public account【MoeLove】

TheMoeLove


张晋涛
1.7k 声望19.7k 粉丝