K8S Ecological Weekly | Helm new version released, solves the problem of memory leaks

The content of "K8S Ecological Weekly" mainly contains some recommended weekly information about the K8S ecology that I came into contact with. Welcome to subscribe to the column "k8s ecology" .

Trivy v0.22.0 is officially released

Trivy is a lightweight vulnerability scanning tool that supports container images, file systems, IaC configuration files, etc. I have already introduced it many times in my previous "K8s Ecological Weekly" article, so I won't expand it here. Let's take a look at the noteworthy changes in this version.

• Added a --offline-scan options in for pom.xml and JAR when scanning documents, you can specify --skip-update and --offline-scan parameters to avoid Trivy vulnerabilities to initiate a request to update the library. It will be more useful in offline environments or scenarios where the network is not good;
• optimizes the use of memory . In the logic of the previous version, if large files are also read directly, it may cause OOM. The problem was corrected this time, and a certain cache was added. If you are using Trivy, I suggest you update;
• When scanning the rpm package again, supports the NDB format . Friends who are interested in this format can check the release instructions of the rpm project.

You can go directly to its Release page to download the latest binary, or you can directly use its container image.

(MoeLove) ➜ docker pull aquasec/trivy:0.22.0

For other changes in this version, refer to its ReleaseNote

Helm v3.7.2 released

The latest major version of Helm is v3.7.0, but if you pay attention to the actual changes in this project, you will find that even the major version updates do not carry particularly valuable content. On the contrary, this minor version also brings some noteworthy content:

• fixed a memory leak problem Helm upgrade 161cc1c977b52e, interested friends can go and https://github.com/helm/helm/issues/10439

As for the changes in the previous version, interested friends can take a look at its ReleaseNote

Rook releases v1.8 version

Rook is an open source component dedicated to storage orchestration on the Kubernetes platform. It is currently a CNCF graduated project. I have always introduced it in the previous "K8s Ecological Weekly", and I will not expand it here. If you are interested, you can read the historical articles. Now let's take a look at what's worth paying attention to in its new version.

The first is some Breaking Change:

• Rook is compatible with Kubernetes v1.16 or higher version . This is mainly due to its implementation using CRD, and Kubernetes has removed the old API in the v1.22 version, so Rook has also upgraded the API version it uses to v1. When entering the rook upgrade operation, if the current Kubernetes version is lower, it is recommended to upgrade the Kubernetes cluster first and then upgrade Rook.
• In v1.8, the support for Ceph Nautilus version has been removed. If you have a cluster of Ceph Nautilus version deployed through Rook before, it is recommended to upgrade to Octopus or Pacific version first to ensure that Rook can handle its version normally.
• Now that the CSI interface is completely used for storage management, the Flex driver supported by Rook has been completely abandoned. If you want to migrate, you can refer to https://rook.github.io/docs/rook/v1.7 /flex-to-csi-migration.html

In addition, it also brings many new features:

• Support Kubernetes authentication when using HashiCorp Vault;
• In order to provide better security, the current Rook operator and toolbox container are running under the rook user instead of the original root user;
• s5cmd tool is installed by default in the Rook mirror. This is a tool that can provide fast S3 operations. You can find it https://github.com/peak/s5cmd s5cmd provided by default can facilitate us to quickly verify the function of the S3 gateway in the toolbox;
• Rook currently adds a ceph.rook.io/disaster-protection finalizer that can be used to prevent important resources from being accidentally deleted. If you want to delete these important resources, you need the following steps:

kubectl -n rook-ceph patch configmap rook-ceph-mon-endpoints --type merge -p '{"metadata":{"finalizers": [null]}}'
kubectl -n rook-ceph patch secrets rook-ceph-mon --type merge -p '{"metadata":{"finalizers": [null]}}'

The above is about the noteworthy content of Rook v1.8. If you are interested in other changes, you can check its ReleaseNote

Upstream progress

• Completely remove in-tree dockershim from kubelet by dims · #97252 This PR completely removed in-tree dockershim from kubelet. For this content, please refer to my previous article;
• the Introduce new new Prune the Parameter INTO diff by the Command ardaguclu · # 105164 the PR for kubectl diff added a --prune parameters that act like kubectl apply --prune , will clean out some managedFields and other content, and more easily observed real change;
• the Enable Setting ProxyUrl in kubeconfig by ardaguclu · Via kubectl config # 105566 can kubectl config set proxy-url , that would be more convenient to deploy cluster after the agent;

Digression

On the whole, there have been no major changes in the past two weeks. On the one hand, since the end of the year has already been reached, most of the overseas contributors in the community have basically taken vacations. On the other hand, since basically this year's goal has been completed, the focus of the next iteration will be after the year.

I will publish an article in the near future. Based on the content of the K8s ecology in 2021 and some overall technological trends, I will summarize the K8s ecology in 2021 and predict the development of the K8s ecology in 2022. Stay tuned!

Welcome to subscribe to my article public account【MoeLove】