K8S Ecological Weekly | Knative enters CNCF incubation, K8S ingress-nginx solves multi-instance problem

The content of "K8S Ecological Weekly" mainly includes some recommended weekly information related to the K8S ecology that I have come into contact with. Welcome to subscribe to know the column "k8s ecology" .

Kubernetes ingress-nginx v1.1.2 released

Just today the Kubernetes ingress-nginx project released the v1.1.2 version.
I am the release manager for this version.

It's been nearly two months since the last release, and we're going to take a look at some of the notable changes in this release.

In #8221 , we made some adjustments to the logic of the Admission controller of ingress-nginx,
It can be used to correct the problem that the Admission of each ingress-nginx may be checked when creating an Ingress resource if multiple ingress-nginx are running in the cluster since the v1.0 version of 16225591fb4316.
The biggest impact of this problem is that if the created Ingress configuration is the same, it will be rejected directly.

In #8253 , a metric of ssl_certificate_info is added to ingress-nginx, which directly exposes the information of the currently loaded certificate.
The biggest advantage of this function is that it can avoid the problem that the Ingress controller Pod loads the old certificate, which leads to the failure of the client connection.

Also #8256 is to fix the problem of passing invalid URL in nginx.ingress.kubernetes.io/auth-url ,
recommends upgrading .

There are also some minor bugfixes and optimizations, please refer to ReleaseNote for more details.

There are some more interesting things in this release process,
In terms of the timeline, this release process lasted for a week, from when I started the release process to the final release, and was completed asynchronously and collaboratively by several people.
This is quite different from usual. Usually, we may make an appointment at a certain time and complete it together online at the same time. This time, for various reasons, it was quite busy.
This pattern may be maintained in the future (more friendly to collaboration in multiple time zones).

Istio 1.13.1 released

In the previous "K8S Ecological Weekly | Istio is about to release major security updates, multiple versions are affected" , I introduced the main functions of Istio v1.13,
And Istio will fix a major security vulnerability CVE-2022-23635 16225591fb4440 in .

Versions containing the patch for this vulnerability have now been released, including v1.11.7, v1.12.3, and v1.13.1.
This vulnerability mainly affects Istio running in multiple clusters, or Istio exposed to the public network environment.
An attacker can send specific requests by accessing an unauthenticated interface, thereby causing istiod denial of service.

For more details, please refer to Istio / ISTIO-SECURITY-2022-003

Knative enters CNCF

Last week, the CNCF Technical Oversight Committee (TOC) voted to accept Knative as a CNCF incubation project.

This happened as early as November 2021, when both Google[1] and Knative[2] projects published articles indicating that they had applied to become CNCF's incubation projects.

Now it has finally become an incubation project of CNCF, which is very good for Knative, CNCF and the community.

As mentioned in my previous article, Knative was first founded and open sourced by Google in 2018, and then cooperated with IBM, Red Hat, VMware and other companies
development.

Today Knative is almost arguably the most widely installed serverless project in the cloud native field (data from CNCF report), and it has also reached version v1.0.
In addition, Google also launched products such as Knative-based Cloud Run and Cloud Run For Anthos, which have played a great role in the popularity of Knative.

In the future, Knative will nurture its community under CNCF and turn to a fully open governance model under the foundation,
It is very likely that it will be the de facto standard in the open source serverless field in the cloud native era.

For announcement details, please refer to: Knative accepted as a CNCF incubating project

Upstream progress

• #107638 · kubernetes/kubernetes updated the dependency of k8s.io/utils , mainly to solve the problem of inotify leak in . Issue #100241 · kubernetes/kubernetes

other

• containerd released v1.6.1 mainly to fix CVE-2022-23648 ;
• rook released v1.8.6 to support OSD's raw mode for Ceph v16.2.7 and newer;

Welcome to subscribe my article public account [MoeLove]