The content of "K8S Ecological Weekly" mainly includes some recommended weekly information related to the K8S ecology that I have come into contact with. Welcome to subscribe to know the column "k8s ecology" .
KIND v0.12.0 released
KIND (Kubernetes In Docker) is an open source project that I like and have been participating in.
It has been introduced many times in my previous articles, you can refer to []()
I use it almost every day, it's very convenient.
It has been nearly ten months since the last major version, v0.11, let's take a look at the features that are worth noting in this new version:
Currently, the default Kubernetes version used by v0.12.0 is v1.23.4. If KIND is upgraded, the latest image will be pulled again, and the image will be hosted on Docker Hub.
It may be time-consuming, and it is recommended to ensure a smooth network.
Support for multiple architectures has been specifically optimized in v0.12.0, and all released images include amd64 and arm64 support by default.
The related components have also been upgraded in the mirror:
- containerd v1.5.10
- crictl 1.23.0
- CNI plugin v1.1.0
Also, fixed support in Docker + cgroup2 + rootless environment, and support in WSL2 environment. Recommend everyone to upgrade.
For more details please refer to its ReleaseNote
Docker v20.10.13 released
Docker released version v20.10.13 this week, yes, you read that right, the current version is still patching v20.10.
In fact, the latest code in the current Docker repository has many more features than v20.10, but it has not yet reached the goal of releasing a new major version, so no new major version has been released.
This version mainly includes some bugfix and packaging related changes. These include:
- Upgraded buildx to v0.8.0 version.
- #43165 Fixed the problem that OOM may occur if a large number of logs are generated quickly when using the
locallog driver. If you have a friend who is using thelocal, it is recommended to upgrade to . - #43147 Fixed the use of the fluentd log driver with
fluentd-async-connect=true, and the docker daemon may crash when the remote service is unavailable. - #43333 When image-manifests encounter a network connection failure, retry.
Therefore, if you have a small partner who uses log drivers such as local or fluentd , please try to upgrade Docker. The rest of the scenarios can be judged by themselves.
For more details please refer to its ReleaseNote
Helm v3.8 released
Helm v3.8 is a feature version. The biggest change in this version is that the support for OCI registry reaches GA.
If you want to log in to an OCI registry, you can use the Docker CLI-like usage and use the helm registry login image repository to operate.
For example, you can use the following command to log in to the GitHub mirror repository address:
➜ (MoeLove) ~ helm registry login ghcr.io
Username: tao12345666333
Password:
Login SucceededIt actually refers to the practice of Docker CLI, including the structure of configuration files, which is consistent with Docker CLI.
If you want to submit the Helm chart to the GitHub mirror repository, you can do the following:
(MoeLove) ➜ helm create foo
Creating foo
(MoeLove) ➜ helm package foo
Successfully packaged chart and saved it to: /tmp/foo-0.1.0.tgz
(MoeLove) ➜ helm push foo-0.1.0.tgz oci://ghcr.io/tao12345666333/foo-chart
Pushed: ghcr.io/tao12345666333/foo-chart/foo:0.1.0
Digest: sha256:1b0a889b4e0fee5b5679512182fc6c2e802f39bdc5ba9d11fff0affb962b9b49You can also complete the pull operation of the Chart with the following command:
# Pull chart
(MoeLove) ➜ helm pull oci://ghcr.io/tao12345666333/foo-chart/foo --version 0.1.0
Pulled: ghcr.io/tao12345666333/foo-chart/foo:0.1.0
Digest: sha256:1b0a889b4e0fee5b5679512182fc6c2e802f39bdc5ba9d11fff0affb962b9b49Or install operation:
# Install
(MoeLove) ➜ helm install foo oci://ghcr.io/tao12345666333/foo-chart/foo --version 0.1.0
NAME: foo
LAST DEPLOYED: Sun Mar 13 16:52:55 2022
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=foo,app.kubernetes.io/instance=foo" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORTThe biggest advantage of OCI support reaching GA this time is that we no longer need to maintain the container image repository and the Helm chart repository separately. The same one can be used directly, and the maintenance cost can be reduced.
Upstream progress
#108309 · kubernetes/kubernetes This is KEP-2799: Reduction of Secret-based Service Account Tokens The implementation of is mainly due to the default Service Account Token mechanism of Kubernetes, if a Pod references a Service Account , the corresponding Token will be mounted for it by default. Of course, we can also avoid this behavior by configuring automountServiceAccountToken: false .
In this PR, the LegacyServiceAccountTokenNoAutoGeneration feature is set to beta level and will be enabled by default in Kubernetes v1.24. At that time, all newly created ServiceAccounts will not obtain Token information by default. This requires additional attention, of course, this change does not affect the use of Pods.
some other changes
- Thanos v0.25 released
- Knative v1.3 released
- CNI plugins v1.1.0 released
Welcome to subscribe my article public account [MoeLove]
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。