“K8S Ecology Weekly” mainly contains some recommended weekly information related to K8S ecology that I have come into contact with. Welcome to subscribe zhihu column “K8S Ecology”.

Trivy V0.22.0 is officially released

Trivy is a lightweight vulnerability scanning tool that supports container images, file systems, IaC profiles, and more. I have covered it several times in my previous K8s Ecology Weekly article, which I will not expand on here. Let’s take a look at some notable changes in this release.

  • There’s a new one--offline-scanIn the rightpom.xmlJARFile scanning can be specified at the same time--skip-update--offline-scanParameter to prevent Trivy from making a request to update the vulnerability library. This is useful in offline environments or when the network is not good.
  • Optimized memory usage, in the previous version of logic, if the large files will be directly read, may cause OOM. This time the problem has been fixed and some caching has been added. If you are using Trivy, I recommend you update it;
  • When scanning RPM packages, NDB format is supported. If you are interested in this format, please refer to the release description of RPM project.

You can either go to its Release page and download the latest binaries, or you can use the container image.

(MoeLove) ➜ Docker pull Aquasec/Trivy :0.22.0Copy the code

For other changes to this release, refer to its ReleaseNote

Helm v3.7.2 release

The last major release of Helm is V3.7.0, but if you look at the actual changes to the project, you’ll see that even the major update doesn’t carry anything particularly valuable. Instead, there are a few notable additions to this mini-version:

  • Fixed a memory leak when Helm upgrade was running at github.com/helm/helm/i…

As for the changes in previous releases, you can check out the ReleaseNote for yourself

Rook released v1.8

Rook is an open source component dedicated to storing choreography on the Kubernetes platform. It is a graduation project of CNCF. In the previous “K8s Ecology Weekly” I have also been introduced, I will not expand here, you can have a look at the historical articles. Now let’s take a look at what’s worth watching in the new version.

First, some Breaking Change:

  • Rook is compatible with Kubernetes V1.16 or later. This is mainly due to its CRD implementation, and Kubernetes removed the old API in v1.22, so Rook has upgraded the API version it uses to V1. If the current version of Kubernetes is earlier than the current version of Kubernetes, it is recommended to upgrade the Kubernetes cluster before upgrading roOK.

  • Support for the Ceph Nautilus version has been removed in V1.8. If you have a cluster with the Ceph Nautilus version deployed via Rook, upgrade to Octopus or Pacific first. To ensure that Rook can process its version properly.

  • Is now fully USES the CSI interface for storage management, Rook before support Flex drive has been completely abandoned, if want to migrate friend, you can refer to Rook. Making. IO/docs/Rook/v…

It also brings a lot of new features:

  • Support Kubernetes authentication when using HashiCorp Vault;

  • To provide better security, the current Rook operator and Toolbox containers run under the Rook user instead of the root user.

  • The Rook image has the S5cmd tool installed by default, which is a tool that provides quick S3 operations. You can find it at github.com/peak/s5cmd. The default PROVIDED S5CMD can facilitate us to quickly verify the functions of S3 Gateway in toolbox;

  • Rook currently has a ceph.rook. IO /disaster-protection Finalizer that can be used to prevent important resources from being accidentally deleted. To delete these important resources, perform the following steps:

kubectl -n rook-ceph patch configmap rook-ceph-mon-endpoints --type merge -p '{"metadata":{"finalizers": [null]}}'
kubectl -n rook-ceph patch secrets rook-ceph-mon --type merge -p '{"metadata":{"finalizers": [null]}}'
Copy the code

That’s all you need to know about the RELEASE of Rook V1.8. If you’re interested in other changes, check out ReleaseNote

Progress in the upstream

  • Completely remove in-tree dockershim from kubelet by dims · #97252 Refer to my previous post on this topic;

  • Introduce new prune parameter into diff command by ardaguclu · #105164 Introduce new prune parameter into diff command by ardaguclu Its behavior is similar to Kubectl apply — Prune, which clears out managedFields and so on, making it easier to see real changes;

  • Kubectl config by ardaguclu · #105566 This makes it easier for some of the clusters deployed behind the broker;

digression

Overall, there have been no major changes in the last two weeks, partly because it’s the end of the year and most of the overseas contributors in the community have been on vacation. On the other hand, since this year’s goals have basically been accomplished, the next iteration will focus on the year after.

In the near future, I will publish an article summarizing the K8s ecology in 2021 and predicting the development of the K8s ecology in 2022, based on the noteworthy content in the K8s ecology in 2021 and some overall technology trends. Stay tuned!

Please feel free to subscribe to my official account [MoeLove]