What happened in the past weeks in the CNCF universe? We will give you the most recent updates, news and releases.

CNCF archives the rkt project

Source: https://github.com/rkt/rkt

rkt the coreOS container engine got archived by CNCF. This means that CNCF will no longer provide services to the project and distribute rkt via their channels. CNCF gave some background about their decision:

The CNCF is also home to other container runtime projects: containerd and CRI-O, and while the rkt project played an important part in the early days of cloud native adoption, in recent times user adoption has trended away from rkt towards these other projects. Furthermore, project activity and the number of contributors has also steadily declined over time, along with unpatched CVEs.

Find the full blog post at CNCF blog.

SIG App Delivery

CNCF is in the process of founding a new Special Interest Group (SIG) for Application Delivery. The group describes itself as follows:

The Application Delivery SIG focuses on delivering cloud native applications which involves multiple phases including building, deploying, managing, and operating. Additionally, the SIG produces supporting material and best practices for end-users, and provide guidance and coordination for CNCF projects working within the SIG’s scope.

Currently, the chair for the SIG is in the election by the technical oversight committee (TOC) and should be announced soon. Nevertheless, SIGs are always good places to bring in your thought leadership and shaping the frame for the development of the CNCF universe.

Open Sourcing the Kubernetes Security Audit

The CNCF published the security audit of Kubernetes v1.13.4 and shows the multiple facets of the project. With the release of the report and within a couple of days after the release, the community closes many of the security-relevant findings. But the report also shows that the code could need some quality makeover indicated by missing comments, code repetition and too many (internal and external) dependencies. We can only recommend reading the report, you will gain some deeper understanding of internal functions and logic of Kubernetes.

Flux joined CNCF Sandbox

Weave Flux by weave works is one of the first relevant GitOps implementations along with other tools like Argo-CD. GitOps aims to solve the difference between what was described in a declarative way and what is really going on within a Kubernetes cluster. For this Flux for example constantly checks the latest config, images and state and bring all component it is aware of into the desired shape.

Flux GitOps model || Source: https://github.com/fluxcd/flux

Now, Flux got accepted by the CNCF and joins as a sandbox project. With this step, Flux can experience a boost in its development and an even stronger spread over the community. We are excited about the next couple of months!


(Selected) Releases of the month

  • Kubernetes v1.15.2: Fixing CVE-2019-11247 and CVE-2019-11249
  • Kubernetes v.1.16.0-beta.1: With K8s 1.16 the CustomRessourceDefinition (CRD) API reach the general availability and gets promoted to the apiextensions.k8s.io/v1
  • KIND - Kubernetes IN Docker turns v0.5.!
  • etcd v.3.4.0: Besides an incredible long changelog, the new release brings performance optimization by mainly implementing fully concurrent read transactions. Also, the raft protocol gets the possibility to add "learners" to a cluster, so new nodes do not impact the leader node.
  • containerd 1.3.0-beta.1: Supports now per-pod containerd shim, added plugins.cri.registry.tls_configs option to support TLS connections to registries, configurable plugin directory and new Windows V2 runtime using hcsshim
  • NATS Streaming Server v0.16.0: The new release adds read-ahead capabilities improving delivery to subscriptions, auto-sync interval allowing to disable file sync on every flush, but sync at regular interval and the ability to set read/write timeouts for Postgres driver
  • OPA v0.13.2: The new OPA release adds two main features: you can now download multiple bundles and emitting decision logs to stdout.
  • OpenEBS v1.1.0: Besides that OpenEBS has reworked and sharpened their cross-platform documentation, they also implemented the Container Storage Interface (CSI) as an alpha feature. The CSI is a specification that enables a storage vendor to define an interface for cross-platforms access like Kubernetes or Mesos. Also, OpenEBS makes the upgrade easier by utilizing Kubernetes Jobs.