Releasing Kubernetes Less Often and More Secure – The SIG Release Update

The SIG Release team of Kubernetes is working on releasing the software less often and more securely. They have changed the release cadence to three releases per year and introduced fast forward in the last cycle. They are also working on making the software supply chain more secure by driving towards full SLSA compliance.

• SIG Release is responsible for the release of Kubernetes and all the tooling around release engineering.
• The team has changed the release cadence to three releases per year to make it more sustainable.
• Fast forward was introduced in the last cycle to avoid conflicts during cherry picking.
• The team is working on making the software supply chain more secure by driving towards full SLSA compliance.
• They are also working on creating a roadmap and vision for SIG Release.
• Maintainers of other projects under the Kubernetes organization are encouraged to attend the session to learn more about extending the SIG Release tools to their own releases.

In the past, the release team had a hard time managing everything with four releases per year. After sending a release survey, they found out that the community preferred three releases per year. They introduced fast forward in the last cycle to avoid conflicts during cherry picking. The team is also working on making the software supply chain more secure by driving towards full SLSA compliance.

The Kubernetes Special Interest Group (SIG) Release is inviting you to join their project update at KubeCon! Adolfo, Carlos, Sascha and Stephen will speak about the latest changes to the SIG as well as its influence on the overall Kubernetes project. The session will cover how the SIG Release roadmap and vision maps to recent project development efforts, which enhancements to the general release process they’re currently working on, as well as the lessons learned from past release cycles. As part of that update, the Release Engineering subproject of SIG Release will speak about how the community hardens their software supply chain by driving towards full SLSA (Supply-chain Levels for Software Artifacts) compliance, including SBOM generation and container image signing. Do you wanna be part one of the largest Kubernetes SIGs? Then join this session to learn more about our latest efforts and how to contribute to them! Maintainers of other projects under the Kubernetes organization are strongly encouraged to attend this session to learn more about extending the SIG Release tools to their own releases.Click here to view captioning/translation in the MeetingPlay platform!