posted

0 Comments

By Wendy Cartee, Senior Director Product Marketing, Cloud-Native Applications

Kubernetes 1.8 is released with a total of 39 features across security, storage, networking, APIs, scheduling, cluster lifecycle management and more. Out of the 39 features, 19 are in alpha, 16 in beta and four moved to stable. The three themes selected for the release were stability, security and simplicity, and here are just a few features under those areas:

Security:

The most notable security feature that moved to stable is RBAC (Role-based Access Control), which allows admins to dynamically define policies that authorize access to cluster resources through the Kubernetes API. For more information on this feature, check out Using RBAC Authorization on Kubernetes.io.

Currently in Beta, Kubelet client credential rotation updates the initial cert/key pair as it expires. As the Kubelet cert approaches expiration, a request is sent to the cert signing request API to sign a new key, which renews the cert/key pair.

Stability:

Stability includes feature enhancements for storage, autoscaling and workload features, such as supporting volume mount option (in stable), storage volume snapshots, support for volume operation metrics, self-hosting support in kubeadm, etc.  In addition, the core workload APIs (DaemonSet, Deployment, ReplicaSet, StatefulSet) are now part of apps group v1Beta2.

Simplicity:

When it comes to simplicity, the release includes Cron job support (in Beta), which helps with scheduling and running jobs at particular times for tasks like backups, report generation, etc. The horizontal pod autoscaler, or HPA supported scaling based on CPU, now includes custom metrics API on pods.

Networking:

Egress network policy filtering was added to allow rules to be applied on egress traffic from a pod. This feature complements the ingress policy, and combined gives admins control of bidirectional policy definition. The feature is marked as Beta for Kubernetes 1.8 with the plan to move to stable with 1.9.

Another networking feature added is CIDR support on ingress network. Admins can now define a range of IP addresses that a pod can accept traffic. This is also marked as beta for 1.8, and plan is stable in 1.9.

To improve load balancing, IPVS-based load balancing replaced iptables approach for higher scaling and performance. IPVS is based on transport layer and is built on top of netfilter. Docs indicated that latency was reduced dramatically and performance consistency was achieved for large numbers of services. Huawei team did a presentation on this at KubeCon Berlin, and there are some great nuggets of information in the presentation.

Storage:

There is an impressive list of storage enhancements in this release that should be highlighted. Storage is grouped under stability, but here are a few more added storage features:

  • Resize persistent volumes lets users increase the size of PVs for their pods.
  • Storage volume snapshots adds support in Kubernetes API to create, list, delete and restore snapshots from an arbitrary underlying storage system.
  • Improve flexvolume deployment provides a way to deploy flexvolume drivers using DaemonSet and supports dynamic discovery of drivers vs only at kubelet or controller manager initialization.

For more information, the Kubernetes 1.8 blog has a feature summary, in addition to release background. The community is moving swiftly towards Kubernetes 1.9, and it will no doubt be packed with even more exciting new features. If you are planning to attend KubeCon, come by and visit VMware and follow up on Twitter (@cloudnativeapps) for updates. I look forward to seeing you there!

Join VMware at KubeCon+CloudNativeCon 2017:

VMware will be at KubeCon + CloudNativeCon in Austin, Texas on December 6-8. Join us and check out our Kubernetes-based container product, PKS, purpose-built for enterprises who need Kubernetes in production.