Congratulations to the over 3,000 Kubernetes contributors and the even larger group of users for another amazing Kubernetes release. Kubernetes’ ability to consistently innovate over multiple years on a quarterly release cycle is remarkable. Kubernetes 1.18 offers a nice blend of network, storage, platform efficiency, and next generation features that will set Kubernetes up to grow to support new applications it can’t reach today. For a full look into all the features of the release, visit the upstream release notes.
Network and Storage
Network and storage are two areas where building distributed systems calls for unique tactics. The two topics are foundational pillars in any platform. Sometimes those topics can feel bland, like discussing taxes, but when someone tries to run an important application on the platform, they undoubtedly use those parts of the system. They are also as inevitable and unavoidable as taxes.
Kubernetes 1.18 makes the graduation of four container storage interface (CSI) features to stable status! Awesome work from the Storage SIG. one of those is the ability to skip loading an external CSI attacher for things that don’t need them like NFS, or secret volumes. That sounds small, but it really helps a pod leverage the CSI interface for both its everyday volume mounts, and its application PVs. This means the gap between flexVolumes and CSI is getting smaller. Plus, CSI raw block support moving to stable will allow more complex stateful applications to find a place inside of Kubernetes.
Not to be out done by SIG Storage, the networking SIG flexed their muscles in Kubernetes 1.18 as well. IPv6 single stack support has moved to beta! The journey to IPv6 started in Kubernetes 1.9. Since that time, many leaders from the industry and from specialized vertical markets have worked with it, and contributed back to the project. Through those lessons learned, Kubernetes has been able to continue to evolve its IPv6 solution. We aren’t there yet, but it’s getting closer.
At the same time, Ingress v1 goes to beta in this release. Ingress has finally made the leap to a permanent API group, and in doing so has solidified the ingress class concept. Just like storage classes allow you to use different storage solutions available to the cluster, ingress classes will allow you to use multiple ingress controllers in the same cluster, and more cleanly choose which ingress point you want specific pods to use. Finally, AppProtocol is graduating to stable. It allows application owners to easily declare the mix of ports and protocols they need for their pod’s services and endpoints from the loadBalancer.
Smarter Use of Resources
Kubernetes 1.18 is getting smarter. With the new endpoint API moving to beta, we are seeing much improved usage of apiserver, etcd, endpoint-controller and kube-proxy in large clusters. This was accomplished by no longer forcing a re-processing of the whole endpoint object through those control plane components if a pod is added, updated or deleted. To help offer more deployment automation for your pods that understand HA topologies you have created with node labels, PodTopologySpread has moved to beta. This offers placement improvements over that of just taints and tolerations. Speaking of taints, pod evictions obeying taints is now a stable feature.
Have you had bigger applications that take awhile to start up killed by Kubernetes because they failed the health probe? Not anymore. With a new probe called startupProbe moving to beta, you can now hold off those pesky probes until the pod has finished starting up. And finally, how many secrets and configMaps does your poor kubelet have to watch for changes? With a new field called Immutable you can tell the system that you don’t need it to watch the secret or configMap file if you would rather roll out changes by issuing new secrets or configMaps. This can also alleviate load on the apiserver in big clusters, allowing you to run more pods per node.
The Next Adventure
Kubernetes is attracting more and more users everyday. With those users come new demands. Bare metal, HPC, and edge commuting is one area where Kubernetes 1.18 is growing to meet new demands. Windows Containers is another.
For the former, we see node topology manager move to beta. This allows Kubernetes to enable NUMA alignment of CPUs and peripheral devices (such as SR-IOV VFs and GPUs), allowing your workload to run in an environment optimized for low-latency. Sensitive applications will also be happy to know hugepage extensions are now a stable feature.
A clever idea around scheduling profiles has moved to alpha. As more diverse workloads enter into the Kubernetes cluster, there could arise a need to have workloads use different schedulers inside the same cluster. This implementation would allow you to call a schedulerName in your pod spec in order to select the right one for your pod.
Windows containers are also working their way into Kubernetes with this release. First of all GMSA and RunAsUserName both moved to stable. The GMSA support allows you to start a container with the correct Windows Group Managed Service Account in Active Directory, thus allowing that application in the pod to authenticate as it normally would within your Windows network. The RunAsUserName allows the GMSA to declare the credentials it needs to run the container.
The second big feature for Windows is RuntimeClass moving to alpha. RuntimeClass makes it easy to schedule pods to nodes with the appropriate operating system version and CPU architecture. Specifically for Windows Containers, this helps allow Kubernetes to figure out if there is a mismatch between the host’s Windows version and the container’s base image Windows version, thus putting it in the position of launching a hyperV based isolated container if needed. Finally, CSI Proxy is now available to help implement the needed storage APIs on a Windows server. This opens the door to storage vendors who wish to offer CSI plugins for Windows.
Everywhere you look in Kubernetes, there are people solving complex problems that users are facing, thus making it both easier and safer to run clusters, workloads and services at scale. Kubernetes 1.18 reminds us all that we can come together and solve any problem. A lesson that is fresh in our minds this month. Stay safe out there!