A little more than three years after the first public commit for Kubernetes, the 1.7 release is ready to be released. What's new in this release? You'll find a lot of interesting new features, but the overarching theme of 1.7 is "extensibility" with a side of security features and much more. Let's take a look at what Kubernetes 1.7 will bring.
How Features Appear in Kubernetes
As you probably know, Kubernetes is one of the prime upstream projects for the Red Hat OpenShift family. As such, we spend a lot of time working upstream to introduce, collaborate on, and review code that goes into Kubernetes. Major features don't just materialize in a single release cycle for Kubernetes fully baked, they go through extensive review and development.
New features in Kubernetes are considered "alpha" in their first release, which means they're not turned on by default in the builds. Users can opt to use them, but they're not considered "production ready" by the upstream community. Beta features are considered well-tested and once a feature is in beta, it will not be dropped from Kubernetes – but it may change. Beta features are enabled by default.
Finally, once features are considered stable they will continue to appear in Kubernetes releases "for many subsequent versions," and aren't subject to changes the way beta or alpha feature Application Programming Interfaces (APIs) are.
Improved Extensibility
A major focus for the 1.7 release is extensibility, to allow Kubernetes to expand its scope and functionality without bloating the core project. Here's some of the features that make up Kubernetes extensibility focus in 1.7:
-
Custom Resource Definitions -- Third Party Resources are moving to a new API group, which lays the foundation for adding new features to custom resources later on. Custom Resource Definitions (CRDs) will allow extension of the Kubernetes API to provide features not in core Kubernetes that look like first-class APIs to users. This is in beta for Kubernetes 1.7.
-
Extensible External Admission Control -- This feature adds extensible policy and security checks to Kubernetes. Admins and integrators will be able to define their own policies to admit content into their Kubernetes cluster. This is in alpha for Kubernetes 1.7.
-
API Aggregation -- Along with work on CRDs, the API Aggregation feature helps to add to Kubernetes' extensibility by letting user-provided API servers be served with the rest of the Kubernetes API. This feature moves to beta for 1.7.
An Eye on Security
Extensibility isn't the only focus for 1.7. Security, as always, is important for upstream Kubernetes and 1.7 delivers some interesting improvements there.
-
Encrypting secrets in etcd -- The goal for this feature, in alpha as of 1.7, is to allow sensitive data stored in the etcd key-value store to be encrypted at the datastore level. This allows users of Kubernetes to go beyond encrypting data on-disk, but also to encrypt data in etcd to help protect it from being read by malicious parties via the Kubernetes API.
-
Limit node access to API -- This adds a new authorization mode and admission plugin that can limit a Kubernetes node's access to specific APIs. This is designed to limit a node’s access to secrets, and other information, to only pods running on that particular node., This will prevent any node from accessing secrets globally in the cluster.. This is in beta as of 1.7.
Other Noteworthy Developments in 1.7
Kubernetes 1.7 has a few features not in the extensibility or security categories that bear mentioning.
-
DaemonSet Updates -- This feature, beta in 1.7, adds the option to automate pod updates when a DaemonSet spec has been changed.
-
StatefulSet Upgrades -- Going beta in 1.7, StatefulSet Upgrades allow StatefulSets to be marked for upgrade automatically rather than requiring each StatefulSet pod to be deleted and then recreated with a new updated image.
-
Support for "burst mode" with StatefulSets -- Appearing in alpha in 1.7, this feature would allow Kubernetes' StatefulSets to support rapid, out-of-order changes to scale up or down as demand requires.
-
NetworkPolicy Now Stable -- The NetworkPolicy feature has been promoted to stable in Kubernetes 1.7. This allows users to use labels to select pods and define rules to specify the network traffic allowed to and from those pods. (historically, and by default, pods in Kubernetes are not isolated. They accept traffic from any source).
Overall, Kubernetes 1.7 represents another strong release from the Kubernetes community. It delivers a number of features that will help keep Kubernetes at the forefront of deploying, scaling, and managing containerized applications.
Coming Soon to OpenShift
The features that are appearing today in Kubernetes will help shape the next release of OpenShift, due in the coming months. We work with the larger Kubernetes community to drive features that are important to OpenShift users, and then work to stabilize and ready these features to meet the most demanding workloads.
The 1.7 release features will roll into OpenShift Origin first, and then will appear in OpenShift Online thereafter. After extensive testing in our online environments, those features will be baked into Red Hat OpenShift Container Platform which can be deployed on premise or in the cloud by customers.
Additional Resources:
Upcoming Kubernetes 1.7 related talks on OpenShift Commons:
-
What’s New in Kubernetes 1.7: Features/Functions/Futures with Clayton Coleman (Red Hat)
-
Kubernetes Service Catalog Deep Dive with Paul Morie and Andrew Block (Red Hat)
-
Kubernetes Technical Road Map Update with Aparna Sinha (Google)
Check out the entire calendar of OpenShift Commons Briefings and Tech Talks here: http://commons.openshift.org/events.html
저자 소개
Joe Brockmeier is the editorial director of the Red Hat Blog. He also acts as Vice President of Marketing & Publicity for the Apache Software Foundation.
Brockmeier joined Red Hat in 2013 as part of the Open Source and Standards (OSAS) group, now the Open Source Program Office (OSPO). Prior to Red Hat, Brockmeier worked for Citrix on the Apache OpenStack project, and was the first OpenSUSE community manager for Novell between 2008-2010.
He also has an extensive history in the tech press and publishing, having been editor-in-chief of Linux Magazine, editorial director of Linux.com, and a contributor to LWN.net, ZDNet, UnixReview.com, and many others.
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.