MMS • RSS
The Cloud Native Community Foundation (CNFC) has announced the Kubernetes 1.12. This version brings snapshot and restore volumes, improvements to TLS, Horizontal Pod Autoscaler (HPA), topology-aware dynamic provisioning, Advanced Auditing, topology support for Container Storage Interface (CSI) plugin, and more.
TLS on Kubernetes has received a few improvements, such as Kubelet TLS Bootstrap which has been graduated to general availability, enabling a kubelet to bootstrap itself into a TLS-secured cluster. Now a kubelet can generate a private key and a CSR (Certificate Signing Request) for submission to a cluster-level certificate signing process. Furthermore, Kubelet server certificate bootstrap and rotation is moving to beta. This feature introduces a process for generating a key locally and then issuing a CSR to the cluster API server to get an associated certificate signed by the cluster’s root certificate authority.
Horizontal Pod Autoscaler (HPA) is a feature implemented as a Kubernetes API resource and a controller, designed to automatically scale the number of pods in a replication controller, deployment, or replica set based on observed CPU utilization. The HPA algorithm has been improved to make the system much more responsive scaling up/down with fewer spikes. Additionally, the support for custom metrics also has been improved.
Kubernetes 1.12 introduces topology-aware dynamic provisioning beta, which aims to improve the regional cluster experience for stateful workloads. It means Kubernetes now understands the inherent zonal restrictions of Compute Engine Persistent Disks (PDs) and Regional PD, and provisions them in the zone that is best suited to run the pod. Another addition to topology is the Container Storage Interface (CSI) plugin, which is intended to make it easier for third party developers to write and deploy volume plugins exposing new storage systems in Kubernetes.
The Kubernetes Audit logging has been graduated to general availability. Kubernetes auditing provides a relevant set of records documenting the sequence of activities that have affected the system by individual users, administrator or other components. Now logging is enabled for all Google Kubernetes Engine (GKE) clusters starting with version 1.8.3, allowing GKE users to introspect requests to their cluster via an integration with Stackdriver Cloud Audit Logging. Learn more about auditing logging in GKE.
Another feature introduced in Kubernetes 1.12 is volume snapshot and restore. This alpha feature enables developers to create/delete volume snapshots and create new volume from snapshots using the Kubernetes API. Furthermore, snapshot operations can be incorporated in a cluster agnostic way by developers.
Other features available include:
- RuntimeClass, new cluster-scoped resource that surfaces container runtime properties to the control plane (alpha).
- Configurable pod process namespace sharing: this feature enables users to configure containers within a pod to share a common PID namespace by setting an option in the PodSpec (beta).
- Taint node by condition: users now have the ability to represent node conditions that block scheduling by using taints (beta).
- Encryption at rest via KMS: this adds multiple encryption providers, including Google Cloud KMS, Azure Key Vault, AWS KMS, and Hashicorp Vault (beta).