Kubernetes 1.27 Released with Freeze on Legacy Image Registry and In-Place Update of Pod Resources
MMS • Mostafa Radwan
Article originally posted on InfoQ. Visit InfoQ
The Cloud Native Computing Foundation (CNCF) released Kubernetes 1.27 with the name chill vibes. The release has new features, such as In-place Update of Pod Resources, Limit of Parallel Image Pulls, and Multiple Service CIDRs.
Also, there are beta features included in the release, such as automatic removal of PVCs created by StatefulSets, addition of a new subresource flag to kubectl commands, and Component Health SLIs.
Several features have been marked generally available or stable, such as freeze on the legacy container image registry k8s.gcr.io ,default usage of seccomp profiles, and support of OpenAPI v3.
In version 1.27, the SecurityContextDeny admission plugin is deprecated and Azure disk in-tree storage plugin is removed.
In the new release, there is a freeze on the usage of the legacy container image registry that is hosted on a custom google container registry. Since March 20th, traffic from k8s.gcr.io has been redirected to the community owned registry.k8s.io with the intention of sunsetting k8s.gcr.io. The change should provide users with high availability and reduced latency by hosting the community container registry on multiple cloud providers instead of a single entity.
Xander Grzywinski from the release team and senior product manager at Microsoft commented on this particular feature.
I know we have been talking a lot about this throughout the whole release cycle and I’m sure some folks are tired of hearing about it but it bears mentioning again. The 1.27 images are not going to be published to the old registry. Any requests to the old registry will be redirected to the new one, but if you’re behind a proxy, there’s work needs to be done.
In-place Update of Pod Resources has been introduced to provide the ability to change container resource requests and limits without having to restart the pod. This is turned off by default and it allows users to specify in the container’s field resizePolicy
whether a restart is required.
Mark Rossetti from the release team and principal software engineer at Microsoft commented on this.
A lot of people have been waiting for this feature. With this functionality, you can add or subtract resources to containers without needing to restart them. This will help a lot of workloads scale faster and with fewer interruptions.
Also in the new release, a limit can be set on the number of parallel image pulls by the kubelet to avoid consuming too much network bandwidth and disk that can degrade the performance of the cluster.
In addition, there are no size limitations associated with the service-cluster-ip-range
field when it comes to internal IP addresses of services CIDRs. This is turned off by default and it enables users to easily inspect the IP addresses assigned to services.
StatefulSet PVC Auto-Deletion moved to beta in version 1.27 and it’s turned on by default. In the past, when a StatefulSet was deleted the associated PVCs and the underlying volumes were retained. This generated manual work and caused incurring costs of the unused storage.
To fetch and update subresources for all API resources, the –subresource
flag is added to kubectl in beta which allows fetching and updating the status and scale of subresources. More subresources will be added in the coming releases.
SLIs metrics for Kuberetes components graduated to beta allowing to monitor and measure the availability for Kubernetes internals. Two metrics types will be exposed for each component: gauge, and counter.
Using a seccomp profile by default became generally available in this release. This feature improves the security of pod containers in Kubernetes by executing them with a seccomp profile restricting allowed system calls.
Support for OpenAPI v3, a language-agnostic standard interface to APIs, became generally available and enabled by default. This allows Kubernetes to publish a description of APIs in the OpenAPI v3 format.
Kubernetes is an open source container orchestration software for deploying and managing containerized applications at scale.
According to the release notes, Kubernetes version 1.27 has 60 enhancements including 18 entering alpha, 13 becoming generally available or stable, and 29 graduating to beta. In addition, 14 features are being deprecated or removed.
CNCF held a webinar on April 14, 2023, to discuss the changes from the release team.