Open in app

Sign in

Write

Sign in

Kubernetes 111

Lawrence Manickam
kuberiter

--

Kubernetes has a come a long way in the last 4 years. At least from my experience, I never saw an Infrastructure Product that created the type of momentum in the industry within a short duration. More than ever, customers are poising towards Kubernetes and the edge cloud for K8S is accelerating too.

Today I have read an awesome use case of Chick-Fil-A adoption of Kubernetes at Edge Cloud. They place edge devices at their store to manage the work load of K8S and it looks very promising. You can read their success story here Chick-Fil-A.

Kubernetes version 1.11, the second release of the year 2018 was delivered last week. Let’s see what’s new in K8S 111.

Key Features

  • IPVS-based in-cluster load balancing is now generally available.
  • Enable CoreDNS as a DNS plugin for Kubernetes
  • Azure Go SDK is now generally available.
  • ClusterRole aggregation is now generally available.
  • CRI validation test suite is now generally available.
  • StorageObjectInUseProtection is now generally available.

SIG API Machinery

This release of K8S focus mainly on CustomResources. Custom Resource definitions can now define multiple versions.

Custom Resource Definitions now also support “status” and “scale” subresources, which integrate with monitoring and high-availability frameworks. These two changes advance the ability to run cloud-native applications in production using Custom Resource Definitions.

SIG Auth

Kubernetes 1.11 makes it easier to see what’s happening, as audit events can now be annotated with information about how an API request was handled. In addition, the NodeRestriction admission plugin now prevents kubelets from modifying taints on their Node API objects, making it easier to keep track of which nodes should be in use.

SIG CLI

SIG CLI’s main focus this release was on refactoring kubectl internals to improve composability, readability and testability of kubectl commands. Those refactors will allow the team to extract a mechanism for extensibility of kubectl — that is, plugins — in the next releases.

SIG Cluster Lifecycle

SIG Cluster Lifecycle focused on improving kubeadm’s user experience by including a set of new commands that can handle the migration of the configuration to a newer version, printing the default configuration, and listing and pulling the required container images for bootstrapping a cluster.

Other notable changes include:

  • CoreDNS replaces kube-dns as the default DNS provider. CoreDNS is now available as a cluster DNS add-on option and is the default when using kubeadm. CoreDNS is a flexible, extensible authoritative DNS server and directly integrates with the Kubernetes API. Since it’s a single executable and a single process and supports flexible use cases by creating custom DNS entries. It’s also written in Go making it memory-safe.
  • Improved user experience for environments without a public internet connection and users using other CRI runtimes than Docker.
  • Support for structured configuration for the kubelet, which avoids the need to modify the systemd drop-in file
  • Many improvements to the upgrade process and other bug fixes

SIG Instrumentation

The major change in Kubernetes 1.11 is the deprecation of Heapster as part of ongoing efforts to move to the new Kubernetes monitoring model. Clusters still using Heapster for autoscaling should be migrated over to metrics-server and the custom metrics API.

SIG Network

In this release, IPVS-based in-cluster service load balancing has moved to stable. IPVS (IP Virtual Server) provides high-performance in-kernel load balancing, with a simpler programming interface than iptables.

This change delivers better network throughput, better programming latency, and higher scalability limits for the cluster-wide distributed load-balancer that comprises the Kubernetes Service model. IPVS is not yet the default but clusters can begin to use it for production traffic.

IPVS is an alternative approach to in-cluster load balancing that uses in-kernel hash tables rather than the previous iptables approach, while CoreDNS is a replacement for kube-dns for service discovery.

SIG Node

The dynamic kubelet config feature is enabled by default, simplifying management of the node object itself. Kubelets that are configured to work with the CRI (Container Runtime Interface) may take advantage of the log rotation feature.

The cri-tools project, which aims to provide consistent tooling for operators to debug and introspect their nodes in production independent of their chosen container runtime, graduated to General Availability.

As far as platforms, working with SIG-Windows, enhancements were made to the kubelet to improve platform support on Windows operating systems, and improvements to resource management were also made. In particular, support for sysctls on Linux graduated to beta.

SIG OpenStack

Improved integration between the Keystone service and Kubernetes RBAC, and a number of stability and compatibility improvements across the entire provider code-base.

SIG Scheduling

Pod Priority and Preemption are enabled by default.

Pods can have priority. Priority indicates the importance of a Pod relative to other Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) lower priority Pods to make scheduling of the pending Pod possible.

In Kubernetes 1.9 and later, Priority also affects scheduling order of Pods and out-of-resource eviction ordering on the Node. Pod priority and preemption are moved to beta since Kubernetes 1.11 and are enabled by default in this release and later.

SIG Storage

The StorageObjectInUseProtection feature is now stable and prevents the removal of both Persistent Volumes that are bound to a Persistent Volume Claim, and Persistent Volume Claims that are being used by a pod. This safeguard will help prevent issues from deleting a PV or a PVC that is currently tied to an active pod.

New alpha features include:

  • Online volume resizing will increase the filesystem size of a resized volume without requiring a Pod restart.
  • AWS EBS and GCE PD volumes support increased limits on the maximum number of attached volumes per node.
  • Subpath volume directories can be created using DownwardAPI environment variables

SIG Windows

This release supports more of Kubernetes API for pods and containers on Windows, including:

  • Metrics for Pod, Container, Log filesystem
  • The run_as_user security contexts
  • Local persistent volumes and fstype for Azure disk
  • Volume mounts for ConfigMap and Secret
  • Flexvolume plugins for SMB and iSCSI storage are also available out-of-tree at Microsoft/K8s-Storage-Plugins

New Deprecations

  • etcd2 as a backend is deprecated and support will be removed in Kubernetes 1.13. Please ensure that your clusters are upgraded to etcd3 as soon as possible.
  • InfluxDB cluster monitoring has been deprecated as part of the deprecation of Heapster. Instead, you may use the metrics server.
  • The kubelet — rotate-certificates flag is now deprecated and will be removed in a future release.
  • The kubeadm configuration file version has been upgraded from v1alpha2 from v1alpha1. v1alpha1 read support exists in v1.11 but will be removed in v1.12.
  • kubeadm: Support for. AuthorizationModes in the kubeadm v1alpha2 API has been removed.
  • The annotation service.alpha.kubernetes.io/tolerate-unready-endpoints is deprecated.
  • — show-all, which only affected pods, and even then only for human readable/non-API printers, is inert in v1.11, and will be removed in a future release.
  • The kubectl rolling-update is now deprecated. Use kubectl rollout instead.
  • kube-apiserver: the default — endpoint-reconciler-type is now lease. The master-count endpoint reconciler type is deprecated and will be removed in 1.13.
  • OpenStack built-in cloud provider is now deprecated. Use the external cloud provider for OpenStack.
  • The Kubelet’s deprecated — allow-privileged flag now defaults to true. This enables users to stop setting — allow-privileged in order to transition to PodSecurityPolicy.
  • The old dynamic client has been replaced by a new one. The previous dynamic client will exist for one release in client-go/deprecated-dynamic. Switch as soon as possible.
  • In-tree support for openstack credentials is now deprecated. please use the “client-keystone-auth” from the cloud-provider-openstack repository.
  • The GitRepo volume type is deprecated.
  • Alpha annotation for PersistentVolume node affinity has been removed.

Happy upgrade to 111.

Lawrence Manickam is the Technical Founder of Kuberiter Inc, a Seattle based Start-up that provide DevOps toolchain services (Jenkins as a Service, Docker as a Service and Kubernetes as a Service) for MultiCloud.

Please subscribe at www.kuberiter.com to try our SaaS based Kubernetes Provisioning Platform.

--

--

Lawrence Manickam
kuberiter

Written by Lawrence Manickam

76 Followers
Editor for