Kubernetes 1.12 will be released on Tuesday, the 25th of September 2018. This updated release comes with improvements to security and storage, cloud provider support and other internal changes. Let’s take a look at the four domains that will be majorly impacted by this update.
The Kubelet TLS bootstrap will now have a stable version. This was also covered in the blog post Kubernetes Security: RBAC and TLS. The kubelet can generate a private key and a signing request (CSR) to get the corresponding certificate.
The kubelets are able to rotate both client and/or server certificates. They can be automatically rotated through the respective RotateKubeletClientCertificate and RotateKubeletServerCertificate feature flags in the kubelet that are enabled by default now.
NetworkPolicy objects support an egress or to section to allow or deny traffic based on IP ranges or Kubernetes metadata.
NetworkPolicy objects also support CIDR IP blocks to be configured in the rule definitions. Users can combine Kubernetes-specific selectors with IP-based ones both for ingress and egress policies.
Data encryption at rest can be obtained using Google Key Management Service as an encryption provider. Read more about this on KMS providers for data encryption.
VolumeSnapshotContent and VolumeSnapshot API resources can be provided to create volume snapshots for users and administrators.
Topology aware dynamic provisioning will allow a Pod to request one or more Persistent Volumes (PV) with topology that are compatible with the Pod’s other scheduling constraints- such as resource requirements and affinity/anti-affinity policies. While using multi-zone clusters, pods can be spread across zones in a specific region. The volume binding mode handles the instant at which the volume binding and dynamic provisioning should happen.
When the dynamic volume limits feature is enabled in Kubernetes, it automatically determines the node type. Kubernetes supports the appropriate number of attachable volumes for the node and vendor.
Kubernetes 1.12 brings support for Azure availability zones. Nodes within each availability zone will be added with label failure-domain.beta.kubernetes.io/zone=<region>-<AZ> and Azure managed disks storage class will be provisioned taking this into account.
This feature adds support for Azure Virtual Machine Scale Sets. This technology lets users create and manage a group of identical load balanced virtual machines.
This feature adds support for Azure Cluster Autoscaler. The cluster autoscaler allows clusters to grow as resource demands increase. The Cluster Autoscaler does this scaling based on pending pods.
In earlier Kubernetes versions, modifying the base configuration of the core cluster components was not easily automatable. ComponentConfig is an ongoing effort to make components configuration more dynamic and directly reachable through the Kubernetes API.
Kubernetes aims to support the multiple architectures, including arm, arm64, ppc64le, s390x and Windows platforms. Automated CI e2e conformance tests have been deployed to ensure compatibility moving forward.
scopeSelector can be used to create Pods at a specific priority. Users can also control a pod’s consumption of system resources based on a pod’s priority.
Apart from these four major areas that will be upgraded in Kubernetes 1.12, additional features to look out for are
Arbitrary / Custom Metrics in the Horizontal Pod Autoscaler, Pod Vertical Scaling, Mount namespace propagation, and much more!
To know about all the upgrades in Kubernetes 1.12, head over to Sysdig’s Blog
Google Cloud hands over Kubernetes project operations to CNCF, grants $9M in GCP credits
Kubernetes 1.11 is here!
VMware Kubernetes Engine (VKE) launched to offer Kubernetes-as-a-Service