Kubernetes1.16 is out now with exciting features and updates centered around custom resources and overhaul of metrics and volume extensions. This is the third release from Kubernetes this year and its release mascot this time is inspired by the Apollo 16 mission crest. It has a total of 31 upgrades out of which 15 are in alpha and 8 in beta while the remaining 8 have moved to stable. As always, I am here with my insights about the key highlights of the release. So, let’s begin with Custom Resources -
Custom Resources now GA
Yes, you read it right - custom resources a feature that was in the beta for over two years is now GA. This release is more focused on building stable APIs and maintaining data consistency in these APIs. Another interesting update is several guard rails that used to be optional are now turned on by default to ensure that your APIs are always up and running. It is also important to note that these custom resources are backward compatible. Combining custom resources with a custom controller makes APIs more declarative in nature. To dive deeper into custom resources and find out how to work with them, click here.
If you are a fan of Windows, then this release has enhancements that will bring a smile to your face - support for Container Storage Interface (CSI), improvements to the node setup & node join experience with kubeadm and enhanced workload identity options for Windows containers. Out of these, the CSI and kubeadm updates are in alpha and the workload identity options are in beta. Let’s see what it means for your Windows workloads within k8s -
- Container Storage Interface (CSI) Support
CSI plugin support provides excellent storage capabilities while working with Windows-based workloads by enabling support for Windows nodes in Kubernetes clusters. This, in turn, also increases storage options for Windows. Using a host OS proxy, you can now also execute authorized container operations on Windows.
- Enhanced setup & node join experience with kubeadm
With the alpha support for Windows in kubeadm, you can now easily join and set up Windows worker nodes to an existing cluster with an experience close to how Linux nodes are handled. You can easily create and add a Windows node to a cluster and on completion, your node will be ready to run Windows containers. Not only that, but Kubernetes will also provide a set of Windows-specific scripts to enable the installation of prerequisites and network interfaces necessary for the node to seamlessly join the cluster.
- Enhanced workload identity options for Windows containers
Active Directory Group Managed Service Account (GMSA) support has moved to beta. GMSA authenticates Windows containers to allow communication with other resources including external resources. It also facilitates Service Principal Name (SPN) management, password management, and other administrative tasks. It also comes with added support for RunAsUserName that is presently in alpha. The RunAsUserName string is a part of WindowsSecurityContextOptions and specifies the Windows identity at the entry point while running containers.
API Development & Management
When it comes to APIs, this release is centered around ease of API development & management. In 1.16, there are provisions that enable APIs to self-document for developers and admins as soon as changes are made in them. This will help developers to cope with API evolution and also increase the compatibility of APIs with OpenShift and several other third-party products. Furthermore, Red Hat has made phenomenal contributions to the design, development, and implementation of CRDs in Kubernetes.
CRDs, Storage, and Networking
Kubernetes distributions, backup, and recovery of clusters use CRDs in some way or another. Developers can use CRDs to define schema and other resource components including subresources for custom resources, CRDs OpenAPI Schema, and Webhook Conversion for Custom Resources are also moving to stable. All these developments are pushing Kubernetes API language to become a common language for defining application resources.
Talking from the storage point of view, PVC Cloning that made its mark in the 1.15 release has moved to beta in this release. Such cloning requires an additional device at the backend and seamlessly duplicates the entire data volume. Also moving to beta is resizing support for CSI volumes and Inline CSI volumes. Secrets, configurations, and variations can now be injected into pods with the help of ephemeral volumes. This also helps you to conveniently debug running pods, however, it is important to note that it cannot be configured as regular containers.
From the networking aspect too, there are some significant enhancements. Kubernetes 1.16 comes loaded with IPv4/IPv6 dual-stack support. It is still in alpha but integrates IPv4 and IPv6 addresses to establish communication among different pods and services.
Endpoint slices, an alternative to endpoint resources is a feature released in alpha with an aim to increase the scalability for Kubernetes services. In the case of endpoint resources, adding and removing endpoints is a costly affair. Endpoint slices having a limit of 100 endpoints reduces the data requirement for updates.
Apart from these, there are also some additional updates in this release -
- Topology Manager, a useful Kubelet component to achieve optimized resource allocations
- Cloud Controller Manager Migration extensions
- Continued deprecation of extensions/v1beta1, apps/v1beta1, and apps/v1beta2 APIs are some of the extensions that no longer exist in the 1.16 release.
So, what are you waiting for? Get your hands on the latest release here.