Kubernetes 1.12 will be released on Tuesday, the 25th of September 2018. This updated release comes with improvements to security and storage, cloud provider support and other internal changes. Let’s take a look at the four domains that will be majorly impacted by this update.
#1 Security
Stability provided for Kubelet TLS bootstrap
The Kubelet TLS bootstrap will now have a stable version. This was also covered in the blog post Kubernetes Security: RBAC and TLS. The kubelet can generate a private key and a signing request (CSR) to get the corresponding certificate.
Kubelet server TLS certificate automatic rotation (Beta)
The kubelets are able to rotate both client and/or server certificates. They can be automatically rotated through the respective RotateKubeletClientCertificate and RotateKubeletServerCertificate feature flags in the kubelet that are enabled by default now.
Egress and IPBlock support for Network Policy
NetworkPolicy objects support an egress or to section to allow or deny traffic based on IP ranges or Kubernetes metadata.
NetworkPolicy objects also support CIDR IP blocks to be configured in the rule definitions. Users can combine Kubernetes-specific selectors with IP-based ones both for ingress and egress policies.
Encryption at rest
Data encryption at rest can be obtained using Google Key Management Service as an encryption provider. Read more about this on KMS providers for data encryption.
#2 Storage
Snapshot / restore volume support for Kubernetes
VolumeSnapshotContent and VolumeSnapshot API resources can be provided to create volume snapshots for users and administrators.
Topology aware dynamic provisioning, Kubernetes CSI topology support (Beta)
Topology aware dynamic provisioning will allow a Pod to request one or more Persistent Volumes (PV) with topology that are compatible with the Pod’s other scheduling constraints- such as resource requirements and affinity/anti-affinity policies. While using multi-zone clusters, pods can be spread across zones in a specific region. The volume binding mode handles the instant at which the volume binding and dynamic provisioning should happen.
Automatic detection of Node type
When the dynamic volume limits feature is enabled in Kubernetes, it automatically determines the node type. Kubernetes supports the appropriate number of attachable volumes for the node and vendor.
#3 Support for Cloud providers
Support for Azure Availability Zones
Kubernetes 1.12 brings support for Azure availability zones. Nodes within each availability zone will be added with label failure-domain.beta.kubernetes.io/zone=<region>-<AZ> and Azure managed disks storage class will be provisioned taking this into account.
Stable support for Azure Virtual Machine Scale Sets
This feature adds support for Azure Virtual Machine Scale Sets. This technology lets users create and manage a group of identical load balanced virtual machines.
Add Azure support to cluster-autoscaler (Stable)
This feature adds support for Azure Cluster Autoscaler. The cluster autoscaler allows clusters to grow as resource demands increase. The Cluster Autoscaler does this scaling based on pending pods.
#4 Better support for Kubernetes internals
Easier installation and upgrades through ComponentConfig
In earlier Kubernetes versions, modifying the base configuration of the core cluster components was not easily automatable. ComponentConfig is an ongoing effort to make components configuration more dynamic and directly reachable through the Kubernetes API.
Improved multi-platform compatibility
Kubernetes aims to support the multiple architectures, including arm, arm64, ppc64le, s390x and Windows platforms. Automated CI e2e conformance tests have been deployed to ensure compatibility moving forward.
Quota by priority
scopeSelector can be used to create Pods at a specific priority. Users can also control a pod’s consumption of system resources based on a pod’s priority.
Apart from these four major areas that will be upgraded in Kubernetes 1.12, additional features to look out for are
Arbitrary / Custom Metrics in the Horizontal Pod Autoscaler, Pod Vertical Scaling, Mount namespace propagation, and much more!
To know about all the upgrades in Kubernetes 1.12, head over to Sysdig’s Blog
Read Next
Google Cloud hands over Kubernetes project operations to CNCF, grants $9M in GCP credits
VMware Kubernetes Engine (VKE) launched to offer Kubernetes-as-a-Service