As promised by the Kubernetes team earlier this month, Kubernetes 1.12 now stands released! With a focus on internal improvements, the release includes two highly-anticipated features- general availability of Kubelet TLS Bootstrap and Support for Azure Virtual Machine Scale Sets (VMSS). This promises to provide better security, availability, resiliency, and ease of use for faster delivery of production based applications.
Let’s dive into the features of Kubernetes 1.12
#1 General Availability of Kubelet TLS Bootstrap
The team has made the Kubelet TLS Bootstrap generally available. This feature significantly streamlines Kubernetes’ ability to add and remove nodes to the cluster. Cluster operators are responsible for ensuring the TLS assets they manage remain up-to-date and can be rotated in the face of security events. Kubelet server certificate bootstrap and rotation (beta) will introduce a process for generating a key locally and then issuing a Certificate Signing Request to the cluster API server to get an associated certificate signed by the cluster’s root certificate authority. As certificates approach expiration, the same mechanism will be used to request an updated certificate.
#2 Stable Support for Azure Virtual Machine Scale Sets (VMSS) and Cluster-Autoscaler
Azure Virtual Machine Scale Sets (VMSS) allows users to create and manage a homogenous VM pool. This pool can automatically increase or decrease based on demand or a set schedule. Users can easily manage, scale, and load balance multiple VMs to provide high availability and application resiliency which will be ideal for large-scale applications that can run as Kubernetes workloads.
The stable support will allow Kubernetes to manage the scaling of containerized applications with Azure VMSS. Users will have the ability to integrate the applications with cluster-autoscaler to automatically adjust the size of the Kubernetes clusters.
#3 Other additional Feature Updates
- Encryption at rest via KMS is now in beta. It adds multiple encryption providers, including Google Cloud KMS, Azure Key Vault, AWS KMS, and Hashicorp Vault. These providers will encrypt data as it is stored to etcd.
- RuntimeClass is a new cluster-scoped resource that surfaces container runtime properties to the control plane.
- Topology aware dynamic provisioning is now in beta. Storage resources can now understand where they live.
- Configurable pod process namespace sharing enables users to configure containers within a pod to share a common PID namespace by setting an option in the PodSpec.
- Vertical Scaling of Pods will help vary the resource limits on a pod over its lifetime.
- Snapshot / restore functionality for Kubernetes and CSI will provide standardized APIs design and add PV snapshot/restore support for CSI volume drivers
To explore these features in depth, the team will be hosting a 5 Days of Kubernetes series next week. Users will be given a walkthrough of the following features:
Day 1 – Kubelet TLS Bootstrap
Day 2 – Support for Azure Virtual Machine Scale Sets (VMSS) and Cluster-Autoscaler
Day 3 – Snapshots Functionality
Day 4 – RuntimeClass
Day 5 – Topology Resources
Additionally, users can join the members of the release team on November 6th at 10 am PDT in a webinar that will cover major features in this release. You can check out the release on GitHub. Additionally, if you would like to know more about this release, head over to Kubernetes official blog.