This week Kubernetes announced its third release of the year, version 1.12. As with all new versions, 1.12 adds improvements and graduating stability. This release also introduces new security features, support for Azure Virtual Machine Scale Sets (VMSS), and Kubelet TLS Bootstrap.
This week Kubernetes announced its third release of the year, version 1.12. As with all new versions, 1.12 adds improvements and graduating stability. This release also introduces new security features, support for Azure Virtual Machine Scale Sets (VMSS), and Kubelet TLS Bootstrap.
As we’ve said in the past, Kubernetes is an orchestration system for Docker Containers. Kubernetes manages workloads ensuring that their state matches their intention. Every quarter there is a new version release bringing the technology closer to its goals. This update continues the trend with new features that will lead to increased security, availability, resiliency, and ease of use.
Since 1.4, Kubernetes has had an API for requesting certificates from a cluster-level Certificate Authority (CA). This was setup so TLS client certificates for kubelets could leverage the API to enable provisioning. Kubelets can now be bootstrapped to TLS-secured clusters while automating provisioning and distribution of signed certificates.
The other big announcement was support for Azure VMSS. VMSS allow users to create and manage a homogenous VM pool that can automatically increase or decrease based on demand or a set schedule. This means users are able to manage, scale, and load balance several VMs at once leading to higher availability and better application resiliency, ideal for large-scale applications that in turn are ideal for being run as Kubernetes workloads. Kubernetes now supports the scaling of containerized applications with Azure VMSS, including the ability to integrate it with cluster-autoscaler to automatically adjust the size of the Kubernetes clusters based on the same conditions.
Other updates include:
- RuntimeClass is a new cluster-scoped resource that surfaces container runtime properties to the control plane being released as an alpha feature.
- Snapshot / restore functionality for Kubernetes and CSI is being introduced as an alpha feature. This provides standardized APIs design (CRDs) and adds PV snapshot/restore support for CSI volume drivers.
- Topology aware dynamic provisioning is now in beta, meaning storage resources can now understand where they live. This also includes beta support to AWS EBS and GCE PD.
- Configurable pod process namespace sharing is moving to beta, meaning users can configure containers within a pod to share a common PID namespace by setting an option in the PodSpec.
- Taint node by condition is now in beta, meaning users have the ability to represent node conditions that block scheduling by using taints.
- Arbitrary / Custom Metrics in the Horizontal Pod Autoscaler is moving to a second beta to test some additional feature enhancements. This reworked Horizontal Pod Autoscaler functionality includes support for custom metrics and status conditions.
- Improvements that will allow the Horizontal Pod Autoscaler to reach proper size faster are moving to beta.
- Vertical Scaling of Pods is now in beta, which makes it possible to vary the resource limits on a pod over its lifetime. In particular, this is valuable for pets (i.e., pods that are very costly to destroy and re-create).
- Encryption at rest via KMS is now in beta. This adds multiple encryption providers, including Google Cloud KMS, Azure Key Vault, AWS KMS, and Hashicorp Vault, that will encrypt data as it is stored to etcd.
Availability
Kubernetes 1.12 is available now on GitHub.
Sign up for the StorageReview newsletter
