The Cloud Native Computing Foundation (CNCF) have released version 1.5 of the Kubernetes container orchestration and scheduling system. Core improvements focus on beta functionality associated with deployment and scaling of stateful applications, and making it possible to perform cluster operations without disrupting applications. Alpha support has also been added for a pluggable container runtime, and Windows Server 2016 nodes and the scheduling of Windows Server Containers. Due to a potential security issue with configuration, all users are advised to skip v1.5.0 and instead use v1.5.1 which has a safer set of defaults.
The initial v1.5 release of Kubernetes primarily focused on the delivery of features labelled as 'alpha' and 'beta':
- StatefulSets (previously named “PetSets”) functionality was promoted to beta, further facilitating workloads that require persistent identity or per-instance storage to be created and managed on Kubernetes
- PodDisruptionBudget was also promoted to beta, and can be used to safely drain nodes while respecting application Service-Level Objectives (SLOs)
- Improved federation support, including a new command, ‘kubefed’, released in alpha
- Simplified cluster deployment, with further improvements to the ‘kubeadm’ command
- Alpha support for running a high-availability (HA) master setup
- This functionality replicates Kubernetes masters via ‘kube-up’ and ‘kube-down’ scripts, and is currently available on Google Compute Engine (GCE) only
- Alpha support for Windows Server 2016 nodes and scheduling Windows Server Containers and Hyper-V containers
- Introduction of the Container Runtime Initiative (CRI) API in alpha, which allows pluggable container runtimes
- An experimental Docker-CRI integration is ready for testing and feedback
- cri-o, an OCI-based implementation of the Kubernetes Container Runtime Interface that utilises runc is also available, but currently labelled as ‘pre-alpha’
- Kelsey Hightower, a Google Staff Advocate and well-known figure within the Kubernetes community, has released an open source “cri-o Tutorial” project on GitHub for developers that are keen to experiment with this functionality
- Ability to authenticate/authorize access to the Kubelet API
- The dashboard UI now shows all user facing objects and their resource usage
After the initial v1.5.0 release of Kubernetes on 12th December, a discussion in the Kubernetes-announce Google Group highlighted potential security issues with several changed configuration options that in isolation were not problematic, but in concert could result in an insecure cluster. Kubernetes v1.5.1 was released one day later to address these issues. All users are advised to skip v1.5.0 and instead use v1.5.1 which has a safer set of defaults. The remainder of this article addresses new features that were added to the initial 1.5.0 release.
StatefulSet beta (formerly known as ‘PetSet’) allows workloads that require persistent identity or per-instance storage to be created, scaled, deleted and repaired on Kubernetes. Several key safety enhancements have been made to this functionality. In order to ensure that there are never two pods with the same identity, the Kubernetes node controller no longer automatically ‘force deletes’ pods that reside on unresponsive nodes, and instead waits for one of three conditions: the kubelet confirms the old pod is terminated; a cluster-admin deletes the corresponding node; or an admin ‘force deletes’ the pod via the command line interface. An upgrade guide has been made available for operators migrating from PetSets to StatefulSets.
PodDisruptionBudget beta is an API object that specifies the minimum number or minimum percentage of replicas of a collection of pods that must be available at any time. According to the Kubernetes release notes, with PodDisruptionBudget, an application deployer can guarantee that organisational Service-Level Objectives (SLOs) are met by ensuring that cluster operations that voluntarily evict pods will never take down so many simultaneously as to cause data loss, an outage, or “unacceptable service degradation”.
Kubefed alpha is a new command line tool to assist with the management of federated clusters, making it easy to deploy new federation control planes and add or remove clusters from existing federations. Also new in cluster federation is the addition of alpha API functionality for ConfigMaps, DaemonSets, and deployments to the federation API, which allow the creation, update and deletion of these objects across multiple clusters from a single endpoint.
Windows server containers alpha provides initial support for Windows Server 2016 nodes and scheduling Windows Server Containers and Hyper-V Containers. The implementation of this functionality has been a multi-vendor effort led by Apprenda, with significant contributions by Google, Red Hat and Microsoft. In version 1.5, the Kubernetes control plane (API Server, Scheduler, Controller Manager, etc) continue to be run on Linux, while the kubelet and kube-proxy can be run on Windows Server. Networking is achieved using L3 routing, but according to the Kubernetes documentation current third-party networking plugins (e.g. flannel, calico, etc.) do not natively work on Windows Server, and therefore existing technology that is built into the Windows and Linux operating systems is relied on in order to provide core networking functionality.
Kubernetes 1.5 is available for download via GitHub and get.k8s.io. Additional information about this release can be found on the Kubernetes blog.