The Cloud Native Computing Foundation (CNCF) released Kubernetes 1.27 with the name "chill vibes". The release has new features, such as In-place Update of Pod Resources, Limit of Parallel Image Pulls, and Multiple Service CIDRs.
There are also several beta features included in the release, such as the automatic removal of Persistent Volume Claims (PVCs) created by StatefulSets, the addition of a new subresource flag to kubectl commands, and Component Health SLIs.
Several features have been marked generally available or stable, such as a freeze on the legacy container image registry k8s.gcr.io, default usage of seccomp profiles, and support of OpenAPI v3.
In version 1.27, the SecurityContextDeny admission plugin is deprecated, and the Azure disk in-tree storage plugin is removed.
In the new release, there is a freeze on the usage of the legacy container image registry hosted on a custom Google Container Registry. Since March 20th, traffic from k8s.gcr.io has been redirected to the community-owned registry.k8s.io with the intention of sunsetting k8s.gcr.io. The change should provide users with high availability and reduced latency by hosting the community container registry on multiple cloud providers instead of a single entity.
Xander Grzywinski, from the release team and senior product manager at Microsoft, commented on this particular feature:
I know we have been talking a lot about this throughout the whole release cycle and I’m sure some folks are tired of hearing about it but it bears mentioning again. The 1.27 images are not going to be published to the old registry. Any requests to the old registry will be redirected to the new one, but if you’re behind a proxy, there’s work needs to be done.
In-place Update of Pod Resources has been introduced to allow changing container resource requests and limits without having to restart a pod. This is turned off by default, allowing users to specify whether a restart is required in the container’s field resizePolicy.
Mark Rossetti, from the release team and principal software engineer at Microsoft, commented on this:
A lot of people have been waiting for this feature. With this functionality, you can add or subtract resources to containers without needing to restart them. This will help a lot of workloads scale faster and with fewer interruptions.
Also in the new release, a limit can be set on the number of parallel image pulls by the kubelet to avoid consuming too much network bandwidth and disk that can degrade the cluster's performance.
In addition, no size limitations are associated with the service-cluster-ip-range field regarding internal IP addresses of services CIDRs. This is turned off by default, and it enables users to easily inspect the IP addresses assigned to services.
StatefulSet PVC Auto-Deletion moved to beta in version 1.27 and turned on by default. In the past, when a StatefulSet was deleted, the associated PVCs and the underlying volumes were retained. This generated manual work and caused incurring costs of unused storage.
To fetch and update subresources for all API resources, the –subresource flag is added to kubectl in beta, which allows fetching and updating the status and scale of subresources. More subresources will be added in the coming releases.
The SLIs metrics for Kuberetes components graduated to beta, allowing users to monitor and measure the availability of Kubernetes internals. Two metrics types will be exposed for each component: gauge and counter.
Enabling a secure computing mode (seccomp) profile by default was flagged as stable in this release. To use seccomp profile defaulting, operators must run the kubelet with the --seccomp-default command line flag enabled for each node where they want to use it. This feature improves the security of Pod containers in Kubernetes by executing them with a seccomp profile which restricts allowed system calls.
Support for OpenAPI v3, a language-agnostic standard interface to APIs, became generally available and enabled by default. This allows Kubernetes to publish a description of APIs in the OpenAPI v3 format.
Kubernetes is an open source container orchestration software for deploying and managing containerized applications at scale.
According to the release notes, Kubernetes version 1.27 has 60 enhancements, including 18 entering alpha, 13 becoming generally available or stable, and 29 graduating to beta. In addition, 14 features are being deprecated or removed.
CNCF held a webinar on April 14, 2023, to discuss the changes from the release team.