Kubernetes 1.8 - A Focus on Maturity, Security, and Process
Kubernetes 1.8 is here! 1.8 marks the 3rd major release of Kubernetes this year. This release is focused on adding maturity and process to Kubernetes and looking towards making Kubernetes a sustainable project in the years to come. There are plenty of new enhancements and exciting new features. Let’s dive right in!
Security enhancements
Released to beta in 1.6, RBAC is now stable in Kubernetes 1.8. This means that cluster administration for Kubernetes admins is now much easier. Admins are now able to define roles and permissions dynamically and enforce access policies via the Kubernetes API itself without the need to reboot the cluster for the changes to take effect.
Other security enhancements include the addition of beta support for filtering outgoing traffic from a pod. This, alongside the existing support for filtering inbound traffic, is a powerful way' to achieve regulatory and organizational security requirements. RBAC, together with inbound and outbound Network policies, will make Kubernetes cluster admins’ lives much easier when it comes to meeting regulatory security requirements.
In addition to the outgoing traffic filtering, Transport Layer Security (TLS) certificate rotation now enters beta. The addition of this feature allows Kubernetes admins to run a much more secure cluster by allowing easy certificate rotation.
Advanced Auditing is now in beta. This feature brings in formatted audit logs, policies to control what’s audited, and a webhook to send events to external services. In addition, audit events can now be configured to include entire request payloads and be aggregated in a central location.
Support for Multiple workload types
Also promoted to beta in the 1.8 release are the Workload APIs. These APIs provide the abstractions required to manage the applications deployed to Kubernetes. There are four kinds:
- DaemonSets manage the complexity of running a Pod on all nodes or a subset of nodes based on user-specified criteria.
- A ReplicaSet provides a basic high availability primitive to ensure a specified number of copies of a Pod are running.
- The Deployment controller enables declarative updates to Pods and ReplicaSets, providing critical functionality such as canaries and rolling deployments.
- A StatefulSet is one mechanism for supporting Pods that require persistence by imbuing them with a unique identity to enforce ordering and persistent volume access guarantees.
What is exciting about the WorkLoad APIs is that they allow for a stable foundation for migrating existing workloads to Kubernetes while at the same time allowing for the development of cloud-native applications that target Kubernetes natively. Good news for people looking to run big data workloads as Kubernetes 1.8 has native support for Apache Spark!
The graduation of CronJobs to beta makes it easier to run batch workloads and one-off timed jobs like nightly ETL jobs.
Custom Resource Definitions that replaced Third Party Resources in 1.7 will remain in beta. CRDs provide Kubernetes users with a powerful way to extend the Kubernetes API with user-defined API objects. We should see a lot of movement in this space to automate complex stateful applications like database engines and key-value stores through CRDs via the operator pattern.
Kubernetes 1.8 is now available for download on GitHub. Have a go at it!