K8s: 1.23
The Next Frontier

 Release highlights

 

  • 47 total enhancements
  • 11 stable enhancements (enabled by default)
  • 16 graduated to beta (enabled by default)
  • 19 introduced alpha features (blocked behind the flags)
  • 1 Depreciation

 

CRD Validation Expression Language

KEP-2876: https://github.com/kubernetes/enhancements/pull/2877
Common Expression Language: https://github.com/google/cel-go

  • Less complexity with implementing webhooks
  • CRD integrated inline expression language
  • Can be used beyond validation, e.g., admission and defaulting
  • Simplifies the CRD development and operation
  • More declarative CRDs
  • Adopts Common Expression language
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
...
  schema:
    openAPIV3Schema:
      type: object
      properties:
        spec:
          x-kubernetes-validator: 
            - rule: "minReplicas <= maxReplicas"
              message: "minReplicas cannot be larger than maxReplicas"
          type: object
          properties:
            minReplicas:
              type: integer
            maxReplicas:
              type: integer

IPv4/IPv6 Dual-stack
graduates to GA

https://github.com/kubernetes/enhancements/issues/563

IPv4/IPv6 dual-stack networking graduates to GA, it was already enabled by default since it was in Beta, but now the feature gates for IPv6DualStack was removed.

  • not mandatory to use the dual stack
  • prerequisites:  IPv4/IPv6 routable network in place
  • CNI that supports the dual stack must be used

PodSecurity Admission (beta)

KEP-2579: https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/2579-psp-replacement/README.md
 

  • Pod Security Policy (PSP) was deprecated in 1.21 instead of graduating to GA
  • PSP will be removed in 1.25
  • Enforces Pod Security Standards on Pods
  • Replaces PSP as k8s build in mechanism to limit creation and update of pod permissions
  • Avoids privilege escalation
  • Offers Enforcing, Audit and Warning modes

Horizontal PodAutoScaler (GA)

https://github.com/kubernetes/enhancements/blob/master/keps/sig-autoscaling/2702-graduate-hpa-api-to-GA/README.md

  •  promoted to GA and adds custom metrics

Structured Logging
(beta)

https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/1602-structured-logging

 

  • standard structure  for K8s log messages
  • adds methods to klog to enforce the standard structure
  • logs in JSON format which simplifies querying and ingestion by third party applications
  • kubelet and kube-scheduler logs have been converted
     

Ephemeral Containers
(beta)

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/277-ephemeral-containers/README.md

 

  • built in mechanism to run temporary containers for troubleshooting and debugging purposes
  • allow access to namespaces and the file systems of individual containers
     
kubectl debug -it --image=debian podName --bash

Kubelet CRI Support
(beta)

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2040-kubelet-cri/README.md

 

  • Container Runtime Interface (CRI) is a plugin interface for kubelet to select a container runtime
  • (CRI) v1 API is now default
  • dockershim is expected to be removed in 1.24

Extend kubelet pod resource assignment to return allocatable resources
(beta)

  • offers an API for node monitoring agents to know the allocatable compute resources on a node

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2403-pod-resources-allocatable-resources/README.md

CPU manager policies
(beta)

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2625-cpumanager-policies-thread-placement/README.md

  • mitigates physical CPU sharing, whereas static policy of CPU Manager offers prevention of virtual CPU sharing
  • prevents workloads from requesting cores that don't consume a full CPU by rejecting them
  • physical core is not shared between different containers
  • avoids interference with other workloads which may consume the resources of the same physical core
  • good for latency sensitive applications such as ML/AI, which requires better CPU isolation for its performance

 

Add GRPC Probe
(alpha)

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2727-grpc-probe/README.md

  • Adds gRPC support in Livenessprobe, ReadnessProbe and StartupProbe
  • requires feature gate flag to be enabled since it is in Alpha stage
    readinessProbe:
      grpc:                     #+
        port: 9090              #+
        service: my-service     #+
      initialDelaySeconds: 5
      periodSeconds: 10

Skip Volume Ownership Change (stable)

 

https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/695-skip-permission-change

  • many databases are sensitive to volume permissions and may refuse to start whenever volume being used inside pod gets mounted on different node.
  • if volume has a large number of files, performing recursive chown and chmod could be slow and could cause timeout while starting the pod
  • this feature allows volume ownership and permission change to be skipped during mount
  • https://kubernetes.io/blog/2021/12/07/kubernetes-1-23-release-announcement/
  • https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md

CHANGELOG-1.23 and Release notes

Kubernetes 1.23

By fmuyassarov

Made with Slides.com

Kubernetes 1.23

  • 246

More from fmuyassarov