Contributed / Op-Ed / Technology / Top Stories /

All the Fun in Kubernetes 1.9

9 Jan 2018 9:00am, by

Documentation is still coming together for the latest version, Kubernetes 1.9, but we’re seeing a lot of new features being introduced into alpha and beta channels. Those interested in Amazon’s new Kubernetes offering, for instance, will be happy to see AWS Network LoadBalancer support entering alpha. Changes like this bring Amazon ever closer to competing with Google Cloud’s Kubernetes service.

Of course, Kubernetes is a collaborate effort with 1.8’s release led by Microsoft and 1.9 backed by Google. In 1.9, we have three features entering stable, and 35 entering alpha/beta. The highlight from this release is really around storage metrics.

Detailed Storage Metrics

This new feature exposes information on mounts, space, failed attachments and lots more. For anyone dealing with persistence, this will be a welcome change. In fact when I asked Special Interest Group (SiG) members what they were most excited about, storage was at the top of the list.

Short Circuit Deny

Dan Garfield
Dan Garfield is a Full-Stack Engineer and VP of Marketing at Codefresh, the world’s first continuous delivery platform built for Kubernetes and containers. He’s an old-school cool hacker nostalgic for Super Mario, BBSes, and 80’s Scifi. Ask him about his robo-chicken coop and come see Dan speak at Kubecon 17 in Austin. You can find him on twitter as @todaywasawesome.

One move to bolster security is the addition of short circuit deny. Kubernetes works off a deny by default permission model. Unless some specific authorizer allows something, it will be denied. This can create unintended consequences if you want to deny something that some other configuration authorizes. With short circuit deny, you can set a policy to disallow some action and it will override any subsequent authorizers from allowing that action.

If that’s confusing, think of it like when you were a kid and you wanted ice cream. First, you ask your Mom, she says no, then you go ask your Dad, he says yes. Then all of the sudden you’re in the kitchen eating ice cream while your Mom gives Dad the stink eye. Short circuit deny means that when Mom says no, Dad doesn’t even get a chance to give his opinion. While it might be bad for kids trying to hack their way to ice cream, it’s great for security (and insulin levels).

Workload API

Workloads are the heart of Kubernetes and the API has been under furious development for months now. Moving the API to stable means more regularity and uniformity from core controller APIs like “Deployment,” “DaemonSet,” “ReplicaSet” and “StatefulSet.” The goal here is to continue to make Kubernetes easy to work with.

Windows Support Moves to Beta

Kubernetes, which is managed by the Cloud Native Computing Foundation, will be the first fully functional cross-platform cluster manager and will make a lot of Windows admins very happy to be able to run all their Windows-based containers.

Conclusion

Kubernetes 1.9 boils down to better security, more maturity in the API and increased support between cloud providers. The commitment from the ecosystem is in full display. While Google and Red Hat led with the most contributions, we also saw lots of activity from the community with individual contributors and companies like Heptio, Huawei, Cisco and Apprenda.

To get more detail on all the changes in 1.9, check out the feature tracking board.

The Cloud Native Computing Foundation, Google, Microsoft, and Red Hat are sponsors of The New Stack.

Feature image via Pixabay.


A digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.