The latest release of Kubernetes, version 1.14, is out with production-level support for Windows nodes and 10 enhancements moving to the stable release.
“The thing I’m most proud of is that this release has the most stable enhancements of any release of Kubernetes,” said release lead Aaron Crickenberger, senior test engineer at Google.“You have heard people talk about Kubernetes focusing on stability and maturity, and I think you’re starting to see the results of that play out with this release.”
Crickenberger gave props to Windows special interest group lead Michael Michael, Microsoft and other companies for their work on Windows nodes, an effort that began three years ago.
Now you can schedule Windows Server containers using Docker on top of Kubernetes.
“This effort really centered around modifying the Kubelet and the Kube proxy to make it so that Windows is supported as an operating system and the Docker on Windows capability is properly accounted for,” said Michael.
The second big part was around the networking infrastructure. With the addition of the Container Networking Interface (CNI), the networking infrastructure also had to work well on Windows. That involved integrating with a lot of network providers and network plugins to ensure there was a release of their CNIs that also work on Windows. That effort is ongoing.
Kubernetes 1.14 includes:
- Support for Windows Server 2019 for worker nodes and containers
- Support for out-of-tree networking with Azure-CNI, OVN-Kubernetes, and Flannel, with work continuing to include Calico as well as other popular networking providers
- Improved support for pods, service types, workload controllers, and metrics/quotas to closely match the capabilities offered for Linux containers
Most enterprises have a combination of Windows and Linux workloads, Michael said, which is driving demand for Windows support.
“If you’re an enterprise and you have both Linux and Windows apps, you don’t want to use two different orchestrators. You want to adopt cloud-native methodologies across both your ecosystems,” he said.
Among the enhancements:
- The documentation for kubectl has been rewritten with a focus on managing resources using declarative Resource Config. It’s available here as a book with a link from the main Kubernetes documentation. There’s also a kubectl logo and mascot called kubee-cuddle.
- The declarative Resource Config authoring capabilities of the kustomize YAML configuration tool are available in kubectl through the -k flag for commands like apply. Kustomize helps users write and reuse Resource Config using Kubernetes-native concepts. Documentation for these new capabilities is available here.
- The kubectl plug-in mechanism graduates to stable. It allows developers to publish their own custom kubectl subcommands as standalone binaries.
- Persistent local volumes are now GA. They make locally attached storage available as a persistent volume source.
- Process IDs (PIDs) are moving to beta. Addressing the issue of hitting the task limit and causing instability to a host machine, this capability enables administrators to provide pod-to-pod PID isolation by defaulting the number of PIDs per pod. An additional alpha feature is the ability to reserve a number of allocated PIDs to user pods.
- Pod priority and preemption enables Kubernetes scheduler to schedule work by priority and remove less important pods as needed.
- Pod Readiness Gates introduce an extension point for external feedback on pod readiness.
- Default hardening of RBAC discovery cluster role bindings. This was largely motivated by Kubernetes vulnerability identified in November. It removes discovery from the set of APIs that allow for unauthenticated access by default.
In all, the release includes 31 enhancements: 10 moving to stable, 12 in beta, and seven net new.
“The inclusion of Windows as a potential workload means we have really had to more accurately define what Kubernetes does and does not support in certain environments,” Crickenberger said.
“I believe that features such as the pod readiness gates and priority and pre-emption are going to be really helpful for people to orchestrate advanced workloads. Some applications may need very specific ways to signal whether they’re ready to handle traffic and pod-readiness gates allow that.”
The enhancements to Kubectl, provide a kube-native way of doing that through a customized sub-command that will allow them to more effectively manage resources as well as plug-ins that specify their own workloads.
Introducing Windows support into Kubernetes really forced the project to have a conversation about what generally available means, he said.
“That encouraged us to introduce a lot more formalism and process into the release process,” he said.
“I think that we have arrived at a state with Kubernetes where it would be really helpful if we documented all our expectations a little bit better. We’re calling them enhancements now instead of features. We have this whole enhancements process,” he said. “We’ve made sure that everything going into this release was measured against a consistent bar. Can you document what it means for things to be alpha or beta or stable/GA? We wanted to make sure we were reviewing in a cross-cutting manner whether API design principles are being used consistently so end users don’t have to completely relearn some way of operating things. There’s a Kubernetes way of doing things that’s applied everywhere.”
Added Michael: “This process and that maturity really gave us a way to talk to every SIG in a uniform way, set expectations right from the beginning, and let the individual SIGs operate independently and go meet those expectations by the end of the release.”
The Kubernetes Steering Committee doesn’t control direction of project, but makes sure the community is aligned on direction ahead, Crickenberger said.
“We have a sustained interest in not adding the kitchen sink to Kubernetes. We’re not interested in adding tons and tons of features, we’re interested in Kubernetes being this very stable, very well-defined, dare I say boring thing with really clear and obvious extension points. [For instance,] things like allowing dynamic extension of auditing is a clear extension point,” he said.
Going forward, he foresees more extraction from the Kubernetes core into more extensible components, with storage, with CSI, DNI and container networking, and more cloud provider work.
The Cloud Native Computing Foundation, which manages Kubernetes, is a sponsor of The New Stack.