Cloud Native / Containers / Kubernetes / Contributed

Kubernetes 1.20 Enhances the Operator Experience and Brings New Features to the Container Runtime

28 Dec 2020 11:36am, by

Hillary Benson
As Head of Product at StackRox, Hillary Benson is responsible for product strategy, product design, and product management. She has over 10 years of experience in the security industry and intelligence community. Prior to StackRox, she led teams in executing technical intelligence collection missions for the National Security Agency and spent time as a red team operator and security engineer in private industry. Hillary holds an M.A. in Security Studies from the Georgetown University Walsh School of Foreign Service and an S.B in Management Science from MIT.

Kubernetes 1.20 was unveiled to the community early this month with 42 new and updated feature enhancements. As the team behind Kubernetes continues to fuel its rapid pace of development in Kubernetes with new innovations, the release of version 1.20 reflects the evolution of the Kubernetes platform with an update to key technologies, such as the container runtime, and improving the end user and operator experience.

Out of the 42 new features in Kubernetes 1.20, 16 are released in alpha, 15 features graduated to beta, and 11 have graduated to stable. Users will be glad to see a number of key feature enhancements that include graceful node system shutdown, kubectl debug, PID limits, updates for CronJobs, IPv4/IPv6 dual stack support, volume snapshot operations, and more. It’s also worth pointing out that significant changes are coming to Docker runtime deprecation and a fix for kubelet exec probe timeouts has been made.

Feature Enhancement: Graceful Node Shutdown

Among the many user-friendly feature updates in Kubernetes 1.20, the graceful node shutdown feature, now in alpha, improves pod termination by ensuring the kubelet is aware of node system shutdowns. Operators should have less to troubleshoot and debug now that this feature has been enhanced to allow for the kubelet to be aware of node system shutdown, therefore improving the pod termination.

Feature Enhancement: Process ID Limiting

Process ID (PID) limits have graduated to GA and no longer require users to configure SupportNodePidsLimit. This improvement adds support for configuring the kubelet to limit the number of PIDs that can be utilized by an individual pod. This will limit their impact on other pods on a node and ensure application pods do not result in PID exhaustion, which prevents host daemons, such as the container runtime or Kubelet, from running. There is also the added security benefit that it could prevent bad processes, such as a crypto mining app, from consuming too many resources.

Feature Enhancement: CronJobs

CronJobs has been updated to address scalability and other issues with the goal of graduating this to stable in either version 1.21 or 1.22. In order to try the new implementation the CronJobControlerV2 feature flag must be enabled. The feature, which was introduced in version 1.4, continues to be widely used, even in production environments, but it is yet to advance to stable status.

Feature Enhancement: IPv4/IPv6 Dual Stack Support

Kubernetes first added support for assigning IPv4 or IPv6 addresses to pods and services, instead of entire clusters, in version 1.16. A number of updates have been introduced in version 1.20, and as a result, this feature still remains in alpha. Native support for dual stack mode is very important and will deliver several benefits to accommodate different types of Kubernetes workloads, but expect that it will take some time before this feature moves into beta.

Feature Enhancement: Volume Snapshot Operations

Volume snapshots has graduated to stable as Kubernetes has successfully figured out how to provide the appropriate primitives to enable more advanced storage use cases that leverage snapshots. In version 1.20, the feature provides a standard way of creating and managing operations for volume snapshots as a reliable mechanism for data restore.

Notable Change: Docker Runtime Deprecation

It’s critical that users know that Docker runtime support will be removed from Kubernetes in the next few releases – likely 1.22. Many Kubernetes platforms, such as Azure Kubernetes Service (AKS) and Red Hat OpenShift, have already moved to other container runtimes such as containerd and CRI-O so they can remain compliant with the Container Runtime Interface (CRI) for Kubernetes. Docker runtime is not compliant with CRI for Kubernetes. Furthermore, Dockershim, the tool that Kubernetes currently needs to use containerd, will be removed in either 1.22 or a future release.

It’s important to note that Docker images, which are separate from Docker runtime, can continue to be used with any CRI-compliant runtimes – this is because Docker images adhere to the standardized Open Containers Initiative (OCI) format. Users running open source Kubernetes on their own clusters should begin to adjust to this docker runtime deprecation. However if using a managed distribution Kubernetes service such as OpenShift, providers will likely help to verify there is no impact to the environment when turning off the Docker runtime.

Notable Change: Fix for Kubelet Exec Probe Timeouts

Kubelet exec probe timeouts have been a longtime bug finally fixed in 1.20. Exec probes will now respect the field timeoutSeconds and default to a value of one second if no value is specified. This can require updates to current pod specifications as previously probes would run indefinitely.

For now, you don’t have to check pod definitions immediately. It’s possible to revert to previous behavior by configuring the new feature gate ExecProbeTimeout to false. However, this feature gate will be removed in a future release.

Other Updates

In version 1.20, API priority and fairness has graduated to beta and with that, the feature is now enabled by a default and will help manage requests. The EndpointSlice API also underwent additional changes. Version 1.20 graduated support for third-party device monitoring plug-ins to stable as well. This makes it possible to gain insight into container-level metrics for devices provided by device plug-ins.

The Future of Kubernetes

We continue to see the rapid increase of Kubernetes deployments in production – these latest features will likely further accelerate that adoption. As Kubernetes becomes increasingly functional for its users, it is cementing itself as the backbone of containerization, and in many cases, digital business. For additional information on Kubernetes 1.20, please check out the official release notes for a complete list of changes.

Red Hat is a sponsor of The New Stack.

Feature image by Irenna86 de Pixabay.

The New Stack is a wholly owned subsidiary of Insight Partners. TNS owner Insight Partners is an investor in the following companies: MADE, Docker.

A newsletter digest of the week’s most important stories & analyses.