Kubernetes 1.27 Arrives
AMSTERDAM — A few days before KubeCon Europe, the Kubernetes Release Team announced the release of Kubernetes 1.27, Chill Vibes. the first release of 2023. This edition includes 60 enhancements, with 18 entering Alpha, 29 graduating to Beta, and 13 graduating to Stable.
A major theme of this release is the improvements made to manage the release. The result was a calmer release than usual. As someone who has gone through more than his fair share of major updates, calmer ones are better.
That doesn’t mean that there weren’t major changes. There were. The biggest, everyone at KubeCon agreed, is that the community-owned registry, registry.k8s.io, has replaced the old image registry, k8s.gcr.io. This older one will be frozen. That means there will be no further images for Kubernetes, and related sub-projects published to the old registry. For more on what this means in practice, be sure to check out k8s.gcr.io Redirect to registry.k8s.io — What You Need to Know.
In addition, contributors should update their manifests and Helm charts to use the new registry. End users should note that the Kubernetes v1.27 release will not be published to the k8s.gcr.io registry, and patch releases for v1.24, v1.25, and v1.26 will no longer be published to the old registry after April. You can increase the reliability of their clusters and remove dependency on the community-owned registry by hosting local image registry mirrors. Some cloud vendors may offer hosted solutions for this purpose.
Another big change is SeccompDefault is now stable. With this, your Kubernetes containers will now default to seccomp. This Linux kernel feature restricts executable processes to a small number of system calls. The net result will be your containers will be more secure.
Mutable scheduling directives for Jobs is also now stable. With this, you can give job scheduling directives before they start. This gives custom queue controllers the ability to influence pod placement while at the same time offloading actual pod-to-node assignment to kube-scheduler.
Beta and Other Changes
A beta change that looks promising. ReadWriteOncePod PersistentVolume access mode for PersistentVolumes (PVs) and PersistentVolumeClaims (PVCs) enables you to restrict volume access to a single pod in the cluster. This ensures that only one pod can write to the volume at a time. In short, this is another step forward in making stateful workloads easier to work with in Kubernetes clusters.
There are other significant changes — aren’t there always with any Kubernetes release? — but these are the ones that caught my eye.
You can start using Kubernetes 1.27 today. It’s available for download on GitHub. To get started with Kubernetes, you can run local Kubernetes clusters using minikube, kind, etc. You can also easily install v1.27 using kubeadm.
But, pay attention now, before you can upgrade an existing cluster, the IPv6DualStack feature gate for external cloud providers has been removed. If you were still manually enabling it, you must stop now. They’re not kidding. There are other changes listed in that link you’ll need to be aware of as well.
Check back often this week for all things KubeCon+CloudNativeCon Europe 2023. The New Stack will be your eyes and ears on the ground in Amsterdam!