Kubernetes 1.4 has been released this week with new features that improve Dev and Ops experience, simplify cluster deployment, certificate handling, networking, security, and application deployment. Additionally, the release expands cluster federation capabilities, improving deployment across multiple clusters and multiple clouds.
While a host of new features have been added, one of the main objectives of this release has been to simplify cluster deployment in the face of the variety of different installation solutions and tools available for Kubernetes.
Installation and usability
- OS packages for apt-get and yum installations for major Linux distributions including for Red Hat and Ubuntu are available.
- The new kubeadm command reduces cluster bootstrapping to two commands independent of the type of infrastructure: public, private, or bare metal. Similarly to docker swarm since version 1.12, kubeadm init starts the master while kubeadm join adds the nodes to the cluster.
- DaemonSets make sure that selected nodes in the cluster run one copy of a Pod. In this way overlay network add-on deployments can be reduced to one kubectl apply command.
- A new certificates API simplifies securing networking by enabling kubelet TLS bootstrapping.
- Kubernetes Dashboard UI now supports 90% CLI functionality.
Stateful applications
- ScheduledJobs run batch jobs at a specific time or repeatedly at regular intervals using cron notation.
- Init-containers run one or more containers before starting the main Pod. They can be used for sequencing dependencies when starting a multi-tier app.
- Clusters can now dynamicly provision volumes for PersistantVolumeClaims based on the new Storage Class API object.
- Common stateful applications such as Drupal, Wordpress, and Jenkins are available as Helm charts for simple one-command launches using version 2 of the Helm Package Manager.
Federation
- Federated Replica Sets control replicas can now span clusters enabling cross-region or cross-cloud replication. Replicas created in this way are spread equally across clusters.
- Federated Ingress uses a L7 globally load balanced VIP that spans services deployed across a federation of clusters, currently only supported in the GCP (Google Cloud Platform). External clients targeting that address are sent to the closest region or zone of the federation with usable capacity.
- Federation API now includes secrets, events and namespaces.
Security
- Container Image Policies can be used to restrict Pod deployment based on image requirments, such as for example allowing only specific base images.
- AppArmor is supported, enabling administrators to secure Pods, and provide auditing and monitoring.
- Pod Security Policies control the creation and validation of security contexts for pods/containers.
Infrastructure
- Inter-pod affinity and anti-affinity enable co-locatation or spreading of pods.
- Priority scheduling capability for cluster add-ons such as DNS, Heapster, and Dashboard is available.
- Pod Disruption Budget was introduced to limit impact of pods deleted by cluster management operations (node maintenance).
- New volume plugins for Quobyte and Azure Data Disk have been added.
- Swagger 2.0 support has been added, enabling non-Go clients.
Before moving to 1.4, administrators should follow required actions documented in the change log. Administrators interested in upgrading a running version should additionally study the experimental upgrade.sh.
Kubernetes is currently gaining significant adoption in many organisations, professional support as well as dynamic contribution to development: over 900 contributors wrote more than 5,000 commits for Release 1.4. Some of Kubernetes’ production features such as Multi AZ support and well structured documentation are still under development: out of the 27 features listed in this release’s change log, 21 are marked as Beta or Alpha.
In addition to version 1.4, a bug fix 1.3.8 was released this week.