Kubernetes release team announced the v1.19 release last week. The second and longest Kubernetes release of 2020 despite COVID19 and other events. Kubernetes 1.19 introduces various changes and enhancements with its extended-release cycle which emphasizes Kubernetes’ maturity and readiness to deliver. This release consists of a total 34 improvements (10 stable, 15 beta, and 9 alpha). These updates and enhancements include some prominent general availability feature promotions, security upgrades (TLS 1.3 support), and improvements to fix the technological debt. The logo “Accentuate the Paw-sitive” taken as a release theme for Kubernetes v1.19 as it has a positive outlook.
What is Kubernetes?
Kubernetes is an open-source container orchestration system that is for automatic application deployment and its management. Kubernetes name came from a Greek word which means pilot or helmsmen. It also pronounced as Kate’s (k8s). Kubernetes is an evolution from Borg (cluster management system). It was originally designed by Google but later on, was handed over to Cloud Native Computing Foundation for its maintenance.
The aim of k8s is to provide its users with automatic deployment and operations of their application containers across a cluster of hosts. Many cloud services like Azure, AWS, IBM, GCP provide Kubernetes based platform or infrastructure as a service. In which the Kubernetes can be deployed and operated as a platform providing service.
Features of Kubernetes
- The system has automated scheduling and self-healing capabilities.
- It also has a system of automated rollouts and rollbacks, horizontal scaling, and load balancing.
- The system also offers an environment consistency of development, testing, and production.
- You can also create predictable infrastructure on the system that is auto-scalable.
- It also provides a higher density of resource utilization and enterprise-ready features to its users.
- Other features like Service Discovery, Secret Management, Storage Orchestration, and Load balancing.
Architecture of Kubernetes
The architecture of Kubernetes can be divided into parts/components that handle the management of an individual node and the parts that are included in the control plane. The main components of Kubernetes are : kube-controller-manager, kube-apiserver, kube-schedular, etcd, kubelet and kube-proxy.
What’s New in Kubernetes 1.19?
The latest Kubernetes release, Kubernetes v1.19, has been regarded as an Accentuate the Paw-sitive by developers and users alike. The developers have put significant effort and hard work to stabilize beta versions by improving it so that the users have a better experience.
Here is list of new features and changes in Kubernetes version 1.19
Extended Support Window
From Kubernetes version 1.19 onwards, a patch with minor releases for fixing the bug support window will be extended from 9 months to one year.
Storage capacity tracking
Earlier, the additional persistent storage is available anywhere in the Kubernetes cluster and has infinite capacity. But until now the pod scheduling was still performed without realizing that the available storage space might not be enough to start a new pod. Storage Capacity Monitoring, a new alpha feature, solves this by adding an API to the CSI driver. They monitor storage space and use that information in the Kubernetes Scheduler when selecting a pod node.
Generic ephemeral volumes
The new generic ephemeral volume alpha function allows any existing storage driver that supports dynamic provisioning to be used as an ephemeral volume with a volume lifecycle attached to the Pod. Read More on it here.
CSI Volume Health Monitoring
This feature allows CSI Drivers to share irregular volume conditions with Kubernets from the underlying storage systems so that they can be identified as PVC or Pod incidents.
Until 1.19, logging in the Kubernetes control plane did not guarantee a consistent structure for log messages and references to Kubernetes artifacts in those logs. This makes it impossible to incorporate and sustain some analytical approaches based on those logs.
New klog methods
This release of Kubernetes adds new methods to the klog library that include a more organized framework for formatting log messages. This approach allows for the gradual implementation of standardized logging without migrating all Kubernets to a new API at one time.
Client TLS certificate rotation for kubelet
Since Kubernetes v1.8, the clusters have provided a (beta) mechanism for acquiring the initial certificate / key pair. Moreover, rotating it as the certificate expires. In Kubernetes v1.19, these graduates are too stable.
Ingress graduates to GA
In v1.19, Ingress graduates at general availability and is present in the v1 APIs for networking. There are some key differences in v1 Ingress objects as part of this milestone including improvements in schema and validation. For instance, the field ‘pathType’ no longer has a default value and has to be set.
seccomp graduates to GA
Seccomp is a secure facility for limiting system calls that applications can make in the Linux kernel. In 1.19, seccomp graduates to GA with the addition of a new ‘seccompProfile’ area to the securityContext objects pod and container.
TLS 1.3 support
Kubernetes 1.19 tackles one of the guidelines arising from last year’s Kubernetes security audit and provides support for new TLS 1.3 ciphers that can be used for Kubernetes.
Running the ‘kubectl alpha debug’ command that is now available in alpha will create and run a new pod that runs inside host OS namespaces and can be used to troubleshoot nodes. This makes it possible for a user to examine a running pod without restarting it and without accessing the container itself.
Admission webhook warnings
With this, webhooks on admission can now return non-fatal alerts to request-making API clients. This enhancement is to encourage the identification of problematic API use by users and cluster administrators, including the use of deprecated APIs from clients such as kubectl.
Other notable changes
- A recent 1.19 update was implemented to automatically change the weight of the topologies and to better differentiate between nodes and zones, resulting in more balanced results due to constraints.
- Default enablement of new EndpointSlices APIs
- Production images moved to a community-controlled storage bucket.
- Beta Graduation of KubeSchedulerConfiguration
- Beta Graduation of Immutable Secrets/ConfigMaps feature
- CertificateSigningRequest API updates
Several older versions of the beta API will not be existing in version 1.19 and will be disabling in version 1.22. We will have a follow-up update as this means that 1.22 will definitely end up being a release for many end-users.
For complete list of new features and updates you can read v1.19 change log on github.
Vulnerabilities fixed in Kubernetes v1.19
3 medium severity vulnerabilities fixed as a part of v1.19 release.
- New Kubernetes API Server Vulnerability Enables Escalation of Privileges [CVE-2020-8559]
- New Kubernetes Node Storage-based DoS Vulnerability [CVE-2020-8557]
- update golang.org/x/crypto to fix CVE-2020-9283
Kubernetes adoption growing rapidly day by day. Many big companies like Tinder, Reddit, Airbnb, Pinterest started using Kubernetes. Also, Companies like Ericsson is using Kubernetes to deliver high demanding 5G networks. That will result in up to 90 percent CI/CD savings.
The Kubernetes comes as a result of the hard work of thousands of contributors, developers, and users around the world who joins together and works together on the system. Kubernetes is driving the transition away for traditional client-server technology by making cloud-native application development simpler, quicker, and better. Kubernetes is surely the next big thing in the cloud-agnostic market.