PodCTL - Enterprise Kubernetes

Reviewing Kubernetes 1.12 Updates

October 03, 2018 Brian Gracely & Tyler Britten
PodCTL - Enterprise Kubernetes
Reviewing Kubernetes 1.12 Updates
Show Notes

Show: 51

Show Overview:
Brian and Tyler talk about updates to Kubernetes v1.12
Show Notes:

Topic 1 - Kubelet TLS Bootstrap moves to GA - simplify how nodes are securely added/removed into a cluster. As an add-on,  server certificate rotation functionality moves into beta, and this will be tied in with Cluster Operators and Application Operators.

Topic 2 - Azure Virtual Machine Scale Sets (VMSS) and Cluster-Autoscaler is Now Stable

Topic 3 - On the network security front, two NetworkPolicy components graduate to GA: egress and ipBlock.

Topic 4 - Multi-Tenancy: In this release comes the ability to support priority on the various resource quotas via the new ResourceQuotaScopeSelector feature. This enhances the existing priority and preemption feature that was delivered in Kubernetes 1.11.

Topic 5 - CSI now supports the notion of topology awareness and this functionality moves to beta in Kubernetes 1.12. What this means is that stateful workloads can now have a conceptual understanding of where storage resources live, whether it be a rack, datacenter, availability zone, or region.

Topic 6 - Kubectl Plugins: With kubectl plugins, developers can engineer extensions to kubectl, which accommodate their administration scenarios, while not being baked into the core kubectl codebase. This is going to allow teams to develop and deliver kubectl functionality faster and in a more consistent manner. (example: OpenShift “oc commands”) Topic 7 - Let’s discuss the upgrading process of Kubernetes (again).

Other noteworthy features:

  • Snapshot / restore functionality for Kubernetes and CSI is being introduced as an alpha feature. This provides standardized APIs design (CRDs) and adds PV snapshot/restore support for CSI volume drivers. 
  • Improvements that will allow the Horizontal Pod Autoscaler to reach proper size faster are moving to beta. 
  • Vertical Scaling of Pods is now in beta, which makes it possible to vary the resource limits on a pod over its lifetime. In particular, this is valuable for pets (i.e., pods that are very costly to destroy and re-create). 
  • Encryption at rest via KMS is now in beta. This adds multiple encryption providers, including Google Cloud KMS, Azure Key Vault, AWS KMS, and Hashicorp Vault, that will encrypt data as it is stored to etcd.