Published 2023-08-20 10:24:31
Kubernetes v1.28: Noteworthy Updates and Improvements
Introduction
In this article we'll explore some interesting features introduced in Kubernetes version 1.28.
This article focuses on features across various Special Interest Groups (SIGs) including Node, Storage, Network, and Security. But remember, these are the features that I find particularly interesting among a lot of other enhancements.
Node
| KEP ID | Name | Description | SIG Group | Stage | Default |
|---|---|---|---|---|---|
| #3063 | Dynamic Resource Allocation | Pods can define resources beyond CPU and memory | sig-node | alpha:v1.26 beta:v1.29 stable:v1.31 |
false |
| #127 | Support User Namespaces in Pods | Processes in pods can run with a different user than in the host | sig-node | alpha:v1.25 | false |
| #2400 | Kubernetes nodes support swap memory on Linux. | Node system swap support | sig-node | alpha:v1.22 beta:v1.28 stable:TBD |
true |
| #3673 | Kubelet Limit of Parallel Image Pulls | Control over parallel image downloads | sig-node | alpha:v1.27 beta:v1.28 stable:v1.29 |
true |
| #2403 | Extend the podresources API to report the allocatable compute resources | Fetch information on allocatable compute resources | sig-node | alpha:v1.21 beta:v1.23 stable:v1.28 |
true |
| #2268 | Non-graceful Node Shutdown | Prepare for a shutdown and terminate pods gracefully |
sig-node sig/storage |
alpha:v1.24 beta:v1.26 stable:v1.28 |
true |
| #4009 | Add CDI Devices to Device Plugin API | Device plugin authors can forward requests to container runtimes | sig-node | alpha:v1.28 beta:v1.29 stable:v1.30 |
false |
| #753 | sidecar support | Kubernetes introduces the built-in support for sidecar containers pattern. | sig-node | alpha:v1.28 | False |
Storage
| KEP ID | Name | Description | SIG Group | Stage | Default |
|---|---|---|---|---|---|
| #1790 | Support Recovery From Volume Expansion Failure | Recover from a failure when expanding a volume | sig-storage | alpha:v1.23 | false |
| #3762 | PersistentVolume Last Phase Transition Time | Persistent volume status contains a lastPhaseTransitionTime field | sig-storage | alpha:v1.28 beta:v1.29 stable:v1.31 |
false |
| #3333 | Retroactive Default StorageClass Assignment | Apply default StorageClass to PVCs without a defined class | sig-storage | alpha:v1.25 beta:v1.26 stable:v1.28 |
true |
Security
| KEP ID | Name | Description | SIG Group | Stage | Default |
|---|---|---|---|---|---|
| #3488 | CEL for Admission Control | Introduce CEL to write conditions for admission policies | sig-api-machinery | alpha:v1.26 beta:1.28 |
|
| #3299 | KMS v2 Improvements | KMS v2 in Kubernetes: Enhanced performance, seamless key rotation, and improved observability; | sig-auth | alpha:v1.25 beta:v1.27 stable:v1.29 |
|
| #3325 | Review attibutes of a current user | Auth API in Kubernetes: Enables users to verify their attributes and permissions, enhancing user management security | sig-auth |
Network
| KEP ID | Name | Description | SIG Group | Stage | Default |
|---|---|---|---|---|---|
| #3453 | Minimize iptables-restore input size | Improve the performance of kube-proxy in iptables mode | sig-network | alpha:v1.26 beta:v1.27 stable:v1.28 |
true |
The highlighted Feature
The feature I want to highlight in this 1.28 release is the sidecar support refered in in KEP #753.
Running Sidecars in Kubernetes; Pre and Post 1.28 Release
Pre Kubernetes 1.28
Until the 1.28 release Kubernetes did not have a concept of sidecars. The term "sidecar" was more of a pattern than a built in feature. Sidecars were containers that operated alongside the main application container within the same pod. They were utilized to enhance the functionality of the application without necessitating any modifications to its code. However this approach presented challenges;
Pod Restart; Upgrading a sidecar necessitated restarting the pod, including the application container.
Job Termination; Kubernetes did not provide a means to signal termination to the sidecar, which caused complications with jobs that were expected to terminate upon completion.
Startup Race Conditions; Kubernetes did not guarantee the order in which regular containers started potentially causing issues if the main application relied on initialization of the sidecar.
Post Kubernetes 1.28
With the introduction of the KEP #753 in version 1.28 significant changes have been implemented. This KEP formally incorporates sidecars into the Kubernetes API addressing many of these aforementioned challenges;
Container Ordering; In Kubernetes 1.28 and onwards new functionality allows for specifying an ordered initialization and termination sequence, for containers, including sidecars. This resolves any race conditions during startup.
Ending a Job; The introduction of the sidecar functionality offers a solution, to the problem of Jobs running indefinitely by providing a way to signal the sidecar when it should terminate.
Managing Pods; The update provides control, over pod behavior allowing for precise management of sidecars without impacting the main application container.
About the Author
Aleksandro Matejic, a Cloud Architect, began working in the IT industry over 21 years ago as a technical specialist, right after his studies. Since then, he has worked in various companies and industries in various system engineer and IT architect roles. He currently works on designing Cloud solutions, Kubernetes, and other DevOps technologies.
In his spare time, Aleksandro works on different development projects such as developing devoriales.com, a blog and learning platform launching in 2022/2023. In addition, he likes to read and write technical articles about software development and DevOps methods and tools.
You can contact Aleksandro by visiting his LinkedIn Profile