Posts in 2024
-
Container Runtime Interface streaming explained
By Sascha Grunert | Wednesday, May 01, 2024 in Blog
The Kubernetes Container Runtime Interface (CRI) acts as the main connection between the kubelet and the Container Runtime. Those runtimes have to provide a gRPC server which has to fulfill a Kubernetes defined Protocol Buffer interface. This API …
-
Kubernetes 1.30: Preventing unauthorized volume mode conversion moves to GA
By Raunak Pradip Shah (Mirantis) | Tuesday, April 30, 2024 in Blog
With the release of Kubernetes 1.30, the feature to prevent the modification of the volume mode of a PersistentVolumeClaim that was created from an existing VolumeSnapshot in a Kubernetes cluster, has moved to GA! The problem The Volume Mode of a …
-
Kubernetes 1.30: Multi-Webhook and Modular Authorization Made Much Easier
By Rita Zhang (Microsoft), Jordan Liggitt (Google), Nabarun Pal (VMware), Leigh Capili (VMware) | Friday, April 26, 2024 in Blog
With Kubernetes 1.30, we (SIG Auth) are moving Structured Authorization Configuration to beta. Today's article is about authorization: deciding what someone can and cannot access. Check a previous article from yesterday to find about what's new in …
-
Kubernetes 1.30: Structured Authentication Configuration Moves to Beta
By Anish Ramasekar (Microsoft) | Thursday, April 25, 2024 in Blog
With Kubernetes 1.30, we (SIG Auth) are moving Structured Authentication Configuration to beta. Today's article is about authentication: finding out who's performing a task, and checking that they are who they say they are. Check back in tomorrow to …
-
Kubernetes 1.30: Validating Admission Policy Is Generally Available
By Jiahui Feng (Google) | Wednesday, April 24, 2024 in Blog
On behalf of the Kubernetes project, I am excited to announce that ValidatingAdmissionPolicy has reached general availability as part of Kubernetes 1.30 release. If you have not yet read about this new declarative alternative to validating admission …
-
Kubernetes 1.30: Read-only volume mounts can be finally literally read-only
By Akihiro Suda (NTT) | Tuesday, April 23, 2024 in Blog
Read-only volume mounts have been a feature of Kubernetes since the beginning. Surprisingly, read-only mounts are not completely read-only under certain conditions on Linux. As of the v1.30 release, they can be made completely read-only, with alpha …
-
Kubernetes 1.30: Beta Support For Pods With User Namespaces
By Rodrigo Campos Catelin (Microsoft), Giuseppe Scrivano (Red Hat), Sascha Grunert (Red Hat) | Monday, April 22, 2024 in Blog
Linux provides different namespaces to isolate processes from each other. For example, a typical Kubernetes pod runs within a network namespace to isolate the network identity and a PID namespace to isolate the processes. One Linux namespace that was …
-
Kubernetes v1.30: Uwubernetes
By Kubernetes v1.30 Release Team | Wednesday, April 17, 2024 in Blog
Editors: Amit Dsouza, Frederick Kautz, Kristin Martin, Abigail McCarthy, Natali Vlatko Announcing the release of Kubernetes v1.30: Uwubernetes, the cutest release! Similar to previous releases, the release of Kubernetes v1.30 introduces new stable, …
-
Spotlight on SIG Architecture: Code Organization
By Frederico Muñoz (SAS Institute) | Thursday, April 11, 2024 in Blog
This is the third interview of a SIG Architecture Spotlight series that will cover the different subprojects. We will cover SIG Architecture: Code Organization. In this SIG Architecture spotlight I talked with Madhav Jivrajani (VMware), a member of …
-
DIY: Create Your Own Cloud with Kubernetes (Part 3)
By Andrei Kvapil (Ænix) | Friday, April 05, 2024 in Blog
Approaching the most interesting phase, this article delves into running Kubernetes within Kubernetes. Technologies such as Kamaji and Cluster API are highlighted, along with their integration with KubeVirt. Previous discussions have covered …