Posts in 2022
-
Enforce CRD Immutability with CEL Transition Rules
By Alexander Zielenski (Google) | Thursday, September 29, 2022 in Blog
Immutable fields can be found in a few places in the built-in Kubernetes types. For example, you can't change the .metadata.name of an object. Specific objects have fields where changes to existing objects are constrained; for example, the …
-
Kubernetes 1.25: Kubernetes In-Tree to CSI Volume Migration Status Update
By Jiawei Wang (Google) | Monday, September 26, 2022 in Blog
The Kubernetes in-tree storage plugin to Container Storage Interface (CSI) migration infrastructure has already been beta since v1.17. CSI migration was introduced as alpha in Kubernetes v1.14. Since then, SIG Storage and other Kubernetes special …
-
Kubernetes 1.25: CustomResourceDefinition Validation Rules Graduate to Beta
By Joe Betz (Google), Cici Huang (Google), Kermit Alexander (Google) | Friday, September 23, 2022 in Blog
In Kubernetes 1.25, Validation rules for CustomResourceDefinitions (CRDs) have graduated to Beta! Validation rules make it possible to declare how custom resources are validated using the Common Expression Language (CEL). For example: apiVersion: …
-
Kubernetes 1.25: Use Secrets for Node-Driven Expansion of CSI Volumes
By Humble Chirammal (Red Hat), Louis Koo (deeproute.ai) | Wednesday, September 21, 2022 in Blog
Kubernetes v1.25, released earlier this month, introduced a new feature that lets your cluster expand storage volumes, even when access to those volumes requires a secret (for example: a credential for accessing a SAN fabric) to perform node expand …
-
Kubernetes 1.25: Local Storage Capacity Isolation Reaches GA
By Jing Xu (Google) | Monday, September 19, 2022 in Blog
Local ephemeral storage capacity isolation was introduced as a alpha feature in Kubernetes 1.7 and it went beta in 1.9. With Kubernetes 1.25 we are excited to announce general availability(GA) of this feature. Pods use ephemeral local storage for …
-
Kubernetes 1.25: Two Features for Apps Rollouts Graduate to Stable
By Ravi Gudimetla (Apple), Filip Křepinský (Red Hat), Maciej Szulik (Red Hat) | Thursday, September 15, 2022 in Blog
This blog describes the two features namely minReadySeconds for StatefulSets and maxSurge for DaemonSets that SIG Apps is happy to graduate to stable in Kubernetes 1.25. Specifying minReadySeconds slows down a rollout of a StatefulSet, when using a …
-
Kubernetes 1.25: PodHasNetwork Condition for Pods
By Deep Debroy (Apple) | Wednesday, September 14, 2022 in Blog
Kubernetes 1.25 introduces Alpha support for a new kubelet-managed pod condition in the status field of a pod: PodHasNetwork. The kubelet, for a worker node, will use the PodHasNetwork condition to accurately surface the initialization state of a pod …
-
Announcing the Auto-refreshing Official Kubernetes CVE Feed
By Pushkar Joglekar (VMware) | Monday, September 12, 2022 in Blog
A long-standing request from the Kubernetes community has been to have a programmatic way for end users to keep track of Kubernetes security issues (also called "CVEs", after the database that tracks public security issues across different …
-
Kubernetes 1.25: KMS V2 Improvements
By Anish Ramasekar, Rita Zhang, Mo Khan, Xander Grzywinski (Microsoft) | Friday, September 09, 2022 in Blog
With Kubernetes v1.25, SIG Auth is introducing a new v2alpha1 version of the Key Management Service (KMS) API. There are a lot of improvements in the works, and we're excited to be able to start down the path of a new and improved KMS! What is KMS? …
-
Kubernetes’s IPTables Chains Are Not API
By Dan Winship (Red Hat) | Wednesday, September 07, 2022 in Blog
Some Kubernetes components (such as kubelet and kube-proxy) create iptables chains and rules as part of their operation. These chains were never intended to be part of any Kubernetes API/ABI guarantees, but some external components nonetheless make …