The Technical Oversight Committee (TOC) overseeing the developer of Kubernetes today made available an update that provides a stable set of application programming interfaces (APIs) on which to build extensions to the platform.
Lachlan Evenson, principal program manager at Microsoft who headed up the team responsible for version 1.16 of Kubernetes, says with the general availability of APIs known as Custom Resource Definitions (CRDs), the committee will begin to retire previous instances of CRDs that are not supported in the latest release. IT teams may be able to engage a provider of a distribution of Kubernetes to support those CRDs, but the goal of the committee is to encourage developers to standardize on the same set of APIs.
Evensen says now that CRDs have been stabilized there should be subsequent innovation as providers of various platforms based on Kubernetes begin to roll out a wide range of offerings that rely on Kubernetes as a foundational platform. In fact, many organizations may never engage directly with Kubernetes; many will get their first exposure to Kubernetes within the context of another platform that serves to make Kubernetes more accessible within the context of a specific use case by providing an additional layer of abstraction on top, notes Evensen.
In terms of new capabilities in this latest Kubernetes update, an alpha release of the Endpoint Slices capability promises to make it easier to scale Kubernetes deployments. Endpoint Slices are a new API that makes it easier to employ policies to control how endpoints and pods communicate to better load-balance a Kubernetes deployment. Endpoint Slices decrease the amount of data required for updates at scale by limiting the number of endpoints that can be attached to an Endpoint Slice service to 100 each.
Other major new features added to Kubernetes 1.16 include Topology Manager, a new Kubelet component to manage resource assignment decisions; an alpha version of an API Server Network Proxy; and support for IPv4/IPv6 dual-stack addresses. There also is now a standard requirement for implementing a metrics registry and the ability to resize volumes on storage systems connected to Kubernetes via the Container Storage Interface (CSI).
For organizations deploying Kubernetes in Windows environments, the Kubernetes update also adds alpha support for kubeadm, which will enable IT teams to join and reset Windows worker nodes to an existing cluster in the same way they do for Linux nodes, along with support for the CSI on instances of Kubernetes running on Windows.
Support for Active Directory Group Managed Service Account (GMSA) is also now in beta. GMSA is a specific type of Active Directory account that enables Windows containers to carry an identity across the network and communicate with other resources. Windows containers now can gain authenticated access to external resources along with automatic password management, simplified service principal name (SPN) management and the ability to delegate management to other administrators across multiple servers.
There’s also support in alpha for a RunAsUserName capability, which is a string specifying the windows identity (or username) in Windows to run the entry point of the container. It is part of the windowsOptions component of the securityContext (WindowsSecurityContextOptions) offering for which Microsoft has led development.
It’s clear Kubernetes 1.16 represents a major advance in terms of stability and scalability that should attract additional developers to the platform. However, organizations that have already deployed Kubernetes clusters soon may discover they have some additional work cut out for them once they begin to upgrade.