Kubernetes 1.8 Brings Additional Security, Stability

The latest release of the Kubernetes container orchestration engine, which arrived this week, has something for almost everybody in the container community. In general, new Kubernetes 1.8 features fall into two broad categories: Most of the updates are focused on increasing reliability and security in way that are consistent with other platforms, while the rest of the updates focus on how specific workloads can be deployed and classes of processers incorporated in Kubernetes clusters.

From an enterprise perspective, the most significant new feature is support for role-based access controls that can be invoked via the Kubernetes application programming interface (API). It’s a challenge for any use of Kubernetes to pass a compliance test without that capability. The Cloud Native Computing Foundation (CNCF) is also making available a beta release of a capability that enables outbound traffic to be filtered using network policies. There’s also Transport Layer Security certificate rotation facility that reduces the likelihood that Kubernetes credentials can be compromised. Finally, an auditing tools are now available in beta as well.

Joe Brockmeier, senior evangelist for Linux containers at Red Hat, says enterprise IT organizations looking to employ Kubernetes in a production environment are especially anxious to see more robust security capabilities being added to Kubernetes.

In addition, Brockmeier says enterprise IT organizations are also monitoring progress being made on support for additional processors. He notes that support for graphical processor units (GPUs) is progressing and that he expects to see additional support for processor technologies such as field programmable gate arrays (FPGAs) in the future. Beyond that, Brockmeier says support for serverless computing frameworks should also be forthcoming.

In terms of new tools for managing workloads on Kubernetes, the most significant addition is a beta release of Workload APIs such as Deployment, DaemonSet, ReplicaSet and StatefulSet. The Workloads API also now provides native support for the Apache Spark in-memory computing framework.

From a management perspective, the most significant additions are a beta release of CronJobs, while makes it possible to now schedule jobs on Kubernetes. There’s also a stable release of the lightweight container runtime for Kubernetes, dubbed CRI-O, as well as enhancement to the command line interface (CLI) and automation tools embedded in a Kubernetes cluster. The release team also revealed that several of the functions now in alpha include support for volume snapshots and the ability to prioritize one Kubernetes pod on a cluster over another.

Eric Chiang, a software engineer at CoreOS, says that it’s clear that in some instances the Kubernetes community is putting forward security and management capabilities that exist on other platforms that most IT organizations have come to expect. In other instances, there are advances in terms of how workloads are deployed on Kubernetes that are unique to the platform, says Chiang.

Kubernetes today is a shared research and development project supported by every major IT vendor. As such, the point of differentiation going forward will be a shift more toward what tools each vendor is wrapping around Kubernetes to make it more accessible. As Kubernetes becomes more stable and secure, it’s now only a matter of time before demand for those tools start to substantially increase across the enterprise.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1415 posts and counting. See all posts by Mike Vizard