Kubernetes 1.21 Addresses Raft of Enterprise Issues
The technical oversight committee (TOC) for Kubernetes today is releasing a 1.21 update that addresses a wide range of operational and security issues that should ultimately make the platform easier to manage and secure.
At the same time, there are application programming interfaces (APIs) that, once again, the TOC has decided to deprecate. For example, PodSecurityPolicy, previously available in beta, is deprecated in favor of a new, unnamed mechanism for limiting privileges that will be easier to employ.
PodSecurityPolicy will be eliminated with the release of Kubernetes 1.25 in 2022.
Similarly, the Service field topologyKeys, previously available in alpha, is now deprecated in favor of topology aware routing, called topology aware hints, that are available in the alpha in release 1.21 of Kubernetes.
Naburun Pal, an open source engineer for VMware who leads the Kubernetes 1.21 release team, notes that these deprecations are part and parcel of the Kubernetes platform, so it’s incumbent on IT teams to keep track of which functions and capabilities are being deprecated over time.
Of course, many organizations standardize on curated implementations to shift responsibility for tracking those changes to vendors that typically only implement capabilities that are officially designated as being stable.
Overall, Kubernetes 1.21 adds 49 enhancements, 15 of which are now stable. Another 15 capabilities have been elevated to beta, while 19 others have entered an alpha stage.
Among the most significant capabilities to become stable is CronJobs, formally known as ScheduledJobs, that has been in beta since version 1.8 of Kubernetes. CronJobs makes it easier to regularly schedule tasks, such as backups and reports.
Immutable Secrets and ConfigMaps add a field to resource types that can be used to reject any change made to those objects, if set. Secrets and ConfigMaps are mutable by default, but that can create issues if there is a misconfiguration. Secrets and ConfigMaps ensure application configurations won’t change. Immutable resources also provide scaling benefits, because controllers do not need to poll the API server to watch for changes.
Major capabilities that are moving into beta include IPv4/IPv6 dual-stack support and a Graceful Node Shutdown capability that makes it possible to terminate pods in a way that makes other pods aware that an event is imminent.
In terms of alpha capabilities, a PersistentVolume Health Monitor that monitors persistent volumes used by stateful applications has been added.
The TOC is also committing to centralizing the build systems relied on to construct Kubernetes itself to make it easier for contributors to participate in projects.
As adoption of Kubernetes in production environments increases, it’s not uncommon for IT organizations to find themselves building and deploying applications on top of different versions of Kubernetes. In some cases, they even have distributions provided by multiple vendors. It remains to be seen how management of fleets of Kubernetes clusters might one day be centralized.
However, in the meantime, it’s apparent with the release of Kubernetes 1.21, there’s a lot more focus on the kinds of blocking-and-tackling issues required by enterprise IT organizations deploying cloud-native applications at scale.