The CNCF governed project Kubernetes needs no introduction. What it actually needed were the necessary updates and Kubernetes 1.18 might be able to fill all the voids. The release added new 38 capabilities enhancing almost every aspect of the Kubernetes environment. We picked up the top eight updates out of 38 which was very difficult, but every update holds its own importance. Let’s check them out:
1. Use Service Account Tokens as a general authentication method
Kubernetes 1.18 added this capability under feature #1393. Now, the API server can provide an OpenID Connect identification document. This document contains the token’s public key and other metadata. The OIDC authenticator can use this data to authenticate the token without first checking the API server.
2. Configure HPA Velocity For Specific Pods
With a Horizontal Pod Autoscaler (HPA), Kubernetes clusters can automatically react to high and low data traffic.
Kubernetes 1.18 provides feature #853, which allows you to configure the scaling behavior in the HPA behavior field. The behavior is specified individually for scaling in the scaleUp or scaleDown section below the behavior field.
3. Use Profiles To Run Multiple Scheduler Configurations
For quick updates, the Kube Scheduler is a component that controls which pods are provisioned (planned) to which nodes. The decision of the scheduler depends on various conditions, such as node affinity / anti-affinity, requirements, and limits configured on the pod, resource and node availability.
With feature #1451, you can use a scheduler for your cluster, but with a different profile. SchedulerName is used to refer to each profile. Pods can use the SchedulerName to identify the profile to use. But after all, it is the same planner that does all the work and avoids racing conditions.
Suggested Read: Top 10 open-source monitoring tools for Kubernetes
4. Get Support For RuntimeClass And Labels For Multiple Windows Versions in The Same Cluster
Microsoft Windows actively supports various Kubernetes features, and it is not uncommon for mixed clusters to run on Linux and Windows nodes. In the latest version with Kubernetes 1.18, RuntimeClass supports Windows nodes. Therefore, you can select a node to run a particular Windows build and schedule a pod that runs only on Windows.
5. Secrets And ConfigMaps To Be Immutable
Keeping the ConfigMap and secret immutable means that the API server does not have to query for changes each time. Feature #1412 can be activated in Kubernetes 1.18 by activating the feature gate ImmutableEmphemeralVolumes and setting the unchangeable value in the ConfigMap or secret resource file to true.
6. More Troubleshooting Power Using Kubectl Debug
If you need insight into a running pod, kubectl exec and kubectl port-forward are limited. As of Kubernetes version 1.18, the command kubectl debug is also available. Using commands, you can provide a short-lived container to a running pod and restart the pod with the modified PodSpec.
You can also launch privileged containers in the host namespace. In this way, you can solve the node issues.
7. Now Skip Volume Ownership Change
By default, when a volume is attached to a container in a Kubernetes cluster, the ownership of all files and directories within that volume is changed to the value provided by fsGroup. This is because fsGroup can read and write volumes.
Feature #695 provides the FSGroupChangePolicy parameter. This can be set to always keep the default behavior, or set to OnRootMismatch, which triggers the change process only if the top-level directory permissions do not match the fsGroup value.