Kubernetes 1.4, the next big release of the popular open source container orchestration platform, is now out. Here’s an overview of the most important changes that this new version of Kubernetes introduces — and what you need to know to get started using it.
Getting Started with Kubernetes 1.4
The big change that most users will need to make is this: Because of a change to the name of the federation API server kubeconfig secret consumed by federation-controller-manager, Kubernetes installations that are being updated from version 1.3.x will need to run the following command:
kubectl --namespace=federation get secret federation-apiserver-secret
-o json | sed
kubectl create -f -
For details on the above, check out the conversation on GitHub.
New Features in Kubernetes 1.4
Kubernetes 1.4 introduces a number of new features. You may not use all of them, but familiarizing yourself with the feature enhancements will help assure that you’re taking advantage of all of the orchestration functionality available.
Kubernetes 1.4 isn’t Kubernetes 2.0, of course. In other words, it’s not a major overhaul of the entire container orchestration tool.
But Kubernetes 1.4 will include more than minor bug fixes or other updates. Some of the more significant feature implementations that have already been implemented include:
- Azure available as a CloudProvider option. This update lets you take advantage of native networking and load-balancing features in Azure.
- kubectl can create resource quotas. Resource quotas existed in Kubernetes previously, but setting them up was rather complicated. Doing it from kubectl makes the process much simpler.
- The download timeout for kube-up has been increased from 80 to 300 seconds. This change helps assure that Kubernetes will not fail to download large images due to bandwidth constraints.
- Multiple APIs can register for the same API group. This is technically a bugfix, but it’s handy to know about.
- SSH compression will be enabled on Ubuntu when creating clusters. According to the developer who implemented the change, this increases speed by about two times.
- An –overwrite flag is now available for kubectl to resolve conflicts following live migrations. Like the resource quota option in kubectl described above, this change also simply provides an easier way to access functionality that was available before.
- libltdl7 will be automatically installed by kube-up if it’s not already in a container image. Since libltdl7 is now a Docker dependency, the library is required when using Docker containers. Automatic installation by kube-up means you no longer have to worry about remembering to install the library manually.
- Known AWS regions were updated to include ap-south-1, the Asia Pacific (Mumbai) endpoint for AWS.
Signs of Things to Come: Stateful Containers
Also notable in Kubernetes 1.4 are a couple of features that help pave the way for stateful containers — meaning those that require persistent data storage and other components that remain constant across an app as individual containers spin up and down.
Those features are Scheduled Jobs, a feature that helps run tasks on a recurring basis at specified times (think crontab), and Persistent Volumes, which helps manage persistent data storage on a Kubernetes cluster.
These features are still in alpha and beta modes, respectively. So it would be a stretch to say Kubernetes 1.4 is ready to deliver total support for stateful containers.
Still, it is significant that Kubernetes now has these features available for testing and experimentation purposes. And it’s a sure sign that the Kubernetes world is fast on the way to being about more than stateless containers.
Last but not least on the list of big changes in Kubernetes 1.4 is security. Concerns about the difficulty of securing containerized infrastructure — whether or not such concerns are actually founded — remain a challenge to container adoption in the enterprise. Improvements to security features are therefore important.
Kubernetes 1.4 brings two notable improvements on the security front. The first is beta support for AppArmor, a hardening feature that runs as a Linux kernel module. AppArmor policies can now be applied to containers to help prevent attacks.
Meanwhile, at the intersection of security and usability, Kubernetes 1.4 supports Pod Security Policies. These provide an easy way to set security thresholds at the cluster level, which govern which containers can and can’t join the cluster, based on security attributes.