Kubernetes 1.12 is out – Kubelet TLS Bootstrap goes GA
Kubernetes is back with the delivery of another update featuring some pretty big changes and additions including the general availability of Kubelet TLS Bootstrap and support for Azure Virtual Machine Scale Sets (VMSS). Let’s take a closer look at what the new release brings.
Kubernetes team delivered the 1.12 release and it’s stuffed with new features, important updates and changes. Since the list is truly extensive, here we will only cover the highlights of the latest release.
Head over to the official changelog if you want to see the whole thing! For now, let’s have a closer look at the most significant features brought by the latest release.
General Availability (GA) of Kubelet TLS Bootstrap – Allows for a kubelet to bootstrap itself into a TLS-secured cluster. Most importantly, it automates the provision and distribution of signed certificates.
SIG Auth – Introduces a way for kubelet to generate a private key and a CSR for submission to a cluster-level certificate signing process. The v1 (GA) designation indicates production hardening and readiness and comes with the guarantee of long-term backward compatibility.
Kubelet server certificate bootstrap and rotation is moving to beta – Introduces a process for generating a key locally and then issuing a Certificate Signing Request to the cluster API server to get an associated certificate signed by the cluster’s root certificate authority. Also, as certificates approach expiration, the same mechanism will be used to request an updated certificate.
Support for Azure Virtual Machine Scale Sets (VMSS) – Allows you to create and manage a homogenous VM pool that can automatically increase or decrease based on demand or a set schedule. This enables you to easily manage, scale, and load balance multiple VMs to provide high availability and application resiliency, ideal for large-scale applications that can run as Kubernetes workloads.
Cluster-Autoscaler – Supports the scaling of containerized applications with Azure VMSS, including the ability to integrate it with cluster-autoscaler to automatically adjust the size of the Kubernetes clusters based on the same conditions.
But that is not all, we have some more notable feature updates including:
RuntimeClassis a new cluster-scoped resource that surfaces container runtime properties to the control plane being released as an alpha feature.
- Topology aware dynamic provisioning is now in beta, meaning storage resources can now understand where they live. This also includes beta support to AWS EBS and GCE PD.
- Configurable pod process namespace sharing is moving to beta, meaning users can configure containers within a pod to share a common PID namespace by setting an option in the PodSpec.
- Taint node by condition is now in beta, meaning users have the ability to represent node conditions that block scheduling by using taints.
- Arbitrary / Custom Metrics in the Horizontal Pod Autoscaler is moving to a second beta to test some additional feature enhancements. This reworked Horizontal Pod Autoscaler functionality includes support for custom metrics and status conditions.
- Vertical Scaling of Pods is now in beta, which makes it possible to vary the resource limits on a pod over its lifetime. In particular, this is valuable for pets (i.e., pods that are very costly to destroy and re-create).
- Encryption at rest via KMS is now in beta. This adds multiple encryption providers, including Google Cloud KMS, Azure Key Vault, AWS KMS, and Hashicorp Vault, that will encrypt data as it is stored to etcd.