Advanced Computing in the Age of AI | Tuesday, May 17, 2022

Kubernetes Adds API, Windows Upgrades 

via Shutterstock

As the de facto standard Kubernetes cluster orchestrator moves deeper into enterprise IT infrastructure, version updates are coming a faster pace. The third release in 2019 comes with a grand total of 31 “enhancements” in various stages of production readiness ranging from “alpha” to “stable.”

Many of the latest upgrades target API management and Windows-based containers, allowing Windows workloads to be attached to existing cluster much in the same way as Linux nodes.

Kubernetes 1.16 released on Wednesday (Sept. 18) emphasizes the general availability of custom resource definitions (CRD) used to extend orchestrator capabilities by specifying storage and other resources. “The hard-won lessons of API evolution in Kubernetes have been integrated,” developers noted. “As we transition to [general availability], the focus is on data consistency for API clients.”

The addition of CRD and other API development tools “are enough to build stable APIs that evolve over time, the same way that native Kubernetes resources have changed without breaking backwards-compatibility,” they added.

Upstream Kubernetes contributors such as Google (NASDAQ: GOOGL) and Red Hat helped marshal the resource manager to production. CRDs “are a main extension point for building cloud native applications on Kubernetes,” the IBM (NYSE: IBM) unit said in a blog post. Red Hat has supported CRDs in recent releases of OpenShift and expects to integrate the latest Kubernetes enhancements into its container application platform.

The latest release also includes better metrics and the ability to adjust volumes in the Kubernetes container storage interface (CSI) introduced last year. The latter allows users to automatically create storage and make it available to application containers whenever they are scheduled for production. Storage can then be deleted when no longer needed.

The Kubernetes release team said volume resizing in support of CSI would move up to beta, allowing any CSI-specified volume plugin to be adjusted.

Among the beta enhancements for Kubernetes are improved workload options for Windows-based containers, including the ability to carry a container “identity” across a network while communicating with computing and storage resources. Hence, Windows containers would gain authenticated access to those external resources, developers said.

Meanwhile, Kubernetes upgrades moving to alpha include support of the administrator tool used to create Kubernetes clusters. For example, the administrator could spin up and add a Windows node to a cluster. The alpha release also includes supports for other Windows container identity steps.

Another new feature called “Endpoint Slices” is designed to scale Kubernetes services across enterprise infrastructure. The new feature splits network endpoints into multiple resources, decreasing the amount of updated data as production scales. The result would be a 200-fold decrease in the amount of data transferred in an update.

Kubernetes 1.16 is available for download on GitHub.

Lately, security vulnerabilities have plagued the cluster orchestrator as it handles more production workloads. Most recently, a flaw in a Kubernetes server API allowed intruders to gain unauthorized access to cluster-wide custom resources via standard role-based permissions.

While the CRD enhancements announced this week do not specifically address those vulnerabilities, Kubernetes project leaders highlighted formation of a Security Audit Working Group as part of “an effort to improve the overall security of the ecosystem.”

Among the working group’s duties was identifying third-party vendors to complete a Kubernetes security audit. The Cloud Native Computing Foundation announced last month that two companies were selected: Trail of Bits and Atredis Partners.

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).

Add a Comment