The Kubernetes Release Team has hit go on version 1.21 of the open source container orchestration system. The first release of 2021 adds a host of enhancements, with 15 graduating to stable, another 15 moving to beta and 19 features entering alpha phase.

Among the most notable enhancements is CronJobs (previously ScheduledJobs), which has now graduated to a stable feature. CronJobs enables the scheduling of regular actions such as backups and generation of reports, typically once a day or week. Users can select a point in time within that interval when the job should start.

Another major change is that PodSecurityPolicy has now been deprecated. This will no doubt dismay many Kubernetes users, since this feature is useful for restricting the scope of what deployments can do, such as limiting execution to a list of users, or access to resources like the network or volumes. However, PodSecurityPolicy will continue to be available for several more releases, in line with the deprecation process, and is planned for removal in Kubernetes 1.25.

The Kubernetes team said it is developing a new mechanism to help limit Pod privileges, with a working title of “PSP Replacement Policy”. This is planned to cover the key PodSecurityPolicy use cases, but with improved ergonomics and maintainability.

Also deprecated was the Service field topologyKeys, which has been replaced with a way to implement topology-aware routing, called topologyaware hints. Topology-aware hints are currently an alpha feature in Kubernetes 1.21.

Meanwhile, Immutable Secrets and ConfigMaps add a new field to those resource types which will prevent changes to those objects if set. Secrets and ConfigMaps are mutable by default, but by marking them as immutable, developers can be sure their application configuration will not change. Should there be a requirement to make changes afterwards, users will need to create a new, uniquely named Secret or ConfigMap and deploy a new pod to consume that resource. According to the Kubernetes team, immutable resources also have scaling benefits because controllers do not need to poll the API server to watch for changes.

Another key enhancement is support for dual IPv4/IPv6 network stacks. Having dual-stack support allows for native IPv6 routing to pods and services, whilst still allowing clusters to use IPv4 where needed. Having IPv6 available also avoids a potential scaling limitation for workloads, according to the Kubernetes team.

Graduated to beta in this release is the Graceful Node Shutdown feature, which enables the Kubelet agent on the node in question to be aware of node shutdown, and gracefully terminate pods that are scheduled to that node. This contrasts with the previous situation, where a node shut down meant that pods did not follow the expected termination lifecycle, which can cause problems with various workloads. With Graceful Node Shutdown, the Kubelet will be able to detect an imminent system shutdown through systemd, and notify running pods so they can terminate as gracefully as possible.

Introduced as an alpha feature is PersistentVolume Health Monitor. This allows persistent volumes, used for file-based storage in many applications, to be monitored for the health of the volume and marked accordingly if the volume becomes unhealthy. Workloads will be able to react to the health state, such as preventing data from being written to a volume that is unhealthy.

Kubernetes 1.21 is available for download from GitHub, and developers can check out full details in the release notes.