The team behind container orchestrator Kubernetes has finished its third release of the year and made v1.16 available, which adds a couple of new preview features and stable versions of enhancements that have been around for a good while already to the project.
Amongst the later are the so called custom resource definitions (CRD). CRDs made their way into 1.7 as a way of adding third party resources to Kubernetes and have since become essential to API extensions. Leaving the beta label behind in v1.16, services consuming data stored in custom resources can now build on a greater level of consistency. This is down to the implementation ensuring that data is strictly typed and follows a well-known schema amongst other things.
Admission webhooks are another mechanism to extend Kubernetes that have made it to general availability in the current release. The HTTP callbacks can be used to enforce custom defaults or policies, by allowing a modification of objects sent to the API server or validating admission requests.
DevOps folks having trouble with debugging containers will be happy to learn about the preview of ephemeral containers that has been added to Kubernetes. They are of a temporary nature and can be added to running pods – similar to the way kubectl exec works, which also means no resources are reserved for them and they aren’t restarted when they exit.
Starting in v1.16, the kubelet component includes a topology manager to help with resource allocation. Teams that need clusters to support the simultaneous assignment of IPv4 and IPv6 addresses can make use of the integrated alpha of an IPv4/IPv6 dual-stack.
Kubernetes 1.16 also marks the beginning of an extensible system to control network traffic from the Kube API Server. A corresponding network proxy has been added to the project, though its alpha status indicates that there’s still some way to go until it will be fully useful.
Before upgrading to the new version, the Kubernetes team urges users to read through the upgrade notes, which point out some storage and cluster lifecycle related changes that could make some extra efforts necessary before switching.
Users should also be aware that “systems running iptables 1.8 or newer should start it in legacy mode” and the etcd and KMS plugin health checks aren’t exposed in the new livez and readyz endpoints yet. The complete list of changes can be found in the project’s changelog.