The Kubernetes release cycle is back to its usual self, bringing version 1.20 to K8s aficionados young and old. The release includes stable volume snapshot operations, process ID limiting, advances in kubectl debug, and one less thing to worry about when it comes to exec probe timeouts.
Keen observers of the Kubernetes universe might wonder why there have only been three rather than four releases this year. But then again it’s 2020, where the unusual is almost expected. 1.20 release lead Jeremy Rickard closely followed the process of getting the last orchestrator versions out of the door in order to prepare for the challenge ahead.
“I think in 1.19, we made a lot of changes to just kind of help the community deal with all the things that were unfolding. You know, we had a lot of protests in the US about racial injustices, and then the ongoing pandemic and how people were responding to that. And we definitely saw some decreased velocity and just kind of angst in the community.”
To deal with that, the release team shifted down a gear, and just took its time to send a quality release on the road. “I think that also fed into just how 1.20 went. There’s a lot of content that ended up being in 1.20 [..] partially because the [elongated] code freeze, and just because the general period for 1.19 was long.” According to Rickard, it usually takes a lot of back and forth with contributors to make sure new features tick all the boxes, but taking things slow earlier in the year meant even fairly big features were just good to go when the release team knocked this time around.
“In 1.20, there’s basically a rewrite of the dual stack support, allowing you to use IPv4 and IPv6 addresses for services, and they actually did that during the 1.19 timeframe. But they held it and then dropped at the beginning of 1.20, so there was more time for it to soak, more time for end-to-end-tests to come in, and just kind of have that feature be more reliable.”
This rewrite however is only one of the 16 alpha features making it into the current Kubernetes iteration. Amongst them are highly requested capabilities such as graceful node shutdown, which provides kubelets with a chance of following a more expected pod termination steps when shutting nodes down, in order to not cause workload issues.
Kubernetes security has lurched onto the agenda of many organisations this year, so this has been a major theme in the new additions section as well. Log sanitisation for instance has been added to make sure that sensitive arguments aren’t logged which can help prevent leaking such information. An alpha version of CSIServiceAccountToken meanwhile improves security by letting CSI drivers impersonate pods that they mount the volumes for, which is especially important for drivers that have to handle secrets.
But depending on what your day job is, you’ll probably find different things interesting. Rickard, a cluster operator for VMware services, often comes across problems when it comes to capacity planning, since requesting things the right way can be tricky. “Coming in 1.20 as an alpha feature [..] is a set of out of the box metrics, helping you see requests versus limits at a cluster level, and exposing that at an API endpoint to be really easily scrapable with Prometheus”.
Seeing kubctl debug and the API priority and fairness feature graduate will also help in that role, even though Rickard spreads more proud dad vibes here, having “watched them grow up” throughout the releases.
Seeing things either graduate or disappear is going to be more of a thing in the next releases, since v1.20 is the first version to follow the new deprecation policy, Rickard says. “Things that are in beta have to progress either to a new beta version, or they have to go into GA, or they’ll have to go away – one of those three paths.”
Amongst the features taking the middle path in 1.20 are volume snapshot operations, which are generally available now.
When talking about things going away, however, one just can’t not mention the change in 1.20 that arguably led to the most panic in the leadup to the current release. Just last week, quite a few Kubernetes users slid into a slight panic when finding out that the container runtime interface shim for Docker was going to be deprecated.
“There are human processes involved in the release, right?” Rickard says, when explaining what went awry. “You have to track a lot of things and they all kind of fall down to enhancement issues in the Kubernetes enhancements repo. That one didn’t actually have one. It had a KEP, which is the enhancement proposal, and it was in the [then in progress] release notes, and that’s where people kind of picked up on it.”
Since then, blogs and information pages have been put up to clarify things (yes, you can still use Docker images), but since Docker support will be removed in one of the coming versions, ops teams might want to start scanning alternatives. CRI-O and containerd for example fulfil Kubernetes’ condition of being CRI-compliant and can be switched to, in order to keep clusters from breaking.
Windows users might have a bit of a harder time in that respect, since support for Microsoft’s OS still isn’t where many like it to be. However, there is a Kubernetes SIG group focusing on Windows, so chances are help is underway from that team.
New Docker Enterprise home Mirantis also decided to partner with the Docker team to keep the shim alive as a stand-alone open source project. This will call for a bit of additional manual work and it isn’t yet officially available, so giving it a bit of time before coming up with an all-new runtime strategy might be wise.
More details on the release, which also includes a fix to finally respect timeoutSeconds for exec probes, can be found in the Kubernetes repository.