Kubernetes 1.26, whose theme the team calls “Electrifying”, has been released with several important updates, including more complete support for Windows containers and, for the first time, digital signing of all official release artifacts, enabling verification that they are tamper-free.
The signing of Kubernetes artifacts is officially at beta stage. Previously, container images were signed but not all other files such as source tarballs (files which contain the source code), binary artifacts, and software Bills of Material (SBOMs) were.
Red Hat Senior Software Engineer Sascha Grunert, who is a chair of the Kubernetes release SIG (Special Interest Group), said that a future Kubernetes release will make “the global story more mature by ensuring that truly all Kubernetes releases are signed.” This implies that gaps remain, which is no doubt the reason for the beta label. He also suggests that there may in future be specific Kubernetes infrastructure including root trust and verification for this purpose.
On the Windows side the big news is that Windows HostProcess Containers are now available. Microsoft program manager Brandon Smith and principal software engineer Mark Rossetti described this as a “long-awaited day” that has arrived, but what is a HostProcess container? Essentially they are privileged containers that have access to the host network storage and devices so they can perform administrative tasks such as installing device drivers or Windows services, or managing certificates.
“Previously, performing these actions on Windows nodes was usually done by running PowerShell scripts over SSH or WinRM (Windows Remote Management) sessions and/or working with your cloud provider’s virtual machine management tooling,” they explain.
Windows containers are important because of the prevalence of Windows applications in business. They provide a way for these applications to be cloud native and integrate with modern DevOps. It remains true though that the Kubernetes control plane only runs on Linux. “Kubernetes maintains a multi-architecture image that includes support for Windows,” says the official introduction.
Why “Electrifying”? The release team says that it wants to raise awareness of “taking the energy consumption footprint into account” although they do not suggest that there is any particular feature of the new release that is more energy-efficient than before.
Kubernetes, open source container orchestration software, generally has three releases a year.