Kubernetes version 1.12 released in September 2018 includes new features, critical updates and changes. Here are some highlights of the latest release:
- General Availability (GA) of Kubelet TLS Bootstrap: Allows for a kubelet to bootstrap itself into a TLS-secured cluster. Most importantly, it automates the provision and distribution of signed certificates.
- Social Interest Group (SIG) Auth: Introduces a way for kubelet to generate a private key and a CSR for submission to a cluster-level certificate signing process. The v1 (GA) designation indicates production hardening and readiness and comes with the guarantee of long-term backward compatibility.
- Kubelet server certificate bootstrap and rotation are moving to beta: Introduces a process for generating a key locally and then issuing a Certificate Signing Request to the cluster API server to get an associated certificate signed by the cluster’s root certificate authority. Also, as certificates approach expiration, the same mechanism will be used to request an updated certificate.
- Support for Azure Virtual Machine Scale Sets (VMSS): Allows the user to create and manage a homogenous VM pool that can automatically increase or decrease based on demand or a set schedule. This enables the user to manage, scale quickly, and load balance multiple VMs to provide high availability and application, ideal for large-scale applications that can run as Kubernetes workloads.
- Cluster-Autoscaler: Supports the scaling of containerized applications with Azure VMSS, including the ability to integrate it with cluster-auto scalerto automatically adjust the size of the Kubernetes clusters based on the same conditions.
Some notable feature updates include:
- RuntimeClass is a new cluster-scoped resource that surfaces container runtime properties to the control plane being released as an alpha feature.
- Topology-aware dynamic provisioning is now in beta, meaning storage resources can now understand where they live. This also includes beta support to AWS EBS and GCE PD.
- Configurable pod process namespace sharing is moving to beta, meaning now choose whether specific containers in a pod should share a single process namespace, which enables these processes to signal each other in a way that was impossible before.
- Taint node by the condition is now in beta, meaning users can represent node conditions that block scheduling by using taints.
- Arbitrary / Custom Metrics in the Horizontal Pod Autoscaler is moving to a second beta to test some additional feature enhancements. This reworked Horizontal Pod Autoscaler functionality includes support for custom metrics and status conditions.
- Vertical Scaling of Pods is now in beta, which makes it possible to vary the resource limits on a pod over its lifetime. This is valuable for pets (i.e., pods that are very costly to destroy and re-create).
- Encryption at rest via Key Management Service (KMS) is now in beta. This adds multiple encryption providers, including Google Cloud KMS, Azure Key Vault, AWS KMS, and Hashicorp Vault, that will encrypt data as it is stored to, etc.
The move to Kubernetes opens the ability for customers to deploy their software on the Lumen21 platform or top of their own Azure or AWS cloud. Lumen21 Azure environment has been vetted and validated by Microsoft technology Architects as part of the Cloud Service Provider (CSP) program.