This newly-updated, in-depth guidebook provides a detailed overview of the features and functionality of the new Rancher: an open-source enterprise Kubernetes platform.<\/p>\n
Get the eBook<\/a><\/p>\n Kubernetes 1.12 will be released<\/a> this week on Thursday, September 27, 2018. Version 1.12 ships just three months after Kubernetes 1.11 and marks the third major release of this year. The short cycle is inline with the quarterly release cycle the project has followed since it\u2019s GA in 2015.<\/p>\n Kubernetes releases 2018<\/p>\n | Kubernetes Release | Date | Whether you are a developer using Kubernetes or an admin operating clusters, it\u2019s worth getting an idea about the new features and fixes that you can expect in Kubernetes 1.12.<\/p>\n A total of 38 features<\/a> are included in this milestone. Let\u2019s have a look at some of the highlights.<\/p>\n Kubelet certificate rotation was promoted to beta status<\/a>. This functionality allows for automated renewal of key and a certificate for the kubelet API server as the current certificate approaches expiration. Until the official 1.12 docs have been published, you can read the beta documentation on this feature here<\/a>.<\/p>\n Two formerly beta features have now reached stable status<\/a>: One of them is the ipBlock selector, which allows specifying ingress\/egress rules based on network addresses in CIDR notation. The second one adds support for filtering the traffic that is leaving the pods by specifying egress rules. The below example illustrates the use of both features:<\/p>\n apiVersion: networking.k8s.io\/v1 As previoulsy beta features, both egress and ipBlock are already described in the official network policies documentation<\/a>.<\/p>\n Mount namespace propagation, i.e. the ability to mount a volume rshared so that any mounts from inside the container are reflected in the root (= host) mount namespace, has been promoted to stable<\/a>. You can read more about this feature in the Kubernetes volumes docs<\/a>.<\/p>\n This feature introduced in 1.8 as early alpha has been promoted to beta<\/a>. Enabling it\u2019s featureflag causes the node controller to create taints based on node conditions and the scheduler to filter nodes based on taints instead of conditions. The official documentation is available here<\/a>.<\/p>\n While support for custom metrics in HPA continuous to be in beta status<\/a>, version 1.12 adds various enhancements like the the ability to select metrics based on the labels available in your monitoring pipeline. If you are interested in autoscaling pods based on application-level metrics provided by monitoring systems such as Prometheus, Sysdig or Datadog, I recommend to checkout the design proposal for external metrics<\/a> in HPA.<\/p>\n RuntimeClass is a new cluster-scoped resource \u201cthat surfaces container runtime properties to the control plane\u201d. In other words: This early alpha feature<\/a> will enable users to select and configure (per pod) a specific container runtime (such as Docker, Rkt or Virtlet) by providing the runtimeClass field in the PodSpec. You can read more about it in these docs<\/a>.<\/p>\n Resource quotas<\/a> allow administrators to limit the resource consumption in namespaces. This is especially practical in scenarios where the available compute and storage resources in a cluster are shared by several tenants (users, teams). The beta feature Resource quota by priority<\/a> allows admins to fine-tune resource allocation within the namespace by scoping quotas based on the PriorityClass of pods. You can find more details here<\/a>.<\/p>\n One of the most exciting new 1.12 features for storage is the early alpha<\/a> implementation of persistent volume snapshots. This feature allows users to create and restore snapshots at a particular point in time backed by any CSI storage provider. As part of this implementation three new API resources have been added: apiVersion: snapshot.storage.k8s.io\/v1alpha1 For the nitty gritty details take a look at the 1.12 documentation branch<\/a> on Github.<\/p>\n Another storage related feature, topology aware dynamic provisioning, was introduced in v1.11 and has been promoted to beta in 1.12<\/a>. It addresses some limitations with dynamic provisioning of volumes in clusters spread across multiple zones where single-zone storage backends are not globally accessible from all nodes.<\/p>\n These two improvements regarding running Kubernetes in Azure are shipping in 1.12:<\/p>\n The cluster autoscaler<\/a> support for Azure was promoted to stable<\/a>. This will allow for automatic scaling of the number of Azure nodes in Kubernetes clusters based on global resource usage.<\/p>\n Kubernetes v1.12 adds alpha support for Azure availability zones (AZ)<\/a>. Nodes in an availability zone will be added with label failure-domain.beta.kubernetes.io\/zone=<region>-<AZ> , and topology-aware provisioning is added for Azure managed disks storage class.<\/p>\n Kubernetes 1.12 contains many bug fixes and improvements of internal components, clearly focusing on stabilising the core, maturing existing beta features and improving the release velocity by adding more automated tests to the projects CI pipeline. A noteworthy example for the latter is the addition of CI e2e conformance tests<\/a> for arm, arm64, ppc64, s390x and windows platforms to the projects test harness.<\/p>\n For a full list of changes in 1.12 see the release notes<\/a>.<\/p>\n Rancher will support Kubernetes 1.12 on hosted clusters as soon as it becomes available on the particular provider. For RKE provisioned clusters it will be supported starting with Rancher 2.2.<\/em><\/p>\n
\n|——————–|——————–|
\n| 1.10 | March 26, 2018 |
\n| 1.11 | June 27, 2018 |
\n| 1.12 | September 27, 2018 |<\/p>\nKubelet certificate rotation<\/h3>\n
Network Policies: CIDR selector and egress rules<\/h3>\n
\nkind: NetworkPolicy
\nmetadata:
\nname: network-policy
\nnamespace: default
\nspec:
\npodSelector:
\nmatchLabels:
\nrole: app
\npolicyTypes:
\n– Egress
\negress:
\n– to:
\n– ipBlock:
\ncidr: 10.0.0.0\/24
\n(…)<\/p>\nMount namespace propagation<\/h3>\n
Taint nodes by condition<\/h3>\n
Horizontal pod autoscaler with custom metrics<\/h3>\n
RuntimeClass<\/h3>\n
Resource Quota by priority<\/h3>\n
Volume Snapshots<\/h3>\n
\nVolumeSnapshotClass defines how snapshots for existing volumes are provisioned. VolumeSnapshotContent represents existing snapshots and VolumeSnapshot allows users to request a new snapshot of a persistent volume like so:<\/p>\n
\nkind: VolumeSnapshot
\nmetadata:
\nname: new-snapshot-test
\nspec:
\nsnapshotClassName: csi-hostpath-snapclass
\nsource:
\nname: pvc-test
\nkind: PersistentVolumeClaim<\/p>\nTopology aware dynamic provisioning<\/h3>\n
Enhancements for Azure Cloud provider<\/h3>\n
Cluster autoscaler support<\/h4>\n
Azure availability zone support<\/h4>\n
Anything else?<\/h3>\n