Canonical Announces Support for Kubernetes 1.17

Canonical announces full enterprise support for Kubernetes 1.17, with support covering Charmed Kubernetes, MicroK8s and Kubeadm.

MicroK8s will be updated with Kubernetes 1.17 enabling users access to the latest upstream release with a single-line command in under 60 seconds. MicroK8s now brings Machine Learning deployments in seconds with the Kubeflow add-on. MetalLB load balancer add-on is now part of MicroK8s  as well as enhancements, upgrades and bug fixes. With MicroK8s 1.17, users can develop and deploy enterprise-grade Kubernetes on any Linux desktop, server or VM across 42 Linux distros. It’s a full Kubernetes in a small package, perfect for IoT, Edge and your laptop!

Canonical’s Charmed Kubernetes 1.17 will come with exciting changes like CIS benchmarking ability, Snap coherence and Nagios checks.

Charmed Kubernetes 1.17

CIS Benchmark

The Center for Internet Security (CIS) maintains a Kubernetes benchmark that is helpful to ensure clusters are deployed in accordance with security best practices. Charmed Kubernetes clusters can now be checked for how well a cluster complies with this benchmark.

Snap Coherence

Beginning with Charmed Kubernetes 1.17, revisions of snap packages used by `kubernetes-master` and `kubernetes-worker` charms can be controlled by a snap store proxy.

Nagios checks

Additional Nagios checks have been added for the `kubernetes-master` and `kubernetes-worker` charms. These checks enhance the monitoring and reporting available via Nagios by collecting data on node registration and API server connectivity.

Fixes

A list of bug fixes and other minor feature updates in this release can be found at Launchpad.

MicroK8s 1.17

• Kubeflow add-on. Give it a try with `microk8s.enable kubeflow`.
• MetalLB Loadbalancer add-on, try it with `microk8s.enable metallb`.
• Separate front proxy CA.
• Linkerd updated to v2.6.0.
• Jaeger operator updated to v1.14.0.
• Updating Prometheus operator (latest).
• Istio upgraded to v1.3.4.
• Helm upgraded to 2.16.0.
• Helm status reported in `microk8s.status`.
• Set default namespace of `microk8s.ctr` to `k8s.io`.
• Better exception handling in the clustering agent.
• Fixes in cluster upgrades.
• `microk8s.inspect` now cleans priority and storage classes.
• `microk8s.inspect` will detect missing cgroups v1 and suggest changes on Fedora 31.

Kubernetes 1.17 Changes

Cloud provider labels

Cloud provider labels (node.kubernetes.io/instance-type, topology.kubernetes.io/region and topology.kubernetes.io/zone) have now reached general availability. All Kubernetes components have been updated to populate and react on those labels. Cloud provider labels can be used to target certain workloads to certain instance types, ensure that pods are placed on the same zone as the volumes they claim, configure node affinity, etc. All of those specs are portable among different cloud providers. 

Volume snapshots

The volume snapshot feature was introduced in Kubernetes 1.12 and is not moving to the beta state. It enables creating snapshots of persistent volumes which can later be used to restore a point-in-time copy of the volume. This provides backup and restore functionality for Kubernetes volumes allowing users to benefit from increased agility with regards to workloads operations.

CSI migration

The CSI (container storage interface) migration enables the replacement of existing storage plugins with a corresponding CSI driver. Prior to CSI, Kubernetes provided a variety of so-called “in-tree” storage plugins which were part of the core Kubernetes code and shipped together with Kubernetes binaries. In order to resolve the issues associated with an ongoing support of storage plugins, CSI was introduced in Kubernetes 1.13. The migration feature is now available in the beta state. The entire process aims to be fully transparent to the end-users. 

Windows-specific options

This feature provides enhancements in the Kubernetes pod spec to capture Windows-specific security options. This includes external resources and the RunAsUserName option which allows users to specify a string that represents a username to run the entrypoint of Windows containers. This increases the security of the workloads and provides an easy-to-use interface for defining those options.

Other changes

• Topology aware routing of services feature is now available in an alpha state
• Taint node by condition feature has graduated to a stable state
• Configurable pod process namespace sharing feature has graduated to a stable state
• Schedule DaemonSet pods by kube-scheduler feature has graduated to a stable state
• Dynamic maximum volume count feature has graduated to a stable state
• Kubernetes CSI topology support feature has graduated to a stable state
• Provide environment variables expansion in SubPath mount feature has graduated to a stable state
• Defaulting of custom resources feature has graduated to a stable state
• Move frequent kubelet heartbeats to lease API feature has graduated to a stable state
• Break apart the Kubernetes test tarball feature has graduated to a stable state
• Add watch bookmarks support feature has graduated to a stable state
• Behavior-driven conformance testing feature has graduated to a stable state
• Finalizer protection for service load balancers feature has graduated to a stable state
• Avoid serializing the same object independently for every watcher feature has graduated to a stable state
• An ongoing support of the IPv4/IPv6 dual stack

Get in touch

• Github 
• Slack – #cdk and #microk8s on the Kubernetes Slack
• Launchpad
• Twitter – @canonical, @ubuntu

If you are interested in Kubernetes support, consulting, or training, please get in touch!