MicroK8s will be updated with Kubernetes 1.16 enabling users access to the latest upstream release with a single-line command in under 60 seconds. In addition, MicroK8s gets new add-ons with one line installs of Helm and Cilium as well as enhancements, upgrades and bug fixes. Cilium adds enhanced networking features including Kubernetes Network Policy support. With MicroK8s 1.16, users can develop and deploy enterprise grade Kubernetes on any Linux desktop, server or VM across 42 Linux distros.
Canonical’s Charmed Kubernetes 1.16 will come with exciting changes like support for Kata Containers, AWS IAM, SSL passthrough and more. Using Kata Containers, insecure or untrusted pods can be run safely in isolation without disrupting trusted pods in deployments. Identity Access Management on AWS can be used to login to your Charmed Kubernetes cluster. Users get more control over their deployments while benefitting from reduced complexity due to improved LXD support and enhanced Prometheus and OpenStack integration.
“At Canonical, we enable enterprises by reducing the complexity of their Kubernetes deployments. We are actively involved in the Kubernetes community to ensure we listen to, and support our users’ and partners’ needs. Staying on top of security flaws, community issues and features to improve Kubernetes is critical to us. We keep the Ubuntu ecosystem updated with the latest Kubernetes, as soon as it becomes available upstream,” commented Ammar Naqvi, Product Manager at Canonical.
Charmed Kubernetes 1.16
Kata Containers support
Beginning with Charmed Kubernetes 1.16, the Kata Containers runtime can be used with containerd to safely run insecure or untrusted pods. When enabled, Kata provides hypervisor isolation for pods that request it, while trusted pods can continue to run on a shared kernel via runc.
AWS IAM support
Amazon AWS IAM authentication and authorization is now supported via a subordinate charm.
SSL passthrough support
A new configuration parameter was added to the kubernetes-worker charm to enable SSL passthrough. This allows TLS termination to happen on the workload. Refer to the upstream documentation for more information.
Improved LXD support
LXD containers used for hosting Kubernetes components require some specific profile settings. These profiles are now embedded in the charms themselves and applied when deployed, dramatically simplifying the process of installing Charmed Kubernetes on a single machine. See the Local install documentation for the updated instructions.
Improved Prometheus/Grafana integration
The setup and configuration of Prometheus and Grafana has been significantly streamlined with new relations to allow the charms to manage the scraper job and dashboards. This means that monitoring can now be added by specifying a single overlay when deploying Charmed Kubernetes. Refer to the updated documentation for more information.
Improved OpenStack integration
The OpenStack Integrator charm can now replace the Kube API Load Balancer by providing a native OpenStack load balancer (Octavia or Neutron) to provide HA load balancing for the Kubernetes control plane. Refer to the updated documentation for more information.
Docker Registry with Containerd
The Docker registry charm can now be related directly to the Containerd runtime charm. Refer to the documentation for instructions on how to deploy the charm.
Bug fixes and improvements
List of all fixes can be found here.
Istio v1.2.2 and kiali
The Istio add-on packaged with MicroK8s is now upgraded to version 1.2.2 and now includes Kiali for observability and configuration of the service mesh within MicroK8s.
Cilium allows powerful pod-to-pod connectivity management and service load balancing between pods. You will be able to reach specific pods in your K8s cluster as well as define network security policies for connectivity
The Helm package manager within MicroK8s allows you to manage, update, share and rollback Kubernetes applications.
Improvements in the inspection script
The MicroK8s inspection script now includes information on memory, disk, distribution, uptime, vm information. It checks for SELinux and docker installation and prints warnings. The script also stores kubernetes info about pv and pvc.
Knative upgraded to v0.7.1
RBAC rules for CoreDNS and storage add-ons
Enabling of aggregation layer and fix on metrics server RBAC rules
Other Notable Changes for 1.16
Support for IPv4/IPv6 dual-stack
IPv4/IPv6 dual-stack support and awareness for Kubernetes pods, nodes, and services. This adds IPv4/IPv6 dual stack functionality to Kubernetes clusters, which includes the following concepts: (1) Awareness of multiple IPv4/IPv6 address assignments per pod; and (2) Native IPv4-to-IPv4 in parallel with IPv6-to-IPv6 communications to, from, and within a cluster.
Improved Pod Overhead Accounting
Pod sandbox runtimes introduce a non-negligible overhead at the pod level which should be accounted for to improve scheduling, resource quota management, and constraining.
Node Topology Manager
This new component helps allocate resources for a pod based on requested resources. For instance, consider scenarios where aligning the available physical resources on a computer can improve performance dramatically. Fast virtualised network functions, where a user asks for a “fast network” and automatically gets all the various pieces coordinated (hugepages, cpusets, network device) co-located on a socket. Another example is accelerated neural network training, where a user asks for an accelerator device and some number of exclusive CPUs in order to get the best training performance, due to socket-alignment of the assigned CPUs and devices.
New Endpoint API
The goal of this new API is to support tens of thousands of backend endpoints in a single service on a cluster with thousands of nodes. In the current Endpoints API, any change to the number of pods results in a series of events that, at scale, puts undue strain on multiple parts of the system.
Pod Spreading across Failure Domains
This feature enables the Kubernetes scheduler to spread a group of pods across failure domains. The existing hard inter-pod anti-affinity does not allow more than one pod to exist in a failure domain. The new feature supports more than one pod in a failure domain.
Multiple Features for Windows
Kubeadm for Windows, Support CSI plugins in Windows, and RunAsUserName for Windows.
Kubernetes Metrics Overhaul
In order to have consistently named and high quality metrics, this effort aims to make working with metrics exposed by Kubernetes consistent with the rest of the ecosystem. Provide consistently named and high quality metrics in line with the rest of the Prometheus ecosystem. Consistent labeling in order to allow straightforward joins of metrics.
Kubernetes 1.16 Changes, by the numbers:
Security enhancements: Over 9 pull requests, closing 4 CVE’s and improving the Kubernetes security poster across escalating privileges, TLS between services, Cgroup and user improvements, and more.
Monitoring enhancements: Over 11 pull requests, with upgrades to monitoring components and including the addition of the Overhead field to the PodSpec and RuntimeClass types as part of the Pod Overhead accounting mentioned above.
Public cloud enhancements: Over 17 pull requests, primarily focusing on better networking and storage integration, with a majority of the PRs targeting Azure.
Kubeadm enhancements: Over 24 pull requests, ranging from bug fixes to new features, including support for IPv6 dual stack mode.
Scheduler enhancements: Over 25 scheduling related pull requests, including PRs for the new Pod Overhead features. Enhancements to pod priority and failure zone scheduling are also included
Robustness enhancements: Over 11 pull requests that increase general robustness, with several targeting resource leak scenarios.
Storage enhancements: Over 23 storage related pull requests, the majority are bug fixes, with some upgrades and enhancements.
Networking enhancements: A handful of changes, with the biggest changes for IPv4, IPv6 dual stack support.
API Server enhancements: 9 pull requests, with several targeting improvements in webhook constructs and startup and shutdown experience.
For more information, please see the upstream Kubernetes 1.16 release notes.
Get In Touch
If you’re interested in Kubernetes support, consulting, or training, please get in touch!