Get Started Free

Kubernetes 1.22 and The Direction of Future Releases

Kubernetes 1.22

Kubernetes had its latest major release, 1.22, on September 9th, 2021, with subsequent patch releases 1.22.1 and 1.22.2. In 2021, Kubernetes changed its release cycle from four releases to three for the first time, and the 1.22 release is the second major release of Kubernetes this year. This release contains 53 enhancements with 13 stable enhancements, 24 in beta, and 16 entering alpha with three deprecated features.

Most notable features in the 1.22 release

  • Server-Side Apply (SIG: api-machinery)

Finally, the the server-side apply feature became a stable feature, allowing users and controllers to efficiently manage resources using declarative configurations. Clients can create and modify their objects by sending fully specified intent. Changes to fields of an Object are tracked through a field management mechanism without relying on the last-applied annotation, and any change in these fields leading to apply or update operations. This is poised to become a replacement for kubectl apply as well as a simpler method for controllers to manage changes.

  • External Credential Providers (SIG: auth)

The client credential plugins have been in beta since the 1.11 release, and now they are stable and ready for general availability. Users can confidently use external credential providers in K8s production environments with improved support for interactive login flows and bug fixes.

  • seccomp by Default (SIG: node / sig-security)

Previously, the Kubernetes method for specifying seccomp profiles for workloads was disabled by default. Yet, seccomp is now enabled by default in the alpha version of the new release, enabling users to enforce seccomp at the cluster level. This feature provides an additional layer of security to prevent CVE or 0-days vulnerabilities.

  • API Server Tracking (SIG: instrumentation)

This feature has been requested since 2018 and is now available in Kubernetes with this release as an alpha feature. It will extend the Kubernetes API server to allow tracing requests, increasing the observability of incoming and outgoing requests. This is achieved by using the OpenTelementry libraries as they support exports in OpenTelementry format.

  • PodSecurity Admission Control (SIG: auth)

The Pod Security Policy was deprecated as of Kubernetes 1.21 due to numerous issues relating to the policy authorization model, rollout challenges, and inconsistent API. However, PodSecurity Admission is now available in alpha as the new mechanism to limit privilege escalation out of the box. It acts as a built-in method to limit pod permissions. This admission controller will enforce the Pod Security Standards with enforcement controlled at the namespace level through labels. These policies can be applied in 3 modes as enforcing, audit, and warning with a single namespace supporting multiple modes.

  • Memory Manager (SIG: node)

Memory Manager is the new subcomponent in the kubelet echo system that can be used to enable single-NUMA and multi-NUMA guaranteed memory allocation. This feature was developed to offer guaranteed memory and hugepages allocation over a minimum number of NUMA nodes for containers in a Pod.It will help better optimize containers for high-performance and performance-sensitive workloads.

  • Changes to kubeadm Config File Format (SIG: cluster-lifecycle)

The kubeadm config file has evolved to the v1beta3 version, introducing some welcome changes to this configuration file format. This third beta iteration makes the config file format more CRD and third-party friendly, enabling users to integrate external tools with k8s easily. These changes include adding metadata fields for InitConfiguration, JoinConfiguration, and ClusterConfiguration and marking omit empty fields as +optional. Additionally, it also brings the ability to use the skip phases field in InitConfiguration and JoinConfigurations to skip installing bundled features.

  • Windows Privileged Containers (SIG: windows)

Privileged containers can directly access the host, similar to a process that is directly running on the host machine. Until now, this feature was only supported on Linux containers, while Windows-based containers required workarounds. However, the new release provides privileged container support for Windows as an alpha feature, including support for Windows Server 2019 LTSC and all future Windows server versions. This feature allows windows based containers to directly access the host resources, including network access of the host. This access enables using privileged demon sets to configure the container storage interfaces, log demons, and even perform administrative tasks on host machines like installing updates from Windows-based containers.

The Direction of Future Kubernetes Releases

There are many new enhancements in this new release, and Kubernetes provides a handy google sheet. to track all those enhancements. However, if we dive a bit deeper into this release, it is more focused on quality of life improvements than introducing revolutionary new features. Most alpha and beta features are aimed at improving the user experience of Kubernetes administrators and developers. Overall, this release is focused on extending the existing Kubernetes feature set to support different use cases and requirements with a particular focus on increasing security in all aspects in K8s.

If we look at the next Kubernetes release, which is 1.23, we can see the same trend continuing. Most features in the 1.23 enhancement tracking sheet are also targeted at quality of life improvements. Enhancements like volume health monitoring, kubectl events, kubectl debug, In-place Pod updates are prime examples of QOL improvements in release 1.23. Kubernetes has evolved to the point that it offers a solid foundational feature set to manage any containerized environment. Now it is slowly refining all these features and introducing new community requested features to expand the functionality of Kubernetes further while providing a better user experience.

Conclusion

Kubernetes is rapidly evolving, the future is distributed, yet these rapid changes might affect the stability of your production environments. Therefore, you and your team need to spend considerable time diving into the release notes to understand and decipher all the changes and their effects on your environments.

Fortunately, CloudPlex is here to support your team and help them ride out the storm. CloudPlex will make transitions smoother while allowing you to take advantage of all the new features and enhancements that come with a new release. At the same time, it will ensure that these new features won’t negatively impact your production environments.

Create your free account today.

Start building app

Start building your cloud native application

164460cookie-checkKubernetes 1.22 and The Direction of Future Releases