Shulou(Shulou.com)05/31 Report--

This article mainly introduces what are the new features of Kubernetes 1.20. It is very detailed and has a certain reference value. Friends who are interested must finish it!

Kubernetes 1.20 has 43 enhancements (34 enhancements from 1.19), including 15 new, 11 upgraded to stable, and 17 improvements to existing features.

This shows that the scope of these enhancements is small. For example, some changes have been made to kube-apiserver to make it more friendly and perform better in the HA cluster. It can also be restarted more effectively after an upgrade.

Why is this?

These small improvements and new features pave the way for major changes in the future. However, there has been a major change in the latest version (though long awaited).

Kubernetes deprecates Docker

Starting with version 1.20, Kubernetes will no longer support Docker as a container runtime, but will support the container runtime interface Container Runtime Interface (CRI).

But don't panic!

That doesn't mean Docker is dead, and you don't have to give up the Docker tool. For Kubernetes users, it won't change much, because you can still build containers using Docker, and the resulting images will continue to run in the Kubernetes cluster.

However, Kubernetes plans to remove Docker engine support from kubelet and dockershim in future releases, probably later next year. But you can continue to use it by replacing the built-in dockershim with an external dockershim.

Docker and Mirantis also agreed to cooperate and maintain shim code outside of Kubernetes as a consistent CRI interface to the Docker engine. This ensures that it passes all conformance tests and works as seamlessly as previous built-in versions.

To maintain a good developer experience, Docker plans to continue to publish this shim to the Docker desktop, and Mirantis will take advantage of this feature in the Mirantis Kubernetes engine. In addition, net/net support for container images built with the Docker tool will not be deprecated and will work as before.

Although Docker is the leading container solution, it is not developed for embedding in Kubernetes. It not only has container runtime capabilities, but also has a variety of UX enhancements that allow developers to interact seamlessly with it.

Docker is a complete technology stack (not just a containerized platform), and it also provides an advanced container runtime called "containerd", which will be your container runtime option from now on.

These updates and enhancements do not necessarily focus on Kubernetes. Instead, they are designed to overcome obstacles so that developers can make the most of them. For example, Kubernetes clusters currently need a tool called Dockershim, which is containerized. It is used to add a degree of complexity to another tool that the team must maintain. However, it is often a source of errors and other problems. As a result, the Kubernetes project plans to remove Dockershim and end support for Docker in version 1.23.

This means that the problem only boils down to replacing Docker with the CRI runtime. But for now, Docker development is still the same without any significant difference. The image of the built-in Docker is not Docker-specific, but Open Container Initiative (OCI) images.

OCI was established by Docker in 2015 to support interoperable container standards (to ensure that containers can run in any environment). Over the past five years, it has proved to be a great success, promoting innovation while maintaining interoperability. To use these images, you can use containerd or CRI-O.

Exciting new features 1. CronJobs and Kubelet CRI support

CronJobs was introduced in version 1.4 and has CRI support since version 1.5. However, although it is widely used, it is not considered stable. Therefore, it is nice to see that the functionality that developers rely on to run the production cluster is no longer considered an Alpha.

2. CSIServiceAccountToken

This update greatly improves security by enhancing authentication and token processing. You can now access volumes that require authentication (including secret vaults) more securely, and it is much easier to set up and deploy.

3. Publicly focused metrics on resource requests and limitations on the Pod model

There are now more metrics to better plan the capacity of the cluster, which can also help troubleshoot when it comes to eviction problems.

4. Elegant node shutdown

Although it is a small feature, it makes the work of developers much easier. By releasing resources appropriately when the node shuts down, you can now avoid strange behavior.

5. Kube-apiserver identity

The unique identifier for each kube-apiserver instance usually goes unnoticed, but this is necessary because understanding it will help ensure high availability features in future Kubernetes releases.

6. System component log cleanup

Kubernetes system vulnerabilities have recently been exposed, especially when credentials are leaked to log output. With the big picture in mind, you can now identify potential sources of leaks and establish editing mechanisms to eliminate them.

Kubernetes's system vulnerabilities have recently been exposed, especially when credentials are leaked to log output. You can now identify the potential source of the leak and set up a revision mechanism to eliminate these vulnerabilities.

Key deprecation that you should know 1. Kubeadm primary node role renaming

Phase: deprecation

Functional groups: cluster lifecycle

Now change node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane.

two。 Deprecate and disable SelfLink

Phase: upgrade to Beta

Function group: api-machinery

The SelfLink field in each Kubernetes object contains a URL that represents a given object, but does not provide any new information. At the same time, its creation and maintenance can affect performance.

Kubernetes 1.16 has been deprecated, and from now on, the feature gate (feature gate) is disabled by default and is scheduled to be removed in Kubernetes 1.21.

3. Streaming agent redirection

Phase: deprecation

Feature groups: nod

Marked as deprecated in version 1.18, the StreamingProxyRedirects and-- redirect-container-streaming flags are not enabled. It is also disabled by default in version 1.22 and completely removed in version 1.24.

As you can see from above, Kubernetes developers and administrators have nothing to worry about. When they use docker commands and kubectl commands to manage Kubernetes clusters, they are essentially business.

These are all the contents of this article entitled "what are the new features of Kubernetes 1.20?" Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.