Shulou(Shulou.com)06/01 Report--

This article focuses on "what are the new features of kubernetes1.15", friends who are interested may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn what are the new features of kubernetes1.15.

1. Core function # 1024 NodeLocal DNSCache

Progress: towards Beta

Property classification: Network

NodeLocal DNSCache improves the DNS performance of the cluster by running the DNS cache agent as Deamonset on the cluster node, thus avoiding the use of iptables DNAT rules and connection tracking. If the local DNS cache agent cannot find the corresponding DNS record in memory, it initiates a query request to the kube-dns service (suffixed with cluster.local by default).

For more details on this feature, read the design instructions in the Kubernetes Enhancement Proposal (KEP) documentation.

# 383 Redesign event API

Progress: Alpha

Property classification: Scalability

This work has two main objectives:

Reduce the performance impact of Events on the rest of the cluster

Adding more data structures to the Event object is a necessary and first step in automating Event analysis.

At present, the main problem of Event API is that it contains too much spam information, which makes it difficult to absorb and analyze effective information. In addition, there are several performance issues, such as when there is a problem with the cluster, Events may overload the API server (such as the common crashloop)

For a discussion of the issue as well as proposed solutions and improvements, please refer to the design proposal here.

# 492 Admission webhook

Progress: Beta

Property classification: API

Mutating and Validating Admission Webhook have become the mainstream options for extending API. Before 1.15, all webhook are called only once in alphabetical order, which leads to a problem: an earlier webhook cannot cope with subsequent webhook updates, which may lead to unknown problems, such as the previous webhook sets the startup parameters of a pod, and the subsequent webhook changes or removes it.

In Kubernetes 1.15, webhook is allowed to be called repeatedly, even with modifications to the same object. If you want to enable this feature, you must make sure that any admission webhook you introduce is idempotent, that is, performing any number of operations on the same object has the same effect as performing one operation.

# 624 Scheduling framework

Progress: Alpha

Property classification: Scheduling

This feature designs a new pluggable structure for Kubernetes 1.15 scheduler, mainly to meet the increasing demand for customized scheduling. Scheduler Framework adds more than ten interfaces such as reserve, pre-bind and so on to the original Priority/Predicates interface.

The following figure shows the scheduling process of Pod in the new Scheduling framework:

For more information about this feature, please refer to the official design documentation.

# 606 Support 3rd party device monitoring plugins

Progress: towards Beta

Property classification: Node

This feature allows Kubelet to expose container binding information to third-party monitoring plug-ins so that system administrators can use third-party device monitoring agents to monitor the usage of custom resources allocated to Pod (for example, GPU usage per Pod).

Before decoupling, Kubelet detects the existence of all supported devices, even if the node does not have the device installed.

After using the new framework, Kubelet provides a new GRPC service through / var/lib/kubelet/pod-resources/kubelet.sock, which exposes information about the resources assigned to containers and devices.

# 757 Pid limiting

Progress: towards Beta

Property classification: Node

Pid is a very important resource in Linux system, and it is easy for the system to reach the limit of the number of processes before the usage of CPU or memory reaches the limit. So administrators have to find a way to ensure that Pod does not run out of Pid on the system, thus preventing other important services from running (for example, container runtime,kubelet, etc.).

The new feature allows you to modify the Kubelet configuration to limit the number of Pid per Pod. The ability to restrict Pid at the Node level can now be used directly, eliminating the need for SupportNodePidsLimit=true display settings through the feature gate parameter.

This feature is described in detail on the official Kubernetes blog.

# 902 Add non-preempting option to PriorityClasses

Progress: Alpha

Property classification: Scheduling

Kubernetes 1.15 adds the PreemptionPolicy field to the PriorityClass as an Alpha feature.

The default value of the PreemptionPolicy field is PreemptLowerPriority, which means that the priority Pod is allowed to preempt the lower priority Pod (this is the default preemption behavior). If the value of the PreemptionPolicy field is Never, the Pod is placed in the scheduling queue ahead of the low priority Pod, but cannot preempt other Pod.

Take the field of data science as an example: the user submitted a job. He wants this job to have a higher priority than other job, but he does not want the current task to be shelved because of preemption of Pod.

# 917 Add go module support to k8s.io/kubernetes

Progress: Stable

Property classification: Architecture

Since Kubernetes was open source, godep has been used to vendoring all dependent libraries. As the Go ecosystem becomes more and more mature, vendoring has become mainstream, and godep is no longer maintained, so Kubernetes started using a customized version of godep, along with other vendoring tools (such as glide and dep), and now Go dependency library management can finally be added directly to Go in the form of go module.

Go has enabled go module by default since 1.13, and removed the $GOPATH mode. To support this change, Kubernetes version 1.15 adjusts the code of several components to use go module.

# 956 Add Watch bookmarks support

Progress: Alpha

Property classification: API

A Kubernetes cluster will only keep a change history for a period of time. For example, a cluster using etcd3 will keep a change history of 5 minutes by default. Adding a bookmark (bookmark) to the Kubernetes Watch event can be imagined as having an extra checkpoint, and all the objects requested by Client will be filtered out by this bookmark if they match the resource version (resourceVersion) that you want to find in advance.

For example, add a Watch request to find all resource version X events, and then API server knows that the Watch request is not interested in events of other resource versions, so it will use bookmarks to skip all other events and only send specific events to the client, so as to avoid increasing the load on API server.

# 962 Execution hooks

Progress: Alpha

Property classification: storage

ExecutionHook provides a general mechanism that allows users to trigger hook commands that they want to execute in the container, such as:

Application backup

Upgrade

Database migration

Reload the configuration file

Restart the container

The definition of hook contains two important pieces of information:

What commands need to be executed?

Where to execute the command (via Pod Selector)

A simple example is provided below:

For more details on this feature, read the design instructions in the Kubernetes Enhancement Proposal (KEP) documentation.

# 981 PDB support for custom resources with scale subresource

Progress: towards Beta

Property classification: Apps

Pod Disruption Budget (PDB) is a Kubernetes API that limits the number of Pod downtime in applications that voluntarily break down at the same time, such as Deployment or ReplicaSet. PDB can customize the outage budget by specifying the minimum number of available or the maximum number of unavailable Pod.

For example, for a stateless front-end application:

Requirements: service capacity cannot be reduced by more than 10%

Solution: use a PDB with a value of minAvailable 90%

Using PDB allows administrators to manipulate Kubernetes workloads without compromising the availability and performance of the service.

two。 Custom Resources # 95 CustomResourceDefinitions

Progress: Beta

Property classification: API

This feature has no substantive functionality, but groups the fixes and improvements related to CRD in Kubernetes version 1.15:

Structural schema using OpenAPI

CRD pruning

CRD defaulting

Webhook conversion moved to beta

Publishing the CRD OpenAPI schema

# 692 Publish CRD OpenAPI schema

Progress: towards Beta

Property classification: API

This feature allows developers to use OpenAPI v3 schema to define CustomResource Definition (CRD) to enable authentication of CustomResources (CR) on the Server side.

Publishing a CRD that uses the OpenAPI specification can enable client-side verification (such as kubectl create and kubectl apply), or describe the specification (such as kubectl explain), and Client will be generated automatically because of CRs, so developers can easily interact with API using any supported programming language.

Using the OpenAPI specification helps to make the development direction of CRD developers and Kubernetes API clearer, and the document format more concise.

# 575 Defaulting and pruning for custom resources

Progress: Alpha

Property classification: API

The following two features are mainly designed to make CRD-related JSON processing easier.

Pruning: CRD is traditionally stored in ETCD in JSON format. Now if it is defined by the OpenAPI v3 specification and the value of preserveUnknownFields is false, undefined fields will be deleted when they are created or updated.

Defaulting: this feature is in the Alpha phase in Kubernetes version 1.15. It is disabled by default and can be enabled through the parameter CustomResourceDefaulting of feature gate. Like Pruning, Defaulting has to set the specification at the beginning, and those that do not conform to the specification will be removed.

# 598 Webhook conversion for custom resources

Progress: towards Beta

Property classification: API

Different CRD versions can have different specifications, and now you can handle the conversion between different versions in the operation, and implement the version conversion webhook. This webhook will be called in the following situations:

The requested custom resource version is not consistent with the originally stored version

The custom resource created a version during Watch, but it was found to be inconsistent with the stored version the next time it was modified.

When using PUT to request a custom resource, it is found that the requested version is not consistent with the stored version

Here is an example of a webhook server that converts custom resources to and from each other, which can be used as a reference.

3. Configuration Management # 515 Kubectl get and describe should work well with extensions

Progress: towards Stable

Property classification: Cli

Kubectl get and describe can now be used to get third-party API extensions and CRD to provide custom formatted output. This feature allows the output to be printed to the server, achieving better scalability and decoupling Kubectl from the implementation details of the extension.

For more details on this feature, you can consult the relevant design documentation.

# 970 Kubeadm: New v1beta2 config format

Progress: towards Beta

Property classification: Cluster lifecycle

Over time, the number of options for configuring Kubernetes cluster creation in kubeadm's configuration file has greatly increased, and then the number of CLI parameters has not changed, so causing the use of configuration files to create clusters is currently the only way to better meet the needs of users.

The goal of this feature is to redesign the configured storage to improve the problems encountered in the current version, instead of using a single configuration file with all options, and using substructures to provide better support for highly available clusters.

# 357 Ability to create dynamic HA clusters with kubeadm

Progress: towards Beta

Property classification: Cluster lifecycle

Kubernetes can provide high availability through multiple control planes. The kubeadm tool can now be used to create highly available clusters in two ways:

Coexistence of etcd and Control Plane nodes (Master)

Etcd and Control Plane nodes (Master) are separate

This version of kubeadm will automatically copy the required certificates, reducing the need for human intervention. The current practice is to use a temporarily encrypted key to ensure the security of the certificate during transmission. For more details, please refer to the KEP documentation.

4. Cloud provider # 423 Support AWS network load balancer

Progress: towards Beta

Property classification: AWS

In Kubernetes 1.15, when the type of Service is LoadBalancer, you can directly request the establishment of AWS NLB through annotations:

Unlike the classic elastic load balancer, Network Load Balancers (NLBs) passes the client's IP directly to the node. AWS NLB has been in the Alpha phase since 1.9, and now the code and API are relatively stable, so you are ready to migrate to the Beta phase.

# 980 Finalizer protection for service LoadBalancers

Progress: Alpha

Property classification: Network

By default, the Load Balancer resources provided by cloud service providers should be deleted when the Kubernetes Service is deleted. However, in various extreme cases, it can be found that the Load Balancer resources are isolated and not deleted after deleting the associated Kubernetes Service, and Finalizer is introduced to prevent this from happening.

If your cluster has enabled integration with cloud service providers, Finalizer will be attached to any Kubernetes Service that contains a type=LoadBalancer field. When this type of Service is about to be deleted, Finalizer will freeze the deletion of Serivce first, directly ensuring that LoadBalancer resources are removed before the Service is actually deleted.

5. Storage # 625 In-tree storage plugin to CSI Driver Migration

Progress: Alpha

Property classification: Storage

Storage plug-ins are initially in the base code library of Kubernetes, which increases the complexity of code maintenance and hinders its expansibility. So the goal of this feature is to move all storage-related code out into installable plug-ins and interact with Kubernetes through Container Storage Interface (CSI). This reduces the cost of development, makes it more modular and scalable, and makes different versions of storage plug-ins more compatible with Kubernetes. For the latest developments in this feature, please refer to here.

# 989 Extend allowed PVC DataSources

Progress: Alpha

Property classification: Storage

This feature allows users to copy existing PV. Replication is actually not the same as backup. Replication results in a new storage volume with exactly the same content as the original. Replicating an existing PV consumes users' storage volume quotas and follows the same creation and inspection process as other storage volumes, and the replicated PV has the same lifecycle and workflow as a normal PV. When using this feature, you need to be aware of the following:

The VolumePVCDataSource parameter of the replication feature applies only to CSI Driver.

The replication feature applies only to dynamic storage volume configurations.

Whether the replication function can be used or not depends on whether CSI Driver implements the replication function of storage volumes.

# 1029 Quotas for ephemeral storage

Progress: Alpha

Property classification: Node

The current mechanism for limiting the use of temporary storage volumes is to periodically traverse to see the size of each temporary storage volume, which is slow and has a high latency. The mechanism proposed in this feature uses the Project Quota of the file system to monitor resource consumption before deciding whether or not to limit its usage. It is hoped that the following goals can be achieved:

Improve the performance of monitoring by collecting information about the use of temporary volumes by using Project Quota in a non-mandatory manner.

A storage volume that has been deleted in Pod but is hidden because the file is still open is detected.

This allows you to limit the usage of each storage volume through Project Quota.

# 531 Add support for online resizing of PVs

Progress: towards Beta

Property classification: Storage

This feature allows users to modify the PVC to extend the file system used by the storage volume online without the need to restart the PVC that uses the storage volume. The function of online extension PVC is still in the Beta stage and is enabled by default. You can also turn it on through the feature gate parameter ExpandInUsePersistentVolumes display.

The extension behavior of the file system is triggered in the following situations:

When Pod starts

When Pod is running and the underlying file system supports online extensions (for example, XFS,ext3 or ext4)

For more information about this feature, please refer to the official Kubernetes documentation.

# 559 Provide environment variables expansion in sub path mount

Progress: towards Beta

Property classification: Storage

At present, Kubernetes has a limitation on the support of local storage volumes on mount nodes: if there are two Pod greater than or equal to running on the same node, writing the same log file name to the same storage volume at the same time will cause these Pod conflicts.

Using subPath is a good choice, but subPath can only write dead at the moment and does not provide flexibility. The previous solution was to create a Sidecar container with a soft link with a mount path.

To solve this problem more conveniently, it is now proposed to add environment variables to subPath to ease this limitation, refer to the following example:

It can also be written in this format:

At this point, I believe you have a deeper understanding of "what are the new features of kubernetes1.15?" you might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.