Shulou(Shulou.com)06/01 Report--

Most people do not understand the knowledge points of this article "what are the new features of Kubernetes1.5", so the editor summarizes the following content, detailed content, clear steps, and has a certain reference value. I hope you can get something after reading this article. Let's take a look at this "what are the new features of Kubernetes1.5" article.

Kubernetes is a portable, extensible, open source platform for managing containerized workloads and services that facilitate declarative configuration and automation. Kubernetes has a large and fast-growing ecosystem. Kubernetes's services, support, and tools are widely available.

Introduction to the topic

1. StatefulSets (formerly PetSets)

StatefulSets is now in the beta version (mainly repair and stability)

2. Improve federal support

New command: kubefedDaemonSets deploy Configmaps

3. Simplify cluster deployment

Improve HA settings for kubeadmMaster

4. Node robustness and scalability.

Support for Windows Service container implements CRI (Container Runtime Interface) introduction to new features of authentication and authorization when adding kubelet API calls

1. API mechanism

[beta] kube-apiserver supports OpenAPI moving from alpha to beta, and the first non-go client is based on this feature.

2. Application

[Stable] when replica sets cannot create a Pods, they report the detailed underlying reason for the failure through API. [Stable] kubectl apply can now delete resources that are no longer needed through-prune. [beta] Deployments can now be upgraded to a new version through API, while [beta] StatefulSets, which previously could not be upgraded by scrolling, allows workloads that require persistence of identity or single-instance storage to be created and managed in Kubernetes. [beta] in order to provide security, the cluster will not forcibly delete the Pods on the unresponsive node. Users will be warned if they forcibly delete the Pods through CLI.

3. Authentication

[Alpha] improved role-based access control alpha API. (including a set of default cluster roles) [Beta] adds an authentication / authorization mechanism for Kubelet API access.

4 、 AWS

[stable] the role appears in the results of kubectl get nodes.

5. Cluster life cycle

[alpha] improves the interaction and availability of kubeadmbinary packages, making it easier to create a new running cluster.

6. Cluster operation and maintenance

[alpha] use the kube-up/kube-down script on GCE to create / remove highly available (replicated) master nodes in the cluster.

7. Federation

[beta] supports federated ConfigMaps. [alpha] supports federated Daemonsets. [alpha] supports federated Deployments. [alpha] Cluster federation: add support for DeleteOptions.OrphanDependents for federated resources. [alpha] introduce a new command line tool: kubefed to simplify the deployment of the federated console and the cluster registration / logout experience.

8. Network

[stable] Services can be referenced by other services by DNS names, not only in pods. [beta] keep the option of source IP for services of type NodePort and LoadBalancer. [stable] enable DNS horizontal automatic scaling supported by beta ConfigMap parameter

9. Node

[alpha] supports preserving access to the host user namespace when user namespace remapping is enabled at container runtime. [alpha] introduces the v1alpha1 version of CRI (Container Runtime Interface) API, which allows pluggable container runtimes; there is an existing docker-CRI integration ready for testing and feedback. [alpha] Kubelet launches the container at the CGroup level of each Pod based on the QoS layer. [beta] Kubelet integrates memcg prompt message API to detect whether the threshold is exceeded. [beta] introduced Beta version of containerized node conformance test: gcr.io/google_containers/node-test:0.2. This allows the user to verify the node settings.

10. Scheduling

[alpha] added audit support for opaque integer resources (node level). [beta] PodDisruptionBudget has been upgraded to the Beta version, which can be used to securely drain nodes when you want to apply SLO.

11 、 UI

[stable] Dashboard UI now displays user-oriented objects and their resource usage.

12 、 Windows

[alpha] added support for Windows Server 2016 nodes and scheduling Windows Server Container. Known problems CRI known problems and limitations. When the volume path contains spaces, the DeviceNameFromMount () function does not return the volume path correctly. The feature of the federated alpha version does not have a feature definition, so it is enabled by default, and this issue will be fixed in future releases. The federated dashboard can be upgraded by updating the mirror field of the dashboard component Deployment specification, but the federated dashboard upgrade has not been tested in this version. Major change

1. The node controller no longer forcibly deletes pods from apiServer.

For stateful application StatefulSet (formerly known as PetSet), this change means that the Pods that creates the replacement is blocked until the old Pods is determined not to run (meaning that the kubelet is returned from the partition, the Node object is deleted, the instance in the cloud service provider is deleted, or the Pod in the api-Server is forcibly deleted). This is to prevent "brain cracks" in cluster applications by ensuring that unreachable Pod is not considered dead, unless some "encirclement" operation provides one of the above.

For other existing controllers other than StatefulSet, this has no effect on controller replacement of Pods, because controllers do not reuse Pods names (they use generate-name) user-written controllers reuse the names of Pod objects, and this change should be taken into account.

When using kubectl delete... -when grace-period=0 deletes an object, the client starts to delete gracefully and waits until the resource is completely deleted. To force deletion immediately, use the-force flag. This prevents users from accidentally sharing the same persistent storage that can cause data corruption between two Stateful Set.

2. Allow access to anonymous API servers and set authenticated users through the authorization group system

Kube-apiserver adds the-anonymous-auth flag, which defaults to true. When enabled, requests to access the secure port are not denied by other configured authentication methods, which are treated as anonymous requests with a user name of system:anonymous and an organization of system:unauthenticated. Authenticated users are set to the system:authenticated group.

3. Even if the path is a valid field for the type, if the path does not provide a field under the json file, kubectl get-o jsonpath= … An error will be thrown. This change starts with the pre-1.5 version, and even if they are not currently under the json file, they will return the default values of some fields.

4. The strategicmerge patchMergeKey for VolumeMounts is changed from "name" to "mountPath". This is necessary because the name field refers to the name of Volume and is not the only key for VolumeMount. If you install multiple identical volume, multiple VolumeMounts will have the same Volume name. "mountPath" is unique and can be used as a mergekey.

Considerations before upgrad

1. Before upgrading, important security-related changes must be set in kube-apiserver-anonymous-auth=false parameter, unless you are a developer testing the feature and understand it. If not, you will allow unauthorized users to access your apiserver.

The-anonymous-auth=false parameter must be set in the federated apiserver, unless you are a developer testing the feature and know it. If not, you will allow unauthorized users to access your federated apiserver. You do not need to adjust this parameter of kublete: 1. 4 Kubelet APIs is not authorized.

2. Batch/v2alpha1.ScheduledJob is renamed to batch/v2alpha1.CronJob.

3. PetSet is renamed to StatefulSet. If you have PetSets now, you need to do some additional migration before and after upgrading to StatefulSets.

4. If you upgrade your cluster federation components from v1.4.x, please update your federation-apiserver and federation-controller-manager to the new version.

5. The obsolete kubelet-configure-cbr0 parameter is removed. So is the classic network model. If you rely on this model, please investigate whether other web plug-ins, kubenet or cni, meet the requirements.

6. New client-go structure, refer to kubernetes/client-go for version control strategy.

7. The obsolete kube-scheduler-bind-pods-qps and-bind-pods burst parameters are removed and replaced with-kube-api-qps and-kube-api-burst.

8. If you need to use the feature of PodDisruptionBudget (for example, creating a PodDisruptionBudget object), be sure to delete all created PodDisruptionBudget objects (policy/v1alpha1/PodDisruptionBudget) before upgrading from 1.4 to 1.5. It is not possible to delete these objects after upgrading. Their existence will also prevent you from using the Beta version of the PodDisruptionBudget feature (policy/v1beta1/PodDisruptionBudget) in 1.5. If you have already upgraded, you need to downgrade to 1.4 to delete the policy/v1alpha1/PodDisruptionBudget object.

The above is about the content of this article on "what are the new features of Kubernetes1.5". I believe we all have a certain understanding. I hope the content shared by the editor will be helpful to you. If you want to know more about the relevant knowledge, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.