Posts in 2022
Kubernetes 1.25: Two Features for Apps Rollouts Graduate to Stable
By Ravi Gudimetla (Apple), Filip Křepinský (Red Hat), Maciej Szulik (Red Hat) | Thursday, September 15, 2022 in Blog
This blog describes the two features namely minReadySeconds for StatefulSets and maxSurge for DaemonSets that SIG Apps is happy to graduate to stable in Kubernetes 1.25. Specifying minReadySeconds slows down a rollout of a StatefulSet, when using a …
Kubernetes 1.25: PodHasNetwork Condition for Pods
By Deep Debroy (Apple) | Wednesday, September 14, 2022 in Blog
Kubernetes 1.25 introduces Alpha support for a new kubelet-managed pod condition in the status field of a pod: PodHasNetwork. The kubelet, for a worker node, will use the PodHasNetwork condition to accurately surface the initialization state of a pod …
Announcing the Auto-refreshing Official Kubernetes CVE Feed
By Pushkar Joglekar (VMware) | Monday, September 12, 2022 in Blog
A long-standing request from the Kubernetes community has been to have a programmatic way for end users to keep track of Kubernetes security issues (also called "CVEs", after the database that tracks public security issues across different …
Kubernetes 1.25: KMS V2 Improvements
By Anish Ramasekar, Rita Zhang, Mo Khan, Xander Grzywinski (Microsoft) | Friday, September 09, 2022 in Blog
With Kubernetes v1.25, SIG Auth is introducing a new v2alpha1 version of the Key Management Service (KMS) API. There are a lot of improvements in the works, and we're excited to be able to start down the path of a new and improved KMS! What is KMS? …
Kubernetes’s IPTables Chains Are Not API
By Dan Winship (Red Hat) | Wednesday, September 07, 2022 in Blog
Some Kubernetes components (such as kubelet and kube-proxy) create iptables chains and rules as part of their operation. These chains were never intended to be part of any Kubernetes API/ABI guarantees, but some external components nonetheless make …
Introducing COSI: Object Storage Management using Kubernetes APIs
By Sidhartha Mani (Minio, Inc) | Friday, September 02, 2022 in Blog
This article introduces the Container Object Storage Interface (COSI), a standard for provisioning and consuming object storage in Kubernetes. It is an alpha feature in Kubernetes v1.25. File and block storage are treated as first class citizens in …
Kubernetes 1.25: cgroup v2 graduates to GA
By David Porter (Google), Mrunal Patel (Red Hat) | Wednesday, August 31, 2022 in Blog
Kubernetes 1.25 brings cgroup v2 to GA (general availability), letting the kubelet use the latest container resource management capabilities. What are cgroups? Effective resource management is a critical aspect of Kubernetes. This involves managing …
Kubernetes 1.25: CSI Inline Volumes have graduated to GA
By Jonathan Dobson (Red Hat) | Monday, August 29, 2022 in Blog
CSI Inline Volumes were introduced as an alpha feature in Kubernetes 1.15 and have been beta since 1.16. We are happy to announce that this feature has graduated to General Availability (GA) status in Kubernetes 1.25. CSI Inline Volumes are similar …
Kubernetes v1.25: Pod Security Admission Controller in Stable
By Tim Allclair (Google), Sam Stoelinga (Google) | Thursday, August 25, 2022 in Blog
The release of Kubernetes v1.25 marks a major milestone for Kubernetes out-of-the-box pod security controls: Pod Security admission (PSA) graduated to stable, and Pod Security Policy (PSP) has been removed. PSP was deprecated in Kubernetes v1.21, and …
PodSecurityPolicy: The Historical Context
By Mahé Tardy (Quarkslab) | Tuesday, August 23, 2022 in Blog
The PodSecurityPolicy (PSP) admission controller has been removed, as of Kubernetes v1.25. Its deprecation was announced and detailed in the blog post PodSecurityPolicy Deprecation: Past, Present, and Future, published for the Kubernetes v1.21 …