Author | Xu Di, Lichuan Yun, Huang Ke, Wang Menghai, ROCKETS, poured wave, Chenyou Kun, Li Peng
review | Chen Jun
Significant progress upstream
1. Kubernetes v1.17 release
Functional stability is the top priority. v1.17 contains 22 enhancements : 14 enhancements have been gradually stabilized, 4 enhancements has entered the beta version, 4 enhancements have entered the alpha version .
Major Theme
- Tag cloud providers to achieve GA
This custom label 1.2 version is introduced in version 1.17 finally GA. Before the old label has been discarded: The following label 3 abandoned old has been lost:
beta.kubernetes.io/instance-type (deprecated) -> node.kubernetes.io/instance-type
failure-domain.beta.kubernetes.io/region (deprecated) -> topology.kubernetes.io/region
failure-domain.beta.kubernetes.io/zone (deprecated) -> topology.kubernetes.io/zone
- Volume Snapshot enters beta
V1alpha the first time introduced in version 1.12 version upgrade in the 1.13 to v2alpha (incompatible v1alpha version), currently in version 1.17 officially entered the beta version;
From 1.14 to start the migration alpha.
Characteristics stable
The Node Status kube-scheduler interest from Conditions (e.g.: OutOfDisk \ MemoryPressure) transformed into Taints. Taints sole source Node kube-scheduler state determination, while the user can also be tolerated by declaring Pod Tolerations these nodes have scheduled the Taints.
All containers in the Pod shared PID Namespace properties GA. This feature will facilitate the Pod signaling process (such as after the process Sidecar container log log rotation is completed, a notification process using the new service container log), and the zombie Pod recycling.
pod scheduling Damoneset migration from daemonset controller to do kube-scheduler scheduling to support PodAffnity, PodAntiAffinit capabilities.
This feature is intended to support the upper limit number of scheduling perceived Volume can be mounted on a single Node, and the upper limit of each Node own memory card may be set dynamically. Cloud host cloud vendors typically provide a certain limited number of storage volumes (e.g., memory block) can be mounted, this feature supports scheduler exclude mounting the storage volume has exceeded the selected Node Node support when the Maximum Volume Count the node node.
Supported by the memory card storage topology scheduling CSI achieved perceptual characteristics, which can be scheduled by the corresponding Node topological Pod location information (e.g., Node belongs Region / Zone / Rack, etc.) determines the position of the cloud storage topology dynamically created, PV topology restrictions may also be created by dynamically limiting StorageClass topology stored position may also be determined by using Pod Pod node nodes may be scheduled.
Pod subPath with a plurality of containers in a single container or a plurality mountPath when sharing the same volume in order to build a subdirectory way to do a directory on the same isolation Volume. The subPathExpr field can be constructed subPath directory name from Downward API environment variables, can be more flexible and dynamically generates the corresponding subdirectory name.
Custom Resource current lack of default mechanism, and API compatibility impact of a major default value. This feature to add a default value for the CRD by the checking mechanism OpenAPI v3.
Lease api into the GA stage, kubelet using periodic lease api heartbeat reporting, compared NodeStatus, lease smaller objects, can be reduced kube-apiserver pressure.
kubernetes-test.tar.gz packaged embedded binary file before each platform. Now issued Kubernetes-test package will be the platform as a unit, split into multiple packages.
kube-apiserver watcher server-side current date resourceVersion, can reduce the pressure on kube-apiserver caused by increasing Bookmark restart when watcher event notification.
Conformance testing framework modified to support the definition of behavioral tests. Behavioral testing is a set of test definition experience, code inspection, API model based Perspective. The test itself is specific to conduct verification. This feature allows the two to be separated.
Increase finalizer to do the type of Load Balancer Service delete protection to ensure that Service resource objects can be deleted after Load Balancer been removed.
Prior to watch multiple clients to the same object, the same object needs to sequence multiple times, after the introduction of this feature, the same object serialization only once in the test environment 5000 nodes, the CPU can be reduced 5% and 15% less memory consumption.
Important changes
Add IPv4 / IPv6 Dual Stack Support Add IPv4 / IPv6 dual stack support. That will allow IPv4 and IPv6 addresses assigned to Pods and services. Version 1.18 is expected to kube-proxy support IPv4 / IPv6 dual protocol stack, the code is in review;
Other important features
- Aware of Services Routing Topology (Alpha) : that is, let the Service can achieve close to forwarding, such as the same node, with AZ, with the Region, and so on;
- For Windows RunAsUserName : enhanced security container windows, open through feature gate. 1.16 alpha version features introduced in version 1.17 has become beta (by default automatically open).
2. Knative change
When the current first start is always a start, to check whether the user code works fine, but in some scenarios do not want to start any instance. Recommendations to achieve a global configuration, and can be configured to cover the revision level, if you do not start an instance, the state is set immediately ready, if there is traffic coming cold start the process by starting the instance.
There is not enough reason to add these attributes.
Delete ingress channel from Broker / Trigger model. Current Broker will create two channels:. Trigger and ingress ingress channel for receiving the trigger response results, and then sent to the ingress service but there appears to be an additional multi-hop, introduces latency and reliability issues, compare. better way is to directly transmit the response result to the ingress service.
Open source projects recommended
1. dive
A docker image analysis tools to help quickly analyze the content of each layer, helping to reduce the size of the entire image.
2. amazon-vpc-cni-k8s
aws Web-based plug-in on ENI.
3. Take
Responsible for cordon and drain node, providing dry run mode.
4. Apache Dubbo-go
dubbo of golang achieved.
This week Recommended Reading
This paper mainly describes how to locate the problem a deployment is not working.
This paper presents a Kubernetes audit log analyzer automated vision, but the vision is much more than that. Using machine learning tools like even a potential threat to log in automatically detected in real time. In addition, the manner understandable to the user a summary of the audit log, so that auditors can quickly verify that the identification of patterns and other hidden help investigate suspicious activity.
Many people began to try to move your business to the Kubernetes, then Kubernetes in the end be able to bring what changed? Through this case study uSwitch, can bring a different thinking for you.
- 《Building Large Kubernetes Clusters》
As more and more clusters, building and managing the cluster is a very troublesome problem. LINE share a set of self-development framework Caravan.
《Kubernetes is the future of Computing. What You Should Know About the New Trend》
More and more people start using Kubernetes, some people say it is the next generation of the "operating system", "cloud the future of computing." Quick to understand this trend through this article now.
" Alibaba Cloud native concern micro service, Serverless, container, Service Mesh and other technical fields, focusing cloud native popular technology trends, cloud native large-scale landing practice, most do understand the developer's native cloud technology circles."