The release of the Kubernetes 1.24 container orchestration platform is available, which allows you to manage a cluster of isolated containers as a single entity and provides mechanisms for deploying, maintaining and scaling applications running in containers. The project was originally created by Google, but then transferred to an independent site curated by the Linux Foundation. The platform is positioned as a universal solution developed by the community, not tied to individual systems and able to work with any application in any cloud environment. The Kubernetes code is written in Go and distributed under the Apache 2.0 license.
Features are provided for infrastructure deployment and management, such as DNS database maintenance, load balancing, distribution of containers across cluster nodes (migration of containers depending on changes in load and service needs), application-level health checks, account management, updating and dynamic scaling of a running cluster without stopping it. It is possible to deploy container groups with update and undo operations for the entire group at once, as well as logical splitting of the cluster into parts with resource sharing. There is support for live migration of applications, for the storage of which data can be used both local storages and network storage systems.
Key changes in the new release:
- Storage Capacity Tracking has been stabilized to monitor free space on partitions and send data to the control node to prevent running pods on nodes with insufficient free space.
- The ability to expand storage partitions has been stabilized. The user can resize existing partitions, and Kubernetes will automatically expand the partition and its associated file system without stopping work.
- The runtime Dockershim has been discontinued, which was positioned as a temporary solution for using Docker in Kubernetes, which is not compatible with the standard CRI (container runtime interface) interface and leads to additional complication of the kubelet. To manage sandboxed containers, use a runtime that supports a CRI interface like containerd and CRI-O, or use the cri-dockerd wrapper that implements a CRI interface over the Docker Engine API.
- Experimental support has been provided for verifying container images using digital signatures using the Sigstore service, which maintains a public log for authentication (transparency log). To prevent supply chain attacks and component substitution, release-related artifacts, including all installed Kubernetes binaries, are also digitally signed.
- By default, clusters have stopped enabling beta APIs (test APIs added in previous releases are retained, the change only applies to new APIs).
- Implemented test support for the OpenAPI v3 format.
- An initiative has been introduced to transfer plug-ins for working with storages to the unified CSI (Container Storage Interface) interface while maintaining compatibility at the API level. The Azure Disk and OpenStack Cinder plugins have been translated to CSI.
- The Kubelet Credential Provider has been moved to the beta testing stage, which allows you to dynamically retrieve credentials for the container image repository through the launch of plugins, without storing credentials in the host file system.
- Provided the ability to reserve a range of IP addresses to assign to services. When this option is enabled, the cluster will automatically assign to services only IP addresses from a pool pre-allocated for each service, which avoids collisions when issuing free addresses from a common set.
Source: opennet.ru