Kubernetes continues to evolve, offering new features and improvements with each release to enhance container orchestration. The 1.28.0 release is no exception, bringing a host of updates that touch on everything from security and performance to developer tools and API enhancements. Let's dive into what this new version has to offer.
Security Enhancements
Advanced Pod Security
Pod Security gets a significant upgrade, allowing administrators to create more granular security rules. This makes it easier to enforce security best practices without compromising application functionality.
Kubelet Certificates and TLS
The new Kubelet TLS Bootstrap feature automates the creation of TLS certificates, making it easier for Kubelets to securely communicate with the control plane, thereby enhancing cluster security.
Recovery from Non-Graceful Node Shutdown
This feature, now stable, allows for better handling of unexpected node shutdowns, enabling stateful workloads to restart on a different node successfully.
Performance and Resource Management
Kubernetes Topology Manager
The Topology Manager feature has been improved for better resource allocation based on hardware topology, particularly beneficial for complex hardware setups like NUMA architectures.
Supported Skew Between Control Plane and Node Versions
The supported version skew between node and control plane components has been expanded from n-2 to n-3. This change reduces the time lost to node maintenance, particularly beneficial for environments with long-running workloads.
Logging and Monitoring
Dynamic Logs
Dynamic auditing is now available, allowing for the instant creation of audit policies. This feature provides greater flexibility in adapting to changing security requirements and compliance standards.
API and Custom Resource Enhancements
CustomResourceDefinition Validation Rules
The introduction of the Common Expression Language (CEL) for validation rules allows for more complex validation without the need for webhooks. This addition simplifies the development and operability of Custom Resource Definitions (CRDs).
ValidatingAdmissionPolicies
This feature, now in beta, allows for in-process validation of requests to the Kubernetes API server, offering an alternative to validating admission webhooks.
Match Conditions for Admission Webhooks
This feature, which has moved to beta, allows you to specify conditions for when Kubernetes should make a remote HTTP call at admission time.
Developer Tools and Flexibility
Kubectl Debug
The new `kubectl debug` tool simplifies the debugging process by allowing the creation of temporary debugging containers within existing pods.
API Awareness of Sidecar Containers
This alpha feature introduces a ”restartPolicy” field for init containers, indicating when an init container is also a sidecar container. This feature enhances the startup sequence of containers within a pod.
Data Backup and Recovery
Snapshot and Restorations
New volume snapshot and restore capabilities have been introduced, making it easier to manage and recover data.
Other Notable Features
Support for CDI Injection into Containers
This alpha feature provides a standardized way of injecting complex devices into containers.
Automatic Assignment of Default StorageClass
This feature, now stable, automatically sets a `storageClassName` for a PersistentVolumeClaim if none is provided.
Pod Replacement Policy for Jobs
This alpha feature allows you to specify when new Pods should be created as replacements for existing Pods in Jobs.
Job Retry Backoff Limit, Per Index
This extends the Job API to support indexed jobs where the backoff limit is per index, allowing the Job to continue execution despite some of its indexes failing.
Conclusion
Kubernetes 1.28.0 is packed with features and improvements that make the platform more secure, efficient, and developer-friendly. Whether you're an administrator looking to enhance security measures or a developer aiming for more efficient resource management and debugging, this version has something to offer.
