Kubernetes continues to evolve, offering new features and improvements with each release to enhance container orchestration. The 1.28.0 release is no exception, bringing a host of updates that touch on everything from security and performance to developer tools and API enhancements. Let's dive into what this new version has to offer.
Pod Security gets a significant upgrade, allowing administrators to create more granular security rules. This makes it easier to enforce security best practices without compromising application functionality.
The new Kubelet TLS Bootstrap feature automates the creation of TLS certificates, making it easier for Kubelets to securely communicate with the control plane, thereby enhancing cluster security.
Recovery from Non-Graceful Node Shutdown
This feature, now stable, allows for better handling of unexpected node shutdowns, enabling stateful workloads to restart on a different node successfully.
The Topology Manager feature has been improved for better resource allocation based on hardware topology, particularly beneficial for complex hardware setups like NUMA architectures.
The supported version skew between node and control plane components has been expanded from n-2 to n-3. This change reduces the time lost to node maintenance, particularly beneficial for environments with long-running workloads.
Dynamic auditing is now available, allowing for the instant creation of audit policies. This feature provides greater flexibility in adapting to changing security requirements and compliance standards.
The introduction of the Common Expression Language (CEL) for validation rules allows for more complex validation without the need for webhooks. This addition simplifies the development and operability of Custom Resource Definitions (CRDs).
This feature, now in beta, allows for in-process validation of requests to the Kubernetes API server, offering an alternative to validating admission webhooks.
This feature, which has moved to beta, allows you to specify conditions for when Kubernetes should make a remote HTTP call at admission time.
The new `kubectl debug` tool simplifies the debugging process by allowing the creation of temporary debugging containers within existing pods.
This alpha feature introduces a ”restartPolicy” field for init containers, indicating when an init container is also a sidecar container. This feature enhances the startup sequence of containers within a pod.
New volume snapshot and restore capabilities have been introduced, making it easier to manage and recover data.
This alpha feature provides a standardized way of injecting complex devices into containers.
This feature, now stable, automatically sets a `storageClassName` for a PersistentVolumeClaim if none is provided.
This alpha feature allows you to specify when new Pods should be created as replacements for existing Pods in Jobs.
This extends the Job API to support indexed jobs where the backoff limit is per index, allowing the Job to continue execution despite some of its indexes failing.
Kubernetes 1.28.0 is packed with features and improvements that make the platform more secure, efficient, and developer-friendly. Whether you're an administrator looking to enhance security measures or a developer aiming for more efficient resource management and debugging, this version has something to offer.