What’s New in Kubernetes 1.23 - Events API, Pod Security Standards, IPv6, and Much More
Kubernetes 1.23 moved to general release this week, and this last release of 2021 is a gift by and for the Kubernetes community. With 45 new improvements, this is a robust bundle of goodies with some exciting features — some brand new, some incrementally improved, and some stepping up to general availability.
Let’s unwrap some of these presents and take a look at the enhancements that stand out.
Updates to the Kubernetes API in Version 1.23
We’ll start off considering enhancements to the API, since those often feel the most tangible, and put tools directly into the hands of developers and cluster administrators.
Kubernetes 1.23 introduces a brand new feature in alpha: events. The Kubernetes team has recognized a need for dedicated, API-driven event monitoring deeper than
get, and answered with a deceptively simple new
This will be useful for users wishing to filter different types of events when observing their clusters — or those who would like to see all changes to an object. This sub-command is completely divorced from
get, meaning that in the future, it can expand the watch flag with event-specific functionality that wouldn’t be possible with
get, such as watching a particular resource until a specific event occurs.
It’s early days for this feature, but it promises much more granular resource observation in the future. You can read more about it on the GitHub page for the enhancement.
Horizontal Pod Autoscaler (HPA) API
We can congratulate the HPA API on a December graduation. It’s been usable for years, but as of Kubernetes 1.23, the feature is officially ready for production.
This one’s a big deal, since horizontal pod autoscaling is so fundamental to Kubernetes’ scalability. When Kubernetes adds pods to accommodate changing requirements, it’s using the HPA, and the API gives users more direct control — allowing users, for example, to create new HPA objects on the fly with defined parameters around details like CPU usage.
There’s good news here for Mirantis Container Cloud (MCC) users, too — soon, HPA features will be integrated into MCC.
CustomResourceDefinition (CRD) Validation
Many, many Kubernetes users need to implement custom resources on their clusters — with user-created definitions and, ideally, validation rules.
This alpha enhancement proposes using Common Expression Language as a standard for writing verification rules for custom resources. As an alpha, the enhancement has a long path ahead: you can look over the GitHub page here.
Other notable features in Kubernetes 1.23
The enhancements in Kubernetes 1.23 aren’t limited to the API. Some other notable features help to tighten cluster security, expand functionality on Windows nodes, and look toward the future.
Pod Security Standards
With Kubernetes security top of mind, it’s nice to see Pod Security Standards graduate from alpha to beta in 1.23.
The standards make it easy to define pod permissions as privileged, baseline, or restricted, with each of these three policies aimed at different use-cases and attempting to provide users with a range of options. Privileged pods are unrestricted (useful for system administration and infrastructure-level workloads), while the baseline policy prevents permission escalation, and restricted pods are heavily locked down according to security best practices.
Kubernetes users have been calling for out-of-the-box security solutions, and these standards represent a nice step in that direction. Now that the feature is in beta, many more users will want to consider implementing it.
Windows Privileged Containers
Speaking of security privileges, Kubernetes 1.23 adds functionality for users who wish to create privileged containers with Windows nodes. Privileged container processes have direct access to host resources, almost like programs running on the host itself, and the feature has been available on Linux nodes for some time, and will be available in k0s shortly.
It’s important to note here that the use-cases for privileged containers are very specific, typically dealing with monitoring or security — they’re not appropriate for most general applications. But if you need to use the feature with a Windows node, it’s now a lot easier.
Even the name of this feature will have a pleasant ring of familiarity to most Linux users. Just like the
cron command line utility in Unix-like systems, Kubernetes CronJobs allow users to schedule tasks that run on a regular basis — but in this case, those tasks are running throughout a Kubernetes cluster.
Changing from the ScheduledJobs nomenclature and graduating to Stable, this feature is reaching maturity and will continue to prove useful for many cluster administrators.
IPv4/IPv6 Dual-Stack Networking
Last, but certainly not least, the long-awaited networking enhancement that will help to ready clusters for IPv6.
With dual-stack networking now in general availability, a pod can use IPv4 and IPv6 addresses simultaneously. Pods can communicate with services both inside and outside of the cluster using both protocols. Users will need to ensure that their infrastructure itself supports these capabilities, but with widespread adoption of Kubernetes, this represents a major step forward for IPv6 readiness.
In a release with dozens and dozens of new features, this small collection of highlights only scratches the surface. You can dive into the full details in the Kubernetes 1.23 changelog. And k0s users can look forward to Kubernetes 1.23 support in the coming weeks.
Love using Kubernetes but don't want to run it on your own? Mirantis Flow will take care of all your operational needs.