Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What's New in Kubernetes 1.15

Overview of new features and enhancements in the latest k8s release. View the webinar recording at https://info.mirantis.com/k8s-1-15

  • Login to see the comments

  • Be the first to like this

What's New in Kubernetes 1.15

  1. 1. Copyright © 2019 Mirantis, Inc. All rights reserved What’s New in Kubernetes 1.15 WEBINAR | June 20, 2019
  2. 2. 2 A Few Introductions (ok just one) Nick Chase Head of Technical Content at Mirantis Nick Chase is Head of Technical Content for Mirantis and a former member of the Kubernetes release team. He is a former software developer and author or co-author of more than a dozen books on various programming topics, including the OpenStack Architecture Guide, Understanding OPNFV, and Machine Learning for Mere Mortals.
  3. 3. 3 A Little Housekeeping ● Please submit questions in the Questions panel. ● We’ll provide a link where you can download the slides at the end of the webinar.
  4. 4. 4 ● Structural schemas ● Generally available ● Promoted to Beta ● New features ● Q&A Agenda
  5. 5. 5 Audience Poll
  6. 6. 6 Kubernetes Training training.mirantis.com training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for CKA 4 days Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day
  7. 7. 7 Structural schemas
  8. 8. 8 ● Subset of OpenAPI 3 ● Produced from code by tools like crd-gen and openapi-gen ● vbeta1 ○ Non-structural CRDs still work ○ NonStructuralSchema condition returned ○ Must be structural to use new features ● v1 ○ Structural schemas will be required Structural Schemas
  9. 9. 9 "All types and the possible object fields within a JSON object must be apparent from a structural schema without understanding the logical junctors anyOf, allOf, oneOf and not." What is a structural schema?
  10. 10. 10 1. specifies a non-empty type (via type in OpenAPI) for the root, for each specified field of an object node (via properties or additionalProperties in OpenAPI) and for each item in an array node (via items in OpenAPI), with the exception of: ○ a node with x-kubernetes-int-or-string: true ○ a node with x-kubernetes-preserve-unknown-fields: true 2. for each each field in an object and each item in an array which is specified within any of allOf, anyOf, oneOf or not, the schema also specifies the field/item outside of those logical junctors 3. does not set description, type, default, additionalProperties, nullable within an allOf, anyOf, oneOf or not, with the exception of the two pattern for x-kubernetes-int-or-string: true 4. if metadata is specified, then only restrictions on metadata.name and metadata.generateName are allowed. A structural schema is one where ...
  11. 11. 11 properties: foo: pattern: "abc" metadata: type: object properties: name: type: string pattern: "^a" finalizers: type: array items: type: string pattern: "my-finalizer" anyOf: - properties: bar: type: integer minimum: 42 required: ["bar"] description: "foo bar object" Non-structural
  12. 12. 12 type: object description: "foo bar object" properties: foo: type: string pattern: "abc" bar: type: integer metadata: type: object properties: name: type: string pattern: "^a" anyOf: - properties: bar: minimum: 42 required: ["bar"] Structural
  13. 13. 13 x-kubernetes-int-or-string: true allOf: - anyOf: // optionally provided and accepted - type: integer - type: string - pattern: abc anyOf: - minimum: 42 maximum: 50 - minimum: 52 maximum: 60 Exceptions to every rule Also ● x-kubernetes-embedded-resource ● X-kubernetes-unions ● x-kubernetes-preserve-unknown-fields
  14. 14. 14 CRD Open API Schemas ● Already supported by core objects ● Schemas enable: ○ server-side validation ○ documentation creation ○ explain
  15. 15. 15 Defaulting and pruning for Custom Resources ● Defaulting (alpha) ○ Missing default values are added ● Pruning ○ "Unknown" fields are removed ○ Unless x-kubernetes-preserve-unknown-fields: true
  16. 16. 16 Webhook conversion for Custom Resources ● Converts resources from one version to another ○ Stored as one version, requested as another ○ Vice versa
  17. 17. 17 Generally available Ready for production
  18. 18. 18 Server-side descriptions ● kubectl get ● CustomResourceDefinitions ● Third-party API extensions ● kubectl describe in future release
  19. 19. 19 Go module support ● Go 1.13 to deprecate GOPATH ● Consistent vendor directory on any OS ● Use 2 different module versions simultaneously
  20. 20. 20 Kubeadm improvements Beta
  21. 21. 21 Dynamic HA clusters with kubeadm ● 2 methods ○ Stacked control plane ○ External etcd cluster ● Architecture ○ 3 masters ○ 3 workers ○ 3 etcd nodes (optional) ○ Load balancer
  22. 22. 22 Upgrade kubeadm configuration to v1beta2 ● kubeadm init/join ● Kubeadm fields with no API endpoint ● Repeatability ○ Runtime settings should be persisted ● Specialized substructures ● New features ○ Certificates copy ○ Pre-flight errors
  23. 23. 23 Promoted to Beta On by default, but not necessarily production-ready
  24. 24. 24 Admission webhook changes ● Admission controllers are everpresent ● Admission webhooks let you specify your own logic ○ Mutating admission webhooks ○ Validating admission webhooks ● Mutating webhooks can now be invoked more than once ○ reinvocationPolicy: IfNeeded
  25. 25. 25 NodeLocal DNSCache ● Prevents single point of failure ● Additional listen IP for node-local-dns pod: 169.254.20.10 ● Extends node-local-dns to listen on the kube-dns service IP as well ● Determination of node-local-dns vs kube-dns by external component ● IPTables only
  26. 26. 26 NodeLocal DNSCache apiVersion: v1 kind: Service metadata: name: node-local-upstream namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "NodeLocalUpstream" spec: selector: k8s-app: kube-dns ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53
  27. 27. 27 Online resizing of PersistentVolumes ● No need to terminate pod or unmount volume ● PersistentVolumeClaim must be in ReadWrite mode ● Enabled by default via ExpandInUsePersistentVolumes feature gate
  28. 28. 28 Environment variables expansion apiVersion: v1 kind: Pod metadata: name: pod1 spec: containers: - name: container1 env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name image: busybox command: [ "sh", "-c", "while [ true ]; do echo 'Hello'; sleep 10; done | tee -a /logs/hello.txt" ] volumeMounts: - name: workdir1 mountPath: /logs subPathExpr: $(POD_NAME) restartPolicy: Never volumes: - name: workdir1 hostPath: path: /var/log/pods ● Log files ● 2 or more pods
  29. 29. 29 PodDisruptionBudget for custom resources ● Already works for Deployment, StatefulSet, ReplicaSet, ReplicationController ● Scale subresource provides desired replicas ● Good for any resource
  30. 30. 30 Pod limiting ● Prevents fork bombs ● Node level support ○ --system-reserved=[cpu=100m][,][memory=100Mi][,][pid=1000] ○ --kube-reserved=[cpu=100m][,][memory=100Mi][,][pid=1000] ● Pod level isolation ○ SupportPodPidsLimit feature gate ○ --pod-max-pids=1000
  31. 31. 31 Third-party device monitoring plugins ● Container-level metrics for devices using device plugins ● Vendor-provided Device-specific metrics ● Uses PodResources service
  32. 32. 32 AWS Network Load Balancer ● New load balancer ○ Multiple ports ○ WebSockets ○ Host-based, HTTP-based, HTTPs-based routing ○ Query-string, Source IP-based routing ○ User authentication ○ Redirects ● Annotation service.beta.kubernetes.io/aws-load-balancer-type = nlb
  33. 33. 33 New features (alpha) Generally off by default, may change
  34. 34. 34 Cloning a Volume ● Existing PVC as DataSource ● Different from a Snapshot ● Only for CSI drivers. ● Only for dynamic provisioners. ● Only for drivers that have implemented cloning ● Only In the same namespace apiVersion: v1 kind: PersistentVolumeClaim metadata: name: clone-of-pvc-1 namespace: myns spec: capacity: storage: 10Gi dataSource: kind: PersistentVolumeClaim name: pvc-1
  35. 35. 35 Scheduling framework ● Plugin API ● Plugins are compiled into the scheduler ● Scheduling cycle ● Binding cycle ● Extension points ○ Queue sort ○ Pre-filter ○ Filter ○ Post-filter ○ Scoring ○ Normalize scoring ○ Reserve ○ Permit ○ Pre-bind ○ Bind ○ Post-bind ○ Unreserve
  36. 36. 36 Non-preempting PriorityClasses ● PremptionPolicy ● Defaults to PreemptLowerPriority ● Set to Never ● Prevents new pods but leaves existing ● Backoff policy for retries
  37. 37. 37 Executing user code in pods ● ExecutionHook ● ExecutionHookController ● Not tied to start or termination ● Can be called on demand
  38. 38. 38 Filesystem quotas for ephemeral storage ● Improvement over walking the filesystem tree ○ Faster ○ More accurate ● emptyDir only ● Monitor only; no enforcement ● Ready for XFS volumes ● For ext4fs: ○ create with mkfs.ext4 -O project <block_device> ○ run tune2fs -Q prjquota block device; ● Mount with option project in /etc/fstab ● rootflags=pquota
  39. 39. 39 LoadBalancer finalizer protection ● Prevent orphaned load balancers ● Make sure LB is fully deleted before Service is deleted
  40. 40. 40 Event API improvements ● More structure ● Better deduplication
  41. 41. 41 Kubernetes Training training.mirantis.com training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for CKA 4 days Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day
  42. 42. 42 Thank you! Q&A Download the slides from bit.ly/k8s-1-15-webinar We’ll send you the slides and recording by Monday.

×