Posts in 2022

  • Kubernetes Removals, Deprecations, and Major Changes in 1.26

    By Frederico Muñoz (SAS) | Friday, November 18, 2022 in Blog

    Change is an integral part of the Kubernetes life-cycle: as Kubernetes grows and matures, features may be deprecated, removed, or replaced with improvements for the health of the project. For Kubernetes v1.26 there are several planned: this article …

    Read more

  • Live and let live with Kluctl and Server Side Apply

    By Alexander Block | Friday, November 04, 2022 in Blog

    This blog post was inspired by a previous Kubernetes blog post about Advanced Server Side Apply. The author of said blog post listed multiple benefits for applications and controllers when switching to server-side apply (from now on abbreviated with …

    Read more

  • Server Side Apply Is Great And You Should Be Using It

    By Daniel Smith (Google) | Thursday, October 20, 2022 in Blog

    Server-side apply (SSA) has now been GA for a few releases, and I have found myself in a number of conversations, recommending that people / teams in various situations use it. So I’d like to write down some of those reasons. Obvious (and …

    Read more

  • Current State: 2019 Third Party Security Audit of Kubernetes

    By Cailyn Edwards (Shopify), Pushkar Joglekar (VMware), Rey Lejano (SUSE), Rory McCune (DataDog) | Wednesday, October 05, 2022 in Blog

    We expect the brand new Third Party Security Audit of Kubernetes will be published later this month (Oct 2022). In preparation for that, let's look at the state of findings that were made public as part of the last third party security audit of 2019 …

    Read more

  • Introducing Kueue

    By Abdullah Gharaibeh (Google), Aldo Culquicondor (Google) | Tuesday, October 04, 2022 in Blog

    Whether on-premises or in the cloud, clusters face real constraints for resource usage, quota, and cost management reasons. Regardless of the autoscalling capabilities, clusters have finite capacity. As a result, users want an easy way to fairly and …

    Read more

  • Kubernetes 1.25: alpha support for running Pods with user namespaces

    By Rodrigo Campos (Microsoft), Giuseppe Scrivano (Red Hat) | Monday, October 03, 2022 in Blog

    Kubernetes v1.25 introduces the support for user namespaces. This is a major improvement for running secure workloads in Kubernetes. Each pod will have access only to a limited subset of the available UIDs and GIDs on the system, thus adding a new …

    Read more

  • Enforce CRD Immutability with CEL Transition Rules

    By Alexander Zielenski (Google) | Thursday, September 29, 2022 in Blog

    Immutable fields can be found in a few places in the built-in Kubernetes types. For example, you can't change the .metadata.name of an object. Specific objects have fields where changes to existing objects are constrained; for example, the …

    Read more

  • Kubernetes 1.25: Kubernetes In-Tree to CSI Volume Migration Status Update

    By Jiawei Wang (Google) | Monday, September 26, 2022 in Blog

    The Kubernetes in-tree storage plugin to Container Storage Interface (CSI) migration infrastructure has already been beta since v1.17. CSI migration was introduced as alpha in Kubernetes v1.14. Since then, SIG Storage and other Kubernetes special …

    Read more

  • Kubernetes 1.25: CustomResourceDefinition Validation Rules Graduate to Beta

    By Joe Betz (Google), Cici Huang (Google), Kermit Alexander (Google) | Friday, September 23, 2022 in Blog

    In Kubernetes 1.25, Validation rules for CustomResourceDefinitions (CRDs) have graduated to Beta! Validation rules make it possible to declare how custom resources are validated using the Common Expression Language (CEL). For example: apiVersion: …

    Read more

  • Kubernetes 1.25: Use Secrets for Node-Driven Expansion of CSI Volumes

    By Humble Chirammal (Red Hat), Louis Koo (deeproute.ai) | Wednesday, September 21, 2022 in Blog

    Kubernetes v1.25, released earlier this month, introduced a new feature that lets your cluster expand storage volumes, even when access to those volumes requires a secret (for example: a credential for accessing a SAN fabric) to perform node expand …

    Read more