The new version of Kubernetes 1.19 has just been released after a slight delay, but in the end is now available with several updates that improve Kubernetes production readiness. These improvements include stable version of Ingress and seccomp functions, security enhancements, such as support for TLS 1.3 and other feature enhancements.
Besides that, even though the Kubernetes team has historically released four updates per year, they will only release three this year, due to pandemic conditions. Version 1.19 is likely to be the last update for this calendar year.
“Finally, we hit Kubernetes 1.19, the second version of 2020 and by far the longest release cycle that took a total of 20 weeks. It consists of 34 improvements: 10 improvements have been moved to the stable version, 15 improvements to the beta version and 9 improvements to the alpha version.
“Version 1.19 was quite different from a regular version due to COVID-19, George Floyd's protests, and various other global events that we have experienced as a launch team. «
Of the changes that occur, the most notable is in Ingress which was originally introduced as a beta API which manages external access to services in a cluster, typically HTTP traffic, plus it could provide load balancing, TLS termination, and name-based virtual hosting.
And in this new version 1.19, Ingress is updated to a stable version and has been added to Network APIs v1. This update makes key changes to Ingress v1 objects, including schema and validation changes.
On the side of seccomp (Security Computing Mode) also available as stable version in Kubernetes version 1.19 (seccomp is a Linux kernel security feature that limits the number of system calls that applications can make).
This was first introduced as a Kubernetes feature in version 1.3, but it had some limitations. Previously, an annotation on PodSecurityPolicy was required when applying seccomp profiles to pods.
In this version, seccomp introduces a new seccompProfile field added to pod and securityContext container objects. To ensure backward compatibility with Kubelet, the seccomp profiles will be applied in order of priority:
- Container specific field.
- Container-specific annotation.
- Field at pod level.
- Annotation of the entire pod.
The sandbox container of the pod is now also configured with a seccomp profile runtime / default separately in this update.
Another important change the team introduced is the extend the support period would allow more than 80% of users to use supported versions, instead of the 50-60% they are currently viewing.
“An annual support period provides the element that end users seem to want and is more in line with typical annual planning cycles. Starting with Kubernetes version 1.19, the support window will be extended to one year. "
In addition, Kubernetes provides volume plug-ins whose lifecycle is linked to a pod and can be used as a workspace (for example, the emptydir built-in volume type) or to load certain data into a pod (for example, the built-in settings and volume secrets types, or “CSI volumes online”: A secret is an object that contains a small amount of sensitive data, such as a password, token, or key.
The new alpha feature in Generic Ephemeral Volumes enables any existing storage controller that supports dynamic provisioning to be used as an ephemeral volume with the volume lifecycle linked to the pod.
It can be used to provide working storage other than the root disk, such as persistent memory or a separate local disk on this node. All StorageClass configurations are supported for volume provisioning.
All functions supported by PersistentVolumeClaims are supportedsuch as tracking of storage capacity, snapshots and restore, and volume resizing.
Finally another of the outstanding changes, is aimed at the recommendations of the security audit last year, Kubernetes version 1.19 adds support for new TLS 1.3 ciphers that can be used with Orchestrator.
If you want to know more about it, you can check the details In the following link.