Uhlobo olusha lweKubernetes 1.19 lusanda kukhishwa ngemuva kokubambezeleka okuncane, kepha ekugcineni isiyatholakala ngezibuyekezo eziningana ezithuthukisa ukulungela ukukhiqizwa kweKubernetes. Lokhu kuthuthukiswa faka inguqulo ezinzile yemisebenzi ye-Ingress neye-seccomp, izithuthukisi zokuphepha, ezifana nokusekelwa kwe-TLS 1.3 nezinye izithuthukisi zezici.
Ngaphandle kwalokho, yize iqembu leKubernetes ngokomlando ikhiphe izibuyekezo ezine ngonyaka, zizokhipha ezintathu kuphela kulo nyaka, ngenxa yezimo eziwubhadane. I-Version 1.19 kungenzeka ibe yisibuyekezo sokugcina salo nyaka wekhalenda.
“Ekugcineni, sishaye iKubernetes 1.19, inguqulo yesibili yango-2020 futhi umjikelezo wokukhishwa omude kunayo yonke othathe amasonto angama-20 esewonke. Kuqukethe ukuthuthuka okungama-34: ukuthuthuka okungu-10 kudluliselwe kunguqulo ezinzile, ukuthuthuka okungu-15 kunguqulo ye-beta nokuthuthuka okungu-9 kuhlobo lwe-alpha.
“I-Version 1.19 ibihluke kakhulu kunohlobo olujwayelekile ngenxa ye-COVID-19, imibhikisho kaGeorge Floyd neminye imicimbi eyahlukene yomhlaba esihlangabezane nayo njengeqembu lokwethula. «
Kuzinguquko ezenzekayo, okuphawuleka kakhulu ku- I-Ingress eyethulwe ekuqaleni njenge-beta API ephatha ukufinyelela kwangaphandle kwezinsizakalo kuqoqo, imvamisa ithrafikhi ye-HTTP, futhi inganikeza ukulinganisa umthwalo, ukunqanyulwa kwe-TLS, nokusingathwa okubonakalayo okususelwa egameni.
Futhi kule nguqulo entsha engu-1.19, i-Ingress ibuyekezelwa enguqulweni ezinzile futhi ingezwe kuma-Network APIs v1. Lesi sibuyekezo senza ushintsho olukhulu ezintweni ze-Ingress v1, kufaka phakathi ukuqinisekiswa nezinguquko ze-schema.
Ngakolunye uhlangothi secomp (Imodi Yezokuphepha Yezokuphepha) futhi iyatholakala njengenguqulo ezinzile ku-Kubernetes version 1.19 (seccomp iyisici sokuphepha se-Linux kernel esikhawulela inani lamakholi wesistimu angenziwa izinhlelo zokusebenza).
Lokhu kwethulwe okokuqala njengesici seKubernetes enguqulweni engu-1.3, kepha bekunezilinganiso ezithile. Phambilini, isichasiselo ku-PodSecurityPolicy sasidingeka lapho kusetshenziswa amaphrofayili we-seccomp kuma-pods.
Kule nguqulo, i-seccomp yethula inkambu entsha ye-seccompProfile kungezwe ezintweni zesitsha se-pod ne-securityContext. Ukuqinisekisa ukuhambisana okubuyela emuva neKubelet, amaphrofayli we-seccomp azosetshenziswa ngokulandelana kokubekwa phambili:
- Inkambu ethile yesitsha.
- Isichasiselo esiqondene nesiqukathi.
- Inkambu ezingeni le-pod.
- Isichasiselo se-pod yonke.
Isiqukathi se-sandbox se- pod manje seyilungiselelwe ngephrofayili ye-seccomp Isikhathi sokusebenza / okuzenzakalelayo ngokwehlukile kulesi sibuyekezo.
Olunye ushintsho olubalulekile olwethulwe yiqembu yi- ukunweba isikhathi sokusekela kuzovumela abasebenzisi abangaphezu kwama-80% ukuthi basebenzise izinguqulo ezihambisanayo, esikhundleni se-50-60% ababukayo manje.
“Isikhathi sonyaka sokwesekwa sinikeza isici abasebenzisi bokugcina ababonakala befuna futhi sihambisana kakhulu nemijikelezo ejwayelekile yokuhlela yonyaka. Ukuqala ngohlobo lweKubernetes 1.19, iwindi lokuxhasa lizokwelulelwa unyaka owodwa.
Futhi, AmaKubernetes anikezela ngama-plug-ins evolumu omjikelezo wempilo wawo uxhunyaniswe nepod futhi ingasetshenziswa njengendawo yokusebenza (isibonelo, uhlobo lwevolumu eyakhelwe ngaphakathi) noma ukulayisha idatha ethile kudoti (ngokwesibonelo, izilungiselelo ezakhelwe ngaphakathi nezinhlobo eziyimfihlo zevolumu, noma "amavolumu e-CSI online": Imfihlo kuyinto equkethe inani elincane ledatha ebucayi, njengephasiwedi, ithokheni, noma ukhiye.
Isici esisha se-alpha kumaGeneral Ephemeral Volumes senza noma isiphi isilawuli sesitoreji esikhona esisekela ukunikezwa okunamandla ukuthi kusetshenziswe njengevolumu ye-ephemeral ne-lifecycle yevolumu exhunywe ku-pod.
Ingasetshenziselwa ukuhlinzeka ngesitoreji esisebenzayo ngaphandle kwediski lempande, njengememori eqhubekayo noma idiski yendawo ehlukile kule node. Konke ukucushwa kwe-StorageClass kuyasekelwa ekunikezelweni kwevolumu.
Yonke imisebenzi esekelwa yi-PersistentVolumeClaims iyasekelwanjengokulandela umkhondo wesitoreji, izifinyezo futhi ubuyisele, nokukhulisa usayizi wevolumu.
Ekugcineni olunye ushintsho olusele, luhlose izincomo zokucwaningwa kwamabhuku kwezokuphepha konyaka odlule, I-Kubernetes version 1.19 ingeza ukusekelwa kwama-TLS 1.3 ciphers amasha engasetshenziswa ne-Orchestrator.
Uma ufuna ukwazi kabanzi ngayo, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.