This release upgrades Kubernetes to 1.19. A summary of relevant changes is included in these release notes. The release also includes other minor component updates summarized below the list of Kubernetes changes.
Expanded CLI support for debugging workloads and nodes
SIG CLI expanded on debugging with
kubectl to support two new debugging workflows: debugging workloads by creating a copy, and debugging nodes by creating a container in host namespaces. These can be convenient to:
- Insert a debug container in clusters that don’t have ephemeral containers enabled
- Modify a crashing container for easier debugging by changing its image, for example to busybox, or its command, for example, to
sleep 1dso you have time to
- Inspect configuration files on a node’s host filesystem
EndpointSlices are now enabled by default
EndpointSlices are an exciting new API that provides a scalable and extensible alternative to the Endpoints API. EndpointSlices track IP addresses, ports, readiness, and topology information for Pods backing a Service.
In Kubernetes 1.19 this feature will be enabled by default with kube-proxy reading from EndpointSlices instead of Endpoints. Although this will mostly be an invisible change, it should result in noticeable scalability improvements in large clusters. It will also enable significant new features in future Kubernetes releases like Topology Aware Routing.
Ingress graduates to General Availability
SIG Network has graduated the widely used Ingress API to general availability in Kubernetes 1.19. This change recognises years of hard work by Kubernetes contributors, and paves the way for further work on future networking APIs in Kubernetes.
seccomp graduates to General Availability
The seccomp (secure computing mode) support for Kubernetes has graduated to General Availability (GA). This feature can be used to increase the workload security by restricting the system calls for a Pod (applies to all containers) or single containers.
KubeSchedulerConfiguration graduates to Beta
SIG Scheduling graduates
KubeSchedulerConfiguration to Beta. The KubeSchedulerConfiguration feature allows you to tune the algorithms and other settings of the kube-scheduler. You can easily enable or disable specific functionality (contained in plugins) in selected scheduling phases without having to rewrite the rest of the configuration. Furthermore, a single kube-scheduler instance can serve different configurations, called profiles. Pods can select the profile they want to be scheduled under via the
General ephemeral volumes
Kubernetes provides volume plugins whose lifecycle is tied to a pod and can be used as scratch space (e.g. the builtin “empty dir” volume type) or to load some data in to a pod (e.g. the builtin ConfigMap and Secret volume types or “CSI inline volumes”). The new generic ephemeral volumes alpha feature allows any existing storage driver that supports dynamic provisioning to be used as an ephemeral volume with the volume’s lifecycle bound to the Pod.
- It can be used to provide scratch storage that is different from the root disk, for example persistent memory, or a separate local disk on that node.
- All StorageClass parameters for volume provisioning are supported.
- All features supported with PersistentVolumeClaims are supported, such as storage capacity tracking, snapshots and restore, and volume resizing.
Immutable Secrets and ConfigMaps (beta)
Secret and ConfigMap volumes can be marked as immutable, which significantly reduces load on the API server if there are many Secret and ConfigMap volumes in the cluster. See ConfigMap and Secret for more information.
Increase the Kubernetes support window to one year
As of Kubernetes 1.19, bugfix support via patch releases for a Kubernetes minor release has increased from 9 months to 1 year.
- Add vertical pod autoscaler configuration.
- Automatically delete WC node pods when NotReady for too long (per-cluster opt-in only).
- Do not drain node pods when cluster is being deleted to improve deletion time and deadlocks.
- Update for Kubernetes 1.19 compatibility.
k8s-kvmto v0.4.1 with QEMU v5.2.0 and Flatcar DNS fix.
managed-bylabel to check node deployments are deleted before cluster namespace.
- Remove IPs from endpoints when the corresponding workload cluster node is not ready.
- Restrict ingress to only expose the status endpoint.
- Pause Chart CR reconciliation when it has chart-operator.giantswarm.io/paused=true annotation.
- Set docker.io as the default registry.
- Pass RESTMapper to helmclient to reduce the number of REST API calls.
- Updated Helm to v3.5.3.
- Updating namespace metadata using namespaceConfig in
giantswarm-criticalPriorityClass when it’s not found.
- Set docker.io as the default registry
corednsto upstream version 1.8.0.
- Added monitoring annotations and common labels.
- Add label selector for pods to help lower memory usage.