This post was put together by Alibaba Cloud's Container Service team. Post contributors include Zhang Xiaoyu, Huang Ke, Lu Jinda, Li Chuanyun, Chen Jun, and Gao Xianglin. Their nicknames at Alibaba, in the same order, are Zhongyuan, Zhitian, Guiji, Huanyun, Chenjun, and Chanming.
This topic provides an overview of Kubernetes releases from versions 1.15 and 1.16. The purpose of this article is to highlight that it is necessary to upgrade from version 1.14 to 1.16, as there have been significant updates, which will be described in detail throughout this article. Release version changes are grouped by feature.
As a quick overview, the release of version 1.15 had 25 enhancements, which included 2 moving to stable, 13 in beta form, and 10 in alpha. Versions 1.16 consisted of 31 enhancements, with 8 moving to stable, 8 in beta, and 15 in alpha.
HostIPCSources. Access control parameters, such as
PodSecurityPolicy, have added for enhanced security.
--allow-privilegedhas been removed. Relevant kubelet scripts need to be cleared accordingly.
pods, and cgroups metrics of containers.
beta.kubernetes.io/kube-proxy-ds-ready. They are replaced by the following labels:
--containerized, deprecated since version 1.14, is officially removed in version 1.16.
beta.kubernetes.io/arch, deprecated since version 1.14, will be officially removed in version 1.18.
container_nameare replaced by
container, respectively. All Prometheus queries that match the
container_namelabels must be updated.
trueby default, and the related feature gate will be deprecated in version 1.18.
WatchBookmarkfeature is moving to beta and is enabled by default. This feature fixes the problem that resources need to be re-listed when the later watch request is received if the previous watch request of an event is not received for a long time.
apps/v1beta2are replaced by resources
extensions/v1beta1, including daemonsets, deployments, and replicasets, are replaced by resources
extensions/v1beta1are replaced by http://networking.k8s.io/v1.
extensions/v1beta1are replaced by resources under
--runtime-config flag can be used to enable these resources temporarily. This flag is not recommended in this release. It is recommended after you switch to a more stable Scheme version:
The APIs for these resources will be completely deleted in version 1.18.
2. Aggregated discovery requests can time out now. Aggregated API servers must complete discovery calls within five seconds. The duration can be longer for other requests.
You can extend the timeout period to 30 seconds by using the feature gate
EnableAggregatedDiscoveryTimeout will be removed in version 1.17.
Previously, you needed to combine PV and PVC to use CSI. With the inline CSI volume capability, you can declare a CSI volume that is closely related to a pod when defining the pod. Volumes are created as pods are created and destroyed as pods are destroyed.
You can create a PVC by cloning an existing PVC, including the volume specifications and data. PVC cloning is applicable to scenarios such as data migration and the establishment of simulated online environment. PVC cloning only supports CSI and does not support in-tree plug-ins and
Kubelet used to regularly scan files to collect the usage of ephemeral-storage space. Project quotas is introduced in version 1.15. Project quota provides faster speed and higher accuracy than regular scanning. If a file is opened and then deleted, the scanning method cannot trace the file. The file still occupies space. Click to learn more.
In the future, you can also use the project quotas feature to forcibly limit the available space of each volume. I/O write operations are rejected after the space limit is reached. This prevents the entire pod from being evicted because the storage space of an unimportant container is full. Isolation is implemented in this way.
Online capacity adjustment allows you to implement capacity expansion without rebuilding pods.
subPath allows multiple pods to use the sub-paths of the same volume. By using the
subPathExpr parameter, you can use the Downward API environment variables to build a unique sub-path for each pod. For example, you can bind the sub-path of a volume to the same mount point of a pod based on the pod name
(subPathExpr: $(POD_NAME)), thereby implementing data isolation between pods.
kube-proxyno longer automatically cleans up network rules during mode switching. Moreover, graceful termination for UDP traffic is disabled.
service.spec.externalNamecan end with a dot.
IPv4 and IPv6 addresses can be allocated to pods and services, which is an important step for the transition to IPv6. Enabling IPv4 and IPv6 dual-stack in Kubernetes clusters provides the following functions:
In terms of implementation, a current service object corresponds to a Kubernetes Endpoints object and contains the information of all backend pods. As the number of backend pods increases, the Add, Update, and Delete operations of a single backend pod pose a big pressure on control components, such as
Therefore, the EndpointSlice API is introduced so that backend pod information can be sliced and put into different EndpointSlices. A service contains multiple EndpointSlice objects, and an EndpointSlice object contains multiple endpoints, with a maximum of 100 endpoints by default. Each endpoint corresponds to a backend instance. This solution resolves performance problems and retains high scalability for providing other network features. For example, an endpoint can contain the topological location information, including region, zone, and hostname, of the backend instance, which can be used to help access the service through the nearest route.
This feature ensures that the service resource objects will not be completely deleted before the relevant load balancer is deleted.
extensions/v1beta1is deprecated and replaced by
extensions/v1beta1is deprecated and replaced by
Alibaba Developer - June 23, 2020
Alibaba Clouder - August 1, 2019
Alibaba Developer - October 24, 2019
Alibaba Developer - June 16, 2020
Alibaba Container Service - July 29, 2019
Alibaba Clouder - November 7, 2019
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.Learn More
OpenAPI Explorer allows you to call an API through its web interface or WebCLI, and view the entire process.Learn More
API Gateway provides you with high-performance and high-availability API hosting services to deploy and release your APIs on Alibaba Cloud products.Learn More
Accelerate and secure the development, deployment, and management of containerized applications cost-effectively.Learn More
More Posts by Alibaba Container Service