Managing containers isn't easy. That's where such programs as Docker swarm mode, Kubernetes, and Mesosphere can make or break your containers initiatives. Perhaps the most popular of these, Kubernetes, has a new release, Kubernetes 1.6, that expands its reach by 50 percent to 5,000 node clusters. Conservatively, that means Kubernetes can manage 25,000 Docker containers at once.
In Kubernetes, a node is a virtual machine (VM) or physical server. Some people run as many as 500 containers per node, which means you could manage 2.5 million containers with Kubernetes. That's none too shabby!
If you want more than 5,000 nodes, or to use nodes across multiple regions or clouds, you can do that too with Federation. This enables you to combine multiple Kubernetes clusters and address them through a single API endpoint.
Nick Chase, Mirantis' head of technical content, wrote that as "Kubernetes takes hold, the likelihood of running into situations in which users have multiple large clusters to deal with increases. Federation enables you to create an infrastructure in which users can use, say, the closest cluster to them, or the one that has the most spare capacity."
In this release, the kubefed command line utility graduated to beta -- with improved support for on-premises clusters. kubefed now automatically configures kube-dns on joining clusters and can pass arguments to federated components.
You can also use Kubernetes Daemon Sets to specify which nodes will run a particular set of containers. Kubernetes will make certain that the nodes that satisfy the requirements will run them. You can also update these DaemonSets with new images.
The new Kubernetes also includes improved security. Role-based access control (RBAC), which is still beta, uses tightly scoped default roles for system components to improve security. Kubernetes 1.6's default RBAC policies grant scoped permissions to control-plane components, nodes, and controllers. RBAC also enables cluster administrators to selectively grant particular users or service accounts fine-grained access to specific resources on a per-namespace basis.
The improved kubeadm installation tool, which is also in beta, has been enhanced with a set of command line flags and a base feature set that includes RBAC setup. It also uses a Bootstrap Token system and an enhanced Certificates API to make securing your container cluster easier.
This release adds powerful and versatile scheduling constructs to give you greater pods scheduling control. This includes rules to restrict pods to particular nodes in heterogeneous clusters, and rules to spread or pack pods across failure domains such as nodes, racks, and zones. This is a very handy upgrade.
Kubernetes has always done a good job of managing container storage, but now it's even better. With this release, StorageClass and dynamic volume provisioning enable you to create and delete storage on demand. You'll no longer need to pre-provision storage at all.
On top of that, Kubernetes cluster administrators can define and expose multiple storage types within a cluster. This means end users can stop worrying about the complexity and nuances of how storage is provisioned, while still letting them select from multiple storage options. On public clouds, Kubernetes now pre-installs system-defined StorageClass objects for AWS, Azure, Google Cloud, OpenStack and VMware vSphere by default.
Kubernetes 1.6 is available for download on GitHub and via get.k8s.io. To get started with Kubernetes, try one of the these interactive tutorials. You should also look at the full release notes before upgrading or moving to Kubernetes.