​Kubernetes 1.10: Improving storage, security, and networking

The new version of Kubernetes has arrived and it's stabilizing the quickly evolving open-source, container orchestration program, while still adding new features.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Ever been in a Tesla and hit the accelerator in Ludicrous Mode? If you have, you know you'll speed up like the proverbial bat out of hell. The development of Kubernetes, the leading container orchestration program, has been like that. It's been one improvement after another at a frantic pace. With its newest release, Kubernetes 1.10, it keeps charging forward but it's also been stabilizing features in four key areas: API aggregation, storage, security, and networking.

Specifically, this release includes the introduction of external client-go credential providers, an alpha feature; the Domain Name System (DNS) service can be switched to CoreDNS at install time, a beta feature; and the move of Container Storage Interface (CSI) and persistent local volumes, which is also in beta.

What does this mean? Let's go over them.

API Aggregation (Stable)

According to CoreOS, now a division of Red Hat and a leading Kubernetes development company, application programming interfaces (API) aggregation is now stable in Kubernetes 1.10. This enables Kubernetes developers to develop their own custom API servers without changing the core Kubernetes code repository. With this feature now stable, Kubernetes cluster admins can more confidently add these third-party APIs to their clusters in a production configuration.

Storage: CSI and Local Storage (Beta)

The Kubernetes implementation of CSI makes installing new volume plugins as easy as deploying a pod. This enables third-party storage providers to develop their solutions independently outside of the core Kubernetes codebase. This continues the thread of extensibility within the Kubernetes ecosystem.

CSI's goal is to create a standardized way for storage vendors to write plugins that will work across multiple container orchestration tools. This includes Kubernetes, but it can be used by other orchestration programs such as Docker Swarm Mode and Mesosphere. It provides standardized ways to dynamically provision and deprovision storage volumes, attach or detach volumes from nodes, mount or unmount volumes from nodes, and so on.

Durable (non-shared) local storage management is now in beta. This makes locally attached (non-network attached) storage available as a persistent volume source. This means higher performance and lower cost for distributed file systems and databases.

This release also includes many beta updates to Persistent Volumes. Kubernetes can now automatically prevent deletion of Persistent Volume Claims that are in use by a pod and prevent deletion of a Persistent Volume that is bound to a Persistent Volume Claim. This helps ensure storage API objects are deleted in the correct order.

Security: External credential providers (Alpha)

Kubernetes, which is already highly extensible, gains another extension point in 1.10 with external kubectl credential providers. With this, cloud providers, vendors, and other platform developers can now release binary plugins that handle authentication for specific cloud-provider Identity and Access Management (IAM) services, or which integrate with in-house authentication systems not supported in-tree such as Active Directory. This complements the Cloud Controller Manager feature added in 1.9.

Networking: CoreDNS as a DNS provider (Beta)

The DNS services can be switched to CoreDNS at install time. This is a beta and it will enable cluster operators to explore its capabilities. CoreDNS has fewer "moving parts" since it is a single executable and single process and supports additional use cases.

Before DNS was provided by kube-dns. This was a wrapper for dnsmasq written in Go wrapper around. After last year's dnsmasq security holes showed up, the Kubernetes developers decided on another path.

Performance Improvements (Beta)

In the 1.10 release, the DevicePlugins API has gone to beta. This provides a stable integration point for GPUs, high-performance networking interfaces, FPGAs, Infiniband, and other fast I/O devices, without requiring its vendor to add any custom code to Kubernetes.

Other beta features have been added to better support CPU and memory sensitive applications. For example, the static CPU pinning policy has graduated to beta to support CPU latency-sensitive applications by pinning applications to particular cores. So, for example, you can make sure a container that must run quickly is tied to high-speed CPU cores. In addition, the cluster is able to schedule and isolate hugepages for big data and other applications that demand them.

Kubernetes 1.10 is available for download on GitHub. To get started with Kubernetes, check out these interactive tutorials.

Kubernetes has already been become the most popular container orchestration program. These improvements will only ensure that it will stay on top.

Related Stories:

Editorial standards