​Kubernetes takes a big step forward with version 1.8

The most popular of the cloud container orchestration programs has stronger security and role-based access control.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

If you want to manage containers in the cloud, Kubernetes is the program for you. Its latest release, Kubernetes 1.8, is better than ever.

Why is this important? Containers are moving quickly into becoming the way to run server-level applications both in data-centers and the cloud. According to a recent report from research house Redmonk, 54 percent of Fortune 100 companies are already running Kubernetes. Some of these are truly massive jobs.

For example, Ancestry.com has 20 billion historical records and 90 million family trees. This makes it the largest consumer genomics DNA network in the world. With Kubernetes, its deployment time for its Shaky Leaf icon service was cut down from 50 minutes to two or five minutes. Paul MacKay, an Ancestry software engineer and architect, wrote, "We're very close to having everything that should be or could be in a Linux-friendly world in Kubernetes by the end of the year."

Perhaps the most significant feature in this new release is role based access control (RBAC). This enables cluster administrators to dynamically define roles to enforce access policies through the Kubernetes application programing interface (API).

RBAC also includes beta support for filtering outbound traffic through Kubernetes network policies augments existing support for filtering inbound traffic to a pod. Pods are Kubernetes' smallest deployable units. They are made up of one or more containers with shared storage, network, and a specification on how to run the containers. Together, RBAC and network policies are two powerful tools for enforcing Kubernetes organizational and regulatory security requirements.

This edition also brings the core Workload APIs to beta. This contains the most recent versions of Deployment, DaemonSet, ReplicaSet, and StatefulSet. The Workloads APIs is now stable. It can be used to migrate existing workloads to Kubernetes and for developing cloud native applications. The Workloads API also helps big data users by enabling native Kubernetes support for Apache Spark.

Another beta feature, Custom Resource Definitions (CRDs), provides a mechanism to extend Kubernetes with user-defined API objects. Why would you use this? One way is to use CRDs to automate complex stateful applications such as key-value stores, databases, and storage engines through the Operator Pattern. CRDs don't currently have validation, but that's expected in the next release.

With a nod to old-style computing, CronJobs is now in beta. This will enable administrators to run batch container workloads, such as nightly extract, transform, and (ETL) data warehousing jobs.

Diving deeper, Mike Barrett, Red Hat OpenShift project manager and Joe Brockmeier, Red Hat Linux container evangelist, wrote that their customers are looking forward to batch jobs, we believe that Resource Management Working Group "alpha code will enable the next wave in cloud computing."

This gives developers access to hardware via Device Manager for access to hardware devices such as NICs, GPUs, FPGA, Infiniband and so on; CPU Manager: so users can request static CPU assignment via the guaranteed Quality of Service (QOS) tier, and HugePages so users can consume huge memory pages of any size supported by the underlying hardware.

A feature CoreOS, a container and Kubernetes power, is particularly excited about is Kubernetes advanced auditing going beta. This, said Eric Chiang, a CoreOS engineer "introduces formatted audit logs, policies to control what's audited, and a webhook to send events to external services. Audit events can now be configured to include entire request payloads, aggregated in a central location. ... The audit event format will only make backward compatible changes. This creates an opportunity for the community to start experimenting with ways of consuming, displaying, and acting on events from the audit log webhook. An early example of this is the audit2rbac tool, which consumes audit events and to automatically create RBAC profiles."

Put it all together and you have a major step forward in making Kubernetes the do-it-all cloud container orchestration program.


Mirantis enters the Kubernetes game and ups its OpenStack play

Besides managing OpenStack clouds, Mirantis is adding cloud container management to its skillset with Kubernetes.

How to get the Kubernetes help you need

As Kubernetes cloud container orchestration grows ever more important, so does the need for qualified Kubernetes administrators.

Enterprise container DevOps steps up its game with Kubernetes 1.6

The popular enterprise container DevOps program, Kubernetes, is now ready to handle up to 5,000 nodes in a single cluster.

Editorial standards