Posts in 2023
Kubernetes 1.27: StatefulSet Start Ordinal Simplifies Migration
By Peter Schuurman (Google) | Friday, April 28, 2023 in Blog
Kubernetes v1.26 introduced a new, alpha-level feature for StatefulSets that controls the ordinal numbering of Pod replicas. As of Kubernetes v1.27, this feature is now beta. Ordinals can start from arbitrary non-negative numbers. This blog post will …
Updates to the Auto-refreshing Official CVE Feed
By Cailyn Edwards (Shopify), Mahé Tardy (Isovalent), Pushkar Joglekar | Tuesday, April 25, 2023 in Blog
Since launching the Auto-refreshing Official CVE feed as an alpha feature in the 1.25 release, we have made significant improvements and updates. We are excited to announce the release of the beta version of the feed. This blog post will outline the …
Kubernetes 1.27: Server Side Field Validation and OpenAPI V3 move to GA
By Jeffrey Ying (Google), Antoine Pelisse (Google) | Monday, April 24, 2023 in Blog
Before Kubernetes v1.8 (!), typos, mis-indentations or minor errors in YAMLs could have catastrophic consequences (e.g. a typo like forgetting the trailing s in replica: 1000 could cause an outage, because the value would be ignored and missing, …
Kubernetes 1.27: Query Node Logs Using The Kubelet API
By Aravindh Puthiyaparambil (Red Hat) | Friday, April 21, 2023 in Blog
Kubernetes 1.27 introduced a new feature called Node log query that allows viewing logs of services running on the node. What problem does it solve? Cluster administrators face issues when debugging malfunctioning services running on the node. They …
Kubernetes 1.27: Single Pod Access Mode for PersistentVolumes Graduates to Beta
By Chris Henzie (Google) | Thursday, April 20, 2023 in Blog
With the release of Kubernetes v1.27 the ReadWriteOncePod feature has graduated to beta. In this blog post, we'll take a closer look at this feature, what it does, and how it has evolved in the beta release. What is ReadWriteOncePod? ReadWriteOncePod …
Kubernetes 1.27: Efficient SELinux volume relabeling (Beta)
By Jan Šafránek (Red Hat) | Tuesday, April 18, 2023 in Blog
The problem On Linux with Security-Enhanced Linux (SELinux) enabled, it's traditionally the container runtime that applies SELinux labels to a Pod and all its volumes. Kubernetes only passes the SELinux label from a Pod's securityContext fields to …
Kubernetes 1.27: More fine-grained pod topology spread policies reached beta
By Alex Wang (Shopee), Kante Yin (DaoCloud), Kensei Nakada (Mercari) | Monday, April 17, 2023 in Blog
In Kubernetes v1.19, Pod topology spread constraints went to general availability (GA). As time passed, we - SIG Scheduling - received feedback from users, and, as a result, we're actively working on improving the Topology Spread feature via three …
Kubernetes v1.27: Chill Vibes
By Kubernetes v1.27 Release Team | Tuesday, April 11, 2023 in Blog
Announcing the release of Kubernetes v1.27, the first release of 2023! This release consist of 60 enhancements. 18 of those enhancements are entering Alpha, 29 are graduating to Beta, and 13 are graduating to Stable. Release theme and logo Kubernetes …
Keeping Kubernetes Secure with Updated Go Versions
By Jordan Liggitt (Google) | Thursday, April 06, 2023 in Blog
The problem Since v1.19 (released in 2020), the Kubernetes project provides 12-14 months of patch releases for each minor version. This enables users to qualify and adopt Kubernetes versions in an annual upgrade cycle and receive security fixes for a …
Kubernetes Validating Admission Policies: A Practical Example
By Craig Box (ARMO), Ben Hirschberg (ARMO) | Thursday, March 30, 2023 in Blog
Admission control is an important part of the Kubernetes control plane, with several internal features depending on the ability to approve or change an API object as it is submitted to the server. It is also useful for an administrator to be able to …