Posts in 2023

  • Having fun with seccomp profiles on the edge

    Thursday, May 18, 2023 in Blog

    Author: Sascha Grunert The Security Profiles Operator (SPO) is a feature-rich operator for Kubernetes to make managing seccomp, SELinux and AppArmor profiles easier than ever. Recording those profiles from scratch is one of the key features of this …

    Read more

  • Kubernetes 1.27: KMS V2 Moves to Beta

    Tuesday, May 16, 2023 in Blog

    Authors: Anish Ramasekar, Mo Khan, and Rita Zhang (Microsoft) With Kubernetes 1.27, we (SIG Auth) are moving Key Management Service (KMS) v2 API to beta. What is KMS? One of the first things to consider when securing a Kubernetes cluster is …

    Read more

  • Kubernetes 1.27: updates on speeding up Pod startup

    Monday, May 15, 2023 in Blog

    Authors: Paco Xu (DaoCloud), Sergey Kanzhelev (Google), Ruiwen Zhao (Google) How can Pod start-up be accelerated on nodes in large clusters? This is a common issue that cluster administrators may face. This blog post focuses on methods to speed up …

    Read more

  • Kubernetes 1.27: In-place Resource Resize for Kubernetes Pods (alpha)

    Friday, May 12, 2023 in Blog

    Author: Vinay Kulkarni (Kubescaler Labs) If you have deployed Kubernetes pods with CPU and/or memory resources specified, you may have noticed that changing the resource values involves restarting the pod. This has been a disruptive operation for …

    Read more

  • Kubernetes 1.27: Avoid Collisions Assigning Ports to NodePort Services

    Thursday, May 11, 2023 in Blog

    Author: Xu Zhenglun (Alibaba) In Kubernetes, a Service can be used to provide a unified traffic endpoint for applications running on a set of Pods. Clients can use the virtual IP address (or VIP) provided by the Service for access, and Kubernetes …

    Read more

  • Kubernetes 1.27: Safer, More Performant Pruning in kubectl apply

    Tuesday, May 09, 2023 in Blog

    Authors: Katrina Verey (independent) and Justin Santa Barbara (Google) Declarative configuration management with the kubectl apply command is the gold standard approach to creating or modifying Kubernetes resources. However, one challenge it presents …

    Read more

  • Kubernetes 1.27: Introducing An API For Volume Group Snapshots

    Monday, May 08, 2023 in Blog

    Author: Xing Yang (VMware) Volume group snapshot is introduced as an Alpha feature in Kubernetes v1.27. This feature introduces a Kubernetes API that allows users to take crash consistent snapshots for multiple volumes together. It uses a label …

    Read more

  • Kubernetes 1.27: Quality-of-Service for Memory Resources (alpha)

    Friday, May 05, 2023 in Blog

    Authors: Dixita Narang (Google) Kubernetes v1.27, released in April 2023, introduced changes to Memory QoS (alpha) to improve memory management capabilites in Linux nodes. Support for Memory QoS was initially added in Kubernetes v1.22, and later some …

    Read more

  • Kubernetes 1.27: StatefulSet PVC Auto-Deletion (beta)

    Thursday, May 04, 2023 in Blog

    Author: Matthew Cary (Google) Kubernetes v1.27 graduated to beta a new policy mechanism for StatefulSets that controls the lifetime of their PersistentVolumeClaims (PVCs). The new PVC retention policy lets users specify if the PVCs generated from the …

    Read more

  • Kubernetes 1.27: HorizontalPodAutoscaler ContainerResource type metric moves to beta

    Tuesday, May 02, 2023 in Blog

    Author: Kensei Nakada (Mercari) Kubernetes 1.20 introduced the ContainerResource type metric in HorizontalPodAutoscaler (HPA). In Kubernetes 1.27, this feature moves to beta and the corresponding feature gate (HPAContainerMetrics) gets enabled by …

    Read more