“K8S Ecology Weekly” mainly contains some recommended weekly information related to K8S ecology that I have come into contact with. Welcome to subscribe zhihu column “K8S Ecology”.

Kubernetes V1.23 is coming soon, the third release for 2021 and the last official release of the year.

This release includes 47 enhancements, of which 11 are stable, 17 are beta, and 19 are alpha. Of course, there is also one item marked as abandoned. It’s a bit less than v1.22 in terms of numbers (53 enhancements), but that doesn’t make it a great release!

After the Kubernetes release cycle changed to a release every 4 months, there was a clear feeling that there was no need to spend too much time on updates. After all, Kubernetes updates are manual work, what do you think?

Let’s take a look at some notable changes in this release.

Added kubectl alpha events command

In the previous K8S ecological review | Helm new versions to enhance support for OCI “progress in the upstream of the article I have introduced the function for everyone. It is implemented in accordance with KEP #1440.

This command is added mainly because there are some restrictions on viewing events without modifying kubectl get. Therefore, it is more convenient to add kubectl events command to obtain the required information. In particular, event is a piece of information that you often need to look at in Kubernetes. Some typical problems of Kubectl get Events, such as sorting (although it can be solved by adding parameters), watch, and unable to view events according to the timeline, etc.

Let’s see how this command works.

Let’s start by creating two pods, called Redis and Redis2.

(MoeLove) ➜ kubectl run redis --image="ghcr.io/tao12345666333/redis:alpine"Pod/Redis created (MoeLove) ➜ kubectl run redis2 --image="ghcr.io/tao12345666333/redis:alpine"Pod /redis2 created (MoeLove) ➜ kubectl get Pods NAME READY STATUS RESTARTS AGE Redis 1/1 Running 0 12m redis2 1/1 Running 0 2m23sCopy the code

Execute Kubectl alpha Events to see all events under the current namespace. If added, the –for condition can be used to filter events that show only specific resources. It is also sorted by time by default

(MoeLove) ➜ kubectl  alpha events
LAST SEEN   TYPE     REASON      OBJECT       MESSAGE
12m         Normal   Scheduled   Pod/redis    Successfully assigned default/redis to kind-control-plane
12m         Normal   Pulling     Pod/redis    Pulling image "ghcr.io/tao12345666333/redis:alpine"
12m         Normal   Pulled      Pod/redis    Successfully pulled image "ghcr.io/tao12345666333/redis:alpine" in4.028873745s 12M Normal Created Pod/ Redis Created Container Redis 12m Normal Started Pod/ Redis Started container redis 3m5s Normal Scheduled Pod/redis2 Successfully assigned default/redis2 to kind-control-plane 3m5s Normal Pulled Pod/redis2 Container image"ghcr.io/tao12345666333/redis:alpine" already present on machine
3m4s        Normal   Created     Pod/redis2   Created container redis2
3m4s        Normal   Started     Pod/redis2   Started container redis2
(MoeLove) ➜ kubectl  alpha events --for pod/redis2
LAST SEEN   TYPE     REASON      OBJECT       MESSAGE
3m23s       Normal   Scheduled   Pod/redis2   Successfully assigned default/redis2 to kind-control-plane
3m23s       Normal   Pulled      Pod/redis2   Container image "ghcr.io/tao12345666333/redis:alpine" already present on machine
3m22s       Normal   Created     Pod/redis2   Created container redis2
3m22s       Normal   Started     Pod/redis2   Started container redis2
Copy the code

IPv4/IPv6 dual stack supports GA

— node-cdr-mask-size-ipv4 = — node-cdr-mask-size-ipv6 = — node-cdr-mask-size-ipv6 = — node-cdr-mask-size-ipv6 = — node-cdr-mask-size-ipv6 = — node-cdr-mask-size-ipv6 = — node-cdr-mask-size-ipv6 Before, we used — node-cdr-mask-size directly.

If we still use a single-stack Kubernetes cluster, we normally do not need to make any adjustments, but we can also use the option mentioned above to set the IPv4/IPv6 subnet of the cluster separately.

PodSecurity Admission reached Beta

PodSecurity Admission is the replacement of the previous PSP. For Kubernetes Admission, please refer to my previous article “Sorting out the Admission Mechanism in Kubernetes”.

IngressClass supports namespace level parameters

IngressClass. Spec. The Parameters. The Namespace field current to achieve GA, so we can set Parameters for the Namespace for IngressClass level. Such as:

apiVersion: networking.k8s.io/v1
 kind: IngressClass
 metadata:
   name: external-lb
 spec:
   controller: example.com/ingress-controller
   parameters:
     apiGroup: k8s.example.com
     kind: IngressParameters
     name: external-lb
     namespace: external-configuration
     scope: Namespace
Copy the code

Added support for gRPC protocol in Probe

Through KEP # 2727, in this release for Pod. Spec. Container. {Liveness, Readiness, Startup} the Probe added gRPC protocol support. Such as:

readinessProbe:
  grpc:
    port: 9090
    service: moelove-service
  initialDelaySeconds: 5
  periodSeconds: 10
Copy the code

This feature can be enabled through the GRPCContainerProbe feature gate. See #106463 for more details

New OpenAPI V3

This feature is Alpha level and can be enabled via OpenApiv3 feature Gate.

This feature was added mainly because CRD is currently defined through OpenApi V3, but apI-Server is not currently supported. Some of this information is lost when converting from OpenApi V3 to V2.

More details can be found in KEP #2896

CRD Validation expression language

This is an Alpha level feature and is disabled by default. By increasing CustomResourceValidationExpressions feature gate to open it. This alpha-level feature is introduced separately because extensions to Kubernetes based on Custom Resource Definitions (CRDs) have become popular, but there are limited validation rules that can be added to CRD. More scenes require additional Admission.

This feature uses a Language called Common Expression Language (CEL) for rule definition and adds rules through the X-Kubernetes-validation-Rules field.

For example, a CRDs has the following contents, where minReplicas is less than replicas and Replicas is less than maxReplicas.

.
openAPIV3Schema:
  type: object
  properties:
    spec:
      type: object
      x-kubernetes-validation-rules:
        - rule: "self.minReplicas <= self.replicas"
          message: "replicas should be greater than or equal to minReplicas."
        - rule: "self.replicas <= self.maxReplicas"
          message: "replicas should be smaller than or equal to maxReplicas."
      properties:
        .
        minReplicas:
          type: integer
        replicas:
          type: integer
        maxReplicas:
          type: integer
      required:
        - minReplicas
        - replicas
        - maxReplicas 
Copy the code

Then, Kubernetes will reject any custom resource created as follows.

apiVersion: "stable.example.com/v1"
kind: CustomDeployment
metadata:
  name: my-new-deploy-object
spec:
  minReplicas: 0
  replicas: 20
  maxReplicas: 10
Copy the code

And return the following error:

The CustomDeployment "my-new-deploy-object" is invalid:
* spec: Invalid value: map[string]interface {}{"maxReplicas":10, "minReplicas":0, "replicas":20}: replicas should be smaller than or equal to maxReplicas.
Copy the code

In this way, it is much more convenient for us to evaluate the Admission system than in the past. For more information about Kubernetes Admission, please refer to my previous article “Clarifying the Mechanism of Kubernetes Admission”.

HPA V2 API reaches GA

HPA V2 was first proposed about five years ago, and after five years of development, it has now reached the GA level.

These are some of the main features I think are worth looking at in Kubernetes V1.23, see release enote for more information

Please feel free to subscribe to my official account [MoeLove]