The content of "K8S Ecological Weekly" mainly contains some recommended weekly information about the K8S ecology that I came into contact with. Welcome to subscribe to the column "k8s ecology" .
Kubernetes v1.23 will be released soon. This is the third version released in 2021 and the last officially released version this year.
This version mainly includes 47 enhancements and updates, 11 of which have reached stable, 17 have reached beta, and 19 have reached alpha. Of course, there is also 1 item marked as obsolete. Compared to v1.22, it is a bit less in terms of quantity (v1.22 has 53 enhancements and updates), but this does not affect this is a great version!
After the Kubernetes release cycle was changed to every 4 months, a version of was obvious. It was obvious that there was no need to spend too much time on upgrading. After all, the Kubernetes upgrade operation is an individual effort. What do you think?
Let's take a look at the noteworthy changes in this version!
Added kubectl alpha events command
I introduced this feature to you in the upstream progress of the previous article "K8S Ecological Weekly | Helm New Version Release Enhanced Support for OCI". It is implemented in accordance with KEP #1440 .
The main reason for adding this command is thateventkubectl get. Therefore, directly adding thekubectl eventscommand can make it more convenient to obtain the required information, especially event is an information that often needs to be viewed in Kubernetes.kubectl get eventsmore typical of some problems, such as sorting (although it can be solved by adding parameters), watch, and the inability to view events in a timeline manner.
Let's take a look at how to use this command.
Let's first create two redis , called 061b816c617c6f and redis2 .
(MoeLove) ➜ kubectl run redis --image="ghcr.io/tao12345666333/redis:alpine"
pod/redis created
(MoeLove) ➜ kubectl run redis2 --image="ghcr.io/tao12345666333/redis:alpine"
pod/redis2 created
(MoeLove) ➜ kubectl get pods
NAME READY STATUS RESTARTS AGE
redis 1/1 Running 0 12m
redis2 1/1 Running 0 2m23sExecute kubectl alpha events to see all events under the current namespace. --for is added, it can be used to filter only events related to specific resources. At the same time, sorted by time by
(MoeLove) ➜ kubectl alpha events
LAST SEEN TYPE REASON OBJECT MESSAGE
12m Normal Scheduled Pod/redis Successfully assigned default/redis to kind-control-plane
12m Normal Pulling Pod/redis Pulling image "ghcr.io/tao12345666333/redis:alpine"
12m Normal Pulled Pod/redis Successfully pulled image "ghcr.io/tao12345666333/redis:alpine" in 4.028873745s
12m Normal Created Pod/redis Created container redis
12m Normal Started Pod/redis Started container redis
3m5s Normal Scheduled Pod/redis2 Successfully assigned default/redis2 to kind-control-plane
3m5s Normal Pulled Pod/redis2 Container image "ghcr.io/tao12345666333/redis:alpine" already present on machine
3m4s Normal Created Pod/redis2 Created container redis2
3m4s Normal Started Pod/redis2 Started container redis2
(MoeLove) ➜ kubectl alpha events --for pod/redis2
LAST SEEN TYPE REASON OBJECT MESSAGE
3m23s Normal Scheduled Pod/redis2 Successfully assigned default/redis2 to kind-control-plane
3m23s Normal Pulled Pod/redis2 Container image "ghcr.io/tao12345666333/redis:alpine" already present on machine
3m22s Normal Created Pod/redis2 Created container redis2
3m22s Normal Started Pod/redis2 Started container redis2IPv4/IPv6 dual stack support reaches GA
When configuring dual-stack network Kubernetes, you need to specify --node-cidr-mask-size-ipv4 and --node-cidr-mask-size-ipv6 at the same time in order to set the subnet size on each Node. Before that, we always use --node-cidr-mask-size to set it directly.
If we are still using a single-stack Kubernetes cluster, no adjustments are normally required. Of course, we can also use the options mentioned above to set the IPv4/IPv6 subnet of the cluster separately.
PodSecurity Admission reached Beta
PodSecurity Admission is a replacement for the previous PSP. For Kubernetes Admission, please refer to my previous article "Clearing the Admission Mechanism in Kubernetes", which will not be expanded here.
IngressClass supports namespace level parameters
IngressClass.Spec.Parameters.Namespace field currently reaches GA, so we can set the parameter for IngressClass to the namespace level. for example:
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: external-lb
spec:
controller: example.com/ingress-controller
parameters:
apiGroup: k8s.example.com
kind: IngressParameters
name: external-lb
namespace: external-configuration
scope: NamespaceAdded gRPC protocol support in Probe
Through KEP #2727, in this version, support for the gRPC protocol is added for the Probe of Pod.Spec.Container.{Liveness,Readiness,Startup}. For example:
readinessProbe:
grpc:
port: 9090
service: moelove-service
initialDelaySeconds: 5
periodSeconds: 10This feature can be GRPCContainerProbe feature gate. For details, please refer to #106463
Added OpenAPI V3
This feature is Alpha level and can be turned on OpenApiv3
This feature is added mainly because CRD can currently be defined through OpenApi V3, but api-server does not currently support it. When converting from OpenApi V3 to V2, some information will be lost.
For more details, please refer to KEP #2896
CRD Validation expression language
This is an Alpha-level feature and is not enabled by default. It can be turned on CustomResourceValidationExpressions The feature of this Alpha level is introduced separately because the current extension of Kubernetes based on Custom Resource Definitions (CRDs) has become the mainstream, but the current verification rules that can be added in CRD are limited, and more scenarios require additional admissions. To be done.
This function uses a language called Common Expression Language (CEL) to define rules, and add rules x-kubernetes-validation-rules
For example, the content of a certain CRDs is as follows, which defines that minReplicas less than replicas and replicas less than maxReplicas .
...
openAPIV3Schema:
type: object
properties:
spec:
type: object
x-kubernetes-validation-rules:
- rule: "self.minReplicas <= self.replicas"
message: "replicas should be greater than or equal to minReplicas."
- rule: "self.replicas <= self.maxReplicas"
message: "replicas should be smaller than or equal to maxReplicas."
properties:
...
minReplicas:
type: integer
replicas:
type: integer
maxReplicas:
type: integer
required:
- minReplicas
- replicas
- maxReplicas Then, when the following custom resource is created, Kubernetes will reject its request.
apiVersion: "stable.example.com/v1"
kind: CustomDeployment
metadata:
name: my-new-deploy-object
spec:
minReplicas: 0
replicas: 20
maxReplicas: 10And it returns the following error:
The CustomDeployment "my-new-deploy-object" is invalid:
* spec: Invalid value: map[string]interface {}{"maxReplicas":10, "minReplicas":0, "replicas":20}: replicas should be smaller than or equal to maxReplicas.In this way, it is much more convenient to perform verification through admission. For Kubernetes Admission, please refer to my previous article "Clarifying the Admission Mechanism in Kubernetes".
HPA v2 API reaches GA
HPA v2 was first proposed about 5 years ago, and after 5 years of development, it has finally reached the GA level now.
The above are some of the main features that I think are worth paying attention to in Kubernetes v1.23. For more information, please refer to its ReleaseNote
Welcome to subscribe to my article public account【MoeLove】
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。