Kubernetes 1.16 and rancher 2.3 enhancements
- 1. Kubernetes 1.16 and Rancher 2.3 Enhancements @saiyampathak
- 2. About myself Saiyam Pathak • Twitter - @saiyampathak • Blog – https://medium.com/@saiyampathak • Rancher and Influx Bangalore Meetup Organizer • Influx ACE • Rancher RanchHands member • Kubernetes Member and APAC coordinator
- 3. Kubernetes 1.16 31 Enhancements 8 Stable 8 Beta 15 Alpha
- 4. IPV4/IPV6 Dual Stack Support https://github.com/kubernetes/enhancements/issues/563 Alpha in 1.16 IPV6 was added in k8s 1.9: either ipv4 or ipv6 or single-pod-IP-aware 1.16 : Multiple ipv4/ipv6 address assignment per pod Native ipv4-to-ipv4 in parallel with ipv6-to-ipv6 communication to, from, and within the cluster Tested in Bridge CNI plugin, PTP CNI plugin
- 5. PVC cloning • Beta 1.16 • Support added for adding existing PVC in the data source field to indicate that user wants to clone a Volume • Cloning support (VolumePVCDataSource) is only available for CSI drivers. • PVC needs to be in same namespace
- 6. Custom Resource Definition #95 • Graduated • CRD are the way to extend k8s API to include custom resource types that behave like native resource type. Beta since 1.7
- 7. Publish CRD open API schema #692 • Graduated to stable • CustomResourceDefinition (CRD) allows the CRD author to define an OpenAPI v3 schema to enable server-side validation for CustomResources (CR).
- 8. Subresources for custom resources - #571 • Graduated to Stable • /status and /scale subresources for CR’s • // +kubebuilder:subresource:status
- 9. Defaulting and Pruning for custom resources- #575 • Pruning- Stable , Defaulting- Beta • features aiming to facilitate the JSON handling and processing associated with CRD • If pruning is enabled, unspecified fields in CR on creation and on update are dropped (preserveUnknownFields) • Defaulting allows to specify default values in the OpenAPi validation schema (CustomResourceDefaulting)
- 11. Webhook conversion for custom resources - #598 Graduated to stable Different CRD versions can have different schemas. You can now handle on-the-fly conversion between versions defining and implementing a conversion webhook.
- 12. Admission Webhooks - #492 • Graduated to stable • Way to extend Kubernetes by putting hook on object creation/modification/deletion. Admission webhooks can mutate or validate the object • Extended to single object
- 13. Add watch bookmarks support- #956 Graduted to Beta Reduce load on ApiServer by minimizing watch events that needs to be processed after restarting the watch. Bookmark represents all objects up to a given resourceVersion requested by the client have already been sent.
- 14. Server-Side Apply - #555 • Graduated to Beta • `kubectl apply` - moves to control plane/apiserver • Current problems: • User does POST > changes something > again apply : boom!! • User does apply > edit > apply : boom !! • User does get > edit locally > apply : boom !! • User tweaks annotations > apply : boom !!
- 15. Deprecate and remove SelfLink - #1164 NET NEW ALPHA WILL BE DEPRECATED IN 1 YEAR
- 16. Building Kubernetes without In- Tree Cloud - #1179 • Net New Alpha • Removing in tree cloud provider implementations code
- 17. Kubeadm for windows- 995 Advanced configurations with kubeadm(using kustomize) - #1177 • Net New Alpha • Join windows machine to Kubernetes cluster • Widows support is there since 1.14 • Rancher 2.3 has windows support (https://rancher.com/blog/2019/2019-10-17- zero-to-windows-containers-with-rancher-2-3-and-terraform/) • kubeadm init --experimental-kustomize kubeadm-patches/ • Static pod customizations
- 18. Kubernetes metrics overhaul - #1206 • Net New Alpha • Metrics not following instrumentation guidelines, Prometheus guidelines • Kubernetes 1.16 removes the labels pod_name and container_name from cAdvisor metrics, duplicates of pod and container. • Kubernetes 1.17 will deprecate some metrics like • apiserver_request_count • apiserver_request_latencies • apiserver_request_latencies_summary • apiserver_dropped_requests
- 19. Endpoint Slicing - #752 Net New Alpha Endpoints object may grow too big and become problematic; as big objects cannot be stored in etcd will split endpoints into several Endpoint Slice resources, solving many of the current API problems Any change in an endpoint, Endpoints object is re- computed, stored and shared with all watchers and causes problems like rolling upgrades.
- 20. Ephemeral containers- #277 • Great way to debug pods, as you can’t add regular container • Troubleshooting and debugging purpose • EphemeralContainers – feature gate needs to be enabled • Fields like ports, livenessProbe, readinessProbe or lifecycle that imply a role in a pod will be disallowed. • Maybe : kubectl debug -c debug-shell --image=debian target-pod -- bash
- 21. Node topology manager - #693 • Alpha • For Ultra low latency – Machine learning workloads • pods running in Guaranteed QoS class that have an integer cpu value are considered by the Topology Manager • Kubelet component centralizes the coordination of hardware resource assignments
- 22. Other Changes • #688 Pod overhead: account resources tied to the pod sandbox, but not specific containers • #895 Even pod spreading across failure domains • #950 Add pod-startup liveness-probe holdoff for slow-starting pods • #964 Extending RequestedToCapacityRatio priority function to support resource bin packing of extended resources • #894 RuntimeClass scheduling – Beta • #689 Support GMSA for Windows workloads - Beta
- 23. References and Kubernetes 1.17 updates link • https://github.com/kubernetes/kubernet es/blob/master/CHANGELOG-1.17.md • https://sysdig.com/blog/whats-new- kubernetes-1-16/ • https://www.youtube.com/watch?v=q9E s0mXQlOc Big Thanks to Awesome Kubernetes Release Team : https://github.com/kubernetes/sig- release/blob/master/releases/release-1.16/release_team.md
- 24. New in Rancher 2.3 • Reuse Kubernetes configurations across all their cluster deployments • First Kubernetes management platform to deliver GA support for Windows Containers and Kubernetes with Windows worker nodes • Gsuite integration • Istio from Rancher • Kiali dashboards for traffic and telemetry visualization • Jaeger for tracing • Prometheus and Grafana for observability
- 25. • Thank you• Thank you
Editor's Notes
- #5: Service ip should be either ipv4 ro ipv6 Kube proxy is modified to drive the ip4 and ipv6 tables in parallel and will maintain the tables for both ipv4 and ipv6 Coredns is also making changes to support multiple address endpoints.
- #6: Added a support in 1.16 to clong an existing PVC maybe for DR purpose or just for testing if some new features with existing volume for a pod. database administrator may want to duplicate a database volume and create another instance of an existing database. Cloning is different from snapshotting. There is no separate object for cloning its just that you can mention existing pvc in the datasource to indicate that you want to clone. Eg:
- #7: In the Kubernetes API a resource is an endpoint that stores a collection of API objects of a certain kind. For example, the built-in pods resource contains a collection of Pod objects.
- #8: You can write complete OPEN api schema for the CRD Covers gap between CR and native Kubernetes api
- #9: If status is enabled then main endpoint will ignore all changes in the status subpath if the spec does not change and Scale subresource, you’ll be able to check how many replicas of your subresource are deployed vs the desired amount
- #24: By enabling the Scale subresource, you’ll be able to check how many replicas of your subresource are deployed vs the desired amount