Kubernetes 1.21 Drops

This week, we’re going to dive into some new Kubernetes 1.21 features, and see what’s the latest and greatest in the ecosystem. Bonus: Docker 1.20 is supported by kubeadm now! Let’s get going!

Issue #123

| Deprecated | Amit over at Aqua Security does a great job of explaining what Pod Security Policy is and why it’s being deprecated. He dives deep into Pod Security Standards (PSS) and some of the things to keep an eye out for when migrating over. 👀

We now turn to Michael Lam with his writeup on upgrading 1.20 -> 1.21. He dives into the process he went through upgrading the various nodes and tooling needed to upgrade. Spoiler: it all went pretty smoothly, but make sure to check out the notes as the article can save you some headaches and gotchas! 🪄

| Graduating to Beta | In a little change of pace, we wanted to highlight PR #2000 on K8s. The actual thread starts in Sep 2020, and if we follow it along, we can see how to contribute directly to the codebase and the governance associated with it. It’s also pretty awesome that Kubelets can now gracefully terminate pods during a node shutdown, and will prove to be quite valuable for those using Spot Instances while running their k8s! 🛑

| Graduating to Beta | Now enabled by default, dual IPv4/IPv6 network stacks are fully supported and could end up being quite impactful. First-class native support for IPv6 routing to pods and services will help alleviate some of the limitations of scaling multi-service workloads inside K8s, while still allowing clusters to leverage IPv4 where needed. Be sure to check your filtering settings once you upgrade, now that all services / pods have a IPv6! 🥞

| Graduating to Stable | Making sure a computer does something on a schedule is DevOps/SRE 101. Traditional CronJobs along with NTP have been the de facto convention for running periodic tasks for decades. With the release of 1.21 CronJobs has graduated to stable. Check out this article to see how and why they work, and even set one up yourself! 📆

Another Kubernetes version shipped; so we get another great deep-dive from the folks over at Sysdig. There’s plenty we haven’t covered in Kubelist this week (because we can only make the newsletter so long) but head over to Sysdig for the most comprehensive writeup, and get your full k8s fix! 🍫

Big Congrats to Stephen. Looking forward to what #OpenCisco is gonna be working on...