Authors: Joe Betz (Google), Cici Huang (Google), Kermit Alexander (Google) In Kubernetes 1.25, Validation rules for CustomResourceDefinitions (CRDs) have graduated to Beta! Validation rules make it possible to declare how custom resources are validated using the Common Expression Language (CEL). For example: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition … openAPIV3Schema: type: object properties: spec: type: object x-kubernetes-validations: Read more about Blog: Kubernetes 1.25: CustomResourceDefinition Validation Rules Graduate to Beta[…]

Author: Humble Chirammal (Red Hat), Louis Koo (deeproute.ai) Kubernetes v1.25, released earlier this month, introduced a new feature that lets your cluster expand storage volumes, even when access to those volumes requires a secret (for example: a credential for accessing a SAN fabric) to perform node expand operation. This new behavior is in alpha and Read more about Blog: Kubernetes 1.25: Use Secrets for Node-Driven Expansion of CSI Volumes[…]

Author: Jing Xu (Google) Local ephemeral storage capacity isolation was introduced as a alpha feature in Kubernetes 1.7 and it went beta in 1.9. With Kubernetes 1.25 we are excited to announce general availability(GA) of this feature. Pods use ephemeral local storage for scratch space, caching, and logs. The lifetime of local ephemeral storage does Read more about Blog: Kubernetes 1.25: Local Storage Capacity Isolation Reaches GA[…]

Authors: Ravi Gudimetla (Apple), Filip Křepinský (Red Hat), Maciej Szulik (Red Hat) This blog describes the two features namely minReadySeconds for StatefulSets and maxSurge for DaemonSets that SIG Apps is happy to graduate to stable in Kubernetes 1.25. Specifying minReadySeconds slows down a rollout of a StatefulSet, when using a RollingUpdate value in .spec.updateStrategy field, Read more about Blog: Kubernetes 1.25: Two Features for Apps Rollouts Graduate to Stable[…]

Author: Deep Debroy (Apple) Kubernetes 1.25 introduces Alpha support for a new kubelet-managed pod condition in the status field of a pod: PodHasNetwork. The kubelet, for a worker node, will use the PodHasNetwork condition to accurately surface the initialization state of a pod from the perspective of pod sandbox creation and network configuration by a Read more about Blog: Kubernetes 1.25: PodHasNetwork condition for pods[…]

Author: Pushkar Joglekar (VMware) A long-standing request from the Kubernetes community has been to have a programmatic way for end users to keep track of Kubernetes security issues (also called “CVEs”, after the database that tracks public security issues across different products and vendors). Accompanying the release of Kubernetes v1.25, we are excited to announce Read more about Blog: Announcing the Auto-refreshing Official Kubernetes CVE Feed[…]

Authors: Anish Ramasekar, Rita Zhang, Mo Khan, and Xander Grzywinski (Microsoft) With Kubernetes v1.25, SIG Auth is introducing a new v2alpha1 version of the Key Management Service (KMS) API. There are a lot of improvements in the works, and we’re excited to be able to start down the path of a new and improved KMS! Read more about Blog: Kubernetes 1.25: KMS V2 Improvements[…]

Author: Dan Winship (Red Hat) Some Kubernetes components (such as kubelet and kube-proxy) create iptables chains and rules as part of their operation. These chains were never intended to be part of any Kubernetes API/ABI guarantees, but some external components nonetheless make use of some of them (in particular, using KUBE-MARK-MASQ to mark packets as Read more about Blog: Kubernetes’s IPTables Chains Are Not API[…]

Authors: Sidhartha Mani (Minio, Inc) This article introduces the Container Object Storage Interface (COSI), a standard for provisioning and consuming object storage in Kubernetes. It is an alpha feature in Kubernetes v1.25. File and block storage are treated as first class citizens in the Kubernetes ecosystem via Container Storage Interface (CSI). Workloads using CSI volumes Read more about Blog: Introducing COSI: Object Storage Management using Kubernetes APIs[…]

Authors:: David Porter (Google), Mrunal Patel (Red Hat) Kubernetes 1.25 brings cgroup v2 to GA (general availability), letting the kubelet use the latest container resource management capabilities. What are cgroups? Effective resource management is a critical aspect of Kubernetes. This involves managing the finite resources in your nodes, such as CPU, memory, and storage. cgroups Read more about Blog: Kubernetes 1.25: cgroup v2 graduates to GA[…]