Blog: Consider All Microservices Vulnerable — And Monitor Their Behavior

Author: David Hadas (IBM Research Labs) This post warns Devops from a false sense of security. Following security best practices when developing and configuring microservices do not result in non-vulnerable microservices. The post shows that although all deployed microservices are vulnerable, there is much that can be done to ensure microservices are not exploited. It Read more about Blog: Consider All Microservices Vulnerable — And Monitor Their Behavior[…]

Blog: Protect Your Mission-Critical Pods From Eviction With PriorityClass

Author: Sunny Bhambhani (InfraCloud Technologies) Kubernetes has been widely adopted, and many organizations use it as their de-facto orchestration engine for running workloads that need to be created and deleted frequently. Therefore, proper scheduling of the pods is key to ensuring that application pods are up and running within the Kubernetes cluster without any issues. Read more about Blog: Protect Your Mission-Critical Pods From Eviction With PriorityClass[…]

Blog: Kubernetes 1.26: Eviction policy for unhealthy pods guarded by PodDisruptionBudgets

Authors: Filip Křepinský (Red Hat), Morten Torkildsen (Google), Ravi Gudimetla (Apple) Ensuring the disruptions to your applications do not affect its availability isn’t a simple task. Last month’s release of Kubernetes v1.26 lets you specify an unhealthy pod eviction policy for PodDisruptionBudgets (PDBs) to help you maintain that availability during node management operations. In this Read more about Blog: Kubernetes 1.26: Eviction policy for unhealthy pods guarded by PodDisruptionBudgets[…]

Blog: Kubernetes 1.26: Retroactive Default StorageClass

Author: Roman Bednář (Red Hat) The v1.25 release of Kubernetes introduced an alpha feature to change how a default StorageClass was assigned to a PersistentVolumeClaim (PVC). With the feature enabled, you no longer need to create a default StorageClass first and PVC second to assign the class. Additionally, any PVCs without a StorageClass assigned can Read more about Blog: Kubernetes 1.26: Retroactive Default StorageClass[…]

Blog: Kubernetes v1.26: Alpha support for cross-namespace storage data sources

Author: Takafumi Takahashi (Hitachi Vantara) Kubernetes v1.26, released last month, introduced an alpha feature that lets you specify a data source for a PersistentVolumeClaim, even where the source data belong to a different namespace. With the new feature enabled, you specify a namespace in the dataSourceRef field of a new PersistentVolumeClaim. Once Kubernetes checks that Read more about Blog: Kubernetes v1.26: Alpha support for cross-namespace storage data sources[…]

Blog: Kubernetes v1.26: Advancements in Kubernetes Traffic Engineering

Authors: Andrew Sy Kim (Google) Kubernetes v1.26 includes significant advancements in network traffic engineering with the graduation of two features (Service internal traffic policy support, and EndpointSlice terminating conditions) to GA, and a third feature (Proxy terminating endpoints) to beta. The combination of these enhancements aims to address short-comings in traffic engineering that people face Read more about Blog: Kubernetes v1.26: Advancements in Kubernetes Traffic Engineering[…]

Blog: Kubernetes 1.26: Job Tracking, to Support Massively Parallel Batch Workloads, Is Generally Available

Authors: Aldo Culquicondor (Google) The Kubernetes 1.26 release includes a stable implementation of the Job controller that can reliably track a large amount of Jobs with high levels of parallelism. SIG Apps and WG Batch have worked on this foundational improvement since Kubernetes 1.22. After multiple iterations and scale verifications, this is now the default Read more about Blog: Kubernetes 1.26: Job Tracking, to Support Massively Parallel Batch Workloads, Is Generally Available[…]

Blog: Kubernetes v1.26: CPUManager goes GA

Author: Francesco Romani (Red Hat) The CPU Manager is a part of the kubelet, the Kubernetes node agent, which enables the user to allocate exclusive CPUs to containers. Since Kubernetes v1.10, where it graduated to Beta, the CPU Manager proved itself reliable and fulfilled its role of allocating exclusive CPUs to containers, so adoption has Read more about Blog: Kubernetes v1.26: CPUManager goes GA[…]

Blog: Kubernetes 1.26: Pod Scheduling Readiness

Author: Wei Huang (Apple), Abdullah Gharaibeh (Google) Kubernetes 1.26 introduced a new Pod feature: scheduling gates. In Kubernetes, scheduling gates are keys that tell the scheduler when a Pod is ready to be considered for scheduling. What problem does it solve? When a Pod is created, the scheduler will continuously attempt to find a node Read more about Blog: Kubernetes 1.26: Pod Scheduling Readiness[…]

Blog: Kubernetes 1.26: Support for Passing Pod fsGroup to CSI Drivers At Mount Time

Authors: Fabio Bertinatto (Red Hat), Hemant Kumar (Red Hat) Delegation of fsGroup to CSI drivers was first introduced as alpha in Kubernetes 1.22, and graduated to beta in Kubernetes 1.25. For Kubernetes 1.26, we are happy to announce that this feature has graduated to General Availability (GA). In this release, if you specify a fsGroup Read more about Blog: Kubernetes 1.26: Support for Passing Pod fsGroup to CSI Drivers At Mount Time[…]