Authors: Anish Ramasekar, Mo Khan, and Rita Zhang (Microsoft) With Kubernetes 1.27, we (SIG Auth) are moving Key Management Service (KMS) v2 API to beta. What is KMS? One of the first things to consider when securing a Kubernetes cluster is encrypting etcd data at rest. KMS provides an interface for a provider to utilize Read more about Blog: Kubernetes 1.27: KMS V2 Moves to Beta[…]

Authors: Paco Xu (DaoCloud), Sergey Kanzhelev (Google), Ruiwen Zhao (Google) How can Pod start-up be accelerated on nodes in large clusters? This is a common issue that cluster administrators may face. This blog post focuses on methods to speed up pod start-up from the kubelet side. It does not involve the creation time of pods Read more about Blog: Kubernetes 1.27: updates on speeding up Pod startup[…]

Author: Vinay Kulkarni (Kubescaler Labs) If you have deployed Kubernetes pods with CPU and/or memory resources specified, you may have noticed that changing the resource values involves restarting the pod. This has been a disruptive operation for running workloads… until now. In Kubernetes v1.27, we have added a new alpha feature that allows users to Read more about Blog: Kubernetes 1.27: In-place Resource Resize for Kubernetes Pods (alpha)[…]

Author: Xu Zhenglun (Alibaba) In Kubernetes, a Service can be used to provide a unified traffic endpoint for applications running on a set of Pods. Clients can use the virtual IP address (or VIP) provided by the Service for access, and Kubernetes provides load balancing for traffic accessing different back-end Pods, but a ClusterIP type Read more about Blog: Kubernetes 1.27: Avoid Collisions Assigning Ports to NodePort Services[…]

Authors: Katrina Verey (independent) and Justin Santa Barbara (Google) Declarative configuration management with the kubectl apply command is the gold standard approach to creating or modifying Kubernetes resources. However, one challenge it presents is the deletion of resources that are no longer needed. In Kubernetes version 1.5, the –prune flag was introduced to address this Read more about Blog: Kubernetes 1.27: Safer, More Performant Pruning in kubectl apply[…]

Author: Xing Yang (VMware) Volume group snapshot is introduced as an Alpha feature in Kubernetes v1.27. This feature introduces a Kubernetes API that allows users to take crash consistent snapshots for multiple volumes together. It uses a label selector to group multiple PersistentVolumeClaims for snapshotting. This new feature is only supported for CSI volume drivers. Read more about Blog: Kubernetes 1.27: Introducing An API For Volume Group Snapshots[…]

Authors: Dixita Narang (Google) Kubernetes v1.27, released in April 2023, introduced changes to Memory QoS (alpha) to improve memory management capabilites in Linux nodes. Support for Memory QoS was initially added in Kubernetes v1.22, and later some limitations around the formula for calculating memory.high were identified. These limitations are addressed in Kubernetes v1.27. Background Kubernetes Read more about Blog: Kubernetes 1.27: Quality-of-Service for Memory Resources (alpha)[…]

Author: Matthew Cary (Google) Kubernetes v1.27 graduated to beta a new policy mechanism for StatefulSets that controls the lifetime of their PersistentVolumeClaims (PVCs). The new PVC retention policy lets users specify if the PVCs generated from the StatefulSet spec template should be automatically deleted or retrained when the StatefulSet is deleted or replicas in the Read more about Blog: Kubernetes 1.27: StatefulSet PVC Auto-Deletion (beta)[…]

Authors: Craig Box (ARMO), Ben Hirschberg (ARMO) Admission control is an important part of the Kubernetes control plane, with several internal features depending on the ability to approve or change an API object as it is submitted to the server. It is also useful for an administrator to be able to define business logic, or Read more about Blog: Kubernetes Validating Admission Policies: A Practical Example[…]