How Docker brought containers mainstream Watch Now

If you're using containers in production, you know you need a DevOps tool to manage them. For many companies, Kubernetes is that program. The fast-developing, open-source, container-orchestration package has just released its newest version, Kubernetes 1.7, just over three months since the developers released Kubernetes 1.6.

Haven't heard of Kubernetes? You will. Natasha Woods, a Linux Foundation senior PR manager, asked, "What do Wink, Ancestry.com, Box, Buffer, GolfNow, and Ticketmaster have in common? The way they run their infrastructure. Taking a page from giants like Google, these companies are tapping into container orchestration technology Kubernetes."

Besides these companies, Red Hat, Oracle, IBM, and Microsoft, to name but a few, have all invested in Kubernetes. Of all the important cloud players, only Amazon Web Services (AWS) is on the outside looking in. That's no accident. Besides its technical advantages, companies are using Kubernetes as a way to try to crack AWS's cloud domination.

This milestone release adds security, storage, and extensibility features to make the DevOps program even better suited for enterprise customers. Luis Pabón, CoreOS's technical lead of Kubernetes development, blogged, that this new version doesn't just add new features, but "continues the construction of new interfaces to make Kubernetes more extensible with a more reliable core. ... Ultimately, its goal is to make it so that developers can deploy new features based on a stable, featurefull, core Kubernetes system, enabling new features to be added on demand."

To improve Kubernetes extensibility, Kubernetes 1.7 has two new features: The first is API aggregation at runtime, which enables power users to add Kubernetes-style pre-built, third party or user-created application programming interfaces (API)s to their cluster.

The other is Container Runtime Interface (CRI). This has been enhanced with New remote-procedure calls (RPC) calls. These can retrieve container metrics from the runtime. CRI Validation tests have been published, and Alpha containerd integration, which supports basic pod life-cycle and image management, is now available.

The other improvements, by area, include:

Security:

The Network Policy API is promoted to stable. Network policy, implemented through a network plug-in, allows users to set and enforce rules governing which pods can communicate with each other.

Node authorizer and admission control plugin are new additions that restrict kubelet's access to secrets, pods, and other objects based on its node.

Encryption for Secrets, and other resources in etcd, is now available as alpha.

Kubelet TLS bootstrapping now supports client and server certificate rotation.

Audit logs stored by the API server are now more customizable and extensible with support for event filtering and webhooks. They also provide richer data for system audit.

Stateful workloads:

StatefulSet Updates is a new beta feature in 1.7, allowing automated updates of stateful applications such as Kafka, Zookeeper, and etcd, using a range of update strategies including rolling updates.

StatefulSets also now support faster scaling and startup for applications that do not require ordering through Pod Management Policy. This can be a major performance improvement.

Local Storage (alpha) was one of most frequently requested features for stateful applications. Users can now access local storage volumes through the standard PVC/PV interface and via StorageClasses in StatefulSets.

DaemonSets, which create one pod per node already have an update feature, and in 1.7 have added smart rollback and history capability.

A new StorageOS Volume plugin provides highly available, cluster-wide persistent volumes from local or attached node storage.

Finally, there are two alpha features:

External admission controllers provides options for adding custom business logic to the API server for changing objects, as they are created and validating policy.

Policy-based Federated Resource Placement, which provides placement policies for the federated cluster, based on custom requirements such as regulation, pricing, or performance.

Put all these together and you have even more reasons for enterprises, which are already committed to using containers, to manage their 21st century cloud applications.

Related stories: