Yesterday, Kubernetes 1.10 was released, adding handfuls of new features to the orchestration platform. You can read the changelog on GitHub.
Kubernetes 1.10 and TLS Bootstrapping
One big thing in 1.10 is the promotion of TLS bootstrapping to stable, which is taking the spotlight for this release. In short, this update allows a kubelet to join a TLS-secured cluster automatically. Previously, the cluster admin would be responsible for assigning TLS assets to the kubelet, or the kubelet needed to self-sign a certificate.
With the new TLS bootstrapping functionality, a kubelet will instead generate a private key and then submit a certificate signing request (CSR) for the certificate to be signed at the cluster level. In the past, TLS support has been a big differentiator between Kubernetes and Docker’s native cluster management, and this change brings both tools on par with one another.
Kubernetes 1.10: Notable Changes
Aside from TLS bootstrapping, the 1.10 release has a bunch of new features in alpha, and a handful of features moving from alpha to beta. There’s a great comprehensive list on the Kubernetes blog. Here are a couple notable changes:
- Better Windows support: Windows Container Configuration is in CRI (Container Runtime Interface), and 1.10 also includes experimental support of Hyper-V containers
- Pod Security Policy: This policy (PSP) defines the security features that pods and containers can use, and gives administrators more control over pod security.
- Out-of-tree CSI Volume Plugins: CSI, the Container Storage Interface, is a standard for providing storage to Kubernetes. This change makes it possible for volume plugins to be developed out-of-tree (outside the main Kubernetes repo), which makes it easier for third-party storage tools to develop plugins for Kubernetes as they are no longer bound to the main repo and release schedule.
My favorite upcoming alpha feature is debug containers, which was slated for 1.10 but is targeting 1.11 for alpha right now. However, it’s pretty cool, so I’ll still include it in this list so we can all keep an eye on it! Troubleshooting running containers can get a bit tricky, and now it’s possible to run debugging utilities on any container, even if the original image didn’t include debugging tools.
New to Kubernetes or container orchestration? If you’re a Docker for Mac or Docker for Windows user, you can run a Kubernetes cluster locally with each of those tools. I’m also a big fan of the application quickstart guide on Google Cloud.