SlideShare a Scribd company logo

What's New in Kubernetes 1.15

Mirantis
Mirantis

Overview of new features and enhancements in the latest k8s release. View the webinar recording at https://info.mirantis.com/k8s-1-15

Technology
1 of 42
Download to read offline
Copyright © 2019 Mirantis, Inc. All rights reserved What’s New in Kubernetes 1.15 WEBINAR | June 20, 2019
2 A Few Introductions (ok just one) Nick Chase Head of Technical Content at Mirantis Nick Chase is Head of Technical Content for Mirantis and a former member of the Kubernetes release team. He is a former software developer and author or co-author of more than a dozen books on various programming topics, including the OpenStack Architecture Guide, Understanding OPNFV, and Machine Learning for Mere Mortals.
3 A Little Housekeeping ● Please submit questions in the Questions panel. ● We’ll provide a link where you can download the slides at the end of the webinar.
4 ● Structural schemas ● Generally available ● Promoted to Beta ● New features ● Q&A Agenda
5 Audience Poll
6 Kubernetes Training training.mirantis.com training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for CKA 4 days Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day
7 Structural schemas
8 ● Subset of OpenAPI 3 ● Produced from code by tools like crd-gen and openapi-gen ● vbeta1 ○ Non-structural CRDs still work ○ NonStructuralSchema condition returned ○ Must be structural to use new features ● v1 ○ Structural schemas will be required Structural Schemas
9 "All types and the possible object fields within a JSON object must be apparent from a structural schema without understanding the logical junctors anyOf, allOf, oneOf and not." What is a structural schema?
10 1. specifies a non-empty type (via type in OpenAPI) for the root, for each specified field of an object node (via properties or additionalProperties in OpenAPI) and for each item in an array node (via items in OpenAPI), with the exception of: ○ a node with x-kubernetes-int-or-string: true ○ a node with x-kubernetes-preserve-unknown-fields: true 2. for each each field in an object and each item in an array which is specified within any of allOf, anyOf, oneOf or not, the schema also specifies the field/item outside of those logical junctors 3. does not set description, type, default, additionalProperties, nullable within an allOf, anyOf, oneOf or not, with the exception of the two pattern for x-kubernetes-int-or-string: true 4. if metadata is specified, then only restrictions on metadata.name and metadata.generateName are allowed. A structural schema is one where ...
11 properties: foo: pattern: "abc" metadata: type: object properties: name: type: string pattern: "^a" finalizers: type: array items: type: string pattern: "my-finalizer" anyOf: - properties: bar: type: integer minimum: 42 required: ["bar"] description: "foo bar object" Non-structural
12 type: object description: "foo bar object" properties: foo: type: string pattern: "abc" bar: type: integer metadata: type: object properties: name: type: string pattern: "^a" anyOf: - properties: bar: minimum: 42 required: ["bar"] Structural
13 x-kubernetes-int-or-string: true allOf: - anyOf: // optionally provided and accepted - type: integer - type: string - pattern: abc anyOf: - minimum: 42 maximum: 50 - minimum: 52 maximum: 60 Exceptions to every rule Also ● x-kubernetes-embedded-resource ● X-kubernetes-unions ● x-kubernetes-preserve-unknown-fields
14 CRD Open API Schemas ● Already supported by core objects ● Schemas enable: ○ server-side validation ○ documentation creation ○ explain
15 Defaulting and pruning for Custom Resources ● Defaulting (alpha) ○ Missing default values are added ● Pruning ○ "Unknown" fields are removed ○ Unless x-kubernetes-preserve-unknown-fields: true
16 Webhook conversion for Custom Resources ● Converts resources from one version to another ○ Stored as one version, requested as another ○ Vice versa
17 Generally available Ready for production
18 Server-side descriptions ● kubectl get ● CustomResourceDefinitions ● Third-party API extensions ● kubectl describe in future release
19 Go module support ● Go 1.13 to deprecate GOPATH ● Consistent vendor directory on any OS ● Use 2 different module versions simultaneously
20 Kubeadm improvements Beta
21 Dynamic HA clusters with kubeadm ● 2 methods ○ Stacked control plane ○ External etcd cluster ● Architecture ○ 3 masters ○ 3 workers ○ 3 etcd nodes (optional) ○ Load balancer
22 Upgrade kubeadm configuration to v1beta2 ● kubeadm init/join ● Kubeadm fields with no API endpoint ● Repeatability ○ Runtime settings should be persisted ● Specialized substructures ● New features ○ Certificates copy ○ Pre-flight errors
23 Promoted to Beta On by default, but not necessarily production-ready
24 Admission webhook changes ● Admission controllers are everpresent ● Admission webhooks let you specify your own logic ○ Mutating admission webhooks ○ Validating admission webhooks ● Mutating webhooks can now be invoked more than once ○ reinvocationPolicy: IfNeeded
25 NodeLocal DNSCache ● Prevents single point of failure ● Additional listen IP for node-local-dns pod: 169.254.20.10 ● Extends node-local-dns to listen on the kube-dns service IP as well ● Determination of node-local-dns vs kube-dns by external component ● IPTables only
26 NodeLocal DNSCache apiVersion: v1 kind: Service metadata: name: node-local-upstream namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "NodeLocalUpstream" spec: selector: k8s-app: kube-dns ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53
27 Online resizing of PersistentVolumes ● No need to terminate pod or unmount volume ● PersistentVolumeClaim must be in ReadWrite mode ● Enabled by default via ExpandInUsePersistentVolumes feature gate
28 Environment variables expansion apiVersion: v1 kind: Pod metadata: name: pod1 spec: containers: - name: container1 env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name image: busybox command: [ "sh", "-c", "while [ true ]; do echo 'Hello'; sleep 10; done | tee -a /logs/hello.txt" ] volumeMounts: - name: workdir1 mountPath: /logs subPathExpr: $(POD_NAME) restartPolicy: Never volumes: - name: workdir1 hostPath: path: /var/log/pods ● Log files ● 2 or more pods
29 PodDisruptionBudget for custom resources ● Already works for Deployment, StatefulSet, ReplicaSet, ReplicationController ● Scale subresource provides desired replicas ● Good for any resource
30 Pod limiting ● Prevents fork bombs ● Node level support ○ --system-reserved=[cpu=100m][,][memory=100Mi][,][pid=1000] ○ --kube-reserved=[cpu=100m][,][memory=100Mi][,][pid=1000] ● Pod level isolation ○ SupportPodPidsLimit feature gate ○ --pod-max-pids=1000
31 Third-party device monitoring plugins ● Container-level metrics for devices using device plugins ● Vendor-provided Device-specific metrics ● Uses PodResources service
32 AWS Network Load Balancer ● New load balancer ○ Multiple ports ○ WebSockets ○ Host-based, HTTP-based, HTTPs-based routing ○ Query-string, Source IP-based routing ○ User authentication ○ Redirects ● Annotation service.beta.kubernetes.io/aws-load-balancer-type = nlb
33 New features (alpha) Generally off by default, may change
34 Cloning a Volume ● Existing PVC as DataSource ● Different from a Snapshot ● Only for CSI drivers. ● Only for dynamic provisioners. ● Only for drivers that have implemented cloning ● Only In the same namespace apiVersion: v1 kind: PersistentVolumeClaim metadata: name: clone-of-pvc-1 namespace: myns spec: capacity: storage: 10Gi dataSource: kind: PersistentVolumeClaim name: pvc-1
35 Scheduling framework ● Plugin API ● Plugins are compiled into the scheduler ● Scheduling cycle ● Binding cycle ● Extension points ○ Queue sort ○ Pre-filter ○ Filter ○ Post-filter ○ Scoring ○ Normalize scoring ○ Reserve ○ Permit ○ Pre-bind ○ Bind ○ Post-bind ○ Unreserve
36 Non-preempting PriorityClasses ● PremptionPolicy ● Defaults to PreemptLowerPriority ● Set to Never ● Prevents new pods but leaves existing ● Backoff policy for retries
37 Executing user code in pods ● ExecutionHook ● ExecutionHookController ● Not tied to start or termination ● Can be called on demand
38 Filesystem quotas for ephemeral storage ● Improvement over walking the filesystem tree ○ Faster ○ More accurate ● emptyDir only ● Monitor only; no enforcement ● Ready for XFS volumes ● For ext4fs: ○ create with mkfs.ext4 -O project <block_device> ○ run tune2fs -Q prjquota block device; ● Mount with option project in /etc/fstab ● rootflags=pquota
39 LoadBalancer finalizer protection ● Prevent orphaned load balancers ● Make sure LB is fully deleted before Service is deleted
40 Event API improvements ● More structure ● Better deduplication
41 Kubernetes Training training.mirantis.com training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for CKA 4 days Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day
42 Thank you! Q&A Download the slides from bit.ly/k8s-1-15-webinar We’ll send you the slides and recording by Monday.

Recommended

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...Mirantis
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security WorkshopMirantis
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge CloudMirantis
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesMirantis
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesMirantis
 

Recommended

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...Mirantis
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security WorkshopMirantis
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge CloudMirantis
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesMirantis
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesMirantis
 
Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceMirantis
 
Mirantis life
Mirantis lifeMirantis life
Mirantis lifeMirantis
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...Mirantis
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Mirantis
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudMirantis
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackMirantis
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryMirantis
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsMirantis
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleMirantis
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutMirantis
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's YouMirantis
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationMirantis
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMirantis
 
Your 1st Ceph cluster
Your 1st Ceph clusterYour 1st Ceph cluster
Your 1st Ceph clusterMirantis
 
App catalog (Vancouver)
App catalog (Vancouver)App catalog (Vancouver)
App catalog (Vancouver)Mirantis
 
Tales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasTales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasMirantis
 
OpenStack Overview and History
OpenStack Overview and HistoryOpenStack Overview and History
OpenStack Overview and HistoryMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack ArchitecturesMirantis
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

More Related Content

More from Mirantis

Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceMirantis
 
Mirantis life
Mirantis lifeMirantis life
Mirantis lifeMirantis
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...Mirantis
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Mirantis
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudMirantis
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackMirantis
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryMirantis
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsMirantis
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleMirantis
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutMirantis
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's YouMirantis
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationMirantis
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMirantis
 
Your 1st Ceph cluster
Your 1st Ceph clusterYour 1st Ceph cluster
Your 1st Ceph clusterMirantis
 
App catalog (Vancouver)
App catalog (Vancouver)App catalog (Vancouver)
App catalog (Vancouver)Mirantis
 
Tales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasTales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasMirantis
 
OpenStack Overview and History
OpenStack Overview and HistoryOpenStack Overview and History
OpenStack Overview and HistoryMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack ArchitecturesMirantis
 

More from Mirantis (20)

Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security Compliance
 
Mirantis life
Mirantis lifeMirantis life
Mirantis life
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the Cloud
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStack
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 Clouds
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That Simple
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container Shakeout
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's You
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for Innovation
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStack
 
Your 1st Ceph cluster
Your 1st Ceph clusterYour 1st Ceph cluster
Your 1st Ceph cluster
 
App catalog (Vancouver)
App catalog (Vancouver)App catalog (Vancouver)
App catalog (Vancouver)
 
Tales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasTales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community Seas
 
OpenStack Overview and History
OpenStack Overview and HistoryOpenStack Overview and History
OpenStack Overview and History
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack Architectures
 

Recently uploaded

Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

What's New in Kubernetes 1.15

  • 1. Copyright © 2019 Mirantis, Inc. All rights reserved What’s New in Kubernetes 1.15 WEBINAR | June 20, 2019
  • 2. 2 A Few Introductions (ok just one) Nick Chase Head of Technical Content at Mirantis Nick Chase is Head of Technical Content for Mirantis and a former member of the Kubernetes release team. He is a former software developer and author or co-author of more than a dozen books on various programming topics, including the OpenStack Architecture Guide, Understanding OPNFV, and Machine Learning for Mere Mortals.
  • 3. 3 A Little Housekeeping ● Please submit questions in the Questions panel. ● We’ll provide a link where you can download the slides at the end of the webinar.
  • 4. 4 ● Structural schemas ● Generally available ● Promoted to Beta ● New features ● Q&A Agenda
  • 6. 6 Kubernetes Training training.mirantis.com training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for CKA 4 days Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day
  • 8. 8 ● Subset of OpenAPI 3 ● Produced from code by tools like crd-gen and openapi-gen ● vbeta1 ○ Non-structural CRDs still work ○ NonStructuralSchema condition returned ○ Must be structural to use new features ● v1 ○ Structural schemas will be required Structural Schemas
  • 9. 9 "All types and the possible object fields within a JSON object must be apparent from a structural schema without understanding the logical junctors anyOf, allOf, oneOf and not." What is a structural schema?
  • 10. 10 1. specifies a non-empty type (via type in OpenAPI) for the root, for each specified field of an object node (via properties or additionalProperties in OpenAPI) and for each item in an array node (via items in OpenAPI), with the exception of: ○ a node with x-kubernetes-int-or-string: true ○ a node with x-kubernetes-preserve-unknown-fields: true 2. for each each field in an object and each item in an array which is specified within any of allOf, anyOf, oneOf or not, the schema also specifies the field/item outside of those logical junctors 3. does not set description, type, default, additionalProperties, nullable within an allOf, anyOf, oneOf or not, with the exception of the two pattern for x-kubernetes-int-or-string: true 4. if metadata is specified, then only restrictions on metadata.name and metadata.generateName are allowed. A structural schema is one where ...
  • 11. 11 properties: foo: pattern: "abc" metadata: type: object properties: name: type: string pattern: "^a" finalizers: type: array items: type: string pattern: "my-finalizer" anyOf: - properties: bar: type: integer minimum: 42 required: ["bar"] description: "foo bar object" Non-structural
  • 12. 12 type: object description: "foo bar object" properties: foo: type: string pattern: "abc" bar: type: integer metadata: type: object properties: name: type: string pattern: "^a" anyOf: - properties: bar: minimum: 42 required: ["bar"] Structural
  • 13. 13 x-kubernetes-int-or-string: true allOf: - anyOf: // optionally provided and accepted - type: integer - type: string - pattern: abc anyOf: - minimum: 42 maximum: 50 - minimum: 52 maximum: 60 Exceptions to every rule Also ● x-kubernetes-embedded-resource ● X-kubernetes-unions ● x-kubernetes-preserve-unknown-fields
  • 14. 14 CRD Open API Schemas ● Already supported by core objects ● Schemas enable: ○ server-side validation ○ documentation creation ○ explain
  • 15. 15 Defaulting and pruning for Custom Resources ● Defaulting (alpha) ○ Missing default values are added ● Pruning ○ "Unknown" fields are removed ○ Unless x-kubernetes-preserve-unknown-fields: true
  • 16. 16 Webhook conversion for Custom Resources ● Converts resources from one version to another ○ Stored as one version, requested as another ○ Vice versa
  • 18. 18 Server-side descriptions ● kubectl get ● CustomResourceDefinitions ● Third-party API extensions ● kubectl describe in future release
  • 19. 19 Go module support ● Go 1.13 to deprecate GOPATH ● Consistent vendor directory on any OS ● Use 2 different module versions simultaneously
  • 21. 21 Dynamic HA clusters with kubeadm ● 2 methods ○ Stacked control plane ○ External etcd cluster ● Architecture ○ 3 masters ○ 3 workers ○ 3 etcd nodes (optional) ○ Load balancer
  • 22. 22 Upgrade kubeadm configuration to v1beta2 ● kubeadm init/join ● Kubeadm fields with no API endpoint ● Repeatability ○ Runtime settings should be persisted ● Specialized substructures ● New features ○ Certificates copy ○ Pre-flight errors
  • 23. 23 Promoted to Beta On by default, but not necessarily production-ready
  • 24. 24 Admission webhook changes ● Admission controllers are everpresent ● Admission webhooks let you specify your own logic ○ Mutating admission webhooks ○ Validating admission webhooks ● Mutating webhooks can now be invoked more than once ○ reinvocationPolicy: IfNeeded
  • 25. 25 NodeLocal DNSCache ● Prevents single point of failure ● Additional listen IP for node-local-dns pod: 169.254.20.10 ● Extends node-local-dns to listen on the kube-dns service IP as well ● Determination of node-local-dns vs kube-dns by external component ● IPTables only
  • 26. 26 NodeLocal DNSCache apiVersion: v1 kind: Service metadata: name: node-local-upstream namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "NodeLocalUpstream" spec: selector: k8s-app: kube-dns ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53
  • 27. 27 Online resizing of PersistentVolumes ● No need to terminate pod or unmount volume ● PersistentVolumeClaim must be in ReadWrite mode ● Enabled by default via ExpandInUsePersistentVolumes feature gate
  • 28. 28 Environment variables expansion apiVersion: v1 kind: Pod metadata: name: pod1 spec: containers: - name: container1 env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name image: busybox command: [ "sh", "-c", "while [ true ]; do echo 'Hello'; sleep 10; done | tee -a /logs/hello.txt" ] volumeMounts: - name: workdir1 mountPath: /logs subPathExpr: $(POD_NAME) restartPolicy: Never volumes: - name: workdir1 hostPath: path: /var/log/pods ● Log files ● 2 or more pods
  • 29. 29 PodDisruptionBudget for custom resources ● Already works for Deployment, StatefulSet, ReplicaSet, ReplicationController ● Scale subresource provides desired replicas ● Good for any resource
  • 30. 30 Pod limiting ● Prevents fork bombs ● Node level support ○ --system-reserved=[cpu=100m][,][memory=100Mi][,][pid=1000] ○ --kube-reserved=[cpu=100m][,][memory=100Mi][,][pid=1000] ● Pod level isolation ○ SupportPodPidsLimit feature gate ○ --pod-max-pids=1000
  • 31. 31 Third-party device monitoring plugins ● Container-level metrics for devices using device plugins ● Vendor-provided Device-specific metrics ● Uses PodResources service
  • 32. 32 AWS Network Load Balancer ● New load balancer ○ Multiple ports ○ WebSockets ○ Host-based, HTTP-based, HTTPs-based routing ○ Query-string, Source IP-based routing ○ User authentication ○ Redirects ● Annotation service.beta.kubernetes.io/aws-load-balancer-type = nlb
  • 33. 33 New features (alpha) Generally off by default, may change
  • 34. 34 Cloning a Volume ● Existing PVC as DataSource ● Different from a Snapshot ● Only for CSI drivers. ● Only for dynamic provisioners. ● Only for drivers that have implemented cloning ● Only In the same namespace apiVersion: v1 kind: PersistentVolumeClaim metadata: name: clone-of-pvc-1 namespace: myns spec: capacity: storage: 10Gi dataSource: kind: PersistentVolumeClaim name: pvc-1
  • 35. 35 Scheduling framework ● Plugin API ● Plugins are compiled into the scheduler ● Scheduling cycle ● Binding cycle ● Extension points ○ Queue sort ○ Pre-filter ○ Filter ○ Post-filter ○ Scoring ○ Normalize scoring ○ Reserve ○ Permit ○ Pre-bind ○ Bind ○ Post-bind ○ Unreserve
  • 36. 36 Non-preempting PriorityClasses ● PremptionPolicy ● Defaults to PreemptLowerPriority ● Set to Never ● Prevents new pods but leaves existing ● Backoff policy for retries
  • 37. 37 Executing user code in pods ● ExecutionHook ● ExecutionHookController ● Not tied to start or termination ● Can be called on demand
  • 38. 38 Filesystem quotas for ephemeral storage ● Improvement over walking the filesystem tree ○ Faster ○ More accurate ● emptyDir only ● Monitor only; no enforcement ● Ready for XFS volumes ● For ext4fs: ○ create with mkfs.ext4 -O project <block_device> ○ run tune2fs -Q prjquota block device; ● Mount with option project in /etc/fstab ● rootflags=pquota
  • 39. 39 LoadBalancer finalizer protection ● Prevent orphaned load balancers ● Make sure LB is fully deleted before Service is deleted
  • 40. 40 Event API improvements ● More structure ● Better deduplication
  • 41. 41 Kubernetes Training training.mirantis.com training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for CKA 4 days Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day
  • 42. 42 Thank you! Q&A Download the slides from bit.ly/k8s-1-15-webinar We’ll send you the slides and recording by Monday.