Posts in 2022

  • Kubernetes 1.25: alpha support for running Pods with user namespaces

    Monday, October 03, 2022 in Blog

    Authors: Rodrigo Campos (Microsoft), Giuseppe Scrivano (Red Hat) Kubernetes v1.25 introduces the support for user namespaces. This is a major improvement for running secure workloads in Kubernetes. Each pod will have access only to a limited subset …

    Read more

  • Kubernetes 1.25: Use Secrets for Node-Driven Expansion of CSI Volumes

    Wednesday, September 21, 2022 in Blog

    Author: Humble Chirammal (Red Hat), Louis Koo (deeproute.ai) Kubernetes v1.25, released earlier this month, introduced a new feature that lets your cluster expand storage volumes, even when access to those volumes requires a secret (for example: a …

    Read more

  • Kubernetes 1.25: PodHasNetwork condition for pods

    Wednesday, September 14, 2022 in Blog

    Author: Deep Debroy (Apple) Kubernetes 1.25 introduces Alpha support for a new kubelet-managed pod condition in the status field of a pod: PodHasNetwork. The kubelet, for a worker node, will use the PodHasNetwork condition to accurately surface the …

    Read more

  • Announcing the Auto-refreshing Official Kubernetes CVE Feed

    Monday, September 12, 2022 in Blog

    Author: Pushkar Joglekar (VMware) A long-standing request from the Kubernetes community has been to have a programmatic way for end users to keep track of Kubernetes security issues (also called "CVEs", after the database that tracks public …

    Read more

  • Kubernetes 1.25: KMS V2 Improvements

    Friday, September 09, 2022 in Blog

    Authors: Anish Ramasekar, Rita Zhang, Mo Khan, and Xander Grzywinski (Microsoft) With Kubernetes v1.25, SIG Auth is introducing a new v2alpha1 version of the Key Management Service (KMS) API. There are a lot of improvements in the works, and we're …

    Read more

  • Kubernetes’s IPTables Chains Are Not API

    Wednesday, September 07, 2022 in Blog

    Author: Dan Winship (Red Hat) Some Kubernetes components (such as kubelet and kube-proxy) create iptables chains and rules as part of their operation. These chains were never intended to be part of any Kubernetes API/ABI guarantees, but some external …

    Read more

  • Introducing COSI: Object Storage Management using Kubernetes APIs

    Friday, September 02, 2022 in Blog

    Authors: Sidhartha Mani (Minio, Inc) This article introduces the Container Object Storage Interface (COSI), a standard for provisioning and consuming object storage in Kubernetes. It is an alpha feature in Kubernetes v1.25. File and block storage are …

    Read more

  • Kubernetes 1.25: cgroup v2 graduates to GA

    Wednesday, August 31, 2022 in Blog

    Authors:: David Porter (Google), Mrunal Patel (Red Hat) Kubernetes 1.25 brings cgroup v2 to GA (general availability), letting the kubelet use the latest container resource management capabilities. What are cgroups? Effective resource management is a …

    Read more

  • Kubernetes 1.25: CSI Inline Volumes have graduated to GA

    Monday, August 29, 2022 in Blog

    Author: Jonathan Dobson (Red Hat) CSI Inline Volumes were introduced as an alpha feature in Kubernetes 1.15 and have been beta since 1.16. We are happy to announce that this feature has graduated to General Availability (GA) status in Kubernetes …

    Read more

  • Kubernetes v1.25: Pod Security Admission Controller in Stable

    Thursday, August 25, 2022 in Blog

    Authors: Tim Allclair (Google), Sam Stoelinga (Google) The release of Kubernetes v1.25 marks a major milestone for Kubernetes out-of-the-box pod security controls: Pod Security admission (PSA) graduated to stable, and Pod Security Policy (PSP) has …

    Read more