Authors: Joe Betz (Google), Cici Huang (Google) In Kubernetes 1.26, the 1st alpha release of validating admission policies is available! Validating admission policies use the Common Expression Language (CEL) to offer a declarative, in-process alternative to validating admission webhooks. CEL was first introduced to Kubernetes for the Validation rules for CustomResourceDefinitions.This enhancement expands the use of CEL in Kubernetes to support a far wider range of admission use cases. Admission webhooks can be burdensome to develop and operate.Webhook developers must implement and maintain a webhook

Just published by Kubernetes: Read more

Author: Swati Sehgal (Red Hat) The Device Plugin framework was introduced in the Kubernetes v1.8 release as a vendor independent framework to enable discovery, advertisement and allocation of external devices without modifying core Kubernetes.The feature graduated to Beta in v1.10.With the recent release of Kubernetes v1.26, Device Manager is now generally available (GA). Within the kubelet, the Device Manager facilitates communication with device plugins using gRPC through Unix sockets.Device Manager and Device plugins both act as gRPC servers and clients by serving and connecting to the exposed gRPC services respectively.Device

Just published by Kubernetes: Read more

Author: Xing Yang (VMware), Ashutosh Kumar (VMware) Kubernetes v1.24 introduced an alpha quality implementation of improvements for handling a non-graceful node shutdown.In Kubernetes v1.26, this feature moves to beta.This feature allows stateful workloads to failover to a different node after the original node is shut down or in a non-recoverable state, such as the hardware failure or broken OS.

What is a node shutdown in Kubernetes?

In a Kubernetes cluster, it is possible for a node to shut down.This could happen

Just published by Kubernetes: Read more

Authors: Patrick Ohly (Intel), Kevin Klues (NVIDIA) Dynamic resource allocation is a new API for requesting resources.It is a generalization of the persistent volumes API for generic resources, making it possible to:

• access the same resource instance in different pods and containers,
• attach arbitrary constraints to a resource request to get the exact resource you are looking for,
• initialize a resource according to parameters provided by the user.

Third-party resource drivers are responsible for interpreting these parameters as well as tracking and allocating resources

Just published by Kubernetes: Read more

Authors:Brandon Smith (Microsoft) and Mark Rossetti (Microsoft) The long-awaited day has arrived:HostProcess containers, the Windows equivalent to Linux privileged containers, has finally made it to GA in Kubernetes 1.26! What are HostProcess containers and why are they useful? Cluster operators are often faced with the need to configure their nodes upon provisioning such as installing Windows services, configuring registry keys, managing TLS certificates, making network configuration changes, or even deploying monitoring tools such as a Prometheus's node-exporter.Previously, performing these actions on Windows nodes was usually

Just published by Kubernetes: Read more