Authors: Rodrigo Campos (Microsoft), Giuseppe
Scrivano (Red Hat) Kubernetes v1.25 introduces the support for user
namespaces. This is a major improvement for running secure
workloads in Kubernetes.Each pod will have access only to a limited
subset of the available UIDs and GIDs on the system, thus adding a
new security layer to protect from other pods running on the same
system.
Author: Alexander
Zielenski (Google) Immutable fields can be found in a few
places in the built-in Kubernetes types.For example, you can't
change the
.metadata.name
of an object.Specific
objects have fields where changes to existing objects are
constrained;for example, the .spec.selector
of a
Deployment. Aside from simple immutability, there are other common
design patterns such as lists which are append-only, or a map with
mutable values and immutable keys. Until recently the best way to
restrict field mutability for CustomResourceDefinitions has been to
Author: Jiawei Wang (Google) The Kubernetes
in-tree storage plugin to Container Storage Interface (CSI) migration
infrastructure has already been beta since v1.17.CSI migration was introduced
as alpha in Kubernetes v1.14.Since then, SIG Storage and other
Kubernetes special interest groups are working to ensure feature
stability and compatibility in preparation for CSI Migration
feature to go GA. SIG Storage is excited to announce that the core
CSI Migration feature is generally available in
Kubernetes v1.25 release! SIG Storage wrote a
Authors: Joe Betz (Google), Cici Huang (Google), Kermit Alexander (Google)
In Kubernetes 1.25, Validation rules for CustomResourceDefinitions (CRDs) have graduated to Beta!
Validation rules make it possible to declare how custom resources are validated using the Common Expression Language (CEL).For example:
Author: Humble Chirammal (Red Hat), Louis Koo
(deeproute.ai) Kubernetes v1.25, released earlier this month,
introduced a new feature that lets your cluster expand storage
volumes, even when access to those volumes requires a secret (for
example:a credential for accessing a SAN fabric) to perform node
expand operation.This new behavior is in alpha and you must enable
a feature gate (
CSINodeExpandSecret
) to make use of
it.You must also be using CSI
storage;this change isn't relevant to storage drivers that are
built in to Kubernetes. To turn Weitere Beiträge ...
- Blog: Kubernetes 1.25: Local Storage Capacity Isolation Reaches GA
- Blog: Kubernetes 1.25: Two Features for Apps Rollouts Graduate to Stable
- Blog: Kubernetes 1.25: PodHasNetwork condition for pods
- Blog: Announcing the Auto-refreshing Official Kubernetes CVE Feed
- Blog: Kubernetes 1.25: KMS V2 Improvements
Seite 12 von 20