Author: Humble Chirammal (Red Hat), Louis Koo (deeproute.ai) Kubernetes v1.25, released earlier this month, introduced a new feature that lets your cluster expand storage volumes, even when access to those volumes requires a secret (for example:a credential for accessing a SAN fabric) to perform node expand operation.This new behavior is in alpha and you must enable a feature gate (CSINodeExpandSecret) to make use of it.You must also be using CSI storage;this change isn't relevant to storage drivers that are built in to Kubernetes. To turn

Just published by Kubernetes: Read more

Author: Jing Xu (Google) Local ephemeral storage capacity isolation was introduced as a alpha feature in Kubernetes 1.7 and it went beta in 1.9.With Kubernetes 1.25 we are excited to announce general availability(GA) of this feature. Pods use ephemeral local storage for scratch space, caching, and logs.The lifetime of local ephemeral storage does not extend beyond the life of the individual pod.It is exposed to pods using the container’s writable layer, logs directory, and EmptyDir volumes.Before this feature was introduced, there

Just published by Kubernetes: Read more

Authors: Ravi Gudimetla (Apple), Filip Křepinský (Red Hat), Maciej Szulik (Red Hat) This blog describes the two features namely minReadySeconds for StatefulSets and maxSurge for DaemonSets that SIG Apps is happy to graduate to stable in Kubernetes 1.25. Specifying minReadySeconds slows down a rollout of a StatefulSet, when using a RollingUpdate value in .spec.updateStrategy field, by waiting for each pod for a desired time.This time can be used for initializing the pod (e.g.warming up the cache)

Just published by Kubernetes: Read more

Author: Deep Debroy (Apple) Kubernetes 1.25 introduces Alpha support for a new kubelet-managed pod condition in the status field of a pod:PodHasNetwork.The kubelet, for a worker node, will use the PodHasNetwork condition to accurately surface the initialization state of a pod from the perspective of pod sandbox creation and network configuration by a container runtime (typically in coordination with CNI plugins).The kubelet starts to pull container images and start individual containers (including init containers) after the status of the PodHasNetwork condition is set to True.

Just published by Kubernetes: Read more

Author:Pushkar Joglekar (VMware) A long-standing request from the Kubernetes community has been to have a programmatic way for end users to keep track of Kubernetes security issues (also called "CVEs", after the database that tracks public security issues across different products and vendors).Accompanying the release of Kubernetes v1.25, we are excited to announce availability of such a feed as an alpha feature.This blog will cover the background and scope of this new service.

Motivation

With the growing number of eyes on Kubernetes, the number of

Just published by Kubernetes: Read more