Kubernetes 1.20 发布,Release Logo 变成一只猫
Kubernetes v1.20 正式发布,这是 2020 年的第三个新版本,也是最后一个版本。
1 存储卷快照功能趋于稳定
现在提供了触发存储卷快照功能的标准方法,并允许用户以可移植的方式在 Kubernetes 环境或任何受支持的存储提供程序上合并快照操作。同时,Kubernetes 快照原语可作为基础构建块,能提供 Kubernetes 开发企业级存储管理功能的能力,包括应用程序以及集群备份解决方案。
另外,快照支持需要 Kubernetes 发行厂商捆绑 Snapshot 控制器、Snapshot CRD 和验证 Webhook。支持快照功能的 CSI 驱动程序也要部署在集群上。
2 Kubectl Debug 进入 Beta
kubectl alpha debug 功能在 v1.20 进入 Beta 版,并更名为 kubectl debug。该功能能通过 kubectl 提供常见调试工作流的支持。现在 kubectl 支持的故障排除方案包括:
通过创建使用其他容器镜像的 Pod 副本解决启动时工作负载崩溃的问题。
通过在 Pod 的新副本或临时容器(临时容器是一项默认不启用的 Alpha 功能。)使用调试工具添加新容器来解决 Distroless 容器的故障。
通过在主机命名空间中创建能运行并具有访问主机文件系统权限的容器,对节点进行故障排除。
作为新的内置命令,kubectl debug 比任何名字带有 “debug” 的 kubectl 插件优先级都要高,因此必须重命名受影响的插件。
在 v1.20 中,不建议继续使用 kubectl alpha debug。后续发行版中其也被删除,建议更新脚本使用 kubectl debug。
3 Beta:API 优先级和公平性
v1.18 版本引入的 API 优先级和公平性(APF)功能现在在 Kubernetes v1.20 默认启用,它能让 kube-apiserver 按优先级对传入的请求进行分类。
4 IPV4/IPV6 Alpha 功能更新
IPv4/IPv6 双协议栈基于用户和社区反馈重新实现,现在既可以将 IPv4 与 IPv6 服务集群 IP 地址分配给单个服务,也可以在服务中实现单 IP 栈与双 IP 栈的切换。
5 GA:限制进程 PID
进程 ID(PID)是 Linux 主机上的基本资源,为避免主机不稳定,要达到任务限制与资源限制的平衡。
管理员需要一些机制来确保用户 Pod 不会导致 PID 耗尽,以避免主机守护程序(运行时、kubelet 等)停止运行。另外,也要确保在容器之间限制 PID,以确保不会对节点上其他工作负载造成影响。在一年前默认启用后,SIG Node 通过 SupportNodePidsLimit(node-to-pod PID 隔离)和 SupportPodPidsLimit(能在 Pod 限制 PID)将限制进程 PID 推向 GA。
6 Alpha:节点优雅关闭
用户和集群管理员希望 Pod 以预定的 Pod 生命周期运行,包括 Pod 终止。但目前节点关闭时,Pod 不会遵循预期的 Pod 终止生命周期,并无法正常终止,这可能会导致工作负载出现问题。GracefulNodeShutdown 功能现在进入 Alpha,它能让 kubelet 知道节点系统关闭,从而在系统关闭期间正常终止 Pod。
Kubernetes 1.20中的变化
1 Dockershim 弃用
v1.20 将弃用 Dockershim,即 Docker 容器运行时接口(CRI),这意味着不再支持 Docker,并将在后续版本中删除。由于Docker 镜像遵循开放容器倡议(OCI)镜像规范,所以 Docker 产生的镜像能在所有 CRI 兼容运行时的集群中正常使用。
2 Exec 探针超时处理
修正了长期存在的 exec 探针超时错误,该 bug 可能会对现有 pod 定义造成影响。在发布该修复程序之前,exec 探针未考虑 timeoutSeconds 字段,并会无限期运行,甚至超过配置限制,直到返回结果。此次修复后,如果未指定值,探针会默认为 1 秒;如果探针时间超过 1 秒,现有 Pod 定义可能无法满足。此次修复还添加了一个名为 ExecProbeTimeout 的 feature gate,它能让集群操作员还原到以前的行为,但在后续发行版中,它将被锁定并删除。如果要恢复以前的行为,要将该 feature gate 设置为 false。
Kubernetes 1.20: The Raddest Release
Tuesday, December 08, 2020
Authors: Kubernetes 1.20 Release Team
We’re pleased to announce the release of Kubernetes 1.20, our third and final release of 2020! This release consists of 42 enhancements: 11 enhancements have graduated to stable, 15 enhancements are moving to beta, and 16 enhancements are entering alpha.
The 1.20 release cycle returned to its normal cadence of 11 weeks following the previous extended release cycle. This is one of the most feature dense releases in a while: the Kubernetes innovation cycle is still trending upward. This release has more alpha than stable enhancements, showing that there is still much to explore in the cloud native ecosystem.
Major Themes
Volume Snapshot Operations Goes Stable
This feature provides a standard way to trigger volume snapshot operations and allows users to incorporate snapshot operations in a portable manner on any Kubernetes environment and supported storage providers.
Additionally, these Kubernetes snapshot primitives act as basic building blocks that unlock the ability to develop advanced, enterprise-grade, storage administration features for Kubernetes, including application or cluster level backup solutions.
Note that snapshot support requires Kubernetes distributors to bundle the Snapshot controller, Snapshot CRDs, and validation webhook. A CSI driver supporting the snapshot functionality must also be deployed on the cluster.
Kubectl Debug Graduates to Beta
The kubectl alpha debug features graduates to beta in 1.20, becoming kubectl debug. The feature provides support for common debugging workflows directly from kubectl. Troubleshooting scenarios supported in this release of kubectl include:
Troubleshoot workloads that crash on startup by creating a copy of the pod that uses a different container image or command.
Troubleshoot distroless containers by adding a new container with debugging tools, either in a new copy of the pod or using an ephemeral container. (Ephemeral containers are an alpha feature that are not enabled by default.)
Troubleshoot on a node by creating a container running in the host namespaces and with access to the host’s filesystem. Note that as a new built-in command,
kubectl debugtakes priority over any kubectl plugin named “debug”. You must rename the affected plugin.
Invocations using kubectl alpha debug are now deprecated and will be removed in a subsequent release. Update your scripts to use kubectl debug. For more information about kubectl debug, see Debugging Running Pods.
Beta: API Priority and Fairness
Introduced in 1.18, Kubernetes 1.20 now enables API Priority and Fairness (APF) by default. This allows kube-apiserver to categorize incoming requests by priority levels.
Alpha with updates: IPV4/IPV6
The IPv4/IPv6 dual stack has been reimplemented to support dual stack services based on user and community feedback. This allows both IPv4 and IPv6 service cluster IP addresses to be assigned to a single service, and also enables a service to be transitioned from single to dual IP stack and vice versa.
GA: Process PID Limiting for Stability
Process IDs (pids) are a fundamental resource on Linux hosts. It is trivial to hit the task limit without hitting any other resource limits and cause instability to a host machine.
Administrators require mechanisms to ensure that user pods cannot induce pid exhaustion that prevents host daemons (runtime, kubelet, etc) from running. In addition, it is important to ensure that pids are limited among pods in order to ensure they have limited impact to other workloads on the node. After being enabled-by-default for a year, SIG Node graduates PID Limits to GA on both SupportNodePidsLimit (node-to-pod PID isolation) and SupportPodPidsLimit (ability to limit PIDs per pod).
Alpha: Graceful node shutdown
Users and cluster administrators expect that pods will adhere to expected pod lifecycle including pod termination. Currently, when a node shuts down, pods do not follow the expected pod termination lifecycle and are not terminated gracefully which can cause issues for some workloads. The GracefulNodeShutdown feature is now in Alpha. GracefulNodeShutdown makes the kubelet aware of node system shutdowns, enabling graceful termination of pods during a system shutdown.
Major Changes
Dockershim Deprecation
Dockershim, the container runtime interface (CRI) shim for Docker is being deprecated. Support for Docker is deprecated and will be removed in a future release. Docker-produced images will continue to work in your cluster with all CRI compliant runtimes as Docker images follow the Open Container Initiative (OCI) image specification. The Kubernetes community has written a detailed blog post about deprecation with a dedicated FAQ page for it.
Exec Probe Timeout Handling
A longstanding bug regarding exec probe timeouts that may impact existing pod definitions has been fixed. Prior to this fix, the field timeoutSeconds was not respected for exec probes. Instead, probes would run indefinitely, even past their configured deadline, until a result was returned. With this change, the default value of 1 second will be applied if a value is not specified and existing pod definitions may no longer be sufficient if a probe takes longer than one second. A feature gate, called ExecProbeTimeout, has been added with this fix that enables cluster operators to revert to the previous behavior, but this will be locked and removed in subsequent releases. In order to revert to the previous behavior, cluster operators should set this feature gate to false.
Please review the updated documentation regarding configuring probes for more details.
Other Updates
Graduated to Stable
Notable Feature Updates
Release notes
You can check out the full details of the 1.20 release in the release notes.
Availability of release
Kubernetes 1.20 is available for download on GitHub. There are some great resources out there for getting started with Kubernetes. You can check out some interactive tutorials on the main Kubernetes site, or run a local cluster on your machine using Docker containers with kind. If you’d like to try building a cluster from scratch, check out the Kubernetes the Hard Way tutorial by Kelsey Hightower.
Release Team
This release was made possible by a very dedicated group of individuals, who came together as a team in the midst of a lot of things happening out in the world. A huge thank you to the release lead Jeremy Rickard, and to everyone else on the release team for supporting each other, and working so hard to deliver the 1.20 release for the community.
还未添加个人签名 2020.05.08 加入
测试开发工程师,工作方向OpenShift、K8S、Docker
评论