Canonical’s certified, Charmed Distribution of Kubernetes (CDK) is built from pure upstream binaries, and offers simplified deployment, scaling, management, and upgrades of Kubernetes, regardless of the underlying hardware or machine virtualisation. Supported deployment targets include AWS, GCE, Azure, VMware, Openstack, LXD, and bare metal.
CDK integrates tightly with underlying cloud services and hardware without requiring special configuration – from exposing the GPU to leveraging cloud native services like load balancers and storage. Each component of CDK can be easily scaled to an HA or minimal configuration, and upgrades from one version to the next are a breeze.
What’s new in 1.13
Notable Upstream Kubernetes 1.13 features include the following:
- Container Storage Interface (CSI) Goes GA. With CSI, the Kubernetes volume layer becomes truly extensible. With CSI now stable, plugin authors are developing storage plugins out of core, at their own pace. You can find a list of sample and production drivers in the CSI Documentation.
- CoreDNS is Now the Default DNS Server for Kubernetes. CoreDNS is a general-purpose, authoritative DNS server that provides a backwards-compatible, but extensible, integration with Kubernetes. The project has switched the common test infrastructure to use CoreDNS by default.
- Kubeadm reaches GA. Kubeadm assists with managing cluster lifecycle, from creation to configuration to upgrade; and now kubeadm is officially GA. What’s notable about this GA release are the now graduated advanced features, specifically around pluggability and configurability.
- Support for 3rd party device monitoring plugins has been introduced as an alpha feature. This removes current device-specific knowledge from the kubelet to enable future use-cases requiring device-specific knowledge to be out-of-tree.
- Kubelet Device Plugin Registration is graduating to stable. This creates a common Kubelet plugin discovery model that can be used by different types of node-level plugins, such as device plugins, CSI and CNI, to establish communication channels with Kubelet.
- Topology Aware Volume Scheduling is now stable. This make the scheduler aware of a Pod’s volume’s topology constraints, such as zone or node.
- APIServer DryRun is graduating to beta. This moves “apply” and declarative object management from kubectl to the apiserver in order to fix many of the existing bugs that can’t be fixed today.
- Kubectl Diff is graduating to beta. This allows users to run a kubectl command to view the difference between a locally declared object configuration and the current state of a live object.
- Raw block device using persistent volume source is graduating to beta. This makes raw block devices (non-networked) available for consumption via a Persistent Volume Source.
- For more information, please see the upstream release notes.
Notable CDK feature additions include the following:
- LDAP and Keystone integration – CDK now supports LDAP-based authentication and authorisation via Keystone.
- Vault integration for PKI – compared to EasyRSA, Vault for PKI is more secure, more robust, and supports more advanced features for certificate management.
- Vault encryption-at-rest support – support for encryption-at-rest for cluster secrets leverages Vault for data protection. This ensures that even the keys used to encrypt the data are protected at rest, unlike many configurations of encryption-at-rest for Kubernetes.
- Private registry support – the Docker Registry charm allows Docker images to be accessed by cluster components without requiring access to public registries.
- Virtual-IP support for API load balancers – the keepalived charm can be used to run multiple kube-api-loadbalancers behind a virtual IP.
Notable MicroK8s feature additions include the following:
- ARM64 support!
- microk8s.start and microk8s.stop commands allow you to easily enable and disable Kubernetes.
- microk8s.status gives you an overview of the current status of Kubernetes.
- Host IP change detection – MicroK8s will adjust Kubernetes as necessary
- MicroK8s is now certified Kubernetes. Certification exists for v1.12 and v1.13 will follow shortly.
- You can enable digitalSignature key usage for Certificate Authority scenarios.
- Leverage the most of your single node with a reduced pod eviction limit due to memory shortage – decreased to 100MB threshold.
If you’re interested in Kubernetes support, consulting, or training, please get in touch!