SlideShare ist ein Scribd-Unternehmen logo

What's New in Kubernetes 1.15

Mirantis
Mirantis

Overview of new features and enhancements in the latest k8s release. View the webinar recording at https://info.mirantis.com/k8s-1-15

Technologie
1 von 42
Downloaden Sie, um offline zu lesen
Copyright © 2019 Mirantis, Inc. All rights reserved What’s New in Kubernetes 1.15 WEBINAR | June 20, 2019
2 A Few Introductions (ok just one) Nick Chase Head of Technical Content at Mirantis Nick Chase is Head of Technical Content for Mirantis and a former member of the Kubernetes release team. He is a former software developer and author or co-author of more than a dozen books on various programming topics, including the OpenStack Architecture Guide, Understanding OPNFV, and Machine Learning for Mere Mortals.
3 A Little Housekeeping ● Please submit questions in the Questions panel. ● We’ll provide a link where you can download the slides at the end of the webinar.
4 ● Structural schemas ● Generally available ● Promoted to Beta ● New features ● Q&A Agenda
5 Audience Poll
6 Kubernetes Training training.mirantis.com training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for CKA 4 days Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day
7 Structural schemas
8 ● Subset of OpenAPI 3 ● Produced from code by tools like crd-gen and openapi-gen ● vbeta1 ○ Non-structural CRDs still work ○ NonStructuralSchema condition returned ○ Must be structural to use new features ● v1 ○ Structural schemas will be required Structural Schemas
9 "All types and the possible object fields within a JSON object must be apparent from a structural schema without understanding the logical junctors anyOf, allOf, oneOf and not." What is a structural schema?
10 1. specifies a non-empty type (via type in OpenAPI) for the root, for each specified field of an object node (via properties or additionalProperties in OpenAPI) and for each item in an array node (via items in OpenAPI), with the exception of: ○ a node with x-kubernetes-int-or-string: true ○ a node with x-kubernetes-preserve-unknown-fields: true 2. for each each field in an object and each item in an array which is specified within any of allOf, anyOf, oneOf or not, the schema also specifies the field/item outside of those logical junctors 3. does not set description, type, default, additionalProperties, nullable within an allOf, anyOf, oneOf or not, with the exception of the two pattern for x-kubernetes-int-or-string: true 4. if metadata is specified, then only restrictions on metadata.name and metadata.generateName are allowed. A structural schema is one where ...
11 properties: foo: pattern: "abc" metadata: type: object properties: name: type: string pattern: "^a" finalizers: type: array items: type: string pattern: "my-finalizer" anyOf: - properties: bar: type: integer minimum: 42 required: ["bar"] description: "foo bar object" Non-structural
12 type: object description: "foo bar object" properties: foo: type: string pattern: "abc" bar: type: integer metadata: type: object properties: name: type: string pattern: "^a" anyOf: - properties: bar: minimum: 42 required: ["bar"] Structural
13 x-kubernetes-int-or-string: true allOf: - anyOf: // optionally provided and accepted - type: integer - type: string - pattern: abc anyOf: - minimum: 42 maximum: 50 - minimum: 52 maximum: 60 Exceptions to every rule Also ● x-kubernetes-embedded-resource ● X-kubernetes-unions ● x-kubernetes-preserve-unknown-fields
14 CRD Open API Schemas ● Already supported by core objects ● Schemas enable: ○ server-side validation ○ documentation creation ○ explain
15 Defaulting and pruning for Custom Resources ● Defaulting (alpha) ○ Missing default values are added ● Pruning ○ "Unknown" fields are removed ○ Unless x-kubernetes-preserve-unknown-fields: true
16 Webhook conversion for Custom Resources ● Converts resources from one version to another ○ Stored as one version, requested as another ○ Vice versa
17 Generally available Ready for production
18 Server-side descriptions ● kubectl get ● CustomResourceDefinitions ● Third-party API extensions ● kubectl describe in future release
19 Go module support ● Go 1.13 to deprecate GOPATH ● Consistent vendor directory on any OS ● Use 2 different module versions simultaneously
20 Kubeadm improvements Beta
21 Dynamic HA clusters with kubeadm ● 2 methods ○ Stacked control plane ○ External etcd cluster ● Architecture ○ 3 masters ○ 3 workers ○ 3 etcd nodes (optional) ○ Load balancer
22 Upgrade kubeadm configuration to v1beta2 ● kubeadm init/join ● Kubeadm fields with no API endpoint ● Repeatability ○ Runtime settings should be persisted ● Specialized substructures ● New features ○ Certificates copy ○ Pre-flight errors
23 Promoted to Beta On by default, but not necessarily production-ready
24 Admission webhook changes ● Admission controllers are everpresent ● Admission webhooks let you specify your own logic ○ Mutating admission webhooks ○ Validating admission webhooks ● Mutating webhooks can now be invoked more than once ○ reinvocationPolicy: IfNeeded
25 NodeLocal DNSCache ● Prevents single point of failure ● Additional listen IP for node-local-dns pod: 169.254.20.10 ● Extends node-local-dns to listen on the kube-dns service IP as well ● Determination of node-local-dns vs kube-dns by external component ● IPTables only
26 NodeLocal DNSCache apiVersion: v1 kind: Service metadata: name: node-local-upstream namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "NodeLocalUpstream" spec: selector: k8s-app: kube-dns ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53
27 Online resizing of PersistentVolumes ● No need to terminate pod or unmount volume ● PersistentVolumeClaim must be in ReadWrite mode ● Enabled by default via ExpandInUsePersistentVolumes feature gate
28 Environment variables expansion apiVersion: v1 kind: Pod metadata: name: pod1 spec: containers: - name: container1 env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name image: busybox command: [ "sh", "-c", "while [ true ]; do echo 'Hello'; sleep 10; done | tee -a /logs/hello.txt" ] volumeMounts: - name: workdir1 mountPath: /logs subPathExpr: $(POD_NAME) restartPolicy: Never volumes: - name: workdir1 hostPath: path: /var/log/pods ● Log files ● 2 or more pods
29 PodDisruptionBudget for custom resources ● Already works for Deployment, StatefulSet, ReplicaSet, ReplicationController ● Scale subresource provides desired replicas ● Good for any resource
30 Pod limiting ● Prevents fork bombs ● Node level support ○ --system-reserved=[cpu=100m][,][memory=100Mi][,][pid=1000] ○ --kube-reserved=[cpu=100m][,][memory=100Mi][,][pid=1000] ● Pod level isolation ○ SupportPodPidsLimit feature gate ○ --pod-max-pids=1000
31 Third-party device monitoring plugins ● Container-level metrics for devices using device plugins ● Vendor-provided Device-specific metrics ● Uses PodResources service
32 AWS Network Load Balancer ● New load balancer ○ Multiple ports ○ WebSockets ○ Host-based, HTTP-based, HTTPs-based routing ○ Query-string, Source IP-based routing ○ User authentication ○ Redirects ● Annotation service.beta.kubernetes.io/aws-load-balancer-type = nlb
33 New features (alpha) Generally off by default, may change
34 Cloning a Volume ● Existing PVC as DataSource ● Different from a Snapshot ● Only for CSI drivers. ● Only for dynamic provisioners. ● Only for drivers that have implemented cloning ● Only In the same namespace apiVersion: v1 kind: PersistentVolumeClaim metadata: name: clone-of-pvc-1 namespace: myns spec: capacity: storage: 10Gi dataSource: kind: PersistentVolumeClaim name: pvc-1
35 Scheduling framework ● Plugin API ● Plugins are compiled into the scheduler ● Scheduling cycle ● Binding cycle ● Extension points ○ Queue sort ○ Pre-filter ○ Filter ○ Post-filter ○ Scoring ○ Normalize scoring ○ Reserve ○ Permit ○ Pre-bind ○ Bind ○ Post-bind ○ Unreserve
36 Non-preempting PriorityClasses ● PremptionPolicy ● Defaults to PreemptLowerPriority ● Set to Never ● Prevents new pods but leaves existing ● Backoff policy for retries
37 Executing user code in pods ● ExecutionHook ● ExecutionHookController ● Not tied to start or termination ● Can be called on demand
38 Filesystem quotas for ephemeral storage ● Improvement over walking the filesystem tree ○ Faster ○ More accurate ● emptyDir only ● Monitor only; no enforcement ● Ready for XFS volumes ● For ext4fs: ○ create with mkfs.ext4 -O project <block_device> ○ run tune2fs -Q prjquota block device; ● Mount with option project in /etc/fstab ● rootflags=pquota
39 LoadBalancer finalizer protection ● Prevent orphaned load balancers ● Make sure LB is fully deleted before Service is deleted
40 Event API improvements ● More structure ● Better deduplication
41 Kubernetes Training training.mirantis.com training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for CKA 4 days Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day
42 Thank you! Q&A Download the slides from bit.ly/k8s-1-15-webinar We’ll send you the slides and recording by Monday.

Empfohlen

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...Mirantis
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security WorkshopMirantis
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge CloudMirantis
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesMirantis
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesMirantis
 

Empfohlen

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...Mirantis
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security WorkshopMirantis
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge CloudMirantis
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesMirantis
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesMirantis
 
Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceMirantis
 
Mirantis life
Mirantis lifeMirantis life
Mirantis lifeMirantis
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...Mirantis
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Mirantis
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudMirantis
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackMirantis
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryMirantis
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsMirantis
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleMirantis
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutMirantis
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's YouMirantis
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationMirantis
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMirantis
 
Your 1st Ceph cluster
Your 1st Ceph clusterYour 1st Ceph cluster
Your 1st Ceph clusterMirantis
 
App catalog (Vancouver)
App catalog (Vancouver)App catalog (Vancouver)
App catalog (Vancouver)Mirantis
 
Tales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasTales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasMirantis
 
OpenStack Overview and History
OpenStack Overview and HistoryOpenStack Overview and History
OpenStack Overview and HistoryMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack ArchitecturesMirantis
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 

Weitere ähnliche Inhalte

Mehr von Mirantis

Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceMirantis
 
Mirantis life
Mirantis lifeMirantis life
Mirantis lifeMirantis
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...Mirantis
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Mirantis
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudMirantis
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackMirantis
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryMirantis
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsMirantis
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleMirantis
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutMirantis
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's YouMirantis
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationMirantis
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMirantis
 
Your 1st Ceph cluster
Your 1st Ceph clusterYour 1st Ceph cluster
Your 1st Ceph clusterMirantis
 
App catalog (Vancouver)
App catalog (Vancouver)App catalog (Vancouver)
App catalog (Vancouver)Mirantis
 
Tales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasTales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasMirantis
 
OpenStack Overview and History
OpenStack Overview and HistoryOpenStack Overview and History
OpenStack Overview and HistoryMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack ArchitecturesMirantis
 

Mehr von Mirantis (20)

Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security Compliance
 
Mirantis life
Mirantis lifeMirantis life
Mirantis life
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the Cloud
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStack
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 Clouds
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That Simple
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container Shakeout
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's You
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for Innovation
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStack
 
Your 1st Ceph cluster
Your 1st Ceph clusterYour 1st Ceph cluster
Your 1st Ceph cluster
 
App catalog (Vancouver)
App catalog (Vancouver)App catalog (Vancouver)
App catalog (Vancouver)
 
Tales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasTales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community Seas
 
OpenStack Overview and History
OpenStack Overview and HistoryOpenStack Overview and History
OpenStack Overview and History
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack Architectures
 

Kürzlich hochgeladen

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

What's New in Kubernetes 1.15

  • 1. Copyright © 2019 Mirantis, Inc. All rights reserved What’s New in Kubernetes 1.15 WEBINAR | June 20, 2019
  • 2. 2 A Few Introductions (ok just one) Nick Chase Head of Technical Content at Mirantis Nick Chase is Head of Technical Content for Mirantis and a former member of the Kubernetes release team. He is a former software developer and author or co-author of more than a dozen books on various programming topics, including the OpenStack Architecture Guide, Understanding OPNFV, and Machine Learning for Mere Mortals.
  • 3. 3 A Little Housekeeping ● Please submit questions in the Questions panel. ● We’ll provide a link where you can download the slides at the end of the webinar.
  • 4. 4 ● Structural schemas ● Generally available ● Promoted to Beta ● New features ● Q&A Agenda
  • 6. 6 Kubernetes Training training.mirantis.com training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for CKA 4 days Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day
  • 8. 8 ● Subset of OpenAPI 3 ● Produced from code by tools like crd-gen and openapi-gen ● vbeta1 ○ Non-structural CRDs still work ○ NonStructuralSchema condition returned ○ Must be structural to use new features ● v1 ○ Structural schemas will be required Structural Schemas
  • 9. 9 "All types and the possible object fields within a JSON object must be apparent from a structural schema without understanding the logical junctors anyOf, allOf, oneOf and not." What is a structural schema?
  • 10. 10 1. specifies a non-empty type (via type in OpenAPI) for the root, for each specified field of an object node (via properties or additionalProperties in OpenAPI) and for each item in an array node (via items in OpenAPI), with the exception of: ○ a node with x-kubernetes-int-or-string: true ○ a node with x-kubernetes-preserve-unknown-fields: true 2. for each each field in an object and each item in an array which is specified within any of allOf, anyOf, oneOf or not, the schema also specifies the field/item outside of those logical junctors 3. does not set description, type, default, additionalProperties, nullable within an allOf, anyOf, oneOf or not, with the exception of the two pattern for x-kubernetes-int-or-string: true 4. if metadata is specified, then only restrictions on metadata.name and metadata.generateName are allowed. A structural schema is one where ...
  • 11. 11 properties: foo: pattern: "abc" metadata: type: object properties: name: type: string pattern: "^a" finalizers: type: array items: type: string pattern: "my-finalizer" anyOf: - properties: bar: type: integer minimum: 42 required: ["bar"] description: "foo bar object" Non-structural
  • 12. 12 type: object description: "foo bar object" properties: foo: type: string pattern: "abc" bar: type: integer metadata: type: object properties: name: type: string pattern: "^a" anyOf: - properties: bar: minimum: 42 required: ["bar"] Structural
  • 13. 13 x-kubernetes-int-or-string: true allOf: - anyOf: // optionally provided and accepted - type: integer - type: string - pattern: abc anyOf: - minimum: 42 maximum: 50 - minimum: 52 maximum: 60 Exceptions to every rule Also ● x-kubernetes-embedded-resource ● X-kubernetes-unions ● x-kubernetes-preserve-unknown-fields
  • 14. 14 CRD Open API Schemas ● Already supported by core objects ● Schemas enable: ○ server-side validation ○ documentation creation ○ explain
  • 15. 15 Defaulting and pruning for Custom Resources ● Defaulting (alpha) ○ Missing default values are added ● Pruning ○ "Unknown" fields are removed ○ Unless x-kubernetes-preserve-unknown-fields: true
  • 16. 16 Webhook conversion for Custom Resources ● Converts resources from one version to another ○ Stored as one version, requested as another ○ Vice versa
  • 18. 18 Server-side descriptions ● kubectl get ● CustomResourceDefinitions ● Third-party API extensions ● kubectl describe in future release
  • 19. 19 Go module support ● Go 1.13 to deprecate GOPATH ● Consistent vendor directory on any OS ● Use 2 different module versions simultaneously
  • 21. 21 Dynamic HA clusters with kubeadm ● 2 methods ○ Stacked control plane ○ External etcd cluster ● Architecture ○ 3 masters ○ 3 workers ○ 3 etcd nodes (optional) ○ Load balancer
  • 22. 22 Upgrade kubeadm configuration to v1beta2 ● kubeadm init/join ● Kubeadm fields with no API endpoint ● Repeatability ○ Runtime settings should be persisted ● Specialized substructures ● New features ○ Certificates copy ○ Pre-flight errors
  • 23. 23 Promoted to Beta On by default, but not necessarily production-ready
  • 24. 24 Admission webhook changes ● Admission controllers are everpresent ● Admission webhooks let you specify your own logic ○ Mutating admission webhooks ○ Validating admission webhooks ● Mutating webhooks can now be invoked more than once ○ reinvocationPolicy: IfNeeded
  • 25. 25 NodeLocal DNSCache ● Prevents single point of failure ● Additional listen IP for node-local-dns pod: 169.254.20.10 ● Extends node-local-dns to listen on the kube-dns service IP as well ● Determination of node-local-dns vs kube-dns by external component ● IPTables only
  • 26. 26 NodeLocal DNSCache apiVersion: v1 kind: Service metadata: name: node-local-upstream namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "NodeLocalUpstream" spec: selector: k8s-app: kube-dns ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53
  • 27. 27 Online resizing of PersistentVolumes ● No need to terminate pod or unmount volume ● PersistentVolumeClaim must be in ReadWrite mode ● Enabled by default via ExpandInUsePersistentVolumes feature gate
  • 28. 28 Environment variables expansion apiVersion: v1 kind: Pod metadata: name: pod1 spec: containers: - name: container1 env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name image: busybox command: [ "sh", "-c", "while [ true ]; do echo 'Hello'; sleep 10; done | tee -a /logs/hello.txt" ] volumeMounts: - name: workdir1 mountPath: /logs subPathExpr: $(POD_NAME) restartPolicy: Never volumes: - name: workdir1 hostPath: path: /var/log/pods ● Log files ● 2 or more pods
  • 29. 29 PodDisruptionBudget for custom resources ● Already works for Deployment, StatefulSet, ReplicaSet, ReplicationController ● Scale subresource provides desired replicas ● Good for any resource
  • 30. 30 Pod limiting ● Prevents fork bombs ● Node level support ○ --system-reserved=[cpu=100m][,][memory=100Mi][,][pid=1000] ○ --kube-reserved=[cpu=100m][,][memory=100Mi][,][pid=1000] ● Pod level isolation ○ SupportPodPidsLimit feature gate ○ --pod-max-pids=1000
  • 31. 31 Third-party device monitoring plugins ● Container-level metrics for devices using device plugins ● Vendor-provided Device-specific metrics ● Uses PodResources service
  • 32. 32 AWS Network Load Balancer ● New load balancer ○ Multiple ports ○ WebSockets ○ Host-based, HTTP-based, HTTPs-based routing ○ Query-string, Source IP-based routing ○ User authentication ○ Redirects ● Annotation service.beta.kubernetes.io/aws-load-balancer-type = nlb
  • 33. 33 New features (alpha) Generally off by default, may change
  • 34. 34 Cloning a Volume ● Existing PVC as DataSource ● Different from a Snapshot ● Only for CSI drivers. ● Only for dynamic provisioners. ● Only for drivers that have implemented cloning ● Only In the same namespace apiVersion: v1 kind: PersistentVolumeClaim metadata: name: clone-of-pvc-1 namespace: myns spec: capacity: storage: 10Gi dataSource: kind: PersistentVolumeClaim name: pvc-1
  • 35. 35 Scheduling framework ● Plugin API ● Plugins are compiled into the scheduler ● Scheduling cycle ● Binding cycle ● Extension points ○ Queue sort ○ Pre-filter ○ Filter ○ Post-filter ○ Scoring ○ Normalize scoring ○ Reserve ○ Permit ○ Pre-bind ○ Bind ○ Post-bind ○ Unreserve
  • 36. 36 Non-preempting PriorityClasses ● PremptionPolicy ● Defaults to PreemptLowerPriority ● Set to Never ● Prevents new pods but leaves existing ● Backoff policy for retries
  • 37. 37 Executing user code in pods ● ExecutionHook ● ExecutionHookController ● Not tied to start or termination ● Can be called on demand
  • 38. 38 Filesystem quotas for ephemeral storage ● Improvement over walking the filesystem tree ○ Faster ○ More accurate ● emptyDir only ● Monitor only; no enforcement ● Ready for XFS volumes ● For ext4fs: ○ create with mkfs.ext4 -O project <block_device> ○ run tune2fs -Q prjquota block device; ● Mount with option project in /etc/fstab ● rootflags=pquota
  • 39. 39 LoadBalancer finalizer protection ● Prevent orphaned load balancers ● Make sure LB is fully deleted before Service is deleted
  • 40. 40 Event API improvements ● More structure ● Better deduplication
  • 41. 41 Kubernetes Training training.mirantis.com training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for CKA 4 days Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day
  • 42. 42 Thank you! Q&A Download the slides from bit.ly/k8s-1-15-webinar We’ll send you the slides and recording by Monday.