sysdig.com
Open in
urlscan Pro
141.193.213.21
Public Scan
Submitted URL: https://info.sysdig.com/MDY3LVFaVC04ODEAAAGJjnwC-mXEBNlbTS8KaEiphs8unsS2QOHHLfwhtnoc2y29N_cTHjJEsJ1OASgJTYhkOlZIgxc=
Effective URL: https://sysdig.com/blog/kubernetes-1-26-whats-new/?mkt_tok=MDY3LVFaVC04ODEAAAGJjnwC-nh48DAdv4fC21PM5gjvxGw0PHx64txR...
Submission: On January 26 via api from US — Scanned from DE
Effective URL: https://sysdig.com/blog/kubernetes-1-26-whats-new/?mkt_tok=MDY3LVFaVC04ODEAAAGJjnwC-nh48DAdv4fC21PM5gjvxGw0PHx64txR...
Submission: On January 26 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
GET https://sysdig.com/
<form role="search" method="get" class="c-search-form" action="https://sysdig.com/">
<label class="c-search-form__label ">
<span class="before"></span>
<span class="screen-reader-text">Search for:</span>
<input type="text" class="c-search-form__field" placeholder="Search" value="" name="s">
<span class="after"></span>
</label>
<button type="submit" class="c-search-form__button button bg-yellow"><span>Search</span></button>
</form>Text Content
THIS WEBSITE USES COOKIES
Sysdig uses cookies to personalize content and ads, to provide social media
features and to analyze our traffic. We also share information about your use of
our site with our social media, advertising and analytics partners. You can at
any time change or withdraw your consent from the Cookie Declaration on our
website.
Do not sell or share my personal information
Use necessary cookies only Accept Show details
OK
Use necessary cookies only Allow selection Allow all cookies
Necessary
Preferences
Statistics
Marketing
Show details
Cookie declaration [#IABV2SETTINGS#] About
Necessary (16) Preferences (5) Statistics (20) Marketing (69) Unclassified
(7)
Necessary cookies help make a website usable by enabling basic functions like
page navigation and access to secure areas of the website. The website cannot
function properly without these cookies.
NameProviderPurposeExpiryType__cf_bm [x3]Marketo
go.sysdig.com
TechTargetThis cookie is used to distinguish between humans and bots. This is
beneficial for the website, in order to make valid reports on the use of their
website.1 dayHTTPCookieConsent [x3]CookiebotStores the user's cookie consent
state for the current domain1 yearHTTPBIGipServer#go.sysdig.comUsed to
distribute traffic to the website on several servers in order to optimise
response times.SessionHTTPCONSENT [x2]Google
YouTubeUsed to detect if the visitor has accepted the marketing category in the
cookie banner. This cookie is necessary for GDPR-compliance of the website. 2
yearsHTTPrc::aGoogleThis cookie is used to distinguish between humans and bots.
This is beneficial for the website, in order to make valid reports on the use of
their website.PersistentHTMLrc::cGoogleThis cookie is used to distinguish
between humans and bots. SessionHTMLJSESSIONIDLinkedInPreserves users states
across page requests.SessionHTTPli_gcLinkedInStores the user's cookie consent
state for the current domain179 daysHTTPcf_use_obsysdig.comUsed to detect if the
website is inaccessible, in case of maintenance of content updates - The cookie
allows the website to present the visitor with a notice on the issue in
question.1 dayHTTPoribi_cookie_testOribiThis cookie determines whether the
browser accepts cookies.SessionHTTPuserIdtracking.intentsify.ioPreserves users
states across page requests.399 daysHTTP
Preference cookies enable a website to remember information that changes the way
the website behaves or looks, like your preferred language or the region that
you are in.
NameProviderPurposeExpiryTypeCookieConsentBulkSetting-#CookiebotEnables cookie
consent across multiple
websitesPersistentHTML_lbvisitedcdn-app.pathfactory.comPendingPersistentHTML_lbvisitedcountcdn-app.pathfactory.comPendingPersistentHTMLvidcdn-app.pathfactory.comCollects
data on visitor interaction with the website's video-content - This data is used
to make the website's video-content more relevant towards the visitor. 1
dayHTTPyt-player-bandwidthYouTubeUsed to determine the optimal video quality
based on the visitor's device and network settings. PersistentHTML
Statistic cookies help website owners to understand how visitors interact with
websites by collecting and reporting information anonymously.
NameProviderPurposeExpiryTypelogDemandBaseUsed to distinguish between internal
and external visitors to the website, in order to obtain more concise
statistical data regarding the use of the website. SessionPixelcollectGoogleUsed
to send data to Google Analytics about the visitor's device and behavior. Tracks
the visitor across devices and marketing
channels.SessionPixelAnalyticsSyncHistoryLinkedInUsed in connection with
data-synchronization with third-party analysis service. 29
daysHTTP_at.hist.#OracleUsed by the social sharing platform AddThis to store the
user's usage history of the AddThis sharing
widgetPersistentHTML_gaGoogleRegisters a unique ID that is used to generate
statistical data on how the visitor uses the website.399 daysHTTP_ga_#GoogleUsed
by Google Analytics to collect data on the number of times a user has visited
the website as well as dates for the first and most recent visit. 399
daysHTTP_gatGoogleUsed by Google Analytics to throttle request rate1
dayHTTP_gidGoogleRegisters a unique ID that is used to generate statistical data
on how the visitor uses the website.1
dayHTTP_hjAbsoluteSessionInProgressHotjarThis cookie is used to count how many
times a website has been visited by different visitors - this is done by
assigning the visitor an ID, so the visitor does not get registered twice.1
dayHTTP_hjFirstSeenHotjarThis cookie is used to determine if the visitor has
visited the website before, or if it is a new visitor on the website.1
dayHTTP_hjIncludedInPageviewSampleHotjarDetermines if the user's navigation
should be registered in a certain statistical place holder.1
dayHTTP_hjIncludedInSessionSampleHotjarRegisters data on visitors'
website-behaviour. This is used for internal analysis and website optimization.
1 dayHTTP_hjRecordingLastActivityHotjarSets a unique ID for the session. This
allows the website to obtain data on visitor behaviour for statistical
purposes.SessionHTML_hjSession_#HotjarCollects statistics on the visitor's
visits to the website, such as the number of visits, average time spent on the
website and what pages have been read.1 dayHTTP_hjSessionUser_#HotjarCollects
statistics on the visitor's visits to the website, such as the number of visits,
average time spent on the website and what pages have been read.1
yearHTTP_opt_expidwww.googleoptimize.comThis cookie is set in order to make
split-tests on the website, which optimizes the website's relevance towards the
visitor. The cookie functions by making smaller alterations on the website and
measuring the results. 1 dayHTTPhjViewportIdHotjarSets a unique ID for the
session. This allows the website to obtain data on visitor behaviour for
statistical purposes.SessionHTMLln_orLinkedInRegisters statistical data on
users' behaviour on the website. Used for internal analytics by the website
operator. 1 dayHTTPoribi_sessionOribiCollects data on the user’s navigation and
behavior on the website. This is used to compile statistical reports and
heatmaps for the website owner.1 dayHTTPyt-player-headers-readableYouTubeUsed to
determine the optimal video quality based on the visitor's device and network
settings. PersistentHTML
Marketing cookies are used to track visitors across websites. The intention is
to display ads that are relevant and engaging for the individual user and
thereby more valuable for publishers and third party advertisers.
NameProviderPurposeExpiryTypelocOracleGeolocation, which is used to help
providers determine how users who share information with each other are
geographically located (state level).13 monthsHTTPuvcOracleDetects how often the
social sharing service, AddThis, encounters the same user.13
monthsHTTPxtcOracleRegisters the user's sharing of content via social media.13
monthsHTTPanjAppnexusRegisters a unique ID that identifies a returning user's
device. The ID is used for targeted ads.3 monthsHTTPuuid2AppnexusRegisters a
unique ID that identifies a returning user's device. The ID is used for targeted
ads.3 monthsHTTPlang [x2]LinkedInRemembers the user's selected language version
of a websiteSessionHTTPtrack/pxlThe Trade DeskPresents the user with relevant
content and advertisement. The service is provided by third-party advertisement
hubs, which facilitate real-time bidding for
advertisers.SessionPixelrp.gifRedditNecessary for the implementation of the
Reddit.com's share-button function.SessionPixelbitoBeeswaxSets a unique ID for
the visitor, that allows third party advertisers to target the visitor with
relevant advertisement. This pairing service is provided by third party
advertisement hubs, which facilitates real-time bidding for advertisers.1
yearHTTPbitoIsSecureBeeswaxPresents the user with relevant content and
advertisement. The service is provided by third-party advertisement hubs, which
facilitate real-time bidding for advertisers.1
yearHTTPcheckForPermissionBeeswaxDetermines whether the visitor has accepted the
cookie consent box. 1 dayHTTPlog/cnvBeeswaxPendingSessionPixelMUIDMicrosoftUsed
widely by Microsoft as a unique user ID. The cookie enables user tracking by
synchronising the ID across many Microsoft domains.1
yearHTTPtuuidDemandBaseCollects visitor data related to the user's visits to the
website, such as the number of visits, average time spent on the website and
what pages have been loaded, with the purpose of displaying targeted ads.399
daysHTTPtuuid_luDemandBaseContains a unique visitor ID, which allows
Bidswitch.com to track the visitor across multiple websites. This allows
Bidswitch to optimize advertisement relevance and ensure that the visitor does
not see the same ads multiple times. 399 daysHTTPvalidateCookieDemandBaseUsed in
context with Account-Based-Marketing (ABM). The cookie registers data such as
IP-addresses, time spent on the website and page requests for the visit. This is
used for retargeting of multiple users rooting from the same IP-addresses. ABM
usually facilitates B2B marketing purposes.SessionPixelIDEGoogleUsed by Google
DoubleClick to register and report the website user's actions after viewing or
clicking one of the advertiser's ads with the purpose of measuring the efficacy
of an ad and to present targeted ads to the user.1
yearHTTPpagead/landing [x2]GoogleCollects data on visitor behaviour from
multiple websites, in order to present more relevant advertisement - This also
allows the website to limit the number of times that they are shown the same
advertisement. SessionPixeltest_cookieGoogleUsed to check if the user's browser
supports cookies.1 dayHTTPads/ga-audiencesGoogleUsed by Google AdWords to
re-engage visitors that are likely to convert to customers based on the
visitor's online behaviour across websites.SessionPixelNIDGoogleRegisters a
unique ID that identifies a returning user's device. The ID is used for targeted
ads.6 monthsHTTPpagead/1p-user-list/#GoogleTracks if the user has shown interest
in specific products or events across multiple websites and detects how the user
navigates between sites. This is used for measurement of advertisement efforts
and facilitates payment of referral-fees between
websites.SessionPixelcsGumgumCollects data on the user across websites - This
data is used to make advertisement more relevant.1
yearHTTP_session_id [x2]jukebox.pathfactory.com
PathFactoryStores visitors' navigation by registering landing pages - This
allows the website to present relevant products and/or measure their
advertisement efficiency on other websites. 399 daysHTTPbcookieLinkedInUsed by
the social networking service, LinkedIn, for tracking the use of embedded
services.1 yearHTTPbscookieLinkedInUsed by the social networking service,
LinkedIn, for tracking the use of embedded services.1 yearHTTPlidcLinkedInUsed
by the social networking service, LinkedIn, for tracking the use of embedded
services.1 dayHTTPUserMatchHistoryLinkedInUsed to track visitors on multiple
websites, in order to present relevant advertisement based on the visitor's
preferences. 29 daysHTTP__atuvcOracleUpdates the counter of a website's social
sharing features.13 monthsHTTP__atuvsOracleEnsures that the updated counter is
displayed to the user if a page is shared with the social sharing service,
AddThis.1 dayHTTP_at.cwwOracleUsed by the social sharing platform
AddThisPersistentHTML_fbp Meta Platforms, Inc.Used by Facebook to deliver a
series of advertisement products such as real time bidding from third party
advertisers.3 monthsHTTP_gaexpwww.googleoptimize.comThis cookie is used by
Google Analytics to determine if the visitor is involved in their marketing
experiments.15 daysHTTP_gaexp_rcwww.googleoptimize.comDetermines whether the
user is assigned to a specific content-experiment to optimize website content
and advertisement efforts.1 dayHTTP_gcl_auCookiebotUsed by Google AdSense for
experimenting with advertisement efficiency across websites using their
services. 3 monthsHTTP_hjRecordingEnabledHotjarThis cookie is used to identify
the visitor and optimize ad-relevance by collecting visitor data from multiple
websites – this exchange of visitor data is normally provided by a third-party
data-center or ad-exchange.SessionHTML_mkto_trkMarketoContains data on visitor
behaviour and website interaction. This is used in context with the email
marketing service Marketo.com, which allows the website to target visitors via
email. 399 daysHTTP_rdt_uuidRedditUsed to track visitors on multiple websites,
in order to present relevant advertisement based on the visitor's preferences. 3
monthsHTTP_uetsidMicrosoftCollects data on visitor behaviour from multiple
websites, in order to present more relevant advertisement - This also allows the
website to limit the number of times that they are shown the same advertisement.
1 dayHTML_uetsid_expMicrosoftContains the expiry-date for the cookie with
corresponding name. PersistentHTML_uetvidMicrosoftUsed to track visitors on
multiple websites, in order to present relevant advertisement based on the
visitor's preferences. 1 yearHTML_uetvid_expMicrosoftContains the expiry-date
for the cookie with corresponding name.
PersistentHTMLat-lojson-cache-#v1.addthisedge.comUsed by the social sharing
platform AddThisPersistentHTMLat-randOracleUsed by the social sharing platform
AddThisPersistentHTMLsnowplowOutQueue_#_post2cdn-app.pathfactory.comCollects
statistical data related to the user's website visits, such as the number of
visits, average time spent on the website and what pages have been loaded. The
purpose is to segment the website's users according to factors such as
demographics and geographical location, in order to enable media and marketing
agencies to structure and understand their target groups to enable customised
online
advertising.PersistentHTMLsnowplowOutQueue_#_post2.expirescdn-app.pathfactory.comCollects
statistical data related to the user's website visits, such as the number of
visits, average time spent on the website and what pages have been loaded. The
purpose is to segment the website's users according to factors such as
demographics and geographical location, in order to enable media and marketing
agencies to structure and understand their target groups to enable customised
online advertising.PersistentHTMLi/adsct [x2]Twitter Inc.The cookie is used by
Twitter.com in order to determine the number of visitors accessing the website
through Twitter advertisement content. SessionPixelmuc_adsTwitter Inc.Collects
data on user behaviour and interaction in order to optimize the website and make
advertisement on the website more relevant. 399 daysHTTPr/beaconAmobeeUsed to
track the visitor across multiple devices including TV. This is done in order to
re-target the visitor through multiple channels. SessionPixeluidAmobeeCollects
anonymous data related to the user's visits to the website, such as the number
of visits, average time spent on the website and what pages have been loaded,
with the purpose of displaying targeted ads.179
daysHTTPpersonalization_idTwitter Inc.This cookie is set by Twitter - The cookie
allows the visitor to share content from the website onto their Twitter profile.
399 daysHTTPDEVICE_INFOYouTubePending179 daysHTTPVISITOR_INFO1_LIVEYouTubeTries
to estimate the users' bandwidth on pages with integrated YouTube videos.179
daysHTTPYSCYouTubeRegisters a unique ID to keep statistics of what videos from
YouTube the user has seen.SessionHTTPyt.innertube::nextIdYouTubeRegisters a
unique ID to keep statistics of what videos from YouTube the user has
seen.PersistentHTMLyt.innertube::requestsYouTubeRegisters a unique ID to keep
statistics of what videos from YouTube the user has
seen.PersistentHTMLytidb::LAST_RESULT_ENTRY_KEYYouTubeStores the user's video
player preferences using embedded YouTube
videoPersistentHTMLyt-player-bandaid-hostYouTubeUsed to determine the optimal
video quality based on the visitor's device and network settings.
PersistentHTMLyt-remote-cast-availableYouTubeStores the user's video player
preferences using embedded YouTube
videoSessionHTMLyt-remote-cast-installedYouTubeStores the user's video player
preferences using embedded YouTube
videoSessionHTMLyt-remote-connected-devicesYouTubeStores the user's video player
preferences using embedded YouTube
videoPersistentHTMLyt-remote-device-idYouTubeStores the user's video player
preferences using embedded YouTube
videoPersistentHTMLyt-remote-fast-check-periodYouTubeStores the user's video
player preferences using embedded YouTube
videoSessionHTMLyt-remote-session-appYouTubeStores the user's video player
preferences using embedded YouTube
videoSessionHTMLyt-remote-session-nameYouTubeStores the user's video player
preferences using embedded YouTube videoSessionHTML
Unclassified cookies are cookies that we are in the process of classifying,
together with the providers of individual cookies.
NameProviderPurposeExpiryTypea/gif.gifTechTargetPendingSessionPixelli_alertsLinkedInPending1
yearHTTP_pf_id.c79ecdn-app.pathfactory.comPending1
dayHTTP_pf_ses.c79ecdn-app.pathfactory.comPending1
dayHTTPoribili_user_guidOribiPending1
yearHTTPspBeaconPreflight_jukeboxTracker_jukeboxTrackerGooglePendingSessionHTMLspBeaconPreflight_jukeboxTracker_railsTrackerGooglePendingSessionHTML
[#IABV2_LABEL_PURPOSES#] [#IABV2_LABEL_FEATURES#] [#IABV2_LABEL_PARTNERS#]
[#IABV2_BODY_PURPOSES#]
[#IABV2_BODY_FEATURES#]
[#IABV2_BODY_PARTNERS#]
This website uses cookies to personalize content and ads, to provide social
media features and to analyze our traffic.
Cookies are small text files that can be used by websites to make a user's
experience more efficient. The law states that we can store cookies on your
device if they are strictly necessary for the operation of this site.
For all other types of cookies we need your permission. This site uses different
types of cookies. Some cookies are placed by third party services that appear on
our pages. Our Cookie Policy.
Learn more about who we are, how you can contact us and how we process personal
data in our Privacy Policy.
Your consent applies to the following domains: dig.sysdig.com, sysdig.com
Cookie declaration last updated on 28.12.22 by Cookiebot
* Products
* Back to main menu
* Products
* Sysdig Secure
Container, Kubernetes and Cloud Security
* Platform – 2nd Column Header – Hidden
* Sysdig Monitor
Kubernetes and Prometheus Monitoring
* Platform – 3rd Column Header – Hidden
* Pricing
* Use Cases
* Back to main menu
* Security Use Cases
* Container & Kubernetes Security
* Cloud Workload Protection (CWP)
* CSPM
* CIEM
* Vulnerability Management
* Cloud Detection & Response
* Compliance
* IaC Security
* Monitoring Use Cases
* Kubernetes Monitoring
* Prometheus Monitoring
* Custom Metrics
* Cloud Monitoring
* Cost Optimization
* Environments
* Kubernetes & Containers
* VMs & Hosts
* Serverless
* Amazon Web Services
* Google Cloud
* Microsoft Azure
* IBM Cloud
* View All
*
* Integrations
* Partner Locator
* Open Source
* Back to main menu
* Open Source – 1st Column Header – HIdden
* Sysdig and Open Source
* Projects
* Falco
* Open Policy Agent
* Sysdig Open Source
* Prometheus
* Customers
* Resources
* Back to main menu
* Resources – 1st Column Header – Hidden
* Blog
* Threat Research
* Education
* Content Library
* Events & Webinars
* Learn Cloud Native
* Training Portal
* Topics
* Container Security
* Cloud Security
* Monitoring
* Compliance
* Support
* Support
* Knowledgebase
* Documentation
* Submit a Ticket
* Sysdig Status
* Search
* Back to main menu
* Search for: Search
* Best Match
View all search results
* Log In
* Back to main menu
* Monitor
* US-East
* US-West
* EU-Central
* AWS-AP-Sydney
* GCP-US-West
* Secure
* US-East
* US-West
* EU-Central
* AWS-AP-Sydney
* GCP-US-West
* Log In – 3rd Column Header – HIdden
* Support
* Languages
* Back to main menu
* Language Header – Hidden
* Deutsch
* English
* Español
* Français
* Italiano
* 日本
* Start Free
* Get Demo
KUBERNETES 1.26 – WHAT’S NEW?
By Devid Dokash - NOVEMBER 30, 2022
SHARE:
content:
Table of contents Editor's pick Deprecations API Apps Auth Network Nodes
Scheduling Storage Other enhancements
Content
Table of contents
Editor's pick
Deprecations
API
Apps
Auth
Network
Nodes
Scheduling
Storage
Other enhancements
Kubernetes 1.26 is about to be released, and it comes packed with novelties!
Where do we begin?
This release brings 37 enhancements, on par with the 40 in Kubernetes 1.25 and
the 46 in Kubernetes 1.24. Of those 37 enhancements, 11 are graduating to
Stable, 10 are existing features that keep improving, 16 are completely new, and
one is a deprecated feature.
Watch out for all the deprecations and removals in this version!
Two new features stand out in this release that have the potential to change the
way users interact with Kubernetes: Being able to provisioning volumes with
snapshots from other namespaces.
There are also new features aimed at high performance workloads, like science
researching or machine learning: Better what physical CPU cores your workloads
run on.
Also, other features will make life easier for cluster administrators, like
support for OpenAPIv3.
We are really hyped about this release!
There is plenty to talk about, so let’s get started with what’s new in
Kubernetes 1.26.
KUBERNETES 1.26 – EDITOR’S PICK:
These are the features that look most exciting to us in this release (ymmv):
#3294 PROVISION VOLUMES FROM CROSS-NAMESPACE SNAPSHOTS
The VolumeSnapshot feature allows Kubernetes users provision volumes from volume
snapshots, providing great benefits for users and applications, like enabling
database administrators to snapshot a database before any critical operation, or
the ability to develop and implement backup solutions.
Starting in Kubernetes 1.26 as an Alpha feature, users will be able to create a
PersistentVolumeClaim from a VolumeSnapshot across namespaces, breaking the
initial limitation of having both objects in the same namespace.
This enhancement comes to eliminate the constraints that prevented users and
applications from operating on fundamental tasks, like saving a database
checkpoint when applications and services are in different namespaces.
Víctor Hernando – Sr. Technical Marketing Manager at Sysdig
#3488 CEL FOR ADMISSION CONTROL
Finally, a practical implementation of the validation expression language from
Kubernetes 1.25!
By defining rules for the admission controller as Kubernetes objects, we can
start forgetting about managing webhooks, simplifying the setup of our clusters.
Not only that, but implementing Kubernetes security is a bit easier now.
We love to see these user-friendly improvements. They are the key to keep
growing Kubernetes adoption.
Víctor Jiménez Cerrada – Content Engineering Manager at Sysdig
#3466 KUBERNETES COMPONENT HEALTH SLIS
Since Kubernetes 1.26, you can configure Service Level Indicator (SLI) metrics
for the Kubernetes components binaries. Once you enable them, Kubernetes will
expose the SLI metrics in the /metrics/slis endpoint – so you won’t need a
Prometheus exporter. This can take Kubernetes monitoring to another level making
it easier to create health dashboards and configure PromQL alerts to assure your
cluster’s stability.
Jesús Ángel Samitier – Integrations Engineer at Sysdig
#2371 CADVISOR-LESS, CRI-FULL CONTAINER AND POD STATS
Currently, to gather metrics from containers, such as CPU or memory consumed,
Kubernetes relies on cAdvisor. This feature presents an alternative, enriching
the CRI API to provide all the metrics from the containers, allowing more
flexibility and better accuracy. After all, it’s the Container Runtime who best
knows the behavior of the container.
This feature represents one more step on the roadmap to remove cAdvisor from
Kubernetes code. However, during this transition, cAdvisor will be modified not
to generate the metrics added to the CRI API, avoiding duplicated metrics with
possible different and incoherent values.
David de Torres Huerta – Engineer Manager at Sysdig
#3063 DYNAMIC RESOURCE ALLOCATION
This new Kubernetes release introduces a new Alpha feature which will provide
extended resource management for advanced hardware. As a cherry on top, it comes
with a user-friendly API to describe resource requests. With the increasing
demand to process different hardware components, like GPU or FPGA, and the need
to set up initialization and cleanup, this new feature will speed up Kubernetes
adoption in areas like scientific research or edge computing.
Javier Martínez – Devops Content Engineer at Sysdig
#3545 IMPROVED MULTI-NUMA ALIGNMENT IN TOPOLOGY MANAGER
This is yet another feature aimed at high performance workloads, like those
involved in scientific computing. We are seeing the new CPU manager taking shape
since Kubernetes 1.22 and 1.23, enabling developers to keep their workloads
close to where their data is stored in memory, improving performance. Kubernetes
1.26 goes a step further, opening the door to further customizations for this
feature. After all, not all workloads and CPU architectures are the same.
The future of HPC on Kubernetes is looking quite promising, indeed.
Vicente J. Jiménez Miras – Security Content Engineer at Sysdig
#3335 ALLOW STATEFULSET TO CONTROL START REPLICA ORDINAL NUMBERING
StatefulSets in Kubernetes often are critical backend services, like clustered
databases or message queues.
This enhancement, seemingly a trivial numbering change, allows for greater
flexibility and enables new techniques for rolling cross-namespace or even
cross-cluster migrations of the replicas of the StatefulSet without any
downtime. While the process might seem a bit clunky, involving careful
definition of PodDisruptionBudgets and the moving of resources relative to the
migrating replica, we can surely envision tools (or existing operators
enhancements) that automate these operations for seamless migrations, in stark
contrast with the cold-migration strategy (shutdown-backup-restore) that is
currently possible.
Daniel Simionato – Security Content Engineer at Sysdig
#3325 AUTH API TO GET SELF USER ATTRIBUTES
This new feature coming to alpha will simplify cluster Administrator’s work,
especially when they are managing multiple clusters. It will also assist in
complex authentication flows, as it lets users query their user information or
permissions inside the cluster.
Also, this includes whether you are using a proxy (Kubernetes API server fills
in the userInfo after all authentication mechanisms are applied) or
impersonating (you receive the details and properties for the user that was
impersonated), so you will have your user information in a very easy way.
Miguel Hernández – Security Content Engineer at Sysdig
#3352 AGGREGATED DISCOVERY
This is a tiny change for the users, but one step further on cleaning the
Kubernetes internals and improving its performance. Reducing the number of API
calls by aggregating them (or at least on the discovery part) is a nice solution
to a growing problem. Hopefully, this will provide a small break to cluster
administrators.
Devid Dokash – Content Engineering Intern at Sysdig
DEPRECATIONS
A few beta APIs and features have been removed in Kubernetes 1.26, including:
Deprecated API versions that are no longer served, and you should use a newer
one:
* CRI v1alpha2, use v1 (containerd version 1.5 and older are not supported).
* flowcontrol.apiserver.k8s.io/v1beta1, use v1beta2.
* autoscaling/v2beta2, use v2.
Deprecated. Implement an alternative before the next release goes out:
* In-tree GlusterFS driver.
* kubectl --prune-whitelist, use --prune-allowlist instead.
* kube-apiserver --master-service-namespace.
* Several unused options for kubectl run: --cascade, --filename, --force,
--grace-period, --kustomize, --recursive, --timeout, --wait.
* CLI flag pod-eviction-timeout.
* The apiserver_request_slo_duration_seconds metric, use
apiserver_request_sli_duration_seconds.
Removed. Implement an alternative before upgrading:
* Legacy authentication for Azure and Google Cloud is deprecated.
* The userspace proxy mode.
* Dynamic kubelet configuration.
* Several command line arguments related to logging.
* in-tree OpenStack (cinder volume type), use the CSI driver.
Other changes you should adapt your configs for:
* Pod Security admission: the pod-security warn level will now default to the
enforce level.
* kubelet: The default cpuCFSQuotaPeriod value with the cpuCFSQuotaPeriod flag
enabled is now 100µs instead of 100ms.
* kubelet: The --container-runtime-endpoint flag cannot be empty anymore.
* kube-apiserver: gzip compression switched from level 4 to level 1.
* Metrics: Changed preemption_victims from LinearBuckets to ExponentialBuckets.
* Metrics: etcd_db_total_size_in_bytes is renamed to
apiserver_storage_db_total_size_in_bytes.
* Metrics: kubelet_kubelet_credential_provider_plugin_duration is renamed
kubelet_credential_provider_plugin_duration.
* Metrics: kubelet_kubelet_credential_provider_plugin_errors is renamed
kubelet_credential_provider_plugin_errors.
* Removed Windows Server, Version 20H2 flavors from various container images.
* The e2e.test binary no longer emits JSON structs to document progress.
You can check the full list of changes in the Kubernetes 1.26 release notes.
Also, we recommend the Kubernetes Removals and Deprecations In 1.26 article, as
well as keeping the deprecated API migration guide close for the future.
#281 DYNAMIC KUBELET CONFIGURATION
Feature group: node
After being in beta since Kubernetes 1.11, the Kubernetes team has decided to
deprecate DynamicKubeletConfig instead of continuing its development.
This feature was marked for deprecation in 1.21, then removed from the Kubelet
in 1.24. Now in 1.26, it has been completely removed from Kubernetes.
KUBERNETES 1.26 API
#3352 AGGREGATED DISCOVERY
Stage: Net new to Alpha
Feature group: api-machinery
Feature gate: AggregatedDiscoveryEndpoint Default value: false
Every Kubernetes client like kubectl needs to discover what APIs and versions of
those APIs are available in the kubernetes-apiserver. For that, they need to
make a request per each API and version, which causes a storm of requests.
This enhancement aims to reduce all those calls to just two.
Clients can include as=APIGroupDiscoveryList to the Accept field of their
requests to the /api and /apis endpoints. Then, the server will return an
aggregated document (APIGroupDiscoveryList) with all the available APIs and
their versions.
#3488 CEL FOR ADMISSION CONTROL
Stage: Net new to Alpha
Feature group: api-machinery
Feature gate: ValidatingAdmissionPolicy Default value: false
Building on #2876 CRD validation expression language from Kubernetes 1.25, this
enhancement provides a new admission controller type (ValidatingAdmissionPolicy)
that allows implementing some validations without relying on webhooks.
These new policies can be defined like:
apiVersion: admissionregistration.k8s.io/v1alpha1
kind: ValidatingAdmissionPolicy
metadata:
name: "demo-policy.example.com"
Spec:
failurePolicy: Fail
matchConstraints:
resourceRules:
- apiGroups: ["apps"]
apiVersions: ["v1"]
operations: ["CREATE", "UPDATE"]
resources: ["deployments"]
validations:
- expression: "object.spec.replicas <= 5"
Code language: YAML (yaml)
This policy would deny requests for some deployments with 5 replicas or less.
Discover the full power of this feature in the docs.
#1965 KUBE-APISERVER IDENTITY
Stage: Graduating to Beta
Feature group: api-machinery
Feature gate: APIServerIdentity Default value: true
In order to better control which kube-apiservers are alive in a high
availability cluster, a new lease / heartbeat system has been implemented.
Read more in our “What’s new in Kubernetes 1.20” article.
APPS IN KUBERNETES 1.26
#3017 PODHEALTHYPOLICY FOR PODDISRUPTIONBUDGET
Stage: Net new to Alpha
Feature group: apps
Feature gate: PDBUnhealthyPodEvictionPolicy Default value: false
A PodDisruptionBudget allows you to communicate some minimums to your cluster
administrator to make maintenance tasks easier, like “Do not destroy more than
one of these” or “Keep at least two of these alive”.
However, this only takes into account if the pods are running, not if they are
healthy. It may happen that your pods are Running but not Ready, and a
PodDisruptionBudget may be preventing its eviction.
This enhancement expands these budget definitions with the
status.currentHealthy, status.desiredHealthy, and
spec.unhealthyPodEvictionPolicy extra fields to help you define how to manage
unhealthy pods.
$ kubectl get poddisruptionbudgets example-pod
apiVersion: policy/v1
kind: PodDisruptionBudget
[...]
status:
currentHealthy: 3
desiredHealthy: 2
disruptionsAllowed: 1
expectedPods: 3
observedGeneration: 1
unhealthyPodEvictionPolicy: IfHealthyBudget
Code language: YAML (yaml)
#3335 ALLOW STATEFULSET TO CONTROL START REPLICA ORDINAL NUMBERING
Stage: Net new to Alpha
Feature group: apps
Feature gate: StatefulSetStartOrdinal Default value: false
StatefulSets in Kubernetes currently number their pods using ordinal numbers,
with the first replica being 0 and the last being spec.replicas.
This enhancement adds a new struct with a single field to the StatefulSet
manifest spec, spec.ordinals.start, which allows to define the starting number
for the replicas controlled by the StatefulSet.
This is useful, for example, in cross-namespace or cross-cluster migrations of
StatefulSet, where a clever use of PodDistruptionBudgets (and multi-cluster
services) can allow a controlled rolling migration of the replicas avoiding any
downtime to the StatefulSet.
#3329 RETRIABLE AND NON-RETRIABLE POD FAILURES FOR JOBS
Stage: Graduating to Beta
Feature group: apps
Feature gate: JobPodFailurePolicy Default value: true
Feature gate: PodDisruptionsCondition Default value: true
This enhancement allows us to configure a .spec.podFailurePolicy on the Jobs‘s
spec that determines whether the Job should be retried or not in case of
failure. This way, Kubernetes can terminate Jobs early, avoiding increasing the
backoff time in case of infrastructure failures or application errors.
Read more in our “What’s new in Kubernetes 1.25” article.
#2307 JOB TRACKING WITHOUT LINGERING PODS
Stage: Graduating to Stable
Feature group: apps
Feature gate: JobTrackingWithFinalizers Default value: true
With this enhancement, Jobs will be able to remove completed pods earlier,
freeing resources in the cluster.
Read more in our “Kubernetes 1.22 – What’s new?” article.
KUBERNETES 1.26 AUTH
#3325 AUTH API TO GET SELF USER ATTRIBUTES
Stage: Net new to Alpha
Feature group: auth
Feature gate: APISelfSubjectAttributesReview Default value: false
This new feature is extremely useful when a complicated authentication flow is
used in a Kubernetes cluster, and you want to know all your userInfo, after all
authentication mechanisms are applied.
Executing kubectl alpha auth whoami will produce the following output:
apiVersion: authentication.k8s.io/v1alpha1
kind: SelfSubjectReview
status:
userInfo:
username: jane.doe
uid: b79dbf30-0c6a-11ed-861d-0242ac120002
groups:
- students
- teachers
- system:authenticated
extra:
skills:
- reading
- learning
subjects:
- math
- sports
Code language: YAML (yaml)
In summary, we are now allowed to do a typical /me to know our own permissions
once we are authenticated in the cluster.
#2799 REDUCTION OF SECRET-BASED SERVICE ACCOUNT TOKENS
Stage: Graduating to Beta
Feature group: auth
Feature gate: LegacyServiceAccountTokenNoAutoGeneration Default value: true
API credentials are now obtained through the TokenRequest API, are stable since
Kubernetes 1.22, and are mounted into Pods using a projected volume. They will
be automatically invalidated when their associated Pod is deleted.
Read more in our “Kubernetes 1.24 – What’s new?” article.
NETWORK IN KUBERNETES 1.26
#3453 MINIMIZING IPTABLES-RESTORE INPUT SIZE
Stage: Net new to Alpha
Feature group: network
Feature gate: MinimizeIPTablesRestore Default value: false
This enhancement aims to improve the performance of kube-proxy. It will do so by
only sending the rules that have changed on the calls to iptables-restore,
instead of the whole set of rules.
#1669 PROXY TERMINATING ENDPOINTS
Stage: Graduating to Beta
Feature group: network
Feature gate: ProxyTerminatingEndpoints Default value: true
This enhancement prevents traffic drops during rolling updates by sending all
external traffic to both ready and not ready terminating endpoints (preferring
the ready ones).
Read more in our “Kubernetes 1.22 – What’s new?” article.
#2595 EXPANDED DNS CONFIGURATION
Stage: Graduating to Beta
Feature group: network
Feature gate: ExpandedDNSConfig Default value: true
With this enhancement, Kubernetes allows up to 32 DNS in the search path, and an
increased number of characters for the search path (up to 2048), to keep up with
recent DNS resolvers.
Read more in our “Kubernetes 1.22 – What’s new?” article.
#1435 SUPPORT OF MIXED PROTOCOLS IN SERVICES WITH TYPE=LOADBALANCER
Stage: Graduating to Stable
Feature group: network
Feature gate: MixedProtocolLBService Default value: true
This enhancement allows a LoadBalancer Service to serve different protocols
under the same port (UDP, TCP). For example, serving both UDP and TCP requests
for a DNS or SIP server on the same port.
Read more in our “Kubernetes 1.20 – What’s new?” article.
#2086 SERVICE INTERNAL TRAFFIC POLICY
Stage: Graduating to Stable
Feature group: network
Feature gate: ServiceInternalTrafficPolicy Default value: true
You can now set the spec.trafficPolicy field on Service objects to optimize your
cluster traffic:
* With Cluster, the routing will behave as usual.
* When set to Topology, it will use the topology-aware routing.
* With PreferLocal, it will redirect traffic to services on the same node.
* With Local, it will only send traffic to services on the same node.
Read more in our “Kubernetes 1.21 – What’s new?” article.
#3070 RESERVE SERVICE IP RANGES FOR DYNAMIC AND STATIC IP ALLOCATION
Stage: Graduating to Stable
Feature group: network
Feature gate: ServiceIPStaticSubrange Default value: true
This update to the --service-cluster-ip-range flag will lower the risk of having
IP conflicts between Services using static and dynamic IP allocation, and at the
same time, keep the compatibility backwards.
Read more in our “What’s new in Kubernetes 1.24” article.
KUBERNETES 1.26 NODES
#2371 CADVISOR-LESS, CRI-FULL CONTAINER AND POD STATS
Stage: Major change to Alpha
Feature group: node
Feature gate: PodAndContainerStatsFromCRI Default value: false
This enhancement summarizes the efforts to retrieve all the stats about running
containers and pods from the Container Runtime Interface (CRI), removing the
dependencies from cAdvisor.
Starting with 1.26, the metrics on /metrics/cadvisor are gathered by CRI instead
of cAdvisor.
Read more in our “Kubernetes 1.23 – What’s new?” article.
#3063 DYNAMIC RESOURCE ALLOCATION
Stage: Net new to Alpha
Feature group: node
Feature gate: DynamicResourceAllocation Default value: false
Traditionally, the Kubernetes scheduler could only take into account CPU and
memory limits and requests. Later on, the scheduler was expanded to also take
storage and other resources into account. However, this is limiting in many
scenarios.
For example, what if the device needs initialization and cleanup, like an FPGA;
or what if you want to limit the access to the resource, like a shared GPU?
This new API covers those scenarios of resource allocation and dynamic
detection, using the new ResourceClaimTemplate and ResourceClass objects, and
the new resourceClaims field inside Pods.
apiVersion: v1
kind: Pod
[...]
spec:
resourceClaims:
- name: resource0
source:
resourceClaimTemplateName: resource-claim-template
- name: resource1
source:
resourceClaimTemplateName: resource-claim-template
[...]
Code language: YAML (yaml)
The scheduler can keep track of these resource claims, and only schedule Pods in
those nodes with enough resources available.
#3386 KUBELET EVENTED PLEG FOR BETTER PERFORMANCE
Stage: Net new to Alpha
Feature group: node
Feature gate: EventedPLEG Default value: false
The aim of this enhancement is to reduce the CPU usage of the kubelet when
keeping track of all the pod states.
It will partially reduce the periodic polling that the kubelet performs, instead
relying on notifications from the Container Runtime Interface (CRI) as much as
possible.
If you are interested in the implementation details, you may want to take a look
at the KEP.
#3545 IMPROVED MULTI-NUMA ALIGNMENT IN TOPOLOGY MANAGER
Stage: Net new to Alpha
Feature group: node
Feature gate: TopologyManagerPolicyOptions Default value: false
Feature gate: TopologyManagerPolicyBetaOptions Default value: false
Feature gate: TopologyManagerPolicyAlphaOptions Default value: false
This is an improvement for TopologyManager to better handle Non-Uniform Memory
Access (NUMA) nodes. For some high-performance workloads, it is very important
to control in which physical CPU cores they run. You can significantly improve
performance if you avoid memory jumping between the caches of the same chip, or
between sockets.
A new topology-manager-policy-options flag for kubelet will allow you to pass
options and modify the behavior of a topology manager.
Currently, only one alpha option is available:
* When prefer-closest-numa-nodes=true is passed along, the Topology Manager
will align the resources on either a single NUMA node or the minimum number
of NUMA nodes possible.
As new options may be added in the future, several feature gates have been added
so you can choose to focus only on the stable ones:
* TopologyManagerPolicyOptions: Will enable the topology-manager-policy-options
flag and the stable options.
* TopologyManagerPolicyBetaOptions: Will also enable the beta options.
* TopologyManagerPolicyAlphaOptions: Will also enable the alpha options.
Related: #2902 CPUManager policy option to distribute CPUs across NUMA nodes in
Kubernetes 1.23.
Related: #2625 New CPU Manager Policies in Kubernetes 1.22.
#2133 KUBELET CREDENTIAL PROVIDER
Stage: Graduating to Stable
Feature group: node
Feature gate: KubeletCredentialProviders Default value: true
This enhancement replaces in-tree container image registry credential providers
with a new mechanism that is external and pluggable.
Read more in our “Kubernetes 1.20 – What’s new?” article.
#3570 GRADUATE TO CPUMANAGER TO GA
Stage: Graduating to Stable
Feature group: node
Feature gate: CPUManager Default value: true
The CPUManager is the Kubelet component responsible for assigning pod containers
to sets of CPUs on the local node.
It was introduced in Kubernetes 1.8, and graduated to beta in release 1.10. For
1.26, the core CPUManager has been deemed stable, while experimentation
continues with the additional work on its policies.
Related: #3545 Improved multi-numa alignment in Topology Manager in Kubernetes
1.26.
Related: #2625 New CPU Manager Policies in Kubernetes 1.22.
#3573 GRADUATE DEVICEMANAGER TO GA
Stage: Graduating to Stable
Feature group: node
Feature gate: DevicePlugins Default value: true
The DeviceManager in the Kubelet is the component managing the interactions with
the different Device Plugins.
Initially introduced in Kubernetes 1.8 and moved to beta stage in release 1.10,
the Device Plugin framework saw widespread adoption and is finally moving to GA
in 1.26.
This framework allows the use of external devices (e.g., NVIDIA GPUs, AMD GPUS,
SR-IOV NICs) without modifying core Kubernetes components.
SCHEDULING IN KUBERNETES 1.26
#3521 POD SCHEDULING READINESS
Stage: Net new to Alpha
Feature group: scheduling
Feature gate: PodSchedulingReadiness Default value: false
This enhancement aims to optimize scheduling by letting the Pods define when
they are ready to be actually scheduled.
Not all pending Pods are ready to be scheduled. Some stay in a
miss-essential-resources state for some time, which causes extra work in the
scheduler.
The new .spec.schedulingGates of a Pod allows to identify when they are ready
for scheduling:
apiVersion: v1
kind: Pod
[...]
spec:
schedulingGates:
- name: foo
- name: bar
[...]
Code language: YAML (yaml)
When any scheduling gate is present, the Pod won’t be scheduled.
You can check the status with:
$ kubectl get pod test-pod
NAME READY STATUS RESTARTS AGE
test-pod 0/1 SchedulingGated 0 7s
Code language: YAML (yaml)
#3094 TAKE TAINTS/TOLERATIONS INTO CONSIDERATION WHEN CALCULATING
PODTOPOLOGYSPREAD SKEW
Stage: Graduating to Beta
Feature group: scheduling
Feature gate: NodeInclusionPolicyInPodTopologySpread Default value: true
As we discussed in our “Kubernetes 1.16 – What’s new?” article, the
topologySpreadConstraints fields, along with maxSkew, allow you to spread your
workloads across nodes. A new NodeInclusionPolicies field allows taking into
account NodeAffinity and NodeTaint when calculating this pod topology spread
skew.
Read more in our “What’s new in Kubernetes 1.25” article.
KUBERNETES 1.26 STORAGE
#3294 PROVISION VOLUMES FROM CROSS-NAMESPACE SNAPSHOTS
Stage: Net new to Alpha
Feature group: storage
Feature gate: CrossNamespaceVolumeDataSource Default value: false
Prior to Kubernetes 1.26, users were able to provision volumes from snapshots
thanks to the VolumeSnapshot feature. While this is a great and super useful
feature. it had some limitations, like the inability to bind a
PersistentVolumeClaim to VolumeSnapshots from other namespaces.
This enhancement breaks this limitation and allows Kubernetes users to provision
volumes from snapshots across namespaces.
If you want to use the cross-namespace VolumeSnapshot feature, you’ll have to
first create a ReferenceGrant object, and then a PersistentVolumeClaim binding
to the VolumeSnapshot. Here, you’ll find a simple example of both objects for
learning purposes.
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: ReferenceGrant
metadata:
name: test
namespace: default
spec:
from:
- group: ""
kind: PersistentVolumeClaim
namespace: nstest1
to:
- group: snapshot.storage.k8s.io
kind: VolumeSnapshot
name: testsnapshot
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: testvolumeclaim
namespace: nstest1
spec:
storageClassName: mystorageclass
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
dataSourceRef2:
apiGroup: snapshot.storage.k8s.io
kind: VolumeSnapshot
name: testsnapshot
namespace: default
volumeMode: Filesystem
Code language: YAML (yaml)
#2268 NON-GRACEFUL NODE SHUTDOWN
Stage: Graduating to Beta
Feature group: storage
Feature gate: NodeOutOfServiceVolumeDetach Default value: true
This enhancement addresses node shutdown cases that are not detected properly,
where the pods that are part of a StatefulSet will be stuck in terminating
status on the shutdown node and cannot be moved to a new running node.
The pods will be forcefully deleted in this case, trigger the deletion of the
VolumeAttachments, and new pods will be created on a different running node so
that application can continue to function.
Read more in our “Kubernetes 1.24 – What’s new?” article.
#3333 RETROACTIVE DEFAULT STORAGECLASS ASSIGNEMENT
Stage: Graduating to Beta
Feature group: storage
Feature gate: RetroactiveDefaultStorageClass Default value: false
This enhancement helps manage the case when cluster administrators change the
default storage class. All PVCs without StorageClass that were created while the
change took place will retroactively be set to the new default StorageClass.
Read more in our “What’s new in Kubernetes 1.25” article.
#1491 VSPHERE IN-TREE TO CSI DRIVER MIGRATION
Stage: Graduating to Stable
Feature group: storage
Feature gate: CSIMigrationvSphere Default value: false
As we covered in our “What’s new in Kubernetes 1.19” article, the CSI driver for
vSphere has been stable for some time. Now, all plugin operations for
vspherevolume are now redirected to the out-of-tree ‘csi.vsphere.vmware.com’
driver.
This enhancement is part of the #625 In-tree storage plugin to CSI Driver
Migration effort.
#1885 AZURE FILE IN-TREE TO CSI DRIVER MIGRATION
Stage: Graduating to Stable
Feature group: storage
Feature gate: InTreePluginAzureDiskUnregister Default value: true
This enhancement summarizes the work to move Azure File code out of the main
Kubernetes binaries (out-of-tree).
Read more in our “Kubernetes 1.21 – What’s new?” article.
#2317 ALLOW KUBERNETES TO SUPPLY POD’S FSGROUP TO CSI DRIVER ON MOUNT
Stage: Graduating to Stable
Feature group: storage
Feature gate: DelegateFSGroupToCSIDriver Default value: false
This enhancement proposes providing the CSI driver with the fsgroup of the pods
as an explicit field, so the CSI driver can be the one applying this natively on
mount time.
Read more in our “Kubernetes 1.22 – What’s new?” article.
OTHER ENHANCEMENTS IN KUBERNETES 1.26
#3466 KUBERNETES COMPONENT HEALTH SLIS
Stage: Net new to Alpha
Feature group: instrumentation
Feature gate: ComponentSLIs Default value: false
There isn’t a standard format to query the health data of Kubernetes components.
Starting with Kubernetes 1.26, a new endpoint /metrics/slis will be available on
each component exposing their Service Level Indicator (SLI) metrics in
Prometheus format.
For each component, two metrics will be exposed:
* A gauge, representing the current state of the healthcheck.
* A counter, recording the cumulative counts observed for each healthcheck
state.
With this information, you can check the overtime status for the Kubernetes
internals, e.g.:
kubernetes_healthcheck{name="etcd",type="readyz"}Code language: Bash (bash)
And create an alert for when something’s wrong, e.g.:
kubernetes_healthchecks_total{name="etcd",status="error",type="readyz"} > 0Code language: Bash (bash)
#3498 EXTEND METRICS STABILITY
Stage: Net new to Alpha
Feature group: instrumentation
Feature gate: N/A
Metrics in Kubernetes are classified as alpha or stable. The stable ones are
guaranteed to be maintained, providing you with the information to prepare your
dashboards so they don’t break unexpectedly when you upgrade your cluster.
In Kubernetes 1.26, two new classes are added:
* beta: For metrics related to beta features. They may change or disappear, but
they are in a more advanced development state than the alpha ones.
* internal: Metrics for internal usage that you shouldn’t worry about, either
because they don’t provide useful information for cluster administrators, or
because they may change without notice.
You can check a full list of available metrics in the documentation.
Related: #1209 Metrics stability enhancement in Kubernetes 1.21.
#3515 OPENAPI V3 FOR KUBECTL EXPLAIN
Stage: Net new to Alpha
Feature group: cli
Environment variable: KUBECTL_EXPLAIN_OPENAPIV3 Default value: false
This enhancement allows kubectl explain to gather the data from OpenAPIv3
instead of v2.
In OpenAPIv3, some data can be represented in a better way, like
CustomResourceDefinitions (CDRs).
Internal work is also being made to improve how kubectl explain prints the
output.
Related: #2896 OpenAPI v3 in Kubernetes 1.24.
#1440 KUBECTL EVENTS
Stage: Graduating to Beta
Feature group: cli
Feature gate: N/A
A new kubectl events command is available that will enhance the current
functionality of kubectl get events.
Read more in our “Kubernetes 1.23 – What’s new?” article.
#3031 SIGNING RELEASE ARTIFACTS
Stage: Graduating to Beta
Feature group: release
Feature gate: N/A
This enhancement introduces a unified way to sign artifacts in order to help
avoid supply chain attacks. It relies on the sigstore project tools, and more
specifically cosign. Although it doesn’t add new functionality, it will surely
help to keep our cluster more protected.
Read more in our “Kubernetes 1.24 – What’s new?” article.
#3503 HOST NETWORK SUPPORT FOR WINDOWS PODS
Stage: Net new to Alpha
Feature group: windows
Feature gate: WindowsHostNetwork Default value: false
There is a weird situation in Windows pods where you can set hostNetwork=true
for them, but it doesn’t change anything. There isn’t any platform impediment,
the implementation was just missing.
Starting with Kubernetes 1.26, the kubelet can now request that Windows pods use
the host’s network namespace instead of creating a new pod network namespace.
This will come handy to avoid port exhaustion where there’s large amounts of
services.
#1981 SUPPORT FOR WINDOWS PRIVILEGED CONTAINERS
Stage: Graduating to Stable
Feature group: windows
Feature gate: WindowsHostProcessContainers Default value: true
This enhancement brings the privileged containers feature available in Linux to
Windows hosts.
Privileged containers have access to the host, as if they were running directly
on it. Although they are not recommended for most of the workloads, they are
quite useful for administration, security, and monitoring purposes.
Read more in our “Kubernetes 1.22 – What’s new?” article.
--------------------------------------------------------------------------------
That’s all for Kubernetes 1.26, folks! Exciting as always; get ready to upgrade
your clusters if you are intending to use any of these features.
If you liked this, you might want to check out our previous ‘What’s new in
Kubernetes’ editions:
* Kubernetes 1.26 – What’s new?
* Kubernetes 1.25 – What’s new?
* Kubernetes 1.24 – What’s new?
* Kubernetes 1.23 – What’s new?
* Kubernetes 1.22 – What’s new?
* Kubernetes 1.21 – What’s new?
* Kubernetes 1.20 – What’s new?
* Kubernetes 1.19 – What’s new?
* Kubernetes 1.18 – What’s new?
* Kubernetes 1.17 – What’s new?
* Kubernetes 1.16 – What’s new?
* Kubernetes 1.15 – What’s new?
* Kubernetes 1.14 – What’s new?
* Kubernetes 1.13 – What’s new?
* Kubernetes 1.12 – What’s new?
Get involved in the Kubernetes community:
* Visit the project homepage.
* Check out the Kubernetes project on GitHub.
* Get involved with the Kubernetes community.
* Meet the maintainers on the Kubernetes Slack.
* Follow @KubernetesIO on Twitter.
And if you enjoy keeping up to date with the Kubernetes ecosystem, subscribe to
our container newsletter, a monthly email with the coolest stuff happening in
the cloud-native ecosystem.
* Products
* Sysdig Secure
* Sysdig Monitor
* Partners
* Sysdig Partners
* Deal Registration
* Partner Signup
* Partner Locator
* Integrations
* Company
* About Us
* Leadership
* Careers
* Newsroom
* Contact Us
* Legal
* Sitemap
* Support
* Knowledgebase
* Documentation
* Submit a Ticket
* Sysdig Status
* Customer Success
* * Twitter
* Github
* Slack
* Youtube
* LinkedIn
® Copyright 2023 Sysdig, Inc. All Rights Reserved.
* Privacy Policy
* Subprocessors
* Trust Center