Kubernetes 1.8: Security, Workloads and Feature Depth
By Aparna Sinha, Group Product Manager, Kubernetes, Google; Ihor
Dvoretskyi, Developer Advocate, CNCF; Jaice Singer DuMars, Kubernetes
Ambassador, Microsoft; and Caleb Miles, Technical Program Manager,
CoreOS on the latest release of Kubernetes 1.8.
September 29, 2017
pleased to announce the delivery of Kubernetes 1.8, our third release
this year. Kubernetes 1.8 represents a snapshot of many exciting
enhancements and refinements underway. In addition to functional
improvements, we’re increasing project-wide focus on maturing process,
formalizing architecture, and strengthening Kubernetes’ governance
model. The evolution of mature processes clearly signals that
sustainability is a driving concern, and helps to ensure that Kubernetes
is a viable and thriving project far into the future.
Spotlight on security
Kubernetes 1.8 graduates support for role based access control (RBAC) to
stable. RBAC allows cluster administrators to dynamically define roles
to enforce access policies through the Kubernetes API. Beta support for
filtering outbound traffic through network policies augments existing
support for filtering inbound traffic to a pod. RBAC and Network
Policies are two powerful tools for enforcing organizational and
regulatory security requirements within Kubernetes.
Transport Layer Security (TLS) certificate rotation for the Kubelet
graduates to beta. Automatic certificate rotation eases secure cluster
Spotlight on workload support
Kubernetes 1.8 promotes the core Workload APIs to beta with the
apps/v1beta2 group and version. The beta contains the current version of
Deployment, DaemonSet, ReplicaSet, and StatefulSet. The Workloads APIs
provide a stable foundation for migrating existing workloads to
Kubernetes as well as developing cloud native applications that target
For those considering running Big Data workloads on Kubernetes, the
Workloads API now enables native Kubernetes support in Apache Spark.
Batch workloads, such as nightly ETL jobs, will benefit from the
graduation of CronJobs to beta.
Custom Resource Definitions (CRDs) remain in beta for Kubernetes 1.8. A
CRD provides a powerful mechanism to extend Kubernetes with user-defined
API objects. One use case for CRDs is the automation of complex stateful
applications such as key-value stores, databases and storage engines
through the Operator Pattern. Expect continued enhancements to CRDs such
as validation as stabilization continues.
volume snapshots, PV resizing, automatic taints, priority pods, kubectl
plugins, oh my!
In addition to stabilizing existing functionality, Kubernetes 1.8 offers
a number of alpha features that preview new functionality.
Each Special Interest Group (SIG) in the community continues to deliver
the most requested user features for their area. For a complete list,
please visit the release notes.
Kubernetes 1.8 is available for download on GitHub. To get started with
Kubernetes, check out these interactive tutorials.
The Release team for 1.8 was led by Jaice Singer DuMars, Kubernetes
Ambassador at Microsoft, and was comprised of 14 individuals responsible
for managing all aspects of the release, from documentation to testing,
validation, and feature completeness.
As the Kubernetes community has grown, our release process has become an
amazing demonstration of collaboration in open source software
development. Kubernetes continues to gain new users at a rapid clip.
This growth creates a positive feedback cycle where more contributors
commit code creating a more vibrant ecosystem.
According to Redmonk, 54 percent of Fortune 100 companies are running
Kubernetes in some form with adoption coming from every sector across
the world. Recent user stories from the community include:
currently holds 20 billion historical records and 90 million family
trees, making it the largest consumer genomics DNA network in the world.
With the move to Kubernetes, its deployment time for its Shaky Leaf icon
service was cut down from 50 minutes to 2 or 5 minutes.
Wink, provider of smart home
devices and apps, runs 80 percent of its workloads on a unified stack of
Kubernetes-Docker-CoreOS, allowing them to continually innovate and
improve its products and services.
Pear Deck, a teacher communication
app for students, ported their Heroku apps into Kubernetes, allowing
them to deploy the exact same configuration in lots of different
clusters in 30 seconds.
Buffer, social media management
for agencies and marketers, has a remote team of 80 spread across a
dozen different time zones. Kubernetes has provided the kind of liquid
infrastructure where a developer could create an app and deploy it and
scale it horizontally as necessary.
Is Kubernetes helping your team?
Share your story with the community.
Announced on September 11, Kubernetes Certified Service Providers (KCSPs)
are pre-qualified organizations with deep experience helping enterprises
successfully adopt Kubernetes. Individual professionals can now register
for the new Certified Kubernetes Administrator (CKA) program and exam,
which requires passing an online, proctored, performance-based exam that
tests one’s ability to solve multiple issues in a hands-on, command-line
CNCF also offers online training
that teaches the skills needed to create and configure a real-world
Join the community at KubeCon + CloudNativeCon in Austin, December 6-8
for the largest Kubernetes gathering ever. The premiere Kubernetes event
will feature technical sessions, case studies, developer deep dives,
salons and more! A full schedule of events and speakers will be
available here on September 28. Discounted registration ends October 6.
Open Source Summit EU
Ihor Dvoretskyi, Kubernetes 1.8 features release lead, will present new
features and enhancements at Open Source Summit EU in Prague, October
23. Registration is still open.