Yalton Ruiz
on 16 August 2023
Canonical Kubernetes 1.28 is now generally available
Following the release of upstream Kubernetes on 15th of August, Canonical Kubernetes 1.28 is generally available in the form of MicroK8s, with Charmed Kubernetes expected to follow shortly.
We consistently follow the upstream release cadence to provide our users and customers with the latest improvements and fixes, together with security maintenance and enterprise support for Kubernetes on Ubuntu. This blog is a quick overview of the latest developments and highlights that will be available in Canonical Kubernetes 1.28.
What’s new in upstream Kubernetes 1.28
Kubernetes 1.28 is tracking 59 new enhancements, of which 33 are alpha, 19 are beta and 15 stable. Below are some of the expected features in the new release. You can also have a look at the (currently in draft) release notes for 1.28
- Sidecar Containers: (alpha) Kubernetes introduces the built-in support for sidecar containers pattern.
- CEL for Admission Control: (beta) Allows cluster administrators to easily define dynamic admission controls and validation rules for cluster resources, without the need to run a separate admission server and setting up ValidatingWebhookConfiguration resources.
- Kubelet limit of Parallel Image Pulls: (beta) Allows cluster administrators to configure the maximum number of parallel image pulls that can be performed by the kubelet.
- Field status.hostIPs added for Pod: (alpha) Make it easier for pods to access the list of IP addresses of the node where they are running on.
- Non graceful node shutdown: (stable) Handle non-graceful node shutdowns.
- Expanded DNS Configuration: (stable) Allow kubernetes to have expanded DNS(Domain Name System) configuration, allowing up to 32 DNS search paths.
You can read the upstream changelog for full details regarding features, deprecations and bug fixes included in Kubernetes 1.28.
What’s new in Canonical Kubernetes 1.28
All upstream Kubernetes 1.28 features are available in Canonical Kubernetes for both its distributions, MicroK8s and Charmed Kubernetes. The following additional highlights are new in Canonical Kubernetes 1.28.
MicroK8s 1.28 highlights
Installing the new 1.28 release of MicroK8s is as simple as ever :
sudo snap install microk8s -- classic --channel=1.28/stable
Please see the documentation for more details on getting started with MicroK8s.
Below are some of the additions and improvements you can take advantage of right away!
CIS compliance
The Kubernetes CIS (Center for Internet Security) benchmark is a set of best practices and security guidelines designed to enhance the security of Kubernetes clusters. The CIS benchmark provides organisations with a comprehensive checklist of security configurations and recommendations to ensure the secure deployment and operation of Kubernetes clusters.
MicroK8s has developed an add-on to evaluate CIS conformance out of the box. This enhancement will give concrete information of actions to be taken in the cluster to be CIS conformant. More details are available in the documentation for MicroK8s CIS hardening.
MicroK8s Charm
Juju is an open source orchestration engine which simplifies the deployment, integration and lifecycle management of applications on any infrastructure. By using Juju, it is possible to control the whole stack from the substrate to the applications, in a single interface.
The MicroK8s Charm will ensure that a MicroK8s cluster can be bootstrapped by Juju, enabling provisioning and lifecycle management of the cluster and the applications running on it.
Dual stack support
It was previously possible to configure dual-stack (concurrent IPv4 and IPv6 support) in a MicroK8s cluster thanks to the community. From MicroK8s Kubernetes 1.28, dual-stack support is integrated with MicroK8s, adding IPv4/IPv6 configuration capabilities to all MicroK8s clusters.
The Kubernetes dual-stack feature enables clusters to make use of the full potential of IPv4 and IPv6 protocols simultaneously, providing for legacy apps without compromising on address space.
More information about how to configure network Dual-Stack on MicroK8s is available in the documentation.
Rook-Ceph addon
MicroCeph is an open-source distributed storage system providing optimum performance in environments with limited physical resources. Combined with Rook – which adds storage operators for Ceph – MicroK8s can deploy Kubernetes with integrated high performance storage for object, block and file-level storage – ideal for use cases like edge computing and IoT.
MicroCeph streamlines Ceph cluster management by simplifying key distribution, service placement and disk administration for quick, effortless deployment and operations. In addition to MicroCeph, the Rook-Ceph addon can also support standard Ceph storage.
You can find the full list of available addons in the MicroK8s documentation.
The addon community expands with new partnerships
Our commitment to support the wider MicroK8s community in creating addons – extra services which can easily be added to MicroK8s – has resulted in two exciting new addons for this release:
- KubeArmor: KubeArmor uses eBPF and Linux Security Modules (LSM) to provide a policy based system to restrict any unwanted, malicious behaviour of cloud-native workloads at runtime.
- Microcks: This open source CNCF project is designed to simplify and streamline API mocking and testing, with support for many different types of API and integrations for GitHub, Gitlab, Jenkins and more.
Many existing addons have been updated to the latest versions for this release, including Calico (updated to v3.25.1), ArgoCD (updated to v2.7.2 and now supports ARM64) and Cilium (updated to 1.13.4 and introduces support for multi-node clusters).
Thanks to the worldwide MicroK8s community for all contributions included in 1.28. For the full list of changes and features, please see the MicroK8s release notes. You can also find the full list of available addons in the MicroK8s documentation.
Charmed Kubernetes 1.28 highlights
Charmed Operator Framework (Ops)
We’re pleased to announce a number of charms have been refactored from the `reactive` and `pod-spec` styles to the `ops` framework. This work enables access to common charm libraries, better Juju support, and a more consistent charming experience for community engagement.
COS integration
The Canonical Observability Stack (COS) gathers, processes, visualises and alerts on telemetry signals generated by workloads running both within, and outside of, Juju. Providing an out of the box observability suite relying on the best-in-class open-source observability tools.
COS provides a unified, central platform for monitoring, logging, and tracing various components across diverse environments, such as on-premise, cloud, and hybrid setups. This unified approach eliminates the need for multiple tools, reducing complexity and streamlining operations by support or maintenance teams.
COS integration is currently enabled for the container networking subsystems used in Charmed Kubernetes. Additional integrations will be announced in the near future.
Ceph CSI gains CephFS support
Providing much needed feature parity to the ageing built-in ceph storage provider, the `ceph-csi` charm now supports ceph-fs operations along with the previously supported ceph-rbd modes.
Component upgrades and fixes
A full list of component upgrades, features, and bug fixes for the Charmed Kubernetes 1.28 release can be found on the Launchpad milestone page.
Learn more about Canonical Kubernetes or talk to our team
- ubuntu.com/kubernetes
- microk8s.io
- #canonical-kubernetes and #microk8s on the Kubernetes Slack
- Discourse
- MeetUp – MicroK8s: to get updates of all MicroK8s events.
- Youtube MicroK8s: for regular updates on new features and demos