Kubernetes 1.31 Streamlines Range of Functions and Tasks

The Technical Oversight Committee (TOC) for Kubernetes this week released a 1.31 update that generally makes available a kube-proxy capability to better synchronize load balancing along with an ability to add timestamps to PersistentVolumes.

In addition, support for AppArmor, a tool for restricting which process can run in a Linux kernel, is now also fully supported.

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

In total, 45 enhancements have been made, with 11 features having graduated to Stable. Another 22 capabilities are entering beta, while 12 are alpha projects.

Major capabilities now available in beta include a capability to manage IP addresses more efficiently, routing guidance tools and a nftables application programming interface (API) that replaces the iptables API to improve performance.

There is also in beta an Always Honor PersistentVolume Reclaim Policy that ensures this policy is always implemented to maximize storage capacity, and a VolumeAttributesClass API that provides a generic method for modifying dynamically volume parameters such as provisioned I/O.

Finally, in beta there is a ServiceAccountTokenNodeBinding feature that allows a requesting a token to be bound only to a node rather than a pod.

In terms of new alpha capabilities, Kubernetes 1.31 adds dynamic resource allocation (DRA) API and designs the promises to make it simpler to enable autoscaling and native volume source support for Open Container Initiative (OCI) compatible images and artifacts, known as OCI objects.

Other alpha capabilities of note include being able to expose device health information through the Pod Status, an ability to respond to anonymous requests and finer-grained authorization capabilities.

In terms of notable deprecations, the release also marks the removal of the last remaining in-tree support for cloud provider integrations. IT teams will now need to use external integrations made available by cloud service providers. At the same time, Cgroup v1 has entered the maintenance mode in favor of cgroup V2, a Linux kernel feature that allows the allocation, prioritization, denial and management of system resources among processes. The CephFS plug-in has been fully removed.

Kubernetes 1.31 release leader Angelos Kolaitis, a senior software engineer for Canonical, said the latest release is part of an ongoing effort to make Kubernetes both more accessible and simpler to manage.

While Kubernetes clusters may not be as simple to manage as, for example, a VMware vSphere environment, there is a growing community of IT professionals that better understand what is required to succeed, noted Kolaitis.

Arguably, the biggest challenge beyond initially the time required to learn the nuances of Kubernetes is managing these platforms running multiple versions of Kubernetes at scale. In addition to Kubernetes itself, there is typically a stack of additional middleware needed to run a cloud-native application. Much of that middleware software is as complex to deploy and manage as Kubernetes itself.

There may come a day when advances in artificial intelligence (AI) further simplify the management of Kubernetes clusters. That’s critical because as more Kubernetes clusters are deployed in production environments there simply isn’t enough software engineering expertise available to manage them. In theory, AI tools should make it simpler for IT administrators to manage rote tasks that over time conspire to unnecessarily burn software engineering teams out.