Kubernetes 1.22

What’s new in Kubernetes 1.22?

by | 12.08.2021 | Changelog

Kubernetes 1.22 is here and it comes with an approach that says, “Less is more.” So, we can see 56 enhancements to this new release (up from 50 in Kubernetes 1.1 and 43 in 1.20). Of those 56 enhancements, we will see that there are 13 which seems to have graduated to Stable, 24 features that have seen necessary improvements, and 16 features that are brand new.

Let’s start!

Removed Items

To be clear, these are not deprecations but straight-up removals. So from Kubernetes 1.22, the betas of the following will get removed (in favour of their newer, stable counterparts):

We can see that Ingress, IngressClass, Lease, APIService, CustomResourceDefinition, ValidatingWebhookConfiguration, MutatingWebhookConfiguration, CertificateSigningRequest, TokenReview and SubjectAccessReview got a removal. We saw previous deprecations of all these beta APIs in favour of newer and more stable API versions. Below are the detailed structures.

The Ingress is of particular interest, as we see this as the more secure way to make it possible to access containers from outside the Kubernetes cluster. From 1.22 on, we will need to migrate and use the networking.k8s.io/v1 Ingress API (which has been available since v1.19). As well, you’ll want to know the related API IngressCLass, which came as a complement to Ingress.

An example of how we can use Ingress with v1 looks like this:

apiVersion: [networking.k8s.io/v1](<http://networking.k8s.io/v1>)
kind: Ingress
metadata:
name: example-ingress
annotations:
[nginx.ingress.kubernetes.io/rewrite-target:](<http://nginx.ingress.kubernetes.io/rewrite-target:>) /$1
spec:
rules:
- host: [hello-world.info](<http://hello-world.info/>)
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 8080

To get more information on the things removed, make sure to read this documentation.

New Features

With version 1.22, we get an introduction with a lot of new features. We will have a look at those.

Server-Side Apply

The first feature that we can get an introduction with is the addition of Server-Side Apply. We see that Server-Side Apply makes it easier for both users and controllers to manage resources via declarative configurations. With the new update, this feature has finally moved to general availability and now is a new field ownership and object merge algorithm. This feature’s main thing is to move the logic away from the kubectl apply command and into the apiserver. We can also see Server-Side Apply tracking a user’s field management (rather than a user’s last used state).

We see storing of Field management in an object’s metadata, using the managedFields field, so:

apiVersion: v1
kind: ConfigMap
metadata:
  name: test-cm
  namespace: default
  labels:
    test-label: test
  managedFields:
  - manager: kubectl
    operation: Apply
    apiVersion: v1
    time: "2010-10-10T0:00:00Z"
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:labels:
          f:test-label: {}
      f:data:
        f:key: {}
data:
  key: some value

External Credential Providers

Another valuable feature we observe with the new update is External credential providers, which provide external client authentication credentials (such as bearer tokens or TLS client certificates). We can see that this feature has been in beta since Kubernetes 1.11 and finally graduates to Stable. It now includes improved support for plugins that add interactive login flows and several bug fixes. To get started with this feature, you have to visit the sample-exec-plugin code on GitHub for more information.

Etcd at Version 3.5.0

The new release comes with another unique feature which includes the upgradation of Etcd. The Kubernetes backend storage mechanism, known as etcd, is now available at version 3.5.0, providing numerous security, performance, and monitoring improvements. We can see the addition of both structured logging and log rotation. We also see enhanced detailed tracking for more expensive requests, which provides an excellent signal to help developers understand the lifetime of a particular request that spans multiple etcd server components.

Cgroups V2 API

As of the previous versions, we saw that Kubernetes initially used version 1 of the cgroups API, meaning that the quality-of-service (QoS) class for a given Pod would only apply to CPU resources. With Kubernetes version 1.22, we now see the inclusion of an alpha version of the cgroups v2 API, which will control memory allocation and isolation. It dramatically improves workload and node availability and also improves the predictability of the lifecycle of a container.

Node System Swap Support

Another important feature we get is the support of node system swapping. If you’ve ever deployed a Kubernetes cluster in your environment, you will know that one of the first things we must have to do is disable swap. For that, we have to open the /etc/fstab file with the command sudo nano /etc/fstab and comment out the line starting with /swap.img. Once we’ve done that, we have to disable the currently running instance with the sudo swapoff -a command. With this new update of Kubernetes 1.22, we can now have alpha support to run nodes with swap memory enabled.

Rootless Mode Containers

This feature is one of the best security updates we get from this new release. Everyone should know that running containers as a non-root user is a must for security. With the latest version, 1.22, the developers take this idea to new levels and allow administrators to run the whole of the Kubernetes stack as a non-root user. This feature will help in securing Kubernetes in the long run.

Stable Graduated Features and Other Updates

Many other Kubernetes features have graduated to “stable” status, which means they are ready to use. We can see that there are a few of them, and we will look at them.

With the new update, we can see the addition of Bound Service Account Token Volumes and CSI Service Account Token. There is also active Windows Support for CSI Plugins. Also, we can now see a warning mechanism for deprecated API use. There is also an inclusion of PodDisruptionBudget Eviction.

We can also see a few other miscellaneous feature updates, including a new alpha feature and PodSecurity admission. It replaces the previous PodSecurityPolicy. We can see the moving of the Memory Manager to the beta version. Also, we now have an addition of a new API Server Tracing feature as alpha. There is also the addition of a new v1beta3 version of the kubeadm configuration format. With the latest update, generic data populators for PersistentVolumes are in alpha, and the Kubernetes control plane will now always use the CronJobs v2 controller.

Conclusion

This concludes the information on the latest major release of Kubernetes. I hope you have noted the crucial features and fixes and also want to try it out. Please check out the official release note here to get a complete list of all the minute changes and enhancements.

Further Related Reads

CommunityNew

The DevOps Awareness Program

Subscribe to the newsletter

Join 100+ cloud native ethusiasts

#wearep3r

Join the community Slack

Discuss all things Kubernetes, DevOps and Cloud Native

Related articles6

What’s new in Kuma v1.3.0?

What’s new in Kuma v1.3.0?

Kuma recently came with their new version of 1.3.0. It has come up with several bug fixes and new features with this update. In this article, we will see those fixes and new features which will make users have a great experience with the product. Buck up, and let’s...

What’s new in Istio v1.11.3?

What’s new in Istio v1.11.3?

Istio came with its new version recently. It is a minor release, but it contains some significant changes and fixes. In this article, we will have a detailed look at what version 1.11.3 brings to the table. So, without wasting any time. Let's start! What is Istio?...

What’s new in Traefik v2.5.3?

What’s new in Traefik v2.5.3?

Traefik came with a new version of 2.5.3. This version mainly focuses on bug fixing and adding documents. This article will cover all of those entirely. It is not a big update, so this article will be short and crisp. Buckle up for a ride. Let's start! What is...

What’s new in Prometheus v2.30?

What’s new in Prometheus v2.30?

Prometheus v2.30 was released a few days ago, and it is an exciting update. This update is not very inclined on adding new features to the ecosystem, but it brings several enhancements to configurability and resource usage efficiency. It also brings several bug fixes....

What’s new in Python-Tuf v0.18.0?

What’s new in Python-Tuf v0.18.0?

Python-Tuf v0.18.0 recently came, and it is quite a big update with major and minor changes. We will go through all of those changes, additions, fixes and removals in this document. Without further a due, let's start! What is Python-Tuf? The Update Framework (TUF) or...

What’s new in Envoyproxy v1.19.1?

What’s new in Envoyproxy v1.19.1?

Envoyproxy came with its new version a few days ago. Version 1.19.1 comes with very few updates. It provides a few minor behavioural changes and a few bug fixes to make the user experience smoother. In this article, we will cover all of the new changes. Let's start!...