What’s new in Kubernetes 1.22?

by | 12.08.2021 | Changelog

Kubernetes 1.22 is here and it comes with an approach that says, “Less is more.” So, we can see 56 enhancements to this new release (up from 50 in Kubernetes 1.1 and 43 in 1.20). Of those 56 enhancements, we will see that there are 13 which seems to have graduated to Stable, 24 features that have seen necessary improvements, and 16 features that are brand new.

Let’s start!

Removed Items

To be clear, these are not deprecations but straight-up removals. So from Kubernetes 1.22, the betas of the following will get removed (in favour of their newer, stable counterparts):

We can see that Ingress, IngressClass, Lease, APIService, CustomResourceDefinition, ValidatingWebhookConfiguration, MutatingWebhookConfiguration, CertificateSigningRequest, TokenReview and SubjectAccessReview got a removal. We saw previous deprecations of all these beta APIs in favour of newer and more stable API versions. Below are the detailed structures.

The Ingress is of particular interest, as we see this as the more secure way to make it possible to access containers from outside the Kubernetes cluster. From 1.22 on, we will need to migrate and use the networking.k8s.io/v1 Ingress API (which has been available since v1.19). As well, you’ll want to know the related API IngressCLass, which came as a complement to Ingress.

An example of how we can use Ingress with v1 looks like this:

apiVersion: [networking.k8s.io/v1](<http://networking.k8s.io/v1>)
kind: Ingress
metadata:
name: example-ingress
annotations:
[nginx.ingress.kubernetes.io/rewrite-target:](<http://nginx.ingress.kubernetes.io/rewrite-target:>) /$1
spec:
rules:
- host: [hello-world.info](<http://hello-world.info/>)
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 8080

To get more information on the things removed, make sure to read this documentation.

New Features

With version 1.22, we get an introduction with a lot of new features. We will have a look at those.

Server-Side Apply

The first feature that we can get an introduction with is the addition of Server-Side Apply. We see that Server-Side Apply makes it easier for both users and controllers to manage resources via declarative configurations. With the new update, this feature has finally moved to general availability and now is a new field ownership and object merge algorithm. This feature’s main thing is to move the logic away from the kubectl apply command and into the apiserver. We can also see Server-Side Apply tracking a user’s field management (rather than a user’s last used state).

We see storing of Field management in an object’s metadata, using the managedFields field, so:

apiVersion: v1
kind: ConfigMap
metadata:
  name: test-cm
  namespace: default
  labels:
    test-label: test
  managedFields:
  - manager: kubectl
    operation: Apply
    apiVersion: v1
    time: "2010-10-10T0:00:00Z"
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:labels:
          f:test-label: {}
      f:data:
        f:key: {}
data:
  key: some value

External Credential Providers

Another valuable feature we observe with the new update is External credential providers, which provide external client authentication credentials (such as bearer tokens or TLS client certificates). We can see that this feature has been in beta since Kubernetes 1.11 and finally graduates to Stable. It now includes improved support for plugins that add interactive login flows and several bug fixes. To get started with this feature, you have to visit the sample-exec-plugin code on GitHub for more information.

Etcd at Version 3.5.0

The new release comes with another unique feature which includes the upgradation of Etcd. The Kubernetes backend storage mechanism, known as etcd, is now available at version 3.5.0, providing numerous security, performance, and monitoring improvements. We can see the addition of both structured logging and log rotation. We also see enhanced detailed tracking for more expensive requests, which provides an excellent signal to help developers understand the lifetime of a particular request that spans multiple etcd server components.

Cgroups V2 API

As of the previous versions, we saw that Kubernetes initially used version 1 of the cgroups API, meaning that the quality-of-service (QoS) class for a given Pod would only apply to CPU resources. With Kubernetes version 1.22, we now see the inclusion of an alpha version of the cgroups v2 API, which will control memory allocation and isolation. It dramatically improves workload and node availability and also improves the predictability of the lifecycle of a container.

Node System Swap Support

Another important feature we get is the support of node system swapping. If you’ve ever deployed a Kubernetes cluster in your environment, you will know that one of the first things we must have to do is disable swap. For that, we have to open the /etc/fstab file with the command sudo nano /etc/fstab and comment out the line starting with /swap.img. Once we’ve done that, we have to disable the currently running instance with the sudo swapoff -a command. With this new update of Kubernetes 1.22, we can now have alpha support to run nodes with swap memory enabled.

Rootless Mode Containers

This feature is one of the best security updates we get from this new release. Everyone should know that running containers as a non-root user is a must for security. With the latest version, 1.22, the developers take this idea to new levels and allow administrators to run the whole of the Kubernetes stack as a non-root user. This feature will help in securing Kubernetes in the long run.

Stable Graduated Features and Other Updates

Many other Kubernetes features have graduated to “stable” status, which means they are ready to use. We can see that there are a few of them, and we will look at them.

With the new update, we can see the addition of Bound Service Account Token Volumes and CSI Service Account Token. There is also active Windows Support for CSI Plugins. Also, we can now see a warning mechanism for deprecated API use. There is also an inclusion of PodDisruptionBudget Eviction.

We can also see a few other miscellaneous feature updates, including a new alpha feature and PodSecurity admission. It replaces the previous PodSecurityPolicy. We can see the moving of the Memory Manager to the beta version. Also, we now have an addition of a new API Server Tracing feature as alpha. There is also the addition of a new v1beta3 version of the kubeadm configuration format. With the latest update, generic data populators for PersistentVolumes are in alpha, and the Kubernetes control plane will now always use the CronJobs v2 controller.

Conclusion

This concludes the information on the latest major release of Kubernetes. I hope you have noted the crucial features and fixes and also want to try it out. Please check out the official release note here to get a complete list of all the minute changes and enhancements.

Further Related Reads

Join the Community

The DevOps Awareness Program

Subscribe to the newsletter

Join 100+ cloud native ethusiasts

#wearep3r

Join the community Slack

Discuss all things Kubernetes, DevOps and Cloud Native

More stories from our blog

Linkerd: Looming on Service Meshes

Linkerd: Looming on Service Meshes

Microservices and service meshes have become a staple of the industry as companies realize the full potential of creating an independent architecture that allows for easier scale up, agile development, resilience and streamlined deployment. Many of these applications...

What’s new in Flux v0.17.0?

What’s new in Flux v0.17.0?

Flux2 came with its new update a while ago, and it is sheer exciting for the users because it brought a lot of new features. It also made a lot of new enhancements and updates. We will take a look at the entire catalogue in this article. So, without further a due,...

What’s new in Portainer v2.7.0 BE?

What’s new in Portainer v2.7.0 BE?

A few days ago, Portainer Business Edition came up with their new update. It is quite a massive update with many new features, bug fixes, enhancements and much more. In this article, we will see all of those in a nutshell. Let's start What is Portainer? Portainer is...

DVC (Git For Data): A Complete Intro

DVC (Git For Data): A Complete Intro

As a data scientist or ML engineer, have you ever faced the inconvenience of experimenting with the model? When we train the model, the model file is generated. Now, if you want to experiment with some different parameters or data, generally people rename the existing...

Recap of the Cloud Native Meetup Saar #3

Recap of the Cloud Native Meetup Saar #3

We are looking back on a very successful third edition of our Cloud Native Meetup Saar #3! Togetherer with our co-host anynines, we enjoyed a fun afternoon filled with great speakers, intriguing topics and thoughtful conversations! We welcomed a total of three...

Portainer Ambassador Series ft. Fabian Peter

Portainer Ambassador Series ft. Fabian Peter

Portainer arranged a fun and informative discussion through a one-hour special named “Ambassador Series” on 1st July 2021. It was pretty amazing to see Savannah Peterson as the host and two other guests. One is our very own CEO of p3r.one, Fabian Peter and the other...

What’s new in Longhorn v1.2.0?

What’s new in Longhorn v1.2.0?

Longhorn came with their new update. It is full of surprises. We will peel off one by one to see all the latest updates, features, bug fixes and much more. This one is a much-awaited update, and we will see all of it in a moment. So, without further a due, let's...

Kubernetes Stateful Friend: What’s more to etcd?

Kubernetes Stateful Friend: What’s more to etcd?

The Kubernetes control plane consists of various components, and one of such components is etcd. Anyone starting to learn k8s come across it and memorizes quickly that it’s a key-value pair for Kubernetes with persistence store. But, what’s more to it? Why do we need...

What’s New in Flux 1.24.0?

What’s New in Flux 1.24.0?

Flux 1.24 is out this month with couple of updates and Important notices. Let’s get around what are the updates in the new release. But, first, let’s do a quick intro on Flux. What is Flux? Flux is a tool that checks to see if the status of a cluster matches the git...

Event Driven Architecture Demystified (For Pros)

Event Driven Architecture Demystified (For Pros)

Event-Driven Architecture or EDA is talked about with pride inside any organization. But, through last few months, I have noticed a trend that the definition of EDA is not consistent across people and organizations. It’s vague. EDA is something where you have events...

Interested in what we do? Looking for help? Wanna talk about software strategy?