The Cloud Native Computing Foundation (CNCF) has released Kubernetes 1.13, an update that formally makes available a kubeadm capability to make it easier to administer Kubernetes.
The fourth release of the Kubernetes container orchestration platform in 2018 is highlighted by the general availability of kubeadm management and the Container Storage Interface features.
Among the features that are now generally available in Kubernetes 1.13 is the kubeadm administration tool for configuring services. The Container Storage Interface is another new generally available feature, providing a stable abstraction layer for different third-party storage plug-ins. Additionally, with Kubernetes 1.13, CoreDNS is now the default DNS (Domain Name Server) technology, replacing KubeDNS.
kubeadm is an essential tool for managing the lifecycle of a cluster, right from creation to configuration to upgrade. kubeadm is now officially GA. This tool handles bootstrapping of production clusters on current hardware and configuration of core Kubernetes components. With the GA release, advanced features are available around pluggability and configurability. kubeadm is aimed to be a toolbox for both admins and automated, higher-level systems.
Container Storage Interface (CSI)
The Container Storage Interface (CSI) is generally available in Kubernetes 1.13. It was introduced as alpha in Kubernetes 1.9 and beta in Kubernetes 1.10. CSI makes the Kubernetes volume layer truly extensible. It allows third-party storage providers to write plugins that interoperate with Kubernetes without having to modify the core code.
CoreDNS replaces Kube-dns as the default DNS Server
CoreDNS is replacing Kube-dns to be the default DNS server for Kubernetes. CoreDNS is a general-purpose, authoritative DNS server. It provides an extensible backwards-compatible integration with Kubernetes. CoreDNS is a single executable and a single process. It supports flexible use cases by creating custom DNS entries and is written in Go making it memory-safe. KubeDNS will be supported for at least one more release.
A recent GitHub issue outlines the issue. Named as CVE-2018-1002105, this issue allowed unauthorized users to craft special requests. This let the unauthorized users establish a connection to a backend server via the Kubernetes API. This let sending arbitrary requests over the same connection directly to the backend. Following this, IBM owned Red Hat released patches for this vulnerability yesterday.
All Kubernetes based products are affected by this vulnerability. It has now been patched and as the impact is classified as critical by Red Hat, a version upgrade is strongly recommended if you’re running an affected product. You can find more details at the Red Hat website.
Let’s now look at the new features in Kubernetes 1.13 other than the security patch.