HITInfrastructure

Cloud News

How Kubernetes 1.8 Can Improve HIT Security and Workload Support

Kubernetes 1.8 improves HIT security and workload support applications of the platform to continue its development.

Kubernetes 1.8 for HIT security

Source: Thinkstock

By Elizabeth O'Dowd

- Kubernetes 1.8 highlights the open source platform’s security and workload support.

Kubernetes 1.8 is the third release this year and enhances and refines upon 1.7. The new option is currently available on GitHub.

CoreOS Technical Program Manager Caleb Miles told HITInfrastructure.com that 1.8 is foreshadowing many of the future changes and advancements coming up in Kubernetes.

“A lot of work in 1.8 is to preview what we Kubernetes as a project to go,” said Miles. Kubernetes (K8s) is a platform for automating deployment, scaling, and operations of application containers across clusters of hosts. It was designed by Google in 2014 and later donated to the Cloud Native Computing Foundation to make the code open source and available to everyone.

Kubernetes 1.8 increases project-wide focus on the maturing process, formalizing architecture, and strengthening its governance model. The technology is currently making improvements that make it more sustainable so organizations can continue to build upon it in the future.

Security improvements of 1.8 include support for role based access control (RBAC) to stable. This allows cluster administrators to dynamically define toles to enforce access policies through the Kubernetes API.

“Beta support for filtering outbound traffic through network policies augments existing support for filtering inbound traffic to a pod,” said the official Kubernetes release. “RBAC and Network Policies are two powerful tools for enforcing organizational and regulatory security requirements within Kubernetes.”

Transport Layer Security certificate rotation for the Kubelet also graduated to beta. The automated certificate rotation makes secure cluster operation easier.

Kubernetes 1.8 also promotes the core Workload APIs to beta with the apps/v1beta2 group and version.

“An important spotlight in 1.8 is the workload APIs are graduating to beta,” said Miles. “This is an important feature of Kubernetes that allows you to run an increasingly rich collection of workloads on top of the platform. An announcement related to the richness of Kubernetes as a platform for deploying complex workloads is that native Kubernetes support for Apache Spark was accepted and will be merged upstream as part of the spark project.”

While Custom Resource Definitions (CDRs) remain in beta for Kubernetes 1.8, Miles sees them improving significantly for 1.9.

A CRD provides a powerful mechanism to extend Kubernetes with user-defined API objects. CDRs are used in the automation of complex stateful applications like key-value stores, databases, and storage engines through the Operator Pattern.

“A lot of work in 1.8 is to preview what we Kubernetes as a project can go,” explained Miles. “We’re expecting CRDs to have more maturity and stability, and we’re expecting the workload APIs to graduate to stable in 1.9. We’re hoping that we have solid extension points for people who are building on top of Kubernetes and moving up the value stack. What we’re really hoping to realize in 1.9 is continuing the work in 1.8.”

More cloud vendors are using Kubernetes to build their solutions, such as VMware, AWS, and Google. Miles believes that as the technology continues to improve, more vendors will use it as well.

“A lot of the work that has gone into the extension point, stabilizing and improving the workload APIs and CRDs is ongoing to enable out of tree cloud providers,” said Miles. “We’re helping the project offers the rich surface area for vendors to plug in with, and to serve specific customer needs. We see a lot of that work in 1.8 and we’ll see a lot more as we move forward. We’re hopeful that we’ll see more and more vendor integrations with Kubernetes.”