It’s only been three months since the release of Kubernetes 1.11, but the Kubernetes team announced Thursday the General Availability of v1.12, marking the third release of the year. I can hardly contain my excitement! The major features on tap for this release are Kubelet TLS Bootstrap and Support for Azure Virtual Machine Scale Sets.
Kublet TLS Bootstrap marks a major change in how Kubernetes approaches getting certificates from a cluster-level Certificate Authority. Way back in the halcyon days of Kubernetes 1.4, an API was implemented that enabled provisioning kublets with TLS client certificates. As the name implies, Kublet TLS Bootstrap now enables bootstrapping a kublet directly into an already secured cluster. This is a major step in automating management of signed certificates. One of the major reasons for this feature was that the Kubernetes team saw operators assigning a single credential and identity across kubelets. The hope is that Kublet TLS Bootstrap will make it easy enough to avoid this process, and allow for advanced node lockdown features like Node authorizer and the NodeRestriction.
Azure Virtual Machine Scale Sets now enables operates to make and manage a single pool of VMs on Azure that can scale up and down autonomously. This can obviously be used to create a highly available and resilient environment for large applications.
While not part of the stable feature set, the release also has some interesting storage features in testing, including an alpha feature for snapshot and restore for Kubernetes and CSI volume drivers, a beta for topology aware dynamic storage provisioning, and encryption at rest via KMS.
This isn’t a major release for the container orchestration platform. But as long as the team is going to be releasing 3-4 releases a year, it doesn’t really have to be.
The full release notes are available here.