Categories: CloudVirtualisation

Kubernetes 1.7 Improves Container Security And API Aggregation

The open-source Kubernetes 1.7 release is now available, providing users with new features to help manage and secure container infrastructure.

Kubernetes 1.7 is the second major release of the open-source container orchestration platform so far in 2017 and follows the Kubernetes 1.6 release that debuted in March at the CloudNative Con/Kubecon event in Berlin, Germany.

The Kubernetes project was first developed by Google and has been an open-source project run by the Linux Foundation’s Cloud Native Computing Foundation (CNCF) since July 2015.

Kubernetes 1.7

Kubernetes 1.7 includes multiple features that improve security, including the newly stable Network Policy API which helps to enforce rules about which containers pods can connect to each other.

“Red Hat was very happy to lead the Network Policy stabilization effort so that users could define their own application communication requirements,” Clayton Coleman, architect, Containerized Application Infrastructure at Red Hat, told eWEEK.

Coleman said that while working to write a software-defined networking implementation which can realize the NetworkPolicy specification, Red Hat’s developers found inconsistencies, vagueness, and other problems which could have left users with divergent experiences on different platforms or when using different network vendors. Those issues have now been resolved, which is why the Network Policy API is a stable feature in the Kubernetes 1.7 release.

“We are very excited to see the specification reach general availability, where any compliant networking vendor can run underneath Kubernetes and users can still use application-centric network controls in a common reliable manner on any platform,”  Coleman said.

Eric Chiang, software engineer at CoreOS commented that having a feature marked as ‘stable’ in a Kubernetes release is an indication that the feature has been ‘battle tested’ and is production ready.

“The changes made between 1.6 and 1.7 were small, but network policy becoming a standard and expected component of Kubernetes is a great step forward for the platform’s security,” Chiang told eWEEK.

While the Network Policy API is now stable, Kubernetes 1.7 is introducing a “secrets” encryption feature that is labelled as an alpha. Secrets refers to tokens and passwords used by Kubernetes to grant access to various resources.

“Encryption at rest was developed by Red Hatters in close concert with Google,” Coleman said. “It was a key enterprise requirement and we wanted to ensure the community could also leverage the feature.”

API Aggregation

Looking beyond security, Kubernetes 1.7 benefits from the new API aggregation feature that offers the promise of improved extensibility for users. The Kubernetes project documentation explains that the API aggregation layer allows Kubernetes to be extended with additional APIs, beyond what is offered by the core Kubernetes APIs.

“Aggregation allows large, opinionated features that would otherwise require significant changes to core Kubernetes to be developed externally,” Chiang said. “This means Kubernetes can continue to focus on improving the stability of the platform, while distributions can produce extremely customized solutions without impacting the broader community.”

APIs in Kubernetes 1.7 also get a boost with the new Custom Resource Definitions (CRD) API model which replaces the existing Third Party Resource (TPR) model. Coleman said the goal with CRD is to provide an easy way to define and retrieve new extensions to the Kubernetes API.

“We think the features introduced in 1.7 will set the stage for the next phase of Kubernetes’ growth and its growing role in the enterprise,” Coleman said.

Originally published on eWeek

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

16 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

17 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

19 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

20 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

21 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

21 hours ago