BlogCloud-Native PlatformsSoftware DevelopmentDevOpsAutomationDigital
Blog3 minute read

What You Need to Know About Kubernetes 1.22

There are five main things we think you should know about that latest Kubernetes release.

In this blog

  1. Server-side apply graduates to GA
  2. Node system swap support
  3. Default profiles for seccomp
  4. Rootless mode
  5. Removal of several deprecated beta APIs
  6. What's next?

Since changing the release cadence of Kubernetes releases from four a year to three a year comes the second Kubernetes release of 2021. It has been a couple of weeks since its launch and it is packed with enhancements, additions, some deprecations and even some removals. Deciphering between which are the highlights and which are rudimentary changes can be a challenge; that's why we're here. Below are what we found to be some of the top takeaways from this release.

 Server-side apply graduates to GA

After being in beta for quite some time, server-side apply enters GA. Server-side apply provides administrators and controllers with the ability to manipulate resources through declarative configurations. The general purpose of the server-side apply is to move the apply function from kubectl to the apiserver in order to address several bugs that are otherwise unable to be fixed in the current implementation.

 Node system swap support

In version 1.22 alpha support for running nodes with swap memory has been opened up. Prior to this feature it was a required step to disable swap on nodes prior to installing and configuring Kubernetes. Although swap memory is not the most efficient it can be useful in certain instances such as providing a Java application with additional memory when it is throttling.

 Default profiles for seccomp

Default profiles for kubelet has entered as an alpha feature. It's always nice to see security enhancements in Kubernetes, hence why we feel this is a noteworthy addition. This provides cluster-wide seccomp defaults using the RuntimeDefault as the default instead of Unconfined. Basically, deployments are now going to be more secure by default, which should make us all happier.

 Rootless mode

One of the cardinal sins of Kubernetes administration is allowing your workloads to be ran as the root user. This feature expands on that even further by allowing Kubernetes components such as kubelet, CRI, OCI, CNI and more to be ran as a non-root user on the host. Another major security enhancement which is going to help us sleep easier at night so we figured we'd pass the good news along.

 Removal of several deprecated beta APIs

This one isn't an enhancement but introduces some major and potentially breaking changes, so we feel it's worth a mention. While these APIs have been deprecated for some time now, you'll absolutely want to upgrade them before moving to 1.22 if you haven't done so already. Some of the more major beta APIs being removed include Ingress, IngressClass, Lease, APIService, ValidatingWebhookConfiguration, MutatingWebhookConfiguration, CustomResourceDefinition, TokenReview, SubjectAccessReview and CertificateSigningRequest. If interested the full list can be found here.

 What's next?

All of this information and more can be found in the release notes for Kubernetes v1.22.

Managing your own container platform can be a daunting task, but that's where we come in. We have container platform experts that specialize in all flavors of Kubernetes, whether it be Tanzu, OpenShift, Rancher or vanilla Kubernetes, we can help enhance your platform. Learn more about our service offerings.

We look forward to hearing from you!