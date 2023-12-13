The open source Kubernetes cloud native project is out today with release of version 1.29, codenamed Mandala.

The Kubernetes 1.29 milestone is the final release for 2023 for the open source cloud native technology and introduces a range of new features and enhancements. Kubernetes has multiple updates this year, the new release follows the Kubernetes 1.28 update that came out in August.

Dubbed the “Mandala” release after the cosmic circular artwork, Kubernetes v1.29 reflects the project’s interconnected community of contributors. The release was shepherded by a 40-person release team and saw participation from 888 companies and 1,422 individuals over 14 weeks.

Among the major additions in this version are 11 features promoted to stable release status for general availability. This includes the new ReadWriteOncePod volume access mode that ensures only one pod can read/write a volume, node volume expansion secret support for container storage interface (CSI) drivers and encryption at rest using KMS v2.

Nineteen features have entered beta, highlighting improvements to scheduling, node lifecycle management and cleaning up legacy service account tokens. Some of the new alpha functionality includes better pod affinity rules, an nftables backend for kube-proxy networking, and managing IP address ranges for Kubernetes Services.

Production readiness gets a boost in Kubernetes development

The open source project also took a specific focus in the Kubernetes 1.29 release cycle to help ensure stability and production readiness

“In this release, we’ve taken significant strides in enhancing the capacity for Production Readiness Reviews [PRR] by introducing a new shadow program,” Priyanka Saggu, the Kubernetes 1.29 release lead, told SDxCentral. “This initiative is aimed at bringing new contributors up to speed, resulting in more robust PRR reviews for opted-in Kubernetes Enhancements Proposals (KEP).”

The release process for Kubernetes 1.29 had a few issues that came up during the development cycle. Saggu noted that during the 1.29.0-alpha.x and 1.29.0-beta.x release phases, there were challenges related to package build times, leading to delays. This was compounded by the fact that knowledge about these release tooling changes was initially limited to a few individuals in the community, slowing down issue resolution and troubleshooting.

“Fortunately, we identified these challenges early on in the release cycle and took immediate corrective measures,” she said. ” We are actively documenting these experiences to improve our processes for future release cycles.”

Security and stability in Kubernetes 1.29

Karena Angell, senior principal product manager for OpenShift Commons and OpenShift Foundations at Red Hat sees a lot to like in Kubernetes 1.29

“Kubernetes v1.29 provides some key stability features that we’ve been looking forward to seeing,” Angell told SDxCentral.

She cited a few noticeable mentions that graduated to stable in Kubernetes 1.29, including the CRD Validation Expression Language, which provides custom resource definitions (CRDs) with support for more complex validation.

Another graduated feature that will improve stability is priority fairness for API server requests that Angell said will help cut through workload “noise” and prioritize critical requests and throughput.

Angell also noted that Structured Authentication Config has moved to beta which is needed for external OpenID Connect (OIDC) integration.

“It’s one example of a number of security enhancements that are coming in future releases,” she said.

Networking improvements in Kubernetes 1.29

Kubernetes 1.29 multiple networking improvements. The new Kubernetes release will be the first to benefit from the new gateway API that helps to improve overall connectivity.

Sidecar containers also get a major boost. Lee Calcote, founder of Layer5 and a CNCF contributor told SDxCentral that Kubernetes 1.28 introduced the concept of a sidecar container – a restartable init container. The concept of a sidecar has been part of Kubernetes since nearly the very beginning. He noted that sidecar containers have become a common Kubernetes deployment pattern and are often used for network proxies in service meshes or for logging or running other auxiliary services to the main container.

“Until 1.28, sidecars were a concept that Kubernetes users applied without native support, and beginning now in Kubernetes 1.29, if your Pod includes one or more sidecar containers, the kubelet (Kubernete node agent) will delay sending a termination signal to these sidecar containers until the last main container has fully terminated,” Calcote said. “Also new in 1.29 is the behavior of sidecar containers being terminated in reverse of the order in which they were initialized, so that they may continue to offer their services up to the very end of the Pod’s lifecycle.”