Today we are proud to announce Kontena Pharos 1.3.0, the latest release of our Kubernetes distribution, now with CoreDNS, updated CRI-O container runtime and Kubernetes 1.11. As a part of this release, we are also releasing a new command-line tool to make it easier for admins to install and manage different versions Kontena Pharos clusters.
New Kontena Pharos CLI Toolchain:
Kontena Pharos clusters are deployed, managed and maintained with the
pharos CLI tool (previously
pharos-cluster). This tool is updated regularly. Often, the tool is updated when a new version of Kubernetes "kernel" has been released. The tool is also updated when a new Kontena Pharos distribution specific features are added.
In real world production environments, admins often run multiple versions of Kontena Pharos clusters. In order to perform maintenance on these clusters, admins need to juggle between multiple versions of the
pharos CLI tool: each deployed Kontena Pharos cluster will require a specific version of the
pharos tool for maintenance. To make life easier for admins, there is new tool called
chpharos, it is easy to install and use multiple versions of the
pharos CLI tool. In addition, it will automatically install the required version of
kubectl to match the version of Kubernetes running in your cluster. Use
chpharos to have an always up-to-date toolchain for deploying, managing and maintaining your Kontena Pharos clusters. See Kontena Pharos CLI Toolchain installation instructions for more details.
Stability & Performance Improvements
In this release, we have made several improvements to increase the
pharos CLI tool stability and performance during the install/upgrade runs.
First we added an automatic retry mechanism to phases for catching most of the annoying network or Kubernetes API glitches. Secondly we made a complete rewrite of the library that speaks with the Kubernetes API server, making the whole Pharos cluster installation even faster than before.
The configuration file for
kubectl is no longer automatically downloaded during the installations and upgrades. The configuration can now be downloaded using the new
pharos kubeconfig subcommand when needed.
The CRI-O container runtime is now configured so that it only listens on localhost and all the exec streams go through kubelet. Previously kubelet made a "redirect" so that the stream went directly to the CRI-O runtime through the public interface. This is a great improvement from a security standpoint.
And of course, CRI-O itself is also updated to the latest 1.11.2 version. The CRI-O community made a speedy patch release as we found a critical bug while testing the 1.3.0 RC releases with the 1.11.1 version. Kudos.
DNS-based service discovery has been a part of Kontena Pharos by using the kube-dns cluster Kubernetes add-on. This has generally worked quite well, but there have been some concerns around the reliability, flexibility and security of the implementation.
Kontena Pharos 1.3.0 switches to use CoreDNS, which is a flexible and extensible authoritative DNS server and it directly integrates with the Kubernetes API. CoreDNS has fewer moving parts than the previous implementation, as it’s a single executable that runs in a single process, and it supports flexible use cases by creating custom DNS entries.
You can learn more about CoreDNS here.
IPVS-Based In-Cluster Service Load Balancing
In this release, IPVS-based in-cluster service load balancing has moved to stable. IPVS (IP Virtual Server) provides high-performance in-kernel load balancing, with a simpler programming interface than iptables.
You can switch to IPVS easily in your
kube_proxy: mode: ipvs
Note: this is only recommend when creating a fresh cluster.
You can read more about IPVS here.
- Weave Network is upgraded to 2.4.0 (includes support for egress network policies)
- Ingress-NGINX is upgraded to 0.17.1
About Kontena Inc.
Kontena Inc. is specialized in creating the most developer friendly solutions for running containers. Kontena's products are built on open source technology developed and maintained by Kontena. Kontena was founded in 2015 and has offices in Helsinki, Finland and New York, USA. More information: www.kontena.io.