Pod resource updates and legacy image registry freeze in Kubernetes 1.27

Published on may 8, 2023

Kubernetes 1.27 was released by the Cloud Native Computing Foundation (CNCF). New features include In-place Update of Pod Resources, Limit of Parallel Image Pulls, and Multiple Service CIDRs.

Enhanced Component Health SLIs and automatic removal of PVCs created by StatefulSets are also included in this release.

It includes a freeze on the legacy container image registry k8s.gcr.io, default use of seccomp profiles, and support for OpenAPI v3.

Azure disk in-tree storage plugin and SecurityContextDeny admission plugin are deprecated.

The legacy container image registry that is hosted on a custom Google container registry has been frozen in the new release. As of March 20th, traffic from k8s.gcr.io has been redirected to registry.k8s.io with the intention of sunsetting k8s.gcr.io. Instead of hosting the registry on one server, the registry will be distributed across multiple servers.

The release team and senior product manager at Microsoft commented on this feature.

With In-place Resource Update, container resources can be changed without having to restart the pod. Restarts are optional and are specified in the container’s field resizePolicy.

The kubelet can also limit the number of parallel image pulls to prevent too much network bandwidth and disk usage, which degrades cluster performance.

For internal IP addresses of services CIDRs, the service-cluster-ip-range field does not have size limitations. It allows users to easily inspect IP addresses assigned to services by default.

As of version 1.27, StatefulSet PVC Auto-Deletion is enabled by default. When a StatefulSet was deleted, the associated PVCs and volumes were retained. The unused storage generated manual work and incurring costs.

A –subresource flag is added to kubectl in beta to fetch and update subresources for API resources. Subresources will be added soon.

Kubernetes internals are now monitored and measured with SLIs metrics for Kubernetes components. Each component will expose two metrics types: gauge and counter.

Seccomp profiles are now generally available by default. A seccomp profile restricts system calls allowed in pod containers in Kubernetes.

OpenAPI v3, a language-independent standard API interface, became generally available and enabled by default. Kubernetes can now publish API descriptions in OpenAPI v3.

Using Kubernetes, you can deploy and manage containerized applications at scale.

In version 1.27, Kubernetes has 60 enhancements, including 18 alphas, 13 GAs, and 29 betas. 14 features are deprecated or removed.

On April 14, 2023, CNCF held a webinar to discuss the changes.