May 21, 2024


It's the Technology

New Kubernetes 1.26 release boosts security, storage, teases dynamic resource allocation

New Kubernetes 1.26 release boosts security, storage, teases dynamic resource allocation

Check out all the on-demand sessions from the Intelligent Security Summit here.

In the cloud-native space, where applications are purpose built and delivered to run in the cloud, one technology in particular rises above all others — Kubernetes.

Kubernetes is an open-source container orchestration system, originally developed by Google in 2014. Since 2015, Kubernetes has been developed under the governance of the Cloud Native Computing Foundation (CNCF), which is part of the Linux Foundation and benefits from the support of thousands of developers and hundreds supporting organizations. 

In 2022, all the major public cloud providers use Kubernetes, including Microsoft Azure’s Managed Kubernetes Service (AKS), Google Kubernetes Engine (GKE) service and the Amazon Elastic Kubernetes Service (EKS).

Kubernetes also benefits from the support of numerous vendor distributions, including Red Hat’s OpenShift, Canonical Kubernetes and the SUSE Rancher Kubernetes Engine (RKE). Sitting upstream from all the cloud and software vendors’ efforts is the open-source project that is being updated today to version 1.26.


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

The new Kubernetes 1.26 release integrates new security, storage, container registry and performance capabilities. A total of 6,877 individuals representing 976 different companies contributed to the release.

One of the biggest improvements in the 1.26 release isn’t to be found in any one piece of code, but rather in how the project is managed. All new features and updates are developed with an approach known as Kubernetes Enhancement Proposals (KEPs). Prior to the 1.26 release, all the proposed enhancements for a given release were tracked in a simple spreadsheet. With the new release, there is a new project enhancement dashboard for tracking features.

“Previously we had a spreadsheet for tracking, which was terrible, it had a lot of custom optimizations to it and it was broken most of the time,” Leonard Pahlke, Kubernetes 1.26 release lead, told VentureBeat. “With the new system it’s way better.”

Security takes center stage in Kubernetes 1.26

One of the big areas of improvement for release 1.26 is in security. 

Version 1.26 advances the digital signing of code with KEP-3031, which outlines how the security capability should be implemented. Digital signing helps to improve the authenticity of code as well as helping to provide a chain of trust, which is critical for the enablement of secured Software Bill of Materials (SBOMs). SBOMs have become an increasingly important aspect of the software supply chain for both open-source and proprietary software.

The Kubernetes project uses open-source cosign technology, which is part of the open-source sigstore initiative backed by technology vendor Chainguard.

“We are moving the Kubernetes Enhancement Proposal (KEP) [3031] to beta, further symbolizing that all the work we have been planning to sign with sigstore is now complete,” Adolfo García Veytia, technical lead, Kubernetes SIG release, and software engineer at Chainguard, told VentureBeat.

“Completing this KEP means that all software artifacts we build will now be signed, not just the container images. And I cannot underscore the significance of this milestone and the security benefits it will bring for developers using Kubernetes.”

The other noteworthy security enhancement that lands in version 1.26 is support for Windows privileged containers with KEP-1981, which has been in progress for nearly two years. Kubernetes supports both Linux and Microsoft Windows, though there isn’t complete feature parity across the two operating systems. A privileged container is able to have more access to multiple devices on a Kubernetes host than a default container. Previously Kubernetes only supported Linux privileged containers.

Dynamic resource allocation is coming

One of the newest pieces of the version 1.26 update is an alpha feature tracked in KEP-3063 for dynamic resource allocation.

While Kubernetes first became popular as a way to run workloads in the public cloud, in recent years it has also been deployed on-premises as well as in edge computing environments, which is where dynamic resource allocation will be a big boost.

“Dynamic resource allocation basically adds a new interface with a new API, where you can more easily connect GPUs and other resources,” Pahlke said. “This enables new features for edge computing.”

With the release of version 1.26, the focus now turns to the next update. There are typically three Kubernetes releases in each year; the next major update is expected to be at the end of April 2023.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.