Cloud Platform as a Service

 View Only

Kubernetes version 1.32 now available in IBM Cloud Kubernetes Service

By Elvin Galarza posted 13 days ago

  

We are excited to announce the availability of Kubernetes version 1.32 for your clusters that are running in IBM Cloud Kubernetes Service. This marks our 27th release of Kubernetes.

Our Kubernetes service ensures a straightforward upgrade experience by using the IBM Cloud console, sparing you the need for extensive Kubernetes expertise with just a few clicks! For more information and methods on upgrading your cluster, look here.

When you deploy new clusters, the default Kubernetes version remains 1.31 (soon to be 1.32); however, you have the flexibility to opt for immediate deployment of version 1.32.

Kubernetes version 1.32

In addition to all the great Kubernetes features provided in this release, IBM Cloud Kubernetes Service version 1.32 also includes numerous component updates that our community is excited about. Some of the highlights for the release include:

  • Ubuntu 24 is now the only supported operating system for version 1.32 worker nodes. Note that a worker pool’s operating system does not automatically change when you upgrade your cluster. However, we’ve simplified the upgrade migration experience if your worker nodes are still using Ubuntu 20.

  • Previously, all Kubernetes APIs and built-in APIs supported field selection, but Custom Resource Definitions (CRD) lacked this functionality. Custom Resource field selectors - a powerful feature in Kubernetes that allows you to manage your own custom resources - graduated to stable, allowing developers to add field selectors to custom resources. Imagine you’re managing a fleet of custom resources and you already defined the kind/resource for your CRD object. This custom object could be a Database defined simply as follows:

    apiVersion: example.com/v1alpha1
    kind: Database
    metadata:
    name: my-database-1
    spec:
    version: "12.3"
    size: "large"
    region: "us-east-1"
    maintenanceWindow:
    startTime: "02:00"
    endTime: "04:00"

    Now say you wanted to find all the databases in the us-east-1 region. With the field selector, this can be done as follows:

    kubectl get databases.example.com --field-selector spec.region==us-east-1

    For finding databases whose maintenance window starts at 2:00 AM:
    kubectl get databases.example.com --field-selector spec.maintenanceWindow.startTime==02:00

    And for databases whose version is 12.3:
    kubectl get databases.example.com --field-selector spec.version==12.3

    Let's say you wanted all large databases in the us-east-1 region, we can use a chained field selector:
    kubectl get databases.example.com --field-selector spec.size==large, spec.region==us-east-1

     You can learn more about field selectors and view a list of supported operators here.

  • Bound service account tokens are a crucial security enhancement in Kubernetes that address significant vulnerabilities associated with traditional service account tokens. Bound service account token improvements have been made. A token contains "claims", which are pieces of information about the token and its intended use, and are encoded within the token itself, by adding the Node name where the Pod is running as a claim in a token, the token now explicitly states which Node it's associated with. This prevents malicious actors from stealing tokens from one Node and using them from another Node to gain unauthorized access to resources. It adds a layer of security by making it harder for Nodes to be used as a way to escalate privileges. 

To see the full list of IBM and Kubernetes community enhancements, visit Kubernetes v1.32: Penelope and IBM Cloud Kubernetes Service version 1.32 change log for more details.

Kubernetes version support updates

Now that IBM Cloud Kubernetes Service supports Kubernetes version 1.32, clusters running version 1.29 are deprecated with end of support tentatively scheduled for April 23, 2025. It is important to note clusters that run a deprecated Kubernetes version may not receive fixes for security vulnerabilities until they are updated to a supported version.

As a reminder, if your cluster runs a deprecated or unsupported Kubernetes version, review the potential impact of each Kubernetes version update, and update today. If your cluster runs an archived Kubernetes version, create a new cluster and deploy your apps to the new cluster. Here is the current support status for IBM Cloud Kubernetes Service clusters running an earlier Kubernetes version:

  • Clusters running Kubernetes version 1.28 remain deprecated with end of support tentatively scheduled for February 28, 2025. Such clusters may not receive fixes for security vulnerabilities until they are updated to a supported version.

  • Clusters running Kubernetes version 1.27 remain unsupported with end of support reached on September 18, 2024. Such clusters will not receive fixes for security vulnerabilities until they are updated to a deprecated or supported version.

  • Clusters running Kubernetes version 1.26 or earlier remain archived. For security reasons, IBM reserves the right to shutdown the control planes of such clusters.

For general questions, engage our team via Slack and join the discussion in the #general channel on our public IBM Cloud Kubernetes Service Slack.

0 comments
4 views

Permalink