-
Notifications
You must be signed in to change notification settings - Fork 3
Kubernetes version trade off
- The version has to be stable enough to be used in a production environment
- The version has to be supported by Kubernetes
Kubernetes follows an N-2 support policy (meaning that the 3 most recent minor versions receive security and bug fixes) along with a 15-week release cycle. It results in a release being supported for 14 months (12 months of support and 2 months of upgrade) starting from v1.19. (Prior releases received approximately nine months of patch support). Applicable fixes, including security fixes, may be backported to those three release branches, depending on severity and feasibility.
Note: today, the latest release is v1.22, and the supported releases for bug and security fixes are v1.22, v1.21k, and v.20.
In Kubernetes, the features follow a alpha - beta - stable - deprecated lifecycle.
An Alpha feature means:
- Disabled by default.
- Might be buggy. Enabling the feature may expose bugs.
- Support for features may drop at any time without notice.
- The API may change in incompatible ways in a later software release without notice.
- Recommended for use only in short-lived testing clusters due to increased risk of bugs and lack of long-term support.
A Beta feature means:
- Enabled by default.
- The feature is well tested. Enabling the feature is considered safe.
- Support for the overall feature will not drop, though details may change.
- The schema and/or semantics of objects may change in incompatible ways in a subsequent beta or stable release. When this happens, we will provide instructions for migrating to the next version. It may require deleting, editing, and re-creating API objects. The editing process may require some thought. It may require downtime for applications that rely on the feature.
- Recommended for only non-business-critical uses because of potential for incompatible changes in subsequent releases. If you have multiple clusters that can get upgraded independently, you may be able to relax this restriction.
Note: Please do try Beta features and give feedback on them! After they exit beta, it may not be practical for us to make more changes.
A General Availability (GA) feature is also referred to as a stable feature. It means:
- The feature is always enabled; you cannot disable it.
- The corresponding feature gate is no longer needed.
- Stable versions of features will appear in released software for many subsequent versions.
A Deprecated API must be supported after their announced deprecation for a duration of no less than:
- GA: 12 months or 3 releases (whichever is longer)
- Beta: 9 months or 3 releases (whichever is longer)
- Alpha: 0 releases
- Volume Snapshot Operations goes Stable
- Kubectl Debug graduates to Beta
- GA: Process PID Limiting for Stability
- Runtime Class to Stable
- Alpha: Graceful node shutdown
- Alpha with updates: IPV4/IPV6
- Beta: API Priority and Fairness
- CronJobs goes to Stable
- Immutable Secrets and ConfigMaps to GA
- IPv4/IPv6 dual-stack support to Beta
- Graceful Node Shutdown to Beta
- PersistentVolume Health Monitor to Alpha
- Kubeadm non-root to Alpha
- Default profiles for seccomp to Alpha
- Pod Security Policy (PSP) successor: Pod Security Admission to Alpha. PSP planned removal in v1.25
- Node system swap support to Alpha
- Cgroups v2 to Alpha
- Server-side apply goes GA
Note: The choice of the Kubernetes version doesn't impact the business services running on top of it. It is only related to the maintainability and the security of the platform.
This project will last for at least 18 months, while Kubernetes supports a version for 12 months. Therefore we decide to exploit Kubernetes v1.22 to ensure the security of the platform and its maintainability.
The v1.22 was released on August 19th and is mature enough to be deployed in production.
Furthermore, it allows us to benefit from the new features the community developed. Hence improving the security, performance, and usability of the platform.
Of course, release upgrades should be carried out regularly to profit from the security patches, bug fixes, etc.