Kubernetes receives new cybersecurity and management features

CLOUD

The developers of Kubernetes have released new features for the software container management platform that will make it easier to secure and maintain.

The features are available in Kubernetes 1.26, the latest version of the platform, which rolled out late Thursday. 

Companies build applications using software containers to make them more efficient. The technology provides the ability to deploy applications in a way that reduces hardware use, while also easing software maintenance tasks. Kubernetes further simplifies software maintenance: The platform automates much of the manual work involved in managing workloads built with containers.

Kubernetes is widely used in the enterprise, which makes it a target for hackers. Kubernetes 1.26, the new release of the platform that debuted today, introduces a feature called keyless signing that will reduce the risk of cyberattacks for users.

Hackers sometimes disguise malware as a software update to trick users into downloading it. Thanks to the keyless signing feature released today, it will become more difficult to disguise malware as a Kubernetes update. The feature is implemented using cosign, a popular open-source cybersecurity tool.

With keyless signing, the developers who maintain Kubernetes can attach a snippet of metadata to every update they release for the platform. Companies can analyze this metadata to check that an update is not malicious before downloading it. As a result, there is a lower risk of an organization’s developers inadvertently installing malicious files.  

Alongside the keyless signing feature, today’s update introduces multiple new capabilities designed to make Kubernetes deployments easier to manage. The  capabilities promise to simplify multiple maintenance tasks.

Two of the new features are designed to ease Kubernetes cluster monitoring. The first feature will make it easier to track hardware usage metrics, such as the amount of memory used by a container. The second new capability, in turn, will reduce the amount of manual work required to create a monitoring dashboard that can track the health of a Kubernetes deployment. 

Companies increasingly run Kubernetes on servers that contain multiple types of processors. A server cluster used to train artificial intelligence models, for example, may include not only central processing units but also graphics cards. Kubernetes 1.26 adds an application programming interface that will make it easier to manage deployments containing several types of chips.

Besides multiple kinds of chips, Kubernetes also supports multiple operating systems. Companies primarily run the platform on Linux servers, but it’s also compatible with Linux. Kubernetes 1.26 adds a capability called privileged containers that will make it easier to manage deployments powered by Microsoft Corp.’s operating system.

Kubernetes environments usually contain multiple servers. Previously, administrators had to separately log into each Windows server in a Kubernetees environment to perform routine tasks such as patching. The new privileged containers feature removes this requirement. 

The feature also makes it easier to customize Kubernetes environments powered by Windows. In particular, companies can now more easily install software tools that optimize a Kubernetes environment’s storage and network infrastructure. 

The new features in Kubernetes 1.26 are joined by a number of more specialized enhancements. The release introduces several upgrades that will enable companies to manage containerized applications’  network traffic more efficiently. The Kubernetes registry, the cloud service from which companies install copies of Kubernetes onto their servers, has been enhanced as well with a set of improvements designed to speed up the download process. 

Image: Kubernetes