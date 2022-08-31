In version 1.25, the container management finally separates from the PodSecurityPolicy, since the Pod Security Admission is now considered stable.

The development team behind the Kubernetes container orchestration platform has released version 1.25, dubbed Combiner. While the martial protective helmet logo of the release refers to the security-related innovations such as the Pod Security Admission Controller, the name Combiner is intended to stand for the unity of all those involved in the Kubernetes project and for the interaction of all container management components. According to the creators, it was only this combination that made Kubernetes successful.

- Advertisement -

Integrated but less flexible

According to the announcement, the development team has incorporated a total of 40 extensions into the new release. Thirteen of them are now officially considered stable and are therefore released for productive use in Kubernetes. This includes, for example, the new Pod Security Admission Controller, which finally replaces the PodSecurityPolicy, which was already marked as deprecated in version 1.21. As an integral part of Kubernetes, the Pod Security Admission is intended to cover the most important security requirements by default, but unlike the PodSecurityPolicy, it is less flexible to adapt. If necessary, users who need finer-grained control over the definition of the security guidelines should therefore reassure themselves before the migration whether they need to resort to additional mechanisms to the Pod Security Admission Controller. A comprehensive document provides assistance with the migration.

ephemeral__1" class="subheading">Ephemeral Container: short-lived troubleshooting help

Ephemeral , i.e. short-lived containers that are particularly recommended for troubleshooting, are now also considered stable in Kubernetes 1.25. For example, developers can use the Ephemeral Container as an alternative to kubectl exec Use when examining other containers that have crashed or whose image lacks proper debugging tools.

The new release finally offers full support for cgroups v2. After the Linux kernel extension API had been stable for more than two years, some Linux distributions – including Debian, Fedora and RHEL – now use the cgroups v2 API by default. In order to ensure the smooth operation of Kubernetes on the relevant releases of the distributions, the development team has completed the cgroups-v2 support. More details about the Linux distributions and the control groups can be found in the cgroups documentation.

- Advertisement -

An overview of all other new features in Kubernetes 1.25 can be found in the blog post announcing the release and in the changelog on GitHub. The new version is now available for download in the repo there. Before upgrading, however, users should note a few important notes, which include outdated and now removed APIs.

