Key Kubernetes & Cloud Native Updates: rkt Archival, Azure GitHub Actions, New Metrics

Industry News

The CNCF has archived the rkt container runtime project, noting its early contribution to the ecosystem and reduced community activity, leaving containerd and CRI‑O as the remaining CNCF runtime projects.

GitHub now supports CI/CD actions on Azure, offering actions such as azure/actions , azure/appservice-actions , azure/container-actions , and azure/k8s-actions for public repositories.

Intel released a Kubernetes GPU plugin covering FPGA, GPU, and QuickAssist workloads.

Orka enables a single Mac to host multiple macOS VMs using Kubernetes‑based containerization, simplifying iOS and macOS development.

The Helm Summit 2019 schedule has been announced.

Security vulnerability CVE‑2019‑9512 (and related CVE‑2019‑9514) is a DoS issue in HTTP/2 that can exhaust CPU and memory, leading to service unavailability.

VMware announced a $15‑per‑share acquisition of Pivotal, highlighting Pivotal's shift toward Kubernetes after Cloud Foundry.

Upstream Important Progress

Kube‑apiserver now supports both ClusterIP and ExternalName services, allowing direct Pod access via FQDN.

The request‑fairness documentation has been updated to reflect implementation changes.

Metric corrections include: cAdvisor label changes: pod_name → pod , container_name → container . API latency histogram buckets expanded to finer granularity (0.005 s to 10 s). Kubelet metrics converted from summary to histogram with seconds as units. Kube‑scheduler, kube‑proxy, and kube‑apiserver metrics now use seconds, with deprecated metrics removed. Client‑go working‑queue metrics renamed for consistency.

Scheduler PRs introduce a binder plugin implementation, cleanup extension points, a maxBackoffDuration parameter, and move score‑plugin logic for optimization.

Node zone/region topology labels have been promoted to GA.

Kube‑apiserver now supports CacheObject to avoid redundant serialization overhead.

Kube‑apiserver webhook calls can now set a context timeout.

apiserver admission webhook metrics now include new labels: ignore_call_failure , call_failure , and code .

Etcd client creation is blocked until a connection is established (PR #81435).

Block volume resizing capability has been enabled.

Open‑Source Project Recommendations

k3sup : a tool for quickly retrieving a kubeconfig from a single machine.

Gatekeeper : a policy controller for Kubernetes, distinct from OPA, enabling policy enforcement.

ktop : a visual monitoring dashboard for Kubernetes clusters.

System‑validators : a pre‑flight check suite for kubeadm installations, helping streamline private‑environment deployments.

Reading Recommendations

"OPA Gatekeeper: Policy and Governance for Kubernetes" – a guide on using OPA Gatekeeper for rule and policy configuration in K8s.

"How to enforce custom policies on Kubernetes objects using OPA" – practical instructions for policy enforcement.

"The Case for Virtual Kubernetes Clusters" – discusses multi‑tenant virtual cluster solutions.