Kubernetes Ecosystem in 2021: Key Developments and 2022 Outlook

2021 marked significant progress in the Kubernetes ecosystem, with three major releases (v1.21, v1.22, v1.23) and enhancements across resource utilization, security, scalability, and usability.

Resource utilization – a new memory manager was added to kubelet to support NUMA‑aware memory allocation for QoS‑Guaranteed pods, configurable via --reserved-memory and --memory-manager-policy. Memory QoS was extended to cgroups v2, and the ReplicaSet scale‑down algorithm was adjusted to avoid deleting newly‑scaled pods.

[tao@moelove ~]# numactl -H
available: 2 nodes (0-1)
node 0 cpus: 0 1 2 3 4 5 6 7 8 9 20 21 22 23 24 25 26 27 28 29
node 0 size: 65186 MB
node 0 free: 9769 MB
node 1 cpus: 10 11 12 13 14 15 16 17 18 19 30 31 32 33 34 35 36 37 38 39
node 1 size: 65536 MB
node 1 free: 15206 MB
node distances:
node   0   1 
  0:  10  21 
  1:  21  10

Example memory‑manager configuration:

--memory-manager-policy static --reserved-memory 0:memory=1Gi,hugepages-1M=2Gi --reserved-memory 1:memory=2Gi

Node swap support – an alpha feature allowing swap on nodes, enabled with the NodeMemorySwap flag and --fail-on-swap=false.

Horizontal Pod Autoscaler v2 reached GA status after five years of development.

Security – the deprecated PodSecurityPolicy was replaced by the PodSecurity admission controller with enforce, audit, and warn modes, configurable via an AdmissionConfiguration YAML:

apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- name: PodSecurity
  configuration:
    defaults:
      enforce: <default enforce policy level>
      enforce-version: <default enforce policy version>
      audit: <default audit policy level>
      audit-version: <default audit policy version>
      warn: <default warn policy level>
      warn-version: <default warn policy version>
    exemptions:
      usernames: [<array of authenticated usernames to exempt>]
      runtimeClassNames: [<array of runtime class names to exempt>]
      namespaces: [<array of namespaces to exempt>]

Scalability – OpenAPI v3 support was introduced behind the OpenApiv3 feature gate, and a new Alpha CRD validation expression language using CEL allows declarative rules such as self.minReplicas <= self.replicas and self.replicas <= self.maxReplicas:

openAPIV3Schema:
  type: object
  properties:
    spec:
      type: object
      x-kubernetes-validation-rules:
        - rule: "self.minReplicas <= self.replicas"
          message: "replicas should be greater than or equal to minReplicas."
        - rule: "self.replicas <= self.maxReplicas"
          message: "replicas should be smaller than or equal to maxReplicas."
      properties:
        minReplicas:
          type: integer
        replicas:
          type: integer
        maxReplicas:
          type: integer
      required:
        - minReplicas
        - replicas
        - maxReplicas

When a custom resource violates these rules, the API rejects it, e.g.:

apiVersion: "stable.example.com/v1"
kind: CustomDeployment
metadata:
  name: my-new-deploy-object
spec:
  minReplicas: 0
  replicas: 20
  maxReplicas: 10

The CustomDeployment "my-new-deploy-object" is invalid:
* spec: Invalid value: map[string]interface {}{"maxReplicas":10, "minReplicas":0, "replicas":20}: replicas should be smaller than or equal to maxReplicas.

Usability – the kubectl alpha events command (exposed as kubectl events) simplifies event inspection without modifying kubectl get, addressing sorting, watching, and timeline display issues.

Service Mesh – Cilium Service Mesh entered the scene with a sidecar‑less, eBPF‑based architecture offering higher security and performance.

Serverless – projects like OpenFunction expanded the serverless landscape, reflecting the maturation of the model in 2021.

Looking ahead to 2022, the article predicts a focus on security (supply‑chain, DevSecOps) and broader adoption of eBPF for observability and networking enhancements, reinforcing eBPF’s importance in the cloud‑native era.