What’s New in Cloud Native: Helm 3, Kubernetes 1.17, Istio Updates and More

Helm 3 Release

On November 13 (US time) the Helm team announced the first stable version of Helm 3. It retains Helm 2’s core capabilities while enhancing chart repository handling, version management, security, and chart libraries, incorporating community feedback to better serve Kubernetes users and the broader cloud‑native ecosystem.

GitHub Octoverse Report

The Octoverse report shows JavaScript remains the most popular language, Python has overtaken Java for second place, and Kubernetes has entered the top‑10 most‑starred open‑source projects.

KubeCon + CloudNativeCon North America

The conference will take place from November 18‑21 in San Diego.

CNCF Prometheus Project Report

CNCF released its third project report, focusing on Prometheus. The report objectively evaluates Prometheus’s current state and how CNCF influences its progress and growth.

Kubernetes 1.17 Release

Kubernetes 1.17 is scheduled for code freeze on Thursday, November 14.

Upstream Important Developments

Kubernetes Feature – InterPod Affinity (Scheduler)

Optimized priority calculation by aggregating scores at the topology layer instead of iterating over nodes.

NodeInfo snapshot now records pod‑affinity information, narrowing the query range for priority and predicate checks.

Added the logic to the score plugin.

NodeLease (Kubelet)

Reduced node update frequency by extending the forced heartbeat interval to 5 minutes.

NodeLease feature graduated from FeatureGate to GA in 1.17.

Apiserver Watcher Optimization

Use CacheObject only when the number of watchers exceeds three, providing a modest performance boost.

Apiserver Bugfix

When an encoding error occurs, the watcher must be closed promptly to avoid goroutine leaks.

Kubelet Metrics Enhancements

Added kubelet_preemptions metric to record the number of pods evicted due to resource shortage, helping surface scheduler or controller bugs.

Added a serving‑certificate‑age histogram metric to track certificate expiration across all kubelets.

KEP – Scheduler Priority

Introduced ReadyPodPriority to handle scenarios where newly added nodes receive a burst of pod scheduling requests, preventing overload.

KEP – Distributed Tracing

Provides end‑to‑end tracing of an object across Kubernetes components.

ETCD Improvements

Optimized compact by separating compact and put/range handlers into different goroutines, reducing blocking.

Freelist type feature promoted from experimental to GA (3.5) with default changed from array to map.

Added tracing for put, range, and compact requests, mirroring apiserver tracing, to record raft, in‑memory b‑tree, and boltdb query latencies.

Istio Updates

Istio and Envoy now support two primary resolution types for load balancing: IP‑based endpoint list (EDS) and IP‑based host list (STRICT_DNS). The community is discussing a mixed resolution model using an Aggregate Cluster that falls back from EDS to STRICT_DNS when needed.

Plans to incrementally merge control‑plane components into Istiod (Sidecar injector, Galley, Citadel) with Istiod becoming the default installation in version 1.5.

ExternalInstance Proposal

Proposes registering each VM as an ExternalInstance (treated as an unmanaged pod) to add an indirection layer between VMs and services, improving mesh extensibility and decoupling VM membership from routing and naming.

Knative Enhancements

Discussion on making Knative eventing components serverless and scalable; current consumer services can autoscale via knative‑serving, but eventing sources, channels, and brokers lack scaling capabilities.

Open‑Source Project Recommendations

Quarkus : Cloud‑native Java framework that trims OpenJDK HotSpot and GraalVM for fast startup and low memory usage.

kfserving : Serverless machine‑learning model serving framework.

tracee : eBPF‑based container tracing tool that captures syscalls and other process activities.

NexClipper : Simple Kubernetes solution for rapid deployment.

Weekly Reading Recommendations

Kubernetes Scheduler 101 : Systematic overview of pod scheduling and the Scheduler component.

Building a Large‑scale Distributed Storage System Based on Raft : Explains how TiDB uses Raft to build a scalable storage system, addressing sharding, consistency, and availability.

AutoTiKV: Machine‑Learning‑Based Database Tuning : Describes automatic hyper‑parameter search for TiKV and its underlying RocksDB.

Primer: What is Container Security? : Presents best security practices for running containers and platforms safely.

Knative Serving Health‑Check Mechanism Analysis : Analyzes health‑check differences between serverless and traditional modes and Knative’s unique considerations.