BestHub
Sign in
Cloud Native 11 min read

What’s New in OpenKruise v1.0? A Deep Dive into Cloud‑Native Automation Features

OpenKruise v1.0 introduces a suite of cloud‑native enhancements for Kubernetes, including in‑place upgrades for env variables, a new ResourceDistribution CRD for cross‑namespace resource syncing, container launch priority controls, an extended kubectl‑kruise plugin, and numerous optimizations across workloads and controllers.

Alibaba Cloud Native
Alibaba Cloud Native
Alibaba Cloud Native
What’s New in OpenKruise v1.0? A Deep Dive into Cloud‑Native Automation Features

OpenKruise v1.0 Overview

OpenKruise is a CNCF Sandbox project that extends Kubernetes with advanced capabilities for deployment, upgrade, operation, and stability protection. All features are exposed via standard Custom Resource Definitions (CRDs) and can be installed with a single Helm command on any Kubernetes cluster version 1.16 or newer.

Key Capability Areas

Application Workloads : Advanced deployment strategies for stateless, stateful, and daemon workloads, including in‑place upgrades and gray‑scale rollouts.

Sidecar Container Management : Independent definition, dynamic injection, and in‑place or hot upgrades of sidecar containers.

Enhanced Operations : In‑place container restarts, image pre‑pulling, and guaranteed container start order.

Application Partition Management : Control over deployment ratios, order, and priority across zones or node types.

Application Security Protection : Higher security and availability guarantees for applications running on Kubernetes.

Version 1.0 Highlights

The CRD and WebhookConfiguration resources have been upgraded from v1beta1 to v1, enabling support for Kubernetes 1.22+ while still requiring a minimum version of 1.16.

In‑Place Upgrade of Environment Variables

OpenKruise v1.0 adds support for in‑place upgrades of environment variables via the Downward API. Users annotate the desired value in pod metadata; when the annotation changes, Kruise triggers an in‑place rebuild of containers that reference the annotation, avoiding full pod recreation.

apiVersion: apps.kruise.io/v1alpha1
kind: CloneSet
metadata:
  ...
spec:
  replicas: 1
  template:
    metadata:
      annotations:
        app-config: "... the real env value ..."
    spec:
      containers:
      - name: app
        env:
        - name: APP_CONFIG
          valueFrom:
            fieldRef:
              fieldPath: metadata.annotations['app-config']
  updateStrategy:
    type: InPlaceIfPossible

Cross‑Namespace Resource Distribution

A new cluster‑scoped CRD ResourceDistribution automates distribution and synchronization of Secret and ConfigMap resources across multiple namespaces based on label selectors or explicit inclusion/exclusion lists.

apiVersion: apps.kruise.io/v1alpha1
kind: ResourceDistribution
metadata:
  name: sample
spec:
  resource:
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: game-demo
    data:
      ...
  targets:
    namespaceLabelSelector:
      ...
    # or includedNamespaces, excludedNamespaces

Container Launch Priority

OpenKruise provides a mechanism to enforce explicit container start order within a pod. Setting the annotation apps.kruise.io/container-launch-priority: Ordered makes Kruise launch containers sequentially according to their order in the pod spec. Users can also define a numeric priority via the environment variable KRUISE_CONTAINER_PRIORITY (range [-2147483647, 2147483647]); a higher integer results in an earlier start.

kubectl‑kruise Command‑Line Plugin

The kubectl‑kruise plugin extends the native kubectl CLI with commands that understand OpenKruise workloads (e.g., CloneSet, AdvancedStatefulSet).

# rollout undo cloneset
$ kubectl kruise rollout undo cloneset/nginx

# rollout status advanced statefulset
$ kubectl kruise rollout status statefulsets.apps.kruise.io/sts-demo

# set image of a cloneset
$ kubectl kruise set image cloneset/nginx busybox=busybox nginx=nginx:1.9.1

Additional Optimizations

CloneSet now supports streaming scale via scaleStrategy.maxUnavailable and refined stable‑revision detection.

WorkloadSpread can adopt existing Pods into matching subsets and has improved webhook retry logic.

Advanced DaemonSet gains in‑place upgrade support and progressive annotations for partition‑limited pod creation.

SidecarSet adds filtering of inactive Pods and new fields ( SourceContainerNameFrom, EnvNames) to reduce redundancy.

PodUnavailableBudget introduces a “skip protection” flag and monitors replica changes.

NodeImage adds --nodeimage-creation-delay to delay creation until a new node becomes ready.

UnitedDeployment fixes handling of nil NodeSelectorTerms.

Underlying controller‑tools now use native protobuf for Pod operations and expose cache resync as a CLI flag.

For detailed change logs and usage examples, refer to the OpenKruise GitHub releases page: https://github.com/openkruise/kruise/releases.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Cloud NativeKubernetesin‑place updateCRDOpenKruisekubectl‑kruiseResourceDistribution
Alibaba Cloud Native
Written by

Alibaba Cloud Native

We publish cloud-native tech news, curate in-depth content, host regular events and live streams, and share Alibaba product and user case studies. Join us to explore and share the cloud-native insights you need.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment