What’s New in OpenKruise v1.6? Key Features and Upgrade Guide

Overview

OpenKruise is an open‑source cloud‑native application automation suite from Alibaba Cloud, now a CNCF incubating project. Version 1.6 was released in March 2024 and brings a set of core enhancements for large‑scale Kubernetes deployments.

Version Compatibility

Requires Kubernetes >= 1.18 for a standard installation; clusters running 1.16 or 1.17 can still install OpenKruise if the Kruise‑Daemon component is disabled (featureGates="KruiseDaemon=false").

Leader election defaults to the leases mode. Users of OpenKruise 1.3.0 or earlier should upgrade to 1.4 or 1.5 before moving to 1.6 to avoid Multiple Leader issues.

Features that depend on webhooks no longer apply to resources in the kube-system namespace (e.g., SidecarSet, WorkloadSpread, PodUnavailableBudget, ContainerLaunchPriority, PersistentPodState).

Key Feature 01 – Important Updates

From v1.6.0 onward, OpenKruise mandates Kubernetes >= 1.18 unless the Kruise‑Daemon is turned off.

Leader election now uses leases by default, with a recommended upgrade path to prevent Multiple Leader problems.

Webhook‑dependent functionalities are disabled for resources under kube-system to avoid circular‑dependency risks.

Key Feature 02 – Enhanced Multi‑Domain Management

WorkloadSpread, introduced in OpenKruise v0.10, provides multi‑domain pod distribution to address scenarios such as time‑based elasticity, heterogeneous CPU architectures, and multi‑zone disaster recovery.

A regression in earlier versions caused subset replica ratios to break during rolling upgrades when maxSurge>0. The illustration shows a pod from an x86 pool being scheduled to an ARM pool, resulting in a 50/50 split after the original pod is removed.

In v1.6, WorkloadSpread now considers pod version when allocating subsets, fixing the replica‑ratio problem. Users running WorkloadSpread in production are advised to upgrade to this version.

Key Feature 03 – Image Pre‑warming with “Always” Policy

Image pre‑warming now supports imagePullPolicy=Always, enabling pre‑pull of images whose tags remain unchanged (e.g., :latest). The feature can be combined with completionPolicy.type=Never to schedule nightly base‑image pre‑warming and automatically pre‑pull on node scale‑out.

apiVersion: apps.kruise.io/v1alpha1
kind: ImagePullJob
metadata:
  name: job-with-base
spec:
  image: base:latest
  imagePullPolicy: Always
  parallelism: 10
  completionPolicy:
    type: Never
  backoffLimit: 3
  timeoutSeconds: 300

Key Feature 04 – Delete‑Protection for Service & Ingress

The new delete‑protection policy intercepts all deletion attempts on Service and Ingress resources unless the label policy.kruise.io/delete-protection=Always is removed, enhancing cluster stability and security.

apiVersion: v1
kind: Service
metadata:
  labels:
    policy.kruise.io/delete-protection: Always
  name: test-web

Future Outlook

Release 1.7: CloneSet/Advanced StatefulSet will support in‑place PVC resizing, upgrade kruise API to v1beta1, and add a new LivenessProbe feature.

Release 1.8: SidecarSet will support Kubernetes 1.28 sidecar containers and introduce a minimal‑component deployment scheme.

Release 1.9: CloneSet/Advanced StatefulSet will add Resource‑level VPA support.

References

OpenKruise GitHub repository: https://github.com/openkruise/kruise

ChangeLog: https://github.com/openkruise/kruise/blob/master/CHANGELOG.md

Community bi‑weekly meeting details: https://shimo.im/docs/gXqmeQOYBehZ4vqo

Slack channel for OpenKruise: https://kubernetes.slack.com/channels/openkruise