Kubernetes 1.26 completes the transition to the container runtime interface

The Kubernetes development team has released version 1.26 of the container orchestration platform – codenamed Electrifying. The many innovations in the release relate in particular to the introduction of the Container Runtime Interface (CRI), which is now used in stable release 1.0, and the change to the new Container Image Registry registry.k8s.io.

Stability: Container Runtime Interface v1.0

In the release of Stargazer (Kubernetes 1.24), the development team finally said goodbye to Dockershim in order to pave the way for CRI-compliant container runtimes such as CRI-O and containerd. However, the container runtime interface is still used in v1alpha2, with the release of Kubernetes 1.26, the stable CRI v1 release is now the standard. However, this also means that support for containerd 1.5 and below is no longer available, because Kubelet no longer registers nodes if the container’s runtime is not fully CRI v1 compliant.

Meanwhile, CRI v1 gives developers easier and more complete access to container metrics and ends their previous dependence on cAdvisor. As of Kubernetes 1.26, metrics registered in /metrics/cadvisor no longer come from cAdvisor, but directly from the container runtime interface. The extension which was drafted in version 2371 cAdvisor-less, CRI-full Container and Pod Stats is still considered alpha at the moment.

In order to enable users to download faster and also be able to distribute loads across multiple cloud providers and regions, the Kubernetes development team started the Container Image Registry change in version 1.25 (Combiner). the new registry.k8s.io It is already generally available and is now the standard. It is still possible to download images of Kubernetes 1.22, 1.23, 1.24, and 1.25 versions that are still under support from the previous registry. k8s.gcr.io Obtainable – all newer than 1.26 are registry.k8s.io booked up.

More security: sign artifacts with the symbol sign

Kubernetes takes another step towards greater security by signing binary objects. The official container images are already registered in versions 1.24 and 1.25. With Kubernetes 1.26, the cosine signing process has been extended to all client, server, and resource tar blocks, binary artifacts, software bills of materials (SBOMs), and build origin. For more information about this experimental feature, see the separate announcement from the Kubernetes Special Interest Group (SIG).

Interested parties can get a comprehensive overview of all changes in Kubernetes 1.26 in the blog post on Electrifying Release and in the changelog in the GitHub repo.

(a map)