Interesting new features in K8s v1.21

 

Kubernetes 1.21 was released in April 2021, but today I got a chance to look into the new features that are coming up in v1.21. 
You can find the full changelog here: K8s v1.21 CHANGELOG

But here are some interesting features that caught my eye for the v1.21 release:-

i) Pod Security Policy Deprecation

The PSP function determined how Kubernetes allowed users to define a set of criteria that a running pod had to meet. These criteria typically included the configurations and privilege of the pod. If the criteria could not be met, the pod would not be deployed in the Kubernetes cluster.

Pod Security Policies are being marked as deprecated in Kubernetes 1.21 and will be completely removed in Kubernetes 1.25.
I think we should start looking at OPA Gatekeeper as an alternative to our workflows consuming PSP's.

ii) Immutable ConfigMaps and Secrets

ConfigMaps and Secret objects in K8s were not immutable (i.e They could be changed by hand), but now since K8s v1.21 we have a immutable flag available in the Configmap and Secret object which will ensure that once a secret or configmap is created, it cannot be edited unless it is deleted.

iii) Random Pod selection on ReplicaSet downscale

Currently when a ReplicaSets downscales, it deletes the Pods that have been running for the least amount of time. But this situation is not ideal and 
To mitigate this, the LogarithmicScaleDown feature gate has been added in v1.21,  when enabled, a semi-random selection of Pods will be used, based on logarithmic bucketing of pod timestamps.