We have started rolling out AKS and EKS 1.20. This brings AKS on Kubernetes
v1.20.7 and EKS on Kubernetes
In the process of upgrading EKS the following components have also been upgraded:
- KubeProxy from v1.19.6 to v1.20.4-eksbuild.2
- CoreDNS from v1.8.0 to v1.8.3-eksbuild.1
- Cluster Autoscaler from v1.19.1 to v1.20.0
Upon writing upgrades of all non-production clusters have already been rolled out. Production clusters will follow in the next week(s) after some extra validation, so you can expect to be contacted by an engineer to determine an upgrade window.
Important changes between K8s 1.19 and 1.20
Here’s a small list of some major themes:
The TTL controller is now enabled, which means you can automatically clean up Jobs which are
Failedafter a certain amount of time. Just specify a time via
ttlSecondsAfterFinishedin the Job spec.
Kubectl debug graduates to beta
kubectl alpha debugcommand now becomes
kubectl debugas a convenient way to debug workloads:
- Insert a debug container in clusters that don’t have ephemeral containers enabled
- Modify a crashing container for easier debugging by changing its image, for example to busybox, or its command, for example, to
sleep 1dso you have time to
- Inspect configuration files on a node’s host filesystem
For more info on this enhancement, check the debug running pods documentation.
The Docker container runtime, used through the dockershim, has now been officially deprecated. However there’s no need to panic, this doesn’t mean anything to you as developer. Any Docker-produced image will still keep on working.
Volume Snapshots moves to GA
When using CSI drivers it is possible to attach volumes to a Pod, created from snapshots. However for now we still use the in-tree EBS driver instead of the newer CSI one. We will make this feature available in the coming months.
API Priority and Fairness
Kubernetes 1.20 now enables API Priority and Fairness by default, which allows kube-apiserver to categorize incoming requests by priority levels.
Process ID Limits has now graduated to general availability.
Exec Probe Timeout Handling
A longstanding bug regarding exec probes, where the field
timeoutSecondswas not respected, has now been been fixed. Before, probes would run indefinitely, even past their configured deadline, until a result was returned. Now, the default value of 1 second will be applied if a value is not specified and existing pod definitions may no longer be sufficient if a probe takes longer than one second.
For more details, review the updated probes documentation.
And there’s much more to be found in the full Kubernetes 1.20.x changelog!
Actions to take
You should start moving your
Ingresses to the new GA apiVersion of
networking.k8s.io/v1. It’s important to note that apiVersion
extensions/v1beta1 for Ingress has been deprecated for a while and will be removed in K8s 1.22!
If necessary for your workloads, a Skyscrapers engineer will get in contact in the coming days to plan an upgrade window for production.