Spring is here, and with it new features are popping up with Containership 3.9. We pride ourselves on listening to customers and implementing the features that they need to make their lives managing Kubernetes infrastructure easier. Here is a quick overview of what comes with this latest release.
Sync Cluster & Node Pool Labels
You can now create and globally apply cluster labels from within Containership. This allows operators to give individual clusters a label and then automatically apply that label to every node within the specified cluster. This is an ideal feature in multi-cloud setups, where differentiating between clusters and providers is important. You can also use labels as a means to specify where certain workloads should run on when deploying or updating images.
Node pool labels work very much the same, but are specific to the node pools within the cluster. This allows for fine grain control over where you want your workloads to run. If you have multiple worker pools that are made of different resource types, you can ensure workloads only run on the correct worker pool. A good example is if you are utilizing a mix of GPU instances and normal virtual machines in your cluster, you can add labels to your GPU node pool in order to force GPU specific workloads to only be scheduled on said pool.
Personal Access Tokens
Because personal access tokens are long-lived and revocable they are useful when programmatically interacting with the Containership API. One common use case we’ve seen from customers in utilizing personal access tokens when building out their CI/CD pipeline. Using a regular user auth token can work, but only for a limited time as the token will eventually expire, causing builds to fail.
Personal access tokens can be created by individual users from within the Containership dashboard with minimal effort. Conversely, since the tokens are revocable, admins can easily add and remove them as needed. Since personal access tokens are tied to a specific user, a clear audit trail is kept allowing administrators to deduce who did what, and when. Furthermore, if the user who owns the access token is removed from the organization, the access tokens are also immediately expired.
Automated Certificate Rotation
TLS certificate rotation for core Kubernetes components and other API clients is critical from a security and best practices standpoint. Handling certificate rotation manually is cumbersome, error-prone, and far too easy to forget about, which can result in a cluster suddenly becoming unusable. This is why we've enhanced the existing click-button Kubernetes upgrade feature to seamlessly rotate core Kubernetes certificates behind the scenes. Simply keep your cluster within our supported window of Kubernetes 3 minor versions and rest assured that your certificates are up-to-date.
All of these new features are available today on Containership Community Edition. You can sign up and test them out yourself for free. If you are interested in additional support services, a quick walkthrough of the platform, or have general feedback, feel free to reach out! We would love to hear from you!