We’re excited to announce the release of Kubermatic Kubernetes Platform (KKP) 2.28! This version introduces new features to enhance security, simplify cluster operations, and give teams more control (without added complexity).
Let’s explore the highlights of KKP 2.28!
Kyverno Integration: Policy Enforcement Reimagined
One of the most anticipated integrations is now available. KKP 2.28 introduces a monumental improvement in security and compliance, with deep Kyverno integration. Kyverno, a powerful Kubernetes-native policy engine, allows you to manage admission control policies directly as Kubernetes resources.
With this powerful integration, you can now:
- Enforce Policies Directly in User Clusters: Deploy and utilize Kyverno controllers within your user clusters, enabling precise policy enforcement at the workload level.
- Consistent Policy Deployment Across KKP: As a Platform Admin, you can now establish organization-wide policies, or Project owners can define policies tailored to their specific needs, ensuring consistent governance across your entire KKP setup.
- Robust Policy Enforcement and Defaulting: Leverage Kyverno to enforce and default policies across all your Kubernetes clusters managed by KKP, ensuring compliance and adherence to best practices.
- Comprehensive Policy Management within the Dashboard: Gain immediate access to a curated default policy catalog to jumpstart your policy definitions. Additionally, KKP’s intuitive UI allows you to craft custom policies to meet your specific security and compliance requirements.
Disaster Recovery and Cluster Migration with Velero-Powered Backup & Restore
KKP 2.28 introduces a major upgrade in disaster recovery and cluster migration, with enhanced Velero-based backup and restore features, including:
- Backup uploads directly from the dashboard: You can now upload your backup files directly to your configured S3 bucket via the KKP dashboard. This process allows you to quickly restore those backup files to a new Kubernetes User Cluster within KKP.
- Source labels for backup objects: We’ve introduced the ability to label backup objects with their source. This intelligent tagging makes it easier to organize, identify, and retrieve specific backups.
Introducing the Global Viewer Role in KKP 2.28
KKP 2.28 introduces another long-awaited feature: the Global Viewer role.
In this role, users can monitor all resources and configurations in a read-only format, without the ability to make any modifications. This global viewer role enhances transparency across the platform, allowing team members and auditors to monitor infrastructure without impacting it or requiring administrative privileges.
Embracing the Future: Kubernetes 1.33 Support
KKP 2.28 brings full support for Kubernetes 1.33, allowing teams to benefit from the latest upstream improvements and features.
Robust KubeVirt Enhancements
For users leveraging KubeVirt, this release delivers multiple upgrades:
- Improved provisioning of KubeVirt VMs with
MatchSubnetAndStorageLocation, ensuring better network and storage compatibility. - Our network policy controller now supports an explicit policy mode (allow or deny), giving you more control over network traffic.
- You can now define vCPU values for KubeVirt VMs and set a CPU allocation ratio to optimize resource utilization.
- The filtration of storage classes has been improved, so only compatible storage classes are shown during provisioning, with KubeVirt Storage Class Infra Cluster Filtration.
- Enhanced compatibility checks for KubeVirt deployments with KubeVirt Subnet and StorageClasses Location Compatibility.
Upstream Chart Adoption for MLA Stack
Our MLA (Monitoring, Logging, Alerting) stack has been updated to leverage upstream charts. This includes upstream Helm charts, such as Alertmanager, kube-state-metrics, and blackbox-exporter for improved maintainability and quicker access to the latest community updates.
Streamlined Image Management
Working with mirrored images is now more user-friendly and efficient than ever. We’ve delivered an improved mirror-images experience and introduced a new mirror-binaries subcommand, simplifying offline deployments. You can also ensure all necessary images are mirrored for your Cilium deployments with mirroring for the Cilium-Envoy image.
Greater Control and Customization
We’ve heard your feedback and implemented several features to give you even more granular control over your KKP environment. Now, you can configure audit logging at the Seed level, for deeper visibility across all your User Clusters. For our OpenStack users, KKP 2.28 introduces support for shared routers across user clusters within the same subnet, significantly simplifying your networking setup. Security is always a priority, and you can now further enhance it by defining allowed IP ranges for the API server for user clusters directly at the Seed level.
Administrative Control and Deprecations
KKP 2.28 introduces new options for administrators to fine-tune their KKP deployments. You can now disable default KubeVirt instance types and preferences to control the types of virtual machines that can be provisioned. For environments with stricter security requirements, there’s also the option to disable the user SSH key feature throughout KKP.
Lastly, please note that with this release, support for the Equinix Metal provider has been deprecated.
Performance and Network Optimizations
We’ve made backend improvements to boost performance and network efficiency in KKP. You can now fine-tune etcd performance by configuring the backend quota with etcd quota backend bytes.
OpenStack users gain support for multiple LoadBalancerClasses, and simplified security group management with the removal of multi-group support. We’ve also given you more control over your cluster backup schedules with configurable backup interval and count.
Data integrity for Velero backups is enhanced with the ability to set a default checksum algorithm. Network routing for user clusters is improved with the option to configure an HTTP proxy, and you can now optimize the performance of the Konnectivity tunnel by configuring Konnectivity Server and Agent channel sizes.
Have a good time trying out the new features!
We’re committed to making KKP the best Kubernetes platform for your needs, and this release is a significant step forward. We hope you find these new features and improvements valuable for your projects!
Thank you for being a part of the Kubermatic community, and we look forward to your feedback on KKP 2.28. If you find our contributions valuable, we kindly encourage you to leave a star on our GitHub repository. As always, please don’t hesitate to reach out with any questions or suggestions via Contact Us form.
