Last checked and updated on 10 Jun 2026
What Is New in Kubernetes 1.12
Kubernetes 1.12 delivers key enhancements in three main areas: production-readiness for Kubelet TLS Bootstrapping, significant scheduler improvements, and expanded storage and network capabilities. This release stabilizes features that have been maturing over several previous versions.
| Category | Key Highlights |
|---|---|
| Security & Authentication | Kubelet TLS Bootstrapping graduates to GA. Vertical Pod Autoscaling moves to beta. |
| Scheduling | Volume scheduling reaches GA. TaintNodesByCondition and ScheduleDaemonSetPods features promoted to beta. |
| Storage | Topology-aware volume scheduling (GA), Azure Virtual Machine Scale Sets (VMSS) and Azure Disk support (GA), and CSI external snapshot support (beta). |
| Networking | IPVS-based kube-proxy moves to GA. CoreDNS is now the default DNS server. |
| API & Extensibility | RuntimeClass resource introduced as alpha for selecting container runtimes. Dry-run and server-side apply mechanisms enter beta. |
How did Kubernetes 1.12 improve cluster security and node management?
The headline security improvement is the graduation of Kubelet TLS Bootstrapping to stable. This allows nodes to dynamically request and obtain their TLS certificates from the API server, eliminating the need to manually distribute and manage certificates for each node. It's a foundational feature for securely automating cluster scaling.
Vertical Pod Autoscaling (VPA) entered beta, enabling automatic adjustment of pod CPU and memory requests based on historical usage data. This helps right-size resource allocation, reducing waste and preventing out-of-memory (OOM) kills for memory-hungry applications.
What scheduler enhancements were introduced in version 1.12?
The scheduler saw major stability milestones. Volume scheduling, which allows the scheduler to consider PV topology and pod volume requirements, graduated to General Availability (GA). This ensures pods are scheduled onto nodes where their required volumes are accessible.
Two other critical features hit beta: TaintNodesByCondition and ScheduleDaemonSetPods. The former automatically taints nodes based on conditions like memory pressure, preventing the scheduler from placing new pods on unhealthy nodes. The latter moves DaemonSet pod scheduling from the DaemonSet controller to the default scheduler, unifying the scheduling logic and enabling the use of advanced features like taints and tolerations for DaemonSets.
What new storage and cloud provider capabilities are available?
Topology-aware volume provisioning reached GA, a crucial feature for cloud storage that must be created in the same availability zone as the node using it. This ensures pods can actually use the volumes they claim.
Support for Azure Virtual Machine Scale Sets (VMSS) and Azure Disk also graduated to GA, marking a significant step for production workloads on Azure. The Container Storage Interface (CSI) saw the introduction of external snapshot support as an alpha feature, paving the way for standardised volume backup operations across different storage providers.
How did networking evolve in this release?
IPVS-based load balancing within kube-proxy was promoted to GA. IPVS is designed for high-performance load balancing and offers lower latency with better throughput compared to iptables mode, especially in large-scale clusters.
CoreDNS replaced kube-dns as the default cluster DNS provider. CoreDNS offers a more flexible and extensible architecture, with performance improvements and better reliability, which is why the community made the switch.
What new API features should developers be aware of?
The alpha RuntimeClass resource was introduced to allow selecting a specific container runtime (e.g., runc, kata-containers) on a per-pod basis. This is key for running workloads with different isolation requirements within the same cluster.
Dry-run and server-side apply mechanisms entered beta. Dry-run allows you to submit a request to the API server to see if it would succeed without actually persisting any changes. Server-side apply helps manage field ownership for conflicting updates, a major step toward better declarative object management.
FAQ
Is Kubelet TLS Bootstrapping now safe to use in production?
Yes. Its promotion to GA in 1.12 signifies it is stable and supported for production use. You should implement it to automate and secure node joining.
What is the practical impact of the scheduler changes for DaemonSets?
With ScheduleDaemonSetPods in beta, DaemonSet pods are now scheduled by the default scheduler. This means you can use advanced scheduling features like node affinities, taints, and tolerations to control exactly where your DaemonSet pods run.
Why was CoreDNS made the default over kube-dns?
CoreDNS is more performant and reliable, especially in large clusters. Its plugin-based architecture also makes it more flexible for future extensions. The change is automatic for new clusters.
When should I use the new RuntimeClass feature?
Use RuntimeClass (alpha) if you need to run pods with different runtime requirements. A common use case is using a lightweight runtime like runc for most apps and a more secure, sandboxed runtime like kata-containers for multi-tenant workloads.
What's the benefit of the dry-run API capability?
Dry-run (beta) lets you validate configuration changes without applying them. It's perfect for testing the validity of your YAML/JSON manifests or for seeing what would happen from a mutating webhook before making a real change.