February 6, 2025

Kubernetes v1.30 – The overview table

Kubernetes v1.30 – The overview table

Foreword

This blog post is the start of a new series of posts covering the evolution of Kubernetes. The series will cover each release of Kubernetes and will be split into multiple posts. There will be one overview post to cover every change at a high level and multiple deep dive posts covering a single interesting change in more detail.

I always found it tough to see what was coming down the pipeline for k8s, the release posts are great but don’t contain all the KEPs (Kubernetes Enhancement Proposal) that changed state. This makes it not super scannable. If you want to find out about the KEPs that are not talked about, you need to do a lot of digging through Github.

We did that digging so you don’t have to.

This overview post lets you scan what you find interesting so you can dive in further, whether through a deep dive we post or through looking around the KEP itself. I’ll explain each KEP in a single sentence.

So let’s take a look at all 45 KEPs that changed state!

If you’re interested in a particular KEP, I recommend that you Ctrl/Cmd-f for it!

The KEP table

Feature KEP ELI5 1.29 State 1.30 State Deepdive
Container Resource based Pod Autoscaling 1610 Horizontal Pod Autoscaler can scale based on a specific container’s resource usage rather than the whole pod Beta Stable Coming
Remove transient node predicates from KCCM’s service controller 3458 Allows nodes to be drain load balancer connections when they become NotReady or are about to be torn down instead of immediately terminating all connections Beta Stable No
Go workspaces for k/k 4402 Moves the k8s repos to go workspaces, no user-facing changes N/A Stable No
Reduction of Secret-based Service Account Tokens 2799 Moves to the token request API instead of storing service account tokens as secrets. Makes things more secure Beta Stable No
CEL for Admission Control 3488 Allows in-process validation rules for requests to the API server through a Common Expression Language (CEL). The only previous option was to stand up an admission webhook Beta Stable Coming
CEL-based admission webhook match conditions 3716 Admission webhooks can fail. This causes massive cluster-wide issues. Allows users to only send the requests that absolutely need to go to the admission webhook there, isolating failures. Beta Stable No
Pod Scheduling Readiness 3521 Allows pods to be marked as unscheduleable so it gets skipped over by the pod scheduler. Can be mutated. Useful if you expect pods to be unscheduleable for a long time. Beta Stable No
Min domains in PodTopologySpread 3022 Allows users to require that there’s a minimum number of domains before scheduling a deployment with pod topology spread constraints Beta Stable No
Prevent unauthorised volume mode conversion during volume restore 3141 Prevents a vulnerability which allows malicious users to mount snapshotted volumes in a different mode Beta Stable No
API Server Tracing 650 Enables distributed tracing for requests to the api server Beta Stable Coming
Cloud Dual-Stack –node-ip Handling 3705 Allows users to change both the ipv4 and ipv6 addresses of nodes when the cluster is backed by a cloud provider Beta Stable No
AppArmor support 24 Enables AppArmour (kernel module for enhanced security) support for containers running in k8s Beta Stable No
Robust VolumeManager reconstruction after kubelet restart 3756 Makes volume mounting after a kubelet restart more robust. The previous way had several issues Beta Stable No
kubectl delete: Add interactive(-i) flag 3895 kubectl -i delete ... shows you things that are going to be deleted before they actually are. You can then confirm or stop before actually deleting Beta Stable Coming
Metric cardinality enforcement 2305 Prevents metrics exploding in cardinality by enforcing limits on the labels of a metric. Allows users to specify a file with the allowed values of metrics at boot. Beta Stable No
Field status.hostIPs added for Pod 2681 status.hostIPs is a new field on pods which allows you to see both the ipv4 and ipv6 address of the node running the pod. Useful when you’re doing a dual-stack migration Beta Stable No
Aggregated Discovery 3352 Previously k8s clients (like kubectl) would have to discover what resources were available in the cluster by making a bunch of requests for lots of small amounts of data. This creates a lot of requests and load. This KEP makes it possible to make much fewer calls to stop request storms. Beta Stable No
Job success/completion policy 3998 Updates the Job resource to allow setting specific conditions under which job can be declared as succeeded, by introducing customizable success policies N/A Alpha No
Custom profiling support in kubectl debug command 4292 Adds a custom profiling feature to the kubectl debug command, allowing users to configure the debug container’s specifications via a JSON file N/A Alpha No
Node Log Query 2258 Allows users to view api server / kubelet logs through k8s itself rather than sshing to the box runnning kubelet. Alpha Beta Coming
Move Storage Version Migrator in-tree 4192 Ever had to write every resource back to k8s to perform an upgrade, it’s a pain and pretty manual. This KEP aims to make that process much easier. N/A Alpha No
Custom Resource Field Selectors 4359 Lets custom resources have field selectors. Improves performance for filtering and stops people needing to throw things into labels N/A Alpha No
Retry Generate Name 4420 When you ask k8s to generate a name for you for a resource when you create it, it generates a 5 char suffix to add to a prefix. This collides which causes create calls to fail in that case. This KEP retries those calls on the api server side. N/A Alpha No
Job API managed-by mechanism 4368 Enables jobs to be managed by controllers other than the main job controller. Supporting the work for MultiKueue (run jobs across multiple clusters) N/A Alpha No
Structured Authorization Configuration 3221 Allows users to specify multiple authorization webhooks in a chain for api server calls instead of just one. Alpha Beta No
Structured Authentication Config 3331 Introduces a new structured authentication config file which lays the groundwork for more complex auth customization Alpha Beta No
Bound service account token improvements 4193 Adds the node that a pod is running on to the claims of the JWT for the service account token Alpha Beta
Contextual Logging 3077 Allows callers of kubernetes components to pass in the logger they like. Enables structured json logging for k8s components Alpha Beta No
kube-proxy-IP-node-binding 1860 Adds an ipMode field to the service status which allows cloud providers to configure kube proxy. Makes networking better on some clouds. Alpha Beta No
Kube-proxy improved ingress connectivity reliability 3836 Allows for better connection draining on terminating nodes for some load balancers. Alpha Beta No
Traffic Distribution for Services 4444 Adds a field trafficDistribution to the service spec to allow users to specify how they want traffic to be routed to the pods backing the service. An initial implementation of PreferClose is included which targets topologically close nodes. N/A Alpha Coming
User namespaces 127 Enables user namespaces which increase isolation between the pod and the node its running on by having privileged pod processes be unprivileged on the node. Mitigates the impact of container breakout vulnerabilities Alpha Beta Coming
Kubelet limit of Parallel Image Pulls 3673 Add a node-level limit to kubelet to limit the number of parallel image pulls. Stops the scenario where a bunch of containers need images pulling and max out the bandwidth to the node. Note: you need to opt in to parallel image pulling, by default image pulling is serialized. Alpha Beta Coming
Recursive Read Only Mounts 3857 If you mount a readOnly volume in k8s then only the top level mount is read only. If it has submounts that are writeable then they will also be writable by the pod. The KEP introduces a new field to a mount recursiveReadOnly which can force that all submounts are read only too. N/A Alpha No
Pod Lifecycle Sleep Action 3960 Enables you to wait before terminating a container. Super useful for enabling graceful termination. If you have a service, you can just add a sleep of 10 seconds before termination on the pods so that new traffic is routed elsewhere and your service finishes any requests before terminating. Alpha Beta Coming
Max image age GC 4210 Adds an option to specify the maximum amount of time an image will be kept in the node cache before its deleted. LRU style Alpha Beta No
Allow almost all printable ASCII characters in environment variables 4373 Relaxes validation so all printable ascii characters (except =) can be used in env vars (like :, {, } etc) N/A Alpha No
DRA: structured parameters 4381 Adds new resource types to support different resources needed by pods like network attached resources, shared resource between pods etc N/A Alpha Coming

General References

Kubernetes release page: https://kubernetes.io/blog/2024/04/17/kubernetes-v1-30-release/

Github k8s Changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md


Discover more from RSS Feeds Cloud

Subscribe to get the latest posts sent to your email.

Top

Discover more from RSS Feeds Cloud

Subscribe now to keep reading and get access to the full archive.

Continue reading