Kubernetes v1.30.0-beta.0 has been built and pushed using Golang version 1.22.1.
The release notes have been updated in CHANGELOG-1.30.md, with a pointer to them on GitHub:
filename | sha512 hash |
---|---|
kubernetes.tar.gz | e83f477aed051274437987d7b3fa30e923c04950c15d4a7bec20e87f54c017d5938a8d822885b0b458e31c692cade1d26567ac10ffa90934ed15890516376236 |
kubernetes-src.tar.gz | a32078a0547d093bbf7d1c323d89cbe50fa04c8d98fe9f0decf2be63d206ad11872009971fd9937336f6a7a187294b058e441297a2ae8d7620d77965ad287ecc |
filename | sha512 hash |
---|---|
kubernetes-client-darwin-amd64.tar.gz | 948db15a9905704d08517c530f903d321103ba2c863c307d5afaa06036aa4ebca24e8674187399f9a92210e58eb7db8e0b46c7dc9f6abada19fcf64334c1ebf6 |
kubernetes-client-darwin-arm64.tar.gz | 67312baa29835f99ca81e3f241e4f08d776ac606364b4bfbe4bdfb07b1c0a7efdb68bd2b279e07816a7779b560accf4d70e71bbae739326c19844f33c25e97f5 |
kubernetes-client-linux-386.tar.gz | 0d83df79b845d22e7a0cb98a51b0f4d5e3b3c4558aea128cde5c16c0a1076096dd64569bed4485a419a755d72ba2ac27a364b0dc31319abfe1fbbc01a9b9b9eb |
kubernetes-client-linux-amd64.tar.gz | 6dc7c48f7418c2375a2c0b264005aff04dca88fb6b2607b71acd5083f7ef62d907b4cdcc6353615855e675f2575fdddce0e010e994553e380ce45fd76f33a7f0 |
kubernetes-client-linux-arm.tar.gz | 98988fc90a23a5ef6e552192f44812858cb33e01378806a53853409d15927bc153b422f67563f81bb0eb0807584b08376ea76e584c5ab9faf5fab15ff73f9298 |
kubernetes-client-linux-arm64.tar.gz | aadab5f9253cd313a85575a1c39d4b06966826b0e76ac1b647736dadc9545b57a9a3c9663528f13fb9432e3ca4c8a59698cf445f81402d7d3fbca76f5268d2b5 |
kubernetes-client-linux-ppc64le.tar.gz | 710bfde17dc991a4e5a233e26ca55dcbd021e75d10d70dbdba71ad791235dbe6607322b97bd3f22eb3e4d843eefdc8f38d1f0b28fac0ce0743fb063135a136c9 |
kubernetes-client-linux-s390x.tar.gz | b036defee013a7187eeade78df0ab4dd221da347602cd33f977560fb89b27b82ecd7c2a9df1b63c3cef786c36ea054b735ef31fc9ad0fc4af980542a520375ef |
kubernetes-client-windows-386.tar.gz | dd4f20363812d781f9a4d7e985285418ddfd05b8ba05fd1c07c0ebbb2b3df1b940a8d57472a9b0647a6f71498be28cd8d8b71500a5576dbf7e8c3d8902b9005c |
kubernetes-client-windows-amd64.tar.gz | 29f71f746dc3987d0187f6039b5e9c897b790c5f31882f7d3d6b138a592e384981856ced87c7cd892574566735d4c9f8972b90cd8a3370adf298f289ce32fc9d |
kubernetes-client-windows-arm64.tar.gz | 805d8c10e562e45553f1a0978814924e3df5fc244868d20de77d8eea2e978ce524b4d87c5bd06a6250f087237db8566aa46edf6253e47b5b8f2651b14eb6ccdc |
filename | sha512 hash |
---|---|
kubernetes-server-linux-amd64.tar.gz | 8332ba0e47eece25af1864fe95849cabe5a208a48e5b8b4d311c545244ae1d05f0569b51f12887e97d8288ab80bc57044490153325e4af43082a65097579ded5 |
kubernetes-server-linux-arm64.tar.gz | e215b58ac54169d50e9a0247b08de1255990c77bdc80838dc226f165aacb84bd46605c3e3102a23ef590548b431a74bf9e3547fa24f3b5f84de4d68ba32965cb |
kubernetes-server-linux-ppc64le.tar.gz | d71917d0853b448b1541b4a437a40caef3624a2dacaafb918b2f3679fbb68b94a44ac3d13bcc7b5f6adbf65913342777af39b65b31742bf5c130893d47b65f10 |
kubernetes-server-linux-s390x.tar.gz | d347add21100106c7fc057cfe0ac940fd0f80741faff9b9dc6093d3c99db17abf29b7cd713cd91f728cc1dae217ac9ad2446801f3f92c9aa18291829497aae01 |
filename | sha512 hash |
---|---|
kubernetes-node-linux-amd64.tar.gz | c853ce453e49aa520e20c934849eeeca4e841d49c94bbd8951d94ebade34ed92aecc841715023e0853f23d78e9bb884d5234d790a5ffe9a9a2fa580114bd849c |
kubernetes-node-linux-arm64.tar.gz | 91a8de520f17062f4680d7b0a7f8073cabbc0996010d4ecc0d907d0bc89bd8641bef1ace3f5d5c050ffa30ce6dec1019b80ee5acea1e3d947666a5bac826b466 |
kubernetes-node-linux-ppc64le.tar.gz | ed17879b3b43183f5a537a1bad44a56140f809f182f131dbf95b4cbd4c91d90d79016d1c6fd108025a756f408c2dee68d5c458df29b4891a7b598fa41a119a94 |
kubernetes-node-linux-s390x.tar.gz | bbbcde49cfa7dd52560865816b2c0ac92ce1e7d9a5bf17cce979adecc1b258f13cd07118e0b6c1959cca102c172ec8c950e14207d352b943d14153bb5f864555 |
kubernetes-node-windows-amd64.tar.gz | 952472d1b65a7b647d6e3f661ea36c975cf82482c32936ea2aa11ae0e828237391e7ae97d5b8a65b194178953c7725b092027ee545439a754e28702e60383e70 |
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
A new (alpha) field, trafficDistribution
, has been added to the Service spec
. This field provides a way to express preferences for how traffic is distributed to the endpoints for a Service. It can be enabled through the ServiceTrafficDistribution
feature gate. (#123487, @gauravkghildiyal) [SIG API Machinery, Apps and Network]
Add alpha-level support for the SuccessPolicy in Jobs (#123412, @tenzen-y) [SIG API Machinery, Apps and Testing]
Added (alpha) support for the managedBy field on Jobs. Jobs with a custom value of this field - any value other than kubernetes.io/job-controller
- are skipped by the job controller, and their reconciliation is delegated to an external controller, indicated by the value of the field. Jobs that don't have this field at all, or where the field value is the reserved string kubernetes.io/job-controller
, are reconciled by the built-in job controller. (#123273, @mimowo) [SIG API Machinery, Apps and Testing]
Added a alpha feature, behind the RelaxedEnvironmentVariableValidation
feature gate. When that gate is enabled, Kubernetes allows almost all printable ASCII characters to be used in the names of environment variables for containers in Pods. (#123385, @HirazawaUi) [SIG Apps, Node and Testing]
Added alpha support for field selectors on custom resources. Provided that the CustomResourceFieldSelectors
feature gate is enabled, the CustomResourceDefinition API now lets you specify selectableFields
. Listing a field there allows filtering custom resources for that CustomResourceDefinition in list or watch requests. (#122717, @jpbetz) [SIG API Machinery]
Added support for configuring multiple JWT authenticators in Structured Authentication Configuration. The maximum allowed JWT authenticators in the authentication configuration is 64. (#123431, @aramase) [SIG Auth and Testing]
Aggregated discovery supports both v2beta1 and v2 types and feature is promoted to GA (#122882, @Jefftree) [SIG API Machinery and Testing]
Allowing container runtimes to fix an image garbage collection bug by adding an image_id
field to the CRI Container message. (#123508, @saschagrunert) [SIG Node]
AppArmor profiles can now be configured through fields on the PodSecurityContext and container SecurityContext.
Conflicting issuers between JWT authenticators and service account config are now detected and fail on API server startup. Previously such a config would run but would be inconsistently effective depending on the credential. (#123561, @enj) [SIG API Machinery and Auth]
Dynamic Resource Allocation: DRA drivers may now use "structured parameters" to let the scheduler handle claim allocation. (#123516, @pohly) [SIG API Machinery, Apps, Auth, CLI, Cluster Lifecycle, Instrumentation, Node, Release, Scheduling, Storage and Testing]
Graduated pod scheduling gates to general availability. The PodSchedulingReadiness
feature gate no longer has any effect, and the .spec.schedulingGates
field is always available within the Pod and PodTemplate APIs. (#123575, @Huang-Wei) [SIG API Machinery, Apps, Node, Scheduling and Testing]
Graduated support for minDomains
in pod topology spread constraints, to general availability. The MinDomainsInPodTopologySpread
feature gate no longer has any effect, and the field is always available within the Pod and PodTemplate APIs. (#123481, @sanposhiho) [SIG API Machinery, Apps, Scheduling and Testing]
JWT authenticator config set via the --authentication-config flag is now dynamically reloaded as the file changes on disk. (#123525, @enj) [SIG API Machinery, Auth and Testing]
Kube-apiserver: the AuthenticationConfiguration type accepted in --authentication-config
files has been promoted to apiserver.config.k8s.io/v1beta1
. (#123696, @aramase) [SIG API Machinery, Auth and Testing]
Kube-apiserver: the AuthorizationConfiguration type accepted in --authorization-config
files has been promoted to apiserver.config.k8s.io/v1beta1
. (#123640, @liggitt) [SIG Auth and Testing]
Kubelet should fail if NodeSwap is used with LimitedSwap and cgroupv1 node. (#123738, @kannon92) [SIG API Machinery, Node and Testing]
Kubelet: a custom root directory for pod logs (instead of default /var/log/pods) can be specified using the podLogsDir
key in kubelet configuration. (#112957, @mxpv) [SIG API Machinery, Node, Scalability and Testing]
Kubelet: the .memorySwap.swapBehavior
field in kubelet configuration accepts a new value NoSwap
and makes this the default if unspecified; the previously accepted UnlimitedSwap
value has been dropped. (#122745, @kannon92) [SIG API Machinery, Node and Testing]
OIDC authentication will now fail if the username asserted based on a CEL expression config is the empty string. Previously the request would be authenticated with the username set to the empty string. (#123568, @enj) [SIG API Machinery, Auth and Testing]
PodSpec API: remove note that hostAliases are not supported on hostNetwork Pods. The feature has been supported since v1.8. (#122422, @neolit123) [SIG API Machinery and Apps]
Promote AdmissionWebhookMatchConditions to GA. The feature is now stable and the feature gate is now locked to default. (#123560, @ivelichkovich) [SIG API Machinery and Testing]
Structured Authentication Configuration now supports DiscoveryURL
. discoveryURL if specified, overrides the URL used to fetch discovery information. This is for scenarios where the well-known and jwks endpoints are hosted at a different location than the issuer (such as locally in the cluster). (#123527, @aramase) [SIG API Machinery, Auth and Testing]
Support Recursive Read-only (RRO) mounts (KEP-3857) (#123180, @AkihiroSuda) [SIG API Machinery, Apps, Node and Testing]
The StructuredAuthenticationConfiguration feature is now beta and enabled by default. (#123719, @enj) [SIG API Machinery and Auth]
The StorageVersionMigration
API, which was previously available as a Custom Resource Definition (CRD), is now a built-in API in Kubernetes. (#123344, @nilekhc) [SIG API Machinery, Apps, Auth, CLI and Testing]
The kubernetes repo now uses Go workspaces. This should not impact end users at all, but does have impact for developers of downstream projects. Switching to workspaces caused some breaking changes in the flags to the various k8s.io/code-generator tools. Downstream consumers should look at staging/src/k8s.io/code-generator/kube_codegen.sh to see the changes. (#123529, @thockin) [SIG API Machinery, Apps, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Release, Storage and Testing]
ValidatingAdmissionPolicy is promoted to GA and will be enabled by default. (#123405, @cici37) [SIG API Machinery, Apps, Auth and Testing]
When configuring a JWT authenticator:
If username.expression uses 'claims.email', then 'claims.email_verified' must be used in username.expression or extra[].valueExpression or claimValidationRules[].expression. An example claim validation rule expression that matches the validation automatically applied when username.claim is set to 'email' is 'claims.?email_verified.orValue(true)'. (#123737, @enj) [SIG API Machinery and Auth]
Added access_mode
label to volume_manager_selinux_*
metrics. (#123667, @jsafrane) [SIG Node, Storage and Testing]
Added client-go
support for upgrading subresource fields from client-side to server-side management (#123484, @erikgb) [SIG API Machinery]
Added apiserver_watch_cache_read_wait metric to measure watch cache impact on request latency. (#123190, @padlar) [SIG API Machinery and Instrumentation]
Adds new flag, namely custom
, in kubectl debug to let users customize pre-defined profiles. (#120346, @ardaguclu) [SIG CLI]
Bump cAdvisor to v0.49.0 (#123599, @bobbypage) [SIG Node]
Embed Node information into Pod-bound service account tokens as additional metadata
authentication.kubernetes.io/credential-id
in user's ExtraInfo (#123135, @munnerz) [SIG API Machinery, Auth and Testing]Feature gates for RemoteCommand (kubectl exec, cp, and attach) over WebSockets are now enabled by default (Beta).
Graduated HorizontalPodAutoscaler support for per-container metrics to stable. (#123482, @sanposhiho) [SIG API Machinery, Apps and Autoscaling]
Graduated forensic container checkpointing KEP #2008 from Alpha to Beta. (#123215, @adrianreber) [SIG Node and Testing]
In the Pod API, setting the alpha procMount
field to Unmasked
in a container now requires setting spec.hostUsers=false
as well. (#123520, @haircommander) [SIG Apps, Auth and Testing]
InitContainer's image location will be considered in scheduling when prioritizing nodes. (#123366, @kerthcet) [SIG Scheduling]
It is possible to configure the IDs that the Kubelet uses to create user namespaces.
User namespaces support is a Beta feature now. (#123593, @giuseppe) [SIG Node]
Kube-apiserver now reports latency metric for JWT authenticator authenticate token decisions in the apiserver_authentication_jwt_authenticator_latency_seconds
metric, labeled by jwtIssuer hash and result. (#123225, @aramase) [SIG API Machinery and Auth]
Kube-apiserver now reports the following metrics for authorization webhook match conditions:
apiserver_authorization_match_condition_evaluation_errors_total
counter metric labeled by authorizer type and nameapiserver_authorization_match_condition_exclusions_total
counter metric labeled by authorizer type and nameapiserver_authorization_match_condition_evaluation_seconds
histogram metric labeled by authorizer type and name (#123611, @ritazh) [SIG API Machinery, Auth and Testing]Kube-apiserver: Authorization webhooks now report the following metrics:
Kube-apiserver: JWT authenticator now report the following metrics:
Kube-apiserver: the StructuredAuthorizationConfiguration feature gate is promoted to beta and allows using the --authorization-configuration
flag (#123641, @liggitt) [SIG API Machinery and Auth]
Kube-controller-manager: increase the global level for broadcaster's logging to 3 so that users can ignore event messages by lowering the logging level. It reduces information noise. (#122293, @mengjiao-liu) [SIG API Machinery, Apps, Autoscaling, Network, Node, Scheduling, Storage and Testing]
Kubeadm: add the WaitForAllControlPlaneComponents feature gate. It can be used to tell kubeadm to wait for all control plane components to be ready when running "kubeadm init" or "kubeadm join --control-plane". Currently kubeadm only waits for the kube-apiserver. The "kubeadm join" workflow now includes a new experimental phase called "wait-control-plane". This phase will be marked as non-experimental when WaitForAllControlPlaneComponents becomes GA. Accordingly a "kubeadm init" phase "wait-control-plane" will also be available once WaitForAllControlPlaneComponents becomes GA. These phases can be skipped if the user prefers to not wait for the control plane components. (#123341, @neolit123) [SIG Cluster Lifecycle]
Kubeadm: print all the kubelets and nodes that need to be upgraded on "upgrade plan". (#123578, @carlory) [SIG Cluster Lifecycle]
Kubectl port-forward over websockets (tunneling SPDY) can be enabled using an Alpha
feature flag environment variable: KUBECTL_PORT_FORWARD_WEBSOCKETS=true. The API Server being communicated to must also have an Alpha
feature flag enabled: PortForwardWebsockets. (#123413, @seans3) [SIG API Machinery, CLI, Node and Testing]
Kubernetes is now built with go 1.22.1 (#123750, @cpanato) [SIG Release and Testing]
Node podresources API now includes init containers with containerRestartPolicy of Always
when SidecarContainers
feature is enabled. (#120718, @gjkim42) [SIG Node and Testing]
Promote ImageMaximumGCAge feature to beta (#123424, @haircommander) [SIG Node and Testing]
Promote PodHostIPs condition to GA and lock to default. (#122870, @wzshiming) [SIG Apps, Network, Node and Testing]
Target drop-in kubelet configuration dir feature to Beta (#122907, @sohankunkerkar) [SIG Node and Testing]
The Kubelet rejects creating the pod if hostUserns=false and the CRI runtime does not support user namespaces. (#123216, @giuseppe) [SIG Node]
The watch cache waits until it is at least as fresh as given requestedWatchRV if sendInitialEvents was requested. (#122830, @p0lyn0mial) [SIG API Machinery, Network and Testing]
ValidatingAdmissionPolicy now exclude TokenReview, SelfSubjectReview, LocalSubjectAccessReview, and SubjectAccessReview from all versions of authentication.k8s.io and authorization.k8s.io group. (#123543, @jiahuif) [SIG API Machinery and Testing]
kubectl get job
now displays the status for the listed jobs. (#123226, @ivanvc) [SIG Apps and CLI]
map()
operations, (e.g. .map(...).exists(...)
) to have the correct estimated instead of an unbounded cost. (#123562, @jpbetz) [SIG API Machinery, Auth and Cloud Provider]Always
cannot update its state from terminated to non-terminated for the pod with restartPolicy with Never
or OnFailure
. (#123323, @gjkim42) [SIG Apps and Node]GetInstanceProviderID
method will not require the providerID to be set and will not fail to initialize the node for backward compatibility issues. (#123713, @aojea) [SIG Cloud Provider]--authorization-mode
when --authorization-config
is provided (#123654, @LiorLieberman) [SIG Cluster Lifecycle]
Contributors, the CHANGELOG-1.30.md has been bootstrapped with v1.30.0-beta.0 release notes and you may edit now as needed.
Published by your Kubernetes Release Managers.