Keeping Up with Kubernetes: The Updates from Versions 1.26 to 1.29

8 min readJan 21, 2024

Welcome to my Kubernetes blogs. The blogs aim to provide you with effective Kubernetes knowledge and tools that increase efficiency while reducing stress and time to deliver high-quality solutions. Click the follow button to be notified when a new story is released.

Let’s get into it…

Keeping yourself updated with the latest version of kubernetes can be sometimes a real effort as our day-to-day tasks can put a side the updates which can seem scary to execute, especially when you perform it on your kubernetes cluster which holds most of your core product, well probably most of it.

So in case you missed the latest updates of the supported major versions ( https://endoflife.date/kubernetes) the following post will summarize all of the relevant changes that took place in 1.26,1.27,1.28 and the latest 1.29 versions.

Electrifying — 1.26

The Kubernetes v1.26 release, titled “Electrifying”. Nice to know the release team picked the theme name to highlight the importance of the diverse computing resources used in Kubernetes development and deployment, emphasizing environmental sustainability and energy consumption. With that being said the major points of the release are as follow:

Container Image Registry Change: Kubernetes v1.26 is the first release published exclusively in the new registry.k8s.io container image registry, moving away from the legacy k8s.gcr.io.
CRI v1alpha2 Removed: Support for CRI v1alpha2 has been dropped, necessitating an upgrade to containerd version 1.6.0 or later for compatibility with Kubernetes v1.26.
Storage Improvements: CSI migration for Azure File and vSphere has graduated to stable. The release also sees the stable graduation of the Delegate FSGroup to CSI Driver feature and the removal of in-tree GlusterFS and OpenStack Cinder drivers.
Windows Privileged Containers: Support for privileged containers on Windows nodes, known as HostProcess containers, has graduated to stable.
Metrics Framework Extension: The metrics framework extension graduates to alpha, with documentation published for every metric in the Kubernetes codebase. Additionally, Component Health Service Level Indicators have also graduated to alpha.
Dynamic Resource Allocation: This new feature, now in alpha, offers an alternative to the “countable” interface for requesting access to resources using the Container Device Interface (CDI).
CEL in Admission Control: Now in alpha, this feature introduces a v1alpha1 API for validating admission policies using Common Expression Language expressions.
Pod Scheduling Improvements: The release introduces PodSchedulingReadiness (alpha) and NodeInclusionPolicyInPodTopologySpread (beta) to enhance scheduling control.

Reading the changes that took place on the 1.26 version, the thing that were highlighted the most for me was the move away to the new container image registry and containerd updates which can make the upgrade process fail in some of the environments I was working on at that time.

Chil Vibes — 1.27

The Kubernetes v1.27 release, themed “Chill Vibes,” is the first release of 2023 and Here’s a major key takeaway from that release:

Freezing of k8s.gcr.io Image Registry: The old image registry, k8s.gcr.io, is being replaced by registry.k8s.io, which is now generally available and fully controlled by the community. This change means no further images for Kubernetes and related sub-projects will be published to the old registry.
SeccompDefault Graduates to Stable: This feature, which enables the kubelet to use the RuntimeDefault seccomp profile by default, has graduated to stable. It aims to provide strong security defaults while preserving workload functionality.
Mutable Scheduling Directives for Jobs: Now stable, this feature allows updating a Job’s scheduling directives before it starts, giving custom queue controllers the ability to influence pod placement.
DownwardAPIHugePages Graduates to Stable: This feature, which allows the use of hugepages in the downward API, has graduated to stable, enhancing consistency with other resources like CPU and memory.
Pod Scheduling Readiness Goes to Beta: This enhancement allows control over when a Pod is ready to be considered for scheduling by specifying/removing a Pod’s .spec.schedulingGates.
Node Log Access via Kubernetes API: An alpha feature that enables cluster administrators to query service logs on nodes for debugging purposes.
ReadWriteOncePod PersistentVolume Access Mode: Now in beta, this mode restricts volume access to a single pod in the cluster, useful for stateful workloads requiring single-writer access to storage.
Faster SELinux Volume Relabeling Using Mounts: This beta feature speeds up container startup by mounting volumes with the correct SELinux label, avoiding the need to change each file on the volumes recursively.
Robust VolumeManager Reconstruction Goes to Beta: Enhances the discovery of mounted volumes during kubelet startup, making volume cleanup more robust.
Mutable Pod Scheduling Directives Goes to Beta: Allows mutating a pod’s scheduling directives before it is allowed to be scheduled, enabling external resource controllers to influence pod placement.

Planternetes — 1.28

The Kubernetes v1.28 release, themed “Planternetes,” major key takeaways:

Supported Skew Between Control Plane and Node Versions: Kubernetes v1.28 expands the supported skew between core node and control plane components from n-2 to n-3. means that the node components can be up to three minor versions behind the control plane components, offering more flexibility in upgrade schedules and maintenance.
Recovery from Non-Graceful Node Shutdown: Now a stable feature, Kubernetes v1.28 allows for the cleanup and failover of stateful workloads to a different node after an unexpected node shutdown or failure.
Improvements to CustomResourceDefinition Validation Rules: The Common Expression Language (CEL) can be used for validating custom resources, moving to beta in this release. This feature aims to simplify the validation process for CRD authors.
ValidatingAdmissionPolicies Graduate to Beta: This feature provides in-process validation of requests to the Kubernetes API server, offering an alternative to validating admission webhooks.
Match Conditions for Admission Webhooks: The matchCondition field for ValidatingWebhookConfiguration and MutatingWebhookConfiguration, which narrows the scope of when Kubernetes makes a remote HTTP call at admission time, has moved to beta.
Beta Support for Enabling Swap Space on Linux: This feature adds swap support to nodes, allowing for performance tuning and stability improvements.
Mixed Version Proxy (Alpha): This feature helps manage requests in clusters with API servers at mixed versions, such as during upgrades or downgrades.
Source Code Reorganization for Control Plane Components: The code for the kube-apiserver is being reorganized to build on a new staging repository, aiming for more reusable functionality.
Support for CDI Injection into Containers (Alpha): This feature enables plugin developers to utilize the CDIDevices field added to the CRI in 1.27 to pass CDI devices directly to CDI enabled runtimes.
API Awareness of Sidecar Containers (Alpha): Kubernetes 1.28 introduces an alpha restartPolicy field for init containers, indicating when an init container is also a sidecar container.
Automatic, Retroactive Assignment of a Default StorageClass: This feature, now stable, automatically sets a storageClassName for a PersistentVolumeClaim (PVC) if not provided.
Pod Replacement Policy for Jobs (Alpha): Adds a new field for the Job API to specify when new Pods should be created in relation to the termination of existing Pods.
Job Retry Backoff Limit, Per Index (Alpha): Extends the Job API to support indexed jobs where the backoff limit is per index, allowing the Job to continue execution despite some indexes failing.

The keynotes I am picking away from the 1.28 release are the skew update which can provide some flexbility, new job field updates that I can take advantage of, and support for adding the swap on the Linux machine, which, at first glance, can help reduce the amount of memory used by the nodes.

Mandala — 1.29

The Kubernetes v1.29 release, themed “Mandala (The Universe),” is the last release of 2023. It’s theme symbolizes the interconnectedness and collaborative nature of the Kubernetes community. Here’s a summary of the key points:

Stable Improvements:

ReadWriteOncePod PersistentVolume Access Mode: This feature, now stable, restricts volume access to a single node, ensuring that only one pod across the entire cluster can read or write to a PVC.
Node Volume Expansion Secret Support for CSI Drivers: This allows an optional secret field to be sent as part of the NodeExpandVolumeRequest by CSI drivers for node volume expansion operations.
KMS v2 Encryption at Rest: KMS v2 has become stable, offering improvements in performance, key rotation, health check, and observability for encrypting persisted API data at rest.

Beta Improvements:

QueueingHint for Scheduler: Aims to optimize the efficiency of requeueing, reducing unnecessary scheduling retries.
Decoupling TaintManager from NodeLifecycleController: This separates the two controllers for better performance and management.
Clean Up for Legacy Secret-Based ServiceAccount Tokens: This feature labels and removes unused legacy secret-based tokens to reduce potential attack surfaces.

New Alpha Features:

Pod Affinity/Anti-Affinity Using MatchLabelKeys: Enhances accuracy in rolling updates.
nftables Backend for kube-proxy: A new backend based on nftables, as iptables is being deprecated in some Linux distributions.
APIs to Manage IP Address Ranges for Services: Allows dynamic management of Service IPs without restarting the kube-apiserver.
Image Pull Per Runtime Class: Supports pulling container images based on the RuntimeClass of the Pod.

Graduations, Deprecations, and Removals:

Stable Graduations: Includes features like KMS v2, ReadWriteOncePod PersistentVolume Access Mode, and Kubernetes Component Health SLIs.
Deprecations and Removals: Notable removals include in-tree integrations with cloud providers and the v1beta2 flow control API group.

As the last minor update of 2023, there are lots of changes that took place in that feature. My key takeaway from that release is the stablize of kms key encryption, which could be critical for companies that prioritize security. With that being said I wonder where ReadWriteOncePod would be relevant for my usage it probably would be good to know about for future projects when I hit the need for it.

Conclusion

Well, a lot of changes have been made in the past year, well not all of them will affect us personally, and we will be able to continue deploying the same workloads we have between the different versions smoothly. As DevOps engineers, we have the sole responsibility to keep the infrastructure up-to-date and, in some cases take advantage of new features if they are relevant for us.

Keeping the cluster up to date is not an easy task, but the cloud providers help us to reduce the friction of the updates by automating it and alerting us on deprecated APIs that we need to be aware of.

We will still need to take into account the appropriate usage of the kubernetes cluster and implement the workloads based on best practices.

***********************************************************************

Links:

www.kubegurus.com (Visit our company website)

https://www.linkedin.com/in/dekel-malul/ (Connect with me at Linkedin)