ImageMaximumGCAge allows you to use the kubelet to configure the maximum TTL of an unused image before garbage collection. If an image is still not used after its TTL ends, the image is deleted by garbage collection. The default value is "0s"
, which means no TTL is set. This feature gate has reached Alpha in Kubernetes 1.29 and reached Beta in Kubernetes 1.30.
The image_pull_duration_seconds
metric is added to the kubelet to track the image pulling time. For more information, see List of Alpha Kubernetes Metrics.
The LegacyServiceAccountTokenCleanUp feature gate has reach GA and is enabled by default. If an automatically generated Secret associated with a ServiceAccount is not used within a period of time (one year by default) and is not mounted to any pod, kube-controller-manager adds the kubernetes.io/legacy-token-invalid-since
label to the Secret. The Secret is marked as invalid. The label value is the current date. Starting from the day when the Secret is marked as invalid, if it is still not used within a period of time (one year by default), kube-controller-manager automatically deletes the Secret. For Secrets that have this label but are not deleted, you can remove the kubernetes.io/legacy-token-invalid-since
label to make the Secrets valid again. For more information, see Auto-generated legacy ServiceAccount token clean up and Legacy ServiceAccount token cleaner.
In Kubernetes 1.30, if --nodeport-addresses
is not configured for kube-proxy (this flag is not configured by default), NodePort Service updates will update only the primary node IP address instead of updating all node IP addresses. For more information, see #122724.
To prevent configuration conflicts and security issues, the OIDC Issuer URL and API server ServiceAccount Issuer URL must not be configured with the same parameter. For more information, see #123561.
The LoadBalancerIPMode feature gate allows you to add the .status.loadBalancer.ingress.ipMode
field to LoadBalancer Services to specify forwarding actions for requests sent to the specified load balancer IP address. This field is available only when the .status.loadBalancer.ingress.ip
field is specified. The LoadBalancerIPMode feature gate has reached Beta. For more information, see Specifying IPMode of load balancer status and Load Balancer IP Mode for Services.
The Horizontal Pod Autoscaler (HPA) based on ContainerResource metrics has reached Stable in Kubernetes 1.30. This enables the HPA to configure auto scaling based on the resource usage of each container in a pod instead of scaling based on the resource usage of the pod. This way, scaling thresholds can be separately configured for important containers in a pod. For more information, see Container resource metrics.
The AdmissionWebhookMatchConditions feature gate has reached GA and is enabled by default. This feature gate cannot be disabled. This feature gate allows you to define match conditions for admission webhooks in order to trigger webhooks in a more fine-grained manner. For more information, see Dynamic Admission Control.
The JobSuccessPolicy feature gate is added to claim that a job is completed when a group of pods that belong to the job are succeeded. You can specify specific indexes (such as pod indexes X, Y, and Z) or a number of indexes (such as three indexes) to claim that a job is completed. This feature gate has reached Alpha. For more information, see Job success/completion policy.
The RelaxedEnvironmentVariableValidation feature gate is added to control most printable ASCII characters (all characters from 32 to 126) used in environment variables, excluding the equal sign (=
). This feature gate has reached Alpha and is disabled by default. For more information, see #123385.
The CustomResourceFieldSelectors
feature gate is added to configure selectableFields
for CRDs. This way, Field Selectors can be sued to filter List, Watch, DeleteCollection requests in order to locate or manage CRDs that meet specific conditions. This feature gate has reached Alpha and is disabled by default. For more information, see Custom Resource Field Selectors.
An update is released for the CRDValidationRatcheting feature gate. After a new CRD validation ratcheting is added, even if existing resources will become invalid after updates, the API server does not block resource updates if resources that fail to pass the validation are not updated. This avoids affecting existing resources and users. This way, CRDs can be validated through OpenAPI v3 schemas during migration. This feature gate has reached Beta and is enabled by default. For more information, see CRD Validation ratcheting.
The Downward API uses the status.hostIPs
field to support IPv4/IPv6 dual stack. The first IP address in the status.hostIPs
list is always the same as the status.hostIP
. For more information, see Downward API.
The NodeLogQuery feature gate allows you to use the /logs
endpoint to query node service logs. This feature gate has reached Beta and is set to false by default. For more information, see Log query.