Container Service for Kubernetes:Kubernetes 1.31 release notes

Component versions

Kubernetes 1.31 supports the following key component versions.

Features

• If the caBundle field in a CustomResourceDefinition (CRD) is non-empty but is either invalid or does not contain CA certificates, the CRD will not provide services. To maintain uninterrupted service for the CRD, any updates that may render the caBundle field invalid or empty are prohibited once a valid caBundle is established.

• The MatchLabelKeysInPodAffinity feature gate has reached beta and is enabled by default. To resolve scheduling issues during rolling updates of Deployments that violate the affinity and anti-affinity rules, you can specify the new fields matchLabelKeys and mismatchLabelKeys in podAffinity and podAntiAffinity for the scheduler to distinguish between the old and new pods.

• The JobSuccessPolicy feature has reached beta and is enabled by default. You can configure a success policy for an Indexed Jobs. For more information, see Job success policy.

• DisableNodeKubeProxyVersion has reached beta and is enabled by default. The status.nodeInfo.kubeProxyVersion field no longer displays the kube-proxy version. The value displayed in this field is not accurate and cannot provide the actual version of kube-proxy.

• The ServiceAccountTokenNodeBinding feature has reached beta and is enabled by default. This feature allows you to bind a ServiceAccount token to a node. The token becomes invalid if it expires, or the associated node or ServiceAccount is deleted.

• The RecursiveReadOnlyMounts feature has reached beta and is enabled by default. You can make the mount recursively read-only on volumes mounted to pods, and all their subdirectories and files will be set to read-only mode. For more information, see Recursive read-only mounts.

• If the spec field of a pod changes but does not involve changes to the image field, the kubelet will not restart the container. This avoids unnecessary pod restarts due to non-functional configuration updates.

• HonorPVReclaimPolicy has reached beta and is enabled by default. You can add finalizers on a persistent volume (PV) to ensure that the PV with the Delete reclaim policy is deleted only after the relevent backing storage is deleted. For more information, see PersistentVolume deletion protection finalizer.

• kubectl debug supports the configuration of custom profiling for troubleshooting pods. For more information, see Kubernetes 1.31: Custom Profiling in Kubectl Debug Graduates to Beta.

• By default, Kubernetes clients, such as kubectl, use WebSocket for streaming. The kubectl cp, kubectl attach, kubectl exec, and kubectl port-forward commands now use the WebSocket protocol instead of SPDY to stream, which is a more modern and flexible protocol.

• The Kubernetes API server can achieve consistent reads from cache instead of fetching the entire dataset from etcd, which improves the efficiency of List requests. For more information, see Consistent reads from cache.

Feature changes

• The built-in CephFS volume plug-in kubernetes.io/cephfs was removed in this release and the CephFS CSI driver is used instead.

  If you are using the CephFS volume plug-in, you must re-deploy your application to use the new driver after you upgrade the cluster version to 1.31.

• The built-in CephRBD volume plug-in kubernetes.io/rbd was removed and the RBD CSI driver is used instead.

  If you are using the CephRBD volume plug-in, you must re-deploy your application to use the new driver after you upgrade the cluster version to 1.31.

• The CSIMigrationPortworx feature gate is enabled by default. Migration of volumes from the legacy embedded Portworx plug-in to the Portworx CSI plug-in is supported. Before you upgrade the cluster version to 1.31, if you are using Portworx as a storage solution, make sure to install and configure the corresponding Portworx CSI plug-in.

References

For more information about the release notes for Kubernetes 1.31, see CHANGELOG-1.31 and Kubernetes v1.31 release notes.