What's New in Kubernetes v1.31: Key Updates, Deprecations,and Features
Kubernetes continues its rapid evolution as the leading container orchestration platform, with each release bringing enhancements that refine its performance, security, and user experience. The latest version, Kubernetes v1.31, builds on this progress by introducing a series of removals, deprecations, and significant updates designed to streamline container management. In this post, we’ll explore the major changes in Kubernetes v1.31, comparing them with previous versions to highlight key updates, new features, and what’s been deprecated or removed. If you’re looking to stay ahead of the curve in Kubernetes developments, read on for everything you need to know about v1.31
Editor's Highlights of Kubernetes v1.31
- Deprecations and Removals: Complete phase-out of older storage plugins like CephFS and Ceph RBD in favor of CSI drivers; deprecation of APIs and security features such as SHA-1 signatures to enhance security.
- Enhanced Security: Transition to more robust cryptographic standards, aiming to strengthen the security infrastructure of Kubernetes clusters.
- Vendor-Neutral Cloud Integration: Final removal of all in-tree cloud provider integrations, supporting Kubernetes' goal to maintain a vendor-neutral platform.
1. Overview of Kubernetes v1.31 Updates
Kubernetes v1.31 brings crucial updates that affect key components such as APIs, storage plugins, and cloud integrations. These changes are designed to enhance the platform’s scalability, security, and functionality. Staying informed about these updates is critical for maintaining a modern and efficient Kubernetes environment. In this post, we’ll highlight the most impactful changes in Kubernetes v1.31, comparing them with previous versions to help you plan for necessary upgrades, migrations, and optimizations
2. The Kubernetes API Removal and Deprecation Process
Kubernetes follows a strict deprecation policy to manage the lifecycle of its APIs and features.
- Stable (GA) APIs: These can be marked as deprecated only when a newer, stable version is available. Once deprecated, they remain functional for at least one year but will eventually be removed.
- Beta APIs: Supported for three releases after deprecation. If not promoted to stable, they will be removed.
- Alpha APIs: These can be removed at any time without prior deprecation.
Comparison with Previous Versions:
- v1.30 and Earlier: The approach was similar, but v1.31 brings a stronger emphasis on the timely removal of deprecated APIs, ensuring Kubernetes evolves towards more efficient and secure implementations.
3. Major Removals and Deprecations in Kubernetes v1.31
Kubernetes v1.31 sees several significant removals and deprecations. Here’s a closer look at these changes compared to v1.30:
3.1. Deprecation of status.nodeInfo.kubeProxyVersion Field
- v1.30 and Earlier: This field was present but was recognized as unreliable since the kubelet lacked accurate information about kube-proxy versions.
- v1.31: The status.nodeInfo.kubeProxyVersion field has been deprecated and will be removed in future releases. The DisableNodeKubeProxyVersion feature gate is enabled by default to avoid setting this field. Impact: Users should stop relying on this field for monitoring or configuration.
3.2. Removal of All In-Tree Integrations with Cloud Providers
- v1.30: Partial removal of in-tree cloud provider integrations, with the recommendation to use external integrations.
- v1.31: The final removal of all in-tree integrations marks the completion of this externalization process. Kubernetes aims to be a fully vendor-neutral platform. Action Required: Users must migrate to external cloud provider integrations, following Kubernetes' Cloud Provider Integrations guide.
3.3. Removal of kubelet --keep-terminated-pod-volumes Flag
- v1.30 and Earlier: This flag was deprecated for a long time (since 2017), but still existed.
- v1.31: The flag has been removed entirely. Impact: Users should ensure that their configurations do not depend on this flag. Further details can be found in the pull request #122082.
4. Changes in Storage Plugins and Recommendations
Storage management in Kubernetes is undergoing significant transformations with v1.31. The removal of non-CSI storage plugins and the push towards Container Storage Interface (CSI) drivers are central to this.
4.1. Removal of CephFS Volume Plugin
- v1.30 and Earlier: CephFS was marked as deprecated, but still functional.
- v1.31: CephFS is completely removed, making the type non-functional. Users must migrate to the CephFS CSI driver, a third-party storage solution. Action Required: Applications using CephFS need to be re-deployed using the new CSI driver.
4.2. Removal of Ceph RBD Volume Plugin
- v1.30 and Earlier: Similar to CephFS, Ceph RBD was marked as deprecated.
- v1.31: Ceph RBD volume plugin and its CSI migration support have been removed. Migration to the RBD CSI driver is necessary. Impact: Clusters using Ceph RBD must reconfigure to use the updated storage solution.
4.3. Deprecation of Non-CSI Volume Limit Plugins in Kube-Scheduler
- v1.30 and Earlier: Non-CSI plugins like AzureDiskLimits, CinderLimits, EBSLimits, GCEPDLimits were still part of the default scheduler plugins.
- v1.31: These plugins are deprecated. The NodeVolumeLimits plugin is recommended as it supports CSI functionality. Action Required: Replace deprecated plugins in the scheduler config with NodeVolumeLimits.
5. Important Security Changes: SHA-1 Signature Deprecation
Kubernetes v1.31 introduces a critical security change regarding SHA-1 signatures:
- v1.30 and Earlier: SHA-1 support existed but was not recommended due to security vulnerabilities.
- v1.31: The support for SHA-1 is being deprecated, and it will be fully removed in Go 1.24, expected in 2025. Action Required: Migrate to stronger cryptographic standards. Check Kubernetes issue #125689 for more details.
6. Upcoming Changes in Kubernetes v1.32: Preparing Ahead
Looking forward, Kubernetes v1.32 will continue the trend of refining and optimizing its APIs and integrations:
- FlowSchema and PriorityLevelConfiguration Removals: Users are encouraged to update their manifests to use the flowcontrol.apiserver.k8s.io/v1 API version, which has been available since v1.29.
Preparing for v1.32:
- v1.31 and Earlier: Users should start transitioning to the newer API versions to avoid any service interruptions.
- v1.32: Removal of older APIs will require that all systems be updated to comply with the newer standards.
7. Action Steps for Kubernetes Users and Administrators
To ensure a smooth transition to Kubernetes v1.31, follow these steps:
- Review Deprecations: Identify any deprecated fields, APIs, or plugins in use and plan for their removal or replacement.
- Migrate to External Integrations: Ensure all in-tree cloud provider integrations are replaced with the recommended external integrations.
- Update Storage Solutions: Migrate from deprecated volume plugins to the corresponding CSI drivers.
- Adopt Stronger Security Practices: Replace SHA-1 certificates and implement stronger cryptographic standards.
8. Conclusion: Embracing Change for a Robust Kubernetes Experience
Kubernetes v1.31 represents a major milestone in enhancing the platform’s security, functionality, and vendor neutrality. By adapting to these updates, such as API deprecations, storage changes, and security enhancements, Kubernetes users can continue to leverage a flexible and powerful container orchestration system. The proactive adoption of these improvements ensures that your infrastructure remains modern, secure, and optimized for the future. Stay ahead by continuously refining your Kubernetes environment, and embrace these changes to maintain a seamless and robust experience.
For more expert insights and the latest updates on Kubernetes, follow the Kloia Blog and stay informed on industry trends and best practices!
9. FAQ
What are the major deprecations in Kubernetes v1.31?
Major deprecations include the status.nodeInfo.kubeProxyVersion field, SHA-1 signature support, and several non-CSI volume limit plugins.
How can I migrate to the CephFS CSI driver?
Refer to the official Kubernetes CSI documentation for steps on migrating from the CephFS volume plugin to the CSI driver.
What is the recommended replacement for the kubelet --keep-terminated-pod-volumes flag?
Users should remove any dependencies on this flag, as it has been fully removed in v1.31.
Enes Cetinkaya
Cloud Engineer @kloia