Kubernetes 1.30: Improvements Operators Appreciate

Kubernetes 1.30 (April 2024) was useful release though less highlighted than 1.31. Scheduling improvements, admission policies stabilised, refined job semantics. This article covers what matters for productive operators.

Highlighted Features

GA ValidatingAdmissionPolicy

Declarative alternative to admission webhooks:

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicy
metadata:
  name: "demo-policy"
spec:
  failurePolicy: Fail
  matchConstraints:
    resourceRules:
      - apiGroups: ["apps"]
        apiVersions: ["v1"]
        operations: ["CREATE", "UPDATE"]
        resources: ["deployments"]
  validations:
    - expression: "object.spec.replicas <= 5"
      message: "Replicas must be <= 5"

CEL expressions instead of external webhook. Lower latency, less infrastructure.

Pod Scheduling Readiness

Pods can enter scheduling when ready, not before:

spec:
  schedulingGates:
    - name: "wait-for-ready"

Useful for batch scheduling, fair scheduling with complex priorities.

Job Success/Failure Policy

spec:
  successPolicy:
    rules:
      - succeededIndexes: 0-3
        succeededCount: 2

Declare when Job is “success” by partial completion. Useful for fault-tolerant ML training.

Other Improvements

• Structured logging phase 2: more components migrated.
• CEL for CRD validation: alternative to webhooks.
• Node swap support (beta): swap opt-in, carefully.
• Contextual logging: tracing context in logs.
• PersistentVolumeClaim retention policy improvements.

Removed / Deprecated

• In-tree azureDisk driver removed (use CSI).
• In-tree vsphere deprecated.
• SecurityContextDeny admission removed.

CSI driver migration: standard path.

Upgrade Path

kubeadm upgrade plan v1.30.0
kubeadm upgrade apply v1.30.0
# ... rolling kubelet upgrade

Standard, non-disruptive.

Performance

Benchmarks:

• Scheduler: 5% throughput improvement.
• API server: minor memory reductions.
• Storage CSI: driver-specific performance.

Incremental cumulative gains.

Compatibility

• containerd 2.x compatible.
• CRI-O 1.30.
• Kernel 5.10+ recommended.
• etcd 3.5.x.

For Admins

• Deprecation warnings cleaned in 1.29.
• ValidatingAdmissionPolicy evaluated vs webhooks.
• Job policies evaluated for batch workloads.
• Scheduling gates for priority scheduling.

Ecosystem Updates

• kube-prometheus-stack: 1.30 ready.
• Helm charts: compatible.
• cert-manager: ready.
• CNIs (Calico, Cilium, Flannel): updated.

Notable Cloud Availability

• EKS: ~1-2 months post-upstream.
• GKE: earlier.
• AKS: similar EKS timing.
• Managed clouds always lag self-managed.

Conclusion

K8s 1.30 is solid release without drama. GA ValidatingAdmissionPolicy is biggest win — reduces dependency on external webhooks for simple policies. Pod scheduling readiness useful for sophisticated schedulers. For admins on 1.29, upgrade is safe. For admins on 1.28 or earlier, accelerate — gap widens each release.

Follow us on jacar.es for more on Kubernetes upgrades and operations.