Kubernetes 1.30: mejoras que agradecen los operadores

Kubernetes 1.30 (abril 2024) fue release útil aunque menos destacada que 1.31. Mejoras en scheduling, admission policies estabilizadas, job semantics refinadas. Este artículo cubre lo que importa para operadores productivos.

Features destacadas

ValidatingAdmissionPolicy GA

Alternativa declarativa a webhooks admission:

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicy
metadata:
  name: "demo-policy"
spec:
  failurePolicy: Fail
  matchConstraints:
    resourceRules:
      - apiGroups: ["apps"]
        apiVersions: ["v1"]
        operations: ["CREATE", "UPDATE"]
        resources: ["deployments"]
  validations:
    - expression: "object.spec.replicas <= 5"
      message: "Replicas must be <= 5"

CEL expressions en vez de webhook externo. Lower latency, menos infrastructure.

Pod Scheduling Readiness

Pods pueden entrar scheduling cuando ready, no antes:

spec:
  schedulingGates:
    - name: "wait-for-ready"

Útil para batch scheduling, fair scheduling con priorities complejas.

Job Success/Failure Policy

spec:
  successPolicy:
    rules:
      - succeededIndexes: 0-3
        succeededCount: 2

Declarar cuándo Job es “éxito” por partial completion. Useful para ML training fault-tolerant.

Other improvements

• Structured logging phase 2: más components migrated.
• CEL for CRD validation: alternative to webhooks.
• Node swap support (beta): swap opt-in, carefully.
• Contextual logging: tracing context in logs.
• PersistentVolumeClaim retention policy improvements.

Removed / Deprecated

• In-tree azureDisk driver removed (use CSI).
• In-tree vsphere deprecated.
• SecurityContextDeny admission removed.

Migration a CSI drivers: path standard.

Upgrade path

kubeadm upgrade plan v1.30.0
kubeadm upgrade apply v1.30.0
# ... rolling kubelet upgrade

Standard, non-disruptive.

Performance

Benchmarks:

• Scheduler: 5% throughput improvement.
• API server: minor memory reductions.
• Storage CSI: performance specific drivers.

Incremental gains acumulativos.

Compatibility

• containerd 2.x compatible.
• CRI-O 1.30.
• Kernel 5.10+ recommended.
• etcd 3.5.x.

Para admins

• Deprecation warnings cleaned en 1.29.
• ValidatingAdmissionPolicy evaluated vs webhooks.
• Job policies evaluated para batch workloads.
• Scheduling gates para priority scheduling.

Ecosystem updates

• kube-prometheus-stack: 1.30 ready.
• Helm charts: compatible.
• cert-manager: ready.
• CNIs (Calico, Cilium, Flannel): updated.

Notable cloud avail

• EKS: ~1-2 months post-upstream.
• GKE: earlier.
• AKS: similar EKS timing.
• Managed clouds always lag self-managed.

Conclusión

K8s 1.30 es release sólida sin drama. ValidatingAdmissionPolicy GA es el biggest win — reduces dependency en webhooks externos para simple policies. Pod scheduling readiness útil para schedulers sofisticados. Para admins en 1.29, upgrade es safe. Para admins en 1.28 o earlier, acelerar — gap widens cada release.

Síguenos en jacar.es para más sobre Kubernetes upgrades y operations.