Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Kubernetes 1.29 Released with KMS V2 Improvements and nftables Support

Kubernetes 1.29 Released with KMS V2 Improvements and nftables Support

The Cloud Native Computing Foundation (CNCF) released Kubernetes 1.29, named Mandala, last month. The latest release introduced features such as load balancer IP mode for services, mutable pod resources for Windows containers, and nftables for the kube-proxy.

Some features have been elevated to beta, such as sidecar containers and the separation of the node lifecycle controller from taint management.

There are several stable or generally available features in this release, such as KMS v2 encryption at rest and the addition of a new access mode called ReadWriteOncePod for persistent volumes.

In version 1.29, in-tree integrations with cloud providers are removed and the .status.kubeProxyVersion field for node objects is now deprecated.

In the new release, a new backend to the kube-proxy based on nftables is introduced. This is added because some Linux distributions are on their way to deprecate and remove iptables. Also, this is to address some of the performance problems of iptables, the default implementation of the kube-proxy.

Nina Polshakova, from the release team, commented on this particular feature:

nftables is a mode where the kube-proxy configures packet forwarding rules using nftables instead of iptables. This aims to be the successor of iptables and is only available on Linux nodes at this point. 

Also in the new release, in-place updates for pod resources are now supported for Windows containers to allow changing resource requests and limits without having to restart the pod or its containers.

In addition, managing IP address ranges for services is a new alpha feature allowing users to dynamically increase the number of services IPs available by creating new ServiceCIDRs.This is to resolve issues related to IP exhaustion or IP renumbering.

Sidecar containers moved to beta in version 1.29 and are enabled by default. Such containers augment or extend the functionality of the pod's main container, such as logging, monitoring, security, or part of a service mesh architecture.

Support for KMS v2 at rest encryption became a stable feature in v1.29. KMS v2, providing substantial improvements in performance, key rotation, and observability.

A new ReadWriteOncePod access mode became generally available or stable in v1.29 for PersistentVolumes(PVs) and PersistantVolumeClaims(PVCs). This is to address the situation in which multiple pods on the same node can read from and write to the same volume when using the ReadWriteOne access mode. Persistent volumes created with the access mode ReadWriteOncePod ensure that the created pod is the only one across the entire cluster that can read from or write to that particular PVC.

According to the release notes, Kubernetes version 1.29 has 49 enhancements, including 19 entering alpha, 11 becoming generally available or stable, and 19 graduating to beta. In addition, three features are being deprecated or removed.

For detailed information on the Kubernetes 1.29 release, users can refer to the official release notes and documentation for a comprehensive breakdown of the enhancements and deprecations this version presents or watch the recording of the CNCF webinar by the release team.

About the Author

Rate this Article