Kubernetes 1.30 发布，引入上下文日志、性能改进和安全性增强_AI阅读总结 — 包阅AI

The Cloud Native Computing Foundation (CNCF) released Kubernetes 1.30, named Uwubernetes in April. The release introduced features such as recursive read-only mounts, job completion policy, and fast recursive SELinux label change.

One of the changes in Kubernetes 1.30 is the overhaul of memory swap support for Linux nodes. This improvement is designed to enhance system stability by providing more control over memory usage. Alongside this, the introduction of a sleep action for the PreStop lifecycle hook offers a simplified native option for managing pod termination activities and ensuring better workload management.

Alpha features in version 1.30 include the integration of the Common Expression Language (CEL) for admission control, which paves the way for more sophisticated policy controls and validation mechanisms in Kubernetes clusters. Furthermore, enhancements to service account tokens through Kubernetes Enhancement Proposals (KEP) aim to provide more secure and manageable service accounts, an essential component for maintaining secure Kubernetes environments.

Kubernetes 1.30 also brings beta support for user namespaces, a Linux feature that isolates container UIDs and GIDs from those on the host, significantly bolstering security measures.

Kat Cosgrove, from the release team, commented on Contextual Logging becoming beta in version 1.30:

This enhancement simplifies the correlation and analysis of log data across distributed systems, significantly improving the efficiency of troubleshooting efforts. By offering a clearer insight into the workings of your Kubernetes environments, Contextual Logging ensures that operational challenges are more manageable, marking a notable step forward in Kubernetes observability.

Further scheduling improvements have been made, highlighted by the introduction of MatchLabelKeys for PodAffinity and PodAntiAffinity, which allows for better pod placement strategies.

Also, the decoupling of critical components, such as the TaintManager from NodeLifecycleController intends to enhance the overall maintainability of the project.

Additionally, this version presents usability upgrades to the scheduler and new structured authorization configurations, which ensure more sophisticated access controls within Kubernetes environments.

This release also deprecates several outdated features. The regression fixes for open API descriptions of imagePullSecrets and hostAliases fields are noteworthy, as consistency in these fields’ usage is crucial for operational integrity.

Additionally, this version signals the movement away from legacy security configurations in favor of more streamlined and modular approaches.

According to the release notes, Kubernetes version 1.30 has 45 enhancements, including 10 entering alpha, 18 graduating to beta, and 17 becoming generally available.

Earlier this month, the Kubernetes community celebrated 10 yearssince the first git commit to the project. The event known as KuberTENes was held in many places around the globe with the official one sponsored by the CNCF in Mountain View, CA, and was streamed live on its YouTube channel.

For detailed information on the Kubernetes 1.30 release, users can refer to the official release notes and documentation for a comprehensive overview of the enhancements and deprecations this version presents or watch the recording of the CNCF webinar by the release team. The next release 1.31 is expected in August 2024.