yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
218900ecfc237f6c0ba9f9684f9afa10f1d5ea9a
doc-exports/docs/cce/umn/cce_bulletin_0095.html
qiujiandong1 218900ecfc CCE UMN 20260128 version 
Reviewed-by: Gergo-Bence Lorincz <a200452876@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qiujiandong1 <qiujiandong1@huawei.com>
Co-committed-by: qiujiandong1 <qiujiandong1@huawei.com>
2026-03-11 15:13:02 +00:00

29 lines
11 KiB
HTML
Raw Blame History

<a name="cce_bulletin_0095"></a><a name="cce_bulletin_0095"></a>
<h1 class="topictitle1">Kubernetes 1.30 Release Notes</h1>
<div id="body8662426"><p id="cce_bulletin_0095__en-us_topic_0000002011393057_en-us_topic_0000001072975092_en-us_topic_0261805759_en-us_topic_0261793154_p8060118">CCE now supports Kubernetes 1.30 cluster features. This section describes the changes in Kubernetes 1.30.</p>
<div class="section" id="cce_bulletin_0095__en-us_topic_0000002011393057_section1391012495239"><h4 class="sectiontitle">Indexes</h4><ul id="cce_bulletin_0095__en-us_topic_0000002011393057_ul8733155692314"><li id="cce_bulletin_0095__en-us_topic_0000002011393057_li17733195672318"><a href="#cce_bulletin_0095__en-us_topic_0000002011393057_section14972102702312">New and Enhanced Features</a></li><li id="cce_bulletin_0095__en-us_topic_0000002011393057_li142311740133412"><a href="#cce_bulletin_0095__en-us_topic_0000002011393057_section1898982110241">API Changes and Removals</a></li><li id="cce_bulletin_0095__en-us_topic_0000002011393057_li1036516205388"><a href="#cce_bulletin_0095__en-us_topic_0000002011393057_section115291322132513">Enhanced Kubernetes 1.30 on CCE</a></li><li id="cce_bulletin_0095__en-us_topic_0000002011393057_li1076716133914"><a href="#cce_bulletin_0095__en-us_topic_0000002011393057_en-us_topic_0000001072975092_en-us_topic_0261805759_en-us_topic_0261793154_section1272182810583">References</a></li></ul>
</div>
<div class="section" id="cce_bulletin_0095__en-us_topic_0000002011393057_section14972102702312"><a name="cce_bulletin_0095__en-us_topic_0000002011393057_section14972102702312"></a><a name="en-us_topic_0000002011393057_section14972102702312"></a><h4 class="sectiontitle">New and Enhanced Features</h4><ul id="cce_bulletin_0095__en-us_topic_0000002011393057_ul765217383916"><li id="cce_bulletin_0095__en-us_topic_0000002011393057_li165213813916">Webhook matching expression is in the GA state.<p id="cce_bulletin_0095__en-us_topic_0000002011393057_p897192710149"><a name="cce_bulletin_0095__en-us_topic_0000002011393057_li165213813916"></a><a name="en-us_topic_0000002011393057_li165213813916"></a>The Webhook matching expression feature is advanced to GA. This feature enables admission webhooks to be matched based on specific conditions, providing control over the triggering conditions of the webhooks in a more precise granularity. For details, see <a href="https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchConditions" target="_blank" rel="noopener noreferrer">Dynamic Admission Control</a>.</p>
</li><li id="cce_bulletin_0095__en-us_topic_0000002011393057_li865210381493">Pod scheduling readiness is in the GA state.<p id="cce_bulletin_0095__en-us_topic_0000002011393057_p592202931417"><a name="cce_bulletin_0095__en-us_topic_0000002011393057_li865210381493"></a><a name="en-us_topic_0000002011393057_li865210381493"></a>The pod scheduling readiness feature is advanced to GA. With this feature, you can add custom scheduling gates to a pod and manage when to remove them. The pod will only be deemed ready for scheduling once all scheduling gates have been removed. For details, see <a href="https://kubernetes.io/docs/concepts/scheduling-eviction/pod-scheduling-readiness/" target="_blank" rel="noopener noreferrer">Pod Scheduling Readiness</a>.</p>
</li><li id="cce_bulletin_0095__en-us_topic_0000002011393057_li665220381690">Validating admission policies are in the GA state.<p id="cce_bulletin_0095__en-us_topic_0000002011393057_p1514043014148"><a name="cce_bulletin_0095__en-us_topic_0000002011393057_li665220381690"></a><a name="en-us_topic_0000002011393057_li665220381690"></a>Validating admission policies are advanced to GA. This feature allows you to declare the validating admission policies of resources using Common Expression Language (CEL). For details, see <a href="https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/" target="_blank" rel="noopener noreferrer">Validating Admission Policy</a>.</p>
</li><li id="cce_bulletin_0095__en-us_topic_0000002011393057_li2652938698">Horizontal pod auto scaling based on container resource metrics is in the GA state.<p id="cce_bulletin_0095__en-us_topic_0000002011393057_p1968103010148"><a name="cce_bulletin_0095__en-us_topic_0000002011393057_li2652938698"></a><a name="en-us_topic_0000002011393057_li2652938698"></a>The horizontal pod auto scaling feature based on container resource metrics is advanced to GA. This feature allows HPA to configure auto scaling based on the resource usage of each container within a pod, rather than just the overall resource usage of the pod. This makes it easier to set scaling thresholds for the most critical containers in a pod. For details, see <a href="https://kubernetes.io/docs/concepts/workloads/autoscaling/horizontal-pod-autoscale/#container-resource-metrics" target="_blank" rel="noopener noreferrer">Container resource metrics</a>.</p>
</li><li id="cce_bulletin_0095__en-us_topic_0000002011393057_li13653123819916">The legacy ServiceAccount token cleaner is in the GA state.<p id="cce_bulletin_0095__en-us_topic_0000002011393057_p20718123181413"><a name="cce_bulletin_0095__en-us_topic_0000002011393057_li13653123819916"></a><a name="en-us_topic_0000002011393057_li13653123819916"></a>The legacy ServiceAccount token cleaner feature is advanced to GA. It runs as part of <strong id="cce_bulletin_0095__en-us_topic_0000002011393057_b748611411213">kube-controller-manager</strong> and checks every 24 hours to see if any auto-generated legacy ServiceAccount token has not been used in a specific amount of time (one year by default, specified by <strong id="cce_bulletin_0095__en-us_topic_0000002011393057_b448681415215">--legacy-service-account-token-clean-up-period</strong>). If so, the cleaner marks those tokens as invalid and adds the <strong id="cce_bulletin_0095__en-us_topic_0000002011393057_b1313225330113048">kubernetes.io/legacy-token-invalid-since</strong> label whose value is the current date. If an invalid token is not used for a specific period of time (one year by default, specified by <strong id="cce_bulletin_0095__en-us_topic_0000002011393057_b4920114518211">--legacy-service-account-token-clean-up-period</strong>), the cleaner deletes it. For details, see <a href="https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#legacy-serviceaccount-token-cleaner" target="_blank" rel="noopener noreferrer">Legacy ServiceAccount token cleaner</a>.</p>
</li><li id="cce_bulletin_0095__en-us_topic_0000002011393057_li165363811915">The minimum domain in the pod topology spread is in the GA state.<p id="cce_bulletin_0095__en-us_topic_0000002011393057_p117118322145"><a name="cce_bulletin_0095__en-us_topic_0000002011393057_li165363811915"></a><a name="en-us_topic_0000002011393057_li165363811915"></a>The minimum domain feature in pod topology spread is advanced to GA. This feature allows you to configure a minimum number of domains that meet specific conditions by using the <strong id="cce_bulletin_0095__en-us_topic_0000002011393057_b19750111135614">minDomains</strong> field in the pod configuration. If the number of domains that match the load topology constraints exceeds the <strong id="cce_bulletin_0095__en-us_topic_0000002011393057_b06211615105711">minDomains</strong> value, this field will not affect the settings. However, if the number of domains that match the load topology constraints is less than the <strong id="cce_bulletin_0095__en-us_topic_0000002011393057_b28891724165810">minDomains</strong> value, the global minimum value is set to 0, which represents the minimum number of matched pods in domains that meet the conditions. To prevent pods from being scheduled when topology constraints are not met, this field must be used together with <strong id="cce_bulletin_0095__en-us_topic_0000002011393057_b20648813303">whenUnsatisfiable: DoNotSchedule</strong>. For details, see <a href="https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#spread-constraint-definition" target="_blank" rel="noopener noreferrer">Spread constraint definition</a>.</p>
</li></ul>
</div>
<div class="section" id="cce_bulletin_0095__en-us_topic_0000002011393057_section1898982110241"><a name="cce_bulletin_0095__en-us_topic_0000002011393057_section1898982110241"></a><a name="en-us_topic_0000002011393057_section1898982110241"></a><h4 class="sectiontitle">API Changes and Removals</h4><ul id="cce_bulletin_0095__en-us_topic_0000002011393057_ul0323440195"><li id="cce_bulletin_0095__en-us_topic_0000002011393057_li832204410197">kubectl removes the <strong id="cce_bulletin_0095__en-us_topic_0000002011393057_b1885917231201">prune-whitelist</strong> parameter of the <strong id="cce_bulletin_0095__en-us_topic_0000002011393057_b53959300010">apply</strong> command and replaces it with <strong id="cce_bulletin_0095__en-us_topic_0000002011393057_b11825143512017">prune-allowlist</strong>.</li><li id="cce_bulletin_0095__en-us_topic_0000002011393057_li10325443197">SecurityContextDeny, which has been deprecated in Kubernetes 1.27, is replaced by <a href="https://kubernetes.io/docs/concepts/security/pod-security-admission/" target="_blank" rel="noopener noreferrer">Pod Security admission controller</a>.</li></ul>
</div>
<div class="section" id="cce_bulletin_0095__en-us_topic_0000002011393057_section115291322132513"><a name="cce_bulletin_0095__en-us_topic_0000002011393057_section115291322132513"></a><a name="en-us_topic_0000002011393057_section115291322132513"></a><h4 class="sectiontitle">Enhanced Kubernetes 1.30 on CCE</h4><p id="cce_bulletin_0095__en-us_topic_0000002011393057_p10835173722518">During a version maintenance period, CCE periodically updates Kubernetes 1.30 and provides enhanced functions.</p>
<p id="cce_bulletin_0095__en-us_topic_0000002011393057_p1752116404265">For details about cluster version updates, see <a href="cce_10_0405.html">Patch Versions</a>.</p>
</div>
<div class="section" id="cce_bulletin_0095__en-us_topic_0000002011393057_en-us_topic_0000001072975092_en-us_topic_0261805759_en-us_topic_0261793154_section1272182810583"><a name="cce_bulletin_0095__en-us_topic_0000002011393057_en-us_topic_0000001072975092_en-us_topic_0261805759_en-us_topic_0261793154_section1272182810583"></a><a name="en-us_topic_0000002011393057_en-us_topic_0000001072975092_en-us_topic_0261805759_en-us_topic_0261793154_section1272182810583"></a><h4 class="sectiontitle">References</h4><p id="cce_bulletin_0095__en-us_topic_0000002011393057_en-us_topic_0000001072975092_p15127239183119">For more details about the performance comparison and functional evolution between Kubernetes 1.30 and other versions, see <a href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md" target="_blank" rel="noopener noreferrer">Kubernetes v1.30 Release Notes</a>.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_10_0068.html">Kubernetes Version Release Notes</a></div>
</div>
</div>
View Git Blame Copy Permalink