diff --git a/content/en/blog/_posts/2024-07-18-kubernetes-1.31-deprecations-and-removals.md b/content/en/blog/_posts/2024-07-18-kubernetes-1.31-deprecations-and-removals.md index bb5019c1bf..cb8f561873 100644 --- a/content/en/blog/_posts/2024-07-18-kubernetes-1.31-deprecations-and-removals.md +++ b/content/en/blog/_posts/2024-07-18-kubernetes-1.31-deprecations-and-removals.md @@ -11,10 +11,10 @@ author: > Yigit Demirbas --- -As Kubernetes develops and matures, features may be deprecated, removed, or replaced with better ones for the project's overall health. This article outlines some planned changes for the Kubernetes 1.31 release that the release team feels you should be aware off for the continued mantainance of your Kubernetes enviroment. Information listed below is based on the current status of the v1.31 release and may change before the actual release date. +As Kubernetes develops and matures, features may be deprecated, removed, or replaced with better ones for the project's overall health. This article outlines some planned changes for the Kubernetes 1.31 release that the release team feels you should be aware of for the continued maintenance of your Kubernetes environment. The Information listed below is based on the current status of the v1.31 release. It may change before the actual release date. ### The Kubernetes API Removal and Deprecation process -The Kubernetes project has a well-documented [deprecation policy](https://kubernetes.io/docs/reference/using-api/deprecation-policy/) for features. This policy states that stable APIs may only be deprecated when a newer, stable version of that same API is available and that APIs have a minimum lifetime for each stability level. A deprecated API has been marked for removal in a future Kubernetes release, it will continue to function until removal (at least one year from the deprecation), but usage will result in a warning being displayed. Removed APIs are no longer available in the current version, at which point you must migrate to using the replacement. +The Kubernetes project has a well-documented [deprecation policy](https://kubernetes.io/docs/reference/using-api/deprecation-policy/) for features. This policy states that stable APIs may only be deprecated when a newer, stable version of that API is available and that APIs have a minimum lifetime for each stability level. A deprecated API has been marked for removal in a future Kubernetes release. It will continue to function until removal (at least one year from the deprecation), but usage will result in a warning being displayed. Removed APIs are no longer available in the current version, so you must migrate to using the replacement. * Generally available (GA) or stable API versions may be marked as deprecated but must not be removed within a major version of Kubernetes. @@ -22,22 +22,22 @@ The Kubernetes project has a well-documented [deprecation policy](https://kubern * Alpha or experimental API versions may be removed in any release without prior deprecation notice. -Whether an API is removed as a result of a feature graduating from beta to stable or because that API simply did not succeed, all removals comply with this deprecation policy. Whenever an API is removed, migration options are communicated in the [documentation](https://kubernetes.io/docs/reference/using-api/deprecation-guide/). +Whether an API is removed because a feature graduated from beta to stable or because that API simply did not succeed, all removals comply with this deprecation policy. Whenever an API is removed, migration options are communicated in the [documentation](https://kubernetes.io/docs/reference/using-api/deprecation-guide/). ## A note about SHA-1 signature support fully going away in go1.24 -In [go1.18](https://go.dev/doc/go1.18#sha1) (released in March 2022), the crypto/x509 library started to reject certificates that were signed with a SHA-1 hash function. While SHA-1 is established to be unsafe and publicly trusted Certificate Authorities have not issues SHA-1 certificates since 2015, there might still be cases in the context of Kubernetes where user-provided certificates are signed using a SHA-1 hash function through private authorities with them being used for Aggregated API Servers of webhooks. If you have been reliant on SHA-1 based certificates, you must be explicitly opting back into its support by setting `GODEBUG=x509sha1=1` in your environment. +In [go1.18](https://go.dev/doc/go1.18#sha1) (released in March 2022), the crypto/x509 library started to reject certificates that were signed with a SHA-1 hash function. While SHA-1 is established to be unsafe and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015, there might still be cases in the context of Kubernetes where user-provided certificates are signed using a SHA-1 hash function through private authorities with them being used for Aggregated API Servers of webhooks. If you have relied on SHA-1 based certificates, you must explicitly opt back into its support by setting `GODEBUG=x509sha1=1` in your environment. -Given Go's [compatibility policy for GODEBUGs](https://go.dev/blog/compat), the `x509sha1` GODEBUG and consequently the support for SHA-1 certificates will [fully go away in go1.24](https://tip.golang.org/doc/go1.23) which would release in the first half of 2025. If you are reliant on SHA-1 certificates, please start moving off of them. +Given Go's [compatibility policy for GODEBUGs](https://go.dev/blog/compat), the `x509sha1` GODEBUG and the support for SHA-1 certificates will [fully go away in go1.24](https://tip.golang.org/doc/go1.23) which will be released in the first half of 2025. If you rely on SHA-1 certificates, please start moving off them. Please see [Kubernetes issue #125689](https://github.com/kubernetes/kubernetes/issues/125689) to get a better idea of timelines around the support for SHA-1 going away, when Kubernetes releases plans to adopt go1.24, and for more details on how to detect usage of SHA-1 certificates via metrics and audit logging. ## Deprecations and Removals in Kubernetes 1.31 ### Deprecate kustomize from kubectl [KEP 4706](https://github.com/kubernetes/enhancements/issues/4706) -In the early days of Kubernetes, when not that many tools in the field of declarative configurations existed, [kustomize](https://github.com/kubernetes-sigs/kustomize) was introduced and to make life easier for kubectl users it was included in kubectl, by default. +In the early days of Kubernetes, when not that many tools in the field of declarative configurations existed, [kustomize](https://github.com/kubernetes-sigs/kustomize) was introduced, and to make life easier for kubectl users, it was included in kubectl by default. -Over the past several years the ecosystem around Kubernetes grew significantly, resulting in wider spread of tooling, including declarative configuration. With these new options, it's best left to the user to match their use cases with the best tool capable of resolving the problem at hand. Using [kubectl plugins](https://kubernetes.io/docs/tasks/extend-kubectl/kubectl-plugins/), users can pick and choose the best tool to match their needs. +Over the past several years, the ecosystem around Kubernetes has grown significantly, resulting in a wider spread of tooling, including declarative configuration. With these new options, it's best left to the user to match their use cases with the best tool capable of resolving the problem at hand. Using [kubectl plugins](https://kubernetes.io/docs/tasks/extend-kubectl/kubectl-plugins/), users can choose the best tool to match their needs. With Kubernetes v1.31, kustomize will be deprecated from kubectl. It will be removed in a future release. This will allow both tools to be developed and maintained separately. @@ -49,14 +49,14 @@ If you still rely on this feature, migrate to using the `podman kube` subcommand ### Deprecate status.nodeInfo.kubeProxyVersion field [KEP 4004](https://github.com/kubernetes/enhancements/issues/4004) The `status.nodeInfo.kubeProxyVersionv1.Node` field is being deprecated due to inaccuracies and will be removed in a future release. This field is set by the kubelet, which does not have reliable information about the kube-proxy version or whether kube-proxy is running. -After deprecation, users will no longer be able to retrieve the kube-proxy version from the Node object. +After deprecation, users can no longer retrieve the kube-proxy version from the Node object. ### Removal of in-tree cloud providers - sig-cloudprovider As highlighted in our [previous blog](https://kubernetes.io/blog/2024/05/20/completing-cloud-provider-migration/), the last bits of in-tree cloud provider code have been removed. -This milestone marks the completion of the externalization process for all cloud providers integrations from the Kubernetes core ([KEP-2395](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cloud-provider/2395-removing-in-tree-cloud-providers/README.md)), a process started with Kubernetes v1.26. This change helps Kubernetes to get closer to being a truly vendor-neutral platform. +This milestone marks the completion of the externalization process for all cloud providers' integrations from the Kubernetes core ([KEP-2395](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cloud-provider/2395-removing-in-tree-cloud-providers/README.md)), a process started with Kubernetes v1.26. This change helps Kubernetes to get closer to being a truly vendor-neutral platform. -For further details on the cloud provider integrations read our [v1.29 Cloud Provider Integrations feature blog](https://kubernetes.io/blog/2023/12/14/cloud-provider-integration-changes/) and for additional context about the in-tree code removal we invite you to check the ([v1.29 deprecation blog](https://kubernetes.io/blog/2023/11/16/kubernetes-1-29-upcoming-changes/#removal-of-in-tree-integrations-with-cloud-providers-kep-2395-https-kep-k8s-io-2395)). +For further details on the cloud provider integrations, read our [v1.29 Cloud Provider Integrations feature blog](https://kubernetes.io/blog/2023/12/14/cloud-provider-integration-changes/). For additional context about the in-tree code removal, we invite you to check the ([v1.29 deprecation blog](https://kubernetes.io/blog/2023/11/16/kubernetes-1-29-upcoming-changes/#removal-of-in-tree-integrations-with-cloud-providers-kep-2395-https-kep-k8s-io-2395)). The latter blog also contains useful information for users who need to migrate to version 1.29 and later. @@ -69,16 +69,16 @@ You can find more details in the pull request [#122082](https://github.com/kuber ### Removal of CephFS volume plugin [CephFS volume plugin](https://kubernetes.io/docs/concepts/storage/volumes/#cephfs) was removed in this release and the `cephFS` volume type became non-functional. -Its recommended that you use [CephFS CSI driver](https://github.com/ceph/ceph-csi/) third party storage driver instead. A re-deployment of your application is required to use the new driver if you were using CephFS volume plugin before upgrading cluster version to v1.31. +It is recommended that you use the [CephFS CSI driver](https://github.com/ceph/ceph-csi/) as a third-party storage driver instead. If you were using the CephFS volume plugin before upgrading the cluster version to v1.31, you must re-deploy your application to use the new driver. CephFS volume plugin was formally marked as deprecated in v1.28. ### Removal of Ceph RBD volume plugin -[Ceph RBD volume plugin](https://kubernetes.io/docs/concepts/storage/storage-classes/#ceph-rbd) was removed in this release together with its CSI migration support and the ceph RBD volume type became non-functional. +This release removed the [Ceph RBD volume plugin](https://kubernetes.io/docs/concepts/storage/volumes/#rbd) and its CSI migration support, making the Ceph RBD volume type non-functional. -Its recommended that you use use the [RBD CSI driver](https://github.com/ceph/ceph-csi/) in your clusters instead. A re-deployment of your application is required to use the new driver if you were using Ceph RBD volume plugin before upgrading cluster version to v1.31. +It's recommended that you use the [RBD CSI driver](https://github.com/ceph/ceph-csi/) in your clusters instead. If you were using Ceph RBD volume plugin before upgrading the cluster version to v1.31, you must re-deploy your application to use the new driver. -CephRBD volume plugin was formally marked as deprecated in v1.28. +The CephRBD volume plugin was formally marked as deprecated in v1.28. ### Deprecation of Non-CSI Volume Limit Plugins in Kube-scheduler @@ -89,7 +89,7 @@ The `kube-scheduler` has deprecated all non-CSI volume limit plugins and removed - EBSLimits - GCEPDLimits -Its recommended that you use `NodeVolumeLimits` plugin instead because it can handle the same functionality as the removed plugins since those volume types have been migrated to CSI. Please replace the deprecated plugins with the `NodeVolumeLimits` plugin if you explicitly use them in the [scheduler config](https://kubernetes.io/docs/reference/scheduling/config/). The `AzureDiskLimits`, `CinderLimits`, `EBSLimits`, `GCEPDLimits` plugins will be removed in Kubernetes v1.32. +Its recommended that you use `NodeVolumeLimits` plugin instead because it can handle the same functionality as the removed plugins since those volume types have been migrated to CSI. Please replace the deprecated plugins with the `NodeVolumeLimits` plugin if you explicitly use them in the [scheduler config](https://kubernetes.io/docs/reference/scheduling/config/). The `AzureDiskLimits`, `CinderLimits`, `EBSLimits`, and `GCEPDLimits` plugins will be removed in Kubernetes v1.32. These plugins have been removed from the default plugins as they have been marked as deprecated since Kubernetes v1.14. @@ -101,7 +101,7 @@ The official list of API removals planned for [Kubernetes v1.32](https://kuberne For more information please refer to [these docs](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-32). ## Want to know more? -Deprecations are announced in the Kubernetes release notes. We will formally announce the deprecations that come with [Kubernetes v1.31](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#deprecation) as part of the CHANGELOG for that release. +The Kubernetes release notes announce deprecations. We will formally announce the deprecations in [Kubernetes v1.31](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#deprecation) as part of the CHANGELOG for that release. You can see the announcements of pending deprecations in the release notes for: