Kubernetes 1.31 Release: Key Features, Enhancements, and Deprecations

News From the Cloud Native Community

Kubernetes v1.31 has officially landed, bringing a host of exciting new features and critical updates. Just like previous releases, this version continues the trend of enhancing Kubernetes’ stability, security, and performance, all while expanding its capabilities to meet the ever-growing needs of containerized applications. In this release, you’ll find a whopping 45 enhancements, including features moving to stable, beta, and alpha phases. Let’s dive into the most significant updates that make Kubernetes v1.31 a game-changer.

What’s New in Kubernetes v1.31?

The Kubernetes community has been hard at work, and their efforts are evident in the v1.31 release. Here’s a quick breakdown of what’s in store:

  • 11 enhancements have graduated to Stable
  • 22 features are now in Beta
  • 12 new features introduced as Alpha

These changes reflect Kubernetes’ relentless drive toward improving functionality, security, and performance for its users.

Stable Features in Kubernetes v1.31

Several key features have moved to the stable phase in Kubernetes v1.31, signaling their readiness for production use. Here are some of the top highlights:

AppArmor Support is Now Stable

One of the standout features in this release is AppArmor support, which has finally reached General Availability (GA). AppArmor allows you to secure your containers by setting profiles that define allowed and denied system calls, reducing potential attack vectors. Previously, Kubernetes relied on annotations for AppArmor support, but as of v1.30, it’s now controlled via the appArmorProfile.type field within the security context of a container.

If you’re still using annotations, it’s time to migrate to the new field-based approach for better security and stability.

Improved Ingress Connectivity for Kube-Proxy

In Kubernetes v1.31, kube-proxy brings improved ingress connectivity reliability. This enhancement focuses on mitigating traffic drops by introducing a mechanism that helps load balancers perform connection draining for terminating nodes. With this feature, services that use a LoadBalancer type and external traffic policies will see better traffic management, reducing downtime and improving reliability.

For those using kube-proxy as the default service proxy, no additional changes are required as this feature is enabled by default.

Persistent Volume Transition Time Tracking

Another noteworthy stable feature is Persistent Volume last phase transition time. This enhancement adds a timestamp to the PersistentVolumeStatus field, showing when a volume last transitioned between different states (e.g., Pending, Bound, Released). This is useful for tracking storage performance and understanding how long volumes remain in each phase, which can be beneficial for service-level objectives (SLOs) and monitoring.

Key Features in Beta

While stable features are ready for full production, there’s a lot to be excited about in the beta category as well. These features are maturing, and Kubernetes is giving users more control and efficiency in their clusters.

NFTables Backend for Kube-Proxy

NFTables, the modern successor to iptables, has moved to beta in v1.31, promising better performance and scalability for network management. In large-scale environments with thousands of services, NFTables can process changes to service endpoints more efficiently than its predecessor. However, since this feature is still evolving, make sure to check for compatibility with your network plugin before switching to NFTables mode.

Persistent Volume Reclaim Policy

Persistent Volume (PV) handling gets a significant upgrade with the Always Honor Reclaim Policy feature. Before this enhancement, Kubernetes could occasionally ignore the reclaim policy set on a PV, especially if the PersistentVolumeClaim (PVC) was deleted before the PV. Now, regardless of the deletion sequence, Kubernetes will respect the reclaim policy, ensuring consistent storage clean-up and preventing resource leakage.

Multiple Service CIDRs Support

Kubernetes v1.31 introduces Multiple Service CIDRs support, now in beta, allowing clusters to dynamically modify service IP ranges without downtime. This enhancement resolves a long-standing pain point for large clusters that have struggled with IP exhaustion, enabling seamless service range adjustments for growing infrastructures.

What’s New in Alpha?

Alpha features are experimental but provide a glimpse into the future of Kubernetes. Here are some of the most intriguing new alpha features in v1.31.

Dynamic Resource Allocation (DRA) API Updates

The Dynamic Resource Allocation (DRA) API has been updated to support better accelerator and hardware management. Structured parameters are now a core part of the DRA API, improving transparency and enabling features like cluster autoscaling. This new design makes Kubernetes more adept at handling workloads that require specialized hardware, such as GPUs for machine learning applications.

Support for Image Volumes

In line with the growing focus on AI and machine learning workloads, Kubernetes v1.31 introduces alpha support for using OCI-compatible images as volumes within a pod. This feature is ideal for those looking to leverage Open Container Initiative (OCI) standards, enabling easier storage and distribution of content across containers.

Exposing Device Health Through Pod Status

The ability to expose device health information directly through pod status is now available in alpha. Before this update, users had to rely on the PodResources API to check whether a pod was associated with a failed device. With this feature, Kubernetes will now provide health data for each device assigned to a container, helping administrators quickly diagnose hardware issues within their clusters.

Deprecations and Removals in Kubernetes v1.31

With every new release, Kubernetes not only introduces new features but also cleans house by deprecating or removing old ones. In v1.31, several changes are worth noting:

Cgroup v1 Support Moves to Maintenance Mode

Kubernetes v1.31 marks the beginning of the end for Cgroup v1 support. While critical security patches will still be applied, no new features will be developed for Cgroup v1, and bug fixes will be handled on a best-effort basis. It’s time for users to begin migrating to Cgroup v2, which offers better scalability and consistency.

Removal of CephFS and Ceph RBD Plugins

As Kubernetes continues to move toward externalizing cloud provider integrations, the CephFS and Ceph RBD volume plugins have been removed in v1.31. Users should migrate to the respective CSI drivers for these storage solutions, ensuring they remain compatible with future Kubernetes versions.

Deprecation of Non-CSI Volume Limit Plugins

All non-CSI volume limit plugins in the kube-scheduler have been deprecated in favor of the NodeVolumeLimits plugin. This transition helps standardize storage management and aligns Kubernetes with the growing adoption of the Container Storage Interface (CSI).

Wrapping Up: Time to Upgrade

Kubernetes v1.31 introduces a wealth of improvements aimed at making Kubernetes clusters more reliable, efficient, and secure. Whether you’re excited about the stable release of AppArmor support or intrigued by the new alpha features for hardware management and AI workloads, there’s something in this release for every Kubernetes administrator.

As always, make sure to review the full release notes and documentation before upgrading your cluster to ensure compatibility with your existing workloads. Happy upgrading!