|
| 1 | +--- |
| 2 | +layout: blog |
| 3 | +title: "Kubernetes Removals and Major Changes In v1.27" |
| 4 | +date: 2023-03-16 |
| 5 | +slug: upcoming-changes-in-kubernetes-v1-27 |
| 6 | +--- |
| 7 | + |
| 8 | +**Author**: Harshita Sao (Independent) |
| 9 | + |
| 10 | +As Kubernetes develops and matures, features may be deprecated, removed, or replaced with better ones for the project's overall health. Based on the information available at this mid-cycle point in the v1.27 release process, which is still ongoing and can introduce additional changes, this article identifies and describes some of the planned changes for the Kubernetes v1.27 release. |
| 11 | + |
| 12 | +## A note about k8s.gcr.io Redirect to registry.k8s.io |
| 13 | + |
| 14 | +To host its container images, the Kubernetes project uses a community-owned image registry called registry.k8s.io. **On March 20th, all traffic from the out-of-date [k8s.gcr.io](https://cloud.google.com/container-registry/) registry will be redirected to [registry.k8s.io](https://github.com/kubernetes/registry.k8s.io). On the 3rd of April 2023, the old registry k8s.gcr.io will be frozen, and no further images for Kubernetes and related subprojects will be pushed to the old registry**. The deprecated k8s.gcr.io registry will eventually be phased out. |
| 15 | + |
| 16 | +### What does this change mean? |
| 17 | + |
| 18 | +- If you are a subproject maintainer, you must update your manifests and Helm charts to use the new registry. |
| 19 | + |
| 20 | +- The v1.27 Kubernetes release will not be published to the old registry. |
| 21 | + |
| 22 | +- From April, patch releases for v1.24, v1.25, and v1.26 will no longer be published to the old registry. |
| 23 | + |
| 24 | +We have a [blog post](https://kubernetes.io/blog/2023/03/10/image-registry-redirect/) with all the information about this change and what to do if it impacts you. |
| 25 | + |
| 26 | +## The Kubernetes API Removal and Deprecation process |
| 27 | + |
| 28 | +The Kubernetes project has a well-documented [deprecation policy](https://kubernetes.io/docs/reference/using-api/deprecation-policy/) for features. This policy states that stable APIs may only be deprecated when a newer, stable version of that same API is available and that APIs have a minimum lifetime for each stability level. A deprecated API has been marked for removal in a future Kubernetes release, it will continue to function until removal (at least one year from the deprecation), but usage will result in a warning being displayed. Removed APIs are no longer available in the current version, at which point you must migrate to using the replacement. |
| 29 | + |
| 30 | +- Generally available (GA) or stable API versions may be marked as deprecated but must not be removed within a major version of Kubernetes. |
| 31 | + |
| 32 | +- Beta or pre-release API versions must be supported for 3 releases after the deprecation. |
| 33 | + |
| 34 | +- Alpha or experimental API versions may be removed in any release without prior deprecation notice. |
| 35 | + |
| 36 | +Whether an API is removed as a result of a feature graduating from beta to stable or because that API simply did not succeed, all removals comply with this deprecation policy. Whenever an API is removed, migration options are communicated in the documentation. |
| 37 | + |
| 38 | +## API removals, and other changes for Kubernetes v1.27 |
| 39 | + |
| 40 | +In addition to the above, Kubernetes v1.27 is targeted to include several additional removals. |
| 41 | + |
| 42 | +### Removal of storage.k8s.io/v1beta1 from [CSIStorageCapacity](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/csi-storage-capacity-v1/) |
| 43 | + |
| 44 | +The CSIStorageCapacity API supports exposing currently available storage capacity via CSIStorageCapacity objects and enhances the scheduling of pods that use CSI volumes with late binding. The `storage.k8s.io/v1beta1` API version of CSIStorageCapacity was deprecated in v1.24, and it will no longer be served in v1.27. |
| 45 | + |
| 46 | +Migrate manifests and API clients to use the `storage.k8s.io/v1` API version, available since v1.24. All existing persisted objects are accessible via the new API. |
| 47 | + |
| 48 | +Refer to the [Storage Capacity Constraints for Pod Scheduling KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1472-storage-capacity-tracking) for more information. |
| 49 | + |
| 50 | +### Removal of seccomp annotations |
| 51 | + |
| 52 | +In Kubernetes v1.19, the [seccomp](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/135-seccomp) (secure computing mode) support graduated to General Availability (GA). This feature can be used to increase the workload security by restricting the system calls for a Pod (applies to all containers) or single containers. |
| 53 | + |
| 54 | +The support for the alpha seccomp annotations `seccomp.security.alpha.kubernetes.io/pod` and `container.seccomp.security.alpha.kubernetes.io` were deprecated since v1.19, now have been completely removed. The seccomp fields are no longer auto-populated when pods with seccomp annotations are created. Pods should use the corresponding pod or container `securityContext.seccompProfile` field instead. |
| 55 | + |
| 56 | +### Removal of feature gates for [volume expansion](https://github.com/kubernetes/enhancements/issues/284) |
| 57 | + |
| 58 | +The following feature gates for volume expansion GA features will be removed and must no longer be referenced in `--feature-gates` flags: |
| 59 | + |
| 60 | +- `ExpandCSIVolumes`: Enable expanding of CSI volumes. |
| 61 | + |
| 62 | +- `ExpandInUsePersistentVolumes`: Enable expanding in-use PVCs. |
| 63 | + |
| 64 | +- `ExpandPersistentVolumes`: Enable expanding of persistent volumes. |
| 65 | + |
| 66 | +### Removal of [masterServiceNamespace](https://github.com/kubernetes/kubernetes/pull/114446) flag |
| 67 | + |
| 68 | +The namespace from which Kubernetes master services should be injected into pods is `masterServiceNamespace`. This release removes this flag, which has been deprecated since v1.6. |
| 69 | + |
| 70 | +### Removal of [ControllerManagerLeaderMigration](https://github.com/kubernetes/kubernetes/pull/113534) feature gate |
| 71 | + |
| 72 | +[Leader Migration](https://github.com/kubernetes/enhancements/issues/2436) provides a mechanism in which HA clusters can safely migrate "cloud-specific" controllers between the `kube-controller-manager` and the `cloud-controller-manager` via a shared resource lock between the two components while upgrading the replicated control plane. |
| 73 | + |
| 74 | +The `ControllerManagerLeaderMigration` feature, GA since v1.24, is unconditionally enabled hence the feature gate option will be removed. |
| 75 | + |
| 76 | +### Removal of [enable-taint-manager](https://github.com/kubernetes/kubernetes/pull/111411) and [pod-eviction-timeout](https://github.com/kubernetes/kubernetes/pull/113710) CLI flag |
| 77 | + |
| 78 | +The command line flag `enable-taint-manager` for kube-controller-manager is deprecated and will be removed in v1.27. The feature that it supports, taint based eviction, is enabled by default and will continue to be implicitly enabled when the flag is removed. The CLI flag `pod-eviction-timeout` is deprecated and will also be removed together with enable-taint-manager. |
| 79 | + |
| 80 | +### Removal of [CSI Migration](https://github.com/kubernetes/kubernetes/pull/110410) feature gate |
| 81 | + |
| 82 | +Moving the in-tree volume plugins to out-of-tree CSI drivers. As [CSIMigration](https://github.com/kubernetes/enhancements/issues/625) is GA now. The feature gate will be removed in v1.27. |
| 83 | + |
| 84 | +### Removal of CSIInlineVolume feature gate |
| 85 | + |
| 86 | +The [CSI Ephemeral Volume](https://github.com/kubernetes/kubernetes/pull/111258) feature allows CSI volumes to be specified directly in the pod specification for ephemeral use cases. They can be used to inject arbitrary states, such as configuration, secrets, identity, variables or similar information, directly inside pods using a mounted volume. This feature has graduated to GA in v1.25. Hence the feature gate `CSIInlineVolume` will be removed in this release. |
| 87 | + |
| 88 | +### Removal of EphemeralContainers feature gate |
| 89 | + |
| 90 | +[Emphemeral containers](https://github.com/kubernetes/kubernetes/pull/111402) graduated to GA in v1.25. These are containers with a temporary duration that executes within namespaces of an existing pod. Ephemeral Containers are initiated by a user and intended to observe the state of other pods and containers for troubleshooting and debugging purposes. Hence the `EphemeralContainers` feature gate is always enabled and will be removed from the `--feature-gates` flag on the kube-apiserver and the kubelet command lines. |
| 91 | + |
| 92 | +### Removal of LocalStorageCapacityIsolation feature gate |
| 93 | + |
| 94 | +The [Local Ephemeral Storage Capacity Isolation](https://github.com/kubernetes/kubernetes/pull/111513) feature moved to GA in v1.25. It provides support for capacity isolation of local ephemeral storage between pods, such as EmptyDir, so that a pod can be hard limited in its consumption of shared resources by evicting Pods if its consumption of local ephemeral storage exceeds that limit. Hence the feature gate `LocalStorageCapacityIsolation` will be removed in this release. |
| 95 | + |
| 96 | +### Removal of [NetworkPolicyEndPort](https://github.com/kubernetes/kubernetes/pull/110868) feature gate |
| 97 | + |
| 98 | +`endPort` in Network Policy promoted to GA in v1.25. Network Policy providers that support `endPort` field that can be used to specify a range of ports to apply a Network Policy. Previously, each Network Policy could only target a single port. So the feature gate `NetworkPolicyEndPort` will be removed in this release. |
| 99 | + |
| 100 | +Please be aware that `endPort` field must be supported by the Network Policy provider. If your provider does not support endPort, and this field is specified in a Network Policy, the Network Policy will be created covering only the port field (single port) |
| 101 | + |
| 102 | +### Removal of StatefulSetMinReadySeconds feature gate |
| 103 | + |
| 104 | +StatefulSet Controller honoring [minReadySeconds](https://github.com/kubernetes/kubernetes/pull/110896) and mark Pod ready only if Pod is available for the given time mentioned in minReadySeconds. With Promotion of StatefulSet minReadySeconds to GA in v1.25, means `--feature-gates=StatefulSetMinReadySeconds=true` are not needed on kube-apiserver and kube-controller-manager binaries so they'll be removed in this release. |
| 105 | + |
| 106 | +### Removal of [IdentifyPodOS](https://github.com/kubernetes/kubernetes/pull/111229) feature gate |
| 107 | + |
| 108 | +Addition of a new field to the pod spec called os to identify the OS of the containers specified in the pod. From v1.25, the IdentifyPodOS feature is in GA stage and defaults to be enabled hence the `IdentifyPodOS` feature gate will no longer be accepted as a `--feature-gates` parameter in v1.27. |
| 109 | + |
| 110 | +### Removal of [DaemonSetUpdateSurge](https://github.com/kubernetes/kubernetes/pull/111194) feature gate |
| 111 | + |
| 112 | +Surge support in order to minimize DaemonSet downtime on nodes. This will allow daemonset workloads to implement zero-downtime upgrades. As DaemonSet MaxSurge was graduated to GA in v1.25. This means `--feature-gates=DaemonSetUpdateSurge=true` are not needed on kube-apiserver and kube-controller-manager binaries so they'll be removed in v1.27. |
| 113 | + |
| 114 | +## Looking ahead |
| 115 | + |
| 116 | +The official list of [API removals](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-29) planned for Kubernetes v1.29 includes: |
| 117 | + |
| 118 | +- The `flowcontrol.apiserver.k8s.io/v1beta2` API version of FlowSchema and PriorityLevelConfiguration will no longer be served in v1.29. |
| 119 | + |
| 120 | +## Want to know more? |
| 121 | + |
| 122 | +Deprecations are announced in the Kubernetes release notes. You can see the announcements of pending deprecations in the release notes for: |
| 123 | + |
| 124 | +- [Kubernetes v1.21](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.21.md#deprecation) |
| 125 | + |
| 126 | +- [Kubernetes v1.22](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.22.md#deprecation) |
| 127 | + |
| 128 | +- [Kubernetes v1.23](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#deprecation) |
| 129 | + |
| 130 | +- [Kubernetes v1.24](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#deprecation) |
| 131 | + |
| 132 | +- [Kubernetes v1.25](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md#deprecation) |
| 133 | + |
| 134 | +- [Kubernetes v1.26](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#deprecation) |
| 135 | + |
| 136 | +We will formally announce the deprecations that come with [Kubernetes v1.27](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md#deprecation) as part of the CHANGELOG for that release. |
| 137 | + |
| 138 | +For information on the process of deprecation and removal, check out the official Kubernetes [deprecation policy](https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecating-parts-of-the-api) document. |
0 commit comments