Quick Preview of Exciting Changes in Kubernetes v1.30

Authors: Amit Dsouza, Frederick Kautz, Kristin Martin, Abigail McCarthy, Natali Vlatko

Translator: Paco Xu (DaoCloud)

Quick Preview: Exciting Changes in Kubernetes v1.30

The new release cycle is halfway through, and v1.30 brings a series of interesting and exciting enhancements, from brand‑new alpha features to existing features graduating to stable, and long‑awaited improvements that matter to everyone.

This preview highlights the most anticipated enhancements for the upcoming release.

Main Changes in Kubernetes v1.30

Structured Parameters for Dynamic Resource Allocation (DRA) (KEP‑4381)

Dynamic Resource Allocation (DRA) was added as an alpha feature in Kubernetes v1.26, offering an alternative to the traditional device plugin API for requesting third‑party resources. The original design kept DRA parameters opaque to the core, making it difficult for controllers such as cluster autoscalers to make informed decisions.

The new structured parameters extend the original implementation by providing a framework that makes request parameters transparent. Drivers can now rely on predefined “structured models” instead of handling all semantics themselves. This enables components like the scheduler to make allocation decisions without repeatedly contacting DRA drivers. The v1.30 work focuses on defining the framework and implementing a “named resources” model that lists individual resource instances and adds attribute‑based selection.

Node Swap Support (KEP‑2400)

In v1.30, swap support on Linux nodes receives a major overhaul. Previously, the NodeSwap feature gate was disabled by default and UnlimitedSwap behavior was the default when enabled. To improve stability, the UnlimitedSwap behavior is removed.

Swap support remains beta but is now enabled by default. The default mode is NoSwap (instead of UnlimitedSwap ). In NoSwap mode, kubelet can run on nodes with swap enabled, but Pods do not use the pagefile; you must set --fail-swap-on=false for kubelet to start. A new LimitedSwap mode allows kubelet to use the node’s pagefile, permitting some pod virtual memory to be swapped out while respecting pod memory limits.

The SIG Node team will update documentation based on community feedback.

Support for Pods Running in User Namespaces (KEP‑127)

User namespaces, a Linux‑only feature that improves pod isolation and mitigates high‑severity CVEs such as CVE‑2024‑21626, are promoted to beta in v1.30. Pods can now run with or without volumes, custom UID/GID ranges, and other enhancements.

Structured Authorization Configuration (KEP‑3221)

Structured authorization configuration graduates to beta and is enabled by default. It allows multiple Webhooks with explicit parameter definitions to form an authorization chain, supports CEL rules for pre‑filtering, and automatically reloads when the config file changes. The feature is activated via the --authorization-config command‑line flag.

Pod Autoscaling Based on Container Resource Metrics (KEP‑1610)

Pod Horizontal Autoscaling based on ContainerResource metrics is promoted to stable in v1.30, enabling scaling decisions based on individual container usage rather than aggregated pod usage.

Using CEL in Admission Control (KEP‑3488)

Kubernetes integrates the Common Expression Language (CEL) into admission control, providing a more expressive and dynamic way to evaluate admission requests, improve security, and reduce reliance on webhook‑based controllers.

We hope you share our excitement for this release and encourage you to follow the official blog for more highlights.

References

[1] KEP‑4381: https://kep.k8s.io/4381

[2] Dynamic Resource Allocation (DRA): https://kubernetes.io/zh-cn/docs/concepts/scheduling-eviction/dynamic-resource-allocation/

[3] KEP‑2400: https://kep.k8s.io/2400

[4] Blog post: https://kubernetes.io/zh-cn/blog/2023/08/24/swap-linux-beta/

[5] Swap memory documentation: https://kubernetes.io/zh-cn/docs/concepts/architecture/nodes/#swap-memory

[6] KEP‑127: https://kep.k8s.io/127

[7] User namespaces: https://kubernetes.io/zh-cn/docs/concepts/workloads/pods/user-namespaces

[8] CVE‑2024‑21626: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv

[9] KEP‑3221: https://kep.k8s.io/3221

[10] Structured authorization config: https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/authorization/#configuring-the-api-server-using-an-authorization-config-file

[11] CEL: https://kubernetes.io/zh-cn/docs/reference/using-api/cel/

[12] Authorization docs: https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/authorization/#configuring-the-api-server-using-an-authorization-config-file

[13] Authorization docs (duplicate): https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/authorization/#configuring-the-api-server-using-an-authorization-config-file

[14] KEP‑1610: https://kep.k8s.io/1610

[15] Prior article: https://kubernetes.io/zh-cn/blog/2023/05/02/hpa-container-resource-metric/

[16] Container resource metrics: https://kubernetes.io/zh-cn/docs/tasks/run-application/horizontal-pod-autoscale/#container-resource-metrics

[17] KEP‑3488: https://kep.k8s.io/3488

[18] API docs (ValidatingAdmissionPolicy): https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/validating-admission-policy/