What’s New in Kubernetes v1.30? 45 Features Reaching GA

Pod Scheduling Gates (GA)

Kubernetes v1.30 graduates the .spec.schedulingGates field to GA. Pods with unsatisfied pre‑conditions (e.g., storage, cloud‑provider quota) remain in SchedulingGated state until all gates are removed. Example manifest:

apiVersion: v1
kind: Pod
metadata:
  name: test-pod
spec:
  schedulingGates:
  - name: moelove.info/disk
  - name: foo.bar/xyz
  containers:
  - name: kong
    image: kong:3.6

After applying, kubectl get pods shows the pod in SchedulingGated state and the .status.conditions explains the block.

kubectl Interactive Delete (GA)

KEP‑3895 adds a -i flag to kubectl delete, prompting for confirmation similar to rm -i. The feature was alpha in v1.27 (enabled via KUBECTL_INTERACTIVE_DELETE=true), beta in v1.29, and GA in v1.30.

kubectl delete -i secret my-secret2
You are about to delete the following 1 resource(s):
secret/my-secret2
Do you want to continue? (y/n): n
deletion is cancelled

CEL‑Based Admission Control (GA)

Since v1.26, Kubernetes supports Common Expression Language (CEL) in ValidatingAdmissionPolicy. v1.30 upgrades the API to admissionregistration.k8s.io/v1 and adds audit‑enhanced checks and match conditions. Example policy:

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicy
metadata:
  name: demo-policy.moelove.info
spec:
  failurePolicy: Fail
  matchConstraints:
    resourceRules:
    - apiGroups: ["apps"]
      apiVersions: ["v1"]
      operations: ["CREATE","UPDATE"]
      resources: ["deployments"]
  validations:
  - expression: "object.spec.replicas <= 2"

Container‑Based Horizontal Pod Autoscaler (GA)

KEP‑1610 extends HPA to use individual container metrics instead of pod‑level aggregation. The feature graduated to GA in v1.30, enabling finer‑grained scaling for workloads with sidecars or heterogeneous containers.

Service Traffic Distribution (Alpha)

KEP‑4444 introduces a trafficDistribution field in Service spec, replacing the deprecated topology‑mode annotation and topologyKeys. Supported values: nil (default): no explicit preference. PreferClose: prefers nodes topologically close to the client.

This feature is currently in Alpha.

Indexed Job Success Policy (GA)

KEP‑3998 adds .spec.successPolicy to indexed Jobs, allowing success criteria based on specific indexes or a count of successful indexes. Example:

apiVersion: batch/v1
kind: Job
spec:
  parallelism: 10
  completions: 10
  completionMode: Indexed
  successPolicy:
    rules:
    - succeededIndexes: "0,2-3"
      succeededCount: 1
  template:
    spec:
      containers:
      - name: main
        image: python
        command: ["python3","-c","import os,sys;
if os.environ.get('JOB_COMPLETION_INDEX') == '2':
  sys.exit(0)
else:
  sys.exit(1)"]

VolumeManager Reconstruction (GA)

KEP‑3756 adds the feature gate NewVolumeManagerReconstruction, improving volume recovery after a kubelet restart. It graduated to GA in v1.30.

Prevent Unauthorized Volume‑Mode Conversion (GA)

KEP‑3141 introduces the annotation snapshot.storage.kubernetes.io/allow-volume-mode-change to block unintended volume‑mode changes when creating a PVC from a VolumeSnapshot.

Pod status.hostIPs Field (GA)

v1.28 added .status.hostIP; v1.30 GA adds the list field .status.hostIPs for multi‑stack environments. Example output before v1.30: {"status":{"hostIP":"192.168.1.5"}} After v1.30:

{"status":{"hostIPs":[{"ip":"192.168.1.5"}]}}

Node Log Query (Beta)

KEP‑2258 provides a node‑level log query API. Raw request example:

(MoeLove) ➜ kubectl get --raw "/api/v2/nodes/$NODE_NAME/proxy/logs/?query=kubelet"

A community plugin is available at https://github.com/aravindhp/kubectl-node-logs/.

Node Swap Default Enabled (GA)

v1.30 enables node swap by default via the MemorySwap.SwapBehavior field. Accepted values: NoSwap (formerly UnlimitedSwap) – default. LimitedSwap – swap limited proportionally to container memory requests; requires cgroup v2.

Recursive Read‑Only (RRO) Mounts (GA)

KEP‑3857 adds recursiveReadOnly: Enabled to make a mount and all its sub‑paths read‑only. Example pod spec:

apiVersion: v1
kind: Pod
metadata:
  name: rro
spec:
  volumes:
  - name: mnt
    hostPath:
      path: /mnt
  containers:
  - name: busybox
    image: busybox
    args: ["sleep","infinity"]
    volumeMounts:
    - name: mnt
      mountPath: /mnt-rro
      readOnly: true
      recursiveReadOnly: Enabled

Other Notable Changes

Removal of the SecurityContextDeny admission plugin.

Addition of StorageVersionMigrator for CRD version upgrades.

Pod user namespace graduated to Beta (requires runtime support).

Kubelet ImageMaximumGCAge reached Beta.

Kubelet log directory defaults to /var/log/pods; note that separate filesystems may affect usage accounting.