Kubernetes v1.26: <theme>

--- layout: blog title: "Kubernetes v1.26: <theme>" date: 2022-12-6 slug: kubernetes-v1-26-release --- **Authors**: [Kubernetes 1.26 Release Team](https://github.com/kubernetes/sig-release/blob/master/releases/release-1.26/release-team.md) It's with immense joy that we announce the release of Kubernetes v1.26! This release includes a total of 37 enhancements: eleven of them are graduating to Stable, ten are graduating to Beta, and sixteen of them are entering Alpha. We also have two features being deprecated or removed. ## Release theme and logo **Kubernetes 1.26: Electrifying** \<image here> The theme for Kubernetes v1.26 is _Electrifying_. \<explanation of the theme> ## Major Themes Kubernetes v1.26 is composed of many changes, brought to you by a worldwide team of volunteers. Here we identify the major themes for the release. ### Progress on the CSI migration Following the GA of the [core Container Storage Interface (CSI) Migration](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/625-csi-migration) feature in the previous release, CSI migration is an on-going effort that we've been working on for a few releases now, and this release continues to add (and remove) features aligned with the migration's goals. #### Delegate FSGroup to CSI Driver graduated to Stable This feature allows Kubernetes to [supply the pod's `FSGroup` to the CSI driver when a volume is mounted](https://github.com/kubernetes/enhancements/issues/2317) so that the driver can utilize mount options to control volume permissions. Previously, the kubelet would always apply the `fsGroup`ownership and permission change to files in the volume according to the policy specified in the `Pod.spec.securityContext.fsGroupChangePolicy` field. Starting with this release, CSI drivers have the option to apply the `fsGroup` settings during attach or mount time of the volumes. #### CSI migration for Azure File and vSphere graduated to Stable Both the [vSphere](https://github.com/kubernetes/enhancements/issues/1491) and [Azure](https://github.com/kubernetes/enhancements/issues/1885) in-tree driver migration to CSI have graduated to Stable. #### In-tree GlusterFS driver removal Already deprecated in the v1.25 release, the [in-tree GlusterFS driver](https://github.com/kubernetes/enhancements/issues/3446) was removed in this release. #### In-tree OpenStack Cinder driver removal This release removed the deprecated in-tree storage integration for OpenStack (the `cinder` volume type). You should migrate to external cloud provider and CSI driver from https://github.com/kubernetes/cloud-provider-openstack instead. For more information, visit [Cinder in-tree to CSI driver migration](https://github.com/kubernetes/enhancements/issues/1489). ### CRI v1alpha2 removed With the adoption of the [Container Runtime Interface](https://kubernetes.io/docs/concepts/architecture/cri/) (CRI) and the [removal of dockershim] in v1.24 , the CRI is the supported and documented way through which Kubernetes interacts with different container runtimes. Each kubelet negotiates which version of CRI to use with the container runtime on that node. The Kubernetes project recommends using CRI version `v1`; in Kubernetes v1.25 the kubelet could also negotiate the use of CRI `v1alpha2` (which was deprecated along at the same time as adding support for the stable `v1` interface). Kubernetes v1.26 dropped support for CRI `v1alpha2`. That [removal](https://github.com/kubernetes/kubernetes/pull/110618) will result in the kubelet not registering the node if the container runtime doesn't support CRI `v1`. This means that containerd minor version 1.5 and older will not be supported in Kubernetes 1.26; if you use containerd, you will need to upgrade to containerd version 1.6.0 or later **before** you upgrade that node to Kubernetes v1.26. Other container runtimes that only support the `v1alpha2` are equally affected: if that affects you, you should contact the container runtime vendor for advice or check their website for additional instructions in how to move forward. ### Signing Kubernetes release artifacts graduates to Stable [SIG Release] Introduced in [v1.24](https://kubernetes.io/blog/2022/05/03/kubernetes-1-24-release-announcement/), this feature constitutes a significant milestone in improving the security of the Kubernetes release process. All release artifacts are signed using [cosign](https://github.com/sigstore/cosign/), and both binary artifacts and images [can be verified](https://kubernetes.io/docs/tasks/administer-cluster/verify-signed-images/). ### Improvements to Kubernetes metrics This release has several noteworthy improvements on metrics. #### Metrics framework extension graduates to Alpha The **metrics framework extension** graduates to Alpha and documentation can now be [auto-generated](https://kubernetes.io/docs/reference/instrumentation/metrics/) for every metric in the Kubernetes codebase, improving the ability to identify the metrics exposed by different Kubernetes components. #### Component Service Level Indicators graduates to Alpha Also improving on the ability to consume Kubernetes metrics, the **component Service Level Indicators (SLIs)** has graduated to Alpha: by enabling the `ComponentSLIs` feature flag there will be an [additional metrics endpoint](https://github.com/kubernetes/kubernetes/pull/112884) which allows the calculation of Service Level Objectives (SLOs) from raw healthcheck data converted into metric format. #### Feature metrics are now available **Feature metrics** are now available for each Kubernetes component, making it possible to [track whether each active feature gate is enabled](https://github.com/kubernetes/kubernetes/pull/112690) by checking the component's metric endpoint for `kubernetes_feature_enabled`. #### API server tracing _FIXME: API server tracing graduates to Beta [SIG Instrumentation] need clarification, https://github.com/kubernetes/enhancements/issues/647 indicates this is not tracked for 1.26_ ### Removal of legacy command line arguments relating to logging Kubernetes v1.26 [removes](https://github.com/kubernetes/kubernetes/pull/112120) some command line arguments relating to logging. These command line arguments were already deprecated. For more information, see [Deprecate klog specific flags in Kubernetes Components](https://github.com/kubernetes/enhancements/tree/3cb66bd0a1ef973ebcc974f935f0ac5cba9db4b2/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components). ### Dynamic Resource Allocation graduates to Alpha [Dynamic Resource Allocation](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/3063-dynamic-resource-allocation/README.md) is a new feature that puts resource scheduling in the hands of 3rd-party developers: it moves away from the limited "countable" interface for requesting access to resources (e.g. `nvidia.com/gpu: 2`), providing an API more akin to that of persistent volumes. Under the hood, it uses the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) to do its device injection. This feature is blocked by the `DynamicResourceAllocation` feature gate. ### CEL in Admission Control graduates to Alpha [SIG API Machinery] This feature introduces a `v1alpha1` API for [validating admission policies](https://github.com/kubernetes/enhancements/issues/3488), enabling extensible admission control via [Common Expression Language](https://github.com/google/cel-spec) expressions. Currently, custom policies are enforced via [admission webhooks](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/), which, while flexible, have a few drawbacks when compared to in-process policy enforcement. To use, enable the `ValidatingAdmissionPolicy` feature gate and the `admissionregistration.k8s.io/v1alpha1` API via `--runtime-config`. ### Pod scheduling improvements #### `PodSchedulingReadiness` graduates to Alpha This feature introduces a `.spec.schedulingGates` field to Pod's API, to [indicate whether the Pod is allowed to be scheduled or not](https://github.com/kubernetes/enhancements/issues/3521 ). External users/controllers can use this field to hold a Pod from scheduling based on their policies and needs. #### `NodeInclusionPolicyInPodTopologySpread` graduates to Beta By specifying a `nodeInclusionPolicy` in `topologySpreadConstraints`, you can control whether to [take taints/tolerations into consideration](https://github.com/kubernetes/enhancements/issues/3094) when calculating Pod Topology Spread skew. #### `MatchLabelKeysInPodTopologySpread` graduates to Beta Specifying `matchLabelKeys` in `topologySpreadConstraints` will make the values of the labels deduced from the pod being scheduled, simplifying pod specs. This can be used in a Deployment to match only the pods of the new revision during a rolling upgrade, without the need to know its value. ## Other Updates ### Graduations to Stable This release includes a total of eleven enhancements promoted to Stable: * [Support for Windows privileged containers](https://github.com/kubernetes/enhancements/issues/1981) * [vSphere in-tree to CSI driver migration](https://github.com/kubernetes/enhancements/issues/1491) * [Allow Kubernetes to supply pod's fsgroup to CSI driver on mount](https://github.com/kubernetes/enhancements/issues/2317) * [Azure file in-tree to CSI driver migration](https://github.com/kubernetes/enhancements/issues/1885) * [Job tracking without lingering Pods](https://github.com/kubernetes/enhancements/issues/2307) * [Service Internal Traffic Policy](https://github.com/kubernetes/enhancements/issues/2086) * [Kubelet Credential Provider](https://github.com/kubernetes/enhancements/issues/2133) * [Support of mixed protocols in Services with type=LoadBalancer](https://github.com/kubernetes/enhancements/issues/1435) * [Reserve Service IP Ranges For Dynamic and Static IP Allocation](https://github.com/kubernetes/enhancements/issues/3070) * [CPUManager](https://github.com/kubernetes/enhancements/issues/3570) * [DeviceManager](https://github.com/kubernetes/enhancements/issues/3573) ### Deprecations and Removals XX features were [deprecated or removed](/blog/2022/11/18/upcoming-changes-in-kubernetes-1-26/) from Kubernetes with this release. <FIXME: how many do we want to indicate here? Just the KEP? These two? More?> * [CRI `v1alpha2` API is removed](https://github.com/kubernetes/kubernetes/pull/110618) * [GlusterFS plugin removed from available in-tree drivers](https://github.com/kubernetes/enhancements/issues/3446) ### Release Notes The complete details of the Kubernetes v1.26 release are available in our [release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md). ### Availability Kubernetes v1.26 is available for download on [GitHub](https://github.com/kubernetes/kubernetes/releases/tag/v1.26.0). To get started with Kubernetes, check out these [interactive tutorials](/docs/tutorials/) or run local Kubernetes clusters using containers as "nodes", with [kind](https://kind.sigs.k8s.io/). You can also easily install 1.25 using [kubeadm](/docs/setup/independent/create-cluster-kubeadm/). ### Release Team Kubernetes is only possible with the support, commitment, and hard work of its community. Each release team is made up of dedicated community volunteers who work together to build the many pieces that make up the Kubernetes releases you rely on. This requires the specialized skills of people from all corners of our community, from the code itself to its documentation and project management. We would like to thank the entire [release team]((https://github.com/kubernetes/sig-release/blob/master/releases/release-1.26/release-team.md) ) for the hours spent hard at work to ensure we deliver a solid Kubernetes v1.26 release for our community. A very special thanks is in order for our Release Lead, Leonard Pahlke, for successfully steering the entire release team throughout the entire release cycle, by making sure that we could all contribute in the best way possible to this release through his constant support and attention to the many and diverse details that make up the path to a successful release. ### User Highlights <FIXME: to be expanded> * [Wortell](https://www.cncf.io/case-studies/wortell/) * [Utmost](https://www.cncf.io/case-studies/utmost/) * [Ericom](https://www.cncf.io/case-studies/ericom/) * [Lunar](https://www.cncf.io/case-studies/lunar/) * [Datadog](https://www.cncf.io/case-studies/datadog/) * [Insiel](https://www.cncf.io/case-studies/insiel/) ### Ecosystem Updates * KubeCon + CloudNativeCon Europe 2023 will take place in Amsterdam, The Netherlands, from 17 – 21 April 2023! You can find more information about the conference and registration on the [event site](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/). * CloudNativeSecurityCon North America, a two-day event designed to foster collaboration, discussion and knowledge sharing of cloud native security projects and how to best use these to address security challenges and opportunities, will take place in Seattle, Washington (USA), from 1-2 February 2023. See the [event page](https://events.linuxfoundation.org/cloudnativesecuritycon-north-america/) for more information. * The CNCF announced [the 2022 Community Awards Winners](https://www.cncf.io/announcements/2022/10/28/cloud-native-computing-foundation-reveals-2022-community-awards-winners/): the Community Awards recognize CNCF community members that are going above and beyond to advance cloud native technology. ### Project Velocity The [CNCF K8s DevStats](https://k8s.devstats.cncf.io/d/12/dashboards?orgId=1&refresh=15m) project aggregates a number of interesting data points related to the velocity of Kubernetes and various sub-projects. This includes everything from individual contributions to the number of companies that are contributing, and is an illustration of the depth and breadth of effort that goes into evolving this ecosystem. In the v1.26 release cycle, which [ran for 14 weeks](https://github.com/kubernetes/sig-release/tree/master/releases/release-1.26) (September 5 to December 6), we saw contributions from [<FIXME> companies](https://k8s.devstats.cncf.io/d/9/companies-table?orgId=1&var-period_name=v1.25.0%20-%20v1.26.0&var-metric=contributions) and [<FIXME> individuals](https://k8s.devstats.cncf.io/d/66/developer-activity-counts-by-companies?orgId=1&var-period_name=v1.25.0%20-%20v1.26.0&var-metric=contributions&var-repogroup_name=Kubernetes&var-country_name=All&var-companies=All&var-repo_name=kubernetes%2Fkubernetes). ## Upcoming Release Webinar Join members of the Kubernetes v1.26 release team on <FIXME date> to learn about the major features of this release, as well as deprecations and removals to help plan for upgrades. For more information and registration, visit the [event page](https://community.cncf.io/events/details/cncf-cncf-online-programs-presents-cncf-live-webinar-kubernetes-v126-release/). ## Get Involved The simplest way to get involved with Kubernetes is by joining one of the many [Special Interest Groups](https://github.com/kubernetes/community/blob/master/sig-list.md) (SIGs) that align with your interests. Have something you’d like to broadcast to the Kubernetes community? Share your voice at our weekly [community meeting](https://github.com/kubernetes/community/tree/master/communication), and through the channels below: * Find out more about contributing to Kubernetes at the [Kubernetes Contributors](https://www.kubernetes.dev/) website * Follow us on Twitter [@Kubernetesio](https://twitter.com/kubernetesio) for the latest updates * Join the community discussion on [Discuss](https://discuss.kubernetes.io/) * Join the community on [Slack](http://slack.k8s.io/) * Post questions (or answer questions) on [Server Fault](https://serverfault.com/questions/tagged/kubernetes). * Share your Kubernetes [story](https://docs.google.com/a/linuxfoundation.org/forms/d/e/1FAIpQLScuI7Ye3VQHQTwBASrgkjQDSS5TP0g3AXfFhwSM9YpHgxRKFA/viewform) * Read more about what’s happening with Kubernetes on the [blog](https://kubernetes.io/blog/) * Learn more about the [Kubernetes Release Team](https://github.com/kubernetes/sig-release/tree/master/release-team)