Containers

Amazon EKS now supports Kubernetes version 1.29

Introduction

The Amazon Elastic Kubernetes Service (Amazon EKS) team is pleased to announce support for Kubernetes version 1.29 in Amazon EKS, Amazon EKS Distro, and Amazon EKS Anywhere (v0.19.0). The theme for this version was chosen for the beautiful art form that is Mandala—a symbol of the universe in its perfection. Hence, the fitting release name, Mandala. In their official release announcement, the Kubernetes release team said the release reflects, “the community’s interconnectedness—a vibrant tapestry woven by enthusiasts and experts alike.”

Logo for Kuberentes v1.29

Prerequisites to upgrade

Before upgrading to Kubernetes v1.29 in Amazon EKS, there are some important tasks you need to complete. The following section outlines changes that you must address before upgrading.

  • Update the API version of FlowSchema and PriorityLevelConfiguration.
    The deprecated flowcontrol.apiserver.k8s.io/v1beta2 API version of FlowSchema and PriorityLevelConfiguration are no longer served in Kubernetes v1.29. If you have manifests or client software that uses the deprecated beta API group, then you should change these before you upgrade to v1.29. To learn more, see the deprecated API migration guide.

Kubernetes 1.29 highlights

This post covers some of the notable removals, deprecations, and enhancements in the Kubernetes version 1.29 release. For starters, it’s important to note this release brings some key changes including the removal of v1beta2 flow control API group in v1.29. This means that you will need to update your manifests or client software that uses the deprecated API group before you upgrade to v1.29. Finally, there are several enhancements in v1.29 we’re all excited about, such as beta support for SidecarContainers. For a complete list of changes and updates in Kubernetes version 1.29, check out the Kubernetes change log.

Below are a couple enhancements that has our technical community excited about the v1.29 release. For a complete list, see here.

Advanced pod management features reach beta

Kubernetes v1.29 introduces a sophisticated array of pod management features. Note that while these are powerful features, we recommend testing their impact comprehensively and putting rollback plans in place for any issues that may arise. Should you encounter any issues, we recommend disabling the feature and restarting the kubelet.

  • #753 has graduated to beta and the SidecarContainers feature gate is enabled by default. This feature allows init containers to continue running until pod termination, effectively turning them into sidecar containers. This means that it solves the problem of managing long-running auxiliary processes that need to run alongside the main containers in a pod. For example, if a pod has a main application container and a logging container that collects and forwards logs from the main application, the logging container can be defined as a sidecar container. This allows the logging container to continue running and collecting logs for as long as the main application container is running, providing continuous log collection and forwarding.

Security enhancements

  • #2799 has graduated to beta and the LegacyServiceAccountTokenCleanUp feature gate is enabled by default. This feature allows automatic cleanup of unused legacy service account tokens that are secret-based. Specifically, it labels legacy auto-generated secret-based tokens as invalid if they have not been used for a long time (1 year by default), and automatically removes them if use is not attempted for a long time after being marked as invalid (1 additional year by default). For example, if a Kubernetes cluster was created in v1.22 and had auto-generated secret-based service account tokens, those legacy tokens could persist even after upgrading to v1.29. This feature helps automatically clean up those old unused tokens that are no longer needed, reducing potential attack surfaces. To check whether you are using unused tokens, run the following command:
kubectl get cm kube-apiserver-legacy-service-account-token-tracking -nkube-system
  • #3299 has graduated to stable and the KMSv2 and KMSv2KDF feature gates are enabled by default in Kubernetes v1.29. However, it’s important to note that KMSv2 is currently not supported in Amazon EKS.

This is by no means an exhaustive list of the coolest features that graduated to stable in Kubernetes v1.29. For a complete list, refer to Graduations to stable.

Removed API versions and features

Nowadays, it’s not uncommon for Kubernetes Application Programming Interface (API) versions and features to be deprecated or removed when a new version of Kubernetes is released. When this happens, it’s imperative that you update all manifests and controllers to the newer versions and features listed in this section before upgrading to v1.29. Below are the top call-outs in the v1.29 release. For a complete list, refer to all Deprecations and removals in Kubernetes v1.29.

Deprecation of the status.nodeInfo.kubeProxyVersion field for Node

  • The .status.kubeProxyVersion field for Node objects is now deprecated, and the Kubernetes project is proposing to remove that field in a future release. The deprecated field is not accurate and has historically been managed by kubelet, which does not actually know the kube-proxy version, or even whether kube-proxy is running. If you’ve been using this field in client software, then stop because the information isn’t reliable and the field is now deprecated.

Kubernetes version support in Amazon EKS

Amazon EKS currently provides support for seven Kubernetes versions (v1.23 through v1.29). Kubernetes v1.24 through v1.29 are in standard support, and v1.23 is currently in extended support. Kubernetes version 1.24 will enter extended support on February 1, 2024. You can learn more about extended version support in Amazon EKS here and in our FAQs. If you do not wish to use extended support, then please consider upgrading to a Kubernetes version in standard support.

Conclusion

In this post, we walked through the notable changes in Kubernetes version v1.29 and highlighted some of the most exciting features available. Be sure to check out the other improvements documented in Kubernetes v1.29 release notes. If you need assistance with upgrading your cluster to the latest Amazon EKS version, refer to our documentation here. Let us know the information you’d like to see in future blog articles by participating in our brief survey!

Arnav Mediratta

Arnav Mediratta

Arnav is a Senior Product Manager on the Amazon EKS team focusing on delivering features that delight customers and improve their experience managing Kubernetes on AWS

Leah Tucker

Leah Tucker

Leah is a Senior Open Source Software Writer at AWS. She has years of experience in web development, software integration, product management, and technical writing. Fueled by an insatiable curiosity for solving complex puzzles, she has found her latest challenge in unraveling the intricacies of Kubernetes. In her current role, Leah dedicates the majority of her time bridging the divide between AWS and open-source Kubernetes integrations.