The DisableNodeKubeProxyVersion feature gate is reverted to default-off, giving one year from the deprecation announcement in 1.29 to clearing the field. This aligns with the Kubernetes deprecation policy.
The annotation kubernetes.io/enforce-mountable-secrets in ServiceAccount metadata is deprecated. Separate namespaces are preferred for isolating access to mounted secrets. There is no removal deadline currently scheduled
Custom scheduler plugin developers MUST update PodEligibleToPreemptOthers to include ctx.
The NodeToStatusMap is changed to a struct. Out-of-tree PostFilter plugin developers need to update usage.
A new /resize subresource is added for pod resource resizing. Update client code accordingly.
Unsafe deletion of corrupt resources is now an alpha feature, enabled via the AllowUnsafeMalformedObjectDeletion feature gate and the ignoreStoreReadErrorWithClusterBreakingPotential delete option. Use with extreme caution.
The coordination.v1alpha1 API is replaced by coordination.v1alpha2. Delete old types before upgrading.
Classic dynamic resource allocation (DRA) is removed. If used, remove all dependent workloads and PodSchedulingContext resources before upgrading.
Dynamic Resource Allocation (DRA) is promoted to beta. Downgrading from 1.32 to 1.31 with DRA resources is NOT supported.
The in-tree cloud providers are removed. Set --cloud-provider to either "external" or the empty string.
The --runonce kubelet mode is removed. Specifying this flag or setting runOnce in a config file is an error. Any value for the runOnce config option is now deprecated
Asynchronous pod preemption is introduced as an alpha feature via the SchedulerAsyncPreemption feature gate.
The kubelet memory manager is now GA.
DRA is promoted to beta. Downgrades from 1.32 to earlier versions with DRA resources are not supported.
A new /statusz endpoint is added to kube-apiserver.
Kubeadm now supports phased upgrades via kubeadm upgrade apply phase <phase-name> and skipping phases with kubeadm upgrade apply --skip-phases <phase-names>.
The StructuredAuthorizationConfiguration feature gate for kube-apiserver is now GA. Use apiserver.config.k8s.io/v1 for --authorization-config.
The kubelet supports systemd watchdog integration for automatic recovery from hangs.
Client-go now supports API streaming for List() calls when the WatchListClient feature gate is enabled and the API server supports it.
The SchedulerQueueingHints feature gate is graduated to beta and enabled by default.
In-tree cloud providers are removed. Set the kubelet's --cloud-provider parameter to "external" or an empty string. All other values are invalid.
The --runonce kubelet mode is removed. Specifying this flag or setting runOnce in a config file results in an error. Any value for the runOnce config option is deprecated
Fixed a regression where init containers might fail to start due to temporary container runtime failures.
Fixed a bug where the endpoints controller failed to reconcile Endpoint objects after truncation.
Fixed a bug where podCIDR was released before node deletion.
Fixed a bug that could cause pods with nodeAffinity to be scheduled to the wrong node when the hostname label and node name didn't match.
Fixed a race condition in kube-proxy initialization that could affect UDP traffic to service VIPs.
Fixed a regression in v1.29 where conntrack entries for UDP connections to deleted pods were not cleaned up correctly.
Fixed an issue where eviction manager was not deleting unused images or containers.
Terminated pods are not readmitted on kubelet restart, preventing Completed pods with finalizers from being marked as Failed.
kubelet now attempts to get an existing node if the request to create it fails with StatusForbidden.
Fixed a bug in PodTopologySpread where the scheduler might miss updates for pods and keep them queued longer than necessary when QueueingHint is enabled.
Fixed a memory leak in kubelet and kube-apiserver related to tracing in default 1.29 configurations.
Fixed a bug where kubelet drops the QOSClass field of a Pod's status when rejecting the pod.
Fixed an issue mounting CSI volumes on Windows nodes in 1.32.0 release candidates