Last checked and updated on 05 Jun 2026
What Is New in Kubernetes 1.9
Kubernetes 1.9 delivers key advancements in workload APIs, storage, and security, marking a significant step towards production stability for core features.
| Category | Highlights |
|---|---|
| New Features | Apps v1, Windows GMSA, IPVS-based kube-proxy GA |
| Improvements | Custom Resource Subresources, Volume Snapshot Alpha |
| API Changes | Admission Webhooks Beta, PriorityClass API |
| Security | Audit Logging Improvements, RBAC Rule Validation |
| Deprecations | kubectl rolling-update, PodSecurityPolicy Extensions |
What are the major workload API changes?
The Apps v1 Workload API has graduated to general availability (GA), providing a stable foundation for deployments and stateful applications. This means the apps/v1 API is now the official, supported version for Deployments, StatefulSets, and DaemonSets.
In practice, you should start migrating your manifests from the older extensions/v1beta1 and apps/v1beta2 APIs. The previous beta APIs are now deprecated and will be removed in a future release. This matters because it signals the maturity of these core controllers for production use.
How does storage get better in 1.9?
Alpha support for volume snapshots and resizing is the headline storage feature. This introduces new Custom Resource Definitions (CRDs) like VolumeSnapshot and VolumeSnapshotClass, allowing you to manage snapshots declaratively.
While still alpha, this lays the groundwork for powerful data management operations directly through the Kubernetes API. You can now prototype workflows for backing up and restoring persistent volumes without leaving the Kubernetes paradigm.
What security enhancements should I know about?
Group Managed Service Accounts (GMSA) for Windows nodes entered beta, providing a crucial identity management mechanism for Windows-based workloads. This allows Windows pods to integrate with Active Directory domains using a shared managed service account.
On the auditing front, log backends now support batching and webhooks, making it easier to integrate with external security systems. The audit log format itself is more structured, which simplifies parsing and analysis for security events across the cluster.
Is the networking stack faster now?
Yes, the IPVS-based kube-proxy has reached GA status and is production-ready. IPVS (IP Virtual Server) is a kernel-level load balancing technology that offers performance improvements over iptables, especially in large-scale clusters with many services.
For clusters running tens of thousands of services, switching to the IPVS mode can reduce latency and improve proxy reliability. You can enable it by setting the kube-proxy mode flag: --proxy-mode=ipvs.
How are Custom Resources evolving?
Custom Resource Definitions (CRDs) now support alpha-level subresources, including /status and /scale. This is a game-changer for writing operators and custom controllers that behave more like native Kubernetes resources.
With /status, you can separate the spec and status of your custom resource, which is a core Kubernetes pattern. The /scale subresource enables horizontal pod autoscaling (HPA) to work with your custom resources, just like it does with Deployments or StatefulSets.
FAQ
Is the Apps v1 API backwards compatible with my existing deployments?
Yes, the API is functionally equivalent to the previous beta versions. Your existing beta API manifests should work when migrated to apps/v1, though you should check the specific fields as some defaults like spec.selector are now mandatory.
Can I use volume snapshots with any storage provider?
No, volume snapshotting requires storage backend support. Major cloud providers like AWS EBS, GCP PD, and Azure Disk are expected to develop drivers, but you must check if your specific storage class and provider have implemented the necessary snapshot interface.
Should I switch my kube-proxy to IPVS mode immediately?
If you're running a large cluster with high service turnover, it's worth testing. For most small to medium clusters, the iptables mode remains robust and well-understood. Remember to test thoroughly in a non-production environment first, as the mode change affects all cluster networking.
What happens if I don't migrate my Custom Resources to use subresources?
Nothing immediately, as this is an alpha feature. However, adopting the status subresource pattern now will make your controllers more aligned with Kubernetes conventions and prepare them for future stability changes to the CRD API.
How do Admission Webhooks in beta differ from the alpha version?
The beta version includes several stability and usability improvements. The API moved from admission.v1alpha1 to admission.v1beta1, and webhooks now have failure policies and timeout configurations that make them more reliable for production use cases.