Kubernetes v1.35 is poised to bring significant shifts in how developers and operators manage resource allocation, networking, and security within their clusters. With the deprecation and removal of certain legacy features, this release underscores a maturation process that prioritizes modern standards and refined operational efficiencies. For those immersed in the Kubernetes ecosystem, the implications of these changes extend beyond mere technical adjustments; they redefine best practices for deployment, resource management, and security protocols.
The Shifts in Kubernetes v1.35
The most noteworthy alteration in v1.35 is the sunset of cgroup v1 support. Kubernetes has been supporting cgroup v2 since v1.25, which brings a unified control hierarchy and enhanced resource isolation. The decision to remove cgroup v1 reflects an industry shift towards more standardized approaches in resource control. Administrators now need to ensure their environments utilize Linux distributions supporting cgroup v2. Failure to make this transition means the kubelet will not start, potentially leaving clusters vulnerable and non-functional.
Moreover, the Kubernetes community will phase out ipvs mode in kube-proxy due to concerns about maintaining feature parity across different proxy modes. While ipvs was initially seen as a high-performance alternative to iptables, its increasing complexity and technical debt have rendered it unsustainable. This move simplifies the kube-proxy codebase and positions nftables as the primary mode for load balancing, setting the stage for future enhancements.
Path to Modernization
Kubernetes v1.35 marks a decisive step towards modernizing the platform with several enhancements that promise greater flexibility and control. For instance, the introduction of node declared features aims to tackle version skew challenges during cluster upgrades. With nodes able to declare their supported features via the new .status.declaredFeatures field, the kube-scheduler can make more informed decisions about pod placements. This will not only improve efficiency but also prevent runtime failures tied to feature mismatches.
The in-place update of pod resources is another crucial enhancement. Transitioning from a model that required restarting pods to adjust memory and CPU resource allocations to one that allows real-time adjustments without disruption is a significant leap for operational efficiency. This feature particularly benefits stateful applications that cannot afford downtime.
Strengthened Security Measures
With security becoming an ever-pressing concern, Kubernetes v1.35 also integrates features that bolster the secure operation of microservices. The introduction of native pod certificates is aimed at simplifying the provisioning and management of cryptographic identities for mutual TLS authentication. Historically, operators relied on external projects, which could become cumbersome. Now, through KEP-4317, certificates will be issued automatically, thus enhancing security while reducing operational overhead.
Moreover, the support for user namespaces represents a paradigm shift in container security. By enabling the remapping of the container’s root user to a non-privileged host user, Kubernetes mitigates the risk of container breakout vulnerabilities. This feature has progressed from alpha to beta and is set to redefine pod security, particularly in multi-tenant environments where isolation is paramount.
Enhanced Scheduling Strategies
The advancements in taints and tolerations also align with the ongoing effort to refine resource allocation strategies in Kubernetes. By incorporating numeric comparison operators, like Gt and Lt, Kubernetes allows for more nuanced scheduling decisions based on Service Level Agreement (SLA) metrics. This increases the granularity of control that operators have over pod deployment, directly influencing the reliability of applications hosted on Kubernetes.
OCI Images and Runtime Efficiency
Support for mounting OCI images as volumes signals another forward-thinking change in Kubernetes v1.35. This feature enables pods to pull data directly from OCI registries, streamlining the provisioning process. Previously, developers relied on bundling data within container images or utilizing init containers, which often complicated deployment workflows. By decoupling data distribution from container image management, Kubernetes drives down operational complexity.
The Road Ahead
The Kubernetes v1.35 release, scheduled for December 17, 2025, presents an exciting yet challenging transition for cluster administrators and developers alike. As the community prepares for these changes, it's vital for teams to engage with the documentation and migration paths to adapt their practices accordingly. The enhancements represent not just technical improvements but also a shift towards a more stable, efficient, and secure orchestration framework, paving the way for future advancements in container orchestration.
For practitioners in the industry, leveraging these changes soon after v1.35 rolls out will be crucial. Staying informed through Kubernetes release notes and embracing the landscape's evolving best practices will ensure that deployments remain robust and compliant with modern standards.
