Skip to main content
HashnodeOpsInsights

Command Palette

Search for a command to run...

K8s 1.35 Sneak Peek: What's Coming Next?

Updated
2 min read
K8s 1.35 Sneak Peek: What's Coming Next?
J
Jothimani Radhakrishnan

Kubernetes never sleeps! Just when we get comfortable, a new release brings features that make our lives easier (and our clusters safer). Here is a quick sneak peek at what is landing in Kubernetes 1.35.

Deprecation of ipvs mode

KEP-5495: Deprecate ipvs mode in kube-proxy

Since the iptables scalability issues are being solved using nftables, ipvs mode is essentially redundant. It's time to say goodbye to the complexity of IPVS. If you want the gritty details on why iptables needed a replacement, check out this deep dive.

Node Declared Features

KEP-4033: Discover cgroup driver from CRI

This solves the "does this node actually support what I need?" problem without manual labeling. Nodes can now self-report specific capabilities (like hardware or plugins) directly to the control plane via the API. This allows the scheduler to automatically place Pods on compatible nodes without you having to manually manage feature labels!

status:
  declaredFeatures:
    example.com/gpu: "true" # Node says: "I explicitly support this!"

In-Place Update of Pod Resources

KEP-1287: In-place Update of Pod Resources

This has been in the works for a while, but it's a game changer! Vertical Pod Autoscaling (VPA) can finally resize CPU and Memory limits without restarting the Pod. No more disruptions just to give a hungry container a bit more RAM.

Numeric Values for Taints

KEP-5471: Enable SLA-based Scheduling

Taints used to be boolean (it exists or it doesn't). Now, we get math!

Before: taint key=HighPriority:NoSchedule (You either match "HighPriority" exactly, or you don't).

After: taint reliability=999:NoSchedule Pod Toleration: operator: Gt, value: 950 (The Pod says: "I can only tolerate nodes with reliability > 950" — much more expressive!)

User Namespaces

KEP-127: User Namespaces

This is a massive security upgrade for running containers safely.

Before: Container root (UID 0) == Host root (UID 0). (If they break out of the container, they are root on your server. Scary!)

After: Container root (UID 0) == Host nobody (UID 65534). (They are root inside, but powerless outside. Much better.)

OCI Images as Volumes

KEP-4639: OCI Volume Source

Stop building massive images just to include data!

Before: InitContainer runs wget https://... -> saves to emptyDir -> MainContainer reads it. (Slow, complex startup scripts, wasted bandwidth.)

After:

volumes:
  - name: data
    image:
      reference: "my-data-layer:latest" # Mounts directly!

That's a wrap for the 1.35 highlights!

If you found this useful, feel free to reach out to me on LinkedIn. Let's discuss what feature you are most excited about!

For more detailed Reading:

1.35 Release notes: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md

https://isovalent.com/blog/post/why-replace-iptables-with-ebpf/

#kubernetes
46 views

More from this blog

OpsInsights

33 posts

A Software Product Engineer, Cloud enthusiast | Blogger | DevOps | SRE | Python Developer. I usually automate my day-to-day stuff and Blog my experience on challenging items.

Kubernetes 1.35 Sneak Peek: Node Features, Taints, and More