Kubernetes v1.34: Of Wind & Will (O' WaW)

Release Summary: 58 total enhancements - 23 graduated to Stable, 22 entered Beta, 13 entered Alpha

ago 30, 2025

Key Spotlight Features

Stable: Dynamic Resource Allocation (DRA) Core GA

Description: Core DRA functionality for selecting, allocating, sharing, and configuring GPUs, TPUs, NICs and other devices
Details: Based on structured parameters with ResourceClaim, DeviceClass, ResourceClaimTemplate, and ResourceSlice API types
KEP: KEP #4381

Beta: Projected ServiceAccount Tokens for Kubelet Image Credential Providers

Description: Short-lived, audience-bound ServiceAccount tokens for authenticating to container registries
Benefits: Eliminates long-lived Secrets, reduces attack surface, simplifies credential management
KEP: KEP #4412

Alpha: KYAML Support - Kubernetes Dialect of YAML

Description: Safer, less ambiguous YAML subset designed specifically for Kubernetes
Usage: Available as kubectl output format with KUBECTL_KYAML=true environment variable
KEP: KEP #5295

Features Graduating to Stable (23 total)

Job and Pod Management

Delayed creation of Job's replacement Pods - Prevents resource contention by creating replacement Pods only when original Pod fully terminates (KEP #3939)
Sleep action for Container lifecycle hooks - PreStop and PostStart lifecycle hooks with configurable sleep duration (KEP #3960, KEP #4818)
Ordered Namespace deletion - Structured deletion process ensuring security dependencies are respected (KEP #5080)

Storage Enhancements

Recovery from volume expansion failure - Cancel and retry volume expansions with smaller values (KEP #1790)
VolumeAttributesClass for volume modification - Generic API for modifying volume parameters like provisioned IO (KEP #3751)

Authentication and Authorization

Structured authentication configuration - Configuration file format for API server client authentication (KEP #3331)
Finer-grained authorization based on selectors - Authorization decisions based on field and label selectors (KEP #4601)
Restrict anonymous requests with fine-grained controls - Configure specific endpoints for unauthenticated requests (KEP #4633)

Scheduling and Performance

More efficient requeueing through plugin-specific callbacks - Accurate decisions about when to retry scheduling unschedulable Pods (KEP #4247)
Streaming list responses - Streaming encoding mechanism for large list responses to reduce memory pressure (KEP #5116)
Resilient watch cache initialization - More robust watch cache initialization during API server startup (KEP #4568)

Node and Container Runtime

Linux node swap support - Configurable per-node swap support with LimitedSwap mode (KEP #2400)
Allow special characters in environment variables - Support for nearly all printable ASCII characters in variable names (KEP #4369)
Taint management separated from Node lifecycle - TaintManager refactored as separate controller (KEP #3902)

Network and Windows

Relaxing DNS search path validation - More flexible DNS search path configuration (KEP #4427)
Support for Direct Service Return (DSR) in Windows kube-proxy - Performance optimizations for Windows load balancing (KEP #5100)

Additional Stable Features

API Server tracing (KEP #647)
AppArmor support (KEP #24)
Consistent Reads from Cache (KEP #2340)
Discover cgroup driver from CRI (KEP #4033)
Kubelet OpenTelemetry Tracing (KEP #2831)

New Features in Beta (22 total)

Resource Management

Pod-level resource requests and limits - Resource budgets at Pod level shared among containers, with HPA support (KEP #2837)
In-place Pod resize improvements - Support for decreasing memory usage and Pod-level resource integration (KEP #1287)

CLI and Configuration

.kuberc file for kubectl user preferences - Configuration file for kubectl preferences and command aliases (KEP #3104)

Authentication and Security

External ServiceAccount token signing - Integration with external key management solutions for token signing (KEP #740)
Mutating admission policies - Declarative, in-process alternative to mutating admission webhooks using CEL (KEP #3962)

DRA Beta Features

Admin access for secure resource monitoring - Controlled administrative access to in-use devices for monitoring (KEP #5018)
Prioritized alternatives in ResourceClaims - Ordered list of resource alternatives with firstAvailable field (KEP #4816)
Kubelet reports allocated DRA resources - PodResourcesAPI reporting of DRA allocations (KEP #3695)

Scheduling and Performance

kube-scheduler non-blocking API calls - Asynchronous API handling with prioritized queue system (KEP #5229)
Snapshottable API server cache - Serve list requests from cache snapshots instead of etcd (KEP #4988)
Streaming informers for list requests - Memory-efficient streaming for large datasets using WatchList mechanism (KEP #3157)

Platform Support

Graceful node shutdown handling for Windows nodes - Windows nodes can detect shutdown events and gracefully terminate Pods (KEP #4802)

Validation and Development

Tooling for declarative validation of Kubernetes-native types - CEL-based validation rules for native Kubernetes types (KEP #5073)

Network Improvements

Traffic distribution enhancements - PreferSameZone and PreferSameNode options, deprecating PreferClose (KEP #3015)

New Features in Alpha (13 total)

Security and Authentication

Pod certificates for mTLS authentication - X.509 certificates for Pods via PodCertificateRequests (KEP #4317)
"Restricted" Pod security standard forbids remote probes - Security enhancement preventing probe misuse (KEP #4940)

Scheduling

Use .status.nominatedNodeName to express Pod placement - Scheduler indicates Pod placement intentions to help autoscalers (KEP #5278)

DRA Alpha Features

Resource health status for DRA - Expose health status of devices allocated to Pods (KEP #4680)
Extended resource mapping - Simple alternative to DRA using familiar container resource syntax (KEP #5004)
DRA consumable capacity - Share devices or device slices across multiple ResourceClaims (KEP #5075)
Device binding conditions - Delay Pod binding until external resources are confirmed ready (KEP #5007)

Container Management

Container restart rules - Per-container restart policies and rules based on exit codes (KEP #5307)
Load environment variables from files created in runtime - Runtime environment variable generation from files (KEP #3721)

Deprecations and Removals

Deprecated

Manual cgroup driver configuration - cgroupDriver configuration setting and --cgroup-driver flag deprecated, removal planned for v1.36+ (KEP #4033)
PreferClose traffic distribution - Deprecated in favor of PreferSameZone and PreferSameNode (KEP #3015)

End of Support Timeline

containerd 1.x support - Kubernetes v1.35 will be the last release supporting containerd 1.x, upgrade to 2.0+ recommended (KEP #4033)

Release Cycle: 15 weeks (May 19 - August 27, 2025)
Contributors: 491 individuals from 106 companies
Ecosystem: 2,235 contributors from 370 companies across cloud native projects

Discusión sobre este post

Sin posts

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts