The upcoming Kubernetes v1.35 release, scheduled for December 17, 2025, is shaping up to be a significant milestone for the platform. While the feature set is still evolving, developers and cluster administrators should pay close attention to the changes slated for deprecated features and newly introduced capabilities. They not only signal a shift in Kubernetes’ operational paradigms but also address ongoing challenges within the cloud-native ecosystem.
Understanding Deprecated Features and Their Implications
In v1.35, Kubernetes is set to remove several legacy features that reflect its commitment to modernization and performance optimization. One of the most impactful changes is the removal of support for cgroup v1 on Linux nodes. Since support for cgroup v2 became stable in v1.25, the shift toward a unified control group hierarchy has become essential. This transition improves resource isolation and is better suited for modern Kubernetes functionalities, ultimately necessitating a migration to cgroup v2 for cluster administrators still using legacy systems. Running nodes on older Linux distributions that do not support cgroup v2 will result in startup failures for the kubelet.
The project is also deprecating the ipvs mode in kube-proxy. While ipvs was introduced to enhance load balancing capabilities, the technical debt stemming from the need to maintain feature parity with other kube-proxy modes has proved untenable. Transitioning to nftables as the recommended mode simplifies the kube-proxy codebase and aligns Kubernetes networking with newer capabilities, leaving behind the complexities associated with ipvs.
Administrators relying on containerd versions prior to 2.0 should be aware that Kubernetes v1.35 marks the end of support for containerd v1.X. This necessitates urgent action to migrate to at least version 2.0 to avoid potential disruptions in service. Monitoring metrics that track deprecated container runtimes will be essential to ensure compliance ahead of the upgrade.
Key Enhancements to Watch
As we anticipate these removals, several enhancements are poised to improve the functionality and performance of Kubernetes clusters. Among the most significant is the introduction of the node declared features framework. This innovation will allow nodes to explicitly declare their supported Kubernetes features via the new .status.declaredFeatures field. This enhancement directly addresses version skew challenges, particularly during cluster upgrades, by preventing pods from being scheduled on incompatible nodes. The integration with the kube-scheduler promotes a more accurate scheduling process and enhanced cluster reliability.
Another noteworthy enhancement is the in-place update of Pod resources, which has now graduated to General Availability. This capability allows the adjustment of CPU and memory allocations without requiring a Pod restart, thus improving operational efficiency and minimizing disruptions for critical workloads, especially stateful applications. This evolution also extends the updated Container Runtime Interface (CRI), enhancing the overall resource management experience within Kubernetes.
The anticipated support for Pod certificates is another significant stride forward, allowing Kubernetes to issue unique, short-lived certificates for Pods natively. This development simplifies the enforcement of mutual TLS for mTLS communications between Pods, easing the operational burden associated with managing external certificate provisioning tools. Native support for workload identity will enable a smoother implementation of zero-trust network policies.
Enhancements in Scheduling and Security
Kubernetes v1.35 introduces numeric comparison operators for taints and tolerations, enriching the scheduling capabilities of Pods. This allows Pods to target nodes based on specific numeric thresholds, such as reliability SLAs, thereby increasing the granularity of resource selection. The introduction of the NoExecute effect enables automatic eviction of Pods when their tolerance levels are not met, enhancing cluster health management.
The enhancement of user namespaces further strengthens security by allowing container root users to be mapped to non-privileged user IDs on the host. This change is a pivotal step towards achieving rootless containers, substantially mitigating the risks associated with container breakout vulnerabilities.
Optimizing Workflows with OCI Image Mounting
Lastly, v1.35 is set to streamline workload provisioning through support for mounting OCI images as volumes directly. This allows Pods to pull and prepare data artifacts from OCI registries, decoupling application code from data binaries. As a result, distributing application dependencies becomes more straightforward, minimizing the complications associated with traditional methods like using init containers.
Conclusion: A Barometer for Kubernetes' Future
The changes in Kubernetes v1.35 underscore a crucial pivot towards a cleaner, more efficient architecture capable of supporting modern application requirements. As you navigate these adjustments, it's clear that Kubernetes is heading toward a more streamlined, secure, and user-friendly environment. For cluster administrators, these improvements emphasize the importance of maintaining up-to-date systems and workflows. The proactive management of deprecated features, alongside embracing new enhancements, will be key for leveraging the full potential of Kubernetes as it continues to evolve.
