What’s Changing in Kubernetes v1.35? Key Deprecations and New Features Explained

Kubernetes v1.35 Deprecations

The release team plans to remove several legacy components to streamline the code base and improve cluster health.

cgroup v1 support removal

Kubernetes has provided stable cgroup v2 support since v1.25, making cgroup v1 obsolete. Removing cgroup v1 will prevent kubelet startup on older Linux distributions that lack cgroup v2. Administrators must migrate nodes to systems with cgroup v2 enabled. Details will be posted in a blog after the v1.35 release (see KEP‑5573).

Deprecation of ipvs mode in kube-proxy

Although ipvs offers better load‑balancing performance than iptables, its maintenance complexity has grown. v1.35 will deprecate ipvs mode, recommending nftables for Linux nodes. See KEP‑5495 for more information.

End of support for containerd v1.x

v1.35 will be the last Kubernetes version to support containerd 1.7 and earlier v1.x releases. Clusters still using containerd v1.x must upgrade to containerd 2.0 or later before moving to the next Kubernetes version. Monitoring the kubelet_cri_losing_support metric can help detect affected nodes. Reference: KEP‑4033.

Kubernetes v1.35 New Features (Alpha)

Node‑declared features

The alpha feature introduces a standard mechanism for nodes to report supported Kubernetes capabilities via the .status.declaredFeatures field. Schedulers, admission controllers, and third‑party components can use this information to make more accurate placement decisions and API validation, reducing manual label management and improving integration with Cluster Autoscaler. See KEP‑5328.

In‑place pod resource updates (GA)

Pod resources such as CPU and memory can now be adjusted without restarting the pod or its containers, preserving state for workloads that cannot tolerate disruption. The CRI also gains an UpdateContainerResources API, with Windows and future runtimes supporting it. This capability progressed from alpha in v1.27 to beta in v1.33 and targets GA in v1.35. See KEP‑1287.

Native pod certificate support (Beta)

To simplify mTLS between microservices, Kubernetes will project short‑lived certificates directly into pods via a volume, eliminating the need for external tools like SPIFFE or cert‑manager. The feature entered alpha in v1.34 and aims for beta in v1.35. See KEP‑4317.

Numeric taint comparison

The taint and toleration framework now supports numeric comparison operators (Gt, Lt), enabling pods to tolerate nodes based on quantitative attributes such as SLA values. This extends beyond simple equality checks and can trigger NoExecute eviction when thresholds are breached. See KEP‑5471.

User namespace support

Linux user namespaces map container root to a high, non‑privileged UID on the host, reducing container‑escape risk. The feature has been in alpha since v1.25, beta in v1.30, and continues to evolve toward a “root‑less” container model. See KEP‑127.

OCI image as volume source

Pods can now mount data directly from OCI images using the new image volume type, decoupling data from the container image and simplifying workflows. The feature entered beta in v1.33 and may become default in v1.35. See KEP‑4639.

Getting Involved

Contributors can join relevant SIGs, attend community meetings, or follow the Kubernetes release team on GitHub for the latest updates.