12 result(s)
An improved, non-linear conversion from cgroup v1 CPU shares to cgroup v2 CPU weight replaces the previous linear formula to restore intended priority relationships and improve granularity for small CPU requests. The change is implemented in OCI runtimes (runc >=1.3.2, crun >=1.23) and may require updates to tooling that assumed the old mapping.
Kubernetes Steering and Security Response Committees announced Ingress NGINX will be retired in March 2026. There will be no further releases, bug fixes, or security patches. Roughly 50% of cloud-native environments rely on it, so many clusters are at risk unless teams check and migrate; alternatives (Gateway API or third‑party Ingress controllers) are not direct drop‑in replacements and require planning and engineering time. There are about two months to prepare.
This guide shows how to run a local experimental Gateway API environment using kind and cloud-provider-kind. It walks through creating a kind cluster, running cloud-provider-kind (which provides a LoadBalancer and a Gateway API controller and CRDs), deploying a Gateway and an HTTPRoute, deploying a demo echo application, testing with curl, troubleshooting common issues, and cleaning up. The setup is intended for learning and testing only — not production.
Cluster API v1.12.0 adds two major features — in‑place updates and chained upgrades — enabling mutable updates of existing Machines when safe and orchestrated multi‑minor‑version upgrades respectively, while keeping immutable rollouts and strong extensibility as core design principles.
Headlamp’s 2025 recap highlights major growth: the project joined Kubernetes SIG UI, absorbed many community contributions via the Linux Foundation mentorship, and shipped several UX and platform features — multi-cluster views, Projects for grouping resources, a taskbar/activities model, improved search and map, OIDC/auth improvements, Helm/App Catalog enhancements, plugin ecosystem growth (including an AI Assistant), and performance, accessibility, and security upgrades.
Kubernetes has launched the Checkpoint Restore Working Group to advance integration of checkpoint/restore functionality (primarily via the CRIU ecosystem) into Kubernetes. The WG will explore use cases like faster startup, resource optimization for interactive AI workloads, fault-tolerance for long runs, interruption-aware scheduling, live Pod migration, and forensic checkpointing, and invites contributors to join meetings, Slack, and the mailing list.
This article explains how to use the clientcmd library (part of client-go) to make Go CLI tools access the Kubernetes API with the same kubeconfig/kubectl semantics users expect. It covers loading rules, configuration overrides, building and binding flags, merging behavior, creating a merged ClientConfig (interactive or non-interactive), and obtaining a kubernetes client, plus relevant gotchas and an example.
Kubernetes v1.35 introduces a beta credential plugin policy and allowlist to give users control over executables invoked by kubeconfig exec plugins. You can set policy via the client-go ExecProvider.PluginPolicy or by configuring kubectl’s kuberc with credentialPluginPolicy (AllowAll, DenyAll, Allowlist) and credentialPluginAllowlist entries to restrict which plugins may run.
Kubernetes v1.35 (alpha) makes PersistentVolume.spec.nodeAffinity mutable. This allows administrators to update PV node affinity to match changes in underlying storage (for example zonal→regional migrations or disk-generation upgrades) without recreating the PV. The feature is gated (MutablePVNodeAffinity), disabled by default, and requires updating the storage provider first. Be aware of scheduling race conditions when tightening affinity; future kubelet/CSI integration and VolumeAttributesClass automation are planned. Feedback is requested via SIG Storage channels.
Kubernetes v1.35 introduces a beta opt-in for delivering CSI-requested service account tokens in the NodePublishVolumeRequest secrets field rather than volume_context. This change (controlled by serviceAccountTokenInSecrets in the CSIDriver spec) fixes accidental token exposure in logs, is opt-in to preserve compatibility, and includes guidance and a safe rollout sequence for CSI driver authors.
Kubernetes v1.35 introduces Extended Toleration Operators (alpha) that add numeric comparison operators Gt and Lt to spec.tolerations. This lets tolerations compare numeric taint values (e.g., failure-probability, gpu-compute-score, disk-iops, cost-per-hour) so schedulers can make threshold-based placement decisions while preserving taint/toleration semantics (centralized node-side policy and eviction via NoExecute). The feature is gated, supports all taint effects, has specific numeric format rules, and is experimental — feedback and further enhancements (CEL, autoscaling integration, graduation) are planned.
Kubernetes v1.35 introduces an alpha feature, Restart All Containers (enabled with the RestartAllContainersOnContainerExits feature gate), which adds a RestartAllContainers action to container restart rules to perform a fast, in-place full Pod restart that preserves Pod UID, IP, sandbox and volumes while re-running init, sidecar and application containers.