Kubernetes v1.35.0-beta.0 is live!
Michelle Nguyen
Kubernetes v1.35.0-beta.0 has been built and pushed using Golang version 1.25.3.
The release notes have been updated in CHANGELOG-1.35.md, with a pointer to them on GitHub:
v1.35.0-beta.0
Downloads for v1.35.0-beta.0
Source Code
| filename | sha512 hash |
|---|---|
| kubernetes.tar.gz | 17fae05597b73bf8ed2c14bfbc7d863e6ca470877be12a510cb354bcaf4fa5f9b15b3702e45d231efe9f4865f687bf8d1ace312b4e0a15442a14c9997f1caa07 |
| kubernetes-src.tar.gz | a51fcd8dbe8097f1890931435bdeaf9c1aa31ae3c55ae6abeb504aa881c3e125ecb72af7518a9d3d38ffe67fbcffc6f1dd9e1e456218856ba2f25ec4d466f339 |
Client Binaries
| filename | sha512 hash |
|---|---|
| kubernetes-client-darwin-amd64.tar.gz | 50e6712a9d2a35d782ac0ddb22eb0799fdceca6c434c5ebe446e9f49bf9b7612cd3af3f31af211d8364d128d8b75f87ba9e61466aa7c6552416c50c14b08dd78 |
| kubernetes-client-darwin-arm64.tar.gz | c181381e2554d20b5ffbe024b33b8593800491bccceb98eaacc25fbc9ef44be4c360ec59603b857b730670c6cdcfe8d8428b790e1413d402f699c6579877ed4a |
| kubernetes-client-linux-386.tar.gz | 26fcb99525560328c9ab1e856741e3eb6aecbb3fc8e9adf72daaeb0f6c57058e61989f696ad866a0f9b1a43098914933bed142077754e0bd82bd2054965fe44a |
| kubernetes-client-linux-amd64.tar.gz | d6118e683ea4a64b1812a0eb0374678879a0b0b37868bd8b43517e5961a46b36f9addfbdbd84aa87e6dd4510afa644102140ec727bef3143788e2c97f23cc318 |
| kubernetes-client-linux-arm.tar.gz | cafd385adecb9ed43201df1c5206f127177fbef0345972a5492c62eb4304c8666eafc1bffa9fb54f530d4258d8f7aaded83f08efaab5391bf92ac50a4d53122f |
| kubernetes-client-linux-arm64.tar.gz | bb7d2281b2b9f02ae61a9607d932873a2dfd1ed551c79209a55feba88219093c8594c03c3915e87f7d847c6e59cf75625123dce8f367c34bb16d4e0ad5681f22 |
| kubernetes-client-linux-ppc64le.tar.gz | 198e2102eb0b24e6c6b406ceb8cce6803154c3e68bef5ace7583683cd49d09b6a8ecbd2ca8f1d105a6454b8550b1d6132e65e618dd0ac49c9d36494af24e3ecb |
| kubernetes-client-linux-s390x.tar.gz | 6e81675b8b523aa1df9f4599548f92bc990a2dbe6ab4f6a4039477e237f2e6286a19e2786ba436bada30969cd5b2f3fd2fb8bc16a41943fcf6865f8b6b690f67 |
| kubernetes-client-windows-386.tar.gz | 0a68cd18169b4f269766aaff195b07fef44418f6e108ce47f6ce445407a28c1ff27cde4ef015bb01affd2309044a5ef86392132112681edfd5fe2e1632e99862 |
| kubernetes-client-windows-amd64.tar.gz | d64bba50e7878fb1bc89dd31e9c4a2796364d2226fcfb14964ca2783d18fe482824b6cd0a4b842076998db1794c6a5e33d78fd3bd2d5ae696ab438d4c7207114 |
| kubernetes-client-windows-arm64.tar.gz | c1820e5be65918d6278ed8897059c5d87d8faa8640a5a7bab7f28822d2af19f1dbba650069a469b8eb955353d9c47a7f3098e9c7598f7f1272d08e4edba5bff8 |
Server Binaries
| filename | sha512 hash |
|---|---|
| kubernetes-server-linux-amd64.tar.gz | f57c7fb934e0261f71fa7f2e219730cc977367bd015a0572d4446f28c9a70e89f641d029d206d27238c7fa27ba166a6c1e81e129b583e8c1555513d5360fabf0 |
| kubernetes-server-linux-arm64.tar.gz | 1d5b399f921da76ba0f88c9c28a64880a7be32c017fefd961939c3538e0361cd08f1d7bb38b09982600c5d09711a89c13ee757363d3f10101ee0b1775c85f97e |
| kubernetes-server-linux-ppc64le.tar.gz | 1b6dbe8765ad8f740e699b842447d513b3b4e0a685db8380a3f38fc89efd3b962b0ec3026e6df55ac4c3cadc0120577d34e4cf5c10311fd1d2bcde9bc47ba844 |
| kubernetes-server-linux-s390x.tar.gz | dd0213e41f26158f3cb9a589ca68211d4d68ca2cc9346726361f609b896b4b8975274dd53d3e7561c1f61178bd9aef69c156a435b530def48c215e2d03d18414 |
Node Binaries
| filename | sha512 hash |
|---|---|
| kubernetes-node-linux-amd64.tar.gz | 7c43a88e1b86871d5f76d3d3fed4c458aedcb7d41f3dd944f08a24087b6e0703b2ce8c4d34ee2625de18d75b5bfbc36f5ab6da5158e69ba929cd1cf9f0a205cc |
| kubernetes-node-linux-arm64.tar.gz | 0fbca961eead65de9401ff6211792f27f845003bb5d91655299b3d0c05dc805eca0ade4e0caf784d561734e1ba15ac1112efd92a439953835730a866c92f2205 |
| kubernetes-node-linux-ppc64le.tar.gz | c9bbfcb37f32d267e00067b7334b5a961e875be5776a941ef84a2b2a9d8ee7f2bd97998a789b2180809a9869dbbfa52ef3b5c154447207a83c1de4fa07ed7b05 |
| kubernetes-node-linux-s390x.tar.gz | 32b416cc48008e5c1b34af1205a880f8c43a194c264451222bb6281ffa894e4267d2ebdd49e4b08731a44274f5bd7c7ff54733dfd6aaa5df89ac57c12bc50073 |
| kubernetes-node-windows-amd64.tar.gz | 90eb6f5b268eacadeba1be60f2765740c77a65b3f2b357cec8814a225c26bb8a60341b1c515c0867abf119f3522c7d90281a5490ed7c8926c2ecb7c8ec0b4fe9 |
Container Images
All container images are available as manifest lists and support the described architectures. It is also possible to pull a specific architecture directly by adding the "-$ARCH" suffix to the container image name.
Changelog since v1.35.0-alpha.3
Changes by Kind
API Change
Add scoring for the prioritized list feature so that the node that can satisfy the best ranked subrequests are chosen. (#134711, @mortent) [SIG Node, Scheduling and Testing]
Allows restart all containers when the source container exits with a matching restart policy rule. This is an alpha feature behind feature gate RestartAllContainersOnContainerExit. (#134345, @yuanwang04) [SIG Apps, Node and Testing]
Changed kuberc configuration schema. Two new optional fields added to kuberc configuration,
credPluginPolicyandcredPluginAllowlist. This is documented in KEP-3104 and documentation is added to the website by kubernetes/website#52877 (#134870, @pmengelbert) [SIG API Machinery, Architecture, Auth, CLI, Instrumentation and Testing]Enhanced discovery response to support merged API groups/resources from all peer apiservers when UnknownVersionInteroperabilityProxy feature is enabled (#133648, @richabanker) [SIG API Machinery, Auth, Cloud Provider, Node, Scheduling and Testing]
Extend
core/v1 Tolerationto support numeric comparison operators (Gt,Lt). (#134665, @helayoty) [SIG API Machinery, Apps, Node, Scheduling, Testing and Windows]Features: NominatedNodeNameForExpectation in kube-scheduler and CleaeringNominatedNodeNameAfterBinding in kube-apiserver are now enabled by default. (#135103, @ania-borowiec) [SIG API Machinery, Apps, Architecture, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Etcd, Instrumentation, Network, Node, Scheduling, Storage and Testing]
Implement changes to prevent pod scheduling to a node without CSI driver (#135012, @gnufied) [SIG API Machinery, Scheduling, Storage and Testing]
Introduce scheduling.k8s.io/v1alpha1 Workload API to allow for expressing workload-level scheduling requirements and let kube-scheduler act on those. (#134564, @macsko) [SIG API Machinery, Apps, CLI, Etcd, Scheduling and Testing]
Introduce the alpha MutableSchedulingDirectivesForSuspendedJobs feature gate (disabled by default) which:
Introduced GangScheduling kube-scheduler plugin to enable "all-or-nothing" scheduling. Workload API in scheduling.k8s.io/v1alpha1 is used to express the desired policy. (#134722, @macsko) [SIG API Machinery, Apps, Auth, CLI, Etcd, Scheduling and Testing]
PV node affinity is now mutable. (#134339, @huww98) [SIG API Machinery, Apps and Node]
ResourceQuota now counts device class requests within a ResourceClaim object as consuming two additional quotas when the DRAExtendedResource feature is enabled:
requests.deviceclass.resource.k8s.io/<deviceclass>with a quantity equal to the worst case count of devices requested- requests for device classes that map to an extended resource consume
requests.<extended resource name>(#134210, @yliaog) [SIG API Machinery, Apps, Node, Scheduling and Testing]
The DRA device taints and toleration feature now has a separate feature gate, DRADeviceTaintRules, which controls whether support for DeviceTaintRules is enabled. It is possible to disable that and keep DRADeviceTaints enabled, in which case tainting by DRA drivers through ResourceSlices continues to work. (#135068, @pohly) [SIG API Machinery, Apps, Auth, Node, Scheduling and Testing]
The ImagePullIntent and ImagePulledRecord objects used by kubelet to store information about image pulls have been moved to the v1beta1 API version. (#132579, @stlaz) [SIG Auth and Node]
The KubeletEnsureSecretPulledImages feature is now beta and enabled by default. (#135228, @aramase) [SIG Auth, Node and Testing]
This change adds a new alpha feature Node Declared Features, which includes:
- A new
Node.Status.DeclaredFeaturesfield for Kubelet to publish node-specific features. - A library in
component-helpersfor feature registration and inference. - A scheduler plugin (
NodeDeclaredFeatures) scheduler plugin to match pods with nodes that provide their required features. - An admission plugin (
NodeDeclaredFeatureValidator) to validate pod updates against a node's declared features. (#133389, @pravk03) [SIG API Machinery, Apps, Node, Release, Scheduling and Testing]
- A new
This change allows In Place Resize of Pod Level Resources
Updates to the Partitionable Devices feature which allows for referencing counter sets across different ResourceSlices within the same resource pool.
Devices from incomplete pools are no longer considered for allocation.
This contains backwards incompatible changes to the Partitionable Devices alpha feature, so any ResourceSlices that uses the feature should be removed prior to upgrading or downgrading between 1.34 and 1.35. (#134189, @mortent) [SIG API Machinery, Node, Scheduling and Testing]
Feature
Add cloud-controller-manager feature gate CloudControllerManagerWatchBasedRoutesReconciliation (#131220, @lukasmetzner) [SIG API Machinery and Cloud Provider]
Add the
UserNamespacesHostNetworkSupportfeature gate. The feature gate defaults to disabled. When the feature gate is enabled, will allowhostNetworkpods to useuser namespace. (#134893, @HirazawaUi) [SIG Apps, Node and Testing]Added a new
sourcelabel inresourceclaim_controller_resource_claims. Added a new metrics for DRAExtendedResourcescheduler_resourceclaim_creates_total. (#134523, @bitoku) [SIG Apps, Instrumentation, Node and Scheduling]Added configurable per-device health check timeouts to the DRA health monitoring API. (#135147, @harche) [SIG Node]
Bump ImageGCMaximumAge to stable (#134736, @haircommander) [SIG Node and Testing]
Enables the
WatchListClientfeature gate. (#134180, @p0lyn0mial) [SIG API Machinery, Apps, Auth, CLI, Instrumentation, Node and Testing]Graduate PodTopologyLabelsAdmission feature gate to Beta and on by default.
Pods will now have labels
topology.kubernetes.io/zoneandtopology.kubernetes.io/regionby default if the assigned Node has these labels. (#135158, @andrewsykim) [SIG Node]Graduate image volume source to on by default Beta (#135195, @haircommander) [SIG Apps, Instrumentation, Node and Testing]
Implement scoring for DRA-backed extended resources (#134058, @bart0sh) [SIG Node, Scheduling and Testing]
KEP-3619: fined-grained supplemental groups policy is graduated to GA. (#135088, @everpeace) [SIG Node and Testing]
KEP-5440: Allow for resizing of resources while job is suspended. This feature is alpha. (#132441, @kannon92) [SIG Apps and Testing]
KEP-5598 opportunistic batching is implemented to optimize scheduling for pods that have the same scheduling requirements. (#135231, @bwsalmon) [SIG Node, Scheduling, Storage and Testing]
Kubeadm: Add
HTTPEndpointsfield toClusterConfiguration.Etcd.ExternalEtcdthat can be used to configure the HTTP endpoints for etcd communication in v1beta4. This field is used to separate the HTTP traffic (such as /metrics and /health endpoints) from the gRPC traffic handled by Endpoints. This separation allows for better access control, as HTTP endpoints can be exposed without exposing the primary gRPC interface. Corresponds to etcd's--listen-client-http-urlsconfiguration. If not provided, Endpoints will be used for both gRPC and HTTP traffic. (#134890, @SataQiu) [SIG Cluster Lifecycle]Kubernetes is now built with go 1.25.4 (#135187, @BenTheElder) [SIG Release]
New metrics are introduced related to Ensure Secret Pulled Images KEP: - kubelet_imagemanager_ondisk_pullintents - the number of pull intent records currently kept on disk - kubelet_imagemanager_ondisk_pulledrecords - the number of image pulled records currently kept on disk - kubelet_imagemanager_image_mustpull_checks_total{result} - the number for how many times an image was checked against the pull records and the results of those checks (#132812, @stlaz) [SIG Auth and Node]
Pick one device class deterministically for extended resource when there are more than one (#135037, @yliaog) [SIG Node, Scheduling and Testing]
Promoted the
EnvFilesfeature gate to beta and is enabled by default. Additionally, the syntax specification for environment variables has been restricted to a subset of POSIX shell syntax (all variable values must be wrapped in single quotes). (#134414, @HirazawaUi) [SIG Node and Testing]Promoted the
KubeletCrashLoopBackOffMaxfeature gate to beta, it is now enabled by default. (#135044, @hankfreund) [SIG Node]The Pod Certificates feature is moving to beta. The PodCertificateRequest feature gate is still set false by default. To use the feature, users will need to enable the certificates API groups in v1beta1 and enable the feature gate PodCertificateRequest. A new field UserAnnotations is added to the PodCertificateProjection API and the corresponding UnverifiedUserAnnotations is added to the PodCertificateRequest API. (#134790, @yt2985) [SIG Auth, Instrumentation and Testing]
When resizing pods, more events will be emitted when the pod's resize status changes. (#134825, @natasha41575) [SIG Node]
Bug or Regression
- Extended resources requested by initContainers which are allocated using an automatic ResourceClaim now match the behavior of legacy device plugins, reusing the same resources requested by later sidecar initContainers or regular containers when possible, to minimize the total number of devices requested by the pod. (#134882, @yliaog) [SIG Apps, CLI, Node, Scheduling and Testing]
- Fix Windows kube-proxy (winkernel) issue where stale RemoteEndpoints remained when a Deployment was referenced by multiple Services due to premature clearing of the terminatedEndpoints map. (#135146, @princepereira) [SIG Network and Windows]
- Fix bug in ValidatingAdmissionPolicy where a object schema with additionalProperties:true would crash the kube-controller-manager with a nil pointer exception. (#135155, @jpbetz) [SIG API Machinery]
- Fixes an issue that disallowed restart policies and restart rules on static pods. (#135031, @yuanwang04) [SIG Node]
- Fixes the replacement tag in APIs to not be a selector for storage version (#135197, @Jefftree) [SIG API Machinery]
- Kube-apiserver: Fixes spurious warning log messages about enabled alpha APIs while starting API server (#135327, @michaelasp) [SIG API Machinery]
- Kubelet: fix concurrent map write error when creating a pod with empty volume when the LocalStorageCapacityIsolationFSQuotaMonitoring feature-gate is enabled (#135174, @carlory) [SIG Storage]
- Support ShareID of DRAConsumableCapacity feature in the Kubelet Plugin API (#134520, @sunya-ch) [SIG Node and Testing]
- The slow initialization of container runtime will not cause System WatchDog to kill kubelet. Device Manager is not considered healthy before it attempted to start listening on the port. (#135153, @SergeyKanzhelev) [SIG Node]
- Typed workqueue now cleans up goroutines before shutting down (#135072, @Jefftree) [SIG API Machinery]
Other (Cleanup or Flake)
- AggregatedDiscoveryRemoveBetaType feature gate is deprecated and locked to True (#134230, @Jefftree) [SIG API Machinery]
- Dropped support for networking/v1beta1 Ingress in kubectl (#135176, @scaliby) [SIG CLI]
- Dropped support for networking/v1beta1 IngressClass in kubectl (#135108, @scaliby) [SIG CLI]
- Upgrade CoreDNS to v1.12.4 (#133968, @yashsingh74) [SIG Cloud Provider and Cluster Lifecycle]
Dependencies
Added
- cyphar.com/go-pathrs: v0.2.1
Changed
- github.com/coredns/corefile-migration: v1.0.27 → v1.0.29
- github.com/cyphar/filepath-securejoin: v0.4.1 → v0.6.0
- github.com/opencontainers/selinux: v1.11.1 → v1.13.0
Removed
Nothing has changed.
Contributors, the CHANGELOG-1.35.md has been bootstrapped with v1.35.0-beta.0 release notes and you may edit now as needed.
Published by your Kubernetes Release Managers.