k8wiz
Back to Articles

Ready to test your Kubernetes knowledge? Try our Kubernetes quiz!

Exploring the New Features in Kubernetes 1.35: Timbernetes - The World Tree Release

Kubernetes 1.35, dubbed "Timbernetes (The World Tree Release)," was released on December 17, 2025, marking another significant milestone in the evolution of the container orchestration platform. This version includes 60 enhancements: 17 features graduating to stable, 19 in beta, and 22 in alpha. It focuses on strengthening the core foundations of Kubernetes, improving scalability, security, and efficiency for diverse workloads. In this article, we'll dive into the key new features, enhancements, deprecations, and other notable changes.

4 min read
By k8wiz Team
kubernetes1.35

Stable Features: Battle-Tested Enhancements Ready for Production

Several long-awaited features have graduated to General Availability (GA) in Kubernetes 1.35, meaning they are stable and enabled by default. These focus on resource management, networking, and operational reliability.

  • In-Place Pod Resource Updates: One of the standout features, this allows users to adjust CPU and memory resources for Pods without restarting containers. It eliminates the "restart tax" for vertical scaling, making it ideal for stateful workloads. This has been in development since alpha in v1.27 and beta in v1.33.

  • PreferSameNode Traffic Distribution: Services can now use a PreferSameNode option to prioritize local node endpoints, reducing latency. The previous PreferClose has been renamed to PreferSameZone for better clarity in multi-zone setups.

  • Job API Managed-By Mechanism: Introduces a managedBy field for external controllers (like MultiKueue) to synchronize Job status, enhancing integration with advanced scheduling systems.

  • Reliable Pod Update Tracking: Pods now increment .metadata.generation on spec changes, with .status.observedGeneration tracking kubelet processing for better reliability.

  • Configurable NUMA Node Limit for Topology Manager: The max-allowable-numa-nodes option is now stable, supporting servers with more than 8 NUMA nodes.

Other stable additions include Pod generation tracking, invariant testing, fine-grained supplemental groups control, a drop-in kubelet configuration directory, removal of gogo protobuf dependency, image garbage collection by age, limits on parallel image pulls, kubectl metadata in HTTP headers, transition to WebSockets from SPDY, and CPUManager policy restrictions for system daemons.

Beta Features: Maturing Capabilities for Testing

Kubernetes 1.35 promotes several features to beta, which are enabled by default but still evolving based on community feedback.

  • Pod Certificates for Workload Identity and Security: Native certificate generation and rotation via kubelet and PodCertificateRequest simplify mutual TLS (mTLS) setups.

  • Expose Node Topology Labels via Downward API: Pods can access topology labels (e.g., zone, region) as environment variables or files, aiding topology-aware applications.

  • Native Support for Storage Version Migration: Automates object migration during API version updates, integrated into the control plane.

  • Mutable Volume Attach Limits: Makes CSINode allocatable counts configurable and mutable for CSI drivers.

  • Opportunistic Batching: Enhances scheduler performance by batching similar Pods, speeding up homogeneous workload scheduling.

  • maxUnavailable for StatefulSets: Defines the maximum number of unavailable Pods during rolling updates.

Additional beta features include configurable credential plugins in kuberc, KYAML for safer YAML parsing, custom tolerance for HPAs, user namespaces in Pods, OCI artifacts in volumes, credential verification for cached images, per-container restart rules, CSI token injection via secrets, and tracking terminating replicas in Deployments.

Alpha Features: Experimental Innovations

Alpha features in 1.35 are disabled by default and represent cutting-edge developments, particularly for AI/ML, security, and scheduling.

  • Node Declared Features: Nodes declare supported features via .status.declaredFeatures to resolve version skew issues before scheduling.

  • Gang Scheduling Support: Enables all-or-nothing scheduling for Pod groups, crucial for AI/ML workloads requiring co-scheduling.

  • Constrained Impersonation: Adds RBAC checks for impersonation with verb prefixes for finer security control.

Other alphas include enhanced flagz and statusz endpoints, watch-based route reconciliation, extended toleration operators, and mutable resources for suspended Jobs.

Deprecations and Removals: Cleaning Up Legacy Components

To streamline the platform, 1.35 introduces deprecations and removals:

  • Deprecations: IPVS mode in kube-proxy is deprecated in favor of nftables; Ingress NGINX will be archived after March 2026, with migration to Gateway API recommended.

  • Removals: Cgroup v1 support is fully removed—clusters must use cgroup v2. Containerd v1.X support ends; upgrade to v2.0+ is required.

Other Notable Changes

  • Dynamic Resource Allocation (DRA) Improvements: Enhancements for AI hardware, including device binding conditions and partitionable devices.

  • Comparable Resource Versions: Resource versions are now decimal for easier comparisons.

  • Improved Pod Stability: Better handling of kubelet restarts to maintain Pod readiness.

Conclusion

Kubernetes 1.35 solidifies the platform's roots with features that enhance performance, security, and usability. Whether you're scaling workloads vertically without disruption or exploring alpha innovations for AI, this release offers tools to build more resilient systems. As always, review the official changelog and test in non-production environments before upgrading.

Ready to test your Kubernetes knowledge? Try our Kubernetes quiz!