Kubernetes 1.36, scheduled for April 22, 2026, brings several notable changes. Ingress-Nginx is being retired in favor of the Gateway API, which offers better routing, traffic splitting, and multi-tenant networking. Linux User Namespaces support is being strengthened to improve container isolation and reduce escape vulnerabilities. Dynamic Resource Allocation (DRA) gains taints and tolerations for hardware devices, enabling maintenance without cluster disruption. OCI artifact mounting graduates to Stable, allowing teams to decouple large ML models and binary assets from container images. Manifest-based Admission Control configuration moves policies to static files on the control plane disk, closing a security gap during cluster startup. A real-world cautionary tale from a DevOps engineer's Kubernetes 1.35 upgrade gone wrong underscores that even well-planned upgrades can encounter unexpected production issues.
Table of contents
Linux User NamespacesShift to Gateway APITaints and Tolerations in DRAManifest-Based Admission Control ConfigurationIs it Safe?RelatedSort: