Kubernetes 1.35 is done with legacy baggage.
cgroups v1? Deprecated.
Image pull credentials? Now re-verified by default—no more freeloading.
kubectl SPDY API upgrades? Locked down. You’ll need create permissions just to speak the protocol. Expect breakage if your workflows leaned on old assumptions.
Under the hood, the kubelet’s getting stricter about certificate Common Name (CN) matching, and HostNetwork Pods must support user namespaces now. Security knobs are twisting tighter.
On the upside, features like drop-in kubelet configs and OCI image volumes are finally stable. Fewer flags, more predictability.
