Cloud - Category - Shengxu · Cloud Architecture & DevOpshttps://shengxu.pages.dev/en/categories/cloud/Cloud architecture & DevOps notes by Shengxu: Kubernetes, Cilium, observability, LLM infra, AI agents.Hugo 0.153.2 & FixIt v0.4.0-alpha.3-20251225101113-8ffb9a95enSat, 03 Jan 2026 19:00:00 +0800Kubernetes 1.34/1.35 Certificate Revolution: From Manual Hell to Zero-Trust Heavenhttps://shengxu.pages.dev/en/posts/kubernetes-1-34-1-35-certificates/Sat, 03 Jan 2026 19:00:00 +0800https://shengxu.pages.dev/en/posts/kubernetes-1-34-1-35-certificates/KubernetesCloudSecurity<p>Recently upgraded to 1.35 and discovered that <strong>certificate management</strong> changes are nothing short of revolutionary—especially for self-managed K8s users, where operational overhead has been cut in half.</p> <p>In the past, certificate issues were the &ldquo;silent killer&rdquo; of security incidents: expired certificates causing outages, token leaks, and manual rotation consuming 30% of ops time. Versions 1.34/1.35 introduce <strong>native automated mTLS</strong>, making zero trust no longer exclusive to Istio. Today, let&rsquo;s dive into these new features and compare them in a <strong>self-managed K8s vs. cloud K8s</strong> hands-on scenario.</p>Kubernetes v1.33–v1.35 Deep Dive: From Native Sidecar to AI Compute Foundationhttps://shengxu.pages.dev/en/posts/kubernetes-v1-33-v1-35-updates/Fri, 02 Jan 2026 09:50:00 +0800https://shengxu.pages.dev/en/posts/kubernetes-v1-33-v1-35-updates/KubernetesCloudSecurity<h2 class="heading-element" id="timeline-overview"><span>Timeline Overview</span> <a href="#timeline-overview" class="heading-mark"> <svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path d="m7.775 3.275 1.25-1.25a3.5 3.5 0 1 1 4.95 4.95l-2.5 2.5a3.5 3.5 0 0 1-4.95 0 .751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018 1.998 1.998 0 0 0 2.83 0l2.5-2.5a2.002 2.002 0 0 0-2.83-2.83l-1.25 1.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042Zm-4.69 9.64a1.998 1.998 0 0 0 2.83 0l1.25-1.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042l-1.25 1.25a3.5 3.5 0 1 1-4.95-4.95l2.5-2.5a3.5 3.5 0 0 1 4.95 0 .751.751 0 0 1-.018 1.042.751.751 0 0 1-1.042.018 1.998 1.998 0 0 0-2.83 0l-2.5 2.5a1.998 1.998 0 0 0 0 2.83Z"></path></svg> </a> </h2><ul> <li><strong>v1.33 (Octarine)</strong>: Released April 2025, Native Sidecar GA, security features enabled by default.</li> <li><strong>v1.34 (Of Wind &amp; Will)</strong>: Released August 2025, DRA GA, marking the native era of AI/GPU scheduling.</li> <li><strong>v1.35 (Timbernetes)</strong>: Released December 2025, In-Place Pod Resize GA, zero-disruption elasticity becomes reality.</li> </ul> <hr> <h2 class="heading-element" id="1-v133-octarine-sidecar-graduation-and-default-security"><span>1. v1.33 &ldquo;Octarine&rdquo;: Sidecar Graduation and Default Security</span> <a href="#1-v133-octarine-sidecar-graduation-and-default-security" class="heading-mark"> <svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path d="m7.775 3.275 1.25-1.25a3.5 3.5 0 1 1 4.95 4.95l-2.5 2.5a3.5 3.5 0 0 1-4.95 0 .751.751 0 0 1 .018-1.042.751.751 0 0 1 1.042-.018 1.998 1.998 0 0 0 2.83 0l2.5-2.5a2.002 2.002 0 0 0-2.83-2.83l-1.25 1.25a.751.751 0 0 1-1.042-.018.751.751 0 0 1-.018-1.042Zm-4.69 9.64a1.998 1.998 0 0 0 2.83 0l1.25-1.25a.751.751 0 0 1 1.042.018.751.751 0 0 1 .018 1.042l-1.25 1.25a3.5 3.5 0 1 1-4.95-4.95l2.5-2.5a3.5 3.5 0 0 1 4.95 0 .751.751 0 0 1-.018 1.042.751.751 0 0 1-1.042.018 1.998 1.998 0 0 0-2.83 0l-2.5 2.5a1.998 1.998 0 0 0 0 2.83Z"></path></svg> </a> </h2><p>The keywords for v1.33 are &ldquo;<strong>Native Sidecar</strong>&rdquo; and &ldquo;<strong>Security Enabled by Default</strong>.&rdquo; This release transforms long-standing experimental capabilities into dependable infrastructure for daily engineering.</p>