Kubernetes V1.33–v1.35 Deep Dive: From Native Sidecar to AI Compute Foundation

Timeline Overview

• v1.33 (Octarine): Released April 2025, Native Sidecar GA, security features enabled by default.
• v1.34 (Of Wind & Will): Released August 2025, DRA GA, marking the native era of AI/GPU scheduling.
• v1.35 (Timbernetes): Released December 2025, In-Place Pod Resize GA, zero-disruption elasticity becomes reality.

1. v1.33 “Octarine”: Sidecar Graduation and Default Security

The keywords for v1.33 are “Native Sidecar” and “Security Enabled by Default.” This release transforms long-standing experimental capabilities into dependable infrastructure for daily engineering.

1.1 Native Sidecar Containers (SidecarContainers) [Stable / GA]

• Status: Officially GA in v1.33, becoming a stable feature.
• Mechanism: Through special initContainer semantics and scheduling order control, Sidecars use restartPolicy: Always, starting before the main container and running throughout the Pod’s lifecycle.
• Practical Benefits:
  • Mesh/proxy Sidecars (Istio, Linkerd) no longer compete with the main container for startup order.
  • In Job scenarios, the entire Job won’t get stuck because a Sidecar hasn’t exited.

1.2 User Namespaces [Beta, Enabled by Default]

• Status: In v1.33, User Namespaces were promoted from Alpha to Beta and enabled by default.
• Configuration: Enable isolation in the Pod Spec using hostUsers: false.
• Security Implications:
  • Inside the container, processes still see themselves as root, but on the host, they are mapped to unprivileged users.
  • Significantly reduces the blast radius after a successful container escape, suitable for multi-tenant clusters and internet-facing workloads.

1.3 In-Place Pod Resize [Beta, Enabled by Default]

• Status: In v1.33, In-Place Pod Resize was promoted to Beta and enabled by default, supporting online updates to resources.requests/limits.
• Limitations and Evolution:
  • In the v1.33 Beta phase, memory downsizing has certain limitations, primarily encouraging upward scaling.
  • It will officially GA in v1.35 with relaxed downsizing restrictions, as detailed below.

2. v1.34 “Of Wind & Will”: AI Scheduling and Node Swap Maturity

v1.34 is a milestone release for GPU/AI workloads. Dynamic Resource Allocation (DRA) officially reaches GA, and Node Swap support matures for production use.

2.1 Dynamic Resource Allocation (DRA) [Stable / GA]

• Status: DRA is officially GA in v1.34.
• Core Capabilities:
  • Through ResourceClass, ResourceClaim, and ResourceSlice, device plugins can expose resources with structured parameters, not just simple counts.
  • Resource requests can include attributes like VRAM size, compute tier, and topology, allowing the scheduler to make decisions based on these attributes.
• Value for AI Scenarios:
  • Supports complex resonance patterns like GPU slicing/sharing, improving GPU utilization and reducing “whole-card idle” waste.
  • Provides more granular resource expression for large model inference and training, representing the long-term direction for dedicated hardware like GPUs.

2.2 Node Swap Support [Stable / GA]

• Status: Node Swap support is marked as GA in v1.34.
• Configuration Example:
  • Control Swap via Kubelet configuration swapBehavior: LimitedSwap to act as an emergency buffer rather than primary memory.
• Production Significance:
  • For services with fluctuating memory usage (Java, Node.js, some AI inference services), it can significantly reduce OOM Kills caused by transient spikes.
  • Combined with Pod QoS policies, it can provide a “soft landing” channel for low-priority workloads.

2.3 Other Control Plane and Performance Improvements

• Improvements to the API Server’s cache and Watch mechanisms ensure consistency and lower resource usage in large-scale clusters.
• Provides a smoother control plane foundation for the subsequent In-Place Resize GA in v1.35.

3. v1.35 “Timbernetes”: Zero-Disruption Scaling and Native Identity

v1.35 is the final release of 2025, focusing on “modifying Pods at runtime” and providing workloads with native certificate identities.

3.1 In-Place Pod Resource Updates [Stable / GA]

• Status: Officially GA in v1.35.
• Key Enhancements:
  • Compared to the v1.33 Beta, the GA version supports safer and more controllable memory downsizing, not just upward scaling.
  • When integrated with VPA or custom controllers, it enables true “online vertical scaling.”
• Typical Use Cases:
  • Long-lived connection services (databases, game servers) can scale back resources after traffic peaks without restarting.
  • AI/ML inference services can dynamically adjust CPU/memory based on intra-day traffic patterns, improving overall cluster utilization.

3.2 Native Workload Identity / Pod Certificates [Beta]

• Status: Released as Beta in v1.35.
• Mechanism:
  • Combined with ClusterTrustBundles, the Kubelet can request short-lived X.509 certificates for Pods and mount them into containers via projected volumes.
  • Integrates with the existing CSR API, laying the foundation for future Sidecar-less Service Meshes (e.g., Ambient Mesh).
• Value:
  • Workloads can communicate natively via mTLS without needing to run an additional Sidecar proxy.
  • Certificate lifecycle management is tied to the Pod, making it easier to implement a zero-trust architecture.

3.3 Node Declared Features [Alpha]

• Status: Released as an Alpha feature in v1.35.
• Purpose:
  • Allows nodes to proactively report features (CPU families, special hardware, driver versions, etc.), enabling the scheduler to make more precise placement decisions.
  • Very helpful for upgrades and canary deployments in heterogeneous clusters (different GPU models/network cards).

4. Key Feature Status Quick Reference Table

5. Upgrade Recommendations (2026 Perspective)

• If your cluster is AI/ML workload-centric: Upgrade to at least v1.34 to fully leverage DRA and Node Swap capabilities.
• If you have strict zero-downtime release requirements (long-lived connection services):
  • Prioritize upgrading to v1.35 and rehearse the In-Place Resize and VPA coordination strategy in a pre-production environment.
• If your cluster is strongly multi-tenant or security-sensitive:
  • Actively use User Namespaces starting from v1.33, and monitor the GA roadmap for subsequent versions.

From an overall evolution perspective, v1.33–v1.35 transforms Kubernetes from a “container orchestrator” into a universal foundation for an “AI compute and zero-trust platform.” These are three critical version milestones to consider when planning your cluster upgrade roadmap for 2026.