https://shengxu.pages.dev/en/tags/certificate-management/Cloud architecture & DevOps notes by Shengxu: Kubernetes, Cilium, observability, LLM infra, AI agents.Hugo 0.153.2 & FixIt v0.4.0-alpha.3-20251225101113-8ffb9a95enSat, 03 Jan 2026 19:00:00 +0800https://shengxu.pages.dev/en/posts/kubernetes-1-34-1-35-certificates/Sat, 03 Jan 2026 19:00:00 +0800https://shengxu.pages.dev/en/posts/kubernetes-1-34-1-35-certificates/KubernetesCloudSecurity<p>Recently upgraded to 1.35 and discovered that <strong>certificate management</strong> changes are nothing short of revolutionary—especially for self-managed K8s users, where operational overhead has been cut in half.</p> <p>In the past, certificate issues were the &ldquo;silent killer&rdquo; of security incidents: expired certificates causing outages, token leaks, and manual rotation consuming 30% of ops time. Versions 1.34/1.35 introduce <strong>native automated mTLS</strong>, making zero trust no longer exclusive to Istio. Today, let&rsquo;s dive into these new features and compare them in a <strong>self-managed K8s vs. cloud K8s</strong> hands-on scenario.</p>