Kubernetes Overview
- Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation.
- Kubernetes originates from Greek, meaning helmsman or pilot.
- Kubernetes provides an orchestration framework to run distributed systems resiliently. It takes care of scaling and failover for the application, provides deployment patterns, and more.
- Kubernetes is currently at version 1.36 (latest: 1.36.2, released June 2026), with three releases per year following a ~4-month cadence.
- Kubernetes 1.19 and newer receive approximately 1 year of patch support from the community.
Container Deployment Model
- Containers are similar to VMs, but they have relaxed isolation properties to share the Operating System (OS) among the applications.
- Containers are lightweight and have their own filesystem, share of CPU, memory, process space, and more.
- Containers are decoupled from the underlying infrastructure, they are portable across clouds and OS distributions.
- Containers provide the following benefits
- Agile application creation and deployment
- Continuous development, integration, and deployment
- Dev and Ops separation of concerns
- Observability
- Environmental consistency across development, testing, and production
- Cloud and OS distribution portability
- Application-centric management
- Loosely coupled, distributed, elastic, liberated micro-services
- Resource isolation & utilization
Kubernetes Features
- Service discovery and load balancing
- Kubernetes can expose a container using the DNS name or using their own IP address.
- If traffic to a container is high, Kubernetes is able to load balance and distribute the network traffic so that the deployment is stable.
- Storage orchestration
- Kubernetes allows you to automatically mount a storage system of your choice, such as local storage, public cloud providers, and more.
- Automated rollouts and rollbacks
- Kubernetes can change the actual state of the deployed containers to the desired state at a controlled rate ensuring zero downtime.
- Automatic bin packing
- Kubernetes can fit containers onto the available nodes to make the best use of the resources as per the specified container specification.
- Self-healing & High Availability
- Kubernetes restarts containers that fail, replaces containers, kills containers that don’t respond to the user-defined health check, and doesn’t advertise them to clients until they are ready to serve.
- Scalability
- Kubernetes can help scale the application as per the load.
- Supports Horizontal Pod Autoscaler (HPA), Vertical Pod Autoscaler (VPA), and Cluster Autoscaler.
- In-Place Pod Vertical Scaling (GA in v1.35)
- Allows changing CPU and memory requests/limits on a running pod without restarting it.
- The kubelet updates the container’s Linux cgroup directly, avoiding pod deletion or container restart.
- Graduated to Stable (GA) in Kubernetes v1.35 (December 2025).
- Secret and configuration management
- Kubernetes helps store and manage sensitive information, such as passwords, OAuth tokens, and SSH keys.
- Secrets and application configuration can be deployed without rebuilding the container images, and without exposing secrets in the stack configuration.
- Dynamic Resource Allocation – DRA (GA in v1.34)
- Provides a flexible, request-based model for managing hardware resources like GPUs, FPGAs, and other specialized devices.
- Kubernetes automatically matches claims with available devices, applies CEL expressions for flexible filtering, and schedules pods onto nodes with access to the allocated devices.
- Replaces static device plugin assignments with a more flexible paradigm.
- Critical for AI/ML workloads requiring GPU scheduling and multi-tenant GPU sharing.
Kubernetes Architecture
Refer to detailed blog post @ Kubernetes Architecture

Control Plane Components
- Control plane components (previously referred to as “master components”) provide the cluster’s control plane.
- Control plane components make global decisions about the cluster (for example, scheduling), and detect and respond to cluster events (for example, beginning a replacement pod when a deployment’s replicas field is unsatisfied).
- Control plane components include:
- kube-apiserver – Exposes the Kubernetes API. It is the front-end for the control plane.
- etcd – Consistent and highly-available key-value store for all cluster data. (Can be co-located with control plane nodes or run on a dedicated cluster.)
- kube-scheduler – Watches for newly created pods with no assigned node, and selects a node for them to run on.
- kube-controller-manager – Runs the controller processes (Node controller, Job controller, EndpointSlice controller, ServiceAccount controller).
- cloud-controller-manager – Embeds cloud-specific control logic, letting you link your cluster into your cloud provider’s API.
Node Components
- Node components run on every node, maintaining running pods and providing the Kubernetes runtime environment.
- kubelet – Agent that ensures containers in a pod are running and healthy.
- kube-proxy – Maintains network rules on nodes and performs connection forwarding. Supports iptables and nftables modes (nftables mode stable since v1.31).
- Container runtime – Software responsible for running containers. Must implement the Kubernetes Container Runtime Interface (CRI). Examples: containerd, CRI-O.
📝 Note: Docker Engine support via dockershim was removed in Kubernetes v1.24 (May 2022). All supported Kubernetes versions now require a CRI-compliant runtime such as containerd or CRI-O. Docker-built images still work — only the dockershim runtime interface was removed.
Key Features (2024-2026 Updates)
Native Sidecar Containers (GA in v1.33)
- Sidecar containers are declared in
initContainerswithrestartPolicy: Always. - Kubernetes starts them before the main app containers, keeps them running alongside the app, and terminates them after the app on shutdown.
- Jobs complete correctly even with sidecars running — a long-standing pain point now resolved.
- Common use cases: service mesh proxies, log shippers, observability agents.
- Graduated to Stable (GA) in v1.33 (April 2025).
Gateway API (Successor to Ingress)
- Gateway API is the modern, role-oriented replacement for the Kubernetes Ingress resource.
- Core resources (Gateway, HTTPRoute) have been GA/stable since Kubernetes 1.21+, with Gateway API v1.5 released in 2026.
- Provides role separation: infrastructure teams manage Gateways, application teams manage HTTPRoutes.
- Supports cross-namespace references, header-based routing, traffic splitting, and multi-protocol support.
- Ingress-NGINX was retired in March 2026 — no further releases, bugfixes, or security patches.
- Migration tool: Ingress2Gateway 1.0 released to help migrate Ingress resources to Gateway API.
User Namespaces (GA in v1.36)
- Provides enhanced security isolation by mapping container UIDs to different host UIDs.
- Prevents container breakout attacks from gaining root access on the host.
- Graduated to GA in Kubernetes v1.36 (April 2026).
AI/ML Workload Support
- Kubernetes has become the primary platform for AI/ML infrastructure with GPU orchestration capabilities.
- Dynamic Resource Allocation (DRA) enables first-class GPU scheduling (GA in v1.34).
- KAI Scheduler and Kueue provide advanced GPU-aware scheduling for multi-tenant environments.
- NVIDIA donated its DRA driver to CNCF at KubeCon Europe 2026.
- Supports gang scheduling for distributed training via Volcano and Kueue.
- Agent Sandbox feature introduced in v1.36 for running AI agents securely on Kubernetes.
Volume Group Snapshots (GA in v1.36)
- Enables crash-consistent snapshots of multiple volumes simultaneously.
- Critical for stateful applications (databases, distributed storage) requiring point-in-time consistency.
- Graduated to GA in v1.36 (April 2026).
Mutating Admission Policies (GA in v1.36)
- Extends ValidatingAdmissionPolicy (GA since v1.30) to support mutation using CEL expressions.
- Reduces the need for external webhook-based admission controllers.
- Enables policy-as-code without third-party tools for common mutation scenarios.
Managed Kubernetes Services
- Amazon EKS (Elastic Kubernetes Service) – Managed Kubernetes on AWS. Supports 14 months of standard support + 12 months extended support (26 months total) per version. Currently supports up to Kubernetes 1.36.
- Google GKE (Google Kubernetes Engine) – Managed Kubernetes on GCP. Offers Regular, Rapid, and Stable release channels.
- Azure AKS (Azure Kubernetes Service) – Managed Kubernetes on Azure. Supports community-supported versions plus additional Long Term Support.
- Other Options – Red Hat OpenShift, Rancher (SUSE), DigitalOcean DOKS, Oracle OKE, IBM Cloud Kubernetes Service.
Kubernetes Components
Refer to blog post @ Kubernetes Components
Kubernetes Security
Refer to blog post @ Kubernetes Security
Kubernetes Certifications
- CKA (Certified Kubernetes Administrator) – Validates skills in cluster administration, networking, storage, security, and troubleshooting. Updated curriculum includes Gateway API (2025-2026).
- CKAD (Certified Kubernetes Application Developer) – Validates skills in designing, building, and deploying cloud-native applications on Kubernetes.
- CKS (Certified Kubernetes Security Specialist) – Focuses on security hardening, supply chain, runtime security, and network policies. Updated September 2024 — CKA prerequisite no longer requires active status (passed at any time suffices).
- All exams are 2-hour, performance-based, hands-on lab environments.
Kubernetes Version History (Recent)
| Version | Release Date | Key Features |
|---|---|---|
| v1.36 | April 2026 | User Namespaces GA, Volume Group Snapshots GA, Mutating Admission Policies GA, DRA enhancements, Sidecar containers for pod-level resources (beta) |
| v1.35 | December 2025 | In-Place Pod Resize GA, PSI Metrics GA, Fine-Grained Kubelet API Authorization GA |
| v1.34 | August 2025 | Dynamic Resource Allocation (DRA) GA, Structured Authorization Configuration GA |
| v1.33 | April 2025 | Native Sidecar Containers GA, In-Place Pod Resize Beta, User Namespaces enabled by default |
| v1.32 | December 2024 | Memory Manager GA, DRA v1beta1, Volume Group Snapshots Beta |
| v1.31 | August 2024 | AppArmor GA, nftables kube-proxy mode, Pod Failure Policy for Jobs GA |
| v1.30 | April 2024 | ValidatingAdmissionPolicy GA, Recursive Read-Only Mounts, Traffic Distribution for Services |