Kubernetes 1.34 Released with KYAML, Traffic Routing Controls, and Improved Observability

Write for InfoQ

The Cloud Native Computing Foundation (CNCF) released Kubernetes 1.34, named "Of Wind & Will" (O’ WaW), last month. The release introduced features such as distributed resource allocation and production-grade tracing for the kubelet and API server.

A key highlight in 1.34 is the introduction of enhanced in-cluster traffic routing, which provides network operators with the ability to express preferences on how traffic should be routed to service endpoints.

Alpha features in Kubernetes 1.34 include KYAML, a streamlined YAML subset designed to mitigate common YAML-related challenges in Kubernetes configurations, such as whitespace sensitivity and type coercion errors. This aims to improve the readability and maintainability of Kubernetes manifests.

In version 1.34, users will be able to view the manifests of resources by specifying KYAML as the output format. For example, kubectl get pods -o kyaml to view the pods in the default namespace.

Another feature entering alpha is a built-in mechanism to manage and request X.509 certificates for pods via PodCertificateRequests. Before, ServiceAccount tokens were used to authenticate pods to the API server, which lacked mutual TLS (mTLS) support and posed challenges when interacting with other systems that required certificate-based authentication.

Kubernetes 1.34 is bringing beta support for ServiceAccount tokens for kubelet image credential providers. This enhanced security feature enables users to eliminate the need for Kubernetes secrets to store credentials required for pulling images from a private registry by utilizing a short-lived token.

By utilizing short-lived tokens and reducing the need to store credentials in Kubernetes secrets, this beta feature strengthens cluster security and simplifies private registry authentication.

The introduction of production-grade tracing for the kubelet graduated to stable in version 1.34. This functionality gives more visibility to operators by instrumenting key operations of the kubelet using OpenTelemetry to discover latency and errors faster. Similar tracing capabilities have been added to the API server to provide end-to-end visibility into events for both the control plane and nodes.

Also, ordered namespace deletion graduated to stable or general availability in 1.34, making sure logical and security dependencies are honored when deleting resources.

Previously, non-deterministic deletion of resources in a namespace increased vulnerability and reliability risks. For example, in CVE-2024-7598, network policies could be deleted before pods, resulting in a short period during which pods are still running but network policies aren’t enforced. This can allow compromised pods to bypass network restrictions enforced by network policies.

According to the release notes, Kubernetes version 1.34 features 58 enhancements, including 13 that are entering alpha, 22 that are graduating to beta, 23 that are becoming generally available or stable, and a few deprecations.

For detailed information on the Kubernetes 1.34 release, users can refer to the official release notes and documentation for a comprehensive overview of the enhancements and deprecations, or watch the recording of the CNCF webinar by the release team.

The next release, version 1.35, is expected in December 2025, and it will be the last release for this calendar year.

Related Topics:

• Development
• Architecture & Design
• DevOps
• Cloud Native Computing Foundation
• Kubernetes
• Containers

We protect your privacy.