By: Bill Terranova
Edited by: Qëndrim Demiraj
Technical Team Lead, QUAD A Development
Kubernetes v1.34 introduces a new way to manage service traffic distribution to improve performance by prioritizing network locality. The spec.trafficDistribution field in a Service can now use two options:
- PreferSameZone — a clearer label for the previous PreferSameZone, ensuring traffic targets endpoints within the same zone.
- PreferSameNode — directs traffic to endpoints on the same node when available, and only if none are local does it fall back to other options.
This feature graduates to beta in this release and is enabled by default, supporting network operators in minimizing latency and reducing cross-node or cross-zone network load.
Dynamic Resource Allocation is generally available in v1.34. This functionality improves Kubernetes handling of GPUs, NICs, and other specialized hardware devices in more advanced ways. Resources such as ResourceClaim, DeviceClass, and ResourceSlice can now be used to request, categorize, and share hardware dynamically.
Tracing support now extends across the system. Kubelet Tracing (KEP-2831) and API Server Tracing (KEP-647), previously introduced as alpha in earlier versions and now promoted to beta in this release. These features provide trace collection using OpenTelemetry to assist with observability and debugging across the Kubernetes control plane and node runtime.
KYAML, an optional, safer YAML dialect variant designed specifically for Kubernetes, becomes more widely supported. Users can enable this option by requesting output from kubectl. This option maintains compatibility with standard tools while reducing errors in configuration due to YAML’s whitespace sensitivity and optional quoting.
A new configuration file, kuberc, offers a way to define user-level preferences for kubectl, separated from cluster credentials. Available in beta, this file can store command aliases, default flags, and other personal settings. It resides in the default kubeconfig directory but can be directed via an environment variable or CLI flag.
KEP-4427 introduces the ability to relax validation on DNS search paths used in Pod definitions. Underscores or single dots in dnsConfig.searches fields can now be accepted and is GA in v1.34. This change supports legacy DNS setups and naming conventions commonly found in enterprise environments.
Authorization mechanisms include stable support for field and label selectors for List, Watch, and DeleteCollection operations. This stable function enables controllers and nodes to enforce policies that restrict visibility and access based on network topology or resource assignment, such as limiting access to Pods located on a specific node. Backwards compatibility is maintained by falling back to broader access if selectors are not understood.
StatefulSets now support a maxUnavailable parameter, in Beta, with their rolling update strategy. This allows for multiple pods to be updated simultaneously, reducing rollout time while preserving pod identity and orderly updates.
A new approach to handling terminating pods in Deployments allows configuration of whether new pods should await the termination of old ones before starting. .spec.podReplacementPolicy, currently in alpha for deployments and generally available for job-level version, offers control over rollout behavior to align with varying deployment strategies.
Kubernetes now supports stable consistent reads from API server caches and introduces CEL-based mutating admission policies, moved to Beta in v1.34. This built-in mutation without webhooks approach simplifies policy declarations while avoiding performance and reliability issues associated with external webhook dependencies.
A new alpha feature lets Pods set any fully qualified domain name (FQDN) as their internal hostname. This unlocks compatibility with systems like Kerberos that rely on hostname matching.
Kubernetes now supports external service-account token signing, beta and enabled by default and enabled by default, through a new gRPC API. This design enables integration with external key management systems such as HSMs or cloud KMS, allowing token signing to occur outside of the API server which can use an external signer (kms/hsm) for jwt tokens.
Support for projection of service account tokens to the kubelet image-pull authorization, via service-account tokens: graduated to beta in 1.34. This feature allows pods to use short-lived tokens for registry authentication, reducing reliance on long-lived secrets.
According to Cloudsmith, Kubernetes v1.34 includes 58 enhancements in total, reflecting the platform’s widespread evolution as it matures in resource management, security, and usability.
Furthermore, the image volume capability (VolumeSource: OCI Image or Artifact) is still in beta from v1.33. This allows mounting OCI images as shared, read-only volumes, simplifying sharing application data and configuration across multiple pods
Several updates will potentially have a significant impact on container orchestration, such as stable node swap, now stable in v1.34, support pod-level resource limits, memory resizing, mature DRA, and tracing that are all geared toward boosting operational efficiency and infrastructure intelligence
Source Links
