Kubernetes v1.36: Security Defaults Tighten as AI Workload Support Matures
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Kubernetes v1.36 release with AI workload support is highly relevant and actionable.
Kubernetes v1.36 (Haru) ships 70 enhancements with GA for User Namespaces, Mutating Admission Policies via CEL, and Fine-Grained Kubelet API Authorization, tightening security defaults. AI workload support matures as DRA Partitionable Devices, Consumable Capacity, and Device Taints/Tolerations reach beta and are enabled by default, replacing integer-GPU device plugins with accelerator partitioning primitives. The release also includes GA for SELinux Volume Labeling and Volume Group Snapshots, contributed by 106 companies.
- Upgrade to v1.36 and enable DRA Partitionable Devices to replace integer-GPU allocation with fine-grained accelerator sharing for AI workloads.
For engineers orchestrating AI/ML workloads on Kubernetes, v1.36's default-enabled DRA features eliminate the need for vendor-specific GPU plugins and improve resource utilisation, while the security GA features reduce attack surface and operational overhead from custom webhooks.