Found 56222 bookmarks
Newest
Last Week in Kubernetes Development - Week Ending January 11 2026
Last Week in Kubernetes Development - Week Ending January 11 2026

Week Ending January 11, 2026

https://lwkd.info/2026/20260113

Developer News

Next Tuesday is the monthly New Contributor Orientation. Join at one of two times to learn all about starting your contribution journey.

Release Schedule

Next Deadline:

Featured PRs

136086: Graduate watchlistduration_seconds to Beta

This PR graduates the watchlistduration_seconds metric to Beta. Previously, the metric was Alpha and not guaranteed to remain stable. With this change, the metric’s behavior and labels are now considered stable, making it safe for long-term monitoring, alerting, and observability tooling.

136117: Enable declarative-native validation for API strategies

This PR adds utilities that allow API strategy.go files to opt into declarative-native validation. Native declarative validations now run even when the DeclarativeValidation feature gate is disabled, ensuring critical IDL-defined rules are always enforced and preventing validation bypasses due to misconfiguration or panics.

KEP of the Week

Other Merges

*

Promotions

*

Deprecated

*

Version Updates

*

Subprojects and Dependency Updates

*

Shoutouts

*

via Last Week in Kubernetes Development https://lwkd.info/

January 13, 2026 at 05:00PM

·lwkd.info·
Last Week in Kubernetes Development - Week Ending January 11 2026
The future of Cloud Native Rejekts
The future of Cloud Native Rejekts
Contribute to RejektsConference/CloudNativeRejekts development by creating an account on GitHub.
The future of Cloud Native Rejekts
·github.com·
The future of Cloud Native Rejekts
How I use Jujutsu
How I use Jujutsu
I list my most used Jujutsu commands and how I use them.
·abhinavsarkar.net·
How I use Jujutsu
Gmail gets Gemini, but falls short of true agentic AI
Gmail gets Gemini, but falls short of true agentic AI
Google announced Thursday it will integrate Gemini into Gmail, adding functionalities of a personal assistant, but it’s not quite as extensive as agentic AI.
·semafor.com·
Gmail gets Gemini, but falls short of true agentic AI
I Cannot SSH Into My Server Anymore (And That’s Fine)
I Cannot SSH Into My Server Anymore (And That’s Fine)
To kick off 2026, I had clear objectives in mind: decommissioning my trusty VPS and setting up its successor. Embracing a complete paradigm shift, I built myself a container-centric, declarative, and low-maintenance setup for the years to come.
·soap.coffee·
I Cannot SSH Into My Server Anymore (And That’s Fine)
Tailwind CSS Lets Go Of 75% Of Engineering Team After 40% Traffic Drop To Docs From Google
Tailwind CSS Lets Go Of 75% Of Engineering Team After 40% Traffic Drop To Docs From Google
Adam Wathan the creator of Tailwind CSS posted that he had to let go of 75% of his engineering team because of AI. He said traffic to the Tailwind help documentation is down 40% and that is where most people learn about his solution and then buy commercial products. He added his revenue is down 80%.
·seroundtable.com·
Tailwind CSS Lets Go Of 75% Of Engineering Team After 40% Traffic Drop To Docs From Google
Rue
Rue
A systems programming language with memory safety and high-level ergonomics
·rue-lang.dev·
Rue
huseyinbabal/taws TUI for AWS
huseyinbabal/taws TUI for AWS
Terminal UI for AWS (taws) - A terminal-based AWS resource viewer and manager - huseyinbabal/taws at console.dev
·github.com·
huseyinbabal/taws TUI for AWS
Using Keybase and PGP To Build Certificate Trust Chains
Using Keybase and PGP To Build Certificate Trust Chains
We are expanding our previous experiment to include people who posses PGP keys hosted at certain domains. For now we are whitelisting Keyb...
·blog.certisfy.com·
Using Keybase and PGP To Build Certificate Trust Chains
Kubernetes v1.35: Extended Toleration Operators to Support Numeric Comparisons (Alpha)
Kubernetes v1.35: Extended Toleration Operators to Support Numeric Comparisons (Alpha)

Kubernetes v1.35: Extended Toleration Operators to Support Numeric Comparisons (Alpha)

https://kubernetes.io/blog/2026/01/05/kubernetes-v1-35-numeric-toleration-operators/

Many production Kubernetes clusters blend on-demand (higher-SLA) and spot/preemptible (lower-SLA) nodes to optimize costs while maintaining reliability for critical workloads. Platform teams need a safe default that keeps most workloads away from risky capacity, while allowing specific workloads to opt-in with explicit thresholds like "I can tolerate nodes with failure probability up to 5%".

Today, Kubernetes taints and tolerations can match exact values or check for existence, but they can't compare numeric thresholds. You'd need to create discrete taint categories, use external admission controllers, or accept less-than-optimal placement decisions.

In Kubernetes v1.35, we're introducing Extended Toleration Operators as an alpha feature. This enhancement adds Gt (Greater Than) and Lt (Less Than) operators to spec.tolerations, enabling threshold-based scheduling decisions that unlock new possibilities for SLA-based placement, cost optimization, and performance-aware workload distribution.

The evolution of tolerations

Historically, Kubernetes supported two primary toleration operators:

Equal: The toleration matches a taint if the key and value are exactly equal

Exists: The toleration matches a taint if the key exists, regardless of value

While these worked well for categorical scenarios, they fell short for numeric comparisons. Starting with v1.35, we are closing this gap.

Consider these real-world scenarios:

SLA requirements: Schedule high-availability workloads only on nodes with failure probability below a certain threshold

Cost optimization: Allow cost-sensitive batch jobs to run on cheaper nodes that exceed a specific cost-per-hour value

Performance guarantees: Ensure latency-sensitive applications run only on nodes with disk IOPS or network bandwidth above minimum thresholds

Without numeric comparison operators, cluster operators have had to resort to workarounds like creating multiple discrete taint values or using external admission controllers, neither of which scale well or provide the flexibility needed for dynamic threshold-based scheduling.

Why extend tolerations instead of using NodeAffinity?

You might wonder: NodeAffinity already supports numeric comparison operators, so why extend tolerations? While NodeAffinity is powerful for expressing pod preferences, taints and tolerations provide critical operational benefits:

Policy orientation: NodeAffinity is per-pod, requiring every workload to explicitly opt-out of risky nodes. Taints invert control—nodes declare their risk level, and only pods with matching tolerations may land there. This provides a safer default; most pods stay away from spot/preemptible nodes unless they explicitly opt-in.

Eviction semantics: NodeAffinity has no eviction capability. Taints support the NoExecute effect with tolerationSeconds, enabling operators to drain and evict pods when a node's SLA degrades or spot instances receive termination notices.

Operational ergonomics: Centralized, node-side policy is consistent with other safety taints like disk-pressure and memory-pressure, making cluster management more intuitive.

This enhancement preserves the well-understood safety model of taints and tolerations while enabling threshold-based placement for SLA-aware scheduling.

Introducing Gt and Lt operators

Kubernetes v1.35 introduces two new operators for tolerations:

Gt (Greater Than): The toleration matches if the taint's numeric value is less than the toleration's value

Lt (Less Than): The toleration matches if the taint's numeric value is greater than the toleration's value

When a pod tolerates a taint with Lt, it's saying "I can tolerate nodes where this metric is less than my threshold". Since tolerations allow scheduling, the pod can run on nodes where the taint value is greater than the toleration value. Think of it as: "I tolerate nodes that are above my minimum requirements".

These operators work with numeric taint values and enable the scheduler to make sophisticated placement decisions based on continuous metrics rather than discrete categories.

Note:

Numeric values for Gt and Lt operators must be positive 64-bit integers without leading zeros. For example, "100" is valid, but "0100" (with leading zero) and "0" (zero value) are not permitted.

The Gt and Lt operators work with all taint effects: NoSchedule, NoExecute, and PreferNoSchedule.

Use cases and examples

Let's explore how Extended Toleration Operators solve real-world scheduling challenges.

Example 1: Spot instance protection with SLA thresholds

Many clusters mix on-demand and spot/preemptible nodes to optimize costs. Spot nodes offer significant savings but have higher failure rates. You want most workloads to avoid spot nodes by default, while allowing specific workloads to opt-in with clear SLA boundaries.

First, taint spot nodes with their failure probability (for example, 15% annual failure rate):

apiVersion: v1 kind: Node metadata: name: spot-node-1 spec: taints:

  • key: "failure-probability" value: "15" effect: "NoExecute"

On-demand nodes have much lower failure rates:

apiVersion: v1 kind: Node metadata: name: ondemand-node-1 spec: taints:

  • key: "failure-probability" value: "2" effect: "NoExecute"

Critical workloads can specify strict SLA requirements:

apiVersion: v1 kind: Pod metadata: name: payment-processor spec: tolerations:

  • key: "failure-probability" operator: "Lt" value: "5" effect: "NoExecute" tolerationSeconds: 30 containers:
  • name: app image: payment-app:v1

This pod will only schedule on nodes with failure-probability less than 5 (meaning ondemand-node-1 with 2% but not spot-node-1 with 15%). The NoExecute effect with tolerationSeconds: 30 means if a node's SLA degrades (for example, cloud provider changes the taint value), the pod gets 30 seconds to gracefully terminate before forced eviction.

Meanwhile, a fault-tolerant batch job can explicitly opt-in to spot instances:

apiVersion: v1 kind: Pod metadata: name: batch-job spec: tolerations:

  • key: "failure-probability" operator: "Lt" value: "20" effect: "NoExecute" containers:
  • name: worker image: batch-worker:v1

This batch job tolerates nodes with failure probability up to 20%, so it can run on both on-demand and spot nodes, maximizing cost savings while accepting higher risk.

Example 2: AI workload placement with GPU tiers

AI and machine learning workloads often have specific hardware requirements. With Extended Toleration Operators, you can create GPU node tiers and ensure workloads land on appropriately powered hardware.

Taint GPU nodes with their compute capability score:

apiVersion: v1 kind: Node metadata: name: gpu-node-a100 spec: taints:

  • key: "gpu-compute-score" value: "1000" effect: "NoSchedule" --- apiVersion: v1 kind: Node metadata: name: gpu-node-t4 spec: taints:
  • key: "gpu-compute-score" value: "500" effect: "NoSchedule"

A heavy training workload can require high-performance GPUs:

apiVersion: v1 kind: Pod metadata: name: model-training spec: tolerations:

  • key: "gpu-compute-score" operator: "Gt" value: "800" effect: "NoSchedule" containers:
  • name: trainer image: ml-trainer:v1 resources: limits: nvidia.com/gpu: 1

This ensures the training pod only schedules on nodes with compute scores greater than 800 (like the A100 node), preventing placement on lower-tier GPUs that would slow down training.

Meanwhile, inference workloads with less demanding requirements can use any available GPU:

apiVersion: v1 kind: Pod metadata: name: model-inference spec: tolerations:

  • key: "gpu-compute-score" operator: "Gt" value: "400" effect: "NoSchedule" containers:
  • name: inference image: ml-inference:v1 resources: limits: nvidia.com/gpu: 1

Example 3: Cost-optimized workload placement

For batch processing or non-critical workloads, you might want to minimize costs by running on cheaper nodes, even if they have lower performance characteristics.

Nodes can be tainted with their cost rating:

spec: taints:

  • key: "cost-per-hour" value: "50" effect: "NoSchedule"

A cost-sensitive batch job can express its tolerance for expensive nodes:

tolerations:

  • key: "cost-per-hour" operator: "Lt" value: "100" effect: "NoSchedule"

This batch job will schedule on nodes costing less than $100/hour but avoid more expensive nodes. Combined with Kubernetes scheduling priorities, this enables sophisticated cost-tiering strategies where critical workloads get premium nodes while batch workloads efficiently use budget-friendly resources.

Example 4: Performance-based placement

Storage-intensive applications often require minimum disk performance guarantees. With Extended Toleration Operators, you can enforce these requirements at the scheduling level.

tolerations:

  • key: "disk-iops" operator: "Gt" value: "3000" effect: "NoSchedule"

This toleration ensures the pod only schedules on nodes where disk-iops exceeds 3000. The Gt operator means "I need nodes that are greater than this minimum".

How to use this feature

Extended Toleration Operators is an alpha feature in Kubernetes v1.35. To try it out:

Enable the feature gate on both your API server and scheduler:

--feature-gates=TaintTolerationComparisonOperators=true

Taint your nodes with numeric values representing the metrics relevant to your scheduling needs:

kubectl taint nodes node-1 failure-probability=5:NoSchedule kubectl taint nodes node-2 disk-iops=5000:NoSchedule

Use the new operators in your pod specifications:

spec: tolerations:

  • key: "failure-probability" operator: "Lt" value: "1" effect: "NoSchedule"

Note: As an alpha feature, Extended Toleration Operators may change in future releases and should be used with caution in production environments. Always test thoroughly in non-production cluste

·kubernetes.io·
Kubernetes v1.35: Extended Toleration Operators to Support Numeric Comparisons (Alpha)
There Is No One Left On Debian's Data Protection Team
There Is No One Left On Debian's Data Protection Team
Besides Debian's aging bug tracker interface, another challenge as the Debian Linux distribution project begins 2026 is that all volunteers have left their Data Protection Team
·phoronix.com·
There Is No One Left On Debian's Data Protection Team