Kubernetes 1.35 introduces several key features aimed at improving Day 2 operations for containerized applications. One of the most significant updates is in-place pod resource updates, allowing users to adjust CPU and memory allocations without restarting the pod. This is particularly advantageous for stateful services and AI workloads, as it minimizes disruptions during critical processes like training and inference. However, users need to ensure that the host node has enough resources available to prevent out-of-memory errors. Another notable enhancement is the fine-grained supplemental group control, which allows for more precise management of Unix group permissions within pods. This feature prevents all containers in a pod from inheriting the same groups, thereby tightening security and reducing risks in multitenant environments. It’s especially beneficial in regulated industries, ensuring compliance with strict access controls. DevSecOps teams can further enhance security by combining this with Pod Security Admission tools. The PreferSameNode traffic distribution feature optimizes network efficiency by directing traffic to endpoints on the same node as the requesting pod, which can significantly reduce latency in high-throughput environments. This is particularly useful for applications with heavy inter-service communication, like API gateways. Additionally, the structured authentication configuration consolidates authentication settings into a single YAML file, simplifying management and improving version control. Finally, OCI image volumes allow for mounting container images as read-only data repositories, offering a new way to manage data within Kubernetes while leveraging existing container registries.