Kubernetes v1.36 for AI workloads

Kubernetes 1.36 arrived on April 22, and its clearest message is about hardening clusters before operators pile on more AI and GPU workloads. (kubernetes.io) Kubernetes is the software many companies use to spread containers across fleets of servers, and version 1.36 adds 70 enhancements in total. The project says 18 moved to stable, 25 to beta, and 25 to alpha in this release. (kubernetes.io) The biggest concrete security change is user namespaces reaching general availability on Linux. In practice, a pod can set `hostUsers: false`, so a process that looks like root inside the container is mapped away from real root on the host machine. (kubernetes.io) That matters because container escapes are less damaging when the kernel no longer treats the workload as host root. The Kubernetes authors say the feature became practical after Linux ID-mapped mounts removed the need to recursively change file ownership on large volumes. (kubernetes.io) Another 1.36 change locks in fine-grained kubelet API authorization as generally available and enabled. That replaces the old habit of giving monitoring tools broad `nodes/proxy` permission just to read health or metrics endpoints. (kubernetes.io) The old model was risky because `nodes/proxy` could expose far more than metrics, including paths tied to command execution in running containers. The Kubernetes post says researchers showed in early 2026 that even `GET` access could be abused through WebSocket behavior on the kubelet API. (kubernetes.io) For AI infrastructure teams, the context is that Kubernetes has been building out device scheduling in stages rather than in one release. In v1.34, the core of Dynamic Resource Allocation, or DRA, went stable to let clusters claim and configure GPUs, TPUs, network cards and other devices through built-in APIs. (kubernetes.io) That earlier DRA work matters because AI jobs often need specific accelerators, not just generic CPU and memory. Kubernetes 1.36 does not start that shift; it lands after the project already made device claims, device classes and resource slices part of the stable API surface. (kubernetes.io) The release is also now the active supported branch, with Kubernetes listing 1.36.0 as the latest patch and support running until June 28, 2027. That gives platform teams roughly a year to absorb the new defaults and retire older access patterns. (kubernetes.io 1) (kubernetes.io 2) Kubernetes 1.36 is less a single AI feature drop than a cleanup of the plumbing around modern clusters: safer identities inside pods, tighter kubelet permissions, and a release line that sits on top of stable device-management work already in place. (kubernetes.io 1) (kubernetes.io 2) (kubernetes.io 3)