Runtime Zero
ESC
Browse by topic
VMware9 AI/ML2 Platform Engineering3 Tech Trends2 vSphere6 Kubernetes11 DevOps3 Cloud Native8 Networking4 Tanzu3 Observability1 NSX2 Security2 vSAN2 Storage1
Articles  /  Kubernetes
Kubernetes Cloud Native

Kubernetes 1.32 Feature Recap

Kubernetes 1.32 'Penelope' wraps up 2025 with DRA reaching stable, Sidecar containers graduating, and a first look at In-Place Pod Resize in beta. Here's what matters and what to test before upgrading.

ER
Sep 05 2025 · 3 min read

Kubernetes 1.32, named Penelope, is the final release of 2025 and carries 44 enhancements to stable, beta, and alpha. Three features stand out as significant operational changes.

Dynamic Resource Allocation Reaches Stable

Dynamic Resource Allocation (DRA) replaces the device plugin framework for GPU and accelerator assignment. The core difference: device plugins push resource availability into the scheduler as opaque integer counts (nvidia.com/gpu: 1). DRA exposes rich resource attributes that the scheduler can reason about:

apiVersion: resource.k8s.io/v1alpha3
kind: ResourceClaim
metadata:
  name: my-gpu
spec:
  devices:
    requests:
      - name: gpu
        deviceClassName: gpu.nvidia.com
        selectors:
          - cel:
              expression: device.attributes["memory"].isGreaterThan(quantity("40Gi"))

The scheduler places the pod on a node where a GPU with >40 GB memory is available — not just "a GPU." For ML teams fighting over specific GPU models in a heterogeneous cluster, this is a significant improvement.

DRA stable means you can use it in production without worrying about API removal. NVIDIA's DRA driver has been available since 1.29 — this is the green light to migrate from device plugins on new clusters.

Sidecar Containers: Stable

Sidecar containers (init containers with restartPolicy: Always) reach stable in 1.32. The long-standing problems they solve:

  • Startup ordering: Sidecar containers start before app containers and stop after them. No more sleep 5 hacks waiting for the service mesh proxy to be ready.
  • Lifecycle coupling: Sidecars now participate in the pod's readiness calculation. A failing proxy marks the pod not-ready, which actually reflects reality.
  • Job completion: In batch Job pods, the pod now completes when the main container exits, not when all containers exit. Sidecars terminate automatically.
initContainers:
  - name: proxy
    image: envoy:latest
    restartPolicy: Always  # This makes it a sidecar container
    readinessProbe:
      httpGet:
        path: /ready
        port: 9901

In-Place Pod Resource Resize (Beta)

This is the one to watch. In-place resize lets you change a running pod's CPU and memory requests/limits without restarting it:

kubectl patch pod myapp -p '{"spec":{"containers":[{"name":"app","resources":{"requests":{"cpu":"2"},"limits":{"cpu":"4"}}}]}}'

The pod continues running; the kubelet updates the cgroup limits. For stateful workloads (databases, long-running batch jobs) where a restart is expensive, this eliminates the "scale up by restarting" pattern that causes unnecessary downtime.

It's beta, so there are rough edges — nested containers, huge pages, and pods using priorityClassName: system-critical have known limitations. Test in staging before relying on it for production databases.

Deprecations in 1.32

  • v1beta1 CronJob API is removed — all CronJob objects must be batch/v1.
  • The PodSecurityPolicy replacement (PSA + Gatekeeper/Kyverno) should be complete in your clusters by now — PSP was removed in 1.25, but some organisations are still running 1.24.
  • kubectl run no longer generates --restart=Never pods by default. Update any scripts relying on this behavior.

Upgrade Notes

1.32 requires etcd ≥ 3.5.9. Check your etcd version before upgrading the control plane.

For clusters running 1.29 or earlier with device plugins for GPU workloads, plan the DRA migration as part of the upgrade to 1.32. The device plugin API will remain available for several more releases, but DRA is now the strategic direction.

← ALL ARTICLES