• Kubernetes v1.35: Fine-grained Supplemental Groups Control Graduates to GA On behalf of Kubernetes SIG Node, we are pleased to announce the graduation of fine-grained supplemental groups control to General Availability (GA) in Kubernetes v1.35! • The new Pod field, supplementalGroupsPolicy , was introduced as an opt-in alpha feature for Kubernetes v1.31, and then had graduated to beta in v1.33. • Now, the feature is generally available. • This feature allows you to implement more precise control over supplemental groups in Linux containers that can strengthen the security posture particularly in accessing volumes. • Moreover, it also enhances the transparency of UID/GID details in containers, offering improved security oversight. • If you are planning to upgrade your cluster from v1.32 or an earlier version, please be aware that some behavioral breaking change introduced since beta (v1.33).

Article Summaries:

  • Kubernetes v1.35 has made the fine‑grained supplemental groups control feature generally available (GA). Introduced as an opt‑in alpha in v1.31 and beta in v1.33, the new Pod field supplementalGroupsPolicy lets administrators precisely manage supplemental group IDs in Linux containers, enhancing security for volume access and providing clearer UID/GID visibility. The change addresses a legacy issue where group memberships from /etc/group in container images were implicitly merged with Pod settings, creating hard‑to‑detect security gaps. Users upgrading from v1.32 or earlier should review the documented breaking changes and upgrade guidance.

Sources: