Unpacking Kubernetes 1.28.0: What's New and Improved?

The 1.28.0 release is no exception, bringing a host of updates that touch on everything from security and performance to developer tools and API enhancements.

Kubernetes 1.28.0: A Comprehensive Look at New Features, Improvements, and Changes

Kubernetes continues to evolve, offering new features and improvements with each release to enhance container orchestration. The 1.28.0 release is no exception, bringing a host of updates that touch on everything from security and performance to developer tools and API enhancements. Let's dive into what this new version has to offer.

Security Enhancements

Advanced Pod Security

Pod Security gets a significant upgrade, allowing administrators to create more granular security rules. This makes it easier to enforce security best practices without compromising application functionality.

Kubelet Certificates and TLS

The new Kubelet TLS Bootstrap feature automates the creation of TLS certificates, making it easier for Kubelets to securely communicate with the control plane, thereby enhancing cluster security.

Recovery from Non-Graceful Node Shutdown

This feature, now stable, allows for better handling of unexpected node shutdowns, enabling stateful workloads to restart on a different node successfully.


Performance and Resource Management

Kubernetes Topology Manager

The Topology Manager feature has been improved for better resource allocation based on hardware topology, particularly beneficial for complex hardware setups like NUMA architectures.

Supported Skew Between Control Plane and Node Versions

The supported version skew between node and control plane components has been expanded from n-2 to n-3. This change reduces the time lost to node maintenance, particularly beneficial for environments with long-running workloads.

Logging and Monitoring

Dynamic Logs

Dynamic auditing is now available, allowing for the instant creation of audit policies. This feature provides greater flexibility in adapting to changing security requirements and compliance standards.

API and Custom Resource Enhancements

CustomResourceDefinition Validation Rules

The introduction of the Common Expression Language (CEL) for validation rules allows for more complex validation without the need for webhooks. This addition simplifies the development and operability of Custom Resource Definitions (CRDs).


This feature, now in beta, allows for in-process validation of requests to the Kubernetes API server, offering an alternative to validating admission webhooks.

Match Conditions for Admission Webhooks

This feature, which has moved to beta, allows you to specify conditions for when Kubernetes should make a remote HTTP call at admission time.

Developer Tools and Flexibility

Kubectl Debug

The new `kubectl debug` tool simplifies the debugging process by allowing the creation of temporary debugging containers within existing pods.

API Awareness of Sidecar Containers

This alpha feature introduces a ”restartPolicy” field for init containers, indicating when an init container is also a sidecar container. This feature enhances the startup sequence of containers within a pod.

Data Backup and Recovery

Snapshot and Restorations

New volume snapshot and restore capabilities have been introduced, making it easier to manage and recover data.

Other Notable Features

Support for CDI Injection into Containers

This alpha feature provides a standardized way of injecting complex devices into containers.

Automatic Assignment of Default StorageClass

This feature, now stable, automatically sets a `storageClassName` for a PersistentVolumeClaim if none is provided.

Pod Replacement Policy for Jobs

This alpha feature allows you to specify when new Pods should be created as replacements for existing Pods in Jobs.

Job Retry Backoff Limit, Per Index

This extends the Job API to support indexed jobs where the backoff limit is per index, allowing the Job to continue execution despite some of its indexes failing.


Kubernetes 1.28.0 is packed with features and improvements that make the platform more secure, efficient, and developer-friendly. Whether you're an administrator looking to enhance security measures or a developer aiming for more efficient resource management and debugging, this version has something to offer.

 Click Here to Discover All Kubernetes-Related Blogs Posts

Enes Cetinkaya

Cloud Engineer @kloia