Kubernetes 1.32: The Platform Engineer’s Perspective
Kubernetes 1.32 landed with several features that directly impact platform engineering teams. Here’s what matters and what you should plan for.
Key Features
1. Sidecar Containers (GA)
Finally stable. Native sidecar containers solve the long-standing issue of init containers that need to run alongside the main container:
apiVersion: v1
kind: Pod
spec:
initContainers:
- name: istio-proxy
image: istio/proxyv2:latest
restartPolicy: Always # This makes it a sidecar
resources:
requests:
cpu: 100m
memory: 128Mi
containers:
- name: app
image: myapp:latestWhy it matters: Sidecars now have proper lifecycle management — they start before main containers and shut down after. No more race conditions with service mesh proxies.
2. Dynamic Resource Allocation (DRA) Improvements
DRA is maturing for GPU and accelerator management:
apiVersion: resource.k8s.io/v1alpha3
kind: ResourceClaim
metadata:
name: gpu-claim
spec:
devices:
requests:
- name: gpu
deviceClassName: gpu.nvidia.com
selectors:
- cel:
expression: "device.attributes['gpu-memory'].compareTo(quantity('40Gi')) >= 0"Why it matters: More granular GPU allocation. Request specific GPU capabilities (memory, compute capability) instead of just “give me a GPU.”
3. In-Place Pod Vertical Resizing (Beta)
Resize pod resources without restarting:
kubectl patch pod my-app -p '{"spec":{"containers":[{"name":"app","resources":{"requests":{"memory":"512Mi"},"limits":{"memory":"1Gi"}}}]}}'Why it matters: Handle traffic spikes without pod restarts. Reduce disruption during scaling events.
4. Structured Authorization Configuration
More flexible authorization beyond just RBAC:
apiVersion: apiserver.config.k8s.io/v1beta1
kind: AuthorizationConfiguration
authorizers:
- type: Webhook
name: platform-authz
webhook:
timeout: 3s
subjectAccessReviewVersion: v1
matchConditions:
- expression: "request.resourceAttributes.namespace == 'production'"
connectionInfo:
type: InClusterConfig
- type: RBAC
name: rbacWhy it matters: Implement custom authorization logic for sensitive namespaces without replacing RBAC entirely.
5. Pod Lifecycle Sleep Action
lifecycle:
preStop:
sleep:
seconds: 10Why it matters: Simple graceful shutdown without shell commands. Better than command: ["sleep", "10"].
What to Prioritize
Upgrade Now
- Sidecar containers: If you use Istio/Linkerd, migrate to native sidecars
- Pod lifecycle sleep: Drop your preStop shell hacks
Plan for Q2 2026
- In-place resizing: Test in staging for stateful workloads
- DRA for GPUs: If you’re running AI workloads, start evaluating
Watch for GA
- Structured authorization: Promising for multi-tenant platforms
- CEL admission policies: Replacing OPA/Kyverno for simple cases
Migration Tips
- Test sidecar containers in staging first — lifecycle ordering behavior may differ from your current workarounds
- Update your Helm charts — new
restartPolicy: Alwayson init containers changes template logic - Review your GPU scheduling — DRA changes how GPU resources are requested
- Audit resource requests — in-place resizing means your initial requests matter less, but limits still matter
Need help planning your Kubernetes upgrade? I help platform teams navigate version migrations safely. Let’s connect.