Kubernetes 1.35 - New security features

Kubernetes 1.35 introduces significant changes to enhance security and streamline operations, including 17 updates that involve new validations, deprecations, and expanded support for user namespaces. Key changes include the default disabling of cgroup v1 support in favor of the more advanced cgroup v2, aimed at improving resource management and isolation. The update also enhances image pull credential verification to prevent unauthorized access, especially in multi-tenant clusters, and transitions from the SPDY protocol to WebSockets for more secure and efficient command execution. Additionally, the release introduces features like constrained impersonation to limit user permissions during impersonation, allows HostNetwork pods to use user namespaces for better security, and offers new mechanisms for managing Kubernetes component flags for diagnostics. The update also focuses on improving certificate management with a PodCertificateRequest API, separating user preferences from cluster configurations, and removing deprecated dependencies like gogo protobuf to bolster security and performance.