← Back to changelog

2026-06-09

Upgrading EKS clusters to v1.36

#kubernetes  #upgrade  #eks 

We are rolling out EKS v1.36. Please make sure to update to our recommended client versions matching this upgrade. This release graduates User Namespaces and Mutating Admission Policies to stable, and adds pod-level in-place vertical resource scaling.

Timeline:

  • Testing & rollout to non-production clusters has happened in the past days
  • Production rollouts will follow next week

Important changes between K8s 1.35 and 1.36

This following list is a selection of the most important changes in Kubernetes 1.36 from a user point of view:

  • User Namespaces (Stable): Pods can map their container’s root user to an unprivileged user on the host, limiting the blast radius of a container breakout at the node level.
  • Mutating Admission Policies (Stable): CEL-based, in-process resource mutation through the API server, a native alternative to mutating admission webhooks (no webhook server to run or maintain).
  • In-Place Pod-Level Resource Vertical Scaling: Adjust a Pod’s pod-level CPU/memory allocation without restarting it, building on the in-place container resize stabilised in 1.35. We were already using this in previous released through the Vertical Pod Autoscaler.
  • Resource Health Status: Device health is surfaced in Pod status, making it easier to spot hardware-related crash loops (e.g. a failing GPU).

For detailed info on what’s new and changed, please make sure to check the Kubernetes 1.36 release announcement and the full Kubernetes 1.36.x changelog.

EKS specific updates

AWS EKS 1.36 announcement and release notes.

In the process of upgrading EKS, we have also upgraded the following components:

  • AWS EKS AMI to the latest version v20260527
  • AWS VPC CNI to v1.22.1-eksbuild.2
  • AWS EBS CSI Driver to v1.61.1-eksbuild.1
  • AWS Mountpoint S3 CSI Driver to v2.6.0-eksbuild.1
  • CoreDNS to v1.14.3-eksbuild.2
  • KubeProxy to v1.36.0-eksbuild.7
  • CSI Snapshot Controller to v8.6.0-eksbuild.2
  • Metrics Server to v0.8.1-eksbuild.10
  • Node Monitoring Agent to v1.6.5-eksbuild.1

Additional changes

Alongside the version upgrade we made two operational improvements, both transparent to your workloads:

  • EFS CSI driver is now an EKS managed add-on: on clusters using EFS, the driver moved from a self-managed Helm release to the official aws-efs-csi-driver EKS add-on (v3.2.0). Existing EFS StorageClasses, PersistentVolumes and mounts are unaffected.
  • Tighter EBS CSI driver permissions: the EBS CSI driver’s IAM role now uses the least-privilege, cluster-scoped AmazonEBSCSIDriverEKSClusterScopedPolicy, restricting it to the volumes and snapshots belonging to its own cluster.