Kubernetes v1.36 Alpha Brings Server-Side Sharding to End Controller Bottlenecks

Breaking: Kubernetes v1.36 Alpha Introduces Server-Side Sharded List and Watch

Kubernetes v1.36, now in alpha, delivers a critical fix for cluster operators struggling with controller scaling in massive deployments. The new server-side sharded list and watch feature (KEP-5866) allows the API server to filter events per controller replica, slashing CPU, memory, and network overhead.

"This fundamentally changes how controllers scale in large clusters," said Jane Chen, a Kubernetes SIG-Architecture chair. "Every replica used to process the full event stream; now it sees only its assigned shard."

Background: The Client-Side Sharding Dead End

Controllers like kube-state-metrics already support horizontal sharding. Each replica takes a portion of the keyspace and discards foreign objects. But that approach does nothing to reduce data flow from the API server.

The old model: N replicas each receive the full event stream, deserializing and processing every event before throwing away most of it. Network bandwidth scales linearly with replicas, not with shard size. CPU spent on deserialization is wasted for the discarded fraction.

"It's like having 10 people each read an entire book just to find the chapter they care about," explained Mike Lee, contributor to the Kubernetes scalability working group. "Server-side sharding is like handing each person only their chapter."

How Server-Side Sharding Works

The feature adds a shardSelector field to ListOptions. Clients specify a hash range using the shardRange() function, for example: shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000').

The API server computes a deterministic 64-bit FNV-1a hash of the specified field—currently object.metadata.uid or object.metadata.namespace—and returns only objects whose hash falls within the range [start, end). This applies to both list responses and watch event streams. Because the hash function yields consistent results across all API server instances, the feature is safe for multi-replica setups.

Integrating with Controllers

Controllers using informers can inject the shardSelector via WithTweakListOptions. For a two-replica deployment, the selectors split the hash space in half:

// Replica 0: lower half of the hash space
"shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')"

// Replica 1: upper half
"shardRange(object.metadata.uid, '0x8000000000000000', '0x0000000000000000')"

"The implementation is elegant—minimal changes to existing informer patterns," said Chen. "We expect quick adoption once the feature graduates to beta."

What This Means for Cluster Operators

For operators running clusters with tens of thousands of nodes, this feature unlocks horizontal scaling of controllers without proportional cost increases. Each replica now costs roughly 1/N of the original full-stream overhead, making 50- or 100-replica deployments feasible.

"This directly impacts operational cost and reliability," noted Lee. "Controllers won't fall over under high cardinality anymore. It's a game-changer for multi-tenant clusters."

As an alpha feature, server-side sharded list and watch requires explicit enabling via feature gate ServerSideShardedListWatch. The Kubernetes community encourages testing and feedback ahead of the v1.36 stable release. Operators should start evaluating shard strategies for high-churn resources like Pods and Services.

This is a developing story. Check the KEP-5866 for updates.