Kubernetes vs Supabase
Side-by-side trajectory, velocity, and editorial themes.
Kubernetes 1.36 leans into AI/ML scheduling and control-plane scaling.
The 1.36 cycle is graduation-heavy, with PSI metrics, declarative validation, and volume group snapshots all promoted to GA. Alongside that, the project is making architectural moves around workload scheduling (a new PodGroup API), API-server safety (Mixed Version Proxy on by default), and very-large-cluster scaling (server-side sharded list and watch in alpha). Etcd 3.7 has hit beta in parallel.
Kubernetes is repositioning the control plane for two pressures at once: AI/ML batch workloads, where gang scheduling and DRA are becoming first-class concerns, and very-large clusters, where the control plane itself needs to shard. The pattern across this cycle is consolidation — old experimental scaffolding is reaching GA or being removed (ExternalIPs), while new APIs land with explicit separation of static template from runtime state. Less feature sprawl, more API hygiene.
Expect 1.37 to push server-side sharded watch toward beta and to keep extending DRA's reach into native resources like memory and networking. Workload-aware scheduling will likely accumulate scheduler-plugin-level coordination patterns next, with downstream batch frameworks starting to converge on the PodGroup shape.
Supabase is reversing its biggest security default - public-schema tables no longer auto-exposed via PostgREST.
The headline shipping move is a deliberate change to Supabase's security posture: new projects can opt out of automatic Data API and GraphQL exposure for public-schema tables, with broader defaults flipping in May. Around it: an OAuth 2.1 compliance fix, an RLS Tester preview to make policy verification possible from the UI, and a steady drumbeat of platform improvements summarized in the monthly developer update.
Supabase is rebuilding the security defaults that made it fast to start with but easy to misconfigure. Combine the no-auto-expose change with the RLS Tester preview and the direction is clear: the platform is moving from convention-based exposure to explicit, testable access control. The OAuth compliance fix and developer updates suggest steady investment in standards conformance rather than new product surface this window.
Expect the no-auto-expose default to apply to existing projects (with a long opt-out runway), and the RLS Tester to graduate from preview into the dashboard as a first-class panel. Continued breaking-change drumbeat tied to OAuth/OIDC compliance is likely.
See more alternatives to Kubernetes →
See more alternatives to Supabase →