Prometheus vs Kubernetes
Side-by-side trajectory, velocity, and editorial themes.
Prometheus enters 3.12 RC while running a coordinated security backport across the 3.5 LTS line.
Prometheus published a 3.12.0 release candidate with PromQL and Service Discovery additions, TSDB performance work, and security fixes for a remote-write denial-of-service and a STAC secret leak. In the same window, 3.11.3 and 3.5.3 shipped coordinated security fixes for snappy decoding, AzureAD client_secret handling, and an old-UI XSS, and the prior 3.11.2/3.5.2 pair fixed a metric-name XSS in the web UI. The project is clearly maintaining 3.5 as a long-term branch alongside the active 3.x line.
Cadence is dominated by responsible-disclosure security work, with feature additions concentrated in the upcoming 3.12 release. The fact that 3.5 keeps receiving coordinated backports months after 3.11 suggests Prometheus is informally treating 3.5 as a stable LTS for environments that cannot upgrade quickly.
Expect 3.12.0 to ship final within a few weeks given the RC has already landed, and a 3.5.4 backport to follow the next security disclosure rather than the next feature batch.
Kubernetes 1.36 leans into AI/ML scheduling and control-plane scaling.
The 1.36 cycle is graduation-heavy, with PSI metrics, declarative validation, and volume group snapshots all promoted to GA. Alongside that, the project is making architectural moves around workload scheduling (a new PodGroup API), API-server safety (Mixed Version Proxy on by default), and very-large-cluster scaling (server-side sharded list and watch in alpha). Etcd 3.7 has hit beta in parallel.
Kubernetes is repositioning the control plane for two pressures at once: AI/ML batch workloads, where gang scheduling and DRA are becoming first-class concerns, and very-large clusters, where the control plane itself needs to shard. The pattern across this cycle is consolidation — old experimental scaffolding is reaching GA or being removed (ExternalIPs), while new APIs land with explicit separation of static template from runtime state. Less feature sprawl, more API hygiene.
Expect 1.37 to push server-side sharded watch toward beta and to keep extending DRA's reach into native resources like memory and networking. Workload-aware scheduling will likely accumulate scheduler-plugin-level coordination patterns next, with downstream batch frameworks starting to converge on the PodGroup shape.
See more alternatives to Prometheus →
See more alternatives to Kubernetes →