Read more of this story at Slashdot.

Read more of this story at Slashdot.

As Kubernetes clusters grow to tens of thousands of nodes, controllers that watch high-cardinality resources like Pods face a scaling wall. Every replica of a horizontally scaled controller receives the full stream of events from the API server, paying the CPU, memory, and network cost to deserialize everything, only to discard the objects it is not responsible for. Scaling out the controller does not reduce per-replica cost; it multiplies it.

Kubernetes v1.36 introduces server-side sharded list and watch as an alpha feature (KEP-5866). With this feature enabled, the API server filters events at the source so that each controller replica receives only the slice of the resource collection it owns.

The problem with client-side sharding

Some controllers, such as kube-state-metrics, already support horizontal sharding. Each replica is assigned a portion of the keyspace and discards objects that do not belong to it. While this works functionally, it does not reduce the volume of data flowing from the API server:

• N replicas x full event stream: every replica deserializes and processes every event, then throws away what it does not need.
• Network bandwidth scales with replicas, not with shard size.
• CPU spent on deserialization is wasted for the discarded fraction.

Server-side sharded list and watch solves this by moving the filtering upstream into the API server. Each replica tells the API server which hash range it owns, and the API server only sends matching events.

How it works

The feature adds a shardSelector field to ListOptions. Clients specify a hash range using the shardRange() function:

shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')

The API server computes a deterministic 64-bit FNV-1a hash of the specified field and returns only objects whose hash falls within the range [start, end). This applies to both list responses and watch event streams. The hash function produces the same result across all API server instances, so the feature is safe to use with multiple API server replicas.

Currently supported field paths are object.metadata.uid and object.metadata.namespace.

Using sharded watches in controllers

Controllers typically use informers to list and watch resources. To shard the workload, each replica injects the shardSelector into the ListOptions used by its informers via WithTweakListOptions:

import (
 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 "k8s.io/client-go/informers"
)

shardSelector := "shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')"

factory := informers.NewSharedInformerFactoryWithOptions(client, resyncPeriod,
 informers.WithTweakListOptions(func(opts *metav1.ListOptions) {
 opts.ShardSelector = shardSelector
 }),
)

For a 2-replica deployment, the selectors split the hash space in half:

// Replica 0: lower half of the hash space
"shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')"

// Replica 1: upper half of the hash space
"shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')"

A single replica can also cover non-contiguous ranges using ||:

"shardRange(object.metadata.uid, '0x0000000000000000', '0x4000000000000000') || " +
 "shardRange(object.metadata.uid, '0x8000000000000000', '0xc000000000000000')"

Verifying server support

When the API server honors a shard selector, the list response includes a shardInfo field in the response metadata that echoes back the applied selector:

{
 "kind": "PodList",
 "apiVersion": "v1",
 "metadata": {
 "resourceVersion": "10245",
 "shardInfo": {
 "selector": "shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')"
 }
 },
 "items": [...]
}

If shardInfo is absent, the server did not honor the shard selector and the client received the complete, unfiltered collection. In this case, the client should be prepared to handle the full result set, for example by applying client-side filtering to discard objects outside its assigned shard range.

Getting involved

This feature is in alpha and requires enabling the ShardedListAndWatch feature gate on the API server. We are looking for feedback from controller authors and operators running large clusters.

• KEP-5866: Server-Side Sharded List and Watch
• API Concepts: Sharded list and watch
• SIG API Machinery

If you have questions or feedback, join the #sig-api-machinery channel on Kubernetes Slack.

Microsoft's earnings report went out last week, and the company spent a lot on AI in the quarter. Microsoft updates its customers on what it's done to address Windows 11 problems. And Xbox kills Copilot plans for the console.

Microsoft Earnings

• Microsoft announced that it earned a net income of $31.8 billion on revenues of $82.9 billion in the previous quarter.
• Windows: 1.6 billion monthly active devices, a focus on quality after years of enshittification - but revenues from PC makers were down 2 percent YOY.
• Microsoft Edge "has taken share for 20 consecutive quarters," which isn't supported by the evidence.
• Bing "monthly active users reached one billion for the first time," raising questions about how Microsoft defines the term "user."
• Xbox: "The team is recommitting to our core fans and players, and shaping the future of play," new records for monthly active Xbox users and game streaming hours.
• AI: Capex spending in the quarter was $32 billion, down from previous quarter as previously described, but up 49 percent YOY.

More earnings

• Apple, Google/Alphabet, and Amazon.
• AMD - Up because of AI datacenter.
• Qualcomm - Plus, Intel just hired away a key Qualcomm exec.

Windows

• Microsoft shares an update about what it's done to address Windows 11 pain points so far.
• Marcus Ash is one of the good guys.
• Some of this is happening in Insider, some is rolling out to retail.
• Windows Insider Program and Windows Update improvements we discussed last week - two primary channels in WIP now.
• Simplifying AI experiences - fewer Copilot icons (Notepad, etc.).
• File Explorer improvements - performance, fewer hangs, better polish and consistency.
• Widgets - Feed will be off by default, fewer interruptions, no hover activate.
• System performance - Smaller memory footprint, more aggressive RAM restoration, and more.
• Soon: Taskbar updates, Start updates, and more to share at Build in June.
• Week D update arrives with a peek at May's Patch Tuesday.
• Major: Xbox Mode, AI agents on the Taskbar are the first two big features of 2026.
• Minor: Also adds File Explorer improvements, new haptic feedback effects, touch keyboard improvements, and more.
• Shocking new report that Microsoft Edge is incredibly insecure should surprise no one.

AI

• Microsoft Agent 365 Platform is out of preview, supports local AI agents and Copilot Cowork Agent arrives on mobile with plugin support.
• Microsoft launches a Legal AI Agent in Word.
• Apple's plan to open up to multiple third-party AIs is a good one.
• Canonical's plan to add AI to Ubuntu is also good, but you're never going to believe what happened next.

Xbox and Gaming

• Asha Sharma reorgs Xbox, kills Copilot on the console.
• Forza Horizon 6, more coming to Game Pass in May.
• Xbox April Update is out with updates for all platforms.
• Next Call of Duty will not ship on Xbox One, PS4.
• Age of Empires II: Definitive Edition is coming to the Mac for some reason.
• And finally, with the Supreme Court refusing to block the implementation of the ruling in Epic v. Apple, Microsoft's Xbox game store for mobile is one step closer to happening.

Tips and picks

• Tip of the week: Embrace inconvenience.
• App pick of the week: Windows Defender.
• RunAs Radio this week: Securing Active Directory with Spencer Alessi.
• Brown liquor pick of the week: Stalk & Barrel Whisky.

These show notes have been truncated due to length. For the full show notes, visit https://twit.tv/shows/windows-weekly/episodes/982

Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell

Sponsors:

• outsystems.com/twit
• threatlocker.com/twit
• joindeleteme.com/twit promo code TWIT
• helixsleep.com/windows
• cachefly.com/twit