feat(eks): add support for Kubernetes version 1.35

[AndreKurait]

Issue # (if applicable)

Closes #36920

Reason for this change

Add Kubernetes 1.35 support to the EKS module, following the same pattern as PR #36016 (1.34 support).

Description of changes

Find-and-replace of all kubectl v34 → v35 references across the codebase, then yarn integ --update-on-failed to regenerate integration test snapshots. The new kubectl-v35@2.0.0 layer bundles kubectl 1.35.0 and helm 4.1.0 (bumped from 3.19.0, per cdklabs/awscdk-asset-kubectl#2669).

Note: The @aws-cdk/aws-eks-v2-alpha module was removed upstream in #37070 (eks-v2 graduated to stable in #36950), so this PR no longer touches any alpha packages. Only aws-cdk-lib modules (aws-eks, aws-eks-v2) and framework-integ tests are modified.

Files touched:

• 2 cluster.ts modules — added V1_35 to KubernetesVersion in aws-eks and aws-eks-v2
• 3 READMEs — aws-eks, aws-eks-v2, aws-stepfunctions-tasks
• integ-tests-kubernetes-version.ts — added KubectlV35Layer import + version mapping
• 4 integ test .ts files — updated layer import and version constant (v1 + v2, fargate-cluster + eks-al2023-nodegroup)
• 2 package.json files — added @aws-cdk/lambda-layer-kubectl-v35 dependency (framework-integ, aws-cdk-lib)
• Snapshots — regenerated by yarn integ --update-on-failed (deploys real EKS clusters)
• yarn.lock — updated

How to reproduce for the next Kubernetes version (e.g., V1_36)

This is a mechanical process. Replace 35 → 36 (and 34 → 35 where applicable) in the steps below.

Prerequisites:

• Ensure @aws-cdk/lambda-layer-kubectl-v36 is published on npm (comes from cdklabs/awscdk-asset-kubectl)
• Check what helm version the new layer bundles (look at its Dockerfile or kubectl-layer.js) — update descriptions accordingly

Step 1: Add V1_36 version constant to 2 cluster.ts files

Copy the previous version's block and bump the version number:

• packages/aws-cdk-lib/aws-eks/lib/cluster.ts
• packages/aws-cdk-lib/aws-eks-v2/lib/cluster.ts

Step 2: Update integ-tests-kubernetes-version.ts

In packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ-tests-kubernetes-version.ts:

• Add import { KubectlV36Layer } from '@aws-cdk/lambda-layer-kubectl-v36';
• Add the V1_36 → KubectlV36Layer mapping

Step 3: Update integ test files

Find-and-replace KubectlV35Layer → KubectlV36Layer, kubectl-v35 → kubectl-v36, and V1_35 → V1_36 in:

• packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-al2023-nodegroup.ts
• packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.fargate-cluster.ts
• packages/@aws-cdk-testing/framework-integ/test/aws-eks-v2/test/integ.eks-al2023-nodegroup.ts
• packages/@aws-cdk-testing/framework-integ/test/aws-eks-v2/test/integ.fargate-cluster.ts

Step 4: Update READMEs

Find-and-replace all kubectl-v35/KubectlV35/v35 references → v36 in:

• packages/aws-cdk-lib/aws-eks/README.md
• packages/aws-cdk-lib/aws-eks-v2/README.md
• packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md

Step 5: Update package.json dependencies

Add @aws-cdk/lambda-layer-kubectl-v36 (and update jsiiRosetta.exampleDependencies where applicable):

• packages/@aws-cdk-testing/framework-integ/package.json
• packages/aws-cdk-lib/package.json

Step 6: Install and regenerate snapshots

yarn install

# From packages/@aws-cdk-testing/framework-integ — requires AWS credentials:
yarn integ --update-on-failed test/aws-eks/test/integ.eks-al2023-nodegroup.js
yarn integ --update-on-failed test/aws-eks/test/integ.fargate-cluster.js
yarn integ --update-on-failed test/aws-eks-v2/test/integ.eks-al2023-nodegroup.js
yarn integ --update-on-failed test/aws-eks-v2/test/integ.fargate-cluster.js

⚠️ yarn integ --update-on-failed deploys real EKS clusters to your AWS account. Each test takes 20–60+ minutes and incurs costs. It regenerates all snapshot files (template.json, tree.json, assets.json, manifest.json, asset zips, etc.).

Step 7: Commit, push, and open PR

Use the previous version bump PR as a reference for the PR title/description format.

Description of how you validated changes

• yarn integ --update-on-failed — all 4 integ tests (v1 + v2, fargate-cluster + eks-al2023-nodegroup) deployed successfully and regenerated snapshots

• Re-ran integ-runner (synth-only comparison) — all 47 EKS integ tests returned UNCHANGED:

  Directory	Tests	Status
  test/aws-eks-v2	19/19	UNCHANGED ✅
  test/aws-eks	28/28	UNCHANGED ✅

• Follows the exact same file-change pattern as PR feat(eks): add support for Kubernetes version 1.34 #36016

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

(This review is outdated)

[Copilot]

Pull request overview

Adds AWS CDK support for Amazon EKS Kubernetes v1.35 across the stable aws-eks module and the deprecated @aws-cdk/aws-eks-v2-alpha module, including wiring the corresponding kubectl Lambda layer into integration test utilities and documentation/examples.

Changes:

• Added KubernetesVersion.V1_35 constants to aws-cdk-lib/aws-eks and @aws-cdk/aws-eks-v2-alpha.
• Updated READMEs/examples to use KubectlV35Layer / @aws-cdk/lambda-layer-kubectl-v35.
• Updated integration test framework version→kubectl-layer mapping and added @aws-cdk/lambda-layer-kubectl-v35 dependencies (plus lockfile update).

Reviewed changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
yarn.lock	Adds lock entry for @aws-cdk/lambda-layer-kubectl-v35@2.0.0.
packages/aws-cdk-lib/package.json	Updates rosetta example dependency from kubectl v34 to v35.
packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md	Updates EKS Step Functions example to v1.35 + kubectl v35 layer.
packages/aws-cdk-lib/aws-eks/lib/cluster.ts	Adds KubernetesVersion.V1_35.
packages/aws-cdk-lib/aws-eks/README.md	Updates EKS README examples to v1.35 + kubectl v35 layer.
packages/@aws-cdk/aws-eks-v2-alpha/package.json	Adds kubectl v35 devDependency and updates rosetta example dependency.
packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts	Adds KubernetesVersion.V1_35.
packages/@aws-cdk/aws-eks-v2-alpha/README.md	Updates examples to v1.35 and kubectl v35 layer where applicable.
packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ-tests-kubernetes-version.ts	Extends version→layer map to include 1.35.
packages/@aws-cdk-testing/framework-integ/package.json	Adds dependency on @aws-cdk/lambda-layer-kubectl-v35.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[github-actions]

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

---

	Tests	Passed ☑️	Skipped	Failed ❌️
Security Guardian Results	264 ran	262 passed		2 failed

Test	Result
Security Guardian Results
packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.fargate-cluster.js.snapshot/aws-cdk-eks-fargate-cluster-test-stack1.template.json
iam-no-overly-permissive-passrole.guard	❌ failure
packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.fargate-cluster.js.snapshot/aws-cdk-eks-fargate-cluster-test-stack2.template.json
iam-no-overly-permissive-passrole.guard	❌ failure

• View Security Guardian Results

[github-actions]

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

---

	Tests	Passed ☑️	Skipped	Failed ❌️
Security Guardian Results with resolved templates	264 ran	263 passed		1 failed

Test	Result
Security Guardian Results with resolved templates
packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-al2023-nodegroup.js.snapshot/aws-cdk-eks-cluster-al2023-nodegroup-test.template.json
iam-role-root-principal-needs-conditions.guard	❌ failure

• View Security Guardian Results with resolved templates

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

Merge Queue Status

Rule: default-squash

---

• ✅ Entered queue — 2026-02-24 21:46 UTC
• 🚫 Left the queue — 2026-02-24 21:46 UTC · at 80f5e88c292b825fa2170a246aae55c153e94ec9

This pull request spent 5 seconds in the queue, with no time running CI.

Reason

The pull request can't be updated

For security reasons, Mergify can't update this pull request. Try updating locally.
GitHub response: refusing to allow a GitHub App to create or update workflow .github/workflows/pr-linter.yml without workflows permission

Hint

You should update or rebase your pull request manually. If you do, this pull request will automatically be requeued once the queue conditions match again.
If you think this was a flaky issue, you can requeue the pull request, without updating it, by posting a @mergifyio queue comment.

Pull request has been modified.