LWKD: Week Ending April 26, 2026

Developer News

The AI Conformance subproject has moved to the SIG Architecture mailing list; contributors should join sig-architecture@kubernetes.io for future AI Conformance meeting invites and announcements.

There is an active discussion on the AI usage policy's interaction with GitHub Copilot and CLA mechanics; contributors using Copilot-generated commits should review the thread before submitting PRs.

Release Schedule

Kubernetes v1.36: ハル (Haru) has been released last week along with Kubernetes v1.33.11, v1.34.7, and v1.35.4 patches.

Kubernetes 1.33 entered maintenance mode on Apr 28, 2026.

KEP of the Week

KEP-4781: Restarting kubelet does not change pod status

This KEP proposes improving how kubelet handles Pod readiness during restarts by preserving the existing Started and Ready states instead of resetting them to False. Currently, when kubelet restarts, it loses prior probe results and marks all pods as not ready, even if they were functioning correctly. This can cause unnecessary service disruptions, incorrect health signals, and trigger avoidable alerts or load balancing changes. The goal is to ensure pod status more accurately reflects real runtime conditions, improving reliability and availability during kubelet restarts.

KEP-4781 is currently in the Alpha stage, with the feature implemented behind the ChangeContainerStatusOnKubeletRestart feature gate. It is not yet scheduled for an active release and is expected to progress in a future release cycle once further validation and iteration are completed.

Other Merges

• Fixed kubelet failure starting on ZFS due to missing cadvisor plugin.
• Fix regression in kubectl resource printing on bigger data sets (100+ rows).
• Fixed a bug where Pod .status.resourceClaimStatuses could flap between partial lists of claims when multiple claims were used in the pod.
• kubeadm: etcd cluster status checks now use a quorum approach instead of requiring all members to be healthy, so the check won't fail if there are sufficient healthy voting members.
• kubeadm: fix MemberPromote to skip the etcd promote API call when the member is already a voting member, avoiding unnecessary retries and timeout.
• kubeadm: preflight port checks now bind to the configured component address (via localAPIEndpoint.address or --bind-address extraArgs) instead of all interfaces, for kube-apiserver, kube-scheduler, kube-controller-manager, and etcd.
• HorizontalPodAutoscaler resources now generate metadata.generation and status.observedGeneration fields.
• Improved error reporting when invoking kubectl exec.
• kube-apiserver now validates the --advertise-address IP when using --endpoint-reconciler-type master-count or lease, ensuring the IP can be persisted to an Endpoints API object.
• Fixed duplicated mount arguments in log string output from MakeMountArgsSensitiveWithMountFlags.
• kubeadm: added the kubeproxydaemonset patch target to allow patching the kube-proxy DaemonSet during kubeadm init and kubeadm upgrade, consistent with the existing corednsdeployment patch target.
• Kubelet now enforces explicit HTTP method restrictions for logs-related endpoints: read-only server endpoints reject non-GET methods with 405, and NodeLogQuery allows only GET and POST.
• Deprecated MultiLock, UnknownLeader, and ConcatRawRecord in the client-go leader election resourcelock package.
• The eviction API now includes structured CauseType values in PodDisruptionBudget-related Forbidden errors, so clients can distinguish PDB invalid-state errors without string-matching on the message.
• kubectl get crd now displays additional columns — GROUP, SCOPE, VERSIONS, and CREATED AT — providing at-a-glance visibility into each CRD's API group, scope, served versions, and creation timestamp.
• Fixed kubectl get storageclass to show only the effective default StorageClass as (default) when multiple StorageClasses have the default annotation.
• Image volume validation now rejects empty image.reference fields in Pod templates across Deployment, StatefulSet, DaemonSet, Job, and similar resources.
• Fixed CronJob controller failing to adopt existing Jobs due to incorrectly using the empty namespace from the JobTemplate.
• Fixed a v1.35 regression where StatefulSets with Parallel pod management incorrectly counted unavailable pods from older revisions against the maxUnavailable budget.
• Added three Pod cluster event subtypes to the scheduler framework — AssignedPod, UnscheduledPod, and TargetPod — allowing plugins to register only for the specific pod events they need, improving performance.
• Removed the GA feature gate AnyVolumeDataSource, locked and enabled since v1.33.
• Fixed stale remote HNS endpoint cleanup on Windows when a pod IP is reused across nodes in L2Bridge networks, preventing DNS timeouts from traffic being routed to the wrong node.
• Removed the --concurrent-service-syncs kube-controller-manager flag, which has been a no-op since v1.31.
• Removed KubeletMinVersion gate from the DRA multiple ResourceClaims e2e test, as the feature is now sufficiently available.

Version Updates

• golang.org/x/net to v0.53.0
• etcd SDK to v3.6.10, and etcd image also to v3.6.10

Subprojects and Dependency Updates

• cluster-api v1.13.1: expands Kubernetes support to v1.36, includes dependency bumps, adds testing for Kubernetes v1.36, and minor documentation updates
• cluster-api-provider-vsphere v1.16.0: introduces v1beta2 API, deprecates v1beta1, removes v1alpha3/v1alpha4, enables controller rate limiting and priority queues, improves cache and scale performance, includes multiple breaking changes
• kubebuilder v4.14.0: updates scaffold upgrade workflows, enhances Helm plugin with RBAC restructuring and multi-namespace support, adds multiple controllers per GVK, improves security in CI workflows
• kubespray v2.31.0: sets Kubernetes v1.35 as default, removes cgroup v1 support by default, drops ingress-nginx and Kubernetes Dashboard, improves validation and upgrades core components
• prometheus v3.11.3: fixes multiple security issues including OAuth secret exposure, remote-read vulnerabilities, and XSS in the UI; also v3.5.3
• containerd api v1.11.0: adds transfer types for filesystem copy, introduces shim bootstrap protocol, enhances sandbox API
• cluster-autoscaler-chart v9.57.0: updates Helm chart for scaling Kubernetes worker nodes

Shoutouts

• Prajyot Parab: Shoutout to @adil, @Keisuke Ishigami, @Tatiana, @Aman Shrivastava, @Dhanisha Phadate, and @Graziano Casto (v1.36 Release Signal Team) for their outstanding work throughout the cycle. From tracking ~60 flaky and failing tests to completing bug triage and meeting every Go/No-Go deadline, truly impressive effort. It was great to see both experienced members and first-time shadows collaborate so effectively and deliver their best—an excellent example of teamwork and dedication.