July 17, 2025

LWKD: Week Ending July 13, 2025

Week Ending July 13, 2025

Developer News

SIG-Network proposed a new AI Gateway Working Group, dedicated to exploring the intersection of AI and networking. The WG will focus on standardizing how Kubernetes manages AI-specific traffic, with particular attention to routing, filters, and policy requirements for AI workloads.

The KubeCon North America 2025 Maintainer Summit CFP is open and closes soon on July 20th. Make sure to submit your talks before the deadline!

LFX Mentorship 2025 Term 3 is now open for SIGs to submit mentorship project ideas. To propose a project, submit a PR to the project_ideas repository by July 29th 2025. If you have any questions about the LFX mentorship program, feel free to ask in the #sig-contribex.

Release Schedule

Next Deadline: Code and Test Freeze, July 24/25

Code and Test Freeze starts at 0200 UTC on Friday, July 25. Your PRs should all be merged by then.

Kubernetes v1.34.0-beta.0 has been built and pushed using Golang version 1.24.5.

Patch Releases 1.32.7 and 1.31.11 are released. These releases includes bug fixes for Jobs and etcd member promotion in kubeadm.

Featured PRs

132832: add SuccessCriteriaMet status for kubectl get job

This PR updates the kubectl get job output by adding a new SuccessCriteriaMet column; This column indicates whether the job has met its success criteria, based on the Job job successPolicy; This makes it easier for users to see if a job has satisfied its configured success conditions.

132838: Drop Deprecated Etcd Flags in Kubeadm

This PR removes the usage of two long-deprecated etcd flags in Kubeadm: * --experimental-initial-corrupt-check * --experimental-watch-progress-notify-interval

These flags were deprecated in etcd v3.6.0 and removed in v3.7.0; The corresponding functionality is now supported via a feature gate InitialCorruptCheck=true, and a renamed flag --watch-progress-notify-interval (without the experimental prefix).

KEP of the Week

KEP-4427: Relaxed DNS search string validation

This KEP proposes relaxing Kubernetes' strict DNS validation rules for dnsConfig.searches in Pod specs. It allows underscores (_) and a single dot (.), which are commonly used in real-world DNS use cases like SRV records or to bypass Kubernetes' internal DNS search paths. Without this change, such configurations are rejected due to RFC-1123 hostname restrictions, making it difficult to support some legacy or external systems

This KEP is tracked as stable in v1.34.

Other Merges

• Remaining strPtr replaced with ptr.To
• SizeBasedListCostEstimate feature gate added which assigns 1 APF seat per 100KB for LIST requests
• Reflector detects unsupported meta.Table GVKs for LIST+WATCH
• boolPtrFn replaced with k8s.io/utils/ptr
• Service IP processing delayed by 5s during recreate to avoid race conditions
• Egress selector support to JWT authenticator
• ReplicaSet to ReplicationController conversion test added
• DetectCacheInconsistency enabled to compare apiserver cache with etcd and purge inconsistent snapshots
• Compactor test added
• local-up-cluster cleaned up and support for automated upgrade/downgrade testing added
• Compaction revision exposed from compactor
• Verbosity of frequent logs in volume binding plugin lowered from V(4) to V(5)
• validation-gen adds k8s:enum validators
• Kubelet token cache made UID-aware to prevent stale tokens after service account recreation
• kubeadm uses named port probe-port for probes in static pod manifests
• unschedulablePods struct moved to a separate file
• Internal LoadBalancer port uses EndpointSlice container port when targetPort is unspecified
• scheduler_perf logs added to report failures in measuring SchedulingThroughput
• ServiceAccountTokenCacheType support added to credential provider plugin
• Validation error messages simplified by removing redundant field names
• validation-gen enhanced with new rules and core refactoring
• PreBindPreFlight added and implemented in in-tree plugins
• Implications of using hostNetwork with ports documented
• kube-proxy considers timeouts when fetching Node objects or NodeIPs as fatal
• Inconsistencies reset cache snapshots and block new ones until the cache is marked consistent again
• Allocation manager AddPod() unit tests added
• Duplicate DaemonSet update validations removed to avoid redundant checks
• kube-proxy in nftables mode drops traffic to Services with no endpoints using filter chains at priority 0
• In-place pod vertical scaling prioritizes resize requests based on priorityClass and QoS when resources are limited
• PodResources API includes only active Pods
• CPUManager aligns uncore cache for odd-numbered CPUs
• Flag registration moved into kube-apiserver to eliminate global state
• Metrics for MutatingAdmissionPolicy
• DRA: Improves allocator with better backtracking
• Linux masks thermal interrupt info in /proc and /sys
• observedGeneration in pod resize conditions fixed under InPlacePodVerticalScaling feature gate
• RelaxedEnvironmentVariableValidation test to Conformance
• OrderedNamespaceDeletion test to Conformance
• Two EndpointSlice e2e tests to Conformance

Promotions

• ConsistentListFromCache to GA
• KubeletTracing to GA

Version Updates

• Bumped dependencies and images to Go 1.24.5 and distroless iptables
• Bumped kube-openapi to SHA f3f2b991d03b and updated structured-merge-diff from v4 to v6

Shoutouts

• Drew Hagen: Big thanks to @Matteo, @satyampsoni, @Angelos Kolaitis for hovering around late in the day in your time zones to help me cut my first Kubernetes release cut, v1.34.0-alpha.3!!