LWKD: Week Ending July 20, 2025

Week Ending July 20, 2025

Developer News

Code Freeze and Test Freeze for the Kubernetes v1.34 release begins at 02:00 UTC on Friday, July 25, 2025 (7:00 PM PDT on Thursday, July 24, 2025). Developers should ensure that all pull requests for KEPs and major changes targeting v1.34 are merged by the deadline.

Release Schedule

Next Deadline: Code and Test Freeze, July 24/25

Code and Test Freeze starts this week at 0200 UTC on Friday, July 25. Your PRs should all be merged by then. If you think you may miss the deadline, file an exception request.

Featured PRs

51630: Add Hugo Segments for Faster Local Website Builds

This PR introduces support for Hugo segments, allowing users to render specific parts of the Kubernetes website locally; For example, the build can be limited to English (en) or Persian (fa) content instead of rendering the entire site; This significantly reduces build time and resource usage when previewing documentation changes.

The default method make container-serve continues to build the whole site.

To build a specific segment, users can use the following commands

make container-serve segments=en     # To build individual segments
make container-serve segments=en,fa  # To build multiple segments

131700: Add Support for CEL Extended Lists Library

This PR adds the support for using CEL extended lists library in Kubernetes by integrating upstream support from cel-go. This adds new list functions that allow more advanced list operations in CEL expressions. These functions can improve how conditions are written in features that use CEL-based evaluation, such as admission control and CRD validations.

KEP of the Week

KEP-5080: Ordered Namespace Deletion

This KEP introduces a secure and deterministic mechanism for deleting Kubernetes namespaces. The motivation comes from security and operational concerns with the current semi-random deletion order — for example, pods might continue running after their protecting NetworkPolicy is removed. This KEP ensures that all pods are deleted first and only then are the remaining resources removed, reducing the risk of exposed workloads. It is implemented through a feature gate OrderedNamespaceDeletion that enforces this opinionated deletion order during namespace cleanup.

This KEP is tracked as stable in v1.34

Other Merges

• DRA: fixes watch handling on apiserver restart when conversion is needed
• CSR declarative validation enabled for /status and /approval
• e2e test added for DRA Admin Access
• LIST request estimation accounts for maximum object size and caching
• APF max seats to 100 for LIST request
• deviceplugin and podresources APIs in kubelet from gogo to protoc
• InPlacePodVerticalScaling kubelet_container_resize_requests_total metric to include all resize-related updates
• Jitter added to periodic storage processes to reduce synchronized execution
• InPlacePodVerticalScaling to retry pending resizes only if aggregated requests decrease
• kubeadm: generate default etcd command based on etcd version
• Optional listMapKeys supported in server-side apply for associative lists
• In kubectl describe pod, port names are now included alongside port numbers when specified in the pod spec
• kubelet_credential_provider_config_info metric reports credential provider config hash
• CSR.status.conditions in v1 and v1beta1 enforce approved/denied exclusivity with declarative validation tags
• Support reducing memory limits via NotRequired restart policy, with safeguards against OOM kills
• e2e test for batch pod deletion in kubelet
• Union validation rule tags added and +k8s:item chaining enabled in validation-gen
• PodCPUAndMemoryStats added to the stats.Provider interface for fetching the CPU & memory stats for a single pod
• apiserver_storage_objects metric is deprecated and replaced by apiserver_resource_objects with consistent labels
• claimsToAllocate is passed through Allocate instead of NewAllocator
• Memory tracking functionality added to the scheduler performance tests
• kubelet: Instrumentation for in-place pod resize
• Test coverage increased for pkg/kubelet/types
• Fix for CPUManager non-regression test to handle CPU quota edge cases
• InPlacePodVerticalScaling adds an event for pod resize completion
• Fix for incorrect label key used in PodTopologyLabelAdmission, blocking beta graduation
• kubelet supports contextual logging, and components including apis, kubeletconfig, nodeshutdown, pod, preemption, and memory manager have been migrated to use it
• kuberuntime migrated to contextual logging
• Image pull credential verification enabled for service account–based credential providers
• Mirror pods test for generation and observedGeneration
• More complex e2e test created for deferred resizes
• DRA filter plugin times out after 10s to avoid long scheduling delays, configurable via FilterTimeout
• Pause version updated to registry.k8s.io/pause:3.10.1
• kube-apiserver support for PodCertificateRequest and PodCertificate projected volumes enabled
• Warnings added for headless service using loadBalancerIP, externalIPs, or sessionAffinity
• last_config_info metric added for authn, authz and encryption config

Promotions

• PodLifecycleSleepAction to GA
• NodeSwap to GA
• Recovery feature to GA
• PodObservedGenerationTracking to beta
• WatchList to beta
• API Server Tracing to GA
• KubeletServiceAccountTokenForCredentialProviders to beta
• ListFromCacheSnapshot to beta

Version Updates

• Bumped cel-go to v0.26.0

Subprojects and Dependency Updates

• cluster-api v1.11.0-beta.0: releases beta version for testing