LWKD: Week Ending June 15, 2025
Week Ending June 15, 2025
Developer News
Kubernetes Slack is downgrading to a regular free account. Not only does this change how we use Slack, community members need to take action to preserve some things that are not part of regular backups.
The Go team fixed a symlink race condition in os.RemoveAll in Go versions 1.21.11 and 1.22.4. The Kubernetes Security Response Committee confirmed this vulnerability can allow file deletion on a Node. This issue will be fixed in the patch releases coming out on Wednesday
Release Schedule
Next Deadline: Enhancements Freeze, June 20
Hopefully everyone has their PRRs started, and this Friday is the deadline for opt-in for Enhancements. Get your 1.34 changes listed.
Kubernetes v1.34.0-alpha.1 has been built and pushed. Please review the changes and test the release.
Patch releases are due out on June 18th.
Featured PRs
132007: Fix: HPA suppresses FailedRescale event on successful conflict retry
This PR modifies the HPA controller to only emit a FailedRescale event if a scaling operation fails after retrying due to a conflict; If the retry succeeds, it will emit a SuccessfulRescale event instead. This change ensures that transient conflicts do not generate unnecessary failure events and reduces noise in the event logs.
132251: kubectl delete: update interactive delete to break on new line
This PR updates kubectl delete interactive mode to treat an empty newline as “No”. Previously, pressing “Enter” on an empty line would send a new line. With this update, pressing “Enter” now automatically responds with “No”, improving safety and ensuring that empty inputs don’t result in unintended actions.
KEP of the Week
KEP 2837: Pod Level Resource Specifications
The KEP extends the Pod API to support Pod-level resource limits and requests for non-extended resources in addition to existing container-level resource allocation. Previously, resource requests and limits could be set only at the container level, which limited flexibility and ease of resource management for the pod as a whole. The existing behaviour was problematic for users who wanted to limit the overall resource consumption of the entire pod.
This KEP is tracked for beta in v1.34.
Other Merges
- kubernetes.io/initial-events-list-blueprint annotation removed from "Bookmark" event for watch stream requests
- Missing conformance coverage for servicecidr read status endpoint
- Go version for publishing bot rules updated
- Support for API streaming from the rest client removed
- Incorrect reference to JoinConfigurationKind in error message removed
- Deprecated encryption config controller metrics removed
- validation-gen code generator now generates validation code that supports validation ratcheting
- Kubernetes is now built using Go 1.24.4
- DRA kubelet: logging now uses driverName like the rest of the Kubernetes components
- e2e tests for PodLifecycleSleepAction fixed to avoid flakes
Promotions
- PreferSameTrafficDistribution to beta
- NodeLocalCRISocket to beta
- SeparateTaintEvictionController to stable
Subprojects and Dependency Updates
- containerd v2.1.2 updates grpc to v1.72.2, fixes erofs error checks, improves mount error messages, updates image transfer logic, and prevents shim leaks
Shoutouts
- No shoutouts this week. Want to thank someone for special efforts to improve Kubernetes? Tag them in the #shoutouts channel.