March 19, 2025

LWKD: Week Ending March 16, 2025

Week Ending March 16, 2025

Developer News

CVE-2026-1767 allows authenticated users to access git repos belonging to other users if created with the in-tree gitRepo volume type. In-tree gitRepo volumes have been deprecated. The SRC suggests several workarounds in the issue.

SIG-Windows plans to make the Windows unit tests release-informing. This is a big step forwards for support of Kubernetes on Windows.

Release Schedule

Next Deadline: Code and Test Freeze, March 20/21

Code and Test Freeze starts at 0200 UTC on Friday, March 21. Your PRs should all be merged by then; file an exception as soon as possible if you think you won't make that deadline.

Other Merges

• kube-openapi updated and integrated streaming tags validation
• TestListCorruptObject corrupts the object in etcd instead of changing encryption key
• A new function verifyAlphaFeatures implemented to ensure that alpha features cannot be enabled by default
• Extracted delegator.Helper interface to allow making delegate decision based on cache state
• Split subfunction to allow adding more subtests
• Unit tests for Windows DSR and Overlay Support added
• scheduler_perf topology spreading tests moved to a separate package
• Fixes for unit tests on Windows
• PodResourceAllocation type replaced with PodResourceInfoMap
• Support for emulation versioning of custom resource formats
• Unit tests for credential provider in service account mode
• DRA adds user RBAC
• InPlacePodVerticalScaling moves pod resize status to pod conditions
• DeclarativeValidation feature gate to be enabled by default
• ReplicationController spec.replicas and spec.minReadySeconds fields migrated to declarative validation
• Declarative Validation enabled for ReplicationController
• Fix for incorrect AppArmorProfile.Type marker
• JobSuccessPolicy E2E tests promoted to conformance
• kubelet to set observedGeneration field on pod conditions if PodObservedGenerationTracking feature gate is set
• Workqueue for node updates in DaemonSetController
• PreEnqueue plugins to be called before adding pod to backoffQ
• Forward compatibility added for compatibility mode
• Alpha support for Windows HostNetwork containers removed
• Add metrics to track allocation of Uncore Cache blocks
• Updated /version response to report binary version information separate from compatibility version
• New alpha feature gate MutableCSINodeAllocatableCount introduced
• Swap capacity to be reported as part of node.status.nodeSystemInfo
• Quota support for PVC with VolumeAttributesClass
• UpdatePodSandboxResources CRI method
• Multi-tenancy in accessing node images via Pod API
• Storage capacity scoring added to VolumeBinding plugin
• GA feature gate PersistentVolumeLastPhaseTransitionTime removed
• Refactoring for featuregate lifecycle management script

Promotions

• InPlacePodVerticalScaling to beta
• DRAResourceClaimDeviceStatus to beta
• CoordinatedLeaderElection to beta
• TopologyAwareHints to GA
• RemoteRequestHeaderUID to beta
• SchedulerAsyncPreemption to beta
• JobSuccessPolicy to GA

Deprecated

• apidiscovery.k8s.io/v2beta1 API group is disabled by default
• gitRepo volume plugin disabled by default