March 6, 2025

LWKD: Week Ending March 2, 2025

Week Ending March 2, 2025

Developer News

Benjamin Elder is implementing a policy of not re-triaging some issues; comment on the PR.

We’re promoting several Kind-based test jobs to release-blocking, since they’ve shown themselves to be reliable and able to catch real issues.

Release Schedule

Next Deadline: Code Freeze and Test Freeze March 21

We’re on our final approach to Code Freeze. Topics for the Feature Blog were frozen this week. Time to wrap up your work for 1.33.

March patch release cherry-picks are due this Friday.

Featured PRs

130349: Declarative Validation: Add validation generator

This PR kicks off the implementation of Declarative Validation in Kubernetes by introducing validation-gen, a code generator that automatically produces validation logic based on structured //+ tags in types.go files. The validation system is modular, with a core set of built-in validation rules, and future PRs will expand it with additional plugins like dnsName, enum, and union. This PR also includes a robust test suite to ensure correctness across various validation scenarios.

Other Merges

• Annotations added to the APIServer audit request with auth and authz latency

• endpoints.kubernetes.io/managed-by label added to Endpoints

• Added declarative validation to scheme

• Fixes to EndpointSlice while working on new TrafficDistribution

• Tests for encoding collections in Proto

• OrderedNamespaceDeletion feature gate turned on by default

• conntrack reconciler to check the dst port

• Added DeclarativeValidation and DeclarativeValidationMismatchMetric feature gates

• E2E tests for MutatingAdmissionPolicy

• selinux to ignore pods with Recursive policy

• CEL CIDR library’s ContainsCIDR to allow non-equal addresses

• Fix for kernel version check condition in nftables proxier

• New error matcher to make writing tests easier and consistent

• New Origin field to the Error type added for use by validation tests

• Added missing increments of queue_incoming_pods_total metric in scheduling queue

• Introduced API type coordination.k8s.io/v1beta1/LeaseCandidate

• Some cleanup before pod subresource updates

• InPlacePodVerticalScaling: Moved pod resource allocation management out of the status manager

• kube-proxy nftables: Optimizations to kube-proxy restart time

• scheduler: added filter integration tests for NodePorts plugin

• Added e2e test for topology manager with restartable init containers

• Fix for a bug with starting pods with postStart hooks specified

• Volume affinity scheduling error message updated to be more intuitive

• InPlacePodVerticalScaling to never attempt a resize of windows pods and use allocated resources for unsupported resize pods

• Added a /statusz endpoint for kube-scheduler

Promotions

• RecursiveReadOnlyMounts to GA

• JobBackoffLimitPerIndex to GA

Deprecated

• GA feature gate AppArmor removed

Version Updates

• x/oauth2 to v0.27.0

• x/crypto to v0.35.0

• go.opentelemetry.io dependencies to v1.33.0/v0.58.0