Week Ending March 8, 2026

Developer News

Next Tuesday is the monthly New Contributor Orientation. Join at one of two times to learn all about starting your contribution journey.

SIG Testing chair Brian McQueen moved to emeritus due to lack of recent activity. Thank you Brian McQueen for helping lead SIG Testing and for his contributions to the community.

We are hosting the Kubernetes Meet & Greet for Wednesday March 25th lunch at Kubecon Europe. Kubernetes contributors, as well as people interested in becoming contributors, should join us.

Release Schedule

Next Deadline: Code & Test Freeze, 19th March 2026

We’re heading into Code & Test Freeze for v1.36 next week. Make sure your feature work is wrapped up and merged before the deadline. After the freeze, only critical fixes land, and anything else will need an exception.

The March Kubernetes patch releases are delayed and now expected early next week. The cherry-pick deadline has been extended to Friday, March 13 at 5 PM PT.

Featured PRs

• #136976: Create Workload API v1alpha2

Introduces scheduling.k8s.io/v1alpha2 Workload and PodGroup APIs as part of ongoing workload-aware scheduling work. This replaces the previous v1alpha1 Workload API and updates Pods to reference scheduling groups through a new SchedulingGroup field, decoupling PodGroups from Workloads and enabling more flexible workload-level scheduling.

KEP of the Week

KEP-4828: Component Flagz

This proposal aims to improve observability, troubleshooting, and debugging for core Kubernetes components by introducing a flagz endpoint for each component. The endpoint would expose the command-line flags used to start a component, giving users real-time visibility into its active configuration and helping diagnose misconfigurations or unexpected behavior. Building on ideas from the Component Statusz KEP but introducing a dedicated endpoint, the flagz interface would allow users to dynamically inspect and understand the flags currently applied to running Kubernetes components, making it easier to detect configuration issues that could lead to instability or outages. However, the proposal does not intend to replace existing monitoring mechanisms such as metrics, logs, or traces, nor does it aim to provide information about components that are inaccessible due to network restrictions.

This KEP graduated to alpha in v1.35.

Other Merges

• Fix informer-gen to generate SetTransform calls that correctly override per-informer transforms.
• Fix kubectl describe node to correctly display resource requests and limits for pods using pod-level resources.
• v1alpha1 WebhookAdmissionConfiguration has been removed. It was deprecated in v1.17 in favor of apiserver.config.k8s.io/v1.
• Remove the dead --bounding-dirs flag and BoundingDirs field from deepcopy-gen.
• Fix incorrect behavior when using AllocationModeAll with DRA PrioritizedList that prevented the allocator from successfully allocating a claim even when devices were available.
• Direct access to the Raw field of metav1.FieldsV1 is deprecated.
• Remove misleading SuggestFor entries from kubectl wait so that it is no longer suggested when users type kubectl list or kubectl ps.
• GetPCIeRootAttributeByPCIBusID helper now accepts a fs.ReadLinkFS optional argument to be filesystem-independent.
• CRI API: A new field is added to the PullImageResponse message - image_id.
• DRA DeviceTaintRules: TimeAdded of the taint is not only added automatically, it now also gets updated automatically when changing the effect.
• When kubectl exec or kubectl logs are run with a specified container name, and no container with that name is found, kubectl now lists the names of containers that would be valid to specify.
• Ensures single-container pod can restart quickly with RestartAllContainers action.
• Preserve the logs of restarted containers for containers restarted by feature RestartAllContainers.
• Add placement-based pod group scheduling algorithm to scheduler. Its use is guarded by the TopologyAwareWorkloadScheduling feature gate.
• Add multiple conditions support to kubectl wait command.
• kubelet: if the --client-ca-file is updated while kubelet is running, the updated root certificates are now correctly used to advertise accepted authorities to TLS clients connecting to the kubelet endpoints. This behavior is guarded by the ReloadKubeletClientCAFile feature gate, which is enabled by default.
• Add the timezone field to the cronjob describe output.
• Add --detach-keys flag to kubectl attach and kubectl run, allowing detach without terminating the container.

Promotions

• DRAAdminAccess to GA
• flagz API to beta
• statusz API to beta
• Mixed Version Proxy feature gate to Beta
• SELinuxChangePolicy & SELinuxMountReadWriteOncePod to GA
• DRAConsumableCapacity to Beta
• DRAPrioritizedList to GA

Deprecated

• Remove GuaranteedQoSPodCPUResize

Version Updates

• go to 1.26.1
• go.mod to go 1.26
• go to 1.26.0

Subprojects and Dependency Updates

• CoreDNS v1.14.2: introduces the new proxyproto plugin to support Proxy Protocol and preserve client IPs behind load balancers, improves DNS logging metadata, strengthens randomness for loop detection, and fixes issues including TLS+IPv6 forwarding, CNAME rewriting behavior, ACL bypass prevention, and a Kubernetes plugin crash. The release also updates the build to Go 1.26.1 with multiple upstream security fixes.
• ingress-nginx releases: controller v1.15.0 adds improvements to template safety, annotation validation, SSL passthrough handling, and controller stability while updating dependencies and CI tooling; also controller v1.14.4 provides backported fixes and dependency updates for the 1.14 branch. Corresponding Helm chart updates include helm-chart 4.15.0, 4.14.4, and 4.13.8, aligning chart packaging with their respective controller versions.
• cloud-provider-alibaba-cloud v2.13.0: adds support for extended TLS certificates on CLB and TCPSSL listeners, introduces cross-AZ forwarding for NLB by default, and improves ENI attachment handling to prevent failures affecting other pods. It also refines internal CLB creation logic by automatically selecting an available vSwitch when none is specified.
• containerd v2.2.2: delivers a patch release with CRI improvements such as better handling of legacy registry mirror configurations, fixes for encrypted image pulls and CNI cleanup after restarts, improved runtime behavior for bind mounts and AppArmor compatibility, and multiple stability fixes including error sanitization and memory metrics handling. The release also includes dependency updates across OpenTelemetry, OAuth2, and gRPC libraries.

Shoutouts

• No shoutouts this week. Want to thank someone for special efforts to improve Kubernetes? Tag them in the #shoutouts channel.