Weekly GitHub Report for Kubernetes

Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.

Table of Contents

• I. News
  • 1.1. Recent Version Releases
  • 1.2. Other Noteworthy Updates
• II. Issues
  • 2.1. Top 5 Active Issues
  • 2.2. Top 5 Stale Issues
  • 2.3. Open Issues
  • 2.4. Closed Issues
  • 2.5. Issue Discussion Insights

• III. Pull Requests
  • 3.1. Open Pull Requests
  • 3.2. Closed Pull Requests
  • 3.3. Pull Request Discussion Insights

• IV. Contributors
  • 4.1. Contributors

I. News

1.1 Recent Version Releases:

The current version of this repository is v1.32.3

1.2 Version Information:

The Kubernetes version released on March 11, 2025, introduces key updates detailed in the official CHANGELOG, with additional binary downloads available. For comprehensive information on new features and changes, users are encouraged to refer to the Kubernetes announce forum and the linked CHANGELOG.

II. Issues

2.1 Top 5 Active Issues:

We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.

1. [SIG/SCALABILITY] [SIG/API-MACHINERY] [KIND/FEATURE] [PRIORITY/IMPORTANT-LONGTERM] [NEEDS-TRIAGE] Unblock enablement of the ConcurrentWatchObjectDecode by default (to fix scale issues for CRDs): This issue requests the graduation and enabling by default of the ConcurrentWatchObjectDecode feature gate to address scale issues encountered with Custom Resource Definitions (CRDs), particularly in large clusters using Kueue. The problem arises from sequential conversion of workload objects during cache warm-up, causing timeouts and API server errors, and the discussion focuses on identifying blockers, reproducing the issue in tests, and ensuring stability before moving the feature to GA.

   • The comments include acknowledgments of the issue's importance, assignment to relevant SIGs, suggestions to reproduce the problem with scalability tests in Kueue, clarifications about the feature's history and lack of a tracking KEP, concerns about potential webhook overload, and agreement on the need for thorough testing before graduating the feature gate.
   • Number of comments this week: 14

2. [KIND/BUG] [AREA/KUBELET] [SIG/NODE] [NEEDS-TRIAGE] kubelet: static pod manifest changes to command/args/volumes silently ignored — containerChanged() hash limited to name+image since PR #124220: This issue reports that changes to static pod manifests on disk—such as adding command-line flags, volumes, or volume mounts—are silently ignored by the kubelet because the container change detection logic only hashes the container name and image, causing no container restart and leaving the old configuration running. The reporter initially suspected a bug introduced by a recent PR limiting the hash fields, but after investigation and community feedback, it was found that a backup file inside the manifests directory caused conflicting pod definitions, and when removed, the changes were correctly detected and applied in test environments, suggesting no fundamental bug in kubelet’s static pod update mechanism in supported versions.

   • The comment discussion clarified that the original failure to detect static pod manifest changes was due to a backup file inside the manifests directory overriding the intended manifest, not the hashing logic; tests on kind clusters running v1.33.3 confirmed that manifest changes do take effect as expected, and the issue reporter acknowledged this, planning to close the issue after reproducing the fix without the backup file.
   • Number of comments this week: 9

3. [KIND/BUG] [SIG/NODE] [NEEDS-TRIAGE] checkpoint info doesn't removed after pod deleted: This issue reports that the device allocation information stored in the kubelet_internal_checkpoint file is not removed when a Pod is deleted, leading to stale device data persisting in the checkpoint. The reporter expects that the PodDeviceEntries in the checkpoint file should be deleted immediately after the Pod is removed to reflect the current state accurately.

   • The comments include an assignment of the issue to a contributor who successfully reproduced the problem and began working on a fix; however, it was later clarified that the checkpoint data is updated lazily and that immediate removal is not currently necessary, with the recommended method to check resource allocation being the podresources API.
   • Number of comments this week: 8

4. [KIND/BUG] [SIG/AUTH] [NEEDS-SIG] [NEEDS-TRIAGE] Kubelet sets incorrect ownerReference apiVersion "core/v1" on PodCertificateRequest, breaking garbage collection: This issue describes a bug where the kubelet incorrectly sets the ownerReference.apiVersion to "core/v1" instead of "v1" on PodCertificateRequest objects, causing the Kubernetes garbage collector to fail in cleaning up these objects when their owning Pods are deleted. This misconfiguration leads to errors in the garbage collector logs and prevents automatic cleanup, with a suggested workaround involving patching the owner reference externally until a fix is implemented.

   • The comments include a suggestion to fix the issue by changing the API version string in the kubelet source code, a plan to add tests, offers of help, and assignment of the issue to a contributor willing to submit a patch.
   • Number of comments this week: 7

5. [SIG/API-MACHINERY] [TRIAGE/ACCEPTED] +k8s:zeroValueAllowed proposal: This issue proposes the addition of a +k8s:zeroValueAllowed tag to Kubernetes Declarative Validation to allow certain required fields of type int or string to accept zero values (like 0 or "") while still enforcing their presence in requests. This aims to address legacy cases where zero values are meaningful and valid, such as exit codes or node status identifiers, by modifying validation behavior without breaking existing server-side rules.

   • The comments show acceptance of the proposal and include discussions about potentially inferring zero-value allowance from minimum value tags instead of an explicit tag, the implications of required versus optional fields in validation, and consensus that fields allowing zero values should be marked optional to ensure correct validation behavior, with plans to adjust existing fields and add linting rules to enforce these conventions.
   • Number of comments this week: 7

2.2 Top 5 Stale Issues:

We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.

As of our latest update, there are no stale issues for the project this week.

2.3 Open Issues

This section lists, groups, and then summarizes issues that were created within the last week in the repository.

Issues Opened This Week: 58

Summarized Issues:

• Kube-API-Linter Enablement and Issues: Multiple issues cover enabling the optionalorrequired linter for various Kubernetes API groups as part of ongoing efforts to activate existing kube-api-linter rules, requiring addressing numerous existing issues per API group. Additional linters such as maxlength, requiredfields, uniquemarkers, dependenttags, preferredmarkers, defaultorrequired, minlength, references, and defaults are also discussed, with some not yet ready due to dependencies or missing declarative validation support.
• [issues/136857, issues/136858, issues/136859, issues/136860, issues/136861, issues/136862, issues/136863, issues/136864, issues/136865, issues/136866, issues/136867, issues/136869, issues/136870, issues/136871, issues/136872, issues/136873, issues/136874, issues/136875, issues/136876, issues/136877, issues/136878, issues/136879, issues/136880, issues/136881, issues/136882, issues/136883, issues/136884]

• Kubelet and Pod Certificate/Garbage Collection Issues: There are problems with kubelet setting incorrect ownerReference apiVersion on PodCertificateRequest objects, causing garbage collector failures, and with nodeinfomanager failing to reconcile CSINode ownerReference when a Node is replaced, leading to volume attachment failures. These issues result in improper cleanup and resource management affecting pod lifecycle and volume attachments.
• [issues/136890, issues/136899]

• Kubelet Static Pod Manifest and Backup File Processing: The kubelet reads all non-hidden files in the static pod manifest directory without filtering by file extension, causing backup or non-manifest files to be processed silently. This behavior can override intended pod configurations and lead to unexpected, difficult-to-debug issues.
• [issues/136962]

• Flaking and Failing Tests in Kubernetes: Several tests intermittently fail or flake, including the Pod InPlace Resize Container test with guaranteed QoS, the kubelet TestUpdateExistingNodeStatus due to race conditions and file descriptor leaks, and the integration test TestWebhookConversion_WhitespaceCABundleEtcdBypass. These flaking tests cause instability and unreliable test results in the Kubernetes test suite.
• [issues/136906, issues/136972, issues/136978]

• Pod and Container Restart and Lifecycle Bugs: A bug introduced in Kubernetes v1.35 causes pods with multiple containers to fail restarting a crashed application container, leaving pods in an Error state indefinitely. Additionally, the DaemonSet controller fails to recreate Pods if their initial creation is interrupted and they enter a terminating state before readiness, resulting in fewer Pods than desired.
• [issues/136910, issues/136932]

• Kubernetes API Server and Conversion Webhook Bugs: The kube-apiserver removes all managedFields from objects when the conversion webhook is unavailable and multiple apiVersions are present, causing data loss instead of returning an error. Also, the Cronjob controller fails to specify the namespace when retrieving existing jobs, resulting in 404 errors from the API server.
• [issues/136919, issues/136918]

• Metrics and Storage Factory Issues: The metrics monitor getter set by DefaultStorageFactory is overwritten by SimpleStorageFactory, causing etcd storage metrics overrides to not appear correctly. Additionally, cleanup of the storage factory builder code is needed as storage version calculation is now automatic, removing the need for explicit map additions.
• [issues/136850, issues/136994]

• Kubelet Image Pull Credential Verification Bug: The kubelet's image pull credential verification feature fails to properly verify credentials for preloaded images, allowing pods without necessary secrets to start due to mismatches in image key lookups. This undermines security expectations around image pulling and credential validation.
• [issues/137024]

• OIDC Authentication Error and Observability Issues: Configuring Kubernetes API server authentication with OIDC and the --oidc-username-claim=email flag results in an unhelpful "invalid bearer token" error when the token's "email_verified": false claim is present. This causes poor error observability and documentation gaps about this requirement.
• [issues/136887]

• Declarative Validation Enhancements and Zero Value Allowance: A proposal to add a +k8s:zeroValueAllowed tag to Kubernetes Declarative Validation aims to allow required fields of type int or string to accept zero values while enforcing their presence. This addresses cases where zero values are meaningful and facilitates smoother API migrations without breaking validation rules.
• [issues/136897]

• Dynamic Volume Resizing Feature Request: There is a request to enable dynamic resizing of memory-backed volumes without requiring container restarts, supporting use cases like the Ray autoscaler's in-place pod memory upsizing to also adjust the size of its object store volume. This feature would improve flexibility and resource management for workloads requiring dynamic volume size changes.
• [issues/136999]

• ResourceSlice Controller Enhancement for Node Reconciliation: A proposal suggests adding an option to the ResourceSlice controller to enable per-node reconciliation of network-shared resources by allowing node-owned ResourceSlices without setting Spec.NodeName. This supports NodeSelector-based scheduling and prevents controller conflicts in scenarios like USB device sharing across nodes.
• [issues/137011]

• Kubernetes Upgrade and Change Log Visibility Improvement: There is a request to clearly highlight critical or breaking changes in update and upgrade change logs, especially urgent upgrade notes, to improve their visibility and understanding for users. This aims to reduce upgrade risks and improve communication.
• [issues/137005]

• Informer Configuration and Feature Gate Enablement Requests: Requests include adding configuration options for reflector backoff and watch timeout in client-go's SharedInformerFactory and unblocking the default enablement of the ConcurrentWatchObjectDecode feature gate to improve scalability and startup performance for large clusters.
• [issues/136943, issues/136950]

• Kubernetes Versioning and Go Module Directive Suggestion: A suggestion is made to omit the patch version in Kubernetes' go directives in go.mod files, leveraging Go 1.23's capability to specify versions like go 1.25 instead of go 1.25.0. This would better align with Go's internal version comparison and improve downstream project compatibility.
• [issues/137027]

• Kubernetes Integration Test and Feature Gate Issues: An integration test for dynamic resource allocation fails when setting a PreAlpha feature gate at emulated version 1.33 due to missing allocators, requiring workarounds to disable beta features for stable allocators at higher versions. This causes test errors and complicates feature gate management.
• [issues/137007]

• Device Allocation Checkpoint Staleness: The device allocation information stored in the kubelet_internal_checkpoint file is not removed after Pod deletion, leading to stale device entries remaining in checkpoint data. This can cause resource tracking inaccuracies and potential allocation conflicts.
• [issues/137010]

• DeepDerivative Function Bug in apimachinery: The DeepDerivative function fails to detect removal of trailing items from slices, causing controllers relying on it to miss updates when slice items are removed from the end. This leads to incorrect controller behavior and missed state changes.
• [issues/136991]

2.4 Closed Issues

This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.

Issues Closed This Week: 11

Summarized Issues:

• Load Test Failures and Latency Issues: Multiple issues report failures and high latency in load testing scenarios, particularly involving the ec2-master-scale-performance job and AWS KOPS Load Test. These failures are linked to slow DELETE requests on events and exceeding latency service level objectives during large-scale node tests, causing test flakes and performance degradation.
• issues/135737, issues/136916

• Kube-proxy Stability and Log Spamming: There are problems with kube-proxy related to topology-aware hints not excluding not ready endpoints, which leads to excessive log spamming when pods crash or error. Additionally, kube-proxy crashes repeatedly in nftables mode on newer nftables versions due to segmentation faults caused by existing nftables sets, disrupting container networking.
• issues/136742, issues/136786

• Test Flakes and Failures in Kubernetes Components: Several flaky or failing tests are reported, including pod startup failures due to admission errors in DynamicResourceAllocation tests and intermittent failures of the kubectl logs command to retrieve logs from all containers in multi-pod deployments. These flakes impact reliability and test stability.
• issues/136696, issues/136948

• API and Client-go Improvements: One issue focuses on replacing the deprecated BackoffManager with DelayFunc in client-go's Reflector to remove deprecated API usage and enable better cancellation and customization of backoff strategies, improving client reliability and maintainability.
• issues/136823

• Security Tooling Failures: Running the govulncheck tool against Kubernetes with Go 1.25.0 results in consistent internal errors related to type-checking failures, preventing successful vulnerability scanning and impacting security auditing workflows.
• issues/136841

• Pod Readiness and Health Check Enhancements: A feature request proposes a controller to update pod status fields based on configurable health checks against cluster or external resources, allowing platform administrators to declaratively manage readiness gates without requiring user application changes or custom controllers.
• issues/136922

• Endpoint Availability and Timeout Issues: The stable.txt endpoint for Kubernetes releases experienced timeouts and failed to provide the stable version number as expected, although other endpoints worked correctly. This issue was mitigated and resolved with ongoing synthetic tests to prevent recurrence.
• issues/136936

• Undocumented or Poorly Described Test Cases: One test case has multiple comments and acknowledgments but lacks a detailed description, indicating incomplete issue documentation and potential difficulty in addressing the problem.
• issues/137014

2.5 Issue Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.

III. Pull Requests

3.1 Open Pull Requests

This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Opened This Week: 100

Key Open Pull Requests

1. Add placement generation logic to the workload scheduling cycle: This pull request adds the placement generation logic to the workload scheduling cycle by running placement generator plugins to produce placements, iterating over these placements to determine feasibility, and setting the groundwork for future scoring implementation within Kubernetes' topology-aware workload scheduling framework.

• URL: pull/136944

• Associated Commits: 2cf8b, 2d643, 1333a, 9df9d, 033e2, 026b9, f07ca, e943f, 4721a, 130ee, 97af9, cd369, 151c7, 3ec0a, 3b2e1, e0a41, 0f4e6

2. Feat: DRA make reconcile period configurable: This pull request makes the reconciliation period for the Dynamic Resource Allocation (DRA) manager configurable by adding a --dra-manager-reconcile-period flag and corresponding configuration field to the kubelet, with a default value of 60 seconds, and updates unit tests accordingly.

• URL: pull/136946

• Associated Commits: f3842, 494ff, 805f8, 12f18, 46eb6, 4f522, 85a4c, 3d92f, 2c018, 366cf, d2ff7, 45d15

3. AtomicWriter (Windows): normalize & harden payload path validation: This pull request normalizes and hardens the validation of payload paths in the AtomicWriter component on Windows by rejecting any non-empty volume absolute or rooted paths, including malformed segments, to prevent unintended path traversal or writes outside the intended target directory, with verification through Windows CI tests confirming early rejection of unsafe paths.

• URL: pull/136926

• Associated Commits: cf93f, ede58, 2fa8c, 581cb, c9a9f, 35bbc, 0405d, b3222, 4e74d, db580

Other Open Pull Requests

• Workload and PodGroup API Integration and Scheduling Enhancements: Multiple pull requests focus on integrating Workload and PodGroup APIs with the Kubernetes Job controller to support gang-scheduling, including API updates, scheduler code changes, and a new protection controller. Additionally, improvements to scheduler_perf testing tools and template functions facilitate pod group-based testing and benchmarking.
• [pull/137032, pull/136979, pull/136974]

• ResourceClaims and Dynamic Resource Allocation (DRA) Features: Several pull requests implement KEP-5729 and KEP-5677 by adding support for ResourceClaims in workloads and introducing a new alpha ResourcePoolStatusRequest API for querying DRA resource pool availability. These changes include API updates, feature gates, lifecycle management groundwork, and enhanced visibility into device allocation before workload submission.
• [pull/136989, pull/136989]

• Feature Promotion and Metrics Stability: Pull requests promote the DRAPrioritizedList feature to GA and upgrade several storage encryption and webhook-related metrics from alpha to beta status. These promotions improve feature maturity and metric stability for better usability and monitoring.
• [pull/136924, pull/137031, pull/136892]

• API Validation and Immutability Enhancements: Multiple pull requests add or migrate declarative validation markers such as k8s:minLength and +k8s:immutable to enforce minimum string lengths and immutability on fields like Secret.Type and CSIDriver.Spec.AttachRequired. They also enable the optionalorrequired linter for RBAC and resource API groups by explicitly marking fields as required or optional.
• [pull/136996, pull/136853, pull/136894, pull/136965]

• Testing Improvements and Reliability Enhancements: Several pull requests add stress tests for volume group functionality, improve end-to-end tests for restart actions and network failure simulations using nftables, and fix issues in ReplicaSet controller backoff handling to reduce pod creation stalls. These changes enhance test coverage and system robustness.
• [pull/136845, pull/136961, pull/136935, pull/136853]

• Client and Server Behavior Improvements: Pull requests extend detection and rejection of unsupported Table format resources in client-go, switch server images to use a go-runner compatible binary for faster patching, and tighten context flow and linting configurations in kubelet podworkers. These updates improve client-server interactions and maintainability.
• [pull/136900, pull/136937, pull/136954]

• CRI Streaming RPCs and Release Management: One pull request implements KEP-5825 by adding server-side streaming RPCs to CRI RuntimeService and ImageService to bypass gRPC message size limits, controlled by a feature gate. Another pull request removes support for the end-of-life release-1.32 branch as part of release management cleanup.
• [pull/136980, pull/136987]

• Test Code Organization: A pull request moves the unit test for ParseQOSReserved from one test file to another to better align with the function's implementation location, improving code organization.
• [pull/136990]

3.2 Closed Pull Requests

This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Closed This Week: 58

Key Closed Pull Requests

1. enable optionalorrequired for admission API group: This pull request aims to enable the optionalorrequired linter for the admission API group by adding missing +required markers to admission API types and removing the admission group from the linter exception list, thereby ensuring that the Admission API OpenAPI schemas correctly mark required fields without changing behavior.

• URL: pull/137025

• Associated Commits: 6df6f, 088b7, e2c67, b3012, 0303f, a7596, fdb6c, 63eda, 5526a, cf982, 2f7a3, 3d94c, f6d55, 86520, f2ea4, 544b2, ba971, 705b7, 5de1e, f673a, 5cde2, 03ced, 4013a, 8ff6c, ec578, c1185, ce17e, 5bc40, 623d8, f6edf, 0a3a9, 0427e, cdb65, e1cf7, a18b4, 06b4b, fb2db, e2484, 8e5b8, f9a22, 49560, 1d52a, 6eb05, ba582, 78df8, c272b, 8221e, 49a6f, 1d221, 1db7b, 90725, 4fb11, 4ffc2, 16146, 99924, a0d75, d208e, 1b742, 83e93, 57e2e, 92fa0, fa0ba, 5b80b, fb4a5, 2ee4e, f37eb, 4b1e5, 82faf, 8974a, 99b10, ac344, c9a6b, 7bc31, 0fe3a, d4dde, ac0b5, ffd1e, a1b2f, 09587, 6ed92, d5f3d, da3e8, fa4ee, 66bdc, 908d7, 073ee, 7b8ee, b5026, c197e, fbf96, 61db2, 86c39, b98ff, 583be, 06fee, 3f95f, 38a27, e2f4c, 50aa7, 9324b, 643e7

• Associated Commits: 6df6f, 088b7, e2c67, b3012, 0303f, a7596, fdb6c, 63eda, 5526a, cf982, 2f7a3, 3d94c, f6d55, 86520, f2ea4, 544b2, ba971, 705b7, 5de1e, f673a, 5cde2, 03ced, 4013a, 8ff6c, ec578, c1185, ce17e, 5bc40, 623d8, f6edf, 0a3a9, 0427e, cdb65, e1cf7, a18b4, 06b4b, fb2db, e2484, 8e5b8, f9a22, 49560, 1d52a, 6eb05, ba582, 78df8, c272b, 8221e, 49a6f, 1d221, 1db7b, 90725, 4fb11, 4ffc2, 16146, 99924, a0d75, d208e, 1b742, 83e93, 57e2e, 92fa0, fa0ba, 5b80b, fb4a5, 2ee4e, f37eb, 4b1e5, 82faf, 8974a, 99b10, ac344, c9a6b, 7bc31, 0fe3a, d4dde, ac0b5, ffd1e, a1b2f, 09587, 6ed92, d5f3d, da3e8, fa4ee, 66bdc, 908d7, 073ee, 7b8ee, b5026, c197e, fbf96, 61db2, 86c39, b98ff, 583be, 06fee, 3f95f, 38a27, e2f4c, 50aa7, 9324b, 643e7

2. KEP-5073: Declarative Validation Lifecycle Update: This pull request implements a stability-based lifecycle for declarative validation by introducing alpha, beta, and stable validation tags, transitions the Scheduling Workload v1alpha1 API to use explicit declarative enforcement under this new model, enhances testing to ensure no regressions during migration, and improves legacy support to maintain consistent validation behavior across Kubernetes versions.

• URL: pull/136793

• Associated Commits: 18607, 24267, 60fa5, 092b4, 01fd8, 0d1c8, d57cd

• Associated Commits: 18607, 24267, 60fa5, 092b4, 01fd8, 0d1c8, d57cd

3. WIP: Deprecate the CustomCPUCFSquota feature gate, not the feature: This pull request deprecates the CustomCPUCFSQuotaPeriod feature gate in Kubernetes—originally introduced without a formal design process as a safeguard toggle—while retaining the underlying feature, and includes updates to unit tests and new end-to-end test coverage to support this change.

• URL: pull/136339

• Associated Commits: 2fc7d, f7b48, 54c64, 04f4b, 528b8, ddd41

• Associated Commits: 2fc7d, f7b48, 54c64, 04f4b, 528b8, ddd41

Other Closed Pull Requests

• Declarative Validation Enhancements: Multiple pull requests introduce and refine declarative validation in Kubernetes API definitions, including state-based (modal) validation with +k8s:discriminator and +k8s:member tags, migration of specific fields like HorizontalPodAutoscalerSpec.MinReplicas and CrossVersionObjectReference to declarative validation, and removal of the initial +k8s:declarativeValidationNative implementation to consolidate validation under newer tags. These changes improve validation flexibility, enforce consistency, and optimize update validations across the API surface.
  • pull/136896, pull/136998, pull/136584, pull/136953

• Go Version and Build Improvements: Updates include upgrading the Go version to 1.24.13 for core binaries, decoupling kube-cross versioning for easier patching, and moving the go-runner component back into the Kubernetes repo to enable on-demand building with .go-version. These changes streamline the build process, improve security with the latest CVE fixes, and enhance image patching efficiency.
  • pull/136756, pull/136930

• API Field Annotations and Validation Consistency: A pull request adds missing // +required and // +optional markers to all fields in the authorization API group and removes it from the linter exception list, ensuring proper annotation and improved validation consistency. This enforces stricter API field validation going forward.
  • pull/136955

• Bug Fixes in Core Components: Several fixes address bugs including a cpuRequest pointer correction in kubelet, a data race fix in the apiserver CEL openapi resolver by copying schemas before modification, and a scheduler DRA manager bug where shared device IDs were not initialized properly. These fixes improve stability and correctness in critical Kubernetes components.
  • pull/136671, pull/136802, pull/136734, pull/136719

• Pod Certificates API Update: A new spec.stubPKCS10Request field is added to the pod certificates beta API to support PKCS#10 certificate signing requests, deprecating older fields and migrating all in-tree usages to the new field. This improves compatibility with existing certificate authority software.
  • pull/136729

• Code Quality and Linting Improvements: Enabling the modernize/slicessort linting rule by replacing sort.Slice with slices.Sort improves code consistency and maintainability.
  • pull/136775

• TLS Configuration Enhancements: Missing TLS configuration flags are added to webhook serving options in the cloud-provider module, allowing operators to configure TLS settings independently for webhook endpoints, mirroring existing secure serving endpoint flags. This enhances security configuration flexibility.
  • pull/136816

• OpenTelemetry Dependency Updates: Multiple OpenTelemetry dependencies are updated to their latest versions, incorporating new features, performance improvements, bug fixes, semantic convention upgrades, and removal of deprecated APIs, including unpinning the otelgrpc module to fix a nil TracerProvider panic.
  • pull/136820

• Device Plugin and Scheduler Improvements: Refactoring device plugin deployment code fixes test flakiness by improving resource allocation and cleanup, while the DRA scheduler plugin is optimized by splitting ResourceSlices to reduce scheduling latency significantly in large-scale scenarios.
  • pull/136905, [pull/136588](https://github.com/pull/136588]

• Controller Reliability Enhancements: Tombstone handling is added for serviceaccount and attachdetach controllers to prevent missed delete events caused by relists, aligning with standard controller practices and improving reliability.
  • pull/136701

• Cloud Controller Manager Tuning: A new flag concurrent-node-status-updates is introduced, separated from concurrent-node-syncs, allowing independent tuning of node status update and sync workers while maintaining backward compatibility.
  • pull/136716

• Test Stability and Performance Improvements: Test flakiness is reduced by adding a 1-second timeout after pods are running and cleaning up duplicate log line checks, and cluster shutdown performance in e2e-gce tests is improved by parallelizing cleanup, reducing execution time significantly.
  • pull/136981, pull/136719

• Feature Gate and API Deprecation Adjustments: The CPU Idle Support feature for BestEffort QoS Pods is introduced with an Alpha feature gate disabled by default, and the deprecation of the ClusterTrustBundles v1beta1 API is delayed to version 1.37 to align with PodCertificateRequests GA promotion.
  • pull/136526, pull/136787

• Volume Driver Deprecation: The gitRepo volume driver is locked to be disabled by default with no option to enable it, following the deprecation process outlined in KEP-5040.
  • pull/136400

• Kube-proxy Stability Fix: A fix limits nftables List() operations to specific tables to prevent kube-proxy crashes caused by segmentation faults on nftables version 1.1.3 and newer, ensuring compatibility without requiring nftables patches.
  • pull/136796

3.3 Pull Request Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.

IV. Contributors

4.1 Contributors

Active Contributors:

We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.

If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.

Access Last Week's Newsletter:

• Link