Weekly GitHub Report for Kubernetes: June 16, 2025 - June 23, 2025 (12:05:24)
Weekly GitHub Report for Kubernetes
Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.
Table of Contents
I. News
1.1 Recent Version Releases:
The current version of this repository is v1.32.3
1.2 Version Information:
The version release on March 11, 2025, introduces key updates and changes to Kubernetes, as detailed in the linked changelog, with additional binary downloads available for users. Notable highlights or trends from this release can be found in the Kubernetes announcement forum and the comprehensive changelog documentation.
II. Issues
2.1 Top 5 Active Issues:
We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.
-
[Umbrella] KEP-5278: Nominated node name for an expected pod placement: This issue is focused on gathering all the necessary requirements for the beta release of KEP-5278, which involves the nominated node name for expected pod placement in Kubernetes. It includes a checklist of related issues that need to be addressed before the code freeze deadline on July 25, 2025.
- The comments discuss task assignments and collaboration among contributors, with one user expressing interest in participating and being advised on which tasks to take. Another user offers to work on multiple issues, while others coordinate to ensure tasks are not duplicated, with some users confirming their progress and willingness to share tasks.
- Number of comments this week: 7
-
Large resourceVersion parameter returns 500 error: This issue describes a problem in the Kubernetes project where a GET request to the storage classes API with a large
resourceVersionandlimitparameter results in a 500 error, instead of the expected 504 error. The user expects the API server to handle unrecognized resource versions by timing out with a 504 error, but instead, it returns a 500 error with a message indicating a future revision issue.- The comments discuss attempts to reproduce and understand the issue, with one contributor initially expressing interest in tackling the problem. They share insights and test results, noting that removing the
limitparameter results in the expected 504 error. Another contributor suggests that thelimitparameter might be causing the request to hit etcd instead of the internal watch cache, leading to different error handling. Further investigation and testing are planned before opening a pull request, with a suggestion to coordinate with other contributors for a consistent fix. - Number of comments this week: 6
- The comments discuss attempts to reproduce and understand the issue, with one contributor initially expressing interest in tackling the problem. They share insights and test results, noting that removing the
-
Proposal: Kubelet to add a preset label for Swap enabled nodes: This issue proposes adding a preset label to Kubernetes nodes with swap enabled, allowing administrators to target pods that require swap for scheduling on specific nodes. The proposal suggests that this label would complement existing swap scheduling improvements and enhance the monitoring and filtering of nodes provisioned with swap.
- The comments discuss the existence of a similar label in the Node Feature Discovery (NFD) tool, questioning the necessity of the proposed feature. Some participants express concerns about relying on NFD, as it reflects hardware state rather than Kubernetes configuration and could impose an external dependency for a core feature.
- Number of comments this week: 4
-
[Flaking Test][sig-node] node-conformance-crio-cgroup{v1,v2} - spurious segmentation fault causing test failures: This issue reports a flaking problem in the release-blocking crio tests due to a segmentation fault that occurs randomly, causing test failures. The problem has been linked to a specific stack trace in the crio binary, and the issue is being tracked with several related issues for further investigation.
- The comments highlight the critical urgency of the issue, with suggestions for investigation and triage. The crio team is actively working on the problem by enabling debug symbols in the binary and updating the test infrastructure to track down the crash.
- Number of comments this week: 4
-
Don't delete a pod completely while preempting not bound yet pod: This issue addresses a problem in the Kubernetes preemption algorithm where a pod that is not yet bound can be unnecessarily deleted, leading to redundant API calls and the need to recreate the pod. The proposed solution suggests improving the handling of such scenarios to avoid these inefficiencies, particularly when a pod is in the PreBind phase waiting for volume attachment or other dependencies.
- The comments discuss potential improvements to the preemption logic, such as checking if victim pods are assumed and using
ForgetPod()to avoid unnecessary API calls. There is also a suggestion to check for non-complete bindings after a scheduler restart and to revert actions taken during pre-bind. An existing issue related to non-complete bindings is mentioned, highlighting the need for better handling of these scenarios. - Number of comments this week: 3
- The comments discuss potential improvements to the preemption logic, such as checking if victim pods are assumed and using
2.2 Top 5 Stale Issues:
We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.
- apimachinery resource.Quantity primitive values should be public for recursive hashing: This issue addresses the need for the primitive values within the
apimachineryresource.Quantitystruct to be made public to facilitate recursive hashing by libraries such ashashstructure, which is currently hindered by these values being private. The lack of public access to these values affects projects likekubernetes-sigs/karpenter, which rely on hashing to detect changes in Custom Resource Definitions (CRDs) for managing resource allocation, leading to inefficiencies and the need for workaround solutions. - APF borrowing by exempt does not match KEP: This issue highlights a discrepancy between the Kubernetes Enhancement Proposal (KEP) and its implementation regarding how the exempt priority level borrows from other levels in the Kubernetes API Priority and Fairness (APF) system. Specifically, the KEP outlines a distinct formula for calculating the minimum concurrency limit for exempt levels, which is not reflected in the current implementation, leading to potential inconsistencies in resource allocation.
- Zone-aware down scaling behavior: This issue addresses a problem with zone-aware downscaling behavior in Kubernetes, where during scale-in operations, there is an imbalance in pod distribution across zones despite using a topology spread constraint with
maxSkew: 1. The user reports that during nighttime scale-ins, the system sometimes leaves only one pod in a zone while others are distributed across two zones, leading to high CPU usage in the underpopulated zone, which contradicts the expected behavior of maintaining a balanced distribution with at most a+/- 1pod difference per zone. - apimachinery's unstructured converter panics if the destination struct contains private fields: This issue describes a problem with the
DefaultUnstructuredConverterin the Kubernetesapimachinerypackage, where it panics when attempting to convert an unstructured object to a structured object if the destination struct contains private fields. The panic occurs because the converter tries to set values on non-exported fields, which is not allowed in Go, and the user expects the converter to ignore these private fields instead of causing a panic. - Jsonpath impl does not support left match regex: This issue is about the lack of support for the
=~operator in jsonpath filter expressions within a GitHub project, which prevents users from performing left match regex operations. The addition of this feature would allow users to efficiently locate resources by matching patterns, such as identifying items whose descriptions start with a specific string, thereby simplifying resource management in systems with numerous resources.
2.3 Open Issues
This section lists, groups, and then summarizes issues that were created within the last week in the repository.
Issues Opened This Week: 36
Summarized Issues:
- Kubernetes Enhancement Proposal (KEP) 5278: This topic involves multiple issues related to the implementation and testing of KEP-5278, which focuses on the nominated node name for expected pod placement. The issues cover various aspects such as feature requests, integration tests, and manual testing processes, highlighting the collaborative efforts among contributors to ensure the proposal's successful deployment.
- Flaking Tests in Kubernetes: Several issues report flaking tests across different modules in the Kubernetes project, causing intermittent failures and affecting the reliability of the testing process. These issues highlight the need for consistent test environments and the challenges in maintaining test stability, especially in critical components like the API server and node conformance tests.
- Resource Management and Scheduling: This topic covers issues related to resource management and scheduling in Kubernetes, including proposals for new features like a runtime-level overcommit model and improvements to existing mechanisms such as LimitRange and preemption algorithms. These discussions aim to enhance resource allocation efficiency and ensure consistent scheduling across various workloads.
- API Server and Controller Issues: Multiple issues address bugs and inefficiencies in the Kubernetes API server and controllers, such as incorrect error responses and failure to clean up resources. These problems can lead to unexpected behavior and increased operational complexity, necessitating careful debugging and patching to maintain system reliability.
- Testing and Debugging Challenges: Issues in this category highlight the challenges faced in testing and debugging Kubernetes components, such as failing tests due to setup errors or segmentation faults. These issues underscore the importance of robust testing frameworks and the need for detailed logging and debugging tools to identify and resolve underlying problems.
- Configuration and Feature Proposals: This topic includes discussions on proposed changes to Kubernetes configurations and features, such as standardizing plugin support and relaxing immutability constraints on resource requests. These proposals aim to improve system flexibility and portability, addressing current limitations and enhancing user experience.
- Garbage Collection and Resource Cleanup: Issues related to garbage collection and resource cleanup in Kubernetes highlight inefficiencies and incorrect configurations that can lead to resource wastage and operational challenges. These discussions focus on optimizing garbage collection parameters and ensuring proper resource management to prevent unnecessary overhead.
- Node and Pod Management: This topic covers issues related to node and pod management in Kubernetes, including proposals for better taint management during node shutdown and enhancements to pod startup probes. These improvements aim to optimize pod scheduling and readiness, reducing unnecessary retries and improving overall system performance.
- Code and Script Issues: Several issues address problems in Kubernetes code and scripts, such as incorrect path resolution in scripts and inconsistencies in feature documentation. These issues highlight the need for thorough code reviews and documentation updates to ensure clarity and prevent errors during development and deployment.
- Custom Resource and Discovery Issues: This topic includes issues related to custom resources and discovery in Kubernetes, such as errors when changing CRD scopes and discovery cache problems. These challenges emphasize the importance of accurate resource management and the need for reliable discovery mechanisms to support dynamic environments.
2.4 Closed Issues
This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.
Issues Closed This Week: 8
Summarized Issues:
- E2EKubeadm suite CRI annotation failure: The E2EKubeadm suite in Kubernetes is experiencing test failures due to the absence of the CRI annotation key "kubeadm.alpha.kubernetes.io/cri-socket." This missing annotation is causing multiple tests to fail, highlighting a critical issue in the test suite's configuration.
- Flaky test in "DeviceTaintRule evicts pod": A flaky test in the Kubernetes project related to the "DeviceTaintRule evicts pod" feature is failing due to an operation on a pod object that cannot be fulfilled because the object has been modified. This suggests the need for a retry loop to address the problem and ensure test reliability.
- Etcd 3.6.1 binary build failure: The build process for the etcd 3.6.1 binary is failing due to a change in the location of the build script from
./build.shto./scripts/build.sh. This results in incorrect versioning for non-amd64 platform images, which still report version 3.5.21 instead of the intended 3.6.1.
- Orphan Pod index modification: There is a need to modify the orphan Pod index in Kubernetes to use a namespace-based indexing system rather than a global key. This change aims to prevent unnecessary cross-namespace queries, maintain expected semantics for downstream consumers, and improve query performance.
- Kubernetes upgrade kubelet configuration error: During the Kubernetes upgrade process from version 1.30.x to 1.31.x, users are unable to modify the kubelet configuration due to errors related to the "evictionPressureTransitionPeriod" and "kind" keys being already set. Additionally, the "system-reserved" field is unknown, despite attempts to remove the kubelet config file.
- Deprecated package replacement in Kubernetes: The Kubernetes codebase is undergoing changes to replace the deprecated package 'k8s.io/utils/pointer' with 'k8s.io/utils/ptr.' This effort is part of a larger initiative to remove over 150 instances of deprecated imports, making the client-go library lighter and easier to consume.
- Environment variable deletion with
kubectl apply: An issue has been identified where applying a YAML file withkubectl applyresults in the unexpected deletion of an environment variable. A fix intended to rename a duplicate variable inadvertently removed both the renamed duplicate and the correct variable due to a flaw in the diff calculation logic.
- CRI-O image garbage collector panic: A bug in the CRI-O image garbage collector within an OpenShift cluster causes it to panic with a "fatal error: concurrent map writes" under conditions of DiskPressure. This prevents the garbage collector from safely managing and deleting unused images as expected.
2.5 Issue Discussion Insights
This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.
Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.
III. Pull Requests
3.1 Open Pull Requests
This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.
Pull Requests Opened This Week: 50
Key Open Pull Requests
1. WIP: DRA kubelet connection monitoring: This pull request focuses on enhancing the DRA (Device Resource Allocation) kubelet connection monitoring by simplifying plugin creation and connection handling, adding connection monitoring to ensure ResourceSlices are removed when plugins become unresponsive, utilizing TimedWorkersQueue for more efficient code, fixing linter warnings and test failures on Windows, and expanding e2e tests to include different socket configurations for more robust testing.
- URL: pull/132325
- Merged: No
2. KEP-5311 Relaxed validation for Services names: This pull request introduces a new feature in Kubernetes that relaxes the validation rules for Service names by implementing the RelaxedServiceNameValidation feature gate, allowing Service names to be validated using the NameIsDNSLabel() function, and includes various tests to ensure the correct behavior of this feature.
- URL: pull/132339
- Merged: No
3. Enable Declarative Validation for CertificateSigningRequest: This pull request introduces declarative validation for the CertificateSigningRequest API in Kubernetes by enabling the validation-gen tool for the certificates v1, v1alpha1, and v1beta1 groups, updating the CertificateSigningRequest strategy to incorporate generated validation code, and adding a comprehensive test suite to ensure the accuracy and consistency of the declarative validation process.
- URL: pull/132361
- Merged: No
Other Open Pull Requests
- Golangci-based linter and update script: This pull request introduces a golangci-based linter and an update script to ensure the correct ordering of variables and constants in various files for long-term maintainability. It specifically targets feature gates in multiple Kubernetes project files and includes a commit that sorts these files to ensure a clean linter run.
- New metrics and tests: This pull request introduces a new
container_swap_limit_bytesmetric to the Kubernetes project, which reports the calculated swap limit for each container. Additionally, a new end-to-end test for checking the metadata informer is introduced, enhancing the project's feature set.
- PodDisruptionBudget controller update: This pull request addresses a race condition in the PodDisruptionBudget (PDB) controller by updating its logic to ignore terminating pods with a DeletionTimestamp. This change prevents errors and ensures robust disruption logic, especially in scenarios where the pod's controller has already been deleted.
- FlowSchema and Authorization enhancements: This pull request introduces a feature to enhance the FlowSchema.spec.rules.subjects by allowing them to support matching rules based on the userAgent in requests. Additionally, the Authorization filter is modified to return a 401 status code for Unauthorized errors, ensuring proper error propagation.
- API and feature gate updates: This pull request addresses a bug by adding missing tags to the AdminAccess API Type for API versions v1beta1 and v1beta2. It also promotes the
TracingConfigurationandKubeletTracingfeature gates to General Availability (GA), allowing for more stable and reliable tracing configurations.
- Pod resize and recovery tests: This pull request introduces a feature that prioritizes pod resize requests based on priorityClass and QoS class when there is insufficient space on a node. Additionally, recovery tests are moved, and extra validations for newer resizing-related fields are added.
- Priority queue and documentation updates: This pull request introduces a new feature related to implementing or enhancing a priority queue in the Kubernetes project. It also enhances the Kubernetes documentation by adding a missing step for building Kubernetes in Docker.
- Data race and regression fixes: This pull request addresses a data race issue in the APIServerTracing integration test by ensuring the
errvariable is not shared between goroutines. Additionally, a regression fix is cherry-picked to address a fallback issue in version 1.33.
- Podresources API and helper function: This pull request aims to improve the clarity of the podresources API feature label in end-to-end tests. It also introduces a new helper function called
buildQuantityin the HPA controller to ensure consistent resource quantity creation.
- Metrics and cost estimation features: This pull request enhances test coverage for KEP 2837 by adding a test for
kube_pod_resource_requestandkube_pod_resource_limitmetrics. It also introduces the SizeBasedListCostEstimate feature gate to optimize the cost estimation of LIST requests.
- Contextual logging and library updates: This pull request migrates the
pkg/kubelet/certificatepackage to use contextual logging, improving code clarity and error handling. It also eliminates the use of forked versions of the goyaml.v2 and goyaml.v3 libraries.
- Error handling and library upgrade: This pull request addresses a nil-pointer panic issue and corrects typographical errors in error messages. It also updates the project to use the maintained version of
json-patch, upgrading from version 4 to version 5.
- StorageClassList and error deprecation: This pull request addresses a bug by modifying the error handling for StorageClassList queries with large resourceVersion and limit values. It also deprecates the
MessageCountMapandCreateAggregateFromMessageCountMapin theapimachinery/pkg/util/errorspackage.
3.2 Closed Pull Requests
This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.
Pull Requests Closed This Week: 31
Key Closed Pull Requests
1. apiserver/handlers/watch: stop encoding initialEventsListBlueprint: This pull request involves a cleanup in the Kubernetes project by removing the encoding of the initialEventsListBlueprint in the apiserver's watch handlers, specifically eliminating the kubernetes.io/initial-events-list-blueprint annotation from synthetic "Bookmark" events in watch stream requests, as part of a series of commits aimed at simplifying and unwiring unnecessary components in the codebase.
- URL: pull/132326
- Merged: Yes
2. Use Mock CSI Driver for MutableCSINodeAllocatableCount storage e2e test: This pull request refactors the existing MutableCSINodeAllocatableCount storage end-to-end test to utilize the Mock CSI driver, addressing issue #132263 in the Kubernetes project, and includes updates to variable names, formatting, and function names as part of a cleanup effort.
- URL: pull/132373
- Merged: Yes
3. handling the etcd 3.6+ build directory location change: This pull request addresses a bug related to the change in the build directory location for etcd version 3.6 and above, specifically fixing an issue where ARM image builds failed to compile the necessary binaries due to the updated location of the build.sh script.
- URL: pull/132395
- Merged: Yes
Other Closed Pull Requests
- Dependency Cleanup: This topic involves removing unnecessary dependencies in the Kubernetes project to improve code maintainability. One pull request eliminates the dependency of the shutdown manager on the probe manager, while another removes the dependency of the volume manager on the container runtime, both contributing to codebase cleanup.
- Testing and Bug Fixes: Several pull requests focus on testing and bug fixes to enhance the reliability of the Kubernetes project. These include adding missing tests for feature gates, fixing concurrent map write crashes, and addressing HTTP 409 errors during Pod updates in end-to-end tests.
- Code Cleanup: Multiple pull requests are dedicated to cleaning up the Kubernetes codebase by removing unused functions, correcting test templates, and improving error clarity. These efforts aim to streamline the code and enhance maintainability.
- Feature Enhancements: A pull request introduces a new feature to create a controller that mirrors Pod IPs to IPAddress objects. This enhancement simplifies networking components by allowing them to query IP addresses directly for associated Pod information, reducing the need for large Pod object watches.
- Bug Fixes in Kubernetes Tools: Some pull requests address bugs in Kubernetes tools, such as modifying the
kubectl runcommand for Istio sidecar injection and fixing theobjectSelectorfunctionality in ValidatingWebhookConfiguration. These fixes ensure correct execution output and accurate webhook evaluations.
- Version and Configuration Adjustments: Pull requests in this category focus on adjusting configurations and handling version-specific issues. These include skipping tests for certain kubelet versions and addressing issues with Go version settings.
- Infrastructure and Build Improvements: This topic covers improvements in the build and infrastructure setup of the Kubernetes project. Pull requests include relocating build scripts and addressing issues with the Windows pause image build.
- Portworx Migration: A pull request focuses on cleaning up the Kubernetes codebase by hollowing out the in-tree implementation of Portworx. This is due to the
CSIMigrationPortworxfeature being promoted to GA, allowing for the removal of dependencies on external libraries.
- Namespace-aware Enhancements: A pull request introduces namespace-aware orphan pod indexing to improve controller performance. This enhancement is part of ongoing efforts to optimize the Kubernetes project.
- Shellcheck and Temporary Directory Adjustments: Pull requests address shellcheck issues and propose using temporary directories for operations to avoid permission errors. These changes are part of efforts to improve the development environment.
3.3 Pull Request Discussion Insights
This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.
Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.
IV. Contributors
4.1 Contributors
Active Contributors:
We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.
If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.
| Contributor | Commits | Pull Requests | Issues | Comments |
|---|---|---|---|---|
| dims | 19 | 9 | 6 | 26 |
| pohly | 10 | 2 | 5 | 21 |
| serathius | 6 | 5 | 1 | 25 |
| p0lyn0mial | 21 | 6 | 0 | 5 |
| BenTheElder | 6 | 3 | 1 | 20 |
| PatrickLaabs | 7 | 6 | 1 | 14 |
| sanposhiho | 1 | 1 | 8 | 18 |
| liggitt | 0 | 0 | 2 | 19 |
| aojea | 3 | 1 | 3 | 11 |
| thockin | 6 | 2 | 1 | 7 |